From 606a6f70a418dc02fc2cf51f6b240adf5c11cbb1 Mon Sep 17 00:00:00 2001 From: Manevolent Date: Tue, 21 Sep 2021 12:41:01 -0600 Subject: [PATCH 1/7] Update README.md --- README.md | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 9eda744..59b4a6e 100644 --- a/README.md +++ b/README.md @@ -4,12 +4,32 @@ This is the semi-official, testing Lixonet EE repository. Custom configurations should be supplied in a `lixonet.conf` file in the `name=value` format, such as your subnet. Additionally, a tinc keypair is also be required. +# Setup, Installation, and Updating + +#### Prerequisites/Setup: + +1. `eth0` is the **LAN** or **WAN** interface supporting external routing, DNS, etc., and is the **bridged** interface to a router that will statically route the entire desired network subnet (i.e. x.x.0.0/21) through it. You may also have an `eth1` (and so on, so forth) that you statically configure for your entire, wide subnet (i.e. x.x.0.0/21) if you want to use two physical adapters. If you do have more than one interface, make sure that `internal_gateway` is set to the router IP address that can route your personal Lixonet subnets, and not your WAN gateway (unless they're the same). +2. `tun` and `tap` are in `/etc/modules` to load at boot (https://www.cyberciti.biz/faq/linux-how-to-load-a-kernel-module-automatically-at-boot-time/) and the system has been rebooted afterwards. +3. IPv4 forwarding is on: `sysctl -w net.ipv4.ip_forward=1` +4. Clone this repository: `git clone ` +5. `mkdir /etc/lixonet/(mesh)/` +6. Fill out `/etc/lixonet/(mesh)lixonet.conf` (see: **Configuration options**) +7. Supply `/etc/lixonet/(mesh)/tinc.key` +8. Supply `/etc/lixonet/id_rsa` and `/etc/lixonet/(yournetwork)/id_rsa` + **Generating keypairs for tinc (`tinc.key`)**: Source: https://www.tinc-vpn.org/documentation/Generating-keypairs.html Run: `tincd -n lixonet -K` +#### Install/Update: + +1. Read and follow the prerequisites above and make sure you are ready to install. +2. Clone or navigate to a cloned repository folder you already have. +3. Run `chmod +x install.sh && ./install.sh` +4. Enjoy! + # Configuration options #### Location @@ -146,22 +166,3 @@ These settings are optional, and are already defaulted to general network common * `bind_forward_address`: The overridden DNS server IP address to forward all requests for your own domain to. Defaults to the value of `internal_gateway`, which is proper in most if not all cases. Your BIND zone is automatically converted from your `tinc_peer_name` (i.e. `lkwco_mane_lixo` becomes `lkwco.mane.lixo`). * `tld`: The network-wide TLD to use. Defaults to `lixo`. - -# Setup, Installation, and Updating - -#### Prerequisites/Setup: - -1. `eth0` is the **LAN** or **WAN** interface supporting external routing, DNS, etc., and is the **bridged** interface to a router that will statically route the entire desired network subnet (i.e. x.x.0.0/21) through it. You may also have an `eth1` (and so on, so forth) that you statically configure for your entire, wide subnet (i.e. x.x.0.0/21) if you want to use two physical adapters. If you do have more than one interface, make sure that `internal_gateway` is set to the router IP address that can route your personal Lixonet subnets, and not your WAN gateway (unless they're the same). -2. `tun` and `tap` are in `/etc/modules` to load at boot (https://www.cyberciti.biz/faq/linux-how-to-load-a-kernel-module-automatically-at-boot-time/) and the system has been rebooted afterwards. -3. IPv4 forwarding is on: `sysctl -w net.ipv4.ip_forward=1` -4. Clone this repository: `git clone ` -5. `mkdir /etc/lixonet/(mesh)/` -6. Fill out `/etc/lixonet/(mesh)lixonet.conf` (see: **Configuration options**) -7. Supply `/etc/lixonet/(mesh)/tinc.key` - -#### Install/Update: - -You should **no longer** need to run `build.sh` directly. Instead, use a "self-configuring" Docker container to make your life easier. - -1. Clone or navigate to a cloned repository folder you already have. -2. Run `git clean -f -d && git reset --hard && git pull origin master && docker build -t lixonet-ee . && docker run --rm -it -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /var/run/docker.sock:/var/run/docker.sock lixonet-ee` From f8472421131d1571bb447be5f595bbae1ebd0055 Mon Sep 17 00:00:00 2001 From: Manevolent Date: Tue, 21 Sep 2021 12:45:50 -0600 Subject: [PATCH 2/7] Update README.md --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.md b/README.md index 59b4a6e..56530cd 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ Custom configurations should be supplied in a `lixonet.conf` file in the `name=v 6. Fill out `/etc/lixonet/(mesh)lixonet.conf` (see: **Configuration options**) 7. Supply `/etc/lixonet/(mesh)/tinc.key` 8. Supply `/etc/lixonet/id_rsa` and `/etc/lixonet/(yournetwork)/id_rsa` +9. Supply `/etc/lixonet/known_hosts` **Generating keypairs for tinc (`tinc.key`)**: @@ -23,6 +24,21 @@ Source: https://www.tinc-vpn.org/documentation/Generating-keypairs.html Run: `tincd -n lixonet -K` +**Generating SSH keys (`id_rsa`)**: + +1. I recommend PuTTYgen (https://www.puttygen.com/) on Windows, ssh-genkey on Linux. +2. Generate at least **two** keys. One will be for `lixonet-ee`, one will be for whichever repositories you're a part of (i.e. `teamlixo.mesh`). +3. Share the public key (starting with something like `ssh-rsa`) with the repository owner(s) listed below so they can add a "Deploy key" to the repository for you. + +**Setting `known_hosts`** + +For GitHub, at this time the contents would be: +``` +|1|hW/UPBCtfR0M/2GejxakBvoqGNY=|DXk4SRaJXzawNdHyBe9mrxvWYvk= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== +``` + +Don't take my word for it, see: https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints + #### Install/Update: 1. Read and follow the prerequisites above and make sure you are ready to install. From 1be8902cd88afcb33ed7f69793c7048fc6fbc5f8 Mon Sep 17 00:00:00 2001 From: Manevolent Date: Tue, 21 Sep 2021 12:47:32 -0600 Subject: [PATCH 3/7] Update README.md --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 56530cd..af68bf7 100644 --- a/README.md +++ b/README.md @@ -12,11 +12,11 @@ Custom configurations should be supplied in a `lixonet.conf` file in the `name=v 2. `tun` and `tap` are in `/etc/modules` to load at boot (https://www.cyberciti.biz/faq/linux-how-to-load-a-kernel-module-automatically-at-boot-time/) and the system has been rebooted afterwards. 3. IPv4 forwarding is on: `sysctl -w net.ipv4.ip_forward=1` 4. Clone this repository: `git clone ` -5. `mkdir /etc/lixonet/(mesh)/` -6. Fill out `/etc/lixonet/(mesh)lixonet.conf` (see: **Configuration options**) -7. Supply `/etc/lixonet/(mesh)/tinc.key` -8. Supply `/etc/lixonet/id_rsa` and `/etc/lixonet/(yournetwork)/id_rsa` -9. Supply `/etc/lixonet/known_hosts` +5. `mkdir /etc/lixonet/(mesh)/` where `(mesh)` is something like `teamlixo` if you're planning to use `teamlixo.mesh`. +6. Fill out `/etc/lixonet/(mesh)/lixonet.conf` (see: **Configuration options**) +7. Supply `/etc/lixonet/(mesh)/tinc.key` (see: **Generating keypairs for tinc**) +8. Supply `/etc/lixonet/id_rsa` and `/etc/lixonet/(yournetwork)/id_rsa` (see: **Generating SSH keys**) +9. Supply `/etc/lixonet/known_hosts` (see: **Setting `known_hosts`**) **Generating keypairs for tinc (`tinc.key`)**: From 18ddd42358da42d7d631d05c6b550e98b75e53d1 Mon Sep 17 00:00:00 2001 From: Manevolent Date: Tue, 21 Sep 2021 12:48:07 -0600 Subject: [PATCH 4/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index af68bf7..cb9762e 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Custom configurations should be supplied in a `lixonet.conf` file in the `name=v 5. `mkdir /etc/lixonet/(mesh)/` where `(mesh)` is something like `teamlixo` if you're planning to use `teamlixo.mesh`. 6. Fill out `/etc/lixonet/(mesh)/lixonet.conf` (see: **Configuration options**) 7. Supply `/etc/lixonet/(mesh)/tinc.key` (see: **Generating keypairs for tinc**) -8. Supply `/etc/lixonet/id_rsa` and `/etc/lixonet/(yournetwork)/id_rsa` (see: **Generating SSH keys**) +8. Supply `/etc/lixonet/id_rsa` and `/etc/lixonet/(mesh)/id_rsa` for each mesh you'll be connected to (see: **Generating SSH keys**). Remember each id_rsa is unique! 9. Supply `/etc/lixonet/known_hosts` (see: **Setting `known_hosts`**) **Generating keypairs for tinc (`tinc.key`)**: From 7be6c9ad8613a211a9e5e40f22a5bbac4573caa1 Mon Sep 17 00:00:00 2001 From: Manevolent Date: Tue, 21 Sep 2021 12:49:47 -0600 Subject: [PATCH 5/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cb9762e..7be4c23 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ Run: `tincd -n lixonet -K` 1. I recommend PuTTYgen (https://www.puttygen.com/) on Windows, ssh-genkey on Linux. 2. Generate at least **two** keys. One will be for `lixonet-ee`, one will be for whichever repositories you're a part of (i.e. `teamlixo.mesh`). -3. Share the public key (starting with something like `ssh-rsa`) with the repository owner(s) listed below so they can add a "Deploy key" to the repository for you. +3. Share the public keys (starting with something like `ssh-rsa`) with the repository owner(s) listed below so they can add a "Deploy key" to the repository for you. **Setting `known_hosts`** From c0b7e592e4f953f81569d20da9aee9823f30a14d Mon Sep 17 00:00:00 2001 From: Manevolent Date: Tue, 21 Sep 2021 12:52:40 -0600 Subject: [PATCH 6/7] Update run.sh --- run.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/run.sh b/run.sh index c26dbe3..dd28b41 100644 --- a/run.sh +++ b/run.sh @@ -32,6 +32,7 @@ do continue fi + git reset --hard >> $log 2>&1 git checkout $latest_commit >> $log 2>&1 if [ $? -ne 0 ]; then echo "Git checkout failed. For more details, see $log" @@ -53,4 +54,4 @@ do fi ) sleep $delay -done \ No newline at end of file +done From 0357d14fa48198b35c7bae4408a053cad56cba82 Mon Sep 17 00:00:00 2001 From: Manevolent Date: Tue, 21 Sep 2021 13:31:07 -0600 Subject: [PATCH 7/7] Update install.sh --- install.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 19bb802..fd1e836 100644 --- a/install.sh +++ b/install.sh @@ -34,12 +34,14 @@ chmod -R a+X /etc/tinc/ echo "Setting exclusive read access to SSH keys." chmod -v 400 /etc/lixonet/id_rsa chmod -v 400 /etc/lixonet/*/id_rsa +chmod -v 400 /etc/lixonet/known_hosts stat /etc/lixonet/id_rsa stat /etc/lixonet/*/id_rsa +stat /etc/lixonet/known_hosts echo "Enabling write access to /etc/lixonet/version." touch /etc/lixonet/version chmod 660 /etc/lixonet/version stat /etc/lixonet/version -docker build -t lixonet-ee . && docker run --restart always -d -e DOCKER_HOST=unix:///var/run/docker.sock -e GIT_URL=$ORIGIN -v /var/run/docker.sock:/var/run/docker.sock -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /etc/lixonet/known_hosts:/home/lixonet/.ssh/known_hosts -v /etc/lixonet/id_rsa:/home/lixonet/.ssh/id_rsa lixonet-ee \ No newline at end of file +docker build -t lixonet-ee . && docker run --restart always -d -e DOCKER_HOST=unix:///var/run/docker.sock -e GIT_URL=$ORIGIN -v /var/run/docker.sock:/var/run/docker.sock -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /etc/lixonet/known_hosts:/home/lixonet/.ssh/known_hosts -v /etc/lixonet/id_rsa:/home/lixonet/.ssh/id_rsa lixonet-ee