init

setup.sh

@@ -0,0 +1,178 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# Check permissions
+if [ "$UID" != "0" ]; then
+   echo "This script must be run as root / with sudo" >&2
+   exit 1
+fi
+
+# Get settings
+read -rsp "User Password: " pass; echo
+RID=$(cat /etc/radio_id)
+read -rp "Radio ID (${RID:-1-254}): " ip
+ip=${ip:-$RID}
+echo $ip > /etc/radio_id
+read -rp "Radio Name ($HOSTNAME): " name
+name=${name:-$HOSTNAME}
+read -rp "Mesh Name: " mesh_ssid
+read -rsp "Mesh Password: " mesh_pass; echo
+read -rsp "Hotspot Password: " ap_pass; echo
+read -p "Enable wireguard (Y/N): " wireguard
+if [ "${wireguard,,}" == "y" ]; then
+    while [ ! -f "/etc/wireguard/wg0.conf" ]; do
+        read -n 1 -s -p "Add '/etc/wireguard/wg0.conf' then press any key to continue..."
+    done
+fi
+
+# Install updates & packages
+export DEBIAN_FRONTEND=noninteractive
+apt update && apt upgrade -y && apt install -y \
+    build-essential libpcap-dev libusb-1.0-0-dev libnetfilter-queue-dev \
+    btop jq tmux unzip zip
+
+# Update hostname
+hostnamectl set-hostname "${name}"
+sed -i "s/$HOSTNAME/$name" /etc/hostname
+sed -i "s/$HOSTNAME/$name" /etc/hosts
+
+# Update banner
+cat <<EOF >> /etc/motd
+
+ ██████   ██████ ███████████    █████████
+░░██████ ██████ ░░███░░░░░███  ███░░░░░███
+ ░███░█████░███  ░███    ░███ ░███    ░░░
+ ░███░░███ ░███  ░██████████  ░░█████████
+ ░███ ░░░  ░███  ░███░░░░░███  ░░░░░░░░███
+ ░███      ░███  ░███    ░███  ███    ░███
+ █████     █████ █████   █████░░█████████
+░░░░░     ░░░░░ ░░░░░   ░░░░░  ░░░░░░░░░
+
+EOF
+
+# Setup wireguard
+if [ "${wireguard,,}" == "y" ]; then
+	apt install wireguard -y
+	systemctl enable wg-quick@wg0
+	systemctl start wg-quick@wg0
+fi
+
+# Setup GPS - gpsmon
+sed -i '/^enable_uart=/d' /boot/firmware/config.txt
+echo "enable_uart=1" >> /boot/firmware/config.txt
+apt install -y gpsd gpsd-clients chrony
+tee /etc/default/gpsd > /dev/null <<'EOF'
+START_DAEMON="true"
+GPSD_OPTIONS="-n"
+DEVICES="/dev/serial0"
+USBAUTO="false"
+GPSD_SOCKET="/var/run/gpsd.sock"
+EOF
+tee -a /etc/chrony/chrony.conf > /dev/null <<'EOF'
+refclock SHM 0 offset 0.5 delay 0.2 refid NMEA
+EOF
+systemctl enable --now gpsd chrony
+
+# Setup DNS
+# TODO: Setup AP management
+apt install -y dnsmasq
+tee -a /etc/dnsmasq.d/local.conf > /dev/null <<'EOF'
+server=1.1.1.1
+server=1.0.0.1
+address=/$HOSTNAME/$IP
+address=/.$HOSTNAME/$IP
+EOF
+
+# Install docker
+apt install -y qemu-user-static
+curl -fsSL https://get.docker.com | sh
+usermod -aG docker $USER
+newgrp docker
+
+# Setup Guacamole - http://localhost:8080
+sed -i 's/^#\?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config
+systemctl restart ssh
+apt-get install -y xrdp
+tee /etc/xrdp/startwm.sh > /dev/null <<'EOF'
+#!/bin/sh
+unset DBUS_SESSION_BUS_ADDRESS
+unset XDG_RUNTIME_DIR
+exec startlxde-pi
+EOF
+mkdir -p /etc/polkit-1/rules.d
+tee /etc/polkit-1/rules.d/49-nopasswd.rules > /dev/null <<'EOF'
+polkit.addRule(function(action, subject) {
+  return polkit.Result.YES;
+});
+EOF
+systemctl restart polkit
+systemctl enable --now xrdp
+docker run -d --name guacamole --network host --restart unless-stopped -v guacamole:/config flcontainers/guacamole:latest
+
+# Setup Automount + FileBrowser - http://localhost:1200
+mkdir -p /etc/udev/rules.d/
+echo 'ENV{ID_FS_USAGE}=="filesystem", ENV{UDISKS_FILESYSTEM_SHARED}="1"' > /etc/udev/rules.d/99-udisks2.rules
+docker run -d --name filebrowser --restart unless-stopped -p 1200:8080 -e FB_USERNAME=$USER -v filebrowser:/config -v /media:/data hurlenko/filebrowser:latest
+sleep 3
+fb_pass=$(docker logs filebrowser 2>&1 | grep -oP 'randomly generated password: \K.*'); echo $fb_pass
+
+# Setup Kiwix - http://localhost:1300
+mkdir -p /media/library/archive
+mkdir -p /media/library/zim
+docker run -d --name kiwix --restart unless-stopped -p 1300:3000 -v /media/library:/data ztimson/kiwixm:latest
+
+# Maps - http://localhost:1400
+mkdir -p /media/maps/tiles
+mkdir -p /media/maps/styles
+docker run -d --name maps --restart unless-stopped -p 1400:8080 -v /media/maps/config.json:/config.json -v /media/maps/tiles:/data -v /media/maps/styles:/styles maptiler/tileserver-gl:v4.11.0
+
+# Setup Ollama + OpenWebUI - http://localhost:1000
+docker run -d --name ollama --restart unless-stopped -p 11434:11434 -v ollama:/root/.ollama ollama/ollama:latest
+docker exec -d ollama ollama pull llama3.2:1b-instruct-q4_K_M # Works best on Pi5 (High TPS, Low memory)
+docker run -d --name open-webui --restart unless-stopped -p 1000:8080 -e OLLAMA_BASE_URL=http://ollama:11434 --link ollama -v open-webui:/app/backend/data ghcr.io/open-webui/open-webui:main
+
+# LoRa - http://localhost:4403
+pip install --upgrade --break-system-packages meshtastic
+LORA_DEVICE=$(ls /dev/serial/by-id | grep RAK)
+apt install -y ser2net
+rm /etc/ser2net.yaml || echo
+tee /etc/ser2net.conf <<EOF
+4403:raw:0:/dev/serial/by-id/$LORA_DEVICE:115200 8DATABITS NONE 1STOPBIT
+EOF
+sed -i 's|\$CONFFILE|/etc/ser2net.conf|g' /lib/systemd/system/ser2net.service
+systemctl daemon-reload
+systemctl restart ser2net
+
+# Federated chat - http://localhost:1500
+docker run -it --rm -v synapse:/data -e SYNAPSE_SERVER_NAME=server.local -e SYNAPSE_REPORT_STATS=no matrixdotorg/synapse:latest generate
+tee -a /var/lib/docker/volumes/synapse/_data/homeserver.yaml <<EOF
+enable_registration: true
+enable_registration_without_verification: true
+EOF
+docker run -d --name synapse --restart unless-stopped -e SYNAPSE_SERVER_NAME=server.local -e SYNAPSE_REPORT_STATS=no -v synapse:/data -p 8008:8008 matrixdotorg/synapse:latest
+mkdir -p /etc/element
+echo "{\"default_server_config\":{\"m.homeserver\":{\"base_url\":\"http://$IP:8008\",\"server_name\":\"server.local\"}}}" > /etc/element/config.json
+docker run -d --name element --restart unless-stopped -p 1500:80 -v /etc/element/config.json:/app/config.json vectorim/element-web:latest
+
+# Setup pentest suite - http:localhost:1600
+sudo apt install -y arp-scan aircrack-ng gobuster hashcat hcxtools hydra john netcat-openbsd nikto nmap masscan reaver sqlmap tcpdump wireshark
+curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
+chmod +x msfinstall
+./msfinstall
+rm msfinstall
+docker run -d --name bettercap --restart unless-stopped --privileged --net=host bettercap/bettercap -eval "set api.rest.address 0.0.0.0; set ui.address 0.0.0.0; set ui.port 1600; ui on; set gps.device localhost:2947;"
+
+# ATAK - http://localhost:1100 (XMPP - 5222, API - 8089)
+docker run -d --name atak --restart unless-stopped --platform=linux/amd64 -p 8089:8080 -p 5222:8999 -p 1100:8088 -v atak:/app kdudkov/goatak_server:latest
+
+# TODO: SDR tools (SDRangel, dump1060)
+#docker run -d --name sdrserver --restart unless-stopped --device /dev/bus/usb:/dev/bus/usb -p 8091:8091 -p 8092:8092 f4exb06/sdrangelsrv:v7.22.7 --bind 0.0.0.0
+#docker run -d --name sdrcli --restart unless-stopped -p 1000:8080  -e SDRANGEL_SERVER_URL=http://10.69.5.108:8091 f4exb06/sdrangelcli:v4.0.2
+
+# Speedtest - http://localhost:1900
+docker run -d --name speedtest --restart unless-stopped -p 1900:80 lscr.io/linuxserver/librespeed:latest
+
+# TODO: Captive Portal + PWA & Caddy
+# TODO: E-Ink + QR Join AP
+# TODO: Mesh