#!/bin/bash # Copyright 2019 Google Inc. All rights reserved. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. if [[ "$OSTYPE" != "linux-gnu" ]]; then echo "error: must be running linux" exit 1 fi # escalate to superuser if [ "$UID" -ne 0 ]; then exec sudo bash "$0" fi cleanup() { echo "Starting up network-manager..." service network-manager start if [ $? != 0 ]; then echo "error: failed to start network-manager" exit 1 fi echo "Starting up networking..." service networking start if [ $? != 0 ]; then echo "error: failed to start networking" exit 1 fi if [ ! -z "$1" ]; then exit $1 fi } sleep_time=0.1 max_attempts=100 DEFAULTNET=$1 if [ "$DEFAULTNET" == "" ]; then warn_no_default_network=0 warn_disconnect_rockpi=0 attempts=0 while true; do NETLIST=`ip link | grep "state UP" | sed 's/[0-9]*: \([^:]*\):.*/\1/'` if [[ "${NETLIST}" == "" ]]; then if [[ $warn_no_default_network -eq 0 ]]; then echo "error: couldn't detect any connected default network" warn_no_default_network=1 fi continue elif [ `echo "${NETLIST}" | wc -l` -eq 1 ]; then DEFAULTNET=${NETLIST} break elif [ `echo "${NETLIST}" | wc -l` -ne 1 ]; then if [[ $warn_disconnect_rockpi -eq 0 ]]; then echo "Please disconnect the network cable from the Rock Pi" warn_disconnect_rockpi=1 fi if [[ ${attempts} -gt ${max_attempts} ]]; then echo -e "\nerror: detected multiple connected networks, please tell me what to do:" count=1 for net in ${NETLIST}; do echo "${count}) $net" let count+=1 done read -p "Enter the number of your default network connection: " num_default count=1 for net in ${NETLIST}; do if [ ${count} -eq ${num_default} ]; then echo "Setting default to: ${net}" DEFAULTNET=${net} fi let count+=1 done warn_no_default_network=0 break fi echo -ne "\r" printf "Manual configuration in %.1f seconds..." "$(( max_attempts-attempts ))e-1" sleep $sleep_time fi let attempts+=1 done fi echo "Found default network at ${DEFAULTNET}" if [ "${ROCKNET}" == "" ]; then echo "Please reconnect network cable from Rock Pi to PC's spare network port" attempts=0 while true; do NETLIST=`ip link | grep "state UP" | grep -v $DEFAULTNET | sed 's/[0-9]*: \([^:]*\):.*/\1/' | awk 'NF'` networks=`echo "$NETLIST" | wc -l` if [[ "${NETLIST}" == "" ]]; then networks=0 fi if [ $networks -eq 1 ]; then ROCKNET=${NETLIST} break elif [ $networks -gt 1 ]; then if [[ ${attempts} -gt ${max_attempts} ]]; then echo -e "\nerror: detected multiple connected networks, please tell me what to do:" count=1 for net in ${NETLIST}; do echo "${count}) $net" let count+=1 done read -p "Enter the number of your rock pi network connection: " num_rockpi count=1 for net in ${NETLIST}; do if [ ${count} -eq ${num_rockpi} ]; then echo "Setting rock pi to: ${net}" ROCKNET=${net} fi let count+=1 done break fi echo -ne "\r" printf "Manual configuration in %.1f seconds..." "$(( max_attempts-attempts ))e-1" let attempts+=1 fi sleep $sleep_time done fi echo "Found Rock Pi network at ${ROCKNET}" sudo ifconfig ${ROCKNET} down echo "Downloading dnsmasq..." apt-get install -d -y dnsmasq >/dev/null echo "Shutting down network-manager to prevent interference..." service network-manager stop if [ $? != 0 ]; then echo "error: failed to stop network-manager" cleanup 1 fi echo "Shutting down networking to prevent interference..." service networking stop if [ $? != 0 ]; then echo "error: failed to stop networking" cleanup 1 fi echo "Installing dnsmasq..." apt-get install dnsmasq >/dev/null echo "Enabling dnsmasq daemon..." cat /etc/default/dnsmasq | grep "ENABLED" >/dev/null if [ $? == 0 ]; then sed -i 's/.*ENABLED.*/ENABLED=1/' /etc/default/dnsmasq else echo "ENABLED=1" >> /etc/default/dnsmasq fi echo "Configuring dnsmasq for Rock Pi network..." cat >/etc/dnsmasq.d/${ROCKNET}.conf << EOF interface=${ROCKNET} bind-interfaces except-interface=lo dhcp-authoritative leasefile-ro port=0 dhcp-range=192.168.0.100,192.168.0.199 EOF echo "Configuring udev rules..." cat >/etc/udev/rules.d/82-${ROCKNET}.rules </etc/network/interfaces.d/${ROCKNET}.conf </proc/sys/net/ipv4/ip_forward echo "Creating IP tables rules script..." cat > /usr/local/sbin/iptables-rockpi.sh << EOF #!/bin/bash /sbin/iptables -A FORWARD -i ${ROCKNET} -o ${DEFAULTNET} -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i ${ROCKNET} -o ${DEFAULTNET} -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -o ${DEFAULTNET} -j MASQUERADE EOF sudo chown root:root /usr/local/sbin/iptables-rockpi.sh sudo chmod 750 /usr/local/sbin/iptables-rockpi.sh echo "Creating IP tables rules service..." cat > /etc/systemd/system/iptables-rockpi.service << EOF [Unit] Description=iptables rockpi service After=network.target [Service] Type=oneshot ExecStart=/usr/local/sbin/iptables-rockpi.sh RemainAfterExit=true StandardOutput=journal [Install] WantedBy=multi-user.target EOF echo "Reloading systemd manager configuration..." sudo systemctl daemon-reload echo "Start IP tables rules service..." sudo systemctl enable iptables-rockpi sudo systemctl start iptables-rockpi cleanup echo "Restarting dnsmasq service..." service dnsmasq restart if [ $? != 0 ]; then echo "error: failed to restart dnsmasq" exit 1 fi # Verify the Rock Pi was configured correctly ip link show ${ROCKNET} >/dev/null if [ $? != 0 ]; then echo "error: wasn't able to successfully configure connection to Rock Pi" exit 1 fi echo "Searching for Rock Pi's IP address..." while true; do rockip=`cat /proc/net/arp | grep ${ROCKNET} | grep -v 00:00:00:00:00:00 | cut -d" " -f1` if [[ ${#rockip} -ge 7 ]] && [[ ${#rockip} -le 15 ]]; then break fi sleep 0.1 done echo "Writing Rock Pi configuration to ~/.ssh/config..." USER_HOME=$(getent passwd $SUDO_USER | cut -d: -f6) grep -w "Host rock01" $USER_HOME/.ssh/config > /dev/null 2>&1 if [ $? != 0 ]; then cat >>$USER_HOME/.ssh/config << EOF Host rock01 HostName ${rockip} User vsoc-01 IdentityFile ~/.ssh/rock01_key LocalForward 6520 127.0.0.1:6520 LocalForward 6444 127.0.0.1:6444 EOF else sed -i '/Host rock01/{n;s/.*/ HostName '${rockip}'/}' $USER_HOME/.ssh/config fi grep -w "Host rockpi01" $USER_HOME/.ssh/config > /dev/null 2>&1 if [ $? != 0 ]; then cat >>$USER_HOME/.ssh/config << EOF Host rockpi01 HostName ${rockip} User vsoc-01 IdentityFile ~/.ssh/rock01_key EOF else sed -i '/Host rockpi01/{n;s/.*/ HostName '${rockip}'/}' $USER_HOME/.ssh/config fi sudo chown $SUDO_USER:`id -ng $SUDO_USER` $USER_HOME/.ssh/config sudo chmod 600 $USER_HOME/.ssh/config echo "Creating ssh key..." sudo -u $SUDO_USER echo "n" | sudo -u $SUDO_USER ssh-keygen -q -t rsa -b 4096 -f $USER_HOME/.ssh/rock01_key -N '' >/dev/null 2>&1 tmpfile=`mktemp` echo "echo cuttlefish" > "$tmpfile" chmod a+x "$tmpfile" chown $SUDO_USER "$tmpfile" sudo SSH_ASKPASS="${tmpfile}" DISPLAY=:0 su $SUDO_USER -c "setsid -w ssh-copy-id -i ${USER_HOME}/.ssh/rock01_key -o StrictHostKeyChecking=no vsoc-01@${rockip} >/dev/null 2>&1" if [ $? != 0 ]; then sed -i "/${rockip}/d" ${USER_HOME}/.ssh/known_hosts sudo SSH_ASKPASS="${tmpfile}" DISPLAY=:0 su $SUDO_USER -c "setsid -w ssh-copy-id -i ${USER_HOME}/.ssh/rock01_key -o StrictHostKeyChecking=no vsoc-01@${rockip} >/dev/null 2>&1" if [ $? != 0 ]; then echo "error: wasn't able to connect to Rock Pi over ssh" exit 1 fi fi echo "Successfully configured!" echo " Host: 192.168.0.1" echo "RockPi: ${rockip}" echo "SSH Alias: rock01 (auto port-forwarding)" echo "SSH Alias: rockpi01 (no port-forwarding)"