mirror of
https://github.com/armbian/config.git
synced 2026-01-06 09:53:35 -08:00
1798 lines
58 KiB
Bash
Executable File
1798 lines
58 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Copyright (c) 2017 Igor Pečovnik, igor.pecovnik@gma**.com
|
|
#
|
|
# This file is licensed under the terms of the GNU General Public
|
|
# License version 2. This program is licensed "as is" without any
|
|
# warranty of any kind, whether express or implied.
|
|
|
|
# Functions:
|
|
# check_status
|
|
# choose_webserver
|
|
# server_conf
|
|
# install_packet
|
|
# alive_port
|
|
# alive_process
|
|
# install_basic
|
|
# create_ispconfig_configuration
|
|
# check_if_installed
|
|
# install_cups
|
|
# install_samba
|
|
# install_ncp
|
|
# install_omv
|
|
# install_tvheadend
|
|
# install_docker
|
|
# install_urbackup
|
|
# install_transmission
|
|
# install_transmission_seed_armbian_torrents
|
|
# install_hassio
|
|
# install_openhab
|
|
# install_syncthing
|
|
# install_plex_media_server
|
|
# install_emby_server
|
|
# install_radarr
|
|
# install_sonarr
|
|
# install_vpn_server
|
|
# install_vpn_client
|
|
# install_DashNTP
|
|
# install_MySQL
|
|
# install_MySQLDovecot
|
|
# install_Virus
|
|
# install_hhvm
|
|
# install_phpmyadmin
|
|
# install_apache
|
|
# install_nginx
|
|
# install_PureFTPD
|
|
# install_Bind
|
|
# install_Stats
|
|
# install_Jailkit
|
|
# install_Fail2BanDovecot
|
|
# install_Fail2BanRulesDovecot
|
|
# install_ISPConfig
|
|
# install_yggdrasil
|
|
|
|
|
|
|
|
#
|
|
# load functions, local first
|
|
#
|
|
if [[ -f debian-config-jobs ]]; then source debian-config-jobs;
|
|
elif [[ -f /usr/lib/armbian-config/jobs.sh ]]; then \
|
|
source /usr/lib/armbian-config/jobs.sh;
|
|
else exit 1;
|
|
fi
|
|
|
|
if [[ -f debian-config-submenu ]]; then source debian-config-submenu;
|
|
elif [[ -f /usr/lib/armbian-config/submenu.sh ]]; then \
|
|
source /usr/lib/armbian-config/submenu.sh;
|
|
else exit 1;
|
|
fi
|
|
|
|
if [[ -f debian-config-functions ]]; then source debian-config-functions;
|
|
elif [[ -f /usr/lib/armbian-config/functions.sh ]]; then \
|
|
source /usr/lib/armbian-config/functions.sh;
|
|
else exit 1;
|
|
fi
|
|
|
|
if [[ -f debian-config-functions-network ]]; then source debian-config-functions-network;
|
|
elif [[ -f /usr/lib/armbian-config/functions-network.sh ]]; then \
|
|
source /usr/lib/armbian-config/functions-network.sh;
|
|
else exit 1;
|
|
fi
|
|
|
|
|
|
|
|
|
|
function check_status
|
|
{
|
|
#
|
|
# Check if service is already installed and show it's status
|
|
#
|
|
|
|
dialog --backtitle "$BACKTITLE" --title "Please wait" --infobox "\nLoading install info ... " 5 28
|
|
LIST=()
|
|
LIST_CONST=26
|
|
|
|
# Samba
|
|
SAMBA_STATUS="$(check_if_installed samba && echo "on" || echo "off" )"
|
|
alive_port "Windows compatible file sharing" "445" "boolean"
|
|
LIST+=( "Samba" "$DESCRIPTION" "$SAMBA_STATUS" )
|
|
|
|
# CUPS
|
|
CUPS_STATUS="$(check_if_installed cups && echo "on" || echo "off" )"
|
|
alive_port "Common UNIX Printing System (CUPS)" "631" "boolean"
|
|
LIST+=( "CUPS" "$DESCRIPTION" "$CUPS_STATUS" )
|
|
|
|
# TV headend
|
|
TVHEADEND_STATUS="$(check_if_installed tvheadend && echo "on" || echo "off" )"
|
|
alive_port "TV streaming server" "9981"
|
|
LIST+=( "TV headend" "$DESCRIPTION" "$TVHEADEND_STATUS" )
|
|
|
|
# Synthing
|
|
SYNCTHING_STATUS="$([[ -f /usr/bin/syncthing ]] && echo "on" || echo "off" )"
|
|
alive_port "Personal cloud @syncthing.net" "8384"
|
|
LIST+=( "Syncthing" "$DESCRIPTION" "$SYNCTHING_STATUS" )
|
|
|
|
# Hass.io
|
|
HASS_STATUS="$([[ -f /etc/hassio.json ]] && echo "on" || echo "off" )"
|
|
alive_port "Home assistant smarthome suite" "8123"
|
|
LIST+=( "Hassio" "$DESCRIPTION" "$HASS_STATUS" )
|
|
|
|
# OpenHab
|
|
OPENHAB_STATUS="$([[ -f /etc/default/openhab ]] && echo "on" || echo "off" )"
|
|
DESCRIPTION="Openhab smarthome suite"
|
|
LIST+=( "OpenHAB" "$DESCRIPTION" "$OPENHAB_STATUS" )
|
|
|
|
# VPN
|
|
if [[ "$(dpkg --print-architecture)" == "armhf" || "$(dpkg --print-architecture)" == "amd64" ]]; then
|
|
# vpn server
|
|
VPN_SERVER_STATUS="$([[ -d /usr/local/vpnserver ]] && echo "on" || echo "off" )"
|
|
LIST+=( "VPN server" "Softether VPN server" "$VPN_SERVER_STATUS" )
|
|
# vpn client
|
|
VPN_CLIENT_STATUS="$([[ -d /usr/local/vpnclient ]] && echo "on" || echo "off" )"
|
|
LIST+=( "VPN client" "Softether VPN client" "$VPN_CLIENT_STATUS" )
|
|
LIST_CONST=$((LIST_CONST + 1))
|
|
fi
|
|
|
|
# NCP
|
|
NCP_STATUS="$( [[ -d /var/www/nextcloud ]] && echo "on" || echo "off" )"
|
|
alive_port "Nextcloud personal cloud" "443"
|
|
[[ "$family" != "Ubuntu" ]] && LIST+=( "NCP" "$DESCRIPTION" "$NCP_STATUS" ) \
|
|
&& LIST_CONST=$((LIST_CONST + 1))
|
|
|
|
# OMV
|
|
OMV_STATUS="$(check_if_installed openmediavault && echo "on" || echo "off" )"
|
|
[[ "$family" != "Ubuntu" ]] && LIST+=( "OMV" "OpenMediaVault NAS solution" "$OMV_STATUS" ) \
|
|
&& LIST_CONST=$((LIST_CONST + 1))
|
|
|
|
# Plex media server
|
|
PLEX_STATUS="$((check_if_installed plexmediaserver || check_if_installed plexmediaserver-installer) \
|
|
&& echo "on" || echo "off" )"
|
|
alive_port "Plex media server" "32400" "" "/web"
|
|
LIST+=( "Plex" "$DESCRIPTION" "$PLEX_STATUS" )
|
|
|
|
# Emby server
|
|
EMBY_STATUS="$((check_if_installed emby-server) \
|
|
&& echo "on" || echo "off" )"
|
|
alive_port "Emby server" "8096"
|
|
LIST+=( "Emby" "$DESCRIPTION" "$EMBY_STATUS" )
|
|
|
|
# Radarr
|
|
RADARR_STATUS="$([[ -d /opt/Radarr ]] && echo "on" || echo "off" )"
|
|
alive_port "Movies downloading server" "7878"
|
|
LIST+=( "Radarr" "$DESCRIPTION" "$RADARR_STATUS" )
|
|
|
|
# Sonarr
|
|
SONARR_STATUS="$([[ -d /opt/NzbDrone ]] && echo "on" || echo "off" )"
|
|
alive_port "TV shows downloading server" "8989"
|
|
LIST+=( "Sonarr" "$DESCRIPTION" "$SONARR_STATUS" )
|
|
|
|
# MINIdlna
|
|
MINIDLNA_STATUS="$(check_if_installed minidlna && echo "on" || echo "off" )"
|
|
alive_port "Lightweight DLNA/UPnP-AV server" "8200" "boolean"
|
|
LIST+=( "Minidlna" "$DESCRIPTION" "$MINIDLNA_STATUS" )
|
|
|
|
# Pi hole
|
|
PI_HOLE_STATUS="$([[ -d /etc/pihole ]] && echo "on" || echo "off" )"
|
|
alive_process "Ad blocker" "pihole-FTL"
|
|
LIST+=( "Pi hole" "$DESCRIPTION" "$PI_HOLE_STATUS" )
|
|
|
|
# Transmission
|
|
TRANSMISSION_STATUS="$(check_if_installed transmission-daemon && echo "on" || echo "off" )"
|
|
alive_port "Torrent download server" "9091"
|
|
LIST+=( "Transmission" "$DESCRIPTION" "$TRANSMISSION_STATUS" )
|
|
|
|
# UrBackup
|
|
URBACKUP_STATUS="$((check_if_installed urbackup-server || check_if_installed urbackup-server-dbg) \
|
|
&& echo "on" || echo "off" )"
|
|
alive_port "Client/server backup system" "55414"
|
|
LIST+=( "UrBackup" "$DESCRIPTION" "$URBACKUP_STATUS" )
|
|
|
|
# Docker
|
|
DOCKER_STATUS="$((check_if_installed docker-ce) && echo "on" || echo "off" )"
|
|
LIST+=( "Docker" "Run applications by using containers" "$DOCKER_STATUS")
|
|
|
|
# Mayan EDMS docker install
|
|
if [[ "$DOCKER_STATUS" == "on" ]]; then
|
|
curl --output /dev/null --silent --head --fail http://localhost/authentication/login/?next=
|
|
MAYAN_STATUS=$([[ $? -eq 0 ]] && echo "on" || echo "off")
|
|
else
|
|
MAYAN_STATUS="off"
|
|
fi
|
|
LIST+=( "Mayan EDMS" "Electronic vault for your documents" "$MAYAN_STATUS")
|
|
|
|
# ISPconfig
|
|
alive_port "SMTP mail, IMAP, POP3 & LAMP/LEMP web server" "8080" "ssl"
|
|
ISPCONFIG_STATUS="$([[ -d /usr/local/ispconfig ]] && echo "on" || echo "off" )"
|
|
LIST+=( "ISPConfig" "$DESCRIPTION" "$ISPCONFIG_STATUS" )
|
|
|
|
# Yggdrasil
|
|
YGGDRASIL_STATUS="$((check_if_installed yggdrasil) && echo "on" || echo "off" )"
|
|
LIST+=( "Yggdrasil" "Free mesh encrypted network" "$YGGDRASIL_STATUS")
|
|
|
|
# PHPmyadmin
|
|
# TODO: fix phpmyadmin installer before uncommenting this section
|
|
# if [[ $ISPCONFIG_STATUS == on ]]; then
|
|
# LIST_CONST=$((LIST_CONST + 1))
|
|
# alive_port "MYSQL administration" "8081" "" "/phpmyadmin"
|
|
# PHPMYADMIN_STATUS="on"
|
|
# LIST+=( "PHPmyadmin" "$DESCRIPTION" "$PHPMYADMIN_STATUS" )
|
|
# fi
|
|
}
|
|
|
|
|
|
|
|
|
|
function choose_webserver
|
|
{
|
|
#
|
|
# Target web server selection
|
|
#
|
|
check_if_installed openmediavault
|
|
case $? in
|
|
0)
|
|
# OMV installed, prevent switching from nginx to apache which would trash OMV installation
|
|
server="nginx"
|
|
;;
|
|
*)
|
|
dialog --title "Choose a webserver" --backtitle "$BACKTITLE" --yes-label "Apache" --no-label "Nginx" \
|
|
--yesno "\nChoose a web server which you are familiar with. They both work almost the same." 8 70
|
|
response=$?
|
|
case $response in
|
|
0) server="apache";;
|
|
1) server="nginx";;
|
|
255) exit;;
|
|
esac
|
|
;;
|
|
esac
|
|
}
|
|
|
|
|
|
|
|
|
|
function server_conf
|
|
{
|
|
#
|
|
# Add some required date for installation
|
|
#
|
|
if [[ "$(curl -s ipinfo.io/ip)" != "$serverIP" ]]; then
|
|
table="\Z2Application Protocol Port\n
|
|
\Z0----------------------------------\n
|
|
FTP TCP 20\n
|
|
FTP TCP 21\n
|
|
SSH/SFTP TCP 22\n
|
|
Mail (SMTP) TCP 25\n
|
|
DNS TCP 53\n
|
|
Web (HTTP) TCP 80\n
|
|
Mail (POP3) TCP 110\n
|
|
Mail (IMAP) TCP 143\n
|
|
Web (HTTPS) TCP 443\n
|
|
Mail (SMTPS) TCP 465\n
|
|
Mail (SMTP) TCP 587\n
|
|
Mail (IMAPS) TCP 993\n
|
|
Mail (POP3S) TCP 995\n
|
|
Database TCP 3306\n
|
|
Chat (XMPP) TCP 5222\n
|
|
ISPConfig TCP 8080\n
|
|
ISPConfig TCP 8081\n
|
|
ISPConfig TCP 10000\n
|
|
DNS UDP 53\n
|
|
Database UDP 3306\n
|
|
";
|
|
dialog --colors --title "Warning" --msgbox "\nYour internal and external IP addresses are different which seems that you are behind a router. \n\nMake sure \Z1$serverIP\Z0 is a static IP address. Then forward external ports to those services which you plan to use.\n\n\n$table" 38 38
|
|
fi
|
|
#
|
|
HOSTNAMEFQDN=$(\
|
|
dialog --title "Server configuration" \
|
|
--ok-label "Install" \
|
|
--backtitle "$BACKTITLE" \
|
|
--inputbox "\nSet FQDN for $serverIP:" 10 50 \
|
|
"$(hostname).example.com" \
|
|
3>&1 1>&2 2>&3 3>&- \
|
|
)
|
|
# create random password for mysql
|
|
MYSQL_PASS=$(< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c16)
|
|
}
|
|
|
|
|
|
|
|
|
|
install_packet ()
|
|
{
|
|
#
|
|
# Install missing packets
|
|
#
|
|
i=0
|
|
j=1
|
|
IFS=" "
|
|
declare -a PACKETS=($1)
|
|
#skupaj=$(apt-get -s -y -qq install $1 | wc -l)
|
|
skupaj=${#PACKETS[@]}
|
|
while [[ $i -lt $skupaj ]]; do
|
|
procent=$(echo "scale=2;($j/$skupaj)*100"|bc)
|
|
x=${PACKETS[$i]}
|
|
if [ $(dpkg-query -W -f='${Status}' $x 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
|
|
printf '%.0f\n' $procent | dialog \
|
|
--backtitle "$BACKTITLE" \
|
|
--title "Installing" \
|
|
--gauge "\n$2\n\n$x" 10 70
|
|
if [ "$(DEBIAN_FRONTEND=noninteractive apt-get -qq -y install $x >${TEMP_DIR}/install.log 2>&1 || echo 'Installation failed' \
|
|
| grep 'Installation failed')" != "" ]; then
|
|
echo -e "[\e[0;31m error \x1B[0m] Installation failed"
|
|
tail ${TEMP_DIR}/install.log
|
|
exit
|
|
fi
|
|
fi
|
|
i=$[$i+1]
|
|
j=$[$j+1]
|
|
done
|
|
echo ""
|
|
}
|
|
|
|
|
|
|
|
|
|
alive_port ()
|
|
{
|
|
#
|
|
# Displays URL to the service $1 on port $2 or just that is active if $3 = boolean $4 = path
|
|
#
|
|
if [[ -n $(netstat -lnt | awk '$6 == "LISTEN" && $4 ~ ".'$2'"') ]]; then
|
|
if [[ $3 == boolean ]]; then
|
|
DESCRIPTION="$1 is \Z1active\Z0";
|
|
elif [[ $3 == ssl ]]; then
|
|
DESCRIPTION="Active on https://${serverIP}:\Z1$2\Z0$4";
|
|
else
|
|
DESCRIPTION="Active on http://${serverIP}:\Z1$2\Z0$4";
|
|
fi
|
|
else
|
|
DESCRIPTION="$1";
|
|
fi
|
|
}
|
|
|
|
|
|
|
|
|
|
alive_process ()
|
|
{
|
|
#
|
|
# check if process name $2 is running. Display it's name $1 or $1 is active if active
|
|
#
|
|
if pgrep -x "$2" > /dev/null 2>&1; then DESCRIPTION="$1 is \Z1active\Z0"; else DESCRIPTION="$1"; fi
|
|
}
|
|
|
|
|
|
|
|
|
|
install_basic (){
|
|
#
|
|
# Set hostname, FQDN, add to sources list
|
|
#
|
|
IFS=" "
|
|
set ${HOSTNAMEFQDN//./ }
|
|
HOSTNAMESHORT="$1"
|
|
cp /etc/hosts /etc/hosts.backup
|
|
cp /etc/hostname /etc/hostname.backup
|
|
# create new
|
|
echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
|
|
echo "${serverIP} ${HOSTNAMEFQDN} ${HOSTNAMESHORT} #ispconfig " >> /etc/hosts
|
|
echo "$HOSTNAMESHORT" > /etc/hostname
|
|
/etc/init.d/hostname.sh start >/dev/null 2>&1
|
|
hostnamectl set-hostname $HOSTNAMESHORT
|
|
if [[ $family == "Ubuntu" ]]; then
|
|
# set hostname in Ubuntu
|
|
hostnamectl set-hostname $HOSTNAMESHORT
|
|
# disable AppArmor
|
|
if [[ -n $(service apparmor status 2> /dev/null | grep -w active | grep -w running) ]]; then
|
|
service apparmor stop
|
|
update-rc.d -f apparmor remove
|
|
apt-get -y -qq remove apparmor apparmor-utils
|
|
fi
|
|
else
|
|
grep -q "contrib" /etc/apt/sources.list || sed -i 's|main|main contrib|' /etc/apt/sources.list
|
|
grep -q "non-free" /etc/apt/sources.list || sed -i 's|contrib|contrib non-free|' /etc/apt/sources.list
|
|
grep -q "deb http://ftp.debian.org/debian jessie-backports main" /etc/apt/sources.list || echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list
|
|
debconf-apt-progress -- apt-get update
|
|
fi
|
|
}
|
|
|
|
|
|
|
|
|
|
create_ispconfig_configuration (){
|
|
#
|
|
# ISPConfig autoconfiguration
|
|
#
|
|
cat > ${TEMP_DIR}/isp.conf.php <<EOF
|
|
<?php
|
|
\$autoinstall['language'] = 'en'; // de, en (default)
|
|
\$autoinstall['install_mode'] = 'standard'; // standard (default), expert
|
|
\$autoinstall['hostname'] = '$HOSTNAMEFQDN'; // default
|
|
\$autoinstall['mysql_hostname'] = 'localhost'; // default: localhost
|
|
\$autoinstall['mysql_root_user'] = 'root'; // default: root
|
|
\$autoinstall['mysql_root_password'] = '$MYSQL_PASS';
|
|
\$autoinstall['mysql_database'] = 'dbispconfig'; // default: dbispcongig
|
|
\$autoinstall['mysql_charset'] = 'utf8'; // default: utf8
|
|
\$autoinstall['mysql_port'] = '3306'; // default: 3306
|
|
\$autoinstall['configure_jailkit'] = 'y'; // y (default), n
|
|
\$autoinstall['configure_firewall'] = 'y'; // y (default), n
|
|
\$autoinstall['configure_$server'] = 'y'; // y (default), n
|
|
\$autoinstall['configure_dns'] = 'y'; // y (default), n
|
|
\$autoinstall['http_server'] = '$server'; // y (default), n
|
|
\$autoinstall['ispconfig_port'] = '8080'; // default: 8080
|
|
\$autoinstall['ispconfig_admin_password'] = '1234'; // default: 1234
|
|
\$autoinstall['ispconfig_use_ssl'] = 'y'; // y (default), n
|
|
|
|
/* SSL Settings */
|
|
\$autoinstall['ssl_cert_country'] = 'AU';
|
|
\$autoinstall['ssl_cert_state'] = 'Some-State';
|
|
\$autoinstall['ssl_cert_locality'] = 'Chicago';
|
|
\$autoinstall['ssl_cert_organisation'] = 'Internet Widgits Pty Ltd';
|
|
\$autoinstall['ssl_cert_organisation_unit'] = 'IT department';
|
|
\$autoinstall['ssl_cert_common_name'] = \$autoinstall['hostname'];
|
|
\$autoinstall['ssl_cert_email'] = 'joe@lamer.com';
|
|
?>
|
|
EOF
|
|
}
|
|
|
|
|
|
|
|
install_cups ()
|
|
{
|
|
#
|
|
# Install printer system
|
|
#
|
|
debconf-apt-progress -- apt-get -y install cups lpr cups-filters
|
|
# cups-filters if jessie
|
|
sed -e 's/Listen localhost:631/Listen 631/g' -i /etc/cups/cupsd.conf
|
|
sed -e 's/<Location \/>/<Location \/>\nallow $SUBNET/g' -i /etc/cups/cupsd.conf
|
|
sed -e 's/<Location \/admin>/<Location \/admin>\nallow $SUBNET/g' -i /etc/cups/cupsd.conf
|
|
sed -e 's/<Location \/admin\/conf>/<Location \/admin\/conf>\nallow $SUBNET/g' -i /etc/cups/cupsd.conf
|
|
service cups restart
|
|
service samba restart | service smbd restart >/dev/null 2>&1
|
|
}
|
|
|
|
|
|
|
|
|
|
install_samba ()
|
|
{
|
|
#
|
|
# install Samba file sharing
|
|
#
|
|
local SECTION="Samba"
|
|
SMBUSER=$(whiptail --inputbox "What is your samba username?" 8 78 $SMBUSER --title "$SECTION" 3>&1 1>&2 2>&3)
|
|
exitstatus=$?; if [ $exitstatus = 1 ]; then exit 1; fi
|
|
SMBPASS=$(whiptail --inputbox "What is your samba password?" 8 78 $SMBPASS --title "$SECTION" 3>&1 1>&2 2>&3)
|
|
exitstatus=$?; if [ $exitstatus = 1 ]; then exit 1; fi
|
|
SMBGROUP=$(whiptail --inputbox "What is your samba group?" 8 78 $SMBGROUP --title "$SECTION" 3>&1 1>&2 2>&3)
|
|
exitstatus=$?; if [ $exitstatus = 1 ]; then exit 1; fi
|
|
#
|
|
debconf-apt-progress -- apt-get -y install samba samba-common-bin samba-vfs-modules
|
|
useradd $SMBUSER
|
|
echo -ne "$SMBPASS\n$SMBPASS\n" | passwd $SMBUSER >/dev/null 2>&1
|
|
echo -ne "$SMBPASS\n$SMBPASS\n" | smbpasswd -a -s $SMBUSER >/dev/null 2>&1
|
|
service samba stop | service smbd stop >/dev/null 2>&1
|
|
cp /etc/samba/smb.conf /etc/samba/smb.conf.stock
|
|
cat > /etc/samba/smb.conf.tmp << EOF
|
|
[global]
|
|
workgroup = SMBGROUP
|
|
server string = %h server
|
|
hosts allow = SUBNET
|
|
log file = /var/log/samba/log.%m
|
|
max log size = 1000
|
|
syslog = 0
|
|
panic action = /usr/share/samba/panic-action %d
|
|
load printers = yes
|
|
printing = cups
|
|
printcap name = cups
|
|
min receivefile size = 16384
|
|
write cache size = 524288
|
|
getwd cache = yes
|
|
socket options = TCP_NODELAY IPTOS_LOWDELAY
|
|
|
|
[printers]
|
|
comment = All Printers
|
|
path = /var/spool/samba
|
|
browseable = no
|
|
public = yes
|
|
guest ok = yes
|
|
writable = no
|
|
printable = yes
|
|
printer admin = SMBUSER
|
|
|
|
[print$]
|
|
comment = Printer Drivers
|
|
path = /etc/samba/drivers
|
|
browseable = yes
|
|
guest ok = no
|
|
read only = yes
|
|
write list = SMBUSER
|
|
|
|
[ext]
|
|
comment = Storage
|
|
path = /ext
|
|
writable = yes
|
|
public = no
|
|
valid users = SMBUSER
|
|
force create mode = 0644
|
|
EOF
|
|
sed -i "s/SMBGROUP/$SMBGROUP/" /etc/samba/smb.conf.tmp
|
|
sed -i "s/SMBUSER/$SMBUSER/" /etc/samba/smb.conf.tmp
|
|
sed -i "s/SUBNET/$SUBNET/" /etc/samba/smb.conf.tmp
|
|
dialog --backtitle "$BACKTITLE" --title "Review samba configuration" --no-collapse --editbox /etc/samba/smb.conf.tmp 30 0 2> /etc/samba/smb.conf.tmp.out
|
|
if [[ $? = 0 ]]; then
|
|
mv /etc/samba/smb.conf.tmp.out /etc/samba/smb.conf
|
|
install -m 755 -g $SMBUSER -o $SMBUSER -d /ext
|
|
service service smbd stop >/dev/null 2>&1
|
|
sleep 3
|
|
service service smbd start >/dev/null 2>&1
|
|
fi
|
|
}
|
|
|
|
|
|
|
|
install_ncp (){
|
|
curl -sSL https://raw.githubusercontent.com/nextcloud/nextcloudpi/master/install.sh > ${TEMP_DIR}/install.sh
|
|
curl -sSL https://raw.githubusercontent.com/nextcloud/nextcloudpi/master/etc/ncp.cfg > ${TEMP_DIR}/ncp.cfg
|
|
local DEBIAN_RELEASE=$(awk '{if ($1 == "\"release\":" ) {print $2}}' ${TEMP_DIR}/ncp.cfg | sed 's/[", ]//g')
|
|
sed "s/check_distro etc\/ncp.cfg/[[ \$(lsb_release -cs) == \"${DEBIAN_RELEASE}\" ]] /" -i ${TEMP_DIR}/install.sh
|
|
bash ${TEMP_DIR}/install.sh
|
|
}
|
|
|
|
|
|
|
|
install_omv (){
|
|
#
|
|
# Install OpenMediaVault on Debian
|
|
#
|
|
if [ -f /etc/armbian-release ]; then
|
|
. /etc/armbian-release
|
|
fi
|
|
|
|
# Requirement: OMV5 = Debian Buster, OMV 6 = Debian Bullseye
|
|
if [[ "$distribution" != "buster" ]] && [[ "$distribution" != "bullseye" ]]; then
|
|
dialog --backtitle "$BACKTITLE" --title "Dependencies not met" --msgbox "\nOpenMediaVault can only be installed on Debian Buster (OMV 5) or Debian Bullseye (OMV 6)." 7 52
|
|
sleep 5
|
|
exit 1
|
|
fi
|
|
|
|
# Download OMV install script
|
|
wgeturl="https://github.com/OpenMediaVault-Plugin-Developers/installScript/raw/master/install"
|
|
fancy_wget "$wgeturl" "-O ${TEMP_DIR}/omv_install.sh"
|
|
|
|
# Execute install script
|
|
clear
|
|
echo "Starting OpenMediaVault install. Be patient, it will take several minutes..."
|
|
sleep 2
|
|
bash ${TEMP_DIR}/omv_install.sh -r
|
|
|
|
# Board Specific Tweak
|
|
echo "Now applying board tweak if required..."
|
|
|
|
# Hardkernel Cloudshell 1 and 2 fixes, read the whole thread for details:
|
|
# https://forum.openmediavault.org/index.php/Thread/17855
|
|
lsusb | grep -q -i "05e3:0735" && sed -i "/exit 0/i echo 20 > /sys/class/block/sda/queue/max_sectors_kb" /etc/rc.local
|
|
|
|
case ${BOARD} in
|
|
odroidxu4)
|
|
apt install -y i2c-tools
|
|
/usr/sbin/i2cdetect -y 1 | grep -q "60: 60"
|
|
if [ $? -eq 0 ]; then
|
|
add-apt-repository -y ppa:kyle1117/ppa
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3028C3C96AD57103
|
|
sed -i 's/hirsute/focal/' /etc/apt/sources.list.d/kyle1117-ubuntu-ppa-hirsute.list
|
|
apt update
|
|
apt install -y -q cloudshell-lcd odroid-cloudshell cloudshell2-fan
|
|
lsusb -v | awk -F"__" '/RANDOM_/ {print $2}' | head -n1 | while read ; do
|
|
echo "ATTRS{idVendor}==\"152d\", ATTRS{idProduct}==\"0561\", KERNEL==\"sd*\", ENV{DEVTYPE}==\"disk\", SYMLINK=\"disk/by-id/\$env{ID_BUS}-CloudShell2-${REPLY}-\$env{ID_MODEL}\"" >> /etc/udev/rules.d/99-cloudshell2.rules
|
|
echo "ATTRS{idVendor}==\"152d\", ATTRS{idProduct}==\"0561\", KERNEL==\"sd*\", ENV{DEVTYPE}==\"partition\", SYMLINK=\"disk/by-id/\$env{ID_BUS}-CloudShell2-${REPLY}-\$env{ID_MODEL}-part%n\"" >> /etc/udev/rules.d/99-cloudshell2.rules
|
|
done
|
|
fi
|
|
;;
|
|
helios4)
|
|
# Make mdadm display fault events on Fault LED
|
|
# NOTE : this is not a permanent approach need to be improved via some OMV core code change
|
|
if [ -f /usr/sbin/mdadm-fault-led.sh ]; then
|
|
cat <<EOF > /srv/salt/omv/deploy/mdadm/25faultled.sls
|
|
mdadm_add_program_config:
|
|
cmd.run:
|
|
- name: "echo -e '\n# Trigger Fault Led script when an event is detected\nPROGRAM /usr/sbin/mdadm-fault-led.sh' >> /etc/mdadm/mdadm.conf"
|
|
EOF
|
|
/usr/sbin/omv-salt deploy run mdadm
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
if check_if_installed openmediavault; then
|
|
dialog --colors --backtitle "$BACKTITLE" --no-collapse --title "OMV Installation" --yesno "\nIt is recommended to reboot your system to finish OMV setup. Do you want to reboot now?" 8 80
|
|
if [[ $? == 0 ]]; then
|
|
reboot
|
|
fi
|
|
fi
|
|
}
|
|
|
|
install_tvheadend ()
|
|
{
|
|
#
|
|
# TVheadend https://tvheadend.org/ unofficial port https://tvheadend.org/boards/5/topics/21528
|
|
#
|
|
if [[ "$family" == "Ubuntu" ]]; then
|
|
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 26F4EF8440618B66 >/dev/null 2>&1
|
|
add-apt-repository -y ppa:mamarley/tvheadend-git >/dev/null 2>&1
|
|
debconf-apt-progress -- apt-get -y install libssl-doc libssl1.1 zlib1g-dev tvheadend xmltv-util
|
|
else
|
|
if [ ! -f /etc/apt/sources.list.d/tvheadend.list ]; then
|
|
echo "deb https://www.deb-multimedia.org ${distribution} main non-free" >> /etc/apt/sources.list.d/tvheadend.list
|
|
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 5C808C2B65558117 >/dev/null 2>&1
|
|
fi
|
|
URL="https://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.0.0_1.0.1t-1+deb8u9_"$(dpkg --print-architecture)".deb"
|
|
fancy_wget "$URL" "-O ${TEMP_DIR}/package.deb"
|
|
dpkg -i ${TEMP_DIR}/package.deb >/dev/null 2>&1
|
|
debconf-apt-progress -- apt-get update
|
|
debconf-apt-progress -- apt-get -y install libssl-doc zlib1g-dev tvheadend xmltv-util
|
|
fi
|
|
}
|
|
|
|
|
|
|
|
|
|
install_docker ()
|
|
{
|
|
debconf-apt-progress -- apt-get update
|
|
debconf-apt-progress -- apt-get install -y -qq --no-install-recommends docker.io
|
|
}
|
|
|
|
|
|
|
|
|
|
install_urbackup ()
|
|
{
|
|
#
|
|
# Client/server backup system https://www.urbackup.org/
|
|
#
|
|
if [ "$(dpkg --print-architecture | grep arm64)" == "arm64" ]; then local arch=armhf; else local arch=$(dpkg --print-architecture); fi
|
|
PREFIX="https://hndl.urbackup.org/Server/latest/"
|
|
URL="https://hndl.urbackup.org/Server/latest/"$(wget -q $PREFIX -O - | html2text -width 120 | grep deb | awk ' { print $3 }' | grep $arch)
|
|
fancy_wget "$URL" "-O ${TEMP_DIR}/package.deb"
|
|
dpkg -i ${TEMP_DIR}/package.deb >/dev/null 2>&1
|
|
apt-get -yy -f install
|
|
}
|
|
|
|
|
|
|
|
|
|
install_transmission ()
|
|
{
|
|
#
|
|
# transmission
|
|
#
|
|
install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading dependencies"
|
|
install_packet "transmission-cli transmission-common transmission-daemon" "Install torrent server"
|
|
service transmission-daemon stop
|
|
local A=(${serverIP//./ })
|
|
local servernetwork="${A[0]}.${A[1]}.*.*"
|
|
sed "s/\"rpc-whitelist\": \"127.0.0.1.*/\"rpc-whitelist\": \"127.0.0.1,$servernetwork\",/" -i /etc/transmission-daemon/settings.json
|
|
service transmission-daemon start
|
|
# systemd workaround
|
|
# https://forum.armbian.com/index.php?/topic/4017-programs-does-not-start-automatically-at-boot/
|
|
sed -e 's/exit 0//g' -i /etc/rc.local
|
|
cat >> /etc/rc.local <<"EOF"
|
|
service transmission-daemon restart
|
|
exit 0
|
|
EOF
|
|
}
|
|
|
|
|
|
|
|
install_transmission_seed_armbian_torrents ()
|
|
{
|
|
#
|
|
# seed our torrents
|
|
#
|
|
# adjust network buffers if necessary
|
|
rmem_recommended=4194304
|
|
wmem_recommended=1048576
|
|
rmem_actual=$(sysctl net.core.rmem_max | awk -F" " '{print $3}')
|
|
if [ ${rmem_actual} -lt ${rmem_recommended} ]; then
|
|
grep -q net.core.rmem_max /etc/sysctl.conf && \
|
|
sed -i "s/net.core.rmem_max =.*/net.core.rmem_max = ${rmem_recommended}/" /etc/sysctl.conf || \
|
|
echo "net.core.rmem_max = ${rmem_recommended}" >> /etc/sysctl.conf
|
|
fi
|
|
wmem_actual=$(sysctl net.core.wmem_max | awk -F" " '{print $3}')
|
|
if [ ${wmem_actual} -lt ${wmem_recommended} ]; then
|
|
grep -q net.core.wmem_max /etc/sysctl.conf && \
|
|
sed -i "s/net.core.wmem_max =.*/net.core.wmem_max = ${wmem_recommended}/" /etc/sysctl.conf || \
|
|
echo "net.core.wmem_max = ${wmem_recommended}" >> /etc/sysctl.conf
|
|
fi
|
|
/sbin/sysctl -p >/dev/null 2>&1
|
|
# create cron job for daily sync with official Armbian torrents
|
|
cat > /etc/cron.daily/seed-armbian-torrent <<"EOF"
|
|
#!/bin/bash
|
|
#
|
|
# armbian torrents auto update
|
|
#
|
|
# download latest torrent pack
|
|
TEMP_DIR=$(mktemp -d || exit 1)
|
|
chmod 700 ${TEMP_DIR}
|
|
trap "rm -rf \"${TEMP_DIR}\" ; exit 0" 0 1 2 3 15
|
|
wget -qO- -O ${TEMP_DIR}/armbian-torrents.zip https://dl.armbian.com/torrent/all-torrents.zip
|
|
# test zip for corruption
|
|
unzip -t ${TEMP_DIR}/armbian-torrents.zip >/dev/null 2>&1
|
|
[[ $? -ne 0 ]] && echo "Error in zip" && exit
|
|
# extract zip
|
|
unzip -o ${TEMP_DIR}/armbian-torrents.zip -d ${TEMP_DIR}/torrent-tmp >/dev/null 2>&1
|
|
# create list of current active torrents
|
|
transmission-remote -n 'transmission:transmission' -l | sed '1d; $d' > ${TEMP_DIR}/torrent-tmp/active.torrents
|
|
# loop and add/update torrent files
|
|
for f in ${TEMP_DIR}/torrent-tmp/*.torrent; do
|
|
transmission-remote -n 'transmission:transmission' -a $f > /dev/null 2>&1
|
|
# remove added from the list
|
|
pattern="${f//.torrent}"; pattern="${pattern##*/}";
|
|
sed -i "/$pattern/d" ${TEMP_DIR}/torrent-tmp/active.torrents
|
|
done
|
|
# remove old armbian torrents
|
|
while read i; do
|
|
[[ $i == *Armbian_* || $i == *gcc-linaro-* || $i == *tar.lz4 ]] && transmission-remote -n 'transmission:transmission' -t $(echo "$i" | awk '{print $1}';) --remove-and-delete
|
|
done < ${TEMP_DIR}/torrent-tmp/active.torrents
|
|
# remove temporally files and direcotories
|
|
# prepare to serve files via www as well
|
|
#WEBROOT="/var/www/html/dl/"
|
|
#TORRENT="/var/lib/transmission-daemon/downloads/"
|
|
#mkdir -p ${WEBROOT}
|
|
#find ${WEBROOT} -type l -delete
|
|
#curl -sq http://redirect.armbian.com/dl_map | jq -Mr '.' | tr -d \"," " | grep -v nightly | sort | cut -d":" -f2 | tail -n+3 > test.txt
|
|
#cat test.txt | cut -d"/" -f1,2 | uniq | xargs -n1 -i{} mkdir -p "${WEBROOT}{}"
|
|
#mkdir -p ${WEBROOT}_rootfs ${WEBROOT}_toolchain
|
|
#cat test.txt | grep ".xz$" | awk -F "/" '{print "'$TORRENT'"$3 " '$WEBROOT'"$1"/"$2"/"$3}' | xargs -I% -n 2 ln -sf
|
|
#rsync -aq --delete --exclude="*.xz" --exclude="nightly" rsync://mirrors.dotsrc.org/armbian-dl/ ${WEBROOT}
|
|
EOF
|
|
chmod +x /etc/cron.daily/seed-armbian-torrent
|
|
/etc/cron.daily/seed-armbian-torrent &
|
|
}
|
|
|
|
|
|
|
|
|
|
install_hassio ()
|
|
{
|
|
#
|
|
# Install Home assistant smart home suite hass.io / Docker instance by using official installer
|
|
#
|
|
|
|
local arch=$(dpkg --print-architecture)
|
|
|
|
case $arch in
|
|
armhf)
|
|
local machine=raspberrypi2
|
|
;;
|
|
arm64)
|
|
local machine=raspberrypi4-64
|
|
;;
|
|
amd64)
|
|
local machine=intel-nuc
|
|
;;
|
|
*)
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
if [ $? == 0 ]; then
|
|
|
|
install_docker
|
|
debconf-apt-progress -- apt-get install -y apparmor-utils apt-transport-https avahi-daemon ca-certificates \
|
|
dbus jq network-manager socat software-properties-common
|
|
curl -sL "https://raw.githubusercontent.com/home-assistant/supervised-installer/master/installer.sh" | \
|
|
bash -s -- -m ${machine}
|
|
dialog --backtitle "$BACKTITLE" --title "Please wait" \
|
|
--msgbox "\nIt can take several minutes before Home Assistant UI becomes available! " 7 75
|
|
|
|
fi
|
|
}
|
|
|
|
|
|
|
|
|
|
install_openhab ()
|
|
{
|
|
#
|
|
# Install Openhab smart home suite
|
|
#
|
|
|
|
local jdkArch=$(dpkg --print-architecture)
|
|
|
|
case $jdkArch in
|
|
|
|
armhf)
|
|
URL="https://cdn.azul.com/zulu-embedded/bin/zulu11.43.100-ca-jdk11.0.9.1-linux_aarch32hf.tar.gz"
|
|
;;
|
|
arm64)
|
|
URL="https://cdn.azul.com/zulu-embedded/bin/zulu11.43.100-ca-jdk11.0.9.1-linux_aarch64.tar.gz"
|
|
;;
|
|
amd64)
|
|
URL="https://cdn.azul.com/zulu/bin/zulu11.43.55-ca-jdk11.0.9.1-linux_x64.tar.gz"
|
|
;;
|
|
*)
|
|
URL="https://cdn.azul.com/zulu/bin/zulu11.43.55-ca-jdk11.0.9.1-linux_i686.tar.gz"
|
|
|
|
esac
|
|
fancy_wget "$URL" "-O ${TEMP_DIR}/zulu11.tar.gz"
|
|
mkdir -p /opt/jdk
|
|
tar -xpzf ${TEMP_DIR}/zulu11.tar.gz -C /opt/jdk
|
|
jdkBin=$(find /opt/jdk/*/bin ... -print -quit)
|
|
jdkLib=$(find /opt/jdk/*/lib ... -print -quit)
|
|
update-alternatives --remove-all java >/dev/null 2>&1
|
|
update-alternatives --remove-all javac >/dev/null 2>&1
|
|
update-alternatives --install /usr/bin/java java "$jdkBin"/java 1083000 >/dev/null 2>&1
|
|
update-alternatives --install /usr/bin/javac javac "$jdkBin"/javac 1083000 >/dev/null 2>&1
|
|
echo "$jdkLib"/"$jdkArch" > /etc/ld.so.conf.d/java.conf
|
|
echo "$jdkLib"/"$jdkArch"/jli >> /etc/ld.so.conf.d/java.conf
|
|
ldconfig >/dev/null 2>&1
|
|
wget -qO - 'https://openhab.jfrog.io/artifactory/api/gpg/key/public' | apt-key add - >/dev/null 2>&1
|
|
echo 'deb https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable main' | sudo tee /etc/apt/sources.list.d/openhab.list >/dev/null 2>&1
|
|
|
|
debconf-apt-progress -- apt-get update
|
|
debconf-apt-progress -- apt-get install -y openhab
|
|
systemctl daemon-reload >/dev/null 2>&1
|
|
systemctl enable openhab.service >/dev/null 2>&1
|
|
systemctl start openhab.service >/dev/null 2>&1
|
|
debconf-apt-progress -- apt-get install -y openhab-addons
|
|
sed -i 's|EXTRA_JAVA_OPTS=""|EXTRA_JAVA_OPTS="-Dgnu.io.rxtx.SerialPorts=/dev/ttyUSB0:/dev/ttyS0:/dev/ttyS2:/dev/ttyACM0:/dev/ttyAMA0"|' /etc/default/openhab
|
|
service openhab restart >/dev/null 2>&1
|
|
dialog --backtitle "$BACKTITLE" --title "Please wait" --msgbox \
|
|
"\nIt can take several minutes before OpenHAB UI becomes available! " 7 68
|
|
}
|
|
|
|
|
|
|
|
|
|
install_syncthing ()
|
|
{
|
|
#
|
|
# Install Personal cloud https://syncthing.net/
|
|
#
|
|
|
|
curl -s https://syncthing.net/release-key.txt | apt-key add - >/dev/null 2>&1
|
|
echo "deb https://apt.syncthing.net/ syncthing stable" | tee /etc/apt/sources.list.d/syncthing.list >/dev/null 2>&1
|
|
debconf-apt-progress -- apt-get update
|
|
debconf-apt-progress -- apt-get -y install syncthing
|
|
|
|
# increase open file limit
|
|
if !(grep -qs "fs.inotify.max_user_watches=204800" "/etc/sysctl.conf");then
|
|
echo -e "fs.inotify.max_user_watches=204800" | tee -a /etc/sysctl.conf
|
|
fi
|
|
add_choose_user
|
|
mv /lib/systemd/system/syncthing@.service /lib/systemd/system/syncthing@${CHOSEN_USER}.service
|
|
|
|
# create startup files
|
|
systemctl enable syncthing@${CHOSEN_USER}.service >/dev/null 2>&1
|
|
systemctl start syncthing@${CHOSEN_USER}.service >/dev/null 2>&1
|
|
systemctl stop syncthing@${CHOSEN_USER}.service >/dev/null 2>&1
|
|
systemctl start syncthing@${CHOSEN_USER}.service >/dev/null 2>&1
|
|
# wait until config file is created
|
|
while :
|
|
do
|
|
if [[ -f /home/${CHOSEN_USER}/.config/syncthing/config.xml ]]; then break; fi
|
|
sleep 1
|
|
done
|
|
# change to server IP
|
|
sed -i "s/127.0.0.1/${serverIP}/" /home/${CHOSEN_USER}/.config/syncthing/config.xml
|
|
systemctl restart syncthing@${CHOSEN_USER}.service >/dev/null 2>&1
|
|
dialog --backtitle "$BACKTITLE" --title "Please wait" --msgbox "\nIt can take several minutes before Syncthing UI becomes available! " 7 70
|
|
}
|
|
|
|
|
|
|
|
|
|
install_plex_media_server ()
|
|
{
|
|
#
|
|
# Plex Media server
|
|
#
|
|
echo -e "deb https://downloads.plex.tv/repo/deb public main" > /etc/apt/sources.list.d/plex.list
|
|
wget -q -O - https://downloads.plex.tv/plex-keys/PlexSign.key | apt-key add - >/dev/null 2>&1
|
|
debconf-apt-progress -- apt-get update
|
|
debconf-apt-progress -- apt-get -y install plexmediaserver
|
|
}
|
|
|
|
|
|
|
|
|
|
install_emby_server ()
|
|
{
|
|
#
|
|
# Emby server
|
|
#
|
|
ARCH=$(dpkg --print-architecture)
|
|
URL=$(curl -s https://api.github.com/repos/MediaBrowser/Emby.Releases/releases/latest | grep "/emby-server-deb.*${ARCH}.deb" | cut -d : -f 2,3 | tr -d \")
|
|
fancy_wget "$URL" "-O ${TEMP_DIR}/emby.deb"
|
|
dpkg -i ${TEMP_DIR}/emby.deb >/dev/null 2>&1
|
|
apt-get -yy -f install
|
|
}
|
|
|
|
|
|
|
|
|
|
install_radarr ()
|
|
{
|
|
#
|
|
# Automatically downloading movies
|
|
#
|
|
debconf-apt-progress -- apt-get update
|
|
debconf-apt-progress -- apt-get -y install mono-devel mediainfo libmono-cil-dev
|
|
wgeturl=$(curl -s "https://api.github.com/repos/Radarr/Radarr/releases" | grep 'linux.tar.gz' | grep 'browser_download_url' | head -1 | cut -d \" -f 4)
|
|
fancy_wget "$wgeturl" "-O ${TEMP_DIR}/radarr.tgz"
|
|
tar xf ${TEMP_DIR}/radarr.tgz -C /opt
|
|
cat << _EOF_ > /etc/systemd/system/radarr.service
|
|
[Unit]
|
|
Description=Radarr Daemon
|
|
After=network.target
|
|
[Service]
|
|
User=root
|
|
Type=simple
|
|
ExecStart=/usr/bin/mono --debug /opt/Radarr/Radarr.exe -nobrowser
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
_EOF_
|
|
systemctl enable radarr >/dev/null 2>&1
|
|
systemctl start radarr
|
|
}
|
|
|
|
|
|
|
|
|
|
install_sonarr ()
|
|
{
|
|
#
|
|
# Automatically downloading TV shows
|
|
#
|
|
if [ "$(dpkg --print-architecture | grep arm64)" == "arm64" ]; then
|
|
debconf-apt-progress -- apt-get update
|
|
debconf-apt-progress -- apt-get -y install mono-complete mediainfo
|
|
fancy_wget "https://update.sonarr.tv/v2/develop/mono/NzbDrone.develop.tar.gz" "-O ${TEMP_DIR}/sonarr.tgz"
|
|
tar xf ${TEMP_DIR}/sonarr.tgz -C /opt
|
|
else
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FDA5DFFC >/dev/null 2>&1
|
|
echo -e "deb https://apt.sonarr.tv/ develop main" > /etc/apt/sources.list.d/sonarr.list
|
|
debconf-apt-progress -- apt-get update
|
|
debconf-apt-progress -- apt-get -y install nzbdrone
|
|
fi
|
|
cat << _EOF_ > /etc/systemd/system/sonarr.service
|
|
[Unit]
|
|
Description=Sonarr (NzbDrone) Daemon
|
|
After=network.target
|
|
[Service]
|
|
User=root
|
|
Type=simple
|
|
ExecStart=/usr/bin/mono --debug /opt/NzbDrone/NzbDrone.exe -nobrowser
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
_EOF_
|
|
systemctl enable sonarr >/dev/null 2>&1
|
|
systemctl start sonarr
|
|
}
|
|
|
|
|
|
|
|
|
|
install_vpn_server ()
|
|
{
|
|
#
|
|
# Script downloads latest stable
|
|
#
|
|
cd ${TEMP_DIR}
|
|
PREFIX="https://www.softether-download.com/files/softether/"
|
|
install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading basic packages"
|
|
URL=$(wget -q $PREFIX -O - | html2text | grep rtm | awk ' { print $(NF) }' | tail -1)
|
|
SUFIX="${URL/-tree/}"
|
|
if [ "$(dpkg --print-architecture | grep armhf)" != "" ]; then
|
|
DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Server/32bit_-_ARM_EABI/softether-vpnserver-$SUFIX-linux-arm_eabi-32bit.tar.gz"
|
|
else
|
|
install_packet "gcc-multilib" "Install libraries"
|
|
DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Server/32bit_-_Intel_x86/softether-vpnserver-$SUFIX-linux-x86-32bit.tar.gz"
|
|
fi
|
|
wget -q $DLURL -O - | tar -xz
|
|
cd vpnserver
|
|
make i_read_and_agree_the_license_agreement | dialog --backtitle "$BACKTITLE" --title "Compiling SoftEther VPN" --progressbox $TTY_Y $TTY_X
|
|
cd ..
|
|
cp -R vpnserver /usr/local
|
|
cd /usr/local/vpnserver/
|
|
chmod 600 *
|
|
chmod 700 vpncmd
|
|
chmod 700 vpnserver
|
|
if [[ -d /run/systemd/system/ ]]; then
|
|
cat <<EOT >/lib/systemd/system/ethervpn.service
|
|
[Unit]
|
|
Description=VPN service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/usr/local/vpnserver/vpnserver start
|
|
ExecStop=/usr/local/vpnserver/vpnserver stop
|
|
RemainAfterExit=yes
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOT
|
|
systemctl enable ethervpn.service
|
|
service ethervpn start
|
|
|
|
else
|
|
|
|
cat <<EOT > /etc/init.d/vpnserver
|
|
#!/bin/sh
|
|
### BEGIN INIT INFO
|
|
# Provides: vpnserver
|
|
# Required-Start: \$remote_fs \$syslog
|
|
# Required-Stop: \$remote_fs \$syslog
|
|
# Default-Start: 2 3 4 5
|
|
# Default-Stop: 0 1 6
|
|
# Short-Description: Start daemon at boot time
|
|
# Description: Enable Softether by daemon.
|
|
### END INIT INFO
|
|
DAEMON=/usr/local/vpnserver/vpnserver
|
|
LOCK=/var/lock/vpnserver
|
|
test -x $DAEMON || exit 0
|
|
case "\$1" in
|
|
start)
|
|
\$DAEMON start
|
|
touch \$LOCK
|
|
;;
|
|
stop)
|
|
\$DAEMON stop
|
|
rm \$LOCK
|
|
;;
|
|
restart)
|
|
\$DAEMON stop
|
|
sleep 3
|
|
\$DAEMON start
|
|
;;
|
|
*)
|
|
echo "Usage: \$0 {start|stop|restart}"
|
|
exit 1
|
|
esac
|
|
exit 0
|
|
EOT
|
|
chmod 755 /etc/init.d/vpnserver
|
|
mkdir /var/lock/subsys
|
|
update-rc.d vpnserver defaults >> $logfile
|
|
/etc/init.d/vpnserver start
|
|
fi
|
|
}
|
|
|
|
|
|
|
|
|
|
install_vpn_client ()
|
|
{
|
|
#
|
|
# Script downloads latest stable
|
|
#
|
|
cd ${TEMP_DIR}
|
|
PREFIX="https://www.softether-download.com/files/softether/"
|
|
install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading basic packages"
|
|
URL=$(wget -q $PREFIX -O - | html2text | grep rtm | awk ' { print $(NF) }' | tail -1)
|
|
SUFIX="${URL/-tree/}"
|
|
if [ "$(dpkg --print-architecture | grep armhf)" != "" ]; then
|
|
DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Client/32bit_-_ARM_EABI/softether-vpnclient-$SUFIX-linux-arm_eabi-32bit.tar.gz"
|
|
else
|
|
install_packet "gcc-multilib" "Install libraries"
|
|
DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Client/32bit_-_Intel_x86/softether-vpnclient-$SUFIX-linux-x86-32bit.tar.gz"
|
|
fi
|
|
wget -q $DLURL -O - | tar -xz
|
|
cd vpnclient
|
|
make i_read_and_agree_the_license_agreement | dialog --backtitle "$BACKTITLE" --title "Compiling SoftEther VPN vpnclient" --progressbox $TTY_Y $TTY_X
|
|
cd ..
|
|
cp -R vpnclient /usr/local
|
|
cd /usr/local/vpnclient/
|
|
chmod 600 *
|
|
chmod 700 vpncmd
|
|
chmod 700 vpnclient
|
|
}
|
|
|
|
|
|
|
|
|
|
install_DashNTP ()
|
|
{
|
|
#
|
|
# Install DASH and NTP service
|
|
#
|
|
echo "dash dash/sh boolean false" | debconf-set-selections
|
|
dpkg-reconfigure -f noninteractive dash > /dev/null 2>&1
|
|
install_packet "ntp ntpdate" "Install DASH and NTP service"
|
|
}
|
|
|
|
|
|
|
|
|
|
install_MySQL ()
|
|
{
|
|
#
|
|
# Maria SQL
|
|
#
|
|
install_packet "mariadb-client mariadb-server" "SQL client and server"
|
|
#Allow MySQL to listen on all interfaces
|
|
cp /etc/mysql/my.cnf /etc/mysql/my.cnf.backup
|
|
[[ -f /etc/mysql/my.cnf ]] && sed -i 's|bind-address.*|#bind-address = 127.0.0.1|' /etc/mysql/my.cnf
|
|
[[ -f /etc/mysql/mariadb.conf.d/50-server.cnf ]] && sed -i 's|bind-address.*|#bind-address = 127.0.0.1|' /etc/mysql/mariadb.conf.d/50-server.cnf
|
|
SECURE_MYSQL=$(expect -c "
|
|
set timeout 3
|
|
spawn mysql_secure_installation
|
|
expect \"Enter current password for root (enter for none):\"
|
|
send \"\r\"
|
|
expect \"root password?\"
|
|
send \"y\r\"
|
|
expect \"New password:\"
|
|
send \"$MYSQL_PASS\r\"
|
|
expect \"Re-enter new password:\"
|
|
send \"$MYSQL_PASS\r\"
|
|
expect \"Remove anonymous users?\"
|
|
send \"y\r\"
|
|
expect \"Disallow root login remotely?\"
|
|
send \"y\r\"
|
|
expect \"Remove test database and access to it?\"
|
|
send \"y\r\"
|
|
expect \"Reload privilege tables now?\"
|
|
send \"y\r\"
|
|
expect eof
|
|
")
|
|
#
|
|
# Execution mysql_secure_installation
|
|
#
|
|
echo "${SECURE_MYSQL}" >> /dev/null
|
|
# ISP config exception
|
|
mkdir -p /etc/mysql/mariadb.conf.d/
|
|
cat > /etc/mysql/mariadb.conf.d/99-ispconfig.cnf<<"EOF"
|
|
[mysqld]
|
|
sql-mode="NO_ENGINE_SUBSTITUTION"
|
|
EOF
|
|
service mysql restart >> /dev/null
|
|
}
|
|
|
|
|
|
|
|
|
|
install_MySQLDovecot ()
|
|
{
|
|
#
|
|
# Install Postfix, Dovecot, Saslauthd, rkhunter, binutils
|
|
#
|
|
echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections
|
|
echo "postfix postfix/mailname string $HOSTNAMEFQDN" | debconf-set-selections
|
|
install_packet "postfix postfix-mysql postfix-doc openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql \
|
|
dovecot-sieve sudo libsasl2-modules dovecot-lmtpd" "postfix, dovecot, saslauthd, rkhunter, binutils"
|
|
#Uncommenting some Postfix configuration files
|
|
cp /etc/postfix/master.cf /etc/postfix/master.cf.backup
|
|
sed -i 's|#submission inet n - - - - smtpd|submission inet n - - - - smtpd|' /etc/postfix/master.cf
|
|
sed -i 's|# -o syslog_name=postfix/submission| -o syslog_name=postfix/submission|' /etc/postfix/master.cf
|
|
sed -i 's|# -o smtpd_tls_security_level=encrypt| -o smtpd_tls_security_level=encrypt|' /etc/postfix/master.cf
|
|
sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
|
|
sed -i 's|# -o smtpd_client_restrictions=permit_sasl_authenticated,reject| -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf
|
|
sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
|
|
sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
|
|
sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
|
|
sed -i 's|#smtps inet n - - - - smtpd|smtps inet n - - - - smtpd|' /etc/postfix/master.cf
|
|
sed -i 's|# -o syslog_name=postfix/smtps| -o syslog_name=postfix/smtps|' /etc/postfix/master.cf
|
|
sed -i 's|# -o smtpd_tls_wrappermode=yes| -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf
|
|
service postfix restart >> /dev/null
|
|
}
|
|
|
|
|
|
|
|
|
|
install_Virus ()
|
|
{
|
|
#
|
|
# Install Amavisd-new, SpamAssassin, And ClamAV
|
|
#
|
|
packets="amavisd-new spamassassin clamav clamav-daemon unzip bzip2 arj p7zip unrar-free rpm nomarch lzop \
|
|
cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl \
|
|
libnet-ident-perl zip libnet-dns-perl postgrey"
|
|
if [[ $distribution != "bionic" ]] && [[ $distribution != "buster" ]]; then
|
|
packets=$packets" zoo"
|
|
fi
|
|
if [[ $distribution != "buster" ]]; then packets=$packets" ripole"; fi
|
|
install_packet "$packets" "amavisd, spamassassin, clamav"
|
|
sed -i "s/^AllowSupplementaryGroups.*/AllowSupplementaryGroups true/" /etc/clamav/clamd.conf
|
|
service spamassassin stop >/dev/null 2>&1
|
|
systemctl disable spamassassin >/dev/null 2>&1
|
|
# amavisd-new program has currently a bug in Ubuntu 18.04
|
|
if [[ $distribution == bionic ]]; then
|
|
cd ${TEMP_DIR}
|
|
wget -q https://git.ispconfig.org/ispconfig/ispconfig3/raw/stable-3.1/helper_scripts/ubuntu-amavisd-new-2.11.patch
|
|
cd /usr/sbin
|
|
cp -pf amavisd-new amavisd-new_bak
|
|
patch --silent < ${TEMP_DIR}/ubuntu-amavisd-new-2.11.patch >> /dev/null 2>&1
|
|
fi
|
|
freshclam >> /var/log/ispconfig_config.log
|
|
service clamav-daemon start >/dev/null 2>&1
|
|
}
|
|
|
|
|
|
|
|
|
|
install_hhvm ()
|
|
{
|
|
#
|
|
# Install HipHop Virtual Machine
|
|
#
|
|
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xB4112585D386EB94 >/dev/null 2>&1
|
|
add-apt-repository https://dl.hhvm.com/"${family,,}" >/dev/null 2>&1
|
|
debconf-apt-progress -- apt-get update
|
|
install_packet "hhvm" "HipHop Virtual Machine"
|
|
}
|
|
|
|
|
|
|
|
|
|
install_phpmyadmin ()
|
|
{
|
|
#
|
|
# Phpmyadmin unattended installation
|
|
#
|
|
if [[ "$family" != "Ubuntu" ]]; then
|
|
DEBIAN_FRONTEND=noninteractive debconf-apt-progress -- apt-get -y install phpmyadmin
|
|
else
|
|
debconf-set-selections <<< "phpmyadmin phpmyadmin/internal/skip-preseed boolean true"
|
|
debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect true"
|
|
debconf-set-selections <<< "phpmyadmin phpmyadmin/dbconfig-install boolean false"
|
|
echo "phpmyadmin phpmyadmin/internal/skip-preseed boolean true" | debconf-set-selections
|
|
echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" | debconf-set-selections
|
|
echo "phpmyadmin phpmyadmin/dbconfig-install boolean false" | debconf-set-selections
|
|
debconf-apt-progress -- apt-get install -y phpmyadmin
|
|
fi
|
|
# Apache2 needs additional hack
|
|
WWW_RECONFIG=$(expect -c "
|
|
set timeout 3
|
|
spawn dpkg-reconfigure -f readline phpmyadmin
|
|
expect \"Reinstall database for phpmyadmin?\"
|
|
send \"No\r\"
|
|
expect \"Web server to reconfigure automatically:\"
|
|
send \"1\r\"
|
|
expect eof
|
|
")
|
|
echo "${WWW_RECONFIG}" >> /dev/null
|
|
}
|
|
|
|
|
|
|
|
|
|
install_apache ()
|
|
{
|
|
#
|
|
# Install Apache2, PHP5, FCGI, suExec, Pear and mcrypt
|
|
#
|
|
|
|
local pkg="apache2 apache2-doc apache2-utils libapache2-mod-fcgid php-pear mcrypt imagemagick libruby libapache2-mod-python memcached"
|
|
|
|
local pkg_xenial="libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi \
|
|
apache2-suexec-pristine php-auth php7.0-mcrypt php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy \
|
|
php7.0-xmlrpc php7.0-xsl php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring php7.0-opcache php-apcu \
|
|
libapache2-mod-fastcgi php7.0-fpm"
|
|
|
|
local pkg_bionic="apache2 apache2-doc apache2-utils libapache2-mod-php php7.2 php7.2-common php7.2-gd php7.2-mysql php7.2-imap \
|
|
phpmyadmin php7.2-cli php7.2-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear mcrypt imagemagick libruby libapache2-mod-python \
|
|
php7.2-curl php7.2-intl php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy php7.2-xmlrpc php7.2-xsl memcached php-memcache \
|
|
php-imagick php-gettext php7.2-zip php7.2-mbstring php-soap php7.2-soap php7.2-fpm php-apcu certbot"
|
|
|
|
local pkg_stretch="libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi libapache2-mod-fcgid \
|
|
apache2-suexec-pristine php7.0-mcrypt libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 \
|
|
php7.0-tidy php7.0-xmlrpc php7.0-xsl php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring libapache2-mod-passenger \
|
|
php7.0-soap php7.0-fpm php7.0-opcache php-apcu certbot"
|
|
|
|
local pkg_jessie="apache2.2-common apache2-mpm-prefork libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql \
|
|
php5-imap php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick libapache2-mod-python \
|
|
php5-curl php5-intl php5-memcache php5-memcached php5-pspell php5-recode php5-sqlite php5-tidy php5-xmlrpc php5-xsl \
|
|
libapache2-mod-passenger php5-xcache libapache2-mod-fastcgi php5-fpm"
|
|
|
|
local pkg_buster="apache2 apache2-doc apache2-utils libapache2-mod-php php7.3 php7.3-common php7.3-gd php7.3-mysql php7.3-imap \
|
|
php7.3-cli php7.3-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear mcrypt imagemagick libruby libapache2-mod-python \
|
|
php7.3-curl php7.3-intl php7.3-pspell php7.3-recode php7.3-sqlite3 php7.3-tidy php7.3-xmlrpc php7.3-xsl memcached php-memcache \
|
|
php-imagick php-gettext php7.3-zip php7.3-mbstring php-soap php7.3-soap php7.3-fpm php-apcu certbot"
|
|
|
|
local temp="pkg_${distribution}"
|
|
install_packet "${pkg} ${!temp}" "Apache for $family $distribution"
|
|
# fix HTTPOXY vulnerability
|
|
cat <<EOT > /etc/apache2/conf-available/httpoxy.conf
|
|
<IfModule mod_headers.c>
|
|
RequestHeader unset Proxy early
|
|
</IfModule>
|
|
|
|
EOT
|
|
|
|
a2enmod actions proxy_fcgi setenvif fastcgi alias httpoxy suexec rewrite ssl actions include dav_fs dav auth_digest cgi headers >/dev/null 2>&1
|
|
case $distribution in
|
|
jessie)
|
|
a2enconf php5-fpm >/dev/null 2>&1
|
|
;;
|
|
xenial)
|
|
a2enconf php7.0-fpm >/dev/null 2>&1
|
|
;;
|
|
stretch)
|
|
a2enconf php7.0-fpm >/dev/null 2>&1
|
|
;;
|
|
bionic)
|
|
a2enconf php7.2-fpm >/dev/null 2>&1
|
|
;;
|
|
buster)
|
|
a2enconf php7.3-fpm >/dev/null 2>&1
|
|
;;
|
|
esac
|
|
service apache2 restart >> /dev/null
|
|
}
|
|
|
|
|
|
|
|
|
|
install_nginx ()
|
|
{
|
|
#
|
|
# Install NginX, PHP5, FCGI, suExec, Pear, And mcrypt
|
|
#
|
|
local pkg="nginx php-pear memcached fcgiwrap"
|
|
|
|
local pkg_xenial="php7.0-fpm php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi \
|
|
php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy \
|
|
php7.0-xmlrpc php7.0-xsl php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring php-apcu letsencrypt"
|
|
|
|
local pkg_stretch="php7.0-fpm php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi \
|
|
php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy \
|
|
php7.0-xmlrpc php7.0-xsl php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring php-apcu letsencrypt"
|
|
|
|
local pkg_jessie="php5-fpm php5-mysql php5-curl php5-gd php5-intl php5-imagick php5-imap php5-mcrypt php5-memcache \
|
|
php5-memcached php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php-apc"
|
|
|
|
local pkg_bionic="php7.2-fpm php7.2-opcache php7.2-fpm php7.2 php7.2-common php7.2-gd php7.2-mysql php7.2-imap php7.2-cli php7.2-cgi \
|
|
imagemagick libruby php7.2-curl php7.2-intl php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy \
|
|
php7.2-xmlrpc php7.2-xsl php-memcache php-imagick php-gettext php7.2-zip php7.2-mbstring php-apcu letsencrypt"
|
|
|
|
local pkg_buster="php7.3-fpm php7.3-opcache php7.3-fpm php7.3 php7.3-common php7.3-gd php7.3-mysql php7.3-imap php7.3-cli php7.3-cgi \
|
|
imagemagick libruby php7.3-curl php7.3-intl php7.3-pspell php7.3-recode php7.3-sqlite3 php7.3-tidy \
|
|
php7.3-xmlrpc php7.3-xsl php-memcache php-imagick php-gettext php7.3-zip php7.3-mbstring php-apcu letsencrypt"
|
|
|
|
local temp="pkg_${distribution}"
|
|
install_packet "${pkg} ${!temp}" "Nginx for $family $distribution"
|
|
|
|
case $distribution in
|
|
jessie)
|
|
phpenmod mcrypt mbstring
|
|
debconf-apt-progress -- apt-get install -y python-certbot -t jessie-backports
|
|
service php5-fpm reload >> /dev/null
|
|
;;
|
|
xenial)
|
|
phpenmod mcrypt mbstring
|
|
tz=$(cat /etc/timezone | sed 's/\//\\\//g')
|
|
sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini
|
|
sed -i "s/^date.timezone=.*/date.timezone=""$tz""/" /etc/php/7.0/fpm/php.ini
|
|
service php7.0-fpm reload >> /dev/null
|
|
;;
|
|
stretch)
|
|
tz=$(cat /etc/timezone | sed 's/\//\\\//g')
|
|
sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini
|
|
sed -i "s/^date.timezone=.*/date.timezone=""$tz""/" /etc/php/7.0/fpm/php.ini
|
|
service php7.0-fpm reload >> /dev/null
|
|
phpenmod mcrypt mbstring
|
|
;;
|
|
bionic)
|
|
tz=$(cat /etc/timezone | sed 's/\//\\\//g')
|
|
sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.2/fpm/php.ini
|
|
sed -i "s/^date.timezone=.*/date.timezone=""$tz""/" /etc/php/7.2/fpm/php.ini
|
|
service php7.2-fpm reload >> /dev/null
|
|
phpenmod mbstring
|
|
;;
|
|
buster)
|
|
tz=$(cat /etc/timezone | sed 's/\//\\\//g')
|
|
sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.3/fpm/php.ini
|
|
sed -i "s/^date.timezone=.*/date.timezone=""$tz""/" /etc/php/7.3/fpm/php.ini
|
|
service php7.3-fpm reload >> /dev/null
|
|
phpenmod mbstring
|
|
;;
|
|
esac
|
|
}
|
|
|
|
|
|
|
|
|
|
install_PureFTPD ()
|
|
{
|
|
#
|
|
# Install PureFTPd and Quota
|
|
#
|
|
install_packet "pure-ftpd-common pure-ftpd-mysql quota quotatool" "pureFTPd and Quota"
|
|
|
|
sed -i 's/VIRTUALCHROOT=false/VIRTUALCHROOT=true/' /etc/default/pure-ftpd-common
|
|
echo 1 > /etc/pure-ftpd/conf/TLS
|
|
mkdir -p /etc/ssl/private/
|
|
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -subj "/C=GB/ST=GB/L=GB/O=GB/OU=GB/CN=$(hostname -f)/emailAddress=joe@joe.com" -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem >/dev/null 2>&1
|
|
chmod 600 /etc/ssl/private/pure-ftpd.pem
|
|
/etc/init.d/pure-ftpd-mysql restart >/dev/null 2>&1
|
|
local temp=$(cat /etc/fstab | grep "/ " | tail -1 | awk '{print $4}')
|
|
sed -i "s/$temp/$temp,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0/" /etc/fstab
|
|
mount -o remount / >/dev/null 2>&1
|
|
quotacheck -avugm >/dev/null 2>&1
|
|
quotaon -avug >/dev/null 2>&1
|
|
}
|
|
|
|
|
|
|
|
|
|
install_Bind ()
|
|
{
|
|
#
|
|
# Install BIND DNS Server
|
|
#
|
|
install_packet "bind9 dnsutils haveged" "Install BIND DNS Server"
|
|
systemctl enable haveged >/dev/null 2>&1
|
|
systemctl start haveged >/dev/null 2>&1
|
|
}
|
|
|
|
|
|
|
|
|
|
install_Stats ()
|
|
{
|
|
#
|
|
# Install Vlogger, Webalizer, And AWstats
|
|
#
|
|
install_packet "vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl" "vlogger, webalizer, awstats"
|
|
sed -i "s/MAILTO=root/#MAILTO=root/" /etc/cron.d/awstats
|
|
sed -i "s/*/10 * * * * www-data/#*/10 * * * * www-data/" /etc/cron.d/awstats
|
|
sed -i "s/10 03 * * * www-data/#10 03 * * * www-data/" /etc/cron.d/awstats
|
|
}
|
|
|
|
|
|
|
|
|
|
install_Jailkit()
|
|
{
|
|
#
|
|
debconf-apt-progress -- apt-get install -y build-essential autoconf automake libtool flex bison debhelper binutils
|
|
cd ${TEMP_DIR}
|
|
wget -q https://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gz -O - | tar -xz && cd jailkit-2.19
|
|
echo 5 > debian/compat
|
|
./debian/rules binary > /dev/null 2>&1
|
|
dpkg -i ../jailkit_2.19-1_*.deb > /dev/null 2>&1
|
|
}
|
|
|
|
|
|
|
|
|
|
install_Fail2BanDovecot()
|
|
{
|
|
#
|
|
# Install fail2ban
|
|
#
|
|
install_packet "fail2ban ufw" "Install fail2ban and UFW Firewall"
|
|
if [[ $distribution == "stretch" ]]; then
|
|
cat > /etc/fail2ban/jail.local <<"EOF"
|
|
[pure-ftpd]
|
|
enabled = true
|
|
port = ftp
|
|
filter = pure-ftpd
|
|
logpath = /var/log/syslog
|
|
maxretry = 3
|
|
|
|
[dovecot]
|
|
enabled = true
|
|
filter = dovecot
|
|
logpath = /var/log/mail.log
|
|
maxretry = 5
|
|
|
|
[postfix-sasl]
|
|
enabled = true
|
|
port = smtp
|
|
filter = postfix-sasl
|
|
logpath = /var/log/mail.log
|
|
maxretry = 3
|
|
EOF
|
|
else
|
|
cat > /etc/fail2ban/jail.local <<"EOF"
|
|
[pureftpd]
|
|
enabled = true
|
|
port = ftp
|
|
filter = pureftpd
|
|
logpath = /var/log/syslog
|
|
maxretry = 3
|
|
|
|
[dovecot-pop3imap]
|
|
enabled = true
|
|
filter = dovecot-pop3imap
|
|
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
|
|
logpath = /var/log/mail.log
|
|
maxretry = 5
|
|
|
|
[sasl]
|
|
enabled = true
|
|
port = smtp
|
|
filter = postfix-sasl
|
|
logpath = /var/log/mail.log
|
|
maxretry = 3
|
|
EOF
|
|
fi
|
|
}
|
|
|
|
|
|
|
|
|
|
install_Fail2BanRulesDovecot()
|
|
{
|
|
#
|
|
# Dovecot rules
|
|
#
|
|
cat > /etc/fail2ban/filter.d/pureftpd.conf <<"EOF"
|
|
[Definition]
|
|
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
|
|
ignoreregex =
|
|
EOF
|
|
|
|
cat > /etc/fail2ban/filter.d/dovecot-pop3imap.conf <<"EOF"
|
|
[Definition]
|
|
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
|
|
ignoreregex =
|
|
EOF
|
|
# Add the missing ignoreregex line
|
|
echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf
|
|
service fail2ban restart >> /dev/null
|
|
}
|
|
|
|
|
|
|
|
|
|
install_ISPConfig (){
|
|
#
|
|
# Install ISPConfig 3
|
|
#
|
|
cd ${TEMP_DIR}
|
|
wget -q https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz -O - | tar -xz
|
|
cd ${TEMP_DIR}/ispconfig3_install/install/
|
|
php -q install.php --autoinstall=${TEMP_DIR}/isp.conf.php &>> /var/log/ispconfig_config.log
|
|
dialog --colors --backtitle "$BACKTITLE" --no-collapse --title " Auto updating SSL certificate " --clear --yesno "\nDo you want to secure ISPConfig control panel and all services with free Let's Encrypt SSL certificate?" 8 80
|
|
if [[ $? == 0 ]]; then
|
|
dialog --colors --backtitle "$BACKTITLE" --no-collapse --title " Instructions " --clear --msgbox "\n1. Access admin panel with your browser: \Z1https://$serverIP:8080\Z0\n\nUsername: \Z1admin\Z0\nPassword: \Z11234\Z0 \n\n\n2. Go to Sites > Website > \Z1Add new website\Z0\n\nDomain: \Z1$(hostname -f)\Z0\nAuto-Subdomain: \Z1None\Z0\nSSL: \Z1enable\Z0\nLet's Encrypt SSL: \Z1enable\Z0\n\n\n3. Go to Tools > \Z1Password and language\Z0\n\nChange ISPConfig control panel password.\n\nSave and Logout. \n\n\n4. Wait until SSL is not working here: \Z1https://$(hostname -f)\Z0 \n\nIt can take up to a few minutes.\n\n\n5. Proceed with install (\Z1Press ENTER\Z0):" 33 80
|
|
curl -sSL https://github.com/ahrasis/LE4ISPC/archive/master.zip > master.zip 2> /dev/null
|
|
unzip -qq master.zip
|
|
bash LE4ISPC-master/${server}/le4ispc.sh 2>&1
|
|
fi
|
|
}
|
|
|
|
|
|
|
|
install_yggdrasil ()
|
|
{
|
|
curl -fsSL "https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt" | apt-key add -qq - > /dev/null 2>&1
|
|
echo 'deb http://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/ debian yggdrasil' > \
|
|
/etc/apt/sources.list.d/yggdrasil.list
|
|
debconf-apt-progress -- apt-get update
|
|
debconf-apt-progress -- apt-get install -y -qq yggdrasil
|
|
systemctl enable --now yggdrasil
|
|
}
|
|
|
|
|
|
#
|
|
# Main choices
|
|
#
|
|
|
|
# check for root
|
|
#
|
|
if [[ $EUID != 0 ]]; then
|
|
dialog --title "Warning" --infobox "\nThis script requires root privileges.\n\nExiting ..." 7 41
|
|
sleep 3
|
|
exit
|
|
fi
|
|
|
|
# nameserver backup
|
|
if [ -d /etc/resolvconf/resolv.conf.d ]; then
|
|
echo 'nameserver 8.8.8.8' > /etc/resolvconf/resolv.conf.d/head
|
|
resolvconf -u &> /dev/null
|
|
fi
|
|
|
|
# Create a safe temporary directory
|
|
TEMP_DIR=$(mktemp -d || exit 1)
|
|
chmod 700 ${TEMP_DIR}
|
|
trap "rm -rf \"${TEMP_DIR}\" ; exit 0" 0 1 2 3 15
|
|
|
|
# Install basic stuff, we have to wait for other apt tasks to finish
|
|
# (eg unattended-upgrades)
|
|
i=0
|
|
tput sc
|
|
while fuser /var/lib/dpkg/lock >/dev/null 2>&1 ; do
|
|
case $(($i % 4)) in
|
|
0 ) j="-" ;;
|
|
1 ) j="\\" ;;
|
|
2 ) j="|" ;;
|
|
3 ) j="/" ;;
|
|
esac
|
|
tput rc
|
|
echo -en "\r[$j] Waiting for other software managers to finish..."
|
|
sleep 0.5
|
|
((i=i+1))
|
|
done
|
|
|
|
apt-get -qq -y --no-install-recommends install curl debconf-utils html2text apt-transport-https dialog whiptail lsb-release bc expect > /dev/null
|
|
|
|
# gather some info
|
|
#
|
|
TTY_X=$(($(stty size | awk '{print $2}')-6)) # determine terminal width
|
|
TTY_Y=$(($(stty size | awk '{print $1}')-6)) # determine terminal height
|
|
distribution=$(lsb_release -cs)
|
|
family=$(lsb_release -is)
|
|
DEFAULT_ADAPTER=$(ip -4 route ls | grep default | tail -1 | grep -Po '(?<=dev )(\S+)')
|
|
serverIP=$(ip -4 addr show dev $DEFAULT_ADAPTER | awk '/inet/ {print $2}' | cut -d'/' -f1)
|
|
set ${serverIP//./ }
|
|
SUBNET="$1.$2.$3."
|
|
hostnamefqdn=$(hostname -f)
|
|
mysql_pass=""
|
|
BACKTITLE="Softy - Armbian post deployment scripts, https://www.armbian.com"
|
|
SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|
|
|
#check_status
|
|
|
|
# main dialog routine
|
|
#
|
|
DIALOG_CANCEL=1
|
|
DIALOG_ESC=255
|
|
|
|
while true; do
|
|
|
|
# prepare menu items
|
|
check_status
|
|
LISTLENGTH="$((${#LIST[@]}/2))"
|
|
exec 3>&1
|
|
selection=$(dialog --backtitle "$BACKTITLE" --title "Installing to $family $distribution" --colors --clear --cancel-label \
|
|
"Cancel" --ok-label "Install" --checklist "\nChoose what you want to install:\n " $LIST_CONST 71 18 "${LIST[@]}" 2>&1 1>&3)
|
|
exit_status=$?
|
|
exec 3>&-
|
|
case $exit_status in
|
|
$DIALOG_ESC | $DIALOG_CANCEL)
|
|
clear
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# cycle through all install options
|
|
i=0
|
|
if ! is_package_manager_running; then
|
|
while [ "$i" -lt "$LISTLENGTH" ]; do
|
|
|
|
if [[ "$selection" == *Samba* && "$SAMBA_STATUS" != "on" ]]; then
|
|
install_samba
|
|
selection=${selection//Samba/}
|
|
fi
|
|
|
|
if [[ "$selection" == *CUPS* && "$CUPS_STATUS" != "on" ]]; then
|
|
install_cups
|
|
selection=${selection//CUPS/}
|
|
fi
|
|
|
|
if [[ "$selection" == *headend* && "$TVHEADEND_STATUS" != "on" ]]; then
|
|
install_tvheadend
|
|
selection=${selection//\"TV headend\"/}
|
|
fi
|
|
|
|
if [[ "$selection" == *Minidlna* && "$MINIDLNA_STATUS" != "on" ]]; then
|
|
install_packet "minidlna" "Install lightweight DLNA/UPnP-AV server"
|
|
selection=${selection//Minidlna/}
|
|
fi
|
|
|
|
if [[ "$selection" == *ISPConfig* && "$ISPCONFIG_STATUS" != "on" ]]; then
|
|
server_conf
|
|
if [[ "$MYSQL_PASS" == "" ]]; then
|
|
dialog --msgbox "Mysql password can't be blank. Exiting..." 7 70
|
|
exit
|
|
fi
|
|
if [[ "$(echo $HOSTNAMEFQDN | grep -P '(?=^.{1,254}$)(^(?>(?!\d+\.)[a-zA-Z0-9_\-]{1,63}\.?)+(?:[a-zA-Z]{2,})$)')" == "" ]]; then
|
|
dialog --msgbox "Invalid FQDN. Exiting..." 7 70
|
|
exit
|
|
fi
|
|
choose_webserver; install_basic; install_DashNTP; install_MySQL; install_MySQLDovecot; install_Virus; install_$server;
|
|
install_phpmyadmin
|
|
[[ -z "$(dpkg --print-architecture | grep arm)" ]] && install_hhvm
|
|
create_ispconfig_configuration;install_PureFTPD;install_Stats;install_Bind;
|
|
install_Jailkit; install_Fail2BanDovecot; install_Fail2BanRulesDovecot;
|
|
install_ISPConfig
|
|
selection=${selection//ISPConfig/}
|
|
fi
|
|
|
|
if [[ "$selection" == *Syncthing* && "$SYNCTHING_STATUS" != "on" ]]; then
|
|
install_syncthing
|
|
selection=${selection//Syncthing/}
|
|
fi
|
|
|
|
if [[ "$selection" == *Hassio* && "$HASS_STATUS" != "on" ]]; then
|
|
install_hassio
|
|
selection=${selection//Hassio/}
|
|
fi
|
|
|
|
if [[ "$selection" == *OpenHAB && "$OPENHAB_STATUS" != "on" ]]; then
|
|
install_openhab
|
|
selection=${selection//OpenHAB/}
|
|
fi
|
|
|
|
if [[ "$selection" == *server* && "$VPN_SERVER_STATUS" != "on" ]]; then
|
|
install_vpn_server
|
|
selection=${selection//\"VPN server\"/}
|
|
fi
|
|
|
|
if [[ "$selection" == *client* && "$VPN_CLIENT_STATUS" != "on" ]]; then
|
|
install_vpn_client
|
|
selection=${selection//\"VPN client\"/}
|
|
fi
|
|
if [[ "$selection" == *NCP* && "$NCP_STATUS" != "on" ]]; then
|
|
install_ncp
|
|
selection=${selection//NCP/}
|
|
fi
|
|
|
|
if [[ "$selection" == *OMV* && "$OMV_STATUS" != "on" ]]; then
|
|
install_omv
|
|
selection=${selection//OMV/}
|
|
fi
|
|
|
|
if [[ "$selection" == *Plex* && "$PLEX_STATUS" != "on" ]]; then
|
|
install_plex_media_server
|
|
selection=${selection//Plex/}
|
|
fi
|
|
|
|
if [[ "$selection" == *Emby* && "$EMBY_STATUS" != "on" ]]; then
|
|
install_emby_server
|
|
selection=${selection//Emby/}
|
|
fi
|
|
|
|
if [[ "$selection" == *Radarr* && "$RADARR_STATUS" != "on" ]]; then
|
|
install_radarr
|
|
selection=${selection//Radarr/}
|
|
fi
|
|
|
|
if [[ "$selection" == *Sonarr* && "$SONARR_STATUS" != "on" ]]; then
|
|
install_sonarr
|
|
selection=${selection//Sonarr/}
|
|
fi
|
|
|
|
if [[ "$selection" == *hole* && "$PI_HOLE_STATUS" != "on" ]]; then
|
|
curl -L "https://install.pi-hole.net" | PIHOLE_SKIP_OS_CHECK=true bash
|
|
selection=${selection//\"Pi hole\"/}
|
|
fi
|
|
|
|
if [[ "$selection" == *Docker* && "$DOCKER_STATUS" != "on" ]]; then
|
|
install_docker
|
|
selection=${selection//Docker/}
|
|
fi
|
|
|
|
if [[ "$selection" == *Transmission* && "$TRANSMISSION_STATUS" != "on" ]]; then
|
|
install_transmission
|
|
selection=${selection//Transmission/}
|
|
dialog --title "Seed Armbian torrents" --backtitle "$BACKTITLE" --yes-label "Yes" --no-label "No" --yesno "\
|
|
\nDo you want to help the community and seed armbian torrent files? It will ensure faster downloads for everyone.\
|
|
\n\nApproximately 1TB disk space is required." 11 44
|
|
if [[ $? = 0 ]]; then
|
|
install_transmission_seed_armbian_torrents
|
|
fi
|
|
fi
|
|
|
|
if [[ "$selection" == *UrBackup* && "$URBACKUP_STATUS" != "on" ]]; then
|
|
install_urbackup
|
|
selection=${selection//UrBackup/}
|
|
fi
|
|
|
|
if [[ "$selection" == *Mayan* && "$MAYAN_STATUS" != "on" ]]; then
|
|
if [[ "$DOCKER_STATUS" == "off" ]]; then
|
|
install_docker
|
|
fi
|
|
curl -fsSL https://get.mayan-edms.com | bash
|
|
selection=${selection//Mayan/}
|
|
fi
|
|
|
|
if [[ "$selection" == *Yggdrasil* && "$YGGDRASIL_STATUS" != "on" ]]; then
|
|
install_yggdrasil
|
|
selection=${selection//Yggdrasil/}
|
|
fi
|
|
|
|
i=$[$i+1]
|
|
done
|
|
|
|
fi
|
|
|
|
# reread statuses
|
|
check_status
|
|
done
|