From 2ecfc3597f6416bc7fb24fc33e6e627da3166146 Mon Sep 17 00:00:00 2001 From: ABelliqueux Date: Fri, 28 Oct 2022 19:02:46 +0200 Subject: [PATCH] Generate http auth secret and install it --- defaults.toml | 4 +-- linux_server_deploy.sh | 59 +++++++++++++++++++++++++++++------------- 2 files changed, 43 insertions(+), 20 deletions(-) diff --git a/defaults.toml b/defaults.toml index 4ab50c5..01093bf 100644 --- a/defaults.toml +++ b/defaults.toml @@ -7,8 +7,8 @@ sync_facility = "http" media_folder_local = "~/Videos" media_folder_remote = "~/Videos" media_exts = [] -auth = "" -cmd_auth = "" +auth = "secret" +cmd_auth = "secret" hosts = [] # VLC http LUA port port = 0 diff --git a/linux_server_deploy.sh b/linux_server_deploy.sh index 32c894a..eece9bd 100755 --- a/linux_server_deploy.sh +++ b/linux_server_deploy.sh @@ -1,5 +1,22 @@ -#!/bin/bash +#!/usr/bin/env bash # +# +# https://sharats.me/posts/shell-script-best-practices/ +set -o errexit +set -o nounset +set -o pipefail +if [[ "${TRACE-0}" == "1" ]]; then set -o xtrace; fi +# Change to script dir +cd "$(dirname "$0")" +# +if [[ "${1-}" =~ ^-*h(elp)?$ ]]; then + echo 'Usage: ./pilpil-server.sh path_to_device + +This is an awesome bash script to make your life better. + +' + exit +fi # Options # Device block to write on # Colored output @@ -26,35 +43,37 @@ function yellow(){ SDCARD=$1 # TODO : accomodate for devices block with name mmcblk0p1|p2 -if [ "$SDCARD" == "" ] || [ ! -e "$SDCARD" ] +if [[ "$SDCARD" == "" ]] || [[ ! -e "$SDCARD" ]] then - red "Please specify an existing device block for your sd-card, e.g: '/dev/sda'." + red "Please specify an existing device block for your sd-card, e.g: '/dev/sda'." >&2 exit 0 fi DD_BS="128K" DISK_IMAGE="$HOME/niels/imgs/2022-10-25-pilpil-WIP.img.xz" -if [ ! -f "$DISK_IMAGE" ] +if [[ ! -f "$DISK_IMAGE" ]] then - red "Disk image not found, aborting..." + red "Disk image not found, aborting..." >&2 exit 0 fi CONFIG_DIR="$HOME/niels/pilpil-server" -if [ ! -d "$CONFIG_DIR" ] +if [[ ! -d "$CONFIG_DIR" ]] then - red "Config directory not found, aborting..." + red "Config directory not found, aborting..." >&2 exit 0 fi +HTTP_SECRET=$(openssl rand -base64 12) PI_USER="pil" BOOT_MOUNT="/run/media/$USER/boot" ROOTFS_MOUNT="/run/media/$USER/rootfs" #~ LOCAL_MEDIA_DIR="$HOME/Videos" LOCAL_MEDIA_DIR="$HOME/niels/medias" -if [ ! -d "$LOCAL_MEDIA_DIR" ] +if [[ ! -d "$LOCAL_MEDIA_DIR" ]] then - red "Medias directory not found, aborting..." + red "Medias directory not found, aborting..." >&2 exit 0 fi REMOTE_MEDIA_DIR="$ROOTFS_MOUNT/home/$PI_USER/Videos" +# WIFI AP config IP_RANGE="10.42.0.1" SSID="omen" PASSWD="EpQmSmXH123" @@ -105,7 +124,7 @@ IP_RANGE_3B=$(echo $IP_RANGE | awk -F. '{print $1"."$2"."$3"."}') # Generate SSL cert with IPs in IP_RANGE IP_CNT=$IP IP_ARRAY=() -while [ $IP_CNT -lt $(($CLIENT_NUMBER+$IP)) ] +while [[ "$IP_CNT" -lt $(($CLIENT_NUMBER+$IP)) ]] do IP_ARRAY+=("IP:$IP_RANGE_3B$IP_CNT") ((IP_CNT++)) @@ -131,9 +150,9 @@ do green "Operation 1/13 : Imaging $SDCARD with the file $DISK_IMAGE ...\n" red "Are you sure you want to ERASE THE CONTENT of $SDCARD ? Type uppercase 'yes' to confirm." read -n 4 GO_DD - if [ "$GO_DD" != "YES" ] + if [[ "$GO_DD" != "YES" ]] then - red "Answer was different from 'YES'. Aborting..." + red "Answer was different from 'YES'. Aborting..." >&2 break fi red "Received answer $GO_DD. Running dd on $SDCARD in 5 seconds." @@ -164,7 +183,7 @@ do ssh-keygen -t ed25519 -f "$HOME/.ssh/$HOST_NAME" -N "" red "New SSH key pair generated as $HOME/.ssh/$HOST_NAME. Add to ~/.ssh/config ? (y/n)" read -n 2 ADD_SSH_CONF - if [ "$ADD_SSH_CONF" == "y" ] + if [[ "$ADD_SSH_CONF" == "y" ]] then # Add to ~/.ssh/config echo -e "\nHost $HOST_NAME\n\tHostname $HOST\n\tIdentityFile ~/.ssh/$HOST_NAME\n\tUser $PI_USER" | tee -a "$HOME/.ssh/config" @@ -204,10 +223,14 @@ network={ sudo cp "$CONFIG_DIR/selfCA.crt" "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt" sudo cp "$CONFIG_DIR/selfCA.key" "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" sync + #~ Change VLC/pilpil http auth secret + sed -i "s:secret:$HTTP_SECRET:g" "$CONFIG_DIR/pilpil-server.toml" + sed -i "s:secret:$HTTP_SECRET:g" "$ROOTFS_MOUNT/home/pil/.config/systemd/user/vlc.service" + sed -i "s:secret:$HTTP_SECRET:g" "$ROOTFS_MOUNT/home/pil/pilpil-client/defaults.toml" #~ # 6. Copy medias green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n" # Remove filler file - if [ -f "$REMOTE_MEDIA_DIR/remove_me" ] + if [[ -f "$REMOTE_MEDIA_DIR/remove_me" ]] then sudo rm "$REMOTE_MEDIA_DIR/remove_me" fi @@ -216,7 +239,7 @@ network={ # Get Media folder size MEDIA_SIZE=$(du -c $LOCAL_MEDIA_DIR | tail -1 | awk '{print $1}') # Only copy files if enough space available - if [ $MEDIA_SIZE -lt $ROOTFS_AVAILABLE_SPACE ] + if [[ "$MEDIA_SIZE" -lt "$ROOTFS_AVAILABLE_SPACE" ]] then USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' ) GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' ) @@ -224,20 +247,20 @@ network={ sudo chown -R $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR" sync else - red "Not enough space on $ROOTFS_MOUNT, skipping..." + red "Not enough space on $ROOTFS_MOUNT, skipping..." fi # Unmount FS green "Operation 13/13 : Unmounting filesystems" umount $BOOT_MOUNT umount $ROOTFS_MOUNT yellow "Client $(($IP-9))/$CLIENT_NUMBER done." - if [ $IP -le $IP_CNT ] + if [[ "$IP" -le "$IP_CNT" ]] then red "Please swap sd card in reader and enter uppercase 'yes' to proceed with next client or hit Ctrl-C:" read -n 4 GO_ON if [ "$GO_ON" != "YES" ] then - red "Answer was different from 'YES'. Aborting...\n" + red "Answer was different from 'YES'. Aborting...\n" >&2 break fi GO_ON=0