Louis Maillard | 80bb7b1 | 2024-07-22 15:50:45 -0400 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | set -e |
| 3 | |
| 4 | umask 022 |
| 5 | |
| 6 | create_server_keys() { |
| 7 | mkdir -p /etc/dhtnet/id |
| 8 | if [ ! -f /etc/dhtnet/id/id-server.crt ] && [ ! -f /etc/dhtnet/id/id-server.pem ]; then |
| 9 | echo "Generating server keys..." |
| 10 | dhtnet-crtmgr --setup -o /etc/dhtnet/ |
Louis Maillard | d887d3b | 2024-07-23 14:29:31 -0400 | [diff] [blame] | 11 | dhtnet-crtmgr -a -c /etc/dhtnet/id/id-server.crt -p /etc/dhtnet/id/id-server.pem |
Louis Maillard | 8ea2677 | 2024-07-23 14:32:33 -0400 | [diff] [blame] | 12 | configure_yaml |
Louis Maillard | 80bb7b1 | 2024-07-22 15:50:45 -0400 | [diff] [blame] | 13 | disable_dnc_service |
| 14 | fi |
Louis Maillard | 8ea2677 | 2024-07-23 14:32:33 -0400 | [diff] [blame] | 15 | echo "====================" |
| 16 | echo "dnc server installed and configured." |
| 17 | echo "To configure it, edit /etc/dhtnet/dnc.yaml" |
| 18 | echo "To enable and start server, run:" |
| 19 | echo " systemctl enable dnc.service" |
| 20 | echo " systemctl start dnc.service" |
| 21 | echo "To configure your dnc client, run:" |
| 22 | echo " dhtnet-crtmgr --interactive" |
| 23 | echo "====================" |
Louis Maillard | 80bb7b1 | 2024-07-22 15:50:45 -0400 | [diff] [blame] | 24 | } |
| 25 | |
| 26 | # reload_dnc_service() { |
| 27 | # status=$(systemctl is-active dnc.service || true) |
| 28 | # if [ "$status" = "failed" ]; then |
| 29 | # echo "dnc.service failed to start, try a restart after keys was created..." |
| 30 | # systemctl restart dnc.service |
| 31 | # fi |
| 32 | # } |
| 33 | |
| 34 | disable_dnc_service() { |
| 35 | systemctl stop dnc.service |
| 36 | systemctl disable dnc.service |
| 37 | } |
| 38 | |
Louis Maillard | 8ea2677 | 2024-07-23 14:32:33 -0400 | [diff] [blame] | 39 | configure_yaml() { |
| 40 | if [ -f /etc/dhtnet/dnc.yaml ]; then |
| 41 | sed -i 's/^#certificate:.*$/certificate: \"\/etc\/dhtnet\/id\/id-server.crt\"/' /etc/dhtnet/dnc.yaml |
| 42 | sed -i 's/^#privateKey:.*$/privateKey: \"\/etc\/dhtnet\/id\/id-server.pem\"/' /etc/dhtnet/dnc.yaml |
| 43 | else |
Louis Maillard | f81d36b | 2024-07-23 14:38:28 -0400 | [diff] [blame] | 44 | { |
| 45 | echo "# The bootstrap node serves as the entry point to the DHT network." |
| 46 | echo "# By default, bootstrap.jami.net is configured for the public DHT network and should be used for personal use only." |
| 47 | echo "# For production environments, it is recommended to set up your own bootstrap node to establish your own DHT network." |
| 48 | echo "# Documentation: https://docs.jami.net/en_US/user/lan-only.html#boostraping" |
| 49 | echo "bootstrap: \"bootstrap.jami.net\"" |
| 50 | echo "" |
| 51 | echo "# TURN server is used as a fallback for connections if the NAT block all possible connections." |
| 52 | echo "# By default is turn.jami.net (which uses coturn) but can be any TURN." |
| 53 | echo "# Developer must set up their own TURN server." |
| 54 | echo "# Documentation: https://docs.jami.net/en_US/developer/going-further/setting-up-your-own-turn-server.html" |
| 55 | echo "turn_host: \"turn.jami.net\"" |
| 56 | echo "turn_user: \"ring\"" |
| 57 | echo "turn_pass: \"ring\"" |
| 58 | echo "turn_realm: \"ring\"" |
| 59 | echo "" |
| 60 | echo "# When verbose is set to true, the server logs all incoming connections" |
| 61 | echo "verbose: false" |
| 62 | echo "" |
| 63 | echo "# On server, identities are saved in /etc/dhtnet/id/" |
| 64 | echo "certificate: \"/etc/dhtnet/id/id-server.crt\"" |
| 65 | echo "privateKey: \"/etc/dhtnet/id/id-server.pem\"" |
| 66 | echo "" |
| 67 | echo "# When anonymous is set to true, the server accepts any connection without checking CA" |
| 68 | echo "# When anonymous is set to false, the server allows only connection which are issued by the same CA as the server" |
| 69 | echo "anonymous: false" |
| 70 | echo "" |
Amna | 2ee14f0 | 2024-07-24 15:15:55 -0400 | [diff] [blame] | 71 | echo "# List of authorized services" |
| 72 | echo "# Each service is defined by an IP and a port" |
| 73 | echo "authorized_services:" |
| 74 | echo " - ip: \"127.0.0.1\"" |
| 75 | echo " port: 22" |
| 76 | echo " # - ip: \"127.0.0.1\"" |
| 77 | echo " # port: 80" |
| 78 | echo " # - ip: \"127.0.0.1\"" |
| 79 | echo " # port: 443" |
Louis Maillard | f81d36b | 2024-07-23 14:38:28 -0400 | [diff] [blame] | 80 | echo "" |
| 81 | } > /etc/dhtnet/dnc.yaml |
Louis Maillard | 8ea2677 | 2024-07-23 14:32:33 -0400 | [diff] [blame] | 82 | fi |
| 83 | } |
| 84 | |
Louis Maillard | 80bb7b1 | 2024-07-22 15:50:45 -0400 | [diff] [blame] | 85 | create_server_keys |