Merge branch 'stretch' of https://github.com/bashrc/freedombone

doc/EN/mesh.org

  * [[./mesh_usage.html][How to use it]]
 
 #+BEGIN_CENTER
-[[file:images/mesh_architecture1.jpg]]
+[[file:images/mesh_logo.jpg]]
 #+END_CENTER
 
 Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small businesses who don't want the overhead of server maintenance, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies.

doc/EN/mesh_images.org

 wget https://freedombone.net/downloads/current/freedombone-mesh_beaglebone-armhf.img.xz.sig
 gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig
 sha256sum freedombone-mesh_beaglebone-armhf.img.xz
-45f131995e2f77188e7ddaf2b42ca3d8d48d821d37c7a31a21e2e6dcceaf510d
+60017999340a6559d1de76f3d78d9771c11de5eeefb3d3b812747ce306251e67
 unxz freedombone-mesh_beaglebone-armhf.img.xz
 sudo dd bs=1M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
 #+end_src
 wget https://freedombone.net/downloads/current/freedombone.tar.gz.sig
 gpg --verify freedombone.tar.gz.sig
 sha256sum freedombone.tar.gz
-024aedd3a264e963d791daaada347aba1295bc5caebba34ad9b19dc117a8cac9
+3d2a7f2bd7a3475832756b7bb63b96ba5fc4a4f4d7bffe86e685be9a3b41b958
 tar -xzvf freedombone.tar.gz
 cd freedombone
 git checkout stretch

src/freedombone-app-nextcloud

     fi
     chown -R www-data:www-data config
     chown -R www-data:www-data data
-    ./occ check
-    ./occ status
-    ./occ app:list
-    ./occ app:enable encryption
-    ./occ config:system:set appstoreenabled --value=false
+    sudo -u www-data ./occ check
+    sudo -u www-data ./occ status
+    sudo -u www-data ./occ app:list
+    sudo -u www-data ./occ app:enable encryption
+    sudo -u www-data ./occ encryption:enable
+    if [ ! "$?" = "0" ]; then
+        echo $'Encryption not enabled'
+        exit 73527
+    fi
+    sudo -u www-data ./occ encryption:status
+    sudo -u www-data ./occ config:system:set appstoreenabled --value=false
     chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
     chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
     chmod 0644 .htaccess

src/freedombone-app-vpn

     echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf
     echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf
     echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
+    echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel.conf
 
     sed -i 's|ENABLED=.*|ENABLED=1|g' $prefix/etc/default/stunnel4
 
     echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
     echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
     echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf
+    echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel-client.conf
 
     echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service
     echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service

src/freedombone-controlpanel

     ${PROJECT_NAME}-wifi --disable $disable_wifi
 }
 
+function add_clacks {
+    clacks=
+
+    data=$(tempfile 2>/dev/null)
+    trap "rm -f $data" 0 1 2 5 15
+    dialog --title $"Add Clacks Overhead" \
+           --backtitle $"Freedombone Control Panel" \
+           --inputbox $"" 7 60 2>$data
+    sel=$?
+    case $sel in
+        0)
+            clacks=$(<$data)
+            if [ ${#clacks} -gt 1 ]; then
+
+                WEB_FILES=/etc/nginx/sites-available/*
+                for f in $WEB_FILES
+                do
+                    if grep -q "X-Clacks-Overhead" $f; then
+                        sed -i "s|X-Clacks-Overhead .*|X-Clacks-Overhead \"GNU $clacks\";|g" $f
+                    else
+                        sed -i "/X-Content-Type-Options/a add_header X-Clacks-Overhead \"GNU $clacks\";" $f
+                    fi
+                done
+
+                systemctl restart nginx
+
+                dialog --title $"Add Clacks Overhead" \
+                       --msgbox $"\nAdded for $clacks" 10 60
+            fi
+            ;;
+    esac
+    rm $data
+}
+
 function menu_wifi {
     if [[ "$(wifi_exists)" == "0" ]]; then
         dialog --title $"Wifi" \
         trap "rm -f $data" 0 1 2 5 15
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Control Panel" \
-               --radiolist $"Choose an operation:" 29 70 21 \
+               --radiolist $"Choose an operation:" 30 70 22 \
                1 $"About this system" off \
                2 $"Passwords" off \
                3 $"Backup and Restore" off \
                15 $"Change the name of this system" off \
                16 $"Set a static local IP address" off \
                17 $"Wifi menu" off \
-               18 $"Check for updates" off \
-               19 $"Power off the system" off \
-               20 $"Restart the system" off \
-               21 $"Exit" on 2> $data
+               18 $"Add Clacks" off \
+               19 $"Check for updates" off \
+               20 $"Power off the system" off \
+               21 $"Restart the system" off \
+               22 $"Exit" on 2> $data
         sel=$?
         case $sel in
             1) exit 1;;
             15) change_system_name;;
             16) set_static_IP;;
             17) menu_wifi;;
-            18) check_for_updates;;
-            19) shut_down_system;;
-            20) restart_system;;
-            21) break;;
+            18) add_clacks;;
+            19) check_for_updates;;
+            20) shut_down_system;;
+            21) restart_system;;
+            22) break;;
         esac
     done
 }

src/freedombone-image

     IMAGE_NAME=$'mesh'
     # typically not much disk space is needed for a mesh node
     if [ ! $IMAGE_SIZE_SPECIFIED ]; then
-        IMAGE_SIZE=3G
+        IMAGE_SIZE=5G
     fi
 fi
 

src/freedombone-image-customise

 
     chroot "$rootdir" apt-get -yq install apt-transport-https
 
+    # install tor as a possible way of routing traffic between internet gateways
+    chroot "$rootdir" apt-get -yq install tor
+
     configure_firewall
     install_avahi
     install_batman

src/freedombone-image-mesh

         rm -rf /etc/openvpn/easy-rsa/keys/*
     fi
 
+    # Remove hidden service
+    if [ -d /var/lib/tor/hidden_service_mesh ]; then
+        rm -rf /var/lib/tor/hidden_service_mesh
+    fi
+
     # Remove any existing vpn client keys
     if [ -f /home/$MY_USERNAME/vpn.tar.gz ]; then
         rm /home/$MY_USERNAME/vpn.tar.gz
         chown ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/.config
     fi
 
+    systemctl stop tor
+    systemctl disable tor
+    echo $'TOR disabled' >> $INSTALL_LOG
+
     #tomb slam all
     tmp_ram_disk 100
     enable_predictable_device_names

src/freedombone-mesh-batman

         fi
     fi
 
+    # if we have an ethernet connection to an internet router then create
+    # an onion address for this peer
+    if [[ "$ethernet_connected" != "0" ]]; then
+        systemctl enable tor
+        systemctl start tor
+        HIDDEN_SERVICE_PATH=/var/lib/tor/hidden_service_
+        if [ ! -f ${HIDDEN_SERVICE_PATH}mesh/hostname ]; then
+            echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}mesh/" >> /etc/tor/torrc
+            echo "HiddenServicePort 653 127.0.0.1:653" >> /etc/tor/torrc
+            systemctl restart tor
+        fi
+    else
+        systemctl stop tor
+        systemctl disable tor
+    fi
+
     verify
 }
 

src/freedombone-mesh-connect

     fi
 }
 
-function connect_to_vpn {
-    dialog --title $"VPN Connect to another mesh network" \
-           --backtitle $"Freedombone Mesh" \
-           --defaultno \
-           --yesno $"\nHave you received the vpn.tar.gz file from the other mesh administrator, uncompressed it into the /home/fbone directory and also forwarded port $VPN_MESH_TLS_PORT from your internet router to this system?" 10 70
-    sel=$?
-    case $sel in
-        1) return;;
-        255) return;;
-    esac
+function connect_to_mesh {
+    connect_title=$"Connect to another mesh network"
+    HIDDEN_SERVICE_PATH=/var/lib/tor/hidden_service_mesh/hostname
+    if [ -f ${HIDDEN_SERVICE_PATH} ]; then
+        connect_title=$"Connect from $(cat $HIDDEN_SERVICE_PATH) to another mesh network"
+    fi
 
     data=$(tempfile 2>/dev/null)
     trap "rm -f $data" 0 1 2 5 15
-    dialog --title $"VPN Connect to another mesh network" \
+    dialog --title "$connect_title" \
            --backtitle $"Freedombone Mesh" \
            --inputbox $'Enter the IP address or domain name of the other mesh.' 10 60 2>$data
     sel=$?
             if [ ${#ip_or_domain} -gt 1 ]; then
                 if [[ "$ip_or_domain" == *'.'* ]]; then
 
+                    connect_failed=
                     if [ ! -f ~/client.ovpn ]; then
-                        rm $data
-                        exit 1
+                        connect_failed=1
                     fi
                     if [ ! -f ~/stunnel.pem ]; then
-                        rm $data
-                        exit 1
+                        connect_failed=1
                     fi
                     if [ ! -f ~/stunnel.p12 ]; then
+                        connect_failed=1
+                    fi
+
+                    if [ $connect_failed ]; then
+                        dialog --title $"Connect to another mesh network" \
+                               --msgbox $"\nObtain the vpn.tar.gz file from the other mesh administrator, uncompress it into the /home/fbone directory and also forwarded port $VPN_MESH_TLS_PORT from your internet router to this system." 10 50
                         rm $data
                         exit 1
                     fi
 esac
 case $(cat $data) in
     1) rm $data
-       connect_to_vpn;;
+       connect_to_mesh;;
     2) rm $data
        mesh_setup_vpn;;
 esac

src/freedombone-utils-nodejs

 function mesh_install_nodejs {
     mesh_install_nodejs_prefix=
     if [ $rootdir ]; then
-        if [[ $VARIANT == "mesh" ]]; then
-            return
-        fi
         mesh_install_nodejs_prefix="chroot $rootdir"
     fi
 

src/freedombone-utils-onion

     fi
     if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
         echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> /etc/tor/torrc
+        #echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
         echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
         if [ ${#onion_stealth_name} -gt 0 ]; then
             echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> /etc/tor/torrc

website/EN/mesh.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-10-27 Fri 13:10 -->
+<!-- 2017-11-01 Wed 18:58 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
 <div class="org-center">
 
 <div class="figure">
-<p><img src="images/mesh_architecture1.jpg" alt="mesh_architecture1.jpg" />
+<p><img src="images/mesh_logo.jpg" alt="mesh_logo.jpg" />
 </p>
 </div>
 </div>