Browse Source

Stockholm initial

stockholm
Bob Mottram 5 years ago
parent
commit
0df3a86365
  1. 10782
      src/freedombone
  2. 54
      src/freedombone-app-babel
  3. 66
      src/freedombone-app-batman
  4. 343
      src/freedombone-app-blog
  5. 447
      src/freedombone-app-cjdns
  6. 125
      src/freedombone-app-dlna
  7. 113
      src/freedombone-app-editor
  8. 1501
      src/freedombone-app-email
  9. 660
      src/freedombone-app-gnusocial
  10. 410
      src/freedombone-app-gogs
  11. 388
      src/freedombone-app-hubzilla
  12. 88
      src/freedombone-app-intrusion
  13. 167
      src/freedombone-app-ipfs
  14. 239
      src/freedombone-app-irc
  15. 370
      src/freedombone-app-mediagoblin
  16. 159
      src/freedombone-app-mumble
  17. 422
      src/freedombone-app-rss
  18. 248
      src/freedombone-app-search
  19. 318
      src/freedombone-app-sip
  20. 85
      src/freedombone-app-syncthing
  21. 172
      src/freedombone-app-tox
  22. 47
      src/freedombone-app-vpn
  23. 184
      src/freedombone-app-webmail
  24. 413
      src/freedombone-app-wiki
  25. 346
      src/freedombone-app-xmpp
  26. 384
      src/freedombone-app-zeronet
  27. 85
      src/freedombone-utils-avahi
  28. 99
      src/freedombone-utils-backup
  29. 606
      src/freedombone-utils-config
  30. 76
      src/freedombone-utils-cron
  31. 468
      src/freedombone-utils-database
  32. 39
      src/freedombone-utils-depends
  33. 241
      src/freedombone-utils-dns
  34. 80
      src/freedombone-utils-final
  35. 521
      src/freedombone-utils-firewall
  36. 19
      src/freedombone-utils-git
  37. 148
      src/freedombone-utils-go
  38. 81
      src/freedombone-utils-help
  39. 109
      src/freedombone-utils-interactive
  40. 54
      src/freedombone-utils-international
  41. 86
      src/freedombone-utils-login
  42. 66
      src/freedombone-utils-monkeysphere
  43. 90
      src/freedombone-utils-network
  44. 349
      src/freedombone-utils-onion
  45. 54
      src/freedombone-utils-passwords
  46. 149
      src/freedombone-utils-repos
  47. 167
      src/freedombone-utils-rng
  48. 368
      src/freedombone-utils-setup
  49. 142
      src/freedombone-utils-ssh
  50. 129
      src/freedombone-utils-time
  51. 50
      src/freedombone-utils-upgrade
  52. 51
      src/freedombone-utils-watchdog
  53. 551
      src/freedombone-utils-web
  54. 133
      src/freedombone-utils-wifi
  55. 46
      src/freedombone-utils-zram

10782
src/freedombone

File diff suppressed because it is too large

54
src/freedombone-app-babel

@ -0,0 +1,54 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Babel mesh functions
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Babel mesh
ENABLE_BABEL="no"
BABEL_PORT=6696
function mesh_babel {
if grep -Fxq "mesh_babel" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_BABEL != "yes" ]]; then
return
fi
${PROJECT_NAME}-mesh-install -f babel
if [ ! "$?" = "0" ]; then
echo $'Failed to install babel'
exit 67242
fi
function_check configure_firewall_for_babel
configure_firewall_for_babel
echo 'mesh_babel' >> $COMPLETION_FILE
}
# NOTE: deliberately there is no "exit 0"

66
src/freedombone-app-batman

@ -0,0 +1,66 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# batman adv mesh functions
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# B.A.T.M.A.N settings
ENABLE_BATMAN="no"
BATMAN_CELLID='any'
function mesh_batman {
if grep -Fxq "mesh_batman" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_BATMAN != "yes" ]]; then
return
fi
${PROJECT_NAME}-mesh-install -f batman
if [ ! "$?" = "0" ]; then
echo $'Failed to install batman'
exit 72524
fi
if ! grep -q "Mesh Networking (B.A.T.M.A.N)" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo 'Mesh Networking (B.A.T.M.A.N)' >> /home/$MY_USERNAME/README
echo '=============================' >> /home/$MY_USERNAME/README
echo "Mesh ESSID: $WIFI_SSID" >> /home/$MY_USERNAME/README
echo "Mesh cell ID: $BATMAN_CELLID" >> /home/$MY_USERNAME/README
echo "Mesh wifi channel: $WIFI_CHANNEL" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
function_check configure_firewall_for_batman
configure_firewall_for_batman
echo 'mesh_batman' >> $COMPLETION_FILE
}
# NOTE: deliberately no exit 0

343
src/freedombone-app-blog

@ -0,0 +1,343 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Blog functions
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
FULLBLOG_DOMAIN_NAME=
FULLBLOG_CODE=
FULLBLOG_ONION_PORT=8086
FULLBLOG_REPO="https://github.com/danpros/htmly"
FULLBLOG_COMMIT='bf5fe9486160be4da86d8987d3e5c977e1dc6d32'
MY_BLOG_TITLE="My Blog"
MY_BLOG_SUBTITLE="Another ${PROJECT_NAME} Blog"
function mark_blog_domain {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if ! grep -q "Blog domain:" $COMPLETION_FILE; then
echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
fi
}
function get_blog_admin_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "Your blog password is" /home/$MY_USERNAME/README; then
FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
}
function install_blog {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! $FULLBLOG_DOMAIN_NAME ]; then
echo $'The blog domain name was not specified'
exit 5062
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO
if grep -Fxq "install_blog" $COMPLETION_FILE; then
return
fi
# for the avatar changing command
apt-get -y install imagemagick
if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then
mkdir /var/www/$FULLBLOG_DOMAIN_NAME
fi
cd /var/www/$FULLBLOG_DOMAIN_NAME
git_clone $FULLBLOG_REPO htdocs
cd htdocs
git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT
if ! grep -q "Blog commit" $COMPLETION_FILE; then
echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE
fi
cd /var/www/$FULLBLOG_DOMAIN_NAME
chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $FULLBLOG_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
function_check nginx_limits
nginx_limits $FULLBLOG_DOMAIN_NAME
function_check nginx_ssl
nginx_ssl $FULLBLOG_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
else
echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
fi
echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
function_check nginx_limits
nginx_limits $FULLBLOG_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
function_check create_site_certificate
create_site_certificate $FULLBLOG_DOMAIN_NAME 'yes'
function_check configure_php
configure_php
# blog settings
cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
# set social networks
if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then
sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
fi
if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then
sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
fi
# clear proprietary social network strings
sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
# create a user password
function_check get_blog_admin_password
get_blog_admin_password
if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
FULLBLOG_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
fi
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'HTMLy Blog' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README
echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
if [[ $ONION_ONLY == 'no' ]]; then
echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README
fi
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
# create a user
FULLBLOG_ADMIN_PASSWORD_HASH=$(freedombone-sec --bloghash "$FULLBLOG_ADMIN_PASSWORD")
if [ ${#FULLBLOG_ADMIN_PASSWORD_HASH} -lt 8 ]; then
echo $'Blog admin password could not be hashed'
exit 625728
fi
echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo "password = $FULLBLOG_ADMIN_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
function_check nginx_ensite
nginx_ensite $FULLBLOG_DOMAIN_NAME
FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT})
systemctl restart php5-fpm
systemctl restart nginx
if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then
echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
function_check add_ddns_domain
add_ddns_domain $FULLBLOG_DOMAIN_NAME
echo 'install_blog' >> $COMPLETION_FILE
}
# NOTE: deliberately no exit 0

447
src/freedombone-app-cjdns

@ -0,0 +1,447 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# cjdns functions
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# cjdns settings
ENABLE_CJDNS="no"
CJDNS_PRIVATE_KEY=
CJDNS_PUBLIC_KEY=
CJDNS_IPV6=
CJDNS_PASSWORD=
CJDNS_PORT=
CJDNS_REPO="https://github.com/cjdelisle/cjdns.git"
CJDNS_COMMIT='13189fde111d0500427a7a0ce06a970753527bca'
CJDCMD_REPO="https://github.com/inhies/cjdcmd"
CJDCMD_COMMIT='973cca6ed0eecf9041c3403a40193c0b1291b808'
function get_cjdns_public_key {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_PUBLIC_KEY ]; then
CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
}
function get_cjdns_private_key {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_PRIVATE_KEY ]; then
CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
}
function get_cjdns_ipv6_address {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_IPV6 ]; then
CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
}
function get_cjdns_port {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns port" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_PORT ]; then
CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
}
function get_cjdns_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns password" /home/$MY_USERNAME/README; then
if [ ! $CJDNS_PASSWORD ]; then
CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
fi
}
function mesh_cjdns {
if [[ $ENABLE_CJDNS != "yes" ]]; then
return
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /etc/cjdns "cjdns commit" "$CJDNS_COMMIT" $CJDNS_REPO
if grep -Fxq "mesh_cjdns" $COMPLETION_FILE; then
return
fi
apt-get -y install nodejs git build-essential nmap
# if a README exists then obtain the cjdns parameters
function_check get_cjdns_ipv6_address
get_cjdns_ipv6_address
function_check get_cjdns_public_key
get_cjdns_public_key
function_check get_cjdns_private_key
get_cjdns_private_key
function_check get_cjdns_port
get_cjdns_port
function_check get_cjdns_password
get_cjdns_password
# special compile settings for running ./do on the Beaglebone Black
if [[ $INSTALLING_ON_BBB == "yes" ]]; then
CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
export LDFLAGS="$CFLAGS"
fi
if [ ! -d /etc/cjdns ]; then
function_check git_pull
git_clone $CJDNS_REPO /etc/cjdns
cd /etc/cjdns
git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT
if ! grep -q "cjdns commit" $COMPLETION_FILE; then
echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
fi
./do
if [ ! "$?" = "0" ]; then
exit 7439
fi
# create a configuration
if [ ! -f /etc/cjdns/cjdroute.conf ]; then
./cjdroute --genconf > /etc/cjdns/cjdroute.conf
if [ ! "$?" = "0" ]; then
exit 5922
fi
fi
# create a user to run as
useradd cjdns
else
cd /etc/cjdns
function_check git_pull
git_pull $CJDNS_REPO
./do
if [ ! "$?" = "0" ]; then
exit 9926
fi
fi
# set permissions
chown -R cjdns:cjdns /etc/cjdns
chmod 600 /etc/cjdns/cjdroute.conf
/sbin/ip tuntap add mode tun user cjdns dev cjdroute0
# insert values into the configuration file
if [ $CJDNS_PRIVATE_KEY ]; then
sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
else
CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
fi
if [ $CJDNS_PUBLIC_KEY ]; then
sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
else
CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
fi
if [ $CJDNS_IPV6 ]; then
sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
else
CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
fi
if [ $CJDNS_PASSWORD ]; then
sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
else
CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
fi
if [ $CJDNS_PORT ]; then
sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
else
CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
fi
function_check enable_ipv6
enable_ipv6
echo '#!/bin/sh -e' > /etc/init.d/cjdns
echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
echo '# Provides: cjdroute' >> /etc/init.d/cjdns
echo '# Required-Start: $remote_fs $network' >> /etc/init.d/cjdns
echo '# Required-Stop: $remote_fs $network' >> /etc/init.d/cjdns
echo '# Default-Start: 2 3 4 5' >> /etc/init.d/cjdns
echo '# Default-Stop: 0 1 6' >> /etc/init.d/cjdns
echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
echo '# Description: A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
echo '# cjdns git repo: https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
echo '### END INIT INFO' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'start() {' >> /etc/init.d/cjdns
echo ' # Start it up with the user cjdns' >> /etc/init.d/cjdns
echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
echo ' then' >> /etc/init.d/cjdns
echo ' echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
echo ' else' >> /etc/init.d/cjdns
echo ' echo " * Starting cjdroute"' >> /etc/init.d/cjdns
echo ' su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
echo ' /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
echo ' /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
echo ' /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
echo ' /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
echo ' fi' >> /etc/init.d/cjdns
echo '}' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'stop() {' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo ' if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
echo ' then' >> /etc/init.d/cjdns
echo ' echo "cjdns isnt running."' >> /etc/init.d/cjdns
echo ' else' >> /etc/init.d/cjdns
echo ' echo "Killing cjdroute"' >> /etc/init.d/cjdns
echo ' killall cjdroute' >> /etc/init.d/cjdns
echo ' fi' >> /etc/init.d/cjdns
echo '}' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'status() {' >> /etc/init.d/cjdns
echo ' if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
echo ' then' >> /etc/init.d/cjdns
echo ' echo "Cjdns is running"' >> /etc/init.d/cjdns
echo ' else' >> /etc/init.d/cjdns
echo ' echo "Cjdns is not running"' >> /etc/init.d/cjdns
echo ' fi' >> /etc/init.d/cjdns
echo '}' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo ' update() {' >> /etc/init.d/cjdns
echo ' cd $GIT_PATH' >> /etc/init.d/cjdns
echo ' echo "Updating..."' >> /etc/init.d/cjdns
echo ' git pull' >> /etc/init.d/cjdns
echo ' ./do' >> /etc/init.d/cjdns
echo '}' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
echo ' echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
echo ' exit 1' >> /etc/init.d/cjdns
echo 'fi' >> /etc/init.d/cjdns
echo '' >> /etc/init.d/cjdns
echo 'case $1 in' >> /etc/init.d/cjdns
echo ' start)' >> /etc/init.d/cjdns
echo ' start' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' stop)' >> /etc/init.d/cjdns
echo ' stop' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' reload|restart|force-reload)' >> /etc/init.d/cjdns
echo ' stop' >> /etc/init.d/cjdns
echo ' sleep 1' >> /etc/init.d/cjdns
echo ' start' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' status)' >> /etc/init.d/cjdns
echo ' status' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' update|upgrade)' >> /etc/init.d/cjdns
echo ' update' >> /etc/init.d/cjdns
echo ' stop' >> /etc/init.d/cjdns
echo ' sleep 2' >> /etc/init.d/cjdns
echo ' start' >> /etc/init.d/cjdns
echo ' exit 0' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo ' **)' >> /etc/init.d/cjdns
echo ' echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
echo ' exit 1' >> /etc/init.d/cjdns
echo ' ;;' >> /etc/init.d/cjdns
echo 'esac' >> /etc/init.d/cjdns
chmod +x /etc/init.d/cjdns
update-rc.d cjdns defaults
service cjdns start
if [ ! "$?" = "0" ]; then
systemctl status cjdns.service
exit 8260
fi
apt-get -y install radvd
echo 'interface eth0' > /etc/radvd.conf
echo '{' >> /etc/radvd.conf
echo ' AdvSendAdvert on;' >> /etc/radvd.conf
echo ' prefix fdfc::1/64' >> /etc/radvd.conf
echo ' {' >> /etc/radvd.conf
echo ' AdvRouterAddr on;' >> /etc/radvd.conf
echo ' };' >> /etc/radvd.conf
echo '};' >> /etc/radvd.conf
systemctl restart radvd
if [ ! "$?" = "0" ]; then
systemctl status radvd.service
exit 4395
fi
if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then
echo '' >> /etc/network/interfaces
echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces
echo 'iface eth0 inet6 static' >> /etc/network/interfaces
echo ' pre-up modprobe ipv6' >> /etc/network/interfaces
echo ' address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
echo ' netmask 64' >> /etc/network/interfaces
service network-manager restart
if [ ! "$?" = "0" ]; then
systemctl status networking.service
exit 6949
fi
fi
ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
function_ckeck save_firewall_settings
save_firewall_settings
if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README
echo '=======================' >> /home/$MY_USERNAME/README
echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
echo $'to you using your default password' >> /home/$MY_USERNAME/README
echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
echo $'each password is for.' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
echo ' http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
echo ' http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo 'mesh_cjdns' >> $COMPLETION_FILE
}
function mesh_cjdns_tools {
if grep -Fxq "mesh_cjdns_tools" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_CJDNS != "yes" ]]; then
return
fi
if [ ! -d /etc/cjdns ]; then
mesh_cjdns
fi
function_check select_go_version
select_go_version
apt-get -y install golang mercurial
if [ ! -f ~/.bashrc ]; then
touch ~/.bashrc
fi
if [ ! -d /home/git ]; then
# add a gogs user account
adduser --disabled-login --gecos 'Gogs' git
# install Go
if ! grep -q "export GOPATH=" ~/.bashrc; then
echo "export GOPATH=$GOPATH" >> ~/.bashrc
fi
systemctl set-environment GOPATH=$GOPATH
if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
fi
if [ ! -d $GOPATH ]; then
mkdir -p $GOPATH
fi
fi
if ! grep -q "export GOPATH=" ~/.bashrc; then
echo "export GOPATH=$GOPATH" >> ~/.bashrc
fi
expected_go_path='export PATH=$PATH:'${GOPATH}'/bin'
export PATH=$PATH:${GOPATH}/bin
if ! grep -q "$expected_go_path" ~/.bashrc; then
echo "$expected_go_path" >> ~/.bashrc
fi
export PATH=$PATH:$GOPATH/bin
CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g')
go get $CJDCMD_REPO2
if [ ! -f $GOPATH/bin/cjdcmd ]; then
echo $'cjdcmd was not compiled. Check your golang installation'
exit 7439
fi
cp $GOPATH/bin/cjdcmd /usr/bin
# initialise from the cjdns config
/usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf
echo 'mesh_cjdns_tools' >> $COMPLETION_FILE
}
# NOTE: deliberately no exit 0

125
src/freedombone-app-dlna

@ -0,0 +1,125 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# DLNA application
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function install_dlna_server {
if grep -Fxq "install_dlna_server" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
apt-get -y install minidlna
if [ ! -f /etc/minidlna.conf ]; then
echo $"ERROR: minidlna does not appear to have installed. $CHECK_MESSAGE"
exit 55
fi
sed -i "s|media_dir=/var/lib/minidlna|media_dir=A,/home/$MY_USERNAME/Music|g" /etc/minidlna.conf
if ! grep -q "/home/$MY_USERNAME/Pictures" /etc/minidlna.conf; then
echo "media_dir=P,/home/$MY_USERNAME/Pictures" >> /etc/minidlna.conf
fi
if ! grep -q "/home/$MY_USERNAME/Videos" /etc/minidlna.conf; then
echo "media_dir=V,/home/$MY_USERNAME/Videos" >> /etc/minidlna.conf
fi
if ! grep -q "$USB_MOUNT/Music" /etc/minidlna.conf; then
echo "media_dir=A,$USB_MOUNT/Music" >> /etc/minidlna.conf
fi
if ! grep -q "$USB_MOUNT/Pictures" /etc/minidlna.conf; then
echo "media_dir=P,$USB_MOUNT/Pictures" >> /etc/minidlna.conf
fi
if ! grep -q "$USB_MOUNT/Videos" /etc/minidlna.conf; then
echo "media_dir=V,$USB_MOUNT/Videos" >> /etc/minidlna.conf
fi
sed -i 's/#root_container=./root_container=B/g' /etc/minidlna.conf
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
sed -i 's/#network_interface=/network_interface=eth0/g' /etc/minidlna.conf
else
sed -i 's/#network_interface=/network_interface=$WIFI_INTERFACE/g' /etc/minidlna.conf
fi
sed -i "s/#friendly_name=/friendly_name=\"${PROJECT_NAME} Media\"/g" /etc/minidlna.conf
sed -i 's|#db_dir=/var/cache/minidlna|db_dir=/var/cache/minidlna|g' /etc/minidlna.conf
sed -i 's/#inotify=yes/inotify=yes/g' /etc/minidlna.conf
sed -i 's/#notify_interval=895/notify_interval=300/g' /etc/minidlna.conf
sed -i "s|#presentation_url=/|presentation_url=http://localhost:8200|g" /etc/minidlna.conf
service minidlna force-reload
service minidlna reload
sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
if ! grep -q "max_user_watches" $COMPLETION_FILE; then
echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
fi
/sbin/sysctl -p
function_check configure_firewall_for_dlna
configure_firewall_for_dlna
echo 'install_dlna_server' >> $COMPLETION_FILE
}
function script_for_attaching_usb_drive {
if grep -Fxq "script_for_attaching_usb_drive" $COMPLETION_FILE; then
return
fi
echo '#!/bin/bash' > /usr/bin/attach-music
echo 'remove-music' >> /usr/bin/attach-music
echo "if [ ! -d $USB_MOUNT ]; then" >> /usr/bin/attach-music
echo " mkdir $USB_MOUNT" >> /usr/bin/attach-music
echo 'fi' >> /usr/bin/attach-music
echo "mount /dev/sda1 $USB_MOUNT" >> /usr/bin/attach-music
echo "chown root:root $USB_MOUNT" >> /usr/bin/attach-music
echo "chown -R minidlna:minidlna $USB_MOUNT/*" >> /usr/bin/attach-music
echo 'service minidlna restart' >> /usr/bin/attach-music
echo 'minidlnad -R' >> /usr/bin/attach-music
chmod +x /usr/bin/attach-music
ln -s /usr/bin/attach-music /usr/bin/attach-usb
ln -s /usr/bin/attach-music /usr/bin/attach-videos
ln -s /usr/bin/attach-music /usr/bin/attach-pictures
ln -s /usr/bin/attach-music /usr/bin/attach-media
echo '#!/bin/bash' > /usr/bin/remove-music
echo "if [ -d $USB_MOUNT ]; then" >> /usr/bin/remove-music
echo " umount $USB_MOUNT" >> /usr/bin/remove-music
echo " rm -rf $USB_MOUNT" >> /usr/bin/remove-music
echo 'fi' >> /usr/bin/remove-music
chmod +x /usr/bin/remove-music
ln -s /usr/bin/remove-music /usr/bin/detach-music
ln -s /usr/bin/remove-music /usr/bin/detach-usb
ln -s /usr/bin/remove-music /usr/bin/remove-usb
ln -s /usr/bin/remove-music /usr/bin/detach-media
ln -s /usr/bin/remove-music /usr/bin/remove-media
ln -s /usr/bin/remove-music /usr/bin/detach-videos
ln -s /usr/bin/remove-music /usr/bin/remove-videos
ln -s /usr/bin/remove-music /usr/bin/detach-pictures
ln -s /usr/bin/remove-music /usr/bin/remove-pictures
echo 'script_for_attaching_usb_drive' >> $COMPLETION_FILE
}
# NOTE: deliberately no exit 0

113
src/freedombone-app-editor

@ -0,0 +1,113 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Editor applications
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function install_editor {
if grep -Fxq "install_editor" $COMPLETION_FILE; then
return
fi
update-alternatives --set editor /usr/bin/emacs24
# A minimal emacs configuration
#echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
#echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
#echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
echo " '(lambda ()" >> /home/$MY_USERNAME/.emacs
echo " (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
echo '' >> /home/$MY_USERNAME/.emacs
echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
cp /home/$MY_USERNAME/.emacs /root/.emacs
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
echo 'install_editor' >> $COMPLETION_FILE
}
# NOTE: deliberately no exit 0

1501
src/freedombone-app-email

File diff suppressed because it is too large

660
src/freedombone-app-gnusocial

@ -0,0 +1,660 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# GNU Social application
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
MICROBLOG_DOMAIN_NAME=
MICROBLOG_CODE=
MICROBLOG_ONION_PORT=8087
MICROBLOG_REPO="https://git.gnu.io/gnu/gnu-social.git"
MICROBLOG_COMMIT='c67b89e56bf0f90730a9e22beca7e1bd41fc26c3'
MICROBLOG_ADMIN_PASSWORD=
MICROBLOG_THEME_REPO="https://git.gnu.io/h2p/Qvitter.git"
MICROBLOG_THEME_COMMIT='34510bcf37c727f91afad789fb0a531a45171ccf'
MICROBLOG_WELCOME_MESSAGE=$'<h1>Welcome to GNU Social – a federated microblog</h1><p>Another Freedombone site</p>'
MICROBLOG_BACKGROUND_IMAGE_URL=
MICROBLOG_MARKDOWN_REPO="https://git.gnu.io/chimo/markdown.git"
MICROBLOG_MARKDOWN_COMMIT='03c53942f94b3376f0946e6e1fe566cc21ccf232'
# Sharings plugin for the microblog
SHARINGS_REPO="http://git.lasindias.club/bashrc/Sharings"
SHARINGS_COMMIT='d5c6c7f855d9afff9086c09ea706f38c859bc0d4'
SHARINGS_THEME_REPO="http://git.lasindias.club/manuel/SharingsTheme"
SHARINGS_THEME_COMMIT='7106c7ef03'
function install_gnu_social {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! $MICROBLOG_DOMAIN_NAME ]; then
echo $'No domain name was given for the microblog'
exit 7359
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$MICROBLOG_DOMAIN_NAME/htdocs "GNU Social commit" "$MICROBLOG_COMMIT" $MICROBLOG_REPO
# add a script to check that the daemon is running
echo '#!/bin/bash' > /etc/cron.hourly/gnusocial-daemons
echo 'daemon_lines=$(ps aux | grep "scripts/queuedaemon.php" | grep "/var/www")' >> /etc/cron.hourly/gnusocial-daemons
echo 'if [[ $daemon_lines != *"/var/www/"* ]]; then' >> /etc/cron.hourly/gnusocial-daemons
echo " ADMIN_USER=\$(cat $COMPLETION_FILE | grep 'Admin user' | awk -F ':' '{print \$2}')" >> /etc/cron.hourly/gnusocial-daemons
echo ' MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME' >> /etc/cron.hourly/gnusocial-daemons
echo ' echo "Restarting GNU Social daemons" | mail -s "GNU Social daemons not found" $MY_EMAIL_ADDRESS' >> /etc/cron.hourly/gnusocial-daemons
echo " cd /var/www/${MICROBLOG_DOMAIN_NAME}/htdocs" >> /etc/cron.hourly/gnusocial-daemons
echo ' scripts/startdaemons.sh' >> /etc/cron.hourly/gnusocial-daemons
echo 'fi' >> /etc/cron.hourly/gnusocial-daemons
chmod +x /etc/cron.hourly/gnusocial-daemons
if grep -Fxq "install_gnu_social" $COMPLETION_FILE; then
return
fi
function_check install_mariadb
install_mariadb
function_check get_mariadb_password
get_mariadb_password
function_check repair_databases_script
repair_databases_script
apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
apt-get -y install php5-memcached
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME ]; then
mkdir /var/www/$MICROBLOG_DOMAIN_NAME
fi
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
function_check git_clone
git_clone $MICROBLOG_REPO /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
echo $'Unable to clone gnusocial repo'
exit 87525
fi
fi
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
git checkout $MICROBLOG_COMMIT -b $MICROBLOG_COMMIT
if ! grep -q "GNU Social commit" $COMPLETION_FILE; then
echo "GNU Social commit:$MICROBLOG_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/GNU Social commit.*/GNU Social commit:$MICROBLOG_COMMIT/g" $COMPLETION_FILE
fi
chmod a+w /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
chown www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
chmod +x /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php
function_check get_mariadb_gnusocial_admin_password
get_mariadb_gnusocial_admin_password
if [ ! $MICROBLOG_ADMIN_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
MICROBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
MICROBLOG_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
fi
fi
function_check create_database
create_database gnusocial "$MICROBLOG_ADMIN_PASSWORD" $MY_USERNAME
if [ ! -f "/etc/aliases" ]; then
touch /etc/aliases
fi
if ! grep -q "www-data: root" /etc/aliases; then
echo 'www-data: root' >> /etc/aliases
fi
if ! grep -q "/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" /etc/aliases; then
echo "*: /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/scripts/maildaemon.php" >> /etc/aliases
fi
function_check add_ddns_domain
add_ddns_domain $MICROBLOG_DOMAIN_NAME
microblog_nginx_site=/etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect $MICROBLOG_DOMAIN_NAME
echo 'server {' >> $microblog_nginx_site
echo ' listen 443 ssl;' >> $microblog_nginx_site
echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # Security' >> $microblog_nginx_site
function_check nginx_ssl
nginx_ssl $MICROBLOG_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME
function_check nginx_limits
nginx_limits $MICROBLOG_DOMAIN_NAME '15m'
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # Logs' >> $microblog_nginx_site
echo ' access_log off;' >> $microblog_nginx_site
echo ' error_log off;' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # Root' >> $microblog_nginx_site
echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # Index' >> $microblog_nginx_site
echo ' index index.php;' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # PHP' >> $microblog_nginx_site
echo ' location ~ \.php {' >> $microblog_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $microblog_nginx_site
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $microblog_nginx_site
echo ' }' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # Location' >> $microblog_nginx_site
echo ' location / {' >> $microblog_nginx_site
echo ' try_files $uri $uri/ @gnusocial;' >> $microblog_nginx_site
echo ' }' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # Fancy URLs' >> $microblog_nginx_site
echo ' location @gnusocial {' >> $microblog_nginx_site
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $microblog_nginx_site
echo ' }' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # Restrict access that is unnecessary anyway' >> $microblog_nginx_site
echo ' location ~ /\.(ht|git) {' >> $microblog_nginx_site
echo ' deny all;' >> $microblog_nginx_site
echo ' }' >> $microblog_nginx_site
echo '}' >> $microblog_nginx_site
else
echo -n '' > $microblog_nginx_site
fi
echo 'server {' >> $microblog_nginx_site
echo " listen 127.0.0.1:$MICROBLOG_ONION_PORT default_server;" >> $microblog_nginx_site
echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME
function_check nginx_limits
nginx_limits $MICROBLOG_DOMAIN_NAME '15m'
echo '' >> $microblog_nginx_site
echo ' # Logs' >> $microblog_nginx_site
echo ' access_log off;' >> $microblog_nginx_site
echo ' error_log off;' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # Root' >> $microblog_nginx_site
echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # Index' >> $microblog_nginx_site
echo ' index index.php;' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # PHP' >> $microblog_nginx_site
echo ' location ~ \.php {' >> $microblog_nginx_site
echo ' include snippets/fastcgi-php.conf;' >> $microblog_nginx_site
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $microblog_nginx_site
echo ' }' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # Location' >> $microblog_nginx_site
echo ' location / {' >> $microblog_nginx_site
echo ' try_files $uri $uri/ @gnusocial;' >> $microblog_nginx_site
echo ' }' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # Fancy URLs' >> $microblog_nginx_site
echo ' location @gnusocial {' >> $microblog_nginx_site
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $microblog_nginx_site
echo ' }' >> $microblog_nginx_site
echo '' >> $microblog_nginx_site
echo ' # Restrict access that is unnecessary anyway' >> $microblog_nginx_site
echo ' location ~ /\.(ht|git) {' >> $microblog_nginx_site
echo ' deny all;' >> $microblog_nginx_site
echo ' }' >> $microblog_nginx_site
echo '}' >> $microblog_nginx_site
function_check configure_php
configure_php
function_check create_site_certificate
create_site_certificate $MICROBLOG_DOMAIN_NAME 'yes'
# Ensure that the database gets backed up locally, if remote
# backups are not being used
function_check backup_databases_script_header
backup_databases_script_header
function_check backup_database_local
backup_database_local gnusocial
function_check nginx_ensite
nginx_ensite $MICROBLOG_DOMAIN_NAME
# NOTE: For the typical case always enable SSL and only
# disable it if in onion only mode. This is due to complexities
# with the way URLs are generated by GNU Social
gnu_social_ssl='always'
if [[ $ONION_ONLY != 'no' ]]; then
gnu_social_ssl='never'
fi
MICROBLOG_ONION_HOSTNAME=$(add_onion_service microblog 80 ${MICROBLOG_ONION_PORT})
MICROBLOG_SERVER=${MICROBLOG_DOMAIN_NAME}
if [[ $ONION_ONLY != 'no' ]]; then
MICROBLOG_SERVER=${MICROBLOG_ONION_HOSTNAME}
fi
# Create the configuration
gnu_social_installer=/var/www/${MICROBLOG_DOMAIN_NAME}/htdocs/scripts/install_cli.php
if [ ! -f $gnu_social_installer ]; then
echo $'No GNU Social commandline installer found'
exit 53026
fi
${gnu_social_installer} --server "${MICROBLOG_SERVER}" \
--host="localhost" --database="gnusocial" \
--dbtype=mysql --username="root" -v \
--password="$MARIADB_PASSWORD" \
--sitename=$"GNU Social" --fancy='yes' \
--admin-nick="$MY_USERNAME" \
--admin-pass="$MICROBLOG_ADMIN_PASSWORD" \
--site-profile="community" \
--ssl=${gnu_social_ssl}
# There can be a lot of warnings here so the return value check is disabled
#if [ ! "$?" = "0" ]; then
# # failed to install
# echo $'Could not install GNU Social'
# exit 72357
#fi
# check microblog has a config file
microblog_config_file=/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php
if [ ! -f $microblog_config_file ]; then
echo $'Microblog config.php not found'
exit 87586
fi
# Some useful settings
if ! grep -q "Recommended GNU social settings" $microblog_config_file; then
echo "" >> $microblog_config_file
echo "// Recommended GNU social settings" >> $microblog_config_file
echo "\$config['thumbnail']['maxsize'] = 3000;" >> $microblog_config_file
echo "\$config['profile']['delete'] = true;" >> $microblog_config_file
echo "\$config['profile']['changenick'] = true;" >> $microblog_config_file
echo "\$config['public']['localonly'] = false;" >> $microblog_config_file
echo "addPlugin('StoreRemoteMedia');" >> $microblog_config_file
echo "\$config['queue']['enabled'] = true;" >> $microblog_config_file
echo "\$config['queue']['daemon'] = true;" >> $microblog_config_file
fi
# This improves performance
sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $microblog_config_file
systemctl restart php5-fpm
systemctl restart nginx
freedombone-addemail -u $MY_USERNAME -e "noreply@$MICROBLOG_DOMAIN_NAME" -g gnusocial --public no
# some post-install instructions for the user
if ! grep -q $"Microblog administrator" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Microblog' >> /home/$MY_USERNAME/README
echo '=========' >> /home/$MY_USERNAME/README
echo $"Microblog administrator nickname: $MY_USERNAME" >> /home/$MY_USERNAME/README
echo $"Microblog administrator password: $MICROBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
if ! grep -q "Microblog onion domain" /home/$MY_USERNAME/README; then
echo $"Microblog onion domain: ${MICROBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo "GNU Social onion domain:${MICROBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
echo "GNU Social domain:$MICROBLOG_DOMAIN_NAME" >> $COMPLETION_FILE
echo 'install_gnu_social' >> $COMPLETION_FILE
}
function install_gnu_social_plugin_sharings {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins ]; then
echo $'No local/plugins directory found for the microblog'
exit 72945
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins "GNU Social sharings plugin commit" "$SHARINGS_COMMIT" $SHARINGS_REPO
if grep -Fxq "install_gnu_social_plugin_sharings" $COMPLETION_FILE; then
return
fi
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
function_check git_clone
git_clone $SHARINGS_REPO Sharings
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Sharings ]; then
echo $'Unable to clone microblog sharings plugin'
exit 36738
fi
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Sharings
git stash
git checkout master
git branch -D $SHARINGS_COMMIT
git checkout $SHARINGS_COMMIT -b $SHARINGS_COMMIT
# enable the plugin
if ! grep -q "addPlugin('Sharings');" /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php; then
echo "addPlugin('Sharings');" >> /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php
fi
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
php scripts/checkschema.php
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Sharings
php scripts/seedsharings.php
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
php scripts/checkschema.php
# Languages
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Sharings/locale/en/LC_MESSAGES
msgfmt -o Sharings.mo Sharings.po
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Sharings/locale/en_GB/LC_MESSAGES
msgfmt -o Sharings.mo Sharings.po
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Sharings/locale/en_US/LC_MESSAGES
msgfmt -o Sharings.mo Sharings.po
chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
if ! grep -q "GNU Social sharings plugin commit" $COMPLETION_FILE; then
echo "GNU Social sharings plugin commit:$SHARINGS_COMMIT" >> $COMPLETION_FILE
else
sed -i "s|GNU Social sharings plugin commit.*|GNU Social sharings plugin commit:$SHARINGS_COMMIT|g" $COMPLETION_FILE
fi
echo 'install_gnu_social_plugin_sharings' >> $COMPLETION_FILE
}
function install_gnu_social_plugin_sharings_theme {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins ]; then
echo $'No local/plugins directory found for the microblog'
exit 74458
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins "GNU Social sharings theme plugin commit" "$SHARINGS_THEME_COMMIT" $SHARINGS_THEME_REPO
if grep -Fxq "install_gnu_social_plugin_sharings_theme" $COMPLETION_FILE; then
return
fi
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
function_check git_clone
git_clone $SHARINGS_THEME_REPO SharingsTheme
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/SharingsTheme ]; then
echo $'Unable to clone microblog sharings plugin theme'
exit 639253
fi
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/SharingsTheme
git stash
git checkout master
git branch -D $SHARINGS_THEME_COMMIT
git checkout $SHARINGS_THEME_COMMIT -b $SHARINGS_THEME_COMMIT
# enable the plugin
if ! grep -q "addPlugin('SharingsTheme');" /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php; then
echo "addPlugin('SharingsTheme');" >> /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php
fi
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
php scripts/checkschema.php
chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
if ! grep -q "GNU Social sharings plugin theme commit" $COMPLETION_FILE; then
echo "GNU Social sharings plugin theme commit:$SHARINGS_THEME_COMMIT" >> $COMPLETION_FILE
else
sed -i "s|GNU Social sharings plugin theme commit.*|GNU Social sharings plugin theme commit:$SHARINGS_THEME_COMMIT|g" $COMPLETION_FILE
fi
echo 'install_gnu_social_plugin_sharings_theme' >> $COMPLETION_FILE
}
function expire_gnu_social_posts {
# To prevent the database size from growing endlessly this script expires posts
# after a number of months
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs ]; then
return
fi
gnusocial_expire_script=/usr/bin/gnusocial-expire
echo '<?php' > $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
echo '// GNU Social post expiry script, based on StatExpire by Tony Baldwin' >> $gnusocial_expire_script
echo '// https://github.com/tonybaldwin/statexpire' >> $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
echo '$oldate=date(("Y-m-d"), strtotime("-3 months"));' >> $gnusocial_expire_script
echo '$username="root";' >> $gnusocial_expire_script
echo "\$password=trim(file_get_contents(\"$DATABASE_PASSWORD_FILE\"));" >> $gnusocial_expire_script
echo '$database="gnusocial";' >> $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
echo 'if (!$link = mysql_connect("localhost", $username, $password)) {' >> $gnusocial_expire_script
echo ' echo "Could not connect to mariadb";' >> $gnusocial_expire_script
echo ' exit;' >> $gnusocial_expire_script
echo '}' >> $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
echo 'if (!mysql_select_db($database, $link)) {' >> $gnusocial_expire_script
echo ' echo "Could not select gnusocial database";' >> $gnusocial_expire_script
echo ' exit;' >> $gnusocial_expire_script
echo '}' >> $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
echo "\$notice_query=\"DELETE FROM notice WHERE created <= '\$oldate 01:01:01'\";" >> $gnusocial_expire_script
echo "\$conversation_query=\"DELETE FROM conversation WHERE created <= '$oldate 01:01:01'\";" >> $gnusocial_expire_script
echo "\$reply_query=\"DELETE FROM reply WHERE modified <= '\$oldate 01:01:01'\";" >> $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
echo 'mysql_query($notice_query);' >> $gnusocial_expire_script
echo '$rowaff1=mysql_affected_rows();' >> $gnusocial_expire_script
echo 'mysql_query($conversation_query);' >> $gnusocial_expire_script
echo '$rowaff2=mysql_affected_rows();' >> $gnusocial_expire_script
echo 'mysql_query($reply_query);' >> $gnusocial_expire_script
echo '$rowaff3=mysql_affected_rows();' >> $gnusocial_expire_script
echo 'mysql_close();' >> $gnusocial_expire_script
echo '' >> $gnusocial_expire_script
echo 'echo "Expire GNU Social posts: $rowaff1 notices, $rowaff2 conversations, and $rowaff3 replies deleted from database.\n";' >> $gnusocial_expire_script
chmod +x $gnusocial_expire_script
# Add a cron job
if ! grep -q "$gnusocial_expire_script" /etc/crontab; then
echo "10 3 5 * * root /usr/bin/timeout 500 /usr/bin/php $gnusocial_expire_script" >> /etc/crontab
fi
# remove old expire script
if [ -f /etc/cron.weekly/clear-microblog-database ]; then
rm /etc/cron.weekly/clear-microblog-database
fi
}
function install_gnu_social_theme {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter "GNU Social theme commit" "$MICROBLOG_THEME_COMMIT" $MICROBLOG_THEME_REPO
# customise with project logo
if [ -f /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter/img/sprite.png ]; then
if [ -f ~/freedombone/img/gnusocial_sprite.png ]; then
cp ~/freedombone/img/gnusocial_sprite.png /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter/img/sprite.png
fi
fi
if grep -Fxq "install_gnu_social_theme" $COMPLETION_FILE; then
return
fi
apt-get -y install wget
if [ ! -d /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins ]; then
mkdir -p /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
fi
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins
function_check git_clone
git_clone $MICROBLOG_THEME_REPO Qvitter
cd /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter
git checkout $MICROBLOG_THEME_COMMIT -b $MICROBLOG_THEME_COMMIT
# download a custom background image
MICROBLOG_BACKGROUND_IMAGE_URL_EXT=
if [ $MICROBLOG_BACKGROUND_IMAGE_URL ]; then
if [[ $$MICROBLOG_BACKGROUND_IMAGE_URL == *".jpeg" || $$MICROBLOG_BACKGROUND_IMAGE_URL == *".jpg" ]]; then
MICROBLOG_BACKGROUND_IMAGE_URL_EXT="jpg"
fi
if [[ $$MICROBLOG_BACKGROUND_IMAGE_URL == *".png" ]]; then
MICROBLOG_BACKGROUND_IMAGE_URL_EXT="png"
fi
if [[ $$MICROBLOG_BACKGROUND_IMAGE_URL == *".gif" ]]; then
MICROBLOG_BACKGROUND_IMAGE_URL_EXT="gif"
fi
if [ $MICROBLOG_BACKGROUND_IMAGE_URL_EXT ]; then
wget $MICROBLOG_BACKGROUND_IMAGE_URL -O img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT}
if [ ! -f img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT} ]; then
echo "$MICROBLOG_BACKGROUND_IMAGE_URL"
echo $'Custom background image for microblog could not be downloaded'
exit 87524
fi
fi
fi
microblog_config_file=/var/www/$MICROBLOG_DOMAIN_NAME/htdocs/config.php
if ! grep -q "addPlugin('Qvitter')" $microblog_config_file; then
MICROBLOG_WELCOME_MESSAGE=$(echo $MICROBLOG_WELCOME_MESSAGE | sed "s|\$MICROBLOG_DOMAIN_NAME|$MICROBLOG_DOMAIN_NAME|g")
echo "" >> $microblog_config_file
echo "// Qvitter settings" >> $microblog_config_file
echo "addPlugin('Qvitter');" >> $microblog_config_file
echo "\$config['site']['qvitter']['enabledbydefault'] = true;" >> $microblog_config_file
echo "\$config['site']['qvitter']['defaultbackgroundcolor'] = '#f4f4f4';" >> $microblog_config_file
echo "\$config['site']['qvitter']['defaultlinkcolor'] = '#0084B4';" >> $microblog_config_file
echo "\$config['site']['qvitter']['timebetweenpolling'] = 30000; // 30 secs" >> $microblog_config_file
echo "\$config['site']['qvitter']['urlshortenerapiurl'] = 'http://qttr.at/shortener.php';" >> $microblog_config_file
echo "\$config['site']['qvitter']['urlshortenersignature'] = 'b6afeec983';" >> $microblog_config_file
if [ $MICROBLOG_BACKGROUND_IMAGE_URL ]; then
echo "\$config['site']['qvitter']['sitebackground'] = 'img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT}';" >> $microblog_config_file
else
echo "\$config['site']['qvitter']['sitebackground'] = 'img/vagnsmossen.jpg';" >> $microblog_config_file
fi
echo "\$config['site']['qvitter']['favicon'] = 'img/favicon.ico?v=4';" >> $microblog_config_file
echo "\$config['site']['qvitter']['sprite'] = Plugin::staticPath('Qvitter', '').'img/sprite.png?v=40';" >> $microblog_config_file
echo "\$config['site']['qvitter']['enablewelcometext'] = true;" >> $microblog_config_file
echo "\$config['site']['qvitter']['customwelcometext']['en'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
echo "\$config['site']['qvitter']['customwelcometext']['de'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
echo "\$config['site']['qvitter']['customwelcometext']['fr'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
echo "\$config['site']['qvitter']['customwelcometext']['es'] = '$MICROBLOG_WELCOME_MESSAGE';" >> $microblog_config_file
echo "\$config['site']['qvitter']['blocked_ips'] = array();" >> $microblog_config_file
else
if [ $MICROBLOG_BACKGROUND_IMAGE_URL_EXT ]; then
if [ -f img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT} ]; then
sed -i "s|\$config['site']['qvitter']['sitebackground'].*|\$config['site']['qvitter']['sitebackground'] = 'img/custom.${MICROBLOG_BACKGROUND_IMAGE_URL_EXT}';|g" $microblog_config_file
fi
fi
fi
# customise with project logo
if [ -f /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter/img/sprite.png ]; then
if [ -f ~/freedombone/img/gnusocial_sprite.png ]; then
cp ~/freedombone/img/gnusocial_sprite.png /var/www/$MICROBLOG_DOMAIN_NAME/htdocs/local/plugins/Qvitter/img/sprite.png
fi
fi
if ! grep -q "GNU Social theme commit" $COMPLETION_FILE; then
echo "GNU Social theme commit:$MICROBLOG_THEME_COMMIT" >> $COMPLETION_FILE
fi
chown -R www-data:www-data /var/www/$MICROBLOG_DOMAIN_NAME/htdocs
echo 'install_gnu_social_theme' >> $COMPLETION_FILE
}
function install_gnu_social_markdown {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
MICROBLOG_PATH=/var/www/$MICROBLOG_DOMAIN_NAME/htdocs
# update to the next commit
function_check set_repo_commit
set_repo_commit $MICROBLOG_PATH/local/plugins/Markdown "GNU Social Markdown commit" "$MICROBLOG_MARKDOWN_COMMIT" $MICROBLOG_MARKDOWN_REPO
if grep -Fxq "install_gnu_social_markdown" $COMPLETION_FILE; then
return
fi
if [ -d $MICROBLOG_PATH/local/plugins/Markdown ]; then
rm -rf $MICROBLOG_PATH/local/plugins/Markdown
fi
if [ ! -d $MICROBLOG_PATH/local/plugins ]; then
mkdir -p $MICROBLOG_PATH/local/plugins
fi
cd $MICROBLOG_PATH/local/plugins
function_check git_clone
git_clone $MICROBLOG_MARKDOWN_REPO Markdown
cd $MICROBLOG_PATH/local/plugins/Markdown
git checkout $MICROBLOG_MARKDOWN_COMMIT -b $MICROBLOG_MARKDOWN_COMMIT
microblog_config_file=$MICROBLOG_PATH/config.php
if ! grep -q "addPlugin('Markdown'" $microblog_config_file; then
echo "" >> $microblog_config_file
echo "// Markdown settings" >> $microblog_config_file
echo "addPlugin('Markdown');" >> $microblog_config_file
fi
if ! grep -q "GNU Social Markdown commit" $COMPLETION_FILE; then
echo "GNU Social Markdown commit:$MICROBLOG_MARKDOWN_COMMIT" >> $COMPLETION_FILE
fi
chown -R www-data:www-data $MICROBLOG_PATH
echo 'install_gnu_social_markdown' >> $COMPLETION_FILE
}
# NOTE: deliberately there is no "exit 0"

410
src/freedombone-app-gogs

@ -0,0 +1,410 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Gogs functions
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
GIT_DOMAIN_NAME=
GIT_CODE=
GIT_ONION_PORT=8090
GIT_DOMAIN_REPO="https://github.com/gogits/gogs"
</