This commit is contained in:
Bob Mottram 2017-10-26 13:03:59 +01:00
commit cd6b5f1320
20 changed files with 663 additions and 138 deletions

View File

@ -45,7 +45,7 @@ After installation it's possible that you might want some advice on how to run y
If you find bugs, or want to add a new app to this system see the [[./devguide.html][Developers Guide]].
Ready made disk images which can be copied onto USB or microSD drives are [[./downloads/v3][available here].
Ready made disk images which can be copied onto USB or microSD drives are [[./downloads/current][available here]].
#+BEGIN_CENTER
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]

View File

@ -54,6 +54,7 @@ The Freedombone mesh roughly follows MondoNet's ten social specifications:
- Voice chat (VoIP) and video calls
- Private and public sharing of files
- Blogging
- Collaborative editing of documents and presentations
- Creating and broadcasting audio media/podcasts
- Social network stream. Follow/unfollow other peers
- No network administration required
@ -97,7 +98,7 @@ wget https://freedombone.net/downloads/current/freedombone-meshclient-i386.img.x
wget https://freedombone.net/downloads/current/freedombone-meshclient-i386.img.xz.sig
gpg --verify freedombone-meshclient-i386.img.xz.sig
sha256sum freedombone-meshclient-i386.img.xz
995dd64538f46f6abf83ba258cca6cb82a72399cb9a099caeafc1de947ef795c
61e474afae14774d7aa479b6727fd5e77bdc1854e547b3c5b630bf10542a9581
unxz freedombone-meshclient-i386.img.xz
sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
sudo dd bs=1M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync
@ -113,7 +114,7 @@ wget https://freedombone.net/downloads/current/freedombone-meshclient-insecure-i
wget https://freedombone.net/downloads/current/freedombone-meshclient-insecure-i386.img.xz.sig
gpg --verify freedombone-meshclient-insecure-i386.img.xz.sig
sha256sum freedombone-meshclient-insecure-i386.img.xz
b06e6ff5e56577025e6b994fe0bb28f02da7d2905ac32a2f38d7d074ffe801fc
fec843303d7d280859f75f7a8edccd70512915a34d4cc0787b5de7d8fbde5c81
unxz freedombone-meshclient-insecure-i386.img.xz
sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
sudo dd bs=1M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync
@ -154,7 +155,7 @@ wget https://freedombone.net/downloads/current/freedombone.tar.gz
wget https://freedombone.net/downloads/current/freedombone.tar.gz.sig
gpg --verify freedombone.tar.gz.sig
sha256sum freedombone.tar.gz
fd0b3fe1527de893f4ece7ffe95fdf0c41e635a3f82d22a51b707c1aee541e88
e2715e27b142a21fa257eab15778ddc96f86fda70f8d91d47c4c9aa19f22e272
tar -xzvf freedombone.tar.gz
cd freedombone
git checkout stretch
@ -241,27 +242,17 @@ sudo openvpn myclient.ovpn
Where /myclient.ovpn/ comes from your VPN provider and with the password "/freedombone/".
** Connecting two meshes over the internet via a VPN tunnel
Maybe the internet exists, but you don't care about getting any content from it and just want to use it as a way to connect mesh networks from different geographical locations together. VPN configuration, pem and stunnel files exist within the home directory. Edit the configuration with:
Maybe the internet exists, but you don't care about getting any content from it and just want to use it as a way to connect mesh networks from different geographical locations together.
#+begin_src bash
nano ~/client.ovpn
#+end_src
In your home directory on a system connected via ethernet to an internet router you'll find a file called *vpn.tar.gz*. If you want another mesh to be able to connect to yours then send them this file and get them to uncompress it into their home directory also on an internet gateway machine. If they have an external IP address or domain name for your router then they will be able to VPN connect using the *Connect Meshes* icon. They should also forward port 653 from their internet router to the mesh gateway machine.
Edit the IP address or domain for the mesh that you wish to connect to within the /route/ command:
#+BEGIN_CENTER
[[file:images/mesh_connect.jpg]]
#+END_CENTER
#+begin_src bash
route [mesh IP or domain] 255.255.255.255 net_gateway
#+end_src
You should create a new *vpn.tar.gz* file for every other mesh which wants to be able to connect to yours. If you are prompted for a password it is 'freedombone'.
Then you can connect to the other mesh with:
#+begin_src bash
cd /home/fbone
sudo stunnel stunnel-client.conf
sudo openvpn client.ovpn
#+end_src
Using the password "/freedombone/". From a deep packet inspection point of view the traffic going over the internet will just look like any other TLS connection to a server.
From a deep packet inspection point of view the traffic going over the internet between mesh gateways will just look like any other TLS connection to a server.
** Mobile devices (phones, etc)
To allow mobile devices to connect to the mesh you will need a second wifi adapter connected to your laptop/netbook/SBC. Plug in a second wifi adapter then reboot the system. The second adaptor will then create a wifi hotspot which mobile devices can connect to. The hotspot name also contains its local IP address (eg. "/mesh-192.168.1.83/").
@ -303,6 +294,21 @@ One important point is that by default the microphone is turned off. When doing
At present video doesn't work reliably, but text and voice chat do work well.
** Collaborative document editing
The mesh system includes the ability to collaboratively edit various sorts of documents using CryptPad. CryptPad is an almost peer-to-peer system in that it is designed for a client/server environment but that the server aspect of it is very minimal and limited to orchestrating the connected clients. With CryptPad installed on each mesh peer it effectively enables peer-to-peer collaborative editing. Documents are ephemeral and forgotten unless they're exported or copy-pasted to permanent storage.
#+BEGIN_CENTER
[[file:images/mesh_cryptpad1.jpg]]
#+END_CENTER
To create a document click on the CryptPad icon. Depending upon the specifications of your system it may take a few seconds to load, so don't be too disturned if the browser contents look blank for a while. Select _Rich Text Pad_ and give yourself a username.
#+BEGIN_CENTER
[[file:images/mesh_cryptpad2.jpg]]
#+END_CENTER
If you have the chat system running you can then copy and paste the URL for your pad into the chat, and the other user can then open the link and edit the document with you. You can repeat that for however many other users you wish to be able to edit.
** Social Network
Patchwork is available as a social networking system for the mesh. Like all social network systems it has a stream of posts and you can follow or unfollow other users. You can also send private messages to other users with end-to-end encryption.

BIN
img/avatars/connect.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.3 KiB

BIN
img/icon_cryptpad.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.8 KiB

BIN
img/mesh_connect.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 42 KiB

BIN
img/mesh_cryptpad1.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 112 KiB

BIN
img/mesh_cryptpad2.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 78 KiB

View File

@ -215,6 +215,165 @@ function remove_cryptpad {
userdel -r cryptpad
}
function mesh_install_cryptpad {
if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
return
fi
if [ ! -d $rootdir/var/www/cryptpad ]; then
mkdir $rootdir/var/www/cryptpad
fi
if [ -d $rootdir$CRYPTPAD_DIR ]; then
rm -rf $rootdir$CRYPTPAD_DIR
fi
git_clone $CRYPTPAD_REPO $rootdir$CRYPTPAD_DIR
if [ ! -d $rootdir$CRYPTPAD_DIR ]; then
echo $'Unable to clone cryptpad repo'
exit 783251
fi
if [ -f $rootdir/root/$PROJECT_NAME/img/icon_cryptpad.png ]; then
cp $rootdir/root/$PROJECT_NAME/img/icon_cryptpad.png $rootdir$CRYPTPAD_DIR/icon_cryptpad.png
fi
# an unprivileged user to run as
chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad
cd $rootdir$CRYPTPAD_DIR
git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
echo 'server {' > $cryptpad_nginx_site
echo " listen 80 default_server;" >> $cryptpad_nginx_site
echo " server_name P${PEER_ID}.local;" >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # Logs' >> $cryptpad_nginx_site
echo ' access_log /dev/null;' >> $cryptpad_nginx_site
echo ' error_log /dev/null;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # Root' >> $cryptpad_nginx_site
echo " root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' index index.html;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site
echo ' add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site
echo ' add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location = /cryptpad_websocket {' >> $cryptpad_nginx_site
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
echo ' proxy_set_header Host $host;' >> $cryptpad_nginx_site
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site
echo ' proxy_http_version 1.1;' >> $cryptpad_nginx_site
echo ' proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site
echo ' proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /customize.dist/ {' >> $cryptpad_nginx_site
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo ' location ^~ /customize/ {' >> $cryptpad_nginx_site
echo ' rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site
echo ' try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo ' location = /api/config {' >> $cryptpad_nginx_site
echo ' default_type text/javascript;' >> $cryptpad_nginx_site
echo ' rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /blob/ {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /register/ {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /login/ {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /about.html {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /contact.html {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
echo ' rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site
echo '}' >> $cryptpad_nginx_site
cd $rootdir$CRYPTPAD_DIR
get_npm_arch
cat <<EOF > $rootdir/usr/bin/install_cryptpad
#!/bin/bash
cd $CRYPTPAD_DIR
npm install --arch=$NPM_ARCH --build-from-source
npm install --arch=$NPM_ARCH -g bower@1.8.0
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
su -c 'bower install' - cryptpad
cp config.example.js config.js
EOF
chmod +x $rootdir/usr/bin/install_cryptpad
chroot "$rootdir" /usr/bin/install_cryptpad
if [ ! -f $rootdir$CRYPTPAD_DIR/config.js ]; then
echo $'Cryptpad config file not found'
exit 628252
fi
rm $rootdir/usr/bin/install_cryptpad
sed -i "s|httpPort:.*|httpPort: $CRYPTPAD_PORT,|g" $rootdir$CRYPTPAD_DIR/config.js
sed -i "s|// domain:|domain:|g" $rootdir$CRYPTPAD_DIR/config.js
sed -i 's|openFileLimit:.*|openFileLimit: 1024,|g' $rootdir$CRYPTPAD_DIR/config.js
sed -i "s|domain:.*|domain: 'http://P${PEER_ID}.local',|g" $rootdir$CRYPTPAD_DIR/config.js
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon
echo '[Unit]' > $rootdir/etc/systemd/system/cryptpad.service
echo 'Description=Cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'After=syslog.target' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'After=network.target' >> $rootdir/etc/systemd/system/cryptpad.service
echo '' >> $rootdir/etc/systemd/system/cryptpad.service
echo '[Service]' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'User=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'Group=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
echo "WorkingDirectory=$CRYPTPAD_DIR" >> $rootdir/etc/systemd/system/cryptpad.service
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> $rootdir/etc/systemd/system/cryptpad.service
echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'Environment=NODE_ENV=production' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/cryptpad.service
echo '' >> $rootdir/etc/systemd/system/cryptpad.service
echo '[Install]' >> $rootdir/etc/systemd/system/cryptpad.service
echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/cryptpad.service
chroot "$rootdir" systemctl enable cryptpad.service
}
function install_cryptpad_main {
if [[ $(app_is_installed cryptpad_main) == "1" ]]; then
return
@ -320,10 +479,6 @@ function install_cryptpad_main {
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /contact.html {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site
echo '' >> $cryptpad_nginx_site
echo ' location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site
echo ' try_files $uri =404;' >> $cryptpad_nginx_site
echo ' }' >> $cryptpad_nginx_site

View File

@ -135,7 +135,7 @@ function pihole_change_upstream_dns {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Ad Blocker Upstream DNS" \
--radiolist $"Pick a domain name service (DNS):" 25 50 16 \
--radiolist $"Pick a domain name service (DNS):" 28 50 19 \
1 $"Digital Courage" on \
2 $"German Privacy Foundation 1" off \
3 $"German Privacy Foundation 2" off \
@ -151,7 +151,10 @@ function pihole_change_upstream_dns {
13 $"PowerNS" off \
14 $"ValiDOM" off \
15 $"Freie Unzensierte" off \
16 $"Google" off 2> $data
16 $"DNS.Watch" off \
17 $"uncensoreddns.org" off \
18 $"Lorraine Data Network" off \
19 $"Google" off 2> $data
sel=$?
case $sel in
1) exit 1;;
@ -203,8 +206,19 @@ function pihole_change_upstream_dns {
15) PIHOLE_DNS1='85.25.149.144'
PIHOLE_DNS2='87.106.37.196'
;;
16) PIHOLE_DNS1='8.8.8.8'
16) PIHOLE_DNS1='84.200.69.80'
PIHOLE_DNS2='84.200.70.40'
;;
17) PIHOLE_DNS1='91.239.100.100'
PIHOLE_DNS2='89.233.43.71'
;;
18) PIHOLE_DNS1='80.67.188.188'
PIHOLE_DNS2='89.234.141.66'
;;
19) PIHOLE_DNS1='8.8.8.8'
PIHOLE_DNS2='4.4.4.4'
dialog --title $"WARNING" \
--msgbox $"\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\n\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
;;
255) exit 1;;
esac

View File

@ -106,13 +106,17 @@ function install_interactive_vpn {
}
function vpn_change_tls_port {
EXISTING_VPN_TLS_PORT=$VPN_TLS_PORT
if ! grep -q "VPN-TLS" $FIREWALL_CONFIG; then
EXISTING_VPN_TLS_PORT=443
else
EXISTING_VPN_TLS_PORT=$(cat $FIREWALL_CONFIG | grep "VPN-TLS" | awk -F '=' '{print $2}')
fi
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"VPN Configuration" \
--backtitle $"Freedombone Control Panel" \
--inputbox $'Change TLS port' 10 50 $VPN_TLS_PORT 2>$data
--inputbox $'Change TLS port' 10 50 $EXISTING_VPN_TLS_PORT 2>$data
sel=$?
case $sel in
0)
@ -123,7 +127,7 @@ function vpn_change_tls_port {
VPN_TLS_PORT=$tlsport
write_config_param "VPN_TLS_PORT" "$VPN_TLS_PORT"
sed -i "s|accept =.*|accept = $VPN_TLS_PORT|g" /etc/stunnel/stunnel.conf
sed -i "s|accept =.*|accept = $VPN_TLS_PORT|g" /etc/stunnel/stunnel-client.conf
sed -i "s|connect =.*|connect = :$VPN_TLS_PORT|g" /etc/stunnel/stunnel-client.conf
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
@ -134,17 +138,29 @@ function vpn_change_tls_port {
done
if [ $VPN_TLS_PORT -eq 443 ]; then
if [[ "$PREVIOUS_VPN_TLS_PORT" != "443" ]]; then
firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT}
fi
systemctl stop nginx
systemctl disable nginx
else
if [[ "$PREVIOUS_VPN_TLS_PORT" != "$VPN_TLS_PORT" ]]; then
firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT}
firewall_add VPN-TLS ${VPN_TLS_PORT} tcp
fi
systemctl enable nginx
systemctl restart nginx
fi
systemctl restart stunnel
if [ $VPN_TLS_PORT -eq 443 ]; then
dialog --title $"VPN Configuration" \
--msgbox $"TLS port changed to $VPN_TLS_PORT" 6 60
--msgbox $"TLS port changed to ${VPN_TLS_PORT}. Forward this port from your internet router." 10 60
else
dialog --title $"VPN Configuration" \
--msgbox $"TLS port changed to ${VPN_TLS_PORT}. Forward this port from your internet router." 10 60
fi
fi
fi
;;

View File

@ -437,9 +437,9 @@ function refresh_gpg_keys {
function add_gpg_key {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Add someone's PGP/GPG key" \
dialog --title $"Enter email address, Key ID or full key below" \
--backtitle $"Freedombone User Control Panel" \
--inputbox $"Enter their email address or Key ID below" 8 60 2>$data
--editbox $data 8 60 2>$data
sel=$?
case $sel in
0)
@ -448,18 +448,28 @@ function add_gpg_key {
address_is_valid=
if [[ $ADD_EMAIL_ADDRESS == *"@"* && $ADD_EMAIL_ADDRESS == *"."* ]]; then
address_is_valid=1
else
if [[ $ADD_EMAIL_ADDRESS == "0x"* ]]; then
if [[ "$ADD_EMAIL_ADDRESS" == *"@"* && "$ADD_EMAIL_ADDRESS" == *"."* ]]; then
address_is_valid=1
fi
if [[ "$ADD_EMAIL_ADDRESS" == "0x"* ]]; then
address_is_valid=1
fi
publicstr=$"BEGIN PGP PUBLIC KEY BLOCK"
if [[ "$ADD_EMAIL_ADDRESS" == *"$publicstr"* ]]; then
address_is_valid=1
fi
if [ $address_is_valid ]; then
clear
if [[ "$ADD_EMAIL_ADDRESS" == *"$publicstr"* ]]; then
echo "$ADD_EMAIL_ADDRESS" | gpg --import
dialog --title $"Add someone's PGP/GPG key" \
--backtitle $"Freedombone User Control Panel" \
--msgbox $"GPG public key was imported" 6 50
else
gpg --search-keys "$ADD_EMAIL_ADDRESS"
gpg_set_trust "$ADD_EMAIL_ADDRESS"
fi
else
dialog --title $"Unrecognised email address" \
--backtitle $"Freedombone User Control Panel" \
@ -468,6 +478,7 @@ function add_gpg_key {
fi
;;
esac
rm $data
}
function remove_gpg_key {

View File

@ -87,8 +87,8 @@ NAMESERVER1='213.73.91.35'
NAMESERVER2='85.214.20.141'
NAMESERVER3='213.73.91.35'
NAMESERVER4='85.214.73.63'
NAMESERVER5='8.8.8.8'
NAMESERVER6='4.4.4.4'
NAMESERVER5='84.200.69.80'
NAMESERVER6='84.200.70.40'
# An optional freedombone configuration file
CONFIG_FILENAME=

View File

@ -697,6 +697,7 @@ initialise_mesh() {
install_tox
install_web_server
install_pelican
mesh_install_cryptpad
if [ $ENABLE_ZERONET ]; then
install_zeronet
fi
@ -896,7 +897,7 @@ function configure_user_interface {
#!/bin/bash
ethernet_connected=\$(cat /sys/class/net/eth0/carrier)
users_list=\$(lstox | awk -F ' ' '{\$1=""; print \$0}' | sed -e 's/^[[:space:]]*//' | sort -d | uniq)
if [ ! \$users_list ]; then
if [ \${#users_list} -eq 0 ]; then
no_of_users=0
else
no_of_users=\$(echo "\$users_list" | wc -l)
@ -927,6 +928,26 @@ if [ \$no_of_users -gt 0 ]; then
chmod +x /home/$MY_USERNAME/Desktop/Users.desktop
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Desktop/Users.desktop
if [ ! -f /home/$MY_USERNAME/Desktop/cryptpad.desktop ]; then
echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/cryptpad.desktop
echo 'Name=CryptPad' >> /home/$MY_USERNAME/Desktop/cryptpad.desktop
echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/cryptpad.desktop
echo 'Comment=Realtime collaborative editing of documents' >> /home/$MY_USERNAME/Desktop/cryptpad.desktop
echo "Exec=$BROWSER http://\${HOSTNAME}.local" >> /home/$MY_USERNAME/Desktop/cryptpad.desktop
echo "Icon=/etc/cryptpad/icon_cryptpad.png" >> /home/$MY_USERNAME/Desktop/cryptpad.desktop
echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/cryptpad.desktop
echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/cryptpad.desktop
chmod +x /home/$MY_USERNAME/Desktop/cryptpad.desktop
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Desktop/cryptpad.desktop
else
if ! grep -q "\${HOSTNAME}.local" /home/$MY_USERNAME/Desktop/cryptpad.desktop; then
sed -i "s|Exec=.*|Exec=$BROWSER http://\${HOSTNAME}.local|g" /home/$MY_USERNAME/Desktop/cryptpad.desktop
fi
if grep -q "Offline" /home/$MY_USERNAME/Desktop/cryptpad.desktop; then
sed -i 's|Name=.*|Name=CryptPad|g' /home/$MY_USERNAME/Desktop/cryptpad.desktop
fi
fi
if [ ! -f /home/$MY_USERNAME/Desktop/social.desktop ]; then
echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/social.desktop
echo 'Name=Social' >> /home/$MY_USERNAME/Desktop/social.desktop
@ -961,6 +982,18 @@ if [ \$no_of_users -gt 0 ]; then
# fi
#fi
if [ ! -f /home/$MY_USERNAME/Desktop/vpn.desktop ]; then
echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/vpn.desktop
echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/vpn.desktop
echo 'Name=Connect Meshes' >> /home/$MY_USERNAME/Desktop/vpn.desktop
echo 'Comment=Connect to another mesh network via the internet' >> /home/$MY_USERNAME/Desktop/vpn.desktop
echo 'Exec=mate-terminal -e /usr/local/bin/${PROJECT_NAME}-mesh-connect' >> /home/$MY_USERNAME/Desktop/vpn.desktop
echo 'Icon=/usr/share/${PROJECT_NAME}/avatars/connect.jpg' >> /home/$MY_USERNAME/Desktop/vpn.desktop
echo 'StartupNotify=false' >> /home/$MY_USERNAME/Desktop/vpn.desktop
chmod +x /home/$MY_USERNAME/Desktop/vpn.desktop
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Desktop/vpn.desktop
fi
if [ -f /tmp/.ipfs-users ]; then
echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/sites.desktop
echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/sites.desktop

View File

@ -64,8 +64,8 @@ NAMESERVER1 ?= '213.73.91.35'
NAMESERVER2 ?= '85.214.20.141'
NAMESERVER3 ?= '213.73.91.35'
NAMESERVER4 ?= '85.214.73.63'
NAMESERVER5 ?= '8.8.8.8'
NAMESERVER6 ?= '4.4.4.4'
NAMESERVER5 ?= '84.200.69.80'
NAMESERVER6 ?= '84.200.70.40'
# Using taskset to pin build process to single core. This is a
# workaround for a qemu-user-static issue that causes builds to

View File

@ -85,6 +85,29 @@ VPN_MESH_TLS_PORT=653
SCUTTLEBOT_PORT=8010
CRYPTPAD_PORT=9003
CRYPTPAD_DIR=/etc/cryptpad
function enable_cryptpad {
if [ ! -d $CRYPTPAD_DIR ]; then
return
fi
# Set up the web server
ln -s /etc/nginx/sites-available/cryptpad /etc/nginx/sites-enabled/cryptpad
rm /etc/nginx/sites-enabled/default
if [ ! -d $CRYPTPAD_DIR/customize/api ]; then
mkdir -p $CRYPTPAD_DIR/customize/api
fi
wget 127.0.0.1:$CRYPTPAD_PORT/api/config -O $CRYPTPAD_DIR/customize/api/config
if [ ! -f $CRYPTPAD_DIR/customize/api/config ]; then
echo $'Unable to wget api/config'
exit 89252
fi
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
}
# Debian stretch has a problem where the formerly predictable wlan0 and eth0
# device names get assigned random names. This is a hacky workaround.
# Also adding net.ifnames=0 to kernel options on bootloader may work.
@ -761,7 +784,7 @@ function generate_stunnel_keys {
cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem
cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12
chown $MY_USERNAME:$MY_USERNAME $prefix$userhome/stunnel*
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
echo "stunnel keys created" >> /var/log/${PROJECT_NAME}.log
}
@ -774,6 +797,13 @@ function mesh_setup_vpn {
generate_stunnel_keys
sed -i 's|tun-mtu .*|tun-mtu 1532|g' /home/$MY_USERNAME/client.ovpn
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/client.ovpn
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
# create an archive of the vpn client files
cd /home/$MY_USERNAME
tar -czvf vpn.tar.gz stunnel* client.ovpn
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/vpn.tar.gz
systemctl restart openvpn
}
@ -873,12 +903,16 @@ if [ -f $MESH_INSTALL_SETUP ]; then
#create_ram_disk 1
#setup_amnesic_data
change_avahi_name
if [ -d $CRYPTPAD_DIR ]; then
systemctl start cryptpad
fi
configure_toxcore
create_tox_user
#setup_tahoelafs
mesh_setup_vpn
initialise_scuttlebot_pub
setup_ipfs
enable_cryptpad
mesh_amnesic
make_root_read_only

229
src/freedombone-mesh-connect Executable file
View File

@ -0,0 +1,229 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Blogging functions for mesh clients
#
# License
# =======
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-mesh-blog
export TEXTDOMAINDIR="/usr/share/locale"
MY_USERNAME='fbone'
OPENVPN_SERVER_NAME="server"
OPENVPN_KEY_FILENAME='client.ovpn'
VPN_COUNTRY_CODE="US"
VPN_AREA="Apparent Free Speech Zone"
VPN_LOCATION="Freedomville"
VPN_ORGANISATION="Freedombone"
VPN_UNIT="Freedombone Unit"
STUNNEL_PORT=3439
VPN_MESH_TLS_PORT=653
function vpn_generate_keys {
# generate host keys
if [ ! -f /etc/openvpn/dh2048.pem ]; then
${PROJECT_NAME}-dhparam -o /etc/openvpn/dh2048.pem
fi
if [ ! -f /etc/openvpn/dh2048.pem ]; then
echo $'vpn dhparams were not generated' >> /var/log/${PROJECT_NAME}.log
exit 73724523
fi
cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
cd /etc/openvpn/easy-rsa
. ./vars
./clean-all
vpn_openssl_version='1.0.0'
if [ ! -f openssl-${vpn_openssl_version}.cnf ]; then
echo $"openssl-${vpn_openssl_version}.cnf was not found" >> /var/log/${PROJECT_NAME}.log
exit 7392353
fi
cp openssl-${vpn_openssl_version}.cnf openssl.cnf
if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt ]; then
rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt
fi
if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key ]; then
rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key
fi
if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.csr ]; then
rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.csr
fi
sed -i 's| --interact||g' build-key-server
sed -i 's| --interact||g' build-ca
./build-ca
./build-key-server ${OPENVPN_SERVER_NAME}
if [ ! -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt ]; then
echo $'OpenVPN crt not found' >> /var/log/${PROJECT_NAME}.log
exit 7823352
fi
server_cert=$(cat /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt)
if [ ${#server_cert} -lt 10 ]; then
cat /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt
echo $'Server cert generation failed' >> /var/log/${PROJECT_NAME}.log
exit 3284682
fi
if [ ! -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key ]; then
echo $'OpenVPN key not found' >> /var/log/${PROJECT_NAME}.log
exit 6839436
fi
if [ ! -f /etc/openvpn/easy-rsa/keys/ca.key ]; then
echo $'OpenVPN ca not found' >> /var/log/${PROJECT_NAME}.log
exit 7935203
fi
cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn
create_user_vpn_key ${MY_USERNAME}
}
function generate_stunnel_keys {
echo "Creating stunnel keys" >> /var/log/${PROJECT_NAME}.log
openssl req -x509 -nodes -days 3650 -sha256 \
-subj "/O=$VPN_ORGANISATION/OU=$VPN_UNIT/C=$VPN_COUNTRY_CODE/ST=$VPN_AREA/L=$VPN_LOCATION/CN=$HOSTNAME" \
-newkey rsa:2048 -keyout /etc/stunnel/key.pem \
-out /etc/stunnel/cert.pem
if [ ! -f /etc/stunnel/key.pem ]; then
echo $'stunnel key not created' >> /var/log/${PROJECT_NAME}.log
exit 793530
fi
if [ ! -f /etc/stunnel/cert.pem ]; then
echo $'stunnel cert not created' >> /var/log/${PROJECT_NAME}.log
exit 204587
fi
chmod 400 /etc/stunnel/key.pem
chmod 640 /etc/stunnel/cert.pem
cat /etc/stunnel/key.pem /etc/stunnel/cert.pem >> /etc/stunnel/stunnel.pem
chmod 640 /etc/stunnel/stunnel.pem
openssl pkcs12 -export -out /etc/stunnel/stunnel.p12 -inkey /etc/stunnel/key.pem -in /etc/stunnel/cert.pem -passout pass:
if [ ! -f /etc/stunnel/stunnel.p12 ]; then
echo $'stunnel pkcs12 not created' >> /var/log/${PROJECT_NAME}.log
exit 639353
fi
chmod 640 /etc/stunnel/stunnel.p12
cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem
cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
echo "stunnel keys created" >> /var/log/${PROJECT_NAME}.log
}
function mesh_setup_vpn {
vpn_generate_keys
cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
generate_stunnel_keys
sed -i 's|tun-mtu .*|tun-mtu 1532|g' /home/$MY_USERNAME/client.ovpn
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/client.ovpn
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
# create an archive of the vpn client files
cd /home/$MY_USERNAME
tar -czvf vpn.tar.gz stunnel* client.ovpn
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/vpn.tar.gz
if [ -f vpn.tar.gz ]; then
dialog --title $"Generate VPN client keys" \
--msgbox $"\nNew VPN client keys have been generated in the /home/fbone directory.\n\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\n\nThey should uncompress vpn.tar.gz to their /home/fbone directory, forward port $VPN_MESH_TLS_PORT then connect using your IP address or domain name." 15 70
fi
}
function connect_to_vpn {
dialog --title $"VPN Connect to another mesh network" \
--backtitle $"Freedombone Mesh" \
--defaultno \
--yesno $"\nHave you received the vpn.tar.gz file from the other mesh administrator, uncompressed it into the /home/fbone directory and also forwarded port $VPN_MESH_TLS_PORT from your internet router to this system?" 10 70
sel=$?
case $sel in
1) return;;
255) return;;
esac
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"VPN Connect to another mesh network" \
--backtitle $"Freedombone Mesh" \
--inputbox $'Enter the IP address or domain name of the other mesh.' 10 60 2>$data
sel=$?
case $sel in
0)
ip_or_domain=$(<$data)
if [ ${#ip_or_domain} -gt 1 ]; then
if [[ "$ip_or_domain" == *'.'* ]]; then
if [ ! -f ~/client.ovpn ]; then
rm $data
exit 1
fi
if [ ! -f ~/stunnel.pem ]; then
rm $data
exit 1
fi
if [ ! -f ~/stunnel.p12 ]; then
rm $data
exit 1
fi
sed -i "s|route .*|route $ip_or_domain 255.255.255.255 net_gateway|g" ~/client.ovpn
clear
cd ~/
sudo stunnel stunnel-client.conf
sudo openvpn client.ovpn
fi
fi
;;
esac
rm $data
}
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Mesh" \
--title $"Connect to another mesh network" \
--radiolist $"Choose an operation:" 10 75 2 \
1 $"Connect to another mesh network" on \
2 $"Generate VPN keys for another mesh network to connect to me" off 2> $data
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
esac
case $(cat $data) in
1) rm $data
connect_to_vpn;;
2) rm $data
mesh_setup_vpn;;
esac
exit 0

View File

@ -33,8 +33,8 @@ NAMESERVER1='213.73.91.35'
NAMESERVER2='85.214.20.141'
NAMESERVER3='213.73.91.35'
NAMESERVER4='85.214.73.63'
NAMESERVER5='8.8.8.8'
NAMESERVER6='4.4.4.4'
NAMESERVER5='84.200.69.80'
NAMESERVER6='84.200.70.40'
# parameters used when adding a new domain
DDNS_PROVIDER="default@freedns.afraid.org"

View File

@ -50,9 +50,11 @@ function install_8sync {
export GUILE_CFLAGS="-I${GUILE_BASE_PATH}/include"
export GUILE_LIBS="-L${GUILE_BASE_PATH}/lib -lguile -lqthreads -ldl -ltermcap -lsocket -lnsl -lm"
./bootstrap.sh
sed -i 's|PKG_CHECK_MODULES|##PKG_CHECK_MODULES|g' configure
configure
make
make install
export GUILE_LOAD_COMPILED_PATH="$INSTALL_DIR/8sync"
}
function install_guile {

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-10-05 Thu 13:21 -->
<!-- 2017-10-15 Sun 11:26 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -300,7 +300,7 @@ If you find bugs, or want to add a new app to this system see the <a href="./dev
</p>
<p>
Ready made disk images which can be copied onto USB or microSD drives are [[./downloads/v3][available here].
Ready made disk images which can be copied onto USB or microSD drives are <a href="./downloads/current">available here</a>.
</p>
<div class="org-center">

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-10-07 Sat 10:19 -->
<!-- 2017-10-25 Wed 20:24 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -274,13 +274,13 @@ for the JavaScript code in this tag.
</colgroup>
<tbody>
<tr>
<td class="org-left"><a href="#org459477a">What the system can do</a></td>
<td class="org-left"><a href="#orga5044ee">What the system can do</a></td>
<td class="org-left">-</td>
<td class="org-left"><a href="#org0164602">Disk Images</a></td>
<td class="org-left"><a href="#orge35044f">Disk Images</a></td>
<td class="org-left">-</td>
<td class="org-left"><a href="#orgac711fb">Building Disk Images</a></td>
<td class="org-left"><a href="#org042ab96">Building Disk Images</a></td>
<td class="org-left">-</td>
<td class="org-left"><a href="#orgb7403cc">How to use it</a></td>
<td class="org-left"><a href="#org90e6351">How to use it</a></td>
</tr>
</tbody>
</table>
@ -324,15 +324,16 @@ The Freedombone mesh roughly follows MondoNet's ten social specifications:
<li><b>Evolvable</b>: The network should be built with future development in mind. The platform should be flexible enough to support technologies, protocols and modes of usage that have not yet been developed.</li>
</ul>
<div id="outline-container-org459477a" class="outline-2">
<h2 id="org459477a">What the system can do</h2>
<div class="outline-text-2" id="text-org459477a">
<div id="outline-container-orga5044ee" class="outline-2">
<h2 id="orga5044ee">What the system can do</h2>
<div class="outline-text-2" id="text-orga5044ee">
<ul class="org-ul">
<li>Discovery of other users on the network</li>
<li>Text based chat, one-to-one and in groups</li>
<li>Voice chat (VoIP) and video calls</li>
<li>Private and public sharing of files</li>
<li>Blogging</li>
<li>Collaborative editing of documents and presentations</li>
<li>Creating and broadcasting audio media/podcasts</li>
<li>Social network stream. Follow/unfollow other peers</li>
<li>No network administration required</li>
@ -350,13 +351,13 @@ This system should be quite scalable. Both qTox and IPFS are based upon distribu
</div>
</div>
<div id="outline-container-org0164602" class="outline-2">
<h2 id="org0164602">Disk Images</h2>
<div class="outline-text-2" id="text-org0164602">
<div id="outline-container-orge35044f" class="outline-2">
<h2 id="orge35044f">Disk Images</h2>
<div class="outline-text-2" id="text-orge35044f">
</div>
<div id="outline-container-orge7a4bb5" class="outline-3">
<h3 id="orge7a4bb5">Writing many images quickly</h3>
<div class="outline-text-3" id="text-orge7a4bb5">
<div id="outline-container-org1e0493b" class="outline-3">
<h3 id="org1e0493b">Writing many images quickly</h3>
<div class="outline-text-3" id="text-org1e0493b">
<p>
There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the <b>dd</b> command is used for writing to the target drive, but to write to multiple drives you can use a tool such as <a href="https://wiki.gnome.org/Apps/MultiWriter">GNOME MultiWriter</a>.
</p>
@ -384,9 +385,9 @@ The MultiWriter tool is also available within mesh client images, so that you ca
</p>
</div>
</div>
<div id="outline-container-org937e4d8" class="outline-3">
<h3 id="org937e4d8">Client images</h3>
<div class="outline-text-3" id="text-org937e4d8">
<div id="outline-container-orgb14f6b2" class="outline-3">
<h3 id="orgb14f6b2">Client images</h3>
<div class="outline-text-3" id="text-orgb14f6b2">
<div class="org-center">
<div class="figure">
@ -435,16 +436,16 @@ sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-n
</div>
</div>
<div id="outline-container-org4b4e016" class="outline-3">
<h3 id="org4b4e016">Router images</h3>
<div class="outline-text-3" id="text-org4b4e016">
<div id="outline-container-orgab76248" class="outline-3">
<h3 id="orgab76248">Router images</h3>
<div class="outline-text-3" id="text-orgab76248">
<p>
Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.
</p>
</div>
<div id="outline-container-org139719d" class="outline-4">
<h4 id="org139719d">Beaglebone Black</h4>
<div class="outline-text-4" id="text-org139719d">
<div id="outline-container-org0b3b781" class="outline-4">
<h4 id="org0b3b781">Beaglebone Black</h4>
<div class="outline-text-4" id="text-org0b3b781">
<div class="org-center">
<div class="figure">
@ -481,9 +482,9 @@ There is still a software freedom issue with the Beaglebone Black, but it doesn'
</div>
</div>
<div id="outline-container-orgac711fb" class="outline-2">
<h2 id="orgac711fb">Building Disk Images</h2>
<div class="outline-text-2" id="text-orgac711fb">
<div id="outline-container-org042ab96" class="outline-2">
<h2 id="org042ab96">Building Disk Images</h2>
<div class="outline-text-2" id="text-org042ab96">
<p>
It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
</p>
@ -571,9 +572,9 @@ The resulting image can be copied to a microSD card, inserted into a Beaglebone
</div>
</div>
<div id="outline-container-org9625de2" class="outline-2">
<h2 id="org9625de2">Customisation</h2>
<div class="outline-text-2" id="text-org9625de2">
<div id="outline-container-org320b796" class="outline-2">
<h2 id="org320b796">Customisation</h2>
<div class="outline-text-2" id="text-org320b796">
<p>
If you want to make your own specially branded version, such as for a particular event, then to change the default desktop backgrounds edit the images within <b>img/backgrounds</b> and to change the available avatars and desktop icons edit the images within <b>img/avatars</b>. Re-create disk images using the instructions shown previously.
</p>
@ -583,9 +584,9 @@ If you need particular <i>dconf</i> commands to alter desktop appearance or beha
</p>
</div>
</div>
<div id="outline-container-orgb7403cc" class="outline-2">
<h2 id="orgb7403cc">How to use it</h2>
<div class="outline-text-2" id="text-orgb7403cc">
<div id="outline-container-org90e6351" class="outline-2">
<h2 id="org90e6351">How to use it</h2>
<div class="outline-text-2" id="text-org90e6351">
<p>
When you first boot from the USB drive the system will create some encryption keys, assign a unique network address to the system and then reboot itself. When that's done you should see a prompt asking for a username. This username just makes it easy for others to initially find you on the mesh and will appear in the list of users.
</p>
@ -595,9 +596,9 @@ After a minute or two if you are within wifi range and there is at least one oth
</p>
</div>
<div id="outline-container-org70dd907" class="outline-3">
<h3 id="org70dd907">Boot trouble</h3>
<div class="outline-text-3" id="text-org70dd907">
<div id="outline-container-orgaf18aab" class="outline-3">
<h3 id="orgaf18aab">Boot trouble</h3>
<div class="outline-text-3" id="text-orgaf18aab">
<p>
If the system doesn't boot and reports an error which includes <b>/dev/mapper/loop0p1</b> then reboot with <b>Ctrl-Alt-Del</b> and when you see the grub menu press <b>e</b> and manually change <b>/dev/mapper/loop0p1</b> to <b>/dev/sdb1</b>, then press <b>Ctrl-x</b>. If that doesn't work then reboot and try <b>/dev/sdc1</b> instead.
</p>
@ -607,9 +608,9 @@ After the system has booted successfully the problem should resolve itself on su
</p>
</div>
</div>
<div id="outline-container-orge861d36" class="outline-3">
<h3 id="orge861d36">Set the Date</h3>
<div class="outline-text-3" id="text-orge861d36">
<div id="outline-container-org17b251b" class="outline-3">
<h3 id="org17b251b">Set the Date</h3>
<div class="outline-text-3" id="text-org17b251b">
<p>
On the ordinary internet the date and time of your system would be set automatically via NTP. But this is not the internet and so you will need to manually ensure that your date and time settings are correct. You might need to periodically do this if your clock drifts. It's not essential that the time on your system be highly accurate, but if it drifts too far or goes back to epoch then things could become a little confusing in regard to the order of blog posts.
</p>
@ -619,9 +620,9 @@ On the ordinary internet the date and time of your system would be set automatic
</p>
</div>
</div>
<div id="outline-container-org15c35d8" class="outline-3">
<h3 id="org15c35d8">Check network status</h3>
<div class="outline-text-3" id="text-org15c35d8">
<div id="outline-container-org271731e" class="outline-3">
<h3 id="org271731e">Check network status</h3>
<div class="outline-text-3" id="text-org271731e">
<p>
Unlike with ordinary wifi, on the mesh you don't get a signal strength icon and so it's not simple to see if you have a good connection.
</p>
@ -644,9 +645,9 @@ When you are finished close the window and then select the <i>Network Restart</i
</p>
</div>
</div>
<div id="outline-container-org1a60165" class="outline-3">
<h3 id="org1a60165">Connecting to the internet</h3>
<div class="outline-text-3" id="text-org1a60165">
<div id="outline-container-org91c530e" class="outline-3">
<h3 id="org91c530e">Connecting to the internet</h3>
<div class="outline-text-3" id="text-org91c530e">
<p>
If you need to be able to access the internet from the mesh then connect one of the peers to an internet router using an ethernet cable, then reboot it. Other peers in the mesh, including any attached mobile devices, will then be able to access the internet using the ethernet attached peer as a gateway. <a href="https://en.wikipedia.org/wiki/Freifunk">Freifunk</a> works in a similar way.
</p>
@ -669,47 +670,38 @@ Where <i>myclient.ovpn</i> comes from your VPN provider and with the password "<
</p>
</div>
</div>
<div id="outline-container-orgc23a852" class="outline-3">
<h3 id="orgc23a852">Connecting two meshes over the internet via a VPN tunnel</h3>
<div class="outline-text-3" id="text-orgc23a852">
<div id="outline-container-orgad68675" class="outline-3">
<h3 id="orgad68675">Connecting two meshes over the internet via a VPN tunnel</h3>
<div class="outline-text-3" id="text-orgad68675">
<p>
Maybe the internet exists, but you don't care about getting any content from it and just want to use it as a way to connect mesh networks from different geographical locations together. VPN configuration, pem and stunnel files exist within the home directory. Edit the configuration with:
Maybe the internet exists, but you don't care about getting any content from it and just want to use it as a way to connect mesh networks from different geographical locations together.
</p>
<div class="org-src-container">
<pre class="src src-bash">nano ~/client.ovpn
</pre>
</div>
<p>
Edit the IP address or domain for the mesh that you wish to connect to within the <i>route</i> command:
In your home directory on a system connected via ethernet to an internet router you'll find a file called <b>vpn.tar.gz</b>. If you want another mesh to be able to connect to yours then send them this file and get them to uncompress it into their home directory also on an internet gateway machine. If they have an external IP address or domain name for your router then they will be able to VPN connect using the <b>Connect Meshes</b> icon. They should also forward port 653 from their internet router to the mesh gateway machine.
</p>
<div class="org-src-container">
<pre class="src src-bash">route [mesh IP or domain] 255.255.255.255 net_gateway
</pre>
</div>
<div class="org-center">
<p>
Then you can connect to the other mesh with:
</p>
<div class="org-src-container">
<pre class="src src-bash"><span class="org-builtin">cd</span> /home/fbone
sudo stunnel stunnel-client.conf
sudo openvpn client.ovpn
</pre>
</div>
<p>
Using the password "<i>freedombone</i>". From a deep packet inspection point of view the traffic going over the internet will just look like any other TLS connection to a server.
<div class="figure">
<p><img src="images/mesh_connect.jpg" alt="mesh_connect.jpg" />
</p>
</div>
</div>
<div id="outline-container-orgfb80d50" class="outline-3">
<h3 id="orgfb80d50">Mobile devices (phones, etc)</h3>
<div class="outline-text-3" id="text-orgfb80d50">
<p>
You should create a new <b>vpn.tar.gz</b> file for every other mesh which wants to be able to connect to yours. If you are prompted for a password it is 'freedombone'.
</p>
<p>
From a deep packet inspection point of view the traffic going over the internet between mesh gateways will just look like any other TLS connection to a server.
</p>
</div>
</div>
<div id="outline-container-org538360a" class="outline-3">
<h3 id="org538360a">Mobile devices (phones, etc)</h3>
<div class="outline-text-3" id="text-org538360a">
<p>
To allow mobile devices to connect to the mesh you will need a second wifi adapter connected to your laptop/netbook/SBC. Plug in a second wifi adapter then reboot the system. The second adaptor will then create a wifi hotspot which mobile devices can connect to. The hotspot name also contains its local IP address (eg. "<i>mesh-192.168.1.83</i>").
</p>
@ -731,9 +723,9 @@ On some android devices you may need to move the downloaded APK file from the <b
</p>
</div>
</div>
<div id="outline-container-org8cef3f4" class="outline-3">
<h3 id="org8cef3f4">Chat System</h3>
<div class="outline-text-3" id="text-org8cef3f4">
<div id="outline-container-orgef6e799" class="outline-3">
<h3 id="orgef6e799">Chat System</h3>
<div class="outline-text-3" id="text-orgef6e799">
<p>
Ensure that you're within wifi range of at least one other mesh peer (could be a router or client) and then you should see that the <i>Chat</i> and <i>Other Users</i> icons appear. Select the users icon and you should see a list of users on the mesh. Select the <i>Chat</i> icon and once you are connected you should see the status light turn green. If after a few minutes you don't get the green status light then try closing and re-opening the Tox chat application. Select the plus button to add a friend and then copy and paste in a Tox ID from the users list.
</p>
@ -792,9 +784,42 @@ At present video doesn't work reliably, but text and voice chat do work well.
</div>
</div>
<div id="outline-container-org1bfb325" class="outline-3">
<h3 id="org1bfb325">Social Network</h3>
<div class="outline-text-3" id="text-org1bfb325">
<div id="outline-container-org9a11098" class="outline-3">
<h3 id="org9a11098">Collaborative document editing</h3>
<div class="outline-text-3" id="text-org9a11098">
<p>
The mesh system includes the ability to collaboratively edit various sorts of documents using CryptPad. CryptPad is an almost peer-to-peer system in that it is designed for a client/server environment but that the server aspect of it is very minimal and limited to orchestrating the connected clients. With CryptPad installed on each mesh peer it effectively enables peer-to-peer collaborative editing. Documents are ephemeral and forgotten unless they're exported or copy-pasted to permanent storage.
</p>
<div class="org-center">
<div class="figure">
<p><img src="images/mesh_cryptpad1.jpg" alt="mesh_cryptpad1.jpg" />
</p>
</div>
</div>
<p>
To create a document click on the CryptPad icon. Depending upon the specifications of your system it may take a few seconds to load, so don't be too disturned if the browser contents look blank for a while. Select <span class="underline">Rich Text Pad</span> and give yourself a username.
</p>
<div class="org-center">
<div class="figure">
<p><img src="images/mesh_cryptpad2.jpg" alt="mesh_cryptpad2.jpg" />
</p>
</div>
</div>
<p>
If you have the chat system running you can then copy and paste the URL for your pad into the chat, and the other user can then open the link and edit the document with you. You can repeat that for however many other users you wish to be able to edit.
</p>
</div>
</div>
<div id="outline-container-org05473b7" class="outline-3">
<h3 id="org05473b7">Social Network</h3>
<div class="outline-text-3" id="text-org05473b7">
<p>
Patchwork is available as a social networking system for the mesh. Like all social network systems it has a stream of posts and you can follow or unfollow other users. You can also send private messages to other users with end-to-end encryption.
</p>
@ -829,9 +854,9 @@ The Secure Scuttlebutt protocol which Patchwork is based upon is intended to be
</div>
</div>
<div id="outline-container-org2d4c2ef" class="outline-3">
<h3 id="org2d4c2ef">Sharing Files</h3>
<div class="outline-text-3" id="text-org2d4c2ef">
<div id="outline-container-orgc7f141c" class="outline-3">
<h3 id="orgc7f141c">Sharing Files</h3>
<div class="outline-text-3" id="text-orgc7f141c">
<p>
You can make files publicly available on the network simply by dragging and dropping them into the <i>Public</i> folder on the desktop. To view the files belonging to another user select the desktop icon called <i>Visit a site</i> and enter the username or Tox ID of the other user.
</p>
@ -846,9 +871,9 @@ You can make files publicly available on the network simply by dragging and drop
</div>
</div>
<div id="outline-container-org47a1d04" class="outline-3">
<h3 id="org47a1d04">Blogging</h3>
<div class="outline-text-3" id="text-org47a1d04">
<div id="outline-container-orgc6faf49" class="outline-3">
<h3 id="orgc6faf49">Blogging</h3>
<div class="outline-text-3" id="text-orgc6faf49">
<p>
To create a blog post select the <i>Blog</i> icon on the desktop and then use the up and down cursor keys, space bar and enter key to add a new entry. Edit the title of the entry and add your text. You can also include photos if you wish - just copy them to the <b>CreateBlog/content/images</b> directory and then link to them as shown.
</p>