Begin combining mesh install functions
This commit is contained in:
parent
e158148c1f
commit
2a3c1bb429
|
@ -84,7 +84,49 @@ function remove_batman {
|
|||
sed -i '/configure_firewall_for_batman/d' $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function mesh_install_batman {
|
||||
chroot "$rootdir" apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
|
||||
chroot "$rootdir" apt-get -y install python-dev libevent-dev ebtables python-pip git
|
||||
chroot "$rootdir" apt-get -y install wireless-tools rfkill
|
||||
|
||||
if ! grep -q "batman_adv" $rootdir/etc/modules; then
|
||||
echo 'batman_adv' >> $rootdir/etc/modules
|
||||
fi
|
||||
|
||||
BATMAN_SCRIPT=$rootdir/var/lib/batman
|
||||
|
||||
if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
|
||||
cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
|
||||
else
|
||||
cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
|
||||
fi
|
||||
|
||||
BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
|
||||
echo '[Unit]' > $BATMAN_DAEMON
|
||||
echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
|
||||
echo 'After=network.target' >> $BATMAN_DAEMON
|
||||
echo '' >> $BATMAN_DAEMON
|
||||
echo '[Service]' >> $BATMAN_DAEMON
|
||||
echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
|
||||
echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
|
||||
echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
|
||||
echo 'Restart=on-failure' >> $BATMAN_DAEMON
|
||||
echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
|
||||
echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
|
||||
echo '' >> $BATMAN_DAEMON
|
||||
echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
|
||||
echo 'TimeoutSec=300' >> $BATMAN_DAEMON
|
||||
echo '' >> $BATMAN_DAEMON
|
||||
echo '[Install]' >> $BATMAN_DAEMON
|
||||
echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
|
||||
chroot "$rootdir" systemctl enable batman
|
||||
}
|
||||
|
||||
function install_batman {
|
||||
if [ $INSTALLING_MESH ]; then
|
||||
mesh_install_batman
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "install_batman" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
|
|
|
@ -255,7 +255,48 @@ function configure_firewall_for_syncthing {
|
|||
echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function mesh_install_syncthing {
|
||||
chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add -
|
||||
|
||||
echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list
|
||||
chroot "$rootdir" apt-get update
|
||||
chroot "$rootdir" apt-get -y --force-yes install syncthing
|
||||
|
||||
# This probably does need to run as root so that it can access the Sync directories
|
||||
# in each user's home directory
|
||||
chroot "$rootdir" echo '[Unit]' > /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'After=network.target' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo '' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo '[Service]' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'User=root' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo '' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo '[Install]' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" systemctl enable syncthing
|
||||
chroot "$rootdir" systemctl daemon-reload
|
||||
|
||||
if ! grep -q "syncthing" $rootdir/etc/crontab; then
|
||||
chroot "$rootdir" echo "*/1 * * * * root /usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" >> /etc/crontab
|
||||
chroot "$rootdir" systemctl restart cron
|
||||
fi
|
||||
|
||||
echo 'mesh_install_syncthing'
|
||||
}
|
||||
|
||||
function install_syncthing {
|
||||
if [ $INSTALLING_MESH ]; then
|
||||
mesh_install_syncthing
|
||||
return
|
||||
fi
|
||||
|
||||
if grep -Fxq "install_syncthing" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
|
|
|
@ -246,6 +246,11 @@ function tox_avahi {
|
|||
}
|
||||
|
||||
function install_tox_node {
|
||||
if [ $INSTALLING_MESH ]; then
|
||||
mesh_tox_node
|
||||
return
|
||||
fi
|
||||
|
||||
if grep -Fxq "install_tox_node" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
|
@ -327,4 +332,239 @@ function install_tox {
|
|||
echo 'install_tox' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function mesh_tox_node {
|
||||
# obtain commits from the main file
|
||||
TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then
|
||||
TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN
|
||||
fi
|
||||
if [ ! $TOXCORE_COMMIT ]; then
|
||||
echo $'No Tox commit was specified'
|
||||
exit 76325
|
||||
fi
|
||||
|
||||
TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}')
|
||||
if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
|
||||
TOX_PORT=$TOX_PORT_MAIN
|
||||
fi
|
||||
if [ ! $TOX_PORT ]; then
|
||||
echo $'No Tox port was specified'
|
||||
exit 32856
|
||||
fi
|
||||
|
||||
TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then
|
||||
TOXCORE_REPO=$TOXCORE_REPO_MAIN
|
||||
fi
|
||||
if [ ! $TOXCORE_REPO ]; then
|
||||
echo $'No Tox repo was specified'
|
||||
exit 16865
|
||||
fi
|
||||
|
||||
chroot "$rootdir" apt-get -y install build-essential libtool autotools-dev
|
||||
chroot "$rootdir" apt-get -y install automake checkinstall check git yasm
|
||||
chroot "$rootdir" apt-get -y install libsodium13 libsodium-dev libcap2-bin
|
||||
chroot "$rootdir" apt-get -y install libconfig9 libconfig-dev
|
||||
|
||||
|
||||
TEMP_SCRIPT_NAME=fbtmp37272.sh
|
||||
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
|
||||
echo '#!/bin/bash' > $TEMP_SCRIPT
|
||||
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
|
||||
echo "git clone $TOXCORE_REPO $INSTALL_DIR/toxcore" >> $TEMP_SCRIPT
|
||||
echo "cd $INSTALL_DIR/toxcore" >> $TEMP_SCRIPT
|
||||
echo "git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT" >> $TEMP_SCRIPT
|
||||
echo 'autoreconf -i' >> $TEMP_SCRIPT
|
||||
echo './configure --enable-daemon --disable-av' >> $TEMP_SCRIPT
|
||||
echo 'make' >> $TEMP_SCRIPT
|
||||
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
|
||||
echo ' exit 1' >> $TEMP_SCRIPT
|
||||
echo 'fi' >> $TEMP_SCRIPT
|
||||
echo 'make install' >> $TEMP_SCRIPT
|
||||
echo 'cp /usr/local/lib/libtoxcore* /usr/lib/' >> $TEMP_SCRIPT
|
||||
echo "cp $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/" >> $TEMP_SCRIPT
|
||||
echo "sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' /etc/systemd/system/tox-bootstrapd.service" >> $TEMP_SCRIPT
|
||||
echo 'systemctl enable tox-bootstrapd.service' >> $TEMP_SCRIPT
|
||||
echo 'exit 0' >> $TEMP_SCRIPT
|
||||
chmod +x $TEMP_SCRIPT
|
||||
cp $TEMP_SCRIPT $rootdir/root/
|
||||
|
||||
SECONDS=0
|
||||
chroot "$rootdir" /root/$TEMP_SCRIPT_NAME
|
||||
if [ ! "$?" = "0" ]; then
|
||||
duration=$SECONDS
|
||||
echo $"Toxcore compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
|
||||
echo $'Unable to make toxcore'
|
||||
rm $TEMP_SCRIPT
|
||||
exit 73835
|
||||
fi
|
||||
duration=$SECONDS
|
||||
echo $"Toxcore compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
|
||||
rm $TEMP_SCRIPT
|
||||
|
||||
if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then
|
||||
echo $"File not found /usr/local/bin/tox-bootstrapd"
|
||||
exit 37825
|
||||
fi
|
||||
|
||||
chroot "$rootdir" useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
|
||||
chroot "$rootdir" chmod 700 /var/lib/tox-bootstrapd
|
||||
|
||||
# remove Maildir
|
||||
if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then
|
||||
rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir
|
||||
fi
|
||||
|
||||
# create configuration file
|
||||
TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf
|
||||
echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG
|
||||
|
||||
if [ $TOX_NODES ]; then
|
||||
echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG
|
||||
toxcount=0
|
||||
while [ "x${TOX_NODES[toxcount]}" != "x" ]
|
||||
do
|
||||
toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
|
||||
toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
|
||||
toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
|
||||
toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
|
||||
toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
|
||||
echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG
|
||||
if [[ $toxval_ipv6 != 'NONE' ]]; then
|
||||
echo " address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG
|
||||
else
|
||||
echo " address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG
|
||||
fi
|
||||
echo " port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo " public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG
|
||||
toxcount=$(( $toxcount + 1 ))
|
||||
if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
|
||||
echo "}," >> $TOX_BOOTSTRAP_CONFIG
|
||||
else
|
||||
echo "}" >> $TOX_BOOTSTRAP_CONFIG
|
||||
fi
|
||||
done
|
||||
echo ')' >> $TOX_BOOTSTRAP_CONFIG
|
||||
fi
|
||||
}
|
||||
|
||||
function mesh_tox_avahi {
|
||||
if [ ! -d $rootdir/etc/avahi ]; then
|
||||
echo $'tox_avahi: avahi is not installed'
|
||||
exit 87359
|
||||
fi
|
||||
|
||||
TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then
|
||||
TOXID_REPO=$TOXID_REPO_MAIN
|
||||
fi
|
||||
if [ ! $TOXID_REPO ]; then
|
||||
echo $'No ToxID repo was specified'
|
||||
exit 78252
|
||||
fi
|
||||
|
||||
TEMP_SCRIPT_NAME=fbtmp5328252.sh
|
||||
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
|
||||
echo '#!/bin/bash' > $TEMP_SCRIPT
|
||||
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
|
||||
echo "git clone $TOXID_REPO $INSTALL_DIR/toxid" >> $TEMP_SCRIPT
|
||||
echo "if [ ! -d $INSTALL_DIR/toxid ]; then" >> $TEMP_SCRIPT
|
||||
echo ' exit 1' >> $TEMP_SCRIPT
|
||||
echo 'fi' >> $TEMP_SCRIPT
|
||||
echo "cd $INSTALL_DIR/toxid" >> $TEMP_SCRIPT
|
||||
echo "make" >> $TEMP_SCRIPT
|
||||
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
|
||||
echo ' exit 2' >> $TEMP_SCRIPT
|
||||
echo 'fi' >> $TEMP_SCRIPT
|
||||
echo 'make install' >> $TEMP_SCRIPT
|
||||
echo 'if [ ! -f /usr/local/bin/toxavahi ]; then' >> $TEMP_SCRIPT
|
||||
echo ' exit 3' >> $TEMP_SCRIPT
|
||||
echo 'fi' >> $TEMP_SCRIPT
|
||||
echo 'toxavahi' >> $TEMP_SCRIPT
|
||||
echo 'echo "* * * * * root /usr/local/bin/toxavahi > /dev/null" >> /etc/crontab' >> $TEMP_SCRIPT
|
||||
echo 'systemctl restart avahi-daemon' >> $TEMP_SCRIPT
|
||||
echo 'exit 0' >> $TEMP_SCRIPT
|
||||
chmod +x $TEMP_SCRIPT
|
||||
cp $TEMP_SCRIPT $rootdir/root/
|
||||
|
||||
chroot "$rootdir" /root/$TEMP_SCRIPT_NAME
|
||||
if [ ! "$?" = "0" ]; then
|
||||
echo $"Unable to install toxid, returned $?"
|
||||
rm $TEMP_SCRIPT
|
||||
exit 62835
|
||||
fi
|
||||
rm $TEMP_SCRIPT
|
||||
}
|
||||
|
||||
function mesh_tox_client {
|
||||
TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
|
||||
|
||||
# obtain commits from the main file
|
||||
TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then
|
||||
TOXIC_COMMIT=$TOXIC_COMMIT_MAIN
|
||||
fi
|
||||
|
||||
TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then
|
||||
TOXIC_REPO=$TOXIC_REPO_MAIN
|
||||
fi
|
||||
|
||||
chroot "$rootdir" apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev
|
||||
chroot "$rootdir" apt-get -y install libcurl4-openssl-dev libvpx-dev libopenal-dev
|
||||
|
||||
TEMP_SCRIPT_NAME=fbtmp728353.sh
|
||||
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
|
||||
echo '#!/bin/bash' > $TEMP_SCRIPT
|
||||
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
|
||||
echo "git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
|
||||
echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
|
||||
echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT
|
||||
echo 'make' >> $TEMP_SCRIPT
|
||||
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
|
||||
echo ' exit 1' >> $TEMP_SCRIPT
|
||||
echo 'fi' >> $TEMP_SCRIPT
|
||||
echo 'make install' >> $TEMP_SCRIPT
|
||||
echo 'exit 0' >> $TEMP_SCRIPT
|
||||
chmod +x $TEMP_SCRIPT
|
||||
cp $TEMP_SCRIPT $rootdir/root/
|
||||
|
||||
TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
|
||||
|
||||
SECONDS=0
|
||||
chroot "$rootdir" /root/$TEMP_SCRIPT_NAME
|
||||
if [ ! "$?" = "0" ]; then
|
||||
duration=$SECONDS
|
||||
echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
|
||||
echo $'Unable to make tox client'
|
||||
rm $TEMP_SCRIPT
|
||||
exit 74872
|
||||
fi
|
||||
rm $TEMP_SCRIPT
|
||||
if [ ! -f $rootdir$TOXIC_FILE ]; then
|
||||
echo $"Tox client was not installed to $TOXIC_FILE"
|
||||
exit 63278
|
||||
fi
|
||||
duration=$SECONDS
|
||||
echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
|
||||
}
|
||||
|
||||
function enable_tox_repo {
|
||||
echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
|
||||
|
||||
|
||||
chroot "$rootdir" wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key -O- | apt-key add -
|
||||
chroot "$rootdir" apt-get update
|
||||
echo "Tox Repository Installed."
|
||||
}
|
||||
|
||||
# NOTE: deliberately no exit 0
|
||||
|
|
|
@ -48,7 +48,7 @@ ZERONET_ID_REPO="https://github.com/HelloZeroNet/ZeroID"
|
|||
ZERONET_ID_COMMIT='ccf14fdc96fa9cdb2ddd8a7ab283a8e17a4f234b'
|
||||
|
||||
function reconfigure_zeronet {
|
||||
echo -n ''
|
||||
echo -n ''
|
||||
}
|
||||
|
||||
function upgrade_zeronet {
|
||||
|
@ -454,7 +454,170 @@ function install_zeronet_main {
|
|||
echo 'install_zeronet_main' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function mesh_zeronet {
|
||||
# obtain commits from the main file
|
||||
ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
if [ ${#ZERONET_COMMIT_MAIN} -gt 10 ]; then
|
||||
ZERONET_COMMIT=$ZERONET_COMMIT_MAIN
|
||||
fi
|
||||
if [ ! $ZERONET_COMMIT ]; then
|
||||
echo $'No Tox commit was specified'
|
||||
exit 37046
|
||||
fi
|
||||
|
||||
ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
if [ ${#ZERONET_REPO_MAIN} -gt 5 ]; then
|
||||
ZERONET_REPO=$ZERONET_REPO_MAIN
|
||||
fi
|
||||
if [ ! $ZERONET_REPO ]; then
|
||||
echo $'No Tox commit was specified'
|
||||
exit 37046
|
||||
fi
|
||||
|
||||
ZERONET_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_PORT=" | head -n 1 | awk -F '=' '{print $2}')
|
||||
if [ ${#ZERONET_PORT_MAIN} -gt 1 ]; then
|
||||
ZERONET_PORT=$ZERONET_PORT_MAIN
|
||||
fi
|
||||
if [ ! $ZERONET_PORT ]; then
|
||||
echo $'No zeronet port was specified'
|
||||
exit 67433
|
||||
fi
|
||||
|
||||
chroot "$rootdir" apt-get -y install python python-msgpack python-gevent
|
||||
chroot "$rootdir" apt-get -y install python-pip bittornado
|
||||
chroot "$rootdir" pip install msgpack-python --upgrade
|
||||
|
||||
chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet
|
||||
git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
|
||||
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then
|
||||
echo 'WARNING: Unable to clone zeronet'
|
||||
return
|
||||
fi
|
||||
cd $rootdir$MESH_INSTALL_DIR/zeronet
|
||||
git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
|
||||
if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then
|
||||
echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE
|
||||
else
|
||||
sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
|
||||
fi
|
||||
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
|
||||
|
||||
# Hack to ensure that the file access port is opened
|
||||
# This is because zeronet normally relies on an internet site
|
||||
# to do this, but on a purely local mesh the internet isn't available
|
||||
sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py
|
||||
|
||||
ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service
|
||||
echo '[Unit]' > $ZERONET_DAEMON
|
||||
echo 'Description=Zeronet Server' >> $ZERONET_DAEMON
|
||||
echo 'After=syslog.target' >> $ZERONET_DAEMON
|
||||
echo 'After=network.target' >> $ZERONET_DAEMON
|
||||
echo '[Service]' >> $ZERONET_DAEMON
|
||||
echo 'Type=simple' >> $ZERONET_DAEMON
|
||||
echo 'User=zeronet' >> $ZERONET_DAEMON
|
||||
echo 'Group=zeronet' >> $ZERONET_DAEMON
|
||||
echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON
|
||||
echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON
|
||||
echo '' >> $ZERONET_DAEMON
|
||||
echo 'TimeoutSec=300' >> $ZERONET_DAEMON
|
||||
echo '' >> $ZERONET_DAEMON
|
||||
echo '[Install]' >> $ZERONET_DAEMON
|
||||
echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON
|
||||
|
||||
TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service
|
||||
echo '[Unit]' > $TRACKER_DAEMON
|
||||
echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
|
||||
echo 'After=syslog.target' >> $TRACKER_DAEMON
|
||||
echo 'After=network.target' >> $TRACKER_DAEMON
|
||||
echo '[Service]' >> $TRACKER_DAEMON
|
||||
echo 'Type=simple' >> $TRACKER_DAEMON
|
||||
echo 'User=tracker' >> $TRACKER_DAEMON
|
||||
echo 'Group=tracker' >> $TRACKER_DAEMON
|
||||
echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON
|
||||
echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
|
||||
echo '' >> $TRACKER_DAEMON
|
||||
echo 'TimeoutSec=300' >> $TRACKER_DAEMON
|
||||
echo '' >> $TRACKER_DAEMON
|
||||
echo '[Install]' >> $TRACKER_DAEMON
|
||||
echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
|
||||
|
||||
chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker
|
||||
if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then
|
||||
mkdir $rootdir$MESH_INSTALL_DIR/tracker
|
||||
fi
|
||||
chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker
|
||||
|
||||
# publish regularly
|
||||
echo "* * * * * root zeronetavahi > /dev/null" >> $rootdir/etc/crontab
|
||||
|
||||
chroot "$rootdir" systemctl enable tracker.service
|
||||
chroot "$rootdir" systemctl enable zeronet.service
|
||||
}
|
||||
|
||||
function mesh_zeronet_blog {
|
||||
ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
|
||||
git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
|
||||
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then
|
||||
echo $'ZeroBlog repo could not be cloned'
|
||||
exit 6739
|
||||
fi
|
||||
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
|
||||
git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
|
||||
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
|
||||
}
|
||||
|
||||
function mesh_zeronet_mail {
|
||||
ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
|
||||
git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
|
||||
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then
|
||||
echo $'ZeroMail repo could not be cloned'
|
||||
exit 78493
|
||||
fi
|
||||
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
|
||||
git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
|
||||
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
|
||||
}
|
||||
|
||||
function mesh_zeronet_forum {
|
||||
ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
|
||||
git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
|
||||
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then
|
||||
echo $'ZeroTalk repo could not be cloned'
|
||||
exit 78252
|
||||
fi
|
||||
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
|
||||
git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
|
||||
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
|
||||
}
|
||||
|
||||
function mesh_zeronet_id {
|
||||
ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
|
||||
git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
|
||||
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then
|
||||
echo $'ZeroID repo could not be cloned'
|
||||
exit 37936
|
||||
fi
|
||||
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
|
||||
git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT
|
||||
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
|
||||
}
|
||||
|
||||
function install_zeronet {
|
||||
if [ $INSTALLING_MESH ]; then
|
||||
mesh_zeronet
|
||||
mesh_zeronet_blog
|
||||
mesh_zeronet_mail
|
||||
mesh_zeronet_forum
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "install_zeronet" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
|
|
|
@ -491,534 +491,7 @@ ZERONET_ID_COMMIT=
|
|||
# Directory where source code is downloaded and compiled
|
||||
INSTALL_DIR=$HOME/build
|
||||
|
||||
function mesh_avahi {
|
||||
chroot "$rootdir" apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd
|
||||
|
||||
decarray=( 1 2 3 4 5 6 7 8 9 0 )
|
||||
PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
|
||||
sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" $rootdir/etc/avahi/avahi-daemon.conf
|
||||
|
||||
if [ ! -d $rootdir/etc/avahi/services ]; then
|
||||
mkdir -p $rootdir/etc/avahi/services
|
||||
fi
|
||||
|
||||
# remove an avahi service which isn't used
|
||||
if [ -f $rootdir/etc/avahi/services/udisks.service ]; then
|
||||
rm $rootdir/etc/avahi/services/udisks.service
|
||||
fi
|
||||
|
||||
# Add an ssh service
|
||||
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/ssh.service
|
||||
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo '<service-group>' >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo ' <name replace-wildcards="yes">%h SSH</name>' >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo ' <service>' >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo ' <type>_ssh._tcp</type>' >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo " <port>$SSH_PORT</port>" >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo ' </service>' >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo '</service-group>' >> $rootdir/etc/avahi/services/ssh.service
|
||||
|
||||
# keep the daemon running
|
||||
WATCHDOG_SCRIPT_NAME="keepon"
|
||||
echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo ' systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
}
|
||||
|
||||
function install_batman {
|
||||
chroot "$rootdir" apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
|
||||
chroot "$rootdir" apt-get -y install python-dev libevent-dev ebtables python-pip git
|
||||
chroot "$rootdir" apt-get -y install wireless-tools rfkill
|
||||
|
||||
if ! grep -q "batman_adv" $rootdir/etc/modules; then
|
||||
echo 'batman_adv' >> $rootdir/etc/modules
|
||||
fi
|
||||
|
||||
BATMAN_SCRIPT=$rootdir/var/lib/batman
|
||||
|
||||
if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
|
||||
cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
|
||||
else
|
||||
cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
|
||||
fi
|
||||
|
||||
BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
|
||||
echo '[Unit]' > $BATMAN_DAEMON
|
||||
echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
|
||||
echo 'After=network.target' >> $BATMAN_DAEMON
|
||||
echo '' >> $BATMAN_DAEMON
|
||||
echo '[Service]' >> $BATMAN_DAEMON
|
||||
echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
|
||||
echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
|
||||
echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
|
||||
echo 'Restart=on-failure' >> $BATMAN_DAEMON
|
||||
echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
|
||||
echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
|
||||
echo '' >> $BATMAN_DAEMON
|
||||
echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
|
||||
echo 'TimeoutSec=300' >> $BATMAN_DAEMON
|
||||
echo '' >> $BATMAN_DAEMON
|
||||
echo '[Install]' >> $BATMAN_DAEMON
|
||||
echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
|
||||
chroot "$rootdir" systemctl enable batman
|
||||
}
|
||||
|
||||
function mesh_firewall {
|
||||
FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
|
||||
MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
|
||||
|
||||
echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
chmod +x $MESH_FIREWALL_SCRIPT
|
||||
|
||||
echo '[Unit]' > $FIREWALL_FILENAME
|
||||
echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
|
||||
echo '' >> $FIREWALL_FILENAME
|
||||
echo '[Service]' >> $FIREWALL_FILENAME
|
||||
echo 'Type=oneshot' >> $FIREWALL_FILENAME
|
||||
echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
|
||||
echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
|
||||
echo '' >> $FIREWALL_FILENAME
|
||||
echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
|
||||
echo '' >> $FIREWALL_FILENAME
|
||||
echo '[Install]' >> $FIREWALL_FILENAME
|
||||
echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
|
||||
chroot "$rootdir" systemctl enable meshfirewall
|
||||
}
|
||||
|
||||
function mesh_tox_node {
|
||||
# obtain commits from the main file
|
||||
TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then
|
||||
TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN
|
||||
fi
|
||||
if [ ! $TOXCORE_COMMIT ]; then
|
||||
echo $'No Tox commit was specified'
|
||||
exit 76325
|
||||
fi
|
||||
|
||||
TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}')
|
||||
if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
|
||||
TOX_PORT=$TOX_PORT_MAIN
|
||||
fi
|
||||
if [ ! $TOX_PORT ]; then
|
||||
echo $'No Tox port was specified'
|
||||
exit 32856
|
||||
fi
|
||||
|
||||
TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then
|
||||
TOXCORE_REPO=$TOXCORE_REPO_MAIN
|
||||
fi
|
||||
if [ ! $TOXCORE_REPO ]; then
|
||||
echo $'No Tox repo was specified'
|
||||
exit 16865
|
||||
fi
|
||||
|
||||
chroot "$rootdir" apt-get -y install build-essential libtool autotools-dev
|
||||
chroot "$rootdir" apt-get -y install automake checkinstall check git yasm
|
||||
chroot "$rootdir" apt-get -y install libsodium13 libsodium-dev libcap2-bin
|
||||
chroot "$rootdir" apt-get -y install libconfig9 libconfig-dev
|
||||
|
||||
|
||||
TEMP_SCRIPT_NAME=fbtmp37272.sh
|
||||
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
|
||||
echo '#!/bin/bash' > $TEMP_SCRIPT
|
||||
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
|
||||
echo "git clone $TOXCORE_REPO $INSTALL_DIR/toxcore" >> $TEMP_SCRIPT
|
||||
echo "cd $INSTALL_DIR/toxcore" >> $TEMP_SCRIPT
|
||||
echo "git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT" >> $TEMP_SCRIPT
|
||||
echo 'autoreconf -i' >> $TEMP_SCRIPT
|
||||
echo './configure --enable-daemon --disable-av' >> $TEMP_SCRIPT
|
||||
echo 'make' >> $TEMP_SCRIPT
|
||||
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
|
||||
echo ' exit 1' >> $TEMP_SCRIPT
|
||||
echo 'fi' >> $TEMP_SCRIPT
|
||||
echo 'make install' >> $TEMP_SCRIPT
|
||||
echo 'cp /usr/local/lib/libtoxcore* /usr/lib/' >> $TEMP_SCRIPT
|
||||
echo "cp $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/" >> $TEMP_SCRIPT
|
||||
echo "sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' /etc/systemd/system/tox-bootstrapd.service" >> $TEMP_SCRIPT
|
||||
echo 'systemctl enable tox-bootstrapd.service' >> $TEMP_SCRIPT
|
||||
echo 'exit 0' >> $TEMP_SCRIPT
|
||||
chmod +x $TEMP_SCRIPT
|
||||
cp $TEMP_SCRIPT $rootdir/root/
|
||||
|
||||
SECONDS=0
|
||||
chroot "$rootdir" /root/$TEMP_SCRIPT_NAME
|
||||
if [ ! "$?" = "0" ]; then
|
||||
duration=$SECONDS
|
||||
echo $"Toxcore compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
|
||||
echo $'Unable to make toxcore'
|
||||
rm $TEMP_SCRIPT
|
||||
exit 73835
|
||||
fi
|
||||
duration=$SECONDS
|
||||
echo $"Toxcore compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
|
||||
rm $TEMP_SCRIPT
|
||||
|
||||
if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then
|
||||
echo $"File not found /usr/local/bin/tox-bootstrapd"
|
||||
exit 37825
|
||||
fi
|
||||
|
||||
chroot "$rootdir" useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
|
||||
chroot "$rootdir" chmod 700 /var/lib/tox-bootstrapd
|
||||
|
||||
# remove Maildir
|
||||
if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then
|
||||
rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir
|
||||
fi
|
||||
|
||||
# create configuration file
|
||||
TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf
|
||||
echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG
|
||||
|
||||
if [ $TOX_NODES ]; then
|
||||
echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG
|
||||
toxcount=0
|
||||
while [ "x${TOX_NODES[toxcount]}" != "x" ]
|
||||
do
|
||||
toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
|
||||
toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
|
||||
toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
|
||||
toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
|
||||
toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
|
||||
echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG
|
||||
if [[ $toxval_ipv6 != 'NONE' ]]; then
|
||||
echo " address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG
|
||||
else
|
||||
echo " address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG
|
||||
fi
|
||||
echo " port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG
|
||||
echo " public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG
|
||||
toxcount=$(( $toxcount + 1 ))
|
||||
if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
|
||||
echo "}," >> $TOX_BOOTSTRAP_CONFIG
|
||||
else
|
||||
echo "}" >> $TOX_BOOTSTRAP_CONFIG
|
||||
fi
|
||||
done
|
||||
echo ')' >> $TOX_BOOTSTRAP_CONFIG
|
||||
fi
|
||||
}
|
||||
|
||||
function mesh_tox_avahi {
|
||||
if [ ! -d $rootdir/etc/avahi ]; then
|
||||
echo $'tox_avahi: avahi is not installed'
|
||||
exit 87359
|
||||
fi
|
||||
|
||||
TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then
|
||||
TOXID_REPO=$TOXID_REPO_MAIN
|
||||
fi
|
||||
if [ ! $TOXID_REPO ]; then
|
||||
echo $'No ToxID repo was specified'
|
||||
exit 78252
|
||||
fi
|
||||
|
||||
TEMP_SCRIPT_NAME=fbtmp5328252.sh
|
||||
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
|
||||
echo '#!/bin/bash' > $TEMP_SCRIPT
|
||||
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
|
||||
echo "git clone $TOXID_REPO $INSTALL_DIR/toxid" >> $TEMP_SCRIPT
|
||||
echo "if [ ! -d $INSTALL_DIR/toxid ]; then" >> $TEMP_SCRIPT
|
||||
echo ' exit 1' >> $TEMP_SCRIPT
|
||||
echo 'fi' >> $TEMP_SCRIPT
|
||||
echo "cd $INSTALL_DIR/toxid" >> $TEMP_SCRIPT
|
||||
echo "make" >> $TEMP_SCRIPT
|
||||
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
|
||||
echo ' exit 2' >> $TEMP_SCRIPT
|
||||
echo 'fi' >> $TEMP_SCRIPT
|
||||
echo 'make install' >> $TEMP_SCRIPT
|
||||
echo 'if [ ! -f /usr/local/bin/toxavahi ]; then' >> $TEMP_SCRIPT
|
||||
echo ' exit 3' >> $TEMP_SCRIPT
|
||||
echo 'fi' >> $TEMP_SCRIPT
|
||||
echo 'toxavahi' >> $TEMP_SCRIPT
|
||||
echo 'echo "* * * * * root /usr/local/bin/toxavahi > /dev/null" >> /etc/crontab' >> $TEMP_SCRIPT
|
||||
echo 'systemctl restart avahi-daemon' >> $TEMP_SCRIPT
|
||||
echo 'exit 0' >> $TEMP_SCRIPT
|
||||
chmod +x $TEMP_SCRIPT
|
||||
cp $TEMP_SCRIPT $rootdir/root/
|
||||
|
||||
chroot "$rootdir" /root/$TEMP_SCRIPT_NAME
|
||||
if [ ! "$?" = "0" ]; then
|
||||
echo $"Unable to install toxid, returned $?"
|
||||
rm $TEMP_SCRIPT
|
||||
exit 62835
|
||||
fi
|
||||
rm $TEMP_SCRIPT
|
||||
}
|
||||
|
||||
function mesh_tox_client {
|
||||
TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
|
||||
|
||||
# obtain commits from the main file
|
||||
TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then
|
||||
TOXIC_COMMIT=$TOXIC_COMMIT_MAIN
|
||||
fi
|
||||
|
||||
TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then
|
||||
TOXIC_REPO=$TOXIC_REPO_MAIN
|
||||
fi
|
||||
|
||||
chroot "$rootdir" apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev
|
||||
chroot "$rootdir" apt-get -y install libcurl4-openssl-dev libvpx-dev libopenal-dev
|
||||
|
||||
TEMP_SCRIPT_NAME=fbtmp728353.sh
|
||||
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
|
||||
echo '#!/bin/bash' > $TEMP_SCRIPT
|
||||
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
|
||||
echo "git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
|
||||
echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
|
||||
echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT
|
||||
echo 'make' >> $TEMP_SCRIPT
|
||||
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
|
||||
echo ' exit 1' >> $TEMP_SCRIPT
|
||||
echo 'fi' >> $TEMP_SCRIPT
|
||||
echo 'make install' >> $TEMP_SCRIPT
|
||||
echo 'exit 0' >> $TEMP_SCRIPT
|
||||
chmod +x $TEMP_SCRIPT
|
||||
cp $TEMP_SCRIPT $rootdir/root/
|
||||
|
||||
TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
|
||||
|
||||
SECONDS=0
|
||||
chroot "$rootdir" /root/$TEMP_SCRIPT_NAME
|
||||
if [ ! "$?" = "0" ]; then
|
||||
duration=$SECONDS
|
||||
echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
|
||||
echo $'Unable to make tox client'
|
||||
rm $TEMP_SCRIPT
|
||||
exit 74872
|
||||
fi
|
||||
rm $TEMP_SCRIPT
|
||||
if [ ! -f $rootdir$TOXIC_FILE ]; then
|
||||
echo $"Tox client was not installed to $TOXIC_FILE"
|
||||
exit 63278
|
||||
fi
|
||||
duration=$SECONDS
|
||||
echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
|
||||
}
|
||||
|
||||
function mesh_zeronet {
|
||||
# obtain commits from the main file
|
||||
ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
if [ ${#ZERONET_COMMIT_MAIN} -gt 10 ]; then
|
||||
ZERONET_COMMIT=$ZERONET_COMMIT_MAIN
|
||||
fi
|
||||
if [ ! $ZERONET_COMMIT ]; then
|
||||
echo $'No Tox commit was specified'
|
||||
exit 37046
|
||||
fi
|
||||
|
||||
ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
if [ ${#ZERONET_REPO_MAIN} -gt 5 ]; then
|
||||
ZERONET_REPO=$ZERONET_REPO_MAIN
|
||||
fi
|
||||
if [ ! $ZERONET_REPO ]; then
|
||||
echo $'No Tox commit was specified'
|
||||
exit 37046
|
||||
fi
|
||||
|
||||
ZERONET_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_PORT=" | head -n 1 | awk -F '=' '{print $2}')
|
||||
if [ ${#ZERONET_PORT_MAIN} -gt 1 ]; then
|
||||
ZERONET_PORT=$ZERONET_PORT_MAIN
|
||||
fi
|
||||
if [ ! $ZERONET_PORT ]; then
|
||||
echo $'No zeronet port was specified'
|
||||
exit 67433
|
||||
fi
|
||||
|
||||
chroot "$rootdir" apt-get -y install python python-msgpack python-gevent
|
||||
chroot "$rootdir" apt-get -y install python-pip bittornado
|
||||
chroot "$rootdir" pip install msgpack-python --upgrade
|
||||
|
||||
chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet
|
||||
git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
|
||||
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then
|
||||
echo 'WARNING: Unable to clone zeronet'
|
||||
return
|
||||
fi
|
||||
cd $rootdir$MESH_INSTALL_DIR/zeronet
|
||||
git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
|
||||
if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then
|
||||
echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE
|
||||
else
|
||||
sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
|
||||
fi
|
||||
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
|
||||
|
||||
# Hack to ensure that the file access port is opened
|
||||
# This is because zeronet normally relies on an internet site
|
||||
# to do this, but on a purely local mesh the internet isn't available
|
||||
sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py
|
||||
|
||||
ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service
|
||||
echo '[Unit]' > $ZERONET_DAEMON
|
||||
echo 'Description=Zeronet Server' >> $ZERONET_DAEMON
|
||||
echo 'After=syslog.target' >> $ZERONET_DAEMON
|
||||
echo 'After=network.target' >> $ZERONET_DAEMON
|
||||
echo '[Service]' >> $ZERONET_DAEMON
|
||||
echo 'Type=simple' >> $ZERONET_DAEMON
|
||||
echo 'User=zeronet' >> $ZERONET_DAEMON
|
||||
echo 'Group=zeronet' >> $ZERONET_DAEMON
|
||||
echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON
|
||||
echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON
|
||||
echo '' >> $ZERONET_DAEMON
|
||||
echo 'TimeoutSec=300' >> $ZERONET_DAEMON
|
||||
echo '' >> $ZERONET_DAEMON
|
||||
echo '[Install]' >> $ZERONET_DAEMON
|
||||
echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON
|
||||
|
||||
TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service
|
||||
echo '[Unit]' > $TRACKER_DAEMON
|
||||
echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
|
||||
echo 'After=syslog.target' >> $TRACKER_DAEMON
|
||||
echo 'After=network.target' >> $TRACKER_DAEMON
|
||||
echo '[Service]' >> $TRACKER_DAEMON
|
||||
echo 'Type=simple' >> $TRACKER_DAEMON
|
||||
echo 'User=tracker' >> $TRACKER_DAEMON
|
||||
echo 'Group=tracker' >> $TRACKER_DAEMON
|
||||
echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON
|
||||
echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
|
||||
echo '' >> $TRACKER_DAEMON
|
||||
echo 'TimeoutSec=300' >> $TRACKER_DAEMON
|
||||
echo '' >> $TRACKER_DAEMON
|
||||
echo '[Install]' >> $TRACKER_DAEMON
|
||||
echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
|
||||
|
||||
chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker
|
||||
if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then
|
||||
mkdir $rootdir$MESH_INSTALL_DIR/tracker
|
||||
fi
|
||||
chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker
|
||||
|
||||
# publish regularly
|
||||
echo "* * * * * root zeronetavahi > /dev/null" >> $rootdir/etc/crontab
|
||||
|
||||
chroot "$rootdir" systemctl enable tracker.service
|
||||
chroot "$rootdir" systemctl enable zeronet.service
|
||||
}
|
||||
|
||||
function mesh_zeronet_blog {
|
||||
ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
|
||||
git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
|
||||
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then
|
||||
echo $'ZeroBlog repo could not be cloned'
|
||||
exit 6739
|
||||
fi
|
||||
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
|
||||
git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
|
||||
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
|
||||
}
|
||||
|
||||
function mesh_zeronet_mail {
|
||||
ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
|
||||
git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
|
||||
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then
|
||||
echo $'ZeroMail repo could not be cloned'
|
||||
exit 78493
|
||||
fi
|
||||
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
|
||||
git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
|
||||
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
|
||||
}
|
||||
|
||||
function mesh_zeronet_forum {
|
||||
ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
|
||||
git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
|
||||
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then
|
||||
echo $'ZeroTalk repo could not be cloned'
|
||||
exit 78252
|
||||
fi
|
||||
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
|
||||
git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
|
||||
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
|
||||
}
|
||||
|
||||
function mesh_zeronet_id {
|
||||
ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
|
||||
ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
|
||||
|
||||
git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
|
||||
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then
|
||||
echo $'ZeroID repo could not be cloned'
|
||||
exit 37936
|
||||
fi
|
||||
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
|
||||
git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT
|
||||
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
|
||||
}
|
||||
|
||||
function mesh_web_server {
|
||||
if [ -d /etc/apache2 ]; then
|
||||
chroot "$rootdir" apt-get -y remove --purge apache2
|
||||
chroot "$rootdir" rm -rf /etc/apache2
|
||||
fi
|
||||
|
||||
chroot "$rootdir" apt-get -y install nginx
|
||||
|
||||
if [ ! -d $rootdir/etc/nginx ]; then
|
||||
echo $'Unable to install web server'
|
||||
exit 346825
|
||||
fi
|
||||
}
|
||||
INSTALLING_MESH=
|
||||
|
||||
initialise_mesh() {
|
||||
if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
|
||||
|
@ -1045,17 +518,16 @@ initialise_mesh() {
|
|||
chroot "$rootdir" apt-get -y install firmware-iwlwifi
|
||||
fi
|
||||
|
||||
INSTALLING_MESH=1
|
||||
|
||||
mesh_firewall
|
||||
mesh_avahi
|
||||
install_batman
|
||||
mesh_tox_node
|
||||
install_tox_node
|
||||
mesh_tox_avahi
|
||||
mesh_tox_client
|
||||
mesh_web_server
|
||||
mesh_zeronet
|
||||
mesh_zeronet_blog
|
||||
mesh_zeronet_mail
|
||||
mesh_zeronet_forum
|
||||
install_zeronet
|
||||
|
||||
MESH_SERVICE='mesh-setup.service'
|
||||
MESH_SETUP_DAEMON=$rootdir/etc/systemd/system/$MESH_SERVICE
|
||||
|
@ -1080,55 +552,6 @@ initialise_mesh() {
|
|||
|
||||
# User interface for USB drive installs ######################################
|
||||
|
||||
function enable_tox_repo {
|
||||
echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
|
||||
|
||||
|
||||
chroot "$rootdir" wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key -O- | apt-key add -
|
||||
chroot "$rootdir" apt-get update
|
||||
echo "Tox Repository Installed."
|
||||
}
|
||||
|
||||
function install_syncthing {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
|
||||
return
|
||||
fi
|
||||
|
||||
chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add -
|
||||
|
||||
echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list
|
||||
chroot "$rootdir" apt-get update
|
||||
chroot "$rootdir" apt-get -y --force-yes install syncthing
|
||||
|
||||
# This probably does need to run as root so that it can access the Sync directories
|
||||
# in each user's home directory
|
||||
chroot "$rootdir" echo '[Unit]' > /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'After=network.target' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo '' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo '[Service]' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'User=root' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo '' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo '[Install]' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service
|
||||
chroot "$rootdir" systemctl enable syncthing
|
||||
chroot "$rootdir" systemctl daemon-reload
|
||||
|
||||
if ! grep -q "syncthing" $rootdir/etc/crontab; then
|
||||
chroot "$rootdir" echo "*/1 * * * * root /usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" >> /etc/crontab
|
||||
chroot "$rootdir" systemctl restart cron
|
||||
fi
|
||||
|
||||
echo 'install_syncthing'
|
||||
}
|
||||
|
||||
function mesh_client_startup_applications {
|
||||
if [ ! -d $rootdir/home/$MY_USERNAME/Desktop ]; then
|
||||
mkdir -p $rootdir/home/$MY_USERNAME/Desktop
|
||||
|
|
|
@ -54,6 +54,46 @@ function create_avahi_service {
|
|||
echo '</service-group>' >> /etc/avahi/services/${service_name}.service
|
||||
}
|
||||
|
||||
function mesh_avahi {
|
||||
chroot "$rootdir" apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd
|
||||
|
||||
decarray=( 1 2 3 4 5 6 7 8 9 0 )
|
||||
PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
|
||||
sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" $rootdir/etc/avahi/avahi-daemon.conf
|
||||
|
||||
if [ ! -d $rootdir/etc/avahi/services ]; then
|
||||
mkdir -p $rootdir/etc/avahi/services
|
||||
fi
|
||||
|
||||
# remove an avahi service which isn't used
|
||||
if [ -f $rootdir/etc/avahi/services/udisks.service ]; then
|
||||
rm $rootdir/etc/avahi/services/udisks.service
|
||||
fi
|
||||
|
||||
# Add an ssh service
|
||||
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/ssh.service
|
||||
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo '<service-group>' >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo ' <name replace-wildcards="yes">%h SSH</name>' >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo ' <service>' >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo ' <type>_ssh._tcp</type>' >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo " <port>$SSH_PORT</port>" >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo ' </service>' >> $rootdir/etc/avahi/services/ssh.service
|
||||
echo '</service-group>' >> $rootdir/etc/avahi/services/ssh.service
|
||||
|
||||
# keep the daemon running
|
||||
WATCHDOG_SCRIPT_NAME="keepon"
|
||||
echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo ' systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
|
||||
}
|
||||
|
||||
function configure_avahi {
|
||||
if grep -Fxq "configure_avahi" $COMPLETION_FILE; then
|
||||
return
|
||||
|
|
|
@ -29,220 +29,275 @@
|
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
function save_firewall_settings {
|
||||
iptables-save > /etc/firewall.conf
|
||||
ip6tables-save > /etc/firewall6.conf
|
||||
printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
|
||||
printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
|
||||
printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
|
||||
chmod +x /etc/network/if-up.d/iptables
|
||||
iptables-save > /etc/firewall.conf
|
||||
ip6tables-save > /etc/firewall6.conf
|
||||
printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
|
||||
printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
|
||||
printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
|
||||
chmod +x /etc/network/if-up.d/iptables
|
||||
}
|
||||
|
||||
function enable_ipv6 {
|
||||
# endure that ipv6 is enabled and can route
|
||||
sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf
|
||||
#sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf
|
||||
#sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf
|
||||
sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf
|
||||
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
|
||||
# endure that ipv6 is enabled and can route
|
||||
sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf
|
||||
#sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf
|
||||
#sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf
|
||||
sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf
|
||||
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
|
||||
}
|
||||
|
||||
function configure_firewall {
|
||||
if grep -q "RELATED" /etc/firewall.conf; then
|
||||
# recreate the firewall to remove RELATED
|
||||
sed -i "/firewall/d" $COMPLETION_FILE
|
||||
fi
|
||||
if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -P INPUT ACCEPT
|
||||
ip6tables -P INPUT ACCEPT
|
||||
iptables -F
|
||||
ip6tables -F
|
||||
iptables -t nat -F
|
||||
ip6tables -t nat -F
|
||||
iptables -X
|
||||
ip6tables -X
|
||||
iptables -P INPUT DROP
|
||||
ip6tables -P INPUT DROP
|
||||
iptables -A INPUT -i lo -j ACCEPT
|
||||
iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
||||
if grep -q "RELATED" /etc/firewall.conf; then
|
||||
# recreate the firewall to remove RELATED
|
||||
sed -i "/firewall/d" $COMPLETION_FILE
|
||||
fi
|
||||
if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -P INPUT ACCEPT
|
||||
ip6tables -P INPUT ACCEPT
|
||||
iptables -F
|
||||
ip6tables -F
|
||||
iptables -t nat -F
|
||||
ip6tables -t nat -F
|
||||
iptables -X
|
||||
ip6tables -X
|
||||
iptables -P INPUT DROP
|
||||
ip6tables -P INPUT DROP
|
||||
iptables -A INPUT -i lo -j ACCEPT
|
||||
iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
||||
|
||||
# Make sure incoming tcp connections are SYN packets
|
||||
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
|
||||
# Make sure incoming tcp connections are SYN packets
|
||||
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
|
||||
|
||||
# Drop packets with incoming fragments
|
||||
iptables -A INPUT -f -j DROP
|
||||
# Drop packets with incoming fragments
|
||||
iptables -A INPUT -f -j DROP
|
||||
|
||||
# Drop bogons
|
||||
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
|
||||
iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
|
||||
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
|
||||
# Drop bogons
|
||||
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
|
||||
iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
|
||||
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
|
||||
|
||||
# Incoming malformed NULL packets:
|
||||
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
|
||||
# Incoming malformed NULL packets:
|
||||
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
|
||||
|
||||
echo 'configure_firewall' >> $COMPLETION_FILE
|
||||
echo 'configure_firewall' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_ping {
|
||||
if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
# Only allow ping for mesh installs
|
||||
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
||||
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_ping' >> $COMPLETION_FILE
|
||||
if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
# Only allow ping for mesh installs
|
||||
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
||||
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_ping' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_avahi {
|
||||
if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 548 -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport 548 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport 5353 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport 5354 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE
|
||||
if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 548 -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport 548 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport 5353 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport 5354 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_dns {
|
||||
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
|
||||
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_web_access {
|
||||
if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
|
||||
echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_web_server {
|
||||
if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=('HTTP 80')
|
||||
OPEN_PORTS+=('HTTPS 443')
|
||||
echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
|
||||
OPEN_PORTS+=('HTTP 80')
|
||||
OPEN_PORTS+=('HTTPS 443')
|
||||
echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_ssh {
|
||||
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("SSH $SSH_PORT")
|
||||
echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
|
||||
OPEN_PORTS+=("SSH $SSH_PORT")
|
||||
echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_git {
|
||||
if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 9418 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 9418 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("Git 9418")
|
||||
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
|
||||
OPEN_PORTS+=("Git 9418")
|
||||
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_internet_protocol {
|
||||
if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
|
||||
return
|
||||
fi
|
||||
sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf
|
||||
if ! grep -q "ignore pings" /etc/sysctl.conf; then
|
||||
echo '# ignore pings' >> /etc/sysctl.conf
|
||||
echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
|
||||
echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
|
||||
fi
|
||||
if ! grep -q "disable ipv6" /etc/sysctl.conf; then
|
||||
echo '# disable ipv6' >> /etc/sysctl.conf
|
||||
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
|
||||
fi
|
||||
if ! grep -q "net.ipv4.tcp_synack_retries" /etc/sysctl.conf; then
|
||||
echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
|
||||
echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
|
||||
fi
|
||||
if ! grep -q "keepalive" /etc/sysctl.conf; then
|
||||
echo '# keepalive' >> /etc/sysctl.conf
|
||||
echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
|
||||
echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
|
||||
echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
|
||||
fi
|
||||
echo 'configure_internet_protocol' >> $COMPLETION_FILE
|
||||
if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
|
||||
return
|
||||
fi
|
||||
sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf
|
||||
sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf
|
||||
if ! grep -q "ignore pings" /etc/sysctl.conf; then
|
||||
echo '# ignore pings' >> /etc/sysctl.conf
|
||||
echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
|
||||
echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
|
||||
fi
|
||||
if ! grep -q "disable ipv6" /etc/sysctl.conf; then
|
||||
echo '# disable ipv6' >> /etc/sysctl.conf
|
||||
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
|
||||
fi
|
||||
if ! grep -q "net.ipv4.tcp_synack_retries" /etc/sysctl.conf; then
|
||||
echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
|
||||
echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
|
||||
fi
|
||||
if ! grep -q "keepalive" /etc/sysctl.conf; then
|
||||
echo '# keepalive' >> /etc/sysctl.conf
|
||||
echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
|
||||
echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
|
||||
echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
|
||||
fi
|
||||
echo 'configure_internet_protocol' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function mesh_firewall {
|
||||
FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
|
||||
MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
|
||||
|
||||
echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
|
||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
|
||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
||||
chmod +x $MESH_FIREWALL_SCRIPT
|
||||
|
||||
echo '[Unit]' > $FIREWALL_FILENAME
|
||||
echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
|
||||
echo '' >> $FIREWALL_FILENAME
|
||||
echo '[Service]' >> $FIREWALL_FILENAME
|
||||
echo 'Type=oneshot' >> $FIREWALL_FILENAME
|
||||
echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
|
||||
echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
|
||||
echo '' >> $FIREWALL_FILENAME
|
||||
echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
|
||||
echo '' >> $FIREWALL_FILENAME
|
||||
echo '[Install]' >> $FIREWALL_FILENAME
|
||||
echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
|
||||
chroot "$rootdir" systemctl enable meshfirewall
|
||||
}
|
||||
|
|
|
@ -548,4 +548,18 @@ function install_command_line_browser {
|
|||
echo 'install_command_line_browser' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function mesh_web_server {
|
||||
if [ -d /etc/apache2 ]; then
|
||||
chroot "$rootdir" apt-get -y remove --purge apache2
|
||||
chroot "$rootdir" rm -rf /etc/apache2
|
||||
fi
|
||||
|
||||
chroot "$rootdir" apt-get -y install nginx
|
||||
|
||||
if [ ! -d $rootdir/etc/nginx ]; then
|
||||
echo $'Unable to install web server'
|
||||
exit 346825
|
||||
fi
|
||||
}
|
||||
|
||||
# NOTE: deliberately no exit 0
|
||||
|
|
|
@ -97,4 +97,7 @@ done
|
|||
# optionally specify your name to appear on the blog
|
||||
MY_NAME=$DEFAULT_DOMAIN_NAME
|
||||
|
||||
# used to select mesh install functions when creating a mesh image
|
||||
INSTALLING_MESH=
|
||||
|
||||
# NOTE: deliberately there is no "exit 0"
|
||||
|
|
Loading…
Reference in New Issue