Devuan: update all install scripts from debian (#390)

* devuan: pull fail2ban updates from debian installer

* devuan: merge updates to postgresql.sh from debian

* devuan: pull updated resources/backup scripts from debian

* devuan: merge and update php installer scripts

* devuan: merged changes to reset_admin_password.sh from debian

* devuan: fix release name typo for chimaera

* devuan: merge iptables changes from debian

* devuan: merge nginx changes from debian

* devuan: merge letsencrypt.sh from debian

* devuan: merge main install scripts and config from debian

* devuan: simplify sngrep install, its in all maintained releases

* devuan: merge main install script updates from debian

* devuan: finish.sh: use /usr/sbin/service for restart

* devuan: postgresql.sh: fix syntax error

* devuan: update and unify sysvinit setup

there is no sysvinit package available from freeswitch,
usethe same init and defaults file for package and source install

* devuan: add equvalent debian releasesto environment.sh

* devuan: merge changes to switch* from debian

* devuan: switch: use os_codenam_debian to add repos

* devuan: olny stop ufw if it was installed

* devuan: update config.sh defaults

* devuan: remove systemd-specifics from switch package installation

* devuan: install postgres before freeswitch

* devuan: removed libyuv-dev installation, embedded in freeswitch

* devuan: fix failing move of freeswitch music

* devuan: removed another libyuv-dev installation, embedded in freeswitch

* devuan: revert freeswitch script dir setting in /etc/default

* devuan: Enable mod_av for the install. (#389)

* devuan: merge improved nginx ssl settings (#388)

devuan/install.sh

@@ -15,19 +15,35 @@ verbose "Update installed packages"
 apt-get -q update && apt-get -q --assume-yes upgrade
 
 #Add dependencies
-apt-get install -q -y lsb-release sudo
+apt-get install -y wget
+apt-get install -y lsb-release
+apt-get install -y ca-certificates
+apt-get install -y dialog
+apt-get install -y nano
+apt-get install -y net-tools
+
+#SNMP
+apt-get install -y snmpd
+echo "rocommunity public" > /etc/snmp/snmpd.conf
+service snmpd restart
 
 #IPTables
 resources/iptables.sh
 
+#Optional CLI SIP monitoring tool
+resources/sngrep.sh
+
 #FusionPBX
 resources/fusionpbx.sh
 
+#PHP
+resources/php.sh
+
 #NGINX web server
 resources/nginx.sh
 
-#PHP
+#Postgres
-resources/php.sh
+resources/postgresql.sh
 
 #FreeSWITCH
 resources/switch.sh
@@ -35,22 +51,8 @@ resources/switch.sh
 #Fail2ban
 resources/fail2ban.sh
 
-#Optional CLI SIP monitoring tool
+#set the ip address
-resources/sngrep.sh
+server_address=$(hostname -I)
-
-#Postgres
-resources/postgresql.sh
-
-#restart services
-if [ ."$php_version" = ."5" ]; then
-        service php5-fpm restart
-fi
-if [ ."$php_version" = ."7" ]; then
-        service php7.0-fpm restart
-fi
-
-service nginx restart
-service fail2ban restart
 
 #add the database schema, user and groups
 resources/finish.sh

devuan/resources/backup/fusionpbx-backup

@@ -19,9 +19,9 @@ find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm {} \;
 pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
 
 #package
-tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch
+#tar --exclude='/var/lib/freeswitch/recordings/*/archive' -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch /usr/share/freeswitch/sounds/music/
 
 #source
-#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf
+#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf /usr/local/freeswitch/sounds/music/
 
 echo "Backup Completed"

devuan/resources/backup/fusionpbx-maintenance

@@ -0,0 +1,119 @@
+#!/bin/sh
+
+#settings
+export PGPASSWORD="zzz"
+db_host=127.0.0.1
+db_port=5432
+switch_package=true # true or false
+
+purge_voicemail=false
+purge_call_recordings=false
+purge_cdrs=false
+purge_fax=false
+purge_switch_logs=true
+purge_php_sessions=true
+purge_database_transactions=true
+
+days_keep_voicemail=90
+days_keep_call_recordings=90
+days_keep_cdrs=90
+days_keep_fax=90
+days_keep_switch_logs=7
+days_keep_php_sessions=8
+days_keep_database_transactions=30
+
+#set the date
+now=$(date +%Y-%m-%d)
+
+#make sure the directory exists
+if [ -e /var/backups/fusionpbx/postgresql ]; then
+	echo "postgres backup directory exists"
+else
+	mkdir -p /var/backups/fusionpbx/postgresql
+fi
+
+#show message to the console
+echo "Maintenance Started"
+
+if [ .$purge_switch_logs = .true ]; then
+	#delete freeswitch logs older 7 days
+	if [ .$switch_package = .true ]; then
+		find /var/log/freeswitch/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
+	else
+		find /usr/local/freeswitch/log/freeswitch.log.* -mtime +$days_keep_switch_logs -exec rm {} \;
+	fi
+else
+	echo "not purging Freeswitch logs"
+fi
+
+if [ .$purge_fax = .true ]; then
+	#delete fax older than 90 days
+	if [ .$switch_package = .true ]; then
+		echo ".";
+		find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
+		find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
+	else
+		echo ".";
+		find /usr/local/freeswitch/storage/fax/*  -name '*.tif' -mtime +$days_keep_fax -exec rm {} \;
+		find /usr/local/freeswitch/storage/fax/*  -name '*.pdf' -mtime +$days_keep_fax -exec rm {} \;
+	fi
+	#delete from the database
+	psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
+	psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_logs WHERE fax_date < NOW() - INTERVAL '$days_keep_fax days'"
+else
+	echo "not purging Faxes"
+fi
+
+if [ .$purge_call_recordings = .true ]; then
+	#delete call recordings older than 90 days
+	if [ .$switch_package = .true ]; then
+		find /var/lib/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
+		find /var/lib/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
+	else
+		find /usr/local/freeswitch/recordings/*/archive/*  -name '*.wav' -mtime +$days_keep_call_recordings -exec rm {} \;
+		find /usr/local/freeswitch/recordings/*/archive/*  -name '*.mp3' -mtime +$days_keep_call_recordings -exec rm {} \;
+	fi
+	psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_call_recordings WHERE call_recording_date < NOW() - INTERVAL '90 days'"
+else
+	echo "not purging Recordings."
+fi
+
+if [ .$purge_voicemail = .true ]; then
+	#delete voicemail older than 90 days
+	if [ .$switch_package = .true ]; then
+		echo ".";
+		find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
+		find /var/lib/freeswitch/storage/voicemail/default/*  -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
+	else
+		echo ".";
+		find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.wav' -mtime +$days_keep_voicemail -exec rm {} \;
+		find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.mp3' -mtime +$days_keep_voicemail -exec rm {} \;
+	fi
+	psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '$days_keep_voicemail days'"
+else
+	echo "not purging voicemails."
+fi
+
+if [ .$purge_cdrs = .true ]; then
+	#delete call detail records older 90 days
+	psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '$days_keep_cdrs days'"
+else
+        echo "not purging CDRs."
+fi
+
+#delete php sessions
+if [ .$purge_php_sessions = .true ]; then
+	find /var/lib/php/sessions/*  -name 'sess_*' -mtime +$days_keep_php_sessions -exec rm {} \;
+else
+        echo "not purging PHP Sessions."
+fi
+
+#delete database_transactions older 90 days
+if [ .$purge_database_transactions = .true ]; then
+	psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_database_transactions where transaction_date < NOW() - INTERVAL '$days_keep_database_transactions days'"
+else
+        echo "not purging database_transactions."
+fi
+
+#completed message
+echo "Maintenance Completed";

devuan/resources/backup/fusionpbx-maintenance.sh

@@ -1,54 +0,0 @@
-#!/bin/sh
-
-#settings
-#export PGPASSWORD="zzzzz"
-db_host=127.0.0.1
-db_port=5432
-switch_package=true # true or false
-
-#set the date
-now=$(date +%Y-%m-%d)
-
-#make sure the directory exists
-mkdir -p /var/backups/fusionpbx/postgresql
-
-#show message to the console
-echo "Maintenance Started"
-
-#delete freeswitch logs older 7 days
-if [ .$switch_package = .true ]; then
-	find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;
-else
-	find /usr/local/freeswitch/log/freeswitch.log.* -mtime +7 -exec rm {} \;
-fi
-
-#delete fax older than 90 days
-if [ .$switch_package = .true ]; then
-	echo ".";
-	#find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \;
-	#find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \;
-else
-	echo ".";
-	#find /usr/local/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \;
-	#find /usr/local/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \;
-fi
-#delete from the database
-#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '90 days'"
-#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_logs WHERE fax_date < NOW() - INTERVAL '90 days'"
-
-#delete voicemail older than 90 days
-if [ .$switch_package = .true ]; then
-	echo ".";
-	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
-	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
-else
-	echo ".";
-	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
-	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
-fi
-#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"
-#delete call detail records older 90 days
-#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"
-
-#completed message
-echo "Maintenance Completed";

devuan/resources/config.sh

@@ -1,18 +1,26 @@
 
 # FusionPBX Settings
+domain_name=ip_address                      # hostname, ip_address or a custom value
 system_username=admin                       # default username admin
-system_password=random          # random or as a pre-set value
+system_password=random                      # random or a custom value
-system_branch=stable            # master, stable
+system_branch=master                        # master, stable
 
 # FreeSWITCH Settings
 switch_branch=stable                        # master, stable
-switch_source=false             # true or false
+switch_source=false                         # true (source compile) or false (binary package)
-switch_package=true             # true or false
+switch_package=true                         # true (binary package) or false (source compile)
-
+switch_version=1.10.7                       # which source code to download, only for source
+switch_tls=true                             # true or false
+switch_token=                               # Get the auth token from https://signalwire.com
+                                            # Signup or Login -> Profile -> Personal Auth Token
 # Database Settings
-database_password=random        # random or as a pre-set value
+database_password=random                    # random or a custom value (safe characters A-Z, a-z, 0-9)
 database_repo=system                        # PostgreSQL official, system, 2ndquadrant
+database_version=latest                     # requires repo official
+database_host=127.0.0.1                     # hostname or IP address
+database_port=5432                          # port number
 database_backup=false                       # true or false
 
 # General Settings
-php_version=7                   # PHP version 5 or 7
+php_version=7.4                             # PHP version 7.3, 7.4
+letsencrypt_folder=false                    # true or false

devuan/resources/environment.sh

@@ -10,8 +10,25 @@ cpu_name=$(uname -m)
 cpu_architecture='unknown'
 cpu_mode='unknown'
 
+#set the environment path
+export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+#debian release name
+if [ .$os_codename = .'chimaera' ]; then
+    os_codename_debian='bullseye'
+elif [ .$os_codename = .'beowulf' ]; then
+    os_codename_debian='buster'
+else
+    warning "couldn't set a matching debian codename, are you using an old devuan release?"
+fi
+
 #check what the CPU and OS are
-if [ .$cpu_name = .'armv7l' ]; then
+if [ .$cpu_name = .'armv6l' ]; then
+	# RaspberryPi Zero
+	os_mode='32'
+	cpu_mode='32'
+	cpu_architecture='arm'
+elif [ .$cpu_name = .'armv7l' ]; then
 	# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
 	os_mode='32'
 	cpu_mode='32'
@@ -21,6 +38,10 @@ elif [ .$cpu_name = .'armv8l' ]; then
 	os_mode='unknown'
 	cpu_mode='64'
 	cpu_architecture='arm'
+elif [ .$cpu_name = .'aarch64' ]; then
+	os_mode='64'
+	cpu_mode='64'
+	cpu_architecture='arm'
 elif [ .$cpu_name = .'i386' ]; then
 	os_mode='32'
 	if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then

devuan/resources/fail2ban.sh

@@ -15,20 +15,23 @@ verbose "Installing Fail2ban"
 apt-get -q -y install fail2ban
 
 #move the filters
-cp fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf
-cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
-cp fail2ban/freeswitch-404.conf /etc/fail2ban/filter.d/freeswitch-404.conf
 cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
+cp fail2ban/freeswitch-acl.conf /etc/fail2ban/filter.d/freeswitch-acl.conf
+cp fail2ban/sip-auth-failure.conf /etc/fail2ban/filter.d/sip-auth-failure.conf
+cp fail2ban/sip-auth-challenge.conf /etc/fail2ban/filter.d/sip-auth-challenge.conf
+cp fail2ban/auth-challenge-ip.conf /etc/fail2ban/filter.d/auth-challenge-ip.conf
+cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
 cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
+cp fail2ban/fusionpbx-mac.conf /etc/fail2ban/filter.d/fusionpbx-mac.conf
+cp fail2ban/fusionpbx-404.conf /etc/fail2ban/filter.d/fusionpbx-404.conf
 cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
 cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
 cp fail2ban/jail.local /etc/fail2ban/jail.local
 
 #update config if source is being used
-if [ .$switch_source = .true ]; then
+#if [ .$switch_source = .true ]; then
-	sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
+#	sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
-fi
+#fi
 
+#restart fail2ban
 /usr/sbin/service fail2ban restart
-
-# missing log file will show error

devuan/resources/fail2ban/auth-challenge-ip.conf

@@ -0,0 +1,21 @@
+# Fail2Ban configuration file
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#[WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [+972592277524@xxx.xxx.xxx.xxx] from ip 209.160.120.12 
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \((INVITE|REGISTER)\) on sofia profile \'.*\' for \[.*@\d+.\d+.\d+.\d+\] from ip <HOST>
+
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

devuan/resources/fail2ban/freeswitch-acl.conf

@@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#2021-02-03 16:27:57.292697 [WARNING] sofia_reg.c:2353 IP 62.210.78.91 Rejected by register acl "domains"
+failregex = \[WARNING\] sofia_reg.c:\d+ IP <HOST> Rejected by register acl
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

devuan/resources/fail2ban/fusionpbx-mac.conf

@@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#Oct  9 02:56:16 m1 fusionpbx-provision[28628]: [10.0.0.1] invalid mac address 000000000000
+failregex = \[<HOST>\] invalid mac address 
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

devuan/resources/fail2ban/jail.local

@@ -1,80 +1,97 @@
-[freeswitch-udp]
+[ssh]
 enabled  = true
-port     = 5060,5061,5080,5081
+port     = 22
+protocol = ssh
+filter   = sshd
+logpath  = /var/log/auth.log
+action   = iptables-allports[name=sshd, protocol=all]
+maxretry = 6
+findtime = 60
+bantime  = 86400
+
+[freeswitch]
+enabled  = true
+port     = 5060:5091
 protocol = all
 filter   = freeswitch
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
-maxretry = 5
+action   = iptables-allports[name=freeswitch, protocol=all]
-findtime = 600
+maxretry = 10
-bantime  = 600
+findtime = 60
+bantime  = 3600
 #          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
 
-[freeswitch-tcp]
+[freeswitch-acl]
 enabled  = true
-port     = 5060,5061,5080,5081
+port     = 5060:5091
 protocol = all
-filter   = freeswitch
+filter   = freeswitch-acl
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
-maxretry = 5
+action   = iptables-allports[name=freeswitch-acl, protocol=all]
-findtime = 600
+maxretry = 900
-bantime  = 600
+findtime = 60
-#          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
+bantime  = 86400
 
-[freeswitch-ip-tcp]
+[freeswitch-ip]
 enabled  = false
-port     = 5060,5061,5080,5081
+port     = 5060:5091
 protocol = all
 filter   = freeswitch-ip
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
+action   = iptables-allports[name=freeswitch-ip, protocol=all]
 maxretry = 1
-findtime = 30
+findtime = 60
 bantime  = 86400
 
-[freeswitch-ip-udp]
+[auth-challenge-ip]
 enabled  = false
-port     = 5060,5061,5080,5081
+port     = 5060:5091
 protocol = all
-filter   = freeswitch-ip
+filter   = auth-challenge-ip
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
+action   = iptables-allports[name=auth-challenge-ip, protocol=all]
 maxretry = 1
-findtime = 30
+findtime = 60
 bantime  = 86400
 
-[freeswitch-dos-udp]
+[sip-auth-challenge]
-enabled  = true
-port     = 5060,5061,5080,5081
-protocol = all
-filter   = freeswitch-dos
-logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-dos-udp, port="5060,5061,5080,5081", protocol=udp]
-maxretry = 50
-findtime = 30
-bantime  = 6000
-
-[freeswitch-dos-tcp]
-enabled  = true
-port     = 5060,5061,5080,5081
-protocol = all
-filter   = freeswitch-dos
-logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-multiport[name=freeswitch-dos-tcp, port="5060,5061,5080,5081", protocol=tcp]
-maxretry = 50
-findtime = 30
-bantime  = 6000
-
-[freeswitch-404]
 enabled  = false
-port     = 5060,5061,5080,5081
+port     = 5060:5091
 protocol = all
-filter   = freeswitch-404
+filter   = sip-auth-challenge
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-allports[name=freeswitch-404, protocol=all]
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
-maxretry = 3
+action   = iptables-allports[name=sip-auth-challenge, protocol=all]
-findtime = 300
+maxretry = 100
+findtime = 60
+bantime  = 7200
+
+[sip-auth-failure]
+enabled  = true
+port     = 5060:5091
+protocol = all
+filter   = sip-auth-failure
+logpath  = /var/log/freeswitch/freeswitch.log
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
+action   = iptables-allports[name=sip-auth-failure, protocol=all]
+maxretry = 6
+findtime = 60
+bantime  = 7200
+
+[fusionpbx-404]
+enabled  = false
+port     = 5060:5091
+protocol = all
+filter   = fusionpbx-404
+logpath  = /var/log/freeswitch/freeswitch.log
+#logpath  = /usr/local/freeswitch/log/freeswitch.log
+action   = iptables-allports[name=fusionpbx-404, protocol=all]
+maxretry = 6
+findtime = 60
 bantime  = 86400
 
 [fusionpbx]
@@ -83,11 +100,23 @@ port     = 80,443
 protocol = tcp
 filter   = fusionpbx
 logpath  = /var/log/auth.log
-action   = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp]
+action   = iptables-allports[name=fusionpbx, protocol=all]
 #          sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
+maxretry = 20
+findtime = 60
+bantime  = 3600
+
+[fusionpbx-mac]
+enabled  = true
+port     = 80,443
+protocol = tcp
+filter   = fusionpbx-mac
+logpath  = /var/log/syslog
+action   = iptables-allports[name=fusionpbx-mac, protocol=all]
+#          sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed
 maxretry = 10
-findtime = 600
+findtime = 60
-bantime  = 600
+bantime  = 86400
 
 [nginx-404]
 enabled  = true
@@ -95,19 +124,20 @@ port     = 80,443
 protocol = tcp
 filter   = nginx-404
 logpath  = /var/log/nginx/access*.log
+action   = iptables-allports[name=nginx-404, protocol=all]
 bantime  = 3600
 findtime = 60
-maxretry = 120
+maxretry = 300
 
 [nginx-dos]
 # Based on apache-badbots but a simple IP check (any IP requesting more than
 # 300 pages in 60 seconds, or 5p/s average, is suspicious)
-# Block for two full days.
 enabled  = true
 port     = 80,443
 protocol = tcp
 filter   = nginx-dos
 logpath  = /var/log/nginx/access*.log
+action   = iptables-allports[name=nginx-dos, protocol=all]
 findtime = 60
 bantime  = 86400
-maxretry = 300
+maxretry = 800

devuan/resources/fail2ban/sip-auth-failure.conf

@@ -0,0 +1,21 @@
+# Fail2Ban configuration file
+#
+# Author: soapee01
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

devuan/resources/finish.sh

@@ -6,64 +6,29 @@ cd "$(dirname "$0")"
 #includes
 . ./config.sh
 . ./colors.sh
-. ./environment.sh
 
 #database details
-database_host=127.0.0.1
-database_port=5432
 database_username=fusionpbx
 if [ .$database_password = .'random' ]; then
-    database_password="$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 20 | xargs)"
+	database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
 fi
 
-verbose "Create the database and users"
+#allow the script to use the new password
+export PGPASSWORD=$database_password
 
-#
+#update the database password
-# Install the database backup scripts
+#sudo -u postgres psql --host=$database_host --port=$database_port --username=$database_username -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
-#
+#sudo -u postgres psql --host=$database_host --port=$database_port --username=$database_username -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
+sudo -u postgres psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';"
+sudo -u postgres psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';"
 
-cp backup/fusionpbx-backup.sh /etc/cron.daily
+#install the database backup
-chmod 755 /etc/cron.daily/fusionpbx-backup.sh
+cp backup/fusionpbx-backup /etc/cron.daily
-sed -i "s/zzz/${database_password}/g" /etc/cron.daily/fusionpbx-backup.sh
+cp backup/fusionpbx-maintenance /etc/cron.daily
-
+chmod 755 /etc/cron.daily/fusionpbx-backup
-#
+chmod 755 /etc/cron.daily/fusionpbx-maintenance
-# Install the maintenance script
+sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-backup
-#
+sed -i "s/zzz/$database_password/g" /etc/cron.daily/fusionpbx-maintenance
-
-cp backup/fusionpbx-maintenance.sh /etc/cron.daily
-chmod 755 /etc/cron.daily/fusionpbx-maintenance.sh
-sed -i "s/zzz/${database_password}/g" /etc/cron.daily/fusionpbx-maintenance.sh
-
-#
-# Move to /tmp to prevent a red herring error when running sudo with psql
-#
-
-cwd=$(pwd)
-cd /tmp
-
-#
-# I'm not sure why we would do this when the databases don't exist yet.
-#
-
-#sudo -u postgres psql -d fusionpbx -c "DROP SCHEMA public cascade;";
-#sudo -u postgres psql -d fusionpbx -c "CREATE SCHEMA public;";
-
-sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
-sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';"
-sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
-
-#
-# Maybe the freeswitch will use the freeswitch database in the future?
-# Right now it's configured to use SQLite.
-# So we will comment this out.
-#
-
-#sudo -u postgres psql -c "CREATE DATABASE freeswitch;";
-#sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
-#sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
-#sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
-
-cd $cwd
 
 #add the config.php
 mkdir -p /etc/fusionpbx
@@ -77,21 +42,22 @@ sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:"
 cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1
 
 #get the server hostname
-#domain_name=$(hostname -f)
+if [ .$domain_name = .'hostname' ]; then
+	domain_name=$(hostname -f)
+fi
 
 #get the ip address
-domain_name=$(hostname -I | cut -d ' ' -f1)
+if [ .$domain_name = .'ip_address' ]; then
+	domain_name=$(hostname -I | cut -d ' ' -f1)
+fi
 
-#get a domain_uuid
+#get the domain_uuid
 domain_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
 
-#allow the script to use the new password
-export PGPASSWORD=$database_password
-
 #add the domain name
 psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');"
 
-#app defaults - this is needed here otherwise group superadmin will not exist for "get the superadmin group_uuid" *
+#app defaults
 cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
 
 #add the user
@@ -99,45 +65,47 @@ user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
 user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
 user_name=$system_username
 if [ .$system_password = .'random' ]; then
-	user_password="$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 12 | xargs)"
+	user_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
 else
 	user_password=$system_password
 fi
-
 password_hash=$(php -r "echo md5('$user_salt$user_password');");
-
 psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');"
 
-#get the superadmin group_uuid *
+#get the superadmin group_uuid
-group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -t -c "select group_uuid from v_groups where group_name = 'superadmin';");
+#echo "psql --host=$database_host --port=$database_port --username=$database_username -qtAX -c \"select group_uuid from v_groups where group_name = 'superadmin';\""
-group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')
+group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -qtAX -c "select group_uuid from v_groups where group_name = 'superadmin';");
 
 #add the user to the group
 user_group_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
 group_name=superadmin
 if [ .$system_branch = .'master' ]; then
+	#echo "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
 	psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_user_groups (user_group_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
 else
 	psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_group_users (group_user_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$user_group_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
 fi
 #update xml_cdr url, user and password
-xml_cdr_username=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
+xml_cdr_username=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
-xml_cdr_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
+xml_cdr_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
 sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:"
-sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:127.0.0.1:"
+sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:$database_host:"
 sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::"
 sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:"
 sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:"
 
-#app defaults - not sure if this needs to be executed again
+#app defaults
-cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
+cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade.php
 
+#restart freeswitch
 /usr/sbin/service freeswitch restart
 
 #welcome message
 echo ""
 echo ""
-verbose "Installation has completed."
+verbose "Installation Notes. "
+echo ""
+echo "   Please save the this information and reboot this system to complete the install. "
 echo ""
 echo "   Use a web browser to login."
 echo "      domain name: https://$domain_name"

devuan/resources/fusionpbx.sh

@@ -6,16 +6,15 @@ cd "$(dirname "$0")"
 #includes
 . ./config.sh
 . ./colors.sh
-. ./environment.sh
 
 #send a message
 verbose "Installing FusionPBX"
 
 #install dependencies
-apt-get install -qq -y git dbus haveged ssl-cert
+apt-get install -y vim git dbus haveged ssl-cert qrencode
-apt-get install -qq -y ghostscript libtiff5-dev libtiff-tools at
+apt-get install -y ghostscript libtiff5-dev libtiff-tools at
 
-#set the version
+#get the branch
 if [ .$system_branch = .'master' ]; then
 	verbose "Using master"
 	branch=""
@@ -27,6 +26,10 @@ else
 	branch="-b $system_version"
 fi
 
+#add the cache directory
+mkdir -p /var/cache/fusionpbx
+chown -R www-data:www-data /var/cache/fusionpbx
+
 #get the source code
 git clone $branch https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx
 chown -R www-data:www-data /var/www/fusionpbx

devuan/resources/ioncube.sh

@@ -0,0 +1,76 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ./config.sh
+. ./colors.sh
+. ./environment.sh
+
+#show cpu details
+echo "cpu architecture: $cpu_architecture"
+echo "cpu name: $cpu_name"
+
+#make sure unzip is install
+apt-get install -y unzip
+
+#remove the ioncube directory if it exists
+if [ -d "ioncube" ]; then
+        rm -Rf ioncube;
+fi
+
+#get the ioncube load and unzip it
+if [ .$cpu_architecture = .'x86' ]; then
+	#get the ioncube 64 bit loader
+	wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.zip
+
+	#uncompress the file
+	unzip ioncube_loaders_lin_x86-64.zip
+
+	#remove the zip file
+	rm ioncube_loaders_lin_x86-64.zip
+elif [ .$cpu_architecture = ."arm" ]; then
+	if [ .$cpu_name = .'armv7l' ]; then
+		#get the ioncube 64 bit loader
+		wget --no-check-certificate https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_armv7l.zip
+
+		#uncompress the file
+		unzip ioncube_loaders_lin_armv7l.zip
+
+		#remove the zip file
+		rm ioncube_loaders_lin_armv7l.zip
+	fi
+fi
+
+#set the version of php
+if [ ."$os_codename" = ."beowolf" ]; then
+      php_version=7.3
+fi
+if [ ."$os_codename" = ."chimaera" ]; then
+      php_version=7.4
+fi
+
+#copy the loader to the correct directory
+if [ ."$php_version" = ."7.3" ]; then
+        #copy the php extension .so into the php lib directory
+        cp ioncube/ioncube_loader_lin_7.3.so /usr/lib/php/20180731
+
+        #add the 00-ioncube.ini file
+		echo "zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so" > /etc/php/7.3/fpm/conf.d/00-ioncube.ini
+		echo "zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so" > /etc/php/7.3/cli/conf.d/00-ioncube.ini
+
+        #restart the service
+        /usr/sbin/service php7.3-fpm restart
+fi
+if [ ."$php_version" = ."7.4" ]; then
+        #copy the php extension .so into the php lib directory
+        cp ioncube/ioncube_loader_lin_7.4.so /usr/lib/php/20190902
+
+        #add the 00-ioncube.ini file
+		echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/fpm/conf.d/00-ioncube.ini
+		echo "zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so" > /etc/php/7.4/cli/conf.d/00-ioncube.ini
+
+        #restart the service
+        /usr/sbin/service php7.4-fpm restart
+fi

devuan/resources/iptables.sh

@@ -3,40 +3,61 @@
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 
+
+#add the includes
 . ./config.sh
 . ./colors.sh
+. ./environment.sh
 
 #send a message
 verbose "Configuring IPTables"
 
+#defaults to nftables by default this enables iptables
+if [ ."$os_codename" = ."beowulf" ]; then
+	update-alternatives --set iptables /usr/sbin/iptables-legacy
+	update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
+fi
+if [ ."$os_codename" = ."chimaera" ]; then
+	apt-get install -y iptables
+	update-alternatives --set iptables /usr/sbin/iptables-legacy
+	update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
+fi
+
+#remove ufw
+[ -x /usr/sbin/ufw ] && ufw reset
+[ -x /usr/sbin/ufw ] && ufw disable
+apt-get remove -y ufw
+#apt-get purge ufw
+
 #run iptables commands
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-iptables -A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
-iptables -A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "sipcli/" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
-iptables -A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
-iptables -A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
-iptables -A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "sipcli/" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
-iptables -A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
-iptables -A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
-iptables -A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "sipcli/" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
-iptables -A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "system " --algo bm --icase
-iptables -A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "system " --algo bm --icase
-iptables -A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "sipcli/" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "exec." --algo bm --icase
-iptables -A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "exec." --algo bm --icase
+iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
+iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
 iptables -A INPUT -p tcp --dport 443 -j ACCEPT
-iptables -A INPUT -p tcp --dport 5060:5061 -j ACCEPT
+iptables -A INPUT -p tcp --dport 7443 -j ACCEPT
-iptables -A INPUT -p udp --dport 5060:5061 -j ACCEPT
+iptables -A INPUT -p tcp --dport 5060:5091 -j ACCEPT
-iptables -A INPUT -p tcp --dport 5080:5081 -j ACCEPT
+iptables -A INPUT -p udp --dport 5060:5091 -j ACCEPT
-iptables -A INPUT -p udp --dport 5080:5081 -j ACCEPT
 iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
 iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
 iptables -A INPUT -p udp --dport 1194 -j ACCEPT
 iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46
-iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5081 -j DSCP --set-dscp 26
+iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 26
-iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5081 -j DSCP --set-dscp 26
+iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 26
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
@@ -44,6 +65,4 @@ iptables -P OUTPUT ACCEPT
 #answer the questions for iptables persistent
 echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
 echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
-apt-get install -y -q iptables-persistent
+apt-get install -y iptables-persistent
-
-# update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults

devuan/resources/letsencrypt.sh

@@ -1,80 +1,127 @@
 #!/bin/sh
 
+# FusionPBX - Install
+# Mark J Crane <markjcrane@fusionpbx.com>
+# Copyright (C) 2018
+# All Rights Reserved.
+      
 #move to script directory so all relative paths work
 cd "$(dirname "$0")"
 
 #includes
 . ./config.sh
-. ./colors.sh
-. ./environment.sh
 
-#request the domain and email
+#remove dehyrdated letsencrypt script
+rm /usr/local/sbin/dehydrated
+rm -R /usr/src/dehydrated
+#rm -R /etc/dehydrated/
+#rm -R /usr/src/dns-01-manual
+#rm -R /var/www/dehydrated
+
+#request the domain name, email address and wild card domain
 read -p 'Domain Name: ' domain_name
 read -p 'Email Address: ' email_address
-#domain_name=subdomain.domain.com
-#email=username@domain.com
 
-#remove previous install
+#get and install dehydrated
-rm -R /opt/letsencrypt
+cd /usr/src && git clone https://github.com/lukas2511/dehydrated.git
-rm -R /etc/letsencrypt
+cd /usr/src/dehydrated
+cp dehydrated /usr/local/sbin
+mkdir -p /var/www/dehydrated
+mkdir -p /etc/dehydrated/certs
 
-#use php version 5 for arm
+#wildcard detection
-if [ .$cpu_architecture = .'arm' ]; then
+wildcard_domain=$(echo $domain_name | cut -c1-1)
-        php_version=5
+if [ "$wildcard_domain" = "*" ]; then
+	wildcard_domain="true"
+else
+	wildcard_domain="false"
 fi
 
-#enable fusionpbx nginx config
+#remove the wildcard and period
-cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
+if [ .$wildcard_domain = ."true" ]; then
-
+      domain_name=$(echo "$domain_name" | cut -c3-255)
-#prepare socket name
-if [ ."$php_version" = ."5" ]; then
-        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
 fi
-if [ ."$php_version" = ."7" ]; then
+
-        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
+#manual dns hook
+if [ .$wildcard_domain = ."true" ]; then
+    cd /usr/src
+    git clone https://github.com/gheja/dns-01-manual.git
+    cd /usr/src/dns-01-manual/
+    cp hook.sh /etc/dehydrated/hook.sh
+    chmod 755 /etc/dehydrated/hook.sh
 fi
-ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
 
-#read the config
+#copy config and hook.sh into /etc/dehydrated
-/usr/sbin/nginx -t && /usr/sbin/nginx -s reload
+cd /usr/src/dehydrated
+cp docs/examples/config /etc/dehydrated
+#cp docs/examples/hook.sh /etc/dehydrated
 
-#install letsencrypt
+#update the dehydrated config
-git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
+#sed "s#CONTACT_EMAIL=#CONTACT_EMAIL=$email_address" -i /etc/dehydrated/config
-chmod 755 /opt/letsencrypt/certbot-auto
+sed -i 's/#CONTACT_EMAIL=/CONTACT_EMAIL="'"$email_address"'"/g' /etc/dehydrated/config
-/opt/letsencrypt/./certbot-auto
+sed -i 's/#WELLKNOWN=/WELLKNOWN=/g' /etc/dehydrated/config
-mkdir -p /etc/letsencrypt/configs
-mkdir -p /var/www/letsencrypt/
 
-#cd $pwd
+#accept the terms
-#cd "$(dirname "$0")"
+./dehydrated --register --accept-terms --config /etc/dehydrated/config
 
-#copy the domain conf
+#set the domain alias
-cp letsencrypt/domain_name.conf /etc/letsencrypt/configs/$domain_name.conf
+domain_alias=$(echo "$domain_name" | head -n1 | cut -d " " -f1)
 
-#update the domain_name and email_address
+#create an alias when using wildcard dns
-sed "s#{domain_name}#$domain_name#g" -i /etc/letsencrypt/configs/$domain_name.conf
+if [ .$wildcard_domain = ."true" ]; then
-sed "s#{email_address}#$email_address#g" -i /etc/letsencrypt/configs/$domain_name.conf
+	echo "*.$domain_name > $domain_name" > /etc/dehydrated/domains.txt
+fi
 
-#letsencrypt
+#add the domain name to domains.txt
-#sed "s@#letsencrypt@location /.well-known/acme-challenge { root /var/www/letsencrypt; }@g" -i /etc/nginx/sites-available/fusionpbx
+if [ .$wildcard_domain = ."false" ]; then
+	echo "$domain_name" > /etc/dehydrated/domains.txt
+fi
 
-#get the certs from letsencrypt
+#request the certificates
-cd /opt/letsencrypt && ./letsencrypt-auto --config /etc/letsencrypt/configs/$domain_name.conf certonly
+if [ .$wildcard_domain = ."true" ]; then
+	./dehydrated --cron --domain *.$domain_name --preferred-chain "ISRG Root X1" --algo rsa --alias $domain_alias --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge dns-01 --hook /etc/dehydrated/hook.sh
+fi
+if [ .$wildcard_domain = ."false" ]; then
+	./dehydrated --cron --alias $domain_alias --preferred-chain "ISRG Root X1" --algo rsa --config /etc/dehydrated/config --config /etc/dehydrated/config --out /etc/dehydrated/certs --challenge http-01
+fi
+
+#make sure the nginx ssl directory exists
+mkdir -p /etc/nginx/ssl
 
 #update nginx config
-sed "s@ssl_certificate         /etc/ssl/certs/nginx.crt;@ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx
+sed "s@ssl_certificate         /etc/ssl/certs/nginx.crt;@ssl_certificate /etc/dehydrated/certs/$domain_alias/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx
-sed "s@ssl_certificate_key     /etc/ssl/private/nginx.key;@ssl_certificate_key /etc/letsencrypt/live/$domain_name/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx
+sed "s@ssl_certificate_key     /etc/ssl/private/nginx.key;@ssl_certificate_key /etc/dehydrated/certs/$domain_alias/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx
 
 #read the config
 /usr/sbin/nginx -t && /usr/sbin/nginx -s reload
 
-#combine the certs into all.pem
+#setup freeswitch tls
-cat /etc/letsencrypt/live/$domain_name/cert.pem > /etc/letsencrypt/live/$domain_name/all.pem
+if [ .$switch_tls = ."true" ]; then
-cat /etc/letsencrypt/live/$domain_name/privkey.pem >> /etc/letsencrypt/live/$domain_name/all.pem
-cat /etc/letsencrypt/live/$domain_name/chain.pem >> /etc/letsencrypt/live/$domain_name/all.pem
 
-#copy the certs to the switch tls directory
+	#make sure the freeswitch directory exists
-mkdir -p /etc/freeswitch/tls
+	mkdir -p /etc/freeswitch/tls
-cp /etc/letsencrypt/live/$domain_name/*.pem /etc/freeswitch/tls
+
-cp /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
+	#make sure the freeswitch certificate directory is empty
-chown -R www-data:www-data /etc/freeswitch
+	rm /etc/freeswitch/tls/*
+
+	#combine the certs into all.pem
+	cat /etc/dehydrated/certs/$domain_alias/fullchain.pem > /etc/freeswitch/tls/all.pem
+	cat /etc/dehydrated/certs/$domain_alias/privkey.pem >> /etc/freeswitch/tls/all.pem
+	#cat /etc/dehydrated/certs/$domain_alias/chain.pem >> /etc/freeswitch/tls/all.pem
+
+	#copy the certificates
+	cp /etc/dehydrated/certs/$domain_alias/cert.pem /etc/freeswitch/tls
+	cp /etc/dehydrated/certs/$domain_alias/chain.pem /etc/freeswitch/tls
+	cp /etc/dehydrated/certs/$domain_alias/fullchain.pem /etc/freeswitch/tls
+	cp /etc/dehydrated/certs/$domain_alias/privkey.pem /etc/freeswitch/tls
+
+	#add symbolic links
+	ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
+	ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
+	ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
+	ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem
+
+	#set the permissions
+	chown -R www-data:www-data /etc/freeswitch/tls
+
+fi  

devuan/resources/nginx.sh

@@ -9,69 +9,36 @@ cd "$(dirname "$0")"
 . ./environment.sh
 
 #send a message
-verbose "Installing Nginx"
+verbose "Installing the web server"
 
-#if [ ."$cpu_architecture" = ."arm" ]; then
+#change the version of php for arm
-        #9.x - */stretch/
+if [ ."$cpu_architecture" = ."arm" ]; then
-        #8.x - */jessie/
-#fi
-if [ ."$php_version" = ."5" ]; then
-        #verbose "Switching forcefully to php5* packages"
-        which add-apt-repository || apt-get install -y software-properties-common
-        #LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
-        #LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php5-compat
-        apt-get update
-elif [ ."$os_name" = ."Ubuntu" ]; then
-        #16.10.x - */yakkety/
-        #16.04.x - */xenial/
-        #14.04.x - */trusty/
-        if [ ."$os_codename" = ."trusty" ]; then
-                which add-apt-repository || apt-get install -y software-properties-common
-                LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
-                apt-get -q update
-        fi
-elif [ ."$cpu_architecture" = ."arm" ]; then
 	#Pi2 and Pi3 Raspbian
 	#Odroid
-        if [ ."$os_codename" = ."jessie" ]; then
+	if [ ."$os_codename" = ."stretch" ]; then
-                echo "deb http://packages.moopi.uk/debian jessie main" > /etc/apt/sources.list.d/moopi.list
+	      php_version=7.2
-                wget -O - http://packages.moopi.uk/debian/moopi.gpg.key | apt-key add -
+	else
-                apt-get -q update
+	      php_version=5.6
-        fi
-else
-        #9.x - */stretch/
-        #8.x - */jessie/
-        if [ ."$os_codename" = ."jessie" ]; then
-                echo "deb http://packages.dotdeb.org $os_codename all" > /etc/apt/sources.list.d/dotdeb.list
-                echo "deb-src http://packages.dotdeb.org $os_codename all" >> /etc/apt/sources.list.d/dotdeb.list
-                wget -O - https://www.dotdeb.org/dotdeb.gpg | apt-key add -
-                apt-get -q update
 	fi
 fi
 
-#use php version 5 for arm
+#set the version of php
-#if [ .$cpu_architecture = .'arm' ]; then
+if [ ."$os_codename" = ."chimaera" ]; then
-#        php_version=5
+	php_version=7.4
-#fi
-
-#install dependencies
-apt-get install -y -q nginx
-if [ ."$php_version" = ."5" ]; then
-        apt-get install -y -q php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap
 fi
-if [ ."$php_version" = ."7" ]; then
+if [ ."$os_codename" = ."beowulf" ]; then
-        apt-get install -y -q php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-xml
+	php_version=7.3
 fi
 
 #enable fusionpbx nginx config
 cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
 
 #prepare socket name
-if [ ."$php_version" = ."5" ]; then
+if [ ."$php_version" = ."7.3" ]; then
-        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
+        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.3-fpm.sock;#g'
 fi
-if [ ."$php_version" = ."7" ]; then
+if [ ."$php_version" = ."7.4" ]; then
-        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
+        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.4-fpm.sock;#g'
 fi
 ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
 
@@ -82,8 +49,15 @@ ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt
 #remove the default site
 rm /etc/nginx/sites-enabled/default
 
+#update config if LetsEncrypt folder is unwanted
+# if [ .$letsencrypt_folder = .false ]; then
+#         sed -i '151,155d' /etc/nginx/sites-available/fusionpbx
+# fi
+
 #add the letsencrypt directory
-mkdir -p /var/www/letsencrypt/
+if [ .$letsencrypt_folder = .true ]; then
+        mkdir -p /var/www/letsencrypt/
+fi
 
 #restart nginx
-service nginx restart
+/usr/sbin/service nginx restart

devuan/resources/nginx/fusionpbx

@@ -14,7 +14,7 @@ server {
 	}
 
 	location ~ \.php$ {
-		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_index index.php;
 		include fastcgi_params;
@@ -23,7 +23,7 @@ server {
 
 	# Allow the upgrade routines to run longer than normal
 	location = /core/upgrade/index.php {
-		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_index index.php;
 		include fastcgi_params;
@@ -31,7 +31,7 @@ server {
 		fastcgi_read_timeout 15m;
 	}
 
-	# Disable viewing .htaccess & .htpassword & .db
+	# Disable viewing .htaccess & .htpassword & .db & .git
 	location ~ .htaccess {
 		deny all;
 	}
@@ -41,12 +41,30 @@ server {
 	location ~^.+.(db)$ {
 		deny all;
 	}
+	location ~ /\.git {
+		deny all;
+	}
+	location ~ /\.lua {
+		deny all;
+	}
+	location ~ /\. {
+		deny all;
+	}
 }
 
 server {
 	listen 80;
 	server_name fusionpbx;
-	if ($uri !~* ^.*(provision|xml_cdr).*$) {
+
+	#redirect letsencrypt to dehydrated
+	location ^~ /.well-known/acme-challenge {
+		default_type "text/plain";
+		auth_basic "off";
+		alias /var/www/dehydrated;
+	}
+
+	#rewrite rule - send to https with an exception for provisioning
+	if ($uri !~* ^.*(provision|xml_cdr|firmware).*$) {
 		rewrite ^(.*) https://$host$1 permanent;
 		break;
 	}
@@ -66,7 +84,8 @@ server {
 
 	#grandstream
 	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
-	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
+	rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
 	#grandstream-wave softphone by ext because Android doesn't pass MAC.
 	rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
 
@@ -74,10 +93,9 @@ server {
 	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
 	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
 
-	#yealink common
+	#yealink
+	#rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
 	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
-
-	#yealink mac
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
 
 	#polycom
@@ -104,6 +122,9 @@ server {
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
 
+	#Snom
+	rewrite "^.*/provision/-([A-Fa-f0-9]{12})?$" /app/provision/index.php?mac=$1;
+
 	access_log /var/log/nginx/access.log;
 	error_log /var/log/nginx/error.log;
 
@@ -116,7 +137,7 @@ server {
 	}
 
 	location ~ \.php$ {
-		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_index index.php;
 		include fastcgi_params;
@@ -125,7 +146,7 @@ server {
 
 	# Allow the upgrade routines to run longer than normal
 	location = /core/upgrade/index.php {
-		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_index index.php;
 		include fastcgi_params;
@@ -133,7 +154,7 @@ server {
 		fastcgi_read_timeout 15m;
 	}
 
-	# Disable viewing .htaccess & .htpassword & .db
+	# Disable viewing .htaccess & .htpassword & .db & .git
 	location ~ .htaccess {
 		deny all;
 	}
@@ -143,20 +164,36 @@ server {
 	location ~^.+.(db)$ {
 		deny all;
 	}
+	location ~ /\.git {
+		deny all;
+	}
+	location ~ /\.lua {
+		deny all;
+	}
+	location ~ /\. {
+		deny all;
+	}
 }
 
 server {
-	listen 443;
+	listen 443 ssl;
+	#listen 443 ssl http2;
 	server_name fusionpbx;
-	ssl                     on;
+
 	ssl_certificate		/etc/ssl/certs/nginx.crt;
 	ssl_certificate_key	/etc/ssl/private/nginx.key;
-	ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
+	ssl_protocols		TLSv1.2 TLSv1.3;
-	ssl_ciphers             HIGH:!ADH:!MD5:!aNULL;
+	#ssl_protocols		TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+	ssl_ciphers		ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+	ssl_session_cache	shared:SSL:40m;
+	ssl_session_timeout	2h;
+	ssl_session_tickets	off;
 
-	#letsencrypt
+	#redirect letsencrypt to dehydrated
-	location /.well-known/acme-challenge {
+	location ^~ /.well-known/acme-challenge {
-        	root /var/www/letsencrypt;
+		default_type "text/plain";
+		auth_basic "off";
+		alias /var/www/dehydrated;
 	}
 
 	#REST api
@@ -165,6 +202,9 @@ server {
 		break;
 	}
 
+	#message media
+	rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;
+
 	#algo
 	rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
 
@@ -174,7 +214,8 @@ server {
 
 	#grandstream
 	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
-	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
+	rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
 	#grandstream-wave softphone by ext because Android doesn't pass MAC.
 	rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
 
@@ -182,10 +223,9 @@ server {
 	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
 	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
 
-	#yealink common
+	#yealink
+	#rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
 	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
-
-	#yealink mac
 	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
 
 	#polycom
@@ -223,9 +263,17 @@ server {
 		index index.php;
 	}
 
+	location ~ \.php$ {
+		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
+		#fastcgi_pass 127.0.0.1:9000;
+		fastcgi_index index.php;
+		include fastcgi_params;
+		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+	}
+
 	# Allow the upgrade routines to run longer than normal
 	location = /core/upgrade/index.php {
-		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
 		#fastcgi_pass 127.0.0.1:9000;
 		fastcgi_index index.php;
 		include fastcgi_params;
@@ -233,15 +281,7 @@ server {
 		fastcgi_read_timeout 15m;
 	}
 
-	location ~ \.php$ {
+	# Disable viewing .htaccess & .htpassword & .db & .git
-		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
-		#fastcgi_pass 127.0.0.1:9000;
-		fastcgi_index index.php;
-		include fastcgi_params;
-		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
-	}
-
-	# Disable viewing .htaccess & .htpassword & .db
 	location ~ .htaccess {
 		deny all;
 	}
@@ -251,4 +291,13 @@ server {
 	location ~^.+.(db)$ {
 		deny all;
 	}
+	location ~ /\.git {
+		deny all;
+	}
+	location ~ /\.lua {
+		deny all;
+	}
+	location ~ /\. {
+		deny all;
+	}
 }

devuan/resources/php.sh

@@ -6,27 +6,56 @@ cd "$(dirname "$0")"
 #includes
 . ./config.sh
 . ./colors.sh
+. ./environment.sh
 
 #send a message
 verbose "Configuring PHP"
 
-#update config if source is being used
+#set php version
-if [ ."$php_version" = ."5" ]; then
+#chimaera - bullseye
-        verbose "version 5.x"
+#beowolf - buster
-        php_ini_file='/etc/php5/fpm/php.ini'
+if [ ."$os_codename" = ."beowolf" ]; then
+      php_version=7.3
 fi
-if [ ."$php_version" = ."7" ]; then
+if [ ."$os_codename" = ."chimaera" ]; then
-        verbose "version 7.0"
+      php_version=7.4
-        php_ini_file='/etc/php/7.0/fpm/php.ini'
+fi
+
+#install dependencies
+apt-get install -y nginx
+if [ ."$php_version" = ."" ]; then
+		apt-get install -y php php-cli php-fpm php-pgsql php-sqlite3 php-odbc php-curl php-imap php-xml php-gd
+fi
+if [ ."$php_version" = ."7.3" ]; then
+		apt-get install -y php7.3 php7.3-cli php7.3-fpm php7.3-pgsql php7.3-sqlite3 php7.3-odbc php7.3-curl php7.3-imap php7.3-xml php7.3-gd php7.3-mbstring
+fi
+if [ ."$php_version" = ."7.4" ]; then
+		apt-get install -y php7.4 php7.4-cli php7.4-dev php7.4-fpm php7.4-pgsql php7.4-sqlite3 php7.4-odbc php7.4-curl php7.4-imap php7.4-xml php7.4-gd php7.4-mbstring
+fi
+
+#update config if source is being used
+if [ ."$php_version" = ."7.3" ]; then
+        verbose "version 7.3"
+        php_ini_file='/etc/php/7.3/fpm/php.ini'
+fi
+if [ ."$php_version" = ."7.4" ]; then
+        verbose "version 7.4"
+        php_ini_file='/etc/php/7.4/fpm/php.ini'
 fi
 sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file
 sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file
+sed 's#;max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
 sed 's#; max_input_vars = .*#max_input_vars = 8000#g' -i $php_ini_file
 
+#install ioncube
+if [ .$cpu_architecture = .'x86' ]; then
+	. ./ioncube.sh
+fi
+
 #restart php-fpm
-if [ ."$php_version" = ."5" ]; then
+if [ ."$php_version" = ."7.3" ]; then
-    /usr/sbin/service php5-fpm restart
+    /usr/sbin/service php7.3-fpm restart
 fi
-if [ ."$php_version" = ."7" ]; then
+if [ ."$php_version" = ."7.4" ]; then
-    /usr/sbin/service php7.0-fpm restart
+    /usr/sbin/service php7.4-fpm restart
 fi

devuan/resources/postgresql.sh

@@ -9,21 +9,25 @@ cd "$(dirname "$0")"
 . ./environment.sh
 
 #send a message
-verbose "Installing PostgreSQL"
+echo "Install PostgreSQL"
 
-#use the system database repo for arm
+#generate a random password
-if [ .$cpu_architecture = .'arm' ]; then
+password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64)
-    database_repo="sip247"
-fi
 
-apt-get install -q -y sudo
+#install message
+echo "Install PostgreSQL and create the database and users\n"
 
 #included in the distribution
 if [ ."$database_repo" = ."system" ]; then
-	apt-get install -q -y postgresql
+	if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
+		apt-get install -q -y sudo postgresql
+	else
+		apt-get install -q -y sudo postgresql-client
+	fi
 fi
 
 #postgres official repository
+##TODO would newer versions work without systemd?
 if [ ."$database_repo" = ."official" ]; then
     verbose "Using official repos"
 	echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' > /etc/apt/sources.list.d/pgdg.list
@@ -33,6 +37,7 @@ if [ ."$database_repo" = ."official" ]; then
 fi
 
 #Add PostgreSQL and BDR REPO
+##TODO would newer versions work without systemd?
 if [ ."$database_repo" = ."2ndquadrant" ]; then
     verbose "Using 2ndquadrant.com repos"
 	echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main'  >> /etc/apt/sources.list.d/postgresql.list
@@ -43,12 +48,36 @@ if [ ."$database_repo" = ."2ndquadrant" ]; then
 	apt-get install -y postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4
 fi
 
-#sip247 arm repository
+#init.d
-if [ ."$database_repo" = ."sip247" ]; then
+if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
-        echo 'deb http://repo.sip247.com/debian/postgresql-armhf jessie main' > /etc/apt/sources.list.d/pgsql-sip247.list
+    /usr/sbin/service postgresql restart
-        wget --quiet -O - http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add -
-        apt-get -q update && apt-get upgrade -y
-        apt-get install -y postgresql
 fi
 
-service postgresql restart
+#install the database backup
+#cp backup/fusionpbx-backup /etc/cron.daily
+#cp backup/fusionpbx-maintenance /etc/cron.daily
+#chmod 755 /etc/cron.daily/fusionpbx-backup
+#chmod 755 /etc/cron.daily/fusionpbx-maintenance
+#sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-backup
+#sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-maintenance
+
+#move to /tmp to prevent a red herring error when running sudo with psql
+cwd=$(pwd)
+cd /tmp
+
+if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
+	# add the databases, users and grant permissions to them
+	sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
+	sudo -u postgres psql -c "CREATE DATABASE freeswitch;";
+	sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';"
+	sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
+	sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
+	sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
+	sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
+	# ALTER USER fusionpbx WITH PASSWORD 'newpassword';
+fi
+
+cd $cwd
+
+#set the ip address
+#server_address=$(hostname -I)

devuan/resources/reset_admin_password.sh

@@ -6,7 +6,6 @@ cd "$(dirname "$0")"
 #includes
 . ./config.sh
 . ./colors.sh
-. ./environment.sh
 
 #count the users
 admin_users=$(sudo -u postgres psql fusionpbx -Atc "select count(*) from v_users JOIN v_user_groups USING (domain_uuid) where username='$system_username' and group_name = 'superadmin'")
@@ -20,7 +19,7 @@ else
 	for admin_uuid in $admin_uuids; do
 		user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
 		if [ .$system_password = .'random' ]; then
-			user_password="$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 12 | xargs)"
+			user_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
 		else
 			user_password=$system_password
 		fi

devuan/resources/sngrep.sh

@@ -18,8 +18,5 @@ if [ ."$cpu_architecture" = ."arm" ]; then
 	cd /usr/src/sngrep && make install
 else
 	#package install
-	echo 'deb http://packages.irontec.com/debian jessie main' > /etc/apt/sources.list.d/sngrep.list
-	wget http://packages.irontec.com/public.key -q -O - | apt-key add -
-	apt-get -q update
 	apt-get -y -q install -y --force-yes sngrep
 fi

devuan/resources/switch.sh

@@ -5,10 +5,13 @@ cd "$(dirname "$0")"
 
 #includes
 . ./config.sh
+. ./colors.sh
+. ./environment.sh
 
-verbose "Installing FreeSWITCH"
+#TODO fix or remove source installation
-
 if [ .$switch_source = .true ]; then
+    echo 'Building from source on devuan will most liley fail, aborting.'
+    exit 1
 	if [ ."$switch_branch" = "master" ]; then
 		switch/source-master.sh
 	else

devuan/resources/switch/dsn.sh

@@ -0,0 +1,57 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ../config.sh
+
+#set the date
+now=$(date +%Y-%m-%d)
+
+#get the database password
+if [ .$database_password = .'random' ]; then
+        read -p "Enter the database password: " database_password
+fi
+
+#set PGPASSWORD
+export PGPASSWORD=$database_password
+
+#enable auto create schemas
+sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<!-- <param name="auto-create-schemas" value="true"/> -->:<param name="auto-create-schemas" value="true"/>:'
+sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<param name="auto-create-schemas" value="false"/>:<param name="auto-create-schemas" value="true"/>:'
+
+#enable odbc-dsn in the xml
+sed -i /etc/freeswitch/autoload_configs/db.conf.xml -e s:'<!--<param name="odbc-dsn" value="$${dsn}"/>-->:<param name="odbc-dsn" value="$${dsn}"/>:'
+sed -i /etc/freeswitch/autoload_configs/fifo.conf.xml -e s:'<!--<param name="odbc-dsn" value="$${dsn}"/>-->:<param name="odbc-dsn" value="$${dsn}"/>:'
+sed -i /etc/freeswitch/autoload_configs/switch.conf.xml -e s:'<!-- <param name="core-db-dsn" value="$${dsn}" /> -->:<param name="core-db-dsn" value="$${dsn}" />:'
+
+#enable odbc-dsn in the sip profiles
+sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "update v_sip_profile_settings set sip_profile_setting_enabled = 'true' where sip_profile_setting_name = 'odbc-dsn';";
+
+#add the dsn variables
+sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('785d7013-1152-4a44-aa15-28336d9b36f9', 'dsn_system', 'pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=', 'DSN', 'true', '0', null, null);";
+sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('0170e737-b453-40ea-99f2-f1375474e5ce', 'dsn', 'sqlite:///dev/shm/core.db', 'DSN', 'true', '0', null, null);";
+sudo -u postgres psql -h $database_host -p $database_port -U fusionpbx -d fusionpbx -c "insert into v_vars (var_uuid, var_name, var_value, var_category, var_enabled, var_order, var_description, var_hostname) values ('32e3e364-a8ef-4fe0-9d02-c652d5122bbf', 'dsn_callcenter', 'sqlite:///dev/shm/callcenter.db', 'DSN', 'true', '0', null, null);";
+
+#update the vars.xml file
+echo "<!-- DSN -->" >> /etc/freeswitch/vars.xml
+echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn_system=pgsql://hostaddr=$database_host port=$database_port dbname=fusionpbx user=fusionpbx password=$database_password options=\" />" >> /etc/freeswitch/vars.xml
+echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn=sqlite:///dev/shm/core.db\" />" >> /etc/freeswitch/vars.xml
+echo "<X-PRE-PROCESS cmd=\"set\" data=\"dsn_callcenter=sqlite:///dev/shm/callcenter.db\" />" >> /etc/freeswitch/vars.xml
+
+#remove the sqlite database files
+dbs="/var/lib/freeswitch/db/core.db /var/lib/freeswitch/db/fifo.db /var/lib/freeswitch/db/call_limit.db /var/lib/freeswitch/db/sofia_reg_*"
+for db in ${dbs};
+do
+  if [ -f $db ]; then
+    echo "Deleting $db";
+    rm $db
+  fi
+done
+
+#flush memcache
+/usr/bin/fs_cli -x 'memcache flush'
+
+#restart freeswitch
+/usr/sbin/service freeswitch restart

devuan/resources/switch/etc.default.freeswitch

@@ -0,0 +1,2 @@
+# /etc/default/freeswitch
+DAEMON_OPTS="-nonat"

devuan/resources/switch/freeswitch.init

@@ -2,10 +2,10 @@
 ### -*- mode:shell-script; indent-tabs-mode:nil; sh-basic-offset:2 -*-
 ### BEGIN INIT INFO
 # Provides: freeswitch
-# Required-Start: $network $remote_fs $local_fs
+# Required-Start: $network $remote_fs $local_fs postgresql
-# Required-Stop: $network $remote_fs $local_fs
+# Required-Stop: $network $remote_fs $local_fs postgresql
-# Should-Start: postgresql mysql memcached mongodb
+# Should-Start: mysql memcached mongodb
-# Should-Stop: postgresql mysql memcached mongodb
+# Should-Stop: mysql memcached mongodb
 # Default-Start: 2 3 4 5
 # Default-Stop: 0 1 6
 # Short-Description: FreeSWITCH Softswitch
@@ -18,7 +18,7 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin
 DESC=freeswitch
 NAME=freeswitch
 DAEMON=/usr/bin/freeswitch
-USER=freeswitch
+USER=www-data
 DAEMON_ARGS="-u $USER -ncwait"
 CONFDIR=/etc/$NAME
 RUNDIR=/var/run/$NAME

devuan/resources/switch/package-all.sh

@@ -8,11 +8,17 @@ cd "$(dirname "$0")"
 . ../colors.sh
 . ../environment.sh
 
-apt-get -q update && apt-get install -y -q ntp curl memcached haveged
+apt-get update && apt-get install -y ntp curl memcached haveged apt-transport-https
+apt-get update && apt-get install -y wget lsb-release gnupg2
 
 if [ ."$cpu_architecture" = ."x86" ]; then
 	wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add -
-	echo "deb http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
+	echo "deb http://files.freeswitch.org/repo/deb/debian-release/ ${os_codename_debian} main" > /etc/apt/sources.list.d/freeswitch.list
-	echo "deb-src http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
+	echo "deb-src http://files.freeswitch.org/repo/deb/debian-release/ ${os_codename_debian} main" >> /etc/apt/sources.list.d/freeswitch.list
 fi
-apt-get -q update && apt-get install -y -q freeswitch-meta-all freeswitch-all-dbg gdb
+if [ ."$cpu_architecture" = ."arm" ]; then
+	wget -O - https://files.freeswitch.org/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add -
+	echo "deb http://files.freeswitch.org/repo/deb/rpi/debian-release/ ${os_codename_debian} main" > /etc/apt/sources.list.d/freeswitch.list
+	echo "deb-src http://files.freeswitch.org/repo/deb/rpi/debian-release/ ${os_codename_debian} main" >> /etc/apt/sources.list.d/freeswitch.list
+fi
+apt-get update && apt-get install -y freeswitch-meta-all freeswitch-all-dbg gdb

devuan/resources/switch/package-master-all.sh

@@ -1,7 +1,6 @@
 #!/bin/sh
-apt-get update && apt-get install -y -q ntp curl memcached haveged
+apt-get update && apt-get install -y ntp curl memcached haveged
 curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
 echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
 echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list
-apt-get update && apt-get install -y -q freeswitch-meta-all freeswitch-all-dbg gdb
+apt-get update && apt-get install -y freeswitch-meta-all freeswitch-all-dbg gdb
-

devuan/resources/switch/package-master.sh

@@ -1,25 +1,28 @@
 #!/bin/sh
-apt-get update && apt-get install -y -q curl memcached haveged
+apt-get update && apt-get install -y curl memcached haveged
 curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
 echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
 echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list
 apt-get update
-apt-get install -y -q ntp gdb
+apt-get install -y gnupg gnupg2
-apt-get install -y -q freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-sysvinit freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor
+apt-get install -y wget lsb-release
-apt-get install -y -q freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
+apt-get install -y ntp gdb
-apt-get install -y -q freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
+apt-get install -y freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor
-apt-get install -y -q freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi
+apt-get install -y freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
-apt-get install -y -q freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
+apt-get install -y freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
-apt-get install -y -q freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
+apt-get install -y freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo freeswitch-mod-httapi
-apt-get install -y -q freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
+apt-get install -y freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
-apt-get install -y -q freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
+apt-get install -y freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
-apt-get install -y -q freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite
+apt-get install -y freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
-apt-get install -y -q freeswitch-music-default
+apt-get install -y freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
+apt-get install -y freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite
+apt-get install -y freeswitch-mod-pgsql
+apt-get install -y freeswitch-music-default
 
 #remove the music package to protect music on hold from package updates
 mkdir -p /usr/share/freeswitch/sounds/temp
 mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
-apt-get remove -y -q freeswitch-music-default
+apt-get remove -y freeswitch-music-default
 mkdir -p /usr/share/freeswitch/sounds/music/default
 mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
 rm -R /usr/share/freeswitch/sounds/temp

devuan/resources/switch/package-permissions.sh

@@ -1,8 +1,15 @@
-#default permissions
+#move to script directory so all relative paths work
-# Devaun packages set this up correctly
+cd "$(dirname "$0")"
-#chown -R freeswitch:freeswitch /var/lib/freeswitch
 
-# I'm not sure this is the best place to put non-packaged files - leaving it as is for now
+#includes
-chown -R freeswitch:freeswitch /usr/share/freeswitch
+. ../config.sh
-touch /var/log/freeswitch/freeswitch.log
+
-chown -R freeswitch:freeswitch /var/log/freeswitch
+#default permissions
+chown -R www-data:www-data /etc/freeswitch
+chown -R www-data:www-data /var/lib/freeswitch/recordings
+chown -R www-data:www-data /var/lib/freeswitch/storage
+chown -R www-data:www-data /var/lib/freeswitch/db
+chown -R www-data:www-data /usr/share/freeswitch
+chown -R www-data:www-data /var/log/freeswitch
+chown -R www-data:www-data /var/run/freeswitch
+chown -R www-data:www-data /var/cache/fusionpbx

devuan/resources/switch/package-release.sh

@@ -8,34 +8,42 @@ cd "$(dirname "$0")"
 . ../colors.sh
 . ../environment.sh
 
-apt-get -qq -y install curl memcached haveged
+apt-get update && apt-get install -y curl memcached haveged apt-transport-https
+apt-get update && apt-get install -y gnupg gnupg2
+apt-get update && apt-get install -y wget lsb-release
+
+if [ ."$cpu_architecture" = ."x86" ]; then
+	wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/debian-release/signalwire-freeswitch-repo.gpg
+	echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
+	echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ ${os_codename_debian} main" > /etc/apt/sources.list.d/freeswitch.list
+	echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ ${os_codename_debian} main" >> /etc/apt/sources.list.d/freeswitch.list
+fi
 if [ ."$cpu_architecture" = ."arm" ]; then
-        echo "deb http://repo.sip247.com/debian/freeswitch-stable-armhf/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+	wget --http-user=signalwire --http-password=$switch_token -O - https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add -
-        curl http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add -
+	echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
-        apt-get -q update
+	echo "deb https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ ${os_codename_debian} main" > /etc/apt/sources.list.d/freeswitch.list
-else
+	echo "deb-src https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ ${os_codename_debian} main" >> /etc/apt/sources.list.d/freeswitch.list
-        echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
-        curl http://files.freeswitch.org/repo/deb/freeswitch-1.6/key.gpg | apt-key add -
-        apt-get -q update
 fi
 
-apt-get -qq -y install gdb ntp
+apt-get update
-apt-get -qq -y install freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-sysvinit freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor
+apt-get install -y gdb ntp
-apt-get -qq -y install freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
+apt-get install -y freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-mod-commands freeswitch-mod-console freeswitch-mod-logfile
-apt-get -qq -y install freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
+apt-get install -y freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
-apt-get -qq -y install freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi
+apt-get install -y freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
-apt-get -qq -y install freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
+apt-get install -y freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo freeswitch-mod-httapi
-apt-get -qq -y install freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
+apt-get install -y freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
-apt-get -qq -y install freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
+apt-get install -y freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
-apt-get -qq -y install freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
+apt-get install -y freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
-apt-get -qq -y install freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite
+apt-get install -y freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
-apt-get -qq -y install freeswitch-music-default
+apt-get install -y freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory
-apt-get remove -q -y freeswitch-systemd
+apt-get install -y freeswitch-mod-flite freeswitch-mod-distributor freeswitch-meta-codecs
+apt-get install -y freeswitch-mod-pgsql
+apt-get install -y freeswitch-music-default
 
 #remove the music package to protect music on hold from package updates
 mkdir -p /usr/share/freeswitch/sounds/temp
 mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
 apt-get remove -y freeswitch-music-default
 mkdir -p /usr/share/freeswitch/sounds/music/default
-mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
+mv -u /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
 rm -R /usr/share/freeswitch/sounds/temp

devuan/resources/switch/package-sysvinit.sh

@@ -1,6 +1,5 @@
-update-rc.d freeswitch enable
+cp "$(dirname $0)/freeswitch.init" /etc/init.d/freeswitch
-#
+cp "$(dirname $0)/etc.default.freeswitch" /etc/default/freeswitch
-# If freeswitch is not restarted with the new config before finish.sh is run,
+
-# upgrade_domains.php will not set the paths correctly on the default domain
+/usr/sbin/update-rc.d freeswitch enable
-#
+/usr/sbin/service freeswitch restart
-service freeswitch restart

devuan/resources/switch/source-sysvinit.sh

@@ -1,6 +1,5 @@
-cp "$(dirname $0)/source/freeswitch.init" /etc/init.d/freeswitch
+cp "$(dirname $0)/freeswitch.init" /etc/init.d/freeswitch
-cp "$(dirname $0)/source/etc.default.freeswitch" /etc/default/freeswitch
+cp "$(dirname $0)/etc.default.freeswitch" /etc/default/freeswitch
-update-rc.d freeswitch enable
-service freeswitch restart
 
-echo "Please configure the sysvinit start up script from the source dir, test, and contribute code. Thank you."
+/usr/sbin/update-rc.d freeswitch enable
+/usr/sbin/service freeswitch restart

devuan/resources/switch/source/etc.default.freeswitch

@@ -1,8 +0,0 @@
-# /etc/default/freeswitch
-FS_USER="www-data"
-FS_GROUP="www-data"
-DAEMON_OPTS="-nonat -ncwait -u www-data -g www-data -run /var/run/freeswitch"
-
-# this is the packaged version. But since the source install does not work. I've not tested any of this.
-# /etc/default/freeswitch
-#DAEMON_OPTS="-nonat"