From 1ebadd5a8de05a842dde34481812ec487a4bdcc4 Mon Sep 17 00:00:00 2001 From: ABelliqueux Date: Wed, 19 Oct 2022 18:39:23 +0200 Subject: [PATCH] Fix deploy script --- app.py | 2 +- changelog_todo.md | 23 ++++++++++++++------ defaults.toml | 4 ++-- linux_server_deploy.sh | 36 ++++++++++++++++++++----------- pilpil.toml => pilpil-server.toml | 2 +- prepa_rpios.md | 2 +- selfCA.crt | 31 -------------------------- 7 files changed, 45 insertions(+), 55 deletions(-) rename pilpil.toml => pilpil-server.toml (89%) delete mode 100644 selfCA.crt diff --git a/app.py b/app.py index ecdd0a2..cd60b2b 100755 --- a/app.py +++ b/app.py @@ -15,7 +15,7 @@ config_locations = ["./", "~/.", "~/.config/"] for location in config_locations: # Optional config files, ~ is expanded to $HOME on *nix, %USERPROFILE% on windows # ~ app.config.from_file("videopi.toml", load=toml.load, silent=True) - if app.config.from_file(os.path.expanduser( location + "pilpil.toml"), load=toml.load, silent=True): + if app.config.from_file(os.path.expanduser( location + "pilpil-server.toml"), load=toml.load, silent=True): print("Found configuration file in " + os.path.expanduser( location )) # ~ app.config.from_file(os.path.expanduser("~/.config/videopi.toml"), load=toml.load, silent=True) diff --git a/changelog_todo.md b/changelog_todo.md index 9c1f244..88eb0b9 100644 --- a/changelog_todo.md +++ b/changelog_todo.md @@ -28,11 +28,23 @@ sha256 : 0fe3fe76d0e56e445124fa20646fa8b3d8c59568786b3ebc8a96d83d92f203e3 * Use nginx reverse proxy + SSL between server and clients ( https://medium.com/@antelle/how-to-generate-a-self-signed-ssl-certificate-for-an-ip-address-f0dd8dddf754 ) * Webgui beautifying -# DOING NEXT : - * Install script ; Wifi setup, generate/install SSH keys/ nginx cert/key fore each host +## 0.4 : 2022-10-19-videopi.img.xz +md5 : +sha256 : + * Apt upgrade + * Switch to user 'pil', pw 'pilpoil' + * client config file parsing ( look for 'pilpil-client.toml' in ./, ~/., ~/.config/) + * Add media folder sync (scp, rsync, http upload) + * General filesystem clean up + +# DOING NEXT : + * ~ Test static IP + * Test with several rpis + # DONE : * media sync (scp, rsync, http) + * Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs # OTHER: * get_client_rssi.sh on server @@ -40,11 +52,10 @@ sha256 : 0fe3fe76d0e56e445124fa20646fa8b3d8c59568786b3ebc8a96d83d92f203e3 # TODO : * FR localisation * GUI : Btn hover/press ? - * ~ Test static IP - * Test with several rpis + * ? Scripts hotspot linux/win/mac * ? Config sync - * ? Change hostname on first start + * ? * ? Linux Minimal Virtualbox image - * ! Remove git personal details/resolv.conf, remove authorized_keys, clean home, re-enable ssh pw login + * ! Remove git personal details/resolv.conf, remove authorized_keys, ssh config, clean home, re-enable ssh pw login * ~ Doc diff --git a/defaults.toml b/defaults.toml index c3cf052..4ab50c5 100644 --- a/defaults.toml +++ b/defaults.toml @@ -2,8 +2,8 @@ DEBUG = 0 useSSL = false CAfile = "selfCA.crt" -# Could be scp, sftp ? -sync_facility = "rsync" +# scp, rsync, http +sync_facility = "http" media_folder_local = "~/Videos" media_folder_remote = "~/Videos" media_exts = [] diff --git a/linux_server_deploy.sh b/linux_server_deploy.sh index 7126f49..ee3c030 100755 --- a/linux_server_deploy.sh +++ b/linux_server_deploy.sh @@ -32,15 +32,15 @@ then exit 0 fi DD_BS="128K" -DISK_IMAGE="$HOME/niels/2022-10-09-videopi.img.xz" +DISK_IMAGE="$HOME/niels/imgs/2022-10-19-pilpil.img.xz" CONFIG_DIR="$HOME/niels/flasktest" -PI_USER="pi" +PI_USER="pil" BOOT_MOUNT="/run/media/$USER/boot" ROOTFS_MOUNT="/run/media/$USER/rootfs" #~ LOCAL_MEDIA_DIR="$HOME/Videos" LOCAL_MEDIA_DIR="$HOME/niels/medias" -REMOTE_MEDIA_DIR="$ROOTFS_MOUNT/home/pi/Videos" -IP_RANGE="10.42.0.0" +REMOTE_MEDIA_DIR="$ROOTFS_MOUNT/home/$PI_USER/Videos" +IP_RANGE="10.42.0.1" SSID="omen" PASSWD="EpQmSmXH123" IFW="wlo1" @@ -76,14 +76,14 @@ read -n 4 CLIENT_NUMBER green "Got $CLIENT_NUMBER...\n" # Get first IP in specified range and add 1 IP=$(echo $IP_RANGE | awk -F. '{print $4}') -((IP++)) -echo -e "First IP is $IP ...\n" + +echo -e "First IP is $(($IP+1)) ...\n" # Remove IP's last byte IP_RANGE_3B=$(echo $IP_RANGE | awk -F. '{print $1"."$2"."$3"."}') # Generate SSL cert with IPs in IP_RANGE -IP_CNT=$IP +IP_CNT=$(($IP+1)) IP_ARRAY=() -while [ $IP_CNT -le $CLIENT_NUMBER ] +while [ $IP_CNT -le $(($CLIENT_NUMBER+$IP)) ] do IP_ARRAY+=("IP:$IP_RANGE_3B$IP_CNT") ((IP_CNT++)) @@ -107,7 +107,7 @@ do HOST_NAME="videopi-$(echo $HOST | awk -F. '{print $4}')" # 1. Copy img to sd green "Operation 1/13 : Imaging $SDCARD with the file $DISK_IMAGE ...\n" - red "Are you sure you want to erase the content of $SDCARD ? Type uppercase 'yes' to confirm." + red "Are you sure you want to ERASE THE CONTENT of $SDCARD ? Type uppercase 'yes' to confirm." read -n 4 GO_DD if [ "$GO_DD" != "YES" ] then @@ -123,13 +123,17 @@ do umount $BOOT_MOUNT umount $ROOTFS_MOUNT green "Operation 3/13 : Remounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\n" + echo "Remounting..." + sleep 1 systemctl --user restart gvfs-udisks2-volume-monitor + sleep 3 green "Operation 4/13 : Changing hostname to $HOST_NAME ...\n" # Change hostname - echo "$HOST_NAME" | tee "$ROOTFS_MOUNT/etc/hostname" + echo "$HOST_NAME" | sudo tee "$ROOTFS_MOUNT/etc/hostname" ## Enable SSH green "Operation 5/13 : Enabling SSH server on boot ...\n" touch "$BOOT_MOUNT/ssh" + sync ## Generate SSH private/public key and install it - Disable passwd login green "Operation 6/13 : Generating private/public SSH key as $HOME/.ssh/$HOST_NAME ...\n" ssh-keygen -t ed25519 -f "$HOME/.ssh/$HOST_NAME" -N "" @@ -141,11 +145,13 @@ do echo -e "Host $HOST\n\tIdentityFile ~/.ssh/$HOST_NAME\n\tUser $PI_USER" | tee -a "$HOME/.ssh/config" fi # Copy public key to rpi - green "Operation 7/13 : Installing public SSH key $HOME/.ssh/$HOST.pub in $ROOTFS_MOUNT/home/pi/.ssh/authorized_keys...\n" - sudo cp "$HOME/.ssh/$HOST_NAME.pub" "$ROOTFS_MOUNT/home/pi/.ssh/authorized_keys" + green "Operation 7/13 : Installing public SSH key $HOME/.ssh/$HOST.pub in $ROOTFS_MOUNT/home/$PI_USER/.ssh/authorized_keys...\n" + sudo cp "$HOME/.ssh/$HOST_NAME.pub" "$ROOTFS_MOUNT/home/$PI_USER/.ssh/authorized_keys" + sync # Disable PW login green "Operation 8/13 : Disabling SSH password based login in $ROOTFS_MOUNT/etc/ssh/sshd_config ...\n" echo -e "PasswordAuthentication no\nChallengeResponseAuthentication no\nUsePAM no" | sudo tee -a "$ROOTFS_MOUNT/etc/ssh/sshd_config" + sync # 3. Configure wifi with static IP green "Operation 9/13 : Configuring wireless connection to $SSID with pw $PASSWD : ...\n" echo " @@ -163,17 +169,21 @@ do # https://fr.wikipedia.org/wiki/Liste_des_canaux_Wi-Fi#Bande_2,4_GHz # scan_freq=2412 2437 2462 }" | sudo tee "$ROOTFS_MOUNT/etc/wpa_supplicant/wpa_supplicant.conf" + sync # Request specific IP to dhcp server green "Operation 10/13 : Setting static IP $HOST in $ROOTFS_MOUNT/etc/dhcpcd.conf...\n" echo -e "interface wlan0\nrequest $HOST" | sudo tee -a "$ROOTFS_MOUNT/etc/dhcpcd.conf" + sync # 5. Install previously generated SSL key/crt #sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" -out "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt" green "Operation 11/13 : Installing public SSH key $CONFIG_DIR/selfCA.crt in $ROOTFS_MOUNT/etc/ssl/certs/ ...\n" sudo cp "$CONFIG_DIR/selfCA.crt" "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt" sudo cp "$CONFIG_DIR/selfCA.key" "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" + sync # 6. Copy medias green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n" - rsync -auv "$LOCAL_MEDIA_DIR/" "$REMOTE_MEDIA_DIR/" + sudo rsync -auv "$LOCAL_MEDIA_DIR/" "$REMOTE_MEDIA_DIR/" + sync # Unmount FS green "Operation 13/13 : Unmounting filesystems" umount $BOOT_MOUNT diff --git a/pilpil.toml b/pilpil-server.toml similarity index 89% rename from pilpil.toml rename to pilpil-server.toml index c900a93..8e83ec7 100644 --- a/pilpil.toml +++ b/pilpil-server.toml @@ -2,7 +2,7 @@ DEBUG = 0 useSSL = true CAfile = "selfCA.crt" -# Can be rsync, scp, http +# scp, rsync, http sync_facility = "http" media_folder_local = "../medias" media_folder_remote = "/home/pi/Videos/" diff --git a/prepa_rpios.md b/prepa_rpios.md index abc7499..1d574c5 100644 --- a/prepa_rpios.md +++ b/prepa_rpios.md @@ -116,7 +116,7 @@ Lancer la commande `raspi-config`, puis aller dans "1 System Options", "S5 Boot ``` sudo apt-get update # min -sudo apt-get install vlc va-driver-all va-driver vdpau-driver-all python3-minimal python3-flask python3-waitress +sudo apt-get install vlc vlc-plugin-base va-driver-all va-driver vdpau-driver-all python3-minimal python3-flask python3-waitress python3-toml # build # sudo apt-get install vlc git dkms firmware-realtek firmware-iwlwifi firmware-ipw2x00 firmware-atheros raspberrypi-kernel-headers build-essential va-driver-all va-driver vdpau-driver-all ``` diff --git a/selfCA.crt b/selfCA.crt deleted file mode 100644 index 6469f2e..0000000 --- a/selfCA.crt +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIUeI1nNbqXYM/kIZ0h8dYhtPox5D4wDQYJKoZIhvcNAQEL -BQAwJjEPMA0GA1UECAwGRGVuaWFsMRMwEQYDVQQDDAoxMC40Mi4wLjAxMB4XDTIy -MTAxODE4MDMxNloXDTI3MTAxNzE4MDMxNlowJjEPMA0GA1UECAwGRGVuaWFsMRMw -EQYDVQQDDAoxMC40Mi4wLjAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC -AgEAtpxaV4/De4M8mjdNR/78GCrBydfhQwK4SxrRwMdlHByyMT14bJB+3qRGNFqp -n5pUr8CORf/WVNDuB4naBP4UPVUPt65P8juQO4+/DFFs0SzNzpQhWEHZD7oJQFGO -RftTIKZnGSHLt1qtgtC0VqlVTXOGi2Gsss2u6vIGqagydziFvJRdjc4026Z1Zlzz -qfdoUIIhrZoxHepNSyy0JXb6ITJCzW+sFqcQNnwdSu1ddzr315mFa9+Dkayew0Bf -WRO+HQJnmznHAEOv5qnkrGqfs/u+Hjpfq98cBzE6feOjPMNcSmhnYViGYOJKaj2i -uJq+fMPPexD/NnL9PdpFta6xDGB+2qkc3NOAXLRYd1WoBvt0OVFVnou8bghBOT1I -R8Vab3fOj37cCNAWp3hOQ+/Noi2t7ipjDW7aTXGrvciigdGPXSHAfOl32PWNB3UI -n5q3IBpuOt0L/+VaOaXZ319AcV/Dx26p6Y26qz/i6lc7xfUJW28Y1W3hn9zVnQjT -s6H6lGwS5s3AJSiztmfrCWmi96O1IzKODxaJA23h3/XLpUu/2DsNnY63DMTgyRXZ -0QZcxUROGIiogkyvemOu6Bk69bwew8p72DJCUsmb7RgkK6MwLfthQIb8ZFUntnAa -Nkzucw8YCFc99us9fR33kCJVlo3rbDSynBadJ7x6wH+/lVkCAwEAAaNkMGIwHQYD -VR0OBBYEFMqFFNXp4jpIJDW8AQyAH1e0yGmUMB8GA1UdIwQYMBaAFMqFFNXp4jpI -JDW8AQyAH1e0yGmUMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0RBAgwBocECioAATAN -BgkqhkiG9w0BAQsFAAOCAgEAoW4Zk8woNFf4D4G1ZdaNwmfcjLMvFFMOwRHDdESQ -doJcdKNSaqj62FXDoU95niDig0ObzX+SML+2KS/WZqjPiRzi7U/AEb0i+/GeU5m8 -8hKqOsJOZ8DwwuDw/Z7pJBg2nh83Zf4WeY9HAvPddDQgev2IEZEHTzL1wvmsXD85 -arbPbICQ5mTULMoiUjUsf5UmCvt1QvHVVgDeS1uNovKNYHxFM8WLwJYUxSjuSkHo -PlLcjE24t1M8AYOHNSSU5FyFVrT+zJ/OvJ/62UgeO5UXlwKqexfNUT3bll5WP9iV -taNif3JQ02lgD7qw0Xjg9shXBoLr6xuIEbGXmOJuvVMx4LYoQGEJTv7URzkJnb7x -hI4yMSmrOA7HQXyWDuBds1kTpvyiupexZOhHaRSAYPTxuQeRiWc8r3vFJx0ULV6b -CLmQDfczGLMFE5HDpMrT81YSzr6ZNQVNprzKAEpRF+VVUs2idouHgLF/O5SSrtoI -24voyvf2P6/ffKi9+3XtsoysyRjpxtX3B6qimpFvUv0C2wNrVS2FNO36xWv15I9v -AR1LTJzOLE4Jjghi1xxhRe96ydZ1d8IVvykkkvACW3cJqTh3vorwNCEDvhj1D7G+ -dVUKUowAXR0rtzGr6TB6F0AYrQT4jhm0UFLRna2ihGbqDRECS5GrCP9k+aVid5OB -DC8= ------END CERTIFICATE-----