grdn-run 5.65 KB
#!/bin/bash
# interactively run re6stnet on NayuOS

mountpoint="/media/removable"
configdir="/home/chronos/user/.re6stconf"
configfile="${configdir}/re6stnet.conf"
# shill should not care about these devices
blacklist_option="re6stnet-tcp,re6stnet10,re6stnet9,re6stnet8,re6stnet7,re6stnet6,re6stnet5,re6stnet4,re6stnet3,re6stnet2,re6stnet1,tun0,tun1,tun2"

echo "After having run this script, you will connect to the Grandenet network, based on re6st, a resilient overlay mesh network providing IPv6."
if [[ $(pgrep re6stnet) ]] ; then
    read -p "re6stnet is already running. Stop it [y/N] ?" stop
    if [ "$stop" == "y" -o "$stop" == "Y" ] ; then
        echo "Killing re6stnet process..."
        killall re6stnet
    else
        echo "Exiting."
        exit 0
    fi
fi

# get configuration
if [ -r "${configfile}" -a -r "${configdir}/cert.crt" -a -r "${configdir}/cert.key" -a -r "${configdir}/ca.crt" ]; then
    echo "configuration was found in ${configdir}"
else
    echo "no configuration was found in ${configdir}, looking for it elsewhere..."
    path=""
    if [[ $(find "${mountpoint}" -type d | grep re6stconf) ]] ; then
        tempath=$(find "${mountpoint}" -type d | grep -m 1 re6stconf)
        read -p "Use configuration directory found at: ${tempath} [Y/n]? " confirm
        if [ "${confirm}" == "y" -o "${confirm}" == "Y" -o "${confirm}" == "" ] ; then
            path=$tempath
        fi
    else
        echo "no configuration directory was found"
    fi

    if [ "$path" == "" ] ; then
         read -e -p "please give a path to the directory containing the re6stnet configuration if you already generated one: " path
        if [ "$path" == "" ] ; then
            echo "No configuration given, you can generate one using grdn-cfg command. Exiting."
            exit 1
        fi
    fi
    if [ ! -d "$path" ] ; then
        echo "Invalid path ${path}, you can generate a valid configuration using grdn-cfg command. Exiting."
        exit 1
    fi
    if [ -r "${path}/re6stnet.conf" -a -r "${path}/cert.crt" -a -r "${path}/cert.key" -a -r "${path}/ca.crt" ]; then
        install -d "${configdir}"
        for file in "${path}"/* ; do
            install -m 600 "${file}" "${configdir}"
        done
    else
        echo "Missing some configuration files in ${path}, you can generate a valid configuration using grdn-cfg command. Exiting."
        exit 1
    fi
fi

# setup

# saving firewall configuration
ip6tables-save > "${configdir}/ip6tables.save"

# clean before exiting
cleanup() {
  printf "\nCleaning up and exiting...\n"
  if [ -r "${configdir}/ip6tables.save" ] ; then
       echo "Removing changes in ip6tables rules"
       ip6tables-restore < "${configdir}/ip6tables.save"
       rm "${configdir}/ip6tables.save"
  fi
  echo ""
  exit 0
}

trap cleanup SIGHUP SIGINT SIGTERM

# firewall configuration
if [ -r "${configdir}/ip6tables.conf" ] ; then
    ip6tables-restore < "${configdir}/ip6tables.conf"
else
    # accept ports needed for re6stnet
    ip6tables -P FORWARD ACCEPT
    ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT
    ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT
    ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT
    ip6tables -A INPUT -p udp --dport 326 -j ACCEPT

    # Accept ports needed for running any webrunner
    ip6tables  -A INPUT -p tcp --dport 9684 -j ACCEPT
    ip6tables  -A INPUT -p tcp --dport 50005 -j ACCEPT
fi

# setup shill network manager
if [[ $( pgrep -a shill | grep ${blacklist_option} ) ]] ; then
    echo "shill was started with the right blacklist."
else
    read -p "The network manager shill was not started with the right blacklisted devices list. Restart it [Y/n]? " confirm
    if [ "$confirm" != "n" -a "$confirm" != "N" ] ; then
        if [[ $( status shill_respawn | grep running ) ]] ; then
            # shill_respawn job does not allow to pass arguments to shill
            stop shill_respawn
        fi
        if [[ $( status shill | grep running ) ]] ; then
            stop shill
        fi
        start shill BLACKLISTED_DEVICES="${blacklist_option}"
        # wait a bit for the interfaces to be back
        for i in {0..4} ; do
            echo -n "." ; sleep 1
        done
echo ""
    fi
fi

read -p "Should the interface accept router advertisement via IPv6 [y/N]? " accept_ra

interface="$( ip -o link show | grep 'state UP' | awk -F': ' '{print $2}')"

read -p "Is '${interface}' the name of the interface that is used to access the Internet (via IPv4) [Y/n]? " confirm

if [ "$confirm" != "y" -a "$confirm" != "Y" -a "$confirm" != "" ] ; then
    echo "running interfaces found:"
    echo "$( ip -o link show | awk -F': ' '{print $2}' )"
    read -p "name of the interface used to access the Internet (via IPv4): " interface
fi

if [ accept_ra == "y" -o accept_ra == "Y" ] ; then
    sysctl net.ipv6.conf."${interface}".accept_ra=1
else
    sysctl net.ipv6.conf."${interface}".accept_ra=0
fi

echo "re6st will start, it may take a few minutes before beeing usable"
# wait a bit, so the user can see it and the message is not lost among re6st log
for i in {0..2} ; do
    echo -n "." ; sleep 1
done
echo ""

while [[ $( grep default "${configfile}" ) && $( ip -6 r | grep default ) ]] ; do
    printf "Default route was found for interface '${interface}':\n    $( ip -6 r | grep default )\nwhereas option 'default' is in ${configfile}.\n"
    read -p "Use ip route (i) or try restarting shill (s) [I/s]: " choice
    if [ "$choice" != "s" -a "$confirm" != "S" ] ; then
        route="$( ip -6 r | grep default | sed 's/ dev .*//' )"
        ip -6 route del ${route}
        echo removed route: "${route}"
    else
        restart shill BLACKLISTED_DEVICES="${blacklist_option}"
    fi
done

# join re6st network
cd "${configdir}"
re6stnet @re6stnet.conf