diff --git a/Makefile b/Makefile index 41c22d3..512e56f 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ EMISSARY_ARCH ?= armv6 EMISSARY_RECONCILIATION_INTERVAL ?= EMISSARY_SERVER_URL ?= -BASE_INSTALL ?= install-emissary-files +BASE_INSTALL ?= install-emissary-files install-common-uci-defaults install-common-additional-agent-collectors ADDITIONAL_INSTALL ?= ADDITIONAL_OPENWRT_PACKAGES ?= diff --git a/install/bananapi.mk b/install/bananapi.mk index 590f4f2..3a976a2 100644 --- a/install/bananapi.mk +++ b/install/bananapi.mk @@ -1,7 +1,3 @@ install-bpi-r3-network-config: mkdir -p files/etc/config - cp misc/bpi-r3/uci/network files/etc/config/network - -install-bpi-r3-uci-defaults: - mkdir -p files/etc/uci-defaults - cp misc/bpi-r3/uci-defaults/* files/etc/uci-defaults/ \ No newline at end of file + cp misc/bpi-r3/uci/network files/etc/config/network \ No newline at end of file diff --git a/install/common.mk b/install/common.mk new file mode 100644 index 0000000..b0e3acd --- /dev/null +++ b/install/common.mk @@ -0,0 +1,6 @@ +install-common-uci-defaults: + mkdir -p files/etc/uci-defaults + cp misc/common/uci-defaults/* files/etc/uci-defaults/ + +install-common-additional-agent-collectors: tools/yq/bin/yq + tools/yq/bin/yq -i '.agent.collectors += load("misc/common/agent/collectors.yml")' files/etc/emissary/agent.yml \ No newline at end of file diff --git a/install/raspberrypi.mk b/install/raspberrypi.mk index 8de58de..c4d9935 100644 --- a/install/raspberrypi.mk +++ b/install/raspberrypi.mk @@ -1,7 +1,3 @@ install-rpi-network-config: mkdir -p files/etc/config - cp misc/rpi/uci/network files/etc/config/network - -install-rpi-uci-defaults: - mkdir -p files/etc/uci-defaults - cp misc/rpi/uci-defaults/* files/etc/uci-defaults/ \ No newline at end of file + cp misc/rpi/uci/network files/etc/config/network \ No newline at end of file diff --git a/misc/common/agent/collectors.yml b/misc/common/agent/collectors.yml new file mode 100644 index 0000000..24ceafa --- /dev/null +++ b/misc/common/agent/collectors.yml @@ -0,0 +1,9 @@ +- name: network-interfaces + command: ip + args: + - addr + - show +- name: emissary-firmware + commant: cat + args: + - /etc/emissary_firmware \ No newline at end of file diff --git a/misc/bpi-r3/uci-defaults/99-x86-uci-custom.sh b/misc/common/uci-defaults/99-emissary-common-uci-custom.sh similarity index 100% rename from misc/bpi-r3/uci-defaults/99-x86-uci-custom.sh rename to misc/common/uci-defaults/99-emissary-common-uci-custom.sh diff --git a/misc/rpi/uci-defaults/99-x86-uci-custom.sh b/misc/rpi/uci-defaults/99-x86-uci-custom.sh deleted file mode 100644 index ab96e76..0000000 --- a/misc/rpi/uci-defaults/99-x86-uci-custom.sh +++ /dev/null @@ -1,37 +0,0 @@ -#/bin/sh - -set -e - -main() { - # Update default firewall ruleset - uci add firewall rule - uci set firewall.@rule[-1].name='Allow SSH on WAN' - uci set firewall.@rule[-1].src='wan' - uci set firewall.@rule[-1].proto='tcp' - uci set firewall.@rule[-1].dest_port='22' - uci set firewall.@rule[-1].target='ACCEPT' - - uci add firewall rule - uci set firewall.@rule[-1].name='Allow HTTP on WAN' - uci set firewall.@rule[-1].src='wan' - uci set firewall.@rule[-1].proto='tcp' - uci set firewall.@rule[-1].dest_port='80' - uci set firewall.@rule[-1].target='ACCEPT' - - uci add firewall rule - uci set firewall.@rule[-1].name='Allow HTTPS on WAN' - uci set firewall.@rule[-1].src='wan' - uci set firewall.@rule[-1].proto='tcp' - uci set firewall.@rule[-1].dest_port='443' - uci set firewall.@rule[-1].target='ACCEPT' - - uci commit firewall - - # Disable DNS-rebind protection - uci set dhcp.@dnsmasq[0].rebind_protection='0' - uci commit dhcp - - reload_config -} - -main \ No newline at end of file diff --git a/misc/turris/omnia/uci-defaults/98-turris-omnia-uci-custom.sh b/misc/turris/omnia/uci-defaults/98-turris-omnia-uci-custom.sh deleted file mode 100644 index ab96e76..0000000 --- a/misc/turris/omnia/uci-defaults/98-turris-omnia-uci-custom.sh +++ /dev/null @@ -1,37 +0,0 @@ -#/bin/sh - -set -e - -main() { - # Update default firewall ruleset - uci add firewall rule - uci set firewall.@rule[-1].name='Allow SSH on WAN' - uci set firewall.@rule[-1].src='wan' - uci set firewall.@rule[-1].proto='tcp' - uci set firewall.@rule[-1].dest_port='22' - uci set firewall.@rule[-1].target='ACCEPT' - - uci add firewall rule - uci set firewall.@rule[-1].name='Allow HTTP on WAN' - uci set firewall.@rule[-1].src='wan' - uci set firewall.@rule[-1].proto='tcp' - uci set firewall.@rule[-1].dest_port='80' - uci set firewall.@rule[-1].target='ACCEPT' - - uci add firewall rule - uci set firewall.@rule[-1].name='Allow HTTPS on WAN' - uci set firewall.@rule[-1].src='wan' - uci set firewall.@rule[-1].proto='tcp' - uci set firewall.@rule[-1].dest_port='443' - uci set firewall.@rule[-1].target='ACCEPT' - - uci commit firewall - - # Disable DNS-rebind protection - uci set dhcp.@dnsmasq[0].rebind_protection='0' - uci commit dhcp - - reload_config -} - -main \ No newline at end of file diff --git a/misc/x86/uci-defaults/99-x86-uci-custom.sh b/misc/x86/uci-defaults/99-x86-uci-custom.sh deleted file mode 100644 index ab96e76..0000000 --- a/misc/x86/uci-defaults/99-x86-uci-custom.sh +++ /dev/null @@ -1,37 +0,0 @@ -#/bin/sh - -set -e - -main() { - # Update default firewall ruleset - uci add firewall rule - uci set firewall.@rule[-1].name='Allow SSH on WAN' - uci set firewall.@rule[-1].src='wan' - uci set firewall.@rule[-1].proto='tcp' - uci set firewall.@rule[-1].dest_port='22' - uci set firewall.@rule[-1].target='ACCEPT' - - uci add firewall rule - uci set firewall.@rule[-1].name='Allow HTTP on WAN' - uci set firewall.@rule[-1].src='wan' - uci set firewall.@rule[-1].proto='tcp' - uci set firewall.@rule[-1].dest_port='80' - uci set firewall.@rule[-1].target='ACCEPT' - - uci add firewall rule - uci set firewall.@rule[-1].name='Allow HTTPS on WAN' - uci set firewall.@rule[-1].src='wan' - uci set firewall.@rule[-1].proto='tcp' - uci set firewall.@rule[-1].dest_port='443' - uci set firewall.@rule[-1].target='ACCEPT' - - uci commit firewall - - # Disable DNS-rebind protection - uci set dhcp.@dnsmasq[0].rebind_protection='0' - uci commit dhcp - - reload_config -} - -main \ No newline at end of file diff --git a/targets/bananapi.mk b/targets/bananapi.mk index 3347c1c..747d501 100644 --- a/targets/bananapi.mk +++ b/targets/bananapi.mk @@ -4,7 +4,7 @@ bpi-r3: $(MAKE) \ OPENWRT_VERSION="23.05.0-rc3" \ IMAGEBUILDER_URL=https://downloads.openwrt.org/releases/23.05.0-rc3/targets/mediatek/filogic/openwrt-imagebuilder-23.05.0-rc3-mediatek-filogic.Linux-x86_64.tar.xz \ - ADDITIONAL_INSTALL="install-bpi-r3-network-config install-bpi-r3-uci-defaults" \ + ADDITIONAL_INSTALL="install-bpi-r3-network-config" \ ADDITIONAL_OPENWRT_PACKAGES="block-mount kmod-fs-ext4 kmod-usb-storage kmod-usb2" \ OPENWRT_TARGET="mediatek/filogic" \ EMISSARY_ARCH="arm64" \ diff --git a/targets/generic.mk b/targets/generic.mk index 75a5277..60876a1 100644 --- a/targets/generic.mk +++ b/targets/generic.mk @@ -2,7 +2,7 @@ all: x86-generic x86-generic: $(MAKE) \ - ADDITIONAL_INSTALL="install-x86-network-config install-x86-uci-defaults" \ + ADDITIONAL_INSTALL="install-x86-network-config" \ ADDITIONAL_OPENWRT_PACKAGES="dmidecode" \ OPENWRT_TARGET="x86/generic" \ EMISSARY_ARCH="386" \ diff --git a/targets/raspberrypi.mk b/targets/raspberrypi.mk index 2e51fd9..23da983 100644 --- a/targets/raspberrypi.mk +++ b/targets/raspberrypi.mk @@ -2,7 +2,7 @@ all: rpi-4 rpi-3 rpi-4: $(MAKE) \ - ADDITIONAL_INSTALL="install-rpi-network-config install-rpi-uci-defaults" \ + ADDITIONAL_INSTALL="install-rpi-network-config" \ OPENWRT_TARGET="bcm27xx/bcm2711" \ EMISSARY_ARCH="arm64" \ OPENWRT_PROFILE="rpi-4" \ @@ -10,7 +10,7 @@ rpi-4: rpi-3: $(MAKE) \ - ADDITIONAL_INSTALL="install-rpi-network-config install-rpi-uci-defaults" \ + ADDITIONAL_INSTALL="install-rpi-network-config" \ OPENWRT_TARGET="bcm27xx/bcm2710" \ EMISSARY_ARCH="arm64" \ OPENWRT_PROFILE="rpi-3" \