move to own repository, update everything

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) <year> <copyright holders>
+Copyright (c) 2023 Freifunk Gera-Greiz
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

Makefile

@@ -0,0 +1,19 @@
+02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start
+cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
+
+
+systemd-units: appliance/cert-renew.service appliance/cert-renew.timer
+	cp appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
+
+$(02firstboot): appliance/02firstboot.start
+	mkdir -p $(CHROOT)/usr/local/bin
+	cp $< $@
+	touch $(CHROOT)/02firstboot
+
+$(cert-renew.sh): appliance/cert-renew.sh
+	mkdir -p $(CHROOT)/etc/ssl
+	cp $< $@
+
+preinstall:
+
+postinstall: systemd-units $(02firstboot) $(cert-renew.sh)

appliance/02firstboot.start

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+# variables
+LABEL="DATA"
+TLD="freifunk-gera-greiz.de"
+HOST="gwx"
+ORGNAME="Freifunk example gateway"
+
+# start
+set -e
+
+[ -e /01firstboot ] && exit 0
+[ -e /02firstboot ] || exit 0
+
+# Certificate
+if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then
+    # angepaßtes Zertifikat vorhanden (kein example)
+    if [ ! -L /etc/ssl/cert-renew.sh ]; then
+        rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig"
+        mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig"
+    else
+        rm -f "/etc/ssl/cert-renew.sh"
+    fi
+    ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh"
+else
+    echo 'Create example certificate...'
+    mkdir -p "/$LABEL/CERTS/KEYS/"
+    mkdir -p "/$LABEL/CERTS/$HOST.$TLD"
+    echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
+    echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
+    echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
+    echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
+    echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
+    echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
+    openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem"
+    cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem"
+    touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
+fi
+
+rm -rf /etc/ssl/nginx
+mkdir -p /etc/ssl
+ln -sf "/$LABEL/etc/ssl/nginx" "/etc/ssl/nginx"
+
+/etc/ssl/cert-renew.sh
+
+rm /02firstboot

appliance/cert-renew.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=renew certificates from git store
+RefuseManualStart=no
+RefuseManualStop=yes
+ 
+[Service]
+Type=oneshot
+ExecStart=/etc/ssl/cert-renew.sh

appliance/cert-renew.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+
+HOST="gwx"
+TLD="freifunk-gera-greiz.de"
+FQDN="$HOST.$TLD"
+LABEL="DATA"
+
+CERT_DIR=/$LABEL/CERTS
+CERT_NGINX=/$LABEL/etc/ssl/nginx
+GETREPO=""
+GETUSER=""
+GETPASS=""
+
+function getCurrentVersion() {
+# Get hash from latest revision
+  git log --format=format:%H -1
+}
+
+cd $CERT_DIR
+
+if [ -z "$GETREPO" ]; then
+  GIT_REVISION=0
+  GIT_NEW_REVISION=1
+  cd $FQDN
+elif [ ! -d "$FQDN" ]; then
+  GIT_REVISION=0
+  git clone "https://$GETUSER:$GETPASS@$GETREPO"
+  cd $FQDN
+  GIT_NEW_REVISION=$(getCurrentVersion)
+else
+  cd $FQDN
+  GIT_REVISION=$(getCurrentVersion)
+  git commit -m "CRON: auto commit"
+  git fetch
+  git merge origin/master -m "Auto Merge"
+  GIT_NEW_REVISION=$(getCurrentVersion)
+fi
+
+echo "old: $GIT_REVISION"
+echo "new: $GIT_NEW_REVISION"
+
+if [ $GIT_REVISION != $GIT_NEW_REVISION ]
+then
+  echo "Update Nginx certificate..."
+  mkdir -p $CERT_NGINX
+  cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_NGINX/nginx.pem
+  cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_NGINX/nginx.key
+  chown nginx:nginx $CERT_NGINX/nginx.*
+  chmod 444 $CERT_NGINX/nginx.pem
+  chmod 400 $CERT_NGINX/nginx.key
+  echo "Restarting Nginx..."
+  systemctl is-active --quiet nginx && systemctl restart nginx
+fi
+
+exit 0

appliance/cert-renew.timer

@@ -0,0 +1,12 @@
+[Unit]
+Description=renew certificates from git store
+RefuseManualStart=no
+RefuseManualStop=no
+ 
+[Timer]
+Persistent=false
+OnCalendar=Sun *-*-* 03:33:00
+Unit=cert-renew.service
+ 
+[Install]
+WantedBy=default.target

package.accept_keywords

@@ -0,0 +1,14 @@
+## Freifunk
+#
+net-misc/bird
+net-vpn/tinc
+#
+# eigene Ebuilds
+dev-libs/libuecc
+net-misc/batctl
+net-misc/batman-adv
+net-misc/ecdsautils
+net-misc/ext-respondd
+net-misc/fastd
+net-misc/mesh-announce
+net-misc/tunneldigger

package.use

@@ -0,0 +1,6 @@
+app-misc/mime-types nginx
+media-libs/gd png fontconfig truetype
+net-analyzer/vnstat gd
+net-dns/dnsmasq auth-dns dhcp-tools
+net-misc/batman-adv bla dat mcast nc
+net-vpn/openvpn iproute2 passwordsave

va-ffgw.cfg

@@ -0,0 +1,3 @@
+REPO_NAMES += ff-overlay
+REPO_URI_ff-overlay = https://github.com/ffggrz/ff-overlay.git
+KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config

world

@@ -0,0 +1,26 @@
+net-analyzer/iptstate
+net-analyzer/nmap
+net-analyzer/tcpdump
+net-analyzer/traceroute
+net-analyzer/vnstat
+net-dns/bind-tools
+net-dns/dnsmasq
+net-firewall/ebtables
+net-firewall/ipt_netflow
+net-misc/batctl
+net-misc/batman-adv
+net-misc/bird
+net-misc/bridge-utils
+net-misc/ecdsautils
+net-misc/ext-respondd
+net-misc/fastd
+net-misc/iperf:3
+net-misc/mesh-announce
+net-misc/ntp
+net-misc/telnet-bsd
+net-misc/tunneldigger
+net-vpn/openvpn
+net-vpn/tinc
+sys-apps/texinfo
+sys-process/lsof
+www-servers/nginx