Use the attached SSH keys for authentication when you are sFTP or SSH connecting to our NAS server. Remember to always keep your private keys safe. SSH keys should never be accessible to anyone other than the NAS user account holder.

---- Account type (folder access level)

The User has been issued a '${GROUP}' level account type. The User's folder access rights are as follows:

---- Client SMB LAN ${HOSTNAME^} connection

SMB, or Server Message Block, is the method used by Microsoft Windows networking, and with the Samba protocol on Apple Mac and Linux/Unix.

---- Client SFTP ${HOSTNAME^} connection

Only SFTP is enabled (standard FTP connections are denied) with a login type by SSH key only. For connecting we recommend the free FileZilla FTP client software ( https://filezilla-project.org/download.php ). Use the FileZilla connection tool 'File' > 'Site Manager' and create a 'New Site' account with the following credentials.

Depending on your account type you can select either a local and/or remote SFTP connection method.

145 |

---- Attachment Details

146 |

Attached files are:

147 |

148 |

Private SSH Key (Standard) : id_${USER,,}_ed25519
Private SSH Key (PPK version) : id_${USER,,}_ed25519.ppk

152 | 153 | --ahuacate 154 | Content-Type: application/zip 155 | Content-Disposition: attachment; filename="id_${USER,,}_ed25519" 156 | Content-Transfer-Encoding: base64 157 | $(if [ ${GROUP} = privatelab ] || [ ${GROUP} = homelab ] || [ ${GROUP} = medialab ]; then 158 | echo '$(openssl base64 < /srv/${HOSTNAME}/homes/${USER}/.ssh/id_${USER,,}_ed25519)' 159 | elif [ ${GROUP} = chrootjail ]; then 160 | echo '$(openssl base64 < /${HOME_BASE}${USER}/.ssh/id_${USER,,}_ed25519)' 161 | fi) 162 | 163 | --ahuacate 164 | Content-Type: application/zip 165 | Content-Disposition: attachment; filename="id_${USER,,}_ed25519.ppk" 166 | Content-Transfer-Encoding: base64 167 | $(if [ ${GROUP} = privatelab ] || [ ${GROUP} = homelab ] || [ ${GROUP} = medialab ]; then 168 | echo '$(openssl base64 < /srv/${HOSTNAME}/homes/${USER}/.ssh/id_${USER,,}_ed25519.ppk)' 169 | elif [ ${GROUP} = chrootjail ]; then 170 | echo '$(openssl base64 < /${HOME_BASE}${USER}/.ssh/id_${USER,,}_ed25519.ppk)' 171 | fi) 172 | 173 | --ahuacate 174 | EOF -------------------------------------------------------------------------------- /src/ubuntu/proftpd_settings/global_default.conf: -------------------------------------------------------------------------------- 1 | 2 | # Copy file to /etc/proftpd/conf.d/global_default.conf 3 | 4 | # Set value 1 means not available. Required by SSMTP email service to send User details. 5 | # To set your WAN address example: # REMOTE_WAN_ADDRESS='sftp.myavocado.stupid.me' (note the preceding # MUST be included) 6 | # SFTP_LOCAL_LAN_ADDRESS=$(hostname -i) 7 | # SFTP_LOCAL_LAN_PORT=2222 8 | # SFTP_REMOTE_WAN_ADDRESS=1 9 | # SFTP_REMOTE_WAN_PORT=1 10 | 11 | # Chroot default folder 12 | DefaultRoot ~ 13 | 14 | # Here are the default values 15 | MultilineRFC2228 off 16 | RootLogin off 17 | RequireValidShell off 18 | MaxLoginAttempts 5 19 | MaxClientsPerHost 10 20 | DefaultTransferMode binary 21 | ShowSymlinks on 22 | 23 | #Limit login times and timeouts to drop dead clients. 24 | TimeoutLogin 300 25 | TimeoutIdle 300 26 | TimeoutNoTransfer 300 27 | TimeoutStalled 300 28 | 29 | # Allow to resume not only the downloads but the uploads too 30 | AllowRetrieveRestart on 31 | AllowStoreRestart on 32 | 33 | # Hide all dotfiles, hidden files and folders 34 | 35 | HideFiles ^\..* 36 | HideNoAccess on 37 | 38 | IgnoreHidden on 39 | 40 | 41 | 42 | # Deny folder access 43 | 44 | 45 | DenyGroup medialab 46 | 47 | 48 | 49 | # Limit Chmod command 50 | 51 | DenyAll 52 | 53 | 54 | 55 | -------------------------------------------------------------------------------- /src/ubuntu/proftpd_settings/global_desktopdir.conf: -------------------------------------------------------------------------------- 1 | 2 | # Copy file to /etc/proftpd/conf.d/global_desktopdir.conf 3 | 4 | # Protect user desktop base folders 5 | # Desktop folder 6 | 7 | 8 | DenyAll 9 | 10 | 11 | 12 | 13 | AllowAll 14 | 15 | 16 | 17 | # Documents folder 18 | 19 | 20 | DenyAll 21 | 22 | 23 | 24 | 25 | AllowAll 26 | 27 | 28 | 29 | # Downloads folder 30 | 31 | 32 | DenyAll 33 | 34 | 35 | 36 | 37 | AllowAll 38 | 39 | 40 | 41 | # Music folder 42 | 43 | 44 | DenyAll 45 | 46 | 47 | 48 | 49 | AllowAll 50 | 51 | 52 | 53 | # Pictures folder 54 | 55 | 56 | DenyAll 57 | 58 | 59 | 60 | 61 | AllowAll 62 | 63 | 64 | 65 | # Public folder 66 | 67 | 68 | DenyAll 69 | 70 | 71 | 72 | 73 | AllowAll 74 | 75 | 76 | 77 | # Template folder 78 | 79 | 80 | DenyAll 81 | 82 | 83 | 84 | 85 | AllowAll 86 | 87 | 88 | 89 | # Videos folder 90 | 91 | 92 | DenyAll 93 | 94 | 95 | 96 | 97 | AllowAll 98 | 99 | 100 | 101 | 102 | -------------------------------------------------------------------------------- /src/ubuntu/proftpd_settings/pve_nas_ct_proftpdsettings.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # ---------------------------------------------------------------------------------- 3 | # Filename: pve_nas_ct_proftpdsettings.sh 4 | # Description: ProFTPd settings script for PVE Ubuntu NAS 5 | # ---------------------------------------------------------------------------------- 6 | 7 | DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) 8 | COMMON_PVE_SRC_DIR="$DIR/../../../common/pve/src" 9 | 10 | #---- Dependencies ----------------------------------------------------------------- 11 | 12 | # Run Bash Header 13 | source $COMMON_PVE_SRC_DIR/pvesource_bash_defaults.sh 14 | 15 | #---- Static Variables ------------------------------------------------------------- 16 | #---- Other Variables -------------------------------------------------------------- 17 | 18 | # Section Header Body Text 19 | SECTION_HEAD='PVE NAS' 20 | 21 | # Check if IP is static or DHCP 22 | if [[ $(ip r | head -n 1 | grep -n 'proto dhcp') ]] 23 | then 24 | DHCP=1 25 | else 26 | DHCP=0 27 | fi 28 | 29 | #---- Other Files ------------------------------------------------------------------ 30 | #---- Functions -------------------------------------------------------------------- 31 | #---- Body ------------------------------------------------------------------------- 32 | 33 | #---- Setting Folder Permissions 34 | section "Setup ProFTPd SFTP service." 35 | 36 | # Check for ProFTPd installation 37 | msg "Checking for ProFTPd status..." 38 | if [ "$(dpkg -s proftpd-core >/dev/null 2>&1; echo $?)" = 0 ] 39 | then 40 | info "ProFTPd status: ${GREEN}installed.${NC} ( $(proftpd --version) )" 41 | echo 42 | else 43 | info "ProFTPd is not installed. Exiting ProFTP installation script..." 44 | echo 45 | exit 0 46 | fi 47 | 48 | # Creating sftp Configuration 49 | msg "Checking sftp configuration..." 50 | echo 51 | if [ -f "/etc/proftpd/conf.d/sftp.conf" ] || [ -f "/etc/proftpd/conf.d/global_default.conf" ] || [ -f "/etc/proftpd/conf.d/global_desktopdir.conf" ] 52 | then 53 | msg_box "#### PLEASE READ CAREFULLY - SFTP CONFIGURATION ####\n 54 | Existing ProFTPd settings files have been found. Updating will overwrite the following settings files: 55 | 56 | -- /etc/proftpd/conf.d/sftp.conf 57 | -- /etc/proftpd/conf.d/global_default.conf 58 | -- /etc/proftpd/conf.d/global_desktopdir.conf 59 | 60 | The User also has the option to set the following: 61 | -- SFTP WAN address ( i.e a HAProxy URL, DynDNS provider or static IP) 62 | -- SFTP WAN port 63 | -- SFTP local port 64 | 65 | If the User has made custom changes to the existing ProFTPd configuration files DO NOT proceed to update this file (first make a backup). Otherwise we RECOMMEND you update (overwrite) ProFTPd settings file with our latest version." 66 | echo 67 | while true 68 | do 69 | read -p "Update your ProFTPd settings (Recommended) [y/n]? " -n 1 -r YN 70 | echo 71 | case $YN in 72 | [Yy]*) 73 | PROFTPD_SETTING=0 74 | echo 75 | break 76 | ;; 77 | [Nn]*) 78 | PROFTPD_SETTING=1 79 | info "You have chosen to skip this step." 80 | echo 81 | break 82 | ;; 83 | *) 84 | warn "Error! Entry must be 'y' or 'n'. Try again..." 85 | echo 86 | ;; 87 | esac 88 | done 89 | else 90 | PROFTPD_SETTING=0 91 | fi 92 | 93 | # WAN address and Port settings 94 | msg_box "#### PLEASE READ CAREFULLY - PROFTP Settings #### 95 | 96 | Our ProFTPd settings are tailored and configured to work out of the box. But the User may want change our basic default settings to meet their network requirements: 97 | 98 | Local ProFTPd server settings. 99 | -- SFTP server local LAN port : 2222 100 | -- SFTP server local IPv4 address : $(if [ ${DHCP} == '0' ]; then echo "$(hostname -i) ( static IP )"; else echo "$(hostname).$(hostname -d) ( dhcp IP )"; fi) 101 | 102 | If you have configured your network for remote access using HAProxy or by DynDNS you should enter the details when prompted. It will be included in all new user account instruction emails along with their user credentials. 103 | -- SFTP remote WAN HTTPS URL address : none 104 | -- SFTP server WAN port : none" 105 | echo 106 | 107 | # Set 108 | msg "The User can custom set a ProFTPd server SFTP local LAN Port number. The SFTP default LAN Port number is : 2222 ( Recommended ). Valid ports can be from 1 to 65535; however, ports less than 1024 are reserved for other protocols. It is best to choose ports greater than or equal to 50000 for SFTP mode." 109 | echo 110 | while true 111 | do 112 | read -p "Enter a ProFTPd SFTP Port number: " -e -i 2222 SFTP_LOCAL_LAN_PORT 113 | if [[ "$SFTP_LOCAL_LAN_PORT" =~ ^[0-9]+$ ]] 114 | then 115 | info "SFTP local LAN Port is set: ${YELLOW}$SFTP_LOCAL_LAN_PORT${NC}" 116 | echo 117 | break 118 | else 119 | warn "There are problems with your input: 120 | 121 | 1. A WAN Port number must be integers only (numerics). 122 | 123 | Try again..." 124 | echo 125 | fi 126 | done 127 | 128 | # Set remote connection address 129 | msg "Select a connection method from the menu. To connect remotely you must have HAProxy, Cloudflare or a Dynamic DNS service provider account up and running ( and know your connection address URL ). If the User has none of these then select 'None'." 130 | echo 131 | OPTIONS_VALUES_INPUT=( "TYPE01" "TYPE02" ) 132 | OPTIONS_LABELS_INPUT=( "Remote Access Address - connect remotely from the internet" "None - connect using LAN $(if [ ${DHCP} == '0' ]; then echo "$(hostname -i)"; else echo "$(hostname).$(hostname -d)"; fi)" ) 133 | makeselect_input2 134 | singleselect SELECTED "$OPTIONS_STRING" 135 | if [ "$RESULTS" = TYPE01 ] 136 | then 137 | while true 138 | do 139 | msg "The User must input a valid internet HTTPS URL. This could be a Dynamic DNS server URL, domain address URL ( i.e Cloudflare hosted web address ) or even a static WAN IP address if your have one." 140 | read -p "Enter a valid HTTPS URL address: " SFTP_REMOTE_WAN_ADDRESS_VAR 141 | SFTP_REMOTE_WAN_ADDRESS=${SFTP_REMOTE_WAN_ADDRESS_VAR,,} 142 | if ping -c1 $SFTP_REMOTE_WAN_ADDRESS &>/dev/null; then 143 | info "SFTP connection address is set: ${YELLOW}$SFTP_REMOTE_WAN_ADDRESS${NC}" 144 | SFTP_REMOTE_WAN_PORT=0 145 | echo 146 | break 147 | else 148 | warn "There are problems with your input: 149 | 150 | 1. HTTPS URL '$SFTP_REMOTE_WAN_ADDRESS' is not reachable. 151 | 2. A valid URL resembles: sftp-site1.foo.bar or mysftp.dyndns.org 152 | 153 | Check your URL address, remember to include any subdomain and try again..." 154 | echo 155 | fi 156 | done 157 | elif [ "$RESULTS" = TYPE02 ] 158 | then 159 | SFTP_REMOTE_WAN_ADDRESS=1 160 | SFTP_REMOTE_WAN_PORT=1 161 | msg "You can always add a SFTP remote WAN HTTPS URL address at a later stage." 162 | info "SFTP connection address is set: ${YELLOW}$(hostname -i)${NC}" 163 | echo 164 | fi 165 | 166 | # Set remote port number 167 | if [ "$SFTP_REMOTE_WAN_PORT" = 0 ] 168 | then 169 | msg "Your remote internet connection URL is set: ${WHITE}$SFTP_REMOTE_WAN_ADDRESS${NC}. 170 | The User must provide a incoming WAN Port number used to access the ${HOSTNAME^^} LAN network. If the User has configured pfSense HAProxy with Cloudflare the port would be '443'. For a Dynamic DNS provider configuration the WAN Port number is set by the User at the network Gateway device (modem/USG) port forwarding settings table ( i.e mysftp.dyndns.org WAN: ${WHITE}502222${NC} --> LAN: $(hostname -i):2222 )." 171 | echo 172 | while true 173 | do 174 | read -p "Enter a WAN Port number: " -e -i 443 SFTP_REMOTE_WAN_PORT 175 | if [[ "$SFTP_REMOTE_WAN_PORT" =~ ^[0-9]+$ ]] 176 | then 177 | info "SFTP WAN Port is set: ${YELLOW}$SFTP_REMOTE_WAN_PORT${NC}" 178 | echo 179 | break 180 | else 181 | warn "There are problems with your input: 182 | 183 | 1. A WAN Port number must be integers only (numerics). 184 | 185 | Try again..." 186 | echo 187 | fi 188 | done 189 | fi 190 | 191 | # Modifying ProFTPd Defaults 192 | if [ "$PROFTPD_SETTING" = 0 ] 193 | then 194 | msg "Modifying ProFTPd defaults and settings..." 195 | if [ "$(systemctl is-active proftpd)" = 'active' ] 196 | then 197 | systemctl stop proftpd 198 | while ! [[ "$(systemctl is-active proftpd)" == "inactive" ]]; do 199 | echo -n . 200 | done 201 | fi 202 | eval "echo \"$(cat $DIR/sftp.conf)\"" > /etc/proftpd/conf.d/sftp.conf 203 | eval "echo \"$(cat $DIR/global_default.conf)\"" > /etc/proftpd/conf.d/global_default.conf 204 | eval "echo \"$(cat $DIR/global_desktopdir.conf)\"" > /etc/proftpd/conf.d/global_desktopdir.conf 205 | sed -i 's|# DefaultRoot.*|DefaultRoot ~|g' /etc/proftpd/proftpd.conf 206 | sed -i 's|ServerName.*|ServerName \"'$(echo ${HOSTNAME^^})'\"|g' /etc/proftpd/proftpd.conf 207 | sed -i 's|UseIPv6.*|UseIPv6 off|g' /etc/proftpd/proftpd.conf 208 | sed -i 's|#LoadModule mod_sftp.c|LoadModule mod_sftp.c|g' /etc/proftpd/modules.conf 209 | sed -i 's|#LoadModule mod_sftp_pam.c|LoadModule mod_sftp_pam.c|g' /etc/proftpd/modules.conf 210 | sed -i "s|^#\s*SFTP_LOCAL_LAN_ADDRESS=.*|# SFTP_LOCAL_LAN_ADDRESS='$(if [ "$DHCP" = 0 ]; then echo "$(hostname -i)"; else echo "$(hostname).$(hostname -d)"; fi)'|g" /etc/proftpd/conf.d/global_default.conf 211 | sed -i "s|^#\s*SFTP_LOCAL_LAN_PORT=.*|# SFTP_LOCAL_LAN_PORT='${SFTP_LOCAL_LAN_PORT}'|g" /etc/proftpd/conf.d/global_default.conf 212 | sed -i "s|^#\s*SFTP_REMOTE_WAN_ADDRESS=.*|# SFTP_REMOTE_WAN_ADDRESS='${SFTP_REMOTE_WAN_ADDRESS}'|g" /etc/proftpd/conf.d/global_default.conf 213 | sed -i "s|^\s*SFTP_REMOTE_WAN_PORT.*|# SFTP_REMOTE_WAN_PORT='${SFTP_REMOTE_WAN_PORT}'|g" /etc/proftpd/conf.d/global_default.conf 214 | # SFTP Conf 215 | sed -i "s|^\s*Port.*| Port ${SFTP_LOCAL_LAN_PORT}|g" /etc/proftpd/conf.d/sftp.conf 216 | info "ProFTPd settings status: ${YELLOW}updated${NC}" 217 | echo 218 | fi 219 | 220 | # ProFTPd Status 221 | # Starting ProFTPd service 222 | msg "Checking ProFTP status..." 223 | if [ "$(systemctl is-active proftpd)" = 'inactive' ] 224 | then 225 | msg "Starting ProFTPd..." 226 | systemctl start proftpd 227 | msg "Waiting to hear from ProFTPd..." 228 | while ! [[ "$(systemctl is-active proftpd)" == "active" ]] 229 | do 230 | echo -n . 231 | done 232 | sleep 1 233 | info "ProFTPd status: ${GREEN}running${NC}" 234 | echo 235 | fi 236 | 237 | #---- Finish Line ------------------------------------------------------------------ 238 | if [ ! "$PROFTPD_SETTING" = 1 ] 239 | then 240 | section "Completion Status." 241 | 242 | info "${WHITE}Success.${NC} ProFTPd settings have been updated." 243 | echo 244 | fi 245 | 246 | # Cleanup 247 | if [ -z "${PARENT_EXEC+x}" ] 248 | then 249 | trap cleanup EXIT 250 | fi 251 | #----------------------------------------------------------------------------------- -------------------------------------------------------------------------------- /src/ubuntu/proftpd_settings/sftp.conf: -------------------------------------------------------------------------------- 1 | 2 | # Copy file to /etc/proftpd/conf.d/sftp.conf 3 | 4 | 5 | SFTPPAMEngine on 6 | SFTPPAMServiceName sftp 7 | 8 | 9 | # Server Details 10 | Port 2222 11 | ServerName "Ahuacate SFTP Server" 12 | AccessGrantMsg "-- Welcome to Ahuacate SFTP Server --" 13 | SFTPEngine on 14 | SFTPLog /var/log/proftpd/sftp.log 15 | 16 | # Configure both the RSA and DSA host keys, using the same host key files that OpenSSH uses. 17 | SFTPHostKey /etc/ssh/ssh_host_rsa_key 18 | SFTPHostKey /etc/ssh/ssh_host_dsa_key 19 | 20 | #SFTPAuthMethods publickey password keyboard-interactive 21 | SFTPAuthMethods publickey 22 | 23 | # Max Attempts 24 | MaxLoginAttempts 6 25 | 26 | # User SHH Key file location 27 | SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u 28 | 29 | # Enable compression 30 | SFTPCompression delayed 31 | 32 | # SFTP Options 33 | SFTPOptions IgnoreSFTPUploadPerms 34 | 35 | # User Chroot home 36 | DefaultRoot /srv/$HOSTNAME/homes/chrootjail/homes/%u chrootjail 37 | DefaultRoot /srv/$HOSTNAME privatelab 38 | DefaultRoot /srv/$HOSTNAME medialab 39 | 40 | # User Group Access 41 | 42 | AllowGroup chrootjail 43 | AllowGroup medialab 44 | AllowGroup privatelab 45 | DenyAll 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /src/ubuntu/pve-nas_sw.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # ---------------------------------------------------------------------------------- 3 | # Filename: pve-nas_sw.sh 4 | # Description: Setup for Ubuntu NAS server 5 | # ---------------------------------------------------------------------------------- 6 | 7 | #---- Bash command to run script --------------------------------------------------- 8 | #---- Source ----------------------------------------------------------------------- 9 | 10 | DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) 11 | COMMON_DIR="$DIR/../../common" 12 | COMMON_PVE_SRC_DIR="$DIR/../../common/pve/src" 13 | SHARED_DIR="$DIR/../../shared" 14 | 15 | #---- Dependencies ----------------------------------------------------------------- 16 | 17 | # Run Bash Header 18 | source $COMMON_PVE_SRC_DIR/pvesource_bash_defaults.sh 19 | 20 | #---- Static Variables ------------------------------------------------------------- 21 | #---- Other Variables -------------------------------------------------------------- 22 | 23 | # Easy Script Section Header Body Text 24 | SECTION_HEAD='PVE NAS' 25 | 26 | #---- Other Files ------------------------------------------------------------------ 27 | 28 | # Copy default lists of folder shares 29 | mv /tmp/nas_basefolderlist . 30 | mv /tmp/nas_basefoldersubfolderlist . 31 | mv /tmp/nas_basefolderlist_extra . 32 | 33 | #---- Body ------------------------------------------------------------------------- 34 | 35 | #---- Prerequisites 36 | section "Performing Prerequisites" 37 | 38 | # Setting Variables 39 | msg "Setting the $SECTION_HEAD variables..." 40 | if [ -f "/tmp/pve_nas_ct_variables.sh" ] 41 | then 42 | mv /tmp/pve_nas_ct_variables.sh . 2>/dev/null 43 | # Import Variables 44 | . ./pve_nas_ct_variables.sh 45 | info "${SECTION_HEAD} variables are set." 46 | echo 47 | fi 48 | 49 | # Checking NAS storage mount point 50 | if [ ! -d "/srv/$HOSTNAME" ] 51 | then 52 | warn "Cannot locate, identify and PVE storage backend: "/srv/${HOSTNAME}"\nAborting installation." 53 | exit 0 54 | fi 55 | 56 | # Download and Install Prerequisites 57 | msg "Installing ACL..." 58 | apt-get install -y acl >/dev/null 59 | msg "Installing Putty Tools..." 60 | apt-get install -y putty-tools >/dev/null 61 | echo 62 | 63 | 64 | #---- Creating PVE NAS Users and Groups 65 | section "Creating Users and Groups" 66 | 67 | # Change Home folder permissions 68 | msg "Setting default adduser home folder permissions (DIR_MODE)..." 69 | sed -i "s/^DIR_MODE=.*/DIR_MODE=0750/g" /etc/adduser.conf 70 | info "Default adduser permissions set: ${WHITE}0750${NC}" 71 | msg "Setting default HOME folder destination..." 72 | sed -i "s|^DHOME=.*|DHOME=$DIR_SCHEMA/homes|g" /etc/adduser.conf 73 | sed -i "s|^# HOME=.*|HOME=$DIR_SCHEMA/homes|g" /etc/default/useradd 74 | echo "HOME_MODE 0750" | sudo tee -a /etc/login.defs 75 | info "Default HOME destination folder set: ${WHITE}$DIR_SCHEMA/homes${NC}" 76 | 77 | # Create User Acc 78 | # Set base dir 79 | DIR_SCHEMA="/srv/$(hostname)" 80 | source $SHARED_DIR/pve_nas_create_users.sh 81 | 82 | # Creating Chroot jail environment 83 | source $COMMON_PVE_SRC_DIR/pvesource_ct_ubuntu_installchroot.sh 84 | 85 | 86 | #---- Validating your network setup 87 | 88 | # Run Check Host IP 89 | # source $COMMON_DIR/nas/src/nas_set_nasip.sh 90 | 91 | # Identify PVE host IP 92 | source $COMMON_DIR/nas/src/nas_identify_pvehosts.sh 93 | # source $COMMON_PVE_SRC_DIR/pvesource_identify_pvehosts.sh 94 | 95 | # Modifying SSHd 96 | cat <> /etc/ssh/sshd_config 97 | # Settings for privatelab 98 | Match Group privatelab 99 | AuthorizedKeysFile /srv/$HOSTNAME/homes/%u/.ssh/authorized_keys 100 | PubkeyAuthentication yes 101 | PasswordAuthentication no 102 | AllowTCPForwarding no 103 | X11Forwarding no 104 | # Settings for medialab 105 | Match Group medialab 106 | AuthorizedKeysFile /srv/$HOSTNAME/homes/%u/.ssh/authorized_keys 107 | PubkeyAuthentication yes 108 | PasswordAuthentication no 109 | AllowTCPForwarding no 110 | X11Forwarding no 111 | EOF 112 | 113 | 114 | #---- Install and Configure Samba 115 | source $COMMON_DIR/nas/src/nas_installsamba.sh 116 | 117 | 118 | #---- Install and Configure NFS 119 | source $COMMON_DIR/nas/src/nas_installnfs.sh 120 | 121 | 122 | #---- Install and Configure Webmin 123 | source $COMMON_PVE_SRC_DIR/pvesource_install_webmin.sh 124 | #----------------------------------------------------------------------------------- -------------------------------------------------------------------------------- /src/ubuntu/pve_nas_ct_addpoweruser.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # ---------------------------------------------------------------------------------- 3 | # Filename: pve_nas_ct_addpoweruser.sh 4 | # Description: Create a new PVE NAS Power User 5 | # ---------------------------------------------------------------------------------- 6 | 7 | #---- Bash command to run script --------------------------------------------------- 8 | 9 | # Command to run script 10 | # bash -c "$(wget -qLO - https://raw.githubusercontent.com/ahuacate/pve-nas/main/src/ubuntu/pve_nas_ct_addpoweruser.sh)" 11 | 12 | #---- Source ----------------------------------------------------------------------- 13 | 14 | DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) 15 | COMMON_PVE_SRC_DIR="$DIR/../../common/pve/src" 16 | 17 | #---- Dependencies ----------------------------------------------------------------- 18 | 19 | # Run Bash Header 20 | source $COMMON_PVE_SRC_DIR/pvesource_bash_defaults.sh 21 | 22 | # Install libcrack2 23 | if [[ ! $(dpkg -s libcrack2) ]] 24 | then 25 | apt-get install -y libcrack2 > /dev/null 26 | fi 27 | 28 | # Check user is root 29 | if [ ! "$(id -u)" = 0 ] 30 | then 31 | warn "This script needs to run under 'root'. Exiting in 2 seconds.\nTry again..." 32 | sleep 2 33 | exit 0 34 | fi 35 | 36 | # Check PVE host SMTP status 37 | check_smtp_status 38 | if [ "$SMTP_STATUS" = 0 ] 39 | then 40 | display_msg='\nBefore proceeding with this installer we RECOMMEND you first configure all PVE hosts to support SMTP email services. A working SMTP server emails the NAS System Administrator all new User login credentials, SSH keys, application specific login credentials and written guidelines. A PVE host SMTP server makes NAS administration much easier. Also be alerted about unwarranted login attempts and other system critical alerts. PVE Host SMTP Server installer is available in our PVE Host Toolbox located at GitHub:\n\n -- https://github.com/ahuacate/pve-host\n' 41 | fi 42 | 43 | #---- Static Variables ------------------------------------------------------------- 44 | 45 | # List of new users 46 | NEW_USERS=usersfile 47 | # Homes folder 48 | HOSTNAME=$(hostname) 49 | HOME_BASE="/srv/$HOSTNAME/homes" 50 | 51 | #---- Other Variables -------------------------------------------------------------- 52 | 53 | # Easy Script Section Header Body Text 54 | SECTION_HEAD='PVE NAS' 55 | 56 | #---- Other Files ------------------------------------------------------------------ 57 | #---- Body ------------------------------------------------------------------------- 58 | 59 | #---- Create New Power User Accounts 60 | section "Create a New Power User Account" 61 | 62 | msg_box "#### PLEASE READ CAREFULLY - CREATING POWER USER ACCOUNTS #### 63 | $(if [ "$SMTP_STATUS" = 0 ]; then echo -e ${display_msg}; fi) 64 | Power Users are trusted persons with privileged access to data and application resources hosted on your PVE NAS. Power Users are NOT standard users! Standard users are added at a later stage. Each new Power Users security permissions are controlled by Linux groups. Group security permission levels are as follows: 65 | 66 | -- GROUP NAME -- PERMISSIONS 67 | -- 'medialab' -- Everything to do with media (i.e movies, series & music) 68 | -- 'homelab' -- Everything to do with a smart home including 'medialab' 69 | -- 'privatelab' -- Private storage including 'medialab' & 'homelab' rights 70 | 71 | A Personal Home Folder will be created for each new user. The folder name is the new users name. You can access Personal Home Folders and other shares via CIFS/Samba and NFS. 72 | 73 | Remember your PVE NAS is also pre-configured with user names specifically tasked for running hosted applications (i.e Proxmox LXC,CT,VM - Sonarr, Radarr, Lidarr). These application users names are as follows: 74 | 75 | -- GROUP NAME -- USER NAME 76 | -- 'medialab' -- /srv/CT_HOSTNAME/homes/'media' 77 | -- 'homelab' -- /srv/CT_HOSTNAME/homes/'home' 78 | -- 'privatelab' -- /srv/CT_HOSTNAME/homes/'private'" 79 | echo 80 | OPTIONS_VALUES_INPUT=( "TYPE01" "TYPE00" ) 81 | OPTIONS_LABELS_INPUT=( "Power User Account - add a new user to the system" \ 82 | "None. Exit this User account installer" ) 83 | makeselect_input2 84 | singleselect SELECTED "$OPTIONS_STRING" 85 | 86 | 87 | #---- Create New Power User Accounts 88 | if [ "$RESULTS" = TYPE01 ] 89 | then 90 | section "Create a Power User Account" 91 | 92 | # Create new user list 93 | new_user_LIST=() 94 | 95 | while true 96 | do 97 | #---- Create a new username 98 | while true 99 | do 100 | input_username_val 101 | if [ "$(egrep "^${USERNAME}" /etc/passwd > /dev/null; echo $?)" = 0 ] 102 | then 103 | warn "The user '$USERNAME' already exists." 104 | while true 105 | do 106 | read -p "Do you want to try another user name [y/n]? " -n 1 -r YN 107 | echo 108 | case $YN in 109 | [Yy]*) 110 | info "You have chosen to try another user name.\nTry again..." 111 | echo 112 | break 1 113 | ;; 114 | [Nn]*) 115 | echo 116 | break 3 117 | ;; 118 | *) 119 | warn "Error! Entry must be 'y' or 'n'. Try again..." 120 | echo 121 | ;; 122 | esac 123 | done 124 | else 125 | break 126 | fi 127 | done 128 | echo 129 | 130 | msg "Choose your new user's group member account..." 131 | OPTIONS_VALUES_INPUT=( "GRP01" "GRP02" "GRP03" ) 132 | OPTIONS_LABELS_INPUT=( "Medialab - Everything to do with media (i.e movies, series and music)" \ 133 | "Homelab - Everything to do with a smart home including medialab" \ 134 | "Privatelab - Private storage including medialab & homelab rights" ) 135 | makeselect_input2 136 | singleselect SELECTED "$OPTIONS_STRING" 137 | 138 | if [ "$RESULTS" = GRP01 ] 139 | then 140 | USERGRP='medialab' 141 | elif [ "$RESULTS" = GRP02 ] 142 | then 143 | USERGRP='homelab -G medialab' 144 | elif [ "$RESULTS" = GRP03 ] 145 | then 146 | USERGRP='privatelab -G medialab,homelab' 147 | fi 148 | 149 | # Create User password 150 | input_userpwd_val 151 | echo 152 | 153 | # Add Username, password, and group to list 154 | new_user_LIST+=( "$USERNAME $USER_PWD $USERGRP" ) 155 | 156 | # List new user details 157 | msg "Your new user details are as follows:\n" 158 | printf '%s\n' "${new_user_LIST[@]}" | sed '1 i\USERNAME PASSWORD GROUP' | column -t | indent2 159 | echo 160 | # Option to create another user account 161 | msg "Do you want to create another new jailed user account..." 162 | OPTIONS_VALUES_INPUT=( "NO" "YES" ) 163 | OPTIONS_LABELS_INPUT=( "No - I do not want to create another user account" \ 164 | "Yes - I want to create another user account" ) 165 | makeselect_input2 166 | singleselect SELECTED "$OPTIONS_STRING" 167 | if [ "$RESULTS" = YES ] 168 | then 169 | echo 170 | # break 171 | elif [ "$RESULTS" = NO ] 172 | then 173 | break 2 174 | fi 175 | done 176 | 177 | if [ ! "${#new_user_LIST[@]}" = 0 ] 178 | then 179 | # Add user to the system 180 | while read USER PASSWORD GROUP USERMOD 181 | do 182 | pass=$(perl -e 'print crypt($ARGV[0], 'password')' $PASSWORD) 183 | # User home folder pre-existing 184 | if [ -d "$HOME_BASE/$USER" ] 185 | then 186 | # Chattr set user desktop folder attributes to -a 187 | while read dir 188 | do 189 | chattr -i $HOME_BASE/$USER/$dir/.foo_protect 190 | done < <( ls $HOME_BASE/$USER ) 191 | msg "Creating new user ${USER}..." 192 | useradd -g $GROUP -p $pass $USERMOD -m -d $HOME_BASE/$USER -s /bin/bash $USER 193 | msg "Creating default home folders (xdg-user-dirs-update)..." 194 | sudo -iu $USER xdg-user-dirs-update 195 | msg "Creating SSH folder and authorised keys file for user ${USER}..." 196 | mkdir -p $HOME_BASE/$USER/.ssh 197 | touch $HOME_BASE/$USER/.ssh/authorized_keys 198 | chmod -R 0700 $HOME_BASE/$USER 199 | chown -R $USER:$GROUP $HOME_BASE/$USER 200 | ssh-keygen -o -q -t ed25519 -a 100 -f $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519 -N "" 201 | cat $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519.pub >> $HOME_BASE/$USER/.ssh/authorized_keys 202 | # Create ppk key for Putty or Filezilla or ProFTPd 203 | msg "Creating a private PPK key..." 204 | puttygen $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519 -o $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519.ppk 205 | msg "Creating a public ProFTPd RFC4716 format compliant key..." 206 | mkdir -p /etc/proftpd/authorized_keys 207 | touch /etc/proftpd/authorized_keys/${USER} 208 | ssh-keygen -e -f $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519.pub >> $HOME_BASE/$USER/.ssh/authorized_keys 209 | ssh-keygen -e -f $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519.pub >> /etc/proftpd/authorized_keys/${USER} 210 | msg "Backing up ${USER} latest SSH keys..." 211 | BACKUP_DATE=$(date +%Y%m%d-%T) 212 | mkdir -p /srv/$HOSTNAME/sshkey/${HOSTNAME}_users/${USER,,}_${BACKUP_DATE} 213 | chown -R root:privatelab /srv/$HOSTNAME/sshkey/${HOSTNAME}_users/${USER,,}_${BACKUP_DATE} 214 | chmod 0750 /srv/$HOSTNAME/sshkey/${HOSTNAME}_users/${USER,,}_${BACKUP_DATE} 215 | cp $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519* /srv/$HOSTNAME/sshkey/${HOSTNAME}_users/${USER,,}_${BACKUP_DATE}/ 216 | msg "Creating $USER smb account..." 217 | (echo ${PASSWORD}; echo ${PASSWORD} ) | smbpasswd -s -a $USER 218 | info "User $USER has been added to the system. Existing home folder found.\nUsing existing home folder." 219 | echo 220 | elif [ ! -d "$HOME_BASE/$USER" ]; then # Create new user home folder 221 | msg "Creating new user $USER..." 222 | useradd -g $GROUP -p $pass $USERMOD -m -d $HOME_BASE/$USER -s /bin/bash $USER 223 | msg "Creating default home folders (xdg-user-dirs-update)..." 224 | sudo -iu $USER xdg-user-dirs-update --force 225 | msg "Creating SSH folder and authorised keys file for user $USER..." 226 | mkdir -p $HOME_BASE/$USER/.ssh 227 | touch $HOME_BASE/$USER/.ssh/authorized_keys 228 | chmod -R 0700 $HOME_BASE/$USER 229 | chown -R $USER:$GROUP $HOME_BASE/$USER 230 | ssh-keygen -o -q -t ed25519 -a 100 -f $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519 -N "" 231 | cat $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519.pub >> $HOME_BASE/$USER/.ssh/authorized_keys 232 | # Create ppk key for Putty or Filezilla or ProFTPd 233 | msg "Creating a private PPK key..." 234 | puttygen $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519 -o $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519.ppk 235 | msg "Creating a public ProFTPd RFC4716 format compliant key..." 236 | mkdir -p /etc/proftpd/authorized_keys 237 | touch /etc/proftpd/authorized_keys/$USER 238 | ssh-keygen -e -f $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519.pub >> $HOME_BASE/$USER/.ssh/authorized_keys 239 | ssh-keygen -e -f $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519.pub >> /etc/proftpd/authorized_keys/$USER 240 | msg "Backing up ${USER} latest SSH keys..." 241 | BACKUP_DATE=$(date +%Y%m%d-%T) 242 | mkdir -p /srv/$HOSTNAME/sshkey/${HOSTNAME}_users/${USER,,}_${BACKUP_DATE} 243 | chown -R root:privatelab /srv/$HOSTNAME/sshkey/${HOSTNAME}_users/${USER,,}_${BACKUP_DATE} 244 | chmod 0750 /srv/$HOSTNAME/sshkey/${HOSTNAME}_users/${USER,,}_${BACKUP_DATE} 245 | cp $HOME_BASE/$USER/.ssh/id_${USER,,}_ed25519* /srv/$HOSTNAME/sshkey/${HOSTNAME}_users/${USER,,}_${BACKUP_DATE}/ 246 | msg "Creating ${USER} smb account..." 247 | (echo ${PASSWORD}; echo ${PASSWORD} ) | smbpasswd -s -a $USER 248 | info "User '$USER' has been added to the system." 249 | echo 250 | fi 251 | # Chattr set user desktop folder attributes to +i 252 | while read dir 253 | do 254 | touch $HOME_BASE/$USER/$dir/.foo_protect 255 | chattr +i $HOME_BASE/$USER/$dir/.foo_protect 256 | done < <( ls $HOME_BASE/$USER ) 257 | done < <( printf '%s\n' "${new_user_LIST[@]}" ) 258 | 259 | #---- Email User SSH Keys 260 | if [ "$SMTP_STATUS" = 1 ] 261 | then 262 | section "Email User Credentials & SSH keys" 263 | echo 264 | msg_box "#### PLEASE READ CAREFULLY - EMAIL NEW USER CREDENTIALS ####\n 265 | You can email a new user's login credentials and ssh keys to the NAS system administrator. The NAS system administrator can then forward the email(s) to each new user. 266 | 267 | The email will include the following information and attachments: 268 | -- Username 269 | -- Password 270 | -- User Group 271 | -- Private SSH Key (Standard) 272 | -- Private SSH Key (PPK Version) 273 | -- SMB NAS Server connection credentials 274 | -- SMB Status 275 | -- SFTP NAS connection credentials 276 | -- Account type (folder access level)" 277 | echo 278 | while true 279 | do 280 | read -p "Email new users credentials & SSH key to your systems administrator [y/n]? " -n 1 -r YN 281 | echo 282 | case $YN in 283 | [Yy]*) 284 | while read USER PASSWORD GROUP USERMOD 285 | do 286 | source $DIR/email_templates/pve_nas_ct_newuser_msg.sh 287 | msg "Sending '$USER' credentials and ssh key package to '$PVE_ROOT_EMAIL'..." 288 | sendmail -t < email_body.html 289 | info "Email sent. Check your system administrators inbox." 290 | done < <( printf '%s\n' "${new_user_LIST[@]}" ) 291 | break 292 | ;; 293 | [Nn]*) 294 | info "You have chosen to skip this step. Not sending any email(s)." 295 | echo 296 | break 297 | ;; 298 | *) 299 | warn "Error! Entry must be 'y' or 'n'. Try again..." 300 | echo 301 | ;; 302 | esac 303 | done 304 | fi 305 | echo 306 | else 307 | msg "No new users have been created." 308 | echo 309 | fi 310 | fi 311 | 312 | 313 | #---- Exit the script 314 | if [ "$RESULTS" = TYPE00 ] 315 | then 316 | msg "You have chosen not to proceed. Moving on..." 317 | echo 318 | fi 319 | 320 | #---- Finish Line ------------------------------------------------------------------ 321 | 322 | # Cleanup 323 | if [ -z "${PARENT_EXEC+x}" ] 324 | then 325 | trap cleanup EXIT 326 | fi 327 | #----------------------------------------------------------------------------------- -------------------------------------------------------------------------------- /src/ubuntu/pve_nas_ct_deleteuser.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # ---------------------------------------------------------------------------------- 3 | # Filename: pve_nas_ct_addjailuser.sh 4 | # Description: Create a new PVE NAS Jail User 5 | # ---------------------------------------------------------------------------------- 6 | 7 | #---- Bash command to run script --------------------------------------------------- 8 | 9 | # Command to run script 10 | # bash -c "$(wget -qLO - https://raw.githubusercontent.com/ahuacate/pve-nas/main/pve_nas_toolbox.sh)" 11 | 12 | #---- Source ----------------------------------------------------------------------- 13 | 14 | DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) 15 | COMMON_PVE_SRC_DIR="$DIR/../../common/pve/src" 16 | 17 | #---- Dependencies ----------------------------------------------------------------- 18 | 19 | # Run Bash Header 20 | source $COMMON_PVE_SRC_DIR/pvesource_bash_defaults.sh 21 | 22 | # Check user is root 23 | if [ ! "$(id -u)" = 0 ] 24 | then 25 | warn "This script needs to run under 'root'. Exiting in 2 seconds.\nTry again..." 26 | sleep 2 27 | exit 0 28 | fi 29 | 30 | #---- Static Variables ------------------------------------------------------------- 31 | 32 | # Easy Script Section Header Body Text 33 | SECTION_HEAD='PVE NAS' 34 | 35 | #---- Other Variables -------------------------------------------------------------- 36 | #---- Other Files ------------------------------------------------------------------ 37 | #---- Functions -------------------------------------------------------------------- 38 | 39 | # Delete a username (permanent action) 40 | function delete_username() { 41 | # Usage: delete_username "harry" "medialab" 42 | 43 | local username="$1" 44 | local group="$2" 45 | # Homes folder 46 | local HOSTNAME=$(hostname) 47 | local HOME_BASE="/srv/$HOSTNAME/homes" 48 | 49 | # Deleting existing user name 50 | while true 51 | do 52 | read -p "Also delete the user '${WHITE}$username${NC}' home folder including their files [y/n]?: " -n 1 -r YN < /dev/tty 53 | echo 54 | case $YN in 55 | [Yy]*) 56 | # Chattr set user desktop folder attributes to -i 57 | while read dir 58 | do 59 | if [ -f "$(awk -F: -v v="$username" '{if ($1==v) print $6}' /etc/passwd)/$dir/.foo_protect" ] 60 | then 61 | chattr -i $(awk -F: -v v="$username" '{if ($1==v) print $6}' /etc/passwd)/$dir/.foo_protect 62 | fi 63 | done <<< $( ls $(awk -F: -v v="$username" '{if ($1==v) print $6}' /etc/passwd) ) 64 | 65 | # Delete ProFTPd key 66 | rm -f /etc/proftpd/authorized_keys/$username 67 | 68 | # Delete SMB user 69 | smbpasswd -x $username 2>/dev/null 70 | 71 | # Delete Unix Account 72 | userdel -r $username 2>/dev/null 73 | echo 74 | break 75 | ;; 76 | [Nn]*) 77 | # Delete SMB user 78 | smbpasswd -x $username 2>/dev/null 79 | 80 | # Delete Unix Account 81 | userdel $username 2>/dev/null 82 | echo 83 | break 84 | ;; 85 | *) 86 | warn "Error! Entry must be 'y' or 'n'. Try again..." 87 | echo 88 | ;; 89 | esac 90 | done 91 | } 92 | 93 | # Delete a username (permanent action) 94 | function delete_jailed_username() { 95 | # Usage: delete_jailed_username "harry" "chrootjail" 96 | local username="$1" 97 | local group="$2" 98 | # Args 99 | local HOSTNAME=$(hostname) 100 | local CHROOT="/srv/$HOSTNAME/homes/chrootjail" 101 | local HOME_BASE="$CHROOT/homes" 102 | 103 | # Umount & remove existing user bind mounts 104 | if [[ $(grep "$HOME_BASE/$username" /etc/fstab) ]] 105 | then 106 | while read -r path 107 | do 108 | # Umount 109 | if [[ $(mount | grep $path) ]] 110 | then 111 | umount $path 2>/dev/null 112 | fi 113 | 114 | # Remove the entry from fstab 115 | escaped_path="$(echo "$path" | sed 's/\//\\\//g')" 116 | sed -i "/${escaped_path}/d" /etc/fstab 117 | done < <( grep $HOME_BASE/$username /etc/fstab | awk '{print $2}' ) # listing of bind mounts 118 | fi 119 | 120 | # Deleting user 121 | while true 122 | do 123 | read -p "Also delete user '${WHITE}$username${NC}' home folder including user files[y/n]?: " -n 1 -r YN < /dev/tty 124 | echo 125 | case $YN in 126 | [Yy]*) 127 | # Chattr set user desktop folder attributes to -i 128 | while read dir 129 | do 130 | if [ -f "$HOME_BASE/$username/$dir/.foo_protect" ] 131 | then 132 | chattr -i $HOME_BASE/$username/$dir/.foo_protect 133 | fi 134 | done < <( ls $HOME_BASE/$username ) 135 | 136 | # Delete ProFTPd key 137 | rm -f /etc/proftpd/authorized_keys/$username 138 | 139 | # Delete user 140 | userdel $username 2>/dev/null 141 | rm -R $HOME_BASE/$username 2>/dev/null 142 | sed -i "/^$username/d" $CHROOT/etc/passwd 143 | 144 | # Remove other User folders 145 | if [ -d "/srv/$HOSTNAME/downloads/user/$(echo "$username" | awk -F '_' '{print $1}')_downloads" ] 146 | then 147 | chattr -i /srv/$HOSTNAME/downloads/user/$(echo "$username" | awk -F '_' '{print $1}')_downloads/.foo_protect 148 | rm -R /srv/$HOSTNAME/downloads/user/$(echo "$username" | awk -F '_' '{print $1}')_downloads 149 | fi 150 | if [ -d "/srv/$HOSTNAME/photo/$(echo "$username" | awk -F '_' '{print $1}')_photo" ] 151 | then 152 | chattr -i /srv/$HOSTNAME/photo/$(echo "$username" | awk -F '_' '{print $1}')_photo/.foo_protect 153 | rm -R /srv/$HOSTNAME/photo/$(echo "$username" | awk -F '_' '{print $1}')_photo 154 | fi 155 | if [ -d "/srv/$HOSTNAME/video/homevideo/$(echo "$username" | awk -F '_' '{print $1}')_homevideo" ] 156 | then 157 | chattr -i /srv/$HOSTNAME/video/homevideo/$(echo "$username" | awk -F '_' '{print $1}')_homevideo/.foo_protect 158 | rm -R /srv/$HOSTNAME/video/homevideo/$(echo "$username" | awk -F '_' '{print $1}')_homevideo 159 | fi 160 | echo 161 | break 162 | ;; 163 | [Nn]*) 164 | # Delete user 165 | userdel $username 2>/dev/null 166 | sed -i "/^$username/d" $CHROOT/etc/passwd 167 | echo 168 | break 169 | ;; 170 | *) 171 | warn "Error! Entry must be 'y' or 'n'. Try again..." 172 | echo 173 | ;; 174 | esac 175 | done 176 | } 177 | 178 | #---- Body ------------------------------------------------------------------------- 179 | 180 | #---- Prerequisites 181 | 182 | # Create user list 183 | user_LIST=() 184 | # user_LIST+=( $(cat /etc/passwd | egrep "^*injail\:" | awk -F':' 'BEGIN{OFS=FS} {if ($4 ~ /65608/) ($4="chrootjail"); print $1, $4 }') ) 185 | user_LIST+=( $(cat /etc/passwd | awk -F':' 'BEGIN{OFS=FS} {if ($4 ~ /65605|65606|65607|65608/ && $3 !~ /1605|1606|1607/ ) {print $1, $4}}' | awk -F':' '{if ($2 == "65605") $2="medialab"; else if ($2 == "65606") $2="homelab"; else if ($2 == "65607") $2="privatelab"; else if ($2 == "65608") $2="chrootjail"; print $1":"$2}') ) 186 | 187 | # Check if users exist for deletion 188 | if [ "${#user_LIST[@]}" = 0 ] 189 | then 190 | warn "There are no valid users for deletion. This script can only delete users who are members of medialab, homelab, privatelab and chrootjail groups. Users which belong to other groups can be deleted using the NAS Webmin webGUI. Bye.." 191 | echo 192 | exit 0 193 | fi 194 | 195 | #---- Select user for deletion 196 | 197 | section "$SECTION_HEAD - Select the users for deletion" 198 | 199 | msg_box "#### PLEASE READ CAREFULLY - USER ACCOUNT DELETION ####\n 200 | Select any number of users you want to permanently delete. The User will be prompted with the option to keep or remove each selected users home folder and their private files. If you choose to delete a user and their home folder all personal files will be permanently lost and not recoverable." 201 | echo 202 | OPTIONS_VALUES_INPUT=$(printf '%s\n' "${user_LIST[@]}" | sed -e '$aTYPE00') 203 | OPTIONS_LABELS_INPUT=$(printf '%s\n' "${user_LIST[@]}" | awk -F':' '{ print "User name: "$1, "| Member of user group: "$2; }' | sed -e '$aNone. Exit this installer') 204 | makeselect_input1 "$OPTIONS_VALUES_INPUT" "$OPTIONS_LABELS_INPUT" 205 | multiselect SELECTED "$OPTIONS_STRING" 206 | 207 | # Abort option 208 | if [ "$RESULTS" = 'TYPE00' ] || [ -z ${RESULTS} ] 209 | then 210 | msg "You have chosen not to proceed. Aborting. Bye..." 211 | echo 212 | exit 0 213 | fi 214 | 215 | #---- Delete the user 216 | 217 | # Delete each selected username 218 | while IFS=':' read username group 219 | do 220 | # Run delete function 221 | if [[ "$group" =~ ^chrootjail$ ]] 222 | then 223 | # Delete Chrootjail user 224 | delete_jailed_username "$username" "$group" 225 | elif [[ "$group" =~ ^(privatelab|homelab|medialab)$ ]] 226 | then 227 | # Delete standard user 228 | delete_username "$username" "$group" 229 | fi 230 | done < <( printf '%s\n' "${RESULTS[@]}" ) 231 | #----------------------------------------------------------------------------------- 232 | -------------------------------------------------------------------------------- /src/ubuntu/pve_nas_ct_nas_chrootapplist: -------------------------------------------------------------------------------- 1 | /bin/bash 2 | /bin/rm 3 | /bin/ls 4 | /bin/cat 5 | /bin/echo 6 | /bin/cp 7 | /bin/mkdir 8 | /bin/nano 9 | /bin/mv 10 | /bin/touch 11 | /bin/date 12 | /usr/bin/rsync 13 | -------------------------------------------------------------------------------- /src/ubuntu/pve_nas_ct_nas_installer.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # ---------------------------------------------------------------------------------- 3 | # Filename: pve_nas_ct_ubuntu_installer.sh 4 | # Description: This script is for creating a PVE Ubuntu based NAS 5 | # ---------------------------------------------------------------------------------- 6 | 7 | #---- Bash command to run script --------------------------------------------------- 8 | 9 | #---- Source Github 10 | # bash -c "$(wget -qLO - https://raw.githubusercontent.com/ahuacate/pve-nas/main/pve_nas_installer.sh)" 11 | 12 | #---- Source local Git 13 | # /mnt/pve/nas-01-git/ahuacate/pve-nas/pve_nas_installer.sh 14 | 15 | #---- Source ----------------------------------------------------------------------- 16 | #---- Dependencies ----------------------------------------------------------------- 17 | 18 | # Check SMTP Status 19 | check_smtp_status 20 | 21 | # Check PVE host subid mapping 22 | check_host_subid 23 | 24 | #---- Static Variables ------------------------------------------------------------- 25 | 26 | # Easy Script Section Head 27 | SECTION_HEAD='PVE Ubuntu NAS' 28 | 29 | # PVE host IP 30 | PVE_HOST_IP=$(hostname -i) 31 | PVE_HOSTNAME=$(hostname) 32 | 33 | # SSHd Status (0 is enabled, 1 is disabled) 34 | SSH_ENABLE=1 35 | 36 | # Developer enable git mounts inside CT (0 is enabled, 1 is disabled) 37 | DEV_GIT_MOUNT_ENABLE=1 38 | 39 | # Set file source (path/filename) of preset variables for 'pvesource_ct_createvm.sh' 40 | PRESET_VAR_SRC="$( dirname "${BASH_SOURCE[0]}" )/$( basename "${BASH_SOURCE[0]}" )" 41 | 42 | #---- Other Variables -------------------------------------------------------------- 43 | 44 | #---- Common Machine Variables 45 | # VM Type ( 'ct' or 'vm' only lowercase ) 46 | #VM_TYPE='' Set at NAS type selection 47 | # Use DHCP. '0' to disable, '1' to enable. 48 | NET_DHCP='1' 49 | # Set address type 'dhcp4'/'dhcp6' or '0' to disable. 50 | NET_DHCP_TYPE='dhcp4' 51 | # CIDR IPv4 52 | CIDR='24' 53 | # CIDR IPv6 54 | CIDR6='64' 55 | # SSHd Port 56 | SSH_PORT='22' 57 | 58 | #----[COMMON_GENERAL_OPTIONS] 59 | # Hostname 60 | HOSTNAME='nas-01' 61 | # Description for the Container (one word only, no spaces). Shown in the web-interface CT’s summary. 62 | DESCRIPTION='' 63 | # Virtual OS/processor architecture. 64 | ARCH='amd64' 65 | # Allocated memory or RAM (MiB). 66 | MEMORY='512' 67 | # Limit number of CPU sockets to use. Value 0 indicates no CPU limit. 68 | CPULIMIT='0' 69 | # CPU weight for a VM. Argument is used in the kernel fair scheduler. The larger the number is, the more CPU time this VM gets. 70 | CPUUNITS='1024' 71 | # The number of cores assigned to the vm/ct. Do not edit - its auto set. 72 | CORES='1' 73 | 74 | #----[COMMON_NET_OPTIONS] 75 | # Bridge to attach the network device to. 76 | BRIDGE='vmbr0' 77 | # A common MAC address with the I/G (Individual/Group) bit not set. 78 | HWADDR="" 79 | # Controls whether this interface’s firewall rules should be used. 80 | FIREWALL='1' 81 | # VLAN tag for this interface (value 0 for none, or VLAN[2-N] to enable). 82 | TAG='0' 83 | # VLAN ids to pass through the interface 84 | TRUNKS="" 85 | # Apply rate limiting to the interface (MB/s). Value "" for unlimited. 86 | RATE="" 87 | # MTU - Maximum transfer unit of the interface. 88 | MTU="" 89 | 90 | #----[COMMON_NET_DNS_OPTIONS] 91 | # Nameserver server IP (IPv4 or IPv6) (value "" for none). 92 | NAMESERVER='192.168.1.5' 93 | # Search domain name (local domain) 94 | SEARCHDOMAIN='local' 95 | 96 | #----[COMMON_NET_STATIC_OPTIONS] 97 | # IP address (IPv4). Only works with static IP (DHCP=0). 98 | IP='192.168.1.10' 99 | # IP address (IPv6). Only works with static IP (DHCP=0). 100 | IP6='' 101 | # Default gateway for traffic (IPv4). Only works with static IP (DHCP=0). 102 | GW='192.168.1.5' 103 | # Default gateway for traffic (IPv6). Only works with static IP (DHCP=0). 104 | GW6='' 105 | 106 | #---- PVE CT 107 | #----[CT_GENERAL_OPTIONS] 108 | # Unprivileged container. '0' to disable, '1' to enable/yes. 109 | CT_UNPRIVILEGED='0' 110 | # Memory swap 111 | CT_SWAP='512' 112 | # OS 113 | CT_OSTYPE='ubuntu' 114 | # Onboot startup 115 | CT_ONBOOT='1' 116 | # Timezone 117 | CT_TIMEZONE='host' 118 | # Root credentials 119 | CT_PASSWORD='ahuacate' 120 | # Virtual OS/processor architecture. 121 | CT_ARCH='amd64' 122 | 123 | #----[CT_FEATURES_OPTIONS] 124 | # Allow using fuse file systems in a container. 125 | CT_FUSE='0' 126 | # For unprivileged containers only: Allow the use of the keyctl() system call. 127 | CT_KEYCTL='0' 128 | # Allow mounting file systems of specific types. (Use 'nfs' or 'cifs' or 'nfs;cifs' for both or leave empty "") 129 | CT_MOUNT='nfs' 130 | # Allow nesting. Best used with unprivileged containers with additional id mapping. 131 | CT_NESTING='1' 132 | # A public key for connecting to the root account over SSH (insert path). 133 | 134 | #----[CT_ROOTFS_OPTIONS] 135 | # Virtual Disk Size (GB). 136 | CT_SIZE='5' 137 | # Explicitly enable or disable ACL support. 138 | CT_ACL='1' 139 | 140 | #----[CT_STARTUP_OPTIONS] 141 | # Startup and shutdown behavior ( '--startup order=1,up=1,down=1' ). 142 | # Order is a non-negative number defining the general startup order. Up=1 means first to start up. Shutdown in done with reverse ordering so down=1 means last to shutdown. 143 | # Up: Startup delay. Defines the interval between this container start and subsequent containers starts. For example, set it to 240 if you want to wait 240 seconds before starting other containers. 144 | # Down: Shutdown timeout. Defines the duration in seconds Proxmox VE should wait for the container to be offline after issuing a shutdown command. By default this value is set to 60, which means that Proxmox VE will issue a shutdown request, wait 60s for the machine to be offline, and if after 60s the machine is still online will notify that the shutdown action failed. 145 | CT_ORDER='1' 146 | CT_UP='30' 147 | CT_DOWN='60' 148 | 149 | #----[CT_NET_OPTIONS] 150 | # Name of the network device as seen from inside the VM/CT. 151 | CT_NAME='eth0' 152 | CT_TYPE='veth' 153 | 154 | #----[CT_OTHER] 155 | # OS Version 156 | CT_OSVERSION='22.04' 157 | # CTID numeric ID of the given container. 158 | CTID='112' 159 | 160 | 161 | #----[App_UID_GUID] 162 | # App user 163 | APP_USERNAME='root' 164 | # App user group 165 | APP_GRPNAME='root' 166 | 167 | #----[REPO_PKG_NAME] 168 | # Repo package name 169 | REPO_PKG_NAME='pve-nas' 170 | 171 | #---- Other Files ------------------------------------------------------------------ 172 | 173 | # Required PVESM Storage Mounts for CT ( new version ) 174 | unset pvesm_required_LIST 175 | pvesm_required_LIST=() 176 | while IFS= read -r line; do 177 | [[ "$line" =~ ^\#.*$ ]] && continue 178 | pvesm_required_LIST+=( "$line" ) 179 | done << EOF 180 | # Example 181 | # backup:CT settings backup storage 182 | EOF 183 | 184 | #---- Functions -------------------------------------------------------------------- 185 | #---- Body ------------------------------------------------------------------------- 186 | 187 | #---- Introduction 188 | source $COMMON_PVE_SRC_DIR/pvesource_ct_intro.sh 189 | 190 | #---- Check SMTP status 191 | if [ "$SMTP_STATUS" = 0 ] 192 | then 193 | # Options if SMTP is inactive 194 | display_msg='Before proceeding with this installer we RECOMMEND you first configure all PVE hosts to support SMTP email services. A working SMTP server emails the NAS System Administrator all new User login credentials, SSH keys, application specific login credentials and written guidelines. A PVE host SMTP server makes NAS administration much easier. Also be alerted about unwarranted login attempts and other system critical alerts. PVE Host SMTP Server installer is available in our PVE Host Toolbox located at GitHub:\n\n -- https://github.com/ahuacate/pve-host' 195 | 196 | msg_box "#### PLEASE READ CAREFULLY ####\n\n$(echo ${display_msg})" 197 | echo 198 | msg "Select your options..." 199 | OPTIONS_VALUES_INPUT=( "TYPE01" "TYPE02" "TYPE00" ) 200 | OPTIONS_LABELS_INPUT=( "Agree - Install PVE host SMTP email support" \ 201 | "Decline - Proceed without SMTP email support" \ 202 | "None. Exit this installer" ) 203 | makeselect_input2 204 | singleselect SELECTED "$OPTIONS_STRING" 205 | 206 | if [ "$RESULTS" = 'TYPE01' ] 207 | then 208 | # Exit and install SMTP 209 | msg "Go to our Github site and run our PVE Host Toolbox selecting our 'SMTP Email Setup' option:\n\n -- https://github.com/ahuacate/pve-host\n\nRe-run the NAS installer after your have configured '$(hostname)' SMTP email support. Bye..." 210 | echo 211 | exit 0 212 | elif [ "$RESULTS" = 'TYPE02' ] 213 | then 214 | # Proceed without SMTP email support 215 | msg "You have chosen to proceed without SMTP email support. You can always manually configure Postfix SMTP services at a later stage." 216 | echo 217 | elif [ "$RESULTS" = 'TYPE00' ] 218 | then 219 | msg "You have chosen not to proceed. Aborting. Bye..." 220 | echo 221 | exit 0 222 | fi 223 | fi 224 | 225 | 226 | #---- Exit selection 227 | if [ "$TYPE" = TYPE01 ] 228 | then 229 | msg "Sorry. Your selected option is not available. Try again. Bye..." 230 | echo 231 | return 232 | elif [ "$TYPE" = TYPE00 ] 233 | then 234 | msg "You have chosen not to proceed. Aborting. Bye..." 235 | echo 236 | exit 0 237 | fi 238 | 239 | 240 | #---- Setup PVE CT Variables 241 | 242 | # VM Type ( 'ct' or 'vm' only lowercase ) 243 | VM_TYPE='ct' 244 | # Ubuntu NAS (all) 245 | source $COMMON_PVE_SRC_DIR/pvesource_set_allvmvars.sh 246 | 247 | 248 | #---- Prepare disk storage 249 | 250 | # Ubuntu NAS (PVE LVM/ZFS/Basic) 251 | # source $SHARED_DIR/pve_nas_identify_storagedisk.sh 252 | source $SHARED_DIR/pve_nas_select_fs_build.sh 253 | 254 | 255 | #---- Setup PVE CT Variables 256 | source $COMMON_PVE_SRC_DIR/pvesource_ct_createvm.sh 257 | 258 | 259 | #---- Pre-Configuring PVE CT 260 | # Create CT Bind Mounts 261 | source $COMMON_PVE_SRC_DIR/pvesource_ct_createbindmounts.sh 262 | 263 | # Create LXC Mount Points 264 | section "Create NAS CT mount point to host storage pool" 265 | 266 | # Add LXC mount points 267 | if [ -f pvesm_input_list ] && [ "$(cat pvesm_input_list | wc -l)" -ge 1 ] 268 | then 269 | msg "Creating NAS CT mount points..." 270 | i=$(cat pvesm_input_list | wc -l) 271 | pct set $CTID -mp${i} ${PVE_SRC_MNT},mp=/srv/${HOSTNAME},acl=1 >/dev/null 272 | # pct set $CTID -mp${i} /${POOL}/${HOSTNAME},mp=/srv/${HOSTNAME},acl=1 >/dev/null 273 | info "CT $CTID mount point created: ${YELLOW}/srv/${HOSTNAME}${NC}" 274 | echo 275 | else 276 | pct set $CTID -mp0 ${PVE_SRC_MNT},mp=/srv/${HOSTNAME},acl=1 >/dev/null 277 | # pct set $CTID -mp0 /${POOL}/${HOSTNAME},mp=/srv/${HOSTNAME},acl=1 >/dev/null 278 | info "CT $CTID mount point created: ${YELLOW}/srv/${HOSTNAME}${NC}" 279 | echo 280 | fi 281 | 282 | #---- Configure New CT OS 283 | source $COMMON_PVE_SRC_DIR/pvesource_ct_ubuntubasics.sh 284 | 285 | 286 | #---- PVE NAS ---------------------------------------------------------------------- 287 | 288 | #---- PVE NAS build 289 | 290 | # Set DIR Schema ( PVE host or CT mkdir ) 291 | if [ "$(uname -a | grep -Ei --color=never '.*pve*' &> /dev/null; echo $?)" = 0 ] 292 | then 293 | DIR_SCHEMA="$PVE_SRC_MNT" 294 | # DIR_SCHEMA="/${POOL}/${HOSTNAME}" 295 | else 296 | # Select or input a storage path ( set DIR_SCHEMA ) 297 | source $COMMON_DIR/nas/src/nas_identify_storagepath.sh 298 | fi 299 | 300 | #---- Create default base and sub folders 301 | source $COMMON_DIR/nas/src/nas_basefoldersetup.sh 302 | # Create temporary files of lists 303 | printf "%s\n" "${nas_subfolder_LIST[@]}" > nas_basefoldersubfolderlist 304 | printf '%s\n' "${nas_basefolder_LIST[@]}" > nas_basefolderlist 305 | printf '%s\n' "${nas_basefolder_extra_LIST[@]}" > nas_basefolderlist_extra 306 | 307 | #---- Configure PVE NAS Ubuntu CT 308 | section "Configure PVE NAS Ubuntu CT" 309 | 310 | # Start container 311 | msg "Starting NAS CT..." 312 | pct_start_waitloop 313 | 314 | # Pushing variables to NAS CT 315 | msg "Pushing variables and conf to NAS CT..." 316 | printf "%b\n" '#!/usr/bin/env bash' \ 317 | "POOL='${POOL}'" \ 318 | "HOSTNAME='${HOSTNAME}'" \ 319 | "SECTION_HEAD='${SECTION_HEAD}'" \ 320 | "XTRA_SHARES='${XTRA_SHARES}'" \ 321 | "SSH_PORT='22'" \ 322 | "PVE_HOST_IP='${PVE_HOST_IP}'" \ 323 | "DIR_SCHEMA='/srv/${HOSTNAME}'" \ 324 | "GIT_REPO='${GIT_REPO}'" \ 325 | "APP_NAME='nas'" \ 326 | "PVE_HOSTNAME='${PVE_HOSTNAME}'" > $TEMP_DIR/pve_nas_ct_variables.sh 327 | pct push $CTID $TEMP_DIR/pve_nas_ct_variables.sh /tmp/pve_nas_ct_variables.sh -perms 755 328 | # Share folder lists 329 | pct push $CTID $TEMP_DIR/nas_basefolderlist /tmp/nas_basefolderlist 330 | pct push $CTID $TEMP_DIR/nas_basefoldersubfolderlist /tmp/nas_basefoldersubfolderlist 331 | pct push $CTID $TEMP_DIR/nas_basefolderlist_extra /tmp/nas_basefolderlist_extra 332 | 333 | # Pushing PVE-nas setup scripts to NAS CT 334 | msg "Pushing NAS configuration scripts to NAS CT..." 335 | pct push $CTID /tmp/${GIT_REPO}.tar.gz /tmp/${GIT_REPO}.tar.gz 336 | pct exec $CTID -- tar -zxf /tmp/${GIT_REPO}.tar.gz -C /tmp 337 | echo 338 | 339 | #---- Start NAS setup script 340 | pct exec $CTID -- bash -c "/tmp/pve-nas/src/ubuntu/pve-nas_sw.sh" 341 | 342 | #---- Install and Configure Fail2ban 343 | pct exec $CTID -- bash -c "export SSH_PORT=\$(grep Port /etc/ssh/sshd_config | sed '/^#/d' | awk '{ print \$2 }') && /tmp/pve-nas/common/pve/src/pvesource_ct_ubuntu_installfail2ban.sh" 344 | 345 | #---- Install and Configure SSMTP Email Alerts 346 | source $COMMON_PVE_SRC_DIR/pvesource_install_postfix_client.sh 347 | 348 | 349 | #---- Finish Line ------------------------------------------------------------------ 350 | 351 | section "Completion Status" 352 | 353 | # Interface 354 | interface=$(pct exec $CTID -- ip route ls | grep default | grep -Po '(?<=dev )(\S+)') 355 | # Get IP type (ip -4 addr show eth0 ) 356 | if [[ "$(pct exec $CTID -- ip addr show $interface | grep -q dynamic > /dev/null; echo $?)" = 0 ]] 357 | then 358 | ip_type='dhcp - best use dhcp IP reservation' 359 | else 360 | ip_type='static IP' 361 | fi 362 | 363 | #---- Set display text 364 | # Check Webmin/Cockpit Status 365 | if [[ $(pct exec $CTID -- dpkg -s webmin 2> /dev/null) ]] 366 | then 367 | # Webmin port 368 | port=10000 369 | # Webmin access URL 370 | display_msg1=( "https://$(pct exec $CTID -- hostname).$(pct exec $CTID -- hostname -d):$port/" ) 371 | display_msg1+=( "https://$(pct exec $CTID -- hostname -I | sed -r 's/\s+//g'):$port/ ($ip_type)" ) 372 | # Set webgui 373 | webgui_type=webmin 374 | elif [[ $(pct exec $CTID -- dpkg -s cockpit 2> /dev/null) ]] 375 | then 376 | # Cockpit port 377 | port=9090 378 | # Cockpit access URL 379 | display_msg1=( "https://$(pct exec $CTID -- hostname).$(pct exec $CTID -- hostname -d):$port/" ) 380 | display_msg1+=( "https://$(pct exec $CTID -- hostname -I | sed -r 's/\s+//g'):$port/ ($ip_type)" ) 381 | # Set webgui 382 | webgui_type=cockpit 383 | fi 384 | 385 | # Check Fail2ban Status 386 | if [[ $(pct exec $CTID -- dpkg -s fail2ban 2> /dev/null) ]] 387 | then 388 | display_msg2=( "Fail2ban SW:installed" ) 389 | else 390 | display_msg2=( "Fail2ban SW:not installed" ) 391 | fi 392 | # Check SMTP Mailserver Status 393 | if [ "$(pct exec $CTID -- bash -c 'if [ -f /etc/postfix/main.cf ]; then grep --color=never -Po "^ahuacate_smtp=\K.*" "/etc/postfix/main.cf" || true; else echo 0; fi')" = 1 ] 394 | then 395 | display_msg2+=( "SMTP Mail Server:installed" ) 396 | else 397 | display_msg2+=( "SMTP Mail Server:not installed ( recommended install )" ) 398 | fi 399 | # Check ProFTPd Status 400 | if [[ $(pct exec $CTID -- dpkg -s proftpd-core 2> /dev/null) ]] 401 | then 402 | display_msg2+=( "ProFTPd Server:installed" ) 403 | else 404 | display_msg2+=( "ProFTPd Server:not installed" ) 405 | fi 406 | # Upgrade NAS 407 | display_msg2+=( "Upgrade NAS OS:OS updates, releases, software packages and patches" ) 408 | # Add ZFS Cache 409 | display_msg2+=( "Add ZFS Cache:ARC/L2ARC cache and ZIL log using SSD/NVMe" ) 410 | # User Management 411 | display_msg3=( "Power User Accounts:For all privatelab, homelab or medialab accounts" ) 412 | display_msg3+=( "Jailed User Accounts:For all jailed and restricted user accounts" ) 413 | # File server login 414 | x='\\\\' 415 | display_msg4=( "$x${HOSTNAME}.$(hostname -d)\:" ) 416 | display_msg4+=( "$x$(pct exec $CTID -- hostname -I | sed -r 's/\s+//g')\: (${ip_type})" ) 417 | 418 | # Display msg 419 | msg_box "${HOSTNAME^^} installation was a success.\n\nTo manage your new Ubuntu NAS use ${webgui_type^} (a Linux web management tool). ${webgui_type^} login credentials are user 'root' and password '$CT_PASSWORD'. You can change your 'root' password using the ${webgui_type^} WebGUI.\n\n$(printf '%s\n' "${display_msg1[@]}" | indent2)\n\nUse our 'Easy Script Toolbox' to install add-ons and perform other tasks. More information is available here: https://github.com/ahuacate/pve-nas\n\n$(printf '%s\n' "${display_msg2[@]}" | column -s ":" -t -N "APPLICATION,STATUS" | indent2)\n\nAlso use our 'Easy Scripts Toolbox' to create or delete NAS user accounts.\n\n$(printf '%s\n' "${display_msg3[@]}" | column -s ":" -t -N "USER ACCOUNT TYPE,DESCRIPTION" | indent2)\n\nTo access ${HOSTNAME^^} files use SMB.\n\n$(printf '%s\n' "${display_msg4[@]}" | column -s ":" -t -N "SMB NETWORK ADDRESS" | indent2)\n\nNFSv4 is enabled and ready for creating PVE host storage mounts.\n\n${HOSTNAME^^} will now reboot." 420 | #----------------------------------------------------------------------------------- -------------------------------------------------------------------------------- /src/ubuntu/pve_nas_ct_nas_toolbox.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # ---------------------------------------------------------------------------------- 3 | # Filename: pve_nas_toolbox.sh 4 | # Description: Installer script for Proxmox Ubuntu NAS administration toolbox & Add-Ons 5 | # ---------------------------------------------------------------------------------- 6 | #---- Source ----------------------------------------------------------------------- 7 | #---- Dependencies ----------------------------------------------------------------- 8 | #---- Static Variables ------------------------------------------------------------- 9 | #---- Other Variables -------------------------------------------------------------- 10 | #---- Other Files ------------------------------------------------------------------ 11 | #---- Body ------------------------------------------------------------------------- 12 | 13 | #---- Prerequisites 14 | # Check SMTP status 15 | check_smtp_status 16 | 17 | if [ "$SMTP_STATUS" = 0 ] 18 | then 19 | # Options if SMTP is inactive 20 | display_msg='Before proceeding with this installer we RECOMMEND you first configure all PVE hosts to support SMTP email services. A working SMTP server emails the NAS System Administrator all new User login credentials, SSH keys, application specific login credentials and written guidelines. A PVE host SMTP server makes NAS administration much easier. Also be alerted about unwarranted login attempts and other system critical alerts. PVE Host SMTP Server installer is available in our PVE Host Toolbox located at GitHub:\n\n -- https://github.com/ahuacate/pve-host' 21 | 22 | msg_box "#### PLEASE READ CAREFULLY ####\n\n$(echo ${display_msg})" 23 | echo 24 | msg "Select your options..." 25 | OPTIONS_VALUES_INPUT=( "TYPE01" "TYPE02" "TYPE00" ) 26 | OPTIONS_LABELS_INPUT=( "Agree - Install PVE host SMTP email support" \ 27 | "Decline - Proceed without SMTP email support" \ 28 | "None. Exit this installer" ) 29 | makeselect_input2 30 | singleselect SELECTED "$OPTIONS_STRING" 31 | 32 | if [ "$RESULTS" = 'TYPE01' ] 33 | then 34 | # Exit and install SMTP 35 | msg "Go to our Github site and run our PVE Host Toolbox selecting our 'SMTP Email Setup' option:\n\n -- https://github.com/ahuacate/pve-host\n\nRe-run the NAS installer after your have configured '$(hostname)' SMTP email support. Bye..." 36 | echo 37 | exit 0 38 | elif [ "$RESULTS" = 'TYPE02' ] 39 | then 40 | # Proceed without SMTP email support 41 | msg "You have chosen to proceed without SMTP email support. You can always manually configure Postfix SMTP services at a later stage." 42 | echo 43 | elif [ "$RESULTS" = 'TYPE00' ] 44 | then 45 | msg "You have chosen not to proceed. Aborting. Bye..." 46 | echo 47 | exit 0 48 | fi 49 | fi 50 | 51 | # Pushing PVE-nas setup scripts to NAS CT 52 | msg "Pushing NAS configuration scripts to NAS CT..." 53 | pct push $CTID $REPO_TEMP/${GIT_REPO}.tar.gz /tmp/${GIT_REPO}.tar.gz 54 | pct exec $CTID -- tar -zxf /tmp/${GIT_REPO}.tar.gz -C /tmp 55 | echo 56 | 57 | 58 | #---- Run Installer 59 | section "Select a Ubuntu NAS toolbox option" 60 | OPTIONS_VALUES_INPUT=( "TYPE01" "TYPE02" "TYPE03" "TYPE04" "TYPE05" "TYPE06" "TYPE07" "TYPE08" "TYPE09" "TYPE00" ) 61 | OPTIONS_LABELS_INPUT=( "Power User Account - add a new user to the system" \ 62 | "Jailed User Account - add a new user to the system" \ 63 | "Delete Users - delete any user account (option to users keep home folder)" \ 64 | "Upgrade NAS OS - software packages, OS and patches" \ 65 | "Install Fail2Ban $(if [ "$(pct exec $CTID -- dpkg -s fail2ban >/dev/null 2>&1; echo $?)" = 0 ]; then echo "( installed & active )"; else echo "( not installed )"; fi)" \ 66 | "Install SMTP Email Support $(if [ "$(pct exec $CTID -- bash -c 'if [ -f /etc/postfix/main.cf ]; then grep --color=never -Po "^ahuacate_smtp=\K.*" "/etc/postfix/main.cf" || true; else echo 0; fi')" = 1 ]; then echo "( installed & active )"; else echo "( not installed - recommended installation )"; fi)" \ 67 | "Install ProFTPd Server $(if [ "$(pct exec $CTID -- dpkg -s proftpd-core >/dev/null 2>&1; echo $?)" = 0 ]; then echo "( installed & active )"; else echo "( not installed )"; fi)" \ 68 | "Add ZFS Cache - create ARC/L2ARC/ZIL cache with dedicated SSD/NVMe drives" \ 69 | "Restore & update default storage - reset default dirs, permissions and ACLs" \ 70 | "None. Exit this installer" ) 71 | makeselect_input2 72 | singleselect SELECTED "$OPTIONS_STRING" 73 | 74 | if [ "$RESULTS" = TYPE01 ] 75 | then 76 | #---- Check for SMTP support 77 | if [ "$SMTP_STATUS" = 1 ] 78 | then 79 | # PVE SMTP supported, check NAS 80 | if [ ! "$(pct exec $CTID -- bash -c 'if [ -f /etc/postfix/main.cf ]; then grep --color=never -Po "^ahuacate_smtp=\K.*" "/etc/postfix/main.cf" || true; else echo 0; fi')" = 1 ] 81 | then 82 | # Install and Configure SMTP Email on NAS 83 | source $REPO_TEMP/$GIT_REPO/common/pve/src/pvesource_install_postfix_client.sh 84 | fi 85 | fi 86 | #---- Create New Power User Accounts 87 | pct exec $CTID -- bash -c "export PVE_ROOT_EMAIL=$(pveum user list | awk -F " │ " '$1 ~ /root@pam/' | awk -F " │ " '{ print $3 }') && /tmp/$GIT_REPO/src/ubuntu/pve_nas_ct_addpoweruser.sh" 88 | elif [ "$RESULTS" = TYPE02 ] 89 | then 90 | #---- Check for SMTP support 91 | if [ "$SMTP_STATUS" = 1 ] 92 | then 93 | # PVE SMTP supported, check NAS 94 | if [ ! "$(pct exec $CTID -- bash -c 'if [ -f /etc/postfix/main.cf ]; then grep --color=never -Po "^ahuacate_smtp=\K.*" "/etc/postfix/main.cf" || true; else echo 0; fi')" = 1 ] 95 | then 96 | # Install and Configure SMTP Email on NAS 97 | source $REPO_TEMP/$GIT_REPO/common/pve/src/pvesource_install_postfix_client.sh 98 | fi 99 | fi 100 | #---- Create New Jailed User Accounts 101 | pct exec $CTID -- bash -c "export PVE_ROOT_EMAIL=$(pveum user list | awk -F " │ " '$1 ~ /root@pam/' | awk -F " │ " '{ print $3 }') && /tmp/$GIT_REPO/src/ubuntu/pve_nas_ct_addjailuser.sh" 102 | elif [ "$RESULTS" = TYPE03 ] 103 | then 104 | #---- Delete a User Account 105 | pct exec $CTID -- bash -c "/tmp/$GIT_REPO/src/ubuntu/pve_nas_ct_deleteuser.sh" 106 | elif [ "$RESULTS" = TYPE04 ] 107 | then 108 | #---- Perform a NAS upgrade 109 | pct exec $CTID -- bash -c "/tmp/$GIT_REPO/common/pve/tool/pvetool_ct_ubuntu_versionupdater.sh" 110 | elif [ "$RESULTS" = TYPE05 ]; then 111 | #---- Install and Configure Fail2ban 112 | pct exec $CTID -- bash -c "export SSH_PORT=\$(grep Port /etc/ssh/sshd_config | sed '/^#/d' | awk '{ print \$2 }') && /tmp/$GIT_REPO/common/pve/src/pvesource_ct_ubuntu_installfail2ban.sh" 113 | elif [ "$RESULTS" = TYPE06 ] 114 | then 115 | #---- Install and Configure SMTP Email 116 | source $REPO_TEMP/$GIT_REPO/common/pve/src/pvesource_install_postfix_client.sh 117 | elif [ "$RESULTS" = TYPE07 ] 118 | then 119 | #---- Install and Configure ProFTPd 120 | # Check if ProFTPd is installed 121 | if [ ! "$(pct exec $CTID -- dpkg -s proftpd-core >/dev/null 2>&1; echo $?)" = 0 ] 122 | then 123 | pct exec $CTID -- bash -c "/tmp/$GIT_REPO/common/pve/src/pvesource_ct_ubuntu_installproftpd.sh" 124 | else 125 | msg "ProFTPd is already installed..." 126 | fi 127 | pct exec $CTID -- bash -c "/tmp/$GIT_REPO/src/ubuntu/proftpd_settings/pve_nas_ct_proftpdsettings.sh" 128 | elif [ "$RESULTS" = TYPE08 ] 129 | then 130 | #---- Setup ZFS Cache 131 | source $REPO_TEMP/pve-nas/shared/pve_nas_create_zfs_cacheaddon.sh 132 | elif [ "$RESULTS" = TYPE09 ] 133 | then 134 | #---- Restore, update default storage folder permissions 135 | pct exec $CTID -- bash -c "/tmp/$GIT_REPO/src/ubuntu/pve_nas_ct_restoredirperm.sh" 136 | elif [ "$RESULTS" = TYPE00 ] 137 | then 138 | # Exit installation 139 | msg "You have chosen not to proceed. Aborting. Bye..." 140 | echo 141 | sleep 1 142 | fi 143 | 144 | #---- Finish Line ------------------------------------------------------------------ 145 | 146 | # section "Completion Status" 147 | 148 | # msg "Success. Task complete." 149 | # echo 150 | 151 | #---- Cleanup 152 | # Clean up CT tmp files 153 | pct exec $CTID -- bash -c "rm -R /tmp/${GIT_REPO} &> /dev/null; rm /tmp/${GIT_REPO}.tar.gz &> /dev/null" 154 | #----------------------------------------------------------------------------------- -------------------------------------------------------------------------------- /src/ubuntu/pve_nas_ct_restoredirperm.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # ---------------------------------------------------------------------------------- 3 | # Filename: pve_nas_ct_restoredirperm.sh 4 | # Description: Restore or update PVE NAS Ubuntu storage folders and permissions 5 | # ---------------------------------------------------------------------------------- 6 | 7 | #---- Bash command to run script --------------------------------------------------- 8 | #---- Source ----------------------------------------------------------------------- 9 | 10 | DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) 11 | COMMON_PVE_SRC_DIR="$DIR/../../common/pve/src" 12 | COMMON_DIR="$DIR/../../common" 13 | 14 | #---- Dependencies ----------------------------------------------------------------- 15 | 16 | # Run Bash Header 17 | source $COMMON_PVE_SRC_DIR/pvesource_bash_defaults.sh 18 | 19 | #---- Static Variables ------------------------------------------------------------- 20 | #---- Other Variables -------------------------------------------------------------- 21 | 22 | # Easy Script Section Header Body Text 23 | SECTION_HEAD='PVE NAS' 24 | 25 | #---- Other Files ------------------------------------------------------------------ 26 | #---- Body ------------------------------------------------------------------------- 27 | 28 | #---- Restore, update default storage folder permissions 29 | 30 | source $COMMON_DIR/nas/src/nas_identify_storagepath.sh 31 | source $COMMON_DIR/nas/src/nas_basefoldersetup.sh 32 | #----------------------------------------------------------------------------------- --------------------------------------------------------------------------------

PVE File Server (NAS)

Features

Prerequisites

Local DNS Records

Installation Options

Ubuntu NAS CT - PVE SATA/NVMe

Ubuntu NAS CT - Basic USB disk

OMV NAS VM - Direct attached storage

Easy Scripts

1) PVE NAS Installer Easy Script

2) PVE Ubuntu NAS Toolbox Easy Script

Table of Contents

---- Login credentials for user '${USER^^}' ${HOSTNAME^} account

---- Account type (folder access level)

---- Client SMB LAN ${HOSTNAME^} connection

---- Client SFTP ${HOSTNAME^} connection

---- Attachment Details