Skip to content

N
nayuos-ebuilds
Commit ad395388 authored by iv's avatar iv
Browse files
Options

Make grandenet more understandable.

parent be2e53d1
Hide whitespace changes
Inline Side-by-side
Showing with 94 additions and 94 deletions
net-misc/re6stnet/files/grandenet
View file @ ad395388
......@@ -7,31 +7,43 @@ configfile="${configdir}/re6stnet.conf"
# shill should not care about these interfaces
blacklist_option="re6stnet-tcp,re6stnet10,re6stnet9,re6stnet8,re6stnet7,re6stnet6,re6stnet5,re6stnet4,re6stnet3,re6stnet2,re6stnet1,tun0,tun1,tun2"
# Require script to be run via sudo, but not as root
if [[ $EUID != 0 ]]; then
echo "This script requires root privileges! However, it may fail if running with root user. Please, run it again and prefix the command by 'sudo'."
exit 1
fi
function configure {
configoptions=()
echo "You are going to generate all the files needed to be able to join the Grandenet network, based on re6st: a resilient overlay mesh network providing IPv6 over IPv4."
read -p "token (you can get one on http://www.grandenet.cn): " token
configoptions=('default')
echo "
################ New configuration generation ####################
"
read -p "Please, give your token (you can get one on http://www.grandenet.cn): " token
if [ "${token}" == "" ] ; then
echo "No token given. Exiting."
exit 1
fi
read -p "registry [http://re6stnet.grandenet.cn]: " registry
read -p "Give the registry you want to use [http://re6stnet.grandenet.cn]: " registry
if [ "${registry}" == "" ] ; then
registry="http://re6stnet.grandenet.cn"
fi
read -p "set re6st route as default [Y/n]? " default
if [ "${default}" != "n" -a "${default}" != "N" ] ; then
configoptions+=('default')
# do not assume everything is clean already
if [[ -f ${configdir} ]] ; then
echo "A file called ${configdir} has been found and removed."
rm "${configdir}"
elif [[ $(ls -A "${configdir}"/* 2> /dev/null) ]] ; then
echo "Some files are into ${configdir}. Moving them to directory ${configdir}/old"
install -d ${configdir}/old && mv "${configdir}"/* "${configdir}/old" 2> /dev/null
fi
re6st-conf --registry "${registry}" --token "${token}" --dir "${configdir}"
re6st-conf --registry "${registry}" --token "${token}" --dir "${configdir}" || { echo "An error occured while generating the configuration. Created files in '${configdir}': " ; ls "${configdir}" ; echo "Exiting." ; exit 1 ;}
printf '%s\n' "${configoptions[@]}" >> "${configfile}"
echo "
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0]
......@@ -42,19 +54,18 @@ function configure {
-A OUTPUT -p udp -m udp --dport 6696 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 326 -j ACCEPT
" > "${configdir}/ip6tables.conf"
read -p "save configuration on an external device [Y/n]? " save
read -p "Save configuration on an external device [Y/n]? " save
if [ "$save" != "n" -a "$save" != "N" ] ; then
save=1
if [[ $(ls -d "${mountpoint}"/*) ]]; then
echo "Detected external partitions:"
echo "Mounted external partitions list:"
for mnt in "${mountpoint}"/* ; do
echo " * $mnt"
done
else
echo "no external device partition mounted on ${mountpoint}"
echo "No external device partition mounted on ${mountpoint}."
fi
read -e -p "Where the configuration directory should be saved (use tabulation for autocompletion): " place
read -e -p "A folder called 're6stconf' will be generated in order to backup the freshly created configuration. Where should it be created (use tabulation for autocompletion)? " place
place+="/re6stconf"
echo "configuration will be saved in $place"
......@@ -63,24 +74,29 @@ function configure {
install "${file}" "${place}"
done
else
echo "Configuration will be placed in ${configfile}, please do a manual backup later or you could lose your access to this network."
echo -e "Configuration will be placed in ${configdir},\e[31m please do a manual backup later or you could lose your access to this network\e[0m."
fi
echo "
##################################################################
"
}
echo "After answering a few questions, you will connect to the Grandenet network, based on re6st, a resilient overlay mesh network providing IPv6."
if [[ $(pgrep re6stnet) ]] ; then
read -p "re6stnet is already running. Stop it [y/N] ?" stop
read -p "re6stnet is already running. Stop it [y/N]? " stop
if [ "$stop" == "y" -o "$stop" == "Y" ] ; then
echo "Killing re6stnet process..."
killall re6stnet
# XXX: should only kill other grandenet processes...
killall grandenet
else
echo "Exiting."
exit 0
fi
fi
# there may be a configuration already installed
usefound="n"
path=""
......@@ -96,8 +112,8 @@ fi
# try to find a saved configuration
if [ ! -r "${configfile}" ] ; then
echo "Looking for configuration directory on external devices..."
if [[ $(find "${mountpoint}" -type d | grep re6stconf) ]] ; then
path=$(find "${mountpoint}" -type d | grep -m 1 re6stconf)
path=$(find "${mountpoint}" -maxdepth 3 -type d | grep re6stconf)
if [ "${path}" != "" ] ; then
read -p "Use configuration directory found at: ${path} [Y/n]? " usefound
else
echo "No configuration directory was found."
......@@ -106,34 +122,36 @@ fi
install -d "${configdir}"
# don't use possibly found configuration(s)
# don't use possibly found configuration(s) if specified
if [ "$usefound" == "n" -o "$usefound" == "N" ]; then
read -p "Manually give the path (p) or generate new (n) configuration [p/N]? " action
if [ "${action}" == "P" -o "${action}" == "p" ] ; then
read -p "Do you already have a valid configuration that you would like to use (u) or do you need to generate a new configuration (n) [u/N]? " action
if [ "${action}" == "U" -o "${action}" == "u" ] ; then
read -e -p "Please give a path to the directory containing the re6stnet configuration if you already generated one: " path
if [ "$path" == "" ] ; then
echo "No configuration path given. Exiting."
exit 1
fi
else
configure || ( echo "Problem occured while generating new configuration. Exiting." && exit 1 )
path=${configdir}
configure || { echo "Problem occured while generating new configuration. Exiting." ; exit 1 ; }
path="${configdir}"
fi
fi
# copy the config if needed got by previous steps
if [ ${path} == ${configdir} ]; then
echo "Using configuration in place."
# copy the config if needed
if [ "${path}" == "${configdir}" -a -r "${path}/re6stnet.conf" -a -r "${path}/cert.crt" -a -r "${path}/cert.key" -a -r "${path}/ca.crt" ]; then
echo "Using existing configuration in '${configdir}'."
elif [ ! -d "$path" ] ; then
echo "Invalid path '${path}'. Exiting."
echo "Invalid path: '${path}' is not a directory. Exiting."
exit 1
elif [ -r "${path}/re6stnet.conf" -a -r "${path}/cert.crt" -a -r "${path}/cert.key" -a -r "${path}/ca.crt" ]; then
echo "Copying config to '${configdir}'."
echo "Copying config to '${configdir}'..."
for file in "${path}"/* ; do
install -m 600 "${file}" "${configdir}"
done
else
echo "Missing some configuration files in '${path}'. Exiting."
echo "Some configuration files are missing in '${path}' so it is not possible to connect to grandenet. Files present are:"
ls ${path}
echo "Try generating another configuration or use a different one next time. Exiting."
exit 1
fi
......@@ -143,41 +161,23 @@ cp "${configdir}/ip6tables.save" "${configdir}/current_ip6tables.conf"
# function to clean up and exit
cleanup() {
printf "\nCleaning up and exiting...\n"
if [ -r "${configdir}/ip6tables.save" ] ; then
echo "Removing changes in ip6tables rules"
ip6tables-restore < "${configdir}/ip6tables.save"
rm "${configdir}/ip6tables.save"
rm "${configdir}/current_ip6tables.conf"
fi
echo ""
exit 0
echo "
#################### Cleaning up #################################
"
printf "\nCleaning up and exiting...\n"
if [ -r "${configdir}/ip6tables.save" ] ; then
echo "Removing changes in ip6tables rules"
ip6tables-restore < "${configdir}/ip6tables.save"
rm "${configdir}/ip6tables.save"
rm "${configdir}/current_ip6tables.conf"
fi
echo "Stop allowing IPv6 forwarding..."
sysctl net.ipv6.conf.all.forwarding=0 > /dev/null
exit 0
}
trap cleanup SIGHUP SIGINT SIGTERM
# firewall configuration
if [ -r "${configdir}/ip6tables.conf" ] ; then
# remove line containing "COMMIT"
sed -i '/COMMIT/d' "${configdir}/current_ip6tables.conf"
# add few rules
cat "${configdir}/ip6tables.conf" >> "${configdir}/current_ip6tables.conf"
# putting "COMMIT" line back
echo "COMMIT" >> "${configdir}/current_ip6tables.conf"
ip6tables-restore < "${configdir}/current_ip6tables.conf"
else
# accept ports needed for re6stnet
ip6tables -P FORWARD ACCEPT
ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A INPUT -p udp --dport 326 -j ACCEPT
# Accept ports needed for running any webrunner
ip6tables -A INPUT -p tcp --dport 9684 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 50005 -j ACCEPT
fi
# setup shill network manager
if [[ $( pgrep -a shill | grep ${blacklist_option} ) ]] ; then
echo "shill was started with the right blacklist."
......@@ -196,47 +196,47 @@ else
for i in {0..4} ; do
echo -n "." ; sleep 1
done
echo ""
echo ""
fi
fi
read -p "Should the interface accept router advertisement via IPv6 [y/N]? " accept_ra
interface="$( ip -o link show | grep 'state UP' | awk -F': ' '{print $2}')"
read -p "Is '${interface}' the name of the interface that is used to access the Internet (via IPv4) [Y/n]? " confirm
# firewall configuration
if [ -r "${configdir}/ip6tables.conf" ] ; then
# remove line containing "COMMIT"
sed -i '/COMMIT/d' "${configdir}/current_ip6tables.conf"
# add few rules
cat "${configdir}/ip6tables.conf" >> "${configdir}/current_ip6tables.conf"
# putting "COMMIT" line back
echo "COMMIT" >> "${configdir}/current_ip6tables.conf"
ip6tables-restore < "${configdir}/current_ip6tables.conf"
else
# accept ports needed for re6stnet
ip6tables -P FORWARD ACCEPT
ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A INPUT -p udp --dport 326 -j ACCEPT
if [ "$confirm" != "y" -a "$confirm" != "Y" -a "$confirm" != "" ] ; then
echo "running interfaces found:"
echo "$( ip -o link show | awk -F': ' '{print $2}' )"
read -p "name of the interface used to access the Internet (via IPv4): " interface
# Accept ports needed for running any webrunner
ip6tables -A INPUT -p tcp --dport 9684 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 50005 -j ACCEPT
fi
if [ accept_ra == "y" -o accept_ra == "Y" ] ; then
sysctl net.ipv6.conf."${interface}".accept_ra=1
else
sysctl net.ipv6.conf."${interface}".accept_ra=0
fi
sysctl net.ipv6.conf.all.accept_ra=1
sysctl net.ipv6.conf.all.forwarding=1
echo "re6st will start, it may take a few minutes before beeing usable"
# wait a bit, so the user can see it and the message is not lost among re6st log
for i in {0..2} ; do
echo -n "." ; sleep 1
sleep 1
done
echo ""
while [[ $( grep default "${configfile}" ) && $( ip -6 r | grep default ) ]] ; do
printf "Default route was found for interface '${interface}':\n $( ip -6 r | grep default )\nwhereas option 'default' is in ${configfile}.\n"
read -p "Use ip route (i) or try restarting shill (s) [I/s]: " choice
if [ "$choice" != "s" -a "$confirm" != "S" ] ; then
route="$( ip -6 r | grep default | sed 's/ dev .*//' )"
ip -6 route del ${route}
echo removed route: "${route}"
else
restart shill BLACKLISTED_DEVICES="${blacklist_option}"
fi
done
echo "
######################### re6st logs #############################
"
# join re6st network
cd "${configdir}"
re6stnet @re6stnet.conf
re6stnet @re6stnet.conf
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7