Permalink
Cannot retrieve contributors at this time
executable file
1784 lines (1505 sloc)
57.1 KB
| #!/bin/bash | |
| # | |
| # Copyright (c) 2017 Igor Pečovnik, igor.pecovnik@gma**.com | |
| # | |
| # This file is licensed under the terms of the GNU General Public | |
| # License version 2. This program is licensed "as is" without any | |
| # warranty of any kind, whether express or implied. | |
| # Functions: | |
| # check_status | |
| # choose_webserver | |
| # server_conf | |
| # install_packet | |
| # alive_port | |
| # alive_process | |
| # install_basic | |
| # create_ispconfig_configuration | |
| # check_if_installed | |
| # install_cups | |
| # install_samba | |
| # install_ncp | |
| # install_omv | |
| # install_tvheadend | |
| # install_docker | |
| # install_urbackup | |
| # install_transmission | |
| # install_transmission_seed_armbian_torrents | |
| # install_hassio | |
| # install_openhab | |
| # install_syncthing | |
| # install_plex_media_server | |
| # install_emby_server | |
| # install_radarr | |
| # install_sonarr | |
| # install_vpn_server | |
| # install_vpn_client | |
| # install_DashNTP | |
| # install_MySQL | |
| # install_MySQLDovecot | |
| # install_Virus | |
| # install_hhvm | |
| # install_phpmyadmin | |
| # install_apache | |
| # install_nginx | |
| # install_PureFTPD | |
| # install_Bind | |
| # install_Stats | |
| # install_Jailkit | |
| # install_Fail2BanDovecot | |
| # install_Fail2BanRulesDovecot | |
| # install_ISPConfig | |
| # | |
| # load functions, local first | |
| # | |
| if [[ -f debian-config-jobs ]]; then source debian-config-jobs; | |
| elif [[ -f /usr/lib/armbian-config/jobs.sh ]]; then \ | |
| source /usr/lib/armbian-config/jobs.sh; | |
| else exit 1; | |
| fi | |
| if [[ -f debian-config-submenu ]]; then source debian-config-submenu; | |
| elif [[ -f /usr/lib/armbian-config/submenu.sh ]]; then \ | |
| source /usr/lib/armbian-config/submenu.sh; | |
| else exit 1; | |
| fi | |
| if [[ -f debian-config-functions ]]; then source debian-config-functions; | |
| elif [[ -f /usr/lib/armbian-config/functions.sh ]]; then \ | |
| source /usr/lib/armbian-config/functions.sh; | |
| else exit 1; | |
| fi | |
| if [[ -f debian-config-functions-network ]]; then source debian-config-functions-network; | |
| elif [[ -f /usr/lib/armbian-config/functions-network.sh ]]; then \ | |
| source /usr/lib/armbian-config/functions-network.sh; | |
| else exit 1; | |
| fi | |
| function check_status | |
| { | |
| # | |
| # Check if service is already installed and show it's status | |
| # | |
| dialog --backtitle "$BACKTITLE" --title "Please wait" --infobox "\nLoading install info ... " 5 28 | |
| LIST=() | |
| LIST_CONST=26 | |
| # Samba | |
| SAMBA_STATUS="$(check_if_installed samba && echo "on" || echo "off" )" | |
| alive_port "Windows compatible file sharing" "445" "boolean" | |
| LIST+=( "Samba" "$DESCRIPTION" "$SAMBA_STATUS" ) | |
| # CUPS | |
| CUPS_STATUS="$(check_if_installed cups && echo "on" || echo "off" )" | |
| alive_port "Common UNIX Printing System (CUPS)" "631" "boolean" | |
| LIST+=( "CUPS" "$DESCRIPTION" "$CUPS_STATUS" ) | |
| # TV headend | |
| TVHEADEND_STATUS="$(check_if_installed tvheadend && echo "on" || echo "off" )" | |
| alive_port "TV streaming server" "9981" | |
| LIST+=( "TV headend" "$DESCRIPTION" "$TVHEADEND_STATUS" ) | |
| # Synthing | |
| SYNCTHING_STATUS="$([[ -f /usr/bin/syncthing ]] && echo "on" || echo "off" )" | |
| alive_port "Personal cloud @syncthing.net" "8384" | |
| LIST+=( "Syncthing" "$DESCRIPTION" "$SYNCTHING_STATUS" ) | |
| # Hass.io | |
| HASS_STATUS="$([[ -f /etc/hassio.json ]] && echo "on" || echo "off" )" | |
| alive_port "Home assistant smarthome suite" "8123" | |
| LIST+=( "Hassio" "$DESCRIPTION" "$HASS_STATUS" ) | |
| # OpenHab | |
| OPENHAB_STATUS="$([[ -f /etc/default/openhab ]] && echo "on" || echo "off" )" | |
| DESCRIPTION="Openhab smarthome suite" | |
| LIST+=( "OpenHAB" "$DESCRIPTION" "$OPENHAB_STATUS" ) | |
| # VPN | |
| if [[ "$(dpkg --print-architecture)" == "armhf" || "$(dpkg --print-architecture)" == "amd64" ]]; then | |
| # vpn server | |
| VPN_SERVER_STATUS="$([[ -d /usr/local/vpnserver ]] && echo "on" || echo "off" )" | |
| LIST+=( "VPN server" "Softether VPN server" "$VPN_SERVER_STATUS" ) | |
| # vpn client | |
| VPN_CLIENT_STATUS="$([[ -d /usr/local/vpnclient ]] && echo "on" || echo "off" )" | |
| LIST+=( "VPN client" "Softether VPN client" "$VPN_CLIENT_STATUS" ) | |
| LIST_CONST=$((LIST_CONST + 1)) | |
| fi | |
| # NCP | |
| NCP_STATUS="$( [[ -d /var/www/nextcloud ]] && echo "on" || echo "off" )" | |
| alive_port "Nextcloud personal cloud" "443" | |
| [[ "$family" != "Ubuntu" ]] && LIST+=( "NCP" "$DESCRIPTION" "$NCP_STATUS" ) \ | |
| && LIST_CONST=$((LIST_CONST + 1)) | |
| # OMV | |
| OMV_STATUS="$(check_if_installed openmediavault && echo "on" || echo "off" )" | |
| [[ "$family" != "Ubuntu" ]] && LIST+=( "OMV" "OpenMediaVault NAS solution" "$OMV_STATUS" ) \ | |
| && LIST_CONST=$((LIST_CONST + 1)) | |
| # Plex media server | |
| PLEX_STATUS="$((check_if_installed plexmediaserver || check_if_installed plexmediaserver-installer) \ | |
| && echo "on" || echo "off" )" | |
| alive_port "Plex media server" "32400" "" "/web" | |
| LIST+=( "Plex" "$DESCRIPTION" "$PLEX_STATUS" ) | |
| # Emby server | |
| AMBY_STATUS="$((check_if_installed emby-server) \ | |
| && echo "on" || echo "off" )" | |
| alive_port "Emby server" "8096" | |
| LIST+=( "Emby" "$DESCRIPTION" "$AMBY_STATUS" ) | |
| # Radarr | |
| RADARR_STATUS="$([[ -d /opt/Radarr ]] && echo "on" || echo "off" )" | |
| alive_port "Movies downloading server" "7878" | |
| LIST+=( "Radarr" "$DESCRIPTION" "$RADARR_STATUS" ) | |
| # Sonarr | |
| SONARR_STATUS="$([[ -d /opt/NzbDrone ]] && echo "on" || echo "off" )" | |
| alive_port "TV shows downloading server" "8989" | |
| LIST+=( "Sonarr" "$DESCRIPTION" "$SONARR_STATUS" ) | |
| # MINIdlna | |
| MINIDLNA_STATUS="$(check_if_installed minidlna && echo "on" || echo "off" )" | |
| alive_port "Lightweight DLNA/UPnP-AV server" "8200" "boolean" | |
| LIST+=( "Minidlna" "$DESCRIPTION" "$MINIDLNA_STATUS" ) | |
| # Pi hole | |
| PI_HOLE_STATUS="$([[ -d /etc/pihole ]] && echo "on" || echo "off" )" | |
| alive_process "Ad blocker" "pihole-FTL" | |
| LIST+=( "Pi hole" "$DESCRIPTION" "$PI_HOLE_STATUS" ) | |
| # Transmission | |
| TRANSMISSION_STATUS="$(check_if_installed transmission-daemon && echo "on" || echo "off" )" | |
| alive_port "Torrent download server" "9091" | |
| LIST+=( "Transmission" "$DESCRIPTION" "$TRANSMISSION_STATUS" ) | |
| # UrBackup | |
| URBACKUP_STATUS="$((check_if_installed urbackup-server || check_if_installed urbackup-server-dbg) \ | |
| && echo "on" || echo "off" )" | |
| alive_port "Client/server backup system" "55414" | |
| LIST+=( "UrBackup" "$DESCRIPTION" "$URBACKUP_STATUS" ) | |
| # Docker | |
| DOCKER_STATUS="$((check_if_installed docker-ce) && echo "on" || echo "off" )" | |
| LIST+=( "Docker" "Run applications by using containers" "$DOCKER_STATUS") | |
| # Mayan EDMS docker install | |
| if [[ "$DOCKER_STATUS" == "on" ]]; then | |
| curl --output /dev/null --silent --head --fail http://localhost/authentication/login/?next= | |
| MAYAN_STATUS=$([[ $? -eq 0 ]] && echo "on" || echo "off") | |
| else | |
| MAYAN_STATUS="off" | |
| fi | |
| LIST+=( "Mayan EDMS" "Electronic vault for your documents" "$MAYAN_STATUS") | |
| # ISPconfig | |
| alive_port "SMTP mail, IMAP, POP3 & LAMP/LEMP web server" "8080" "ssl" | |
| ISPCONFIG_STATUS="$([[ -d /usr/local/ispconfig ]] && echo "on" || echo "off" )" | |
| LIST+=( "ISPConfig" "$DESCRIPTION" "$ISPCONFIG_STATUS" ) | |
| # PHPmyadmin | |
| # TODO: fix phpmyadmin installer before uncommenting this section | |
| # if [[ $ISPCONFIG_STATUS == on ]]; then | |
| # LIST_CONST=$((LIST_CONST + 1)) | |
| # alive_port "MYSQL administration" "8081" "" "/phpmyadmin" | |
| # PHPMYADMIN_STATUS="on" | |
| # LIST+=( "PHPmyadmin" "$DESCRIPTION" "$PHPMYADMIN_STATUS" ) | |
| # fi | |
| } | |
| function choose_webserver | |
| { | |
| # | |
| # Target web server selection | |
| # | |
| check_if_installed openmediavault | |
| case $? in | |
| 0) | |
| # OMV installed, prevent switching from nginx to apache which would trash OMV installation | |
| server="nginx" | |
| ;; | |
| *) | |
| dialog --title "Choose a webserver" --backtitle "$BACKTITLE" --yes-label "Apache" --no-label "Nginx" \ | |
| --yesno "\nChoose a web server which you are familiar with. They both work almost the same." 8 70 | |
| response=$? | |
| case $response in | |
| 0) server="apache";; | |
| 1) server="nginx";; | |
| 255) exit;; | |
| esac | |
| ;; | |
| esac | |
| } | |
| function server_conf | |
| { | |
| # | |
| # Add some required date for installation | |
| # | |
| if [[ "$(curl -s ipinfo.io/ip)" != "$serverIP" ]]; then | |
| table="\Z2Application Protocol Port\n | |
| \Z0----------------------------------\n | |
| FTP TCP 20\n | |
| FTP TCP 21\n | |
| SSH/SFTP TCP 22\n | |
| Mail (SMTP) TCP 25\n | |
| DNS TCP 53\n | |
| Web (HTTP) TCP 80\n | |
| Mail (POP3) TCP 110\n | |
| Mail (IMAP) TCP 143\n | |
| Web (HTTPS) TCP 443\n | |
| Mail (SMTPS) TCP 465\n | |
| Mail (SMTP) TCP 587\n | |
| Mail (IMAPS) TCP 993\n | |
| Mail (POP3S) TCP 995\n | |
| Database TCP 3306\n | |
| Chat (XMPP) TCP 5222\n | |
| ISPConfig TCP 8080\n | |
| ISPConfig TCP 8081\n | |
| ISPConfig TCP 10000\n | |
| DNS UDP 53\n | |
| Database UDP 3306\n | |
| "; | |
| dialog --colors --title "Warning" --msgbox "\nYour internal and external IP addresses are different which seems that you are behind a router. \n\nMake sure \Z1$serverIP\Z0 is a static IP address. Then forward external ports to those services which you plan to use.\n\n\n$table" 38 38 | |
| fi | |
| # | |
| HOSTNAMEFQDN=$(\ | |
| dialog --title "Server configuration" \ | |
| --ok-label "Install" \ | |
| --backtitle "$BACKTITLE" \ | |
| --inputbox "\nSet FQDN for $serverIP:" 10 50 \ | |
| "$(hostname).example.com" \ | |
| 3>&1 1>&2 2>&3 3>&- \ | |
| ) | |
| # create random password for mysql | |
| MYSQL_PASS=$(< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c16) | |
| } | |
| install_packet () | |
| { | |
| # | |
| # Install missing packets | |
| # | |
| i=0 | |
| j=1 | |
| IFS=" " | |
| declare -a PACKETS=($1) | |
| #skupaj=$(apt-get -s -y -qq install $1 | wc -l) | |
| skupaj=${#PACKETS[@]} | |
| while [[ $i -lt $skupaj ]]; do | |
| procent=$(echo "scale=2;($j/$skupaj)*100"|bc) | |
| x=${PACKETS[$i]} | |
| if [ $(dpkg-query -W -f='${Status}' $x 2>/dev/null | grep -c "ok installed") -eq 0 ]; then | |
| printf '%.0f\n' $procent | dialog \ | |
| --backtitle "$BACKTITLE" \ | |
| --title "Installing" \ | |
| --gauge "\n$2\n\n$x" 10 70 | |
| if [ "$(DEBIAN_FRONTEND=noninteractive apt-get -qq -y install $x >${TEMP_DIR}/install.log 2>&1 || echo 'Installation failed' \ | |
| | grep 'Installation failed')" != "" ]; then | |
| echo -e "[\e[0;31m error \x1B[0m] Installation failed" | |
| tail ${TEMP_DIR}/install.log | |
| exit | |
| fi | |
| fi | |
| i=$[$i+1] | |
| j=$[$j+1] | |
| done | |
| echo "" | |
| } | |
| alive_port () | |
| { | |
| # | |
| # Displays URL to the service $1 on port $2 or just that is active if $3 = boolean $4 = path | |
| # | |
| if [[ -n $(netstat -lnt | awk '$6 == "LISTEN" && $4 ~ ".'$2'"') ]]; then | |
| if [[ $3 == boolean ]]; then | |
| DESCRIPTION="$1 is \Z1active\Z0"; | |
| elif [[ $3 == ssl ]]; then | |
| DESCRIPTION="Active on https://${serverIP}:\Z1$2\Z0$4"; | |
| else | |
| DESCRIPTION="Active on http://${serverIP}:\Z1$2\Z0$4"; | |
| fi | |
| else | |
| DESCRIPTION="$1"; | |
| fi | |
| } | |
| alive_process () | |
| { | |
| # | |
| # check if process name $2 is running. Display it's name $1 or $1 is active if active | |
| # | |
| if pgrep -x "$2" > /dev/null 2>&1; then DESCRIPTION="$1 is \Z1active\Z0"; else DESCRIPTION="$1"; fi | |
| } | |
| install_basic (){ | |
| # | |
| # Set hostname, FQDN, add to sources list | |
| # | |
| IFS=" " | |
| set ${HOSTNAMEFQDN//./ } | |
| HOSTNAMESHORT="$1" | |
| cp /etc/hosts /etc/hosts.backup | |
| cp /etc/hostname /etc/hostname.backup | |
| # create new | |
| echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts | |
| echo "${serverIP} ${HOSTNAMEFQDN} ${HOSTNAMESHORT} #ispconfig " >> /etc/hosts | |
| echo "$HOSTNAMESHORT" > /etc/hostname | |
| /etc/init.d/hostname.sh start >/dev/null 2>&1 | |
| hostnamectl set-hostname $HOSTNAMESHORT | |
| if [[ $family == "Ubuntu" ]]; then | |
| # set hostname in Ubuntu | |
| hostnamectl set-hostname $HOSTNAMESHORT | |
| # disable AppArmor | |
| if [[ -n $(service apparmor status 2> /dev/null | grep -w active | grep -w running) ]]; then | |
| service apparmor stop | |
| update-rc.d -f apparmor remove | |
| apt-get -y -qq remove apparmor apparmor-utils | |
| fi | |
| else | |
| grep -q "contrib" /etc/apt/sources.list || sed -i 's|main|main contrib|' /etc/apt/sources.list | |
| grep -q "non-free" /etc/apt/sources.list || sed -i 's|contrib|contrib non-free|' /etc/apt/sources.list | |
| grep -q "deb http://ftp.debian.org/debian jessie-backports main" /etc/apt/sources.list || echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list | |
| debconf-apt-progress -- apt-get update | |
| fi | |
| } | |
| create_ispconfig_configuration (){ | |
| # | |
| # ISPConfig autoconfiguration | |
| # | |
| cat > ${TEMP_DIR}/isp.conf.php <<EOF | |
| <?php | |
| \$autoinstall['language'] = 'en'; // de, en (default) | |
| \$autoinstall['install_mode'] = 'standard'; // standard (default), expert | |
| \$autoinstall['hostname'] = '$HOSTNAMEFQDN'; // default | |
| \$autoinstall['mysql_hostname'] = 'localhost'; // default: localhost | |
| \$autoinstall['mysql_root_user'] = 'root'; // default: root | |
| \$autoinstall['mysql_root_password'] = '$MYSQL_PASS'; | |
| \$autoinstall['mysql_database'] = 'dbispconfig'; // default: dbispcongig | |
| \$autoinstall['mysql_charset'] = 'utf8'; // default: utf8 | |
| \$autoinstall['mysql_port'] = '3306'; // default: 3306 | |
| \$autoinstall['configure_jailkit'] = 'y'; // y (default), n | |
| \$autoinstall['configure_firewall'] = 'y'; // y (default), n | |
| \$autoinstall['configure_$server'] = 'y'; // y (default), n | |
| \$autoinstall['configure_dns'] = 'y'; // y (default), n | |
| \$autoinstall['http_server'] = '$server'; // y (default), n | |
| \$autoinstall['ispconfig_port'] = '8080'; // default: 8080 | |
| \$autoinstall['ispconfig_admin_password'] = '1234'; // default: 1234 | |
| \$autoinstall['ispconfig_use_ssl'] = 'y'; // y (default), n | |
| /* SSL Settings */ | |
| \$autoinstall['ssl_cert_country'] = 'AU'; | |
| \$autoinstall['ssl_cert_state'] = 'Some-State'; | |
| \$autoinstall['ssl_cert_locality'] = 'Chicago'; | |
| \$autoinstall['ssl_cert_organisation'] = 'Internet Widgits Pty Ltd'; | |
| \$autoinstall['ssl_cert_organisation_unit'] = 'IT department'; | |
| \$autoinstall['ssl_cert_common_name'] = \$autoinstall['hostname']; | |
| \$autoinstall['ssl_cert_email'] = 'joe@lamer.com'; | |
| ?> | |
| EOF | |
| } | |
| install_cups () | |
| { | |
| # | |
| # Install printer system | |
| # | |
| debconf-apt-progress -- apt-get -y install cups lpr cups-filters | |
| # cups-filters if jessie | |
| sed -e 's/Listen localhost:631/Listen 631/g' -i /etc/cups/cupsd.conf | |
| sed -e 's/<Location \/>/<Location \/>\nallow $SUBNET/g' -i /etc/cups/cupsd.conf | |
| sed -e 's/<Location \/admin>/<Location \/admin>\nallow $SUBNET/g' -i /etc/cups/cupsd.conf | |
| sed -e 's/<Location \/admin\/conf>/<Location \/admin\/conf>\nallow $SUBNET/g' -i /etc/cups/cupsd.conf | |
| service cups restart | |
| service samba restart | service smbd restart >/dev/null 2>&1 | |
| } | |
| install_samba () | |
| { | |
| # | |
| # install Samba file sharing | |
| # | |
| local SECTION="Samba" | |
| SMBUSER=$(whiptail --inputbox "What is your samba username?" 8 78 $SMBUSER --title "$SECTION" 3>&1 1>&2 2>&3) | |
| exitstatus=$?; if [ $exitstatus = 1 ]; then exit 1; fi | |
| SMBPASS=$(whiptail --inputbox "What is your samba password?" 8 78 $SMBPASS --title "$SECTION" 3>&1 1>&2 2>&3) | |
| exitstatus=$?; if [ $exitstatus = 1 ]; then exit 1; fi | |
| SMBGROUP=$(whiptail --inputbox "What is your samba group?" 8 78 $SMBGROUP --title "$SECTION" 3>&1 1>&2 2>&3) | |
| exitstatus=$?; if [ $exitstatus = 1 ]; then exit 1; fi | |
| # | |
| debconf-apt-progress -- apt-get -y install samba samba-common-bin samba-vfs-modules | |
| useradd $SMBUSER | |
| echo -ne "$SMBPASS\n$SMBPASS\n" | passwd $SMBUSER >/dev/null 2>&1 | |
| echo -ne "$SMBPASS\n$SMBPASS\n" | smbpasswd -a -s $SMBUSER >/dev/null 2>&1 | |
| service samba stop | service smbd stop >/dev/null 2>&1 | |
| cp /etc/samba/smb.conf /etc/samba/smb.conf.stock | |
| cat > /etc/samba/smb.conf.tmp << EOF | |
| [global] | |
| workgroup = SMBGROUP | |
| server string = %h server | |
| hosts allow = SUBNET | |
| log file = /var/log/samba/log.%m | |
| max log size = 1000 | |
| syslog = 0 | |
| panic action = /usr/share/samba/panic-action %d | |
| load printers = yes | |
| printing = cups | |
| printcap name = cups | |
| min receivefile size = 16384 | |
| write cache size = 524288 | |
| getwd cache = yes | |
| socket options = TCP_NODELAY IPTOS_LOWDELAY | |
| [printers] | |
| comment = All Printers | |
| path = /var/spool/samba | |
| browseable = no | |
| public = yes | |
| guest ok = yes | |
| writable = no | |
| printable = yes | |
| printer admin = SMBUSER | |
| [print$] | |
| comment = Printer Drivers | |
| path = /etc/samba/drivers | |
| browseable = yes | |
| guest ok = no | |
| read only = yes | |
| write list = SMBUSER | |
| [ext] | |
| comment = Storage | |
| path = /ext | |
| writable = yes | |
| public = no | |
| valid users = SMBUSER | |
| force create mode = 0644 | |
| EOF | |
| sed -i "s/SMBGROUP/$SMBGROUP/" /etc/samba/smb.conf.tmp | |
| sed -i "s/SMBUSER/$SMBUSER/" /etc/samba/smb.conf.tmp | |
| sed -i "s/SUBNET/$SUBNET/" /etc/samba/smb.conf.tmp | |
| dialog --backtitle "$BACKTITLE" --title "Review samba configuration" --no-collapse --editbox /etc/samba/smb.conf.tmp 30 0 2> /etc/samba/smb.conf.tmp.out | |
| if [[ $? = 0 ]]; then | |
| mv /etc/samba/smb.conf.tmp.out /etc/samba/smb.conf | |
| install -m 755 -g $SMBUSER -o $SMBUSER -d /ext | |
| service service smbd stop >/dev/null 2>&1 | |
| sleep 3 | |
| service service smbd start >/dev/null 2>&1 | |
| fi | |
| } | |
| install_ncp (){ | |
| curl -sSL https://raw.githubusercontent.com/nextcloud/nextcloudpi/master/install.sh > ${TEMP_DIR}/install.sh | |
| curl -sSL https://raw.githubusercontent.com/nextcloud/nextcloudpi/master/etc/ncp.cfg > ${TEMP_DIR}/ncp.cfg | |
| local DEBIAN_RELEASE=$(awk '{if ($1 == "\"release\":" ) {print $2}}' ${TEMP_DIR}/ncp.cfg | sed 's/[", ]//g') | |
| sed "s/check_distro etc\/ncp.cfg/[[ \$(lsb_release -cs) == \"${DEBIAN_RELEASE}\" ]] /" -i ${TEMP_DIR}/install.sh | |
| bash ${TEMP_DIR}/install.sh | |
| } | |
| install_omv (){ | |
| # | |
| # Install OpenMediaVault on Debian | |
| # | |
| if [ -f /etc/armbian-release ]; then | |
| . /etc/armbian-release | |
| fi | |
| # OMV5 Requirement | |
| if [[ "$distribution" != "buster" ]]; then | |
| dialog --backtitle "$BACKTITLE" --title "Dependencies not met" --msgbox "\nOpenMediaVault 5 can only be installed on Debian Buster." 7 52 | |
| sleep 5 | |
| exit 1 | |
| fi | |
| # Download OMV install script | |
| wgeturl="https://github.com/OpenMediaVault-Plugin-Developers/installScript/raw/master/install" | |
| fancy_wget "$wgeturl" "-O ${TEMP_DIR}/omv_install.sh" | |
| # Execute install script | |
| clear | |
| echo "Starting OpenMediaVault install. Be patient, it will take several minutes..." | |
| sleep 2 | |
| bash ${TEMP_DIR}/omv_install.sh -r | |
| # Board Specific Tweak | |
| echo "Now applying board tweak if required..." | |
| # Hardkernel Cloudshell 1 and 2 fixes, read the whole thread for details: | |
| # https://forum.openmediavault.org/index.php/Thread/17855 | |
| lsusb | grep -q -i "05e3:0735" && sed -i "/exit 0/i echo 20 > /sys/class/block/sda/queue/max_sectors_kb" /etc/rc.local | |
| case ${BOARD} in | |
| odroidxu4) | |
| apt install -y i2c-tools | |
| /usr/sbin/i2cdetect -y 1 | grep -q "60: 60" | |
| if [ $? -eq 0 ]; then | |
| add-apt-repository -y ppa:kyle1117/ppa | |
| apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3028C3C96AD57103 | |
| sed -i 's/hirsute/focal/' /etc/apt/sources.list.d/kyle1117-ubuntu-ppa-hirsute.list | |
| apt update | |
| apt install -y -q cloudshell-lcd odroid-cloudshell cloudshell2-fan | |
| lsusb -v | awk -F"__" '/RANDOM_/ {print $2}' | head -n1 | while read ; do | |
| echo "ATTRS{idVendor}==\"152d\", ATTRS{idProduct}==\"0561\", KERNEL==\"sd*\", ENV{DEVTYPE}==\"disk\", SYMLINK=\"disk/by-id/\$env{ID_BUS}-CloudShell2-${REPLY}-\$env{ID_MODEL}\"" >> /etc/udev/rules.d/99-cloudshell2.rules | |
| echo "ATTRS{idVendor}==\"152d\", ATTRS{idProduct}==\"0561\", KERNEL==\"sd*\", ENV{DEVTYPE}==\"partition\", SYMLINK=\"disk/by-id/\$env{ID_BUS}-CloudShell2-${REPLY}-\$env{ID_MODEL}-part%n\"" >> /etc/udev/rules.d/99-cloudshell2.rules | |
| done | |
| fi | |
| ;; | |
| helios4) | |
| # Make mdadm display fault events on Fault LED | |
| # NOTE : this is not a permanent approach need to be improved via some OMV core code change | |
| if [ -f /usr/sbin/mdadm-fault-led.sh ]; then | |
| cat <<EOF > /srv/salt/omv/deploy/mdadm/25faultled.sls | |
| mdadm_add_program_config: | |
| cmd.run: | |
| - name: "echo -e '\n# Trigger Fault Led script when an event is detected\nPROGRAM /usr/sbin/mdadm-fault-led.sh' >> /etc/mdadm/mdadm.conf" | |
| EOF | |
| /usr/sbin/omv-salt deploy run mdadm | |
| fi | |
| ;; | |
| esac | |
| if check_if_installed openmediavault; then | |
| dialog --colors --backtitle "$BACKTITLE" --no-collapse --title "OMV Installation" --yesno "\nIt is recommended to reboot your system to finish OMV setup. Do you want to reboot now?" 8 80 | |
| if [[ $? == 0 ]]; then | |
| reboot | |
| fi | |
| fi | |
| } | |
| install_tvheadend () | |
| { | |
| # | |
| # TVheadend https://tvheadend.org/ unofficial port https://tvheadend.org/boards/5/topics/21528 | |
| # | |
| if [[ "$family" == "Ubuntu" ]]; then | |
| apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 26F4EF8440618B66 >/dev/null 2>&1 | |
| add-apt-repository -y add-apt-repository ppa:mamarley/tvheadend-git >/dev/null 2>&1 | |
| debconf-apt-progress -- apt-get -y install libssl-doc libssl1.1 zlib1g-dev tvheadend xmltv-util | |
| else | |
| if [ ! -f /etc/apt/sources.list.d/tvheadend.list ]; then | |
| echo "deb https://www.deb-multimedia.org ${distribution} main non-free" >> /etc/apt/sources.list.d/tvheadend.list | |
| apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 5C808C2B65558117 >/dev/null 2>&1 | |
| fi | |
| URL="https://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.0.0_1.0.1t-1+deb8u9_"$(dpkg --print-architecture)".deb" | |
| fancy_wget "$URL" "-O ${TEMP_DIR}/package.deb" | |
| dpkg -i ${TEMP_DIR}/package.deb >/dev/null 2>&1 | |
| debconf-apt-progress -- apt-get update | |
| debconf-apt-progress -- apt-get -y install libssl-doc zlib1g-dev tvheadend xmltv-util | |
| fi | |
| } | |
| install_docker () | |
| { | |
| if [[ $distribution == groovy || $distribution == focal || $distribution == bionic ]]; then | |
| echo "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu focal stable" > \ | |
| /etc/apt/sources.list.d/docker.list | |
| else | |
| echo "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/debian buster stable" >\ | |
| /etc/apt/sources.list.d/docker.list | |
| fi | |
| curl -fsSL "https://download.docker.com/linux/debian/gpg" | apt-key add -qq - > /dev/null 2>&1 | |
| debconf-apt-progress -- apt-get update | |
| debconf-apt-progress -- apt-get install -y -qq --no-install-recommends docker-ce docker-ce-cli containerd.io | |
| } | |
| install_urbackup () | |
| { | |
| # | |
| # Client/server backup system https://www.urbackup.org/ | |
| # | |
| if [ "$(dpkg --print-architecture | grep arm64)" == "arm64" ]; then local arch=armhf; else local arch=$(dpkg --print-architecture); fi | |
| PREFIX="https://hndl.urbackup.org/Server/latest/" | |
| URL="https://hndl.urbackup.org/Server/latest/"$(wget -q $PREFIX -O - | html2text -width 120 | grep deb | awk ' { print $3 }' | grep $arch) | |
| fancy_wget "$URL" "-O ${TEMP_DIR}/package.deb" | |
| dpkg -i ${TEMP_DIR}/package.deb >/dev/null 2>&1 | |
| apt-get -yy -f install | |
| } | |
| install_transmission () | |
| { | |
| # | |
| # transmission | |
| # | |
| install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading dependencies" | |
| install_packet "transmission-cli transmission-common transmission-daemon" "Install torrent server" | |
| service transmission-daemon stop | |
| local A=(${serverIP//./ }) | |
| local servernetwork="${A[0]}.${A[1]}.*.*" | |
| sed "s/\"rpc-whitelist\": \"127.0.0.1.*/\"rpc-whitelist\": \"127.0.0.1,$servernetwork\",/" -i /etc/transmission-daemon/settings.json | |
| service transmission-daemon start | |
| # systemd workaround | |
| # https://forum.armbian.com/index.php?/topic/4017-programs-does-not-start-automatically-at-boot/ | |
| sed -e 's/exit 0//g' -i /etc/rc.local | |
| cat >> /etc/rc.local <<"EOF" | |
| service transmission-daemon restart | |
| exit 0 | |
| EOF | |
| } | |
| install_transmission_seed_armbian_torrents () | |
| { | |
| # | |
| # seed our torrents | |
| # | |
| # adjust network buffers if necessary | |
| rmem_recommended=4194304 | |
| wmem_recommended=1048576 | |
| rmem_actual=$(sysctl net.core.rmem_max | awk -F" " '{print $3}') | |
| if [ ${rmem_actual} -lt ${rmem_recommended} ]; then | |
| grep -q net.core.rmem_max /etc/sysctl.conf && \ | |
| sed -i "s/net.core.rmem_max =.*/net.core.rmem_max = ${rmem_recommended}/" /etc/sysctl.conf || \ | |
| echo "net.core.rmem_max = ${rmem_recommended}" >> /etc/sysctl.conf | |
| fi | |
| wmem_actual=$(sysctl net.core.wmem_max | awk -F" " '{print $3}') | |
| if [ ${wmem_actual} -lt ${wmem_recommended} ]; then | |
| grep -q net.core.wmem_max /etc/sysctl.conf && \ | |
| sed -i "s/net.core.wmem_max =.*/net.core.wmem_max = ${wmem_recommended}/" /etc/sysctl.conf || \ | |
| echo "net.core.wmem_max = ${wmem_recommended}" >> /etc/sysctl.conf | |
| fi | |
| /sbin/sysctl -p >/dev/null 2>&1 | |
| # create cron job for daily sync with official Armbian torrents | |
| cat > /etc/cron.daily/seed-armbian-torrent <<"EOF" | |
| #!/bin/bash | |
| # | |
| # armbian torrents auto update | |
| # | |
| # download latest torrent pack | |
| TEMP_DIR=$(mktemp -d || exit 1) | |
| chmod 700 ${TEMP_DIR} | |
| trap "rm -rf \"${TEMP_DIR}\" ; exit 0" 0 1 2 3 15 | |
| wget -qO- -O ${TEMP_DIR}/armbian-torrents.zip https://dl.armbian.com/torrent/all-torrents.zip | |
| # test zip for corruption | |
| unzip -t ${TEMP_DIR}/armbian-torrents.zip >/dev/null 2>&1 | |
| [[ $? -ne 0 ]] && echo "Error in zip" && exit | |
| # extract zip | |
| unzip -o ${TEMP_DIR}/armbian-torrents.zip -d ${TEMP_DIR}/torrent-tmp >/dev/null 2>&1 | |
| # create list of current active torrents | |
| transmission-remote -n 'transmission:transmission' -l | sed '1d; $d' > ${TEMP_DIR}/torrent-tmp/active.torrents | |
| # loop and add/update torrent files | |
| for f in ${TEMP_DIR}/torrent-tmp/*.torrent; do | |
| transmission-remote -n 'transmission:transmission' -a $f > /dev/null 2>&1 | |
| # remove added from the list | |
| pattern="${f//.torrent}"; pattern="${pattern##*/}"; | |
| sed -i "/$pattern/d" ${TEMP_DIR}/torrent-tmp/active.torrents | |
| done | |
| # remove old armbian torrents | |
| while read i; do | |
| [[ $i == *Armbian_* || $i == *gcc-linaro-* || $i == *tar.lz4 ]] && transmission-remote -n 'transmission:transmission' -t $(echo "$i" | awk '{print $1}';) --remove-and-delete | |
| done < ${TEMP_DIR}/torrent-tmp/active.torrents | |
| # remove temporally files and direcotories | |
| EOF | |
| chmod +x /etc/cron.daily/seed-armbian-torrent | |
| /etc/cron.daily/seed-armbian-torrent & | |
| } | |
| install_hassio () | |
| { | |
| # | |
| # Install Home assistant smart home suite hass.io / Docker instance by using official installer | |
| # | |
| local arch=$(dpkg --print-architecture) | |
| case $arch in | |
| armhf) | |
| local machine=raspberrypi2 | |
| ;; | |
| arm64) | |
| local machine=raspberrypi4-64 | |
| ;; | |
| amd64) | |
| local machine=intel-nuc | |
| ;; | |
| *) | |
| exit 1 | |
| ;; | |
| esac | |
| if [ $? == 0 ]; then | |
| install_docker | |
| debconf-apt-progress -- apt-get install -y apparmor-utils apt-transport-https avahi-daemon ca-certificates \ | |
| dbus jq network-manager socat software-properties-common | |
| curl -sL "https://raw.githubusercontent.com/home-assistant/supervised-installer/master/installer.sh" | \ | |
| bash -s -- -m ${machine} | |
| dialog --backtitle "$BACKTITLE" --title "Please wait" \ | |
| --msgbox "\nIt can take several minutes before Home Assistant UI becomes available! " 7 75 | |
| fi | |
| } | |
| install_openhab () | |
| { | |
| # | |
| # Install Openhab smart home suite | |
| # | |
| local jdkArch=$(dpkg --print-architecture) | |
| case $jdkArch in | |
| armhf) | |
| URL="https://cdn.azul.com/zulu-embedded/bin/zulu11.43.100-ca-jdk11.0.9.1-linux_aarch32hf.tar.gz" | |
| ;; | |
| arm64) | |
| URL="https://cdn.azul.com/zulu-embedded/bin/zulu11.43.100-ca-jdk11.0.9.1-linux_aarch64.tar.gz" | |
| ;; | |
| amd64) | |
| URL="https://cdn.azul.com/zulu/bin/zulu11.43.55-ca-jdk11.0.9.1-linux_x64.tar.gz" | |
| ;; | |
| *) | |
| URL="https://cdn.azul.com/zulu/bin/zulu11.43.55-ca-jdk11.0.9.1-linux_i686.tar.gz" | |
| esac | |
| fancy_wget "$URL" "-O ${TEMP_DIR}/zulu11.tar.gz" | |
| mkdir -p /opt/jdk | |
| tar -xpzf ${TEMP_DIR}/zulu11.tar.gz -C /opt/jdk | |
| jdkBin=$(find /opt/jdk/*/bin ... -print -quit) | |
| jdkLib=$(find /opt/jdk/*/lib ... -print -quit) | |
| update-alternatives --remove-all java >/dev/null 2>&1 | |
| update-alternatives --remove-all javac >/dev/null 2>&1 | |
| update-alternatives --install /usr/bin/java java "$jdkBin"/java 1083000 >/dev/null 2>&1 | |
| update-alternatives --install /usr/bin/javac javac "$jdkBin"/javac 1083000 >/dev/null 2>&1 | |
| echo "$jdkLib"/"$jdkArch" > /etc/ld.so.conf.d/java.conf | |
| echo "$jdkLib"/"$jdkArch"/jli >> /etc/ld.so.conf.d/java.conf | |
| ldconfig >/dev/null 2>&1 | |
| wget -qO - 'https://openhab.jfrog.io/artifactory/api/gpg/key/public' | apt-key add - >/dev/null 2>&1 | |
| echo 'deb https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable main' | sudo tee /etc/apt/sources.list.d/openhab.list >/dev/null 2>&1 | |
| debconf-apt-progress -- apt-get update | |
| debconf-apt-progress -- apt-get install -y openhab | |
| systemctl daemon-reload >/dev/null 2>&1 | |
| systemctl enable openhab.service >/dev/null 2>&1 | |
| systemctl start openhab.service >/dev/null 2>&1 | |
| debconf-apt-progress -- apt-get install -y openhab-addons | |
| sed -i 's|EXTRA_JAVA_OPTS=""|EXTRA_JAVA_OPTS="-Dgnu.io.rxtx.SerialPorts=/dev/ttyUSB0:/dev/ttyS0:/dev/ttyS2:/dev/ttyACM0:/dev/ttyAMA0"|' /etc/default/openhab | |
| service openhab restart >/dev/null 2>&1 | |
| dialog --backtitle "$BACKTITLE" --title "Please wait" --msgbox \ | |
| "\nIt can take several minutes before OpenHAB UI becomes available! " 7 68 | |
| } | |
| install_syncthing () | |
| { | |
| # | |
| # Install Personal cloud https://syncthing.net/ | |
| # | |
| curl -s https://syncthing.net/release-key.txt | apt-key add - >/dev/null 2>&1 | |
| echo "deb https://apt.syncthing.net/ syncthing stable" | tee /etc/apt/sources.list.d/syncthing.list >/dev/null 2>&1 | |
| debconf-apt-progress -- apt-get update | |
| debconf-apt-progress -- apt-get -y install syncthing | |
| # increase open file limit | |
| if !(grep -qs "fs.inotify.max_user_watches=204800" "/etc/sysctl.conf");then | |
| echo -e "fs.inotify.max_user_watches=204800" | tee -a /etc/sysctl.conf | |
| fi | |
| add_choose_user | |
| mv /lib/systemd/system/syncthing@.service /lib/systemd/system/syncthing@${CHOSEN_USER}.service | |
| # create startup files | |
| systemctl enable syncthing@${CHOSEN_USER}.service >/dev/null 2>&1 | |
| systemctl start syncthing@${CHOSEN_USER}.service >/dev/null 2>&1 | |
| systemctl stop syncthing@${CHOSEN_USER}.service >/dev/null 2>&1 | |
| systemctl start syncthing@${CHOSEN_USER}.service >/dev/null 2>&1 | |
| # wait until config file is created | |
| while : | |
| do | |
| if [[ -f /home/${CHOSEN_USER}/.config/syncthing/config.xml ]]; then break; fi | |
| sleep 1 | |
| done | |
| # change to server IP | |
| sed -i "s/127.0.0.1/${serverIP}/" /home/${CHOSEN_USER}/.config/syncthing/config.xml | |
| systemctl restart syncthing@${CHOSEN_USER}.service >/dev/null 2>&1 | |
| dialog --backtitle "$BACKTITLE" --title "Please wait" --msgbox "\nIt can take several minutes before Syncthing UI becomes available! " 7 70 | |
| } | |
| install_plex_media_server () | |
| { | |
| # | |
| # Plex Media server | |
| # | |
| echo -e "deb https://downloads.plex.tv/repo/deb public main" > /etc/apt/sources.list.d/plex.list | |
| wget -q -O - https://downloads.plex.tv/plex-keys/PlexSign.key | apt-key add - >/dev/null 2>&1 | |
| debconf-apt-progress -- apt-get update | |
| debconf-apt-progress -- apt-get -y install plexmediaserver | |
| } | |
| install_emby_server () | |
| { | |
| # | |
| # Emby server | |
| # | |
| ARCH=$(dpkg --print-architecture) | |
| URL=$(curl -s https://api.github.com/repos/MediaBrowser/Emby.Releases/releases/latest | grep "/emby-server-deb.*${ARCH}.deb" | cut -d : -f 2,3 | tr -d \") | |
| fancy_wget "$URL" "-O ${TEMP_DIR}/emby.deb" | |
| dpkg -i ${TEMP_DIR}/emby.deb >/dev/null 2>&1 | |
| apt-get -yy -f install | |
| } | |
| install_radarr () | |
| { | |
| # | |
| # Automatically downloading movies | |
| # | |
| debconf-apt-progress -- apt-get update | |
| debconf-apt-progress -- apt-get -y install mono-devel mediainfo libmono-cil-dev | |
| wgeturl=$(curl -s "https://api.github.com/repos/Radarr/Radarr/releases" | grep 'linux.tar.gz' | grep 'browser_download_url' | head -1 | cut -d \" -f 4) | |
| fancy_wget "$wgeturl" "-O ${TEMP_DIR}/radarr.tgz" | |
| tar xf ${TEMP_DIR}/radarr.tgz -C /opt | |
| cat << _EOF_ > /etc/systemd/system/radarr.service | |
| [Unit] | |
| Description=Radarr Daemon | |
| After=network.target | |
| [Service] | |
| User=root | |
| Type=simple | |
| ExecStart=/usr/bin/mono --debug /opt/Radarr/Radarr.exe -nobrowser | |
| [Install] | |
| WantedBy=multi-user.target | |
| _EOF_ | |
| systemctl enable radarr >/dev/null 2>&1 | |
| systemctl start radarr | |
| } | |
| install_sonarr () | |
| { | |
| # | |
| # Automatically downloading TV shows | |
| # | |
| if [ "$(dpkg --print-architecture | grep arm64)" == "arm64" ]; then | |
| debconf-apt-progress -- apt-get update | |
| debconf-apt-progress -- apt-get -y install mono-complete mediainfo | |
| fancy_wget "https://update.sonarr.tv/v2/develop/mono/NzbDrone.develop.tar.gz" "-O ${TEMP_DIR}/sonarr.tgz" | |
| tar xf ${TEMP_DIR}/sonarr.tgz -C /opt | |
| else | |
| apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FDA5DFFC >/dev/null 2>&1 | |
| echo -e "deb https://apt.sonarr.tv/ develop main" > /etc/apt/sources.list.d/sonarr.list | |
| debconf-apt-progress -- apt-get update | |
| debconf-apt-progress -- apt-get -y install nzbdrone | |
| fi | |
| cat << _EOF_ > /etc/systemd/system/sonarr.service | |
| [Unit] | |
| Description=Sonarr (NzbDrone) Daemon | |
| After=network.target | |
| [Service] | |
| User=root | |
| Type=simple | |
| ExecStart=/usr/bin/mono --debug /opt/NzbDrone/NzbDrone.exe -nobrowser | |
| [Install] | |
| WantedBy=multi-user.target | |
| _EOF_ | |
| systemctl enable sonarr >/dev/null 2>&1 | |
| systemctl start sonarr | |
| } | |
| install_vpn_server () | |
| { | |
| # | |
| # Script downloads latest stable | |
| # | |
| cd ${TEMP_DIR} | |
| PREFIX="https://www.softether-download.com/files/softether/" | |
| install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading basic packages" | |
| URL=$(wget -q $PREFIX -O - | html2text | grep rtm | awk ' { print $(NF) }' | tail -1) | |
| SUFIX="${URL/-tree/}" | |
| if [ "$(dpkg --print-architecture | grep armhf)" != "" ]; then | |
| DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Server/32bit_-_ARM_EABI/softether-vpnserver-$SUFIX-linux-arm_eabi-32bit.tar.gz" | |
| else | |
| install_packet "gcc-multilib" "Install libraries" | |
| DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Server/32bit_-_Intel_x86/softether-vpnserver-$SUFIX-linux-x86-32bit.tar.gz" | |
| fi | |
| wget -q $DLURL -O - | tar -xz | |
| cd vpnserver | |
| make i_read_and_agree_the_license_agreement | dialog --backtitle "$BACKTITLE" --title "Compiling SoftEther VPN" --progressbox $TTY_Y $TTY_X | |
| cd .. | |
| cp -R vpnserver /usr/local | |
| cd /usr/local/vpnserver/ | |
| chmod 600 * | |
| chmod 700 vpncmd | |
| chmod 700 vpnserver | |
| if [[ -d /run/systemd/system/ ]]; then | |
| cat <<EOT >/lib/systemd/system/ethervpn.service | |
| [Unit] | |
| Description=VPN service | |
| [Service] | |
| Type=oneshot | |
| ExecStart=/usr/local/vpnserver/vpnserver start | |
| ExecStop=/usr/local/vpnserver/vpnserver stop | |
| RemainAfterExit=yes | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOT | |
| systemctl enable ethervpn.service | |
| service ethervpn start | |
| else | |
| cat <<EOT > /etc/init.d/vpnserver | |
| #!/bin/sh | |
| ### BEGIN INIT INFO | |
| # Provides: vpnserver | |
| # Required-Start: \$remote_fs \$syslog | |
| # Required-Stop: \$remote_fs \$syslog | |
| # Default-Start: 2 3 4 5 | |
| # Default-Stop: 0 1 6 | |
| # Short-Description: Start daemon at boot time | |
| # Description: Enable Softether by daemon. | |
| ### END INIT INFO | |
| DAEMON=/usr/local/vpnserver/vpnserver | |
| LOCK=/var/lock/vpnserver | |
| test -x $DAEMON || exit 0 | |
| case "\$1" in | |
| start) | |
| \$DAEMON start | |
| touch \$LOCK | |
| ;; | |
| stop) | |
| \$DAEMON stop | |
| rm \$LOCK | |
| ;; | |
| restart) | |
| \$DAEMON stop | |
| sleep 3 | |
| \$DAEMON start | |
| ;; | |
| *) | |
| echo "Usage: \$0 {start|stop|restart}" | |
| exit 1 | |
| esac | |
| exit 0 | |
| EOT | |
| chmod 755 /etc/init.d/vpnserver | |
| mkdir /var/lock/subsys | |
| update-rc.d vpnserver defaults >> $logfile | |
| /etc/init.d/vpnserver start | |
| fi | |
| } | |
| install_vpn_client () | |
| { | |
| # | |
| # Script downloads latest stable | |
| # | |
| cd ${TEMP_DIR} | |
| PREFIX="https://www.softether-download.com/files/softether/" | |
| install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading basic packages" | |
| URL=$(wget -q $PREFIX -O - | html2text | grep rtm | awk ' { print $(NF) }' | tail -1) | |
| SUFIX="${URL/-tree/}" | |
| if [ "$(dpkg --print-architecture | grep armhf)" != "" ]; then | |
| DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Client/32bit_-_ARM_EABI/softether-vpnclient-$SUFIX-linux-arm_eabi-32bit.tar.gz" | |
| else | |
| install_packet "gcc-multilib" "Install libraries" | |
| DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Client/32bit_-_Intel_x86/softether-vpnclient-$SUFIX-linux-x86-32bit.tar.gz" | |
| fi | |
| wget -q $DLURL -O - | tar -xz | |
| cd vpnclient | |
| make i_read_and_agree_the_license_agreement | dialog --backtitle "$BACKTITLE" --title "Compiling SoftEther VPN vpnclient" --progressbox $TTY_Y $TTY_X | |
| cd .. | |
| cp -R vpnclient /usr/local | |
| cd /usr/local/vpnclient/ | |
| chmod 600 * | |
| chmod 700 vpncmd | |
| chmod 700 vpnclient | |
| } | |
| install_DashNTP () | |
| { | |
| # | |
| # Install DASH and NTP service | |
| # | |
| echo "dash dash/sh boolean false" | debconf-set-selections | |
| dpkg-reconfigure -f noninteractive dash > /dev/null 2>&1 | |
| install_packet "ntp ntpdate" "Install DASH and NTP service" | |
| } | |
| install_MySQL () | |
| { | |
| # | |
| # Maria SQL | |
| # | |
| install_packet "mariadb-client mariadb-server" "SQL client and server" | |
| #Allow MySQL to listen on all interfaces | |
| cp /etc/mysql/my.cnf /etc/mysql/my.cnf.backup | |
| [[ -f /etc/mysql/my.cnf ]] && sed -i 's|bind-address.*|#bind-address = 127.0.0.1|' /etc/mysql/my.cnf | |
| [[ -f /etc/mysql/mariadb.conf.d/50-server.cnf ]] && sed -i 's|bind-address.*|#bind-address = 127.0.0.1|' /etc/mysql/mariadb.conf.d/50-server.cnf | |
| SECURE_MYSQL=$(expect -c " | |
| set timeout 3 | |
| spawn mysql_secure_installation | |
| expect \"Enter current password for root (enter for none):\" | |
| send \"\r\" | |
| expect \"root password?\" | |
| send \"y\r\" | |
| expect \"New password:\" | |
| send \"$MYSQL_PASS\r\" | |
| expect \"Re-enter new password:\" | |
| send \"$MYSQL_PASS\r\" | |
| expect \"Remove anonymous users?\" | |
| send \"y\r\" | |
| expect \"Disallow root login remotely?\" | |
| send \"y\r\" | |
| expect \"Remove test database and access to it?\" | |
| send \"y\r\" | |
| expect \"Reload privilege tables now?\" | |
| send \"y\r\" | |
| expect eof | |
| ") | |
| # | |
| # Execution mysql_secure_installation | |
| # | |
| echo "${SECURE_MYSQL}" >> /dev/null | |
| # ISP config exception | |
| mkdir -p /etc/mysql/mariadb.conf.d/ | |
| cat > /etc/mysql/mariadb.conf.d/99-ispconfig.cnf<<"EOF" | |
| [mysqld] | |
| sql-mode="NO_ENGINE_SUBSTITUTION" | |
| EOF | |
| service mysql restart >> /dev/null | |
| } | |
| install_MySQLDovecot () | |
| { | |
| # | |
| # Install Postfix, Dovecot, Saslauthd, rkhunter, binutils | |
| # | |
| echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections | |
| echo "postfix postfix/mailname string $HOSTNAMEFQDN" | debconf-set-selections | |
| install_packet "postfix postfix-mysql postfix-doc openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql \ | |
| dovecot-sieve sudo libsasl2-modules dovecot-lmtpd" "postfix, dovecot, saslauthd, rkhunter, binutils" | |
| #Uncommenting some Postfix configuration files | |
| cp /etc/postfix/master.cf /etc/postfix/master.cf.backup | |
| sed -i 's|#submission inet n - - - - smtpd|submission inet n - - - - smtpd|' /etc/postfix/master.cf | |
| sed -i 's|# -o syslog_name=postfix/submission| -o syslog_name=postfix/submission|' /etc/postfix/master.cf | |
| sed -i 's|# -o smtpd_tls_security_level=encrypt| -o smtpd_tls_security_level=encrypt|' /etc/postfix/master.cf | |
| sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf | |
| sed -i 's|# -o smtpd_client_restrictions=permit_sasl_authenticated,reject| -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf | |
| sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf | |
| sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf | |
| sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf | |
| sed -i 's|#smtps inet n - - - - smtpd|smtps inet n - - - - smtpd|' /etc/postfix/master.cf | |
| sed -i 's|# -o syslog_name=postfix/smtps| -o syslog_name=postfix/smtps|' /etc/postfix/master.cf | |
| sed -i 's|# -o smtpd_tls_wrappermode=yes| -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf | |
| service postfix restart >> /dev/null | |
| } | |
| install_Virus () | |
| { | |
| # | |
| # Install Amavisd-new, SpamAssassin, And ClamAV | |
| # | |
| packets="amavisd-new spamassassin clamav clamav-daemon unzip bzip2 arj p7zip unrar-free rpm nomarch lzop \ | |
| cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl \ | |
| libnet-ident-perl zip libnet-dns-perl postgrey" | |
| if [[ $distribution != "bionic" ]] && [[ $distribution != "buster" ]]; then | |
| packets=$packets" zoo" | |
| fi | |
| if [[ $distribution != "buster" ]]; then packets=$packets" ripole"; fi | |
| install_packet "$packets" "amavisd, spamassassin, clamav" | |
| sed -i "s/^AllowSupplementaryGroups.*/AllowSupplementaryGroups true/" /etc/clamav/clamd.conf | |
| service spamassassin stop >/dev/null 2>&1 | |
| systemctl disable spamassassin >/dev/null 2>&1 | |
| # amavisd-new program has currently a bug in Ubuntu 18.04 | |
| if [[ $distribution == bionic ]]; then | |
| cd ${TEMP_DIR} | |
| wget -q https://git.ispconfig.org/ispconfig/ispconfig3/raw/stable-3.1/helper_scripts/ubuntu-amavisd-new-2.11.patch | |
| cd /usr/sbin | |
| cp -pf amavisd-new amavisd-new_bak | |
| patch --silent < ${TEMP_DIR}/ubuntu-amavisd-new-2.11.patch >> /dev/null 2>&1 | |
| fi | |
| freshclam >> /var/log/ispconfig_config.log | |
| service clamav-daemon start >/dev/null 2>&1 | |
| } | |
| install_hhvm () | |
| { | |
| # | |
| # Install HipHop Virtual Machine | |
| # | |
| apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xB4112585D386EB94 >/dev/null 2>&1 | |
| add-apt-repository https://dl.hhvm.com/"${family,,}" >/dev/null 2>&1 | |
| debconf-apt-progress -- apt-get update | |
| install_packet "hhvm" "HipHop Virtual Machine" | |
| } | |
| install_phpmyadmin () | |
| { | |
| # | |
| # Phpmyadmin unattended installation | |
| # | |
| if [[ "$family" != "Ubuntu" ]]; then | |
| DEBIAN_FRONTEND=noninteractive debconf-apt-progress -- apt-get -y install phpmyadmin | |
| else | |
| debconf-set-selections <<< "phpmyadmin phpmyadmin/internal/skip-preseed boolean true" | |
| debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect true" | |
| debconf-set-selections <<< "phpmyadmin phpmyadmin/dbconfig-install boolean false" | |
| echo "phpmyadmin phpmyadmin/internal/skip-preseed boolean true" | debconf-set-selections | |
| echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" | debconf-set-selections | |
| echo "phpmyadmin phpmyadmin/dbconfig-install boolean false" | debconf-set-selections | |
| debconf-apt-progress -- apt-get install -y phpmyadmin | |
| fi | |
| # Apache2 needs additional hack | |
| WWW_RECONFIG=$(expect -c " | |
| set timeout 3 | |
| spawn dpkg-reconfigure -f readline phpmyadmin | |
| expect \"Reinstall database for phpmyadmin?\" | |
| send \"No\r\" | |
| expect \"Web server to reconfigure automatically:\" | |
| send \"1\r\" | |
| expect eof | |
| ") | |
| echo "${WWW_RECONFIG}" >> /dev/null | |
| } | |
| install_apache () | |
| { | |
| # | |
| # Install Apache2, PHP5, FCGI, suExec, Pear and mcrypt | |
| # | |
| local pkg="apache2 apache2-doc apache2-utils libapache2-mod-fcgid php-pear mcrypt imagemagick libruby libapache2-mod-python memcached" | |
| local pkg_xenial="libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi \ | |
| apache2-suexec-pristine php-auth php7.0-mcrypt php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy \ | |
| php7.0-xmlrpc php7.0-xsl php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring php7.0-opcache php-apcu \ | |
| libapache2-mod-fastcgi php7.0-fpm" | |
| local pkg_bionic="apache2 apache2-doc apache2-utils libapache2-mod-php php7.2 php7.2-common php7.2-gd php7.2-mysql php7.2-imap \ | |
| phpmyadmin php7.2-cli php7.2-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear mcrypt imagemagick libruby libapache2-mod-python \ | |
| php7.2-curl php7.2-intl php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy php7.2-xmlrpc php7.2-xsl memcached php-memcache \ | |
| php-imagick php-gettext php7.2-zip php7.2-mbstring php-soap php7.2-soap php7.2-fpm php-apcu certbot" | |
| local pkg_stretch="libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi libapache2-mod-fcgid \ | |
| apache2-suexec-pristine php7.0-mcrypt libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 \ | |
| php7.0-tidy php7.0-xmlrpc php7.0-xsl php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring libapache2-mod-passenger \ | |
| php7.0-soap php7.0-fpm php7.0-opcache php-apcu certbot" | |
| local pkg_jessie="apache2.2-common apache2-mpm-prefork libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql \ | |
| php5-imap php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick libapache2-mod-python \ | |
| php5-curl php5-intl php5-memcache php5-memcached php5-pspell php5-recode php5-sqlite php5-tidy php5-xmlrpc php5-xsl \ | |
| libapache2-mod-passenger php5-xcache libapache2-mod-fastcgi php5-fpm" | |
| local pkg_buster="apache2 apache2-doc apache2-utils libapache2-mod-php php7.3 php7.3-common php7.3-gd php7.3-mysql php7.3-imap \ | |
| php7.3-cli php7.3-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear mcrypt imagemagick libruby libapache2-mod-python \ | |
| php7.3-curl php7.3-intl php7.3-pspell php7.3-recode php7.3-sqlite3 php7.3-tidy php7.3-xmlrpc php7.3-xsl memcached php-memcache \ | |
| php-imagick php-gettext php7.3-zip php7.3-mbstring php-soap php7.3-soap php7.3-fpm php-apcu certbot" | |
| local temp="pkg_${distribution}" | |
| install_packet "${pkg} ${!temp}" "Apache for $family $distribution" | |
| # fix HTTPOXY vulnerability | |
| cat <<EOT > /etc/apache2/conf-available/httpoxy.conf | |
| <IfModule mod_headers.c> | |
| RequestHeader unset Proxy early | |
| </IfModule> | |
| EOT | |
| a2enmod actions proxy_fcgi setenvif fastcgi alias httpoxy suexec rewrite ssl actions include dav_fs dav auth_digest cgi headers >/dev/null 2>&1 | |
| case $distribution in | |
| jessie) | |
| a2enconf php5-fpm >/dev/null 2>&1 | |
| ;; | |
| xenial) | |
| a2enconf php7.0-fpm >/dev/null 2>&1 | |
| ;; | |
| stretch) | |
| a2enconf php7.0-fpm >/dev/null 2>&1 | |
| ;; | |
| bionic) | |
| a2enconf php7.2-fpm >/dev/null 2>&1 | |
| ;; | |
| buster) | |
| a2enconf php7.3-fpm >/dev/null 2>&1 | |
| ;; | |
| esac | |
| service apache2 restart >> /dev/null | |
| } | |
| install_nginx () | |
| { | |
| # | |
| # Install NginX, PHP5, FCGI, suExec, Pear, And mcrypt | |
| # | |
| local pkg="nginx php-pear memcached fcgiwrap" | |
| local pkg_xenial="php7.0-fpm php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi \ | |
| php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy \ | |
| php7.0-xmlrpc php7.0-xsl php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring php-apcu letsencrypt" | |
| local pkg_stretch="php7.0-fpm php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi \ | |
| php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy \ | |
| php7.0-xmlrpc php7.0-xsl php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring php-apcu letsencrypt" | |
| local pkg_jessie="php5-fpm php5-mysql php5-curl php5-gd php5-intl php5-imagick php5-imap php5-mcrypt php5-memcache \ | |
| php5-memcached php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php-apc" | |
| local pkg_bionic="php7.2-fpm php7.2-opcache php7.2-fpm php7.2 php7.2-common php7.2-gd php7.2-mysql php7.2-imap php7.2-cli php7.2-cgi \ | |
| imagemagick libruby php7.2-curl php7.2-intl php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy \ | |
| php7.2-xmlrpc php7.2-xsl php-memcache php-imagick php-gettext php7.2-zip php7.2-mbstring php-apcu letsencrypt" | |
| local pkg_buster="php7.3-fpm php7.3-opcache php7.3-fpm php7.3 php7.3-common php7.3-gd php7.3-mysql php7.3-imap php7.3-cli php7.3-cgi \ | |
| imagemagick libruby php7.3-curl php7.3-intl php7.3-pspell php7.3-recode php7.3-sqlite3 php7.3-tidy \ | |
| php7.3-xmlrpc php7.3-xsl php-memcache php-imagick php-gettext php7.3-zip php7.3-mbstring php-apcu letsencrypt" | |
| local temp="pkg_${distribution}" | |
| install_packet "${pkg} ${!temp}" "Nginx for $family $distribution" | |
| case $distribution in | |
| jessie) | |
| phpenmod mcrypt mbstring | |
| debconf-apt-progress -- apt-get install -y python-certbot -t jessie-backports | |
| service php5-fpm reload >> /dev/null | |
| ;; | |
| xenial) | |
| phpenmod mcrypt mbstring | |
| tz=$(cat /etc/timezone | sed 's/\//\\\//g') | |
| sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini | |
| sed -i "s/^date.timezone=.*/date.timezone=""$tz""/" /etc/php/7.0/fpm/php.ini | |
| service php7.0-fpm reload >> /dev/null | |
| ;; | |
| stretch) | |
| tz=$(cat /etc/timezone | sed 's/\//\\\//g') | |
| sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini | |
| sed -i "s/^date.timezone=.*/date.timezone=""$tz""/" /etc/php/7.0/fpm/php.ini | |
| service php7.0-fpm reload >> /dev/null | |
| phpenmod mcrypt mbstring | |
| ;; | |
| bionic) | |
| tz=$(cat /etc/timezone | sed 's/\//\\\//g') | |
| sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.2/fpm/php.ini | |
| sed -i "s/^date.timezone=.*/date.timezone=""$tz""/" /etc/php/7.2/fpm/php.ini | |
| service php7.2-fpm reload >> /dev/null | |
| phpenmod mbstring | |
| ;; | |
| buster) | |
| tz=$(cat /etc/timezone | sed 's/\//\\\//g') | |
| sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.3/fpm/php.ini | |
| sed -i "s/^date.timezone=.*/date.timezone=""$tz""/" /etc/php/7.3/fpm/php.ini | |
| service php7.3-fpm reload >> /dev/null | |
| phpenmod mbstring | |
| ;; | |
| esac | |
| } | |
| install_PureFTPD () | |
| { | |
| # | |
| # Install PureFTPd and Quota | |
| # | |
| install_packet "pure-ftpd-common pure-ftpd-mysql quota quotatool" "pureFTPd and Quota" | |
| sed -i 's/VIRTUALCHROOT=false/VIRTUALCHROOT=true/' /etc/default/pure-ftpd-common | |
| echo 1 > /etc/pure-ftpd/conf/TLS | |
| mkdir -p /etc/ssl/private/ | |
| openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -subj "/C=GB/ST=GB/L=GB/O=GB/OU=GB/CN=$(hostname -f)/emailAddress=joe@joe.com" -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem >/dev/null 2>&1 | |
| chmod 600 /etc/ssl/private/pure-ftpd.pem | |
| /etc/init.d/pure-ftpd-mysql restart >/dev/null 2>&1 | |
| local temp=$(cat /etc/fstab | grep "/ " | tail -1 | awk '{print $4}') | |
| sed -i "s/$temp/$temp,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0/" /etc/fstab | |
| mount -o remount / >/dev/null 2>&1 | |
| quotacheck -avugm >/dev/null 2>&1 | |
| quotaon -avug >/dev/null 2>&1 | |
| } | |
| install_Bind () | |
| { | |
| # | |
| # Install BIND DNS Server | |
| # | |
| install_packet "bind9 dnsutils haveged" "Install BIND DNS Server" | |
| systemctl enable haveged >/dev/null 2>&1 | |
| systemctl start haveged >/dev/null 2>&1 | |
| } | |
| install_Stats () | |
| { | |
| # | |
| # Install Vlogger, Webalizer, And AWstats | |
| # | |
| install_packet "vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl" "vlogger, webalizer, awstats" | |
| sed -i "s/MAILTO=root/#MAILTO=root/" /etc/cron.d/awstats | |
| sed -i "s/*/10 * * * * www-data/#*/10 * * * * www-data/" /etc/cron.d/awstats | |
| sed -i "s/10 03 * * * www-data/#10 03 * * * www-data/" /etc/cron.d/awstats | |
| } | |
| install_Jailkit() | |
| { | |
| # | |
| debconf-apt-progress -- apt-get install -y build-essential autoconf automake libtool flex bison debhelper binutils | |
| cd ${TEMP_DIR} | |
| wget -q https://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gz -O - | tar -xz && cd jailkit-2.19 | |
| echo 5 > debian/compat | |
| ./debian/rules binary > /dev/null 2>&1 | |
| dpkg -i ../jailkit_2.19-1_*.deb > /dev/null 2>&1 | |
| } | |
| install_Fail2BanDovecot() | |
| { | |
| # | |
| # Install fail2ban | |
| # | |
| install_packet "fail2ban ufw" "Install fail2ban and UFW Firewall" | |
| if [[ $distribution == "stretch" ]]; then | |
| cat > /etc/fail2ban/jail.local <<"EOF" | |
| [pure-ftpd] | |
| enabled = true | |
| port = ftp | |
| filter = pure-ftpd | |
| logpath = /var/log/syslog | |
| maxretry = 3 | |
| [dovecot] | |
| enabled = true | |
| filter = dovecot | |
| logpath = /var/log/mail.log | |
| maxretry = 5 | |
| [postfix-sasl] | |
| enabled = true | |
| port = smtp | |
| filter = postfix-sasl | |
| logpath = /var/log/mail.log | |
| maxretry = 3 | |
| EOF | |
| else | |
| cat > /etc/fail2ban/jail.local <<"EOF" | |
| [pureftpd] | |
| enabled = true | |
| port = ftp | |
| filter = pureftpd | |
| logpath = /var/log/syslog | |
| maxretry = 3 | |
| [dovecot-pop3imap] | |
| enabled = true | |
| filter = dovecot-pop3imap | |
| action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] | |
| logpath = /var/log/mail.log | |
| maxretry = 5 | |
| [sasl] | |
| enabled = true | |
| port = smtp | |
| filter = postfix-sasl | |
| logpath = /var/log/mail.log | |
| maxretry = 3 | |
| EOF | |
| fi | |
| } | |
| install_Fail2BanRulesDovecot() | |
| { | |
| # | |
| # Dovecot rules | |
| # | |
| cat > /etc/fail2ban/filter.d/pureftpd.conf <<"EOF" | |
| [Definition] | |
| failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.* | |
| ignoreregex = | |
| EOF | |
| cat > /etc/fail2ban/filter.d/dovecot-pop3imap.conf <<"EOF" | |
| [Definition] | |
| failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* | |
| ignoreregex = | |
| EOF | |
| # Add the missing ignoreregex line | |
| echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf | |
| service fail2ban restart >> /dev/null | |
| } | |
| install_ISPConfig (){ | |
| # | |
| # Install ISPConfig 3 | |
| # | |
| cd ${TEMP_DIR} | |
| wget -q https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz -O - | tar -xz | |
| cd ${TEMP_DIR}/ispconfig3_install/install/ | |
| php -q install.php --autoinstall=${TEMP_DIR}/isp.conf.php &>> /var/log/ispconfig_config.log | |
| dialog --colors --backtitle "$BACKTITLE" --no-collapse --title " Auto updating SSL certificate " --clear --yesno "\nDo you want to secure ISPConfig control panel and all services with free Let's Encrypt SSL certificate?" 8 80 | |
| if [[ $? == 0 ]]; then | |
| dialog --colors --backtitle "$BACKTITLE" --no-collapse --title " Instructions " --clear --msgbox "\n1. Access admin panel with your browser: \Z1https://$serverIP:8080\Z0\n\nUsername: \Z1admin\Z0\nPassword: \Z11234\Z0 \n\n\n2. Go to Sites > Website > \Z1Add new website\Z0\n\nDomain: \Z1$(hostname -f)\Z0\nAuto-Subdomain: \Z1None\Z0\nSSL: \Z1enable\Z0\nLet's Encrypt SSL: \Z1enable\Z0\n\n\n3. Go to Tools > \Z1Password and language\Z0\n\nChange ISPConfig control panel password.\n\nSave and Logout. \n\n\n4. Wait until SSL is not working here: \Z1https://$(hostname -f)\Z0 \n\nIt can take up to a few minutes.\n\n\n5. Proceed with install (\Z1Press ENTER\Z0):" 33 80 | |
| curl -sSL https://github.com/ahrasis/LE4ISPC/archive/master.zip > master.zip 2> /dev/null | |
| unzip -qq master.zip | |
| bash LE4ISPC-master/${server}/le4ispc.sh 2>&1 | |
| fi | |
| } | |
| # | |
| # Main choices | |
| # | |
| # check for root | |
| # | |
| if [[ $EUID != 0 ]]; then | |
| dialog --title "Warning" --infobox "\nThis script requires root privileges.\n\nExiting ..." 7 41 | |
| sleep 3 | |
| exit | |
| fi | |
| # nameserver backup | |
| if [ -d /etc/resolvconf/resolv.conf.d ]; then | |
| echo 'nameserver 8.8.8.8' > /etc/resolvconf/resolv.conf.d/head | |
| resolvconf -u &> /dev/null | |
| fi | |
| # Create a safe temporary directory | |
| TEMP_DIR=$(mktemp -d || exit 1) | |
| chmod 700 ${TEMP_DIR} | |
| trap "rm -rf \"${TEMP_DIR}\" ; exit 0" 0 1 2 3 15 | |
| # Install basic stuff, we have to wait for other apt tasks to finish | |
| # (eg unattended-upgrades) | |
| i=0 | |
| tput sc | |
| while fuser /var/lib/dpkg/lock >/dev/null 2>&1 ; do | |
| case $(($i % 4)) in | |
| 0 ) j="-" ;; | |
| 1 ) j="\\" ;; | |
| 2 ) j="|" ;; | |
| 3 ) j="/" ;; | |
| esac | |
| tput rc | |
| echo -en "\r[$j] Waiting for other software managers to finish..." | |
| sleep 0.5 | |
| ((i=i+1)) | |
| done | |
| apt-get -qq -y --no-install-recommends install curl debconf-utils html2text apt-transport-https dialog whiptail lsb-release bc expect > /dev/null | |
| # gather some info | |
| # | |
| TTY_X=$(($(stty size | awk '{print $2}')-6)) # determine terminal width | |
| TTY_Y=$(($(stty size | awk '{print $1}')-6)) # determine terminal height | |
| distribution=$(lsb_release -cs) | |
| family=$(lsb_release -is) | |
| DEFAULT_ADAPTER=$(ip -4 route ls | grep default | tail -1 | grep -Po '(?<=dev )(\S+)') | |
| serverIP=$(ip -4 addr show dev $DEFAULT_ADAPTER | awk '/inet/ {print $2}' | cut -d'/' -f1) | |
| set ${serverIP//./ } | |
| SUBNET="$1.$2.$3." | |
| hostnamefqdn=$(hostname -f) | |
| mysql_pass="" | |
| BACKTITLE="Softy - Armbian post deployment scripts, https://www.armbian.com" | |
| SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" | |
| #check_status | |
| # main dialog routine | |
| # | |
| DIALOG_CANCEL=1 | |
| DIALOG_ESC=255 | |
| while true; do | |
| # prepare menu items | |
| check_status | |
| LISTLENGTH="$((${#LIST[@]}/2))" | |
| exec 3>&1 | |
| selection=$(dialog --backtitle "$BACKTITLE" --title "Installing to $family $distribution" --colors --clear --cancel-label \ | |
| "Cancel" --ok-label "Install" --checklist "\nChoose what you want to install:\n " $LIST_CONST 71 18 "${LIST[@]}" 2>&1 1>&3) | |
| exit_status=$? | |
| exec 3>&- | |
| case $exit_status in | |
| $DIALOG_ESC | $DIALOG_CANCEL) | |
| clear | |
| exit 1 | |
| ;; | |
| esac | |
| # cycle through all install options | |
| i=0 | |
| if ! is_package_manager_running; then | |
| while [ "$i" -lt "$LISTLENGTH" ]; do | |
| if [[ "$selection" == *Samba* && "$SAMBA_STATUS" != "on" ]]; then | |
| install_samba | |
| selection=${selection//Samba/} | |
| fi | |
| if [[ "$selection" == *CUPS* && "$CUPS_STATUS" != "on" ]]; then | |
| install_cups | |
| selection=${selection//CUPS/} | |
| fi | |
| if [[ "$selection" == *headend* && "$TVHEADEND_STATUS" != "on" ]]; then | |
| install_tvheadend | |
| selection=${selection//\"TV headend\"/} | |
| fi | |
| if [[ "$selection" == *Minidlna* && "$MINIDLNA_STATUS" != "on" ]]; then | |
| install_packet "minidlna" "Install lightweight DLNA/UPnP-AV server" | |
| selection=${selection//Minidlna/} | |
| fi | |
| if [[ "$selection" == *ISPConfig* && "$ISPCONFIG_STATUS" != "on" ]]; then | |
| server_conf | |
| if [[ "$MYSQL_PASS" == "" ]]; then | |
| dialog --msgbox "Mysql password can't be blank. Exiting..." 7 70 | |
| exit | |
| fi | |
| if [[ "$(echo $HOSTNAMEFQDN | grep -P '(?=^.{1,254}$)(^(?>(?!\d+\.)[a-zA-Z0-9_\-]{1,63}\.?)+(?:[a-zA-Z]{2,})$)')" == "" ]]; then | |
| dialog --msgbox "Invalid FQDN. Exiting..." 7 70 | |
| exit | |
| fi | |
| choose_webserver; install_basic; install_DashNTP; install_MySQL; install_MySQLDovecot; install_Virus; install_$server; | |
| install_phpmyadmin | |
| [[ -z "$(dpkg --print-architecture | grep arm)" ]] && install_hhvm | |
| create_ispconfig_configuration;install_PureFTPD;install_Stats;install_Bind; | |
| install_Jailkit; install_Fail2BanDovecot; install_Fail2BanRulesDovecot; | |
| install_ISPConfig | |
| selection=${selection//ISPConfig/} | |
| fi | |
| if [[ "$selection" == *Syncthing* && "$SYNCTHING_STATUS" != "on" ]]; then | |
| install_syncthing | |
| selection=${selection//Syncthing/} | |
| fi | |
| if [[ "$selection" == *Hassio* && "$HASS_STATUS" != "on" ]]; then | |
| install_hassio | |
| selection=${selection//Hassio/} | |
| fi | |
| if [[ "$selection" == *OpenHAB2 && "$OPENHAB2_STATUS" != "on" ]]; then | |
| install_openhab2 | |
| selection=${selection//OpenHAB2/} | |
| fi | |
| if [[ "$selection" == *OpenHAB3 && "$OPENHAB_STATUS" != "on" ]]; then | |
| install_openhab | |
| selection=${selection//OpenHAB/} | |
| fi | |
| if [[ "$selection" == *server* && "$VPN_SERVER_STATUS" != "on" ]]; then | |
| install_vpn_server | |
| selection=${selection//\"VPN server\"/} | |
| fi | |
| if [[ "$selection" == *client* && "$VPN_CLIENT_STATUS" != "on" ]]; then | |
| install_vpn_client | |
| selection=${selection//\"VPN client\"/} | |
| fi | |
| if [[ "$selection" == *NCP* && "$NCP_STATUS" != "on" ]]; then | |
| install_ncp | |
| selection=${selection//NCP/} | |
| fi | |
| if [[ "$selection" == *OMV* && "$OMV_STATUS" != "on" ]]; then | |
| install_omv | |
| selection=${selection//OMV/} | |
| fi | |
| if [[ "$selection" == *Plex* && "$PLEX_STATUS" != "on" ]]; then | |
| install_plex_media_server | |
| selection=${selection//Plex/} | |
| fi | |
| if [[ "$selection" == *Emby* && "$EMBY_STATUS" != "on" ]]; then | |
| install_emby_server | |
| selection=${selection//Emby/} | |
| fi | |
| if [[ "$selection" == *Radarr* && "$RADARR_STATUS" != "on" ]]; then | |
| install_radarr | |
| selection=${selection//Radarr/} | |
| fi | |
| if [[ "$selection" == *Sonarr* && "$SONARR_STATUS" != "on" ]]; then | |
| install_sonarr | |
| selection=${selection//Sonarr/} | |
| fi | |
| if [[ "$selection" == *hole* && "$PI_HOLE_STATUS" != "on" ]]; then | |
| curl -L "https://install.pi-hole.net" | PIHOLE_SKIP_OS_CHECK=true bash | |
| selection=${selection//\"Pi hole\"/} | |
| fi | |
| if [[ "$selection" == *Docker* && "$DOCKER_STATUS" != "on" ]]; then | |
| install_docker | |
| selection=${selection//Docker/} | |
| fi | |
| if [[ "$selection" == *Transmission* && "$TRANSMISSION_STATUS" != "on" ]]; then | |
| install_transmission | |
| selection=${selection//Transmission/} | |
| dialog --title "Seed Armbian torrents" --backtitle "$BACKTITLE" --yes-label "Yes" --no-label "No" --yesno "\ | |
| \nDo you want to help the community and seed armbian torrent files? It will ensure faster downloads for everyone.\ | |
| \n\nApproximately 400GB disk space is required." 11 44 | |
| if [[ $? = 0 ]]; then | |
| install_transmission_seed_armbian_torrents | |
| fi | |
| fi | |
| if [[ "$selection" == *UrBackup* && "$URBACKUP_STATUS" != "on" ]]; then | |
| install_urbackup | |
| selection=${selection//UrBackup/} | |
| fi | |
| if [[ "$selection" == *Mayan* && "$MAYAN_STATUS" != "on" ]]; then | |
| if [[ "$DOCKER_STATUS" == "off" ]]; then | |
| install_docker | |
| fi | |
| curl -fsSL https://get.mayan-edms.com | bash | |
| selection=${selection//Mayan/} | |
| fi | |
| i=$[$i+1] | |
| done | |
| fi | |
| # reread statuses | |
| check_status | |
| done |