Subversion Repositories Docker.osfi

Compare Revisions

No changes between revisions

Ignore whitespace Rev 100 → Rev 101

/tags/20210113/Dockerfile
0,0 → 1,0
link app/build/Dockerfile
Property changes:
Added: svn:special
+*
\ No newline at end of property
/tags/20210113/Makefile
0,0 → 1,0
link app/build/Makefile
Property changes:
Added: svn:special
+*
\ No newline at end of property
/tags/20210113/app/build/Dockerfile
0,0 → 1,62
##############################################################################
#
# osfi
#
# This container provides a bunch of scripts to finish the installation of
# an operating system
#
##############################################################################
ARG DOCKERARCH
ARG BUILDTAG
FROM scheerdock/debian_${DOCKERARCH}:$BUILDTAG
 
##############################################################################
# Set name of image for using it at runtime
##############################################################################
ARG IMAGENAME=Dockerimage
ENV DOCKERIMAGE=$IMAGENAME
ARG IMAGEVERSION=0.0
ENV DOCKERIMAGEVERSION=$IMAGEVERSION
ARG IMAGEBASE=unknown
ENV DOCKERIMAGEBASE=$IMAGEBASE
ARG BUILDDATE=unknown
ENV DOCKERIMAGEBUILDDATE=$BUILDDATE
ARG NETWORKALIAS=unknown
ENV HOSTALIAS=$NETWORKALIAS
 
 
##############################################################################
# App specific variables
##############################################################################
 
 
##############################################################################
# Used volumes
##############################################################################
VOLUME /data
VOLUME /data-shared
 
##############################################################################
# Exposed ports
##############################################################################
EXPOSE 22
 
##############################################################################
# Add the App stuff
##############################################################################
ADD app /app-release
 
##############################################################################
# Install the app
##############################################################################
RUN echo "$DOCKERIMAGE" > /etc/imagename \
&& echo "$DOCKERIMAGEBASE" > /etc/imagebase \
#
# Do all necessary installation steps for this image \
&& /app-release/build/installimage
 
##############################################################################
# Start the container with the default argument "--init"
##############################################################################
ENTRYPOINT ["/usr/local/bin/startcontainer"]
CMD [""]
/tags/20210113/app/build/Makefile
0,0 → 1,177
##############################################################################
# General Makefile for docker images
#
# Following calls are possible:
# - make or make imagename: Build the image. The resulting image is tagged
# with the value of the environment variable $DOCKERDEVTAG or "latest"
# if this variable is not set.
#
# - make push: Push the current image with the tags "latest" and the
# date of the last modification of the file .dockerbuild to Docker Hub.
#
# - make multiarch: Create a docker manifest list with the tags "latest"
# and the date of the last modification of the file .dockerbuild to
# push them to Docker Hub.
#
# - make release: Release the current image with the tags "latest" and the
# date of the last modification of the file .dockerbuild to Docker Hub.
# Furthermore a new tag is created in the SVN repository.
#
# - make links: Create all necessary directory links for accessing the
# persistent data stores.
#
##############################################################################
 
#
# Definition of some variables
IMAGENAME = $(shell denv imagename)
IMAGEVERSION = $(shell date +%Y%m%d)
IMAGEBASE = $(shell getimagebase $(IMAGENAME))
IMAGEDEP =
BUILDDATE = $(shell date +%x-%X)
BUILDARGS =
NETWORKALIAS = $(shell denv networkalias)
 
 
#
# Including an image dependant makefile. This can be used
# for redefining the above mentioned variables (especially
# IMAGEDEP and BUILDARGS)
include app/build/Makefile.appvariables
 
 
#
# Definition of source files
SOURCES = Dockerfile $(IMAGEDEP)
APPFILES = $(shell find app -type f -print)
 
 
#
# Definition of used commands within this makefile.
DOCKER = docker
SVN = svn
CP = cp -f
RM = rm -f
TOUCH = touch
MKDIR = mkdir -p
CHOWN = chown
CHGRP = chgrp
CHMOD = chmod
SUDO = sudo
TAR = tar
LN = ln -snf
ECHO = /bin/echo -n -e
 
 
#
# Target for building the image.
$(IMAGENAME) : .dockerbuild
 
 
#
# Target for pushing the built target to the Docker Hub.
push : .dockerpush
 
 
#
# Target for pushing the manifest for a multiarch image to the Docker Hub.
multiarch : .dockermultiarch
 
 
#
# Target for creating the docker release within the
# subversion repository.
release : .dockerrelease
 
 
#
# Target for creating links to the /data and /data-shared directories
links :
$(LN) $(DOCKERDATA)/$(IMAGENAME) $(DOCKERDIR)/$(IMAGENAME)/data
$(LN) $(DOCKERSHAREDDATA)/$(IMAGENAME) $(DOCKERDIR)/$(IMAGENAME)/data-shared
 
 
 
#
# Target for internal use only!
# This target builds the docker image.
.dockerbuild : $(SOURCES) $(APPFILES)
$(DOCKER) build --build-arg IMAGENAME=$(IMAGENAME) \
--build-arg IMAGEVERSION="$(IMAGEVERSION)" \
--build-arg IMAGEBASE="$(IMAGEBASE)" \
--build-arg DOCKERARCH="$(DOCKERARCH)" \
--build-arg BUILDTAG="$(BUILDTAG)" \
--build-arg BUILDDATE="$(BUILDDATE)" \
--build-arg NETWORKALIAS=$(NETWORKALIAS) \
$(BUILDARGS) \
--tag $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(BUILDTAG) . \
&& $(TOUCH) .dockerbuild \
&& $(CP) app/build/conf/app.conf $(DOCKERDIR)/conf/$(IMAGENAME).conf
 
 
#
# Target for internal use only!
# This target pushes the docker image to the Docker Hub.
# The development image gets an additional tag "dev" or "latest"
# (this is defined in app/build/Makefile.appvariables).
.dockerpush : reldate=$(shell date +%Y%m%d --reference=.dockerbuild)
.dockerpush : .dockerbuild
@$(DOCKER) tag $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(BUILDTAG) $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):latest \
&& $(DOCKER) tag $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(BUILDTAG) $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) \
&& $(ECHO) "$(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):latest ...\n" \
&& $(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):latest \
&& $(ECHO) "\n$(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) ...\n" \
&& $(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) \
&& $(DOCKER) image rm $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) \
&& $(TOUCH) .dockerpush
 
 
#
# Target for internal use only!
# This target creates and pushes the docker manifest list to the Docker Hub.
.dockermultiarch: reldate=$(shell date +%Y%m%d --reference=.dockerbuild)
.dockermultiarch: .dockerpush
@$(ECHO) "Creating manifest $(DOCKERLOGIN)/$(IMAGENAME):latest ...\n" \
&& $(DOCKER) manifest create --amend $(DOCKERLOGIN)/$(IMAGENAME):latest \
$(DOCKERLOGIN)/$(IMAGENAME)_x86_64:latest \
$(DOCKERLOGIN)/$(IMAGENAME)_armv7l:latest \
&& $(ECHO) "\nCreating manifest $(DOCKERLOGIN)/$(IMAGENAME):$(reldate) ...\n" \
&& $(DOCKER) manifest create --amend $(DOCKERLOGIN)/$(IMAGENAME):$(reldate) \
$(DOCKERLOGIN)/$(IMAGENAME)_x86_64:latest \
$(DOCKERLOGIN)/$(IMAGENAME)_armv7l:latest \
&& $(ECHO) "\nPushing manifest $(DOCKERLOGIN)/$(IMAGENAME):latest ...\n" \
&& $(DOCKER) manifest push --purge $(DOCKERLOGIN)/$(IMAGENAME):latest \
&& $(ECHO) "\nPushing manifest $(DOCKERLOGIN)/$(IMAGENAME):$(reldate) ...\n" \
&& $(DOCKER) manifest push --purge $(DOCKERLOGIN)/$(IMAGENAME):$(reldate) \
&& $(TOUCH) .dockermultiarch
 
 
#
# Target for internal use only!
# This target creates a release tag within the subversion repository
.dockerrelease: reldate=$(shell date +%Y%m%d --reference=.dockerbuild)
.dockerrelease: .dockermultiarch
@$(SVN) diff --summarize | wc -l | grep -q 0 \
|| ($(ECHO) "Please commit changes to your software repository first.\n" && return 1)
@test .dockerpush -nt .dockerbuild \
&& $(ECHO) "Image is already pushed to Docker Hub.\n" \
|| ($(DOCKER) tag $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):latest $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) \
&& $(ECHO) "$(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):latest ...\n" \
&& $(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):latest \
&& $(ECHO) "\n$(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) ...\n" \
&& $(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) \
&& $(DOCKER) image rm $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) \
&& $(TOUCH) .dockerpush \
&& return 0 )
@$(TOUCH) .dockerrelease
@$(SVN) delete svn://$(DOCKERSVN)/Docker/$(IMAGENAME)/tags/$(reldate) \
-m "Tag $(reldate) deleted because of newer version." >/dev/null 2>&1; return 0
$(SVN) copy svn://$(DOCKERSVN)/Docker/$(IMAGENAME)/trunk \
svn://$(DOCKERSVN)/Docker/$(IMAGENAME)/tags/$(reldate) \
-m "Tag for image version $(reldate)."
 
 
#
# Including an image dependant makefile. This can be used
# for defining additional targets.
include app/build/Makefile.apptargets
/tags/20210113/app/build/Makefile.apptargets
0,0 → 1,8
##############################################################################
#
# Image specific targets of the Makefile
#
##############################################################################
 
#
# Specify app specific targets here.
/tags/20210113/app/build/Makefile.appvariables
0,0 → 1,21
##############################################################################
#
# Image specific variables of the Makefile
#
##############################################################################
 
#
# Define the .dockerbuild file of the base image.
IMAGEDEP = $(DOCKERDIR)/debian/.dockerbuild
 
#
# Define additional arguments for the build process.
BUILDARGS =
 
#
# Define the name of the docker tag used for "docker build".
ifdef DOCKERBUILDTAG
BUILDTAG = $(DOCKERBUILDTAG)
else
BUILDTAG = latest
endif
/tags/20210113/app/build/conf/app.conf
0,0 → 1,91
##############################################################################
#
# Configuration file of the image.
#
##############################################################################
 
#
# Name of this image
IMAGENAME=osfi
 
 
#
# Tag to be used for starting a container of this image
IMAGETAG=latest
 
 
#
# Name of the container
CONTAINERNAME=$IMAGENAME
 
 
#
# Name of the service in case of starting a container by docker-compose
SERVICENAME=$CONTAINERNAME
 
 
#
# Environment variables
ENV[VARNAME]=""
 
 
#
# Definition of used volumes
VOLUME[0]="$DOCKERDATA/$IMAGENAME:/data"
VOLUME[1]="$DOCKERSHAREDDATA/$IMAGENAME:/data-shared"
 
 
#
# Definition of used block devices
DEVICE[0]=""
 
 
#
# Definition of dependencies.
# The dependent containers must run before starting a container of this
# image.
# DEPENDENCYCHECK defines weather the check is active (1) or inactive (0).
# DEPENDENCYDELAY defines the delay between two checks.
# DPENDENCY[] defines an array to generate the depends_on section in the
# docker-compose YAML-file.
ENV[DEPENDENCYCHECK]="1"
ENV[DEPENDENCYDELAY]="10"
DEPENDENCY[0]=""
 
 
#
# Intial script when starting the container.
# (Leave empty for using the script defined in the image's Dockerfile)
ENTRYPOINT=()
 
 
#
# Definition of one of the following modes to start the container.
# - detach: Start detached without interaction.
# - tty: Start with tty mode (stdin/stdout). This implies also interactive.
# - interactive: Run interactivly (necessary for batch jobs).
START="tty"
 
 
#
# Defintion of the type of restart for docker-compose.
# (no, unless-stopped, always, on-failure)
# https://docs.docker.com/compose/compose-file/#restart
RESTART="no"
 
 
#
# Alias hostname of the container
NETWORKALIAS=$IMAGENAME
 
 
#
# Definition of the network mode
# (bridge, host, none)
NETWORKMODE="bridge"
 
 
#
# Definition of the port(s) to publish to the host.
# ("hostport:containerport")
PORTMAP[0]="8822:22"
/tags/20210113/app/build/installimage
0,0 → 1,47
#!/bin/bash
##############################################################################
# Installation script for this app
##############################################################################
 
#
# Avoid warnings of apt-get like "debconf: unable to initialize frontend: Dialog"
# (https://github.com/phusion/baseimage-docker/issues/58)
DEBIAN_FRONTEND="noninteractive"
export DEBIAN_FRONTEND
 
 
#
# Install some basic tools
apt-get -y update
apt-get -y install aptitude openssh-server makeself || exit 1
 
 
#
# Link the application directory to /app
if [ "$(readlink -f /app)" == '/app-develop' ]; then
echo
echo "Skipping the linking of /app because you are in a development environment."
else
ln -snf /app-release /app
fi
 
 
#
# Create user and group 'pi'
groupadd --gid 1000 pi
useradd --gid pi --home-dir /home/pi --create-home --shell /bin/bash --uid 1000 pi
 
 
#
# Create directory for runtime files of sshd
mkdir /run/sshd
 
 
#
# Configure the sshd to only allow sftp as user1
cat >> /etc/ssh/sshd_config << EOF
 
Match Group user1
ChrootDirectory /app/download
ForceCommand internal-sftp
EOF
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/init/README
0,0 → 1,12
##############################################################################
#
# This directory can contain executables which are started by the script
# /usr/local/bin/startcontainer.
#
# At startup the script /app/init/start is called. The script will be
# called with the arguments given to /usr/local/bin/startcontainer.
#
# If the script startcontainer is terminated by the signal SIGTERM, SIGINT,
# SIGHUP or SIGQUIT it will call the script /app/init/stop if it exists.
#
##############################################################################
/tags/20210113/app/init/start
0,0 → 1,169
#!/bin/bash
##############################################################################
#
# Starting osfi
#
# For reducing process overload it is always a good idea to
# start the last program via exec.
#
##############################################################################
 
 
#
# Defintion of the short options for getopt
SOPTS=lp:
 
#
# Defintion of the long options for getopt
LOPTS=help,list,password:
 
#
# Parse available options
PARSED=$(getopt --options=$SOPTS --longoptions=$LOPTS --name "$DOCKERIMAGE" -- "$@") || exit 2
eval set -- "$PARSED"
 
 
#
# Set some variables
CMD="sftp"
PASSWORD=""
 
 
#
# Now evaluate all options until --
while true; do
case "$1" in
--help)
echo "Usage: drun osfi [OPTION]..."
echo "Docker image to provide a bunch of scripts to finish the installation of"
echo "an operating system."
echo
echo "Mandatory arguments to long options are mandatory for short options too."
echo " --help Show this help."
echo "-l, --list List the supported operating systems."
echo "-p, --password=PW Password PW for the sftp-user account."
echo " (Using this option is not recommended)"
exit 0
;;
-l | --list)
CMD=list
shift 1
;;
-p | --password)
PASSWORD="$2"
shift 2
;;
--)
shift
break
;;
*)
echo "This line cannot be reached. This must be a programming error. Exiting" 1>&2
exit 3
;;
esac
done
 
 
case "$CMD" in
sftp)
#
# Get a password for the sftp-user
if [ -z "$PASSWORD" ]; then
echo -n "Please type in a password for the ftpuser 'user1': "
read -s PASSWORD && echo
if [ -z "$PASSWORD" ]; then
echo "No password typed in. Exiting." 1>&2
exit 1
fi
fi
passwd user1 >/dev/null 2>&1 << EOF
$PASSWORD
$PASSWORD
EOF
 
 
echo
echo "Generating archive on the fly ..."
 
 
#
# Create nescessary directories
rm -rf /app/download
mkdir -p /app/download
for os in $(ls -1 -d /app/scripts/* | sed 's|^/app/scripts/||'); do
rm -rf /tmp/$os
mkdir -p /tmp/$os/files
done
 
 
#
# Create directory with scripts dynamically.
for os in $(ls -1 -d /app/scripts/* | sed 's|^/app/scripts/||'); do
#
# All files in /app/scripts/osname can be overridden by a file with
# the same name in the /data/osname directory.
cd /app/scripts/$os
for file in $(find . -type f -print | cut -d/ -f2-); do
if [ -r /data/$os/$file ]; then
cp /data/$os/$file /tmp/$os/$file
else
cp $file /tmp/$os/$file
fi
done
 
 
#
# Setting permissions
find /tmp/$os -type d -exec chmod 700 {} \;
find /tmp/$os -type f -exec chmod 600 {} \;
find /tmp/$os -name '*.sh' -exec chmod 700 {} \;
 
 
#
# Create selfextracting archive
echo
echo "Generating self-extractable archive ..."
makeself --tar-quietly --notemp /tmp/$os /app/download/$os.run "OsFinisher by Dirk Scheer" ./$os.sh
chmod 755 /app/download/$os.run
done
 
 
echo
echo -n "Starting the sftp server for downloading the file ... "
/usr/sbin/sshd -E /tmp/log && echo "OK"
 
 
echo
echo "You can now use the following command to download and execute the appropriate RUN file:"
echo " root@scheerdock?:~# sftp -P 8822 user1@hostname"
echo " sftp> get osname.run"
echo " sftp> quit"
echo " root@scheerdock?:~# sudo bash ./osname.run"
echo
echo "When prompted for a password, please type in the previously entered password."
echo
echo "Press any key to stop the sftp server when finished."
read answer
 
 
if [ -r /run/sshd.pid ]; then
echo
echo "Stopping the sftp server ... "
kill $(cat /run/sshd.pid) && echo "OK"
fi
 
echo
echo "Bye bye."
;;
list)
cd /app/scripts
ls -d -1 *
;;
*)
echo "Unknown internal command \"$CMD\" programmed. Exiting!" 1>&2
exit 3
;;
esac
 
exit 0
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/init/stop
0,0 → 1,9
#!/bin/bash
 
##############################################################################
#
# Stop all runnung daemons on shutdown of the container
#
##############################################################################
 
echo "Cleaning up ..."
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/02-software.sh
0,0 → 1,97
#!/bin/bash
#############################################################################
#
# Install basic software packages
#
#############################################################################
 
 
echo "Installing aptitude ..."
if [ $DRYRUN -eq 0 ]; then
apt-get -y install aptitude 2>&1 | sed 's/^/ /'
fi
 
 
echo
echo "Downloading new or upgradable packages ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y update 2>&1 | sed 's/^/ /'
fi
 
echo
echo "Executing a safe upgrade ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y -o Dpkg::Options::="--force-confold" \
-o Dpkg::Options::="--force-confdef" \
safe-upgrade 2>&1 | sed 's/^/ /'
fi
 
 
echo
echo "Installing locate and mlocate to find files via 'locate' ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install locate mlocate 2>&1 | sed 's/^/ /'
fi
 
 
echo
echo "Installing the tool 'screen' for comfortable tty usage ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install locate screen 2>&1 | sed 's/^/ /'
 
 
cat > /etc/screen.user.rc << EOF
# Global user specific settings file for screen. This file can be
# referenced by the -c option of the 'screen' command.
 
#
# Use bash as the default shell.
Host *
shell -/bin/bash
EOF
fi
 
 
echo
echo "Installing tuptime for a better control of system uptime ;-)"
if [ $DRYRUN -eq 0 ]; then
aptitude -y install tuptime 2>&1 | sed 's/^/ /'
fi
 
 
 
echo
echo "Installing figlet to generate a nice /etc/motd ;-)"
if [ $DRYRUN -eq 0 ]; then
aptitude -y install figlet 2>&1 | sed 's/^/ /'
fi
 
 
echo
echo "Setting vim as the default editor ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install vim 2>&1 | sed 's/^/ /'
defaulteditor=$(update-alternatives --list editor | grep vim.basic)
if [ ! -z "$defaulteditor" ]; then
update-alternatives --set editor $defaulteditor
fi
 
if [ -r $BASEDIR/files/vimrc.local ]; then
cp $BASEDIR/files/vimrc.local /etc/vim/vimrc.local
chmod 644 /etc/vim/vimrc.local
fi
fi
 
 
echo
echo "Installing DKMS ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install dkms 2>&1 | sed 's/^/ /'
fi
 
 
echo
echo "Installing curl ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install curl 2>&1 | sed 's/^/ /'
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/03-crontab.sh
0,0 → 1,31
#!/bin/bash
#############################################################################
#
# Install needed crontab entries
#
#############################################################################
 
echo "Installing crontab ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install cron
fi
 
 
echo
echo "Creating directory /var/log/dailyjobs for logging output ..."
if [ $DRYRUN -eq 0 ]; then
mkdir -p /var/log/dailyjobs
chown root:root /var/log/dailyjobs
chmod 755 /var/log/dailyjobs
fi
 
 
echo
echo "Adding tyical entries to root's crontab file ..."
if [ $DRYRUN -eq 0 ]; then
crontab << EOF
MAILTO=dirk@scheernet.de
10 0 * * * /usr/local/sbin/updatedb > /var/log/dailyjobs/updatedb.log 2>&1
0 5 * * * /usr/local/sbin/doupdate > /var/log/dailyjobs/update.log 2>&1
EOF
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/03-env.sh
0,0 → 1,28
#!/bin/bash
#############################################################################
#
# Install needed global environment
#
#############################################################################
 
echo "Creating /etc/profile.d/aliases.sh ..."
if [ $DRYRUN -eq 0 ]; then
install -o root -g root -m 644 files/aliases.sh /etc/profile.d/aliases.sh
fi
 
 
echo
echo "Creating /etc/motd ..."
if [ $DRYRUN -eq 0 ]; then
echo >> /etc/motd
figlet -f big "$NEWHOSTNAME" >> /etc/motd
fi
 
 
echo
echo "Adding host aliases (etc/hosts) ..."
if [ $DRYRUN -eq 0 ]; then
echo "192.168.178.27 scheersvn" >> /etc/hosts
echo "192.168.178.27 scheermysvn" >> /etc/hosts
fi
 
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/04-mail.sh
0,0 → 1,103
#!/bin/bash
#############################################################################
#
# Install the Mail components
#
#############################################################################
 
 
#
# Should Mail be installed?
if [ -z $MAILHOST ]; then
echo "Skipping installation of Mail components due to user request."
exit 0
fi
 
 
echo "Installing the mail transfer agent MTA ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install exim4 s-nail
fi
 
 
echo
echo "Configuring Exim4 ..."
if [ $DRYRUN -eq 0 ]; then
cat >/etc/exim4/update-exim4.conf.conf << EOF
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
dc_eximconfig_configtype='smarthost'
dc_other_hostnames='scheermail'
dc_local_interfaces=''
dc_readhost='scheernet.de'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='192.168.178.0/24'
dc_smarthost='$MAILHOST'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
EOF
 
cat >/etc/exim4/passwd.client << EOF
# password file used when the local exim is authenticating to a remote
# host as a client.
#
# see exim4_passwd_client(5) for more documentation
#
# Example:
### target.mail.server.example:login:password
$MAILHOST:$MAILUSER:$MAILPASS
EOF
fi
 
 
#
# Link s-nail to mailx for easy usage
# (This is currently commented out, because the exim4 package
# seems to bring a mailx alternative)
#ln -snf /usr/bin/s-nail /usr/bin/mailx
 
 
#
# Setting global aliases
if [ -f $BASEDIR/files/mail.aliases ]; then
echo
echo "Copying global aliases files ..."
if [ $DRYRUN -eq 0 ]; then
install -o root -g root -m 644 $BASEDIR/files/mail.aliases /etc/aliases
fi
fi
 
 
#
# Setting user based forwarding
if [ -f $BASEDIR/files/mail.forward ]; then
users="root pi"
 
for user in $users; do
echo
echo "Setting user based forwarding for user $user ..."
if [ $DRYRUN -eq 0 ]; then
eval install -o $user -g root -m 644 $BASEDIR/files/mail.forward ~$user/.forward
fi
done
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/04-ufw.sh
0,0 → 1,58
#!/bin/bash
#############################################################################
#
# Install the simple to use packet filter firewall UFW
#
#############################################################################
 
 
#
# Should UFW be installed?
if [ $ENABLEUFW -eq 0 ]; then
echo "Skipping installation of UFW due to user request."
exit 0
fi
 
 
echo "Installing the simple to use packet filter firewall UFW ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install ufw
fi
 
 
echo
echo "Creating a standard ruleset ..."
if [ $DRYRUN -eq 0 ]; then
# Complete reset of an existing ruleset
ufw disable
ufw --force reset
 
# Enable standard ports for ssh, http and imap
ufw allow SSH
ufw allow WWW
ufw allow 'WWW Secure'
ufw allow IMAPS
 
# CIFS-Shares are restricted to the internal net
ufw allow from 192.168.178.0/24 to any app CIFS
 
# NFS-Shares are restricted to the internal net
ufw allow from 192.168.178.0/24 to any app NFS
ufw allow from 192.168.178.0/24 to any port 52535
ufw allow from 192.168.178.0/24 to any port 52536
ufw allow from 192.168.178.0/24 to any port 52537
 
# Multicasts of the Fritzbox
ufw allow from 192.168.178.1 to 224.0.0.1
 
# Childprotection of the FritzBox
ufw allow proto tcp from 192.168.178.1 to any port 14013
 
# Ubuntu und Debian send IPv6-packets
ufw allow from fe80:0000:0000:0000:a26a:af8b:543f:c3d3 to ff02:0000:0000:0000:0000:0000:0000:0001
ufw allow from fe80:0000:0000:0000:4261:86ff:fe03:8d53 to ff02:0000:0000:0000:0000:0000:0000:0001
 
# Enable the firewall and show the current state
ufw --force enable
ufw status numbered
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/05-backup.sh
0,0 → 1,21
#!/bin/bash
#############################################################################
#
# Backup
#
#############################################################################
 
echo "Installing rdiff-backup ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y --with-recommends install rdiff-backup
fi
 
 
echo
echo "Creating config file for xbackup ..."
if [ $DRYRUN -eq 0 ]; then
install -o root -g root -m 660 files/xbackup.conf /etc/xbackup.conf
sed --in-place \
-e "s|^BACKUPDIR\s*|BACKUPDIR /backup/$NEWHOSTNAME|" \
/etc/xbackup.conf
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/05-fstab.sh
0,0 → 1,43
#!/bin/bash
#############################################################################
#
# Install needed fstab entries
#
#############################################################################
 
echo "Installing cryptsetup for handling encrypted LUKS devices ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install cryptsetup
fi
 
 
echo
echo "Adding tyical entries to the fstab ..."
if [ $DRYRUN -eq 0 ]; then
cat >> /etc/fstab << EOF
 
##################################################################
# Verschlüsselte Devices
# siehe /etc/crypttab
##################################################################
/dev/mapper/maxtor /media/Maxtor ext4 defaults,noauto,noatime,user,exec 0 0
EOF
fi
 
 
echo
echo "Adding tyical entries to the crypttab ..."
if [ $DRYRUN -eq 0 ]; then
cat >> /etc/crypttab << EOF
 
# <target> <source device> <key file> <options>
maxtor UUID=37e7fe74-a25b-489a-bc7f-a3d2ae598f98 /etc/maxtor.passphrase luks,noauto
EOF
fi
 
 
echo
echo "Creating needed password file /etc/maxtor.passphrase ..."
if [ $DRYRUN -eq 0 ]; then
install -o root -g root -m 600 files/maxtor.passphrase /etc/maxtor.passphrase
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/05-nfs.sh
0,0 → 1,60
#!/bin/bash
#############################################################################
#
# Install the NFS components
#
#############################################################################
 
 
echo "Installing the NFS components ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install nfs-kernel-server nfs-common rpcbind
fi
 
 
echo
echo "Configuring rpcbind to use the specific port 52535 ..."
if [ $DRYRUN -eq 0 ]; then
sed --in-place \
-e 's|^#*\s*RPCMOUNTDOPTS\s*=.*|RPCMOUNTDOPTS="--port 52535 --manage-gids"|' \
/etc/default/nfs-kernel-server
fi
 
 
echo
echo "Configuring the Lock daemon for the specific ports 52536 and 52537 ..."
if [ $DRYRUN -eq 0 ]; then
cat >> /etc/sysctl.conf << EOF
 
# Configuring the Lock daemon to specific ports
# https://wiki.debian.org/SecuringNFS
fs.nfs.nfs_callback_tcpport = 52536
fs.nfs.nlm_tcpport = 52537
fs.nfs.nlm_udpport = 52537
EOF
fi
 
 
echo
echo "Configuring /etc/rc.local ..."
if [ $DRYRUN -eq 0 ]; then
cat >> /etc/rc.local << EOF
 
# Workaround for Debian 8
# https://unix.stackexchange.com/questions/245709/view-current-kernel-parameters/245713
sysctl --system
systemctl restart rpcbind
systemctl restart nfs-kernel-server
EOF
 
sysctl --system
systemctl restart rpcbind
systemctl restart nfs-kernel-server
fi
 
 
echo
echo "Exporting the current configuration ..."
if [ $DRYRUN -eq 0 ]; then
exportfs -rav
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/06-samba.sh
0,0 → 1,57
#!/bin/bash
 
##############################################################################
#
# Installation of Samba
#
##############################################################################
 
 
#
# Should the Subversion client be installed?
if [ -z "$SAMBAPASS" ]; then
echo "Skipping installation of Samba client due to user request."
exit 0
fi
 
 
echo "Installing Samba ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install samba samba-common-bin
fi
 
 
echo
echo "Creating user and group 'cifsuser' ..."
if [ $DRYRUN -eq 0 ]; then
groupadd -g 800 cifsuser
useradd -c "Samba user" --home-dir /home/cifsuser --no-create-home \
-s /bin/false -g cifsuser -u 800 cifsuser
smbpasswd -s -a cifsuser << EOF
$SAMBAPASS
$SAMBAPASS
EOF
fi
 
 
echo
echo "Modifying /etc/samba/smb.conf ..."
if [ $DRYRUN -eq 0 ]; then
sed --in-place \
-e 's/\(\s*workgroup\s*=\)\s*.*$/\1 FRITZ.BOX/' \
/etc/samba/smb.conf
 
cat >> /etc/samba/smb.conf << EOF
 
[austausch]
comment = Allgemeiner Austausch von Daten
path = /data/austausch
guest ok = yes
writable = yes
read only = no
public = yes
force user = cifsuser
force create mode = 0660
force directory mode = 2770
EOF
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/06-subversion.sh
0,0 → 1,41
#!/bin/bash
 
##############################################################################
#
# Installation of Subversion
#
##############################################################################
 
 
#
# Should the Subversion client be installed?
if [ -z "$SVNHOST" ]; then
echo "Skipping installation of Subversion client due to user request."
exit 0
fi
 
 
#
# Install the software
echo "Installing subversion ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install subversion
fi
 
 
echo
echo "Checking out /usr/local/bin ..."
if [ $DRYRUN -eq 0 ]; then
cd /usr/local/bin
yes yes | svn checkout --username=$SVNUSER --password=$SVNPASS \
svn://$SVNHOST:3691/Scripte/usrlocalbin/trunk .
fi
 
 
echo
echo "Checking out /usr/local/sbin ..."
if [ $DRYRUN -eq 0 ]; then
cd /usr/local/sbin
yes yes | svn checkout --username=$SVNUSER --password=$SVNPASS \
svn://$SVNHOST:3691/Scripte/usrlocalsbin/trunk .
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/07-docker.sh
0,0 → 1,243
#!/bin/bash
#############################################################################
#
# Install Docker's server components
#
#############################################################################
 
 
#
# Should Docker be installed
if [ -z "$DOCKERPIPASS" ]; then
echo "Skipping installation of Docker due to user request."
exit 0
fi
 
 
#
# Install Docker via the method "Convenience script"
# https://docs.docker.com/install/linux/docker-ce/debian/
echo "Downloading Docker's installation script from https://get.docker.com ..."
if [ $DRYRUN -eq 0 ]; then
curl -fsSL https://get.docker.com -o /root/get-docker.sh
 
#
# Execute the downloaded script. Normally it's not a good idea to
# execute a just downloaded file, but in this case I've checked
# the script to not be evil ;-)
echo
sh /root/get-docker.sh
fi
 
 
#
# Install docker-compose (using the pip method)
# https://docs.docker.com/compose/install/#install-compose
echo
echo "Installing the tool \"pip\" for downloading and installing \"docker-compose\" ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install python-pip python-setuptools \
python-backports.ssl-match-hostname 2>&1 | sed 's/^/ /'
fi
 
echo
echo "Now downloading and installing \"docker-compose\" ..."
if [ $DRYRUN -eq 0 ]; then
pip install wheel
pip install docker-compose
chmod 755 /usr/local/bin/docker-compose
fi
 
 
#
# This is a ugly workaround to make docker-compose accessable for
# every user. To be fixed sometimes later ...
cd /usr/local/lib/python2.7/dist-packages
chmod -R 755 *
 
 
#
# Definition of all accounts
DOCKER_SYSTEMUSER="
scheerdock:x:20000:20000:Docker administrator:/home/scheerdock:/bin/bash
duser1:x:20001:20001:Docker-User 1:/home/dckr-user1:/usr/sbin/nologin
duser2:x:20002:20002:Docker-User 2:/home/dckr-user2:/usr/sbin/nologin
duser3:x:20003:20003:Docker-User 3:/home/dckr-user3:/usr/sbin/nologin
dnginx:x:20100:20100:Docker nginx admin:/home/dckr-nginx:/usr/sbin/nologin
dphpfpm:x:20101:20101:PHP-FPM worker processes:/home/dckr-phpfpm:/usr/sbin/nologin
dmysql:x:20102:20102:mysql daemon:/home/dckr-mysql:/usr/sbin/nologin
ddovecot:x:20103:20103:Dovecot daemon:/home/dckr-dovecot:/usr/sbin/nologin
ddovenull:x:20104:20104:Dovecot daemon:/home/dckr-dovenull:/usr/sbin/nologin
dsvn:x:20105:20105:Subversion daemon:/home/dckr-svn:/usr/sbin/nologin
dsslh:x:20106:20106:SSLH daemon:/home/dckr-sslh:/usr/sbin/nologin
dproxy:x:20109:20109:Proxy admin:/home/dckr-proxy:/usr/sbin/nologin
dbatcheck:x:20110:20110:Batcheck User for scp:/home/dckr-batcheck:/bin/bash
"
 
#
# Create all accounts
echo
echo "Creating all needed user accounts ..."
if [ $DRYRUN -eq 0 ]; then
IFS="
"
for i in $(echo "$DOCKER_SYSTEMUSER"); do
name=$(echo "$i" | cut -d: -f1)
uid=$(echo "$i" | cut -d: -f3)
gid=$(echo "$i" | cut -d: -f4)
comment=$(echo "$i" | cut -d: -f5)
homedir=$(echo "$i" | cut -d: -f6)
shell=$(echo "$i" | cut -d: -f7)
echo " - Creating user and group \"$name\" ..."
groupadd -g $gid $name
 
if [ "$shell" == "/usr/sbin/nologin" ]; then
useradd -c "$comment" -d $homedir --no-create-home \
-g $gid -u $uid -s $shell $name
else
useradd -c "$comment" -d $homedir --create-home \
-g $gid -u $uid -s $shell $name
fi
 
#
# Add user scheerdock to any docker related group
# to ensure full file access.
if [ "$name" != "scheerdock" ]; then
adduser scheerdock $name
fi
done
fi
 
 
echo
echo "Setting password of user scheerdock ..."
if [ $DRYRUN -eq 0 ]; then
passwd scheerdock << EOF
$DOCKERPIPASS
$DOCKERPIPASS
EOF
fi
 
 
echo
echo "Adding scheerdock to the group sudo ..."
adduser scheerdock sudo
echo 'scheerdock ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/010_scheerdock-nopasswd
 
 
if [ ! -z "$BATCHECKPASS" ]; then
echo
echo "Setting password of user batcheck ..."
if [ $DRYRUN -eq 0 ]; then
passwd batcheck << EOF
$BATCHECKPASS
$BATCHECKPASS
EOF
fi
else
echo
echo "Deleting user dbatcheck, because no password is set."
if [ $DRYRUN -eq 0 ]; then
userdel -f --remove dbatcheck
groupdel -f dbatcheck
fi
fi
 
 
if [ ! -z "$YUBIKEYID" ]; then
echo
echo "Adding scheerdock to the Yubikey users ..."
if [ $DRYRUN -eq 0 ]; then
echo "scheerdock:$YUBIKEYTOKEN" >> /etc/yubikey.conf
fi
fi
 
 
#
# By adding the user scheerdock to the group docker, this user
# becomes the status of a docker administrator.
if [ $DRYRUN -eq 0 ]; then
adduser scheerdock docker
fi
 
 
echo
echo "Creating data directories ..."
if [ $DRYRUN -eq 0 ]; then
mkdir -p /data
chown root:root /data
chmod 755 /data
mkdir -p /data/docker
chown scheerdock:scheerdock /data/docker
chmod 755 /data/docker
mkdir -p /data/docker/private
chown scheerdock:scheerdock /data/docker/private
chmod 755 /data/docker/private
mkdir -p /data/docker/shared
chown scheerdock:scheerdock /data/docker/shared
chmod 755 /data/docker/shared
mkdir -p ~scheerdock/docker
chown scheerdock:scheerdock ~scheerdock/docker
chmod 755 ~scheerdock/docker
mkdir -p ~scheerdock/docker/conf
chown scheerdock:scheerdock ~scheerdock/docker/conf
chmod 755 ~scheerdock/docker/conf
mkdir -p ~scheerdock/docker/etc
chown scheerdock:scheerdock ~scheerdock/docker/etc
chmod 755 ~scheerdock/docker/etc
fi
 
 
echo
if [ -z "$SVNHOST" ]; then
echo "Skipping installation of basic tools for docker due to user request."
else
echo "Getting basic tools for docker from subversion server ..."
if [ $DRYRUN -eq 0 ]; then
su -c "cd ~scheerdock/docker;
yes yes | svn checkout --username=$SVNUSER --password=$SVNPASS svn://$SVNHOST/Docker/bin/trunk bin" \
scheerdock
install -o scheerdock -g scheerdock -m 600 /dev/null ~scheerdock/.dockercredentials
cat > ~scheerdock/.dockercredentials << EOF
DUSER=$DOCKERHUBUSER
DPASS=$DOCKERHUBPASS
DMAIL=$DOCKERHUBMAIL
EOF
cat >> ~scheerdock/.profile << EOF
 
# set PATH so it includes user's Docker bin if it exists
if [ -r "\$HOME/docker/bin/docker-env" ] ; then
. \$HOME/docker/bin/docker-env
fi
EOF
fi
fi
 
 
echo
echo "Adding tyical entries to scheerdock's crontab file ..."
if [ $DRYRUN -eq 0 ]; then
crontab -u scheerdock - << EOF
#00 1 * * * /home/pi/docker/bin/drun mariadb --backup > /data/docker/shared/batcheck/dailyjobs/mariadb.log 2>&1
#00 2 * * * /home/pi/docker/bin/drun dovecot --backup > /data/docker/shared/batcheck/dailyjobs/dovecot.log 2>&1
#00 3 * * * /home/pi/docker/bin/drun svn --backup > /data/docker/shared/batcheck/dailyjobs/svn.log 2>&1
#10 3 * * * /home/pi/docker/bin/drun mysvn --backup > /data/docker/shared/batcheck/dailyjobs/mysvn.log 2>&1
#00 5 * * * /home/pi/docker/bin/drun carddav2fb --run familie >> /data/docker/shared/batcheck/dailyjobs/carddav2fb.log 2>&1
#00 17 * * * /home/pi/docker/bin/drun carddav2fb --run familie > /data/docker/shared/batcheck/dailyjobs/carddav2fb.log 2>&1
#30 6 * * * /home/pi/docker/bin/drun batcheck > /tmp/dcronrun-batcheck.log 2>&1
#00 12 * * * /home/pi/docker/bin/drun letsencrypt scheernet.spdns.de > /data/docker/shared/batcheck/dailyjobs/letsencrypt.log 2>&1
EOF
fi
 
 
#
# Setting user based forwarding
if [ $DRYRUN -eq 0 ]; then
if [ ! -z "$MAILHOST" -a -f $BASEDIR/files/mail.forward ]; then
echo
echo "Setting user based mail forwarding for user scheerdock ..."
install -o scheerdock -g scheerdock -m 644 \
$BASEDIR/files/mail.forward ~scheerdock/.forward
fi
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/07-virtualbox.sh
0,0 → 1,51
#!/bin/bash
#############################################################################
#
# Install VirtualBox
#
#############################################################################
 
#
# Should VirtualBox be installed
if [ "$VIRTUALBOX" -eq 0 ]; then
echo "Skipping installation of VirtualBox due to user request."
exit 0
fi
 
 
echo
echo "Adding repository for Oracle VirtualBox ..."
if [ $DRYRUN -eq 0 ]; then
echo "deb http://download.virtualbox.org/virtualbox/debian bionic contrib" \
> /etc/apt/sources.list.d/virtualbox.list
 
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | apt-key add -
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | apt-key add -
 
aptitude -y update 2>&1 | sed 's/^/ /'
fi
 
 
echo
echo "Installing VirtualBox ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install virtualbox-6.0 2>&1 | sed 's/^/ /'
fi
 
 
echo
echo "Creating user 'vbox' for headless mode ..."
if [ $DRYRUN -eq 0 ]; then
grep -q "^vbox:" /etc/passwd
if [ $? -eq 0 ]; then
echo "User 'vbox' already exists. Skipping the creation ..."
else
gid=$(grep vboxusers /etc/group | cut -d: -f3)
if [ -z "$gid" ]; then
echo " Error detecting the group vboxusers. Cannot add user 'vbox'."
else
useradd -c "VirtualBox headless administrator" -d /home/vbox --create-home \
-g $gid -u 19000 -s /usr/sbin/nologin vbox
fi
fi
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/debian.sh
0,0 → 1,640
#!/bin/bash
##############################################################################
#
# Master script for installing additional software on a Raspberry based
# Docker host
#
##############################################################################
 
 
# This script must be run as root!
if [ "$LOGNAME" != "root" ]; then
echo "This script must be run as root - please try a sudo ..."
exit 1
fi
 
 
#
# Defintion of the short options for getopt
SOPTS=hd
 
#
# Defintion of the long options for getopt
LOPTS=help,dry-run
 
#
# Parse available options
PARSED=$(getopt --options=$SOPTS --longoptions=$LOPTS --name "$0" -- "$@") || exit 2
eval set -- "$PARSED"
 
 
#
# Set some variables
CMD=""
DRYRUN=0; export DRYRUN
 
 
#
# Now evaluate all options until --
while true; do
case "$1" in
-h | --help)
echo "Usage: $(basename $0) [OPTION]..."
echo "Installing additional software on a Raspberry Pi."
echo
echo "Mandatory arguments to long options are mandatory for short options too."
echo "-h, --help Show this help."
echo "-d, --dry-run Don't do anything. Only show, what would be done."
exit 0
;;
-d | --dry-run)
DRYRUN=1
shift 1
;;
--)
shift
break
;;
*)
echo "This line cannot be reached. This must be a programming error. Exiting" 1>&2
exit 3
;;
esac
done
 
 
#
# The real installation of software must be run by root.
# A simulation (--dry-run) can be run by any user.
if [ "$(id -u)" != "0" -a $DRYRUN -eq 0 ]; then
echo "This script must be run as user root."
exit 1
fi
 
 
#
# Setting variables and export them to make them accessable for
# subsequent scripts
BASEDIR=$(pwd); export BASEDIR
LOGFILE=""; export LOGFILE
NEWHOSTNAME=""; export NEWHOSTNAME
PIPASS=""; export PIPASS
DOCKERPIPASS=""; export DOCKERPIPASS
DOCKERHUBUSER=""; export DOCKERHUBUSER
DOCKERHUBPASS=""; export DOCKERHUBPASS
DOCKERHUBMAIL=""; export DOCKERHUBMAIL
BATCHECKPASS=""; export BATCHECKPASS
MAILHOST=""; export MAILHOST
MAILUSER=""; export MAILUSER
MAILPASS=""; export MAILPASS
SVNHOST=""; export SVNHOST
SVNUSER=""; export SVNUSER
SVNPASS=""; export SVNPASS
ENABLEUFW=1; export ENABLEUFW
YUBIKEYID=""; export YUBIKEYID
YUBIKEYKEY=""; export YUBIKEYKEY
YUBIKEYTOKEN=""; export YUBIKEYTOKEN
SAMBAPASS=""; export SAMBAPASS
VIRTUALBOX=0; export VIRTUALBOX
 
 
#
# If a file "defaults" exists, this can override the above definitions.
if [ -r "$BASEDIR/files/defaults" ]; then
. $BASEDIR/files/defaults
fi
 
 
#
# Show the user a configuration menu.
start=0
while [ $start -eq 0 ]; do
clear
echo
echo "######################################################################"
echo "#"
echo "# Configuration options"
echo "#"
echo "######################################################################"
 
echo
if [ -z "$LOGFILE" ]; then
echo "1) Logfile : Must be set!"
else
echo "1) Logfile : $LOGFILE"
fi
 
echo
if [ -z "$NEWHOSTNAME" ]; then
echo "2) Hostname : Must be set!"
else
echo "2) Hostname : $NEWHOSTNAME"
fi
 
echo
if [ -z "$PIPASS" ]; then
echo "3) Password for the user pi : Disabled"
else
echo "3) Password for the user pi : ***"
fi
 
echo
if [ -z "$DOCKERPIPASS" ]; then
echo "4) Installation of Docker : Disabled"
else
echo "41) Password for the user scheerdock : ***"
if [ -z "$DOCKERHUBUSER" ]; then
echo "42) Docker Hub username : Must be set!"
else
echo "42) Docker Hub username : $DOCKERHUBUSER"
fi
if [ -z "$DOCKERHUBPASS" ]; then
echo "43) Docker Hub password : Must be set!"
else
echo "43) Docker Hub password : ***"
fi
if [ -z "$DOCKERHUBMAIL" ]; then
echo "44) Docker Hub E-Mail address : Must be set!"
else
echo "44) Docker Hub E-Mail address : $DOCKERHUBMAIL"
fi
if [ -z "$BATCHECKPASS" ]; then
echo "45) Password for the user batcheck : Disabled"
else
echo "45) Password for the user batcheck : ***"
fi
fi
 
echo
if [ -z "$MAILHOST" ]; then
echo "5) Smarthost for mail delivery : Disabled"
else
echo "51) Smarthost for mail delivery : $MAILHOST"
if [ -z "$MAILUSER" ]; then
echo "52) Mail username : Must be set!"
else
echo "52) Mail username : $MAILUSER"
fi
if [ -z "$MAILPASS" ]; then
echo "53) Mail password : Must be set!"
else
echo "53) Mail password : ***"
fi
fi
 
echo
if [ -z "$SVNHOST" ]; then
echo "6) Subversion client : Disabled"
else
echo "61) Subversion server : $SVNHOST"
if [ -z "$SVNUSER" ]; then
echo "62) Subversion username : Must be set!"
else
echo "62) Subversion username : $SVNUSER"
fi
if [ -z "$SVNPASS" ]; then
echo "63) Subversion password : Must be set!"
else
echo "63) Subversion password : ***"
fi
fi
 
echo
if [ $ENABLEUFW -eq 0 ]; then
echo "7) Firewall UFW : Disabled"
else
echo "7) Firewall UFW : Enabled"
fi
 
echo
if [ -z "$YUBIKEYID" ]; then
echo "8) Yubikey protection : Disabled"
else
echo "81) Yubikey ID : $YUBIKEYID"
if [ -z "$YUBIKEYKEY" ]; then
echo "82) Yubikey Key : Must be set!"
else
echo "82) Yubikey Key : $YUBIKEYKEY"
fi
if [ -z "$YUBIKEYTOKEN" ]; then
echo "83) Yubikey Token : Must be set!"
else
echo "83) Yubikey Token : $YUBIKEYTOKEN"
fi
fi
 
echo
if [ -z "$SAMBAPASS" ]; then
echo "9) Installation of Samba : Disabled"
else
echo "9) Samba password for user cifsuser : ***"
fi
 
echo
if [ $VIRTUALBOX -eq 0 ]; then
echo "10) Installation of VirtualBox : Disabled"
else
echo "10) Installation of VirtualBox : Enabled"
fi
 
if [ ! -z "$LOGFILE" \
-a ! -z "$NEWHOSTNAME" \
-a \( -z "$DOCKERPIPASS" -o \( ! -z "$DOCKERPIPASS" -a ! -z "$DOCKERHUBUSER" -a ! -z "$DOCKERHUBPASS" -a ! -z "$DOCKERHUBMAIL" \) \) \
-a \( -z "$MAILHOST" -o \( ! -z "$MAILHOST" -a ! -z "$MAILUSER" -a ! -z "$MAILPASS" \) \) \
-a \( -z "$SVNHOST" -o \( ! -z "$SVNHOST" -a ! -z "$SVNUSER" -a ! -z "$SVNPASS" \) \) \
-a \( -z "$YUBIKEYID" -o \( ! -z "$YUBIKEYID" -a ! -z "$YUBIKEYKEY" -a ! -z "$YUBIKEYTOKEN" \) \) \
]; then
echo
echo
echo "G) OK, let's go ..."
isOK=1
else
isOK=0
fi
 
echo
echo "######################################################################"
echo
echo -n "Please choose an option to set: "
read answer
echo
 
 
case $answer in
1)
echo -n "Please enter the name of the logfile: "
read input
if [ ! -z "$input" ]; then
if [[ $input =~ ^/.* ]]; then
input="$input"
else
input="$BASEDIR/$input"
fi
touch "$input" 2>/dev/null
if [ $? -eq 0 ]; then
LOGFILE=$input
rm -f $input
else
echo "The logfile cannot be opened for writing - please try again."
sleep 3
fi
fi
;;
2)
echo -n "Please enter the hostname: "
read input
if [ ! -z "$input" ]; then
if [[ $input =~ ^[a-zA-Z0-9\.\-]*$ ]]; then
NEWHOSTNAME=$input
else
echo "The hostname can contain only the characters a-z, A-Z, 0-9 and (.-) - please try again."
sleep 3
fi
fi
;;
3)
echo -n "Please enter the password of the user 'pi': "
read -s pass1 && echo
if [ -z "$pass1" ]; then
PIPASS=""
else
echo -n "Please reenter the password of the user 'pi': "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
PIPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
;;
4 | 41)
echo -n "Please enter the password of the user 'scheerdock': "
read -s pass1 && echo
if [ -z "$pass1" ]; then
DOCKERPIPASS=""
DOCKERHUBUSER=""
DOCKERHUBPASS=""
DOCKERHUBMAIL=""
else
echo -n "Please reenter the password of the user 'scheerdock': "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
DOCKERPIPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
;;
42)
if [ ! -z "$DOCKERPIPASS" ]; then
echo -n "Please enter the user for the Docker Hub: "
read DOCKERHUBUSER
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
43)
if [ ! -z "$DOCKERPIPASS" ]; then
echo -n "Please enter the password of the Docker Hub user: "
read -s pass1 && echo
if [ -z "$pass1" ]; then
DOCKERHUBPASS=""
else
echo -n "Please reenter the password of the Docker Hub user: "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
DOCKERHUBPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
44)
if [ ! -z "$DOCKERPIPASS" ]; then
echo -n "Please enter the E-Mail address for the Docker Hub user: "
read DOCKERHUBMAIL
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
45)
if [ ! -z "$DOCKERPIPASS" ]; then
echo -n "Please enter the password of the batcheck user: "
read -s pass1 && echo
if [ -z "$pass1" ]; then
BATCHECKPASS=""
else
echo -n "Please reenter the password of the batcheck user: "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
BATCHECKPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
5 | 51)
echo -n "Please enter the name of the smarthost for mail delivery: "
read input
if [ -z "$input" ]; then
MAILHOST=""
MAILUSER=""
MAILPASS=""
else
if [[ $input =~ ^[a-zA-Z0-9\.\-]*$ ]]; then
MAILHOST=$input
else
echo "The hostname can contain only the characters a-z, A-Z, 0-9 and (.-) - please try again."
sleep 3
fi
fi
;;
52)
if [ ! -z "$MAILHOST" ]; then
echo -n "Please enter the user for mail delivery: "
read MAILUSER
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
53)
if [ ! -z "$MAILHOST" ]; then
echo -n "Please enter the password of the mail user: "
read -s pass1 && echo
if [ -z "$pass1" ]; then
MAILPASS=""
else
echo -n "Please reenter the password of the mail user: "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
MAILPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
6 | 61)
echo -n "Please enter the hostname for subversion: "
read input
if [ -z "$input" ]; then
SVNHOST=""
SVNUSER=""
SVNPASS=""
else
if [[ $input =~ ^[a-zA-Z0-9\.\-]*$ ]]; then
SVNHOST=$input
else
echo "The hostname can contain only the characters a-z, A-Z, 0-9 and (.-) - please try again."
sleep 3
fi
fi
;;
62)
if [ ! -z "$SVNHOST" ]; then
echo -n "Please enter the user for subversion: "
read SVNUSER
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
63)
if [ ! -z "$SVNHOST" ]; then
echo -n "Please enter the password of the subversion user: "
read -s pass1 && echo
if [ -z "$pass1" ]; then
SVNPASS=""
else
echo -n "Please reenter the password of the subversion user: "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
SVNPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
7)
if [ "$ENABLEUFW" -eq 0 ]; then
ENABLEUFW=1
else
ENABLEUFW=0
fi
;;
8 | 81)
echo -n "Please enter the Yubikey ID: "
read input
if [ -z "$input" ]; then
YUBIKEYID=""
YUBIKEYKEY=""
YUBIKEYTOKEN=""
else
if [[ $input =~ ^[0-9]*$ ]]; then
YUBIKEYID=$input
else
echo "The Yubikey ID can contain only digits - please try again."
sleep 3
fi
fi
;;
82)
if [ ! -z "$YUBIKEYID" ]; then
echo -n "Please enter the key for the Yubikey ID: "
read YUBIKEYKEY
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
83)
if [ ! -z "$YUBIKEYID" ]; then
echo -n "Please enter the the Yubikey Token: "
read YUBIKEYTOKEN
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
9)
echo -n "Please enter the password of the user 'cifsuser': "
read -s pass1 && echo
if [ -z "$pass1" ]; then
SAMBAPASS=""
else
echo -n "Please reenter the password of the user 'cifsuser': "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
SAMBAPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
;;
10)
if [ $VIRTUALBOX -eq 0 ]; then
VIRTUALBOX=1
else
VIRTUALBOX=0
fi
;;
g | G)
if [ $isOK -eq 1 ]; then
start=1
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
*)
echo "Unknown option '$answer' - please try again."
sleep 3
;;
esac
 
done
 
 
# Start logging of all output (stdout and stderr)
# https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time
# - >(...) starts the process ... and returns a file representing its
# standard input.
# - exec &> ... redirects both standard output and standard error into ...
# for the remainder of the script (use just exec > ... for stdout only).
# - tee -a appends its standard input to the file, and also prints it
# to the screen.
exec &> >(tee "$LOGFILE")
 
echo "######################################################################"
echo "#"
echo "# Summary of configuration options"
echo "#"
echo "######################################################################"
echo "Hostname : $NEWHOSTNAME"
if [ -z "$DOCKERPIPASS" ]; then
echo "Installation of Docker : Disabled"
else
echo "Installation of Docker : Enabled"
echo "User on Docker Hub : $DOCKERHUBUSER"
echo "E-Mail address on Docker Hub : $DOCKERHUBMAIL"
if [ -z "BATCHECKPASS" ]; then
echo "Creating user dbatcheck : Diabled"
else
echo "Creating user dbatcheck : Enabled"
fi
fi
if [ -z "$MAILHOST" ]; then
echo "Smarthost for mail delivery : Disabled"
else
echo "Smarthost for mail delivery : $MAILHOST"
echo "User for mail delivery : $MAILUSER"
fi
if [ -z "$SVNHOST" ]; then
echo "Subversion client : Disabled"
else
echo "Subversion server : $SVNHOST"
echo "Subversion user : $SVNUSER"
fi
if [ $ENABLEUFW -eq 0 ]; then
echo "Firewall UFW : Disabled"
else
echo "Firewall UFW : Enabled"
fi
if [ -z "$YUBIKEYID" ]; then
echo "Yubikey protection : Disabled"
else
echo "Yubikey ID : $YUBIKEYID"
echo "Yubikey Key : $YUBIKEYKEY"
echo "Yubikey Token : $YUBIKEYTOKEN"
fi
if [ -z "$SAMBAPASS" ]; then
echo "Installation of Samba : Disabled"
else
echo "Installation of Samba : Enabled"
fi
if [ $VIRTUALBOX -eq 0 ]; then
echo "VirtualBox : Disabled"
else
echo "VirtualBox : Enabled"
fi
 
#
# Execute all scripts in alphabetical order
for script in [0-9]*.sh; do
echo
echo
echo "######################################################################"
echo "#"
echo "# Running script \"$script\""
echo "#"
echo "######################################################################"
echo
eval ./$script
echo
echo
done
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/files/aliases.sh
0,0 → 1,21
alias ll='ls -l'
alias lc='ls -c'
alias ..='cd ..'
alias old='cd $OLDPWD'
 
 
#
# If not already within a screen session, define the alias 'scr'
if [[ ! "$TERM" =~ ^screen* ]] && [[ ! -z "$SSH_CONNECTION" ]]; then
alias scr='/usr/bin/screen -S sshscreen -c /etc/screen.user.rc -d -R -q'
fi
 
#
# Bash History mit Zeitstempel ausstatten
# Linux Magazin 12/2020
export HISTTIMEFORMAT="%F %T: "
 
# Problem mit Mauszeiger (funktioniert nur in einem kleinen Bereich zuverlaessig)
# http://communities.vmware.com/message/1458734#1458734
# VMWARE_USE_SHIPPED_GTK=yes; export VMWARE_USE_SHIPPED_GTK
 
/tags/20210113/app/scripts/debian/files/backup.passphrase
0,0 → 1,0
Enter_the_passphrase_of_your_encrypted_backup_device
/tags/20210113/app/scripts/debian/files/defaults
0,0 → 1,94
#!/bin/bash
##############################################################################
#
# Default for the installation of a docker host
#
##############################################################################
 
#
# Name of the logfile
LOGFILE="$BASEDIR/osfi_debian.log"
 
#
# Hostname of the Raspberry Pi
NEWHOSTNAME=""
 
#
# Password of the user 'pi'
PIPASS=""
 
#
# Password of the user 'scheerdock'
# (leave empty for disabling the installation of the Docker software)
DOCKERPIPASS=""
 
#
# Password of the user 'dbatcheck'. This user is only created
# when the Docker software is installed (DOCKERPIPASS != "").
# The password is only set, if not empty.
BATCHECKPASS=""
 
#
# Username on Docker Hub
DOCKERHUBUSER=""
 
#
# Password for the user on Docker Hub
DOCKERHUBPASS=""
 
#
# E-Mail address for the user on Docker Hub
DOCKERHUBMAIL=""
 
#
# Smarthost for mail delivery
# (leave empty for disabling the mail configuration)
MAILHOST=""
 
#
# Username of the user used to deliver mails
MAILUSER=""
 
#
# Password of the mail user
MAILPASS=""
 
#
# Hostname of the subversion server
# (leave empty for disabling the subversion configuration)
SVNHOST=""
 
#
# Subversion user
SVNUSER=""
 
#
# Password of the subversion user
SVNPASS=""
 
#
# Enabling (1) oder disabling (2) the installation of the
# firewall UFW.
ENABLEUFW=1
 
#
# Yubikey ID
# (leave empty for disabling the subversion configuration)
YUBIKEYID=""
 
#
# Key for the above defined Yubikey ID
YUBIKEYKEY=""
 
#
# Token used by the personal Yubikey
YUBIKEYTOKEN=""
 
#
# Password of the Samba user cifsuser
# (leave empty for disabling the installation of Samba)
SAMBAPASS=""
 
#
# Enabling (1) oder disabling (0) the installation of VirtualBox
VIRTUALBOX=0
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/debian/files/ftp-scheernet.credentials
0,0 → 1,2
FTPUSER=Enter_the_FTP-user
FTPPASS=Enter_the_password_of_your_FTP-user
/tags/20210113/app/scripts/debian/files/mail.aliases
0,0 → 1,15
# /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: dirk@scheernet.de
logcheck: root
/tags/20210113/app/scripts/debian/files/mail.forward
0,0 → 1,0
dirk@scheernet.de
/tags/20210113/app/scripts/debian/files/maxtor.passphrase
0,0 → 1,0
Passphrase_for_the_encrypted_MediaDevice
/tags/20210113/app/scripts/debian/files/vimrc.local
0,0 → 1,18
" Disable the mouse mode
set mouse=
set ttymouse=
 
 
" As default there's no indentation when inserting
" via cut'n paste (but this prevents auto-indentation).
" The behaviour can be toggled with <F3> (nopaste/paste).
set paste
set pastetoggle=<F3>
 
 
" Set propper indentation
set tabstop=2 " Tabwidth is 2
set expandtab " Tabs are expanded to blanks
set shiftwidth=2 " The identation is 2 chars
set autoindent " Set autoident on
set smartindent " It's a smart auto-identation
/tags/20210113/app/scripts/debian/files/xbackup.conf
0,0 → 1,78
##############################################################################
#
# Konfigurationsdatei für xbackup
#
# In den Preferences sind folgende Optionen erlaubt:
# BACKUPDIR Verzeichnis, in das gesichert wird** Dort müssen
# Unterverzeichnis linux**01, linux.02- ... existieren.
# LEVEL0s Kommaseparierte Liste der Verzeichnis, in denen eine
# Level-0-Sicherung erfolgen soll (1,5,10)***
# ASKLEVEL0 Bei einem "yes" wird vor einer Level-0-Sicherung eine
# Sicherheitsabfrage durchgeführt***
# COMPRESS Defaultmäßig soll komprimiert werden***
#
# Anschließend werden die zu sichernden Verzeichnis angegeben** Diese Verzeich-
# nisse werden mittels tar zu einem Archiv zusammengefasst und ggfls** mit gzip
# komprimiert** Eine Verzeichnisdefinition wird mit [] eingeleitet:
#
# [Verzeichnis:Level:Includes:Optionen]
# Verzeichnis Pfadangabe des zu sichernden Verzeichnisses***
# Level Kann entweder "0" oder aber "01" sein und gibt an,
# bei welchen Leveln das Verzeichnis mitgesichert wird***
# Dadurch kann eingestellt werden, dass einzelne
# Verzeichnisse nur bei der Level-0-Sicherung zu
# berücksichtigen sind***
# Includes Durch Leerzeichen getrennte Schlüsselwörter:
# all: Gibt an, dass alle Dateien des
# Verzeichnisses zu sichern sind** Die
# nachfolgend angegebenen Verzeichnis-
# und/oder Dateinamen werden von der
# Sicherung ausgenommen***
# selective Gibt an, dass nur ausgewählte Dateien
# gesichert werden sollen** Es werden nur
# die nachfolgend angegebenen Dateien
# gesichert***
# dont_compress Gibt an, dass die Dateien nicht
# komprimiert werden sollen (z**B. MP3s).
# only_newer Gibt an, dass bei Level-1-Sicherungen
# nur die Dateien gesichert werden, die
# seit der vorangegangen Sicherung ge-
# ändert wurden***
# Optionen Hier können zusätzliche Optionen für das find-
# Kommando angegeben werden** Sinnig ist z.B. -mount,
# um den Übergriff auf darunter gemountete Verzeichnisse
# zu verhindern (man find)***
##############################################################################
 
[Preferences]
BACKUPDIR /backup/HOSTNAME
 
[/bin]
 
[/boot]
 
[/data]
- **/austausch/**
 
[/etc]
 
[/home]
 
[/lib]
 
[/opt]
 
[/root]
 
[/run]
 
[/sbin]
 
[/srv]
 
[/tmp]
 
[/usr]
 
[/var]
- **/lib/docker/**
/tags/20210113/app/scripts/raspberry/01-raspi.sh
0,0 → 1,72
#!/bin/bash
#############################################################################
#
# Basic configuration of Raspbian
#
#############################################################################
 
 
echo "Setting password of user pi ..."
if [ $DRYRUN -eq 0 ]; then
passwd pi << EOF
$PIPASS
$PIPASS
EOF
fi
 
 
echo
echo "Configuring Raspbian:"
 
echo " - Expanding root filesystem."
if [ $DRYRUN -eq 0 ]; then
raspi-config --expand-rootfs
fi
 
value=$NEWHOSTNAME
echo
echo " - Setting hostname to $value."
if [ $DRYRUN -eq 0 ]; then
raspi-config nonint do_hostname $value
fi
 
value="de_DE.UTF8"
echo
echo " - Setting locale to $value."
if [ $DRYRUN -eq 0 ]; then
raspi-config nonint do_change_locale $value
fi
 
value="de"
echo
echo " - Setting keyboard to $value."
if [ $DRYRUN -eq 0 ]; then
sed --in-place \
-e 's/^XKBMODEL\s*=.*/XKBMODEL="pc105"/' \
-e 's/^XKBVARIANT\s*=.*/XKBVARIANT="deadacute"/' \
-e 's/^XKBOPTIONS\s*=.*/XKBOPTIONS=""/' \
-e 's/^BACKSPACE\s*=.*/BACKSPACE="guess"/' \
/etc/default/keyboard
raspi-config nonint do_configure_keyboard $value
fi
 
value="Europe/Berlin"
echo
echo " - Setting timezone to $value."
if [ $DRYRUN -eq 0 ]; then
raspi-config nonint do_change_timezone $value
fi
 
value="0"
echo
echo " - Activating ssh daemon."
if [ $DRYRUN -eq 0 ]; then
raspi-config nonint do_ssh $value
fi
 
value="1"
echo
echo " - Deactivating VNC daemon."
if [ $DRYRUN -eq 0 ]; then
raspi-config nonint do_vnc $value
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/02-software.sh
0,0 → 1,86
#!/bin/bash
#############################################################################
#
# Install basic software packages
#
#############################################################################
 
 
echo "Checking for existance of aptitude ..."
aptitudeinstalled=$(which aptitude | wc -l)
if [ $aptitudeinstalled -eq 0 ]; then
echo "Installing aptitude via apt-get ..."
apt-get -y install aptitude
else
echo "aptitude is already installed."
fi
 
echo
echo "Downloading new or upgradable packages ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y update 2>&1 | sed 's/^/ /'
fi
 
echo
echo "Executing a safe upgrade ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y -o Dpkg::Options::="--force-confold" \
-o Dpkg::Options::="--force-confdef" \
safe-upgrade 2>&1 | sed 's/^/ /'
fi
 
 
echo
echo "Installing locate and mlocate to find files via 'locate' ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install locate mlocate 2>&1 | sed 's/^/ /'
fi
 
 
echo
echo "Installing the tool 'screen' for comfortable tty usage ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install locate screen 2>&1 | sed 's/^/ /'
 
 
cat > /etc/screen.user.rc << EOF
# Global user specific settings file for screen. This file can be
# referenced by the -c option of the 'screen' command.
 
#
# Use bash as the default shell.
Host *
shell -/bin/bash
EOF
chmod 644 /etc/screen.user.rc
fi
 
 
echo
echo "Installing tuptime for a better control of system uptime ;-)"
if [ $DRYRUN -eq 0 ]; then
aptitude -y install tuptime 2>&1 | sed 's/^/ /'
fi
 
 
echo
echo "Installing figlet to generate a nice /etc/motd ;-)"
if [ $DRYRUN -eq 0 ]; then
aptitude -y install figlet 2>&1 | sed 's/^/ /'
fi
 
 
echo
echo "Setting vim as the default editor ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install vim 2>&1 | sed 's/^/ /'
defaulteditor=$(update-alternatives --list editor | grep vim.basic)
if [ ! -z "$defaulteditor" ]; then
update-alternatives --set editor $defaulteditor
fi
 
if [ -r $BASEDIR/files/vimrc.local ]; then
cp $BASEDIR/files/vimrc.local /etc/vim/vimrc.local
chmod 644 /etc/vim/vimrc.local
fi
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/03-crontab.sh
0,0 → 1,33
#!/bin/bash
#############################################################################
#
# Install needed crontab entries
#
#############################################################################
 
echo "Installing crontab ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install cron
fi
 
 
echo
echo "Creating directory /var/log/dailyjobs for logging output ..."
if [ $DRYRUN -eq 0 ]; then
mkdir -p /var/log/dailyjobs
chown root:root /var/log/dailyjobs
chmod 755 /var/log/dailyjobs
fi
 
 
echo
echo "Adding tyical entries to root's crontab file ..."
if [ $DRYRUN -eq 0 ]; then
crontab << EOF
MAILTO=dirk@scheernet.de
10 0 * * * /usr/local/sbin/piupdatedb > /var/log/dailyjobs/updatedb.log 2>&1
#15 0 * * * /usr/local/sbin/cryptlist /backup > /var/log/dailyjobs/devicecheck.log 2>&1
#15 4 * * * /usr/local/sbin/pibackup > /var/log/dailyjobs/backup.log 2>&1
0 5 * * * /usr/local/sbin/doupdate > /var/log/dailyjobs/update.log 2>&1
EOF
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/03-env.sh
0,0 → 1,27
#!/bin/bash
#############################################################################
#
# Install needed global environment
#
#############################################################################
 
echo "Creating /etc/profile.d/aliases.sh ..."
if [ $DRYRUN -eq 0 ]; then
install -o root -g root -m 644 files/aliases.sh /etc/profile.d/aliases.sh
fi
 
 
echo
echo "Creating /etc/motd ..."
if [ $DRYRUN -eq 0 ]; then
echo >> /etc/motd
figlet -f big "$NEWHOSTNAME" >> /etc/motd
fi
 
 
echo
echo "Adding host aliases (etc/hosts) ..."
if [ $DRYRUN -eq 0 ]; then
echo "192.168.178.27 scheersvn" >> /etc/hosts
echo "192.168.178.27 scheermysvn" >> /etc/hosts
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/04-mail.sh
0,0 → 1,96
#!/bin/bash
#############################################################################
#
# Install the Mail components
#
#############################################################################
 
 
#
# Should Mail be installed?
if [ -z $MAILHOST ]; then
echo "Skipping installation of Mail components due to user request."
exit 0
fi
 
 
echo "Installing the mail transfer agent MTA ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install exim4 s-nail
fi
 
 
echo
echo "Configuring Exim4 ..."
if [ $DRYRUN -eq 0 ]; then
cat >/etc/exim4/update-exim4.conf.conf << EOF
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
dc_eximconfig_configtype='smarthost'
dc_other_hostnames='scheermail'
dc_local_interfaces=''
dc_readhost='scheernet.de'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='192.168.178.0/24'
dc_smarthost='$MAILHOST'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
EOF
 
cat >/etc/exim4/passwd.client << EOF
# password file used when the local exim is authenticating to a remote
# host as a client.
#
# see exim4_passwd_client(5) for more documentation
#
# Example:
### target.mail.server.example:login:password
$MAILHOST:$MAILUSER:$MAILPASS
EOF
fi
 
 
#
# Setting global aliases
if [ -f $BASEDIR/files/mail.aliases ]; then
echo
echo "Copying global aliases files ..."
if [ $DRYRUN -eq 0 ]; then
install -o root -g root -m 644 $BASEDIR/files/mail.aliases /etc/aliases
fi
fi
 
 
#
# Setting user based forwarding
if [ -f $BASEDIR/files/mail.forward ]; then
users="root pi"
 
for user in $users; do
echo
echo "Setting user based forwarding for user $user ..."
if [ $DRYRUN -eq 0 ]; then
eval install -o $user -g pi -m 644 $BASEDIR/files/mail.forward ~$user/.forward
fi
done
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/04-ufw.sh
0,0 → 1,58
#!/bin/bash
#############################################################################
#
# Install the simple to use packet filter firewall UFW
#
#############################################################################
 
 
#
# Should UFW be installed?
if [ $ENABLEUFW -eq 0 ]; then
echo "Skipping installation of UFW due to user request."
exit 0
fi
 
 
echo "Installing the simple to use packet filter firewall UFW ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install ufw
fi
 
 
echo
echo "Creating a standard ruleset ..."
if [ $DRYRUN -eq 0 ]; then
# Complete reset of an existing ruleset
ufw disable
ufw --force reset
 
# Enable standard ports for ssh, http and imap
ufw allow SSH
ufw allow WWW
ufw allow 'WWW Secure'
ufw allow IMAPS
 
# CIFS-Shares are restricted to the internal net
ufw allow from 192.168.178.0/24 to any app CIFS
 
# NFS-Shares are restricted to the internal net
ufw allow from 192.168.178.0/24 to any app NFS
ufw allow from 192.168.178.0/24 to any port 52535
ufw allow from 192.168.178.0/24 to any port 52536
ufw allow from 192.168.178.0/24 to any port 52537
 
# Multicasts of the Fritzbox
ufw allow from 192.168.178.1 to 224.0.0.1
 
# Childprotection of the FritzBox
ufw allow proto tcp from 192.168.178.1 to any port 14013
 
# Ubuntu und Debian send IPv6-packets
ufw allow from fe80:0000:0000:0000:a26a:af8b:543f:c3d3 to ff02:0000:0000:0000:0000:0000:0000:0001
ufw allow from fe80:0000:0000:0000:4261:86ff:fe03:8d53 to ff02:0000:0000:0000:0000:0000:0000:0001
 
# Enable the firewall and show the current state
ufw --force enable
ufw status numbered
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/04-wlan-bluetooth.sh
0,0 → 1,49
#!/bin/bash
 
##############################################################################
#
# Disable Bluetooth and WLAN
#
##############################################################################
 
 
#
# The service hciuart must be disabled because it needs Bluetooth
echo "Disabling daemon hciuart ..."
if [ $DRYRUN -eq 0 ]; then
systemctl disable hciuart
fi
 
 
echo
echo "Disabling Bluetooth and WLAN in the config files ..."
if [ $DRYRUN -eq 0 ]; then
cat >> /boot/config.txt << EOF
 
# Deactivate Bluetooth
# https://www.elektronik-kompendium.de/sites/raspberry-pi/2107031.htm
dtoverlay=pi3-disable-bt
EOF
 
cat >> /etc/modprobe.d/raspi-blacklist.conf << EOF
 
# Deactivate WLAN at boottime
blacklist brcmfmac
blacklist brcmutil
blacklist cfg80211
blacklist rfkill
# Deactivate Bluetooth at boottime
blacklist btbcm
blacklist hci_uart
EOF
fi
 
 
#
# Remove the Bluetooth software
echo
echo "Removing the bluetooth software from the system ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y purge pi-bluetooth
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/04-yubikey.sh
0,0 → 1,50
#!/bin/bash
#############################################################################
#
# Setting up the PAM module for the Yubikey
#
#############################################################################
 
#
# Should Yubikey protection be installed?
if [ -z "$YUBIKEYID" ]; then
echo "Skipping installation of Yubikey protection due to user request."
exit 0
fi
 
 
echo "Installing the PAM module for the Yubikey ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install libpam-yubico
fi
 
 
echo
echo "Creating file /etc/yubikey.conf ..."
if [ $DRYRUN -eq 0 ]; then
install -o root -g root -m 600 /dev/null /etc/yubikey.conf
echo "pi:$YUBIKEYTOKEN" >> /etc/yubikey.conf
fi
 
 
echo
echo "Modifying /etc/pam.d/common-auth ..."
if [ $DRYRUN -eq 0 ]; then
sed --in-place \
-e 's/^auth\s*\[success=1\s*default=ignore\].*/& try_first_pass/' \
/etc/pam.d/common-auth
fi
 
 
echo
echo "Modifying /etc/pam.d/sshd ..."
if [ $DRYRUN -eq 0 ]; then
chown root:root /etc/pam.d/sshd
chmod 660 /etc/pam.d/sshd
cp -a /etc/pam.d/sshd /tmp/yubi.tmp
cat - /tmp/yubi.tmp > /etc/pam.d/sshd << EOF
# Yubico OTP
auth required pam_yubico.so id=$YUBIKEYID key=$YUBIKEYKEY authfile=/etc/yubikey.conf debug
EOF
rm -f /tmp/yubi.tmp
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/05-backup.sh
0,0 → 1,59
#!/bin/bash
#############################################################################
#
# Backup
#
#############################################################################
 
echo "Installing rdiff-backup ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y --with-recommends install rdiff-backup
fi
 
 
echo
echo "Installing curlftpfs mount scheernet.de via ftp as a filesystem ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y --with-recommends install curlftpfs
fi
 
 
echo
echo "Creating config file for xbackup ..."
if [ $DRYRUN -eq 0 ]; then
install -o root -g root -m 660 files/xbackup.conf /etc/xbackup.conf
sed --in-place \
-e "s|^BACKUPDIR\s*|BACKUPDIR /backup/$NEWHOSTNAME|" \
/etc/xbackup.conf
fi
 
 
echo
echo "Adding tyical entries to the fstab ..."
if [ $DRYRUN -eq 0 ]; then
cat >> /etc/fstab << EOF
 
##################################################################
# Backup-Device per cryptmount einbinden
# Stick 1: e424d8dd-c381-4d3d-9d93-7c66bbe9bacf
# Stick 2: cbaf66d6-585b-43a0-a025-026058227a21
# Stick 3: 302a1787-d02d-4e92-9b4e-ba9e4430d0ec
# Stick 4: 739c66b3-801d-400a-a8e6-22b99126c851
##################################################################
#crypt: /dev/? /backup ext4 defaults,noatime,user,exec,credentials=/etc/backup.passphrase,mappername=backup,luksuuid=e424d8dd-c381-4d3d-9d93-7c66bbe9bacf:cbaf66d6-585b-43a0-a025-026058227a21:302a1787-d02d-4e92-9b4e-ba9e4430d0ec:739c66b3-801d-400a-a8e6-22b99126c851 0 0
EOF
fi
 
 
echo
echo "Creating needed password file /etc/backup.passphrase ..."
if [ $DRYRUN -eq 0 ]; then
install -o root -g root -m 600 files/backup.passphrase /etc/backup.passphrase
fi
 
 
echo
echo "Creating needed passhrase file /etc/ftp-scheernet.credentials ..."
if [ $DRYRUN -eq 0 ]; then
install -o root -g root -m 600 files/ftp-scheernet.credentials /etc/ftp-scheernet.credentials
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/05-fstab.sh
0,0 → 1,43
#!/bin/bash
#############################################################################
#
# Install needed fstab entries
#
#############################################################################
 
echo "Installing cryptsetup for handling encrypted LUKS devices ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install cryptsetup
fi
 
 
echo
echo "Adding tyical entries to the fstab ..."
if [ $DRYRUN -eq 0 ]; then
cat >> /etc/fstab << EOF
 
##################################################################
# Verschlüsselte Devices
# siehe /etc/crypttab
##################################################################
/dev/mapper/maxtor /media/Maxtor ext4 defaults,noauto,noatime,user,exec 0 0
EOF
fi
 
 
echo
echo "Adding tyical entries to the crypttab ..."
if [ $DRYRUN -eq 0 ]; then
cat >> /etc/crypttab << EOF
 
# <target> <source device> <key file> <options>
maxtor UUID=37e7fe74-a25b-489a-bc7f-a3d2ae598f98 /etc/maxtor.passphrase luks,noauto
EOF
fi
 
 
echo
echo "Creating needed password file /etc/maxtor.passphrase ..."
if [ $DRYRUN -eq 0 ]; then
install -o root -g root -m 600 files/maxtor.passphrase /etc/maxtor.passphrase
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/05-nfs.sh
0,0 → 1,60
#!/bin/bash
#############################################################################
#
# Install the NFS components
#
#############################################################################
 
 
echo "Installing the NFS components ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install nfs-kernel-server nfs-common rpcbind
fi
 
 
echo
echo "Configuring rpcbind to use the specific port 52535 ..."
if [ $DRYRUN -eq 0 ]; then
sed --in-place \
-e 's|^#*\s*RPCMOUNTDOPTS\s*=.*|RPCMOUNTDOPTS="--port 52535 --manage-gids"|' \
/etc/default/nfs-kernel-server
fi
 
 
echo
echo "Configuring the Lock daemon for the specific ports 52536 and 52537 ..."
if [ $DRYRUN -eq 0 ]; then
cat >> /etc/sysctl.conf << EOF
 
# Configuring the Lock daemon to specific ports
# https://wiki.debian.org/SecuringNFS
fs.nfs.nfs_callback_tcpport = 52536
fs.nfs.nlm_tcpport = 52537
fs.nfs.nlm_udpport = 52537
EOF
fi
 
 
echo
echo "Configuring /etc/rc.local ..."
if [ $DRYRUN -eq 0 ]; then
cat >> /etc/rc.local << EOF
 
# Workaround for Debian 8
# https://unix.stackexchange.com/questions/245709/view-current-kernel-parameters/245713
sysctl --system
systemctl restart rpcbind
systemctl restart nfs-kernel-server
EOF
 
sysctl --system
systemctl restart rpcbind
systemctl restart nfs-kernel-server
fi
 
 
echo
echo "Exporting the current configuration ..."
if [ $DRYRUN -eq 0 ]; then
exportfs -rav
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/06-samba.sh
0,0 → 1,57
#!/bin/bash
 
##############################################################################
#
# Installation of Samba
#
##############################################################################
 
 
#
# Should the Subversion client be installed?
if [ -z "$SAMBAPASS" ]; then
echo "Skipping installation of Samba client due to user request."
exit 0
fi
 
 
echo "Installing Samba ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install samba samba-common-bin
fi
 
 
echo
echo "Creating user and group 'cifsuser' ..."
if [ $DRYRUN -eq 0 ]; then
groupadd -g 800 cifsuser
useradd -c "Samba user" --home-dir /home/cifsuser --no-create-home \
-s /bin/false -g cifsuser -u 800 cifsuser
smbpasswd -s -a cifsuser << EOF
$SAMBAPASS
$SAMBAPASS
EOF
fi
 
 
echo
echo "Modifying /etc/samba/smb.conf ..."
if [ $DRYRUN -eq 0 ]; then
sed --in-place \
-e 's/\(\s*workgroup\s*=\)\s*.*$/\1 FRITZ.BOX/' \
/etc/samba/smb.conf
 
cat >> /etc/samba/smb.conf << EOF
 
[austausch]
comment = Allgemeiner Austausch von Daten
path = /data/austausch
guest ok = yes
writable = yes
read only = no
public = yes
force user = cifsuser
force create mode = 0660
force directory mode = 2770
EOF
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/06-subversion.sh
0,0 → 1,41
#!/bin/bash
 
##############################################################################
#
# Installation of Subversion
#
##############################################################################
 
 
#
# Should the Subversion client be installed?
if [ -z "$SVNHOST" ]; then
echo "Skipping installation of Subversion client due to user request."
exit 0
fi
 
 
#
# Install the software
echo "Installing subversion ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install subversion
fi
 
 
echo
echo "Checking out /usr/local/bin ..."
if [ $DRYRUN -eq 0 ]; then
cd /usr/local/bin
yes yes | svn checkout --username=$SVNUSER --password=$SVNPASS \
svn://$SVNHOST:3691/Scripte/usrlocalbin/trunk .
fi
 
 
echo
echo "Checking out /usr/local/sbin ..."
if [ $DRYRUN -eq 0 ]; then
cd /usr/local/sbin
yes yes | svn checkout --username=$SVNUSER --password=$SVNPASS \
svn://$SVNHOST:3691/Scripte/usrlocalsbin/trunk .
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/07-docker.sh
0,0 → 1,250
#!/bin/bash
#############################################################################
#
# Install Docker's server components
#
#############################################################################
 
 
#
# Should Docker be installed
if [ -z "$DOCKERPIPASS" ]; then
echo "Skipping installation of Docker due to user request."
exit 0
fi
 
 
#
# Install Docker via the method "Convenience script"
# https://docs.docker.com/install/linux/docker-ce/debian/
echo "Downloading Docker's installation script from https://get.docker.com ..."
if [ $DRYRUN -eq 0 ]; then
curl -fsSL https://get.docker.com -o /root/get-docker.sh
 
#
# Execute the downloaded script. Normally it's not a good idea to
# execute a just downloaded file, but in this case I've checked
# the script to not be evil ;-)
echo
sh /root/get-docker.sh
fi
 
 
#
# Install docker-compose (using the pip method)
# https://docs.docker.com/compose/install/#install-compose
echo
echo "Installing the tool \"pip\" for downloading and installing \"docker-compose\" ..."
if [ $DRYRUN -eq 0 ]; then
aptitude -y install python3-pip python-setuptools
fi
 
echo
echo "Now downloading and installing \"docker-compose\" ..."
if [ $DRYRUN -eq 0 ]; then
pip3 install wheel
pip3 install docker-compose
chmod 755 /usr/local/bin/docker-compose
fi
 
 
#
# This is a ugly workaround to make docker-compose accessable for
# every user. To be fixed sometimes later ...
cd /usr/local/lib/python2.7/dist-packages
chmod -R 755 *
 
 
#
# Definition of all accounts
DOCKER_SYSTEMUSER="
scheerdock:x:20000:20000:Docker administrator:/home/scheerdock:/bin/bash
duser1:x:20001:20001:Docker-User 1:/home/dckr-user1:/usr/sbin/nologin
duser2:x:20002:20002:Docker-User 2:/home/dckr-user2:/usr/sbin/nologin
duser3:x:20003:20003:Docker-User 3:/home/dckr-user3:/usr/sbin/nologin
dnginx:x:20100:20100:Docker nginx admin:/home/dckr-nginx:/usr/sbin/nologin
dphpfpm:x:20101:20101:PHP-FPM worker processes:/home/dckr-phpfpm:/usr/sbin/nologin
dmysql:x:20102:20102:mysql daemon:/home/dckr-mysql:/usr/sbin/nologin
ddovecot:x:20103:20103:Dovecot daemon:/home/dckr-dovecot:/usr/sbin/nologin
ddovenull:x:20104:20104:Dovecot daemon:/home/dckr-dovenull:/usr/sbin/nologin
dsvn:x:20105:20105:Subversion daemon:/home/dckr-svn:/usr/sbin/nologin
dsslh:x:20106:20106:SSLH daemon:/home/dckr-sslh:/usr/sbin/nologin
dproxy:x:20109:20109:Proxy admin:/home/dckr-proxy:/usr/sbin/nologin
dbatcheck:x:20110:20110:Batcheck User for scp:/home/dckr-batcheck:/bin/bash
"
 
#
# Create all accounts
echo
echo "Creating all needed user accounts ..."
if [ $DRYRUN -eq 0 ]; then
IFS="
"
for i in $(echo "$DOCKER_SYSTEMUSER"); do
name=$(echo "$i" | cut -d: -f1)
uid=$(echo "$i" | cut -d: -f3)
gid=$(echo "$i" | cut -d: -f4)
comment=$(echo "$i" | cut -d: -f5)
homedir=$(echo "$i" | cut -d: -f6)
shell=$(echo "$i" | cut -d: -f7)
echo " - Creating user and group \"$name\" ..."
groupadd -g $gid $name
 
if [ "$shell" == "/usr/sbin/nologin" ]; then
useradd -c "$comment" -d $homedir --no-create-home \
-g $gid -u $uid -s $shell $name
else
useradd -c "$comment" -d $homedir --create-home \
-g $gid -u $uid -s $shell $name
fi
 
#
# Add user scheerdock to any docker related group
# to ensure full file access.
if [ "$name" != "scheerdock" ]; then
adduser scheerdock $name
fi
done
fi
 
 
echo
echo "Setting password of user scheerdock ..."
if [ $DRYRUN -eq 0 ]; then
passwd scheerdock << EOF
$DOCKERPIPASS
$DOCKERPIPASS
EOF
fi
 
 
if [ ! -z "$BATCHECKPASS" ]; then
echo
echo "Setting password of user batcheck ..."
if [ $DRYRUN -eq 0 ]; then
passwd batcheck << EOF
$BATCHECKPASS
$BATCHECKPASS
EOF
fi
else
echo
echo "Deleting user dbatcheck, because no password is set."
if [ $DRYRUN -eq 0 ]; then
userdel --force --remove dbatcheck
groupdel --force dbatcheck
fi
fi
 
 
if [ ! -z "$YUBIKEYID" ]; then
echo
echo "Adding scheerdock to the Yubikey users ..."
if [ $DRYRUN -eq 0 ]; then
echo "scheerdock:$YUBIKEYTOKEN" >> /etc/yubikey.conf
fi
fi
 
 
#
# By adding the user scheerdock to the group docker, this user
# becomes the status of a docker administrator.
if [ $DRYRUN -eq 0 ]; then
adduser scheerdock docker
fi
 
 
echo
echo "Creating data directories ..."
if [ $DRYRUN -eq 0 ]; then
mkdir -p /data
chown root:root /data
chmod 755 /data
mkdir -p /data/docker
chown scheerdock:scheerdock /data/docker
chmod 755 /data/docker
mkdir -p /data/docker/private
chown scheerdock:scheerdock /data/docker/private
chmod 755 /data/docker/private
mkdir -p /data/docker/shared
chown scheerdock:scheerdock /data/docker/shared
chmod 755 /data/docker/shared
mkdir -p ~scheerdock/docker
chown scheerdock:scheerdock ~scheerdock/docker
chmod 755 ~scheerdock/docker
mkdir -p ~scheerdock/docker/conf
chown scheerdock:scheerdock ~scheerdock/docker/conf
chmod 755 ~scheerdock/docker/conf
mkdir -p ~scheerdock/docker/etc
chown scheerdock:scheerdock ~scheerdock/docker/etc
chmod 755 ~scheerdock/docker/etc
fi
 
 
echo
if [ -z "$SVNHOST" ]; then
echo "Skipping installation of basic tools for docker due to user request."
else
echo "Getting basic tools for docker from subversion server ..."
if [ $DRYRUN -eq 0 ]; then
su -c "cd ~scheerdock/docker;
yes yes | svn checkout --username=$SVNUSER --password=$SVNPASS svn://$SVNHOST/Docker/bin/trunk bin" \
scheerdock
install -o scheerdock -g scheerdock -m 600 /dev/null ~scheerdock/.dockercredentials
cat > ~scheerdock/.dockercredentials << EOF
DUSER=$DOCKERHUBUSER
DPASS=$DOCKERHUBPASS
DMAIL=$DOCKERHUBMAIL
EOF
cat >> ~scheerdock/.profile << EOF
 
# set PATH so it includes user's Docker bin if it exists
if [ -r "\$HOME/docker/bin/docker-env" ] ; then
. \$HOME/docker/bin/docker-env
fi
EOF
fi
fi
 
 
echo
echo "Adding tyical entries to scheerdock's crontab file ..."
if [ $DRYRUN -eq 0 ]; then
crontab -u scheerdock - << EOF
#00 1 * * * /home/pi/docker/bin/drun mariadb --backup > /data/docker/shared/batcheck/dailyjobs/mariadb.log 2>&1
#00 2 * * * /home/pi/docker/bin/drun dovecot --backup > /data/docker/shared/batcheck/dailyjobs/dovecot.log 2>&1
#00 3 * * * /home/pi/docker/bin/drun svn --backup > /data/docker/shared/batcheck/dailyjobs/svn.log 2>&1
#10 3 * * * /home/pi/docker/bin/drun mysvn --backup > /data/docker/shared/batcheck/dailyjobs/mysvn.log 2>&1
#00 5 * * * /home/pi/docker/bin/drun carddav2fb --run familie >> /data/docker/shared/batcheck/dailyjobs/carddav2fb.log 2>&1
#00 17 * * * /home/pi/docker/bin/drun carddav2fb --run familie > /data/docker/shared/batcheck/dailyjobs/carddav2fb.log 2>&1
#30 6 * * * /home/pi/docker/bin/drun batcheck > /tmp/dcronrun-batcheck.log 2>&1
#00 12 * * * /home/pi/docker/bin/drun letsencrypt scheernet.spdns.de > /data/docker/shared/batcheck/dailyjobs/letsencrypt.log 2>&1
EOF
fi
 
 
#
# Should UFW be installed?
if [ $ENABLEUFW -eq 1 ]; then
echo "Adding firewall rules."
if [ $DRYRUN -eq 0 ]; then
# https://docs.docker.com/network/overlay/#operations-for-all-overlay-networks
ufw allow proto tcp from 192.168.178.0/24 to any port 2377
ufw allow from 192.168.178.0/24 to any port 7946
ufw allow proto udp from 192.168.178.0/24 to any port 4789
fi
fi
 
 
 
#
# Setting user based forwarding
if [ $DRYRUN -eq 0 ]; then
if [ ! -z "$MAILHOST" -a -f $BASEDIR/files/mail.forward ]; then
echo
echo "Setting user based mail forwarding for user scheerdock ..."
install -o scheerdock -g scheerdock -m 644 \
$BASEDIR/files/mail.forward ~scheerdock/.forward
fi
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/files/aliases.sh
0,0 → 1,21
alias ll='ls -l'
alias lc='ls -c'
alias ..='cd ..'
alias old='cd $OLDPWD'
 
 
#
# If not already within a screen session, define the alias 'scr'
if [[ ! "$TERM" =~ ^screen* ]] && [[ ! -z "$SSH_CONNECTION" ]; then
alias scr='/usr/bin/screen -S sshscreen -c /etc/screen.user.rc -d -R -q'
fi
 
#
# Bash History mit Zeitstempel ausstatten
# Linux Magazin 12/2020
export HISTTIMEFORMAT="%F %T: "
 
# Problem mit Mauszeiger (funktioniert nur in einem kleinen Bereich zuverlaessig)
# http://communities.vmware.com/message/1458734#1458734
# VMWARE_USE_SHIPPED_GTK=yes; export VMWARE_USE_SHIPPED_GTK
 
/tags/20210113/app/scripts/raspberry/files/backup.passphrase
0,0 → 1,0
Enter_the_passphrase_of_your_encrypted_backup_device
/tags/20210113/app/scripts/raspberry/files/defaults
0,0 → 1,90
#!/bin/bash
##############################################################################
#
# Default for the installation of a docker host
#
##############################################################################
 
#
# Name of the logfile
LOGFILE="$BASEDIR/osfi_raspberry.log"
 
#
# Hostname of the Raspberry Pi
NEWHOSTNAME=""
 
#
# Password of the user 'pi'
PIPASS=""
 
#
# Password of the user 'scheerdock'
# (leave empty for disabling the installation of the Docker software)
DOCKERPIPASS=""
 
#
# Password of the user 'dbatcheck'. This user is only created
# when the Docker software is installed (DOCKERPIPASS != "").
# The password is only set, if not empty.
BATCHECKPASS=""
 
#
# Username on Docker Hub
DOCKERHUBUSER=""
 
#
# Password for the user on Docker Hub
DOCKERHUBPASS=""
 
#
# E-Mail address for the user on Docker Hub
DOCKERHUBMAIL=""
 
#
# Smarthost for mail delivery
# (leave empty for disabling the mail configuration)
MAILHOST=""
 
#
# Username of the user used to deliver mails
MAILUSER=""
 
#
# Password of the mail user
MAILPASS=""
 
#
# Hostname of the subversion server
# (leave empty for disabling the subversion configuration)
SVNHOST=""
 
#
# Subversion user
SVNUSER=""
 
#
# Password of the subversion user
SVNPASS=""
 
#
# Enabling (1) oder disabling (2) the installation of the
# firewall UFW.
ENABLEUFW=1
 
#
# Yubikey ID
# (leave empty for disabling the subversion configuration)
YUBIKEYID=""
 
#
# Key for the above defined Yubikey ID
YUBIKEYKEY=""
 
#
# Token used by the personal Yubikey
YUBIKEYTOKEN=""
 
#
# Password of the Samba user cifsuser
# (leave empty for disabling the installation of Samba)
SAMBAPASS=""
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20210113/app/scripts/raspberry/files/ftp-scheernet.credentials
0,0 → 1,2
FTPUSER=Enter_the_FTP-user
FTPPASS=Enter_the_password_of_your_FTP-user
/tags/20210113/app/scripts/raspberry/files/mail.aliases
0,0 → 1,15
# /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: dirk@scheernet.de
logcheck: root
/tags/20210113/app/scripts/raspberry/files/mail.forward
0,0 → 1,0
dirk@scheernet.de
/tags/20210113/app/scripts/raspberry/files/maxtor.passphrase
0,0 → 1,0
Passphrase_for_the_encrypted_MediaDevice
/tags/20210113/app/scripts/raspberry/files/vimrc.local
0,0 → 1,18
" Disable the mouse mode
set mouse=
set ttymouse=
 
 
" As default there's no indentation when inserting
" via cut'n paste (but this prevents auto-indentation).
" The behaviour can be toggled with <F3> (nopaste/paste).
set paste
set pastetoggle=<F3>
 
 
" Set propper indentation
set tabstop=2 " Tabwidth is 2
set expandtab " Tabs are expanded to blanks
set shiftwidth=2 " The identation is 2 chars
set autoindent " Set autoident on
set smartindent " It's a smart auto-identation
/tags/20210113/app/scripts/raspberry/files/xbackup.conf
0,0 → 1,78
##############################################################################
#
# Konfigurationsdatei für xbackup
#
# In den Preferences sind folgende Optionen erlaubt:
# BACKUPDIR Verzeichnis, in das gesichert wird** Dort müssen
# Unterverzeichnis linux**01, linux.02- ... existieren.
# LEVEL0s Kommaseparierte Liste der Verzeichnis, in denen eine
# Level-0-Sicherung erfolgen soll (1,5,10)***
# ASKLEVEL0 Bei einem "yes" wird vor einer Level-0-Sicherung eine
# Sicherheitsabfrage durchgeführt***
# COMPRESS Defaultmäßig soll komprimiert werden***
#
# Anschließend werden die zu sichernden Verzeichnis angegeben** Diese Verzeich-
# nisse werden mittels tar zu einem Archiv zusammengefasst und ggfls** mit gzip
# komprimiert** Eine Verzeichnisdefinition wird mit [] eingeleitet:
#
# [Verzeichnis:Level:Includes:Optionen]
# Verzeichnis Pfadangabe des zu sichernden Verzeichnisses***
# Level Kann entweder "0" oder aber "01" sein und gibt an,
# bei welchen Leveln das Verzeichnis mitgesichert wird***
# Dadurch kann eingestellt werden, dass einzelne
# Verzeichnisse nur bei der Level-0-Sicherung zu
# berücksichtigen sind***
# Includes Durch Leerzeichen getrennte Schlüsselwörter:
# all: Gibt an, dass alle Dateien des
# Verzeichnisses zu sichern sind** Die
# nachfolgend angegebenen Verzeichnis-
# und/oder Dateinamen werden von der
# Sicherung ausgenommen***
# selective Gibt an, dass nur ausgewählte Dateien
# gesichert werden sollen** Es werden nur
# die nachfolgend angegebenen Dateien
# gesichert***
# dont_compress Gibt an, dass die Dateien nicht
# komprimiert werden sollen (z**B. MP3s).
# only_newer Gibt an, dass bei Level-1-Sicherungen
# nur die Dateien gesichert werden, die
# seit der vorangegangen Sicherung ge-
# ändert wurden***
# Optionen Hier können zusätzliche Optionen für das find-
# Kommando angegeben werden** Sinnig ist z.B. -mount,
# um den Übergriff auf darunter gemountete Verzeichnisse
# zu verhindern (man find)***
##############################################################################
 
[Preferences]
BACKUPDIR /backup/HOSTNAME
 
[/bin]
 
[/boot]
 
[/data]
- **/austausch/**
 
[/etc]
 
[/home]
 
[/lib]
 
[/opt]
 
[/root]
 
[/run]
 
[/sbin]
 
[/srv]
 
[/tmp]
 
[/usr]
 
[/var]
- **/lib/docker/**
/tags/20210113/app/scripts/raspberry/raspberry.sh
0,0 → 1,622
#!/bin/bash
##############################################################################
#
# Master script for installing additional software on a Raspbian based
# host
#
##############################################################################
 
#
# This script must be run as root!
if [ "$LOGNAME" != "root" ]; then
echo "This script must be run as root - please try a sudo ..."
exit 1
fi
 
 
#
# Defintion of the short options for getopt
SOPTS=hd
 
#
# Defintion of the long options for getopt
LOPTS=help,dry-run
 
#
# Parse available options
PARSED=$(getopt --options=$SOPTS --longoptions=$LOPTS --name "$0" -- "$@") || exit 2
eval set -- "$PARSED"
 
 
#
# Set some variables
CMD=""
DRYRUN=0; export DRYRUN
 
 
#
# Now evaluate all options until --
while true; do
case "$1" in
-h | --help)
echo "Usage: $(basename $0) [OPTION]..."
echo "Installing additional software on a Raspberry Pi."
echo
echo "Mandatory arguments to long options are mandatory for short options too."
echo "-h, --help Show this help."
echo "-d, --dry-run Don't do anything. Only show, what would be done."
exit 0
;;
-d | --dry-run)
DRYRUN=1
shift 1
;;
--)
shift
break
;;
*)
echo "This line cannot be reached. This must be a programming error. Exiting" 1>&2
exit 3
;;
esac
done
 
 
#
# The real installation of software must be run by root.
# A simulation (--dry-run) can be run by any user.
if [ "$(id -u)" != "0" -a $DRYRUN -eq 0 ]; then
echo "This script must be run as user root."
exit 1
fi
 
 
#
# Setting variables and export them to make them accessable for
# subsequent scripts
BASEDIR=$(pwd); export BASEDIR
LOGFILE=""; export LOGFILE
NEWHOSTNAME=""; export NEWHOSTNAME
PIPASS=""; export PIPASS
DOCKERPIPASS=""; export DOCKERPIPASS
DOCKERHUBUSER=""; export DOCKERHUBUSER
DOCKERHUBPASS=""; export DOCKERHUBPASS
DOCKERHUBMAIL=""; export DOCKERHUBMAIL
BATCHECKPASS=""; export BATCHECKPASS
MAILHOST=""; export MAILHOST
MAILUSER=""; export MAILUSER
MAILPASS=""; export MAILPASS
SVNHOST=""; export SVNHOST
SVNUSER=""; export SVNUSER
SVNPASS=""; export SVNPASS
ENABLEUFW=1; export ENABLEUFW
YUBIKEYID=""; export YUBIKEYID
YUBIKEYKEY=""; export YUBIKEYKEY
YUBIKEYTOKEN=""; export YUBIKEYTOKEN
SAMBAPASS=""; export SAMBAPASS
 
 
#
# If a file "defaults" exists, this can override the above definitions.
if [ -r "$BASEDIR/files/defaults" ]; then
. $BASEDIR/files/defaults
fi
 
 
#
# Show the user a configuration menu.
start=0
while [ $start -eq 0 ]; do
clear
echo
echo "######################################################################"
echo "#"
echo "# Configuration options"
echo "#"
echo "######################################################################"
 
echo
if [ -z "$LOGFILE" ]; then
echo "1) Logfile : Must be set!"
else
echo "1) Logfile : $LOGFILE"
fi
 
echo
if [ -z "$NEWHOSTNAME" ]; then
echo "2) Hostname : Must be set!"
else
echo "2) Hostname : $NEWHOSTNAME"
fi
 
echo
if [ -z "$PIPASS" ]; then
echo "3) Password for the user pi : Must be set!"
else
echo "3) Password for the user pi : ***"
fi
 
echo
if [ -z "$DOCKERPIPASS" ]; then
echo "4) Installation of Docker : Disabled"
else
echo "41) Password for the user scheerdock : ***"
if [ -z "$DOCKERHUBUSER" ]; then
echo "42) Docker Hub username : Must be set!"
else
echo "42) Docker Hub username : $DOCKERHUBUSER"
fi
if [ -z "$DOCKERHUBPASS" ]; then
echo "43) Docker Hub password : Must be set!"
else
echo "43) Docker Hub password : ***"
fi
if [ -z "$DOCKERHUBMAIL" ]; then
echo "44) Docker Hub E-Mail address : Must be set!"
else
echo "44) Docker Hub E-Mail address : $DOCKERHUBMAIL"
fi
if [ -z "$BATCHECKPASS" ]; then
echo "45) Password for the user batcheck : Disabled"
else
echo "45) Password for the user batcheck : ***"
fi
fi
 
echo
if [ -z "$MAILHOST" ]; then
echo "5) Smarthost for mail delivery : Disabled"
else
echo "51) Smarthost for mail delivery : $MAILHOST"
if [ -z "$MAILUSER" ]; then
echo "52) Mail username : Must be set!"
else
echo "52) Mail username : $MAILUSER"
fi
if [ -z "$MAILPASS" ]; then
echo "53) Mail password : Must be set!"
else
echo "53) Mail password : ***"
fi
fi
 
echo
if [ -z "$SVNHOST" ]; then
echo "6) Subversion client : Disabled"
else
echo "61) Subversion server : $SVNHOST"
if [ -z "$SVNUSER" ]; then
echo "62) Subversion username : Must be set!"
else
echo "62) Subversion username : $SVNUSER"
fi
if [ -z "$SVNPASS" ]; then
echo "63) Subversion password : Must be set!"
else
echo "63) Subversion password : ***"
fi
fi
 
echo
if [ $ENABLEUFW -eq 0 ]; then
echo "7) Firewall UFW : Disabled"
else
echo "7) Firewall UFW : Enabled"
fi
 
echo
if [ -z "$YUBIKEYID" ]; then
echo "8) Yubikey protection : Disabled"
else
echo "81) Yubikey ID : $YUBIKEYID"
if [ -z "$YUBIKEYKEY" ]; then
echo "82) Yubikey Key : Must be set!"
else
echo "82) Yubikey Key : $YUBIKEYKEY"
fi
if [ -z "$YUBIKEYTOKEN" ]; then
echo "83) Yubikey Token : Must be set!"
else
echo "83) Yubikey Token : $YUBIKEYTOKEN"
fi
fi
 
echo
if [ -z "$SAMBAPASS" ]; then
echo "9) Installation of Samba : Disabled"
else
echo "9) Samba password for user cifsuser : ***"
fi
 
if [ ! -z "$LOGFILE" \
-a ! -z "$NEWHOSTNAME" \
-a ! -z "$PIPASS" \
-a \( -z "$DOCKERPIPASS" -o \( ! -z "$DOCKERPIPASS" -a ! -z "$DOCKERHUBUSER" -a ! -z "$DOCKERHUBPASS" -a ! -z "$DOCKERHUBMAIL" \) \) \
-a \( -z "$MAILHOST" -o \( ! -z "$MAILHOST" -a ! -z "$MAILUSER" -a ! -z "$MAILPASS" \) \) \
-a \( -z "$SVNHOST" -o \( ! -z "$SVNHOST" -a ! -z "$SVNUSER" -a ! -z "$SVNPASS" \) \) \
-a \( -z "$YUBIKEYID" -o \( ! -z "$YUBIKEYID" -a ! -z "$YUBIKEYKEY" -a ! -z "$YUBIKEYTOKEN" \) \) \
]; then
echo
echo
echo "G) OK, let's go ..."
isOK=1
else
isOK=0
fi
 
echo
echo "######################################################################"
echo
echo -n "Please choose an option to set: "
read answer
echo
 
 
case $answer in
1)
echo -n "Please enter the name of the logfile: "
read input
if [ ! -z "$input" ]; then
if [[ $input =~ ^/.* ]]; then
input="$input"
else
input="$BASEDIR/$input"
fi
touch "$input" 2>/dev/null
if [ $? -eq 0 ]; then
LOGFILE=$input
rm -f $input
else
echo "The logfile cannot be opened for writing - please try again."
sleep 3
fi
fi
;;
2)
echo -n "Please enter the hostname: "
read input
if [ ! -z "$input" ]; then
if [[ $input =~ ^[a-zA-Z0-9\.\-]*$ ]]; then
NEWHOSTNAME=$input
else
echo "The hostname can contain only the characters a-z, A-Z, 0-9 and (.-) - please try again."
sleep 3
fi
fi
;;
3)
echo -n "Please enter the password of the user 'pi': "
read -s pass1 && echo
if [ -z "$pass1" ]; then
PIPASS=""
else
echo -n "Please reenter the password of the user 'pi': "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
PIPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
;;
4 | 41)
echo -n "Please enter the password of the user 'scheerdock': "
read -s pass1 && echo
if [ -z "$pass1" ]; then
DOCKERPIPASS=""
DOCKERHUBUSER=""
DOCKERHUBPASS=""
DOCKERHUBMAIL=""
else
echo -n "Please reenter the password of the user 'scheerdock': "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
DOCKERPIPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
;;
42)
if [ ! -z "$DOCKERPIPASS" ]; then
echo -n "Please enter the user for the Docker Hub: "
read DOCKERHUBUSER
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
43)
if [ ! -z "$DOCKERPIPASS" ]; then
echo -n "Please enter the password of the Docker Hub user: "
read -s pass1 && echo
if [ -z "$pass1" ]; then
DOCKERHUBPASS=""
else
echo -n "Please reenter the password of the Docker Hub user: "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
DOCKERHUBPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
44)
if [ ! -z "$DOCKERPIPASS" ]; then
echo -n "Please enter the E-Mail address for the Docker Hub user: "
read DOCKERHUBMAIL
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
45)
if [ ! -z "$DOCKERPIPASS" ]; then
echo -n "Please enter the password of the batcheck user: "
read -s pass1 && echo
if [ -z "$pass1" ]; then
BATCHECKPASS=""
else
echo -n "Please reenter the password of the batcheck user: "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
BATCHECKPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
5 | 51)
echo -n "Please enter the name of the smarthost for mail delivery: "
read input
if [ -z "$input" ]; then
MAILHOST=""
MAILUSER=""
MAILPASS=""
else
if [[ $input =~ ^[a-zA-Z0-9\.\-]*$ ]]; then
MAILHOST=$input
else
echo "The hostname can contain only the characters a-z, A-Z, 0-9 and (.-) - please try again."
sleep 3
fi
fi
;;
52)
if [ ! -z "$MAILHOST" ]; then
echo -n "Please enter the user for mail delivery: "
read MAILUSER
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
53)
if [ ! -z "$MAILHOST" ]; then
echo -n "Please enter the password of the mail user: "
read -s pass1 && echo
if [ -z "$pass1" ]; then
MAILPASS=""
else
echo -n "Please reenter the password of the mail user: "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
MAILPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
6 | 61)
echo -n "Please enter the hostname for subversion: "
read input
if [ -z "$input" ]; then
SVNHOST=""
SVNUSER=""
SVNPASS=""
else
if [[ $input =~ ^[a-zA-Z0-9\.\-]*$ ]]; then
SVNHOST=$input
else
echo "The hostname can contain only the characters a-z, A-Z, 0-9 and (.-) - please try again."
sleep 3
fi
fi
;;
62)
if [ ! -z "$SVNHOST" ]; then
echo -n "Please enter the user for subversion: "
read SVNUSER
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
63)
if [ ! -z "$SVNHOST" ]; then
echo -n "Please enter the password of the subversion user: "
read -s pass1 && echo
if [ -z "$pass1" ]; then
SVNPASS=""
else
echo -n "Please reenter the password of the subversion user: "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
SVNPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
7)
if [ "$ENABLEUFW" -eq 0 ]; then
ENABLEUFW=1
else
ENABLEUFW=0
fi
;;
8 | 81)
echo -n "Please enter the Yubikey ID: "
read input
if [ -z "$input" ]; then
YUBIKEYID=""
YUBIKEYKEY=""
YUBIKEYTOKEN=""
else
if [[ $input =~ ^[0-9]*$ ]]; then
YUBIKEYID=$input
else
echo "The Yubikey ID can contain only digits - please try again."
sleep 3
fi
fi
;;
82)
if [ ! -z "$YUBIKEYID" ]; then
echo -n "Please enter the key for the Yubikey ID: "
read YUBIKEYKEY
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
83)
if [ ! -z "$YUBIKEYID" ]; then
echo -n "Please enter the the Yubikey Token: "
read YUBIKEYTOKEN
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
9)
echo -n "Please enter the password of the user 'cifsuser': "
read -s pass1 && echo
if [ -z "$pass1" ]; then
SAMBAPASS=""
else
echo -n "Please reenter the password of the user 'cifsuser': "
read -s pass2 && echo
if [ "$pass1" == "$pass2" ]; then
SAMBAPASS="$pass1"
else
echo "The passwords do not match - please try again."
sleep 3
fi
fi
;;
g | G)
if [ $isOK -eq 1 ]; then
start=1
else
echo "Unknown option '$answer' - please try again."
sleep 3
fi
;;
*)
echo "Unknown option '$answer' - please try again."
sleep 3
;;
esac
 
done
 
 
# Start logging of all output (stdout and stderr)
# https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time
# - >(...) starts the process ... and returns a file representing its
# standard input.
# - exec &> ... redirects both standard output and standard error into ...
# for the remainder of the script (use just exec > ... for stdout only).
# - tee -a appends its standard input to the file, and also prints it
# to the screen.
exec &> >(tee "$LOGFILE")
 
echo "######################################################################"
echo "#"
echo "# Summary of configuration options"
echo "#"
echo "######################################################################"
echo "Hostname : $NEWHOSTNAME"
if [ -z "$DOCKERPIPASS" ]; then
echo "Installation of Docker : Disabled"
else
echo "Installation of Docker : Enabled"
echo "User on Docker Hub : $DOCKERHUBUSER"
echo "E-Mail address on Docker Hub : $DOCKERHUBMAIL"
if [ -z "BATCHECKPASS" ]; then
echo "Creating user dbatcheck : Diabled"
else
echo "Creating user dbatcheck : Enabled"
fi
fi
if [ -z "$MAILHOST" ]; then
echo "Smarthost for mail delivery : Disabled"
else
echo "Smarthost for mail delivery : $MAILHOST"
echo "User for mail delivery : $MAILUSER"
fi
if [ -z "$SVNHOST" ]; then
echo "Subversion client : Disabled"
else
echo "Subversion server : $SVNHOST"
echo "Subversion user : $SVNUSER"
fi
if [ $ENABLEUFW -eq 0 ]; then
echo "Firewall UFW : Disabled"
else
echo "Firewall UFW : Enabled"
fi
if [ -z "$YUBIKEYID" ]; then
echo "Yubikey protection : Disabled"
else
echo "Yubikey ID : $YUBIKEYID"
echo "Yubikey Key : $YUBIKEYKEY"
echo "Yubikey Token : $YUBIKEYTOKEN"
fi
if [ -z "$SAMBAPASS" ]; then
echo "Installation of Samba : Disabled"
else
echo "Installation of Samba : Enabled"
fi
 
 
#
# Execute all scripts in alphabetical order
for script in [0-9]*.sh; do
echo
echo
echo "######################################################################"
echo "#"
echo "# Running script \"$script\""
echo "#"
echo "######################################################################"
echo
eval ./$script
echo
echo
done
Property changes:
Added: svn:executable
+*
\ No newline at end of property