Starting to work on an initial FreePBX setup script



  • I've never installed FreePBX, from scratch, often enough, back to back, to actually script my process.

    But today I decided to get off my ass and do a little more documentation. That turned in to me FFSing myself with "just fucking put it in a script Jared".

    I put a new folder in my FreePBX helper scripts repo.
    https://github.com/sorvani/freepbx-helper-scripts/tree/master/InitialSetup

    I will turn the module deletion into a loop once I validate all the dependencies. I believe that the current order is correct though.



  • Wondering how to better automate this first bit....

     - Install FreePBX 15 from the 2020-02 ISO
     - Log in as root to the Vultr virtual console
    useradd --create-home jbusch
    mkdir /home/jbusch/.ssh
    wget -O /home/jbusch/.ssh/authorized_keys https://gitlab.com/sorvani/public_keys/-/raw/master/authorized_keys
    chown -R jbusch:jbusch /home/jbusch/.ssh
    chmod 700 /home/jbusch/.ssh
    chmod 600 /home/jbusch/authorized_keys
    passwd jbusch
    gpasswd -a jbusch wheel
    gpasswd -a jbusch asterisk
    exit
    
     - from local terminal
    ssh pbx15.bundystl.com (or IP)
    sudo nano /etc/sshd/sshd_config
      - disable root login and password login.
    wget https://raw.githubusercontent.com/sorvani/freepbx-helper-scripts/master/InitialSetup/setup.sh
    chmod +x setup.sh
    ./setup.sh
      - wait for a while
     - Go to GUI and complete setup
     - Create admin account, activate system, and run the firewall wizard, then set interface to internet.
    


  • FYI, as of April 13, 2020, this is wehre the above leaves a FreepBX 15 system.

    [[email protected] ~]$ sudo fwconsole ma listonline
    No repos specified, using: [standard,commercial] from last GUI settings
    
    Module Version Status License
    accountcodepreserve 13.0.2.2 Enabled and up to date GPLv2
    amd 15.0.2 Enabled and up to date GPLv3+
    announcement 15.0.3.10 Enabled and up to date GPLv3+
    api Not Installed (Available online: 15.0.3.7) AGPLv3+
    areminder Not Installed (Available online: 15.0.14.20) Commercial
    arimanager 15.0.3.8 Enabled and up to date GPLv3+
    asterisk-cli 14.0.1 Enabled and up to date GPLv3+
    asteriskinfo 15.0.9 Enabled and up to date GPLv3+
    backup 15.0.8.94 Enabled and up to date GPLv3+
    blacklist 15.0.2.10 Enabled and up to date GPLv3+
    broadcast Not Installed (Available online: 15.0.12) Commercial
    builtin Enabled; Not available online
    bulkhandler 13.0.17 Enabled and up to date GPLv3+
    calendar 15.0.4.19 Enabled and up to date GPLv3+
    callback 15.0.8 Enabled and up to date GPLv3+
    callerid Not Installed (Available online: 15.0.14) Commercial
    callforward 15.0.10 Enabled and up to date AGPLv3+
    calllimit Not Installed (Available online: 15.0.5.3) Commercial
    callrecording 15.0.7.11 Enabled and up to date AGPLv3+
    callwaiting 15.0.4.2 Enabled and up to date GPLv3+
    campon 13.0.4.1 Enabled and up to date GPLv3+
    cdr 15.0.17 Enabled and up to date GPLv3+
    cel 15.0.15.8 Enabled and up to date GPLv3+
    certman 15.0.22 Enabled and up to date AGPLv3+
    cidlookup 15.0.15 Enabled and up to date GPLv3+
    conferences 15.0.7.4 Enabled and up to date GPLv3+
    conferencespro Not Installed (Available online: 15.0.3.15) Commercial
    configedit 13.0.7.1 Enabled and up to date AGPLv3+
    contactmanager 15.0.8.23 Enabled and up to date GPLv3+
    core 15.0.9.94 Enabled and up to date GPLv3+
    cos Not Installed (Available online: 15.0.9) Commercial
    customappsreg 15.0.13 Enabled and up to date GPLv3+
    cxpanel Not Installed (Available online: 15.0.4) GPLv3
    dahdiconfig 15.0.5.4 Enabled and up to date GPLv3+
    dashboard 15.0.5 Enabled and up to date AGPLv3+
    daynight 15.0.11 Enabled and up to date GPLv3+
    dictate 15.0.6 Enabled and up to date GPLv3+
    digium_phones 15.0.2 Enabled and up to date GPLv2
    digiumaddoninstaller 13.0.1.1 Enabled and up to date GPLv2
    directory 15.0.16 Enabled and up to date GPLv3+
    disa 15.0.4.7 Enabled and up to date AGPLv3+
    donotdisturb 15.0.6 Enabled and up to date GPLv3+
    endpoint Not Installed (Available online: 15.0.27.16) Commercial
    extensionroutes Not Installed (Available online: 15.0.5) Commercial
    extensionsettings 13.0.4 Enabled and up to date GPLv3+
    fax 15.0.19 Enabled and up to date GPLv3+
    faxpro Not Installed (Available online: 15.0.8.8) Commercial
    featurecodeadmin 13.0.6.4 Enabled and up to date GPLv3+
    filestore 15.0.3.7 Enabled and up to date AGPLv3
    findmefollow 15.0.20 Enabled and up to date GPLv3+
    firewall 15.0.6.5 Enabled and up to date AGPLv3+
    framework 15.0.16.49 Enabled and up to date GPLv2+
    fw_langpacks 14.0.1 Enabled and up to date GPLv3+
    hotelwakeup 15.0.5.4 Enabled and up to date GPLv2
    iaxsettings 15.0.6 Enabled and up to date AGPLv3
    infoservices 15.0.2 Enabled and up to date GPLv2+
    iotserver Not Installed (Available online: 15.0.0.7) Commercial
    irc 13.0.1 Enabled and up to date GPLv3+
    ivr 15.0.26 Enabled and up to date GPLv3+
    languages 15.0.10 Enabled and up to date GPLv3+
    logfiles 13.0.10.7 Enabled and up to date GPLv3+
    manager 15.0.9 Enabled and up to date GPLv2+
    miscapps 15.0.8 Enabled and up to date GPLv3+
    miscdests 15.0.2.9 Enabled and up to date GPLv3+
    music 15.0.20 Enabled and up to date GPLv3+
    oracle_connector Not Installed (Available online: 14.0.1.8) Commercial
    outroutemsg 15.0.9 Enabled and up to date GPLv3+
    paging 15.0.4.21 Enabled and up to date GPLv3+
    pagingpro Not Installed (Available online: 15.0.1.16) Commercial
    parking 15.0.15 Enabled and up to date GPLv3+
    parkpro Not Installed (Available online: 15.0.12.6) Commercial
    pbdirectory 2.11.0.6 Enabled and up to date GPLv3+
    phonebook 15.0.11 Enabled and up to date GPLv3+
    phpinfo 13.0.2 Enabled and up to date GPLv2+
    pinsets 15.0.1.10 Enabled and up to date GPLv3+
    pinsetspro Not Installed (Available online: 15.0.3) Commercial
    pm2 15.0.3.7 Enabled and up to date AGPLv3+
    pms Not Installed (Available online: 15.0.2.45) Commercial
    presencestate 15.0.9 Enabled and up to date GPLv3+
    printextensions 13.0.3.2 Enabled and up to date GPLv3+
    queueprio 15.0.10 Enabled and up to date GPLv3+
    queues 15.0.17 Enabled and up to date GPLv2+
    queuestats Not Installed (Available online: 15.0.3.25) Commercial
    qxact_reports Not Installed (Available online: 15.0.3.20) Commercial
    recording_report Not Installed (Available online: 15.0.4.24) Commercial
    recordings 15.0.3.13 Enabled and up to date GPLv3+
    restapps Not Installed (Available online: 15.0.19.3) Commercial
    ringgroups 15.0.11.7 Enabled and up to date GPLv3+
    sangomacrm Not Installed (Available online: 15.0.14.43) Commercial
    setcid 15.0.8 Enabled and up to date GPLv3+
    sipsettings 15.0.6.25 Enabled and up to date AGPLv3+
    sipstation Not Installed (Available online: 15.0.5.8) Commercial
    sms Not Installed (Available online: 15.0.4) Commercial
    soundlang 15.0.5.6 Enabled and up to date GPLv3+
    speeddial 2.11.0.4 Enabled and up to date GPLv3+
    superfecta 15.0.2.23 Enabled and up to date GPLv2+
    sysadmin 15.0.13.18 Enabled and up to date Commercial
    timeconditions 15.0.15.2 Enabled and up to date GPLv3+
    tts 15.0.9 Enabled and up to date GPLv3+
    ttsengines 15.0.4.6 Enabled and up to date AGPLv3
    ucp 15.0.6.14 Enabled and up to date AGPLv3+
    userman 15.0.23 Enabled and up to date AGPLv3+
    vega Not Installed (Available online: 15.0.6) Commercial+
    vmblast 15.0.11.3 Enabled and up to date GPLv3+
    vmnotify Not Installed (Available online: 15.0.10) Commercial
    voicemail 15.0.18.13 Enabled and up to date GPLv3+
    voicemail_report Not Installed (Available online: 15.0.5) Commercial
    vqplus Not Installed (Available online: 15.0.7.15) Commercial
    weakpasswords 13.0.2 Enabled and up to date GPLv3+
    webcallback Not Installed (Available online: 15.0.6.2) Commercial
    webrtc 15.0.8 Enabled and up to date GPLv3+
    xmpp 15.0.6.4 Enabled and up to date AGPLv3
    zulu Not Installed (Available online: 15.0.58.3) Commercial


  • # Prompt for a username and password
    read -p "Enter a new username: " myUserName
    read -s -p "Enter a new password for $myUserName: " myPassword; echo
    
    # Prompt for your GitLab username
    read -p "Enter your GitLab username: " myGitLabUsername
    
    # Create user account and add user to wheel and asterisk group
    useradd --create-home $myUserName --password $myPassword
    gpasswd -a $myUserName wheel
    gpasswd -a $myUserName asterisk
    
    # Create .ssh directory, add authorized_keys file, set permissions
    mkdir /home/$myUserName/.ssh
    wget -O /home/$myUserName/.ssh/authorized_keys https://gitlab.com/$myGitLabUsername/public_keys/-/raw/master/authorized_keys
    chown -R $myUserName:$myUserName /home/$myUserName/.ssh
    chmod 700 /home/$myUserName/.ssh
    chmod 600 /home/$myUserName/.ssh/authorized_keys
    
    # Disable root login
    sed -i 's/#\?\(PerminRootLogin\s*\).*$/\1 no/' /etc/ssh/sshd_config
    # Disable PasswordAuthentication
    # Ends up with duplicate PasswordAuthentication because it modifies both #PasswordAuthentication and PasswordAuthentication
    sed -i 's/#\?\(PasswordAuthentication\s*\).*$/\1 no/' /etc/ssh/sshd_config
    
    wget https://raw.githubusercontent.com/sorvani/freepbx-helper-scripts/master/InitialSetup/setup.sh
    chmod +x setup.sh
    ./setup.sh
    
    systemctl restart sshd.service
    exit
    


  • @black3dynamite dunno if that is "better" from an automation standpoint, but it is certainly better from a guide standpoint.



  • so restoring again.

    lots of typing from the initial root login in the Vultr virtual console. I need to make that less.
    hmmm....



  • New method, testing now.

    1. Complete setup from ISO in Vultr Virtual Console.
    2. Log in as root user in the Vultr Virtual Console.
    3. Download this script and execute.
    wget https://raw.githubusercontent.com/sorvani/freepbx-helper-scripts/master/InitialSetup/root_setup.sh
    chmod +x root_setup.sh
    ./root_setup.sh
    
    1. Log in as your user via SSH
    2. Execute the setup.sh already in your home folder.
    sudo ./setup.sh
    


  • Assuming this works as planned, then making it more generic would be next up.
    For example, for getting the SSH public keys or not.



  • That worked well.

    8900cd24-a391-4e02-89dc-d9ab8c633e8d-image.png
    c3a6a8b7-1c59-42a4-81f0-b8a24627da7d-image.png



  • @JaredBusch said in Starting to work on an initial FeePBX setup script:

    @black3dynamite dunno if that is "better" from an automation standpoint, but it is certainly better from a guide standpoint.

    Yeah, I was all over the place trying to make it more of an automation deployment.

    One of the things going back and forth was the part for creating a password, I was thinking of using chage -d 0 $myUserName to force password change upon first login instead of having the user enter a password during the setup since the PasswordAuthentication is disabled. And then use arguments instead of read prompts.



  • @black3dynamite said in Starting to work on an initial FeePBX setup script:

    @JaredBusch said in Starting to work on an initial FeePBX setup script:

    @black3dynamite dunno if that is "better" from an automation standpoint, but it is certainly better from a guide standpoint.

    Yeah, I was all over the place trying to make it more of an automation deployment.

    One of the things going back and forth was the part for creating a password, I was thinking of using chage -d 0 $myUserName to force password change upon first login instead of having the user enter a password during the setup since the PasswordAuthentication is disabled. And then use arguments instead of read prompts.

    I was thinking something like that also with the new user. But I had not had time to look up the syntax.



  • Corrected the title to FreePBX instead of FeePBX, lol. Although that name would be useful somewhere, too.



  • @scottalanmiller said in Starting to work on an initial FreePBX setup script:

    Corrected the title to FreePBX instead of FeePBX, lol. Although that name would be useful somewhere, too.

    go me