diff --git a/installation.md b/installation.md index f93874b..7ec6fcd 100644 --- a/installation.md +++ b/installation.md @@ -1,4 +1,5 @@ # Installation +> Note: in this configuration example the username `dn42` and "default" directories are used, if you want to use other change these in the examples. ## Server @@ -12,5 +13,67 @@ 3. remove comments in config file 6. run the server: `python backend/main.py` +to enable automatic start of this service on boot you can use this systemd .service file +``` +$ cat /lib/systemd/system/dn42-autopeer-web.service +[Unit] +Description=dn42 autopeering web frontend + +[Service] +# It should _not_ be run as root +User=dn42 +Group=dn42 +Type=simple +Restart=on-failure +RestartSec=5s +WorkingDirectory=web +ExecStart=start.sh + +[Install] +WantedBy=multi-user.target +``` + ## Nodes -#todo \ No newline at end of file + +1. clone repository to the node(s) or copy "nodes" directory to the nodes +2. change directory into `nodes` +3. create VirtualEnv: run `python3 -m venv venv` then `source venv/bin/activate` +4. install dependencies: `pip install -r requirement.txt` +5. create config file: + 1. `cp node.config.example.json config.json` + 2. edit example config to represent your situation + 3. remove comments in config file +6. update the templates to represent the settings of the node +7. setup file permissions for wireguard and bird config files: + - bird: + - add the dn42 user to the bird group: `usermod -a -G bird dn42` + - allow the bird group to edit config files: `chmod ug+rwx /etc/bird/peers/` + - allow user+group bird to edit peers configs `chmod ug+rw /etc/bird/peers/ -R` + - `chown bird:bird /etc/bird/peers -R` + - wireguard: + - `chown root:dn42 /etc/wireguard` + - `chmod ug+rw /etc/wireguard/*` + - `chmod 600 /etc/wireguard/dn42.priv` +8. allow `dn42` user to start/stop/enable/disable wireguard tunnels: + - add the `wg-services.sh` script to `/etc/sudoers` using `visudo`
`Cmnd_Alias WG_SERVICES = /path/to/autopeering/nodes/wg-services.sh`
`dn42 ALL=(ALL) NOPASSWD:WG_SERVICES` +9. run the server: `python backend/main.py` + +to enable automatic start of this service on boot you can use this systemd .service file +``` +$ cat /lib/systemd/system/dn42-autopeer-node.service +[Unit] +Description=dn42 autopeering node daemon + +[Service] +# It should _not_ be run as root +User=dn42 +Group=dn42 +Type=simple +Restart=on-failure +RestartSec=5s +WorkingDirectory=/nodes +ExecStart=start.sh + +[Install] +WantedBy=multi-user.target +``` \ No newline at end of file diff --git a/nodes/start.sh b/nodes/start.sh new file mode 100644 index 0000000..24d3f53 --- /dev/null +++ b/nodes/start.sh @@ -0,0 +1,3 @@ +#! /bin/bash +source venv/bin/activate +python main.py \ No newline at end of file diff --git a/nodes/wg-services.sh b/nodes/wg-services.sh new file mode 100644 index 0000000..196b4ea --- /dev/null +++ b/nodes/wg-services.sh @@ -0,0 +1,25 @@ +#!/bin/bash +ACTION=$1 + +case $ACTION in + enable) + systemctl enable "wg-quick@dn42_$2"; + ;; + + disable) + systemctl disable "wg-quick@dn42_$2" + ;; + + start) + systemctl start "wg-quick@dn42_$2" + ;; + + stop) + systemctl stop "wg-quick@dn42_$2" + ;; + + *) + echo “User Selected Choice not present” + exit 1 + +esac \ No newline at end of file diff --git a/web/start.sh b/web/start.sh new file mode 100644 index 0000000..22f772a --- /dev/null +++ b/web/start.sh @@ -0,0 +1,3 @@ +#! /bin/bash +source venv/bin/activate +python backend/main.py \ No newline at end of file