├── scripts ├── hostapd │ ├── wpa-eap │ │ ├── hostapd.eap_user │ │ ├── hostapd.conf │ │ └── certs │ │ │ ├── xpextensions │ │ │ ├── client.cnf │ │ │ ├── server.cnf │ │ │ ├── ca.cnf │ │ │ ├── bootstrap │ │ │ ├── Makefile │ │ │ └── README │ ├── dnsmasq.conf │ ├── wpa-psk │ │ └── hostapd.conf │ ├── radvd.conf │ ├── hostapd.service │ ├── nat.sh │ ├── uninstall │ ├── wpa-patch.diff │ └── install ├── extra-tools │ ├── uninstall │ └── install ├── h-ntp │ ├── uninstall │ └── install ├── h-dns │ ├── uninstall │ └── install ├── ipfs-pi-stream │ ├── audio.jpg │ ├── process-stream.service │ ├── uninstall │ ├── enable-camera.sh │ ├── install │ └── process-stream.sh ├── firewall │ ├── uninstall │ ├── install │ ├── rules.v4 │ └── rules.v6 ├── shared │ ├── node.js │ │ ├── uninstall │ │ └── install │ ├── confset │ │ ├── uninstall │ │ ├── install │ │ └── confset.sh │ ├── nodeinfo │ │ ├── uninstall │ │ ├── nodeinfo-update.sh │ │ ├── nodeinfo.json │ │ └── install │ └── hostname │ │ └── install ├── ssb-patchfoo │ ├── config │ ├── ssb-patchfoo.conf │ └── install ├── nginx │ ├── main.conf │ ├── cgi-bin.conf │ ├── peers-yggdrasil │ ├── uninstall │ ├── common.css │ ├── index.html │ ├── peers-cjdns │ ├── common.js │ ├── install │ ├── map.js │ └── vis-network.min.css ├── yggdrasil-iptunnel │ ├── yggdrasil-iptunnel.service │ ├── uninstall │ ├── install │ └── yggdrasil-setup ├── grafana │ ├── datasource.json │ ├── uninstall │ └── install ├── mesh-adhoc │ ├── mesh-adhoc.service │ ├── uninstall │ ├── install │ └── mesh-adhoc ├── mesh-point │ ├── mesh-point.service │ ├── uninstall │ ├── install │ └── mesh-point ├── prometheus-server │ ├── uninstall │ ├── prometheus-server.service │ └── install ├── ssb │ ├── ssb.service │ ├── ssb-broadcast.service │ ├── uninstall │ ├── install │ └── ssb-broadcast-service.sh ├── yrd │ ├── yrd.service │ ├── uninstall │ └── install ├── prometheus-node-exporter │ ├── uninstall │ ├── prometheus-node-exporter.service │ ├── node-exporter-tomesh.service │ ├── install │ └── nodestats-tomesh.py ├── cjdns-iptunnel │ ├── uninstall │ ├── install │ └── cjdns-setup ├── ssb-web-pi │ ├── ssb-web-pi-broadcast.service │ ├── ssb-web-pi.conf │ ├── uninstall │ ├── ssb-web-pi-broadcast-service.sh │ └── install ├── extra-tools-netcat │ └── install ├── watchdog │ ├── install │ └── uninstall ├── ipfs │ ├── ipfs.service │ ├── nodeinfo-ipfs │ ├── ipfs-http-gateway.conf │ ├── uninstall │ ├── ipfs-swarm.sh │ └── install ├── yggdrasil │ ├── uninstall │ └── install ├── cjdns │ ├── uninstall │ └── install ├── uninstall ├── install ├── status └── functions.sh ├── contrib ├── set-mesh-repo │ ├── armbian-default-armbian.list │ ├── armbian-armbian.list │ ├── raspbian-default-raspi.list │ ├── raspbian-raspi.list │ ├── raspbian-default-sources.list │ ├── raspbian-sources.list │ ├── debian-default-sources.list │ ├── debian-sources.list │ └── set-repo.sh ├── GeoLocation │ ├── install.sh │ ├── geo.php │ └── nodeinfo-geolocation ├── batman-adv │ └── batman-adv-mesh.sh ├── github-setup │ └── setid.sh ├── node-exporter-ubiquiti │ ├── uninstall │ ├── node-exporter-ubiquiti.service │ ├── install │ └── nodestats-ubiquiti.py ├── tmate │ ├── README.md │ └── install-tmate.sh ├── captive-portal │ ├── install-nodogsplash.sh │ ├── nodogsplash.conf │ └── README.md ├── pi-stream │ └── install-sdr-drivers.sh ├── board-espressobin │ └── config.sh ├── ipfs-usb │ └── movestore ├── offline │ └── redirect-port-80.sh ├── ramdisk-overlay │ └── raspbian.sh └── mesh-cleanlinks │ └── mesh-cleanlinks.sh ├── travis ├── jessie │ └── Dockerfile └── latest │ └── Dockerfile ├── .travis.yml ├── docs ├── TROUBLESHOOT.md └── FAQ.md └── README.md /scripts/hostapd/wpa-eap/hostapd.eap_user: -------------------------------------------------------------------------------- 1 | * PEAP,TTLS 2 | -------------------------------------------------------------------------------- /scripts/extra-tools/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Nothing to uninstall -------------------------------------------------------------------------------- /scripts/hostapd/dnsmasq.conf: -------------------------------------------------------------------------------- 1 | dhcp-range=10.0.0.2,10.0.0.254,255.255.255.0,4h 2 | bind-interfaces 3 | -------------------------------------------------------------------------------- /scripts/h-ntp/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | sudo sed -i '/pool /d' /etc/ntp.conf -------------------------------------------------------------------------------- /scripts/h-dns/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | sudo rm -rf /etc/network/interfaces.d/dns 6 | -------------------------------------------------------------------------------- /scripts/ipfs-pi-stream/audio.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tomeshnet/prototype-cjdns-pi/HEAD/scripts/ipfs-pi-stream/audio.jpg -------------------------------------------------------------------------------- /contrib/set-mesh-repo/armbian-default-armbian.list: -------------------------------------------------------------------------------- 1 | deb http://apt.armbian.com __CODENAME__ main __CODENAME__-utils __CODENAME__-desktop 2 | -------------------------------------------------------------------------------- /scripts/firewall/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | sudo rm -f /etc/iptables/rules.v4 6 | sudo rm -f /etc/iptables/rules.v6 7 | -------------------------------------------------------------------------------- /scripts/shared/node.js/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | sudo apt-get remove nodejs -y || true 6 | sudo rm -rf /bin/node /bin/nodejs -------------------------------------------------------------------------------- /scripts/ssb-patchfoo/config: -------------------------------------------------------------------------------- 1 | { 2 | "plugins": { 3 | "ssb-private": true, 4 | "ssb-backlinks": true, 5 | "patchfoo": true 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /contrib/set-mesh-repo/armbian-armbian.list: -------------------------------------------------------------------------------- 1 | deb http://__PREFIX__.mirror.tomesh.net/armbian/apt/ __CODENAME__ main __CODENAME__-utils __CODENAME__-desktop 2 | -------------------------------------------------------------------------------- /scripts/shared/confset/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Dependencies 4 | sudo apt-get -y remove confget 5 | sudo rm -rf /usr/local/bin/confset 6 | -------------------------------------------------------------------------------- /scripts/nginx/main.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | listen [::]:80; 4 | include /etc/nginx/site-path-enabled/*.conf; 5 | root /var/www/html; 6 | } 7 | -------------------------------------------------------------------------------- /travis/jessie/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM resin/rpi-raspbian:jessie 2 | 3 | COPY qemu-arm-static /usr/bin/qemu-arm-static 4 | RUN apt-get update \ 5 | && apt-get install -y wget -------------------------------------------------------------------------------- /travis/latest/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM resin/rpi-raspbian:latest 2 | 3 | COPY qemu-arm-static /usr/bin/qemu-arm-static 4 | RUN apt-get update \ 5 | && apt-get install -y wget -------------------------------------------------------------------------------- /scripts/yggdrasil-iptunnel/yggdrasil-iptunnel.service: -------------------------------------------------------------------------------- 1 | [Service] 2 | CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW 3 | ExecStartPost=/usr/local/sbin/yggdrasil-setup 4 | -------------------------------------------------------------------------------- /scripts/grafana/datasource.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "prometheus", 3 | "type": "prometheus", 4 | "url": "http://localhost:9090", 5 | "access": "proxy", 6 | "isDefault": true 7 | } -------------------------------------------------------------------------------- /scripts/hostapd/wpa-psk/hostapd.conf: -------------------------------------------------------------------------------- 1 | interface=wlan-ap 2 | hw_mode=g 3 | channel=11 4 | auth_algs=1 5 | wpa=2 6 | wpa_key_mgmt=WPA-PSK 7 | wpa_pairwise=CCMP 8 | rsn_pairwise=CCMP 9 | -------------------------------------------------------------------------------- /scripts/extra-tools/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Install non-essential tools useful for network analysis 6 | sudo apt-get install vim socat oping bmon iperf3 -y 7 | -------------------------------------------------------------------------------- /contrib/GeoLocation/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt-get install -y jq 3 | sudo cp "nodeinfo-geolocation" /opt/tomesh/nodeinfo.d/geolocation 4 | sudo chmod +x /opt/tomesh/nodeinfo.d/geolocation 5 | -------------------------------------------------------------------------------- /scripts/hostapd/radvd.conf: -------------------------------------------------------------------------------- 1 | interface wlan-ap { 2 | AdvSendAdvert on; 3 | MaxRtrAdvInterval 30; 4 | prefix fdfc::/64 5 | { 6 | AdvOnLink on; 7 | AdvAutonomous on; 8 | }; 9 | }; 10 | -------------------------------------------------------------------------------- /contrib/batman-adv/batman-adv-mesh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Install batman adv 4 | sudo apt-get install -y batctl 5 | 6 | # Configure batman-adv 7 | sudo modprobe batman-adv 8 | sudo batctl if add wlan0 9 | sudo ifconfig bat0 up 10 | -------------------------------------------------------------------------------- /scripts/nginx/cgi-bin.conf: -------------------------------------------------------------------------------- 1 | location /cgi-bin/ { 2 | gzip off; 3 | root /var/www/html; 4 | fastcgi_pass unix:/var/run/fcgiwrap.socket; 5 | include /etc/nginx/fastcgi_params; 6 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 7 | } -------------------------------------------------------------------------------- /contrib/set-mesh-repo/raspbian-default-raspi.list: -------------------------------------------------------------------------------- 1 | deb http://archive.raspberrypi.org/debian/ __CODENAME__ main ui 2 | # Uncomment line below then 'apt-get update' to enable 'apt-get source' 3 | #deb-src http://archive.raspberrypi.org/debian/ __CODENAME__ main ui 4 | -------------------------------------------------------------------------------- /scripts/yggdrasil-iptunnel/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Uninstall scripts that configure yggdrasil iptunnel 6 | sudo rm /usr/local/sbin/yggdrasil-setup 7 | sudo rm /etc/systemd/system/yggdrasil.service.d/iptunnel.conf 8 | sudo systemctl daemon-reload 9 | -------------------------------------------------------------------------------- /contrib/github-setup/setid.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ -z "$1" ] && [ -z "$2" ]; then 4 | echo Syntax 5 | echo setid \[git-hub login\] 6 | exit 0 7 | fi 8 | 9 | git config --global user.email "$1@users.noreply.github.com" 10 | git config --global user.name "$1" 11 | -------------------------------------------------------------------------------- /contrib/set-mesh-repo/raspbian-raspi.list: -------------------------------------------------------------------------------- 1 | deb http://__PREFIX__.mirror.tomesh.net/raspberrypi/debian/ __CODENAME__ main ui 2 | # Uncomment line below then 'apt-get update' to enable 'apt-get source' 3 | #deb-src http://__PREFIX__.mirror.tomesh.net/raspberrypi/debian/ __CODENAME__ main ui 4 | -------------------------------------------------------------------------------- /scripts/mesh-adhoc/mesh-adhoc.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Mesh Ad-hoc Service 3 | Wants=network.target 4 | After=network.target 5 | 6 | [Service] 7 | Type=idle 8 | ExecStart=/usr/bin/mesh-adhoc 9 | Restart=on-failure 10 | RestartSec=10s 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /scripts/mesh-point/mesh-point.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Mesh Point Service 3 | Wants=network.target 4 | After=network.target 5 | 6 | [Service] 7 | Type=idle 8 | ExecStart=/usr/bin/mesh-point 9 | Restart=on-failure 10 | RestartSec=10s 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /contrib/set-mesh-repo/raspbian-default-sources.list: -------------------------------------------------------------------------------- 1 | deb http://raspbian.raspberrypi.org/raspbian/ __CODENAME__ main contrib non-free rpi 2 | # Uncomment line below then 'apt-get update' to enable 'apt-get source' 3 | #deb-src http://raspbian.raspberrypi.org/raspbian/ __CODENAME__ main contrib non-free rpi 4 | -------------------------------------------------------------------------------- /contrib/node-exporter-ubiquiti/uninstall: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | sudo rm -f "/opt/tomesh/nodestats-tomesh.py" 4 | sudo systemctl disable node-exporter-ubiquiti.service 5 | sudo systemctl stop node-exporter-ubiquiti.service 6 | sudo rm -f /etc/systemd/system/node-exporter-ubiquiti.service 7 | sudo systemctl daemon-reload 8 | -------------------------------------------------------------------------------- /scripts/shared/nodeinfo/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | sudo sed -i 'd#/usr/local/bin/nodeinfo-update.sh#' /etc/rc.local 4 | 5 | sudo rm -rf /usr/local/bin/nodeinfo-update.sh || true 6 | sudo rm -rf /opt/tomesh/nodeinfo.json || true 7 | sudo rm -rf /opt/tomesh/nodeinfo.d || true 8 | sudo apt-get remove -y jq 9 | -------------------------------------------------------------------------------- /contrib/set-mesh-repo/raspbian-sources.list: -------------------------------------------------------------------------------- 1 | deb http://__PREFIX__.mirror.tomesh.net/raspbian/raspbian __CODENAME__ main contrib non-free rpi 2 | # Uncomment line below then 'apt-get update' to enable 'apt-get source' 3 | #deb-src http://__PREFIX__.mirror.tomesh.net/raspbian/raspbian __CODENAME__ main contrib non-free rpi 4 | -------------------------------------------------------------------------------- /scripts/nginx/peers-yggdrasil: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | echo -e "Content-type: text/html\n\n"; 3 | 4 | if [ -z "$(which yggdrasilctl)" ]; then 5 | echo "{}" 6 | exit 0 7 | fi 8 | 9 | res=$(yggdrasilctl --json getPeers 2>/dev/null) 10 | 11 | if [[ $res == *"Fatal error"* ]]; then 12 | echo "{}" 13 | else 14 | echo $res 15 | fi 16 | -------------------------------------------------------------------------------- /scripts/shared/confset/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | LAST_BASE="$BASE_DIR" 6 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 7 | 8 | # Dependencies 9 | sudo apt-get -y install confget 10 | sudo cp -f "$BASE_DIR/confset.sh" /usr/local/bin/confset 11 | sudo chmod a+x /usr/local/bin/confset 12 | 13 | BASE_DIR="$LAST_BASE" -------------------------------------------------------------------------------- /scripts/mesh-adhoc/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Uninstall Mesh Ah-hoc interface 6 | sudo systemctl disable mesh-adhoc.service 2>/dev/null || true 7 | sudo systemctl stop mesh-adhoc.service 2>/dev/null || true 8 | sudo systemctl daemon-reload 9 | sudo rm -f /usr/bin/mesh-adhoc 10 | sudo rm -f /etc/systemd/system/mesh-adhoc.service 11 | -------------------------------------------------------------------------------- /scripts/mesh-point/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Uninstall Mesh Point interface 6 | sudo systemctl disable mesh-point.service 2>/dev/null || true 7 | sudo systemctl stop mesh-point.service 2>/dev/null || true 8 | sudo systemctl daemon-reload 9 | sudo rm -f /usr/bin/mesh-point 10 | sudo rm -f /etc/systemd/system/mesh-point.service 11 | -------------------------------------------------------------------------------- /scripts/nginx/uninstall: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | sudo rm -rf /etc/nginx/sites-available/main.conf || true 4 | sudo rm -rf /etc/nginx/sites-enabled/main.conf || true 5 | sudo rm /etc/nginx/sites-enabled/default || true 6 | sudo rm -rf /etc/nginx/site-path-enabled || true 7 | sudo apt-get purge nginx -y 8 | sudo apt-get purge nginx-* libnginx-* -y 9 | sudo rm -rf /var/www/html 10 | -------------------------------------------------------------------------------- /scripts/prometheus-server/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Uninstall Prometheus Server 6 | sudo systemctl disable prometheus-server.service 2>/dev/null || true 7 | sudo systemctl stop prometheus-server.service 2>/dev/null || true 8 | sudo systemctl daemon-reload 9 | sudo rm -rf /opt/prometheus 10 | sudo rm -f /etc/systemd/system/prometheus-server.service -------------------------------------------------------------------------------- /scripts/ssb/ssb.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Scuttlebot (SSB) daemon 3 | Wants=network.target 4 | After=network.target 5 | 6 | [Service] 7 | User=__USER__ 8 | Group=__USER__ 9 | Type=simple 10 | ExecStart=/usr/bin/ssb-server start 11 | ExecStop=/bin/kill -s QUIT $MAINPID 12 | Restart=on-failure 13 | RestartSec=10s 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /scripts/yrd/yrd.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=yrd: cjdroute configuration utils 3 | Requires=cjdns.service 4 | After=cjdns.service 5 | 6 | [Service] 7 | Type=oneshot 8 | ProtectHome=true 9 | ProtectSystem=true 10 | ExecStart=/usr/local/bin/yrd start --attach 11 | ExecStop=/bin/kill -s QUIT $MAINPID 12 | RemainAfterExit=true 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | -------------------------------------------------------------------------------- /scripts/ipfs-pi-stream/process-stream.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Service to process RTMP stream 3 | Wants=network.target 4 | After=ipfs.service 5 | 6 | [Service] 7 | Type=simple 8 | User=pi 9 | Group=pi 10 | ExecStart=/usr/bin/process-stream.sh 11 | ExecStop=/bin/kill -s QUIT $MAINPID 12 | Restart=on-failure 13 | RestartSec=10s 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /scripts/ssb/ssb-broadcast.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Scuttlebot (SSB) Service 3 | Wants=network.target 4 | After=ssb.service 5 | 6 | [Service] 7 | User=__USER__ 8 | Group=__USER__ 9 | Type=simple 10 | ExecStart=/usr/local/bin/ssb-broadcast-service.sh 11 | ExecStop=/bin/kill -s QUIT $MAINPID 12 | Restart=on-failure 13 | RestartSec=10s 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /contrib/tmate/README.md: -------------------------------------------------------------------------------- 1 | # tmate terminal sharing 2 | 3 | This installs a statically linked copy of tmate. 4 | 5 | To use: 6 | 7 | - Make sure you are connected to the internet 8 | - Run `tmate` 9 | - On the yellow bar note the hash before `@` symbol, e.g. `ssh kukBdPDnaYObQmyFxMyBzSp3o@to2.tmate.io` 10 | - Tell your remote party the website to visit, e.g. `https://tmate.io/t/kukBdPDnaYObQmyFxMyBzSp3o` 11 | -------------------------------------------------------------------------------- /contrib/node-exporter-ubiquiti/node-exporter-ubiquiti.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Prometheus Node Exporter daemon addons 3 | Wants=network.target 4 | After=network.target 5 | 6 | [Service] 7 | Type=simple 8 | ExecStart=/usr/bin/python /opt/tomesh/nodestats-ubiquity.py 9 | ExecStop=/bin/kill -s QUIT $MAINPID 10 | Restart=on-failure 11 | RestartSec=10s 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | 16 | -------------------------------------------------------------------------------- /scripts/prometheus-node-exporter/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Uninstall Prometheus Node Exporter 6 | sudo systemctl disable prometheus-node-exporter.service 2>/dev/null || true 7 | sudo systemctl stop prometheus-node-exporter.service 2>/dev/null || true 8 | sudo systemctl daemon-reload 9 | sudo rm -f /usr/local/bin/node_exporter 10 | sudo rm -f /etc/systemd/system/prometheus-node-exporter.service -------------------------------------------------------------------------------- /contrib/tmate/install-tmate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | wget https://github.com/tmate-io/tmate/releases/download/2.2.1/tmate-2.2.1-static-linux-armv7l.tar.gz 4 | tar xvfz tmate-2.2.1-static-linux-armv7l.tar.gz -C /tmp 5 | sudo mv /tmp/tmate-2.2.1-static-linux-armv7l/tmate /usr/local/bin 6 | rm -rf /tmp/tmate-2.2.1-static-linux-armv7l 7 | 8 | # Generate RSA key pair for tmate SSH session 9 | ssh-keygen -t rsa -f ~/.ssh/id_rsa -N '' 10 | -------------------------------------------------------------------------------- /scripts/cjdns-iptunnel/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Uninstall scripts that configure cjdns iptunnel 6 | sudo rm /usr/local/sbin/cjdns-setup 7 | if [ -f /lib/systemd/system/cjdns.service ]; then 8 | sudo sed -i /ExecStartPost/d /lib/systemd/system/cjdns.service 9 | fi 10 | if [ -f /etc/systemd/system/cjdns.service ]; then 11 | sudo sed -i /ExecStartPost/d /etc/systemd/system/cjdns.service 12 | fi -------------------------------------------------------------------------------- /scripts/hostapd/wpa-eap/hostapd.conf: -------------------------------------------------------------------------------- 1 | interface=wlan-ap 2 | hw_mode=g 3 | channel=11 4 | auth_algs=1 5 | wpa=3 6 | wpa_key_mgmt=WPA-EAP 7 | ieee8021x=1 8 | 9 | eap_server=1 10 | eap_user_file=/etc/hostapd/hostapd.eap_user 11 | 12 | ca_cert=/etc/hostapd/ca.pem 13 | server_cert=/etc/hostapd/server.pem 14 | private_key=/etc/hostapd/server.pem 15 | private_key_passwd=whatever 16 | 17 | wpa_pairwise=CCMP 18 | rsn_pairwise=CCMP 19 | -------------------------------------------------------------------------------- /scripts/ssb-patchfoo/ssb-patchfoo.conf: -------------------------------------------------------------------------------- 1 | location /patchfoo { 2 | proxy_pass http://127.0.0.1:8027/; 3 | proxy_set_header Host $host; 4 | proxy_set_header X-Real-IP $remote_addr; 5 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 6 | proxy_set_header X-Forwarded-Proto $scheme; 7 | sub_filter "=\"/" "=\"/patchfoo/"; 8 | sub_filter_once off; 9 | } 10 | -------------------------------------------------------------------------------- /scripts/ssb-web-pi/ssb-web-pi-broadcast.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Scuttlebot Broadcast Service for ssb-web-pi 3 | Wants=network.target 4 | After=ssb.service 5 | 6 | [Service] 7 | User=__USER__ 8 | Group=__USER__ 9 | Type=simple 10 | ExecStart=/usr/local/bin/ssb-web-pi-broadcast-service.sh 11 | ExecStop=/bin/kill -s QUIT $MAINPID 12 | Restart=on-failure 13 | RestartSec=10s 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /scripts/yrd/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Uninstall yrd 6 | sudo systemctl disable yrd 2>/dev/null || true 7 | sudo systemctl stop yrd 2>/dev/null || true 8 | sudo systemctl daemon-reload 9 | sudo pip3 uninstall -y yrd || true 10 | sudo apt-get remove -y python3-argh python3-pip python3-requests python3 11 | sudo rm -f /etc/systemd/system/yrd.service || true 12 | sudo rm -f /usr/local/bin/yrd || true 13 | -------------------------------------------------------------------------------- /scripts/prometheus-node-exporter/prometheus-node-exporter.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Prometheus Node Exporter daemon 3 | Wants=network.target 4 | After=network.target 5 | 6 | [Service] 7 | Type=simple 8 | ExecStart=/usr/local/bin/node_exporter --collector.textfile.directory /var/lib/node_exporter 9 | ExecStop=/bin/kill -s QUIT $MAINPID 10 | Restart=on-failure 11 | RestartSec=10s 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /scripts/extra-tools-netcat/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | # Replace netcat with IPv6 supported one 4 | # see https://unix.stackexchange.com/questions/457670/netcat-how-to-listen-on-a-tcp-port-using-ipv6-address 5 | sudo apt-get remove -y netcat-traditional || true 6 | sudo apt-get remove -y netcat6 || true 7 | sudo apt-get remove -y ncat || true 8 | sudo apt-get remove -y netcat || true 9 | sudo apt-get install -y netcat-openbsd 10 | -------------------------------------------------------------------------------- /scripts/prometheus-node-exporter/node-exporter-tomesh.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Prometheus Node Exporter daemon addons 3 | Wants=prometheus-node-exporter.service 4 | After=prometheus-node-exporter.service 5 | 6 | [Service] 7 | Type=simple 8 | ExecStart=/usr/bin/python /opt/tomesh/nodestats-tomesh.py 9 | ExecStop=/bin/kill -s QUIT $MAINPID 10 | Restart=on-failure 11 | RestartSec=10s 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /scripts/watchdog/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | if [[ -e '/dev/watchdog' ]]; then 6 | sudo sed -i "/RuntimeWatchdogSec/d" /etc/systemd/system.conf 7 | sudo sed -i "/ShutdownWatchdogSec/d" /etc/systemd/system.conf 8 | 9 | echo RuntimeWatchdogSec=15s | sudo tee --append /etc/systemd/system.conf > /dev/null 10 | echo ShutdownWatchdogSec=10min | sudo tee --append /etc/systemd/system.conf > /dev/null 11 | 12 | fi 13 | -------------------------------------------------------------------------------- /scripts/ipfs/ipfs.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=IPFS daemon 3 | Wants=network.target 4 | After=network.target 5 | 6 | [Service] 7 | Type=simple 8 | Environment=IPFS_PATH=__USER_HOME__/.ipfs 9 | ExecStart=/usr/local/bin/ipfs daemon --enable-namesys-pubsub --migrate=true 10 | ExecStartPost=/usr/local/bin/ipfs-swarm.sh 11 | ExecStop=/bin/kill -s QUIT $MAINPID 12 | Restart=on-failure 13 | RestartSec=10s 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /scripts/prometheus-server/prometheus-server.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Prometheus Server daemon 3 | Wants=network.target 4 | After=network.target 5 | 6 | [Service] 7 | WorkingDirectory=/opt/prometheus 8 | Type=simple 9 | ExecStartPre=/bin/rm -rf /opt/prometheus/data/lock || true 10 | ExecStart=/opt/prometheus/prometheus 11 | ExecStop=/bin/kill -s QUIT $MAINPID 12 | Restart=on-failure 13 | RestartSec=10s 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /scripts/ssb-web-pi/ssb-web-pi.conf: -------------------------------------------------------------------------------- 1 | location /ssb-web-pi { 2 | alias /var/www/sbot; 3 | index index.html index.htm index.nginx-debian.html index.php; 4 | try_files $uri $uri/ =404; 5 | location ~ \.php$ { 6 | try_files $uri =404; 7 | fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; 8 | fastcgi_index index.php; 9 | fastcgi_param SCRIPT_FILENAME $request_filename; 10 | include fastcgi_params; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /scripts/watchdog/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | 6 | if [[ -e '/dev/watchdog' ]]; then 7 | sudo sed -i "/RuntimeWatchdogSec/d" /etc/systemd/system.conf 8 | sudo sed -i "/ShutdownWatchdogSec/d" /etc/systemd/system.conf 9 | 10 | echo "#RuntimeWatchdogSec=16" | sudo tee --append /etc/systemd/system.conf > /dev/null 11 | echo "#ShutdownWatchdogSec=10min" | sudo tee --append /etc/systemd/system.conf > /dev/null 12 | 13 | fi 14 | 15 | -------------------------------------------------------------------------------- /contrib/captive-portal/install-nodogsplash.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sudo apt install -y libmicrohttpd-dev 4 | 5 | mkdir tmp 6 | cd tmp 7 | git clone https://github.com/nodogsplash/nodogsplash.git 8 | cd nodogsplash 9 | make 10 | sudo make install 11 | sudo cp debian/nodogsplash.service /etc/systemd/system 12 | cd .. 13 | cd .. 14 | rm -rf tmp 15 | 16 | cp nodogsplash.conf /etc/nodogsplash/nodogsplash.conf 17 | sudo systemctl enable nodogsplash 18 | sudo systemctl start nodogsplash 19 | -------------------------------------------------------------------------------- /contrib/node-exporter-ubiquiti/install: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | sudo cp "nodestats-tomesh.py" "/opt/tomesh/nodestats-tomesh.py" 4 | sudo cp "node-exporter-ubiquiti.service" /etc/systemd/system/node-exporter-ubiquiti.service 5 | sudo systemctl daemon-reload 6 | sudo systemctl enable node-exporter-ubiquiti.service 7 | sudo systemctl start node-exporter-ubiquiti.service 8 | 9 | echo Remember to edit /opt/tomesh/nodestats-tomesh.py if your equipment IP address is different from 192.168.1.20 10 | -------------------------------------------------------------------------------- /contrib/pi-stream/install-sdr-drivers.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Install SDR drivers 4 | sudo apt-get install -y cmake git libusb-1.0-0-dev 5 | git clone git://git.osmocom.org/rtl-sdr.git 6 | cd rtl-sdr 7 | mkdir build 8 | cd build 9 | cmake ../ -DINSTALL_UDEV_RULES=ON 10 | make 11 | sudo make install 12 | sudo ldconfig 13 | 14 | # Make drivers work 15 | sudo cp ../rtl-sdr.rules /etc/udev/rules.d/ 16 | echo blacklist dvb_usb_rtl28xxu | sudo tee /etc/modprobe.d/blacklist-rtl.conf > /dev/null 17 | -------------------------------------------------------------------------------- /scripts/hostapd/hostapd.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=hostapd IEEE 802.11 Access Point 3 | ##TODO## Not sure why this does not work 4 | #After=sys-subsystem-net-devices-wlan\x2dap.device 5 | #BindsTo=sys-subsystem-net-devices-wlan\x2ap.device 6 | 7 | [Service] 8 | Type=forking 9 | PIDFile=/var/run/hostapd.pid 10 | ExecStart=/usr/sbin/hostapd -B /etc/hostapd/hostapd.conf -P /var/run/hostapd.pid 11 | ExecStartPost=/bin/sh /etc/hostapd/nat.sh 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /contrib/board-espressobin/config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Break bridge configured by default 4 | 5 | # Disable systemd management of network interfaces except to bring up eth0 with random MAC address 6 | sudo rm -rf /etc/systemd/network/* 7 | 8 | sudo tee /etc/systemd/network/10-eth0.network << END 9 | [Match] 10 | Name=eth0 11 | [Network] 12 | DHCP=ipv4 13 | END 14 | 15 | sudo tee /etc/systemd/network/10-eth0.link << END 16 | [Match] 17 | MACAddress=f0:ad:4e:03:64:7f 18 | [Link] 19 | MACAddressPolicy=random 20 | END 21 | -------------------------------------------------------------------------------- /scripts/yggdrasil/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | sudo apt-get remove -y yggdrasil 6 | 7 | if [ -f "/etc/yggdrasil.conf " ]; then 8 | echo "Found /etc/yggdrasil.conf " 9 | read -p "Keep your yggdrasil identity (Y/n)? " -n 1 -r 10 | echo "" 11 | if [[ $REPLY =~ ^[Nn]$ ]]; then 12 | echo -e "\e[1;31mRemoving /etc/yggdrasil.conf\e[0m" 13 | sudo rm -f /etc/yggdrasil.conf 14 | else 15 | echo -e "\e[1;32mKeeping /etc/yggdrasil.conf\e[0m" 16 | fi 17 | fi 18 | -------------------------------------------------------------------------------- /scripts/nginx/common.css: -------------------------------------------------------------------------------- 1 | body { 2 | font-family: Arial, Helvetica, sans-serif; 3 | } 4 | h1 { 5 | text-align:center; 6 | } 7 | .app h2 { 8 | margin:0; 9 | padding:0; 10 | background:black; 11 | color:white; 12 | padding:5px; 13 | margin-bottom:5px; 14 | } 15 | .app { 16 | display:inline-block; 17 | float:left; 18 | width:calc( 33% - 20px ); 19 | vertical-align: top; 20 | border:1px solid #cccccc; 21 | margin:5px; 22 | padding:5px; 23 | min-width:400px; 24 | } 25 | -------------------------------------------------------------------------------- /scripts/shared/nodeinfo/nodeinfo-update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cp /opt/tomesh/nodeinfo.json /tmp 4 | 5 | # Replace placeholders with dynamic info 6 | sed -i -e "s/__KEY__/$(grep -m 1 '"ipv6"' /etc/cjdroute.conf | awk '{ print $2 }' | sed 's/[",]//g')/g" /tmp/nodeinfo.json 7 | 8 | services=$(run-parts /opt/tomesh/nodeinfo.d/ | sed ':a $!{N; ba}; s/\n/\\n/g') 9 | services=${services%,*} 10 | 11 | sed -i -e "s|__SERVICES__|$services|g" /tmp/nodeinfo.json 12 | 13 | jq . /tmp/nodeinfo.json | sudo tee /var/www/html/nodeinfo.json > /dev/null 14 | -------------------------------------------------------------------------------- /scripts/h-ntp/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | H_NTP_SERVER1="fc4d:c8e5:9efe:9ac2:8e72:fcf7:6ce8:39dc" 6 | H_NTP_SERVER2="fc41:47b9:dd78:ff21:1b24:dab8:3f81:168e" 7 | 8 | # Install NTP 9 | if [ ! -x "$(command -v ntpd)" ]; then 10 | sudo apt-get install ntp -y 11 | fi 12 | 13 | # Configure Hyperboria NTP 14 | sudo sed -i '/pool /d' /etc/ntp.conf 15 | echo "pool -6 ${H_NTP_SERVER1} iburst" | sudo tee --append /etc/ntp.conf > /dev/null 16 | echo "pool -6 ${H_NTP_SERVER2} iburst" | sudo tee --append /etc/ntp.conf > /dev/null 17 | -------------------------------------------------------------------------------- /scripts/h-dns/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | H_DNS_SERVER_0="fc4d:c8e5:9efe:9ac2:8e72:fcf7:6ce8:39dc" 6 | H_DNS_SERVER_1="fc6e:691e:dfaa:b992:a10a:7b49:5a1a:5e09" 7 | H_DNS_SERVER_2="fc16:b44c:2bf9:467:8098:51c6:5849:7b4f" 8 | 9 | # Configure Hyperboria DNS 10 | sudo sed -i '/dns-nameservers /d' /etc/network/interfaces || true 11 | echo "" | sudo tee /etc/network/interfaces.d/dns > /dev/null 12 | echo "dns-nameservers ${H_DNS_SERVER_0} ${H_DNS_SERVER_1} ${H_DNS_SERVER_2}" | sudo tee --append /etc/network/interfaces.d/dns > /dev/null 13 | -------------------------------------------------------------------------------- /scripts/ipfs-pi-stream/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 6 | 7 | sudo systemctl stop process-stream 8 | sudo systemctl disable process-stream 9 | sudo rm -f /usr/bin/process-stream.sh 10 | sudo rm -f /etc/systemd/system/process-stream.service 11 | sudo systemctl daemon-reload 12 | 13 | # Remove ffmpeg and supporting tools 14 | sudo apt-get -y remove ffmpeg lsof inotify-tools 15 | 16 | # Revert permissions 17 | sudo chmod 755 /var/www/html 18 | sed -i "/ipfs repo gc/d" | sudo tee --append /etc/crontab 19 | -------------------------------------------------------------------------------- /contrib/GeoLocation/geo.php: -------------------------------------------------------------------------------- 1 | 17 | -------------------------------------------------------------------------------- /scripts/mesh-point/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 6 | 7 | sudo apt-get install -y iw 8 | 9 | # Install bring-up script for the Mesh Point interface to /usr/bin 10 | sudo cp "$BASE_DIR/mesh-point" /usr/bin/mesh-point 11 | 12 | # Configure systemd to start mesh-point.service on system boot 13 | sudo cp "$BASE_DIR/mesh-point.service" /etc/systemd/system/mesh-point.service 14 | sudo chmod 644 /etc/systemd/system/mesh-point.service 15 | sudo systemctl daemon-reload 16 | sudo systemctl enable mesh-point.service 17 | -------------------------------------------------------------------------------- /scripts/ipfs/nodeinfo-ipfs: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ipfsinfo=$( curl -s http://localhost:5001/api/v0/id) 4 | id=$(echo $ipfsinfo | jq ".ID") 5 | version=$(echo $ipfsinfo | jq ".AgentVersion") 6 | 7 | if [ -z "$id" ]; then 8 | id='""' 9 | fi 10 | if [ -z "$version" ]; then 11 | version='""' 12 | fi 13 | 14 | echo '"ipfs":{' 15 | echo '"version":'${version}',' 16 | 17 | if [ quic_enabled = "$(ipfs config Experimental.QUIC)" ]; then 18 | echo '"quic_enabled":"'${quic_enabled}'",' 19 | else 20 | echo '"quic_enabled":"false",' 21 | fi 22 | 23 | echo '"ID":'${id} 24 | 25 | echo "}," 26 | -------------------------------------------------------------------------------- /scripts/hostapd/nat.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # MSS clamp to circumvent issues with Path MTU Discovery 4 | iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 5 | ip6tables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 6 | 7 | # Forward all IPv4 traffic from the internal network to the eth0 device and mask with the eth0 external IP address 8 | iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 9 | 10 | # Allow all IPv6 traffic routed out tun0 and ygg0 to be masked with their respective external IP address 11 | ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE 12 | -------------------------------------------------------------------------------- /scripts/shared/nodeinfo/nodeinfo.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": 0, 3 | "location": { 4 | "continent": "NA", 5 | "country": "Canada", 6 | "region": "Ontario", 7 | "municipality": "Toronto", 8 | "uri": "https://tomesh.net" 9 | }, 10 | "software": { 11 | "repo": "__REPO__", 12 | "branch": "__BRANCH__", 13 | "commit": "__COMMIT__", 14 | "installed": "__INSTALLED__", 15 | "uri": "https://github.com/tomeshnet/prototype-cjdns-pi/" 16 | }, 17 | "key": "__KEY__", 18 | "org": "__ORG__", 19 | "services": { 20 | __SERVICES__ 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /contrib/ipfs-usb/movestore: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | if [ -z "$1" ] && [ -z "$2" ]; then 3 | echo Syntax 4 | echo movestore \[Device\] \[User\] 5 | echo Device - Device to format and mount 6 | echo User - User running ipfs that the repo will be moved to 7 | exit 0 8 | fi 9 | device="$1" 10 | user="$2" 11 | 12 | mkfs.ext3 /dev/$device 13 | service ipfs stop 14 | e2label /dev/$device ipfs-data 15 | mkdir /mnt/ipfs-data 16 | echo "LABEL=ipfs-data /mnt/ipfs-data ext3 defaults,noatime 0 0" >> /etc/fstab 17 | mount /mnt/ipfs-data 18 | mv /home/$user/.ipfs /mnt/ipfs-data/ 19 | ln -s /mnt/ipfs-data/.ipfs /home/$user/.ipfs 20 | service ipfs start 21 | -------------------------------------------------------------------------------- /contrib/captive-portal/nodogsplash.conf: -------------------------------------------------------------------------------- 1 | GatewayInterface wlan-ap 2 | #login_option_enabled 1 3 | FirewallRuleSet authenticated-users { 4 | FirewallRule allow all 5 | } 6 | FirewallRuleSet preauthenticated-users { 7 | # FirewallRule allow tcp port 80 to 123.321.123.321 8 | } 9 | FirewallRuleSet users-to-router { 10 | FirewallRule allow udp port 53 11 | FirewallRule allow tcp port 53 12 | FirewallRule allow udp port 67 13 | FirewallRule allow tcp port 22 14 | # FirewallRule allow tcp port 80 15 | # FirewallRule allow tcp port 443 16 | } 17 | GatewayName ToMeshNode 18 | GatewayAddress 10.0.0.1 19 | GatewayPort 2050 20 | MaxClients 250 21 | AuthIdleTimeout 480 22 | -------------------------------------------------------------------------------- /scripts/ssb-web-pi/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | sudo systemctl stop ssb-web-broadcast.service || true 4 | sudo systemctl disable ssb-web-broadcast.service || true 5 | sudo systemctl daemon-reload 6 | 7 | sudo rm -rf /var/www/backend 8 | sudo rm -rf /var/www/sbot 9 | sudo rm -rf /usr/lib/node_modules 10 | sudo rm -rf /var/www/.ssb 11 | sudo rm -f /usr/local/bin/ssb-web-broadcast-service.sh 12 | 13 | sudo rm -rf /etc/nginx/site-path-enabled/ssb-web.conf 14 | 15 | sudo npm uninstall -g --unsafe-perm \ 16 | ssb-keys \ 17 | ssb-client \ 18 | ssb-feed \ 19 | pull-stream 20 | 21 | sudo apt-get remove -y php-fpm socat -------------------------------------------------------------------------------- /scripts/yggdrasil-iptunnel/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 6 | 7 | # Install confset 8 | source shared/confset/install 9 | 10 | sudo cp "$BASE_DIR/yggdrasil-setup" "/usr/local/sbin/yggdrasil-setup" 11 | sudo mkdir /etc/systemd/system/yggdrasil.service.d || true 12 | sudo cp "$BASE_DIR/yggdrasil-iptunnel.service" /etc/systemd/system/yggdrasil.service.d/iptunnel.conf 13 | 14 | # Enable tunnel routing in config file 15 | sudo sed -i "/TunnelRouting\:/,/^\[/{s/Enable: false/Enable: true/;}" /etc/yggdrasil.conf 16 | 17 | sudo chmod a+x /usr/local/sbin/yggdrasil-setup 18 | 19 | sudo systemctl daemon-reload 20 | -------------------------------------------------------------------------------- /scripts/yrd/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 6 | mkdir "$BASE_DIR/tmp" 7 | cd "$BASE_DIR/tmp" 8 | 9 | git clone https://github.com/kpcyrd/yrd.git 10 | cd yrd 11 | 12 | # Install dependencies 13 | sudo apt-get install -y python3 python3-pip python3-argh python3-requests python3-setuptools 14 | 15 | # Install yrd 16 | sudo -H python3 ./setup.py -v install 17 | 18 | # Install and enable the service 19 | sudo cp "$BASE_DIR/yrd.service" "/etc/systemd/system/yrd.service" 20 | sudo systemctl daemon-reload 21 | sudo systemctl enable yrd 22 | sudo systemctl start yrd 23 | 24 | sudo rm -rf "$BASE_DIR/tmp" 25 | cd "$BASE_DIR/.." 26 | -------------------------------------------------------------------------------- /scripts/hostapd/wpa-eap/certs/xpextensions: -------------------------------------------------------------------------------- 1 | # 2 | # File containing the OID's required for Windows. 3 | # 4 | # http://support.microsoft.com/kb/814394/en-us 5 | # 6 | [ xpclient_ext] 7 | extendedKeyUsage = 1.3.6.1.5.5.7.3.2 8 | 9 | [ xpserver_ext] 10 | extendedKeyUsage = 1.3.6.1.5.5.7.3.1 11 | 12 | # 13 | # Add this to the PKCS#7 keybag attributes holding the client's private key 14 | # for machine authentication. 15 | # 16 | # the presence of this OID tells Windows XP that the cert is intended 17 | # for use by the computer itself, and not by an end-user. 18 | # 19 | # The other solution is to use Microsoft's web certificate server 20 | # to generate these certs. 21 | # 22 | # 1.3.6.1.4.1.311.17.2 23 | -------------------------------------------------------------------------------- /contrib/set-mesh-repo/debian-default-sources.list: -------------------------------------------------------------------------------- 1 | deb http://httpredir.debian.org/debian __CODENAME__ main contrib non-free 2 | #deb-src http://httpredir.debian.org/debian __CODENAME__ main contrib non-free 3 | 4 | deb http://httpredir.debian.org/debian __CODENAME__-updates main contrib non-free 5 | #deb-src http://httpredir.debian.org/debian __CODENAME__-updates main contrib non-free 6 | 7 | deb http://httpredir.debian.org/debian __CODENAME__-backports main contrib non-free 8 | #deb-src http://httpredir.debian.org/debian __CODENAME__-backports main contrib non-free 9 | 10 | deb http://security.debian.org/ __CODENAME__/updates main contrib non-free 11 | #deb-src http://security.debian.org/ __CODENAME__/updates main contrib non-free 12 | -------------------------------------------------------------------------------- /scripts/ssb-web-pi/ssb-web-pi-broadcast-service.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | while true; do 4 | while read -r id; do 5 | for int in $(find /sys/class/net/* -maxdepth 1 -print0 | xargs -0 -l basename); do 6 | ip=$(ip addr show "$int" | grep -v inet6 | grep -v '127.0.0.1' |grep inet | head -n 1 | awk '{print $2}' | awk -F "/" '{print $1}') 7 | if [ -n "$ip" ]; then 8 | echo -n "net:$ip:8008~shs:$id" | sudo socat -T 1 - "UDP4-DATAGRAM:255.255.255.255:8008,broadcast,so-bindtodevice=$int" & 9 | fi 10 | done 11 | done <<< "$(sudo cat /var/www/backend/keys/* | grep id | grep -v "#" | awk '{print $2}' | tr -d '"' | sed 's/.ed25519//' | sed 's/@//')" 12 | sleep 5 13 | done 14 | -------------------------------------------------------------------------------- /scripts/ipfs/ipfs-http-gateway.conf: -------------------------------------------------------------------------------- 1 | location /ipfs { 2 | proxy_pass http://127.0.0.1:8080/ipfs; 3 | proxy_set_header Host $host; 4 | proxy_set_header X-Real-IP $remote_addr; 5 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 6 | proxy_set_header X-Forwarded-Proto $scheme; 7 | } 8 | 9 | location /ipns { 10 | proxy_pass http://127.0.0.1:8080/ipns; 11 | proxy_set_header Host $host; 12 | proxy_set_header X-Real-IP $remote_addr; 13 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 14 | proxy_set_header X-Forwarded-Proto $scheme; 15 | # Prevent Caching 16 | expires 0; 17 | add_header Cache-Control private; 18 | } 19 | -------------------------------------------------------------------------------- /contrib/offline/redirect-port-80.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Backup file 4 | if ! [ -f "/etc/hostapd/nat.sh.bak" ]; then 5 | sudo cp /etc/hostapd/nat.sh /etc/hostapd/nat.sh.bak 6 | fi 7 | 8 | # Redirect all IPv4 80 traffic to the pi 9 | echo iptables -t nat -I PREROUTING -i wlan-ap -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1:80 | sudo tee --append /etc/hostapd/nat.sh > /dev/null 10 | 11 | # Prevent masquerading out IPv4 12 | # This is to prevent IPTUNNEL and routing to the internet (Exit node) 13 | sudo sed -i "/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE/d" /etc/hostapd/nat.sh 14 | 15 | # Set nginx to redirect any 404 errors to / 16 | sed -i '$i error_page 404 =200 /index.html;' /etc/nginx/sites-enabled/main.conf 17 | sudo systemctl restart hostapd 18 | -------------------------------------------------------------------------------- /scripts/cjdns/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Uninstall CJDNS 6 | sudo systemctl disable cjdns.service 2>/dev/null || true 7 | sudo systemctl stop cjdns.service 2>/dev/null || true 8 | sudo rm -f /usr/bin/cjdroute 9 | sudo rm -f /etc/systemd/system/cjdns.service 10 | sudo rm -f /etc/systemd/system/cjdns-resume.service 11 | sudo rm -rf /opt/cjdns 12 | 13 | if [ -f "/etc/cjdroute.conf" ]; then 14 | echo "Found /etc/cjdroute.conf" 15 | read -p "Keep your CJDNS identity (Y/n)? " -n 1 -r 16 | echo "" 17 | if [[ $REPLY =~ ^[Nn]$ ]]; then 18 | echo -e "\e[1;31mRemoving /etc/cjdroute.conf\e[0m" 19 | sudo rm -f /etc/cjdroute.conf 20 | else 21 | echo -e "\e[1;32mKeeping /etc/cjdroute.conf\e[0m" 22 | fi 23 | fi 24 | -------------------------------------------------------------------------------- /scripts/mesh-adhoc/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 6 | 7 | MESH_NAME=$(confget -f /etc/mesh.conf -s general "mesh-name") 8 | 9 | sudo apt-get install -y iw 10 | 11 | # Install bring-up script for the Mesh Ad-hoc interface to /usr/bin 12 | cp "$BASE_DIR/mesh-adhoc" "$BASE_DIR/mesh-adhoc2" 13 | sed -i "s/MESH_NAME/$MESH_NAME/g" "$BASE_DIR/mesh-adhoc2" 14 | sudo mv "$BASE_DIR/mesh-adhoc2" /usr/bin/mesh-adhoc 15 | 16 | # Configure systemd to start mesh-adhoc.service on system boot 17 | sudo cp "$BASE_DIR/mesh-adhoc.service" /etc/systemd/system/mesh-adhoc.service 18 | sudo chmod 644 /etc/systemd/system/mesh-adhoc.service 19 | sudo systemctl daemon-reload 20 | sudo systemctl enable mesh-adhoc.service 21 | -------------------------------------------------------------------------------- /scripts/grafana/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Uninstall Grafana 6 | sudo systemctl disable grafana-server.service 2>/dev/null || true 7 | sudo systemctl stop grafana-server.service 2>/dev/null || true 8 | sudo systemctl daemon-reload || true 9 | sudo apt-get -y remove grafana || true 10 | 11 | # Remove other fies 12 | if [ -d "/var/lib/grafana" ]; then 13 | echo "Found Grafana database" 14 | read -p "Keep your Grafana database (Y/n)? " -n 1 -r 15 | echo "" 16 | if [[ $REPLY =~ ^[Nn]$ ]]; then 17 | sudo rm -rf /usr/share/grafana 18 | sudo rm -rf /var/lib/grafana 19 | sudo rm -rf /etc/grafana 20 | sudo rm -rf /var/log/grafana 21 | else 22 | echo -e "\e[1;32mKeeping Grafana database\e[0m" 23 | fi 24 | fi 25 | -------------------------------------------------------------------------------- /contrib/set-mesh-repo/debian-sources.list: -------------------------------------------------------------------------------- 1 | deb http://__PREFIX__.mirror.tomesh.net/debian __CODENAME__ main contrib non-free 2 | #deb-src http://__PREFIX__.mirror.tomesh.net/debian __CODENAME__ main contrib non-free 3 | 4 | deb http://__PREFIX__.mirror.tomesh.net/debian __CODENAME__-updates main contrib non-free 5 | #deb-src http://__PREFIX__.mirror.tomesh.net/debian __CODENAME__-updates main contrib non-free 6 | 7 | deb http://__PREFIX__.mirror.tomesh.net/debian __CODENAME__-backports main contrib non-free 8 | #deb-src http:/__PREFIX__.mirror.tomesh.net/debian __CODENAME__-backports main contrib non-free 9 | 10 | deb http://__PREFIX__.mirror.tomesh.net/debian-security __CODENAME__/updates main contrib non-free 11 | #deb-src http://__PREFIX__.mirror.tomesh.net/debian-security __CODENAME__/updates main contrib non-free 12 | -------------------------------------------------------------------------------- /scripts/cjdns-iptunnel/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 6 | sudo cp "$BASE_DIR/cjdns-setup" "/usr/local/sbin/cjdns-setup" 7 | 8 | # Update service to start script on cjdns start 9 | if [ -f /lib/systemd/system/cjdns.service ]; then 10 | sudo sed -i /ExecStartPost/d /lib/systemd/system/cjdns.service 11 | sudo sed -i s#Restart=always#Restart=always\\nExecStartPost=/usr/local/sbin/cjdns-setup# /lib/systemd/system/cjdns.service 12 | fi 13 | 14 | if [ -f /etc/systemd/system/cjdns.service ]; then 15 | sudo sed -i /ExecStartPost/d /etc/systemd/system/cjdns.service 16 | sudo sed -i s#Restart=always#Restart=always\\nExecStartPost=/usr/local/sbin/cjdns-setup# /etc/systemd/system/cjdns.service 17 | fi 18 | 19 | sudo systemctl daemon-reload 20 | -------------------------------------------------------------------------------- /contrib/ramdisk-overlay/raspbian.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | wget https://github.com/jacobalberty/root-ro/raw/master/root-ro 4 | wget https://github.com/jacobalberty/root-ro/raw/master/raspi-gpio 5 | 6 | chmod 0755 root-ro 7 | chmod 0755 raspi-gpio 8 | 9 | sudo mv root-ro /etc/initramfs-tools/scripts/init-bottom 10 | sudo mv raspi-gpio /etc/initramfs-tools/hooks 11 | 12 | echo overlay | sudo tee --append /etc/initramfs-tools/modules > /dev/null 13 | sudo apt-get install -y raspi-gpio 14 | sudo mkinitramfs -o /boot/initrd 15 | 16 | sudo cat <<"EOF" | sudo tee --append /boot/config.txt > /dev/null 17 | initramfs initrd followkernel 18 | ramfsfile=initrd 19 | ramfsaddr=-1 20 | EOF 21 | 22 | sudo sed -i -e '/rootwait/s/$/ root-ro-driver=overlay root-rw-pin=21/' /boot/cmdline.txt 23 | -------------------------------------------------------------------------------- /scripts/firewall/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 6 | 7 | # Install Basic Firewall Rules 8 | 9 | # Suppress user prompt 10 | echo iptables-persistent iptables-persistent/autosave_v4 boolean false | sudo debconf-set-selections 11 | echo iptables-persistent iptables-persistent/autosave_v6 boolean false | sudo debconf-set-selections 12 | 13 | sudo apt-get install -y iptables iptables-persistent 14 | 15 | # Bringing up the firewall on RaspberryPi before network breaks things 16 | # so patch the service to start the firewall after the cjdns service starts 17 | sudo sed -i -e "s/Before=network-pre.target/After=cjdns.service/" /lib/systemd/system/netfilter-persistent.service 18 | 19 | sudo cp "$BASE_DIR/rules.v4" /etc/iptables/rules.v4 20 | sudo cp "$BASE_DIR/rules.v6" /etc/iptables/rules.v6 21 | -------------------------------------------------------------------------------- /contrib/captive-portal/README.md: -------------------------------------------------------------------------------- 1 | # NoDogSplash captive portal 2 | 3 | Source: https://github.com/nodogsplash/nodogsplash 4 | 5 | Nodogsplash is a Captive Portal that offers a simple way to provide restricted access to the Internet by showing a splash page to the user before Internet access is granted. 6 | 7 | This script install and configured the Nodogsplash captive portal to run on `wlan-ap` interface of the prototype stack. 8 | 9 | ## Installation 10 | 11 | ``` 12 | chmod +x install-nodogsplash.sh 13 | ./install-nodogsplash.sh 14 | ``` 15 | 16 | ## Issues 17 | 18 | Some people have objections using captive portal because it hijacks traffic and could potentially be a privacy violation. Additionally it prevents headless devices from accessing the internet. 19 | 20 | ## Nice to have 21 | 22 | - [ ] Nice tomesh splash screen (/etc/nodogsplash/htdocs/splash.sh) 23 | -------------------------------------------------------------------------------- /scripts/shared/confset/confset.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ -z "$4" ]; then 4 | echo Syntax: confset \ \ \ \ 5 | exit 0 6 | fi 7 | 8 | section="$1" 9 | key="$2" 10 | value="$3" 11 | file="$4" 12 | 13 | # If the file is missing create it 14 | if [[ ! -f "$file" ]]; then 15 | touch "$file" 16 | fi 17 | 18 | # If the file is missing the provided section it is created 19 | # shellcheck disable=SC2143 20 | if [[ -z "$(grep "\[$section\]" "$file")" ]]; then 21 | echo "[$section]" >> "$file" 22 | fi 23 | 24 | confget -f "$file" -s "$section" -c "$key" 25 | res=$? 26 | 27 | if [[ "$res" == "1" ]]; then 28 | # If file is missing the key it is added 29 | sed -i "s/\[$section]/\[$section]\n$key=$value/" "$file" 30 | else 31 | # Otherwise change it 32 | sed -i "/^\[$section]/,/^\[/{s/^$key=.*/$key=$value/;}" "$file" 33 | fi 34 | -------------------------------------------------------------------------------- /scripts/ipfs-pi-stream/enable-camera.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Enable camera on Raspberry Pi 4 | # set_config_var taken from raspi-config 5 | set_config_var() { 6 | lua - "$1" "$2" "$3" < "$3.bak" 7 | local key=assert(arg[1]) 8 | local value=assert(arg[2]) 9 | local fn=assert(arg[3]) 10 | local file=assert(io.open(fn)) 11 | local made_change=false 12 | for line in file:lines() do 13 | if line:match("^#?%s*"..key.."=.*$") then 14 | line=key.."="..value 15 | made_change=true 16 | end 17 | print(line) 18 | end 19 | 20 | if not made_change then 21 | print(key.."="..value) 22 | end 23 | EOF 24 | sudo mv "$3.bak" "$3" 25 | } 26 | 27 | # Command extracted from raspi-config 28 | sed /boot/config.txt -i -e "s/^startx/#startx/" 29 | sed /boot/config.txt -i -e "s/^fixup_file/#fixup_file/" 30 | set_config_var start_x 1 /boot/config.txt 31 | set_config_var gpu_mem 128 /boot/config.txt 32 | -------------------------------------------------------------------------------- /scripts/nginx/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 |

Welcome to Node __NODENAME__

7 | Services running on this node.
8 |

CJDNS Neighbours

9 |

Yggdrasil Neighbours

10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 22 | 23 | -------------------------------------------------------------------------------- /scripts/firewall/rules.v4: -------------------------------------------------------------------------------- 1 | *filter 2 | :INPUT ACCEPT [0:0] 3 | :FORWARD ACCEPT [0:0] 4 | :OUTPUT ACCEPT [0:0] 5 | -A INPUT -i lo -j ACCEPT 6 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 7 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 8 | -A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT 9 | -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 10 | -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT 11 | -A INPUT -p udp -m udp --dport 53 -j ACCEPT 12 | -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 13 | -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT 14 | -A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT 15 | -A INPUT -p tcp -m tcp --dport 4001 -j ACCEPT 16 | -A INPUT -p tcp -m tcp --dport 5201 -j ACCEPT 17 | -A INPUT -p udp -m udp --dport 8008 -j ACCEPT 18 | -A INPUT -p tcp -m tcp --dport 8008 -j ACCEPT 19 | -A INPUT -p tcp -m tcp --dport 9090 -j ACCEPT 20 | -A INPUT -p tcp -m tcp --dport 9100 -j ACCEPT 21 | -A INPUT -i wlan+ -j ACCEPT 22 | -A INPUT -j DROP 23 | COMMIT 24 | -------------------------------------------------------------------------------- /scripts/ssb/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Uninstall SSB 6 | sudo systemctl stop ssb.service || true 7 | sudo systemctl disable ssb.service || true 8 | sudo systemctl stop ssb-broadcast.service || true 9 | sudo systemctl disable ssb-broadcast.service || true 10 | sudo systemctl daemon-reload 11 | 12 | sudo npm uninstall scuttlebot -g 13 | sudo apt-get remove -y socat 14 | 15 | sudo rm -f /usr/bin/sbot || true 16 | sudo rm -f /etc/systemd/system/ssb.service 17 | sudo rm -f /etc/systemd/system/ssb-broadcast.service 18 | sudo rm -f /usr/local/bin/ssb-broadcast-service.sh 19 | sudo rm -rf /usr/lib/node_modules/ssb-server || true 20 | 21 | if [ -d "$HOME/.ssb" ]; then 22 | echo "Found ~/.ssb" 23 | read -p "Keep your SSB data (Y/n)? " -n 1 -r 24 | echo "" 25 | if [[ $REPLY =~ ^[Nn]$ ]]; then 26 | echo -e "\e[1;31mRemoving ~/.ssb\e[0m" 27 | rm -rf ~/.ssb 28 | else 29 | echo -e "\e[1;32mKeeping ~/.ssb\e[0m" 30 | fi 31 | fi 32 | -------------------------------------------------------------------------------- /contrib/GeoLocation/nodeinfo-geolocation: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "{ "wifiAccessPoints": {" > /tmp/locationScan 4 | iwlist wlan0 scanning | grep Cell | grep Address | awk '{print "\"macAddress\": \""$5"\","}' >>/tmp/locationScan 5 | echo "}}" >> /tmp/locationScan 6 | 7 | curl -d @/tmp/locationScan -H "Content-Type: application/json" "http://node2.e-mesh.net/geo.php" -o /tmp/locationResult > /dev/null 8 | 9 | if [ -z "$(type jq)" ]; then 10 | a=$(cat /tmp/locationResult |grep \"accuracy\" | awk '{print $2}') 11 | lat=$(cat /tmp/locationResult |grep \"lat\" | awk '{print $2}') 12 | lng=$(cat /tmp/locationResult |grep \"lng\" | awk '{print $2}') 13 | else 14 | a=`jq -r ".accuracy" /tmp/locationResult 2>/dev/null` 15 | lat=`jq -r ".location.lat" /tmp/locationResult 2>/dev/null` 16 | lng=`jq -r ".location.lng" /tmp/locationResult 2>/dev/null` 17 | fi 18 | 19 | echo "\"geolocation\": {" 20 | echo " \"latitude\": \"$lat\"," 21 | echo " \"longitude\": \"$lng\"," 22 | echo " \"accuracy\": \"$a\"" 23 | echo "}," 24 | -------------------------------------------------------------------------------- /scripts/hostapd/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Uninstall WiFi Access Point 6 | sudo systemctl disable hostapd.service 2>/dev/null || true 7 | sudo systemctl stop hostapd.service 2>/dev/null || true 8 | sudo systemctl daemon-reload 9 | if [ -f "/etc/network/interfaces.bak" ]; then 10 | sudo mv /etc/network/interfaces.bak /etc/network/interfaces 11 | fi 12 | if [ -f "/etc/sysctl.conf.bak" ]; then 13 | sudo mv /etc/sysctl.conf.bak /etc/sysctl.conf 14 | fi 15 | if [ -f "/etc/dnsmasq.conf.bak" ]; then 16 | sudo mv /etc/dnsmasq.conf.bak /etc/dnsmasq.conf 17 | fi 18 | if [ -f "/etc/dhcpcd.conf.bak" ]; then 19 | sudo mv /etc/dhcpcd.conf.bak /etc/dhcpcd.conf 20 | fi 21 | sudo rm -f /etc/radvd.conf 22 | sudo rm -f /etc/hostapd/hostapd.conf 23 | sudo rm -f /etc/hostapd/hostapd.eap_user 24 | sudo rm -f /etc/hostapd/ca.pem 25 | sudo rm -f /etc/hostapd/server.pem 26 | sudo rm -f /etc/hostapd/nat.sh 27 | sudo rm -f /etc/systemd/system/hostapd.service 28 | sudo rm -rf /etc/udev/rules.d/70-persistent-net.rules || true 29 | -------------------------------------------------------------------------------- /scripts/ipfs/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # Remove script and service for ipfs bootstrap 6 | sudo rm -r /usr/local/bin/ipfs-swarm.sh || true 7 | 8 | # Uninstall dependencies 9 | sudo apt-get remove -y jq 10 | 11 | # Uninstall IPFS 12 | sudo systemctl disable ipfs.service 2>/dev/null || true 13 | sudo systemctl stop ipfs.service 2>/dev/null || true 14 | sudo systemctl daemon-reload 15 | sudo rm -f /usr/local/bin/ipfs 16 | sudo rm -f /etc/systemd/system/ipfs.service 17 | 18 | if [ -d "$HOME/.ipfs" ]; then 19 | echo "Found ~/.ipfs" 20 | read -p "Keep your IPFS data (Y/n)? " -n 1 -r 21 | echo "" 22 | if [[ $REPLY =~ ^[Nn]$ ]]; then 23 | echo -e "\e[1;31mRemoving ~/.ipfs\e[0m" 24 | sudo rm -rf ~/.ipfs 25 | else 26 | echo -e "\e[1;32mKeeping ~/.ipfs\e[0m" 27 | fi 28 | fi 29 | 30 | # Remove HTTP to IPFS gateway 31 | sudo rm -f /etc/nginx/sites-enabled/ipfs-http-gateway 32 | sudo rm -f /etc/nginx/sites-available/ipfs-http-gateway 33 | sudo systemctl restart nginx.service 34 | -------------------------------------------------------------------------------- /scripts/shared/nodeinfo/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | LAST_BASE="$BASE_DIR" 6 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 7 | 8 | MESH_NAME=$(confget -f /etc/mesh.conf -s general "mesh-name") 9 | 10 | sudo apt-get install -y jq 11 | 12 | sudo mkdir -p /opt/tomesh/nodeinfo.d 13 | 14 | sudo cp "$BASE_DIR/nodeinfo.json" /opt/tomesh/nodeinfo.json 15 | sudo cp "$BASE_DIR/nodeinfo-update.sh" /usr/local/bin/nodeinfo-update.sh 16 | 17 | sudo sed -i -e "s/__REPO__/$(git remote get-url origin | awk -F / '{print $5}'| cut -d '.' -f1)/g" /opt/tomesh/nodeinfo.json 18 | sudo sed -i -e "s/__BRANCH__/$(git rev-parse --abbrev-ref HEAD)/g" /opt/tomesh/nodeinfo.json 19 | sudo sed -i -e "s/__COMMIT__/$(git rev-parse HEAD)/g" /opt/tomesh/nodeinfo.json 20 | sudo sed -i -e "s/__INSTALLED__/$(date)/g" /opt/tomesh/nodeinfo.json 21 | sudo sed -i -e "s/__ORG__/$MESH_NAME/g" /opt/tomesh/nodeinfo.json 22 | 23 | ##TODO## Fix rc.local issue 24 | sudo sed -i 's#^exit 0#/usr/local/bin/nodeinfo-update.sh\nexit 0#' /etc/rc.local || true 25 | 26 | BASE_DIR="$LAST_BASE" 27 | -------------------------------------------------------------------------------- /contrib/mesh-cleanlinks/mesh-cleanlinks.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #script to remove poor quality links 3 | #usage: mesh-cleanlinks.sh 4 | #requires gawk (apt-get install gawk) 5 | 6 | limit="-65" 7 | 8 | sudo iw dev $1 set mesh_param mesh_rssi_threshold $limit 9 | 10 | cat << 'EOF' > /tmp/mesh.awk 11 | $1 == "Station" { 12 | MAC = $2 13 | } 14 | $1 == "signal" { 15 | wifi[MAC]["signal"] = $3 16 | } 17 | $1 == "mesh" && $2 == "plink:" { 18 | wifi[MAC]["status"] = $3 19 | } 20 | END { 21 | for (w in wifi) { 22 | printf "%s %s %s \n",w,wifi[w]["signal"],wifi[w]["status"] 23 | } 24 | } 25 | EOF 26 | 27 | v=$(iw $1 station dump | awk -f /tmp/mesh.awk) 28 | rm -f /tmp/mesh.awk 29 | 30 | printf '%s\n' "$v" | while IFS= read -r line 31 | do 32 | if [[ "$(echo $line | awk '{print $2'})" -lt "$limit" ]]; then 33 | if [[ "$(echo $line | awk '{print $3'})" == 'ESTAB' ]]; then 34 | mac="$(echo $line | awk '{print $1'})" 35 | sudo iw dev $1 station del $mac 36 | echo Deleting $mac (Signal to low) 37 | fi 38 | fi 39 | done 40 | -------------------------------------------------------------------------------- /scripts/uninstall: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 6 | 7 | # Uninstall optional modules 8 | source "$BASE_DIR/cjdns/uninstall" 9 | source "$BASE_DIR/cjdns-iptunnel/uninstall" 10 | source "$BASE_DIR/ssb/uninstall" 11 | source "$BASE_DIR/mesh-point/uninstall" 12 | source "$BASE_DIR/mesh-adhoc/uninstall" 13 | source "$BASE_DIR/hostapd/uninstall" 14 | source "$BASE_DIR/firewall/uninstall" 15 | source "$BASE_DIR/ipfs/uninstall" 16 | source "$BASE_DIR/prometheus-node-exporter/uninstall" 17 | source "$BASE_DIR/prometheus-server/uninstall" 18 | source "$BASE_DIR/grafana/uninstall" 19 | source "$BASE_DIR/extra-tools/uninstall" 20 | source "$BASE_DIR/watchdog/uninstall" 21 | source "$BASE_DIR/yrd/uninstall" 22 | source "$BASE_DIR/shared/nodeinfo/uninstall" 23 | source "$BASE_DIR/nginx/uninstall" 24 | source "$BASE_DIR/yggdrasil/uninstall" 25 | source "$BASE_DIR/yggdrasil-iptunnel/uninstall" 26 | 27 | sudo systemctl daemon-reload 28 | 29 | sudo sed -i 's/service dnsmasq restart//' /etc/rc.local 30 | 31 | # Uninstall status script 32 | sudo rm -f /usr/local/bin/status 33 | 34 | # Remove .bash_profile 35 | rm -f ~/.bash_profile 36 | -------------------------------------------------------------------------------- /scripts/shared/node.js/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | NODEJS_PREFIX=10 6 | NODEJS_VERSION="$NODEJS_PREFIX.15.3" 7 | 8 | # Check whether it has the newest version - 32-bit OSes need an older one 9 | if [[ ("$(node --version)" != "v$NODEJS_VERSION") || ("$(uname -m)" =~ ^(i386|i586|i686)$ && "$(node --version)" != "v8.11.0") ]]; then 10 | # Check for armv6 and install NodeJS manually instead since it will not install via repo 11 | if uname -m | grep -Eq ^armv6; then 12 | wget -O /tmp/node-v$NODEJS_VERSION-linux-armv6l.tar.gz https://nodejs.org/dist/v$NODEJS_VERSION/node-v$NODEJS_VERSION-linux-armv6l.tar.gz 13 | sudo tar xfz /tmp/node-v$NODEJS_VERSION-linux-armv6l.tar.gz --strip 1 -C / 14 | rm -rf /tmp/node-v$NODEJS_VERSION-linux-armv6l.tar.gz 15 | sudo ln -s /bin/node /bin/nodejs 16 | # Check if it's 32-bit and install the previous NodeJS LTS since 10 doesn't support this arch 17 | elif [[ "$(uname -m)" =~ ^(i386|i586|i686)$ ]]; then 18 | wget -O /tmp/node-v8.16.0-linux-x86.tar.gz https://nodejs.org/dist/v8.11.0/node-v8.11.0-linux-x86.tar.gz 19 | sudo tar xfz /tmp/node-v8.11.0-linux-x86.tar.gz --strip 1 -C / 20 | rm -rf /tmp/node-v8.11.0-linux-x86.tar.gz 21 | sudo ln -s /bin/node /bin/nodejs 22 | else 23 | curl -sL https://deb.nodesource.com/setup_$NODEJS_PREFIX.x | sudo -E bash - 24 | sudo apt-get install -y nodejs 25 | fi 26 | fi 27 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: required 2 | 3 | services: 4 | - docker 5 | 6 | install: true 7 | 8 | before_script: 9 | - sudo apt-get --yes --no-install-recommends install binfmt-support qemu-user-static 10 | - echo ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm-static:' | sudo tee -a /proc/sys/fs/binfmt_misc/register 11 | 12 | env: 13 | - DISTRO=jessie 14 | - DISTRO=latest 15 | 16 | script: 17 | # Run shellcheck on branch 18 | - export BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH; else echo $TRAVIS_PULL_REQUEST_BRANCH; fi) 19 | - echo "TRAVIS_BRANCH=$TRAVIS_BRANCH, PR=$PR, BRANCH=$BRANCH" 20 | - git clone https://github.com/tomeshnet/prototype-cjdns-pi.git 21 | - cd prototype-cjdns-pi/scripts 22 | - git checkout ${BRANCH} 23 | - bash -c 'shopt -s globstar; shellcheck -x install install2 */install **/*.sh' 24 | - cd ../.. 25 | 26 | # Build docker for ARM tests 27 | - cp /usr/bin/qemu-arm-static travis/${DISTRO}/ 28 | - docker build -t tomeshnet/prototype-cjdns-pi:${DISTRO} travis/${DISTRO}/ 29 | 30 | # Validate install script download and make executable 31 | # - docker run tomeshnet/prototype-cjdns-pi:${DISTRO} /bin/sh -c "wget https://raw.githubusercontent.com/tomeshnet/prototype-cjdns-pi/master/scripts/install; chmod +x install; ./install" 32 | 33 | # TODO Test installation 34 | -------------------------------------------------------------------------------- /scripts/shared/hostname/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | MESH_NAME=$(confget -f /etc/mesh.conf -s general "mesh-name") 4 | 5 | if [ -f '/etc/cjdroute.conf' ]; then 6 | # Define new hostname 7 | if [ -z "${NEWHOSTNAME}" ]; then 8 | NEWHOSTNAME=$(sudo grep -m 1 '"ipv6"' /etc/cjdroute.conf | awk '{ print $2 }' | sed 's/[",]//g' | sed "s/.*:/$MESH_NAME-/g") 9 | fi 10 | fi 11 | 12 | # Define hostname based off Yggdrasil if CJDNS isn't installed 13 | if ! [ -z "$(ifconfig | grep ygg0:)" ]; then 14 | # Define new hostname 15 | if [ -z "${NEWHOSTNAME}" ]; then 16 | NEWHOSTNAME=$(sudo ifconfig ygg0 | grep -E 'inet6 2[0-9a-fA-F]{2}:' | awk '{print $2}' | sed 's/[",]//g' | sed "s/.*:/$MESH_NAME-Y/g") 17 | fi 18 | fi 19 | 20 | # Set node name 21 | if ! [ -z "${NEWHOSTNAME}" ]; then 22 | # Rename node based on new hostname 23 | oldhostname=$(hostname) 24 | sudo echo "$NEWHOSTNAME" | sudo tee /etc/hostname > /dev/null 25 | sudo sed -i -e "s/$oldhostname/$NEWHOSTNAME/" /etc/hosts 26 | sudo hostname "$NEWHOSTNAME" 27 | 28 | if [ -f '/etc/yggdrasil.conf' ] && [ -z "$(grep NodeInfo\: /etc/yggdrasil.conf)" ]; then 29 | sudo sed -i "/NodeInfo: {}/d" /etc/yggdrasil.conf 30 | sudo sed -i "\$i\ \ NodeInfo:\n {\n name: ${NEWHOSTNAME}\n }\n" /etc/yggdrasil.conf 31 | fi 32 | 33 | sudo sed -i -e "s/$oldhostname/$NEWHOSTNAME/" /etc/hostapd/hostapd.conf || true 34 | sudo sed -i -e "s/$oldhostname/$NEWHOSTNAME/" /opt/tomesh/nodeinfo.json || true 35 | sudo sed -i -e "s/$oldhostname/$NEWHOSTNAME/" /etc/yggdrasil.conf || true 36 | 37 | fi 38 | -------------------------------------------------------------------------------- /scripts/nginx/peers-cjdns: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | use warnings; 3 | use strict; 4 | # 5 | # Copyright (C) 2018 Hamish Coleman 6 | # 7 | # The simplest tool was the raw rpc tool 8 | # 9 | 10 | # The default options - should be set from commandline or rc file eventually 11 | my $option = { 12 | addr => "127.0.0.1", 13 | port => "11234", 14 | password => "NONE", 15 | trace => 1, 16 | }; 17 | 18 | BEGIN { 19 | use File::Spec; 20 | # allow the libs to be in the bin dir 21 | unshift @INC, File::Spec->catdir((File::Spec->splitpath($0))[1],'lib'); 22 | print "Content-type: text/html\n\n"; 23 | } 24 | 25 | use mini::Data; 26 | use mini::Digest::SHA; 27 | use Bencode_bork; 28 | use Cjdns::RPC; 29 | 30 | sub main() { 31 | my $rpc = Cjdns::RPC->new( 32 | $option->{addr}, 33 | $option->{port}, 34 | $option->{password}, 35 | ) or die "cannot start rpc"; 36 | # $rpc->trace($option->{trace}); 37 | 38 | # print(mini::Data::Dumper($rpc->ping())); 39 | mini::Data::Dumper($rpc->cookie()); 40 | mini::Data::Dumper($rpc->ping_auth()); 41 | 42 | #print(mini::Data::Dumper($rpc->Admin_availableFunctions())); 43 | 44 | my $packet; 45 | # $packet = $rpc->_build_query_auth('ETHInterface_listDevices'); 46 | # print(mini::Data::Dumper($rpc->_sync_call($packet))); 47 | 48 | $packet = $rpc->_build_query_unauth('InterfaceController_peerStats'); 49 | print(mini::Data::Dumper($rpc->_sync_call($packet))); 50 | } 51 | unless (caller) { 52 | # only run main if we are called as a CLI tool 53 | main(); 54 | } 55 | -------------------------------------------------------------------------------- /scripts/prometheus-server/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | PROMETHEUS_VERSION="2.13.0" 6 | 7 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 8 | 9 | ARCH="$(uname -m)" 10 | case "$ARCH" in 11 | x86_64) 12 | ARCH="amd64" 13 | ;; 14 | i386 | i586 | i686 ) 15 | ARCH="386" 16 | ;; armv7l) 17 | ARCH="armv7"; 18 | ;; 19 | armv6l) 20 | ARCH="armv6"; 21 | ;; 22 | aarch64) 23 | ARCH="arm64"; 24 | ;; 25 | *) 26 | echo "Unknown Arch" 27 | exit 1 28 | ;; 29 | esac 30 | 31 | 32 | mkdir "$BASE_DIR/tmp" 33 | wget "https://github.com/prometheus/prometheus/releases/download/v${PROMETHEUS_VERSION}/prometheus-${PROMETHEUS_VERSION}.linux-${ARCH}.tar.gz" -O "$BASE_DIR/tmp/prometheus.tar.gz" 34 | tar xvfz "$BASE_DIR/tmp/prometheus.tar.gz" -C "$BASE_DIR/tmp" --strip 1 35 | mv "$BASE_DIR/tmp/prometheus.yml" "$BASE_DIR/tmp/prometheus.yml.orig" 36 | 37 | if [ "$(command -v cjdroute)" ]; then 38 | CJDNS_IPV6=$(sudo grep -m 1 '"ipv6"' /etc/cjdroute.conf | awk '{ print $2 }' | sed 's/[",]//g') 39 | sed "s|localhost:9090|[${CJDNS_IPV6}]:9100|" "$BASE_DIR/tmp/prometheus.yml.orig" > "$BASE_DIR/tmp/prometheus.yml" 40 | else 41 | sed "s|localhost:9090|localhost:9100|" "$BASE_DIR/tmp/prometheus.yml.orig" > "$BASE_DIR/tmp/prometheus.yml" 42 | fi 43 | 44 | sudo cp -r "$BASE_DIR/tmp" /opt/prometheus 45 | rm -rf "$BASE_DIR/tmp" 46 | 47 | # Configure systemd to start prometheus-server.service on system boot 48 | sudo cp "$BASE_DIR/prometheus-server.service" /etc/systemd/system/prometheus-server.service 49 | sudo systemctl daemon-reload 50 | sudo systemctl enable prometheus-server.service 51 | sudo systemctl start prometheus-server.service 52 | -------------------------------------------------------------------------------- /scripts/hostapd/wpa-eap/certs/client.cnf: -------------------------------------------------------------------------------- 1 | [ ca ] 2 | default_ca = CA_default 3 | 4 | [ CA_default ] 5 | dir = ./ 6 | certs = $dir 7 | crl_dir = $dir/crl 8 | database = $dir/index.txt 9 | new_certs_dir = $dir 10 | certificate = $dir/server.pem 11 | serial = $dir/serial 12 | crl = $dir/crl.pem 13 | private_key = $dir/server.key 14 | RANDFILE = $dir/.rand 15 | name_opt = ca_default 16 | cert_opt = ca_default 17 | default_days = 365 18 | default_crl_days = 30 19 | default_md = sha256 20 | preserve = no 21 | policy = policy_match 22 | 23 | [ policy_match ] 24 | countryName = match 25 | stateOrProvinceName = match 26 | organizationName = match 27 | organizationalUnitName = optional 28 | commonName = supplied 29 | emailAddress = optional 30 | 31 | [ policy_anything ] 32 | countryName = optional 33 | stateOrProvinceName = optional 34 | localityName = optional 35 | organizationName = optional 36 | organizationalUnitName = optional 37 | commonName = supplied 38 | emailAddress = optional 39 | 40 | [ req ] 41 | prompt = no 42 | distinguished_name = client 43 | default_bits = 2048 44 | input_password = whatever 45 | output_password = whatever 46 | 47 | [client] 48 | countryName = CA 49 | stateOrProvinceName = Radius 50 | localityName = Somewhere 51 | organizationName = Example Inc. 52 | emailAddress = user@example.com 53 | commonName = user@example.com 54 | -------------------------------------------------------------------------------- /scripts/hostapd/wpa-eap/certs/server.cnf: -------------------------------------------------------------------------------- 1 | [ ca ] 2 | default_ca = CA_default 3 | 4 | [ CA_default ] 5 | dir = ./ 6 | certs = $dir 7 | crl_dir = $dir/crl 8 | database = $dir/index.txt 9 | new_certs_dir = $dir 10 | certificate = $dir/server.pem 11 | serial = $dir/serial 12 | crl = $dir/crl.pem 13 | private_key = $dir/server.key 14 | RANDFILE = $dir/.rand 15 | name_opt = ca_default 16 | cert_opt = ca_default 17 | default_days = 365 18 | default_crl_days = 30 19 | default_md = sha256 20 | preserve = no 21 | policy = policy_match 22 | 23 | [ policy_match ] 24 | countryName = match 25 | stateOrProvinceName = match 26 | organizationName = match 27 | organizationalUnitName = optional 28 | commonName = supplied 29 | emailAddress = optional 30 | 31 | [ policy_anything ] 32 | countryName = optional 33 | stateOrProvinceName = optional 34 | localityName = optional 35 | organizationName = optional 36 | organizationalUnitName = optional 37 | commonName = supplied 38 | emailAddress = optional 39 | 40 | [ req ] 41 | prompt = no 42 | distinguished_name = server 43 | default_bits = 2048 44 | input_password = whatever 45 | output_password = whatever 46 | 47 | [server] 48 | countryName = CA 49 | stateOrProvinceName = Radius 50 | localityName = Somewhere 51 | organizationName = Example Inc. 52 | emailAddress = admin@example.com 53 | commonName = "Example Server Certificate" 54 | 55 | -------------------------------------------------------------------------------- /scripts/mesh-adhoc/mesh-adhoc: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | mesh_name=$(confget -f /etc/mesh.conf -s general "mesh-name") 6 | frequency=$(confget -f /etc/mesh.conf -s general "frequency") 7 | if [ -z "$frequency" ]; then 8 | frequency=2412 9 | fi 10 | # Select physical device that supports IBSS Ad-hoc 11 | mesh_dev=$(confget -f /etc/mesh.conf -s general "ibss-dev") 12 | if [ -z "$mesh_dev" ]; then 13 | mesh_dev="$(iw dev | grep Interface | grep -v wlan-ap | head -n 1 | awk '{print $2}')" 14 | fi 15 | 16 | # Set wireless regulatory domain 17 | sudo iw reg set CA 18 | 19 | # Is it safe to stop wpa_supplicant. Is AP running 20 | if [ ! -d /sys/class/net/wlan-ap ]; then 21 | # Kill wpa_supplicant with sometimes conflicts with IBSS Ad-Hoc 22 | sudo killall wpa_supplicant || true 23 | fi 24 | 25 | # Shut down the mesh_dev interface 26 | sudo ifconfig $mesh_dev down 27 | 28 | # Convert mesh_dev to IBSS Ad-hoc interface 29 | sudo iw $mesh_dev set type ibss 30 | 31 | # Bring up the mesh_dev interface 32 | sudo ifconfig $mesh_dev up 33 | 34 | # Optionally assign IPv4 address to the mesh_dev interface 35 | # sudo ifconfig $mesh_dev 192.168.X.Y 36 | 37 | # Join the mesh network 38 | # To join radio in HT40+ htmode (enable 802.11n rates) add HT40+ to end of this line 39 | sudo iw dev $mesh_dev ibss join $mesh_name $frequency 40 | 41 | # Make a local-link ip out of yggdrasil ip if $mesh_dev does not have a local-link ip 42 | if [ ! -z "$(which yggdrasilctl)" ]; then 43 | if [ -z "$(ip addr show dev $mesh_dev | grep inet6\ fe)" ]; then 44 | ip="$(sudo yggdrasilctl getSelf | grep "IPv6 address" | awk '{print $3}' | cut -d ":" -f5-8)" 45 | ip address add dev $mesh_dev scope link fe80::${ip}/64 46 | fi 47 | fi 48 | 49 | # Restart cjdns 50 | sudo killall cjdroute 51 | -------------------------------------------------------------------------------- /scripts/ssb/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091 3 | 4 | set -e 5 | 6 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 7 | 8 | # Install dependencies 9 | sudo apt-get install -y socat python-dev libtool python-setuptools autoconf automake 10 | 11 | # Install node.js shared module 12 | # shellcheck source=../shared/node.js/install 13 | source "$BASE_DIR/../shared/node.js/install" 14 | 15 | # Install sbot-server 16 | # sudo sudo is a hack to allow post-install scripts that drop one level of sudo and still be sudoed 17 | # otherwise you get permissions errors when it tries to write to root owned folders 18 | # -g installs system wide --unsafe-perm required to do so 19 | sudo sudo npm install ssb-server -g --unsafe-perm 20 | 21 | # Store current user as sudo will change it 22 | currentUser=$USER 23 | 24 | # Copy SYSTEMD service to correct location 25 | sudo cp "$BASE_DIR/ssb.service" /tmp/ssb.service 26 | # Copy repplace __USER__ place holder to current user 27 | sudo sed -i "s|__USER__|${currentUser}|g" /tmp/ssb.service 28 | sudo mv /tmp/ssb.service /etc/systemd/system/ssb.service 29 | 30 | # Reload, Enable and start SSB Service 31 | sudo systemctl daemon-reload 32 | sudo systemctl enable ssb.service 33 | sudo systemctl start ssb.service 34 | 35 | # Install broadcast service to workaround issue with sbot not broadcasting correctly when there are multiple interfaces 36 | sudo cp "$BASE_DIR/ssb-broadcast-service.sh" "/usr/local/bin/ssb-broadcast-service.sh" 37 | sudo cp "$BASE_DIR/ssb-broadcast.service" /etc/systemd/system/ssb-broadcast.service 38 | sudo sed -i "s|__USER__|${currentUser}|g" /etc/systemd/system/ssb-broadcast.service 39 | 40 | # Start new broadcast server 41 | sudo systemctl daemon-reload 42 | sudo systemctl enable ssb-broadcast.service 43 | -------------------------------------------------------------------------------- /scripts/nginx/common.js: -------------------------------------------------------------------------------- 1 | // CJDNS pubkey to IPv6 2 | // BASE32 code form CJDNS library 3 | var numForAscii = [ 4 | 99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99, 5 | 99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99, 6 | 99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99, 7 | 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,99,99,99,99,99,99, 8 | 99,99,10,11,12,99,13,14,15,99,16,17,18,19,20,99, 9 | 21,22,23,24,25,26,27,28,29,30,31,99,99,99,99,99, 10 | 99,99,10,11,12,99,13,14,15,99,16,17,18,19,20,99, 11 | 21,22,23,24,25,26,27,28,29,30,31,99,99,99,99,99, 12 | ]; 13 | 14 | // see util/Base32.h 15 | var Base32_decode = function (input) { 16 | var output = []; 17 | 18 | var outputIndex = 0; 19 | var inputIndex = 0; 20 | var nextByte = 0; 21 | var bits = 0; 22 | 23 | while (inputIndex < input.length) { 24 | var o = input.charCodeAt(inputIndex); 25 | if (o & 0x80) { throw new Error(); } 26 | var b = numForAscii[o]; 27 | inputIndex++; 28 | if (b > 31) { throw new Error("bad character " + input[inputIndex] + " in " + input); } 29 | 30 | nextByte |= (b << bits); 31 | bits += 5; 32 | 33 | if (bits >= 8) { 34 | output[outputIndex] = nextByte & 0xff; 35 | outputIndex++; 36 | bits -= 8; 37 | nextByte >>= 8; 38 | } 39 | } 40 | 41 | if (bits >= 5 || nextByte) { 42 | throw new Error("bits is " + bits + " and nextByte is " + nextByte); 43 | } 44 | return output; 45 | }; 46 | 47 | // Convert Public Key to IPv6 48 | // TODO add : 49 | var publicKeyCache = []; 50 | function public2IPv6(PubKey) { 51 | if (!publicKeyCache[PubKey]) { 52 | var IPv6=Base32_decode(PubKey); 53 | IPv6=sha512(sha512.array(IPv6)); 54 | IPv6=IPv6.substr(0,32); 55 | publicKeyCache[PubKey]=IPv6; 56 | } 57 | return publicKeyCache[PubKey]; 58 | } -------------------------------------------------------------------------------- /scripts/prometheus-node-exporter/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | NODE_EXPORTER_VERSION=0.18.1 6 | 7 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 8 | 9 | ARCH="$(uname -m)" 10 | case "$ARCH" in 11 | x86_64) 12 | ARCH="amd64" 13 | ;; 14 | i386 | i586 | i686 ) 15 | ARCH="386" 16 | ;; 17 | armv7l) 18 | ARCH="armv7"; 19 | ;; 20 | armv6l) 21 | ARCH="armv6"; 22 | ;; 23 | aarch64) 24 | ARCH="arm64"; 25 | ;; 26 | *) 27 | echo "Unknown Arch" 28 | exit 1 29 | ;; 30 | esac 31 | 32 | if [[ ! -f "/usr/local/bin/node_exporter" ]]; then 33 | mkdir "$BASE_DIR/tmp" || true 34 | wget "https://github.com/prometheus/node_exporter/releases/download/v${NODE_EXPORTER_VERSION}/node_exporter-${NODE_EXPORTER_VERSION}.linux-${ARCH}.tar.gz" -O "$BASE_DIR/tmp/node_exporter.tar.gz" 35 | tar xvfz "$BASE_DIR/tmp/node_exporter.tar.gz" -C "$BASE_DIR/tmp" --strip 1 36 | sudo cp "$BASE_DIR/tmp/node_exporter" /usr/local/bin/node_exporter 37 | sudo chown root:staff /usr/local/bin/node_exporter 38 | rm -rf "$BASE_DIR/tmp" 39 | fi 40 | 41 | sudo mkdir /var/lib/node_exporter/ || true 42 | sudo mkdir /opt/tomesh/ || true 43 | sudo cp "$BASE_DIR/nodestats-tomesh.py" "/opt/tomesh/nodestats-tomesh.py" 44 | 45 | # Configure systemd to start prometheus-node-exporter.service on system boot 46 | sudo cp "$BASE_DIR/prometheus-node-exporter.service" /etc/systemd/system/prometheus-node-exporter.service 47 | sudo cp "$BASE_DIR/node-exporter-tomesh.service" /etc/systemd/system/node-exporter-tomesh.service 48 | 49 | # Some distros need additional files 50 | sudo apt-get install -y python2 libpython2-stdlib || true 51 | 52 | sudo systemctl daemon-reload 53 | sudo systemctl enable prometheus-node-exporter.service 54 | sudo systemctl start prometheus-node-exporter.service 55 | sudo systemctl enable node-exporter-tomesh.service 56 | sudo systemctl start node-exporter-tomesh.service 57 | -------------------------------------------------------------------------------- /scripts/hostapd/wpa-patch.diff: -------------------------------------------------------------------------------- 1 | +++ /a/lib/dhcpcd/dhcpcd-hooks/10-wpa_supplicant 2019-07-19 21:31:41.130053542 +0100 2 | +++ /b/lib/dhcpcd/dhcpcd-hooks/10-wpa_supplicant 2019-07-19 21:58:03.470829257 +0100 3 | @@ -20,6 +20,9 @@ 4 | 5 | wpa_supplicant_ctrldir() 6 | { 7 | + if ([ -f /etc/wpa_devices ] && ! grep -q "$interface" /etc/wpa_devices); then 8 | + exit 0 9 | + fi 10 | dir=$(key_get_value "[[:space:]]*ctrl_interface=" \ 11 | "$wpa_supplicant_conf") 12 | dir=$(trim "$dir") 13 | @@ -35,6 +38,9 @@ 14 | 15 | wpa_supplicant_start() 16 | { 17 | + if ([ -f /etc/wpa_devices ] && ! grep -q "$interface" /etc/wpa_devices); then 18 | + exit 0 19 | + fi 20 | # If the carrier is up, don't bother checking anything 21 | [ "$ifcarrier" = "up" ] && return 0 22 | 23 | @@ -69,6 +75,9 @@ 24 | 25 | wpa_supplicant_reconfigure() 26 | { 27 | + if ([ -f /etc/wpa_devices ] && ! grep -q "$interface" /etc/wpa_devices); then 28 | + exit 0 29 | + fi 30 | dir=$(wpa_supplicant_ctrldir) 31 | [ -z "$dir" ] && return 1 32 | if ! wpa_cli -p "$dir" -i "$interface" status >/dev/null 2>&1; then 33 | @@ -87,6 +96,9 @@ 34 | 35 | wpa_supplicant_stop() 36 | { 37 | + if ([ -f /etc/wpa_devices ] && ! grep -q "$interface" /etc/wpa_devices); then 38 | + exit 0 39 | + fi 40 | dir=$(wpa_supplicant_ctrldir) 41 | [ -z "$dir" ] && return 1 42 | wpa_cli -p "$dir" -i "$interface" status >/dev/null 2>&1 || return 0 43 | @@ -102,7 +114,8 @@ 44 | 45 | if [ "$ifwireless" = "1" ] && \ 46 | type wpa_supplicant >/dev/null 2>&1 && \ 47 | - type wpa_cli >/dev/null 2>&1 48 | + type wpa_cli >/dev/null 2>&1 && \ 49 | + ([ -f /etc/wpa_devices ] && grep -q "$interface" /etc/wpa_devices); then 50 | then 51 | case "$reason" in 52 | PREINIT) wpa_supplicant_start;; 53 | -------------------------------------------------------------------------------- /scripts/hostapd/wpa-eap/certs/ca.cnf: -------------------------------------------------------------------------------- 1 | [ ca ] 2 | default_ca = CA_default 3 | 4 | [ CA_default ] 5 | dir = ./ 6 | certs = $dir 7 | crl_dir = $dir/crl 8 | database = $dir/index.txt 9 | new_certs_dir = $dir 10 | certificate = $dir/ca.pem 11 | serial = $dir/serial 12 | crl = $dir/crl.pem 13 | private_key = $dir/ca.key 14 | RANDFILE = $dir/.rand 15 | name_opt = ca_default 16 | cert_opt = ca_default 17 | default_days = 365 18 | default_crl_days = 30 19 | default_md = sha256 20 | preserve = no 21 | policy = policy_match 22 | 23 | [ policy_match ] 24 | countryName = match 25 | stateOrProvinceName = match 26 | organizationName = match 27 | organizationalUnitName = optional 28 | commonName = supplied 29 | emailAddress = optional 30 | 31 | [ policy_anything ] 32 | countryName = optional 33 | stateOrProvinceName = optional 34 | localityName = optional 35 | organizationName = optional 36 | organizationalUnitName = optional 37 | commonName = supplied 38 | emailAddress = optional 39 | 40 | [ req ] 41 | prompt = no 42 | distinguished_name = certificate_authority 43 | default_bits = 2048 44 | input_password = whatever 45 | output_password = whatever 46 | x509_extensions = v3_ca 47 | 48 | [certificate_authority] 49 | countryName = CA 50 | stateOrProvinceName = Radius 51 | localityName = Somewhere 52 | organizationName = Example Inc. 53 | emailAddress = admin@example.com 54 | commonName = "Example Certificate Authority" 55 | 56 | [v3_ca] 57 | subjectKeyIdentifier = hash 58 | authorityKeyIdentifier = keyid:always,issuer:always 59 | basicConstraints = CA:true 60 | -------------------------------------------------------------------------------- /scripts/nginx/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | if [ ! -x "$(command -v nginx)" ] || [ ! -d "/etc/nginx/site-path-enabled" ]; then 6 | LAST_BASE="$BASE_DIR" 7 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 8 | 9 | sudo apt-get install nginx fcgiwrap -y 10 | 11 | sudo cp -f "$BASE_DIR/main.conf" /etc/nginx/sites-available/main.conf 12 | sudo ln -s /etc/nginx/sites-available/main.conf /etc/nginx/sites-enabled/main.conf || true 13 | sudo rm /etc/nginx/sites-enabled/default || true 14 | sudo mkdir /etc/nginx/site-path-enabled || true 15 | 16 | # Install welcome page 17 | sudo cp "$BASE_DIR/index.html" "/var/www/html/index.html" 18 | sudo sed -i "s/__NODENAME__/$NEWHOSTNAME/" "/var/www/html/index.html" 19 | sudo cp "$BASE_DIR/sha512.js" "/var/www/html/sha512.js" 20 | sudo cp "$BASE_DIR/vis.min.js" "/var/www/html/vis.min.js" 21 | sudo cp "$BASE_DIR/vis-network.min.css" "/var/www/html/vis-network.min.css" 22 | sudo cp "$BASE_DIR/map.js" "/var/www/html/map.js" 23 | sudo cp "$BASE_DIR/common.css" "/var/www/html/common.css" 24 | sudo cp "$BASE_DIR/common.js" "/var/www/html/common.js" 25 | 26 | sudo cp "$BASE_DIR/cgi-bin.conf" "/etc/nginx/site-path-enabled/cgi-bin.conf" 27 | 28 | # CJDNS peers 29 | mkdir "$BASE_DIR/tmp" 30 | 31 | git clone https://github.com/hamishcoleman/cjdns_tool.git "$BASE_DIR/tmp/cjdns_tool" 32 | sudo mkdir -p "/var/www/html/cgi-bin/lib/" || true 33 | sudo cp -r "$BASE_DIR/tmp/cjdns_tool/lib" "/var/www/html/cgi-bin/" 34 | rm -rf "$BASE_DIR/tmp" 35 | sudo cp "$BASE_DIR/peers-cjdns" "/var/www/html/cgi-bin/peers-cjdns" 36 | 37 | # Yggdrasil peers 38 | sudo cp "$BASE_DIR/peers-yggdrasil" "/var/www/html/cgi-bin/peers-yggdrasil" 39 | 40 | sudo chmod +x "/var/www/html/cgi-bin/peers-cjdns" 41 | sudo chmod +x "/var/www/html/cgi-bin/peers-yggdrasil" 42 | sudo chown -R www-data.www-data /var/www/html 43 | 44 | BASE_DIR="$LAST_BASE" 45 | 46 | fi 47 | -------------------------------------------------------------------------------- /scripts/ssb/ssb-broadcast-service.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC2162 3 | true 4 | 5 | while true; do 6 | if [ -n "$id" ]; then 7 | for int in $(find /sys/class/net/* -maxdepth 1 -print0 | xargs -0 -l basename); do 8 | ip=$(ip addr show "${int}" | grep -v inet6 | grep -v '127.0.0.1' |grep inet | head -n 1 | awk '{print $2}' | awk -F "/" '{print $1}') 9 | if [ -n "$ip" ]; then 10 | echo -n "net:$ip:8008~shs:$id" | sudo socat -T 1 - "UDP4-DATAGRAM:255.255.255.255:8008,broadcast,so-bindtodevice=${int}" & 11 | fi 12 | done 13 | 14 | # Manual cjdns peer unicast 15 | if [ "$(command -v cjdroute)" ]; then 16 | mycjdnsip=$(grep -m 1 '"ipv6"' /etc/cjdroute.conf | awk '{ print $2 }' | sed 's/[",]//g') 17 | # shellcheck disable=SC2102,SC2046 18 | read -a peers <<< $(sudo nodejs /opt/cjdns/tools/peerStats 2>/dev/null | awk '{ if ($3 == "ESTABLISHED") print $2 }' | awk -F. '{print $6".k"}' | xargs) 19 | for peer in "${peers[@]}"; do 20 | ip=$(sudo /opt/cjdns/publictoip6 "$peer") 21 | # shellcheck disable=SC2102 22 | echo -n "net:$mycjdnsip:8008~shs:$id" | sudo socat -T 1 - UDP6-DATAGRAM:[$ip]:8008 23 | done 24 | fi 25 | 26 | # Add yggdrasil direct peers 27 | if [ "$(command -v yggdrasil)" ]; then 28 | myyggip=$(yggdrasilctl getself | grep address | awk '{print $3}') 29 | read -a peers <<< "$(sudo yggdrasilctl getPeers | grep -v "(self)" | awk '{print $1}' | grep -v bytes_recvd | xargs)" 30 | for peer in "${peers[@]}"; do 31 | # shellcheck disable=SC2102 32 | echo -n "net:$myyggip:8008~shs:$id" | sudo socat -T 1 - UDP6-DATAGRAM:[$peer]:8008 33 | done 34 | fi 35 | else 36 | id=$(sbot whoami | grep id | awk -F "\"" '{print $4}' | sed 's/.ed25519//' | sed 's/@//') 37 | fi 38 | sleep 5 39 | done 40 | -------------------------------------------------------------------------------- /scripts/yggdrasil/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | YGGDRASIL_VERSION=0.3.12 6 | YGGDRASIL_HOST=2375-115685026 7 | 8 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 9 | 10 | ARCH="$(uname -m)" 11 | case "$ARCH" in 12 | x86_64) 13 | ARCH_VERSION="amd64" 14 | ;; 15 | i386 | i586 | i686 ) 16 | ARCH_VERSION="i386" 17 | ;; 18 | armv7l) 19 | ARCH_VERSION="armhf" 20 | ;; 21 | armv6l) 22 | ARCH_VERSION="armhf" 23 | ;; 24 | aarch64) 25 | ARCH_VERSION="arm64" 26 | ;; 27 | *) 28 | echo "Unknown Arch" 29 | exit 1 30 | ;; 31 | esac 32 | 33 | # Download and install yggdrasil routing engine 34 | 35 | if [[ ! -f "/usr/bin/yggdrasil" ]]; then 36 | mkdir "$BASE_DIR/tmp" 37 | wget "https://${YGGDRASIL_HOST}-gh.circle-artifacts.com/0/yggdrasil-${YGGDRASIL_VERSION}-${ARCH_VERSION}.deb" -O "$BASE_DIR/tmp/yggdrasil.deb" 38 | sudo dpkg -i "$BASE_DIR/tmp/yggdrasil.deb" 39 | rm -rf "$BASE_DIR/tmp" 40 | fi 41 | 42 | # Yggdrasil 0.3.12 service fix 43 | sudo sed -i "s/CapabilityBoundingSet=CAP_NET_ADMIN/CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW/" /etc/systemd/system/yggdrasil.service 44 | sudo systemctl daemon-reload 45 | 46 | # Change configuration to have yggdrasil's tun interface called ygg0 47 | sudo sed -i "s/IfName: auto/IfName: ygg0/" /etc/yggdrasil.conf 48 | 49 | # Change port to 12345 for firewall 50 | sudo sed -i "s/Listen: \[\]/Listen\: [\"tcp:\/\/\[::\]:12345\"\]/" /etc/yggdrasil.conf 51 | 52 | sudo systemctl enable yggdrasil.service 53 | sudo systemctl start yggdrasil.service 54 | 55 | # Don't count Yggdrasil IPs as Internet IP addresses 56 | if [ -f "/etc/gai.conf" ]; then 57 | sudo sed -i '/label 200::/d' /etc/gai.conf 58 | sudo sed -i '/label 300::/d' /etc/gai.conf 59 | echo "label 200::/7 6" | sudo tee --append /etc/gai.conf 60 | echo "label 300::/7 6" | sudo tee --append /etc/gai.conf 61 | fi 62 | 63 | 64 | # Allow nginx access to yggdrasil socket when installed 65 | sudo usermod -a -G yggdrasil www-data || true 66 | -------------------------------------------------------------------------------- /scripts/ipfs-pi-stream/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 6 | 7 | # Enable camera on the Raspberry Pi 8 | sudo "$BASE_DIR/enable-camera.sh" 9 | 10 | # Install ffmpeg and supporting tools 11 | 12 | sudo apt-get install -y ffmpeg lsof inotify-tools nginx 13 | 14 | # Copy placeholder for audio-only streams 15 | cp "$BASE_DIR/audio.jpg" "$HOME/audio.jpg" 16 | 17 | # Add user to be able to modify nginx directories 18 | sudo usermod -a -G "$USER" www-data 19 | sudo chmod g+rw /var/www/html 20 | 21 | # TODO: why is this needed? 22 | sudo chmod a+rw /var/www/html 23 | 24 | sudo cp -f "$BASE_DIR/process-stream.sh" /usr/bin/process-stream.sh 25 | sudo cp -f "$BASE_DIR/process-stream.service" /etc/systemd/system/process-stream.service 26 | sudo systemctl daemon-reload 27 | sudo systemctl enable process-stream 28 | 29 | # Add hourly job to clear out old data 30 | echo "41 * * * * $USER /usr/local/bin/ipfs repo gc" | sudo tee --append /etc/crontab 31 | 32 | # Install the ipfs video player 33 | mkdir "$BASE_DIR/tmp" 34 | current_dir="$(pwd)" 35 | 36 | git clone https://github.com/tomeshnet/ipfs-live-streaming.git "$BASE_DIR/tmp/ipfs-live-streaming" 37 | cd "$BASE_DIR/tmp/ipfs-live-streaming" 38 | git checkout b9be352582317e5336ddd7183ecf49042dafb33e 39 | cd "$current_dir" 40 | 41 | VIDEO_PLAYER_PATH="$BASE_DIR/tmp/ipfs-live-streaming/terraform/shared/video-player" 42 | sed -i s#__IPFS_GATEWAY_SELF__#/ipfs/# "$VIDEO_PLAYER_PATH/js/common.js" 43 | sed -i s#__IPFS_GATEWAY_ORIGIN__#https://ipfs.io/ipfs/# "$VIDEO_PLAYER_PATH/js/common.js" 44 | IPFS_ID=$(ipfs id | grep ID | head -n 1 | awk -F\" '{print $4}') 45 | sed -i "s#live.m3u8#/ipns/$IPFS_ID#" "$VIDEO_PLAYER_PATH/js/common.js" 46 | sed -i s#__M3U8_HTTP_URLS__#\ # "$VIDEO_PLAYER_PATH/js/common.js" 47 | cp -r "$VIDEO_PLAYER_PATH" /var/www/html/video-player 48 | rm -rf "$BASE_DIR/tmp" 49 | 50 | # Add entry into nginx home screen 51 | APP="

IPFS Pi Stream Player

IPFS Video player for Pi Stream.
M3U8 Stream located over ipns
Go and play with built in video player
" 52 | sudo sed -i "s#<\!--APPLIST-->#$APP\n<\!--APPLIST-->#" "/var/www/html/index.html" 53 | -------------------------------------------------------------------------------- /scripts/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | if [[ -z "$(command -v sudo)" ]]; then 5 | apt-get install -y sudo || ( 6 | echo Sudo is not installed and cannot be installed. 7 | echo Please run 8 | echo " apt-get install sudo " 9 | echo " /usr/sbin/usermod -aG sudo $USER" 10 | echo as root. 11 | echo You may need to log in again for changes to take effect. 12 | exit 1 13 | ) 14 | fi 15 | 16 | # Use provided repository or default to tomeshnet/prototype-cjdns-pi 17 | if [ -z "$GIT_PROTOTYPE_CJDNS_PI" ]; then 18 | GIT_PROTOTYPE_CJDNS_PI="https://github.com/tomeshnet/prototype-cjdns-pi.git" 19 | fi 20 | 21 | # Use provided tag or default to master 22 | if [ -z "$TAG_PROTOTYPE_CJDNS_PI" ]; then 23 | TAG_PROTOTYPE_CJDNS_PI=master 24 | fi 25 | 26 | if ps xa | awk '{print $5}' | grep -q dpkg; then 27 | echo -e "\e[1;31mDPKG is running in the background.\e[0m" 28 | read -p "Would you like to KILL it to continue (Y/n)? " -n 1 -r 29 | echo "" 30 | if [[ $REPLY =~ ^[Nn]$ ]]; then 31 | echo -e "\e[1;31mPlease stop DPKG Before Proceeding!\e[0m" 32 | exit 33 | else 34 | echo -e "\e[1;32mKilling DPKG and continuing\e[0m" 35 | sudo killall dpkg 36 | fi 37 | fi 38 | 39 | # Get git 40 | # True required to avoid odd armbian bug. Update does work but reports missing file. 41 | sudo apt-get update -y || true 42 | if ! [ "$(command -v git)" ]; then 43 | sudo apt-get install git -y 44 | fi 45 | 46 | # Download prototype-cjdns-pi repo 47 | if ! [ -d "prototype-cjdns-pi" ]; then 48 | git clone $GIT_PROTOTYPE_CJDNS_PI 49 | fi 50 | cd prototype-cjdns-pi/scripts 51 | git checkout $TAG_PROTOTYPE_CJDNS_PI 52 | 53 | # Export environment variables 54 | export WITH_YGGDRASIL 55 | export WITH_YGGDRASIL_IPTUNNEL 56 | export WITH_MESH_POINT 57 | export WITH_AD_HOC 58 | export WITH_WIFI_AP 59 | export WITH_FIREWALL 60 | export WITH_CJDNS_IPTUNNEL 61 | export WITH_IPFS 62 | export WITH_PROMETHEUS_NODE_EXPORTER 63 | export WITH_PROMETHEUS_SERVER 64 | export WITH_GRAFANA 65 | export WITH_EXTRA_TOOLS 66 | export WITH_EXTRA_NETCAT 67 | export WITH_WATCHDOG 68 | export WITH_YRD 69 | export WITH_SSB 70 | export WITH_SSB_PATCHFOO 71 | export WITH_SSB_WEB_PI 72 | export WITH_IPFS_PI_STREAM 73 | 74 | export UNATTENDED 75 | # Run the actual installation script 76 | ./install2 77 | -------------------------------------------------------------------------------- /scripts/firewall/rules.v6: -------------------------------------------------------------------------------- 1 | *filter 2 | :INPUT ACCEPT [0:0] 3 | :FORWARD ACCEPT [0:0] 4 | :OUTPUT ACCEPT [0:0] 5 | :CJDNS - [0:0] 6 | :YGGDRASIL - [0:0] 7 | :YGGCLIENT - [0:0] 8 | 9 | # Add your own raw INPUT rules below - they will apply to everything 10 | # Do not block everything here, that is handled below 11 | 12 | ####################### 13 | # DO NOT EDIT - Raw INPUT rules 14 | ####################### 15 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 16 | -A INPUT -p ipv6-icmp -j ACCEPT 17 | -A INPUT -i lo -j ACCEPT 18 | # INPUT rules needed for Yggdrasil peering 19 | -A INPUT -j ACCEPT -p tcp --dport 12345 20 | -A INPUT -j ACCEPT -p udp --dport 9001 -d ff02::114 21 | # INPUT rules needed for SSB peering 22 | -A INPUT -j ACCEPT -p tcp --dport 8008 23 | -A INPUT -j ACCEPT -p udp --dport 8008 24 | # Redirect to named tables 25 | -A INPUT -i tun0 -d fc00::/8 -j CJDNS 26 | -A INPUT -i ygg0 -d 200::/8 -j YGGDRASIL 27 | -A INPUT -j REJECT --reject-with icmp6-port-unreachable 28 | # Allow clients to have outbound requests and receive their response 29 | -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 30 | -A FORWARD -p ipv6-icmp -j ACCEPT 31 | -A FORWARD -o tun0 -j ACCEPT 32 | -A FORWARD -o ygg0 -j ACCEPT 33 | # Redirect to YGGCLIENT table 34 | -A FORWARD -i ygg0 -d 300::/8 -j YGGCLIENT 35 | -A FORWARD -j REJECT --reject-with icmp6-port-unreachable 36 | ####################### 37 | 38 | # CJDNS rules 39 | -A CJDNS -j ACCEPT -p tcp --dport 22 40 | -A CJDNS -j ACCEPT -p tcp --dport 80 41 | -A CJDNS -j ACCEPT -p tcp --dport 443 42 | -A CJDNS -j ACCEPT -p tcp --dport 3000 43 | -A CJDNS -j ACCEPT -p tcp --dport 5201 44 | -A CJDNS -j ACCEPT -p tcp --dport 4001 45 | -A CJDNS -j ACCEPT -p tcp --dport 9090 46 | -A CJDNS -j ACCEPT -p tcp --dport 9100 47 | 48 | # Yggdrasil rules 49 | -A YGGDRASIL -j ACCEPT -p tcp --dport 22 50 | -A YGGDRASIL -j ACCEPT -p tcp --dport 80 51 | -A YGGDRASIL -j ACCEPT -p tcp --dport 443 52 | -A YGGDRASIL -j ACCEPT -p tcp --dport 3000 53 | -A YGGDRASIL -j ACCEPT -p tcp --dport 5201 54 | -A YGGDRASIL -j ACCEPT -p tcp --dport 4001 55 | -A YGGDRASIL -j ACCEPT -p tcp --dport 9090 56 | -A YGGDRASIL -j ACCEPT -p tcp --dport 9100 57 | 58 | # Yggdrasil client (YGGCLIENT) rules go here 59 | -A YGGCLIENT -j ACCEPT -p tcp --dport 8008 60 | -A YGGCLIENT -j ACCEPT -p udp --dport 8008 61 | 62 | 63 | # End, put nothing below this 64 | COMMIT 65 | -------------------------------------------------------------------------------- /scripts/grafana/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | GRAFANA_VERSION=6.0.0 6 | 7 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 8 | 9 | # Install Grafana dependencies 10 | sudo apt-get install libfontconfig1 fontconfig-config fonts-dejavu-core ttf-bitstream-vera fonts-liberation sqlite3 -y 11 | 12 | ARCH="$(uname -m)" 13 | case "$ARCH" in 14 | x86_64) 15 | URL="https://dl.grafana.com/oss/release/grafana_${GRAFANA_VERSION}_amd64.deb" 16 | ;; 17 | i386 | i586 | i686 ) 18 | echo "Cannot install grafana on i386" 19 | exit 0 20 | ;; 21 | armv7l) 22 | URL="https://dl.grafana.com/oss/release/grafana_${GRAFANA_VERSION}_armhf.deb"; 23 | ;; 24 | armv6l) 25 | # Use old grafana - no new one available 26 | URL="https://bintray.com/fg2it/deb-rpi-1b/download_file?file_path=main%2Fg%2Fgrafana_5.1.4_armhf.deb" 27 | ;; 28 | aarch64) 29 | URL="https://dl.grafana.com/oss/release/grafana_${GRAFANA_VERSION}_arm64.deb"; 30 | ;; 31 | *) 32 | echo "Unknown Arch" 33 | exit 1 34 | ;; 35 | esac 36 | 37 | mkdir "$BASE_DIR/tmp" || true 38 | wget "${URL}" -O "$BASE_DIR/tmp/go-grafana.tar.gz" 39 | sudo dpkg -i "$BASE_DIR/tmp/go-grafana.tar.gz" 40 | rm -rf "$BASE_DIR/tmp" 41 | 42 | # Configure systemd to start grafana-server.service on system boot 43 | sudo systemctl daemon-reload 44 | sudo systemctl enable grafana-server.service 45 | sudo systemctl start grafana-server.service 46 | 47 | # Wait for server to start 48 | sleep 30 49 | 50 | # Add data source and dashboard 51 | 52 | # Check if port grafana is being listend in on if so configure if not notify and continue 53 | if netstat --tcp -n -l | grep -q :3000; then 54 | curl --user admin:admin -X POST -H 'Content-Type: application/json' --data-binary "@$BASE_DIR/datasource.json" http://localhost:3000/api/datasources 55 | curl --user admin:admin -X POST -H 'Content-Type: application/json' --data-binary "@$BASE_DIR/dashboard.json" http://localhost:3000/api/dashboards/db 56 | else 57 | echo -e "\e[1;31mGrafana is taking longer than normal to start\e[0m" 58 | echo -e "\e[1;31mSkipping configuration and continuing install\e[0m" 59 | fi 60 | 61 | # Add entry into nginx home screen 62 | APP="

Grafana

The open platform for beautiful analytics and monitoring.
Go explore Grafana.
" 63 | sudo sed -i "s|<\!--APPLIST-->|$APP\n<\!--APPLIST-->|" "/var/www/html/index.html" 64 | -------------------------------------------------------------------------------- /scripts/ipfs/ipfs-swarm.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This script connects to local mesh peers, 4 | # and it sets up connection filters based on what networks this node can access. 5 | # It runs continually, to change IPFS settings as the environment around the node changes. 6 | 7 | 8 | # Wait for IPFS to initalize 9 | attempts=10 10 | until [[ $(curl http://localhost:5001/api/v0/id -s 2>/dev/null) || ${attempts} -eq 0 ]]; do 11 | sleep 3 12 | attempts=$((attempts-1)) 13 | done 14 | 15 | if [[ ${attempts} -eq 0 ]]; then 16 | echo "Error: Failed to connect to local IPFS daemon. Is it running?" 17 | exit 1 18 | fi 19 | 20 | function addPeer { 21 | addr=$1 22 | # See if they have IPFS enabled 23 | res=$(curl http://["${addr}"]/nodeinfo.json -s) 24 | if [ ! -x "${res}" ]; then 25 | id=$(echo "${res}" | jq -r -M '.services.ipfs.ID') 26 | # Value is found 27 | if [[ ! ${id} == "null" ]] && [[ ! "${id}" == "" ]]; then 28 | # Connect to neighbouring IPFS nodes 29 | # Check for QUIC connections first 30 | if [ "$(echo "${res}" | jq -r -M '.services.IPFS.quic_enabled')" == 'true' ]; then 31 | # ID is not needed for QUIC connections 32 | echo "Connecting to ${addr} with QUIC" 33 | ipfs swarm connect "/ip6/${addr}/udp/4001/quic" 34 | else 35 | echo "Connecting to ${addr} over TCP" 36 | ipfs swarm connect "/ip6/${addr}/tcp/4001/ipfs/${id}" 37 | fi 38 | fi 39 | fi 40 | } 41 | 42 | # Add cjdns direct peers 43 | while read -r cjdns_peer; do 44 | cjdns_addr=$(sudo /opt/cjdns/publictoip6 "$cjdns_peer") 45 | addPeer "${cjdns_addr}" 46 | 47 | # Add all that node's peers to the bottom of the list to check further hop peers 48 | # XXX: The below command hasn't been working -- so for now only 1-hop peers are checked 49 | #peers+=$(cjdnstool query getpeers $peer | sed -e '1d;$d' |awk -F. '{ print $6".k" }') 50 | 51 | done <<< "$(sudo nodejs /opt/cjdns/tools/peerStats 2>/dev/null | awk '{ if ($3 == "ESTABLISHED") print $2 }' | awk -F. '{ print $6".k" }' | xargs)" 52 | 53 | # Add yggdrasil direct peers 54 | if [ "$(command -v yggdrasil)" ]; then 55 | while read -r ygg_peer; do 56 | addPeer "${ygg_peer}" 57 | done <<< "$(sudo yggdrasilctl getPeers | grep -v "(self)" | awk '{print $1}' | grep -v bytes_recvd | xargs)" 58 | fi 59 | 60 | # Update peers data since ipfs just started 61 | sudo /usr/local/bin/nodeinfo-update.sh 62 | -------------------------------------------------------------------------------- /scripts/cjdns-iptunnel/cjdns-setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # The service should have started by now and tun interface should be up 4 | # We wait a few seconds just in case 5 | # If you experiance issues try rasiing this to 8 6 | sleep 3 7 | 8 | SUBNET4="10.1.0." 9 | SUBNET6="fe80::" 10 | 11 | # Enable forwarding for ipv4 and ipv6 12 | echo 1 > /proc/sys/net/ipv4/ip_forward 13 | echo 1 > /proc/sys/net/ipv6/conf/all/forwarding 14 | 15 | # Configure as cjdns iptunnel server if server file is present (this is simply a newline-separated list 16 | # of cjdns public keys in /etc/cjdns.iptunnel.server, each key indicating an allowed iptunnel client) 17 | if [ -e /etc/cjdns.iptunnel.server ]; then 18 | 19 | # Add subnet and route for cjdns tun0 interface 20 | ip add add "${SUBNET4}1/24" dev tun0 || true 21 | route add -net "${SUBNET4}0/24" tun0 || true 22 | ip addr add "${SUBNET6}1/64" dev tun0 || true 23 | 24 | # Define local IP range for assigning to iptunnel clients (10.1.0.2 to 10.1.0.254) 25 | CLIENT=2 26 | LAST=254 27 | 28 | # Add each client to cjdns iptunnel allowed connections 29 | while read -r PUBLIC_KEY; do 30 | if [[ "${PUBLIC_KEY}" =~ ^[0-z]{52}\.k && ${CLIENT} -le ${LAST} ]]; then 31 | ASSIGNED_IP4="${SUBNET4}${CLIENT}" 32 | ASSIGNED_IP6="${SUBNET6}${CLIENT}" 33 | /opt/cjdns/tools/cexec "IpTunnel_allowConnection('${PUBLIC_KEY}',0,null,'${ASSIGNED_IP6}',0,null,'${ASSIGNED_IP4}')" 34 | ((CLIENT++)) 35 | fi 36 | done < /etc/cjdns.iptunnel.server 37 | 38 | # If no NAT (masquarading) being done, start doing it 39 | if [ -z "$(sudo iptables -L POSTROUTING -v -n -t nat | grep MASQUERADE)" ]; then 40 | sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 41 | fi 42 | 43 | # Configure as cjdns iptunnel client if client file is present (this is simply a newline-separated list 44 | # of cjdns public keys in /etc/cjdns.iptunnel.client, each key indicating an iptunnel exit server) 45 | elif [ -e /etc/cjdns.iptunnel.client ]; then 46 | 47 | # Add each server to cjdns iptunnel connect-to's 48 | while read -r PUBLIC_KEY; do 49 | if [[ "${PUBLIC_KEY}" =~ ^[0-z]{52}\.k ]]; then 50 | /opt/cjdns/tools/cexec "IpTunnel_connectTo('${PUBLIC_KEY}')" 51 | fi 52 | done < /etc/cjdns.iptunnel.client 53 | 54 | # Remove NAT from eth0 if it exists 55 | iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE || true 56 | 57 | # Route NAT traffic through to cjdns tun0 interface to use iptunnel exit server 58 | iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE 59 | 60 | # Add default ipv6 router over tun0 61 | ip -6 route add default dev tun0 62 | fi 63 | -------------------------------------------------------------------------------- /scripts/ssb-patchfoo/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091 3 | true 4 | VERSION="TO-V0.5" 5 | 6 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 7 | 8 | CURRENT_DIR="$(pwd)" 9 | 10 | # Install node.js shared module 11 | # shellcheck source=../shared/node.js/install 12 | source "$BASE_DIR/../shared/node.js/install" 13 | 14 | # Make folder if service did not 15 | mkdir -p ~/.ssb/node_modules || true 16 | 17 | # shellcheck disable=SC2164 18 | cd ~/.ssb/node_modules 19 | 20 | # Install dependencies 21 | npm install --unsafe-perm asyncmemo hashlru pull-stream pull-cat multicb hyperscript pull-paramap ssb-contact ssb-sort stream-to-pull-stream emoji-server pull-paginate ssb-mentions busboy mime-types pull-identify-filetype human-time pull-hyperscript jpeg-autorotate pull-catch diff pull-split pull-utf8-decoder ssb-web-resolver highlight.js pull-box-stream base64-url ssb-backlinks ssb-private 22 | 23 | # Install patchfoo and enable plugin 24 | git clone https://github.com/tomeshnet/patchfoo.git patchfoo 25 | 26 | ( 27 | # shellcheck disable=SC2164 28 | cd patchfoo 29 | git checkout ${VERSION} 30 | ) 31 | 32 | # Replace ssb-server plugins.install with a static config file 33 | # This will prevent the installation of these modules a second time 34 | # and compiling downlevel for a 3rd time 35 | cp "$BASE_DIR/config" ~/.ssb 36 | #ssb-server plugins.install ssb-private 37 | #ssb-server plugins.install ssb-backlinks 38 | #ssb-server plugins.enable patchfoo 39 | 40 | # Stop ssb service to process plugin 41 | sudo systemctl stop ssb 42 | 43 | # Disable the git-ssb and npm-ssb prerequisite 44 | # Comment out two lines in patchwork that create a prerequisite for git-ssb and npm-ssb 45 | # but don't seem to serve any purpose. git-ssb and and npm-ssbis not available on npm 46 | sed -i 's#var Git#//var Git#' patchfoo/lib/app.js patchfoo/lib/app.js 47 | sed -i 's#this.git = new Git(this.sbot, this.config)#//this.git = new Git(this.sbot, this.config)#' patchfoo/lib/app.js 48 | sed -i 's#var SsbNpmRegistry#//var SsbNpmRegistry#' patchfoo/lib/app.js patchfoo/lib/app.js 49 | sed -i 's#this.serveSsbNpmRegistry = SsbNpmRegistry.respond(this.sbot, this.config)#//this.serveSsbNpmRegistry = SsbNpmRegistry.respond(this.sbot, this.config)#' patchfoo/lib/app.js 50 | 51 | # Comment out line that breaks things 52 | sed -i "s#h('input', {type: 'file', name: 'upload'})#//h('input', {type: 'file', name: 'upload'})#" patchfoo/lib/serve.js 53 | 54 | # Start service again to start patchfoo 55 | sudo systemctl start ssb 56 | 57 | # Install nginx reverse proxy file 58 | sudo cp "$BASE_DIR/ssb-patchfoo.conf" /etc/nginx/site-path-enabled/ssb-patchfoo.conf 59 | 60 | # Add entry into nginx home screen 61 | APP="

Patch Foo

Plain SSB web UI.
Go
" 62 | sudo sed -i "s#<\!--APPLIST-->#$APP\n<\!--APPLIST-->#" "/var/www/html/index.html" 63 | 64 | # shellcheck disable=SC2164 65 | cd "$CURRENT_DIR" 66 | -------------------------------------------------------------------------------- /scripts/hostapd/wpa-eap/certs/bootstrap: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # This is a wrapper script to create default certificates when the 4 | # server first starts in debugging mode. Once the certificates have been 5 | # created, this file should be deleted. 6 | # 7 | # Ideally, this program should be run as part of the installation of any 8 | # binary package. The installation should also ensure that the permissions 9 | # and owners are correct for the files generated by this script. 10 | # 11 | # $Id$ 12 | # 13 | umask 027 14 | cd `dirname $0` 15 | 16 | make -h > /dev/null 2>&1 17 | 18 | # 19 | # If we have a working "make", then use it. Otherwise, run the commands 20 | # manually. 21 | # 22 | if [ "$?" = "0" ]; then 23 | make all 24 | exit $? 25 | fi 26 | 27 | # 28 | # The following commands were created by running "make -n", and edited 29 | # to remove the trailing backslash, and to add "exit 1" after the commands. 30 | # 31 | # Don't edit the following text. Instead, edit the Makefile, and 32 | # re-generate these commands. 33 | # 34 | if [ ! -f dh ]; then 35 | openssl dhparam -out dh 1024 || exit 1 36 | if [ -e /dev/urandom ] ; then 37 | dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; 38 | else 39 | date > ./random; 40 | fi 41 | fi 42 | 43 | if [ ! -f server.key ]; then 44 | openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1 45 | fi 46 | 47 | if [ ! -f ca.key ]; then 48 | openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1 49 | fi 50 | 51 | if [ ! -f index.txt ]; then 52 | touch index.txt 53 | fi 54 | 55 | if [ ! -f serial ]; then 56 | echo '01' > serial 57 | fi 58 | 59 | if [ ! -f server.crt ]; then 60 | openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf || exit 1 61 | fi 62 | 63 | if [ ! -f server.p12 ]; then 64 | openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1 65 | fi 66 | 67 | if [ ! -f server.pem ]; then 68 | openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1 69 | openssl verify -CAfile ca.pem server.pem || exit 1 70 | fi 71 | 72 | if [ ! -f ca.der ]; then 73 | openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der || exit 1 74 | fi 75 | 76 | if [ ! -f client.key ]; then 77 | openssl req -new -out client.csr -keyout client.key -config ./client.cnf 78 | fi 79 | 80 | if [ ! -f client.crt ]; then 81 | openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf 82 | fi 83 | -------------------------------------------------------------------------------- /contrib/set-mesh-repo/set-repo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | codename=$(lsb_release -cs) 3 | distro=$(lsb_release -is) 4 | mirror=$1 5 | 6 | # cd to script directory 7 | cd $(dirname "$0") 8 | 9 | # check if script is running as root 10 | if [ "$EUID" -ne 0 ] 11 | then 12 | echo "Please run this script as root" 13 | exit 1 14 | fi 15 | 16 | # set mirror values 17 | if [ "$1" == "cjdns" ] 18 | then 19 | prefix="h" 20 | elif [ "$1" == "yggdrasil" ] 21 | then 22 | prefix="y" 23 | elif [ "$1" == "default" ] 24 | then 25 | # restore default sources 26 | # Raspbian 27 | if [ "$distro" == "Raspbian" ] 28 | then 29 | echo "Changing to Raspbian $1 repo." 30 | cp raspbian-default-sources.list /etc/apt/sources.list 31 | cp raspbian-default-raspi.list /etc/apt/sources.list.d/raspi.list 32 | sed -i "s/__CODENAME__/$codename/g" /etc/apt/sources.list 33 | sed -i "s/__CODENAME__/$codename/g" /etc/apt/sources.list.d/raspi.list 34 | echo "Done. Restored to default." 35 | # exit script with no error 36 | exit 0 37 | # Debian / Armbian 38 | elif [ "$distro" == "Debian" ] 39 | then 40 | echo "Changing to Raspbian $1 repo." 41 | # check if there is /etc/apt/sources.list.d/armbian.list if so replace it 42 | if [ -f /etc/apt/sources.list.d/armbian.list ] 43 | then 44 | cp armbian-default-armbian.list /etc/apt/sources.list.d/armbian.list 45 | sed -i "s/__CODENAME__/$codename/g" /etc/apt/sources.list.d/armbian.list 46 | fi 47 | cp debian-default-sources.list /etc/apt/sources.list 48 | sed -i "s/__CODENAME__/$codename/g" /etc/apt/sources.list 49 | 50 | echo "Done. Restored to default." 51 | # exit script with no error 52 | exit 0 53 | else 54 | echo "Your distro: $distro is not supported." 55 | fi 56 | 57 | else 58 | echo "Usage: $0 { cjdns | default | yggdrasil }" 59 | exit 1 60 | fi 61 | 62 | # detect distro and apply changes to sources 63 | if [ "$distro" == "Raspbian" ] 64 | then 65 | echo "Changing to Raspbian $1 repo." 66 | cp raspbian-sources.list /etc/apt/sources.list 67 | cp raspbian-raspi.list /etc/apt/sources.list.d/raspi.list 68 | 69 | sed -i "s/__CODENAME__/$codename/g" /etc/apt/sources.list 70 | sed -i "s/__CODENAME__/$codename/g" /etc/apt/sources.list.d/raspi.list 71 | sed -i "s/__PREFIX__/$prefix/g" /etc/apt/sources.list 72 | sed -i "s/__PREFIX__/$prefix/g" /etc/apt/sources.list.d/raspi.list 73 | echo "Done. To restore to default repo run script with option default." 74 | 75 | elif [ "$distro" == "Debian" ] 76 | then 77 | echo "Changing to Debian $1 repo." 78 | cp debian-sources.list /etc/apt/sources.list 79 | 80 | # check if there is /etc/apt/sources.list.d/armbian.list if so replace it 81 | if [ -f /etc/apt/sources.list.d/armbian.list ] 82 | then 83 | cp armbian-armbian.list /etc/apt/sources.list.d/armbian.list 84 | sed -i "s/__CODENAME__/$codename/g" /etc/apt/sources.list.d/armbian.list 85 | sed -i "s/__PREFIX__/$prefix/g" /etc/apt/sources.list.d/armbian.list 86 | fi 87 | 88 | sed -i "s/__CODENAME__/$codename/g" /etc/apt/sources.list 89 | sed -i "s/__PREFIX__/$prefix/g" /etc/apt/sources.list 90 | echo "Done. To restore to default repo run script with option default." 91 | else 92 | echo "Your distro: $distro is not supported." 93 | fi 94 | -------------------------------------------------------------------------------- /docs/TROUBLESHOOT.md: -------------------------------------------------------------------------------- 1 | # Wireless Meshing 2 | 3 | Below are a few things you should look at when diagnosing connections. These can help identify bad configurations or other errors. 4 | 5 | ## IBSS 6 | - `iw dev` - do all the devices have matching BSSID and Channels 7 | - `iw wlan0 station dump` does it show stations 8 | - If they do then the peering between nodes is working 9 | - If they do not show up, this may just mean the drive does not report properly. For example the onboard Pi driver will not yield any results 10 | - `sudo /usr/bin/mesh-adhoc` - does it return any errors 11 | - If yes run `sudo bash -x /usr/bin/mesh-adhoc` - Thiw will help identify where the error occurs 12 | - If you set an IP address on wlan0 on both sides, can it ping in the clear 13 | - On Pi-1 run `ifconfig wlan0 10.10.10.1/24` 14 | - On Pi-2 run `ifconfig wlan0 10.10.10.2/24` 15 | - On Pi-1 run `ping 10.10.10.1` 16 | - On Pi-2 run `ping 10.10.10.2` 17 | - Does it say `request timeout` or does the ping succeed? 18 | 19 | ## Mesh Point 20 | - `iw dev` - do all the devices have matching BSSID and Channels 21 | - `cat /usr/bin/mesh-mesh` - does the JOIN line have the correct mesh name 22 | - `iw wlan0 station dump` - does it show the stations 23 | - `sudo /usr/bin/mesh-point` - does it return any errors 24 | - If es run `sudo bash -x /usr/bin/mesh-point` - - This will help identify where the error occurs 25 | - If you set an IP address on wlan0 on both sides, can it ping in the clear 26 | - On Pi-1 run `ifconfig wlan0 10.10.10.1/24` 27 | - On Pi-2 run `ifconfig wlan0 10.10.10.2/24` 28 | - On Pi-1 run `ping 10.10.10.1` 29 | - On Pi-2 run `ping 10.10.10.2` 30 | - Does it say `request timeout` or does the ping succeed? 31 | 32 | # IPTunnel - Internet Exit Over Yggdrasil/CJDNS 33 | - Can client node ping CJDNS/Yggdsaill address of exit node 34 | - Can the exit node access the internet 35 | - Can the client node ping an IP address (not DNS) 36 | - IE: `ping 1.1.1.1` 37 | 38 | ## IPTUNNEL - cjdns 39 | - Is IPTunnel installed (`/usr/local/sbin/cjdns-setup` exists) 40 | - Is the cjdns.iptunnel.server/client filename correct and on the correct device 41 | - Are the keys correct (ends in a k) 42 | - Does `tun0` have an IPv4 IP address on server 43 | - Does `tun0` have an IPv4 address on client 44 | - Can you ping the IPv4 addresses across the tunnel 45 | - Does the MASQUERADE line in `iptables -L -v -n -t nat` exist 46 | - Does MASQUERADE line in `iptables -L -v -n -t nat` show the right out interface 47 | 48 | ## IPTUNNEL - yggdrasil 49 | - Is IPTunnel installed (`/usr/local/sbin/yggdrasil-setup` exists) 50 | - Is the yggdrasil.iptunnel.server/client filename correct and on the correct device 51 | - Are the keys correct (64 character alpha numeric) 52 | - Does `ygg0` have IPv4 address on client 53 | - Can you ping the IPv4 addresses from the server 54 | - Does MASQUERADE line in `iptables -L -v -n -t nat` exist 55 | - Does masquerade line in `iptables -L -v -n -t nat` show the right out interface 56 | - check if routes have been added to yggdrasil 57 | - `sudo yggdrasilctl getsourcesubnets` - should be all your routes 58 | - `sudo yggdrasilctl getroutes` - should be 0.0.0.0 and ::/0 59 | -------------------------------------------------------------------------------- /scripts/ssb-web-pi/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091 3 | true 4 | 5 | set -e 6 | 7 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 8 | 9 | # Install php 10 | sudo apt-get install -y php-fpm socat 11 | 12 | # Install node.js shared module 13 | # shellcheck source=../shared/node.js/install 14 | source "$BASE_DIR/../shared/node.js/install" 15 | 16 | # Install required parts of ssb from npm 17 | # sudo sudo is a hack to allow post-install scripts that drop one level of sudo and still be sudoed 18 | # otherwise you get permissions errors when it tries to write to root owned folders 19 | sudo sudo npm install -g --unsafe-perm \ 20 | ssb-keys \ 21 | ssb-client \ 22 | ssb-feed \ 23 | pull-stream 24 | 25 | # Define location of SSB installation 26 | ssbPath="$HOME/.ssb" 27 | 28 | # Install broadcast service for users of sbot 29 | currentUser=$USER 30 | sudo cp "$BASE_DIR/ssb-web-pi-broadcast-service.sh" "/usr/local/bin/ssb-web-pi-broadcast-service.sh" 31 | sudo chmod a+x "/usr/local/bin/ssb-web-pi-broadcast-service.sh" 32 | sudo cp "$BASE_DIR/ssb-web-pi-broadcast.service" /etc/systemd/system/ssb-web-pi-broadcast.service 33 | sudo sed -i "s|__USER__|${currentUser}|g" /etc/systemd/system/ssb-web-pi-broadcast.service 34 | 35 | sudo systemctl daemon-reload 36 | sudo systemctl enable ssb-web-pi-broadcast.service 37 | sudo systemctl start ssb-web-pi-broadcast.service 38 | 39 | # Set permissions to let nginx access it 40 | # TODO find a better solution, maybe add user to nginx group? 41 | chmod a+rwX "$ssbPath" 42 | chmod -R a+rwX "$ssbPath" 43 | 44 | # Link .ssb to nginx's home directory becuse that is where sbot looks for it 45 | if [ -e "/var/www/.ssb" ]; then 46 | sudo rm -rf /var/www/.ssb 47 | fi 48 | sudo ln -s "$ssbPath" /var/www/ 49 | 50 | # Create nginx site at /sbot 51 | sudo cp "$BASE_DIR/ssb-web-pi.conf" "/etc/nginx/site-path-enabled/ssb-web-pi.conf" 52 | 53 | # Pull and install client 54 | if [ -e "$BASE_DIR/tmp" ]; then 55 | sudo rm -rf "$BASE_DIR/tmp" 56 | fi 57 | mkdir "$BASE_DIR/tmp" 58 | git clone https://github.com/darkdrgn2k/ssb-web-pi.git "$BASE_DIR/tmp/ssb-web-pi" 59 | sudo mkdir /var/www/sbot 60 | sudo cp -r "$BASE_DIR/tmp/ssb-web-pi/html/." "/var/www/sbot/" 61 | 62 | sudo mkdir /var/www/backend 63 | sudo cp -r "$BASE_DIR/tmp/ssb-web-pi/backend/." "/var/www/backend" 64 | 65 | sudo mkdir /var/www/backend/keys 66 | 67 | # Some reason if the modules are not local it doesn't work 68 | sudo ln -s /usr/lib/node_modules /var/www/backend 69 | sudo ln -s /usr/bin/sbot /usr/local/bin/sbot 70 | 71 | # Set permissions 72 | sudo chmod a+rwX /var/www/backend 73 | sudo chmod -R a+rwX /var/www/backend 74 | sudo chown www-data.www-data /var/www/sbot 75 | sudo chown -R www-data.www-data /var/www/sbot 76 | 77 | # Add entry into nginx home screen 78 | APP="

SSB Web Pi

Very experimental interface for SSB.
Go
" 79 | sudo sed -i "s#<\!--APPLIST-->#$APP\n<\!--APPLIST-->#" "/var/www/html/index.html" 80 | 81 | # if php7.3 is installed update config 82 | if [ -n "$(command -v php-fpm7.3)" ]; then 83 | sudo sed -i "s/php7.0/php7.3/" /etc/nginx/site-path-enabled/ssb-web-pi.conf 84 | fi 85 | -------------------------------------------------------------------------------- /scripts/mesh-point/mesh-point: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | function isMeshable { 4 | interface=`iw dev | grep phy#$1 -A 1 | grep Interface | awk '{print $2}'` 5 | 6 | if [ "$interface" == "wlan-ap" ]; then 7 | return='' 8 | exit 0 9 | fi 10 | 11 | # Check to see if driver reports missing mesh point support 12 | if [ -z "$(iw phy phy$1 info | grep 'mesh point')" ]; then 13 | result='' # Indicate interface is not meshable 14 | # XRADIO driver reports Mesh Point but does not actually work 15 | elif [ "$(basename $(readlink /sys/class/net/$interface/device/driver))" == 'xradio_wlan' ]; then 16 | result='' # Indicate interface is actually not meshable 17 | else 18 | result='1' # Indicate interface supports mesh point 19 | fi 20 | 21 | echo $result 22 | } 23 | 24 | set -e 25 | 26 | mesh_name=$(confget -f /etc/mesh.conf -s general "mesh-name") 27 | frequency=$(confget -f /etc/mesh.conf -s general "frequency") 28 | if [ -z "$frequency" ]; then 29 | frequency=2412 30 | fi 31 | 32 | # Set wireless regulatory domain 33 | sudo iw reg set CA 34 | 35 | # Kill wpa_supplicant if running while no AP active 36 | # Mesh point interface sometimes will not enter RUNNING status if it is running 37 | if [ ! -d /sys/class/net/wlan-ap ]; then 38 | # Kill wpa_supplicant will sometimes conflicts with Mesh Point 39 | sudo killall wpa_supplicant || true 40 | fi 41 | 42 | # Find first 802.11s Mesh Point capable device 43 | for wlanfile in /sys/class/net/*; do 44 | int="$(basename "$wlanfile")" 45 | if [ -d "/sys/class/net/$int/wireless" ]; then 46 | phy=$(iw dev "$int" info | grep wiphy | awk '{print $2}') 47 | if [ ! -z "$phy" ]; then 48 | if ! [ -z $(isMeshable "$phy") ]; then 49 | mesh_dev="$int" 50 | fi 51 | fi 52 | fi 53 | done 54 | 55 | # If no device found exit with error 56 | if [ -z "$mesh_dev" ]; then 57 | exit 1 58 | fi 59 | 60 | # Shut down the mesh_dev interface 61 | sudo ifconfig $mesh_dev down 62 | 63 | # Convert mesh_dev to 802.11s Mesh Point interface 64 | sudo iw $mesh_dev set type mp 65 | 66 | # Bring up the mesh_dev interface 67 | sudo ifconfig $mesh_dev up 68 | 69 | # Optionally assign IPv4 address to the mesh_dev interface 70 | # sudo ifconfig $mesh_dev 192.168.X.Y 71 | 72 | # Join the mesh network 73 | # To join radio in HT40+ htmode (enable 802.11n rates) add HT40+ to end of this line 74 | sudo iw dev $mesh_dev mesh join $mesh_name freq $frequency 75 | 76 | # Disable forwarding since we rely on cjdns to do routing and only uses Mesh Point as a point-to-point link 77 | sudo iw dev $mesh_dev set mesh_param mesh_fwding=0 78 | 79 | # Prevent trying to establish connections with nodes under -65 dBm 80 | sudo iw dev $mesh_dev set mesh_param mesh_rssi_threshold -65 81 | 82 | # Make a local-link ip out of yggdrasil ip if $mesh_dev does not have a local-link ip 83 | if [ ! -z "$(which yggdrasilctl)" ]; then 84 | if [ -z "$(ip addr show dev $mesh_dev | grep inet6\ fe)" ]; then 85 | ip="$(sudo yggdrasilctl getSelf | grep "IPv6 address" | awk '{print $3}' | cut -d ":" -f5-8)" 86 | ip address add dev $mesh_dev scope link fe80::${ip}/64 87 | fi 88 | fi 89 | 90 | # Restart cjdns 91 | sudo killall cjdroute 92 | -------------------------------------------------------------------------------- /scripts/nginx/map.js: -------------------------------------------------------------------------------- 1 | function LoadXMLDoc_cjdns() { 2 | var xmlhttp = new XMLHttpRequest(); 3 | xmlhttp.onreadystatechange = function() { 4 | if (this.readyState == 4 && this.status == 200) { 5 | CJDNSMap(this); 6 | } 7 | }; 8 | xmlhttp.open("GET", "/cgi-bin/peers-cjdns", true); 9 | xmlhttp.send(); 10 | } 11 | 12 | function LoadXMLDoc_ygg() { 13 | var xmlhttp = new XMLHttpRequest(); 14 | xmlhttp.onreadystatechange = function() { 15 | if (this.readyState == 4 && this.status == 200) { 16 | YggdrasilMap(this); 17 | } 18 | }; 19 | xmlhttp.open("GET", "/cgi-bin/peers-yggdrasil", true); 20 | xmlhttp.send(); 21 | } 22 | 23 | // Cleanup the json provided by the CJDNS 24 | // Otherwise it will not parse properly 25 | // ToDo - this is really hacking, there should be a better way of doing this 26 | function ToJson(json) { 27 | json=json.replace(new RegExp("}", "g"),"\"null\": \"\"}"); 28 | json=json.replace(new RegExp(" ","g")," "); 29 | json=json.replace(new RegExp(" ","g")," "); 30 | json=json.replace(new RegExp("\n","g")," "); 31 | json=json.replace("}, ]","}]"); 32 | // Parse it 33 | return JSON.parse(json); 34 | } 35 | 36 | function CJDNSMap(ajax) { 37 | var Nodes; 38 | var NodeExist=Array(); 39 | jsonDisplay=ajax.response.replace(new RegExp("'", "g"),"\""); 40 | Nodes=ToJson(jsonDisplay); 41 | for (var a=0; a< Nodes.peers.length; a++) { 42 | var parts=Nodes.peers[a].addr.split("."); 43 | UpdateNode(parts[5],public2IPv6(parts[5]),parts[4], Nodes.peers[a].recvKbps + "kpbs / " + Nodes.peers[a].sendKbps + " kbps","cjdns",NodeExist); 44 | } 45 | DeleteNodes("cjdns",NodeExist); 46 | setTimeout("LoadXMLDoc_cjdns()",1000); 47 | } 48 | 49 | lastrx=[]; 50 | lasttx=[]; 51 | function YggdrasilMap(ajax) { 52 | var Nodes; 53 | var NodeExist=Array(); 54 | str=ajax.response; 55 | Nodes=JSON.parse(str); 56 | for (var i in Nodes.peers) { 57 | var addr=i; 58 | node=Nodes.peers[i]; 59 | if (node.port>0) { //not self 60 | rx=node.bytes_recvd-lastrx[node.port]; 61 | tx=node.bytes_sent-lasttx[node.port]; 62 | lastrx[node.port]=node.bytes_recvd; 63 | lasttx[node.port]=node.bytes_sent; 64 | UpdateNode(addr,addr,node.port,rx + " bps /" + tx + " bps", "yggdrasil",NodeExist); 65 | } 66 | } 67 | DeleteNodes("yggdrasil",NodeExist); 68 | setTimeout("LoadXMLDoc_ygg()",1000); 69 | } 70 | 71 | // Update Map 72 | // vis.js Initialization 73 | var nodeIDs=[]; 74 | var edgeIDs=[]; 75 | var nodesArray=[]; 76 | var edgesArray=[]; 77 | var nodes=[]; 78 | var edges=[]; 79 | var network=[]; 80 | //var nodeIds,edgesIDs, nodesArray, nodes, edgesArray, edges, network; 81 | 82 | function InitMap(name) { 83 | nodeIDs[name]=[]; 84 | edgeIDs[name]=[]; 85 | nodesArray[name]=[{id: 0, label: 'Me'}]; 86 | nodes[name] = new vis.DataSet(nodesArray[name]); 87 | edgesArray[name] = []; 88 | edges[name] = new vis.DataSet(edgesArray[name]); 89 | var container = document.getElementById('network' + name); 90 | var data = { 91 | nodes: nodes[name], 92 | edges: edges[name] 93 | }; 94 | var options = {}; 95 | network[name]= new vis.Network(container, data, options); 96 | } 97 | 98 | InitMap("cjdns"); 99 | InitMap("yggdrasil"); 100 | 101 | function UpdateNode(nodeID,name,edgeID,edgeLabel,map,NodeExist) { 102 | NodeExist[nodeID]=1; 103 | if (!nodeIDs[map][nodeID]) { 104 | name=name.substr(name.length-4,4); 105 | nodeIDs[map][nodeID]=nodes[map].add({id:nodeID, label:name}); 106 | } 107 | if (!edgeIDs[map][edgeID]) { 108 | edgeIDs[map][edgeID] = edges[map].add({id: edgeID, from: nodeID, to: 0}); 109 | console.debug(edgeID + "-" + nodeID); 110 | } 111 | edges[map].update({id: edgeID, label:edgeLabel }); 112 | } 113 | function DeleteNodes(map,NodeExist) { 114 | for (var key in nodeIDs[map]) { 115 | if (NodeExist[key]!=1) { 116 | nodes[map].remove(key); 117 | nodeIDs[map][key]=undefined; 118 | console.log("gatta delete " + key); 119 | } 120 | } 121 | } 122 | -------------------------------------------------------------------------------- /contrib/node-exporter-ubiquiti/nodestats-ubiquiti.py: -------------------------------------------------------------------------------- 1 | import os 2 | import os.path 3 | import time 4 | import shlex 5 | import subprocess 6 | 7 | 8 | path = "/var/lib/node_exporter/ne-ubnt.prom" 9 | if os.path.exists(path): 10 | os.remove(path) 11 | 12 | os.mkfifo(path) 13 | 14 | 15 | nodeIP="192.168.1.20" 16 | 17 | 18 | while 1: 19 | fifo = open(path, "w") 20 | 21 | command_line = "snmpwalk -v 1 -c tomesh " + nodeIP + " 1.3.6.1.4.1.41112" 22 | args = shlex.split(command_line) 23 | interfaces = subprocess.Popen(args,stdout=subprocess.PIPE) 24 | interfaces.wait() 25 | output = interfaces.stdout.read(); 26 | ints = output.split("\n") 27 | for int in ints: 28 | res = int.split("=") 29 | if res[0]=="iso.3.6.1.4.1.41112.1.4.1.1.6.1 ": 30 | res2=res[1].split(":") 31 | fifo.write("ubnt_power " + res2[1].strip() + "\n") 32 | if res[0]=="iso.3.6.1.4.1.41112.1.4.1.1.7.1 ": 33 | res2=res[1].split(":") 34 | fifo.write("ubnt_disatance " + res2[1].strip() + "\n") 35 | if res[0]=="iso.3.6.1.4.1.41112.1.4.1.1.4.1 ": 36 | res2=res[1].split(":") 37 | fifo.write("ubnt_freq " + res2[1].strip() + "\n") 38 | if res[0]=="iso.3.6.1.4.1.41112.1.4.5.1.5.1 ": 39 | res2=res[1].split(":") 40 | fifo.write("ubnt_signal_rx " + res2[1].strip() + "\n") 41 | if res[0]=="iso.3.6.1.4.1.41112.1.4.5.1.8.1 ": 42 | res2=res[1].split(":") 43 | command_line = "snmpwalk -v 1 -c tomesh " + nodeIP + " iso.3.6.1.4.1.10002.1.1.1.4.2.1" 44 | args = shlex.split(command_line) 45 | interfaces = subprocess.Popen(args,stdout=subprocess.PIPE) 46 | interfaces.wait() 47 | output = interfaces.stdout.read(); 48 | ints = output.split("\n") 49 | for int in ints: 50 | res = int.split("=") 51 | if res[0]=="iso.3.6.1.4.1.10002.1.1.1.4.2.1.3.1 ": 52 | res2=res[1].split(":") 53 | fifo.write("ubnt_cpu_1min " + res2[1].strip() + "\n") 54 | if res[0]=="iso.3.6.1.4.1.10002.1.1.1.4.2.1.3.2 ": 55 | res2=res[1].split(":") 56 | fifo.write("ubnt_cpu_5min " + res2[1].strip() + "\n") 57 | if res[0]=="iso.3.6.1.4.1.10002.1.1.1.4.2.1.3.3 ": 58 | res2=res[1].split(":") 59 | fifo.write("ubnt_cpu_15min " + res2[1].strip() + "\n") 60 | 61 | command_line = "snmpwalk -v 1 -c tomesh " + nodeIP + " iso.3.6.1.2.1.2.2.1" 62 | args = shlex.split(command_line) 63 | interfaces = subprocess.Popen(args,stdout=subprocess.PIPE) 64 | interfaces.wait() 65 | output = interfaces.stdout.read(); 66 | ints = output.split("\n") 67 | for int in ints: 68 | res = int.split("=") 69 | if res[0]=="iso.3.6.1.2.1.2.2.1.16.7": 70 | res2=res[1].split(":") 71 | fifo.write("ubnt_wlan_tx " + res2[1].strip() + "\n") 72 | if res[0]=="iso.3.6.1.2.1.2.2.1.1.7": 73 | res2=res[1].split(":") 74 | fifo.write("ubnt_wlan_rx " + res2[1].strip() + "\n") 75 | if res[0]=="iso.3.6.1.2.1.2.2.1.20.7": 76 | res2=res[1].split(":") 77 | fifo.write("ubnt_wlan_rx_error " + res2[1].strip() + "\n") 78 | if res[0]=="iso.3.6.1.2.1.2.2.1.14.7": 79 | res2=res[1].split(":") 80 | fifo.write("ubnt_wlan_tx_error " + res2[1].strip() + "\n") 81 | if res[0]=="iso.3.6.1.2.1.2.2.1.13.7": 82 | res2=res[1].split(":") 83 | fifo.write("ubnt_wlan_rx_drop " + res2[1].strip() + "\n") 84 | if res[0]=="iso.3.6.1.2.1.2.2.1.19.7": 85 | res2=res[1].split(":") 86 | fifo.write("ubnt_wlan_tx_drop " + res2[1].strip() + "\n") 87 | fifo.close() 88 | time.sleep(1) -------------------------------------------------------------------------------- /scripts/ipfs/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091 3 | 4 | set -e 5 | 6 | GO_IPFS_VERSION="v0.17.0" 7 | 8 | ARCH="$(uname -m)" 9 | case "$ARCH" in 10 | x86_64) 11 | ARCH="amd64" 12 | ;; 13 | i386 | i586 | i686 ) 14 | ARCH="386" 15 | ;; armv7l) 16 | ARCH="arm"; 17 | ;; 18 | armv6l) 19 | ARCH="arm"; 20 | ;; 21 | aarch64) 22 | ARCH="arm64"; 23 | ;; 24 | *) 25 | echo "Unknown Arch" 26 | exit 1 27 | ;; 28 | esac 29 | 30 | # Hyperborea connected peer used to bootstrap Hyperborea only ipfs nodes 31 | # DarkDrgn2k's peer 32 | IPFS_PEER_1="/ip6/fc6e:691e:dfaa:b992:a10a:7b49:5a1a:5e09/tcp/4001/ipfs/QmU6NeD2Uu34WKest1NZGvGmScLhN1zVo66K35GeE6Jft2" 33 | # HeavyMetal's peer 34 | IPFS_PEER_2="/ip6/fc6d:3961:6744:7d94:31ba:2bf3:30bf:ebab/tcp/4001/ipfs/QmRGk8DdMWy5P5xgUisnv7u4hV4WfgEhbxa6iGpviYGC7q" 35 | # Yggdrasil connected peer used to bootstrap hyperborea only ipfs nodes 36 | IPFS_PEER_3="/ip6/301:4541:2f84:1188:216:3eff:fed5:a2df/tcp/4001/ipfs/QmWZpTdfETtpjJphVE1YbxMkUcL84idkg44Cq1XWSBNm7P" 37 | # DarkDrgn2k's peer 38 | IPFS_PEER_4="/ip6/200:98bf:d6df:e49a:f525:40bf:18d:ac45/tcp/4001/ipfs/QmU6NeD2Uu34WKest1NZGvGmScLhN1zVo66K35GeE6Jft2" 39 | # HeavyMetal's peer 40 | IPFS_PEER_5="/ip6/201:3d73:dbf:da97:e008:2d29:3919:cdb1/tcp/4001/ipfs/QmRGk8DdMWy5P5xgUisnv7u4hV4WfgEhbxa6iGpviYGC7q" 41 | # Yk3Music's Irvine-CA peer 42 | IPFS_PEER_6="/ip6/fcbb:1db3:54fb:e519:d915:d7db:4893:4f30/tcp/4001/ipfs/QmZEiPvrfZHapq4uiyTDEcR2szCUhDnjdS4q3Uv2b1Uh88" 43 | 44 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 45 | 46 | # Download and install IPFS 47 | mkdir "$BASE_DIR/tmp" 48 | wget "https://dist.ipfs.io/go-ipfs/${GO_IPFS_VERSION}/go-ipfs_${GO_IPFS_VERSION}_linux-${ARCH}.tar.gz" -O "$BASE_DIR/tmp/go-ipfs.tar.gz" 49 | tar xvfz "$BASE_DIR/tmp/go-ipfs.tar.gz" -C "$BASE_DIR/tmp" 50 | sudo cp "$BASE_DIR/tmp/go-ipfs/ipfs" /usr/local/bin/ipfs 51 | sudo chown root:staff /usr/local/bin/ipfs 52 | rm -rf "$BASE_DIR/tmp" 53 | 54 | # Initialize IPFS if not already 55 | if [ ! -d "$HOME/.ipfs" ]; then 56 | ipfs init || true 57 | fi 58 | 59 | # Enable gossipsub routing 60 | ipfs config Pubsub.Router gossipsub 61 | 62 | # Enable Filestore for --nocopy capability 63 | ipfs config --bool Experimental.FilestoreEnabled true 64 | 65 | # Setup connection management - Reduce connections to stress the Pi less 66 | # XXX: These values need to be tweaked and tested 67 | ipfs config Swarm.ConnMgr.Type basic 68 | ipfs config --json Swarm.ConnMgr.LowWater 100 69 | ipfs config --json Swarm.ConnMgr.HighWater 200 70 | ipfs config Swarm.ConnMgr.GracePeriod 60s 71 | 72 | # Enable QUIC for better connections when possible 73 | ipfs config --bool Experimental.QUIC true 74 | 75 | # Configure HTTP reverse proxy to IPFS gateway 76 | sudo cp "$BASE_DIR/ipfs-http-gateway.conf" /etc/nginx/site-path-enabled/ipfs-http-gateway.conf 77 | sudo systemctl restart nginx.service 78 | 79 | # shellcheck source=../shared/nodeinfo/install 80 | source "$BASE_DIR/../shared/nodeinfo/install" 81 | sudo cp "$BASE_DIR/nodeinfo-ipfs" /opt/tomesh/nodeinfo.d/ipfs 82 | 83 | # Add bootstrap addresses 84 | ipfs bootstrap add "$IPFS_PEER_1" 85 | ipfs bootstrap add "$IPFS_PEER_2" 86 | ipfs bootstrap add "$IPFS_PEER_3" 87 | ipfs bootstrap add "$IPFS_PEER_4" 88 | ipfs bootstrap add "$IPFS_PEER_5" 89 | ipfs bootstrap add "$IPFS_PEER_6" 90 | 91 | # Download dependencies 92 | sudo apt-get install -y jq 93 | 94 | # Copy file 95 | sudo cp "$BASE_DIR/ipfs-swarm.sh" /usr/local/bin/ 96 | sudo chmod +x /usr/local/bin/ipfs-swarm.sh 97 | 98 | # Configure systemd to start ipfs.service on system boot 99 | sudo cp "$BASE_DIR/ipfs.service" /etc/systemd/system/ipfs.service 100 | sudo sed -i "s|__USER_HOME__|${HOME}|" /etc/systemd/system/ipfs.service 101 | sudo systemctl daemon-reload 102 | sudo systemctl enable ipfs.service 103 | sudo systemctl start ipfs.service 104 | 105 | # Add entry into nginx home screen 106 | APP="

IPFS

A peer-to-peer hypermedia protocol to make the web faster, safer, and more open.
Go
" 107 | sudo sed -i "s#<\!--APPLIST-->#$APP\n<\!--APPLIST-->#" "/var/www/html/index.html" 108 | -------------------------------------------------------------------------------- /scripts/ipfs-pi-stream/process-stream.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | HLS_TIME=40 4 | M3U8_SIZE=3 5 | IPFS_GATEWAY="https://ipfs.io" 6 | 7 | # Load settings 8 | 9 | # Prepare Pi Camera 10 | sudo modprobe bcm2835-v4l2 11 | sudo v4l2-ctl --set-ctrl video_bitrate=100000 12 | 13 | function startFFmpeg() { 14 | while true; do 15 | mv ~/ffmpeg.log ~/ffmpeg.1 16 | echo 1 > ~/stream-reset 17 | 18 | # Stream Raspberry Pi Camera 19 | ffmpeg -f video4linux2 -input_format h264 -video_size 1280x720 -framerate 30 -i /dev/video0 -vcodec copy -hls_time "${HLS_TIME}" "${what}.m3u8" > ~/ffmpeg.log 2>&1 20 | 21 | # Stream FM Station from a SDR module (see contrib/pi-stream to install drivers) 22 | # Frequency ends in M IE 99.9M 23 | # rtl_fm -f 99.9M -M fm -s 170k -A std -l0 -E deemp -r 44.1k | ffmpeg -r 15 -loop 1 -i ../audio.jpg -f s16le -ac 1 -i pipe:0 -c:v libx264 -tune stillimage -preset ultrafast -hls_time "${HLS_TIME}" "${what}.m3u8" > ~/ffmpeg 2>&1 24 | 25 | sleep 0.5 26 | done 27 | } 28 | 29 | # Create directory for HLS content 30 | 31 | currentpath="$HOME/live" 32 | sudo umount "${currentpath}" 33 | rm -rf "${currentpath}" 34 | mkdir "${currentpath}" 35 | sudo mount -t tmpfs tmpfs "${currentpath}" 36 | # shellcheck disable=SC2164 37 | cd "${currentpath}" 38 | 39 | what="$(date +%Y%m%d%H%M)-LIVE" 40 | 41 | # Start ffmpeg in background 42 | startFFmpeg & 43 | 44 | while true; do 45 | #TODO# Fix this one 46 | # shellcheck disable=SC2086,SC2012 47 | nextfile=$(ls -tr ${what}*.ts 2>/dev/null | head -n 1) 48 | 49 | if [ -n "${nextfile}" ]; then 50 | # Check if the next file on the list is still being written to by ffmpeg 51 | if lsof "${nextfile}" | grep -1 ffmpeg; then 52 | # Wait for file to finish writing 53 | # If not finished in 45 seconds something is wrong, timeout 54 | inotifywait -e close_write "${nextfile}" -t ${HLS_TIME} 55 | fi 56 | 57 | # Grab the timecode from the m3u8 file so we can add it to the log 58 | timecode=$(grep -B1 "${nextfile}" "${what}.m3u8" | head -n1 | awk -F : '{print $2}' | tr -d ,) 59 | attempts=5 60 | until [[ "${timecode}" || ${attempts} -eq 0 ]]; do 61 | # Wait and retry 62 | sleep 0.5 63 | timecode=$(grep -B1 "${nextfile}" "${what}.m3u8" | head -n1 | awk -F : '{print $2}' | tr -d ,) 64 | attempts=$((attempts-1)) 65 | done 66 | 67 | if ! [[ "${timecode}" ]]; then 68 | # Set approximate timecode 69 | timecode="${HLS_TIME}.000000" 70 | fi 71 | 72 | reset_stream=$(cat ~/stream-reset) 73 | reset_stream_marker='' 74 | if [[ ${reset_stream} -eq '1' ]]; then 75 | reset_stream_marker=" #EXT-X-DISCONTINUITY" 76 | fi 77 | 78 | echo 0 > ~/stream-reset 79 | # Current UTC date for the log 80 | time=$(date "+%F-%H-%M-%S") 81 | 82 | # Add ts file to IPFS 83 | ret=$(ipfs add --pin=false "${nextfile}" 2>/dev/null > ~/tmp.txt; echo $?) 84 | attempts=5 85 | until [[ ${ret} -eq 0 || ${attempts} -eq 0 ]]; do 86 | # Wait and retry 87 | sleep 0.5 88 | ret=$(ipfs add --pin=false "${nextfile}" 2>/dev/null > ~/tmp.txt; echo $?) 89 | attempts=$((attempts-1)) 90 | done 91 | if [[ ${ret} -eq 0 ]]; then 92 | # Update the log with the future name (hash already there) 93 | echo "$(cat ~/tmp.txt) ${time}.ts ${timecode}${reset_stream_marker}" >> ~/process-stream.log 94 | 95 | # Remove nextfile and tmp.txt 96 | rm -f "${nextfile}" ~/tmp.txt 97 | 98 | # Write the m3u8 file with the new IPFS hashes from the log 99 | totalLines="$(wc -l ~/process-stream.log | awk '{print $1}')" 100 | 101 | sequence=0 102 | if ((totalLines>M3U8_SIZE)); then 103 | sequence=$((totalLines-M3U8_SIZE)) 104 | fi 105 | { 106 | echo "#EXTM3U" 107 | echo "#EXT-X-VERSION:3" 108 | echo "#EXT-X-TARGETDURATION:${HLS_TIME}" 109 | echo "#EXT-X-MEDIA-SEQUENCE:${sequence}" 110 | } > current.m3u8 111 | tail -n ${M3U8_SIZE} ~/process-stream.log | awk '{print $6"#EXTINF:"$5",\n'${IPFS_GATEWAY}'/ipfs/"$2}' | sed 's/#EXT-X-DISCONTINUITY#/#EXT-X-DISCONTINUITY\n#/g' >> current.m3u8 112 | 113 | # Add m3u8 file to IPFS and IPNS publish 114 | m3u8hash=$(ipfs add current.m3u8 | awk '{print $2}') 115 | ipfs name publish --timeout=5s "${m3u8hash}" & 116 | 117 | # Copy files to web server 118 | cp current.m3u8 /var/www/html/live.m3u8 119 | cp ~/process-stream.log /var/www/html/live.log 120 | fi 121 | else 122 | sleep 5 123 | fi 124 | done 125 | -------------------------------------------------------------------------------- /scripts/cjdns/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC1091 3 | 4 | TAG_CJDNS=d2e55d58548d83940482fe1bbbe1fd36f7f1b4ef 5 | 6 | # Set BASE_DIR 7 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 8 | 9 | # Common functions 10 | source functions.sh 11 | 12 | # Install node.js 13 | # shellcheck source=../shared/node.js/install 14 | source "$BASE_DIR/../shared/node.js/install" 15 | 16 | # Default build script for CJDNS 17 | CJDNS_BUILD_CMD="sudo Seccomp_NO=1 NO_NEON=1 ./do" 18 | CJDNS_PACKAGE="" 19 | 20 | # Detect board 21 | detectBoard; 22 | 23 | # Set some defaults 24 | if [[ "$ARCH" == "armv7l" ]]; then 25 | #TODO# -O2 workaround. Needs to be resolved. 26 | CJDNS_BUILD_CMD="sudo Seccomp_NO=1 CFLAGS=\"-O2 -s -static -Wall -march=armv7-a -mtune=cortex-a7 -mfpu=neon-vfpv4 -mfloat-abi=hard -fomit-frame-pointer -marm\" ./do" 27 | CJDNS_PACKAGE="cjdns-neon-v4.deb" 28 | fi 29 | 30 | if [[ "$ARCH" == "aarch64" ]]; then 31 | CJDNS_BUILD_CMD="sudo Seccomp_NO=1 CFLAGS=\"-s -static -Wall -march=armv8-a+crc+crypto -fomit-frame-pointer\" ./do" 32 | CJDNS_PACKAGE="cjdns-neon-arm64-v4.deb" 33 | fi 34 | 35 | 36 | case "$BOARD_MODEL" in 37 | amd64) 38 | CJDNS_BUILD_CMD="sudo ./do" 39 | ;; 40 | i386) 41 | CJDNS_BUILD_CMD="sudo ./do" 42 | ;; 43 | "raspberrypi4") 44 | CJDNS_BUILD_CMD="sudo CFLAGS=\"-march=armv8-a+crc -mtune=cortex-a53 -mfpu=crypto-neon-fp-armv8 -mfloat-abi=hard -O2\" ./do" 45 | CJDNS_PACKAGE="cjdns-neon-v4.deb" 46 | ;; 47 | "raspberrypi3") 48 | CJDNS_BUILD_CMD="sudo CFLAGS=\"-march=armv8-a+crc -mtune=cortex-a53 -mfpu=crypto-neon-fp-armv8 -mfloat-abi=hard -O2\" ./do" 49 | CJDNS_PACKAGE="cjdns-neon-v4.deb" 50 | ;; 51 | "raspberrypi2") 52 | CJDNS_BUILD_CMD="sudo NO_TEST=1 CFLAGS=\"-mfpu=neon-vfpv4 -O2\" ./do" 53 | CJDNS_PACKAGE="cjdns-neon-v4.deb" 54 | ;; 55 | "raspberrypi1") 56 | CJDNS_BUILD_CMD="sudo Seccomp_NO=1 NO_NEON=1 NO_TEST=1 CFLAGS=\"-s -static -Wall\" ./do" 57 | CJDNS_PACKAGE="cjdns-no-neon-v4.deb" 58 | ;; 59 | "raspberrypizero") 60 | CJDNS_BUILD_CMD="sudo Seccomp_NO=1 NO_NEON=1 NO_TEST=1 CFLAGS=\"-s -static -Wall\" ./do" 61 | CJDNS_PACKAGE="cjdns-no-neon-v4.deb" 62 | ;; 63 | esac 64 | 65 | # Check if cjdns is to be compiled or downloaded 66 | if [[ ! -e "/usr/bin/cjdroute" ]]; then 67 | if [ -n "$CJDNS_PACKAGE" ]; then 68 | read -p "Compile CJDNS from source [Y] or use $CJDNS_PACKAGE Debian package (faster) [n]?" -n 1 -r 69 | echo "" 70 | if [[ ! $REPLY =~ ^[Nn]$ ]]; then 71 | CJDNS_PACKAGE=""; 72 | fi 73 | fi 74 | fi 75 | 76 | if [ -n "$CJDNS_PACKAGE" ]; then 77 | if ! [ -x "/opt/cjdns/cjdroute" ]; then 78 | echo -e "\e[1;31mInstalling CJDNS debian package\e[0m" 79 | wget https://github.com/darkdrgn2k/ToMeshPackages/raw/master/CJDNS/$CJDNS_PACKAGE -O /tmp/cjdns.deb 80 | sudo dpkg -i /tmp/cjdns.deb 81 | # Link up folder so files are in the same place as compiled 82 | if [[ -e "/opt/cjdns" ]]; then 83 | sudo rm -rf /opt/cjdns 84 | fi 85 | sudo ln -s /usr/share/cjdns /opt/cjdns 86 | sudo ln -s /usr/bin/cjdroute /opt/cjdns/cjdroute || true 87 | fi 88 | else 89 | here="$(pwd)" 90 | # Download CJDNS repo and checkout TAG_CJDNS tag 91 | if ! [ -d "/opt/cjdns" ]; then 92 | echo -e "\e[1;31mCompiling cjdns from source\e[0m" 93 | sudo apt-get install -y python 94 | sudo git clone https://github.com/cjdelisle/cjdns.git /opt/cjdns 95 | cd /opt/cjdns 96 | sudo git checkout $TAG_CJDNS 97 | cd "$here" 98 | fi 99 | 100 | # Build CJDNS 101 | if ! [ -x "/opt/cjdns/cjdroute" ]; then 102 | cd /opt/cjdns 103 | eval "$CJDNS_BUILD_CMD" 104 | cd "$here" 105 | fi 106 | 107 | # Install CJDNS to /usr/bin 108 | sudo rm -f /usr/bin/cjdroute 109 | sudo cp /opt/cjdns/cjdroute /usr/bin/cjdroute 110 | 111 | # Generate CJDNS configurations 112 | if ! [ -f "/etc/cjdroute.conf" ]; then 113 | sudo /usr/bin/cjdroute --genconf | sudo tee --append /etc/cjdroute.conf > /dev/null 114 | fi 115 | 116 | # Configure systemd to start cjdns.service on system boot 117 | sudo cp /opt/cjdns/contrib/systemd/cjdns.service /etc/systemd/system/cjdns.service 118 | sudo chmod 644 /etc/systemd/system/cjdns.service 119 | sudo cp /opt/cjdns/contrib/systemd/cjdns-resume.service /etc/systemd/system/cjdns-resume.service 120 | sudo chmod 644 /etc/systemd/system/cjdns-resume.service 121 | sudo systemctl daemon-reload 122 | fi 123 | 124 | sudo systemctl enable cjdns.service 125 | -------------------------------------------------------------------------------- /scripts/hostapd/wpa-eap/certs/Makefile: -------------------------------------------------------------------------------- 1 | ###################################################################### 2 | # 3 | # Make file to be installed in /etc/raddb/certs to enable 4 | # the easy creation of certificates. 5 | # 6 | # See the README file in this directory for more information. 7 | # 8 | # $Id$ 9 | # 10 | ###################################################################### 11 | 12 | DH_KEY_SIZE = 1024 13 | 14 | # 15 | # Set the passwords 16 | # 17 | PASSWORD_SERVER = `grep output_password server.cnf | sed 's/.*=//;s/^ *//'` 18 | PASSWORD_CA = `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` 19 | PASSWORD_CLIENT = `grep output_password client.cnf | sed 's/.*=//;s/^ *//'` 20 | 21 | USER_NAME = `grep emailAddress client.cnf | grep '@' | sed 's/.*=//;s/^ *//'` 22 | CA_DEFAULT_DAYS = `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` 23 | 24 | ###################################################################### 25 | # 26 | # Make the necessary files, but not client certificates. 27 | # 28 | ###################################################################### 29 | .PHONY: all 30 | all: index.txt serial dh random server ca 31 | 32 | .PHONY: client 33 | client: client.pem 34 | 35 | .PHONY: ca 36 | ca: ca.der 37 | 38 | .PHONY: server 39 | server: server.pem server.vrfy 40 | 41 | ###################################################################### 42 | # 43 | # Diffie-Hellman parameters 44 | # 45 | ###################################################################### 46 | dh: 47 | openssl dhparam -out dh $(DH_KEY_SIZE) 48 | 49 | ###################################################################### 50 | # 51 | # Create a new self-signed CA certificate 52 | # 53 | ###################################################################### 54 | ca.key ca.pem: ca.cnf 55 | openssl req -new -x509 -keyout ca.key -out ca.pem \ 56 | -days $(CA_DEFAULT_DAYS) -config ./ca.cnf 57 | 58 | ca.der: ca.pem 59 | openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der 60 | 61 | ###################################################################### 62 | # 63 | # Create a new server certificate, signed by the above CA. 64 | # 65 | ###################################################################### 66 | server.csr server.key: server.cnf 67 | openssl req -new -out server.csr -keyout server.key -config ./server.cnf 68 | 69 | server.crt: server.csr ca.key ca.pem 70 | openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf 71 | 72 | server.p12: server.crt 73 | openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER) 74 | 75 | server.pem: server.p12 76 | openssl pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER) 77 | 78 | .PHONY: server.vrfy 79 | server.vrfy: ca.pem 80 | openssl verify -CAfile ca.pem server.pem 81 | 82 | ###################################################################### 83 | # 84 | # Create a new client certificate, signed by the the above server 85 | # certificate. 86 | # 87 | ###################################################################### 88 | client.csr client.key: client.cnf 89 | openssl req -new -out client.csr -keyout client.key -config ./client.cnf 90 | 91 | client.crt: client.csr ca.pem ca.key 92 | openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf 93 | 94 | client.p12: client.crt 95 | openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) 96 | 97 | client.pem: client.p12 98 | openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) 99 | cp client.pem $(USER_NAME).pem 100 | 101 | .PHONY: client.vrfy 102 | client.vrfy: server.pem client.pem 103 | c_rehash . 104 | openssl verify -CApath . client.pem 105 | 106 | ###################################################################### 107 | # 108 | # Miscellaneous rules. 109 | # 110 | ###################################################################### 111 | index.txt: 112 | @touch index.txt 113 | 114 | serial: 115 | @echo '01' > serial 116 | 117 | random: 118 | @if [ -c /dev/urandom ] ; then \ 119 | dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; \ 120 | else \ 121 | date > ./random; \ 122 | fi 123 | 124 | print: 125 | openssl x509 -text -in server.crt 126 | 127 | printca: 128 | openssl x509 -text -in ca.pem 129 | 130 | clean: 131 | @rm -f *~ *old client.csr client.key client.crt client.p12 client.pem 132 | 133 | # 134 | # Make a target that people won't run too often. 135 | # 136 | destroycerts: 137 | rm -f *~ dh *.csr *.crt *.p12 *.der *.pem *.key index.txt* \ 138 | serial* random *\.0 *\.1 139 | -------------------------------------------------------------------------------- /scripts/yggdrasil-iptunnel/yggdrasil-setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Enable forwarding for ipv4 and ipv6 4 | echo 1 > /proc/sys/net/ipv4/ip_forward 5 | echo 1 > /proc/sys/net/ipv6/conf/all/forwarding 6 | 7 | # Give yggdrasil enough time to create an ygg0 interface before we start adding routes 8 | sleep 3 9 | if [ -f /etc/yggdrasil.iptunnel.conf ]; then 10 | touch /etc/yggdrasil.iptunnel.conf 11 | fi 12 | IPv6NAT=$(confget -f "/etc/yggdrasil.iptunnel.conf" -s "ipv6tunnel" nat) 13 | if [[ -z "$IPv6NAT" ]]; then 14 | IPv6NAT=true 15 | confset "iptunnel" "IPv6nat" "$IPv6NAT" /etc/yggdrasil.iptunnel.conf 16 | fi 17 | 18 | YGGINT="$(confget -f "/etc/yggdrasil.iptunnel.conf" -s "general" yggdrasil-interface)" 19 | if [[ -z "${YGGINT}" ]]; then 20 | YGGINT="ygg0" 21 | fi 22 | 23 | IPv6SUBNETINT="$(confget -f "/etc/yggdrasil.iptunnel.conf" -s "ipv6tunnel" subnet-interface)" 24 | if [[ -z "${IPv6SUBNETINT}" ]]; then 25 | IPv6SUBNETINT="wlan-ap" 26 | fi 27 | 28 | if [ -e /etc/yggdrasil.iptunnel.server ]; then 29 | SUBNET4=$(confget -f "/etc/yggdrasil.iptunnel.conf" -s "iptunnel" subnet) 30 | if [[ -z "${SUBNET4}" ]]; then 31 | SUBNET4="10.10.0.0/24" 32 | fi 33 | SUBNET6=$(confget -f "/etc/yggdrasil.iptunnel.conf" -s "ipv6tunnel" subnet) 34 | if [[ -z "${SUBNET6}" ]]; then 35 | SUBNET6="fd00::/64" 36 | ip -6 route add ${SUBNET6} dev "${YGGINT}" 37 | fi 38 | EXITINT="$(confget -f "/etc/yggdrasil.iptunnel.conf" -s "general" exit-interface)" 39 | if [[ -z "${EXITINT}" ]]; then 40 | EXITINT="eth0" 41 | fi 42 | 43 | while read -r PUBLIC_KEY IP_ADDR IP6_ADDR IP6_SUBNET; do 44 | if [[ "${PUBLIC_KEY}" =~ ^[0-z]{64} ]]; then 45 | yggdrasilctl addRemoteSubnet subnet="${IP_ADDR}/32" box_pub_key="${PUBLIC_KEY}" 46 | if [[ ! -z "${IP6_ADDR}" ]]; then 47 | yggdrasilctl addRemoteSubnet subnet="${IP6_ADDR}/128" box_pub_key="${PUBLIC_KEY}" 48 | if [[ ! -z "${IP6_SUBNET}" ]]; then 49 | yggdrasilctl addRemoteSubnet subnet="${IP6_SUBNET}" box_pub_key="${PUBLIC_KEY}" 50 | ip -6 route add "${IP6_SUBNET}" dev "${YGGINT}" || true 51 | fi 52 | isIPv6=true 53 | fi 54 | fi 55 | done < /etc/yggdrasil.iptunnel.server 56 | 57 | yggdrasilctl addLocalSubnet subnet="0.0.0.0/0" 58 | ip route add "${SUBNET4}" dev "${YGGINT}" || true 59 | 60 | if [[ "${isIPv6}" == true ]]; then 61 | yggdrasilctl addLocalSubnet subnet="::/0" 62 | # Add route for ygg0 interface 63 | ip -6 route add "${SUBNET6}" dev "${YGGINT}" || true 64 | fi 65 | 66 | # If no NAT (masquerading) being done, start doing it 67 | if [ -z "$(iptables -L POSTROUTING -v -n -t nat | grep MASQUERADE)" ]; then 68 | iptables -t nat -A POSTROUTING -o "${EXITINT}" -j MASQUERADE 69 | fi 70 | # If no NAT (masquerading) being done, start doing it 71 | if [ -z "$(ip6tables -L POSTROUTING -v -n -t nat | grep MASQUERADE)" ]; then 72 | if [[ ! "${IPv6NAT}" == false ]]; then 73 | iptables -t nat -A POSTROUTING -o "${EXITINT}" -j MASQUERADE 74 | fi 75 | fi 76 | # Configure as Yggdrasil IPTunnel client if client file is present 77 | # this is a single line represeting a Yggdrasil public key in /etc/yggdrasil.iptunnel.client 78 | # along with IPAddresses configured on the exit node for this node 79 | elif [ -e /etc/yggdrasil.iptunnel.client ]; then 80 | # Add each server to Yggdrasil IPTunnel connect-to's 81 | while read -r PUBLIC_KEY IP_ADDR IP6_ADDR IP6_SUBNET; do 82 | if [[ "${PUBLIC_KEY}" =~ ^[0-z]{64} ]]; then 83 | if [[ ! -z "${IP6_ADDR}" ]]; then 84 | ip addr add dev "${YGGINT}" "${IP6_ADDR}/128" 85 | yggdrasilctl addRemoteSubnet subnet="::0/0" box_pub_key="${PUBLIC_KEY}" 86 | yggdrasilctl addLocalSubnet subnet="${IP6_ADDR}/128" 87 | if [[ ! -z "${IP6_SUBNET}" ]]; then 88 | yggdrasilctl addLocalSubnet subnet="${IP6_SUBNET}" 89 | ip -6 route add ${IP6_SUBNET} dev "${IPv6SUBNETINT}" 90 | ip addr add dev "${IPv6SUBNETINT}" "$(echo ${IP6_SUBNET} | sed "s/\/64/1/")" 91 | fi 92 | fi 93 | ip addr add dev "${YGGINT}" "${IP_ADDR}/32" 94 | yggdrasilctl addRemoteSubnet subnet="0.0.0.0/0" box_pub_key="${PUBLIC_KEY}" 95 | yggdrasilctl addLocalSubnet subnet="${IP_ADDR}/32" 96 | fi 97 | done < /etc/yggdrasil.iptunnel.client 98 | 99 | # Remove NAT from eth0 if it exists 100 | iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE || true 101 | ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE || true 102 | 103 | # Route NAT traffic through to yggdrasil ygg0 interface to use iptunnel exit server 104 | iptables -t nat -A POSTROUTING -o "${YGGINT}" -j MASQUERADE 105 | if [[ ! "${IPv6NAT}" == false ]]; then 106 | ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 107 | fi 108 | 109 | # Special hack to change default route without removing original one 110 | ip route add 0.0.0.0/1 dev "${YGGINT}" 111 | ip route add 128.0.0.0/1 dev "${YGGINT}" 112 | 113 | ip -6 route add ::/1 dev "${YGGINT}" 114 | ip -6 route add 8000::/1 dev "${YGGINT}" 115 | fi 116 | -------------------------------------------------------------------------------- /scripts/status: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | INACTIVE='\e[1;31m[INACTIVE]\e[0m' 4 | ACTIVE='\e[1;32m[ACTIVE]\e[0m' 5 | 6 | echo " _ _ " 7 | echo " | |_ ___ _ __ ___ ___ ___| |__ " 8 | echo " | __/ _ \| '_ \` _ \ / _ / __| '_ \ " 9 | echo " | || (_) | | | | | | __\__ | | | |" 10 | echo " \__\___/|_| |_| |_|\___|___|_| |_|" 11 | 12 | echo -e '---------------------------------------' 13 | if [ "$(command -v cjdroute)" ]; then 14 | if [ "$(systemctl status cjdns.service | grep 'Active: ' | awk '{ print $2 }')" = 'active' ]; then 15 | echo -e "CJDNS Service ................ $ACTIVE" 16 | else 17 | echo -e "CJDNS Service .............. $INACTIVE" 18 | fi 19 | fi 20 | if [ "$(command -v yggdrasilctl)" ]; then 21 | if [ "$(systemctl status yggdrasil.service | grep 'Active: ' | awk '{ print $2 }')" = 'active' ]; then 22 | echo -e "Yggdrasil Service ............ $ACTIVE" 23 | else 24 | echo -e "Yggdrasil Service .......... $INACTIVE" 25 | fi 26 | fi 27 | 28 | if [ "$(command -v mesh-point)" ]; then 29 | ints=$(sudo iw dev | grep Interface | awk '{print $2}') 30 | while read -r line; do 31 | mp=$(sudo iw dev $line info | grep "type mesh point") 32 | if [ "$mp" ]; then 33 | mpint=$line 34 | fi 35 | done <<< "$ints" 36 | if [ -n "$mpint" ] && [ "$(ifconfig | grep $mpint)" ]; then 37 | echo -e "Mesh Point Interface ......... $ACTIVE" 38 | else 39 | echo -e "Mesh Point Interface ....... $INACTIVE" 40 | fi 41 | fi 42 | if [ "$(command -v mesh-adhoc)" ]; then 43 | ints=$(sudo iw dev | grep Interface | awk '{print $2}') 44 | while read -r line; do 45 | mp=$(sudo iw dev $line info | grep "type IBSS") 46 | if [ "$mp" ]; then 47 | mpint=$line 48 | fi 49 | done <<< "$ints" 50 | if [ -n "$mpint" ] && [ "$(ifconfig | grep $mpint)" ]; then 51 | echo -e "Ad-hoc Interface ............. $ACTIVE" 52 | else 53 | echo -e "Ad-hoc Interface ........... $INACTIVE" 54 | fi 55 | fi 56 | if [ "$(command -v hostapd)" ]; then 57 | if [ "$(systemctl status hostapd.service | grep 'Active: ' | awk '{ print $2 }')" = 'active' ] && [ -n "$(ps aux | grep hostapd | grep -v grep)" ]; then 58 | echo -e "WiFi Access Point ............ $ACTIVE" 59 | else 60 | echo -e "WiFi Access Point .......... $INACTIVE" 61 | fi 62 | fi 63 | if [ "$(command -v ipfs)" ]; then 64 | if [ "$(systemctl status ipfs.service | grep 'Active: ' | awk '{ print $2 }')" = 'active' ]; then 65 | echo -e "IPFS Service ................. $ACTIVE" 66 | else 67 | echo -e "IPFS Service ............... $INACTIVE" 68 | fi 69 | fi 70 | if [ "$(command -v sbot)" ]; then 71 | if [ "$(systemctl status ssb.service | grep 'Active: ' | awk '{ print $2 }')" = 'active' ]; then 72 | echo -e "ScuttleBot Service ........... $ACTIVE" 73 | else 74 | echo -e "ScuttleBot Service ......... $INACTIVE" 75 | fi 76 | fi 77 | if [ "$(command -v process-stream.sh)" ]; then 78 | if [ ! -z "$(ps aux | grep ffmpeg | grep -v grep)" ] && [ "$(systemctl status process-stream.service | grep 'Active: ' | awk '{ print $2 }')" = 'active' ]; then 79 | echo -e "IPFS Pi Stream Service ....... $ACTIVE" 80 | else 81 | echo -e "IPFS Pi Stream Service ..... $INACTIVE" 82 | fi 83 | fi 84 | if [ "$(command -v node_exporter)" ]; then 85 | if [ "$(systemctl status prometheus-node-exporter.service | grep 'Active: ' | awk '{ print $2 }')" = 'active' ]; then 86 | echo -e "Prometheus Node Exporter ..... $ACTIVE" 87 | else 88 | echo -e "Prometheus Node Exporter ... $INACTIVE" 89 | fi 90 | fi 91 | if [ "$(command -v /opt/prometheus/prometheus)" ]; then 92 | if [ "$(systemctl status prometheus-server.service | grep 'Active: ' | awk '{ print $2 }')" = 'active' ]; then 93 | echo -e "Prometheus Server ............ $ACTIVE" 94 | else 95 | echo -e "Prometheus Server .......... $INACTIVE" 96 | fi 97 | fi 98 | if [ "$(command -v /usr/sbin/grafana-server)" ]; then 99 | if [ "$(systemctl status grafana-server.service | grep 'Active: ' | awk '{ print $2 }')" = 'active' ]; then 100 | echo -e "Grafana ...................... $ACTIVE" 101 | else 102 | echo -e "Grafana .................... $INACTIVE" 103 | fi 104 | fi 105 | if [ "$(command -v yrd)" ]; then 106 | if [ "$(systemctl status yrd.service | grep 'Active: ' | awk '{ print $2 }')" = 'active' ]; then 107 | echo -e "yrd .......................... $ACTIVE" 108 | else 109 | echo -e "yrd ........................ $INACTIVE" 110 | fi 111 | fi 112 | 113 | if [ "$(command -v cjdroute)" ] && [ "$(ip addr | grep tun0)" ] ; then 114 | echo -e '---------------------------------------' 115 | echo -e 'CJDNS NODE' 116 | sudo grep -m 1 '"ipv6"' /etc/cjdroute.conf | awk '{ print $2 }' | sed 's/[",]//g' 117 | echo -e '---------------------------------------' 118 | echo -e 'CJDNS PEERS' 119 | read -a peers <<< `sudo nodejs /opt/cjdns/tools/peerStats 2>/dev/null | awk '{ if ($3 == "ESTABLISHED") print $2 }' | awk -F. '{ print $6".k" }' | xargs` 120 | for peer in "${peers[@]}"; do 121 | sudo /opt/cjdns/publictoip6 "$peer" 122 | done 123 | echo -e '---------------------------------------' 124 | fi 125 | 126 | if [ "$(command -v yggdrasil)" ] && [ "$(ip addr | grep ygg0)" ]; then 127 | YGGIP=$(sudo ifconfig ygg0 | grep -E 'inet6 2[0-9a-fA-F]{2}:' | awk '{print $2}') 128 | echo -e '---------------------------------------' 129 | echo -e 'YGGDRASIL NODE' 130 | echo -e $YGGIP 131 | echo -e '---------------------------------------' 132 | echo -e 'YGGDRASIL PEERS' 133 | sudo yggdrasilctl getPeers | grep -v "$YGGIP" | awk '{print $1}' | grep -v "bytes_recvd" 134 | echo -e '---------------------------------------' 135 | fi 136 | -------------------------------------------------------------------------------- /docs/FAQ.md: -------------------------------------------------------------------------------- 1 | # Frequently Asked Questions 2 | 3 | ## Raspberry Pi 4 | 5 | **Q:** Can I connect a serial cable (TTL) to a Raspberry Pi (or Rock64)? 6 | 7 | **A:** Yes, there are TTL pins in the GPIO pins. They are as follows 8 | ``` 9 | VCC → RPi Pin 02 (5V) 10 | GND → RPi Pin 06 11 | RXD → RPi Pin 08 12 | TXD → RPi Pin 10 13 | ``` 14 | 15 | You will also need to configure Rasbian to output information on these pins. To do so add this to your **config.txt** file located on your **boot** partition. 16 | ``` 17 | enable_uart=1 dtoverlay=pi3-disable-bt 18 | ``` 19 | 20 | **Note:** U-boot will not appear on serial, only once kernel starts to boot do you see output 21 | 22 | 23 | ## Armbian Boards 24 | 25 | **Q:** What are the instructions to install an Armbian? 26 | 27 | **A**: Install the OS and prepare the board as follows. 28 | 29 | 1. Make sure you have the following items: 30 | 31 | * Armbian-compatible board 32 | * SD card 33 | 34 | 1. Flash the SD card with the appropriate Armbian image (usually the Nightly for your board, refer to [Hardware Table](README.md#hardware-table)). 35 | 36 | 1. Plug the SD card into the board. 37 | 38 | 1. Plug the board into your router, so it has connectivity to the Internet. 39 | 40 | 1. SSH into the board with the username **root** and password **1234**. Default hostnames are similar to your boards name. For example **orangepizero** for an Orange Pi Zero **espressobin** for an Espressobin etc. 41 | 42 | 1. When prompted, enter the password **1234** again. 43 | 44 | 1. When prompted, enter a _new_ password, this will be your new root password. 45 | 46 | 1. When prompted, enter your _new_ password again. 47 | 48 | 1. When prompted, enter a non-root username for your board. 49 | 50 | 1. When prompted, enter a password for your new non-root user. 51 | 52 | 1. When prompted, enter the password for the non-root user again. 53 | 54 | 1. Answer the rest of the prompts about the new non-root user, or simply press enter at each prompt to skip. 55 | 56 | 1. Continue with [Prototype Installation](README.md). 57 | 58 | **Q:** Why do my Orange Pi Zero USB headers not work? 59 | 60 | **A:** Some images are missing the USB overlay. Simply add the following to the **/boot/armbianEnv.txt** file and restart the Pi. 61 | ``` 62 | overlays=usbhost2 usbhost3 63 | ``` 64 | 65 | **Q:** Why do I get an error about a locked file when I try to install the node on an Orange Pi? 66 | 67 | **A**: The daily apt upgrade sometimes starts up in the background locking the apt database. This will cause the script to fail as it tries to install the required software. Wait for the upgrade to finish. 68 | 69 | **Q:** Seems all my mac addresses are the same across multiple boards. How do I fix this? 70 | 71 | Seems some of the Armbian images have a hardcoded machine id. Generate a new one using the following script 72 | ``` 73 | if [ `cat /etc/machine-id` == "f3f0aa4383b442e6ae0b889a10144d76" ]; then 74 | echo Generating new ID 75 | sudo mv /etc/machine-id /etc/machine-id.old 76 | dbus-uuidgen | sudo tee /var/lib/dbus/machine-id 77 | sudo cp /var/lib/dbus/machine-id /etc/machine-id 78 | fi 79 | ``` 80 | 81 | ### Rock64 82 | 83 | **Q:** What is the baud rate for the Rock64? 84 | 85 | **A:** U-boot baud rate seems to be 1500000. Once ubuntu starts it is 115200 86 | 87 | ### ESPRESSObin 88 | 89 | **Q:** How do I upgrade the U-boot on Espressobin? 90 | 91 | **A:** Manual flashing to latest U-boot is mandatory! [Download](https://dl.armbian.com/espressobin/u-boot/) the right boot flash for your board: 512,1G,2G, number of RAM chips (one at the bottom or 2 one on each side of the board) and appropirate memory speeds. You can obtain numbers from current boot prompt. Copy this flash-image-MEM-RAM_CHIPS-CPU_DDR_boot_sd_and_usb.bin to your FAT formatted USB key, plug it into USB3.0 port and execute from U-boot prompt: 92 | ``` 93 | bubt flash-image-MEM-CPU_DDR_boot_sd_and_usb.bin spi usb 94 | ``` 95 | 96 | **Q:** How do I boot Armbian on an Espressobin from an sd card? 97 | 98 | **A:** First update the U-boot (above). Then run the following in U-boot. 99 | ``` 100 | setenv initrd_addr 0x1100000 101 | setenv image_name boot/Image 102 | setenv load_script 'if test -e mmc 0:1 boot/boot.scr; then echo \"... booting from SD\";setenv boot_interface mmc;else echo \"... booting from USB/SATA\";usb start;setenv boot_interface usb;fi;if test -e \$boot_interface 0:1 boot/boot.scr;then ext4load \$boot_interface 0:1 0x00800000 boot/boot.scr; source; fi' 103 | setenv bootcmd 'run get_images; run set_bootargs; run load_script;booti \$kernel_addr \$ramfs_addr \$fdt_addr' 104 | saveenv 105 | ``` 106 | ## Wireless 107 | 108 | **Q:** Why do my MeshPoint/AdHoc nodes on v0.3 or lower no longer mesh with v0.4 or higher? 109 | 110 | **A:** We dropped the band width of MeshPoint and AdHoc to 20MHz from 40MHz in v0.4. This should provide a bit better responsiveness in urban environments. Unfortunately the 20MHz and 40MHz bands do not work together. 111 | 112 | You can update your v0.3 or lower nodes to use 20MHz by editing the `/usr/bin/mesh-adhoc` or `/usr/bin/mesh-point` file and removing the HT40+ paramater from the iw line near the bottom of the file, then simply reboot. 113 | 114 | **Q:** Can I use the on board wireless of my RaspberryPi/OrangePi/etc to mesh? 115 | 116 | **A:** Maybe. 117 | 118 | On board wireless we have seen so far 119 | * Do NOT support 802.11s/meshpoint 120 | * Do report to support Ad-Hoc mode 121 | * Do NOT support 40Mhz width 122 | * Will only connect to other devices using Ad-Hoc and not using 40Mhz 123 | * May or may not work. Protocol is not usually maintained as part of drivers 124 | 125 | To install 126 | * Install Ad-Hoc mesh module 127 | * Do NOT install Access Point 128 | 129 | If you have success using ad-hoc with on board cards please let us know your experience. 130 | 131 | So far: 132 | - 3b+ seemed to have worked but 3b did not 133 | - 3b working by killing wpa_supplicant first 134 | -------------------------------------------------------------------------------- /scripts/functions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # shellcheck disable=SC2034 3 | true 4 | 5 | dialogGlobalParams="--backtitle Installation --ascii-lines" 6 | # Ask if module is to be enabled if not defined 7 | # askModule [default answer] 8 | function askModule { 9 | # Define standard behaviour (default yes) 10 | askPrompt="[Y/n]" 11 | nonDefaultMatch="Nn" 12 | defaultValue=true 13 | nonDefaultValue=false 14 | dialogParam="" 15 | 16 | # Define alternative behaviour (default no) 17 | if [ "$3" == "n" ]; then 18 | askPrompt="[y/N]" 19 | nonDefaultMatch="Yy" 20 | nonDefaultValue=true 21 | defaultValue=false 22 | dialogParam=" --defaultno " 23 | fi 24 | 25 | # This reads variable repersented by the string 26 | eval "res=\$$1" 27 | 28 | if [ "$(checkModule 'WITH_DIALOG')" ]; then 29 | if [ -z "$res" ] || [ "$res" != "true" ] && [ "$res" != "false" ]; then 30 | # Do not stop exec on non 0 return values 31 | set +e 32 | # shellcheck disable=SC2086 33 | dialog $dialogGlobalParams $dialogParam --title "$2" --yesno "Install $2?" 6 55 34 | response=$? 35 | # Return to previous setting 36 | set -e 37 | 38 | case $response in 39 | 0) res="true";; 40 | 1) res="false";; 41 | 255) exit;; 42 | esac 43 | fi 44 | else 45 | if [ -z "$res" ] || [ "$res" != "true" ] && [ "$res" != "false" ]; then 46 | 47 | # Clear buffer before asking 48 | read -r -t 1 -n 10000 discard || true 49 | 50 | read -p "Install $2 $askPrompt? " -n 1 -r 51 | echo "" 52 | if [[ $REPLY =~ ^[$nonDefaultMatch]$ ]]; then 53 | res=$nonDefaultValue 54 | else 55 | res=$defaultValue 56 | fi 57 | fi 58 | fi 59 | if [ "$res" == "true" ]; then 60 | echo -e "\e[1;32m$2 will be enabled\e[0m" 61 | else 62 | echo -e "\e[1;31m$2 will be skipped\e[0m" 63 | fi 64 | eval "$1=\$res" 65 | } 66 | 67 | # Check to see if module is enabled 68 | # checkModule 69 | function checkModule { 70 | eval "res=\$$1" 71 | if [ -n "$res" ] && [ "$res" == "true" ]; then 72 | echo "1" 73 | else 74 | echo "" 75 | fi 76 | } 77 | 78 | # Ask user to choose from a selection of items 79 | # list is \n delimited. Each line formated as 80 | # "x text" 81 | # x - single capital character that will be returned 82 | # text - description of item 83 | # 84 | # askSelection 85 | # 86 | # Result is stored in $dialogREPLY 87 | dialogREPLY="" 88 | function askSelection { 89 | selection=$2 90 | dialogREPLY="" 91 | if [ "$(checkModule 'WITH_DIALOG')" ]; then 92 | 93 | # Clear buffer before asking 94 | read -r -t 1 -n 10000 discard || true 95 | 96 | selection=$(echo -e "$selection" | while read -r selected; do 97 | selectedItem="${selected:0:1}" 98 | selectedText="${selected:2}" 99 | echo "$selectedItem \"$selectedText\"" 100 | done) 101 | echo "$selection" > /tmp/selectionList 102 | 103 | # shellcheck disable=SC2086 104 | dialog $dialogGlobalParams --menu "$1" 15 55 8 --file /tmp/selectionList 2> /tmp/res 105 | rm -f selectionList 106 | response=$(cat /tmp/res) 107 | rm -f /tmp/res 108 | 109 | # Return if canceled 110 | if [[ "$response" == "" ]]; then 111 | exit 1 112 | fi 113 | 114 | # Set response variable 115 | dialogREPLY="$response" 116 | else 117 | isValid="" 118 | while [[ "$isValid" == "" ]]; do 119 | 120 | # Clear buffer before asking 121 | read -r -t 1 -n 10000 discard || true 122 | 123 | echo -e "$1" 124 | echo ------------------- 125 | echo -e "$2" 126 | echo ------------------- 127 | read -p "Selection: " -n 1 -r 128 | echo "" 129 | if [[ ! "$REPLY" == "" ]]; then 130 | REPLY=$(echo "$REPLY" | awk '{print toupper($0)}') 131 | 132 | # Clear buffer before asking 133 | read -r -t 1 -n 10000 discard || true 134 | 135 | isValid=$(echo -e "$selection" | while read -r selected; do 136 | if [[ "${selected:0:1}" == "$REPLY" ]]; then 137 | echo 1 138 | fi 139 | done) 140 | fi 141 | done 142 | dialogREPLY="$REPLY" 143 | fi 144 | } 145 | 146 | function detectBoard { 147 | 148 | BOARD_MODEL="Unknown" 149 | BOARD_NAME="Unknown" 150 | BOARD_OS="Unknown" 151 | 152 | # Check for x86 153 | ARCH="$(uname -m)" 154 | case "$ARCH" in 155 | x86_64) 156 | BOARD_MODEL="amd64" 157 | BOARD_NAME="Generic AMD64" 158 | ;; 159 | i386 | i586 | i686 ) 160 | BOARD_MODEL="i386" 161 | BOARD_NAME="Generic x86" 162 | esac 163 | 164 | if [[ "${BOARD_MODEL}" == "Unknown" ]]; then 165 | # Use tr to remove null byte generating warning 166 | if [ -f "/sys/firmware/devicetree/base/model" ]; then 167 | BOARD_NAME=$(tr -d '\0' < /sys/firmware/devicetree/base/model) 168 | else 169 | BOARD_NAME=$(grep Hardware /proc/cpuinfo | awk '{print $3}' | head -n 1) 170 | fi 171 | fi 172 | # Check for armbian identification 173 | if [ -f "/etc/armbian-image-release" ]; then 174 | BOARD_OS="Armbian" 175 | BOARD_MODEL="$(grep "BOARD=" /etc/armbian-image-release | awk -F '=' '{print $2}' | tr -d \")" 176 | BOARD_NAME="$(grep BOARD_NAME /etc/armbian-image-release | awk -F '=' '{print $2}' | tr -d \" )" 177 | BOARD_NEON=true 178 | fi 179 | if [[ "$BOARD_NAME" == "Raspberry Pi"* ]]; then 180 | BOARD_OS="Raspbian" 181 | # Check for default password is still set for user pi 182 | # If it is force password before reboot 183 | # shellcheck disable=SC2016 184 | if [[ "$BOARD_NAME" == "Raspberry Pi 4"* ]]; then 185 | BOARD_MODEL="raspberrypi4" 186 | BOARD_NEON=true 187 | fi 188 | if [[ "$BOARD_NAME" == "Raspberry Pi 3"* ]]; then 189 | BOARD_MODEL="raspberrypi3" 190 | BOARD_NEON=true 191 | fi 192 | if [[ "$BOARD_NAME" == "Raspberry Pi 2"* ]]; then 193 | BOARD_MODEL="raspberrypi2" 194 | BOARD_NEON=true 195 | fi 196 | if [[ "$BOARD_NAME" == "Raspberry Pi Model A"* || "$BOARD_NAME" == "Raspberry Pi Model B"* ]]; then 197 | BOARD_MODEL="raspberrypi1" 198 | BOARD_NEON=false 199 | fi 200 | if [[ "$BOARD_NAME" == *"Zero"* ]]; then 201 | BOARD_MODEL="raspberrypizero" 202 | BOARD_NEON=false 203 | fi 204 | fi 205 | } 206 | -------------------------------------------------------------------------------- /scripts/prometheus-node-exporter/nodestats-tomesh.py: -------------------------------------------------------------------------------- 1 | import os 2 | import os.path 3 | import time 4 | import shlex 5 | import subprocess 6 | import json 7 | 8 | path = "/var/lib/node_exporter/ne-stats.prom" 9 | 10 | if os.path.exists(path): 11 | os.remove(path) 12 | 13 | os.mkfifo(path) 14 | 15 | while 1: 16 | fifo = open(path, "w") 17 | 18 | fifo.write("tomeshV 1.2\n") 19 | try: 20 | s="" 21 | if os.path.isfile("/sys/devices/virtual/thermal/thermal_zone0/temp"): 22 | with file("/sys/devices/virtual/thermal/thermal_zone0/temp") as f: 23 | s = f.read() 24 | fifo.write("hw_temp ") 25 | fifo.write(s) 26 | 27 | 28 | # Wireless Link Dump 29 | 30 | # Get cjdns peer information 31 | remotePeers = {} 32 | myaddress="" 33 | if os.path.isfile("/opt/cjdns/tools/cexec"): 34 | command_line = "/opt/cjdns/tools/cexec \"Core_nodeInfo()\"" 35 | args = shlex.split(command_line) 36 | interfaces = subprocess.Popen(args,stdout=subprocess.PIPE) 37 | interfaces.wait() 38 | output = interfaces.stdout.read(); 39 | try: 40 | data = json.loads(output) 41 | tmp=data["myAddr"].split(".") 42 | myaddress=tmp[5] + ".k" 43 | myaddress=myaddress.splitlines()[0] 44 | command_line = "/opt/cjdns/tools/peerStats" 45 | args = shlex.split(command_line) 46 | interface = subprocess.Popen(args,stdout=subprocess.PIPE) 47 | interface.wait() 48 | output = interface.stdout.read() 49 | peers = output.split("\n") 50 | for peer in peers: 51 | words2= peer.split(" ") 52 | if len(words2) > 1: 53 | tmp=words2[1].split(".") 54 | remotePubKey=tmp[5] + ".k" 55 | remotePeers[words2[0]]=remotePubKey 56 | except: 57 | pass 58 | # Look through wireless interfaces 59 | command_line = "iw dev" 60 | args = shlex.split(command_line) 61 | interfaces = subprocess.Popen(args,stdout=subprocess.PIPE) 62 | interfaces.wait() 63 | output = interfaces.stdout.read(); 64 | ints = output.split("\n") 65 | for int in ints: 66 | if int.find("Interface") > -1: 67 | words = int.split() 68 | currentitn=words[1] 69 | 70 | # Read mac address from system file 71 | with open("/sys/class/net/" + currentitn + "/address") as f: 72 | mac = f.readlines() 73 | mac = [x.strip() for x in mac][0] 74 | 75 | command_line = "iw dev " + currentitn + " info" 76 | args = shlex.split(command_line) 77 | interface = subprocess.Popen(args,stdout=subprocess.PIPE) 78 | interface.wait() 79 | output = interface.stdout.read() 80 | types = output.split("\n") 81 | for type in types: 82 | if type.find("type") > -1: 83 | words2= type.split(" ") 84 | if (words2[1] == "mesh") or (words2[1] == "IBSS"): 85 | meshtype=words2[1] 86 | fifo.write("wlan_mesh{type=\"" + meshtype + "\", iface=\"" + currentitn + "\"} 1\n") 87 | fifo.write("mesh_node_wifi{mac=\"" + mac + "\",type=\"" + meshtype + "\", device=\"" + currentitn + "\"} -1\n") 88 | # Loop through connected stations 89 | command_line = "iw dev " + currentitn + " station dump" 90 | args = shlex.split(command_line) 91 | links = subprocess.Popen(args,stdout=subprocess.PIPE) 92 | links.wait() 93 | output = links.stdout.read() 94 | linksline = output.split("\n") 95 | station="" 96 | signal="" 97 | 98 | for link in linksline: 99 | if link <> "" : 100 | words3 = link.replace("\t"," ").split(" ") 101 | if words3[0].find("Station") > -1: 102 | station=words3[1] 103 | linkstatus="" 104 | rx=-1 105 | tx=-1 106 | signal=-100 107 | cjdnsdata="" 108 | if station in remotePeers: 109 | cjdnsdata=',sourcekey="' + myaddress + '", key="' + remotePeers[station] + '"' 110 | if words3[1].find("signal") > -1: 111 | signal=words3[3] 112 | if words3[1].find("mesh") > -1 and words3[2].find("plink") > -1: 113 | linkstatus=words3[3] 114 | if words3[1].find("rx") > -1 and words3[2].find("bytes") > -1: 115 | rx=words3[3] 116 | if words3[1].find("tx") > -1 and words3[2].find("bytes") > -1: 117 | tx=words3[3] 118 | if words3[1].find("TDLS") > -1: 119 | fifo.write('mesh_node_signal{sourcemac="' + mac + '",mac="' + station + '",link="' + linkstatus + '"' + cjdnsdata + '} ' + signal + "\n") 120 | fifo.write('mesh_node_rx{sourcemac="' + mac + '",mac="' + station + '"} ' + rx + "\n") 121 | fifo.write('mesh_node_tx{sourcemac="' + mac + '",mac="' + station + '"} ' + tx + "\n") 122 | 123 | 124 | if os.path.isfile("/usr/bin/yggdrasilctl"): 125 | args = shlex.split("sudo /usr/bin/yggdrasilctl -json getPeers") 126 | interfaces = subprocess.Popen(args,stdout=subprocess.PIPE) 127 | interfaces.wait() 128 | raw_json = interfaces.stdout.read(); 129 | try: 130 | peers = json.loads(raw_json.decode()) 131 | 132 | for peer,data in peers["peers"].items(): 133 | fifo.write('mesh_node_ygg_peer_rx{peer="'+peer+'",endpoint="'+str(data["endpoint"])+'"}'+" "+str(data["bytes_recvd"])+"\n") 134 | fifo.write('mesh_node_ygg_peer_tx{peer="'+peer+'",endpoint="'+str(data["endpoint"])+'"}'+" "+str(data["bytes_sent"])+"\n") 135 | except: 136 | pass 137 | except: 138 | fifo.write('mesh_node_error 1\n') 139 | fifo.close() 140 | time.sleep(1) 141 | -------------------------------------------------------------------------------- /scripts/hostapd/wpa-eap/certs/README: -------------------------------------------------------------------------------- 1 | This directory contains scripts to create the server certificates. 2 | To make a set of default (i.e. test) certificates, simply type: 3 | 4 | $ ./bootstrap 5 | 6 | The "openssl" command will be run against the sample configuration 7 | files included here, and will make a self-signed certificate authority 8 | (i.e. root CA), and a server certificate. This "root CA" should be 9 | installed on any client machine needing to do EAP-TLS, PEAP, or 10 | EAP-TTLS. 11 | 12 | The Microsoft "XP Extensions" will be automatically included in the 13 | server certificate. Without those extensions Windows clients will 14 | refuse to authenticate to FreeRADIUS. 15 | 16 | In general, you should use self-signed certificates for 802.1x (EAP) 17 | authentication. When you list root CAs from other organizations in 18 | the "CA_file", you permit them to masquerade as you, to authenticate 19 | your users, and to issue client certificates for EAP-TLS. 20 | 21 | If FreeRADIUS was configured to use OpenSSL, then simply starting 22 | the server in root in debugging mode should also create test 23 | certificates, i.e.: 24 | 25 | $ radiusd -X 26 | 27 | That will cause the EAP-TLS module to run the "bootstrap" script in 28 | this directory. The script will be executed only once, the first time 29 | the server has been installed on a particular machine. This bootstrap 30 | script SHOULD be run on installation of any pre-built binary package 31 | for your OS. In any case, the script will ensure that it is not run 32 | twice, and that it does not over-write any existing certificates. 33 | 34 | If you already have CA and server certificates, rename (or delete) 35 | this directory, and create a new "certs" directory containing your 36 | certificates. Note that the "make install" command will NOT 37 | over-write your existing "raddb/certs" directory, which means that the 38 | "bootstrap" command will not be run. 39 | 40 | 41 | NEW INSTALLATIONS OF FREERADIUS 42 | 43 | 44 | We suggest that new installations use the test certificates for 45 | initial tests, and then create real certificates to use for normal 46 | user authentication. See the instructions below for how to create the 47 | various certificates. The old test certificates can be deleted by 48 | running the following command: 49 | 50 | $ rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt* 51 | 52 | Then, follow the instructions below for creating real certificates. 53 | 54 | Once the final certificates have been created, you can delete the 55 | "bootstrap" command from this directory, and delete the 56 | "make_cert_command" configuration from the "tls" sub-section of 57 | eap.conf. 58 | 59 | If you do not want to enable EAP-TLS, PEAP, or EAP-TTLS, then delete 60 | the relevant sub-sections from the "eap.conf" file. 61 | 62 | 63 | MAKING A ROOT CERTIFICATE 64 | 65 | 66 | $ vi ca.cnf 67 | 68 | Edit the "input_password" and "output_password" fields to be the 69 | password for the CA certificate. 70 | 71 | Edit the [certificate_authority] section to have the correct values 72 | for your country, state, etc. 73 | 74 | $ make ca.pem 75 | 76 | This step creates the CA certificate. 77 | 78 | $ make ca.der 79 | 80 | This step creates the DER format of the self-signed certificate, 81 | which is can be imported into Windows. 82 | 83 | 84 | MAKING A SERVER CERTIFICATE 85 | 86 | 87 | $ vi server.cnf 88 | 89 | Edit the "input_password" and "output_password" fields to be the 90 | password for the server certificate. 91 | 92 | Edit the [server] section to have the correct values for your 93 | country, state, etc. Be sure that the commonName field here is 94 | different from the commonName for the CA certificate. 95 | 96 | $ make server.pem 97 | 98 | This step creates the server certificate. 99 | 100 | If you have an existing certificate authority, and wish to create a 101 | certificate signing request for the server certificate, edit 102 | server.cnf as above, and type the following command. 103 | 104 | $ make server.csr 105 | 106 | You will have to ensure that the certificate contains the XP 107 | extensions needed by Microsoft clients. 108 | 109 | 110 | MAKING A CLIENT CERTIFICATE 111 | 112 | 113 | Client certificates are used by EAP-TLS, and optionally by EAP-TTLS 114 | and PEAP. The following steps outline how to create a client 115 | certificate that is signed by the server certificate created above. 116 | You will have to have the password for the server certificate in the 117 | "input_password" and "output_password" fields of the server.cnf file. 118 | 119 | 120 | $ vi client.cnf 121 | 122 | Edit the "input_password" and "output_password" fields to be the 123 | password for the client certificate. You will have to give these 124 | passwords to the end user who will be using the certificates. 125 | 126 | Edit the [client] section to have the correct values for your 127 | country, state, etc. Be sure that the commonName field here is 128 | the User-Name that will be used for logins! 129 | 130 | $ make client.pem 131 | 132 | The users certificate will be in "emailAddress.pem", 133 | i.e. "user@example.com.pem". 134 | 135 | To create another client certificate, just repeat the steps for 136 | making a client certificate, being sure to enter a different login 137 | name for "commonName", and a different password. 138 | 139 | 140 | PERFORMANCE 141 | 142 | 143 | EAP performance for EAP-TLS, TTLS, and PEAP is dominated by SSL 144 | calculations. That is, a normal system can handle PAP 145 | authentication at a rate of 10k packets/s. However, SSL involves 146 | RSA calculations, which are very expensive. To benchmark your system, 147 | do: 148 | 149 | $ openssl speed rsa 150 | 151 | or 152 | 153 | $ openssl speed rsa2048 154 | 155 | to test 2048 bit keys. 156 | 157 | A 1GHz system will likely do 30 calculations/s. A 2Ghz system may 158 | do 50 calculations/s, or more. That number is also the number of 159 | authentications/s that can be done for EAP-TLS (or TTLS, or PEAP). 160 | 161 | 162 | COMPATIBILITY 163 | 164 | The certificates created using this method are known to be compatible 165 | with ALL operating systems. Some common issues are: 166 | 167 | - Windows requires certain OID's in the certificates. If it doesn't 168 | see them, it will stop doing EAP. The most visibile effect is 169 | that the client starts EAP, gets a few Access-Challenge packets, 170 | and then a little while later re-starts EAP. If this happens, see 171 | the FAQ, and the comments in raddb/eap.conf for how to fix it. 172 | 173 | - Windows requires the root certificates to be on the client PC. 174 | If it doesn't have them, you will see the same issue as above. 175 | 176 | - Windows XP post SP2 has a bug where it has problems with 177 | certificate chains. i.e. if the server certificate is an 178 | intermediate one, and not a root one, then authentication will 179 | silently fail, as above. 180 | 181 | - Some versions of Windows CE cannot handle 4K RSA certificates. 182 | They will (again) silently fail, as above. 183 | 184 | - In none of these cases will Windows give the end user any 185 | reasonable error message describing what went wrong. This leads 186 | people to blame the RADIUS server. That blame is misplaced. 187 | 188 | - Certificate chains of more than 64K bytes are known to not work. 189 | This is a problem in FreeRADIUS. However, most clients cannot 190 | handle 64K certificate chains. Most Access Points will shut down 191 | the EAP session after about 50 round trips, while 64K certificate 192 | chains will take about 60 round trips. So don't use large 193 | certificate chains. They will only work after everyone upgrade 194 | everything in the network. 195 | 196 | - All other operating systems are known to work with EAP and 197 | FreeRADIUS. This includes Linux, *BSD, Mac OS X, Solaris, 198 | Symbian, along with all known embedded systems, phones, WiFi 199 | devices, etc. 200 | 201 | - Someone needs to ask Microsoft to please stop making life hard for 202 | their customers. 203 | 204 | 205 | SECURITY CONSIDERATIONS 206 | 207 | The default certificate configuration files uses MD5 for message 208 | digests, to maintain compatibility with network equipment that 209 | supports only this algorithm. 210 | 211 | MD5 has known weaknesses and is discouraged in favor of SHA1 (see 212 | http://www.kb.cert.org/vuls/id/836068 for details). If your network 213 | equipment supports the SHA1 signature algorithm, we recommend that you 214 | change the "ca.cnf", "server.cnf", and "client.cnf" files to specify 215 | the use of SHA1 for the certificates. To do this, change the 216 | 'default_md' entry in those files from 'md5' to 'sha1'. 217 | -------------------------------------------------------------------------------- /scripts/hostapd/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 6 | 7 | # Hyperboria DNS servers 8 | H_DNS_SERVER_0="fc4d:c8e5:9efe:9ac2:8e72:fcf7:6ce8:39dc" 9 | H_DNS_SERVER_1="fc6e:691e:dfaa:b992:a10a:7b49:5a1a:5e09" 10 | H_DNS_SERVER_2="fc16:b44c:2bf9:467:8098:51c6:5849:7b4f" 11 | H_DNS_SERVER_3="fc41:47b9:dd78:ff21:1b24:dab8:3f81:168e" 12 | 13 | # Internet DNS servers 14 | I_DNS_SERVER_0="1.1.1.1" 15 | I_DNS_SERVER_1="1.0.0.1" 16 | 17 | # Yggdrasil subnetting 18 | YGG_SUBNET=$(sudo yggdrasilctl getSelf | grep "IPv6 subnet" | awk '{print $3}') 19 | # End subnet with ::, so either 1/64 or /64 can be added to end later as needed 20 | YGG_SUBNET=${YGG_SUBNET:0:-3} 21 | 22 | # Install packages to run IEEE 802.11 Access Point 23 | sudo apt-get install hostapd radvd dnsmasq iptables -y 24 | 25 | echo "allow-hotplug wlan-ap" | sudo tee --append /etc/network/interfaces.d/wlan-ap > /dev/null 26 | echo "iface wlan-ap inet static" | sudo tee --append /etc/network/interfaces.d/wlan-ap > /dev/null 27 | echo " address 10.0.0.1" | sudo tee --append /etc/network/interfaces.d/wlan-ap > /dev/null 28 | echo " netmask 255.255.255.0" | sudo tee --append /etc/network/interfaces.d/wlan-ap > /dev/null 29 | echo " network 10.0.0.0" | sudo tee --append /etc/network/interfaces.d/wlan-ap > /dev/null 30 | echo " broadcast 10.0.0.255" | sudo tee --append /etc/network/interfaces.d/wlan-ap > /dev/null 31 | echo "iface wlan-ap inet6 static" | sudo tee --append /etc/network/interfaces.d/wlan-ap > /dev/null 32 | 33 | if [ "$(command -v yggdrasil)" ]; then 34 | echo " address ${YGG_SUBNET}1/64" | sudo tee --append /etc/network/interfaces.d/wlan-ap > /dev/null 35 | else 36 | echo " address fdfc::2" | sudo tee --append /etc/network/interfaces.d/wlan-ap > /dev/null 37 | fi 38 | 39 | echo " netmask 64" | sudo tee --append /etc/network/interfaces.d/wlan-ap > /dev/null 40 | echo "" | sudo tee --append /etc/network/interfaces.d/wlan-ap > /dev/null 41 | 42 | # Enable packet forwarding 43 | sudo cp /etc/sysctl.conf /etc/sysctl.conf.bak 44 | sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf 45 | sudo sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/' /etc/sysctl.conf 46 | 47 | # Get network name and password 48 | APSSID="$(cat /etc/hostname)" 49 | 50 | # Select wpa-eap or wpa-psk 51 | read -p "Use WPA-EAP (Y) or WPA2-PSK (n) for WiFi Access Point $APSSID? " -n 1 -r 52 | echo "" 53 | if [[ $REPLY =~ ^[Nn]$ ]]; then 54 | USE_EAP=false 55 | while [ "${#APPASS}" -lt 8 ] || [ "${#APPASS}" -gt 63 ]; do 56 | read -r -p "Set WPA2-PSK password (8-63 characters): " APPASS; 57 | done 58 | else 59 | USE_EAP=true 60 | while [ "${#APPASS}" -lt 8 ] || [ "${#APPASS}" -gt 63 ]; do 61 | read -r -p "Set WPA-EAP password (8-63 characters) for user \"guest\": " APPASS; 62 | done 63 | fi 64 | 65 | # Configure network with hostapd 66 | sudo cp "$BASE_DIR/nat.sh" /etc/hostapd/nat.sh 67 | if [ "$USE_EAP" = true ]; then 68 | # Configure hostapd for wpa-eap 69 | sudo cp "$BASE_DIR/wpa-eap/hostapd.conf" /etc/hostapd/hostapd.conf 70 | sudo echo "ssid=$APSSID" | sudo tee --append /etc/hostapd/hostapd.conf > /dev/null 71 | sudo cp "$BASE_DIR/wpa-eap/hostapd.eap_user" /etc/hostapd/hostapd.eap_user 72 | sudo echo "\"guest\" MSCHAPV2 \"$APPASS\" [2]" | sudo tee --append /etc/hostapd/hostapd.eap_user > /dev/null 73 | 74 | # Generate wpa-eap certificates 75 | cp -r "$BASE_DIR/wpa-eap/certs" "$BASE_DIR/tmp" 76 | /bin/bash "$BASE_DIR/tmp/bootstrap" 77 | sudo cp "$BASE_DIR/tmp/ca.pem" /etc/hostapd/ca.pem 78 | sudo cp "$BASE_DIR/tmp/server.pem" /etc/hostapd/server.pem 79 | rm -rf "$BASE_DIR/tmp" 80 | else 81 | # Configure hostapd for wpa-psk 82 | sudo cp "$BASE_DIR/wpa-psk/hostapd.conf" /etc/hostapd/hostapd.conf 83 | sudo echo "ssid=$APSSID" | sudo tee --append /etc/hostapd/hostapd.conf > /dev/null 84 | sudo echo "wpa_passphrase=$APPASS" | sudo tee --append /etc/hostapd/hostapd.conf > /dev/null 85 | fi 86 | 87 | # Configure DHCP with dnsmasq 88 | if [ -f /etc/dnsmasq.conf ]; then 89 | sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bak 90 | fi 91 | 92 | # Use Hyperboria DNS addressses if h-dns is enabled 93 | sudo cp "$BASE_DIR/dnsmasq.conf" /etc/dnsmasq.conf 94 | if [ -n "$WITH_H_DNS" ] && [ "$WITH_H_DNS" == "true" ]; then 95 | echo "server=$H_DNS_SERVER_0" | sudo tee --append /etc/dnsmasq.conf 96 | echo "server=$H_DNS_SERVER_1" | sudo tee --append /etc/dnsmasq.conf 97 | echo "server=$H_DNS_SERVER_2" | sudo tee --append /etc/dnsmasq.conf 98 | echo "server=$H_DNS_SERVER_3" | sudo tee --append /etc/dnsmasq.conf 99 | elif [ -n "$WITH_CJDNS_IPTUNNEL" ] && [ "$WITH_CJDNS_IPTUNNEL" ]; then 100 | echo "server=$I_DNS_SERVER_0" | sudo tee --append /etc/dnsmasq.conf 101 | echo "server=$I_DNS_SERVER_1" | sudo tee --append /etc/dnsmasq.conf 102 | fi 103 | 104 | if [ -f /etc/dhcpcd.conf ]; then 105 | sudo cp /etc/dhcpcd.conf /etc/dhcpcd.conf.bak 106 | sudo echo "" | sudo tee --append /etc/dhcpcd.conf > /dev/null 107 | sudo echo "denyinterfaces wlan-ap" | sudo tee --append /etc/dhcpcd.conf > /dev/null 108 | fi 109 | 110 | # Setup radvd 111 | cp "$BASE_DIR/radvd.conf" /tmp 112 | if [ "$(command -v yggdrasil)" ]; then 113 | # Setup Yggdrasil radvd prefix for subnetting 114 | sed -i "s/fdfc::\/64/${YGG_SUBNET}\/64/" /tmp/radvd.conf 115 | fi 116 | sudo mv /tmp/radvd.conf /etc 117 | sudo systemctl daemon-reload 118 | sudo systemctl enable radvd.service 119 | sudo systemctl start radvd.service 120 | 121 | # Enable hostapd service 122 | if [ -f /etc/default/hostapd ]; then 123 | sed '\?^DAEMON_CONF?d' /etc/default/hostapd | sudo tee /etc/default/hostapd > /dev/null 124 | sudo echo DAEMON_CONF="/etc/hostapd.conf" | sudo tee --append /etc/default/hostapd > /dev/null 125 | fi 126 | 127 | # remove existing file that may be masking the service 128 | sudo rm -rf /etc/systemd/system/hostapd.service 129 | 130 | sudo cp "$BASE_DIR/hostapd.service" /etc/systemd/system/hostapd.service 131 | sudo systemctl daemon-reload 132 | sudo systemctl enable hostapd.service 133 | 134 | # Find onboard adapter by driver and lock to wlan-ap 135 | for wlanfile in /sys/class/net/wlan*; do 136 | wlan="$(basename "$wlanfile")" 137 | driverPath=$(readlink "/sys/class/net/$wlan/device/driver") 138 | driver=$(basename "$driverPath") 139 | # mac="$(cat /sys/class/net/$wlan/address)" 140 | if [[ "$driver" == "xradio_wlan" || "$driver" == "brcm80211" || "$driver" == "brcmfmac" || "$driver" == "rtl8189fs" ]]; then 141 | # shellcheck disable=SC2034 142 | askModule "WITH_ONBOARD_WIFI" "HostAP - Found an onboard WiFi. Configure it as an Access Point?" "y" 143 | if [ "$(checkModule 'WITH_ONBOARD_WIFI')" ]; then 144 | echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"$driver\", ATTR{dev_id}==\"0x0\", ATTR{type}==\"1\", KERNEL==\"wlan*\", NAME=\"wlan-ap\"" | 145 | sudo tee /etc/udev/rules.d/70-persistent-net.rules 146 | fi 147 | else 148 | # shellcheck disable=SC2034 149 | WITH_ONBOARD_WIFI=false 150 | fi 151 | done 152 | 153 | if [ ! "$(checkModule 'WITH_ONBOARD_WIFI')" ]; then 154 | askModule "WITH_EXTERNAL_WIFI" "HostAP - Configure External WiFi adapter as an Access Point?" "n" 155 | fi 156 | if [ "$(checkModule 'WITH_EXTERNAL_WIFI')" ]; then 157 | 158 | askSelection "Pin adapter by" "1 Mac\n2 Driver" 159 | # shellcheck disable=SC2154 160 | pinBy=$dialogREPLY 161 | pinByName[1]="Mac" 162 | pinByName[2]="Driver" 163 | pinBy=${pinByName[$pinBy]} 164 | 165 | OPTION="" 166 | i=0 167 | for wlanfile in /sys/class/net/wlan*; do 168 | wlan="$(basename "$wlanfile")" 169 | mac="$(cat /sys/class/net/"$wlan"/address)" 170 | driver="$(basename "$(readlink /sys/class/net/"$wlan"/device/driver)")" 171 | i=$((i+1)) 172 | DRIVER[$i]=$driver 173 | MAC[$i]=$mac 174 | OPTION="${OPTION} \\n $i $mac $driver" 175 | done 176 | askSelection "Select wireless adapter $pinBy to pin" "$OPTION" 177 | driver="${DRIVER[$dialogREPLY]}" 178 | mac="${MAC[$dialogREPLY]}" 179 | 180 | if [ -z "$mac" ]; then 181 | echo "Error unknown response $dialogREPLY" 182 | exit 183 | else 184 | if [[ "$pinBy" == "Mac" ]]; then 185 | echo "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"$mac\", ATTR{dev_id}==\"0x0\", ATTR{type}==\"1\", KERNEL==\"wlan*\", NAME=\"wlan-ap\"" | 186 | sudo tee /etc/udev/rules.d/70-persistent-net.rules 187 | fi 188 | if [[ "$pinBy" == "Driver" ]]; then 189 | echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVER==\"$driver\", ATTR{dev_id}==\"0x0\", ATTR{type}==\"1\", KERNEL==\"wlan*\", NAME=\"wlan-ap\"" | 190 | sudo tee /etc/udev/rules.d/70-persistent-net.rules 191 | fi 192 | fi 193 | fi 194 | 195 | # dnsmasq for some reason won't bind to the hostapd on Orange Pi, restarting it works 196 | if ! grep -q dnsmasq /etc/rc.local; then 197 | sudo sed -i 's/^exit 0/service dnsmasq restart\nexit 0/' /etc/rc.local 198 | fi 199 | 200 | if ! grep -q rfkill /etc/rc.local; then 201 | sudo sed -i 's/^exit 0/rfkill unblock wifi \&\& service hostapd restart\nexit 0/' /etc/rc.local 202 | fi 203 | 204 | # Apply wpa_supplicant patch 205 | # shellcheck disable=SC2024 206 | if [ -f /lib/dhcpcd/dhcpcd-hooks/10-wpa_supplicant ]; then 207 | sudo patch -F99 -p2 -N -d / < "$BASE_DIR/wpa-patch.diff" 208 | echo "wlan-ap" | sudo tee /etc/wpa_devices 209 | fi 210 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # prototype-cjdns-pi 2 | 3 | [![Build Status](https://travis-ci.org/tomeshnet/prototype-cjdns-pi.svg?branch=master)](https://travis-ci.org/tomeshnet/prototype-cjdns-pi) 4 | 5 | The following instructions will help you set up an encrypted mesh network on Raspberry Pi's. It takes about 15 minutes to set up a node with the Pi 3. Obviously, to have a mesh you will need more than one node. 6 | 7 | The software also supports Debian running on x86 and x64 boards, and many board that run [Armbian](https://www.armbian.com/) (such as many models of Orange Pi hardware family). The same installation steps can be followed, except you would flash the SD card with Armbian instead of Raspbian or have Debian installed onto the computer. See [Hardware Table](#hardware-table) for the full list of supported hardware and check for board specific installation details in our [Frequently Asked Questions](./docs/FAQ.md). 8 | 9 | ## Set Up 10 | 11 | 1. Make sure you have the following items: 12 | 13 | * Raspberry Pi Zero, 1, 2, 3 (Pi 3 recommended), or for advanced users other [compatible hardware](#hardware-table) 14 | * An SD card that works with the Pi 15 | * **Optional:** A USB WiFi adapter: 16 | * For [802.11s Mesh Point](https://github.com/o11s/open80211s/wiki/HOWTO) wireless links (recommended), device such as the [TP-LINK TL-WN722N v1](http://www.tp-link.com/en/products/details/TL-WN722N.html), [Toplinkst TOP-GS07](https://github.com/tomeshnet/documents/blob/master/technical/20170208_mesh-point-with-topgs07-rt5572.md) or [another supported device](https://github.com/phillymesh/802.11s-adapters/blob/master/README.md). 17 | * For [ad-hoc](https://en.wikipedia.org/wiki/Wireless_ad_hoc_network) wireless links (experimental), any device that supports linux and ad-hoc. 18 | 19 | 1. Flash the SD card with [Raspbian Buster Lite](https://www.raspberrypi.org/downloads/raspbian/). 20 | 21 | 1. Create an empty file named **ssh** to enable SSH when the Pi boots: 22 | 23 | ``` 24 | $ touch /path/to/sd/boot/ssh 25 | ``` 26 | 27 | 1. Plug the SD card and USB WiFi adapter into the Pi. 28 | 29 | 1. Plug the Pi into your router so it has connectivity to the Internet. SSH into the Pi with `ssh pi@raspberrypi.local` and password **raspberry**. 30 | 31 | **Optional:** There are other ways to connect, such as connecting the Pi to your computer and sharing Internet to it. If you have multiple Pi's connected to your router, find their IPs with `nmap -sn 192.168.X.0/24` (where 192.168.X is your subnet) and SSH to the local IP assigned to the Pi you want to address `ssh pi@192.168.X.Y`. 32 | 33 | **Note:** After the install the node will be renamed to `tomesh-xxxx` where `xxxx` is the last 4 characters of your CJDNS address. Before the reboot the node will notify you of what the name is. 34 | 35 | 1. In your SSH session, run `passwd` and change your login password. It is very important to choose a strong password so others cannot remotely access your Pi. 36 | 37 | 1. Run the following, then let the installation complete. After about 5 minutes the Pi will reboot: 38 | 39 | ``` 40 | $ wget https://raw.githubusercontent.com/tomeshnet/prototype-cjdns-pi/master/scripts/install && chmod +x install && ./install 41 | ``` 42 | 43 | ## Modules 44 | 45 | During the installation, you may be able to pick a profile, or choose between many modules. To learn what each module is for, look at [MODULES.md](./docs/MODULES.md). This is important for the installation. 46 | 47 | There is also the [contrib](./contrib/) folder for software that has been contributed to the project, but which might not actually be maintained by the core developers. 48 | 49 | ## Check Status 50 | 51 | 1. Give the Pi about 15 seconds to reboot and SSH back into it. You should find the status of your mesh node automatically printed. You can also print this anytime by running `status`. 52 | 53 | 2. Verify that **cjdns Service** is active, and **Mesh Interface** (if applicable). The **NODE** section should display a single IPv6 address, that's the identity of your Pi in the cjdns mesh. The **PEERS** section should indicate a list of IPv6 addresses that are active peers to your node. This list will be empty, until you have another nearby node with the same set up. 54 | 55 | ## Network Benchmark 56 | 57 | You can benchmark the network throughput with more than one node. Let's name our two Pi's **Hillary** and **Friend**. 58 | 59 | 1. SSH to Friend and note its IPv6. 60 | 61 | 1. Run `iperf3 -s` to start listening. Do not end the SSH session. 62 | 63 | 1. In another Terminal session, SSH to Hillary and run `iperf3 -c FRIEND_IPV6`. You should start seeing Hillary sending encrypted packets to her Friend. See [phillymesh/cjdns-optimizations](https://github.com/phillymesh/cjdns-optimizations) for expected throughput. 64 | 65 | ## Update & Uninstall 66 | 67 | To uninstall the services, run `./prototype-cjdns-pi/scripts/uninstall`. 68 | 69 | If you are updating, run the same uninstall script, but keep all configuration files and data directories when prompted, remove the **prototype-cjdns-pi** directory along with the **install** script, then repeat the last installation step. 70 | 71 | ## Experimental Support for Other Boards 72 | 73 | We have added support for other single board computers such as the [Orange Pi](http://www.orangepi.org) family of boards. So far all the boards that have been tested support [Armbian](http://www.armbian.com) and usualy our install script needs no modification to work. To use one of these boards start with the Armbian nightly images linked in the table below, then follow the same installation steps as the Raspberry Pi. Below is a table of boards we have tested and some metrics of what you can expect from the board. 74 | 75 | ## Hardware Table 76 | 77 | List of tested hardware: 78 | 79 | | Hardware | Base OS | [CJDNS Benchmark](https://github.com/phillymesh/cjdns-optimizations) (salsa20/poly1305, switching) | iPerf3 | USB | Ethernet | Notes | 80 | | :-------------------------|:----------------|:--------------------------------------------------------------------------------------------------------------|:-------|:----|:---------|:---------| 81 | | Genericx x86 | Debian 9 | | | | | Performance depended on underlying hardware. | 82 | | Raspberry Pi 4B (2GB ram) | [Raspbian Lite](https://www.raspberrypi.org/downloads/raspbian/) | 650k, 230k | ~160 Mbps| 4 | 10/100/1000 | Onboard wifi dual band | 83 | | Raspberry Pi 3b+ | [Raspbian Lite](https://www.raspberrypi.org/downloads/raspbian/) | 405k, 119k | ~90 Mbps| 4 | 10/100/1000 | Eth only ~320mbps. Onboard wifi dual band | 84 | | Raspberry Pi 3b | [Raspbian Lite](https://www.raspberrypi.org/downloads/raspbian/) | 350k, 100k | 89 Mbps | 4 | 10/100 | | 85 | | Raspberry Pi 2b | [Raspbian Lite](https://www.raspberrypi.org/downloads/raspbian/) | 145k, 55k | 39 Mbps | 4 | 10/100 | | 86 | | Raspberry Pi 1a+ | [Raspbian Lite](https://www.raspberrypi.org/downloads/raspbian/) | 35k, - | ~9 Mbps | 1 | None | | 87 | | Raspberry Pi 1b+ | [Raspbian Lite](https://www.raspberrypi.org/downloads/raspbian/) | 51k, 22k | ~8 Mbps | 2 | 10/100 | | 88 | | Raspberry Pi Zero | [Raspbian Lite](https://www.raspberrypi.org/downloads/raspbian/) | 68k, 30k | ~9 Mbps | 1* | None | *Need OTG Cable No FPV | 89 | | Orange Pi Lite | [Armbian](https://dl.armbian.com/orangepilite/) | 160k, 74k | 67 Mbps | 2 | None | | 90 | | Orange Pi One | [Armbian](https://dl.armbian.com/orangepione/) | 160k, 74k | 67 Mbps | 1 | 10/100 | | 91 | | Orange Pi Zero | [Armbian](https://dl.armbian.com/orangepizero/) | 160k, 74k | 67 Mbps | 1 (+2*) | 10/100 | *USB Headers | 92 | | Orange Pi Zero Plus 2 H5 | [Armbian](https://dl.armbian.com/orangepizeroplus2-h5/) | 190k, 130K | 80 Mbps | 0 (+2*) | None | *USB Headers | 93 | | NanoPi Neo 2 | [Armbian](https://dl.armbian.com/nanopineo2/) | 160k, 95K | 67 Mbps | 1 (+2*) | 10/100/1000 | *USB Headers, Gigabit Eth | 94 | | Rock64 | [Armbian](https://dl.armbian.com/rock64/) | 255k, 168K | 94 Mbps | 3 | 10/100/1000 | 1 USB 3.0, Gigabit Eth | 95 | | Pine64 | [Armbian](https://dl.armbian.com/pine64/) | 227k, 151k | 78 Mbps | 2 | 10/100/1000 | Gigabit Eth | 96 | | ESPRESSObin | [Armbian](https://dl.armbian.com/espressobin/) | 186k, 128K | 73 Mbps | 2 | 10/100/1000 | 1 USB 3.0, 3x Gigabit Eth, SATA, mPCIe. Use stable and apt-get upgrade after boot | 97 | | MK802ii | Debian | 30k, 40k | 25Mbps | | | Android box. Single core. Onboard WiFi supports Mesh Point | 98 | 99 | ## Development 100 | 101 | You can install from a specific tag or branch, such as `develop`, with: 102 | 103 | ``` 104 | $ wget https://raw.githubusercontent.com/tomeshnet/prototype-cjdns-pi/develop/scripts/install && chmod +x install && TAG_PROTOTYPE_CJDNS_PI=develop ./install 105 | ``` 106 | 107 | If you are developing on a forked repository, such as `me/prototype-cjdns-pi`, then: 108 | 109 | ``` 110 | $ wget https://raw.githubusercontent.com/me/prototype-cjdns-pi/develop/scripts/install && chmod +x install && GIT_PROTOTYPE_CJDNS_PI="https://github.com/me/prototype-cjdns-pi.git" TAG_PROTOTYPE_CJDNS_PI=develop ./install 111 | ``` 112 | 113 | To add a new module, use **scripts/ipfs/** as an example to: 114 | 115 | * Create a `WITH_NEW_MODULE` tag 116 | * Create **scripts/new-module/install** and **scripts/new-module/uninstall** 117 | * Make corresponding references in the main **install**, **install2**, **status**, **uninstall** files 118 | 119 | ## Notes 120 | 121 | * We keep a list of [Frequently Asked Questions](./docs/FAQ.md). Feel free to add to this list with the issues you experienced on your boards. 122 | 123 | * We have a [Troubleshooting](./docs/TROUBLESHOOT.md) doc with information to point you in the right direction of some common problems. 124 | 125 | * Your computer can be a node too! It will mesh with the Pi's over your router. See the [cjdns repository](https://github.com/cjdelisle/cjdns) on how to set this up. You can now also install this prototype stack on debian/ubuntu PC hardware. This includes a Virtual Machine. 126 | 127 | * Original plan for this repository and early benchmark results are available in [the doc folder](./docs). 128 | -------------------------------------------------------------------------------- /scripts/nginx/vis-network.min.css: -------------------------------------------------------------------------------- 1 | .vis .overlay{position:absolute;top:0;left:0;width:100%;height:100%;z-index:10}.vis-active{box-shadow:0 0 10px #86d5f8}.vis [class*=span]{min-height:0;width:auto}div.vis-configuration{position:relative;display:block;float:left;font-size:12px}div.vis-configuration-wrapper{display:block;width:700px}div.vis-configuration-wrapper::after{clear:both;content:"";display:block}div.vis-configuration.vis-config-option-container{display:block;width:495px;background-color:#fff;border:2px solid #f7f8fa;border-radius:4px;margin-top:20px;left:10px;padding-left:5px}div.vis-configuration.vis-config-button{display:block;width:495px;height:25px;vertical-align:middle;line-height:25px;background-color:#f7f8fa;border:2px solid #ceced0;border-radius:4px;margin-top:20px;left:10px;padding-left:5px;cursor:pointer;margin-bottom:30px}div.vis-configuration.vis-config-button.hover{background-color:#4588e6;border:2px solid #214373;color:#fff}div.vis-configuration.vis-config-item{display:block;float:left;width:495px;height:25px;vertical-align:middle;line-height:25px}div.vis-configuration.vis-config-item.vis-config-s2{left:10px;background-color:#f7f8fa;padding-left:5px;border-radius:3px}div.vis-configuration.vis-config-item.vis-config-s3{left:20px;background-color:#e4e9f0;padding-left:5px;border-radius:3px}div.vis-configuration.vis-config-item.vis-config-s4{left:30px;background-color:#cfd8e6;padding-left:5px;border-radius:3px}div.vis-configuration.vis-config-header{font-size:18px;font-weight:700}div.vis-configuration.vis-config-label{width:120px;height:25px;line-height:25px}div.vis-configuration.vis-config-label.vis-config-s3{width:110px}div.vis-configuration.vis-config-label.vis-config-s4{width:100px}div.vis-configuration.vis-config-colorBlock{top:1px;width:30px;height:19px;border:1px solid #444;border-radius:2px;padding:0;margin:0;cursor:pointer}input.vis-configuration.vis-config-checkbox{left:-5px}input.vis-configuration.vis-config-rangeinput{position:relative;top:-5px;width:60px;padding:1px;margin:0;pointer-events:none}input.vis-configuration.vis-config-range{-webkit-appearance:none;border:0 solid #fff;background-color:rgba(0,0,0,0);width:300px;height:20px}input.vis-configuration.vis-config-range::-webkit-slider-runnable-track{width:300px;height:5px;background:#dedede;background:-moz-linear-gradient(top,#dedede 0,#c8c8c8 99%);background:-webkit-gradient(linear,left top,left bottom,color-stop(0,#dedede),color-stop(99%,#c8c8c8));background:-webkit-linear-gradient(top,#dedede 0,#c8c8c8 99%);background:-o-linear-gradient(top,#dedede 0,#c8c8c8 99%);background:-ms-linear-gradient(top,#dedede 0,#c8c8c8 99%);background:linear-gradient(to bottom,#dedede 0,#c8c8c8 99%);border:1px solid #999;box-shadow:#aaa 0 0 3px 0;border-radius:3px}input.vis-configuration.vis-config-range::-webkit-slider-thumb{-webkit-appearance:none;border:1px solid #14334b;height:17px;width:17px;border-radius:50%;background:#3876c2;background:-moz-linear-gradient(top,#3876c2 0,#385380 100%);background:-webkit-gradient(linear,left top,left bottom,color-stop(0,#3876c2),color-stop(100%,#385380));background:-webkit-linear-gradient(top,#3876c2 0,#385380 100%);background:-o-linear-gradient(top,#3876c2 0,#385380 100%);background:-ms-linear-gradient(top,#3876c2 0,#385380 100%);background:linear-gradient(to bottom,#3876c2 0,#385380 100%);box-shadow:#111927 0 0 1px 0;margin-top:-7px}input.vis-configuration.vis-config-range:focus{outline:0}input.vis-configuration.vis-config-range:focus::-webkit-slider-runnable-track{background:#9d9d9d;background:-moz-linear-gradient(top,#9d9d9d 0,#c8c8c8 99%);background:-webkit-gradient(linear,left top,left bottom,color-stop(0,#9d9d9d),color-stop(99%,#c8c8c8));background:-webkit-linear-gradient(top,#9d9d9d 0,#c8c8c8 99%);background:-o-linear-gradient(top,#9d9d9d 0,#c8c8c8 99%);background:-ms-linear-gradient(top,#9d9d9d 0,#c8c8c8 99%);background:linear-gradient(to bottom,#9d9d9d 0,#c8c8c8 99%)}input.vis-configuration.vis-config-range::-moz-range-track{width:300px;height:10px;background:#dedede;background:-moz-linear-gradient(top,#dedede 0,#c8c8c8 99%);background:-webkit-gradient(linear,left top,left bottom,color-stop(0,#dedede),color-stop(99%,#c8c8c8));background:-webkit-linear-gradient(top,#dedede 0,#c8c8c8 99%);background:-o-linear-gradient(top,#dedede 0,#c8c8c8 99%);background:-ms-linear-gradient(top,#dedede 0,#c8c8c8 99%);background:linear-gradient(to bottom,#dedede 0,#c8c8c8 99%);border:1px solid #999;box-shadow:#aaa 0 0 3px 0;border-radius:3px}input.vis-configuration.vis-config-range::-moz-range-thumb{border:none;height:16px;width:16px;border-radius:50%;background:#385380}input.vis-configuration.vis-config-range:-moz-focusring{outline:1px solid #fff;outline-offset:-1px}input.vis-configuration.vis-config-range::-ms-track{width:300px;height:5px;background:0 0;border-color:transparent;border-width:6px 0;color:transparent}input.vis-configuration.vis-config-range::-ms-fill-lower{background:#777;border-radius:10px}input.vis-configuration.vis-config-range::-ms-fill-upper{background:#ddd;border-radius:10px}input.vis-configuration.vis-config-range::-ms-thumb{border:none;height:16px;width:16px;border-radius:50%;background:#385380}input.vis-configuration.vis-config-range:focus::-ms-fill-lower{background:#888}input.vis-configuration.vis-config-range:focus::-ms-fill-upper{background:#ccc}.vis-configuration-popup{position:absolute;background:rgba(57,76,89,.85);border:2px solid #f2faff;line-height:30px;height:30px;width:150px;text-align:center;color:#fff;font-size:14px;border-radius:4px;-webkit-transition:opacity .3s ease-in-out;-moz-transition:opacity .3s ease-in-out;transition:opacity .3s ease-in-out}.vis-configuration-popup:after,.vis-configuration-popup:before{left:100%;top:50%;border:solid transparent;content:" ";height:0;width:0;position:absolute;pointer-events:none}.vis-configuration-popup:after{border-color:rgba(136,183,213,0);border-left-color:rgba(57,76,89,.85);border-width:8px;margin-top:-8px}.vis-configuration-popup:before{border-color:rgba(194,225,245,0);border-left-color:#f2faff;border-width:12px;margin-top:-12px}div.vis-tooltip{position:absolute;visibility:hidden;padding:5px;white-space:nowrap;font-family:verdana;font-size:14px;color:#000;background-color:#f5f4ed;-moz-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;border:1px solid #808074;box-shadow:3px 3px 10px rgba(0,0,0,.2);pointer-events:none;z-index:5}div.vis-color-picker{position:absolute;top:0;left:30px;margin-top:-140px;margin-left:30px;width:310px;height:444px;z-index:1;padding:10px;border-radius:15px;background-color:#fff;display:none;box-shadow:rgba(0,0,0,.5) 0 0 10px 0}div.vis-color-picker div.vis-arrow{position:absolute;top:147px;left:5px}div.vis-color-picker div.vis-arrow::after,div.vis-color-picker div.vis-arrow::before{right:100%;top:50%;border:solid transparent;content:" ";height:0;width:0;position:absolute;pointer-events:none}div.vis-color-picker div.vis-arrow:after{border-color:rgba(255,255,255,0);border-right-color:#fff;border-width:30px;margin-top:-30px}div.vis-color-picker div.vis-color{position:absolute;width:289px;height:289px;cursor:pointer}div.vis-color-picker div.vis-brightness{position:absolute;top:313px}div.vis-color-picker div.vis-opacity{position:absolute;top:350px}div.vis-color-picker div.vis-selector{position:absolute;top:137px;left:137px;width:15px;height:15px;border-radius:15px;border:1px solid #fff;background:#4c4c4c;background:-moz-linear-gradient(top,#4c4c4c 0,#595959 12%,#666 25%,#474747 39%,#2c2c2c 50%,#000 51%,#111 60%,#2b2b2b 76%,#1c1c1c 91%,#131313 100%);background:-webkit-gradient(linear,left top,left bottom,color-stop(0,#4c4c4c),color-stop(12%,#595959),color-stop(25%,#666),color-stop(39%,#474747),color-stop(50%,#2c2c2c),color-stop(51%,#000),color-stop(60%,#111),color-stop(76%,#2b2b2b),color-stop(91%,#1c1c1c),color-stop(100%,#131313));background:-webkit-linear-gradient(top,#4c4c4c 0,#595959 12%,#666 25%,#474747 39%,#2c2c2c 50%,#000 51%,#111 60%,#2b2b2b 76%,#1c1c1c 91%,#131313 100%);background:-o-linear-gradient(top,#4c4c4c 0,#595959 12%,#666 25%,#474747 39%,#2c2c2c 50%,#000 51%,#111 60%,#2b2b2b 76%,#1c1c1c 91%,#131313 100%);background:-ms-linear-gradient(top,#4c4c4c 0,#595959 12%,#666 25%,#474747 39%,#2c2c2c 50%,#000 51%,#111 60%,#2b2b2b 76%,#1c1c1c 91%,#131313 100%);background:linear-gradient(to bottom,#4c4c4c 0,#595959 12%,#666 25%,#474747 39%,#2c2c2c 50%,#000 51%,#111 60%,#2b2b2b 76%,#1c1c1c 91%,#131313 100%)}div.vis-color-picker div.vis-new-color{position:absolute;width:140px;height:20px;border:1px solid rgba(0,0,0,.1);border-radius:5px;top:380px;left:159px;text-align:right;padding-right:2px;font-size:10px;color:rgba(0,0,0,.4);vertical-align:middle;line-height:20px}div.vis-color-picker div.vis-initial-color{position:absolute;width:140px;height:20px;border:1px solid rgba(0,0,0,.1);border-radius:5px;top:380px;left:10px;text-align:left;padding-left:2px;font-size:10px;color:rgba(0,0,0,.4);vertical-align:middle;line-height:20px}div.vis-color-picker div.vis-label{position:absolute;width:300px;left:10px}div.vis-color-picker div.vis-label.vis-brightness{top:300px}div.vis-color-picker div.vis-label.vis-opacity{top:338px}div.vis-color-picker div.vis-button{position:absolute;width:68px;height:25px;border-radius:10px;vertical-align:middle;text-align:center;line-height:25px;top:410px;border:2px solid #d9d9d9;background-color:#f7f7f7;cursor:pointer}div.vis-color-picker div.vis-button.vis-cancel{left:5px}div.vis-color-picker div.vis-button.vis-load{left:82px}div.vis-color-picker div.vis-button.vis-apply{left:159px}div.vis-color-picker div.vis-button.vis-save{left:236px}div.vis-color-picker input.vis-range{width:290px;height:20px}div.vis-network div.vis-manipulation{box-sizing:content-box;border-width:0;border-bottom:1px;border-style:solid;border-color:#d6d9d8;background:#fff;background:-moz-linear-gradient(top,#fff 0,#fcfcfc 48%,#fafafa 50%,#fcfcfc 100%);background:-webkit-gradient(linear,left top,left bottom,color-stop(0,#fff),color-stop(48%,#fcfcfc),color-stop(50%,#fafafa),color-stop(100%,#fcfcfc));background:-webkit-linear-gradient(top,#fff 0,#fcfcfc 48%,#fafafa 50%,#fcfcfc 100%);background:-o-linear-gradient(top,#fff 0,#fcfcfc 48%,#fafafa 50%,#fcfcfc 100%);background:-ms-linear-gradient(top,#fff 0,#fcfcfc 48%,#fafafa 50%,#fcfcfc 100%);background:linear-gradient(to bottom,#fff 0,#fcfcfc 48%,#fafafa 50%,#fcfcfc 100%);padding-top:4px;position:absolute;left:0;top:0;width:100%;height:28px}div.vis-network div.vis-edit-mode{position:absolute;left:0;top:5px;height:30px}div.vis-network div.vis-close{position:absolute;right:0;top:0;width:30px;height:30px;background-position:20px 3px;background-repeat:no-repeat;background-image:url(img/network/cross.png);cursor:pointer;-webkit-touch-callout:none;-webkit-user-select:none;-khtml-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}div.vis-network div.vis-close:hover{opacity:.6}div.vis-network div.vis-edit-mode div.vis-button,div.vis-network div.vis-manipulation div.vis-button{float:left;font-family:verdana;font-size:12px;-moz-border-radius:15px;border-radius:15px;display:inline-block;background-position:0 0;background-repeat:no-repeat;height:24px;margin-left:10px;cursor:pointer;padding:0 8px 0 8px;-webkit-touch-callout:none;-webkit-user-select:none;-khtml-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}div.vis-network div.vis-manipulation div.vis-button:hover{box-shadow:1px 1px 8px rgba(0,0,0,.2)}div.vis-network div.vis-manipulation div.vis-button:active{box-shadow:1px 1px 8px rgba(0,0,0,.5)}div.vis-network div.vis-manipulation div.vis-button.vis-back{background-image:url(img/network/backIcon.png)}div.vis-network div.vis-manipulation div.vis-button.vis-none:hover{box-shadow:1px 1px 8px transparent;cursor:default}div.vis-network div.vis-manipulation div.vis-button.vis-none:active{box-shadow:1px 1px 8px transparent}div.vis-network div.vis-manipulation div.vis-button.vis-none{padding:0}div.vis-network div.vis-manipulation div.notification{margin:2px;font-weight:700}div.vis-network div.vis-manipulation div.vis-button.vis-add{background-image:url(img/network/addNodeIcon.png)}div.vis-network div.vis-edit-mode div.vis-button.vis-edit,div.vis-network div.vis-manipulation div.vis-button.vis-edit{background-image:url(img/network/editIcon.png)}div.vis-network div.vis-edit-mode div.vis-button.vis-edit.vis-edit-mode{background-color:#fcfcfc;border:1px solid #ccc}div.vis-network div.vis-manipulation div.vis-button.vis-connect{background-image:url(img/network/connectIcon.png)}div.vis-network div.vis-manipulation div.vis-button.vis-delete{background-image:url(img/network/deleteIcon.png)}div.vis-network div.vis-edit-mode div.vis-label,div.vis-network div.vis-manipulation div.vis-label{margin:0 0 0 23px;line-height:25px}div.vis-network div.vis-manipulation div.vis-separator-line{float:left;display:inline-block;width:1px;height:21px;background-color:#bdbdbd;margin:0 7px 0 15px}div.vis-network div.vis-navigation div.vis-button{width:34px;height:34px;-moz-border-radius:17px;border-radius:17px;position:absolute;display:inline-block;background-position:2px 2px;background-repeat:no-repeat;cursor:pointer;-webkit-touch-callout:none;-webkit-user-select:none;-khtml-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}div.vis-network div.vis-navigation div.vis-button:hover{box-shadow:0 0 3px 3px rgba(56,207,21,.3)}div.vis-network div.vis-navigation div.vis-button:active{box-shadow:0 0 1px 3px rgba(56,207,21,.95)}div.vis-network div.vis-navigation div.vis-button.vis-up{background-image:url(img/network/upArrow.png);bottom:50px;left:55px}div.vis-network div.vis-navigation div.vis-button.vis-down{background-image:url(img/network/downArrow.png);bottom:10px;left:55px}div.vis-network div.vis-navigation div.vis-button.vis-left{background-image:url(img/network/leftArrow.png);bottom:10px;left:15px}div.vis-network div.vis-navigation div.vis-button.vis-right{background-image:url(img/network/rightArrow.png);bottom:10px;left:95px}div.vis-network div.vis-navigation div.vis-button.vis-zoomIn{background-image:url(img/network/plus.png);bottom:10px;right:15px}div.vis-network div.vis-navigation div.vis-button.vis-zoomOut{background-image:url(img/network/minus.png);bottom:10px;right:55px}div.vis-network div.vis-navigation div.vis-button.vis-zoomExtends{background-image:url(img/network/zoomExtends.png);bottom:50px;right:15px} --------------------------------------------------------------------------------