install-freedombone.sh 187KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724
  1. #!/bin/bash
  2. #
  3. # .---. . .
  4. # | | |
  5. # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
  6. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
  7. # ' ' --' --' -' - -' ' ' -' -' -' ' - --'
  8. #
  9. # Freedom in the Cloud
  10. #
  11. # This install script is intended for use with Debian Jessie
  12. #
  13. # Please note that the various hashes and download archives
  14. # for systems such as Owncloud and Dokuwiki may need to be updated
  15. #
  16. # License
  17. # =======
  18. #
  19. # Copyright (C) 2014 Bob Mottram <bob@robotics.uk.to>
  20. #
  21. # This program is free software: you can redistribute it and/or modify
  22. # it under the terms of the GNU General Public License as published by
  23. # the Free Software Foundation, either version 3 of the License, or
  24. # (at your option) any later version.
  25. #
  26. # This program is distributed in the hope that it will be useful,
  27. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  28. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  29. # GNU General Public License for more details.
  30. #
  31. # You should have received a copy of the GNU General Public License
  32. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  33. #
  34. # Summary
  35. # =======
  36. #
  37. # This script is intended to be run on the target device, which
  38. # is typically a Beaglebone Black.
  39. #
  40. # To be able to run this script you need to get to a condition
  41. # where you have Debian Jessie installed, with at least one
  42. # unprivileged user account and at least one subdomain created on
  43. # https://freedns.afraid.org/. If you're not installing on a
  44. # Beaglebone Black then set the variable INSTALLING_ON_BBB to "no"
  45. #
  46. # Note on dynamic dns
  47. # ===================
  48. #
  49. # I'm not particularly trying to promote freedns.afraid.org
  50. # as a service, it just happens to be a dynamic DNS system which
  51. # provides free (as in beer) accounts, and I'm trying to make the
  52. # process of setting up a working server as trivial as possible.
  53. # Other dynamic DNS systems are available, and if you're using
  54. # something different then comment out the section within
  55. # argument_checks and the call to dynamic_dns_freedns.
  56. #
  57. # Prerequisites
  58. # =============
  59. #
  60. # You will need to initially prepare a microSD card with a Debian
  61. # image on it. This can be done using the initial_setup.sh script.
  62. #
  63. # If you are not using a Beaglebone Black then just prepare the
  64. # target system with a fresh installation of Debian Jessie.
  65. DOMAIN_NAME=$1
  66. MY_USERNAME=$2
  67. FREEDNS_SUBDOMAIN_CODE=$3
  68. SYSTEM_TYPE=$4
  69. # Are we installing on a Beaglebone Black (BBB) or some other system?
  70. INSTALLING_ON_BBB="yes"
  71. # Different system variants which may be specified within
  72. # the SYSTEM_TYPE option
  73. VARIANT_WRITER="writer"
  74. VARIANT_CLOUD="cloud"
  75. VARIANT_CHAT="chat"
  76. VARIANT_MAILBOX="mailbox"
  77. VARIANT_NONMAILBOX="nonmailbox"
  78. VARIANT_SOCIAL="social"
  79. VARIANT_MEDIA="media"
  80. SSH_PORT=2222
  81. # kernel specifically tweaked for the Beaglebone Black
  82. KERNEL_VERSION="v3.15.10-bone7"
  83. # Whether or not to use the beaglebone's hardware random number generator
  84. USE_HWRNG="yes"
  85. # Whether this system is being installed within a docker container
  86. INSTALLED_WITHIN_DOCKER="no"
  87. # If you want to run a public mailing list specify its name here.
  88. # There should be no spaces in the name
  89. PUBLIC_MAILING_LIST=
  90. # Optional different domain name for the public mailing list
  91. PUBLIC_MAILING_LIST_DOMAIN_NAME=
  92. # Directory where the public mailing list data is stored
  93. PUBLIC_MAILING_LIST_DIRECTORY="/var/spool/mlmmj"
  94. # If you want to run an encrypted mailing list specify its name here.
  95. # There should be no spaces in the name
  96. PRIVATE_MAILING_LIST=
  97. # Domain name or freedns subdomain for mediagoblin installation
  98. MEDIAGOBLIN_DOMAIN_NAME=
  99. MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE=
  100. MEDIAGOBLIN_REPO=""
  101. MEDIAGOBLIN_ADMIN_PASSWORD=
  102. # Domain name or freedns subdomain for microblog installation
  103. MICROBLOG_DOMAIN_NAME=
  104. MICROBLOG_FREEDNS_SUBDOMAIN_CODE=
  105. MICROBLOG_REPO="git://gitorious.org/social/mainline.git"
  106. MICROBLOG_ADMIN_PASSWORD=
  107. MICROBLOG_INSTALLED="no"
  108. # Domain name or redmatrix installation
  109. REDMATRIX_DOMAIN_NAME=
  110. REDMATRIX_FREEDNS_SUBDOMAIN_CODE=
  111. REDMATRIX_REPO="https://github.com/friendica/red.git"
  112. REDMATRIX_ADDONS_REPO="https://github.com/friendica/red-addons.git"
  113. REDMATRIX_ADMIN_PASSWORD=
  114. REDMATRIX_INSTALLED="no"
  115. # Domain name or freedns subdomain for Owncloud installation
  116. OWNCLOUD_DOMAIN_NAME=
  117. # Freedns dynamic dns code for owncloud
  118. OWNCLOUD_FREEDNS_SUBDOMAIN_CODE=
  119. OWNCLOUD_ARCHIVE="owncloud-7.0.2.tar.bz2"
  120. OWNCLOUD_DOWNLOAD="https://download.owncloud.org/community/$OWNCLOUD_ARCHIVE"
  121. OWNCLOUD_HASH="ea07124a1b9632aa5227240d655e4d84967fb6dd49e4a16d3207d6179d031a3a"
  122. OWNCLOUD_INSTALLED="no"
  123. # Domain name or freedns subdomain for your wiki
  124. WIKI_FREEDNS_SUBDOMAIN_CODE=
  125. WIKI_DOMAIN_NAME=
  126. WIKI_ARCHIVE="dokuwiki-stable.tgz"
  127. WIKI_DOWNLOAD="http://download.dokuwiki.org/src/dokuwiki/$WIKI_ARCHIVE"
  128. WIKI_HASH="a0e79986b87b2744421ce3c33b43a21f296deadd81b1789c25fa4bb095e8e470"
  129. WIKI_INSTALLED="no"
  130. # see https://www.dokuwiki.org/template:mnml-blog
  131. # https://andreashaerter.com/tmp/downloads/dokuwiki-template-mnml-blog/CHECKSUMS.asc
  132. WIKI_MNML_BLOG_ADDON_ARCHIVE="mnml-blog.tar.gz"
  133. WIKI_MNML_BLOG_ADDON="https://andreashaerter.com/downloads/dokuwiki-template-mnml-blog/latest"
  134. WIKI_MNML_BLOG_ADDON_HASH="428c280d09ee14326fef5cd6f6772ecfcd532f7b6779cd992ff79a97381cf39f"
  135. # see https://www.dokuwiki.org/plugin:blogtng
  136. WIKI_BLOGTNG_ADDON_NAME="dokufreaks-plugin-blogtng-93a3fec"
  137. WIKI_BLOGTNG_ADDON_ARCHIVE="$WIKI_BLOGTNG_ADDON_NAME.zip"
  138. WIKI_BLOGTNG_ADDON="https://github.com/dokufreaks/plugin-blogtng/zipball/master"
  139. WIKI_BLOGTNG_ADDON_HASH="212b3ad918fdc92b2d49ef5d36bc9e086eab27532931ba6b87e05f35fd402a27"
  140. # see https://www.dokuwiki.org/plugin:sqlite
  141. WIKI_SQLITE_ADDON_NAME="cosmocode-sqlite-7be4003"
  142. WIKI_SQLITE_ADDON_ARCHIVE="$WIKI_SQLITE_ADDON_NAME.tar.gz"
  143. WIKI_SQLITE_ADDON="https://github.com/cosmocode/sqlite/tarball/master"
  144. WIKI_SQLITE_ADDON_HASH="930335e647c7e62f3068689c256ee169fad2426b64f8360685d391ecb5eeda0c"
  145. GPG_KEYSERVER="hkp://keys.gnupg.net"
  146. # whether to encrypt all incoming email with your public key
  147. GPG_ENCRYPT_STORED_EMAIL="yes"
  148. # gets set to yes if gpg keys are imported from usb
  149. GPG_KEYS_IMPORTED="no"
  150. # optionally you can provide your exported GPG key pair here
  151. # Note that the private key file will be deleted after use
  152. # If these are unspecified then a new GPG key will be created
  153. MY_GPG_PUBLIC_KEY=
  154. MY_GPG_PRIVATE_KEY=
  155. # optionally specify your public key ID
  156. MY_GPG_PUBLIC_KEY_ID=
  157. # If you have existing mail within a Maildir
  158. # you can specify the directory here and the files
  159. # will be imported
  160. IMPORT_MAILDIR=
  161. # The Debian package repository to use.
  162. DEBIAN_REPO="ftp.us.debian.org"
  163. DEBIAN_VERSION="jessie"
  164. # Directory where source code is downloaded and compiled
  165. INSTALL_DIR=$HOME/build
  166. # device name for an attached usb drive
  167. USB_DRIVE=/dev/sda1
  168. # Location where the USB drive is mounted to
  169. USB_MOUNT=/mnt/usb
  170. # Name of a script used to create a backup of the system on usb drive
  171. BACKUP_SCRIPT_NAME="backup"
  172. # Name of a script used to restore the system from usb drive
  173. RESTORE_SCRIPT_NAME="restore"
  174. # memory limit for php in MB
  175. MAX_PHP_MEMORY=32
  176. # default MariaDB password
  177. MARIADB_PASSWORD=
  178. # Directory where XMPP settings are stored
  179. XMPP_DIRECTORY="/var/lib/prosody"
  180. # file containing a list of remote locations to backup to
  181. FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
  182. #list of encryption protocols
  183. SSL_PROTOCOLS="TLSv1 TLSv1.1 TLSv1.2"
  184. # list of ciphers to use. See bettercrypto.org recommendations
  185. SSL_CIPHERS="EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
  186. export DEBIAN_FRONTEND=noninteractive
  187. # File which keeps track of what has already been installed
  188. COMPLETION_FILE=$HOME/freedombone-completed.txt
  189. if [ ! -f $COMPLETION_FILE ]; then
  190. touch $COMPLETION_FILE
  191. fi
  192. # message if something fails to install
  193. CHECK_MESSAGE="Check your internet connection, /etc/network/interfaces and /etc/resolv.conf, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list."
  194. function show_help {
  195. echo ''
  196. echo './install-freedombone.sh [domain] [username] [subdomain code] [system type]'
  197. echo ''
  198. echo 'domain'
  199. echo '------'
  200. echo 'This is your domain name or freedns subdomain.'
  201. echo ''
  202. echo 'username'
  203. echo '--------'
  204. echo ''
  205. echo 'This will be your username on the system. It should be all'
  206. echo 'lower case and contain no spaces'
  207. echo ''
  208. echo 'subdomain code'
  209. echo '--------------'
  210. echo 'This is the freedns dynamic DNS code for your subdomain.'
  211. echo "To find it from https://freedns.afraid.org select 'Dynamic DNS',"
  212. echo "then 'quick cron example' and copy the code located between "
  213. echo "'?' and '=='."
  214. echo ''
  215. echo 'system type'
  216. echo '-----------'
  217. echo 'This can either be blank if you wish to install the full system,'
  218. echo "or for more specialised variants you can specify '$VARIANT_MAILBOX', '$VARIANT_CLOUD',"
  219. echo "'$VARIANT_CHAT', '$VARIANT_SOCIAL', '$VARIANT_MEDIA' or '$VARIANT_WRITER'."
  220. echo "If you wish to install everything except email then use the '$VARIANT_NONMAILBOX' variaint."
  221. }
  222. function argument_checks {
  223. if [ ! -d /home/$MY_USERNAME ]; then
  224. echo "There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."
  225. exit 1
  226. fi
  227. if [ ! $DOMAIN_NAME ]; then
  228. show_help
  229. exit 2
  230. fi
  231. if [ ! $MY_USERNAME ]; then
  232. show_help
  233. exit 3
  234. fi
  235. if [ ! $FREEDNS_SUBDOMAIN_CODE ]; then
  236. show_help
  237. exit 4
  238. fi
  239. if [ $SYSTEM_TYPE ]; then
  240. if [[ $SYSTEM_TYPE != $VARIANT_WRITER && $SYSTEM_TYPE != $VARIANT_CLOUD && $SYSTEM_TYPE != $VARIANT_CHAT && $SYSTEM_TYPE != $VARIANT_MAILBOX && $SYSTEM_TYPE != $VARIANT_NONMAILBOX && $SYSTEM_TYPE != $VARIANT_SOCIAL && $SYSTEM_TYPE != $VARIANT_MEDIA ]]; then
  241. echo "'$SYSTEM_TYPE' is an unrecognised Freedombone variant."
  242. exit 30
  243. fi
  244. fi
  245. }
  246. function check_hwrng {
  247. # If hardware random number generation was enabled then make sure that the device exists.
  248. # if /dev/hwrng is not found then any subsequent cryptographic key generation would
  249. # suffer from low entropy and might be insecure
  250. if [ ! -f /etc/default/rng-tools ]; then
  251. return
  252. fi
  253. if [ ! -e /dev/hwrng ]; then
  254. ls /dev/hw*
  255. echo 'The hardware random number generator is enabled but could not be detected on'
  256. echo '/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.'
  257. exit 75
  258. fi
  259. }
  260. function create_backup_script {
  261. if grep -Fxq "create_backup_script" $COMPLETION_FILE; then
  262. return
  263. fi
  264. apt-get -y --force-yes install duplicity gnupg
  265. if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
  266. MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
  267. fi
  268. echo '#!/bin/bash' > /usr/bin/$BACKUP_SCRIPT_NAME
  269. echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  270. echo 'GPG_KEY=$1' >> /usr/bin/$BACKUP_SCRIPT_NAME
  271. echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  272. echo 'if [ ! $GPG_KEY ]; then' >> /usr/bin/$BACKUP_SCRIPT_NAME
  273. echo " if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
  274. echo ' echo "You need to specify a GPG key ID with which to create the backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  275. echo ' exit 1' >> /usr/bin/$BACKUP_SCRIPT_NAME
  276. echo ' fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
  277. echo " GPG_KEY='$MY_GPG_PUBLIC_KEY_ID'" >> /usr/bin/$BACKUP_SCRIPT_NAME
  278. echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
  279. echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  280. echo "if [ ! -b $USB_DRIVE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
  281. echo ' echo "Please attach a USB drive"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  282. echo ' exit 1' >> /usr/bin/$BACKUP_SCRIPT_NAME
  283. echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
  284. echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  285. echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
  286. echo " mkdir $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
  287. echo " mount $USB_DRIVE $USB_MOUNT" >> /usr/bin/$BACKUP_SCRIPT_NAME
  288. echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
  289. echo "if [ ! -d $USB_MOUNT/backup ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
  290. echo " mkdir $USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME
  291. echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
  292. echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  293. echo '# Put some files into a temporary directory so that they can be easily backed up' >> /usr/bin/$BACKUP_SCRIPT_NAME
  294. echo "if [ ! -d /home/$MY_USERNAME/tempfiles ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
  295. echo " mkdir /home/$MY_USERNAME/tempfiles" >> /usr/bin/$BACKUP_SCRIPT_NAME
  296. echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
  297. if [[ $MICROBLOG_INSTALLED == "yes" ]]; then
  298. echo 'echo "Obtaining GNU Social database backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  299. echo "mysqldump --password=$MARIADB_PASSWORD gnusocial > /home/$MY_USERNAME/tempfiles/gnusocial.sql" >> /usr/bin/$BACKUP_SCRIPT_NAME
  300. fi
  301. if [[ $REDMATRIX_INSTALLED == "yes" ]]; then
  302. echo 'echo "Obtaining Red Matrix database backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  303. echo "mysqldump --password=$MARIADB_PASSWORD redmatrix > /home/$MY_USERNAME/tempfiles/redmatrix.sql" >> /usr/bin/$BACKUP_SCRIPT_NAME
  304. fi
  305. if [[ $OWNCLOUD_INSTALLED == "yes" ]]; then
  306. echo 'echo "Obtaining Owncloud data backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  307. echo "tar -czvf /home/$MY_USERNAME/tempfiles/owncloud.tar.gz /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs/config /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs/data" >> /usr/bin/$BACKUP_SCRIPT_NAME
  308. fi
  309. if [[ $WIKI_INSTALLED == "yes" ]]; then
  310. echo 'echo "Obtaining wiki data backup"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  311. echo "tar -czvf /home/$MY_USERNAME/tempfiles/wiki.tar.gz /var/www/$WIKI_DOMAIN_NAME/htdocs" >> /usr/bin/$BACKUP_SCRIPT_NAME
  312. fi
  313. echo 'echo "Archiving miscellaneous files"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  314. echo "tar -czvf /home/$MY_USERNAME/tempfiles/miscfiles.tar.gz /home/$MY_USERNAME/.gnupg /home/$MY_USERNAME/.muttrc /home/$MY_USERNAME/.procmailrc /home/$MY_USERNAME/.ssh /home/$MY_USERNAME/personal" >> /usr/bin/$BACKUP_SCRIPT_NAME
  315. echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  316. echo '# Backup the public mailing list' >> /usr/bin/$BACKUP_SCRIPT_NAME
  317. echo "if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
  318. echo ' echo "Backing up the public mailing list"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  319. echo -n ' duplicity incr --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_SCRIPT_NAME
  320. echo "$PUBLIC_MAILING_LIST_DIRECTORY file://$USB_MOUNT/backup/publicmailinglist" >> /usr/bin/$BACKUP_SCRIPT_NAME
  321. echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
  322. echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  323. echo '# Backup xmpp settings' >> /usr/bin/$BACKUP_SCRIPT_NAME
  324. echo "if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
  325. echo ' echo "Backing up the XMPP settings"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  326. echo -n ' duplicity incr --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_SCRIPT_NAME
  327. echo "$XMPP_DIRECTORY file://$USB_MOUNT/backup/xmpp" >> /usr/bin/$BACKUP_SCRIPT_NAME
  328. echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
  329. echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  330. echo '# Backup web content and other stuff' >> /usr/bin/$BACKUP_SCRIPT_NAME
  331. echo "if [ -d /home/$MY_USERNAME/tempfiles ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
  332. echo ' echo "Backing up web content and miscellaneous files"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  333. echo -n ' duplicity incr --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_SCRIPT_NAME
  334. echo "/home/$MY_USERNAME/tempfiles file://$USB_MOUNT/backup/tempfiles" >> /usr/bin/$BACKUP_SCRIPT_NAME
  335. echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
  336. echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  337. echo '# Backup email' >> /usr/bin/$BACKUP_SCRIPT_NAME
  338. echo "if [ -d /home/$MY_USERNAME/Maildir ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
  339. echo ' echo "Backing up emails"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  340. echo -n ' duplicity incr --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_SCRIPT_NAME
  341. echo "/home/$MY_USERNAME/Maildir file://$USB_MOUNT/backup/Maildir" >> /usr/bin/$BACKUP_SCRIPT_NAME
  342. echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
  343. echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  344. echo '# Backup DLNA cache' >> /usr/bin/$BACKUP_SCRIPT_NAME
  345. echo "if [ -d /var/cache/minidlna ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
  346. echo ' echo "Backing up DLNA cache"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  347. echo -n ' duplicity incr --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems ' >> /usr/bin/$BACKUP_SCRIPT_NAME
  348. echo "/var/cache/minidlna file://$USB_MOUNT/backup/dlna" >> /usr/bin/$BACKUP_SCRIPT_NAME
  349. echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
  350. echo 'echo "Cleaning up backup files"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  351. echo "duplicity --force cleanup file://$USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME
  352. echo 'echo "Removing old backups"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  353. echo "duplicity --force remove-all-but-n-full 2 file://$USB_MOUNT/backup" >> /usr/bin/$BACKUP_SCRIPT_NAME
  354. echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
  355. echo '# Remove temporary files' >> /usr/bin/$BACKUP_SCRIPT_NAME
  356. echo "if [ -d /home/$MY_USERNAME/tempfiles ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
  357. echo ' echo "Removing temporary files"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  358. echo " rm -rf /home/$MY_USERNAME/tempfiles" >> /usr/bin/$BACKUP_SCRIPT_NAME
  359. echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
  360. echo 'echo "Backup is complete"' >> /usr/bin/$BACKUP_SCRIPT_NAME
  361. echo 'exit 0' >> /usr/bin/$BACKUP_SCRIPT_NAME
  362. echo 'create_backup_script' >> $COMPLETION_FILE
  363. }
  364. function create_restore_script {
  365. if grep -Fxq "create_restore_script" $COMPLETION_FILE; then
  366. return
  367. fi
  368. apt-get -y --force-yes install duplicity
  369. echo 'create_restore_script' >> $COMPLETION_FILE
  370. }
  371. function backup_to_friends_servers {
  372. if grep -Fxq "backup_to_friends_servers" $COMPLETION_FILE; then
  373. return
  374. fi
  375. if [ ! $FRIENDS_SERVERS_LIST ]; then
  376. return
  377. fi
  378. apt-get -y --force-yes install duplicity
  379. # script to do backups
  380. echo '#!/bin/bash' > /usr/bin/backup2friends
  381. echo 'GPG_KEY=$1' >> /usr/bin/backup2friends
  382. echo '' >> /usr/bin/backup2friends
  383. echo "if [ ! -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/backup2friends
  384. echo ' exit 1' >> /usr/bin/backup2friends
  385. echo 'fi' >> /usr/bin/backup2friends
  386. echo '' >> /usr/bin/backup2friends
  387. echo 'if [ ! $GPG_KEY ]; then' >> /usr/bin/backup2friends
  388. echo " echo 'Unable to perform automated backup. You need to add a GPG key to /etc/cron.daily/backuptofriends' | mail -s 'Backup failure' $MY_USERNAME@$DOMAIN_NAME" >> /usr/bin/backup2friends
  389. echo ' exit 2' >> /usr/bin/backup2friends
  390. echo 'fi' >> /usr/bin/backup2friends
  391. echo '' >> /usr/bin/backup2friends
  392. echo '# Put some files into a temporary directory so that they can be easily backed up' >> /usr/bin/backup2friends
  393. echo "if [ ! -d /home/$MY_USERNAME/tempfiles ]; then" >> /usr/bin/backup2friends
  394. echo " mkdir /home/$MY_USERNAME/tempfiles" >> /usr/bin/backup2friends
  395. echo 'fi' >> /usr/bin/backup2friends
  396. if [[ $MICROBLOG_INSTALLED == "yes" ]]; then
  397. echo "mysqldump --password=$MARIADB_PASSWORD gnusocial > /home/$MY_USERNAME/tempfiles/gnusocial.sql" >> /usr/bin/backup2friends
  398. fi
  399. if [[ $REDMATRIX_INSTALLED == "yes" ]]; then
  400. echo "mysqldump --password=$MARIADB_PASSWORD redmatrix > /home/$MY_USERNAME/tempfiles/redmatrix.sql" >> /usr/bin/backup2friends
  401. fi
  402. if [[ $OWNCLOUD_INSTALLED == "yes" ]]; then
  403. echo "tar -czvf /home/$MY_USERNAME/tempfiles/owncloud.tar.gz /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs/config /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs/data" >> /usr/bin/backup2friends
  404. fi
  405. if [[ $WIKI_INSTALLED == "yes" ]]; then
  406. echo "tar -czvf /home/$MY_USERNAME/tempfiles/wiki.tar.gz /var/www/$WIKI_DOMAIN_NAME/htdocs" >> /usr/bin/backup2friends
  407. fi
  408. echo 'tar -czvf /home/$MY_USERNAME/tempfiles/miscfiles.tar.gz /home/$MY_USERNAME/.gnupg /home/$MY_USERNAME/.muttrc /home/$MY_USERNAME/.procmailrc /home/$MY_USERNAME/.ssh /home/$MY_USERNAME/personal' >> /usr/bin/backup2friends
  409. echo '' >> /usr/bin/backup2friends
  410. echo 'while read remote_server' >> /usr/bin/backup2friends
  411. echo 'do' >> /usr/bin/backup2friends
  412. echo ' # Get the server and its password' >> /usr/bin/backup2friends
  413. echo ' SERVER="${* %%remote_server}"' >> /usr/bin/backup2friends
  414. echo ' FTP_PASSWORD="${remote_server%% *}"' >> /usr/bin/backup2friends
  415. echo '' >> /usr/bin/backup2friends
  416. echo ' # Backup the public mailing list' >> /usr/bin/backup2friends
  417. echo " if [ -d $PUBLIC_MAILING_LIST_DIRECTORY ]; then" >> /usr/bin/backup2friends
  418. echo " duplicity incr --ssh-askpass --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems $PUBLIC_MAILING_LIST_DIRECTORY $SERVER/publicmailinglist" >> /usr/bin/backup2friends
  419. echo ' fi' >> /usr/bin/backup2friends
  420. echo '' >> /usr/bin/backup2friends
  421. echo ' # Backup xmpp settings' >> /usr/bin/backup2friends
  422. echo " if [ -d $XMPP_DIRECTORY ]; then" >> /usr/bin/backup2friends
  423. echo " duplicity incr --ssh-askpass --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems $XMPP_DIRECTORY $SERVER/xmpp" >> /usr/bin/backup2friends
  424. echo ' fi' >> /usr/bin/backup2friends
  425. echo '' >> /usr/bin/backup2friends
  426. echo ' # Backup web content and other stuff' >> /usr/bin/backup2friends
  427. echo " if [ -d /home/$MY_USERNAME/tempfiles ]; then" >> /usr/bin/backup2friends
  428. echo " duplicity incr --ssh-askpass --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems /home/$MY_USERNAME/tempfiles $SERVER/tempfiles" >> /usr/bin/backup2friends
  429. echo ' fi' >> /usr/bin/backup2friends
  430. echo '' >> /usr/bin/backup2friends
  431. echo ' # Backup email' >> /usr/bin/backup2friends
  432. echo " if [ -d /home/$MY_USERNAME/Maildir ]; then" >> /usr/bin/backup2friends
  433. echo " duplicity incr --ssh-askpass --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems /home/$MY_USERNAME/Maildir $SERVER/Maildir" >> /usr/bin/backup2friends
  434. echo ' fi' >> /usr/bin/backup2friends
  435. echo '' >> /usr/bin/backup2friends
  436. echo ' # Backup DLNA cache' >> /usr/bin/backup2friends
  437. echo " if [ -d /var/cache/minidlna ]; then" >> /usr/bin/backup2friends
  438. echo " duplicity incr --ssh-askpass --encrypt-key $GPG_KEY --full-if-older-than 4W --exclude-other-filesystems /var/cache/minidlna $SERVER/dlna" >> /usr/bin/backup2friends
  439. echo ' fi' >> /usr/bin/backup2friends
  440. echo '' >> /usr/bin/backup2friends
  441. echo ' duplicity --ssh-askpass --force cleanup $SERVER' >> /usr/bin/backup2friends
  442. echo ' duplicity --ssh-askpass --force remove-all-but-n-full 2 $SERVER' >> /usr/bin/backup2friends
  443. echo "done < $FRIENDS_SERVERS_LIST" >> /usr/bin/backup2friends
  444. echo '' >> /usr/bin/backup2friends
  445. echo '# Remove temporary files' >> /usr/bin/backup2friends
  446. echo "if [ -d /home/$MY_USERNAME/tempfiles ]; then" >> /usr/bin/backup2friends
  447. echo " rm -rf /home/$MY_USERNAME/tempfiles" >> /usr/bin/backup2friends
  448. echo 'fi' >> /usr/bin/backup2friends
  449. echo 'exit 0' >> /usr/bin/backup2friends
  450. chmod +x /usr/bin/backup2friends
  451. # update crontab
  452. echo '#!/bin/bash' > /etc/cron.daily/backuptofriends
  453. if [ $MY_GPG_PUBLIC_KEY_ID ]; then
  454. echo "GPG_KEY=$MY_GPG_PUBLIC_KEY_ID" >> /etc/cron.daily/backuptofriends
  455. else
  456. echo 'GPG_KEY=' >> /etc/cron.daily/backuptofriends
  457. fi
  458. echo '/usr/bin/backup2friends $GPG_KEY' >> /etc/cron.daily/backuptofriends
  459. chmod +x /etc/cron.daily/backuptofriends
  460. echo 'backup_to_friends_servers' >> $COMPLETION_FILE
  461. }
  462. function remove_default_user {
  463. # make sure you don't use the default user account
  464. if [[ $MY_USERNAME == "debian" ]]; then
  465. echo 'Do not use the default debian user account. Create a different user with: adduser [username]'
  466. exit 68
  467. fi
  468. # remove the default debian user to prevent it from becoming an attack vector
  469. if [ -d /home/debian ]; then
  470. userdel -r debian
  471. echo 'Default debian user account removed'
  472. fi
  473. }
  474. function enforce_good_passwords {
  475. # because humans are generally bad at choosing passwords
  476. if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then
  477. return
  478. fi
  479. apt-get -y --force-yes install libpam-cracklib
  480. sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
  481. echo 'enforce_good_passwords' >> $COMPLETION_FILE
  482. }
  483. function change_login_message {
  484. if grep -Fxq "change_login_message" $COMPLETION_FILE; then
  485. return
  486. fi
  487. echo '' > /etc/motd
  488. echo ".---. . . " >> /etc/motd
  489. echo "| | | " >> /etc/motd
  490. echo "|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. " >> /etc/motd
  491. echo "| | (.-' (.-' ( | ( )| | | | )( )| | (.-' " >> /etc/motd
  492. echo "' ' --' --' -' - -' ' ' -' -' -' ' - --'" >> /etc/motd
  493. if [[ $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
  494. echo ' . . . ' >> /etc/motd
  495. echo ' |\ /| | o ' >> /etc/motd
  496. echo " | \/ | .-. .-.| . .-. " >> /etc/motd
  497. echo " | |(.-'( | | ( ) " >> /etc/motd
  498. echo " ' ' --' -' --' - -' - " >> /etc/motd
  499. fi
  500. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then
  501. echo ' . . . . . ' >> /etc/motd
  502. echo ' \ \ / / o _|_ ' >> /etc/motd
  503. echo ' \ \ /.--.. | .-. .--.' >> /etc/motd
  504. echo " \/ \/ | | | (.-' | " >> /etc/motd
  505. echo " ' ' ' -' - -' --'' " >> /etc/motd
  506. fi
  507. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
  508. echo ' .--.. . ' >> /etc/motd
  509. echo ' : | | ' >> /etc/motd
  510. echo ' | | .-. . . .-.| ' >> /etc/motd
  511. echo ' : |( )| |( | ' >> /etc/motd
  512. echo " --' - -' -- - -' -" >> /etc/motd
  513. fi
  514. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
  515. echo ' .--.. . ' >> /etc/motd
  516. echo ' : | _|_ ' >> /etc/motd
  517. echo ' | |--. .-. | ' >> /etc/motd
  518. echo ' : | |( ) | ' >> /etc/motd
  519. echo " --'' - -' - -' " >> /etc/motd
  520. fi
  521. if [[ $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
  522. echo ' .-. . ' >> /etc/motd
  523. echo ' ( ) o | ' >> /etc/motd
  524. echo ' -. .-. .-. . .-. | ' >> /etc/motd
  525. echo ' ( )( )( | ( ) | ' >> /etc/motd
  526. echo " -' -' -'-' - -' - - " >> /etc/motd
  527. fi
  528. if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
  529. echo ' . . . . ' >> /etc/motd
  530. echo ' |\ /| o | | ' >> /etc/motd
  531. echo ' | \/ | .-. . | |.-. .-.-. ,- ' >> /etc/motd
  532. echo ' | |( ) | | | )( ) : ' >> /etc/motd
  533. echo " ' ' -' --' - -' -' -'-' - " >> /etc/motd
  534. fi
  535. echo '' >> /etc/motd
  536. echo ' Freedom in the Cloud' >> /etc/motd
  537. echo '' >> /etc/motd
  538. echo 'change_login_message' >> $COMPLETION_FILE
  539. }
  540. function search_for_attached_usb_drive {
  541. # If a USB drive is attached then search for email,
  542. # gpg, ssh keys and emacs configuration
  543. if grep -Fxq "search_for_attached_usb_drive" $COMPLETION_FILE; then
  544. return
  545. fi
  546. if [ -b $USB_DRIVE ]; then
  547. if [ ! -d $USB_MOUNT ]; then
  548. echo 'Mounting USB drive'
  549. mkdir $USB_MOUNT
  550. mount $USB_DRIVE $USB_MOUNT
  551. fi
  552. if ! [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  553. if [ -d $USB_MOUNT/Maildir ]; then
  554. echo 'Maildir found on USB drive'
  555. IMPORT_MAILDIR=$USB_MOUNT/Maildir
  556. fi
  557. if [ -d $USB_MOUNT/.gnupg ]; then
  558. echo 'Importing GPG keyring'
  559. cp -r $USB_MOUNT/.gnupg /home/$MY_USERNAME
  560. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
  561. GPG_KEYS_IMPORTED="yes"
  562. if [ -f /home/$MY_USERNAME/.gnupg/secring.gpg ]; then
  563. shred -zu $USB_MOUNT/.gnupg/secring.gpg
  564. shred -zu $USB_MOUNT/.gnupg/random_seed
  565. shred -zu $USB_MOUNT/.gnupg/trustdb.gpg
  566. rm -rf $USB_MOUNT/.gnupg
  567. else
  568. echo 'GPG files did not copy'
  569. exit 7
  570. fi
  571. fi
  572. if [ -f $USB_MOUNT/.procmailrc ]; then
  573. echo 'Importing procmail settings'
  574. cp $USB_MOUNT/.procmailrc /home/$MY_USERNAME
  575. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
  576. fi
  577. if [ -f $USB_MOUNT/private_key.gpg ]; then
  578. echo 'GPG private key found on USB drive'
  579. MY_GPG_PRIVATE_KEY=$USB_MOUNT/private_key.gpg
  580. fi
  581. if [ -f $USB_MOUNT/public_key.gpg ]; then
  582. echo 'GPG public key found on USB drive'
  583. MY_GPG_PUBLIC_KEY=$USB_MOUNT/public_key.gpg
  584. fi
  585. fi
  586. if [ -d $USB_MOUNT/prosody ]; then
  587. if [ ! -d $XMPP_DIRECTORY ]; then
  588. mkdir $XMPP_DIRECTORY
  589. fi
  590. cp -r $USB_MOUNT/prosody/* $XMPP_DIRECTORY
  591. chown -R prosody:prosody $XMPP_DIRECTORY
  592. fi
  593. if [ -d $USB_MOUNT/.ssh ]; then
  594. echo 'Importing ssh keys'
  595. cp -r $USB_MOUNT/.ssh /home/$MY_USERNAME
  596. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
  597. # for security delete the ssh keys from the usb drive
  598. if [ -f /home/$MY_USERNAME/.ssh/id_rsa ]; then
  599. shred -zu $USB_MOUNT/.ssh/id_rsa
  600. shred -zu $USB_MOUNT/.ssh/id_rsa.pub
  601. shred -zu $USB_MOUNT/.ssh/known_hosts
  602. rm -rf $USB_MOUNT/.ssh
  603. else
  604. echo 'ssh files did not copy'
  605. exit 8
  606. fi
  607. fi
  608. if [ -f $USB_MOUNT/.emacs ]; then
  609. echo 'Importing .emacs file'
  610. cp -f $USB_MOUNT/.emacs /home/$MY_USERNAME/.emacs
  611. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
  612. fi
  613. if [ -d $USB_MOUNT/.emacs.d ]; then
  614. echo 'Importing .emacs.d directory'
  615. cp -r $USB_MOUNT/.emacs.d /home/$MY_USERNAME
  616. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs.d
  617. fi
  618. if [ -d $USB_MOUNT/ssl ]; then
  619. echo 'Importing SSL certificates'
  620. cp -r $USB_MOUNT/ssl/* /etc/ssl
  621. chmod 640 /etc/ssl/certs/*
  622. chmod 400 /etc/ssl/private/*
  623. # change ownership of some certificates
  624. if [ -d /etc/prosody ]; then
  625. chown prosody:prosody /etc/ssl/private/xmpp.*
  626. chown prosody:prosody /etc/ssl/certs/xmpp.*
  627. fi
  628. if [ -d /etc/dovecot ]; then
  629. chown root:dovecot /etc/ssl/certs/dovecot.*
  630. chown root:dovecot /etc/ssl/private/dovecot.*
  631. fi
  632. if [ -f /etc/ssl/private/exim.key ]; then
  633. chown root:Debian-exim /etc/ssl/private/exim.key /etc/ssl/certs/exim.crt /etc/ssl/certs/exim.dhparam
  634. fi
  635. fi
  636. if [ -d $USB_MOUNT/personal ]; then
  637. echo 'Importing personal directory'
  638. cp -r $USB_MOUNT/personal /home/$MY_USERNAME
  639. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/personal
  640. fi
  641. else
  642. if [ -d $USB_MOUNT ]; then
  643. umount $USB_MOUNT
  644. rm -rf $USB_MOUNT
  645. fi
  646. echo 'No USB drive attached'
  647. fi
  648. echo 'search_for_attached_usb_drive' >> $COMPLETION_FILE
  649. }
  650. function remove_proprietary_repos {
  651. if grep -Fxq "remove_proprietary_repos" $COMPLETION_FILE; then
  652. return
  653. fi
  654. sed -i 's/ non-free//g' /etc/apt/sources.list
  655. echo 'remove_proprietary_repos' >> $COMPLETION_FILE
  656. }
  657. function change_debian_repos {
  658. if grep -Fxq "change_debian_repos" $COMPLETION_FILE; then
  659. return
  660. fi
  661. rm -rf /var/lib/apt/lists/*
  662. apt-get clean
  663. sed -i "s/ftp.us.debian.org/$DEBIAN_REPO/g" /etc/apt/sources.list
  664. # ensure that there is a security repo
  665. if ! grep -q "security" /etc/apt/sources.list; then
  666. if grep -q "jessie" /etc/apt/sources.list; then
  667. echo "deb http://security.debian.org/ jessie/updates main contrib" >> /etc/apt/sources.list
  668. echo "#deb-src http://security.debian.org/ jessie/updates main contrib" >> /etc/apt/sources.list
  669. else
  670. if grep -q "wheezy" /etc/apt/sources.list; then
  671. echo "deb http://security.debian.org/ wheezy/updates main contrib" >> /etc/apt/sources.list
  672. echo "#deb-src http://security.debian.org/ wheezy/updates main contrib" >> /etc/apt/sources.list
  673. fi
  674. fi
  675. fi
  676. apt-get update
  677. apt-get -y --force-yes install apt-transport-https
  678. echo 'change_debian_repos' >> $COMPLETION_FILE
  679. }
  680. function initial_setup {
  681. if grep -Fxq "initial_setup" $COMPLETION_FILE; then
  682. return
  683. fi
  684. apt-get -y remove --purge apache*
  685. apt-get -y dist-upgrade
  686. apt-get -y install ca-certificates emacs24
  687. echo 'initial_setup' >> $COMPLETION_FILE
  688. }
  689. function install_editor {
  690. if grep -Fxq "install_editor" $COMPLETION_FILE; then
  691. return
  692. fi
  693. update-alternatives --set editor /usr/bin/emacs24
  694. echo 'install_editor' >> $COMPLETION_FILE
  695. }
  696. function enable_backports {
  697. if grep -Fxq "enable_backports" $COMPLETION_FILE; then
  698. return
  699. fi
  700. if ! grep -Fxq "deb http://$DEBIAN_REPO/debian jessie-backports main" /etc/apt/sources.list; then
  701. echo "deb http://$DEBIAN_REPO/debian jessie-backports main" >> /etc/apt/sources.list
  702. fi
  703. echo 'enable_backports' >> $COMPLETION_FILE
  704. }
  705. function update_the_kernel {
  706. if grep -Fxq "update_the_kernel" $COMPLETION_FILE; then
  707. return
  708. fi
  709. # if this is not a beaglebone or is a docker container
  710. # then just use the standard kernel
  711. if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
  712. return
  713. fi
  714. cd /opt/scripts/tools
  715. ./update_kernel.sh --kernel $KERNEL_VERSION
  716. echo 'update_the_kernel' >> $COMPLETION_FILE
  717. }
  718. function enable_zram {
  719. if grep -Fxq "enable_zram" $COMPLETION_FILE; then
  720. return
  721. fi
  722. if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
  723. return
  724. fi
  725. if ! grep -q "options zram num_devices=1" /etc/modprobe.d/zram.conf; then
  726. echo 'options zram num_devices=1' >> /etc/modprobe.d/zram.conf
  727. fi
  728. echo '#!/bin/bash' > /etc/init.d/zram
  729. echo '### BEGIN INIT INFO' >> /etc/init.d/zram
  730. echo '# Provides: zram' >> /etc/init.d/zram
  731. echo '# Required-Start:' >> /etc/init.d/zram
  732. echo '# Required-Stop:' >> /etc/init.d/zram
  733. echo '# Default-Start: 2 3 4 5' >> /etc/init.d/zram
  734. echo '# Default-Stop: 0 1 6' >> /etc/init.d/zram
  735. echo '# Short-Description: Increased Performance In Linux With zRam (Virtual Swap Compressed in RAM)' >> /etc/init.d/zram
  736. echo '# Description: Adapted from systemd scripts at https://github.com/mystilleef/FedoraZram' >> /etc/init.d/zram
  737. echo '### END INIT INFO' >> /etc/init.d/zram
  738. echo 'start() {' >> /etc/init.d/zram
  739. echo ' # get the number of CPUs' >> /etc/init.d/zram
  740. echo ' num_cpus=$(grep -c processor /proc/cpuinfo)' >> /etc/init.d/zram
  741. echo ' # if something goes wrong, assume we have 1' >> /etc/init.d/zram
  742. echo ' [ "$num_cpus" != 0 ] || num_cpus=1' >> /etc/init.d/zram
  743. echo ' # set decremented number of CPUs' >> /etc/init.d/zram
  744. echo ' decr_num_cpus=$((num_cpus - 1))' >> /etc/init.d/zram
  745. echo ' # get the amount of memory in the machine' >> /etc/init.d/zram
  746. echo ' mem_total_kb=$(grep MemTotal /proc/meminfo | grep -E --only-matching "[[:digit:]]+")' >> /etc/init.d/zram
  747. echo ' mem_total=$((mem_total_kb * 1024))' >> /etc/init.d/zram
  748. echo ' # load dependency modules' >> /etc/init.d/zram
  749. echo ' modprobe zram num_devices=$num_cpus' >> /etc/init.d/zram
  750. echo ' # initialize the devices' >> /etc/init.d/zram
  751. echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram
  752. echo ' echo $((mem_total / num_cpus)) > /sys/block/zram$i/disksize' >> /etc/init.d/zram
  753. echo ' done' >> /etc/init.d/zram
  754. echo ' # Creating swap filesystems' >> /etc/init.d/zram
  755. echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram
  756. echo ' mkswap /dev/zram$i' >> /etc/init.d/zram
  757. echo ' done' >> /etc/init.d/zram
  758. echo ' # Switch the swaps on' >> /etc/init.d/zram
  759. echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram
  760. echo ' swapon -p 100 /dev/zram$i' >> /etc/init.d/zram
  761. echo ' done' >> /etc/init.d/zram
  762. echo '}' >> /etc/init.d/zram
  763. echo 'stop() {' >> /etc/init.d/zram
  764. echo ' # get the number of CPUs' >> /etc/init.d/zram
  765. echo ' num_cpus=$(grep -c processor /proc/cpuinfo)' >> /etc/init.d/zram
  766. echo ' # set decremented number of CPUs' >> /etc/init.d/zram
  767. echo ' decr_num_cpus=$((num_cpus - 1))' >> /etc/init.d/zram
  768. echo ' # Switching off swap' >> /etc/init.d/zram
  769. echo ' for i in $(seq 0 $decr_num_cpus); do' >> /etc/init.d/zram
  770. echo ' if [ "$(grep /dev/zram$i /proc/swaps)" != "" ]; then' >> /etc/init.d/zram
  771. echo ' swapoff /dev/zram$i' >> /etc/init.d/zram
  772. echo ' sleep 1' >> /etc/init.d/zram
  773. echo ' fi' >> /etc/init.d/zram
  774. echo ' done' >> /etc/init.d/zram
  775. echo ' sleep 1' >> /etc/init.d/zram
  776. echo ' rmmod zram' >> /etc/init.d/zram
  777. echo '}' >> /etc/init.d/zram
  778. echo 'case "$1" in' >> /etc/init.d/zram
  779. echo ' start)' >> /etc/init.d/zram
  780. echo ' start' >> /etc/init.d/zram
  781. echo ' ;;' >> /etc/init.d/zram
  782. echo ' stop)' >> /etc/init.d/zram
  783. echo ' stop' >> /etc/init.d/zram
  784. echo ' ;;' >> /etc/init.d/zram
  785. echo ' restart)' >> /etc/init.d/zram
  786. echo ' stop' >> /etc/init.d/zram
  787. echo ' sleep 3' >> /etc/init.d/zram
  788. echo ' start' >> /etc/init.d/zram
  789. echo ' ;;' >> /etc/init.d/zram
  790. echo ' *)' >> /etc/init.d/zram
  791. echo ' echo "Usage: $0 {start|stop|restart}"' >> /etc/init.d/zram
  792. echo ' RETVAL=1' >> /etc/init.d/zram
  793. echo 'esac' >> /etc/init.d/zram
  794. echo 'exit $RETVAL' >> /etc/init.d/zram
  795. chmod +x /etc/init.d/zram
  796. update-rc.d zram defaults
  797. echo 'enable_zram' >> $COMPLETION_FILE
  798. }
  799. function random_number_generator {
  800. if grep -Fxq "random_number_generator" $COMPLETION_FILE; then
  801. return
  802. fi
  803. if [[ $INSTALLING_ON_BBB != "yes" ]]; then
  804. # On systems which are not beaglebones assume that
  805. # no hardware random number generator is available
  806. # and use the second best option
  807. apt-get -y --force-yes install haveged
  808. return
  809. fi
  810. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  811. # it is assumed that docker uses the random number
  812. # generator of the host system
  813. return
  814. fi
  815. if [[ $USE_HWRNG == "yes" ]]; then
  816. apt-get -y --force-yes install rng-tools
  817. sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
  818. else
  819. apt-get -y --force-yes install haveged
  820. fi
  821. echo 'random_number_generator' >> $COMPLETION_FILE
  822. }
  823. function configure_ssh {
  824. if grep -Fxq "configure_ssh" $COMPLETION_FILE; then
  825. return
  826. fi
  827. sed -i "s/Port 22/Port $SSH_PORT/g" /etc/ssh/sshd_config
  828. sed -i 's/PermitRootLogin without-password/PermitRootLogin no/g' /etc/ssh/sshd_config
  829. sed -i 's/X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config
  830. sed -i 's/ServerKeyBits 1024/ServerKeyBits 4096/g' /etc/ssh/sshd_config
  831. sed -i 's/TCPKeepAlive yes/TCPKeepAlive no/g' /etc/ssh/sshd_config
  832. sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config
  833. sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config
  834. echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config
  835. echo 'ClientAliveCountMax 3' >> /etc/ssh/sshd_config
  836. echo 'Ciphers aes256-ctr,aes128-ctr' >> /etc/ssh/sshd_config
  837. echo 'MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
  838. KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1' >> /etc/ssh/sshd_config
  839. apt-get -y --force-yes install fail2ban
  840. echo 'configure_ssh' >> $COMPLETION_FILE
  841. # Don't reboot if installing within docker
  842. # random numbers will come from the host system
  843. if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
  844. return
  845. fi
  846. echo ''
  847. echo ''
  848. echo ' *** Rebooting to initialise ssh settings and random number generator ***'
  849. echo ''
  850. echo " *** Reconnect via ssh on port $SSH_PORT, then run this script again ***"
  851. echo ''
  852. reboot
  853. }
  854. function regenerate_ssh_keys {
  855. if grep -Fxq "regenerate_ssh_keys" $COMPLETION_FILE; then
  856. return
  857. fi
  858. rm -f /etc/ssh/ssh_host_*
  859. dpkg-reconfigure openssh-server
  860. service ssh restart
  861. echo 'regenerate_ssh_keys' >> $COMPLETION_FILE
  862. }
  863. function configure_dns {
  864. if grep -Fxq "configure_dns" $COMPLETION_FILE; then
  865. return
  866. fi
  867. echo 'domain localdomain' > /etc/resolv.conf
  868. echo 'search localdomain' >> /etc/resolv.conf
  869. echo 'nameserver 213.73.91.35' >> /etc/resolv.conf
  870. echo 'nameserver 85.214.20.141' >> /etc/resolv.conf
  871. echo 'configure_dns' >> $COMPLETION_FILE
  872. }
  873. function set_your_domain_name {
  874. if grep -Fxq "set_your_domain_name" $COMPLETION_FILE; then
  875. return
  876. fi
  877. echo "$DOMAIN_NAME" > /etc/hostname
  878. hostname $DOMAIN_NAME
  879. sed -i "s/127.0.1.1 arm/127.0.1.1 $DOMAIN_NAME/g" /etc/hosts
  880. echo "127.0.1.1 $DOMAIN_NAME" >> /etc/hosts
  881. echo 'set_your_domain_name' >> $COMPLETION_FILE
  882. }
  883. function time_synchronisation {
  884. if grep -Fxq "time_synchronisation" $COMPLETION_FILE; then
  885. return
  886. fi
  887. #apt-get -y --force-yes install tlsdate
  888. # building tlsdate from source is a workaround because of
  889. # this bug https://github.com/ioerror/tlsdate/issues/130
  890. apt-get -y --force-yes install build-essential automake git pkg-config autoconf libtool libssl-dev libevent-dev
  891. if [ ! -d $INSTALL_DIR ]; then
  892. mkdir $INSTALL_DIR
  893. fi
  894. cd $INSTALL_DIR
  895. git clone https://github.com/ioerror/tlsdate.git
  896. cd $INSTALL_DIR/tlsdate
  897. ./autogen.sh
  898. ./configure
  899. make
  900. make install
  901. cp /usr/local/bin/tlsdate* /usr/bin
  902. cp /usr/local/sbin/tlsdate* /usr/bin
  903. apt-get -y remove ntpdate
  904. echo '#!/bin/bash' > /usr/bin/updatedate
  905. echo 'TIMESOURCE=google.com' >> /usr/bin/updatedate
  906. echo 'TIMESOURCE2=www.ptb.de' >> /usr/bin/updatedate
  907. echo 'LOGFILE=/var/log/tlsdate.log' >> /usr/bin/updatedate
  908. echo 'TIMEOUT=5' >> /usr/bin/updatedate
  909. echo "EMAIL=$MY_USERNAME@$DOMAIN_NAME" >> /usr/bin/updatedate
  910. echo '# File which contains the previous date as a number' >> /usr/bin/updatedate
  911. echo 'BEFORE_DATE_FILE=/var/log/tlsdateprevious.txt' >> /usr/bin/updatedate
  912. echo '# File which contains the previous date as a string' >> /usr/bin/updatedate
  913. echo 'BEFORE_FULLDATE_FILE=/var/log/tlsdate.txt' >> /usr/bin/updatedate
  914. echo 'DATE_BEFORE=$(date)' >> /usr/bin/updatedate
  915. echo 'BEFORE=$(date -d "$Y-$M-$D" "+%s")' >> /usr/bin/updatedate
  916. echo 'BACKWARDS_BETWEEN=0' >> /usr/bin/updatedate
  917. echo '# If the date was previously set' >> /usr/bin/updatedate
  918. echo 'if [ -f "$BEFORE_DATE_FILE" ]; then' >> /usr/bin/updatedate
  919. echo ' BEFORE_FILE=$(cat $BEFORE_DATE_FILE)' >> /usr/bin/updatedate
  920. echo ' BEFORE_FULLDATE=$(cat $BEFORE_FULLDATE_FILE)' >> /usr/bin/updatedate
  921. echo ' # is the date going backwards?' >> /usr/bin/updatedate
  922. echo ' if (( $BEFORE_FILE > $BEFORE )); then' >> /usr/bin/updatedate
  923. echo ' echo -n "Date went backwards between tlsdate updates. " >> $LOGFILE' >> /usr/bin/updatedate
  924. echo ' echo -n "$BEFORE_FILE > $BEFORE, " >> $LOGFILE' >> /usr/bin/updatedate
  925. echo ' echo "$BEFORE_FULLDATE > $DATE_BEFORE" >> $LOGFILE' >> /usr/bin/updatedate
  926. echo ' # Send a warning email' >> /usr/bin/updatedate
  927. echo ' echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL' >> /usr/bin/updatedate
  928. echo ' # Try another time source' >> /usr/bin/updatedate
  929. echo ' TIMESOURCE=$TIMESOURCE2' >> /usr/bin/updatedate
  930. echo ' # try running without any parameters' >> /usr/bin/updatedate
  931. echo ' tlsdate >> $LOGFILE' >> /usr/bin/updatedate
  932. echo ' BACKWARDS_BETWEEN=1' >> /usr/bin/updatedate
  933. echo ' fi' >> /usr/bin/updatedate
  934. echo 'fi' >> /usr/bin/updatedate
  935. echo '# Set the date' >> /usr/bin/updatedate
  936. echo '/usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE -p 443 >> $LOGFILE' >> /usr/bin/updatedate
  937. echo 'DATE_AFTER=$(date)' >> /usr/bin/updatedate
  938. echo 'AFTER=$(date -d "$Y-$M-$D" '+%s')' >> /usr/bin/updatedate
  939. echo '# After setting the date did it go backwards?' >> /usr/bin/updatedate
  940. echo 'if (( $AFTER < $BEFORE )); then' >> /usr/bin/updatedate
  941. echo ' echo "Incorrect date: $DATE_BEFORE -> $DATE_AFTER" >> $LOGFILE' >> /usr/bin/updatedate
  942. echo ' # Send a warning email' >> /usr/bin/updatedate
  943. echo ' echo $(tail $LOGFILE -n 2) | mail -s "tlsdate anomaly" $EMAIL' >> /usr/bin/updatedate
  944. echo ' # Try resetting the date from another time source' >> /usr/bin/updatedate
  945. echo ' /usr/bin/timeout $TIMEOUT tlsdate -l -t -H $TIMESOURCE2 -p 443 >> $LOGFILE' >> /usr/bin/updatedate
  946. echo ' DATE_AFTER=$(date)' >> /usr/bin/updatedate
  947. echo ' AFTER=$(date -d "$Y-$M-$D" "+%s")' >> /usr/bin/updatedate
  948. echo 'else' >> /usr/bin/updatedate
  949. echo ' echo -n $TIMESOURCE >> $LOGFILE' >> /usr/bin/updatedate
  950. echo ' if [ -f "$BEFORE_DATE_FILE" ]; then' >> /usr/bin/updatedate
  951. echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate
  952. echo ' echo -n $BEFORE_FILE >> $LOGFILE' >> /usr/bin/updatedate
  953. echo ' fi' >> /usr/bin/updatedate
  954. echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate
  955. echo ' echo -n $BEFORE >> $LOGFILE' >> /usr/bin/updatedate
  956. echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate
  957. echo ' echo -n $AFTER >> $LOGFILE' >> /usr/bin/updatedate
  958. echo ' echo -n " " >> $LOGFILE' >> /usr/bin/updatedate
  959. echo ' echo $DATE_AFTER >> $LOGFILE' >> /usr/bin/updatedate
  960. echo 'fi' >> /usr/bin/updatedate
  961. echo '# Log the last date' >> /usr/bin/updatedate
  962. echo 'if [[ $BACKWARDS_BETWEEN == 0 ]]; then' >> /usr/bin/updatedate
  963. echo ' echo "$AFTER" > $BEFORE_DATE_FILE' >> /usr/bin/updatedate
  964. echo ' echo "$DATE_AFTER" > $BEFORE_FULLDATE_FILE' >> /usr/bin/updatedate
  965. echo ' exit 0' >> /usr/bin/updatedate
  966. echo 'else' >> /usr/bin/updatedate
  967. echo ' exit 1' >> /usr/bin/updatedate
  968. echo 'fi' >> /usr/bin/updatedate
  969. chmod +x /usr/bin/updatedate
  970. echo '*/15 * * * * root /usr/bin/updatedate' >> /etc/crontab
  971. service cron restart
  972. echo '#!/bin/bash' > /etc/init.d/tlsdate
  973. echo '# /etc/init.d/tlsdate' >> /etc/init.d/tlsdate
  974. echo '### BEGIN INIT INFO' >> /etc/init.d/tlsdate
  975. echo '# Provides: tlsdate' >> /etc/init.d/tlsdate
  976. echo '# Required-Start: $remote_fs $syslog' >> /etc/init.d/tlsdate
  977. echo '# Required-Stop: $remote_fs $syslog' >> /etc/init.d/tlsdate
  978. echo '# Default-Start: 2 3 4 5' >> /etc/init.d/tlsdate
  979. echo '# Default-Stop: 0 1 6' >> /etc/init.d/tlsdate
  980. echo '# Short-Description: Initially calls tlsdate with the timewarp option' >> /etc/init.d/tlsdate
  981. echo '# Description: Initially calls tlsdate with the timewarp option' >> /etc/init.d/tlsdate
  982. echo '### END INIT INFO' >> /etc/init.d/tlsdate
  983. echo '# Author: Bob Mottram <bob@robotics.uk.to>' >> /etc/init.d/tlsdate
  984. echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin"' >> /etc/init.d/tlsdate
  985. echo 'LOGFILE="/var/log/tlsdate.log"' >> /etc/init.d/tlsdate
  986. echo 'TLSDATECOMMAND="tlsdate --timewarp -l -H www.ptb.de -p 443 >> $LOGFILE"' >> /etc/init.d/tlsdate
  987. echo '#Start-Stop here' >> /etc/init.d/tlsdate
  988. echo 'case "$1" in' >> /etc/init.d/tlsdate
  989. echo ' start)' >> /etc/init.d/tlsdate
  990. echo ' echo "tlsdate started"' >> /etc/init.d/tlsdate
  991. echo ' $TLSDATECOMMAND' >> /etc/init.d/tlsdate
  992. echo ' ;;' >> /etc/init.d/tlsdate
  993. echo ' stop)' >> /etc/init.d/tlsdate
  994. echo ' echo "tlsdate stopped"' >> /etc/init.d/tlsdate
  995. echo ' ;;' >> /etc/init.d/tlsdate
  996. echo ' restart)' >> /etc/init.d/tlsdate
  997. echo ' echo "tlsdate restarted"' >> /etc/init.d/tlsdate
  998. echo ' $TLSDATECOMMAND' >> /etc/init.d/tlsdate
  999. echo ' ;;' >> /etc/init.d/tlsdate
  1000. echo ' *)' >> /etc/init.d/tlsdate
  1001. echo ' echo "Usage: $0 {start|stop|restart}"' >> /etc/init.d/tlsdate
  1002. echo ' exit 1' >> /etc/init.d/tlsdate
  1003. echo ' ;;' >> /etc/init.d/tlsdate
  1004. echo 'esac' >> /etc/init.d/tlsdate
  1005. echo 'exit 0' >> /etc/init.d/tlsdate
  1006. chmod +x /etc/init.d/tlsdate
  1007. update-rc.d tlsdate defaults
  1008. echo 'time_synchronisation' >> $COMPLETION_FILE
  1009. }
  1010. function configure_firewall {
  1011. if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
  1012. return
  1013. fi
  1014. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  1015. # docker does its own firewalling
  1016. return
  1017. fi
  1018. iptables -P INPUT ACCEPT
  1019. ip6tables -P INPUT ACCEPT
  1020. iptables -F
  1021. ip6tables -F
  1022. iptables -X
  1023. ip6tables -X
  1024. iptables -P INPUT DROP
  1025. ip6tables -P INPUT DROP
  1026. iptables -A INPUT -i lo -j ACCEPT
  1027. iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  1028. # Make sure incoming tcp connections are SYN packets
  1029. iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
  1030. # Drop packets with incoming fragments
  1031. iptables -A INPUT -f -j DROP
  1032. # Drop bogons
  1033. iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
  1034. iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
  1035. iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
  1036. # Incoming malformed NULL packets:
  1037. iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
  1038. echo 'configure_firewall' >> $COMPLETION_FILE
  1039. }
  1040. function save_firewall_settings {
  1041. iptables-save > /etc/firewall.conf
  1042. ip6tables-save > /etc/firewall6.conf
  1043. printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
  1044. printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
  1045. printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
  1046. chmod +x /etc/network/if-up.d/iptables
  1047. }
  1048. function configure_firewall_for_dns {
  1049. if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
  1050. return
  1051. fi
  1052. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  1053. # docker does its own firewalling
  1054. return
  1055. fi
  1056. iptables -A INPUT -i eth0 -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
  1057. save_firewall_settings
  1058. echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
  1059. }
  1060. function configure_firewall_for_xmpp {
  1061. if [ ! -d /etc/prosody ]; then
  1062. return
  1063. fi
  1064. if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
  1065. return
  1066. fi
  1067. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  1068. # docker does its own firewalling
  1069. return
  1070. fi
  1071. iptables -A INPUT -i eth0 -p tcp --dport 5222:5223 -j ACCEPT
  1072. iptables -A INPUT -i eth0 -p tcp --dport 5269 -j ACCEPT
  1073. iptables -A INPUT -i eth0 -p tcp --dport 5280:5281 -j ACCEPT
  1074. save_firewall_settings
  1075. echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
  1076. }
  1077. function configure_firewall_for_irc {
  1078. if [ ! -d /etc/ngircd ]; then
  1079. return
  1080. fi
  1081. if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
  1082. return
  1083. fi
  1084. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  1085. # docker does its own firewalling
  1086. return
  1087. fi
  1088. iptables -A INPUT -i eth0 -p tcp --dport 6697 -j ACCEPT
  1089. iptables -A INPUT -i eth0 -p tcp --dport 9999 -j ACCEPT
  1090. save_firewall_settings
  1091. echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
  1092. }
  1093. function configure_firewall_for_ftp {
  1094. if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then
  1095. return
  1096. fi
  1097. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  1098. # docker does its own firewalling
  1099. return
  1100. fi
  1101. iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
  1102. save_firewall_settings
  1103. echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
  1104. }
  1105. function configure_firewall_for_web_access {
  1106. if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
  1107. return
  1108. fi
  1109. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  1110. # docker does its own firewalling
  1111. return
  1112. fi
  1113. iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
  1114. iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
  1115. save_firewall_settings
  1116. echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
  1117. }
  1118. function configure_firewall_for_web_server {
  1119. if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then
  1120. return
  1121. fi
  1122. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  1123. # docker does its own firewalling
  1124. return
  1125. fi
  1126. iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
  1127. iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
  1128. save_firewall_settings
  1129. echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
  1130. }
  1131. function configure_firewall_for_ssh {
  1132. if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
  1133. return
  1134. fi
  1135. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  1136. # docker does its own firewalling
  1137. return
  1138. fi
  1139. iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
  1140. iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
  1141. save_firewall_settings
  1142. echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
  1143. }
  1144. function configure_firewall_for_git {
  1145. if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
  1146. return
  1147. fi
  1148. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  1149. # docker does its own firewalling
  1150. return
  1151. fi
  1152. iptables -A INPUT -i eth0 -p tcp --dport 9418 -j ACCEPT
  1153. save_firewall_settings
  1154. echo 'configure_firewall_for_git' >> $COMPLETION_FILE
  1155. }
  1156. function configure_firewall_for_email {
  1157. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1158. return
  1159. fi
  1160. if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
  1161. return
  1162. fi
  1163. if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
  1164. # docker does its own firewalling
  1165. return
  1166. fi
  1167. iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
  1168. iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
  1169. iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
  1170. iptables -A INPUT -i eth0 -p tcp --dport 993 -j ACCEPT
  1171. save_firewall_settings
  1172. echo 'configure_firewall_for_email' >> $COMPLETION_FILE
  1173. }
  1174. function configure_internet_protocol {
  1175. if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
  1176. return
  1177. fi
  1178. sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf
  1179. sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
  1180. sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
  1181. sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf
  1182. sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
  1183. sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
  1184. sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf
  1185. sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf
  1186. sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf
  1187. sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf
  1188. echo '# ignore pings' >> /etc/sysctl.conf
  1189. echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
  1190. echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
  1191. echo '# disable ipv6' >> /etc/sysctl.conf
  1192. echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
  1193. echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
  1194. echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
  1195. echo '# keepalive' >> /etc/sysctl.conf
  1196. echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
  1197. echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
  1198. echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
  1199. echo 'configure_internet_protocol' >> $COMPLETION_FILE
  1200. }
  1201. function script_to_make_self_signed_certificates {
  1202. if grep -Fxq "script_to_make_self_signed_certificates" $COMPLETION_FILE; then
  1203. return
  1204. fi
  1205. echo '#!/bin/bash' > /usr/bin/makecert
  1206. echo 'HOSTNAME=$1' >> /usr/bin/makecert
  1207. echo 'COUNTRY_CODE="US"' >> /usr/bin/makecert
  1208. echo 'AREA="Free Speech Zone"' >> /usr/bin/makecert
  1209. echo 'LOCATION="Freedomville"' >> /usr/bin/makecert
  1210. echo 'ORGANISATION="Freedombone"' >> /usr/bin/makecert
  1211. echo 'UNIT="Freedombone Unit"' >> /usr/bin/makecert
  1212. echo 'if ! which openssl > /dev/null ;then' >> /usr/bin/makecert
  1213. echo ' echo "$0: openssl is not installed, exiting" 1>&2' >> /usr/bin/makecert
  1214. echo ' exit 1' >> /usr/bin/makecert
  1215. echo 'fi' >> /usr/bin/makecert
  1216. echo 'openssl req -x509 -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt' >> /usr/bin/makecert
  1217. echo 'openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam' >> /usr/bin/makecert
  1218. echo 'chmod 400 /etc/ssl/private/$HOSTNAME.key' >> /usr/bin/makecert
  1219. echo 'chmod 640 /etc/ssl/certs/$HOSTNAME.crt' >> /usr/bin/makecert
  1220. echo 'chmod 640 /etc/ssl/certs/$HOSTNAME.dhparam' >> /usr/bin/makecert
  1221. echo 'if [ -f /etc/init.d/nginx ]; then' >> /usr/bin/makecert
  1222. echo ' /etc/init.d/nginx reload' >> /usr/bin/makecert
  1223. echo 'fi' >> /usr/bin/makecert
  1224. echo '# add the public certificate to a separate directory' >> /usr/bin/makecert
  1225. echo '# so that we can redistribute it easily' >> /usr/bin/makecert
  1226. echo 'if [ ! -d /etc/ssl/mycerts ]; then' >> /usr/bin/makecert
  1227. echo ' mkdir /etc/ssl/mycerts' >> /usr/bin/makecert
  1228. echo 'fi' >> /usr/bin/makecert
  1229. echo 'cp /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/mycerts' >> /usr/bin/makecert
  1230. echo '# Create a bundle of your certificates' >> /usr/bin/makecert
  1231. echo 'cat /etc/ssl/mycerts/*.crt > /etc/ssl/freedombone-bundle.crt' >> /usr/bin/makecert
  1232. echo 'tar -czvf /etc/ssl/freedombone-certs.tar.gz /etc/ssl/mycerts/*.crt' >> /usr/bin/makecert
  1233. chmod +x /usr/bin/makecert
  1234. echo 'script_to_make_self_signed_certificates' >> $COMPLETION_FILE
  1235. }
  1236. function configure_email {
  1237. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1238. return
  1239. fi
  1240. if grep -Fxq "configure_email" $COMPLETION_FILE; then
  1241. return
  1242. fi
  1243. apt-get -y remove postfix
  1244. apt-get -y --force-yes install exim4 sasl2-bin swaks libnet-ssleay-perl procmail
  1245. if [ ! -d /etc/exim4 ]; then
  1246. echo "ERROR: Exim does not appear to have installed. $CHECK_MESSAGE"
  1247. exit 48
  1248. fi
  1249. # configure for Maildir format
  1250. sed -i 's/MAIL_DIR/#MAIL_DIR/g' /etc/login.defs
  1251. sed -i 's|#MAIL_FILE.*|MAIL_FILE Maildir/|g' /etc/login.defs
  1252. if ! grep -q "export MAIL" /etc/profile; then
  1253. echo 'export MAIL=~/Maildir' >> /etc/profile
  1254. fi
  1255. sed -i 's|pam_mail.so standard|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/login
  1256. sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd
  1257. sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su
  1258. echo 'dc_eximconfig_configtype="internet"' > /etc/exim4/update-exim4.conf.conf
  1259. echo "dc_other_hostnames='$DOMAIN_NAME'" >> /etc/exim4/update-exim4.conf.conf
  1260. echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf
  1261. echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf
  1262. echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf
  1263. echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf
  1264. echo "dc_relay_nets='192.168.1.0/24'" >> /etc/exim4/update-exim4.conf.conf
  1265. echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf
  1266. echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf
  1267. echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf
  1268. echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf
  1269. echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf
  1270. echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf
  1271. update-exim4.conf
  1272. sed -i "s/START=no/START=yes/g" /etc/default/saslauthd
  1273. /etc/init.d/saslauthd start
  1274. # make a tls certificate for email
  1275. if [ ! -f /etc/ssl/private/exim.key ]; then
  1276. makecert exim
  1277. fi
  1278. cp /etc/ssl/private/exim.key /etc/exim4
  1279. cp /etc/ssl/certs/exim.crt /etc/exim4
  1280. cp /etc/ssl/certs/exim.dhparam /etc/exim4
  1281. chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
  1282. chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
  1283. sed -i '/login_saslauthd_server/,/.endif/ s/# *//' /etc/exim4/exim4.conf.template
  1284. sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME = $DOMAIN_NAME\nMAIN_TLS_ENABLE = true" /etc/exim4/exim4.conf.template
  1285. sed -i "s|SMTPLISTENEROPTIONS=''|SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'|g" /etc/default/exim4
  1286. if ! grep -q "tls_on_connect_ports=465" /etc/exim4/exim4.conf.template; then
  1287. sed -i '/SSL configuration for exim/i\tls_on_connect_ports=465' /etc/exim4/exim4.conf.template
  1288. fi
  1289. adduser $MY_USERNAME sasl
  1290. addgroup Debian-exim sasl
  1291. /etc/init.d/exim4 restart
  1292. if [ ! -d /etc/skel/Maildir ]; then
  1293. mkdir -m 700 /etc/skel/Maildir
  1294. mkdir -m 700 /etc/skel/Maildir/Sent
  1295. mkdir -m 700 /etc/skel/Maildir/Sent/tmp
  1296. mkdir -m 700 /etc/skel/Maildir/Sent/cur
  1297. mkdir -m 700 /etc/skel/Maildir/Sent/new
  1298. mkdir -m 700 /etc/skel/Maildir/.learn-spam
  1299. mkdir -m 700 /etc/skel/Maildir/.learn-spam/cur
  1300. mkdir -m 700 /etc/skel/Maildir/.learn-spam/new
  1301. mkdir -m 700 /etc/skel/Maildir/.learn-spam/tmp
  1302. mkdir -m 700 /etc/skel/Maildir/.learn-ham
  1303. mkdir -m 700 /etc/skel/Maildir/.learn-ham/cur
  1304. mkdir -m 700 /etc/skel/Maildir/.learn-ham/new
  1305. mkdir -m 700 /etc/skel/Maildir/.learn-ham/tmp
  1306. ln -s /etc/skel/Maildir/.learn-spam /etc/skel/Maildir/spam
  1307. ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham
  1308. fi
  1309. if [ ! -d /home/$MY_USERNAME/Maildir ]; then
  1310. mkdir -m 700 /home/$MY_USERNAME/Maildir
  1311. mkdir -m 700 /home/$MY_USERNAME/Maildir/cur
  1312. mkdir -m 700 /home/$MY_USERNAME/Maildir/tmp
  1313. mkdir -m 700 /home/$MY_USERNAME/Maildir/new
  1314. mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent
  1315. mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/cur
  1316. mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/tmp
  1317. mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/new
  1318. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam
  1319. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/cur
  1320. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/new
  1321. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/tmp
  1322. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham
  1323. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/cur
  1324. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/new
  1325. mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/tmp
  1326. ln -s /home/$MY_USERNAME/Maildir/.learn-spam /home/$MY_USERNAME/Maildir/spam
  1327. ln -s /home/$MY_USERNAME/Maildir/.learn-ham /home/$MY_USERNAME/Maildir/ham
  1328. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
  1329. fi
  1330. echo 'configure_email' >> $COMPLETION_FILE
  1331. }
  1332. function create_procmail {
  1333. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1334. return
  1335. fi
  1336. if grep -Fxq "create_procmail" $COMPLETION_FILE; then
  1337. return
  1338. fi
  1339. if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then
  1340. echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME/.procmailrc
  1341. echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc
  1342. echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc
  1343. echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc
  1344. fi
  1345. echo 'create_procmail' >> $COMPLETION_FILE
  1346. }
  1347. function spam_filtering {
  1348. # NOTE: spamassassin installation currently doesn't work, sa-compile fails with a make error 23/09/2014
  1349. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1350. return
  1351. fi
  1352. if grep -Fxq "spam_filtering" $COMPLETION_FILE; then
  1353. return
  1354. fi
  1355. apt-get -y --force-yes install exim4-daemon-heavy
  1356. apt-get -y --force-yes install spamassassin
  1357. sa-update -v
  1358. sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/spamassassin
  1359. sed -i 's/# spamd_address = 127.0.0.1 783/spamd_address = 127.0.0.1 783/g' /etc/exim4/exim4.conf.template
  1360. # This configuration is based on https://wiki.debian.org/DebianSpamAssassin
  1361. sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
  1362. sed -i '/domains = +local_domains : +relay_to_domains/a\ set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
  1363. sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data
  1364. echo 'warn message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  1365. echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  1366. echo 'warn message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  1367. echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  1368. echo 'warn message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  1369. echo ' spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  1370. echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  1371. echo 'deny message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  1372. echo ' spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  1373. echo ' condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
  1374. # procmail configuration
  1375. echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc
  1376. echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc
  1377. echo ' * < 256000' >> /home/$MY_USERNAME/.procmailrc
  1378. echo '| spamc' >> /home/$MY_USERNAME/.procmailrc
  1379. echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc
  1380. echo ':0' >> /home/$MY_USERNAME/.procmailrc
  1381. echo ' * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
  1382. echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
  1383. echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc
  1384. echo ':0' >> /home/$MY_USERNAME/.procmailrc
  1385. echo ' * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
  1386. echo '.0-spam/' >> /home/$MY_USERNAME/.procmailrc
  1387. echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc
  1388. echo ':0' >> /home/$MY_USERNAME/.procmailrc
  1389. echo ' * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc
  1390. echo '.spam/' >> /home/$MY_USERNAME/.procmailrc
  1391. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
  1392. # filtering scripts
  1393. echo '#!/bin/bash' > /usr/bin/filterspam
  1394. echo 'USERNAME=$1' >> /usr/bin/filterspam
  1395. echo 'MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
  1396. echo 'if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
  1397. echo ' exit' >> /usr/bin/filterspam
  1398. echo 'fi' >> /usr/bin/filterspam
  1399. echo 'for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam
  1400. echo 'do' >> /usr/bin/filterspam
  1401. echo ' spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam
  1402. echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam
  1403. echo 'done' >> /usr/bin/filterspam
  1404. echo 'for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam
  1405. echo 'do' >> /usr/bin/filterspam
  1406. echo ' spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam
  1407. echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam
  1408. echo 'done' >> /usr/bin/filterspam
  1409. echo '#!/bin/bash' > /usr/bin/filterham
  1410. echo 'USERNAME=$1' >> /usr/bin/filterham
  1411. echo 'MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
  1412. echo 'if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
  1413. echo ' exit' >> /usr/bin/filterham
  1414. echo 'fi' >> /usr/bin/filterham
  1415. echo 'for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham
  1416. echo 'do' >> /usr/bin/filterham
  1417. echo ' spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham
  1418. echo ' rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham
  1419. echo 'done' >> /usr/bin/filterham
  1420. echo 'for f in `ls $MAILDIR/new`' >> /usr/bin/filterham
  1421. echo 'do' >> /usr/bin/filterham
  1422. echo ' spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham
  1423. echo ' rm "$MAILDIR/new/$f"' >> /usr/bin/filterham
  1424. echo 'done' >> /usr/bin/filterham
  1425. if ! grep -q "filterspam" /etc/crontab; then
  1426. echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterspam $MY_USERNAME" >> /etc/crontab
  1427. fi
  1428. if ! grep -q "filterham" /etc/crontab; then
  1429. echo "*/3 * * * * root /usr/bin/timeout 120 /usr/bin/filterham $MY_USERNAME" >> /etc/crontab
  1430. fi
  1431. chmod 655 /usr/bin/filterspam /usr/bin/filterham
  1432. sed -i 's/# use_bayes 1/use_bayes 1/g' /etc/mail/spamassassin/local.cf
  1433. sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf
  1434. service spamassassin restart
  1435. service exim4 restart
  1436. service cron restart
  1437. echo 'spam_filtering' >> $COMPLETION_FILE
  1438. }
  1439. function configure_imap {
  1440. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1441. return
  1442. fi
  1443. if grep -Fxq "configure_imap" $COMPLETION_FILE; then
  1444. return
  1445. fi
  1446. apt-get -y --force-yes install dovecot-common dovecot-imapd
  1447. if [ ! -d /etc/dovecot ]; then
  1448. echo "ERROR: Dovecot does not appear to have installed. $CHECK_MESSAGE"
  1449. exit 48
  1450. fi
  1451. if [ ! -f /etc/ssl/private/dovecot.key ]; then
  1452. makecert dovecot
  1453. fi
  1454. chown root:dovecot /etc/ssl/certs/dovecot.*
  1455. chown root:dovecot /etc/ssl/private/dovecot.*
  1456. sed -i 's|#ssl = yes|ssl = yes|g' /etc/dovecot/conf.d/10-ssl.conf
  1457. sed -i 's|ssl_cert = </etc/dovecot/dovecot.pem|ssl_cert = </etc/ssl/certs/dovecot.crt|g' /etc/dovecot/conf.d/10-ssl.conf
  1458. sed -i 's|ssl_key = </etc/dovecot/private/dovecot.pem|/etc/ssl/private/dovecot.key|g' /etc/dovecot/conf.d/10-ssl.conf
  1459. sed -i 's|#ssl_dh_parameters_length = 1024|ssl_dh_parameters_length = 1024|g' /etc/dovecot/conf.d/10-ssl.conf
  1460. sed -i 's/#ssl_prefer_server_ciphers = no/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf
  1461. echo "ssl_cipher_list = '$SSL_CIPHERS'" >> /etc/dovecot/conf.d/10-ssl.conf
  1462. sed -i 's/#listen = *, ::/listen = */g' /etc/dovecot/dovecot.conf
  1463. sed -i 's/#disable_plaintext_auth = yes/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf
  1464. sed -i 's/auth_mechanisms = plain/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf
  1465. sed -i 's|# mail_location = maildir:~/Maildir| mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf
  1466. echo 'configure_imap' >> $COMPLETION_FILE
  1467. }
  1468. function configure_gpg {
  1469. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1470. return
  1471. fi
  1472. if grep -Fxq "configure_gpg" $COMPLETION_FILE; then
  1473. return
  1474. fi
  1475. apt-get -y --force-yes install gnupg
  1476. # if gpg keys directory was previously imported from usb
  1477. if [[ $GPG_KEYS_IMPORTED == "yes" && -d /home/$MY_USERNAME/.gnupg ]]; then
  1478. sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf
  1479. MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
  1480. echo 'configure_gpg' >> $COMPLETION_FILE
  1481. return
  1482. fi
  1483. if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
  1484. mkdir /home/$MY_USERNAME/.gnupg
  1485. echo 'keyserver hkp://keys.gnupg.net' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  1486. echo 'keyserver-options auto-key-retrieve' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  1487. fi
  1488. sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" /home/$MY_USERNAME/.gnupg/gpg.conf
  1489. if ! grep -q "# default preferences" /home/$MY_USERNAME/.gnupg/gpg.conf; then
  1490. echo '' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  1491. echo '# default preferences' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  1492. echo 'personal-digest-preferences SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  1493. echo 'cert-digest-algo SHA256' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  1494. echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$MY_USERNAME/.gnupg/gpg.conf
  1495. fi
  1496. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
  1497. if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then
  1498. # use your existing GPG keys which were exported
  1499. if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
  1500. echo "GPG public key file $MY_GPG_PUBLIC_KEY was not found"
  1501. exit 5
  1502. fi
  1503. if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
  1504. echo "GPG private key file $MY_GPG_PRIVATE_KEY was not found"
  1505. exit 6
  1506. fi
  1507. su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME
  1508. su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
  1509. # for security ensure that the private key file doesn't linger around
  1510. shred -zu $MY_GPG_PRIVATE_KEY
  1511. MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
  1512. else
  1513. # Generate a GPG key
  1514. echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
  1515. echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
  1516. echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
  1517. echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
  1518. echo "Name-Real: $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
  1519. echo "Name-Email: $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
  1520. echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
  1521. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
  1522. su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
  1523. shred -zu /home/$MY_USERNAME/gpg-genkey.conf
  1524. MY_GPG_PUBLIC_KEY_ID=$(su -c "gpg --list-keys $MY_USERNAME@$DOMAIN_NAME | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
  1525. MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
  1526. su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
  1527. fi
  1528. echo 'configure_gpg' >> $COMPLETION_FILE
  1529. }
  1530. function encrypt_incoming_email {
  1531. # encrypts incoming mail using your GPG public key
  1532. # so even if an attacker gains access to the data at rest they still need
  1533. # to know your GPG key password to be able to read anything
  1534. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1535. return
  1536. fi
  1537. if grep -Fxq "encrypt_incoming_email" $COMPLETION_FILE; then
  1538. return
  1539. fi
  1540. if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
  1541. return
  1542. fi
  1543. if [ ! -f /usr/bin/gpgit.pl ]; then
  1544. apt-get -y --force-yes install git libmail-gnupg-perl
  1545. cd $INSTALL_DIR
  1546. git clone https://github.com/mikecardwell/gpgit
  1547. cd gpgit
  1548. cp gpgit.pl /usr/bin
  1549. fi
  1550. # add a procmail rule
  1551. if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then
  1552. echo '' >> /home/$MY_USERNAME/.procmailrc
  1553. echo ':0 f' >> /home/$MY_USERNAME/.procmailrc
  1554. echo "| /usr/bin/gpgit.pl $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/.procmailrc
  1555. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
  1556. fi
  1557. echo 'encrypt_incoming_email' >> $COMPLETION_FILE
  1558. }
  1559. function encrypt_outgoing_email {
  1560. # encrypts outgoing mail using your GPG public key
  1561. # so even if an attacker gains access to the data at rest they still need
  1562. # to know your GPG key password to be able to read sent mail
  1563. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1564. return
  1565. fi
  1566. if grep -Fxq "encrypt_outgoing_email" $COMPLETION_FILE; then
  1567. return
  1568. fi
  1569. if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
  1570. return
  1571. fi
  1572. echo 'sent_items_router:' > /etc/exim4/conf.d/router/170_exim4-config_encryptsent
  1573. echo ' driver = accept' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
  1574. echo ' transport = sent_items_transport' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
  1575. echo ' condition = ${if !eq{$authenticated_id}{}}' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
  1576. echo ' unseen' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
  1577. echo ' no_verify' >> /etc/exim4/conf.d/router/170_exim4-config_encryptsent
  1578. # TODO
  1579. echo 'sent_items_transport:'
  1580. echo ' driver = pipe'
  1581. echo ' user = $authenticated_id'
  1582. echo ' group = Debian-exim'
  1583. echo ' temp_errors = *'
  1584. echo ' transport_filter = /usr/bin/gpgit.pl $sender_address'
  1585. echo ' command = /usr/bin/pipe2imap.pl --ssl --user master --authas $authenticated_id --passfile /etc/exim4/master_imap_password.txt --folder "Sent Items" --flags "\\seen"'
  1586. echo ' log_defer_output = true'
  1587. service exim4 restart
  1588. echo 'encrypt_outgoing_email' >> $COMPLETION_FILE
  1589. }
  1590. function email_client {
  1591. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1592. return
  1593. fi
  1594. if grep -Fxq "email_client" $COMPLETION_FILE; then
  1595. return
  1596. fi
  1597. apt-get -y --force-yes install mutt-patched lynx abook
  1598. if [ ! -f /etc/Muttrc ]; then
  1599. echo "ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE"
  1600. exit 49
  1601. fi
  1602. if [ ! -d /home/$MY_USERNAME/.mutt ]; then
  1603. mkdir /home/$MY_USERNAME/.mutt
  1604. fi
  1605. echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘s/^ //’; copiousoutput; needsterminal; nametemplate=%s.html" > /home/$MY_USERNAME/.mutt/mailcap
  1606. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt
  1607. echo 'set mbox_type=Maildir' >> /etc/Muttrc
  1608. echo 'set folder="~/Maildir"' >> /etc/Muttrc
  1609. echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc
  1610. echo 'set mbox="~/Maildir"' >> /etc/Muttrc
  1611. echo 'set record="+Sent"' >> /etc/Muttrc
  1612. echo 'set postponed="+Drafts"' >> /etc/Muttrc
  1613. echo 'set trash="+Trash"' >> /etc/Muttrc
  1614. echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc
  1615. echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc
  1616. echo 'set editor="emacs"' >> /etc/Muttrc
  1617. echo 'set header_cache="+.cache"' >> /etc/Muttrc
  1618. echo '' >> /etc/Muttrc
  1619. echo 'macro index S "<tag-prefix><save-message>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc
  1620. echo 'macro pager S "<save-message>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc
  1621. echo 'macro index H "<tag-prefix><copy-message>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc
  1622. echo 'macro pager H "<copy-message>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc
  1623. echo '' >> /etc/Muttrc
  1624. echo '# set up the sidebar' >> /etc/Muttrc
  1625. echo 'set sidebar_width=12' >> /etc/Muttrc
  1626. echo 'set sidebar_visible=yes' >> /etc/Muttrc
  1627. echo "set sidebar_delim='|'" >> /etc/Muttrc
  1628. echo 'set sidebar_sort=yes' >> /etc/Muttrc
  1629. echo '' >> /etc/Muttrc
  1630. echo 'set rfc2047_parameters' >> /etc/Muttrc
  1631. echo '' >> /etc/Muttrc
  1632. echo '# Show inbox and sent items' >> /etc/Muttrc
  1633. echo 'mailboxes = =Sent' >> /etc/Muttrc
  1634. echo '' >> /etc/Muttrc
  1635. echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc
  1636. echo 'color sidebar_new yellow default' >> /etc/Muttrc
  1637. echo 'color normal white default' >> /etc/Muttrc
  1638. echo 'color hdrdefault brightcyan default' >> /etc/Muttrc
  1639. echo 'color signature green default' >> /etc/Muttrc
  1640. echo 'color attachment brightyellow default' >> /etc/Muttrc
  1641. echo 'color quoted green default' >> /etc/Muttrc
  1642. echo 'color quoted1 white default' >> /etc/Muttrc
  1643. echo 'color tilde blue default' >> /etc/Muttrc
  1644. echo '' >> /etc/Muttrc
  1645. echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc
  1646. echo '# ctrl-o to open selected folder' >> /etc/Muttrc
  1647. echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc
  1648. echo 'bind index \Cn sidebar-next' >> /etc/Muttrc
  1649. echo 'bind index \Co sidebar-open' >> /etc/Muttrc
  1650. echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc
  1651. echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc
  1652. echo 'bind pager \Co sidebar-open' >> /etc/Muttrc
  1653. echo '' >> /etc/Muttrc
  1654. echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc
  1655. echo "macro index,pager \Cb '<enter-command>toggle sidebar_visible<enter><redraw-screen>' 'toggle sidebar'" >> /etc/Muttrc
  1656. echo '' >> /etc/Muttrc
  1657. echo '# esc-m Mark new messages as read' >> /etc/Muttrc
  1658. echo 'macro index <esc>m "T~N<enter>;WNT~O<enter>;WO\CT~T<enter>" "mark all messages read"' >> /etc/Muttrc
  1659. echo '' >> /etc/Muttrc
  1660. echo '# Collapsing threads' >> /etc/Muttrc
  1661. echo 'macro index [ "<collapse-thread>" "collapse/uncollapse thread"' >> /etc/Muttrc
  1662. echo 'macro index ] "<collapse-all>" "collapse/uncollapse all threads"' >> /etc/Muttrc
  1663. echo '' >> /etc/Muttrc
  1664. echo '# threads containing new messages' >> /etc/Muttrc
  1665. echo 'uncolor index "~(~N)"' >> /etc/Muttrc
  1666. echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc
  1667. echo '' >> /etc/Muttrc
  1668. echo '# new messages themselves' >> /etc/Muttrc
  1669. echo 'uncolor index "~N"' >> /etc/Muttrc
  1670. echo 'color index brightyellow default "~N"' >> /etc/Muttrc
  1671. echo '' >> /etc/Muttrc
  1672. echo '# GPG/PGP integration' >> /etc/Muttrc
  1673. echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc
  1674. echo 'set pgp_timeout=1800' >> /etc/Muttrc
  1675. echo '' >> /etc/Muttrc
  1676. echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc
  1677. echo 'set pgp_autosign # autosign all outgoing mails' >> /etc/Muttrc
  1678. echo 'set pgp_autoencrypt # Try to encrypt automatically' >> /etc/Muttrc
  1679. echo 'set pgp_replyencrypt # autocrypt replies to crypted' >> /etc/Muttrc
  1680. echo 'set pgp_replysign # autosign replies to signed' >> /etc/Muttrc
  1681. echo 'set pgp_auto_decode=yes # decode attachments' >> /etc/Muttrc
  1682. echo 'set fcc_clear # Keep cleartext copy of sent encrypted mail' >> /etc/Muttrc
  1683. echo 'unset smime_is_default' >> /etc/Muttrc
  1684. echo '' >> /etc/Muttrc
  1685. echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc
  1686. echo 'source ~/.mutt-alias' >> /etc/Muttrc
  1687. echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc
  1688. echo 'macro index,pager A "<pipe-message>abook --add-email-quiet<return>" "add the sender address to abook"' >> /etc/Muttrc
  1689. cp -f /etc/Muttrc /home/$MY_USERNAME/.muttrc
  1690. touch /home/$MY_USERNAME/.mutt-alias
  1691. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.muttrc
  1692. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt-alias
  1693. echo 'email_client' >> $COMPLETION_FILE
  1694. }
  1695. function folders_for_mailing_lists {
  1696. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1697. return
  1698. fi
  1699. if grep -Fxq "folders_for_mailing_lists" $COMPLETION_FILE; then
  1700. return
  1701. fi
  1702. echo '#!/bin/bash' > /usr/bin/addmailinglist
  1703. echo 'MYUSERNAME=$1' >> /usr/bin/addmailinglist
  1704. echo 'MAILINGLIST=$2' >> /usr/bin/addmailinglist
  1705. echo 'SUBJECTTAG=$3' >> /usr/bin/addmailinglist
  1706. echo 'MUTTRC=/home/$MYUSERNAME/.muttrc' >> /usr/bin/addmailinglist
  1707. echo 'PM=/home/$MYUSERNAME/.procmailrc' >> /usr/bin/addmailinglist
  1708. echo 'LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST' >> /usr/bin/addmailinglist
  1709. echo '' >> /usr/bin/addmailinglist
  1710. echo '# Exit if the list was already added' >> /usr/bin/addmailinglist
  1711. echo 'if grep -q "=$MAILINGLIST" $MUTTRC; then' >> /usr/bin/addmailinglist
  1712. echo ' exit 1' >> /usr/bin/addmailinglist
  1713. echo 'fi' >> /usr/bin/addmailinglist
  1714. echo '' >> /usr/bin/addmailinglist
  1715. echo 'if ! [[ $MYUSERNAME && $MAILINGLIST && $SUBJECTTAG ]]; then' >> /usr/bin/addmailinglist
  1716. echo ' echo "mailinglistsrule [user name] [mailing list name] [subject tag]"' >> /usr/bin/addmailinglist
  1717. echo ' exit 1' >> /usr/bin/addmailinglist
  1718. echo 'fi' >> /usr/bin/addmailinglist
  1719. echo '' >> /usr/bin/addmailinglist
  1720. echo 'if [ ! -d "$LISTDIR" ]; then' >> /usr/bin/addmailinglist
  1721. echo ' mkdir -m 700 $LISTDIR' >> /usr/bin/addmailinglist
  1722. echo ' mkdir -m 700 $LISTDIR/tmp' >> /usr/bin/addmailinglist
  1723. echo ' mkdir -m 700 $LISTDIR/new' >> /usr/bin/addmailinglist
  1724. echo ' mkdir -m 700 $LISTDIR/cur' >> /usr/bin/addmailinglist
  1725. echo 'fi' >> /usr/bin/addmailinglist
  1726. echo '' >> /usr/bin/addmailinglist
  1727. echo 'chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR' >> /usr/bin/addmailinglist
  1728. echo 'echo "" >> $PM' >> /usr/bin/addmailinglist
  1729. echo 'echo ":0" >> $PM' >> /usr/bin/addmailinglist
  1730. echo 'echo " * ^Subject:.*()\[$SUBJECTTAG\]" >> $PM' >> /usr/bin/addmailinglist
  1731. echo 'echo "$LISTDIR/new" >> $PM' >> /usr/bin/addmailinglist
  1732. echo 'chown $MYUSERNAME:$MYUSERNAME $PM' >> /usr/bin/addmailinglist
  1733. echo '' >> /usr/bin/addmailinglist
  1734. echo 'if [ ! -f "$MUTTRC" ]; then' >> /usr/bin/addmailinglist
  1735. echo ' cp /etc/Muttrc $MUTTRC' >> /usr/bin/addmailinglist
  1736. echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addmailinglist
  1737. echo 'fi' >> /usr/bin/addmailinglist
  1738. echo '' >> /usr/bin/addmailinglist
  1739. echo 'PROCMAILLOG=/home/$MYUSERNAME/log' >> /usr/bin/addmailinglist
  1740. echo 'if [ ! -d $PROCMAILLOG ]; then' >> /usr/bin/addmailinglist
  1741. echo ' mkdir $PROCMAILLOG' >> /usr/bin/addmailinglist
  1742. echo ' chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG' >> /usr/bin/addmailinglist
  1743. echo 'fi' >> /usr/bin/addmailinglist
  1744. echo '' >> /usr/bin/addmailinglist
  1745. echo 'MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /usr/bin/addmailinglist
  1746. echo 'if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then' >> /usr/bin/addmailinglist
  1747. echo ' sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC' >> /usr/bin/addmailinglist
  1748. echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addmailinglist
  1749. echo 'fi' >> /usr/bin/addmailinglist
  1750. echo 'exit 0' >> /usr/bin/addmailinglist
  1751. chmod +x /usr/bin/addmailinglist
  1752. echo 'folders_for_mailing_lists' >> $COMPLETION_FILE
  1753. }
  1754. function folders_for_email_addresses {
  1755. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1756. return
  1757. fi
  1758. if grep -Fxq "folders_for_email_addresses" $COMPLETION_FILE; then
  1759. return
  1760. fi
  1761. echo '#!/bin/bash' > /usr/bin/addemailtofolder
  1762. echo 'MYUSERNAME=$1' >> /usr/bin/addemailtofolder
  1763. echo 'EMAILADDRESS=$2' >> /usr/bin/addemailtofolder
  1764. echo 'MAILINGLIST=$3' >> /usr/bin/addemailtofolder
  1765. echo 'MUTTRC=/home/$MYUSERNAME/.muttrc' >> /usr/bin/addemailtofolder
  1766. echo 'PM=/home/$MYUSERNAME/.procmailrc' >> /usr/bin/addemailtofolder
  1767. echo 'LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST' >> /usr/bin/addemailtofolder
  1768. echo '' >> /usr/bin/addemailtofolder
  1769. echo 'if ! [[ $MYUSERNAME && $EMAILADDRESS && $MAILINGLIST ]]; then' >> /usr/bin/addemailtofolder
  1770. echo ' echo "addemailtofolder [user name] [email address] [mailing list name]"' >> /usr/bin/addemailtofolder
  1771. echo ' exit 1' >> /usr/bin/addemailtofolder
  1772. echo 'fi' >> /usr/bin/addemailtofolder
  1773. echo '' >> /usr/bin/addemailtofolder
  1774. echo 'if [ ! -d "$LISTDIR" ]; then' >> /usr/bin/addemailtofolder
  1775. echo ' mkdir -m 700 $LISTDIR' >> /usr/bin/addemailtofolder
  1776. echo ' mkdir -m 700 $LISTDIR/tmp' >> /usr/bin/addemailtofolder
  1777. echo ' mkdir -m 700 $LISTDIR/new' >> /usr/bin/addemailtofolder
  1778. echo ' mkdir -m 700 $LISTDIR/cur' >> /usr/bin/addemailtofolder
  1779. echo 'fi' >> /usr/bin/addemailtofolder
  1780. echo 'chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR' >> /usr/bin/addemailtofolder
  1781. echo 'echo "" >> $PM' >> /usr/bin/addemailtofolder
  1782. echo 'echo ":0" >> $PM' >> /usr/bin/addemailtofolder
  1783. echo 'echo " * ^From: $EMAILADDRESS" >> $PM' >> /usr/bin/addemailtofolder
  1784. echo 'echo "$LISTDIR/new" >> $PM' >> /usr/bin/addemailtofolder
  1785. echo 'chown $MYUSERNAME:$MYUSERNAME $PM' >> /usr/bin/addemailtofolder
  1786. echo 'if [ ! -f "$MUTTRC" ]; then' >> /usr/bin/addemailtofolder
  1787. echo ' cp /etc/Muttrc $MUTTRC' >> /usr/bin/addemailtofolder
  1788. echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addemailtofolder
  1789. echo 'fi' >> /usr/bin/addemailtofolder
  1790. echo 'PROCMAILLOG=/home/$MYUSERNAME/log' >> /usr/bin/addemailtofolder
  1791. echo 'if [ ! -d $PROCMAILLOG ]; then' >> /usr/bin/addemailtofolder
  1792. echo ' mkdir $PROCMAILLOG' >> /usr/bin/addemailtofolder
  1793. echo ' chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG' >> /usr/bin/addemailtofolder
  1794. echo 'fi' >> /usr/bin/addemailtofolder
  1795. echo 'MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)' >> /usr/bin/addemailtofolder
  1796. echo 'if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then' >> /usr/bin/addemailtofolder
  1797. echo ' if ! grep -q "=$MAILINGLIST" $MUTTRC; then' >> /usr/bin/addemailtofolder
  1798. echo ' sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC' >> /usr/bin/addemailtofolder
  1799. echo ' chown $MYUSERNAME:$MYUSERNAME $MUTTRC' >> /usr/bin/addemailtofolder
  1800. echo ' fi' >> /usr/bin/addemailtofolder
  1801. echo 'fi' >> /usr/bin/addemailtofolder
  1802. echo 'exit 0' >> /usr/bin/addemailtofolder
  1803. chmod +x /usr/bin/addemailtofolder
  1804. echo 'folders_for_email_addresses' >> $COMPLETION_FILE
  1805. }
  1806. function dynamic_dns_freedns {
  1807. if grep -Fxq "dynamic_dns_freedns" $COMPLETION_FILE; then
  1808. return
  1809. fi
  1810. echo '#!/bin/bash' > /usr/bin/dynamicdns
  1811. echo '# subdomain name 1' >> /usr/bin/dynamicdns
  1812. echo "wget -O - https://freedns.afraid.org/dynamic/update.php?$FREEDNS_SUBDOMAIN_CODE== >> /dev/null 2>&1" >> /usr/bin/dynamicdns
  1813. echo '# add any other subdomains below' >> /usr/bin/dynamicdns
  1814. chmod 600 /usr/bin/dynamicdns
  1815. chmod +x /usr/bin/dynamicdns
  1816. if ! grep -q "dynamicdns" /etc/crontab; then
  1817. sed -i '/# m h dom mon dow user command/a\*/5 * * * * root /usr/bin/timeout 240 /usr/bin/dynamicdns' /etc/crontab
  1818. fi
  1819. service cron restart
  1820. echo 'dynamic_dns_freedns' >> $COMPLETION_FILE
  1821. }
  1822. function create_public_mailing_list {
  1823. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1824. return
  1825. fi
  1826. if grep -Fxq "create_public_mailing_list" $COMPLETION_FILE; then
  1827. return
  1828. fi
  1829. if [ ! $PUBLIC_MAILING_LIST ]; then
  1830. return
  1831. fi
  1832. # does the mailing list have a separate domain name?
  1833. if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then
  1834. PUBLIC_MAILING_LIST_DOMAIN_NAME=$DOMAIN_NAME
  1835. fi
  1836. PUBLIC_MAILING_LIST_USER="mlmmj"
  1837. apt-get -y --force-yes install mlmmj
  1838. adduser --system $PUBLIC_MAILING_LIST_USER
  1839. addgroup $PUBLIC_MAILING_LIST_USER
  1840. adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER
  1841. echo ''
  1842. echo "Creating the $PUBLIC_MAILING_LIST mailing list"
  1843. echo ''
  1844. # create the list
  1845. mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER
  1846. echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros
  1847. echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
  1848. echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
  1849. # router
  1850. echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1851. echo ' debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1852. echo ' driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1853. echo ' domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1854. echo ' #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1855. echo ' # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1856. echo ' # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1857. echo ' require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1858. echo ' local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1859. echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1860. echo ' headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1861. echo ' headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1862. echo ' transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
  1863. # transport
  1864. echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  1865. echo ' debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  1866. echo ' driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  1867. echo ' return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  1868. echo ' user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  1869. echo ' group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  1870. echo ' home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  1871. echo ' current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  1872. echo ' command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
  1873. if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
  1874. sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
  1875. fi
  1876. if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
  1877. sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
  1878. fi
  1879. if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
  1880. sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
  1881. fi
  1882. if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
  1883. sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
  1884. fi
  1885. if ! grep -q "! +mlmmj_domains" /etc/exim4/conf.d/router/200_exim4-config_primary; then
  1886. sed -i 's/domains = ! +local_domains/domains = ! +mlmmj_domains : ! +local_domains/g' /etc/exim4/conf.d/router/200_exim4-config_primary
  1887. fi
  1888. newaliases
  1889. update-exim4.conf.template -r
  1890. update-exim4.conf
  1891. service exim4 restart
  1892. if grep -q "$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then
  1893. echo '' >> /home/$MY_USERNAME/README
  1894. echo "To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README
  1895. echo "cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DOMAIN_NAME" >> /home/$MY_USERNAME/README
  1896. fi
  1897. addmailinglist $MY_USERNAME "$PUBLIC_MAILING_LIST" "$PUBLIC_MAILING_LIST"
  1898. echo 'create_public_mailing_list' >> $COMPLETION_FILE
  1899. }
  1900. function create_private_mailing_list {
  1901. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1902. return
  1903. fi
  1904. # This installation doesn't work, results in ruby errors
  1905. # There is currently no schleuder package for Debian jessie
  1906. if grep -Fxq "create_private_mailing_list" $COMPLETION_FILE; then
  1907. return
  1908. fi
  1909. if [ ! $PRIVATE_MAILING_LIST ]; then
  1910. return
  1911. fi
  1912. if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then
  1913. echo 'The name of the private mailing list should not be the'
  1914. echo 'same as your username'
  1915. exit 10
  1916. fi
  1917. if [ ! $MY_GPG_PUBLIC_KEY ]; then
  1918. echo 'To create a private mailing list you need to specify a file'
  1919. echo 'containing your exported GPG key within MY_GPG_PUBLIC_KEY at'
  1920. echo 'the top of the script'
  1921. exit 11
  1922. fi
  1923. apt-get -y --force-yes install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev
  1924. gem install schleuder
  1925. schleuder-fix-gem-dependencies
  1926. schleuder-init-setup --gem
  1927. # NOTE: this is version number sensitive and so might need changing
  1928. ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder
  1929. sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf
  1930. sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf
  1931. schleuder-newlist $PRIVATE_MAILING_LIST@$DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_USERNAME@$DOMAIN_NAME -initmember $MY_USERNAME@$DOMAIN_NAME -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive
  1932. addemailtofolder $MY_USERNAME $PRIVATE_MAILING_LIST@$DOMAIN_NAME $PRIVATE_MAILING_LIST
  1933. echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder
  1934. echo ' debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  1935. echo ' driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  1936. echo ' local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  1937. echo ' local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  1938. echo ' domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  1939. echo ' user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  1940. echo ' group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  1941. echo ' require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  1942. echo ' transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
  1943. echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder
  1944. echo ' debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
  1945. echo ' driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
  1946. echo ' home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
  1947. echo ' command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
  1948. chown -R schleuder:schleuder /var/lib/schleuder
  1949. update-exim4.conf.template -r
  1950. update-exim4.conf
  1951. service exim4 restart
  1952. useradd -d /var/schleuderlists -s /bin/false schleuder
  1953. adduser Debian-exim schleuder
  1954. usermod -a -G mail schleuder
  1955. #exim -d -bt $PRIVATE_MAILING_LIST@$DOMAIN_NAME
  1956. echo 'create_private_mailing_list' >> $COMPLETION_FILE
  1957. }
  1958. function import_email {
  1959. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
  1960. return
  1961. fi
  1962. EMAIL_COMPLETE_MSG=' *** Freedombone mailbox installation is complete ***'
  1963. if grep -Fxq "import_email" $COMPLETION_FILE; then
  1964. if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
  1965. create_backup_script
  1966. create_restore_script
  1967. backup_to_friends_servers
  1968. echo ''
  1969. echo "$EMAIL_COMPLETE_MSG"
  1970. if [ -d $USB_MOUNT ]; then
  1971. umount $USB_MOUNT
  1972. rm -rf $USB_MOUNT
  1973. echo ' You can now remove the USB drive'
  1974. fi
  1975. exit 0
  1976. fi
  1977. return
  1978. fi
  1979. if [ $IMPORT_MAILDIR ]; then
  1980. if [ -d $IMPORT_MAILDIR ]; then
  1981. echo 'Transfering email files'
  1982. cp -r $IMPORT_MAILDIR /home/$MY_USERNAME
  1983. chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
  1984. else
  1985. echo "Email import directory $IMPORT_MAILDIR not found"
  1986. exit 9
  1987. fi
  1988. fi
  1989. echo 'import_email' >> $COMPLETION_FILE
  1990. if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
  1991. create_backup_script
  1992. create_restore_script
  1993. backup_to_friends_servers
  1994. apt-get -y --force-yes autoremove
  1995. # unmount any attached usb drive
  1996. echo ''
  1997. echo "$EMAIL_COMPLETE_MSG"
  1998. echo ''
  1999. if [ -d $USB_MOUNT ]; then
  2000. umount $USB_MOUNT
  2001. rm -rf $USB_MOUNT
  2002. echo ' You can now remove the USB drive'
  2003. fi
  2004. exit 0
  2005. fi
  2006. }
  2007. function install_web_server {
  2008. if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
  2009. return
  2010. fi
  2011. if grep -Fxq "install_web_server" $COMPLETION_FILE; then
  2012. return
  2013. fi
  2014. # remove apache
  2015. apt-get -y remove --purge apache2
  2016. if [ -d /etc/apache2 ]; then
  2017. rm -rf /etc/apache2
  2018. fi
  2019. # install nginx
  2020. apt-get -y --force-yes install nginx php5-fpm git
  2021. if [ ! -d /etc/nginx ]; then
  2022. echo "ERROR: nginx does not appear to have installed. $CHECK_MESSAGE"
  2023. exit 51
  2024. fi
  2025. # install a script to easily enable and disable nginx virtual hosts
  2026. if [ ! -d $INSTALL_DIR ]; then
  2027. mkdir $INSTALL_DIR
  2028. fi
  2029. cd $INSTALL_DIR
  2030. git clone https://github.com/perusio/nginx_ensite
  2031. cd $INSTALL_DIR/nginx_ensite
  2032. cp nginx_* /usr/sbin
  2033. nginx_dissite default
  2034. echo 'install_web_server' >> $COMPLETION_FILE
  2035. }
  2036. function configure_php {
  2037. sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini
  2038. sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
  2039. sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/cli/php.ini
  2040. sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php5/fpm/php.ini
  2041. sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php5/fpm/php.ini
  2042. }
  2043. function install_owncloud {
  2044. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
  2045. return
  2046. fi
  2047. OWNCLOUD_COMPLETION_MSG1=" *** Freedombone $SYSTEM_TYPE is now installed ***"
  2048. OWNCLOUD_COMPLETION_MSG2="Open $OWNCLOUD_DOMAIN_NAME in a web browser to complete the setup"
  2049. if grep -Fxq "install_owncloud" $COMPLETION_FILE; then
  2050. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
  2051. create_backup_script
  2052. create_restore_script
  2053. backup_to_friends_servers
  2054. apt-get -y --force-yes autoremove
  2055. # unmount any attached usb drive
  2056. if [ -d $USB_MOUNT ]; then
  2057. umount $USB_MOUNT
  2058. rm -rf $USB_MOUNT
  2059. fi
  2060. echo ''
  2061. echo "$OWNCLOUD_COMPLETION_MSG1"
  2062. echo "$OWNCLOUD_COMPLETION_MSG2"
  2063. exit 0
  2064. fi
  2065. return
  2066. fi
  2067. # if this is exclusively a cloud setup
  2068. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
  2069. OWNCLOUD_DOMAIN_NAME=$DOMAIN_NAME
  2070. OWNCLOUD_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE
  2071. fi
  2072. if [ ! $OWNCLOUD_DOMAIN_NAME ]; then
  2073. return
  2074. fi
  2075. if ! [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
  2076. if [ ! $SYSTEM_TYPE ]; then
  2077. return
  2078. fi
  2079. fi
  2080. apt-get -y --force-yes install php5 php5-gd php-xml-parser php5-intl wget
  2081. apt-get -y --force-yes install php5-sqlite php5-mysql smbclient curl libcurl3 php5-curl bzip2
  2082. if [ ! -d /var/www/$OWNCLOUD_DOMAIN_NAME ]; then
  2083. mkdir /var/www/$OWNCLOUD_DOMAIN_NAME
  2084. mkdir /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
  2085. fi
  2086. echo 'server {' > /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2087. echo ' listen 80;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2088. echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2089. echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2090. echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2091. echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2092. echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2093. echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2094. echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2095. echo ' ssl on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2096. echo " ssl_certificate /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2097. echo " ssl_certificate_key /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2098. echo " ssl_dhparam /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2099. echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2100. echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2101. echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2102. echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2103. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2104. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2105. echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2106. echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2107. echo ' # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2108. echo ' # add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2109. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2110. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2111. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2112. echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2113. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2114. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2115. echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2116. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2117. echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2118. echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2119. echo ' rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2120. echo ' rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2121. echo ' index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2122. echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2123. echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2124. echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2125. echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2126. echo ' log_not_found off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2127. echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2128. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2129. echo ' location ~ ^/(data|config|\.ht|db_structure\.xml|README) {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2130. echo ' deny all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2131. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2132. echo ' location / {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2133. echo ' # The following 2 rules are only needed with webfinger' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2134. echo ' rewrite ^/.well-known/host-meta /public.php?service=host-meta last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2135. echo ' rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2136. echo ' rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2137. echo ' rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2138. echo ' rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2139. echo ' try_files $uri $uri/ index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2140. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2141. echo ' location ~ ^(.+?\.php)(/.*)?$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2142. echo ' try_files $1 =404;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2143. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2144. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2145. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2146. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2147. echo ' fastcgi_param SCRIPT_FILENAME $document_root$1;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2148. echo ' fastcgi_param PATH_INFO $2;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2149. echo ' fastcgi_param HTTPS on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2150. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2151. echo ' # Optional: set long EXPIRES header on static assets' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2152. echo ' location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2153. echo ' expires 30d;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2154. echo " # Optional: Don't log access to assets" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2155. echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2156. echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2157. echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
  2158. configure_php
  2159. if [ ! -f /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key ]; then
  2160. makecert $OWNCLOUD_DOMAIN_NAME
  2161. fi
  2162. # download owncloud
  2163. cd $INSTALL_DIR
  2164. if [ ! -f $INSTALL_DIR/$OWNCLOUD_ARCHIVE ]; then
  2165. wget $OWNCLOUD_DOWNLOAD
  2166. fi
  2167. if [ ! -f $INSTALL_DIR/$OWNCLOUD_ARCHIVE ]; then
  2168. echo 'Owncloud could not be downloaded. Check that it exists at '
  2169. echo $OWNCLOUD_DOWNLOAD
  2170. echo 'And if neccessary update the version number and hash within this script'
  2171. exit 18
  2172. fi
  2173. # Check that the hash is correct
  2174. CHECKSUM=$(sha256sum $OWNCLOUD_ARCHIVE | awk -F ' ' '{print $1}')
  2175. if [[ $CHECKSUM != $OWNCLOUD_HASH ]]; then
  2176. echo 'The sha256 hash of the owncloud download is incorrect. Possibly the file may have been tampered with. Check the hash on the Owncloud web site.'
  2177. echo $CHECKSUM
  2178. echo $OWNCLOUD_HASH
  2179. exit 19
  2180. fi
  2181. tar -xjf $OWNCLOUD_ARCHIVE
  2182. echo 'Copying files...'
  2183. cp -r owncloud/* /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
  2184. chown -R www-data:www-data /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs/apps
  2185. chown -R www-data:www-data /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs/config
  2186. chown www-data:www-data /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs
  2187. nginx_ensite $OWNCLOUD_DOMAIN_NAME
  2188. service php5-fpm restart
  2189. service nginx restart
  2190. # update the dynamic DNS
  2191. if [ $OWNCLOUD_FREEDNS_SUBDOMAIN_CODE ]; then
  2192. if [[ $OWNCLOUD_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ]]; then
  2193. if ! grep -q "$OWNCLOUD_DOMAIN_NAME" /usr/bin/dynamicdns; then
  2194. echo "# $OWNCLOUD_DOMAIN_NAME" >> /usr/bin/dynamicdns
  2195. echo "wget -O - https://freedns.afraid.org/dynamic/update.php?$OWNCLOUD_FREEDNS_SUBDOMAIN_CODE== >> /dev/null 2>&1" >> /usr/bin/dynamicdns
  2196. fi
  2197. fi
  2198. else
  2199. echo 'WARNING: No freeDNS subdomain code given for Owncloud. It is assumed that you are using some other dynamic DNS provider.'
  2200. fi
  2201. OWNCLOUD_INSTALLED="yes"
  2202. echo 'install_owncloud' >> $COMPLETION_FILE
  2203. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
  2204. create_backup_script
  2205. create_restore_script
  2206. backup_to_friends_servers
  2207. apt-get -y --force-yes autoremove
  2208. # unmount any attached usb drive
  2209. if [ -d $USB_MOUNT ]; then
  2210. umount $USB_MOUNT
  2211. rm -rf $USB_MOUNT
  2212. fi
  2213. echo ''
  2214. echo "$OWNCLOUD_COMPLETION_MSG1"
  2215. echo "$OWNCLOUD_COMPLETION_MSG2"
  2216. exit 0
  2217. fi
  2218. }
  2219. function install_xmpp {
  2220. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
  2221. return
  2222. fi
  2223. if grep -Fxq "install_xmpp" $COMPLETION_FILE; then
  2224. return
  2225. fi
  2226. apt-get -y --force-yes install prosody
  2227. if [ ! -d /etc/prosody ]; then
  2228. echo "ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
  2229. exit 52
  2230. fi
  2231. if [ ! -f "/etc/ssl/private/xmpp.key" ]; then
  2232. makecert xmpp
  2233. fi
  2234. chown prosody:prosody /etc/ssl/private/xmpp.key
  2235. chown prosody:prosody /etc/ssl/certs/xmpp.*
  2236. cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
  2237. sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
  2238. sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
  2239. if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
  2240. sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
  2241. fi
  2242. sed -i "s/example.com/$DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
  2243. sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
  2244. if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
  2245. echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  2246. echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  2247. echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  2248. echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  2249. echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  2250. echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  2251. echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  2252. echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  2253. echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  2254. echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  2255. fi
  2256. ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
  2257. sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
  2258. sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
  2259. if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
  2260. sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
  2261. fi
  2262. sed -i 's/c2s_require_encryption = false/c2s_require_encryption = true/g' /etc/prosody/prosody.cfg.lua
  2263. if ! grep -q "s2s_require_encryption" /etc/prosody/prosody.cfg.lua; then
  2264. sed -i '/c2s_require_encryption/a\s2s_require_encryption = true' /etc/prosody/prosody.cfg.lua
  2265. fi
  2266. if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/prosody.cfg.lua; then
  2267. echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
  2268. fi
  2269. sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
  2270. sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
  2271. sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
  2272. sed -i 's/example.com/$DOMAIN_NAME/g' /etc/prosody/prosody.cfg.lua
  2273. service prosody restart
  2274. touch /home/$MY_USERNAME/README
  2275. if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then
  2276. XMPP_PASSWORD=$(openssl rand -base64 8)
  2277. prosodyctl register $MY_USERNAME $DOMAIN_NAME $XMPP_PASSWORD
  2278. echo "Your XMPP password is: $XMPP_PASSWORD" >> /home/$MY_USERNAME/README
  2279. echo 'You can change it with: ' >> /home/$MY_USERNAME/README
  2280. echo '' >> /home/$MY_USERNAME/README
  2281. echo " prosodyctl passwd $MY_USERNAME@$DOMAIN_NAME" >> /home/$MY_USERNAME/README
  2282. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  2283. fi
  2284. echo 'install_xmpp' >> $COMPLETION_FILE
  2285. }
  2286. function install_irc_server {
  2287. if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
  2288. return
  2289. fi
  2290. if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
  2291. return
  2292. fi
  2293. apt-get -y --force-yes install ngircd
  2294. if [ ! -d /etc/ngircd ]; then
  2295. echo "ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
  2296. exit 53
  2297. fi
  2298. if [ ! "/etc/ssl/private/ngircd.key" ]; then
  2299. makecert ngircd
  2300. fi
  2301. echo '**************************************************' > /etc/ngircd/motd
  2302. echo '* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd
  2303. echo '* *' >> /etc/ngircd/motd
  2304. echo '* Freedom in the Cloud *' >> /etc/ngircd/motd
  2305. echo '**************************************************' >> /etc/ngircd/motd
  2306. sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
  2307. sed -i "s/irc@irc.example.com/$MY_USERNAME@$DOMAIN_NAME/g" /etc/ngircd/ngircd.conf
  2308. sed -i "s/irc.example.net/$DOMAIN_NAME/g" /etc/ngircd/ngircd.conf
  2309. sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DOMAIN_NAME|g" /etc/ngircd/ngircd.conf
  2310. sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
  2311. sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
  2312. sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
  2313. sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
  2314. sed -i 's/;Ports = 6697, 9999/Ports = 6697, 9999/g' /etc/ngircd/ngircd.conf
  2315. sed -i 's/;Name = #ngircd/Name = #freedombone/g' /etc/ngircd/ngircd.conf
  2316. sed -i 's/;Topic = Our ngircd testing channel/Topic = Freedombone chat channel/g' /etc/ngircd/ngircd.conf
  2317. sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
  2318. sed -i 's|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#freedombone.key|g' /etc/ngircd/ngircd.conf
  2319. sed -i 's/;CloakHost = cloaked.host/CloakHost = cloaked.host/g' /etc/ngircd/ngircd.conf
  2320. IRC_SALT=$(openssl rand -base64 32)
  2321. IRC_OPERATOR_PASSWORD=$(openssl rand -base64 8)
  2322. sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
  2323. sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
  2324. sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
  2325. sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
  2326. sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
  2327. sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
  2328. service ngircd restart
  2329. echo 'install_irc_server' >> $COMPLETION_FILE
  2330. }
  2331. function install_wiki {
  2332. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
  2333. return
  2334. fi
  2335. if grep -Fxq "install_wiki" $COMPLETION_FILE; then
  2336. return
  2337. fi
  2338. # if everything is being installed or if this is exclusively a writer setup
  2339. if [[ ! $SYSTEM_TYPE || $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then
  2340. WIKI_DOMAIN_NAME=$DOMAIN_NAME
  2341. WIKI_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE
  2342. fi
  2343. if [ ! $WIKI_DOMAIN_NAME ]; then
  2344. return
  2345. fi
  2346. apt-get -y --force-yes install php5 php5-gd php-xml-parser php5-intl wget
  2347. apt-get -y --force-yes install php5-sqlite php5-mysql smbclient curl libcurl3 php5-curl bzip2
  2348. if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
  2349. mkdir /var/www/$WIKI_DOMAIN_NAME
  2350. fi
  2351. if [ ! -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
  2352. mkdir /var/www/$WIKI_DOMAIN_NAME/htdocs
  2353. fi
  2354. if [ ! -f /etc/ssl/private/$WIKI_DOMAIN_NAME.key ]; then
  2355. makecert $WIKI_DOMAIN_NAME
  2356. fi
  2357. # download the archive
  2358. cd $INSTALL_DIR
  2359. if [ ! -f $INSTALL_DIR/$WIKI_ARCHIVE ]; then
  2360. wget $WIKI_DOWNLOAD
  2361. fi
  2362. if [ ! -f $INSTALL_DIR/$WIKI_ARCHIVE ]; then
  2363. echo 'Dokuwiki could not be downloaded. Check that it exists at '
  2364. echo $WIKI_DOWNLOAD
  2365. echo 'And if neccessary update the version number and hash within this script'
  2366. exit 18
  2367. fi
  2368. # Check that the hash is correct
  2369. CHECKSUM=$(sha256sum $WIKI_ARCHIVE | awk -F ' ' '{print $1}')
  2370. if [[ $CHECKSUM != $WIKI_HASH ]]; then
  2371. echo 'The sha256 hash of the Dokuwiki download is incorrect. Possibly the file may have been tampered with. Check the hash on the Dokuwiki web site.'
  2372. echo $CHECKSUM
  2373. echo $WIKI_HASH
  2374. exit 21
  2375. fi
  2376. tar -xzvf $WIKI_ARCHIVE
  2377. cd dokuwiki-*
  2378. mv * /var/www/$WIKI_DOMAIN_NAME/htdocs/
  2379. chmod -R 755 /var/www/$WIKI_DOMAIN_NAME/htdocs
  2380. chown -R www-data:www-data /var/www/$WIKI_DOMAIN_NAME/htdocs
  2381. if ! grep -q "video/ogg" /var/www/$WIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
  2382. echo 'ogv video/ogg' >> /var/www/$WIKI_DOMAIN_NAME/htdocs/conf/mime.conf
  2383. echo 'mp4 video/mp4' >> /var/www/$WIKI_DOMAIN_NAME/htdocs/conf/mime.conf
  2384. echo 'webm video/webm' >> /var/www/$WIKI_DOMAIN_NAME/htdocs/conf/mime.conf
  2385. fi
  2386. echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2387. echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2388. echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2389. echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2390. echo " error_log /var/www/$WIKI_DOMAIN_NAME/error.log;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2391. echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2392. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2393. echo ' # Uncomment this if you need to redirect HTTP to HTTPS' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2394. echo ' #rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2395. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2396. echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2397. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2398. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2399. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2400. echo ' location ~ \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2401. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2402. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2403. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2404. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2405. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2406. echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2407. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2408. echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2409. echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2410. echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2411. echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2412. echo " error_log /var/www/$WIKI_DOMAIN_NAME/error_ssl.log;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2413. echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2414. echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2415. echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2416. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2417. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2418. echo ' ssl on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2419. echo " ssl_certificate /etc/ssl/certs/$WIKI_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2420. echo " ssl_certificate_key /etc/ssl/private/$WIKI_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2421. echo " ssl_dhparam /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2422. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2423. echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2424. echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2425. echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2426. echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2427. echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2428. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2429. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2430. echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2431. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2432. echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2433. echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2434. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2435. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2436. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2437. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2438. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2439. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2440. echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2441. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2442. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2443. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2444. echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2445. echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2446. echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2447. echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2448. echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2449. echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2450. echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2451. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2452. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2453. echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2454. echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2455. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2456. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2457. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2458. echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2459. echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2460. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2461. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2462. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2463. echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2464. echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2465. echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2466. echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2467. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2468. echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2469. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2470. echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2471. echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2472. echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2473. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2474. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2475. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2476. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2477. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2478. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2479. echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2480. echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2481. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2482. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2483. echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2484. echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2485. echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2486. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2487. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2488. echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2489. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2490. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2491. echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2492. echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2493. echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2494. echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
  2495. configure_php
  2496. nginx_ensite $WIKI_DOMAIN_NAME
  2497. service php5-fpm restart
  2498. service nginx restart
  2499. # update the dynamic DNS
  2500. if [ $WIKI_FREEDNS_SUBDOMAIN_CODE ]; then
  2501. if [[ $WIKI_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ]]; then
  2502. if ! grep -q "$WIKI_DOMAIN_NAME" /usr/bin/dynamicdns; then
  2503. echo "# $WIKI_DOMAIN_NAME" >> /usr/bin/dynamicdns
  2504. echo "wget -O - https://freedns.afraid.org/dynamic/update.php?$WIKI_FREEDNS_SUBDOMAIN_CODE== >> /dev/null 2>&1" >> /usr/bin/dynamicdns
  2505. fi
  2506. fi
  2507. else
  2508. echo 'WARNING: No freeDNS subdomain code given for wiki installation. It is assumed that you are using some other dynamic DNS provider.'
  2509. fi
  2510. # add some post-install instructions
  2511. if ! grep -q "Once you have set up the wiki" /home/$MY_USERNAME/README; then
  2512. echo '' >> /home/$MY_USERNAME/README
  2513. echo 'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
  2514. echo '' >> /home/$MY_USERNAME/README
  2515. echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
  2516. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  2517. fi
  2518. WIKI_INSTALLED="yes"
  2519. echo 'install_wiki' >> $COMPLETION_FILE
  2520. }
  2521. function install_blog {
  2522. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
  2523. return
  2524. fi
  2525. if grep -Fxq "install_blog" $COMPLETION_FILE; then
  2526. return
  2527. fi
  2528. # if everything is being installed or if this is exclusively a writer setup
  2529. if [[ ! $SYSTEM_TYPE || $SYSTEM_TYPE == "$VARIANT_WRITER" ]]; then
  2530. WIKI_DOMAIN_NAME=$DOMAIN_NAME
  2531. WIKI_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE
  2532. fi
  2533. if [ ! $WIKI_DOMAIN_NAME ]; then
  2534. return
  2535. fi
  2536. apt-get -y --force-yes install unzip
  2537. # download mnml-blog
  2538. cd $INSTALL_DIR
  2539. rm -f latest
  2540. wget $WIKI_MNML_BLOG_ADDON
  2541. if [ ! -f "$INSTALL_DIR/latest" ]; then
  2542. echo 'Dokuwiki mnml-blog addon could not be downloaded. Check the Dokuwiki web site and alter WIKI_MNML_BLOG_ADDON at the top of this script as needed.'
  2543. exit 21
  2544. fi
  2545. mv latest $WIKI_MNML_BLOG_ADDON_ARCHIVE
  2546. # Check that the mnml-blog download hash is correct
  2547. CHECKSUM=$(sha256sum $WIKI_MNML_BLOG_ADDON_ARCHIVE | awk -F ' ' '{print $1}')
  2548. if [[ $CHECKSUM != $WIKI_MNML_BLOG_ADDON_HASH ]]; then
  2549. echo 'The sha256 hash of the mnml-blog download is incorrect. Possibly the file may have been tampered with. Check the hash on the Dokuwiki mnmlblog web site and alter WIKI_MNML_BLOG_ADDON_HASH if needed.'
  2550. echo $CHECKSUM
  2551. echo $WIKI_MNML_BLOG_ADDON_HASH
  2552. exit 22
  2553. fi
  2554. # download blogTNG
  2555. wget $WIKI_BLOGTNG_ADDON
  2556. if [ ! -f "$INSTALL_DIR/master" ]; then
  2557. echo 'Dokuwiki blogTNG addon could not be downloaded. Check the Dokuwiki web site and alter WIKI_BLOGTNG_ADDON at the top of this script as needed.'
  2558. exit 23
  2559. fi
  2560. mv master $WIKI_BLOGTNG_ADDON_ARCHIVE
  2561. # Check that the blogTNG hash is correct
  2562. CHECKSUM=$(sha256sum $WIKI_BLOGTNG_ADDON_ARCHIVE | awk -F ' ' '{print $1}')
  2563. if [[ $CHECKSUM != $WIKI_BLOGTNG_ADDON_HASH ]]; then
  2564. echo 'The sha256 hash of the blogTNG download is incorrect. Possibly the file may have been tampered with. Check the hash on the Dokuwiki blogTNG web site and alter WIKI_BLOGTNG_ADDON_HASH if needed.'
  2565. echo $CHECKSUM
  2566. echo $WIKI_BLOGTNG_ADDON_HASH
  2567. exit 24
  2568. fi
  2569. # download dokuwiki sqlite plugin
  2570. wget $WIKI_SQLITE_ADDON
  2571. if [ ! -f "$INSTALL_DIR/master" ]; then
  2572. echo 'Dokuwiki sqlite addon could not be downloaded. Check the Dokuwiki web site and alter WIKI_SQLITE_ADDON at the top of this script as needed.'
  2573. exit 25
  2574. fi
  2575. mv master $WIKI_SQLITE_ADDON_ARCHIVE
  2576. # Check that the sqlite plugin hash is correct
  2577. CHECKSUM=$(sha256sum $WIKI_SQLITE_ADDON_ARCHIVE | awk -F ' ' '{print $1}')
  2578. if [[ $CHECKSUM != $WIKI_SQLITE_ADDON_HASH ]]; then
  2579. echo 'The sha256 hash of the Dokuwiki sqlite download is incorrect. Possibly the file may have been tampered with. Check the hash on the Dokuwiki sqlite plugin web site and alter WIKI_SQLITE_ADDON_HASH if needed.'
  2580. echo $CHECKSUM
  2581. echo $WIKI_SQLITE_ADDON_HASH
  2582. exit 26
  2583. fi
  2584. # install dokuwiki sqlite plugin
  2585. tar -xzvf $WIKI_SQLITE_ADDON_ARCHIVE
  2586. if [ -d "$INSTALL_DIR/sqlite" ]; then
  2587. rm -rf $INSTALL_DIR/sqlite
  2588. fi
  2589. mv $WIKI_SQLITE_ADDON_NAME sqlite
  2590. cp -r sqlite /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/plugins/
  2591. # install blogTNG
  2592. if [ -d "$INSTALL_DIR/$WIKI_BLOGTNG_ADDON_NAME" ]; then
  2593. rm -rf $INSTALL_DIR/$WIKI_BLOGTNG_ADDON_NAME
  2594. fi
  2595. unzip $WIKI_BLOGTNG_ADDON_ARCHIVE
  2596. if [ -d "$INSTALL_DIR/blogtng" ]; then
  2597. rm -rf $INSTALL_DIR/blogtng
  2598. fi
  2599. mv $WIKI_BLOGTNG_ADDON_NAME blogtng
  2600. cp -r blogtng /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/plugins/
  2601. # install mnml-blog
  2602. tar -xzvf $WIKI_MNML_BLOG_ADDON_ARCHIVE
  2603. cp -r mnml-blog /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/tpl
  2604. cp -r /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/tpl/mnml-blog/blogtng-tpl/* /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/plugins/blogtng/tpl/default/
  2605. # make a "freedombone" template so that if the default template gets
  2606. # changed after an upgrade to blogTNG this doesn't necessarily change the appearance
  2607. cp -r /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/plugins/blogtng/tpl/default /var/www/$WIKI_DOMAIN_NAME/htdocs/lib/plugins/blogtng/tpl/freedombone
  2608. if ! grep -q "To set up your blog" /home/$MY_USERNAME/README; then
  2609. echo '' >> /home/$MY_USERNAME/README
  2610. echo "To set up your blog go to" >> /home/$MY_USERNAME/README
  2611. echo "https://$WIKI_DOMAIN_NAME/doku.php?id=start&do=admin&page=config" >> /home/$MY_USERNAME/README
  2612. echo 'and set the template to mnml-blog' >> /home/$MY_USERNAME/README
  2613. echo '' >> /home/$MY_USERNAME/README
  2614. echo 'To edit things on the right hand sidebar (links, blogroll, etc) go to' >> /home/$MY_USERNAME/README
  2615. echo "https://$WIKI_DOMAIN_NAME/doku.php?id=wiki:navigation_sidebar" >> /home/$MY_USERNAME/README
  2616. echo 'and edit the page' >> /home/$MY_USERNAME/README
  2617. echo '' >> /home/$MY_USERNAME/README
  2618. echo 'To edit things to a header bar (home, contacts, etc) go to' >> /home/$MY_USERNAME/README
  2619. echo "https://$WIKI_DOMAIN_NAME/doku.php?id=wiki:navigation_header" >> /home/$MY_USERNAME/README
  2620. echo 'and select the "create this page" at the bottom.' >> /home/$MY_USERNAME/README
  2621. echo 'You can then add somethething like:' >> /home/$MY_USERNAME/README
  2622. echo ' * [[:start|Home]]' >> /home/$MY_USERNAME/README
  2623. echo ' * [[:wiki|Wiki]]' >> /home/$MY_USERNAME/README
  2624. echo ' * [[:contact|Contact]]' >> /home/$MY_USERNAME/README
  2625. echo "Go to https://$WIKI_DOMAIN_NAME/doku.php?id=start&do=admin&page=config" >> /home/$MY_USERNAME/README
  2626. echo 'and check "Show header navigation" to ensure that the header shows' >> /home/$MY_USERNAME/README
  2627. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  2628. fi
  2629. echo 'install_blog' >> $COMPLETION_FILE
  2630. }
  2631. function get_mariadb_password {
  2632. if [ -f /home/$MY_USERNAME/README ]; then
  2633. if grep -q "MariaDB password" /home/$MY_USERNAME/README; then
  2634. MARIADB_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//')
  2635. fi
  2636. fi
  2637. }
  2638. function get_mariadb_gnusocial_admin_password {
  2639. if [ -f /home/$MY_USERNAME/README ]; then
  2640. if grep -q "MariaDB gnusocial admin password" /home/$MY_USERNAME/README; then
  2641. MICROBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
  2642. fi
  2643. fi
  2644. }
  2645. function get_mariadb_redmatrix_admin_password {
  2646. if [ -f /home/$MY_USERNAME/README ]; then
  2647. if grep -q "MariaDB Red Matrix admin password" /home/$MY_USERNAME/README; then
  2648. REDMATRIX_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "MariaDB Red Matrix admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
  2649. fi
  2650. fi
  2651. }
  2652. function install_mariadb {
  2653. if grep -Fxq "install_mariadb" $COMPLETION_FILE; then
  2654. return
  2655. fi
  2656. apt-get -y --force-yes install python-software-properties debconf-utils
  2657. apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
  2658. add-apt-repository 'deb http://mariadb.biz.net.id//repo/10.1/debian sid main'
  2659. apt-get -y --force-yes install software-properties-common
  2660. apt-get -y update
  2661. get_mariadb_password
  2662. if [ ! $MARIADB_PASSWORD ]; then
  2663. MARIADB_PASSWORD=$(openssl rand -base64 32)
  2664. echo '' >> /home/$MY_USERNAME/README
  2665. echo "Your MariaDB password is: $MARIADB_PASSWORD" >> /home/$MY_USERNAME/README
  2666. echo '' >> /home/$MY_USERNAME/README
  2667. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  2668. fi
  2669. debconf-set-selections <<< "mariadb-server mariadb-server/root_password password $MARIADB_PASSWORD"
  2670. debconf-set-selections <<< "mariadb-server mariadb-server/root_password_again password $MARIADB_PASSWORD"
  2671. apt-get -y --force-yes install mariadb-server
  2672. if [ ! -d /etc/mysql ]; then
  2673. echo "ERROR: mariadb-server does not appear to have installed. $CHECK_MESSAGE"
  2674. exit 54
  2675. fi
  2676. mysqladmin -u root password "$MARIADB_PASSWORD"
  2677. echo 'install_mariadb' >> $COMPLETION_FILE
  2678. }
  2679. function install_gnu_social {
  2680. if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
  2681. return
  2682. fi
  2683. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
  2684. return
  2685. fi
  2686. if [ ! $MICROBLOG_DOMAIN_NAME ]; then
  2687. return
  2688. fi
  2689. install_mariadb
  2690. get_mariadb_password
  2691. apt-get -y --force-yes install php-gettext php5-curl php5-gd php5-mysql git
  2692. if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME ]; then
  2693. mkdir /var/www/$MICROBLOG_DOMAIN_NAME
  2694. fi
  2695. if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
  2696. mkdir /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
  2697. fi
  2698. if [ ! -f /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/index.php ]; then
  2699. cd $INSTALL_DIR
  2700. git clone $MICROBLOG_REPO gnusocial
  2701. rm -rf /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
  2702. mv gnusocial /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
  2703. chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
  2704. chown www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
  2705. chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/avatar
  2706. chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/background
  2707. chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/file
  2708. chmod +x /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php
  2709. fi
  2710. get_mariadb_gnusocial_admin_password
  2711. if [ ! $MICROBLOG_ADMIN_PASSWORD ]; then
  2712. MICROBLOG_ADMIN_PASSWORD=$(openssl rand -base64 32)
  2713. echo '' >> /home/$MY_USERNAME/README
  2714. echo "Your MariaDB gnusocial admin password is: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
  2715. echo '' >> /home/$MY_USERNAME/README
  2716. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  2717. fi
  2718. echo "create database gnusocial;
  2719. CREATE USER 'gnusocialadmin'@'localhost' IDENTIFIED BY '$MICROBLOG_ADMIN_PASSWORD';
  2720. GRANT ALL PRIVILEGES ON gnusocial.* TO 'gnusocialadmin'@'localhost';
  2721. quit" > $INSTALL_DIR/batch.sql
  2722. chmod 600 $INSTALL_DIR/batch.sql
  2723. mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
  2724. shred -zu $INSTALL_DIR/batch.sql
  2725. if [ ! -f "/etc/aliases" ]; then
  2726. touch /etc/aliases
  2727. fi
  2728. if grep -q "www-data: root" /etc/aliases; then
  2729. echo 'www-data: root' >> /etc/aliases
  2730. fi
  2731. if grep -q "/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" /etc/aliases; then
  2732. echo "*: /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" >> /etc/aliases
  2733. fi
  2734. newaliases
  2735. # update the dynamic DNS
  2736. if [ $MICROBLOG_FREEDNS_SUBDOMAIN_CODE ]; then
  2737. if [[ $MICROBLOG_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ]]; then
  2738. if ! grep -q "$MICROBLOG_DOMAIN_NAME" /usr/bin/dynamicdns; then
  2739. echo "# $MICROBLOG_DOMAIN_NAME" >> /usr/bin/dynamicdns
  2740. echo "wget -O - https://freedns.afraid.org/dynamic/update.php?$MICROBLOG_FREEDNS_SUBDOMAIN_CODE== >> /dev/null 2>&1" >> /usr/bin/dynamicdns
  2741. fi
  2742. fi
  2743. else
  2744. echo 'WARNING: No freeDNS subdomain code given for microblog. It is assumed that you are using some other dynamic DNS provider.'
  2745. fi
  2746. echo 'server {' > /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2747. echo ' listen 80;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2748. echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2749. echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2750. echo " error_log /var/www/$MICROBLOG_DOMAIN_NAME/error.log;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2751. echo ' index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2752. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2753. echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2754. echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2755. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2756. echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2757. echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2758. echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2759. echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2760. echo " error_log /var/www/$MICROBLOG_DOMAIN_NAME/error_ssl.log;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2761. echo ' index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2762. echo ' charset utf-8;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2763. echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2764. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2765. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2766. echo ' ssl on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2767. echo " ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2768. echo " ssl_certificate_key /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2769. echo " ssl_dhparam /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2770. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2771. echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2772. echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2773. echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2774. echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2775. echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2776. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2777. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2778. echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2779. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2780. echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2781. echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2782. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2783. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2784. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2785. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2786. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2787. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2788. echo ' allow all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2789. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2790. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2791. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2792. echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2793. echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2794. echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2795. echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2796. echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2797. echo ' expires 30d;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2798. echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2799. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2800. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2801. echo ' # block these file types' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2802. echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2803. echo ' deny all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2804. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2805. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2806. echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2807. echo ' # or a unix socket' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2808. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2809. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2810. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2811. echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2812. echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2813. echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2814. echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2815. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2816. echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2817. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2818. echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2819. echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2820. echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2821. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2822. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2823. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2824. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2825. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2826. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2827. echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2828. echo ' location ~ /\. {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2829. echo ' deny all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2830. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2831. echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2832. echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2833. echo ' deny all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2834. echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2835. echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
  2836. configure_php
  2837. if [ ! -f /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key ]; then
  2838. makecert $MICROBLOG_DOMAIN_NAME
  2839. fi
  2840. nginx_ensite $MICROBLOG_DOMAIN_NAME
  2841. service php5-fpm restart
  2842. service nginx restart
  2843. # some post-install instructions for the user
  2844. if ! grep -q "To set up your microblog" /home/$MY_USERNAME/README; then
  2845. echo '' >> /home/$MY_USERNAME/README
  2846. echo "To set up your microblog go to" >> /home/$MY_USERNAME/README
  2847. echo "https://$MICROBLOG_DOMAIN_NAME/install.php" >> /home/$MY_USERNAME/README
  2848. echo 'and enter the following settings:' >> /home/$MY_USERNAME/README
  2849. echo ' - Set a name for the site' >> /home/$MY_USERNAME/README
  2850. echo ' - Server SSL: enable' >> /home/$MY_USERNAME/README
  2851. echo ' - Hostname: localhost' >> /home/$MY_USERNAME/README
  2852. echo ' - Type: MySql/MariaDB' >> /home/$MY_USERNAME/README
  2853. echo ' - Name: gnusocial' >> /home/$MY_USERNAME/README
  2854. echo ' - DB username: gnusocialadmin' >> /home/$MY_USERNAME/README
  2855. echo " - DB Password; $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
  2856. echo " - Administrator nickname: $MY_USERNAME" >> /home/$MY_USERNAME/README
  2857. echo " - Administrator password: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
  2858. echo ' - Subscribe to announcements: ticked' >> /home/$MY_USERNAME/README
  2859. echo ' - Site profile: Community' >> /home/$MY_USERNAME/README
  2860. echo '' >> /home/$MY_USERNAME/README
  2861. echo "Navigate to https://$MICROBLOG_DOMAIN_NAME and you can then " >> /home/$MY_USERNAME/README
  2862. echo 'complete the configuration via the *Admin* section on the header' >> /home/$MY_USERNAME/README
  2863. echo 'bar. Some recommended admin settings are:' >> /home/$MY_USERNAME/README
  2864. echo '' >> /home/$MY_USERNAME/README
  2865. echo 'Under the *Site* settings:' >> /home/$MY_USERNAME/README
  2866. echo ' Text limit: 140' >> /home/$MY_USERNAME/README
  2867. echo ' Dupe Limit: 60000' >> /home/$MY_USERNAME/README
  2868. echo '' >> /home/$MY_USERNAME/README
  2869. echo 'Under the *User* settings:' >> /home/$MY_USERNAME/README
  2870. echo ' Bio limit: 1000' >> /home/$MY_USERNAME/README
  2871. echo '' >> /home/$MY_USERNAME/README
  2872. echo 'Under the *Access* settings:' >> /home/$MY_USERNAME/README
  2873. echo ' /Invite only/ ticked' >> /home/$MY_USERNAME/README
  2874. echo '' >> /home/$MY_USERNAME/README
  2875. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  2876. fi
  2877. MICROBLOG_INSTALLED="yes"
  2878. echo 'install_gnu_social' >> $COMPLETION_FILE
  2879. }
  2880. function install_redmatrix {
  2881. if grep -Fxq "install_redmatrix" $COMPLETION_FILE; then
  2882. return
  2883. fi
  2884. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
  2885. return
  2886. fi
  2887. # if this is exclusively a writer setup
  2888. if [[ $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
  2889. REDMATRIX_DOMAIN_NAME=$DOMAIN_NAME
  2890. REDMATRIX_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE
  2891. fi
  2892. if [ ! $REDMATRIX_DOMAIN_NAME ]; then
  2893. return
  2894. fi
  2895. install_mariadb
  2896. get_mariadb_password
  2897. apt-get -y --force-yes install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git git
  2898. if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME ]; then
  2899. mkdir /var/www/$REDMATRIX_DOMAIN_NAME
  2900. fi
  2901. if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs ]; then
  2902. mkdir /var/www/$REDMATRIX_DOMAIN_NAME/htdocs
  2903. fi
  2904. if [ ! -f /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/index.php ]; then
  2905. cd $INSTALL_DIR
  2906. git clone $REDMATRIX_REPO redmatrix
  2907. rm -rf /var/www/$REDMATRIX_DOMAIN_NAME/htdocs
  2908. mv redmatrix /var/www/$REDMATRIX_DOMAIN_NAME/htdocs
  2909. chown -R www-data:www-data /var/www/$REDMATRIX_DOMAIN_NAME/htdocs
  2910. git clone $REDMATRIX_ADDONS_REPO /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/addon
  2911. fi
  2912. get_mariadb_redmatrix_admin_password
  2913. if [ ! $REDMATRIX_ADMIN_PASSWORD ]; then
  2914. REDMATRIX_ADMIN_PASSWORD=$(openssl rand -base64 32)
  2915. echo '' >> /home/$MY_USERNAME/README
  2916. echo "Your MariaDB Red Matrix admin password is: $REDMATRIX_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
  2917. echo '' >> /home/$MY_USERNAME/README
  2918. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  2919. fi
  2920. echo "create database redmatrix;
  2921. CREATE USER 'redmatrixadmin'@'localhost' IDENTIFIED BY '$REDMATRIX_ADMIN_PASSWORD';
  2922. GRANT ALL PRIVILEGES ON redmatrix.* TO 'redmatrixadmin'@'localhost';
  2923. quit" > $INSTALL_DIR/batch.sql
  2924. chmod 600 $INSTALL_DIR/batch.sql
  2925. mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
  2926. shred -zu $INSTALL_DIR/batch.sql
  2927. if ! grep -q "/var/www/$REDMATRIX_DOMAIN_NAME/htdocs" /etc/crontab; then
  2928. echo "12,22,32,42,52 * * * * root cd /var/www/$REDMATRIX_DOMAIN_NAME/htdocs; /usr/bin/timeout 240 /usr/bin/php include/poller.php" >> /etc/crontab
  2929. fi
  2930. # update the dynamic DNS
  2931. if [ $REDMATRIX_FREEDNS_SUBDOMAIN_CODE ]; then
  2932. if [[ $REDMATRIX_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ]]; then
  2933. if ! grep -q "$REDMATRIX_DOMAIN_NAME" /usr/bin/dynamicdns; then
  2934. echo "# $REDMATRIX_DOMAIN_NAME" >> /usr/bin/dynamicdns
  2935. echo "wget -O - https://freedns.afraid.org/dynamic/update.php?$REDMATRIX_FREEDNS_SUBDOMAIN_CODE== >> /dev/null 2>&1" >> /usr/bin/dynamicdns
  2936. fi
  2937. fi
  2938. else
  2939. echo 'WARNING: No freeDNS code given for Red Matrix. It is assumed that you are using some other dynamic DNS provider.'
  2940. fi
  2941. echo 'server {' > /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2942. echo ' listen 80;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2943. echo " server_name $REDMATRIX_DOMAIN_NAME;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2944. echo " root /var/www/$REDMATRIX_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2945. echo " error_log /var/www/$REDMATRIX_DOMAIN_NAME/error.log;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2946. echo ' index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2947. echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2948. echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2949. echo '}' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2950. echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2951. echo 'server {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2952. echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2953. echo " root /var/www/$REDMATRIX_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2954. echo " server_name $REDMATRIX_DOMAIN_NAME;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2955. echo " error_log /var/www/$REDMATRIX_DOMAIN_NAME/error_ssl.log;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2956. echo ' index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2957. echo ' charset utf-8;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2958. echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2959. echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2960. echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2961. echo ' ssl on;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2962. echo " ssl_certificate /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.crt;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2963. echo " ssl_certificate_key /etc/ssl/private/$REDMATRIX_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2964. echo " ssl_dhparam /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2965. echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2966. echo ' ssl_session_timeout 5m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2967. echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2968. echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2969. echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2970. echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2971. echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2972. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2973. echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2974. echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2975. echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2976. echo ' location / {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2977. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2978. echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2979. echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2980. echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2981. echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2982. echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2983. echo ' allow all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2984. echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2985. echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2986. echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2987. echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2988. echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2989. echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2990. echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2991. echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2992. echo ' expires 30d;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2993. echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2994. echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2995. echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2996. echo ' # block these file types' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2997. echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2998. echo ' deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  2999. echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3000. echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3001. echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3002. echo ' # or a unix socket' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3003. echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3004. echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3005. echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3006. echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3007. echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3008. echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3009. echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3010. echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3011. echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3012. echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3013. echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3014. echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3015. echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3016. echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3017. echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3018. echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3019. echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3020. echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3021. echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3022. echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3023. echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3024. echo ' location ~ /\. {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3025. echo ' deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3026. echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3027. echo '' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3028. echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3029. echo ' deny all;' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3030. echo ' }' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3031. echo '}' >> /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME
  3032. configure_php
  3033. if [ ! -f /etc/ssl/private/$REDMATRIX_DOMAIN_NAME.key ]; then
  3034. makecert $REDMATRIX_DOMAIN_NAME
  3035. fi
  3036. if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3 ]; then
  3037. mkdir /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3
  3038. fi
  3039. if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data] ]; then
  3040. mkdir /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]
  3041. fi
  3042. if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3 ]; then
  3043. mkdir /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3
  3044. chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/store/[data]/smarty3
  3045. fi
  3046. chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl
  3047. chmod 777 /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3
  3048. nginx_ensite $REDMATRIX_DOMAIN_NAME
  3049. service php5-fpm restart
  3050. service nginx restart
  3051. service cron restart
  3052. # some post-install instructions for the user
  3053. if ! grep -q "To set up your Red Matrix" /home/$MY_USERNAME/README; then
  3054. echo '' >> /home/$MY_USERNAME/README
  3055. echo "To set up your Red Matrix site go to" >> /home/$MY_USERNAME/README
  3056. echo "https://$REDMATRIX_DOMAIN_NAME" >> /home/$MY_USERNAME/README
  3057. echo 'You will need to have a non self-signed SSL certificate in order' >> /home/$MY_USERNAME/README
  3058. echo "to use Red Matrix. Put the public certificate in /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.crt" >> /home/$MY_USERNAME/README
  3059. echo "and the private certificate in /etc/ssl/private/$REDMATRIX_DOMAIN_NAME.key." >> /home/$MY_USERNAME/README
  3060. echo 'If there is an intermediate certificate needed (such as with StartSSL) then' >> /home/$MY_USERNAME/README
  3061. echo 'this will need to be concatenated onto the end of the crt file, like this:' >> /home/$MY_USERNAME/README
  3062. echo '' >> /home/$MY_USERNAME/README
  3063. echo " cat /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.crt /etc/ssl/chains/startssl-sub.class1.server.ca.pem > /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.bundle.crt" >> /home/$MY_USERNAME/README
  3064. echo '' >> /home/$MY_USERNAME/README
  3065. echo "Then change ssl_certificate to /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.bundle.crt" >> /home/$MY_USERNAME/README
  3066. echo "within /etc/nginx/sites-available/$REDMATRIX_DOMAIN_NAME" >> /home/$MY_USERNAME/README
  3067. echo '' >> /home/$MY_USERNAME/README
  3068. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  3069. fi
  3070. REDMATRIX_INSTALLED="yes"
  3071. echo 'install_redmatrix' >> $COMPLETION_FILE
  3072. }
  3073. function script_for_attaching_usb_drive {
  3074. if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
  3075. return
  3076. fi
  3077. echo '#!/bin/bash' > /usr/bin/attach-music
  3078. echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
  3079. echo " umount $USB_MOUNT" >> /usr/bin/attach-music
  3080. echo 'fi' >> /usr/bin/attach-music
  3081. echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
  3082. echo " mkdir $USB_MOUNT" >> /usr/bin/attach-music
  3083. echo 'fi' >> /usr/bin/attach-music
  3084. echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
  3085. echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
  3086. echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
  3087. echo 'minidlnad -R' >> /usr/bin/attach-music
  3088. chmod +x /usr/bin/attach-music
  3089. ln -s /usr/bin/attach-music /usr/bin/attach-usb
  3090. ln -s /usr/bin/attach-music /usr/bin/attach-videos
  3091. ln -s /usr/bin/attach-music /usr/bin/attach-pictures
  3092. ln -s /usr/bin/attach-music /usr/bin/attach-media
  3093. echo '#!/bin/bash' > /usr/bin/remove-music
  3094. echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
  3095. echo " umount $USB_MOUNT" >> /usr/bin/remove-music
  3096. echo " rm -rf $USB_MOUNT" >> /usr/bin/remove-music
  3097. echo 'fi' >> /usr/bin/remove-music
  3098. chmod +x /usr/bin/remove-music
  3099. ln -s /usr/bin/remove-music /usr/bin/detach-music
  3100. ln -s /usr/bin/remove-music /usr/bin/detach-usb
  3101. ln -s /usr/bin/remove-music /usr/bin/remove-usb
  3102. ln -s /usr/bin/remove-music /usr/bin/detach-media
  3103. ln -s /usr/bin/remove-music /usr/bin/remove-media
  3104. ln -s /usr/bin/remove-music /usr/bin/detach-videos
  3105. ln -s /usr/bin/remove-music /usr/bin/remove-videos
  3106. ln -s /usr/bin/remove-music /usr/bin/detach-pictures
  3107. ln -s /usr/bin/remove-music /usr/bin/remove-pictures
  3108. echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
  3109. }
  3110. function install_dlna_server {
  3111. if grep -Fxq "install_dlna_server" $COMPLETION_FILE; then
  3112. return
  3113. fi
  3114. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
  3115. return
  3116. fi
  3117. apt-get -y --force-yes install minidlna
  3118. if [ ! -f /etc/minidlna.conf ]; then
  3119. echo "ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
  3120. exit 55
  3121. fi
  3122. sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
  3123. if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
  3124. echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
  3125. fi
  3126. if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
  3127. echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
  3128. fi
  3129. if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
  3130. echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
  3131. fi
  3132. if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
  3133. echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
  3134. fi
  3135. if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
  3136. echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
  3137. fi
  3138. sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
  3139. sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
  3140. sed -i 's/#friendly_name=/friendly_name="Freedombone Media"/g' /etc/minidlna.conf
  3141. sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
  3142. sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
  3143. sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
  3144. service minidlna force-reload
  3145. service minidlna reload
  3146. echo 'install_dlna_server' >> $COMPLETION_FILE
  3147. }
  3148. function install_mediagoblin {
  3149. # These instructions don't work and need fixing
  3150. return
  3151. if grep -Fxq "install_mediagoblin" $COMPLETION_FILE; then
  3152. return
  3153. fi
  3154. if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
  3155. return
  3156. fi
  3157. # if this is exclusively a writer setup
  3158. if [[ $SYSTEM_TYPE == "$VARIANT_MEDIA" ]]; then
  3159. MEDIAGOBLIN_DOMAIN_NAME=$DOMAIN_NAME
  3160. MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE=$FREEDNS_SUBDOMAIN_CODE
  3161. fi
  3162. if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
  3163. return
  3164. fi
  3165. apt-get -y --force-yes install git-core python python-dev python-lxml python-imaging python-virtualenv
  3166. apt-get -y --force-yes install python-gst-1.0 libjpeg8-dev sqlite3 libapache2-mod-fcgid gstreamer1.0-plugins-base gstreamer1.0-plugins-bad gstreamer1.0-plugins-good gstreamer1.0-plugins-ugly gstreamer1.0-libav python-numpy python-scipy libsndfile1-dev
  3167. apt-get -y --force-yes install postgresql postgresql-client python-psycopg2 python-pip autotools-dev automake
  3168. sudo -u postgres createuser -A -D mediagoblin
  3169. sudo -u postgres createdb -E UNICODE -O mediagoblin mediagoblin
  3170. adduser --system mediagoblin
  3171. MEDIAGOBLIN_DOMAIN_ROOT="/srv/$MEDIAGOBLIN_DOMAIN_NAME"
  3172. MEDIAGOBLIN_PATH="$MEDIAGOBLIN_DOMAIN_ROOT/mediagoblin"
  3173. MEDIAGOBLIN_PATH_BIN="$MEDIAGOBLIN_PATH/mediagoblin/bin"
  3174. if [ ! -d $MEDIAGOBLIN_DOMAIN_ROOT ]; then
  3175. mkdir -p $MEDIAGOBLIN_DOMAIN_ROOT
  3176. fi
  3177. cd $MEDIAGOBLIN_DOMAIN_ROOT
  3178. chown -hR mediagoblin: $MEDIAGOBLIN_DOMAIN_ROOT
  3179. su -c "cd $MEDIAGOBLIN_DOMAIN_ROOT; git clone git://gitorious.org/mediagoblin/mediagoblin.git" - mediagoblin
  3180. su -c "cd $MEDIAGOBLIN_PATH; git submodule init" - mediagoblin
  3181. su -c "cd $MEDIAGOBLIN_PATH; git submodule update" - mediagoblin
  3182. #su -c 'cd $MEDIAGOBLIN_PATH; ./experimental-bootstrap.sh' - mediagoblin
  3183. #su -c 'cd $MEDIAGOBLIN_PATH; ./configure' - mediagoblin
  3184. #su -c 'cd $MEDIAGOBLIN_PATH; make' - mediagoblin
  3185. su -c "cd $MEDIAGOBLIN_PATH; virtualenv --system-site-packages ." - mediagoblin
  3186. su -c "cd $MEDIAGOBLIN_PATH_BIN; python setup.py develop" - mediagoblin
  3187. su -c "cp $MEDIAGOBLIN_PATH/mediagoblin.ini $MEDIAGOBLIN_PATH/mediagoblin_local.ini" - mediagoblin
  3188. su -c "cp $MEDIAGOBLIN_PATH/paste.ini $MEDIAGOBLIN_PATH/paste_local.ini" - mediagoblin
  3189. # update the dynamic DNS
  3190. if [ $MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE ]; then
  3191. if [[ $MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE != $FREEDNS_SUBDOMAIN_CODE ]]; then
  3192. if ! grep -q "$MEDIAGOBLIN_DOMAIN_NAME" /usr/bin/dynamicdns; then
  3193. echo "# $MEDIAGOBLIN_DOMAIN_NAME" >> /usr/bin/dynamicdns
  3194. echo "wget -O - https://freedns.afraid.org/dynamic/update.php?$MEDIAGOBLIN_FREEDNS_SUBDOMAIN_CODE== >> /dev/null 2>&1" >> /usr/bin/dynamicdns
  3195. fi
  3196. fi
  3197. else
  3198. echo 'WARNING: No freeDNS subdomain code given for mediagoblin. It is assumed that you are using some other dynamic DNS provider.'
  3199. fi
  3200. # see https://wiki.mediagoblin.org/Deployment / uwsgi with configs
  3201. apt-get -y --force-yes install uwsgi uwsgi-plugin-python nginx-full supervisor
  3202. echo 'server {' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3203. echo ' include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3204. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3205. echo ' autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3206. echo ' default_type application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3207. echo ' sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3208. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3209. echo ' # Gzip' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3210. echo ' gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3211. echo ' gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3212. echo ' gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3213. echo ' gzip_types text/plain text/html application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3214. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3215. echo " server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3216. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3217. echo ' access_log /var/log/nginx/mg.access.log;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3218. echo ' error_log /var/log/nginx/mg.error.log error;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3219. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3220. echo ' #include global/common.conf;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3221. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3222. echo ' client_max_body_size 100m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3223. echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3224. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3225. echo " root $MEDIAGOBLIN_PATH/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3226. echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3227. echo ' location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3228. echo " alias $MEDIAGOBLIN_PATH/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3229. echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3230. echo ' location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3231. echo " alias $MEDIAGOBL_PATH/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3232. echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3233. echo ' location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3234. echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3235. echo ' location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3236. echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3237. echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3238. echo ' uwsgi_pass unix:///tmp/mg.uwsgi.sock;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3239. echo ' uwsgi_param SCRIPT_NAME "/";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3240. echo ' include uwsgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3241. echo ' }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3242. echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
  3243. echo 'uwsgi:' > /etc/uwsgi/apps-available/mg.yaml
  3244. echo ' uid: mediagoblin' >> /etc/uwsgi/apps-available/mg.yaml
  3245. echo ' gid: mediagoblin' >> /etc/uwsgi/apps-available/mg.yaml
  3246. echo ' socket: /tmp/mg.uwsgi.sock' >> /etc/uwsgi/apps-available/mg.yaml
  3247. echo ' chown-socket: www-data:www-data' >> /etc/uwsgi/apps-available/mg.yaml
  3248. echo ' plugins: python' >> /etc/uwsgi/apps-available/mg.yaml
  3249. echo " home: $MEDIAGOBLIN_PATH/" >> /etc/uwsgi/apps-available/mg.yaml
  3250. echo " chdir: $MEDIAGOBLIN_PATH/" >> /etc/uwsgi/apps-available/mg.yaml
  3251. echo " ini-paste: $MEDIAGOBLIN_PATH/paste_local.ini" >> /etc/uwsgi/apps-available/mg.yaml
  3252. echo '[program:celery]' > /etc/supervisor/conf.d/mediagoblin.conf
  3253. echo "command=$MEDIAGOBLIN_PATH_BIN/celery worker -l debug" >> /etc/supervisor/conf.d/mediagoblin.conf
  3254. echo '' >> /etc/supervisor/conf.d/mediagoblin.conf
  3255. echo '; Set PYTHONPATH to the directory containing celeryconfig.py' >> /etc/supervisor/conf.d/mediagoblin.conf
  3256. echo "environment=PYTHONPATH='$MEDIAGOBLIN_PATH',MEDIAGOBLIN_CONFIG='$MEDIAGOBLIN_PATH/mediagoblin_local.ini',CELERY_CONFIG_MODULE='mediagoblin.init.celery.from_celery'" >> /etc/supervisor/conf.d/mediagoblin.conf
  3257. echo '' >> /etc/supervisor/conf.d/mediagoblin.conf
  3258. echo "directory=$MEDIAGOBLIN_PATH/" >> /etc/supervisor/conf.d/mediagoblin.conf
  3259. echo 'user=mediagoblin' >> /etc/supervisor/conf.d/mediagoblin.conf
  3260. echo 'numprocs=1' >> /etc/supervisor/conf.d/mediagoblin.conf
  3261. echo '; uncomment below to enable logs saving' >> /etc/supervisor/conf.d/mediagoblin.conf
  3262. echo ";stdout_logfile=/var/log/nginx/celeryd_stdout.log" >> /etc/supervisor/conf.d/mediagoblin.conf
  3263. echo ";stderr_logfile=/var/log/nginx/celeryd_stderr.log" >> /etc/supervisor/conf.d/mediagoblin.conf
  3264. echo 'autostart=true' >> /etc/supervisor/conf.d/mediagoblin.conf
  3265. echo 'autorestart=false' >> /etc/supervisor/conf.d/mediagoblin.conf
  3266. echo 'startsecs=10' >> /etc/supervisor/conf.d/mediagoblin.conf
  3267. echo '' >> /etc/supervisor/conf.d/mediagoblin.conf
  3268. echo '; Need to wait for currently executing tasks to finish at shutdown.' >> /etc/supervisor/conf.d/mediagoblin.conf
  3269. echo '; Increase this if you have very long running tasks.' >> /etc/supervisor/conf.d/mediagoblin.conf
  3270. echo 'stopwaitsecs = 600' >> /etc/supervisor/conf.d/mediagoblin.conf
  3271. ln -s /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME /etc/nginx/sites-enabled/
  3272. ln -s /etc/uwsgi/apps-available/mg.yaml /etc/uwsgi/apps-enabled/
  3273. # change settings
  3274. sed -i "s/notice@mediagoblin.example.org/$MY_USERNAME@$DOMAIN_NAME/g" $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  3275. sed -i 's/email_debug_mode = true/email_debug_mode = false/g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  3276. sed -i 's|# sql_engine = postgresql:///mediagoblin|sql_engine = postgresql:///mediagoblin|g' $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  3277. # add extra media types
  3278. if grep -q "media_types.audio" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then
  3279. echo '[[mediagoblin.media_types.audio]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  3280. fi
  3281. if grep -q "media_types.video" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then
  3282. echo '[[mediagoblin.media_types.video]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  3283. fi
  3284. if grep -q "media_types.stl" $MEDIAGOBLIN_PATH/mediagoblin_local.ini; then
  3285. echo '[[mediagoblin.media_types.stl]]' >> $MEDIAGOBLIN_PATH/mediagoblin_local.ini
  3286. fi
  3287. su -c "cd $MEDIAGOBLIN_PATH_BIN; pip install scikits.audiolab" - mediagoblin
  3288. su -c "cd $MEDIAGOBLIN_PATH_BIN; gmg dbupdate" - mediagoblin
  3289. # systemd init scripts
  3290. echo '[Unit]' > /etc/systemd/system/gmg.service
  3291. echo 'Description=Mediagoblin' >> /etc/systemd/system/gmg.service
  3292. echo '' >> /etc/systemd/system/gmg.service
  3293. echo '[Service]' >> /etc/systemd/system/gmg.service
  3294. echo 'Type=forking' >> /etc/systemd/system/gmg.service
  3295. echo 'User=mediagoblin' >> /etc/systemd/system/gmg.service
  3296. echo 'Group=mediagoblin' >> /etc/systemd/system/gmg.service
  3297. echo '#Environment=CELERY_ALWAYS_EAGER=true' >> /etc/systemd/system/gmg.service
  3298. echo 'Environment=CELERY_ALWAYS_EAGER=false' >> /etc/systemd/system/gmg.service
  3299. echo "WorkingDirectory=$MEDIAGOBLIN_PATH" >> /etc/systemd/system/gmg.service
  3300. echo "ExecStart=$MEDIAGOBLIN_PATH_BIN/paster serve $MEDIAGOBLIN_PATH/paste_local.ini --pid-file=/var/run/mediagoblin/paster.pid --log-file=/var/log/nginx/mediagoblin_paster.log --daemon --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543" >> /etc/systemd/system/gmg.service
  3301. echo "ExecStop=$MEDIAGOBLIN_PATH_BIN/paster serve --pid-file=/var/run/mediagoblin/paster.pid $MEDIAGOBLIN_PATH/paste_local.ini stop" >> /etc/systemd/system/gmg.service
  3302. echo 'PIDFile=/var/run/mediagoblin/mediagoblin.pid' >> /etc/systemd/system/gmg.service
  3303. echo '' >> /etc/systemd/system/gmg.service
  3304. echo '[Install]' >> /etc/systemd/system/gmg.service
  3305. echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gmg.service
  3306. echo '[Unit]' > /etc/systemd/system/gmg-celeryd.service
  3307. echo 'Description=Mediagoblin Celeryd' >> /etc/systemd/system/gmg-celeryd.service
  3308. echo '' >> /etc/systemd/system/gmg-celeryd.service
  3309. echo '[Service]' >> /etc/systemd/system/gmg-celeryd.service
  3310. echo 'User=mediagoblin' >> /etc/systemd/system/gmg-celeryd.service
  3311. echo 'Group=mediagoblin' >> /etc/systemd/system/gmg-celeryd.service
  3312. echo 'Type=simple' >> /etc/systemd/system/gmg-celeryd.service
  3313. echo "WorkingDirectory=$MEDIAGOBLIN_PATH" >> /etc/systemd/system/gmg-celeryd.service
  3314. echo "Environment='MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_PATH/mediagoblin_local.ini' CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery" >> /etc/systemd/system/gmg-celeryd.service
  3315. echo "ExecStart=$MEDIAGOBLIN_PATH_BIN/celeryd" >> /etc/systemd/system/gmg-celeryd.service
  3316. echo 'PIDFile=/var/run/mediagoblin/mediagoblin-celeryd.pid' >> /etc/systemd/system/gmg-celeryd.service
  3317. echo '' >> /etc/systemd/system/gmg-celeryd.service
  3318. echo '[Install]' >> /etc/systemd/system/gmg-celeryd.service
  3319. echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gmg-celeryd.service
  3320. systemctl start gmg.service
  3321. systemctl start gmg-celeryd.service
  3322. echo 'install_mediagoblin' >> $COMPLETION_FILE
  3323. }
  3324. function install_final {
  3325. if grep -Fxq "install_final" $COMPLETION_FILE; then
  3326. return
  3327. fi
  3328. # unmount any attached usb drive
  3329. if [ -d $USB_MOUNT ]; then
  3330. umount $USB_MOUNT
  3331. rm -rf $USB_MOUNT
  3332. fi
  3333. apt-get -y --force-yes autoremove
  3334. echo 'install_final' >> $COMPLETION_FILE
  3335. echo ''
  3336. echo ' *** Freedombone installation is complete. Rebooting... ***'
  3337. echo ''
  3338. if [ -f "/home/$MY_USERNAME/README" ]; then
  3339. echo "See /home/$MY_USERNAME/README for post-installation instructions."
  3340. echo ''
  3341. fi
  3342. reboot
  3343. }
  3344. argument_checks
  3345. remove_default_user
  3346. configure_firewall
  3347. configure_firewall_for_ssh
  3348. configure_firewall_for_dns
  3349. configure_firewall_for_ftp
  3350. configure_firewall_for_web_access
  3351. remove_proprietary_repos
  3352. change_debian_repos
  3353. enable_backports
  3354. configure_dns
  3355. initial_setup
  3356. enforce_good_passwords
  3357. install_editor
  3358. change_login_message
  3359. update_the_kernel
  3360. enable_zram
  3361. random_number_generator
  3362. set_your_domain_name
  3363. time_synchronisation
  3364. configure_internet_protocol
  3365. configure_ssh
  3366. check_hwrng
  3367. search_for_attached_usb_drive
  3368. regenerate_ssh_keys
  3369. script_to_make_self_signed_certificates
  3370. configure_email
  3371. create_procmail
  3372. #spam_filtering
  3373. configure_imap
  3374. configure_gpg
  3375. encrypt_incoming_email
  3376. #encrypt_outgoing_email
  3377. email_client
  3378. configure_firewall_for_email
  3379. folders_for_mailing_lists
  3380. folders_for_email_addresses
  3381. dynamic_dns_freedns
  3382. create_public_mailing_list
  3383. #create_private_mailing_list
  3384. import_email
  3385. script_for_attaching_usb_drive
  3386. install_web_server
  3387. configure_firewall_for_web_server
  3388. install_owncloud
  3389. install_xmpp
  3390. configure_firewall_for_xmpp
  3391. install_irc_server
  3392. configure_firewall_for_irc
  3393. install_wiki
  3394. install_blog
  3395. install_gnu_social
  3396. install_redmatrix
  3397. install_dlna_server
  3398. install_mediagoblin
  3399. create_backup_script
  3400. create_restore_script
  3401. backup_to_friends_servers
  3402. install_final
  3403. apt-get -y --force-yes autoremove
  3404. echo 'Freedombone installation is complete'
  3405. exit 0