#!/bin/bash set -e INTERFACE="enp5s0" LOCAL_IP_SUFFIX=100 WIREGUARD_LOCAL_PATH="./wes-com_rak_wireguard.wei" WIREGUARD_REMOTE_PATH=" /mnt/mmcblk0p1/wes/wes-com_rak_wireguard.wei" PUBLIC_KEY_PATH="/root/.ssh/id_ed25519.pub" PUBLIC_KEY=$(cat $PUBLIC_KEY_PATH) REMOTE_USER="root" SSH_OPTIONS="-o StrictHostKeyChecking=no" ROOT_PASSWORD="Metro@LGW112%" NEW_HASH=$(mkpasswd -m md5 $ROOT_PASSWORD) HOSTNAME="Sieniawa_Brama3" WIFI_SSID='MetroTechnika' WIFI_ENCRYPTION='psk2' WIFI_KEY='Metro@wifi^997^' WGS_ENDPOINT_HOST="vpn.metrotechnika.com" WGS_ENDPOINT_PORT="13231" WGS_PUBLIC_KEY="yBACTC5+Bxfcd5HvUTALYRVJSWblGTIz23cXaub+KXs=" WGS_ALLOWED_IPS="0.0.0.0/0" WGS_ROUTE_ALL_TRAFFIC="1" VPN_PRIVATE_KEY=$(wg genkey) VPN_PUBLIC_KEY=$(echo "$VPN_PRIVATE_KEY" | wg pubkey) VPN_IP_ADDRESS="172.25.0.13/32" VPN_DNS="8.8.8.8" LORAWAN_TTN_HOST="10.130.0.19" echo "🔎 Pobieram MAC adres swojego interfejsu..." # Sprawdzamy, czy podano argument ABCD if [ $# -eq 1 ]; then HEX=$1 # Sprawdzamy czy długość to dokładnie 4 znaki hex if [[ ! $HEX =~ ^[0-9A-Fa-f]{4}$ ]]; then echo "❌ Podany parametr musi być 4-znakowym ciągiem heksadecymalnym (np. ABCD)." exit 1 fi LAST_B1="${HEX:0:2}" LAST_B2="${HEX:2:2}" echo "✅ Używam ręcznie podanego bajtu MAC: $LAST_B1:$LAST_B2" else echo "🔎 Pobieram MAC adres swojego interfejsu..." OWN_MAC=$(cat /sys/class/net/${INTERFACE}/address | tr '[:lower:]' '[:upper:]') echo "✅ Własny MAC interfejsu $INTERFACE: $OWN_MAC" echo "🎧 Podsłuchuję DHCP pakiety, czekam na bramę..." DEVICE_MAC=$(timeout 15 tcpdump -i $INTERFACE -nn -l -v udp port 67 or udp port 68 \ 2>/dev/null | \ grep -oEi '([0-9a-f]{2}:){5}[0-9a-f]{2}' | \ grep -Fvi "$OWN_MAC" | \ sort -u | \ head -n1) if [ -z "$DEVICE_MAC" ]; then echo "❌ Nie udało się znaleźć żadnego pakietu DHCP poza własnym interfejsem." exit 1 fi echo "✅ Znaleziony MAC bramy: $DEVICE_MAC" IFS=':' read -ra mac_bytes <<< "$DEVICE_MAC" LAST_B1=${mac_bytes[4]} LAST_B2=${mac_bytes[5]} fi LAST_B1_DEC=$((16#${LAST_B1})) LAST_B2_DEC=$((16#${LAST_B2})) GATEWAY_IP="169.254.${LAST_B1_DEC}.${LAST_B2_DEC}" LOCAL_IP="169.254.${LAST_B1_DEC}.${LOCAL_IP_SUFFIX}" echo "🌐 Gateway IP: $GATEWAY_IP" echo "🌐 Local IP: $LOCAL_IP" echo "⚙️ Konfiguruję interfejs $INTERFACE..." # Ustawiamy IP lokalne sudo ip addr flush dev $INTERFACE sudo ip addr add ${LOCAL_IP}/24 dev $INTERFACE sudo ip link set $INTERFACE up echo "✅ Interfejs skonfigurowany." # Wgrywamy klucz publiczny ed25519 #echo "🔑 Wgrywam klucz publiczny ed25519..." ssh $SSH_OPTIONS ${REMOTE_USER}@${GATEWAY_IP} "\ echo \"$PUBLIC_KEY)\" >> /etc/dropbear/authorized_keys" echo "✅ Klucz publiczny wgrany." DevEUI=$(ssh $SSH_OPTIONS ${REMOTE_USER}@${GATEWAY_IP} "uci get einfo.dev.gw_eui") echo "✅ DevEUI urządzenia: $DevEUI" # Zmieniam haslo root i tworze katalog wes ssh $SSH_OPTIONS ${REMOTE_USER}@${GATEWAY_IP} "\ mkdir -p /mnt/mmcblk0p1/wes/ &&\ sed -i -E 's|^(root:)[^:]*:|\1${NEW_HASH}:|' /etc/shadow" #Instalacja Wireguard #echo "📤 Kopiuję plik wireguard na urządzenie..." ssh $SSH_OPTIONS ${REMOTE_USER}@${GATEWAY_IP} "cat > ${WIREGUARD_REMOTE_PATH}" < $WIREGUARD_LOCAL_PATH echo "✅ Plik WIREGUARD skopiowany." ssh $SSH_OPTIONS ${REMOTE_USER}@${GATEWAY_IP} "\ python3 /usr/bin/ext_installer.py local" echo "✅ Plik WIREGUARD zainstalowany." echo "Konfiguracja UCI: " ssh $SSH_OPTIONS ${REMOTE_USER}@${GATEWAY_IP} "\ uci set wireless.ap.ssid=${WIFI_SSID} && \ uci set wireless.ap.encryption=${WIFI_ENCRYPTION} && \ uci set wireless.ap.key=${WIFI_KEY} && \ uci set lorawan.network.log_level='5' && \ uci set lorawan.network.mode='packet_forwarder' && \ uci set lorawan.restriction.lbt_reg='ETSI' && \ uci set lorawan.restriction.regions='EU868' && \ uci set lora_pkt_fwd.gateway_conf.data_recovery='0' && \ uci set lora_pkt_fwd.gateway_conf.dgram_mtu='1400' && \ uci set lora_pkt_fwd.gateway_conf.fake_gps='0' && \ uci set lora_pkt_fwd.gateway_conf.filter_enable='0' && \ uci set lora_pkt_fwd.gateway_conf.proto='udp' && \ uci set lora_pkt_fwd.gateway_conf.server_address=${LORAWAN_TTN_HOST} && \ uci set lora_pkt_fwd.gateway_conf.white_enable='0' && \ uci set lora_pkt_fwd.sx126x.lbt_rssi_target='-70' && \ uci set lora_pkt_fwd.sx1301_0.chan_FSK_enable='0' && \ uci set lora_pkt_fwd.sx1301_0.chan_Lora_std_enable='0' && \ uci set lora_pkt_fwd.sx1301_0.chan_multiSF_5_if='-200000' && \ uci set lora_pkt_fwd.sx1301_0.chan_multiSF_6_if='0' && \ uci set lora_pkt_fwd.sx1301_0.chan_multiSF_7_if='200000' && \ uci set lora_pkt_fwd.sx1301_0.ftimestamp_enable='1' && \ uci set lora_pkt_fwd.sx1301_0.radio_0_freq='866300000' && \ uci set lora_pkt_fwd.sx1301_0.radio_1_freq='867100000' && \ uci set lora_pkt_fwd.sx1301_1.chan_FSK_enable='1' && \ uci set lora_pkt_fwd.sx1301_1.chan_FSK_if='250000' && \ uci set lora_pkt_fwd.sx1301_1.chan_Lora_std_enable='1' && \ uci set lora_pkt_fwd.sx1301_1.chan_Lora_std_if='-250000' && \ uci set lora_pkt_fwd.sx1301_1.chan_multiSF_0_if='-400000' && \ uci set lora_pkt_fwd.sx1301_1.chan_multiSF_1_if='-200000' && \ uci set lora_pkt_fwd.sx1301_1.chan_multiSF_2_if='0' && \ uci set lora_pkt_fwd.sx1301_1.chan_multiSF_3_if='200000' && \ uci set lora_pkt_fwd.sx1301_1.chan_multiSF_3_radio='0' && \ uci set lora_pkt_fwd.sx1301_1.chan_multiSF_4_if='400000' && \ uci set lora_pkt_fwd.sx1301_1.chan_multiSF_4_radio='0' && \ uci set lora_pkt_fwd.sx1301_1.chan_multiSF_5_if='-50000' && \ uci set lora_pkt_fwd.sx1301_1.ftimestamp_enable='1' && \ uci set lora_pkt_fwd.sx1301_1.radio_0_freq='867900000' && \ uci set lora_pkt_fwd.sx1301_1.radio_1_freq='868550000' && \ uci set lorasrv.lorasrv.adr_margin='5' && \ uci set lorasrv.lorasrv.auth_enable='0' && \ uci set lorasrv.lorasrv.clean_session='1' && \ uci set lorasrv.lorasrv.DisableFcntCheck='0' && \ uci set lorasrv.lorasrv.dr_min='0' && \ uci set lorasrv.lorasrv.integration_enable='1' && \ uci set lorasrv.lorasrv.keepalive='10' && \ uci set lorasrv.lorasrv.mqtt_version='3.1' && \ uci set lorasrv.lorasrv.network_id='1' && \ uci set lorasrv.lorasrv.qos='1' && \ uci set lorasrv.lorasrv.RECEIVE_DELAY1='1' && \ uci set lorasrv.lorasrv.retain='0' && \ uci set lorasrv.lorasrv.Rx1DrOffset='0' && \ uci set lorasrv.lorasrv.stat_interval='600' && \ uci set lorasrv.lorasrv.status_interval='0' && \ uci set lorasrv.lorasrv.tls_mode='none' && \ uci set system.country.code='PL' && \ uci set network.wgserver=wireguard_vpn && \ uci set network.wgserver.endpoint_host=${WGS_ENDPOINT_HOST} && \ uci set network.wgserver.endpoint_port=${WGS_ENDPOINT_PORT} && \ uci set network.wgserver.public_key=${WGS_PUBLIC_KEY} && \ uci set network.wgserver.route_all_traffic=${WGS_ROUTE_ALL_TRAFFIC} && \ uci set network.wgserver.allowed_ips=${WGS_ALLOWED_IPS} && \ uci set network.wgserver.persistent_keepalive='30000' && \ uci set network.wgserver.route_allowed_ips='1' && \ uci set network.vpn=interface && \ uci set network.vpn.private_key=${VPN_PRIVATE_KEY} && \ uci set network.vpn.public_key=${VPN_PUBLIC_KEY} && \ uci set network.vpn.addresses=${VPN_IP_ADDRESS} && \ uci set network.vpn.proto='wireguard' && \ uci set network.vpn.dns=${VPN_DNS} && \ uci set network.vpn.disabled='0' && \ uci set system.@system[0].hostname=${HOSTNAME} && \ uci commit && \ /etc/init.d/network restart" echo "DevEUI: $DevEUI" >> $DevEUI".conf" echo "Hostname: $HOSTNAME" >>$DevEUI".conf" echo "ROOT_PASSWORD: $ROOT_PASSWORD" >> $DevEUI".conf" echo "WIFI_SSID: $WIFI_SSID" >> $DevEUI".conf" echo "WIFI_KEY: $WIFI_KEY" >> $DevEUI".conf" echo "WGS_PUBLIC_KEY: $WGS_PUBLIC_KEY" >> $DevEUI".conf" echo "Private key: $VPN_PRIVATE_KEY" >> $DevEUI".conf" echo "Public key: $VPN_PUBLIC_KEY" >> $DevEUI".conf" echo "VPN IP ADDRESS: $VPN_IP_ADDRESS" >> $DevEUI".conf" echo "LORAWAN TTN: $LORAWAN_TTN_HOST" >> $DevEUI".conf" echo "🎉 Wszystko gotowe!" cat $DevEUI".conf"