freedombone/src/freedombone-restore-local

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# Restore from local storage - typically a USB drive

# License
# =======
#
# Copyright (C) 2015-2016 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

PROJECT_NAME='freedombone'
COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv

# whether to restore everything or just a specific application
RESTORE_APP='all'

export TEXTDOMAIN=${PROJECT_NAME}-restore-local
export TEXTDOMAINDIR="/usr/share/locale"

USB_DRIVE=/dev/sdb1
USB_MOUNT=/mnt/usb

# get default USB from config file
CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg
if [ -f $CONFIG_FILE ]; then
    if grep -q "USB_DRIVE=" $CONFIG_FILE; then
        USB_DRIVE=$(cat $CONFIG_FILE | grep "USB_DRIVE=" | awk -F '=' '{print $2}')
    fi
fi

ADMIN_USERNAME=
ADMIN_NAME=

# MariaDB password
DATABASE_PASSWORD=$(cat /root/dbpass)

MICROBLOG_DOMAIN_NAME=
HUBZILLA_DOMAIN_NAME=
OWNCLOUD_DOMAIN_NAME=
GIT_DOMAIN_NAME=
WIKI_DOMAIN_NAME=
FULLBLOG_DOMAIN_NAME=

function mount_drive {
    if [ $1 ]; then
        USB_DRIVE=/dev/${1}1
    fi

    # get the admin user
    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
    if [ $2 ]; then
        ADMIN_USERNAME=$2
    fi
    ADMIN_NAME=$(getent passwd $ADMIN_USERNAME | cut -d: -f5 | cut -d, -f1)

    # check that the backup destination is available
    if [ ! -b $USB_DRIVE ]; then
        echo $"Please attach a USB drive"
        exit 1
    fi

    # unmount if already mounted
    umount -f $USB_MOUNT
    if [ ! -d $USB_MOUNT ]; then
        mkdir $USB_MOUNT
    fi
    if [ -f /dev/mapper/encrypted_usb ]; then
        rm -rf /dev/mapper/encrypted_usb
    fi
    cryptsetup luksClose encrypted_usb

    # mount the encrypted backup drive
    cryptsetup luksOpen $USB_DRIVE encrypted_usb
    if [ "$?" = "0" ]; then
        USB_DRIVE=/dev/mapper/encrypted_usb
    fi
    mount $USB_DRIVE $USB_MOUNT
    if [ ! "$?" = "0" ]; then
        echo $"There was a problem mounting the USB drive to $USB_MOUNT"
        rm -rf $USB_MOUNT
        exit 2
    fi
}

function unmount_drive {
    sync
    umount $USB_MOUNT
    if [ ! "$?" = "0" ]; then
        echo $"Unable to unmount the drive. This means that the backup did not work"
        rm -rf $USB_MOUNT
        exit 9
    fi
    rm -rf $USB_MOUNT

    echo $"Setting permissions"
    for d in /home/*/ ; do
        USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
        if [[ $USERNAME != "git" ]]; then
            chown -R $USERNAME:$USERNAME /home/$USERNAME
        fi
    done

    if [[ $USB_DRIVE == /dev/mapper/encrypted_usb ]]; then
        echo $"Unmount encrypted USB"
        cryptsetup luksClose encrypted_usb
    fi
    if [ -f /dev/mapper/encrypted_usb ]; then
        rm -rf /dev/mapper/encrypted_usb
    fi
}

function check_backup_exists {
    if [ ! -d $USB_MOUNT/backup ]; then
        echo $"No backup directory found on the USB drive."
        unmount_drive
        exit 2
    fi
}

function check_admin_user {
    echo $"Checking that admin user exists"
    if [ ! -d /home/$ADMIN_USERNAME ]; then
        echo $"Username $ADMIN_USERNAME not found. Reinstall ${PROJECT_NAME} with this username."
        unmount_drive
        exit 295
    fi
}

function copy_gpg_keys {
    echo $"Copying GPG keys from admin user to root"
    cp -r /home/$ADMIN_USERNAME/.gnupg /root
}

function restore_directory_from_usb {
    if [ ! -d ${1} ]; then
        mkdir ${1}
    fi
    obnam restore -r $USB_MOUNT/backup/${2} --to ${1}
}

function restore_database {
    RESTORE_SUBDIR="root"

    if [ -d $USB_MOUNT/backup/${1} ]; then
        echo $"Restoring ${1} database"
        restore_directory_from_usb "/root/temp${1}data" "${1}data"
        if [ ! -f /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/${1}.sql ]; then
            echo $"Unable to restore ${1} database"
            rm -rf /root/temp${1}data
            unmount_drive
            exit 503
        fi
        mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD ${1} -o < /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/${1}.sql)
        if [ ! "$?" = "0" ]; then
            echo "$mysqlsuccess"
            unmount_drive
            exit 964
        fi
        shred -zu /root/temp${1}data/${RESTORE_SUBDIR}/temp${1}data/*
        rm -rf /root/temp${1}data
        echo $"Restoring ${1} installation"
        if [ ! -d /root/temp${1} ]; then
            mkdir /root/temp${1}
        fi
        restore_directory_from_usb "/root/temp${1}" "${1}"
        RESTORE_SUBDIR="var"
        if [ ${2} ]; then
            if [ -d /var/www/${2}/htdocs ]; then
                if [ -d /root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs ]; then
                    rm -rf /var/www/${2}/htdocs
                    mv /root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs /var/www/${2}/
                    if [ ! "$?" = "0" ]; then
                        unmount_drive
                        exit 683
                    fi
                    if [ -d /etc/letsencrypt/live/${2} ]; then
                        ln -s /etc/letsencrypt/live/${2}/privkey.pem /etc/ssl/private/${2}.key
                        ln -s /etc/letsencrypt/live/${2}/fullchain.pem /etc/ssl/certs/${2}.pem
                    else
                        # Ensure that the bundled SSL cert is being used
                        if [ -f /etc/ssl/certs/${2}.bundle.crt ]; then
                            sed -i "s|${2}.crt|${2}.bundle.crt|g" /etc/nginx/sites-available/${2}
                        fi
                    fi
                fi
            fi
        fi
    fi
}

function update_domains {
    if grep -q "GNU Social domain" $COMPLETION_FILE; then
        MICROBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "GNU Social domain" | awk -F ':' '{print $2}')
    fi
    if grep -q "Hubzilla domain" $COMPLETION_FILE; then
        HUBZILLA_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Hubzilla domain" | awk -F ':' '{print $2}')
    fi
    if grep -q "Owncloud domain" $COMPLETION_FILE; then
        OWNCLOUD_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Owncloud domain" | awk -F ':' '{print $2}')
    fi
    if grep -q "Gogs domain" $COMPLETION_FILE; then
        GIT_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Gogs domain" | awk -F ':' '{print $2}')
    fi
    if [ -d $USB_MOUNT/backup/wiki ]; then
        WIKI_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Wiki domain" | awk -F ':' '{print $2}')
    fi
    if [ -d $USB_MOUNT/backup/blog ]; then
        FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')
    fi
}

function restore_configuration {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'configuration' ]]; then
            return
        fi
    fi

    # this restores *.cfg and COMPLETION_FILE
    if [ -d $USB_MOUNT/backup/config ]; then
        echo $"Restoring configuration files"
        restore_directory_from_usb /root/tempconfig config

        cp -f /root/tempconfig/root/${PROJECT_NAME}.cfg $CONFIG_FILE
        if [ ! "$?" = "0" ]; then
            unmount_drive
            rm -rf /root/tempconfig
            exit 5294
        fi
        if [ -f $CONFIG_FILE ]; then
            # install according to the config file
            freedombone -c $CONFIG_FILE
        fi

        cp -f /root/tempconfig/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
        if [ ! "$?" = "0" ]; then
            unmount_drive
            rm -rf /root/tempconfig
            exit 6382
        fi

        if [ -f /root/tempconfig${BACKUP_EXTRA_DIRECTORIES} ]; then
            cp -f /root/tempconfig${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
            if [ ! "$?" = "0" ]; then
                unmount_drive
                rm -rf /root/tempconfig
                exit 62121
            fi
        fi

        rm -rf /root/tempconfig
    fi
}

function same_admin_user {
    PREV_ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
    if [[ "$PREV_ADMIN_USERNAME" != "$ADMIN_USERNAME" ]]; then
        echo $"The admin username has changed from $PREV_ADMIN_USERNAME to $ADMIN_USERNAME. To restore you will first need to install a new ${PROJECT_NAME} system with an initial admin user named $PREV_ADMIN_USERNAME"
        unmount_drive
        exit 73265
    fi
}

function restore_mariadb {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'mariadb' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/mariadb ]; then
        echo $"Restoring mysql settings"
        restore_directory_from_usb /root/tempmariadb mariadb
        echo $"Get the MariaDB password from the backup"
        if [ ! -f /root/tempmariadb/root/tempmariadb/db ]; then
            echo $"MariaDB password file not found"
            exit 495
        fi
        BACKUP_MARIADB_PASSWORD=$(cat /root/tempmariadb/root/tempmariadb/db)
        if [[ $BACKUP_MARIADB_PASSWORD != $DATABASE_PASSWORD ]]; then
            echo $"Restore the MariaDB user table"
            mysqlsuccess=$(mysql -u root --password=$DATABASE_PASSWORD mysql -o < /root/tempmariadb/root/tempmariadb/mysql.sql)
            if [ ! "$?" = "0" ]; then
                echo $"Try again using the password obtained from backup"
                mysqlsuccess=$(mysql -u root --password=$BACKUP_MARIADB_PASSWORD mysql -o < /root/tempmariadb/root/tempmariadb/mysql.sql)
            fi
            if [ ! "$?" = "0" ]; then
                echo "$mysqlsuccess"
                unmount_drive
                exit 962
            fi
            echo $"Restarting database"
            service mysql restart
            echo $"Change the MariaDB password to the backup version"
            DATABASE_PASSWORD=$BACKUP_MARIADB_PASSWORD
        fi
        shred -zu /root/tempmariadb/root/tempmariadb/db
        rm -rf /root/tempmariadb

        # Change database password file
        echo "$DATABASE_PASSWORD" > /root/dbpass
        chmod 600 /root/dbpass
    fi
}

function restore_letsencrypt {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'letsencrypt' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/letsencrypt ]; then
        echo $"Restoring Lets Encrypt settings"
        restore_directory_from_usb / letsencrypt
    fi
}

function restore_tor {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'tor' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/tor ]; then
        echo $"Restoring Tor settings"
        restore_directory_from_usb / tor
    fi
}

function restore_mutt_settings {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'mutt' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/mutt ]; then
        for d in $USB_MOUNT/backup/mutt/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $USERNAME != "git" ]]; then
                if [ ! -d /home/$USERNAME ]; then
                    ${PROJECT_NAME}-adduser $USERNAME
                fi
                echo $"Restoring Mutt settings for $USERNAME"
                restore_directory_from_usb /root/tempmutt mutt/$USERNAME
                if [ -f /root/tempmutt/home/$USERNAME/tempbackup/.muttrc ]; then
                    cp -f /root/tempmutt/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
                fi
                if [ -f /root/tempmutt/home/$USERNAME/tempbackup/Muttrc ]; then
                    cp -f /root/tempmutt/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
                fi
                if [ ! "$?" = "0" ]; then
                    rm -rf /root/tempmutt
                    unmount_drive
                    exit 276
                fi
                rm -rf /root/tempmutt
            fi
        done
    fi
}

function restore_gpg {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'gpg' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/gnupg ]; then
        for d in $USB_MOUNT/backup/gnupg/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $USERNAME != "git" ]]; then
                if [ ! -d /home/$USERNAME ]; then
                    ${PROJECT_NAME}-adduser $USERNAME
                fi
                echo $"Restoring gnupg settings for $USERNAME"
                restore_directory_from_usb /root/tempgnupg gnupg/$USERNAME
                cp -r /root/tempgnupg/home/$USERNAME/.gnupg /home/$USERNAME/
                if [ ! "$?" = "0" ]; then
                    rm -rf /root/tempgnupg
                    unmount_drive
                    exit 276
                fi
                rm -rf /root/tempgnupg
                if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
                    cp -r /home/$USERNAME/.gnupg /root
                    if [ ! "$?" = "0" ]; then
                        unmount_drive
                        exit 283
                    fi
                fi
            fi
        done
    fi
}

function restore_procmail {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'procmail' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/procmail ]; then
        for d in $USB_MOUNT/backup/procmail/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $USERNAME != "git" ]]; then
                if [ ! -d /home/$USERNAME ]; then
                    ${PROJECT_NAME}-adduser $USERNAME
                fi
                echo $"Restoring procmail settings for $USERNAME"
                restore_directory_from_usb /root/tempprocmail procmail/$USERNAME
                cp -f /root/tempprocmail/home/$USERNAME/tempbackup/.procmailrc /home/$USERNAME/
                if [ ! "$?" = "0" ]; then
                    rm -rf /root/tempprocmail
                    unmount_drive
                    exit 276
                fi
                rm -rf /root/tempprocmail
            fi
        done
    fi
}

function restore_spamassassin {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'spamassassin' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/spamassassin ]; then
        for d in $USB_MOUNT/backup/spamassassin/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $USERNAME != "git" ]]; then
                if [ -d $USB_MOUNT/backup/spamassassin/$USERNAME ]; then
                    if [ ! -d /home/$USERNAME ]; then
                        ${PROJECT_NAME}-adduser $USERNAME
                    fi
                    echo $"Restoring spamassassin settings for $USERNAME"
                    restore_directory_from_usb /root/tempspamassassin spamassassin/$USERNAME
                    cp -rf /root/tempspamassassin/home/$USERNAME/.spamassassin /home/$USERNAME/
                    if [ ! "$?" = "0" ]; then
                        rm -rf /root/tempspamassassin
                        unmount_drive
                        exit 276
                    fi
                    rm -rf /root/tempspamassassin
                fi
            fi
        done
    fi
}

function restore_admin_readme {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'readme' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/readme ]; then
        echo $"Restoring admin user README"

        # Make a backup of the original README file
        # incase old passwords need to be used
        if [ -f /home/$ADMIN_USERNAME/README ]; then
            if [ ! -f /home/$ADMIN_USERNAME/README_original ]; then
                cp /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/README_original
            fi
        fi

        restore_directory_from_usb /root/tempreadme readme
        cp -f /root/tempreadme/home/$ADMIN_USERNAME/tempbackup/README /home/$ADMIN_USERNAME/
        if [ ! "$?" = "0" ]; then
            rm -rf /root/tempreadme
            unmount_drive
            exit 276
        fi
        rm -rf /root/tempreadme
    fi
}

function restore_ipfs {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'ipfs' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/ipfs ]; then
        echo $"Restoring IPFS"
        restore_directory_from_usb /root/tempipfs ipfs
        cp -rf /root/tempipfs/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
        if [ ! "$?" = "0" ]; then
            rm -rf /root/tempipfs
            unmount_drive
            exit 276
        fi
        rm -rf /root/tempipfs
    fi
}

function restore_user_ssh_keys {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'ssh' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/ssh ]; then
        for d in $USB_MOUNT/backup/ssh/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $USERNAME != "git" ]]; then
                if [ ! -d /home/$USERNAME ]; then
                    ${PROJECT_NAME}-adduser $USERNAME
                fi
                echo $"Restoring ssh keys for $USERNAME"
                restore_directory_from_usb /root/tempssh ssh/$USERNAME
                cp -r /root/tempssh/home/$USERNAME/.ssh /home/$USERNAME/
                if [ ! "$?" = "0" ]; then
                    rm -rf /root/tempssh
                    unmount_drive
                    exit 664
                fi
                rm -rf /root/tempssh
            fi
        done
    fi
}

function restore_user_config {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'userconfig' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/config ]; then
        for d in $USB_MOUNT/backup/config/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $USERNAME != "git" ]]; then
                if [ ! -d /home/$USERNAME ]; then
                    ${PROJECT_NAME}-adduser $USERNAME
                fi
                echo $"Restoring config files for $USERNAME"
                restore_directory_from_usb /root/tempconfig config/$USERNAME
                cp -r /root/tempconfig/home/$USERNAME/.config /home/$USERNAME/
                if [ ! "$?" = "0" ]; then
                    rm -rf /root/tempconfig
                    unmount_drive
                    exit 664
                fi
                rm -rf /root/tempconfig
            fi
        done
    fi
}

function restore_certs {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'certs' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/ssl ]; then
        echo $"Restoring certificates"
        mkdir /root/tempssl
        restore_directory_from_usb /root/tempssl ssl
        cp -r /root/tempssl/etc/ssl/* /etc/ssl
        if [ ! "$?" = "0" ]; then
            unmount_drive
            exit 276
        fi
        rm -rf /root/tempssl

        # restore ownership
        if [ -f /etc/ssl/private/xmpp.key ]; then
            chown prosody:prosody /etc/ssl/private/xmpp.key
            chown prosody:prosody /etc/ssl/certs/xmpp.*
        fi
        if [ -d /etc/dovecot ]; then
            chown root:dovecot /etc/ssl/private/dovecot.*
            chown root:dovecot /etc/ssl/certs/dovecot.*
        fi
        if [ -f /etc/ssl/private/exim.key ]; then
			cp /etc/ssl/private/exim.key /etc/exim4
			cp /etc/ssl/certs/exim.crt /etc/exim4
			cp /etc/ssl/certs/exim.dhparam /etc/exim4
			chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
			chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam
        fi
        if [ -f /etc/ssl/private/mumble.key ]; then
            if [ -d /var/lib/mumble-server ]; then
                cp /etc/ssl/certs/mumble.* /var/lib/mumble-server
                cp /etc/ssl/private/mumble.key /var/lib/mumble-server
                chown -R mumble-server:mumble-server /var/lib/mumble-server
            fi
        fi
    fi
}

function restore_personal_settings {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'personal' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/personal ]; then
        for d in $USB_MOUNT/backup/personal/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $USERNAME != "git" ]]; then
                if [ -d $USB_MOUNT/backup/personal/$USERNAME ]; then
                    if [ ! -d /home/$USERNAME ]; then
                        ${PROJECT_NAME}-adduser $USERNAME
                    fi
                    echo $"Restoring personal settings for $USERNAME"
                    restore_directory_from_usb /root/temppersonal personal/$USERNAME
                    if [ -d /home/$USERNAME/personal ]; then
                        rm -rf /home/$USERNAME/personal
                    fi
                    mv /root/temppersonal/home/$USERNAME/personal /home/$USERNAME
                    if [ ! "$?" = "0" ]; then
                        unmount_drive
                        exit 184
                    fi
                    rm -rf /root/temppersonal
                fi
            fi
        done
    fi
}

function restore_mailing_list {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'mailinglist' ]]; then
            return
        fi
    fi
    if [ -d /var/spool/mlmmj ]; then
        echo $"Restoring public mailing list"
        restore_directory_from_usb /root/tempmailinglist mailinglist
        cp -r /root/tempmailinglist/root/spool/mlmmj/* /var/spool/mlmmj
        if [ ! "$?" = "0" ]; then
            unmount_drive
            exit 526
        fi
        rm -rf /root/tempmailinglist
    fi
}

function restore_xmpp {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'xmpp' ]]; then
            return
        fi
    fi
    if [ -d /var/lib/prosody ]; then
        echo $"Restoring XMPP settings"
        restore_directory_from_usb /root/tempxmpp xmpp
        cp -r /root/tempxmpp/var/lib/prosody/* /var/lib/prosody
        if [ ! "$?" = "0" ]; then
            unmount_drive
            exit 725
        fi
        rm -rf /root/tempxmpp
        service prosody restart
        chown -R prosody:prosody /var/lib/prosody/*
    fi
}

function restore_gnu_social {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'gnusocial' ]]; then
            return
        fi
    fi
    if [ $MICROBLOG_DOMAIN_NAME ]; then
        restore_database gnusocial ${MICROBLOG_DOMAIN_NAME}
        if [ -d /root/tempgnusocial ]; then
            rm -rf /root/tempgnusocial
        fi
    fi
}

function restore_hubzilla {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'hubzilla' ]]; then
            return
        fi
    fi
    if [ $HUBZILLA_DOMAIN_NAME ]; then
        restore_database hubzilla ${HUBZILLA_DOMAIN_NAME}
        if [ -d $USB_MOUNT/backup/hubzilla ]; then
            if [ ! -d /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then
                mkdir -p /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
            fi
            chmod 777 /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
            chown -R www-data:www-data /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/*
            if [ -d /root/temphubzilla ]; then
                rm -rf /root/temphubzilla
            fi
        fi
    fi
}

function restore_owncloud {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'owncloud' ]]; then
            return
        fi
    fi
    if [ $OWNCLOUD_DOMAIN_NAME ]; then
        restore_database owncloud $OWNCLOUD_DOMAIN_NAME
        if [ -d $USB_MOUNT/backup/owncloud2 ]; then
            restore_directory_from_usb /root/tempowncloud2 owncloud2
            cp -r /root/tempowncloud2/etc/owncloud/* /etc/owncloud/
            if [ ! "$?" = "0" ]; then
                unmount_drive
                exit 982
            fi
            rm -rf /root/tempowncloud
            rm -rf /root/tempowncloud2
            chown -R www-data:www-data /var/lib/owncloud/data
            chown -R www-data:www-data /var/lib/owncloud/backup
            chown -R www-data:www-data /var/lib/owncloud/assets
            for d in /home/*/ ; do
                USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
                if [[ $USERNAME != "git" ]]; then
                    occ files:scan $USERNAME
                fi
            done
            ln -s /usr/share/owncloud /var/www/${OWNCLOUD_DOMAIN_NAME}/htdocs
        fi
    fi
}

function restore_gogs {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'gogs' ]]; then
            return
        fi
    fi
    if [ $GIT_DOMAIN_NAME ]; then
        restore_database gogs ${GIT_DOMAIN_NAME}
        if [ -d $USB_MOUNT/backup/gogs ]; then
            echo $"Restoring Gogs settings"
            if [ ! -d /home/git/go/src/github.com/gogits/gogs/custom ]; then
                mkdir -p /home/git/go/src/github.com/gogits/gogs/custom
            fi
            cp -r /root/tempgogs/home/git/go/src/github.com/gogits/gogs/custom/* /home/git/go/src/github.com/gogits/gogs/custom
            if [ ! "$?" = "0" ]; then
                unmount_drive
                exit 981
            fi
            echo $"Restoring Gogs repos"
            restore_directory_from_usb /root/tempgogsrepos gogsrepos
            cp -r /root/tempgogsrepos/home/git/gogs-repositories/* /home/git/gogs-repositories/
            if [ ! "$?" = "0" ]; then
                unmount_drive
                exit 67574
            fi
            echo $"Restoring Gogs authorized_keys"
            restore_directory_from_usb /root/tempgogsssh gogsssh
            if [ ! -d /home/git/.ssh ]; then
                mkdir /home/git/.ssh
            fi
            cp -r /root/tempgogsssh/home/git/.ssh/* /home/git/.ssh/
            if [ ! "$?" = "0" ]; then
                unmount_drive
                exit 8463
            fi
            rm -rf /root/tempgogs
            rm -rf /root/tempgogsrepos
            rm -rf /root/tempgogsssh
            chown -R git:git /home/git
        fi
    fi
}

function restore_wiki {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'wiki' ]]; then
            return
        fi
    fi
    if [ $WIKI_DOMAIN_NAME ]; then
        echo $"Restoring Wiki installation ${WIKI_DOMAIN_NAME}"
        restore_directory_from_usb /root/tempwiki wiki
        cp -r /root/tempwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/
        if [ ! "$?" = "0" ]; then
            unmount_drive
            exit 868
        fi
        restore_directory_from_usb /root/tempwiki2 wiki2
        cp -r /root/tempwiki2/etc/dokuwiki/* /etc/dokuwiki/
        if [ ! "$?" = "0" ]; then
            unmount_drive
            exit 869
        fi
        rm -rf /root/tempwiki
        rm -rf /root/tempwiki2
        chown -R www-data:www-data /var/lib/dokuwiki/*
        # Ensure that the bundled SSL cert is being used
        if [ -f /etc/ssl/certs/${WIKI_DOMAIN_NAME}.bundle.crt ]; then
            sed -i "s|${WIKI_DOMAIN_NAME}.crt|${WIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${WIKI_DOMAIN_NAME}
        fi
        if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then
            ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key
            ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem
        fi
    fi
}

function restore_blog {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'blog' ]]; then
            return
        fi
    fi
    if [ $FULLBLOG_DOMAIN_NAME ]; then
        echo $"Restoring blog installation"
        restore_directory_from_usb /root/tempblog blog
        rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs
        cp -r /root/tempblog/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/
        if [ ! "$?" = "0" ]; then
            unmount_drive
            exit 593
        fi
        rm -rf /root/tempblog
        if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then
            echo $"No content directory found after restoring blog"
            unmount_drive
            exit 287
        fi
        chown -R www-data:www-data /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs
        # Ensure that the bundled SSL cert is being used
        if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then
            sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME}
        fi
        for d in /home/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
            if [[ $USERNAME != "git" ]]; then
                if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then
                    mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post
                fi
            fi
        done
        if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then
            ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key
            ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem
        fi
    fi
}

function restore_cjdns {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'cjdns' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/cjdns ]; then
        echo $"Restoring cjdns installation"
        restore_directory_from_usb /root/tempcjdns cjdns
        rm -rf /etc/cjdns
        cp -r /root/tempcjdns/etc/cjdns /etc/
        if [ ! "$?" = "0" ]; then
            unmount_drive
            exit 8472
        fi
        rm -rf /root/tempcjdns
    fi
}

function restore_email {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'email' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/mail ]; then
        for d in $USB_MOUNT/backup/mail/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
            if [[ $USERNAME != "git" ]]; then
                if [ ! -d /home/$USERNAME ]; then
                    ${PROJECT_NAME}-adduser $USERNAME
                fi
                echo $"Restoring emails for $USERNAME"
                restore_directory_from_usb /root/tempmail mail/$USERNAME
                if [ ! -d /home/$USERNAME/Maildir ]; then
                    mkdir /home/$USERNAME/Maildir
                fi
                tar -xzvf /root/tempmail/root/tempbackupemail/$USERNAME/maildir.tar.gz -C /
                if [ ! "$?" = "0" ]; then
                    unmount_drive
                    exit 927
                fi
                rm -rf /root/tempmail
            fi
        done
    fi
}

function restore_dlna {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'dlna' ]]; then
            return
        fi
    fi
    if [ -d /var/cache/minidlna ]; then
        if [ -d $USB_MOUNT/backup/dlna ]; then
            echo $"Restoring DLNA cache"
            restore_directory_from_usb /root/tempdlna dlna
            cp -r /root/tempdlna/var/cache/minidlna/* /var/cache/minidlna/
            if [ ! "$?" = "0" ]; then
                rm -rf /root/tempdlna
                unmount_drive
                exit 982
            fi
            rm -rf /root/tempdlna
        fi
    fi
}

function restore_voip {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'voip' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/voip ]; then
        echo $"Restoring VoIP settings"
        restore_directory_from_usb /root/tempvoip voip
        cp -f /root/tempvoip/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
        if [ ! "$?" = "0" ]; then
            rm -rf /root/tempvoip
            unmount_drive
            exit 3679
        fi
        cp -f /root/tempvoip/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
        if [ ! "$?" = "0" ]; then
            rm -rf /root/tempvoip
            unmount_drive
            exit 3679
        fi
        cp -f /root/tempvoip/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
        if [ ! "$?" = "0" ]; then
            rm -rf /root/tempvoip
            unmount_drive
            exit 276
        fi
        rm -rf /root/tempvoip
        cp /etc/ssl/certs/mumble* /var/lib/mumble-server
        cp /etc/ssl/private/mumble* /var/lib/mumble-server
        chown -R mumble-server:mumble-server /var/lib/mumble-server
        service sipwitch restart
        service mumble-server restart
    fi
}

function restore_tox {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'tox' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/tox ]; then
        echo $"Restoring Tox node settings"
        restore_directory_from_usb / tox
        if [ ! "$?" = "0" ]; then
            unmount_drive
            exit 6393
        fi
        cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
        systemctl restart tox-bootstrapd.service
        if [ ! "$?" = "0" ]; then
            systemctl status tox-bootstrapd.service
            unmount_drive
            exit 59369
        fi
    fi
}

function get_restore_app {
    if [ ${1} ]; then
        if [ ! -d /home/${1} ]; then
            RESTORE_APP=${1}
            echo $"Restore $RESTORE_APP"
        fi
    fi
}

get_restore_app ${2}
mount_drive ${1} ${2}
check_backup_exists
check_admin_user
copy_gpg_keys
restore_configuration
same_admin_user
update_domains
restore_mariadb
restore_letsencrypt
restore_tor
restore_mutt_settings
restore_gpg
restore_procmail
restore_spamassassin
restore_admin_readme
restore_ipfs
restore_user_ssh_keys
restore_user_config
restore_certs
restore_personal_settings
restore_mailing_list
restore_xmpp
restore_gnu_social
restore_hubzilla
restore_owncloud
restore_gogs
restore_wiki
restore_blog
restore_cjdns
restore_email
restore_dlna
restore_voip
restore_tox
unmount_drive

echo $"Restore from USB drive is complete. You can now unplug it."

exit 0