From be15214a95d15cc0e6267a3f586289369d9615ec Mon Sep 17 00:00:00 2001 From: ABelliqueux Date: Thu, 3 Nov 2022 18:26:06 +0100 Subject: [PATCH] Split pilpil-setup --- diagramme.svg | 397 ----------------- fr/LC_MESSAGES/fr.po | 258 ----------- fr/LC_MESSAGES/linux_server_deploy.sh.mo | Bin 6683 -> 0 bytes linux_server_deploy.sh | 343 --------------- prepa_rpios.md | 524 ----------------------- 5 files changed, 1522 deletions(-) delete mode 100644 diagramme.svg delete mode 100644 fr/LC_MESSAGES/fr.po delete mode 100644 fr/LC_MESSAGES/linux_server_deploy.sh.mo delete mode 100755 linux_server_deploy.sh delete mode 100644 prepa_rpios.md diff --git a/diagramme.svg b/diagramme.svg deleted file mode 100644 index c3827b4..0000000 --- a/diagramme.svg +++ /dev/null @@ -1,397 +0,0 @@ - - - -serveur régieAP wifi10.x.x.xwaitress+flask localhost:5000client rpi 110.x.x.01nginx 8887:8888VLC http lua 127.0.0.1:5001waitress+flask 127.0.0.1:5000ssh 22client rpi 210.x.x.02nginx 8887:8888VLC http lua 127.0.0.1:5001waitress+flask 127.0.0.1:5000ssh 22client rpi 310.x.x.03nginx 8887:8888VLC http lua 127.0.0.1:5001waitress+flask 127.0.0.1:5000ssh 22VLC HTTP LUA 8887:5001 - commandes de lecture- gestion playlistwaitress+flask : 8888:5000 - commandes systèmes (reboot, extinctions, clign.)- synchro fichiers config, medias(rsync ?) : - synchro fichiers config, mediasVPVPVPWifi 2.4 Ghz diff --git a/fr/LC_MESSAGES/fr.po b/fr/LC_MESSAGES/fr.po deleted file mode 100644 index d145e00..0000000 --- a/fr/LC_MESSAGES/fr.po +++ /dev/null @@ -1,258 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER -# This file is distributed under the same license as the PACKAGE package. -# FIRST AUTHOR , YEAR. -# -#, fuzzy -msgid "" -msgstr "" -"Project-Id-Version: 0.1\n" -"Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-11-03 11:58+0100\n" -"PO-Revision-Date: 2022-11-03 11:58+0100\n" -"Last-Translator: FULL NAME \n" -"Language-Team: French \n" -"Language: fr\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" - -#: linux_server_deploy.sh:39 -msgid "" -"Usage: ./pilpil-server.sh path_to_device\n" -"\n" -"This script will setup as much pilpil-clients as needed." -msgstr "" -"Usage: ./pilpil-server.sh chemin_du_périphérique\n" -"\n" -"Ce script aide au déploiement d'instances pilpil." - -#: linux_server_deploy.sh:46 -msgid "!!! Running in dry mode. No modifications will be made.\\n" -msgstr "!!! Exécution en mode simulation. Aucune modification ne sera faite.\\n" - -#: linux_server_deploy.sh:58 -msgid "Please specify an existing device block for your sd-card, e.g: '/dev/sda'." -msgstr "Veuillez spécifier un bloc de périphérique existant pour la carte sd, par ex. : '/dev/sda'" - -#: linux_server_deploy.sh:70 -msgid "Disk image not found, aborting..." -msgstr "Image disque introuvable, annulation..." - -#: linux_server_deploy.sh:75 -msgid "Config directory not found, aborting..." -msgstr "Dossier de configuration introuvable, annulation..." - -#: linux_server_deploy.sh:85 -msgid "Medias directory not found, aborting..." -msgstr "Dossier des médias introuvable, annulation..." - -#: linux_server_deploy.sh:104 -msgid " * Creating hotspot connection in NetworkManager \\n" -msgstr " * Création du point d'accès Wifi dans NetworkManager" - -#: linux_server_deploy.sh:116 -#, sh-format -msgid "" -" * Setting IP range $IP_RANGE/24 in /etc/NetworkManager/system-connections/" -"$SSID.nmconnection ... \\n" -msgstr "" -" * Utilisation de la tranche d'IP $IP_RANGE/24 dans /etc/NetworkManager/system-connections/" -"$SSID.nmconnection ... \\n" - -#: linux_server_deploy.sh:129 -msgid "Number of clients to configure : " -msgstr "Nombre de clients à configurer : " - -#: linux_server_deploy.sh:133 -msgid "\\nInput was not a number, aborting.\\n" -msgstr "\\nLa réponse n'était pas un nombre, annulation.\\n" - -#: linux_server_deploy.sh:137 -msgid "\\nInput was 0, nothing to do.\\n" -msgstr "\\nLa réponse était 0, rien à faire.\\n" - -#: linux_server_deploy.sh:140 -#, sh-format -msgid "Got $CLIENT_NUMBER...\\n" -msgstr "Reçu $CLIENT_NUMBER...\\n" - -#: linux_server_deploy.sh:151 -#, sh-format -msgid "First IP is $IP_RANGE_3B$IP ...\\n" -msgstr "Première IP : $IP_RANGE_3B$IP ...\\n" - - -#: linux_server_deploy.sh:162 -msgid "Got host list : $HOST_LIST \\n" -msgstr "Liste des hôtes : $HOST_LIST \\n" - -#: linux_server_deploy.sh:165 -#, sh-format -msgid "Generating SSL crt/key for $HOST_LIST...\\n" -msgstr "Génération du certificat SSL pour $HOST_LIST...\\n" - -#: linux_server_deploy.sh:179 -#, sh-format -msgid "1/14 : Imaging $SDCARD with the file $DISK_IMAGE ...\\n" -msgstr "1/14 : Ecriture du fichier $DISK_IMAGE sur $SDCARD ...\\n" - -#: linux_server_deploy.sh:180 -#, sh-format -msgid "" -"Are you sure you want to ERASE THE CONTENT of $SDCARD ? Type uppercase 'yes' " -"to confirm." -msgstr "" -"Etes vous certain de vouloir EFFACER LE CONTENU de $SDCARD ? Entrez le mot 'oui' en majuscules " -"pour confirmer." - -#: linux_server_deploy.sh:182 linux_server_deploy.sh:326 -msgid "YES" -msgstr "OUI" - -#: linux_server_deploy.sh:184 -msgid "Answer was different from 'YES'. Aborting..." -msgstr "La réponse était différente de 'OUI'. Annulation..." - -#: linux_server_deploy.sh:187 -#, sh-format -msgid "Received answer $GO_DD. Running dd on $SDCARD in 5 seconds." -msgstr "Réponse reçue ; $GO_DD. Exécution de dd sur $SDCARD dans 5 secondes." - -#: linux_server_deploy.sh:193 -#, sh-format -msgid "2/14 : Unmounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\\n" -msgstr "2/14 : Démontage de $BOOT_MOUNT et $ROOTFS_MOUNT ...\\n" - -#: linux_server_deploy.sh:199 -#, sh-format -msgid "3/14 : Remounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\\n" -msgstr "3/14 : Remontage de $BOOT_MOUNT et $ROOTFS_MOUNT ...\\n" - -#: linux_server_deploy.sh:206 -#, sh-format -msgid "" -"4/14 : Changing hostname to $HOST_NAME in $ROOTFS_MOUNT/etc/hostname and " -"$ROOTFS_MOUNT/etc/hosts ...\\n" -msgstr "" -"4/14 : Changement du nom d'hôte à $HOST_NAME dans $ROOTFS_MOUNT/etc/hostname et " -"$ROOTFS_MOUNT/etc/hosts ...\\n" -#: linux_server_deploy.sh:215 -#, sh-format -msgid "5/14 : Enabling SSH server on boot : $BOOT_MOUNT/ssh ...\\n" -msgstr "5/14 : Activation du serveur SSH au démarrage : $BOOT_MOUNT/ssh ...\\n" - -#: linux_server_deploy.sh:221 -#, sh-format -msgid "" -"6/14 : Generating private/public SSH key as $HOME/.ssh/$HOST_NAME ...\\n" -msgstr "" -"6/14 : Génération de clés privée/publique SSH dans $HOME/.ssh/$HOST_NAME ...\\n" - -#: linux_server_deploy.sh:225 -#, sh-format -msgid "" -"New SSH key pair generated as $HOME/.ssh/$HOST_NAME. Add to ~/.ssh/config ? " -"(y/n)" -msgstr "" -"Nouvelle paire de clés SSH générée dans $HOME/.ssh/$HOST_NAME. Ajouter à ~/.ssh/config ? " -"(o/n)" - -#: linux_server_deploy.sh:227 -msgid "y" -msgstr "o" - -#: linux_server_deploy.sh:228 -#, sh-format -msgid "Adding $HOST_NAME with ip $HOST in $HOME/.ssh/config" -msgstr "Ajout de $HOST_NAME avec ip $HOST dans $HOME/.ssh/config" - -#: linux_server_deploy.sh:234 -msgid "\\nAnswer was different from 'y', skipping..." -msgstr "\\nLa réponse était différente de 'o'. Annulation..." - -#: linux_server_deploy.sh:237 -#, sh-format -msgid "" -"7/14 : Installing public SSH key $HOME/.ssh/$HOST.pub in $ROOTFS_MOUNT/home/" -"$PI_USER/.ssh/authorized_keys...\\n" -msgstr "" -"7/14 : Installation de la clé SSH publique $HOME/.ssh/$HOST.pub dans $ROOTFS_MOUNT/home/" -"$PI_USER/.ssh/authorized_keys...\\n" - -#: linux_server_deploy.sh:243 -#, sh-format -msgid "" -"8/14 : Disabling SSH password based login in $ROOTFS_MOUNT/etc/ssh/" -"sshd_config ...\\n" -msgstr "" -"8/14 : Désactivation de la connexion SSH par mot de passe dans $ROOTFS_MOUNT/etc/ssh/" -"sshd_config ...\\n" - -#: linux_server_deploy.sh:249 -#, sh-format -msgid "" -"9/14 : Configuring wireless connection to $SSID with pw $PASSWD : ...\\n" -msgstr "" -"9/14 : Configuration de la connexion sans fil au réseau $SSID avec le mot de passe $PASSWD : ...\\n" - -#: linux_server_deploy.sh:268 -#, sh-format -msgid "10/14 : Setting static IP $HOST in $ROOTFS_MOUNT/etc/dhcpcd.conf...\\n" -msgstr "10/14 : Réglage de l'IP statique $HOST dans $ROOTFS_MOUNT/etc/dhcpcd.conf...\\n" - -#: linux_server_deploy.sh:280 -#, sh-format -msgid "" -"12/14 : Installing http auth secrets in $CONFIG_DIR/pilpil-server.toml, " -"$ROOTFS_MOUNT/home/pil/.config/systemd/user/vlc.service and $ROOTFS_MOUNT/" -"home/pil/pilpil-client/defaults.toml...\\n" -msgstr "" -"12/14 : Installation du secret d'authentification http dans $CONFIG_DIR/pilpil-server.toml, " -"$ROOTFS_MOUNT/home/pil/.config/systemd/user/vlc.service et $ROOTFS_MOUNT/" -"home/pil/pilpil-client/defaults.toml...\\n" - -#: linux_server_deploy.sh:288 -#, sh-format -msgid "" -"13/14 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \\n" -msgstr "" -"13/14 : Synchronisation des médias présents dans $LOCAL_MEDIA_DIR/ avec $REMOTE_MEDIA_DIR/ \\n" - -#: linux_server_deploy.sh:298 -#, sh-format -msgid "Space available on rootfs : $ROOTFS_AVAILABLE_SPACE sectors" -msgstr "Espace disponible sur rootfs : $ROOTFS_AVAILABLE_SPACE secteurs" - -#: linux_server_deploy.sh:301 -#, sh-format -msgid "Size of medias : $MEDIA_SIZE sectors" -msgstr "Taille des médias : $MEDIA_SIZE secteurs" - -#: linux_server_deploy.sh:312 -#, sh-format -msgid "Not enough space on $ROOTFS_MOUNT, skipping..." -msgstr "Pas assez d'espace sur' $ROOTFS_MOUNT, saut..." - -#: linux_server_deploy.sh:316 -msgid "14/14 : Unmounting filesystems" -msgstr "14/14 : Démontage des systèmes de fichier" - -#: linux_server_deploy.sh:324 -msgid "" -"Please swap sd card in reader and enter uppercase 'yes' then Return to proceed with next client or directly hit Return to exit:" -msgstr "" -"Veuillez changer la carte SD dans le lecteur et entrer le mot 'oui' en majuscules suivie de la touche Entrée pour continuer " -"avec le client suivant ou appuyer seulement sur la touche Entrée pour quitter:" - -#: linux_server_deploy.sh:328 -msgid "Answer was different from 'YES'. Aborting...\\n" -msgstr "La réponse était différente de 'OUI'. Annulation...\\n" - -#: linux_server_deploy.sh:334 -msgid "All done !" -msgstr "Finis !" - -#: linux_server_deploy.sh:340 -msgid "Nothing more to do." -msgstr "Rien de plus à faire." diff --git a/fr/LC_MESSAGES/linux_server_deploy.sh.mo b/fr/LC_MESSAGES/linux_server_deploy.sh.mo deleted file mode 100644 index b6d48f661fe4c77105af9a419eb71aadab3eb0eb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6683 zcmcIoTaP106)wmPCXj?AT#|692?pn~ZqMu`**FQi-f_>YiS3!#o&=&G)6-qHYqwq9 z>FS=@2?)ePA|!-(AqWWxA@Pum6eJ#ag9jw@08-!qfj|faDG?IC0`Z-y_HAbN5(L(G zK40o`>YVSK^OfJe`{vge9w+epB%WV?A7f7f|Negb!{fI%F?JgGJD>pm8~6k;xS6rX zfIkMhz&`_j34Gud#_GVo06z^}zLl{v!1Foo0{eLXCa?m$=QhSRfGwZ`{s7no-tqy) zE&^Ww(*8dME&=}vBwODFI>5U=$k>;F=YU1v4}r_TU+4G^@DaSf8IwN_ECW9U+yK&e z0elwtT_COZ58yq(J8rk@JP7-0O@@U+yTA`gp1gnAGUVh z1N;o$p9g*p_*EcW%w7fFju+nsp2hp`-@#Z0{5^03xOS)g{5!x+y#EdG55RlxVyp*z z7x*ZR`v_x?10x{C<8@#Jd>gn9Y~9UR8~7UVYrua22fzS_41jL|Y5&!G8M_U52}tWC zK>GXusDSSPPXV9(sP)?`Ksx`=fb{tvf%gG#{TO2$$bk;93iN?-{{Bxu{IQ!5j0b`D z1HS@%8u%9QM?gCN@Dq$Z4E#Cp9Pn>I;?4cog#7z0;A6m7fDZwG1tdHE2_*mCcfUnC z6GCb@L;i=Eh7V)|j%3b2e4qzWo?-jIHmLZ%B zp)$SzFwpPF1EFD`#}g@H9&{d#C!M#5Cn&%`BZd@Vpt*S<+~xuL8NVUjrjO6kE6yL` zYl-kusRn!)r8Y8XCUrz==G3=%;;Dh)h5A;n zU2Sc+<&&prT3Muid2w!8@9R{IO0)HKxzOpBMf5`Ur4O?srTLx=L%t*U$ivr|xmsR5%`3b<@&+`y(5bCe+cgYJhddn$-j^Zl zt<^iv^y!&k!rKl+GcCLzR|1I+vQk>_$z6V?25!mqfvO`&{o4} zBxqRK>?8-dD}!=|N#)(pcWAQo1@}~NwYm8=ekg@X%Yo>7S(s|GUvB%U+ync{C&Nb~ zkRIQ!U4b!egOHaENO{O9D$({`n8HHtE2m_lB+1kfz^(cHI% z3-GM<>(L|R0m`jwi|Lv-GAp-aZ3vp0Xhb?y-bnB?vVrZjs!jL!=nf}ik9w8pO<(KW zxHI;^uJU$F&^w)r2sZ_kBae0>NDmYntyn*gYSgf5pM6sjFVL2G@@xoTM(|NuIALk2IgMcQ_ImzU|jOVg>=1Xe>tD=wukrI5FRh8aD z?DpVu)SA9XkTblWL?d4OvfC*-yt)%5L~J7R1?AXqm1h;f3fFbah%C*S3556 zUUWICL)UF}dDNfQuXDV+9}Awvu}FM)mlyYiF48n(eKK;GbsG#$P`@KoOa^Mc!+eNH*VLy3P#kLf&W08Oesr}X@c7eQjb%Z)Yp?F)QS)$0iIEj1# zubD(q;tG_2X%!qHwNVK7`B0{FQ($shVQt|Hxl8`GNmJO^?A2<{w0*HS3rtc)OkqQEN;*5>(W_8K3v$>T}h4qk5s? z_BvbDwb|Tl4VqWDbEwOr`o>;5?4?o9x_fD73{#;AR^ zl|+}|qEbC5Jtqxaqj?6+iF1gBw3RFmivpX_f%BAf1z=%Q~WIT=}s%lX5e1H6g z=FdYh@&J<$DOxjeJC&$G`BcF}kEhtjhgb}XBmgHBki@N7<9{M=-7Dh*KQlrbiAd^} zYdOl`bVLX>D)Te+qIt0k%8{yoDDz}GFLqtf7I_SNGw54?D3R{-5*Mvznt-GHqTlixJL8q*72mL2)?#MJo9CCwZ$j zCE+RrnQG_5#u@q?Bb}?bazgcj`m~?X&LAymUoYbU+~g$*x#@Z`dVHY92PC9vA%Px- zAfdO(-SI)LsEORPuC;uo0_Vh{&5=b#JzWyzfmStZ7>S){%YrgD;`$ihyjOV*>%BS8 znBs)qiT+Fnq+`Thf+B$^3B1(M6vym(!-{+1kkf56@f$Zd3WXs(&uY(512>S+vECoe# zQ!tE7ThR8i^UkX2HIC4N3q%NilD;?5wpmT=A6Uzg+}Frw@PZf!52JP+5&aQ~{w-)R z%AS`|=7g2~Xqv^v1_Bv}HiqM~Hhx5*aK#}wf<@7g69L^Hjdms$($6gByGcl~J%s;r zB7?ZZJ~~GGhm-MfhMx$a_RWIew2X)Jp8{(x1#~?$l%dMwCGf4rJ%I9FTye1G>@qN0 z9r6jk%O#{`?37N;ItXqIAsPi3h|&xj6B=bR_&BcWOzukKbS#xdkix<+oIF0^F|I8c zR+$uo{N6w_$#h(Gy*SSHF+vOQ-}DqxBv)DRrA(%X6)qN&luw9if&2 - exit 0 -fi -DD_BS="128K" -DISK_IMAGE="$HOME/niels/imgs/2022-10-25-pilpil-WIP.img.xz" -if [[ ! -f "$DISK_IMAGE" ]]; then - red "`gettext \"Disk image not found, aborting...\"`" >&2 - exit 0 -fi -CONFIG_DIR="$HOME/niels/pilpil-server" -if [[ ! -d "$CONFIG_DIR" ]]; then - red "`gettext \"Config directory not found, aborting...\"`" >&2 - exit 0 -fi -HTTP_SECRET=$(openssl rand -base64 12) -PI_USER="pil" -BOOT_MOUNT="/run/media/$USER/boot" -ROOTFS_MOUNT="/run/media/$USER/rootfs" -#~ LOCAL_MEDIA_DIR="$HOME/Videos" -LOCAL_MEDIA_DIR="$HOME/niels/medias" -if [[ ! -d "$LOCAL_MEDIA_DIR" ]]; then - red "`gettext \"Medias directory not found, aborting...\"`" >&2 - exit 0 -fi -REMOTE_MEDIA_DIR="$ROOTFS_MOUNT/home/$PI_USER/Videos" -# WIFI AP config -IP_RANGE="10.42.0.1" -SSID="omen" -PASSWD="EpQmSmXH123" -IFW="wlo1" -#Band (bg = 2.4Ghz, a= 5Ghz) -BAND="bg" -# Hidden SSID -#~ HIDE="802-11-wireless.hidden false" -# Set channel manually -CHAN="802-11-wireless.channel 1" -# -# -# 0. Create AP connection -# -green "`gettext \" * Creating hotspot connection in NetworkManager \n\"`" -if [[ ! "$DRY_RUN" ]]; then - # If connection exists, delete it - nmcli con delete $SSID - nmcli con add type wifi ifname $IFW con-name $SSID autoconnect yes ssid $SSID - nmcli con modify $SSID 802-11-wireless.mode ap 802-11-wireless.band "${BAND-}" "${CHAN-}" "${HIDE-}" ipv4.method shared - nmcli con modify $SSID wifi-sec.key-mgmt wpa-psk - nmcli con modify $SSID 802-11-wireless-security.proto rsn - nmcli con modify $SSID 802-11-wireless-security.pairwise ccmp - nmcli con modify $SSID wifi-sec.psk $PASSWD -fi -# 0.a set IP range on server -green "`eval_gettext \" * Setting IP range \\\$IP_RANGE/24 in /etc/NetworkManager/system-connections/\\\$SSID.nmconnection ... \n\"`" -if [[ ! "$DRY_RUN" ]]; then - sudo sed -i "/method=shared/a address1=$IP_RANGE/24, $IP_RANGE" /etc/NetworkManager/system-connections/$SSID.nmconnection - # Remove existing leases - sudo rm /var/lib/NetworkManager/dnsmasq-$IFW.leases - # restart NM - sudo systemctl restart NetworkManager - # Turn hotspot on - nmcli radio wifi on - nmcli con up $SSID -fi -# 0.b ask for number of clients -# This will be used to determine static IP -yellow "`gettext \"Number of clients to configure : \"`" -read -n 4 CLIENT_NUMBER -# Check input -if [[ ! "${CLIENT_NUMBER}" =~ ^[0-9]+$ ]]; then - red "`gettext \"\nInput was not a number, aborting.\n\"`" - exit 0 -fi -if [[ "${CLIENT_NUMBER}" -lt 1 ]]; then - red "`gettext \"\nInput was 0, nothing to do.\n\"`" - exit 0 -fi -green "`eval_gettext \"Got \\\$CLIENT_NUMBER...\n\"`" -# For some reason networkmanager finds it clever to offer only IPs in range 10-255 even when asked for a /24, /28, etc... -# So IPs start at 10 -# Get first IP in specified range -#~ IP=$(echo $IP_RANGE | awk -F. '{print $4}') -FIRST=1 -IP=10 -#~ echo -e "First IP is $(($RANGE_START)) ...\n" -# Remove IP's last byte -IP_RANGE_3B=$(echo $IP_RANGE | awk -F. '{print $1"."$2"."$3"."}') -echo -e "`eval_gettext \"First IP is \\\$IP_RANGE_3B\\\$IP ...\n\"`" -# Generate SSL cert with IPs in IP_RANGE -IP_CNT=$IP -IP_ARRAY=() - -while [[ "$IP_CNT" -lt $(("${CLIENT_NUMBER-}"+"${IP-}")) ]] -do - IP_ARRAY+=("IP:$IP_RANGE_3B$IP_CNT") - ((IP_CNT++)) -done -# Convert array to string -HOST_LIST="$(IFS=","; echo "${IP_ARRAY[*]}")" -green "`eval_gettext \"Got host list : \\\$HOST_LIST \n\"`" -# 5. Generate valid ssl cert/key for every IP in range -# https://unix.stackexchange.com/questions/104171/create-ssl-certificate-non-interactively -green "`eval_gettext \"Generating SSL crt/key for \\\$HOST_LIST...\n\"`" -if [[ ! "$DRY_RUN" ]]; then - openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 \ - -subj "/C=/ST=Denial/L=/O=/CN=$IP_RANGE$FIRST" \ - -addext "subjectAltName=$HOST_LIST" \ - -keyout "$CONFIG_DIR/selfCA.key" -out "$CONFIG_DIR/selfCA.crt" - #sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" -out "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt" -fi -# Proceed with each host -for HOST in "${IP_ARRAY[@]}" -do - HOST=$(echo $HOST | awk -F: '{print $2}') - HOST_NAME="pilpil-$(echo $HOST | awk -F. '{print $4}')" - # 1. Copy img to sd - green "`eval_gettext \"1/14 : Imaging \\\$SDCARD with the file \\\$DISK_IMAGE ...\n\"`" - red "`eval_gettext \"Are you sure you want to ERASE THE CONTENT of \\\$SDCARD ? Type uppercase 'yes' to confirm.\"`" - read -n 4 GO_DD - if [[ "$GO_DD" != "`gettext \"YES\"`" ]] - then - red "`gettext \"Answer was different from 'YES'. Aborting...\"`" >&2 - break - fi - red "`eval_gettext \"Received answer \\\$GO_DD. Running dd on \\\$SDCARD in 5 seconds.\"`" - if [[ ! "$DRY_RUN" ]]; then - sleep 5 - fi - GO_DD=0 - # unmount / remount new filesystem - green "`eval_gettext \"2/14 : Unmounting \\\$BOOT_MOUNT and \\\$ROOTFS_MOUNT ...\n\"`" - if [[ ! "$DRY_RUN" ]]; then - umount $BOOT_MOUNT - umount $ROOTFS_MOUNT - xzcat "$DISK_IMAGE" | sudo dd of=$SDCARD bs="$DD_BS" oflag=dsync status=progress && sync - fi - green "`eval_gettext \"3/14 : Remounting \\\$BOOT_MOUNT and \\\$ROOTFS_MOUNT ...\n\"`" - if [[ ! "$DRY_RUN" ]]; then - sleep 1 - systemctl --user restart gvfs-udisks2-volume-monitor - sleep 3 - fi - green "`eval_gettext \"4/14 : Changing hostname to \\\$HOST_NAME in \\\$ROOTFS_MOUNT/etc/hostname and \\\$ROOTFS_MOUNT/etc/hosts ...\n\"`" - if [[ ! "$DRY_RUN" ]]; then - # Change hostname - echo "$HOST_NAME" | sudo tee "$ROOTFS_MOUNT/etc/hostname" - # Reflect that in /etc/hosts - sudo sed -i "$d" "$ROOTFS_MOUNT/etc/hosts" - echo -e "127.0.1.1\t$HOST_NAME" | sudo tee -a "$ROOTFS_MOUNT/etc/hosts" - fi - ## Enable SSH - green "`eval_gettext \"5/14 : Enabling SSH server on boot : \\\$BOOT_MOUNT/ssh ...\n\"`" - if [[ ! "$DRY_RUN" ]]; then - touch "$BOOT_MOUNT/ssh" - sync - fi - ## Generate SSH private/public key and install it - Disable passwd login - green "`eval_gettext \"6/14 : Generating private/public SSH key as \\\$HOME/.ssh/\\\$HOST_NAME ...\n\"`" - if [[ ! "$DRY_RUN" ]]; then - ssh-keygen -t ed25519 -f "$HOME/.ssh/$HOST_NAME" -N "" - fi - red "`eval_gettext \"New SSH key pair generated as \\\$HOME/.ssh/\\\$HOST_NAME. Add to ~/.ssh/config ? (y/n)\"`" - read -n 2 ADD_SSH_CONF - if [[ "$ADD_SSH_CONF" == "`gettext \"y\"`" ]];then - green "`eval_gettext \"Adding \\\$HOST_NAME with ip \\\$HOST in \\\$HOME/.ssh/config\"`" - if [[ ! "$DRY_RUN" ]]; then - # Add to ~/.ssh/config - echo -e "\nHost $HOST_NAME\n\tHostname $HOST\n\tIdentityFile ~/.ssh/$HOST_NAME\n\tUser $PI_USER" | tee -a "$HOME/.ssh/config" - fi - else - yellow "`gettext \"\nAnswer was different from 'y', skipping...\"`" - fi - # Copy public key to rpi - green "`eval_gettext \"7/14 : Installing public SSH key \\\$HOME/.ssh/\\\$HOST.pub in \\\$ROOTFS_MOUNT/home/\\\$PI_USER/.ssh/authorized_keys...\n\"`" - if [[ ! "$DRY_RUN" ]]; then - sudo cp "$HOME/.ssh/$HOST_NAME.pub" "$ROOTFS_MOUNT/home/$PI_USER/.ssh/authorized_keys" - sync - fi - # Disable PW login - green "`eval_gettext \"8/14 : Disabling SSH password based login in \\\$ROOTFS_MOUNT/etc/ssh/sshd_config ...\n\"`" - if [[ ! "$DRY_RUN" ]]; then - echo -e "PasswordAuthentication no\nChallengeResponseAuthentication no\nUsePAM no" | sudo tee -a "$ROOTFS_MOUNT/etc/ssh/sshd_config" - sync - fi - # 3. Configure wifi with static IP - green "`eval_gettext \"9/14 : Configuring wireless connection to \\\$SSID with pw \\\$PASSWD : ...\n\"`" - if [[ ! "$DRY_RUN" ]]; then - echo "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev -update_config=1 -country=FR - -network={ - ssid=\"$SSID\" # Nom du réseau auquel on se connecte - psk=\"$PASSWD\" # Mot de passe wifi - # Optional parameters - # scan_ssid=1 # hidden ssid - # Specify 2.4 or 5G freq - # https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n910 - # https://fr.wikipedia.org/wiki/Liste_des_canaux_Wi-Fi#Bande_2,4_GHz - # scan_freq=2412 2437 2462 -}" | sudo tee "$ROOTFS_MOUNT/etc/wpa_supplicant/wpa_supplicant.conf" - sync - fi - # Request specific IP to dhcp server - green "`eval_gettext \"10/14 : Setting static IP \\\$HOST in \\\$ROOTFS_MOUNT/etc/dhcpcd.conf...\n\"`" - if [[ ! "$DRY_RUN" ]]; then - echo -e "interface wlan0\nrequest $HOST" | sudo tee -a "$ROOTFS_MOUNT/etc/dhcpcd.conf" - sync - fi - # 5. Install previously generated SSL key/crt - green "`eval_gettext \"11/14 : Installing SSL : \\\$CONFIG_DIR/selfCA.crt and $CONFIG_DIR/selfCA.key in \\\$ROOTFS_MOUNT/etc/ssl/certs/ and \\\$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key...\n\"`" - if [[ ! "$DRY_RUN" ]]; then - sudo cp "$CONFIG_DIR/selfCA.crt" "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt" - sudo cp "$CONFIG_DIR/selfCA.key" "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" - sync - fi - green "`eval_gettext \"12/14 : Installing http auth secrets in \\\$CONFIG_DIR/pilpil-server.toml, \\\$ROOTFS_MOUNT/home/pil/.config/systemd/user/vlc.service and \\\$ROOTFS_MOUNT/home/pil/pilpil-client/defaults.toml...\n\"`" - if [[ ! "$DRY_RUN" ]]; then - #~ Change VLC/pilpil http auth secret - sed -i "s:secret:$HTTP_SECRET:g" "$CONFIG_DIR/pilpil-server.toml" - sed -i "s:secret:$HTTP_SECRET:g" "$ROOTFS_MOUNT/home/pil/.config/systemd/user/vlc.service" - sed -i "s:secret:$HTTP_SECRET:g" "$ROOTFS_MOUNT/home/pil/pilpil-client/defaults.toml" - fi - #~ # 6. Copy medias - green "`eval_gettext \"13/14 : Syncing media folder \\\$LOCAL_MEDIA_DIR/ with \\\$REMOTE_MEDIA_DIR/ \n\"`" - if [[ ! "$DRY_RUN" ]]; then - # Remove filler file - if [[ -f "$REMOTE_MEDIA_DIR/remove_me" ]]; then - sudo rm "$REMOTE_MEDIA_DIR/remove_me" - fi - fi - if [[ -d "$ROOTFS_MOUNT" ]]; then - # Get available space on rootfs - ROOTFS_AVAILABLE_SPACE=$(df -t ext4 -P "$ROOTFS_MOUNT" | tail -1 | awk '{print $4}') - yellow "`eval_gettext \"Space available on rootfs : \\\$ROOTFS_AVAILABLE_SPACE sectors\"`" - # Get Media folder size - MEDIA_SIZE=$(du -c "$LOCAL_MEDIA_DIR" | tail -1 | awk '{print $1}') - yellow "`eval_gettext \"Size of medias : \\\$MEDIA_SIZE sectors\"`" - fi - if [[ ! "$DRY_RUN" ]]; then - # Only copy files if enough space available - if [[ "$MEDIA_SIZE" -lt "$ROOTFS_AVAILABLE_SPACE" ]]; then - USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' ) - GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' ) - sudo cp "$LOCAL_MEDIA_DIR/"* "$REMOTE_MEDIA_DIR/" - sudo chown -R $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR" - sync - else - red "`eval_gettext \"Not enough space on \\\$ROOTFS_MOUNT, skipping...\"`" - fi - fi - # Unmount FS - green "`gettext \"14/14 : Unmounting filesystems\"`" - if [[ ! "$DRY_RUN" ]]; then - umount "$BOOT_MOUNT" - umount "$ROOTFS_MOUNT" - fi - yellow "`eval_gettext \"Client $(($IP-9))/$CLIENT_NUMBER.\"`" - #~ echo "$IP / $(($IP_CNT-1))" - if [[ "$IP" -lt "$(($IP_CNT-1))" ]]; then - red "`gettext \"Please swap sd card in reader and enter uppercase 'yes' then Return to proceed with next client or directly hit Return to exit:\"`" - read -n 4 GO_ON - if [ "$GO_ON" != "`gettext \"YES\"`" ] - then - red "`gettext \"Answer was different from 'YES'. Aborting...\n\"`" >&2 - break - fi - GO_ON=0 - ((IP++)) - else - green "`gettext \"All done !\"`" - # Remove SSL private key - #~ rm -f "$CONFIG_DIR/selfCA.key" - break - fi -done -# Remove SSL private key -rm -f "$CONFIG_DIR/selfCA.key" -yellow "`gettext \"Nothing more to do.\"`" -exit 1 diff --git a/prepa_rpios.md b/prepa_rpios.md deleted file mode 100644 index 098d53d..0000000 --- a/prepa_rpios.md +++ /dev/null @@ -1,524 +0,0 @@ -# Préparation de l'image RPI videopi - -## Raspi OS et SSH - - 1. Télécharger l'image disque version "Legacy" lite : https://downloads.raspberrypi.org/raspios_oldstable_lite_armhf/images/raspios_oldstable_lite_armhf-2022-09-26/2022-09-22-raspios-buster-armhf-lite.img.xz - 2. Flasher l'image sur une carte SD : `xzcat 2022-09-22-raspios-buster-armhf-lite.img.xz | sudo dd of=/dev/mmcblkp0 bs=128K oflag=dsync status=progress && sync` - 3. Monter la carte SD et ajouter un fichier nommé `ssh` sur la partition `/boot` pour activer le serveur SSH; `touch boot/ssh` (https://linuxhint.com/rasperberry_pi_wifi_wpa_supplicant/) - 5. Toujours sur la partition `/boot`, créer un fichier nommé `wpa_supplicant.conf` pour configurer la connexion wifi. Le contenu de celui-ci : -``` -ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev -update_config=1 -country=FR - -network={ - ssid="BLAH" # Nom du réseau auquel on se connecte - #scan_ssid=1 # Décommenter si le réseau est caché - psk="BLAH" # Mot de passe wifi - # Pour accélérer la découverte et la connexion du point d'accès wifi, - # on peut spécifier les fréquences à balayer en fonction du canal utilisé par ce dernier. - # https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n910 - # Wifi 2.4 Ghz : https://fr.wikipedia.org/wiki/Liste_des_canaux_Wi-Fi#Bande_2,4_GHz - # scan_freq=2412 2437 2462 - # See nmcli 802-11-wireless.channel - # https://developer-old.gnome.org/NetworkManager/stable/settings-802-11-wireless.html - # Wifi 5ghz : https://fr.wikipedia.org/wiki/Liste_des_canaux_Wi-Fi#Liste_des_canaux_dans_la_bande_des_5_GHz - # scan_freq= 5805 -} -``` - 4. Insérer la carte dans le RPI et démarrer le système. - 5. Se connecter via SSH. - 6. Adduser pil - -## Modification de config.txt - -Ajouter les lignes suivantes au fichier `/boot/config.txt` : - -``` -# Forcer HDMI Full HD -hdmi_group=1 -hdmi_mode=16 # fullHD@60 - -[all] -# Désactivation du bluetooth -dtoverlay=pi3-disable-bt -max_framebuffers=2 -# Mémoire vidéo -gpu_mem=320 -# Désactiver le logo éclair et l'arc en ciel au démarrage -boot_delay=1 -avoid_warnings=1 -disable_splash=1 -``` - -## Configuration du Wifi - -``` -echo -e " - ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev\n - update_config=1\n - country=FR\n - \n - network={\n - ssid="BLAH" # Nom du réseau auquel on se connecte\n - #scan_ssid=1 # hidden ssid \n - psk="BLAH" # Mot de passe wifi\n - # Specify 2.4 or 5G freq\n - # https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n910\n - # https://fr.wikipedia.org/wiki/Liste_des_canaux_Wi-Fi#Bande_2,4_GHz - # scan_freq=2412 2437 2462\n - # See nmcli 802-11-wireless.channel\n - # https://developer-old.gnome.org/NetworkManager/stable/settings-802-11-wireless.html\n - # scan_freq= 5805\n - }\n" -| sudo tee -a /etc/wpa_supplicant/wpa_supplicant.conf -``` - -## Limiter le nombre de paquets installés par APT - -``` -echo -e "APT::Get::Install-Recommends "false";\nAPT::Get::Install-Suggests "false";" | sudo tee -a /etc/apt/apt.conf -``` - -## Rendre le démarrage du RPI complètement silencieux (écran noir) - -### cmdline.txt - -Editer le fichier `/boot/cmdline.txt` et ajouter les options suivantes à la fin de la première ligne: - -``` -console=tty3 loglevel=3 vt.global_cursor_default=0 logo.nologo consoleblank=1 -``` - -### Login silencieux - -Lancer les commandes suivantes : - * `echo "" | sudo tee /etc/issue` - * `echo "" | sudo tee /etc/motd` - * `touch ~/.hushlogin` - -Editer le fichier `/etc/systemd/system/getty@tty1.service.d/autologin.conf` et remplacer le contenu par : - -``` -[Service] -ExecStart= -ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pil" %I $TERM -``` - -Editer le fichier `/etc/rc.local` et ajouter la ligne suivante juste avant "exit 0" : - -`setterm -term linux -blank 1 >/dev/tty1` - -## Connexion automatique au démarrage - -Lancer la commande `raspi-config`, puis aller dans "1 System Options", "S5 Boot / Auto login", "B2 Console Auto Login". - -## Installation des logiciels nécessaires - -``` -sudo apt-get update -# min -sudo apt-get install vlc vlc-plugin-base python3-minimal python3-pip nginx file lua5.2 -python pip install flask flask-httpauth waitress toml werkzeug -# build -# sudo apt-get install vlc git dkms firmware-realtek firmware-iwlwifi firmware-ipw2x00 firmware-atheros raspberrypi-kernel-headers build-essential va-driver-all va-driver vdpau-driver-all -``` - -### SSH : identification par clés - -Sur le serveur régie, générer les clés publiques/privées avec : - -``` -# générer une clé sans mot de passe, adapter le nom du fichier -ssh-keygen -t ed25519 -f ~/.ssh/videopiX -N "" -# copier sur le client rpi en adaptant l'IP -SSH_AUTH_SOCK="" ssh-copy-id -i .ssh/videopiX.pub pi@$IP -``` - -Désactiver la connexion par login/mdp : - -``` -echo "PasswordAuthentication no -ChallengeResponseAuthentication no -UsePAM no" | sudo tee -a /etc/ssh/sshd_config -``` - -Sur le serveur régie, éditer le fichier `~/.ssh/config` et ajouter à la fin : - -``` -# VideoPi -Host 10.42.0.142 - IdentityFile ~/.ssh/ - User pi -Host 10.42.0.135 - IdentityFile ~/.ssh/rpi3 - User pi -``` - - -## Sudoers : commandes systèmes sans mot de passe - -`/etc/sudoers.d/010_pilpil_nopasswd.conf` : - -``` -Cmnd_Alias PILPIL=/usr/sbin/reboot, /usr/sbin/poweroff, /usr/bin/tee -pil ALL=(ALL) NOPASSWD: PILPIL -``` - - -## Systemd Unit : démarrage automatique des services - -## VLC - -Créer le fichier `.config/systemd/user/vlc.service` contenant: - -``` -[Unit] -Description=VLC http service - -[Service] -WorkingDirectory=/home/pil/ -ExecStart=/usr/bin/cvlc --quiet -I http --no-osd --http-password=secret -Restart=always - -[Install] -WantedBy=multi-user.target -``` - -Puis lancer les commandes : - -``` -systemctl --user daemon-reload -systemctl --user enable vlc -systemctl --user start vlc -``` - -## pilpil - -Créer le fichier `.config/systemd/user/pilpil.service` contenant: - -``` -[Unit] -Description=Pilpil Command Server -After=network.target - -[Service] -WorkingDirectory=/home/pil/pilpil-client -ExecStart=/home/pil/pilpil-client/app.py -Restart=always - -[Install] -WantedBy=multi-user.target - -``` - -Puis lancer les commandes : - -``` -systemctl --user daemon-reload -systemctl --user enable pilpil -systemctl --user start pilpil -``` - - - -## Configuration du serveur régie - -### Linux : network-manager cli - -``` -hotspot() -{ - -SSID="omen" -PASSWD="EpQmSmXH123" -#Intel -IFW="wlo1" -#Brostrend -#IFW="wlp0s20f0u1" -#Band (bg = 2.4Ghz, a= 5Ghz) -BAND="bg" -#HIDE="802-11-wireless.hidden false" -CHAN="802-11-wireless.channel 1" - -if [ "$1" == "off" ];then - nmcli radio wifi off - nmcli con delete $SSID -else - if [ "$1" == "wlp0s20f0u1" ];then - IFW="wlp0s20f0u1" -# IFW="wlp0s20f0u2u4" -# BAND="a" -# CHAN="802-11-wireless.channel 161" - fi - - nmcli con delete $SSID - nmcli con add type wifi ifname $IFW con-name $SSID autoconnect no ssid $SSID - nmcli con modify $SSID 802-11-wireless.mode ap 802-11-wireless.band $BAND $CHAN ipv4.method shared - nmcli con modify $SSID wifi-sec.key-mgmt wpa-psk - nmcli con modify $SSID 802-11-wireless-security.proto rsn - nmcli con modify $SSID 802-11-wireless-security.pairwise ccmp - nmcli con modify $SSID wifi-sec.psk $PASSWD - nmcli radio wifi on - nmcli con up $SSID -fi -} -``` - -#### Changer la plage d'IP du hotspot - -Une fois la connexion créée, éditer `/etc/NetworkManager/system-connections/$SSID.nmconnection` et ajouter une directive `address1` à la section "[ipv4]": - -``` -[ipv4] -method=shared -address1=192.168.125.1/24,192.168.125.1 -``` -puis redémarrer networkmanager : - -``` -sudo systemctl restart NetworkManager -``` - -### IP fixes des clients - -#### Bail dhcp permanent - -`sudo nano /etc/NetworkManager/dnsmasq-shared.d/wlo1.conf` - -``` -log-queries -log-facility=/var/log/dnsmasq.log -#rpi1 -dhcp-host=00:e0:4c:18:0a:fa,rpi1,10.42.0.142 -#rpi3 -dhcp-host=b8:27:eb:12:55:31,rpi3,10.42.0.135 -``` - -#### WPA supplicant - -### Windows setup - -#### Hotspot : netsh - -``` -netsh wlan set hostednetwork mode=allow ssid=Hotspot key=ZiZiPass -netsh wlan start hostednetwork -``` - -#### Dependencies - - 1. Install wsl/msys2 ; [https://learn.microsoft.com/fr-fr/windows/wsl/install]/[https://www.msys2.org/] - 2. Install openssh, rsync, python-pip : -``` -pacman -S openssh rsync python-pip -``` - 3. Install python deps : -``` -pip install flask waitress toml -``` - 4. Start app with `flask run` - -### Win/Linux install - -With Docker-compose / Docker desktop: - -``` -docker-compose -f docker-compose.yml up -``` - -### Firewall : port 67 - -Ouvrir port 67 pour le DHCP - -## Imaging the OS - -### From Sd to image - -`dd bs=256K if=/dev/sda of=BLAH.img status=progress oflag=dsync` - -### Shrink image - -`sudo pishrink.sh -sZpa BLAH.img` - -### From image to sd - -`xzcat 2022-07-19-videopi.img.xz | sudo dd of=/dev/sda bs=128K oflag=dsync status=progress && sync` - -### Regenerate SSH hostkeys on first start - -`sudo ln -s /lib/systemd/system/regenerate_ssh_host_keys.service /mount_point/etc/systemd/system/multi-user.target.wants/regenerate_ssh_host_keys.service` - -### (Optional) Resize FS to fill SD card - -Use `raspi-config` to resize the file system; "Advanced options" > "Expand Filesystem" - -## Installation - - * Install python 3.10 - * Use pip to install flask, waitress : - ``` - pip install flask waitress toml -``` - - -## Other : - -### VLC http LUA : ajouter des méthodes - -On modifie le fichier [`httprequests.lua`](https://code.videolan.org/videolan/vlc/-/blob/master/share/lua/intf/modules/httprequests.lua) : -`/usr/lib/arm-linux-gnueabihf/vlc/lua/intf/modules/httprequests.lua` - -Pour être sur d'avoir la bonne version, `apt-get source vlc-plugin-base` après avoir décommenter la ligne pour les sources dans `/etc/apt/sources.list`. - -Puis `tar -xvf vlc_3.0.17.4.orig.tar.xz vlc-3.0.17.4/share/lua/intf/modules/httprequests.lua`. - -On compile avec luac en faisant attention à bien utiliser la bonne version de luac ( 5.2 avec VLC-3.0.17.4 au 09-2022 ) : - -``` -file httprequests.luac -luac.out: Lua bytecode, version 5.2 -``` - -Ajout ligne 131 : - -```lua - elseif command == "pl_move" then - vlc.playlist.move( id, tonumber(val) ) -``` - -[https://salsa.debian.org/multimedia-team/vlc](https://salsa.debian.org/multimedia-team/vlc) - -#### pl_move : Usage - -Sample playlist : -``` - - - - - - -``` - -``` -# Move id 3 after id 5 -10.42.0.135:8080/requests/status.xml?command=pl_move&id=3&val=5 - - - - - - - - -``` -``` -# Make id 4 first item in list -10.42.0.135:8080/requests/status.xml?command=pl_move&id=4&val=1 -Make an array from new playlist, then loop other that from the end -``` - -### Certbot, Nginx, Waitress - -https://dev.to/thetrebelcc/how-to-run-a-flask-app-over-https-using-waitress-and-nginx-2020-235c - -``` -sudo apt-get install nginx -``` - -/etc/nginx/sites-available/default : -``` -# Cmd server -server { - listen 8888 ssl; - ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; - ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; - location / { - client_max_body_size 100M; # Max http_upload size - proxy_pass http://127.0.0.1:5000; - proxy_set_header X-Real-IP $remote_addr; - } -} -# VLC server -server { - listen 8887 ssl; - ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; - ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; - location / { - proxy_pass http://127.0.0.1:5001; - proxy_set_header X-Real-IP $remote_addr; - } -} - - -``` - -openssl : - -``` -openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 -subj "/C=/ST=Denial/L=/O=/CN=10.42.0.135" -addext "subjectAltName=10.42.0.135" -keyout "/etc/ssl/private/nginx-selfsigned.key" -out "/etc/ssl/certs/nginx-selfsigned.crt" -``` - -#### Fix nginx startup fail if /var/log/nginx doesn't exists - -In '/etc/nginx/mklogdir.sh' : -```bash -#!/bin/bash -if [[ ! -d /var/log/nginx ]] -then - mkdir /var/log/nginx - systemctl restart nginx -fi -``` -then `sudo chmod +x /etc/nginx/mklogdir.sh`. - -After that, edit the nginx service unit to add a `ExecStartPre` directive to run the script : - -``` -sudo systemctl edit --full nginx.service - -[Service] -Type=forking -PIDFile=/run/nginx.pid -ExecStartPre=/etc/nginx/mklogdir.sh # Add this line -``` - -### Bash script - -```bash -#!/bin/bash -PASSWD="secret" -ADDRESSES=("10.42.0.1" "10.42.0.135" "10.42.0.142") -#ADDRESSES1=("10.42.0.1" "10.42.0.135") -#ADDRESSES2=("10.42.0.142") -for ADDR in ${ADDRESSES[@]} -do - echo "Sending command $1 and $2 to $ADDR..." - echo -e "$PASSWD\n$1\n$2" | nc "$ADDR" 9999 -w 5 & -# echo -e "$PASSWD\n$1\n$2" | nc "$ADDR" 9999 -w 5 | sed '/Welcome/d;/VLC/d;/Password/d;' & -# echo -e "$PASSWD\n$1\n$2" | nc "$ADDR" 9999 > /dev/null & -done -sleep 0.5 -for ADDR in ${ADDRESSES[@]} -do - echo "Sending command $3 and $4 to $ADDR..." - echo -e "$PASSWD\n$3\n$4" | nc "$ADDR" 9999 > /dev/null & -done -``` - -#### DKMS install - -All modules on all kernels : - -``` -ls /lib/modules | \ - sudo xargs -n1 /usr/lib/dkms/dkms_autoinstaller start -``` -Specific module on specific kernel : -``` -sudo dkms build -m rtl8821cu -v 5.12.0 -k $kernel_version # rtl8192eu/1.0 -sudo dkms install -m rtl8821cu -v 5.12.0 -k $kernel_version # rtl8192eu/1.0 -# The module should loaded automatically but just if needed... -sudo modprobe 8821cu # 8192eu -``` \ No newline at end of file