diff --git a/ISOconfig.sh b/ISOconfig.sh index 52e20e002..f47f4b922 100755 --- a/ISOconfig.sh +++ b/ISOconfig.sh @@ -1,12 +1,12 @@ #!/bin/bash ######################################################################## # Author: Fred (support@qo-op.com) -# Version: 2020.12.05 +# Version: 0.2 # License: AGPL-3.0 (https://choosealicense.com/licenses/agpl-3.0/) ######################################################################## # AUTOMATIC version of interactive 1stRUNconfig.sh # This script can run from ~/.config/autostart/Astroport_X_config.desktop -# IMPORTANT!!! ipfs MUST BE ALREADY RUNNING (.install/ipfs_alone.sh) +# IMPORTANT!!! ipfs MUST BE ALREADY RUNNING ######################################################################## # Create secret key files # ~/.zen/secret.june @@ -18,10 +18,13 @@ [ $(id -u) -eq 0 ] && echo "RUN as root FORBIDDEN. Please run with user: $YOU" && exit 1 rm -f /tmp/A_booting_log.txt -ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null && echo ok || (echo "NO INTERNET CONNEXION" && exit 1) +ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null && echo ok || (echo "NO GATEWAY CONNEXION" && exit 1) + +# UPDATE astrXbian code [[ -d ~/.zen/astrXbian ]] && cd ~/.zen/astrXbian && git pull || exit 1 -# CHECK IF CONFIG ALREADY DONE !! Remove ~/.zen/ipfs ~/.zen/secret ~/.zen/ipfs.sync +# CHECK IF CONFIG ALREADY DONE !! +# ~/.zen/ipfs ~/.zen/secret ~/.zen/ipfs.sync if [[ -f ~/.zen/ipfs.sync ]]; then echo "CONFIG ALREADY DONE.... logging init in /tmp/A_booting_log.txt" source ~/.zen/ipfs.sync @@ -33,7 +36,6 @@ if [[ -f ~/.zen/ipfs.sync ]]; then ~/.zen/astrXbian/zen/gchange_IPFS_swarm.sh >> /tmp/A_booting_log.txt sleep 10 ~/.zen/astrXbian/zen/ipfs_SWARM_refresh.sh >> /tmp/A_booting_log.txt - exit 0 fi @@ -49,16 +51,15 @@ pepper="$(~/.zen/astrXbian/zen/tools/diceware.sh 3 | xargs)" g1_salt="$salt" g1_pepper="$pepper" -echo "CREATING /tmp/secret.june" +echo "FILLING /tmp/secret.june with ($g1_salt) ($g1_pepper)" echo "$g1_salt" > /tmp/secret.june echo "$g1_pepper" >> /tmp/secret.june ######################################################################## ######################################################################## -echo "CREATING /tmp/secret.dunikey" +echo "CREATING /tmp/secret.dunikey (https://cesium.app WALLET)" ######################################################################## python3 ~/.zen/astrXbian/zen/tools/key_create_dunikey.py "$g1_salt" "$g1_pepper" - g1pub=$(cat /tmp/secret.dunikey | grep "pub" | cut -d ' ' -f 2) g1sec=$(cat /tmp/secret.dunikey | grep "sec" | cut -d ' ' -f 2) @@ -73,16 +74,18 @@ jq -r --arg PeerID "$PeerID" '.Identity.PeerID=$PeerID' ~/.ipfs/config > /tmp/co jq -r --arg PrivKEY "$PrivKEY" '.Identity.PrivKey=$PrivKEY' /tmp/config.tmp > /tmp/config.ipfs rm /tmp/config.tmp -# +# IPFSNODEID IPFSNODEID=$PeerID -echo $IPFSNODEID +echo "IPFSNODEID=$IPFSNODEID" ## Declare directory transfered in IPFS IPFS_sync_directory="$HOME/astroport" +mkdir -p $IPFS_sync_directory ######################################################################## # INSTALL KEYS ######################################################################## +echo "INSTALL crypto identity in ~/.zen" timestamp=$(date -u +%s%N | cut -b1-13) [[ -f ~/.zen/secret.june ]] && mv ~/.zen/secret.june ~/.zen/secret.june.old.$timestamp mv /tmp/secret.june ~/.zen/secret.june @@ -98,7 +101,7 @@ mv /tmp/config.ipfs ~/.ipfs/config ######################################################################## -echo "INIT ~/.zen/ipfs/.${IPFSNODEID}" +echo "INIT ~/.zen/ipfs/.${IPFSNODEID} INDEX" ######################################################################## rm -Rf ~/.zen/ipfs mkdir -p ~/.zen/ipfs/.${IPFSNODEID}/G1SSB @@ -107,51 +110,52 @@ mkdir -p ~/.zen/ipfs/.${IPFSNODEID}/G1SSB # IPNS link to "pastebin list" http://localhost:8181/ipns/$IPNSKEY/xbian/$XZUID ######################################################################## XZUID=$(~/.zen/astrXbian/zen/tools/diceware.sh 1 | xargs)${RANDOM:0:2}$(~/.zen/astrXbian/zen/tools/diceware.sh 1 | xargs) -echo "NODE C+ NAME = $XZUID" +echo "SETTING GCHANGE+ PROFILE NAME = $XZUID" mkdir -p ~/.zen/ipfs/xbian echo "$XZUID" > ~/.zen/ipfs/.${IPFSNODEID}/_xbian.zuid ######################################################################## ######################################################################## -echo "CREATE + profile" +echo "CREATING GCHANGE+/CESIUM+ PROFILE" ######################################################################## -~/.zen/astrXbian/zen/jaklis/jaklis.py -n "https://g1.data.e-is.pro" set --name "$XZUID" --avatar "/home/$USER/.zen/astrXbian/logo.png" #CESIUM+ ~/.zen/astrXbian/zen/jaklis/jaklis.py -n "https://data.gchange.fr" set --name "$XZUID" --avatar "/home/$USER/.zen/astrXbian/logo.png" #GCHANGE+ +~/.zen/astrXbian/zen/jaklis/jaklis.py -n "https://g1.data.e-is.pro" set --name "$XZUID" --avatar "/home/$USER/.zen/astrXbian/logo.png" #CESIUM+ ### REVERT # ~/.zen/astrXbian/zen/jaklis/jaklis.py -n "https://g1.data.e-is.pro" erase # ~/.zen/astrXbian/zen/jaklis/jaklis.py -n "https://data.gchange.fr" erase ######################################################################## ######################################################################## -echo "BECOME FRIEND with A_boostrap_nodes.txt (1st bootstrap)" +echo "BECOME FRIEND with A_boostrap_nodes.txt" ######################################################################## for g1node in $(cat ~/.zen/astrXbian/A_boostrap_nodes.txt | grep -Ev "#") # remove comments do if [[ $g1node != "" ]]; then - echo "LIKING my BOOTSTRAP node : $g1node" + echo "LINKING TO BOOTSTRAP NODE : $g1node" ~/.zen/astrXbian/zen/jaklis/jaklis.py -n "https://g1.data.e-is.pro" like -p $g1node -s 5 ~/.zen/astrXbian/zen/jaklis/jaklis.py -n "https://data.gchange.fr" like -p $g1node -s 5 + ### REVERT + # ~/.zen/astrXbian/zen/jaklis/jaklis.py -n "https://g1.data.e-is.pro" unlike -p 2jQUH4HfHxdTesjCjvMCx1VJgA5AnpuvrWRq1swfRdsS + # ~/.zen/astrXbian/zen/jaklis/jaklis.py -n "https://data.gchange.fr" unlike -p 2jQUH4HfHxdTesjCjvMCx1VJgA5AnpuvrWRq1swfRdsS fi done -### REVERT -# ~/.zen/astrXbian/zen/jaklis/jaklis.py -n "https://g1.data.e-is.pro" unlike -p 2jQUH4HfHxdTesjCjvMCx1VJgA5AnpuvrWRq1swfRdsS -# ~/.zen/astrXbian/zen/jaklis/jaklis.py -n "https://data.gchange.fr" unlike -p 2jQUH4HfHxdTesjCjvMCx1VJgA5AnpuvrWRq1swfRdsS ######################################################################## -echo "RESTART ipfs" +echo "RESTARTING ipfs" ######################################################################## sudo service ipfs restart echo ".... WAIT for SWARM to connect ..." sleep 10 +echo ".... ACTUAL SWARM PEERS ..." ipfs swarm peers ######################################################################## -echo 'EXTEND ~/.bashrc' +echo 'UPDATING ~/.bashrc' ######################################################################## ~/.zen/astrXbian/.install/update_bashrc.sh "$XZUID" -echo "COPY .kodi template " +echo "UPGRADING ~/.kodi" cp -Rf ~/.zen/astrXbian/.install/.kodi ~/ # cp -f ~/.zen/astrXbian/.install/.kodi/addons/plugin.video.vstream/resources/sites/astroport.py \ ~/.kodi/addons/plugin.video.vstream/resources/sites/astroport.py @@ -169,21 +173,14 @@ sed -i "s/_IPFSNODEID_/$IPFSNODEID/g" ~/.kodi/addons/plugin.video.vstream/resour #BACKUP source... to restore after Vstream upgrade cp -f ~/.kodi/addons/plugin.video.vstream/resources/sites/astroport.py ~/.zen/ -~/.zen/astrXbian/zen/gchange_IPFS_swarm.sh -~/.zen/astrXbian/zen/ipfs_SWARM_refresh.sh - ######################################################################## -echo 'SEND "ipfstryme" message' +echo 'Sending "ipfstryme" message' ######################################################################## -echo "" > ~/.zen/ipfs/.${IPFSNODEID}/tryme.addr # ERASE -for tryme in $(ipfs id | jq -r .Addresses[]); -do - isLAN=$(echo $tryme | cut -f3 -d '/' | grep -E "(^127\.)|(^192\.168\.)|(^fd42\:)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])/") - [[ ! $isLAN && $tryme != "" ]] && echo "$tryme" >> ~/.zen/ipfs/.${IPFSNODEID}/tryme.addr && echo "$tryme" -done ~/.zen/astrXbian/zen/tools/add_externIP_to_ipfstryme.sh -echo 'SEND ipfstryme to A_boostrap_nodes.txt listed PUBs' # Add your bootstrap Pub here +######################################################################## +echo 'Sending \"ipfstryme\" message to BOOTSTRAP nodes' # Add bootstrap in A_boostrap_nodes.txt +######################################################################## for g1node in $(cat ~/.zen/astrXbian/A_boostrap_nodes.txt | grep -Ev "#") # remove comments do if [[ $g1node != "" ]]; then @@ -194,21 +191,26 @@ fi done ######################################################################## -echo 'INSTALL Astroport cron_MINUTE' +echo "Synchronize GCHANGE+ with IPFS SWARM" +######################################################################## +~/.zen/astrXbian/zen/gchange_IPFS_swarm.sh +~/.zen/astrXbian/zen/ipfs_SWARM_refresh.sh + +######################################################################## +echo 'Installing Astroport cron_MINUTE' ######################################################################## ~/.zen/astrXbian/zen/cron_VRFY.sh -# Run only once: comment /etc/rc.local (su - xbian -c "~/.zen/astrXbian/ISOconfig.sh") -# sudo sed -i s/su/\#su/g /etc/rc.local -# BETTER NOT: Send new 'ipfstryme' message on each boot is done instead - -#echo "CHANGE hostname" +######################################################################## +#echo "CHANGE hostname" +######################################################################## #myname=$(hostname) #sudo sed -i "s/$myname/$XZUID/g" /etc/hostname #sudo sed -i "s/$myname/$XZUID/g" /etc/hosts -#### KEEP xbian hostname -echo "CHANGE DNS" # Avoid provider restrictions +######################################################################## +echo "Changing your DNS with https://FFDN.org and https://opennic.org" # Avoid provider restrictions +######################################################################## sudo chattr -i /etc/resolv.conf sudo cat > /tmp/resolv.conf < ~/.zen/ipfs.sync # RESIZING / partition # sudo btrfs filesystem resize max / -# DHT PUBSUB mode + +######################################################################## +echo "Activating ipfs DHT optimisations" +######################################################################## +# DHT gossip PUBSUB mode ipfs config Pubsub.Router gossipsub # MAXSTORAGE = 1/2 available availableDiskSize=$(df -P ~/ | awk 'NR>1{sum+=$4}END{print sum}') diskSize="$((availableDiskSize / 2))" ipfs config Datastore.StorageMax $diskSize -## Activate Rapid "ipfs p2p" +# Activate Rapid "ipfs p2p" ipfs config --json Experimental.Libp2pStreamMounting true ipfs config --json Experimental.P2pHttpProxy true -######### MAKE DEFAULT BOOTSTRAP TO oasis.astroport.com 2jQUH4HfHxdTesjCjvMCx1VJgA5AnpuvrWRq1swfRdsS ########### +# MAKE DEFAULT BOOTSTRAP TO oasis.astroport.com (2jQUH4HfHxdTesjCjvMCx1VJgA5AnpuvrWRq1swfRdsS) ########### ipfs bootstrap rm --all ipfs bootstrap add /dnsaddr/oasis.astroport.com/tcp/4001/ipfs/12D3KooWBYme2BsNUrtx4mEdNX6Yioa9AV7opWzQp6nrPs6ZKabN ipfs bootstrap add /ip4/51.15.166.54/tcp/4001/p2p/12D3KooWBYme2BsNUrtx4mEdNX6Yioa9AV7opWzQp6nrPs6ZKabN ipfs bootstrap add /ip4/51.15.166.54/udp/4001/quic/p2p/12D3KooWBYme2BsNUrtx4mEdNX6Yioa9AV7opWzQp6nrPs6ZKabN ipfs bootstrap add /ip6/fe80::208:a2ff:fe0c:20d8/tcp/4001/p2p/12D3KooWBYme2BsNUrtx4mEdNX6Yioa9AV7opWzQp6nrPs6ZKabN -########################################### -# TODO: ADD some other bootstrap NODES -########################################### + # AVOID CONFLICT WITH KODI REMOTE ipfs config Addresses.Gateway "/ip4/127.0.0.1/tcp/8181" # RESTRICT $USER NOPASSWD sudo to fail2ban-client ONLY -sudo cp /etc/sudoers /etc/sudoers.bak -sudo head -n -1 /etc/sudoers > /tmp/sudoers # REMOVE LINE install.sh ADDED before -sudo echo "$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client" >> /tmp/sudoers -sudo chown root:root /tmp/sudoers -sudo mv /tmp/sudoers /etc/sudoers +#sudo cp /etc/sudoers /etc/sudoers.bak +#sudo head -n -1 /etc/sudoers > /tmp/sudoers # REMOVE LINE install.sh ADDED before +#sudo echo "$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client" >> /tmp/sudoers +#sudo chown root:root /tmp/sudoers +#sudo mv /tmp/sudoers /etc/sudoers ######################################################################## -echo 'REBOOT NOW...' +# echo 'ONLY XBIAN REBOOT NOW...' ######################################################################## -sudo reboot +[[ "$USER" == "xbian" ]] && sudo reboot exit 0 diff --git a/install.sh b/install.sh index 929769a77..d57608f06 100755 --- a/install.sh +++ b/install.sh @@ -1,45 +1,53 @@ #!/bin/bash +######################################################################## +# Version: 0.2 +# License: AGPL-3.0 (https://choosealicense.com/licenses/agpl-3.0/) +######################################################################## { -[ $(id -u) -eq 0 ] && echo "RUN as root FORBIDDEN. Please run with regular user from sudo group." && exit 1 -# Check requirements -echo "AstrXbian installer, for https://xbian.org" -## ONLY FOR xbian -[[ "$USER" != "xbian" ]] && exit 1 -sudo apt-get update -sudo apt-get install git fail2ban inotify-tools curl net-tools libsodium23 libsodium-dev python3-dev python3-pip python3-setuptools python3-wheel mpack libssl-dev libffi-dev -y -sudo apt-get install build-essential qrencode jq bc gawk ffmpeg sqlite dnsutils -y -pip3 install cryptography Ed25519 base58 google protobuf +[ $(id -u) -eq 0 ] && echo "LANCEMENT root INTERDIT. Utilisez un simple utilisateur du groupe \"sudo\" SVP" && exit 1 +[[ ! $(which kodi) ]] && echo "Installez KODI svp (https://kodi.tv/) puis relancez l'installation" && exit 1 -# git clone astrXbian +# Check requirements +echo "AstrXbian installateur pour https://xbian.org et autres ditributions basées sur DEBIAN" +sudo apt-get update +sudo apt-get install git fail2ban inotify-tools curl net-tools libsodium* python3-dev python3-pip python3-setuptools python3-wheel mpack libssl-dev libffi-dev -y +sudo apt-get install build-essential qrencode jq bc gawk ffmpeg sqlite dnsutils -y +[[ ! $(which apache2)]] && sudo apt-get install mariadb-server nginx ssl-cert php-imap php-cli php-curl php-sqlite3 php-gd php-json php-xml php-mbstring php-gettext php-mysql php-fpm -y +pip3 install cryptography Ed25519 base58 google protobuf duniterpy + +######################################################################## +echo "Clonage git astrXbian depuis https://git.p2p.legal" mkdir -p ~/.zen cd ~/.zen git clone https://git.p2p.legal/axiom-team/astrXbian.git + ######################################################################## -echo "Install .kodi default config" +echo "Configuration ASTROPORT de ~/.kodi" cp -Rf ~/.zen/astrXbian/.install/.kodi ~/ + ######################################################################## -echo "Install IPFS Swarm Layer" -~/.zen/astrXbian/.install/ipfs_alone.sh || exit 1 +echo "Installation de IPFS https://ipfs.io" +~/.zen/astrXbian/.install/ipfs_alone.sh + ######################################################################## -echo "Setup jaklis CG+ communication tool" +echo "Configuration des communications avec GCHANGE+" cd ~/.zen/astrXbian/zen/jaklis ./setup.sh -## XBIAN fail2ban ERROR correction ## -[[ "$USER" == "xbian" ]] && sudo sed -i "s/auth.log/faillog/g" /etc/fail2ban/paths-common.conf || echo "NOT XBIAN $USER" -#[....] Starting authentication failure monitor: fail2ban No file(s) found for glob /var/log/auth.log -# Failed during configuration: Have not found any log file for sshd jail failed! -### FOR fail2ban-client + ISOConfig.sh use ADD TO /etc/sudoers ### -sudo echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers -# Under DEFCON level 5, Node activates fail2ban (zen/ipfs_SWARM_refresh.sh) - ######################################################################## -echo "Setup AstrXbian" -~/.zen/astrXbian/ISOconfig.sh +echo "Sécurisation DEFCON SUDOERS FAIL2BAN" +## XBIAN fail2ban ERROR correction ## +#[....] Starting authentication failure monitor: fail2ban No file(s) found for glob /var/log/auth.log +[[ "$USER" == "xbian" ]] && sudo sed -i "s/auth.log/faillog/g" /etc/fail2ban/paths-common.conf + +### MODIFIYING /etc/sudoers ### +# DEFCON LEVEL < 5 +sudo echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers +# NODE activates fail2ban IN zen/ipfs_SWARM_refresh.sh if [[ "$USER" == "xbian" ]] then - echo "enable ipfs initV service autostart" + echo "enabling ipfs initV service autostart" cd /etc/rc2.d && sudo ln -s ../init.d/ipfs S02ipfs cd /etc/rc3.d && sudo ln -s ../init.d/ipfs S02ipfs cd /etc/rc4.d && sudo ln -s ../init.d/ipfs S02ipfs @@ -50,14 +58,35 @@ then cd /etc/rc6.d && sudo ln -s ../init.d/ipfs K01ipfs fi +######################################################################## +echo "Configuration ASTROPORT/KODI" +~/.zen/astrXbian/ISOconfig.sh + + +echo "Redémarrage des services..." sudo service ipfs restart sudo service fail2ban restart echo "Installation complete !! +============================= +BIENVENUE DANS ASTROPORT/KODI +============================= -BIENVENUE DANS ASTROPORT -Utiliser +Connectez-vous sur https://gchange.fr avec vos identifiants +$(cat ~/.zen/secret.june) + +Retrouvez-y vos amis, et échangez des étoiles avec eux. + +Ajoutez vos vidéos avec ~/zen/astrXbian/ajouter_video.sh + +________________________________________________________________________ +Ajustez votre niveau de sécurité? DEFCON LEVEL $(cat ~/.zen/astrXbian/DEFCON) +\"$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client\" dans /etc/sudoers +~/.zen/astrXbian/DEFCON + +Participez à rendre le monde plus LIBRE, P2P et LEGAL +Retrouvez-nous sur https://copylaradio.com + +Redemarrez l'ordinateur: sudo reboot " } - -