#!/bin/bash # # Copyright (c) 2017 Igor Pecovnik, igor.pecovnik@gma**.com # # This file is licensed under the terms of the GNU General Public # License version 2. This program is licensed "as is" without any # warranty of any kind, whether express or implied. export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin function check_status { #------------------------------------------------------------------------------------------------------------------------------------------ # Chech if service is already installed #------------------------------------------------------------------------------------------------------------------------------------------ LIST=() LIST_CONST=5 # Samba SAMBA_STATUS="$(check_if_installed samba && echo "on" || echo "off" )" LIST+=( "Samba" "Windows compatible file sharing" "$SAMBA_STATUS" ) # cups CUPS_STATUS="$(check_if_installed cups && echo "on" || echo "off" )" LIST+=( "CUPS" "Common UNIX Printing System (CUPS)" "$CUPS_STATUS" ) # tvheadend TVHEADEND_STATUS="$(check_if_installed tvheadend && echo "on" || echo "off" )" LIST+=( "TV headend" "TV streaming / proxy" "$TVHEADEND_STATUS" ) # synthing SYNCTHING_STATUS="$(check_if_installed syncthing && echo "on" || echo "off" )" LIST+=( "Syncthing" "Personal cloud @syncthing.net" "$SYNCTHING_STATUS" ) # Exagear if [[ "$(check_if_installed xserver-xorg && echo "on")" == "on" && "$family" == "Ubuntu" ]]; then EXAGEAR_STATUS="$(check_if_installed exagear-armbian && echo "on" || echo "off" )" LIST+=( "ExaGear" "32bit x86 Linux/Windows emulator trial" "$EXAGEAR_STATUS" ) fi if [[ "$(dpkg --print-architecture)" == "armhf" || "$(dpkg --print-architecture)" == "amd64" ]]; then LIST_CONST=4 # vpn server VPN_SERVER_STATUS="$([[ -d /usr/local/vpnserver ]] && echo "on" || echo "off" )" LIST+=( "VPN server" "Softether VPN server" "$VPN_SERVER_STATUS" ) # vpn client VPN_CLIENT_STATUS="$([[ -d /usr/local/vpnclient ]] && echo "on" || echo "off" )" LIST+=( "VPN client" "Softether VPN client" "$VPN_CLIENT_STATUS" ) fi # OMV OMV_STATUS="$(check_if_installed openmediavault && echo "on" || echo "off" )" [[ "$family" != "Ubuntu" ]] && LIST+=( "OMV" "OpenMediaVault NAS solution" "$OMV_STATUS" ) && LIST_CONST=3 # MINIdlna MINIDLNA_STATUS="$(check_if_installed minidlna && echo "on" || echo "off" )" LIST+=( "Minidlna" "Lightweight DLNA/UPnP-AV server" "$MINIDLNA_STATUS" ) # Pi hole PI_HOLE_STATUS="$([[ -d /etc/pihole ]] && echo "on" || echo "off" )" LIST+=( "Pi hole" "Ad blocker" "$PI_HOLE_STATUS" ) # Transmission TRANSMISSION_STATUS="$(check_if_installed transmission-daemon && echo "on" || echo "off" )" LIST+=( "Transmission" "Torrent downloading" "$TRANSMISSION_STATUS" ) # ISPconfig ISPCONFIG_STATUS="$([[ -d /usr/local/ispconfig ]] && echo "on" || echo "off" )" LIST+=( "ISPConfig" "SMTP mail, IMAP, POP3 & LAMP/LEMP web server" "$ISPCONFIG_STATUS" ) } function choose_webserver { #------------------------------------------------------------------------------------------------------------------------------------------ # Target web server selection #------------------------------------------------------------------------------------------------------------------------------------------ check_if_installed openmediavault case $? in 0) # OMV installed, prevent switching from nginx to apache which would trash OMV installation server="nginx" ;; *) dialog --title "Choose a webserver" --backtitle "$backtitle" --yes-label "Apache" --no-label "Nginx" \ --yesno "\nChoose a web server which you are familiar with. They both work almost the same." 8 70 response=$? case $response in 0) server="apache";; 1) server="nginx";; 255) exit;; esac ;; esac } function server_conf { #------------------------------------------------------------------------------------------------------------------------------------------ # Add some reqired date for installation #------------------------------------------------------------------------------------------------------------------------------------------ exec 3>&1 dialog --title "Server configuration" --separate-widget $'\n' --ok-label "Install" --backtitle "$backtitle" \ --form "\nPlease fill out this form:\n " \ 12 70 0 \ "Your FQDN for $serverip:" 1 1 "$hostnamefqdn" 1 31 32 0 \ "Mysql root password:" 2 1 "$mysql_pass" 2 31 32 0 \ 2>&1 1>&3 | { read -r hostnamefqdn read -r mysql_pass echo $mysql_pass > ${TEMP_DIR}/mysql_pass echo $hostnamefqdn > ${TEMP_DIR}/hostnamefqdn # end } exec 3>&- # read variables back read MYSQL_PASS < ${TEMP_DIR}/mysql_pass read HOSTNAMEFQDN < ${TEMP_DIR}/hostnamefqdn } install_packet () { #------------------------------------------------------------------------------------------------------------------------------------------ # Install missing packets #------------------------------------------------------------------------------------------------------------------------------------------ i=0 j=1 IFS=" " declare -a PACKETS=($1) skupaj=${#PACKETS[@]} while [[ $i -lt $skupaj ]]; do procent=$(echo "scale=2;($j/$skupaj)*100"|bc) x=${PACKETS[$i]} if [ $(dpkg-query -W -f='${Status}' $x 2>/dev/null | grep -c "ok installed") -eq 0 ]; then printf '%.0f\n' $procent | dialog \ --backtitle "$backtitle" \ --title "Installing" \ --gauge "\n$2\n\n$x" 10 70 if [ "$(DEBIAN_FRONTEND=noninteractive apt-get -qq -y install $x >${TEMP_DIR}/install.log 2>&1 || echo 'Installation failed' \ | grep 'Installation failed')" != "" ]; then echo -e "[\e[0;31m error \x1B[0m] Installation failed" tail ${TEMP_DIR}/install.log exit fi fi i=$[$i+1] j=$[$j+1] done echo "" } check_port () { #------------------------------------------------------------------------------------------------------------------------------------------ # Check if something is running on port $1 and display info #------------------------------------------------------------------------------------------------------------------------------------------ [[ -n $(netstat -lnt | awk '$6 == "LISTEN" && $4 ~ ".'$1'"') ]] && dialog --backtitle "$backtitle" --title "Checking service" \ --msgbox "\nIt looks good.\n\nThere is $2 service on port $1" 9 52 } install_basic (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Set hostname, FQDN, add to sources list #------------------------------------------------------------------------------------------------------------------------------------------ IFS=" " set ${HOSTNAMEFQDN//./ } HOSTNAMESHORT="$1" cp /etc/hosts /etc/hosts.backup cp /etc/hostname /etc/hostname.backup # create new echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts echo "${serverIP} ${HOSTNAMEFQDN} ${HOSTNAMESHORT} #ispconfig " >> /etc/hosts echo "$HOSTNAMESHORT" > /etc/hostname /etc/init.d/hostname.sh start >/dev/null 2>&1 if [[ $family == "Ubuntu" ]]; then # set hostname in Ubuntu hostnamectl set-hostname $HOSTNAMESHORT # disable AppArmor if [[ -n $(service apparmor status | grep -w active | grep -w running) ]]; then service apparmor stop update-rc.d -f apparmor remove apt-get -y -qq remove apparmor apparmor-utils fi else grep -q "contrib" /etc/apt/sources.list || sed -i 's|main|main contrib|' /etc/apt/sources.list grep -q "non-free" /etc/apt/sources.list || sed -i 's|contrib|contrib non-free|' /etc/apt/sources.list debconf-apt-progress -- apt-get update fi } create_ispconfig_configuration (){ #------------------------------------------------------------------------------------------------------------------------------------------ # ISPConfig autoconfiguration #------------------------------------------------------------------------------------------------------------------------------------------ cat > ${TEMP_DIR}/isp.conf.php < EOF } install_cups (){ #-------------------------------------------------------------------------------------------------------------------------------- # Install printer system #-------------------------------------------------------------------------------------------------------------------------------- debconf-apt-progress -- apt-get -y install cups lpr cups-filters # cups-filters if jessie sed -e 's/Listen localhost:631/Listen 631/g' -i /etc/cups/cupsd.conf sed -e 's//\nallow $SUBNET/g' -i /etc/cups/cupsd.conf sed -e 's//\nallow $SUBNET/g' -i /etc/cups/cupsd.conf sed -e 's//\nallow $SUBNET/g' -i /etc/cups/cupsd.conf service cups restart service samba restart | service smbd restart >/dev/null 2>&1 } install_samba (){ #--------------------------------------------------------------------------------------------------------------------------------- # install Samba file sharing #--------------------------------------------------------------------------------------------------------------------------------- # Read samba user / pass / group local SECTION="Samba" SMBUSER=$(whiptail --inputbox "What is your samba username?" 8 78 $SMBUSER --title "$SECTION" 3>&1 1>&2 2>&3) exitstatus=$?; if [ $exitstatus = 1 ]; then exit 1; fi SMBPASS=$(whiptail --inputbox "What is your samba password?" 8 78 $SMBPASS --title "$SECTION" 3>&1 1>&2 2>&3) exitstatus=$?; if [ $exitstatus = 1 ]; then exit 1; fi SMBGROUP=$(whiptail --inputbox "What is your samba group?" 8 78 $SMBGROUP --title "$SECTION" 3>&1 1>&2 2>&3) exitstatus=$?; if [ $exitstatus = 1 ]; then exit 1; fi # debconf-apt-progress -- apt-get -y install samba samba-common-bin samba-vfs-modules useradd $SMBUSER echo -ne "$SMBPASS\n$SMBPASS\n" | passwd $SMBUSER >/dev/null 2>&1 echo -ne "$SMBPASS\n$SMBPASS\n" | smbpasswd -a -s $SMBUSER >/dev/null 2>&1 service samba stop | service smbd stop >/dev/null 2>&1 cp /etc/samba/smb.conf /etc/samba/smb.conf.stock cat > /etc/samba/smb.conf.tmp << EOF [global] workgroup = SMBGROUP server string = %h server hosts allow = SUBNET log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d load printers = yes printing = cups printcap name = cups min receivefile size = 16384 write cache size = 524288 getwd cache = yes socket options = TCP_NODELAY IPTOS_LOWDELAY [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes printer admin = SMBUSER [print$] comment = Printer Drivers path = /etc/samba/drivers browseable = yes guest ok = no read only = yes write list = SMBUSER [ext] comment = Storage path = /ext writable = yes public = no valid users = SMBUSER force create mode = 0777 EOF sed -i "s/SMBGROUP/$SMBGROUP/" /etc/samba/smb.conf.tmp sed -i "s/SMBUSER/$SMBUSER/" /etc/samba/smb.conf.tmp sed -i "s/SUBNET/$SUBNET/" /etc/samba/smb.conf.tmp dialog --backtitle "$backtitle" --title "Review samba configuration" --no-collapse --editbox /etc/samba/smb.conf.tmp 30 0 2> /etc/samba/smb.conf.tmp.out if [[ $? = 0 ]]; then mv /etc/samba/smb.conf.tmp.out /etc/samba/smb.conf install -m 755 -g $SMBUSER -o $SMBUSER -d /ext service service smbd stop >/dev/null 2>&1 sleep 3 service service smbd start >/dev/null 2>&1 fi } install_omv (){ #------------------------------------------------------------------------------------------------------------------------------------------ # On Debian install OpenMediaVault 3 (Jessie) or 4 (Stretch) #------------------------------------------------------------------------------------------------------------------------------------------ # TODO: Some OMV packages lack authentication, flashmemory-plugin currently doesn't work as expected if [[ "$family" == "Ubuntu" ]]; then dialog --backtitle "$backtitle" --title "Dependencies not met" --msgbox "\nOpenMediaVault can only be installed on Debian." 7 52 sleep 5 exit 1 fi case $distribution in jessie) OMV_Name="erasmus" OMV_EXTRAS_URL="https://github.com/OpenMediaVault-Plugin-Developers/packages/raw/master/openmediavault-omvextrasorg_latest_all3.deb" ;; stretch) OMV_Name="arrakis" OMV_EXTRAS_URL="https://github.com/OpenMediaVault-Plugin-Developers/packages/raw/master/openmediavault-omvextrasorg_latest_all4.deb" ;; esac export APT_LISTCHANGES_FRONTEND=none if [ ! -f /etc/armbian-release ]; then sed -i "s/^# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen locale-gen fi cat > /etc/apt/sources.list.d/openmediavault.list << EOF deb https://openmediavault.github.io/packages/ ${OMV_Name} main ## Uncomment the following line to add software from the proposed repository. deb https://openmediavault.github.io/packages/ ${OMV_Name}-proposed main ## This software is not part of OpenMediaVault, but is offered by third-party ## developers as a service to OpenMediaVault users. # deb https://openmediavault.github.io/packages/ ${OMV_Name} partner EOF debconf-apt-progress -- apt-get update read HOSTNAME /dev/null | awk -F" " '/additional disk space will be used/ {print $4}') SPACE_AVAIL=$(df -k / | awk -F" " '/\/$/ {printf ("%0.0f",$4/1200); }') if [ ${SPACE_AVAIL} -lt ${SPACE_NEEDED} ]; then dialog --backtitle "$backtitle" --title "No space left on device" --msgbox "\nOpenMediaVault needs ${SPACE_NEEDED} MB for installation while only ${SPACE_AVAIL} MB are available." 7 52 exit 1 fi apt-get --allow-unauthenticated install openmediavault-keyring apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7AA630A1EDEE7D73 debconf-apt-progress -- apt-get -y --allow-unauthenticated --fix-missing --no-install-recommends install openmediavault postfix dirmngr FILE="${TEMP_DIR}/omv_extras.deb"; wget "$OMV_EXTRAS_URL" -qO $FILE && dpkg -i $FILE ; rm $FILE # /usr/sbin/omv-update debconf-apt-progress -- apt-get update debconf-apt-progress -- apt-get --yes --force-yes --fix-missing --auto-remove --allow-unauthenticated \ --show-upgraded --option DPkg::Options::="--force-confold" dist-upgrade # Install flashmemory plugin and netatalk by default, use nice logo for the latter, # disable OMV monitoring by default . /usr/share/openmediavault/scripts/helper-functions debconf-apt-progress -- apt-get -y --fix-missing --no-install-recommends --auto-remove install openmediavault-flashmemory openmediavault-netatalk AFP_Options="mimic model = Macmini" SMB_Options="min receivefile size = 16384\nwrite cache size = 524288\ngetwd cache = yes\nsocket options = TCP_NODELAY IPTOS_LOWDELAY" xmlstarlet ed -L -u "/config/services/afp/extraoptions" -v "$(echo -e "${AFP_Options}")" ${OMV_CONFIG_FILE} xmlstarlet ed -L -u "/config/services/smb/extraoptions" -v "$(echo -e "${SMB_Options}")" ${OMV_CONFIG_FILE} xmlstarlet ed -L -u "/config/services/flashmemory/enable" -v "1" ${OMV_CONFIG_FILE} xmlstarlet ed -L -u "/config/services/ssh/enable" -v "1" ${OMV_CONFIG_FILE} xmlstarlet ed -L -u "/config/services/ssh/permitrootlogin" -v "1" ${OMV_CONFIG_FILE} xmlstarlet ed -L -u "/config/system/time/ntp/enable" -v "1" ${OMV_CONFIG_FILE} xmlstarlet ed -L -u "/config/system/time/timezone" -v "${TZ}" ${OMV_CONFIG_FILE} xmlstarlet ed -L -u "/config/system/network/dns/hostname" -v "${HOSTNAME}" ${OMV_CONFIG_FILE} /usr/sbin/omv-rpc -u admin "perfstats" "set" '{"enable":false}' /usr/sbin/omv-rpc -u admin "config" "applyChanges" '{ "modules": ["monit","rrdcached","collectd"],"force": true }' sed -i 's|-j /var/lib/rrdcached/journal/ ||' /etc/init.d/rrdcached for i in netatalk samba flashmemory ssh ntp timezone monit rrdcached collectd ; do /usr/sbin/omv-mkconf $i done /sbin/folder2ram -enablesystemd 2>/dev/null # Prevent accidentally destroying board performance by clicking around in OMV UI since # OMV sets 'powersave' governor when touching 'Power Management' settings. if [ -f /etc/default/cpufrequtils ]; then . /etc/default/cpufrequtils else DEFAULT_GOV="$(zgrep "^CONFIG_CPU_FREQ_DEFAULT_GOV_" /proc/config.gz 2>/dev/null | sed 's/CONFIG_CPU_FREQ_DEFAULT_GOV_//')" if [ -n "${DEFAULT_GOV}" ]; then GOVERNOR=$(cut -f1 -d= <<<"${DEFAULT_GOV}" | tr '[:upper:]' '[:lower:]') else GOVERNOR=ondemand fi MIN_SPEED="0" MAX_SPEED="0" fi echo -e "OMV_CPUFREQUTILS_GOVERNOR=${GOVERNOR}" >>/etc/default/openmediavault echo -e "OMV_CPUFREQUTILS_MINSPEED=${MIN_SPEED}" >>/etc/default/openmediavault echo -e "OMV_CPUFREQUTILS_MAXSPEED=${MAX_SPEED}" >>/etc/default/openmediavault /usr/sbin/omv-initsystem check_port 80 "OMV web" } install_tvheadend (){ #------------------------------------------------------------------------------------------------------------------------------------------ # TVheadend https://tvheadend.org/ unofficial port https://tvheadend.org/boards/5/topics/21528 #------------------------------------------------------------------------------------------------------------------------------------------ if [ ! -f /etc/apt/sources.list.d/tvheadend.list ]; then echo "deb https://dl.bintray.com/tvheadend/deb xenial stable-4.2" >> /etc/apt/sources.list.d/tvheadend.list apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 379CE192D401AB61 >/dev/null 2>&1 fi debconf-apt-progress -- apt-get update debconf-apt-progress -- apt-get -y install libssl-doc libssl1.0.0 zlib1g-dev tvheadend xmltv-util } install_transmission (){ #------------------------------------------------------------------------------------------------------------------------------------------ # transmission #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading dependencies" install_packet "transmission-cli transmission-common transmission-daemon" "Install torrent server" # systemd workaround # https://forum.armbian.com/index.php?/topic/4017-programs-does-not-start-automatically-at-boot/ sed -e 's/exit 0//g' -i /etc/rc.local cat >> /etc/rc.local <<"EOF" service transmission-daemon restart exit 0 EOF dialog --title "Seed Armbian torrents" --backtitle "$BACKTITLE" --yes-label "Yes" --no-label "Cancel" --yesno "\nDo you want to help \ community and seed armbian torrent files? It will ensure faster download for everyone. We need around 50Gb of your space." 10 44 if [[ $? = 0 ]]; then # adjust network buffers if necessary rmem_recommended=4194304 wmem_recommended=1048576 rmem_actual=$(sysctl net.core.rmem_max | awk -F" " '{print $3}') if [ ${rmem_actual} -lt ${rmem_recommended} ]; then grep -q net.core.rmem_max /etc/sysctl.conf && \ sed -i "s/net.core.rmem_max =.*/net.core.rmem_max = ${rmem_recommended}/" /etc/sysctl.conf || \ echo "net.core.rmem_max = ${rmem_recommended}" >> /etc/sysctl.conf fi wmem_actual=$(sysctl net.core.wmem_max | awk -F" " '{print $3}') if [ ${wmem_actual} -lt ${wmem_recommended} ]; then grep -q net.core.wmem_max /etc/sysctl.conf && \ sed -i "s/net.core.wmem_max =.*/net.core.wmem_max = ${wmem_recommended}/" /etc/sysctl.conf || \ echo "net.core.wmem_max = ${wmem_recommended}" >> /etc/sysctl.conf fi /sbin/sysctl -p # create cron job for daily sync with official Armbian torrents cat > /etc/cron.daily/seed-armbian-torrent <<"EOF" #!/bin/bash # # armbian torrents auto update # # download latest torrent pack wget -qO- -O ${TEMP_DIR}/armbian-torrents.zip https://dl.armbian.com/torrent/all-torrents.zip # test zip for corruption unzip -t ${TEMP_DIR}/armbian-torrents.zip >/dev/null 2>&1 [[ $? -ne 0 ]] && echo "Error in zip" && exit # extract zip unzip -o ${TEMP_DIR}/armbian-torrents.zip -d ${TEMP_DIR}/torrent-tmp >/dev/null 2>&1 # create list of current active torrents transmission-remote -n 'transmission:transmission' -l | sed '1d; $d' > ${TEMP_DIR}/torrent-tmp/active.torrents # loop and add/update torrent files for f in ${TEMP_DIR}/torrent-tmp/*.torrent; do transmission-remote -n 'transmission:transmission' -a $f > /dev/null 2>&1 # remove added from the list pattern="${f//.torrent}"; pattern="${pattern##*/}"; sed -i "/$pattern/d" ${TEMP_DIR}/torrent-tmp/active.torrents done # remove old armbian torrents while read i; do [[ $i == *Armbian_* ]] && transmission-remote -n 'transmission:transmission' -t $(echo "$i" | awk '{print $1}';) --remove-and-delete done < ${TEMP_DIR}/torrent-tmp/active.torrents # remove temporally files and direcotories EOF chmod +x /etc/cron.daily/seed-armbian-torrent /etc/cron.daily/seed-armbian-torrent & fi } install_syncthing (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install Personal cloud https://syncthing.net/ #------------------------------------------------------------------------------------------------------------------------------------------ curl -s https://syncthing.net/release-key.txt | apt-key add - if !(grep -qs syncthing "/etc/apt/sources.list.d/syncthing.list");then echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list debconf-apt-progress -- apt-get update install_packet "syncthing syncthing-inotify" "Install Personal cloud https://syncthing.net/" cat > /etc/systemd/system/syncthing.service <<"EOF" [Unit] Description=Syncthing - Open Source Continuous File Synchronization Documentation=man:syncthing(1) After=network.target [Service] ExecStart=/usr/bin/syncthing -no-browser -no-restart -logfile=/var/log/syncthing.log -logflags=3 Restart=on-failure SuccessExitStatus=3 4 RestartForceExitStatus=3 4 User=root [Install] WantedBy=default.target EOF cat > /etc/systemd/system/syncthing-inotify.service <<"EOF" [Unit] Description=Syncthing Inotify File Watcher After=network.target syncthing.service Requires=syncthing.service [Service] User=root ExecStart=/usr/bin/syncthing-inotify -logfile=/var/log/syncthing-inotify.log -logflags=3 SuccessExitStatus=2 RestartForceExitStatus=3 Restart=on-failure ProtectSystem=full ProtectHome=read-only [Install] WantedBy=multi-user.target EOF # increase open file limit echo -e "fs.inotify.max_user_watches=204800" | tee -a /etc/sysctl.conf systemctl enable syncthing systemctl start syncthing systemctl enable syncthing-inotify systemctl start syncthing-inotify fi } install_vpn_server (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Script downloads latest stable #------------------------------------------------------------------------------------------------------------------------------------------ cd ${TEMP_DIR} PREFIX="http://www.softether-download.com/files/softether/" install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading basic packages" URL=$(wget -q $PREFIX -O - | html2text | grep rtm | awk ' { print $(NF) }' | tail -1) SUFIX="${URL/-tree/}" if [ "$(dpkg --print-architecture | grep armhf)" != "" ]; then DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Server/32bit_-_ARM_EABI/softether-vpnserver-$SUFIX-linux-arm_eabi-32bit.tar.gz" else install_packet "gcc-multilib" "Install libraries" DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Server/32bit_-_Intel_x86/softether-vpnserver-$SUFIX-linux-x86-32bit.tar.gz" fi wget -q $DLURL -O - | tar -xz cd vpnserver make i_read_and_agree_the_license_agreement | dialog --backtitle "$BACKTITLE" --title "Compiling SoftEther VPN" --progressbox $TTY_Y $TTY_X cd .. cp -R vpnserver /usr/local cd /usr/local/vpnserver/ chmod 600 * chmod 700 vpncmd chmod 700 vpnserver if [[ -d /run/systemd/system/ ]]; then cat </lib/systemd/system/ethervpn.service [Unit] Description=VPN service [Service] Type=oneshot ExecStart=/usr/local/vpnserver/vpnserver start ExecStop=/usr/local/vpnserver/vpnserver stop RemainAfterExit=yes [Install] WantedBy=multi-user.target EOT systemctl enable ethervpn.service service ethervpn start else cat < /etc/init.d/vpnserver #!/bin/sh ### BEGIN INIT INFO # Provides: vpnserver # Required-Start: \$remote_fs \$syslog # Required-Stop: \$remote_fs \$syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start daemon at boot time # Description: Enable Softether by daemon. ### END INIT INFO DAEMON=/usr/local/vpnserver/vpnserver LOCK=/var/lock/vpnserver test -x $DAEMON || exit 0 case "\$1" in start) \$DAEMON start touch \$LOCK ;; stop) \$DAEMON stop rm \$LOCK ;; restart) \$DAEMON stop sleep 3 \$DAEMON start ;; *) echo "Usage: \$0 {start|stop|restart}" exit 1 esac exit 0 EOT chmod 755 /etc/init.d/vpnserver mkdir /var/lock/subsys update-rc.d vpnserver defaults >> $logfile /etc/init.d/vpnserver start fi } install_vpn_client (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Script downloads latest stable #------------------------------------------------------------------------------------------------------------------------------------------ cd ${TEMP_DIR} PREFIX="http://www.softether-download.com/files/softether/" install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading basic packages" URL=$(wget -q $PREFIX -O - | html2text | grep rtm | awk ' { print $(NF) }' | tail -1) SUFIX="${URL/-tree/}" if [ "$(dpkg --print-architecture | grep armhf)" != "" ]; then DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Client/32bit_-_ARM_EABI/softether-vpnclient-$SUFIX-linux-arm_eabi-32bit.tar.gz" else install_packet "gcc-multilib" "Install libraries" DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Client/32bit_-_Intel_x86/softether-vpnclient-$SUFIX-linux-x86-32bit.tar.gz" fi wget -q $DLURL -O - | tar -xz cd vpnclient make i_read_and_agree_the_license_agreement | dialog --backtitle "$BACKTITLE" --title "Compiling SoftEther VPN vpnclient" --progressbox $TTY_Y $TTY_X cd .. cp -R vpnclient /usr/local cd /usr/local/vpnclient/ chmod 600 * chmod 700 vpncmd chmod 700 vpnclient } install_DashNTP (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install DASH and ntp service #------------------------------------------------------------------------------------------------------------------------------------------ echo "dash dash/sh boolean false" | debconf-set-selections dpkg-reconfigure -f noninteractive dash > /dev/null 2>&1 install_packet "ntp ntpdate" "Install DASH and ntp service" } install_MySQL (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Maria SQL #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "mariadb-client mariadb-server" "Install Mysql client / server" #Allow MySQL to listen on all interfaces cp /etc/mysql/my.cnf /etc/mysql/my.cnf.backup sed -i 's|bind-address = 127.0.0.1|#bind-address = 127.0.0.1|' /etc/mysql/my.cnf SECURE_MYSQL=$(expect -c " set timeout 3 spawn mysql_secure_installation expect \"Enter current password for root (enter for none):\" send \"\r\" expect \"root password?\" send \"y\r\" expect \"New password:\" send \"$MYSQL_PASS\r\" expect \"Re-enter new password:\" send \"$MYSQL_PASS\r\" expect \"Remove anonymous users?\" send \"y\r\" expect \"Disallow root login remotely?\" send \"y\r\" expect \"Remove test database and access to it?\" send \"y\r\" expect \"Reload privilege tables now?\" send \"y\r\" expect eof ") # # Execution mysql_secure_installation # echo "${SECURE_MYSQL}" >> /dev/null service mysql restart >> /dev/null } install_MySQLDovecot (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install Postfix, Dovecot, Saslauthd, phpMyAdmin, rkhunter, binutils #------------------------------------------------------------------------------------------------------------------------------------------ echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections echo "postfix postfix/mailname string $HOSTNAMEFQDN" | debconf-set-selections install_packet "postfix postfix-mysql postfix-doc openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql \ dovecot-sieve sudo libsasl2-modules" "postfix, dovecot, saslauthd, phpMyAdmin, rkhunter, binutils" #Uncommenting some Postfix configuration files cp /etc/postfix/master.cf /etc/postfix/master.cf.backup sed -i 's|#submission inet n - - - - smtpd|submission inet n - - - - smtpd|' /etc/postfix/master.cf sed -i 's|# -o syslog_name=postfix/submission| -o syslog_name=postfix/submission|' /etc/postfix/master.cf sed -i 's|# -o smtpd_tls_security_level=encrypt| -o smtpd_tls_security_level=encrypt|' /etc/postfix/master.cf sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf sed -i 's|# -o smtpd_client_restrictions=permit_sasl_authenticated,reject| -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf sed -i 's|#smtps inet n - - - - smtpd|smtps inet n - - - - smtpd|' /etc/postfix/master.cf sed -i 's|# -o syslog_name=postfix/smtps| -o syslog_name=postfix/smtps|' /etc/postfix/master.cf sed -i 's|# -o smtpd_tls_wrappermode=yes| -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf service postfix restart >> /dev/null } install_Virus (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install Amavisd-new, SpamAssassin, And Clamav #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj p7zip unrar-free ripole rpm nomarch lzop \ cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl \ libnet-ident-perl zip libnet-dns-perl postgrey" "amavisd, spamassassin, clamav" sed -i "s/^AllowSupplementaryGroups.*/AllowSupplementaryGroups true/" /etc/clamav/clamd.conf service spamassassin stop systemctl disable spamassassin } install_hhvm (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install HipHop Virtual Machine #------------------------------------------------------------------------------------------------------------------------------------------ apt-get -y -qq install software-properties-common apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449 add-apt-repository "deb http://dl.hhvm.com/ubuntu $distribution main" apt-get update apt-get -y -qq install hhvm } install_apache (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear and mcrypt #------------------------------------------------------------------------------------------------------------------------------------------ clear_console echo "=========================================================================" echo "You will be prompted for some information during the install of phpmyadmin." echo "Select NO when asked to configure using dbconfig-common" echo "Please enter them where needed." echo "=========================================================================" echo "Press ENTER to continue.." read DUMMY #echo 'phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2' | debconf-set-selections #BELOW ARE STILL NOT WORKING #echo 'phpmyadmin phpmyadmin/dbconfig-reinstall boolean false' | debconf-set-selections #echo 'phpmyadmin phpmyadmin/dbconfig-install boolean false' | debconf-set-selections if [[ $family == "Ubuntu" ]]; then install_packet "apache2 apache2-doc apache2-utils libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql \ php7.0-imap php7.0-cli php7.0-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear php-auth php7.0-mcrypt mcrypt \ imagemagick libruby libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc \ php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring" "apache2, PHP5, FCGI, suExec, pear and mcrypt" # PHP Opcode cache install_packet "php7.0-opcache php-apcu" "PHP Opcode cache" # PHP-FPM install_packet "libapache2-mod-fastcgi php7.0-fpm" "PHP-FPM" a2enmod actions fastcgi alias service apache2 restart # Install Let's Encrypt install_packet "letsencrypt" "Install Let's Encrypt" else install_packet "apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 \ php5-common php5-gd php5-mysql php5-imap php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt \ mcrypt php5-imagick imagemagick libruby libapache2-mod-python php5-curl php5-intl php5-memcache php5-memcached php5-pspell php5-recode \ php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached libapache2-mod-passenger" "apache2, PHP5, CGI, suExec, pear and mcrypt" #Install XCache install_packet "php5-xcache libapache2-mod-fastcgi php5-fpm" "Install XCache PHP Fpm" a2enmod actions fastcgi alias >> /dev/null fi #phpmyadmin debconf-apt-progress -- apt-get install -y phpmyadmin # fix HTTPOXY vulnerability cat < /etc/apache2/conf-available/httpoxy.conf RequestHeader unset Proxy early EOT a2enconf httpoxy >> /dev/null # enable modules a2enmod suexec rewrite ssl actions include >> /dev/null a2enmod dav_fs dav auth_digest cgi headers >> /dev/null #Restart Apache service apache2 restart >> /dev/null } install_nginx (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install NginX, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt #------------------------------------------------------------------------------------------------------------------------------------------ #echo 'phpmyadmin phpmyadmin/reconfigure-webserver multiselect' | debconf-set-selections #echo 'phpmyadmin phpmyadmin/dbconfig-install boolean false' | debconf-set-selections debconf-apt-progress -- apt-get install -y nginx if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ]; then /etc/init.d/apache2 stop >> /dev/null update-rc.d -f apache2 remove >> /dev/null fi service nginx start >> /dev/null if [[ $family == "Ubuntu" ]]; then debconf-apt-progress -- apt-get install -y php7.0-fpm debconf-apt-progress -- apt-get install -y php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli \ php7.0-cgi php-pear php-auth php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 \ php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring phpenmod mcrypt phpenmod mbstring debconf-apt-progress -- apt-get install -y php-apcu sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini tz=$(cat /etc/timezone | sed 's/\//\\\//g') sed -i "s/^date.timezone=.*/date.timezone=""$ls""/" /etc/php/7.0/fpm/php.ini else debconf-apt-progress -- apt-get install -y php5-fpm debconf-apt-progress -- apt-get install -y php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt \ php5-memcache php5-memcached php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached debconf-apt-progress -- apt-get install -y php-apc fi #PHP Configuration Stuff Goes Here debconf-apt-progress -- apt-get install -y fcgiwrap reset echo "=========================================================================" echo "You will be prompted for some information during the install of phpmyadmin." echo "Please enter them where needed." echo "=========================================================================" echo "Press ENTER to continue.." read DUMMY DEBIAN_FRONTEND=noninteractive apt-get install -y dbconfig-common debconf-apt-progress -- apt-get install -y phpmyadmin if [[ $family == "Ubuntu" ]]; then service php7.0-fpm reload >> /dev/null else service php5-fpm reload >> /dev/null fi } install_PureFTPD (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install PureFTPd #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "pure-ftpd-common pure-ftpd-mysql" "p3ureFTPd" sed -i 's/VIRTUALCHROOT=false/VIRTUALCHROOT=true/' /etc/default/pure-ftpd-common echo 1 > /etc/pure-ftpd/conf/TLS mkdir -p /etc/ssl/private/ openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -subj "/C=/ST=/L=/O=/CN=$(hostname -f)" -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem chmod 600 /etc/ssl/private/pure-ftpd.pem /etc/init.d/pure-ftpd-mysql restart >> /dev/null } install_Bind (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install BIND DNS Server #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "bind9 dnsutils" "Install BIND DNS Server" } install_Stats (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install Vlogger, Webalizer, And AWstats #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl" "vlogger, webalizer, awstats" sed -i "s/*/10 * * * * www-data/#*/10 * * * * www-data/" /etc/cron.d/awstats sed -i "s/10 03 * * * www-data/#10 03 * * * www-data/" /etc/cron.d/awstats } install_Fail2BanDovecot() { #------------------------------------------------------------------------------------------------------------------------------------------ # Install fail2ban #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "fail2ban ufw" "Install fail2ban and UFW Firewall" cat > /etc/fail2ban/jail.local <<"EOF" [pureftpd] enabled = true port = ftp filter = pureftpd logpath = /var/log/syslog maxretry = 3 [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] logpath = /var/log/mail.log maxretry = 5 [sasl] enabled = true port = smtp filter = postfix-sasl logpath = /var/log/mail.log maxretry = 3 EOF } install_Fail2BanRulesDovecot() { #------------------------------------------------------------------------------------------------------------------------------------------ cat > /etc/fail2ban/filter.d/pureftpd.conf <<"EOF" [Definition] failregex = .*pure-ftpd: \(.*@\) \[WARNING\] Authentication failed for user.* ignoreregex = EOF cat > /etc/fail2ban/filter.d/dovecot-pop3imap.conf <<"EOF" [Definition] failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P\S*),.* ignoreregex = EOF # Add the missing ignoreregex line echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf service fail2ban restart >> /dev/null } install_ISPConfig (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install ISPConfig 3 #------------------------------------------------------------------------------------------------------------------------------------------ cd ${TEMP_DIR} wget -q http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz -O - | tar -xz cd ${TEMP_DIR}/ispconfig3_install/install/ #apt-get -y install php5-cli php5-mysql php -q install.php --autoinstall=${TEMP_DIR}/isp.conf.php echo "Admin panel: https://$serverIP:8080" echo "PHPmyadmin: http://$serverIP:8081/phpmyadmin" } check_if_installed (){ #------------------------------------------------------------------------------------------------------------------------------------------ # check dpkg status of $1 -- currently only 'not installed at all' case catched #------------------------------------------------------------------------------------------------------------------------------------------ local DPKG_Status="$(dpkg -s "$1" 2>/dev/null | awk -F": " '/^Status/ {print $2}')" if [ "X${DPKG_Status}" = "X" ]; then return 1 else return 0 fi } #------------------------------------------------------------------------------------------------------------------------------------------ # Main choices #------------------------------------------------------------------------------------------------------------------------------------------ # check for root # if [[ $EUID != 0 ]]; then dialog --title "Warning" --infobox "\nThis script requires root privileges.\n\nExiting ..." 7 41 sleep 3 exit fi # Create a safe temporary directory TEMP_DIR=$(mktemp -d || exit 1) chmod 700 ${TEMP_DIR} trap "rm -rf \"${TEMP_DIR}\" ; exit 0" 0 1 2 3 15 # Install basic stuff # echo -e "\nChecking dependencies. This might take a while." apt-get -qq -y --no-install-recommends install debconf-utils unzip build-essential html2text apt-transport-https dialog whiptail \ lsb-release bc expect html2text > /dev/null # gather some info # TTY_X=$(($(stty size | awk '{print $2}')-6)) # determine terminal width TTY_Y=$(($(stty size | awk '{print $1}')-6)) # determine terminal height distribution=$(lsb_release -cs) family=$(lsb_release -is) serverIP=$(ip route get 8.8.8.8 | awk '{ print $NF; exit }') set ${serverIP//./ } SUBNET="$1.$2.$3." hostnamefqdn=$(hostname -f) mysql_pass="" backtitle="Softy - Armbian post deployment scripts, http://www.armbian.com" SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # main dialog routine # DIALOG_CANCEL=1 DIALOG_ESC=255 while true; do # prepare menu items check_status LISTLENGHT="$(($LIST_CONST+${#LIST[@]}/2))" exec 3>&1 selection=$(dialog --backtitle "$backtitle" --title "Installing to $family $distribution" --clear --cancel-label \ "Exit" --checklist "\nChoose what you want to install:\n " $LISTLENGHT 70 15 "${LIST[@]}" 2>&1 1>&3) exit_status=$? exec 3>&- case $exit_status in $DIALOG_ESC | $DIALOG_CANCEL) clear exit 1 ;; esac # cycle trought all install options i=0 while [ "$i" -lt "$LISTLENGHT" ]; do if [[ "$selection" == *Samba* && "$SAMBA_STATUS" != "on" ]]; then install_samba check_port 445 "Samba" fi if [[ "$selection" == *CUPS* && "$CUPS_STATUS" != "on" ]]; then install_cups check_port 445 "CUPS" fi if [[ "$selection" == *headend* && "$TVHEADEND_STATUS" != "on" ]]; then install_tvheadend fi if [[ "$selection" == *Minidlna* && "$MINIDLNA_STATUS" != "on" ]]; then install_packet "minidlna" "Install lightweight DLNA/UPnP-AV server" check_port 8200 "minidlna" fi if [[ "$selection" == *ISPConfig* && "$ISPCONFIG_STATUS" != "on" ]]; then server_conf if [[ "$MYSQL_PASS" == "" ]]; then dialog --msgbox "Mysql password can't be blank. Exiting..." 7 70 exit fi if [[ "$(echo $HOSTNAMEFQDN | grep -P '(?=^.{1,254}$)(^(?>(?!\d+\.)[a-zA-Z0-9_\-]{1,63}\.?)+(?:[a-zA-Z]{2,})$)')" == "" ]]; then dialog --msgbox "Invalid FQDN. Exiting..." 7 70 exit fi choose_webserver; install_basic; install_DashNTP; install_MySQL; install_MySQLDovecot; install_Virus; install_$server; install_hhvm create_ispconfig_configuration; install_PureFTPD; install_Fail2BanDovecot; install_Fail2BanRulesDovecot; install_ISPConfig read -n 1 -s -p "Press any key to continue" fi if [[ "$selection" == *Syncthing* && "$SYNCTHING_STATUS" != "on" ]]; then install_syncthing check_port 8384 "Syncthing" read -n 1 -s -p "Press any key to continue" fi if [[ "$selection" == *ExaGear* && "$EXAGEAR_STATUS" != "on" ]]; then debconf-apt-progress -- apt-get update debconf-apt-progress -- apt-get -y install exagear-armbian exagear-desktop exagear-dsound-server exagear-guest-ubuntu-1604 fi if [[ "$selection" == *server* && "$VPN_SERVER_STATUS" != "on" ]]; then install_vpn_server read -n 1 -s -p "Press any key to continue" fi if [[ "$selection" == *client* && "$VPN_CLIENT_STATUS" != "on" ]]; then install_vpn_client read -n 1 -s -p "Press any key to continue" fi if [[ "$selection" == *OMV* && "$OMV_STATUS" != "on" ]]; then install_omv read -n 1 -s -p "Press any key to continue" fi if [[ "$selection" == *hole* && "$PI_HOLE_STATUS" != "on" ]]; then curl -L "https://install.pi-hole.net" | bash read -n 1 -s -p "Press any key to continue" fi if [[ "$selection" == *Transmission* && "$TRANSMISSION_STATUS" != "on" ]]; then install_transmission check_port 9091 transmission fi # reread statuses check_status i=$[$i+1] done done