This commit is contained in:
Bob Mottram 2017-11-03 20:48:50 +00:00
commit 28a79f78a7
14 changed files with 110 additions and 39 deletions

View File

@ -23,7 +23,7 @@ The Freedombone Mesh is a wireless solution for autonomous or internet connected
* [[./mesh_usage.html][How to use it]] * [[./mesh_usage.html][How to use it]]
#+BEGIN_CENTER #+BEGIN_CENTER
[[file:images/mesh_architecture1.jpg]] [[file:images/mesh_logo.jpg]]
#+END_CENTER #+END_CENTER
Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small businesses who don't want the overhead of server maintenance, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies. Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small businesses who don't want the overhead of server maintenance, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies.

View File

@ -82,7 +82,7 @@ wget https://freedombone.net/downloads/current/freedombone-mesh_beaglebone-armhf
wget https://freedombone.net/downloads/current/freedombone-mesh_beaglebone-armhf.img.xz.sig wget https://freedombone.net/downloads/current/freedombone-mesh_beaglebone-armhf.img.xz.sig
gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig
sha256sum freedombone-mesh_beaglebone-armhf.img.xz sha256sum freedombone-mesh_beaglebone-armhf.img.xz
45f131995e2f77188e7ddaf2b42ca3d8d48d821d37c7a31a21e2e6dcceaf510d 60017999340a6559d1de76f3d78d9771c11de5eeefb3d3b812747ce306251e67
unxz freedombone-mesh_beaglebone-armhf.img.xz unxz freedombone-mesh_beaglebone-armhf.img.xz
sudo dd bs=1M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync sudo dd bs=1M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
#+end_src #+end_src
@ -102,7 +102,7 @@ wget https://freedombone.net/downloads/current/freedombone.tar.gz
wget https://freedombone.net/downloads/current/freedombone.tar.gz.sig wget https://freedombone.net/downloads/current/freedombone.tar.gz.sig
gpg --verify freedombone.tar.gz.sig gpg --verify freedombone.tar.gz.sig
sha256sum freedombone.tar.gz sha256sum freedombone.tar.gz
024aedd3a264e963d791daaada347aba1295bc5caebba34ad9b19dc117a8cac9 3d2a7f2bd7a3475832756b7bb63b96ba5fc4a4f4d7bffe86e685be9a3b41b958
tar -xzvf freedombone.tar.gz tar -xzvf freedombone.tar.gz
cd freedombone cd freedombone
git checkout stretch git checkout stretch

BIN
img/mesh_logo.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.9 KiB

View File

@ -682,11 +682,17 @@ function install_nextcloud_main {
fi fi
chown -R www-data:www-data config chown -R www-data:www-data config
chown -R www-data:www-data data chown -R www-data:www-data data
./occ check sudo -u www-data ./occ check
./occ status sudo -u www-data ./occ status
./occ app:list sudo -u www-data ./occ app:list
./occ app:enable encryption sudo -u www-data ./occ app:enable encryption
./occ config:system:set appstoreenabled --value=false sudo -u www-data ./occ encryption:enable
if [ ! "$?" = "0" ]; then
echo $'Encryption not enabled'
exit 73527
fi
sudo -u www-data ./occ encryption:status
sudo -u www-data ./occ config:system:set appstoreenabled --value=false
chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
chmod 0644 .htaccess chmod 0644 .htaccess

View File

@ -542,6 +542,7 @@ function install_stunnel {
echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf
echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf
echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel.conf
sed -i 's|ENABLED=.*|ENABLED=1|g' $prefix/etc/default/stunnel4 sed -i 's|ENABLED=.*|ENABLED=1|g' $prefix/etc/default/stunnel4
@ -550,6 +551,7 @@ function install_stunnel {
echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf
echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel-client.conf
echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service
echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service

View File

@ -2102,6 +2102,40 @@ function wifi_enable {
${PROJECT_NAME}-wifi --disable $disable_wifi ${PROJECT_NAME}-wifi --disable $disable_wifi
} }
function add_clacks {
clacks=
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Add Clacks Overhead" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"" 7 60 2>$data
sel=$?
case $sel in
0)
clacks=$(<$data)
if [ ${#clacks} -gt 1 ]; then
WEB_FILES=/etc/nginx/sites-available/*
for f in $WEB_FILES
do
if grep -q "X-Clacks-Overhead" $f; then
sed -i "s|X-Clacks-Overhead .*|X-Clacks-Overhead \"GNU $clacks\";|g" $f
else
sed -i "/X-Content-Type-Options/a add_header X-Clacks-Overhead \"GNU $clacks\";" $f
fi
done
systemctl restart nginx
dialog --title $"Add Clacks Overhead" \
--msgbox $"\nAdded for $clacks" 10 60
fi
;;
esac
rm $data
}
function menu_wifi { function menu_wifi {
if [[ "$(wifi_exists)" == "0" ]]; then if [[ "$(wifi_exists)" == "0" ]]; then
dialog --title $"Wifi" \ dialog --title $"Wifi" \
@ -2191,7 +2225,7 @@ function menu_top_level {
trap "rm -f $data" 0 1 2 5 15 trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \ dialog --backtitle $"Freedombone Control Panel" \
--title $"Control Panel" \ --title $"Control Panel" \
--radiolist $"Choose an operation:" 29 70 21 \ --radiolist $"Choose an operation:" 30 70 22 \
1 $"About this system" off \ 1 $"About this system" off \
2 $"Passwords" off \ 2 $"Passwords" off \
3 $"Backup and Restore" off \ 3 $"Backup and Restore" off \
@ -2209,10 +2243,11 @@ function menu_top_level {
15 $"Change the name of this system" off \ 15 $"Change the name of this system" off \
16 $"Set a static local IP address" off \ 16 $"Set a static local IP address" off \
17 $"Wifi menu" off \ 17 $"Wifi menu" off \
18 $"Check for updates" off \ 18 $"Add Clacks" off \
19 $"Power off the system" off \ 19 $"Check for updates" off \
20 $"Restart the system" off \ 20 $"Power off the system" off \
21 $"Exit" on 2> $data 21 $"Restart the system" off \
22 $"Exit" on 2> $data
sel=$? sel=$?
case $sel in case $sel in
1) exit 1;; 1) exit 1;;
@ -2242,10 +2277,11 @@ function menu_top_level {
15) change_system_name;; 15) change_system_name;;
16) set_static_IP;; 16) set_static_IP;;
17) menu_wifi;; 17) menu_wifi;;
18) check_for_updates;; 18) add_clacks;;
19) shut_down_system;; 19) check_for_updates;;
20) restart_system;; 20) shut_down_system;;
21) break;; 21) restart_system;;
22) break;;
esac esac
done done
} }

View File

@ -533,7 +533,7 @@ if [[ $VARIANT == 'mesh' ]]; then
IMAGE_NAME=$'mesh' IMAGE_NAME=$'mesh'
# typically not much disk space is needed for a mesh node # typically not much disk space is needed for a mesh node
if [ ! $IMAGE_SIZE_SPECIFIED ]; then if [ ! $IMAGE_SIZE_SPECIFIED ]; then
IMAGE_SIZE=3G IMAGE_SIZE=5G
fi fi
fi fi

View File

@ -682,6 +682,9 @@ initialise_mesh() {
chroot "$rootdir" apt-get -yq install apt-transport-https chroot "$rootdir" apt-get -yq install apt-transport-https
# install tor as a possible way of routing traffic between internet gateways
chroot "$rootdir" apt-get -yq install tor
configure_firewall configure_firewall
install_avahi install_avahi
install_batman install_batman

View File

@ -990,6 +990,11 @@ if [ -f $MESH_INSTALL_SETUP ]; then
rm -rf /etc/openvpn/easy-rsa/keys/* rm -rf /etc/openvpn/easy-rsa/keys/*
fi fi
# Remove hidden service
if [ -d /var/lib/tor/hidden_service_mesh ]; then
rm -rf /var/lib/tor/hidden_service_mesh
fi
# Remove any existing vpn client keys # Remove any existing vpn client keys
if [ -f /home/$MY_USERNAME/vpn.tar.gz ]; then if [ -f /home/$MY_USERNAME/vpn.tar.gz ]; then
rm /home/$MY_USERNAME/vpn.tar.gz rm /home/$MY_USERNAME/vpn.tar.gz
@ -1012,6 +1017,10 @@ if [ -f $MESH_INSTALL_SETUP ]; then
chown ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/.config chown ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/.config
fi fi
systemctl stop tor
systemctl disable tor
echo $'TOR disabled' >> $INSTALL_LOG
#tomb slam all #tomb slam all
tmp_ram_disk 100 tmp_ram_disk 100
enable_predictable_device_names enable_predictable_device_names

View File

@ -416,6 +416,22 @@ function start {
fi fi
fi fi
# if we have an ethernet connection to an internet router then create
# an onion address for this peer
if [[ "$ethernet_connected" != "0" ]]; then
systemctl enable tor
systemctl start tor
HIDDEN_SERVICE_PATH=/var/lib/tor/hidden_service_
if [ ! -f ${HIDDEN_SERVICE_PATH}mesh/hostname ]; then
echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}mesh/" >> /etc/tor/torrc
echo "HiddenServicePort 653 127.0.0.1:653" >> /etc/tor/torrc
systemctl restart tor
fi
else
systemctl stop tor
systemctl disable tor
fi
verify verify
} }

View File

@ -157,20 +157,16 @@ function mesh_setup_vpn {
fi fi
} }
function connect_to_vpn { function connect_to_mesh {
dialog --title $"VPN Connect to another mesh network" \ connect_title=$"Connect to another mesh network"
--backtitle $"Freedombone Mesh" \ HIDDEN_SERVICE_PATH=/var/lib/tor/hidden_service_mesh/hostname
--defaultno \ if [ -f ${HIDDEN_SERVICE_PATH} ]; then
--yesno $"\nHave you received the vpn.tar.gz file from the other mesh administrator, uncompressed it into the /home/fbone directory and also forwarded port $VPN_MESH_TLS_PORT from your internet router to this system?" 10 70 connect_title=$"Connect from $(cat $HIDDEN_SERVICE_PATH) to another mesh network"
sel=$? fi
case $sel in
1) return;;
255) return;;
esac
data=$(tempfile 2>/dev/null) data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15 trap "rm -f $data" 0 1 2 5 15
dialog --title $"VPN Connect to another mesh network" \ dialog --title "$connect_title" \
--backtitle $"Freedombone Mesh" \ --backtitle $"Freedombone Mesh" \
--inputbox $'Enter the IP address or domain name of the other mesh.' 10 60 2>$data --inputbox $'Enter the IP address or domain name of the other mesh.' 10 60 2>$data
sel=$? sel=$?
@ -180,15 +176,20 @@ function connect_to_vpn {
if [ ${#ip_or_domain} -gt 1 ]; then if [ ${#ip_or_domain} -gt 1 ]; then
if [[ "$ip_or_domain" == *'.'* ]]; then if [[ "$ip_or_domain" == *'.'* ]]; then
connect_failed=
if [ ! -f ~/client.ovpn ]; then if [ ! -f ~/client.ovpn ]; then
rm $data connect_failed=1
exit 1
fi fi
if [ ! -f ~/stunnel.pem ]; then if [ ! -f ~/stunnel.pem ]; then
rm $data connect_failed=1
exit 1
fi fi
if [ ! -f ~/stunnel.p12 ]; then if [ ! -f ~/stunnel.p12 ]; then
connect_failed=1
fi
if [ $connect_failed ]; then
dialog --title $"Connect to another mesh network" \
--msgbox $"\nObtain the vpn.tar.gz file from the other mesh administrator, uncompress it into the /home/fbone directory and also forwarded port $VPN_MESH_TLS_PORT from your internet router to this system." 10 50
rm $data rm $data
exit 1 exit 1
fi fi
@ -221,7 +222,7 @@ case $sel in
esac esac
case $(cat $data) in case $(cat $data) in
1) rm $data 1) rm $data
connect_to_vpn;; connect_to_mesh;;
2) rm $data 2) rm $data
mesh_setup_vpn;; mesh_setup_vpn;;
esac esac

View File

@ -63,9 +63,6 @@ function get_npm_arch {
function mesh_install_nodejs { function mesh_install_nodejs {
mesh_install_nodejs_prefix= mesh_install_nodejs_prefix=
if [ $rootdir ]; then if [ $rootdir ]; then
if [[ $VARIANT == "mesh" ]]; then
return
fi
mesh_install_nodejs_prefix="chroot $rootdir" mesh_install_nodejs_prefix="chroot $rootdir"
fi fi

View File

@ -124,6 +124,7 @@ function add_onion_service {
fi fi
if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> /etc/tor/torrc echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> /etc/tor/torrc
#echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
if [ ${#onion_stealth_name} -gt 0 ]; then if [ ${#onion_stealth_name} -gt 0 ]; then
echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> /etc/tor/torrc echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> /etc/tor/torrc

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<!-- 2017-10-27 Fri 13:10 --> <!-- 2017-11-01 Wed 18:58 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title> <title>&lrm;</title>
@ -261,7 +261,7 @@ The Freedombone Mesh is a wireless solution for autonomous or internet connected
<div class="org-center"> <div class="org-center">
<div class="figure"> <div class="figure">
<p><img src="images/mesh_architecture1.jpg" alt="mesh_architecture1.jpg" /> <p><img src="images/mesh_logo.jpg" alt="mesh_logo.jpg" />
</p> </p>
</div> </div>
</div> </div>