crappyrules
/
mistborn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge branch '62-raspios' into 'master' 

Resolve "Raspberry Pi OS bugs"

Closes #62

See merge request cyber5k/mistborn!35
merge-requests/39/merge
Steven Foerster 5 years ago
parent
c96df527e6 2ac26e9a34
commit
a34d9c5cac
5 changed files with 20 additions and 20 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      README.md
  2. 6
      scripts/install.sh
  3. 5
      scripts/subinstallers/cockpit.sh
  4. 8
      scripts/subinstallers/docker_manual.sh
  5. 5
      scripts/subinstallers/wireguard.sh

16
README.md
Unescape View File

@ -48,7 +48,9 @@ Tested Operating Systems (in order of thoroughness):
- Ubuntu 20.04 LTS - Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS - Ubuntu 18.04 LTS
- Debian 10 (Buster) - Debian 10 (Buster)
- Raspbian Buster - Raspberry Pi OS (formerly Raspbian) Buster
**Note:** Install operating system updates and restart. Raspberry Pi OS particularly needs to be restarted after kernel updates (kernel modules for the currently running kernel may be missing).
Tested Browsers: Tested Browsers:
- Firefox - Firefox
@ -59,8 +61,8 @@ The Mistborn docker images exist for these architectures:
| Mistborn Docker Images (hub.docker.com) | Architectures | | Mistborn Docker Images (hub.docker.com) | Architectures |
|------------------------------------------------|---------------------| |------------------------------------------------|---------------------|
| mistborn (django, celery{worker,beat}, flower) | amd64, arm64, armv7 | | mistborn (django, celery{worker,beat}, flower) | amd64, arm64, arm/v7 |
| dnscrypt-proxy | amd64, arm64, armv7 | | dnscrypt-proxy | amd64, arm64, arm/v7 |
Recommended System Specifications: Recommended System Specifications:
@ -132,8 +134,8 @@ Running `install.sh` will do the following:
- install Docker - install Docker
- install OpenSSH - install OpenSSH
- install Wireguard - install Wireguard
- install Cockpit - install Cockpit (optional)
- create a `cockpit` system user - create a `cockpit` system user (if Cockpit is installed)
- configure unattended-upgrades - configure unattended-upgrades
- generate a self-signed TLS certificate/key (WebRTC functionality requires TLS) - generate a self-signed TLS certificate/key (WebRTC functionality requires TLS)
- create and populate traefik.toml - create and populate traefik.toml
@ -317,7 +319,7 @@ But wait, there's more! You can:
| Rocket.Chat | [Rocket.Chat](https://play.google.com/store/apps/details?id=chat.rocket.android) | [Rocket.Chat](https://apps.apple.com/us/app/rocket-chat/id1148741252) | | Rocket.Chat | [Rocket.Chat](https://play.google.com/store/apps/details?id=chat.rocket.android) | [Rocket.Chat](https://apps.apple.com/us/app/rocket-chat/id1148741252) |
## TLS Certificate ## TLS Certificate
Some apps require TLS (HTTPS). All traffic to Mistborn domains already occurs over Wireguard but to keep apps running, a TLS certificate exists for Mistborn and can be imported into your device's trusted credentials in the security settings. Some apps require TLS (HTTPS). All traffic to Mistborn domains already occurs over Wireguard but to keep apps running, a TLS certificate exists for Mistborn and can be imported into your device's trusted credentials in the security settings. This certificate is checked every day and will be re-generated when expiration is less than 30 days away.
The TLS certificate can be found here: The TLS certificate can be found here:
``` ```
@ -446,7 +448,7 @@ These are some notes regarding the technical design and implementations of Mistb
## Additonal Notes ## Additonal Notes
- Interface names are not hardcoded anywhere in Mistborn. Two commands that are used in different circumstances to determine the default network interface and the interface that would route a public IP address are: `ip -o -4 route show to default` and `ip -o -4 route get 1.1.1.1`. - Interface names are not hardcoded anywhere in Mistborn. Two commands that are used in different circumstances to determine the default network interface and the interface that would route a public IP address are: `ip -o -4 route show to default` and `ip -o -4 route get 1.1.1.1`.
- The "Update" button will pull updated Docker images for mistborn, postgresql, redis, pihole, and dnscrypt. Those services will then be restarted. - The "Update" button will pull updated Docker images for mistborn, postgresql, redis, pihole, and dnscrypt. Those services will then be restarted.
- The generated TLS certificate has an RSA modulus of 4096 bits, is signed with SHA-256, and is good for 10 years. The nanny at Apple has decided to restrict the kinds of certificates iOS users may choose to manually trust and so you may have issues with TLS on an Apple device for now. - The generated TLS certificate has an RSA modulus of 4096 bits, is signed with SHA-256, and is good for 397 days. The certificate is checked daily and will regenerate when expiration is within 30 days.
- Outbound UDP on port 53 is blocked. All DNS requests should be handled by the dnscrypt_proxy service and if any client, service, etc. tries to circumvent that it is blocked. - Outbound UDP on port 53 is blocked. All DNS requests should be handled by the dnscrypt_proxy service and if any client, service, etc. tries to circumvent that it is blocked.
- Unattended upgrades are set to automatically install operating system security updates. - Unattended upgrades are set to automatically install operating system security updates.

6
scripts/install.sh
Unescape View File

@ -69,9 +69,9 @@ fi
# Install Cockpit? # Install Cockpit?
if [ -z "${MISTBORN_INSTALL_COCKPIT}" ]; then if [ -z "${MISTBORN_INSTALL_COCKPIT}" ]; then
read -p "Install Cockpit (a somewhat resource-heavy system management graphical user interface)? [Y/n]: " MISTBORN_INSTALL_COCKPIT read -p "Install Cockpit (a somewhat resource-heavy system management graphical user interface -- NOT RECOMMENDED on Raspberry Pi)? [y/N]: " MISTBORN_INSTALL_COCKPIT
echo echo
MISTBORN_INSTALL_COCKPIT=${MISTBORN_INSTALL_COCKPIT:-Y} MISTBORN_INSTALL_COCKPIT=${MISTBORN_INSTALL_COCKPIT:-N}
fi fi
# SSH keys # SSH keys
@ -132,7 +132,7 @@ sudo -E apt-get install -y dnsutils fail2ban
# Install kernel headers # Install kernel headers
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then
sudo -E apt install -y linux-headers-$(uname -r) sudo -E apt install -y linux-headers-$(uname -r)
elif [ "$DISTRO" == "raspbian" ]; then elif [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
sudo -E apt install -y raspberrypi-kernel-headers sudo -E apt install -y raspberrypi-kernel-headers
fi fi

5
scripts/subinstallers/cockpit.sh
Unescape View File

@ -10,11 +10,8 @@ elif [ "$DISTRO" == "debian" ]; then
&& echo "buster-backports already in sources" \ && echo "buster-backports already in sources" \
|| echo 'deb http://deb.debian.org/debian buster-backports main' | sudo tee -a /etc/apt/sources.list.d/backports.list || echo 'deb http://deb.debian.org/debian buster-backports main' | sudo tee -a /etc/apt/sources.list.d/backports.list
elif [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
elif [ "$DISTRO" == "raspbian" ]; then
echo "Raspbian repos contain cockpit" echo "Raspbian repos contain cockpit"
fi fi
sudo -E apt-get install -y cockpit sudo -E apt-get install -y cockpit

8
scripts/subinstallers/docker_manual.sh
Unescape View File

@ -15,7 +15,7 @@ if [ "$DISTRO" == "ubuntu" ]; then
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
elif [ "$DISTRO" == "debian" ]; then elif [ "$DISTRO" == "debian" ]; then
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
elif [ "$DISTRO" == "raspbian" ]; then elif [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg | sudo apt-key add - curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg | sudo apt-key add -
fi fi
@ -31,7 +31,7 @@ elif [ "$DISTRO" == "debian" ]; then
"deb https://download.docker.com/linux/debian \ "deb https://download.docker.com/linux/debian \
$(lsb_release -cs) \ $(lsb_release -cs) \
stable" stable"
elif [ "$DISTRO" == "raspbian" ]; then elif [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
echo "deb [arch=armhf] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \ echo "deb [arch=armhf] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
$(lsb_release -cs) stable" | \ $(lsb_release -cs) stable" | \
sudo tee /etc/apt/sources.list.d/docker.list sudo tee /etc/apt/sources.list.d/docker.list
@ -43,7 +43,7 @@ sudo apt-get update
if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then if [ "$DISTRO" == "ubuntu" ] || [ "$DISTRO" == "debian" ]; then
sudo -E apt-get install -y docker-ce docker-ce-cli containerd.io sudo -E apt-get install -y docker-ce docker-ce-cli containerd.io
elif [ "$DISTRO" == "raspbian" ]; then elif [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
sudo -E apt install -y --no-install-recommends \ sudo -E apt install -y --no-install-recommends \
docker-ce \ docker-ce \
cgroupfs-mount cgroupfs-mount
@ -59,7 +59,7 @@ echo "Installing Docker Compose"
# sudo chmod +x /usr/local/bin/docker-compose # sudo chmod +x /usr/local/bin/docker-compose
#elif [ "$DISTRO" == "raspbian" ]; then #elif [ "$DISTRO" == "raspbian" ]; then
# Install required packages # Install required packages
sudo -E apt install -y python-backports.ssl-match-hostname #sudo -E apt install -y python-backports.ssl-match-hostname
# Install Docker Compose from pip # Install Docker Compose from pip
# This might take a while # This might take a while

5
scripts/subinstallers/wireguard.sh
Unescape View File

@ -9,18 +9,19 @@ if ! $(sudo apt-cache show wireguard > /dev/null 2>&1) ; then
echo "Adding Wireguard PPAs" echo "Adding Wireguard PPAs"
# Wireguard # Wireguard
if [ "$DISTRO" == "raspbian" ]; then if [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
echo "Adding Wireguard repo keys" echo "Adding Wireguard repo keys"
sudo -E apt-get install -y dirmngr sudo -E apt-get install -y dirmngr
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
fi fi
if [ "$DISTRO" == "ubuntu" ]; then if [ "$DISTRO" == "ubuntu" ]; then
# Ubuntu # Ubuntu
sudo add-apt-repository -y ppa:wireguard/wireguard sudo add-apt-repository -y ppa:wireguard/wireguard
elif [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ]; then elif [ "$DISTRO" == "debian" ] || [ "$DISTRO" == "raspbian" ] || [ "$DISTRO" == "raspios" ]; then
# Debian # Debian
sudo bash -c 'echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list' sudo bash -c 'echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list'
sudo bash -c "printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable" sudo bash -c "printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable"

Write Preview
Loading…
Cancel
Save