diff --git a/src/freedombone b/src/freedombone
index acac490a..0ccdf6ca 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -2931,77 +2931,8 @@ function install_zeronet {
return
fi
- apt-get -y install python python-msgpack python-gevent
- apt-get -y install python-pip bittornado
- pip install msgpack-python --upgrade
-
- useradd -d /opt/zeronet/ -s /bin/false zeronet
- git_clone $ZERONET_REPO /opt/zeronet
- if [ ! -d /opt/zeronet ]; then
- exit 56823
- fi
- cd /opt/zeronet
- git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
- if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then
- echo "ZeroNet commit:$ZERONET_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
- fi
- sudo chown -R zeronet:zeronet /opt/zeronet
-
- #git checkout bashrc/bootstrap-file
- # Hack to ensure that the file access port is opened
- # This is because zeronet normally relies on an internet site
- # to do this, but on a purely local mesh the internet isn't available
- sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' /opt/zeronet/src/Site/Site.py
-
- echo '[Unit]' > /etc/systemd/system/zeronet.service
- echo 'Description=Zeronet Server' >> /etc/systemd/system/zeronet.service
- echo 'After=syslog.target' >> /etc/systemd/system/zeronet.service
- echo 'After=network.target' >> /etc/systemd/system/zeronet.service
- echo '[Service]' >> /etc/systemd/system/zeronet.service
- echo 'Type=simple' >> /etc/systemd/system/zeronet.service
- echo 'User=zeronet' >> /etc/systemd/system/zeronet.service
- echo 'Group=zeronet' >> /etc/systemd/system/zeronet.service
- echo 'WorkingDirectory=/opt/zeronet' >> /etc/systemd/system/zeronet.service
- echo "ExecStart=/usr/bin/python zeronet.py --ip_external ${DEFAULT_DOMAIN_NAME}.local --trackers_file /opt/zeronet/bootstrap" >> /etc/systemd/system/zeronet.service
- echo '' >> /etc/systemd/system/zeronet.service
- echo 'TimeoutSec=300' >> /etc/systemd/system/zeronet.service
- echo '' >> /etc/systemd/system/zeronet.service
- echo '[Install]' >> /etc/systemd/system/zeronet.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/zeronet.service
-
- echo '[Unit]' > /etc/systemd/system/tracker.service
- echo 'Description=Torrent Tracker' >> /etc/systemd/system/tracker.service
- echo 'After=syslog.target' >> /etc/systemd/system/tracker.service
- echo 'After=network.target' >> /etc/systemd/system/tracker.service
- echo '[Service]' >> /etc/systemd/system/tracker.service
- echo 'Type=simple' >> /etc/systemd/system/tracker.service
- echo 'User=tracker' >> /etc/systemd/system/tracker.service
- echo 'Group=tracker' >> /etc/systemd/system/tracker.service
- echo 'WorkingDirectory=/opt/tracker' >> /etc/systemd/system/tracker.service
- echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /opt/tracker/dstate --logfile /opt/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> /etc/systemd/system/tracker.service
- echo '' >> /etc/systemd/system/tracker.service
- echo 'TimeoutSec=300' >> /etc/systemd/system/tracker.service
- echo '' >> /etc/systemd/system/tracker.service
- echo '[Install]' >> /etc/systemd/system/tracker.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/tracker.service
-
- useradd -d /opt/tracker/ -s /bin/false tracker
- if [ ! -d /opt/tracker ]; then
- mkdir /opt/tracker
- fi
- chown -R tracker:tracker /opt/tracker
-
- # publish regularly
- if ! grep -q "zeronetavahi" /etc/crontab; then
- echo "* * * * * root zeronetavahi > /dev/null" >> /etc/crontab
- fi
-
- systemctl enable tracker.service
- systemctl enable zeronet.service
+ ${PROJECT_NAME}=mesh-install zeronet
systemctl daemon-reload
-
systemctl start tracker.service
systemctl start zeronet.service
@@ -3081,48 +3012,19 @@ function configure_avahi {
if [[ $ENABLE_BABEL != "yes" && $ENABLE_BATMAN != "yes" && $ENABLE_CJDNS != "yes" ]]; then
return
fi
- apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd
+
+ ${PROJECT_NAME}-mesh-install avahi
if [ $DEFAULT_DOMAIN_NAME ]; then
sed -i "s|#host-name=.*|host-name=$DEFAULT_DOMAIN_NAME|g" /etc/avahi/avahi-daemon.conf
+ sed -i "s|host-name=.*|host-name=$DEFAULT_DOMAIN_NAME|g" /etc/avahi/avahi-daemon.conf
else
decarray=( 1 2 3 4 5 6 7 8 9 0 )
PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
+ sed -i "s|host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
fi
- if [ ! -d /etc/avahi/services ]; then
- mkdir -p /etc/avahi/services
- fi
-
- # remove an avahi service which isn't used
- if [ -f /etc/avahi/services/udisks.service ]; then
- rm /etc/avahi/services/udisks.service
- fi
-
- # Add an ssh service
- echo '' > /etc/avahi/services/ssh.service
- echo '' >> /etc/avahi/services/ssh.service
- echo '' >> /etc/avahi/services/ssh.service
- echo ' %h SSH' >> /etc/avahi/services/ssh.service
- echo ' ' >> /etc/avahi/services/ssh.service
- echo ' _ssh._tcp' >> /etc/avahi/services/ssh.service
- echo " $SSH_PORT" >> /etc/avahi/services/ssh.service
- echo ' ' >> /etc/avahi/services/ssh.service
- echo '' >> /etc/avahi/services/ssh.service
-
- # keep the daemon running
- echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo '# keep avahi daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo 'if [ ! $AVAHI_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo ' systemctl start avahi-daemon' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
- echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-
- systemctl restart avahi-daemon
-
echo 'configure_avahi' >> $COMPLETION_FILE
}
@@ -3133,306 +3035,21 @@ function mesh_babel {
if [[ $ENABLE_BABEL != "yes" ]]; then
return
fi
- apt-get -y install babeld
- babel_script=/var/lib/babel
-
- echo '#!/bin/bash' > $babel_script
- echo '' >> $babel_script
- echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script
- echo ' avahi-browse -atl' >> $babel_script
- echo ' exit 0' >> $babel_script
- echo 'fi' >> $babel_script
- echo '' >> $babel_script
- echo 'if [[ $1 == "start" ]]; then' >> $babel_script
- echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
- echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
- echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
- echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
- echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $babel_script
- echo ' systemctl restart avahi-daemon' >> $babel_script
- echo 'fi' >> $babel_script
- echo '' >> $babel_script
- echo "IFACE=$WIFI_INTERFACE" >> $babel_script
- echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
- echo ' if grep -q "wlan1" /proc/net/dev; then' >> $babel_script
- echo ' IFACE=wlan1' >> $babel_script
- echo ' fi' >> $babel_script
- echo 'fi' >> $babel_script
- echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
- echo ' if grep -q "wlan2" /proc/net/dev; then' >> $babel_script
- echo ' IFACE=wlan2' >> $babel_script
- echo ' fi' >> $babel_script
- echo 'fi' >> $babel_script
- echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
- echo ' if grep -q "wlan3" /proc/net/dev; then' >> $babel_script
- echo ' IFACE=wlan3' >> $babel_script
- echo ' fi' >> $babel_script
- echo 'fi' >> $babel_script
- echo '' >> $babel_script
- echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script
- echo ' if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script
- echo ' echo "Interface $IFACE was not found"' >> $babel_script
- echo ' else' >> $babel_script
- echo ' echo "Stopping"' >> $babel_script
- echo ' fi' >> $babel_script
- echo ' ifconfig $IFACE down' >> $babel_script
- echo ' pkill babeld' >> $babel_script
- echo ' systemctl restart network-manager' >> $babel_script
- echo ' exit 1' >> $babel_script
- echo 'fi' >> $babel_script
- echo '' >> $babel_script
- echo 'systemctl stop network-manager' >> $babel_script
- echo 'ifconfig $IFACE down' >> $babel_script
- echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script
- echo "$WIFI_CHANNEL essid \"$ESSID\"" >> $babel_script
- echo 'ifconfig $IFACE up' >> $babel_script
- echo -n 'ifconfig $IFACE:avahi ' >> $babel_script
- echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script
- echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script
- echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script
- echo -n "$BABEL_PORT -d 5 " >> $babel_script
- echo '$IFACE' >> $babel_script
- echo 'exit 0' >> $babel_script
- chmod +x $babel_script
-
- echo '[Unit]' > /etc/systemd/system/babel.service
- echo 'Description=Babel Mesh' >> /etc/systemd/system/babel.service
- echo '' >> /etc/systemd/system/babel.service
- echo '[Service]' >> /etc/systemd/system/babel.service
- echo 'Type=oneshot' >> /etc/systemd/system/babel.service
- echo "ExecStart=$babel_script start" >> /etc/systemd/system/babel.service
- echo "ExecStop=$babel_script stop" >> /etc/systemd/system/babel.service
- echo 'RemainAfterExit=yes' >> /etc/systemd/system/babel.service
- echo '' >> /etc/systemd/system/babel.service
- echo '# Allow time for the server to start/stop' >> /etc/systemd/system/babel.service
- echo 'TimeoutSec=300' >> /etc/systemd/system/babel.service
- echo '' >> /etc/systemd/system/babel.service
- echo '[Install]' >> /etc/systemd/system/babel.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/babel.service
- systemctl enable babel
+ ${PROJECT_NAME}-mesh-install babel
echo 'mesh_babel' >> $COMPLETION_FILE
}
-function mesh_batman_bridge {
- # https://sudoroom.org/wiki/Mesh/Relay_setup
- # also see http://www.netlore.co.uk/airmesh/
- # https://www.youtube.com/watch?v=CLKHWfQlFqQ
- # http://pastebin.com/4U9vdFFm
- # http://pastebin.com/eeTmL5XL
- if grep -Fxq "mesh_batman_bridge" $COMPLETION_FILE; then
+function mesh_batman {
+ if grep -Fxq "mesh_batman" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_BATMAN != "yes" ]]; then
return
fi
- apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
- apt-get -y install python-dev libevent-dev ebtables python-pip git
- apt-get -y install wireless-tools rfkill
-
- #install_vpn_tunnel
-
- modprobe batman-adv
- [ $? -ne 0 ] && echo "B.A.T.M.A.N module not available" && exit 76482
- if ! grep -q "batman_adv" /etc/modules; then
- echo 'batman_adv' >> /etc/modules
- fi
-
- batman_script=/var/lib/batman
-
- echo '#!/bin/bash' > $batman_script
- echo '' >> $batman_script
- echo 'if [[ $1 == "start" ]]; then' >> $batman_script
- echo ' # install avahi' >> $batman_script
- echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
- echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
- echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
- echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
- echo ' sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
- echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $batman_script
- echo 'fi' >> $batman_script
- echo '' >> $batman_script
- echo '# Mesh definition' >> $batman_script
- echo "ESSID=$ESSID" >> $batman_script
- echo "CELLID=$BATMAN_CELLID" >> $batman_script
- echo "CHANNEL=$WIFI_CHANNEL" >> $batman_script
- echo '' >> $batman_script
- echo '# Ethernet bridge definition (bridged to bat0)' >> $batman_script
- echo 'BRIDGE=br-mesh' >> $batman_script
- echo "IFACE=$WIFI_INTERFACE" >> $batman_script
- echo 'EIFACE=eth0' >> $batman_script
- echo '' >> $batman_script
- echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script
- echo ' if grep -q "wlan1" /proc/net/dev; then' >> $batman_script
- echo ' IFACE=wlan1' >> $batman_script
- echo ' fi' >> $batman_script
- echo 'fi' >> $batman_script
- echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script
- echo ' if grep -q "wlan2" /proc/net/dev; then' >> $batman_script
- echo ' IFACE=wlan2' >> $batman_script
- echo ' fi' >> $batman_script
- echo 'fi' >> $batman_script
- echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script
- echo ' if grep -q "wlan3" /proc/net/dev; then' >> $batman_script
- echo ' IFACE=wlan3' >> $batman_script
- echo ' fi' >> $batman_script
- echo 'fi' >> $batman_script
- echo '' >> $batman_script
- echo 'if [ -e /etc/default/batctl ]; then' >> $batman_script
- echo ' . /etc/default/batctl' >> $batman_script
- echo 'fi' >> $batman_script
- echo '' >> $batman_script
- echo 'start() {' >> $batman_script
- echo ' if [ -z "$IFACE" ] ; then' >> $batman_script
- echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $batman_script
- echo ' return' >> $batman_script
- echo ' fi' >> $batman_script
- echo ' echo "info: enabling batman-adv mesh network $ESSID on $IFACE"' >> $batman_script
-
- echo ' systemctl stop network-manager' >> $batman_script
- echo ' sleep 5' >> $batman_script
- echo '' >> $batman_script
- echo " # remove an avahi service which isn't used" >> $batman_script
- echo ' if [ -f /etc/avahi/services/udisks.service ]; then' >> $batman_script
- echo ' sudo rm /etc/avahi/services/udisks.service' >> $batman_script
- echo ' fi' >> $batman_script
- echo '' >> $batman_script
- echo ' # Might have to re-enable wifi' >> $batman_script
- echo ' rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true' >> $batman_script
- echo '' >> $batman_script
- echo ' ifconfig $IFACE down' >> $batman_script
- echo ' ifconfig $IFACE mtu 1532' >> $batman_script
- echo ' iwconfig $IFACE enc off' >> $batman_script
- echo ' iwconfig $IFACE mode ad-hoc essid $ESSID channel $CHANNEL' >> $batman_script
- echo ' sleep 1' >> $batman_script
- echo ' iwconfig $IFACE ap $CELLID' >> $batman_script
- echo '' >> $batman_script
- echo ' modprobe batman-adv' >> $batman_script
- echo ' batctl if add $IFACE' >> $batman_script
- echo ' ifconfig $IFACE up' >> $batman_script
- echo ' avahi-autoipd --force-bind --daemonize --wait $BRIDGE' >> $batman_script
- echo ' avahi-autoipd --force-bind --daemonize --wait $IFACE' >> $batman_script
- echo ' ifconfig bat0 up promisc' >> $batman_script
- echo '' >> $batman_script
- echo ' #Use persistent HWAddr' >> $batman_script
- echo ' ether_new=$(ifconfig eth0 | grep HWaddr | sed -e "s/.*HWaddr //")' >> $batman_script
- echo ' if [ ! -f /var/lib/mesh-node/bat0 ]; then' >> $batman_script
- echo ' mkdir /var/lib/mesh-node' >> $batman_script
- echo ' echo "${ether_new}" > /var/lib/mesh-node/bat0' >> $batman_script
- echo ' else' >> $batman_script
- echo ' ether=$(cat /var/lib/mesh-node/bat0)' >> $batman_script
- echo ' ifconfig bat0 hw ether ${ether}' >> $batman_script
- echo ' fi' >> $batman_script
- echo '' >> $batman_script
- echo ' if [ "$EIFACE" ] ; then' >> $batman_script
- echo ' brctl addbr $BRIDGE' >> $batman_script
- echo ' brctl addif $BRIDGE bat0' >> $batman_script
- echo ' brctl addif $BRIDGE $EIFACE' >> $batman_script
- echo ' ifconfig bat0 0.0.0.0' >> $batman_script
- echo ' ifconfig $EIFACE 0.0.0.0' >> $batman_script
- echo ' ifconfig $EIFACE up promisc' >> $batman_script
- echo ' ifconfig $BRIDGE up' >> $batman_script
- echo ' fi' >> $batman_script
- echo '' >> $batman_script
- echo ' iptables -A INPUT -p tcp --dport 548 -j ACCEPT' >> $batman_script
- echo ' iptables -A INPUT -p udp --dport 548 -j ACCEPT' >> $batman_script
- echo ' iptables -A INPUT -p tcp --dport 5353 -j ACCEPT' >> $batman_script
- echo ' iptables -A INPUT -p udp --dport 5353 -j ACCEPT' >> $batman_script
- echo ' iptables -A INPUT -p tcp --dport 5354 -j ACCEPT' >> $batman_script
- echo ' iptables -A INPUT -p udp --dport 5354 -j ACCEPT' >> $batman_script
- echo " iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
- echo " iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
- echo " iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $batman_script
- echo '' >> $batman_script
- echo ' systemctl restart avahi-daemon' >> $batman_script
- echo '}' >> $batman_script
- echo '' >> $batman_script
- echo 'stop() {' >> $batman_script
- echo ' if [ -z "$IFACE" ]; then' >> $batman_script
- echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $batman_script
- echo ' return' >> $batman_script
- echo ' fi' >> $batman_script
- echo ' if [ "$EIFACE" ]; then' >> $batman_script
- echo ' brctl delif $BRIDGE bat0' >> $batman_script
- echo ' brctl delif $BRIDGE $EIFACE' >> $batman_script
- echo ' ifconfig $BRIDGE down || true' >> $batman_script
- echo ' brctl delbr $BRIDGE' >> $batman_script
- echo ' ifconfig $EIFACE down -promisc' >> $batman_script
- echo ' fi' >> $batman_script
- echo '' >> $batman_script
- echo ' avahi-autoipd -k $BRIDGE' >> $batman_script
- echo ' avahi-autoipd -k $IFACE' >> $batman_script
- echo ' ifconfig bat0 down -promisc' >> $batman_script
- echo '' >> $batman_script
- echo ' batctl if del $IFACE' >> $batman_script
- echo ' rmmod batman-adv' >> $batman_script
- echo ' ifconfig $IFACE mtu 1500' >> $batman_script
- echo ' ifconfig $IFACE down' >> $batman_script
- echo ' iwconfig $IFACE mode managed' >> $batman_script
- echo '' >> $batman_script
- echo ' iptables -D INPUT -p tcp --dport 548 -j ACCEPT' >> $batman_script
- echo ' iptables -D INPUT -p udp --dport 548 -j ACCEPT' >> $batman_script
- echo ' iptables -D INPUT -p tcp --dport 5353 -j ACCEPT' >> $batman_script
- echo ' iptables -D INPUT -p udp --dport 5353 -j ACCEPT' >> $batman_script
- echo ' iptables -D INPUT -p tcp --dport 5354 -j ACCEPT' >> $batman_script
- echo ' iptables -D INPUT -p udp --dport 5354 -j ACCEPT' >> $batman_script
- echo " iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
- echo " iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
- echo " iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $batman_script
- echo '' >> $batman_script
- echo ' systemctl restart network-manager' >> $batman_script
- echo '}' >> $batman_script
- echo '' >> $batman_script
- echo 'if ! grep -q "$IFACE" /proc/net/dev; then' >> $batman_script
- echo ' echo "Interface $IFACE was not found"' >> $batman_script
- echo ' stop' >> $batman_script
- echo ' exit 1' >> $batman_script
- echo 'fi' >> $batman_script
- echo '' >> $batman_script
- echo 'case "$1" in' >> $batman_script
- echo ' start|stop)' >> $batman_script
- echo ' $1' >> $batman_script
- echo ' ;;' >> $batman_script
- echo ' restart)' >> $batman_script
- echo ' stop' >> $batman_script
- echo ' sleep 10' >> $batman_script
- echo ' start' >> $batman_script
- echo ' ;;' >> $batman_script
- echo ' status)' >> $batman_script
- echo ' batctl o' >> $batman_script
- echo ' ;;' >> $batman_script
- echo ' ping)' >> $batman_script
- echo ' batctl ping $2' >> $batman_script
- echo ' ;;' >> $batman_script
- echo ' ls|list)' >> $batman_script
- echo ' avahi-browse -atl' >> $batman_script
- echo ' ;;' >> $batman_script
- echo ' *)' >> $batman_script
- echo ' echo "error: invalid parameter $1"' >> $batman_script
- echo ' echo "usage: $0 {start|stop|restart|status|ping|ls|list}"' >> $batman_script
- echo ' exit 2' >> $batman_script
- echo ' ;;' >> $batman_script
- echo 'esac' >> $batman_script
- echo 'exit 0' >> $batman_script
- chmod +x $batman_script
-
- echo '[Unit]' > /etc/systemd/system/batman.service
- echo 'Description=B.A.T.M.A.N. Advanced' >> /etc/systemd/system/batman.service
- echo '' >> /etc/systemd/system/batman.service
- echo '[Service]' >> /etc/systemd/system/batman.service
- echo 'Type=oneshot' >> /etc/systemd/system/batman.service
- echo "ExecStart=$batman_script start" >> /etc/systemd/system/batman.service
- echo "ExecStop=$batman_script stop" >> /etc/systemd/system/batman.service
- echo 'RemainAfterExit=yes' >> /etc/systemd/system/batman.service
- echo '' >> /etc/systemd/system/batman.service
- echo '# Allow time for the server to start/stop' >> /etc/systemd/system/batman.service
- echo 'TimeoutSec=300' >> /etc/systemd/system/batman.service
- echo '' >> /etc/systemd/system/batman.service
- echo '[Install]' >> /etc/systemd/system/batman.service
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/batman.service
- systemctl enable batman
+ ${PROJECT_NAME}-mesh-install -f batman
if ! grep -q "Mesh Networking (B.A.T.M.A.N)" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
@@ -3446,7 +3063,7 @@ function mesh_batman_bridge {
chmod 600 /home/$MY_USERNAME/README
fi
- echo 'mesh_batman_bridge' >> $COMPLETION_FILE
+ echo 'mesh_batman' >> $COMPLETION_FILE
}
function remove_instructions_from_motd {
@@ -7203,106 +6820,7 @@ function install_tox_node {
return
fi
- # toxcore
- apt-get -y install build-essential libtool autotools-dev
- apt-get -y install automake checkinstall check git yasm
- apt-get -y install libsodium13 libsodium-dev libcap2-bin
- apt-get -y install libconfig9 libconfig-dev
-
- cd $INSTALL_DIR
- git_clone $TOX_REPO $INSTALL_DIR/toxcore
- cd $INSTALL_DIR/toxcore
-
- git checkout $TOX_COMMIT -b $TOX_COMMIT
- if ! grep -q "toxcore commit" $COMPLETION_FILE; then
- echo "toxcore commit:$TOX_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/toxcore commit.*/toxcore commit:$TOX_COMMIT/g" $COMPLETION_FILE
- fi
-
- autoreconf -i
- ./configure --enable-daemon
- if [ ! "$?" = "0" ]; then
- exit 78467
- fi
- make
- if [ ! "$?" = "0" ]; then
- exit 84562
- fi
- make install
- cp /usr/local/lib/libtoxcore* /usr/lib/
-
- if [ ! -f /usr/local/bin/tox-bootstrapd ]; then
- echo $"File not found /usr/local/bin/tox-bootstrapd"
- exit 73862
- fi
-
- useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
- chmod 700 /var/lib/tox-bootstrapd
- if [ ! -f $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf ]; then
- echo $"File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf"
- exit 476835
- fi
- # remove Maildir
- if [ -d /var/lib/tox-bootstrapd/Maildir ]; then
- rm -rf /var/lib/tox-bootstrapd/Maildir
- fi
-
- # create configuration file
- echo "port = $TOX_PORT" > /etc/tox-bootstrapd.conf
- echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> /etc/tox-bootstrapd.conf
- echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> /etc/tox-bootstrapd.conf
- echo 'enable_ipv6 = true' >> /etc/tox-bootstrapd.conf
- echo 'enable_ipv4_fallback = true' >> /etc/tox-bootstrapd.conf
- echo 'enable_lan_discovery = true' >> /etc/tox-bootstrapd.conf
- echo 'enable_tcp_relay = true' >> /etc/tox-bootstrapd.conf
- echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> /etc/tox-bootstrapd.conf
- echo 'enable_motd = true' >> /etc/tox-bootstrapd.conf
- echo 'motd = "tox-bootstrapd"' >> /etc/tox-bootstrapd.conf
-
- if [ $TOX_NODES ]; then
- echo 'bootstrap_nodes = (' >> /etc/tox-bootstrapd.conf
- toxcount=0
- while [ "x${TOX_NODES[toxcount]}" != "x" ]
- do
- toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
- toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
- toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
- toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
- toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
- echo "{ // $toxval_maintainer" >> /etc/tox-bootstrapd.conf
- if [[ $toxval_ipv6 != 'NONE' ]]; then
- echo " address = \"$toxval_ipv6\"" >> /etc/tox-bootstrapd.conf
- else
- echo " address = \"$toxval_ipv4\"" >> /etc/tox-bootstrapd.conf
- fi
- echo " port = $toxval_port" >> /etc/tox-bootstrapd.conf
- echo " public_key = \"$toxval_pubkey\"" >> /etc/tox-bootstrapd.conf
- toxcount=$(( $toxcount + 1 ))
- if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
- echo "}," >> /etc/tox-bootstrapd.conf
- else
- echo "}" >> /etc/tox-bootstrapd.conf
- fi
- done
- echo ')' >> /etc/tox-bootstrapd.conf
- fi
-
- if [ ! -f $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service ]; then
- echo $"File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service"
- exit 7359
- fi
- cp $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/
-
- enable_ipv6
-
- systemctl daemon-reload
- systemctl enable tox-bootstrapd.service
- systemctl start tox-bootstrapd.service
- if [ ! "$?" = "0" ]; then
- systemctl status tox-bootstrapd.service
- exit 5846
- fi
+ ${PROJECT_NAME}-mesh-install -f tox_node
TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT})
@@ -7353,23 +6871,9 @@ function install_tox_client {
return
fi
- apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev libcurl4-openssl-dev
+ ${PROJECT_NAME}-mesh-install tox_client
- cd $INSTALL_DIR
- git_clone $TOXIC_REPO $INSTALL_DIR/toxic
- cd $INSTALL_DIR/toxic
- git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT
- if ! grep -q "Toxic commit" $COMPLETION_FILE; then
- echo "Toxic commit:$TOXIC_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/Toxic commit.*/Toxic commit:$TOXIC_COMMIT/g" $COMPLETION_FILE
- fi
-
- make
- if [ ! -f $INSTALL_DIR/toxic/build/toxic ]; then
- exit 74872
- fi
- make install
+ # initial setup of username
su -c "echo 'n
/nick $MY_USERNAME
/exit
@@ -8087,526 +7591,526 @@ function install_wiki {
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
- if [[ $ONION_ONLY == "no" ]]; then
- if [ ! -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam ]; then
- if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
- ${PROJECT_NAME}-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH
- else
- ${PROJECT_NAME}-addcert -e $WIKI_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
- fi
- check_certificates $WIKI_DOMAIN_NAME
- fi
- fi
+ if [[ $ONION_ONLY == "no" ]]; then
+ if [ ! -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam ]; then
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
+ ${PROJECT_NAME}-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH
+ else
+ ${PROJECT_NAME}-addcert -e $WIKI_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
+ fi
+ check_certificates $WIKI_DOMAIN_NAME
+ fi
+ fi
- configure_php
+ configure_php
- nginx_ensite $WIKI_DOMAIN_NAME
+ nginx_ensite $WIKI_DOMAIN_NAME
- systemctl restart php5-fpm
- systemctl restart nginx
+ systemctl restart php5-fpm
+ systemctl restart nginx
- echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE
- # update the dynamic DNS
- CURRENT_DDNS_DOMAIN=$WIKI_DOMAIN_NAME
- add_ddns_domain
+ # update the dynamic DNS
+ CURRENT_DDNS_DOMAIN=$WIKI_DOMAIN_NAME
+ add_ddns_domain
- # add some post-install instructions
- if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'Wiki' >> /home/$MY_USERNAME/README
- echo '====' >> /home/$MY_USERNAME/README
- echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
- echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
- echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ # add some post-install instructions
+ if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'Wiki' >> /home/$MY_USERNAME/README
+ echo '====' >> /home/$MY_USERNAME/README
+ echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+ echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README
+ echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE
- echo 'install_wiki' >> $COMPLETION_FILE
- }
+ echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE
+ echo 'install_wiki' >> $COMPLETION_FILE
+}
- function get_blog_admin_password {
- if [ -f /home/$MY_USERNAME/README ]; then
- if grep -q "Your blog password is" /home/$MY_USERNAME/README; then
- FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
- fi
- fi
- }
+function get_blog_admin_password {
+ if [ -f /home/$MY_USERNAME/README ]; then
+ if grep -q "Your blog password is" /home/$MY_USERNAME/README; then
+ FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
+ fi
+ fi
+}
- function install_blog {
- if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! $FULLBLOG_DOMAIN_NAME ]; then
- echo $'The blog domain name was not specified'
- exit 5062
- fi
+function install_blog {
+ if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! $FULLBLOG_DOMAIN_NAME ]; then
+ echo $'The blog domain name was not specified'
+ exit 5062
+ fi
- # update to the next commit
- set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO
+ # update to the next commit
+ set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO
- if grep -Fxq "install_blog" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_blog" $COMPLETION_FILE; then
+ return
+ fi
- if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then
- mkdir /var/www/$FULLBLOG_DOMAIN_NAME
- fi
+ if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then
+ mkdir /var/www/$FULLBLOG_DOMAIN_NAME
+ fi
- cd /var/www/$FULLBLOG_DOMAIN_NAME
- git_clone $FULLBLOG_REPO htdocs
- cd htdocs
- git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT
- if ! grep -q "Blog commit" $COMPLETION_FILE; then
- echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE
- else
- sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE
- fi
- cd /var/www/$FULLBLOG_DOMAIN_NAME
+ cd /var/www/$FULLBLOG_DOMAIN_NAME
+ git_clone $FULLBLOG_REPO htdocs
+ cd htdocs
+ git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT
+ if ! grep -q "Blog commit" $COMPLETION_FILE; then
+ echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE
+ else
+ sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE
+ fi
+ cd /var/www/$FULLBLOG_DOMAIN_NAME
- chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
+ chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
- if [[ $ONION_ONLY == "no" ]]; then
- echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' listen 80;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- nginx_limits $FULLBLOG_DOMAIN_NAME
- nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
- echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- nginx_limits $FULLBLOG_DOMAIN_NAME
- nginx_ssl $FULLBLOG_DOMAIN_NAME
- nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
- echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- else
- echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- fi
- echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- nginx_limits $FULLBLOG_DOMAIN_NAME
- nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
- echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ if [[ $ONION_ONLY == "no" ]]; then
+ echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' listen 80;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ nginx_limits $FULLBLOG_DOMAIN_NAME
+ nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
+ echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ nginx_limits $FULLBLOG_DOMAIN_NAME
+ nginx_ssl $FULLBLOG_DOMAIN_NAME
+ nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
+ echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ else
+ echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ fi
+ echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ nginx_limits $FULLBLOG_DOMAIN_NAME
+ nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
+ echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+ echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
- if [[ $ONION_ONLY == "no" ]]; then
- if [ ! -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam ]; then
- if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
- ${PROJECT_NAME}-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
- else
- ${PROJECT_NAME}-addcert -e $FULLBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
- fi
- check_certificates $FULLBLOG_DOMAIN_NAME
- fi
- fi
+ if [[ $ONION_ONLY == "no" ]]; then
+ if [ ! -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam ]; then
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
+ ${PROJECT_NAME}-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
+ else
+ ${PROJECT_NAME}-addcert -e $FULLBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
+ fi
+ check_certificates $FULLBLOG_DOMAIN_NAME
+ fi
+ fi
- configure_php
+ configure_php
- # blog settings
- cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ # blog settings
+ cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
+ sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini
- # create a user password
- get_blog_admin_password
- if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- FULLBLOG_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
- fi
- echo '' >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- echo $'HTMLy Blog' >> /home/$MY_USERNAME/README
- echo '==========' >> /home/$MY_USERNAME/README
- echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README
- echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
- if [[ $ONION_ONLY == 'no' ]]; then
- echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README
- fi
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
+ # create a user password
+ get_blog_admin_password
+ if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ FULLBLOG_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
+ fi
+ echo '' >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ echo $'HTMLy Blog' >> /home/$MY_USERNAME/README
+ echo '==========' >> /home/$MY_USERNAME/README
+ echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README
+ echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README
+ if [[ $ONION_ONLY == 'no' ]]; then
+ echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README
+ fi
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
- # create a user
- echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
- echo "password = '$FULLBLOG_ADMIN_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
- echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
- echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
- echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+ # create a user
+ echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+ echo "password = '$FULLBLOG_ADMIN_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+ echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+ echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+ echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
- nginx_ensite $FULLBLOG_DOMAIN_NAME
+ nginx_ensite $FULLBLOG_DOMAIN_NAME
- FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT})
+ FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT})
- systemctl restart php5-fpm
- systemctl restart nginx
+ systemctl restart php5-fpm
+ systemctl restart nginx
- if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then
- echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
- echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README
- echo '' >> /home/$MY_USERNAME/README
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
- chmod 600 /home/$MY_USERNAME/README
- fi
- echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then
+ echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
+ echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README
+ echo '' >> /home/$MY_USERNAME/README
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
+ chmod 600 /home/$MY_USERNAME/README
+ fi
+ echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
- # update the dynamic DNS
- CURRENT_DDNS_DOMAIN=$FULLBLOG_DOMAIN_NAME
- add_ddns_domain
+ # update the dynamic DNS
+ CURRENT_DDNS_DOMAIN=$FULLBLOG_DOMAIN_NAME
+ add_ddns_domain
- echo 'install_blog' >> $COMPLETION_FILE
- }
+ echo 'install_blog' >> $COMPLETION_FILE
+}
- function install_rss_reader {
- if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
+function install_rss_reader {
+ if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
- # update to the next commit
- set_repo_commit $RSS_READER_PATH "RSS reader commit" "$RSS_READER_COMMIT" $RSS_READER_REPO
+ # update to the next commit
+ set_repo_commit $RSS_READER_PATH "RSS reader commit" "$RSS_READER_COMMIT" $RSS_READER_REPO
- if grep -Fxq "install_rss_reader" $COMPLETION_FILE; then
- return
- fi
+ if grep -Fxq "install_rss_reader" $COMPLETION_FILE; then
+ return
+ fi
- apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
+ apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
- if [ ! -d /etc/share ]; then
- mkdir /etc/share
- fi
- cd /etc/share
- git_clone $RSS_READER_REPO tt-rss
- if [ ! -d $RSS_READER_PATH ]; then
- echo $'Could not clone RSS reader repo'
- exit 52925
- fi
- cd $RSS_READER_PATH
- git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
- if ! grep -q "RSS reader commit" $COMPLETION_FILE; then
- echo "RSS reader commit:$RSS_READER_COMMIT" >> $COMPLETION_FILE
- fi
+ if [ ! -d /etc/share ]; then
+ mkdir /etc/share
+ fi
+ cd /etc/share
+ git_clone $RSS_READER_REPO tt-rss
+ if [ ! -d $RSS_READER_PATH ]; then
+ echo $'Could not clone RSS reader repo'
+ exit 52925
+ fi
+ cd $RSS_READER_PATH
+ git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
+ if ! grep -q "RSS reader commit" $COMPLETION_FILE; then
+ echo "RSS reader commit:$RSS_READER_COMMIT" >> $COMPLETION_FILE
+ fi
- install_mariadb
- get_mariadb_password
- repair_databases_script
+ install_mariadb
+ get_mariadb_password
+ repair_databases_script
- get_mariadb_rss_reader_admin_password
- if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
- if [ -f $IMAGE_PASSWORD_FILE ]; then
- RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
- else
- RSS_READER_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
- fi
- fi
+ get_mariadb_rss_reader_admin_password
+ if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
+ if [ -f $IMAGE_PASSWORD_FILE ]; then
+ RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+ else
+ RSS_READER_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
+ fi
+ fi
- create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME
+ create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME
- RSS_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_READER_ONION_PORT})
+ RSS_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_READER_ONION_PORT})
- echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo " listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo " server_name $RSS_READER_DOMAIN_NAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' # Logs' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' # Root' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo " root $RSS_READER_PATH;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' # Index' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' index index.html index.htm index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' # PHP' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' # Location' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' location /mobile {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' index index.htm;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
- echo ' # Fancy URLs' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo " listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo " server_name $RSS_READER_DOMAIN_NAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' # Logs' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' # Root' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo " root $RSS_READER_PATH;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' # Index' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' index index.html index.htm index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' # PHP' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' # Location' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' location /mobile {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' index index.htm;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+ echo ' # Fancy URLs' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
@@ -10085,21 +9589,25 @@ function intrusion_detection {
# Don't report log changes
sed -i 's|/var/log.*||g' /etc/tripwire/twpol.txt
# Ignore /etc/tripwire
- if ! grep -q "!/etc/tripwire" /etc/tripwire/twpol.txt; then
- sed -i '\|/etc\t\t->.*|a\ !/etc/tripwire;' /etc/tripwire/twpol.txt
+ if ! grep -q '!/etc/tripwire' /etc/tripwire/twpol.txt; then
+ sed -i '\|/etc\t\t->.*|a\ !/etc/tripwire;' /etc/tripwire/twpol.txt
+ fi
+ # ignore tt-rss cache
+ if ! grep -q '!/etc/share/tt-rss/cache' /etc/tripwire/twpol.txt; then
+ sed -i '\|/etc\t\t->.*|a\ !/etc/share/tt-rss/cache' /etc/tripwire/twpol.txt
fi
# Avoid logging the changed database
sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
# recreate the configuration
echo '
-' | twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
+ ' | twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
# reset
echo '
-' | reset-tripwire
+ ' | reset-tripwire
echo 'intrusion_detection' >> $COMPLETION_FILE
}
@@ -10769,7 +10277,7 @@ configure_firewall_for_cjdns
mesh_cjdns
mesh_cjdns_tools
configure_firewall_for_batman
-mesh_batman_bridge
+mesh_batman
configure_firewall_for_babel
mesh_babel
route_outgoing_traffic_through_tor
diff --git a/src/freedombone-client b/src/freedombone-client
index 2a227d3f..efa7f77e 100755
--- a/src/freedombone-client
+++ b/src/freedombone-client
@@ -112,369 +112,266 @@ function configure_ssh_client {
echo ''
}
-function mesh_babel {
- if [ ! -f /tmp/meshtype ]; then
- sudo apt-get -y install babeld
- sudo apt-get -y install irssi mumble
- if [ ! -f /usr/bin/toxic ]; then
- sudo apt-get -y install toxic
- echo "n
-/nick $USER
-/exit
-" | /usr/bin/toxic -d
- fi
-
- CURR_DIR=$(pwd)
- if [ ! -f ~/develop/toxid ]; then
- if [ ! -f ~/develop ]; then
- mkdir ~/develop
- fi
- cd ~/develop
- git clone $TOXID_REPO ~/develop/toxid
- fi
- cd ~/develop/toxid
- sudo make install
- cd $CURR_DIR
- fi
-
- babel_script=/tmp/babel
-
- echo '#!/bin/bash' > $babel_script
- echo '' >> $babel_script
- echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script
- echo ' avahi-browse -atl' >> $babel_script
- echo ' exit 0' >> $babel_script
- echo 'fi' >> $babel_script
- echo '' >> $babel_script
- echo 'if [[ $1 == "start" ]]; then' >> $babel_script
- echo ' if [ -f /tmp/meshtype ] ; then' >> $babel_script
- echo ' echo "Mesh already running"' >> $babel_script
- echo ' return' >> $babel_script
- echo ' fi' >> $batman_script
- echo ' # install avahi' >> $babel_script
- echo ' apt-get -y install avahi-utils avahi-autoipd avahi-daemon avahi-dnsconfd bittornado' >> $babel_script
- echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
- echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
- echo ' if [ -f /bin/systemctl ]; then' >> $babel_script
- echo ' systemctl restart avahi-daemon' >> $babel_script
- echo ' else' >> $babel_script
- echo ' service avahi-daemon restart' >> $babel_script
- echo ' fi' >> $babel_script
- echo ' echo "babel" > /tmp/meshtype' >> $babel_script
- echo 'fi' >> $babel_script
- echo '' >> $babel_script
- echo "IFACE=$WIFI_INTERFACE" >> $babel_script
- echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
- echo ' if grep -q "wlan1" /proc/net/dev; then' >> $babel_script
- echo ' IFACE=wlan1' >> $babel_script
- echo ' fi' >> $babel_script
- echo 'fi' >> $babel_script
- echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
- echo ' if grep -q "wlan2" /proc/net/dev; then' >> $babel_script
- echo ' IFACE=wlan2' >> $babel_script
- echo ' fi' >> $babel_script
- echo 'fi' >> $babel_script
- echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
- echo ' if grep -q "wlan3" /proc/net/dev; then' >> $babel_script
- echo ' IFACE=wlan3' >> $babel_script
- echo ' fi' >> $babel_script
- echo 'fi' >> $babel_script
- echo '' >> $babel_script
- echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script
- echo ' if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script
- echo ' echo "Interface $IFACE was not found"' >> $babel_script
- echo ' else' >> $babel_script
- echo ' echo "Stopping"' >> $babel_script
- echo ' fi' >> $babel_script
- echo ' ifconfig $IFACE down' >> $babel_script
- echo ' pkill babeld' >> $babel_script
- echo ' if [ -f /bin/systemctl ]; then' >> $babel_script
- echo ' systemctl restart network-manager' >> $babel_script
- echo ' else' >> $babel_script
- echo ' service network-manager restart' >> $babel_script
- echo ' fi' >> $babel_script
- echo ' exit 1' >> $babel_script
- echo 'fi' >> $babel_script
- echo '' >> $babel_script
- echo 'if [ -f /bin/systemctl ]; then' >> $babel_script
- echo ' systemctl stop network-manager' >> $babel_script
- echo 'else' >> $babel_script
- echo ' service network-manager stop' >> $babel_script
- echo 'fi' >> $babel_script
- echo 'ifconfig $IFACE down' >> $babel_script
- echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script
- echo "$WIFI_CHANNEL essid \"$ESSID\"" >> $babel_script
- echo 'ifconfig $IFACE up' >> $babel_script
- echo -n 'ifconfig $IFACE:avahi ' >> $babel_script
- echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script
- echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script
- echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script
- echo -n "$BABEL_PORT -d 5 " >> $babel_script
- echo '$IFACE' >> $babel_script
- echo 'exit 0' >> $babel_script
- chmod +x $babel_script
- sudo mv $babel_script /usr/bin/babel
-}
function mesh_batman {
- if [ ! -f /tmp/meshtype ]; then
- sudo apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
- sudo apt-get -y install python-dev libevent-dev ebtables python-pip
- sudo apt-get -y install wireless-tools rfkill
- sudo apt-get -y install irssi mumble
- if [ ! -f /usr/bin/toxic ]; then
- sudo apt-get -y install toxic
- echo "n
+ if [ ! -f /tmp/meshtype ]; then
+ sudo apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
+ sudo apt-get -y install python-dev libevent-dev ebtables python-pip
+ sudo apt-get -y install wireless-tools rfkill
+ sudo apt-get -y install irssi mumble
+ if [ ! -f /usr/bin/toxic ]; then
+ sudo apt-get -y install toxic
+ echo "n
/nick $USER
/exit
" | /usr/bin/toxic -d
- fi
- fi
+ fi
+ fi
- batman_script=/tmp/batman
+ BATMAN_SCRIPT=/tmp/batman
- echo '#!/bin/bash' > $batman_script
- echo '' >> $batman_script
- echo 'if [[ $1 == "start" ]]; then' >> $batman_script
- echo ' # install avahi' >> $batman_script
- echo ' apt-get -y install avahi-utils avahi-autoipd avahi-daemon avahi-dnsconfd bittornado' >> $batman_script
- echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
- echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
- echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
- echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
- echo ' sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" /etc/avahi/avahi-daemon.conf' >> $batman_script
- echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $batman_script
- echo ' if [ -f /bin/systemctl ]; then' >> $batman_script
- echo ' systemctl restart avahi-daemon' >> $batman_script
- echo ' else' >> $batman_script
- echo ' service avahi-daemon restart' >> $batman_script
- echo ' fi' >> $batman_script
- echo 'fi' >> $batman_script
- echo '' >> $batman_script
- echo '# Mesh definition' >> $batman_script
- echo "ESSID=$ESSID" >> $batman_script
- echo "CELLID=$BATMAN_CELLID" >> $batman_script
- echo "CHANNEL=$WIFI_CHANNEL" >> $batman_script
- echo '' >> $batman_script
- echo '# Ethernet bridge definition (bridged to bat0)' >> $batman_script
- echo 'BRIDGE=br-mesh' >> $batman_script
- echo "IFACE=$WIFI_INTERFACE" >> $batman_script
- echo 'EIFACE=eth0' >> $batman_script
- echo '' >> $batman_script
- echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script
- echo ' if grep -q "wlan1" /proc/net/dev; then' >> $batman_script
- echo ' IFACE=wlan1' >> $batman_script
- echo ' fi' >> $batman_script
- echo 'fi' >> $batman_script
- echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script
- echo ' if grep -q "wlan2" /proc/net/dev; then' >> $batman_script
- echo ' IFACE=wlan2' >> $batman_script
- echo ' fi' >> $batman_script
- echo 'fi' >> $batman_script
- echo 'if [[ $IFACE == "wlan0" ]]; then' >> $batman_script
- echo ' if grep -q "wlan3" /proc/net/dev; then' >> $batman_script
- echo ' IFACE=wlan3' >> $batman_script
- echo ' fi' >> $batman_script
- echo 'fi' >> $batman_script
- echo '' >> $batman_script
- echo 'if [ -e /etc/default/batctl ]; then' >> $batman_script
- echo ' . /etc/default/batctl' >> $batman_script
- echo 'fi' >> $batman_script
- echo '' >> $batman_script
- echo 'start() {' >> $batman_script
- echo ' if [ -f /tmp/meshtype ] ; then' >> $batman_script
- echo ' echo "Mesh already running"' >> $batman_script
- echo ' return' >> $batman_script
- echo ' fi' >> $batman_script
- echo ' if [ -z "$IFACE" ] ; then' >> $batman_script
- echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $batman_script
- echo ' return' >> $batman_script
- echo ' fi' >> $batman_script
- echo ' echo "info: enabling batman-adv mesh network $ESSID on $IFACE"' >> $batman_script
+ echo '#!/bin/bash' > $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'if [[ $1 == "start" ]]; then' >> $BATMAN_SCRIPT
+ echo ' # install avahi' >> $BATMAN_SCRIPT
+ echo ' apt-get -y install avahi-utils avahi-autoipd avahi-daemon avahi-dnsconfd bittornado' >> $BATMAN_SCRIPT
+ echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $BATMAN_SCRIPT
+ echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $BATMAN_SCRIPT
+ echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $BATMAN_SCRIPT
+ echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $BATMAN_SCRIPT
+ echo ' sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" /etc/avahi/avahi-daemon.conf' >> $BATMAN_SCRIPT
+ echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $BATMAN_SCRIPT
+ echo ' if [ -f /bin/systemctl ]; then' >> $BATMAN_SCRIPT
+ echo ' systemctl restart avahi-daemon' >> $BATMAN_SCRIPT
+ echo ' else' >> $BATMAN_SCRIPT
+ echo ' service avahi-daemon restart' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo 'fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo '# Mesh definition' >> $BATMAN_SCRIPT
+ echo "ESSID=$ESSID" >> $BATMAN_SCRIPT
+ echo "CELLID=$BATMAN_CELLID" >> $BATMAN_SCRIPT
+ echo "CHANNEL=$WIFI_CHANNEL" >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo '# Ethernet bridge definition (bridged to bat0)' >> $BATMAN_SCRIPT
+ echo 'BRIDGE=br-mesh' >> $BATMAN_SCRIPT
+ echo "IFACE=$WIFI_INTERFACE" >> $BATMAN_SCRIPT
+ echo 'EIFACE=eth0' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'if [[ $IFACE == "wlan0" ]]; then' >> $BATMAN_SCRIPT
+ echo ' if grep -q "wlan1" /proc/net/dev; then' >> $BATMAN_SCRIPT
+ echo ' IFACE=wlan1' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo 'fi' >> $BATMAN_SCRIPT
+ echo 'if [[ $IFACE == "wlan0" ]]; then' >> $BATMAN_SCRIPT
+ echo ' if grep -q "wlan2" /proc/net/dev; then' >> $BATMAN_SCRIPT
+ echo ' IFACE=wlan2' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo 'fi' >> $BATMAN_SCRIPT
+ echo 'if [[ $IFACE == "wlan0" ]]; then' >> $BATMAN_SCRIPT
+ echo ' if grep -q "wlan3" /proc/net/dev; then' >> $BATMAN_SCRIPT
+ echo ' IFACE=wlan3' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo 'fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'if [ -e /etc/default/batctl ]; then' >> $BATMAN_SCRIPT
+ echo ' . /etc/default/batctl' >> $BATMAN_SCRIPT
+ echo 'fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'start() {' >> $BATMAN_SCRIPT
+ echo ' if [ -f /tmp/meshtype ] ; then' >> $BATMAN_SCRIPT
+ echo ' echo "Mesh already running"' >> $BATMAN_SCRIPT
+ echo ' return' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' if [ -z "$IFACE" ] ; then' >> $BATMAN_SCRIPT
+ echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $BATMAN_SCRIPT
+ echo ' return' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' echo "info: enabling batman-adv mesh network $ESSID on $IFACE"' >> $BATMAN_SCRIPT
- echo ' if [ -f /bin/systemctl ]; then' >> $batman_script
- echo ' systemctl stop network-manager' >> $batman_script
- echo ' else' >> $batman_script
- echo ' service network-manager stop' >> $batman_script
- echo ' fi' >> $batman_script
- echo ' sleep 5' >> $batman_script
- echo '' >> $batman_script
- echo " # remove an avahi service which isn't used" >> $batman_script
- echo ' if [ -f /etc/avahi/services/udisks.service ]; then' >> $batman_script
- echo ' sudo rm /etc/avahi/services/udisks.service' >> $batman_script
- echo ' fi' >> $batman_script
- echo '' >> $batman_script
- echo ' # Might have to re-enable wifi' >> $batman_script
- echo ' rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true' >> $batman_script
- echo '' >> $batman_script
- echo ' ifconfig $IFACE down' >> $batman_script
- echo ' ifconfig $IFACE mtu 1532' >> $batman_script
- echo ' iwconfig $IFACE enc off' >> $batman_script
- echo ' iwconfig $IFACE mode ad-hoc essid $ESSID channel $CHANNEL' >> $batman_script
- echo ' sleep 1' >> $batman_script
- echo ' iwconfig $IFACE ap $CELLID' >> $batman_script
- echo '' >> $batman_script
- echo ' modprobe batman-adv' >> $batman_script
- echo ' batctl if add $IFACE' >> $batman_script
- echo ' ifconfig $IFACE up' >> $batman_script
- echo ' avahi-autoipd --force-bind --daemonize --wait $BRIDGE' >> $batman_script
- echo ' avahi-autoipd --force-bind --daemonize --wait $IFACE' >> $batman_script
- echo ' ifconfig bat0 up promisc' >> $batman_script
- echo '' >> $batman_script
- echo ' #Use persistent HWAddr' >> $batman_script
- echo ' ether_new=$(ifconfig eth0 | grep HWaddr | sed -e "s/.*HWaddr //")' >> $batman_script
- echo ' if [ ! -f /var/lib/mesh-node/bat0 ]; then' >> $batman_script
- echo ' mkdir /var/lib/mesh-node' >> $batman_script
- echo ' echo "${ether_new}" > /var/lib/mesh-node/bat0' >> $batman_script
- echo ' else' >> $batman_script
- echo ' ether=$(cat /var/lib/mesh-node/bat0)' >> $batman_script
- echo ' ifconfig bat0 hw ether ${ether}' >> $batman_script
- echo ' fi' >> $batman_script
- echo '' >> $batman_script
- echo ' if [ "$EIFACE" ] ; then' >> $batman_script
- echo ' brctl addbr $BRIDGE' >> $batman_script
- echo ' brctl addif $BRIDGE bat0' >> $batman_script
- echo ' brctl addif $BRIDGE $EIFACE' >> $batman_script
- echo ' ifconfig bat0 0.0.0.0' >> $batman_script
- echo ' ifconfig $EIFACE 0.0.0.0' >> $batman_script
- echo ' ifconfig $EIFACE up promisc' >> $batman_script
- echo ' ifconfig $BRIDGE up' >> $batman_script
- echo ' fi' >> $batman_script
- echo '' >> $batman_script
- echo ' iptables -A INPUT -p tcp --dport 548 -j ACCEPT' >> $batman_script
- echo ' iptables -A INPUT -p udp --dport 548 -j ACCEPT' >> $batman_script
- echo ' iptables -A INPUT -p tcp --dport 5353 -j ACCEPT' >> $batman_script
- echo ' iptables -A INPUT -p udp --dport 5353 -j ACCEPT' >> $batman_script
- echo ' iptables -A INPUT -p tcp --dport 5354 -j ACCEPT' >> $batman_script
- echo ' iptables -A INPUT -p udp --dport 5354 -j ACCEPT' >> $batman_script
- echo " iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
- echo " iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
- echo " iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $batman_script
- echo " iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $batman_script
- echo " iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $batman_script
- echo " iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $batman_script
- echo " iptables -A INPUT -p tcp --dport 80 -j ACCEPT" >> $batman_script
- echo " iptables -A INPUT -p udp -m udp -j ACCEPT" >> $batman_script
- echo '' >> $batman_script
- echo ' if [ -f /bin/systemctl ]; then' >> $batman_script
- echo ' systemctl restart avahi-daemon' >> $batman_script
- echo ' else' >> $batman_script
- echo ' service avahi-daemon restart' >> $batman_script
- echo ' fi' >> $batman_script
- echo ' echo "batman" > /tmp/meshtype' >> $batman_script
- echo '}' >> $batman_script
- echo '' >> $batman_script
- echo 'stop() {' >> $batman_script
- echo ' if [ -z "$IFACE" ]; then' >> $batman_script
- echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $batman_script
- echo ' return' >> $batman_script
- echo ' fi' >> $batman_script
- echo ' if [ "$EIFACE" ]; then' >> $batman_script
- echo ' brctl delif $BRIDGE bat0' >> $batman_script
- echo ' brctl delif $BRIDGE $EIFACE' >> $batman_script
- echo ' ifconfig $BRIDGE down || true' >> $batman_script
- echo ' brctl delbr $BRIDGE' >> $batman_script
- echo ' ifconfig $EIFACE down -promisc' >> $batman_script
- echo ' fi' >> $batman_script
- echo '' >> $batman_script
- echo ' avahi-autoipd -k $BRIDGE' >> $batman_script
- echo ' avahi-autoipd -k $IFACE' >> $batman_script
- echo ' ifconfig bat0 down -promisc' >> $batman_script
- echo '' >> $batman_script
- echo ' batctl if del $IFACE' >> $batman_script
- echo ' rmmod batman-adv' >> $batman_script
- echo ' ifconfig $IFACE mtu 1500' >> $batman_script
- echo ' ifconfig $IFACE down' >> $batman_script
- echo ' iwconfig $IFACE mode managed' >> $batman_script
- echo '' >> $batman_script
- echo ' iptables -D INPUT -p tcp --dport 548 -j ACCEPT' >> $batman_script
- echo ' iptables -D INPUT -p udp --dport 548 -j ACCEPT' >> $batman_script
- echo ' iptables -D INPUT -p tcp --dport 5353 -j ACCEPT' >> $batman_script
- echo ' iptables -D INPUT -p udp --dport 5353 -j ACCEPT' >> $batman_script
- echo ' iptables -D INPUT -p tcp --dport 5354 -j ACCEPT' >> $batman_script
- echo ' iptables -D INPUT -p udp --dport 5354 -j ACCEPT' >> $batman_script
- echo " iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
- echo " iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
- echo " iptables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $batman_script
- echo " iptables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $batman_script
- echo " iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $batman_script
- echo " iptables -D INPUT -p udp --dport 1900 -j ACCEPT" >> $batman_script
- echo " iptables -D INPUT -p tcp --dport 80 -j ACCEPT" >> $batman_script
- echo " iptables -D INPUT -p udp -m udp -j ACCEPT" >> $batman_script
- echo '' >> $batman_script
- echo ' if [ -f /bin/systemctl ]; then' >> $batman_script
- echo ' systemctl restart network-manager' >> $batman_script
- echo ' else' >> $batman_script
- echo ' service network-manager restart' >> $batman_script
- echo ' fi' >> $batman_script
- echo ' ' >> $batman_script
- echo ' # restore tox bootstrap nodes for the internet' >> $batman_script
- echo ' if [ -f /usr/share/toxic/DHTnodes.internet ]; then' >> $batman_script
- echo ' mv /usr/share/toxic/DHTnodes.internet /usr/share/toxic/DHTnodes' >> $batman_script
- echo ' fi' >> $batman_script
- echo ' if [ -f /usr/local/share/toxic/DHTnodes.internet ]; then' >> $batman_script
- echo ' mv /usr/local/share/toxic/DHTnodes.internet /usr/local/share/toxic/DHTnodes' >> $batman_script
- echo ' fi' >> $batman_script
- echo '' >> $batman_script
- echo ' if [ -f /bin/systemctl ]; then' >> $batman_script
- echo ' systemctl stop avahi-daemon' >> $batman_script
- echo ' else' >> $batman_script
- echo ' service avahi-daemon stop' >> $batman_script
- echo ' fi' >> $batman_script
- echo '' >> $batman_script
- echo ' sudo rm -f /tmp/meshtype' >> $batman_script
- echo '' >> $batman_script
- echo ' # kill processes' >> $batman_script
- echo ' zeronet_proc=$(ps aux | grep zeronet | grep -v grep | awk -F " " "{print $2}" | head -n1)' >> $batman_script
- echo ' if [ "$zeronet_proc" ]; then' >> $batman_script
- echo ' kill -9 $zeronet_proc 2> /dev/null' >> $batman_script
- echo ' fi' >> $batman_script
- echo ' tracker_proc=$(ps aux | grep bttrack | grep -v grep | awk -F " " "{print $2}" | head -n1)' >> $batman_script
- echo ' if [ "$tracker_proc" ]; then' >> $batman_script
- echo ' kill -9 $tracker_proc 2> /dev/null' >> $batman_script
- echo ' fi' >> $batman_script
- echo ' if [ ! -f /etc/systemd/system/ipfs.service ]; then' >> $batman_script
- echo ' ipfs_proc=$(ps aux | grep ipfs | grep -v grep | awk -F " " "{print $2}" | head -n1)' >> $batman_script
- echo ' if [ "$ipfs_proc" ]; then' >> $batman_script
- echo ' kill -9 $ipfs_proc 2> /dev/null' >> $batman_script
- echo ' fi' >> $batman_script
- echo ' fi' >> $batman_script
- echo '}' >> $batman_script
- echo '' >> $batman_script
- echo 'if ! grep -q "$IFACE" /proc/net/dev; then' >> $batman_script
- echo ' echo "Interface $IFACE was not found"' >> $batman_script
- echo ' stop' >> $batman_script
- echo ' exit 1' >> $batman_script
- echo 'fi' >> $batman_script
- echo '' >> $batman_script
- echo 'case "$1" in' >> $batman_script
- echo ' start|stop)' >> $batman_script
- echo ' $1' >> $batman_script
- echo ' ;;' >> $batman_script
- echo ' restart)' >> $batman_script
- echo ' stop' >> $batman_script
- echo ' sleep 10' >> $batman_script
- echo ' start' >> $batman_script
- echo ' ;;' >> $batman_script
- echo ' status)' >> $batman_script
- echo ' batctl o' >> $batman_script
- echo ' ;;' >> $batman_script
- echo ' ping)' >> $batman_script
- echo ' batctl ping $2' >> $batman_script
- echo ' ;;' >> $batman_script
- echo ' ls|list)' >> $batman_script
- echo ' avahi-browse -atl' >> $batman_script
- echo ' ;;' >> $batman_script
- echo ' *)' >> $batman_script
- echo ' echo "error: invalid parameter $1"' >> $batman_script
- echo ' echo "usage: $0 {start|stop|restart|status|ping|ls|list}"' >> $batman_script
- echo ' exit 2' >> $batman_script
- echo ' ;;' >> $batman_script
- echo 'esac' >> $batman_script
- echo 'exit 0' >> $batman_script
- chmod +x $batman_script
- sudo cp -f $batman_script /usr/bin/batman
- rm $batman_script
+ echo ' if [ -f /bin/systemctl ]; then' >> $BATMAN_SCRIPT
+ echo ' systemctl stop network-manager' >> $BATMAN_SCRIPT
+ echo ' else' >> $BATMAN_SCRIPT
+ echo ' service network-manager stop' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' sleep 5' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo " # remove an avahi service which isn't used" >> $BATMAN_SCRIPT
+ echo ' if [ -f /etc/avahi/services/udisks.service ]; then' >> $BATMAN_SCRIPT
+ echo ' sudo rm /etc/avahi/services/udisks.service' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' # Might have to re-enable wifi' >> $BATMAN_SCRIPT
+ echo ' rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' ifconfig $IFACE down' >> $BATMAN_SCRIPT
+ echo ' ifconfig $IFACE mtu 1532' >> $BATMAN_SCRIPT
+ echo ' iwconfig $IFACE enc off' >> $BATMAN_SCRIPT
+ echo ' iwconfig $IFACE mode ad-hoc essid $ESSID channel $CHANNEL' >> $BATMAN_SCRIPT
+ echo ' sleep 1' >> $BATMAN_SCRIPT
+ echo ' iwconfig $IFACE ap $CELLID' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' modprobe batman-adv' >> $BATMAN_SCRIPT
+ echo ' batctl if add $IFACE' >> $BATMAN_SCRIPT
+ echo ' ifconfig $IFACE up' >> $BATMAN_SCRIPT
+ echo ' avahi-autoipd --force-bind --daemonize --wait $BRIDGE' >> $BATMAN_SCRIPT
+ echo ' avahi-autoipd --force-bind --daemonize --wait $IFACE' >> $BATMAN_SCRIPT
+ echo ' ifconfig bat0 up promisc' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' #Use persistent HWAddr' >> $BATMAN_SCRIPT
+ echo ' ether_new=$(ifconfig eth0 | grep HWaddr | sed -e "s/.*HWaddr //")' >> $BATMAN_SCRIPT
+ echo ' if [ ! -f /var/lib/mesh-node/bat0 ]; then' >> $BATMAN_SCRIPT
+ echo ' mkdir /var/lib/mesh-node' >> $BATMAN_SCRIPT
+ echo ' echo "${ether_new}" > /var/lib/mesh-node/bat0' >> $BATMAN_SCRIPT
+ echo ' else' >> $BATMAN_SCRIPT
+ echo ' ether=$(cat /var/lib/mesh-node/bat0)' >> $BATMAN_SCRIPT
+ echo ' ifconfig bat0 hw ether ${ether}' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' if [ "$EIFACE" ] ; then' >> $BATMAN_SCRIPT
+ echo ' brctl addbr $BRIDGE' >> $BATMAN_SCRIPT
+ echo ' brctl addif $BRIDGE bat0' >> $BATMAN_SCRIPT
+ echo ' brctl addif $BRIDGE $EIFACE' >> $BATMAN_SCRIPT
+ echo ' ifconfig bat0 0.0.0.0' >> $BATMAN_SCRIPT
+ echo ' ifconfig $EIFACE 0.0.0.0' >> $BATMAN_SCRIPT
+ echo ' ifconfig $EIFACE up promisc' >> $BATMAN_SCRIPT
+ echo ' ifconfig $BRIDGE up' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' iptables -A INPUT -p tcp --dport 548 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -A INPUT -p udp --dport 548 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -A INPUT -p tcp --dport 5353 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -A INPUT -p udp --dport 5353 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -A INPUT -p tcp --dport 5354 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -A INPUT -p udp --dport 5354 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p tcp --dport 80 -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p udp -m udp -j ACCEPT" >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' if [ -f /bin/systemctl ]; then' >> $BATMAN_SCRIPT
+ echo ' systemctl restart avahi-daemon' >> $BATMAN_SCRIPT
+ echo ' else' >> $BATMAN_SCRIPT
+ echo ' service avahi-daemon restart' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' echo "batman" > /tmp/meshtype' >> $BATMAN_SCRIPT
+ echo '}' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'stop() {' >> $BATMAN_SCRIPT
+ echo ' if [ -z "$IFACE" ]; then' >> $BATMAN_SCRIPT
+ echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $BATMAN_SCRIPT
+ echo ' return' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' if [ "$EIFACE" ]; then' >> $BATMAN_SCRIPT
+ echo ' brctl delif $BRIDGE bat0' >> $BATMAN_SCRIPT
+ echo ' brctl delif $BRIDGE $EIFACE' >> $BATMAN_SCRIPT
+ echo ' ifconfig $BRIDGE down || true' >> $BATMAN_SCRIPT
+ echo ' brctl delbr $BRIDGE' >> $BATMAN_SCRIPT
+ echo ' ifconfig $EIFACE down -promisc' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' avahi-autoipd -k $BRIDGE' >> $BATMAN_SCRIPT
+ echo ' avahi-autoipd -k $IFACE' >> $BATMAN_SCRIPT
+ echo ' ifconfig bat0 down -promisc' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' batctl if del $IFACE' >> $BATMAN_SCRIPT
+ echo ' rmmod batman-adv' >> $BATMAN_SCRIPT
+ echo ' ifconfig $IFACE mtu 1500' >> $BATMAN_SCRIPT
+ echo ' ifconfig $IFACE down' >> $BATMAN_SCRIPT
+ echo ' iwconfig $IFACE mode managed' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' iptables -D INPUT -p tcp --dport 548 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -D INPUT -p udp --dport 548 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -D INPUT -p tcp --dport 5353 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -D INPUT -p udp --dport 5353 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -D INPUT -p tcp --dport 5354 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -D INPUT -p udp --dport 5354 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p udp --dport 1900 -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p tcp --dport 80 -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p udp -m udp -j ACCEPT" >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' if [ -f /bin/systemctl ]; then' >> $BATMAN_SCRIPT
+ echo ' systemctl restart network-manager' >> $BATMAN_SCRIPT
+ echo ' else' >> $BATMAN_SCRIPT
+ echo ' service network-manager restart' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' ' >> $BATMAN_SCRIPT
+ echo ' # restore tox bootstrap nodes for the internet' >> $BATMAN_SCRIPT
+ echo ' if [ -f /usr/share/toxic/DHTnodes.internet ]; then' >> $BATMAN_SCRIPT
+ echo ' mv /usr/share/toxic/DHTnodes.internet /usr/share/toxic/DHTnodes' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' if [ -f /usr/local/share/toxic/DHTnodes.internet ]; then' >> $BATMAN_SCRIPT
+ echo ' mv /usr/local/share/toxic/DHTnodes.internet /usr/local/share/toxic/DHTnodes' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' if [ -f /bin/systemctl ]; then' >> $BATMAN_SCRIPT
+ echo ' systemctl stop avahi-daemon' >> $BATMAN_SCRIPT
+ echo ' else' >> $BATMAN_SCRIPT
+ echo ' service avahi-daemon stop' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' sudo rm -f /tmp/meshtype' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' # kill processes' >> $BATMAN_SCRIPT
+ echo ' zeronet_proc=$(ps aux | grep zeronet | grep -v grep | awk -F " " "{print $2}" | head -n1)' >> $BATMAN_SCRIPT
+ echo ' if [ "$zeronet_proc" ]; then' >> $BATMAN_SCRIPT
+ echo ' kill -9 $zeronet_proc 2> /dev/null' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' tracker_proc=$(ps aux | grep bttrack | grep -v grep | awk -F " " "{print $2}" | head -n1)' >> $BATMAN_SCRIPT
+ echo ' if [ "$tracker_proc" ]; then' >> $BATMAN_SCRIPT
+ echo ' kill -9 $tracker_proc 2> /dev/null' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' if [ ! -f /etc/systemd/system/ipfs.service ]; then' >> $BATMAN_SCRIPT
+ echo ' ipfs_proc=$(ps aux | grep ipfs | grep -v grep | awk -F " " "{print $2}" | head -n1)' >> $BATMAN_SCRIPT
+ echo ' if [ "$ipfs_proc" ]; then' >> $BATMAN_SCRIPT
+ echo ' kill -9 $ipfs_proc 2> /dev/null' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '}' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'if ! grep -q "$IFACE" /proc/net/dev; then' >> $BATMAN_SCRIPT
+ echo ' echo "Interface $IFACE was not found"' >> $BATMAN_SCRIPT
+ echo ' stop' >> $BATMAN_SCRIPT
+ echo ' exit 1' >> $BATMAN_SCRIPT
+ echo 'fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'case "$1" in' >> $BATMAN_SCRIPT
+ echo ' start|stop)' >> $BATMAN_SCRIPT
+ echo ' $1' >> $BATMAN_SCRIPT
+ echo ' ;;' >> $BATMAN_SCRIPT
+ echo ' restart)' >> $BATMAN_SCRIPT
+ echo ' stop' >> $BATMAN_SCRIPT
+ echo ' sleep 10' >> $BATMAN_SCRIPT
+ echo ' start' >> $BATMAN_SCRIPT
+ echo ' ;;' >> $BATMAN_SCRIPT
+ echo ' status)' >> $BATMAN_SCRIPT
+ echo ' batctl o' >> $BATMAN_SCRIPT
+ echo ' ;;' >> $BATMAN_SCRIPT
+ echo ' ping)' >> $BATMAN_SCRIPT
+ echo ' batctl ping $2' >> $BATMAN_SCRIPT
+ echo ' ;;' >> $BATMAN_SCRIPT
+ echo ' ls|list)' >> $BATMAN_SCRIPT
+ echo ' avahi-browse -atl' >> $BATMAN_SCRIPT
+ echo ' ;;' >> $BATMAN_SCRIPT
+ echo ' *)' >> $BATMAN_SCRIPT
+ echo ' echo "error: invalid parameter $1"' >> $BATMAN_SCRIPT
+ echo ' echo "usage: $0 {start|stop|restart|status|ping|ls|list}"' >> $BATMAN_SCRIPT
+ echo ' exit 2' >> $BATMAN_SCRIPT
+ echo ' ;;' >> $BATMAN_SCRIPT
+ echo 'esac' >> $BATMAN_SCRIPT
+ echo 'exit 0' >> $BATMAN_SCRIPT
+ chmod +x $BATMAN_SCRIPT
+ sudo cp -f $BATMAN_SCRIPT /usr/bin/batman
+ rm $BATMAN_SCRIPT
}
function show_help {
@@ -486,30 +383,30 @@ function show_help {
while [[ $# > 1 ]]
do
-key="$1"
+ key="$1"
-case $key in
- -h|--help)
- show_help
- ;;
- --essid)
+ case $key in
+ -h|--help)
+ show_help
+ ;;
+ --essid)
+ shift
+ ESSID="$1"
+ ;;
+ --channel)
+ shift
+ WIFI_CHANNEL=${1}
+ ;;
+ *)
+ # unknown option
+ ;;
+ esac
shift
- ESSID="$1"
- ;;
- --channel)
- shift
- WIFI_CHANNEL=${1}
- ;;
- *)
- # unknown option
- ;;
-esac
-shift
done
echo $'Configuring client'
configure_ssh_client
-mesh_batman
-mesh_babel
+${PROJECT_NAME}-mesh-install batman_client
+${PROJECT_NAME}-mesh-install babel_client
echo $'Configuration complete'
exit 0
diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise
index 013b9510..62111d1e 100755
--- a/src/freedombone-image-customise
+++ b/src/freedombone-image-customise
@@ -378,335 +378,37 @@ atheros_wifi() {
fi
}
-mesh_avahi() {
- chroot "$rootdir" apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd
-
- decarray=( 1 2 3 4 5 6 7 8 9 0 )
- PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
- sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" $rootdir/etc/avahi/avahi-daemon.conf
-
- if [ ! -d $rootdir/etc/avahi/services ]; then
- mkdir -p $rootdir/etc/avahi/services
- fi
-
- # remove an avahi service which isn't used
- if [ -f $rootdir/etc/avahi/services/udisks.service ]; then
- rm $rootdir/etc/avahi/services/udisks.service
- fi
-
- # Add an ssh service
- echo '' > $rootdir/etc/avahi/services/ssh.service
- echo '' >> $rootdir/etc/avahi/services/ssh.service
- echo '' >> $rootdir/etc/avahi/services/ssh.service
- echo ' %h SSH' >> $rootdir/etc/avahi/services/ssh.service
- echo ' ' >> $rootdir/etc/avahi/services/ssh.service
- echo ' _ssh._tcp' >> $rootdir/etc/avahi/services/ssh.service
- echo " $SSH_PORT" >> $rootdir/etc/avahi/services/ssh.service
- echo ' ' >> $rootdir/etc/avahi/services/ssh.service
- echo '' >> $rootdir/etc/avahi/services/ssh.service
-
- # keep the daemon running
- WATCHDOG_SCRIPT_NAME="keepon"
- echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
- echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
- echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
- echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
- echo ' systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
- echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
- echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
- echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
- chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-}
-
-mesh_batman() {
- chroot "$rootdir" apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
- chroot "$rootdir" apt-get -y install python-dev libevent-dev ebtables python-pip git
- chroot "$rootdir" apt-get -y install wireless-tools rfkill
-
- if ! grep -q "batman_adv" $rootdir/etc/modules; then
- echo 'batman_adv' >> $rootdir/etc/modules
- fi
-
- if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
- cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $rootdir/var/lib/batman
- else
- cp /usr/bin/${PROJECT_NAME}-mesh-batman $rootdir/var/lib/batman
- fi
-
- echo '[Unit]' > $rootdir/etc/systemd/system/batman.service
- echo 'Description=B.A.T.M.A.N. Advanced' >> $rootdir/etc/systemd/system/batman.service
- echo '' >> $rootdir/etc/systemd/system/batman.service
- echo '[Service]' >> $rootdir/etc/systemd/system/batman.service
- echo 'Type=oneshot' >> $rootdir/etc/systemd/system/batman.service
- echo "ExecStart=/var/lib/batman start" >> $rootdir/etc/systemd/system/batman.service
- echo "ExecStop=/var/lib/batman stop" >> $rootdir/etc/systemd/system/batman.service
- echo 'RemainAfterExit=yes' >> $rootdir/etc/systemd/system/batman.service
- echo '' >> $rootdir/etc/systemd/system/batman.service
- echo '# Allow time for the server to start/stop' >> $rootdir/etc/systemd/system/batman.service
- echo 'TimeoutSec=300' >> $rootdir/etc/systemd/system/batman.service
- echo '' >> $rootdir/etc/systemd/system/batman.service
- echo '[Install]' >> $rootdir/etc/systemd/system/batman.service
- echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/batman.service
- chroot "$rootdir" systemctl enable batman
-}
-
-mesh_firewall() {
- TOX_PORT=33445
- ZERONET_PORT=15441
- FIREWALL_FILENAME=$rootdir/etc/systemd/system/meshfirewall.service
- MESH_FIREWALL_SCRIPT=/usr/bin/mesh-firewall
-
- echo '#!/bin/bash' > $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -P INPUT ACCEPT' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'ip6tables -P INPUT ACCEPT' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -F' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'ip6tables -F' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -t nat -F' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'ip6tables -t nat -F' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -X' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'ip6tables -X' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -P INPUT DROP' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'ip6tables -P INPUT DROP' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -A INPUT -i lo -j ACCEPT' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo '' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo '# Make sure incoming tcp connections are SYN packets' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo '' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo '# Drop packets with incoming fragments' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -A INPUT -f -j DROP' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo '' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo '# Drop bogons' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo '' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo '# Incoming malformed NULL packets:' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo '' >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $rootdir/$MESH_FIREWALL_SCRIPT
- echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $rootdir/$MESH_FIREWALL_SCRIPT
- chmod +x $rootdir/$MESH_FIREWALL_SCRIPT
-
- echo '[Unit]' > $FIREWALL_FILENAME
- echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
- echo '' >> $FIREWALL_FILENAME
- echo '[Service]' >> $FIREWALL_FILENAME
- echo 'Type=oneshot' >> $FIREWALL_FILENAME
- echo "ExecStart=$MESH_FIREWALL_SCRIPT" >> $FIREWALL_FILENAME
- echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
- echo '' >> $FIREWALL_FILENAME
- echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
- echo '' >> $FIREWALL_FILENAME
- echo '[Install]' >> $FIREWALL_FILENAME
- echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
- chroot "$rootdir" systemctl enable meshfirewall
-}
-
-mesh_tox_node() {
- TOX_REPO='git://github.com/irungentoo/toxcore.git'
- TOX_COMMIT='73b2144edcfd1ca617e9054479b66ab0c0361a14'
- # These are some default nodes, but you can replace them with trusted nodes
- # as you prefer. See https://wiki.tox.im/Nodes
- TOX_NODES=
- #TOX_NODES=(
- # '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
- # '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE'
- #)
-
- chroot "$rootdir" apt-get -y install build-essential libtool autotools-dev
- chroot "$rootdir" apt-get -y install automake checkinstall check git yasm
- chroot "$rootdir" apt-get -y install libsodium13 libsodium-dev libcap2-bin
- chroot "$rootdir" apt-get -y install libconfig9 libconfig-dev
-
- chroot "$rootdir" git clone $TOX_REPO $INSTALL_DIR/toxcore
- chroot "$rootdir" cd $INSTALL_DIR/toxcore
- chroot "$rootdir" git checkout $TOX_COMMIT -b $TOX_COMMIT
-
- chroot "$rootdir" autoreconf -i
- chroot "$rootdir" ./configure --enable-daemon
- chroot "$rootdir" make
- chroot "$rootdir" make install
- chroot "$rootdir" cp /usr/local/lib/libtoxcore* /usr/lib/
-
- if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then
- echo $"File not found /usr/local/bin/tox-bootstrapd"
- return
- fi
-
- chroot "$rootdir" useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
- chroot "$rootdir" chmod 700 /var/lib/tox-bootstrapd
- if [ ! -f $rootdir/$INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf ]; then
- echo $"File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf"
- fi
- # remove Maildir
- if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then
- rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir
- fi
-
- # create configuration file
- echo "port = $TOX_PORT" > $rootdir/etc/tox-bootstrapd.conf
- echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $rootdir/etc/tox-bootstrapd.conf
- echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $rootdir/etc/tox-bootstrapd.conf
- echo 'enable_ipv6 = true' >> $rootdir/etc/tox-bootstrapd.conf
- echo 'enable_ipv4_fallback = true' >> $rootdir/etc/tox-bootstrapd.conf
- echo 'enable_lan_discovery = true' >> $rootdir/etc/tox-bootstrapd.conf
- echo 'enable_tcp_relay = true' >> $rootdir/etc/tox-bootstrapd.conf
- echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $rootdir/etc/tox-bootstrapd.conf
- echo 'enable_motd = true' >> $rootdir/etc/tox-bootstrapd.conf
- echo 'motd = "tox-bootstrapd"' >> $rootdir/etc/tox-bootstrapd.conf
-
- if [ $TOX_NODES ]; then
- echo 'bootstrap_nodes = (' >> $rootdir/etc/tox-bootstrapd.conf
- toxcount=0
- while [ "x${TOX_NODES[toxcount]}" != "x" ]
- do
- toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
- toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
- toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
- toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
- toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
- echo "{ // $toxval_maintainer" >> $rootdir/etc/tox-bootstrapd.conf
- if [[ $toxval_ipv6 != 'NONE' ]]; then
- echo " address = \"$toxval_ipv6\"" >> $rootdir/etc/tox-bootstrapd.conf
- else
- echo " address = \"$toxval_ipv4\"" >> $rootdir/etc/tox-bootstrapd.conf
- fi
- echo " port = $toxval_port" >> $rootdir/etc/tox-bootstrapd.conf
- echo " public_key = \"$toxval_pubkey\"" >> $rootdir/etc/tox-bootstrapd.conf
- toxcount=$(( $toxcount + 1 ))
- if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
- echo "}," >> $rootdir/etc/tox-bootstrapd.conf
- else
- echo "}" >> $rootdir/etc/tox-bootstrapd.conf
- fi
- done
- echo ')' >> $rootdir/etc/tox-bootstrapd.conf
- fi
-
- if [ ! -f $rootdir/$INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service ]; then
- echo $"File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service"
- fi
- cp $rootdir/$INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service $rootdir/etc/systemd/system/
-
- chroot "$rootdir" systemctl enable tox-bootstrapd.service
-}
-
-function mesh_tox_client {
- chroot "$rootdir" apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev libcurl4-openssl-dev
-
- chroot "$rootdir" git clone $TOXIC_REPO $INSTALL_DIR/toxic
- chroot "$rootdir" cd $INSTALL_DIR/toxic
- chroot "$rootdir" git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT
- echo "Toxic commit:$TOXIC_COMMIT" >> $rootdir$COMPLETION_FILE
-
- chroot "$rootdir" make
- chroot "$rootdir" make install
-}
-
-function mesh_zeronet {
- ZERONET_REPO='https://github.com/HelloZeroNet/ZeroNet.git'
- ZERONET_COMMIT='675bd462556c541d65e2d95f91f899146a373aad'
-
- chroot "$rootdir" apt-get -y install python python-msgpack python-gevent
- chroot "$rootdir" apt-get -y install python-pip bittornado
- chroot "$rootdir" pip install msgpack-python --upgrade
-
- chroot "$rootdir" useradd -d /opt/zeronet/ -s /bin/false zeronet
- git clone $ZERONET_REPO $rootdir/opt/zeronet
- if [ ! -d $rootdir/opt/zeronet ]; then
- echo 'WARNING: Unable to clone zeronet'
- return
- fi
- cd $rootdir/opt/zeronet
- git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
- echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE
- chown -R zeronet:zeronet $rootdir/opt/zeronet
-
- # Hack to ensure that the file access port is opened
- # This is because zeronet normally relies on an internet site
- # to do this, but on a purely local mesh the internet isn't available
- sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' $rootdir/opt/zeronet/src/Site/Site.py
-
- echo '[Unit]' > $rootdir/etc/systemd/system/zeronet.service
- echo 'Description=Zeronet Server' >> $rootdir/etc/systemd/system/zeronet.service
- echo 'After=syslog.target' >> $rootdir/etc/systemd/system/zeronet.service
- echo 'After=network.target' >> $rootdir/etc/systemd/system/zeronet.service
- echo '[Service]' >> $rootdir/etc/systemd/system/zeronet.service
- echo 'Type=simple' >> $rootdir/etc/systemd/system/zeronet.service
- echo 'User=zeronet' >> $rootdir/etc/systemd/system/zeronet.service
- echo 'Group=zeronet' >> $rootdir/etc/systemd/system/zeronet.service
- echo 'WorkingDirectory=/opt/zeronet' >> $rootdir/etc/systemd/system/zeronet.service
- echo 'ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file /opt/zeronet/bootstrap' >> $rootdir/etc/systemd/system/zeronet.service
- echo '' >> $rootdir/etc/systemd/system/zeronet.service
- echo 'TimeoutSec=300' >> $rootdir/etc/systemd/system/zeronet.service
- echo '' >> $rootdir/etc/systemd/system/zeronet.service
- echo '[Install]' >> $rootdir/etc/systemd/system/zeronet.service
- echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/zeronet.service
-
- echo '[Unit]' > $rootdir/etc/systemd/system/tracker.service
- echo 'Description=Torrent Tracker' >> $rootdir/etc/systemd/system/tracker.service
- echo 'After=syslog.target' >> $rootdir/etc/systemd/system/tracker.service
- echo 'After=network.target' >> $rootdir/etc/systemd/system/tracker.service
- echo '[Service]' >> $rootdir/etc/systemd/system/tracker.service
- echo 'Type=simple' >> $rootdir/etc/systemd/system/tracker.service
- echo 'User=tracker' >> $rootdir/etc/systemd/system/tracker.service
- echo 'Group=tracker' >> $rootdir/etc/systemd/system/tracker.service
- echo 'WorkingDirectory=/opt/tracker' >> $rootdir/etc/systemd/system/tracker.service
- echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /opt/tracker/dstate --logfile /opt/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $rootdir/etc/systemd/system/tracker.service
- echo '' >> $rootdir/etc/systemd/system/tracker.service
- echo 'TimeoutSec=300' >> $rootdir/etc/systemd/system/tracker.service
- echo '' >> $rootdir/etc/systemd/system/tracker.service
- echo '[Install]' >> $rootdir/etc/systemd/system/tracker.service
- echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/tracker.service
-
- chroot "$rootdir" useradd -d /opt/tracker/ -s /bin/false tracker
- if [ ! -d $rootdir/opt/tracker ]; then
- mkdir $rootdir/opt/tracker
- fi
- chown -R tracker:tracker $rootdir/opt/tracker
-
- # publish regularly
- echo "* * * * * root zeronetavahi > /dev/null" >> $rootdir/etc/crontab
-
- chroot "$rootdir" systemctl enable tracker.service
- chroot "$rootdir" systemctl enable zeronet.service
-}
initialise_mesh() {
if [[ $VARIANT != "mesh" ]]; then
return
fi
- mesh_firewall
- mesh_avahi
- mesh_batman
- mesh_tox_node
- mesh_tox_client
- mesh_zeronet
+ freedombone-mesh-install -f firewall -r "${rootdir}"
+ freedombone-mesh-install -f avahi -r "${rootdir}"
+ freedombone-mesh-install -f batman -r "${rootdir}"
+ freedombone-mesh-install -f tox_node -r "${rootdir}"
+ freedombone-mesh-install -f tox_client -r "${rootdir}"
+ freedombone-mesh-install -f zeronet -r "${rootdir}"
- MESH_SERVICE='mesh-setup.service'
- MESH_SETUP_DAEMON=$rootdir/etc/systemd/system/$MESH_SERVICE
+ MESH_SERVICE='mesh-setup.service'
+ MESH_SETUP_DAEMON=$rootdir/etc/systemd/system/$MESH_SERVICE
- echo '[Unit]' > $MESH_SETUP_DAEMON
- echo 'Description=Initial mesh router configuration' >> $MESH_SETUP_DAEMON
- echo 'After=syslog.target' >> $MESH_SETUP_DAEMON
- echo 'After=network.target' >> $MESH_SETUP_DAEMON
- echo '[Service]' >> $MESH_SETUP_DAEMON
- echo 'Type=simple' >> $MESH_SETUP_DAEMON
- echo 'User=root' >> $MESH_SETUP_DAEMON
- echo 'Group=root' >> $MESH_SETUP_DAEMON
- echo 'WorkingDirectory=/root' >> $MESH_SETUP_DAEMON
- echo "ExecStart=/usr/local/bin/${PROJECT_NAME}-image-mesh > /var/log/mesh-setup.log" >> $MESH_SETUP_DAEMON
- echo '' >> $MESH_SETUP_DAEMON
- echo 'TimeoutSec=99999' >> $MESH_SETUP_DAEMON
- echo '' >> $MESH_SETUP_DAEMON
- echo '[Install]' >> $MESH_SETUP_DAEMON
- echo 'WantedBy=multi-user.target' >> $MESH_SETUP_DAEMON
- chroot "$rootdir" systemctl enable $MESH_SERVICE
+ echo '[Unit]' > $MESH_SETUP_DAEMON
+ echo 'Description=Initial mesh router configuration' >> $MESH_SETUP_DAEMON
+ echo 'After=syslog.target' >> $MESH_SETUP_DAEMON
+ echo 'After=network.target' >> $MESH_SETUP_DAEMON
+ echo '[Service]' >> $MESH_SETUP_DAEMON
+ echo 'Type=simple' >> $MESH_SETUP_DAEMON
+ echo 'User=root' >> $MESH_SETUP_DAEMON
+ echo 'Group=root' >> $MESH_SETUP_DAEMON
+ echo 'WorkingDirectory=/root' >> $MESH_SETUP_DAEMON
+ echo "ExecStart=/usr/local/bin/${PROJECT_NAME}-image-mesh > /var/log/mesh-setup.log" >> $MESH_SETUP_DAEMON
+ echo '' >> $MESH_SETUP_DAEMON
+ echo 'TimeoutSec=99999' >> $MESH_SETUP_DAEMON
+ echo '' >> $MESH_SETUP_DAEMON
+ echo '[Install]' >> $MESH_SETUP_DAEMON
+ echo 'WantedBy=multi-user.target' >> $MESH_SETUP_DAEMON
+ chroot "$rootdir" systemctl enable $MESH_SERVICE
}
# Set to true/false to control if eatmydata is used during build
@@ -737,12 +439,12 @@ case "$MACHINE" in
virtualbox)
# hide irrelevant console keyboard messages.
echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \
- >> /etc/init.d/rc.local
+ >> /etc/init.d/rc.local
;;
qemu)
# hide irrelevant console keyboard messages.
echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \
- >> /etc/init.d/rc.local
+ >> /etc/init.d/rc.local
;;
esac
@@ -800,17 +502,17 @@ fi
case "$MACHINE" in
beaglebone)
dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/MLO of="$image" \
- count=1 seek=1 conv=notrunc bs=128k
+ count=1 seek=1 conv=notrunc bs=128k
dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/u-boot.img of="$image" \
- count=2 seek=1 conv=notrunc bs=384k
+ count=2 seek=1 conv=notrunc bs=384k
;;
cubieboard2)
dd if=$rootdir/usr/lib/u-boot/Cubieboard2/u-boot-sunxi-with-spl.bin of="$image" \
- seek=8 conv=notrunc bs=1k
+ seek=8 conv=notrunc bs=1k
;;
a20-olinuxino-lime)
dd if=$rootdir/usr/lib/u-boot/A20-OLinuXino-Lime/u-boot-sunxi-with-spl.bin \
- of="$image" seek=8 conv=notrunc bs=1k
+ of="$image" seek=8 conv=notrunc bs=1k
;;
esac
diff --git a/src/freedombone-mesh-install b/src/freedombone-mesh-install
new file mode 100755
index 00000000..ad2b09cd
--- /dev/null
+++ b/src/freedombone-mesh-install
@@ -0,0 +1,918 @@
+#!/bin/bash
+#
+# .---. . .
+# | | |
+# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
+# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
+# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
+#
+# Freedom in the Cloud
+#
+# Installs mesh applications. This avoids duplicated functions
+# within freedombone and freedombone-image-customize and also
+# for client installs
+#
+# License
+# =======
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+
+PROJECT_NAME='freedombone'
+INSTALL_DIR=/root/build
+COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+
+export TEXTDOMAIN=${PROJECT_NAME}-mesh-install
+export TEXTDOMAINDIR="/usr/share/locale"
+
+# for mesh installs
+TRACKER_PORT=6969
+
+ZERONET_PORT=15441
+
+WIFI_CHANNEL=2
+WIFI_INTERFACE='wlan0'
+
+# B.A.T.M.A.N settings
+BATMAN_CELLID='02:BA:00:00:03:01'
+ESSID='mesh'
+
+# Babel
+BABEL_PORT=6696
+
+rootdir=''
+FN=
+CHROOT_PREFIX=''
+FRIENDS_MIRRORS_SERVER=
+
+TOXID_REPO="https://github.com/bashrc/toxid"
+TOX_PORT=33445
+TOX_REPO="git://github.com/irungentoo/toxcore.git"
+TOX_COMMIT='73b2144edcfd1ca617e9054479b66ab0c0361a14'
+# These are some default nodes, but you can replace them with trusted nodes
+# as you prefer. See https://wiki.tox.im/Nodes
+TOX_NODES=
+#TOX_NODES=(
+# '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
+# '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE'
+#)
+ZERONET_REPO="https://github.com/HelloZeroNet/ZeroNet.git"
+ZERONET_COMMIT='675bd462556c541d65e2d95f91f899146a373aad'
+
+function show_help {
+ echo ''
+ echo $"${PROJECT_NAME}-mesh-install -f [function] -r [rootdir]"
+ echo ''
+ echo $'Runs a mesh network install function'
+ echo ''
+ echo $' -h --help Show help'
+ echo $' -f --function [name] Name of the function to be run'
+ echo $' -r --rootdir [directory] Root directory'
+ echo $' -w --wifi [interface] e.g. wlan0'
+ echo ''
+ exit 0
+}
+
+function git_clone {
+ repo_url="$1"
+ destination_dir="$2"
+ if [[ "$repo_url" == "ssh:"* ]]; then
+ if [ "${FRIENDS_MIRRORS_SERVER}" ]; then
+ if [ ${#FRIENDS_MIRRORS_SERVER} -gt 2 ]; then
+ if [ "$FRIENDS_MIRRORS_PASSWORD" ]; then
+ if [ ${#FRIENDS_MIRRORS_PASSWORD} -gt 2 ]; then
+ sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone "$repo_url" "$destination_dir"
+ return
+ fi
+ fi
+ fi
+ fi
+ fi
+ git clone "$repo_url" "$destination_dir"
+}
+
+function mesh_babel {
+ $CHROOT_PREFIX apt-get -y install babeld
+
+ babel_script=${rootdir}/var/lib/babel
+
+ echo '#!/bin/bash' > $babel_script
+ echo '' >> $babel_script
+ echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script
+ echo ' avahi-browse -atl' >> $babel_script
+ echo ' exit 0' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo '' >> $babel_script
+ echo 'if [[ $1 == "start" ]]; then' >> $babel_script
+ echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
+ echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
+ echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
+ echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
+ echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $babel_script
+ echo ' systemctl restart avahi-daemon' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo '' >> $babel_script
+ echo "IFACE=$WIFI_INTERFACE" >> $babel_script
+ echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
+ echo ' if grep -q "wlan1" /proc/net/dev; then' >> $babel_script
+ echo ' IFACE=wlan1' >> $babel_script
+ echo ' fi' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
+ echo ' if grep -q "wlan2" /proc/net/dev; then' >> $babel_script
+ echo ' IFACE=wlan2' >> $babel_script
+ echo ' fi' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
+ echo ' if grep -q "wlan3" /proc/net/dev; then' >> $babel_script
+ echo ' IFACE=wlan3' >> $babel_script
+ echo ' fi' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo '' >> $babel_script
+ echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script
+ echo ' if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script
+ echo ' echo "Interface $IFACE was not found"' >> $babel_script
+ echo ' else' >> $babel_script
+ echo ' echo "Stopping"' >> $babel_script
+ echo ' fi' >> $babel_script
+ echo ' ifconfig $IFACE down' >> $babel_script
+ echo ' pkill babeld' >> $babel_script
+ echo ' systemctl restart network-manager' >> $babel_script
+ echo ' exit 1' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo '' >> $babel_script
+ echo 'systemctl stop network-manager' >> $babel_script
+ echo 'ifconfig $IFACE down' >> $babel_script
+ echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script
+ echo "$WIFI_CHANNEL essid \"$ESSID\"" >> $babel_script
+ echo 'ifconfig $IFACE up' >> $babel_script
+ echo -n 'ifconfig $IFACE:avahi ' >> $babel_script
+ echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script
+ echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script
+ echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script
+ echo -n "$BABEL_PORT -d 5 " >> $babel_script
+ echo '$IFACE' >> $babel_script
+ echo 'exit 0' >> $babel_script
+ chmod +x $babel_script
+
+ echo '[Unit]' > ${rootdir}/etc/systemd/system/babel.service
+ echo 'Description=Babel Mesh' >> ${rootdir}/etc/systemd/system/babel.service
+ echo '' >> ${rootdir}/etc/systemd/system/babel.service
+ echo '[Service]' >> ${rootdir}/etc/systemd/system/babel.service
+ echo 'Type=oneshot' >> ${rootdir}/etc/systemd/system/babel.service
+ echo "ExecStart=$babel_script start" >> ${rootdir}/etc/systemd/system/babel.service
+ echo "ExecStop=$babel_script stop" >> ${rootdir}/etc/systemd/system/babel.service
+ echo 'RemainAfterExit=yes' >> ${rootdir}/etc/systemd/system/babel.service
+ echo '' >> ${rootdir}/etc/systemd/system/babel.service
+ echo '# Allow time for the server to start/stop' >> ${rootdir}/etc/systemd/system/babel.service
+ echo 'TimeoutSec=300' >> ${rootdir}/etc/systemd/system/babel.service
+ echo '' >> ${rootdir}/etc/systemd/system/babel.service
+ echo '[Install]' >> /etc/systemd/system/babel.service
+ echo 'WantedBy=multi-user.target' >> ${rootdir}/etc/systemd/system/babel.service
+ $CHROOT_PREFIX systemctl enable babel
+}
+
+function mesh_avahi {
+ $CHROOT_PREFIX apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd
+
+ decarray=( 1 2 3 4 5 6 7 8 9 0 )
+ PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
+ sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" $rootdir/etc/avahi/avahi-daemon.conf
+
+ if [ ! -d $rootdir/etc/avahi/services ]; then
+ mkdir -p $rootdir/etc/avahi/services
+ fi
+
+ # remove an avahi service which isn't used
+ if [ -f $rootdir/etc/avahi/services/udisks.service ]; then
+ rm $rootdir/etc/avahi/services/udisks.service
+ fi
+
+ # Add an ssh service
+ echo '' > $rootdir/etc/avahi/services/ssh.service
+ echo '' >> $rootdir/etc/avahi/services/ssh.service
+ echo '' >> $rootdir/etc/avahi/services/ssh.service
+ echo ' %h SSH' >> $rootdir/etc/avahi/services/ssh.service
+ echo ' ' >> $rootdir/etc/avahi/services/ssh.service
+ echo ' _ssh._tcp' >> $rootdir/etc/avahi/services/ssh.service
+ echo " $SSH_PORT" >> $rootdir/etc/avahi/services/ssh.service
+ echo ' ' >> $rootdir/etc/avahi/services/ssh.service
+ echo '' >> $rootdir/etc/avahi/services/ssh.service
+
+ # keep the daemon running
+ WATCHDOG_SCRIPT_NAME="keepon"
+ echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo ' systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+ echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+ chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+}
+
+function mesh_babel_client {
+ if [ ! -f ${rootdir}/tmp/meshtype ]; then
+ $CHROOT_PREFIX sudo apt-get -y install babeld
+ $CHROOT_PREFIX sudo apt-get -y install irssi mumble
+ if [ ! -f /usr/bin/toxic ]; then
+ $CHROOT_PREFIX sudo apt-get -y install toxic
+ echo "n
+/nick $USER
+/exit
+" | ${rootdir}/usr/bin/toxic -d
+ fi
+
+ CURR_DIR=$(pwd)
+ if [ ! -f ~/develop/toxid ]; then
+ if [ ! -f ~/develop ]; then
+ mkdir ~/develop
+ fi
+ cd ~/develop
+ git_clone $TOXID_REPO ~/develop/toxid
+ fi
+ cd ~/develop/toxid
+ sudo make install
+ cd $CURR_DIR
+ fi
+
+ babel_script=${rootdir}/tmp/babel
+
+ echo '#!/bin/bash' > $babel_script
+ echo '' >> $babel_script
+ echo 'if [[ $1 == "ls" || $1 == "list" ]]; then' >> $babel_script
+ echo ' avahi-browse -atl' >> $babel_script
+ echo ' exit 0' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo '' >> $babel_script
+ echo 'if [[ $1 == "start" ]]; then' >> $babel_script
+ echo ' if [ -f /tmp/meshtype ] ; then' >> $babel_script
+ echo ' echo "Mesh already running"' >> $babel_script
+ echo ' return' >> $babel_script
+ echo ' fi' >> $batman_script
+ echo ' # install avahi' >> $babel_script
+ echo ' apt-get -y install avahi-utils avahi-autoipd avahi-daemon avahi-dnsconfd bittornado' >> $babel_script
+ echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
+ echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $babel_script
+ echo ' if [ -f /bin/systemctl ]; then' >> $babel_script
+ echo ' systemctl restart avahi-daemon' >> $babel_script
+ echo ' else' >> $babel_script
+ echo ' service avahi-daemon restart' >> $babel_script
+ echo ' fi' >> $babel_script
+ echo ' echo "babel" > /tmp/meshtype' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo '' >> $babel_script
+ echo "IFACE=$WIFI_INTERFACE" >> $babel_script
+ echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
+ echo ' if grep -q "wlan1" /proc/net/dev; then' >> $babel_script
+ echo ' IFACE=wlan1' >> $babel_script
+ echo ' fi' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
+ echo ' if grep -q "wlan2" /proc/net/dev; then' >> $babel_script
+ echo ' IFACE=wlan2' >> $babel_script
+ echo ' fi' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo 'if [[ $IFACE == "wlan0" ]]; then' >> $babel_script
+ echo ' if grep -q "wlan3" /proc/net/dev; then' >> $babel_script
+ echo ' IFACE=wlan3' >> $babel_script
+ echo ' fi' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo '' >> $babel_script
+ echo 'if [[ ! grep -q "$IFACE" /proc/net/dev || $1 == "stop" ]]; then' >> $babel_script
+ echo ' if ! grep -q "$IFACE" /proc/net/dev; then' >> $babel_script
+ echo ' echo "Interface $IFACE was not found"' >> $babel_script
+ echo ' else' >> $babel_script
+ echo ' echo "Stopping"' >> $babel_script
+ echo ' fi' >> $babel_script
+ echo ' ifconfig $IFACE down' >> $babel_script
+ echo ' pkill babeld' >> $babel_script
+ echo ' if [ -f /bin/systemctl ]; then' >> $babel_script
+ echo ' systemctl restart network-manager' >> $babel_script
+ echo ' else' >> $babel_script
+ echo ' service network-manager restart' >> $babel_script
+ echo ' fi' >> $babel_script
+ echo ' exit 1' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo '' >> $babel_script
+ echo 'if [ -f /bin/systemctl ]; then' >> $babel_script
+ echo ' systemctl stop network-manager' >> $babel_script
+ echo 'else' >> $babel_script
+ echo ' service network-manager stop' >> $babel_script
+ echo 'fi' >> $babel_script
+ echo 'ifconfig $IFACE down' >> $babel_script
+ echo -n 'iwconfig $IFACE mode ad-hoc channel ' >> $babel_script
+ echo "$WIFI_CHANNEL essid \"$ESSID\"" >> $babel_script
+ echo 'ifconfig $IFACE up' >> $babel_script
+ echo -n 'ifconfig $IFACE:avahi ' >> $babel_script
+ echo -n "$LOCAL_NETWORK_STATIC_IP_ADDRESS netmask " >> $babel_script
+ echo '255.255.255.0 broadcast 192.168.13.255' >> $babel_script
+ echo -n 'babeld -D $IFACE:avahi -p ' >> $babel_script
+ echo -n "$BABEL_PORT -d 5 " >> $babel_script
+ echo '$IFACE' >> $babel_script
+ echo 'exit 0' >> $babel_script
+ chmod +x $babel_script
+ sudo mv $babel_script ${rootdir}/usr/bin/babel
+}
+
+
+function mesh_batman {
+ $CHROOT_PREFIX apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
+ $CHROOT_PREFIX apt-get -y install python-dev libevent-dev ebtables python-pip git
+ $CHROOT_PREFIX apt-get -y install wireless-tools rfkill
+
+ if ! grep -q "batman_adv" $rootdir/etc/modules; then
+ echo 'batman_adv' >> $rootdir/etc/modules
+ fi
+
+ BATMAN_SCRIPT=$rootdir/var/lib/batman
+
+ if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
+ cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+ else
+ cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+ fi
+
+ BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
+ echo '[Unit]' > $BATMAN_DAEMON
+ echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
+ echo '' >> $BATMAN_DAEMON
+ echo '[Service]' >> $BATMAN_DAEMON
+ echo 'Type=oneshot' >> $BATMAN_DAEMON
+ echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
+ echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
+ echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
+ echo '' >> $BATMAN_DAEMON
+ echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
+ echo 'TimeoutSec=300' >> $BATMAN_DAEMON
+ echo '' >> $BATMAN_DAEMON
+ echo '[Install]' >> $BATMAN_DAEMON
+ echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
+ $CHROOT_PREFIX systemctl enable batman
+}
+
+function mesh_firewall {
+ FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
+ MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
+
+ echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
+ echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
+ echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
+ echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
+ echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
+ echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
+ echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
+ echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
+ echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
+ echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
+ echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
+ echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+ echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+ echo '' >> $MESH_FIREWALL_SCRIPT
+ echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
+ echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
+ echo '' >> $MESH_FIREWALL_SCRIPT
+ echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
+ echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
+ echo '' >> $MESH_FIREWALL_SCRIPT
+ echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
+ echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
+ echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
+ echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
+ echo '' >> $MESH_FIREWALL_SCRIPT
+ echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
+ echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
+ echo '' >> $MESH_FIREWALL_SCRIPT
+ echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+ echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+ echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+ echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+ echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+ echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+ chmod +x $MESH_FIREWALL_SCRIPT
+
+ echo '[Unit]' > $FIREWALL_FILENAME
+ echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
+ echo '' >> $FIREWALL_FILENAME
+ echo '[Service]' >> $FIREWALL_FILENAME
+ echo 'Type=oneshot' >> $FIREWALL_FILENAME
+ echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
+ echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
+ echo '' >> $FIREWALL_FILENAME
+ echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
+ echo '' >> $FIREWALL_FILENAME
+ echo '[Install]' >> $FIREWALL_FILENAME
+ echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
+ $CHROOT_PREFIX systemctl enable meshfirewall
+}
+
+function mesh_tox_node {
+ $CHROOT_PREFIX apt-get -y install build-essential libtool autotools-dev
+ $CHROOT_PREFIX apt-get -y install automake checkinstall check git yasm
+ $CHROOT_PREFIX apt-get -y install libsodium13 libsodium-dev libcap2-bin
+ $CHROOT_PREFIX apt-get -y install libconfig9 libconfig-dev
+
+ $CHROOT_PREFIX git_clone $TOX_REPO $INSTALL_DIR/toxcore
+ $CHROOT_PREFIX cd $INSTALL_DIR/toxcore
+ $CHROOT_PREFIX git checkout $TOX_COMMIT -b $TOX_COMMIT
+
+ $CHROOT_PREFIX autoreconf -i
+ $CHROOT_PREFIX ./configure --enable-daemon
+ if [ ! "$?" = "0" ]; then
+ return
+ fi
+ $CHROOT_PREFIX make
+ if [ ! "$?" = "0" ]; then
+ return
+ fi
+ $CHROOT_PREFIX make install
+ $CHROOT_PREFIX cp /usr/local/lib/libtoxcore* /usr/lib/
+
+ if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then
+ echo $"File not found /usr/local/bin/tox-bootstrapd"
+ return
+ fi
+
+ $CHROOT_PREFIX useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
+ $CHROOT_PREFIX chmod 700 /var/lib/tox-bootstrapd
+ if [ ! -f $rootdir/$INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf ]; then
+ echo $"File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.conf"
+ fi
+ # remove Maildir
+ if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then
+ rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir
+ fi
+
+ # create configuration file
+ TOX_BOOTSTRAP_CONFIG=${rootdir}/etc/tox-bootstrapd.conf
+ echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG
+ echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG
+ echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG
+ echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG
+ echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG
+ echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG
+ echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG
+ echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG
+ echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG
+ echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG
+
+ if [ $TOX_NODES ]; then
+ echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG
+ toxcount=0
+ while [ "x${TOX_NODES[toxcount]}" != "x" ]
+ do
+ toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
+ toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
+ toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
+ toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
+ toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
+ echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG
+ if [[ $toxval_ipv6 != 'NONE' ]]; then
+ echo " address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG
+ else
+ echo " address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG
+ fi
+ echo " port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG
+ echo " public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG
+ toxcount=$(( $toxcount + 1 ))
+ if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
+ echo "}," >> $TOX_BOOTSTRAP_CONFIG
+ else
+ echo "}" >> $TOX_BOOTSTRAP_CONFIG
+ fi
+ done
+ echo ')' >> $TOX_BOOTSTRAP_CONFIG
+ fi
+
+ if [ ! -f $rootdir/$INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service ]; then
+ echo $"File not found $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service"
+ return
+ fi
+ cp $rootdir/$INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service $rootdir/etc/systemd/system/
+
+ $CHROOT_PREFIX systemctl daemon-reload
+ $CHROOT_PREFIX systemctl enable tox-bootstrapd.service
+}
+
+function mesh_tox_client {
+ $CHROOT_PREFIX apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev libcurl4-openssl-dev
+
+ $CHROOT_PREFIX git_clone $TOXIC_REPO $INSTALL_DIR/toxic
+ $CHROOT_PREFIX cd $INSTALL_DIR/toxic
+ $CHROOT_PREFIX git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT
+ echo "Toxic commit:$TOXIC_COMMIT" >> $rootdir$COMPLETION_FILE
+
+ $CHROOT_PREFIX make
+ if [ ! -f $INSTALL_DIR/toxic/build/toxic ]; then
+ exit 74872
+ fi
+ $CHROOT_PREFIX make install
+}
+
+function mesh_zeronet {
+ $CHROOT_PREFIX apt-get -y install python python-msgpack python-gevent
+ $CHROOT_PREFIX apt-get -y install python-pip bittornado
+ $CHROOT_PREFIX pip install msgpack-python --upgrade
+
+ $CHROOT_PREFIX useradd -d /opt/zeronet/ -s /bin/false zeronet
+ git_clone $ZERONET_REPO $rootdir/opt/zeronet
+ if [ ! -d $rootdir/opt/zeronet ]; then
+ echo 'WARNING: Unable to clone zeronet'
+ return
+ fi
+ cd $rootdir/opt/zeronet
+ git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
+ if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then
+ echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE
+ else
+ sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
+ fi
+ chown -R zeronet:zeronet $rootdir/opt/zeronet
+
+ # Hack to ensure that the file access port is opened
+ # This is because zeronet normally relies on an internet site
+ # to do this, but on a purely local mesh the internet isn't available
+ sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' $rootdir/opt/zeronet/src/Site/Site.py
+
+ ZERPNET_DAEMON=$rootdir/etc/systemd/system/zeronet.service
+ echo '[Unit]' > $ZERONET_DAEMON
+ echo 'Description=Zeronet Server' >> $ZERONET_DAEMON
+ echo 'After=syslog.target' >> $ZERONET_DAEMON
+ echo 'After=network.target' >> $ZERONET_DAEMON
+ echo '[Service]' >> $ZERONET_DAEMON
+ echo 'Type=simple' >> $ZERONET_DAEMON
+ echo 'User=zeronet' >> $ZERONET_DAEMON
+ echo 'Group=zeronet' >> $ZERONET_DAEMON
+ echo 'WorkingDirectory=/opt/zeronet' >> $ZERONET_DAEMON
+ echo 'ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file /opt/zeronet/bootstrap' >> $ZERONET_DAEMON
+ echo '' >> $ZERONET_DAEMON
+ echo 'TimeoutSec=300' >> $ZERONET_DAEMON
+ echo '' >> $ZERONET_DAEMON
+ echo '[Install]' >> $ZERONET_DAEMON
+ echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON
+
+ TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service
+ echo '[Unit]' > $TRACKER_DAEMON
+ echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
+ echo 'After=syslog.target' >> $TRACKER_DAEMON
+ echo 'After=network.target' >> $TRACKER_DAEMON
+ echo '[Service]' >> $TRACKER_DAEMON
+ echo 'Type=simple' >> $TRACKER_DAEMON
+ echo 'User=tracker' >> $TRACKER_DAEMON
+ echo 'Group=tracker' >> $TRACKER_DAEMON
+ echo 'WorkingDirectory=/opt/tracker' >> $TRACKER_DAEMON
+ echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /opt/tracker/dstate --logfile /opt/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
+ echo '' >> $TRACKER_DAEMON
+ echo 'TimeoutSec=300' >> $TRACKER_DAEMON
+ echo '' >> $TRACKER_DAEMON
+ echo '[Install]' >> $TRACKER_DAEMON
+ echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
+
+ $CHROOT_PREFIX useradd -d /opt/tracker/ -s /bin/false tracker
+ if [ ! -d $rootdir/opt/tracker ]; then
+ mkdir $rootdir/opt/tracker
+ fi
+ chown -R tracker:tracker $rootdir/opt/tracker
+
+ # publish regularly
+ echo "* * * * * root zeronetavahi > /dev/null" >> $rootdir/etc/crontab
+
+ $CHROOT_PREFIX systemctl enable tracker.service
+ $CHROOT_PREFIX systemctl enable zeronet.service
+}
+
+function mesh_batman_client {
+ if [ ! -f ${rootdir}/tmp/meshtype ]; then
+ $CHROOT_PREFIX sudo apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
+ $CHROOT_PREFIX sudo apt-get -y install python-dev libevent-dev ebtables python-pip
+ $CHROOT_PREFIX sudo apt-get -y install wireless-tools rfkill
+ $CHROOT_PREFIX sudo apt-get -y install irssi mumble
+ if [ ! -f /usr/bin/toxic ]; then
+ $CHROOT_PREFIX sudo apt-get -y install toxic
+ echo "n
+/nick $USER
+/exit
+" | ${rootdir}/usr/bin/toxic -d
+ fi
+ fi
+
+ BATMAN_SCRIPT=${rootdir}/tmp/batman
+
+ echo '#!/bin/bash' > $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'if [[ $1 == "start" ]]; then' >> $BATMAN_SCRIPT
+ echo ' # install avahi' >> $BATMAN_SCRIPT
+ echo ' apt-get -y install avahi-utils avahi-autoipd avahi-daemon avahi-dnsconfd bittornado' >> $BATMAN_SCRIPT
+ echo ' sed -i "s|#host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $BATMAN_SCRIPT
+ echo ' sed -i "s|host-name=.*|host-name=$(hostname)|g" /etc/avahi/avahi-daemon.conf' >> $BATMAN_SCRIPT
+ echo ' sed -i "s|use-ipv4=.*|use-ipv4=yes|g" /etc/avahi/avahi-daemon.conf' >> $BATMAN_SCRIPT
+ echo ' sed -i "s|use-ipv6=.*|use-ipv6=no|g" /etc/avahi/avahi-daemon.conf' >> $BATMAN_SCRIPT
+ echo ' sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" /etc/avahi/avahi-daemon.conf' >> $BATMAN_SCRIPT
+ echo ' sed -i "s|hosts:.*|hosts: files mdns4_minimal dns mdns4 mdns|g" /etc/nsswitch.conf' >> $BATMAN_SCRIPT
+ echo ' if [ -f /bin/systemctl ]; then' >> $BATMAN_SCRIPT
+ echo ' systemctl restart avahi-daemon' >> $BATMAN_SCRIPT
+ echo ' else' >> $BATMAN_SCRIPT
+ echo ' service avahi-daemon restart' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo 'fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo '# Mesh definition' >> $BATMAN_SCRIPT
+ echo "ESSID=$ESSID" >> $BATMAN_SCRIPT
+ echo "CELLID=$BATMAN_CELLID" >> $BATMAN_SCRIPT
+ echo "CHANNEL=$WIFI_CHANNEL" >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo '# Ethernet bridge definition (bridged to bat0)' >> $BATMAN_SCRIPT
+ echo 'BRIDGE=br-mesh' >> $BATMAN_SCRIPT
+ echo "IFACE=$WIFI_INTERFACE" >> $BATMAN_SCRIPT
+ echo 'EIFACE=eth0' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'if [[ $IFACE == "wlan0" ]]; then' >> $BATMAN_SCRIPT
+ echo ' if grep -q "wlan1" /proc/net/dev; then' >> $BATMAN_SCRIPT
+ echo ' IFACE=wlan1' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo 'fi' >> $BATMAN_SCRIPT
+ echo 'if [[ $IFACE == "wlan0" ]]; then' >> $BATMAN_SCRIPT
+ echo ' if grep -q "wlan2" /proc/net/dev; then' >> $BATMAN_SCRIPT
+ echo ' IFACE=wlan2' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo 'fi' >> $BATMAN_SCRIPT
+ echo 'if [[ $IFACE == "wlan0" ]]; then' >> $BATMAN_SCRIPT
+ echo ' if grep -q "wlan3" /proc/net/dev; then' >> $BATMAN_SCRIPT
+ echo ' IFACE=wlan3' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo 'fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'if [ -e /etc/default/batctl ]; then' >> $BATMAN_SCRIPT
+ echo ' . /etc/default/batctl' >> $BATMAN_SCRIPT
+ echo 'fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'start() {' >> $BATMAN_SCRIPT
+ echo ' if [ -f /tmp/meshtype ] ; then' >> $BATMAN_SCRIPT
+ echo ' echo "Mesh already running"' >> $BATMAN_SCRIPT
+ echo ' return' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' if [ -z "$IFACE" ] ; then' >> $BATMAN_SCRIPT
+ echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $BATMAN_SCRIPT
+ echo ' return' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' echo "info: enabling batman-adv mesh network $ESSID on $IFACE"' >> $BATMAN_SCRIPT
+
+ echo ' if [ -f /bin/systemctl ]; then' >> $BATMAN_SCRIPT
+ echo ' systemctl stop network-manager' >> $BATMAN_SCRIPT
+ echo ' else' >> $BATMAN_SCRIPT
+ echo ' service network-manager stop' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' sleep 5' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo " # remove an avahi service which isn't used" >> $BATMAN_SCRIPT
+ echo ' if [ -f /etc/avahi/services/udisks.service ]; then' >> $BATMAN_SCRIPT
+ echo ' sudo rm /etc/avahi/services/udisks.service' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' # Might have to re-enable wifi' >> $BATMAN_SCRIPT
+ echo ' rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' ifconfig $IFACE down' >> $BATMAN_SCRIPT
+ echo ' ifconfig $IFACE mtu 1532' >> $BATMAN_SCRIPT
+ echo ' iwconfig $IFACE enc off' >> $BATMAN_SCRIPT
+ echo ' iwconfig $IFACE mode ad-hoc essid $ESSID channel $CHANNEL' >> $BATMAN_SCRIPT
+ echo ' sleep 1' >> $BATMAN_SCRIPT
+ echo ' iwconfig $IFACE ap $CELLID' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' modprobe batman-adv' >> $BATMAN_SCRIPT
+ echo ' batctl if add $IFACE' >> $BATMAN_SCRIPT
+ echo ' ifconfig $IFACE up' >> $BATMAN_SCRIPT
+ echo ' avahi-autoipd --force-bind --daemonize --wait $BRIDGE' >> $BATMAN_SCRIPT
+ echo ' avahi-autoipd --force-bind --daemonize --wait $IFACE' >> $BATMAN_SCRIPT
+ echo ' ifconfig bat0 up promisc' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' #Use persistent HWAddr' >> $BATMAN_SCRIPT
+ echo ' ether_new=$(ifconfig eth0 | grep HWaddr | sed -e "s/.*HWaddr //")' >> $BATMAN_SCRIPT
+ echo ' if [ ! -f /var/lib/mesh-node/bat0 ]; then' >> $BATMAN_SCRIPT
+ echo ' mkdir /var/lib/mesh-node' >> $BATMAN_SCRIPT
+ echo ' echo "${ether_new}" > /var/lib/mesh-node/bat0' >> $BATMAN_SCRIPT
+ echo ' else' >> $BATMAN_SCRIPT
+ echo ' ether=$(cat /var/lib/mesh-node/bat0)' >> $BATMAN_SCRIPT
+ echo ' ifconfig bat0 hw ether ${ether}' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' if [ "$EIFACE" ] ; then' >> $BATMAN_SCRIPT
+ echo ' brctl addbr $BRIDGE' >> $BATMAN_SCRIPT
+ echo ' brctl addif $BRIDGE bat0' >> $BATMAN_SCRIPT
+ echo ' brctl addif $BRIDGE $EIFACE' >> $BATMAN_SCRIPT
+ echo ' ifconfig bat0 0.0.0.0' >> $BATMAN_SCRIPT
+ echo ' ifconfig $EIFACE 0.0.0.0' >> $BATMAN_SCRIPT
+ echo ' ifconfig $EIFACE up promisc' >> $BATMAN_SCRIPT
+ echo ' ifconfig $BRIDGE up' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' iptables -A INPUT -p tcp --dport 548 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -A INPUT -p udp --dport 548 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -A INPUT -p tcp --dport 5353 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -A INPUT -p udp --dport 5353 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -A INPUT -p tcp --dport 5354 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -A INPUT -p udp --dport 5354 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p tcp --dport 80 -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -A INPUT -p udp -m udp -j ACCEPT" >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' if [ -f /bin/systemctl ]; then' >> $BATMAN_SCRIPT
+ echo ' systemctl restart avahi-daemon' >> $BATMAN_SCRIPT
+ echo ' else' >> $BATMAN_SCRIPT
+ echo ' service avahi-daemon restart' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' echo "batman" > /tmp/meshtype' >> $BATMAN_SCRIPT
+ echo '}' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'stop() {' >> $BATMAN_SCRIPT
+ echo ' if [ -z "$IFACE" ]; then' >> $BATMAN_SCRIPT
+ echo ' echo "error: unable to find wifi interface, not enabling batman-adv mesh"' >> $BATMAN_SCRIPT
+ echo ' return' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' if [ "$EIFACE" ]; then' >> $BATMAN_SCRIPT
+ echo ' brctl delif $BRIDGE bat0' >> $BATMAN_SCRIPT
+ echo ' brctl delif $BRIDGE $EIFACE' >> $BATMAN_SCRIPT
+ echo ' ifconfig $BRIDGE down || true' >> $BATMAN_SCRIPT
+ echo ' brctl delbr $BRIDGE' >> $BATMAN_SCRIPT
+ echo ' ifconfig $EIFACE down -promisc' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' avahi-autoipd -k $BRIDGE' >> $BATMAN_SCRIPT
+ echo ' avahi-autoipd -k $IFACE' >> $BATMAN_SCRIPT
+ echo ' ifconfig bat0 down -promisc' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' batctl if del $IFACE' >> $BATMAN_SCRIPT
+ echo ' rmmod batman-adv' >> $BATMAN_SCRIPT
+ echo ' ifconfig $IFACE mtu 1500' >> $BATMAN_SCRIPT
+ echo ' ifconfig $IFACE down' >> $BATMAN_SCRIPT
+ echo ' iwconfig $IFACE mode managed' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' iptables -D INPUT -p tcp --dport 548 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -D INPUT -p udp --dport 548 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -D INPUT -p tcp --dport 5353 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -D INPUT -p udp --dport 5353 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -D INPUT -p tcp --dport 5354 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo ' iptables -D INPUT -p udp --dport 5354 -j ACCEPT' >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p udp --dport 1900 -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p tcp --dport 80 -j ACCEPT" >> $BATMAN_SCRIPT
+ echo " iptables -D INPUT -p udp -m udp -j ACCEPT" >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' if [ -f /bin/systemctl ]; then' >> $BATMAN_SCRIPT
+ echo ' systemctl restart network-manager' >> $BATMAN_SCRIPT
+ echo ' else' >> $BATMAN_SCRIPT
+ echo ' service network-manager restart' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' ' >> $BATMAN_SCRIPT
+ echo ' # restore tox bootstrap nodes for the internet' >> $BATMAN_SCRIPT
+ echo ' if [ -f /usr/share/toxic/DHTnodes.internet ]; then' >> $BATMAN_SCRIPT
+ echo ' mv /usr/share/toxic/DHTnodes.internet /usr/share/toxic/DHTnodes' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' if [ -f /usr/local/share/toxic/DHTnodes.internet ]; then' >> $BATMAN_SCRIPT
+ echo ' mv /usr/local/share/toxic/DHTnodes.internet /usr/local/share/toxic/DHTnodes' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' if [ -f /bin/systemctl ]; then' >> $BATMAN_SCRIPT
+ echo ' systemctl stop avahi-daemon' >> $BATMAN_SCRIPT
+ echo ' else' >> $BATMAN_SCRIPT
+ echo ' service avahi-daemon stop' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' sudo rm -f /tmp/meshtype' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo ' # kill processes' >> $BATMAN_SCRIPT
+ echo ' zeronet_proc=$(ps aux | grep zeronet | grep -v grep | awk -F " " "{print $2}" | head -n1)' >> $BATMAN_SCRIPT
+ echo ' if [ "$zeronet_proc" ]; then' >> $BATMAN_SCRIPT
+ echo ' kill -9 $zeronet_proc 2> /dev/null' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' tracker_proc=$(ps aux | grep bttrack | grep -v grep | awk -F " " "{print $2}" | head -n1)' >> $BATMAN_SCRIPT
+ echo ' if [ "$tracker_proc" ]; then' >> $BATMAN_SCRIPT
+ echo ' kill -9 $tracker_proc 2> /dev/null' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' if [ ! -f /etc/systemd/system/ipfs.service ]; then' >> $BATMAN_SCRIPT
+ echo ' ipfs_proc=$(ps aux | grep ipfs | grep -v grep | awk -F " " "{print $2}" | head -n1)' >> $BATMAN_SCRIPT
+ echo ' if [ "$ipfs_proc" ]; then' >> $BATMAN_SCRIPT
+ echo ' kill -9 $ipfs_proc 2> /dev/null' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo ' fi' >> $BATMAN_SCRIPT
+ echo '}' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'if ! grep -q "$IFACE" /proc/net/dev; then' >> $BATMAN_SCRIPT
+ echo ' echo "Interface $IFACE was not found"' >> $BATMAN_SCRIPT
+ echo ' stop' >> $BATMAN_SCRIPT
+ echo ' exit 1' >> $BATMAN_SCRIPT
+ echo 'fi' >> $BATMAN_SCRIPT
+ echo '' >> $BATMAN_SCRIPT
+ echo 'case "$1" in' >> $BATMAN_SCRIPT
+ echo ' start|stop)' >> $BATMAN_SCRIPT
+ echo ' $1' >> $BATMAN_SCRIPT
+ echo ' ;;' >> $BATMAN_SCRIPT
+ echo ' restart)' >> $BATMAN_SCRIPT
+ echo ' stop' >> $BATMAN_SCRIPT
+ echo ' sleep 10' >> $BATMAN_SCRIPT
+ echo ' start' >> $BATMAN_SCRIPT
+ echo ' ;;' >> $BATMAN_SCRIPT
+ echo ' status)' >> $BATMAN_SCRIPT
+ echo ' batctl o' >> $BATMAN_SCRIPT
+ echo ' ;;' >> $BATMAN_SCRIPT
+ echo ' ping)' >> $BATMAN_SCRIPT
+ echo ' batctl ping $2' >> $BATMAN_SCRIPT
+ echo ' ;;' >> $BATMAN_SCRIPT
+ echo ' ls|list)' >> $BATMAN_SCRIPT
+ echo ' avahi-browse -atl' >> $BATMAN_SCRIPT
+ echo ' ;;' >> $BATMAN_SCRIPT
+ echo ' *)' >> $BATMAN_SCRIPT
+ echo ' echo "error: invalid parameter $1"' >> $BATMAN_SCRIPT
+ echo ' echo "usage: $0 {start|stop|restart|status|ping|ls|list}"' >> $BATMAN_SCRIPT
+ echo ' exit 2' >> $BATMAN_SCRIPT
+ echo ' ;;' >> $BATMAN_SCRIPT
+ echo 'esac' >> $BATMAN_SCRIPT
+ echo 'exit 0' >> $BATMAN_SCRIPT
+ chmod +x $BATMAN_SCRIPT
+ sudo cp -f $BATMAN_SCRIPT /usr/bin/batman
+ rm $BATMAN_SCRIPT
+}
+
+
+while [[ $# > 1 ]]
+do
+ key="$1"
+
+ case $key in
+ -h|--help)
+ show_help
+ ;;
+ -f|--function)
+ shift
+ FN="$1"
+ ;;
+ -r|--rootdir)
+ shift
+ rootdir="$1"
+ CHROOT_PREFIX='chroot "${rootdir}"'
+ ;;
+ -w|--wifi|--interface)
+ shift
+ WIFI_INTERFACE="$1"
+ ;;
+ -m|--mirror)
+ shift
+ FRIENDS_MIRRORS_SERVER="$1"
+ ;;
+ *)
+ # unknown option
+ ;;
+
+ esac
+ shift
+done
+
+if [[ $FN == 'babel' ]]; then
+ mesh_babel
+fi
+if [[ $FN == 'babel_client' ]]; then
+ mesh_babel_client
+fi
+if [[ $FN == 'avahi' ]]; then
+ mesh_avahi
+fi
+if [[ $FN == 'firewall' ]]; then
+ mesh_firewall
+fi
+if [[ $FN == 'batman' ]]; then
+ mesh_batman
+fi
+if [[ $FN == 'batman_client' ]]; then
+ mesh_batman_client
+fi
+if [[ $FN == 'tox_node' ]]; then
+ mesh_tox_node
+fi
+if [[ $FN == 'tox_client' ]]; then
+ mesh_tox_client
+fi
+if [[ $FN == 'zeronet' ]]; then
+ mesh_zeronet
+fi
+
+exit 0