Deploy script: fix media perm, fix /etc/hosts

changelog_todo.md

@@ -38,13 +38,26 @@ sha256 :
   * Add media folder sync (scp, rsync, http upload)
   * General filesystem clean up
 
+
+# FS checklist
+  * /etc/dhcpcd.conf
+  * /etc/ssh/sshd_config
+  * ~/.ssh/authorized_keys
+  * ~/Videos/*
+  * /etc/hostname, /etc/hosts
+  * /etc/ssl/private/nginx-selfsigned.key
+  * /etc/ssl/certs/nginx-selfsigned.crt
+  * /etc/wpa_supplicant/wpa_supplicant.conf
+  
+
 # DOING NEXT :
- * ~ Test static IP
  * Test with several rpis
+ * Define http auth secret at setup
  
 #  DONE :
   * media sync (scp, rsync, http)
   * Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs
+  * Test static IP ok
   
 # OTHER: 
  * get_client_rssi.sh on server
@@ -55,7 +68,6 @@ sha256 :
 
  * ? Scripts hotspot linux/win/mac
  * ? Config sync
- * ? 
  * ? Linux Minimal Virtualbox image
  * ! Remove git personal details/resolv.conf, remove authorized_keys, ssh config, clean home, re-enable ssh pw login
  * ~ Doc

linux_server_deploy.sh

@@ -62,28 +62,33 @@ nmcli con modify $SSID wifi-sec.key-mgmt wpa-psk
 nmcli con modify $SSID 802-11-wireless-security.proto rsn
 nmcli con modify $SSID 802-11-wireless-security.pairwise ccmp
 nmcli con modify $SSID wifi-sec.psk $PASSWD
-nmcli radio wifi on
-nmcli con up $SSID
 
 # 0.a set IP range on server
-echo -e "Setting IP range in /etc/NetworkManager/system-connections/$SSID.nmconnection ... \n"
-#~ sed "/\[ipv4\]/a address1=$IP_RANGE/24, $IP_RANGE" /etc/NetworkManager/system-connections/$SSID.nmconnection
+echo -e "Setting IP range $IP_RANGE/24 in /etc/NetworkManager/system-connections/$SSID.nmconnection ... \n"
+sudo sed -i "/method=shared/a address1=$IP_RANGE/24, $IP_RANGE" /etc/NetworkManager/system-connections/$SSID.nmconnection
+sudo systemctl restart NetworkManager
+
+nmcli radio wifi on
+nmcli con up $SSID
 
 # 0.b ask for number of clients
 # This will be used to determine static IP
 yellow "Nombre de clients à configurer : "
 read -n 4 CLIENT_NUMBER
 green "Got $CLIENT_NUMBER...\n"
-# Get first IP in specified range and add 1
-IP=$(echo $IP_RANGE | awk -F. '{print $4}')
-
-echo -e "First IP is $(($IP+1)) ...\n"
+# For some reason networkmanager finds it clever to offer only IPs in range 10-255 even when asked for a /24, /28, etc...
+# So IPs start at 10
+# Get first IP in specified range
+#~ IP=$(echo $IP_RANGE | awk -F. '{print $4}')
+FIRST=1
+IP=10
+echo -e "First IP is $(($RANGE_START)) ...\n"
 # Remove IP's last byte
 IP_RANGE_3B=$(echo $IP_RANGE | awk -F. '{print $1"."$2"."$3"."}')
 # Generate SSL cert with IPs in IP_RANGE
-IP_CNT=$(($IP+1))
+IP_CNT=$IP
 IP_ARRAY=()
-while [ $IP_CNT -le $(($CLIENT_NUMBER+$IP)) ] 
+while [ $IP_CNT -lt $(($CLIENT_NUMBER+$IP)) ] 
 do
     IP_ARRAY+=("IP:$IP_RANGE_3B$IP_CNT")
     ((IP_CNT++))
@@ -95,7 +100,7 @@ yellow "Got host list : $HOST_LIST \n"
 # https://unix.stackexchange.com/questions/104171/create-ssl-certificate-non-interactively
 yellow "Generating SSL crt/key for $HOST_LIST...\n"
 openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 \
--subj "/C=/ST=Denial/L=/O=/CN=$IP_RANGE$IP" \
+-subj "/C=/ST=Denial/L=/O=/CN=$IP_RANGE$FIRST" \
 -addext "subjectAltName=$HOST_LIST" \
 -keyout "$CONFIG_DIR/selfCA.key" -out "$CONFIG_DIR/selfCA.crt"
 #sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" -out "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt"
@@ -104,7 +109,7 @@ openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 \
 for HOST in "${IP_ARRAY[@]}"
 do
     HOST=$(echo $HOST | awk -F: '{print $2}')
-    HOST_NAME="videopi-$(echo $HOST | awk -F. '{print $4}')"
+    HOST_NAME="pilpil-$(echo $HOST | awk -F. '{print $4}')"
     #  1. Copy img to sd
     green "Operation 1/13 : Imaging $SDCARD with the file $DISK_IMAGE ...\n"
     red  "Are you sure you want to ERASE THE CONTENT of $SDCARD ? Type uppercase 'yes' to confirm."
@@ -117,11 +122,11 @@ do
     red "Received answer $GO_DD. Running dd on $SDCARD in 5 seconds."
     sleep 5
     GO_DD=0
-    xzcat "$DISK_IMAGE" | sudo dd of=$SDCARD bs="$DD_BS" oflag=dsync status=progress && sync
     # unmount / remount new filesystem
-    green "Operation 2/13 : Unmounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\n" 
+    green "Unmounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\n" 
     umount $BOOT_MOUNT
     umount $ROOTFS_MOUNT
+    xzcat "$DISK_IMAGE" | sudo dd of=$SDCARD bs="$DD_BS" oflag=dsync status=progress && sync
     green "Operation 3/13 : Remounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\n" 
     echo "Remounting..."
     sleep 1
@@ -130,6 +135,7 @@ do
     green "Operation 4/13 : Changing hostname to $HOST_NAME ...\n" 
     # Change hostname
     echo "$HOST_NAME" | sudo tee "$ROOTFS_MOUNT/etc/hostname"
+    echo -e "127.0.1.1\t$HOST_NAME" | sudo tee -a "$ROOTFS_MOUNT/etc/hosts"
     ## Enable SSH
     green "Operation 5/13 : Enabling SSH server on boot ...\n" 
     touch "$BOOT_MOUNT/ssh"
@@ -154,14 +160,13 @@ do
     sync
     #  3. Configure wifi with static IP
     green "Operation 9/13 : Configuring wireless connection to $SSID with pw $PASSWD :  ...\n" 
-    echo "
-    ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
+    echo "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
 update_config=1
 country=FR
 
 network={
-        ssid='$SSID' # Nom du réseau auquel on se connecte
-        psk='$PASSWD' # Mot de passe wifi
+    ssid=\"$SSID\" # Nom du réseau auquel on se connecte
+    psk=\"$PASSWD\" # Mot de passe wifi
     # Optional parameters
     # scan_ssid=1 # hidden ssid 
     # Specify 2.4 or 5G freq
@@ -182,14 +187,17 @@ do
     sync
     #  6. Copy medias
     green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n" 
-    sudo rsync -auv "$LOCAL_MEDIA_DIR/" "$REMOTE_MEDIA_DIR/"
+    USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' )
+    GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' )
+    sudo cp "$LOCAL_MEDIA_DIR/*" "$REMOTE_MEDIA_DIR/"
+    sudo chown $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR/*"
     sync
     # Unmount FS
     green "Operation 13/13 : Unmounting filesystems"
     umount $BOOT_MOUNT
     umount $ROOTFS_MOUNT
-    yellow "Client $IP/$CLIENT_NUMBER done."
-    if [ "$IP" -lt "$CLIENT_NUMBER" ]
+    yellow "Client $(($IP-10))/$CLIENT_NUMBER done."
+    if [ $(($IP+1)) -le $(($CLIENT_NUMBER+$IP)) ]
     then
         red "Please swap sd card in reader and enter uppercase 'yes' to proceed with next client :"
         read -n 4 GO_ON

pilpil-server.toml

@@ -10,7 +10,7 @@ media_exts = ["mp4", "avi", "mkv"]
 auth  = "secret" 
 # OnNlY3JldA==
 cmd_auth  = "secret"
-hosts = ["10.42.0.135", "10.42.0.156"]
+hosts = ["10.42.0.10", "10.42.0.11"]
 # VLC http LUA port
 port = 8887
 # Clients cmd port

prepa_rpios.md

@@ -393,7 +393,7 @@ server {
     listen 443 ssl;
     ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
-    server_name example.com;
+    #server_name example.com;
  location / {
             proxy_pass http://your.ip.adress:5000;
             proxy_set_header X-Real-IP $remote_addr;
@@ -407,6 +407,30 @@ server {
 
 ```
 
+#### Fix nginx startup fail if /var/log/nginx doesn't exists
+
+In '/etc/nginx/mklogdir.sh' :
+```bash
+#!/bin/bash
+if [[ ! -d /var/log/nginx ]]
+then
+    mkdir /var/log/nginx
+    systemctl restart nginx
+fi
+```
+then `sudo chmod +x /etc/nginx/mklogdir.sh`.
+
+After that, edit the nginx service unit to add a `ExecStartPre` directive to run the script :
+
+```
+sudo systemctl edit --full nginx.service 
+
+[Service]
+Type=forking
+PIDFile=/run/nginx.pid
+ExecStartPre=/etc/nginx/mklogdir.sh # Add this line
+```
+
 ### Bash script 
 
 ```bash