Add support for non-interactive install

Centralize all scripts into 'ehdd'

ehdd/create_hdd.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+source "ehdd/ehdd_funcs.sh" || exit 1
+
+if [ "$1" == "" ]; then
+    echo "usage: $0 <size-in-gb>"
+    echo -n "  hdd image location: $EHDD_IMG"
+    if [ -e "$EHDD_IMG" ]; then echo " (exists!)"; else echo ""; fi
+    exit 1
+elif [ "$1" == "-location" ]; then
+    echo "$EHDD_IMG"
+    exit 0
+elif [ "$1" == "-mountpoint" ]; then
+    echo "$EHDD_MOUNTPOINT"
+    exit 0
+fi
+
+EHDD_SIZE_GB="$1"
+
+
+if [ ! -e "$EHDD_IMG" ]; then
+    echo "Creating ${EHDD_SIZE_GB}G encryped drive: $EHDD_IMG"
+    let count="$EHDD_SIZE_GB * 1024"
+    [ $count -eq 0 ] && echo "Invalid size" && exit 1
+    apt-get -q=2 -y install cryptsetup || exit 1
+    dd if=/dev/zero of="$EHDD_IMG" bs=1M count=$count || exit 1
+    loop=$(find_unused_loop)
+    losetup $loop "$EHDD_IMG" || exit 1
+    if ! cryptsetup luksFormat $(keyfile_option) --batch-mode -i 15000 $loop; then
+        losetup -d $loop
+        rm -f "$EHDD_IMG"
+        exit 1
+    fi
+    echo ""
+    echo "NOTE: You will need to reenter your drive encryption password"
+    cryptsetup luksOpen $(keyfile_option) $loop $EHDD_LUKS_NAME  # map device to /dev/mapper/NAME
+    mke2fs -j /dev/mapper/$EHDD_LUKS_NAME
+    cryptsetup luksClose $EHDD_LUKS_NAME
+    losetup -d $loop
+else
+    echo "ERROR: $EHDD_IMG already exists!"
+    exit 1
+fi

ehdd/ehdd_funcs.sh

@@ -0,0 +1,26 @@
+
+if [ -s /etc/mailinabox.conf ]; then
+    source /etc/mailinabox.conf
+    [ $? -eq 0 ] || exit 1
+else
+    STORAGE_ROOT="/home/${STORAGE_USER:-user-data}"
+fi
+
+EHDD_IMG="$STORAGE_ROOT.HDD"
+EHDD_MOUNTPOINT="$STORAGE_ROOT"
+EHDD_LUKS_NAME="c1"
+
+
+find_unused_loop() {
+    losetup -f
+}
+
+find_inuse_loop() {
+    losetup -l | awk "\$6 == \"$EHDD_IMG\" { print \$1 }"
+}
+
+keyfile_option() {
+    if [ ! -z "$EHDD_KEYFILE" ]; then
+        echo "--key-file $EHDD_KEYFILE"
+    fi
+}

ehdd/mount.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+. "ehdd/ehdd_funcs.sh" || exit 1
+
+if [ ! -e "$EHDD_IMG" ]; then
+    echo "Warning: ecrypted HDD not found at $EHDD_IMG, not mounting"
+    exit 0
+fi
+
+if mount | grep "^/dev/mapper/$EHDD_LUKS_NAME on $EHDD_MOUNTPOINT" >/dev/null; then
+    echo "$EHDD_IMG already mounted"
+    exit 0
+fi
+
+loop=$(find_unused_loop)
+losetup $loop "$EHDD_IMG" || exit 1
+# map device to /dev/mapper/NAME
+cryptsetup luksOpen $(keyfile_option) $loop $EHDD_LUKS_NAME
+code=$?
+if [ $code -ne 0 ]; then
+    echo "luksOpen failed ($code) - is $EHDD_IMG luks formatted?"
+    losetup -d $loop
+    exit 1
+fi
+
+if [ ! -e "$EHDD_MOUNTPOINT" ]; then
+   echo "Creating mount point directory: $EHDD_MOUNTPOINT"
+   mkdir -p "$EHDD_MOUNTPOINT" || exit 1
+fi
+mount /dev/mapper/$EHDD_LUKS_NAME "$EHDD_MOUNTPOINT" || exit 1
+echo "Success: mounted $EHDD_MOUNTPOINT"

ehdd/postinstall.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+. "ehdd/ehdd_funcs.sh" || exit 1
+
+if [ -e "$EHDD_IMG" ]; then
+    
+    if [ -s /etc/mailinabox.conf ]; then
+        echo ""
+        echo "** Disabling system services **"
+        systemctl disable postfix
+        systemctl disable dovecot
+        systemctl disable cron
+        systemctl disable nginx
+        systemctl disable php7.2-fpm
+        systemctl disable mailinabox
+        systemctl disable fail2ban
+        #systemctl disable nsd
+        [ -x /usr/sbin/slapd ] && systemctl disable slapd
+
+        echo ""
+        echo "IMPORTANT:"
+        echo "    Services have been disabled at startup because the encrypted HDD will"
+        echo "    be unavailable. Run ehdd/startup.sh after a reboot."
+    fi
+
+fi
+
+
+

ehdd/start-encrypted.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+EHDD_IMG="$(ehdd/create_hdd.sh -location)"
+
+[ -e /etc/mailinabox.conf ] && . /etc/mailinabox.conf
+
+if [ ! -e "$EHDD_IMG" -a ! -z "$STORAGE_ROOT" -a \
+       -e "$STORAGE_ROOT/ssl/ssl_private_key.pem" ]; then
+    
+    echo "System installed without encryption-at-rest"
+
+elif [ ! -e "$EHDD_IMG" ]; then
+    
+    echo "Creating a new encrypted HDD."
+    if [ -z "${NONINTERACTIVE:-}" ]; then
+        echo -n "How big should it be? Enter a number in gigabytes: "
+        read gb
+    else
+        gb="${EHDD_GB:-5}"
+    fi
+    ehdd/create_hdd.sh "$gb" || exit 1
+    
+fi
+
+
+if ehdd/mount.sh; then
+    setup/start.sh $@
+    if [ $? -eq 0 ]; then
+        ehdd/postinstall.sh || exit 1
+    else
+        echo "setup/start.sh failed"
+    fi
+fi
+

ehdd/startup.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+ehdd/mount.sh || exit 1
+
+if [ -s /etc/mailinabox.conf ]; then
+    [ -x /usr/sbin/slapd ] && systemctl start slapd
+    systemctl start php7.2-fpm
+    systemctl start dovecot
+    systemctl start postfix
+    systemctl start nginx
+    systemctl start cron
+    #systemctl start nsd
+    systemctl link -f $(pwd)/conf/mailinabox.service
+    systemctl start mailinabox
+    systemctl start fail2ban
+fi
+

ehdd/umount.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+. "ehdd/ehdd_funcs.sh" || exit 1
+
+if ! mount | grep "$EHDD_MOUNTPOINT" >/dev/null; then
+    # not mounted
+    exit 0
+fi
+umount "$EHDD_MOUNTPOINT" || exit 1
+cryptsetup luksClose $EHDD_LUKS_NAME
+losetup -d $(find_inuse_loop)