diff options
author | Evgeny Zinoviev <me@ch1p.io> | 2023-06-03 01:00:49 +0300 |
---|---|---|
committer | Evgeny Zinoviev <me@ch1p.io> | 2023-06-03 01:00:49 +0300 |
commit | 3e3753d726f8a02d98368f20f77dd9fa739e3d80 (patch) | |
tree | 09622bb713c8065952cf9cb37111285a5389bf09 | |
parent | a1c7aff91f38473481590489f41b86d41df9a29d (diff) |
add various scripts to not lose them
-rw-r--r-- | doc/common_requirements.md | 2 | ||||
-rw-r--r-- | misc/openwrt/etc/hotplug.d/iface/99-ifup | 21 | ||||
-rw-r--r-- | misc/openwrt/etc/rc.local | 70 | ||||
-rw-r--r-- | misc/openwrt/root/bin/setup-routing.sh (renamed from misc/openwrt/setup-routing.sh) | 0 | ||||
-rw-r--r-- | misc/scripts/ipcam_capture_restart.sh | 7 | ||||
-rw-r--r-- | misc/scripts/ipcam_rtsp2hls_restart.sh | 8 | ||||
-rw-r--r-- | misc/scripts/make_netns_per_upstream.sh | 38 | ||||
-rw-r--r-- | systemd/ipcam_capture@.service | 2 | ||||
-rw-r--r-- | systemd/ipcam_rtsp2hls@.service | 1 | ||||
-rw-r--r-- | systemd/ipcam_server.service | 3 |
10 files changed, 149 insertions, 3 deletions
diff --git a/doc/common_requirements.md b/doc/common_requirements.md index 4a85888..a928bde 100644 --- a/doc/common_requirements.md +++ b/doc/common_requirements.md @@ -1,4 +1,4 @@ Debian packages: ``` -apt-get install git cmake build-essential python3-dev python3-wheel python3-pip python3-build python3-yaml python3-toml python3-psutil python3-aiohttp python3-requests python3-apscheduler python3-smbus +apt-get install git cmake build-essential python3-dev python3-wheel python3-pip python3-build python3-yaml python3-toml python3-psutil python3-aiohttp python3-requests python3-apscheduler python3-smbus traceroute tcpdump ``` diff --git a/misc/openwrt/etc/hotplug.d/iface/99-ifup b/misc/openwrt/etc/hotplug.d/iface/99-ifup new file mode 100644 index 0000000..e3562cd --- /dev/null +++ b/misc/openwrt/etc/hotplug.d/iface/99-ifup @@ -0,0 +1,21 @@ +#!/bin/sh + +tables="mts-azov rt-azov mts-il" +net= + +case "$ACTION" in + ifup) + case "$INTERFACE" in + eth2) + net=192.168.7 + ;; + eth3) + net=192.168.8 + ;; + esac + if [ -z "$net" ]; then exit; fi + for t in $tables; do + ip r add ${net}.0/24 via ${net}.1 table $t + done + ;; +esac
\ No newline at end of file diff --git a/misc/openwrt/etc/rc.local b/misc/openwrt/etc/rc.local new file mode 100644 index 0000000..407d1eb --- /dev/null +++ b/misc/openwrt/etc/rc.local @@ -0,0 +1,70 @@ +# Put your custom commands here that should be executed once +# the system init finished. By default this file does nothing. + +TABLES="mts-azov rt-azov mts-il" + +# create ip sets +for _table in $TABLES; do + ipset create $_table hash:net +done + +# add untrusted cameras set +ipset create ipcam hash:net +for addr in $(seq 21 69); do + ipset add ipcam 192.168.5.${addr} +done + +sleep 0.1 + +# block internet access for untrusted cameras +iptables -I FORWARD 1 -m set --match-set ipcam src ! -d 192.168.5.0 -j REJECT + +# add some default routing rules +ipset add mts-azov 192.168.5.0/24 # everybody +ipset add mts-azov 192.168.5.163 # cs1 +ipset add mts-azov 192.168.5.212 # cs2 +ipset add mts-azov 192.168.5.161 # cs3 + +ipset add rt-azov 192.168.5.133 # roof2 +ipset add rt-azov 192.168.5.115 # room +ipset add rt-azov 192.168.5.170 # room + +ipset add mts-il 192.168.5.120 # inv +ipset add mts-il 192.168.5.223 # inv +ipset add mts-il 192.168.5.143 # roof1 + +# create rules +ip rule add fwmark 100 table mts-azov +ip rule add fwmark 101 table rt-azov +ip rule add fwmark 102 table mts-il + +# set default route for each custom routing table +ip route add default via 192.168.7.1 table mts-azov +ip route add default via 192.168.8.1 table rt-azov +ip route add default via 192.168.88.1 table mts-il # via mikrotik + +# fix local routes +for _table in $TABLES; do + ip route add 192.168.5.0/24 via 192.168.5.1 table $_table + ip route add 192.168.6.0/24 via 192.168.88.1 table $_table + ip route add 192.168.7.0/24 via 192.168.7.1 table $_table + ip route add 192.168.8.0/24 via 192.168.8.1 table $_table + ip route add 192.168.88.0/24 via 192.168.88.1 table $_table +done + +# iptables rules (see also /etc/firewall.user) +sleep 0.5 + +# pass already-marked packets +iptables -t mangle -A PREROUTING -m mark ! --mark 0x0 -j ACCEPT + +iptables -t mangle -A PREROUTING -m set --match-set mts-azov src -j MARK --set-mark 0x64 +iptables -t mangle -A OUTPUT -m set --match-set mts-azov src -j MARK --set-mark 0x64 + +iptables -t mangle -A PREROUTING -m set --match-set mts-il src -j MARK --set-mark 0x66 +iptables -t mangle -A OUTPUT -m set --match-set mts-il src -j MARK --set-mark 0x66 + +iptables -t mangle -A PREROUTING -m set --match-set rt-azov src -j MARK --set-mark 0x65 +iptables -t mangle -A OUTPUT -m set --match-set rt-azov src -j MARK --set-mark 0x65 + +exit 0 diff --git a/misc/openwrt/setup-routing.sh b/misc/openwrt/root/bin/setup-routing.sh index b384541..b384541 100644 --- a/misc/openwrt/setup-routing.sh +++ b/misc/openwrt/root/bin/setup-routing.sh diff --git a/misc/scripts/ipcam_capture_restart.sh b/misc/scripts/ipcam_capture_restart.sh new file mode 100644 index 0000000..85144da --- /dev/null +++ b/misc/scripts/ipcam_capture_restart.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +for f in $(ls /etc/ipcam_capture.conf.d/ | xargs); do + camera="${f/.conf/}" + echo "restarting $camera" + systemctl restart ipcam_capture@${camera} +done
\ No newline at end of file diff --git a/misc/scripts/ipcam_rtsp2hls_restart.sh b/misc/scripts/ipcam_rtsp2hls_restart.sh new file mode 100644 index 0000000..61ee623 --- /dev/null +++ b/misc/scripts/ipcam_rtsp2hls_restart.sh @@ -0,0 +1,8 @@ +#!/bin/bash +cd /etc/ipcam_rtsp2hls.conf.d/ +for f in *-low.conf; do + f=${f/-low.conf/} + echo "restarting $f" + systemctl restart ipcam_rtsp2hls@${f} + systemctl restart ipcam_rtsp2hls@${f}-low +done diff --git a/misc/scripts/make_netns_per_upstream.sh b/misc/scripts/make_netns_per_upstream.sh new file mode 100644 index 0000000..fb152fa --- /dev/null +++ b/misc/scripts/make_netns_per_upstream.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +set -x +set -e + +get_default_iface() { + ip -4 r show default | awk '{print $5}' +} + +declare -A UPSTREAMS=( + [mtsil]=102 + [mtsazov]=100 + [rtazov]=101 +) + +for name in "${!UPSTREAMS[@]}"; do + mark=${UPSTREAMS[$name]} + veth_addr=10.${mark}.1.1 + vpeer_addr=10.${mark}.1.2 + veth_if=veth${name} + vpeer_if=vpeer${name} + + ip netns add $name + ip link add $veth_if type veth peer name $vpeer_if + ip link set $vpeer_if netns $name + ip addr add $veth_addr/24 dev $veth_if + ip link set $veth_if up + + ip netns exec $name ip addr add $vpeer_addr/24 dev $vpeer_if + ip netns exec $name ip link set $vpeer_if up + ip netns exec $name ip link set lo up + ip netns exec $name ip route add default via $veth_addr + + iptables -t mangle -A PREROUTING -s $vpeer_addr/24 -j MARK --set-mark $mark + iptables -t nat -A POSTROUTING -s $vpeer_addr/24 -o "$(get_default_iface)" -j MASQUERADE +done + +sysctl net.ipv4.ip_forward=1 diff --git a/systemd/ipcam_capture@.service b/systemd/ipcam_capture@.service index 9196613..b1c363e 100644 --- a/systemd/ipcam_capture@.service +++ b/systemd/ipcam_capture@.service @@ -4,12 +4,12 @@ After=network-online.target [Service] Restart=always +RestartSec=3 User=user Group=user EnvironmentFile=/etc/ipcam_capture.conf.d/%i.conf ExecStart=/home/user/homekit/tools/ipcam_capture.sh --outdir $OUTDIR --creds $CREDS --ip $IP --port $PORT $ARGS Restart=always -RestartSec=2 [Install] WantedBy=multi-user.target diff --git a/systemd/ipcam_rtsp2hls@.service b/systemd/ipcam_rtsp2hls@.service index 244a192..addd819 100644 --- a/systemd/ipcam_rtsp2hls@.service +++ b/systemd/ipcam_rtsp2hls@.service @@ -4,6 +4,7 @@ After=network-online.target [Service] Restart=always +RestartSec=3 User=user Group=user EnvironmentFile=/etc/ipcam_rtsp2hls.conf.d/%i.conf diff --git a/systemd/ipcam_server.service b/systemd/ipcam_server.service index 8897363..07ac95f 100644 --- a/systemd/ipcam_server.service +++ b/systemd/ipcam_server.service @@ -5,7 +5,8 @@ After=network-online.target [Service] User=user Group=user -Restart=on-failure +Restart=always +RestartSec=10 ExecStart=/home/user/homekit/src/ipcam_server.py WorkingDirectory=/home/user |