aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2017-05-12 10:13:55 -0300
committerSilvio Rhatto <rhatto@riseup.net>2017-05-12 10:13:55 -0300
commit99c856041bcad326cb9503dd7670f9b37efea7be (patch)
tree74f790fbbc48b697a6fa23d24db0222bdfa03eb3
parente463915f07745ecda9eb0d2d61332fafe17b7f62 (diff)
downloadkvmx-99c856041bcad326cb9503dd7670f9b37efea7be.tar.gz
kvmx-99c856041bcad326cb9503dd7670f9b37efea7be.tar.bz2
Adds some VPN provisioners
-rwxr-xr-xshare/provision/bitmask37
-rwxr-xr-xshare/provision/desktop-full2
-rw-r--r--share/provision/files/ipredator/etc/openvpn/IPredator-CLI-Password.conf93
-rwxr-xr-xshare/provision/ipredator40
-rwxr-xr-xshare/provision/vpn33
5 files changed, 204 insertions, 1 deletions
diff --git a/share/provision/bitmask b/share/provision/bitmask
new file mode 100755
index 0000000..f7135cb
--- /dev/null
+++ b/share/provision/bitmask
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+#
+# Full desktop provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/vpn $HOSTNAME $DOMAIN $MIRROR
+
+# Bitmask
+# See https://bitmask.net/en/install/linux
+$APT_INSTALL leap-archive-keyring
+echo "deb http://deb.bitmask.net/debian stretch main" | sudo tee -a /etc/apt/sources.list.d/bitmask.list > /dev/null
+sudo apt update
+$APT_INSTALL bitmask
diff --git a/share/provision/desktop-full b/share/provision/desktop-full
index 290e62f..b4dce46 100755
--- a/share/provision/desktop-full
+++ b/share/provision/desktop-full
@@ -29,6 +29,6 @@ APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
# Provision the basic stuff
$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR
-# Install cinnamon
+# Install awesome
apps/metadot/metadot load awesome
apps/metadot/metadot deps awesome
diff --git a/share/provision/files/ipredator/etc/openvpn/IPredator-CLI-Password.conf b/share/provision/files/ipredator/etc/openvpn/IPredator-CLI-Password.conf
new file mode 100644
index 0000000..210cbdc
--- /dev/null
+++ b/share/provision/files/ipredator/etc/openvpn/IPredator-CLI-Password.conf
@@ -0,0 +1,93 @@
+# VER: 0.25
+client
+dev tun0
+proto udp
+remote pw.openvpn.ipredator.se 1194
+remote pw.openvpn.ipredator.me 1194
+remote pw.openvpn.ipredator.es 1194
+resolv-retry infinite
+nobind
+
+auth-user-pass /etc/openvpn/IPredator.auth
+auth-retry nointeract
+
+ca [inline]
+
+tls-client
+tls-auth [inline]
+ns-cert-type server
+remote-cert-tls server
+remote-cert-ku 0x00e0
+
+keepalive 10 30
+cipher AES-256-CBC
+persist-key
+comp-lzo
+tun-mtu 1500
+mssfix 1200
+passtos
+verb 3
+replay-window 512 60
+mute-replay-warnings
+ifconfig-nowarn
+
+script-security 2
+up /etc/openvpn/update-resolv-conf
+down /etc/openvpn/update-resolv-conf
+
+# Disable this if your system does not support it!
+tls-version-min 1.2
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIFJzCCBA+gAwIBAgIJAKee4ZMMpvhzMA0GCSqGSIb3DQEBBQUAMIG9MQswCQYD
+VQQGEwJTRTESMBAGA1UECBMJQnJ5Z2dsYW5kMQ8wDQYDVQQHEwZPZWxkYWwxJDAi
+BgNVBAoTG1JveWFsIFN3ZWRpc2ggQmVlciBTcXVhZHJvbjESMBAGA1UECxMJSW50
+ZXJuZXR6MScwJQYDVQQDEx5Sb3lhbCBTd2VkaXNoIEJlZXIgU3F1YWRyb24gQ0Ex
+JjAkBgkqhkiG9w0BCQEWF2hvc3RtYXN0ZXJAaXByZWRhdG9yLnNlMB4XDTEyMDgw
+NDIxMTAyNVoXDTIyMDgwMjIxMTAyNVowgb0xCzAJBgNVBAYTAlNFMRIwEAYDVQQI
+EwlCcnlnZ2xhbmQxDzANBgNVBAcTBk9lbGRhbDEkMCIGA1UEChMbUm95YWwgU3dl
+ZGlzaCBCZWVyIFNxdWFkcm9uMRIwEAYDVQQLEwlJbnRlcm5ldHoxJzAlBgNVBAMT
+HlJveWFsIFN3ZWRpc2ggQmVlciBTcXVhZHJvbiBDQTEmMCQGCSqGSIb3DQEJARYX
+aG9zdG1hc3RlckBpcHJlZGF0b3Iuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCp5M22fZtwtIh6Mu9IwC3N2tEFqyNTEP1YyXasjf+7VNISqSpFy+tf
+DsHAkiE9Wbv8KFM9bOoVK1JjdDsetxArm/RNsUWm/SNyVbmY+5ezX/n95S7gQdMi
+bA74/ID2+KsCXUY+HNNUQqFpyK67S09A6r0ZwPNUDbLgGnmCZRMDBPCHCbiK6e68
+d75v6f/0nY4AyAAAyqwAELIAn6sy4rzoPbalxcO33eW0fUG/ir41qqo8BQrWKyEd
+Q9gy8tGEqbLQ+B30bhIvBh10YtWq6fgFZJzWP6K8bBJGRvioFOyQHCaVH98UjwOm
+/AqMTg7LwNrpRJGcKLHzUf3gNSHQGHfzAgMBAAGjggEmMIIBIjAdBgNVHQ4EFgQU
+pRqJxaYdvv3XGEECUqj7DJJ8ptswgfIGA1UdIwSB6jCB54AUpRqJxaYdvv3XGEEC
+Uqj7DJJ8ptuhgcOkgcAwgb0xCzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlCcnlnZ2xh
+bmQxDzANBgNVBAcTBk9lbGRhbDEkMCIGA1UEChMbUm95YWwgU3dlZGlzaCBCZWVy
+IFNxdWFkcm9uMRIwEAYDVQQLEwlJbnRlcm5ldHoxJzAlBgNVBAMTHlJveWFsIFN3
+ZWRpc2ggQmVlciBTcXVhZHJvbiBDQTEmMCQGCSqGSIb3DQEJARYXaG9zdG1hc3Rl
+ckBpcHJlZGF0b3Iuc2WCCQCnnuGTDKb4czAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
+DQEBBQUAA4IBAQB8nxZJaTvMMoSG47jD2w31zt9o6nSx8XJKop/0rMMHKBe1QBUw
+/n3clGwYxBW8mTnrXHhmJkwJzA0Vh525+dkF28E0I+DSigKUXEewIZtKjADYSxaG
+M+4272enbJ86JeXUhN8oF9TT+LKgMBgtt9yX5o63Ek6QOKwovH5kemDOVJmwae9p
+tXQEWfCPDFMc7VfSxS4BDBVinRWeMWZs+2AWeWu2CMsjcx7+B+kPbBCzfANanFDD
+CZEQON4pEpfK2XErhOudKEJGCl7psH+9Ex//pqsUS43nVN/4sqydiwbi+wQuUI3P
+BYtvqPnWdjIdf2ayAQQCWliAx9+P03vbef6y
+-----END CERTIFICATE-----
+</ca>
+
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+03f7b2056b9dc67aa79c59852cb6b35a
+a3a15c0ca685ca76890bbb169e298837
+2bdc904116f5b66d8f7b3ea6a5ff05cb
+fc4f4889d702d394710e48164b28094f
+a0e1c7888d471da39918d747ca4bbc2f
+285f676763b5b8bee9bc08e4b5a69315
+d2ff6b9f4b38e6e2e8bcd05c8ac33c5c
+56c4c44dbca35041b67e2374788f8977
+7ad4ab8e06cd59e7164200dfbadb942a
+351a4171ab212c23bee1920120f81205
+efabaa5e34619f13adbe58b6c83536d3
+0d34e6466feabdd0e63b39ad9bb1116b
+37fafb95759ab9a15572842f70e7cba9
+69700972a01b21229eba487745c091dd
+5cd6d77bdc7a54a756ffe440789fd39e
+97aa9abe2749732b7262f82e4097bee3
+-----END OpenVPN Static key V1-----
+</tls-auth>
diff --git a/share/provision/ipredator b/share/provision/ipredator
new file mode 100755
index 0000000..e8bba69
--- /dev/null
+++ b/share/provision/ipredator
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+#
+# Full desktop provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/vpn $HOSTNAME $DOMAIN $MIRROR
+
+# IPredator
+# See https://www.ipredator.se/guide/openvpn/debian/native
+sudo cp $DIRNAME/files/ipredator/etc/openvpn/IPredator-CLI-Password.conf /etc/openvpn
+sudo touch /etc/openvpn/IPredator.auth
+sudo chown root:root /etc/openvpn/IPredator-CLI-Password.conf
+sudo chown root:root /etc/openvpn/IPredator.auth
+sudo chmod 400 /etc/openvpn/IPredator-CLI-Password.conf
+sudo chmod 400 /etc/openvpn/IPredator.auth
+echo "Please set user/password at /etc/openvpn/IPredator.auth"
diff --git a/share/provision/vpn b/share/provision/vpn
new file mode 100755
index 0000000..e379f62
--- /dev/null
+++ b/share/provision/vpn
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+#
+# Full desktop provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/desktop-full $HOSTNAME $DOMAIN $MIRROR
+
+# Install OpenVPN
+$APT_INSTALL openvpn