From 8a185542012bdde3b44e116bddb7293d074608c6 Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Fri, 13 Mar 2020 23:10:36 +0100 Subject: [PATCH 01/59] Update common.sh --- installers/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installers/common.sh b/installers/common.sh index 8569f745..59d7c16c 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -14,7 +14,7 @@ git_source_url="https://github.com/$repo" # $repo from install.raspap.com # php package to install if [ "$version" -eq "10" ]; then version_msg="Raspbian 10.0 (Buster)" - php_package="php7.1-cgi" + php_package="php7.3-cgi" elif [ "$version" -eq "9" ]; then version_msg="Raspbian 9.0 (Stretch)" php_package="php7.0-cgi" From bfe795a97711488bd056f0d1d35bf2948893788f Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Sat, 14 Mar 2020 00:53:09 +0100 Subject: [PATCH 02/59] Update install_dependencies w/ dhcpcd5 --- installers/common.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 59d7c16c..b3716c75 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -25,8 +25,8 @@ elif [ "$version" -lt "8" ]; then fi phpcgiconf="" -if [ "$php_package" = "php7.1-cgi" ]; then - phpcgiconf="/etc/php/7.1/cgi/php.ini" +if [ "$php_package" = "php7.3-cgi" ]; then + phpcgiconf="/etc/php/7.3/cgi/php.ini" elif [ "$php_package" = "php7.0-cgi" ]; then phpcgiconf="/etc/php/7.0/cgi/php.ini" fi @@ -64,7 +64,7 @@ function config_installation() { # Runs a system software update to make sure we're using all fresh packages function install_dependencies() { install_log "Installing required packages" - sudo apt-get install $apt_option lighttpd $php_package git hostapd dnsmasq vnstat qrencode || install_error "Unable to install dependencies" + sudo apt-get install $apt_option lighttpd $php_package git hostapd dnsmasq dhcpcd5 vnstat qrencode || install_error "Unable to install dependencies" } # Enables PHP for lighttpd and restarts service for settings to take effect From f3dd4cc67d695b29ffaae46ed8e70ae4b2787a00 Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Sat, 14 Mar 2020 00:53:09 +0100 Subject: [PATCH 03/59] Update install_dependencies w/ dhcpcd5 --- installers/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installers/common.sh b/installers/common.sh index b94da1a6..11ab3916 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -64,7 +64,7 @@ function config_installation() { # Runs a system software update to make sure we're using all fresh packages function install_dependencies() { install_log "Installing required packages" - sudo apt-get install $apt_option lighttpd $php_package git hostapd dnsmasq vnstat qrencode || install_error "Unable to install dependencies" + sudo apt-get install $apt_option lighttpd $php_package git hostapd dnsmasq dhcpcd5 vnstat qrencode || install_error "Unable to install dependencies" } # Enables PHP for lighttpd and restarts service for settings to take effect From 8e148e683bbcf093301cfc6834104072f5c71eab Mon Sep 17 00:00:00 2001 From: billz Date: Tue, 17 Mar 2020 11:55:40 +0000 Subject: [PATCH 04/59] Update w/ OS, version detect & install dhcpcd5 --- installers/common.sh | 41 +++++++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 11ab3916..a60349c3 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -7,24 +7,33 @@ raspap_dir="/etc/raspap" raspap_user="www-data" webroot_dir="/var/www/html" -version=`sed 's/\..*//' /etc/debian_version` git_source_url="https://github.com/$repo" # $repo from install.raspap.com -# Determine Raspbian version, set default home location for lighttpd and -# php package to install -if [ "$version" -eq "10" ]; then - version_msg="Raspbian 10.0 (Buster)" - php_package="php7.3-cgi" -elif [ "$version" -eq "9" ]; then - version_msg="Raspbian 9.0 (Stretch)" - php_package="php7.0-cgi" -elif [ "$version" -eq "8" ]; then - install_error "Raspbian 8.0 (Jessie) and php5 are deprecated. Please upgrade." -elif [ "$version" -lt "8" ]; then - install_error "Raspbian ${version} is unsupported. Please upgrade." +if type lsb_release >/dev/null 2>&1; then # linuxbase.org + OS=$(lsb_release -si) + VERSION=$(lsb_release -sr) + CODENAME=$(lsb_release -sc) + DESC=$(lsb_release -sd) +else + install_error "Unsupported Linux distribution" +fi + +# Set default home for lighttpd, dhcpcd5 and php package option +# based on Linux OS, version +if [ "$VERSION" -eq "10" ]; then + php_package="php7.3-cgi" +elif [ "$VERSION" -eq "9" ]; then + php_package="php7.0-cgi" +elif [ "$VERSION" -eq "8" ]; then + install_error "${DESC} and php5 are not supported. Please upgrade." +elif [ "$VERSION" -lt "8" ]; then + install_error "${DESC} is unsupported. Please install on a supported distro." +fi + +if [ "$OS" -eq "Debian" ]; then + dhcpcd_package="dhcpcd5" fi -phpcgiconf="" if [ "$php_package" = "php7.3-cgi" ]; then phpcgiconf="/etc/php/7.3/cgi/php.ini" elif [ "$php_package" = "php7.0-cgi" ]; then @@ -36,7 +45,7 @@ fi # Prompts user to set options for installation function config_installation() { install_log "Configure installation" - echo "Detected ${version_msg}" + echo "Detected ${DESC}" echo "Install directory: ${raspap_dir}" echo -n "Install to Lighttpd root directory: ${webroot_dir}? [Y/n]: " if [ "$assume_yes" == 0 ]; then @@ -64,7 +73,7 @@ function config_installation() { # Runs a system software update to make sure we're using all fresh packages function install_dependencies() { install_log "Installing required packages" - sudo apt-get install $apt_option lighttpd $php_package git hostapd dnsmasq dhcpcd5 vnstat qrencode || install_error "Unable to install dependencies" + sudo apt-get install $apt_option lighttpd git hostapd dnsmasq $php_package $dhcpcd_package vnstat qrencode || install_error "Unable to install dependencies" } # Enables PHP for lighttpd and restarts service for settings to take effect From a55c1cbb1d4a47d1c758b27cb1bfa55fd0bae3a6 Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Tue, 17 Mar 2020 18:47:21 +0100 Subject: [PATCH 05/59] Update installer version --- installers/raspbian.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/installers/raspbian.sh b/installers/raspbian.sh index ea828999..c1ac8a9e 100755 --- a/installers/raspbian.sh +++ b/installers/raspbian.sh @@ -31,7 +31,7 @@ # Set defaults repo="billz/raspap-webgui" branch="master" -VERSION=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) +RASPAP_VERSION=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) assume_yes=0 ovpn_option=1 @@ -75,7 +75,7 @@ while :; do exit 1 ;; -v|--version) - printf "RaspAP v${VERSION} - simple AP setup and wifi mangement for the RaspberryPi\n" + printf "RaspAP v${RASPAP_VERSION} - simple AP setup and wifi mangement for the RaspberryPi\n" exit 1 ;; -*|--*) From 3e39f333453540eaebd86e3946560b3a39546838 Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Tue, 17 Mar 2020 18:51:07 +0100 Subject: [PATCH 06/59] Update version welcome --- installers/raspbian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installers/raspbian.sh b/installers/raspbian.sh index c1ac8a9e..96921fb9 100755 --- a/installers/raspbian.sh +++ b/installers/raspbian.sh @@ -105,7 +105,7 @@ function display_welcome() { echo -e " 88 88 88. .88 88 88. .88 88 88 88" echo -e " dP dP 88888P8 88888P 88Y888P 88 88 dP" echo -e " 88" - echo -e " dP version ${VERSION}" + echo -e " dP version ${RASPAP_VERSION}" echo -e "${green}" echo -e "The Quick Installer will guide you through a few easy steps\n\n" } From ead1f354d7e47f40191b4b0567233c35cbad346e Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Tue, 17 Mar 2020 19:22:07 +0100 Subject: [PATCH 07/59] operand bugfix --- installers/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installers/common.sh b/installers/common.sh index a60349c3..685e67bf 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -30,7 +30,7 @@ elif [ "$VERSION" -lt "8" ]; then install_error "${DESC} is unsupported. Please install on a supported distro." fi -if [ "$OS" -eq "Debian" ]; then +if [ "$OS" = "Debian" ]; then dhcpcd_package="dhcpcd5" fi From c52487c6715d5be9f5d1b4c2000e185d772353f2 Mon Sep 17 00:00:00 2001 From: billz Date: Tue, 17 Mar 2020 20:05:41 +0000 Subject: [PATCH 08/59] Minor: rename version > release --- installers/common.sh | 10 +++++----- installers/raspbian.sh | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 685e67bf..8c19b430 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -11,7 +11,7 @@ git_source_url="https://github.com/$repo" # $repo from install.raspap.com if type lsb_release >/dev/null 2>&1; then # linuxbase.org OS=$(lsb_release -si) - VERSION=$(lsb_release -sr) + RELEASE=$(lsb_release -sr) CODENAME=$(lsb_release -sc) DESC=$(lsb_release -sd) else @@ -20,13 +20,13 @@ fi # Set default home for lighttpd, dhcpcd5 and php package option # based on Linux OS, version -if [ "$VERSION" -eq "10" ]; then +if [ "$RELEASE" -eq "10" ]; then php_package="php7.3-cgi" -elif [ "$VERSION" -eq "9" ]; then +elif [ "$RELEASE" -eq "9" ]; then php_package="php7.0-cgi" -elif [ "$VERSION" -eq "8" ]; then +elif [ "$RELEASE" -eq "8" ]; then install_error "${DESC} and php5 are not supported. Please upgrade." -elif [ "$VERSION" -lt "8" ]; then +elif [ "$RELEASE" -lt "8" ]; then install_error "${DESC} is unsupported. Please install on a supported distro." fi diff --git a/installers/raspbian.sh b/installers/raspbian.sh index 96921fb9..ea828999 100755 --- a/installers/raspbian.sh +++ b/installers/raspbian.sh @@ -31,7 +31,7 @@ # Set defaults repo="billz/raspap-webgui" branch="master" -RASPAP_VERSION=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) +VERSION=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) assume_yes=0 ovpn_option=1 @@ -75,7 +75,7 @@ while :; do exit 1 ;; -v|--version) - printf "RaspAP v${RASPAP_VERSION} - simple AP setup and wifi mangement for the RaspberryPi\n" + printf "RaspAP v${VERSION} - simple AP setup and wifi mangement for the RaspberryPi\n" exit 1 ;; -*|--*) @@ -105,7 +105,7 @@ function display_welcome() { echo -e " 88 88 88. .88 88 88. .88 88 88 88" echo -e " dP dP 88888P8 88888P 88Y888P 88 88 dP" echo -e " 88" - echo -e " dP version ${RASPAP_VERSION}" + echo -e " dP version ${VERSION}" echo -e "${green}" echo -e "The Quick Installer will guide you through a few easy steps\n\n" } From c64924661470e6f4e6fe1f4095324af8bd46bd4c Mon Sep 17 00:00:00 2001 From: billz Date: Thu, 19 Mar 2020 09:37:05 +0000 Subject: [PATCH 09/59] Update sudoers file handling. Resolves #41. Addresses #127 --- installers/common.sh | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 8c19b430..e095e275 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -6,14 +6,22 @@ raspap_dir="/etc/raspap" raspap_user="www-data" +raspap_sudoers="/etc/sudoers.d/090_raspap" webroot_dir="/var/www/html" git_source_url="https://github.com/$repo" # $repo from install.raspap.com +# Fetch details for various Linux distros if type lsb_release >/dev/null 2>&1; then # linuxbase.org OS=$(lsb_release -si) RELEASE=$(lsb_release -sr) CODENAME=$(lsb_release -sc) DESC=$(lsb_release -sd) +elif [ -f /etc/os-release ]; then # freedesktop.org + . /etc/os-release + OS=$ID + RELEASE=$VERSION_ID + CODENAME=$VERSION_CODENAME + DESC=$PRETTY_NAME else install_error "Unsupported Linux distribution" fi @@ -30,7 +38,7 @@ elif [ "$RELEASE" -lt "8" ]; then install_error "${DESC} is unsupported. Please install on a supported distro." fi -if [ "$OS" = "Debian" ]; then +if [ ${OS,,} = "debian" ]; then dhcpcd_package="dhcpcd5" fi @@ -309,7 +317,7 @@ function enable_raspap_daemon() { # Add a single entry to the sudoers file function sudo_add() { - sudo bash -c "echo \"$raspap_user ALL=(ALL) NOPASSWD:$1\" | (EDITOR=\"tee -a\" visudo)" \ + sudo bash -c "echo \"$raspap_user ALL=(ALL) NOPASSWD:$1\" | tee -a $raspap_sudoers" \ || install_error "Unable to patch /etc/sudoers" } @@ -356,14 +364,20 @@ function patch_system_files() { "/bin/chmod o+r /tmp/dnsmasq.log" ) + # Create sudoers if not present + if [ ! -f $raspap_sudoers ]; then + install_log "Creating ${raspap_sudoers}" + sudo touch $raspap_sudoers + fi + # Check if sudoers needs patching - if [ $(sudo grep -c $raspap_user /etc/sudoers) -ne ${#cmds[@]} ] - then + if [ $(sudo grep -c $raspap_user $raspap_sudoers) -ne ${#cmds[@]} ]; then # Sudoers file has incorrect number of commands. Wiping them out. install_log "Cleaning system sudoers file" - sudo sed -i "/$raspap_user/d" /etc/sudoers + sudo sed -i "/$raspap_user/d" $raspap_sudoers install_log "Patching system sudoers file" - # patch /etc/sudoers file + + # patch /etc/sudoers.d/090_raspap file for cmd in "${cmds[@]}" do sudo_add $cmd From 8c67fd0c3a34a7696ed85b497a995ee13faa6c7d Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 07:23:05 +0000 Subject: [PATCH 10/59] Initial commit --- installers/iptables.service | 14 ++++++++++++++ installers/raspap.iptables | 5 +++++ 2 files changed, 19 insertions(+) create mode 100644 installers/iptables.service create mode 100644 installers/raspap.iptables diff --git a/installers/iptables.service b/installers/iptables.service new file mode 100644 index 00000000..ed98c87f --- /dev/null +++ b/installers/iptables.service @@ -0,0 +1,14 @@ +[Unit] +Description=Packet Filtering Framework +DefaultDependencies=no +After=systemd-sysctl.service +Before=sysinit.target +[Service] +Type=oneshot +ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules +ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules +ExecStop=/etc/iptables/flush-iptables.sh +RemainAfterExit=yes +[Install] +WantedBy=multi-user.target + diff --git a/installers/raspap.iptables b/installers/raspap.iptables new file mode 100644 index 00000000..0e50821c --- /dev/null +++ b/installers/raspap.iptables @@ -0,0 +1,5 @@ +iptables -t nat -A POSTROUTING -j MASQUERADE #RASPAP +iptables -t nat -A POSTROUTING -s 192.168.50.0\/24 ! -d 192.168.50.0\/24 -j MASQUERADE #RASPAP + +COMMIT + From ebefe5df75fb7ad62c89cc91f347611bcd3091c8 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 07:26:37 +0000 Subject: [PATCH 11/59] Resolve version naming conflict --- installers/raspbian.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/installers/raspbian.sh b/installers/raspbian.sh index ea828999..b81e9437 100755 --- a/installers/raspbian.sh +++ b/installers/raspbian.sh @@ -31,9 +31,9 @@ # Set defaults repo="billz/raspap-webgui" branch="master" -VERSION=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) assume_yes=0 ovpn_option=1 +RASPAP_VERSION=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) # Define usage notes usage=$(cat << EOF @@ -75,7 +75,7 @@ while :; do exit 1 ;; -v|--version) - printf "RaspAP v${VERSION} - simple AP setup and wifi mangement for the RaspberryPi\n" + printf "RaspAP v${RASPAP_VERSION} - simple AP setup and wifi mangement for the RaspberryPi\n" exit 1 ;; -*|--*) @@ -105,7 +105,7 @@ function display_welcome() { echo -e " 88 88 88. .88 88 88. .88 88 88 88" echo -e " dP dP 88888P8 88888P 88Y888P 88 88 dP" echo -e " 88" - echo -e " dP version ${VERSION}" + echo -e " dP version ${RASPAP_VERSION}" echo -e "${green}" echo -e "The Quick Installer will guide you through a few easy steps\n\n" } From 4b30be5c54d2b19e60f1decafead77e9a70c1974 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 07:32:23 +0000 Subject: [PATCH 12/59] Align installer w/ Debian's modern SYSV style. Resolves #127 --- installers/common.sh | 64 +++++++++++++++++++++++++------------------- 1 file changed, 36 insertions(+), 28 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index e095e275..2be3bf5a 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -7,6 +7,8 @@ raspap_dir="/etc/raspap" raspap_user="www-data" raspap_sudoers="/etc/sudoers.d/090_raspap" +raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf" +raspap_sysctl="/etc/sysctl.d/90_raspap.conf" webroot_dir="/var/www/html" git_source_url="https://github.com/$repo" # $repo from install.raspap.com @@ -31,7 +33,7 @@ fi if [ "$RELEASE" -eq "10" ]; then php_package="php7.3-cgi" elif [ "$RELEASE" -eq "9" ]; then - php_package="php7.0-cgi" + php_package="php7.0-cgi" elif [ "$RELEASE" -eq "8" ]; then install_error "${DESC} and php5 are not supported. Please upgrade." elif [ "$RELEASE" -lt "8" ]; then @@ -202,7 +204,7 @@ function change_file_ownership() { sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || install_error "Unable to change file ownership for '$webroot_dir'" } -# Check for existing /etc/network/interfaces and /etc/hostapd/hostapd.conf files +# Check for existing configuration files function check_for_old_configs() { if [ -f /etc/network/interfaces ]; then sudo cp /etc/network/interfaces "$raspap_dir/backups/interfaces.`date +%F-%R`" @@ -214,8 +216,8 @@ function check_for_old_configs() { sudo ln -sf "$raspap_dir/backups/hostapd.conf.`date +%F-%R`" "$raspap_dir/backups/hostapd.conf" fi - if [ -f /etc/dnsmasq.conf ]; then - sudo cp /etc/dnsmasq.conf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`" + if [ -f $raspap_dnsmasq ]; then + sudo cp $raspap_dnsmasq "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`" sudo ln -sf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`" "$raspap_dir/backups/dnsmasq.conf" fi @@ -224,8 +226,8 @@ function check_for_old_configs() { sudo ln -sf "$raspap_dir/backups/dhcpcd.conf.`date +%F-%R`" "$raspap_dir/backups/dhcpcd.conf" fi - if [ -f /etc/rc.local ]; then - sudo cp /etc/rc.local "$raspap_dir/backups/rc.local.`date +%F-%R`" + if [ -f $raspap_sysctl ]; then + sudo cp $raspap_sysctl "$raspap_dir/backups/rc.local.`date +%F-%R`" sudo ln -sf "$raspap_dir/backups/rc.local.`date +%F-%R`" "$raspap_dir/backups/rc.local" fi @@ -251,13 +253,13 @@ function move_config_file() { # Set up default configuration function default_configuration() { - install_log "Setting up hostapd" + install_log "Applying default configuration to installed services" if [ -f /etc/default/hostapd ]; then sudo mv /etc/default/hostapd /tmp/default_hostapd.old || install_error "Unable to remove old /etc/default/hostapd file" fi sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || install_error "Unable to move hostapd defaults file" sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || install_error "Unable to move hostapd configuration file" - sudo cp $webroot_dir/config/dnsmasq.conf /etc/dnsmasq.conf || install_error "Unable to move dnsmasq configuration file" + sudo cp $webroot_dir/config/dnsmasq.conf $raspap_dnsmasq || install_error "Unable to move dnsmasq configuration file" sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || install_error "Unable to move dhcpcd configuration file" [ -d /etc/dnsmasq.d ] || sudo mkdir /etc/dnsmasq.d @@ -271,26 +273,32 @@ function default_configuration() { sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php" fi - # Generate required lines for Rasp AP to place into rc.local file. - # #RASPAP is for removal script - lines=( - 'echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward #RASPAP' - 'iptables -t nat -A POSTROUTING -j MASQUERADE #RASPAP' - 'iptables -t nat -A POSTROUTING -s 192.168.50.0\/24 ! -d 192.168.50.0\/24 -j MASQUERADE #RASPAP' - ) - - for line in "${lines[@]}"; do - if grep "$line" /etc/rc.local > /dev/null; then - echo "$line: Line already added" - else - sudo sed -i "s/^exit 0$/$line\nexit 0/" /etc/rc.local - echo "Adding line $line" - fi - done + # Enable IP forwarding in /etc/sysctl.d/90_raspap.conf + if [ ! -f $raspap_sysctl ]; then + echo "Enabling IP forwarding" + sudo touch $raspap_sysctl || install_error "Unable to create ${raspap_sysctl}" + fi - # Force a reload of new settings in /etc/rc.local - sudo systemctl restart rc-local.service - sudo systemctl daemon-reload + line='echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward' + if grep "$line" $raspap_sysctl > /dev/null; then + echo "$line: Line already added" + else + sudo sed -i "s/^exit 0$/$line\nexit 0/" $raspap_sysctl + echo "Adding line $line to $raspap_sysctl" + fi + + echo "Applying persistent IP tables rules" + if [ ! -f "/etc/iptables/raspap.iptables" ]; then + sudo cp $webroot_dir/installers/raspap.iptables /etc/iptables + fi + + if [ ! -f "/etc/systemd/system/iptables.service" ]; then + echo "Enabling iptables.service" + sudo cp $webroot_dir/installers/iptables.service /etc/systemd/system/ + sudo systemctl daemon-reload + sudo systemctl enable iptables.service + sudo systemctl start iptables.service + fi # Prompt to install RaspAP daemon echo -n "Enable RaspAP control service (Recommended)? [Y/n]: " @@ -347,7 +355,7 @@ function patch_system_files() { "/bin/systemctl disable openvpn-client@client" "/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf" "/bin/cp /tmp/authdata /etc/openvpn/client/login.conf" - "/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.conf" + "/bin/cp /tmp/dnsmasqdata ${raspap_dnsmasq}" "/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf" "/sbin/shutdown -h now" "/sbin/reboot" From f6599ae81526f54d90a926a447aedf15582df349 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 07:48:24 +0000 Subject: [PATCH 13/59] Update iptables.rules naming for consistency --- installers/common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 2be3bf5a..7d345c48 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -288,8 +288,8 @@ function default_configuration() { fi echo "Applying persistent IP tables rules" - if [ ! -f "/etc/iptables/raspap.iptables" ]; then - sudo cp $webroot_dir/installers/raspap.iptables /etc/iptables + if [ ! -f "/etc/iptables/iptables.rules" ]; then + sudo cp $webroot_dir/installers/iptables.rules /etc/iptables fi if [ ! -f "/etc/systemd/system/iptables.service" ]; then From 4a7c61eabf40c8c84d28b90864769461f63041fd Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 07:51:35 +0000 Subject: [PATCH 14/59] Rename iptables.rules for consistency, strip comments --- installers/iptables.rules | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 installers/iptables.rules diff --git a/installers/iptables.rules b/installers/iptables.rules new file mode 100644 index 00000000..cd02a1b8 --- /dev/null +++ b/installers/iptables.rules @@ -0,0 +1,5 @@ +iptables -t nat -A POSTROUTING -j MASQUERADE +iptables -t nat -A POSTROUTING -s 192.168.50.0\/24 ! -d 192.168.50.0\/24 -j MASQUERADE + +COMMIT + From d1de71318b72de58a9c8d3af9c1f20159dfc225c Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Fri, 20 Mar 2020 08:54:02 +0100 Subject: [PATCH 15/59] Delete raspap.iptables --- installers/raspap.iptables | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 installers/raspap.iptables diff --git a/installers/raspap.iptables b/installers/raspap.iptables deleted file mode 100644 index 0e50821c..00000000 --- a/installers/raspap.iptables +++ /dev/null @@ -1,5 +0,0 @@ -iptables -t nat -A POSTROUTING -j MASQUERADE #RASPAP -iptables -t nat -A POSTROUTING -s 192.168.50.0\/24 ! -d 192.168.50.0\/24 -j MASQUERADE #RASPAP - -COMMIT - From 21273774a564d88dbd8c9605ce70e17d874bb7de Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 08:04:50 +0000 Subject: [PATCH 16/59] Fix raspap.service install path, add error handling --- installers/common.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 7d345c48..16cc2e01 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -294,10 +294,10 @@ function default_configuration() { if [ ! -f "/etc/systemd/system/iptables.service" ]; then echo "Enabling iptables.service" - sudo cp $webroot_dir/installers/iptables.service /etc/systemd/system/ + sudo cp $webroot_dir/installers/iptables.service /etc/systemd/system/ || install_error "Unable to move iptables.service file" sudo systemctl daemon-reload - sudo systemctl enable iptables.service - sudo systemctl start iptables.service + sudo systemctl enable iptables.service || install_error "Failed to enable iptables.service" + sudo systemctl start iptables.service || install_error "Unable to start iptables.service" fi # Prompt to install RaspAP daemon @@ -319,8 +319,10 @@ function default_configuration() { function enable_raspap_daemon() { install_log "Enabling RaspAP daemon" echo "Disable with: sudo systemctl disable raspap.service" - sudo cp $webroot_dir/installers/raspap.service /lib/systemd/system/ || install_error "Unable to move raspap.service file" + sudo cp $webroot_dir/installers/raspap.service /etc/systemd/system/ || install_error "Unable to move raspap.service file" + sudo systemctl daemon-reload sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service" + sudo systemctl start raspap.service || intall_error "Unable to start raspap.service" } # Add a single entry to the sudoers file From de2ded198436b3d148628c1e5c7a88c60fc3d4c7 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 09:03:28 +0000 Subject: [PATCH 17/59] LSBize service script --- installers/raspap.service | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/installers/raspap.service b/installers/raspap.service index 32430b14..13dcccc1 100644 --- a/installers/raspap.service +++ b/installers/raspap.service @@ -1,10 +1,26 @@ +### BEGIN INIT INFO +# Provides: /etc/raspap/hostapd/servicestart +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start RaspAP daemon at boot time +# Description: Enable service provided by daemon. +### END INIT INFO + [Unit] -Description=RaspAP daemon -After=multi-user.target +Description=RaspAP Service Daemon +DefaultDependencies=no +After=systemd-sysctl.service +Before=sysinit.target [Service] -Type=idle +Type=oneshot ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3 +ExecReload=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3 +ExecStop=/bin/bash /etc/raspap/hostapd/servicestart.sh --action stop +RemainAfterExit=yes [Install] WantedBy=multi-user.target + From aac50250294f90117b8cde4ca2900dc3633e9c69 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 09:05:33 +0000 Subject: [PATCH 18/59] Added stop action for LSB compliance --- installers/servicestart.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/installers/servicestart.sh b/installers/servicestart.sh index 710d2b4b..ba87ba2c 100755 --- a/installers/servicestart.sh +++ b/installers/servicestart.sh @@ -22,8 +22,13 @@ case $key in ;; -s|--seconds) seconds="$2" - shift # past argument - shift # past value + shift + shift + ;; + -a|--action) + action="$2" + shift + shift ;; esac done @@ -36,6 +41,11 @@ systemctl stop hostapd.service systemctl stop dnsmasq.service systemctl stop dhcpcd.service +if [ "${action}" = "stop" ]; then + echo "Services stopped. Exiting." + exit 0 +fi + if [ -f "$DAEMONPATH" ]; then echo "Changing RaspAP Daemon --interface to $interface" sed -i "s/\(--interface \)[[:alnum:]]*/\1$interface/" "$DAEMONPATH" From df3d84b570e48057a360f7053a98d792d8c825be Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 09:16:18 +0000 Subject: [PATCH 19/59] Postpone start of raspap.service --- installers/common.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/installers/common.sh b/installers/common.sh index 16cc2e01..e1a490bf 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -322,7 +322,6 @@ function enable_raspap_daemon() { sudo cp $webroot_dir/installers/raspap.service /etc/systemd/system/ || install_error "Unable to move raspap.service file" sudo systemctl daemon-reload sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service" - sudo systemctl start raspap.service || intall_error "Unable to start raspap.service" } # Add a single entry to the sudoers file From 49622dd4af9c316ea65066258338f62fe8329a05 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 09:53:59 +0000 Subject: [PATCH 20/59] Initial commit --- installers/raspap.sudoers | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 installers/raspap.sudoers diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers new file mode 100644 index 00000000..60b2e136 --- /dev/null +++ b/installers/raspap.sudoers @@ -0,0 +1,37 @@ +www-data ALL=(ALL) NOPASSWD:/sbin/ifdown +www-data ALL=(ALL) NOPASSWD:/sbin/ifup +www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf +www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf +www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf +www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf +www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan_results +www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan +www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] reconfigure +www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] select_network +www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf +www-data ALL=(ALL) NOPASSWD:/bin/systemctl start hostapd.service +www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop hostapd.service +www-data ALL=(ALL) NOPASSWD:/bin/systemctl start dnsmasq.service +www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop dnsmasq.service +www-data ALL=(ALL) NOPASSWD:/bin/systemctl start openvpn-client@client +www-data ALL=(ALL) NOPASSWD:/bin/systemctl enable openvpn-client@client +www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client +www-data ALL=(ALL) NOPASSWD:/bin/systemctl disable openvpn-client@client +www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf +www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf +www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.conf +www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf +www-data ALL=(ALL) NOPASSWD:/sbin/shutdown -h now +www-data ALL=(ALL) NOPASSWD:/sbin/reboot +www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] down +www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] up +www-data ALL=(ALL) NOPASSWD:/sbin/ip -s a f label wlan[0-9] +www-data ALL=(ALL) NOPASSWD:/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf +www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/enablelog.sh +www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/disablelog.sh +www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/servicestart.sh +www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh +www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh +www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log +www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log + From 1f538d4a7771bc1012c862ee324c5290a7c02c46 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 09:55:49 +0000 Subject: [PATCH 21/59] Externalized sudoers, - superfluous code from patch_system_files --- installers/common.sh | 70 +++----------------------------------------- 1 file changed, 4 insertions(+), 66 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index e1a490bf..134a264f 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -324,76 +324,14 @@ function enable_raspap_daemon() { sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service" } -# Add a single entry to the sudoers file -function sudo_add() { - sudo bash -c "echo \"$raspap_user ALL=(ALL) NOPASSWD:$1\" | tee -a $raspap_sudoers" \ - || install_error "Unable to patch /etc/sudoers" -} - -# Adds www-data user to the sudoers file with restrictions on what the user can execute +# Add sudoers file to /etc/sudoers.d/ and set file permissions function patch_system_files() { - # Set commands array - cmds=( - "/sbin/ifdown" - "/sbin/ifup" - "/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf" - "/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf" - "/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf" - "/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf" - "/sbin/wpa_cli -i wlan[0-9] scan_results" - "/sbin/wpa_cli -i wlan[0-9] scan" - "/sbin/wpa_cli -i wlan[0-9] reconfigure" - "/sbin/wpa_cli -i wlan[0-9] select_network" - "/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf" - "/bin/systemctl start hostapd.service" - "/bin/systemctl stop hostapd.service" - "/bin/systemctl start dnsmasq.service" - "/bin/systemctl stop dnsmasq.service" - "/bin/systemctl start openvpn-client@client" - "/bin/systemctl enable openvpn-client@client" - "/bin/systemctl stop openvpn-client@client" - "/bin/systemctl disable openvpn-client@client" - "/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf" - "/bin/cp /tmp/authdata /etc/openvpn/client/login.conf" - "/bin/cp /tmp/dnsmasqdata ${raspap_dnsmasq}" - "/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf" - "/sbin/shutdown -h now" - "/sbin/reboot" - "/sbin/ip link set wlan[0-9] down" - "/sbin/ip link set wlan[0-9] up" - "/sbin/ip -s a f label wlan[0-9]" - "/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf" - "/etc/raspap/hostapd/enablelog.sh" - "/etc/raspap/hostapd/disablelog.sh" - "/etc/raspap/hostapd/servicestart.sh" - "/etc/raspap/lighttpd/configport.sh" - "/etc/raspap/openvpn/configauth.sh" - "/bin/chmod o+r /tmp/hostapd.log" - "/bin/chmod o+r /tmp/dnsmasq.log" - ) - # Create sudoers if not present if [ ! -f $raspap_sudoers ]; then - install_log "Creating ${raspap_sudoers}" - sudo touch $raspap_sudoers - fi - - # Check if sudoers needs patching - if [ $(sudo grep -c $raspap_user $raspap_sudoers) -ne ${#cmds[@]} ]; then - # Sudoers file has incorrect number of commands. Wiping them out. - install_log "Cleaning system sudoers file" - sudo sed -i "/$raspap_user/d" $raspap_sudoers - install_log "Patching system sudoers file" - - # patch /etc/sudoers.d/090_raspap file - for cmd in "${cmds[@]}" - do - sudo_add $cmd - IFS=$'\n' - done - else - install_log "Sudoers file already patched" + install_log "Adding raspap.sudoers to ${raspap_sudoers}" + sudo cp "$webroot_dir/installers/raspap.sudoers" $raspap_sudoers || install_error "Unable to apply raspap.sudoers to $raspap_sudoers" + sudo chmod 0440 $raspap_sudoers || install_error "Unable to change file permissions for $raspap_sudoers" fi # Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces From 6e713e6857ea56781a48d2f9b9e41b5edf84c73b Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 11:04:03 +0000 Subject: [PATCH 22/59] Bugfix IP forwarding + error handling --- installers/common.sh | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 134a264f..5ad00b68 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -227,12 +227,12 @@ function check_for_old_configs() { fi if [ -f $raspap_sysctl ]; then - sudo cp $raspap_sysctl "$raspap_dir/backups/rc.local.`date +%F-%R`" - sudo ln -sf "$raspap_dir/backups/rc.local.`date +%F-%R`" "$raspap_dir/backups/rc.local" + sudo cp $raspap_sysctl "$raspap_dir/backups/sysctl.d.`date +%F-%R`" + sudo ln -sf "$raspap_dir/backups/sysctl.d.`date +%F-%R`" "$raspap_dir/backups/sysctl.d" fi for file in /etc/systemd/network/raspap-*.net*; do - if [-f "${file}" ]; then + if [ -f "${file}" ]; then filename = $(basename $file) sudo cp "$file" "${raspap_dir}/backups/${filename}.`date +%F-%R`" sudo ln -sf "${raspap_dir}/backups/${filename}.`date +%F-%R`" "${raspap_dir}/backups/${filename}" @@ -277,19 +277,12 @@ function default_configuration() { if [ ! -f $raspap_sysctl ]; then echo "Enabling IP forwarding" sudo touch $raspap_sysctl || install_error "Unable to create ${raspap_sysctl}" + sudo echo "net.ipv4.ip_forward = 1" >> $raspap_sysctl || install_error "Unable to append to ${raspap_sysctl}" fi - line='echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward' - if grep "$line" $raspap_sysctl > /dev/null; then - echo "$line: Line already added" - else - sudo sed -i "s/^exit 0$/$line\nexit 0/" $raspap_sysctl - echo "Adding line $line to $raspap_sysctl" - fi - - echo "Applying persistent IP tables rules" + echo "Enabling persistent IP tables rules" if [ ! -f "/etc/iptables/iptables.rules" ]; then - sudo cp $webroot_dir/installers/iptables.rules /etc/iptables + sudo cp $webroot_dir/installers/iptables.rules /etc/iptables || install_error "Unable to move iptables.rules to /etc/iptables" fi if [ ! -f "/etc/systemd/system/iptables.service" ]; then From 40e558b72037d790f88ef4dab19e5ceb5afbed41 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 11:06:36 +0000 Subject: [PATCH 23/59] Var rename, prevent conflict w/ lsb_release --- installers/raspbian.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/installers/raspbian.sh b/installers/raspbian.sh index b81e9437..d7af588e 100755 --- a/installers/raspbian.sh +++ b/installers/raspbian.sh @@ -33,7 +33,7 @@ repo="billz/raspap-webgui" branch="master" assume_yes=0 ovpn_option=1 -RASPAP_VERSION=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) +RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) # Define usage notes usage=$(cat << EOF @@ -75,7 +75,7 @@ while :; do exit 1 ;; -v|--version) - printf "RaspAP v${RASPAP_VERSION} - simple AP setup and wifi mangement for the RaspberryPi\n" + printf "RaspAP v${RASPAP_LATEST} - simple AP setup and wifi mangement for the RaspberryPi\n" exit 1 ;; -*|--*) @@ -105,7 +105,7 @@ function display_welcome() { echo -e " 88 88 88. .88 88 88. .88 88 88 88" echo -e " dP dP 88888P8 88888P 88Y888P 88 88 dP" echo -e " 88" - echo -e " dP version ${RASPAP_VERSION}" + echo -e " dP version ${RASPAP_LATEST}" echo -e "${green}" echo -e "The Quick Installer will guide you through a few easy steps\n\n" } From 0218f4beeae927404889f482de5775116aeb3455 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 12:07:13 +0000 Subject: [PATCH 24/59] Fix ruleset with iptables + iptables-save --- installers/iptables.rules | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/installers/iptables.rules b/installers/iptables.rules index cd02a1b8..c39dd4cb 100644 --- a/installers/iptables.rules +++ b/installers/iptables.rules @@ -1,5 +1,10 @@ -iptables -t nat -A POSTROUTING -j MASQUERADE -iptables -t nat -A POSTROUTING -s 192.168.50.0\/24 ! -d 192.168.50.0\/24 -j MASQUERADE - +# RaspAP iptables rules +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A POSTROUTING -j MASQUERADE +-A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE COMMIT From 96aed21bb5eb0959a68ca886b0d18af1624d3750 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 12:07:50 +0000 Subject: [PATCH 25/59] Quote vars + remove whitespace --- installers/common.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 5ad00b68..432ece4b 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -55,9 +55,10 @@ fi # Prompts user to set options for installation function config_installation() { install_log "Configure installation" - echo "Detected ${DESC}" + echo "Detected OS: ${DESC}" + echo "Using GitHub repository: ${repo} ${branch} branch" echo "Install directory: ${raspap_dir}" - echo -n "Install to Lighttpd root directory: ${webroot_dir}? [Y/n]: " + echo -n "Install to lighttpd root: ${webroot_dir}? [Y/n]: " if [ "$assume_yes" == 0 ]; then read answer < /dev/tty if [ "$answer" != "${answer#[Nn]}" ]; then @@ -67,7 +68,6 @@ function config_installation() { echo -e fi echo "Install to Lighttpd directory: ${webroot_dir}" - echo -n "Complete installation with these values? [Y/n]: " if [ "$assume_yes" == 0 ]; then read answer < /dev/tty @@ -233,7 +233,7 @@ function check_for_old_configs() { for file in /etc/systemd/network/raspap-*.net*; do if [ -f "${file}" ]; then - filename = $(basename $file) + filename=$(basename $file) sudo cp "$file" "${raspap_dir}/backups/${filename}.`date +%F-%R`" sudo ln -sf "${raspap_dir}/backups/${filename}.`date +%F-%R`" "${raspap_dir}/backups/${filename}" fi @@ -282,12 +282,12 @@ function default_configuration() { echo "Enabling persistent IP tables rules" if [ ! -f "/etc/iptables/iptables.rules" ]; then - sudo cp $webroot_dir/installers/iptables.rules /etc/iptables || install_error "Unable to move iptables.rules to /etc/iptables" + sudo cp "$webroot_dir/installers/iptables.rules" /etc/iptables || install_error "Unable to move iptables.rules to /etc/iptables" fi if [ ! -f "/etc/systemd/system/iptables.service" ]; then echo "Enabling iptables.service" - sudo cp $webroot_dir/installers/iptables.service /etc/systemd/system/ || install_error "Unable to move iptables.service file" + sudo cp "$webroot_dir/installers/iptables.service" /etc/systemd/system/ || install_error "Unable to move iptables.service file" sudo systemctl daemon-reload sudo systemctl enable iptables.service || install_error "Failed to enable iptables.service" sudo systemctl start iptables.service || install_error "Unable to start iptables.service" From 176593b81fe4fe3e8de8fb417b626483aaa13f26 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 12:10:03 +0000 Subject: [PATCH 26/59] Minor: newlines for readability --- installers/iptables.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/installers/iptables.service b/installers/iptables.service index ed98c87f..992acba6 100644 --- a/installers/iptables.service +++ b/installers/iptables.service @@ -3,12 +3,14 @@ Description=Packet Filtering Framework DefaultDependencies=no After=systemd-sysctl.service Before=sysinit.target + [Service] Type=oneshot ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules ExecStop=/etc/iptables/flush-iptables.sh RemainAfterExit=yes + [Install] WantedBy=multi-user.target From 125c203884e6a8a53dfe005e39482384ffa42bb5 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 13:49:06 +0000 Subject: [PATCH 27/59] Fix: tee output w/ sudo --- installers/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installers/common.sh b/installers/common.sh index 432ece4b..4cd29237 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -277,7 +277,7 @@ function default_configuration() { if [ ! -f $raspap_sysctl ]; then echo "Enabling IP forwarding" sudo touch $raspap_sysctl || install_error "Unable to create ${raspap_sysctl}" - sudo echo "net.ipv4.ip_forward = 1" >> $raspap_sysctl || install_error "Unable to append to ${raspap_sysctl}" + echo "net.ipv4.ip_forward = 1" | sudo tee -a $raspap_sysctl || install_error "Unable to append to ${raspap_sysctl}" fi echo "Enabling persistent IP tables rules" From 63dc8442ba5bbf9a133e1d6297c133a4377d6713 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 14:20:21 +0000 Subject: [PATCH 28/59] Fix: /etc/iptables/ dir absent on Raspbian --- installers/common.sh | 4 ++-- installers/iptables.service | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 4cd29237..edbf6c18 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -281,8 +281,8 @@ function default_configuration() { fi echo "Enabling persistent IP tables rules" - if [ ! -f "/etc/iptables/iptables.rules" ]; then - sudo cp "$webroot_dir/installers/iptables.rules" /etc/iptables || install_error "Unable to move iptables.rules to /etc/iptables" + if [ ! -f "/etc/iptables.raspap.rules" ]; then + sudo cp "$webroot_dir/installers/iptables.rules" /etc/iptables.raspap.rules || install_error "Unable to move iptables.rules" fi if [ ! -f "/etc/systemd/system/iptables.service" ]; then diff --git a/installers/iptables.service b/installers/iptables.service index 992acba6..cba5608d 100644 --- a/installers/iptables.service +++ b/installers/iptables.service @@ -6,8 +6,8 @@ Before=sysinit.target [Service] Type=oneshot -ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules -ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules +ExecStart=/sbin/iptables-restore /etc/iptables.raspap.rules +ExecReload=/sbin/iptables-restore /etc/iptables.raspap.rules ExecStop=/etc/iptables/flush-iptables.sh RemainAfterExit=yes From ac4f7be5bb25c19331a288b0ea091773f61c7fbf Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Fri, 20 Mar 2020 16:23:54 +0100 Subject: [PATCH 29/59] Update iptables.rules --- installers/iptables.rules | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/installers/iptables.rules b/installers/iptables.rules index c39dd4cb..6a26d4bb 100644 --- a/installers/iptables.rules +++ b/installers/iptables.rules @@ -1,4 +1,24 @@ # RaspAP iptables rules +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT DROP [0:0] + +# loopback +-A INPUT -i lo -j ACCEPT +-A OUTPUT -o lo -j ACCEPT +-A INPUT -d 127.0.0.1 -j ACCEPT +-A OUTPUT -s 127.0.0.1 -j ACCEPT + +# ACCEPT already ESTABLISHED connections +-A INPUT -p ALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT + +# ACCEPT all OUTPUT +-A OUTPUT -p ALL -o eth0 -j ACCEPT + +# SSH +-A INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -j ACCEPT + *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] From f2e08419705d0957c69d15aa4298ae3513c452ef Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 16:11:10 +0000 Subject: [PATCH 30/59] Revert "Fix ruleset with iptables + iptables-save" This reverts commit 0218f4beeae927404889f482de5775116aeb3455. --- installers/iptables.rules | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/installers/iptables.rules b/installers/iptables.rules index 6a26d4bb..c39dd4cb 100644 --- a/installers/iptables.rules +++ b/installers/iptables.rules @@ -1,24 +1,4 @@ # RaspAP iptables rules -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT DROP [0:0] - -# loopback --A INPUT -i lo -j ACCEPT --A OUTPUT -o lo -j ACCEPT --A INPUT -d 127.0.0.1 -j ACCEPT --A OUTPUT -s 127.0.0.1 -j ACCEPT - -# ACCEPT already ESTABLISHED connections --A INPUT -p ALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT - -# ACCEPT all OUTPUT --A OUTPUT -p ALL -o eth0 -j ACCEPT - -# SSH --A INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -j ACCEPT - *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] From 8dfed88ed3589b782287ca72bc77aedd5af0c241 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 16:18:42 +0000 Subject: [PATCH 31/59] Exec update-alternatives to use iptables-legacy. nftables replaces iptables on Debian 10 --- installers/common.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/installers/common.sh b/installers/common.sh index edbf6c18..4c9ee2c2 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -288,6 +288,7 @@ function default_configuration() { if [ ! -f "/etc/systemd/system/iptables.service" ]; then echo "Enabling iptables.service" sudo cp "$webroot_dir/installers/iptables.service" /etc/systemd/system/ || install_error "Unable to move iptables.service file" + sudo update-alternatives --set iptables /usr/sbin/iptables-legacy || install_error "Unable to execute update-alternatives" sudo systemctl daemon-reload sudo systemctl enable iptables.service || install_error "Failed to enable iptables.service" sudo systemctl start iptables.service || install_error "Unable to start iptables.service" From 8216a3f4ec2fa69466855f0d68143396e0a952c0 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 17:21:07 +0000 Subject: [PATCH 32/59] Added load sysctl settings --- installers/common.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/installers/common.sh b/installers/common.sh index 4c9ee2c2..12afd03f 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -278,6 +278,7 @@ function default_configuration() { echo "Enabling IP forwarding" sudo touch $raspap_sysctl || install_error "Unable to create ${raspap_sysctl}" echo "net.ipv4.ip_forward = 1" | sudo tee -a $raspap_sysctl || install_error "Unable to append to ${raspap_sysctl}" + sudo sysctl -p $raspap_sysctl || install_error "Unable to load sysctl settings from file" fi echo "Enabling persistent IP tables rules" From c56a48234f4f3240b97871882130c0ebca76b88c Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 17:43:46 +0000 Subject: [PATCH 33/59] Update dnsmasq.d path --- config/config.php | 2 +- includes/defaults.php | 2 +- installers/raspap.sudoers | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/config.php b/config/config.php index 29be0f94..bee93a02 100755 --- a/config/config.php +++ b/config/config.php @@ -9,7 +9,7 @@ define('RASPI_CACHE_PATH', sys_get_temp_dir() . '/raspap'); // Constants for configuration file paths. // These are typical for default RPi installs. Modify if needed. -define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.conf'); +define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.d/090_raspap.conf'); define('RASPI_DNSMASQ_LEASES', '/var/lib/misc/dnsmasq.leases'); define('RASPI_HOSTAPD_CONFIG', '/etc/hostapd/hostapd.conf'); define('RASPI_DHCPCD_CONFIG', '/etc/dhcpcd.conf'); diff --git a/includes/defaults.php b/includes/defaults.php index 4efbe056..ac85d562 100755 --- a/includes/defaults.php +++ b/includes/defaults.php @@ -13,7 +13,7 @@ $defaults = [ // Constants for configuration file paths. // These are typical for default RPi installs. Modify if needed. - 'RASPI_DNSMASQ_CONFIG' => '/etc/dnsmasq.conf', + 'RASPI_DNSMASQ_CONFIG' => '/etc/dnsmasq.d/090_raspap.conf', 'RASPI_DNSMASQ_LEASES' => '/var/lib/misc/dnsmasq.leases', 'RASPI_HOSTAPD_CONFIG' => '/etc/hostapd/hostapd.conf', 'RASPI_DHCPCD_CONFIG' => '/etc/dhcpcd.conf', diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers index 60b2e136..ee201fcb 100644 --- a/installers/raspap.sudoers +++ b/installers/raspap.sudoers @@ -19,7 +19,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client www-data ALL=(ALL) NOPASSWD:/bin/systemctl disable openvpn-client@client www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf -www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.conf +www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_raspap.conf www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf www-data ALL=(ALL) NOPASSWD:/sbin/shutdown -h now www-data ALL=(ALL) NOPASSWD:/sbin/reboot From 0b135fb2317cfa03cf16c75cff19ba5e7912952e Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 20 Mar 2020 20:13:33 +0000 Subject: [PATCH 34/59] WIP: Ubuntu 18.04 LTS support --- installers/common.sh | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 12afd03f..424db11b 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -30,7 +30,9 @@ fi # Set default home for lighttpd, dhcpcd5 and php package option # based on Linux OS, version -if [ "$RELEASE" -eq "10" ]; then +if [ "$RELEASE" = "18.04" ]; then + php_package="php7.4-cgi" +elif [ "$RELEASE" -eq "10" ]; then php_package="php7.3-cgi" elif [ "$RELEASE" -eq "9" ]; then php_package="php7.0-cgi" @@ -40,11 +42,13 @@ elif [ "$RELEASE" -lt "8" ]; then install_error "${DESC} is unsupported. Please install on a supported distro." fi -if [ ${OS,,} = "debian" ]; then +if [ ${OS,,} = "debian" ] || [ ${OS,,} = "ubuntu" ]; then dhcpcd_package="dhcpcd5" fi -if [ "$php_package" = "php7.3-cgi" ]; then +if [ "$php_package" = "php7.4-cgi" ]; then + phpcgiconf="/etc/php/7.4/cgi/php.ini" +elif [ "$php_package" = "php7.3-cgi" ]; then phpcgiconf="/etc/php/7.3/cgi/php.ini" elif [ "$php_package" = "php7.0-cgi" ]; then phpcgiconf="/etc/php/7.0/cgi/php.ini" @@ -62,12 +66,12 @@ function config_installation() { if [ "$assume_yes" == 0 ]; then read answer < /dev/tty if [ "$answer" != "${answer#[Nn]}" ]; then - read -e -p < /dev/tty "Enter alternate Lighttpd directory: " -i "/var/www/html" webroot_dir + read -e -p < /dev/tty "Enter alternate lighttpd directory: " -i "/var/www/html" webroot_dir fi else echo -e fi - echo "Install to Lighttpd directory: ${webroot_dir}" + echo "Installing to lighttpd directory: ${webroot_dir}" echo -n "Complete installation with these values? [Y/n]: " if [ "$assume_yes" == 0 ]; then read answer < /dev/tty @@ -83,6 +87,10 @@ function config_installation() { # Runs a system software update to make sure we're using all fresh packages function install_dependencies() { install_log "Installing required packages" + if [ "$php_package" = "php7.4-cgi" ]; then + echo "Adding apt-repository ppa:ondrej/php" + sudo add-apt-repository ppa:ondrej/php || install_error "Unable to add-apt-repository ppa:ondrej/php" + fi sudo apt-get install $apt_option lighttpd git hostapd dnsmasq $php_package $dhcpcd_package vnstat qrencode || install_error "Unable to install dependencies" } From 15d829c0b1cfbad4e4c394d64b41442e702eb789 Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 21 Mar 2020 08:07:40 +0000 Subject: [PATCH 35/59] Create configure_networking --- installers/common.sh | 67 +++++++++++++++++++++----------------------- 1 file changed, 32 insertions(+), 35 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 424db11b..645e2554 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -28,31 +28,23 @@ else install_error "Unsupported Linux distribution" fi -# Set default home for lighttpd, dhcpcd5 and php package option -# based on Linux OS, version -if [ "$RELEASE" = "18.04" ]; then - php_package="php7.4-cgi" -elif [ "$RELEASE" -eq "10" ]; then - php_package="php7.3-cgi" -elif [ "$RELEASE" -eq "9" ]; then - php_package="php7.0-cgi" -elif [ "$RELEASE" -eq "8" ]; then - install_error "${DESC} and php5 are not supported. Please upgrade." -elif [ "$RELEASE" -lt "8" ]; then - install_error "${DESC} is unsupported. Please install on a supported distro." -fi - -if [ ${OS,,} = "debian" ] || [ ${OS,,} = "ubuntu" ]; then - dhcpcd_package="dhcpcd5" -fi - -if [ "$php_package" = "php7.4-cgi" ]; then - phpcgiconf="/etc/php/7.4/cgi/php.ini" -elif [ "$php_package" = "php7.3-cgi" ]; then - phpcgiconf="/etc/php/7.3/cgi/php.ini" -elif [ "$php_package" = "php7.0-cgi" ]; then - phpcgiconf="/etc/php/7.0/cgi/php.ini" -fi +# Set php package option based on Linux release version, +# abort if unsupported distro +case $RELEASE in + "18.04") # Ubuntu 18.04 LTS + php_package="php7.4-cgi" + phpcgiconf="/etc/php/7.4/cgi/php.ini" ;; + "10") + php_package="php7.3-cgi" + phpcgiconf="/etc/php/7.3/cgi/php.ini" ;; + "9") + php_package="php7.0-cgi" + phpcgiconf="/etc/php/7.0/cgi/php.ini" ;; + "8") + install_error "${DESC} and php5 are not supported. Please upgrade." ;; + *) + install_error "${DESC} is unsupported. Please install on a supported distro." ;; +esac ### NOTE: all the below functions are overloadable for system-specific installs @@ -280,7 +272,20 @@ function default_configuration() { if [ ! -f "$webroot_dir/includes/config.php" ]; then sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php" fi +} +# Install and enable RaspAP daemon +function enable_raspap_daemon() { + install_log "Enabling RaspAP daemon" + echo "Disable with: sudo systemctl disable raspap.service" + sudo cp $webroot_dir/installers/raspap.service /etc/systemd/system/ || install_error "Unable to move raspap.service file" + sudo systemctl daemon-reload + sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service" +} + +# Configure IP forwarding, IP tables rules and RaspAP daemon +function configure_networking() { + install_log "Configuring networking" # Enable IP forwarding in /etc/sysctl.d/90_raspap.conf if [ ! -f $raspap_sysctl ]; then echo "Enabling IP forwarding" @@ -316,16 +321,7 @@ function default_configuration() { echo -e enable_raspap_daemon fi -} - -# Install and enable RaspAP daemon -function enable_raspap_daemon() { - install_log "Enabling RaspAP daemon" - echo "Disable with: sudo systemctl disable raspap.service" - sudo cp $webroot_dir/installers/raspap.service /etc/systemd/system/ || install_error "Unable to move raspap.service file" - sudo systemctl daemon-reload - sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service" -} + } # Add sudoers file to /etc/sudoers.d/ and set file permissions function patch_system_files() { @@ -435,6 +431,7 @@ function install_raspap() { create_lighttpd_scripts move_config_file default_configuration + configure_networking prompt_install_openvpn patch_system_files install_complete From a943942bdd8ecee6fa725c07b9170174d3f3f7c5 Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 21 Mar 2020 17:31:38 +0000 Subject: [PATCH 36/59] Refactor configure_networking, create get_linux_distro --- installers/common.sh | 118 ++++++++++++++++++++----------------------- 1 file changed, 55 insertions(+), 63 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 645e2554..fa6e7b60 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -8,49 +8,16 @@ raspap_dir="/etc/raspap" raspap_user="www-data" raspap_sudoers="/etc/sudoers.d/090_raspap" raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf" -raspap_sysctl="/etc/sysctl.d/90_raspap.conf" +raspap_iptables="/etc/raspap.iptables.rules" webroot_dir="/var/www/html" git_source_url="https://github.com/$repo" # $repo from install.raspap.com -# Fetch details for various Linux distros -if type lsb_release >/dev/null 2>&1; then # linuxbase.org - OS=$(lsb_release -si) - RELEASE=$(lsb_release -sr) - CODENAME=$(lsb_release -sc) - DESC=$(lsb_release -sd) -elif [ -f /etc/os-release ]; then # freedesktop.org - . /etc/os-release - OS=$ID - RELEASE=$VERSION_ID - CODENAME=$VERSION_CODENAME - DESC=$PRETTY_NAME -else - install_error "Unsupported Linux distribution" -fi - -# Set php package option based on Linux release version, -# abort if unsupported distro -case $RELEASE in - "18.04") # Ubuntu 18.04 LTS - php_package="php7.4-cgi" - phpcgiconf="/etc/php/7.4/cgi/php.ini" ;; - "10") - php_package="php7.3-cgi" - phpcgiconf="/etc/php/7.3/cgi/php.ini" ;; - "9") - php_package="php7.0-cgi" - phpcgiconf="/etc/php/7.0/cgi/php.ini" ;; - "8") - install_error "${DESC} and php5 are not supported. Please upgrade." ;; - *) - install_error "${DESC} is unsupported. Please install on a supported distro." ;; -esac - -### NOTE: all the below functions are overloadable for system-specific installs +# NOTE: all the below functions are overloadable for system-specific installs # Prompts user to set options for installation function config_installation() { install_log "Configure installation" + get_linux_distro echo "Detected OS: ${DESC}" echo "Using GitHub repository: ${repo} ${branch} branch" echo "Install directory: ${raspap_dir}" @@ -76,14 +43,56 @@ function config_installation() { fi } +# Determines host Linux distrubtion details +function get_linux_distro() { + if type lsb_release >/dev/null 2>&1; then # linuxbase.org + OS=$(lsb_release -si) + RELEASE=$(lsb_release -sr) + CODENAME=$(lsb_release -sc) + DESC=$(lsb_release -sd) + elif [ -f /etc/os-release ]; then # freedesktop.org + . /etc/os-release + OS=$ID + RELEASE=$VERSION_ID + CODENAME=$VERSION_CODENAME + DESC=$PRETTY_NAME + else + install_error "Unsupported Linux distribution" + fi +} + +# Sets php package option based on Linux release version, +# abort if unsupported distro +function set_php_package() { + case $RELEASE in + "18.04") # Ubuntu 18.04 LTS + php_package="php7.4-cgi" + phpcgiconf="/etc/php/7.4/cgi/php.ini" ;; + "10") + php_package="php7.3-cgi" + phpcgiconf="/etc/php/7.3/cgi/php.ini" ;; + "9") + php_package="php7.0-cgi" + phpcgiconf="/etc/php/7.0/cgi/php.ini" ;; + "8") + install_error "${DESC} and php5 are not supported. Please upgrade." ;; + *) + install_error "${DESC} is unsupported. Please install on a supported distro." ;; + esac +} + # Runs a system software update to make sure we're using all fresh packages function install_dependencies() { install_log "Installing required packages" + set_php_package if [ "$php_package" = "php7.4-cgi" ]; then echo "Adding apt-repository ppa:ondrej/php" sudo add-apt-repository ppa:ondrej/php || install_error "Unable to add-apt-repository ppa:ondrej/php" fi - sudo apt-get install $apt_option lighttpd git hostapd dnsmasq $php_package $dhcpcd_package vnstat qrencode || install_error "Unable to install dependencies" + # Set dconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections + sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || install_error "Unable to install dependencies" } # Enables PHP for lighttpd and restarts service for settings to take effect @@ -226,11 +235,6 @@ function check_for_old_configs() { sudo ln -sf "$raspap_dir/backups/dhcpcd.conf.`date +%F-%R`" "$raspap_dir/backups/dhcpcd.conf" fi - if [ -f $raspap_sysctl ]; then - sudo cp $raspap_sysctl "$raspap_dir/backups/sysctl.d.`date +%F-%R`" - sudo ln -sf "$raspap_dir/backups/sysctl.d.`date +%F-%R`" "$raspap_dir/backups/sysctl.d" - fi - for file in /etc/systemd/network/raspap-*.net*; do if [ -f "${file}" ]; then filename=$(basename $file) @@ -283,30 +287,18 @@ function enable_raspap_daemon() { sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service" } -# Configure IP forwarding, IP tables rules and RaspAP daemon +# Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon function configure_networking() { install_log "Configuring networking" - # Enable IP forwarding in /etc/sysctl.d/90_raspap.conf - if [ ! -f $raspap_sysctl ]; then - echo "Enabling IP forwarding" - sudo touch $raspap_sysctl || install_error "Unable to create ${raspap_sysctl}" - echo "net.ipv4.ip_forward = 1" | sudo tee -a $raspap_sysctl || install_error "Unable to append to ${raspap_sysctl}" - sudo sysctl -p $raspap_sysctl || install_error "Unable to load sysctl settings from file" - fi + echo "Enabling IP forwarding" + sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf || install_error "Unable to set IP forwarding" + sudo sysctl -p /etc/sysctl.conf || install_error "Unable to execute sysctl" - echo "Enabling persistent IP tables rules" - if [ ! -f "/etc/iptables.raspap.rules" ]; then - sudo cp "$webroot_dir/installers/iptables.rules" /etc/iptables.raspap.rules || install_error "Unable to move iptables.rules" - fi - - if [ ! -f "/etc/systemd/system/iptables.service" ]; then - echo "Enabling iptables.service" - sudo cp "$webroot_dir/installers/iptables.service" /etc/systemd/system/ || install_error "Unable to move iptables.service file" - sudo update-alternatives --set iptables /usr/sbin/iptables-legacy || install_error "Unable to execute update-alternatives" - sudo systemctl daemon-reload - sudo systemctl enable iptables.service || install_error "Failed to enable iptables.service" - sudo systemctl start iptables.service || install_error "Unable to start iptables.service" - fi + echo "Creating IP tables rules" + sudo iptables -t nat -A POSTROUTING -j MASQUERADE || install_error "Unable to execute iptables" + sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE || install_error "Unable to execute iptables" + echo "Persisting IP tables rules" + sudo iptables-save | sudo tee $raspap_iptables # Prompt to install RaspAP daemon echo -n "Enable RaspAP control service (Recommended)? [Y/n]: " From 26a28a0123500ef8d2d121ade4bb6783d210df41 Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 21 Mar 2020 23:37:05 +0000 Subject: [PATCH 37/59] Persist IP forwarding + iptables, update raspapd --- installers/common.sh | 9 +++++---- installers/raspap.service | 5 ++--- installers/servicestart.sh | 10 +--------- 3 files changed, 8 insertions(+), 16 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index fa6e7b60..89aecd3f 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -8,7 +8,7 @@ raspap_dir="/etc/raspap" raspap_user="www-data" raspap_sudoers="/etc/sudoers.d/090_raspap" raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf" -raspap_iptables="/etc/raspap.iptables.rules" +raspap_sysctl="/etc/sysctl.d/90_raspap.conf" webroot_dir="/var/www/html" git_source_url="https://github.com/$repo" # $repo from install.raspap.com @@ -291,14 +291,15 @@ function enable_raspap_daemon() { function configure_networking() { install_log "Configuring networking" echo "Enabling IP forwarding" - sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf || install_error "Unable to set IP forwarding" - sudo sysctl -p /etc/sysctl.conf || install_error "Unable to execute sysctl" + echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl || install_error "Unable to set IP forwarding" + sudo sysctl -p $raspap_sysctl || install_error "Unable to execute sysctl" + sudo /etc/init.d/procps restart || install_error "Unable to execute procps" echo "Creating IP tables rules" sudo iptables -t nat -A POSTROUTING -j MASQUERADE || install_error "Unable to execute iptables" sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE || install_error "Unable to execute iptables" echo "Persisting IP tables rules" - sudo iptables-save | sudo tee $raspap_iptables + sudo iptables-save | sudo tee /etc/iptables/rules.v4 # Prompt to install RaspAP daemon echo -n "Enable RaspAP control service (Recommended)? [Y/n]: " diff --git a/installers/raspap.service b/installers/raspap.service index 13dcccc1..5c1e28f4 100644 --- a/installers/raspap.service +++ b/installers/raspap.service @@ -1,5 +1,5 @@ ### BEGIN INIT INFO -# Provides: /etc/raspap/hostapd/servicestart +# Provides: raspapd # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 @@ -11,8 +11,7 @@ [Unit] Description=RaspAP Service Daemon DefaultDependencies=no -After=systemd-sysctl.service -Before=sysinit.target +After=network.target [Service] Type=oneshot diff --git a/installers/servicestart.sh b/installers/servicestart.sh index ba87ba2c..5f6145e3 100755 --- a/installers/servicestart.sh +++ b/installers/servicestart.sh @@ -3,7 +3,7 @@ # up network services in a specific order and timing to avoid race conditions. PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -NAME=raspap +NAME=raspapd DESC="Service control for RaspAP" CONFIGFILE="/etc/raspap/hostapd.ini" DAEMONPATH="/lib/systemd/system/raspap.service" @@ -36,7 +36,6 @@ set -- "${positional[@]}" echo "Stopping network services..." systemctl stop openvpn-client@client -systemctl stop systemd-networkd systemctl stop hostapd.service systemctl stop dnsmasq.service systemctl stop dhcpcd.service @@ -65,15 +64,8 @@ if [ -r "$CONFIGFILE" ]; then echo "Removing uap0 interface..." iw dev uap0 del - - echo "Enabling systemd-networkd" - systemctl start systemd-networkd - systemctl enable systemd-networkd fi else - echo "Disabling systemd-networkd" - systemctl disable systemd-networkd - echo "Removing br0 interface..." ip link set down br0 ip link del dev br0 From d799fc1de01af42fee1be40c0c89b7e427ada9d9 Mon Sep 17 00:00:00 2001 From: billz Date: Sun, 22 Mar 2020 09:06:23 +0000 Subject: [PATCH 38/59] WIP: raspap.service changes --- installers/common.sh | 2 +- installers/raspap.service | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 89aecd3f..ef39f5a4 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -282,7 +282,7 @@ function default_configuration() { function enable_raspap_daemon() { install_log "Enabling RaspAP daemon" echo "Disable with: sudo systemctl disable raspap.service" - sudo cp $webroot_dir/installers/raspap.service /etc/systemd/system/ || install_error "Unable to move raspap.service file" + sudo cp $webroot_dir/installers/raspap.service /lib/systemd/system/ || install_error "Unable to move raspap.service file" sudo systemctl daemon-reload sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service" } diff --git a/installers/raspap.service b/installers/raspap.service index 5c1e28f4..055603bc 100644 --- a/installers/raspap.service +++ b/installers/raspap.service @@ -2,11 +2,12 @@ # Provides: raspapd # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 +# Default-Start: S 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start RaspAP daemon at boot time -# Description: Enable service provided by daemon. +# Description: Enable service provided by daemon ### END INIT INFO +# Author: BillZ [Unit] Description=RaspAP Service Daemon From 07b2e6d07a818c856d404e2c862b631fdd875930 Mon Sep 17 00:00:00 2001 From: billz Date: Sun, 22 Mar 2020 11:47:47 +0000 Subject: [PATCH 39/59] Update stop/start systemd-networkd --- installers/servicestart.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/installers/servicestart.sh b/installers/servicestart.sh index 5f6145e3..d89e044f 100755 --- a/installers/servicestart.sh +++ b/installers/servicestart.sh @@ -58,14 +58,24 @@ if [ -r "$CONFIGFILE" ]; then if [ "${config[BridgedEnable]}" = 1 ]; then if [ "${interface}" = "br0" ]; then + echo "Stopping systemd-networkd" + systemctl stop systemd-networkd + echo "Restarting eth0 interface..." ip link set down eth0 ip link set up eth0 echo "Removing uap0 interface..." iw dev uap0 del + + echo "Restarting systemd-networkd" + systemctl start systemd-networkd + systemctl enable systemd-networkd fi else + echo "Disabling systemd-networkd" + systemctl disable systemd-networkd + echo "Removing br0 interface..." ip link set down br0 ip link del dev br0 From 409545f4c3458c424903f51f0da58d6bdde3835a Mon Sep 17 00:00:00 2001 From: billz Date: Sun, 22 Mar 2020 11:48:33 +0000 Subject: [PATCH 40/59] Direct output to /dev/null, error handling --- installers/common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index ef39f5a4..830d40fe 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -291,7 +291,7 @@ function enable_raspap_daemon() { function configure_networking() { install_log "Configuring networking" echo "Enabling IP forwarding" - echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl || install_error "Unable to set IP forwarding" + echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl > /dev/null || install_error "Unable to set IP forwarding" sudo sysctl -p $raspap_sysctl || install_error "Unable to execute sysctl" sudo /etc/init.d/procps restart || install_error "Unable to execute procps" @@ -299,7 +299,7 @@ function configure_networking() { sudo iptables -t nat -A POSTROUTING -j MASQUERADE || install_error "Unable to execute iptables" sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE || install_error "Unable to execute iptables" echo "Persisting IP tables rules" - sudo iptables-save | sudo tee /etc/iptables/rules.v4 + sudo iptables-save | sudo tee /etc/iptables/rules.v4 > /dev/null || install_error "Unable to execute iptables-save" # Prompt to install RaspAP daemon echo -n "Enable RaspAP control service (Recommended)? [Y/n]: " From ba13a592ccdcb3ad18b1d4a6eb9c826864f08891 Mon Sep 17 00:00:00 2001 From: billz Date: Sun, 22 Mar 2020 13:40:34 +0000 Subject: [PATCH 41/59] Standardize service name raspapd --- installers/common.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index ef39f5a4..322368ac 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -281,10 +281,10 @@ function default_configuration() { # Install and enable RaspAP daemon function enable_raspap_daemon() { install_log "Enabling RaspAP daemon" - echo "Disable with: sudo systemctl disable raspap.service" - sudo cp $webroot_dir/installers/raspap.service /lib/systemd/system/ || install_error "Unable to move raspap.service file" + echo "Disable with: sudo systemctl disable raspapd.service" + sudo cp $webroot_dir/installers/raspapd.service /lib/systemd/system/ || install_error "Unable to move raspap.service file" sudo systemctl daemon-reload - sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service" + sudo systemctl enable raspapd.service || install_error "Failed to enable raspap.service" } # Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon From cc0d220e305be21c617ee3fa8e6cd8848f355201 Mon Sep 17 00:00:00 2001 From: billz Date: Sun, 22 Mar 2020 13:41:48 +0000 Subject: [PATCH 42/59] Restore stop/start systemd-networkd in bridge mode --- installers/servicestart.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/installers/servicestart.sh b/installers/servicestart.sh index 5f6145e3..076de9fb 100755 --- a/installers/servicestart.sh +++ b/installers/servicestart.sh @@ -1,12 +1,12 @@ #!/bin/bash -# When wireless client AP mode is enabled, this script handles starting +# When wireless client AP or Bridge mode is enabled, this script handles starting # up network services in a specific order and timing to avoid race conditions. PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin NAME=raspapd DESC="Service control for RaspAP" CONFIGFILE="/etc/raspap/hostapd.ini" -DAEMONPATH="/lib/systemd/system/raspap.service" +DAEMONPATH="/lib/systemd/system/raspapd.service" OPENVPNENABLED=$(pidof openvpn | wc -l) positional=() @@ -36,6 +36,7 @@ set -- "${positional[@]}" echo "Stopping network services..." systemctl stop openvpn-client@client +systemctl stop systemd-networkd systemctl stop hostapd.service systemctl stop dnsmasq.service systemctl stop dhcpcd.service @@ -64,8 +65,15 @@ if [ -r "$CONFIGFILE" ]; then echo "Removing uap0 interface..." iw dev uap0 del + + echo "Enabling systemd-networkd" + systemctl start systemd-networkd + systemctl enable systemd-networkd fi else + echo "Disabling systemd-networkd" + systemctl disable systemd-networkd + echo "Removing br0 interface..." ip link set down br0 ip link del dev br0 From bd1dd0a671eda518195e15123d087d7362df952c Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Sun, 22 Mar 2020 15:00:41 +0100 Subject: [PATCH 43/59] Delete iptables.rules --- installers/iptables.rules | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 installers/iptables.rules diff --git a/installers/iptables.rules b/installers/iptables.rules deleted file mode 100644 index c39dd4cb..00000000 --- a/installers/iptables.rules +++ /dev/null @@ -1,10 +0,0 @@ -# RaspAP iptables rules -*nat -:PREROUTING ACCEPT [0:0] -:INPUT ACCEPT [0:0] -:POSTROUTING ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] --A POSTROUTING -j MASQUERADE --A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE -COMMIT - From 3e13971012d57e3021e1ed37d62f441f52f17b5d Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Sun, 22 Mar 2020 15:01:14 +0100 Subject: [PATCH 44/59] Delete iptables.service --- installers/iptables.service | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 installers/iptables.service diff --git a/installers/iptables.service b/installers/iptables.service deleted file mode 100644 index cba5608d..00000000 --- a/installers/iptables.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Packet Filtering Framework -DefaultDependencies=no -After=systemd-sysctl.service -Before=sysinit.target - -[Service] -Type=oneshot -ExecStart=/sbin/iptables-restore /etc/iptables.raspap.rules -ExecReload=/sbin/iptables-restore /etc/iptables.raspap.rules -ExecStop=/etc/iptables/flush-iptables.sh -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target - From 271064dbdb5a22f5a73bff6529019c6a02dd158e Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Sun, 22 Mar 2020 15:02:13 +0100 Subject: [PATCH 45/59] Rename raspap.service to raspapd.service --- installers/{raspap.service => raspapd.service} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename installers/{raspap.service => raspapd.service} (100%) diff --git a/installers/raspap.service b/installers/raspapd.service similarity index 100% rename from installers/raspap.service rename to installers/raspapd.service From e46929b5054b63ca640d0b7ad6f267d114e81b05 Mon Sep 17 00:00:00 2001 From: billz Date: Sun, 22 Mar 2020 18:16:57 +0000 Subject: [PATCH 46/59] Update set dchpcd_package option --- installers/common.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/installers/common.sh b/installers/common.sh index 11d40761..a85b6c36 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -87,8 +87,12 @@ function install_dependencies() { set_php_package if [ "$php_package" = "php7.4-cgi" ]; then echo "Adding apt-repository ppa:ondrej/php" + sudo apt-get install software-properties-common || install_error "Unable to install dependency" sudo add-apt-repository ppa:ondrej/php || install_error "Unable to add-apt-repository ppa:ondrej/php" fi + if [ ${OS,,} = "debian" ] || [ ${OS,,} = "ubuntu" ]; then + dhcpcd_package="dhcpcd5" + fi # Set dconf-set-selections echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections From aa497b46e4a8e977935da4e39ee3e9660e064210 Mon Sep 17 00:00:00 2001 From: billz Date: Mon, 23 Mar 2020 09:31:18 +0000 Subject: [PATCH 47/59] Update comments, apply best practices --- installers/common.sh | 286 +++++++++++++++++++++-------------------- installers/mkcert.sh | 102 ++++++++------- installers/raspbian.sh | 29 +++-- 3 files changed, 221 insertions(+), 196 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index a85b6c36..96edf7a8 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -1,23 +1,34 @@ #!/bin/bash # -# RaspAP installation functions. -# author: @billz -# license: GNU General Public License v3.0 +# RaspAP installation functions +# Author: @billz +# License: GNU General Public License v3.0 +# +# You are not obligated to bundle the LICENSE file with your RaspAP projects as long +# as you leave these references intact in the header comments of your source files. -raspap_dir="/etc/raspap" -raspap_user="www-data" -raspap_sudoers="/etc/sudoers.d/090_raspap" -raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf" -raspap_sysctl="/etc/sysctl.d/90_raspap.conf" +# Exit on error +set -o errexit +# Exit on error inside functions +set -o errtrace +# Turn on traces, disabled by default +# set -o xtrace + +# Set defaults +readonly raspap_dir="/etc/raspap" +readonly raspap_user="www-data" +readonly raspap_sudoers="/etc/sudoers.d/090_raspap" +readonly raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf" +readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf" webroot_dir="/var/www/html" git_source_url="https://github.com/$repo" # $repo from install.raspap.com # NOTE: all the below functions are overloadable for system-specific installs -# Prompts user to set options for installation -function config_installation() { - install_log "Configure installation" - get_linux_distro +# Prompts user to set installation options +function _config_installation() { + _install_log "Configure installation" + _get_linux_distro echo "Detected OS: ${DESC}" echo "Using GitHub repository: ${repo} ${branch} branch" echo "Install directory: ${raspap_dir}" @@ -44,7 +55,7 @@ function config_installation() { } # Determines host Linux distrubtion details -function get_linux_distro() { +function _get_linux_distro() { if type lsb_release >/dev/null 2>&1; then # linuxbase.org OS=$(lsb_release -si) RELEASE=$(lsb_release -sr) @@ -57,13 +68,12 @@ function get_linux_distro() { CODENAME=$VERSION_CODENAME DESC=$PRETTY_NAME else - install_error "Unsupported Linux distribution" + _install_error "Unsupported Linux distribution" fi } -# Sets php package option based on Linux release version, -# abort if unsupported distro -function set_php_package() { +# Sets php package option based on Linux version, abort if unsupported distro +function _set_php_package() { case $RELEASE in "18.04") # Ubuntu 18.04 LTS php_package="php7.4-cgi" @@ -75,20 +85,20 @@ function set_php_package() { php_package="php7.0-cgi" phpcgiconf="/etc/php/7.0/cgi/php.ini" ;; "8") - install_error "${DESC} and php5 are not supported. Please upgrade." ;; + _install_error "${DESC} and php5 are not supported. Please upgrade." ;; *) - install_error "${DESC} is unsupported. Please install on a supported distro." ;; + _install_error "${DESC} is unsupported. Please install on a supported distro." ;; esac } # Runs a system software update to make sure we're using all fresh packages -function install_dependencies() { - install_log "Installing required packages" - set_php_package +function _install_dependencies() { + _install_log "Installing required packages" + _set_php_package if [ "$php_package" = "php7.4-cgi" ]; then echo "Adding apt-repository ppa:ondrej/php" - sudo apt-get install software-properties-common || install_error "Unable to install dependency" - sudo add-apt-repository ppa:ondrej/php || install_error "Unable to add-apt-repository ppa:ondrej/php" + sudo apt-get install software-properties-common || _install_error "Unable to install dependency" + sudo add-apt-repository ppa:ondrej/php || _install_error "Unable to add-apt-repository ppa:ondrej/php" fi if [ ${OS,,} = "debian" ] || [ ${OS,,} = "ubuntu" ]; then dhcpcd_package="dhcpcd5" @@ -96,129 +106,130 @@ function install_dependencies() { # Set dconf-set-selections echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections - sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || install_error "Unable to install dependencies" + sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_error "Unable to install dependencies" } # Enables PHP for lighttpd and restarts service for settings to take effect -function enable_php_lighttpd() { - install_log "Enabling PHP for lighttpd" - +function _enable_php_lighttpd() { + _install_log "Enabling PHP for lighttpd" sudo lighttpd-enable-mod fastcgi-php sudo service lighttpd force-reload - sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd" + sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd" } # Verifies existence and permissions of RaspAP directory -function create_raspap_directories() { - install_log "Creating RaspAP directories" +function _create_raspap_directories() { + _install_log "Creating RaspAP directories" if [ -d "$raspap_dir" ]; then - sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || install_error "Unable to move old '$raspap_dir' out of the way" + sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || _install_error "Unable to move old '$raspap_dir' out of the way" fi - sudo mkdir -p "$raspap_dir" || install_error "Unable to create directory '$raspap_dir'" + sudo mkdir -p "$raspap_dir" || _install_error "Unable to create directory '$raspap_dir'" # Create a directory for existing file backups. sudo mkdir -p "$raspap_dir/backups" # Create a directory to store networking configs + echo "Creating $raspap_dir/networking" sudo mkdir -p "$raspap_dir/networking" # Copy existing dhcpcd.conf to use as base config - cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults - - sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'" + echo "Adding /etc/dhcpcd.conf as base configuration" + cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null + echo "Changing file ownership of $raspap_dir" + sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_error "Unable to change file ownership for '$raspap_dir'" } # Generate hostapd logging and service control scripts -function create_hostapd_scripts() { - install_log "Creating hostapd logging & control scripts" - sudo mkdir $raspap_dir/hostapd || install_error "Unable to create directory '$raspap_dir/hostapd'" +function _create_hostapd_scripts() { + _install_log "Creating hostapd logging & control scripts" + sudo mkdir $raspap_dir/hostapd || _install_error "Unable to create directory '$raspap_dir/hostapd'" # Move logging shell scripts - sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || install_error "Unable to move logging scripts" + sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || _install_error "Unable to move logging scripts" # Move service control shell scripts - sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || install_error "Unable to move service control scripts" + sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || _install_error "Unable to move service control scripts" # Make enablelog.sh and disablelog.sh not writable by www-data group. - sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || install_error "Unable change owner and/or group" - sudo chmod 750 "$raspap_dir/hostapd/"*.sh || install_error "Unable to change file permissions" + sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || _install_error "Unable change owner and/or group" + sudo chmod 750 "$raspap_dir/hostapd/"*.sh || _install_error "Unable to change file permissions" } # Generate lighttpd service control scripts -function create_lighttpd_scripts() { - install_log "Creating lighttpd control scripts" - sudo mkdir $raspap_dir/lighttpd || install_error "Unable to create directory '$raspap_dir/lighttpd" +function _create_lighttpd_scripts() { + _install_log "Creating lighttpd control scripts" + sudo mkdir $raspap_dir/lighttpd || _install_error "Unable to create directory '$raspap_dir/lighttpd" # Move service control shell scripts - sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || install_error "Unable to move service control scripts" + sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || _install_error "Unable to move service control scripts" # Make configport.sh writable by www-data group - sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || install_error "Unable change owner and/or group" - sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || install_error "Unable to change file permissions" + sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || _install_error "Unable change owner and/or group" + sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || _install_error "Unable to change file permissions" } # Prompt to install openvpn -function prompt_install_openvpn() { - install_log "Setting up OpenVPN support (beta)" +function _prompt_install_openvpn() { + _install_log "Setting up OpenVPN support" echo -n "Install OpenVPN and enable client configuration? [Y/n]: " if [ "$assume_yes" == 0 ]; then read answer < /dev/tty if [ "$answer" != "${answer#[Nn]}" ]; then echo -e else - install_openvpn + _install_openvpn fi elif [ "$ovpn_option" == 1 ]; then - install_openvpn + _install_openvpn fi } # Install openvpn and enable client configuration option -function install_openvpn() { - install_log "Installing OpenVPN and enabling client configuration" - sudo apt-get install -y openvpn || install_error "Unable to install openvpn" - sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || install_error "Unable to modify config.php" +function _install_openvpn() { + _install_log "Installing OpenVPN and enabling client configuration" + sudo apt-get install -y openvpn || _install_error "Unable to install openvpn" + sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_error "Unable to modify config.php" echo "Enabling openvpn-client service on boot" - sudo systemctl enable openvpn-client@client || install_error "Unable to enable openvpn-client daemon" - create_openvpn_scripts || install_error "Unable to create openvpn control scripts" + sudo systemctl enable openvpn-client@client || _install_error "Unable to enable openvpn-client daemon" + _create_openvpn_scripts || _install_error "Unable to create openvpn control scripts" } # Generate openvpn logging and auth control scripts -function create_openvpn_scripts() { - install_log "Creating OpenVPN control scripts" - sudo mkdir $raspap_dir/openvpn || install_error "Unable to create directory '$raspap_dir/openvpn'" +function _create_openvpn_scripts() { + _install_log "Creating OpenVPN control scripts" + sudo mkdir $raspap_dir/openvpn || _install_error "Unable to create directory '$raspap_dir/openvpn'" # Move service auth control shell scripts - sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || install_error "Unable to move auth control script" + sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || _install_error "Unable to move auth control script" # Make configauth.sh writable by www-data group - sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || install_error "Unable change owner and/or group" - sudo chmod 750 "$raspap_dir/openvpn/"*.sh || install_error "Unable to change file permissions" + sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || _install_error "Unable change owner and/or group" + sudo chmod 750 "$raspap_dir/openvpn/"*.sh || _install_error "Unable to change file permissions" } # Fetches latest files from github to webroot -function download_latest_files() { +function _download_latest_files() { if [ ! -d "$webroot_dir" ]; then - sudo mkdir -p $webroot_dir || install_error "Unable to create new webroot directory" + sudo mkdir -p $webroot_dir || _install_error "Unable to create new webroot directory" fi if [ -d "$webroot_dir" ]; then - sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || install_error "Unable to remove old webroot directory" + sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || _install_error "Unable to remove old webroot directory" fi - install_log "Cloning latest files from github" - git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || install_error "Unable to download files from github" + _install_log "Cloning latest files from github" + git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || _install_error "Unable to download files from github" - sudo mv /tmp/raspap-webgui $webroot_dir || install_error "Unable to move raspap-webgui to web root" + sudo mv /tmp/raspap-webgui $webroot_dir || _install_error "Unable to move raspap-webgui to web root" } # Sets files ownership in web root directory -function change_file_ownership() { +function _change_file_ownership() { if [ ! -d "$webroot_dir" ]; then - install_error "Web root directory doesn't exist" + _install_error "Web root directory doesn't exist" fi - install_log "Changing file ownership in web root directory" - sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || install_error "Unable to change file ownership for '$webroot_dir'" + _install_log "Changing file ownership in web root directory" + sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || _install_error "Unable to change file ownership for '$webroot_dir'" } # Check for existing configuration files -function check_for_old_configs() { +function _check_for_old_configs() { if [ -f /etc/network/interfaces ]; then sudo cp /etc/network/interfaces "$raspap_dir/backups/interfaces.`date +%F-%R`" sudo ln -sf "$raspap_dir/backups/interfaces.`date +%F-%R`" "$raspap_dir/backups/interfaces" @@ -249,33 +260,33 @@ function check_for_old_configs() { } # Move configuration file to the correct location -function move_config_file() { +function _move_config_file() { if [ ! -d "$raspap_dir" ]; then - install_error "'$raspap_dir' directory doesn't exist" + _install_error "'$raspap_dir' directory doesn't exist" fi - install_log "Moving configuration file to '$raspap_dir'" - sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || install_error "Unable to move files to '$raspap_dir'" - sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'" + _install_log "Moving configuration file to '$raspap_dir'" + sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || _install_error "Unable to move files to '$raspap_dir'" + sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_error "Unable to change file ownership for '$raspap_dir'" } # Set up default configuration -function default_configuration() { - install_log "Applying default configuration to installed services" +function _default_configuration() { + _install_log "Applying default configuration to installed services" if [ -f /etc/default/hostapd ]; then - sudo mv /etc/default/hostapd /tmp/default_hostapd.old || install_error "Unable to remove old /etc/default/hostapd file" + sudo mv /etc/default/hostapd /tmp/default_hostapd.old || _install_error "Unable to remove old /etc/default/hostapd file" fi - sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || install_error "Unable to move hostapd defaults file" - sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || install_error "Unable to move hostapd configuration file" - sudo cp $webroot_dir/config/dnsmasq.conf $raspap_dnsmasq || install_error "Unable to move dnsmasq configuration file" - sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || install_error "Unable to move dhcpcd configuration file" + sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || _install_error "Unable to move hostapd defaults file" + sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || _install_error "Unable to move hostapd configuration file" + sudo cp $webroot_dir/config/dnsmasq.conf $raspap_dnsmasq || _install_error "Unable to move dnsmasq configuration file" + sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || _install_error "Unable to move dhcpcd configuration file" [ -d /etc/dnsmasq.d ] || sudo mkdir /etc/dnsmasq.d sudo systemctl stop systemd-networkd sudo systemctl disable systemd-networkd - sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || install_error "Unable to move br0 netdev file" - sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || install_error "Unable to move br0 member file" + sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || _install_error "Unable to move br0 netdev file" + sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || _install_error "Unable to move br0 member file" if [ ! -f "$webroot_dir/includes/config.php" ]; then sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php" @@ -283,27 +294,27 @@ function default_configuration() { } # Install and enable RaspAP daemon -function enable_raspap_daemon() { - install_log "Enabling RaspAP daemon" +function _enable_raspap_daemon() { + _install_log "Enabling RaspAP daemon" echo "Disable with: sudo systemctl disable raspapd.service" - sudo cp $webroot_dir/installers/raspapd.service /lib/systemd/system/ || install_error "Unable to move raspap.service file" + sudo cp $webroot_dir/installers/raspapd.service /lib/systemd/system/ || _install_error "Unable to move raspap.service file" sudo systemctl daemon-reload - sudo systemctl enable raspapd.service || install_error "Failed to enable raspap.service" + sudo systemctl enable raspapd.service || _install_error "Failed to enable raspap.service" } # Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon -function configure_networking() { - install_log "Configuring networking" +function _configure_networking() { + _install_log "Configuring networking" echo "Enabling IP forwarding" - echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl > /dev/null || install_error "Unable to set IP forwarding" - sudo sysctl -p $raspap_sysctl || install_error "Unable to execute sysctl" - sudo /etc/init.d/procps restart || install_error "Unable to execute procps" + echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl > /dev/null || _install_error "Unable to set IP forwarding" + sudo sysctl -p $raspap_sysctl || _install_error "Unable to execute sysctl" + sudo /etc/init.d/procps restart || _install_error "Unable to execute procps" echo "Creating IP tables rules" - sudo iptables -t nat -A POSTROUTING -j MASQUERADE || install_error "Unable to execute iptables" - sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE || install_error "Unable to execute iptables" - echo "Persisting IP tables rules" - sudo iptables-save | sudo tee /etc/iptables/rules.v4 > /dev/null || install_error "Unable to execute iptables-save" + sudo iptables -t nat -A POSTROUTING -j MASQUERADE || _install_error "Unable to execute iptables" + sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE || _install_error "Unable to execute iptables" + echo "Persisting IP tables rules to /etc/iptables/rules.v4" + sudo iptables-save | sudo tee /etc/iptables/rules.v4 > /dev/null || _install_error "Unable to execute iptables-save" # Prompt to install RaspAP daemon echo -n "Enable RaspAP control service (Recommended)? [Y/n]: " @@ -312,42 +323,42 @@ function configure_networking() { if [ "$answer" != "${answer#[Nn]}" ]; then echo -e else - enable_raspap_daemon + _enable_raspap_daemon fi else echo -e - enable_raspap_daemon + _enable_raspap_daemon fi } # Add sudoers file to /etc/sudoers.d/ and set file permissions -function patch_system_files() { +function _patch_system_files() { # Create sudoers if not present if [ ! -f $raspap_sudoers ]; then - install_log "Adding raspap.sudoers to ${raspap_sudoers}" - sudo cp "$webroot_dir/installers/raspap.sudoers" $raspap_sudoers || install_error "Unable to apply raspap.sudoers to $raspap_sudoers" - sudo chmod 0440 $raspap_sudoers || install_error "Unable to change file permissions for $raspap_sudoers" + _install_log "Adding raspap.sudoers to ${raspap_sudoers}" + sudo cp "$webroot_dir/installers/raspap.sudoers" $raspap_sudoers || _install_error "Unable to apply raspap.sudoers to $raspap_sudoers" + sudo chmod 0440 $raspap_sudoers || _install_error "Unable to change file permissions for $raspap_sudoers" fi # Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces - install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces" + _install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces" if [ ! -f /usr/share/dhcpcd/hooks/10-wpa_supplicant ]; then sudo ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /etc/dhcp/dhclient-enter-hooks.d/ fi # Unmask and enable hostapd.service - install_log "Unmasking and enabling hostapd service" + _install_log "Unmasking and enabling hostapd service" sudo systemctl unmask hostapd.service sudo systemctl enable hostapd.service } # Optimize configuration of php-cgi. -function optimize_php() { - install_log "Optimize PHP configuration" +function _optimize_php() { + _install_log "Optimize PHP configuration" if [ ! -f "$phpcgiconf" ]; then - install_warning "PHP configuration could not be found." + _install_warning "PHP configuration could not be found." return fi @@ -389,15 +400,14 @@ function optimize_php() { if [ -f "/usr/sbin/phpenmod" ]; then sudo phpenmod opcache else - install_warning "phpenmod not found." + _install_warning "phpenmod not found." fi fi fi } -function install_complete() { - install_log "Installation completed!" - +function _install_complete() { + _install_log "Installation completed!" if [ "$assume_yes" == 0 ]; then # Prompt to reboot if wired ethernet (eth0) is connected. # With default_configuration this will create an active AP on restart. @@ -408,28 +418,28 @@ function install_complete() { echo "Installation reboot aborted." exit 0 fi - sudo shutdown -r now || install_error "Unable to execute shutdown" + sudo shutdown -r now || _install_error "Unable to execute shutdown" fi fi } -function install_raspap() { - display_welcome - config_installation - update_system_packages - install_dependencies - enable_php_lighttpd - create_raspap_directories - optimize_php - check_for_old_configs - download_latest_files - change_file_ownership - create_hostapd_scripts - create_lighttpd_scripts - move_config_file - default_configuration - configure_networking - prompt_install_openvpn - patch_system_files - install_complete +function _install_raspap() { + _display_welcome + _config_installation + _update_system_packages + _install_dependencies + _enable_php_lighttpd + _create_raspap_directories + _optimize_php + _check_for_old_configs + _download_latest_files + _change_file_ownership + _create_hostapd_scripts + _create_lighttpd_scripts + _move_config_file + _default_configuration + _configure_networking + _prompt_install_openvpn + _patch_system_files + _install_complete } diff --git a/installers/mkcert.sh b/installers/mkcert.sh index 73487b65..f583e775 100755 --- a/installers/mkcert.sh +++ b/installers/mkcert.sh @@ -1,19 +1,31 @@ #!/bin/bash # # RaspAP SSL certificate installation functions -# author: @billz -# license: GNU General Public License v3.0 +# Author: @billz +# License: GNU General Public License v3.0 +# +# You are not obligated to bundle the LICENSE file with your RaspAP projects as long +# as you leave these references intact in the header comments of your source files. +# Exit on error +set -o errexit +# Exit on error inside functions +set -o errtrace +# Turn on traces, disabled by default +# set -o xtrace + +# Set defaults certname=$HOSTNAME."local" lighttpd_ssl="/etc/lighttpd/ssl" lighttpd_conf="/etc/lighttpd/lighttpd.conf" webroot_dir="/var/www/html" -mkcert_version="1.4.1" +readonly mkcert_version="1.4.1" +readonly git_source_url="https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}" ### NOTE: all the below functions are overloadable for system-specific installs -function config_installation() { - install_log "Configure a new SSL certificate" +function _config_installation() { + _install_log "Configure a new SSL certificate" echo "Current system hostname is $HOSTNAME" echo -n "Create an SSL certificate for ${certname}? (Recommended) [y/N]" if [ $assume_yes == 0 ]; then @@ -35,10 +47,10 @@ function config_installation() { echo -e fi - install_divider + _install_divider echo "A new SSL certificate for: ${certname}" echo "will be installed to lighttpd SSL directory: ${lighttpd_ssl}" - install_divider + _install_divider echo -n "Complete installation with these values? [y/N]: " if [ $assume_yes == 0 ]; then read answer < /dev/tty @@ -52,43 +64,43 @@ function config_installation() { } # Installs pre-built mkcert binary for Arch Linux ARM -function install_mkcert() { - install_log "Fetching mkcert binary" - sudo wget -q https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || install_error "Unable to download mkcert" +function _install_mkcert() { + _install_log "Fetching mkcert binary" + sudo wget -q ${git_source_url}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || _install_error "Unable to download mkcert" sudo chmod +x /usr/local/bin/mkcert - install_log "Installing mkcert" - mkcert -install || install_error "Failed to install mkcert" + _install_log "Installing mkcert" + mkcert -install || _install_error "Failed to install mkcert" } # Generate a certificate for host -function generate_certificate() { - install_log "Generating a new certificate for $certname" +function _generate_certificate() { + _install_log "Generating a new certificate for $certname" cd $HOME - mkcert $certname "*.${certname}.local" $certname || install_error "Failed to generate certificate for $certname" + mkcert $certname "*.${certname}.local" $certname || _install_error "Failed to generate certificate for $certname" - install_log "Combining private key and certificate" - cat $certname+2-key.pem $certname+2.pem > $certname.pem || install_error "Failed to combine key and certificate" + _install_log "Combining private key and certificate" + cat $certname+2-key.pem $certname+2.pem > $certname.pem || _install_error "Failed to combine key and certificate" echo "OK" } # Create a directory for the combined .pem file in lighttpd -function create_lighttpd_dir() { - install_log "Creating SLL directory for lighttpd" +function _create_lighttpd_dir() { + _install_log "Creating SLL directory for lighttpd" if [ ! -d "$lighttpd_ssl" ]; then - sudo mkdir -p "$lighttpd_ssl" || install_error "Failed to create lighttpd directory" + sudo mkdir -p "$lighttpd_ssl" || _install_error "Failed to create lighttpd directory" fi echo "OK" - install_log "Setting permissions and moving .pem file" - chmod 400 "$HOME/$certname".pem || install_error "Unable to set permissions for .pem file" - sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || install_error "Unable to move .pem file" + _install_log "Setting permissions and moving .pem file" + chmod 400 "$HOME/$certname".pem || _install_error "Unable to set permissions for .pem file" + sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || _install_error "Unable to move .pem file" echo "OK" } # Generate config to enable SSL in lighttpd -function configure_lighttpd() { - install_log "Configuring lighttpd for SSL" +function _configure_lighttpd() { + _install_log "Configuring lighttpd for SSL" lines=( 'server.modules += ("mod_openssl")' '$SERVER["socket"] == ":443" {' @@ -110,22 +122,22 @@ function configure_lighttpd() { } # Copy rootCA.pem to RaspAP web root -function copy_rootca() { - install_log "Copying rootCA.pem to RaspAP web root" - sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || install_error "Unable to copy rootCA.pem to ${webroot_dir}" +function _copy_rootca() { + _install_log "Copying rootCA.pem to RaspAP web root" + sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || _install_error "Unable to copy rootCA.pem to ${webroot_dir}" echo "OK" } # Restart lighttpd service -function restart_lighttpd() { - install_log "Restarting lighttpd service" - sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd service" +function _restart_lighttpd() { + _install_log "Restarting lighttpd service" + sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd service" sudo systemctl status lighttpd.service } -function install_complete() { - install_log "SSL certificate install completed!" - install_divider +function _install_complete() { + _install_log "SSL certificate install completed!" + _install_divider printf '%s\n' \ "Open a browser and enter the address: http://$certname/rootCA.pem" \ "Download the root certificate to your client and add it to your system keychain." \ @@ -133,18 +145,18 @@ function install_complete() { "Finally, enter the address https://$certname in your browser." \ "Enjoy an encrypted SSL connection to RaspAP 🔒" \ "For advanced options, run mkcert -help" - install_divider + _install_divider } -function install_certificate() { - display_welcome - config_installation - install_mkcert - generate_certificate - create_lighttpd_dir - configure_lighttpd - copy_rootca - restart_lighttpd - install_complete +function _install_certificate() { + _display_welcome + _config_installation + _install_mkcert + _generate_certificate + _create_lighttpd_dir + _configure_lighttpd + _copy_rootca + _restart_lighttpd + _install_complete } diff --git a/installers/raspbian.sh b/installers/raspbian.sh index d7af588e..57cc458a 100755 --- a/installers/raspbian.sh +++ b/installers/raspbian.sh @@ -1,8 +1,8 @@ #!/bin/bash # # RaspAP Quick Installer -# author: @billz -# license: GNU General Public License v3.0 +# Author: @billz +# License: GNU General Public License v3.0 # # Usage: # @@ -27,13 +27,16 @@ # https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/common.sh # - or - # https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/mkcert.sh +# +# You are not obligated to bundle the LICENSE file with your RaspAP projects as long +# as you leave these references intact in the header comments of your source files. # Set defaults repo="billz/raspap-webgui" branch="master" assume_yes=0 ovpn_option=1 -RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) +readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' ) # Define usage notes usage=$(cat << EOF @@ -93,7 +96,7 @@ done UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/" # Outputs a welcome message -function display_welcome() { +function _display_welcome() { raspberry='\033[0;35m' green='\033[1;32m' @@ -111,29 +114,29 @@ function display_welcome() { } # Outputs a RaspAP Install log line -function install_log() { +function _install_log() { echo -e "\033[1;32mRaspAP Install: $*\033[m" } # Outputs a RaspAP Install Error log line and exits with status code 1 -function install_error() { +function _install_error() { echo -e "\033[1;37;41mRaspAP Install Error: $*\033[m" exit 1 } # Outputs a RaspAP Warning line -function install_warning() { +function _install_warning() { echo -e "\033[1;33mWarning: $*\033[m" } # Outputs a RaspAP divider -function install_divider() { +function _install_divider() { echo -e "\033[1;32m***************************************************************$*\033[m" } -function update_system_packages() { - install_log "Updating sources" - sudo apt-get update || install_error "Unable to update package list" +function _update_system_packages() { + _install_log "Updating sources" + sudo apt-get update || _install_error "Unable to update package list" } # Fetch required installer functions @@ -141,11 +144,11 @@ if [ "${install_cert:-}" = 1 ]; then source="mkcert" wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh - install_certificate || install_error "Unable to install certificate" + _install_certificate || _install_error "Unable to install certificate" else source="common" wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh - install_raspap || install_error "Unable to install RaspAP" + _install_raspap || _install_error "Unable to install RaspAP" fi From 1de12470d37ad0921fc7e27257fe8cfc0da287d5 Mon Sep 17 00:00:00 2001 From: billz Date: Tue, 24 Mar 2020 11:17:01 +0000 Subject: [PATCH 48/59] Replace update rc.local w/ iptables-save --- installers/configauth.sh | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/installers/configauth.sh b/installers/configauth.sh index 1300f8c3..9f4a2a28 100755 --- a/installers/configauth.sh +++ b/installers/configauth.sh @@ -22,26 +22,12 @@ if [ "$auth" = 1 ]; then fi fi -# Generate iptables entries to place into rc.local file. -# #RASPAP is for uninstall script -echo "Checking iptables rules for $interface" +# Configure NAT and forwarding with iptables +echo "Adding iptables rules for $interface" +sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE +sudo iptables -A FORWARD -i tun0 -o $interface -m state --state RELATED,ESTABLISHED -j ACCEPT +sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT -lines=( -"iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE #RASPAP" -"iptables -A FORWARD -i tun0 -o $interface -m state --state RELATED,ESTABLISHED -j ACCEPT #RASPAP" -"iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT #RASPAP" -) - -for line in "${lines[@]}"; do - if grep "$line" /etc/rc.local > /dev/null; then - echo "$line: Line already added" - else - sudo sed -i "s/^exit 0$/$line\nexit 0/" /etc/rc.local - echo "Adding rule: $line" - fi -done - -# Force a reload of new settings in /etc/rc.local -sudo systemctl restart rc-local.service -sudo systemctl daemon-reload +echo "Persisting IP tables rules" +sudo iptables-save | sudo tee /etc/iptables/rules.v4 > /dev/null From f92ec4ebdae6a76b9fce1526a62dd09aaa53902e Mon Sep 17 00:00:00 2001 From: billz Date: Tue, 24 Mar 2020 17:45:04 +0000 Subject: [PATCH 49/59] Check existing iptables rules --- installers/configauth.sh | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/installers/configauth.sh b/installers/configauth.sh index 9f4a2a28..239b3558 100755 --- a/installers/configauth.sh +++ b/installers/configauth.sh @@ -6,9 +6,17 @@ # @author billz # license: GNU General Public License v3.0 +# Exit on error +set -o errexit +# Exit on error inside functions +set -o errtrace +# Turn on traces, disabled by default +#set -o xtrace + file=$1 auth=$2 interface=$3 +readonly rulesv4="/etc/iptables/rules.v4" if [ "$auth" = 1 ]; then echo "Enabling auth-user-pass in OpenVPN client.conf" @@ -23,11 +31,26 @@ if [ "$auth" = 1 ]; then fi # Configure NAT and forwarding with iptables -echo "Adding iptables rules for $interface" -sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE -sudo iptables -A FORWARD -i tun0 -o $interface -m state --state RELATED,ESTABLISHED -j ACCEPT -sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT +echo "Checking iptables rules" +rules=( +"-A POSTROUTING -o tun0 -j MASQUERADE" +"-A FORWARD -i tun0 -o ${interface} -m state --state RELATED,ESTABLISHED -j ACCEPT" +"-A FORWARD -i wlan0 -o tun0 -j ACCEPT" +) -echo "Persisting IP tables rules" -sudo iptables-save | sudo tee /etc/iptables/rules.v4 > /dev/null +for rule in "${rules[@]}"; do + if grep -- "$rule" $rulesv4 > /dev/null; then + echo "Rule already exits: ${rule}" + else + rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule) + echo "Adding rule: ${rule}" + sudo iptables $rule + added=true + fi +done + +if [ "$added" = true ]; then + echo "Persisting IP tables rules" + sudo iptables-save | sudo tee /etc/iptables/rules.v4 > /dev/null +fi From 37adaf2cd0db47952aa2d32a6569e7d2c165d65b Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 25 Mar 2020 22:59:51 +0000 Subject: [PATCH 50/59] Check existing iptables rules.v4 --- installers/common.sh | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index 96edf7a8..5208058e 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -20,6 +20,7 @@ readonly raspap_user="www-data" readonly raspap_sudoers="/etc/sudoers.d/090_raspap" readonly raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf" readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf" +readonly rulesv4="/etc/iptables/rules.v4" webroot_dir="/var/www/html" git_source_url="https://github.com/$repo" # $repo from install.raspap.com @@ -310,11 +311,26 @@ function _configure_networking() { sudo sysctl -p $raspap_sysctl || _install_error "Unable to execute sysctl" sudo /etc/init.d/procps restart || _install_error "Unable to execute procps" - echo "Creating IP tables rules" - sudo iptables -t nat -A POSTROUTING -j MASQUERADE || _install_error "Unable to execute iptables" - sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE || _install_error "Unable to execute iptables" - echo "Persisting IP tables rules to /etc/iptables/rules.v4" - sudo iptables-save | sudo tee /etc/iptables/rules.v4 > /dev/null || _install_error "Unable to execute iptables-save" + echo "Checking iptables rules" + rules=( + "-A POSTROUTING -j MASQUERADE" + "-A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE" + ) + for rule in "${rules[@]}"; do + if grep -- "$rule" $rulesv4 > /dev/null; then + echo "Rule already exits: ${rule}" + else + rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule) + echo "Adding rule: ${rule}" + sudo iptables $rule || _install_error "Unable to execute iptables" + added=true + fi + done + # Persist rules if added + if [ "$added" = true ]; then + echo "Persisting IP tables rules" + sudo iptables-save | sudo tee $rulesv4 > /dev/null || _install_error "Unable to execute iptables-save" + fi # Prompt to install RaspAP daemon echo -n "Enable RaspAP control service (Recommended)? [Y/n]: " From 9592104190cc114b180e48bd540568461ace5d01 Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 25 Mar 2020 23:00:26 +0000 Subject: [PATCH 51/59] Replace hardcoded path with var --- installers/configauth.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installers/configauth.sh b/installers/configauth.sh index 239b3558..166c657b 100755 --- a/installers/configauth.sh +++ b/installers/configauth.sh @@ -51,6 +51,6 @@ done if [ "$added" = true ]; then echo "Persisting IP tables rules" - sudo iptables-save | sudo tee /etc/iptables/rules.v4 > /dev/null + sudo iptables-save | sudo tee $rulesv4 > /dev/null fi From 18b459032d30c7b8dd6784f2e6295cb46690635f Mon Sep 17 00:00:00 2001 From: billz Date: Thu, 26 Mar 2020 10:08:20 +0000 Subject: [PATCH 52/59] Added Ubuntu Server 19.10 to release check --- installers/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installers/common.sh b/installers/common.sh index 5208058e..73adf9ef 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -76,7 +76,7 @@ function _get_linux_distro() { # Sets php package option based on Linux version, abort if unsupported distro function _set_php_package() { case $RELEASE in - "18.04") # Ubuntu 18.04 LTS + "18.04"|"19.10") # Ubuntu Server php_package="php7.4-cgi" phpcgiconf="/etc/php/7.4/cgi/php.ini" ;; "10") From 82e489884b2e6ddf4377a4c4f03b912a0efe09b2 Mon Sep 17 00:00:00 2001 From: billz Date: Thu, 26 Mar 2020 17:25:34 +0000 Subject: [PATCH 53/59] Fix: RemainAfterExit=no --- installers/raspapd.service | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/installers/raspapd.service b/installers/raspapd.service index 055603bc..e097f32e 100644 --- a/installers/raspapd.service +++ b/installers/raspapd.service @@ -16,10 +16,10 @@ After=network.target [Service] Type=oneshot -ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3 -ExecReload=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3 +ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface wlan0 --seconds 3 +ExecReload=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface wlan0 --seconds 3 ExecStop=/bin/bash /etc/raspap/hostapd/servicestart.sh --action stop -RemainAfterExit=yes +RemainAfterExit=no [Install] WantedBy=multi-user.target From a5a1f09e84d4c881364d293c3bc8b0fc9ebaa5c4 Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 28 Mar 2020 09:39:19 +0000 Subject: [PATCH 54/59] Fix: update exec start/reload args --- installers/raspapd.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/installers/raspapd.service b/installers/raspapd.service index e097f32e..82117f22 100644 --- a/installers/raspapd.service +++ b/installers/raspapd.service @@ -16,8 +16,8 @@ After=network.target [Service] Type=oneshot -ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface wlan0 --seconds 3 -ExecReload=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface wlan0 --seconds 3 +ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --seconds 1 +ExecReload=/bin/bash /etc/raspap/hostapd/servicestart.sh --seconds 1 ExecStop=/bin/bash /etc/raspap/hostapd/servicestart.sh --action stop RemainAfterExit=no From 1b33935c014def49af22fe6083cf67580d1cffae Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 28 Mar 2020 10:56:56 +0000 Subject: [PATCH 55/59] Update after=multi-user.target --- installers/raspapd.service | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/installers/raspapd.service b/installers/raspapd.service index 82117f22..c5738465 100644 --- a/installers/raspapd.service +++ b/installers/raspapd.service @@ -12,13 +12,11 @@ [Unit] Description=RaspAP Service Daemon DefaultDependencies=no -After=network.target +After=multi-user.target [Service] Type=oneshot -ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --seconds 1 -ExecReload=/bin/bash /etc/raspap/hostapd/servicestart.sh --seconds 1 -ExecStop=/bin/bash /etc/raspap/hostapd/servicestart.sh --action stop +ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3 RemainAfterExit=no [Install] From 17d62acdd6fc09351e44647831c061a730227759 Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 28 Mar 2020 11:09:06 +0000 Subject: [PATCH 56/59] Added check for openvpn-client svc stop/start --- installers/servicestart.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/installers/servicestart.sh b/installers/servicestart.sh index dd70a813..4504e43e 100755 --- a/installers/servicestart.sh +++ b/installers/servicestart.sh @@ -35,7 +35,9 @@ done set -- "${positional[@]}" echo "Stopping network services..." -systemctl stop openvpn-client@client +if [ $OPENVPNENABLED -eq 1 ]; then + systemctl stop openvpn-client@client +fi systemctl stop systemd-networkd systemctl stop hostapd.service systemctl stop dnsmasq.service @@ -75,7 +77,7 @@ if [ -r "$CONFIGFILE" ]; then fi else echo "Disabling systemd-networkd" - systemctl disable systemd-networkd +- systemctl disable systemd-networkd echo "Removing br0 interface..." ip link set down br0 From 892a88e3cc526259391f42279b28fca5e0ad285b Mon Sep 17 00:00:00 2001 From: billz Date: Sun, 29 Mar 2020 14:14:12 +0000 Subject: [PATCH 57/59] test for $interface before changing daemon, chk status of br0 --- installers/raspapd.service | 2 +- installers/servicestart.sh | 13 ++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/installers/raspapd.service b/installers/raspapd.service index c5738465..a87832c0 100644 --- a/installers/raspapd.service +++ b/installers/raspapd.service @@ -16,7 +16,7 @@ After=multi-user.target [Service] Type=oneshot -ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3 +ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --seconds 3 RemainAfterExit=no [Install] diff --git a/installers/servicestart.sh b/installers/servicestart.sh index 4504e43e..0d6ea4de 100755 --- a/installers/servicestart.sh +++ b/installers/servicestart.sh @@ -48,7 +48,7 @@ if [ "${action}" = "stop" ]; then exit 0 fi -if [ -f "$DAEMONPATH" ]; then +if [ -f "$DAEMONPATH" ] && [ ! -z "$interface" ]; then echo "Changing RaspAP Daemon --interface to $interface" sed -i "s/\(--interface \)[[:alnum:]]*/\1$interface/" "$DAEMONPATH" fi @@ -77,11 +77,14 @@ if [ -r "$CONFIGFILE" ]; then fi else echo "Disabling systemd-networkd" -- systemctl disable systemd-networkd + systemctl disable systemd-networkd - echo "Removing br0 interface..." - ip link set down br0 - ip link del dev br0 + ip link ls up | grep -q 'br0' &> /dev/null + if [ $? == 0 ]; then + echo "Removing br0 interface..." + ip link set down br0 + ip link del dev br0 + fi if [ "${config[WifiAPEnable]}" = 1 ]; then if [ "${interface}" = "uap0" ]; then From cce45fa1bf323abc72976289f00e42f0c8272523 Mon Sep 17 00:00:00 2001 From: billz Date: Sun, 29 Mar 2020 14:46:18 +0000 Subject: [PATCH 58/59] restored default interface --- installers/raspapd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installers/raspapd.service b/installers/raspapd.service index a87832c0..c5738465 100644 --- a/installers/raspapd.service +++ b/installers/raspapd.service @@ -16,7 +16,7 @@ After=multi-user.target [Service] Type=oneshot -ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --seconds 3 +ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3 RemainAfterExit=no [Install] From e4ff789a502b34926d2e66a3d32cf48f665e9098 Mon Sep 17 00:00:00 2001 From: billz Date: Sun, 29 Mar 2020 15:08:33 +0000 Subject: [PATCH 59/59] add check for uap0 interface --- installers/servicestart.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/installers/servicestart.sh b/installers/servicestart.sh index 0d6ea4de..3e7cbadd 100755 --- a/installers/servicestart.sh +++ b/installers/servicestart.sh @@ -88,8 +88,12 @@ if [ -r "$CONFIGFILE" ]; then if [ "${config[WifiAPEnable]}" = 1 ]; then if [ "${interface}" = "uap0" ]; then - echo "Removing uap0 interface..." - iw dev uap0 del + + ip link ls up | grep -q 'uap0' &> /dev/null + if [ $? == 0 ]; then + echo "Removing uap0 interface..." + iw dev uap0 del + fi echo "Adding uap0 interface to ${config[WifiManaged]}" iw dev ${config[WifiManaged]} interface add uap0 type __ap