##############################################################################
# /*
# $Header: /data/files/mhf/cvs/bash/raspiAP.sh,v 1.21 2015/04/18 13:02:57 mhf Exp $
# */  
##############################################################################
#
##############################################################################
# LaTeX-source
# (c) 2k3+ by Michael H. FISCHER
#
# http://mhf.at
# mhf@mhf.at
##############################################################################
#
# created at $date by Michael H. FISCHER
# user: $USERNAME host: $HOSTNAME
#  
##############################################################################

##############################################################################
# check if this script is run with root privileges

if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

##############################################################################
# global settings
#
# tested with 2015-01-31-raspbian.img

apt-get install aptitude
aptitude update
# aptitude safe-upgrade
aptitude install -y emacs rfkill zd1211-firmware hostapd hostap-utils iw dnsmasq lighttpd screen

# just to check for the wlan-interfaces ability to run in  accesspoint-mode
iw list|grep -i ap

##############################################################################
# get networkiterfaces up
cat < /etc/network/interfaces 
auto lo
iface lo inet loopback
iface eth0 inet dhcp
# iface eth0 inet static
# address 192.168.111.61
# netmask 255.255.255.0
iface wlan0 inet static
address 192.168.1.1
netmask 255.255.255.0
EOF

ifdown wlan0
sleep 5;
ifup wlan0
ifconfig wlan0

##############################################################################
# bend resolving to local nameserver 
cat < /etc/resolv.conf
nameserver 127.0.1.1
EOF

##############################################################################
# get wlan interface up as accesspoint
cat < /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
ssid=extrablatt.waehring.net
channel=1
EOF

service hostapd restart
ps aux|grep hostapd

##############################################################################
# supply visitors with ip-address
cat < /etc/dnsmasq.conf
interface=wlan0
domain=extrablatt.waehring.net
dhcp-range=192.168.1.15,192.168.1.254, 255.255.255.0,12h
address=/#/192.168.1.1
EOF

service dnsmasq restart

##############################################################################
# redirect all traffic to webserver running on the accesspoint 80/443
cat < /etc/init.d/pipoint
#!/bin/sh
$time
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
hostapd -B /etc/hostapd/hostapd.conf

sleep 5

iptables -t nat -A PREROUTING -d 0/0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:80
iptables -t nat -A PREROUTING -d 0/0 -p tcp --dport 443 -j DNAT --to-destination 192.168.1.1:443

EOF

chmod +x /etc/init.d/pipoint
update-rc.d pipoint start 99 2

##############################################################################
# prepare  webserver
echo extrablatt.waehring.net > /var/www/index.html

mkdir -p /etc/lighttpd/certs
cd /etc/lighttpd/certs
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes
chmod 400 /etc/lighttpd/certs/lighttpd.pem

cat < /etc/lighttpd/lighttpd.conf
server.modules = (
        "mod_access",
        "mod_alias",
        "mod_compress",
        "mod_redirect",
        "mod_rewrite",
)
server.document-root        = "/var/www"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80
# server.error-handler-404    = "/index.html"

index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

# mhf maybe i have to deal with the dollar somehow else
\$SERVER["socket"] == ":443" {
  ssl.engine = "enable" 
  ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
 }

url.rewrite = ( "logo.png" => "$0", "xstencil.png" => "$0","extrablatt_No_1.pdf" => "$0","" => "/index.html" )

EOF

/etc/init.d/pipoint start
/etc/init.d/lighttpd restart

echo done!

# EOF
##############################################################################