diff --git a/ubuntu-20.04/apps/bind9/bind9.sh b/ubuntu-20.04/apps/bind9/bind9.sh new file mode 100644 index 0000000..6a1bbc6 --- /dev/null +++ b/ubuntu-20.04/apps/bind9/bind9.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +apt install -y bind9 + +if [ -f "/etc/iptables/rules.v4" ]; then + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # DNS' /etc/iptables/rules.v4 + iptables-restore /etc/iptables/rules.v4 +fi diff --git a/ubuntu-20.04/apps/iperf3/iperf3.sh b/ubuntu-20.04/apps/iperf3/iperf3.sh new file mode 100644 index 0000000..78ee00e --- /dev/null +++ b/ubuntu-20.04/apps/iperf3/iperf3.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +apt install -y iperf3 + +if [ -f "/etc/iptables/rules.v4" ]; then + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # IPERF' /etc/iptables/rules.v4 + iptables-restore /etc/iptables/rules.v4 +fi diff --git a/ubuntu-20.04/apps/zimbra-10-zpush/zimbra-10-zpush.sh b/ubuntu-20.04/apps/zimbra-10-zpush/zimbra-10-zpush.sh new file mode 100644 index 0000000..a8483f9 --- /dev/null +++ b/ubuntu-20.04/apps/zimbra-10-zpush/zimbra-10-zpush.sh @@ -0,0 +1,197 @@ +#!/bin/bash + +ZPUSHVER="2.7.1" +ZPUSHVER=$(whiptail --title "Z-Push version" --inputbox "" 0 30 "${ZPUSHVER}" 3>&1 1>&2 2>&3) +TIMEZONE="Europe\/Zurich" +TIMEZONE=$(whiptail --title "Default timezone" --inputbox "" 0 30 "${TIMEZONE}" 3>&1 1>&2 2>&3) +BACKENDVER=71 +BACKENDVER=$(whiptail --title "Backend version" --inputbox "" 0 30 "${BACKENDVER}" 3>&1 1>&2 2>&3) +ZIMBRAURL="https://test.mbx.netm.ch" +ZIMBRAURL=$(whiptail --title "Zimbra URL" --inputbox "" 0 30 "${ZIMBRAURL}" 3>&1 1>&2 2>&3) +APACHE2PORT=4433 +APACHE2PORT=$(whiptail --title "Apache SSL Port" --inputbox "" 0 30 "${APACHE2PORT}" 3>&1 1>&2 2>&3) + +main() { + inst_dep + inst_z-push "${ZPUSHVER}" "${TIMEZONE}" + inst_z-push-update + inst_z-push-backend "${BACKENDVER}" "${ZIMBRAURL}" + inst_z-push-backend-update + conf_apache2 + conf_logrotate +} + +inst_dep() { + apt -y install php php-cli php-soap php-mbstring php-curl php-intl php-fpm + mkdir /var/lib/z-push + mkdir /var/log/z-push + mkdir /var/www/z-push +} + +inst_z-push() { # $1=version $2=timezone + cd || exit 1 + wget -O z-push.tar.gz https://github.com/Z-Hub/Z-Push/archive/refs/tags/"${1}".tar.gz + tar xzvf z-push.tar.gz + cp -r Z-Push-"${1}"/src/* /var/www/z-push + rm z-push.tar.gz + rm -r Z-Push-"${1}" + # Config + sed -i "s/'TIMEZONE', ''/'TIMEZONE', '${2}'/" /var/www/z-push/config.php + sed -i "s/'BACKEND_PROVIDER', ''/'BACKEND_PROVIDER', 'BackendZimbra'/" /var/www/z-push/config.php +} + +inst_z-push-update() { + cat << 'EOF' > /usr/local/bin/mtm-zpushupdate +show_help() { + echo "mtm-zpushupdate version" + echo "" + echo "Example :" + echo "mtm-zpushupdate 2.7.1" + echo "Look at :" + echo "https://github.com/Z-Hub/Z-Push/releases" +} + +if [ "${1}" == "" ]; then + show_help + exit 1 +fi + +cd || exit 1 +wget -O z-push.tar.gz https://github.com/Z-Hub/Z-Push/archive/refs/tags/"${1}".tar.gz +tar xzvf z-push.tar.gz +mv /var/www/z-push /var/www/z-push.upd +mkdir /var/www/z-push +cp -r Z-Push-"${1}"/src/* /var/www/z-push +mv /var/www/z-push/config.php /var/www/z-push/config.php.new +mv /var/www/z-push.upd/config.php /var/www/z-push/ +mv /var/www/z-push.upd/backend/zimbra /var/www/z-push/backend/ +# chown -R www-data:www-data /var/www/z-push +systemctl restart apache2.service +rm -r /var/www/z-push.upd +rm z-push.tar.gz +rm -r Z-Push-"${1}" +diff /var/www/z-push/config.php /var/www/z-push/config.php.new +EOF + chmod 755 /usr/local/bin/mtm-zpushupdate +} + +inst_z-push-backend() { # $1=version $2=zimbraurl + cd || exit 1 + wget https://sourceforge.net/projects/zimbrabackend/files/Release"${1}"/zimbra"${1}".tgz/download + tar -xf download + cp -r zimbra"${1}" /var/www/z-push/backend/zimbra + rm download + rm -r zimbra"${1}" + # Config + sed -i "/define('ZIMBRA_URL', 'https:\/\/127.0.0.1');/a \ define('ZIMBRA_URL', '${2}');" /var/www/z-push/backend/zimbra/config.php +} + +inst_z-push-backend-update() { + cat << 'EOF' > /usr/local/bin/mtm-zpushbackendupdate +show_help() { + echo "mtm-zpushbackendupdate version" + echo "" + echo "Example :" + echo "mtm-zpushbackendupdate 71" + echo "Look at :" + echo "https://sourceforge.net/projects/zimbrabackend/files" +} + +if [ "${1}" == "" ]; then + show_help + exit 1 +fi + +cd || exit 1 +wget https://sourceforge.net/projects/zimbrabackend/files/Release"${1}"/zimbra"${1}".tgz/download +tar -xf download +mv /var/www/z-push/backend/zimbra /var/www/z-push/backend/zimbra.upd +cp -r zimbra"${1}" /var/www/z-push/backend/zimbra +mv /var/www/z-push/backend/zimbra/config.php /var/www/z-push/backend/zimbra/config.php.new +mv /var/www/z-push/backend/zimbra.upd/config.php /var/www/z-push/backend/zimbra/config.php +# chown -R www-data:www-data /var/www/z-push/backend/zimbra +systemctl restart apache2.service +rm -r /var/www/z-push/backend/zimbra.upd +rm download +rm -r zimbra"${1}" +diff /var/www/z-push/backend/zimbra/config.php /var/www/z-push/backend/zimbra/config.php.new +EOF + chmod 755 /usr/local/bin/mtm-zpushbackendupdate +} + +conf_apache2() { + chown -R www-data:www-data /var/lib/z-push + chown -R www-data:www-data /var/log/z-push + # chown -R www-data:www-data /var/www/z-push + a2dissite 000-default.conf + a2enmod ssl + a2enmod proxy_fcgi setenvif + a2enconf php7.4-fpm + + cat << EOF > /etc/apache2/ports.conf + + Listen ${APACHE2PORT} + + + Listen ${APACHE2PORT} + +EOF + + cat << EOF > /etc/apache2/sites-available/z-push.conf + + + ServerAdmin admin@mtm.lan + ServerName 127.0.0.1 + + # Indexes + Directory Root. + DirectoryIndex index.php + DocumentRoot /var/www/z-push/ + Alias /Microsoft-Server-ActiveSync /var/www/z-push/index.php + AliasMatch (?i)/Autodiscover/Autodiscover.xml /var/www/z-push/autodiscover/autodiscover.php + + + Require all granted + #AllowOverride None + + + php_flag magic_quotes_gpc off + php_flag register_globals off + php_flag magic_quotes_runtime off + php_flag short_open_tag on + + # Logfiles + ErrorLog /var/log/z-push/error.log + CustomLog /var/log/z-push/access.log combined + + # SSL + SSLEngine on + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + + +EOF + a2ensite z-push.conf + systemctl restart apache2.service +} + +conf_logrotate() { + cat << EOF > /etc/logrotate.d/z-push +/var/log/z-push/*.log { + daily + missingok + rotate 14 + compress + delaycompress + notifempty +} +EOF +} + +main + +# iptables +if [ -f "/etc/iptables/rules.v4" ]; then + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport '"${APACHE2PORT}"' -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Z-PUSH' /etc/iptables/rules.v4 + iptables-restore /etc/iptables/rules.v4 +fi diff --git a/ubuntu-20.04/apps/zimbra-10/zimbra-10.sh b/ubuntu-20.04/apps/zimbra-10/zimbra-10.sh new file mode 100644 index 0000000..af53a71 --- /dev/null +++ b/ubuntu-20.04/apps/zimbra-10/zimbra-10.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +MTMZMBUILDER="http://10.80.70.167" +MTMZMBUILDER=$(whiptail --title "ZM Builder URL" --inputbox "" 0 30 "${MTMZMBUILDER}" 3>&1 1>&2 2>&3) +ZIMBRAVER=10.0.5 +ZIMBRAVER=$(whiptail --title "Zimbra version" --inputbox "" 0 30 "${ZIMBRAVER}" 3>&1 1>&2 2>&3) + +DNSIP=$(grep "nameserver " /etc/resolv.conf | awk -F ' ' '{print $2}') +FQDN=$(hostname -A) + +apt -y remove postfix +apt -y autoremove + +mkdir v"${ZIMBRAVER}" +cd v"${ZIMBRAVER}" || exit 1 +wget "${MTMZMBUILDER}"/zcs-"${ZIMBRAVER}".tgz +tar xf zcs-*.tgz +cd "$(ls -d ./*/)" || exit 1 +systemctl disable systemd-resolved.service +systemctl stop systemd-resolved.service +./install.sh +cd || exit 1 +sed -i "s/127.0.0.1/${DNSIP}/" /etc/resolv.conf +sudo -u zimbra bash -c "/opt/zimbra/bin/zmprov mcf zimbraPublicServiceHostname ${FQDN}" +sudo -u zimbra bash -c "/opt/zimbra/bin/zmprov mcf zimbraPublicServicePort 443" + +cat << 'EOF' > /usr/local/bin/mtm-zmupdate +#!/bin/bash +MTMZMBUILDER=${1} +ZIMBRAVER=${2} + +show_help() { + echo "mtm-zmupdate zmbuilder zmversion" + echo "" + echo "Example :" + echo "mtm-zmupdate https://x.x.x.x 10.0.5" +} + +if [ "${MTMZMBUILDER}" == "" ] || [ "${ZIMBRAVER}" == "" ]; then + show_help + exit 1 +fi + +cd || exit 1 +mkdir v"${ZIMBRAVER}" +cd v"${ZIMBRAVER}" || exit 1 +wget "${MTMZMBUILDER}"/zcs-"${ZIMBRAVER}".tgz +tar xf zcs-*.tgz +cd "$(ls -d ./*/)" || exit 1 +./install.sh + +cd || exit 1 +EOF +chmod 755 /usr/local/bin/mtm-zmupdate + +apt update +apt -y dist-upgrade + +if [ -f "/etc/iptables/rules.v4" ]; then + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 7071 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4 + sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # ZIMBRA' /etc/iptables/rules.v4 + iptables-restore /etc/iptables/rules.v4 +fi diff --git a/ubuntu-20.04/init.sh b/ubuntu-20.04/init.sh index bcced01..01840ea 100644 --- a/ubuntu-20.04/init.sh +++ b/ubuntu-20.04/init.sh @@ -100,11 +100,6 @@ NetCleanUpSystemdResolved() { APTSetProxy() { proxy="" - if [ "${IPV4:0:9}" == "10.80.80." ]; then - proxy="http://10.80.80.5:8080/" - elif [ "${IPV4:0:6}" == "10.80." ]; then - proxy="http://10.80.70.5:8080/" - fi proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 if [ "$?" = "0" ]; then @@ -138,19 +133,21 @@ APTInstallBase() { options+=("clevis-net" "" off) sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) # shellcheck disable=SC2181 - if [ "$?" = "0" ]; then + # shellcheck disable=SC2001 + if [ "$?" = "0" ]; then pkg="" for itm in ${sel}; do case ${itm} in '"iptables-persistent"') - pkg="${pkg} $(echo ${itm} | sed 's/"//g')" + pkg="${pkg} $(echo "${itm}" | sed 's/"//g')" IPTablesPostInstall;; '"clevis-net"') pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";; *) - pkg="${pkg} $(echo ${itm} | sed 's/"//g')";; + pkg="${pkg} $(echo "${itm}" | sed 's/"//g')";; esac done + # shellcheck disable=SC2086 apt install -y ${pkg} for itm in ${sel}; do case ${itm} in @@ -227,10 +224,11 @@ ClevisNetInit() { done IFS=$IFS_ORIG DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) + # shellcheck disable=SC2181 if [ "$?" = "0" ]; then TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3) if [ "$?" = "0" ]; then - clevis luks bind -d ${DEV} tang "{\"url\": \"${TANGURL}\"}" + clevis luks bind -d "${DEV}" tang "{\"url\": \"${TANGURL}\"}" systemctl enable clevis-luks-askpass.path fi fi @@ -258,6 +256,7 @@ InstApps() { options+=("zimbra-10-zpush" "Need zimbra 10" off) options+=("misc-apps" "..." off) sel=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) + # shellcheck disable=SC2181 if [ "$?" = "0" ]; then for itm in ${sel}; do case ${itm//\"/} in @@ -266,9 +265,9 @@ InstApps() { archived-apps) InstArchivedApps;; *) - cd /tmp - wget matmoul.ch/inst/ubuntu-20.04/${itm//\"/}.sh - bash ./${itm//\"/}.sh;; + cd /tmp || exit + wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh + bash ./"${itm//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";; esac done fi @@ -278,27 +277,28 @@ InstMiscApps() { options+=("bind9" "" off) options+=("iperf3" "" off) sel=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3) + # shellcheck disable=SC2181 if [ "$?" = "0" ]; then for itm in ${sel}; do - cd /tmp - wget matmoul.ch/inst/ubuntu-20.04/${itm//\"/}.sh - bash ./${itm//\"/}.sh + cd /tmp || exit + wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh + bash ./"${itm//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}" done fi } Reboot() { - if $(whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3); then + if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then reboot fi } while [ ${#} -gt 0 ]; do - case ${1} in + case ${1} in --help) showHelp; exit 0;; -b | --base-url) BASE_URL="${2}"; shift;; *) shift;; - esac + esac done Main