eval cast, use rc.local, support open wifi, don't wait for connectivity, check netplan hash

Author: ipitio

README.md

@@ -32,7 +32,7 @@ A SaaH-HaaS[-Spoke] topology may be useful when you can't forward the WireGuard
 Move everything in `examples/` out to the parent directory. The files to edit are:
 
 - `dhcp/*dhcp*`: DHCP config, if you want to use the node as a DHCP server but not using Pi-hole
-- `netplan/{closed,open}.yml`: network config when internet is reachable or not, respectively
+- `netplan.yml`: network config
 - `env.sh`: environment variables for the scripts
 - `compose.yml`: environment variables for the services and bare WireGuard
 - `hooks/{pre,post}-{up,down}.sh`: scripts that run from the active user's home directory before and after everything is started or stopped
@@ -58,10 +58,10 @@ To customize iptables, modify the relevant lines in `start.sh` and `stop.sh`.
 Set a node up in two or three steps:
 
 1. Move this directory to the target in any way you like. If you install the `deb` package provided in [Releases](https://github.com/ipitio/closure/releases), it will be created as `/opt/closure`.
-2. Edit the files above, run `init.sh` if you didn't install the package, and reboot.
+2. Edit the files above. If you didn't install the package, change the path in `rc.local` and move it to `/etc`. Now reboot.
 3. On a Hub or HaaS, add a Spoke or SaaH peer by running `add.sh` (as described below). Then, for a SaaH, add an `SERVER_ALLOWEDIPS_PEER_[SaaH]=` environment variable -- using the peer's name sans the brackets -- for the wireguard service with the difference of `0.0.0.0/1,128.0.0.0/1,::/1,8000::/1` and the peer's IP, and run `sudo bash restart.sh`. This [AllowedIPs Calculator](https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator) is pretty nifty. Follow a similar process for a Spoke, if needed.
 
-Set a Hub or HaaS up first, so you can generate the necessary peer configuration for a Spoke or SaaH, then drop it in the Spoke's or SaaH's `wireguard/config/wg_confs` directory after completing Step 1 for it.
+Set a Hub or HaaS up first, so you can generate the necessary peer configuration for a Spoke or SaaH, then drop it in the Spoke's or SaaH's `wireguard/config/wg_confs` directory before their reboot.
 
 > [!NOTE]
 > Any arguments passed to `kickstart.sh` are passed to `init.sh` and `start.sh`, and `init.sh` can add or edit wifi networks -- useful on a Raspberry Pi Zero (2) W! See the top of `init.sh` for the arguments it takes.

ddns.sh

@@ -6,3 +6,4 @@ this_dir=$(dirname "$(readlink -f "$0")")
 pushd "$this_dir" || exit 1
 source "lib.sh"
 direct_domain "$(grep -oP '((?<=http:\/\/)|(?<=https:\/\/)).+?[^/?]+' <<<"$CLS_DYN_DNS")" "wget --no-check-certificate -O - $CLS_DYN_DNS >> /tmp/ddns.log 2>&1"
+popd || exit 1

debian/control

@@ -4,7 +4,7 @@ Homepage: https://github.com/ipitio/closure
 Standards-Version: 3.9.2
 
 Package: closure
-Version: 1.5
+Version: 1.5.1
 Maintainer: ipitio <21136719+ipitio@users.noreply.github.com>
 Depends: containerd.io, curl, docker-ce, docker-ce-cli, docker-buildx-plugin, docker-compose-plugin, flatpak, hostapd, isc-dhcp-server, iw, macchanger, network-manager, net-tools, qrencode, rfkill, wireguard, wireless-tools, wget
 Recommends: build-essential, byobu, dkms, iperf3, nmap, tmux, traceroute, wmctrl

debian/postinst

@@ -1,4 +1,7 @@
 #!/bin/bash
 # shellcheck disable=SC1003
 
-bash /opt/closure/init.sh
+# Reinstall if no installed
+[ -f /etc/rc.local ] || echo "#\!/bin/bash" | tr -d '\\' | tee /etc/rc.local >/dev/null
+grep -q closure /etc/rc.local || echo "[ -f /opt/closure/installed ] || bash /opt/closure/kickstart.sh" | tee -a /etc/rc.local >/dev/null
+chmod +x /etc/rc.local

examples/netplan/closed.yml examples/netplan.ymlexamples/netplan/closed.yml renamed to examples/netplan.yml

@@ -86,7 +86,7 @@ source "lib.sh"
 [ -f config/wifis.json ] || echo "{}" >config/wifis.json
 if [ -n "$WIFI" ]; then
     ! $PORTAL || jq "(. | select([\"$WIFI\"]) | .[\"$WIFI\"]) = \"$MAC\"" config/wifis.json | sudo tee config/wifis.json
-    for conf in open closed; do [[ -n "$PASSWD" || "$PASSWD" != "\"\"" ]] && yq -i ".network.wifis.$CLS_WIFACE.access-points.[\"$WIFI\"].password=\"$PASSWD\"" netplan/"$conf".yml || yq -i ".network.wifis.$CLS_WIFACE.access-points.[\"$WIFI\"]={}" netplan/"$conf".yml; done
+    [[ -n "$PASSWD" && "$PASSWD" != "\"\"" ]] && yq -i ".network.wifis.$CLS_WIFACE.access-points.[\"$WIFI\"].password=\"$PASSWD\"" netplan.yml || yq -i ".network.wifis.$CLS_WIFACE.access-points.[\"$WIFI\"]={}" netplan.yml
 fi
 
 # Free port 53 on Ubuntu for Pi-hole
@@ -171,7 +171,7 @@ echo "network: {config: disabled}" | sudo tee /etc/cloud/cloud.cfg.d/99-disable-
 sudo rm -f /etc/netplan/50-cloud-init.yaml
 sudo rfkill unblock wlan
 sudo iw reg set PA
-set_netplan closed
+set_netplan "$WIFI"
 sudo busctl --system set-property org.freedesktop.NetworkManager /org/freedesktop/NetworkManager org.freedesktop.NetworkManager ConnectivityCheckEnabled "b" 0 2>/dev/null
 
 set_mac="$(jq ".$(iw dev | grep -zoE "$CLS_WIFACE.*type" | tr '\0' '\n' | grep -oP '(?<=ssid ).+')" config/wifis.json 2>/dev/null | tr -d '"')"
@@ -266,10 +266,6 @@ sudo systemctl mask hostapd &>/dev/null
 # Kodi
 [ -f /home/"$CLS_ACTIVE_USER"/.kodi/.cls ] || sudo cp -r kodi /home/"$CLS_ACTIVE_USER"/.kodi
 
-# Reinstall if no installed
-[ -f /etc/rc.local ] || echo "#\!/bin/bash" | tr -d '\\' | tee /etc/rc.local >/dev/null
-grep -q closure /etc/rc.local || echo "[ -f $this_dir/installed ] || bash $this_dir/kickstart.sh" | tee -a /etc/rc.local >/dev/null
-chmod +x /etc/rc.local
-touch installed
-
+sudo mkdir -p /opt/closure
+sudo touch /opt/closure/installed
 popd || exit 1

examples/netplan/open.yml

@@ -62,11 +62,12 @@ get_local_ip() {
 }
 
 CLS_TYPE_NODE=$(echo "$CLS_TYPE_NODE" | tr '[:upper:]' '[:lower:]')
-CLS_LOCAL_IP=$(get_local_ip)
 CLS_WG_SERVER=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--').1
 CLS_WG_SERVER_IP=""
 
 set_netplan() {
+    [[ "$(md5sum netplan.yml | cut -d' ' -f1 | sudo tee new.netplan.hash)" != "$(cat netplan.hash 2>/dev/null)" || -n "$1" ]] || return 0
+    sudo mv -f new.netplan.hash netplan.hash
     ps -aux | grep -P "^[^-]+hostapd" | awk '{print $2}' | while read -r pid; do sudo kill -9 "$pid" &>/dev/null; done
     IFS='/' read -r -a wifaces <<<"$CLS_AP_WIFACES"
 
@@ -75,16 +76,14 @@ set_netplan() {
         [[ ! "$wiface" =~ @ ]] || sudo iw dev "$wiface" del &>/dev/null
     done
 
-    sudo cp -f netplan/"${1:-open}".yml /etc/netplan/99_config.yaml
+    sudo cp -f netplan.yml /etc/netplan/99_config.yaml
     sudo chmod 0600 /etc/netplan/99_config.yaml
     sudo netplan apply
     sudo iw dev "$CLS_WIFACE" set power_save off
     sudo cp -f /etc/resolv.conf.bak /etc/resolv.conf
-    local try=0
-    until CLS_LOCAL_IP=$(get_local_ip); do ((try++)) && ((try > 60)) && return 1 || sleep 1; done
+    get_local_ip # set variables
     [ -z "$CLS_LOCAL_IFACE" ] || sudo tc qdisc del dev "$CLS_LOCAL_IFACE" root &>/dev/null
     [ -z "$CLS_LOCAL_IFACE" ] || sudo tc qdisc replace dev "$CLS_LOCAL_IFACE" root cake "$([ -z "$CLS_BANDWIDTH" ] && echo diffserv8 || echo "bandwidth $CLS_BANDWIDTH diffserv8")" nat docsis ack-filter
-    sed -i "s/#\?- FTLCONF_LOCAL_IPV4=.*$/- FTLCONF_LOCAL_IPV4=$CLS_LOCAL_IP/" compose.yml
 }
 
 is_ip() {

init.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# directory where closure is installed
+CLS_PATH="/opt/closure"
+
+# don't change it here
+[ -f /opt/closure/installed ] || bash "$CLS_PATH"/kickstart.sh

lib.sh

@@ -17,7 +17,7 @@ if $CLS_AP_HOSTAPD; then
         config="${wifaces_configs[$wiface]}"
         [ "$config" != "." ] || config="$wiface"
 
-        if [ -f hostapd/"$config".conf ] && iw dev | grep -zP "Interface $wiface\n" && ! iw dev "$wiface" info | grep -q ssid; then
+        if [ -f hostapd/"$config".conf ] && iw dev | grep -qzP "Interface $wiface\n" && ! iw dev "$wiface" info | grep -q ssid; then
             # https://raw.githubusercontent.com/MkLHX/AP_STA_RPI_SAME_WIFI_CHIP/refs/heads/master/ap_sta_config2.sh
             [[ ! "$wiface" =~ @ ]] || until [ -n "$freq" ]; do freq=$(iwconfig "$wiface" | grep -oP '(?<=Frequency:)\S+' | tr -d '.'); done
             [[ ! "$wiface" =~ @ ]] || sudo sed -i "s/^\(channel=\).*/\1$(iw list | grep "$freq." | head -n1 | grep -oP '(?<=\[)[^\]]+')/" hostapd/"$config".conf
@@ -49,8 +49,8 @@ for table in nat filter; do
     done
 done
 
-cast pre-up ${@@Q}
-until ping -c1 1.1.1.1 &>/dev/null || ((timer++ == 90)); do set_netplan open; done
+eval "cast pre-up ${*@Q}"
+local_ip=$(get_local_ip)
 sudo cp -f /etc/resolv.conf.bak /etc/resolv.conf
 
 (
@@ -85,7 +85,7 @@ sudo cp -f /etc/resolv.conf.bak /etc/resolv.conf
         sleep 5
     done
 
-    exec sudo bash restart.sh ${@@Q}
+    exec sudo bash restart.sh "$@"
 ) &
 
 if $CLS_DOCKER; then
@@ -94,6 +94,7 @@ if $CLS_DOCKER; then
     if ! ip a show "$CLS_INTERN_IFACE" | grep -q UP; then
         sudo systemctl restart docker
         sudo docker network prune -f
+        sed -i "s/#\?- FTLCONF_LOCAL_IPV4=.*$/- FTLCONF_LOCAL_IPV4=$local_ip/" compose.yml
         sudo docker compose --profile prod up -d --force-recreate --remove-orphans
     elif ! sudo docker ps | grep -qE "wireguard.*Up"; then
         sudo docker compose --profile prod up -d --force-recreate --remove-orphans
@@ -147,9 +148,9 @@ if sudo docker ps | grep -qE "pihole.*Up" && ! sudo docker exec pihole sh -c "if
     sudo docker exec pihole sed -i '/^.*_.*=.*$/!d' /etc/pihole/versions # pihole-updatelists seems to break this
 
     # proxy for dhcphelper
-    sudo docker exec pihole bash -c "echo 'dhcp-option=option:dns-server,$CLS_LOCAL_IP' | tee /etc/dnsmasq.d/99-dns.conf >/dev/null" || :
+    sudo docker exec pihole bash -c "echo 'dhcp-option=option:dns-server,$local_ip' | tee /etc/dnsmasq.d/99-dns.conf >/dev/null" || :
     sudo docker compose restart --no-deps pihole
 fi
 
-cast post-up ${@@Q}
+eval "cast post-up ${*@Q}"
 popd || exit