aboutsummaryrefslogtreecommitdiff
path: root/share/provision
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2020-11-06 18:25:10 -0300
committerSilvio Rhatto <rhatto@riseup.net>2020-11-06 18:25:10 -0300
commit44aa200f3fc65c52b58bb49533bbfd17530911d0 (patch)
treee0721500e31e412463233d635cb2bff1c4dee439 /share/provision
parentc3d66da7c162508a7fdfddbf4aaaf2adfc4f7a58 (diff)
downloadkvmx-44aa200f3fc65c52b58bb49533bbfd17530911d0.tar.gz
kvmx-44aa200f3fc65c52b58bb49533bbfd17530911d0.tar.bz2
Provision: njalla-openvpn and njalla-wireguardfeature/njalla
Diffstat (limited to 'share/provision')
-rw-r--r--share/provision/files/njalla-openvpn/etc/ferm/ferm.conf (renamed from share/provision/files/njalla/etc/ferm/ferm.conf)0
-rw-r--r--share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules (renamed from share/provision/files/njalla/etc/udev/rules.d/81-vpn-firewall.rules)0
-rwxr-xr-xshare/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh (renamed from share/provision/files/njalla/usr/local/bin/fermreload.sh)0
-rw-r--r--share/provision/files/njalla/etc/openvpn/ipredator.conf94
-rwxr-xr-xshare/provision/njalla-openvpn (renamed from share/provision/njalla)8
-rwxr-xr-xshare/provision/njalla-wireguard42
-rwxr-xr-xshare/provision/openvpn (renamed from share/provision/vpn)0
-rwxr-xr-xshare/provision/web-basic2
-rwxr-xr-xshare/provision/wireguard36
9 files changed, 83 insertions, 99 deletions
diff --git a/share/provision/files/njalla/etc/ferm/ferm.conf b/share/provision/files/njalla-openvpn/etc/ferm/ferm.conf
index a25a3d2..a25a3d2 100644
--- a/share/provision/files/njalla/etc/ferm/ferm.conf
+++ b/share/provision/files/njalla-openvpn/etc/ferm/ferm.conf
diff --git a/share/provision/files/njalla/etc/udev/rules.d/81-vpn-firewall.rules b/share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules
index 64d8bd1..64d8bd1 100644
--- a/share/provision/files/njalla/etc/udev/rules.d/81-vpn-firewall.rules
+++ b/share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules
diff --git a/share/provision/files/njalla/usr/local/bin/fermreload.sh b/share/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh
index cebf7cc..cebf7cc 100755
--- a/share/provision/files/njalla/usr/local/bin/fermreload.sh
+++ b/share/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh
diff --git a/share/provision/files/njalla/etc/openvpn/ipredator.conf b/share/provision/files/njalla/etc/openvpn/ipredator.conf
deleted file mode 100644
index 439f31b..0000000
--- a/share/provision/files/njalla/etc/openvpn/ipredator.conf
+++ /dev/null
@@ -1,94 +0,0 @@
-# VER: 0.25
-client
-dev tun0
-proto udp
-remote pw.openvpn.ipredator.se 1194
-remote pw.openvpn.ipredator.me 1194
-remote pw.openvpn.ipredator.es 1194
-resolv-retry infinite
-nobind
-
-#auth-user-pass /etc/openvpn/IPredator.auth
-auth-user-pass /etc/openvpn/ipredator.auth
-auth-retry nointeract
-
-ca [inline]
-
-tls-client
-tls-auth [inline]
-ns-cert-type server
-remote-cert-tls server
-remote-cert-ku 0x00e0
-
-keepalive 10 30
-cipher AES-256-CBC
-persist-key
-comp-lzo
-tun-mtu 1500
-mssfix 1200
-passtos
-verb 3
-replay-window 512 60
-mute-replay-warnings
-ifconfig-nowarn
-
-script-security 2
-up /etc/openvpn/update-resolv-conf
-down /etc/openvpn/update-resolv-conf
-
-# Disable this if your system does not support it!
-tls-version-min 1.2
-
-<ca>
------BEGIN CERTIFICATE-----
-MIIFJzCCBA+gAwIBAgIJAKee4ZMMpvhzMA0GCSqGSIb3DQEBBQUAMIG9MQswCQYD
-VQQGEwJTRTESMBAGA1UECBMJQnJ5Z2dsYW5kMQ8wDQYDVQQHEwZPZWxkYWwxJDAi
-BgNVBAoTG1JveWFsIFN3ZWRpc2ggQmVlciBTcXVhZHJvbjESMBAGA1UECxMJSW50
-ZXJuZXR6MScwJQYDVQQDEx5Sb3lhbCBTd2VkaXNoIEJlZXIgU3F1YWRyb24gQ0Ex
-JjAkBgkqhkiG9w0BCQEWF2hvc3RtYXN0ZXJAaXByZWRhdG9yLnNlMB4XDTEyMDgw
-NDIxMTAyNVoXDTIyMDgwMjIxMTAyNVowgb0xCzAJBgNVBAYTAlNFMRIwEAYDVQQI
-EwlCcnlnZ2xhbmQxDzANBgNVBAcTBk9lbGRhbDEkMCIGA1UEChMbUm95YWwgU3dl
-ZGlzaCBCZWVyIFNxdWFkcm9uMRIwEAYDVQQLEwlJbnRlcm5ldHoxJzAlBgNVBAMT
-HlJveWFsIFN3ZWRpc2ggQmVlciBTcXVhZHJvbiBDQTEmMCQGCSqGSIb3DQEJARYX
-aG9zdG1hc3RlckBpcHJlZGF0b3Iuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCp5M22fZtwtIh6Mu9IwC3N2tEFqyNTEP1YyXasjf+7VNISqSpFy+tf
-DsHAkiE9Wbv8KFM9bOoVK1JjdDsetxArm/RNsUWm/SNyVbmY+5ezX/n95S7gQdMi
-bA74/ID2+KsCXUY+HNNUQqFpyK67S09A6r0ZwPNUDbLgGnmCZRMDBPCHCbiK6e68
-d75v6f/0nY4AyAAAyqwAELIAn6sy4rzoPbalxcO33eW0fUG/ir41qqo8BQrWKyEd
-Q9gy8tGEqbLQ+B30bhIvBh10YtWq6fgFZJzWP6K8bBJGRvioFOyQHCaVH98UjwOm
-/AqMTg7LwNrpRJGcKLHzUf3gNSHQGHfzAgMBAAGjggEmMIIBIjAdBgNVHQ4EFgQU
-pRqJxaYdvv3XGEECUqj7DJJ8ptswgfIGA1UdIwSB6jCB54AUpRqJxaYdvv3XGEEC
-Uqj7DJJ8ptuhgcOkgcAwgb0xCzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlCcnlnZ2xh
-bmQxDzANBgNVBAcTBk9lbGRhbDEkMCIGA1UEChMbUm95YWwgU3dlZGlzaCBCZWVy
-IFNxdWFkcm9uMRIwEAYDVQQLEwlJbnRlcm5ldHoxJzAlBgNVBAMTHlJveWFsIFN3
-ZWRpc2ggQmVlciBTcXVhZHJvbiBDQTEmMCQGCSqGSIb3DQEJARYXaG9zdG1hc3Rl
-ckBpcHJlZGF0b3Iuc2WCCQCnnuGTDKb4czAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4IBAQB8nxZJaTvMMoSG47jD2w31zt9o6nSx8XJKop/0rMMHKBe1QBUw
-/n3clGwYxBW8mTnrXHhmJkwJzA0Vh525+dkF28E0I+DSigKUXEewIZtKjADYSxaG
-M+4272enbJ86JeXUhN8oF9TT+LKgMBgtt9yX5o63Ek6QOKwovH5kemDOVJmwae9p
-tXQEWfCPDFMc7VfSxS4BDBVinRWeMWZs+2AWeWu2CMsjcx7+B+kPbBCzfANanFDD
-CZEQON4pEpfK2XErhOudKEJGCl7psH+9Ex//pqsUS43nVN/4sqydiwbi+wQuUI3P
-BYtvqPnWdjIdf2ayAQQCWliAx9+P03vbef6y
------END CERTIFICATE-----
-</ca>
-
-<tls-auth>
------BEGIN OpenVPN Static key V1-----
-03f7b2056b9dc67aa79c59852cb6b35a
-a3a15c0ca685ca76890bbb169e298837
-2bdc904116f5b66d8f7b3ea6a5ff05cb
-fc4f4889d702d394710e48164b28094f
-a0e1c7888d471da39918d747ca4bbc2f
-285f676763b5b8bee9bc08e4b5a69315
-d2ff6b9f4b38e6e2e8bcd05c8ac33c5c
-56c4c44dbca35041b67e2374788f8977
-7ad4ab8e06cd59e7164200dfbadb942a
-351a4171ab212c23bee1920120f81205
-efabaa5e34619f13adbe58b6c83536d3
-0d34e6466feabdd0e63b39ad9bb1116b
-37fafb95759ab9a15572842f70e7cba9
-69700972a01b21229eba487745c091dd
-5cd6d77bdc7a54a756ffe440789fd39e
-97aa9abe2749732b7262f82e4097bee3
------END OpenVPN Static key V1-----
-</tls-auth>
diff --git a/share/provision/njalla b/share/provision/njalla-openvpn
index 9598d8c..eb8d1f4 100755
--- a/share/provision/njalla
+++ b/share/provision/njalla-openvpn
@@ -27,13 +27,13 @@ MIRROR="$3"
APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
# Provision the basic stuff
-$DIRNAME/vpn $HOSTNAME $DOMAIN $MIRROR
+$DIRNAME/openvpn $HOSTNAME $DOMAIN $MIRROR
# Firewall
$APT_INSTALL ferm ulogd2 ulogd2-pcap
-sudo cp $DIRNAME/files/njalla/etc/ferm/ferm.conf /etc/ferm
-sudo cp $DIRNAME/files/njalla/etc/udev/rules.d/81-vpn-firewall.rules /etc/udev/rules.d
-sudo cp $DIRNAME/files/njalla/usr/local/bin/fermreload.sh /usr/local/bin
+sudo cp $DIRNAME/files/njalla-openvpn/etc/ferm/ferm.conf /etc/ferm
+sudo cp $DIRNAME/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules /etc/udev/rules.d
+sudo cp $DIRNAME/files/njalla-openvpn/usr/local/bin/fermreload.sh /usr/local/bin
sudo chmod 555 /usr/local/bin/fermreload.sh
sudo sed -i -e 's/^ENABLED=.*$/ENABLED="yes"/' /etc/default/ferm
sudo service ferm restart
diff --git a/share/provision/njalla-wireguard b/share/provision/njalla-wireguard
new file mode 100755
index 0000000..fe3d7fe
--- /dev/null
+++ b/share/provision/njalla-wireguard
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+#
+# Full desktop provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/wireguard $HOSTNAME $DOMAIN $MIRROR
+
+# Firewall
+#$APT_INSTALL ferm ulogd2 ulogd2-pcap
+#sudo cp $DIRNAME/files/njalla-wireguard/etc/ferm/ferm.conf /etc/ferm
+#sudo cp $DIRNAME/files/njalla-wireguard/etc/udev/rules.d/81-vpn-firewall.rules /etc/udev/rules.d
+#sudo cp $DIRNAME/files/njalla-wireguard/usr/local/bin/fermreload.sh /usr/local/bin
+#sudo chmod 555 /usr/local/bin/fermreload.sh
+#sudo sed -i -e 's/^ENABLED=.*$/ENABLED="yes"/' /etc/default/ferm
+#sudo service ferm restart
+
+# Njalla
+echo "Please configure /etc/wireguard/ng0.conf"
diff --git a/share/provision/vpn b/share/provision/openvpn
index 5722c3e..5722c3e 100755
--- a/share/provision/vpn
+++ b/share/provision/openvpn
diff --git a/share/provision/web-basic b/share/provision/web-basic
index 4228d36..e61309a 100755
--- a/share/provision/web-basic
+++ b/share/provision/web-basic
@@ -34,7 +34,7 @@ echo "Installing additional web packages..."
$APT_INSTALL firefox-esr chromium
# Use addons.mozilla.org version instead
-sudo apt get remove -y webext-treestyletab
+sudo apt-get remove -y webext-treestyletab
# Mozilla configuration
# Create this config using "cd $HOME && /bin/tar jcvf mozilla.tar.bz2 .mozilla"
diff --git a/share/provision/wireguard b/share/provision/wireguard
new file mode 100755
index 0000000..0aad2c9
--- /dev/null
+++ b/share/provision/wireguard
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+#
+# Full desktop provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/web-full $HOSTNAME $DOMAIN $MIRROR
+
+# Install OpenVPN and dnsutils (which provides nslookup)
+$APT_INSTALL wireguard-tools resolvconf dnsutils curl
+
+# Use a stacked window manager to reduce browser fingerprinting
+$DIRNAME/openbox