Browse Source

Astroport layer for Xbian

pull/1/head
qo-op 12 months ago
parent
commit
d56393af34
  1. 9
      .install/.config/autostart/Astroport_X_config.desktop
  2. 1703
      .install/.kodi/addons/plugin.video.vstream/resources/sites/astroport.py
  3. 33
      .install/export_colors.sh
  4. BIN
      .install/ipfs-pi-stream/audio.jpg
  5. 31
      .install/ipfs-pi-stream/enable-camera.sh
  6. 52
      .install/ipfs-pi-stream/install
  7. 16
      .install/ipfs-pi-stream/process-stream.service
  8. 124
      .install/ipfs-pi-stream/process-stream.sh
  9. 18
      .install/ipfs-pi-stream/uninstall
  10. 69
      .install/ipfs.sh
  11. 135
      .install/ipfs_alone.sh
  12. BIN
      .install/kodi/plugin.video.invidious-0.2.5.zip
  13. BIN
      .install/kodi/repository.vstream-0.0.3.zip
  14. 264
      .install/loveland.sh
  15. 188
      .install/mpd_rompr.sh
  16. 35
      .install/nextcloud/README.md
  17. 186
      .install/nextcloud/install.sh
  18. 69
      .install/nextcloud/ssl.sh
  19. 52
      .install/nextcloud/templates/config_complete.php
  20. 50
      .install/nextcloud/templates/configure_php.sh
  21. 79
      .install/nextcloud/templates/my.cnf
  22. 10
      .install/nextcloud/templates/nc_optimize.sh
  23. 149
      .install/nextcloud/templates/nextcloud.conf
  24. 6
      .install/nextcloud/templates/occ
  25. 17
      .install/nextcloud/templates/optimization.conf
  26. 8
      .install/nextcloud/templates/permissions.sh
  27. 9
      .install/nextcloud/templates/php_optimization.conf
  28. 16
      .install/nextcloud/templates/ssl.conf
  29. 26
      .install/nextcloud/templates/ssl_renew.sh
  30. 15
      .install/nextcloud/templates/upgrade.sh
  31. 130
      .install/scuttlebutt.sh
  32. 66
      .install/silkaj-php-mysql.sh
  33. 7
      .install/ssb-patchfoo/config
  34. 65
      .install/ssb-patchfoo/install
  35. 9
      .install/ssb-patchfoo/ssb-patchfoo.conf
  36. 74
      .install/ssl.sh
  37. 37
      .install/sys_checkOS.sh
  38. 36
      .install/templates/copylaradio/mpd.conf
  39. 101
      .install/templates/ipfs/ipfs-initV.sh
  40. 11
      .install/templates/ipfs/ipfs.service
  41. 28
      .install/templates/nginx/ipfs.conf
  42. 14
      .install/templates/nginx/proxy.conf
  43. 118
      .install/templates/ssb/manifest.json
  44. 34
      .install/update_bashrc.sh
  45. 8
      .install/youtube-dl.sh
  46. 113
      1stRUNconfig.sh
  47. 204
      ISOconfig.sh
  48. 196
      cron_MINUTE.sh
  49. 49
      install.sh
  50. 129
      zen/README.md
  51. 116
      zen/cesium_INIT.sh
  52. 34
      zen/cron_VRFY.sh
  53. 189
      zen/g1_MONITOR_zen.sh
  54. 117
      zen/gchange_INIT.sh
  55. 113
      zen/gchange_IPFS_swarm.sh
  56. 118
      zen/gchange_MONITOR.sh
  57. 61
      zen/ipfs_EMPTY.sh
  58. 37
      zen/ipfs_OPEN_ports.sh
  59. 85
      zen/ipfs_SWARM_refresh.sh
  60. 65
      zen/ipfs_TASK_do.sh
  61. 64
      zen/ipns_TAG_refresh.sh
  62. 4
      zen/jaklis/.env
  63. 4
      zen/jaklis/.env.template
  64. 70
      zen/jaklis/README.md
  65. 166
      zen/jaklis/jaklis.py
  66. BIN
      zen/jaklis/lib/__pycache__/cesium.cpython-36.pyc
  67. BIN
      zen/jaklis/lib/__pycache__/likes.cpython-36.pyc
  68. BIN
      zen/jaklis/lib/__pycache__/natools.cpython-36.pyc
  69. 557
      zen/jaklis/lib/cesium.py
  70. 331
      zen/jaklis/lib/likes.py
  71. 297
      zen/jaklis/lib/natools.py
  72. 6
      zen/jaklis/requirements.txt
  73. 12
      zen/jaklis/setup.sh
  74. 127
      zen/miam_miam.sh
  75. 44
      zen/no_SPAM.sh
  76. 113
      zen/park4night_MONITOR.sh
  77. BIN
      zen/pkg/make_G1SSB_secret.tar.gz
  78. 32
      zen/port_SSH_one2one.sh
  79. 37
      zen/port_ipfsp2p_g1sms_all.sh
  80. 107
      zen/ssb_GET_zenyta.sh
  81. 109
      zen/ssb_GET_zenytv.sh
  82. 260
      zen/ssb_INIT.sh
  83. 99
      zen/ssb_IPFS_swarm.sh
  84. 134
      zen/ssb_SURVEY_contact.sh
  85. 122
      zen/ssb_SURVEY_swarmkey.sh
  86. 7
      zen/tools/clean_OLD_ipfs.Qm.sh
  87. 52
      zen/tools/create_ipfsnodeid_from_tmp_secret.dunikey.py
  88. 22
      zen/tools/crypto.proto
  89. 163
      zen/tools/crypto_pb2.py
  90. 162
      zen/tools/crypto_pb2.py.old
  91. 7776
      zen/tools/diceware-wordlist.txt
  92. 33
      zen/tools/diceware.sh
  93. 42
      zen/tools/dunikey2secret.sh
  94. 132
      zen/tools/duniter_getnode.sh
  95. 29
      zen/tools/emoji.pl
  96. 115
      zen/tools/init_IPFS_with_cesium_loginKEY.sh
  97. 10
      zen/tools/ipfs_to_g1.py
  98. 27
      zen/tools/key_create_dunikey.py
  99. 400
      zen/tools/make_G1SSB_secret.sh
  100. 182
      zen/tools/natools.py

9
.install/.config/autostart/Astroport_X_config.desktop

@ -0,0 +1,9 @@
[Desktop Entry]
Type=Application
Exec=~/.zen/astroport/1stRUNconfig.sh
X-GNOME-Autostart-enabled=true
NoDisplay=false
Hidden=false
Name[fr_FR]=Astroport_X_config.desktop
Comment[fr_FR]=First time RUN config script
X-GNOME-Autostart-Delay=0

1703
.install/.kodi/addons/plugin.video.vstream/resources/sites/astroport.py

File diff suppressed because it is too large

33
.install/export_colors.sh

@ -0,0 +1,33 @@
#!/bin/bash
[[ -f ~/.bash_aliases && ! -z $(cat ~/.bash_aliases | grep c_red) ]] && exit 0
echo 'export c_blinkfast="\033[6m"
export c_light="\033[1m"
export c_white_bg="\033[47m"
export c_blue="\033[34m"
export c_red_bg="\033[41m"
export c_hide="\033[8m"
export c_purple_bg="\033[45m"
export c_yellow_bg="\033[43m"
export c_dark="\033[2m"
export c_reverse="003[7m"
export c_underline="\033[4m"
export c_blinkslow="\033[5m"
export c_red="\033[31m"
export c_white="\033[37m"
export c_cyan_bg="\033[46m"
export c_italic="\033[3m"
export c_black="\033[30m"
export c_cross="\033[9m"
export c_green="\033[32m"
export c_purple="\033[35m"
export c_="\033[0m"
export c_cyan="\033[36m"
export c_black_bg="\033[40m"
export c_yellow="\033[33m"
export c_blue_bg="\033[44m"
export c_green_bg="\033[42m"' >> ~/.bash_aliases
source ~/.bash_aliases

BIN
.install/ipfs-pi-stream/audio.jpg

Binary file not shown.

After

Width:  |  Height:  |  Size: 32 KiB

31
.install/ipfs-pi-stream/enable-camera.sh

@ -0,0 +1,31 @@
#!/usr/bin/env bash
# Enable camera on Raspberry Pi
# set_config_var taken from raspi-config
set_config_var() {
lua - "$1" "$2" "$3" <<EOF > "$3.bak"
local key=assert(arg[1])
local value=assert(arg[2])
local fn=assert(arg[3])
local file=assert(io.open(fn))
local made_change=false
for line in file:lines() do
if line:match("^#?%s*"..key.."=.*$") then
line=key.."="..value
made_change=true
end
print(line)
end
if not made_change then
print(key.."="..value)
end
EOF
sudo mv "$3.bak" "$3"
}
# Command extracted from raspi-config
sed /boot/config.txt -i -e "s/^startx/#startx/"
sed /boot/config.txt -i -e "s/^fixup_file/#fixup_file/"
set_config_var start_x 1 /boot/config.txt
set_config_var gpu_mem 128 /boot/config.txt

52
.install/ipfs-pi-stream/install

@ -0,0 +1,52 @@
#!/usr/bin/env bash
set -e
BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Enable camera on the Raspberry Pi
sudo "$BASE_DIR/enable-camera.sh"
# Install ffmpeg and supporting tools
sudo apt-get install -y ffmpeg lsof inotify-tools nginx
# Copy placeholder for audio-only streams
cp "$BASE_DIR/audio.jpg" "$HOME/audio.jpg"
# Add user to be able to modify nginx directories
sudo usermod -a -G "$USER" www-data
sudo chmod g+rw /var/www/html
# TODO: why is this needed?
sudo chmod a+rw /var/www/html
sudo cp -f "$BASE_DIR/process-stream.sh" /usr/bin/process-stream.sh
sudo cp -f "$BASE_DIR/process-stream.service" /etc/systemd/system/process-stream.service
sudo systemctl daemon-reload
sudo systemctl enable process-stream
# Add hourly job to clear out old data
echo "41 * * * * $USER /usr/local/bin/ipfs repo gc" | sudo tee --append /etc/crontab
# Install the ipfs video player
mkdir "$BASE_DIR/tmp"
current_dir="$(pwd)"
git clone https://github.com/tomeshnet/ipfs-live-streaming.git "$BASE_DIR/tmp/ipfs-live-streaming"
cd "$BASE_DIR/tmp/ipfs-live-streaming"
git checkout b9be352582317e5336ddd7183ecf49042dafb33e
cd "$current_dir"
VIDEO_PLAYER_PATH="$BASE_DIR/tmp/ipfs-live-streaming/terraform/shared/video-player"
sed -i s#__IPFS_GATEWAY_SELF__#/ipfs/# "$VIDEO_PLAYER_PATH/js/common.js"
sed -i s#__IPFS_GATEWAY_ORIGIN__#https://ipfs.io/ipfs/# "$VIDEO_PLAYER_PATH/js/common.js"
IPFS_ID=$(ipfs id | grep ID | head -n 1 | awk -F\" '{print $4}')
sed -i "s#live.m3u8#/ipns/$IPFS_ID#" "$VIDEO_PLAYER_PATH/js/common.js"
sed -i s#__M3U8_HTTP_URLS__#\ # "$VIDEO_PLAYER_PATH/js/common.js"
cp -r "$VIDEO_PLAYER_PATH" /var/www/html/video-player
rm -rf "$BASE_DIR/tmp"
# Add entry into nginx home screen
APP="<div class='app'><h2>IPFS Pi Stream Player</h2>IPFS Video player for Pi Stream. <br />M3U8 Stream located <a href='/ipns/$IPFS_ID'>over ipns</a> <br/><a href='/video-player/'>Go </a> and play with built in video player</div>"
sudo sed -i "s#<\!--APPLIST-->#$APP\n<\!--APPLIST-->#" "/var/www/html/index.html"

16
.install/ipfs-pi-stream/process-stream.service

@ -0,0 +1,16 @@
[Unit]
Description=Service to process RTMP stream
Wants=network.target
After=ipfs.service
[Service]
Type=simple
User=pi
Group=pi
ExecStart=/usr/bin/process-stream.sh
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=on-failure
RestartSec=10s
[Install]
WantedBy=multi-user.target

124
.install/ipfs-pi-stream/process-stream.sh

@ -0,0 +1,124 @@
#!/usr/bin/env bash
HLS_TIME=40
M3U8_SIZE=3
IPFS_GATEWAY="https://ipfs.io"
# Load settings
# Prepare Pi Camera
sudo modprobe bcm2835-v4l2
sudo v4l2-ctl --set-ctrl video_bitrate=100000
function startFFmpeg() {
while true; do
mv ~/ffmpeg.log ~/ffmpeg.1
echo 1 > ~/stream-reset
# Stream Raspberry Pi Camera
ffmpeg -f video4linux2 -input_format h264 -video_size 1280x720 -framerate 30 -i /dev/video0 -vcodec copy -hls_time "${HLS_TIME}" "${what}.m3u8" > ~/ffmpeg.log 2>&1
# Stream FM Station from a SDR module (see contrib/pi-stream to install drivers)
# Frequency ends in M IE 99.9M
# rtl_fm -f 99.9M -M fm -s 170k -A std -l0 -E deemp -r 44.1k | ffmpeg -r 15 -loop 1 -i ../audio.jpg -f s16le -ac 1 -i pipe:0 -c:v libx264 -tune stillimage -preset ultrafast -hls_time "${HLS_TIME}" "${what}.m3u8" > ~/ffmpeg 2>&1
sleep 0.5
done
}
# Create directory for HLS content
currentpath="$HOME/live"
sudo umount "${currentpath}"
rm -rf "${currentpath}"
mkdir "${currentpath}"
sudo mount -t tmpfs tmpfs "${currentpath}"
# shellcheck disable=SC2164
cd "${currentpath}"
what="$(date +%Y%m%d%H%M)-LIVE"
# Start ffmpeg in background
startFFmpeg &
while true; do
#TODO# Fix this one
# shellcheck disable=SC2086,SC2012
nextfile=$(ls -tr ${what}*.ts 2>/dev/null | head -n 1)
if [ -n "${nextfile}" ]; then
# Check if the next file on the list is still being written to by ffmpeg
if lsof "${nextfile}" | grep -1 ffmpeg; then
# Wait for file to finish writing
# If not finished in 45 seconds something is wrong, timeout
inotifywait -e close_write "${nextfile}" -t ${HLS_TIME}
fi
# Grab the timecode from the m3u8 file so we can add it to the log
timecode=$(grep -B1 "${nextfile}" "${what}.m3u8" | head -n1 | awk -F : '{print $2}' | tr -d ,)
attempts=5
until [[ "${timecode}" || ${attempts} -eq 0 ]]; do
# Wait and retry
sleep 0.5
timecode=$(grep -B1 "${nextfile}" "${what}.m3u8" | head -n1 | awk -F : '{print $2}' | tr -d ,)
attempts=$((attempts-1))
done
if ! [[ "${timecode}" ]]; then
# Set approximate timecode
timecode="${HLS_TIME}.000000"
fi
reset_stream=$(cat ~/stream-reset)
reset_stream_marker=''
if [[ ${reset_stream} -eq '1' ]]; then
reset_stream_marker=" #EXT-X-DISCONTINUITY"
fi
echo 0 > ~/stream-reset
# Current UTC date for the log
time=$(date "+%F-%H-%M-%S")
# Add ts file to IPFS
ret=$(ipfs add --pin=false "${nextfile}" 2>/dev/null > ~/tmp.txt; echo $?)
attempts=5
until [[ ${ret} -eq 0 || ${attempts} -eq 0 ]]; do
# Wait and retry
sleep 0.5
ret=$(ipfs add --pin=false "${nextfile}" 2>/dev/null > ~/tmp.txt; echo $?)
attempts=$((attempts-1))
done
if [[ ${ret} -eq 0 ]]; then
# Update the log with the future name (hash already there)
echo "$(cat ~/tmp.txt) ${time}.ts ${timecode}${reset_stream_marker}" >> ~/process-stream.log
# Remove nextfile and tmp.txt
rm -f "${nextfile}" ~/tmp.txt
# Write the m3u8 file with the new IPFS hashes from the log
totalLines="$(wc -l ~/process-stream.log | awk '{print $1}')"
sequence=0
if ((totalLines>M3U8_SIZE)); then
sequence=$((totalLines-M3U8_SIZE))
fi
{
echo "#EXTM3U"
echo "#EXT-X-VERSION:3"
echo "#EXT-X-TARGETDURATION:${HLS_TIME}"
echo "#EXT-X-MEDIA-SEQUENCE:${sequence}"
} > current.m3u8
tail -n ${M3U8_SIZE} ~/process-stream.log | awk '{print $6"#EXTINF:"$5",\n'${IPFS_GATEWAY}'/ipfs/"$2}' | sed 's/#EXT-X-DISCONTINUITY#/#EXT-X-DISCONTINUITY\n#/g' >> current.m3u8
# Add m3u8 file to IPFS and IPNS publish
m3u8hash=$(ipfs add current.m3u8 | awk '{print $2}')
ipfs name publish --timeout=5s "${m3u8hash}" &
# Copy files to web server
cp current.m3u8 /var/www/html/live.m3u8
cp ~/process-stream.log /var/www/html/live.log
fi
else
sleep 5
fi
done

18
.install/ipfs-pi-stream/uninstall

@ -0,0 +1,18 @@
#!/usr/bin/env bash
set -e
BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
sudo systemctl stop process-stream
sudo systemctl disable process-stream
sudo rm -f /usr/bin/process-stream.sh
sudo rm -f /etc/systemd/system/process-stream.service
sudo systemctl daemon-reload
# Remove ffmpeg and supporting tools
sudo apt-get -y remove ffmpeg lsof inotify-tools
# Revert permissions
sudo chmod 755 /var/www/html
sed -i "/ipfs repo gc/d" | sudo tee --append /etc/crontab

69
.install/ipfs.sh

@ -0,0 +1,69 @@
#!/bin/bash
ipfs() {
# Install IPFS
MY_PATH="`dirname \"$0\"`" # relative
MY_PATH="`( cd \"$MY_PATH\" && pwd )`" # absolutized and normalized
## Config
templates="$MY_PATH/.install/templates/ipfs"
if [ "$EUID" -eq 0 ]
then echo -e "${c_red}DO NOT EXECUTE AS root. Choose a user for your Astroport Station (we like pi)$c_"
exit 1
else echo -e "${c_yellow}OK $USER, let's go!$c_";
fi
[[ -d ~/.ipfs ]] && echo "IPFS install exist, please remove backup before execute this script" && exit 1
echo -e "${c_yellow}Onboarding IPFS...$c_"
[[ -f /usr/local/bin/ipfs ]] && sudo service ipfs stop
if [[ $ARM == "yes" ]]; then
wget https://dist.ipfs.io/ipfs-update/v1.5.2/ipfs-update_v1.5.2_linux-arm.tar.gz -O $MY_PATH/ipfs-update.tar.gz || err+="Download ipfs-update"
else
wget https://dist.ipfs.io/ipfs-update/v1.5.2/ipfs-update_v1.5.2_linux-amd64.tar.gz -O $MY_PATH/ipfs-update.tar.gz || err+="Download ipfs-update"
fi
echo "INSTALL ipfs-update"
sudo tar -xvzf $MY_PATH/ipfs-update.tar.gz -C /usr/src/ || err+="Untar ipfs-update"
rm $MY_PATH/ipfs-update.tar.gz
cd /usr/src/ipfs-update/
sudo ./install.sh || err+="Install ipfs-update"
cd $MY_PATH
echo "INSTALL latest ipfs"
sudo ipfs-update install latest || err+="Install IPFS"
echo "CREATE SYSTEMD ipfs SERVICE"
sudo cp -f $templates/ipfs.service /etc/systemd/system/
sudo sed -i "s/_USER/$USER/g" /etc/systemd/system/ipfs.service
sudo systemctl daemon-reload || err+="Restart IPFS"
sudo systemctl enable ipfs || err+="Enable IPFS daemon"
# INIT ipfs
ipfs init -p lowpower
# ipfs init -p server ## Uncomment for server infrastructure
# ACTIVATE CONFIG OPTIONS
# PUBSUB
ipfs config Pubsub.Router gossipsub
# MAXSTORAGE
availableDiskSize=$(df -P ~/ | awk 'NR>1{sum+=$4}END{print sum}')
diskSize="$((availableDiskSize / 2))"
ipfs config Datastore.StorageMax $diskSize
## PORT FORWARD (SSH)
ipfs config --json Experimental.Libp2pStreamMounting true
######### UPDATE BOOTSTRAP LIST ###########
ipfs bootstrap rm --all
sudo systemctl restart ipfs || err+="Restart IPFS daemon"
exit 0
}
$@

135
.install/ipfs_alone.sh

@ -0,0 +1,135 @@
#!/bin/bash
########################################################################
{ # this ensures the entire script is downloaded #
MY_PATH="`dirname \"$0\"`" # relative
MY_PATH="`( cd \"$MY_PATH\" && pwd )`" # absolutized and normalized
ME="${0##*/}"
# CHECK not root user !!
if [ "$EUID" -eq 0 ]
then echo -e "${c_red}DO NOT EXECUTE AS root. Choose a user for your Astroport Station (we like pi)$c_"
exit 1
else echo -e "${c_yellow}OK $USER, let's go!$c_";
fi
# Ask user password on start
sudo true
## Error funciton
err() {
echo -e "${c_red}$1$c_"
exit 1
}
# CHECK if daemon is already running
if [[ $(ps auxf --sort=+utime | grep -w ipfs | grep -v -E 'color=auto|grep' | tail -n 1 | cut -d " " -f 1) ]]; then
echo "ipfs daemon already running...! Must STOP ipfs AND remove ~/.ipfs to install again !!"
ipfs id && echo "ipfs swarm peers: " && ipfs swarm peers
echo "ipfs bootstrap list: " && ipfs bootstrap list
echo "Please RUN : sudo systemctl stop ipfs"
exit 1
fi
[[ -d ~/.ipfs ]] && echo "IPFS install exist! Please remove or backup before executing this script" && exit 1
echo -e "${c_yellow}Astroport IPFS Layer installation...$c_"
# CHECK node IP isLAN?
myIP=$(hostname -I | awk '{print $1}')
isLAN=$(echo $myIP | grep -E "/(^127\.)|(^192\.168\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])/")
MACHINE_TYPE=`uname -m`
if [ ${MACHINE_TYPE} == 'x86_64' ]; then
curl -s https://dist.ipfs.io/ipfs-update/v1.6.0/ipfs-update_v1.6.0_linux-amd64.tar.gz -o $MY_PATH/ipfs-update.tar.gz
elif [ ${MACHINE_TYPE:0:3} == 'arm' ]; then
curl -s https://dist.ipfs.io/ipfs-update/v1.6.0/ipfs-update_v1.6.0_linux-arm.tar.gz -o $MY_PATH/ipfs-update.tar.gz
else
[ ! -f $MY_PATH/ipfs-update.tar.gz ] && err "Your $MACHINE_TYPE is not supported yet... Please add an issue."
fi
echo "INSTALL ipfs-update >>>>>>>>>>>>>>>>>>>>>>>>>>"
sudo tar -xvzf $MY_PATH/ipfs-update.tar.gz -C /usr/src/ || err "Untar ipfs-update"
rm $MY_PATH/ipfs-update.tar.gz
cd /usr/src/ipfs-update/
sudo ./install.sh || err "Install ipfs-update"
cd $MY_PATH
echo "INSTALL ipfs 0.7.0 >>>>>>>>>>>>>>>>>>>>>>>>>>"
sudo ipfs-update install 0.7.0 || err "Install IPFS"
## DEBIAN
echo "CREATE SYSTEMD ipfs SERVICE >>>>>>>>>>>>>>>>>>"
cat > /tmp/ipfs.service <<EOF
[Unit]
Description=IPFS daemon
After=network.target
[Service]
User=_USER_
ExecStart=/usr/local/bin/ipfs daemon --enable-pubsub-experiment --enable-namesys-pubsub --enable-gc
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
sudo cp -f /tmp/ipfs.service /etc/systemd/system/
sudo sed -i "s/_USER_/$USER/g" /etc/systemd/system/ipfs.service
[[ -d ~/.ipfs ]] && sudo chown -R $USER:$USER ~/.ipfs
sudo systemctl daemon-reload || err "Restart IPFS"
sudo systemctl enable ipfs || err "Enable IPFS daemon"
## Special Xbian init.d config
if [[ $USER == "xbian" && -f ~/.zen/astroport/.install/templates/ipfs/ipfs-initV.sh ]]; then
sudo cp ~/.zen/astroport/.install/templates/ipfs/ipfs-initV.sh /etc/init.d/ipfs
sudo chmod 755 /etc/init.d/ipfs
sudo touch /var/log/ipfs.log && chown xbian /var/log/ipfs.log
sudo service ipfs enable
fi
# INIT ipfs
[[ $isLAN ]] && ipfs init -p lowpower \
|| ipfs init -p server
# TODO try ipfs init --profile=badgerds (for better performance)
# https://discuss.ipfs.io/t/adding-content-to-ipfs-is-quite-slow-any-ideas-on-why-and-how-to-speed-things-up/8135/3
sudo chown -R $USER:$USER ~/.ipfs || exit 1
###########################################
# ACTIVATE IPFS OPTIONS: #swarm0 INIT
###########################################
### IMPORTANT !!!!!!! IMPORTANT !!!!!!
###########################################
# DHT PUBSUB mode
ipfs config Pubsub.Router gossipsub
# MAXSTORAGE = 1/2 available
availableDiskSize=$(df -P ~/ | awk 'NR>1{sum+=$4}END{print sum}')
diskSize="$((availableDiskSize / 2))"
ipfs config Datastore.StorageMax $diskSize
## Activate Rapid "ipfs p2p"
ipfs config --json Experimental.Libp2pStreamMounting true
ipfs config --json Experimental.P2pHttpProxy true
######### MAKE DEFAULT BOOTSTRAP TO oasis.astroport.com 2jQUH4HfHxdTesjCjvMCx1VJgA5AnpuvrWRq1swfRdsS ###########
ipfs bootstrap rm --all
ipfs bootstrap add /dnsaddr/oasis.astroport.com/tcp/4001/ipfs/12D3KooWBYme2BsNUrtx4mEdNX6Yioa9AV7opWzQp6nrPs6ZKabN
ipfs bootstrap add /ip4/51.15.166.54/tcp/4001/p2p/12D3KooWBYme2BsNUrtx4mEdNX6Yioa9AV7opWzQp6nrPs6ZKabN
ipfs bootstrap add /ip4/51.15.166.54/udp/4001/quic/p2p/12D3KooWBYme2BsNUrtx4mEdNX6Yioa9AV7opWzQp6nrPs6ZKabN
ipfs bootstrap add /ip6/fe80::208:a2ff:fe0c:20d8/tcp/4001/p2p/12D3KooWBYme2BsNUrtx4mEdNX6Yioa9AV7opWzQp6nrPs6ZKabN
###########################################
# TODO: ADD some other bootstrap NODES
###########################################
sudo systemctl start ipfs || err "Start IPFS daemon"
sleep 3
echo "Peers: " && ipfs swarm peers && sleep 0.3
#[[ ! $(ipfs swarm peers) =~ "/ip4/" ]] && err "No peers found in swarm. Please open issue :https://git.p2p.legal/axiom-team/astroport/issues"
} # this ensures the entire script is downloaded #
# IPFS CONFIG documentation: https://github.com/ipfs/go-ipfs/blob/master/docs/config.md#addressesswarm

BIN
.install/kodi/plugin.video.invidious-0.2.5.zip

Binary file not shown.

BIN
.install/kodi/repository.vstream-0.0.3.zip

Binary file not shown.

264
.install/loveland.sh

@ -0,0 +1,264 @@
#!/bin/bash
########################################################################
# Author: Fred (support@qo-op.com)
# Version: 0.3
# License: AGPL-3.0 (https://choosealicense.com/licenses/agpl-3.0/)
########################################################################
{
MY_PATH="`dirname \"$0\"`" # relative
MY_PATH="`( cd \"$MY_PATH\" && pwd )`" # absolutized and normalized
ME="${0##*/}"
########################################################################
YOU=$(ps auxf --sort=+utime | grep -w ipfs | grep -v -E 'color=auto|grep' | tail -n 1 | cut -d " " -f 1) || er+=" ipfs daemon not running"
IPFSNODEID=$(ipfs id -f='<id>\n') || er+=" ipfs id problem"
WHOAMI=$(sbotc whoami | jq -r .id) || er+=" sbotc whoami problem"
[[ "$YOU" == "" || "$IPFSNODEID" == "" || "$WHOAMI" == "" ]] && echo "ERROR : $er " && exit 1
########################################################################
#### DO NOT RUN AS ROOT
[[ $USER == "root" ]] && echo "DO NOT RUN AS root!! Use regular USER with sudo AUTHORISATION" && exit 1
#### APACHE NOT SUPPORTED
is_apache_running=$(ps auxf --sort=+utime | grep -w apache | grep -v -E 'color=auto|grep' | tail -n 1 | cut -d " " -f 1);
[[ $is_apache_running ]] && echo "SORRY ONLY nginx is supported. EXIT" && exit 1
#### ARM / X64 NOT USED THERE
MACHINE_TYPE=`uname -m`
[ ${MACHINE_TYPE:0:3} == 'arm' ] && isARM="YES"
### UPDATE apt cache
sudo apt-get update
### Adding YOU to www-data group
sudo adduser $YOU www-data
##################################
## INSTALL RAINBOW ASCII ;)
[[ ! $(which figlet) ]] && sudo apt install figlet -y
[[ ! $(which lolcat) ]] && sudo apt install lolcat -y
echo '
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
______ __ ____ ___
/ ____/___ ____ __ __/ / ____ _/ __ \____ _____/ (_)___
/ / / __ \/ __ \/ / / / / / __ `/ /_/ / __ `/ __ / / __ \
/ /___/ /_/ / /_/ / /_/ / /___/ /_/ / _, _/ /_/ / /_/ / / /_/ /
\____/\____/ .___/\__, /_____/\__,_/_/ |_|\__,_/\__,_/_/\____/
/_/ /____/
Multimedia Layer (https://www.copylaradio.com)
' | lolcat
## MULTIMEDIA
## VIDEO & AUDIO & PLAYLISTS ~/.zen/ DIR
mkdir -p ~/.zen/video
mkdir -p ~/.zen/audio
mkdir -p ~/.zen/playlists
######## YOUTUBE-DL ##########
if [[ ! $(which youtube-dl) ]]; then
sudo wget https://yt-dl.org/downloads/latest/youtube-dl -O /usr/local/bin/youtube-dl || err=1
sudo chmod a+rx /usr/local/bin/youtube-dl
sudo chown $YOU /usr/local/bin/youtube-dl
fi
###############################
# MPD/MPC RompR AUDIO LAYER
###############################
if [[ ! $(which mpd) ]]; then
sudo apt-get install libid3-tools mpd mpc lame ffmpeg lsof lltag inotify-tools bc -y || err=1
sudo apt-get install lame sox libsox-fmt-mp3 eyed3 python-chardet imagemagick curl -y || err=1 #libav-tools unavailable on some system
sudo apt-get install ca-certificates git-core binutils rsync alsa-utils bc espeak mpg321 fuse atomicparsley -y || err=1
## CONFIG MPD
sudo cp -f /home/$YOU/.zen/astroport/.install/templates/copylaradio/mpd.conf /etc/mpd.conf
sudo sed -i "s/_USER_/$YOU/g" /etc/mpd.conf || err=1
mkdir ~/.config/mpd && sudo cp -f /etc/mpd.conf ~/.config/mpd/mpd.conf && sudo chown $YOU ~/.config/mpd/mpd.conf
## CHOWN mpd FILES STRUCTURE
sudo chown -R $YOU /var/lib/mpd/ /var/run/mpd /run/mpd /var/log/mpd
sudo service mpd restart || err=1
fi
### INSTALL NGINX
echo '++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
_
____ ____ _(_)___ _ __
/ __ \/ __ `/ / __ \| |/_/
/ / / / /_/ / / / / /> <
/_/ /_/\__, /_/_/ /_/_/|_|
/____/
install
' | lolcat
sudo apt-get install fail2ban nginx ssl-cert php-curl php-sqlite3 php-gd php-json php-xml php-mbstring php-fpm sqlite -y || err=1
[[ ! $(which nslookup) ]] && sudo apt-get install lolcat dnsutils -y
echo '++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
__ ___ _ ___
/ |/ /_ __ ____ ____ _____ ___ ___ (_)___/__ \
/ /|_/ / / / / / __ \/ __ `/ __ `__ \/ _ \ / / ___// _/
/ / / / /_/ / / / / / /_/ / / / / / / __/ / (__ )/_/
/_/ /_/\__, / /_/ /_/\__,_/_/ /_/ /_/\___/ /_/____/(_)
/____/
' | lolcat
myIP=$(hostname -I | awk '{print $1}' | head -n 1)
isLAN=$(echo $myIP | grep -E "/(^127\.)|(^192\.168\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])/")
# Ask to the router its name (BOX DNS or system defined)
[[ -f /home/$YOU/.zen/astroport/zen/tools/nodename ]] && NODENAME=$(/home/$YOU/.zen/astroport/zen/tools/nodename) \
|| NODENAME=$(curl -s https://git.p2p.legal/axiom-team/astroport/raw/master/zen/tools/nodename | bash) ## RUNNING ALONE !!
echo $NODENAME
######################################
### LAUNCHIN OASIS = SSB HTTP interface
######################################
echo '
_
____ ____ ______(_)____
/ __ \/ __ `/ ___/ / ___/
/ /_/ / /_/ (__ ) (__ )
\____/\__,_/____/_/____/
SSB DEMO HTTP interface
' | lolcat
# IN CASE, KILL RUNNING OASIS
isOASIS=$(ps auxf --sort=+utime | grep -w oasis | grep -v -E 'color=auto|grep' | tail -n 1 | awk '{print $2}')
[[ $isOASIS ]] && sudo kill -9 $isOASIS
echo "Starting OASIS with good $NODENAME & network config"
echo "TODO: add to your /etc/rc.local or systemd or initV !!!"
#if [[ ! $isLAN ]]; then
# ### TODO: unlock oasis restrictions!! CANNOT MAKE PRIVATE MESSAGE => Feddless.social CAN add it as module on loveland portal!!)
# oasis --allow-host $NODENAME --host $NODENAME --public 2>&1>/dev/null &
# echo "--public = OASIS STATION IS IN VIEWING MODE ONLY..."
#else
# oasis --allow-host $NODENAME --host $NODENAME 2>&1>/dev/null &
#fi
#sleep 5
echo '
__ ____ _ __________ __
/ / / __ \ | / / ____/ / ____ _____ ____/ /
/ / / / / / | / / __/ / / / __ `/ __ \/ __ /
/ /___/ /_/ /| |/ / /___/ /___/ /_/ / / / / /_/ /
/_____/\____/ |___/_____/_____/\__,_/_/ /_/\__,_/
Portal
' | lolcat
###
echo "INSTALL LOVELand WebSite. Linking to /var/www ..."
if [[ ! -L /var/www/loveland ]]; then
sudo ln -s /home/$YOU/.zen/astroport/www/LOVELand /var/www/loveland
fi
echo "JUKEBOX init"
[[ -d /var/www/loveland/jukebox/albumart ]] && sudo chmod -R 777 /var/www/loveland/jukebox/albumart
[[ -d /var/www/loveland/jukebox/prefs ]] && sudo chmod -R 777 /var/www/loveland/jukebox/prefs
[[ -d /var/www/loveland/g1barre/img/qrcodes ]] && sudo chmod -R 777 /var/www/loveland/g1barre/img/qrcodes
# CONFIG NGINX - LOVE LAND FRONTAL WEB PAGE
echo "$NODENAME" | figlet -f slant | lolcat
## Write NODENAME to IPFS
echo "$NODENAME" > /home/$YOU/.zen/ipfs/.$IPFSNODEID/G1SSB/_nodename
PHPVERSION=$(ps auxf | grep php-fpm | grep -v -E 'color=auto|grep' | head -n 1 | grep -oP '(?<=\().*(?=\))' | awk -F '/' '{print $4}')
### ASTROPORT STATION LOVELAND PORTAL
sudo sed "s/_PHPVERSION_/$PHPVERSION/g" /home/$YOU/.zen/astroport/www/loveland.conf > /tmp/loveland.conf
sudo sed -i "s/_MY_NODE_NAME_/$NODENAME/g" /tmp/loveland.conf
sudo sed -i "s/_PORT_/10010/g" /tmp/loveland.conf
sudo sed -i "s/_APPLI_//g" /tmp/loveland.conf
sudo cp -f /tmp/loveland.conf /etc/nginx/conf.d/loveland.conf
### GCHANGE G1 Zen
sudo rm -f /etc/nginx/conf.d/gchange.conf
sudo sed "s/_PHPVERSION_/$PHPVERSION/g" /home/$YOU/.zen/astroport/www/loveland.conf > /tmp/gchange.conf
sudo sed -i "s/_MY_NODE_NAME_/$NODENAME/g" /tmp/gchange.conf
sudo sed -i "s/_PORT_/10020/g" /tmp/gchange.conf
sudo sed -i "s/_APPLI_/gchange/g" /tmp/gchange.conf
sudo cp -f /tmp/gchange.conf /etc/nginx/conf.d/gchange.conf
### CESIUM G1 Zen
sudo sed "s/_PHPVERSION_/$PHPVERSION/g" /home/$YOU/.zen/astroport/www/loveland.conf > /tmp/cesium.conf
sudo sed -i "s/_MY_NODE_NAME_/$NODENAME/g" /tmp/cesium.conf
sudo sed -i "s/_PORT_/10030/g" /tmp/cesium.conf
sudo sed -i "s/_APPLI_/cesium/g" /tmp/cesium.conf
sudo cp -f /tmp/cesium.conf /etc/nginx/conf.d/cesium.conf
### JUKEBOX RompR CopyLaRadio
if [[ $(which mpd) ]]; then
sudo sed "s/_PHPVERSION_/$PHPVERSION/g" /home/$YOU/.zen/astroport/www/loveland.conf > /tmp/jukebox.conf
sudo sed -i "s/_MY_NODE_NAME_/$NODENAME/g" /tmp/jukebox.conf
sudo sed -i "s/_PORT_/10011/g" /tmp/jukebox.conf
sudo sed -i "s/_APPLI_/jukebox/g" /tmp/jukebox.conf
sudo cp -f /tmp/jukebox.conf /etc/nginx/conf.d/jukebox.conf
fi
### SSB OASIS Zen (PROXY MODE 10040 -> 3000)
if [[ $(which oasis) ]]; then
sudo sed "s/_MY_NODE_NAME_/$NODENAME/g" /home/$YOU/.zen/astroport/www/oasis.conf > /tmp/oasis.conf
sudo sed -i "s/_PORT_/10040/g" /tmp/oasis.conf
sudo sed -i "s/_LHOST_/$NODENAME:3000/g" /tmp/oasis.conf
sudo sed -i "s/_APPLI_//g" /tmp/oasis.conf
sudo cp -f /tmp/oasis.conf /etc/nginx/conf.d/oasis.conf
# TRICK: COULD BE USED TO ADD .htpasswod ACCESS CONTROL AND REMOVE --public
# TODO use "ipfs p2p" to AGREGATE ALL OASIS on ONE (not ALL like G1SMS) ?
# NEED G1PUB to be identified with same MEMBER owner in 'zen/ipfs_OPEN_ports.sh'?
fi
### G1SMS propagation to localhost:10099 / 10097 ("ipfs p2p" forwarded)
if [[ $(which gammu) ]]; then
# DIRECT MODE
sudo sed "s/_PHPVERSION_/$PHPVERSION/g" /home/$YOU/.zen/astroport/www/loveland.conf > /tmp/g1sms.conf
sudo sed -i "s/_MY_NODE_NAME_/$NODENAME/g" /tmp/g1sms.conf
sudo sed -i "s/_PORT_/10099/g" /tmp/g1sms.conf
sudo sed -i "s/_APPLI_/g1sms/g" /tmp/g1sms.conf
sudo cp -f /tmp/g1sms.conf /etc/nginx/conf.d/g1sms.conf
else
# PROXY MODE (10099 -> 10097) ### ipfs p2p PROPAGATION WITH 'zen/ipfs_OPEN_ports.sh'
sudo sed "s/_MY_NODE_NAME_/$NODENAME/g" /home/$YOU/.zen/astroport/www/oasis.conf > /tmp/g1sms_proxy.conf
sudo sed -i "s/_PORT_/10099/g" /tmp/g1sms_proxy.conf
sudo sed -i "s/_LHOST_/127\.0\.0\.1\:10097/g" /tmp/g1sms_proxy.conf
sudo sed -i "s/_APPLI_/g1sms/g" /tmp/g1sms_proxy.conf
sudo cp -f /tmp/g1sms_proxy.conf /etc/nginx/conf.d/g1sms_proxy.conf
fi
##### RESTART NGINX
sudo systemctl restart nginx || err=1
if [[ $err ]]; then
echo -e "${c_red}Installation de LOVELand bizarre??$c_"
echo "PLEASE... POST YOUR ISSUE! https://git.p2p.legal/axiom-team/astroport/issues"
exit 1
else
echo -e "${c_green}LOVE Land a été installé avec succès$c_"
echo -e "LoveLand Portal link http://$NODENAME:10010 (TRY ME)
Add ScuttleButt Astroport PUB Invitation:
${c_green}With Patchwork: "Join a server"$c_
Or with Oasis: http://$NODENAME:3000/settings (dev mode, still buggy)
${c_light}oasis.astroport.com:8008::@UeiA9iqZ0/XTjmYBht230KGr44bsr+Tl5BXSUDFv8vo=.ed25519~jd9Z4y/d/xZCF7bfuSgQSiSGLMeWFhwMosKUFhFxeEY=" $c_
fi
# Open LOVEland in browser
URL="http://$NODENAME"
path=$(which xdg-open || which gnome-open)
xo ()
{
for var in "$@"; do
$path "$var";
sleep 0.5
done
}
[[ -n $path ]] && xo $URL:10010 $URL:10020 $URL:10030 > /dev/null
} # for script being completely downloaded before run

188
.install/mpd_rompr.sh

@ -0,0 +1,188 @@
#!/bin/bash
########################################################################
# Author: Fred (support@qo-op.com)
# Version: 0.3
# License: AGPL-3.0 (https://choosealicense.com/licenses/agpl-3.0/)
########################################################################
{
MY_PATH="`dirname \"$0\"`" # relative
MY_PATH="`( cd \"$MY_PATH\" && pwd )`" # absolutized and normalized
ME="${0##*/}"
########################################################################
YOU=$(ps auxf --sort=+utime | grep -w ipfs | grep -v -E 'color=auto|grep' | tail -n 1 | cut -d " " -f 1) || er+=" ipfs daemon not running"
IPFSNODEID=$(ipfs id -f='<id>\n') || er+=" ipfs id problem"
WHOAMI=$(sbotc whoami | jq -r .id) || er+=" sbotc whoami problem"
[[ "$YOU" == "" || "$IPFSNODEID" == "" || "$WHOAMI" == "" ]] && echo "ERROR : $er " && exit 1
########################################################################
#### DO NOT RUN AS ROOT
[[ $USER == "root" ]] && echo "DO NOT RUN AS root!! Use regular USER with sudo AUTHORISATION" && exit 1
#### APACHE NOT SUPPORTED
is_apache_running=$(ps auxf --sort=+utime | grep -w apache | grep -v -E 'color=auto|grep' | tail -n 1 | cut -d " " -f 1);
[[ $is_apache_running ]] && echo "SORRY ONLY nginx is supported. EXIT" && exit 1
#### ARM / X64 NOT USED THERE
MACHINE_TYPE=`uname -m`
[ ${MACHINE_TYPE:0:3} == 'arm' ] && isARM="YES"
### UPDATE apt cache
sudo apt-get update
### Adding YOU to www-data group
sudo adduser $YOU www-data
##################################
## INSTALL RAINBOW ASCII ;)
[[ ! $(which figlet) ]] && sudo apt install figlet -y
[[ ! $(which lolcat) ]] && sudo apt install lolcat -y
echo '
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
______ __ ____ ___
/ ____/___ ____ __ __/ / ____ _/ __ \____ _____/ (_)___
/ / / __ \/ __ \/ / / / / / __ `/ /_/ / __ `/ __ / / __ \
/ /___/ /_/ / /_/ / /_/ / /___/ /_/ / _, _/ /_/ / /_/ / / /_/ /
\____/\____/ .___/\__, /_____/\__,_/_/ |_|\__,_/\__,_/_/\____/
/_/ /____/
Multimedia Layer (https://www.copylaradio.com)
' | lolcat
## MULTIMEDIA
## VIDEO & AUDIO & PLAYLISTS ~/.zen/ DIR
mkdir -p ~/astroport/films
mkdir -p ~/astroport/animes
mkdir -p ~/astroport/series
mkdir -p ~/astroport/docus
mkdir -p ~/astroport/musiques
mkdir -p ~/.zen/video
mkdir -p ~/.zen/audio
mkdir -p ~/.zen/playlists
######## YOUTUBE-DL ##########
if [[ ! $(which youtube-dl) ]]; then
sudo wget https://yt-dl.org/downloads/latest/youtube-dl -O /usr/local/bin/youtube-dl || err=1
sudo chmod a+rx /usr/local/bin/youtube-dl
sudo chown $YOU /usr/local/bin/youtube-dl
fi
###############################
# MPD/MPC RompR AUDIO LAYER
###############################
if [[ ! $(which mpd) ]]; then
sudo apt-get install libid3-tools mpd mpc lame ffmpeg lsof lltag inotify-tools bc -y || err=1
sudo apt-get install lame sox libsox-fmt-mp3 eyed3 python-chardet imagemagick curl -y || err=1 #libav-tools unavailable on some system
sudo apt-get install ca-certificates git-core binutils rsync alsa-utils bc espeak mpg321 fuse atomicparsley -y || err=1
## CONFIG MPD
sudo cp -f /home/$YOU/.zen/astroport/.install/templates/copylaradio/mpd.conf /etc/mpd.conf
sudo sed -i "s/_USER_/$YOU/g" /etc/mpd.conf || err=1
mkdir ~/.config/mpd && sudo cp -f /etc/mpd.conf ~/.config/mpd/mpd.conf && sudo chown $YOU ~/.config/mpd/mpd.conf
## CHOWN mpd FILES STRUCTURE
sudo chown -R $YOU /var/lib/mpd/ /var/run/mpd /run/mpd /var/log/mpd
sudo service mpd restart || err=1
fi
### INSTALL NGINX
echo '++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
_
____ ____ _(_)___ _ __
/ __ \/ __ `/ / __ \| |/_/
/ / / / /_/ / / / / /> <
/_/ /_/\__, /_/_/ /_/_/|_|
/____/
install
' | lolcat
sudo apt-get install fail2ban nginx ssl-cert php-curl php-sqlite3 php-gd php-json php-xml php-mbstring php-fpm sqlite -y || err=1
[[ ! $(which nslookup) ]] && sudo apt-get install lolcat dnsutils -y
echo '++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
__ ___ _ ___
/ |/ /_ __ ____ ____ _____ ___ ___ (_)___/__ \
/ /|_/ / / / / / __ \/ __ `/ __ `__ \/ _ \ / / ___// _/
/ / / / /_/ / / / / / /_/ / / / / / / __/ / (__ )/_/
/_/ /_/\__, / /_/ /_/\__,_/_/ /_/ /_/\___/ /_/____/(_)
/____/
' | lolcat
myIP=$(hostname -I | awk '{print $1}' | head -n 1)
isLAN=$(echo $myIP | grep -E "/(^127\.)|(^192\.168\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])/")
# Ask to the router its name (BOX DNS or system defined)
[[ -f /home/$YOU/.zen/astroport/zen/tools/nodename ]] && NODENAME=$(/home/$YOU/.zen/astroport/zen/tools/nodename) \
|| NODENAME=$(curl -s https://git.p2p.legal/axiom-team/astroport/raw/master/zen/tools/nodename | bash) ## RUNNING ALONE !!
echo $NODENAME
echo '
__ ____ _ __________ __
/ / / __ \ | / / ____/ / ____ _____ ____/ /
/ / / / / / | / / __/ / / / __ `/ __ \/ __ /
/ /___/ /_/ /| |/ / /___/ /___/ /_/ / / / / /_/ /
/_____/\____/ |___/_____/_____/\__,_/_/ /_/\__,_/
Portal
' | lolcat
###
echo "INSTALL LOVELand WebSite. Linking to /var/www ..."
if [[ ! -L /var/www/loveland ]]; then
sudo ln -s /home/$YOU/.zen/astroport/www/LOVELand /var/www/loveland
fi
echo "JUKEBOX init"
[[ -d /var/www/loveland/jukebox/albumart ]] && sudo chmod -R 777 /var/www/loveland/jukebox/albumart
[[ -d /var/www/loveland/jukebox/prefs ]] && sudo chmod -R 777 /var/www/loveland/jukebox/prefs
[[ -d /var/www/loveland/g1barre/img/qrcodes ]] && sudo chmod -R 777 /var/www/loveland/g1barre/img/qrcodes
# CONFIG NGINX - LOVE LAND FRONTAL WEB PAGE
echo "$NODENAME" | figlet -f slant | lolcat
## Write NODENAME to IPFS
echo "$NODENAME" > /home/$YOU/.zen/ipfs/.$IPFSNODEID/G1SSB/_nodename
PHPVERSION=$(ps auxf | grep php-fpm | grep -v -E 'color=auto|grep' | head -n 1 | grep -oP '(?<=\().*(?=\))' | awk -F '/' '{print $4}')
### JUKEBOX RompR CopyLaRadio
if [[ $(which mpd) ]]; then
sudo sed "s/_PHPVERSION_/$PHPVERSION/g" /home/$YOU/.zen/astroport/www/loveland.conf > /tmp/jukebox.conf
sudo sed -i "s/_MY_NODE_NAME_/$NODENAME/g" /tmp/jukebox.conf
sudo sed -i "s/_PORT_/80/g" /tmp/jukebox.conf
sudo sed -i "s/_APPLI_/jukebox/g" /tmp/jukebox.conf
sudo cp -f /tmp/jukebox.conf /etc/nginx/conf.d/jukebox.conf
fi
##### RESTART NGINX
sudo systemctl restart nginx || err=1
if [[ $err ]]; then
echo -e "${c_red}Installation de bizarre??$c_"
echo "PLEASE... POST YOUR ISSUE! https://git.p2p.legal/axiom-team/astroport/issues"
exit 1
else
echo -e "${c_green}Installation réalisée avec succès$c_"
echo -e "Astroport JUKEBOX http://$NODENAME (TRY ME)"
fi
# Open in browser
URL="http://$NODENAME"
path=$(which xdg-open || which gnome-open)
xo ()
{
for var in "$@"; do
$path "$var";
sleep 0.5
done
}
[[ -n $path ]] && xo $URL:80 > /dev/null
} # for script being completely downloaded before run

35
.install/nextcloud/README.md

@ -0,0 +1,35 @@
# Automatic install of Nextcloud on Debian 8/9/10
## Use
Set good variables for your use case at the beginning of install.sh:
```
nc_domain="" # Votre nom de domaine pour votre nextcloud. Si vide il prendra le premier argument que vous passerez, sinon le hostname de votre machine
nc_port=80 # Numéro de port d'écoute de nginx
admin_user="admin" # Le pseudo du compte admin
admin_pass="admin" # Le mot de passe que vous désirez pour le compte admin
db_pass="" # Le mot de passe que vous désirez pour MariaDB. Si vide, un mot de passe aléatoire sécurisé sera choisi
isSSL=false # true si nextcloud et nginx doivent être configuré en https
configMaria=auto # Mettez manual ou auto, attention auto est expérimental et vraiment pas recommendé
p2env=false # true si vous êtes dans un environnement p2p.legal
```
Then:
```
chmod u+x install.sh
./install.sh
```
You can change the ssl state of your instance after the installation if you need.
Just execute ssl.sh:
`./ssl.sh`
If you prefere, you can download this script directly via:
```
wget https://dev-nextcloud.p2p.legal/installeur/install-nextcloud.tar.gz
tar -zxvf install-nextcloud.tar.gz
./install.sh 2>&1 | tee loginstall.log
```

186
.install/nextcloud/install.sh

@ -0,0 +1,186 @@
#!/bin/bash
################################################################################
# Author: poka (poka@p2p.legal)
# Version: 0.1
# License: AGPL-3.0 (https://choosealicense.com/licenses/agpl-3.0/)
################################################################################
### Variables ###
nc_domain="" # Votre nom de domaine pour votre nextcloud. Si vide il prendra le premier argument que vous passerez, sinon le hostname de votre machine
nc_port=10050 # Numéro de port d'écoute de nginx
YOU=$(ps auxf --sort=+utime | grep -w ipfs | grep -v -E 'color=auto|grep' | tail -n 1 | cut -d " " -f 1)
admin_user="$YOU" # Le pseudo du compte admin
admin_pass="0penS0urce!" # Le mot de passe que vous désirez pour le compte admin
db_pass="" # Le mot de passe que vous désirez pour MariaDB. Si vide, un mot de passe aléatoire sécurisé sera choisi
data_dir="/home/$YOU/.zen/nextcloud" # Le répertoir data de nextcloud, toutes les données utilisateurs s'y trouvent
isSSL=false # true si nextcloud et nginx doivent être configuré en https
configMaria=auto # Mettez manual ou auto, attention auto est expérimental et vraiment pas recommendé
p2env=false # true si vous êtes dans un environnement p2p.legal
#################
if [ "$EUID" -ne 0 ]
then echo -e "${c_red}Veuillez executez ce script en root$c_"
exit 1
fi
## Atroport config
echo -e "${c_yellow}Getting local hostname...$c_"
nc_domain=$(/home/$YOU/.zen/astroport/zen/tools/nodename)
templates="/home/$YOU/.zen/astroport/.install/nextcloud/templates"
## Set var
[[ -z $nc_domain ]] && nc_domain=$1
[[ -z $nc_domain ]] && nc_domain=$(echo $HOSTNAME.p2p.legal)
[[ -z $db_pass ]] && db_pass="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" && echo "Votre mot de passe mysql nextcloud est : $db_pass" >> /root/nextcloud_mysql_pwd.txt
db_pass_root="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9~!@#$%^&*_-' | fold -w 32 | head -n 1)"
if [[ p2env == "true" ]]; then
cd /nextcloud/templates/
else
[[ ! -e $templates ]] && echo -e "${c_red}Erreur: Le dossier templates n'existe pas, installation impossible.$c_" && exit 1
cd $templates
fi
## Update system packages
apt install -y lsb-release apt-transport-https ca-certificates
apt update -y
apt install nginx mariadb-server apt-transport-https curl gnupg2 git lsb-release ssl-cert ca-certificates apt-transport-https tree locate software-properties-common dirmngr screen htop net-tools zip unzip curl ffmpeg ghostscript libfile-fcntllock-perl -y
systemctl start nginx || (echo -e "${c_red}Erreur quelque part ...$c_" && exit 1)
systemctl start mariadb || (echo -e "${c_red}Erreur quelque part ...$c_" && exit 1)
systemctl enable mariadb || (echo -e "${c_red}Erreur quelque part ...$c_" && exit 1)
systemctl enable nginx || (echo -e "${c_red}Erreur quelque part ...$c_" && exit 1)
echo -e "${c_yellow} === Installing php ... ===$c_"
apt install php php-fpm php-xml php-curl php-gd php php-cgi php-cli php-zip php-mysql php-mbstring php-intl php-json php-bz2 php-ldap php-apcu imagemagick php-imagick php-smbclient -y
export PHPVERSION=$(ps auxf | grep php-fpm | grep -v -E 'color=auto|grep' | head -n 1 | grep -oP '(?<=\().*(?=\))' | awk -F '/' '{print $4}')
echo -e "${c_yellow} === Configuring php ... ===$c_"
[[ ! -e /etc/php/$PHPVERSION/cli/php.ini.bak ]] && (bash configure_php.sh || (echo -e "${c_red}Erreur quelque part ...$c_" && exit 1)) || echo "PHP déjà configuré, skip"
echo -e "${c_yellow} === Configure MariaDB ===$c_"
configMariaManual() {
mysql_secure_installation || (echo -e "${c_red}Erreur quelque part ...$c_" && exit 1)
}
configMariaAuto() {
mysql -e "UPDATE mysql.user SET Password = PASSWORD('$db_pass_root') WHERE User = 'root'"
isLocalhostUsers=$(mysql -e "select user from mysql.user;" | grep "localhost")
isTestDB=$(mysql -e "show databases" | grep "test")
[[ -n $isLocalhostUsers ]] && mysql -e "DROP USER ''@'localhost'; DROP USER ''@'$(hostname)'"
[[ -n $isTestDB ]] && mysql -e "DROP DATABASE test"
mysql -e "FLUSH PRIVILEGES"
}
[[ $configMaria == "auto" ]] && configMariaAuto || configMariaManual
[[ ! -e /etc/mysql/my.cnf.bak ]] && (mv /etc/mysql/my.cnf /etc/mysql/my.cnf.bak && cp my.cnf /etc/mysql/ && service mysql restart) || echo "MariaDB déjà configuré, skip"
echo -e "${c_yellow} === Create and configure database... ===$c_"
isDBCreate=$(mysql -e "show databases" | grep "nextcloud")
[[ -z $isDBCreate ]] && mysql -e "CREATE DATABASE nextcloud;CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY \"$db_pass\";GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';FLUSH PRIVILEGES;ALTER DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" || echo "La base de donnée de nextcloud est déjà créé, skip"
echo -e "${c_yellow} === Installing and configure Redis... ===$c_"
apt install redis-server php-redis -y
[[ ! -e /etc/redis/redis.conf.bak ]] && cp /etc/redis/redis.conf /etc/redis/redis.conf.bak || echo "Redis est déjà configuré, skip"
sed -i "s/port 6379/port 0/" /etc/redis/redis.conf
sed -i "s/redis.sock/redis-server.sock/" /etc/redis/redis.conf
sed -i s/\#\ unixsocket/\unixsocket/g /etc/redis/redis.conf
sed -i "s/unixsocketperm 700/unixsocketperm 770/" /etc/redis/redis.conf
sed -i "s/# maxclients 10000/maxclients 512/" /etc/redis/redis.conf
usermod -a -G redis www-data || (echo -e "${c_red}Erreur quelque part ...$c_" && exit 1)
[[ ! -e /etc/sysctl.conf.bak ]] && cp /etc/sysctl.conf /etc/sysctl.conf.bak || echo "sysctl est déjà configuré, skip"
sed -i '$avm.overcommit_memory = 1' /etc/sysctl.conf
service redis-server restart || (echo -e "${c_red}Erreur quelque part ...$c_" && exit 1)
echo -e "${c_yellow} === Installing NextCloud... ===$c_"
if [[ ! -e /var/www/nextcloud ]]; then
mkdir /var/www/nextcloud
chown www-data:www-data /var/www/nextcloud
chmod 750 /var/www/nextcloud || (echo -e "${c_red}Erreur quelque part ...$c_" && exit 1)
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
tar -xjf latest.tar.bz2 -C /var/www && chown -R www-data:www-data /var/www/ && rm -f latest.tar.bz2
fi
if [[ ! -e $data_dir ]]; then
mkdir -p $data_dir
chown www-data:www-data $data_dir
chmod 750 $data_dir || (echo -e "${c_red}Erreur quelque part ...$c_" && exit 1)
fi
## Add local IP as secondary trust domain
# Prefere occ methode ...
# sed -i "/0 => '$nc_domain'.*/a \ 1 => '$ip_local:$nc_port'," /var/www/nextcloud/config/config.php
ip_local=$(/sbin/ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
[[ $nc_port == 80 ]] && nc_port_loc="" || nc_port_loc=":$nc_port"
[[ -e /var/www/nextcloud/config/config.php ]] && isNCConfig=$(cat /var/www/nextcloud/config/config.php | grep "'installed' => true")
[[ -z "$isNCConfig" ]] && sudo -u www-data php /var/www/nextcloud/occ maintenance:install --database "mysql" --database-name "nextcloud" --database-user "nextcloud" --database-pass "$db_pass" --admin-user "$admin_user" --admin-pass "$admin_pass" --data-dir "$data_dir"
sleep 0.2
sudo -u www-data php /var/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value="true"
sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 0 --value=$nc_domain
sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=$ip_local$nc_port_loc
sudo -u www-data php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=$nc_domain
isNCConfigAdd=$(cat /var/www/nextcloud/config/config.php | grep "activity_expire_days")
if [[ -z "$isNCConfigAdd" ]]; then
sudo -u www-data sed -i 's/^[ ]*//' /var/www/nextcloud/config/config.php
sudo -u www-data sed -i '/);/d' /var/www/nextcloud/config/config.php
cat config_complete.php >> /var/www/nextcloud/config/config.php
fi
sudo -u www-data sed -i "s/output_buffering=.*/output_buffering=0/" /var/www/nextcloud/.user.ini
sudo -u www-data php /var/www/nextcloud/occ app:disable survey_client
sudo -u www-data php /var/www/nextcloud/occ app:disable firstrunwizard
sudo -u www-data php /var/www/nextcloud/occ app:enable admin_audit
sudo -u www-data php /var/www/nextcloud/occ app:enable files_pdfviewer
echo -e "${c_yellow} === Configure nginx ... ===$c_"
cp nextcloud.conf /etc/nginx/conf.d/
cp *optimization.conf /etc/nginx/
sed -i "s/NC_DOMAIN/$nc_domain/" /etc/nginx/conf.d/nextcloud.conf
sed -i "s/NC_PORT/$nc_port/" /etc/nginx/conf.d/nextcloud.conf
sed -i "s/_PHPVERSION/$PHPVERSION/" /etc/nginx/conf.d/nextcloud.conf
sed -i "s/80 default_server;/81 default_server;/" /etc/nginx/sites-enabled/default
chmod u+x ../ssl.sh
if [[ $isSSL == "false" ]]; then
../ssl.sh nonssl
else
../ssl.sh certif
../ssl.sh ssl
fi
echo -e "${c_yellow} === Mise en place des scripts et crons ... ===$c_"
[[ ! -e /opt/scripts ]] && mkdir /opt/scripts
cp nc_optimize.sh /opt/scripts/
cp upgrade.sh /opt/scripts/
cp occ /opt/scripts/
echo "alias occ='/opt/scripts/occ'" >> ~/.bashrc
alias occ='/opt/scripts/occ'
[[ -z $(crontab -l | grep "/var/www/nextcloud/cron.php") ]] && (crontab -l ; echo "*/5 * * * * sudo -u www-data /usr/bin/php -f /var/www/nextcloud/cron.php > /dev/null 2>&1") | crontab -u root - || echo "cron nextcloud ever set, skip"
[[ -z $(crontab -l | grep "/opt/scripts/optimize.sh") ]] && (crontab -l ; echo "5 1 * * * /opt/scripts/optimize.sh > /dev/null 2>&1") | crontab -u root - || echo "cron optimize ever set, skip"
sudo -u www-data php /var/www/nextcloud/occ background:cron
sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices
sudo -u www-data php /var/www/nextcloud/occ db:convert-filecache-bigint
echo -e "${c_yellow} === Restarting services ... ===$c_"
service php$PHPVERSION-fpm restart && service nginx restart && service mysql restart && service redis-server restart || (echo -e "${c_red}Impossible de reloader les service$c_" && exit 1)
bash /opt/scripts/nc_optimize.sh
usermod -aG www-data $YOU
echo -e "${c_green}Nextcloud a été installé avec succès !\nOuverture...$c_"
URL="http://$nc_domain:$nc_port"
[[ -x $BROWSER ]] && su -c "exec \"$BROWSER\" \"$URL\"" $YOU > /dev/null
path=$(which xdg-open || which gnome-open) && su -c "exec \"$path\" \"$URL\"" $YOU > /dev/null
echo -e "${c_yellow}Can't find browser$c_"

69
.install/nextcloud/ssl.sh

@ -0,0 +1,69 @@
#!/bin/bash
if [ "$EUID" -ne 0 ]
then echo "Veuillez executez ce script en root"
exit 1
fi
domain=$(cat /etc/nginx/conf.d/nextcloud.conf | grep server_name | awk '{ print $2 }')
domain=$(echo ${domain::-1})
[[ ! $1 =~ ^(ssl|nonssl|certif)$ ]] && echo "Veuillez choisir ssl, nonssl ou certif pour créer un certificat ssl" && exit 1
ssl(){
sed -i "s/'overwriteprotocol' => 'http'/'overwriteprotocol' => 'https'/" /var/www/nextcloud/config/config.php
sed -i "s/http/https/" /etc/nginx/conf.d/nextcloud.conf
sed -i "s/fastcgi_param HTTPS off/fastcgi_param HTTPS on/" /etc/nginx/conf.d/nextcloud.conf
sed -i "s/listen 443;/listen 443 ssl;/" /etc/nginx/conf.d/nextcloud.conf
[[ ! -e /etc/nginx/includes ]] && mkdir /etc/nginx/includes
cp .install_templates/ssl.conf /etc/nginx/includes/
sed -i "/fastcgi_hide_header X-Powered-By;/a \ include includes/ssl.conf;\n ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;" /etc/nginx/conf.d/nextcloud.conf
}
nonssl(){
sed -i "s/'overwriteprotocol' => 'https'/'overwriteprotocol' => 'http'/" /var/www/nextcloud/config/config.php
sed -i "s/https/http/" /etc/nginx/conf.d/nextcloud.conf
sed -i "s/fastcgi_param HTTPS on/fastcgi_param HTTPS off/" /etc/nginx/conf.d/nextcloud.conf
sed -i '/ssl.conf;/d' /etc/nginx/conf.d/nextcloud.conf
sed -i '/ssl_certificate/d' /etc/nginx/conf.d/nextcloud.conf
}
install_certbot(){
sudo apt update
if [[ $(grep buster /etc/os-release) ]]; then
[[ -z $(cat /etc/apt/sources.list | grep "buster-backports main") ]] && echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
sudo apt install certbot python-certbot-nginx -t buster-backports -y
elif [[ $(grep stretch /etc/os-release) ]]; then
sudo apt install certbot python-certbot-nginx -y
elif [[ $(grep -E '16.|17.|18.|19.' /etc/os-release) ]]; then
sudo apt install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install certbot python-certbot-nginx
else
echo "OS non supporté pour certbot." && exit 1
fi
}
create_certificate() {
cd .install_templates
certbot --nginx certonly --non-interactive --agree-tos -m $USER@$domain -d $domain && echo "Le certificat de $domain a bien été déployé" || echo "Une erreur s'est produite lors de la création du certificat SSL"
## Cronification
[[ ! -e /opt/scripts ]] && mkdir /opt/scripts
cp ssl_renew.sh /opt/scripts/
[[ -z $(crontab -l | grep "/opt/scripts/ssl_renew.sh") ]] && (crontab -l ; echo "12 2 * * 1 /opt/scripts/ssl_renew.sh") | crontab -u root -
}
certif() {
[[ -z $(which certbot) ]] && install_certbot
[[ -n /etc/letsencrypt/live/$domain/fullchain.pem ]] && create_certificate
}
$@
service nginx reload
exit 0

52
.install/nextcloud/templates/config_complete.php

@ -0,0 +1,52 @@
'activity_expire_days' => 14,
'auth.bruteforce.protection.enabled' => true,
'blacklisted_files' =>
array (
0 => '.htaccess',
1 => 'Thumbs.db',
2 => 'thumbs.db',
),
'cron_log' => true,
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\Movie',
6 => 'OC\\Preview\\PDF',
7 => 'OC\\Preview\\MP3',
8 => 'OC\\Preview\\TXT',
9 => 'OC\\Preview\\MarkDown',
),
'filesystem_check_changes' => 0,
'filelocking.enabled' => 'true',
'htaccess.RewriteBase' => '/',
'integrity.check.disabled' => false,
'knowledgebaseenabled' => false,
'logfile' => '/var/log/nextcloud.log',
'loglevel' => 2,
'logtimezone' => 'Europe/Paris',
'log_rotate_size' => 104857600,
'maintenance' => false,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'overwriteprotocol' => 'https',
'preview_max_x' => 1024,
'preview_max_y' => 768,
'preview_max_scale_factor' => 1,
'redis' =>
array (
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
'timeout' => 0.0,
),
'quota_include_external_storage' => false,
'share_folder' => '/Shares',
'skeletondirectory' => '',
'theme' => '',
'trashbin_retention_obligation' => 'auto, 7',
'updater.release.channel' => 'stable',
);

50
.install/nextcloud/templates/configure_php.sh

@ -0,0 +1,50 @@
cp /etc/php/$PHPVERSION/fpm/pool.d/www.conf /etc/php/$PHPVERSION/fpm/pool.d/www.conf.bak
cp /etc/php/$PHPVERSION/cli/php.ini /etc/php/$PHPVERSION/cli/php.ini.bak
cp /etc/php/$PHPVERSION/fpm/php.ini /etc/php/$PHPVERSION/fpm/php.ini.bak
cp /etc/php/$PHPVERSION/fpm/php-fpm.conf /etc/php/$PHPVERSION/fpm/php-fpm.conf.bak
sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/$PHPVERSION/fpm/pool.d/www.conf
sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/$PHPVERSION/fpm/pool.d/www.conf
sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/$PHPVERSION/fpm/pool.d/www.conf
sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/$PHPVERSION/fpm/pool.d/www.conf
sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/$PHPVERSION/fpm/pool.d/www.conf
sed -i "s/pm.max_children = .*/pm.max_children = 240/" /etc/php/$PHPVERSION/fpm/pool.d/www.conf
sed -i "s/pm.start_servers = .*/pm.start_servers = 20/" /etc/php/$PHPVERSION/fpm/pool.d/www.conf
sed -i "s/pm.min_spare_servers = .*/pm.min_spare_servers = 10/" /etc/php/$PHPVERSION/fpm/pool.d/www.conf
sed -i "s/pm.max_spare_servers = .*/pm.max_spare_servers = 20/" /etc/php/$PHPVERSION/fpm/pool.d/www.conf
sed -i "s/;pm.max_requests = 500/pm.max_requests = 500/" /etc/php/$PHPVERSION/fpm/pool.d/www.conf
sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/$PHPVERSION/cli/php.ini
sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/$PHPVERSION/cli/php.ini
sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/$PHPVERSION/cli/php.ini
sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/$PHPVERSION/cli/php.ini
sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/$PHPVERSION/cli/php.ini
sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/$PHPVERSION/cli/php.ini
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Paris/" /etc/php/$PHPVERSION/cli/php.ini
## sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/$PHPVERSION/cli/php.ini # Bug if not using ssl
sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Paris/" /etc/php/$PHPVERSION/fpm/php.ini
## sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/$PHPVERSION/fpm/php.ini # Bug if not using ssl
sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/$PHPVERSION/fpm/php.ini
sed -i "s/;emergency_restart_threshold =.*/emergency_restart_threshold = 10/" /etc/php/$PHPVERSION/fpm/php-fpm.conf
sed -i "s/;emergency_restart_interval =.*/emergency_restart_interval = 1m/" /etc/php/$PHPVERSION/fpm/php-fpm.conf
sed -i "s/;process_control_timeout =.*/process_control_timeout = 10s/" /etc/php/$PHPVERSION/fpm/php-fpm.conf
sed -i "s/09,39.*/# &/" /etc/cron.d/php
(crontab -l ; echo "09,39 * * * * /usr/lib/php/sessionclean 2>&1") | crontab -u root -
cp /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak
sed -i "s/rights\=\"none\" pattern\=\"PS\"/rights\=\"read\|write\" pattern\=\"PS\"/" /etc/ImageMagick-6/policy.xml
sed -i "s/rights\=\"none\" pattern\=\"EPI\"/rights\=\"read\|write\" pattern\=\"EPI\"/" /etc/ImageMagick-6/policy.xml
sed -i "s/rights\=\"none\" pattern\=\"PDF\"/rights\=\"read\|write\" pattern\=\"PDF\"/" /etc/ImageMagick-6/policy.xml
sed -i "s/rights\=\"none\" pattern\=\"XPS\"/rights\=\"read\|write\" pattern\=\"XPS\"/" /etc/ImageMagick-6/policy.xml
service php$PHPVERSION-fpm restart && service nginx restart

79
.install/nextcloud/templates/my.cnf

@ -0,0 +1,79 @@
[client]
default-character-set = utf8mb4
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld_safe]
log_error=/var/log/mysql/mysql_error.log
nice = 0
socket = /var/run/mysqld/mysqld.sock
[mysqld]
basedir = /usr
bind-address = 127.0.0.1
binlog_format = ROW
bulk_insert_buffer_size = 16M
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
concurrent_insert = 2
connect_timeout = 5
datadir = /var/lib/mysql
default_storage_engine = InnoDB
expire_logs_days = 10
general_log_file = /var/log/mysql/mysql.log
general_log = 0
innodb_buffer_pool_size = 1024M
innodb_buffer_pool_instances = 1
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 32M
innodb_max_dirty_pages_pct = 90
innodb_large_prefix = on
innodb_file_format = barracuda
innodb_file_per_table = 1
innodb_open_files = 400
innodb_io_capacity = 4000
innodb_flush_method = O_DIRECT
key_buffer_size = 128M
lc_messages_dir = /usr/share/mysql
lc_messages = en_US
log_bin = /var/log/mysql/mariadb-bin
log_bin_index = /var/log/mysql/mariadb-bin.index
log_error=/var/log/mysql/mysql_error.log
log_slow_verbosity = query_plan
log_warnings = 2
long_query_time = 1
max_allowed_packet = 16M
max_binlog_size = 100M
max_connections = 200
max_heap_table_size = 64M
myisam_recover_options = BACKUP
myisam_sort_buffer_size = 512M
port = 3306
pid-file = /var/run/mysqld/mysqld.pid
query_cache_limit = 2M
query_cache_size = 64M
query_cache_type = 1
query_cache_min_res_unit = 2k
read_buffer_size = 2M
read_rnd_buffer_size = 1M
skip-external-locking
skip-name-resolve
slow_query_log_file = /var/log/mysql/mariadb-slow.log
slow-query-log = 1
socket = /var/run/mysqld/mysqld.sock
sort_buffer_size = 4M
table_open_cache = 400
thread_cache_size = 128
tmp_table_size = 64M
tmpdir = /tmp
transaction_isolation = READ-COMMITTED
user = mysql
wait_timeout = 600
[mysqldump]
max_allowed_packet = 16M
quick
quote-names
[isamchk]
key_buffer = 16M

10
.install/nextcloud/templates/nc_optimize.sh

@ -0,0 +1,10 @@
#!/bin/bash
redis-cli -s /var/run/redis/redis-server.sock <<EOF
FLUSHALL
quit
EOF
sudo -u www-data php /var/www/nextcloud/occ files:scan --all
sudo -u www-data php /var/www/nextcloud/occ files:scan-app-data
exit 0

149
.install/nextcloud/templates/nextcloud.conf

@ -0,0 +1,149 @@
upstream php-handler {
server unix:/var/run/php/php_PHPVERSION-fpm.sock;
}
server {
listen NC_PORT;
listen 443;
listen [::]:443 ssl;
server_name NC_DOMAIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
set_real_ip_from 192.168.9.1;
set_real_ip_from 192.168.9.6;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
add_header X-Frame-Options "SAMEORIGIN";
# Path to the root of your installation
root /var/www/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 https://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 https://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
location ^~ /apps/rainloop/app/data {
deny all;
}
location ~ \.(?:flv|mp4|mov|m4a)$ {
# mp4;
# mp4_buffer_size 100M;
# mp4_max_buffer_size 1024M;
fastcgi_split_path_info ^(.+?.php)(\/.*|)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
}
location ~ ^\/nextcloud/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
}

6
.install/nextcloud/templates/occ

@ -0,0 +1,6 @@
#/bin/bash
sudo -u www-data php /var/www/nextcloud/occ $@
exit 0

17
.install/nextcloud/templates/optimization.conf

@ -0,0 +1,17 @@
fastcgi_hide_header X-Powered-By;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_connect_timeout 3600;
fastcgi_buffers 64 64K;
fastcgi_buffer_size 256k;
fastcgi_busy_buffers_size 3840K;
fastcgi_cache_key $http_cookie$request_method$host$request_uri;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
gzip_disable "MSIE [1-6]\.";

8
.install/nextcloud/templates/permissions.sh

@ -0,0 +1,8 @@
#!/bin/bash
find /var/www/ -type f -print0 | xargs -0 chmod 0640
find /var/www/ -type d -print0 | xargs -0 chmod 0750
chown -R www-data:www-data /var/www/
chown -R www-data:www-data /var/nextcloud/
chmod 0644 /var/www/nextcloud/.htaccess
chmod 0644 /var/www/nextcloud/.user.ini
exit 0

9
.install/nextcloud/templates/php_optimization.conf

@ -0,0 +1,9 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_cache_valid 404 1m;
fastcgi_cache_valid any 1h;
fastcgi_cache_methods GET HEAD;

16
.install/nextcloud/templates/ssl.conf

@ -0,0 +1,16 @@
ssl_session_timeout 4h;
ssl_session_cache shared:SSL:50m;