re-do allow apt to perform security updates on its own

Move this into system.sh rather than anagement.sh.

This reverts commit eab28c97ff.
This commit is contained in:
Joshua Tauberer 2014-08-23 12:31:33 +00:00
parent a0b056ae29
commit 03bbd25a10
2 changed files with 14 additions and 18 deletions

View file

@ -2,7 +2,7 @@
source setup/functions.sh
apt_install python3-flask links duplicity libyaml-dev python3-dnspython unattended-upgrades
apt_install python3-flask links duplicity libyaml-dev python3-dnspython
hide_output pip3 install rtyaml
# Create a backup directory and a random key for encrypting backups.
@ -21,14 +21,6 @@ rm -f /etc/init.d/mailinabox
ln -s $(pwd)/conf/management-initscript /etc/init.d/mailinabox
hide_output update-rc.d mailinabox defaults
# Allow apt to install system updates automatically every day.
cat > /etc/apt/apt.conf.d/02periodic <<EOF;
APT::Periodic::MaxAge "7";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1";
EOF
# Perform a daily backup.
cat > /etc/cron.daily/mailinabox-backup << EOF;
#!/bin/bash

View file

@ -11,18 +11,22 @@ hide_output apt-get -y upgrade
# haveged: Provides extra entropy to /dev/random so it doesn't stall
# when generating random numbers for private keys (e.g. during
# ldns-keygen).
# unattended-upgrades: Apt tool to install security updates automatically.
# ntp: keeps the system time correct
# fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
apt_install python3 python3-pip wget curl bind9-host haveged
apt_install python3 python3-pip \
wget curl bind9-host \
haveged unattended-upgrades ntp fail2ban
# Turn on basic services:
#
# ntp: keeps the system time correct
#
# fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
#
# These services don't need further configuration and are started immediately after installation.
# Allow apt to install system updates automatically every day.
apt_install ntp fail2ban
cat > /etc/apt/apt.conf.d/02periodic <<EOF;
APT::Periodic::MaxAge "7";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1";
EOF
if [ -z "$DISABLE_FIREWALL" ]; then
# Turn on the firewall. First allow incoming SSH, then turn on the firewall.