-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathVLX_FrameFlow.sh
More file actions
executable file
·544 lines (476 loc) · 18.4 KB
/
VLX_FrameFlow.sh
File metadata and controls
executable file
·544 lines (476 loc) · 18.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
#!/bin/bash
echo "VLX FrameFlow"
BASE_DIR="$(dirname "$(readlink -f "$0")")"
# Imports
source "$BASE_DIR/config/FrameFlow_conf.sh"
source "$BASE_DIR/modules/FrameFlow_system.sh"
source "$BASE_DIR/modules/FrameFlow_packages.sh"
source "$BASE_DIR/modules/FrameFlow_network.sh"
source "$BASE_DIR/modules/FrameFlow_network_wired.sh"
source "$BASE_DIR/modules/FrameFlow_network_wireless.sh"
source "$BASE_DIR/modules/FrameFlow_storage.sh"
source "$BASE_DIR/modules/FrameFlow_bonding.sh"
source "$BASE_DIR/modules/FrameFlow_netflow.sh"
# --- Logging ---
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_ok() { echo -e "${GREEN}[OK]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_err() { echo -e "${RED}[ERR]${NC} $1" >&2; }
die() {
log_err "$1"
exit 1
}
# --- Checks ---
# Root OR (Profile + Sudoers)
check_permissions
clear
ask_confirmation() {
local prompt="$1"
if [ "$FRAMEFLOW_ROLE" == "SERVER" ]; then
read -p "$prompt (y/N) " confirm
if [[ ! "$confirm" =~ ^[yY]$ ]]; then
log_info "Skipping..."
return 1
fi
fi
return 0
}
run_system_setup() {
log_info "System conf"
if ask_confirmation "Enable and start SSH service?"; then
systemctl enable --now ssh
fi
if ask_confirmation "Update APT repositories?"; then
system_update_repos
fi
if [ "$FRAMEFLOW_ROLE" == "CLIENT" ]; then
echo "Please select desired default boot mode:"
echo "1) Multi-user (Command Line / Headless) - [Recommended for performance]"
echo "2) Graphical (Desktop GUI) - [Requires a Desktop Environment installed]"
read -p "Select [1]: " boot_choice
boot_choice=${boot_choice:-1}
if [ "$boot_choice" -eq 2 ]; then
log_info "Setting default to Graphical Target"
systemctl set-default graphical.target
else
log_info "Setting default to Multi-user Target"
systemctl set-default multi-user.target
fi
echo "It is suggested to remove GUI packages (Gnome, XFCE, KDE, etc) to optimize performance."
echo "WARNING: If you plan to use 'Graphical Target' (GUI), answer NO (N) here."
read -p "Do you want to remove these packages? (y/N) " remove_gui_choice
if [[ "$remove_gui_choice" =~ ^[yY]$ ]]; then
remove_bloatware
fi
restore_packages
fi
if ask_confirmation "Reinstall systemd?"; then
apt -y install --reinstall systemd
fi
if ask_confirmation "Install dependencies?"; then
install_dependencies
fi
if ask_confirmation "Configure kernel sysctl (dmesg_restrict)?"; then
configure_kernel_sysctl
fi
if ask_confirmation "Set NTP and Timezone?"; then
timedatectl set-ntp true
systemctl restart systemd-timesyncd
timedatectl set-timezone Europe/Rome
fi
}
run_techuser_setup() {
if ! ask_confirmation "Configure dedicated service user?"; then
return 0
fi
## Reorder passwd file and get unprileged users list
pwck -s
userlist=($(awk -F: '($3>=1000)&&($1!="nobody")&&($NF!="/usr/sbin/nologin")&&($NF!="/bin/false"){print $1}' /etc/passwd))
for i in "${!userlist[@]}"; do
echo "[$i] ${userlist[$i]}"
done
echo "[N] Create new dedicated user"
echo "[X] Do nothing"
echo ""
read -p "Enter your choice and press <Enter>: " CHOICE
# Handle invalid (non-numeric or out-of-bounds) input
if [[ "$CHOICE" =~ ^[nN]$ ]]; then
read -p "Create new dedicated username [default: frameflow]: " target_user
target_user=${target_user:-frameflow}
setup_service_user $target_user
elif [[ ! "$CHOICE" =~ ^[0-9]+$ ]] || [ "$CHOICE" -ge "${#userlist[@]}" ]; then
return 0
else
target_user=${userlist[$CHOICE]}
setup_service_user $target_user
fi
if [ "$FRAMEFLOW_ROLE" != "SERVER" ]; then
read -p "Configure password-less sudo for $target_user? (y/N) " setup_sudo_choice
[[ "$setup_sudo_choice" =~ ^[yY]$ ]] && setup_sudo_user "$target_user"
fi
}
run_network_setup() {
log_info "Network conf"
if ask_confirmation "Configure network features and tools?"; then
configure_network_features
fi
if ask_confirmation "Configure firewall (UFW)?"; then
configure_firewall
fi
if [ "$FRAMEFLOW_ROLE" == "CLIENT" ]; then
create_wifi_profiles
create_network_profiles
fi
if ask_confirmation "Enable network settings and reload systemd?"; then
enable_network_settings
fi
if ask_confirmation "Check Kernel MPTCP Support?"; then
check_mptcp_kernel
fi
if ask_confirmation "Setup MPTCP Proxy (Shadowsocks + V2Ray)?"; then
setup_mptcp_proxy
fi
if ask_confirmation "Setup MLVPN Bonding (UDP)?"; then
setup_mlvpn_bonding
fi
}
run_application_setup() {
log_info "Applications conf"
if ask_confirmation "Update suite code from GitHub?"; then
update_suite_code
fi
if ask_confirmation "Install MediaMTX?"; then
install_mediamtx
fi
if ask_confirmation "Setup maintenance cron job?"; then
setup_maintenance_cron
fi
}
setup_server_components() {
if ! command -v ss-server &> /dev/null && ! command -v ss-redir &> /dev/null; then
install_shadowsocks
fi
if ! command -v mlvpn &> /dev/null; then
install_mlvpn
fi
setup_mptcp_proxy
setup_mlvpn_bonding
log_info "The following ports are required for the server components:"
log_info "- 8889/tcp (mediamtx WEBRTC)"
log_info "- 8322/tcp (mediamtx RTSP)"
log_info "- 8189/udp (mediamtx WEBRTC)"
log_info "- 8890/udp (mediamtx SRT)"
log_info "- 5080/udp (MLVPN bonding tunnel)"
log_info "- 8388 (Shadowsocks: MPTCP TCP aggregator)"
if command -v ufw >/dev/null; then
log_info "Configuring UFW firewall rules..."
ufw allow 8889/tcp comment "mediamtx WEBRTC"
ufw allow 8322/tcp comment "mediamtx RTSP"
ufw allow 8189/udp comment "mediamtx WEBRTC"
ufw allow 8890/udp comment "mediamtx SRT"
ufw allow 5080/udp comment "MLVPN bonding tunnel"
ufw allow 8388 comment "Shadowsocks: MPTCP TCP aggregator"
read -p "Is your standard UFW policy OUT set to DROP? (y/N) " drop_out_choice
if [[ "$drop_out_choice" =~ ^[yY]$ ]]; then
ufw allow out 8889/tcp comment "mediamtx WEBRTC"
ufw allow out 8322/tcp comment "mediamtx RTSP"
ufw allow out 8189/udp comment "mediamtx WEBRTC"
ufw allow out 8890/udp comment "mediamtx SRT"
ufw allow out 5080/udp comment "MLVPN bonding tunnel"
ufw allow out 8388 comment "Shadowsocks: MPTCP TCP aggregator"
fi
log_ok "Firewall rules applied."
fi
}
update_server_suite() {
run_techuser_setup
update_suite_code
install_mediamtx
local dedicated_user=$(get_installed_user)
if [ -n "$dedicated_user" ] && [ "$dedicated_user" != "root" ]; then
chown "$dedicated_user:$dedicated_user" "$VLXsuite_DIR" "$MEDIAMTX_DIR"
fi
}
client_reset() {
log_info "Stopping client components..."
systemctl stop frameflow-mptcp-proxy.service 2>/dev/null
systemctl stop frameflow-bonding.service 2>/dev/null
systemctl stop frameflow-mlvpn.service 2>/dev/null
pkill -f "ss-redir" || true
pkill -f "mlvpn" || true
pkill -f "v2ray-plugin" || true
log_info "Reconfiguring network interfaces..."
create_wifi_profiles
create_network_profiles
enable_network_settings
network_restart
log_info "Starting client components..."
systemctl start frameflow-mptcp-proxy.service 2>/dev/null
systemctl start frameflow-bonding.service 2>/dev/null
systemctl start frameflow-mlvpn.service 2>/dev/null
log_ok "Client reset completed."
}
setup_client_components() {
log_info "Cleaning out existing Client components (Shadowsocks, MLVPN)..."
# Stop and disable services
systemctl disable --now shadowsocks-libev.service 2>/dev/null
systemctl disable --now frameflow-mptcp-proxy.service 2>/dev/null
systemctl disable --now frameflow-bonding.service 2>/dev/null
systemctl disable --now frameflow-mlvpn.service 2>/dev/null
# Remove service files
rm -f /usr/lib/systemd/system/shadowsocks-libev.service
rm -f /etc/systemd/system/frameflow-mptcp-proxy.service
rm -f /etc/systemd/system/frameflow-bonding.service
rm -f /etc/systemd/system/frameflow-mlvpn.service
# Remove configurations
rm -rf /etc/shadowsocks-libev
rm -rf /etc/mlvpn
systemctl daemon-reload
log_info "Installing Client components..."
if ! command -v ss-server &> /dev/null && ! command -v ss-redir &> /dev/null; then
install_shadowsocks
fi
if ! command -v mlvpn &> /dev/null; then
install_mlvpn
fi
setup_mptcp_proxy
setup_mlvpn_bonding
log_ok "Client components installed and configured."
}
_rollback_server() {
log_warn "This will perform a complete cleanup of server components and configurations."
log_warn "It will also remove the maintenance cron job and sudoers configuration."
log_info "The tool installation directory and user profile will be preserved."
echo ""
read -p "Are you sure you want to proceed? (y/N) " confirm
if [[ "$confirm" =~ ^[yY]$ ]]; then
cleanup_server_components
cleanup_server_configuration
if command -v ufw >/dev/null; then
read -p "Do you want to remove the server firewall rules (ports 8889/tcp, 8322/tcp, 8189/udp, 8890/udp, 5080/udp, 8388)? (y/N) " remove_ufw
if [[ "$remove_ufw" =~ ^[yY]$ ]]; then
log_info "Removing UFW firewall rules..."
ufw delete allow 8889/tcp || true
ufw delete allow 8322/tcp || true
ufw delete allow 8189/udp || true
ufw delete allow 8890/udp || true
ufw delete allow 5080/udp || true
ufw delete allow 8388 || true
ufw delete allow out 8889/tcp || true
ufw delete allow out 8322/tcp || true
ufw delete allow out 8189/udp || true
ufw delete allow out 8890/udp || true
ufw delete allow out 5080/udp || true
ufw delete allow out 8388 || true
log_ok "Firewall rules removed."
fi
fi
log_ok "Rollback complete."
else
log_info "Rollback aborted."
fi
}
_rollback_client() {
log_warn "This will perform a complete cleanup of network configurations, firewall rules, and routes."
log_warn "It will also remove the maintenance cron job and sudoers configuration."
log_info "The tool installation directory and user profile will be preserved."
echo ""
read -p "Are you sure you want to proceed? (y/N) " confirm
if [[ "$confirm" =~ ^[yY]$ ]]; then
cleanup_network_configuration
cleanup_system_configuration
log_ok "Rollback complete."
else
log_info "Rollback aborted."
fi
}
run_rollback() {
if [ "$FRAMEFLOW_ROLE" == "SERVER" ]; then
_rollback_server
else
_rollback_client
fi
}
show_help() {
if [ "$FRAMEFLOW_ROLE" == "SERVER" ]; then
echo "========================================"
echo " Available Server CLI commands: "
echo "---------------------------------------------------"
echo " $0 server start - Start server components"
echo " $0 server status - Check server components status"
echo " $0 server stop - Stop server components"
echo " $0 bonding - Check client components status"
echo "========================================"
else
echo "========================================"
echo " Available Client CLI commands: "
echo "---------------------------------------------------"
echo " $0 client start - Start client components"
echo " $0 client stop - Stop client components"
echo " $0 client status - Check client components status"
echo " $0 client reset - Restart client networking and bonding services"
echo " $0 bonding - Check client components status"
echo ""
echo "========================================"
echo " Wireless interface commands:"
echo "---------------------------------------------------"
echo " $0 AP start - Start AP mode on the first wifi interface"
echo " $0 AP stop - Stop AP mode on the first wifi interface"
echo " $0 AP status - Check is the wifi interface status is coherent with configuration, if not tries to recover."
echo "========================================"
fi
}
# --- CLI Arguments ---
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
if [ "$1" == "help" ] || [ "$1" == "--help" ]; then
show_help
exit 0
elif [ "$1" == "server" ]; then
if [ "$2" == "start" ]; then
log_info "Starting server components..."
sysctl -w net.ipv4.ip_forward=1
systemctl start frameflow-mptcp-proxy.service 2>/dev/null
systemctl start frameflow-bonding.service 2>/dev/null
systemctl start frameflow-mlvpn.service 2>/dev/null
log_ok "Server components started."
exit 0
elif [ "$2" == "status" ]; then
log_info "Checking server components status..."
systemctl status frameflow-mptcp-proxy.service --no-pager 2>/dev/null || true
systemctl status frameflow-bonding.service --no-pager 2>/dev/null || true
systemctl status frameflow-mlvpn.service --no-pager 2>/dev/null || true
exit 0
elif [ "$2" == "stop" ]; then
log_info "Stopping server components..."
systemctl stop frameflow-mptcp-proxy.service 2>/dev/null
systemctl stop frameflow-bonding.service 2>/dev/null
systemctl stop frameflow-mlvpn.service 2>/dev/null
log_info "Killing possible orphan processes..."
pkill -f "ss-server" || true
pkill -f "ss-redir" || true
pkill -f "mlvpn" || true
pkill -f "v2ray-plugin" || true
log_ok "Server components stopped and orphans killed."
exit 0
fi
elif [ "$1" == "client" ]; then
if [ "$2" == "start" ]; then
log_info "Starting client components..."
systemctl start frameflow-mptcp-proxy.service 2>/dev/null
systemctl start frameflow-bonding.service 2>/dev/null
systemctl start frameflow-mlvpn.service 2>/dev/null
log_ok "Client components started."
exit 0
elif [ "$2" == "status" ]; then
log_info "Checking client components status..."
systemctl status frameflow-mptcp-proxy.service --no-pager 2>/dev/null || true
systemctl status frameflow-bonding.service --no-pager 2>/dev/null || true
systemctl status frameflow-mlvpn.service --no-pager 2>/dev/null || true
exit 0
elif [ "$2" == "stop" ]; then
log_info "Stopping client components..."
systemctl stop frameflow-mptcp-proxy.service 2>/dev/null
systemctl stop frameflow-bonding.service 2>/dev/null
systemctl stop frameflow-mlvpn.service 2>/dev/null
log_info "Killing possible orphan processes..."
pkill -f "ss-redir" || true
pkill -f "mlvpn" || true
pkill -f "v2ray-plugin" || true
log_ok "Client components stopped and orphans killed."
exit 0
elif [ "$2" == "reset" ]; then
client_reset
exit 0
fi
elif [ "$1" == "bonding" ]; then
log_info "Bonding Status:"
echo -n "MPTCP Proxy (Shadowsocks): "
if systemctl is-active --quiet frameflow-mptcp-proxy.service 2>/dev/null; then echo -e "${GREEN}Active${NC}"; else echo -e "${RED}Inactive${NC}"; fi
echo -n "MLVPN Tunnel (mlvpn0): "
if ping -c 1 -W 2 10.1.10.1 >/dev/null 2>&1; then echo -e "${GREEN}Connected${NC}"; else echo -e "${RED}Disconnected${NC}"; fi
exit 0
elif [ "$1" == "AP" ]; then
if [ "$2" == "start" ]; then
accesspoint_start
exit 0
elif [ "$2" == "stop" ]; then
accesspoint_stop
exit 0
elif [ "$2" == "status" ]; then
accesspoint_status
exit 0
fi
fi
# Role Selection
while true; do
show_help
echo " VLX FrameFlow Setup "
echo "========================================"
echo "1) CLIENT (SBC/Field Unit) - Automated, heavy installation"
echo "2) SERVER (VPS/Relay Node) - Interactive, conservative installation"
echo "3) Update Suite and user ownership"
echo "4) Exit"
read -p "Select Choice [1]: " role_choice
role_choice=${role_choice:-1}
if [ "$role_choice" -eq 4 ]; then
echo "Exiting..."
exit 0
fi
if [ "$role_choice" -eq 3 ]; then
echo "Running Update Suite..."
update_server_suite
exit 0
fi
if [ "$role_choice" -eq 2 ]; then
FRAMEFLOW_ROLE="SERVER"
else
FRAMEFLOW_ROLE="CLIENT"
fi
if [ -f "${VLXsuite_DIR}/config/FrameFlow_user.settings" ]; then
sed -i '/^FRAMEFLOW_ROLE=/d' "${VLXsuite_DIR}/config/FrameFlow_user.settings"
echo "FRAMEFLOW_ROLE=\"$FRAMEFLOW_ROLE\"" >> "${VLXsuite_DIR}/config/FrameFlow_user.settings"
else
mkdir -p "${VLXsuite_DIR}/config"
echo "FRAMEFLOW_ROLE=\"$FRAMEFLOW_ROLE\"" > "${VLXsuite_DIR}/config/FrameFlow_user.settings"
fi
echo "Running as $FRAMEFLOW_ROLE..."
echo "========================================"
if [ "$FRAMEFLOW_ROLE" == "SERVER" ]; then
echo "1) Install and configure Server components (Shadowsocks, MLVPN)"
echo "2) Complete Clean Up / Roll back"
echo "3) Back"
echo "4) Exit"
read -p "Select: " OPT
case "$OPT" in
1) setup_server_components ;;
2) run_rollback ;;
3) continue ;;
4) exit 0 ;;
*) echo "Invalid"; exit 1 ;;
esac
else
echo "1) Install OS on +64GB drives (eMMc / SSD / nvme)"
echo "2) Configure System (Full Setup)"
echo "3) Reconfigure System network"
echo "4) Update network interfaces"
echo "5) Create/Reconfigure FrameFlow user"
echo "6) Install and configure Client components (Shadowsocks, MLVPN)"
echo "7) Complete Clean Up / Roll back"
echo "8) Back"
echo "9) Exit"
read -p "Select: " OPT
case "$OPT" in
1) run_storage_installation_wizard ;;
2) run_system_setup ; run_techuser_setup; run_network_setup ;run_application_setup ;;
3) run_network_setup ;;
4) create_wifi_profiles; create_network_profiles ;;
5) run_techuser_setup ;;
6) setup_client_components ;;
7) run_rollback ;;
8) continue ;;
9) exit 0 ;;
*) echo "Invalid"; exit 1 ;;
esac
fi
done
fi