This repository has been archived by the owner on Sep 10, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathinstall.sh
executable file
·329 lines (289 loc) · 12.8 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
#! /bin/bash
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root. Try using \"sudo $0\""
exit 1
fi
INSTALL_USER=lab
function host_configuration {
echo -e "\t##### Updating hostname, localtime, locale and bashrc..."
cp install/.bashrc /root/.bashrc
echo $1 > /etc/hostname
hostname -F /etc/hostname
sed -i "s/raspberrypi/$1/g" /etc/hosts
ln -sf /usr/share/zoneinfo/Europe/Madrid /etc/localtime
sed -i "s/# es_ES.UTF-8/es_ES.UTF-8/g" /etc/locale.gen
locale-gen
sed -i "s/en_GB.UTF-8/es_ES.UTF-8/g" /etc/default/locale
echo -e "\t##### Creating user $INSTALL_USER..."
useradd -m -s /bin/bash $INSTALL_USER
passwd $INSTALL_USER
while [ $? -ne 0 ]; do
passwd $INSTALL_USER
done
usermod -aG sudo $INSTALL_USER
}
function install_dependencies {
echo -e "\t##### Installing dependencies with apt-get...\n"
apt-get -y update && apt-get -y upgrade
echo iptables-persistent iptables-persistent/autosave_v4 boolean false | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean false | debconf-set-selections
apt-get -y install iptables-persistent $@
}
function daemons_setup {
echo -e "\t##### Preparing daemons and start on boot...\n"
# Copy daemons and enable them
cd install/$1/daemons/
for s in `ls .`; do
sed -i "s/<user>/$INSTALL_USER/g" $s
sed -i "s/<group>/$INSTALL_USER/g" $s
cp $s /etc/systemd/system
systemctl enable $s
done
cd -
systemctl enable ssh
}
function set_config_json {
echo -e "\n\t##### Generating /etc/$1_conf.json...\n"
answ="n"
# Load default config values
. install/default.config
echo "NOTE: Default values are shown between parenthesis. If you don't give a value, default value will be taken."
while [ $answ != "y" ] && [ $answ != "Y" ]; do
read -p "Indicate rpi 2 IP address ($addr2_default): " addr2
if [ -z "$addr2" ]; then addr2=$addr2_default; fi
read -p "Indicate rpi 2 API port ($port2_default): " port2
if [ -z "$port2" ]; then port2=$port2_default; fi
case $1 in
"rpi1")
read -p "Indicate rpi 2 API POST Bearer token ($token2_default): " token2
if [ -z "$token2" ]; then token2=$token2_default; fi
conf='{\n\t"Rpi2APIAddress" : "'$addr2'",\n\t"Rpi2APIPort" : '$port2',\n\t"Rpi2APIAuthorizedToken" : "Bearer '$token2'"\n}'
;;
"rpi2")
read -p "Indicate rpi 2 API POST Bearer token ($token2_default): " token2
if [ -z "$token2" ]; then token2=$token2_default; fi
read -p "Indicate Philips Hue bridge IP address ($hue_default): " hue
if [ -z "$hue" ]; then hue=$hue_default; fi
read -p "Indicate Philips Hue bridge secret string ($secret_default): " secret
if [ -z "$secret" ]; then secret=$secret_default; fi
echo "Adding the alarm sound file path to the config file..."
conf='{\n\t"Rpi2APIAddress" : "'$addr2'",\n\t"Rpi2APIPort" : '$port2',\n\t"Rpi2APIAuthorizedToken" : "Bearer '$token2'",\n\t"HueBridgeAddress" : "'$hue'",\n\t"HueBridgeToken" : "'$secret'",\n\t"AlarmSoundPath" : "/usr/local/share/alarm.mp3"\n}'
;;
"rpi3")
read -p "Indicate rpi 3 IP address ($addr3_default): " addr3
if [ -z "$addr3" ]; then addr3=$addr3_default; fi
read -p "Indicate rpi 3 API port ($port3_default): " port3
if [ -z "$port3" ]; then port3=$port3_default; fi
read -p "Indicate classrooms control server domain name and ssh port ($server_default): " server
if [ -z "$server" ]; then server=$server_default; fi
read -p "Indicate check classrooms occupation command ($cmd_default): " cmd
if [ -z "$cmd" ]; then cmd=$cmd_default; fi
read -p "Indicate laboratory reservations web page url ($web_default): " web
if [ -z "$web" ]; then web=$web_default; fi
conf='{\n\t"Rpi2APIAddress" : "'$addr2'",\n\t"Rpi2APIPort" : '$port2',\n\t"Rpi3APIAddress" : "'$addr3'",\n\t"Rpi3APIPort" : '$port3',\n\t"ControlServer" : "'$server'",\n\t"OccupationCmd" : "'$cmd'",\n\t"OccupationWeb" : "'$web'"\n}'
;;
esac
echo "/etc/$1_conf.json generated:"
echo -e $conf
read -p "Is that correct? (Y/n): " answ
answ=${answ:-Y}
done
echo -e $conf > /etc/$1_conf.json
chown 600 /etc/$1_conf.json
chown $INSTALL_USER:$INSTALL_USER /etc/$1_conf.json
}
function auto_login_gui {
echo -e "\n\t##### Enabling auto-login and auto start chromium"
cp install/$1/autostart /etc/xdg/openbox/autostart
chmod +x /etc/xdg/openbox/autostart
raspi-config nonint do_boot_behaviour B4 # Auto login with GUI
sed -i "s/#xserver-command=X/xserver-command=X -nocursor/g" /etc/lightdm/lightdm.conf # Disable mouse on screen
}
function auto_power_monitor {
echo -e "\t##### Preparing monitor auto on/off on working hours..."
cp install/raspi-monitor /usr/local/sbin/raspi-monitor
chmod +x /usr/local/sbin/raspi-monitor
# Set cron jobs
(crontab -l 2>/dev/null; echo "# Enable the monitor every weekday morning at 8:10") | crontab -
(crontab -l 2>/dev/null; echo "10 8 * * 1-5 /usr/local/sbin/raspi-monitor on > /dev/null 2>&1") | crontab -
(crontab -l 2>/dev/null; echo "# Disable the monitor every weekday evening at 21:10") | crontab -
(crontab -l 2>/dev/null; echo "10 21 * * 1-5 /usr/local/sbin/raspi-monitor off > /dev/null 2>&1") | crontab -
}
function set_monitor_resolution {
echo -e "\n\t##### Setting monitor resolution..."
sed -i "s/#disable_overscan=1/disable_overscan=1/g" /boot/config.txt
sed -i "s/#overscan_left=16/overscan_left=0/g" /boot/config.txt
sed -i "s/#overscan_right=16/overscan_right=0/g" /boot/config.txt
sed -i "s/#overscan_top=16/overscan_top=0/g" /boot/config.txt
sed -i "s/#overscan_bottom=16/overscan_bottom=0/g" /boot/config.txt
sed -i "s/#framebuffer_width=1280/framebuffer_width=1920/g" /boot/config.txt
sed -i "s/#framebuffer_height=720/framebuffer_height=1080/g" /boot/config.txt
}
function set_iptables {
# Remove current iptables rules
iptables -F
# Default policies
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
# Allow active connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Allow ssh in our network
iptables -A INPUT -p tcp --dport 22 -s 163.117.170.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 163.117.142.0/24 -j ACCEPT
# Allow loopback
iptables -I INPUT 1 -i lo -j ACCEPT
# Allow ping
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
}
function install_rpi1 {
# Basic host configuration
host_configuration "rpi1"
# Install python libs and zabbix agent
packages="python-numpy python3-picamera python3-sense-hat zabbix-agent"
install_dependencies $packages
# Install the core
echo -e "\n\t##### Installing scripts in /usr/local/bin/rpi1_cpd/..."
cp -r $1/scripts /usr/local/bin/$1_cpd
chown -R $INSTALL_USER:$INSTALL_USER /usr/local/bin/$1_cpd
echo -e "\t##### Enabling components on rpi..."
# Enable camera and i2c
raspi-config nonint do_i2c 0 # To use sense hat
raspi-config nonint do_camera 0 # To use camera
echo -e "\t##### Configuring permissions..."
usermod -aG input $INSTALL_USER # To use sense hat
usermod -aG i2c $INSTALL_USER # To use sense hat
usermod -aG video $INSTALL_USER # To use camera
# Setup daemons and start on boot
daemons_setup "rpi1"
systemctl enable zabbix-agent
# Configure zabbix
echo -e "\n\t##### Configuring zabbix...\n"
answ="n"
. install/default.config
while [ $answ != "y" ] && [ $answ != "Y" ]; do
read -p "Indicate zabbix server address ($addrZ_default): " addrZ
if [ -z "$addrZ" ]; then addrZ=$addrZ_default; fi
read -p "Is the IP $addrZ correct? (Y/n): " answ
answ=${answ:-Y}
done
sed -i "s/Server=127.0.0.1/Server=$addrZ/g" /etc/zabbix/zabbix_agentd.conf
sed -i "s/ServerActive=127.0.0.1/ServerActive=$addrZ/g" /etc/zabbix/zabbix_agentd.conf
sed -i '/# UserParameter=/a UserParameter=cpd.hum, /bin/cat /tmp/last_hum.txt' /etc/zabbix/zabbix_agentd.conf
sed -i '/# UserParameter=/a UserParameter=cpd.temp, /bin/cat /tmp/last_temp.txt' /etc/zabbix/zabbix_agentd.conf
# Configure core
set_config_json "rpi1"
echo -e "\n\t##### Setting and saving iptables..."
set_iptables
# Allow zabbix in our network
iptables -A INPUT -p tcp --dport 10050 -s 163.117.170.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 10050 -s 163.117.142.0/24 -j ACCEPT
# Save rules so they persist after reboot
iptables-save > /etc/iptables/rules.v4
}
function install_rpi2 {
# Basic host configuration
host_configuration "rpi2"
# Install openbox and chromium to display grafana dashboard, lightdm to autologin on GUI, omxplayer to play alarm sound
packages="openbox chromium-browser lightdm omxplayer"
install_dependencies $packages
# Install the core
echo -e "\n\t##### Installing binary in /usr/local/bin/ and resources in /usr/local/share/..."
cp install/rpi2/rpi2_api_arm /usr/local/bin/rpi2_api_arm # Rpi2 API binary
chmod 755 /usr/local/bin/rpi2_api_arm
cp install/rpi2/alarm.mp3 /usr/local/share/alarm.mp3 # Rpi2 API alarm sound file
echo -e "\t##### Configuring permissions..."
usermod -aG video $INSTALL_USER # To use audio jack
# Setup daemons and start on boot
daemons_setup "rpi2"
# Enable auto login and chromium start
auto_login_gui "rpi2"
# Enable monitor auto power off/on
auto_power_monitor
# Configure core
set_config_json "rpi2"
echo -e "\n\t##### Setting and enabling iptables..."
set_iptables
# Allow API requests only on the university network
iptables -A INPUT -p tcp --dport $port -s 163.117.0.0/16 -j ACCEPT
# Save rules so they persist after reboot
iptables-save > /etc/iptables/rules.v4
echo -e "\t##### WARNING: Please, press the Philips Hue bridge button before continue. Press enter when pressed."
read
echo -e "\t##### Launching api to pair Philips Hue bridge..."
systemctl start rpi2_api.service
echo -e "\t Waiting 10 seconds"
sleep 10
systemctl is-active --quiet rpi2_api.service
if [[ $? -eq 0 ]]; then
echo -e "\t Pairing successful!"
else
echo -e "\t Pairing failed! Manual pairing required"
exit 2
fi
}
function install_rpi3 {
# Basic host configuration
host_configuration "rpi3"
# Install openbox and chromium to display website, lightdm to autologin on GUI, npm to build
packages="openbox chromium-browser lightdm npm"
install_dependencies $packages
echo -e "\n\t##### Installing binary in /usr/local/bin/ and web in /srv/rpi3/..."
cp install/rpi3/rpi3_api_arm /usr/local/bin/rpi3_api_arm # Rpi3 API binary
chmod 755 /usr/local/bin/rpi3_api_arm
cp install/rpi3/web_server_arm /usr/local/bin/web_server_arm # Custom web server
chmod 755 /usr/local/bin/web_server_arm
cd rpi3/GUI/
npm install
npm run build
mv public/ /srv/rpi3 # Website files
cd -
chown -R $INSTALL_USER:$INSTALL_USER /srv/rpi3
# Setup daemons and start on boot
daemons_setup "rpi3"
# Enable auto login and chromium start
auto_login_gui "rpi3"
# Enable monitor auto power off/on
auto_power_monitor
# Set monitor resolution
set_monitor_resolution
# Configure core
set_config_json "rpi3"
echo -e "\n\t##### Setting and enabling iptables..."
set_iptables
# Allow API requests only on the university network
iptables -A INPUT -p tcp --dport $port3 -s 163.117.0.0/16 -j ACCEPT
# Allow web request only on our subnet
iptables -A INPUT -p tcp --dport 9000 -s 163.117.142.0/24 -j ACCEPT
# Save rules so they persist after reboot
iptables-save > /etc/iptables/rules.v4
}
echo -e "What rpi are you trying to install?\n"
echo -e "\t(1) rpi1 (inside CPD: monitoring)"
echo -e "\t(2) rpi2 (outside CPD: light control, display CPD info)"
echo -e "\t(3) rpi3 (outside CPD: display classrooms info)\n"
read -p "Please, choose a number. Choose (0) to exit: " opt
case "$opt" in
"1")
# Install rpi1
install_rpi1
;;
"2")
# Install rpi2
install_rpi2
;;
"3")
# Install rpi3
install_rpi3
.install/default.config
echo "Please. Generate an ssh key to rpi3 and copy pub key into $server_default:/root/.ssh/authorized_keys"
;;
esac
echo "Done. If you see this message, everything should work after reboot."
echo "REMEMBER TO REMOVE PI USER FOR SECURITY."
answ="n"
read -p "Do you want to reboot now? (Y/n): " answ
answ=${answ:-Y}
if [ $answ == "y" ] || [ $answ == "Y" ]; then
reboot
fi