diff options
Diffstat (limited to 'retiolum/scripts/tinc_setup')
| -rw-r--r-- | retiolum/scripts/tinc_setup/README | 18 | ||||
| -rw-r--r-- | retiolum/scripts/tinc_setup/autoupdate_cron.sh | 7 | ||||
| -rwxr-xr-x | retiolum/scripts/tinc_setup/build_arch.sh | 14 | ||||
| -rwxr-xr-x | retiolum/scripts/tinc_setup/build_debian.sh | 32 | ||||
| -rwxr-xr-x | retiolum/scripts/tinc_setup/build_debian_clean.sh | 31 | ||||
| -rwxr-xr-x | retiolum/scripts/tinc_setup/build_ec2.sh | 16 | ||||
| -rw-r--r-- | retiolum/scripts/tinc_setup/build_no.de.sh | 1 | ||||
| -rwxr-xr-x | retiolum/scripts/tinc_setup/install.sh | 84 | ||||
| -rwxr-xr-x | retiolum/scripts/tinc_setup/new_install.sh | 358 | ||||
| -rwxr-xr-x | retiolum/scripts/tinc_setup/tinc-up | 25 |
10 files changed, 586 insertions, 0 deletions
diff --git a/retiolum/scripts/tinc_setup/README b/retiolum/scripts/tinc_setup/README new file mode 100644 index 00000000..11d6f6e9 --- /dev/null +++ b/retiolum/scripts/tinc_setup/README @@ -0,0 +1,18 @@ +This directory contains the build and install scripts for shack-retiolum + +1. build_arch + arch linux build script +2. build_debian + debian build script +3. build_debian_clean + debian script which builds a clean tinc daemon +4. build_ec2 + Amazon ec2 base instance build script +5. install.sh + configures the tinc daemon + $1 is the nickname + $2 is the ip-address + also writes a python file inside the tinc/retiolum folder which posts + the public key into the IRC:freenode/#tincspasm +6. build_no.de + nonfunct no.de smartmachine build script diff --git a/retiolum/scripts/tinc_setup/autoupdate_cron.sh b/retiolum/scripts/tinc_setup/autoupdate_cron.sh new file mode 100644 index 00000000..d5d41aaf --- /dev/null +++ b/retiolum/scripts/tinc_setup/autoupdate_cron.sh @@ -0,0 +1,7 @@ +cat <<EOF +# Add these lines to your crontab: + +12 23 * * * /home/node/usr/sbin/tincd -n retiolum &>/dev/null +12 23 * * * cd /home/node/etc/tinc/retiolum/hosts/ && /opt/local/bin/git pull && pkill -HUP tincd +EOF + diff --git a/retiolum/scripts/tinc_setup/build_arch.sh b/retiolum/scripts/tinc_setup/build_arch.sh new file mode 100755 index 00000000..5ef5d765 --- /dev/null +++ b/retiolum/scripts/tinc_setup/build_arch.sh @@ -0,0 +1,14 @@ +#!/bin/sh +set -e +sudo pacman -S openssl gcc lzo +curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz +cd tinc-1.0.13 +./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var +make +sudo make install +cd .. + +echo "overwriting python to python2" +sed 's/\/usr\/bin\/python/\/usr\/bin\/python2/g' install.sh >install2.sh +mv install2.sh install.sh + diff --git a/retiolum/scripts/tinc_setup/build_debian.sh b/retiolum/scripts/tinc_setup/build_debian.sh new file mode 100755 index 00000000..52e61390 --- /dev/null +++ b/retiolum/scripts/tinc_setup/build_debian.sh @@ -0,0 +1,32 @@ +#!/bin/bash +set -x +if [ ! "$MYIP" ] +then + MYIP=10.0.7.7.55 +fi +if [ ! "$MYHOSTNAME" ] +then + MYHOSTNAME="penis" +fi + +if [ "$MYHOSTNAME" = "penis" ]; +then + read -n1 -p "name is penis, are u sure? [yN]" + if [[ "$REPLY" != [yY] ]] + then + echo "then better RTFC" + echo "bailing out" + exit 0 + fi +fi +apt-get install tinc git curl python + +./install.sh "$MYHOSTNAME" "$MYIP" + +# for autostart +sed -i '/retiolum/d' /etc/tinc/nets.boot +echo "retiolum" >> /etc/tinc/nets.boot +sed -i '/EXTRA/d' /etc/tinc/nets.boot +echo "EXTRA=\"\"" >> /etc/default/tinc + +/etc/init.d/tinc start diff --git a/retiolum/scripts/tinc_setup/build_debian_clean.sh b/retiolum/scripts/tinc_setup/build_debian_clean.sh new file mode 100755 index 00000000..a7332f4e --- /dev/null +++ b/retiolum/scripts/tinc_setup/build_debian_clean.sh @@ -0,0 +1,31 @@ +#!/bin/bash +set -xe +MYIP=10.0.7.7.55 + +apt-get install tinc git curl gcc gcc-dev build-essential libssl-dev python + +git clone https://github.com/makefu/shack-retiolum.git + +mkdir build +cd build +curl http://www.oberhumer.com/opensource/lzo/download/lzo-2.04.tar.gz | tar +xz +cd lzo-2.04 +./configure --prefix=/usr +make +sudo make install +cd .. +curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz +cd tinc-1.0.13 +./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var +make +sudo make install +cd ../.. + +cd shack-retiolum +./install.sh `hostname` $MYIP + +rm shack-retiolum +# for autostart +echo "retiolum" >> /etc/tinc/nets.boot +echo "EXTRA=\"--user=tincd --chroot\"" >> /etc/default/tinc diff --git a/retiolum/scripts/tinc_setup/build_ec2.sh b/retiolum/scripts/tinc_setup/build_ec2.sh new file mode 100755 index 00000000..79f2af28 --- /dev/null +++ b/retiolum/scripts/tinc_setup/build_ec2.sh @@ -0,0 +1,16 @@ +#!/bin/sh +set -e +sudo yum install -y gcc openssl-devel +mkdir build +cd build +curl http://www.oberhumer.com/opensource/lzo/download/lzo-2.04.tar.gz | tar xz +cd lzo-2.04 +./configure --prefix=/usr +make +sudo make install +cd .. +curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz +cd tinc-1.0.13 +./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var +make +sudo make install diff --git a/retiolum/scripts/tinc_setup/build_no.de.sh b/retiolum/scripts/tinc_setup/build_no.de.sh new file mode 100644 index 00000000..2976d3a2 --- /dev/null +++ b/retiolum/scripts/tinc_setup/build_no.de.sh @@ -0,0 +1 @@ +pkgin in lzo gcc-tools gcc-compiler gcc34 diff --git a/retiolum/scripts/tinc_setup/install.sh b/retiolum/scripts/tinc_setup/install.sh new file mode 100755 index 00000000..9efe863c --- /dev/null +++ b/retiolum/scripts/tinc_setup/install.sh @@ -0,0 +1,84 @@ +#! /bin/sh +# USE WITH GREAT CAUTION +set -eu + +if test "${nosudo-false}" != true -a `id -u` != 0; then + echo "we're going sudo..." >&2 + exec sudo "$0" "$@" + exit 23 # go to hell +fi + +#make -C ../../ update +set -e +DIRNAME=`dirname $0` +CURR=`readlink -f ${DIRNAME}` +MYBIN=${CURR}/../../bin +netname=retiolum +# create configuration directory for $netname +mkdir -p /etc/tinc/$netname/hosts +cd /etc/tinc/$netname + +echo "added known hosts:" +ls -1 hosts | LC_ALL=C sort +echo "delete the nodes you do not trust!" + +hostname="${HOSTNAME-`cat /etc/hostname`}" +myname="${1:-}" +if [ ! "$myname" ] +then + printf "select node name [$hostname]: " + read myname + if test -z "$myname"; then + myname="$hostname" + fi +fi +if [ ! -e "hosts/$myname" ] +then + + # TODO eloop until we found a free IPv4 + # myipv4=$(echo 42.$(for i in `seq 1 3`; do echo "ibase=16;`bin/fillxx xx|tr [a-f] [A-F]`" | bc; done)|tr \ .)/32 + + myipv4="${2:-}" + mynet4=10.243.0.0 + + if [ ! "$myipv4" ] + then + printf 'select v4 subnet ip (1-255): ' + read v4num + until $MYBIN/check-free-retiolum-v4 10.243.0.$v4num; do + echo "your're an idiot!" + printf 'select unused v4 subnet ip (1-255): ' + read v4num + done + myipv4="10.243.0.$v4num" + fi + echo "Subnet = $myipv4" > hosts/$myname + + myipv6=`$MYBIN/fillxx 42:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx`/128 + echo "Subnet = $myipv6" >> hosts/$myname +else + echo "own host file already exists! will not write again!" +fi + +cat>tinc.conf<<EOF +Name = $myname +ConnectTo = euer +ConnectTo = albi10 +ConnectTo = pigstarter +ConnectTo = slowpoke +Device = /dev/net/tun +EOF + +if [ ! -e rsa_key.priv ] +then + echo "creating new keys" + tincd -n $netname -K + $MYBIN/announce_pubkey $myname || \ + echo "cannot write public key to IRC, you are on your own. Good Luck" +else + echo "key files already exist, skipping" + echo "if you know what you are doing, remove rsa_key.priv" +fi +# add user tincd +# this is what the setup scripts for the distribution has to do +#useradd tincd diff --git a/retiolum/scripts/tinc_setup/new_install.sh b/retiolum/scripts/tinc_setup/new_install.sh new file mode 100755 index 00000000..76ed9e70 --- /dev/null +++ b/retiolum/scripts/tinc_setup/new_install.sh @@ -0,0 +1,358 @@ +#!/bin/sh + +#get sudo +if test "${nosudo-false}" != true -a `id -u` != 0; then + echo "we're going sudo..." >&2 + exec sudo -E "$0" "$@" + exit 23 # go to hell +fi +set -euf +# +SUBNET4=${SUBNET4:-10.243} +SUBNET6=${SUBNET6:-42} +TEMPDIR=${TEMPDIR:-auto} +TINCDIR=${TINCDIR:-auto} +exists() { type "$1" >/dev/null 2>/dev/null; } + +if exists hostname ;then SYSHOSTN=${HOSTNAME:-$(hostname)} +elif exists uci ;then SYSHOSTN=$(uci get system.@system[0].hostname) +elif [ -e /etc/hostname ] ;then SYSHOSTN=$(cat /etc/hostname) +else SYSHOSTN="unknown" +fi + +#overwrite `found` hostname +HOSTN=${HOSTN:-$SYSHOSTN} +NETNAME=${NETNAME:-retiolum} +MASK4=${MASK4:-16} +MASK6=${MASK6:-16} +RMASK=${RMASK:-255.255.0.0} +URL=${URL:-http://euer.krebsco.de/retiolum/hosts.tar.gz} +SURL=${SURL:-http://euer.krebsco.de/retiolum/supernodes.tar.gz} + +IRCCHANNEL=${IRCCHANNEL:-"#krebs_incoming"} +IRCSERVER=${IRCSERVER:-"irc.freenode.net"} +IRCPORT=${IRCPORT:-6667} + +OS=${OS:-0} +TELNET=${TELNET:-} + +IP4=${IP4:-0} +IP6=${IP6:-0} + +RAND4=1 +RAND6=1 + +#convert hostmask to subnetmask only version 4 +host2subnet() +{ + NEEDDOTSINSUB=$(expr 3 - $( echo $SUBNET4 | tr -C -d . | wc -c)) + case $NEEDDOTSINSUB in + 3) FULLSUBNET=$SUBNET4.0.0.0 ;; + 2) FULLSUBNET=$SUBNET4.0.0 ;; + 1) FULLSUBNET=$SUBNET4.0 ;; + 0) FULLSUBNET=$SUBNET4 ;; + *) echo "cannot read subnet" && exit 1;; + esac +} + +#check if ip is valid ipv4 function +check_ip_valid4() +{ + if [ "$(echo $1 | awk -F"\." ' $0 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}$/ && $1 <=255 && $2 <= 255 && $3 <= 255 && $4 <= 255 ' 2>/dev/null)" == "$1" ] && [ ${1:0:${#SUBNET4}} == $SUBNET4 ] + then + return 0 + else + return 1 + fi +} + +#check if ip is valid ipv6 function +check_ip_valid6() +{ + if [ "$(echo $1 | awk -F"." ' $0 ~ /^([0-9a-fA-F]{1,4}\:){7}[0-9a-fA-F]{1,4}$/' 2>/dev/null)" == $1 ] && [ ${1:0:${#SUBNET6}} == $SUBNET6 ] + then + return 0 + else + return 1 + fi +} + +#check if ip is taken function +check_ip_taken() +{ + if grep -q -r -E "$1(#|/)" $TEMPDIR/hosts/ ;then + return 1 + else + return 0 + fi +} + +#if hostname is taken, count upwards until it isn't taken function +get_hostname() +{ + TSTFILE=$TEMPDIR/hosts/$1 + LCOUNTER=0 + if test -e $TSTFILE; then + while test -e $TSTFILE; do + : $((LCOUNTER+=1)) + TSTFILE=$TEMPDIR/hosts/$1$LCOUNTER + done + HOSTN=$1$LCOUNTER + else + HOSTN=$1 + fi +} + +#os autodetection +find_os() +{ + if grep -qe 'Linux' /etc/*release 2>/dev/null || grep -qe 'Linux' /etc/issue 2>/dev/null; then + OS='linux' + elif exists getprop ; then + OS='android' + elif test -e /etc/openwrt_release; then + OS='openwrt' + elif uname -s | grep -qi 'darwin'; then + OS='osx' + else + echo "Cannot determine your operating system, falling back to Linux" + OS='linux' + fi +} + +find_telnet(){ + if exists telnet >/dev/null;then + TELNET="`command -v telnet`" + elif exists busybox >/dev/null;then + TELNET="`command -v busybox` telnet" + else + echo "cannot find telnet binary, please install either telnet-client or busybox" + echo "bailing out!" + exit 1 + fi +} + +if [ $IP4 -eq 0 ]; then + RAND4=1 +elif ! check_ip_valid4 $IP4; then + echo 'ip4 is invalid' + exit 1 +fi +if [ $IP6 -eq 0 ]; then + RAND6=1 +elif ! check_ip_valid6 $IP6; then + echo 'ip6 is invalid' + exit 1 +fi + +#find OS +if [ $OS -eq 0 ]; then + find_os +fi +if [ -z "$TELNET" ]; then + find_telnet +fi +#check if everything is installed +if ! exists awk ; then + echo "Please install awk" + exit 1 +fi + +if ! exists curl ; then + if ! exists wget ; then + echo "Please install curl or wget" + exit 1 + else + LOADER='wget -O-' + HEAD_LOADER="$LOADER --spider" + fi +else + LOADER=curl + HEAD_LOADER="$LOADER -I" +fi + +if ! $HEAD_LOADER $SURL >/dev/null 2>/dev/null ;then + echo "Cannot find supernode package, check if your internet is working" + exit 1 +fi + +#check if everything is installed +if [ $OS = 'android' ]; then + if ! test -e /data/data/org.poirsouille.tinc_gui/files/tincd; then + echo "Please install tinc-gui" + exit 1 + else + TINCBIN=/data/data/org.poirsouille.tinc_gui/files/tincd + DEV="/dev/tun" + if [ $TINCDIR = 'auto' ]; then TINCDIR="/usr/local/etc/tinc" ;fi + if [ $TEMPDIR = 'auto' ]; then TEMPDIR="/storage/sdcard0/tinc-fu" ;fi + mount -o remount,rw / + mount -o remount,rw /system + fi +elif [ $OS = 'osx' ]; then + if ! exists tincd >/dev/null; then + echo "Please install tinc" + exit 1 + else + TINCBIN=tincd + DEV="/dev/net/tun" + if [ $TINCDIR = 'auto' ]; then TINCDIR="/usr/local/etc/tinc" ;fi + if [ $TEMPDIR = 'auto' ]; then TEMPDIR="/tmp/tinc-install-fu" ;fi + fi +else + if ! exists tincd >/dev/null; then + echo "Please install tinc" + exit 1 + else + TINCBIN=tincd + DEV="/dev/net/tun" + if [ $TINCDIR = 'auto' ]; then TINCDIR="/etc/tinc" ;fi + if [ $TEMPDIR = 'auto' ]; then TEMPDIR="/tmp/tinc-install-fu" ;fi + fi +fi + +#generate full subnet information for v4 + +#test if tinc directory already exists +if test -e $TINCDIR/$NETNAME; then + echo "tinc config directory $TINCDIR/$NETNAME does already exist. (backup and) delete config directory and restart" + exit 1 +fi + +#get tinc-hostfiles +mkdir -p $TEMPDIR/hosts +$LOADER $URL | tar zx -C $TEMPDIR/hosts/ + +#check for free ip +#version 4 +until check_ip_taken $IP4; do + if [ $RAND4 -eq 1 ]; then + IP4="$SUBNET4.$(( $(head /dev/urandom | tr -dc "123456789" | head -c3) %255)).$(( $(head /dev/urandom | tr -dc "123456789" | head -c3) %255))" + else + printf 'choose new ip: ' + read IP4 + while ! check_ip_valid4 $IP4; do + printf 'the ip is invalid, retard, choose a valid ip: ' + read IP4 + done + fi +done + +#version 6 +until check_ip_taken $IP6; do + if [ $RAND6 -eq 1 ]; then + NETLENGTH=$(expr $(expr 128 - $MASK6) / 4) + IP6="$SUBNET6$(head /dev/urandom | tr -dc "0123456789abcdef" | head -c$NETLENGTH | sed 's/..../:&/g')" #todo: generate ip length from hostmask + else + printf 'ip taken, choose new ip: ' + + read IP6 + while ! check_ip_valid6 $IP6; do + printf 'the ip is invalid, retard, choose a valid ip: ' + read IP6 + done + fi +done + + +#check for free hostname +get_hostname $HOSTN + + +#create the configs +mkdir -p $TINCDIR/$NETNAME +cd $TINCDIR/$NETNAME + +if [ $OS = 'openwrt' ]; then + mkdir hosts + $LOADER $SURL | tar xz -C hosts/ +else + mv $TEMPDIR/hosts ./ +fi + +rm -r $TEMPDIR || echo "$TEMPDIR does not exist, skipping removal" + +echo "Subnet = $IP4" > hosts/$HOSTN +echo "Subnet = $IP6" >> hosts/$HOSTN + +cat>tinc.conf<<EOF +Name = $HOSTN +Device = $DEV + +#newer tinc features +LocalDiscovery = yes +AutoConnect = 3 + +#ConnectTos +ConnectTo = slowpoke +ConnectTo = pigstarter +ConnectTo = pico +EOF + +host2subnet $MASK4 + +#check if ip is installed +if exists ip >/dev/null; then + echo 'dirname="`dirname "$0"`"' > tinc-up + echo '' >> tinc-up + echo 'conf=$dirname/tinc.conf' >> tinc-up + echo '' >> tinc-up + echo 'name=$(sed -n "s|^ *Name *= *\([^ ]*\) *$|\\1|p" $conf)' >> tinc-up + echo '' >> tinc-up + echo 'host=$dirname/hosts/$name' >> tinc-up + echo '' >> tinc-up + echo 'ip link set $INTERFACE up' >> tinc-up + echo '' >> tinc-up + echo "addr4=\$(sed -n \"s|^ *Subnet *= *\\($SUBNET4[.][^ ]*\\) *\$|\\\\1|p\" \$host)" >> tinc-up + echo 'ip -4 addr add $addr4 dev $INTERFACE' >> tinc-up + echo "ip -4 route add $FULLSUBNET/$MASK4 dev \$INTERFACE" >> tinc-up + echo '' >> tinc-up + echo "addr6=\$(sed -n \"s|^ *Subnet *= *\\($SUBNET6[:][^ ]*\\) *\$|\\\\1|p\" \$host)" >> tinc-up + echo 'ip -6 addr add $addr6 dev $INTERFACE' >> tinc-up + echo "ip -6 route add $SUBNET6::/$MASK6 dev \$INTERFACE" >> tinc-up +else + echo 'dirname="`dirname "$0"`"' > tinc-up + echo '' >> tinc-up + echo 'conf=$dirname/tinc.conf' >> tinc-up + echo '' >> tinc-up + echo 'name=$(sed -n "s|^ *Name *= *\([^ ]*\) *$|\\1|p" $conf)' >> tinc-up + echo '' >> tinc-up + echo 'host=$dirname/hosts/$name' >> tinc-up + echo '' >> tinc-up + echo "addr4=\$(sed -n \"s|^ *Subnet *= *\\($SUBNET4[.][^ ]*\\) *$|\\\\1|p\" \$host)" >> tinc-up + echo 'ifconfig $INTERFACE $addr4' >> tinc-up + echo "route add -net $FULLSUBNET netmask $RMASK dev \$INTERFACE " >> tinc-up +fi + +#fix permissions +chmod +x tinc-up +chown -R 0:0 . + +#generate keys with tinc +if exists tincctl ; then + yes | tincctl -n $NETNAME generate-keys + cat rsa_key.pub >> hosts/$HOSTN +else + yes | $TINCBIN -n $NETNAME -K +fi + +if [ $OS = 'android' ]; then + mkdir /etc/tinc + cd / + mv $TINCDIR/$NETNAME /etc/tinc/ + cd /etc/tinc/$NETNAME +fi +#write to irc-channel +NICK="${HOSTN}_$(head /dev/urandom | tr -dc "0123456789" | head -c3)" + +( echo "NICK $NICK"; + echo "USER $NICK $IRCSERVER bla : $NICK"; + echo "JOIN $IRCCHANNEL"; + sleep 23; + echo "PRIVMSG $IRCCHANNEL : This is $HOSTN"; + sed "s/^\(.*\)/PRIVMSG $IRCCHANNEL : \1/" hosts/$HOSTN; + sleep 5; ) | $TELNET $IRCSERVER $IRCPORT + + +# finish what you have begun! +tincd -n $NETNAME diff --git a/retiolum/scripts/tinc_setup/tinc-up b/retiolum/scripts/tinc_setup/tinc-up new file mode 100755 index 00000000..a829528d --- /dev/null +++ b/retiolum/scripts/tinc_setup/tinc-up @@ -0,0 +1,25 @@ +# source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up + +dirname="`dirname "$0"`" + +conf=$dirname/tinc.conf + +name=`sed -n 's|^ *Name *= *\([^ ]*\) *$|\1|p' $conf` + +host=$dirname/hosts/$name + +ip link set $INTERFACE up + +addr4=`sed -n 's|^ *Subnet *= *\(10[.][^ ]*\) *$|\1|p' $host` +if [ "$addr4" != '' ];then + ip -4 addr add $addr4 dev $INTERFACE + ip -4 route add 10.243.0.0/16 dev $INTERFACE +else + addr4=`sed -n 's|^ *Subnet *= *\(42[.][^ ]*\) *$|\1|p' $host` + ip -4 addr add $addr4 dev $INTERFACE + ip -4 route add 42.0.0.0/16 dev $INTERFACE +fi + +addr6=`sed -n 's|^ *Subnet *= *\(42[:][^ ]*\) *$|\1|p' $host` +ip -6 addr add $addr6 dev $INTERFACE +ip -6 route add 42::/16 dev $INTERFACE |