Merge pull request #10 from jeffeb3/hotspot

Hotspot

doc/index.rst

@@ -28,7 +28,7 @@ Here are the short instructions:
  * Edit the v1pi-wpa-supplicant.txt (not with notepad.exe)
  * Put it in a pi, and go to `http://v1pi.local <http://v1pi.local>`_
 
-The longer instructions, including auto wifi hotspot, and a bunch more detail are here:
+The longer instructions, including wifi hotspot, and a bunch more details are here:
 
 :doc:`setup`
 

doc/setup.rst

@@ -26,7 +26,6 @@ Step 3: Configure WiFi (Optional)
 If you don't want to connect this pi to your home WiFi network, then continue to the next step. If
 you're not sure, or you want to connect to your home WiFi, look at :doc:`wifi-setup`. Then come right back.
 
-
 Step 4: Start it for the first time
 ===================================
 
@@ -36,7 +35,7 @@ printer and power it up.
 The first time the pi boots, it will do some work to expand the filesystem to the full SD card size,
 and generally setting things up. This takes a few minutes.
 
-If you are using the pi as a hotspot (it's not connected to your WiFi) then the WiFi network may not
+If you are using the pi as a hotspot (it's *not* connected to your WiFi) then the WiFi network may not
 show up on the first boot (I'm not sure why, but in my tests, it wasn't coming up the first time).
 Wait a few minutes (literally 5 minutes is fine) and cycle power. Then wait a few more minutes
 and it should show up.
@@ -47,11 +46,14 @@ Step 5: Connecting
 Connect to Hot Spot
 -------------------
 
-* The Hot Spot will show up with an ssid of ``v1pi`` and a connection password of ``raspberry``.
+* The Hot Spot will show up with an ssid of ``raspap-webgui` and a connection password of
+  ``ChangeMe``.
 * Your computer might complain that you don't have an Internet connection. That's normal. The pi
   doesn't have Internet.
-* If you connect with this method, the pi's ip address is ``192.168.50.1``
-* Open `http://192.168.50.1 <http://192.168.50.1>`_
+* If you connect with this method, the pi's ip address is ``10.3.141.1``
+* Open `http://10.3.141.1 <http://10.3.141.1>`_
+* The RaspAP UI has a username of "admin" and a password of "secret.
+* Change your password! See below.
 
 Connect Through Your WiFi
 -------------------------
@@ -84,6 +86,12 @@ The landing page will give you a few sparse links to information about this imag
 
 .. image:: img/cncjs.png
 
+* RaspAP: Administration for the networking on the pi. Be careful, if you're editing this on the
+  network and you break it, how will you reconnect to fix it? Also, make sure you change the
+  passwords.
+
+.. image:: img/raspap.png
+
 Step 7: Change the Passwords
 ============================
 
@@ -110,21 +118,22 @@ You'll need to log into the pi to change the password.
 Changing the Hot Spot Password
 ------------------------------
 
-The hot spot *default* password is ``raspberry``. Any device within range can connect, and find your
+The hot spot *default* password is ``ChangeMe``. Any device within range can connect, and find your
 pi, or the web interface, and control your pi, and your CNC machine. It gets worse if you think
 about an infected device being in range, and not just a panel van with an antenna on it.
 
 Changing the password is easy, and will help you sleep at night. OK, maybe not, but writing this
 will help me sleep at night.
 
-The password is stored on the root file system in ``/etc/hostapd/hostapd.conf``. Log into the pi
-through ssh, or you can edit the file on the sd card from your computer (but not in notepad, use
-notepad++)
+1. Open the webpage: `http://10.3.141.1 <http://10.3.141.1>`_.
+
+1. Click on ``Configure Hotspot``.
+
+1. Click on ``Security``.
 
-    ``sudo nano /etc/hostapd/hostapd.conf``
+1. Change the password.
 
-Go down to where it says: ``wpa_passphrase=raspberry`` and change the word raspberry to something
-you want. Save the file (in nano, it's [Ctrl+x], y, enter).
+Also in RapsAP, there is the webgui password. Change it in ``System``.
 
 Set up a Webcam
 =========

doc/wifi-setup.rst

@@ -11,21 +11,20 @@ v1pi has two ways to set up the WiFi:
    from any device on your WiFi network
  * Hot Spot: The pi will create an access point which your devices can connect to.
 
+Hot Spot
+========
 
-Auto Hot Spot
-=============
-
-The Auto Hot Spot feature will create a Hot Spot when there is no client connection.
+The Hot Spot feature will create a Hot Spot.
 
  * You don't have to do anything to set it up.
 
-   * The default ssid is ``v1pi``
-   * The default passphrase is ``raspberry``. See the setup instructions for how to change it.
+   * The default ssid is ``raspap-webgui``
+   * The default passphrase is ``ChangeMe``. See the setup instructions for how to change it.
 
  * If your machine is in a location without WiFi coverage, this is a good option.
  * The pi will not have any access to the Internet, so updates and installing plugins will not be
    possible. You will have to connect to the Internet to get updates or plugins.
- * The IP Address of the machine will be ``192.168.50.1``. The bonjour hostname ``v1pi.local`` is
+ * The IP Address of the machine will be ``10.3.141.1``. The bonjour hostname ``v1pi.local`` is
    also available.
  * Since there is no Internet connection, it is more protected from attacks.
 

src/config

@@ -1,3 +1,4 @@
 export DIST_NAME=V1Pi
 export DIST_VERSION=0.16.0
-export MODULES="base(raspicam, network, nodejs, disable-services(octopi, cncjs, auto-hotspot), password-for-sudo)"
+export BASE_IMAGE_ENLARGEROOT=800
+export MODULES="base(raspicam, network, nodejs, disable-services(octopi, cncjs), raspap, password-for-sudo)"

src/custompios_path

@@ -1 +1 @@
-/home/jeffe/src/v1pi/dependencies/CustomPiOS/src/
+/home/jeffe/home/projects/v1pi/dependencies/CustomPiOS/src/

src/modules/cncjs/filesystem/home/pi/landingPage/serve.py

@@ -22,6 +22,23 @@ def getServiceRunning(service):
     print("{} is unknown".format(service))
     return False
 
+def getServiceInstalled(service):
+    try:
+        output = subprocess.check_output(['service', service, 'status'])
+    except subprocess.CalledProcessError as err:
+        output = err.output
+    if 'active (running)' in output:
+        print("{} is running".format(service))
+        return True
+    if 'active (exited)' in output:
+        print("{} has exited".format(service))
+        return True
+    if 'inactive (dead)' in output:
+        print("{} is dead".format(service))
+        return True
+    print("{} is unknown".format(service))
+    return False
+
 def callService(service, command):
     print("Running service {} {}".format(service, command))
     subprocess.call(['sudo', '/usr/sbin/service', service, command])
@@ -34,17 +51,23 @@ def root():
         service = None
         if 'octoprint' in request.form:
             service = 'octoprint'
-        if 'cncjs' in request.form:
+        elif 'cncjs' in request.form:
             service = 'cncjs'
+        elif 'lighttpd' in request.form:
+            service = 'lighttpd'
+        else:
+            return "Not Logical"
 
         if 'Start' == request.form[service]:
             callService(service, 'start')
         elif 'Stop' == request.form[service]:
             callService(service, 'stop')
         elif 'Restart' == request.form[service]:
-            callService(service, 'Restart')
+            callService(service, 'restart')
 
     return render_template('landingPage.html',
             octoprint_running=getServiceRunning("octoprint"),
+            raspap_installed=getServiceInstalled("lighttpd"),
+            raspap_running=getServiceRunning("lighttpd"),
             cncjs_running=getServiceRunning("cncjs"))
 

src/modules/cncjs/filesystem/home/pi/landingPage/templates/landingPage.html

@@ -12,6 +12,7 @@
                 <h2>Serve up Octoprint or CNC.js</h2>
                 <div class="about">
                     <a href="https://github.com/jeffeb3/v1pi">[about]</a>
+                    <a href="https://github.com/sponsors/jeffeb3">[sponsor]</a>
                 </div>
             </header>
         </div>
@@ -63,6 +64,33 @@ <h3>CNC.js <em>Stopped</em>
                 {% endif %}
             </div>
         </div>
+        {% if raspap_installed %}
+        <div class="row">
+            <div class="column">
+                <a style="color: #000;" href="#" onclick="javascript:window.location.port=8080">
+                    <div class="raspap">
+                        <img src="static/logo_raspap.png" width="200" height="200">
+                        <br>
+                        RaspAP
+                    </div>
+                </a>
+                {% if raspap_running %}
+                    <h3>RaspAP Running
+                        <form method="post" action="/">
+                            <input type="submit" name="lighttpd" value="Stop">
+                            <input type="submit" name="lighttpd" value="Restart">
+                        </form>
+                    </h3>
+                {% else %}
+                    <h3>RaspAP <em>Stopped</em>
+                        <form method="post" action="/">
+                            <input type="submit" name="lighttpd" value="Start">
+                        </form>
+                    </h3>
+                {% endif %}
+            </div>
+        </div>
+        {% endif %}
 
         <div class="container">
             <footer>

src/modules/cncjs/start_chroot_script

@@ -36,6 +36,7 @@ pushd /home/pi
       pushd landingPage/static
         ln -s /usr/local/lib/node_modules/cncjs/dist/cnc/web/images/logo-badge-256x256.png logo_cncjs.png
         ln -s /home/pi/oprint/lib/python2.7/site-packages/octoprint/static/img/logo.png logo_octoprint.png
+        ln -s /var/www/html/app/img/raspAP-logo.png logo_raspap.png
       popd
 
       #build virtualenv

src/modules/nodejs/config

@@ -2,9 +2,10 @@
 # All our config settings must start with NODEJS
 
 # node.js archive
-[ -n "$NODEJS_VERSION_STRING" ]  || NODEJS_VERSION_STRING="v6.2.1"
-[ -n "$NODEJS_VERSION_FOLDER" ]  || NODEJS_VERSION_FOLDER="node-$NODEJS_VERSION_STRING-linux-armv6l"
+# The version of node.js needed for cnc.js is 6: https://cnc.js.org/
+[ -n "$NODEJS_VERSION_STRING" ]  || NODEJS_VERSION_STRING="v6.17.1"
+[ -n "$NODEJS_ARCH_STRING" ]     || NODEJS_ARCH_STRING="linux-armv7l"
+[ -n "$NODEJS_VERSION_FOLDER" ]  || NODEJS_VERSION_FOLDER="node-$NODEJS_VERSION_STRING-$NODEJS_ARCH_STRING"
 [ -n "$NODEJS_VERSION_TAR" ]     || NODEJS_VERSION_TAR="$NODEJS_VERSION_FOLDER.tar.gz"
-[ -n "$NODEJS_VERSION_ARCHIVE" ] || NODEJS_VERSION_ARCHIVE="https://nodejs.org/dist/v6.2.1/$NODEJS_VERSION_TAR"
-[ -n "$NODEJS_INCLUDE_NVM" ] || NODEJS_INCLUDE_NVM=yes
+[ -n "$NODEJS_VERSION_ARCHIVE" ] || NODEJS_VERSION_ARCHIVE="https://nodejs.org/dist/$NODEJS_VERSION_STRING/$NODEJS_VERSION_TAR"
 

src/modules/raspap/config

@@ -0,0 +1,6 @@
+###############################################################################
+# All our config settings must start with RASPAP
+
+# RASPAP Script
+[ -n "$RASPAP_HOTSPOT_NAME" ] || RASPAP_HOTSPOT_NAME=${DIST_NAME,,}
+

src/modules/raspap/start_chroot_script

@@ -0,0 +1,115 @@
+#!/usr/bin/env bash
+# RaspAP install script
+#   Installs RaspAP in a raspberry pi image
+# Written by JeffEb3
+# GPL V3
+########
+set -x
+set -e
+
+export LC_ALL=C
+
+source /common.sh
+
+### Script ####
+
+echo "--- RaspAP Install"
+
+echo "--- RaspAP apt Install"
+apt-get update
+apt-get install -y git lighttpd php7.1-cgi hostapd dnsmasq vnstat
+#cleanup
+apt-get clean
+apt-get autoremove -y
+
+echo "--- RaspAP lighttpd Install"
+lighttpd-enable-mod fastcgi-php
+
+echo "--- RaspAP html Install"
+rm -rf /var/www/html
+git clone https://github.com/billz/raspap-webgui /var/www/html
+mv /var/www/html/app/icons/* /var/www/html
+chown -R www-data:www-data /var/www/html
+mkdir /etc/raspap
+mv /var/www/html/raspap.php /etc/raspap/
+chown -R www-data:www-data /etc/raspap
+
+echo "--- RaspAP sudoers Install"
+cat <<'EOT' >> /etc/sudoers
+# For security reasons, the www-data user which lighttpd runs under is not allowed to start or stop
+# daemons, or run commands like ifdown and ifup, all of which we want our page to do. So what I have
+# done is added the www-data user to the sudoers file, but with restrictions on what commands the
+# user can run
+
+www-data ALL=(ALL) NOPASSWD:/sbin/ifdown
+www-data ALL=(ALL) NOPASSWD:/sbin/ifup
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan_results
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] reconfigure
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] select_network
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl start hostapd.service
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop hostapd.service
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl start dnsmasq.service
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop dnsmasq.service
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl start openvpn-client@client
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/openvpn.ovpn /etc/openvpn/client/client.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf
+www-data ALL=(ALL) NOPASSWD:/sbin/shutdown -h now
+www-data ALL=(ALL) NOPASSWD:/sbin/reboot
+www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] down
+www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] up
+www-data ALL=(ALL) NOPASSWD:/sbin/ip -s a f label wlan[0-9]
+www-data ALL=(ALL) NOPASSWD:/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf
+www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/enablelog.sh
+www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/disablelog.sh
+www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/servicestart.sh
+www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
+www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
+EOT
+
+echo "--- RaspAP Hostapd Install"
+mkdir /etc/raspap/hostapd
+mv /var/www/html/installers/*log.sh /etc/raspap/hostapd
+mv /var/www/html/installers/service*.sh /etc/raspap/hostapd
+chown -c root:www-data /etc/raspap/hostapd/*.sh
+chmod 750 /etc/raspap/hostapd/*.sh
+
+echo "--- RaspAP Configuration"
+mv /var/www/html/config/default_hostapd /etc/default/hostapd
+mv /var/www/html/config/hostapd.conf /etc/hostapd/hostapd.conf
+mv /var/www/html/config/dnsmasq.conf /etc/dnsmasq.conf
+mv /var/www/html/config/dhcpcd.conf /etc/dhcpcd.conf
+mv /var/www/html/config/config.php /var/www/html/includes/
+
+sed -i 's@\(server.port\s*=\s*\)80@\18080@' /etc/lighttpd/lighttpd.conf
+sed -i "s@raspi-webgui@$RASPAP_HOTSPOT_NAME@" /etc/hostapd/hostapd.conf
+
+echo "--- RaspAP PHP Optimization"
+sed -i -E 's/^session\.cookie_httponly\s*=\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\s*$/session.cookie_httponly = 1/' /etc/php/7.1/cgi/php.ini
+sed -i -E 's/^;?opcache\.enable\s*=\s*(0|([O|o]ff)|([F|f]alse)|([N|n]o))\s*$/opcache.enable = 1/' /etc/php/7.1/cgi/php.ini
+phpenmod opcache
+
+echo "--- RaspAP rc.local Configuration"
+sed -i 's@exit 0@@' /etc/rc.local
+cat <<'EOT' >> /etc/rc.local
+echo 1 > /proc/sys/net/ipv4/ip_forward #RASPAP
+iptables -t nat -A POSTROUTING -j MASQUERADE #RASPAP
+iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE #RASPAP
+EOT
+echo 'exit 0' >> /etc/rc.local
+
+echo "--- RaspAP hostapd services"
+systemctl unmask hostapd.service
+systemctl enable hostapd.service
+
+mv /var/www/html/installers/raspap.service /lib/systemd/system
+systemctl enable raspap.service
+