pilpil
/
pilpil-setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
pilpil-setup/videopi_script.sh

199 lines
7.6 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# Options
# Device block to write on
# TODO : Add flags check
SDCARD=$1
if [ "$SDCARD" == "" ]
then
red "Please specify the SDcard device block, e.g: '/dev/mmcblk0'."
exit 0
fi
DD_BS="128K"
DISK_IMAGE="$HOME/niels/2022-10-09-videopi.img.xz"
CONFIG_DIR="$HOME/niels/flasktest"
PI_USER="pi"
BOOT_MOUNT="/run/media/$USER/boot"
ROOTFS_MOUNT="/run/media/$USER/rootfs"
#~ LOCAL_MEDIA_DIR="$HOME/Videos"
LOCAL_MEDIA_DIR="$HOME/niels/medias"
REMOTE_MEDIA_DIR="$ROOTFS_MOUNT/home/pi/Videos"
IP_RANGE="10.42.0.0"
SSID="omen"
PASSWD="EpQmSmXH123"
IFW="wlo1"
#Band (bg = 2.4Ghz, a= 5Ghz)
BAND="bg"
# Hidden SSID
#~ HIDE="802-11-wireless.hidden false"
# Set channel manually
#~ CHAN="802-11-wireless.channel 1"
#
# Colored output
#~ set +x
bold=$(tput bold)
function red(){
echo -e "${bold}\x1B[31m$1 \x1B[0m"
if [ ! -z "${2}" ]; then
echo -e "\x1B[31m $($2) \x1B[0m"
fi
}
function green(){
echo -e "${bold}\x1B[32m$1 \x1B[0m"
if [ ! -z "${2}" ]; then
echo -e "\x1B[32m $($2) \x1B[0m"
fi
}
function yellow(){
echo -e "${bold}\x1B[33m$1 \x1B[0m"
if [ ! -z "${2}" ]; then
echo -e "\x1B[33m $($2) \x1B[0m"
fi
}
#
# 0. Create AP connection
#
# If connection exists, delete it
nmcli con delete $SSID
nmcli con add type wifi ifname $IFW con-name $SSID autoconnect yes ssid $SSID
nmcli con modify $SSID 802-11-wireless.mode ap 802-11-wireless.band $BAND $CHAN $HIDE ipv4.method shared
nmcli con modify $SSID wifi-sec.key-mgmt wpa-psk
nmcli con modify $SSID 802-11-wireless-security.proto rsn
nmcli con modify $SSID 802-11-wireless-security.pairwise ccmp
nmcli con modify $SSID wifi-sec.psk $PASSWD
nmcli radio wifi on
nmcli con up $SSID
# 0.a set IP range on server
echo -e "Setting IP range in /etc/NetworkManager/system-connections/$SSID.nmconnection ... \n"
#~ sed "/\[ipv4\]/a address1=$IP_RANGE/24, $IP_RANGE" /etc/NetworkManager/system-connections/$SSID.nmconnection
# 0.b ask for number of clients
# This will be used to determine static IP
yellow "Nombre de clients à configurer : "
read -n 4 CLIENT_NUMBER
green "Got $CLIENT_NUMBER...\n"
# Get first IP in specified range and add 1
IP=$(echo $IP_RANGE | awk -F. '{print $4}')
((IP++))
echo -e "First IP is $IP ...\n"
# Remove IP's last byte
IP_RANGE_3B=$(echo $IP_RANGE | awk -F. '{print $1"."$2"."$3"."}')
# Generate SSL cert with IPs in IP_RANGE
IP_CNT=$IP
IP_ARRAY=()
while [ $IP_CNT -le $CLIENT_NUMBER ]
do
IP_ARRAY+=("IP:$IP_RANGE_3B$IP_CNT")
((IP_CNT++))
done
# Convert array to string
HOST_LIST="$(IFS=","; echo "${IP_ARRAY[*]}")"
yellow "Got host list : $HOST_LIST \n"
# 5. Generate valid ssl cert/key for every IP in range
# https://unix.stackexchange.com/questions/104171/create-ssl-certificate-non-interactively
yellow "Generating SSL crt/key for $HOST_LIST...\n"
openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 \
-subj "/C=/ST=Denial/L=/O=/CN=$IP_RANGE$IP" \
-addext "subjectAltName=$HOST_LIST" \
-keyout "$CONFIG_DIR/selfCA.key" -out "$CONFIG_DIR/selfCA.crt"
#sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" -out "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt"
# Proceed with each host
for HOST in "${IP_ARRAY[@]}"
do
HOST=$(echo $HOST | awk -F: '{print $2}')
HOST_NAME="videopi-$(echo $HOST | awk -F. '{print $4}')"
# 1. Copy img to sd
green "Operation 1/13 : Imaging $SDCARD with the file $DISK_IMAGE ...\n"
red "Are you sure you want to erase the content of $SDCARD ? Type uppercase 'yes' to confirm."
read -n 4 GO_DD
if [ "$GO_DD" != "YES" ]
then
red "Answer was different from 'YES'. Aborting..."
break
fi
red "Received answer $GO_DD. Running dd on $SDCARD in 5 seconds."
sleep 5
GO_DD=0
xzcat "$DISK_IMAGE" | sudo dd of=$SDCARD bs="$DD_BS" oflag=dsync status=progress && sync
# unmount / remount new filesystem
green "Operation 2/13 : Unmounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\n"
umount $BOOT_MOUNT
umount $ROOTFS_MOUNT
green "Operation 3/13 : Remounting $BOOT_MOUNT and $ROOTFS_MOUNT ...\n"
systemctl --user restart gvfs-udisks2-volume-monitor
green "Operation 4/13 : Changing hostname to $HOST_NAME ...\n"
# Change hostname
echo "$HOST_NAME" | tee "$ROOTFS_MOUNT/etc/hostname"
## Enable SSH
green "Operation 5/13 : Enabling SSH server on boot ...\n"
touch "$BOOT_MOUNT/ssh"
## Generate SSH private/public key and install it - Disable passwd login
green "Operation 6/13 : Generating private/public SSH key as $HOME/.ssh/$HOST_NAME ...\n"
ssh-keygen -t ed25519 -f "$HOME/.ssh/$HOST_NAME" -N ""
red "New SSH key pair generated as $HOME/.ssh/$HOST_NAME. Add to ~/.ssh/config ? (y/n)"
read -n 2 ADD_SSH_CONF
if [ "$ADD_SSH_CONF" == "y" ]
then
# Add to ~/.ssh/config
echo -e "Host $HOST\n\tIdentityFile ~/.ssh/$HOST_NAME\n\tUser $PI_USER" | tee -a "$HOME/.ssh/config"
fi
# Copy public key to rpi
green "Operation 7/13 : Installing public SSH key $HOME/.ssh/$HOST.pub in $ROOTFS_MOUNT/home/pi/.ssh/authorized_keys...\n"
sudo cp "$HOME/.ssh/$HOST_NAME.pub" "$ROOTFS_MOUNT/home/pi/.ssh/authorized_keys"
# Disable PW login
green "Operation 8/13 : Disabling SSH password based login in $ROOTFS_MOUNT/etc/ssh/sshd_config ...\n"
echo -e "PasswordAuthentication no\nChallengeResponseAuthentication no\nUsePAM no" | sudo tee -a "$ROOTFS_MOUNT/etc/ssh/sshd_config"
# 3. Configure wifi with static IP
green "Operation 9/13 : Configuring wireless connection to $SSID with pw $PASSWD : ...\n"
echo "
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=FR
network={
ssid='$SSID' # Nom du réseau auquel on se connecte
psk='$PASSWD' # Mot de passe wifi
# Optional parameters
# scan_ssid=1 # hidden ssid
# Specify 2.4 or 5G freq
# https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n910
# https://fr.wikipedia.org/wiki/Liste_des_canaux_Wi-Fi#Bande_2,4_GHz
# scan_freq=2412 2437 2462
}" | sudo tee "$ROOTFS_MOUNT/etc/wpa_supplicant/wpa_supplicant.conf"
# Request specific IP to dhcp server
green "Operation 10/13 : Setting static IP $HOST in $ROOTFS_MOUNT/etc/dhcpcd.conf...\n"
echo -e "interface wlan0\nrequest $HOST" | sudo tee -a "$ROOTFS_MOUNT/etc/dhcpcd.conf"
# 5. Install previously generated SSL key/crt
#sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" -out "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt"
green "Operation 11/13 : Installing public SSH key $CONFIG_DIR/selfCA.crt in $ROOTFS_MOUNT/etc/ssl/certs/ ...\n"
sudo cp "$CONFIG_DIR/selfCA.crt" "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt"
sudo cp "$CONFIG_DIR/selfCA.key" "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key"
# 6. Copy medias
green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n"
rsync -auv "$LOCAL_MEDIA_DIR/" "$REMOTE_MEDIA_DIR/"
# Unmount FS
green "Operation 13/13 : Unmounting filesystems"
umount $BOOT_MOUNT
umount $ROOTFS_MOUNT
yellow "Client $IP/$CLIENT_NUMBER done."
if [ "$IP" -lt "$CLIENT_NUMBER" ]
then
red "Please swap sd card in reader and enter uppercase 'yes' to proceed with next client :"
read -n 4 GO_ON
if [ "$GO_ON" != "YES" ]
then
red "Answer was different from 'YES'. Aborting...\n"
break
fi
GO_ON=0
((IP++))
else
green "All done !"
exit 1
fi
done
yellow "Nothing more to do."
exit 0
#~ rm "$CONFIG_DIR/selfCA.key"
Reference in New Issue View Git Blame Copy Permalink