Merge branch 'master' of git.selfprivacy.org:SelfPrivacy/selfprivacy.org

static/server.sh

@@ -4,23 +4,27 @@
 
 InstallDependencies()
 {
-	packagesNeeded='curl jq mkpasswd pwgen'
-	if [ -x "$(command -v apk)" ];       then sudo apk add --no-cache $packagesNeeded # Alpine Linux
-	elif [ -x "$(command -v apt-get)" ]; then sudo apt-get install curl jq whois pwgen # Debian/Ubuntu Linux
-	elif [ -x "$(command -v dnf)" ];     then sudo dnf install $packagesNeeded # Fedora Linux
+	packagesNeeded='curl jq pwgen nano'
+	if [ -x "$(command -v apk)" ];          then sudo apk add --no-cache $packagesNeeded # Alpine Linux
+	elif [ -x "$(command -v apt-get)" ];    then sudo apt-get install curl jq whois pwgen # Debian/Ubuntu Linux
+	elif [ -x "$(command -v dnf)" ];        then sudo dnf install $packagesNeeded # Fedora Linux
 	elif [ -x "$(command -v rpm-ostree)" ]; then sudo rpm-ostree install $packagesNeeded # Fedora Linux Silverblue
-	elif [ -x "$(command -v zypper)" ];  then sudo zypper install $packagesNeeded # openSUSE Linux
-	elif [ -x "$(command -v pacman)" ];  then sudo pacman -S $packagesNeeded # Arch/Manjaro Linux
-	elif [ -x "$(command -v emerge)" ];  then sudo emerge --ask $packagesNeeded # Gentoo Linux
-    elif [ -x "$(command -v nix-env)" ]; then nix-env -iA $packagesNeeded # NixOS
+	elif [ -x "$(command -v zypper)" ];     then sudo zypper install $packagesNeeded # openSUSE Linux
+	elif [ -x "$(command -v pacman)" ];     then sudo pacman -S $packagesNeeded # Arch/Manjaro Linux
+	elif [ -x "$(command -v emerge)" ];     then sudo emerge --ask $packagesNeeded # Gentoo Linux
+    elif [ -x "$(command -v nix-env)" ];    then sudo nix-env -iA $packagesNeeded # NixOS
+    elif [ -x "$(command -v pkg)" ];        then sudo pkg install $packagesNeeded # FreeBSD
 	else echo "FAILED TO INSTALL PACKAGE: Package manager not found. You must manually install: $packagesNeeded">&2; fi
     wget https://selfprivacy.org/configuration.nix
     wget https://selfprivacy.org/mailserver.nix
 	wget https://selfprivacy.org/goss.nix
 	wget https://selfprivacy.org/goss.yaml
 	wget https://selfprivacy.org/restic.nix
+	wget https://selfprivacy.org/mkpasswd
 	wget https://selfprivacy.org/s3cli
 	chmod +x s3cli
+	chmod +x mkpasswd
+	export PASSWORD=$( ./mkpasswd -m sha-512 "$PASSWORD" )
 }
 CollectData()
 {
@@ -29,8 +33,8 @@ CollectData()
 	read -p "Please, paste your AWS Secret Access Key: " AWS_TOKEN
 	read -p "Please, paste your AWS Access Key ID: " AWS_TOKEN_ID
 	read -p "Please, define your domain there: " DOMAIN
-	read -p "Please, define your mail username: " USERNAME
-	read -p "Please, define your password: " PASSWORD && PASSWORD=$( mkpasswd -m sha-512 "$PASSWORD" )
+	read -p "Please, define your mail username: " USER
+	read -p "Please, define your password: " PASSWORD
 }
 
 # Generate SSH key
@@ -59,11 +63,12 @@ MakeConfig()
 	# Mailserver
 	sed -i '15s/.*/    fqdn = "'$DOMAIN'";/' mailserver.nix
 	sed -i '16s/.*/    domains = [ "'"$DOMAIN"'" ];/' mailserver.nix
-	sed -i '21s/.*/\t"'$USERNAME'@'$DOMAIN'" = {/' mailserver.nix
-	sed -i '22s/.*/\t    hashedPassword = "'"$PASSWORD"'";/' mailserver.nix
+	sed -i '21s/.*/\t"'$USER'@'$DOMAIN'" = {/' mailserver.nix
+	#sed -i '22s/.*/\t    hashedPassword = "'"$PASSWORD"'";/' mailserver.nix
+	sed -i "22s,.*,\t\    hashedPassword = \"${PASSWORD}\";," mailserver.nix
 	sed -i '31s/.*/\t\t"'"$DOMAIN"'"/' mailserver.nix
-	sed -i '48s/.*/\t "admin@'"$DOMAIN"'" = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix
-	sed -i '70s/.*/    email = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix
+	sed -i '48s/.*/\t "admin@'"$DOMAIN"'" = "'"$USER"'@'"$DOMAIN"'";/' mailserver.nix
+	sed -i '70s/.*/    email = "'"$USER"'@'"$DOMAIN"'";/' mailserver.nix
 
 	# System Configuration	
     sed -i "16s,.*,\t\"${sshKey}\"," configuration.nix
@@ -71,6 +76,7 @@ MakeConfig()
 	# Restic
 	sed -i '14s/.*/\t\tEnvironment = [ "AWS_ACCESS_KEY_ID='$AWS_TOKEN_ID'" "AWS_SECRET_ACCESS_KEY='$AWS_TOKEN'" ];/' restic.nix
 	sed -i "17s,.*,\t restic -r s3:s3.amazonaws.com/${AWS_BUCKET_NAME} backup /var/vmail /var/vmail ," restic.nix
+	nano mailserver.nix
 
 }
 
@@ -165,6 +171,9 @@ ClearTempFiles()
 	rm mailserver.nix
 	rm restic.nix
 	rm s3cli
+	rm .dns_records.json
+	rm .records
+	rm mkpasswd
 	exit 0
 }
 
@@ -178,6 +187,38 @@ GetZoneID()
 	        -H "Content-Type: application/json" > .cloudflare.json
 	export zoneid=$( for i in {0..24}; do jq 'if .result['$i'].name == "'$DOMAIN'" then .result['$i'].id else null end' .cloudflare.json; done | grep -v null | sed -e 's/^"//' -e 's/"$//' )
 }
+
+#Purge DNS records
+
+PurgeDNSRecords()
+{
+curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \
+     -H "Authorization: Bearer $CLOUDFLARE_TOKEN" \
+     -H "Content-Type: application/json" > .dns_records.json
+
+for i in {0..24}
+do
+jq '.result['$i'].id' .dns_records.json
+done | grep -v null | sed 's/"//g' > .records
+
+export recordIDs=()
+while IFS= read -r line
+do
+    recordIDs+=("$line")
+done < .records
+
+for recordid in "${recordIDs[@]}"
+do
+    echo $zoneid
+    echo $recordid
+    echo $CLOUDFLARE_TOKEN
+    curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/$recordid" \
+        -H "Authorization: Bearer $CLOUDFLARE_TOKEN" \
+        -H "Content-Type: application/json"
+done
+
+}
+
 # Create records
 CreateARecord()
 {
@@ -275,6 +316,15 @@ printf "Waiting for nixos-infect to replace system files(this may take some time
 sleep 280
 CreateS3Bucket
 GetMachineIP
+read -p "ALL YOUR EXISTING DNS RECORDS ON CLOUDFLARE WILL BE REMOVED!!! ARE YOU SURE(y/N) " CREATEDNS
+if [ $CREATEDNS != "y" || $CREATEDNS == "Y" ]
+then
+exit -1
+fi
+printf "Purging records..."
+PurgeDNSRecords
+printf "done"
+CreateARecord
 ApplyConfig
 if [ $RESTORE_MAILBACKUP == "y" ]
 then
@@ -285,7 +335,6 @@ GetDKIM
 echo "Beginning CloudFlare configuration"
 GetZoneID
 printf "Creating records..."
-CreateARecord
 CreateMXRecord
 CreateDMARCRecord
 CreateSPFRecord