dbxe
/
fusionpbx-install.sh
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

installation script for OS Devuan (#95) 

* adding devuan

* add devaun desc to README
make update and upgrade more noisy
correct path for devuan in pre-install

* some untested code for the source install - source installation is broken in Debian installation script and I have not debugged the problem. Focusing on the packaged version first.
This commit is contained in:
Simon Walter 2017-05-10 03:58:43 +09:00 committed by FusionPBX
parent 765d325149
commit 4bb4d099c0
49 changed files with 2722 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -12,6 +12,15 @@ It supports the latest video dependencies. If you want to do video mixing use De
wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/debian/pre-install.sh | sh
cd /usr/src/fusionpbx-install.sh/debian && ./install.sh
```
### Devuan
If you like Debian but rather not bother with systemd, Devuan is a "drop in" replacement.
Version 1 is bassed on Jessie. So you will find the same packages available.
Please note that the source installation and installation on ARM is not fully tested.
```sh
wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/devuan/pre-install.sh | sh
cd /usr/src/fusionpbx-install.sh/devuan && ./install.sh
```
### FreeBSD
FreeBSD is an operating system that has many great features like ZFS, HAST, CARP and more.

2
debian/resources/postgres.sh vendored
View File

@ -17,7 +17,7 @@ password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64)
#install message
echo "Install PostgreSQL and create the database and users\n"
#use the system database repo for arm
#use the sip247 database repo for arm
if [ .$cpu_architecture = .'arm' ]; then
database_repo="sip247"
fi

56
devuan/install.sh Executable file
View File

@ -0,0 +1,56 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./resources/config.sh
. ./resources/colors.sh
. ./resources/environment.sh
#Update to latest packages
verbose "Update installed packages"
#apt-get upgrade && apt-get update -y --force-yes
# --force-yes is dangerous as per the man page. Lets use -y
apt-get -q update && apt-get -q --assume-yes upgrade
#Add dependencies
apt-get install -q -y lsb-release sudo
#IPTables
resources/iptables.sh
#FusionPBX
resources/fusionpbx.sh
#NGINX web server
resources/nginx.sh
#PHP
resources/php.sh
#FreeSWITCH
resources/switch.sh
#Fail2ban
resources/fail2ban.sh
#Optional CLI SIP monitoring tool
resources/sngrep.sh
#Postgres
resources/postgres.sh
#restart services
if [ ."$php_version" = ."5" ]; then
service php5-fpm restart
fi
if [ ."$php_version" = ."7" ]; then
service php7.0-fpm restart
fi
service nginx restart
service fail2ban restart
#add the database schema, user and groups
resources/finish.sh

13
devuan/pre-install.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/sh
#upgrade the packages
apt-get -q update && apt-get upgrade -y
#install git
apt-get install -y git
#get the install script
cd /usr/src && git clone https://github.com/fusionpbx/fusionpbx-install.sh.git
#change the working directory
cd /usr/src/fusionpbx-install.sh/devuan

48
devuan/resources/arguments.sh Executable file
View File

@ -0,0 +1,48 @@
#!/bin/sh
#Process command line options only if we haven't been processed once
if [ -z "$CPU_CHECK" ]; then
export script_name=`basename "$0"`
ARGS=$(getopt -n '$script_name' -o h -l help,use-switch-source,use-switch-package-all,use-switch-master,use-switch-package-unofficial-arm,use-php5-package,use-system-master,no-cpu-check -- "$@")
if [ $? -ne 0 ]; then
error "Failed parsing options."
exit 1
fi
export USE_SWITCH_SOURCE=false
export USE_SWITCH_PACKAGE_ALL=false
export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=false
export USE_PHP5_PACKAGE=false
export USE_SWITCH_MASTER=false
export USE_SYSTEM_MASTER=false
export CPU_CHECK=true
HELP=false
while true; do
case "$1" in
--use-switch-source ) export USE_SWITCH_SOURCE=true; shift ;;
--use-switch-package-all ) export USE_SWITCH_PACKAGE_ALL=true; shift ;;
--use-switch-master ) export USE_SWITCH_MASTER=true; shift ;;
--use-system-master ) export USE_SYSTEM_MASTER=true; shift ;;
--use-php5-package ) export USE_PHP5_PACKAGE=true; shift ;;
--use-switch-package-unofficial-arm ) export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=true; export USE_PHP5_PACKAGE=true; shift ;;
--no-cpu-check ) export CPU_CHECK=false; shift ;;
-h | --help ) HELP=true; shift ;;
-- ) shift; break ;;
* ) break ;;
esac
done
if [ .$HELP = .true ]; then
warning "Debian installer script"
warning " --use-switch-source will use freeswitch from source rather than ${green}(default:packages)"
warning " --use-switch-package-all if using packages use the meta-all package"
warning " --use-switch-package-unofficial-arm if your system is arm and you are using packages, use the unofficial arm repo and force php5* packages"
warning " --use-php5-package use php5* packages instead of ${green}(default:php7.0)"
warning " --use-switch-master will use master branch/packages for the switch instead of ${green}(default:stable)"
warning " --use-system-master will use master branch/packages for the system instead of ${green}(default:stable)"
warning " --no-cpu-check disable the cpu check ${green}(default:check)"
exit;
fi
fi

27
devuan/resources/backup/fusionpbx-backup.sh Executable file
View File

@ -0,0 +1,27 @@
#!/bin/sh
export PGPASSWORD="zzz"
db_host=127.0.0.1
db_port=5432
now=$(date +%Y-%m-%d)
mkdir -p /var/backups/fusionpbx/postgresql
echo "Backup Started"
#delete postgres backups
find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;
#delete the main backup
find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm {} \;
#backup the database
pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
#package
tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch
#source
#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf
echo "Backup Completed"

53
devuan/resources/backup/fusionpbx-maintenance.sh Executable file
View File

@ -0,0 +1,53 @@
#!/bin/sh
#settings
#export PGPASSWORD="zzzzz"
db_host=127.0.0.1
db_port=5432
switch_package=true # true or false
#set the date
now=$(date +%Y-%m-%d)
#make sure the directory exists
mkdir -p /var/backups/fusionpbx/postgresql
#show message to the console
echo "Maintenance Started"
#delete freeswitch logs older 7 days
if [ .$switch_package = .true ]; then
find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;
else
find /usr/local/freeswitch/log/freeswitch.log.* -mtime +7 -exec rm {} \;
fi
#delete fax older than 90 days
if [ .$switch_package = .true ]; then
echo ".";
#find /var/lib/freeswitch/storage/fax/* -name '*.tif' -mtime +90 -exec rm {} \;
#find /var/lib/freeswitch/storage/fax/* -name '*.pdf' -mtime +90 -exec rm {} \;
else
echo ".";
#find /usr/local/freeswitch/storage/fax/* -name '*.tif' -mtime +90 -exec rm {} \;
#find /usr/local/freeswitch/storage/fax/* -name '*.pdf' -mtime +90 -exec rm {} \;
fi
#delete from the database
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '90 days'"
#delete voicemail older than 90 days
if [ .$switch_package = .true ]; then
echo ".";
#find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
else
echo ".";
#find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +90 -exec rm {} \;
#find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
fi
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"
#delete call detail records older 90 days
#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"
#completed message
echo "Maintenance Completed";

25
devuan/resources/colors.sh Executable file
View File

@ -0,0 +1,25 @@
#!/bin/sh
verbose () {
echo "${green}$1${normal}"
}
error () {
echo "${red}$1${normal}"
}
warning () {
echo "${yellow}$1${normal}"
}
# check for color support
if test -t 1; then
# see if it supports colors...
ncolors=$(tput colors)
if test -n "$ncolors" && test $ncolors -ge 8; then
normal="$(tput sgr0)"
red="$(tput setaf 1)"
green="$(tput setaf 2)"
yellow="$(tput setaf 3)"
fi
fi

18
devuan/resources/config.sh Executable file
View File

@ -0,0 +1,18 @@
# FusionPBX Settings
system_username=admin # default username admin
system_password=random # random or as a pre-set value
system_branch=stable # master, stable
# FreeSWITCH Settings
switch_branch=stable # master, stable
switch_source=false # true or false
switch_package=true # true or false
# Database Settings
database_password=random # random or as a pre-set value
database_repo=system # PostgresSQL official, system, 2ndquadrant
database_backup=false # true or false
# General Settings
php_version=7 # PHP version 5 or 7

79
devuan/resources/environment.sh Executable file
View File

@ -0,0 +1,79 @@
#!/bin/sh
#operating system details
os_name=$(lsb_release -is)
os_codename=$(lsb_release -cs)
os_mode='unknown'
#cpu details
cpu_name=$(uname -m)
cpu_architecture='unknown'
cpu_mode='unknown'
if [ .$cpu_name = .'armv7l' ]; then
# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
os_mode='32'
cpu_mode='32'
cpu_architecture='arm'
elif [ .$cpu_name = .'armv8l' ]; then
# No test case for armv8l
os_mode='unknown'
cpu_mode='64'
cpu_architecture='arm'
elif [ .$cpu_name = .'i386' ]; then
os_mode='32'
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
cpu_mode='64'
else
cpu_mode='32'
fi
cpu_architecture='x86'
elif [ .$cpu_name = .'i686' ]; then
os_mode='32'
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
cpu_mode='64'
else
cpu_mode='32'
fi
cpu_architecture='x86'
elif [ .$cpu_name = .'x86_64' ]; then
os_mode='64'
if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
cpu_mode='64'
else
cpu_mode='32'
fi
cpu_architecture='x86'
fi
if [ .$cpu_architecture = .'arm' ]; then
if [ .$os_mode = .'32' ]; then
verbose "Correct CPU and Operating System detected, using the ARM repo"
elif [ .$os_mode = .'64' ]; then
error "You are using a 64bit arm OS this is unsupported"
switch_source=true
switch_package=false
else
error "Unknown OS mode $os_mode this is unsupported"
switch_source=true
switch_package=false
fi
elif [ .$cpu_architecture = .'x86' ]; then
if [ .$os_mode = .'32' ]; then
error "You are using a 32bit OS this is unsupported"
if [ .$cpu_mode = .'64' ]; then
warning " Your CPU is 64bit you should consider reinstalling with a 64bit OS"
fi
switch_source=true
switch_package=false
elif [ .$os_mode = .'64' ]; then
verbose "Correct CPU and Operating System detected"
else
error "Unknown Operating System mode $os_mode is unsupported"
switch_source=true
switch_package=false
fi
else
error "You are using a unsupported architecture $cpu_architecture"
exit 3
fi

34
devuan/resources/fail2ban.sh Executable file
View File

@ -0,0 +1,34 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Installing Fail2ban"
#add the dependencies
apt-get -q -y install fail2ban
#move the filters
cp fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf
cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
cp fail2ban/freeswitch-404.conf /etc/fail2ban/filter.d/freeswitch-404.conf
cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
cp fail2ban/jail.local /etc/fail2ban/jail.local
#update config if source is being used
if [ .$switch_source = .true ]; then
sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
fi
/usr/sbin/service fail2ban restart
# missing log file will show error

27
devuan/resources/fail2ban/freeswitch-404.conf Executable file
View File

@ -0,0 +1,27 @@
# Fail2Ban configuration file
# inbound route - 404 not found
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
#[hostname] variable doesn't seem to work in every case. Do this instead:
failregex = 404 not found <HOST>
#EXECUTE sofia/external/8888888888888@example.fusionpbx.com log([inbound routes] 404 not found 82.68.115.62)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

21
devuan/resources/fail2ban/freeswitch-dos.conf Executable file
View File

@ -0,0 +1,21 @@
# Fail2Ban configuration file
#
# Author: soapee01
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

20
devuan/resources/fail2ban/freeswitch-ip.conf Executable file
View File

@ -0,0 +1,20 @@
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#2014-12-01 00:47:54.331821 [WARNING] sofia_reg.c:2752 Can't find user [1000@xxx.xxx.xxx.xxx] from 62.210.151.162
failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

18
devuan/resources/fail2ban/freeswitch.conf Executable file
View File

@ -0,0 +1,18 @@
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

25
devuan/resources/fail2ban/fusionpbx.conf Executable file
View File

@ -0,0 +1,25 @@
# Fail2Ban configuration file
#
# Author: soapee01
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
#[hostname] variable doesn't seem to work in every case. Do this instead:
failregex = .* FusionPBX: \[<HOST>\] authentication failed for
= .* FusionPBX: \[<HOST>\] provision attempt bad password for
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

113
devuan/resources/fail2ban/jail.local Executable file
View File

@ -0,0 +1,113 @@
[freeswitch-udp]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
maxretry = 5
findtime = 600
bantime = 600
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
[freeswitch-tcp]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
maxretry = 5
findtime = 600
bantime = 600
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
#[freeswitch-ip-tcp]
#enabled = true
#port = 5060,5061,5080,5081
#protocol = all
#filter = freeswitch-ip
#logpath = /var/log/freeswitch/freeswitch.log
#action = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp]
#maxretry = 1
#findtime = 30
#bantime = 86400
#[freeswitch-ip-udp]
#enabled = true
#port = 5060,5061,5080,5081
#protocol = all
#filter = freeswitch-ip
#logpath = /var/log/freeswitch/freeswitch.log
#action = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp]
#maxretry = 1
#findtime = 30
#bantime = 86400
[freeswitch-dos-udp]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch-dos
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-dos-udp, port="5060,5061,5080,5081", protocol=udp]
maxretry = 50
findtime = 30
bantime = 6000
[freeswitch-dos-tcp]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch-dos
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-dos-tcp, port="5060,5061,5080,5081", protocol=tcp]
maxretry = 50
findtime = 30
bantime = 6000
[freeswitch-404]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch-404
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-allports[name=freeswitch-404, protocol=all]
maxretry = 3
findtime = 300
bantime = 86400
[fusionpbx]
enabled = true
port = 80,443
protocol = tcp
filter = fusionpbx
logpath = /var/log/auth.log
action = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp]
# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
maxretry = 10
findtime = 600
bantime = 600
[nginx-404]
enabled = true
port = 80,443
protocol = tcp
filter = nginx-404
logpath = /var/log/nginx/access*.log
bantime = 600
findtime = 60
maxretry = 120
[nginx-dos]
# Based on apache-badbots but a simple IP check (any IP requesting more than
# 240 pages in 60 seconds, or 4p/s average, is suspicious)
# Block for two full days.
enabled = true
port = 80,443
protocol = tcp
filter = nginx-dos
logpath = /var/log/nginx/access*.log
findtime = 60
bantime = 172800
maxretry = 240

5
devuan/resources/fail2ban/nginx-404.conf Executable file
View File

@ -0,0 +1,5 @@
# Fail2Ban configuration file
#
[Definition]
failregex = <HOST> - - \[.*\] "(GET|POST).*HTTP[^ ]* 404
ignoreregex =

14
devuan/resources/fail2ban/nginx-dos.conf Executable file
View File

@ -0,0 +1,14 @@
# Fail2Ban configuration file
[Definition]
# Option: failregex
# Notes.: Regexp to catch a generic call from an IP address.
# Values: TEXT
#
failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

147
devuan/resources/finish.sh Executable file
View File

@ -0,0 +1,147 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#database details
database_host=127.0.0.1
database_port=5432
database_username=fusionpbx
if [ .$database_password = .'random' ]; then
database_password="$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 20 | xargs)"
fi
verbose "Create the database and users"
#
# Install the database backup
#
cp backup/fusionpbx-backup.sh /etc/cron.daily
chmod 755 /etc/cron.daily/fusionpbx-backup.sh
sed -i "s/zzz/${database_password}/g" /etc/cron.daily/fusionpbx-backup.sh
#
# Move to /tmp to prevent a red herring error when running sudo with psql
#
cwd=$(pwd)
cd /tmp
#
# I'm not sure why we would do this when the databases don't exist yet.
#
#sudo -u postgres psql -d fusionpbx -c "DROP SCHEMA public cascade;";
#sudo -u postgres psql -d fusionpbx -c "CREATE SCHEMA public;";
sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
#
# Maybe the freeswitch will use the freeswitch database in the future?
# Right now it's configured to use SQLite.
# So we will comment this out.
#
#sudo -u postgres psql -c "CREATE DATABASE freeswitch;";
#sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
#sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
#sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
cd $cwd
#add the config.php
mkdir -p /etc/fusionpbx
chown -R www-data:www-data /etc/fusionpbx
cp fusionpbx/config.php /etc/fusionpbx
sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:'
sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:"
#add the database schema
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1
#get the server hostname
#domain_name=$(hostname -f)
#get the ip address
domain_name=$(hostname -I | cut -d ' ' -f1)
#get a domain_uuid
domain_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
#allow the script to use the new password
export PGPASSWORD=$database_password
#add the domain name
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');"
#app defaults - this is needed here otherwise group superadmin will not exist for "get the superadmin group_uuid" *
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
#add the user
user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
user_name=$system_username
if [ .$system_password = .'random' ]; then
user_password="$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 12 | xargs)"
else
user_password=$system_password
fi
password_hash=$(php -r "echo md5('$user_salt$user_password');");
psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');"
#get the superadmin group_uuid *
group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -t -c "select group_uuid from v_groups where group_name = 'superadmin';");
group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')
#add the user to the group
group_user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
group_name=superadmin
psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_group_users (group_user_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$group_user_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
#update xml_cdr url, user and password
xml_cdr_username=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
xml_cdr_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:127.0.0.1:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:"
sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:"
#app defaults - not sure if this needs to be executed again
cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
/usr/sbin/service freeswitch restart
#welcome message
echo ""
echo ""
verbose "Installation has completed."
echo ""
echo " Use a web browser to login."
echo " domain name: https://$domain_name"
echo " username: $user_name"
echo " password: $user_password"
echo ""
echo " The domain name in the browser is used by default as part of the authentication."
echo " If you need to login to a different domain then use username@domain."
echo " username: $user_name@$domain_name";
echo ""
echo " Official FusionPBX Training"
echo " Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com."
echo " Available online and in person. Includes documentation and recording."
echo ""
echo " Additional information."
echo " https://fusionpbx.com/support.php"
echo " https://www.fusionpbx.com"
echo " http://docs.fusionpbx.com"
echo ""

31
devuan/resources/fusionpbx.sh Executable file
View File

@ -0,0 +1,31 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Installing FusionPBX"
#install dependencies
apt-get install -qq -y git dbus haveged ssl-cert
apt-get install -qq -y ghostscript libtiff5-dev libtiff-tools
if [ .$system_branch = "master" ]; then
verbose "Using master"
branch=""
else
system_major=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1)
system_minor=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $system_major.* | cut -d/ -f3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2)
system_version=$system_major.$system_minor
verbose "Using version $system_version"
branch="-b $system_version"
fi
#get the source code
git clone $branch https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx
chown -R www-data:www-data /var/www/fusionpbx
chmod -R 755 /var/www/fusionpbx/secure

45
devuan/resources/fusionpbx/config.php Executable file
View File

@ -0,0 +1,45 @@
<?php
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2016
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
//set the database type
$db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection
//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here.
//$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename
//$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable
//pgsql: database connection information
$db_host = 'localhost'; //set the host only if the database is not local
$db_port = '5432';
$db_name = 'fusionpbx';
$db_username = '{database_username}';
$db_password = '{database_password}';
//show errors
ini_set('display_errors', '1');
//error_reporting (E_ALL); // Report everything
//error_reporting (E_ALL ^ E_NOTICE); // hide notices
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings

49
devuan/resources/iptables.sh Executable file
View File

@ -0,0 +1,49 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
. ./config.sh
. ./colors.sh
#send a message
verbose "Configuring IPTables"
#run iptables commands
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm
iptables -A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "sipcli/" --algo bm
iptables -A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm
iptables -A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm
iptables -A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "sipcli/" --algo bm
iptables -A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm
iptables -A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm
iptables -A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "sipcli/" --algo bm
iptables -A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm
iptables -A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm
iptables -A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "sipcli/" --algo bm
iptables -A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 5060:5061 -j ACCEPT
iptables -A INPUT -p udp --dport 5060:5061 -j ACCEPT
iptables -A INPUT -p tcp --dport 5080:5081 -j ACCEPT
iptables -A INPUT -p udp --dport 5080:5081 -j ACCEPT
iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46
iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5081 -j DSCP --set-dscp 26
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5081 -j DSCP --set-dscp 26
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#answer the questions for iptables persistent
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
apt-get install -y -q iptables-persistent
# update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults

80
devuan/resources/letsencrypt.sh Executable file
View File

@ -0,0 +1,80 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#request the domain and email
read -p 'Domain Name: ' domain_name
read -p 'Email Address: ' email_address
#domain_name=subdomain.domain.com
#email=username@domain.com
#remove previous install
rm -R /opt/letsencrypt
rm -R /etc/letsencrypt
#use php version 5 for arm
if [ .$cpu_architecture = .'arm' ]; then
php_version=5
fi
#enable fusionpbx nginx config
cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
#prepare socket name
if [ ."$php_version" = ."5" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
fi
if [ ."$php_version" = ."7" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
fi
ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
#read the config
/usr/sbin/nginx -t && /usr/sbin/nginx -s reload
#install letsencrypt
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
chmod 755 /opt/letsencrypt/certbot-auto
/opt/letsencrypt/./certbot-auto
mkdir -p /etc/letsencrypt/configs
mkdir -p /var/www/letsencrypt/
#cd $pwd
#cd "$(dirname "$0")"
#copy the domain conf
cp letsencrypt/domain_name.conf /etc/letsencrypt/configs/$domain_name.conf
#update the domain_name and email_address
sed "s#{domain_name}#$domain_name#g" -i /etc/letsencrypt/configs/$domain_name.conf
sed "s#{email_address}#$email_address#g" -i /etc/letsencrypt/configs/$domain_name.conf
#letsencrypt
#sed "s@#letsencrypt@location /.well-known/acme-challenge { root /var/www/letsencrypt; }@g" -i /etc/nginx/sites-available/fusionpbx
#get the certs from letsencrypt
cd /opt/letsencrypt && ./letsencrypt-auto --config /etc/letsencrypt/configs/$domain_name.conf certonly
#update nginx config
sed "s@ssl_certificate /etc/ssl/certs/nginx.crt;@ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx
sed "s@ssl_certificate_key /etc/ssl/private/nginx.key;@ssl_certificate_key /etc/letsencrypt/live/$domain_name/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx
#read the config
/usr/sbin/nginx -t && /usr/sbin/nginx -s reload
#combine the certs into all.pem
cat /etc/letsencrypt/live/$domain_name/cert.pem > /etc/letsencrypt/live/$domain_name/all.pem
cat /etc/letsencrypt/live/$domain_name/privkey.pem >> /etc/letsencrypt/live/$domain_name/all.pem
cat /etc/letsencrypt/live/$domain_name/chain.pem >> /etc/letsencrypt/live/$domain_name/all.pem
#copy the certs to the switch tls directory
mkdir -p /etc/freeswitch/tls
cp /etc/letsencrypt/live/$domain_name/*.pem /etc/freeswitch/tls
cp /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
chown -R www-data:www-data /etc/freeswitch

22
devuan/resources/letsencrypt/domain_name.conf Executable file
View File

@ -0,0 +1,22 @@
# the domain we want to get the cert for;
# technically it's possible to have multiple of this lines, but it only worked
# with one domain for me, another one only got one cert, so I would recommend
# separate config files per domain.
domains = {domain_name}
# increase key size
rsa-key-size = 2048 # Or 4096
# the current closed beta (as of 2015-Nov-07) is using this server
server = https://acme-v01.api.letsencrypt.org/directory
# this address will receive renewal reminders
email = {email_address}
# turn off the ncurses UI, we want this to be run as a cronjob
text = True
# authenticate by placing a file in the webroot (under .well-known/acme-challenge/)
# and then letting LE fetch it
authenticator = webroot
webroot-path = /var/www/letsencrypt/

89
devuan/resources/nginx.sh Executable file
View File

@ -0,0 +1,89 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Installing Nginx"
#if [ ."$cpu_architecture" = ."arm" ]; then
#9.x - */stretch/
#8.x - */jessie/
#fi
if [ ."$php_version" = ."5" ]; then
#verbose "Switching forcefully to php5* packages"
which add-apt-repository || apt-get install -y software-properties-common
#LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
#LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php5-compat
apt-get update
elif [ ."$os_name" = ."Ubuntu" ]; then
#16.10.x - */yakkety/
#16.04.x - */xenial/
#14.04.x - */trusty/
if [ ."$os_codename" = ."trusty" ]; then
which add-apt-repository || apt-get install -y software-properties-common
LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
apt-get -q update
fi
elif [ ."$cpu_architecture" = ."arm" ]; then
#Pi2 and Pi3 Raspbian
#Odroid
if [ ."$os_codename" = ."jessie" ]; then
echo "deb http://packages.moopi.uk/debian jessie main" > /etc/apt/sources.list.d/moopi.list
wget -O - http://packages.moopi.uk/debian/moopi.gpg.key | apt-key add -
apt-get -q update
fi
else
#9.x - */stretch/
#8.x - */jessie/
if [ ."$os_codename" = ."jessie" ]; then
echo "deb http://packages.dotdeb.org $os_codename all" > /etc/apt/sources.list.d/dotdeb.list
echo "deb-src http://packages.dotdeb.org $os_codename all" >> /etc/apt/sources.list.d/dotdeb.list
wget -O - https://www.dotdeb.org/dotdeb.gpg | apt-key add -
apt-get -q update
fi
fi
#use php version 5 for arm
#if [ .$cpu_architecture = .'arm' ]; then
# php_version=5
#fi
#install dependencies
apt-get install -y -q nginx
if [ ."$php_version" = ."5" ]; then
apt-get install -y -q php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-mcrypt
fi
if [ ."$php_version" = ."7" ]; then
apt-get install -y -q php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-mcrypt php7.0-xml
fi
#enable fusionpbx nginx config
cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
#prepare socket name
if [ ."$php_version" = ."5" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
fi
if [ ."$php_version" = ."7" ]; then
sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
fi
ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
#self signed certificate
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt
#remove the default site
rm /etc/nginx/sites-enabled/default
#add the letsencrypt directory
mkdir -p /var/www/letsencrypt/
#restart nginx
service nginx restart

201
devuan/resources/nginx/fusionpbx Executable file
View File

@ -0,0 +1,201 @@
server{
listen 127.0.0.1:80;
server_name 127.0.0.1;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 80M;
client_body_buffer_size 128k;
location / {
root /var/www/fusionpbx;
index index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Disable viewing .htaccess & .htpassword & .db
location ~ .htaccess {
deny all;
}
location ~ .htpassword {
deny all;
}
location ~^.+.(db)$ {
deny all;
}
}
server {
listen 80;
server_name fusionpbx;
if ($uri !~* ^.*provision.*$) {
rewrite ^(.*) https://$host$1 permanent;
break;
}
#REST api
if ($uri ~* ^.*/api/.*$) {
rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
break;
}
#algo
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
#mitel
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
#grandstream
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
#aastra
rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
#yealink common
rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
#yealink mac
rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
#polycom
rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
#cisco
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
#Escene
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 80M;
client_body_buffer_size 128k;
location / {
root /var/www/fusionpbx;
index index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Disable viewing .htaccess & .htpassword & .db
location ~ .htaccess {
deny all;
}
location ~ .htpassword {
deny all;
}
location ~^.+.(db)$ {
deny all;
}
}
server {
listen 443;
server_name fusionpbx;
ssl on;
ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!ADH:!MD5:!aNULL;
#letsencrypt
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
#REST api
if ($uri ~* ^.*/api/.*$) {
rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
break;
}
#algo
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
#mitel
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
#grandstriam
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
#aastra
rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
#yealink common
rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
#yealink mac
rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
#polycom
rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
#cisco
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
#Escene
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 80M;
client_body_buffer_size 128k;
location / {
root /var/www/fusionpbx;
index index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Disable viewing .htaccess & .htpassword & .db
location ~ .htaccess {
deny all;
}
location ~ .htpassword {
deny all;
}
location ~^.+.(db)$ {
deny all;
}
}

31
devuan/resources/php.sh Executable file
View File

@ -0,0 +1,31 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
#send a message
verbose "Configuring PHP"
#update config if source is being used
if [ ."$php_version" = ."5" ]; then
verbose "version 5.x"
php_ini_file='/etc/php5/fpm/php.ini'
fi
if [ ."$php_version" = ."7" ]; then
verbose "version 7.0"
php_ini_file='/etc/php/7.0/fpm/php.ini'
fi
sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file
sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file
#restart php-fpm
if [ ."$php_version" = ."5" ]; then
/usr/sbin/service php5-fpm restart
fi
if [ ."$php_version" = ."7" ]; then
/usr/sbin/service php7.0-fpm restart
fi

54
devuan/resources/postgres.sh Executable file
View File

@ -0,0 +1,54 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Installing PostgreSQL"
#use the system database repo for arm
if [ .$cpu_architecture = .'arm' ]; then
database_repo="sip247"
fi
apt-get install -q -y sudo
#included in the distribution
if [ ."$database_repo" = ."system" ]; then
apt-get install -q -y postgresql
fi
#postgres official repository
if [ ."$database_repo" = ."official" ]; then
verbose "Using official repos"
echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' > /etc/apt/sources.list.d/pgdg.list
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
apt-get -q update && apt-get upgrade -y
apt-get install -y postgresql
fi
#Add PostgreSQL and BDR REPO
if [ ."$database_repo" = ."2ndquadrant" ]; then
verbose "Using 2ndquadrant.com repos"
echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' >> /etc/apt/sources.list.d/postgresql.list
echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' >> /etc/apt/sources.list.d/2ndquadrant.list
wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add -
wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add -
apt-get -q update && apt-get upgrade -y
apt-get install -y postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4
fi
#sip247 arm repository
if [ ."$database_repo" = ."sip247" ]; then
echo 'deb http://repo.sip247.com/debian/postgresql-armhf jessie main' > /etc/apt/sources.list.d/pgsql-sip247.list
wget --quiet -O - http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add -
apt-get -q update && apt-get upgrade -y
apt-get install -y postgresql
fi
service postgresql restart

144
devuan/resources/postgresql/bdr.sh Executable file
View File

@ -0,0 +1,144 @@
#!/bin/sh
#
# This doesn't seem to be currently in use (2017.04.25).
#
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ../config.sh
#set the date
now=$(date +%Y-%m-%d)
#set the database password
if [ .$database_password = .'random' ]; then
database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
fi
#show this server's addresses
server_address=$(hostname -I);
echo "This Server Address: $server_address"
#nodes addresses
read -p "Enter all Node IP Addresses: " nodes
#request the domain and email
read -p 'Create Group (true/false): ' group_create
if [ .$group_create = .true ]; then
read -p 'Enter this Nodes Address: ' node_1;
else
read -p 'Join using node already in group: ' node_1;
read -p 'Enter this Nodes Address: ' node_2;
fi
#settings summary
echo "-----------------------------";
echo " Summary";
echo "-----------------------------";
echo "Create Group: $group_create";
echo "All Node IP Addresses: $nodes";
if [ .$group_create = .true ]; then
echo "This Nodes Address: $node_1";
else
echo "Join using node in group: $node_1;"
echo "This Node Address: $node_2";
fi
echo "";
#verify
read -p 'Is the information correct (y/n): ' verified
if [ .$verified != ."y" ]; then
echo "Goodbye";
exit 0;
fi
#iptables rules
for node in $nodes; do
iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32
iptables -A INPUT -j ACCEPT -p tcp --dport 8080 -s ${node}/32
done
apt-get remove iptables-persistent -y
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
apt-get install -y iptables-persistent
#setup ssl
sed -i /etc/postgresql/9.4/main/postgresql.conf -e s:'snakeoil.key:snakeoil-postgres.key:'
cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil-postgres.key
chown postgres:postgres /etc/ssl/private/ssl-cert-snakeoil-postgres.key
chmod 600 /etc/ssl/private/ssl-cert-snakeoil-postgres.key
#postgresql.conf - append settings
cp /etc/postgresql/9.4/main/postgresql.conf /etc/postgresql/9.4/main/postgresql.conf-$now
cat ../postgresql/postgresql.conf > /etc/postgresql/9.4/main/postgresql.conf
#pg_hba.conf - append settings
cp /etc/postgresql/9.4/main/pg_hba.conf /etc/postgresql/9.4/main/pg_hba.conf-$now
cat ../postgresql/pg_hba.conf > /etc/postgresql/9.4/main/pg_hba.conf
#chmod 640 /etc/postgresql/9.4/main/pg_hba.conf
#chown -R postgres:postgres /etc/postgresql/9.4/main
for node in $nodes; do
echo "hostssl all all ${node}/32 trust" >> /etc/postgresql/9.4/main/pg_hba.conf
echo "hostssl replication postgres ${node}/32 trust" >> /etc/postgresql/9.4/main/pg_hba.conf
done
#reload configuration
systemctl daemon-reload
#restart postgres
systemctl restart postgresql
#set the working directory
cwd=$(pwd)
cd /tmp
#add the database users and databases
sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
sudo -u postgres psql -c "CREATE DATABASE freeswitch;";
#add the users and grant permissions
sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';"
sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$database_password';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
#add the postgres extensions
sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION btree_gist;";
sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION bdr;";
sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION btree_gist;";
sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION bdr;";
#add master nodes
if [ .$group_create = .true ]; then
#add first node
sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
else
#add additional master nodes
sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
fi
#load the freeswitch database
#sudo -u postgres psql -d freeswitch -f /var/www/fusionpbx/resources/install/sql/switch.sql -L /tmp/switch-sql.log
#sleeping
if [ .$group_create = .false ]; then
echo "Sleeping for 15 seconds";
for i in `seq 1 15`; do
echo $i
sleep 1
done
fi
#add extension pgcrypto
if [ .$group_create = .false ]; then
sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION pgcrypto;";
fi
#message to user
echo "Completed"

97
devuan/resources/postgresql/pg_hba.conf Normal file
View File

@ -0,0 +1,97 @@
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file. A short
# synopsis follows.
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of these forms:
#
# local DATABASE USER METHOD [OPTIONS]
# host DATABASE USER ADDRESS METHOD [OPTIONS]
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type: "local" is a Unix-domain
# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
# plain TCP/IP socket.
#
# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, or a comma-separated list thereof. The "all"
# keyword does not match "replication". Access to replication
# must be enabled in a separate record (see example below).
#
# USER can be "all", a user name, a group name prefixed with "+", or a
# comma-separated list thereof. In both the DATABASE and USER fields
# you can also write a file name prefixed with "@" to include names
# from a separate file.
#
# ADDRESS specifies the set of hosts the record matches. It can be a
# host name, or it is made up of an IP address and a CIDR mask that is
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
# specifies the number of significant bits in the mask. A host name
# that starts with a dot (.) matches a suffix of the actual host name.
# Alternatively, you can write an IP address and netmask in separate
# columns to specify the set of hosts. Instead of a CIDR-address, you
# can write "samehost" to match any of the server's own IP addresses,
# or "samenet" to match any address in any subnet that the server is
# directly connected to.
#
# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that
# "password" sends passwords in clear text; "md5" is preferred since
# it sends encrypted passwords.
#
# OPTIONS are a set of options for the authentication in the format
# NAME=VALUE. The available options depend on the different
# authentication methods -- refer to the "Client Authentication"
# section in the documentation for a list of which options are
# available for which authentication methods.
#
# Database and user names containing spaces, commas, quotes and other
# special characters must be quoted. Quoting one of the keywords
# "all", "sameuser", "samerole" or "replication" makes the name lose
# its special character, and just match a database or username with
# that name.
#
# This file is read on server startup and when the postmaster receives
# a SIGHUP signal. If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect. You can
# use "pg_ctl reload" to do that.
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5

618
devuan/resources/postgresql/postgresql.conf Normal file
View File

@ -0,0 +1,618 @@
# -----------------------------
# PostgreSQL configuration file
# -----------------------------
#
# This file consists of lines of the form:
#
# name = value
#
# (The "=" is optional.) Whitespace may be used. Comments are introduced with
# "#" anywhere on a line. The complete list of parameter names and allowed
# values can be found in the PostgreSQL documentation.
#
# The commented-out settings shown in this file represent the default values.
# Re-commenting a setting is NOT sufficient to revert it to the default value;
# you need to reload the server.
#
# This file is read on server startup and when the server receives a SIGHUP
# signal. If you edit the file on a running system, you have to SIGHUP the
# server for the changes to take effect, or use "pg_ctl reload". Some
# parameters, which are marked below, require a server shutdown and restart to
# take effect.
#
# Any parameter can also be given as a command-line option to the server, e.g.,
# "postgres -c log_connections=on". Some parameters can be changed at run time
# with the "SET" SQL command.
#
# Memory units: kB = kilobytes Time units: ms = milliseconds
# MB = megabytes s = seconds
# GB = gigabytes min = minutes
# TB = terabytes h = hours
# d = days
#------------------------------------------------------------------------------
# FILE LOCATIONS
#------------------------------------------------------------------------------
# The default values of these variables are driven from the -D command-line
# option or PGDATA environment variable, represented here as ConfigDir.
data_directory = '/var/lib/postgresql/9.4/main' # use data in another directory
# (change requires restart)
hba_file = '/etc/postgresql/9.4/main/pg_hba.conf' # host-based authentication file
# (change requires restart)
ident_file = '/etc/postgresql/9.4/main/pg_ident.conf' # ident configuration file
# (change requires restart)
# If external_pid_file is not explicitly set, no extra PID file is written.
external_pid_file = '/var/run/postgresql/9.4-main.pid' # write an extra PID file
# (change requires restart)
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
#listen_addresses = 'localhost' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
# (change requires restart)
#bonjour = off # advertise server via Bonjour
# (change requires restart)
#bonjour_name = '' # defaults to the computer name
# (change requires restart)
# - Security and Authentication -
#authentication_timeout = 1min # 1s-600s
ssl = true # (change requires restart)
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
# (change requires restart)
#ssl_prefer_server_ciphers = on # (change requires restart)
#ssl_ecdh_curve = 'prime256v1' # (change requires restart)
#ssl_renegotiation_limit = 0 # amount of data between renegotiations
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change requires restart)
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil-postgres.key' # (change requires restart)
#ssl_ca_file = '' # (change requires restart)
#ssl_crl_file = '' # (change requires restart)
#password_encryption = on
#db_user_namespace = off
# GSSAPI using Kerberos
#krb_server_keyfile = ''
#krb_caseins_users = off
# - TCP Keepalives -
# see "man 7 tcp" for details
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
# 0 selects the system default
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
# 0 selects the system default
#tcp_keepalives_count = 0 # TCP_KEEPCNT;
# 0 selects the system default
#------------------------------------------------------------------------------
# RESOURCE USAGE (except WAL)
#------------------------------------------------------------------------------
# - Memory -
shared_buffers = 128MB # min 128kB
# (change requires restart)
#huge_pages = try # on, off, or try
# (change requires restart)
#temp_buffers = 8MB # min 800kB
#max_prepared_transactions = 0 # zero disables the feature
# (change requires restart)
# Caution: it is not advisable to set max_prepared_transactions nonzero unless
# you actively intend to use prepared transactions.
#work_mem = 4MB # min 64kB
#maintenance_work_mem = 64MB # min 1MB
#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
#max_stack_depth = 2MB # min 100kB
dynamic_shared_memory_type = posix # the default is the first option
# supported by the operating system:
# posix
# sysv
# windows
# mmap
# use none to disable dynamic shared memory
# - Disk -
#temp_file_limit = -1 # limits per-session temp file space
# in kB, or -1 for no limit
# - Kernel Resource Usage -
#max_files_per_process = 1000 # min 25
# (change requires restart)
#shared_preload_libraries = '' # (change requires restart)
# - Cost-Based Vacuum Delay -
#vacuum_cost_delay = 0 # 0-100 milliseconds
#vacuum_cost_page_hit = 1 # 0-10000 credits
#vacuum_cost_page_miss = 10 # 0-10000 credits
#vacuum_cost_page_dirty = 20 # 0-10000 credits
#vacuum_cost_limit = 200 # 1-10000 credits
# - Background Writer -
#bgwriter_delay = 200ms # 10-10000ms between rounds
#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round
# - Asynchronous Behavior -
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
#max_worker_processes = 8
#------------------------------------------------------------------------------
# WRITE AHEAD LOG
#------------------------------------------------------------------------------
# - Settings -
#wal_level = minimal # minimal, archive, hot_standby, or logical
# (change requires restart)
#fsync = on # turns forced synchronization on or off
#synchronous_commit = on # synchronization level;
# off, local, remote_write, or on
#wal_sync_method = fsync # the default is the first option
# supported by the operating system:
# open_datasync
# fdatasync (default on Linux)
# fsync
# fsync_writethrough
# open_sync
#full_page_writes = on # recover from partial page writes
#wal_log_hints = off # also do full page writes of non-critical updates
# (change requires restart)
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
# (change requires restart)
#wal_writer_delay = 200ms # 1-10000 milliseconds
#commit_delay = 0 # range 0-100000, in microseconds
#commit_siblings = 5 # range 1-1000
# - Checkpoints -
#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each
#checkpoint_timeout = 5min # range 30s-1h
#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0
#checkpoint_warning = 30s # 0 disables
# - Archiving -
#archive_mode = off # allows archiving to be done
# (change requires restart)
#archive_command = '' # command to use to archive a logfile segment
# placeholders: %p = path of file to archive
# %f = file name only
# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
#archive_timeout = 0 # force a logfile segment switch after this
# number of seconds; 0 disables
#------------------------------------------------------------------------------
# REPLICATION
#------------------------------------------------------------------------------
# - Sending Server(s) -
# Set these on the master and on any standby that will send replication data.
#max_wal_senders = 0 # max number of walsender processes
# (change requires restart)
#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables
#wal_sender_timeout = 60s # in milliseconds; 0 disables
#max_replication_slots = 0 # max number of replication slots
#track_commit_timestamp = off # collect timestamp of transaction commit
# (change requires restart)
# - Master Server -
# These settings are ignored on a standby server.
#synchronous_standby_names = '' # standby servers that provide sync rep
# comma-separated list of application_name
# from standby(s); '*' = all
#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
# - Standby Servers -
# These settings are ignored on a master server.
#hot_standby = off # "on" allows queries during recovery
# (change requires restart)
#max_standby_archive_delay = 30s # max delay before canceling queries
# when reading WAL from archive;
# -1 allows indefinite delay
#max_standby_streaming_delay = 30s # max delay before canceling queries
# when reading streaming WAL;
# -1 allows indefinite delay
#wal_receiver_status_interval = 10s # send replies at least this often
# 0 disables
#hot_standby_feedback = off # send info from standby to prevent
# query conflicts
#wal_receiver_timeout = 60s # time that receiver waits for
# communication from master
# in milliseconds; 0 disables
#------------------------------------------------------------------------------
# QUERY TUNING
#------------------------------------------------------------------------------
# - Planner Method Configuration -
#enable_bitmapscan = on
#enable_hashagg = on
#enable_hashjoin = on
#enable_indexscan = on
#enable_indexonlyscan = on
#enable_material = on
#enable_mergejoin = on
#enable_nestloop = on
#enable_seqscan = on
#enable_sort = on
#enable_tidscan = on
# - Planner Cost Constants -
#seq_page_cost = 1.0 # measured on an arbitrary scale
#random_page_cost = 4.0 # same scale as above
#cpu_tuple_cost = 0.01 # same scale as above
#cpu_index_tuple_cost = 0.005 # same scale as above
#cpu_operator_cost = 0.0025 # same scale as above
#effective_cache_size = 4GB
# - Genetic Query Optimizer -
#geqo = on
#geqo_threshold = 12
#geqo_effort = 5 # range 1-10
#geqo_pool_size = 0 # selects default based on effort
#geqo_generations = 0 # selects default based on effort
#geqo_selection_bias = 2.0 # range 1.5-2.0
#geqo_seed = 0.0 # range 0.0-1.0
# - Other Planner Options -
#default_statistics_target = 100 # range 1-10000
#constraint_exclusion = partition # on, off, or partition
#cursor_tuple_fraction = 0.1 # range 0.0-1.0
#from_collapse_limit = 8
#join_collapse_limit = 8 # 1 disables collapsing of explicit
# JOIN clauses
#------------------------------------------------------------------------------
# ERROR REPORTING AND LOGGING
#------------------------------------------------------------------------------
# - Where to Log -
#log_destination = 'stderr' # Valid values are combinations of
# stderr, csvlog, syslog, and eventlog,
# depending on platform. csvlog
# requires logging_collector to be on.
# This is used when logging to stderr:
#logging_collector = off # Enable capturing of stderr and csvlog
# into log files. Required to be on for
# csvlogs.
# (change requires restart)
# These are only used if logging_collector is on:
#log_directory = 'pg_log' # directory where log files are written,
# can be absolute or relative to PGDATA
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
# can include strftime() escapes
#log_file_mode = 0600 # creation mode for log files,
# begin with 0 to use octal notation
#log_truncate_on_rotation = off # If on, an existing log file with the
# same name as the new log file will be
# truncated rather than appended to.
# But such truncation only occurs on
# time-driven rotation, not on restarts
# or size-driven rotation. Default is
# off, meaning append to existing files
# in all cases.
#log_rotation_age = 1d # Automatic rotation of logfiles will
# happen after that time. 0 disables.
#log_rotation_size = 10MB # Automatic rotation of logfiles will
# happen after that much log output.
# 0 disables.
# These are relevant when logging to syslog:
#syslog_facility = 'LOCAL0'
#syslog_ident = 'postgres'
# This is only relevant when logging to eventlog (win32):
#event_source = 'PostgreSQL'
# - When to Log -
#client_min_messages = notice # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# log
# notice
# warning
# error
#log_min_messages = warning # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error
# log
# fatal
# panic
#log_min_error_statement = error # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error
# log
# fatal
# panic (effectively off)
#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
# and their durations, > 0 logs only
# statements running at least this number
# of milliseconds
# - What to Log -
#debug_print_parse = off
#debug_print_rewritten = off
#debug_print_plan = off
#debug_pretty_print = on
#log_checkpoints = off
#log_connections = off
#log_disconnections = off
#log_duration = off
#log_error_verbosity = default # terse, default, or verbose messages
#log_hostname = off
log_line_prefix = '%m [%p] %q%u@%d ' # special values:
# %a = application name
# %u = user name
# %d = database name
# %r = remote host and port
# %h = remote host
# %p = process ID
# %t = timestamp without milliseconds
# %m = timestamp with milliseconds
# %i = command tag
# %e = SQL state
# %c = session ID
# %l = session line number
# %s = session start timestamp
# %v = virtual transaction ID
# %x = transaction ID (0 if none)
# %q = stop here in non-session
# processes
# %% = '%'
# e.g. '<%u%%%d> '
#log_lock_waits = off # log lock waits >= deadlock_timeout
#log_statement = 'none' # none, ddl, mod, all
#log_temp_files = -1 # log temporary files equal or larger
# than the specified size in kilobytes;
# -1 disables, 0 logs all temp files
log_timezone = 'UTC'
#------------------------------------------------------------------------------
# RUNTIME STATISTICS
#------------------------------------------------------------------------------
# - Query/Index Statistics Collector -
#track_activities = on
#track_counts = on
#track_io_timing = off
#track_functions = none # none, pl, all
#track_activity_query_size = 1024 # (change requires restart)
#update_process_title = on
stats_temp_directory = '/var/run/postgresql/9.4-main.pg_stat_tmp'
# - Statistics Monitoring -
#log_parser_stats = off
#log_planner_stats = off
#log_executor_stats = off
#log_statement_stats = off
#------------------------------------------------------------------------------
# AUTOVACUUM PARAMETERS
#------------------------------------------------------------------------------
#autovacuum = on # Enable autovacuum subprocess? 'on'
# requires track_counts to also be on.
#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and
# their durations, > 0 logs only
# actions running at least this number
# of milliseconds.
#autovacuum_max_workers = 3 # max number of autovacuum subprocesses
# (change requires restart)
#autovacuum_naptime = 1min # time between autovacuum runs
#autovacuum_vacuum_threshold = 50 # min number of row updates before
# vacuum
#autovacuum_analyze_threshold = 50 # min number of row updates before
# analyze
#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
# (change requires restart)
#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
# before forced vacuum
# (change requires restart)
#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for
# autovacuum, in milliseconds;
# -1 means use vacuum_cost_delay
#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
# autovacuum, -1 means use
# vacuum_cost_limit
#------------------------------------------------------------------------------
# CLIENT CONNECTION DEFAULTS
#------------------------------------------------------------------------------
# - Statement Behavior -
#search_path = '"$user",public' # schema names
#default_tablespace = '' # a tablespace name, '' uses the default
#temp_tablespaces = '' # a list of tablespace names, '' uses
# only default tablespace
#check_function_bodies = on
#default_transaction_isolation = 'read committed'
#default_transaction_read_only = off
#default_transaction_deferrable = off
#session_replication_role = 'origin'
#statement_timeout = 0 # in milliseconds, 0 is disabled
#lock_timeout = 0 # in milliseconds, 0 is disabled
#vacuum_freeze_min_age = 50000000
#vacuum_freeze_table_age = 150000000
#vacuum_multixact_freeze_min_age = 5000000
#vacuum_multixact_freeze_table_age = 150000000
#bytea_output = 'hex' # hex, escape
#xmlbinary = 'base64'
#xmloption = 'content'
#gin_fuzzy_search_limit = 0
# - Locale and Formatting -
datestyle = 'iso, mdy'
#intervalstyle = 'postgres'
timezone = 'UTC'
#timezone_abbreviations = 'Default' # Select the set of available time zone
# abbreviations. Currently, there are
# Default
# Australia (historical usage)
# India
# You can create your own file in
# share/timezonesets/.
#extra_float_digits = 0 # min -15, max 3
#client_encoding = sql_ascii # actually, defaults to database
# encoding
# These settings are initialized by initdb, but they can be changed.
lc_messages = 'en_US.UTF-8' # locale for system error message
# strings
lc_monetary = 'en_US.UTF-8' # locale for monetary formatting
lc_numeric = 'en_US.UTF-8' # locale for number formatting
lc_time = 'en_US.UTF-8' # locale for time formatting
# default configuration for text search
default_text_search_config = 'pg_catalog.english'
# - Other Defaults -
#dynamic_library_path = '$libdir'
#local_preload_libraries = ''
#session_preload_libraries = ''
#------------------------------------------------------------------------------
# LOCK MANAGEMENT
#------------------------------------------------------------------------------
#deadlock_timeout = 1s
#max_locks_per_transaction = 64 # min 10
# (change requires restart)
#max_pred_locks_per_transaction = 64 # min 10
# (change requires restart)
#------------------------------------------------------------------------------
# VERSION/PLATFORM COMPATIBILITY
#------------------------------------------------------------------------------
# - Previous PostgreSQL Versions -
#array_nulls = on
#backslash_quote = safe_encoding # on, off, or safe_encoding
#default_with_oids = off
#escape_string_warning = on
#lo_compat_privileges = off
#quote_all_identifiers = off
#sql_inheritance = on
#standard_conforming_strings = on
#synchronize_seqscans = on
# - Other Platforms and Clients -
#transform_null_equals = off
#------------------------------------------------------------------------------
# ERROR HANDLING
#------------------------------------------------------------------------------
#exit_on_error = off # terminate session on any error?
#restart_after_crash = on # reinitialize after backend crash?
#------------------------------------------------------------------------------
# CONFIG FILE INCLUDES
#------------------------------------------------------------------------------
# These options allow settings to be loaded from files other than the
# default postgresql.conf.
#include_dir = 'conf.d' # include files ending in '.conf' from
# directory 'conf.d'
#include_if_exists = 'exists.conf' # include file only if it exists
#include = 'special.conf' # include file
#------------------------------------------------------------------------------
# CUSTOMIZED OPTIONS
#------------------------------------------------------------------------------
# Add settings for extensions here
listen_addresses = '*'
#listen_addresses = '127.0.0.1,xxx.xxx.xxx.xxx'
shared_preload_libraries = 'bdr'
wal_level = 'logical'
track_commit_timestamp = on
max_connections = 100
max_wal_senders = 10
max_replication_slots = 48
max_worker_processes = 48

37
devuan/resources/reboot_phones.sh Executable file
View File

@ -0,0 +1,37 @@
#!/bin/bash
#This script will reboot all the phones in a particular domain for a specified model. A pause is optional.
#gather parameters
read -p "Enter the Domain to Reboot (example: abc.net):" domain
read -p "Enter the phone type to reboot (polycom, yealink, cisco):" vendor
read -p "Enter the time in seconds to pause between phones:" pausetime
#create a temp file
NOW=$(date +"%Y%m%d_%H%M%S")
FILE="registrations-$NOW.csv"
#gather the registrations from freeswitch
eval 'fs_cli -x "show registrations" > $FILE'
#create some variables
N=0
ARR=()
#set the internal field separator
IFS=","
INPUT=$FILE
#Loop through the registrations and reboot
[ ! -f $INPUT ] &while read reg_user realm extra
do
if [ ."$realm" = ."$domain" ]; then
eval 'fs_cli -x "luarun app.lua event_notify internal reboot $reg_user@$realm $vendor"'
if [ "$pausetime" > 0 ]; then
sleep $pausetime
fi
fi
done < $INPUT
IFS=$OLDIFS
#remove the file
rm $FILE

25
devuan/resources/sngrep.sh Executable file
View File

@ -0,0 +1,25 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#add sngrep
if [ ."$cpu_architecture" = ."arm" ]; then
#source install
apt-get -q -y install git autoconf automake gcc make libncurses5-dev libpcap-dev libssl-dev libpcre3-dev
cd /usr/src && git clone https://github.com/irontec/sngrep
cd /usr/src/sngrep && ./bootstrap.sh
cd /usr/src/sngrep && ./configure
cd /usr/src/sngrep && make install
else
#package install
echo 'deb http://packages.irontec.com/debian jessie main' > /etc/apt/sources.list.d/sngrep.list
wget http://packages.irontec.com/public.key -q -O - | apt-key add -
apt-get -q update
apt-get -y -q install sngrep
fi

51
devuan/resources/switch.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ./config.sh
verbose "Installing FreeSWITCH"
if [ .$switch_source = .true ]; then
if [ ."$switch_branch" = "master" ]; then
switch/source-master.sh
else
switch/source-release.sh
fi
#copy the switch conf files to /etc/freeswitch
switch/conf-copy.sh
#set the file permissions
switch/source-permissions.sh
#sysvinit service
switch/source-sysvinit.sh
fi
if [ .$switch_package = .true ]; then
if [ ."$switch_branch" = "master" ]; then
if [ .$switch_package_all = .true ]; then
switch/package-master-all.sh
else
switch/package-master.sh
fi
else
if [ .$switch_package_all = .true ]; then
switch/package-all.sh
else
switch/package-release.sh
fi
fi
#copy the switch conf files to /etc/freeswitch
switch/conf-copy.sh
#set the file permissions
switch/package-permissions.sh
#sysvinit service
switch/package-sysvinit.sh
fi

4
devuan/resources/switch/conf-copy.sh Executable file
View File

@ -0,0 +1,4 @@
mv /etc/freeswitch /etc/freeswitch.orig
mkdir /etc/freeswitch
cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch
chown -R freeswitch:freeswitch /etc/freeswitch

21
devuan/resources/switch/package-all.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ../config.sh
. ../colors.sh
. ../environment.sh
. ../arguments.sh
apt-get -q update && apt-get install -y -q ntp curl memcached haveged
if [ ."$cpu_architecture" = ."arm" ]; then
echo "deb http://repo.sip247.com/debian/freeswitch-stable-armhf/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
curl http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add -
else
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
curl http://files.freeswitch.org/repo/deb/freeswitch-1.6/key.gpg | apt-key add -
fi
apt-get -q update && apt-get install -y -q freeswitch-meta-all freeswitch-all-dbg gdb

7
devuan/resources/switch/package-master-all.sh Executable file
View File

@ -0,0 +1,7 @@
#!/bin/sh
apt-get update && apt-get install -y -q ntp curl memcached haveged
curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list
apt-get update && apt-get install -y -q freeswitch-meta-all freeswitch-all-dbg gdb

25
devuan/resources/switch/package-master.sh Executable file
View File

@ -0,0 +1,25 @@
#!/bin/sh
apt-get update && apt-get install -y -q curl memcached haveged
curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list
apt-get update
apt-get install -y -q ntp gdb
apt-get install -y -q freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-sysvinit freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor
apt-get install -y -q freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
apt-get install -y -q freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
apt-get install -y -q freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi
apt-get install -y -q freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
apt-get install -y -q freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
apt-get install -y -q freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
apt-get install -y -q freeswitch-mod-skypopen freeswitch-mod-skypopen-dbg freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
apt-get install -y -q freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite
apt-get install -y -q freeswitch-music-default
#remove the music package to protect music on hold from package updates
mkdir -p /usr/share/freeswitch/sounds/temp
mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
apt-get remove -y -q freeswitch-music-default
mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
rm -R /usr/share/freeswitch/sounds/temp

8
devuan/resources/switch/package-permissions.sh Executable file
View File

@ -0,0 +1,8 @@
#default permissions
# Devaun packages set this up correctly
#chown -R freeswitch:freeswitch /var/lib/freeswitch
# I'm not sure this is the best place to put non-packaged files - leaving it as is for now
chown -R freeswitch:freeswitch /usr/share/freeswitch
touch /var/log/freeswitch/freeswitch.log
chown -R freeswitch:freeswitch /var/log/freeswitch

41
devuan/resources/switch/package-release.sh Executable file
View File

@ -0,0 +1,41 @@
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#includes
. ../config.sh
. ../colors.sh
. ../environment.sh
apt-get -qq -y install curl memcached haveged
if [ ."$cpu_architecture" = ."arm" ]; then
echo "deb http://repo.sip247.com/debian/freeswitch-stable-armhf/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
curl http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add -
apt-get -q update
else
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
curl http://files.freeswitch.org/repo/deb/freeswitch-1.6/key.gpg | apt-key add -
apt-get -q update
fi
apt-get -qq -y install gdb ntp
apt-get -qq -y install freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-sysvinit freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor
apt-get -qq -y install freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
apt-get -qq -y install freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
apt-get -qq -y install freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi
apt-get -qq -y install freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
apt-get -qq -y install freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
apt-get -qq -y install freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
apt-get -qq -y install freeswitch-mod-skypopen freeswitch-mod-skypopen-dbg freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
apt-get -qq -y install freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite
apt-get -qq -y install freeswitch-music-default
apt-get remove -q -y freeswitch-systemd
#remove the music package to protect music on hold from package updates
mkdir -p /usr/share/freeswitch/sounds/temp
mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
apt-get remove -y freeswitch-music-default
mkdir -p /usr/share/freeswitch/sounds/music/default
mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
rm -R /usr/share/freeswitch/sounds/temp

6
devuan/resources/switch/package-sysvinit.sh Executable file
View File

@ -0,0 +1,6 @@
update-rc.d freeswitch enable
#
# If freeswitch is not restarted with the new config before finish.sh is run,
# upgrade_domains.php will not set the paths correctly on the default domain
#
service freeswitch restart

40
devuan/resources/switch/source-master.sh Executable file
View File

@ -0,0 +1,40 @@
#!/bin/sh
echo "Installing the FreeSWITCH source"
DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y -q ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev
apt-get install -y -q unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev
apt-get update && apt-get install -y -q ntp curl haveged
curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
apt-get update && apt-get upgrade
apt-get install -y -q freeswitch-video-deps-most
git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch
cd /usr/src/freeswitch
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
./bootstrap.sh -j
#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs
./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
#make mod_shout-install
make
rm -rf /usr/local/freeswitch/{lib,mod,bin}/*
make install
make sounds-install moh-install
make hd-sounds-install hd-moh-install
make cd-sounds-install cd-moh-install
#move the music into music/default directory
mkdir -p /usr/local/freeswitch/sounds/music/default
mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default
#configure system service
ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli
cp "$(dirname $0)/source/freeswitch.service" /lib/systemd/system/freeswitch.service

6
devuan/resources/switch/source-permissions.sh Executable file
View File

@ -0,0 +1,6 @@
#setup owner and group, permissions and sticky
chown -R www-data:www-data /usr/local/freeswitch
chmod -R ug+rw /usr/local/freeswitch
touch /var/log/freeswitch/freeswitch.log
chown -R www-data:www-data /var/log/freeswitch
find /usr/local/freeswitch -type d -exec chmod 2770 {} \;

66
devuan/resources/switch/source-release.sh Executable file
View File

@ -0,0 +1,66 @@
#!/bin/sh
echo "Installing the FreeSWITCH source"
DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y -q ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev
apt-get install -y -q ntp unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev
# E: Unable to locate package libyuv-dev
# E: Unable to locate package libbroadvoice-dev
# E: Unable to locate package libcodec2-dev
# E: Unable to locate package libflite-dev
# E: Unable to locate package libg7221-dev
# E: Unable to locate package libilbc-dev
# E: Unable to locate package libmongoc-dev
# E: Unable to locate package libsilk-dev
apt-get update && apt-get install -y -q curl haveged
curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
apt-get -q update && apt-get upgrade -y -q
apt-get install -y -q freeswitch-video-deps-most
#we are about to move out of the executing directory so we need to preserve it to return after we are done
CWD=$(pwd)
#git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch
#git clone -b v1.6 https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch
SWITCH_MAJOR=$(git ls-remote --heads https://freeswitch.org/stash/scm/fs/freeswitch.git "v*" | cut -d/ -f 3 | grep -P '^v\d+\.\d+' | sort | tail -n 1| cut -dv -f2)
SWITCH_MINOR=$(git ls-remote --tags https://freeswitch.org/stash/scm/fs/freeswitch.git v$SWITCH_MAJOR.* | cut -d/ -f3 | cut -dv -f2 | cut -d. -f3 | sort -n | tail -n1)
SWITCH_VERSION=$SWITCH_MAJOR.$SWITCH_MINOR
echo "Using version $SWITCH_VERSION"
cd /usr/src
wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$SWITCH_VERSION.zip
unzip freeswitch-$SWITCH_VERSION.zip
rm -R freeswitch
mv freeswitch-$SWITCH_VERSION freeswitch
cd freeswitch
#./bootstrap.sh -j
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
#./configure --help
#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs
./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
#make mod_shout-install
make
rm -rf /usr/local/freeswitch/{lib,mod,bin}/*
make install
make sounds-install moh-install
make hd-sounds-install hd-moh-install
make cd-sounds-install cd-moh-install
#move the music into music/default directory
mkdir -p /usr/local/freeswitch/sounds/music/default
mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default
#return to the executing directory
cd $CWD
#configure system service
ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli
cp "$(dirname $0)/source/freeswitch.init" /etc/init.d/freeswitch
chmod a+x /etc/init.d/freeswitch
cp "$(dirname $0)/source/etc.default.freeswitch /etc/default/freeswitch

6
devuan/resources/switch/source-sysvinit.sh Normal file
View File

@ -0,0 +1,6 @@
cp "$(dirname $0)/source/freeswitch.init" /etc/init.d/freeswitch
cp "$(dirname $0)/source/etc.default.freeswitch" /etc/default/freeswitch
update-rc.d freeswitch enable
service freeswitch restart
echo "Please configure the sysvinit start up script from the source dir, test, and contribute code. Thank you."

24
devuan/resources/switch/source-to-package.sh Executable file
View File

@ -0,0 +1,24 @@
#!/bin/sh
#make sure the etc fusionpbx directory exists
mkdir -p /etc/fusionpbx
#remove init.d startup script
mv /etc/init.d/freeswitch /usr/src/init.d.freeswitch
update-rc.d -f freeswitch remove
#add the the freeswitch package
$(dirname $0)/package-release.sh
#install freeswitch systemd.d
$(dirname $0)/package-systemd.sh
#update fail2ban
sed -i /etc/fail2ban/jail.local -e s:'/usr/local/freeswitch/log:/var/log/freeswitch:'
service fail2ban restart
#move source files to package directories
rsync -avz /usr/local/freeswitch/conf/* /etc/freeswitch
rsync -avz /usr/local/freeswitch/recordings /var/lib/freeswitch
rsync -avz /usr/local/freeswitch/storage /var/lib/freeswitch
rsync -avz /usr/local/freeswitch/scripts /usr/share/freeswitch

8
devuan/resources/switch/source/etc.default.freeswitch Executable file
View File

@ -0,0 +1,8 @@
# /etc/default/freeswitch
FS_USER="www-data"
FS_GROUP="www-data"
DAEMON_OPTS="-nonat -ncwait -u www-data -g www-data -run /var/run/freeswitch"
# this is the packaged version. But since the source install does not work. I've not tested any of this.
# /etc/default/freeswitch
#DAEMON_OPTS="-nonat"

133
devuan/resources/switch/source/freeswitch.init Normal file
View File

@ -0,0 +1,133 @@
#!/bin/sh
### -*- mode:shell-script; indent-tabs-mode:nil; sh-basic-offset:2 -*-
### BEGIN INIT INFO
# Provides: freeswitch
# Required-Start: $network $remote_fs $local_fs
# Required-Stop: $network $remote_fs $local_fs
# Should-Start: postgresql mysql memcached mongodb
# Should-Stop: postgresql mysql memcached mongodb
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: FreeSWITCH Softswitch
# Description: FreeSWITCH Softswitch
### END INIT INFO
# Author: Travis Cross <tc@traviscross.com>
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC=freeswitch
NAME=freeswitch
DAEMON=/usr/bin/freeswitch
USER=freeswitch
DAEMON_ARGS="-u $USER -ncwait"
CONFDIR=/etc/$NAME
RUNDIR=/var/run/$NAME
PIDFILE=$RUNDIR/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
WORKDIR=/var/log/$NAME
[ -x $DAEMON ] || exit 0
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
. /lib/init/vars.sh
. /lib/lsb/init-functions
do_start() {
if ! [ -f $CONFDIR/freeswitch.xml ]; then
echo "$NAME is not configured so not starting.">&2
echo "Please add configuration under /etc/freeswitch">&2
echo "e.g. Install freeswitch-conf-vanilla, then:">&2
echo "cp -a /usr/share/freeswitch/conf/vanilla /etc/freeswitch">&2
return 3
fi
# Directory in /var/run may disappear on reboot (e.g. when tmpfs used for /var/run).
mkdir -p $RUNDIR
chown -R $USER: $RUNDIR
chmod -R ug=rwX,o= $RUNDIR
start-stop-daemon --start --quiet \
--pidfile $PIDFILE --exec $DAEMON --name $NAME --user $USER \
--test > /dev/null \
|| return 1
ulimit -s 240
start-stop-daemon --start --quiet \
--pidfile $PIDFILE --exec $DAEMON --name $NAME --user $USER \
--chdir $WORKDIR -- $DAEMON_ARGS $DAEMON_OPTS \
|| return 2
return 0
}
stop_fs() {
start-stop-daemon --stop --quiet \
--pidfile $PIDFILE --name $NAME --user $USER \
--retry=TERM/30/KILL/5
}
stop_fs_children() {
start-stop-daemon --stop --quiet \
--exec $DAEMON \
--oknodo --retry=0/30/KILL/5
}
do_stop() {
stop_fs
RETVAL="$?"
[ "$RETVAL" -eq 2 ] && return 2
stop_fs_children
[ "$?" -eq 2 ] && return 2
rm -f $PIDFILE
return "$RETVAL"
}
do_reload() {
start-stop-daemon --stop --quiet \
--pidfile $PIDFILE --name $NAME --user $USER \
--signal HUP
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
reload|force-reload)
log_daemon_msg "Reloading $DESC" "$NAME"
do_reload
log_end_msg $?
;;
restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1|*) log_end_msg 1 ;;
esac
;;
*) log_end_msg 1 ;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
exit 3
;;
esac
exit 0