hotspot_ynh/scripts/install

#!/bin/bash

# Wifi Hotspot app for YunoHost 
# Copyright (C) 2015 Julien Vaubourg <julien@vaubourg.com>
# Contribute at https://github.com/jvaubourg/hotspot_ynh
# 
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# Retrieve arguments
domain=${1}
url_path=${2}
wifi_ssid=${3}
wifi_passphrase=${4}
firmware_nonfree=${5}

##
## These arguments are optional but YunoHost is not yet able to handle them with the web installer
## See manifest.json.options
##
#
#ip6_net=${6}

# Check arguments
if [ -z "${wifi_ssid}" -o -z "${wifi_passphrase}" ]; then
  echo "ERROR: Your Wifi Hotspot needs a name and a password" >&2
  exit 1
fi

wifi_passphrase_length="$(echo -n "${wifi_passphrase}" | wc -c)"
if [ "${wifi_passphrase_length}" -lt 8 -o "${wifi_passphrase_length}" -gt 63 ]; then
  echo "ERROR: Your password must from 8 to 63 characters (WPA2 passphrase)" >&2
  exit 1
fi

echo "${wifi_passphrase}" | grep -qP '[^[:print:]]'
if [ $? -eq 0 ]; then
  echo "ERROR: Only printable ASCII characters are permitted in your password (WPA2 passphrase)" >&2
  exit 1
fi

# Check domain/path availability
sudo yunohost app checkurl ${domain}${url_path} -a hotspot 
if [ ! $? -eq 0 ]; then
  exit 1
fi

# Install packages
packages='php5-fpm sipcalc hostapd iptables wireless-tools dnsmasq'
export DEBIAN_FRONTEND=noninteractive

# Packaged USB Wireless Device firmwares
# Based on https://wiki.debian.org/WiFi#USB_Devices
if [ "${firmware_nonfree}" == yes ]; then
  packages="$packages firmware-atheros atmel-firmware firmware-linux-free firmware-linux-nonfree firmware-realtek firmware-ralink firmware-libertas zd1211-firmware"
else
  packages="$packages firmware-linux-free"
fi

sudo apt-get --assume-yes --force-yes install ${packages}

if [ $? -ne 0 ]; then
  sudo apt-get update
  sudo apt-get --assume-yes --force-yes install ${packages}
fi

# Compute extra arguments
if [ -z "${ip6_net}" ]; then
  ip6_net=none
  ip6_addr=none

  if [ -e /tmp/.ynh-vpnclient-started ]; then
    vpnclient_ip6_net=$(sudo yunohost app setting vpnclient ip6_net 2>&1)
    vpnclient_ip6_addr=$(sudo yunohost app setting vpnclient ip6_addr 2>&1)

    if [[ "${vpnclient_ip6_net}" =~ :: && "${vpnclient_ip6_addr}" =~ :: ]]; then
      ip6_net=${vpnclient_ip6_net}
      ip6_addr=${vpnclient_ip6_addr}
    fi
  fi
#else
#  ip6_net=$(bash ../conf/ipv6_expanded "${ip6_net}")
#
#  if [ -z "${ip6_net}" ]; then
#    echo "ERROR: The IPv6 Delegated Prefix format looks bad" >&2
#    exit 1
#  fi
#
#  ip6_addr="$(echo "${ip6_net}" | cut -d: -f1-7):42"
#  ip6_net=$(bash ../conf/ipv6_compressed "${ip6_net}")
#  ip6_addr=$(bash ../conf/ipv6_compressed "${ip6_addr}")
fi

wifi_device=$(sudo iwconfig 2>&1 | grep 802.11 | head -n1 | awk '{ print $1 }')

if [ -z "${wifi_device}" ]; then
  echo "ERROR: No wifi interface found" >&2
  exit 1
fi

# Save arguments
sudo yunohost app setting hotspot service_enabled -v 1
sudo yunohost app setting hotspot multissid -v 1
sudo yunohost app setting hotspot wifi_ssid -v "${wifi_ssid}"
sudo yunohost app setting hotspot wifi_secure -v 1
sudo yunohost app setting hotspot wifi_passphrase -v "${wifi_passphrase}"
sudo yunohost app setting hotspot wifi_device -v "${wifi_device}"
sudo yunohost app setting hotspot wifi_channel -v 6
sudo yunohost app setting hotspot ip6_addr -v "${ip6_addr}"
sudo yunohost app setting hotspot ip6_net -v "${ip6_net}"
sudo yunohost app setting hotspot ip6_dns0 -v 2001:913::8
sudo yunohost app setting hotspot ip6_dns1 -v 2001:910:800::12
sudo yunohost app setting hotspot ip4_dns0 -v 80.67.188.188
sudo yunohost app setting hotspot ip4_dns1 -v 80.67.169.12
sudo yunohost app setting hotspot ip4_nat_prefix -v 10.0.242
sudo yunohost app setting hotspot vpnclient -v no

# Install IPv6 scripts
sudo install -o root -g root -m 0755 ../conf/ipv6_expanded /usr/local/bin/
sudo install -o root -g root -m 0755 ../conf/ipv6_compressed /usr/local/bin/

# Copy confs
sudo mkdir -pm 0755 /var/log/nginx/
sudo mkdir -pm 0755 /etc/dnsmasq.dhcpd/
sudo chown root: /etc/dnsmasq.dhcpd/

sudo install -b -o root -g root -m 0644 ../conf/hostapd.conf.tpl? /etc/hostapd/
sudo install -b -o root -g root -m 0644 ../conf/dnsmasq_dhcpdv6.conf.tpl /etc/dnsmasq.dhcpd/dhcpdv6.conf.tpl
sudo install -b -o root -g root -m 0644 ../conf/dnsmasq_dhcpdv4.conf.tpl /etc/dnsmasq.dhcpd/dhcpdv4.conf.tpl
sudo install -b -o root -g root -m 0644 ../conf/nginx_wifiadmin.conf "/etc/nginx/conf.d/${domain}.d/wifiadmin.conf"
sudo install -b -o root -g root -m 0644 ../conf/phpfpm_wifiadmin.conf /etc/php5/fpm/pool.d/wifiadmin.conf

# Copy (free) firmwares
# Extract from http://packages.trisquel.info/toutatis-updates/open-ath9k-htc-firmware
# https://www.fsf.org/news/ryf-certification-thinkpenguin-usb-with-atheros-chip
sudo install -b -o root -g root -m 0644 ../conf/firmware_htc-7010.fw /lib/firmware/htc-7010.fw
sudo install -b -o root -g root -m 0644 ../conf/firmware_htc-9271.fw /lib/firmware/htc-9271.fw

# Copy web sources
sudo mkdir -pm 0755 /var/www/wifiadmin/
sudo cp -a ../sources/* /var/www/wifiadmin/

sudo chown -R root: /var/www/wifiadmin/
sudo chmod -R 0644 /var/www/wifiadmin/*
sudo find /var/www/wifiadmin/ -type d -exec chmod +x {} \;

# Fix confs
## hostapd
sudo sed 's|^DAEMON_CONF=$|&/etc/hostapd/hostapd.conf|' -i /etc/init.d/hostapd

## nginx
sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i "/etc/nginx/conf.d/${domain}.d/wifiadmin.conf"
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/wifiadmin/|g' -i "/etc/nginx/conf.d/${domain}.d/wifiadmin.conf"
sudo sed 's|<TPL:PHP_NAME>|wifiadmin|g' -i "/etc/nginx/conf.d/${domain}.d/wifiadmin.conf"

## php-fpm
sudo sed 's|<TPL:PHP_NAME>|wifiadmin|g' -i /etc/php5/fpm/pool.d/wifiadmin.conf
sudo sed 's|<TPL:PHP_USER>|admin|g' -i /etc/php5/fpm/pool.d/wifiadmin.conf
sudo sed 's|<TPL:PHP_GROUP>|admins|g' -i /etc/php5/fpm/pool.d/wifiadmin.conf
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/wifiadmin/|g' -i /etc/php5/fpm/pool.d/wifiadmin.conf

# Fix sources
sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/wifiadmin/config.php

# Copy init script
sudo install -o root -g root -m 0755 ../conf/init_ynh-hotspot /etc/init.d/ynh-hotspot

# Update firewall for DHCP
sudo yunohost firewall allow --no-upnp --ipv6 UDP 547
sudo yunohost firewall allow --no-upnp UDP 67

# Set default inits
# The boot order of these services are important, so they are disabled by default
# and the ynh-hotspot service handles them.
# All services are registred by yunohost in order to prevent conflicts after the uninstall.
sudo yunohost service add hostapd 
sudo yunohost service stop hostapd 
sudo yunohost service disable hostapd 

sudo yunohost service add php5-fpm
sudo yunohost service enable php5-fpm

sudo service nginx reload

# Remove IPv6 address set if there is a VPN installed
if [ "${ip6_addr}" != none ]; then
  sudo ip -6 address show dev tun0 2> /dev/null | grep -q "${ip6_addr}/"
  if [ "$?" -eq 0 ]; then
    sudo ip address delete "${ip6_addr}/128" dev tun0 &> /dev/null
  fi
fi

sudo yunohost service add ynh-hotspot
sudo yunohost service enable ynh-hotspot
sudo service ynh-hotspot start

# Update SSO for wifiadmin
sudo yunohost app ssowatconf

exit 0