diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2020-11-06 18:25:10 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2020-11-06 18:25:10 -0300 |
commit | 44aa200f3fc65c52b58bb49533bbfd17530911d0 (patch) | |
tree | e0721500e31e412463233d635cb2bff1c4dee439 | |
parent | c3d66da7c162508a7fdfddbf4aaaf2adfc4f7a58 (diff) | |
download | kvmx-44aa200f3fc65c52b58bb49533bbfd17530911d0.tar.gz kvmx-44aa200f3fc65c52b58bb49533bbfd17530911d0.tar.bz2 |
Provision: njalla-openvpn and njalla-wireguardfeature/njalla
-rw-r--r-- | share/provision/files/njalla-openvpn/etc/ferm/ferm.conf (renamed from share/provision/files/njalla/etc/ferm/ferm.conf) | 0 | ||||
-rw-r--r-- | share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules (renamed from share/provision/files/njalla/etc/udev/rules.d/81-vpn-firewall.rules) | 0 | ||||
-rwxr-xr-x | share/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh (renamed from share/provision/files/njalla/usr/local/bin/fermreload.sh) | 0 | ||||
-rw-r--r-- | share/provision/files/njalla/etc/openvpn/ipredator.conf | 94 | ||||
-rwxr-xr-x | share/provision/njalla-openvpn (renamed from share/provision/njalla) | 8 | ||||
-rwxr-xr-x | share/provision/njalla-wireguard | 42 | ||||
-rwxr-xr-x | share/provision/openvpn (renamed from share/provision/vpn) | 0 | ||||
-rwxr-xr-x | share/provision/web-basic | 2 | ||||
-rwxr-xr-x | share/provision/wireguard | 36 |
9 files changed, 83 insertions, 99 deletions
diff --git a/share/provision/files/njalla/etc/ferm/ferm.conf b/share/provision/files/njalla-openvpn/etc/ferm/ferm.conf index a25a3d2..a25a3d2 100644 --- a/share/provision/files/njalla/etc/ferm/ferm.conf +++ b/share/provision/files/njalla-openvpn/etc/ferm/ferm.conf diff --git a/share/provision/files/njalla/etc/udev/rules.d/81-vpn-firewall.rules b/share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules index 64d8bd1..64d8bd1 100644 --- a/share/provision/files/njalla/etc/udev/rules.d/81-vpn-firewall.rules +++ b/share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules diff --git a/share/provision/files/njalla/usr/local/bin/fermreload.sh b/share/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh index cebf7cc..cebf7cc 100755 --- a/share/provision/files/njalla/usr/local/bin/fermreload.sh +++ b/share/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh diff --git a/share/provision/files/njalla/etc/openvpn/ipredator.conf b/share/provision/files/njalla/etc/openvpn/ipredator.conf deleted file mode 100644 index 439f31b..0000000 --- a/share/provision/files/njalla/etc/openvpn/ipredator.conf +++ /dev/null @@ -1,94 +0,0 @@ -# VER: 0.25 -client -dev tun0 -proto udp -remote pw.openvpn.ipredator.se 1194 -remote pw.openvpn.ipredator.me 1194 -remote pw.openvpn.ipredator.es 1194 -resolv-retry infinite -nobind - -#auth-user-pass /etc/openvpn/IPredator.auth -auth-user-pass /etc/openvpn/ipredator.auth -auth-retry nointeract - -ca [inline] - -tls-client -tls-auth [inline] -ns-cert-type server -remote-cert-tls server -remote-cert-ku 0x00e0 - -keepalive 10 30 -cipher AES-256-CBC -persist-key -comp-lzo -tun-mtu 1500 -mssfix 1200 -passtos -verb 3 -replay-window 512 60 -mute-replay-warnings -ifconfig-nowarn - -script-security 2 -up /etc/openvpn/update-resolv-conf -down /etc/openvpn/update-resolv-conf - -# Disable this if your system does not support it! -tls-version-min 1.2 - -<ca> ------BEGIN CERTIFICATE----- -MIIFJzCCBA+gAwIBAgIJAKee4ZMMpvhzMA0GCSqGSIb3DQEBBQUAMIG9MQswCQYD -VQQGEwJTRTESMBAGA1UECBMJQnJ5Z2dsYW5kMQ8wDQYDVQQHEwZPZWxkYWwxJDAi -BgNVBAoTG1JveWFsIFN3ZWRpc2ggQmVlciBTcXVhZHJvbjESMBAGA1UECxMJSW50 -ZXJuZXR6MScwJQYDVQQDEx5Sb3lhbCBTd2VkaXNoIEJlZXIgU3F1YWRyb24gQ0Ex -JjAkBgkqhkiG9w0BCQEWF2hvc3RtYXN0ZXJAaXByZWRhdG9yLnNlMB4XDTEyMDgw -NDIxMTAyNVoXDTIyMDgwMjIxMTAyNVowgb0xCzAJBgNVBAYTAlNFMRIwEAYDVQQI -EwlCcnlnZ2xhbmQxDzANBgNVBAcTBk9lbGRhbDEkMCIGA1UEChMbUm95YWwgU3dl -ZGlzaCBCZWVyIFNxdWFkcm9uMRIwEAYDVQQLEwlJbnRlcm5ldHoxJzAlBgNVBAMT -HlJveWFsIFN3ZWRpc2ggQmVlciBTcXVhZHJvbiBDQTEmMCQGCSqGSIb3DQEJARYX -aG9zdG1hc3RlckBpcHJlZGF0b3Iuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCp5M22fZtwtIh6Mu9IwC3N2tEFqyNTEP1YyXasjf+7VNISqSpFy+tf -DsHAkiE9Wbv8KFM9bOoVK1JjdDsetxArm/RNsUWm/SNyVbmY+5ezX/n95S7gQdMi -bA74/ID2+KsCXUY+HNNUQqFpyK67S09A6r0ZwPNUDbLgGnmCZRMDBPCHCbiK6e68 -d75v6f/0nY4AyAAAyqwAELIAn6sy4rzoPbalxcO33eW0fUG/ir41qqo8BQrWKyEd -Q9gy8tGEqbLQ+B30bhIvBh10YtWq6fgFZJzWP6K8bBJGRvioFOyQHCaVH98UjwOm -/AqMTg7LwNrpRJGcKLHzUf3gNSHQGHfzAgMBAAGjggEmMIIBIjAdBgNVHQ4EFgQU -pRqJxaYdvv3XGEECUqj7DJJ8ptswgfIGA1UdIwSB6jCB54AUpRqJxaYdvv3XGEEC -Uqj7DJJ8ptuhgcOkgcAwgb0xCzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlCcnlnZ2xh -bmQxDzANBgNVBAcTBk9lbGRhbDEkMCIGA1UEChMbUm95YWwgU3dlZGlzaCBCZWVy -IFNxdWFkcm9uMRIwEAYDVQQLEwlJbnRlcm5ldHoxJzAlBgNVBAMTHlJveWFsIFN3 -ZWRpc2ggQmVlciBTcXVhZHJvbiBDQTEmMCQGCSqGSIb3DQEJARYXaG9zdG1hc3Rl -ckBpcHJlZGF0b3Iuc2WCCQCnnuGTDKb4czAMBgNVHRMEBTADAQH/MA0GCSqGSIb3 -DQEBBQUAA4IBAQB8nxZJaTvMMoSG47jD2w31zt9o6nSx8XJKop/0rMMHKBe1QBUw -/n3clGwYxBW8mTnrXHhmJkwJzA0Vh525+dkF28E0I+DSigKUXEewIZtKjADYSxaG -M+4272enbJ86JeXUhN8oF9TT+LKgMBgtt9yX5o63Ek6QOKwovH5kemDOVJmwae9p -tXQEWfCPDFMc7VfSxS4BDBVinRWeMWZs+2AWeWu2CMsjcx7+B+kPbBCzfANanFDD -CZEQON4pEpfK2XErhOudKEJGCl7psH+9Ex//pqsUS43nVN/4sqydiwbi+wQuUI3P -BYtvqPnWdjIdf2ayAQQCWliAx9+P03vbef6y ------END CERTIFICATE----- -</ca> - -<tls-auth> ------BEGIN OpenVPN Static key V1----- -03f7b2056b9dc67aa79c59852cb6b35a -a3a15c0ca685ca76890bbb169e298837 -2bdc904116f5b66d8f7b3ea6a5ff05cb -fc4f4889d702d394710e48164b28094f -a0e1c7888d471da39918d747ca4bbc2f -285f676763b5b8bee9bc08e4b5a69315 -d2ff6b9f4b38e6e2e8bcd05c8ac33c5c -56c4c44dbca35041b67e2374788f8977 -7ad4ab8e06cd59e7164200dfbadb942a -351a4171ab212c23bee1920120f81205 -efabaa5e34619f13adbe58b6c83536d3 -0d34e6466feabdd0e63b39ad9bb1116b -37fafb95759ab9a15572842f70e7cba9 -69700972a01b21229eba487745c091dd -5cd6d77bdc7a54a756ffe440789fd39e -97aa9abe2749732b7262f82e4097bee3 ------END OpenVPN Static key V1----- -</tls-auth> diff --git a/share/provision/njalla b/share/provision/njalla-openvpn index 9598d8c..eb8d1f4 100755 --- a/share/provision/njalla +++ b/share/provision/njalla-openvpn @@ -27,13 +27,13 @@ MIRROR="$3" APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" # Provision the basic stuff -$DIRNAME/vpn $HOSTNAME $DOMAIN $MIRROR +$DIRNAME/openvpn $HOSTNAME $DOMAIN $MIRROR # Firewall $APT_INSTALL ferm ulogd2 ulogd2-pcap -sudo cp $DIRNAME/files/njalla/etc/ferm/ferm.conf /etc/ferm -sudo cp $DIRNAME/files/njalla/etc/udev/rules.d/81-vpn-firewall.rules /etc/udev/rules.d -sudo cp $DIRNAME/files/njalla/usr/local/bin/fermreload.sh /usr/local/bin +sudo cp $DIRNAME/files/njalla-openvpn/etc/ferm/ferm.conf /etc/ferm +sudo cp $DIRNAME/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules /etc/udev/rules.d +sudo cp $DIRNAME/files/njalla-openvpn/usr/local/bin/fermreload.sh /usr/local/bin sudo chmod 555 /usr/local/bin/fermreload.sh sudo sed -i -e 's/^ENABLED=.*$/ENABLED="yes"/' /etc/default/ferm sudo service ferm restart diff --git a/share/provision/njalla-wireguard b/share/provision/njalla-wireguard new file mode 100755 index 0000000..fe3d7fe --- /dev/null +++ b/share/provision/njalla-wireguard @@ -0,0 +1,42 @@ +#!/usr/bin/env bash +# +# Full desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/wireguard $HOSTNAME $DOMAIN $MIRROR + +# Firewall +#$APT_INSTALL ferm ulogd2 ulogd2-pcap +#sudo cp $DIRNAME/files/njalla-wireguard/etc/ferm/ferm.conf /etc/ferm +#sudo cp $DIRNAME/files/njalla-wireguard/etc/udev/rules.d/81-vpn-firewall.rules /etc/udev/rules.d +#sudo cp $DIRNAME/files/njalla-wireguard/usr/local/bin/fermreload.sh /usr/local/bin +#sudo chmod 555 /usr/local/bin/fermreload.sh +#sudo sed -i -e 's/^ENABLED=.*$/ENABLED="yes"/' /etc/default/ferm +#sudo service ferm restart + +# Njalla +echo "Please configure /etc/wireguard/ng0.conf" diff --git a/share/provision/vpn b/share/provision/openvpn index 5722c3e..5722c3e 100755 --- a/share/provision/vpn +++ b/share/provision/openvpn diff --git a/share/provision/web-basic b/share/provision/web-basic index 4228d36..e61309a 100755 --- a/share/provision/web-basic +++ b/share/provision/web-basic @@ -34,7 +34,7 @@ echo "Installing additional web packages..." $APT_INSTALL firefox-esr chromium # Use addons.mozilla.org version instead -sudo apt get remove -y webext-treestyletab +sudo apt-get remove -y webext-treestyletab # Mozilla configuration # Create this config using "cd $HOME && /bin/tar jcvf mozilla.tar.bz2 .mozilla" diff --git a/share/provision/wireguard b/share/provision/wireguard new file mode 100755 index 0000000..0aad2c9 --- /dev/null +++ b/share/provision/wireguard @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +# +# Full desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/web-full $HOSTNAME $DOMAIN $MIRROR + +# Install OpenVPN and dnsutils (which provides nslookup) +$APT_INSTALL wireguard-tools resolvconf dnsutils curl + +# Use a stacked window manager to reduce browser fingerprinting +$DIRNAME/openbox |