Skip to content
Snippets Groups Projects
Commit d81e4ee6 authored by Bob Mottram's avatar Bob Mottram
Browse files

Initial idea for deploying an image

parent f6358543
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 160 additions and 0 deletions
src/freedombone-deploy 0 → 100755
+ 160
0
View file @ d81e4ee6
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# An initialisation script which can be run after installing
# a disk image
#
# License
# =======
#
# Copyright (C) 2015 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Default username for disk images
DEFAULT_IMAGE_USERNAME='freedom'
MY_NAME='fbn'
MY_USERNAME=$MY_NAME
MY_EMAIL_ADDRESS=$MY_USERNAME@$(hostname)
# various passwords
CJDNS_PASSWORD=
MARIADB_PASSWORD=
MICROBLOG_ADMIN_PASSWORD=
GIT_ADMIN_PASSWORD=
HUBZILLA_ADMIN_PASSWORD=
OWNCLOUD_ADMIN_PASSWORD=
WIKI_ADMIN_PASSWORD=
FULLBLOG_ADMIN_PASSWORD=
VOIP_SERVER_PASSWORD=
SIP_SERVER_PASSWORD=
function create_backup_gpg_key {
echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
echo "Name-Comment: backup key" >> /home/$MY_USERNAME/gpg-genkey.conf
echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
shred -zu /home/$MY_USERNAME/gpg-genkey.conf
BACKUP_KEY_EXISTS=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - $MY_USERNAME)
if [ ! "$?" = "0" ]; then
echo 'Backup key could not be created'
exit 43382
fi
MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\" | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
echo "Backup key: $MY_BACKUP_KEY_ID"
MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key
su -c "gpg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
su -c "gpg --output ${MY_BACKUP_KEY}_private.asc --armor --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then
echo 'Public backup key could not be exported'
exit 36829
fi
if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then
echo 'Private backup key could not be exported'
exit 29235
fi
# import backup key to root user
gpg --import --import ${MY_BACKUP_KEY}_public.asc
gpg --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
shred -zu ${MY_BACKUP_KEY}_public.asc
shred -zu ${MY_BACKUP_KEY}_private.asc
echo 'New backup gpg key created'
}
function regenerate_ssh_host_keys {
rm -f /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
echo 'ssh host keys regenerated'
# remove small moduli
awk '$5 > 2000' /etc/ssh/moduli > ~/moduli
mv ~/moduli /etc/ssh/moduli
echo 'ssh small moduli removed'
systemctl restart ssh
}
function get_passwords_from_readme {
readme_file=$1
if [ ! -f $readme_file ]; then
return
fi
if grep -q "cjdns password" $readme_file; then
if [ ! $CJDNS_PASSWORD ]; then
CJDNS_PASSWORD=$(cat $readme_file | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
if grep -q "MariaDB password" $readme_file; then
if [ -f $DATABASE_PASSWORD_FILE ]; then
MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE)
else
MARIADB_PASSWORD=$(cat $readme_file | grep "MariaDB password" | awk -F ':' '{print $2}' | sed 's/^ *//')
echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE
chmod 600 $DATABASE_PASSWORD_FILE
fi
fi
if grep -q "MariaDB gnusocial admin password" $readme_file; then
MICROBLOG_ADMIN_PASSWORD=$(cat $readme_file | grep "MariaDB gnusocial admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
if grep -q "Gogs admin user password" $readme_file; then
GIT_ADMIN_PASSWORD=$(cat $readme_file | grep "Gogs admin user password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
if grep -q "MariaDB Hubzilla admin password" $readme_file; then
HUBZILLA_ADMIN_PASSWORD=$(cat $readme_file | grep "MariaDB Hubzilla admin password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
if grep -q "Owncloud database password" $readme_file; then
OWNCLOUD_ADMIN_PASSWORD=$(cat $readme_file | grep "Owncloud database password" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
if grep -q "Wiki password" $readme_file; then
WIKI_ADMIN_PASSWORD=$(cat $readme_file | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
}
function set_admin_user {
sed -i "s|Admin user:.*|Admin user:$MY_USERNAME|g" $COMPLETION_FILE
}
if [ ! -d /home/$DEFAULT_IMAGE_USERNAME ]; then
echo "User $DEFAULT_IMAGE_USERNAME not found"
exit 52372
fi
if [ -d /home/$MY_USERNAME ]; then
echo "User $MY_USERNAME already exists"
exit 73538
fi
get_passwords_from_readme /home/$DEFAULT_IMAGE_USERNAME/README
#freedombone-adduser $MY_USERNAME > ~/setup.txt
#set_admin_user
#create_backup_gpg_key
#regenerate_ssh_host_keys
exit 0
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment