Commit 03bbd25a authored by Joshua Tauberer's avatar Joshua Tauberer

re-do allow apt to perform security updates on its own

Move this into system.sh rather than anagement.sh.

This reverts commit eab28c97.
parent a0b056ae
......@@ -2,7 +2,7 @@
source setup/functions.sh
apt_install python3-flask links duplicity libyaml-dev python3-dnspython unattended-upgrades
apt_install python3-flask links duplicity libyaml-dev python3-dnspython
hide_output pip3 install rtyaml
# Create a backup directory and a random key for encrypting backups.
......@@ -21,14 +21,6 @@ rm -f /etc/init.d/mailinabox
ln -s $(pwd)/conf/management-initscript /etc/init.d/mailinabox
hide_output update-rc.d mailinabox defaults
# Allow apt to install system updates automatically every day.
cat > /etc/apt/apt.conf.d/02periodic <<EOF;
APT::Periodic::MaxAge "7";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1";
EOF
# Perform a daily backup.
cat > /etc/cron.daily/mailinabox-backup << EOF;
#!/bin/bash
......
......@@ -11,18 +11,22 @@ hide_output apt-get -y upgrade
# haveged: Provides extra entropy to /dev/random so it doesn't stall
# when generating random numbers for private keys (e.g. during
# ldns-keygen).
apt_install python3 python3-pip wget curl bind9-host haveged
# Turn on basic services:
#
# unattended-upgrades: Apt tool to install security updates automatically.
# ntp: keeps the system time correct
#
# fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
#
# These services don't need further configuration and are started immediately after installation.
apt_install ntp fail2ban
apt_install python3 python3-pip \
wget curl bind9-host \
haveged unattended-upgrades ntp fail2ban
# Allow apt to install system updates automatically every day.
cat > /etc/apt/apt.conf.d/02periodic <<EOF;
APT::Periodic::MaxAge "7";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1";
EOF
if [ -z "$DISABLE_FIREWALL" ]; then
# Turn on the firewall. First allow incoming SSH, then turn on the firewall.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment