Add tha WiFi access point setup script

LINCnil · Feb 16, 2024 · 62e1ff1 · 62e1ff1
1 parent 4210945
commit 62e1ff1
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 1 deletion.
diff --git a/bootstrap.sh b/bootstrap.sh
@@ -65,8 +65,9 @@ mkdir -p "${DATA_DEST_PATH}/cnf"
 cp -vr "${SHARED_DIR}/cnf" "$DATA_DEST_PATH"
 cp -v "${SHARED_DIR}/configure.sh" "$DATA_DEST_PATH"
 cp -v "${SHARED_DIR}/finalize_install.sh" "$DATA_DEST_PATH"
+cp -v "${SHARED_DIR}/wifi_ap_setup.sh" "$DATA_DEST_PATH"
 arch-chroot "$INSTALL_MOUNT_POINT_ROOT" /bin/bash "${CHROOT_DATA_DEST_PATH}/configure.sh"
-rm -rf "${DATA_DEST_PATH}/cnf" "${DATA_DEST_PATH}/configure.sh" "${DATA_DEST_PATH}/finalize_install.sh"
+rm -rf "${DATA_DEST_PATH}/cnf" "${DATA_DEST_PATH}/configure.sh" "${DATA_DEST_PATH}/finalize_install.sh" "${DATA_DEST_PATH}/wifi_ap_setup.sh"
 
 # Finalisation
 umount -R /mnt

diff --git a/configure.sh b/configure.sh
@@ -11,6 +11,8 @@ CTRL_HOME="/home/${CTRL_USERNAME}"
 CTRL_DESKTOP="${CTRL_HOME}/Bureau"
 CTRL_AUR_BUILD_DIR="$CTRL_HOME"
 CTRL_SCRIPT_DATA="/root/script_data"
+CTRL_LOCAL_DATA="${CTRL_HOME}/.local"
+CTRL_BIN_DATA="${CTRL_LOCAL_DATA}/bin"
 
 # Ce mot de passe n’étant utilisé que pour une machine virtuelle devant pouvoir être reproduite par les organismes contrôlés,
 # il est nécessaire de le publier au même titre que le reste des scripts de créations de la machine.
@@ -94,6 +96,12 @@ chown --recursive "${CTRL_USERNAME}:${CTRL_GROUP}" "${CTRL_HOME}/.config/autosta
 chmod 755 "${CTRL_HOME}/script_data/finalize_install.sh"
 chmod 755 "${CTRL_HOME}/.config/autostart/auto_install.desktop"
 
+# Répertoire des exécutables
+mkdir -p "${CTRL_BIN_DATA}"
+cp -v "${CTRL_SCRIPT_DATA}/wifi_ap_setup.sh" "${CTRL_BIN_DATA}"
+chown --recursive "${CTRL_USERNAME}:${CTRL_GROUP}" "${CTRL_LOCAL_DATA}"
+echo 'export PATH="$PATH:$HOME/.local/bin"' >>"${CTRL_HOME}/.bashrc"
+
 # Agencement clavier
 cat >"${CTRL_HOME}/.config/kxkbrc" << EOF
 [\$Version]

diff --git a/wifi_ap_setup.sh b/wifi_ap_setup.sh
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+
+# Paramètres du point d'accès
+# En cas de problème de connexion, utiliser un autre canal (de 1 à 11)
+AP_CHANNEL="1"
+AP_NAME="CNIL-CEL-AP-$(openssl rand -hex 2)"
+echo "Nom du point d'accès : ${AP_NAME}"
+echo -n "Mot de passe du point d'accès : "
+read AP_PASSWORD
+
+# Nom des interfaces réseau
+OUT_INTERFACE="enp0s3"
+AP_INTERFACE="$(ip -json address | jq -r '.[].ifname' | grep '^wl')"
+NB_INTERFACES=$(echo "$AP_INTERFACE" | wc -l)
+if [[ "$AP_INTERFACE" = "" ]]; then
+	echo "Erreur: aucune interface détectée"
+	exit 1
+fi
+if [[ "$NB_INTERFACES" != "1" ]]; then
+	echo "Erreur: $NB_INTERFACES interfaces détectées"
+	exit 1
+fi
+
+# Configuration de dnsmasq
+cat <<EOF > /etc/dnsmasq.conf
+log-facility=/var/log/dnsmasq.log
+# adressage fait manuellement ensuite avec ifconfig :
+#address=/#/10.0.0.1
+interface=${AP_INTERFACE}
+dhcp-range=10.0.0.10,10.0.0.250,48h
+# définition de la route par défaut (3) et du serveur DNS (6) :
+dhcp-option=3,10.0.0.1
+dhcp-option=6,10.0.0.1
+#no-resolv
+log-queries
+EOF
+systemctl restart dnsmasq.service
+
+# Configuration de l'interface réseau
+ip link set dev "${AP_INTERFACE}" down
+ip link set dev "${AP_INTERFACE}" up
+ip a add 10.0.0.1/24 dev "${AP_INTERFACE}"
+
+# Transfert des paquets IP
+sysctl net.ipv4.ip_forward=1
+sysctl net.ipv4.conf.all.forwarding=1
+sysctl net.ipv6.conf.all.forwarding=1
+
+systemctl restart nftables.service
+nft add table inet nat
+nft add chain inet nat postrouting { type nat hook postrouting priority 100 \; }
+nft add rule inet nat postrouting oifname "${OUT_INTERFACE}" masquerade
+
+# Configuration du point d'access
+cat <<EOF > /etc/hostapd/hostapd.conf
+# vérifier le nom de l'interface wifi
+interface=${AP_INTERFACE}
+# laisser le driver par défaut
+driver=nl80211
+channel=${AP_CHANNEL}
+ssid=${AP_NAME}
+wpa=2
+wpa_passphrase=${AP_PASSWORD}
+wpa_key_mgmt=WPA-PSK
+wpa_pairwise=CCMP
+# Change the broadcasted/multicasted keys after this many seconds.
+wpa_group_rekey=600
+# Change the master key after this many seconds. Master key is used as a basis
+wpa_gmk_rekey=86400
+EOF
+systemctl restart hostapd.service