installation script for OS Devuan (#95)

* adding devuan

* add devaun desc to README
make update and upgrade more noisy
correct path for devuan in pre-install

* some untested code for the source install - source installation is broken in Debian installation script and I have not debugged the problem. Focusing on the packaged version first.

README.md

@@ -12,6 +12,15 @@ It supports the latest video dependencies. If you want to do video mixing use De
 wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/debian/pre-install.sh | sh
 cd /usr/src/fusionpbx-install.sh/debian && ./install.sh
 ```
+### Devuan
+If you like Debian but rather not bother with systemd, Devuan is a "drop in" replacement.
+Version 1 is bassed on Jessie. So you will find the same packages available.
+Please note that the source installation and installation on ARM is not fully tested.
+
+```sh
+wget -O - https://raw.githubusercontent.com/fusionpbx/fusionpbx-install.sh/master/devuan/pre-install.sh | sh
+cd /usr/src/fusionpbx-install.sh/devuan && ./install.sh
+```
 
 ### FreeBSD
 FreeBSD is an operating system that has many great features like ZFS, HAST, CARP and more.

debian/resources/postgres.sh

@@ -17,7 +17,7 @@ password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64)
 #install message
 echo "Install PostgreSQL and create the database and users\n"
 
-#use the system database repo for arm
+#use the sip247 database repo for arm
 if [ .$cpu_architecture = .'arm' ]; then
         database_repo="sip247"
 fi

devuan/install.sh

@@ -0,0 +1,56 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ./resources/config.sh
+. ./resources/colors.sh
+. ./resources/environment.sh
+
+#Update to latest packages
+verbose "Update installed packages"
+#apt-get upgrade && apt-get update -y --force-yes
+# --force-yes is dangerous as per the man page. Lets use -y
+apt-get -q update && apt-get -q --assume-yes upgrade
+
+#Add dependencies
+apt-get install -q -y lsb-release sudo
+
+#IPTables
+resources/iptables.sh
+
+#FusionPBX
+resources/fusionpbx.sh
+
+#NGINX web server
+resources/nginx.sh
+
+#PHP
+resources/php.sh
+
+#FreeSWITCH
+resources/switch.sh
+
+#Fail2ban
+resources/fail2ban.sh
+
+#Optional CLI SIP monitoring tool
+resources/sngrep.sh
+
+#Postgres
+resources/postgres.sh
+
+#restart services
+if [ ."$php_version" = ."5" ]; then
+        service php5-fpm restart
+fi
+if [ ."$php_version" = ."7" ]; then
+        service php7.0-fpm restart
+fi
+
+service nginx restart
+service fail2ban restart
+
+#add the database schema, user and groups
+resources/finish.sh

devuan/pre-install.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+#upgrade the packages
+apt-get -q update && apt-get upgrade -y
+
+#install git
+apt-get install -y git
+
+#get the install script
+cd /usr/src && git clone https://github.com/fusionpbx/fusionpbx-install.sh.git
+
+#change the working directory
+cd /usr/src/fusionpbx-install.sh/devuan

devuan/resources/arguments.sh

@@ -0,0 +1,48 @@
+#!/bin/sh
+
+#Process command line options only if we haven't been processed once
+if [ -z "$CPU_CHECK" ]; then
+	export script_name=`basename "$0"`
+	ARGS=$(getopt -n '$script_name' -o h -l help,use-switch-source,use-switch-package-all,use-switch-master,use-switch-package-unofficial-arm,use-php5-package,use-system-master,no-cpu-check -- "$@")
+	
+	if [ $? -ne 0 ]; then
+		error "Failed parsing options."
+		exit 1
+	fi
+	
+	export USE_SWITCH_SOURCE=false
+	export USE_SWITCH_PACKAGE_ALL=false
+	export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=false
+	export USE_PHP5_PACKAGE=false
+	export USE_SWITCH_MASTER=false
+	export USE_SYSTEM_MASTER=false
+	export CPU_CHECK=true
+	HELP=false
+	
+	while true; do
+	  case "$1" in
+		--use-switch-source ) export USE_SWITCH_SOURCE=true; shift ;;
+		--use-switch-package-all ) export USE_SWITCH_PACKAGE_ALL=true; shift ;;
+		--use-switch-master ) export USE_SWITCH_MASTER=true; shift ;;
+		--use-system-master ) export USE_SYSTEM_MASTER=true; shift ;;
+		--use-php5-package ) export USE_PHP5_PACKAGE=true; shift ;;
+		--use-switch-package-unofficial-arm ) export USE_SWITCH_PACKAGE_UNOFFICIAL_ARM=true; export USE_PHP5_PACKAGE=true; shift ;;
+		--no-cpu-check ) export CPU_CHECK=false; shift ;;
+		-h | --help ) HELP=true; shift ;;
+		-- ) shift; break ;;
+		* ) break ;;
+	  esac
+	done
+	
+	if [ .$HELP = .true ]; then
+		warning "Debian installer script"
+		warning "	--use-switch-source will use freeswitch from source rather than ${green}(default:packages)"
+		warning "	--use-switch-package-all if using packages use the meta-all package"
+		warning "	--use-switch-package-unofficial-arm if your system is arm and you are using packages, use the unofficial arm repo and force php5* packages"
+		warning "	--use-php5-package use php5* packages instead of ${green}(default:php7.0)"
+		warning "	--use-switch-master will use master branch/packages for the switch instead of ${green}(default:stable)"
+		warning "	--use-system-master will use master branch/packages for the system instead of ${green}(default:stable)"
+		warning "	--no-cpu-check disable the cpu check ${green}(default:check)"
+		exit;
+	fi
+fi

devuan/resources/backup/fusionpbx-backup.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+export PGPASSWORD="zzz"
+db_host=127.0.0.1
+db_port=5432
+
+now=$(date +%Y-%m-%d)
+mkdir -p /var/backups/fusionpbx/postgresql
+
+echo "Backup Started"
+
+#delete postgres backups
+find /var/backups/fusionpbx/postgresql/fusionpbx_pgsql* -mtime +4 -exec rm {} \;
+
+#delete the main backup
+find /var/backups/fusionpbx/*.tgz -mtime +2 -exec rm {} \;
+
+#backup the database
+pg_dump --verbose -Fc --host=$db_host --port=$db_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
+
+#package
+tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/share/freeswitch/scripts /var/lib/freeswitch/storage /var/lib/freeswitch/recordings /etc/fusionpbx /etc/freeswitch
+
+#source
+#tar -zvcf /var/backups/fusionpbx/backup_$now.tgz /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql /var/www/fusionpbx /usr/local/freeswitch/scripts /usr/local/freeswitch/storage /usr/local/freeswitch/recordings /etc/fusionpbx /usr/local/freeswitch/conf
+
+echo "Backup Completed"

devuan/resources/backup/fusionpbx-maintenance.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+
+#settings
+#export PGPASSWORD="zzzzz"
+db_host=127.0.0.1
+db_port=5432
+switch_package=true # true or false
+
+#set the date
+now=$(date +%Y-%m-%d)
+
+#make sure the directory exists
+mkdir -p /var/backups/fusionpbx/postgresql
+
+#show message to the console
+echo "Maintenance Started"
+
+#delete freeswitch logs older 7 days
+if [ .$switch_package = .true ]; then
+	find /var/log/freeswitch/freeswitch.log.* -mtime +7 -exec rm {} \;
+else
+	find /usr/local/freeswitch/log/freeswitch.log.* -mtime +7 -exec rm {} \;
+fi
+
+#delete fax older than 90 days
+if [ .$switch_package = .true ]; then
+	echo ".";
+	#find /var/lib/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \;
+	#find /var/lib/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \;
+else
+	echo ".";
+	#find /usr/local/freeswitch/storage/fax/*  -name '*.tif' -mtime +90 -exec rm {} \;
+	#find /usr/local/freeswitch/storage/fax/*  -name '*.pdf' -mtime +90 -exec rm {} \;
+fi
+#delete from the database
+#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_fax_files WHERE fax_date < NOW() - INTERVAL '90 days'"
+
+#delete voicemail older than 90 days
+if [ .$switch_package = .true ]; then
+	echo ".";
+	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
+	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
+else
+	echo ".";
+	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.wav' -mtime +90 -exec rm {} \;
+	#find /usr/local/freeswitch/storage/voicemail/*  -name 'msg_*.mp3' -mtime +90 -exec rm {} \;
+fi
+#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_voicemail_messages WHERE to_timestamp(created_epoch) < NOW() - INTERVAL '90 days'"
+#delete call detail records older 90 days
+#psql --host=127.0.0.1 --username=fusionpbx -c "delete from v_xml_cdr WHERE start_stamp < NOW() - INTERVAL '90 days'"
+
+#completed message
+echo "Maintenance Completed";

devuan/resources/colors.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+verbose () {
+	echo "${green}$1${normal}"
+}
+error () {
+	echo "${red}$1${normal}"
+	}
+warning () {
+	echo "${yellow}$1${normal}"
+}
+
+# check for color support
+if test -t 1; then
+
+    # see if it supports colors...
+    ncolors=$(tput colors)
+
+    if test -n "$ncolors" && test $ncolors -ge 8; then
+        normal="$(tput sgr0)"
+        red="$(tput setaf 1)"
+        green="$(tput setaf 2)"
+        yellow="$(tput setaf 3)"
+    fi
+fi

devuan/resources/config.sh

@@ -0,0 +1,18 @@
+
+# FusionPBX Settings
+system_username=admin           # default username admin
+system_password=random          # random or as a pre-set value
+system_branch=stable            # master, stable
+
+# FreeSWITCH Settings
+switch_branch=stable            # master, stable
+switch_source=false             # true or false
+switch_package=true             # true or false
+
+# Database Settings
+database_password=random        # random or as a pre-set value
+database_repo=system            # PostgresSQL official, system, 2ndquadrant
+database_backup=false           # true or false
+
+# General Settings
+php_version=7                   # PHP version 5 or 7

devuan/resources/environment.sh

@@ -0,0 +1,79 @@
+#!/bin/sh
+
+#operating system details
+os_name=$(lsb_release -is)
+os_codename=$(lsb_release -cs)
+os_mode='unknown'
+
+#cpu details
+cpu_name=$(uname -m)
+cpu_architecture='unknown'
+cpu_mode='unknown'
+
+if [ .$cpu_name = .'armv7l' ]; then
+	# RaspberryPi 3 is actually armv8l but current Raspbian reports the cpu as armv7l and no Raspbian 64Bit has been released at this time
+	os_mode='32'
+	cpu_mode='32'
+	cpu_architecture='arm'
+elif [ .$cpu_name = .'armv8l' ]; then
+	# No test case for armv8l
+	os_mode='unknown'
+	cpu_mode='64'
+	cpu_architecture='arm'
+elif [ .$cpu_name = .'i386' ]; then
+	os_mode='32'
+	if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
+		cpu_mode='64'
+	else
+		cpu_mode='32'
+	fi
+	cpu_architecture='x86'
+elif [ .$cpu_name = .'i686' ]; then
+	os_mode='32'
+	if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
+		cpu_mode='64'
+	else
+		cpu_mode='32'
+	fi
+	cpu_architecture='x86'
+elif [ .$cpu_name = .'x86_64' ]; then
+	os_mode='64'
+	if [ .$(grep -o -w 'lm' /proc/cpuinfo | head -n 1) = .'lm' ]; then
+		cpu_mode='64'
+	else
+		cpu_mode='32'
+	fi
+	cpu_architecture='x86'
+fi
+
+if [ .$cpu_architecture = .'arm' ]; then
+	if [ .$os_mode = .'32' ]; then
+		verbose "Correct CPU and Operating System detected, using the ARM repo"
+	elif [ .$os_mode = .'64' ]; then
+		error "You are using a 64bit arm OS this is unsupported"
+		switch_source=true
+		switch_package=false
+	else
+		error "Unknown OS mode $os_mode this is unsupported"
+		switch_source=true
+		switch_package=false
+	fi
+elif [ .$cpu_architecture = .'x86' ]; then
+	if [ .$os_mode = .'32' ]; then
+		error "You are using a 32bit OS this is unsupported"
+		if [ .$cpu_mode = .'64' ]; then
+			warning " Your CPU is 64bit you should consider reinstalling with a 64bit OS"
+		fi
+		switch_source=true
+		switch_package=false
+	elif [ .$os_mode = .'64' ]; then
+		verbose "Correct CPU and Operating System detected"
+	else
+		error "Unknown Operating System mode $os_mode is unsupported"
+		switch_source=true
+		switch_package=false
+	fi
+else
+	error "You are using a unsupported architecture $cpu_architecture"
+	exit 3
+fi

devuan/resources/fail2ban.sh

@@ -0,0 +1,34 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ./config.sh
+. ./colors.sh
+. ./environment.sh
+
+#send a message
+verbose "Installing Fail2ban"
+
+#add the dependencies
+apt-get -q -y install fail2ban
+
+#move the filters
+cp fail2ban/freeswitch-dos.conf /etc/fail2ban/filter.d/freeswitch-dos.conf
+cp fail2ban/freeswitch-ip.conf /etc/fail2ban/filter.d/freeswitch-ip.conf
+cp fail2ban/freeswitch-404.conf /etc/fail2ban/filter.d/freeswitch-404.conf
+cp fail2ban/freeswitch.conf /etc/fail2ban/filter.d/freeswitch.conf
+cp fail2ban/fusionpbx.conf /etc/fail2ban/filter.d/fusionpbx.conf
+cp fail2ban/nginx-404.conf /etc/fail2ban/filter.d/nginx-404.conf
+cp fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf
+cp fail2ban/jail.local /etc/fail2ban/jail.local
+
+#update config if source is being used
+if [ .$switch_source = .true ]; then
+	sed 's#var/log/freeswitch#usr/local/freeswitch/log#g' -i /etc/fail2ban/jail.local
+fi
+
+/usr/sbin/service fail2ban restart
+
+# missing log file will show error

devuan/resources/fail2ban/freeswitch-404.conf

@@ -0,0 +1,27 @@
+# Fail2Ban configuration file
+# inbound route - 404 not found
+
+
+[Definition]
+
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
+#[hostname] variable doesn't seem to work in every case. Do this instead:
+failregex = 404 not found <HOST>
+
+
+#EXECUTE sofia/external/[email protected] log([inbound routes] 404 not found 82.68.115.62)
+
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

devuan/resources/fail2ban/freeswitch-dos.conf

@@ -0,0 +1,21 @@
+# Fail2Ban configuration file
+#
+# Author: soapee01
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

devuan/resources/fail2ban/freeswitch-ip.conf

@@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#2014-12-01 00:47:54.331821 [WARNING] sofia_reg.c:2752 Can't find user [[email protected]] from 62.210.151.162
+failregex = \[WARNING\] sofia_reg.c:\d+ Can't find user \[.*@\d+.\d+.\d+.\d+\] from <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

devuan/resources/fail2ban/freeswitch.conf

@@ -0,0 +1,18 @@
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
+

devuan/resources/fail2ban/fusionpbx.conf

@@ -0,0 +1,25 @@
+# Fail2Ban configuration file
+#
+# Author: soapee01
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
+#[hostname] variable doesn't seem to work in every case. Do this instead:
+failregex = .* FusionPBX: \[<HOST>\] authentication failed for
+          = .* FusionPBX: \[<HOST>\] provision attempt bad password for
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
+

devuan/resources/fail2ban/jail.local

@@ -0,0 +1,113 @@
+[freeswitch-udp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
+maxretry = 5
+findtime = 600
+bantime  = 600
+#          sendmail-whois[name=FreeSwitch, dest=root, [email protected]] #no smtp server installed
+
+[freeswitch-tcp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
+maxretry = 5
+findtime = 600
+bantime  = 600
+#          sendmail-whois[name=FreeSwitch, dest=root, [email protected]] #no smtp server installed
+
+#[freeswitch-ip-tcp]
+#enabled  = true
+#port     = 5060,5061,5080,5081
+#protocol = all
+#filter   = freeswitch-ip
+#logpath  = /var/log/freeswitch/freeswitch.log
+#action   = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp]
+#maxretry = 1
+#findtime = 30
+#bantime  = 86400
+
+#[freeswitch-ip-udp]
+#enabled  = true
+#port     = 5060,5061,5080,5081
+#protocol = all
+#filter   = freeswitch-ip
+#logpath  = /var/log/freeswitch/freeswitch.log
+#action   = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp]
+#maxretry = 1
+#findtime = 30
+#bantime  = 86400
+
+[freeswitch-dos-udp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch-dos
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-dos-udp, port="5060,5061,5080,5081", protocol=udp]
+maxretry = 50
+findtime = 30
+bantime  = 6000
+
+[freeswitch-dos-tcp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch-dos
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-dos-tcp, port="5060,5061,5080,5081", protocol=tcp]
+maxretry = 50
+findtime = 30
+bantime  = 6000
+
+[freeswitch-404]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch-404
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-allports[name=freeswitch-404, protocol=all]
+maxretry = 3
+findtime = 300
+bantime  = 86400
+
+[fusionpbx]
+enabled  = true
+port     = 80,443
+protocol = tcp
+filter   = fusionpbx
+logpath  = /var/log/auth.log
+action   = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp]
+#          sendmail-whois[name=fusionpbx, dest=root, [email protected]] #no smtp server installed
+maxretry = 10
+findtime = 600
+bantime  = 600
+
+[nginx-404]
+enabled  = true
+port     = 80,443
+protocol = tcp
+filter   = nginx-404
+logpath  = /var/log/nginx/access*.log
+bantime  = 600
+findtime = 60
+maxretry = 120
+
+[nginx-dos]
+# Based on apache-badbots but a simple IP check (any IP requesting more than
+# 240 pages in 60 seconds, or 4p/s average, is suspicious)
+# Block for two full days.
+enabled  = true
+port     = 80,443
+protocol = tcp
+filter   = nginx-dos
+logpath  = /var/log/nginx/access*.log
+findtime = 60
+bantime  = 172800
+maxretry = 240

devuan/resources/fail2ban/nginx-404.conf

@@ -0,0 +1,5 @@
+# Fail2Ban configuration file
+#
+[Definition]
+failregex = <HOST> - - \[.*\] "(GET|POST).*HTTP[^ ]* 404
+ignoreregex =

devuan/resources/fail2ban/nginx-dos.conf

@@ -0,0 +1,14 @@
+# Fail2Ban configuration file
+ 
+[Definition]
+# Option: failregex
+# Notes.: Regexp to catch a generic call from an IP address.
+# Values: TEXT
+#
+failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"$
+ 
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =

devuan/resources/finish.sh

@@ -0,0 +1,147 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ./config.sh
+. ./colors.sh
+. ./environment.sh
+
+#database details
+database_host=127.0.0.1
+database_port=5432
+database_username=fusionpbx
+if [ .$database_password = .'random' ]; then
+    database_password="$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 20 | xargs)"
+fi
+
+verbose "Create the database and users"
+
+#
+# Install the database backup
+#
+
+cp backup/fusionpbx-backup.sh /etc/cron.daily
+chmod 755 /etc/cron.daily/fusionpbx-backup.sh
+sed -i "s/zzz/${database_password}/g" /etc/cron.daily/fusionpbx-backup.sh
+
+#
+# Move to /tmp to prevent a red herring error when running sudo with psql
+#
+
+cwd=$(pwd)
+cd /tmp
+
+#
+# I'm not sure why we would do this when the databases don't exist yet.
+#
+
+#sudo -u postgres psql -d fusionpbx -c "DROP SCHEMA public cascade;";
+#sudo -u postgres psql -d fusionpbx -c "CREATE SCHEMA public;";
+
+sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
+sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';"
+sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
+
+#
+# Maybe the freeswitch will use the freeswitch database in the future?
+# Right now it's configured to use SQLite.
+# So we will comment this out.
+#
+
+#sudo -u postgres psql -c "CREATE DATABASE freeswitch;";
+#sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$password';"
+#sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
+#sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
+
+cd $cwd
+
+#add the config.php
+mkdir -p /etc/fusionpbx
+chown -R www-data:www-data /etc/fusionpbx
+cp fusionpbx/config.php /etc/fusionpbx
+sed -i /etc/fusionpbx/config.php -e s:'{database_username}:fusionpbx:'
+sed -i /etc/fusionpbx/config.php -e s:"{database_password}:$database_password:"
+
+#add the database schema
+cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_schema.php > /dev/null 2>&1
+
+#get the server hostname
+#domain_name=$(hostname -f)
+
+#get the ip address
+domain_name=$(hostname -I | cut -d ' ' -f1)
+
+#get a domain_uuid
+domain_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
+
+#allow the script to use the new password
+export PGPASSWORD=$database_password
+
+#add the domain name
+psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_domains (domain_uuid, domain_name, domain_enabled) values('$domain_uuid', '$domain_name', 'true');"
+
+#app defaults - this is needed here otherwise group superadmin will not exist for "get the superadmin group_uuid" *
+cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
+
+#add the user
+user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
+user_salt=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
+user_name=$system_username
+if [ .$system_password = .'random' ]; then
+	user_password="$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 12 | xargs)"
+else
+	user_password=$system_password
+fi
+
+password_hash=$(php -r "echo md5('$user_salt$user_password');");
+
+psql --host=$database_host --port=$database_port --username=$database_username -t -c "insert into v_users (user_uuid, domain_uuid, username, password, salt, user_enabled) values('$user_uuid', '$domain_uuid', '$user_name', '$password_hash', '$user_salt', 'true');"
+
+#get the superadmin group_uuid *
+group_uuid=$(psql --host=$database_host --port=$database_port --username=$database_username -t -c "select group_uuid from v_groups where group_name = 'superadmin';");
+group_uuid=$(echo $group_uuid | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//')
+
+#add the user to the group
+group_user_uuid=$(/usr/bin/php /var/www/fusionpbx/resources/uuid.php);
+group_name=superadmin
+psql --host=$database_host --port=$database_port --username=$database_username -c "insert into v_group_users (group_user_uuid, domain_uuid, group_name, group_uuid, user_uuid) values('$group_user_uuid', '$domain_uuid', '$group_name', '$group_uuid', '$user_uuid');"
+
+#update xml_cdr url, user and password
+xml_cdr_username=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
+xml_cdr_password=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 | sed 's/[=\+//]//g')
+sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_http_protocol}:http:"
+sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{domain_name}:127.0.0.1:"
+sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_project_path}::"
+sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_user}:$xml_cdr_username:"
+sed -i /etc/freeswitch/autoload_configs/xml_cdr.conf.xml -e s:"{v_pass}:$xml_cdr_password:"
+
+#app defaults - not sure if this needs to be executed again
+cd /var/www/fusionpbx && php /var/www/fusionpbx/core/upgrade/upgrade_domains.php
+
+/usr/sbin/service freeswitch restart
+
+#welcome message
+echo ""
+echo ""
+verbose "Installation has completed."
+echo ""
+echo "   Use a web browser to login."
+echo "      domain name: https://$domain_name"
+echo "      username: $user_name"
+echo "      password: $user_password"
+echo ""
+echo "   The domain name in the browser is used by default as part of the authentication."
+echo "   If you need to login to a different domain then use username@domain."
+echo "      username: $user_name@$domain_name";
+echo ""
+echo "   Official FusionPBX Training"
+echo "      Fastest way to learn FusionPBX. For more information https://www.fusionpbx.com."
+echo "      Available online and in person. Includes documentation and recording."
+echo ""
+echo "   Additional information."
+echo "      https://fusionpbx.com/support.php"
+echo "      https://www.fusionpbx.com"
+echo "      http://docs.fusionpbx.com"
+echo ""

devuan/resources/fusionpbx.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+. ./config.sh
+. ./colors.sh
+. ./environment.sh
+
+#send a message
+verbose "Installing FusionPBX"
+
+#install dependencies
+apt-get install -qq -y git dbus haveged ssl-cert
+apt-get install -qq -y ghostscript libtiff5-dev libtiff-tools
+
+if [ .$system_branch = "master" ]; then
+	verbose "Using master"
+	branch=""
+else
+	system_major=$(git ls-remote --heads https://github.com/fusionpbx/fusionpbx.git | cut -d/ -f 3 | grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f1)
+	system_minor=$(git ls-remote --tags https://github.com/fusionpbx/fusionpbx.git $system_major.* | cut -d/ -f3 |  grep -P '^\d+\.\d+' | sort | tail -n 1 | cut -d. -f2)
+	system_version=$system_major.$system_minor
+	verbose "Using version $system_version"
+	branch="-b $system_version"
+fi
+
+#get the source code
+git clone $branch https://github.com/fusionpbx/fusionpbx.git /var/www/fusionpbx
+chown -R www-data:www-data /var/www/fusionpbx
+chmod -R 755 /var/www/fusionpbx/secure

devuan/resources/fusionpbx/config.php

@@ -0,0 +1,45 @@
+<?php
+/*
+	FusionPBX
+	Version: MPL 1.1
+
+	The contents of this file are subject to the Mozilla Public License Version
+	1.1 (the "License"); you may not use this file except in compliance with
+	the License. You may obtain a copy of the License at
+	http://www.mozilla.org/MPL/
+
+	Software distributed under the License is distributed on an "AS IS" basis,
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	for the specific language governing rights and limitations under the
+	License.
+
+	The Original Code is FusionPBX
+
+	The Initial Developer of the Original Code is
+	Mark J Crane <[email protected]>
+	Portions created by the Initial Developer are Copyright (C) 2008-2016
+	the Initial Developer. All Rights Reserved.
+
+	Contributor(s):
+	Mark J Crane <[email protected]>
+*/
+
+//set the database type
+	$db_type = 'pgsql'; //sqlite, mysql, pgsql, others with a manually created PDO connection
+
+//sqlite: the db_name and db_path are automatically assigned however the values can be overidden by setting the values here.
+	//$db_name = 'fusionpbx.db'; //host name/ip address + '.db' is the default database filename
+	//$db_path = '/var/www/fusionpbx/secure'; //the path is determined by a php variable
+
+//pgsql: database connection information
+	$db_host = 'localhost'; //set the host only if the database is not local
+	$db_port = '5432';
+	$db_name = 'fusionpbx';
+	$db_username = '{database_username}';
+	$db_password = '{database_password}';
+
+//show errors
+	ini_set('display_errors', '1');
+	//error_reporting (E_ALL); // Report everything
+	//error_reporting (E_ALL ^ E_NOTICE); // hide notices
+	error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings

devuan/resources/iptables.sh

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+. ./config.sh
+. ./colors.sh
+
+#send a message
+verbose "Configuring IPTables"
+
+#run iptables commands
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "sipcli/" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "friendly-scanner" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "sipcli/" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5060:5061 -m string --string "VaxSIPUserAgent/" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "sipcli/" --algo bm
+iptables -A INPUT -j DROP -p udp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "friendly-scanner" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "sipcli/" --algo bm
+iptables -A INPUT -j DROP -p tcp --dport 5080:5081 -m string --string "VaxSIPUserAgent/" --algo bm
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+iptables -A INPUT -p tcp --dport 80 -j ACCEPT
+iptables -A INPUT -p tcp --dport 443 -j ACCEPT
+iptables -A INPUT -p tcp --dport 5060:5061 -j ACCEPT
+iptables -A INPUT -p udp --dport 5060:5061 -j ACCEPT
+iptables -A INPUT -p tcp --dport 5080:5081 -j ACCEPT
+iptables -A INPUT -p udp --dport 5080:5081 -j ACCEPT
+iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
+iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+iptables -A INPUT -p udp --dport 1194 -j ACCEPT
+iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46
+iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5081 -j DSCP --set-dscp 26
+iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5081 -j DSCP --set-dscp 26
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+iptables -P OUTPUT ACCEPT
+
+#answer the questions for iptables persistent
+echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+apt-get install -y -q iptables-persistent
+
+# update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults

devuan/resources/letsencrypt.sh

@@ -0,0 +1,80 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ./config.sh
+. ./colors.sh
+. ./environment.sh
+
+#request the domain and email
+read -p 'Domain Name: ' domain_name
+read -p 'Email Address: ' email_address
+#domain_name=subdomain.domain.com
+#[email protected]
+
+#remove previous install
+rm -R /opt/letsencrypt
+rm -R /etc/letsencrypt
+
+#use php version 5 for arm
+if [ .$cpu_architecture = .'arm' ]; then
+        php_version=5
+fi
+
+#enable fusionpbx nginx config
+cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
+
+#prepare socket name
+if [ ."$php_version" = ."5" ]; then
+        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
+fi
+if [ ."$php_version" = ."7" ]; then
+        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
+fi
+ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
+
+#read the config
+/usr/sbin/nginx -t && /usr/sbin/nginx -s reload
+
+#install letsencrypt
+git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
+chmod 755 /opt/letsencrypt/certbot-auto
+/opt/letsencrypt/./certbot-auto
+mkdir -p /etc/letsencrypt/configs
+mkdir -p /var/www/letsencrypt/
+
+#cd $pwd
+#cd "$(dirname "$0")"
+
+#copy the domain conf
+cp letsencrypt/domain_name.conf /etc/letsencrypt/configs/$domain_name.conf
+
+#update the domain_name and email_address
+sed "s#{domain_name}#$domain_name#g" -i /etc/letsencrypt/configs/$domain_name.conf
+sed "s#{email_address}#$email_address#g" -i /etc/letsencrypt/configs/$domain_name.conf
+
+#letsencrypt
+#sed "s@#letsencrypt@location /.well-known/acme-challenge { root /var/www/letsencrypt; }@g" -i /etc/nginx/sites-available/fusionpbx
+
+#get the certs from letsencrypt
+cd /opt/letsencrypt && ./letsencrypt-auto --config /etc/letsencrypt/configs/$domain_name.conf certonly
+
+#update nginx config
+sed "s@ssl_certificate         /etc/ssl/certs/nginx.crt;@ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;@g" -i /etc/nginx/sites-available/fusionpbx
+sed "s@ssl_certificate_key     /etc/ssl/private/nginx.key;@ssl_certificate_key /etc/letsencrypt/live/$domain_name/privkey.pem;@g" -i /etc/nginx/sites-available/fusionpbx
+
+#read the config
+/usr/sbin/nginx -t && /usr/sbin/nginx -s reload
+
+#combine the certs into all.pem
+cat /etc/letsencrypt/live/$domain_name/cert.pem > /etc/letsencrypt/live/$domain_name/all.pem
+cat /etc/letsencrypt/live/$domain_name/privkey.pem >> /etc/letsencrypt/live/$domain_name/all.pem
+cat /etc/letsencrypt/live/$domain_name/chain.pem >> /etc/letsencrypt/live/$domain_name/all.pem
+
+#copy the certs to the switch tls directory
+mkdir -p /etc/freeswitch/tls
+cp /etc/letsencrypt/live/$domain_name/*.pem /etc/freeswitch/tls
+cp /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
+chown -R www-data:www-data /etc/freeswitch

devuan/resources/letsencrypt/domain_name.conf

@@ -0,0 +1,22 @@
+# the domain we want to get the cert for;
+# technically it's possible to have multiple of this lines, but it only worked
+# with one domain for me, another one only got one cert, so I would recommend
+# separate config files per domain.
+domains = {domain_name}
+
+# increase key size
+rsa-key-size = 2048 # Or 4096
+
+# the current closed beta (as of 2015-Nov-07) is using this server
+server = https://acme-v01.api.letsencrypt.org/directory
+
+# this address will receive renewal reminders
+email = {email_address}
+
+# turn off the ncurses UI, we want this to be run as a cronjob
+text = True
+
+# authenticate by placing a file in the webroot (under .well-known/acme-challenge/)
+# and then letting LE fetch it
+authenticator = webroot
+webroot-path = /var/www/letsencrypt/

devuan/resources/nginx.sh

@@ -0,0 +1,89 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ./config.sh
+. ./colors.sh
+. ./environment.sh
+
+#send a message
+verbose "Installing Nginx"
+
+#if [ ."$cpu_architecture" = ."arm" ]; then
+        #9.x - */stretch/
+        #8.x - */jessie/
+#fi
+if [ ."$php_version" = ."5" ]; then
+        #verbose "Switching forcefully to php5* packages"
+        which add-apt-repository || apt-get install -y software-properties-common
+        #LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
+        #LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php5-compat
+        apt-get update
+elif [ ."$os_name" = ."Ubuntu" ]; then
+        #16.10.x - */yakkety/
+        #16.04.x - */xenial/
+        #14.04.x - */trusty/
+        if [ ."$os_codename" = ."trusty" ]; then
+                which add-apt-repository || apt-get install -y software-properties-common
+                LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
+                apt-get -q update
+        fi
+elif [ ."$cpu_architecture" = ."arm" ]; then
+        #Pi2 and Pi3 Raspbian
+        #Odroid
+        if [ ."$os_codename" = ."jessie" ]; then
+                echo "deb http://packages.moopi.uk/debian jessie main" > /etc/apt/sources.list.d/moopi.list
+                wget -O - http://packages.moopi.uk/debian/moopi.gpg.key | apt-key add -
+                apt-get -q update
+        fi
+else
+        #9.x - */stretch/
+        #8.x - */jessie/
+        if [ ."$os_codename" = ."jessie" ]; then
+                echo "deb http://packages.dotdeb.org $os_codename all" > /etc/apt/sources.list.d/dotdeb.list
+                echo "deb-src http://packages.dotdeb.org $os_codename all" >> /etc/apt/sources.list.d/dotdeb.list
+                wget -O - https://www.dotdeb.org/dotdeb.gpg | apt-key add -
+                apt-get -q update
+        fi
+fi
+
+#use php version 5 for arm
+#if [ .$cpu_architecture = .'arm' ]; then
+#        php_version=5
+#fi
+
+#install dependencies
+apt-get install -y -q nginx
+if [ ."$php_version" = ."5" ]; then
+        apt-get install -y -q php5 php5-cli php5-fpm php5-pgsql php5-sqlite php5-odbc php5-curl php5-imap php5-mcrypt
+fi
+if [ ."$php_version" = ."7" ]; then
+        apt-get install -y -q php7.0 php7.0-cli php7.0-fpm php7.0-pgsql php7.0-sqlite3 php7.0-odbc php7.0-curl php7.0-imap php7.0-mcrypt php7.0-xml
+fi
+
+#enable fusionpbx nginx config
+cp nginx/fusionpbx /etc/nginx/sites-available/fusionpbx
+
+#prepare socket name
+if [ ."$php_version" = ."5" ]; then
+        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php5-fpm.sock;#g'
+fi
+if [ ."$php_version" = ."7" ]; then
+        sed -i /etc/nginx/sites-available/fusionpbx -e 's#unix:.*;#unix:/var/run/php/php7.0-fpm.sock;#g'
+fi
+ln -s /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/fusionpbx
+
+#self signed certificate
+ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/nginx.key
+ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/nginx.crt
+
+#remove the default site
+rm /etc/nginx/sites-enabled/default
+
+#add the letsencrypt directory
+mkdir -p /var/www/letsencrypt/
+
+#restart nginx
+service nginx restart

devuan/resources/nginx/fusionpbx

@@ -0,0 +1,201 @@
+
+server{
+	listen 127.0.0.1:80;
+	server_name 127.0.0.1;
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	client_max_body_size 80M;
+	client_body_buffer_size 128k;
+
+	location / {
+		root /var/www/fusionpbx;
+		index index.php;
+	}
+
+	location ~ \.php$ {
+		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		#fastcgi_pass 127.0.0.1:9000;
+		fastcgi_index index.php;
+		include fastcgi_params;
+		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+	}
+
+	# Disable viewing .htaccess & .htpassword & .db
+	location ~ .htaccess {
+			deny all;
+	}
+	location ~ .htpassword {
+			deny all;
+	}
+	location ~^.+.(db)$ {
+			deny all;
+	}
+}
+
+server {
+	listen 80;
+	server_name fusionpbx;
+	if ($uri !~* ^.*provision.*$) {
+		rewrite ^(.*) https://$host$1 permanent;
+		break;
+	}
+
+	#REST api
+	if ($uri ~* ^.*/api/.*$) {
+		rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
+		break;
+	}
+
+        #algo
+        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
+
+	#mitel
+	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
+	rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
+
+	#grandstream
+	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
+
+	#aastra
+	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
+	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
+
+	#yealink common
+	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
+
+	#yealink mac
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
+
+	#polycom
+	rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
+	#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
+	rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
+
+	#cisco
+	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
+
+	#Escene
+	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
+	rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$"    "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	client_max_body_size 80M;
+	client_body_buffer_size 128k;
+
+	location / {
+		root /var/www/fusionpbx;
+		index index.php;
+	}
+
+	location ~ \.php$ {
+		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		#fastcgi_pass 127.0.0.1:9000;
+		fastcgi_index index.php;
+		include fastcgi_params;
+		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+	}
+
+	# Disable viewing .htaccess & .htpassword & .db
+	location ~ .htaccess {
+		deny all;
+	}
+	location ~ .htpassword {
+		deny all;
+	}
+	location ~^.+.(db)$ {
+		deny all;
+	}
+}
+
+server {
+	listen 443;
+	server_name fusionpbx;
+	ssl                     on;
+	ssl_certificate         /etc/ssl/certs/nginx.crt;
+	ssl_certificate_key     /etc/ssl/private/nginx.key;
+	ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
+	ssl_ciphers             HIGH:!ADH:!MD5:!aNULL;
+
+	#letsencrypt
+	location /.well-known/acme-challenge {
+        	root /var/www/letsencrypt;
+    	}
+
+	#REST api
+	if ($uri ~* ^.*/api/.*$) {
+		rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
+		break;
+	}
+
+        #algo
+        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
+
+	#mitel
+	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
+	rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
+
+	#grandstriam
+	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
+
+	#aastra
+	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
+	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
+
+	#yealink common
+	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
+
+	#yealink mac
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
+
+	#polycom
+	rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
+	#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
+	rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
+	rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
+
+	#cisco
+	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
+
+	#Escene
+	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
+	rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$"    "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	client_max_body_size 80M;
+	client_body_buffer_size 128k;
+
+	location / {
+		root /var/www/fusionpbx;
+		index index.php;
+	}
+
+	location ~ \.php$ {
+		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+		#fastcgi_pass 127.0.0.1:9000;
+		fastcgi_index index.php;
+		include fastcgi_params;
+		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
+	}
+
+	# Disable viewing .htaccess & .htpassword & .db
+	location ~ .htaccess {
+		deny all;
+	}
+	location ~ .htpassword {
+		deny all;
+	}
+	location ~^.+.(db)$ {
+		deny all;
+	}
+}

devuan/resources/php.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ./config.sh
+. ./colors.sh
+
+#send a message
+verbose "Configuring PHP"
+
+#update config if source is being used
+if [ ."$php_version" = ."5" ]; then
+        verbose "version 5.x"
+        php_ini_file='/etc/php5/fpm/php.ini'
+fi
+if [ ."$php_version" = ."7" ]; then
+        verbose "version 7.0"
+        php_ini_file='/etc/php/7.0/fpm/php.ini'
+fi
+sed 's#post_max_size = .*#post_max_size = 80M#g' -i $php_ini_file
+sed 's#upload_max_filesize = .*#upload_max_filesize = 80M#g' -i $php_ini_file
+
+#restart php-fpm
+if [ ."$php_version" = ."5" ]; then
+    /usr/sbin/service php5-fpm restart
+fi
+if [ ."$php_version" = ."7" ]; then
+    /usr/sbin/service php7.0-fpm restart
+fi

devuan/resources/postgres.sh

@@ -0,0 +1,54 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ./config.sh
+. ./colors.sh
+. ./environment.sh
+
+#send a message
+verbose "Installing PostgreSQL"
+
+#use the system database repo for arm
+if [ .$cpu_architecture = .'arm' ]; then
+    database_repo="sip247"
+fi
+
+apt-get install -q -y sudo
+
+#included in the distribution
+if [ ."$database_repo" = ."system" ]; then
+	apt-get install -q -y postgresql
+fi
+
+#postgres official repository
+if [ ."$database_repo" = ."official" ]; then
+    verbose "Using official repos"
+	echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' > /etc/apt/sources.list.d/pgdg.list
+	wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
+	apt-get -q update && apt-get upgrade -y
+	apt-get install -y postgresql
+fi
+
+#Add PostgreSQL and BDR REPO
+if [ ."$database_repo" = ."2ndquadrant" ]; then
+    verbose "Using 2ndquadrant.com repos"
+	echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main'  >> /etc/apt/sources.list.d/postgresql.list
+	echo 'deb http://packages.2ndquadrant.com/bdr/apt/ jessie-2ndquadrant main' >> /etc/apt/sources.list.d/2ndquadrant.list
+	wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add -
+	wget --quiet -O - http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc | apt-key add -
+	apt-get -q update && apt-get upgrade -y
+	apt-get install -y postgresql-bdr-9.4 postgresql-bdr-9.4-bdr-plugin postgresql-bdr-contrib-9.4
+fi
+
+#sip247 arm repository
+if [ ."$database_repo" = ."sip247" ]; then
+        echo 'deb http://repo.sip247.com/debian/postgresql-armhf jessie main' > /etc/apt/sources.list.d/pgsql-sip247.list
+        wget --quiet -O - http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add -
+        apt-get -q update && apt-get upgrade -y
+        apt-get install -y postgresql
+fi
+
+service postgresql restart

devuan/resources/postgresql/bdr.sh

@@ -0,0 +1,144 @@
+#!/bin/sh
+
+#
+# This doesn't seem to be currently in use (2017.04.25).
+#
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ../config.sh
+
+#set the date
+now=$(date +%Y-%m-%d)
+
+#set the database password
+if [ .$database_password = .'random' ]; then
+        database_password=$(dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64 | sed 's/[=\+//]//g')
+fi
+
+#show this server's addresses
+server_address=$(hostname -I);
+echo "This Server Address: $server_address"
+
+#nodes addresses
+read -p "Enter all Node IP Addresses: " nodes
+
+#request the domain and email
+read -p 'Create Group (true/false): ' group_create
+if [ .$group_create = .true ]; then
+	read -p 'Enter this Nodes Address: ' node_1;
+else
+	read -p 'Join using node already in group: ' node_1;
+	read -p 'Enter this Nodes Address: ' node_2;
+fi
+
+#settings summary
+echo "-----------------------------";
+echo " Summary";
+echo "-----------------------------";
+echo "Create Group: $group_create";
+echo "All Node IP Addresses: $nodes";
+if [ .$group_create = .true ]; then
+	echo "This Nodes Address: $node_1";
+else
+	echo "Join using node in group: $node_1;"
+	echo "This Node Address: $node_2";
+fi
+echo "";
+
+#verify
+read -p 'Is the information correct (y/n): ' verified 
+if [ .$verified != ."y" ]; then
+	echo "Goodbye";
+	exit 0;
+fi
+
+#iptables rules
+for node in $nodes; do
+        iptables -A INPUT -j ACCEPT -p tcp --dport 5432 -s ${node}/32
+        iptables -A INPUT -j ACCEPT -p tcp --dport 8080 -s ${node}/32
+done
+apt-get remove iptables-persistent -y
+echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+apt-get install -y iptables-persistent
+
+#setup ssl
+sed -i /etc/postgresql/9.4/main/postgresql.conf -e s:'snakeoil.key:snakeoil-postgres.key:'
+cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil-postgres.key
+chown postgres:postgres /etc/ssl/private/ssl-cert-snakeoil-postgres.key
+chmod 600 /etc/ssl/private/ssl-cert-snakeoil-postgres.key
+
+#postgresql.conf - append settings
+cp /etc/postgresql/9.4/main/postgresql.conf /etc/postgresql/9.4/main/postgresql.conf-$now
+cat ../postgresql/postgresql.conf > /etc/postgresql/9.4/main/postgresql.conf
+
+#pg_hba.conf - append settings
+cp /etc/postgresql/9.4/main/pg_hba.conf /etc/postgresql/9.4/main/pg_hba.conf-$now
+cat ../postgresql/pg_hba.conf > /etc/postgresql/9.4/main/pg_hba.conf
+#chmod 640 /etc/postgresql/9.4/main/pg_hba.conf
+#chown -R postgres:postgres /etc/postgresql/9.4/main
+for node in $nodes; do
+        echo "hostssl all             all            ${node}/32              trust" >> /etc/postgresql/9.4/main/pg_hba.conf
+        echo "hostssl replication     postgres       ${node}/32              trust" >> /etc/postgresql/9.4/main/pg_hba.conf
+done
+
+#reload configuration
+systemctl daemon-reload
+
+#restart postgres
+systemctl restart postgresql
+
+#set the working directory
+cwd=$(pwd)
+cd /tmp
+
+#add the database users and databases
+sudo -u postgres psql -c "CREATE DATABASE fusionpbx;";
+sudo -u postgres psql -c "CREATE DATABASE freeswitch;";
+
+#add the users and grant permissions
+sudo -u postgres psql -c "CREATE ROLE fusionpbx WITH SUPERUSER LOGIN PASSWORD '$database_password';"
+sudo -u postgres psql -c "CREATE ROLE freeswitch WITH SUPERUSER LOGIN PASSWORD '$database_password';"
+sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;"
+sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to fusionpbx;"
+sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE freeswitch to freeswitch;"
+
+#add the postgres extensions
+sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION btree_gist;";
+sudo -u postgres psql -d fusionpbx -c "CREATE EXTENSION bdr;";
+sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION btree_gist;";
+sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION bdr;";
+
+#add master nodes
+if [ .$group_create = .true ]; then
+	#add first node
+	sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
+	sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_create(local_node_name := '$node_1', node_external_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
+else
+	#add additional master nodes
+	sudo -u postgres psql -d fusionpbx -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=fusionpbx connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
+	sudo -u postgres psql -d freeswitch -c "SELECT bdr.bdr_group_join(local_node_name := '$node_2', node_external_dsn := 'host=$node_2 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1', join_using_dsn := 'host=$node_1 port=5432 dbname=freeswitch connect_timeout=10 keepalives_idle=5 keepalives_interval=1 sslmode=require');";
+fi
+
+#load the freeswitch database
+#sudo -u postgres psql -d freeswitch -f /var/www/fusionpbx/resources/install/sql/switch.sql -L /tmp/switch-sql.log
+
+#sleeping
+if [ .$group_create = .false ]; then
+	echo "Sleeping for 15 seconds";
+	for i in `seq 1 15`; do
+		echo $i
+		sleep 1
+	done
+fi
+
+#add extension pgcrypto
+if [ .$group_create = .false ]; then
+	sudo -u postgres psql -d freeswitch -c "CREATE EXTENSION pgcrypto;";
+fi
+
+#message to user
+echo "Completed"

devuan/resources/postgresql/pg_hba.conf

@@ -0,0 +1,97 @@
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# Refer to the "Client Authentication" section in the PostgreSQL
+# documentation for a complete description of this file.  A short
+# synopsis follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.  Records take one of these forms:
+#
+# local      DATABASE  USER  METHOD  [OPTIONS]
+# host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type: "local" is a Unix-domain
+# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
+# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
+# plain TCP/IP socket.
+#
+# DATABASE can be "all", "sameuser", "samerole", "replication", a
+# database name, or a comma-separated list thereof. The "all"
+# keyword does not match "replication". Access to replication
+# must be enabled in a separate record (see example below).
+#
+# USER can be "all", a user name, a group name prefixed with "+", or a
+# comma-separated list thereof.  In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names
+# from a separate file.
+#
+# ADDRESS specifies the set of hosts the record matches.  It can be a
+# host name, or it is made up of an IP address and a CIDR mask that is
+# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
+# specifies the number of significant bits in the mask.  A host name
+# that starts with a dot (.) matches a suffix of the actual host name.
+# Alternatively, you can write an IP address and netmask in separate
+# columns to specify the set of hosts.  Instead of a CIDR-address, you
+# can write "samehost" to match any of the server's own IP addresses,
+# or "samenet" to match any address in any subnet that the server is
+# directly connected to.
+#
+# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
+# "ident", "peer", "pam", "ldap", "radius" or "cert".  Note that
+# "password" sends passwords in clear text; "md5" is preferred since
+# it sends encrypted passwords.
+#
+# OPTIONS are a set of options for the authentication in the format
+# NAME=VALUE.  The available options depend on the different
+# authentication methods -- refer to the "Client Authentication"
+# section in the documentation for a list of which options are
+# available for which authentication methods.
+#
+# Database and user names containing spaces, commas, quotes and other
+# special characters must be quoted.  Quoting one of the keywords
+# "all", "sameuser", "samerole" or "replication" makes the name lose
+# its special character, and just match a database or username with
+# that name.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can
+# use "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records.  In that case you will also need to make PostgreSQL
+# listen on a non-local interface via the listen_addresses
+# configuration parameter, or via the -i or -h command line switches.
+
+
+# DO NOT DISABLE!
+# If you change this first entry you will need to make sure that the
+# database superuser can access the database using some other method.
+# Noninteractive access to all databases is required during automatic
+# maintenance (custom daily cronjobs, replication, and similar tasks).
+#
+# Database administrative login by Unix domain socket
+local   all             postgres                                peer
+
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+
+# "local" is for Unix domain socket connections only
+local   all             all                                     peer
+# IPv4 local connections:
+host    all             all             127.0.0.1/32            trust
+# IPv6 local connections:
+host    all             all             ::1/128                 md5
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+#local   replication     postgres                                peer
+#host    replication     postgres        127.0.0.1/32            md5
+#host    replication     postgres        ::1/128                 md5

devuan/resources/postgresql/postgresql.conf

@@ -0,0 +1,618 @@
+# -----------------------------
+# PostgreSQL configuration file
+# -----------------------------
+#
+# This file consists of lines of the form:
+#
+#   name = value
+#
+# (The "=" is optional.)  Whitespace may be used.  Comments are introduced with
+# "#" anywhere on a line.  The complete list of parameter names and allowed
+# values can be found in the PostgreSQL documentation.
+#
+# The commented-out settings shown in this file represent the default values.
+# Re-commenting a setting is NOT sufficient to revert it to the default value;
+# you need to reload the server.
+#
+# This file is read on server startup and when the server receives a SIGHUP
+# signal.  If you edit the file on a running system, you have to SIGHUP the
+# server for the changes to take effect, or use "pg_ctl reload".  Some
+# parameters, which are marked below, require a server shutdown and restart to
+# take effect.
+#
+# Any parameter can also be given as a command-line option to the server, e.g.,
+# "postgres -c log_connections=on".  Some parameters can be changed at run time
+# with the "SET" SQL command.
+#
+# Memory units:  kB = kilobytes        Time units:  ms  = milliseconds
+#                MB = megabytes                     s   = seconds
+#                GB = gigabytes                     min = minutes
+#                TB = terabytes                     h   = hours
+#                                                   d   = days
+
+
+#------------------------------------------------------------------------------
+# FILE LOCATIONS
+#------------------------------------------------------------------------------
+
+# The default values of these variables are driven from the -D command-line
+# option or PGDATA environment variable, represented here as ConfigDir.
+
+data_directory = '/var/lib/postgresql/9.4/main'		# use data in another directory
+					# (change requires restart)
+hba_file = '/etc/postgresql/9.4/main/pg_hba.conf'	# host-based authentication file
+					# (change requires restart)
+ident_file = '/etc/postgresql/9.4/main/pg_ident.conf'	# ident configuration file
+					# (change requires restart)
+
+# If external_pid_file is not explicitly set, no extra PID file is written.
+external_pid_file = '/var/run/postgresql/9.4-main.pid'			# write an extra PID file
+					# (change requires restart)
+
+
+#------------------------------------------------------------------------------
+# CONNECTIONS AND AUTHENTICATION
+#------------------------------------------------------------------------------
+
+# - Connection Settings -
+
+#listen_addresses = 'localhost'		# what IP address(es) to listen on;
+					# comma-separated list of addresses;
+					# defaults to 'localhost'; use '*' for all
+					# (change requires restart)
+port = 5432				# (change requires restart)
+max_connections = 100			# (change requires restart)
+#superuser_reserved_connections = 3	# (change requires restart)
+unix_socket_directories = '/var/run/postgresql'	# comma-separated list of directories
+					# (change requires restart)
+#unix_socket_group = ''			# (change requires restart)
+#unix_socket_permissions = 0777		# begin with 0 to use octal notation
+					# (change requires restart)
+#bonjour = off				# advertise server via Bonjour
+					# (change requires restart)
+#bonjour_name = ''			# defaults to the computer name
+					# (change requires restart)
+
+# - Security and Authentication -
+
+#authentication_timeout = 1min		# 1s-600s
+ssl = true				# (change requires restart)
+#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
+					# (change requires restart)
+#ssl_prefer_server_ciphers = on		# (change requires restart)
+#ssl_ecdh_curve = 'prime256v1'		# (change requires restart)
+#ssl_renegotiation_limit = 0		# amount of data between renegotiations
+ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'		# (change requires restart)
+ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil-postgres.key'		# (change requires restart)
+#ssl_ca_file = ''			# (change requires restart)
+#ssl_crl_file = ''			# (change requires restart)
+#password_encryption = on
+#db_user_namespace = off
+
+# GSSAPI using Kerberos
+#krb_server_keyfile = ''
+#krb_caseins_users = off
+
+# - TCP Keepalives -
+# see "man 7 tcp" for details
+
+#tcp_keepalives_idle = 0		# TCP_KEEPIDLE, in seconds;
+					# 0 selects the system default
+#tcp_keepalives_interval = 0		# TCP_KEEPINTVL, in seconds;
+					# 0 selects the system default
+#tcp_keepalives_count = 0		# TCP_KEEPCNT;
+					# 0 selects the system default
+
+
+#------------------------------------------------------------------------------
+# RESOURCE USAGE (except WAL)
+#------------------------------------------------------------------------------
+
+# - Memory -
+
+shared_buffers = 128MB			# min 128kB
+					# (change requires restart)
+#huge_pages = try			# on, off, or try
+					# (change requires restart)
+#temp_buffers = 8MB			# min 800kB
+#max_prepared_transactions = 0		# zero disables the feature
+					# (change requires restart)
+# Caution: it is not advisable to set max_prepared_transactions nonzero unless
+# you actively intend to use prepared transactions.
+#work_mem = 4MB				# min 64kB
+#maintenance_work_mem = 64MB		# min 1MB
+#autovacuum_work_mem = -1		# min 1MB, or -1 to use maintenance_work_mem
+#max_stack_depth = 2MB			# min 100kB
+dynamic_shared_memory_type = posix	# the default is the first option
+					# supported by the operating system:
+					#   posix
+					#   sysv
+					#   windows
+					#   mmap
+					# use none to disable dynamic shared memory
+
+# - Disk -
+
+#temp_file_limit = -1			# limits per-session temp file space
+					# in kB, or -1 for no limit
+
+# - Kernel Resource Usage -
+
+#max_files_per_process = 1000		# min 25
+					# (change requires restart)
+#shared_preload_libraries = ''		# (change requires restart)
+
+# - Cost-Based Vacuum Delay -
+
+#vacuum_cost_delay = 0			# 0-100 milliseconds
+#vacuum_cost_page_hit = 1		# 0-10000 credits
+#vacuum_cost_page_miss = 10		# 0-10000 credits
+#vacuum_cost_page_dirty = 20		# 0-10000 credits
+#vacuum_cost_limit = 200		# 1-10000 credits
+
+# - Background Writer -
+
+#bgwriter_delay = 200ms			# 10-10000ms between rounds
+#bgwriter_lru_maxpages = 100		# 0-1000 max buffers written/round
+#bgwriter_lru_multiplier = 2.0		# 0-10.0 multipler on buffers scanned/round
+
+# - Asynchronous Behavior -
+
+#effective_io_concurrency = 1		# 1-1000; 0 disables prefetching
+#max_worker_processes = 8
+
+
+#------------------------------------------------------------------------------
+# WRITE AHEAD LOG
+#------------------------------------------------------------------------------
+
+# - Settings -
+
+#wal_level = minimal			# minimal, archive, hot_standby, or logical
+					# (change requires restart)
+#fsync = on				# turns forced synchronization on or off
+#synchronous_commit = on		# synchronization level;
+					# off, local, remote_write, or on
+#wal_sync_method = fsync		# the default is the first option
+					# supported by the operating system:
+					#   open_datasync
+					#   fdatasync (default on Linux)
+					#   fsync
+					#   fsync_writethrough
+					#   open_sync
+#full_page_writes = on			# recover from partial page writes
+#wal_log_hints = off			# also do full page writes of non-critical updates
+					# (change requires restart)
+#wal_buffers = -1			# min 32kB, -1 sets based on shared_buffers
+					# (change requires restart)
+#wal_writer_delay = 200ms		# 1-10000 milliseconds
+
+#commit_delay = 0			# range 0-100000, in microseconds
+#commit_siblings = 5			# range 1-1000
+
+# - Checkpoints -
+
+#checkpoint_segments = 3		# in logfile segments, min 1, 16MB each
+#checkpoint_timeout = 5min		# range 30s-1h
+#checkpoint_completion_target = 0.5	# checkpoint target duration, 0.0 - 1.0
+#checkpoint_warning = 30s		# 0 disables
+
+# - Archiving -
+
+#archive_mode = off		# allows archiving to be done
+				# (change requires restart)
+#archive_command = ''		# command to use to archive a logfile segment
+				# placeholders: %p = path of file to archive
+				#               %f = file name only
+				# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
+#archive_timeout = 0		# force a logfile segment switch after this
+				# number of seconds; 0 disables
+
+
+#------------------------------------------------------------------------------
+# REPLICATION
+#------------------------------------------------------------------------------
+
+# - Sending Server(s) -
+
+# Set these on the master and on any standby that will send replication data.
+
+#max_wal_senders = 0		# max number of walsender processes
+				# (change requires restart)
+#wal_keep_segments = 0		# in logfile segments, 16MB each; 0 disables
+#wal_sender_timeout = 60s	# in milliseconds; 0 disables
+
+#max_replication_slots = 0	# max number of replication slots
+#track_commit_timestamp = off	# collect timestamp of transaction commit
+				# (change requires restart)
+
+# - Master Server -
+
+# These settings are ignored on a standby server.
+
+#synchronous_standby_names = ''	# standby servers that provide sync rep
+				# comma-separated list of application_name
+				# from standby(s); '*' = all
+#vacuum_defer_cleanup_age = 0	# number of xacts by which cleanup is delayed
+
+# - Standby Servers -
+
+# These settings are ignored on a master server.
+
+#hot_standby = off			# "on" allows queries during recovery
+					# (change requires restart)
+#max_standby_archive_delay = 30s	# max delay before canceling queries
+					# when reading WAL from archive;
+					# -1 allows indefinite delay
+#max_standby_streaming_delay = 30s	# max delay before canceling queries
+					# when reading streaming WAL;
+					# -1 allows indefinite delay
+#wal_receiver_status_interval = 10s	# send replies at least this often
+					# 0 disables
+#hot_standby_feedback = off		# send info from standby to prevent
+					# query conflicts
+#wal_receiver_timeout = 60s		# time that receiver waits for
+					# communication from master
+					# in milliseconds; 0 disables
+
+
+#------------------------------------------------------------------------------
+# QUERY TUNING
+#------------------------------------------------------------------------------
+
+# - Planner Method Configuration -
+
+#enable_bitmapscan = on
+#enable_hashagg = on
+#enable_hashjoin = on
+#enable_indexscan = on
+#enable_indexonlyscan = on
+#enable_material = on
+#enable_mergejoin = on
+#enable_nestloop = on
+#enable_seqscan = on
+#enable_sort = on
+#enable_tidscan = on
+
+# - Planner Cost Constants -
+
+#seq_page_cost = 1.0			# measured on an arbitrary scale
+#random_page_cost = 4.0			# same scale as above
+#cpu_tuple_cost = 0.01			# same scale as above
+#cpu_index_tuple_cost = 0.005		# same scale as above
+#cpu_operator_cost = 0.0025		# same scale as above
+#effective_cache_size = 4GB
+
+# - Genetic Query Optimizer -
+
+#geqo = on
+#geqo_threshold = 12
+#geqo_effort = 5			# range 1-10
+#geqo_pool_size = 0			# selects default based on effort
+#geqo_generations = 0			# selects default based on effort
+#geqo_selection_bias = 2.0		# range 1.5-2.0
+#geqo_seed = 0.0			# range 0.0-1.0
+
+# - Other Planner Options -
+
+#default_statistics_target = 100	# range 1-10000
+#constraint_exclusion = partition	# on, off, or partition
+#cursor_tuple_fraction = 0.1		# range 0.0-1.0
+#from_collapse_limit = 8
+#join_collapse_limit = 8		# 1 disables collapsing of explicit
+					# JOIN clauses
+
+
+#------------------------------------------------------------------------------
+# ERROR REPORTING AND LOGGING
+#------------------------------------------------------------------------------
+
+# - Where to Log -
+
+#log_destination = 'stderr'		# Valid values are combinations of
+					# stderr, csvlog, syslog, and eventlog,
+					# depending on platform.  csvlog
+					# requires logging_collector to be on.
+
+# This is used when logging to stderr:
+#logging_collector = off		# Enable capturing of stderr and csvlog
+					# into log files. Required to be on for
+					# csvlogs.
+					# (change requires restart)
+
+# These are only used if logging_collector is on:
+#log_directory = 'pg_log'		# directory where log files are written,
+					# can be absolute or relative to PGDATA
+#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'	# log file name pattern,
+					# can include strftime() escapes
+#log_file_mode = 0600			# creation mode for log files,
+					# begin with 0 to use octal notation
+#log_truncate_on_rotation = off		# If on, an existing log file with the
+					# same name as the new log file will be
+					# truncated rather than appended to.
+					# But such truncation only occurs on
+					# time-driven rotation, not on restarts
+					# or size-driven rotation.  Default is
+					# off, meaning append to existing files
+					# in all cases.
+#log_rotation_age = 1d			# Automatic rotation of logfiles will
+					# happen after that time.  0 disables.
+#log_rotation_size = 10MB		# Automatic rotation of logfiles will
+					# happen after that much log output.
+					# 0 disables.
+
+# These are relevant when logging to syslog:
+#syslog_facility = 'LOCAL0'
+#syslog_ident = 'postgres'
+
+# This is only relevant when logging to eventlog (win32):
+#event_source = 'PostgreSQL'
+
+# - When to Log -
+
+#client_min_messages = notice		# values in order of decreasing detail:
+					#   debug5
+					#   debug4
+					#   debug3
+					#   debug2
+					#   debug1
+					#   log
+					#   notice
+					#   warning
+					#   error
+
+#log_min_messages = warning		# values in order of decreasing detail:
+					#   debug5
+					#   debug4
+					#   debug3
+					#   debug2
+					#   debug1
+					#   info
+					#   notice
+					#   warning
+					#   error
+					#   log
+					#   fatal
+					#   panic
+
+#log_min_error_statement = error	# values in order of decreasing detail:
+					#   debug5
+					#   debug4
+					#   debug3
+					#   debug2
+					#   debug1
+					#   info
+					#   notice
+					#   warning
+					#   error
+					#   log
+					#   fatal
+					#   panic (effectively off)
+
+#log_min_duration_statement = -1	# -1 is disabled, 0 logs all statements
+					# and their durations, > 0 logs only
+					# statements running at least this number
+					# of milliseconds
+
+
+# - What to Log -
+
+#debug_print_parse = off
+#debug_print_rewritten = off
+#debug_print_plan = off
+#debug_pretty_print = on
+#log_checkpoints = off
+#log_connections = off
+#log_disconnections = off
+#log_duration = off
+#log_error_verbosity = default		# terse, default, or verbose messages
+#log_hostname = off
+log_line_prefix = '%m [%p] %q%u@%d '			# special values:
+					#   %a = application name
+					#   %u = user name
+					#   %d = database name
+					#   %r = remote host and port
+					#   %h = remote host
+					#   %p = process ID
+					#   %t = timestamp without milliseconds
+					#   %m = timestamp with milliseconds
+					#   %i = command tag
+					#   %e = SQL state
+					#   %c = session ID
+					#   %l = session line number
+					#   %s = session start timestamp
+					#   %v = virtual transaction ID
+					#   %x = transaction ID (0 if none)
+					#   %q = stop here in non-session
+					#        processes
+					#   %% = '%'
+					# e.g. '<%u%%%d> '
+#log_lock_waits = off			# log lock waits >= deadlock_timeout
+#log_statement = 'none'			# none, ddl, mod, all
+#log_temp_files = -1			# log temporary files equal or larger
+					# than the specified size in kilobytes;
+					# -1 disables, 0 logs all temp files
+log_timezone = 'UTC'
+
+
+#------------------------------------------------------------------------------
+# RUNTIME STATISTICS
+#------------------------------------------------------------------------------
+
+# - Query/Index Statistics Collector -
+
+#track_activities = on
+#track_counts = on
+#track_io_timing = off
+#track_functions = none			# none, pl, all
+#track_activity_query_size = 1024	# (change requires restart)
+#update_process_title = on
+stats_temp_directory = '/var/run/postgresql/9.4-main.pg_stat_tmp'
+
+
+# - Statistics Monitoring -
+
+#log_parser_stats = off
+#log_planner_stats = off
+#log_executor_stats = off
+#log_statement_stats = off
+
+
+#------------------------------------------------------------------------------
+# AUTOVACUUM PARAMETERS
+#------------------------------------------------------------------------------
+
+#autovacuum = on			# Enable autovacuum subprocess?  'on'
+					# requires track_counts to also be on.
+#log_autovacuum_min_duration = -1	# -1 disables, 0 logs all actions and
+					# their durations, > 0 logs only
+					# actions running at least this number
+					# of milliseconds.
+#autovacuum_max_workers = 3		# max number of autovacuum subprocesses
+					# (change requires restart)
+#autovacuum_naptime = 1min		# time between autovacuum runs
+#autovacuum_vacuum_threshold = 50	# min number of row updates before
+					# vacuum
+#autovacuum_analyze_threshold = 50	# min number of row updates before
+					# analyze
+#autovacuum_vacuum_scale_factor = 0.2	# fraction of table size before vacuum
+#autovacuum_analyze_scale_factor = 0.1	# fraction of table size before analyze
+#autovacuum_freeze_max_age = 200000000	# maximum XID age before forced vacuum
+					# (change requires restart)
+#autovacuum_multixact_freeze_max_age = 400000000	# maximum multixact age
+					# before forced vacuum
+					# (change requires restart)
+#autovacuum_vacuum_cost_delay = 20ms	# default vacuum cost delay for
+					# autovacuum, in milliseconds;
+					# -1 means use vacuum_cost_delay
+#autovacuum_vacuum_cost_limit = -1	# default vacuum cost limit for
+					# autovacuum, -1 means use
+					# vacuum_cost_limit
+
+
+#------------------------------------------------------------------------------
+# CLIENT CONNECTION DEFAULTS
+#------------------------------------------------------------------------------
+
+# - Statement Behavior -
+
+#search_path = '"$user",public'		# schema names
+#default_tablespace = ''		# a tablespace name, '' uses the default
+#temp_tablespaces = ''			# a list of tablespace names, '' uses
+					# only default tablespace
+#check_function_bodies = on
+#default_transaction_isolation = 'read committed'
+#default_transaction_read_only = off
+#default_transaction_deferrable = off
+#session_replication_role = 'origin'
+#statement_timeout = 0			# in milliseconds, 0 is disabled
+#lock_timeout = 0			# in milliseconds, 0 is disabled
+#vacuum_freeze_min_age = 50000000
+#vacuum_freeze_table_age = 150000000
+#vacuum_multixact_freeze_min_age = 5000000
+#vacuum_multixact_freeze_table_age = 150000000
+#bytea_output = 'hex'			# hex, escape
+#xmlbinary = 'base64'
+#xmloption = 'content'
+#gin_fuzzy_search_limit = 0
+
+# - Locale and Formatting -
+
+datestyle = 'iso, mdy'
+#intervalstyle = 'postgres'
+timezone = 'UTC'
+#timezone_abbreviations = 'Default'     # Select the set of available time zone
+					# abbreviations.  Currently, there are
+					#   Default
+					#   Australia (historical usage)
+					#   India
+					# You can create your own file in
+					# share/timezonesets/.
+#extra_float_digits = 0			# min -15, max 3
+#client_encoding = sql_ascii		# actually, defaults to database
+					# encoding
+
+# These settings are initialized by initdb, but they can be changed.
+lc_messages = 'en_US.UTF-8'			# locale for system error message
+					# strings
+lc_monetary = 'en_US.UTF-8'			# locale for monetary formatting
+lc_numeric = 'en_US.UTF-8'			# locale for number formatting
+lc_time = 'en_US.UTF-8'				# locale for time formatting
+
+# default configuration for text search
+default_text_search_config = 'pg_catalog.english'
+
+# - Other Defaults -
+
+#dynamic_library_path = '$libdir'
+#local_preload_libraries = ''
+#session_preload_libraries = ''
+
+
+#------------------------------------------------------------------------------
+# LOCK MANAGEMENT
+#------------------------------------------------------------------------------
+
+#deadlock_timeout = 1s
+#max_locks_per_transaction = 64		# min 10
+					# (change requires restart)
+#max_pred_locks_per_transaction = 64	# min 10
+					# (change requires restart)
+
+
+#------------------------------------------------------------------------------
+# VERSION/PLATFORM COMPATIBILITY
+#------------------------------------------------------------------------------
+
+# - Previous PostgreSQL Versions -
+
+#array_nulls = on
+#backslash_quote = safe_encoding	# on, off, or safe_encoding
+#default_with_oids = off
+#escape_string_warning = on
+#lo_compat_privileges = off
+#quote_all_identifiers = off
+#sql_inheritance = on
+#standard_conforming_strings = on
+#synchronize_seqscans = on
+
+# - Other Platforms and Clients -
+
+#transform_null_equals = off
+
+
+#------------------------------------------------------------------------------
+# ERROR HANDLING
+#------------------------------------------------------------------------------
+
+#exit_on_error = off			# terminate session on any error?
+#restart_after_crash = on		# reinitialize after backend crash?
+
+
+#------------------------------------------------------------------------------
+# CONFIG FILE INCLUDES
+#------------------------------------------------------------------------------
+
+# These options allow settings to be loaded from files other than the
+# default postgresql.conf.
+
+#include_dir = 'conf.d'			# include files ending in '.conf' from
+					# directory 'conf.d'
+#include_if_exists = 'exists.conf'	# include file only if it exists
+#include = 'special.conf'		# include file
+
+
+#------------------------------------------------------------------------------
+# CUSTOMIZED OPTIONS
+#------------------------------------------------------------------------------
+
+# Add settings for extensions here
+listen_addresses = '*'
+#listen_addresses = '127.0.0.1,xxx.xxx.xxx.xxx'
+shared_preload_libraries = 'bdr'
+wal_level = 'logical'
+track_commit_timestamp = on
+max_connections = 100
+max_wal_senders = 10
+max_replication_slots = 48
+max_worker_processes = 48

devuan/resources/reboot_phones.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+#This script will reboot all the phones in a particular domain for a specified model. A pause is optional.
+
+#gather parameters 
+read -p "Enter the Domain to Reboot (example: abc.net):" domain
+read -p "Enter the phone type to reboot (polycom, yealink, cisco):" vendor
+read -p "Enter the time in seconds to pause between phones:" pausetime
+
+#create a temp file
+NOW=$(date +"%Y%m%d_%H%M%S")
+FILE="registrations-$NOW.csv"
+
+#gather the registrations from freeswitch
+eval 'fs_cli -x "show registrations" > $FILE'
+
+#create some variables
+N=0
+ARR=()
+
+#set the internal field separator
+IFS=","
+INPUT=$FILE
+
+#Loop through the registrations and reboot
+[ ! -f $INPUT ] &while read reg_user realm extra
+do
+        if [ ."$realm" = ."$domain" ]; then
+                eval 'fs_cli -x "luarun app.lua event_notify internal reboot $reg_user@$realm $vendor"'
+		if [ "$pausetime" > 0 ]; then
+			sleep $pausetime
+        	fi
+	fi
+done < $INPUT
+IFS=$OLDIFS
+
+#remove the file
+rm $FILE

devuan/resources/sngrep.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ./config.sh
+. ./colors.sh
+. ./environment.sh
+
+#add sngrep
+if [ ."$cpu_architecture" = ."arm" ]; then
+	#source install
+	apt-get -q -y install git autoconf automake gcc make libncurses5-dev libpcap-dev libssl-dev libpcre3-dev
+	cd /usr/src && git clone https://github.com/irontec/sngrep
+	cd /usr/src/sngrep && ./bootstrap.sh
+	cd /usr/src/sngrep && ./configure
+	cd /usr/src/sngrep && make install
+else
+	#package install
+	echo 'deb http://packages.irontec.com/debian jessie main' > /etc/apt/sources.list.d/sngrep.list
+	wget http://packages.irontec.com/public.key -q -O - | apt-key add -
+	apt-get -q update
+	apt-get -y -q install sngrep
+fi

devuan/resources/switch.sh

@@ -0,0 +1,51 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ./config.sh
+
+verbose "Installing FreeSWITCH"
+
+if [ .$switch_source = .true ]; then
+	if [ ."$switch_branch" = "master" ]; then
+		switch/source-master.sh
+	else
+		switch/source-release.sh
+	fi
+
+	#copy the switch conf files to /etc/freeswitch
+	switch/conf-copy.sh
+
+	#set the file permissions
+	switch/source-permissions.sh
+
+	#sysvinit service
+	switch/source-sysvinit.sh
+fi
+
+if [ .$switch_package = .true ]; then
+	if [ ."$switch_branch" = "master" ]; then
+		if [ .$switch_package_all = .true ]; then
+			switch/package-master-all.sh
+		else
+			switch/package-master.sh
+		fi
+	else
+		if [ .$switch_package_all = .true ]; then
+			switch/package-all.sh
+		else
+			switch/package-release.sh
+		fi
+	fi
+
+	#copy the switch conf files to /etc/freeswitch
+	switch/conf-copy.sh
+
+	#set the file permissions
+	switch/package-permissions.sh
+
+	#sysvinit service
+	switch/package-sysvinit.sh
+fi

devuan/resources/switch/conf-copy.sh

@@ -0,0 +1,4 @@
+mv /etc/freeswitch /etc/freeswitch.orig
+mkdir /etc/freeswitch
+cp -R /var/www/fusionpbx/resources/templates/conf/* /etc/freeswitch
+chown -R freeswitch:freeswitch /etc/freeswitch

devuan/resources/switch/package-all.sh

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ../config.sh
+. ../colors.sh
+. ../environment.sh
+. ../arguments.sh
+
+apt-get -q update && apt-get install -y -q ntp curl memcached haveged
+
+if [ ."$cpu_architecture" = ."arm" ]; then
+        echo "deb http://repo.sip247.com/debian/freeswitch-stable-armhf/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+        curl http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add -
+else
+        echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+        curl http://files.freeswitch.org/repo/deb/freeswitch-1.6/key.gpg | apt-key add -
+fi
+apt-get -q update && apt-get install -y -q freeswitch-meta-all freeswitch-all-dbg gdb

devuan/resources/switch/package-master-all.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+apt-get update && apt-get install -y -q ntp curl memcached haveged
+curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
+echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list
+apt-get update && apt-get install -y -q freeswitch-meta-all freeswitch-all-dbg gdb
+

devuan/resources/switch/package-master.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+apt-get update && apt-get install -y -q curl memcached haveged
+curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
+echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" >> /etc/apt/sources.list.d/freeswitch.list
+apt-get update
+apt-get install -y -q ntp gdb
+apt-get install -y -q freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-sysvinit freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor
+apt-get install -y -q freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
+apt-get install -y -q freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
+apt-get install -y -q freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi
+apt-get install -y -q freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
+apt-get install -y -q freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
+apt-get install -y -q freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
+apt-get install -y -q freeswitch-mod-skypopen freeswitch-mod-skypopen-dbg freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
+apt-get install -y -q freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite
+apt-get install -y -q freeswitch-music-default
+
+#remove the music package to protect music on hold from package updates
+mkdir -p /usr/share/freeswitch/sounds/temp
+mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
+apt-get remove -y -q freeswitch-music-default
+mkdir -p /usr/share/freeswitch/sounds/music/default
+mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
+rm -R /usr/share/freeswitch/sounds/temp

devuan/resources/switch/package-permissions.sh

@@ -0,0 +1,8 @@
+#default permissions
+# Devaun packages set this up correctly
+#chown -R freeswitch:freeswitch /var/lib/freeswitch
+
+# I'm not sure this is the best place to put non-packaged files - leaving it as is for now
+chown -R freeswitch:freeswitch /usr/share/freeswitch
+touch /var/log/freeswitch/freeswitch.log
+chown -R freeswitch:freeswitch /var/log/freeswitch

devuan/resources/switch/package-release.sh

@@ -0,0 +1,41 @@
+#!/bin/sh
+
+#move to script directory so all relative paths work
+cd "$(dirname "$0")"
+
+#includes
+. ../config.sh
+. ../colors.sh
+. ../environment.sh
+
+apt-get -qq -y install curl memcached haveged
+if [ ."$cpu_architecture" = ."arm" ]; then
+        echo "deb http://repo.sip247.com/debian/freeswitch-stable-armhf/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+        curl http://repo.sip247.com/debian/sip247.com.gpg.key | apt-key add -
+        apt-get -q update
+else
+        echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+        curl http://files.freeswitch.org/repo/deb/freeswitch-1.6/key.gpg | apt-key add -
+        apt-get -q update
+fi
+
+apt-get -qq -y install gdb ntp
+apt-get -qq -y install freeswitch-meta-bare freeswitch-conf-vanilla freeswitch-sysvinit freeswitch-mod-commands freeswitch-meta-codecs freeswitch-mod-console freeswitch-mod-logfile freeswitch-mod-distributor
+apt-get -qq -y install freeswitch-lang-en freeswitch-mod-say-en freeswitch-sounds-en-us-callie
+apt-get -qq -y install freeswitch-mod-enum freeswitch-mod-cdr-csv freeswitch-mod-event-socket freeswitch-mod-sofia freeswitch-mod-sofia-dbg freeswitch-mod-loopback
+apt-get -qq -y install freeswitch-mod-conference freeswitch-mod-db freeswitch-mod-dptools freeswitch-mod-expr freeswitch-mod-fifo libyuv-dev freeswitch-mod-httapi
+apt-get -qq -y install freeswitch-mod-hash freeswitch-mod-esl freeswitch-mod-esf freeswitch-mod-fsv freeswitch-mod-valet-parking freeswitch-mod-dialplan-xml freeswitch-dbg
+apt-get -qq -y install freeswitch-mod-sndfile freeswitch-mod-native-file freeswitch-mod-local-stream freeswitch-mod-tone-stream freeswitch-mod-lua freeswitch-meta-mod-say
+apt-get -qq -y install freeswitch-mod-xml-cdr freeswitch-mod-verto freeswitch-mod-callcenter freeswitch-mod-rtc freeswitch-mod-png freeswitch-mod-json-cdr freeswitch-mod-shout
+apt-get -qq -y install freeswitch-mod-skypopen freeswitch-mod-skypopen-dbg freeswitch-mod-sms freeswitch-mod-sms-dbg freeswitch-mod-cidlookup freeswitch-mod-memcache
+apt-get -qq -y install freeswitch-mod-imagick freeswitch-mod-tts-commandline freeswitch-mod-directory freeswitch-mod-flite
+apt-get -qq -y install freeswitch-music-default
+apt-get remove -q -y freeswitch-systemd
+
+#remove the music package to protect music on hold from package updates
+mkdir -p /usr/share/freeswitch/sounds/temp
+mv /usr/share/freeswitch/sounds/music/*000 /usr/share/freeswitch/sounds/temp
+apt-get remove -y freeswitch-music-default
+mkdir -p /usr/share/freeswitch/sounds/music/default
+mv /usr/share/freeswitch/sounds/temp/* /usr/share/freeswitch/sounds/music/default
+rm -R /usr/share/freeswitch/sounds/temp

devuan/resources/switch/package-sysvinit.sh

@@ -0,0 +1,6 @@
+update-rc.d freeswitch enable
+#
+# If freeswitch is not restarted with the new config before finish.sh is run,
+# upgrade_domains.php will not set the paths correctly on the default domain
+#
+service freeswitch restart

devuan/resources/switch/source-master.sh

@@ -0,0 +1,40 @@
+#!/bin/sh
+echo "Installing the FreeSWITCH source"
+DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y -q  ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev
+apt-get install -y -q unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev
+
+apt-get update && apt-get install -y -q ntp curl haveged
+curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
+echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+echo "deb http://files.freeswitch.org/repo/deb/debian-unstable/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+apt-get update && apt-get upgrade
+apt-get install -y -q freeswitch-video-deps-most
+
+git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch
+cd /usr/src/freeswitch
+
+sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:'
+sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:'
+sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:'
+sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
+sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
+sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
+./bootstrap.sh -j
+#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs
+./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
+
+#make mod_shout-install
+make
+rm -rf /usr/local/freeswitch/{lib,mod,bin}/*
+make install
+make sounds-install moh-install
+make hd-sounds-install hd-moh-install
+make cd-sounds-install cd-moh-install
+
+#move the music into music/default directory
+mkdir -p /usr/local/freeswitch/sounds/music/default
+mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default
+
+#configure system service
+ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli
+cp "$(dirname $0)/source/freeswitch.service" /lib/systemd/system/freeswitch.service

devuan/resources/switch/source-permissions.sh

@@ -0,0 +1,6 @@
+#setup owner and group, permissions and sticky
+chown -R www-data:www-data /usr/local/freeswitch
+chmod -R ug+rw /usr/local/freeswitch
+touch /var/log/freeswitch/freeswitch.log
+chown -R www-data:www-data /var/log/freeswitch
+find /usr/local/freeswitch -type d -exec chmod 2770 {} \;

devuan/resources/switch/source-release.sh

@@ -0,0 +1,66 @@
+#!/bin/sh
+
+echo "Installing the FreeSWITCH source"
+DEBIAN_FRONTEND=none APT_LISTCHANGES_FRONTEND=none apt-get install -y -q  ntpdate libapache2-mod-log-sql-ssl libfreetype6-dev git-buildpackage doxygen yasm nasm gdb git build-essential automake autoconf 'libtool-bin|libtool' python uuid-dev zlib1g-dev 'libjpeg8-dev|libjpeg62-turbo-dev' libncurses5-dev libssl-dev libpcre3-dev libcurl4-openssl-dev libldns-dev libedit-dev libspeexdsp-dev libspeexdsp-dev libsqlite3-dev perl libgdbm-dev libdb-dev bison libvlc-dev libvlccore-dev vlc-nox pkg-config ccache libpng-dev libvpx-dev libyuv-dev libopenal-dev libbroadvoice-dev libcodec2-dev libflite-dev libg7221-dev libilbc-dev libmongoc-dev libsilk-dev libsoundtouch-dev libmagickcore-dev liblua5.2-dev libopus-dev libsndfile-dev libopencv-dev libavformat-dev libx264-dev erlang-dev libldap2-dev libmemcached-dev libperl-dev portaudio19-dev python-dev libsnmp-dev libyaml-dev libmp4v2-dev
+apt-get install -y -q ntp unzip libpq-dev memcached libshout3-dev libvpx-dev libmpg123-dev libmp3lame-dev
+
+# E: Unable to locate package libyuv-dev
+# E: Unable to locate package libbroadvoice-dev
+# E: Unable to locate package libcodec2-dev
+# E: Unable to locate package libflite-dev
+# E: Unable to locate package libg7221-dev
+# E: Unable to locate package libilbc-dev
+# E: Unable to locate package libmongoc-dev
+# E: Unable to locate package libsilk-dev
+
+apt-get update && apt-get install -y -q curl haveged
+curl https://files.freeswitch.org/repo/deb/debian/freeswitch_archive_g0.pub | apt-key add -
+echo "deb http://files.freeswitch.org/repo/deb/freeswitch-1.6/ jessie main" > /etc/apt/sources.list.d/freeswitch.list
+apt-get -q update && apt-get upgrade -y -q
+apt-get install -y -q freeswitch-video-deps-most
+
+#we are about to move out of the executing directory so we need to preserve it to return after we are done
+CWD=$(pwd)
+#git clone https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch
+#git clone -b v1.6 https://freeswitch.org/stash/scm/fs/freeswitch.git /usr/src/freeswitch
+SWITCH_MAJOR=$(git ls-remote --heads https://freeswitch.org/stash/scm/fs/freeswitch.git "v*" | cut -d/ -f 3 | grep -P '^v\d+\.\d+' | sort | tail -n 1| cut -dv -f2)
+SWITCH_MINOR=$(git ls-remote --tags https://freeswitch.org/stash/scm/fs/freeswitch.git v$SWITCH_MAJOR.* | cut -d/ -f3 | cut -dv -f2 | cut -d. -f3 | sort -n | tail -n1)
+SWITCH_VERSION=$SWITCH_MAJOR.$SWITCH_MINOR
+echo "Using version $SWITCH_VERSION"
+cd /usr/src
+wget http://files.freeswitch.org/freeswitch-releases/freeswitch-$SWITCH_VERSION.zip
+unzip freeswitch-$SWITCH_VERSION.zip
+rm -R freeswitch
+mv freeswitch-$SWITCH_VERSION freeswitch
+cd freeswitch
+
+#./bootstrap.sh -j
+sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_avmd:applications/mod_avmd:'
+sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_callcenter:applications/mod_callcenter:'
+sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_cidlookup:applications/mod_cidlookup:'
+sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_memcache:applications/mod_memcache:'
+sed -i /usr/src/freeswitch/modules.conf -e s:'#applications/mod_curl:applications/mod_curl:'
+sed -i /usr/src/freeswitch/modules.conf -e s:'#formats/mod_shout:formats/mod_shout:'
+#./configure --help
+#./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --enable-system-lua --disable-fhs
+./configure --prefix=/usr/local/freeswitch --enable-core-pgsql-support --disable-fhs
+#make mod_shout-install
+make
+rm -rf /usr/local/freeswitch/{lib,mod,bin}/*
+make install
+make sounds-install moh-install
+make hd-sounds-install hd-moh-install
+make cd-sounds-install cd-moh-install
+
+#move the music into music/default directory
+mkdir -p /usr/local/freeswitch/sounds/music/default
+mv /usr/local/freeswitch/sounds/music/*000 /usr/local/freeswitch/sounds/music/default
+
+#return to the executing directory
+cd $CWD
+
+#configure system service
+ln -s /usr/local/freeswitch/bin/fs_cli /usr/bin/fs_cli
+cp "$(dirname $0)/source/freeswitch.init" /etc/init.d/freeswitch
+chmod a+x /etc/init.d/freeswitch
+cp "$(dirname $0)/source/etc.default.freeswitch /etc/default/freeswitch

devuan/resources/switch/source-sysvinit.sh

@@ -0,0 +1,6 @@
+cp "$(dirname $0)/source/freeswitch.init" /etc/init.d/freeswitch
+cp "$(dirname $0)/source/etc.default.freeswitch" /etc/default/freeswitch
+update-rc.d freeswitch enable
+service freeswitch restart
+
+echo "Please configure the sysvinit start up script from the source dir, test, and contribute code. Thank you."

devuan/resources/switch/source-to-package.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+#make sure the etc fusionpbx directory exists 
+mkdir -p /etc/fusionpbx
+
+#remove init.d startup script
+mv /etc/init.d/freeswitch /usr/src/init.d.freeswitch
+update-rc.d -f freeswitch remove
+
+#add the the freeswitch package
+$(dirname $0)/package-release.sh
+
+#install freeswitch systemd.d
+$(dirname $0)/package-systemd.sh
+
+#update fail2ban
+sed -i /etc/fail2ban/jail.local -e s:'/usr/local/freeswitch/log:/var/log/freeswitch:'
+service fail2ban restart
+
+#move source files to package directories
+rsync -avz /usr/local/freeswitch/conf/* /etc/freeswitch
+rsync -avz /usr/local/freeswitch/recordings /var/lib/freeswitch
+rsync -avz /usr/local/freeswitch/storage /var/lib/freeswitch
+rsync -avz /usr/local/freeswitch/scripts /usr/share/freeswitch

devuan/resources/switch/source/etc.default.freeswitch

@@ -0,0 +1,8 @@
+# /etc/default/freeswitch
+FS_USER="www-data"
+FS_GROUP="www-data"
+DAEMON_OPTS="-nonat -ncwait -u www-data -g www-data -run /var/run/freeswitch"
+
+# this is the packaged version. But since the source install does not work. I've not tested any of this.
+# /etc/default/freeswitch
+#DAEMON_OPTS="-nonat"

devuan/resources/switch/source/freeswitch.init

@@ -0,0 +1,133 @@
+#!/bin/sh
+### -*- mode:shell-script; indent-tabs-mode:nil; sh-basic-offset:2 -*-
+### BEGIN INIT INFO
+# Provides: freeswitch
+# Required-Start: $network $remote_fs $local_fs
+# Required-Stop: $network $remote_fs $local_fs
+# Should-Start: postgresql mysql memcached mongodb
+# Should-Stop: postgresql mysql memcached mongodb
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: FreeSWITCH Softswitch
+# Description: FreeSWITCH Softswitch
+### END INIT INFO
+
+# Author: Travis Cross <[email protected]>
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC=freeswitch
+NAME=freeswitch
+DAEMON=/usr/bin/freeswitch
+USER=freeswitch
+DAEMON_ARGS="-u $USER -ncwait"
+CONFDIR=/etc/$NAME
+RUNDIR=/var/run/$NAME
+PIDFILE=$RUNDIR/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+WORKDIR=/var/log/$NAME
+
+[ -x $DAEMON ] || exit 0
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+. /lib/init/vars.sh
+. /lib/lsb/init-functions
+
+do_start() {
+  if ! [ -f $CONFDIR/freeswitch.xml ]; then
+    echo "$NAME is not configured so not starting.">&2
+    echo "Please add configuration under /etc/freeswitch">&2
+    echo "e.g. Install freeswitch-conf-vanilla, then:">&2
+    echo "cp -a /usr/share/freeswitch/conf/vanilla /etc/freeswitch">&2
+    return 3
+  fi
+
+  # Directory in /var/run may disappear on reboot (e.g. when tmpfs used for /var/run).
+  mkdir -p $RUNDIR
+  chown -R $USER: $RUNDIR
+  chmod -R ug=rwX,o= $RUNDIR
+
+  start-stop-daemon --start --quiet \
+    --pidfile $PIDFILE --exec $DAEMON --name $NAME --user $USER \
+    --test > /dev/null \
+    || return 1
+  ulimit -s 240
+  start-stop-daemon --start --quiet \
+    --pidfile $PIDFILE --exec $DAEMON --name $NAME --user $USER \
+    --chdir $WORKDIR -- $DAEMON_ARGS $DAEMON_OPTS \
+    || return 2
+  return 0
+}
+
+stop_fs() {
+  start-stop-daemon --stop --quiet \
+    --pidfile $PIDFILE --name $NAME --user $USER \
+    --retry=TERM/30/KILL/5
+}
+
+stop_fs_children() {
+  start-stop-daemon --stop --quiet \
+    --exec $DAEMON \
+    --oknodo --retry=0/30/KILL/5
+}
+
+do_stop() {
+  stop_fs
+  RETVAL="$?"
+  [ "$RETVAL" -eq 2 ] && return 2
+  stop_fs_children
+  [ "$?" -eq 2 ] && return 2
+  rm -f $PIDFILE
+  return "$RETVAL"
+}
+
+do_reload() {
+  start-stop-daemon --stop --quiet \
+    --pidfile $PIDFILE --name $NAME --user $USER \
+    --signal HUP
+}
+
+case "$1" in
+  start)
+    [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME"
+    do_start
+    case "$?" in
+      0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+      2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+    esac
+    ;;
+  stop)
+    [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+    do_stop
+    case "$?" in
+      0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+      2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+    esac
+    ;;
+  status)
+    status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+    ;;
+  reload|force-reload)
+    log_daemon_msg "Reloading $DESC" "$NAME"
+    do_reload
+    log_end_msg $?
+    ;;
+  restart)
+    log_daemon_msg "Restarting $DESC" "$NAME"
+    do_stop
+    case "$?" in
+      0|1)
+        do_start
+        case "$?" in
+          0) log_end_msg 0 ;;
+          1|*) log_end_msg 1 ;;
+        esac
+        ;;
+      *) log_end_msg 1 ;;
+    esac
+    ;;
+  *)
+    echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+    exit 3
+    ;;
+esac
+
+exit 0