##// END OF EJS Templates
a
Unknown -
r573:e02b52fa74f3
parent child
Show More
@@ -1,132 +1,136
1 #
1 #
2 # Setup Networking
2 # Setup Networking
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup hostname
8 # Install and setup hostname
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11
11
12 # Install and setup hosts
12 # Install and setup hosts
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15
15
16 # Setup hostname entry with static IP
16 # Setup hostname entry with static IP
17 if [ "$NET_ADDRESS" != "" ] ; then
17 if [ "$NET_ADDRESS" != "" ] ; then
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 fi
20 fi
21
21
22 # Remove IPv6 hosts
22 # Remove IPv6 hosts
23 if [ "$ENABLE_IPV6" = false ] ; then
23 if [ "$ENABLE_IPV6" = false ] ; then
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 fi
25 fi
26
26
27 # Install hint about network configuration
27 # Install hint about network configuration
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29
29
30 # Install configuration for interface eth0
30 # Install configuration for interface eth0
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32
32
33 if [ "$RPI_MODEL" = 3P ] ; then
34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
35 fi
36
33 # Install configuration for interface wl*
37 # Install configuration for interface wl*
34 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
38 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
35
39
36 #always with dhcp since wpa_supplicant integration is missing
40 #always with dhcp since wpa_supplicant integration is missing
37 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
38
42
39 if [ "$ENABLE_DHCP" = true ] ; then
43 if [ "$ENABLE_DHCP" = true ] ; then
40 # Enable DHCP configuration for interface eth0
44 # Enable DHCP configuration for interface eth0
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
42
46
43 # Set DHCP configuration to IPv4 only
47 # Set DHCP configuration to IPv4 only
44 if [ "$ENABLE_IPV6" = false ] ; then
48 if [ "$ENABLE_IPV6" = false ] ; then
45 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
46 fi
50 fi
47
51
48 else # ENABLE_DHCP=false
52 else # ENABLE_DHCP=false
49 # Set static network configuration for interface eth0
53 # Set static network configuration for interface eth0
50 sed -i\
54 sed -i\
51 -e "s|DHCP=.*|DHCP=no|"\
55 -e "s|DHCP=.*|DHCP=no|"\
52 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
56 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
53 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
57 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
54 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
58 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
55 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
59 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
56 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
60 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
61 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
62 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 "${ETC_DIR}/systemd/network/eth.network"
63 "${ETC_DIR}/systemd/network/eth.network"
60 fi
64 fi
61
65
62 # Remove empty settings from network configuration
66 # Remove empty settings from network configuration
63 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
67 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
64 # Remove empty settings from wlan configuration
68 # Remove empty settings from wlan configuration
65 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
69 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
66
70
67 # Move systemd network configuration if required by Debian release
71 # Move systemd network configuration if required by Debian release
68 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
72 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
69 # If WLAN is enabled copy wlan configuration too
73 # If WLAN is enabled copy wlan configuration too
70 if [ "$ENABLE_WIRELESS" = true ] ; then
74 if [ "$ENABLE_WIRELESS" = true ] ; then
71 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
75 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
72 fi
76 fi
73 rm -fr "${ETC_DIR}/systemd/network"
77 rm -fr "${ETC_DIR}/systemd/network"
74
78
75 # Enable systemd-networkd service
79 # Enable systemd-networkd service
76 chroot_exec systemctl enable systemd-networkd
80 chroot_exec systemctl enable systemd-networkd
77
81
78 # Install host.conf resolver configuration
82 # Install host.conf resolver configuration
79 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
83 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
80
84
81 # Enable network stack hardening
85 # Enable network stack hardening
82 if [ "$ENABLE_HARDNET" = true ] ; then
86 if [ "$ENABLE_HARDNET" = true ] ; then
83 # Install sysctl.d configuration files
87 # Install sysctl.d configuration files
84 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
88 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
85
89
86 # Setup resolver warnings about spoofed addresses
90 # Setup resolver warnings about spoofed addresses
87 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
91 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
88 fi
92 fi
89
93
90 # Enable time sync
94 # Enable time sync
91 if [ "$NET_NTP_1" != "" ] ; then
95 if [ "$NET_NTP_1" != "" ] ; then
92 chroot_exec systemctl enable systemd-timesyncd.service
96 chroot_exec systemctl enable systemd-timesyncd.service
93 fi
97 fi
94
98
95 # Download the firmware binary blob required to use the RPi3 wireless interface
99 # Download the firmware binary blob required to use the RPi3 wireless interface
96 if [ "$ENABLE_WIRELESS" = true ] ; then
100 if [ "$ENABLE_WIRELESS" = true ] ; then
97 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
101 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
98 mkdir -p "${WLAN_FIRMWARE_DIR}"
102 mkdir -p "${WLAN_FIRMWARE_DIR}"
99 fi
103 fi
100
104
101 # Create temporary directory for firmware binary blob
105 # Create temporary directory for firmware binary blob
102 temp_dir=$(as_nobody mktemp -d)
106 temp_dir=$(as_nobody mktemp -d)
103
107
104 # Fetch firmware binary blob for RPI3B+
108 # Fetch firmware binary blob for RPI3B+
105 if [ "$RPI_MODEL" = 3P ] ; then
109 if [ "$RPI_MODEL" = 3P ] ; then
106 # Fetch firmware binary blob for RPi3P
110 # Fetch firmware binary blob for RPi3P
107 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
111 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
108 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
109 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
110
114
111 # Move downloaded firmware binary blob
115 # Move downloaded firmware binary blob
112 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
116 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
113
117
114 # Set permissions of the firmware binary blob
118 # Set permissions of the firmware binary blob
115 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
119 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
116 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
120 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
117 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
121 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
118 # Fetch firmware binary blob for RPi3
122 # Fetch firmware binary blob for RPi3
119 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
123 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
120 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
124 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
121
125
122 # Move downloaded firmware binary blob
126 # Move downloaded firmware binary blob
123 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
127 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
124
128
125 # Set permissions of the firmware binary blob
129 # Set permissions of the firmware binary blob
126 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
130 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
127 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
128 fi
132 fi
129
133
130 # Remove temporary directory for firmware binary blob
134 # Remove temporary directory for firmware binary blob
131 rm -fr "${temp_dir}"
135 rm -fr "${temp_dir}"
132 fi
136 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant