From 4bb4d099c03c8a3b0551354a05638a4039f6b610 Mon Sep 17 00:00:00 2001 From: Simon Walter Date: Wed, 10 May 2017 03:58:43 +0900 Subject: [PATCH] installation script for OS Devuan (#95) * adding devuan * add devaun desc to README make update and upgrade more noisy correct path for devuan in pre-install * some untested code for the source install - source installation is broken in Debian installation script and I have not debugged the problem. Focusing on the packaged version first. --- README.md | 9 + debian/resources/postgres.sh | 2 +- devuan/install.sh | 56 ++ devuan/pre-install.sh | 13 + devuan/resources/arguments.sh | 48 ++ devuan/resources/backup/fusionpbx-backup.sh | 27 + .../resources/backup/fusionpbx-maintenance.sh | 53 ++ devuan/resources/colors.sh | 25 + devuan/resources/config.sh | 18 + devuan/resources/environment.sh | 79 +++ devuan/resources/fail2ban.sh | 34 + devuan/resources/fail2ban/freeswitch-404.conf | 27 + devuan/resources/fail2ban/freeswitch-dos.conf | 21 + devuan/resources/fail2ban/freeswitch-ip.conf | 20 + devuan/resources/fail2ban/freeswitch.conf | 18 + devuan/resources/fail2ban/fusionpbx.conf | 25 + devuan/resources/fail2ban/jail.local | 113 ++++ devuan/resources/fail2ban/nginx-404.conf | 5 + devuan/resources/fail2ban/nginx-dos.conf | 14 + devuan/resources/finish.sh | 147 +++++ devuan/resources/fusionpbx.sh | 31 + devuan/resources/fusionpbx/config.php | 45 ++ devuan/resources/iptables.sh | 49 ++ devuan/resources/letsencrypt.sh | 80 +++ devuan/resources/letsencrypt/domain_name.conf | 22 + devuan/resources/nginx.sh | 89 +++ devuan/resources/nginx/fusionpbx | 201 ++++++ devuan/resources/php.sh | 31 + devuan/resources/postgres.sh | 54 ++ devuan/resources/postgresql/bdr.sh | 144 ++++ devuan/resources/postgresql/pg_hba.conf | 97 +++ devuan/resources/postgresql/postgresql.conf | 618 ++++++++++++++++++ devuan/resources/reboot_phones.sh | 37 ++ devuan/resources/sngrep.sh | 25 + devuan/resources/switch.sh | 51 ++ devuan/resources/switch/conf-copy.sh | 4 + devuan/resources/switch/package-all.sh | 21 + devuan/resources/switch/package-master-all.sh | 7 + devuan/resources/switch/package-master.sh | 25 + .../resources/switch/package-permissions.sh | 8 + devuan/resources/switch/package-release.sh | 41 ++ devuan/resources/switch/package-sysvinit.sh | 6 + devuan/resources/switch/source-master.sh | 40 ++ devuan/resources/switch/source-permissions.sh | 6 + devuan/resources/switch/source-release.sh | 66 ++ devuan/resources/switch/source-sysvinit.sh | 6 + devuan/resources/switch/source-to-package.sh | 24 + .../switch/source/etc.default.freeswitch | 8 + .../resources/switch/source/freeswitch.init | 133 ++++ 49 files changed, 2722 insertions(+), 1 deletion(-) create mode 100755 devuan/install.sh create mode 100755 devuan/pre-install.sh create mode 100755 devuan/resources/arguments.sh create mode 100755 devuan/resources/backup/fusionpbx-backup.sh create mode 100755 devuan/resources/backup/fusionpbx-maintenance.sh create mode 100755 devuan/resources/colors.sh create mode 100755 devuan/resources/config.sh create mode 100755 devuan/resources/environment.sh create mode 100755 devuan/resources/fail2ban.sh create mode 100755 devuan/resources/fail2ban/freeswitch-404.conf create mode 100755 devuan/resources/fail2ban/freeswitch-dos.conf create mode 100755 devuan/resources/fail2ban/freeswitch-ip.conf create mode 100755 devuan/resources/fail2ban/freeswitch.conf create mode 100755 devuan/resources/fail2ban/fusionpbx.conf create mode 100755 devuan/resources/fail2ban/jail.local create mode 100755 devuan/resources/fail2ban/nginx-404.conf create mode 100755 devuan/resources/fail2ban/nginx-dos.conf create mode 100755 devuan/resources/finish.sh create mode 100755 devuan/resources/fusionpbx.sh create mode 100755 devuan/resources/fusionpbx/config.php create mode 100755 devuan/resources/iptables.sh create mode 100755 devuan/resources/letsencrypt.sh create mode 100755 devuan/resources/letsencrypt/domain_name.conf create mode 100755 devuan/resources/nginx.sh create mode 100755 devuan/resources/nginx/fusionpbx create mode 100755 devuan/resources/php.sh create mode 100755 devuan/resources/postgres.sh create mode 100755 devuan/resources/postgresql/bdr.sh create mode 100644 devuan/resources/postgresql/pg_hba.conf create mode 100644 devuan/resources/postgresql/postgresql.conf create mode 100755 devuan/resources/reboot_phones.sh create mode 100755 devuan/resources/sngrep.sh create mode 100755 devuan/resources/switch.sh create mode 100755 devuan/resources/switch/conf-copy.sh create mode 100755 devuan/resources/switch/package-all.sh create mode 100755 devuan/resources/switch/package-master-all.sh create mode 100755 devuan/resources/switch/package-master.sh create mode 100755 devuan/resources/switch/package-permissions.sh create mode 100755 devuan/resources/switch/package-release.sh create mode 100755 devuan/resources/switch/package-sysvinit.sh create mode 100755 devuan/resources/switch/source-master.sh create mode 100755 devuan/resources/switch/source-permissions.sh create mode 100755 devuan/resources/switch/source-release.sh create mode 100644 devuan/resources/switch/source-sysvinit.sh create mode 100755 devuan/resources/switch/source-to-package.sh create mode 100755 devuan/resources/switch/source/etc.default.freeswitch create mode 100644 devuan/resources/switch/source/freeswitch.init diff --git a/README.md b/README.md index 708a9e9..710e0e9 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,15 @@ It supports the latest video dependencies. If you want to do video mixing use De wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/debian/pre-install.sh | sh cd /usr/src/fusionpbx-install.sh/debian && ./install.sh ``` +### Devuan +If you like Debian but rather not bother with systemd, Devuan is a "drop in" replacement. +Version 1 is bassed on Jessie. So you will find the same packages available. +Please note that the source installation and installation on ARM is not fully tested. + +```sh +wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/devuan/pre-install.sh | sh +cd /usr/src/fusionpbx-install.sh/devuan && ./install.sh +``` ### FreeBSD FreeBSD is an operating system that has many great features like ZFS, HAST, CARP and more. diff --git a/debian/resources/postgres.sh b/debian/resources/postgres.sh index 93e1fd4..5b625cc 100755 --- a/debian/resources/postgres.sh +++ b/debian/resources/postgres.sh @@ -17,7 +17,7 @@ password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64) #install message echo "Install PostgreSQL and create the database and users\n" -#use the system database repo for arm +#use the sip247 database repo for arm if [ .$cpu_architecture = .'arm' ]; then database_repo="sip247" fi diff --git a/devuan/install.sh b/devuan/install.sh new file mode 100755 index 0000000..50ee935 --- /dev/null +++ b/devuan/install.sh @@ -0,0 +1,56 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./resources/config.sh +. ./resources/colors.sh +. ./resources/environment.sh + +#Update to latest packages +verbose "Update installed packages" +#apt-get upgrade && apt-get update -y --force-yes +# --force-yes is dangerous as per the man page. Lets use -y +apt-get -q update && apt-get -q --assume-yes upgrade + +#Add dependencies +apt-get install -q -y lsb-release sudo + +#IPTables +resources/iptables.sh + +#FusionPBX +resources/fusionpbx.sh + +#NGINX web server +resources/nginx.sh + +#PHP +resources/php.sh + +#FreeSWITCH +resources/switch.sh + +#Fail2ban +resources/fail2ban.sh + +#Optional CLI SIP monitoring tool +resources/sngrep.sh + +#Postgres +resources/postgres.sh + +#restart services +if [ ."$php_version" = ."5" ]; then + service php5-fpm restart +fi +if [ ."$php_version" = ."7" ]; then + service php7.0-fpm restart +fi + +service nginx restart +service fail2ban restart + +#add the database schema, user and groups +resources/finish.sh diff --git a/devuan/pre-install.sh b/devuan/pre-install.sh new file mode 100755 index 0000000..f2d8f58 --- /dev/null +++ b/devuan/pre-install.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +#upgrade the packages +apt-get -q update && apt-get upgrade -y + +#install git +apt-get install -y git + +#get the install script +cd /usr/src && git clone https://github.com/fusionpbx/fusionpbx-install.sh.git + +#change the working directory +cd /usr/src/fusionpbx-install.sh/devuan diff --git a/devuan/resources/arguments.sh b/devuan/resources/arguments.sh new file mode 100755 index 0000000..a8a2fae --- /dev/null +++ b/devuan/resources/arguments.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +#Process command line options only if we haven't been processed once +if [ -z "$CPU_CHECK" ]; then + export script_name=`basename "$0"` + ARGS=$(getopt -n '$script_name' -o h -l help,use-switch-source,use-switch-package-all,use-switch-master,use-switch-package-unofficial-arm,use-php5-package,use-system-master,no-cpu-check -- "$@") + + if [ $? -ne 0 ]; then + error "Failed parsing options." + exit 1 + fi + + export USE_SWITCH_SOURCE=false + export USE_SWITCH_PACKAGE_ALL=false + export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=false + export USE_PHP5_PACKAGE=false + export USE_SWITCH_MASTER=false + export USE_SYSTEM_MASTER=false + export CPU_CHECK=true + HELP=false + + while true; do + case "$1" in + --use-switch-source ) export USE_SWITCH_SOURCE=true; shift ;; + --use-switch-package-all ) export USE_SWITCH_PACKAGE_ALL=true; shift ;; + --use-switch-master ) export USE_SWITCH_MASTER=true; shift ;; + --use-system-master ) export USE_SYSTEM_MASTER=true; shift ;; + --use-php5-package ) export USE_PHP5_PACKAGE=true; shift ;; + --use-switch-package-unofficial-arm ) export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=true; export USE_PHP5_PACKAGE=true; shift ;; + --no-cpu-check ) export CPU_CHECK=false; shift ;; + -h | --help ) HELP=true; shift ;; + -- ) shift; break ;; + * ) break ;; + esac + done + + if [ .$HELP = .true ]; then + warning "Debian installer script" + warning " --use-switch-source will use freeswitch from source rather than ${green}(default:packages)" + warning " --use-switch-package-all if using packages use the meta-all package" + warning " --use-switch-package-unofficial-arm if your system is arm and you are using packages, use the unofficial arm repo and force php5* packages" + warning " --use-php5-package use php5* packages instead of ${green}(default:php7.0)" + warning " --use-switch-master will use master branch/packages for the switch instead of ${green}(default:stable)" + warning " --use-system-master will use master branch/packages for the system instead of ${green}(default:stable)" + warning " --no-cpu-check disable the cpu check ${green}(default:check)" + exit; + fi +fi \ No newline at end of file diff --git a/devuan/resources/backup/fusionpbx-backup.sh b/devuan/resources/backup/fusionpbx-backup.sh new file mode 100755 index 0000000..68625f7 --- /dev/null +++ b/devuan/resources/backup/fusionpbx-backup.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +export PGPASSWORD="zzz" +db_host=127.0.0.1 +db_port=5432 + +now=$(date +%Y-%m-%d) +mkdir -p /var/backups/fusionpbx/postgresql + +echo "Backup Started" + +#delete postgres backups +find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \; + +#delete the main backup +find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm {} \; + +#backup the database +pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql + +#package +tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch + +#source +#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf + +echo "Backup Completed" diff --git a/devuan/resources/backup/fusionpbx-maintenance.sh b/devuan/resources/backup/fusionpbx-maintenance.sh new file mode 100755 index 0000000..f1f6126 --- /dev/null +++ b/devuan/resources/backup/fusionpbx-maintenance.sh @@ -0,0 +1,53 @@ +#!/bin/sh + +#settings +#export PGPASSWORD="zzzzz" +db_host=127.0.0.1 +db_port=5432 +switch_package=true # true or false + +#set the date +now=$(date +%Y-%m-%d) + +#make sure the directory exists +mkdir -p /var/backups/fusionpbx/postgresql + +#show message to the console +echo "Maintenance Started" + +#delete freeswitch logs older 7 days +if [ .$switch_package = .true ]; then + find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \; +else + find /usr/local/freeswitch/log/freeswitch.log.* -mtime +7 -exec rm {} \; +fi + +#delete fax older than 90 days +if [ .$switch_package = .true ]; then + echo "."; + #find /var/lib/freeswitch/storage/fax/* -name '*.tif' -mtime +90 -exec rm {} \; + #find /var/lib/freeswitch/storage/fax/* -name '*.pdf' -mtime +90 -exec rm {} \; +else + echo "."; + #find /usr/local/freeswitch/storage/fax/* -name '*.tif' -mtime +90 -exec rm {} \; + #find /usr/local/freeswitch/storage/fax/* -name '*.pdf' -mtime +90 -exec rm {} \; +fi +#delete from the database +#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '90 days'" + +#delete voicemail older than 90 days +if [ .$switch_package = .true ]; then + echo "."; + #find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +90 -exec rm {} \; + #find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +90 -exec rm {} \; +else + echo "."; + #find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.wav' -mtime +90 -exec rm {} \; + #find /usr/local/freeswitch/storage/voicemail/* -name 'msg_*.mp3' -mtime +90 -exec rm {} \; +fi +#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'" +#delete call detail records older 90 days +#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'" + +#completed message +echo "Maintenance Completed"; diff --git a/devuan/resources/colors.sh b/devuan/resources/colors.sh new file mode 100755 index 0000000..499a17b --- /dev/null +++ b/devuan/resources/colors.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +verbose () { + echo "${green}$1${normal}" +} +error () { + echo "${red}$1${normal}" + } +warning () { + echo "${yellow}$1${normal}" +} + +# check for color support +if test -t 1; then + + # see if it supports colors... + ncolors=$(tput colors) + + if test -n "$ncolors" && test $ncolors -ge 8; then + normal="$(tput sgr0)" + red="$(tput setaf 1)" + green="$(tput setaf 2)" + yellow="$(tput setaf 3)" + fi +fi diff --git a/devuan/resources/config.sh b/devuan/resources/config.sh new file mode 100755 index 0000000..de66d1e --- /dev/null +++ b/devuan/resources/config.sh @@ -0,0 +1,18 @@ + +# FusionPBX Settings +system_username=admin # default username admin +system_password=random # random or as a pre-set value +system_branch=stable # master, stable + +# FreeSWITCH Settings +switch_branch=stable # master, stable +switch_source=false # true or false +switch_package=true # true or false + +# Database Settings +database_password=random # random or as a pre-set value +database_repo=system # PostgresSQL official, system, 2ndquadrant +database_backup=false # true or false + +# General Settings +php_version=7 # PHP version 5 or 7 diff --git a/devuan/resources/environment.sh b/devuan/resources/environment.sh new file mode 100755 index 0000000..5ec856b --- /dev/null +++ b/devuan/resources/environment.sh @@ -0,0 +1,79 @@ +#!/bin/sh + +#operating system details +os_name=$(lsb_release -is) +os_codename=$(lsb_release -cs) +os_mode='unknown' + +#cpu details +cpu_name=$(uname -m) +cpu_architecture='unknown' +cpu_mode='unknown' + +if [ .$cpu_name = .'armv7l' ]; then + # RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time + os_mode='32' + cpu_mode='32' + cpu_architecture='arm' +elif [ .$cpu_name = .'armv8l' ]; then + # No test case for armv8l + os_mode='unknown' + cpu_mode='64' + cpu_architecture='arm' +elif [ .$cpu_name = .'i386' ]; then + os_mode='32' + if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then + cpu_mode='64' + else + cpu_mode='32' + fi + cpu_architecture='x86' +elif [ .$cpu_name = .'i686' ]; then + os_mode='32' + if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then + cpu_mode='64' + else + cpu_mode='32' + fi + cpu_architecture='x86' +elif [ .$cpu_name = .'x86_64' ]; then + os_mode='64' + if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then + cpu_mode='64' + else + cpu_mode='32' + fi + cpu_architecture='x86' +fi + +if [ .$cpu_architecture = .'arm' ]; then + if [ .$os_mode = .'32' ]; then + verbose "Correct CPU and Operating System detected, using the ARM repo" + elif [ .$os_mode = .'64' ]; then + error "You are using a 64bit arm OS this is unsupported" + switch_source=true + switch_package=false + else + error "Unknown OS mode $os_mode this is unsupported" + switch_source=true + switch_package=false + fi +elif [ .$cpu_architecture = .'x86' ]; then + if [ .$os_mode = .'32' ]; then + error "You are using a 32bit OS this is unsupported" + if [ .$cpu_mode = .'64' ]; then + warning " Your CPU is 64bit you should consider reinstalling with a 64bit OS" + fi + switch_source=true + switch_package=false + elif [ .$os_mode = .'64' ]; then + verbose "Correct CPU and Operating System detected" + else + error "Unknown Operating System mode $os_mode is unsupported" + switch_source=true + switch_package=false + fi +else + error "You are using a unsupported architecture $cpu_architecture" + exit 3 +fi diff --git a/devuan/resources/fail2ban.sh b/devuan/resources/fail2ban.sh new file mode 100755 index 0000000..6a55ebf --- /dev/null +++ b/devuan/resources/fail2ban.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Installing Fail2ban" + +#add the dependencies +apt-get -q -y install fail2ban + +#move the filters +cp fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf +cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf +cp fail2ban/freeswitch-404.conf /etc/fail2ban/filter.d/freeswitch-404.conf +cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf +cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf +cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf +cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf +cp fail2ban/jail.local /etc/fail2ban/jail.local + +#update config if source is being used +if [ .$switch_source = .true ]; then + sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local +fi + +/usr/sbin/service fail2ban restart + +# missing log file will show error diff --git a/devuan/resources/fail2ban/freeswitch-404.conf b/devuan/resources/fail2ban/freeswitch-404.conf new file mode 100755 index 0000000..ada405c --- /dev/null +++ b/devuan/resources/fail2ban/freeswitch-404.conf @@ -0,0 +1,27 @@ +# Fail2Ban configuration file +# inbound route - 404 not found + + +[Definition] + + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#failregex = [hostname] FusionPBX: \[\] authentication failed +#[hostname] variable doesn't seem to work in every case. Do this instead: +failregex = 404 not found + + +#EXECUTE sofia/external/8888888888888@example.fusionpbx.com log([inbound routes] 404 not found 82.68.115.62) + + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/devuan/resources/fail2ban/freeswitch-dos.conf b/devuan/resources/fail2ban/freeswitch-dos.conf new file mode 100755 index 0000000..3407183 --- /dev/null +++ b/devuan/resources/fail2ban/freeswitch-dos.conf @@ -0,0 +1,21 @@ +# Fail2Ban configuration file +# +# Author: soapee01 +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/devuan/resources/fail2ban/freeswitch-ip.conf b/devuan/resources/fail2ban/freeswitch-ip.conf new file mode 100755 index 0000000..3fee3b6 --- /dev/null +++ b/devuan/resources/fail2ban/freeswitch-ip.conf @@ -0,0 +1,20 @@ +# Fail2Ban configuration file +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#2014-12-01 00:47:54.331821 [WARNING] sofia_reg.c:2752 Can't find user [1000@xxx.xxx.xxx.xxx] from 62.210.151.162 +failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/devuan/resources/fail2ban/freeswitch.conf b/devuan/resources/fail2ban/freeswitch.conf new file mode 100755 index 0000000..b187b49 --- /dev/null +++ b/devuan/resources/fail2ban/freeswitch.conf @@ -0,0 +1,18 @@ +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip + \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = + diff --git a/devuan/resources/fail2ban/fusionpbx.conf b/devuan/resources/fail2ban/fusionpbx.conf new file mode 100755 index 0000000..ff1b5c9 --- /dev/null +++ b/devuan/resources/fail2ban/fusionpbx.conf @@ -0,0 +1,25 @@ +# Fail2Ban configuration file +# +# Author: soapee01 +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#failregex = [hostname] FusionPBX: \[\] authentication failed +#[hostname] variable doesn't seem to work in every case. Do this instead: +failregex = .* FusionPBX: \[\] authentication failed for + = .* FusionPBX: \[\] provision attempt bad password for + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = + diff --git a/devuan/resources/fail2ban/jail.local b/devuan/resources/fail2ban/jail.local new file mode 100755 index 0000000..d47dc0d --- /dev/null +++ b/devuan/resources/fail2ban/jail.local @@ -0,0 +1,113 @@ +[freeswitch-udp] +enabled = true +port = 5060,5061,5080,5081 +protocol = all +filter = freeswitch +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp] +maxretry = 5 +findtime = 600 +bantime = 600 +# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed + +[freeswitch-tcp] +enabled = true +port = 5060,5061,5080,5081 +protocol = all +filter = freeswitch +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp] +maxretry = 5 +findtime = 600 +bantime = 600 +# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed + +#[freeswitch-ip-tcp] +#enabled = true +#port = 5060,5061,5080,5081 +#protocol = all +#filter = freeswitch-ip +#logpath = /var/log/freeswitch/freeswitch.log +#action = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp] +#maxretry = 1 +#findtime = 30 +#bantime = 86400 + +#[freeswitch-ip-udp] +#enabled = true +#port = 5060,5061,5080,5081 +#protocol = all +#filter = freeswitch-ip +#logpath = /var/log/freeswitch/freeswitch.log +#action = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp] +#maxretry = 1 +#findtime = 30 +#bantime = 86400 + +[freeswitch-dos-udp] +enabled = true +port = 5060,5061,5080,5081 +protocol = all +filter = freeswitch-dos +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-multiport[name=freeswitch-dos-udp, port="5060,5061,5080,5081", protocol=udp] +maxretry = 50 +findtime = 30 +bantime = 6000 + +[freeswitch-dos-tcp] +enabled = true +port = 5060,5061,5080,5081 +protocol = all +filter = freeswitch-dos +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-multiport[name=freeswitch-dos-tcp, port="5060,5061,5080,5081", protocol=tcp] +maxretry = 50 +findtime = 30 +bantime = 6000 + +[freeswitch-404] +enabled = true +port = 5060,5061,5080,5081 +protocol = all +filter = freeswitch-404 +logpath = /var/log/freeswitch/freeswitch.log +action = iptables-allports[name=freeswitch-404, protocol=all] +maxretry = 3 +findtime = 300 +bantime = 86400 + +[fusionpbx] +enabled = true +port = 80,443 +protocol = tcp +filter = fusionpbx +logpath = /var/log/auth.log +action = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp] +# sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed +maxretry = 10 +findtime = 600 +bantime = 600 + +[nginx-404] +enabled = true +port = 80,443 +protocol = tcp +filter = nginx-404 +logpath = /var/log/nginx/access*.log +bantime = 600 +findtime = 60 +maxretry = 120 + +[nginx-dos] +# Based on apache-badbots but a simple IP check (any IP requesting more than +# 240 pages in 60 seconds, or 4p/s average, is suspicious) +# Block for two full days. +enabled = true +port = 80,443 +protocol = tcp +filter = nginx-dos +logpath = /var/log/nginx/access*.log +findtime = 60 +bantime = 172800 +maxretry = 240 diff --git a/devuan/resources/fail2ban/nginx-404.conf b/devuan/resources/fail2ban/nginx-404.conf new file mode 100755 index 0000000..f121f41 --- /dev/null +++ b/devuan/resources/fail2ban/nginx-404.conf @@ -0,0 +1,5 @@ +# Fail2Ban configuration file +# +[Definition] +failregex = - - \[.*\] "(GET|POST).*HTTP[^ ]* 404 +ignoreregex = diff --git a/devuan/resources/fail2ban/nginx-dos.conf b/devuan/resources/fail2ban/nginx-dos.conf new file mode 100755 index 0000000..6e2cd23 --- /dev/null +++ b/devuan/resources/fail2ban/nginx-dos.conf @@ -0,0 +1,14 @@ +# Fail2Ban configuration file + +[Definition] +# Option: failregex +# Notes.: Regexp to catch a generic call from an IP address. +# Values: TEXT +# +failregex = ^ -.*"(GET|POST).*HTTP.*"$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/devuan/resources/finish.sh b/devuan/resources/finish.sh new file mode 100755 index 0000000..a3215aa --- /dev/null +++ b/devuan/resources/finish.sh @@ -0,0 +1,147 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#database details +database_host=127.0.0.1 +database_port=5432 +database_username=fusionpbx +if [ .$database_password = .'random' ]; then + database_password="$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 20 | xargs)" +fi + +verbose "Create the database and users" + +# +# Install the database backup +# + +cp backup/fusionpbx-backup.sh /etc/cron.daily +chmod 755 /etc/cron.daily/fusionpbx-backup.sh +sed -i "s/zzz/${database_password}/g" /etc/cron.daily/fusionpbx-backup.sh + +# +# Move to /tmp to prevent a red herring error when running sudo with psql +# + +cwd=$(pwd) +cd /tmp + +# +# I'm not sure why we would do this when the databases don't exist yet. +# + +#sudo -u postgres psql -d fusionpbx -c "DROP SCHEMA public cascade;"; +#sudo -u postgres psql -d fusionpbx -c "CREATE SCHEMA public;"; + +sudo -u postgres psql -c "CREATE DATABASE fusionpbx;"; +sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;" + +# +# Maybe the freeswitch will use the freeswitch database in the future? +# Right now it's configured to use SQLite. +# So we will comment this out. +# + +#sudo -u postgres psql -c "CREATE DATABASE freeswitch;"; +#sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';" +#sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;" +#sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;" + +cd $cwd + +#add the config.php +mkdir -p /etc/fusionpbx +chown -R www-data:www-data /etc/fusionpbx +cp fusionpbx/config.php /etc/fusionpbx +sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:' +sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:" + +#add the database schema +cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1 + +#get the server hostname +#domain_name=$(hostname -f) + +#get the ip address +domain_name=$(hostname -I | cut -d ' ' -f1) + +#get a domain_uuid +domain_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); + +#allow the script to use the new password +export PGPASSWORD=$database_password + +#add the domain name +psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');" + +#app defaults - this is needed here otherwise group superadmin will not exist for "get the superadmin group_uuid" * +cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php + +#add the user +user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); +user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); +user_name=$system_username +if [ .$system_password = .'random' ]; then + user_password="$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 12 | xargs)" +else + user_password=$system_password +fi + +password_hash=$(php -r "echo md5('$user_salt$user_password');"); + +psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');" + +#get the superadmin group_uuid * +group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -t -c "select group_uuid from v_groups where group_name = 'superadmin';"); +group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//') + +#add the user to the group +group_user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); +group_name=superadmin +psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_group_users (group_user_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$group_user_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');" + +#update xml_cdr url, user and password +xml_cdr_username=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g') +xml_cdr_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g') +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:127.0.0.1:" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:" + +#app defaults - not sure if this needs to be executed again +cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php + +/usr/sbin/service freeswitch restart + +#welcome message +echo "" +echo "" +verbose "Installation has completed." +echo "" +echo " Use a web browser to login." +echo " domain name: https://$domain_name" +echo " username: $user_name" +echo " password: $user_password" +echo "" +echo " The domain name in the browser is used by default as part of the authentication." +echo " If you need to login to a different domain then use username@domain." +echo " username: $user_name@$domain_name"; +echo "" +echo " Official FusionPBX Training" +echo " Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com." +echo " Available online and in person. Includes documentation and recording." +echo "" +echo " Additional information." +echo " https://fusionpbx.com/support.php" +echo " https://www.fusionpbx.com" +echo " http://docs.fusionpbx.com" +echo "" diff --git a/devuan/resources/fusionpbx.sh b/devuan/resources/fusionpbx.sh new file mode 100755 index 0000000..4c546e8 --- /dev/null +++ b/devuan/resources/fusionpbx.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Installing FusionPBX" + +#install dependencies +apt-get install -qq -y git dbus haveged ssl-cert +apt-get install -qq -y ghostscript libtiff5-dev libtiff-tools + +if [ .$system_branch = "master" ]; then + verbose "Using master" + branch="" +else + system_major=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1) + system_minor=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $system_major.* | cut -d/ -f3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2) + system_version=$system_major.$system_minor + verbose "Using version $system_version" + branch="-b $system_version" +fi + +#get the source code +git clone $branch https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx +chown -R www-data:www-data /var/www/fusionpbx +chmod -R 755 /var/www/fusionpbx/secure diff --git a/devuan/resources/fusionpbx/config.php b/devuan/resources/fusionpbx/config.php new file mode 100755 index 0000000..22776fb --- /dev/null +++ b/devuan/resources/fusionpbx/config.php @@ -0,0 +1,45 @@ + + Portions created by the Initial Developer are Copyright (C) 2008-2016 + the Initial Developer. All Rights Reserved. + + Contributor(s): + Mark J Crane +*/ + +//set the database type + $db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection + +//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here. + //$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename + //$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable + +//pgsql: database connection information + $db_host = 'localhost'; //set the host only if the database is not local + $db_port = '5432'; + $db_name = 'fusionpbx'; + $db_username = '{database_username}'; + $db_password = '{database_password}'; + +//show errors + ini_set('display_errors', '1'); + //error_reporting (E_ALL); // Report everything + //error_reporting (E_ALL ^ E_NOTICE); // hide notices + error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings diff --git a/devuan/resources/iptables.sh b/devuan/resources/iptables.sh new file mode 100755 index 0000000..c663520 --- /dev/null +++ b/devuan/resources/iptables.sh @@ -0,0 +1,49 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +. ./config.sh +. ./colors.sh + +#send a message +verbose "Configuring IPTables" + +#run iptables commands +iptables -A INPUT -i lo -j ACCEPT +iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +iptables -A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm +iptables -A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "sipcli/" --algo bm +iptables -A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm +iptables -A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm +iptables -A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "sipcli/" --algo bm +iptables -A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm +iptables -A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm +iptables -A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "sipcli/" --algo bm +iptables -A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm +iptables -A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm +iptables -A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "sipcli/" --algo bm +iptables -A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm +iptables -A INPUT -p tcp --dport 22 -j ACCEPT +iptables -A INPUT -p tcp --dport 80 -j ACCEPT +iptables -A INPUT -p tcp --dport 443 -j ACCEPT +iptables -A INPUT -p tcp --dport 5060:5061 -j ACCEPT +iptables -A INPUT -p udp --dport 5060:5061 -j ACCEPT +iptables -A INPUT -p tcp --dport 5080:5081 -j ACCEPT +iptables -A INPUT -p udp --dport 5080:5081 -j ACCEPT +iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT +iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT +iptables -A INPUT -p udp --dport 1194 -j ACCEPT +iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46 +iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5081 -j DSCP --set-dscp 26 +iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5081 -j DSCP --set-dscp 26 +iptables -P INPUT DROP +iptables -P FORWARD DROP +iptables -P OUTPUT ACCEPT + +#answer the questions for iptables persistent +echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections +echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections +apt-get install -y -q iptables-persistent + +# update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults diff --git a/devuan/resources/letsencrypt.sh b/devuan/resources/letsencrypt.sh new file mode 100755 index 0000000..e603527 --- /dev/null +++ b/devuan/resources/letsencrypt.sh @@ -0,0 +1,80 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#request the domain and email +read -p 'Domain Name: ' domain_name +read -p 'Email Address: ' email_address +#domain_name=subdomain.domain.com +#email=username@domain.com + +#remove previous install +rm -R /opt/letsencrypt +rm -R /etc/letsencrypt + +#use php version 5 for arm +if [ .$cpu_architecture = .'arm' ]; then + php_version=5 +fi + +#enable fusionpbx nginx config +cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx + +#prepare socket name +if [ ."$php_version" = ."5" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g' +fi +if [ ."$php_version" = ."7" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g' +fi +ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx + +#read the config +/usr/sbin/nginx -t && /usr/sbin/nginx -s reload + +#install letsencrypt +git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt +chmod 755 /opt/letsencrypt/certbot-auto +/opt/letsencrypt/./certbot-auto +mkdir -p /etc/letsencrypt/configs +mkdir -p /var/www/letsencrypt/ + +#cd $pwd +#cd "$(dirname "$0")" + +#copy the domain conf +cp letsencrypt/domain_name.conf /etc/letsencrypt/configs/$domain_name.conf + +#update the domain_name and email_address +sed "s#{domain_name}#$domain_name#g" -i /etc/letsencrypt/configs/$domain_name.conf +sed "s#{email_address}#$email_address#g" -i /etc/letsencrypt/configs/$domain_name.conf + +#letsencrypt +#sed "s@#letsencrypt@location /.well-known/acme-challenge { root /var/www/letsencrypt; }@g" -i /etc/nginx/sites-available/fusionpbx + +#get the certs from letsencrypt +cd /opt/letsencrypt && ./letsencrypt-auto --config /etc/letsencrypt/configs/$domain_name.conf certonly + +#update nginx config +sed "s@ssl_certificate /etc/ssl/certs/nginx.crt;@ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx +sed "s@ssl_certificate_key /etc/ssl/private/nginx.key;@ssl_certificate_key /etc/letsencrypt/live/$domain_name/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx + +#read the config +/usr/sbin/nginx -t && /usr/sbin/nginx -s reload + +#combine the certs into all.pem +cat /etc/letsencrypt/live/$domain_name/cert.pem > /etc/letsencrypt/live/$domain_name/all.pem +cat /etc/letsencrypt/live/$domain_name/privkey.pem >> /etc/letsencrypt/live/$domain_name/all.pem +cat /etc/letsencrypt/live/$domain_name/chain.pem >> /etc/letsencrypt/live/$domain_name/all.pem + +#copy the certs to the switch tls directory +mkdir -p /etc/freeswitch/tls +cp /etc/letsencrypt/live/$domain_name/*.pem /etc/freeswitch/tls +cp /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem +chown -R www-data:www-data /etc/freeswitch diff --git a/devuan/resources/letsencrypt/domain_name.conf b/devuan/resources/letsencrypt/domain_name.conf new file mode 100755 index 0000000..a6705bf --- /dev/null +++ b/devuan/resources/letsencrypt/domain_name.conf @@ -0,0 +1,22 @@ +# the domain we want to get the cert for; +# technically it's possible to have multiple of this lines, but it only worked +# with one domain for me, another one only got one cert, so I would recommend +# separate config files per domain. +domains = {domain_name} + +# increase key size +rsa-key-size = 2048 # Or 4096 + +# the current closed beta (as of 2015-Nov-07) is using this server +server = https://acme-v01.api.letsencrypt.org/directory + +# this address will receive renewal reminders +email = {email_address} + +# turn off the ncurses UI, we want this to be run as a cronjob +text = True + +# authenticate by placing a file in the webroot (under .well-known/acme-challenge/) +# and then letting LE fetch it +authenticator = webroot +webroot-path = /var/www/letsencrypt/ diff --git a/devuan/resources/nginx.sh b/devuan/resources/nginx.sh new file mode 100755 index 0000000..6b6aff7 --- /dev/null +++ b/devuan/resources/nginx.sh @@ -0,0 +1,89 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Installing Nginx" + +#if [ ."$cpu_architecture" = ."arm" ]; then + #9.x - */stretch/ + #8.x - */jessie/ +#fi +if [ ."$php_version" = ."5" ]; then + #verbose "Switching forcefully to php5* packages" + which add-apt-repository || apt-get install -y software-properties-common + #LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php + #LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php5-compat + apt-get update +elif [ ."$os_name" = ."Ubuntu" ]; then + #16.10.x - */yakkety/ + #16.04.x - */xenial/ + #14.04.x - */trusty/ + if [ ."$os_codename" = ."trusty" ]; then + which add-apt-repository || apt-get install -y software-properties-common + LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php + apt-get -q update + fi +elif [ ."$cpu_architecture" = ."arm" ]; then + #Pi2 and Pi3 Raspbian + #Odroid + if [ ."$os_codename" = ."jessie" ]; then + echo "deb http://packages.moopi.uk/debian jessie main" > /etc/apt/sources.list.d/moopi.list + wget -O - http://packages.moopi.uk/debian/moopi.gpg.key | apt-key add - + apt-get -q update + fi +else + #9.x - */stretch/ + #8.x - */jessie/ + if [ ."$os_codename" = ."jessie" ]; then + echo "deb http://packages.dotdeb.org $os_codename all" > /etc/apt/sources.list.d/dotdeb.list + echo "deb-src http://packages.dotdeb.org $os_codename all" >> /etc/apt/sources.list.d/dotdeb.list + wget -O - https://www.dotdeb.org/dotdeb.gpg | apt-key add - + apt-get -q update + fi +fi + +#use php version 5 for arm +#if [ .$cpu_architecture = .'arm' ]; then +# php_version=5 +#fi + +#install dependencies +apt-get install -y -q nginx +if [ ."$php_version" = ."5" ]; then + apt-get install -y -q php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-mcrypt +fi +if [ ."$php_version" = ."7" ]; then + apt-get install -y -q php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-mcrypt php7.0-xml +fi + +#enable fusionpbx nginx config +cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx + +#prepare socket name +if [ ."$php_version" = ."5" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g' +fi +if [ ."$php_version" = ."7" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g' +fi +ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx + +#self signed certificate +ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key +ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt + +#remove the default site +rm /etc/nginx/sites-enabled/default + +#add the letsencrypt directory +mkdir -p /var/www/letsencrypt/ + +#restart nginx +service nginx restart diff --git a/devuan/resources/nginx/fusionpbx b/devuan/resources/nginx/fusionpbx new file mode 100755 index 0000000..6218dd4 --- /dev/null +++ b/devuan/resources/nginx/fusionpbx @@ -0,0 +1,201 @@ + +server{ + listen 127.0.0.1:80; + server_name 127.0.0.1; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 80M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Disable viewing .htaccess & .htpassword & .db + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } +} + +server { + listen 80; + server_name fusionpbx; + if ($uri !~* ^.*provision.*$) { + rewrite ^(.*) https://$host$1 permanent; + break; + } + + #REST api + if ($uri ~* ^.*/api/.*$) { + rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last; + break; + } + + #algo + rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last; + + #mitel + rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last; + rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last; + + #grandstream + rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1; + + #aastra + rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg; + #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last; + + #yealink common + rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg; + + #yealink mac + rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last; + + #polycom + rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg"; + #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2; + rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg"; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml"; + + #cisco + rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last; + + #Escene + rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last; + rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 80M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Disable viewing .htaccess & .htpassword & .db + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } +} + +server { + listen 443; + server_name fusionpbx; + ssl on; + ssl_certificate /etc/ssl/certs/nginx.crt; + ssl_certificate_key /etc/ssl/private/nginx.key; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!ADH:!MD5:!aNULL; + + #letsencrypt + location /.well-known/acme-challenge { + root /var/www/letsencrypt; + } + + #REST api + if ($uri ~* ^.*/api/.*$) { + rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last; + break; + } + + #algo + rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last; + + #mitel + rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last; + rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last; + + #grandstriam + rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1; + + #aastra + rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg; + #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last; + + #yealink common + rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg; + + #yealink mac + rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last; + + #polycom + rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg"; + #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2; + rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg"; + + #cisco + rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last; + + #Escene + rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last; + rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 80M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Disable viewing .htaccess & .htpassword & .db + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } +} diff --git a/devuan/resources/php.sh b/devuan/resources/php.sh new file mode 100755 index 0000000..edb0807 --- /dev/null +++ b/devuan/resources/php.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh + +#send a message +verbose "Configuring PHP" + +#update config if source is being used +if [ ."$php_version" = ."5" ]; then + verbose "version 5.x" + php_ini_file='/etc/php5/fpm/php.ini' +fi +if [ ."$php_version" = ."7" ]; then + verbose "version 7.0" + php_ini_file='/etc/php/7.0/fpm/php.ini' +fi +sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file +sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file + +#restart php-fpm +if [ ."$php_version" = ."5" ]; then + /usr/sbin/service php5-fpm restart +fi +if [ ."$php_version" = ."7" ]; then + /usr/sbin/service php7.0-fpm restart +fi diff --git a/devuan/resources/postgres.sh b/devuan/resources/postgres.sh new file mode 100755 index 0000000..129ba9d --- /dev/null +++ b/devuan/resources/postgres.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Installing PostgreSQL" + +#use the system database repo for arm +if [ .$cpu_architecture = .'arm' ]; then + database_repo="sip247" +fi + +apt-get install -q -y sudo + +#included in the distribution +if [ ."$database_repo" = ."system" ]; then + apt-get install -q -y postgresql +fi + +#postgres official repository +if [ ."$database_repo" = ."official" ]; then + verbose "Using official repos" + echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' > /etc/apt/sources.list.d/pgdg.list + wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - + apt-get -q update && apt-get upgrade -y + apt-get install -y postgresql +fi + +#Add PostgreSQL and BDR REPO +if [ ."$database_repo" = ."2ndquadrant" ]; then + verbose "Using 2ndquadrant.com repos" + echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' >> /etc/apt/sources.list.d/postgresql.list + echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' >> /etc/apt/sources.list.d/2ndquadrant.list + wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add - + wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add - + apt-get -q update && apt-get upgrade -y + apt-get install -y postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4 +fi + +#sip247 arm repository +if [ ."$database_repo" = ."sip247" ]; then + echo 'deb http://repo.sip247.com/debian/postgresql-armhf jessie main' > /etc/apt/sources.list.d/pgsql-sip247.list + wget --quiet -O - http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add - + apt-get -q update && apt-get upgrade -y + apt-get install -y postgresql +fi + +service postgresql restart diff --git a/devuan/resources/postgresql/bdr.sh b/devuan/resources/postgresql/bdr.sh new file mode 100755 index 0000000..f7d2e47 --- /dev/null +++ b/devuan/resources/postgresql/bdr.sh @@ -0,0 +1,144 @@ +#!/bin/sh + +# +# This doesn't seem to be currently in use (2017.04.25). +# + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh + +#set the date +now=$(date +%Y-%m-%d) + +#set the database password +if [ .$database_password = .'random' ]; then + database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +fi + +#show this server's addresses +server_address=$(hostname -I); +echo "This Server Address: $server_address" + +#nodes addresses +read -p "Enter all Node IP Addresses: " nodes + +#request the domain and email +read -p 'Create Group (true/false): ' group_create +if [ .$group_create = .true ]; then + read -p 'Enter this Nodes Address: ' node_1; +else + read -p 'Join using node already in group: ' node_1; + read -p 'Enter this Nodes Address: ' node_2; +fi + +#settings summary +echo "-----------------------------"; +echo " Summary"; +echo "-----------------------------"; +echo "Create Group: $group_create"; +echo "All Node IP Addresses: $nodes"; +if [ .$group_create = .true ]; then + echo "This Nodes Address: $node_1"; +else + echo "Join using node in group: $node_1;" + echo "This Node Address: $node_2"; +fi +echo ""; + +#verify +read -p 'Is the information correct (y/n): ' verified +if [ .$verified != ."y" ]; then + echo "Goodbye"; + exit 0; +fi + +#iptables rules +for node in $nodes; do + iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32 + iptables -A INPUT -j ACCEPT -p tcp --dport 8080 -s ${node}/32 +done +apt-get remove iptables-persistent -y +echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections +echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections +apt-get install -y iptables-persistent + +#setup ssl +sed -i /etc/postgresql/9.4/main/postgresql.conf -e s:'snakeoil.key:snakeoil-postgres.key:' +cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil-postgres.key +chown postgres:postgres /etc/ssl/private/ssl-cert-snakeoil-postgres.key +chmod 600 /etc/ssl/private/ssl-cert-snakeoil-postgres.key + +#postgresql.conf - append settings +cp /etc/postgresql/9.4/main/postgresql.conf /etc/postgresql/9.4/main/postgresql.conf-$now +cat ../postgresql/postgresql.conf > /etc/postgresql/9.4/main/postgresql.conf + +#pg_hba.conf - append settings +cp /etc/postgresql/9.4/main/pg_hba.conf /etc/postgresql/9.4/main/pg_hba.conf-$now +cat ../postgresql/pg_hba.conf > /etc/postgresql/9.4/main/pg_hba.conf +#chmod 640 /etc/postgresql/9.4/main/pg_hba.conf +#chown -R postgres:postgres /etc/postgresql/9.4/main +for node in $nodes; do + echo "hostssl all all ${node}/32 trust" >> /etc/postgresql/9.4/main/pg_hba.conf + echo "hostssl replication postgres ${node}/32 trust" >> /etc/postgresql/9.4/main/pg_hba.conf +done + +#reload configuration +systemctl daemon-reload + +#restart postgres +systemctl restart postgresql + +#set the working directory +cwd=$(pwd) +cd /tmp + +#add the database users and databases +sudo -u postgres psql -c "CREATE DATABASE fusionpbx;"; +sudo -u postgres psql -c "CREATE DATABASE freeswitch;"; + +#add the users and grant permissions +sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';" +sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$database_password';" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;" + +#add the postgres extensions +sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION btree_gist;"; +sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION bdr;"; +sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION btree_gist;"; +sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION bdr;"; + +#add master nodes +if [ .$group_create = .true ]; then + #add first node + sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');"; + sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');"; +else + #add additional master nodes + sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');"; + sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');"; +fi + +#load the freeswitch database +#sudo -u postgres psql -d freeswitch -f /var/www/fusionpbx/resources/install/sql/switch.sql -L /tmp/switch-sql.log + +#sleeping +if [ .$group_create = .false ]; then + echo "Sleeping for 15 seconds"; + for i in `seq 1 15`; do + echo $i + sleep 1 + done +fi + +#add extension pgcrypto +if [ .$group_create = .false ]; then + sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION pgcrypto;"; +fi + +#message to user +echo "Completed" diff --git a/devuan/resources/postgresql/pg_hba.conf b/devuan/resources/postgresql/pg_hba.conf new file mode 100644 index 0000000..8e8dae9 --- /dev/null +++ b/devuan/resources/postgresql/pg_hba.conf @@ -0,0 +1,97 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", +# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that +# "password" sends passwords in clear text; "md5" is preferred since +# it sends encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can +# use "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database superuser can access the database using some other method. +# Noninteractive access to all databases is required during automatic +# maintenance (custom daily cronjobs, replication, and similar tasks). +# +# Database administrative login by Unix domain socket +local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all peer +# IPv4 local connections: +host all all 127.0.0.1/32 trust +# IPv6 local connections: +host all all ::1/128 md5 +# Allow replication connections from localhost, by a user with the +# replication privilege. +#local replication postgres peer +#host replication postgres 127.0.0.1/32 md5 +#host replication postgres ::1/128 md5 diff --git a/devuan/resources/postgresql/postgresql.conf b/devuan/resources/postgresql/postgresql.conf new file mode 100644 index 0000000..e0c0b75 --- /dev/null +++ b/devuan/resources/postgresql/postgresql.conf @@ -0,0 +1,618 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, or use "pg_ctl reload". Some +# parameters, which are marked below, require a server shutdown and restart to +# take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +data_directory = '/var/lib/postgresql/9.4/main' # use data in another directory + # (change requires restart) +hba_file = '/etc/postgresql/9.4/main/pg_hba.conf' # host-based authentication file + # (change requires restart) +ident_file = '/etc/postgresql/9.4/main/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +external_pid_file = '/var/run/postgresql/9.4-main.pid' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +#listen_addresses = 'localhost' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +ssl = true # (change requires restart) +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + # (change requires restart) +#ssl_prefer_server_ciphers = on # (change requires restart) +#ssl_ecdh_curve = 'prime256v1' # (change requires restart) +#ssl_renegotiation_limit = 0 # amount of data between renegotiations +ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change requires restart) +ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil-postgres.key' # (change requires restart) +#ssl_ca_file = '' # (change requires restart) +#ssl_crl_file = '' # (change requires restart) +#password_encryption = on +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + +# - Disk - + +#temp_file_limit = -1 # limits per-session temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +#wal_level = minimal # minimal, archive, hot_standby, or logical + # (change requires restart) +#fsync = on # turns forced synchronization on or off +#synchronous_commit = on # synchronization level; + # off, local, remote_write, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each +#checkpoint_timeout = 5min # range 30s-1h +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # allows archiving to be done + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +#max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +#max_replication_slots = 0 # max number of replication slots +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = off # "on" allows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'pg_log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' + +# This is only relevant when logging to eventlog (win32): +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'UTC' + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#update_process_title = on +stats_temp_directory = '/var/run/postgresql/9.4-main.pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user",public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'UTC' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'en_US.UTF-8' # locale for system error message + # strings +lc_monetary = 'en_US.UTF-8' # locale for monetary formatting +lc_numeric = 'en_US.UTF-8' # locale for number formatting +lc_time = 'en_US.UTF-8' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#quote_all_identifiers = off +#sql_inheritance = on +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here +listen_addresses = '*' +#listen_addresses = '127.0.0.1,xxx.xxx.xxx.xxx' +shared_preload_libraries = 'bdr' +wal_level = 'logical' +track_commit_timestamp = on +max_connections = 100 +max_wal_senders = 10 +max_replication_slots = 48 +max_worker_processes = 48 diff --git a/devuan/resources/reboot_phones.sh b/devuan/resources/reboot_phones.sh new file mode 100755 index 0000000..17e6611 --- /dev/null +++ b/devuan/resources/reboot_phones.sh @@ -0,0 +1,37 @@ +#!/bin/bash +#This script will reboot all the phones in a particular domain for a specified model. A pause is optional. + +#gather parameters +read -p "Enter the Domain to Reboot (example: abc.net):" domain +read -p "Enter the phone type to reboot (polycom, yealink, cisco):" vendor +read -p "Enter the time in seconds to pause between phones:" pausetime + +#create a temp file +NOW=$(date +"%Y%m%d_%H%M%S") +FILE="registrations-$NOW.csv" + +#gather the registrations from freeswitch +eval 'fs_cli -x "show registrations" > $FILE' + +#create some variables +N=0 +ARR=() + +#set the internal field separator +IFS="," +INPUT=$FILE + +#Loop through the registrations and reboot +[ ! -f $INPUT ] &while read reg_user realm extra +do + if [ ."$realm" = ."$domain" ]; then + eval 'fs_cli -x "luarun app.lua event_notify internal reboot $reg_user@$realm $vendor"' + if [ "$pausetime" > 0 ]; then + sleep $pausetime + fi + fi +done < $INPUT +IFS=$OLDIFS + +#remove the file +rm $FILE diff --git a/devuan/resources/sngrep.sh b/devuan/resources/sngrep.sh new file mode 100755 index 0000000..3db06a9 --- /dev/null +++ b/devuan/resources/sngrep.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#add sngrep +if [ ."$cpu_architecture" = ."arm" ]; then + #source install + apt-get -q -y install git autoconf automake gcc make libncurses5-dev libpcap-dev libssl-dev libpcre3-dev + cd /usr/src && git clone https://github.com/irontec/sngrep + cd /usr/src/sngrep && ./bootstrap.sh + cd /usr/src/sngrep && ./configure + cd /usr/src/sngrep && make install +else + #package install + echo 'deb http://packages.irontec.com/debian jessie main' > /etc/apt/sources.list.d/sngrep.list + wget http://packages.irontec.com/public.key -q -O - | apt-key add - + apt-get -q update + apt-get -y -q install sngrep +fi diff --git a/devuan/resources/switch.sh b/devuan/resources/switch.sh new file mode 100755 index 0000000..ebaa5f5 --- /dev/null +++ b/devuan/resources/switch.sh @@ -0,0 +1,51 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh + +verbose "Installing FreeSWITCH" + +if [ .$switch_source = .true ]; then + if [ ."$switch_branch" = "master" ]; then + switch/source-master.sh + else + switch/source-release.sh + fi + + #copy the switch conf files to /etc/freeswitch + switch/conf-copy.sh + + #set the file permissions + switch/source-permissions.sh + + #sysvinit service + switch/source-sysvinit.sh +fi + +if [ .$switch_package = .true ]; then + if [ ."$switch_branch" = "master" ]; then + if [ .$switch_package_all = .true ]; then + switch/package-master-all.sh + else + switch/package-master.sh + fi + else + if [ .$switch_package_all = .true ]; then + switch/package-all.sh + else + switch/package-release.sh + fi + fi + + #copy the switch conf files to /etc/freeswitch + switch/conf-copy.sh + + #set the file permissions + switch/package-permissions.sh + + #sysvinit service + switch/package-sysvinit.sh +fi diff --git a/devuan/resources/switch/conf-copy.sh b/devuan/resources/switch/conf-copy.sh new file mode 100755 index 0000000..631eb0e --- /dev/null +++ b/devuan/resources/switch/conf-copy.sh @@ -0,0 +1,4 @@ +mv /etc/freeswitch /etc/freeswitch.orig +mkdir /etc/freeswitch +cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch +chown -R freeswitch:freeswitch /etc/freeswitch \ No newline at end of file diff --git a/devuan/resources/switch/package-all.sh b/devuan/resources/switch/package-all.sh new file mode 100755 index 0000000..90604b0 --- /dev/null +++ b/devuan/resources/switch/package-all.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh +. ../colors.sh +. ../environment.sh +. ../arguments.sh + +apt-get -q update && apt-get install -y -q ntp curl memcached haveged + +if [ ."$cpu_architecture" = ."arm" ]; then + echo "deb http://repo.sip247.com/debian/freeswitch-stable-armhf/ jessie main" > /etc/apt/sources.list.d/freeswitch.list + curl http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add - +else + echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list + curl http://files.freeswitch.org/repo/deb/freeswitch-1.6/key.gpg | apt-key add - +fi +apt-get -q update && apt-get install -y -q freeswitch-meta-all freeswitch-all-dbg gdb diff --git a/devuan/resources/switch/package-master-all.sh b/devuan/resources/switch/package-master-all.sh new file mode 100755 index 0000000..9dce196 --- /dev/null +++ b/devuan/resources/switch/package-master-all.sh @@ -0,0 +1,7 @@ +#!/bin/sh +apt-get update && apt-get install -y -q ntp curl memcached haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list +apt-get update && apt-get install -y -q freeswitch-meta-all freeswitch-all-dbg gdb + diff --git a/devuan/resources/switch/package-master.sh b/devuan/resources/switch/package-master.sh new file mode 100755 index 0000000..913756c --- /dev/null +++ b/devuan/resources/switch/package-master.sh @@ -0,0 +1,25 @@ +#!/bin/sh +apt-get update && apt-get install -y -q curl memcached haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list +apt-get update +apt-get install -y -q ntp gdb +apt-get install -y -q freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-sysvinit freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor +apt-get install -y -q freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie +apt-get install -y -q freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback +apt-get install -y -q freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi +apt-get install -y -q freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg +apt-get install -y -q freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say +apt-get install -y -q freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout +apt-get install -y -q freeswitch-mod-skypopen freeswitch-mod-skypopen-dbg freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache +apt-get install -y -q freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite +apt-get install -y -q freeswitch-music-default + +#remove the music package to protect music on hold from package updates +mkdir -p /usr/share/freeswitch/sounds/temp +mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp +apt-get remove -y -q freeswitch-music-default +mkdir -p /usr/share/freeswitch/sounds/music/default +mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default +rm -R /usr/share/freeswitch/sounds/temp diff --git a/devuan/resources/switch/package-permissions.sh b/devuan/resources/switch/package-permissions.sh new file mode 100755 index 0000000..a5d2b99 --- /dev/null +++ b/devuan/resources/switch/package-permissions.sh @@ -0,0 +1,8 @@ +#default permissions +# Devaun packages set this up correctly +#chown -R freeswitch:freeswitch /var/lib/freeswitch + +# I'm not sure this is the best place to put non-packaged files - leaving it as is for now +chown -R freeswitch:freeswitch /usr/share/freeswitch +touch /var/log/freeswitch/freeswitch.log +chown -R freeswitch:freeswitch /var/log/freeswitch \ No newline at end of file diff --git a/devuan/resources/switch/package-release.sh b/devuan/resources/switch/package-release.sh new file mode 100755 index 0000000..7a91ee0 --- /dev/null +++ b/devuan/resources/switch/package-release.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ../config.sh +. ../colors.sh +. ../environment.sh + +apt-get -qq -y install curl memcached haveged +if [ ."$cpu_architecture" = ."arm" ]; then + echo "deb http://repo.sip247.com/debian/freeswitch-stable-armhf/ jessie main" > /etc/apt/sources.list.d/freeswitch.list + curl http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add - + apt-get -q update +else + echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list + curl http://files.freeswitch.org/repo/deb/freeswitch-1.6/key.gpg | apt-key add - + apt-get -q update +fi + +apt-get -qq -y install gdb ntp +apt-get -qq -y install freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-sysvinit freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor +apt-get -qq -y install freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie +apt-get -qq -y install freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback +apt-get -qq -y install freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi +apt-get -qq -y install freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg +apt-get -qq -y install freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say +apt-get -qq -y install freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout +apt-get -qq -y install freeswitch-mod-skypopen freeswitch-mod-skypopen-dbg freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache +apt-get -qq -y install freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite +apt-get -qq -y install freeswitch-music-default +apt-get remove -q -y freeswitch-systemd + +#remove the music package to protect music on hold from package updates +mkdir -p /usr/share/freeswitch/sounds/temp +mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp +apt-get remove -y freeswitch-music-default +mkdir -p /usr/share/freeswitch/sounds/music/default +mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default +rm -R /usr/share/freeswitch/sounds/temp diff --git a/devuan/resources/switch/package-sysvinit.sh b/devuan/resources/switch/package-sysvinit.sh new file mode 100755 index 0000000..31daee1 --- /dev/null +++ b/devuan/resources/switch/package-sysvinit.sh @@ -0,0 +1,6 @@ +update-rc.d freeswitch enable +# +# If freeswitch is not restarted with the new config before finish.sh is run, +# upgrade_domains.php will not set the paths correctly on the default domain +# +service freeswitch restart \ No newline at end of file diff --git a/devuan/resources/switch/source-master.sh b/devuan/resources/switch/source-master.sh new file mode 100755 index 0000000..9f4af03 --- /dev/null +++ b/devuan/resources/switch/source-master.sh @@ -0,0 +1,40 @@ +#!/bin/sh +echo "Installing the FreeSWITCH source" +DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y -q ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev +apt-get install -y -q unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev + +apt-get update && apt-get install -y -q ntp curl haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +apt-get update && apt-get upgrade +apt-get install -y -q freeswitch-video-deps-most + +git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch +cd /usr/src/freeswitch + +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:' +./bootstrap.sh -j +#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs +./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs + +#make mod_shout-install +make +rm -rf /usr/local/freeswitch/{lib,mod,bin}/* +make install +make sounds-install moh-install +make hd-sounds-install hd-moh-install +make cd-sounds-install cd-moh-install + +#move the music into music/default directory +mkdir -p /usr/local/freeswitch/sounds/music/default +mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default + +#configure system service +ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli +cp "$(dirname $0)/source/freeswitch.service" /lib/systemd/system/freeswitch.service diff --git a/devuan/resources/switch/source-permissions.sh b/devuan/resources/switch/source-permissions.sh new file mode 100755 index 0000000..66c3f66 --- /dev/null +++ b/devuan/resources/switch/source-permissions.sh @@ -0,0 +1,6 @@ +#setup owner and group, permissions and sticky +chown -R www-data:www-data /usr/local/freeswitch +chmod -R ug+rw /usr/local/freeswitch +touch /var/log/freeswitch/freeswitch.log +chown -R www-data:www-data /var/log/freeswitch +find /usr/local/freeswitch -type d -exec chmod 2770 {} \; diff --git a/devuan/resources/switch/source-release.sh b/devuan/resources/switch/source-release.sh new file mode 100755 index 0000000..2adafa6 --- /dev/null +++ b/devuan/resources/switch/source-release.sh @@ -0,0 +1,66 @@ +#!/bin/sh + +echo "Installing the FreeSWITCH source" +DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y -q ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev +apt-get install -y -q ntp unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev + +# E: Unable to locate package libyuv-dev +# E: Unable to locate package libbroadvoice-dev +# E: Unable to locate package libcodec2-dev +# E: Unable to locate package libflite-dev +# E: Unable to locate package libg7221-dev +# E: Unable to locate package libilbc-dev +# E: Unable to locate package libmongoc-dev +# E: Unable to locate package libsilk-dev + +apt-get update && apt-get install -y -q curl haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +apt-get -q update && apt-get upgrade -y -q +apt-get install -y -q freeswitch-video-deps-most + +#we are about to move out of the executing directory so we need to preserve it to return after we are done +CWD=$(pwd) +#git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch +#git clone -b v1.6 https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch +SWITCH_MAJOR=$(git ls-remote --heads https://freeswitch.org/stash/scm/fs/freeswitch.git "v*" | cut -d/ -f 3 | grep -P '^v\d+\.\d+' | sort | tail -n 1| cut -dv -f2) +SWITCH_MINOR=$(git ls-remote --tags https://freeswitch.org/stash/scm/fs/freeswitch.git v$SWITCH_MAJOR.* | cut -d/ -f3 | cut -dv -f2 | cut -d. -f3 | sort -n | tail -n1) +SWITCH_VERSION=$SWITCH_MAJOR.$SWITCH_MINOR +echo "Using version $SWITCH_VERSION" +cd /usr/src +wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$SWITCH_VERSION.zip +unzip freeswitch-$SWITCH_VERSION.zip +rm -R freeswitch +mv freeswitch-$SWITCH_VERSION freeswitch +cd freeswitch + +#./bootstrap.sh -j +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:' +#./configure --help +#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs +./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs +#make mod_shout-install +make +rm -rf /usr/local/freeswitch/{lib,mod,bin}/* +make install +make sounds-install moh-install +make hd-sounds-install hd-moh-install +make cd-sounds-install cd-moh-install + +#move the music into music/default directory +mkdir -p /usr/local/freeswitch/sounds/music/default +mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default + +#return to the executing directory +cd $CWD + +#configure system service +ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli +cp "$(dirname $0)/source/freeswitch.init" /etc/init.d/freeswitch +chmod a+x /etc/init.d/freeswitch +cp "$(dirname $0)/source/etc.default.freeswitch /etc/default/freeswitch diff --git a/devuan/resources/switch/source-sysvinit.sh b/devuan/resources/switch/source-sysvinit.sh new file mode 100644 index 0000000..bfc4ebb --- /dev/null +++ b/devuan/resources/switch/source-sysvinit.sh @@ -0,0 +1,6 @@ +cp "$(dirname $0)/source/freeswitch.init" /etc/init.d/freeswitch +cp "$(dirname $0)/source/etc.default.freeswitch" /etc/default/freeswitch +update-rc.d freeswitch enable +service freeswitch restart + +echo "Please configure the sysvinit start up script from the source dir, test, and contribute code. Thank you." \ No newline at end of file diff --git a/devuan/resources/switch/source-to-package.sh b/devuan/resources/switch/source-to-package.sh new file mode 100755 index 0000000..e6d07d5 --- /dev/null +++ b/devuan/resources/switch/source-to-package.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +#make sure the etc fusionpbx directory exists +mkdir -p /etc/fusionpbx + +#remove init.d startup script +mv /etc/init.d/freeswitch /usr/src/init.d.freeswitch +update-rc.d -f freeswitch remove + +#add the the freeswitch package +$(dirname $0)/package-release.sh + +#install freeswitch systemd.d +$(dirname $0)/package-systemd.sh + +#update fail2ban +sed -i /etc/fail2ban/jail.local -e s:'/usr/local/freeswitch/log:/var/log/freeswitch:' +service fail2ban restart + +#move source files to package directories +rsync -avz /usr/local/freeswitch/conf/* /etc/freeswitch +rsync -avz /usr/local/freeswitch/recordings /var/lib/freeswitch +rsync -avz /usr/local/freeswitch/storage /var/lib/freeswitch +rsync -avz /usr/local/freeswitch/scripts /usr/share/freeswitch diff --git a/devuan/resources/switch/source/etc.default.freeswitch b/devuan/resources/switch/source/etc.default.freeswitch new file mode 100755 index 0000000..e4d275f --- /dev/null +++ b/devuan/resources/switch/source/etc.default.freeswitch @@ -0,0 +1,8 @@ +# /etc/default/freeswitch +FS_USER="www-data" +FS_GROUP="www-data" +DAEMON_OPTS="-nonat -ncwait -u www-data -g www-data -run /var/run/freeswitch" + +# this is the packaged version. But since the source install does not work. I've not tested any of this. +# /etc/default/freeswitch +#DAEMON_OPTS="-nonat" \ No newline at end of file diff --git a/devuan/resources/switch/source/freeswitch.init b/devuan/resources/switch/source/freeswitch.init new file mode 100644 index 0000000..2ef5b5e --- /dev/null +++ b/devuan/resources/switch/source/freeswitch.init @@ -0,0 +1,133 @@ +#!/bin/sh +### -*- mode:shell-script; indent-tabs-mode:nil; sh-basic-offset:2 -*- +### BEGIN INIT INFO +# Provides: freeswitch +# Required-Start: $network $remote_fs $local_fs +# Required-Stop: $network $remote_fs $local_fs +# Should-Start: postgresql mysql memcached mongodb +# Should-Stop: postgresql mysql memcached mongodb +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: FreeSWITCH Softswitch +# Description: FreeSWITCH Softswitch +### END INIT INFO + +# Author: Travis Cross + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC=freeswitch +NAME=freeswitch +DAEMON=/usr/bin/freeswitch +USER=freeswitch +DAEMON_ARGS="-u $USER -ncwait" +CONFDIR=/etc/$NAME +RUNDIR=/var/run/$NAME +PIDFILE=$RUNDIR/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +WORKDIR=/var/log/$NAME + +[ -x $DAEMON ] || exit 0 +[ -r /etc/default/$NAME ] && . /etc/default/$NAME +. /lib/init/vars.sh +. /lib/lsb/init-functions + +do_start() { + if ! [ -f $CONFDIR/freeswitch.xml ]; then + echo "$NAME is not configured so not starting.">&2 + echo "Please add configuration under /etc/freeswitch">&2 + echo "e.g. Install freeswitch-conf-vanilla, then:">&2 + echo "cp -a /usr/share/freeswitch/conf/vanilla /etc/freeswitch">&2 + return 3 + fi + + # Directory in /var/run may disappear on reboot (e.g. when tmpfs used for /var/run). + mkdir -p $RUNDIR + chown -R $USER: $RUNDIR + chmod -R ug=rwX,o= $RUNDIR + + start-stop-daemon --start --quiet \ + --pidfile $PIDFILE --exec $DAEMON --name $NAME --user $USER \ + --test > /dev/null \ + || return 1 + ulimit -s 240 + start-stop-daemon --start --quiet \ + --pidfile $PIDFILE --exec $DAEMON --name $NAME --user $USER \ + --chdir $WORKDIR -- $DAEMON_ARGS $DAEMON_OPTS \ + || return 2 + return 0 +} + +stop_fs() { + start-stop-daemon --stop --quiet \ + --pidfile $PIDFILE --name $NAME --user $USER \ + --retry=TERM/30/KILL/5 +} + +stop_fs_children() { + start-stop-daemon --stop --quiet \ + --exec $DAEMON \ + --oknodo --retry=0/30/KILL/5 +} + +do_stop() { + stop_fs + RETVAL="$?" + [ "$RETVAL" -eq 2 ] && return 2 + stop_fs_children + [ "$?" -eq 2 ] && return 2 + rm -f $PIDFILE + return "$RETVAL" +} + +do_reload() { + start-stop-daemon --stop --quiet \ + --pidfile $PIDFILE --name $NAME --user $USER \ + --signal HUP +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1|*) log_end_msg 1 ;; + esac + ;; + *) log_end_msg 1 ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +exit 0 \ No newline at end of file