-
Notifications
You must be signed in to change notification settings - Fork 4
/
ldn.sh
323 lines (247 loc) · 10.1 KB
/
ldn.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
#!/bin/bash
dummy_pwd=ldn
cat <<EOF
You are about to configure an Internet Cube for Lorraine Data Network.
All the passwords will be: '$dummy_pwd' (to change after this script's execution)
/!\\ This script has to be run as root *on* the Cube itself, on a labriqueinternet_04-06-2015_jessie.img SD card
/!\\ If you run into trouble, please refer to the original documentation page: https://yunohost.org/installation_brique_fr
EOF
# Exit if any of the following command fails
set -e
get_variables() {
if [ -f ldn.variables ]; then
source ldn.variables
else
echo
echo "Main domain name (will be used to host your email and services)"
echo "e.g.: toto.altu.fr"
read domain
echo
echo "Additional domain name (for example if you want to have a different email domain than the previous one)"
echo "e.g.: toto.acteurdu.net (or leave blank)"
read additional_domain
echo
echo "Username (used to connect to the user interface and access your apps, must be composed of lowercase letters and numbers only)"
echo "e.g.: jonsnow"
read username
echo
echo "Firstname (mandatory, used as your firstname when you send emails)"
echo "e.g.: Jon"
read firstname
echo
echo "Lastname (mandatory, used as your lastname when you send emails)"
echo "e.g. Snow"
read lastname
echo
echo "Email (must contain one of the domain previously entered as second part)"
echo "e.g. jon@toto.altu.fr"
read email
echo
echo "VPN client certificate (paste all the lines below and end with a blank line): "
vpn_client_crt=$(sed '/^$/q' | sed 's/-----BEGIN CERTIFICATE-----//' | sed 's/-----END CERTIFICATE-----//' | sed '/^$/d')
echo
echo "VPN client key (paste all the lines below and end with a blank line): "
vpn_client_key=$(sed '/^$/q' | sed 's/-----BEGIN PRIVATE KEY-----//' | sed 's/-----END PRIVATE KEY-----//' | sed '/^$/d')
echo
echo "CA server certificate (paste all the lines below and end with a blank line): "
vpn_ca_crt=$(sed '/^$/q' | sed 's/-----BEGIN CERTIFICATE-----//' | sed 's/-----END CERTIFICATE-----//' | sed '/^$/d')
echo
echo "IPv6 delegated prefix (https://wiki.ldn-fai.net/wiki/Adressage)"
echo "e.g.: 2001:913:c20::"
read ip6_net
echo
echo "WiFi AP SSID (that will appear right after this configuration script ending)"
echo "e.g.: MyWunderbarNeutralNetwork"
read wifi_ssid
echo
echo "Install DKIM? (recommended if you want a perfect email server, not needed otherwise)"
echo "(Yes/No)"
read install_dkim
echo
echo
echo "The installation will proceed, please verify the parameters above one last time."
read -rsp $'Press any key to continue...\n' -n1 yolo
echo
# Store all the variables into a file
for var in domain additional_domain username firstname lastname email ip6_net wifi_ssid install_dkim; do
declare -p $var | cut -d ' ' -f 3- >> ldn.variables
done
echo "vpn_client_crt=\"$vpn_client_crt\"" >> ldn.variables
echo "vpn_client_key=\"$vpn_client_key\"" >> ldn.variables
echo "vpn_ca_crt=\"$vpn_ca_crt\"" >> ldn.variables
fi
}
modify_hosts() {
# to resolve the domain properly
echo "Modifying hosts..."
grep -q "olinux" /etc/hosts \
|| echo "127.0.0.1 $domain $additional_domain olinux" >> /etc/hosts
}
upgrade_system() {
echo "Upgrading Debian packages..."
apt-get update -qq
apt-get dist-upgrade -y --force-yes
}
postinstall_yunohost() {
echo "Launching YunoHost post-installation..."
yunohost tools postinstall -d $domain -p $dummy_pwd
}
add_additional_domain() {
# Often we want to add a domain that is not the main domain
if [ ! -z "$additional_domain" ]; then
echo "Adding the domain $additional_domain ..."
yunohost domain add $additional_domain
fi
}
fix_userdir_creation() {
echo "Adding a script to properly create user directories..."
# Temporary FIX to create users directories properly
mkdir -p /usr/share/yunohost/hooks/post_user_create
cat > /usr/share/yunohost/hooks/post_user_create/06-create_userdir <<EOF
#!/bin/bash
user=\$1
sudo mkdir -p /var/mail/\$user
sudo chown -hR vmail:mail /var/mail/\$user
/sbin/mkhomedir_helper \$user
EOF
# Wait 2 seconds in order to let YunoHost give this script a fuck
sleep 2
}
create_yunohost_user() {
echo "Creating the first YunoHost user..."
yunohost user create $username -f $firstname -l $lastname -m $email \
-q 0 -p $dummy_pwd
}
install_vpnclient() {
echo "Installing the VPN client application..."
yunohost app install https://github.com/labriqueinternet/vpnclient_ynh \
--args "domain=$domain&path=/vpnadmin&server_name=access.ldn-fai.net"
}
configure_vpnclient() {
echo "Configuring the VPN connection..."
# Restrict user access to the app
yunohost app addaccess vpnclient -u $username
# Copy certificates and keys
mkdir -p /etc/openvpn/keys
echo '-----BEGIN CERTIFICATE-----' > /etc/openvpn/keys/user.crt
grep -Eo '"[^"]*"|[^" ]*' <<< $vpn_client_crt >> /etc/openvpn/keys/user.crt
echo '-----END CERTIFICATE-----' >> /etc/openvpn/keys/user.crt
echo '-----BEGIN PRIVATE KEY-----' > /etc/openvpn/keys/user.key
grep -Eo '"[^"]*"|[^" ]*' <<< $vpn_client_key >> /etc/openvpn/keys/user.key
echo '-----END PRIVATE KEY-----' >> /etc/openvpn/keys/user.key
echo '-----BEGIN CERTIFICATE-----' > /etc/openvpn/keys/ca-server.crt
grep -Eo '"[^"]*"|[^" ]*' <<< $vpn_ca_crt >> /etc/openvpn/keys/ca-server.crt
echo '-----END CERTIFICATE-----' >> /etc/openvpn/keys/ca-server.crt
# Set rights
chown admin:admins -hR /etc/openvpn/keys
chmod 640 -R /etc/openvpn/keys
# Configure VPN client
yunohost app setting vpnclient server_name -v "access.ldn-fai.net"
yunohost app setting vpnclient server_port -v "1194"
yunohost app setting vpnclient server_proto -v "udp"
yunohost app setting vpnclient service_enabled -v "1"
yunohost app setting vpnclient ip6_net -v "$ip6_net"
yunohost app setting vpnclient ip6_addr -v "${ip6_net}42"
# Add the service to YunoHost's monitored services
yunohost service add ynh-vpnclient -l /var/log/openvpn-client.log
echo "Restarting OpenVPN..."
systemctl restart ynh-vpnclient \
|| (echo "Logs:" && cat /var/log/openvpn-client.log && exit 1)
sleep 5
}
install_hotspot() {
echo "Installing the Hotspot application..."
yunohost app install https://github.com/labriqueinternet/hotspot_ynh \
--args "domain=$domain&path=/wifiadmin&wifi_ssid=$wifi_ssid&wifi_passphrase=$dummy_pwd&firmware_nonfree=yes"
}
configure_hostpot() {
echo "Configuring the hotspot..."
# Removing the persistent Net rules to keep the Wifi device to wlan0
rm -f /etc/udev/rules.d/70-persistent-net.rules
# Restrict user access to the app
yunohost app addaccess hotspot -u $username
# Ensure that the hotspot is activated and that the IPv6 prefix is set
yunohost app setting hotspot service_enabled -v "1"
yunohost app setting hotspot ip6_net -v "$ip6_net"
yunohost app setting hotspot ip6_addr -v "${ip6_net}42"
# Add the service to YunoHost's monitored services
yunohost service add ynh-hotspot -l /var/log/syslog
echo "Restarting the hotspot..."
systemctl restart ynh-hotspot
}
# ----------------------------------
# Optional steps
# ----------------------------------
fix_yunohost_services() {
# Add/remove some services to comply to the Cube's services
yunohost service add dnsmasq -l /var/log/syslog \
|| echo "dnsmasq already listed in services"
yunohost service add nslcd -l /var/log/syslog \
|| echo "nslcd already listed in services"
yunohost service add spamassassin -l /var/log/mail.log \
|| echo "spamassassin already listed in services"
yunohost service remove bind9 || echo "Bind9 already removed"
}
remove_dyndns_cron() {
yunohost dyndns update > /dev/null 2>&1 \
&& echo "Removing the DynDNS cronjob..." \
|| echo "No DynDNS to remove"
rm -f /etc/cron.d/yunohost-dyndns
}
add_vpn_restart_cron() {
echo "Adding a cronjob to ensure the VPN functioning..."
echo "* * * * * root /bin/ip a s tun0 > /dev/null 2>&1 || systemctl restart ynh-vpnclient" > /etc/cron.d/restart-vpn
}
configure_DKIM() {
if [ "$install_dkim" = "Yes" ]; then
echo "Configuring the DKIM..."
git clone https://github.com/polytan02/yunohost_auto_config_basic
pushd yunohost_auto_config_basic
source ./5_opendkim.sh
popd
fi
}
display_win_message() {
ip6=$(ip -6 addr show tun0 | awk -F'[/ ]' '/inet/{print $6}' || echo 'ERROR')
ip4=$(ip -4 addr show tun0 | awk -F'[/ ]' '/inet/{print $6}' || echo 'ERROR')
cat <<EOF
VICTOIRE !
Your Cube has been configured properly. Please set your DNS records as below:
@ 14400 IN A $ip4
@ 14400 IN AAAA $ip6
_xmpp-client._tcp 14400 IN SRV 0 5 5222 $domain.
_xmpp-server._tcp 14400 IN SRV 0 5 5269 $domain.
@ 14400 IN MX 5 $domain.
@ 14400 IN TXT "v=spf1 a mx ip4:$ip4 ip6:$ip6 -all"
$(cat /etc/opendkim/keys/$domain/mail.txt > /dev/null 2>&1 || echo '')
EOF
if [ ! -z "$additional_domain" ]; then
echo "/!\\ Do not forget to configure your DNS records for '$additional_domain' as well"
fi
cat <<EOF
/!\\ Do not forget to change:
* The administration password
* The user password
* The root password
* The Wifi AP password
EOF
}
# ----------------------------------
# Operation order (you can deactivate some if your script has failed in the middle)
# ----------------------------------
get_variables
modify_hosts
upgrade_system
postinstall_yunohost
add_additional_domain
fix_userdir_creation
create_yunohost_user
install_vpnclient
configure_vpnclient
install_hotspot
configure_hostpot
fix_yunohost_services
remove_dyndns_cron
add_vpn_restart_cron
configure_DKIM
display_win_message