#!/usr/bin/env bash # # lib/exec/install # # Copyright (c) 2020- RAP # Copyright (c) 2011-2016 LibreVPN # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation; either version 3 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU Affero General # Public License along with this program. If not, see # . # Este script necesita root (ver common) root=true . "${RAP_LIBDIR}"/common # Por las dudas, no acepta TINC vacío o de una sola letra ("/") test "${#TINC}" -lt 2 && fatal_error "La variable TINC está vacía" requires rsync find while getopts "dhvrn" arg; do case $arg in h) help ${self} ; exit 0;; v) VERBOSE=-v ;; n) DRYRUN=--dry-run ; VERBOSE=-v ;; r) DELETE=--delete-after ;; esac done let OPTIND--; shift ${OPTIND} nodedir="$(get_node_dir "${1}")" # Crear el directorio de scripts mkdir -p "${nodedir}/scripts" # Setear la MAC si no existía ya if ! test -f "${nodedir}/mac"; then msg "Estableciendo MAC" get_node_file "${1}" | xargs cat | public_key_to_mac > "${nodedir}/mac" fi msg "Instalando en el sistema..." ${sudo} mkdir -p "${TINC}" ${sudo} rsync -a --no-owner \ --no-group \ --exclude="*.backup" \ --exclude="*~" \ ${VERBOSE} ${DELETE} ${DRYRUN} \ "${nodedir}/" "${TINC}/" # No tenemos que hacer nada más si estamos con dry-run test -n "${DRYRUN}" && exit # Chequear permisos msg "Chequeando permisos..." ${sudo} chown -R root:root "${TINC}" ${sudo} find "${TINC}" -type d -exec chmod 755 {} \; ${sudo} find "${TINC}" -type f -exec chmod 644 {} \; ${sudo} find "${TINC}" -name '*-up' -exec chmod 755 {} \; ${sudo} find "${TINC}" -name '*-down' -exec chmod 755 {} \; ${sudo} find "${TINC}" -name 'run-script' -exec chmod 755 {} \; ${sudo} find "${TINC}/scripts" -type f -exec chmod 755 {} \; ${sudo} chmod 600 "${TINC}/rsa_key.priv" # Habilitar tinc en el sistema type systemctl &>/dev/null \ && ${sudo} systemctl enable --now tinc.service tinc@${NETWORK}.service # Instalar logrotate test -d /etc/logrotate.d && \ ${sudo} cp ${RAP_SKELDIR}/logrotate.conf /etc/logrotate.d/tincd.conf # Instalar el script de reconexión de tincd test -d /etc/NetworkManager/dispatcher.d && \ ${sudo} install -dm 750 -o root -g root ${RAP_SKELDIR}/50_tincd /etc/NetworkManager/dispatcher.d/ # Recargar los cambios en la configuración if pgrep tincd &>/dev/null; then msg "Recargando tincd..." for signal in WINCH HUP ALRM; do ${sudo} tincd -n ${NETWORK} -k ${signal} done fi exit $?