##// END OF EJS Templates
Update 20-networking.sh
Bobberty -
r747:799449ecc283
parent child
Show More
@@ -1,186 +1,186
1 1 #
2 2 # Setup Networking
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup hostname
9 9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11 11
12 12 # Install and setup hosts
13 13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15 15
16 16 # Setup hostname entry with static IP
17 17 if [ "$NET_ETH_ADDRESS" != "" ] ; then
18 18 NET_IP=$(echo "${NET_ETH_ADDRESS}" | cut -f 1 -d'/')
19 19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 20 fi
21 21
22 22 # Remove IPv6 hosts
23 23 if [ "$ENABLE_IPV6" = false ] ; then
24 24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 25 fi
26 26
27 27 # Install hint about network configuration
28 28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29 29
30 30 # Install configuration for interface eth0
31 31 install_readonly files/network/eth0.network "${ETC_DIR}/systemd/network/eth0.network"
32 32
33 33 if [ "$RPI_MODEL" = 3P ] ; then
34 34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth0.network"
35 35 fi
36 36
37 37 # Install configuration for interface wl*
38 38 install_readonly files/network/wlan0.network "${ETC_DIR}/systemd/network/wlan0.network"
39 39
40 40 #always with dhcp since wpa_supplicant integration is missing
41 41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network"
42 42
43 43 if [ "$ENABLE_ETH_DHCP" = true ] ; then
44 44 # Enable DHCP configuration for interface eth0
45 45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth0.network"
46 46
47 47 # Set DHCP configuration to IPv4 only
48 48 if [ "$ENABLE_IPV6" = false ] ; then
49 49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth0.network"
50 50 sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/eth0.network"
51 51 fi
52 52
53 53 else # ENABLE_ETH_DHCP=false
54 54 # Set static network configuration for interface eth0
55 55 if [ -n NET_ETH_ADDRESS ] && [ -n NET_ETH_GATEWAY ] && [ -n NET_ETH_DNS_1 ] ; then
56 56 sed -i\
57 57 -e "s|DHCP=.*|DHCP=no|"\
58 58 -e "s|Address=\$|Address=${NET_ETH_ADDRESS}|"\
59 59 -e "s|Gateway=\$|Gateway=${NET_ETH_GATEWAY}|"\
60 60 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_1}|"\
61 61 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_2}|"\
62 62 -e "s|Domains=\$|Domains=${NET_ETH_DNS_DOMAINS}|"\
63 63 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_1}|"\
64 64 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_2}|"\
65 65 "${ETC_DIR}/systemd/network/eth0.network"
66 66 fi
67 67 fi
68 68
69 69
70 70 if [ "$ENABLE_WIRELESS" = true ] ; then
71 71 if [ "$ENABLE_WIFI_DHCP" = true ] ; then
72 72 # Enable DHCP configuration for interface eth0
73 73 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network"
74 74
75 75 # Set DHCP configuration to IPv4 only
76 76 if [ "$ENABLE_IPV6" = false ] ; then
77 77 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/wlan0.network"
78 78 sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/wlan0.network"
79 79 fi
80 80
81 81 else # ENABLE_WIFI_DHCP=false
82 82 # Set static network configuration for interface eth0
83 83 if [ -n NET_WIFI_ADDRESS ] && [ -n NET_WIFI_GATEWAY ] && [ -n NET_WIFI_DNS_1 ] ; then
84 84 sed -i\
85 85 -e "s|DHCP=.*|DHCP=no|"\
86 86 -e "s|Address=\$|Address=${NET_WIFI_ADDRESS}|"\
87 87 -e "s|Gateway=\$|Gateway=${NET_WIFI_GATEWAY}|"\
88 88 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_1}|"\
89 89 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_2}|"\
90 90 -e "s|Domains=\$|Domains=${NET_WIFI_DNS_DOMAINS}|"\
91 91 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_1}|"\
92 92 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_2}|"\
93 93 "${ETC_DIR}/systemd/network/wlan0.network"
94 94 fi
95 95 fi
96 96
97 if [ -z "$NET_WIFI_SSID" ] && [ -z "$NET_WIFI_PSK" ] ; then
98 printf "
97 if [ ! -z "$NET_WIFI_SSID" ] && [ ! -z "$NET_WIFI_PSK" ] ; then
98 chroot_exec printf "
99 99 ctrl_interface=/run/wpa_supplicant
100 100 ctrl_interface_group=wheel
101 101 update_config=1
102 102 eapol_version=1
103 103 ap_scan=1
104 104 fast_reauth=1
105 105
106 106 " > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
107 107
108 108 #Configure WPA_supplicant
109 109 chroot_exec wpa_passphrase "$NET_SSID" "$NET_WPAPSK" >> /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
110 110
111 111 chroot_exec systemctl enable wpa_supplicant.service
112 112 chroot_exec systemctl enable wpa_supplicant@wlan0.service
113 113 fi
114 114 # Remove empty settings from wlan configuration
115 115 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan0.network"
116 116 # If WLAN is enabled copy wlan configuration too
117 117 mv -v "${ETC_DIR}/systemd/network/wlan0.network" "${LIB_DIR}/systemd/network/11-wlan0.network"
118 118 fi
119 119
120 120 # Remove empty settings from network configuration
121 121 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth0.network"
122 122
123 123 # Move systemd network configuration if required by Debian release
124 124 mv -v "${ETC_DIR}/systemd/network/eth0.network" "${LIB_DIR}/systemd/network/10-eth0.network"
125 125
126 126 #Clean up
127 127 rm -fr "${ETC_DIR}/systemd/network"
128 128
129 129 # Enable systemd-networkd service
130 130 chroot_exec systemctl enable systemd-networkd
131 131
132 132 # Install host.conf resolver configuration
133 133 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
134 134
135 135 # Enable network stack hardening
136 136 if [ "$ENABLE_HARDNET" = true ] ; then
137 137 # Install sysctl.d configuration files
138 138 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
139 139
140 140 # Setup resolver warnings about spoofed addresses
141 141 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
142 142 fi
143 143
144 144 # Enable time sync
145 145 if [ "$NET_NTP_1" != "" ] ; then
146 146 chroot_exec systemctl enable systemd-timesyncd.service
147 147 fi
148 148
149 149 # Download the firmware binary blob required to use the RPi3 wireless interface
150 150 if [ "$ENABLE_WIRELESS" = true ] ; then
151 151 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
152 152 mkdir -p "${WLAN_FIRMWARE_DIR}"
153 153 fi
154 154
155 155 # Create temporary directory for firmware binary blob
156 156 temp_dir=$(as_nobody mktemp -d)
157 157
158 158 # Fetch firmware binary blob for RPI3B+
159 159 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
160 160 # Fetch firmware binary blob for RPi3P
161 161 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
162 162 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
163 163 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
164 164
165 165 # Move downloaded firmware binary blob
166 166 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
167 167
168 168 # Set permissions of the firmware binary blob
169 169 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
170 170 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
171 171 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
172 172 # Fetch firmware binary blob for RPi3
173 173 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
174 174 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
175 175
176 176 # Move downloaded firmware binary blob
177 177 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
178 178
179 179 # Set permissions of the firmware binary blob
180 180 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
181 181 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
182 182 fi
183 183
184 184 # Remove temporary directory for firmware binary blob
185 185 rm -fr "${temp_dir}"
186 186 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant