vitali2y · November 21, 2025 21:04
diff --git a/install.sh b/install.sh
 #!/bin/sh

 #
 # Orange Pi RV2 Router Setup Script @ Irradium (CRUX)
 # https://dl.irradium.org/irradium/images/orange_pi_rv2/
 #
 # Usage:
 #   curl -fsSL <shorturl> > install.sh && sudo sh ./install.sh [wifi_ssid]
 #

 set -e

 echo "Orange Pi RV2 Router Setup @ Irradium (CRUX)..."

 if [ "$(id -u)" -ne 0 ]; then
    echo "ERROR: run as root: sudo sh ./install.sh"
    exit 1
 fi


 if [ -n "$1" ]; then
    WIFI_SSID="$1"
    if ! printf "%s" "$WIFI_SSID" | grep -Eq '^[a-z0-9]{3,10}$'; then
        echo "ERROR: Invalid SSID: must be 3–10 lowercase letters or digits!"
        exit 2
    fi
 else
    WIFI_SSID=opi
 fi
 echo "Using WiFi SSID: $WIFI_SSID"


 echo "Generating strong WPA2 password..."
 WIFI_PASSWORD=$(tr -cd 'A-HJ-NP-Za-hj-np-z2-9' < /dev/urandom | fold -w12 | head -n1)
 echo "Generated WiFi password: $WIFI_PASSWORD"


 echo "Updating CRUX ports tree..."
 ports -u || echo "Warning: ports -u failed, continuing..."

 echo "Installing needed packages..."
 prt-get depinst hostapd || true
 prt-get depinst dnsmasq || true
 prt-get depinst iw || true
 prt-get depinst iptables || true

 # Stop services if running
 pkill hostapd 2>/dev/null || true
 pkill dnsmasq 2>/dev/null || true


 echo "Configuring wlan0 static IP..."
 ip link set wlan0 down 2>/dev/null || true
 ip addr flush dev wlan0 || true
 ip addr add 192.168.50.1/24 dev wlan0
 ip link set wlan0 up


 echo "Writing /etc/hostapd/hostapd.conf..."
 mkdir -p /etc/hostapd

 cat >/etc/hostapd/hostapd.conf <<EOF
 interface=wlan0
 driver=nl80211
 ssid=$WIFI_SSID
 hw_mode=g
 channel=6
 auth_algs=1
 wmm_enabled=1
 wpa=2
 wpa_key_mgmt=WPA-PSK
 wpa_passphrase=$WIFI_PASSWORD
 rsn_pairwise=CCMP
 EOF


 echo "Configuring dnsmasq..."
 if [ -f /etc/dnsmasq.conf ]; then
    mv /etc/dnsmasq.conf /etc/dnsmasq.conf.bak-$(date +%s)
 fi

 cat >/etc/dnsmasq.conf <<EOF
 interface=wlan0
 bind-interfaces
 domain-needed
 bogus-priv
 dhcp-range=192.168.50.10,192.168.50.250,12h
 EOF


 echo "Enable IPv4 forwarding..."
 echo 1 >/proc/sys/net/ipv4/ip_forward

 if [ -f /etc/sysctl.conf ]; then
    if grep -q "^net.ipv4.ip_forward" /etc/sysctl.conf; then
        sed -i 's/^net.ipv4.ip_forward.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf
    else
        echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
    fi
 else
    echo "net.ipv4.ip_forward=1" > /etc/sysctl.conf
 fi


 echo "Configuring iptables NAT..."
 iptables -t nat -F
 iptables -F FORWARD

 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
 iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT

 mkdir -p /etc/iptables
 iptables-save > /etc/iptables/rules.v4


 echo "Creating /etc/rc.d/rc.router service script for router..."

 cat >/etc/rc.d/rc.router <<'EOF'
 #!/bin/sh
 case "$1" in
    start)
        echo "Starting router..."

        echo 1 > /proc/sys/net/ipv4/ip_forward

        ip addr flush dev wlan0 2>/dev/null
        ip addr add 192.168.50.1/24 dev wlan0
        ip link set wlan0 up

        if [ -f /etc/iptables/rules.v4 ]; then
            iptables-restore < /etc/iptables/rules.v4
        fi

        dnsmasq -C /etc/dnsmasq.conf
        hostapd -B /etc/hostapd/hostapd.conf
        ;;
    stop)
        echo "Stopping router..."
        pkill hostapd
        pkill dnsmasq
        ;;
    restart)
        $0 stop
        sleep 2
        $0 start
        ;;
    *)
        echo "Usage: $0 {start|stop|restart}"
        exit 1
        ;;
 esac
 EOF

 chmod +x /etc/rc.d/rc.router


 echo "Ensure startup on boot using CRUX /etc/rc.local..."
 if [ -f /etc/rc.local ]; then
    if ! grep -q "rc.router start" /etc/rc.local; then
        echo "/etc/rc.d/rc.router start" >> /etc/rc.local
    fi
 else
    cat >/etc/rc.local <<'EOF'
 #!/bin/sh
 /etc/rc.d/rc.router start
 EOF
    chmod +x /etc/rc.local
 fi


 # echo "SSH Hardening..."
 # cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak-$(date +%y%m%d%H%M))

 # # Force password change for 'root' only if user is root
 # if id root >/dev/null 2>&1; then
 #     echo "Please set a strong password for 'root'"
 #     while true; do
 #         passwd root && break
 #         echo "Password change failed. Try again."
 #     done
 # fi

 # # Disable global password authentication
 # sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
 # sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
 # sed -i 's/^#*UsePAM.*/UsePAM no/' /etc/ssh/sshd_config
 # sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config

 # echo "" >> /etc/ssh/sshd_config
 # echo "Match Address 192.168.50.0/24" >> /etc/ssh/sshd_config
 # echo "    PasswordAuthentication yes" >> /etc/ssh/sshd_config

 # CRUX uses standard BSD-init: restart SSH by killing daemon
 pkill sshd || true
 sshd


 echo "Starting router services now..."
 dnsmasq -C /etc/dnsmasq.conf
 hostapd -B /etc/hostapd/hostapd.conf

 echo
 echo "Router setup complete:"
 echo "WiFi AP (SSID): $WIFI_SSID"
 echo "WiFi Password:  $WIFI_PASSWORD"
 echo "Save this password securely!"
 echo "LAN IP:         192.168.50.1"
 echo "Startup:        /etc/rc.local -> /etc/rc.d/rc.router"
 echo "Router will start automatically on boot."
 echo "Enjoy!"
	#!/bin/sh

	#
	# Orange Pi RV2 Router Setup Script @ Irradium (CRUX)
	# https://dl.irradium.org/irradium/images/orange_pi_rv2/
	#
	# Usage:
	# curl -fsSL <shorturl> > install.sh && sudo sh ./install.sh [wifi_ssid]
	#

	set -e

	echo "Orange Pi RV2 Router Setup @ Irradium (CRUX)..."

	if [ "$(id -u)" -ne 0 ]; then
	echo "ERROR: run as root: sudo sh ./install.sh"
	exit 1
	fi


	if [ -n "$1" ]; then
	WIFI_SSID="$1"
	if ! printf "%s" "$WIFI_SSID" \| grep -Eq '^[a-z0-9]{3,10}$'; then
	echo "ERROR: Invalid SSID: must be 3–10 lowercase letters or digits!"
	exit 2
	fi
	else
	WIFI_SSID=opi
	fi
	echo "Using WiFi SSID: $WIFI_SSID"


	echo "Generating strong WPA2 password..."
	WIFI_PASSWORD=$(tr -cd 'A-HJ-NP-Za-hj-np-z2-9' < /dev/urandom \| fold -w12 \| head -n1)
	echo "Generated WiFi password: $WIFI_PASSWORD"


	echo "Updating CRUX ports tree..."
	ports -u \|\| echo "Warning: ports -u failed, continuing..."

	echo "Installing needed packages..."
	prt-get depinst hostapd \|\| true
	prt-get depinst dnsmasq \|\| true
	prt-get depinst iw \|\| true
	prt-get depinst iptables \|\| true

	# Stop services if running
	pkill hostapd 2>/dev/null \|\| true
	pkill dnsmasq 2>/dev/null \|\| true


	echo "Configuring wlan0 static IP..."
	ip link set wlan0 down 2>/dev/null \|\| true
	ip addr flush dev wlan0 \|\| true
	ip addr add 192.168.50.1/24 dev wlan0
	ip link set wlan0 up


	echo "Writing /etc/hostapd/hostapd.conf..."
	mkdir -p /etc/hostapd

	cat >/etc/hostapd/hostapd.conf <<EOF
	interface=wlan0
	driver=nl80211
	ssid=$WIFI_SSID
	hw_mode=g
	channel=6
	auth_algs=1
	wmm_enabled=1
	wpa=2
	wpa_key_mgmt=WPA-PSK
	wpa_passphrase=$WIFI_PASSWORD
	rsn_pairwise=CCMP
	EOF


	echo "Configuring dnsmasq..."
	if [ -f /etc/dnsmasq.conf ]; then
	mv /etc/dnsmasq.conf /etc/dnsmasq.conf.bak-$(date +%s)
	fi

	cat >/etc/dnsmasq.conf <<EOF
	interface=wlan0
	bind-interfaces
	domain-needed
	bogus-priv
	dhcp-range=192.168.50.10,192.168.50.250,12h
	EOF


	echo "Enable IPv4 forwarding..."
	echo 1 >/proc/sys/net/ipv4/ip_forward

	if [ -f /etc/sysctl.conf ]; then
	if grep -q "^net.ipv4.ip_forward" /etc/sysctl.conf; then
	sed -i 's/^net.ipv4.ip_forward.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf
	else
	echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
	fi
	else
	echo "net.ipv4.ip_forward=1" > /etc/sysctl.conf
	fi


	echo "Configuring iptables NAT..."
	iptables -t nat -F
	iptables -F FORWARD

	iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
	iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
	iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT

	mkdir -p /etc/iptables
	iptables-save > /etc/iptables/rules.v4


	echo "Creating /etc/rc.d/rc.router service script for router..."

	cat >/etc/rc.d/rc.router <<'EOF'
	#!/bin/sh
	case "$1" in
	start)
	echo "Starting router..."

	echo 1 > /proc/sys/net/ipv4/ip_forward

	ip addr flush dev wlan0 2>/dev/null
	ip addr add 192.168.50.1/24 dev wlan0
	ip link set wlan0 up

	if [ -f /etc/iptables/rules.v4 ]; then
	iptables-restore < /etc/iptables/rules.v4
	fi

	dnsmasq -C /etc/dnsmasq.conf
	hostapd -B /etc/hostapd/hostapd.conf
	;;
	stop)
	echo "Stopping router..."
	pkill hostapd
	pkill dnsmasq
	;;
	restart)
	$0 stop
	sleep 2
	$0 start
	;;
	*)
	echo "Usage: $0 {start\|stop\|restart}"
	exit 1
	;;
	esac
	EOF

	chmod +x /etc/rc.d/rc.router


	echo "Ensure startup on boot using CRUX /etc/rc.local..."
	if [ -f /etc/rc.local ]; then
	if ! grep -q "rc.router start" /etc/rc.local; then
	echo "/etc/rc.d/rc.router start" >> /etc/rc.local
	fi
	else
	cat >/etc/rc.local <<'EOF'
	#!/bin/sh
	/etc/rc.d/rc.router start
	EOF
	chmod +x /etc/rc.local
	fi


	# echo "SSH Hardening..."
	# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak-$(date +%y%m%d%H%M))

	# # Force password change for 'root' only if user is root
	# if id root >/dev/null 2>&1; then
	# echo "Please set a strong password for 'root'"
	# while true; do
	# passwd root && break
	# echo "Password change failed. Try again."
	# done
	# fi

	# # Disable global password authentication
	# sed -i 's/^#PasswordAuthentication./PasswordAuthentication no/' /etc/ssh/sshd_config
	# sed -i 's/^#ChallengeResponseAuthentication./ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
	# sed -i 's/^#UsePAM./UsePAM no/' /etc/ssh/sshd_config
	# sed -i 's/^#PubkeyAuthentication./PubkeyAuthentication yes/' /etc/ssh/sshd_config

	# echo "" >> /etc/ssh/sshd_config
	# echo "Match Address 192.168.50.0/24" >> /etc/ssh/sshd_config
	# echo " PasswordAuthentication yes" >> /etc/ssh/sshd_config

	# CRUX uses standard BSD-init: restart SSH by killing daemon
	pkill sshd \|\| true
	sshd


	echo "Starting router services now..."
	dnsmasq -C /etc/dnsmasq.conf
	hostapd -B /etc/hostapd/hostapd.conf

	echo
	echo "Router setup complete:"
	echo "WiFi AP (SSID): $WIFI_SSID"
	echo "WiFi Password: $WIFI_PASSWORD"
	echo "Save this password securely!"
	echo "LAN IP: 192.168.50.1"
	echo "Startup: /etc/rc.local -> /etc/rc.d/rc.router"
	echo "Router will start automatically on boot."
	echo "Enjoy!"
No results found