Add template for 'install_schleuder3.sh'. At time, noting is implemented!

DOC/schleuder3/install_schleuder3_debian_package.txt

@@ -0,0 +1,123 @@
+# ====================
+# - Install via debian packagesystem
+# ====================
+
+# - Install dependencies
+# -
+apt-get install ruby-dev gnupg2 libgpgme-dev libsqlite3-dev libssl-dev build-essential
+apt-get install haveged
+
+# - Install schleuder 3 from stretch-backports
+# -
+apt-get install -t stretch-backports schleuder
+
+# - You will get the following output
+# -
+# -    Type 'J'
+# -
+Paketlisten werden gelesen... Fertig
+Abhängigkeitsbaum wird aufgebaut.       
+Statusinformationen werden eingelesen.... Fertig
+The following additional packages will be installed:
+  fonts-lato libgpgme11 libruby2.3 libyaml-0-2 rake ruby ruby-activemodel ruby-activerecord ruby-activesupport
+  ruby-arel ruby-atomic ruby-backports ruby-blankslate ruby-builder ruby-daemons ruby-did-you-mean ruby-eventmachine
+  ruby-gpgme ruby-i18n ruby-json ruby-mail ruby-mail-gpg ruby-mime-types ruby-minitest ruby-multi-json ruby-net-telnet
+  ruby-oj ruby-power-assert ruby-rack ruby-rack-protection ruby-rack-test ruby-sinatra ruby-sinatra-contrib
+  ruby-sqlite3 ruby-test-unit ruby-thor ruby-thread-safe ruby-tilt ruby-tzinfo ruby2.3 rubygems-integration
+  schleuder-cli sqlite3 thin
+Vorgeschlagene Pakete:
+  gpgsm ri ruby-dev ruby-builder-doc bundler sqlite3-doc
+Die folgenden NEUEN Pakete werden installiert:
+  fonts-lato libgpgme11 libruby2.3 libyaml-0-2 rake ruby ruby-activemodel ruby-activerecord ruby-activesupport
+  ruby-arel ruby-atomic ruby-backports ruby-blankslate ruby-builder ruby-daemons ruby-did-you-mean ruby-eventmachine
+  ruby-gpgme ruby-i18n ruby-json ruby-mail ruby-mail-gpg ruby-mime-types ruby-minitest ruby-multi-json ruby-net-telnet
+  ruby-oj ruby-power-assert ruby-rack ruby-rack-protection ruby-rack-test ruby-sinatra ruby-sinatra-contrib
+  ruby-sqlite3 ruby-test-unit ruby-thor ruby-thread-safe ruby-tilt ruby-tzinfo ruby2.3 rubygems-integration schleuder
+  schleuder-cli sqlite3 thin
+0 aktualisiert, 45 neu installiert, 0 zu entfernen und 47 nicht aktualisiert.
+Es müssen 9.420 kB an Archiven heruntergeladen werden.
+Nach dieser Operation werden 42,1 MB Plattenplatz zusätzlich benutzt.
+Möchten Sie fortfahren? [J/n] 
+
+
+
+# ---
+# - Enable user schleuder for managing lists
+# ---
+
+backup_date="$(date +%Y-%m-%d-%H%M)"
+schleuder_config="/etc/schleuder/schleuder.yml"
+user_schleuder_config="/var/lib/schleuder/.schleuder-cli/schleuder-cli.yml"
+
+# - Create API Key for user schleuder
+# -
+api_key="$(schleuder new_api_key)"
+
+# - Add the generated API Key to the list of valid api keys at
+# - configuration file $schleuder_config
+# -
+if ! grep -q "$api_key" 2> /dev/null $schleuder_config ; then
+   perl -i.$backup_date -n -p \
+      -e "s/(^(\s*)valid_api_keys:.*)/\1\n\2  - ${api_key}/" \
+      $schleuder_config
+fi
+
+
+# - Add generated API Key to schleuder's configuration file
+# - '${user_schleuder_config}'
+# -
+
+# - If no configuration file present, create a new default one.
+# -
+have_dot_schleuder_cli_yml=true
+if [[ ! -d "~schleuder/.schleuder-cli" ]] ; then
+   have_dot_schleuder_cli_yml=false
+elif [[ ! -f "~schleuder/.schleuder-cli/schleuder-cli.yml" ]] ; then
+
+   # - If the directory is present, no default configuration file (see below)
+   # - will be written
+   # -
+   mv "~schleuder/.schleuder-cli" "~schleuder/.schleuder-cli.${backup_date}"
+
+   have_dot_schleuder_cli_yml=false
+fi
+
+if ! $have_dot_schleuder_cli_yml ; then
+
+   # Creates a default configuration file '${user_schleuder_config}'
+   #
+   su - schleuder -s /bin/bash -c "/usr//bin/schleuder-cli lists list > /dev/null 2>&1"
+
+fi
+
+# - Now, add the API Key..
+# -
+perl -i.$backup_date -n -p \
+   -e "s/^(\s*api_key:).*/\1 ${api_key}/" \
+   ${user_schleuder_config}
+
+
+# - Get tls fingerprint of configured certificate
+# -
+cert_fingerprint="$(schleuder cert fingerprint | awk '{print$4}')"
+
+# - Add the fingerprint to schleuder users private configuration file
+# -
+if ! grep -q "$cert_fingerprint" 2> /dev/null ${user_schleuder_config} ; then
+   perl -i.$backup_date -n -p \
+      -e "s/^(\s*tls_fingerprint:).*/\1 ${cert_fingerprint}/" \
+      ${user_schleuder_config}
+fi
+
+
+# - Restart 'schleuder-api-daemon'
+# -
+systemctl restart schleuder-api-daemon
+
+
+
+# ---
+# - Add Postfix support
+# ---
+
+

DOC/schleuder3/install_schleuder3_maually.txt

@@ -0,0 +1,246 @@
+# ====================
+# - Install schleuder3 manually
+# ====================
+
+
+# - See README.md of repository:
+# -
+# -    https://0xacab.org/schleuder/schleuder-deb
+# -
+
+# - Requirements
+# -
+# -    ruby >=2.1
+# -    gnupg >=2.0
+# -    gpgme
+# -    sqlite3
+# -    openssl
+# -
+apt-get install ruby-dev gnupg2 libgpgme-dev libsqlite3-dev libssl-dev build-essential
+
+apt-get install haveged
+
+# - Additionally these rubygems are required (will be installed automatically unless present):
+# -
+# -    rake
+# -    active_record
+# -    sqlite3
+# -    thor
+# -    thin
+# -    mail-gpg
+# -    sinatra
+# -    sinatra-contrib
+
+
+# -----
+# - Installing Schleuder
+# -----
+
+mkdir /usr/local/src/schleuder3
+
+cd /usr/local/src/schleuder3
+
+
+# - Download the gem and the OpenPGP-signature and verify:
+# -
+wget https://0xacab.org/schleuder/schleuder/raw/master/gems/schleuder-3.2.1.gem
+wget https://0xacab.org/schleuder/schleuder/raw/master/gems/schleuder-3.2.1.gem.sig
+
+gpg --recv-key 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
+gpg --verify schleuder-3.2.1.gem.sig
+
+
+# - If all went well install the gem:
+# -
+gem install schleuder-3.2.1.gem
+
+
+# - Set up schleuder:
+# -
+schleuder install
+
+# - Output command 'schleuder install':
+# -
+root@schleuder3:/usr/local/src/schleuder3 # schleuder install
+-- create_table("lists", {:force=>:cascade})
+   -> 0.0119s
+-- create_table("subscriptions", {:force=>:cascade})
+   -> 0.0060s
+-- add_index("subscriptions", ["email", "list_id"], {:name=>"index_subscriptions_on_email_and_list_id", :unique=>true})
+   -> 0.0053s
+-- add_index("subscriptions", ["list_id"], {:name=>"index_subscriptions_on_list_id"})
+   -> 0.0056s
+-- initialize_schema_migrations_table()
+   -> 0.0113s
+NOTE: The database was prepared using sqlite. If you prefer to use a different DBMS please edit the 'database'-section in /etc/schleuder/schleuder.yml, create the database, install the corresponding ruby-library (e.g. `gem install mysql`) and run this current command again
+Private key written to: /etc/schleuder/schleuder-private-key.pem
+Certificate written to: /etc/schleuder/schleuder-certificate.pem
+Fingerprint of generated certificate: 9c70d382a0780904b2cd3a71b453ef689ea06ce18f46258bb668399742d2a794
+Have this fingerprint included into the configuration-file of all clients that want to connect to your Schleuder API.
+! Warning: this process was run as root — please make sure the above files are accessible by the user that is running `schleuder-api-daemon`.
+Schleuder has been set up. You can now create a new list using `schleuder-cli`.
+We hope you enjoy!
+
+
+
+# -----
+# - Installing  schleuder-cli (to manage lists from the command line)
+# -----
+
+cd /usr/local/src/schleuder3
+
+
+
+# - Download the gem and the OpenPGP-signature and verify:
+# -
+wget https://0xacab.org/schleuder/schleuder-cli/raw/master/gems/schleuder-cli-0.1.0.gem
+wget https://0xacab.org/schleuder/schleuder-cli/raw/master/gems/schleuder-cli-0.1.0.gem.sig
+
+gpg --recv-key 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
+gpg --verify schleuder-cli-0.1.0.gem.sig
+
+
+cd /etc/postfix
+ln -s /var/lib/gems/2.3.0/gems/schleuder-3.2.1/etc/postfix/schleuder_sqlite.cf
+
+cat <<EOF > /etc/postfix/transport_schleuder
+cryptolists.mail36.net schleuder:
+EOF
+
+postmap btree:/etc/postfix/transport_schleuder/
+
+if ! grep -A 3 -E "^\s*transport_maps" /etc/postfix/main.cf | grep -q "btree:/etc/postfix/transport_schleuder" ; then
+   perl -i -n -p -e "s#^(\s*transport_maps\s*=.*)#\1\n   btree:/etc/postfix/transport_schleuder#" /etc/postfix/main.cf
+fi
+
+
+
+groupadd -r schleuder
+useradd -r -M -d /noexistent -s /bin/false -g schleuder schleuder
+chown -R schleuder:schleuder /var/lib/schleuder /etc/schleuder
+
+systemctl stop postfix
+rm -fr /var/lib/postfix/verify_cache.db
+systemctl start postfix
+
+
+# -----
+# - Configure schleuder-api-daemon systemd service
+# -----
+
+cp /var/lib/gems/2.3.0/gems/schleuder-3.2.1/etc/schleuder-api-daemon.service /etc/systemd/system/
+systemctl daemon-reload
+systemctl enable schleuder-api-daemon.service
+systemctl start schleuder-api-daemon.service
+
+
+
+# ---
+# - Enable user schleuder for managing lists
+# ---
+
+backup_date="$(date +%Y-%m-%d-%H%M)"
+schleuder_config="/etc/schleuder/schleuder.yml"
+user_schleuder_config="/var/lib/schleuder/.schleuder-cli/schleuder-cli.yml"
+
+# - Create API Key for user schleuder
+# -
+api_key="$(schleuder new_api_key)"
+
+# - Add the generated API Key to the list of valid api keys at
+# - configuration file $schleuder_config
+# -
+if ! grep -q "$api_key" 2> /dev/null $schleuder_config ; then
+   perl -i.$backup_date -n -p \
+      -e "s/(^(\s*)valid_api_keys:.*)/\1\n\2  - ${api_key}/" \
+      $schleuder_config
+fi
+
+
+# - Add generated API Key to schleuder's configuration file
+# - '${user_schleuder_config}'
+# -
+
+# - If no configuration file present, create a new default one.
+# -
+have_dot_schleuder_cli_yml=true
+if [[ ! -d "~schleuder/.schleuder-cli" ]] ; then
+   have_dot_schleuder_cli_yml=false
+elif [[ ! -f "~schleuder/.schleuder-cli/schleuder-cli.yml" ]] ; then
+
+   # - If the directory is present, no default configuration file (see below)
+   # - will be written
+   # -
+   mv "~schleuder/.schleuder-cli" "~schleuder/.schleuder-cli.${backup_date}"
+
+   have_dot_schleuder_cli_yml=false
+fi
+
+if ! $have_dot_schleuder_cli_yml ; then
+
+   # Creates a default configuration file '${user_schleuder_config}'
+   #
+   su - schleuder -s /bin/bash -c "/usr//bin/schleuder-cli lists list > /dev/null 2>&1"
+
+fi
+
+# - Now, add the API Key..
+# -
+perl -i.$backup_date -n -p \
+   -e "s/^(\s*api_key:).*/\1 ${api_key}/" \
+   ${user_schleuder_config}
+
+
+# - Get tls fingerprint of configured certificate
+# -
+cert_fingerprint="$(schleuder cert fingerprint | awk '{print$4}')"
+
+# - Add the fingerprint to schleuder users private configuration file
+# -
+if ! grep -q "$cert_fingerprint" 2> /dev/null ${user_schleuder_config} ; then
+   perl -i.$backup_date -n -p \
+      -e "s/^(\s*tls_fingerprint:).*/\1 ${cert_fingerprint}/" \
+      ${user_schleuder_config}
+fi
+
+
+# - Restart 'schleuder-api-daemon'
+# -
+systemctl restart schleuder-api-daemon
+
+
+
+# -----
+# - Maintenance
+# -----
+
+# - Please take care to have the following commands run by the user that owns the
+# - directory of schleuder lists (by default /var/lib/schleuder/lists) to avoid
+# - running into file permission problems!
+
+# - Schleuder can check all keys that are present in the list’s keyrings for
+# - (upcoming) expiration dates, revocation, or other reasons for not being
+# - usable.
+# -
+# - Note: take care tcp port 11371 is open for calling pgp-keyservers
+# -
+# - Call this command weekly from cron to automate the check and have the
+# - results sent to the respective list-admins:
+# -
+# -    schleuder check_keys
+# -
+su schleuder -c "/usr/local/bin/schleuder check_keys" -s /bin/bash
+
+# - Schleuder can also refresh all keys in the same manner. Each key of each
+# - list will be refreshed from a keyserver one by one. If you’re using gpg 2.1,
+# - it’s possible to configure a TOR onion service to be used as keyserver! See
+# - the config for an example.
+# -
+# - Call this command weekly from cron to automate the check and have the results
+# - sent to the respective list-admins:
+# -
+# -    schleuder refresh_keys
+# -
+su schleuder -c "/usr/local/bin/schleuder schleuder refresh_keys" -s /bin/bash
+
+