Deploy script: fix media perm, fix /etc/hosts

This commit is contained in:
ABelliqueux 2022-10-20 18:27:26 +02:00
parent 1ebadd5a8d
commit 29b125725e
4 changed files with 80 additions and 36 deletions

View File

@ -38,13 +38,26 @@ sha256 :
* Add media folder sync (scp, rsync, http upload) * Add media folder sync (scp, rsync, http upload)
* General filesystem clean up * General filesystem clean up
# FS checklist
* /etc/dhcpcd.conf
* /etc/ssh/sshd_config
* ~/.ssh/authorized_keys
* ~/Videos/*
* /etc/hostname, /etc/hosts
* /etc/ssl/private/nginx-selfsigned.key
* /etc/ssl/certs/nginx-selfsigned.crt
* /etc/wpa_supplicant/wpa_supplicant.conf
# DOING NEXT : # DOING NEXT :
* ~ Test static IP
* Test with several rpis * Test with several rpis
* Define http auth secret at setup
# DONE : # DONE :
* media sync (scp, rsync, http) * media sync (scp, rsync, http)
* Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs * Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs
* Test static IP ok
# OTHER: # OTHER:
* get_client_rssi.sh on server * get_client_rssi.sh on server
@ -55,7 +68,6 @@ sha256 :
* ? Scripts hotspot linux/win/mac * ? Scripts hotspot linux/win/mac
* ? Config sync * ? Config sync
* ?
* ? Linux Minimal Virtualbox image * ? Linux Minimal Virtualbox image
* ! Remove git personal details/resolv.conf, remove authorized_keys, ssh config, clean home, re-enable ssh pw login * ! Remove git personal details/resolv.conf, remove authorized_keys, ssh config, clean home, re-enable ssh pw login
* ~ Doc * ~ Doc

View File

@ -62,28 +62,33 @@ nmcli con modify $SSID wifi-sec.key-mgmt wpa-psk
nmcli con modify $SSID 802-11-wireless-security.proto rsn nmcli con modify $SSID 802-11-wireless-security.proto rsn
nmcli con modify $SSID 802-11-wireless-security.pairwise ccmp nmcli con modify $SSID 802-11-wireless-security.pairwise ccmp
nmcli con modify $SSID wifi-sec.psk $PASSWD nmcli con modify $SSID wifi-sec.psk $PASSWD
nmcli radio wifi on
nmcli con up $SSID
# 0.a set IP range on server # 0.a set IP range on server
echo -e "Setting IP range in /etc/NetworkManager/system-connections/$SSID.nmconnection ... \n" echo -e "Setting IP range $IP_RANGE/24 in /etc/NetworkManager/system-connections/$SSID.nmconnection ... \n"
#~ sed "/\[ipv4\]/a address1=$IP_RANGE/24, $IP_RANGE" /etc/NetworkManager/system-connections/$SSID.nmconnection sudo sed -i "/method=shared/a address1=$IP_RANGE/24, $IP_RANGE" /etc/NetworkManager/system-connections/$SSID.nmconnection
sudo systemctl restart NetworkManager
nmcli radio wifi on
nmcli con up $SSID
# 0.b ask for number of clients # 0.b ask for number of clients
# This will be used to determine static IP # This will be used to determine static IP
yellow "Nombre de clients à configurer : " yellow "Nombre de clients à configurer : "
read -n 4 CLIENT_NUMBER read -n 4 CLIENT_NUMBER
green "Got $CLIENT_NUMBER...\n" green "Got $CLIENT_NUMBER...\n"
# Get first IP in specified range and add 1 # For some reason networkmanager finds it clever to offer only IPs in range 10-255 even when asked for a /24, /28, etc...
IP=$(echo $IP_RANGE | awk -F. '{print $4}') # So IPs start at 10
# Get first IP in specified range
echo -e "First IP is $(($IP+1)) ...\n" #~ IP=$(echo $IP_RANGE | awk -F. '{print $4}')
FIRST=1
IP=10
echo -e "First IP is $(($RANGE_START)) ...\n"
# Remove IP's last byte # Remove IP's last byte
IP_RANGE_3B=$(echo $IP_RANGE | awk -F. '{print $1"."$2"."$3"."}') IP_RANGE_3B=$(echo $IP_RANGE | awk -F. '{print $1"."$2"."$3"."}')
# Generate SSL cert with IPs in IP_RANGE # Generate SSL cert with IPs in IP_RANGE
IP_CNT=$(($IP+1)) IP_CNT=$IP
IP_ARRAY=() IP_ARRAY=()
while [ $IP_CNT -le $(($CLIENT_NUMBER+$IP)) ] while [ $IP_CNT -lt $(($CLIENT_NUMBER+$IP)) ]
do do
IP_ARRAY+=("IP:$IP_RANGE_3B$IP_CNT") IP_ARRAY+=("IP:$IP_RANGE_3B$IP_CNT")
((IP_CNT++)) ((IP_CNT++))
@ -95,7 +100,7 @@ yellow "Got host list : $HOST_LIST \n"
# https://unix.stackexchange.com/questions/104171/create-ssl-certificate-non-interactively # https://unix.stackexchange.com/questions/104171/create-ssl-certificate-non-interactively
yellow "Generating SSL crt/key for $HOST_LIST...\n" yellow "Generating SSL crt/key for $HOST_LIST...\n"
openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 \ openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 \
-subj "/C=/ST=Denial/L=/O=/CN=$IP_RANGE$IP" \ -subj "/C=/ST=Denial/L=/O=/CN=$IP_RANGE$FIRST" \
-addext "subjectAltName=$HOST_LIST" \ -addext "subjectAltName=$HOST_LIST" \
-keyout "$CONFIG_DIR/selfCA.key" -out "$CONFIG_DIR/selfCA.crt" -keyout "$CONFIG_DIR/selfCA.key" -out "$CONFIG_DIR/selfCA.crt"
#sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" -out "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt" #sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" -out "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt"
@ -104,7 +109,7 @@ openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 \
for HOST in "${IP_ARRAY[@]}" for HOST in "${IP_ARRAY[@]}"
do do
HOST=$(echo $HOST | awk -F: '{print $2}') HOST=$(echo $HOST | awk -F: '{print $2}')
HOST_NAME="videopi-$(echo $HOST | awk -F. '{print $4}')" HOST_NAME="pilpil-$(echo $HOST | awk -F. '{print $4}')"
# 1. Copy img to sd # 1. Copy img to sd
green "Operation 1/13 : Imaging $SDCARD with the file $DISK_IMAGE ...\n" green "Operation 1/13 : Imaging $SDCARD with the file $DISK_IMAGE ...\n"
red "Are you sure you want to ERASE THE CONTENT of $SDCARD ? Type uppercase 'yes' to confirm." red "Are you sure you want to ERASE THE CONTENT of $SDCARD ? Type uppercase 'yes' to confirm."
@ -117,11 +122,11 @@ do
red "Received answer $GO_DD. Running dd on $SDCARD in 5 seconds." red "Received answer $GO_DD. Running dd on $SDCARD in 5 seconds."
sleep 5 sleep 5
GO_DD=0 GO_DD=0
xzcat "$DISK_IMAGE" | sudo dd of=$SDCARD bs="$DD_BS" oflag=dsync status=progress && sync
# unmount / remount new filesystem # unmount / remount new filesystem
green "Operation 2/13 : Unmounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\n" green "Unmounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\n"
umount $BOOT_MOUNT umount $BOOT_MOUNT
umount $ROOTFS_MOUNT umount $ROOTFS_MOUNT
xzcat "$DISK_IMAGE" | sudo dd of=$SDCARD bs="$DD_BS" oflag=dsync status=progress && sync
green "Operation 3/13 : Remounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\n" green "Operation 3/13 : Remounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\n"
echo "Remounting..." echo "Remounting..."
sleep 1 sleep 1
@ -130,6 +135,7 @@ do
green "Operation 4/13 : Changing hostname to $HOST_NAME ...\n" green "Operation 4/13 : Changing hostname to $HOST_NAME ...\n"
# Change hostname # Change hostname
echo "$HOST_NAME" | sudo tee "$ROOTFS_MOUNT/etc/hostname" echo "$HOST_NAME" | sudo tee "$ROOTFS_MOUNT/etc/hostname"
echo -e "127.0.1.1\t$HOST_NAME" | sudo tee -a "$ROOTFS_MOUNT/etc/hosts"
## Enable SSH ## Enable SSH
green "Operation 5/13 : Enabling SSH server on boot ...\n" green "Operation 5/13 : Enabling SSH server on boot ...\n"
touch "$BOOT_MOUNT/ssh" touch "$BOOT_MOUNT/ssh"
@ -154,21 +160,20 @@ do
sync sync
# 3. Configure wifi with static IP # 3. Configure wifi with static IP
green "Operation 9/13 : Configuring wireless connection to $SSID with pw $PASSWD : ...\n" green "Operation 9/13 : Configuring wireless connection to $SSID with pw $PASSWD : ...\n"
echo " echo "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev update_config=1
update_config=1 country=FR
country=FR
network={
network={ ssid=\"$SSID\" # Nom du réseau auquel on se connecte
ssid='$SSID' # Nom du réseau auquel on se connecte psk=\"$PASSWD\" # Mot de passe wifi
psk='$PASSWD' # Mot de passe wifi # Optional parameters
# Optional parameters # scan_ssid=1 # hidden ssid
# scan_ssid=1 # hidden ssid # Specify 2.4 or 5G freq
# Specify 2.4 or 5G freq # https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n910
# https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n910 # https://fr.wikipedia.org/wiki/Liste_des_canaux_Wi-Fi#Bande_2,4_GHz
# https://fr.wikipedia.org/wiki/Liste_des_canaux_Wi-Fi#Bande_2,4_GHz # scan_freq=2412 2437 2462
# scan_freq=2412 2437 2462 }" | sudo tee "$ROOTFS_MOUNT/etc/wpa_supplicant/wpa_supplicant.conf"
}" | sudo tee "$ROOTFS_MOUNT/etc/wpa_supplicant/wpa_supplicant.conf"
sync sync
# Request specific IP to dhcp server # Request specific IP to dhcp server
green "Operation 10/13 : Setting static IP $HOST in $ROOTFS_MOUNT/etc/dhcpcd.conf...\n" green "Operation 10/13 : Setting static IP $HOST in $ROOTFS_MOUNT/etc/dhcpcd.conf...\n"
@ -182,14 +187,17 @@ do
sync sync
# 6. Copy medias # 6. Copy medias
green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n" green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n"
sudo rsync -auv "$LOCAL_MEDIA_DIR/" "$REMOTE_MEDIA_DIR/" USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' )
GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' )
sudo cp "$LOCAL_MEDIA_DIR/*" "$REMOTE_MEDIA_DIR/"
sudo chown $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR/*"
sync sync
# Unmount FS # Unmount FS
green "Operation 13/13 : Unmounting filesystems" green "Operation 13/13 : Unmounting filesystems"
umount $BOOT_MOUNT umount $BOOT_MOUNT
umount $ROOTFS_MOUNT umount $ROOTFS_MOUNT
yellow "Client $IP/$CLIENT_NUMBER done." yellow "Client $(($IP-10))/$CLIENT_NUMBER done."
if [ "$IP" -lt "$CLIENT_NUMBER" ] if [ $(($IP+1)) -le $(($CLIENT_NUMBER+$IP)) ]
then then
red "Please swap sd card in reader and enter uppercase 'yes' to proceed with next client :" red "Please swap sd card in reader and enter uppercase 'yes' to proceed with next client :"
read -n 4 GO_ON read -n 4 GO_ON

View File

@ -10,7 +10,7 @@ media_exts = ["mp4", "avi", "mkv"]
auth = "secret" auth = "secret"
# OnNlY3JldA== # OnNlY3JldA==
cmd_auth = "secret" cmd_auth = "secret"
hosts = ["10.42.0.135", "10.42.0.156"] hosts = ["10.42.0.10", "10.42.0.11"]
# VLC http LUA port # VLC http LUA port
port = 8887 port = 8887
# Clients cmd port # Clients cmd port

View File

@ -393,7 +393,7 @@ server {
listen 443 ssl; listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
server_name example.com; #server_name example.com;
location / { location / {
proxy_pass http://your.ip.adress:5000; proxy_pass http://your.ip.adress:5000;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
@ -407,6 +407,30 @@ server {
``` ```
#### Fix nginx startup fail if /var/log/nginx doesn't exists
In '/etc/nginx/mklogdir.sh' :
```bash
#!/bin/bash
if [[ ! -d /var/log/nginx ]]
then
mkdir /var/log/nginx
systemctl restart nginx
fi
```
then `sudo chmod +x /etc/nginx/mklogdir.sh`.
After that, edit the nginx service unit to add a `ExecStartPre` directive to run the script :
```
sudo systemctl edit --full nginx.service
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/etc/nginx/mklogdir.sh # Add this line
```
### Bash script ### Bash script
```bash ```bash