logauth
/
setup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
setup/clone/clone

606 lines
18 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
echo ">>> Loading configuration file";
source clone.conf;
echo "<<< done";
[ ! -e ./tmp -o ! -d ./tmp ] && mkdir ./tmp;
[ ! -e ./server -o ! -d ./server ] && mkdir ./server;
[ ! -e ./server/maintenance -o ! -d ./server/maintenance ] && mkdir ./server/maintenance;
# [!] Check parameter : device file
#========================================================#
echo ">>> [!] Checking parameter : device";
# (1) Check parameter existence #
if [ $# -lt 1 ]; then
echo "Missing parameter : device"; exit 1;
fi
# (2) Check USB and not a hard drive !!!!!!!!!! #
device_type=$(udevadm info --query=all -n $1 | grep -E "ID_BUS" | awk '{print $2}' | sed 's/ID_BUS=//');
device_type_pt1=$(udevadm info --query=all -n $11 | grep -E "ID_BUS" | awk '{print $2}' | sed 's/ID_BUS=//');
if [ "$device_type" != "usb" -a "$device_type_pt1" != "usb" ]; then
echo ">>> ERROR: device type is $device_type, \"usb\" expected."; exit 1;
fi;
echo "<<< done";
echo ">>> [!] Checking debian image";
# (1) Check parameter existence #
if [ ! -e $IMAGE_FILE ]; then
echo -e "debian image '$IMAGE_FILE' not found";
exit 1;
fi;
echo "<<< done";
DEV="$1";
# [1] Init device layout (gpt table)
#========================================================#
step1(){
echo -e "\n>>> [1] Checking for mounted partitions ($DEV)";
# (1) List partitions of this device #
mounted_partitions=$( cat /proc/mounts | awk '{print $1}' | grep "$DEV" );
# if nothing found -> next step
ls ${DEV}2 > /dev/null 2>&1 || (echo "<<< done"; step2);
for mounted in $mounted_partitions; do
read -n 1 -p " (!) umount $mounted (y/n) [n]" unmount;
if [ -n "$unmount" ] && [ $unmount = "y" ]; then
sudo umount $mounted 2> /dev/null > /dev/null \
&& echo " > unmounted" \
|| echo " > error";
fi;
done;
echo "<<< done";
step2;
}
# [2] Initialize GTP Table
#========================================================#
step2(){
echo -e "\n>>> [2] Formatting disk ($DEV)";
# (1) Confirmation #
read -n 1 -p " (!) Erase the whole disk ? it is irreversible! (y/n) [n]" confirm_format;
if [ -z "$confirm_format" ]; then
echo "<<< aborting";
exit 1;
fi;
if [ $confirm_format != "y" ]; then
echo "<<< aborting";
exit 1;
fi;
# (2) Init gpt entry #
echo -e "g\nw" | sudo fdisk $DEV 2> /dev/null > /dev/null;
echo "<<< done";
step3;
}
# [3] Burn image to device
#========================================================#
step3(){
echo -e "\n>>> [3] Burning image into disk ($DEV)";
# (1) Confirmation #
read -n 1 -p " (!) Burn the whole disk ? it is irreversible! (y/n) [n]" confirm_burn;
if [ -z "$confirm_burn" ]; then
echo "<<< aborting";
exit 1;
fi;
if [ $confirm_burn != "y" ]; then
echo "<<< aborting";
exit 1;
fi;
# (2) Burning image into disk #
# if GZIP
if [ "$IMAGE_GZIP" = "1" ]; then
echo " - burning proccess (gunzip) ..."
( sudo dd if=$IMAGE_FILE of=$DEV bs=1M status=progress ) \
&& echo " > burnt" \
|| ( echo "<<< error: dd command failed"; exit 1 ) || exit 1;
else
echo " - burning proccess ...";
( sudo dd if=$IMAGE_FILE of=$DEV bs=1M status=progress ) \
&& echo " > burnt" \
|| ( echo "<<< error: dd command failed"; exit 1 ) || exit 1;
fi;
echo " - writing memory buffers to disk";
sudo sync $DEV;
echo "<<< done";
step4;
}
# [4] Mount partition
#========================================================#
step4(){
echo -e "\n>>> [4] Mounting partition ${DEV}2";
count=0;
while [ $count -lt 5 ] && [ ! -e ${DEV}2 ]; do
echo " * Waiting for ${DEV}2 to be ready (remaining `expr 5 - $count`s)";
count=`expr $count + 1`;
sleep 1;
done;
if [ $count -eq 5 ]; then
echo "<<< error: can't find device ${DEV}2";
exit 1;
fi;
# (1) Disable ipv6 in the sd@1 partition #
echo " * Configuring /boot in ${DEV}1 partition";
sudo mount ${DEV}1 /mnt || (echo "<<< error: can't mount ${DEV}1"; exit 1);
echo "ipv6.disable=1" | sudo tee -a /mnt/cmdline.txt > /dev/null;
echo " * Enabling spi device";
echo "dtparam=spi=on" | sudo tee -a /mnt/config.txt > /dev/null;
echo "dtoverlay=spi-bcm2708" | sudo tee -a /mnt/config.txt > /dev/null;
echo " > done";
sudo umount /mnt;
# (2) Mount main partition #
sudo mount ${DEV}2 /mnt || (echo "<<< error: can't mount ${DEV}2"; exit 1);
echo "<<< done";
step5;
}
# [5] Updating users
#========================================================#
step5(){
echo -e "\n>>> [5] Updating users' structure";
# (1) emulate `useradd sats` #
echo " (.) emulate \`useradd sats\`";
echo " - /etc/shadow";
cat ./utility/shadow_append | sudo tee -a /mnt/etc/shadow > /dev/null;
cat ./utility/shadow_append | sudo tee -a /mnt/etc/shadow- > /dev/null;
echo " - /etc/passwd";
cat ./utility/passwd_append | sudo tee -a /mnt/etc/passwd > /dev/null;
cat ./utility/passwd_append | sudo tee -a /mnt/etc/passwd- > /dev/null;
# (2) Emulate `groupadd` then `usermod` #
echo " (.) emulate \`groupadd sats\`";
echo " - /etc/group";
echo " (.) emulate \`groupadd ssh-key\`";
echo " - /etc/group";
echo " (.) emulate \`usermod -a -G ssh-key,sats sats\`";
echo " (.) emulate \`usermod -a -G ssh-key pi\`";
echo " - /etc/group";
cat ./utility/group_append | sudo tee -a /mnt/etc/group > /dev/null;
cat ./utility/group_append | sudo tee -a /mnt/etc/group- > /dev/null;
echo " (.) emulate \`usermod -a -G gpio,spi sats\`";
sudo cat /mnt/etc/group | sed 's/^gpio:x:997:pi$/\0,sats/' | sed 's/^spi:x:999:pi$/\0,sats/' | sudo tee /mnt/etc/group > /dev/null;
echo "<<< done":
step6;
}
# [6] Manage SSH keys #
#========================================================#
step6(){
echo -e "\n>>> [6] Manage ssh keys";
# (1) Create ssh key pair #
echo " (.) Create ssh key [ecdsa:521]";
ssh-keygen -t ecdsa -b 521 -C "[ECDSA:521] SATS@$MACHINE_ID" -f ./tmp/id_ecdsa -P ""; # 2> /dev/null > /dev/null;
# (2) Add public key to server's `authorized_keys` file #
echo " (.) Add public key to server's list";
test ! -e ./server/authorized_keys && touch ./server/authorized_keys;
cat ./tmp/id_ecdsa.pub >> ./server/authorized_keys;
# (3) Create ssh file system #
echo " (.) Init ssh folder (/home/sats/.ssh)";
sudo mkdir -p /mnt/home/sats/.ssh;
# (4) Add both keys to sats files #
echo " (.) Add keys to ssh folder";
sudo mv ./tmp/id_ecdsa /mnt/home/sats/.ssh/id_ecdsa;
sudo mv ./tmp/id_ecdsa.pub /mnt/home/sats/.ssh/id_ecdsa.pub;
# (5) Add maintenance keys #
echo " (.) Add maintenance keys (for 'pi' user)";
sudo mkdir -p /mnt/home/pi/.ssh;
sudo touch /mnt/home/pi/.ssh/authorized_keys;
cat ./server/maintenance/*.pub | sudo tee /mnt/home/pi/.ssh/authorized_keys > /dev/null;
# (6) Set up permissions #
echo " (.) Set up permissions";
sudo chown -R 1000:1000 /mnt/home/pi/.ssh;
sudo chmod 550 /mnt/home/pi/.ssh;
sudo chmod 400 /mnt/home/pi/.ssh/authorized_keys;
sudo chown -R 666:666 /mnt/home/sats/;
sudo chmod 400 /mnt/home/sats/.ssh/*;
# (7) Restrict access to pubkey only (no password) #
echo " (.) Restrict access to pubkey";
cat ./utility/sshd_config_append | sudo tee -a /mnt/etc/ssh/sshd_config > /dev/null;
# (8) Define config alias with ssh-key #
echo " (.) Define alias config";
echo -e "Host\tsmmp-server\n\tHostname\t$SERVER_HOSTNAME\n\tUser\t$SERVER_USERNAME\n\tIdentityFile\t~/.ssh/id_ecdsa\n\tStrictHostKeyChecking\tno" | sudo tee /mnt/home/sats/.ssh/config > /dev/null;
sudo chown 666:666 /mnt/home/sats/.ssh/config;
sudo chmod 444 /mnt/home/sats/.ssh/config;
echo "<<< done";
step7;
}
# [7] Set up systemd services
#========================================================#
step7(){
echo -e "\n>>> [7] Set up systemd units";
# (1) Defaults
#--------------------------------------------------------#
# (1) Create useful folders #
echo " (.) Create useful folder";
echo " - /service";
sudo mkdir /mnt/service;
echo " - /target";
sudo mkdir /mnt/target;
# (2) Set multi-user.target as default #
echo " (.) Emulate \`systemctl set-default multi-user.target\`";
sudo ln -fs /lib/systemd/system/multi-user.target /mnt/etc/systemd/system/default.target;
# (2) Create .service lib files ()
#--------------------------------------------------------#
# (1) Create sats-boot service #
echo " (.) Create sats-boot service";
echo " - /lib/systemd/system";
sudo cp ./utility/sats-boot.service /mnt/lib/systemd/system/sats-boot.service;
# (2) Create sats-install service #
echo " (.) Create sats-install service";
echo " - /lib/systemd/system";
sudo cp ./utility/sats-install.service /mnt/lib/systemd/system/sats-install.service;
# (3) Create sats-update service #
echo " (.) Create sats-update service";
echo " - /lib/systemd/system";
sudo cp ./utility/sats-update.service /mnt/lib/systemd/system/sats-update.service;
# (4) Create sats-loop service #
echo " (.) Create sats-loop service";
echo " - /lib/systemd/system";
sudo cp ./utility/sats-loop.service /mnt/lib/systemd/system/sats-loop.service;
# (5) Create sats-sync target #
echo " (.) Create sats-sync target (service)";
echo " - /lib/systemd/system";
sudo cp ./utility/sats-sync.service /mnt/lib/systemd/system/sats-sync.service;
# (6) Create sats-sync-stop service #
echo " (.) Create sats-sync-stop service";
echo " - /lib/systemd/system";
sudo cp ./utility/sats-sync-stop.service /mnt/lib/systemd/system/sats-sync-stop.service;
# (7) Create sats-sync path #
echo " (.) Create sats-sync path";
echo " - /lib/systemd/system";
sudo cp ./utility/sats-sync.path /mnt/lib/systemd/system/sats-sync.path;
# (8) Create sats-sync-stop path #
echo " (.) Create sats-sync-stop path";
echo " - /lib/systemd/system";
sudo cp ./utility/sats-sync-stop.path /mnt/lib/systemd/system/sats-sync-stop.path;
# (9) Create sats-update timer #
echo " (.) Create sats-update timer";
echo " - /lib/systemd/system";
sudo cp ./utility/sats-update.timer /mnt/lib/systemd/system/sats-update.timer;
# (10) Create sats-dwc@ service #
echo " (.) Create sats-dwc@ service";
echo " - /lib/systemd/system";
sudo cp ./utility/sats-dwc@.service /mnt/lib/systemd/system/sats-dwc@.service;
# (11) Create firewall@ service #
echo " (.) Create firewall@ service";
echo " - /lib/systemd/system";
sudo cp ./utility/firewall@.service /mnt/lib/systemd/system/firewall@.service;
# (12) Create sats-feature@ service #
echo " (.) Create sats-feature@ service";
echo " - /lib/systemd/system";
sudo cp ./utility/sats-feature@.service /mnt/lib/systemd/system/sats-feature@.service;
# (3) Install services
#--------------------------------------------------------#
# (1) Create startup folder (if not already exists) #
sudo mkdir -p /mnt/etc/systemd/system/multi-user.target.wants;
# (2) Enable sats-loop at startup #
echo " (.) Emulate \`systemctl enable sats-loop.service\`";
sudo ln -fs /lib/systemd/system/sats-loop.service /mnt/etc/systemd/system/multi-user.target.wants/sats-loop.service;
# (3) Enable sats-update timer at startup #
echo " (.) Emulate \`systemctl enable sats-update.timer\`";
sudo ln -fs /lib/systemd/system/sats-update.timer /mnt/etc/systemd/system/multi-user.target.wants/sats-update.timer;
# (4) Enable sats-sync path at startup #
echo " (.) Emulate \`systemctl enable sats-sync.path\`";
sudo ln -fs /lib/systemd/system/sats-sync.path /mnt/etc/systemd/system/multi-user.target.wants/sats-sync.path;
# (5) Enable sats-sync-stop path at startup #
echo " (.) Emulate \`systemctl enable sats-sync-stop.path\`";
sudo ln -fs /lib/systemd/system/sats-sync-stop.path /mnt/etc/systemd/system/multi-user.target.wants/sats-sync-stop.path;
# (6) Enable sats-dwc@wlan0 at startup #
echo " (.) Emulate \`systemctl enable sats-dwc@$WIFI_DEVICE.service\`";
sudo ln -fs /lib/systemd/system/sats-dwc@.service /mnt/etc/systemd/system/multi-user.target.wants/sats-dwc@$WIFI_DEVICE.service;
# (7) Enable firewall@default at startup #
echo " (.) Emulate \`systemctl enable firewall@default.service\`";
sudo ln -fs /lib/systemd/system/firewall@.service /mnt/etc/systemd/system/multi-user.target.wants/firewall@default.service;
# (4) Create target scripts
#--------------------------------------------------------#
# (1) Create sats-boot script #
echo " (.) Create sats-boot script";
sudo cp ./utility/sats-boot /mnt/service/sats-boot;
# (2) Create sats-install script #
echo " (.) Create sats-install script";
sudo cp ./utility/sats-install /mnt/service/sats-install;
# (3) Create sats-update script #
echo " (.) Create sats-update script";
cat ./utility/sats-update | sudo tee /mnt/service/sats-update > /dev/null;
# (4) Create sats-loop script #
echo " (.) Create sats-loop script";
cat ./utility/sats-loop | sudo tee /mnt/service/sats-loop > /dev/null;
# (5) Create sats-sync-stop script #
echo " (.) Create sats-sync-stop script";
cat ./utility/sats-sync-stop | sudo tee /mnt/service/sats-sync-stop > /dev/null;
# (6) Create sats-dwc@wlan0 script #
echo " (.) Create sats-dwc@$WIFI_DEVICE script";
cat ./utility/wireless.dwc | sed "s/\*\*\*SALT\*\*\*/$WIFI_SALT/" | sed "s/\*\*\*PEPPER\*\*\*/$WIFI_PEPPER/" | sudo tee /mnt/etc/wpa_supplicant/$WIFI_DEVICE.dwc > /dev/null;
# (7) Create firewall@default script #
echo " (.) Create firewall@default script";
sudo mkdir -p /mnt/opt/firewall;
cat ./utility/default.fw | sudo tee /mnt/opt/firewall/default.fw > /dev/null;
# (5) Set up permissions
#--------------------------------------------------------#
echo " (.) Set up permissions";
# (1) Services scripts #
echo " - /service (sats:pi 750)";
sudo chown -R 666:1000 /mnt/service/*;
sudo chmod -R 750 /mnt/service/*;
# (2) target dir #
echo " - /target (sats:pi 750)";
sudo chown -R 666:1000 /mnt/target;
sudo chmod -R 755 /mnt/target;
echo "<<< done";
step8;
}
# [8] Manage Network config
#========================================================#
step8(){
echo -e "\n>>> [8] Set up WiFi configuration";
# (1) Update interfaces configuration #
echo " (.) Update /etc/network/interfaces configuration";
cat ./utility/interfaces | sudo tee /mnt/etc/network/interfaces > /dev/null;
echo "<<< done";
step9;
}
# [9] Set up SATS daemon
#========================================================#
step9(){
echo -e "\n>>> [9] Set up SATS operating folder";
# (1) Create operating folder #
echo " (.) Create operating folder";
sudo mkdir -p /mnt/home/sats/satsd/source;
sudo mkdir -p /mnt/home/sats/satsd/log;
sudo mkdir -p /mnt/home/sats/satsd/conf;
sudo mkdir -p /mnt/home/sats/satsd/data;
sudo mkdir -p /mnt/home/sats/satsd/tmp;
# (2) Create default configuration files #
echo " (.) Create default configuration/log files";
echo $MACHINE_STATE | sudo tee /mnt/home/sats/satsd/conf/machine.state > /dev/null;
echo $API_URL | sudo tee /mnt/home/sats/satsd/conf/api.url > /dev/null;
echo $MACHINE_BRANCH | sudo tee /mnt/home/sats/satsd/conf/machine.branch > /dev/null;
echo $MACHINE_ID | sudo tee /mnt/home/sats/satsd/conf/machine.id > /dev/null;
echo "" | sudo tee /mnt/home/sats/satsd/conf/auth.list > /dev/null;
echo "$MACHINE_SECRET:500:$NEXT_SECRET" | sudo tee /mnt/home/sats/satsd/conf/machine.secret > /dev/null;
echo "$UNLOCK_CODE" | sudo tee /mnt/home/sats/satsd/conf/machine.unlock > /dev/null;
echo "$WAREHOUSE_TOKEN" | sudo tee /mnt/home/sats/satsd/conf/warehouse.token > /dev/null;
echo "$MACHINE_ID;$UNLOCK_CODE" | tee -a ./server/created > /dev/null;
# (3) Adjust permissions #
echo " (.) Adjust permissions";
sudo chown -R 666:1000 /mnt/home/sats/satsd;
sudo chmod -R 750 /mnt/home/sats/satsd;
echo "<<< done";
step10;
}
# [10] Umount device and share data to server
#========================================================#
step10(){
echo -e "\n>>> Finishing properly";
echo " (.) Copying SATS public key to server's authorized_keys";
cat ./server/authorized_keys | tail -n 1 | ssh smmp-server "cat >> ~/.ssh/authorized_keys" || echo " (!) Cannot share public key";
echo " (.) Copying SATS unlock code to server's database";
DB_PASS="e6mmCpx9Oks5BwS1rcPIrgRDIGLrmDQn9oqX0tqF2VhyiLDW6yKJFrafewwCZ63njYaDKiNjiAS11hrLYij7HaxTdHb33tEqby34vgVrUYaUnwPnCJHmkoyR3TfjcZNCPti8VZG0Oooq7qSHy4lcD6T4EFCcOQ_yHjVIfibvbuZqQcPTUvbDP_9910mRDBUADShIe4sjK2FLOTCz6usUKkNqTH3PldRfAgGl182Zw9tiSPJfvQZX3S2bKblNuZf1";
DB_USER="sats-set-unlock";
DB_DATABASE="logauth";
ssh smmp-server "echo \"UPDATE machine SET unlock_code='$UNLOCK_CODE' WHERE id_machine = $MACHINE_ID;\" | mysql -u$DB_USER -p$DB_PASS --database=$DB_DATABASE" || echo " (!) Cannot share unlock code";
# and locally for testing purpose
echo "UPDATE machine SET unlock_code='$UNLOCK_CODE' WHERE id_machine = $MACHINE_ID;" | mysql -u$DB_USER -p$DB_PASS --database=$DB_DATABASE || echo " (!) Cannot share unlock code";
echo " (.) Unmounting remote device";
sudo umount /mnt;
echo "<<< done";
exit 0;
}
# [0] Step choice
#========================================================#
echo -e "\nSTEPS";
echo "(1) Unmount mounted partitions";
echo "(2) Format disk (gpt table)";
echo "(3) Burn image into disk";
echo "(4) Mount / partition";
echo "(5) Update users and groups";
echo "(6) Manage ssh keys";
echo "(7) Set up systemd background";
echo "(8) Set up WiFi config";
echo "(9) Set up SATS daemon";
echo "(10) Proper finishing";
read -p "step: " step;
case $step in
"1") step1;;
"2") step2;;
"3") step3;;
"4") step4;;
"5") step5;;
"6") step6;;
"7") step7;;
"8") step8;;
"9") step9;;
"10") step10;;
*) echo "wrong step"; exit;;
esac;
Reference in New Issue View Git Blame Copy Permalink