re-do allow apt to perform security updates on its own
Move this into system.sh rather than anagement.sh.
This reverts commit eab28c97ff.
This commit is contained in:
Joshua Tauberer
parent
a0b056ae29
commit
03bbd25a10
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
source setup/functions.sh
|
||||
|
||||
apt_install python3-flask links duplicity libyaml-dev python3-dnspython unattended-upgrades
|
||||
apt_install python3-flask links duplicity libyaml-dev python3-dnspython
|
||||
hide_output pip3 install rtyaml
|
||||
|
||||
# Create a backup directory and a random key for encrypting backups.
|
||||
|
|
@ -21,14 +21,6 @@ rm -f /etc/init.d/mailinabox
|
|||
ln -s $(pwd)/conf/management-initscript /etc/init.d/mailinabox
|
||||
hide_output update-rc.d mailinabox defaults
|
||||
|
||||
# Allow apt to install system updates automatically every day.
|
||||
cat > /etc/apt/apt.conf.d/02periodic <<EOF;
|
||||
APT::Periodic::MaxAge "7";
|
||||
APT::Periodic::Update-Package-Lists "1";
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
||||
APT::Periodic::Verbose "1";
|
||||
EOF
|
||||
|
||||
# Perform a daily backup.
|
||||
cat > /etc/cron.daily/mailinabox-backup << EOF;
|
||||
#!/bin/bash
|
||||
|
|
|
|||
|
|
@ -11,18 +11,22 @@ hide_output apt-get -y upgrade
|
|||
# haveged: Provides extra entropy to /dev/random so it doesn't stall
|
||||
# when generating random numbers for private keys (e.g. during
|
||||
# ldns-keygen).
|
||||
# unattended-upgrades: Apt tool to install security updates automatically.
|
||||
# ntp: keeps the system time correct
|
||||
# fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
|
||||
|
||||
apt_install python3 python3-pip wget curl bind9-host haveged
|
||||
apt_install python3 python3-pip \
|
||||
wget curl bind9-host \
|
||||
haveged unattended-upgrades ntp fail2ban
|
||||
|
||||
# Turn on basic services:
|
||||
#
|
||||
# ntp: keeps the system time correct
|
||||
#
|
||||
# fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
|
||||
#
|
||||
# These services don't need further configuration and are started immediately after installation.
|
||||
# Allow apt to install system updates automatically every day.
|
||||
|
||||
apt_install ntp fail2ban
|
||||
cat > /etc/apt/apt.conf.d/02periodic <<EOF;
|
||||
APT::Periodic::MaxAge "7";
|
||||
APT::Periodic::Update-Package-Lists "1";
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
||||
APT::Periodic::Verbose "1";
|
||||
EOF
|
||||
|
||||
if [ -z "$DISABLE_FIREWALL" ]; then
|
||||
# Turn on the firewall. First allow incoming SSH, then turn on the firewall.
|
||||
|
|
|
|||
Loading…
Reference in New Issue