diff options
author | nachoparker <nacho@ownyourbits.com> | 2017-03-29 19:33:55 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2017-03-31 18:42:32 +0300 |
commit | 75b42680feb34185107c6ebeae6162ec26f07f48 (patch) | |
tree | db1b1dd3d200ecbfd74df60827f268685cfe218e /etc | |
parent | 7aa9c1c0910901b4f93b5307a3c42e1e340f2aef (diff) |
ncp updates and motd. structure directoriesv0.1.0
Diffstat (limited to 'etc')
-rwxr-xr-x | etc/library.sh | 276 | ||||
-rw-r--r-- | etc/ncp-ascii.txt | 30 | ||||
-rwxr-xr-x | etc/nextcloudpi-config.d/dnsmasq.sh | 78 | ||||
-rwxr-xr-x | etc/nextcloudpi-config.d/fail2ban.sh | 144 | ||||
-rwxr-xr-x | etc/nextcloudpi-config.d/letsencrypt.sh | 68 | ||||
-rwxr-xr-x | etc/nextcloudpi-config.d/modsecurity.sh | 122 | ||||
-rwxr-xr-x | etc/nextcloudpi-config.d/nc-datadir.sh | 68 | ||||
-rwxr-xr-x | etc/nextcloudpi-config.d/nc-httpsonly.sh | 47 | ||||
-rwxr-xr-x | etc/nextcloudpi-config.d/nc-limits.sh | 47 | ||||
-rwxr-xr-x | etc/nextcloudpi-config.d/nc-update.sh | 44 | ||||
-rwxr-xr-x | etc/nextcloudpi-config.d/no-ip.sh | 85 | ||||
-rwxr-xr-x | etc/nextcloudpi-config.d/unattended-upgrades.sh | 66 |
12 files changed, 1075 insertions, 0 deletions
diff --git a/etc/library.sh b/etc/library.sh new file mode 100755 index 00000000..a9a4bc94 --- /dev/null +++ b/etc/library.sh @@ -0,0 +1,276 @@ +#!/bin/bash + +# Library to install software on Raspbian ARM through QEMU +# +# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# More at ownyourbits.com +# + + +IMGNAME=$( basename $IMGFILE .img )_$( basename $INSTALL_SCRIPT .sh ).img +CFGOUT=config_$( basename $INSTALL_SCRIPT .sh ).txt +DBG=x + +# $IMGOUT will contain the name of the last step +function launch_install_qemu() +{ + local IMG=$1 + local IP=$2 + [[ "$IP" == "" ]] && { echo "usage: launch_install_qemu <script> <img> <IP>"; return 1; } + test -f $IMG || { echo "input file $IMG not found"; return 1; } + + local BASE=$( sed 's=-stage[[:digit:]]==' <<< $IMG ) + local NUM=$( sed 's=.*-stage\([[:digit:]]\)=\1=' <<< $IMG ) + [[ "$BASE" == "$IMG" ]] && NUM=0 + + local NUM_REBOOTS=$( grep -c reboot $INSTALL_SCRIPT ) + while [[ $NUM_REBOOTS != -1 ]]; do + NUM=$(( NUM+1 )) + IMGOUT="$BASE-stage$NUM" + cp -v $IMG $IMGOUT || return 1 # take a copy of the input image for processing ( append "-stage1" ) + + launch_qemu $IMGOUT & + sleep 10 + wait_SSH $IP + launch_installation_qemu $IP || return 1 + wait + IMG="$IMGOUT" + NUM_REBOOTS=$(( NUM_REBOOTS-1 )) + done + echo "$IMGOUT generated successfully" +} + +function launch_qemu() +{ + local IMG=$1 + test -f $1 || { echo "Image $IMG not found"; return 1; } + test -d qemu-raspbian-network || git clone https://github.com/nachoparker/qemu-raspbian-network.git + sed -i '30s/NO_NETWORK=1/NO_NETWORK=0/' qemu-raspbian-network/qemu-pi.sh + echo "Starting QEMU image $IMG" + ( cd qemu-raspbian-network && sudo ./qemu-pi.sh ../$IMG 2>/dev/null ) +} + +function ssh_pi() +{ + local IP=$1 + local ARGS=${@:2} + local PIUSER=${PIUSER:-pi} + local PIPASS=${PIPASS:-raspberry} + local SSH=( ssh -q -o UserKnownHostsFile=/dev/null\ + -o StrictHostKeyChecking=no\ + -o ServerAliveInterval=20\ + -o ConnectTimeout=20\ + -o LogLevel=quiet ) + type sshpass &>/dev/null && local SSHPASS=( sshpass -p$PIPASS ) + if [[ "${SSHPASS[@]}" == "" ]]; then + ${SSH[@]} ${PIUSER}@$IP $ARGS; + else + ${SSHPASS[@]} ${SSH[@]} ${PIUSER}@$IP $ARGS + local RET=$? + [[ $RET -eq 5 ]] && { ${SSH[@]} ${PIUSER}@$IP $ARGS; return $?; } + return $RET + fi +} + +function wait_SSH() +{ + local IP=$1 + echo "Waiting for SSH to be up on $IP..." + while true; do + ssh_pi $IP : && break + sleep 1 + done + echo "SSH is up" +} + +function launch_installation() +{ + local IP=$1 + [[ "$INSTALLATION_CODE" == "" ]] && { echo "Need to run config first" ; return 1; } + [[ "$INSTALLATION_STEPS" == "" ]] && { echo "No installation instructions"; return 1; } + local PREINST_CODE=" +set -e$DBG +sudo su +set -e$DBG +" + echo "Launching installation" + echo -e "$PREINST_CODE\n$INSTALLATION_CODE\n$INSTALLATION_STEPS" | ssh_pi $IP || { echo "Installation to $IP failed" && return 1; } + echo "configuration saved to $CFGOUT" +} + +function launch_installation_qemu() +{ + local IP=$1 + [[ "$NO_CFG_STEP" != "1" ]] && local CFG_STEP=configure + [[ "$NO_CLEANUP" != "1" ]] && local CLEANUP_STEP=cleanup + [[ "$NO_HALT_STEP" != "1" ]] && local HALT_STEP="nohup halt &>/dev/null &" + local INSTALLATION_STEPS=" +install +$CFG_STEP +$CLEANUP_STEP +$HALT_STEP +" + launch_installation $IP +} + +function launch_installation_online() +{ + local IP=$1 + [[ "$NO_CFG_STEP" != "1" ]] && local CFG_STEP=configure + local INSTALLATION_STEPS=" +install +$CFG_STEP +" + launch_installation $IP +} + +# Initializes $INSTALLATION_CODE +function config() +{ + local INSTALL_SCRIPT="$1" + local BACKTITLE="NextCloudPi installer configuration" + + type dialog &>/dev/null || { echo "please, install dialog for interactive configuration"; return 1; } + + test -f "$INSTALL_SCRIPT" || { echo "file "$INSTALL_SCRIPT" not found"; return 1; } + local VARS=( $( grep "^[[:alpha:]]\+_=" "$INSTALL_SCRIPT" | cut -d= -f1 | sed 's|_$||' ) ) + local VALS=( $( grep "^[[:alpha:]]\+_=" "$INSTALL_SCRIPT" | cut -d= -f2 ) ) + + [[ "$NO_CONFIG" == "1" ]] || test ${#VARS[@]} -eq 0 && { INSTALLATION_CODE="$( cat "$INSTALL_SCRIPT" )"; return; } + + for i in `seq 1 1 ${#VARS[@]} `; do + local PARAM+="${VARS[$((i-1))]} $i 1 ${VALS[$((i-1))]} $i 15 60 0 " + done + + local DIALOG_OK=0 + local DIALOG_CANCEL=1 + local DIALOG_ERROR=254 + local DIALOG_ESC=255 + local RET=0 + + while test $RET != 1 && test $RET != 250; do + local value + value=$( dialog --ok-label "Start" \ + --no-lines --backtitle "$BACKTITLE" \ + --form "Enter the desired configuration for $( basename "$INSTALL_SCRIPT" .sh )" \ + 20 70 0 $PARAM \ + 3>&1 1>&2 2>&3 ) + RET=$? + + case $RET in + $DIALOG_CANCEL) + dialog \ + --no-lines --clear \ + --backtitle "$BACKTITLE" \ + --yesno "Really quit?" 10 30 + case $? in + $DIALOG_OK) + echo "Aborted" + return 1 + ;; + $DIALOG_CANCEL) + RET=99 + ;; + esac + ;; + $DIALOG_OK) + local RET=( $value ) + for i in `seq 0 1 $(( ${#RET[@]} - 1 )) `; do + local SEDRULE+="s|^${VARS[$i]}_=.*|${VARS[$i]}_=${RET[$i]}|;" + local CONFIG+="${VARS[$i]}=${RET[$i]}\n" + done + break + ;; + $DIALOG_ERROR) + echo "ERROR!$value" + return 1 + ;; + $DIALOG_ESC) + echo "ESC pressed." + return 1 + ;; + *) + echo "Return code was $RET" + return 1 + ;; + esac + done + + INSTALLATION_CODE="$( sed $SEDRULE "$INSTALL_SCRIPT" )" + [[ "$CFGOUT" != "" ]] && echo -e "$CONFIG" > "$CFGOUT" +} + + +function install_script() +{ + ( + local SCRIPT=$1 + source ./$SCRIPT + echo -e "Installing \e[1m$( basename $SCRIPT .sh )\e[0m" + set +x + install + cleanup + ) +} + +function configure_script() +{ + ( + local SCRIPT=$1 + cd /usr/local/etc/nextcloudpi-config.d/ + config $SCRIPT || return 1 # writes "$INSTALLATION_CODE" + echo -e "$INSTALLATION_CODE" > $SCRIPT # save configuration + source ./$SCRIPT # load configuration + echo -e "Configuring \e[1m$( basename $SCRIPT .sh )\e[0m" + set +x + configure + ) +} + +function copy_to_image() +{ + local IMG=$1 + local DST=$2 + local SRC=${@: 3 } + local SECTOR=$( fdisk -l $IMG | grep Linux | awk '{ print $2 }' ) + local OFFSET=$(( SECTOR * 512 )) + + [ -f "$IMG" ] || { echo "no image"; return 1; } + mkdir -p tmpmnt + sudo mount $IMG -o offset=$OFFSET tmpmnt || return 1 + sudo cp -v $SRC tmpmnt/$DST || return 1 + sudo umount -l tmpmnt + rmdir tmpmnt &>/dev/null +} + +function pack_image() +{ + local IMGOUT="$1" + local IMGNAME="$2" + local TARNAME=$( basename $IMGNAME .img ).tar.bz2 + echo "copying $IMGOUT → $IMGNAME" + cp "$IMGOUT" "$IMGNAME" || return 1 + echo "packing $IMGNAME → $TARNAME" + tar -I pbzip2 -cvf $TARNAME "$IMGNAME" &>/dev/null && \ + echo -e "$TARNAME packed successfully" +} + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA + diff --git a/etc/ncp-ascii.txt b/etc/ncp-ascii.txt new file mode 100644 index 00000000..9e48f50b --- /dev/null +++ b/etc/ncp-ascii.txt @@ -0,0 +1,30 @@ +[48;5;16;38;5;16m▄▄▄[38;5;235m▄[48;5;232;38;5;31m▄[48;5;23;38;5;32m▄[48;5;24m▄[48;5;31m▄[48;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;31m▄[48;5;24m▄[48;5;23m▄[48;5;232;38;5;25m▄[48;5;16;38;5;233m▄[38;5;16m▄▄▄[0m +[48;5;16;38;5;16m▄[38;5;235m▄[48;5;23;38;5;32m▄[48;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;31m▄[48;5;233;38;5;31m▄[48;5;16;38;5;233m▄[38;5;16m▄[0m +[48;5;232;38;5;23m▄[48;5;31;38;5;32m▄[48;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;25m▄[48;5;16;38;5;23m▄[0m +[48;5;24;38;5;31m▄[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;24;38;5;31m▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[38;5;31m▄[38;5;24m▄[38;5;23m▄[38;5;235m▄[38;5;234m▄[38;5;233m▄[38;5;234m▄[38;5;236m▄[38;5;23m▄[38;5;31m▄[38;5;32m▄▄▄▄[38;5;31m▄[38;5;23m▄[38;5;235m▄[38;5;234m▄[38;5;233m▄[38;5;234m▄[38;5;235m▄[38;5;23m▄[38;5;24m▄[38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;23;38;5;237m▄[48;5;232;38;5;58m▄[48;5;234;38;5;70m▄[48;5;58;38;5;106m▄[48;5;64m▄▄▄▄[48;5;58m▄[48;5;235;38;5;70m▄[48;5;232;38;5;64m▄[48;5;24;38;5;233m▄[48;5;32;38;5;31m▄[38;5;23m▄[48;5;236;38;5;234m▄[48;5;232;38;5;64m▄[48;5;235;38;5;106m▄[48;5;64m▄▄▄▄[48;5;58m▄▄[48;5;233;38;5;70m▄[38;5;235m▄[48;5;25;38;5;24m▄[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;236;38;5;23m▄[48;5;58;38;5;234m▄[48;5;106;38;5;106m▄▄[48;5;70m▄[48;5;64;38;5;70m▄[48;5;70;38;5;58m▄[48;5;106m▄[38;5;70m▄[38;5;106m▄▄[48;5;64;38;5;70m▄[48;5;236;38;5;232m▄[48;5;232;38;5;235m▄[48;5;64;38;5;106m▄[48;5;106m▄▄[38;5;64m▄[38;5;58m▄[48;5;70m▄[48;5;64;38;5;70m▄[48;5;70;38;5;106m▄[48;5;106m▄[38;5;70m▄[48;5;234;38;5;233m▄[48;5;24;38;5;31m▄[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;31m▄[48;5;232;38;5;236m▄[48;5;64;38;5;58m▄[48;5;106;38;5;106m▄▄▄▄[48;5;64m▄[48;5;235;38;5;70m▄[48;5;64;38;5;235m▄[48;5;106;38;5;58m▄[48;5;70m▄[48;5;232;38;5;16m▄[48;5;235m▄[48;5;106;38;5;58m▄[38;5;236m▄[48;5;58;38;5;58m▄[48;5;236;38;5;106m▄[48;5;64m▄[48;5;106m▄▄▄[38;5;70m▄[48;5;64;38;5;234m▄[48;5;235;38;5;23m▄[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;24m▄[48;5;233;38;5;24m▄[48;5;58;38;5;233m▄[48;5;106;38;5;236m▄[38;5;70m▄[38;5;106m▄▄▄[48;5;70;38;5;58m▄[48;5;233;38;5;16m▄[48;5;16m▄▄▄▄[48;5;235;38;5;232m▄[48;5;106;38;5;64m▄[38;5;106m▄▄▄[38;5;70m▄[48;5;70;38;5;234m▄[48;5;236m▄[48;5;235;38;5;31m▄[48;5;31;38;5;32m▄[48;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;25;38;5;25m▄[48;5;234;38;5;234m▄[48;5;233;38;5;232m▄[48;5;58;38;5;52m▄▄[48;5;235;38;5;233m▄[48;5;16;38;5;16m▄[38;5;52m▄[38;5;125m▄[48;5;233m▄[48;5;232m▄[48;5;16;38;5;89m▄[38;5;234m▄[48;5;232;38;5;232m▄[48;5;236;38;5;52m▄[48;5;58m▄[38;5;233m▄[48;5;232;38;5;16m▄[48;5;236;38;5;237m▄[48;5;31;38;5;31m▄[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄[38;5;74m▄▄[38;5;32m▄▄▄▄▄▄▄[38;5;31m▄[48;5;24;38;5;233m▄[48;5;233;38;5;88m▄[48;5;52;38;5;125m▄[48;5;125m▄▄[38;5;232m▄[48;5;232;38;5;16m▄[48;5;52;38;5;52m▄[48;5;125;38;5;125m▄▄▄▄▄▄[48;5;52;38;5;52m▄[48;5;89;38;5;232m▄[48;5;125;38;5;89m▄[38;5;125m▄[48;5;88m▄[48;5;232;38;5;89m▄[48;5;234;38;5;16m▄[48;5;31;38;5;236m▄[48;5;32;38;5;32m▄▄▄▄▄▄▄▄[38;5;74m▄▄[38;5;32m▄▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄[38;5;189m▄[48;5;74;38;5;231m▄[48;5;189m▄[48;5;231m▄▄▄▄[48;5;195m▄[48;5;110m▄[48;5;32;38;5;189m▄[38;5;32m▄▄▄[48;5;24;38;5;24m▄[48;5;232;38;5;234m▄[48;5;125;38;5;125m▄[38;5;88m▄[48;5;89;38;5;232m▄[48;5;232;38;5;16m▄[48;5;16;38;5;52m▄▄▄[48;5;52;38;5;232m▄[48;5;125;38;5;16m▄[38;5;232m▄[38;5;16m▄▄[48;5;52;38;5;52m▄[48;5;16;38;5;89m▄[38;5;88m▄[38;5;52m▄[48;5;88;38;5;16m▄[48;5;125;38;5;52m▄[38;5;125m▄[48;5;234;38;5;52m▄[48;5;232;38;5;16m▄[48;5;32;38;5;31m▄[38;5;32m▄▄[38;5;74m▄[38;5;231m▄[48;5;116m▄[48;5;231m▄▄▄▄▄[48;5;153m▄[48;5;74m▄[48;5;32;38;5;152m▄[38;5;32m▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄[38;5;189m▄[48;5;195;38;5;231m▄[48;5;231m▄▄▄▄▄▄▄▄▄▄[48;5;195m▄[48;5;74;38;5;195m▄[48;5;32;38;5;60m▄[48;5;23;38;5;232m▄[48;5;232;38;5;234m▄[48;5;234;38;5;16m▄[48;5;16m▄[48;5;233;38;5;89m▄[48;5;89;38;5;125m▄[48;5;125m▄▄▄▄[48;5;234m▄[48;5;16;38;5;16m▄[38;5;234m▄[48;5;88;38;5;125m▄[48;5;125m▄▄▄▄[48;5;89m▄[48;5;232;38;5;88m▄[48;5;233;38;5;16m▄[48;5;234;38;5;233m▄[48;5;16;38;5;234m▄[48;5;24;38;5;232m▄[48;5;32;38;5;67m▄[48;5;74;38;5;231m▄[48;5;231m▄▄▄▄▄▄▄▄▄▄▄[48;5;189m▄[48;5;32;38;5;152m▄[38;5;32m▄▄▄[0m +[48;5;32;38;5;32m▄▄[48;5;74;38;5;189m▄[48;5;231;38;5;231m▄▄▄▄[38;5;153m▄[38;5;32m▄[48;5;153m▄▄[48;5;231m▄[38;5;152m▄[38;5;231m▄▄▄[48;5;250;38;5;237m▄[48;5;232;38;5;52m▄[48;5;89;38;5;125m▄[48;5;125m▄[48;5;16;38;5;232m▄[48;5;233;38;5;52m▄[48;5;125;38;5;125m▄▄▄▄▄▄▄[48;5;232;38;5;232m▄[48;5;52;38;5;234m▄[48;5;125;38;5;125m▄▄▄▄▄▄▄[48;5;232;38;5;233m▄[48;5;88;38;5;89m▄[48;5;125;38;5;125m▄[48;5;52m▄[48;5;235;38;5;16m▄[48;5;231;38;5;245m▄[38;5;231m▄▄▄[38;5;74m▄[48;5;195;38;5;32m▄[48;5;153m▄[48;5;189m▄[48;5;231m▄[38;5;189m▄[38;5;231m▄▄▄▄[48;5;32;38;5;116m▄[38;5;32m▄▄[0m +[48;5;32;38;5;32m▄[38;5;74m▄[48;5;231;38;5;231m▄▄▄▄[38;5;189m▄[48;5;32;38;5;32m▄▄▄▄▄▄[48;5;189;38;5;110m▄[48;5;231;38;5;231m▄[48;5;254;38;5;254m▄[48;5;232;38;5;16m▄[48;5;125;38;5;125m▄▄▄[48;5;232;38;5;16m▄[48;5;52;38;5;233m▄[48;5;125;38;5;125m▄▄▄▄▄▄[48;5;88;38;5;233m▄[48;5;16;38;5;16m▄▄[48;5;125;38;5;234m▄[38;5;125m▄▄▄▄▄[38;5;89m▄[48;5;232;38;5;16m▄[48;5;89;38;5;52m▄[48;5;125;38;5;125m▄▄[48;5;233;38;5;233m▄[48;5;238;38;5;236m▄[48;5;231;38;5;231m▄▄[48;5;116;38;5;74m▄[48;5;32;38;5;32m▄▄▄▄▄[48;5;74m▄[48;5;231;38;5;231m▄▄▄▄[48;5;189m▄[48;5;32;38;5;32m▄▄[0m +[48;5;32;38;5;32m▄[48;5;74m▄[48;5;231;38;5;231m▄▄▄▄[48;5;153m▄[48;5;32;38;5;32m▄▄▄▄▄▄[48;5;110;38;5;189m▄[48;5;231;38;5;231m▄▄[48;5;232;38;5;241m▄[48;5;89;38;5;234m▄[48;5;125;38;5;125m▄[48;5;88;38;5;234m▄[48;5;16;38;5;16m▄▄[48;5;52m▄[48;5;125;38;5;233m▄[38;5;52m▄▄[38;5;232m▄[48;5;233;38;5;52m▄[48;5;232;38;5;125m▄[48;5;233m▄▄[48;5;16m▄[48;5;234;38;5;52m▄[48;5;125;38;5;232m▄[38;5;233m▄▄[38;5;16m▄[48;5;233m▄[48;5;16m▄[48;5;52;38;5;232m▄[48;5;125;38;5;125m▄[38;5;52m▄[48;5;232;38;5;16m▄[48;5;239;38;5;249m▄[48;5;231;38;5;231m▄▄[48;5;74;38;5;116m▄[48;5;32;38;5;32m▄▄▄▄▄[38;5;74m▄[48;5;231;38;5;231m▄▄▄▄[38;5;195m▄[48;5;32;38;5;32m▄▄[0m +[48;5;32;38;5;32m▄▄[48;5;189;38;5;74m▄[48;5;231;38;5;231m▄▄▄▄[48;5;153m▄[48;5;32;38;5;195m▄[38;5;116m▄[38;5;110m▄[38;5;189m▄[48;5;152;38;5;231m▄[48;5;231m▄▄▄[48;5;254m▄[48;5;235;38;5;244m▄[48;5;233;38;5;16m▄[48;5;232;38;5;88m▄[48;5;52;38;5;125m▄[48;5;234m▄[48;5;16;38;5;88m▄[38;5;16m▄▄▄[48;5;52;38;5;125m▄[48;5;125m▄▄▄▄▄▄[48;5;52;38;5;89m▄[48;5;16;38;5;16m▄▄[38;5;52m▄[48;5;52;38;5;125m▄[48;5;125m▄[48;5;89m▄[48;5;232;38;5;52m▄[48;5;16;38;5;16m▄[48;5;241;38;5;252m▄[48;5;231;38;5;231m▄▄▄▄[48;5;74m▄[48;5;32;38;5;153m▄[38;5;110m▄[38;5;152m▄[38;5;231m▄[48;5;189m▄[48;5;231m▄▄▄▄[48;5;116;38;5;68m▄[48;5;32;38;5;32m▄▄[0m +[48;5;32;38;5;32m▄▄▄[48;5;195;38;5;74m▄[48;5;231;38;5;231m▄▄▄▄▄▄▄▄▄▄▄▄[38;5;74m▄[48;5;67;38;5;32m▄[48;5;16;38;5;234m▄[48;5;125;38;5;89m▄[38;5;125m▄▄▄[48;5;88m▄[48;5;16;38;5;52m▄[38;5;16m▄[48;5;125;38;5;89m▄[38;5;125m▄▄▄▄▄▄[38;5;88m▄[48;5;16;38;5;233m▄[48;5;52;38;5;125m▄[48;5;125m▄▄▄▄[48;5;52;38;5;52m▄[48;5;234;38;5;23m▄[48;5;74;38;5;32m▄[48;5;231;38;5;110m▄[38;5;231m▄▄▄▄▄▄▄▄▄▄▄[38;5;195m▄[48;5;153;38;5;32m▄[48;5;32m▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄[48;5;74m▄[48;5;195m▄[48;5;231;38;5;116m▄[38;5;231m▄▄▄▄▄▄[38;5;153m▄[48;5;195;38;5;32m▄[48;5;74m▄[48;5;32m▄▄[48;5;23;38;5;25m▄[48;5;52;38;5;232m▄[48;5;125;38;5;89m▄[38;5;125m▄▄▄▄[48;5;232;38;5;233m▄[48;5;52;38;5;16m▄[48;5;125;38;5;52m▄[38;5;125m▄▄▄[38;5;89m▄[38;5;234m▄[48;5;233;38;5;16m▄[48;5;52;38;5;89m▄[48;5;125;38;5;125m▄▄▄▄[38;5;52m▄[48;5;232;38;5;233m▄[48;5;24;38;5;31m▄[48;5;32;38;5;32m▄▄[48;5;110m▄[48;5;231;38;5;74m▄[38;5;189m▄[38;5;231m▄▄▄▄▄[38;5;195m▄[38;5;74m▄[48;5;189;38;5;32m▄[48;5;32m▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄[48;5;74m▄▄▄▄[48;5;32m▄▄▄▄▄▄▄[48;5;23m▄[48;5;232;38;5;24m▄[48;5;88;38;5;233m▄[48;5;125m▄[38;5;52m▄[38;5;233m▄[48;5;232;38;5;16m▄[48;5;16;38;5;232m▄[38;5;52m▄▄[48;5;232;38;5;88m▄▄[48;5;16m▄[38;5;52m▄[38;5;232m▄[48;5;89m▄[48;5;125;38;5;52m▄▄[38;5;233m▄[48;5;52;38;5;235m▄[48;5;232;38;5;25m▄[48;5;24;38;5;32m▄[48;5;32m▄▄▄▄▄▄▄[48;5;74m▄[48;5;110m▄[48;5;74m▄▄[48;5;32m▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;23m▄[48;5;16;38;5;24m▄[38;5;235m▄[38;5;16m▄[48;5;125;38;5;52m▄[38;5;125m▄▄▄▄▄▄[48;5;88;38;5;233m▄[48;5;16;38;5;232m▄[38;5;237m▄[48;5;232;38;5;31m▄[48;5;24;38;5;32m▄[48;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;25m▄[48;5;234;38;5;31m▄[48;5;52;38;5;23m▄[48;5;88;38;5;234m▄[48;5;125;38;5;232m▄[48;5;89;38;5;234m▄[48;5;52;38;5;23m▄[48;5;233;38;5;31m▄[48;5;236;38;5;32m▄[48;5;31m▄[48;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;31m▄[48;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[0m +[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[0m +[48;5;31;38;5;24m▄[48;5;32;38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[48;5;31;38;5;24m▄[0m +[48;5;23;38;5;232m▄[48;5;32;38;5;25m▄[38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[38;5;24m▄[48;5;234;38;5;16m▄[0m +[48;5;16;38;5;16m▄[48;5;233m▄[48;5;31;38;5;233m▄[48;5;32;38;5;31m▄[38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[38;5;31m▄[48;5;25;38;5;232m▄[48;5;232;38;5;16m▄[48;5;16m▄[0m +[48;5;16;38;5;16m▄▄▄[48;5;233m▄[48;5;25m▄[48;5;32;38;5;235m▄[38;5;24m▄[38;5;31m▄[38;5;32m▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄[38;5;31m▄[38;5;24m▄[38;5;233m▄[48;5;24;38;5;16m▄[48;5;232m▄[48;5;16m▄▄▄[0m diff --git a/etc/nextcloudpi-config.d/dnsmasq.sh b/etc/nextcloudpi-config.d/dnsmasq.sh new file mode 100755 index 00000000..657c51cf --- /dev/null +++ b/etc/nextcloudpi-config.d/dnsmasq.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +# dnsmasq DNS server with cache installation on Raspbian +# Tested with 2017-03-02-raspbian-jessie-lite.img +# +# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# +# ./installer.sh dnsmasq.sh <IP> (<img>) +# +# See installer.sh instructions for details +# More at: https://ownyourbits.com/2017/03/09/dnsmasq-as-dns-cache-server-for-nextcloudpi-and-raspbian/ +# + +ACTIVE_=yes +DOMAIN_=mycloud.ownyourbits.com +IP_=127.0.0.1 +DNSSERVER_=8.8.8.8 +CACHESIZE_=150 +DESCRIPTION="DNS server with cache" + +install() +{ + apt-get update + apt-get install -y dnsmasq + update-rc.d dnsmasq disable +} + +configure() +{ + [[ $ACTIVE_ == "no" ]] && { service dnsmasq stop; update-rc.d dnsmasq disable; return; } + + cat > /etc/dnsmasq.conf <<EOF +domain-needed # Never forward plain names (without a dot or domain part) +bogus-priv # Never forward addresses in the non-routed address spaces. +no-poll # Don't poll for changes in /etc/resolv.conf +no-resolv # Don't use /etc/resolv.conf or any other file +cache-size=$CACHESIZE_ +server=$DNSSERVER_ +address=/$DOMAIN_/$IP_ # This is optional if we add it to /etc/hosts +EOF + + sed 's|#\?IGNORE_RESOLVCONF=.*|IGNORE_RESOLVCONF=yes|' /etc/default/dnsmasq + + update-rc.d dnsmasq defaults + service dnsmasq restart + cd /var/www/nextcloud + sudo -u www-data php occ config:system:set trusted_domains 2 --value=$DOMAIN_ +} + +cleanup() +{ + apt-get autoremove -y + apt-get clean + rm /var/lib/apt/lists/* -r + rm -f /home/pi/.bash_history + systemctl disable ssh +} + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA + diff --git a/etc/nextcloudpi-config.d/fail2ban.sh b/etc/nextcloudpi-config.d/fail2ban.sh new file mode 100755 index 00000000..758c78c0 --- /dev/null +++ b/etc/nextcloudpi-config.d/fail2ban.sh @@ -0,0 +1,144 @@ +#!/bin/bash + +# Fail2ban installation script for Raspbian +# Tested with 2017-03-02-raspbian-jessie-lite.img +# +# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# +# ./installer.sh fail2ban.sh <IP> (<img>) +# +# See installer.sh instructions for details +# More at: https://ownyourbits.com/2017/02/24/nextcloudpi-fail2ban-installer/ +# + +ACTIVE_=yes + +# location of Nextcloud logs +NCLOG_=/var/www/nextcloud/data/nextcloud.log + +# time to ban an IP that exceeded attempts +BANTIME_=600 + +# cooldown time for incorrect passwords +FINDTIME_=600 + +# bad attempts before banning an IP +MAXRETRY_=6 + +DESCRIPTION="Brute force protection for SSH and NextCloud" + +install() +{ + apt-get update + apt-get install fail2ban -y + update-rc.d fail2ban disable +} + +configure() +{ + [[ $ACTIVE_ == "no" ]] && { service fail2ban stop; update-rc.d fail2ban disable; return; } + + touch /var/www/nextcloud/data/nextcloud.log + chown -R www-data /var/www/nextcloud/data + + cd /var/www/nextcloud + sudo -u www-data php occ config:system:set loglevel --value=2 + sudo -u www-data php occ config:system:set log_type --value=file + sudo -u www-data php occ config:system:set logfile --value=$NCLOG_ + + cat > /etc/fail2ban/filter.d/nextcloud.conf <<'EOF' +[INCLUDES] +before = common.conf + +[Definition] +failregex = Login failed.*Remote IP.*'<HOST>' +ignoreregex = +EOF + + + cat > /etc/fail2ban/jail.conf <<EOF +# The DEFAULT allows a global definition of the options. They can be overridden +# in each jail afterwards. +[DEFAULT] + +# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not +# ban a host which matches an address in this list. Several addresses can be +# defined using space separator. +ignoreip = 127.0.0.1/8 + +# "bantime" is the number of seconds that a host is banned. +bantime = $BANTIME_ + +# A host is banned if it has generated "maxretry" during the last "findtime" +# seconds. +findtime = $FINDTIME_ +maxretry = $MAXRETRY_ + +# +# ACTIONS +# +banaction = iptables-multiport +protocol = tcp +chain = INPUT +action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] +action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] +action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] +action = %(action_)s + +# +# SSH +# + +[ssh] + +enabled = true +port = ssh +filter = sshd +logpath = /var/log/auth.log +maxretry = $MAXRETRY_ + +# +# HTTP servers +# + +[nextcloud] + +enabled = true +port = http,https +filter = nextcloud +logpath = $NCLOG_ +maxretry = $MAXRETRY_ +EOF + update-rc.d fail2ban defaults + service fail2ban restart +} + +cleanup() +{ + apt-get autoremove -y + apt-get clean + rm /var/lib/apt/lists/* -r + rm -f /home/pi/.bash_history + systemctl disable ssh +} + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA + diff --git a/etc/nextcloudpi-config.d/letsencrypt.sh b/etc/nextcloudpi-config.d/letsencrypt.sh new file mode 100755 index 00000000..29047843 --- /dev/null +++ b/etc/nextcloudpi-config.d/letsencrypt.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +# Let's encrypt certbot installation on Raspbian +# Tested with 2017-03-02-raspbian-jessie-lite.img +# +# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# +# ./installer.sh letsencrypt.sh <IP> (<img>) +# +# See installer.sh instructions for details +# +# More at https://ownyourbits.com/2017/03/17/lets-encrypt-installer-for-apache/ + +DOMAIN_=mycloud.ownyourbits.com +EMAIL_=mycloud@ownyourbits.com +VHOSTCFG_=/etc/apache2/sites-available/nextcloud.conf +DESCRIPTION="Automatic signed SSL certificates" + +install() +{ + apt-get update + apt install -y --no-install-recommends git + cd /etc + git clone https://github.com/letsencrypt/letsencrypt + /etc/letsencrypt/letsencrypt-auto --help # do not actually run certbot, only install packages +} + +# tested with git version v0.11.0-71-g018a304 +configure() +{ + grep -q ServerName $VHOSTCFG_ && \ + sed -i "s|ServerName .*|ServerName $DOMAIN_|" $VHOSTCFG_ || \ + sed -i "/DocumentRoot/aServerName $DOMAIN_" $VHOSTCFG_ + + /etc/letsencrypt/letsencrypt-auto -n --no-self-upgrade --apache --hsts --agree-tos -m $EMAIL_ -d $DOMAIN_ + echo "* 1 * * 1 root /etc/letsencrypt/certbot-auto renew --quiet" > /etc/cron.d/letsencrypt-ncp + service apache2 reload +} + +cleanup() +{ + apt-get autoremove -y + apt-get clean + rm /var/lib/apt/lists/* -r + rm -f /home/pi/.bash_history + systemctl disable ssh +} + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA + diff --git a/etc/nextcloudpi-config.d/modsecurity.sh b/etc/nextcloudpi-config.d/modsecurity.sh new file mode 100755 index 00000000..43639815 --- /dev/null +++ b/etc/nextcloudpi-config.d/modsecurity.sh @@ -0,0 +1,122 @@ +#!/bin/bash + +# modsecurity WAF installation on Raspbian +# Tested with 2017-03-02-raspbian-jessie-lite.img +# +# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# +# ./installer.sh modsecurity.sh <IP> (<img>) +# +# See installer.sh instructions for details +# +# More at ownyourbits.com +# + +ACTIVE_=no +NCDIR_=/var/www/nextcloud/ +DESCRIPTION="Web Application Firewall for extra security (experimental)" + +install() +{ + apt-get update + apt-get install -y --no-install-recommends libapache2-mod-security2 modsecurity-crs + + # COPY RULES + cd /usr/share/modsecurity-crs/base_rules/ + for ruleFile in * ; do sudo ln -s /usr/share/modsecurity-crs/base_rules/$ruleFile /etc/modsecurity/$ruleFile ; done + cd /usr/share/modsecurity-crs/optional_rules/ + for ruleFile in * ; do sudo ln -s /usr/share/modsecurity-crs/optional_rules/$ruleFile /etc/modsecurity/$ruleFile ; done + rm /etc/modsecurity/modsecurity_crs_16_session_hijacking.conf # https://github.com/SpiderLabs/owasp-modsecurity-crs/commit/e2fbef4ce89fed0c4dd338002b9a090dd2f6491d + + # CONFIGURE + cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf + sed -i 's|SecTmpDir .*|SecTmpDir /var/cache/modsecurity/|' /etc/modsecurity/modsecurity.conf + sed -i 's|SecDataDir .*|SecDataDir /var/cache/modsecurity/|' /etc/modsecurity/modsecurity.conf + + cp /usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf /etc/modsecurity/modsecurity_crs_10_setup.conf + patch /etc/modsecurity/modsecurity_crs_10_setup.conf <<<'66,67c66 +< SecDefaultAction "phase:1,deny,log" +< SecDefaultAction "phase:2,deny,log" +--- +> SecDefaultAction "phase:2,pass,log" +152c151 +< #SecAction \ +--- +> SecAction \ +278c277 +< setvar:'\''tx.allowed_methods=GET HEAD POST OPTIONS'\'', \ +--- +> setvar:'\''tx.allowed_methods=GET HEAD POST OPTIONS PROPFIND'\'', \ +280c279 +< setvar:'\''tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1'\'', \ +--- +> setvar:'\''tx.allowed_http_versions=HTTP/1.1 HTTP/2.0'\'', \' + +cat >> /etc/modsecurity/modsecurity_crs_99_whitelist.conf <<EOF +<Directory $NCDIR_> + # VIDEOS + SecRuleRemoveById 958291 # Range Header Checks + SecRuleRemoveById 981203 # Correlated Attack Attempt + + # PDF + SecRuleRemoveById 950109 # Check URL encodings + + # ADMIN (webdav) + SecRuleRemoveById 960024 # Repeatative Non-Word Chars (heuristic) + SecRuleRemoveById 981173 # SQL Injection Character Anomaly Usage + SecRuleRemoveById 981204 # Correlated Attack Attempt + SecRuleRemoveById 981243 # PHPIDS - Converted SQLI Filters + SecRuleRemoveById 981245 # PHPIDS - Converted SQLI Filters + SecRuleRemoveById 981246 # PHPIDS - Converted SQLI Filters + SecRuleRemoveById 981318 # String Termination/Statement Ending Injection Testing + SecRuleRemoveById 973332 # XSS Filters from IE + SecRuleRemoveById 973338 # XSS Filters - Category 3 + SecRuleRemoveById 981143 # CSRF Protections ( TODO edit LocationMatch filter ) + + # COMING BACK FROM OLD SESSION + SecRuleRemoveById 970903 # Microsoft Office document properties leakage +</Directory> +EOF + cat >> /etc/apache2/apache2.conf <<EOF +<IfModule mod_security2.c> + SecServerSignature " " +</IfModule> +EOF +} + +configure() +{ + [[ $ACTIVE_ == "yes" ]] && local STATE=On || local STATE=Off + sed -i "s|SecRuleEngine .*|SecRuleEngine $STATE|" /etc/modsecurity/modsecurity.conf + service apache2 restart +} + +cleanup() +{ + apt-get autoremove -y + apt-get clean + rm /var/lib/apt/lists/* -r + rm -f /home/pi/.bash_history + systemctl disable ssh +} + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA + diff --git a/etc/nextcloudpi-config.d/nc-datadir.sh b/etc/nextcloudpi-config.d/nc-datadir.sh new file mode 100755 index 00000000..dd17901f --- /dev/null +++ b/etc/nextcloudpi-config.d/nc-datadir.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +# Data dir configuration script for NextCloudPi +# Tested with 2017-03-02-raspbian-jessie-lite.img +# +# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# +# ./installer.sh nc-datadir.sh <IP> (<img>) +# +# See installer.sh instructions for details +# +# More at https://ownyourbits.com/2017/03/13/nextcloudpi-gets-nextcloudpi-config/ +# + +DATADIR_=/media/USBdrive/ncdata +DESCRIPTION="Change your data dir to a new location, like a USB drive" + +configure() +{ + local SRCDIR=$( cd /var/www/nextcloud; sudo -u www-data php occ config:system:get datadirectory ) + [ -d $SRCDIR ] || { echo -e "data directory $SRCDIR not found"; return 1; } + + [ -d $DATADIR_ ] && { + [[ $( find "$DATADIR_" -maxdepth 0 -empty | wc -l ) == 0 ]] && { + echo "$DATADIR_ is not empty" + return 1 + } + rmdir "$DATADIR_" + } + + local BASEDIR=$( dirname "$DATADIR_" ) + mkdir -p "$BASEDIR" + + [[ $( stat -fc%d / ) == $( stat -fc%d $BASEDIR ) ]] && \ + echo -e "INFO: moving data dir to another place in the same SD card\nIf you want to use an external mount, make sure it is properly set up" + + service apache2 stop + + cp -ra "$SRCDIR" "$DATADIR_" || return 1 + + cd /var/www/nextcloud + sudo -u www-data php occ config:system:set datadirectory --value=$DATADIR_ + service apache2 start +} + +install() { :; } +cleanup() { :; } + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA + diff --git a/etc/nextcloudpi-config.d/nc-httpsonly.sh b/etc/nextcloudpi-config.d/nc-httpsonly.sh new file mode 100755 index 00000000..1ee9e7f0 --- /dev/null +++ b/etc/nextcloudpi-config.d/nc-httpsonly.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +# HTTPS rewrite configuration script for NextCloudPi +# Tested with 2017-03-02-raspbian-jessie-lite.img +# +# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# +# ./installer.sh nc-httpsonly.sh <IP> (<img>) +# +# See installer.sh instructions for details +# +# More at https://ownyourbits.com/2017/03/13/nextcloudpi-gets-nextcloudpi-config/ +# + +ACTIVE_=yes +DESCRIPTION="Force HTTPS" + +configure() +{ + [[ $ACTIVE_ == "no" ]] && local OPT=Off || local OPT=On + sed -i "s|RewriteEngine .*|RewriteEngine $OPT|" /etc/apache2/sites-available/000-default.conf + service apache2 reload +} + +install() { :; } +cleanup() { :; } + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA + diff --git a/etc/nextcloudpi-config.d/nc-limits.sh b/etc/nextcloudpi-config.d/nc-limits.sh new file mode 100755 index 00000000..1c176d15 --- /dev/null +++ b/etc/nextcloudpi-config.d/nc-limits.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +# System limit configurator for NextCloudPi +# Tested with 2017-03-02-raspbian-jessie-lite.img +# +# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# +# ./installer.sh nc-limits.sh <IP> (<img>) +# +# See installer.sh instructions for details +# +# More at https://ownyourbits.com/2017/03/13/nextcloudpi-gets-nextcloudpi-config/ +# + +DESCRIPTION="Configure system limits for NextCloudPi" +MAXFILESIZE_=768M + +configure() +{ + sed -i "s/post_max_size=.*/post_max_size=$MAXFILESIZE_/" /var/www/nextcloud/.user.ini + sed -i "s/upload_max_filesize=.*/upload_max_filesize=$MAXFILESIZE_/" /var/www/nextcloud/.user.ini + sed -i "s/memory_limit=.*/memory_limit=$MAXFILESIZE_/" /var/www/nextcloud/.user.ini +} + +install() { :; } +cleanup() { :; } + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA + diff --git a/etc/nextcloudpi-config.d/nc-update.sh b/etc/nextcloudpi-config.d/nc-update.sh new file mode 100755 index 00000000..3a0d5f2e --- /dev/null +++ b/etc/nextcloudpi-config.d/nc-update.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Data dir configuration script for NextCloudPi +# Tested with 2017-03-02-raspbian-jessie-lite.img +# +# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# +# ./installer.sh nc-update.sh <IP> (<img>) +# +# See installer.sh instructions for details +# +# More at https://ownyourbits.com/ +# + +DESCRIPTION="Update NextCloudPi" + +configure() +{ + /usr/local/bin/ncp-update +} + +install() { :; } +cleanup() { :; } + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA + diff --git a/etc/nextcloudpi-config.d/no-ip.sh b/etc/nextcloudpi-config.d/no-ip.sh new file mode 100755 index 00000000..0cffbd2a --- /dev/null +++ b/etc/nextcloudpi-config.d/no-ip.sh @@ -0,0 +1,85 @@ +#!/bin/bash + +# no-ip.org installation on Raspbian +# Tested with 2017-03-02-raspbian-jessie-lite.img +# +# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# +# ./installer.sh no-ip.sh <IP> (<img>) +# +# See installer.sh instructions for details +# +# More at https://ownyourbits.com/2017/03/05/dynamic-dns-for-raspbian-with-no-ip-org-installer/ +# + +ACTIVE_=yes +USER_=my-noip-user@email.com +PASS_=noip-pass +TIME_=30 +DESCRIPTION="Free Dynamic DNS provider (need account)" + +install() +{ + mkdir /tmp/noip && cd /tmp/noip + wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz + tar vzxf noip-duc-linux.tar.gz + cd -; cd $OLDPWD/noip-* + make + cp noip2 /usr/local/bin/ + + cat > /etc/init.d/noip2 <<'EOF' +#! /bin/sh +# /etc/init.d/noip2 + +### BEGIN INIT INFO +# Provides: no-ip.org +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start no-ip.org dynamic DNS +### END INIT INFO +EOF + + cat debian.noip2.sh >> /etc/init.d/noip2 + + chmod +x /etc/init.d/noip2 + cd - + rm -r /tmp/noip +} + +configure() +{ + [[ $ACTIVE_ == "no" ]] && { service noip2 stop; update-rc.d noip2 disable; return; } + + /usr/local/bin/noip2 -C -c /usr/local/etc/no-ip2.conf -U $TIME_ -u $USER_ -p $PASS_ + update-rc.d noip2 defaults + service noip2 restart +} + +cleanup() +{ + rm -f /home/pi/.bash_history + systemctl disable ssh +} + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA + diff --git a/etc/nextcloudpi-config.d/unattended-upgrades.sh b/etc/nextcloudpi-config.d/unattended-upgrades.sh new file mode 100755 index 00000000..30f0c861 --- /dev/null +++ b/etc/nextcloudpi-config.d/unattended-upgrades.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +# Unattended upgrades installation on Raspbian +# Tested with 2017-03-02-raspbian-jessie-lite.img +# +# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# +# ./installer.sh unattended-upgrades.sh <IP> (<img>) +# +# See installer.sh instructions for details +# More at: ownyourbits.com +# + +ACTIVE_=yes +AUTOREBOOT_=yes +DESCRIPTION="Automatic installation of security updates. Keep your cloud safe" + +install() +{ + apt-get update + apt install -y --no-install-recommends unattended-upgrades +} + +configure() +{ + [[ $ACTIVE_ == "yes" ]] && local AUTOUPGRADE=1 || local AUTOUPGRADE=0 + [[ $AUTOREBOOT_ == "yes" ]] && local AUTOREBOOT=true || local AUTOREBOOT=false + cat > /etc/apt/apt.conf.d/20nextcloudpi-upgrades <<EOF +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "$AUTOUPGRADE"; +APT::Periodic::MaxAge "14"; +APT::Periodic::AutocleanInterval "7"; +Unattended-Upgrade::Automatic-Reboot "$AUTOREBOOT"; +Unattended-Upgrade::Automatic-Reboot-Time "04:00"; +EOF +} + +cleanup() +{ + apt-get autoremove -y + apt-get clean + rm /var/lib/apt/lists/* -r + rm -f /home/pi/.bash_history + systemctl disable ssh +} + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA + |