Switch to bullseye, fix conn.close(), deploy script
This commit is contained in:
parent
29b125725e
commit
abb06f9c80
9
app.py
9
app.py
|
@ -244,9 +244,14 @@ def sendCommand(host, arg0, arg1, arg2):
|
||||||
conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )
|
conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )
|
||||||
try:
|
try:
|
||||||
conn.request( "GET", req, headers = headers )
|
conn.request( "GET", req, headers = headers )
|
||||||
|
resp = conn.getresponse()
|
||||||
|
except http.client.HTTPException:
|
||||||
|
print("Connection to " + host + " timed out")
|
||||||
|
return "Connection to " + host + " timed out"
|
||||||
except:
|
except:
|
||||||
return "Connection to " + host + " was refused on port " + str(portl)
|
return "Error while connecting to " + host + ":" + str(portl)
|
||||||
resp = conn.getresponse()
|
finally:
|
||||||
|
conn.close()
|
||||||
# Parse response
|
# Parse response
|
||||||
data = resp.read()
|
data = resp.read()
|
||||||
|
|
||||||
|
|
|
@ -28,15 +28,15 @@ sha256 : 0fe3fe76d0e56e445124fa20646fa8b3d8c59568786b3ebc8a96d83d92f203e3
|
||||||
* Use nginx reverse proxy + SSL between server and clients ( https://medium.com/@antelle/how-to-generate-a-self-signed-ssl-certificate-for-an-ip-address-f0dd8dddf754 )
|
* Use nginx reverse proxy + SSL between server and clients ( https://medium.com/@antelle/how-to-generate-a-self-signed-ssl-certificate-for-an-ip-address-f0dd8dddf754 )
|
||||||
* Webgui beautifying
|
* Webgui beautifying
|
||||||
|
|
||||||
## 0.4 : 2022-10-19-videopi.img.xz
|
## 0.4 : 2022-10-21-videopi.img.xz
|
||||||
md5 :
|
md5 : 2a54eb1763060db652c4c5d89c07ef2a
|
||||||
sha256 :
|
sha256 : 10b65d5260222e4cdc591ad5384247cbc22d515dc55ea6b31b2daf0b6fd01004
|
||||||
|
|
||||||
* Apt upgrade
|
* Switch to rpi os Bullseye
|
||||||
* Switch to user 'pil', pw 'pilpoil'
|
* Switch to user 'pil', pw 'pilpoil'
|
||||||
* client config file parsing ( look for 'pilpil-client.toml' in ./, ~/., ~/.config/)
|
* client config file parsing ( look for 'pilpil-client.toml' in ./, ~/., ~/.config/)
|
||||||
* Add media folder sync (scp, rsync, http upload)
|
* Add media folder sync (scp, rsync, http upload)
|
||||||
* General filesystem clean up
|
* Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs
|
||||||
|
|
||||||
|
|
||||||
# FS checklist
|
# FS checklist
|
||||||
|
@ -51,14 +51,11 @@ sha256 :
|
||||||
|
|
||||||
|
|
||||||
# DOING NEXT :
|
# DOING NEXT :
|
||||||
* Test with several rpis
|
* ~ Test with several rpis
|
||||||
* Define http auth secret at setup
|
* Define http auth secret at setup
|
||||||
|
|
||||||
# DONE :
|
# DONE :
|
||||||
* media sync (scp, rsync, http)
|
|
||||||
* Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs
|
|
||||||
* Test static IP ok
|
|
||||||
|
|
||||||
# OTHER:
|
# OTHER:
|
||||||
* get_client_rssi.sh on server
|
* get_client_rssi.sh on server
|
||||||
|
|
||||||
|
@ -68,6 +65,5 @@ sha256 :
|
||||||
|
|
||||||
* ? Scripts hotspot linux/win/mac
|
* ? Scripts hotspot linux/win/mac
|
||||||
* ? Config sync
|
* ? Config sync
|
||||||
* ? Linux Minimal Virtualbox image
|
|
||||||
* ! Remove git personal details/resolv.conf, remove authorized_keys, ssh config, clean home, re-enable ssh pw login
|
* ! Remove git personal details/resolv.conf, remove authorized_keys, ssh config, clean home, re-enable ssh pw login
|
||||||
* ~ Doc
|
* ~ Doc
|
||||||
|
|
|
@ -32,8 +32,8 @@ then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
DD_BS="128K"
|
DD_BS="128K"
|
||||||
DISK_IMAGE="$HOME/niels/imgs/2022-10-19-pilpil.img.xz"
|
DISK_IMAGE="$HOME/niels/imgs/2022-10-20-pilpil.img.xz"
|
||||||
CONFIG_DIR="$HOME/niels/flasktest"
|
CONFIG_DIR="$HOME/niels/pilpil-server"
|
||||||
PI_USER="pil"
|
PI_USER="pil"
|
||||||
BOOT_MOUNT="/run/media/$USER/boot"
|
BOOT_MOUNT="/run/media/$USER/boot"
|
||||||
ROOTFS_MOUNT="/run/media/$USER/rootfs"
|
ROOTFS_MOUNT="/run/media/$USER/rootfs"
|
||||||
|
@ -185,13 +185,28 @@ network={
|
||||||
sudo cp "$CONFIG_DIR/selfCA.crt" "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt"
|
sudo cp "$CONFIG_DIR/selfCA.crt" "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt"
|
||||||
sudo cp "$CONFIG_DIR/selfCA.key" "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key"
|
sudo cp "$CONFIG_DIR/selfCA.key" "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key"
|
||||||
sync
|
sync
|
||||||
# 6. Copy medias
|
#~ # 6. Copy medias
|
||||||
green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n"
|
green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n"
|
||||||
USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' )
|
# Remove filler file
|
||||||
GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' )
|
if [ -f "$REMOTE_MEDIA_DIR/remove_me" ]
|
||||||
sudo cp "$LOCAL_MEDIA_DIR/*" "$REMOTE_MEDIA_DIR/"
|
then
|
||||||
sudo chown $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR/*"
|
sudo rm "$REMOTE_MEDIA_DIR/remove_me"
|
||||||
sync
|
fi
|
||||||
|
# Get available space on rootfs
|
||||||
|
ROOTFS_AVAILABLE_SPACE=$(df -t ext4 -P $ROOTFS_MOUNT | tail -1 | awk '{print $4}')
|
||||||
|
# Get Media folder size
|
||||||
|
MEDIA_SIZE=$(du -c $LOCAL_MEDIA_DIR | tail -1 | awk '{print $1}')
|
||||||
|
# Only copy files if enough space available
|
||||||
|
if [ $MEDIA_SIZE -lt $ROOTFS_AVAILABLE_SPACE ]
|
||||||
|
then
|
||||||
|
USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' )
|
||||||
|
GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' )
|
||||||
|
sudo cp "$LOCAL_MEDIA_DIR/*" "$REMOTE_MEDIA_DIR/"
|
||||||
|
sudo chown $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR/*"
|
||||||
|
sync
|
||||||
|
else
|
||||||
|
red "Not enough space on $ROOTFS_MOUNT, skipping..."
|
||||||
|
fi
|
||||||
# Unmount FS
|
# Unmount FS
|
||||||
green "Operation 13/13 : Unmounting filesystems"
|
green "Operation 13/13 : Unmounting filesystems"
|
||||||
umount $BOOT_MOUNT
|
umount $BOOT_MOUNT
|
||||||
|
|
|
@ -5,12 +5,12 @@ CAfile = "selfCA.crt"
|
||||||
# scp, rsync, http
|
# scp, rsync, http
|
||||||
sync_facility = "http"
|
sync_facility = "http"
|
||||||
media_folder_local = "../medias"
|
media_folder_local = "../medias"
|
||||||
media_folder_remote = "/home/pi/Videos/"
|
media_folder_remote = "/home/pil/Videos"
|
||||||
media_exts = ["mp4", "avi", "mkv"]
|
media_exts = ["mp4", "avi", "mkv"]
|
||||||
auth = "secret"
|
auth = "secret"
|
||||||
# OnNlY3JldA==
|
# OnNlY3JldA==
|
||||||
cmd_auth = "secret"
|
cmd_auth = "secret"
|
||||||
hosts = ["10.42.0.10", "10.42.0.11"]
|
hosts = ["10.42.0.135", "10.42.0.11"]
|
||||||
# VLC http LUA port
|
# VLC http LUA port
|
||||||
port = 8887
|
port = 8887
|
||||||
# Clients cmd port
|
# Clients cmd port
|
||||||
|
|
|
@ -28,6 +28,7 @@ network={
|
||||||
```
|
```
|
||||||
4. Insérer la carte dans le RPI et démarrer le système.
|
4. Insérer la carte dans le RPI et démarrer le système.
|
||||||
5. Se connecter via SSH.
|
5. Se connecter via SSH.
|
||||||
|
6. Adduser pil
|
||||||
|
|
||||||
## Modification de config.txt
|
## Modification de config.txt
|
||||||
|
|
||||||
|
@ -92,15 +93,16 @@ console=tty3 loglevel=3 vt.global_cursor_default=0 logo.nologo consoleblank=1
|
||||||
### Login silencieux
|
### Login silencieux
|
||||||
|
|
||||||
Lancer les commandes suivantes :
|
Lancer les commandes suivantes :
|
||||||
* `echo "" > sudo tee /etc/issue`
|
* `echo "" | sudo tee /etc/issue`
|
||||||
* `touch .hushlogin`
|
* `echo "" | sudo tee /etc/motd`
|
||||||
|
* `touch ~/.hushlogin`
|
||||||
|
|
||||||
Editer le fichier `/etc/systemd/system/getty@tty1.service.d/autologin.conf` et remplacer le contenu par :
|
Editer le fichier `/etc/systemd/system/getty@tty1.service.d/autologin.conf` et remplacer le contenu par :
|
||||||
|
|
||||||
```
|
```
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=
|
ExecStart=
|
||||||
ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pi" %I $TERM
|
ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pil" %I $TERM
|
||||||
```
|
```
|
||||||
|
|
||||||
Editer le fichier `/etc/rc.local` et ajouter la ligne suivante juste avant "exit 0" :
|
Editer le fichier `/etc/rc.local` et ajouter la ligne suivante juste avant "exit 0" :
|
||||||
|
@ -116,7 +118,8 @@ Lancer la commande `raspi-config`, puis aller dans "1 System Options", "S5 Boot
|
||||||
```
|
```
|
||||||
sudo apt-get update
|
sudo apt-get update
|
||||||
# min
|
# min
|
||||||
sudo apt-get install vlc vlc-plugin-base va-driver-all va-driver vdpau-driver-all python3-minimal python3-flask python3-waitress python3-toml
|
sudo apt-get install vlc vlc-plugin-base python3-minimal python3-pip nginx file lua5.2
|
||||||
|
python pip install flask flask-httpauth waitress toml werkzeug
|
||||||
# build
|
# build
|
||||||
# sudo apt-get install vlc git dkms firmware-realtek firmware-iwlwifi firmware-ipw2x00 firmware-atheros raspberrypi-kernel-headers build-essential va-driver-all va-driver vdpau-driver-all
|
# sudo apt-get install vlc git dkms firmware-realtek firmware-iwlwifi firmware-ipw2x00 firmware-atheros raspberrypi-kernel-headers build-essential va-driver-all va-driver vdpau-driver-all
|
||||||
```
|
```
|
||||||
|
@ -153,21 +156,19 @@ Host 10.42.0.135
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
## VLC : démarrage automatique du serveur http
|
## Systemd Unit : démarrage automatique des services
|
||||||
|
|
||||||
### Systemd Unit
|
## VLC
|
||||||
|
|
||||||
Créer le fichier `/lib/systemd/system/vlc.service` contenant:
|
Créer le fichier `.config/systemd/user/vlc.service` contenant:
|
||||||
|
|
||||||
```
|
```
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=VLC http service
|
Description=VLC http service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
User=pi
|
WorkingDirectory=/home/pil/
|
||||||
#Environment="DISPLAY=:0"
|
|
||||||
ExecStart=/usr/bin/cvlc --quiet -I http --no-osd --http-password=secret
|
ExecStart=/usr/bin/cvlc --quiet -I http --no-osd --http-password=secret
|
||||||
WorkingDirectory=/home/pi
|
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
@ -177,11 +178,40 @@ WantedBy=multi-user.target
|
||||||
Puis lancer les commandes :
|
Puis lancer les commandes :
|
||||||
|
|
||||||
```
|
```
|
||||||
sudo chmod +x /lib/systemd/system/vlc.service
|
systemctl --user daemon-reload
|
||||||
sudo systemctl enable vlc
|
systemctl --user enable vlc
|
||||||
sudo systemctl start vlc
|
systemctl --user start vlc
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## pilpil
|
||||||
|
|
||||||
|
Créer le fichier `.config/systemd/user/pilpil.service` contenant:
|
||||||
|
|
||||||
|
```
|
||||||
|
[Unit]
|
||||||
|
Description=Pilpil Command Server
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
WorkingDirectory=/home/pil/pilpil-client
|
||||||
|
ExecStart=/home/pil/pilpil-client/app.py
|
||||||
|
Restart=always
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
Puis lancer les commandes :
|
||||||
|
|
||||||
|
```
|
||||||
|
systemctl --user daemon-reload
|
||||||
|
systemctl --user enable pilpil
|
||||||
|
systemctl --user start pilpil
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Configuration du serveur régie
|
## Configuration du serveur régie
|
||||||
|
|
||||||
### Linux : network-manager cli
|
### Linux : network-manager cli
|
||||||
|
@ -389,22 +419,35 @@ sudo apt-get install nginx
|
||||||
|
|
||||||
/etc/nginx/sites-available/default :
|
/etc/nginx/sites-available/default :
|
||||||
```
|
```
|
||||||
|
# Cmd server
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 8888 ssl;
|
||||||
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
|
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
|
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
|
||||||
#server_name example.com;
|
location / {
|
||||||
location / {
|
client_max_body_size 100M; # Max http_upload size
|
||||||
proxy_pass http://your.ip.adress:5000;
|
proxy_pass http://127.0.0.1:5000;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
# VLC server
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 8887 ssl;
|
||||||
server_name example.com;
|
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
|
||||||
return 302 https://$server_name$request_uri;
|
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:5001;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
openssl :
|
||||||
|
|
||||||
|
```
|
||||||
|
openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 -subj "/C=/ST=Denial/L=/O=/CN=10.42.0.135" -addext "subjectAltName=10.42.0.135" -keyout "/etc/ssl/private/nginx-selfsigned.key" -out "/etc/ssl/certs/nginx-selfsigned.crt"
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Fix nginx startup fail if /var/log/nginx doesn't exists
|
#### Fix nginx startup fail if /var/log/nginx doesn't exists
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
flask
|
flask
|
||||||
waitress
|
waitress
|
||||||
toml
|
toml
|
Loading…
Reference in New Issue