mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2025-04-05 00:27:25 +00:00
Initial commit to support a luks formatted partition holding user-data.
See #1340. Run setup/start-encrypted.sh instead of setup/start.sh. After reboots, login to your box and run tools/startup.sh.
This commit is contained in:
parent
a67f90593d
commit
42d471ba7f
48
setup/ehdd/create_hdd.sh
Executable file
48
setup/ehdd/create_hdd.sh
Executable file
@ -0,0 +1,48 @@
|
||||
#!/bin/bash
|
||||
if [ -s /etc/mailinabox.conf ]; then
|
||||
source /etc/mailinabox.conf
|
||||
[ $? -eq 0 ] || exit 1
|
||||
else
|
||||
STORAGE_ROOT="/home/${STORAGE_USER:-user-data}"
|
||||
fi
|
||||
|
||||
EHDD_IMG="$STORAGE_ROOT.HDD"
|
||||
EHDD_SIZE_GB="$1"
|
||||
MOUNTPOINT="$STORAGE_ROOT"
|
||||
|
||||
if [ "$1" == "" ]; then
|
||||
echo "usage: $0 <size-in-gb>"
|
||||
echo -n " hdd image location: $EHDD_IMG"
|
||||
if [ -e "$EHDD_IMG" ]; then echo " (exists)"; else echo ""; fi
|
||||
exit 1
|
||||
elif [ "$1" == "-location" ]; then
|
||||
echo "$EHDD_IMG"
|
||||
exit 0
|
||||
elif [ "$1" == "-mountpoint" ]; then
|
||||
echo "$MOUNTPOINT"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
|
||||
if [ ! -e "$EHDD_IMG" ]; then
|
||||
echo "Creating ${EHDD_SIZE_GB}G encryped drive: $EHDD_IMG"
|
||||
let count="$EHDD_SIZE_GB * 1024"
|
||||
[ $count -eq 0 ] && echo "Invalid size" && exit 1
|
||||
apt-get -q=2 -y install cryptsetup || exit 1
|
||||
dd if=/dev/zero of="$EHDD_IMG" bs=1M count=$count || exit 1
|
||||
losetup /dev/loop0 "$EHDD_IMG" || exit 1
|
||||
if ! cryptsetup luksFormat -i 15000 /dev/loop0; then
|
||||
losetup -d /dev/loop0
|
||||
rm -f "$EHDD_IMG"
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
echo "NOTE: You will need to reenter your drive encryption password a number of times"
|
||||
cryptsetup luksOpen /dev/loop0 c1 # map device to /dev/mapper/c1
|
||||
mke2fs -j /dev/mapper/c1
|
||||
cryptsetup luksClose c1
|
||||
losetup -d /dev/loop0
|
||||
else
|
||||
echo "$EHDD_IMG already exists..."
|
||||
exit 1
|
||||
fi
|
31
setup/ehdd/mount.sh
Executable file
31
setup/ehdd/mount.sh
Executable file
@ -0,0 +1,31 @@
|
||||
#!/bin/bash
|
||||
|
||||
hdd="$(setup/ehdd/create_hdd.sh -location)"
|
||||
mountpoint="$(setup/ehdd/create_hdd.sh -mountpoint)"
|
||||
|
||||
if [ ! -e "$hdd" ]; then
|
||||
echo "NOTE: ecrypted HDD not found at $hdd, not mounting"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if mount | grep "^/dev/mapper/c1 on $mountpoint" >/dev/null; then
|
||||
echo "$hdd already mounted"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
losetup /dev/loop0 "$hdd" || exit 1
|
||||
# map device to /dev/mapper/c1
|
||||
cryptsetup luksOpen /dev/loop0 c1
|
||||
code=$?
|
||||
if [ $code -ne 0 ]; then
|
||||
echo "luksOpen failed ($code) - is $hdd luks formatted?"
|
||||
losetup -d /dev/loop0
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -e "$mountpoint" ]; then
|
||||
echo "Creating mount point directory: $mountpoint"
|
||||
mkdir -p "$mountpoint" || exit 1
|
||||
fi
|
||||
mount /dev/mapper/c1 "$mountpoint" || exit 1
|
||||
echo "Success: mounted $mountpoint"
|
40
setup/ehdd/postinstall.sh
Executable file
40
setup/ehdd/postinstall.sh
Executable file
@ -0,0 +1,40 @@
|
||||
#!/bin/bash
|
||||
|
||||
EHDD_IMG="$(setup/ehdd/create_hdd.sh -location)"
|
||||
if [ -e "$EHDD_IMG" ]; then
|
||||
|
||||
if [ -s /etc/mailinabox.conf ]; then
|
||||
echo ""
|
||||
echo "** Disabling system services **"
|
||||
systemctl disable postfix
|
||||
systemctl disable dovecot
|
||||
systemctl disable cron
|
||||
systemctl disable nginx
|
||||
systemctl disable php7.2-fpm
|
||||
systemctl disable mailinabox
|
||||
systemctl disable fail2ban
|
||||
#systemctl disable nsd
|
||||
[ -x /usr/sbin/slapd ] && systemctl disable slapd
|
||||
|
||||
echo ""
|
||||
echo "IMPORTANT:"
|
||||
echo " Services have been disabled at startup because the encrypted HDD will"
|
||||
echo " be unavailable. Run tools/startup.sh after a reboot."
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
# run local modifications
|
||||
h=$(hostname --fqdn 2>/dev/null || hostname)
|
||||
count=0
|
||||
for d in local/mods.sh local/mods-${h}.sh; do
|
||||
if [ -e $d ]; then
|
||||
let count+=1
|
||||
if ! ./$d; then
|
||||
echo "Local modification script $d failed"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
|
11
setup/ehdd/umount.sh
Executable file
11
setup/ehdd/umount.sh
Executable file
@ -0,0 +1,11 @@
|
||||
#!/bin/bash
|
||||
|
||||
mountpoint="$(setup/ehdd/create_hdd.sh -mountpoint)"
|
||||
|
||||
if ! mount | grep "$mountpoint" >/dev/null; then
|
||||
# not mounted
|
||||
exit 0
|
||||
fi
|
||||
umount "$mountpoint" || exit 1
|
||||
cryptsetup luksClose c1
|
||||
losetup -d /dev/loop0
|
29
setup/start-encrypted.sh
Executable file
29
setup/start-encrypted.sh
Executable file
@ -0,0 +1,29 @@
|
||||
#!/bin/bash
|
||||
EHDD_IMG="$(setup/ehdd/create_hdd.sh -location)"
|
||||
|
||||
[ -e /etc/mailinabox.conf ] && . /etc/mailinabox.conf
|
||||
|
||||
if [ ! -e "$EHDD_IMG" -a ! -z "$STORAGE_ROOT" -a \
|
||||
-e "$STORAGE_ROOT/ssl/ssl_private_key.pem" ]; then
|
||||
|
||||
echo "System installed without encryption-at-rest"
|
||||
|
||||
elif [ ! -e "$EHDD_IMG" ]; then
|
||||
|
||||
echo "Creating a new encrypted HDD."
|
||||
echo -n "How big should it be? Enter a number in gigabytes: "
|
||||
read gb
|
||||
setup/ehdd/create_hdd.sh "$gb" || exit 1
|
||||
|
||||
fi
|
||||
|
||||
|
||||
if setup/ehdd/mount.sh; then
|
||||
setup/start.sh $@
|
||||
if [ $? -eq 0 ]; then
|
||||
setup/ehdd/postinstall.sh || exit 1
|
||||
else
|
||||
echo "setup/start.sh failed"
|
||||
fi
|
||||
fi
|
||||
|
16
tools/startup.sh
Executable file
16
tools/startup.sh
Executable file
@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
setup/ehdd/mount.sh || exit 1
|
||||
|
||||
if [ -s /etc/mailinabox.conf ]; then
|
||||
[ -x /usr/sbin/slapd ] && systemctl start slapd
|
||||
systemctl start php7.2-fpm
|
||||
systemctl start dovecot
|
||||
systemctl start postfix
|
||||
systemctl start nginx
|
||||
systemctl start cron
|
||||
#systemctl start nsd
|
||||
systemctl link -f $HOME/mailinabox/conf/mailinabox.service
|
||||
systemctl start mailinabox
|
||||
systemctl start fail2ban
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user