softy

#!/bin/bash
#
# Copyright (c) 2017 Igor Pecovnik, igor.pecovnik@gma**.com
#
# This file is licensed under the terms of the GNU General Public
# License version 2. This program is licensed "as is" without any
# warranty of any kind, whether express or implied.

export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

function check_status
{
#------------------------------------------------------------------------------------------------------------------------------------------
# Chech if service is already installed
#------------------------------------------------------------------------------------------------------------------------------------------
LIST=()
LIST_CONST=5
# Samba
SAMBA_STATUS="$(check_if_installed samba && echo "on" || echo "off" )"
LIST+=( "Samba" "Windows compatible file sharing" "$SAMBA_STATUS" )
# cups
CUPS_STATUS="$(check_if_installed cups && echo "on" || echo "off" )"
LIST+=( "CUPS" "Common UNIX Printing System (CUPS)" "$CUPS_STATUS" )
# tvheadend
TVHEADEND_STATUS="$(check_if_installed tvheadend && echo "on" || echo "off" )"
LIST+=( "TV headend" "TV streaming / proxy" "$TVHEADEND_STATUS" )
# synthing
SYNCTHING_STATUS="$(check_if_installed syncthing && echo "on" || echo "off" )"
LIST+=( "Syncthing" "Personal cloud @syncthing.net" "$SYNCTHING_STATUS" )
# vpn server
VPN_SERVER_STATUS="$([[ -d /usr/local/vpnserver ]] && echo "on" || echo "off" )"
LIST+=( "VPN server" "VPN server" "$VPN_SERVER_STATUS" )
# vpn client
VPN_CLIENT_STATUS="$([[ -d /usr/local/vpnclient ]] && echo "on" || echo "off" )"
LIST+=( "VPN client" "VPN client" "$VPN_CLIENT_STATUS" )
# OMV
OMV_STATUS="$(check_if_installed openmediavault && echo "on" || echo "off" )"
[[ "$family" != "Ubuntu" ]] && LIST+=( "OMV" "OpenMediaVault NAS solution" "$OMV_STATUS" ) && LIST_CONST=4
# MINIdlna
MINIDLNA_STATUS="$(check_if_installed minidlna && echo "on" || echo "off" )"
LIST+=( "Minidlna" "Lightweight DLNA/UPnP-AV server" "$MINIDLNA_STATUS" )
# Pi hole
PI_HOLE_STATUS="$([[ -d /etc/pihole ]] && echo "on" || echo "off" )"
LIST+=( "Pi hole" "Ad blocker" "$PI_HOLE_STATUS" )
# Transmission
TRANSMISSION_STATUS="$(check_if_installed transmission-daemon && echo "on" || echo "off" )"
LIST+=( "Transmission" "Torrent downloading" "$TRANSMISSION_STATUS" )
# ISPconfig
ISPCONFIG_STATUS="$([[ -d /usr/local/ispconfig ]] && echo "on" || echo "off" )"
LIST+=( "ISPConfig" "SMTP mail, IMAP, POP3 & LAMP/LEMP web server" "$ISPCONFIG_STATUS" )
}

function choose_webserver
{
#------------------------------------------------------------------------------------------------------------------------------------------
# Target web server selection
#------------------------------------------------------------------------------------------------------------------------------------------
check_if_installed openmediavault
case $? in
	0)
		# OMV installed, prevent switching from nginx to apache which would trash OMV installation
		server="nginx"
		;;
	*)
		dialog --title "Choose a webserver" --backtitle "$backtitle" --yes-label "Apache" --no-label "Nginx" \
		--yesno "\nChoose a web server which you are familiar with. They both work almost the same." 8 70
		response=$?
		case $response in
			0) server="apache";;
			1) server="nginx";;
			255) exit;;
		esac
		;;
esac
}


function server_conf
{
#------------------------------------------------------------------------------------------------------------------------------------------
# Add some reqired date for installation
#------------------------------------------------------------------------------------------------------------------------------------------
exec 3>&1
dialog --title "Server configuration" --separate-widget $'\n' --ok-label "Install" --backtitle "$backtitle" \
--form "\nPlease fill out this form:\n " \
12 70 0 \
"Your FQDN for $serverip:"	1 1 "$hostnamefqdn"         1 31 32 0 \
"Mysql root password:" 	  	2 1 "$mysql_pass"       			2 31 32 0 \
2>&1 1>&3 | {

read -r hostnamefqdn
read -r mysql_pass
echo $mysql_pass > ${TEMP_DIR}/mysql_pass
echo $hostnamefqdn > ${TEMP_DIR}/hostnamefqdn
# end
}
exec 3>&-
# read variables back
read MYSQL_PASS < ${TEMP_DIR}/mysql_pass
read HOSTNAMEFQDN < ${TEMP_DIR}/hostnamefqdn
}


install_packet ()
{
#------------------------------------------------------------------------------------------------------------------------------------------
# Install missing packets
#------------------------------------------------------------------------------------------------------------------------------------------
i=0
j=1
IFS=" "
declare -a PACKETS=($1)
skupaj=${#PACKETS[@]}
while [[ $i -lt $skupaj ]]; do
procent=$(echo "scale=2;($j/$skupaj)*100"|bc)
		x=${PACKETS[$i]}
		if [ $(dpkg-query -W -f='${Status}' $x 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
			printf '%.0f\n' $procent | dialog \
			--backtitle "$backtitle" \
			--title "Installing" \
			--gauge "\n$2\n\n$x" 10 70
		if [ "$(DEBIAN_FRONTEND=noninteractive apt-get -qq -y install $x >${TEMP_DIR}/install.log 2>&1 || echo 'Installation failed' \
		| grep 'Installation failed')" != "" ]; then
			echo -e "[\e[0;31m error \x1B[0m] Installation failed"
			tail ${TEMP_DIR}/install.log
			exit
		fi
		fi
		i=$[$i+1]
		j=$[$j+1]
done
echo ""
}


check_port ()
{
#------------------------------------------------------------------------------------------------------------------------------------------
# Check if something is running on port $1 and display info
#------------------------------------------------------------------------------------------------------------------------------------------
[[ -n $(netstat -lnt | awk '$6 == "LISTEN" && $4 ~ ".'$1'"') ]] && dialog --backtitle "$backtitle" --title "Checking service" \
--msgbox "\nIt looks good.\n\nThere is $2 service on port $1" 9 52
}


install_basic (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Set hostname, FQDN, add to sources list
#------------------------------------------------------------------------------------------------------------------------------------------
IFS=" "
set ${HOSTNAMEFQDN//./ }
HOSTNAMESHORT="$1"
cp /etc/hosts /etc/hosts.backup
cp /etc/hostname /etc/hostname.backup
# create new
echo "127.0.0.1   localhost.localdomain   localhost" > /etc/hosts
echo "${serverIP} ${HOSTNAMEFQDN} ${HOSTNAMESHORT} #ispconfig " >> /etc/hosts
echo "$HOSTNAMESHORT" > /etc/hostname
/etc/init.d/hostname.sh start >/dev/null 2>&1
if [[ $family == "Ubuntu" ]]; then
	# set hostname in Ubuntu
	hostnamectl set-hostname $HOSTNAMESHORT
	# disable AppArmor
	if [[ -n $(service apparmor status | grep -w active | grep -w running) ]]; then
		service apparmor stop
		update-rc.d -f apparmor remove
		apt-get -y -qq remove apparmor apparmor-utils
	fi
else
	grep -q "contrib" /etc/apt/sources.list || sed -i 's|main|main contrib|' /etc/apt/sources.list
	grep -q "non-free" /etc/apt/sources.list || sed -i 's|contrib|contrib non-free|' /etc/apt/sources.list
	debconf-apt-progress -- apt-get update
fi
}


create_ispconfig_configuration (){
#------------------------------------------------------------------------------------------------------------------------------------------
# ISPConfig autoconfiguration
#------------------------------------------------------------------------------------------------------------------------------------------
cat > ${TEMP_DIR}/isp.conf.php <<EOF
<?php
\$autoinstall['language'] = 'en'; // de, en (default)
\$autoinstall['install_mode'] = 'standard'; // standard (default), expert

\$autoinstall['hostname'] = '$HOSTNAMEFQDN'; // default
\$autoinstall['mysql_hostname'] = 'localhost'; // default: localhost
\$autoinstall['mysql_root_user'] = 'root'; // default: root
\$autoinstall['mysql_root_password'] = '$MYSQL_PASS';
\$autoinstall['mysql_database'] = 'dbispconfig'; // default: dbispcongig
\$autoinstall['mysql_charset'] = 'utf8'; // default: utf8
\$autoinstall['mysql_port'] = '3306'; // default: 3306
\$autoinstall['configure_jailkit'] = 'n'; // y (default), n
\$autoinstall['configure_dns'] = 'n'; // y (default), n
\$autoinstall['http_server'] = '$server'; // apache (default), nginx
\$autoinstall['ispconfig_port'] = '8080'; // default: 8080
\$autoinstall['ispconfig_use_ssl'] = 'y'; // y (default), n

/* SSL Settings */
\$autoinstall['ssl_cert_country'] = 'AU';
\$autoinstall['ssl_cert_state'] = 'Some-State';
\$autoinstall['ssl_cert_locality'] = 'Chicago';
\$autoinstall['ssl_cert_organisation'] = 'Internet Widgits Pty Ltd';
\$autoinstall['ssl_cert_organisation_unit'] = 'IT department';
\$autoinstall['ssl_cert_common_name'] = \$autoinstall['hostname'];
?>
EOF
}

install_cups (){
#--------------------------------------------------------------------------------------------------------------------------------
# Install printer system
#--------------------------------------------------------------------------------------------------------------------------------
debconf-apt-progress -- apt-get -y install cups lpr cups-filters
# cups-filters if jessie
sed -e 's/Listen localhost:631/Listen 631/g' -i /etc/cups/cupsd.conf
sed -e 's/<Location \/>/<Location \/>\nallow $SUBNET/g' -i /etc/cups/cupsd.conf
sed -e 's/<Location \/admin>/<Location \/admin>\nallow $SUBNET/g' -i /etc/cups/cupsd.conf
sed -e 's/<Location \/admin\/conf>/<Location \/admin\/conf>\nallow $SUBNET/g' -i /etc/cups/cupsd.conf
service cups restart
service samba restart | service smbd restart >/dev/null 2>&1
}

install_samba (){
#---------------------------------------------------------------------------------------------------------------------------------
# install Samba file sharing
#---------------------------------------------------------------------------------------------------------------------------------
# Read samba user / pass / group
local SECTION="Samba"
SMBUSER=$(whiptail --inputbox "What is your samba username?" 8 78 $SMBUSER --title "$SECTION" 3>&1 1>&2 2>&3)
exitstatus=$?; if [ $exitstatus = 1 ]; then exit 1; fi
SMBPASS=$(whiptail --inputbox "What is your samba password?" 8 78 $SMBPASS --title "$SECTION" 3>&1 1>&2 2>&3)
exitstatus=$?; if [ $exitstatus = 1 ]; then exit 1; fi
SMBGROUP=$(whiptail --inputbox "What is your samba group?" 8 78 $SMBGROUP --title "$SECTION" 3>&1 1>&2 2>&3)
exitstatus=$?; if [ $exitstatus = 1 ]; then exit 1; fi
#
debconf-apt-progress -- apt-get -y install samba samba-common-bin samba-vfs-modules
useradd $SMBUSER
echo -ne "$SMBPASS\n$SMBPASS\n" | passwd $SMBUSER >/dev/null 2>&1
echo -ne "$SMBPASS\n$SMBPASS\n" | smbpasswd -a -s $SMBUSER >/dev/null 2>&1
service samba stop | service smbd stop >/dev/null 2>&1
cp /etc/samba/smb.conf /etc/samba/smb.conf.stock
cat > /etc/samba/smb.conf.tmp << EOF
[global]
	workgroup = SMBGROUP
	server string = %h server
	hosts allow = SUBNET
	log file = /var/log/samba/log.%m
	max log size = 1000
	syslog = 0
	panic action = /usr/share/samba/panic-action %d
	load printers = yes
	printing = cups
	printcap name = cups
	min receivefile size = 16384
	write cache size = 524288
	getwd cache = yes
	socket options = TCP_NODELAY IPTOS_LOWDELAY

[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = no
	public = yes
	guest ok = yes
	writable = no
	printable = yes
	printer admin = SMBUSER

[print$]
	comment = Printer Drivers
	path = /etc/samba/drivers
	browseable = yes
	guest ok = no
	read only = yes
	write list = SMBUSER

[ext]
	comment = Storage
	path = /ext
	writable = yes
	public = no
	valid users = SMBUSER
	force create mode = 0777
EOF
sed -i "s/SMBGROUP/$SMBGROUP/" /etc/samba/smb.conf.tmp
sed -i "s/SMBUSER/$SMBUSER/" /etc/samba/smb.conf.tmp
sed -i "s/SUBNET/$SUBNET/" /etc/samba/smb.conf.tmp
dialog --backtitle "$backtitle" --title "Review samba configuration" --no-collapse --editbox /etc/samba/smb.conf.tmp 30 0 2> /etc/samba/smb.conf.tmp.out
if [[ $? = 0 ]]; then
	mv /etc/samba/smb.conf.tmp.out /etc/samba/smb.conf
	install -m 755 -g $SMBUSER -o $SMBUSER -d /ext
	service service smbd stop >/dev/null 2>&1
	sleep 3
	service service smbd start >/dev/null 2>&1
fi
}


install_omv (){
#------------------------------------------------------------------------------------------------------------------------------------------
# On Debian install OpenMediaVault 3 (Jessie) or 4 (Stretch)
#------------------------------------------------------------------------------------------------------------------------------------------
# TODO: Some OMV packages lack authentication, flashmemory-plugin currently doesn't work as expected

if [[ "$family" == "Ubuntu" ]]; then
	dialog --backtitle "$backtitle" --title "Dependencies not met" --msgbox "\nOpenMediaVault can only be installed on Debian." 7 52
	sleep 5
	exit 1
fi

case $distribution in
	jessie)
		OMV_Name="erasmus"
		OMV_EXTRAS_URL="https://github.com/OpenMediaVault-Plugin-Developers/packages/raw/master/openmediavault-omvextrasorg_latest_all3.deb"
		;;
	stretch)
		OMV_Name="arrakis"
		OMV_EXTRAS_URL="https://github.com/OpenMediaVault-Plugin-Developers/packages/raw/master/openmediavault-omvextrasorg_latest_all4.deb"
		;;
esac

export APT_LISTCHANGES_FRONTEND=none
if [ ! -f /etc/armbian-release ]; then
	sed -i "s/^# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen
	locale-gen
fi

cat > /etc/apt/sources.list.d/openmediavault.list << EOF
deb https://openmediavault.github.io/packages/ ${OMV_Name} main

## Uncomment the following line to add software from the proposed repository.
deb https://openmediavault.github.io/packages/ ${OMV_Name}-proposed main

## This software is not part of OpenMediaVault, but is offered by third-party
## developers as a service to OpenMediaVault users.
# deb https://openmediavault.github.io/packages/ ${OMV_Name} partner
EOF

debconf-apt-progress -- apt-get update

read HOSTNAME </etc/hostname
read TZ </etc/timezone
debconf-set-selections <<< "postfix postfix/mailname string ${HOSTNAME}"
SPACE_NEEDED=$(apt-get --assume-no --allow-unauthenticated --fix-missing --no-install-recommends install openmediavault postfix dirmngr 2>/dev/null | awk -F" " '/additional disk space will be used/ {print $4}')
SPACE_AVAIL=$(df -k / | awk -F" " '/\/$/ {printf ("%0.0f",$4/1200); }')
if [ ${SPACE_AVAIL} -lt ${SPACE_NEEDED} ]; then
	dialog --backtitle "$backtitle" --title "No space left on device" --msgbox "\nOpenMediaVault needs ${SPACE_NEEDED} MB for installation while only ${SPACE_AVAIL} MB are available." 7 52
	exit 1
fi
apt-get --allow-unauthenticated install openmediavault-keyring
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7AA630A1EDEE7D73
debconf-apt-progress -- apt-get -y --allow-unauthenticated --fix-missing --no-install-recommends install openmediavault postfix dirmngr
FILE="${TEMP_DIR}/omv_extras.deb"; wget "$OMV_EXTRAS_URL" -qO $FILE && dpkg -i $FILE ; rm $FILE
# /usr/sbin/omv-update
debconf-apt-progress -- apt-get update
debconf-apt-progress -- apt-get --yes --force-yes --fix-missing --auto-remove --allow-unauthenticated \
  --show-upgraded --option DPkg::Options::="--force-confold" dist-upgrade

# Install flashmemory plugin and netatalk by default, use nice logo for the latter,
# disable OMV monitoring by default
. /usr/share/openmediavault/scripts/helper-functions
debconf-apt-progress -- apt-get -y --fix-missing --no-install-recommends --auto-remove install openmediavault-flashmemory openmediavault-netatalk
AFP_Options="mimic model = Macmini"
SMB_Options="min receivefile size = 16384\nwrite cache size = 524288\ngetwd cache = yes\nsocket options = TCP_NODELAY IPTOS_LOWDELAY"
xmlstarlet ed -L -u "/config/services/afp/extraoptions" -v "$(echo -e "${AFP_Options}")" ${OMV_CONFIG_FILE}
xmlstarlet ed -L -u "/config/services/smb/extraoptions" -v "$(echo -e "${SMB_Options}")" ${OMV_CONFIG_FILE}
xmlstarlet ed -L -u "/config/services/flashmemory/enable" -v "1" ${OMV_CONFIG_FILE}
xmlstarlet ed -L -u "/config/services/ssh/enable" -v "1" ${OMV_CONFIG_FILE}
xmlstarlet ed -L -u "/config/services/ssh/permitrootlogin" -v "1" ${OMV_CONFIG_FILE}
xmlstarlet ed -L -u "/config/system/time/ntp/enable" -v "1" ${OMV_CONFIG_FILE}
xmlstarlet ed -L -u "/config/system/time/timezone" -v "${TZ}" ${OMV_CONFIG_FILE}
xmlstarlet ed -L -u "/config/system/network/dns/hostname" -v "${HOSTNAME}" ${OMV_CONFIG_FILE}
/usr/sbin/omv-rpc -u admin "perfstats" "set" '{"enable":false}'
/usr/sbin/omv-rpc -u admin "config" "applyChanges" '{ "modules": ["monit","rrdcached","collectd"],"force": true }'
sed -i 's|-j /var/lib/rrdcached/journal/ ||' /etc/init.d/rrdcached
for i in netatalk samba flashmemory ssh ntp timezone monit rrdcached collectd ; do
	/usr/sbin/omv-mkconf $i
done
/sbin/folder2ram -enablesystemd 2>/dev/null

# Prevent accidentally destroying board performance by clicking around in OMV UI since
# OMV sets 'powersave' governor when touching 'Power Management' settings.
if [ -f /etc/default/cpufrequtils ]; then
	. /etc/default/cpufrequtils
else
	DEFAULT_GOV="$(zgrep "^CONFIG_CPU_FREQ_DEFAULT_GOV_" /proc/config.gz 2>/dev/null | sed 's/CONFIG_CPU_FREQ_DEFAULT_GOV_//')"
	if [ -n "${DEFAULT_GOV}" ]; then
		GOVERNOR=$(cut -f1 -d= <<<"${DEFAULT_GOV}" | tr '[:upper:]' '[:lower:]')
	else
		GOVERNOR=ondemand
	fi
	MIN_SPEED="0"
	MAX_SPEED="0"
fi
echo -e "OMV_CPUFREQUTILS_GOVERNOR=${GOVERNOR}" >>/etc/default/openmediavault
echo -e "OMV_CPUFREQUTILS_MINSPEED=${MIN_SPEED}" >>/etc/default/openmediavault
echo -e "OMV_CPUFREQUTILS_MAXSPEED=${MAX_SPEED}" >>/etc/default/openmediavault

/usr/sbin/omv-initsystem
check_port 80 "OMV web"
}


install_tvheadend (){
#------------------------------------------------------------------------------------------------------------------------------------------
# TVheadend https://tvheadend.org/ unofficial port https://tvheadend.org/boards/5/topics/21528
#------------------------------------------------------------------------------------------------------------------------------------------
if !(grep -qs djbenson "/etc/apt/sources.list.d/tvheadend.list");then
	echo "deb https://dl.bintray.com/djbenson/deb wheezy stable" >> /etc/apt/sources.list.d/tvheadend.list
	apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 379CE192D401AB61 >/dev/null 2>&1
fi

debconf-apt-progress -- apt-get update
debconf-apt-progress -- apt-get -y install libssl-doc libssl1.0.0 zlib1g-dev tvheadend xmltv-util
}


install_transmission (){
#------------------------------------------------------------------------------------------------------------------------------------------
# transmission
#------------------------------------------------------------------------------------------------------------------------------------------
install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading dependencies"
install_packet "transmission-cli transmission-common transmission-daemon" "Install torrent server"
# systemd workaround
# https://forum.armbian.com/index.php?/topic/4017-programs-does-not-start-automatically-at-boot/
sed -e 's/exit 0//g' -i /etc/rc.local
	cat >> /etc/rc.local <<"EOF"
service transmission-daemon restart
exit 0
EOF
dialog --title "Seed Armbian torrents" --backtitle "$BACKTITLE" --yes-label "Yes" --no-label "Cancel" --yesno "\nDo you want to help \
community and seed armbian torrent files? It will ensure faster download for everyone. We need around 50Gb of your space." 10 44
if [[ $? = 0 ]]; then
# adjust network buffers if necessary
rmem_recommended=4194304
wmem_recommended=1048576
rmem_actual=$(sysctl net.core.rmem_max | awk -F" " '{print $3}')
if [ ${rmem_actual} -lt ${rmem_recommended} ]; then
	grep -q net.core.rmem_max /etc/sysctl.conf && \
		sed -i "s/net.core.rmem_max =.*/net.core.rmem_max = ${rmem_recommended}/" /etc/sysctl.conf || \
		echo "net.core.rmem_max = ${rmem_recommended}" >> /etc/sysctl.conf
fi
wmem_actual=$(sysctl net.core.wmem_max | awk -F" " '{print $3}')
if [ ${wmem_actual} -lt ${wmem_recommended} ]; then
	grep -q net.core.wmem_max /etc/sysctl.conf && \
		sed -i "s/net.core.wmem_max =.*/net.core.wmem_max = ${wmem_recommended}/" /etc/sysctl.conf || \
		echo "net.core.wmem_max = ${wmem_recommended}" >> /etc/sysctl.conf
fi
/sbin/sysctl -p
# create cron job for daily sync with official Armbian torrents
cat > /etc/cron.daily/seed-armbian-torrent <<"EOF"
#!/bin/bash
#
# armbian torrents auto update
#
# download latest torrent pack
wget -qO- -O ${TEMP_DIR}/armbian-torrents.zip https://dl.armbian.com/torrent/all-torrents.zip
# test zip for corruption
unzip -t ${TEMP_DIR}/armbian-torrents.zip >/dev/null 2>&1
[[ $? -ne 0 ]] && echo "Error in zip" && exit
# extract zip
unzip -o ${TEMP_DIR}/armbian-torrents.zip -d ${TEMP_DIR}/torrent-tmp >/dev/null 2>&1
# create list of current active torrents
transmission-remote -n 'transmission:transmission' -l | sed '1d; $d' > ${TEMP_DIR}/torrent-tmp/active.torrents
# loop and add/update torrent files
for f in ${TEMP_DIR}/torrent-tmp/*.torrent; do
        transmission-remote -n 'transmission:transmission' -a $f > /dev/null 2>&1
        # remove added from the list
        pattern="${f//.torrent}"; pattern="${pattern##*/}";
        sed -i "/$pattern/d" ${TEMP_DIR}/torrent-tmp/active.torrents
done
# remove old armbian torrents
while read i; do
        [[ $i == *Armbian_* ]] && transmission-remote -n 'transmission:transmission' -t $(echo "$i" | awk '{print $1}';) --remove-and-delete
done < ${TEMP_DIR}/torrent-tmp/active.torrents
# remove temporally files and direcotories
EOF
chmod +x /etc/cron.daily/seed-armbian-torrent
/etc/cron.daily/seed-armbian-torrent &
fi
}


install_syncthing (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Install Personal cloud https://syncthing.net/
#------------------------------------------------------------------------------------------------------------------------------------------
curl -s https://syncthing.net/release-key.txt | apt-key add -
	if !(grep -qs syncthing "/etc/apt/sources.list.d/syncthing.list");then
	echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list
	debconf-apt-progress -- apt-get update
	install_packet "syncthing syncthing-inotify" "Install Personal cloud https://syncthing.net/"
cat > /etc/systemd/system/syncthing.service <<"EOF"
[Unit]
Description=Syncthing - Open Source Continuous File Synchronization
Documentation=man:syncthing(1)
After=network.target

[Service]
ExecStart=/usr/bin/syncthing -no-browser -no-restart -logfile=/var/log/syncthing.log -logflags=3
Restart=on-failure
SuccessExitStatus=3 4
RestartForceExitStatus=3 4
User=root

[Install]
WantedBy=default.target

EOF
cat > /etc/systemd/system/syncthing-inotify.service <<"EOF"
[Unit]
Description=Syncthing Inotify File Watcher
After=network.target syncthing.service
Requires=syncthing.service

[Service]
User=root
ExecStart=/usr/bin/syncthing-inotify -logfile=/var/log/syncthing-inotify.log -logflags=3
SuccessExitStatus=2
RestartForceExitStatus=3
Restart=on-failure
ProtectSystem=full
ProtectHome=read-only

[Install]
WantedBy=multi-user.target
EOF
	# increase open file limit
	echo -e "fs.inotify.max_user_watches=204800" | tee -a /etc/sysctl.conf
	systemctl enable syncthing
	systemctl start syncthing
	systemctl enable syncthing-inotify
	systemctl start syncthing-inotify
	fi
}


install_vpn_server (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Script downloads latest stable
#------------------------------------------------------------------------------------------------------------------------------------------
cd ${TEMP_DIR}
PREFIX="http://www.softether-download.com/files/softether/"
install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading basic packages"
URL=$(wget -q $PREFIX -O - | html2text | grep rtm | awk ' { print $(NF) }' | tail -1)
SUFIX="${URL/-tree/}"
if [ "$(dpkg --print-architecture | grep armhf)" != "" ]; then
DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Server/32bit_-_ARM_EABI/softether-vpnserver-$SUFIX-linux-arm_eabi-32bit.tar.gz"
else
install_packet "gcc-multilib" "Install libraries"
DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Server/32bit_-_Intel_x86/softether-vpnserver-$SUFIX-linux-x86-32bit.tar.gz"
fi
wget -q $DLURL -O - | tar -xz
cd vpnserver
make i_read_and_agree_the_license_agreement | dialog --backtitle "$BACKTITLE" --title "Compiling SoftEther VPN" --progressbox $TTY_Y $TTY_X
cd ..
cp -R vpnserver /usr/local
cd /usr/local/vpnserver/
chmod 600 *
chmod 700 vpncmd
chmod 700 vpnserver
if [[ -d /run/systemd/system/ ]]; then
cat <<EOT >/lib/systemd/system/ethervpn.service
[Unit]
Description=VPN service

[Service]
Type=oneshot
ExecStart=/usr/local/vpnserver/vpnserver start
ExecStop=/usr/local/vpnserver/vpnserver stop
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
EOT
systemctl enable ethervpn.service
service ethervpn start

else

cat <<EOT > /etc/init.d/vpnserver
#!/bin/sh
### BEGIN INIT INFO
# Provides:          vpnserver
# Required-Start:    \$remote_fs \$syslog
# Required-Stop:     \$remote_fs \$syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start daemon at boot time
# Description:       Enable Softether by daemon.
### END INIT INFO
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/vpnserver
test -x $DAEMON || exit 0
case "\$1" in
start)
\$DAEMON start
touch \$LOCK
;;
stop)
\$DAEMON stop
rm \$LOCK
;;
restart)
\$DAEMON stop
sleep 3
\$DAEMON start
;;
*)
echo "Usage: \$0 {start|stop|restart}"
exit 1
esac
exit 0
EOT
chmod 755 /etc/init.d/vpnserver
mkdir /var/lock/subsys
update-rc.d vpnserver defaults >> $logfile
/etc/init.d/vpnserver start
fi
}


install_vpn_client (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Script downloads latest stable
#------------------------------------------------------------------------------------------------------------------------------------------
cd ${TEMP_DIR}
PREFIX="http://www.softether-download.com/files/softether/"
install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading basic packages"
URL=$(wget -q $PREFIX -O - | html2text | grep rtm | awk ' { print $(NF) }' | tail -1)
SUFIX="${URL/-tree/}"
if [ "$(dpkg --print-architecture | grep armhf)" != "" ]; then
DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Client/32bit_-_ARM_EABI/softether-vpnclient-$SUFIX-linux-arm_eabi-32bit.tar.gz"
else
install_packet "gcc-multilib" "Install libraries"
DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Client/32bit_-_Intel_x86/softether-vpnclient-$SUFIX-linux-x86-32bit.tar.gz"
fi
wget -q $DLURL -O - | tar -xz
cd vpnclient
make i_read_and_agree_the_license_agreement | dialog --backtitle "$BACKTITLE" --title "Compiling SoftEther VPN vpnclient" --progressbox $TTY_Y $TTY_X
cd ..
cp -R vpnclient /usr/local
cd /usr/local/vpnclient/
chmod 600 *
chmod 700 vpncmd
chmod 700 vpnclient
}


install_DashNTP (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Install DASH and ntp service
#------------------------------------------------------------------------------------------------------------------------------------------
echo "dash dash/sh boolean false" | debconf-set-selections
dpkg-reconfigure -f noninteractive dash > /dev/null 2>&1
install_packet "ntp ntpdate" "Install DASH and ntp service"
}


install_MySQL (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Maria SQL
#------------------------------------------------------------------------------------------------------------------------------------------
install_packet "mariadb-client mariadb-server" "Install Mysql client / server"
#Allow MySQL to listen on all interfaces
cp /etc/mysql/my.cnf /etc/mysql/my.cnf.backup
sed -i 's|bind-address           = 127.0.0.1|#bind-address           = 127.0.0.1|' /etc/mysql/my.cnf
SECURE_MYSQL=$(expect -c "
set timeout 3
spawn mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
send \"\r\"
expect \"root password?\"
send \"y\r\"
expect \"New password:\"
send \"$MYSQL_PASS\r\"
expect \"Re-enter new password:\"
send \"$MYSQL_PASS\r\"
expect \"Remove anonymous users?\"
send \"y\r\"
expect \"Disallow root login remotely?\"
send \"y\r\"
expect \"Remove test database and access to it?\"
send \"y\r\"
expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
")
#
# Execution mysql_secure_installation
#
echo "${SECURE_MYSQL}" >> /dev/null
service mysql restart >> /dev/null
}


install_MySQLDovecot (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Install Postfix, Dovecot, Saslauthd, phpMyAdmin, rkhunter, binutils
#------------------------------------------------------------------------------------------------------------------------------------------
echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections
echo "postfix postfix/mailname string $HOSTNAMEFQDN" | debconf-set-selections
install_packet "postfix postfix-mysql postfix-doc openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql \
dovecot-sieve sudo libsasl2-modules" "postfix, dovecot, saslauthd, phpMyAdmin, rkhunter, binutils"
#Uncommenting some Postfix configuration files
cp /etc/postfix/master.cf /etc/postfix/master.cf.backup
sed -i 's|#submission inet n       -       -       -       -       smtpd|submission inet n       -       -       -       -       smtpd|' /etc/postfix/master.cf
sed -i 's|#  -o syslog_name=postfix/submission|  -o syslog_name=postfix/submission|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_tls_security_level=encrypt|  -o smtpd_tls_security_level=encrypt|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject|  -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#smtps     inet  n       -       -       -       -       smtpd|smtps     inet  n       -       -       -       -       smtpd|' /etc/postfix/master.cf
sed -i 's|#  -o syslog_name=postfix/smtps|  -o syslog_name=postfix/smtps|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_tls_wrappermode=yes|  -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf
service postfix restart >> /dev/null
}


install_Virus (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Install Amavisd-new, SpamAssassin, And Clamav
#------------------------------------------------------------------------------------------------------------------------------------------
install_packet "amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj p7zip unrar-free ripole rpm nomarch lzop \
cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl \
libnet-ident-perl zip libnet-dns-perl postgrey" "amavisd, spamassassin, clamav"
sed -i "s/^AllowSupplementaryGroups.*/AllowSupplementaryGroups true/" /etc/clamav/clamd.conf
service spamassassin stop
systemctl disable spamassassin
}

install_hhvm (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Install HipHop Virtual Machine
#------------------------------------------------------------------------------------------------------------------------------------------
apt-get -y -qq install software-properties-common
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449
add-apt-repository "deb http://dl.hhvm.com/ubuntu $distribution main"
apt-get update
apt-get -y -qq install hhvm
}


install_apache (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear and mcrypt
#------------------------------------------------------------------------------------------------------------------------------------------
clear_console
echo "========================================================================="
echo "You will be prompted for some information during the install of phpmyadmin."
echo "Select NO when asked to configure using dbconfig-common"
echo "Please enter them where needed."
echo "========================================================================="
echo "Press ENTER to continue.."
read DUMMY
#echo 'phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2' | debconf-set-selections

#BELOW ARE STILL NOT WORKING
#echo 'phpmyadmin      phpmyadmin/dbconfig-reinstall   boolean false' | debconf-set-selections
#echo 'phpmyadmin      phpmyadmin/dbconfig-install     boolean false' | debconf-set-selections

if [[ $family == "Ubuntu" ]]; then

install_packet "apache2 apache2-doc apache2-utils libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql \
php7.0-imap php7.0-cli php7.0-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear php-auth php7.0-mcrypt mcrypt \
imagemagick libruby libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc \
php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring" "apache2, PHP5, FCGI, suExec, pear and mcrypt"
# PHP Opcode cache
install_packet "php7.0-opcache php-apcu" "PHP Opcode cache"
# PHP-FPM
install_packet "libapache2-mod-fastcgi php7.0-fpm" "PHP-FPM"
a2enmod actions fastcgi alias
service apache2 restart
# Install Let's Encrypt
install_packet "letsencrypt" "Install Let's Encrypt"

else

install_packet "apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 \
php5-common php5-gd php5-mysql php5-imap php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt \
mcrypt php5-imagick imagemagick libruby libapache2-mod-python php5-curl php5-intl php5-memcache php5-memcached php5-pspell php5-recode \
php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached libapache2-mod-passenger" "apache2, PHP5, CGI, suExec, pear and mcrypt"

#Install XCache
install_packet "php5-xcache libapache2-mod-fastcgi php5-fpm" "Install XCache PHP Fpm"
a2enmod actions fastcgi alias >> /dev/null

fi

#phpmyadmin
debconf-apt-progress -- apt-get install -y phpmyadmin

# fix HTTPOXY vulnerability
cat <<EOT > /etc/apache2/conf-available/httpoxy.conf
<IfModule mod_headers.c>
    RequestHeader unset Proxy early
</IfModule>

EOT
a2enconf httpoxy >> /dev/null

# enable modules
a2enmod suexec rewrite ssl actions include >> /dev/null
a2enmod dav_fs dav auth_digest cgi headers >> /dev/null

#Restart Apache
service apache2 restart >> /dev/null
}


install_nginx (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Install NginX, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt
#------------------------------------------------------------------------------------------------------------------------------------------

#echo 'phpmyadmin      phpmyadmin/reconfigure-webserver        multiselect' | debconf-set-selections
#echo 'phpmyadmin      phpmyadmin/dbconfig-install     boolean false' | debconf-set-selections

debconf-apt-progress -- apt-get install -y nginx
if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ];
then
/etc/init.d/apache2 stop >> /dev/null
update-rc.d -f apache2 remove >> /dev/null
fi
service nginx start >> /dev/null

if [[ $family == "Ubuntu" ]]; then

debconf-apt-progress -- apt-get install -y php7.0-fpm
debconf-apt-progress -- apt-get install -y php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli \
php7.0-cgi php-pear php-auth php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 \
php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring
phpenmod mcrypt
phpenmod mbstring
debconf-apt-progress -- apt-get install -y php-apcu
sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini
tz=$(cat /etc/timezone | sed 's/\//\\\//g')
sed -i "s/^date.timezone=.*/date.timezone=""$ls""/" /etc/php/7.0/fpm/php.ini

else

debconf-apt-progress -- apt-get install -y php5-fpm
debconf-apt-progress -- apt-get install -y php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt \
php5-memcache php5-memcached php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached
debconf-apt-progress -- apt-get install -y php-apc

fi

#PHP Configuration Stuff Goes Here
debconf-apt-progress -- apt-get install -y fcgiwrap
reset
echo "========================================================================="
echo "You will be prompted for some information during the install of phpmyadmin."
echo "Please enter them where needed."
echo "========================================================================="
echo "Press ENTER to continue.."
read DUMMY

DEBIAN_FRONTEND=noninteractive apt-get install -y dbconfig-common
debconf-apt-progress -- apt-get install -y phpmyadmin
if [[ $family == "Ubuntu" ]]; then
	service php7.0-fpm reload >> /dev/null
	else
	service php5-fpm reload >> /dev/null
fi
}


install_PureFTPD (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Install PureFTPd
#------------------------------------------------------------------------------------------------------------------------------------------
install_packet "pure-ftpd-common pure-ftpd-mysql" "p3ureFTPd"

sed -i 's/VIRTUALCHROOT=false/VIRTUALCHROOT=true/' /etc/default/pure-ftpd-common
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -subj "/C=/ST=/L=/O=/CN=$(hostname -f)" -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem
/etc/init.d/pure-ftpd-mysql restart  >> /dev/null
}



install_Bind (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Install BIND DNS Server
#------------------------------------------------------------------------------------------------------------------------------------------
install_packet "bind9 dnsutils" "Install BIND DNS Server"
}


install_Stats (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Install Vlogger, Webalizer, And AWstats
#------------------------------------------------------------------------------------------------------------------------------------------
install_packet "vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl" "vlogger, webalizer, awstats"
sed -i "s/*/10 * * * * www-data/#*/10 * * * * www-data/" /etc/cron.d/awstats
sed -i "s/10 03 * * * www-data/#10 03 * * * www-data/" /etc/cron.d/awstats
}


install_Fail2BanDovecot() {
#------------------------------------------------------------------------------------------------------------------------------------------
# Install fail2ban
#------------------------------------------------------------------------------------------------------------------------------------------
install_packet "fail2ban ufw" "Install fail2ban and UFW Firewall"

cat > /etc/fail2ban/jail.local <<"EOF"
[pureftpd]
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

[sasl]
enabled  = true
port     = smtp
filter   = postfix-sasl
logpath  = /var/log/mail.log
maxretry = 3
EOF
}


install_Fail2BanRulesDovecot() {
#------------------------------------------------------------------------------------------------------------------------------------------
cat > /etc/fail2ban/filter.d/pureftpd.conf <<"EOF"
[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =
EOF

cat > /etc/fail2ban/filter.d/dovecot-pop3imap.conf <<"EOF"
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =
EOF
# Add the missing ignoreregex line
echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf
service fail2ban restart >> /dev/null
}


install_ISPConfig (){
#------------------------------------------------------------------------------------------------------------------------------------------
# Install ISPConfig 3
#------------------------------------------------------------------------------------------------------------------------------------------
cd ${TEMP_DIR}
wget -q http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz -O - | tar -xz
cd ${TEMP_DIR}/ispconfig3_install/install/
#apt-get -y install php5-cli php5-mysql
php -q install.php --autoinstall=${TEMP_DIR}/isp.conf.php
echo "Admin panel: https://$serverIP:8080"
echo "PHPmyadmin: http://$serverIP:8081/phpmyadmin"
}


check_if_installed (){
#------------------------------------------------------------------------------------------------------------------------------------------
# check dpkg status of $1 -- currently only 'not installed at all' case catched
#------------------------------------------------------------------------------------------------------------------------------------------
	local DPKG_Status="$(dpkg -s "$1" 2>/dev/null | awk -F": " '/^Status/ {print $2}')"
	if [ "X${DPKG_Status}" = "X" ]; then
		return 1
	else
		return 0
	fi
}


#------------------------------------------------------------------------------------------------------------------------------------------
# Main choices
#------------------------------------------------------------------------------------------------------------------------------------------

# check for root
#
if [[ $EUID != 0 ]]; then
	dialog --title "Warning" --infobox "\nThis script requires root privileges.\n\nExiting ..." 7 41
	sleep 3
	exit
fi

# Create a safe temporary directory
TEMP_DIR=$(mktemp -d || exit 1)
chmod 700 ${TEMP_DIR}
trap "rm -rf \"${TEMP_DIR}\" ; exit 0" 0 1 2 3 15

# Install basic stuff
#
echo -e "\nChecking dependencies. This might take a while."
apt-get -qq -y --no-install-recommends install debconf-utils unzip build-essential html2text apt-transport-https dialog whiptail \
lsb-release bc expect html2text > /dev/null

# gather some info
#
TTY_X=$(($(stty size | awk '{print $2}')-6)) # determine terminal width
TTY_Y=$(($(stty size | awk '{print $1}')-6)) # determine terminal height
distribution=$(lsb_release -cs)
family=$(lsb_release -is)
serverIP=$(ip route get 8.8.8.8 | awk '{ print $NF; exit }')
set ${serverIP//./ }
SUBNET="$1.$2.$3."
hostnamefqdn=$(hostname -f)
mysql_pass=""
backtitle="Softy - Armbian post deployment scripts, http://www.armbian.com"
SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

# main dialog routine
#
DIALOG_CANCEL=1
DIALOG_ESC=255

while true; do

	# prepare menu items
	check_status
	LISTLENGHT="$(($LIST_CONST+${#LIST[@]}/2))"

	exec 3>&1
	selection=$(dialog --backtitle "$backtitle" --title "Installing to $family $distribution" --clear --cancel-label \
	"Exit" --checklist "\nChoose what you want to install:\n " $LISTLENGHT 70 15 "${LIST[@]}" 2>&1 1>&3)
	exit_status=$?
	exec 3>&-
	case $exit_status in
	$DIALOG_ESC | $DIALOG_CANCEL)
		clear
		exit 1
		;;
	esac

	# cycle trought all install options
	i=0
	while [ "$i" -lt "$LISTLENGHT" ]; do

		if [[ "$selection" == *Samba* && "$SAMBA_STATUS" != "on" ]]; then
			install_samba
			check_port 445 "Samba"
		fi

		if [[ "$selection" == *CUPS* && "$CUPS_STATUS" != "on" ]]; then
			install_cups
			check_port 445 "CUPS"
		fi

		if [[ "$selection" == *headend* && "$TVHEADEND_STATUS" != "on" ]]; then
			install_tvheadend
		fi

		if [[ "$selection" == *Minidlna* && "$MINIDLNA_STATUS" != "on" ]]; then
			install_packet "minidlna" "Install lightweight DLNA/UPnP-AV server"
			check_port 8200 "minidlna"
		fi

		if [[ "$selection" == *ISPConfig* && "$ISPCONFIG_STATUS" != "on" ]]; then
			server_conf
			if [[ "$MYSQL_PASS" == "" ]]; then
				dialog --msgbox "Mysql password can't be blank. Exiting..." 7 70
				exit
			fi
			if [[ "$(echo $HOSTNAMEFQDN | grep -P '(?=^.{1,254}$)(^(?>(?!\d+\.)[a-zA-Z0-9_\-]{1,63}\.?)+(?:[a-zA-Z]{2,})$)')" == "" ]]; then
				dialog --msgbox "Invalid FQDN. Exiting..." 7 70
				exit
			fi
			choose_webserver; install_basic; install_DashNTP; install_MySQL; install_MySQLDovecot; install_Virus; install_$server; install_hhvm
			create_ispconfig_configuration; install_PureFTPD; install_Fail2BanDovecot; install_Fail2BanRulesDovecot;
			install_ISPConfig
			read -n 1 -s -p "Press any key to continue"
		fi

		if [[ "$selection" == *Syncthing* && "$SYNCTHING_STATUS" != "on" ]]; then
			install_syncthing
			check_port 8384 "Syncthing"
			read -n 1 -s -p "Press any key to continue"
		fi

		if [[ "$selection" == *server* && "$VPN_SERVER_STATUS" != "on" ]]; then
			install_vpn_server
			read -n 1 -s -p "Press any key to continue"
		fi

		if [[ "$selection" == *client* && "$VPN_CLIENT_STATUS" != "on" ]]; then
			install_vpn_client
			read -n 1 -s -p "Press any key to continue"
		fi


		if [[ "$selection" == *OMV* && "$OMV_STATUS" != "on" ]]; then
			install_omv
			read -n 1 -s -p "Press any key to continue"
		fi

		if [[ "$selection" == *hole* && "$PI_HOLE_STATUS" != "on" ]]; then
			curl -L "https://install.pi-hole.net" | bash
			read -n 1 -s -p "Press any key to continue"
		fi

		if [[ "$selection" == *Transmission* && "$TRANSMISSION_STATUS" != "on" ]]; then
			install_transmission
			check_port 9091 transmission
		fi

		# reread statuses
		check_status
		i=$[$i+1]
	done
done