freedombone/src/freedombone-app-cjdns

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# cjdns functions
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# cjdns settings
ENABLE_CJDNS="no"
CJDNS_PRIVATE_KEY=
CJDNS_PUBLIC_KEY=
CJDNS_IPV6=
CJDNS_PASSWORD=
CJDNS_PORT=
CJDNS_REPO="https://github.com/cjdelisle/cjdns.git"
CJDNS_COMMIT='13189fde111d0500427a7a0ce06a970753527bca'
CJDCMD_REPO="https://github.com/inhies/cjdcmd"
CJDCMD_COMMIT='973cca6ed0eecf9041c3403a40193c0b1291b808'

function configure_firewall_for_cjdns {
	if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
		return
	fi
	if [[ $ENABLE_CJDNS != "yes" ]]; then
		return
	fi
	ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
	ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
	ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
	ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT

	function_check save_firewall_settings
	save_firewall_settings
	echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
}

function get_cjdns_public_key {
	if [ -f /home/$MY_USERNAME/README ]; then
		if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
			if [ ! $CJDNS_PUBLIC_KEY ]; then
				CJDNS_PUBLIC_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns public key" | awk -F ':' '{print $2}' | sed 's/^ *//')
			fi
		fi
	fi
}

function get_cjdns_private_key {
	if [ -f /home/$MY_USERNAME/README ]; then
		if grep -q "cjdns private key" /home/$MY_USERNAME/README; then
			if [ ! $CJDNS_PRIVATE_KEY ]; then
				CJDNS_PRIVATE_KEY=$(cat /home/$MY_USERNAME/README | grep "cjdns private key" | awk -F ':' '{print $2}' | sed 's/^ *//')
			fi
		fi
	fi
}

function get_cjdns_ipv6_address {
	if [ -f /home/$MY_USERNAME/README ]; then
		if grep -q "cjdns IPv6 address" /home/$MY_USERNAME/README; then
			if [ ! $CJDNS_IPV6 ]; then
				CJDNS_IPV6=$(cat /home/$MY_USERNAME/README | grep "cjdns IPv6 address" | awk -F ':' '{print $2}' | sed 's/^ *//')
			fi
		fi
	fi
}

function get_cjdns_port {
	if [ -f /home/$MY_USERNAME/README ]; then
		if grep -q "cjdns port" /home/$MY_USERNAME/README; then
			if [ ! $CJDNS_PORT ]; then
				CJDNS_PORT=$(cat /home/$MY_USERNAME/README | grep "cjdns port" | awk -F ':' '{print $2}' | sed 's/^ *//')
			fi
		fi
	fi
}

function get_cjdns_password {
	if [ -f /home/$MY_USERNAME/README ]; then
		if grep -q "cjdns password" /home/$MY_USERNAME/README; then
			if [ ! $CJDNS_PASSWORD ]; then
				CJDNS_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "cjdns password" | awk -F ':' '{print $2}' | sed 's/^ *//')
			fi
		fi
	fi
}

function remove_cjdns {
	if ! grep -Fxq "mesh_cjdns" $COMPLETION_FILE; then
		return
	fi
	service cjdns stop
	ip6tables -t nat -D POSTROUTING -o tun0 -j MASQUERADE
	ip6tables -D FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
	ip6tables -D INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
	ip6tables -D INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
	function_check save_firewall_settings
	save_firewall_settings

	rm -rf /etc/cjdns
	sed -i '/mesh_cjdns/d' $COMPLETION_FILE
	sed -i '/configure_firewall_for_cjdns/d' $COMPLETION_FILE
}

function mesh_cjdns {
	if [[ $ENABLE_CJDNS != "yes" ]]; then
		return
	fi

	# update to the next commit
	function_check set_repo_commit
	set_repo_commit /etc/cjdns "cjdns commit" "$CJDNS_COMMIT" $CJDNS_REPO

	if grep -Fxq "mesh_cjdns" $COMPLETION_FILE; then
		return
	fi

	apt-get -y install nodejs git build-essential nmap

	# if a README exists then obtain the cjdns parameters
	function_check get_cjdns_ipv6_address
	get_cjdns_ipv6_address

	function_check get_cjdns_public_key
	get_cjdns_public_key

	function_check get_cjdns_private_key
	get_cjdns_private_key

	function_check get_cjdns_port
	get_cjdns_port

	function_check get_cjdns_password
	get_cjdns_password

	# special compile settings for running ./do on the Beaglebone Black
	if [[ $INSTALLING_ON_BBB == "yes" ]]; then
		CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfpu=neon -ftree-vectorize -ffast-math -mfloat-abi=hard -marm -Wno-error=maybe-uninitialized"
		export LDFLAGS="$CFLAGS"
	fi

	if [ ! -d /etc/cjdns ]; then
		function_check git_pull
		git_clone $CJDNS_REPO /etc/cjdns
		cd /etc/cjdns

		git checkout $CJDNS_COMMIT -b $CJDNS_COMMIT
		if ! grep -q "cjdns commit" $COMPLETION_FILE; then
			echo "cjdns commit:$CJDNS_COMMIT" >> $COMPLETION_FILE
		else
			sed -i "s/cjdns commit.*/cjdns commit:$CJDNS_COMMIT/g" $COMPLETION_FILE
		fi

		./do
		if [ ! "$?" = "0" ]; then
			exit 7439
		fi
		# create a configuration
		if [ ! -f /etc/cjdns/cjdroute.conf ]; then
			./cjdroute --genconf > /etc/cjdns/cjdroute.conf
			if [ ! "$?" = "0" ]; then
				exit 5922
			fi
		fi
		# create a user to run as
		useradd cjdns
	else
		cd /etc/cjdns
		function_check git_pull
		git_pull $CJDNS_REPO
		./do
		if [ ! "$?" = "0" ]; then
			exit 9926
		fi
	fi

	# set permissions
	chown -R cjdns:cjdns /etc/cjdns
	chmod 600 /etc/cjdns/cjdroute.conf

	/sbin/ip tuntap add mode tun user cjdns dev cjdroute0

	# insert values into the configuration file
	if [ $CJDNS_PRIVATE_KEY ]; then
		sed -i "s/\"privateKey\":.*/\"privateKey\": \"$CJDNS_PRIVATE_KEY\",/g" /etc/cjdns/cjdroute.conf
	else
		CJDNS_PRIVATE_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"privateKey"' | awk -F '"' '{print $4}' | sed -n 1p)
	fi
	if [ $CJDNS_PUBLIC_KEY ]; then
		sed -i "s/\"publicKey\":.*/\"publicKey\": \"$CJDNS_PUBLIC_KEY\",/g" /etc/cjdns/cjdroute.conf
	else
		CJDNS_PUBLIC_KEY=$(cat /etc/cjdns/cjdroute.conf | grep '"publicKey"' | awk -F '"' '{print $4}' | sed -n 1p)
	fi
	if [ $CJDNS_IPV6 ]; then
		sed -i "s/\"ipv6\":.*/\"ipv6\": \"$CJDNS_IPV6\",/g" /etc/cjdns/cjdroute.conf
	else
		CJDNS_IPV6=$(cat /etc/cjdns/cjdroute.conf | grep '"ipv6"' | awk -F '"' '{print $4}' | sed -n 1p)
	fi
	if [ $CJDNS_PASSWORD ]; then
		sed -i "0,/{\"password\":.*/s//{\"password\": \"$CJDNS_PASSWORD\"}/g" /etc/cjdns/cjdroute.conf
	else
		CJDNS_PASSWORD=$(cat /etc/cjdns/cjdroute.conf | grep '"password"' | awk -F '"' '{print $4}' | sed -n 1p)
	fi
	if [ $CJDNS_PORT ]; then
		sed -i "s/\"bind\": \"0.0.0.0:.*/\"bind\": \"0.0.0.0:$CJDNS_PORT\",/g" /etc/cjdns/cjdroute.conf
	else
		CJDNS_PORT=$(cat /etc/cjdns/cjdroute.conf | grep '"bind": "0.0.0.0:' | awk -F '"' '{print $4}' | awk -F ':' '{print $2}' | sed -n 1p)
	fi

	function_check enable_ipv6
	enable_ipv6

	echo '#!/bin/sh -e' > /etc/init.d/cjdns
	echo '### BEGIN INIT INFO' >> /etc/init.d/cjdns
	echo '# hyperboria.sh - An init script (/etc/init.d/) for cjdns' >> /etc/init.d/cjdns
	echo '# Provides:          cjdroute' >> /etc/init.d/cjdns
	echo '# Required-Start:    $remote_fs $network' >> /etc/init.d/cjdns
	echo '# Required-Stop:     $remote_fs $network' >> /etc/init.d/cjdns
	echo '# Default-Start:     2 3 4 5' >> /etc/init.d/cjdns
	echo '# Default-Stop:      0 1 6' >> /etc/init.d/cjdns
	echo '# Short-Description: Cjdns router' >> /etc/init.d/cjdns
	echo '# Description:       A routing engine designed for security, scalability, speed and ease of use.' >> /etc/init.d/cjdns
	echo '# cjdns git repo:    https://github.com/cjdelisle/cjdns/' >> /etc/init.d/cjdns
	echo '### END INIT INFO' >> /etc/init.d/cjdns
	echo '' >> /etc/init.d/cjdns
	echo 'PROG="cjdroute"' >> /etc/init.d/cjdns
	echo 'GIT_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
	echo 'PROG_PATH="/etc/cjdns"' >> /etc/init.d/cjdns
	echo 'CJDNS_CONFIG="cjdroute.conf"' >> /etc/init.d/cjdns
	echo 'CJDNS_USER="cjdns"' >> /etc/init.d/cjdns
	echo "CJDNS_IP='$CJDNS_IPV6'" >> /etc/init.d/cjdns
	echo '' >> /etc/init.d/cjdns
	echo 'start() {' >> /etc/init.d/cjdns
	echo '     # Start it up with the user cjdns' >> /etc/init.d/cjdns
	echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
	echo '     then' >> /etc/init.d/cjdns
	echo '         echo "cjdroute is already running. Doing nothing..."' >> /etc/init.d/cjdns
	echo '     else' >> /etc/init.d/cjdns
	echo '         echo " * Starting cjdroute"' >> /etc/init.d/cjdns
	echo '         su -c "$PROG_PATH/$PROG < $PROG_PATH/$CJDNS_CONFIG" - $CJDNS_USER' >> /etc/init.d/cjdns
	echo '         /sbin/ip addr add $CJDNS_IP/8 dev tun0' >> /etc/init.d/cjdns
	echo '         /sbin/ip link set mtu 1312 dev tun0' >> /etc/init.d/cjdns
	echo '         /sbin/ip link set tun0 up' >> /etc/init.d/cjdns
	echo '         /sbin/ip tuntap add mode tun user cjdns dev tun0' >> /etc/init.d/cjdns
	echo '     fi' >> /etc/init.d/cjdns
	echo '}' >> /etc/init.d/cjdns
	echo '' >> /etc/init.d/cjdns
	echo 'stop() {' >> /etc/init.d/cjdns
	echo '' >> /etc/init.d/cjdns
	echo '     if [ $(pgrep cjdroute | wc -l) != 2 ];' >> /etc/init.d/cjdns
	echo '     then' >> /etc/init.d/cjdns
	echo '         echo "cjdns isnt running."' >> /etc/init.d/cjdns
	echo '     else' >> /etc/init.d/cjdns
	echo '         echo "Killing cjdroute"' >> /etc/init.d/cjdns
	echo '         killall cjdroute' >> /etc/init.d/cjdns
	echo '     fi' >> /etc/init.d/cjdns
	echo '}' >> /etc/init.d/cjdns
	echo '' >> /etc/init.d/cjdns
	echo 'status() {' >> /etc/init.d/cjdns
	echo '     if [ $(pgrep cjdroute | wc -l) != 0 ];' >> /etc/init.d/cjdns
	echo '     then' >> /etc/init.d/cjdns
	echo '         echo "Cjdns is running"' >> /etc/init.d/cjdns
	echo '     else' >> /etc/init.d/cjdns
	echo '         echo "Cjdns is not running"' >> /etc/init.d/cjdns
	echo '     fi' >> /etc/init.d/cjdns
	echo '}' >> /etc/init.d/cjdns
	echo '' >> /etc/init.d/cjdns
	echo ' update() {' >> /etc/init.d/cjdns
	echo '     cd $GIT_PATH' >> /etc/init.d/cjdns
	echo '     echo "Updating..."' >> /etc/init.d/cjdns
	echo '     git pull' >> /etc/init.d/cjdns
	echo '     ./do' >> /etc/init.d/cjdns
	echo '}' >> /etc/init.d/cjdns
	echo '' >> /etc/init.d/cjdns
	echo '## Check to see if we are running as root first.' >> /etc/init.d/cjdns
	echo 'if [ "$(id -u)" != "0" ]; then' >> /etc/init.d/cjdns
	echo '    echo "This script must be run as root" 1>&2' >> /etc/init.d/cjdns
	echo '    exit 1' >> /etc/init.d/cjdns
	echo 'fi' >> /etc/init.d/cjdns
	echo '' >> /etc/init.d/cjdns
	echo 'case $1 in' >> /etc/init.d/cjdns
	echo '     start)' >> /etc/init.d/cjdns
	echo '         start' >> /etc/init.d/cjdns
	echo '         exit 0' >> /etc/init.d/cjdns
	echo '     ;;' >> /etc/init.d/cjdns
	echo '     stop)' >> /etc/init.d/cjdns
	echo '         stop' >> /etc/init.d/cjdns
	echo '         exit 0' >> /etc/init.d/cjdns
	echo '     ;;' >> /etc/init.d/cjdns
	echo '     reload|restart|force-reload)' >> /etc/init.d/cjdns
	echo '         stop' >> /etc/init.d/cjdns
	echo '         sleep 1' >> /etc/init.d/cjdns
	echo '         start' >> /etc/init.d/cjdns
	echo '         exit 0' >> /etc/init.d/cjdns
	echo '     ;;' >> /etc/init.d/cjdns
	echo '     status)' >> /etc/init.d/cjdns
	echo '         status' >> /etc/init.d/cjdns
	echo '         exit 0' >> /etc/init.d/cjdns
	echo '     ;;' >> /etc/init.d/cjdns
	echo '     update|upgrade)' >> /etc/init.d/cjdns
	echo '         update' >> /etc/init.d/cjdns
	echo '         stop' >> /etc/init.d/cjdns
	echo '         sleep 2' >> /etc/init.d/cjdns
	echo '         start' >> /etc/init.d/cjdns
	echo '         exit 0' >> /etc/init.d/cjdns
	echo '     ;;' >> /etc/init.d/cjdns
	echo '     **)' >> /etc/init.d/cjdns
	echo '         echo "Usage: $0 (start|stop|restart|status|update)" 1>&2' >> /etc/init.d/cjdns
	echo '         exit 1' >> /etc/init.d/cjdns
	echo '     ;;' >> /etc/init.d/cjdns
	echo 'esac' >> /etc/init.d/cjdns
	chmod +x /etc/init.d/cjdns
	update-rc.d cjdns defaults
	service cjdns start
	if [ ! "$?" = "0" ]; then
		systemctl status cjdns.service
		exit 8260
	fi

	apt-get -y install radvd
	echo 'interface eth0' > /etc/radvd.conf
	echo '{' >> /etc/radvd.conf
	echo '    AdvSendAdvert on;' >> /etc/radvd.conf
	echo '    prefix fdfc::1/64' >> /etc/radvd.conf
	echo '    {' >> /etc/radvd.conf
	echo '        AdvRouterAddr on;' >> /etc/radvd.conf
	echo '    };' >> /etc/radvd.conf
	echo '};' >> /etc/radvd.conf
	systemctl restart radvd
	if [ ! "$?" = "0" ]; then
		systemctl status radvd.service
		exit 4395
	fi

	if ! grep -q "# Mesh Networking (cjdns)" /etc/network/interfaces; then
		echo '' >> /etc/network/interfaces
		echo '# Mesh Networking (cjdns)' >> /etc/network/interfaces
		echo 'iface eth0 inet6 static' >> /etc/network/interfaces
		echo '    pre-up modprobe ipv6' >> /etc/network/interfaces
		echo '    address fdfc:0000:0000:0000:0000:0000:0000:0001' >> /etc/network/interfaces
		echo '    netmask 64' >> /etc/network/interfaces
		service network-manager restart
		if [ ! "$?" = "0" ]; then
			systemctl status networking.service
			exit 6949
		fi
	fi

	if ! grep -q $"Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
		CURRENT_IP_ADDRESS=$(ip addr show | grep "inet " | sed -n 2p | awk -F ' ' '{print $2}' | awk -F '/' '{print $1}')

		echo '' >> /home/$MY_USERNAME/README
		echo '' >> /home/$MY_USERNAME/README
		echo $'Mesh Networking (cjdns)' >> /home/$MY_USERNAME/README
		echo '=======================' >> /home/$MY_USERNAME/README
		echo $"cjdns IPv6 address: $CJDNS_IPV6" >> /home/$MY_USERNAME/README
		echo $"cjdns public key: $CJDNS_PUBLIC_KEY" >> /home/$MY_USERNAME/README
		echo $"cjdns private key: $CJDNS_PRIVATE_KEY" >> /home/$MY_USERNAME/README
		echo $"cjdns password: $CJDNS_PASSWORD" >> /home/$MY_USERNAME/README
		echo $"cjdns port: $CJDNS_PORT" >> /home/$MY_USERNAME/README
		echo '' >> /home/$MY_USERNAME/README
		echo $"Forward port $CJDNS_PORT from your internet router to the ${PROJECT_NAME}" >> /home/$MY_USERNAME/README
		echo '' >> /home/$MY_USERNAME/README
		echo $'Below is an example of your connection credentials' >> /home/$MY_USERNAME/README
		echo $'that you can give to other people so they can connect' >> /home/$MY_USERNAME/README
		echo $'to you using your default password' >> /home/$MY_USERNAME/README
		echo $'Adding a unique password for each user is advisable' >> /home/$MY_USERNAME/README
		echo $'so that leaks can be isolated.' >> /home/$MY_USERNAME/README
		echo '' >> /home/$MY_USERNAME/README
		echo "\"$CURRENT_IP_ADDRESS:$CJDNS_PORT\":{\"password\":\"$CJDNS_PASSWORD\",\"publicKey\":\"$CJDNS_PUBLIC_KEY\"}" >> /home/$MY_USERNAME/README
		echo '' >> /home/$MY_USERNAME/README
		echo $'More is not better. 3-5 cjdns peers is good. 30 peers is bad.' >> /home/$MY_USERNAME/README
		echo '' >> /home/$MY_USERNAME/README
		echo $'NEVER USE A PUBLIC PEER. These degrade the network and make it centralized.' >> /home/$MY_USERNAME/README
		echo $'Each node can handle many peers, but no node can handle the entire internet.' >> /home/$MY_USERNAME/README
		echo $'As this network grows any public peer will simply become saturated and' >> /home/$MY_USERNAME/README
		echo $'useless causing issues for the entire network.' >> /home/$MY_USERNAME/README
		echo $'Please report anyone offering you a public peer as they are promoting shared' >> /home/$MY_USERNAME/README
		echo $'passwords which could lead to people pretending to be you. A peering pass' >> /home/$MY_USERNAME/README
		echo $'should not contain someone elses nickname or info but should contain yours' >> /home/$MY_USERNAME/README
		echo $'to ensure it is not shared. It also helps when editing the conf to know who' >> /home/$MY_USERNAME/README
		echo $'each password is for.' >> /home/$MY_USERNAME/README
		echo '' >> /home/$MY_USERNAME/README
		echo $'Possible cjdns destinations of interest:' >> /home/$MY_USERNAME/README
		echo '    http://transitiontech.ca/faq' >> /home/$MY_USERNAME/README
		echo '    http://cjdns.ca/hypeirc.txt' >> /home/$MY_USERNAME/README
		chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
		chmod 600 /home/$MY_USERNAME/README
	fi

	function_check configure_firewall_for_cjdns
	configure_firewall_for_cjdns

	echo 'mesh_cjdns' >> $COMPLETION_FILE
}

function mesh_cjdns_tools {
	if grep -Fxq "mesh_cjdns_tools" $COMPLETION_FILE; then
		return
	fi
	if [[ $ENABLE_CJDNS != "yes" ]]; then
		return
	fi
	if [ ! -d /etc/cjdns ]; then
		mesh_cjdns
	fi

	function_check select_go_version
	select_go_version

	apt-get -y install golang mercurial
	if [ ! -f ~/.bashrc ]; then
		touch ~/.bashrc
	fi

	if [ ! -d /home/git ]; then
		# add a gogs user account
		adduser --disabled-login --gecos 'Gogs' git

		# install Go
		if ! grep -q "export GOPATH=" ~/.bashrc; then
			echo "export GOPATH=$GOPATH" >> ~/.bashrc
		fi
		systemctl set-environment GOPATH=$GOPATH
		if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
			echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
		fi
		if [ ! -d $GOPATH ]; then
			mkdir -p $GOPATH
		fi
	fi

	if ! grep -q "export GOPATH=" ~/.bashrc; then
		echo "export GOPATH=$GOPATH" >> ~/.bashrc
	fi
	expected_go_path='export PATH=$PATH:'${GOPATH}'/bin'
	export PATH=$PATH:${GOPATH}/bin
	if ! grep -q "$expected_go_path" ~/.bashrc; then
		echo "$expected_go_path" >> ~/.bashrc
	fi
	export PATH=$PATH:$GOPATH/bin
	CJDCMD_REPO2=$(echo "$CJDCMD_REPO" | sed 's|https://||g')
	go get $CJDCMD_REPO2
	if [ ! -f $GOPATH/bin/cjdcmd ]; then
		echo $'cjdcmd was not compiled. Check your golang installation'
		exit 7439
	fi
	cp $GOPATH/bin/cjdcmd /usr/bin

	# initialise from the cjdns config
	/usr/bin/cjdcmd cjdnsadmin -file /etc/cjdns/cjdroute.conf

	echo 'mesh_cjdns_tools' >> $COMPLETION_FILE
}

# NOTE: deliberately no exit 0