@@ -1,186 +1,186 | |||
|
1 | 1 | # |
|
2 | 2 | # Setup Networking |
|
3 | 3 | # |
|
4 | 4 | |
|
5 | 5 | # Load utility functions |
|
6 | 6 | . ./functions.sh |
|
7 | 7 | |
|
8 | 8 | # Install and setup hostname |
|
9 | 9 | install_readonly files/network/hostname "${ETC_DIR}/hostname" |
|
10 | 10 | sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname" |
|
11 | 11 | |
|
12 | 12 | # Install and setup hosts |
|
13 | 13 | install_readonly files/network/hosts "${ETC_DIR}/hosts" |
|
14 | 14 | sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts" |
|
15 | 15 | |
|
16 | 16 | # Setup hostname entry with static IP |
|
17 | 17 | if [ "$NET_ETH_ADDRESS" != "" ] ; then |
|
18 | 18 | NET_IP=$(echo "${NET_ETH_ADDRESS}" | cut -f 1 -d'/') |
|
19 | 19 | sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts" |
|
20 | 20 | fi |
|
21 | 21 | |
|
22 | 22 | # Remove IPv6 hosts |
|
23 | 23 | if [ "$ENABLE_IPV6" = false ] ; then |
|
24 | 24 | sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts" |
|
25 | 25 | fi |
|
26 | 26 | |
|
27 | 27 | # Install hint about network configuration |
|
28 | 28 | install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces" |
|
29 | 29 | |
|
30 | 30 | # Install configuration for interface eth0 |
|
31 | 31 | install_readonly files/network/eth0.network "${ETC_DIR}/systemd/network/eth0.network" |
|
32 | 32 | |
|
33 | 33 | if [ "$RPI_MODEL" = 3P ] ; then |
|
34 | 34 | printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth0.network" |
|
35 | 35 | fi |
|
36 | 36 | |
|
37 | 37 | # Install configuration for interface wl* |
|
38 | 38 | install_readonly files/network/wlan0.network "${ETC_DIR}/systemd/network/wlan0.network" |
|
39 | 39 | |
|
40 | 40 | #always with dhcp since wpa_supplicant integration is missing |
|
41 | 41 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network" |
|
42 | 42 | |
|
43 | 43 | if [ "$ENABLE_ETH_DHCP" = true ] ; then |
|
44 | 44 | # Enable DHCP configuration for interface eth0 |
|
45 | 45 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth0.network" |
|
46 | 46 | |
|
47 | 47 | # Set DHCP configuration to IPv4 only |
|
48 | 48 | if [ "$ENABLE_IPV6" = false ] ; then |
|
49 | 49 | sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth0.network" |
|
50 | 50 | sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/eth0.network" |
|
51 | 51 | fi |
|
52 | 52 | |
|
53 | 53 | else # ENABLE_ETH_DHCP=false |
|
54 | 54 | # Set static network configuration for interface eth0 |
|
55 | 55 | if [ -n NET_ETH_ADDRESS ] && [ -n NET_ETH_GATEWAY ] && [ -n NET_ETH_DNS_1 ] ; then |
|
56 | 56 | sed -i\ |
|
57 | 57 | -e "s|DHCP=.*|DHCP=no|"\ |
|
58 | 58 | -e "s|Address=\$|Address=${NET_ETH_ADDRESS}|"\ |
|
59 | 59 | -e "s|Gateway=\$|Gateway=${NET_ETH_GATEWAY}|"\ |
|
60 | 60 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_1}|"\ |
|
61 | 61 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_ETH_DNS_2}|"\ |
|
62 | 62 | -e "s|Domains=\$|Domains=${NET_ETH_DNS_DOMAINS}|"\ |
|
63 | 63 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_1}|"\ |
|
64 | 64 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_ETH_NTP_2}|"\ |
|
65 | 65 | "${ETC_DIR}/systemd/network/eth0.network" |
|
66 | 66 | fi |
|
67 | 67 | fi |
|
68 | 68 | |
|
69 | 69 | |
|
70 | 70 | if [ "$ENABLE_WIRELESS" = true ] ; then |
|
71 | 71 | if [ "$ENABLE_WIFI_DHCP" = true ] ; then |
|
72 | 72 | # Enable DHCP configuration for interface eth0 |
|
73 | 73 | sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan0.network" |
|
74 | 74 | |
|
75 | 75 | # Set DHCP configuration to IPv4 only |
|
76 | 76 | if [ "$ENABLE_IPV6" = false ] ; then |
|
77 | 77 | sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/wlan0.network" |
|
78 | 78 | sed '/IPv6PrivacyExtensions=true/d' "${ETC_DIR}/systemd/network/wlan0.network" |
|
79 | 79 | fi |
|
80 | 80 | |
|
81 | 81 | else # ENABLE_WIFI_DHCP=false |
|
82 | 82 | # Set static network configuration for interface eth0 |
|
83 | 83 | if [ -n NET_WIFI_ADDRESS ] && [ -n NET_WIFI_GATEWAY ] && [ -n NET_WIFI_DNS_1 ] ; then |
|
84 | 84 | sed -i\ |
|
85 | 85 | -e "s|DHCP=.*|DHCP=no|"\ |
|
86 | 86 | -e "s|Address=\$|Address=${NET_WIFI_ADDRESS}|"\ |
|
87 | 87 | -e "s|Gateway=\$|Gateway=${NET_WIFI_GATEWAY}|"\ |
|
88 | 88 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_1}|"\ |
|
89 | 89 | -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_WIFI_DNS_2}|"\ |
|
90 | 90 | -e "s|Domains=\$|Domains=${NET_WIFI_DNS_DOMAINS}|"\ |
|
91 | 91 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_1}|"\ |
|
92 | 92 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_WIFI_NTP_2}|"\ |
|
93 | 93 | "${ETC_DIR}/systemd/network/wlan0.network" |
|
94 | 94 | fi |
|
95 | 95 | fi |
|
96 | 96 | |
|
97 | if [ -z "$NET_WIFI_SSID" ] && [ -z "$NET_WIFI_PSK" ] ; then | |
|
98 | printf " | |
|
97 | if [ ! -z "$NET_WIFI_SSID" ] && [ ! -z "$NET_WIFI_PSK" ] ; then | |
|
98 | chroot_exec printf " | |
|
99 | 99 | ctrl_interface=/run/wpa_supplicant |
|
100 | 100 | ctrl_interface_group=wheel |
|
101 | 101 | update_config=1 |
|
102 | 102 | eapol_version=1 |
|
103 | 103 | ap_scan=1 |
|
104 | 104 | fast_reauth=1 |
|
105 | 105 | |
|
106 | 106 | " > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf |
|
107 | 107 | |
|
108 | 108 | #Configure WPA_supplicant |
|
109 | 109 | chroot_exec wpa_passphrase "$NET_SSID" "$NET_WPAPSK" >> /etc/wpa_supplicant/wpa_supplicant-wlan0.conf |
|
110 | 110 | |
|
111 | 111 | chroot_exec systemctl enable wpa_supplicant.service |
|
112 | 112 | chroot_exec systemctl enable wpa_supplicant@wlan0.service |
|
113 | 113 | fi |
|
114 | 114 | # Remove empty settings from wlan configuration |
|
115 | 115 | sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan0.network" |
|
116 | 116 | # If WLAN is enabled copy wlan configuration too |
|
117 | 117 | mv -v "${ETC_DIR}/systemd/network/wlan0.network" "${LIB_DIR}/systemd/network/11-wlan0.network" |
|
118 | 118 | fi |
|
119 | 119 | |
|
120 | 120 | # Remove empty settings from network configuration |
|
121 | 121 | sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth0.network" |
|
122 | 122 | |
|
123 | 123 | # Move systemd network configuration if required by Debian release |
|
124 | 124 | mv -v "${ETC_DIR}/systemd/network/eth0.network" "${LIB_DIR}/systemd/network/10-eth0.network" |
|
125 | 125 | |
|
126 | 126 | #Clean up |
|
127 | 127 | rm -fr "${ETC_DIR}/systemd/network" |
|
128 | 128 | |
|
129 | 129 | # Enable systemd-networkd service |
|
130 | 130 | chroot_exec systemctl enable systemd-networkd |
|
131 | 131 | |
|
132 | 132 | # Install host.conf resolver configuration |
|
133 | 133 | install_readonly files/network/host.conf "${ETC_DIR}/host.conf" |
|
134 | 134 | |
|
135 | 135 | # Enable network stack hardening |
|
136 | 136 | if [ "$ENABLE_HARDNET" = true ] ; then |
|
137 | 137 | # Install sysctl.d configuration files |
|
138 | 138 | install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf" |
|
139 | 139 | |
|
140 | 140 | # Setup resolver warnings about spoofed addresses |
|
141 | 141 | sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf" |
|
142 | 142 | fi |
|
143 | 143 | |
|
144 | 144 | # Enable time sync |
|
145 | 145 | if [ "$NET_NTP_1" != "" ] ; then |
|
146 | 146 | chroot_exec systemctl enable systemd-timesyncd.service |
|
147 | 147 | fi |
|
148 | 148 | |
|
149 | 149 | # Download the firmware binary blob required to use the RPi3 wireless interface |
|
150 | 150 | if [ "$ENABLE_WIRELESS" = true ] ; then |
|
151 | 151 | if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then |
|
152 | 152 | mkdir -p "${WLAN_FIRMWARE_DIR}" |
|
153 | 153 | fi |
|
154 | 154 | |
|
155 | 155 | # Create temporary directory for firmware binary blob |
|
156 | 156 | temp_dir=$(as_nobody mktemp -d) |
|
157 | 157 | |
|
158 | 158 | # Fetch firmware binary blob for RPI3B+ |
|
159 | 159 | if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then |
|
160 | 160 | # Fetch firmware binary blob for RPi3P |
|
161 | 161 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin" |
|
162 | 162 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt" |
|
163 | 163 | as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob" |
|
164 | 164 | |
|
165 | 165 | # Move downloaded firmware binary blob |
|
166 | 166 | mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/" |
|
167 | 167 | |
|
168 | 168 | # Set permissions of the firmware binary blob |
|
169 | 169 | chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* |
|
170 | 170 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."* |
|
171 | 171 | elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then |
|
172 | 172 | # Fetch firmware binary blob for RPi3 |
|
173 | 173 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin" |
|
174 | 174 | as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt" |
|
175 | 175 | |
|
176 | 176 | # Move downloaded firmware binary blob |
|
177 | 177 | mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/" |
|
178 | 178 | |
|
179 | 179 | # Set permissions of the firmware binary blob |
|
180 | 180 | chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."* |
|
181 | 181 | chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."* |
|
182 | 182 | fi |
|
183 | 183 | |
|
184 | 184 | # Remove temporary directory for firmware binary blob |
|
185 | 185 | rm -fr "${temp_dir}" |
|
186 | 186 | fi |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant