From 2a3c1bb429efafae145da020b759d7526723d912 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Tue, 12 Jul 2016 08:27:11 +0100 Subject: [PATCH] Begin combining mesh install functions --- src/freedombone-app-batman | 42 +++ src/freedombone-app-syncthing | 41 +++ src/freedombone-app-tox | 240 +++++++++++++ src/freedombone-app-zeronet | 165 ++++++++- src/freedombone-image-customise | 587 +------------------------------- src/freedombone-utils-avahi | 40 +++ src/freedombone-utils-firewall | 409 ++++++++++++---------- src/freedombone-utils-web | 14 + src/freedombone-vars | 3 + 9 files changed, 781 insertions(+), 760 deletions(-) diff --git a/src/freedombone-app-batman b/src/freedombone-app-batman index cfa334d1..2d1da224 100755 --- a/src/freedombone-app-batman +++ b/src/freedombone-app-batman @@ -84,7 +84,49 @@ function remove_batman { sed -i '/configure_firewall_for_batman/d' $COMPLETION_FILE } +function mesh_install_batman { + chroot "$rootdir" apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl + chroot "$rootdir" apt-get -y install python-dev libevent-dev ebtables python-pip git + chroot "$rootdir" apt-get -y install wireless-tools rfkill + + if ! grep -q "batman_adv" $rootdir/etc/modules; then + echo 'batman_adv' >> $rootdir/etc/modules + fi + + BATMAN_SCRIPT=$rootdir/var/lib/batman + + if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then + cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT + else + cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT + fi + + BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service + echo '[Unit]' > $BATMAN_DAEMON + echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON + echo 'After=network.target' >> $BATMAN_DAEMON + echo '' >> $BATMAN_DAEMON + echo '[Service]' >> $BATMAN_DAEMON + echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON + echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON + echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON + echo 'Restart=on-failure' >> $BATMAN_DAEMON + echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON + echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON + echo '' >> $BATMAN_DAEMON + echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON + echo 'TimeoutSec=300' >> $BATMAN_DAEMON + echo '' >> $BATMAN_DAEMON + echo '[Install]' >> $BATMAN_DAEMON + echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON + chroot "$rootdir" systemctl enable batman +} + function install_batman { + if [ $INSTALLING_MESH ]; then + mesh_install_batman + return + fi if grep -Fxq "install_batman" $COMPLETION_FILE; then return fi diff --git a/src/freedombone-app-syncthing b/src/freedombone-app-syncthing index a3657733..ac806e82 100755 --- a/src/freedombone-app-syncthing +++ b/src/freedombone-app-syncthing @@ -255,7 +255,48 @@ function configure_firewall_for_syncthing { echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE } +function mesh_install_syncthing { + chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add - + + echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list + chroot "$rootdir" apt-get update + chroot "$rootdir" apt-get -y --force-yes install syncthing + + # This probably does need to run as root so that it can access the Sync directories + # in each user's home directory + chroot "$rootdir" echo '[Unit]' > /etc/systemd/system/syncthing.service + chroot "$rootdir" echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo 'After=network.target' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo '' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo '[Service]' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo 'User=root' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo '' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo '[Install]' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service + chroot "$rootdir" systemctl enable syncthing + chroot "$rootdir" systemctl daemon-reload + + if ! grep -q "syncthing" $rootdir/etc/crontab; then + chroot "$rootdir" echo "*/1 * * * * root /usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" >> /etc/crontab + chroot "$rootdir" systemctl restart cron + fi + + echo 'mesh_install_syncthing' +} + function install_syncthing { + if [ $INSTALLING_MESH ]; then + mesh_install_syncthing + return + fi + if grep -Fxq "install_syncthing" $COMPLETION_FILE; then return fi diff --git a/src/freedombone-app-tox b/src/freedombone-app-tox index ffb6a8d8..7cc9b3d8 100755 --- a/src/freedombone-app-tox +++ b/src/freedombone-app-tox @@ -246,6 +246,11 @@ function tox_avahi { } function install_tox_node { + if [ $INSTALLING_MESH ]; then + mesh_tox_node + return + fi + if grep -Fxq "install_tox_node" $COMPLETION_FILE; then return fi @@ -327,4 +332,239 @@ function install_tox { echo 'install_tox' >> $COMPLETION_FILE } +function mesh_tox_node { + # obtain commits from the main file + TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then + TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN + fi + if [ ! $TOXCORE_COMMIT ]; then + echo $'No Tox commit was specified' + exit 76325 + fi + + TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}') + if [ ${#TOX_PORT_MAIN} -gt 2 ]; then + TOX_PORT=$TOX_PORT_MAIN + fi + if [ ! $TOX_PORT ]; then + echo $'No Tox port was specified' + exit 32856 + fi + + TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}') + if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then + TOXCORE_REPO=$TOXCORE_REPO_MAIN + fi + if [ ! $TOXCORE_REPO ]; then + echo $'No Tox repo was specified' + exit 16865 + fi + + chroot "$rootdir" apt-get -y install build-essential libtool autotools-dev + chroot "$rootdir" apt-get -y install automake checkinstall check git yasm + chroot "$rootdir" apt-get -y install libsodium13 libsodium-dev libcap2-bin + chroot "$rootdir" apt-get -y install libconfig9 libconfig-dev + + + TEMP_SCRIPT_NAME=fbtmp37272.sh + TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME + echo '#!/bin/bash' > $TEMP_SCRIPT + echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT + echo "git clone $TOXCORE_REPO $INSTALL_DIR/toxcore" >> $TEMP_SCRIPT + echo "cd $INSTALL_DIR/toxcore" >> $TEMP_SCRIPT + echo "git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT" >> $TEMP_SCRIPT + echo 'autoreconf -i' >> $TEMP_SCRIPT + echo './configure --enable-daemon --disable-av' >> $TEMP_SCRIPT + echo 'make' >> $TEMP_SCRIPT + echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT + echo ' exit 1' >> $TEMP_SCRIPT + echo 'fi' >> $TEMP_SCRIPT + echo 'make install' >> $TEMP_SCRIPT + echo 'cp /usr/local/lib/libtoxcore* /usr/lib/' >> $TEMP_SCRIPT + echo "cp $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/" >> $TEMP_SCRIPT + echo "sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' /etc/systemd/system/tox-bootstrapd.service" >> $TEMP_SCRIPT + echo 'systemctl enable tox-bootstrapd.service' >> $TEMP_SCRIPT + echo 'exit 0' >> $TEMP_SCRIPT + chmod +x $TEMP_SCRIPT + cp $TEMP_SCRIPT $rootdir/root/ + + SECONDS=0 + chroot "$rootdir" /root/$TEMP_SCRIPT_NAME + if [ ! "$?" = "0" ]; then + duration=$SECONDS + echo $"Toxcore compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." + echo $'Unable to make toxcore' + rm $TEMP_SCRIPT + exit 73835 + fi + duration=$SECONDS + echo $"Toxcore compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." + rm $TEMP_SCRIPT + + if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then + echo $"File not found /usr/local/bin/tox-bootstrapd" + exit 37825 + fi + + chroot "$rootdir" useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd + chroot "$rootdir" chmod 700 /var/lib/tox-bootstrapd + + # remove Maildir + if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then + rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir + fi + + # create configuration file + TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf + echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG + echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG + echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG + echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG + echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG + echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG + echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG + echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG + echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG + echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG + + if [ $TOX_NODES ]; then + echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG + toxcount=0 + while [ "x${TOX_NODES[toxcount]}" != "x" ] + do + toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}') + toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}') + toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}') + toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}') + toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}') + echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG + if [[ $toxval_ipv6 != 'NONE' ]]; then + echo " address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG + else + echo " address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG + fi + echo " port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG + echo " public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG + toxcount=$(( $toxcount + 1 )) + if [ "x${TOX_NODES[toxcount]}" != "x" ]; then + echo "}," >> $TOX_BOOTSTRAP_CONFIG + else + echo "}" >> $TOX_BOOTSTRAP_CONFIG + fi + done + echo ')' >> $TOX_BOOTSTRAP_CONFIG + fi +} + +function mesh_tox_avahi { + if [ ! -d $rootdir/etc/avahi ]; then + echo $'tox_avahi: avahi is not installed' + exit 87359 + fi + + TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}') + if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then + TOXID_REPO=$TOXID_REPO_MAIN + fi + if [ ! $TOXID_REPO ]; then + echo $'No ToxID repo was specified' + exit 78252 + fi + + TEMP_SCRIPT_NAME=fbtmp5328252.sh + TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME + echo '#!/bin/bash' > $TEMP_SCRIPT + echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT + echo "git clone $TOXID_REPO $INSTALL_DIR/toxid" >> $TEMP_SCRIPT + echo "if [ ! -d $INSTALL_DIR/toxid ]; then" >> $TEMP_SCRIPT + echo ' exit 1' >> $TEMP_SCRIPT + echo 'fi' >> $TEMP_SCRIPT + echo "cd $INSTALL_DIR/toxid" >> $TEMP_SCRIPT + echo "make" >> $TEMP_SCRIPT + echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT + echo ' exit 2' >> $TEMP_SCRIPT + echo 'fi' >> $TEMP_SCRIPT + echo 'make install' >> $TEMP_SCRIPT + echo 'if [ ! -f /usr/local/bin/toxavahi ]; then' >> $TEMP_SCRIPT + echo ' exit 3' >> $TEMP_SCRIPT + echo 'fi' >> $TEMP_SCRIPT + echo 'toxavahi' >> $TEMP_SCRIPT + echo 'echo "* * * * * root /usr/local/bin/toxavahi > /dev/null" >> /etc/crontab' >> $TEMP_SCRIPT + echo 'systemctl restart avahi-daemon' >> $TEMP_SCRIPT + echo 'exit 0' >> $TEMP_SCRIPT + chmod +x $TEMP_SCRIPT + cp $TEMP_SCRIPT $rootdir/root/ + + chroot "$rootdir" /root/$TEMP_SCRIPT_NAME + if [ ! "$?" = "0" ]; then + echo $"Unable to install toxid, returned $?" + rm $TEMP_SCRIPT + exit 62835 + fi + rm $TEMP_SCRIPT +} + +function mesh_tox_client { + TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') + + # obtain commits from the main file + TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then + TOXIC_COMMIT=$TOXIC_COMMIT_MAIN + fi + + TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}') + if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then + TOXIC_REPO=$TOXIC_REPO_MAIN + fi + + chroot "$rootdir" apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev + chroot "$rootdir" apt-get -y install libcurl4-openssl-dev libvpx-dev libopenal-dev + + TEMP_SCRIPT_NAME=fbtmp728353.sh + TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME + echo '#!/bin/bash' > $TEMP_SCRIPT + echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT + echo "git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT + echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT + echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT + echo 'make' >> $TEMP_SCRIPT + echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT + echo ' exit 1' >> $TEMP_SCRIPT + echo 'fi' >> $TEMP_SCRIPT + echo 'make install' >> $TEMP_SCRIPT + echo 'exit 0' >> $TEMP_SCRIPT + chmod +x $TEMP_SCRIPT + cp $TEMP_SCRIPT $rootdir/root/ + + TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') + + SECONDS=0 + chroot "$rootdir" /root/$TEMP_SCRIPT_NAME + if [ ! "$?" = "0" ]; then + duration=$SECONDS + echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." + echo $'Unable to make tox client' + rm $TEMP_SCRIPT + exit 74872 + fi + rm $TEMP_SCRIPT + if [ ! -f $rootdir$TOXIC_FILE ]; then + echo $"Tox client was not installed to $TOXIC_FILE" + exit 63278 + fi + duration=$SECONDS + echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." +} + +function enable_tox_repo { + echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list + + + chroot "$rootdir" wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key -O- | apt-key add - + chroot "$rootdir" apt-get update + echo "Tox Repository Installed." +} + # NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-zeronet b/src/freedombone-app-zeronet index 5ad3c828..f729d549 100755 --- a/src/freedombone-app-zeronet +++ b/src/freedombone-app-zeronet @@ -48,7 +48,7 @@ ZERONET_ID_REPO="https://github.com/HelloZeroNet/ZeroID" ZERONET_ID_COMMIT='ccf14fdc96fa9cdb2ddd8a7ab283a8e17a4f234b' function reconfigure_zeronet { - echo -n '' + echo -n '' } function upgrade_zeronet { @@ -454,7 +454,170 @@ function install_zeronet_main { echo 'install_zeronet_main' >> $COMPLETION_FILE } +function mesh_zeronet { + # obtain commits from the main file + ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + if [ ${#ZERONET_COMMIT_MAIN} -gt 10 ]; then + ZERONET_COMMIT=$ZERONET_COMMIT_MAIN + fi + if [ ! $ZERONET_COMMIT ]; then + echo $'No Tox commit was specified' + exit 37046 + fi + + ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}') + if [ ${#ZERONET_REPO_MAIN} -gt 5 ]; then + ZERONET_REPO=$ZERONET_REPO_MAIN + fi + if [ ! $ZERONET_REPO ]; then + echo $'No Tox commit was specified' + exit 37046 + fi + + ZERONET_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_PORT=" | head -n 1 | awk -F '=' '{print $2}') + if [ ${#ZERONET_PORT_MAIN} -gt 1 ]; then + ZERONET_PORT=$ZERONET_PORT_MAIN + fi + if [ ! $ZERONET_PORT ]; then + echo $'No zeronet port was specified' + exit 67433 + fi + + chroot "$rootdir" apt-get -y install python python-msgpack python-gevent + chroot "$rootdir" apt-get -y install python-pip bittornado + chroot "$rootdir" pip install msgpack-python --upgrade + + chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet + git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet + if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then + echo 'WARNING: Unable to clone zeronet' + return + fi + cd $rootdir$MESH_INSTALL_DIR/zeronet + git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT + if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then + echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE + else + sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE + fi + chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet + + # Hack to ensure that the file access port is opened + # This is because zeronet normally relies on an internet site + # to do this, but on a purely local mesh the internet isn't available + sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py + + ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service + echo '[Unit]' > $ZERONET_DAEMON + echo 'Description=Zeronet Server' >> $ZERONET_DAEMON + echo 'After=syslog.target' >> $ZERONET_DAEMON + echo 'After=network.target' >> $ZERONET_DAEMON + echo '[Service]' >> $ZERONET_DAEMON + echo 'Type=simple' >> $ZERONET_DAEMON + echo 'User=zeronet' >> $ZERONET_DAEMON + echo 'Group=zeronet' >> $ZERONET_DAEMON + echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON + echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON + echo '' >> $ZERONET_DAEMON + echo 'TimeoutSec=300' >> $ZERONET_DAEMON + echo '' >> $ZERONET_DAEMON + echo '[Install]' >> $ZERONET_DAEMON + echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON + + TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service + echo '[Unit]' > $TRACKER_DAEMON + echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON + echo 'After=syslog.target' >> $TRACKER_DAEMON + echo 'After=network.target' >> $TRACKER_DAEMON + echo '[Service]' >> $TRACKER_DAEMON + echo 'Type=simple' >> $TRACKER_DAEMON + echo 'User=tracker' >> $TRACKER_DAEMON + echo 'Group=tracker' >> $TRACKER_DAEMON + echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON + echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON + echo '' >> $TRACKER_DAEMON + echo 'TimeoutSec=300' >> $TRACKER_DAEMON + echo '' >> $TRACKER_DAEMON + echo '[Install]' >> $TRACKER_DAEMON + echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON + + chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker + if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then + mkdir $rootdir$MESH_INSTALL_DIR/tracker + fi + chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker + + # publish regularly + echo "* * * * * root zeronetavahi > /dev/null" >> $rootdir/etc/crontab + + chroot "$rootdir" systemctl enable tracker.service + chroot "$rootdir" systemctl enable zeronet.service +} + +function mesh_zeronet_blog { + ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}') + ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + + git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog + if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then + echo $'ZeroBlog repo could not be cloned' + exit 6739 + fi + cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog + git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT + chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet +} + +function mesh_zeronet_mail { + ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}') + ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + + git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail + if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then + echo $'ZeroMail repo could not be cloned' + exit 78493 + fi + cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail + git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT + chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet +} + +function mesh_zeronet_forum { + ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}') + ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + + git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk + if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then + echo $'ZeroTalk repo could not be cloned' + exit 78252 + fi + cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk + git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT + chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet +} + +function mesh_zeronet_id { + ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}') + ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') + + git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID + if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then + echo $'ZeroID repo could not be cloned' + exit 37936 + fi + cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID + git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT + chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet +} + function install_zeronet { + if [ $INSTALLING_MESH ]; then + mesh_zeronet + mesh_zeronet_blog + mesh_zeronet_mail + mesh_zeronet_forum + return + fi if grep -Fxq "install_zeronet" $COMPLETION_FILE; then return fi diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise index 3bfc5ce6..b6d8a6f5 100755 --- a/src/freedombone-image-customise +++ b/src/freedombone-image-customise @@ -491,534 +491,7 @@ ZERONET_ID_COMMIT= # Directory where source code is downloaded and compiled INSTALL_DIR=$HOME/build -function mesh_avahi { - chroot "$rootdir" apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd - - decarray=( 1 2 3 4 5 6 7 8 9 0 ) - PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]} - sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" $rootdir/etc/avahi/avahi-daemon.conf - - if [ ! -d $rootdir/etc/avahi/services ]; then - mkdir -p $rootdir/etc/avahi/services - fi - - # remove an avahi service which isn't used - if [ -f $rootdir/etc/avahi/services/udisks.service ]; then - rm $rootdir/etc/avahi/services/udisks.service - fi - - # Add an ssh service - echo '' > $rootdir/etc/avahi/services/ssh.service - echo '' >> $rootdir/etc/avahi/services/ssh.service - echo '' >> $rootdir/etc/avahi/services/ssh.service - echo ' %h SSH' >> $rootdir/etc/avahi/services/ssh.service - echo ' ' >> $rootdir/etc/avahi/services/ssh.service - echo ' _ssh._tcp' >> $rootdir/etc/avahi/services/ssh.service - echo " $SSH_PORT" >> $rootdir/etc/avahi/services/ssh.service - echo ' ' >> $rootdir/etc/avahi/services/ssh.service - echo '' >> $rootdir/etc/avahi/services/ssh.service - - # keep the daemon running - WATCHDOG_SCRIPT_NAME="keepon" - echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME - echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME - echo ' systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME - echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME - echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME - chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME -} - -function install_batman { - chroot "$rootdir" apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl - chroot "$rootdir" apt-get -y install python-dev libevent-dev ebtables python-pip git - chroot "$rootdir" apt-get -y install wireless-tools rfkill - - if ! grep -q "batman_adv" $rootdir/etc/modules; then - echo 'batman_adv' >> $rootdir/etc/modules - fi - - BATMAN_SCRIPT=$rootdir/var/lib/batman - - if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then - cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT - else - cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT - fi - - BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service - echo '[Unit]' > $BATMAN_DAEMON - echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON - echo 'After=network.target' >> $BATMAN_DAEMON - echo '' >> $BATMAN_DAEMON - echo '[Service]' >> $BATMAN_DAEMON - echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON - echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON - echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON - echo 'Restart=on-failure' >> $BATMAN_DAEMON - echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON - echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON - echo '' >> $BATMAN_DAEMON - echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON - echo 'TimeoutSec=300' >> $BATMAN_DAEMON - echo '' >> $BATMAN_DAEMON - echo '[Install]' >> $BATMAN_DAEMON - echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON - chroot "$rootdir" systemctl enable batman -} - -function mesh_firewall { - FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service - MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall - - echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT - echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT - echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT - echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT - echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT - echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT - echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT - echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT - echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT - echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT - echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT - echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT - echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT - echo '' >> $MESH_FIREWALL_SCRIPT - echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT - echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT - echo '' >> $MESH_FIREWALL_SCRIPT - echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT - echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT - echo '' >> $MESH_FIREWALL_SCRIPT - echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT - echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT - echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT - echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT - echo '' >> $MESH_FIREWALL_SCRIPT - echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT - echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT - echo '' >> $MESH_FIREWALL_SCRIPT - echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT - echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT - echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT - echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT - echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT - echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT - chmod +x $MESH_FIREWALL_SCRIPT - - echo '[Unit]' > $FIREWALL_FILENAME - echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME - echo '' >> $FIREWALL_FILENAME - echo '[Service]' >> $FIREWALL_FILENAME - echo 'Type=oneshot' >> $FIREWALL_FILENAME - echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME - echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME - echo '' >> $FIREWALL_FILENAME - echo 'TimeoutSec=30' >> $FIREWALL_FILENAME - echo '' >> $FIREWALL_FILENAME - echo '[Install]' >> $FIREWALL_FILENAME - echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME - chroot "$rootdir" systemctl enable meshfirewall -} - -function mesh_tox_node { - # obtain commits from the main file - TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then - TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN - fi - if [ ! $TOXCORE_COMMIT ]; then - echo $'No Tox commit was specified' - exit 76325 - fi - - TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}') - if [ ${#TOX_PORT_MAIN} -gt 2 ]; then - TOX_PORT=$TOX_PORT_MAIN - fi - if [ ! $TOX_PORT ]; then - echo $'No Tox port was specified' - exit 32856 - fi - - TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}') - if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then - TOXCORE_REPO=$TOXCORE_REPO_MAIN - fi - if [ ! $TOXCORE_REPO ]; then - echo $'No Tox repo was specified' - exit 16865 - fi - - chroot "$rootdir" apt-get -y install build-essential libtool autotools-dev - chroot "$rootdir" apt-get -y install automake checkinstall check git yasm - chroot "$rootdir" apt-get -y install libsodium13 libsodium-dev libcap2-bin - chroot "$rootdir" apt-get -y install libconfig9 libconfig-dev - - - TEMP_SCRIPT_NAME=fbtmp37272.sh - TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME - echo '#!/bin/bash' > $TEMP_SCRIPT - echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT - echo "git clone $TOXCORE_REPO $INSTALL_DIR/toxcore" >> $TEMP_SCRIPT - echo "cd $INSTALL_DIR/toxcore" >> $TEMP_SCRIPT - echo "git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT" >> $TEMP_SCRIPT - echo 'autoreconf -i' >> $TEMP_SCRIPT - echo './configure --enable-daemon --disable-av' >> $TEMP_SCRIPT - echo 'make' >> $TEMP_SCRIPT - echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT - echo ' exit 1' >> $TEMP_SCRIPT - echo 'fi' >> $TEMP_SCRIPT - echo 'make install' >> $TEMP_SCRIPT - echo 'cp /usr/local/lib/libtoxcore* /usr/lib/' >> $TEMP_SCRIPT - echo "cp $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/" >> $TEMP_SCRIPT - echo "sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' /etc/systemd/system/tox-bootstrapd.service" >> $TEMP_SCRIPT - echo 'systemctl enable tox-bootstrapd.service' >> $TEMP_SCRIPT - echo 'exit 0' >> $TEMP_SCRIPT - chmod +x $TEMP_SCRIPT - cp $TEMP_SCRIPT $rootdir/root/ - - SECONDS=0 - chroot "$rootdir" /root/$TEMP_SCRIPT_NAME - if [ ! "$?" = "0" ]; then - duration=$SECONDS - echo $"Toxcore compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." - echo $'Unable to make toxcore' - rm $TEMP_SCRIPT - exit 73835 - fi - duration=$SECONDS - echo $"Toxcore compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." - rm $TEMP_SCRIPT - - if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then - echo $"File not found /usr/local/bin/tox-bootstrapd" - exit 37825 - fi - - chroot "$rootdir" useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd - chroot "$rootdir" chmod 700 /var/lib/tox-bootstrapd - - # remove Maildir - if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then - rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir - fi - - # create configuration file - TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf - echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG - echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG - echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG - echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG - echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG - echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG - echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG - echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG - echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG - echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG - - if [ $TOX_NODES ]; then - echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG - toxcount=0 - while [ "x${TOX_NODES[toxcount]}" != "x" ] - do - toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}') - toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}') - toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}') - toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}') - toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}') - echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG - if [[ $toxval_ipv6 != 'NONE' ]]; then - echo " address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG - else - echo " address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG - fi - echo " port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG - echo " public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG - toxcount=$(( $toxcount + 1 )) - if [ "x${TOX_NODES[toxcount]}" != "x" ]; then - echo "}," >> $TOX_BOOTSTRAP_CONFIG - else - echo "}" >> $TOX_BOOTSTRAP_CONFIG - fi - done - echo ')' >> $TOX_BOOTSTRAP_CONFIG - fi -} - -function mesh_tox_avahi { - if [ ! -d $rootdir/etc/avahi ]; then - echo $'tox_avahi: avahi is not installed' - exit 87359 - fi - - TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}') - if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then - TOXID_REPO=$TOXID_REPO_MAIN - fi - if [ ! $TOXID_REPO ]; then - echo $'No ToxID repo was specified' - exit 78252 - fi - - TEMP_SCRIPT_NAME=fbtmp5328252.sh - TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME - echo '#!/bin/bash' > $TEMP_SCRIPT - echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT - echo "git clone $TOXID_REPO $INSTALL_DIR/toxid" >> $TEMP_SCRIPT - echo "if [ ! -d $INSTALL_DIR/toxid ]; then" >> $TEMP_SCRIPT - echo ' exit 1' >> $TEMP_SCRIPT - echo 'fi' >> $TEMP_SCRIPT - echo "cd $INSTALL_DIR/toxid" >> $TEMP_SCRIPT - echo "make" >> $TEMP_SCRIPT - echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT - echo ' exit 2' >> $TEMP_SCRIPT - echo 'fi' >> $TEMP_SCRIPT - echo 'make install' >> $TEMP_SCRIPT - echo 'if [ ! -f /usr/local/bin/toxavahi ]; then' >> $TEMP_SCRIPT - echo ' exit 3' >> $TEMP_SCRIPT - echo 'fi' >> $TEMP_SCRIPT - echo 'toxavahi' >> $TEMP_SCRIPT - echo 'echo "* * * * * root /usr/local/bin/toxavahi > /dev/null" >> /etc/crontab' >> $TEMP_SCRIPT - echo 'systemctl restart avahi-daemon' >> $TEMP_SCRIPT - echo 'exit 0' >> $TEMP_SCRIPT - chmod +x $TEMP_SCRIPT - cp $TEMP_SCRIPT $rootdir/root/ - - chroot "$rootdir" /root/$TEMP_SCRIPT_NAME - if [ ! "$?" = "0" ]; then - echo $"Unable to install toxid, returned $?" - rm $TEMP_SCRIPT - exit 62835 - fi - rm $TEMP_SCRIPT -} - -function mesh_tox_client { - TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') - - # obtain commits from the main file - TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then - TOXIC_COMMIT=$TOXIC_COMMIT_MAIN - fi - - TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}') - if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then - TOXIC_REPO=$TOXIC_REPO_MAIN - fi - - chroot "$rootdir" apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev - chroot "$rootdir" apt-get -y install libcurl4-openssl-dev libvpx-dev libopenal-dev - - TEMP_SCRIPT_NAME=fbtmp728353.sh - TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME - echo '#!/bin/bash' > $TEMP_SCRIPT - echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT - echo "git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT - echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT - echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT - echo 'make' >> $TEMP_SCRIPT - echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT - echo ' exit 1' >> $TEMP_SCRIPT - echo 'fi' >> $TEMP_SCRIPT - echo 'make install' >> $TEMP_SCRIPT - echo 'exit 0' >> $TEMP_SCRIPT - chmod +x $TEMP_SCRIPT - cp $TEMP_SCRIPT $rootdir/root/ - - TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') - - SECONDS=0 - chroot "$rootdir" /root/$TEMP_SCRIPT_NAME - if [ ! "$?" = "0" ]; then - duration=$SECONDS - echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." - echo $'Unable to make tox client' - rm $TEMP_SCRIPT - exit 74872 - fi - rm $TEMP_SCRIPT - if [ ! -f $rootdir$TOXIC_FILE ]; then - echo $"Tox client was not installed to $TOXIC_FILE" - exit 63278 - fi - duration=$SECONDS - echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." -} - -function mesh_zeronet { - # obtain commits from the main file - ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - if [ ${#ZERONET_COMMIT_MAIN} -gt 10 ]; then - ZERONET_COMMIT=$ZERONET_COMMIT_MAIN - fi - if [ ! $ZERONET_COMMIT ]; then - echo $'No Tox commit was specified' - exit 37046 - fi - - ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}') - if [ ${#ZERONET_REPO_MAIN} -gt 5 ]; then - ZERONET_REPO=$ZERONET_REPO_MAIN - fi - if [ ! $ZERONET_REPO ]; then - echo $'No Tox commit was specified' - exit 37046 - fi - - ZERONET_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_PORT=" | head -n 1 | awk -F '=' '{print $2}') - if [ ${#ZERONET_PORT_MAIN} -gt 1 ]; then - ZERONET_PORT=$ZERONET_PORT_MAIN - fi - if [ ! $ZERONET_PORT ]; then - echo $'No zeronet port was specified' - exit 67433 - fi - - chroot "$rootdir" apt-get -y install python python-msgpack python-gevent - chroot "$rootdir" apt-get -y install python-pip bittornado - chroot "$rootdir" pip install msgpack-python --upgrade - - chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet - git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet - if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then - echo 'WARNING: Unable to clone zeronet' - return - fi - cd $rootdir$MESH_INSTALL_DIR/zeronet - git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT - if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then - echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE - else - sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE - fi - chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet - - # Hack to ensure that the file access port is opened - # This is because zeronet normally relies on an internet site - # to do this, but on a purely local mesh the internet isn't available - sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py - - ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service - echo '[Unit]' > $ZERONET_DAEMON - echo 'Description=Zeronet Server' >> $ZERONET_DAEMON - echo 'After=syslog.target' >> $ZERONET_DAEMON - echo 'After=network.target' >> $ZERONET_DAEMON - echo '[Service]' >> $ZERONET_DAEMON - echo 'Type=simple' >> $ZERONET_DAEMON - echo 'User=zeronet' >> $ZERONET_DAEMON - echo 'Group=zeronet' >> $ZERONET_DAEMON - echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON - echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON - echo '' >> $ZERONET_DAEMON - echo 'TimeoutSec=300' >> $ZERONET_DAEMON - echo '' >> $ZERONET_DAEMON - echo '[Install]' >> $ZERONET_DAEMON - echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON - - TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service - echo '[Unit]' > $TRACKER_DAEMON - echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON - echo 'After=syslog.target' >> $TRACKER_DAEMON - echo 'After=network.target' >> $TRACKER_DAEMON - echo '[Service]' >> $TRACKER_DAEMON - echo 'Type=simple' >> $TRACKER_DAEMON - echo 'User=tracker' >> $TRACKER_DAEMON - echo 'Group=tracker' >> $TRACKER_DAEMON - echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON - echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON - echo '' >> $TRACKER_DAEMON - echo 'TimeoutSec=300' >> $TRACKER_DAEMON - echo '' >> $TRACKER_DAEMON - echo '[Install]' >> $TRACKER_DAEMON - echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON - - chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker - if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then - mkdir $rootdir$MESH_INSTALL_DIR/tracker - fi - chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker - - # publish regularly - echo "* * * * * root zeronetavahi > /dev/null" >> $rootdir/etc/crontab - - chroot "$rootdir" systemctl enable tracker.service - chroot "$rootdir" systemctl enable zeronet.service -} - -function mesh_zeronet_blog { - ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}') - ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - - git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog - if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then - echo $'ZeroBlog repo could not be cloned' - exit 6739 - fi - cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog - git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT - chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet -} - -function mesh_zeronet_mail { - ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}') - ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - - git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail - if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then - echo $'ZeroMail repo could not be cloned' - exit 78493 - fi - cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail - git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT - chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet -} - -function mesh_zeronet_forum { - ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}') - ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - - git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk - if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then - echo $'ZeroTalk repo could not be cloned' - exit 78252 - fi - cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk - git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT - chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet -} - -function mesh_zeronet_id { - ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}') - ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}') - - git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID - if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then - echo $'ZeroID repo could not be cloned' - exit 37936 - fi - cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID - git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT - chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet -} - -function mesh_web_server { - if [ -d /etc/apache2 ]; then - chroot "$rootdir" apt-get -y remove --purge apache2 - chroot "$rootdir" rm -rf /etc/apache2 - fi - - chroot "$rootdir" apt-get -y install nginx - - if [ ! -d $rootdir/etc/nginx ]; then - echo $'Unable to install web server' - exit 346825 - fi -} +INSTALLING_MESH= initialise_mesh() { if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then @@ -1045,17 +518,16 @@ initialise_mesh() { chroot "$rootdir" apt-get -y install firmware-iwlwifi fi + INSTALLING_MESH=1 + mesh_firewall mesh_avahi install_batman - mesh_tox_node + install_tox_node mesh_tox_avahi mesh_tox_client mesh_web_server - mesh_zeronet - mesh_zeronet_blog - mesh_zeronet_mail - mesh_zeronet_forum + install_zeronet MESH_SERVICE='mesh-setup.service' MESH_SETUP_DAEMON=$rootdir/etc/systemd/system/$MESH_SERVICE @@ -1080,55 +552,6 @@ initialise_mesh() { # User interface for USB drive installs ###################################### -function enable_tox_repo { - echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list - - - chroot "$rootdir" wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key -O- | apt-key add - - chroot "$rootdir" apt-get update - echo "Tox Repository Installed." -} - -function install_syncthing { - if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then - return - fi - - chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add - - - echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list - chroot "$rootdir" apt-get update - chroot "$rootdir" apt-get -y --force-yes install syncthing - - # This probably does need to run as root so that it can access the Sync directories - # in each user's home directory - chroot "$rootdir" echo '[Unit]' > /etc/systemd/system/syncthing.service - chroot "$rootdir" echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo 'After=network.target' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo '' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo '[Service]' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo 'User=root' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo '' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo '[Install]' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service - chroot "$rootdir" systemctl enable syncthing - chroot "$rootdir" systemctl daemon-reload - - if ! grep -q "syncthing" $rootdir/etc/crontab; then - chroot "$rootdir" echo "*/1 * * * * root /usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" >> /etc/crontab - chroot "$rootdir" systemctl restart cron - fi - - echo 'install_syncthing' -} - function mesh_client_startup_applications { if [ ! -d $rootdir/home/$MY_USERNAME/Desktop ]; then mkdir -p $rootdir/home/$MY_USERNAME/Desktop diff --git a/src/freedombone-utils-avahi b/src/freedombone-utils-avahi index 422b129f..95ced47a 100755 --- a/src/freedombone-utils-avahi +++ b/src/freedombone-utils-avahi @@ -54,6 +54,46 @@ function create_avahi_service { echo '' >> /etc/avahi/services/${service_name}.service } +function mesh_avahi { + chroot "$rootdir" apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd + + decarray=( 1 2 3 4 5 6 7 8 9 0 ) + PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]} + sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" $rootdir/etc/avahi/avahi-daemon.conf + + if [ ! -d $rootdir/etc/avahi/services ]; then + mkdir -p $rootdir/etc/avahi/services + fi + + # remove an avahi service which isn't used + if [ -f $rootdir/etc/avahi/services/udisks.service ]; then + rm $rootdir/etc/avahi/services/udisks.service + fi + + # Add an ssh service + echo '' > $rootdir/etc/avahi/services/ssh.service + echo '' >> $rootdir/etc/avahi/services/ssh.service + echo '' >> $rootdir/etc/avahi/services/ssh.service + echo ' %h SSH' >> $rootdir/etc/avahi/services/ssh.service + echo ' ' >> $rootdir/etc/avahi/services/ssh.service + echo ' _ssh._tcp' >> $rootdir/etc/avahi/services/ssh.service + echo " $SSH_PORT" >> $rootdir/etc/avahi/services/ssh.service + echo ' ' >> $rootdir/etc/avahi/services/ssh.service + echo '' >> $rootdir/etc/avahi/services/ssh.service + + # keep the daemon running + WATCHDOG_SCRIPT_NAME="keepon" + echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME + echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME + chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME +} + function configure_avahi { if grep -Fxq "configure_avahi" $COMPLETION_FILE; then return diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall index d232989d..f7857378 100755 --- a/src/freedombone-utils-firewall +++ b/src/freedombone-utils-firewall @@ -29,220 +29,275 @@ # along with this program. If not, see . function save_firewall_settings { - iptables-save > /etc/firewall.conf - ip6tables-save > /etc/firewall6.conf - printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables - printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables - printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables - chmod +x /etc/network/if-up.d/iptables + iptables-save > /etc/firewall.conf + ip6tables-save > /etc/firewall6.conf + printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables + printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables + printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables + chmod +x /etc/network/if-up.d/iptables } function enable_ipv6 { - # endure that ipv6 is enabled and can route - sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf - #sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf - #sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf - sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf - echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + # endure that ipv6 is enabled and can route + sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf + #sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf + #sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf + sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding } function configure_firewall { - if grep -q "RELATED" /etc/firewall.conf; then - # recreate the firewall to remove RELATED - sed -i "/firewall/d" $COMPLETION_FILE - fi - if grep -Fxq "configure_firewall" $COMPLETION_FILE; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - iptables -P INPUT ACCEPT - ip6tables -P INPUT ACCEPT - iptables -F - ip6tables -F - iptables -t nat -F - ip6tables -t nat -F - iptables -X - ip6tables -X - iptables -P INPUT DROP - ip6tables -P INPUT DROP - iptables -A INPUT -i lo -j ACCEPT - iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT + if grep -q "RELATED" /etc/firewall.conf; then + # recreate the firewall to remove RELATED + sed -i "/firewall/d" $COMPLETION_FILE + fi + if grep -Fxq "configure_firewall" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -P INPUT ACCEPT + ip6tables -P INPUT ACCEPT + iptables -F + ip6tables -F + iptables -t nat -F + ip6tables -t nat -F + iptables -X + ip6tables -X + iptables -P INPUT DROP + ip6tables -P INPUT DROP + iptables -A INPUT -i lo -j ACCEPT + iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT - # Make sure incoming tcp connections are SYN packets - iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP + # Make sure incoming tcp connections are SYN packets + iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP - # Drop packets with incoming fragments - iptables -A INPUT -f -j DROP + # Drop packets with incoming fragments + iptables -A INPUT -f -j DROP - # Drop bogons - iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP - iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP - iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP + # Drop bogons + iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP + iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP + iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP - # Incoming malformed NULL packets: - iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP + # Incoming malformed NULL packets: + iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP - echo 'configure_firewall' >> $COMPLETION_FILE + echo 'configure_firewall' >> $COMPLETION_FILE } function configure_firewall_ping { - if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then - return - fi - # Only allow ping for mesh installs - if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then - return - fi - iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT - iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT - function_check save_firewall_settings - save_firewall_settings - echo 'configure_firewall_ping' >> $COMPLETION_FILE + if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then + return + fi + # Only allow ping for mesh installs + if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then + return + fi + iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT + iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT + function_check save_firewall_settings + save_firewall_settings + echo 'configure_firewall_ping' >> $COMPLETION_FILE } function configure_firewall_for_avahi { - if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then - return - fi - iptables -A INPUT -p tcp --dport 548 -j ACCEPT - iptables -A INPUT -p udp --dport 548 -j ACCEPT - iptables -A INPUT -p tcp --dport 5353 -j ACCEPT - iptables -A INPUT -p udp --dport 5353 -j ACCEPT - iptables -A INPUT -p tcp --dport 5354 -j ACCEPT - iptables -A INPUT -p udp --dport 5354 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings - echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE + if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then + return + fi + iptables -A INPUT -p tcp --dport 548 -j ACCEPT + iptables -A INPUT -p udp --dport 548 -j ACCEPT + iptables -A INPUT -p tcp --dport 5353 -j ACCEPT + iptables -A INPUT -p udp --dport 5353 -j ACCEPT + iptables -A INPUT -p tcp --dport 5354 -j ACCEPT + iptables -A INPUT -p udp --dport 5354 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings + echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE } function configure_firewall_for_dns { - if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings - echo 'configure_firewall_for_dns' >> $COMPLETION_FILE + if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings + echo 'configure_firewall_for_dns' >> $COMPLETION_FILE } function configure_firewall_for_web_access { - if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT - iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi + iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT + iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE + echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE } function configure_firewall_for_web_server { - if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - iptables -A INPUT -p tcp --dport 80 -j ACCEPT - iptables -A INPUT -p tcp --dport 443 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi + iptables -A INPUT -p tcp --dport 80 -j ACCEPT + iptables -A INPUT -p tcp --dport 443 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=('HTTP 80') - OPEN_PORTS+=('HTTPS 443') - echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE + OPEN_PORTS+=('HTTP 80') + OPEN_PORTS+=('HTTPS 443') + echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE } function configure_firewall_for_ssh { - if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - iptables -A INPUT -p tcp --dport 22 -j ACCEPT - iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=("SSH $SSH_PORT") - echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE + OPEN_PORTS+=("SSH $SSH_PORT") + echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE } function configure_firewall_for_git { - if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - iptables -A INPUT -p tcp --dport 9418 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings + if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi + iptables -A INPUT -p tcp --dport 9418 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings - OPEN_PORTS+=("Git 9418") - echo 'configure_firewall_for_git' >> $COMPLETION_FILE + OPEN_PORTS+=("Git 9418") + echo 'configure_firewall_for_git' >> $COMPLETION_FILE } function configure_internet_protocol { - if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then - return - fi - if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf - sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf - sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf - sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf - sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf - sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf - sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf - sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf - sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf - sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf - if ! grep -q "ignore pings" /etc/sysctl.conf; then - echo '# ignore pings' >> /etc/sysctl.conf - echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf - echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf - fi - if ! grep -q "disable ipv6" /etc/sysctl.conf; then - echo '# disable ipv6' >> /etc/sysctl.conf - echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf - fi - if ! grep -q "net.ipv4.tcp_synack_retries" /etc/sysctl.conf; then - echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf - echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf - fi - if ! grep -q "keepalive" /etc/sysctl.conf; then - echo '# keepalive' >> /etc/sysctl.conf - echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf - echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf - echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf - fi - echo 'configure_internet_protocol' >> $COMPLETION_FILE + if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then + return + fi + if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf + sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf + sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf + sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf + sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf + sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf + sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf + sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf + sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf + sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf + if ! grep -q "ignore pings" /etc/sysctl.conf; then + echo '# ignore pings' >> /etc/sysctl.conf + echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf + echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf + fi + if ! grep -q "disable ipv6" /etc/sysctl.conf; then + echo '# disable ipv6' >> /etc/sysctl.conf + echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf + fi + if ! grep -q "net.ipv4.tcp_synack_retries" /etc/sysctl.conf; then + echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf + echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf + fi + if ! grep -q "keepalive" /etc/sysctl.conf; then + echo '# keepalive' >> /etc/sysctl.conf + echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf + echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf + echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf + fi + echo 'configure_internet_protocol' >> $COMPLETION_FILE +} + +function mesh_firewall { + FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service + MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall + + echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT + echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT + echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT + echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT + echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT + echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT + echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT + echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT + echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT + echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT + echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT + echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT + echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT + echo '' >> $MESH_FIREWALL_SCRIPT + echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT + echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT + echo '' >> $MESH_FIREWALL_SCRIPT + echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT + echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT + echo '' >> $MESH_FIREWALL_SCRIPT + echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT + echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT + echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT + echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT + echo '' >> $MESH_FIREWALL_SCRIPT + echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT + echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT + echo '' >> $MESH_FIREWALL_SCRIPT + echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT + echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT + echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT + echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT + echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT + echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT + chmod +x $MESH_FIREWALL_SCRIPT + + echo '[Unit]' > $FIREWALL_FILENAME + echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME + echo '' >> $FIREWALL_FILENAME + echo '[Service]' >> $FIREWALL_FILENAME + echo 'Type=oneshot' >> $FIREWALL_FILENAME + echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME + echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME + echo '' >> $FIREWALL_FILENAME + echo 'TimeoutSec=30' >> $FIREWALL_FILENAME + echo '' >> $FIREWALL_FILENAME + echo '[Install]' >> $FIREWALL_FILENAME + echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME + chroot "$rootdir" systemctl enable meshfirewall } diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web index 213eadf0..98de56b6 100755 --- a/src/freedombone-utils-web +++ b/src/freedombone-utils-web @@ -548,4 +548,18 @@ function install_command_line_browser { echo 'install_command_line_browser' >> $COMPLETION_FILE } +function mesh_web_server { + if [ -d /etc/apache2 ]; then + chroot "$rootdir" apt-get -y remove --purge apache2 + chroot "$rootdir" rm -rf /etc/apache2 + fi + + chroot "$rootdir" apt-get -y install nginx + + if [ ! -d $rootdir/etc/nginx ]; then + echo $'Unable to install web server' + exit 346825 + fi +} + # NOTE: deliberately no exit 0 diff --git a/src/freedombone-vars b/src/freedombone-vars index 99b9ca38..53b3fab5 100755 --- a/src/freedombone-vars +++ b/src/freedombone-vars @@ -97,4 +97,7 @@ done # optionally specify your name to appear on the blog MY_NAME=$DEFAULT_DOMAIN_NAME +# used to select mesh install functions when creating a mesh image +INSTALLING_MESH= + # NOTE: deliberately there is no "exit 0"