diff --git a/10.42.0.135.crt b/10.42.0.135.crt deleted file mode 100644 index d6a195d..0000000 --- a/10.42.0.135.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDlTCCAn2gAwIBAgIUNBWMQ6KLZbQqkNdrE1w87qu6mAUwDQYJKoZIhvcNAQEL -BQAwejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoGA1UEBwwDTi9BMSAw -HgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsGA1UEAwwkMTAuNDIu -MC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMB4XDTIyMTAwOTE0NDYwNVoX -DTI0MTAwODE0NDYwNVowejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoG -A1UEBwwDTi9BMSAwHgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsG -A1UEAwwkMTAuNDIuMC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/Z+GZbiDxEcYKhVdtPwZp1VhzvT -E2SbArUE7158Y32AopIfYAZxJZrKAvnHt/6ixktXAtCghG9fuA3X8fsu2nkeq3PF -jgyRxCSjSyv6UHgakVzIe/9xlQenWttDrQfmEl/urlAzJ4SvpeD7rBj/craKtXUj -n9xDY4OWlr8vSo8+Qng9hkGSoyhKKvAOi7yLGimXeuWqs/9F8DlY/RPUzAsITOf+ -jCf9KQ8925tF1lKfCVaOIRDSqDatN8OQpkAN3saBtfyrZO9/gd4uHYXSwzyrWvZo -zfwxnvtkDlpVGQlpY5ZOsdNvSTzUHZx5OWzefFpzj8IRSzUz0TMW66QY4QIDAQAB -oxMwETAPBgNVHREECDAGhwQKKgCHMA0GCSqGSIb3DQEBCwUAA4IBAQCOoahzBD4e -WlPnh73Pxaf4MNgX2CyQXfJZ+17kVJ5R3VlOnj/M62RFBSbPQILBgfWvhvQLEnK3 -UtdOieE2qpB2qstTubQxC+JhKxQYSc0NOMDWduw+qWZYRaWn365KfOCUj1ye2sPC -gaUUfRPeZCRDfXG9XsNzC5IGct4yHOFacQBBpVaU1vL9GIlFco9PP8fzfIiovpGY -fuuKoFbFlSRL6vR1G7jVab22sISUcaZ/3vV18nX6RxaAE5UlaMTLDetlNPq9+xqd -roAq7OyYqkimWZ8fm4Rg6k98TvqMvxkCCmTLmWaalJ1bnR4lugnIxILLiWSGzmdi -qrU3CmgJ4rJK ------END CERTIFICATE----- diff --git a/10.42.0.156.crt b/10.42.0.156.crt deleted file mode 100644 index d6a195d..0000000 --- a/10.42.0.156.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDlTCCAn2gAwIBAgIUNBWMQ6KLZbQqkNdrE1w87qu6mAUwDQYJKoZIhvcNAQEL -BQAwejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoGA1UEBwwDTi9BMSAw -HgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsGA1UEAwwkMTAuNDIu -MC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMB4XDTIyMTAwOTE0NDYwNVoX -DTI0MTAwODE0NDYwNVowejELMAkGA1UEBhMCWFgxDDAKBgNVBAgMA04vQTEMMAoG -A1UEBwwDTi9BMSAwHgYDVQQKDBdTZWxmLXNpZ25lZCBjZXJ0aWZpY2F0ZTEtMCsG -A1UEAwwkMTAuNDIuMC4xMzU6IFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/Z+GZbiDxEcYKhVdtPwZp1VhzvT -E2SbArUE7158Y32AopIfYAZxJZrKAvnHt/6ixktXAtCghG9fuA3X8fsu2nkeq3PF -jgyRxCSjSyv6UHgakVzIe/9xlQenWttDrQfmEl/urlAzJ4SvpeD7rBj/craKtXUj -n9xDY4OWlr8vSo8+Qng9hkGSoyhKKvAOi7yLGimXeuWqs/9F8DlY/RPUzAsITOf+ -jCf9KQ8925tF1lKfCVaOIRDSqDatN8OQpkAN3saBtfyrZO9/gd4uHYXSwzyrWvZo -zfwxnvtkDlpVGQlpY5ZOsdNvSTzUHZx5OWzefFpzj8IRSzUz0TMW66QY4QIDAQAB -oxMwETAPBgNVHREECDAGhwQKKgCHMA0GCSqGSIb3DQEBCwUAA4IBAQCOoahzBD4e -WlPnh73Pxaf4MNgX2CyQXfJZ+17kVJ5R3VlOnj/M62RFBSbPQILBgfWvhvQLEnK3 -UtdOieE2qpB2qstTubQxC+JhKxQYSc0NOMDWduw+qWZYRaWn365KfOCUj1ye2sPC -gaUUfRPeZCRDfXG9XsNzC5IGct4yHOFacQBBpVaU1vL9GIlFco9PP8fzfIiovpGY -fuuKoFbFlSRL6vR1G7jVab22sISUcaZ/3vV18nX6RxaAE5UlaMTLDetlNPq9+xqd -roAq7OyYqkimWZ8fm4Rg6k98TvqMvxkCCmTLmWaalJ1bnR4lugnIxILLiWSGzmdi -qrU3CmgJ4rJK ------END CERTIFICATE----- diff --git a/changelog_todo.md b/changelog_todo.md new file mode 100644 index 0000000..1cb09ce --- /dev/null +++ b/changelog_todo.md @@ -0,0 +1,50 @@ +## 0.1 : 2022-07-19-videopi.img.xz +md5sum : 7e80ede8ac4eed8b8088a3b075bdc1f2 +sha256 : 03de0272c71bd4614678b05c076d0e77df3f49039ad357ef9152374c748e7f1c + + * VLC installed, H264 1080p playback ok, wifi ok, remote control via telnet script + * Run `ssh-keygen -A` at first boot for the ssh server to work + +## 0.2 : 2022-09-24-videopi.img.xz +md5sum : f859f269c44f614e22e4fe601c3bb134 +sha256 : b6fd8ef4eb726d4ce7d196b9aebf910f32327ecd43f0d78140b8647d328ded22 + + * Switch VLC to use http lua control + * Add systemd unit for running VLC on startup + * Add RTL8821CU driver for rpi 1/3 + * Boot is now totally silent (blank screen) + * Disable Bluetooth + +## 0.3 : 2022-10-09-videopi.img.xz +md5 : 8e5e5b474af47519785d5a4696db04e2 +sha256 : 0fe3fe76d0e56e445124fa20646fa8b3d8c59568786b3ebc8a96d83d92f203e3 + + * Add rtl8192eu driver for rpi1/3 + * Add http server for custom commands : reboot, shutdown, wifi signal, led blinking + * Add vlc.playlist.move method to VLC http lua (httprequests.luac) + * Add playlist to Webgui + * config file parsing ( look for 'videopi.toml' in ./, ~/., ~/.config/) + * Add VLC/waitress systemd units for automatic startup + * Use nginx reverse proxy + SSL between server and clients ( https://medium.com/@antelle/how-to-generate-a-self-signed-ssl-certificate-for-an-ip-address-f0dd8dddf754 ) + * Webgui beautifying + +# DOING NEXT : + * Install script ; Wifi setup, generate/install SSH keys/ nginx cert/key fore each host + +# DONE : + * media sync (scp, rsync, http) + +# OTHER: + * get_client_rssi.sh on server + +# TODO : + + * GUI : Btn hover/press ? + * ~ Test static IP + * Test with several rpis + * ? Scripts hotspot linux/win/mac + * ? Config sync + * ? Change hostname on first start + * ? Linux Minimal Virtualbox image + * ! Remove git personal details/resolv.conf, remove authorized_keys, clean home, re-enable ssh pw login + * ~ Doc diff --git a/diagramme.svg b/diagramme.svg new file mode 100644 index 0000000..c3827b4 --- /dev/null +++ b/diagramme.svg @@ -0,0 +1,397 @@ + + + +serveur régieAP wifi10.x.x.xwaitress+flask localhost:5000client rpi 110.x.x.01nginx 8887:8888VLC http lua 127.0.0.1:5001waitress+flask 127.0.0.1:5000ssh 22client rpi 210.x.x.02nginx 8887:8888VLC http lua 127.0.0.1:5001waitress+flask 127.0.0.1:5000ssh 22client rpi 310.x.x.03nginx 8887:8888VLC http lua 127.0.0.1:5001waitress+flask 127.0.0.1:5000ssh 22VLC HTTP LUA 8887:5001 - commandes de lecture- gestion playlistwaitress+flask : 8888:5000 - commandes systèmes (reboot, extinctions, clign.)- synchro fichiers config, medias(rsync ?) : - synchro fichiers config, mediasVPVPVPWifi 2.4 Ghz diff --git a/prepa_rpios.md b/prepa_rpios.md new file mode 100644 index 0000000..abc7499 --- /dev/null +++ b/prepa_rpios.md @@ -0,0 +1,447 @@ +# Préparation de l'image RPI videopi + +## Raspi OS et SSH + + 1. Télécharger l'image disque version "Legacy" lite : https://downloads.raspberrypi.org/raspios_oldstable_lite_armhf/images/raspios_oldstable_lite_armhf-2022-09-26/2022-09-22-raspios-buster-armhf-lite.img.xz + 2. Flasher l'image sur une carte SD : `xzcat 2022-09-22-raspios-buster-armhf-lite.img.xz | sudo dd of=/dev/mmcblkp0 bs=128K oflag=dsync status=progress && sync` + 3. Monter la carte SD et ajouter un fichier nommé `ssh` sur la partition `/boot` pour activer le serveur SSH; `touch boot/ssh` (https://linuxhint.com/rasperberry_pi_wifi_wpa_supplicant/) + 5. Toujours sur la partition `/boot`, créer un fichier nommé `wpa_supplicant.conf` pour configurer la connexion wifi. Le contenu de celui-ci : +``` +ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev +update_config=1 +country=FR + +network={ + ssid="BLAH" # Nom du réseau auquel on se connecte + #scan_ssid=1 # Décommenter si le réseau est caché + psk="BLAH" # Mot de passe wifi + # Pour accélérer la découverte et la connexion du point d'accès wifi, + # on peut spécifier les fréquences à balayer en fonction du canal utilisé par ce dernier. + # https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n910 + # Wifi 2.4 Ghz : https://fr.wikipedia.org/wiki/Liste_des_canaux_Wi-Fi#Bande_2,4_GHz + # scan_freq=2412 2437 2462 + # See nmcli 802-11-wireless.channel + # https://developer-old.gnome.org/NetworkManager/stable/settings-802-11-wireless.html + # Wifi 5ghz : https://fr.wikipedia.org/wiki/Liste_des_canaux_Wi-Fi#Liste_des_canaux_dans_la_bande_des_5_GHz + # scan_freq= 5805 +} +``` + 4. Insérer la carte dans le RPI et démarrer le système. + 5. Se connecter via SSH. + +## Modification de config.txt + +Ajouter les lignes suivantes au fichier `/boot/config.txt` : + +``` +# Forcer HDMI Full HD +hdmi_group=1 +hdmi_mode=16 # fullHD@60 + +[all] +# Désactivation du bluetooth +dtoverlay=pi3-disable-bt +max_framebuffers=2 +# Mémoire vidéo +gpu_mem=320 +# Désactiver le logo éclair et l'arc en ciel au démarrage +boot_delay=1 +avoid_warnings=1 +disable_splash=1 +``` + +## Configuration du Wifi + +``` +echo -e " + ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev\n + update_config=1\n + country=FR\n + \n + network={\n + ssid="BLAH" # Nom du réseau auquel on se connecte\n + #scan_ssid=1 # hidden ssid \n + psk="BLAH" # Mot de passe wifi\n + # Specify 2.4 or 5G freq\n + # https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n910\n + # https://fr.wikipedia.org/wiki/Liste_des_canaux_Wi-Fi#Bande_2,4_GHz + # scan_freq=2412 2437 2462\n + # See nmcli 802-11-wireless.channel\n + # https://developer-old.gnome.org/NetworkManager/stable/settings-802-11-wireless.html\n + # scan_freq= 5805\n + }\n" +| sudo tee -a /etc/wpa_supplicant/wpa_supplicant.conf +``` + +## Limiter le nombre de paquets installés par APT + +``` +echo -e "APT::Get::Install-Recommends "false";\nAPT::Get::Install-Suggests "false";" | sudo tee -a /etc/apt/apt.conf +``` + +## Rendre le démarrage du RPI complètement silencieux (écran noir) + +### cmdline.txt + +Editer le fichier `/boot/cmdline.txt` et ajouter les options suivantes à la fin de la première ligne: + +``` +console=tty3 loglevel=3 vt.global_cursor_default=0 logo.nologo consoleblank=1 +``` + +### Login silencieux + +Lancer les commandes suivantes : + * `echo "" > sudo tee /etc/issue` + * `touch .hushlogin` + +Editer le fichier `/etc/systemd/system/getty@tty1.service.d/autologin.conf` et remplacer le contenu par : + +``` +[Service] +ExecStart= +ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pi" %I $TERM +``` + +Editer le fichier `/etc/rc.local` et ajouter la ligne suivante juste avant "exit 0" : + +`setterm -term linux -blank 1 >/dev/tty1` + +## Connexion automatique au démarrage + +Lancer la commande `raspi-config`, puis aller dans "1 System Options", "S5 Boot / Auto login", "B2 Console Auto Login". + +## Installation des logiciels nécessaires + +``` +sudo apt-get update +# min +sudo apt-get install vlc va-driver-all va-driver vdpau-driver-all python3-minimal python3-flask python3-waitress +# build +# sudo apt-get install vlc git dkms firmware-realtek firmware-iwlwifi firmware-ipw2x00 firmware-atheros raspberrypi-kernel-headers build-essential va-driver-all va-driver vdpau-driver-all +``` + +### SSH : identification par clés + +Sur le serveur régie, générer les clés publiques/privées avec : + +``` +# générer une clé sans mot de passe, adapter le nom du fichier +ssh-keygen -t ed25519 -f ~/.ssh/videopiX -N "" +# copier sur le client rpi en adaptant l'IP +SSH_AUTH_SOCK="" ssh-copy-id -i .ssh/videopiX.pub pi@$IP +``` + +Désactiver la connexion par login/mdp : + +``` +echo "PasswordAuthentication no +ChallengeResponseAuthentication no +UsePAM no" | sudo tee -a /etc/ssh/sshd_config +``` + +Sur le serveur régie, éditer le fichier `~/.ssh/config` et ajouter à la fin : + +``` +# VideoPi +Host 10.42.0.142 + IdentityFile ~/.ssh/ + User pi +Host 10.42.0.135 + IdentityFile ~/.ssh/rpi3 + User pi +``` + + +## VLC : démarrage automatique du serveur http + +### Systemd Unit + +Créer le fichier `/lib/systemd/system/vlc.service` contenant: + +``` +[Unit] +Description=VLC http service + +[Service] +User=pi +#Environment="DISPLAY=:0" +ExecStart=/usr/bin/cvlc --quiet -I http --no-osd --http-password=secret +WorkingDirectory=/home/pi +Restart=always + +[Install] +WantedBy=multi-user.target +``` + +Puis lancer les commandes : + +``` +sudo chmod +x /lib/systemd/system/vlc.service +sudo systemctl enable vlc +sudo systemctl start vlc +``` + +## Configuration du serveur régie + +### Linux : network-manager cli + +``` +hotspot() +{ + +SSID="omen" +PASSWD="EpQmSmXH123" +#Intel +IFW="wlo1" +#Brostrend +#IFW="wlp0s20f0u1" +#Band (bg = 2.4Ghz, a= 5Ghz) +BAND="bg" +#HIDE="802-11-wireless.hidden false" +CHAN="802-11-wireless.channel 1" + +if [ "$1" == "off" ];then + nmcli radio wifi off + nmcli con delete $SSID +else + if [ "$1" == "wlp0s20f0u1" ];then + IFW="wlp0s20f0u1" +# IFW="wlp0s20f0u2u4" +# BAND="a" +# CHAN="802-11-wireless.channel 161" + fi + + nmcli con delete $SSID + nmcli con add type wifi ifname $IFW con-name $SSID autoconnect no ssid $SSID + nmcli con modify $SSID 802-11-wireless.mode ap 802-11-wireless.band $BAND $CHAN ipv4.method shared + nmcli con modify $SSID wifi-sec.key-mgmt wpa-psk + nmcli con modify $SSID 802-11-wireless-security.proto rsn + nmcli con modify $SSID 802-11-wireless-security.pairwise ccmp + nmcli con modify $SSID wifi-sec.psk $PASSWD + nmcli radio wifi on + nmcli con up $SSID +fi +} +``` + +#### Changer la plage d'IP du hotspot + +Une fois la connexion créée, éditer `/etc/NetworkManager/system-connections/$SSID.nmconnection` et ajouter une directive `address1` à la section "[ipv4]": + +``` +[ipv4] +method=shared +address1=192.168.125.1/24,192.168.125.1 +``` +puis redémarrer networkmanager : + +``` +sudo systemctl restart NetworkManager +``` + +### IP fixes des clients + +#### Bail dhcp permanent + +`sudo nano /etc/NetworkManager/dnsmasq-shared.d/wlo1.conf` + +``` +log-queries +log-facility=/var/log/dnsmasq.log +#rpi1 +dhcp-host=00:e0:4c:18:0a:fa,rpi1,10.42.0.142 +#rpi3 +dhcp-host=b8:27:eb:12:55:31,rpi3,10.42.0.135 +``` + +#### WPA supplicant + +### Windows setup + +#### Hotspot : netsh + +``` +netsh wlan set hostednetwork mode=allow ssid=Hotspot key=ZiZiPass +netsh wlan start hostednetwork +``` + +#### Dependencies + + 1. Install wsl/msys2 ; [https://learn.microsoft.com/fr-fr/windows/wsl/install]/[https://www.msys2.org/] + 2. Install openssh, rsync, python-pip : +``` +pacman -S openssh rsync python-pip +``` + 3. Install python deps : +``` +pip install flask waitress toml +``` + 4. Start app with `flask run` + +### Win/Linux install + +With Docker-compose / Docker desktop: + +``` +docker-compose -f docker-compose.yml up +``` + +### Firewall : port 67 + +Ouvrir port 67 pour le DHCP + +## Imaging the OS + +### From Sd to image + +`dd bs=256K if=/dev/sda of=BLAH.img status=progress oflag=dsync` + +### Shrink image + +`sudo pishrink.sh -sZpa BLAH.img` + +### From image to sd + +`xzcat 2022-07-19-videopi.img.xz | sudo dd of=/dev/sda bs=128K oflag=dsync status=progress && sync` + +### Regenerate SSH hostkeys on first start + +`sudo ln -s /lib/systemd/system/regenerate_ssh_host_keys.service /mount_point/etc/systemd/system/multi-user.target.wants/regenerate_ssh_host_keys.service` + +### (Optional) Resize FS to fill SD card + +Use `raspi-config` to resize the file system; "Advanced options" > "Expand Filesystem" + +## Installation + + * Install python 3.10 + * Use pip to install flask, waitress : + ``` + pip install flask waitress toml +``` + + +## Other : + +### VLC http LUA : ajouter des méthodes + +On modifie le fichier [`httprequests.lua`](https://code.videolan.org/videolan/vlc/-/blob/master/share/lua/intf/modules/httprequests.lua) : +`/usr/lib/arm-linux-gnueabihf/vlc/lua/intf/modules/httprequests.lua` + +Pour être sur d'avoir la bonne version, `apt-get source vlc-plugin-base` après avoir décommenter la ligne pour les sources dans `/etc/apt/sources.list`. + +Puis `tar -xvf vlc_3.0.17.4.orig.tar.xz vlc-3.0.17.4/share/lua/intf/modules/httprequests.lua`. + +On compile avec luac en faisant attention à bien utiliser la bonne version de luac ( 5.2 avec VLC-3.0.17.4 au 09-2022 ) : + +``` +file httprequests.luac +luac.out: Lua bytecode, version 5.2 +``` + +Ajout ligne 131 : + +```lua + elseif command == "pl_move" then + vlc.playlist.move( id, tonumber(val) ) +``` + +[https://salsa.debian.org/multimedia-team/vlc](https://salsa.debian.org/multimedia-team/vlc) + +#### pl_move : Usage + +Sample playlist : +``` + + + + + + +``` + +``` +# Move id 3 after id 5 +10.42.0.135:8080/requests/status.xml?command=pl_move&id=3&val=5 + + + + + + + + +``` +``` +# Make id 4 first item in list +10.42.0.135:8080/requests/status.xml?command=pl_move&id=4&val=1 +Make an array from new playlist, then loop other that from the end +``` + +### Certbot, Nginx, Waitress + +https://dev.to/thetrebelcc/how-to-run-a-flask-app-over-https-using-waitress-and-nginx-2020-235c + +``` +sudo apt-get install nginx +``` + +/etc/nginx/sites-available/default : +``` +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + server_name example.com; + location / { + proxy_pass http://your.ip.adress:5000; + proxy_set_header X-Real-IP $remote_addr; + } +} +server { + listen 80; + server_name example.com; + return 302 https://$server_name$request_uri; +} + +``` + +### Bash script + +```bash +#!/bin/bash +PASSWD="secret" +ADDRESSES=("10.42.0.1" "10.42.0.135" "10.42.0.142") +#ADDRESSES1=("10.42.0.1" "10.42.0.135") +#ADDRESSES2=("10.42.0.142") +for ADDR in ${ADDRESSES[@]} +do + echo "Sending command $1 and $2 to $ADDR..." + echo -e "$PASSWD\n$1\n$2" | nc "$ADDR" 9999 -w 5 & +# echo -e "$PASSWD\n$1\n$2" | nc "$ADDR" 9999 -w 5 | sed '/Welcome/d;/VLC/d;/Password/d;' & +# echo -e "$PASSWD\n$1\n$2" | nc "$ADDR" 9999 > /dev/null & +done +sleep 0.5 +for ADDR in ${ADDRESSES[@]} +do + echo "Sending command $3 and $4 to $ADDR..." + echo -e "$PASSWD\n$3\n$4" | nc "$ADDR" 9999 > /dev/null & +done +``` + +#### DKMS install + +All modules on all kernels : + +``` +ls /lib/modules | \ + sudo xargs -n1 /usr/lib/dkms/dkms_autoinstaller start +``` +Specific module on specific kernel : +``` +sudo dkms build -m rtl8821cu -v 5.12.0 -k $kernel_version # rtl8192eu/1.0 +sudo dkms install -m rtl8821cu -v 5.12.0 -k $kernel_version # rtl8192eu/1.0 +# The module should loaded automatically but just if needed... +sudo modprobe 8821cu # 8192eu +``` \ No newline at end of file diff --git a/selfCA.crt b/selfCA.crt new file mode 100644 index 0000000..5e190fb --- /dev/null +++ b/selfCA.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFSDCCAzCgAwIBAgIUEKUzrybb9J5ifuzwIHIWRqY+Cf8wDQYJKoZIhvcNAQEL +BQAwJTEPMA0GA1UECAwGRGVuaWFsMRIwEAYDVQQDDAkxMC40Mi4wLjEwHhcNMjIx +MDE4MTAzNjU4WhcNMjMxMDE4MTAzNjU4WjAlMQ8wDQYDVQQIDAZEZW5pYWwxEjAQ +BgNVBAMMCTEwLjQyLjAuMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ANmJzzHfbRqWuutzBG0+dg3S1sSruM0hRYUjDyWeq8KimGFyiW7sWG/WcfGIeHT7 +gpusPxmH0iu7/bEKNyQOYhivNVJaAdSb/6IOB1ILRdnyKDxM5ck8djj2byqQlcpP +gOH0lnDMP87LSmrVQvUuBTn2s+2g6DyWNYevJplpJXw8u1Fm1C0IhAlH1WOvXd9P +gxkL0/qY2zoblZkmCOS1dIrv1KLUJ331zlw/FYMuZ1dXiDG85y6sKGMMYjaCgYwz +Q2ksJo9oYNRXW/tkk0P9/BkVKe14NSd7QP0kOucYRKb70wVeFx5+wTwcPaiFV8tK +2dXuyA4fkHxWwlKnb6EI93cXTRSH0O3BM+4n0jpz3rHonQD10SD19k/AxrcpIOpH +suHn0zjczeE0QVHaL39S/Sry+oOQ49SNBJ7lQbfa5jk+DQ2TIOgzL9NDihuCy2YM +RkWxBFx8euVpfx2VyjzWjD345mzS8GpJCpJsHCmwWVJjRJaCLYQPO1lsm5uLqbQ3 +rhslkWBCikX8zBJOh8Bkxd7hu+WmO64uIxE0tJTnI6P64qWdjWkxWKAbuymqsTKZ +RYUsGIEn7XVh6Cx8JUVaXbpr+uxMyTShGopHTJvwzDi6+Wl9Arppu8IE5uE/TEYK +fg2QHuOGfDqjSD7NU30YbUkO8J8bnOhhxhSaWGTMSWbbAgMBAAGjcDBuMB0GA1Ud +DgQWBBTgTH6kgDMUkuTFImvMP4CJGWGKUTAfBgNVHSMEGDAWgBTgTH6kgDMUkuTF +ImvMP4CJGWGKUTAPBgNVHRMBAf8EBTADAQH/MBsGA1UdEQQUMBKHBAoqAIeHBAoq +AI6HBAoqAJwwDQYJKoZIhvcNAQELBQADggIBAM3nmHaPUoZJ8F+lGi1OPXDvzl32 +CRGcR0aIMWqDpK1iGRWjdPAcDXF/iY2fE8i0HGROI/1oflvZCdp33RWoMe9WQsxs +lYGQMtQpKeWkFL+SK88PELTIFHo4cy7qNJNKTzMTEqabXAT6YZGUXXnyMohlmARc +Xac31z8t+FlwcKF3xHSy5BEz2m1as/BOfM/LGgp/HMAVQnoXDz8ptkSWotsycfvh +qQg5ruDvSmHiZzBPVcPJo6VQphWZY3TaHCJ8ndqe4I0F0nUHQWB2+WYgDMsrLw1o +ne+cyPsvwqazDmOkvVSXgcTOYs7/f0eCzFKZHQSqtWnzo7yUgNNCmHBL767b5s4Z +cMabuHq+y081tHK3N3lxCTfKocSnSUEQ6X2zbXj8P5KjW8Cwi6IZad+m8bEGbaqM +vFaYkrEbIpUEyAtg5IXBCAu3W4vPIfw8ttlpQb61xKDdUqcPKrKC4VmmM/qKfN+i +tuH5d+25IFkhwL//nUGXhdnymkc+zQF0R3GJe051YtotX1AgQHAN2CyBUAsHEULX +5b5pMZ1kuvuKjJM6Q2cdl2I/kjECa/g3Lljgg3AqIYkrERbTbCOmIQQq0lGysUs9 +CSIP5cSveM19Yl0nhta/RQOQkJtZJ+l/sgPCEpk7L0IcAe0iO2QEO3b8EAm4k1jm +CjXf2+U9g1RYwZSx +-----END CERTIFICATE----- diff --git a/videopi_script.sh b/videopi_script.sh new file mode 100755 index 0000000..3c32316 --- /dev/null +++ b/videopi_script.sh @@ -0,0 +1,199 @@ +#!/bin/bash +# +# Options +# Device block to write on +# TODO : Add flags check +SDCARD=$1 +if [ "$SDCARD" == "" ] +then + red "Please specify the SDcard device block, e.g: '/dev/mmcblk0'." + exit 0 +fi +DD_BS="128K" +DISK_IMAGE="$HOME/niels/2022-10-09-videopi.img.xz" +CONFIG_DIR="$HOME/niels/flasktest" +PI_USER="pi" +BOOT_MOUNT="/run/media/$USER/boot" +ROOTFS_MOUNT="/run/media/$USER/rootfs" +#~ LOCAL_MEDIA_DIR="$HOME/Videos" +LOCAL_MEDIA_DIR="$HOME/niels/medias" +REMOTE_MEDIA_DIR="$ROOTFS_MOUNT/home/pi/Videos" +IP_RANGE="10.42.0.0" +SSID="omen" +PASSWD="EpQmSmXH123" +IFW="wlo1" +#Band (bg = 2.4Ghz, a= 5Ghz) +BAND="bg" +# Hidden SSID +#~ HIDE="802-11-wireless.hidden false" +# Set channel manually +#~ CHAN="802-11-wireless.channel 1" +# +# Colored output +#~ set +x +bold=$(tput bold) +function red(){ + echo -e "${bold}\x1B[31m$1 \x1B[0m" + if [ ! -z "${2}" ]; then + echo -e "\x1B[31m $($2) \x1B[0m" + fi +} +function green(){ + echo -e "${bold}\x1B[32m$1 \x1B[0m" + if [ ! -z "${2}" ]; then + echo -e "\x1B[32m $($2) \x1B[0m" + fi +} +function yellow(){ + echo -e "${bold}\x1B[33m$1 \x1B[0m" + if [ ! -z "${2}" ]; then + echo -e "\x1B[33m $($2) \x1B[0m" + fi +} +# +# 0. Create AP connection +# +# If connection exists, delete it +nmcli con delete $SSID +nmcli con add type wifi ifname $IFW con-name $SSID autoconnect yes ssid $SSID +nmcli con modify $SSID 802-11-wireless.mode ap 802-11-wireless.band $BAND $CHAN $HIDE ipv4.method shared +nmcli con modify $SSID wifi-sec.key-mgmt wpa-psk +nmcli con modify $SSID 802-11-wireless-security.proto rsn +nmcli con modify $SSID 802-11-wireless-security.pairwise ccmp +nmcli con modify $SSID wifi-sec.psk $PASSWD +nmcli radio wifi on +nmcli con up $SSID + +# 0.a set IP range on server +echo -e "Setting IP range in /etc/NetworkManager/system-connections/$SSID.nmconnection ... \n" +#~ sed "/\[ipv4\]/a address1=$IP_RANGE/24, $IP_RANGE" /etc/NetworkManager/system-connections/$SSID.nmconnection + +# 0.b ask for number of clients +# This will be used to determine static IP +yellow "Nombre de clients à configurer : " +read -n 4 CLIENT_NUMBER +green "Got $CLIENT_NUMBER...\n" +# Get first IP in specified range and add 1 +IP=$(echo $IP_RANGE | awk -F. '{print $4}') +((IP++)) +echo -e "First IP is $IP ...\n" +# Remove IP's last byte +IP_RANGE_3B=$(echo $IP_RANGE | awk -F. '{print $1"."$2"."$3"."}') +# Generate SSL cert with IPs in IP_RANGE +IP_CNT=$IP +IP_ARRAY=() +while [ $IP_CNT -le $CLIENT_NUMBER ] +do + IP_ARRAY+=("IP:$IP_RANGE_3B$IP_CNT") + ((IP_CNT++)) +done +# Convert array to string +HOST_LIST="$(IFS=","; echo "${IP_ARRAY[*]}")" +yellow "Got host list : $HOST_LIST \n" +# 5. Generate valid ssl cert/key for every IP in range +# https://unix.stackexchange.com/questions/104171/create-ssl-certificate-non-interactively +yellow "Generating SSL crt/key for $HOST_LIST...\n" +openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 \ +-subj "/C=/ST=Denial/L=/O=/CN=$IP_RANGE$IP" \ +-addext "subjectAltName=$HOST_LIST" \ +-keyout "$CONFIG_DIR/selfCA.key" -out "$CONFIG_DIR/selfCA.crt" +#sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" -out "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt" + +# Proceed with each host +for HOST in "${IP_ARRAY[@]}" +do + HOST=$(echo $HOST | awk -F: '{print $2}') + HOST_NAME="videopi-$(echo $HOST | awk -F. '{print $4}')" + # 1. Copy img to sd + green "Operation 1/13 : Imaging $SDCARD with the file $DISK_IMAGE ...\n" + red "Are you sure you want to erase the content of $SDCARD ? Type uppercase 'yes' to confirm." + read -n 4 GO_DD + if [ "$GO_DD" != "YES" ] + then + red "Answer was different from 'YES'. Aborting..." + break + fi + red "Received answer $GO_DD. Running dd on $SDCARD in 5 seconds." + sleep 5 + GO_DD=0 + xzcat "$DISK_IMAGE" | sudo dd of=$SDCARD bs="$DD_BS" oflag=dsync status=progress && sync + # unmount / remount new filesystem + green "Operation 2/13 : Unmounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\n" + umount $BOOT_MOUNT + umount $ROOTFS_MOUNT + green "Operation 3/13 : Remounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\n" + systemctl --user restart gvfs-udisks2-volume-monitor + green "Operation 4/13 : Changing hostname to $HOST_NAME ...\n" + # Change hostname + echo "$HOST_NAME" | tee "$ROOTFS_MOUNT/etc/hostname" + ## Enable SSH + green "Operation 5/13 : Enabling SSH server on boot ...\n" + touch "$BOOT_MOUNT/ssh" + ## Generate SSH private/public key and install it - Disable passwd login + green "Operation 6/13 : Generating private/public SSH key as $HOME/.ssh/$HOST_NAME ...\n" + ssh-keygen -t ed25519 -f "$HOME/.ssh/$HOST_NAME" -N "" + red "New SSH key pair generated as $HOME/.ssh/$HOST_NAME. Add to ~/.ssh/config ? (y/n)" + read -n 2 ADD_SSH_CONF + if [ "$ADD_SSH_CONF" == "y" ] + then + # Add to ~/.ssh/config + echo -e "Host $HOST\n\tIdentityFile ~/.ssh/$HOST_NAME\n\tUser $PI_USER" | tee -a "$HOME/.ssh/config" + fi + # Copy public key to rpi + green "Operation 7/13 : Installing public SSH key $HOME/.ssh/$HOST.pub in $ROOTFS_MOUNT/home/pi/.ssh/authorized_keys...\n" + sudo cp "$HOME/.ssh/$HOST_NAME.pub" "$ROOTFS_MOUNT/home/pi/.ssh/authorized_keys" + # Disable PW login + green "Operation 8/13 : Disabling SSH password based login in $ROOTFS_MOUNT/etc/ssh/sshd_config ...\n" + echo -e "PasswordAuthentication no\nChallengeResponseAuthentication no\nUsePAM no" | sudo tee -a "$ROOTFS_MOUNT/etc/ssh/sshd_config" + # 3. Configure wifi with static IP + green "Operation 9/13 : Configuring wireless connection to $SSID with pw $PASSWD : ...\n" + echo " + ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev + update_config=1 + country=FR + + network={ + ssid='$SSID' # Nom du réseau auquel on se connecte + psk='$PASSWD' # Mot de passe wifi + # Optional parameters + # scan_ssid=1 # hidden ssid + # Specify 2.4 or 5G freq + # https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n910 + # https://fr.wikipedia.org/wiki/Liste_des_canaux_Wi-Fi#Bande_2,4_GHz + # scan_freq=2412 2437 2462 + }" | sudo tee "$ROOTFS_MOUNT/etc/wpa_supplicant/wpa_supplicant.conf" + # Request specific IP to dhcp server + green "Operation 10/13 : Setting static IP $HOST in $ROOTFS_MOUNT/etc/dhcpcd.conf...\n" + echo -e "interface wlan0\nrequest $HOST" | sudo tee -a "$ROOTFS_MOUNT/etc/dhcpcd.conf" + # 5. Install previously generated SSL key/crt + #sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" -out "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt" + green "Operation 11/13 : Installing public SSH key $CONFIG_DIR/selfCA.crt in $ROOTFS_MOUNT/etc/ssl/certs/ ...\n" + sudo cp "$CONFIG_DIR/selfCA.crt" "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt" + sudo cp "$CONFIG_DIR/selfCA.key" "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" + # 6. Copy medias + green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n" + rsync -auv "$LOCAL_MEDIA_DIR/" "$REMOTE_MEDIA_DIR/" + # Unmount FS + green "Operation 13/13 : Unmounting filesystems" + umount $BOOT_MOUNT + umount $ROOTFS_MOUNT + yellow "Client $IP/$CLIENT_NUMBER done." + if [ "$IP" -lt "$CLIENT_NUMBER" ] + then + red "Please swap sd card in reader and enter uppercase 'yes' to proceed with next client :" + read -n 4 GO_ON + if [ "$GO_ON" != "YES" ] + then + red "Answer was different from 'YES'. Aborting...\n" + break + fi + GO_ON=0 + ((IP++)) + else + green "All done !" + exit 1 + fi +done +yellow "Nothing more to do." +exit 0 +#~ rm "$CONFIG_DIR/selfCA.key" \ No newline at end of file diff --git a/vlctest b/vlctest new file mode 100755 index 0000000..6d0d089 --- /dev/null +++ b/vlctest @@ -0,0 +1,60 @@ +#!/bin/bash +# E.G : ./vlctest "enqueue tst.mp4" pause "seek 0" play + +# Parse options + +h_set=0 +#~ s_set=0 +#~ d_set=0 +while getopts "h:" OPT; do + case "$OPT" in + h) + echo "Sending to ${OPTARG}" + h_set=1 + ADDRESSES=("${OPTARG}") + shift $((OPTIND-1)) + CMDS="$*" + ;; + #~ c) + #~ c_set=1 + #~ CMDS=("${OPTARG}") + #~ s) s_set=1;; + #~ d) d_set=1;; + *) # getopts produces error + exit 1;; + esac +done + +# If no host provided, use all by default +#~ if ((!h_set && OPTIND>$#)) ; then +if ((!h_set)) ; then + echo "Sending to all hosts" + # RPIs wlan adresses + ADDRESSES=("10.42.0.1" "10.42.0.135" "10.42.0.142") + CMDS="$*" + echo ${ADDRESSES[@]} +fi +# Split str into args +readarray -d "+" -t CMDAR <<< "$CMDS" +echo ${CMDAR[@]} + +# Telnet password +PASSWD="secret" + +# Send commands +for ADDR in ${ADDRESSES[@]} +do + echo "Sending command $1 and $2 to $ADDR..." + echo -e "$PASSWD\n${CMDAR[0]}\n${CMDAR[1]}" | nc "$ADDR" 9999 -w 5 & + #~ echo -e "$PASSWD\n$1\n$2" | nc "$ADDR" 9999 -w 5 & +# echo -e "$PASSWD\n$1\n$2" | nc "$ADDR" 9999 -w 5 | sed '/Welcome/d;/VLC/d;/Password/d;' & +# echo -e "$PASSWD\n$1\n$2" | nc "$ADDR" 9999 > /dev/null & +done +sleep 1 +for ADDR in ${ADDRESSES[@]} +do + echo "Sending command ${CMDAR[2]} and ${CMDAR[3]} to $ADDR..." + echo -e "$PASSWD\n${CMDAR[2]}\n${CMDAR[3]}" | nc "$ADDR" 9999 > /dev/null & + #~ echo "Sending command $3 and $4} to $ADDR..." + #~ echo -e "$PASSWD\n$2\n$4" | nc "$ADDR" 9999 > /dev/null & +done