@@ -1,132 +1,136 | |||||
1 | # |
|
1 | # | |
2 | # Setup Networking |
|
2 | # Setup Networking | |
3 | # |
|
3 | # | |
4 |
|
4 | |||
5 | # Load utility functions |
|
5 | # Load utility functions | |
6 | . ./functions.sh |
|
6 | . ./functions.sh | |
7 |
|
7 | |||
8 | # Install and setup hostname |
|
8 | # Install and setup hostname | |
9 | install_readonly files/network/hostname "${ETC_DIR}/hostname" |
|
9 | install_readonly files/network/hostname "${ETC_DIR}/hostname" | |
10 | sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname" |
|
10 | sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname" | |
11 |
|
11 | |||
12 | # Install and setup hosts |
|
12 | # Install and setup hosts | |
13 | install_readonly files/network/hosts "${ETC_DIR}/hosts" |
|
13 | install_readonly files/network/hosts "${ETC_DIR}/hosts" | |
14 | sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts" |
|
14 | sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts" | |
15 |
|
15 | |||
16 | # Setup hostname entry with static IP |
|
16 | # Setup hostname entry with static IP | |
17 | if [ "$NET_ADDRESS" != "" ] ; then |
|
17 | if [ "$NET_ADDRESS" != "" ] ; then | |
18 | NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/') |
|
18 | NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/') | |
19 | sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts" |
|
19 | sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts" | |
20 | fi |
|
20 | fi | |
21 |
|
21 | |||
22 | # Remove IPv6 hosts |
|
22 | # Remove IPv6 hosts | |
23 | if [ "$ENABLE_IPV6" = false ] ; then |
|
23 | if [ "$ENABLE_IPV6" = false ] ; then | |
24 | sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts" |
|
24 | sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts" | |
25 | fi |
|
25 | fi | |
26 |
|
26 | |||
27 | # Install hint about network configuration |
|
27 | # Install hint about network configuration | |
28 | install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces" |
|
28 | install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces" | |
29 |
|
29 | |||
30 | # Install configuration for interface eth0 |
|
30 | # Install configuration for interface eth0 | |
31 | install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network" |
|
31 | install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network" | |
32 |
|
32 | |||
|
33 | if [ "$RPI_MODEL" = 3P ] ; then | |||
|
34 | printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network" | |||
|
35 | fi | |||
|
36 | ||||
33 | # Install configuration for interface wl* |
|
37 | # Install configuration for interface wl* | |
34 | install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network" |
|
38 | install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network" | |
35 |
|
39 | |||
36 | #always with dhcp since wpa_supplicant integration is missing |
|
40 | #always with dhcp since wpa_supplicant integration is missing | |
37 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network" |
|
41 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network" | |
38 |
|
42 | |||
39 | if [ "$ENABLE_DHCP" = true ] ; then |
|
43 | if [ "$ENABLE_DHCP" = true ] ; then | |
40 | # Enable DHCP configuration for interface eth0 |
|
44 | # Enable DHCP configuration for interface eth0 | |
41 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network" |
|
45 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network" | |
42 |
|
46 | |||
43 | # Set DHCP configuration to IPv4 only |
|
47 | # Set DHCP configuration to IPv4 only | |
44 | if [ "$ENABLE_IPV6" = false ] ; then |
|
48 | if [ "$ENABLE_IPV6" = false ] ; then | |
45 | sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network" |
|
49 | sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network" | |
46 | fi |
|
50 | fi | |
47 |
|
51 | |||
48 | else # ENABLE_DHCP=false |
|
52 | else # ENABLE_DHCP=false | |
49 | # Set static network configuration for interface eth0 |
|
53 | # Set static network configuration for interface eth0 | |
50 | sed -i\ |
|
54 | sed -i\ | |
51 | -e "s|DHCP=.*|DHCP=no|"\ |
|
55 | -e "s|DHCP=.*|DHCP=no|"\ | |
52 | -e "s|Address=\$|Address=${NET_ADDRESS}|"\ |
|
56 | -e "s|Address=\$|Address=${NET_ADDRESS}|"\ | |
53 | -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\ |
|
57 | -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\ | |
54 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\ |
|
58 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\ | |
55 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\ |
|
59 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\ | |
56 | -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\ |
|
60 | -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\ | |
57 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ |
|
61 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ | |
58 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ |
|
62 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ | |
59 | "${ETC_DIR}/systemd/network/eth.network" |
|
63 | "${ETC_DIR}/systemd/network/eth.network" | |
60 | fi |
|
64 | fi | |
61 |
|
65 | |||
62 | # Remove empty settings from network configuration |
|
66 | # Remove empty settings from network configuration | |
63 | sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network" |
|
67 | sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network" | |
64 | # Remove empty settings from wlan configuration |
|
68 | # Remove empty settings from wlan configuration | |
65 | sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network" |
|
69 | sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network" | |
66 |
|
70 | |||
67 | # Move systemd network configuration if required by Debian release |
|
71 | # Move systemd network configuration if required by Debian release | |
68 | mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network" |
|
72 | mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network" | |
69 | # If WLAN is enabled copy wlan configuration too |
|
73 | # If WLAN is enabled copy wlan configuration too | |
70 | if [ "$ENABLE_WIRELESS" = true ] ; then |
|
74 | if [ "$ENABLE_WIRELESS" = true ] ; then | |
71 | mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network" |
|
75 | mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network" | |
72 | fi |
|
76 | fi | |
73 | rm -fr "${ETC_DIR}/systemd/network" |
|
77 | rm -fr "${ETC_DIR}/systemd/network" | |
74 |
|
78 | |||
75 | # Enable systemd-networkd service |
|
79 | # Enable systemd-networkd service | |
76 | chroot_exec systemctl enable systemd-networkd |
|
80 | chroot_exec systemctl enable systemd-networkd | |
77 |
|
81 | |||
78 | # Install host.conf resolver configuration |
|
82 | # Install host.conf resolver configuration | |
79 | install_readonly files/network/host.conf "${ETC_DIR}/host.conf" |
|
83 | install_readonly files/network/host.conf "${ETC_DIR}/host.conf" | |
80 |
|
84 | |||
81 | # Enable network stack hardening |
|
85 | # Enable network stack hardening | |
82 | if [ "$ENABLE_HARDNET" = true ] ; then |
|
86 | if [ "$ENABLE_HARDNET" = true ] ; then | |
83 | # Install sysctl.d configuration files |
|
87 | # Install sysctl.d configuration files | |
84 | install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf" |
|
88 | install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf" | |
85 |
|
89 | |||
86 | # Setup resolver warnings about spoofed addresses |
|
90 | # Setup resolver warnings about spoofed addresses | |
87 | sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf" |
|
91 | sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf" | |
88 | fi |
|
92 | fi | |
89 |
|
93 | |||
90 | # Enable time sync |
|
94 | # Enable time sync | |
91 | if [ "$NET_NTP_1" != "" ] ; then |
|
95 | if [ "$NET_NTP_1" != "" ] ; then | |
92 | chroot_exec systemctl enable systemd-timesyncd.service |
|
96 | chroot_exec systemctl enable systemd-timesyncd.service | |
93 | fi |
|
97 | fi | |
94 |
|
98 | |||
95 | # Download the firmware binary blob required to use the RPi3 wireless interface |
|
99 | # Download the firmware binary blob required to use the RPi3 wireless interface | |
96 | if [ "$ENABLE_WIRELESS" = true ] ; then |
|
100 | if [ "$ENABLE_WIRELESS" = true ] ; then | |
97 | if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then |
|
101 | if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then | |
98 | mkdir -p "${WLAN_FIRMWARE_DIR}" |
|
102 | mkdir -p "${WLAN_FIRMWARE_DIR}" | |
99 | fi |
|
103 | fi | |
100 |
|
104 | |||
101 | # Create temporary directory for firmware binary blob |
|
105 | # Create temporary directory for firmware binary blob | |
102 | temp_dir=$(as_nobody mktemp -d) |
|
106 | temp_dir=$(as_nobody mktemp -d) | |
103 |
|
107 | |||
104 | # Fetch firmware binary blob for RPI3B+ |
|
108 | # Fetch firmware binary blob for RPI3B+ | |
105 | if [ "$RPI_MODEL" = 3P ] ; then |
|
109 | if [ "$RPI_MODEL" = 3P ] ; then | |
106 | # Fetch firmware binary blob for RPi3P |
|
110 | # Fetch firmware binary blob for RPi3P | |
107 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin" |
|
111 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin" | |
108 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt" |
|
112 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt" | |
109 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob" |
|
113 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob" | |
110 |
|
114 | |||
111 | # Move downloaded firmware binary blob |
|
115 | # Move downloaded firmware binary blob | |
112 | mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/" |
|
116 | mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/" | |
113 |
|
117 | |||
114 | # Set permissions of the firmware binary blob |
|
118 | # Set permissions of the firmware binary blob | |
115 | chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* |
|
119 | chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* | |
116 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* |
|
120 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* | |
117 | elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then |
|
121 | elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then | |
118 | # Fetch firmware binary blob for RPi3 |
|
122 | # Fetch firmware binary blob for RPi3 | |
119 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin" |
|
123 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin" | |
120 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt" |
|
124 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt" | |
121 |
|
125 | |||
122 | # Move downloaded firmware binary blob |
|
126 | # Move downloaded firmware binary blob | |
123 | mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/" |
|
127 | mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/" | |
124 |
|
128 | |||
125 | # Set permissions of the firmware binary blob |
|
129 | # Set permissions of the firmware binary blob | |
126 | chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."* |
|
130 | chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."* | |
127 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."* |
|
131 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."* | |
128 | fi |
|
132 | fi | |
129 |
|
133 | |||
130 | # Remove temporary directory for firmware binary blob |
|
134 | # Remove temporary directory for firmware binary blob | |
131 | rm -fr "${temp_dir}" |
|
135 | rm -fr "${temp_dir}" | |
132 | fi |
|
136 | fi |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant