189 lines
7.2 KiB
Bash
189 lines
7.2 KiB
Bash
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
INTERFACE="enp5s0"
|
|
LOCAL_IP_SUFFIX=100
|
|
WIREGUARD_LOCAL_PATH="./wes-com_rak_wireguard.wei"
|
|
WIREGUARD_REMOTE_PATH=" /mnt/mmcblk0p1/wes/wes-com_rak_wireguard.wei"
|
|
PUBLIC_KEY_PATH="/root/.ssh/id_ed25519.pub"
|
|
PUBLIC_KEY=$(cat $PUBLIC_KEY_PATH)
|
|
REMOTE_USER="root"
|
|
SSH_OPTIONS="-o StrictHostKeyChecking=no"
|
|
NEW_HASH=$(mkpasswd -m md5 JebacPISiPO12%)
|
|
WIFI_SSID='MetroTechnika'
|
|
WIFI_ENCRYPTION='psk2'
|
|
WIFI_KEY='JebacPISiPO'
|
|
WGS_ENDPOINT_HOST="159.255.184.74"
|
|
WGS_ENDPOINT_PORT="13231"
|
|
WGS_PUBLIC_KEY="yBACTC5+Bxfcd5HvUTALYRVJSWblGTIz23cXaub+KXs="
|
|
WGS_ALLOWED_IPS="0.0.0.0/0"
|
|
WGS_ROUTE_ALL_TRAFFIC="1"
|
|
VPN_PRIVATE_KEY="sCsTjj9uPmKyY2sGmiBGCqAZ9C4crRMQqWY06JCjinI="
|
|
VPN_PUBLIC_KEY="HDBj656TWu/zNzb+QLLQmRW6JUNm9AIIqru8DHdnNAk="
|
|
VPN_IP_ADDRESS="172.25.0.3/32"
|
|
VPN_DNS="8.8.8.8"
|
|
LORAWAN_TTN_HOST="10.130.0.19"
|
|
HOSTNAME="Brama_test1"
|
|
echo "🔎 Pobieram MAC adres swojego interfejsu..."
|
|
|
|
OWN_MAC=$(cat /sys/class/net/${INTERFACE}/address | tr '[:lower:]' '[:upper:]')
|
|
|
|
echo "✅ Własny MAC interfejsu $INTERFACE: $OWN_MAC"
|
|
|
|
echo "🎧 Podsłuchuję DHCP pakiety, czekam na bramę..."
|
|
|
|
DEVICE_MAC=$(sudo timeout 60 tcpdump -i $INTERFACE -nn -l -v udp port 67 or udp port 68 \
|
|
2>/dev/null | \
|
|
grep -oEi '([0-9a-f]{2}:){5}[0-9a-f]{2}' | \
|
|
grep -vi "$OWN_MAC" | \
|
|
head -n1)
|
|
|
|
if [ -z "$DEVICE_MAC" ]; then
|
|
echo "❌ Nie udało się znaleźć żadnego pakietu DHCP poza własnym interfejsem."
|
|
exit 1
|
|
fi
|
|
|
|
echo "✅ Znaleziony MAC bramy: $DEVICE_MAC"
|
|
|
|
# Rozbij MAC na bajty
|
|
IFS=':' read -ra mac_bytes <<< "$DEVICE_MAC"
|
|
LAST_B1=${mac_bytes[4]}
|
|
LAST_B2=${mac_bytes[5]}
|
|
|
|
LAST_B1_DEC=$((16#${LAST_B1}))
|
|
LAST_B2_DEC=$((16#${LAST_B2}))
|
|
|
|
GATEWAY_IP="169.254.${LAST_B1_DEC}.${LAST_B2_DEC}"
|
|
LOCAL_IP="169.254.${LAST_B1_DEC}.${LOCAL_IP_SUFFIX}"
|
|
|
|
echo "🌐 Gateway IP: $GATEWAY_IP"
|
|
echo "🌐 Local IP: $LOCAL_IP"
|
|
|
|
echo "⚙️ Konfiguruję interfejs $INTERFACE..."
|
|
|
|
# Ustawiamy IP lokalne
|
|
sudo ip addr flush dev $INTERFACE
|
|
sudo ip addr add ${LOCAL_IP}/24 dev $INTERFACE
|
|
sudo ip link set $INTERFACE up
|
|
|
|
echo "✅ Interfejs skonfigurowany."
|
|
|
|
# Utrzymywanie IP przy restartach sieci
|
|
echo "🛡️ Uruchamiam watchdog, żeby IP nie zniknęło przy restartach sieci..."
|
|
|
|
nohup bash -c "
|
|
while true; do
|
|
ip addr show $INTERFACE | grep -q \"$LOCAL_IP\"
|
|
if [ \$? -ne 0 ]; then
|
|
echo \"[\$(date)] IP zniknął. Ustawiam ponownie...\"
|
|
sudo ip addr flush dev $INTERFACE
|
|
sudo ip addr add ${LOCAL_IP}/24 dev $INTERFACE
|
|
sudo ip link set $INTERFACE up
|
|
fi
|
|
sleep 5
|
|
done
|
|
" >/dev/null 2>&1 &
|
|
|
|
echo "✅ Watchdog uruchomiony w tle."
|
|
|
|
# Wgrywamy klucz publiczny ed25519
|
|
#echo "🔑 Wgrywam klucz publiczny ed25519..."
|
|
|
|
ssh $SSH_OPTIONS ${REMOTE_USER}@${GATEWAY_IP} "\
|
|
echo \"$PUBLIC_KEY)\" >> /etc/dropbear/authorized_keys"
|
|
echo "✅ Klucz publiczny wgrany."
|
|
|
|
DevEUI=$(ssh $SSH_OPTIONS ${REMOTE_USER}@${GATEWAY_IP} "uci get einfo.dev.gw_eui")
|
|
echo "✅ DevEUI urządzenia: $DevEUI"
|
|
|
|
# Zmieniam haslo root
|
|
ssh $SSH_OPTIONS ${REMOTE_USER}@${GATEWAY_IP} "\
|
|
sed -i -E 's|^(root:)[^:]*:|\1${NEW_HASH}:|' /etc/shadow"
|
|
|
|
#Instalacja Wireguard
|
|
#echo "📤 Kopiuję plik wireguard na urządzenie..."
|
|
ssh $SSH_OPTIONS ${REMOTE_USER}@${GATEWAY_IP} "cat > ${WIREGUARD_REMOTE_PATH}" < $WIREGUARD_LOCAL_PATH
|
|
echo "✅ Plik WIREGUARD skopiowany."
|
|
|
|
ssh $SSH_OPTIONS ${REMOTE_USER}@${GATEWAY_IP} "\
|
|
python3 /usr/bin/ext_installer.py local"
|
|
echo "✅ Plik WIREGUARD zainstalowany."
|
|
|
|
echo "Konfiguracja UCI: "
|
|
ssh $SSH_OPTIONS ${REMOTE_USER}@${GATEWAY_IP} "\
|
|
uci set wireless.ap.ssid=${WIFI_SSID} && \
|
|
uci set wireless.ap.encryption=${WIFI_ENCRYPTION} && \
|
|
uci set wireless.ap.key=${WIFI_KEY} && \
|
|
uci set lorawan.network.log_level='5' && \
|
|
uci set lorawan.network.mode='packet_forwarder' && \
|
|
uci set lorawan.restriction.lbt_reg='ETSI' && \
|
|
uci set lorawan.restriction.regions='EU868' && \
|
|
uci set lora_pkt_fwd.gateway_conf.data_recovery='0' && \
|
|
uci set lora_pkt_fwd.gateway_conf.dgram_mtu='1400' && \
|
|
uci set lora_pkt_fwd.gateway_conf.fake_gps='0' && \
|
|
uci set lora_pkt_fwd.gateway_conf.filter_enable='0' && \
|
|
uci set lora_pkt_fwd.gateway_conf.proto='udp' && \
|
|
uci set lora_pkt_fwd.gateway_conf.server_address=${LORAWAN_TTN_HOST} && \
|
|
uci set lora_pkt_fwd.gateway_conf.white_enable='0' && \
|
|
uci set lora_pkt_fwd.sx126x.lbt_rssi_target='-70' && \
|
|
uci set lora_pkt_fwd.sx1301_0.chan_FSK_enable='0' && \
|
|
uci set lora_pkt_fwd.sx1301_0.chan_Lora_std_enable='0' && \
|
|
uci set lora_pkt_fwd.sx1301_0.chan_multiSF_5_if='-200000' && \
|
|
uci set lora_pkt_fwd.sx1301_0.chan_multiSF_6_if='0' && \
|
|
uci set lora_pkt_fwd.sx1301_0.chan_multiSF_7_if='200000' && \
|
|
uci set lora_pkt_fwd.sx1301_0.ftimestamp_enable='1' && \
|
|
uci set lora_pkt_fwd.sx1301_0.radio_0_freq='866300000' && \
|
|
uci set lora_pkt_fwd.sx1301_0.radio_1_freq='867100000' && \
|
|
uci set lora_pkt_fwd.sx1301_1.chan_FSK_enable='1' && \
|
|
uci set lora_pkt_fwd.sx1301_1.chan_FSK_if='250000' && \
|
|
uci set lora_pkt_fwd.sx1301_1.chan_Lora_std_enable='1' && \
|
|
uci set lora_pkt_fwd.sx1301_1.chan_Lora_std_if='-250000' && \
|
|
uci set lora_pkt_fwd.sx1301_1.chan_multiSF_0_if='-400000' && \
|
|
uci set lora_pkt_fwd.sx1301_1.chan_multiSF_1_if='-200000' && \
|
|
uci set lora_pkt_fwd.sx1301_1.chan_multiSF_2_if='0' && \
|
|
uci set lora_pkt_fwd.sx1301_1.chan_multiSF_3_if='200000' && \
|
|
uci set lora_pkt_fwd.sx1301_1.chan_multiSF_3_radio='0' && \
|
|
uci set lora_pkt_fwd.sx1301_1.chan_multiSF_4_if='400000' && \
|
|
uci set lora_pkt_fwd.sx1301_1.chan_multiSF_4_radio='0' && \
|
|
uci set lora_pkt_fwd.sx1301_1.chan_multiSF_5_if='-50000' && \
|
|
uci set lora_pkt_fwd.sx1301_1.ftimestamp_enable='1' && \
|
|
uci set lora_pkt_fwd.sx1301_1.radio_0_freq='867900000' && \
|
|
uci set lora_pkt_fwd.sx1301_1.radio_1_freq='868550000' && \
|
|
uci set lorasrv.lorasrv.adr_margin='5' && \
|
|
uci set lorasrv.lorasrv.auth_enable='0' && \
|
|
uci set lorasrv.lorasrv.clean_session='1' && \
|
|
uci set lorasrv.lorasrv.DisableFcntCheck='0' && \
|
|
uci set lorasrv.lorasrv.dr_min='0' && \
|
|
uci set lorasrv.lorasrv.integration_enable='1' && \
|
|
uci set lorasrv.lorasrv.keepalive='10' && \
|
|
uci set lorasrv.lorasrv.mqtt_version='3.1' && \
|
|
uci set lorasrv.lorasrv.network_id='1' && \
|
|
uci set lorasrv.lorasrv.qos='1' && \
|
|
uci set lorasrv.lorasrv.RECEIVE_DELAY1='1' && \
|
|
uci set lorasrv.lorasrv.retain='0' && \
|
|
uci set lorasrv.lorasrv.Rx1DrOffset='0' && \
|
|
uci set lorasrv.lorasrv.stat_interval='600' && \
|
|
uci set lorasrv.lorasrv.status_interval='0' && \
|
|
uci set lorasrv.lorasrv.tls_mode='none' && \
|
|
uci set system.country.code='PL' && \
|
|
uci set network.wgserver=wireguard_vpn && \
|
|
uci set network.wgserver.endpoint_host=${WGS_ENDPOINT_HOST} && \
|
|
uci set network.wgserver.endpoint_port=${WGS_ENDPOINT_PORT} && \
|
|
uci set network.wgserver.public_key=${WGS_PUBLIC_KEY} && \
|
|
uci set network.wgserver.route_all_traffic=${WGS_ROUTE_ALL_TRAFFIC} && \
|
|
uci set network.wgserver.allowed_ips=${WGS_ALLOWED_IPS} && \
|
|
uci set network.wgserver.persistent_keepalive='30000' && \
|
|
uci set network.wgserver.route_allowed_ips='1' && \
|
|
uci set network.vpn=interface && \
|
|
uci set network.vpn.private_key=${VPN_PRIVATE_KEY} && \
|
|
uci set network.vpn.public_key=${VPN_PUBLIC_KEY} && \
|
|
uci set network.vpn.addresses=${VPN_IP_ADDRESS} && \
|
|
uci set network.vpn.proto='wireguard' && \
|
|
uci set network.vpn.dns=${VPN_DNS} && \
|
|
uci set network.vpn.disabled='0' && \
|
|
uci set system.@system[0].hostname=${HOSTNAME} && \
|
|
uci commit && \
|
|
/etc/init.d/network restart"
|
|
|
|
echo "🎉 Wszystko gotowe!" |