diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2017-05-12 10:13:55 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2017-05-12 10:13:55 -0300 |
commit | 99c856041bcad326cb9503dd7670f9b37efea7be (patch) | |
tree | 74f790fbbc48b697a6fa23d24db0222bdfa03eb3 /share/provision | |
parent | e463915f07745ecda9eb0d2d61332fafe17b7f62 (diff) | |
download | kvmx-99c856041bcad326cb9503dd7670f9b37efea7be.tar.gz kvmx-99c856041bcad326cb9503dd7670f9b37efea7be.tar.bz2 |
Adds some VPN provisioners
Diffstat (limited to 'share/provision')
-rwxr-xr-x | share/provision/bitmask | 37 | ||||
-rwxr-xr-x | share/provision/desktop-full | 2 | ||||
-rw-r--r-- | share/provision/files/ipredator/etc/openvpn/IPredator-CLI-Password.conf | 93 | ||||
-rwxr-xr-x | share/provision/ipredator | 40 | ||||
-rwxr-xr-x | share/provision/vpn | 33 |
5 files changed, 204 insertions, 1 deletions
diff --git a/share/provision/bitmask b/share/provision/bitmask new file mode 100755 index 0000000..f7135cb --- /dev/null +++ b/share/provision/bitmask @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# +# Full desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/vpn $HOSTNAME $DOMAIN $MIRROR + +# Bitmask +# See https://bitmask.net/en/install/linux +$APT_INSTALL leap-archive-keyring +echo "deb http://deb.bitmask.net/debian stretch main" | sudo tee -a /etc/apt/sources.list.d/bitmask.list > /dev/null +sudo apt update +$APT_INSTALL bitmask diff --git a/share/provision/desktop-full b/share/provision/desktop-full index 290e62f..b4dce46 100755 --- a/share/provision/desktop-full +++ b/share/provision/desktop-full @@ -29,6 +29,6 @@ APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" # Provision the basic stuff $DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR -# Install cinnamon +# Install awesome apps/metadot/metadot load awesome apps/metadot/metadot deps awesome diff --git a/share/provision/files/ipredator/etc/openvpn/IPredator-CLI-Password.conf b/share/provision/files/ipredator/etc/openvpn/IPredator-CLI-Password.conf new file mode 100644 index 0000000..210cbdc --- /dev/null +++ b/share/provision/files/ipredator/etc/openvpn/IPredator-CLI-Password.conf @@ -0,0 +1,93 @@ +# VER: 0.25 +client +dev tun0 +proto udp +remote pw.openvpn.ipredator.se 1194 +remote pw.openvpn.ipredator.me 1194 +remote pw.openvpn.ipredator.es 1194 +resolv-retry infinite +nobind + +auth-user-pass /etc/openvpn/IPredator.auth +auth-retry nointeract + +ca [inline] + +tls-client +tls-auth [inline] +ns-cert-type server +remote-cert-tls server +remote-cert-ku 0x00e0 + +keepalive 10 30 +cipher AES-256-CBC +persist-key +comp-lzo +tun-mtu 1500 +mssfix 1200 +passtos +verb 3 +replay-window 512 60 +mute-replay-warnings +ifconfig-nowarn + +script-security 2 +up /etc/openvpn/update-resolv-conf +down /etc/openvpn/update-resolv-conf + +# Disable this if your system does not support it! +tls-version-min 1.2 + +<ca> +-----BEGIN CERTIFICATE----- +MIIFJzCCBA+gAwIBAgIJAKee4ZMMpvhzMA0GCSqGSIb3DQEBBQUAMIG9MQswCQYD +VQQGEwJTRTESMBAGA1UECBMJQnJ5Z2dsYW5kMQ8wDQYDVQQHEwZPZWxkYWwxJDAi +BgNVBAoTG1JveWFsIFN3ZWRpc2ggQmVlciBTcXVhZHJvbjESMBAGA1UECxMJSW50 +ZXJuZXR6MScwJQYDVQQDEx5Sb3lhbCBTd2VkaXNoIEJlZXIgU3F1YWRyb24gQ0Ex +JjAkBgkqhkiG9w0BCQEWF2hvc3RtYXN0ZXJAaXByZWRhdG9yLnNlMB4XDTEyMDgw +NDIxMTAyNVoXDTIyMDgwMjIxMTAyNVowgb0xCzAJBgNVBAYTAlNFMRIwEAYDVQQI +EwlCcnlnZ2xhbmQxDzANBgNVBAcTBk9lbGRhbDEkMCIGA1UEChMbUm95YWwgU3dl +ZGlzaCBCZWVyIFNxdWFkcm9uMRIwEAYDVQQLEwlJbnRlcm5ldHoxJzAlBgNVBAMT +HlJveWFsIFN3ZWRpc2ggQmVlciBTcXVhZHJvbiBDQTEmMCQGCSqGSIb3DQEJARYX +aG9zdG1hc3RlckBpcHJlZGF0b3Iuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCp5M22fZtwtIh6Mu9IwC3N2tEFqyNTEP1YyXasjf+7VNISqSpFy+tf +DsHAkiE9Wbv8KFM9bOoVK1JjdDsetxArm/RNsUWm/SNyVbmY+5ezX/n95S7gQdMi +bA74/ID2+KsCXUY+HNNUQqFpyK67S09A6r0ZwPNUDbLgGnmCZRMDBPCHCbiK6e68 +d75v6f/0nY4AyAAAyqwAELIAn6sy4rzoPbalxcO33eW0fUG/ir41qqo8BQrWKyEd +Q9gy8tGEqbLQ+B30bhIvBh10YtWq6fgFZJzWP6K8bBJGRvioFOyQHCaVH98UjwOm +/AqMTg7LwNrpRJGcKLHzUf3gNSHQGHfzAgMBAAGjggEmMIIBIjAdBgNVHQ4EFgQU +pRqJxaYdvv3XGEECUqj7DJJ8ptswgfIGA1UdIwSB6jCB54AUpRqJxaYdvv3XGEEC +Uqj7DJJ8ptuhgcOkgcAwgb0xCzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlCcnlnZ2xh +bmQxDzANBgNVBAcTBk9lbGRhbDEkMCIGA1UEChMbUm95YWwgU3dlZGlzaCBCZWVy +IFNxdWFkcm9uMRIwEAYDVQQLEwlJbnRlcm5ldHoxJzAlBgNVBAMTHlJveWFsIFN3 +ZWRpc2ggQmVlciBTcXVhZHJvbiBDQTEmMCQGCSqGSIb3DQEJARYXaG9zdG1hc3Rl +ckBpcHJlZGF0b3Iuc2WCCQCnnuGTDKb4czAMBgNVHRMEBTADAQH/MA0GCSqGSIb3 +DQEBBQUAA4IBAQB8nxZJaTvMMoSG47jD2w31zt9o6nSx8XJKop/0rMMHKBe1QBUw +/n3clGwYxBW8mTnrXHhmJkwJzA0Vh525+dkF28E0I+DSigKUXEewIZtKjADYSxaG +M+4272enbJ86JeXUhN8oF9TT+LKgMBgtt9yX5o63Ek6QOKwovH5kemDOVJmwae9p +tXQEWfCPDFMc7VfSxS4BDBVinRWeMWZs+2AWeWu2CMsjcx7+B+kPbBCzfANanFDD +CZEQON4pEpfK2XErhOudKEJGCl7psH+9Ex//pqsUS43nVN/4sqydiwbi+wQuUI3P +BYtvqPnWdjIdf2ayAQQCWliAx9+P03vbef6y +-----END CERTIFICATE----- +</ca> + +<tls-auth> +-----BEGIN OpenVPN Static key V1----- +03f7b2056b9dc67aa79c59852cb6b35a +a3a15c0ca685ca76890bbb169e298837 +2bdc904116f5b66d8f7b3ea6a5ff05cb +fc4f4889d702d394710e48164b28094f +a0e1c7888d471da39918d747ca4bbc2f +285f676763b5b8bee9bc08e4b5a69315 +d2ff6b9f4b38e6e2e8bcd05c8ac33c5c +56c4c44dbca35041b67e2374788f8977 +7ad4ab8e06cd59e7164200dfbadb942a +351a4171ab212c23bee1920120f81205 +efabaa5e34619f13adbe58b6c83536d3 +0d34e6466feabdd0e63b39ad9bb1116b +37fafb95759ab9a15572842f70e7cba9 +69700972a01b21229eba487745c091dd +5cd6d77bdc7a54a756ffe440789fd39e +97aa9abe2749732b7262f82e4097bee3 +-----END OpenVPN Static key V1----- +</tls-auth> diff --git a/share/provision/ipredator b/share/provision/ipredator new file mode 100755 index 0000000..e8bba69 --- /dev/null +++ b/share/provision/ipredator @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +# +# Full desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/vpn $HOSTNAME $DOMAIN $MIRROR + +# IPredator +# See https://www.ipredator.se/guide/openvpn/debian/native +sudo cp $DIRNAME/files/ipredator/etc/openvpn/IPredator-CLI-Password.conf /etc/openvpn +sudo touch /etc/openvpn/IPredator.auth +sudo chown root:root /etc/openvpn/IPredator-CLI-Password.conf +sudo chown root:root /etc/openvpn/IPredator.auth +sudo chmod 400 /etc/openvpn/IPredator-CLI-Password.conf +sudo chmod 400 /etc/openvpn/IPredator.auth +echo "Please set user/password at /etc/openvpn/IPredator.auth" diff --git a/share/provision/vpn b/share/provision/vpn new file mode 100755 index 0000000..e379f62 --- /dev/null +++ b/share/provision/vpn @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +# +# Full desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/desktop-full $HOSTNAME $DOMAIN $MIRROR + +# Install OpenVPN +$APT_INSTALL openvpn |