#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # Installs mesh applications. This avoids duplicated functions # within freedombone and freedombone-image-customize and also # for client installs # # License # ======= # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . PROJECT_NAME='freedombone' COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt export TEXTDOMAIN=${PROJECT_NAME}-mesh-install export TEXTDOMAINDIR="/usr/share/locale" # for mesh installs TRACKER_PORT=6969 WIFI_CHANNEL=2 WIFI_INTERFACE='wlan0' # B.A.T.M.A.N settings BATMAN_CELLID='02:BA:00:00:03:01' WIFI_SSID='mesh' # Babel BABEL_PORT=6696 rootdir='' FN= CHROOT_PREFIX='' FRIENDS_MIRRORS_SERVER= # To avoid confusions these are obtained from the main project file TOXID_REPO= TOX_PORT= TOXCORE_REPO= TOXIC_REPO= TOXCORE_COMMIT= TOXIC_COMMIT= # These are some default nodes, but you can replace them with trusted nodes # as you prefer. See https://wiki.tox.im/Nodes TOX_NODES= #TOX_NODES=( # '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US' # '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE' #) # To avoid confusions these are obtained from the main project file ZERONET_REPO= ZERONET_COMMIT= ZERONET_PORT= # Directory where source code is downloaded and compiled INSTALL_DIR=$HOME/build MESH_INSTALL_DIR=/var/lib REMOVE='no' source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-git function show_help { echo '' echo $"${PROJECT_NAME}-mesh-install -f [function] -r [rootdir]" echo '' echo $'Runs a mesh network install function' echo '' echo $' -h --help Show help' echo $' -f --function [name] Name of the function to be run' echo $' -r --rootdir [directory] Root directory' echo $' -w --wifi [interface] e.g. wlan0' echo '' exit 0 } function install_babel { $CHROOT_PREFIX apt-get -y install babeld babel_script=${rootdir}/var/lib/babel echo '#!/bin/bash' > $babel_script echo '' >> $babel_script echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script echo ' avahi-browse -atl' >> $babel_script echo ' exit 0' >> $babel_script echo 'fi' >> $babel_script echo '' >> $babel_script echo 'if [[ $1 == "start" ]]; then' >> $babel_script echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $babel_script echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $babel_script echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $babel_script echo ' systemctl restart avahi-daemon' >> $babel_script echo 'fi' >> $babel_script echo '' >> $babel_script echo "IFACE=$WIFI_INTERFACE" >> $babel_script echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script echo ' if grep -q "wlan1" /proc/net/dev; then' >> $babel_script echo ' IFACE=wlan1' >> $babel_script echo ' fi' >> $babel_script echo 'fi' >> $babel_script echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script echo ' if grep -q "wlan2" /proc/net/dev; then' >> $babel_script echo ' IFACE=wlan2' >> $babel_script echo ' fi' >> $babel_script echo 'fi' >> $babel_script echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script echo ' if grep -q "wlan3" /proc/net/dev; then' >> $babel_script echo ' IFACE=wlan3' >> $babel_script echo ' fi' >> $babel_script echo 'fi' >> $babel_script echo '' >> $babel_script echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script echo ' if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script echo ' echo "Interface $IFACE was not found"' >> $babel_script echo ' else' >> $babel_script echo ' echo "Stopping"' >> $babel_script echo ' fi' >> $babel_script echo ' ifconfig $IFACE down' >> $babel_script echo ' pkill babeld' >> $babel_script echo ' systemctl restart network-manager' >> $babel_script echo ' exit 1' >> $babel_script echo 'fi' >> $babel_script echo '' >> $babel_script echo 'systemctl stop network-manager' >> $babel_script echo 'ifconfig $IFACE down' >> $babel_script echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script echo "$WIFI_CHANNEL essid \"$WIFI_SSID\"" >> $babel_script echo 'ifconfig $IFACE up' >> $babel_script echo -n 'ifconfig $IFACE:avahi ' >> $babel_script echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script echo -n "$BABEL_PORT -d 5 " >> $babel_script echo '$IFACE' >> $babel_script echo 'exit 0' >> $babel_script chmod +x $babel_script echo '[Unit]' > ${rootdir}/etc/systemd/system/babel.service echo 'Description=Babel Mesh' >> ${rootdir}/etc/systemd/system/babel.service echo '' >> ${rootdir}/etc/systemd/system/babel.service echo '[Service]' >> ${rootdir}/etc/systemd/system/babel.service echo 'Type=oneshot' >> ${rootdir}/etc/systemd/system/babel.service echo "ExecStart=$babel_script start" >> ${rootdir}/etc/systemd/system/babel.service echo "ExecStop=$babel_script stop" >> ${rootdir}/etc/systemd/system/babel.service echo 'RemainAfterExit=yes' >> ${rootdir}/etc/systemd/system/babel.service echo '' >> ${rootdir}/etc/systemd/system/babel.service echo '# Allow time for the server to start/stop' >> ${rootdir}/etc/systemd/system/babel.service echo 'TimeoutSec=300' >> ${rootdir}/etc/systemd/system/babel.service echo '' >> ${rootdir}/etc/systemd/system/babel.service echo '[Install]' >> /etc/systemd/system/babel.service echo 'WantedBy=multi-user.target' >> ${rootdir}/etc/systemd/system/babel.service $CHROOT_PREFIX systemctl enable babel } function install_babel_remove { $CHROOT_PREFIX systemctl stop babel $CHROOT_PREFIX apt-get -y remove --purge babeld rm ${rootdir}/var/lib/babel rm ${rootdir}/etc/systemd/system/babel.service } function mesh_avahi { $CHROOT_PREFIX apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd decarray=( 1 2 3 4 5 6 7 8 9 0 ) PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]} sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" $rootdir/etc/avahi/avahi-daemon.conf if [ ! -d $rootdir/etc/avahi/services ]; then mkdir -p $rootdir/etc/avahi/services fi # remove an avahi service which isn't used if [ -f $rootdir/etc/avahi/services/udisks.service ]; then rm $rootdir/etc/avahi/services/udisks.service fi # Add an ssh service echo '' > $rootdir/etc/avahi/services/ssh.service echo '' >> $rootdir/etc/avahi/services/ssh.service echo '' >> $rootdir/etc/avahi/services/ssh.service echo ' %h SSH' >> $rootdir/etc/avahi/services/ssh.service echo ' ' >> $rootdir/etc/avahi/services/ssh.service echo ' _ssh._tcp' >> $rootdir/etc/avahi/services/ssh.service echo " $SSH_PORT" >> $rootdir/etc/avahi/services/ssh.service echo ' ' >> $rootdir/etc/avahi/services/ssh.service echo '' >> $rootdir/etc/avahi/services/ssh.service # keep the daemon running WATCHDOG_SCRIPT_NAME="keepon" echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo ' systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME } function install_babel_client { # TODO to be fixed TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}') if [ ! -f ${rootdir}/tmp/meshtype ]; then $CHROOT_PREFIX sudo apt-get -y install babeld if [ ! -f $TOXIC_FILE ]; then $CHROOT_PREFIX sudo apt-get -y install toxic fi CURR_DIR=$(pwd) if [ ! -f ~/develop/toxid ]; then if [ ! -f ~/develop ]; then mkdir ~/develop fi cd ~/develop git_clone $TOXID_REPO ~/develop/toxid fi cd ~/develop/toxid sudo make install cd $CURR_DIR fi babel_script=${rootdir}/tmp/babel echo '#!/bin/bash' > $babel_script echo '' >> $babel_script echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script echo ' avahi-browse -atl' >> $babel_script echo ' exit 0' >> $babel_script echo 'fi' >> $babel_script echo '' >> $babel_script echo 'if [[ $1 == "start" ]]; then' >> $babel_script echo ' if [ -f /tmp/meshtype ] ; then' >> $babel_script echo ' echo "Mesh already running"' >> $babel_script echo ' return' >> $babel_script echo ' fi' >> $batman_script echo ' # install avahi' >> $babel_script echo ' apt-get -y install avahi-utils avahi-autoipd avahi-daemon avahi-dnsconfd bittornado' >> $babel_script echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script echo ' if [ -f /bin/systemctl ]; then' >> $babel_script echo ' systemctl restart avahi-daemon' >> $babel_script echo ' else' >> $babel_script echo ' service avahi-daemon restart' >> $babel_script echo ' fi' >> $babel_script echo ' echo "babel" > /tmp/meshtype' >> $babel_script echo 'fi' >> $babel_script echo '' >> $babel_script echo "IFACE=$WIFI_INTERFACE" >> $babel_script echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script echo ' if grep -q "wlan1" /proc/net/dev; then' >> $babel_script echo ' IFACE=wlan1' >> $babel_script echo ' fi' >> $babel_script echo 'fi' >> $babel_script echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script echo ' if grep -q "wlan2" /proc/net/dev; then' >> $babel_script echo ' IFACE=wlan2' >> $babel_script echo ' fi' >> $babel_script echo 'fi' >> $babel_script echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script echo ' if grep -q "wlan3" /proc/net/dev; then' >> $babel_script echo ' IFACE=wlan3' >> $babel_script echo ' fi' >> $babel_script echo 'fi' >> $babel_script echo '' >> $babel_script echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script echo ' if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script echo ' echo "Interface $IFACE was not found"' >> $babel_script echo ' else' >> $babel_script echo ' echo "Stopping"' >> $babel_script echo ' fi' >> $babel_script echo ' ifconfig $IFACE down' >> $babel_script echo ' pkill babeld' >> $babel_script echo ' if [ -f /bin/systemctl ]; then' >> $babel_script echo ' systemctl restart network-manager' >> $babel_script echo ' else' >> $babel_script echo ' service network-manager restart' >> $babel_script echo ' fi' >> $babel_script echo ' exit 1' >> $babel_script echo 'fi' >> $babel_script echo '' >> $babel_script echo 'if [ -f /bin/systemctl ]; then' >> $babel_script echo ' systemctl stop network-manager' >> $babel_script echo 'else' >> $babel_script echo ' service network-manager stop' >> $babel_script echo 'fi' >> $babel_script echo 'ifconfig $IFACE down' >> $babel_script echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script echo "$WIFI_CHANNEL essid \"$WIFI_SSID\"" >> $babel_script echo 'ifconfig $IFACE up' >> $babel_script echo -n 'ifconfig $IFACE:avahi ' >> $babel_script echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script echo -n "$BABEL_PORT -d 5 " >> $babel_script echo '$IFACE' >> $babel_script echo 'exit 0' >> $babel_script chmod +x $babel_script sudo mv $babel_script ${rootdir}/usr/bin/babel } function install_batman_remove { systemctl stop batman rm $rootdir/var/lib/batman rm $rootdir/etc/systemd/system/batman.service } function install_batman { $CHROOT_PREFIX apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl $CHROOT_PREFIX apt-get -y install python-dev libevent-dev ebtables python-pip git $CHROOT_PREFIX apt-get -y install wireless-tools rfkill if ! grep -q "batman_adv" $rootdir/etc/modules; then echo 'batman_adv' >> $rootdir/etc/modules fi BATMAN_SCRIPT=$rootdir/var/lib/batman if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT else cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT fi BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service echo '[Unit]' > $BATMAN_DAEMON echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON echo 'After=network.target' >> $BATMAN_DAEMON echo '' >> $BATMAN_DAEMON echo '[Service]' >> $BATMAN_DAEMON echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON echo 'Restart=on-failure' >> $BATMAN_DAEMON echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON echo '' >> $BATMAN_DAEMON echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON echo 'TimeoutSec=300' >> $BATMAN_DAEMON echo '' >> $BATMAN_DAEMON echo '[Install]' >> $BATMAN_DAEMON echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON $CHROOT_PREFIX systemctl enable batman } function mesh_firewall { FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT echo '' >> $MESH_FIREWALL_SCRIPT echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT echo '' >> $MESH_FIREWALL_SCRIPT echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT echo '' >> $MESH_FIREWALL_SCRIPT echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT echo '' >> $MESH_FIREWALL_SCRIPT echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT echo '' >> $MESH_FIREWALL_SCRIPT echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT chmod +x $MESH_FIREWALL_SCRIPT echo '[Unit]' > $FIREWALL_FILENAME echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME echo '' >> $FIREWALL_FILENAME echo '[Service]' >> $FIREWALL_FILENAME echo 'Type=oneshot' >> $FIREWALL_FILENAME echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME echo '' >> $FIREWALL_FILENAME echo 'TimeoutSec=30' >> $FIREWALL_FILENAME echo '' >> $FIREWALL_FILENAME echo '[Install]' >> $FIREWALL_FILENAME echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME $CHROOT_PREFIX systemctl enable meshfirewall } function enable_tox_repo { sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > /etc/apt/sources.list.d/tox.list" wget http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key sudo sh -c "apt-key add - < Release.key" sudo apt-get update echo "Tox Repository Installed." } function mesh_tox_client_qtox { enable_tox_repo sudo apt-get -y install qtox echo "qTox Installed." } function mesh_tox_client_toxic_from_repo { enable_tox_repo sudo apt-get -y install toxic echo "Toxic Installed." } while [[ $# > 1 ]] do key="$1" case $key in -h|--help) show_help ;; -f|--function) shift FN="$1" ;; -r|--rootdir) shift rootdir="$1" CHROOT_PREFIX='chroot "${rootdir}"' ;; -w|--wifi|--interface) shift WIFI_INTERFACE="$1" ;; -m|--mirror) shift FRIENDS_MIRRORS_SERVER="$1" ;; --remove) shift REMOVE="$1" ;; *) # unknown option ;; esac shift done if [[ $FN == 'babel' ]]; then if [[ $REMOVE != 'yes' ]]; then install_babel else install_babel_remove fi fi if [[ $FN == 'babel_client' ]]; then install_babel_client fi if [[ $FN == 'avahi' ]]; then mesh_avahi fi if [[ $FN == 'firewall' ]]; then mesh_firewall fi if [[ $FN == 'batman' ]]; then if [[ $REMOVE != 'yes' ]]; then install_batman else install_batman_remove fi fi if [[ $FN == 'qtox' ]]; then mesh_tox_client_qtox fi if [[ $FN == 'toxic' ]]; then mesh_tox_client_toxic_from_repo fi exit 0