From 83f064cae0ca23d938b6c2375e41564a1d140e96 Mon Sep 17 00:00:00 2001 From: Mark J Crane Date: Sat, 25 Mar 2017 11:41:47 -0600 Subject: [PATCH] Start the FreeBSD install script (not ready) --- freebsd/install.sh | 57 +++++ freebsd/resources/arguments.sh | 48 +++++ freebsd/resources/backup/fusionpbx-backup.sh | 27 +++ freebsd/resources/colors.sh | 25 +++ freebsd/resources/config.sh | 18 ++ freebsd/resources/environment.sh | 79 +++++++ freebsd/resources/fail2ban.sh | 37 ++++ .../resources/fail2ban/freeswitch-404.conf | 27 +++ .../resources/fail2ban/freeswitch-dos.conf | 21 ++ freebsd/resources/fail2ban/freeswitch-ip.conf | 20 ++ freebsd/resources/fail2ban/freeswitch.conf | 18 ++ freebsd/resources/fail2ban/fusionpbx.conf | 25 +++ freebsd/resources/fail2ban/nginx-404.conf | 5 + freebsd/resources/fail2ban/nginx-dos.conf | 14 ++ freebsd/resources/finish.sh | 116 ++++++++++ freebsd/resources/fusionpbx.sh | 31 +++ freebsd/resources/fusionpbx/config.php | 45 ++++ freebsd/resources/fusionpbx/fusionpbx | 201 ++++++++++++++++++ freebsd/resources/nginx.sh | 79 +++++++ freebsd/resources/pf.sh | 13 ++ freebsd/resources/php.sh | 36 ++++ freebsd/resources/postgres.sh | 77 +++++++ freebsd/resources/sngrep.sh | 25 +++ freebsd/resources/switch.sh | 49 +++++ freebsd/resources/switch/conf-copy.sh | 3 + freebsd/resources/switch/source-master.sh | 40 ++++ .../resources/switch/source-permissions.sh | 6 + freebsd/resources/switch/source-release.sh | 56 +++++ freebsd/resources/switch/source-systemd.sh | 5 + freebsd/resources/switch/source-to-package.sh | 24 +++ 30 files changed, 1227 insertions(+) create mode 100755 freebsd/install.sh create mode 100755 freebsd/resources/arguments.sh create mode 100755 freebsd/resources/backup/fusionpbx-backup.sh create mode 100755 freebsd/resources/colors.sh create mode 100755 freebsd/resources/config.sh create mode 100755 freebsd/resources/environment.sh create mode 100755 freebsd/resources/fail2ban.sh create mode 100755 freebsd/resources/fail2ban/freeswitch-404.conf create mode 100755 freebsd/resources/fail2ban/freeswitch-dos.conf create mode 100755 freebsd/resources/fail2ban/freeswitch-ip.conf create mode 100755 freebsd/resources/fail2ban/freeswitch.conf create mode 100755 freebsd/resources/fail2ban/fusionpbx.conf create mode 100755 freebsd/resources/fail2ban/nginx-404.conf create mode 100755 freebsd/resources/fail2ban/nginx-dos.conf create mode 100755 freebsd/resources/finish.sh create mode 100755 freebsd/resources/fusionpbx.sh create mode 100755 freebsd/resources/fusionpbx/config.php create mode 100755 freebsd/resources/fusionpbx/fusionpbx create mode 100755 freebsd/resources/nginx.sh create mode 100755 freebsd/resources/pf.sh create mode 100755 freebsd/resources/php.sh create mode 100755 freebsd/resources/postgres.sh create mode 100755 freebsd/resources/sngrep.sh create mode 100755 freebsd/resources/switch.sh create mode 100755 freebsd/resources/switch/conf-copy.sh create mode 100755 freebsd/resources/switch/source-master.sh create mode 100755 freebsd/resources/switch/source-permissions.sh create mode 100755 freebsd/resources/switch/source-release.sh create mode 100755 freebsd/resources/switch/source-systemd.sh create mode 100755 freebsd/resources/switch/source-to-package.sh diff --git a/freebsd/install.sh b/freebsd/install.sh new file mode 100755 index 0000000..795356c --- /dev/null +++ b/freebsd/install.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./resources/config.sh +. ./resources/colors.sh +. ./resources/environment.sh + +# removes the cd img from the /etc/apt/sources.list file (not needed after base install) +sed -i '/cdrom:/d' /etc/apt/sources.list + +#Update to latest packages +verbose "Update installed packages" +apt-get upgrade && apt-get update -y --force-yes + +#Add dependencies +apt-get install -y lsb-release + +#IPTables +resources/iptables.sh + +#FusionPBX +resources/fusionpbx.sh + +#NGINX web server +resources/nginx.sh + +#PHP +resources/php.sh + +#Fail2ban +resources/fail2ban.sh + +#FreeSWITCH +resources/switch.sh + +#Postgres +resources/postgres.sh + +#set the ip address +server_address=$(hostname -I) + +#restart services +systemctl daemon-reload +if [ ."$php_version" = ."5" ]; then + systemctl restart php5-fpm +fi +if [ ."$php_version" = ."7" ]; then + systemctl restart php7.0-fpm +fi +systemctl restart nginx +systemctl restart fail2ban + +#add the database schema, user and groups +resources/finish.sh diff --git a/freebsd/resources/arguments.sh b/freebsd/resources/arguments.sh new file mode 100755 index 0000000..a8a2fae --- /dev/null +++ b/freebsd/resources/arguments.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +#Process command line options only if we haven't been processed once +if [ -z "$CPU_CHECK" ]; then + export script_name=`basename "$0"` + ARGS=$(getopt -n '$script_name' -o h -l help,use-switch-source,use-switch-package-all,use-switch-master,use-switch-package-unofficial-arm,use-php5-package,use-system-master,no-cpu-check -- "$@") + + if [ $? -ne 0 ]; then + error "Failed parsing options." + exit 1 + fi + + export USE_SWITCH_SOURCE=false + export USE_SWITCH_PACKAGE_ALL=false + export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=false + export USE_PHP5_PACKAGE=false + export USE_SWITCH_MASTER=false + export USE_SYSTEM_MASTER=false + export CPU_CHECK=true + HELP=false + + while true; do + case "$1" in + --use-switch-source ) export USE_SWITCH_SOURCE=true; shift ;; + --use-switch-package-all ) export USE_SWITCH_PACKAGE_ALL=true; shift ;; + --use-switch-master ) export USE_SWITCH_MASTER=true; shift ;; + --use-system-master ) export USE_SYSTEM_MASTER=true; shift ;; + --use-php5-package ) export USE_PHP5_PACKAGE=true; shift ;; + --use-switch-package-unofficial-arm ) export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=true; export USE_PHP5_PACKAGE=true; shift ;; + --no-cpu-check ) export CPU_CHECK=false; shift ;; + -h | --help ) HELP=true; shift ;; + -- ) shift; break ;; + * ) break ;; + esac + done + + if [ .$HELP = .true ]; then + warning "Debian installer script" + warning " --use-switch-source will use freeswitch from source rather than ${green}(default:packages)" + warning " --use-switch-package-all if using packages use the meta-all package" + warning " --use-switch-package-unofficial-arm if your system is arm and you are using packages, use the unofficial arm repo and force php5* packages" + warning " --use-php5-package use php5* packages instead of ${green}(default:php7.0)" + warning " --use-switch-master will use master branch/packages for the switch instead of ${green}(default:stable)" + warning " --use-system-master will use master branch/packages for the system instead of ${green}(default:stable)" + warning " --no-cpu-check disable the cpu check ${green}(default:check)" + exit; + fi +fi \ No newline at end of file diff --git a/freebsd/resources/backup/fusionpbx-backup.sh b/freebsd/resources/backup/fusionpbx-backup.sh new file mode 100755 index 0000000..68625f7 --- /dev/null +++ b/freebsd/resources/backup/fusionpbx-backup.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +export PGPASSWORD="zzz" +db_host=127.0.0.1 +db_port=5432 + +now=$(date +%Y-%m-%d) +mkdir -p /var/backups/fusionpbx/postgresql + +echo "Backup Started" + +#delete postgres backups +find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \; + +#delete the main backup +find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm {} \; + +#backup the database +pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql + +#package +tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch + +#source +#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf + +echo "Backup Completed" diff --git a/freebsd/resources/colors.sh b/freebsd/resources/colors.sh new file mode 100755 index 0000000..499a17b --- /dev/null +++ b/freebsd/resources/colors.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +verbose () { + echo "${green}$1${normal}" +} +error () { + echo "${red}$1${normal}" + } +warning () { + echo "${yellow}$1${normal}" +} + +# check for color support +if test -t 1; then + + # see if it supports colors... + ncolors=$(tput colors) + + if test -n "$ncolors" && test $ncolors -ge 8; then + normal="$(tput sgr0)" + red="$(tput setaf 1)" + green="$(tput setaf 2)" + yellow="$(tput setaf 3)" + fi +fi diff --git a/freebsd/resources/config.sh b/freebsd/resources/config.sh new file mode 100755 index 0000000..f146072 --- /dev/null +++ b/freebsd/resources/config.sh @@ -0,0 +1,18 @@ + +# FusionPBX Settings +system_username=admin # default username admin +system_password=random # random or as a pre-set value +system_branch=stable # master, stable + +# FreeSWITCH Settings +switch_branch=stable # master, stable +switch_source=false # true or false +switch_package=true # true or false + +# Database Settings +database_password=random # random or as a pre-set value +database_repo=official # PostgresSQL official, system, 2ndquadrant +database_backup=false # true or false + +# General Settings +php_version=5 # PHP version 5 or 7 diff --git a/freebsd/resources/environment.sh b/freebsd/resources/environment.sh new file mode 100755 index 0000000..5ec856b --- /dev/null +++ b/freebsd/resources/environment.sh @@ -0,0 +1,79 @@ +#!/bin/sh + +#operating system details +os_name=$(lsb_release -is) +os_codename=$(lsb_release -cs) +os_mode='unknown' + +#cpu details +cpu_name=$(uname -m) +cpu_architecture='unknown' +cpu_mode='unknown' + +if [ .$cpu_name = .'armv7l' ]; then + # RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time + os_mode='32' + cpu_mode='32' + cpu_architecture='arm' +elif [ .$cpu_name = .'armv8l' ]; then + # No test case for armv8l + os_mode='unknown' + cpu_mode='64' + cpu_architecture='arm' +elif [ .$cpu_name = .'i386' ]; then + os_mode='32' + if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then + cpu_mode='64' + else + cpu_mode='32' + fi + cpu_architecture='x86' +elif [ .$cpu_name = .'i686' ]; then + os_mode='32' + if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then + cpu_mode='64' + else + cpu_mode='32' + fi + cpu_architecture='x86' +elif [ .$cpu_name = .'x86_64' ]; then + os_mode='64' + if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then + cpu_mode='64' + else + cpu_mode='32' + fi + cpu_architecture='x86' +fi + +if [ .$cpu_architecture = .'arm' ]; then + if [ .$os_mode = .'32' ]; then + verbose "Correct CPU and Operating System detected, using the ARM repo" + elif [ .$os_mode = .'64' ]; then + error "You are using a 64bit arm OS this is unsupported" + switch_source=true + switch_package=false + else + error "Unknown OS mode $os_mode this is unsupported" + switch_source=true + switch_package=false + fi +elif [ .$cpu_architecture = .'x86' ]; then + if [ .$os_mode = .'32' ]; then + error "You are using a 32bit OS this is unsupported" + if [ .$cpu_mode = .'64' ]; then + warning " Your CPU is 64bit you should consider reinstalling with a 64bit OS" + fi + switch_source=true + switch_package=false + elif [ .$os_mode = .'64' ]; then + verbose "Correct CPU and Operating System detected" + else + error "Unknown Operating System mode $os_mode is unsupported" + switch_source=true + switch_package=false + fi +else + error "You are using a unsupported architecture $cpu_architecture" + exit 3 +fi diff --git a/freebsd/resources/fail2ban.sh b/freebsd/resources/fail2ban.sh new file mode 100755 index 0000000..c673734 --- /dev/null +++ b/freebsd/resources/fail2ban.sh @@ -0,0 +1,37 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Installing Fail2ban" + +#add the dependencies +apt-get install -y --force-yes fail2ban + +#move the filters +cp fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf +cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf +cp fail2ban/freeswitch-404.conf /etc/fail2ban/filter.d/freeswitch-404.conf +cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf +cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf +cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf +cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf +cp fail2ban/jail.local /etc/fail2ban/jail.local + +#update config if source is being used +if [ .$switch_source = .true ]; then + sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local +fi + +#restart fail2ban +#systemd +/bin/systemctl restart fail2ban + +#init.d +#/usr/sbin/service fail2ban restart diff --git a/freebsd/resources/fail2ban/freeswitch-404.conf b/freebsd/resources/fail2ban/freeswitch-404.conf new file mode 100755 index 0000000..ada405c --- /dev/null +++ b/freebsd/resources/fail2ban/freeswitch-404.conf @@ -0,0 +1,27 @@ +# Fail2Ban configuration file +# inbound route - 404 not found + + +[Definition] + + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#failregex = [hostname] FusionPBX: \[\] authentication failed +#[hostname] variable doesn't seem to work in every case. Do this instead: +failregex = 404 not found + + +#EXECUTE sofia/external/8888888888888@example.fusionpbx.com log([inbound routes] 404 not found 82.68.115.62) + + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/freebsd/resources/fail2ban/freeswitch-dos.conf b/freebsd/resources/fail2ban/freeswitch-dos.conf new file mode 100755 index 0000000..3407183 --- /dev/null +++ b/freebsd/resources/fail2ban/freeswitch-dos.conf @@ -0,0 +1,21 @@ +# Fail2Ban configuration file +# +# Author: soapee01 +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/freebsd/resources/fail2ban/freeswitch-ip.conf b/freebsd/resources/fail2ban/freeswitch-ip.conf new file mode 100755 index 0000000..3fee3b6 --- /dev/null +++ b/freebsd/resources/fail2ban/freeswitch-ip.conf @@ -0,0 +1,20 @@ +# Fail2Ban configuration file +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#2014-12-01 00:47:54.331821 [WARNING] sofia_reg.c:2752 Can't find user [1000@xxx.xxx.xxx.xxx] from 62.210.151.162 +failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/freebsd/resources/fail2ban/freeswitch.conf b/freebsd/resources/fail2ban/freeswitch.conf new file mode 100755 index 0000000..b187b49 --- /dev/null +++ b/freebsd/resources/fail2ban/freeswitch.conf @@ -0,0 +1,18 @@ +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip + \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = + diff --git a/freebsd/resources/fail2ban/fusionpbx.conf b/freebsd/resources/fail2ban/fusionpbx.conf new file mode 100755 index 0000000..ff1b5c9 --- /dev/null +++ b/freebsd/resources/fail2ban/fusionpbx.conf @@ -0,0 +1,25 @@ +# Fail2Ban configuration file +# +# Author: soapee01 +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# Values: TEXT +# +#failregex = [hostname] FusionPBX: \[\] authentication failed +#[hostname] variable doesn't seem to work in every case. Do this instead: +failregex = .* FusionPBX: \[\] authentication failed for + = .* FusionPBX: \[\] provision attempt bad password for + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = + diff --git a/freebsd/resources/fail2ban/nginx-404.conf b/freebsd/resources/fail2ban/nginx-404.conf new file mode 100755 index 0000000..f121f41 --- /dev/null +++ b/freebsd/resources/fail2ban/nginx-404.conf @@ -0,0 +1,5 @@ +# Fail2Ban configuration file +# +[Definition] +failregex = - - \[.*\] "(GET|POST).*HTTP[^ ]* 404 +ignoreregex = diff --git a/freebsd/resources/fail2ban/nginx-dos.conf b/freebsd/resources/fail2ban/nginx-dos.conf new file mode 100755 index 0000000..6e2cd23 --- /dev/null +++ b/freebsd/resources/fail2ban/nginx-dos.conf @@ -0,0 +1,14 @@ +# Fail2Ban configuration file + +[Definition] +# Option: failregex +# Notes.: Regexp to catch a generic call from an IP address. +# Values: TEXT +# +failregex = ^ -.*"(GET|POST).*HTTP.*"$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/freebsd/resources/finish.sh b/freebsd/resources/finish.sh new file mode 100755 index 0000000..68cec8b --- /dev/null +++ b/freebsd/resources/finish.sh @@ -0,0 +1,116 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#database details +database_host=127.0.0.1 +database_port=5432 +database_username=fusionpbx +if [ .$database_password = .'random' ]; then + database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g') +fi + +#allow the script to use the new password +export PGPASSWORD=$database_password + +#update the database password +sudo -u postgres psql -c "ALTER USER fusionpbx WITH PASSWORD '$database_password';" +sudo -u postgres psql -c "ALTER USER freeswitch WITH PASSWORD '$database_password';" + +#add the config.php +mkdir -p /etc/fusionpbx +chown -R www-data:www-data /etc/fusionpbx +cp fusionpbx/config.php /etc/fusionpbx +sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:' +sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:" + +#add the database schema +cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1 + +#get the server hostname +#domain_name=$(hostname -f) + +#get the ip address +domain_name=$(hostname -I | cut -d ' ' -f1) + +#get a domain_uuid +domain_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); + +#add the domain name +psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');" + +#app defaults +cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php + +#add the user +user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); +user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); +user_name=$system_username +if [ .$system_password = .'random' ]; then + user_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g') +else + user_password=$system_password +fi +password_hash=$(php -r "echo md5('$user_salt$user_password');"); +psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');" + +#get the superadmin group_uuid +group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -t -c "select group_uuid from v_groups where group_name = 'superadmin';"); +group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//') + +#add the user to the group +group_user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php); +group_name=superadmin +psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_group_users (group_user_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$group_user_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');" + +#update xml_cdr url, user and password +xml_cdr_username=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g') +xml_cdr_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g') +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:127.0.0.1:" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:" +sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:" + +#app defaults +cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php + +#restart freeswitch +/bin/systemctl daemon-reload +/bin/systemctl restart freeswitch + +#welcome message +echo "" +echo "" +verbose "Installation has completed." +echo "" +echo " Use a web browser to login." +echo " domain name: https://$domain_name" +echo " username: $user_name" +echo " password: $user_password" +echo "" +echo " The domain name in the browser is used by default as part of the authentication." +echo " If you need to login to a different domain then use username@domain." +echo " username: $user_name@$domain_name"; +echo "" +echo " Official FusionPBX Training" +echo " Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com." +echo " Admin Training 27 - 28 March (2 Days)" +echo " Advanced Training 29 - 30 March (2 Days)" +echo " Timezone: https://www.timeanddate.com/worldclock/usa/boise" +echo " Available online and in person. Includes documentation and recording." +echo "" +echo " Additional information." +echo " https://fusionpbx.com/support.php" +echo " https://www.fusionpbx.com" +echo " http://docs.fusionpbx.com" +echo "" + + + diff --git a/freebsd/resources/fusionpbx.sh b/freebsd/resources/fusionpbx.sh new file mode 100755 index 0000000..3d880c6 --- /dev/null +++ b/freebsd/resources/fusionpbx.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Installing FusionPBX" + +#install dependencies +apt-get install -y --force-yes vim git dbus haveged ssl-cert +apt-get install -y --force-yes ghostscript libtiff5-dev libtiff-tools + +if [ .$system_branch = "master" ]; then + verbose "Using master" + branch="" +else + system_major=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1) + system_minor=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $system_major.* | cut -d/ -f3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2) + system_version=$system_major.$system_minor + verbose "Using version $system_version" + branch="-b $system_version" +fi + +#get the source code +git clone $branch https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx +chown -R www-data:www-data /var/www/fusionpbx +chmod -R 755 /var/www/fusionpbx/secure diff --git a/freebsd/resources/fusionpbx/config.php b/freebsd/resources/fusionpbx/config.php new file mode 100755 index 0000000..22776fb --- /dev/null +++ b/freebsd/resources/fusionpbx/config.php @@ -0,0 +1,45 @@ + + Portions created by the Initial Developer are Copyright (C) 2008-2016 + the Initial Developer. All Rights Reserved. + + Contributor(s): + Mark J Crane +*/ + +//set the database type + $db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection + +//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here. + //$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename + //$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable + +//pgsql: database connection information + $db_host = 'localhost'; //set the host only if the database is not local + $db_port = '5432'; + $db_name = 'fusionpbx'; + $db_username = '{database_username}'; + $db_password = '{database_password}'; + +//show errors + ini_set('display_errors', '1'); + //error_reporting (E_ALL); // Report everything + //error_reporting (E_ALL ^ E_NOTICE); // hide notices + error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings diff --git a/freebsd/resources/fusionpbx/fusionpbx b/freebsd/resources/fusionpbx/fusionpbx new file mode 100755 index 0000000..6218dd4 --- /dev/null +++ b/freebsd/resources/fusionpbx/fusionpbx @@ -0,0 +1,201 @@ + +server{ + listen 127.0.0.1:80; + server_name 127.0.0.1; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 80M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Disable viewing .htaccess & .htpassword & .db + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } +} + +server { + listen 80; + server_name fusionpbx; + if ($uri !~* ^.*provision.*$) { + rewrite ^(.*) https://$host$1 permanent; + break; + } + + #REST api + if ($uri ~* ^.*/api/.*$) { + rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last; + break; + } + + #algo + rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last; + + #mitel + rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last; + rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last; + + #grandstream + rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1; + + #aastra + rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg; + #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last; + + #yealink common + rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg; + + #yealink mac + rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last; + + #polycom + rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg"; + #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2; + rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg"; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml"; + + #cisco + rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last; + + #Escene + rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last; + rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 80M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Disable viewing .htaccess & .htpassword & .db + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } +} + +server { + listen 443; + server_name fusionpbx; + ssl on; + ssl_certificate /etc/ssl/certs/nginx.crt; + ssl_certificate_key /etc/ssl/private/nginx.key; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!ADH:!MD5:!aNULL; + + #letsencrypt + location /.well-known/acme-challenge { + root /var/www/letsencrypt; + } + + #REST api + if ($uri ~* ^.*/api/.*$) { + rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last; + break; + } + + #algo + rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last; + + #mitel + rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last; + rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last; + + #grandstriam + rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1; + + #aastra + rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg; + #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last; + + #yealink common + rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg; + + #yealink mac + rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last; + + #polycom + rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg"; + #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2; + rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1; + rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg"; + + #cisco + rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last; + + #Escene + rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last; + rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 80M; + client_body_buffer_size 128k; + + location / { + root /var/www/fusionpbx; + index index.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name; + } + + # Disable viewing .htaccess & .htpassword & .db + location ~ .htaccess { + deny all; + } + location ~ .htpassword { + deny all; + } + location ~^.+.(db)$ { + deny all; + } +} diff --git a/freebsd/resources/nginx.sh b/freebsd/resources/nginx.sh new file mode 100755 index 0000000..f0c51a0 --- /dev/null +++ b/freebsd/resources/nginx.sh @@ -0,0 +1,79 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +verbose "Installing the web server" + +#if [ ."$cpu_architecture" = ."arm" ]; then + #9.x - */stretch/ + #8.x - */jessie/ +#fi +if [ ."$php_version" = ."5" ]; then + #verbose "Switching forcefully to php5* packages" + which add-apt-repository || apt-get install -y software-properties-common + #LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php + #LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php5-compat +elif [ ."$os_name" = ."Ubuntu" ]; then + #16.10.x - */yakkety/ + #16.04.x - */xenial/ + #14.04.x - */trusty/ + if [ ."$os_codename" = ."trusty" ]; then + which add-apt-repository || apt-get install -y software-properties-common + LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php + fi +else + #9.x - */stretch/ + #8.x - */jessie/ + if [ ."$os_codename" = ."jessie" ]; then + echo "deb http://packages.dotdeb.org $os_codename all" > /etc/apt/sources.list.d/dotdeb.list + echo "deb-src http://packages.dotdeb.org $os_codename all" >> /etc/apt/sources.list.d/dotdeb.list + wget -O - https://www.dotdeb.org/dotdeb.gpg | apt-key add - + fi +fi +apt-get update + +#use php version 5 for arm +if [ .$cpu_architecture = .'arm' ]; then + php_version=5 +fi + +#install dependencies +apt-get install -y nginx +if [ ."$php_version" = ."5" ]; then + apt-get install -y php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-mcrypt +fi +if [ ."$php_version" = ."7" ]; then + apt-get install -y php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-mcrypt php7.0-xml +fi + +#enable fusionpbx nginx config +cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx + +#prepare socket name +if [ ."$php_version" = ."5" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g' +fi +if [ ."$php_version" = ."7" ]; then + sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g' +fi +ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx + +#self signed certificate +ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key +ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt + +#remove the default site +rm /etc/nginx/sites-enabled/default + +#add the letsencrypt directory +mkdir -p /var/www/letsencrypt/ + +#restart nginx +service nginx restart diff --git a/freebsd/resources/pf.sh b/freebsd/resources/pf.sh new file mode 100755 index 0000000..73c4586 --- /dev/null +++ b/freebsd/resources/pf.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +. ./config.sh +. ./colors.sh + +#send a message +verbose "Configuring IPTables" + +#run iptables commands + diff --git a/freebsd/resources/php.sh b/freebsd/resources/php.sh new file mode 100755 index 0000000..3427f80 --- /dev/null +++ b/freebsd/resources/php.sh @@ -0,0 +1,36 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh + +#send a message +verbose "Configuring PHP" + +#update config if source is being used +if [ ."$php_version" = ."5" ]; then + verbose "version 5.x" + php_ini_file='/etc/php5/fpm/php.ini' +fi +if [ ."$php_version" = ."7" ]; then + verbose "version 7.0" + php_ini_file='/etc/php/7.0/fpm/php.ini' +fi +sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file +sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file + +#restart php-fpm +#systemd +if [ ."$php_version" = ."5" ]; then + systemctl restart php5-fpm +fi +if [ ."$php_version" = ."7" ]; then + systemctl restart php7.0-fpm +fi + +#init.d +#/usr/sbin/service php5-fpm restart +#/usr/sbin/service php7.0-fpm restart diff --git a/freebsd/resources/postgres.sh b/freebsd/resources/postgres.sh new file mode 100755 index 0000000..25705df --- /dev/null +++ b/freebsd/resources/postgres.sh @@ -0,0 +1,77 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#send a message +echo "Install PostgreSQL" + +#generate a random password +password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64) + +#install message +echo "Install PostgreSQL and create the database and users\n" + +#use the system database repo for arm +if [ .$cpu_architecture = .'arm' ]; then + database_repo="system" +fi + +#included in the distribution +if [ ."$database_repo" = ."system" ]; then + apt-get install -y --force-yes sudo postgresql +fi + +#postgres official repository +if [ ."$database_repo" = ."official" ]; then + echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' > /etc/apt/sources.list.d/pgdg.list + wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - + apt-get update && apt-get upgrade -y + apt-get install -y --force-yes sudo postgresql +fi + +#Add PostgreSQL and BDR REPO +if [ ."$database_repo" = ."2ndquadrant" ]; then + echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' >> /etc/apt/sources.list.d/postgresql.list + echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' >> /etc/apt/sources.list.d/2ndquadrant.list + /usr/bin/wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add - + /usr/bin/wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add - + apt-get update && apt-get upgrade -y + apt-get install -y --force-yes sudo postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4 +fi + +#systemd +systemctl daemon-reload +systemctl restart postgresql + +#init.d +#/usr/sbin/service postgresql restart + +#install the database backup +cp backup/fusionpbx-backup.sh /etc/cron.daily +chmod 755 /etc/cron.daily/fusionpbx-backup.sh +sed -i "s/zzz/$password/g" /etc/cron.daily/fusionpbx-backup.sh + +#move to /tmp to prevent a red herring error when running sudo with psql +cwd=$(pwd) +cd /tmp +#add the databases, users and grant permissions to them +sudo -u postgres psql -d fusionpbx -c "DROP SCHEMA public cascade;"; +sudo -u postgres psql -d fusionpbx -c "CREATE SCHEMA public;"; +sudo -u postgres psql -c "CREATE DATABASE fusionpbx;"; +sudo -u postgres psql -c "CREATE DATABASE freeswitch;"; +sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$password';" +sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;" +#ALTER USER fusionpbx WITH PASSWORD 'newpassword'; +cd $cwd + +#set the ip address +#server_address=$(hostname -I) diff --git a/freebsd/resources/sngrep.sh b/freebsd/resources/sngrep.sh new file mode 100755 index 0000000..bc24569 --- /dev/null +++ b/freebsd/resources/sngrep.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh +. ./colors.sh +. ./environment.sh + +#add sngrep +if [ ."$cpu_architecture" = ."arm" ]; then + #source install + apt-get install -y --force-yes git autoconf automake gcc make libncurses5-dev libpcap-dev libssl-dev libpcre3-dev + cd /usr/src && git clone https://github.com/irontec/sngrep + cd /usr/src/sngrep && ./bootstrap.sh + cd /usr/src/sngrep && ./configure + cd /usr/src/sngrep && make install +else + #package install + echo 'deb http://packages.irontec.com/debian jessie main' > /etc/apt/sources.list.d/sngrep.list + wget http://packages.irontec.com/public.key -q -O - | apt-key add - + apt-get update + apt-get install sngrep +fi diff --git a/freebsd/resources/switch.sh b/freebsd/resources/switch.sh new file mode 100755 index 0000000..a7d47f1 --- /dev/null +++ b/freebsd/resources/switch.sh @@ -0,0 +1,49 @@ +#!/bin/sh + +#move to script directory so all relative paths work +cd "$(dirname "$0")" + +#includes +. ./config.sh + +if [ .$switch_source = .true ]; then + if [ ."$switch_branch" = "master" ]; then + switch/source-master.sh + else + switch/source-release.sh + fi + + #copy the switch conf files to /etc/freeswitch + switch/conf-copy.sh + + #set the file permissions + switch/source-permissions.sh + + #systemd service + switch/source-systemd.sh +fi + +if [ .$switch_package = .true ]; then + if [ ."$switch_branch" = "master" ]; then + if [ .$switch_package_all = .true ]; then + switch/package-master-all.sh + else + switch/package-master.sh + fi + else + if [ .$switch_package_all = .true ]; then + switch/package-all.sh + else + switch/package-release.sh + fi + fi + + #copy the switch conf files to /etc/freeswitch + switch/conf-copy.sh + + #set the file permissions + switch/package-permissions.sh + + #systemd service + switch/package-systemd.sh +fi diff --git a/freebsd/resources/switch/conf-copy.sh b/freebsd/resources/switch/conf-copy.sh new file mode 100755 index 0000000..8d910a8 --- /dev/null +++ b/freebsd/resources/switch/conf-copy.sh @@ -0,0 +1,3 @@ +mv /etc/freeswitch /etc/freeswitch.orig +mkdir /etc/freeswitch +cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch diff --git a/freebsd/resources/switch/source-master.sh b/freebsd/resources/switch/source-master.sh new file mode 100755 index 0000000..d194246 --- /dev/null +++ b/freebsd/resources/switch/source-master.sh @@ -0,0 +1,40 @@ +#!/bin/sh +echo "Installing the FreeSWITCH source" +DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y --force-yes ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev +apt-get install -y --force-yes unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev + +apt-get update && apt-get install -y --force-yes ntp curl haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +apt-get update && apt-get upgrade +apt-get install -y --force-yes freeswitch-video-deps-most + +git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch +cd /usr/src/freeswitch + +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:' +./bootstrap.sh -j +#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs +./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs + +#make mod_shout-install +make +rm -rf /usr/local/freeswitch/{lib,mod,bin}/* +make install +make sounds-install moh-install +make hd-sounds-install hd-moh-install +make cd-sounds-install cd-moh-install + +#move the music into music/default directory +mkdir -p /usr/local/freeswitch/sounds/music/default +mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default + +#configure system service +ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli +cp "$(dirname $0)/source/freeswitch.service" /lib/systemd/system/freeswitch.service diff --git a/freebsd/resources/switch/source-permissions.sh b/freebsd/resources/switch/source-permissions.sh new file mode 100755 index 0000000..66c3f66 --- /dev/null +++ b/freebsd/resources/switch/source-permissions.sh @@ -0,0 +1,6 @@ +#setup owner and group, permissions and sticky +chown -R www-data:www-data /usr/local/freeswitch +chmod -R ug+rw /usr/local/freeswitch +touch /var/log/freeswitch/freeswitch.log +chown -R www-data:www-data /var/log/freeswitch +find /usr/local/freeswitch -type d -exec chmod 2770 {} \; diff --git a/freebsd/resources/switch/source-release.sh b/freebsd/resources/switch/source-release.sh new file mode 100755 index 0000000..85103a0 --- /dev/null +++ b/freebsd/resources/switch/source-release.sh @@ -0,0 +1,56 @@ +#!/bin/sh + +echo "Installing the FreeSWITCH source" +DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y --force-yes ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev +apt-get install -y --force-yes ntp unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev + +apt-get update && apt-get install -y --force-yes curl haveged +curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add - +echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list +apt-get update && apt-get upgrade +apt-get install -y --force-yes freeswitch-video-deps-most + +#we are about to move out of the executing directory so we need to preserve it to return after we are done +CWD=$(pwd) +#git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch +#git clone -b v1.6 https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch +SWITCH_MAJOR=$(git ls-remote --heads https://freeswitch.org/stash/scm/fs/freeswitch.git "v*" | cut -d/ -f 3 | grep -P '^v\d+\.\d+' | sort | tail -n 1| cut -dv -f2) +SWITCH_MINOR=$(git ls-remote --tags https://freeswitch.org/stash/scm/fs/freeswitch.git v$SWITCH_MAJOR.* | cut -d/ -f3 | cut -dv -f2 | cut -d. -f3 | sort -n | tail -n1) +SWITCH_VERSION=$SWITCH_MAJOR.$SWITCH_MINOR +echo "Using version $SWITCH_VERSION" +cd /usr/src +wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$SWITCH_VERSION.zip +unzip freeswitch-$SWITCH_VERSION.zip +rm -R freeswitch +mv freeswitch-$SWITCH_VERSION freeswitch +cd freeswitch + +#./bootstrap.sh -j +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:' +sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:' +#./configure --help +#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs +./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs +#make mod_shout-install +make +rm -rf /usr/local/freeswitch/{lib,mod,bin}/* +make install +make sounds-install moh-install +make hd-sounds-install hd-moh-install +make cd-sounds-install cd-moh-install + +#move the music into music/default directory +mkdir -p /usr/local/freeswitch/sounds/music/default +mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default + +#return to the executing directory +cd $CWD + +#configure system service +ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli +cp "$(dirname $0)/source/freeswitch.service" /lib/systemd/system/freeswitch.service +cp "$(dirname $0)/source/etc.default.freeswitch.source /etc/default/freeswitch diff --git a/freebsd/resources/switch/source-systemd.sh b/freebsd/resources/switch/source-systemd.sh new file mode 100755 index 0000000..dc34e3d --- /dev/null +++ b/freebsd/resources/switch/source-systemd.sh @@ -0,0 +1,5 @@ +cp "$(dirname $0)/source/freeswitch.service.source" /lib/systemd/system/freeswitch.service +cp "$(dirname $0)/source/etc.default.freeswitch" /etc/default/freeswitch +systemctl enable freeswitch +systemctl unmask freeswitch.service +systemctl daemon-reload diff --git a/freebsd/resources/switch/source-to-package.sh b/freebsd/resources/switch/source-to-package.sh new file mode 100755 index 0000000..332a034 --- /dev/null +++ b/freebsd/resources/switch/source-to-package.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +#make sure the etc fusionpbx directory exists +mkdir -p /etc/fusionpbx + +#remove init.d startup script +mv /etc/init.d/freeswitch /usr/src/init.d.freeswitch +update-rc.d -f freeswitch remove + +#add the the freeswitch package +$(dirname $0)/package-release.sh + +#install freeswitch systemd.d +$(dirname $0)/package-systemd.sh + +#update fail2ban +sed -i /etc/fail2ban/jail.local -e s:'/usr/local/freeswitch/log:/var/log/freeswitch:' +sytemctl restart fail2ban + +#move source files to package directories +rsync -avz /usr/local/freeswitch/conf/* /etc/freeswitch +rsync -avz /usr/local/freeswitch/recordings /var/lib/freeswitch +rsync -avz /usr/local/freeswitch/storage /var/lib/freeswitch +rsync -avz /usr/local/freeswitch/scripts /usr/share/freeswitch