blob: e27c81e5c06aae61708eaa6b26faf4095cf72ec2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
#!/bin/bash -x
export VERSION="0.1"
echo "This program will now reconfigure your Debian system into a Torouter"
# For every file we touch, move it to the temp_dir and then tar it up in the end
export temp_dir="`mktemp -d`"
export config_dir="/usr/share/torouter-prep/example-configs/"
# Add a user to administrate the Torouter later
export ADMINUSER="torouter"
export ADMINGROUP="torouter"
addgroup $ADMINGROUP
useradd -g $ADMINGROUP -s /bin/bash $ADMINUSER
# Install the Tor repo key
# gpg --keyserver keys.gnupg.net --recv 886DDD89
# gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
# This is the main Tor repo apt pubkey
apt-key add $config_dir/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key
# This is the temp torrouter archive pubkey; this should be updated when we
# freeze this repo and know what we want to do
apt-key add $config_dir/047E6A24.asc
# Set us to have a default host name and hosts file
cp $config_dir/hostname /etc/hostname
cp $config_dir/hosts /etc/hosts
# We need to prep apt to understand that we want packages from other repos
cp $config_dir/sources.list /etc/apt/sources.list
# We're creating this file to ensure we get updates
cp $config_dir/apt-preferences.d-backports /etc/apt/preferences.d/backports
cp $config_dir/apt.conf /etc/apt/apt.conf
apt-get -y update
# Remove a bunch of stuff:
apt-get -y remove exim4-base exim4-config exim4-daemon-light dbus
# Install the weird wireless control for the DreamPlug
apt-get install -y -t sid uaputl
# Install some other packages here:
apt-get -y install denyhosts ufw
# Allow us to set the clock:
apt-get -y -t squeeze-backports install openntpd
# Install Tor and deps:
apt-get -y install tor tor-geoipdb
# To build with natpmp support
apt-get -y -t experimental install libnatpmp-dev
apt-get -y -t experimental install libnatpmp0
# To build with miniupnpc support
apt-get -y -t squeeze-backports install libminiupnpc-dev
apt-get -y -t squeeze-backports install libminiupnpc5
# XXX
# We want to apt-get source tor and build it for the 0.2.3.x branch
#
# Install a Tor controller:
apt-get -y install tor-arm
# Install the ttdnsd program:
apt-get -y install ttdnsd
# Install a normal dns cache for eth1
apt-get -y install dnsmasq
##
## Configuration stage of the script
##
# Configure arm
zcat $config_dir/armrc.sample.gz > ~$ADMINUSER/.armrc
# Reconfigure /etc/inittab here
cp $config_dir/inittab /etc/inittab
# Configure the network
# eth0 is our "internet" interface with a dhcp client
cp $config_dir/interfaces /etc/network/interfaces
# Configure dnsmasq
cp $config_dir/dnsmasq.conf /etc/dnsmasq.conf
# Configure ntp
cp $config_dir/ntp.conf /etc/ntp.conf
cp $config_dir/openntpd-default /etc/default/openntpd
# XXX We should configure ufw here
# XXX We should configure denyhosts
cp $config_dir/torrc /etc/tor/torrc
cp $config_dir/ttdnsd-default /etc/default/ttdnsd
# Configure sshd
cp $config_dir/sshd_config /etc/ssh/sshd_config
# Clean up our cache
apt-get -y clean
## Disable ipv6 support for now
cp $config_dir/modprobe.d-blacklist.conf /etc/modprobe.d/blacklist.conf
echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf
##
## Restart services here
##
/etc/init.d/ssh restart
/etc/init.d/tor restart
/etc/init.d/ttdnsd restart
##
## Touch a stamp to show that we're now a Torouter
##
echo "torouter $VERSION" > /etc/torouter
|