From 705d33e66e45c3a7607c41682cac4bfa94c1ca03 Mon Sep 17 00:00:00 2001 From: KF7EEL Date: Sat, 27 Nov 2021 05:08:46 -0800 Subject: [PATCH] WIP Docker stuf --- Dockerfile.data_gateway | 40 +++ Dockerfile.hbnet | 40 +++ docker-compose.yml | 49 ++++ docker/data_gateway/data_gateway.cfg | 367 +++++++++++++++++++++++++++ docker/hbnet/hbnet.cfg | 274 ++++++++++++++++++++ docker/web_service/config.py | 91 +++++++ 6 files changed, 861 insertions(+) create mode 100644 Dockerfile.data_gateway create mode 100644 Dockerfile.hbnet create mode 100644 docker-compose.yml create mode 100644 docker/data_gateway/data_gateway.cfg create mode 100644 docker/hbnet/hbnet.cfg create mode 100644 docker/web_service/config.py diff --git a/Dockerfile.data_gateway b/Dockerfile.data_gateway new file mode 100644 index 0000000..4588682 --- /dev/null +++ b/Dockerfile.data_gateway @@ -0,0 +1,40 @@ +# HBNet Data Gateway Dockerfile +FROM debian:11 +MAINTAINER Eric Craw "kf7eel@qsl.net" +WORKDIR /opt/hbnet_data_gateway + +RUN useradd -ms /bin/bash hbnet + +RUN mkdir -p /opt/hbnet_data_gateway/config/ + +#COPY . . + +COPY data_gateway_config.py . +COPY config.py . +COPY bridge.py . +COPY const.py . +COPY hblink.py . +COPY log.py . +COPY reporting_const.py . +COPY requirements.txt . +COPY LICENSE.txt . +COPY data_gateway.py . +COPY docker/data_gateway/data_gateway.cfg ./config/ +#Install Python3.9 and dependencies +RUN apt-get -y update; apt-get -y upgrade; apt-get -y install --no-install-recommends python3.9-dev python3-pip python3.9 build-essential net-tools iputils-ping; apt-get clean; rm -rf /var/lib/apt/lists/* + +RUN chown -R hbnet:hbnet /opt/hbnet_data_gateway/ + +# Switch user and install dependencies +USER hbnet + + +#Upgrade PIP +RUN python3.9 -m pip install --upgrade pip + +#Install from requirements.txt +RUN python3.9 -m pip install --no-cache-dir -r requirements.txt + +#ENTRYPOINT ["/home/hbnet_web/.local/bin/supervisord"] + +CMD sleep 10s; python3.9 /opt/hbnet_data_gateway/data_gateway.py -c config/data_gateway.cfg diff --git a/Dockerfile.hbnet b/Dockerfile.hbnet new file mode 100644 index 0000000..a9b7aa4 --- /dev/null +++ b/Dockerfile.hbnet @@ -0,0 +1,40 @@ +# HBNet Data Gateway Dockerfile +FROM debian:11 +MAINTAINER Eric Craw "kf7eel@qsl.net" +WORKDIR /opt/hbnet + +RUN useradd -ms /bin/bash hbnet + +RUN mkdir -p /opt/hbnet/config/ + +#COPY . . + +COPY config.py . +COPY bridge.py . +COPY const.py . +COPY hblink.py . +COPY log.py . +COPY reporting_const.py . +COPY requirements.txt . +COPY LICENSE.txt . +COPY data_gateway.py . +COPY docker/hbnet/hbnet.cfg ./config/ +COPY docker/hbnet/rules.py ./config/ +#Install Python3.9 and dependencies +RUN apt-get -y update; apt-get -y upgrade; apt-get -y install --no-install-recommends python3.9-dev python3-pip python3.9 build-essential net-tools iputils-ping; apt-get clean; rm -rf /var/lib/apt/lists/* + +RUN chown -R hbnet:hbnet /opt/hbnet/ + +# Switch user and install dependencies +USER hbnet + + +#Upgrade PIP +RUN python3.9 -m pip install --upgrade pip + +#Install from requirements.txt +RUN python3.9 -m pip install --no-cache-dir -r requirements.txt + +#ENTRYPOINT ["/home/hbnet_web/.local/bin/supervisord"] + +CMD sleep 10s; python3.9 /opt/hbnet/bridge.py -c config/hbnet.cfg -r config/rules.py diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..6d08336 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,49 @@ +version: '3' +services: + hbnet_web_service: + container_name: hbnet_web_service + hostname: web_service + image: kf7eel/hbnet_web_service:latest + build: + dockerfile: ./Dockerfile + context: ./web + ports: + # Port outside container:Port inside container + - 8082:80 + - 8083:443 + volumes: + # Path to config.py + - ./hbnet/web/config.py:/opt/hbnet_web/config.py + # Persist SQLIte data + - ./hbnet/web/data:/opt/hbnet_web/data:rw + # NGINX logs + - ./hbnet/log/web_service:/var/log/nginx:rw + # Path to custon logo +# - /path/to/logo.png:/opt/hbnet_web/static/HBnet.png + networks: + - hbnet_internal + + hbnet_data_gateway: + container_name: hbnet_data_gateway + image: kf7eel/hbnet_data_gateway:latest + hostname: data_gateway + build: + dockerfile: ./Dockerfile.data_gateway + context: . + volumes: + # Persistent data + - ./hbnet/data/data_gateway:/opt/hbnet_data_gateway/data:rw + # Log file + - ./hbnet/log/data_gateway:/tmp/log:rw + depends_on: + - "hbnet_web_service" + networks: + - hbnet_internal + restart: always + + + +networks: + hbnet_internal: + name: hbnet_internal + driver: bridge diff --git a/docker/data_gateway/data_gateway.cfg b/docker/data_gateway/data_gateway.cfg new file mode 100644 index 0000000..65d2f56 --- /dev/null +++ b/docker/data_gateway/data_gateway.cfg @@ -0,0 +1,367 @@ +# PROGRAM-WIDE PARAMETERS GO HERE +# PATH - working path for files, leave it alone unless you NEED to change it +# PING_TIME - the interval that peers will ping the master, and re-try registraion +# - how often the Master maintenance loop runs +# MAX_MISSED - how many pings are missed before we give up and re-register +# - number of times the master maintenance loop runs before de-registering a peer +# +# ACLs: +# +# Access Control Lists are a very powerful tool for administering your system. +# But they consume packet processing time. Disable them if you are not using them. +# But be aware that, as of now, the configuration stanzas still need the ACL +# sections configured even if you're not using them. +# +# REGISTRATION ACLS ARE ALWAYS USED, ONLY SUBSCRIBER AND TGID MAY BE DISABLED!!! +# +# The 'action' May be PERMIT|DENY +# Each entry may be a single radio id, or a hypenated range (e.g. 1-2999) +# Format: +# ACL = 'action:id|start-end|,id|start-end,....' +# --for example-- +# SUB_ACL: DENY:1,1000-2000,4500-60000,17 +# +# ACL Types: +# REG_ACL: peer radio IDs for registration (only used on HBP master systems) +# SUB_ACL: subscriber IDs for end-users +# TGID_TS1_ACL: destination talkgroup IDs on Timeslot 1 +# TGID_TS2_ACL: destination talkgroup IDs on Timeslot 2 +# +# ACLs may be repeated for individual systems if needed for granularity +# Global ACLs will be processed BEFORE the system level ACLs +# Packets will be matched against all ACLs, GLOBAL first. If a packet 'passes' +# All elements, processing continues. Packets are discarded at the first +# negative match, or 'reject' from an ACL element. +# +# If you do not wish to use ACLs, set them to 'PERMIT:ALL' +# TGID_TS1_ACL in the global stanza is used for OPENBRIDGE systems, since all +# traffic is passed as TS 1 between OpenBridges +[GLOBAL] +PATH: ./ +PING_TIME: 5 +MAX_MISSED: 3 +USE_ACL: True +REG_ACL: PERMIT:ALL +SUB_ACL: DENY:1 +TGID_TS1_ACL: PERMIT:ALL +TGID_TS2_ACL: PERMIT:ALL + + +# NOT YET WORKING: NETWORK REPORTING CONFIGURATION +# Enabling "REPORT" will configure a socket-based reporting +# system that will send the configuration and other items +# to a another process (local or remote) that may process +# the information for some useful purpose, like a web dashboard. +# +# REPORT - True to enable, False to disable +# REPORT_INTERVAL - Seconds between reports +# REPORT_PORT - TCP port to listen on if "REPORT_NETWORKS" = NETWORK +# REPORT_CLIENTS - comma separated list of IPs you will allow clients +# to connect on. Entering a * will allow all. +# +# ****FOR NOW MUST BE TRUE - USE THE LOOPBACK IF YOU DON'T USE THIS!!!**** +[REPORTS] +REPORT: True +REPORT_INTERVAL: 60 +REPORT_PORT: 4329 +REPORT_CLIENTS: 0.0.0.0 + + +# SYSTEM LOGGER CONFIGURAITON +# This allows the logger to be configured without chaning the individual +# python logger stuff. LOG_FILE should be a complete path/filename for *your* +# system -- use /dev/null for non-file handlers. +# LOG_HANDLERS may be any of the following, please, no spaces in the +# list if you use several: +# null +# console +# console-timed +# file +# file-timed +# syslog +# LOG_LEVEL may be any of the standard syslog logging levels, though +# as of now, DEBUG, INFO, WARNING and CRITICAL are the only ones +# used. +# +[LOGGER] +LOG_FILE: /opt/hbnet_data_gateway/data_gateway.log +LOG_HANDLERS: console,file-timed +LOG_LEVEL: DEBUG +LOG_NAME: Data Gateway + +# DOWNLOAD AND IMPORT SUBSCRIBER, PEER and TGID ALIASES +# Ok, not the TGID, there's no master list I know of to download +# This is intended as a facility for other applcations built on top of +# HBlink to use, and will NOT be used in HBlink directly. +# STALE_DAYS is the number of days since the last download before we +# download again. Don't be an ass and change this to less than a few days. +[ALIASES] +TRY_DOWNLOAD: True +PATH: ./ +PEER_FILE: peer_ids.json +SUBSCRIBER_FILE: subscriber_ids.json +TGID_FILE: talkgroup_ids.json +PEER_URL: https://www.radioid.net/static/rptrs.json +SUBSCRIBER_URL: https://www.radioid.net/static/users.json +STALE_DAYS: 3 + +# USER MANAGER +# This is where to configure the details for use with a user managment script +[WEB_SERVICE] +THIS_SERVER_NAME: DATA_GATEWAY +REMOTE_CONFIG_ENABLED: True +# URL of the user managment server +URL: http://hbnet_web_service:8080/svr +# Integer appended to DMR ID during the generation of a passphrase +APPEND_INT: 1 +EXTRA_INT_1: 5 +EXTRA_INT_2: 8 +EXTRA_1: TeSt +EXTRA_2: DmR4 +# Secret used to authenticate with user managment server, before checking if user login is approved +SHARED_SECRET: test +# Shorten passphrases +SHORTEN_PASSPHRASE: True +SHORTEN_SAMPLE: 4 +SHORTEN_LENGTH: 4 +BURN_FILE: ./burn_ids.txt +BURN_INT: 5 + +[DATA_CONFIG] +USE_DASHBOARD: False +DATA_DMR_ID: 9099 +CALL_TYPE: both +UNIT_SMS_TS: 2 + +USER_APRS_SSID: 5 +USER_APRS_COMMENT: HBNet APRS Gateway +APRS_SERVER: hbl.ink +APRS_PORT: 14580 +APRS_LOGIN_CALL: N0CALL +APRS_LOGIN_PASSCODE: 12345 +APRS_FILTER: r/47/-120/500 t/m + +# The following settings are only applicable if you are using the gps_data_beacon_igate script. +# They do not affect the operation gps_data itself. +# Time in minutes. +IGATE_BEACON_TIME = 45 +IGATE_BEACON_COMMENT = HBLink3 D-APRS Gateway +IGATE_BEACON_ICON = /I +IGATE_LATITUDE = 4730. N +IGATE_LONGITUDE = 11930. W + +# The following settings are for the static positions only, for hotspots or repeaters connected to MASTER stanzas. +# Implementation by IU7IGU +# REPORT_INTERVAL in Minute (ALLOW only > 3 Minutes) +# MESSAGE: This message will print on APRS description together RX and TX Frequency +APRS_STATIC_REPORT_INTERVAL: 15 +APRS_STATIC_MESSAGE:Connected to HBLink + +# The options below are required for operation of the dashboard and will cause errors in gps_data.py +# if configured wrong. Leave them as default unless you know what you are doing. +# If you do change, you must use absolute paths. +LOCATION_FILE: ./data/gps_data_user_loc.txt +BULLETIN_BOARD_FILE: ./data/gps_data_user_bb.txt +MAILBOX_FILE: ./data/gps_data_user_mailbox.txt +EMERGENCY_SOS_FILE: ./data/gps_data_user_sos.txt +SMS_FILE: ./data/gps_data_user_sms.txt + +# User settings file, MUST configure using absolute path. +USER_SETTINGS_FILE: ./user_settings.txt + +# API settings +# Authorized Apps file - data used for the dashboard API +USE_API: True +AUTHORIZED_APPS_FILE: /tmp/authorized_apps.txt +AUTHORIZED_TOKENS_FILE: /tmp/hblink_auth_tokens.txt +AUTHORIZED_USERS_FILE: /home/eric/Sync/hblink3_sms_dev/authorized_users.txt +ACCESS_SYSTEMS_FILE: /home/eric/Sync/hblink3_sms_dev/access_systems.txt +MY_SERVER_SHORTCUT: XYZ +SERVER_NAME: Test HBLink Network +USE_PUBLIC_APPS: True +PUBLIC_APPS_LIST: https://raw.githubusercontent.com/kf7eel/hblink_sms_external_apps/main/public_systems.txt +RULES_PATH: /home/eric/Sync/hblink3_sms_dev/rules.py + +# The following options are used for the dashboard. The dashboard is optional. +# Title of the Dashboard +DASHBOARD_TITLE: HBNet D-APRS Dashboard +# Used for API, RSS feed link, etc +DASHBOARD_URL: http://localhost:8092 + +# Logo used on dashboard page +LOGO: https://raw.githubusercontent.com/kf7eel/hblink3/gps/HBlink.png + +# Port to run server +DASH_PORT: 8092 + +# IP to run server on +DASH_HOST: 127.0.0.1 + +#Description of dashboard to show on main page +DESCRIPTION: Welcome to the dashboard. + +# Gateway contact info displayed on about page. +CONTACT_NAME: your name +CONTACT_CALL: N0CALL +CONTACT_EMAIL: email@example.org +CONTACT_WEBSITE: https://hbl.ink + +# Time format for display +TIME_FORMAT: %%H:%%M:%%S - %%m/%%d/%%y + +# Center dashboard map over these coordinates +MAP_CENTER_LAT: 47.00 +MAP_CENTER_LON: -120.00 +ZOOM_LEVEL: 7 + +# List and preview of some map themes at http://leaflet-extras.github.io/leaflet-providers/preview/ +# The following are options for map themes and just work, you should use one of these: “OpenStreetMap”, “Stamen” (Terrain, Toner, and Watercolor), +MAP_THEME: Stamen Toner + + +# OPENBRIDGE INSTANCES - DUPLICATE SECTION FOR MULTIPLE CONNECTIONS +# OpenBridge is a protocol originall created by DMR+ for connection between an +# IPSC2 server and Brandmeister. It has been implemented here at the suggestion +# of the Brandmeister team as a way to legitimately connect HBlink to the +# Brandemiester network. +# It is recommended to name the system the ID of the Brandmeister server that +# it connects to, but is not necessary. TARGET_IP and TARGET_PORT are of the +# Brandmeister or IPSC2 server you are connecting to. PASSPHRASE is the password +# that must be agreed upon between you and the operator of the server you are +# connecting to. NETWORK_ID is a number in the format of a DMR Radio ID that +# will be sent to the other server to identify this connection. +# other parameters follow the other system types. +# +# ACLs: +# OpenBridge does not 'register', so registration ACL is meaningless. +# Proper OpenBridge passes all traffic on TS1. +# HBlink can extend OPB to use both slots for unit calls only. +# Setting "BOTH_SLOTS" True ONLY affects unit traffic! +# Otherwise ACLs work as described in the global stanza +[OBP-1] +MODE: OPENBRIDGE +ENABLED: True +IP: +PORT: 62036 +NETWORK_ID: 1234 +PASSPHRASE: passw0rd +TARGET_IP: 127.0.0.1 +TARGET_PORT: 62037 +BOTH_SLOTS: True +USE_ACL: True +SUB_ACL: DENY:1 +TGID_ACL: PERMIT:ALL +USE_ENCRYPTION: False +ENCRYPTION_KEY: +OTHER_OPTIONS: +# MASTER INSTANCES - DUPLICATE SECTION FOR MULTIPLE MASTERS +# HomeBrew Protocol Master instances go here. +# IP may be left blank if there's one interface on your system. +# Port should be the port you want this master to listen on. It must be unique +# and unused by anything else. +# Repeat - if True, the master repeats traffic to peers, False, it does nothing. +# +# MAX_PEERS -- maximun number of peers that may be connect to this master +# at any given time. This is very handy if you're allowing hotspots to +# connect, or using a limited computer like a Raspberry Pi. +# +# ACLs: +# See comments in the GLOBAL stanza +[MASTER-1] +MODE: MASTER +ENABLED: True + +# Use the user manager? If False, MASTER instance will operate as normal. +USE_USER_MAN: False + +REPEAT: True +MAX_PEERS: 3 +EXPORT_AMBE: False +IP: +PORT: 62033 +PASSPHRASE: passw0rd +GROUP_HANGTIME: 5 +USE_ACL: True +REG_ACL: DENY:1 +SUB_ACL: DENY:1 +TGID_TS1_ACL: PERMIT:ALL +TGID_TS2_ACL: PERMIT:ALL +OTHER_OPTIONS: + +# PEER INSTANCES - DUPLICATE SECTION FOR MULTIPLE PEERS +# There are a LOT of errors in the HB Protocol specifications on this one! +# MOST of these items are just strings and will be properly dealt with by the program +# The TX & RX Frequencies are 9-digit numbers, and are the frequency in Hz. +# Latitude is an 8-digit unsigned floating point number. +# Longitude is a 9-digit signed floating point number. +# Height is in meters +# Setting Loose to True relaxes the validation on packets received from the master. +# This will allow HBlink to connect to a non-compliant system such as XLXD, DMR+ etc. +# +# ACLs: +# See comments in the GLOBAL stanza +[REPEATER-1] +MODE: PEER +ENABLED: False +LOOSE: False +EXPORT_AMBE: False +IP: +PORT: 54001 +MASTER_IP: 172.16.1.1 +MASTER_PORT: 54000 +PASSPHRASE: homebrew +CALLSIGN: W1ABC +RADIO_ID: 312000 +RX_FREQ: 449000000 +TX_FREQ: 444000000 +TX_POWER: 25 +COLORCODE: 1 +SLOTS: 1 +LATITUDE: 38.0000 +LONGITUDE: -095.0000 +HEIGHT: 75 +LOCATION: Anywhere, USA +DESCRIPTION: This is a cool repeater +URL: www.w1abc.org +SOFTWARE_ID: 20170620 +PACKAGE_ID: MMDVM_HBlink +GROUP_HANGTIME: 5 +OPTIONS: +USE_ACL: True +SUB_ACL: DENY:1 +TGID_TS1_ACL: PERMIT:ALL +TGID_TS2_ACL: PERMIT:ALL +OTHER_OPTIONS: + +[XLX-1] +MODE: XLXPEER +ENABLED: False +LOOSE: True +EXPORT_AMBE: False +IP: +PORT: 54002 +MASTER_IP: 172.16.1.1 +MASTER_PORT: 62030 +PASSPHRASE: passw0rd +CALLSIGN: W1ABC +RADIO_ID: 312000 +RX_FREQ: 449000000 +TX_FREQ: 444000000 +TX_POWER: 25 +COLORCODE: 1 +SLOTS: 1 +LATITUDE: 38.0000 +LONGITUDE: -095.0000 +HEIGHT: 75 +LOCATION: Anywhere, USA +DESCRIPTION: This is a cool repeater +URL: www.w1abc.org +SOFTWARE_ID: 20170620 +PACKAGE_ID: MMDVM_HBlink +GROUP_HANGTIME: 5 +XLXMODULE: 4004 +USE_ACL: True +SUB_ACL: DENY:1 +TGID_TS1_ACL: PERMIT:ALL +TGID_TS2_ACL: PERMIT:ALL +OTHER_OPTIONS: diff --git a/docker/hbnet/hbnet.cfg b/docker/hbnet/hbnet.cfg new file mode 100644 index 0000000..4e160b4 --- /dev/null +++ b/docker/hbnet/hbnet.cfg @@ -0,0 +1,274 @@ +# PROGRAM-WIDE PARAMETERS GO HERE +# PATH - working path for files, leave it alone unless you NEED to change it +# PING_TIME - the interval that peers will ping the master, and re-try registraion +# - how often the Master maintenance loop runs +# MAX_MISSED - how many pings are missed before we give up and re-register +# - number of times the master maintenance loop runs before de-registering a peer +# +# ACLs: +# +# Access Control Lists are a very powerful tool for administering your system. +# But they consume packet processing time. Disable them if you are not using them. +# But be aware that, as of now, the configuration stanzas still need the ACL +# sections configured even if you're not using them. +# +# REGISTRATION ACLS ARE ALWAYS USED, ONLY SUBSCRIBER AND TGID MAY BE DISABLED!!! +# +# The 'action' May be PERMIT|DENY +# Each entry may be a single radio id, or a hypenated range (e.g. 1-2999) +# Format: +# ACL = 'action:id|start-end|,id|start-end,....' +# --for example-- +# SUB_ACL: DENY:1,1000-2000,4500-60000,17 +# +# ACL Types: +# REG_ACL: peer radio IDs for registration (only used on HBP master systems) +# SUB_ACL: subscriber IDs for end-users +# TGID_TS1_ACL: destination talkgroup IDs on Timeslot 1 +# TGID_TS2_ACL: destination talkgroup IDs on Timeslot 2 +# +# ACLs may be repeated for individual systems if needed for granularity +# Global ACLs will be processed BEFORE the system level ACLs +# Packets will be matched against all ACLs, GLOBAL first. If a packet 'passes' +# All elements, processing continues. Packets are discarded at the first +# negative match, or 'reject' from an ACL element. +# +# If you do not wish to use ACLs, set them to 'PERMIT:ALL' +# TGID_TS1_ACL in the global stanza is used for OPENBRIDGE systems, since all +# traffic is passed as TS 1 between OpenBridges +[GLOBAL] +PATH: ./ +PING_TIME: 5 +MAX_MISSED: 3 +USE_ACL: True +REG_ACL: PERMIT:ALL +SUB_ACL: DENY:1 +TGID_TS1_ACL: PERMIT:ALL +TGID_TS2_ACL: PERMIT:ALL + + +# NOT YET WORKING: NETWORK REPORTING CONFIGURATION +# Enabling "REPORT" will configure a socket-based reporting +# system that will send the configuration and other items +# to a another process (local or remote) that may process +# the information for some useful purpose, like a web dashboard. +# +# REPORT - True to enable, False to disable +# REPORT_INTERVAL - Seconds between reports +# REPORT_PORT - TCP port to listen on if "REPORT_NETWORKS" = NETWORK +# REPORT_CLIENTS - comma separated list of IPs you will allow clients +# to connect on. Entering a * will allow all. +# +# ****FOR NOW MUST BE TRUE - USE THE LOOPBACK IF YOU DON'T USE THIS!!!**** +[REPORTS] +REPORT: True +REPORT_INTERVAL: 60 +REPORT_PORT: 4321 +REPORT_CLIENTS: 127.0.0.1 + + +# SYSTEM LOGGER CONFIGURAITON +# This allows the logger to be configured without chaning the individual +# python logger stuff. LOG_FILE should be a complete path/filename for *your* +# system -- use /dev/null for non-file handlers. +# LOG_HANDLERS may be any of the following, please, no spaces in the +# list if you use several: +# null +# console +# console-timed +# file +# file-timed +# syslog +# LOG_LEVEL may be any of the standard syslog logging levels, though +# as of now, DEBUG, INFO, WARNING and CRITICAL are the only ones +# used. +# +[LOGGER] +LOG_FILE: /tmp/hblink.log +LOG_HANDLERS: console-timed +LOG_LEVEL: DEBUG +LOG_NAME: HBlink + +# DOWNLOAD AND IMPORT SUBSCRIBER, PEER and TGID ALIASES +# Ok, not the TGID, there's no master list I know of to download +# This is intended as a facility for other applcations built on top of +# HBlink to use, and will NOT be used in HBlink directly. +# STALE_DAYS is the number of days since the last download before we +# download again. Don't be an ass and change this to less than a few days. +[ALIASES] +TRY_DOWNLOAD: True +PATH: ./ +PEER_FILE: peer_ids.json +SUBSCRIBER_FILE: subscriber_ids.json +TGID_FILE: talkgroup_ids.json +PEER_URL: https://www.radioid.net/static/rptrs.json +SUBSCRIBER_URL: https://www.radioid.net/static/users.json +STALE_DAYS: 7 + +# USER MANAGER +# This is where to configure the details for use with a user managment script +[WEB_SERVICE] +THIS_SERVER_NAME: MMDVM_Server +REMOTE_CONFIG_ENABLED: True +# URL of the user managment server +URL: http://localhost:8080/svr +# Integer appended to DMR ID during the generation of a passphrase +APPEND_INT: 1 +EXTRA_INT_1: 5 +EXTRA_INT_2: 8 +EXTRA_1: TeSt +EXTRA_2: DmR4 +# Secret used to authenticate with user managment server, before checking if user login is approved +SHARED_SECRET: test +# Shorten passphrases +SHORTEN_PASSPHRASE: True +SHORTEN_SAMPLE: 4 +SHORTEN_LENGTH: 4 +BURN_FILE: ./burn_ids.txt +BURN_INT: 5 + + +# OPENBRIDGE INSTANCES - DUPLICATE SECTION FOR MULTIPLE CONNECTIONS +# OpenBridge is a protocol originall created by DMR+ for connection between an +# IPSC2 server and Brandmeister. It has been implemented here at the suggestion +# of the Brandmeister team as a way to legitimately connect HBlink to the +# Brandemiester network. +# It is recommended to name the system the ID of the Brandmeister server that +# it connects to, but is not necessary. TARGET_IP and TARGET_PORT are of the +# Brandmeister or IPSC2 server you are connecting to. PASSPHRASE is the password +# that must be agreed upon between you and the operator of the server you are +# connecting to. NETWORK_ID is a number in the format of a DMR Radio ID that +# will be sent to the other server to identify this connection. +# other parameters follow the other system types. +# +# ACLs: +# OpenBridge does not 'register', so registration ACL is meaningless. +# Proper OpenBridge passes all traffic on TS1. +# HBlink can extend OPB to use both slots for unit calls only. +# Setting "BOTH_SLOTS" True ONLY affects unit traffic! +# Otherwise ACLs work as described in the global stanza +[OBP-1] +MODE: OPENBRIDGE +ENABLED: False +IP: +PORT: 62035 +NETWORK_ID: 3129100 +PASSPHRASE: password +TARGET_IP: 1.2.3.4 +TARGET_PORT: 62035 +BOTH_SLOTS: True +USE_ACL: True +SUB_ACL: DENY:1 +TGID_ACL: PERMIT:ALL +# Experimental encryption +ENCRYPTION_KEY: +USE_ENCRYPTION: False + +# MASTER INSTANCES - DUPLICATE SECTION FOR MULTIPLE MASTERS +# HomeBrew Protocol Master instances go here. +# IP may be left blank if there's one interface on your system. +# Port should be the port you want this master to listen on. It must be unique +# and unused by anything else. +# Repeat - if True, the master repeats traffic to peers, False, it does nothing. +# +# MAX_PEERS -- maximun number of peers that may be connect to this master +# at any given time. This is very handy if you're allowing hotspots to +# connect, or using a limited computer like a Raspberry Pi. +# +# ACLs: +# See comments in the GLOBAL stanza +[MASTER-1] +MODE: MASTER +ENABLED: True + +# Use the user manager? If False, MASTER instance will operate as normal. +USE_USER_MAN: False + +REPEAT: True +MAX_PEERS: 10 +EXPORT_AMBE: False +IP: +PORT: 54000 +PASSPHRASE: s3cr37w0rd +GROUP_HANGTIME: 5 +USE_ACL: True +REG_ACL: DENY:1 +SUB_ACL: DENY:1 +TGID_TS1_ACL: PERMIT:ALL +TGID_TS2_ACL: PERMIT:ALL + +# PEER INSTANCES - DUPLICATE SECTION FOR MULTIPLE PEERS +# There are a LOT of errors in the HB Protocol specifications on this one! +# MOST of these items are just strings and will be properly dealt with by the program +# The TX & RX Frequencies are 9-digit numbers, and are the frequency in Hz. +# Latitude is an 8-digit unsigned floating point number. +# Longitude is a 9-digit signed floating point number. +# Height is in meters +# Setting Loose to True relaxes the validation on packets received from the master. +# This will allow HBlink to connect to a non-compliant system such as XLXD, DMR+ etc. +# +# ACLs: +# See comments in the GLOBAL stanza +[REPEATER-1] +MODE: PEER +ENABLED: False +LOOSE: False +EXPORT_AMBE: False +IP: +PORT: 54001 +MASTER_IP: 172.16.1.1 +MASTER_PORT: 54000 +PASSPHRASE: homebrew +CALLSIGN: W1ABC +RADIO_ID: 312000 +RX_FREQ: 449000000 +TX_FREQ: 444000000 +TX_POWER: 25 +COLORCODE: 1 +SLOTS: 1 +LATITUDE: 38.0000 +LONGITUDE: -095.0000 +HEIGHT: 75 +LOCATION: Anywhere, USA +DESCRIPTION: This is a cool repeater +URL: www.w1abc.org +SOFTWARE_ID: 20170620 +PACKAGE_ID: MMDVM_HBlink +GROUP_HANGTIME: 5 +OPTIONS: +USE_ACL: True +SUB_ACL: DENY:1 +TGID_TS1_ACL: PERMIT:ALL +TGID_TS2_ACL: PERMIT:ALL + +[XLX-1] +MODE: XLXPEER +ENABLED: False +LOOSE: True +EXPORT_AMBE: False +IP: +PORT: 54002 +MASTER_IP: 172.16.1.1 +MASTER_PORT: 62030 +PASSPHRASE: passw0rd +CALLSIGN: W1ABC +RADIO_ID: 312000 +RX_FREQ: 449000000 +TX_FREQ: 444000000 +TX_POWER: 25 +COLORCODE: 1 +SLOTS: 1 +LATITUDE: 38.0000 +LONGITUDE: -095.0000 +HEIGHT: 75 +LOCATION: Anywhere, USA +DESCRIPTION: This is a cool repeater +URL: www.w1abc.org +SOFTWARE_ID: 20170620 +PACKAGE_ID: MMDVM_HBlink +GROUP_HANGTIME: 5 +XLXMODULE: 4004 +USE_ACL: True +SUB_ACL: DENY:1 +TGID_TS1_ACL: PERMIT:ALL +TGID_TS2_ACL: PERMIT:ALL diff --git a/docker/web_service/config.py b/docker/web_service/config.py new file mode 100644 index 0000000..0f1b3e6 --- /dev/null +++ b/docker/web_service/config.py @@ -0,0 +1,91 @@ +''' +Settings for HBNet Web Server. +''' +# Database options +# Using SQLite is simple and easiest. Comment out this line and uncomment the MySQL +# line to use a MySQL/MariaDB server. +db_location = 'sqlite:////opt/hbnet_web/data/hbnet.sqlite' + +# Uncomment and change this line to use a MySQL DB. It is best to start with a fresh +# DB without data in it. + +#db_location = 'mysql+pymysql://DB_USERNAME:DB_PASSWORD@DB_HOST:MySQL_PORT/DB_NAME' + + +# Title of the HBNet Web Service/DMR network +title = 'HBNet Web Service (Docker)' +# Port to run server +hws_port = 8080 +# IP to run server on +hws_host = '127.0.0.1' +# Publicly accessible URL of the web server. THIS IS REQUIRED AND MUST BE CORRECT. +url = 'http://localhost:8080' +# Replace below with some random string such as an SHA256 +secret_key = 'SUPER SECRET LONG KEY' + +# Timezone to show time stamps in. Stored in DB as UTC. Offset in hours. +hbnet_tz = -1 + +# Time format for display on some pages +time_format = '%H:%M:%S - %m/%d/%y' + +# Default state for newly created user accounts. Setting to False will require +# the approval of an admin user before the user can login. +default_account_state = True + +# Legacy passphrase used in hblink.cfg +legacy_passphrase = 'passw0rd' + +# Coordinates to center map over +center_map = [45.372, -121.6972] +# Default map zoom level +map_zoom = 5 + +# Passphrase calculation config. If REMOTE_CONFIG is not used in your DMR server config +# (hblink.cfg), then the values in section [USER_MANAGER] MUST match the values below. +# If REMOTE_CONFIG is enabled, the DMR server (hblink) will automatically use the values below. +# These config options affect the generation of user passphrases. + +# Set to a value between 1 - 99. This value is used in the normal calculation. +append_int = 1 + +# Set to a value between 1 - 99. This value is used for compromised passphrases. +burn_int = 5 + +# Set to a value between 1 - 99 This value is used in the normal calculation. +extra_int_1 = 5 + +# Set to a value between 1 - 99 This value is used in the normal calculation. +extra_int_2 = 8 + +# Set to a length of about 10 characters. +extra_1 = 'TeSt' +extra_2 = 'DmR4' + +# Shorten generated passphrases +use_short_passphrase = True + +# Character length of shortened passphrase +shorten_length = 6 +# How often to pick character from long passphrase when shortening. +shorten_sample = 4 + +# Email settings +MAIL_SERVER = 'smtp.gmail.com' +MAIL_PORT = 465 +MAIL_USE_SSL = True +MAIL_USE_TLS = False +MAIL_USERNAME = 'app@gmail.com' +MAIL_PASSWORD = 'password' +MAIL_DEFAULT_SENDER = '"' + title + '" ' + +# User settings settings +USER_ENABLE_EMAIL = True +USER_ENABLE_USERNAME = True +USER_REQUIRE_RETYPE_PASSWORD = True +USER_ENABLE_CHANGE_USERNAME = False +USER_ENABLE_MULTIPLE_EMAILS = True +USER_ENABLE_CONFIRM_EMAIL = True +USER_ENABLE_REGISTER = True +USER_AUTO_LOGIN_AFTER_CONFIRM = False +USER_SHOW_USERNAME_DOES_NOT_EXIST = True