External-Mirrors/nextcloudpi
2
0
Fork 0
mirror of https://github.com/nextcloud/nextcloudpi.git synced 2026-01-10 15:12:01 -03:30
Code Issues Packages Projects Releases Wiki Activity

nextcloudpi-config and dnsmasq

Browse Source
This commit is contained in:
nachoparker 2017-03-08 16:27:16 +01:00
parent d29894b4ee
commit 6ac7c787be
9 changed files with 347 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
batch.sh Executable file
View File

@ -0,0 +1,35 @@
#!/bin/bash
# Batch creation of NextCloudPi image
# Tested with 2017-01-11-raspbian-jessie.img (and lite)
#
# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
# GPL licensed (see end of file) * Use at your own risk!
#
# Usage:
#
INSTALL_SCRIPT=$1 # First argument is the script to be run inside Raspbian
IMGFILE=$2 # Second argument is the image file to start from ( empty for online installation )
./install-nextcloud.sh $IP
NO_CONFIG=1 ./installer.sh fail2ban.sh $IP $IMG
NO_CONFIG=1 NO_CFG_STEP=1 ./installer.sh no-ip.sh $IP $IMG
NO_CONFIG=1 NO_CFG_STEP=1 ./installer.sh dnsmasq.sh $IP $IMG
# License
#
# This script is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This script is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this script; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place, Suite 330,
# Boston, MA 02111-1307 USA

79
dnsmasq.sh Executable file
View File

@ -0,0 +1,79 @@
#!/bin/bash
# dnsmasq DNS server with cache installation on Raspbian
# Tested with 2017-01-11-raspbian-jessie.img (and lite)
#
# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
# GPL licensed (see end of file) * Use at your own risk!
#
# Usage:
#
# ./installer.sh dnsmasq.sh <IP> (<img>)
#
# See installer.sh instructions for details
#
DOMAIN_=mycloud.ownyourbits.com
IP_=127.0.0.1
DNSSERVER_=8.8.8.8
CACHESIZE_=150
DESCRIPTION="DNS server with cache"
install()
{
apt-get update
apt-get install -y dnsmasq
update-rc.d dnsmasq disable
}
configure()
{
cat > /etc/dnsmasq.conf <<EOF
domain-needed # Never forward plain names (without a dot or domain part)
bogus-priv # Never forward addresses in the non-routed address spaces.
no-poll # Don't poll for changes in /etc/resolv.conf
no-resolv # Don't use /etc/resolv.conf or any other file
cache-size=$CACHESIZE_
server=$DNSSERVER_
address=/$DOMAIN_/$IP_ # This is optional if we add it to /etc/hosts
EOF
cat >> /etc/hosts <<EOF
$IP_ $DOMAIN_ # This is optional if we add it to dnsmasq.conf, but doesn't harm
EOF
cat >> /etc/default/dnsmasq <<EOF
IGNORE_RESOLVCONF=yes
EOF
update-rc.d dnsmasq defaults
service dnsmasq start
cd /var/www/nextcloud
sudo -u www-data php occ config:system:set trusted_domains 2 --value=$DOMAIN_
}
cleanup()
{
apt-get autoremove -y
apt-get clean
rm /var/lib/apt/lists/* -r
rm -f /home/pi/.bash_history
systemctl disable ssh
}
# License
#
# This script is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This script is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this script; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place, Suite 330,
# Boston, MA 02111-1307 USA

73
fail2ban.sh
View File

@ -7,41 +7,44 @@
# GPL licensed (see end of file) * Use at your own risk!
#
# Usage:
# cat install-fail2ban.sh | ssh pi@$IP
#
# ./installer.sh fail2ban.sh <IP> (<img>)
#
# , or scp this file to a Raspberry Pi and run it from Raspbian
# See installer.sh instructions for details
#
# ./fail2ban.sh
#
# See the variables on the top of the script for tweaking
set -xe
# location of Nextcloud logs
NCLOG_=/var/www/nextcloud/data/nextcloud.log
sudo su
# time to ban an IP that exceeded attempts
BANTIME_=600
NCLOG_=/var/www/nextcloud/data/nextcloud.log # location of Nextcloud logs
BANTIME_=600 # time to ban an IP that exceeded attempts
FINDTIME_=600 # cooldown time for incorrect passwords
MAXRETRY_=6 # bad attempts before banning an IP
# cooldown time for incorrect passwords
FINDTIME_=600
set -xe
# bad attempts before banning an IP
MAXRETRY_=6
DESCRIPTION="Brute force protection"
# INSTALLATION
##########################################
install()
{
apt-get update
apt-get install fail2ban -y
#update-rc.d fail2ban disable
}
apt-get update
apt-get install fail2ban -y
configure()
{
touch /var/www/nextcloud/data/nextcloud.log
chown -R www-data /var/www/nextcloud/data
touch /var/www/nextcloud/data/nextcloud.log
chown -R www-data /var/www/nextcloud/data
cd /var/www/nextcloud
sudo -u www-data php occ config:system:set loglevel --value=2
sudo -u www-data php occ config:system:set log_type --value=file
sudo -u www-data php occ config:system:set logfile --value=$NCLOG_
cd /var/www/nextcloud
sudo -u www-data php occ config:system:set loglevel --value=2
sudo -u www-data php occ config:system:set log_type --value=file
sudo -u www-data php occ config:system:set logfile --value=$NCLOG_
cat > /etc/fail2ban/filter.d/nextcloud.conf <<'EOF'
cat > /etc/fail2ban/filter.d/nextcloud.conf <<'EOF'
[INCLUDES]
before = common.conf
@ -51,7 +54,7 @@ ignoreregex =
EOF
cat > /etc/fail2ban/jail.conf <<EOF
cat > /etc/fail2ban/jail.conf <<EOF
# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.
[DEFAULT]
@ -104,16 +107,18 @@ filter = nextcloud
logpath = $NCLOG_
maxretry = $MAXRETRY_
EOF
#update-rc.d fail2ban defaults
#service fail2ban start
}
# CLEANUP
##########################################
apt-get autoremove -y
apt-get clean
rm /var/lib/apt/lists/* -r
rm -f /home/pi/.bash_history
systemctl disable ssh
halt
cleanup()
{
apt-get autoremove -y
apt-get clean
rm /var/lib/apt/lists/* -r
rm -f /home/pi/.bash_history
systemctl disable ssh
}
# License
#

2
installer.sh
View File

@ -42,7 +42,7 @@ if [[ "$IMGFILE" != "" ]]; then
launch_install_qemu "$IMGFILE" $IP || exit 1
pack_image "$IMGFILE" "$IMGOUT"
else
launch_installation $IP
launch_installation_online $IP
fi

62
library.sh
View File

@ -8,7 +8,7 @@
IMGOUT=$( basename $IMGFILE .img )_$( basename $INSTALL_SCRIPT .sh ).img
CFGOUT=config_$( basename $INSTALL_SCRIPT .sh ).txt
DBG=x
function launch_install_qemu()
{
@ -29,7 +29,7 @@ function launch_install_qemu()
launch_qemu $IMGFILE &
sleep 10
wait_SSH $IP
launch_installation $IP
launch_installation_qemu $IP || return 1
wait
NUM_REBOOTS=$(( NUM_REBOOTS-1 ))
done
@ -82,12 +82,42 @@ function wait_SSH()
function launch_installation()
{
local IP=$1
[[ "$INSTALLATION_CODE" == "" ]] && { echo "Need to run config first"; return 1; }
[[ "$INSTALLATION_CODE" == "" ]] && { echo "Need to run config first" ; return 1; }
[[ "$INSTALLATION_STEPS" == "" ]] && { echo "No installation instructions"; return 1; }
local PREINST_CODE="
set -e$DBG
sudo su
set -e$DBG
"
echo "Launching installation"
echo -e "$INSTALLATION_CODE" | ssh_pi $IP || echo "SSH to $IP failed"
echo -e "$PREINST_CODE\n$INSTALLATION_CODE\n$INSTALLATION_STEPS" | ssh_pi $IP || { echo "Installation to $IP failed" && return 1; }
echo "configuration saved to $CFGOUT"
}
function launch_installation_qemu()
{
local IP=$1
[[ "$NO_CFG_STEP" != "1" ]] && local CFG_STEP=configure
local INSTALLATION_STEPS="
install
$CFG_STEP
cleanup
nohup halt &>/dev/null &
"
launch_installation $IP
}
function launch_installation_online()
{
local IP=$1
[[ "$NO_CFG_STEP" != "1" ]] && local CFG_STEP=configure
local INSTALLATION_STEPS="
install
$CFG_STEP
"
launch_installation $IP
}
# Initializes $INSTALLATION_CODE
function config()
{
@ -103,28 +133,23 @@ function config()
[[ "$NO_CONFIG" == "1" ]] || test ${#VARS[@]} -eq 0 && { INSTALLATION_CODE="$( cat "$INSTALL_SCRIPT" )"; return; }
for i in `seq 1 1 ${#VARS[@]} `; do
local PARAM+="${VARS[$((i-1))]} $i 1 ${VALS[$((i-1))]} $i 15 30 0 "
local PARAM+="${VARS[$((i-1))]} $i 1 ${VALS[$((i-1))]} $i 15 60 0 "
done
local DIALOG_OK=0
local DIALOG_CANCEL=1
local DIALOG_HELP=2
local DIALOG_EXTRA=3
local DIALOG_ITEM_HELP=4
local DIALOG_ERROR=254
local DIALOG_ESC=255
local RET=0
while test $RET != 1 && test $RET != 250; do
exec 3>&1
local value
value=$( dialog --ok-label "Start" \
--backtitle "$BACKTITLE" \
--form "Enter the desired configuration" \
20 50 0 $PARAM \
2>&1 1>&3 )
--form "$( basename "$INSTALL_SCRIPT" .sh ) Enter the desired configuration" \
20 70 0 $PARAM \
3>&1 1>&2 2>&3 )
RET=$?
exec 3>&-
case $RET in
$DIALOG_CANCEL)
@ -161,14 +186,6 @@ function config()
;;
esac
;;
$DIALOG_HELP)
echo "Button 2 (Help) pressed."
return 1
;;
$DIALOG_EXTRA)
echo "Button 3 (Extra) pressed."
return 1
;;
$DIALOG_ERROR)
echo "ERROR!$value"
return 1
@ -185,8 +202,7 @@ function config()
done
INSTALLATION_CODE="$( sed $SEDRULE "$INSTALL_SCRIPT" )"
echo -e "$CONFIG" > $CFGOUT
clear
[[ "$CFGOUT" != "" ]] && echo -e "$CONFIG" > "$CFGOUT"
}
function pack_image()

6
nextcloud.sh
View File

@ -38,9 +38,7 @@ if [ "$STATE" == "" ]; then
##########################################
SECTOR=$( fdisk -l /dev/sda | grep Linux | awk '{ print $2 }' )
set +e
echo -e "d\n2\nn\np\n2\n$SECTOR\n\nw\n" | fdisk /dev/sda
set -e
echo -e "d\n2\nn\np\n2\n$SECTOR\n\nw\n" | fdisk /dev/sda || true
echo 0 > $STATE_FILE
reboot
@ -64,7 +62,7 @@ elif [ "$STATE" == "1" ]; then
##########################################
echo "deb http://mirrordirector.raspbian.org/raspbian/ stretch main contrib non-free rpi" >> /etc/apt/sources.list
cat > /etc/apt/preferences <<EOF
cat > /etc/apt/preferences <<EOF
Package: *
Pin: release n=jessie
Pin-Priority: 600

65
nextcloudpi-config Executable file
View File

@ -0,0 +1,65 @@
#!/bin/bash
# NextCloudPi software configuration
# Tested with 2017-01-11-raspbian-jessie.img (and lite)
#
# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
# GPL licensed (see end of file) * Use at your own risk!
#
# Usage:
# sudo nextcloudpi-config
#
CONFDIR=/usr/local/etc/nextcloudpi-config.d/
source $CONFDIR/library
function nextcloud-config()
{
local DIALOG_OK=0
local LIST=()
for item in $CONFDIR/*.sh; do
local DESC="$( grep "DESCRIPTION=" $item | sed 's|^DESCRIPTION=||' )"
LIST+=( $( basename $item .sh ) "$DESC" off )
done
local script
script=$( dialog --backtitle "NextCloudPi configuration" \
--radiolist "Select program to configure and activate:" 20 80 10 \
"${LIST[@]}" \
3>&1 1>&2 2>&3 )
[[ $? -ne $DIALOG_OK ]] || [[ "$script" == "" ]] && return 1
(
cd $CONFDIR
config $script.sh || return 1 # writes "$INSTALLATION_CODE"
echo -e "$INSTALLATION_CODE" > $script.sh # save configuration
source ./$script.sh # load configuration
set +x
configure
)
}
if [ $(id -u) -ne 0 ]; then
printf "Must be run as root. Try 'sudo $0'\n"
exit 1
fi
nextcloud-config
# License
#
# This script is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This script is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this script; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place, Suite 330,
# Boston, MA 02111-1307 USA

58
nextcloudpi-config.sh Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
# nextcloudpi-config installation on Raspbian
# Tested with 2017-01-11-raspbian-jessie.img (and lite)
#
# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
# GPL licensed (see end of file) * Use at your own risk!
#
# Usage:
#
# ./installer.sh nextcloudpi-config.sh <IP> (<img>)
#
# See installer.sh instructions for details
#
CONFDIR=/usr/local/etc/nextcloudpi-config.d/
install()
{
apt-get update
apt-get install -y dialog
mkdir -p $CONFDIR
chown pi $CONFDIR # TODO
# scp dnsmasq.sh no-ip.sh pi@192.168.0.130:/usr/local/etc/nextcloudpi-config.d
# scp library nextcloudpi-config pi@192.168.0.130:/usr/local/bin/
}
configure()
{
echo nothin
}
cleanup()
{
apt-get autoremove -y
apt-get clean
rm /var/lib/apt/lists/* -r
rm -f /home/pi/.bash_history
systemctl disable ssh
}
# License
#
# This script is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This script is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this script; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place, Suite 330,
# Boston, MA 02111-1307 USA

63
no-ip.sh
View File

@ -7,38 +7,27 @@
# GPL licensed (see end of file) * Use at your own risk!
#
# Usage:
# cat no-ip.sh | ssh pi@$IP
#
# ./installer.sh no-ip.sh <IP> (<img>)
#
# , or scp this file to a Raspberry Pi and run it from Raspbian
# See installer.sh instructions for details
#
# ./no-ip.sh
#
# Notes:
# Note that you need internet access for the installation to register with no-ip.org
#
set -xe
sudo su
USER_=my-noip-user@email.com
PASS_=noip-pass
TIME_=30
DESCRIPTION="free Dynamic DNS provider (need account)"
set -xe
install()
{
mkdir /tmp/noip && cd /tmp/noip
wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
tar vzxf noip-duc-linux.tar.gz
cd -; cd $OLDPWD/noip-*
make
cp noip2 /usr/local/bin/
# INSTALLATION
##########################################
mkdir /tmp/noip && cd /tmp/noip
wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
tar vzxf noip-duc-linux.tar.gz
cd noip-*
sed -i "31s=^.*$=\t/usr/local/bin/noip2 -C -c /tmp/no-ip2.conf -U $TIME_ -u $USER_ -p $PASS_=" Makefile
make
make install
cat > /etc/init.d/noip2 <<'EOF'
cat > /etc/init.d/noip2 <<'EOF'
#! /bin/sh
# /etc/init.d/noip2
@ -52,19 +41,25 @@ cat > /etc/init.d/noip2 <<'EOF'
### END INIT INFO
EOF
cat debian.noip2.sh >> /etc/init.d/noip2
cat debian.noip2.sh >> /etc/init.d/noip2
chmod +x /etc/init.d/noip2
update-rc.d noip2 defaults
cd
rm -r /tmp/noip
chmod +x /etc/init.d/noip2
cd -
rm -r /tmp/noip
}
# CLEANUP
##########################################
configure()
{
/usr/local/bin/noip2 -C -c /usr/local/etc/no-ip2.conf -U $TIME_ -u $USER_ -p $PASS_
update-rc.d noip2 defaults
service noip2 start
}
rm -f /home/pi/.bash_history
systemctl disable ssh
halt
cleanup()
{
rm -f /home/pi/.bash_history
systemctl disable ssh
}
# License
#