Skip to content

N
nayuos-ebuilds
Commit ad395388 authored by iv's avatar iv
Browse files
Options

Make grandenet more understandable.

parent be2e53d1
Hide whitespace changes
Inline Side-by-side
Showing with 94 additions and 94 deletions
net-misc/re6stnet/files/grandenet
View file @ ad395388
...@@ -7,31 +7,43 @@ configfile="${configdir}/re6stnet.conf" ...@@ -7,31 +7,43 @@ configfile="${configdir}/re6stnet.conf"
# shill should not care about these interfaces # shill should not care about these interfaces
blacklist_option="re6stnet-tcp,re6stnet10,re6stnet9,re6stnet8,re6stnet7,re6stnet6,re6stnet5,re6stnet4,re6stnet3,re6stnet2,re6stnet1,tun0,tun1,tun2" blacklist_option="re6stnet-tcp,re6stnet10,re6stnet9,re6stnet8,re6stnet7,re6stnet6,re6stnet5,re6stnet4,re6stnet3,re6stnet2,re6stnet1,tun0,tun1,tun2"
# Require script to be run via sudo, but not as root
if [[ $EUID != 0 ]]; then
echo "This script requires root privileges! However, it may fail if running with root user. Please, run it again and prefix the command by 'sudo'."
exit 1
fi
function configure { function configure {
configoptions=() configoptions=('default')
echo "You are going to generate all the files needed to be able to join the Grandenet network, based on re6st: a resilient overlay mesh network providing IPv6 over IPv4." echo "
read -p "token (you can get one on http://www.grandenet.cn): " token ################ New configuration generation ####################
"
read -p "Please, give your token (you can get one on http://www.grandenet.cn): " token
if [ "${token}" == "" ] ; then if [ "${token}" == "" ] ; then
echo "No token given. Exiting." echo "No token given. Exiting."
exit 1 exit 1
fi fi
read -p "registry [http://re6stnet.grandenet.cn]: " registry read -p "Give the registry you want to use [http://re6stnet.grandenet.cn]: " registry
if [ "${registry}" == "" ] ; then if [ "${registry}" == "" ] ; then
registry="http://re6stnet.grandenet.cn" registry="http://re6stnet.grandenet.cn"
fi fi
read -p "set re6st route as default [Y/n]? " default
if [ "${default}" != "n" -a "${default}" != "N" ] ; then # do not assume everything is clean already
configoptions+=('default') if [[ -f ${configdir} ]] ; then
echo "A file called ${configdir} has been found and removed."
rm "${configdir}"
elif [[ $(ls -A "${configdir}"/* 2> /dev/null) ]] ; then
echo "Some files are into ${configdir}. Moving them to directory ${configdir}/old"
install -d ${configdir}/old && mv "${configdir}"/* "${configdir}/old" 2> /dev/null
fi fi
re6st-conf --registry "${registry}" --token "${token}" --dir "${configdir}" re6st-conf --registry "${registry}" --token "${token}" --dir "${configdir}" || { echo "An error occured while generating the configuration. Created files in '${configdir}': " ; ls "${configdir}" ; echo "Exiting." ; exit 1 ;}
printf '%s\n' "${configoptions[@]}" >> "${configfile}" printf '%s\n' "${configoptions[@]}" >> "${configfile}"
echo " echo "
:FORWARD ACCEPT [0:0] :FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0] :OUTPUT DROP [0:0]
...@@ -42,19 +54,18 @@ function configure { ...@@ -42,19 +54,18 @@ function configure {
-A OUTPUT -p udp -m udp --dport 6696 -j ACCEPT -A OUTPUT -p udp -m udp --dport 6696 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 326 -j ACCEPT -A OUTPUT -p udp -m udp --dport 326 -j ACCEPT
" > "${configdir}/ip6tables.conf" " > "${configdir}/ip6tables.conf"
read -p "save configuration on an external device [Y/n]? " save read -p "Save configuration on an external device [Y/n]? " save
if [ "$save" != "n" -a "$save" != "N" ] ; then if [ "$save" != "n" -a "$save" != "N" ] ; then
save=1
if [[ $(ls -d "${mountpoint}"/*) ]]; then if [[ $(ls -d "${mountpoint}"/*) ]]; then
echo "Detected external partitions:" echo "Mounted external partitions list:"
for mnt in "${mountpoint}"/* ; do for mnt in "${mountpoint}"/* ; do
echo " * $mnt" echo " * $mnt"
done done
else else
echo "no external device partition mounted on ${mountpoint}" echo "No external device partition mounted on ${mountpoint}."
fi fi
read -e -p "Where the configuration directory should be saved (use tabulation for autocompletion): " place read -e -p "A folder called 're6stconf' will be generated in order to backup the freshly created configuration. Where should it be created (use tabulation for autocompletion)? " place
place+="/re6stconf" place+="/re6stconf"
echo "configuration will be saved in $place" echo "configuration will be saved in $place"
...@@ -63,24 +74,29 @@ function configure { ...@@ -63,24 +74,29 @@ function configure {
install "${file}" "${place}" install "${file}" "${place}"
done done
else else
echo "Configuration will be placed in ${configfile}, please do a manual backup later or you could lose your access to this network." echo -e "Configuration will be placed in ${configdir},\e[31m please do a manual backup later or you could lose your access to this network\e[0m."
fi fi
echo "
##################################################################
"
} }
echo "After answering a few questions, you will connect to the Grandenet network, based on re6st, a resilient overlay mesh network providing IPv6." echo "After answering a few questions, you will connect to the Grandenet network, based on re6st, a resilient overlay mesh network providing IPv6."
if [[ $(pgrep re6stnet) ]] ; then if [[ $(pgrep re6stnet) ]] ; then
read -p "re6stnet is already running. Stop it [y/N] ?" stop read -p "re6stnet is already running. Stop it [y/N]? " stop
if [ "$stop" == "y" -o "$stop" == "Y" ] ; then if [ "$stop" == "y" -o "$stop" == "Y" ] ; then
echo "Killing re6stnet process..." echo "Killing re6stnet process..."
killall re6stnet killall re6stnet
# XXX: should only kill other grandenet processes...
killall grandenet
else else
echo "Exiting." echo "Exiting."
exit 0 exit 0
fi fi
fi fi
# there may be a configuration already installed # there may be a configuration already installed
usefound="n" usefound="n"
path="" path=""
...@@ -96,8 +112,8 @@ fi ...@@ -96,8 +112,8 @@ fi
# try to find a saved configuration # try to find a saved configuration
if [ ! -r "${configfile}" ] ; then if [ ! -r "${configfile}" ] ; then
echo "Looking for configuration directory on external devices..." echo "Looking for configuration directory on external devices..."
if [[ $(find "${mountpoint}" -type d | grep re6stconf) ]] ; then path=$(find "${mountpoint}" -maxdepth 3 -type d | grep re6stconf)
path=$(find "${mountpoint}" -type d | grep -m 1 re6stconf) if [ "${path}" != "" ] ; then
read -p "Use configuration directory found at: ${path} [Y/n]? " usefound read -p "Use configuration directory found at: ${path} [Y/n]? " usefound
else else
echo "No configuration directory was found." echo "No configuration directory was found."
...@@ -106,34 +122,36 @@ fi ...@@ -106,34 +122,36 @@ fi
install -d "${configdir}" install -d "${configdir}"
# don't use possibly found configuration(s) # don't use possibly found configuration(s) if specified
if [ "$usefound" == "n" -o "$usefound" == "N" ]; then if [ "$usefound" == "n" -o "$usefound" == "N" ]; then
read -p "Manually give the path (p) or generate new (n) configuration [p/N]? " action read -p "Do you already have a valid configuration that you would like to use (u) or do you need to generate a new configuration (n) [u/N]? " action
if [ "${action}" == "P" -o "${action}" == "p" ] ; then if [ "${action}" == "U" -o "${action}" == "u" ] ; then
read -e -p "Please give a path to the directory containing the re6stnet configuration if you already generated one: " path read -e -p "Please give a path to the directory containing the re6stnet configuration if you already generated one: " path
if [ "$path" == "" ] ; then if [ "$path" == "" ] ; then
echo "No configuration path given. Exiting." echo "No configuration path given. Exiting."
exit 1 exit 1
fi fi
else else
configure || ( echo "Problem occured while generating new configuration. Exiting." && exit 1 ) configure || { echo "Problem occured while generating new configuration. Exiting." ; exit 1 ; }
path=${configdir} path="${configdir}"
fi fi
fi fi
# copy the config if needed got by previous steps # copy the config if needed
if [ ${path} == ${configdir} ]; then if [ "${path}" == "${configdir}" -a -r "${path}/re6stnet.conf" -a -r "${path}/cert.crt" -a -r "${path}/cert.key" -a -r "${path}/ca.crt" ]; then
echo "Using configuration in place." echo "Using existing configuration in '${configdir}'."
elif [ ! -d "$path" ] ; then elif [ ! -d "$path" ] ; then
echo "Invalid path '${path}'. Exiting." echo "Invalid path: '${path}' is not a directory. Exiting."
exit 1 exit 1
elif [ -r "${path}/re6stnet.conf" -a -r "${path}/cert.crt" -a -r "${path}/cert.key" -a -r "${path}/ca.crt" ]; then elif [ -r "${path}/re6stnet.conf" -a -r "${path}/cert.crt" -a -r "${path}/cert.key" -a -r "${path}/ca.crt" ]; then
echo "Copying config to '${configdir}'." echo "Copying config to '${configdir}'..."
for file in "${path}"/* ; do for file in "${path}"/* ; do
install -m 600 "${file}" "${configdir}" install -m 600 "${file}" "${configdir}"
done done
else else
echo "Missing some configuration files in '${path}'. Exiting." echo "Some configuration files are missing in '${path}' so it is not possible to connect to grandenet. Files present are:"
ls ${path}
echo "Try generating another configuration or use a different one next time. Exiting."
exit 1 exit 1
fi fi
...@@ -143,41 +161,23 @@ cp "${configdir}/ip6tables.save" "${configdir}/current_ip6tables.conf" ...@@ -143,41 +161,23 @@ cp "${configdir}/ip6tables.save" "${configdir}/current_ip6tables.conf"
# function to clean up and exit # function to clean up and exit
cleanup() { cleanup() {
printf "\nCleaning up and exiting...\n" echo "
if [ -r "${configdir}/ip6tables.save" ] ; then #################### Cleaning up #################################
echo "Removing changes in ip6tables rules" "
ip6tables-restore < "${configdir}/ip6tables.save" printf "\nCleaning up and exiting...\n"
rm "${configdir}/ip6tables.save" if [ -r "${configdir}/ip6tables.save" ] ; then
rm "${configdir}/current_ip6tables.conf" echo "Removing changes in ip6tables rules"
fi ip6tables-restore < "${configdir}/ip6tables.save"
echo "" rm "${configdir}/ip6tables.save"
exit 0 rm "${configdir}/current_ip6tables.conf"
fi
echo "Stop allowing IPv6 forwarding..."
sysctl net.ipv6.conf.all.forwarding=0 > /dev/null
exit 0
} }
trap cleanup SIGHUP SIGINT SIGTERM trap cleanup SIGHUP SIGINT SIGTERM
# firewall configuration
if [ -r "${configdir}/ip6tables.conf" ] ; then
# remove line containing "COMMIT"
sed -i '/COMMIT/d' "${configdir}/current_ip6tables.conf"
# add few rules
cat "${configdir}/ip6tables.conf" >> "${configdir}/current_ip6tables.conf"
# putting "COMMIT" line back
echo "COMMIT" >> "${configdir}/current_ip6tables.conf"
ip6tables-restore < "${configdir}/current_ip6tables.conf"
else
# accept ports needed for re6stnet
ip6tables -P FORWARD ACCEPT
ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A INPUT -p udp --dport 326 -j ACCEPT
# Accept ports needed for running any webrunner
ip6tables -A INPUT -p tcp --dport 9684 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 50005 -j ACCEPT
fi
# setup shill network manager # setup shill network manager
if [[ $( pgrep -a shill | grep ${blacklist_option} ) ]] ; then if [[ $( pgrep -a shill | grep ${blacklist_option} ) ]] ; then
echo "shill was started with the right blacklist." echo "shill was started with the right blacklist."
...@@ -196,47 +196,47 @@ else ...@@ -196,47 +196,47 @@ else
for i in {0..4} ; do for i in {0..4} ; do
echo -n "." ; sleep 1 echo -n "." ; sleep 1
done done
echo "" echo ""
fi fi
fi fi
read -p "Should the interface accept router advertisement via IPv6 [y/N]? " accept_ra
interface="$( ip -o link show | grep 'state UP' | awk -F': ' '{print $2}')"
read -p "Is '${interface}' the name of the interface that is used to access the Internet (via IPv4) [Y/n]? " confirm # firewall configuration
if [ -r "${configdir}/ip6tables.conf" ] ; then
# remove line containing "COMMIT"
sed -i '/COMMIT/d' "${configdir}/current_ip6tables.conf"
# add few rules
cat "${configdir}/ip6tables.conf" >> "${configdir}/current_ip6tables.conf"
# putting "COMMIT" line back
echo "COMMIT" >> "${configdir}/current_ip6tables.conf"
ip6tables-restore < "${configdir}/current_ip6tables.conf"
else
# accept ports needed for re6stnet
ip6tables -P FORWARD ACCEPT
ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A INPUT -p udp --dport 326 -j ACCEPT
if [ "$confirm" != "y" -a "$confirm" != "Y" -a "$confirm" != "" ] ; then # Accept ports needed for running any webrunner
echo "running interfaces found:" ip6tables -A INPUT -p tcp --dport 9684 -j ACCEPT
echo "$( ip -o link show | awk -F': ' '{print $2}' )" ip6tables -A INPUT -p tcp --dport 50005 -j ACCEPT
read -p "name of the interface used to access the Internet (via IPv4): " interface
fi fi
if [ accept_ra == "y" -o accept_ra == "Y" ] ; then sysctl net.ipv6.conf.all.accept_ra=1
sysctl net.ipv6.conf."${interface}".accept_ra=1 sysctl net.ipv6.conf.all.forwarding=1
else
sysctl net.ipv6.conf."${interface}".accept_ra=0
fi
echo "re6st will start, it may take a few minutes before beeing usable" echo "re6st will start, it may take a few minutes before beeing usable"
# wait a bit, so the user can see it and the message is not lost among re6st log # wait a bit, so the user can see it and the message is not lost among re6st log
for i in {0..2} ; do for i in {0..2} ; do
echo -n "." ; sleep 1 sleep 1
done done
echo "" echo ""
while [[ $( grep default "${configfile}" ) && $( ip -6 r | grep default ) ]] ; do echo "
printf "Default route was found for interface '${interface}':\n $( ip -6 r | grep default )\nwhereas option 'default' is in ${configfile}.\n" ######################### re6st logs #############################
read -p "Use ip route (i) or try restarting shill (s) [I/s]: " choice "
if [ "$choice" != "s" -a "$confirm" != "S" ] ; then
route="$( ip -6 r | grep default | sed 's/ dev .*//' )"
ip -6 route del ${route}
echo removed route: "${route}"
else
restart shill BLACKLISTED_DEVICES="${blacklist_option}"
fi
done
# join re6st network # join re6st network
cd "${configdir}" cd "${configdir}"
re6stnet @re6stnet.conf re6stnet @re6stnet.conf
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7