All the things we did today
This commit is contained in:
parent
de44a793e1
commit
addf2a430e
17 changed files with 197 additions and 45 deletions
|
@ -1,22 +1,59 @@
|
|||
. /etc/vpnsecret
|
||||
|
||||
/bin/sleep 10
|
||||
|
||||
/bin/rm -f /var/log/wget
|
||||
/usr/bin/wget -O/etc/hosts https://admin360.kumi.host/hosts --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1
|
||||
|
||||
/usr/sbin/openvpn /etc/openvpn/client.conf &
|
||||
|
||||
ipaddr(){
|
||||
if="${1:-br-VPN360}"
|
||||
result=$(/sbin/ip -o -4 addr show dev "${if}" | /bin/sed 's/^.*inet // ; s/\/...*$//')
|
||||
result=$(/sbin/ip -o -4 addr show dev "${if}" 2&>/dev/null | /bin/sed 's/^.*inet // ; s/\/...*$//')
|
||||
/usr/bin/printf %s "${result}"
|
||||
tty -s && printf "\n"
|
||||
}
|
||||
|
||||
while [ True ]; do
|
||||
/bin/sleep 60;
|
||||
/bin/rm /var/log/wget
|
||||
/usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash;
|
||||
done
|
||||
|
||||
stopwifi(){
|
||||
/sbin/uci set wireless.radio1.disabled=1
|
||||
/sbin/uci commit
|
||||
}
|
||||
|
||||
startwifi(){
|
||||
/sbin/uci set wireless.radio1.disabled=0
|
||||
/sbin/uci commit
|
||||
/sbin/wifi
|
||||
}
|
||||
|
||||
restartwifi(){
|
||||
stopwifi
|
||||
startwifi
|
||||
}
|
||||
|
||||
. /etc/vpnsecret
|
||||
|
||||
/usr/bin/wget -O/etc/hosts https://admin360.kumi.host/hosts --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1
|
||||
|
||||
/sbin/uci set wireless.@wifi-iface[0].network="VPN360"
|
||||
/sbin/uci commit
|
||||
stopwifi
|
||||
|
||||
/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn &
|
||||
|
||||
/bin/sleep 60
|
||||
|
||||
if [ $(ipaddr) ]
|
||||
then
|
||||
startwifi
|
||||
while [ True ]
|
||||
do
|
||||
sleep 10
|
||||
if [ $(ipaddr) ]
|
||||
then
|
||||
/usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash
|
||||
fi
|
||||
done
|
||||
else
|
||||
/sbin/uci set wireless.@wifi-iface[0].network="DHCP"
|
||||
/sbin/uci commit
|
||||
startwifi
|
||||
/sbin/ip a add 192.168.36.1/24 dev br-DHCP
|
||||
/sbin/ifconfig br-DHCP down
|
||||
/sbin/ifconfig br-DHCP up
|
||||
while [ True ]
|
||||
do
|
||||
sleep 10
|
||||
/usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget | /bin/ash
|
||||
done
|
||||
fi
|
||||
|
||||
|
|
|
@ -35,3 +35,9 @@ config odhcpd 'odhcpd'
|
|||
option leasetrigger '/usr/sbin/odhcpd-update'
|
||||
option loglevel '4'
|
||||
|
||||
config dhcp 'DHCP'
|
||||
option start '100'
|
||||
option leasetime '12h'
|
||||
option limit '150'
|
||||
option interface 'DHCP'
|
||||
|
||||
|
|
|
@ -8,3 +8,8 @@ config defaults
|
|||
config include
|
||||
option path '/etc/firewall.user'
|
||||
|
||||
config include 'mwan3'
|
||||
option type 'script'
|
||||
option path '/var/etc/mwan3.include'
|
||||
option reload '1'
|
||||
|
||||
|
|
|
@ -14,6 +14,8 @@ config extern 'flash_keep'
|
|||
option uploads '/lib/uci/upload/'
|
||||
|
||||
config internal 'languages'
|
||||
option en 'English'
|
||||
option zh_cn '中文 (Chinese)'
|
||||
|
||||
config internal 'sauth'
|
||||
option sessionpath '/tmp/luci-sessions'
|
||||
|
@ -46,3 +48,8 @@ config ifstate
|
|||
option ifname 'radio0.network1'
|
||||
option bridge 'true'
|
||||
|
||||
config ifstate
|
||||
option interface 'DHCP'
|
||||
option ifname 'tap0 radio1.network1'
|
||||
option bridge 'true'
|
||||
|
||||
|
|
|
@ -20,5 +20,13 @@ config interface 'VPN360'
|
|||
option type 'bridge'
|
||||
option proto 'dhcp'
|
||||
option broadcast '1'
|
||||
option force_link '1'
|
||||
option ifname 'tap0'
|
||||
|
||||
config interface 'DHCP'
|
||||
option type 'bridge'
|
||||
option proto 'static'
|
||||
option ipaddr '192.168.36.1'
|
||||
option netmask '255.255.255.0'
|
||||
option ifname 'lo'
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
config openvpn 'vpn360'
|
||||
option enabled '1'
|
||||
option enabled '0'
|
||||
option config '/etc/openvpn/client.conf'
|
||||
|
||||
|
|
|
@ -1,56 +1,61 @@
|
|||
|
||||
config network
|
||||
option init network
|
||||
list affects dhcp
|
||||
list affects radvd
|
||||
option init 'network'
|
||||
list affects 'dhcp'
|
||||
list affects 'radvd'
|
||||
|
||||
config wireless
|
||||
list affects network
|
||||
list affects 'network'
|
||||
|
||||
config firewall
|
||||
option init firewall
|
||||
list affects luci-splash
|
||||
list affects qos
|
||||
list affects miniupnpd
|
||||
option init 'firewall'
|
||||
list affects 'luci-splash'
|
||||
list affects 'qos'
|
||||
list affects 'miniupnpd'
|
||||
|
||||
config olsr
|
||||
option init olsrd
|
||||
option init 'olsrd'
|
||||
|
||||
config dhcp
|
||||
option init dnsmasq
|
||||
list affects odhcpd
|
||||
option init 'dnsmasq'
|
||||
list affects 'odhcpd'
|
||||
|
||||
config odhcpd
|
||||
option init odhcpd
|
||||
option init 'odhcpd'
|
||||
|
||||
config dropbear
|
||||
option init dropbear
|
||||
option init 'dropbear'
|
||||
|
||||
config httpd
|
||||
option init httpd
|
||||
option init 'httpd'
|
||||
|
||||
config fstab
|
||||
option exec '/sbin/block mount'
|
||||
|
||||
config qos
|
||||
option init qos
|
||||
option init 'qos'
|
||||
|
||||
config system
|
||||
option init led
|
||||
option init 'led'
|
||||
option exec '/etc/init.d/log reload'
|
||||
list affects luci_statistics
|
||||
list affects dhcp
|
||||
list affects 'luci_statistics'
|
||||
list affects 'dhcp'
|
||||
|
||||
config luci_splash
|
||||
option init luci_splash
|
||||
option init 'luci_splash'
|
||||
|
||||
config upnpd
|
||||
option init miniupnpd
|
||||
option init 'miniupnpd'
|
||||
|
||||
config ntpclient
|
||||
option init ntpclient
|
||||
option init 'ntpclient'
|
||||
|
||||
config samba
|
||||
option init samba
|
||||
option init 'samba'
|
||||
|
||||
config tinyproxy
|
||||
option init tinyproxy
|
||||
option init 'tinyproxy'
|
||||
|
||||
config mwan3
|
||||
option init 'mwan3'
|
||||
|
||||
|
|
3
device-config/etc/config/unbound
Normal file
3
device-config/etc/config/unbound
Normal file
|
@ -0,0 +1,3 @@
|
|||
config unbound
|
||||
option enable '0'
|
||||
option manual_conf '1'
|
|
@ -18,11 +18,13 @@ config wifi-device 'radio1'
|
|||
option txpower '22'
|
||||
option country 'US'
|
||||
option legacy_rates '1'
|
||||
option enabled '1'
|
||||
option disabled '0'
|
||||
|
||||
config wifi-iface
|
||||
option device 'radio1'
|
||||
option mode 'ap'
|
||||
option encryption 'none'
|
||||
option network 'VPN360'
|
||||
option ssid '$SSID'
|
||||
option network 'VPN360'
|
||||
|
||||
|
|
|
@ -10,3 +10,4 @@ users:x:100:
|
|||
network:x:101:
|
||||
nogroup:x:65534:
|
||||
dnsmasq:x:453:dnsmasq
|
||||
unbound:x:553:unbound
|
||||
|
|
3
device-config/etc/hosts
Normal file
3
device-config/etc/hosts
Normal file
|
@ -0,0 +1,3 @@
|
|||
127.0.0.1 localhost
|
||||
10.8.0.1 private.vpn360
|
||||
5.9.48.18 public.vpn360
|
30
device-config/etc/lighttpd/lighttpd.conf
Normal file
30
device-config/etc/lighttpd/lighttpd.conf
Normal file
|
@ -0,0 +1,30 @@
|
|||
server.document-root = "/www"
|
||||
server.upload-dirs = ( "/tmp" )
|
||||
server.errorlog = "/var/log/lighttpd/error.log"
|
||||
server.pid-file = "/var/run/lighttpd.pid"
|
||||
server.username = "http"
|
||||
server.groupname = "www-data"
|
||||
|
||||
index-file.names = ( "index.php", "index.html",
|
||||
"index.htm", "default.htm",
|
||||
)
|
||||
|
||||
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
|
||||
|
||||
### Options that are useful but not always necessary:
|
||||
#server.chroot = "/"
|
||||
server.port = 81
|
||||
server.bind = "localhost"
|
||||
#server.tag = "lighttpd"
|
||||
#server.errorlog-use-syslog = "enable"
|
||||
#server.network-backend = "writev"
|
||||
|
||||
### Use IPv6 if available
|
||||
#include_shell "/usr/share/lighttpd/use-ipv6.pl"
|
||||
|
||||
#dir-listing.encoding = "utf-8"
|
||||
#server.dir-listing = "enable"
|
||||
|
||||
include "/etc/lighttpd/mime.conf"
|
||||
include "/etc/lighttpd/conf.d/*.conf"
|
||||
|
2
device-config/etc/opkg/keys/7d75c2e892e71b62
Normal file
2
device-config/etc/opkg/keys/7d75c2e892e71b62
Normal file
|
@ -0,0 +1,2 @@
|
|||
untrusted comment: Local build key
|
||||
RWR9dcLokucbYuJDzmnxQ756ZmeUiihRaO98lBJJapA0oW+ACCPgSLiS
|
|
@ -4,3 +4,5 @@ ftp:*:55:55:ftp:/home/ftp:/bin/false
|
|||
network:*:101:101:network:/var:/bin/false
|
||||
nobody:*:65534:65534:nobody:/var:/bin/false
|
||||
dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false
|
||||
unbound:x:553:553:unbound:/var/run/unbound:/bin/false
|
||||
http:x:65536:65536:http:/var/run/http:/bin/false
|
||||
|
|
|
@ -4,3 +4,5 @@ ftp:*:0:0:99999:7:::
|
|||
network:*:0:0:99999:7:::
|
||||
nobody:*:0:0:99999:7:::
|
||||
dnsmasq:x:0:0:99999:7:::
|
||||
unbound:x:0:0:99999:7:::
|
||||
http:x:0:0:99999:7:::
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
SECRET=
|
|
@ -28,8 +28,14 @@ def index(request):
|
|||
@csrf_exempt
|
||||
def heartbeat(request):
|
||||
device = get_object_or_404(Device, secret=request.POST.get("secret", ""))
|
||||
device.curip = request.POST.get("ip", "")
|
||||
device.lasttime = timezone.now()
|
||||
ip = request.POST.get("ip", "")
|
||||
if ip:
|
||||
device.lasttime = timezone.now()
|
||||
if device.curip:
|
||||
device.curip = ip or device.curip
|
||||
else:
|
||||
device.curip = ip
|
||||
|
||||
device.save()
|
||||
return HttpResponse("reboot" if device.reboot else "")
|
||||
|
||||
|
@ -124,7 +130,9 @@ def editdevice(request, device_id):
|
|||
return redirect("/")
|
||||
|
||||
def getconfig(request, device_id):
|
||||
BEFORE = os.getcwd()
|
||||
DEVICEDIR = "/opt/vpnmanager/device-config/"
|
||||
SRCDIR = "/opt/openwrt/"
|
||||
|
||||
if not request.user.is_superuser:
|
||||
return redirect("/")
|
||||
|
@ -162,6 +170,7 @@ def getconfig(request, device_id):
|
|||
with open(tempdir.name + "/etc/config/wireless", "w") as wireout:
|
||||
wireout.write(wirein.replace("$SSID", device.serial))
|
||||
|
||||
'''
|
||||
# Generate .tar.gz file
|
||||
|
||||
with tarfile.open(tempdir.name + ".tar.gz", "w:gz") as tar:
|
||||
|
@ -171,6 +180,36 @@ def getconfig(request, device_id):
|
|||
response = HttpResponse(download.read(), content_type="application/tar+gzip")
|
||||
response['Content-Disposition'] = 'inline; filename=' + os.path.basename(device.serial + ".tar.gz")
|
||||
return response
|
||||
'''
|
||||
|
||||
# Create compilation environment
|
||||
|
||||
os.system("rm -rf " + SRCDIR + "/files/")
|
||||
os.mkdir(SRCDIR + "/files/")
|
||||
os.system("cp -r " + tempdir.name + "/* " + SRCDIR + "/files/")
|
||||
|
||||
tempdir.cleanup()
|
||||
|
||||
os.system("rm " + SRCDIR + "/bin/targets/ar71xx/generic/*")
|
||||
|
||||
# Build image
|
||||
|
||||
os.chdir(SRCDIR)
|
||||
|
||||
try:
|
||||
output = subprocess.check_output(["make", "-j9"])
|
||||
except:
|
||||
os.chdir(BEFORE)
|
||||
return HttpResponse("Something went wrong building the image file.\n\n" + output)
|
||||
|
||||
os.chdir(BEFORE)
|
||||
|
||||
with open(glob.glob(SRCDIR + "/bin/targets/ar71xx/generic/*squashfs-sysupgrade.bin")[0], "rb") as download:
|
||||
response = HttpResponse(download.read(), content_type="application/octet-stream")
|
||||
response['Content-Disposition'] = 'inline; filename=' + os.path.basename(device.serial + ".bin")
|
||||
os.system("rm -rf " + SRCDIR + "/files/")
|
||||
os.system("rm " + SRCDIR + "/bin/targets/ar71xx/generic/*")
|
||||
return response
|
||||
|
||||
def rebootdevice(request, device_id):
|
||||
if request.user.is_authenticated:
|
||||
|
@ -236,6 +275,7 @@ def makedevice(request):
|
|||
device = Device.objects.create(
|
||||
serial=device_serial,
|
||||
name=device_name,
|
||||
network=Network.objects.filter(intip="No VPN")[0],
|
||||
organization=Organization.objects.filter(id=device_organization)[0],
|
||||
vpnconfig = open(CONFIGDIR + "/files/" + device_serial + ".ovpn").read()
|
||||
)
|
||||
|
|
Loading…
Reference in a new issue