diff --git a/README.md b/README.md index 25e1b1c54..2913bd08b 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,7 @@ https://github.com/alexbelgium/hassio-addons ## ✓ Misc tools - [Addons Updater](addons_updater/) ![support][support-shield] : Automatic addons update by aligning version tag with github upstream releases +- [Arpspoof](arpspoof/): adds ability to block internet connection for local network devices - [Code-server](code-server/) : Code-server is VS Code running on a remote server, accessible through the browser. - [Inadyn](inadyn/) : Inadyn, or In-a-Dyn, is a small and simple Dynamic DNS, DDNS, client with HTTPS support. Commonly available in many GNU/Linux distributions, used in off the shelf routers and Internet gateways to automate the task of keeping your Internet name in sync with your publicĀ¹ IP address. It can also be used in installations with redundant (backup) connections to the Internet. - [Portainer](portainer/) ![privileged][privileged-shield] ![ingress][ingress-shield] : Manage your docker environment diff --git a/arpspoof/CHANGELOG.md b/arpspoof/CHANGELOG.md new file mode 100644 index 000000000..66f7e8b76 --- /dev/null +++ b/arpspoof/CHANGELOG.md @@ -0,0 +1 @@ +- Initial release diff --git a/arpspoof/Dockerfile b/arpspoof/Dockerfile new file mode 100644 index 000000000..143ab9566 --- /dev/null +++ b/arpspoof/Dockerfile @@ -0,0 +1,58 @@ +ARG BUILD_FROM +ARG BUILD_VERSION +FROM techblog/arpspoof-docker:latest +ENV BASHIO_VERSION=0.14.3 +ENV PACKAGES="jq \ + curl" + +RUN \ + ################ + # Install apps # + ################ + apt-get clean \ + && apt-get update \ + && apt-get install -y ${PACKAGES} \ + \ + ################### + # Install bashio # + ################## + && mkdir -p /tmp/bashio \ + && curl -L -f -s "https://github.com/hassio-addons/bashio/archive/v${BASHIO_VERSION}.tar.gz" \ + | tar -xzf - --strip 1 -C /tmp/bashio \ + && mv /tmp/bashio/lib /usr/lib/bashio \ + && ln -s /usr/lib/bashio/bashio /usr/bin/bashio \ + && rm -rf /tmp/bashio || true + +# copy local files +COPY rootfs/ / +#WORKDIR / +RUN chmod 777 /entrypoint.sh +ENTRYPOINT [ "/usr/bin/env" ] +CMD [ "/entrypoint.sh" ] + +### LABELS +ARG BUILD_ARCH +ARG BUILD_DATE +ARG BUILD_DESCRIPTION +ARG BUILD_NAME +ARG BUILD_REF +ARG BUILD_REPOSITORY +ARG BUILD_VERSION +LABEL \ + io.hass.name="${BUILD_NAME}" \ + io.hass.description="${BUILD_DESCRIPTION}" \ + io.hass.arch="${BUILD_ARCH}" \ + io.hass.type="addon" \ + io.hass.version=${BUILD_VERSION} \ + maintainer="alexbelgium (https://github.com/alexbelgium)" \ + org.opencontainers.image.title="${BUILD_NAME}" \ + org.opencontainers.image.description="${BUILD_DESCRIPTION}" \ + org.opencontainers.image.vendor="Home Assistant Add-ons" \ + org.opencontainers.image.authors="alexbelgium (https://github.com/alexbelgium)" \ + org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.url="https://github.com/alexbelgium" \ + org.opencontainers.image.source="https://github.com/${BUILD_REPOSITORY}" \ + org.opencontainers.image.documentation="https://github.com/${BUILD_REPOSITORY}/blob/main/README.md" \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.revision=${BUILD_REF} \ + org.opencontainers.image.version=${BUILD_VERSION} diff --git a/arpspoof/Readme.md b/arpspoof/Readme.md new file mode 100644 index 000000000..0f0cc15e6 --- /dev/null +++ b/arpspoof/Readme.md @@ -0,0 +1,56 @@ +# Home assistant add-on: Arpspoof + +[![Donate][donation-badge]](https://www.buymeacoffee.com/alexbelgium) + +[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white + +![Supports + Architecture][aarch64-shield] ![Supports amd64 Architecture][amd64-shield] ![Supports armhf Architecture][armhf-shield] ![Supports armv7 Architecture][armv7-shield] +![Supports smb mounts][smb-shield] + +_Thanks to everyone having starred my repo! To star it click on the image below, then it will be on top right. Thanks!_ + +[![Stargazers repo roster for @alexbelgium/hassio-addons](https://reporoster.com/stars/alexbelgium/hassio-addons)](https://github.com/alexbelgium/hassio-addons/stargazers) + +## About + +[arpspoof](https://github.com/t0mer/Arpspoof-Docker) adds ability to block internet connection for local network devices +This addon is based on the docker image https://hub.docker.com/r/techblog/arpspoof-docker + +## Installation + +The installation of this add-on is pretty straightforward and not different in comparison to installing any other add-on. + +1. Add my add-ons repository to your home assistant instance (in supervisor addons store at top right, or click button below if you have configured my HA) + [![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons) +1. Install this add-on. +1. Click the `Save` button to store your configuration. +1. Set the add-on options to your preferences +1. Start the add-on. +1. Check the logs of the add-on to see if everything went well. +1. Open the webUI and adapt the software options + +## Configuration + +Webui can be found at . + + +```yaml +ROUTER_IP: 127.0.0.1 #Required Router IP +INTERFACE_NAME: name #Required Interface name, can use this command to get it: ip route get 8.8.8.8 | sed -nr 's/.*dev ([^\ ]+).*/\1/p' +``` + +## Support + +Create an issue on github + +## Illustration + +NO illustration + +[repository]: https://github.com/alexbelgium/hassio-addons +[smb-shield]: https://img.shields.io/badge/smb-yes-green.svg +[aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg +[amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg +[armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg +[armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg diff --git a/arpspoof/apparmor.txt b/arpspoof/apparmor.txt new file mode 100644 index 000000000..f1c902851 --- /dev/null +++ b/arpspoof/apparmor.txt @@ -0,0 +1,48 @@ +#include + +profile arpspoof_addon flags=(attach_disconnected,mediate_deleted) { + #include + + capability, + file, + mount, + umount, + remount, + + capability setgid, + capability setuid, + capability sys_admin, + capability dac_read_search, + # capability dac_override, + # capability sys_rawio, + +# S6-Overlay + /bin/** ix, + /usr/bin/** ix, + /usr/lib/bashio/** ix, + /etc/s6/** rix, + /run/s6/** rix, + /etc/services.d/** rwix, + /etc/cont-init.d/** rwix, + /etc/cont-finish.d/** rwix, + /init rix, + /var/run/** mrwkl, + /var/run/ mrwkl, + /dev/i2c-1 mrwkl, + # Files required + /dev/sda1 mrwkl, + /dev/sdb1 mrwkl, + /dev/mmcblk0p1 mrwkl, + /dev/* mrwkl, + /tmp/** mrkwl, + + # Data access + /data/** rw, + + # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container + ptrace (trace,read) peer=docker-default, + + # docker daemon confinement requires explict allow rule for signal + signal (receive) set=(kill,term) peer=/usr/bin/docker, + +} diff --git a/arpspoof/config.json b/arpspoof/config.json new file mode 100644 index 000000000..dbd38e118 --- /dev/null +++ b/arpspoof/config.json @@ -0,0 +1,33 @@ +{ + "apparmor": true, + "arch": ["aarch64", "amd64", "armv7", "armhf"], + "boot": "auto", + "description": "block internet connection for local network devices", + "devices": [ + ], + "environment": { + }, + "map": [], + "host_network": true, + "name": "Arpspoof", + "options": { + "ROUTER_IP": "yourip", + "INTERFACE_NAME": "interface name" + }, + "ports": { + "7022/tcp": 7022 + }, + "ports_description": { + "7022/tcp": "web interface" + }, + "privileged": ["SYS_ADMIN", "DAC_READ_SEARCH"], + "schema": { + "ROUTER_IP": "str", + "INTERFACE_NAME": "str" + }, + "slug": "arpspoof", + "upstream": "1.0", + "url": "https://github.com/alexbelgium/hassio-addons", + "version": "1.0", + "webui": "http://[HOST]:[PORT:7022]" +} diff --git a/arpspoof/icon.png b/arpspoof/icon.png new file mode 100644 index 000000000..31ca24c94 Binary files /dev/null and b/arpspoof/icon.png differ diff --git a/arpspoof/logo.png b/arpspoof/logo.png new file mode 100644 index 000000000..31ca24c94 Binary files /dev/null and b/arpspoof/logo.png differ diff --git a/arpspoof/rootfs/entrypoint.sh b/arpspoof/rootfs/entrypoint.sh new file mode 100644 index 000000000..635dbc865 --- /dev/null +++ b/arpspoof/rootfs/entrypoint.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +echo "Starting..." + +################################### +# Export all addon options as env # +################################### + +# For all keys in options.json +JSONSOURCE="/data/options.json" + +# Export keys as env variables +echo "All addon options were exported as variables" +mapfile -t arr < <(jq -r 'keys[]' ${JSONSOURCE}) +for KEYS in ${arr[@]}; do + # export key + VALUE=$(jq .$KEYS ${JSONSOURCE}) + export ${KEYS}=${VALUE//[\"\']/} &>/dev/null +done + +################ +# Set timezone # +################ +if [ ! -z "TZ" ] && [ -f /etc/localtime ]; then + if [ -f /usr/share/zoneinfo/$TZ ]; then + echo "Timezone set from $(cat /etc/timezone) to $TZ" + ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ >/etc/timezone + else + echo "WARNING : Timezone $TZ is invalid, it will be kept to default value of $(cat /etc/timezone)" + fi +fi + +#################### +# Starting scripts # +#################### + +for SCRIPTS in scripts/*; do + [ -e "$SCRIPTS" ] || continue + echo "$SCRIPTS: executing" + chown $(id -u):$(id -g) $SCRIPTS + chmod a+x $SCRIPTS + sed -i 's|/usr/bin/with-contenv bashio|/usr/bin/env bashio|g' $SCRIPTS || true + ./$SCRIPTS || echo "$SCRIPTS: exiting $?" +done diff --git a/arpspoof/rootfs/scripts/00-aaa_dockerfile_backup.sh b/arpspoof/rootfs/scripts/00-aaa_dockerfile_backup.sh new file mode 100644 index 000000000..d036f5468 --- /dev/null +++ b/arpspoof/rootfs/scripts/00-aaa_dockerfile_backup.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# If dockerfile failed install manually +if [ ! -f "/usr/bin/bashio" ]; then + echo "Bashio does not exist, executing script" + ( + ################ + # Install apps # + ################ + PACKAGES="${PACKAGES:="curl"}" + + apt-get clean \ + && apt-get update \ + && apt-get install -y $PACKAGES 2>/dev/null \ + || apk add --no-cache $PACKAGES + + ################### + # Install bashio # + ################## + + mkdir -p /tmp/bashio + curl -L -f -s "https://github.com/hassio-addons/bashio/archive/v${BASHIO_VERSION}.tar.gz" | + tar -xzf - --strip 1 -C /tmp/bashio + mv /tmp/bashio/lib /usr/lib/bashio + ln -s /usr/lib/bashio/bashio /usr/bin/bashio + rm -rf /tmp/bashio + + ) >/dev/null + +fi diff --git a/arpspoof/rootfs/scripts/00-banner.sh b/arpspoof/rootfs/scripts/00-banner.sh new file mode 100644 index 000000000..0ac294e9a --- /dev/null +++ b/arpspoof/rootfs/scripts/00-banner.sh @@ -0,0 +1,39 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# Displays a simple add-on banner on startup +# ============================================================================== + +if bashio::supervisor.ping; then + bashio::log.blue \ + '-----------------------------------------------------------' + bashio::log.blue " Add-on: $(bashio::addon.name)" + bashio::log.blue " $(bashio::addon.description)" + bashio::log.blue \ + '-----------------------------------------------------------' + + bashio::log.blue " Add-on version: $(bashio::addon.version)" + if bashio::var.true "$(bashio::addon.update_available)"; then + bashio::log.magenta ' There is an update available for this add-on!' + bashio::log.magenta \ + " Latest add-on version: $(bashio::addon.version_latest)" + bashio::log.magenta ' Please consider upgrading as soon as possible.' + else + bashio::log.green ' You are running the latest version of this add-on.' + fi + + bashio::log.blue " System: $(bashio::info.operating_system)" \ + " ($(bashio::info.arch) / $(bashio::info.machine))" + bashio::log.blue " Home Assistant Core: $(bashio::info.homeassistant)" + bashio::log.blue " Home Assistant Supervisor: $(bashio::info.supervisor)" + + bashio::log.blue \ + '-----------------------------------------------------------' + bashio::log.blue \ + ' Please, share the above information when looking for help' + bashio::log.blue \ + ' or support in, e.g., GitHub, forums' + bashio::log.green \ + ' https://github.com/alexbelgium/hassio-addons' + bashio::log.blue \ + '-----------------------------------------------------------' +fi diff --git a/arpspoof/rootfs/scripts/00-global_var.sh b/arpspoof/rootfs/scripts/00-global_var.sh new file mode 100644 index 000000000..448527a43 --- /dev/null +++ b/arpspoof/rootfs/scripts/00-global_var.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +################################### +# Export all addon options as env # +################################### + +# For all keys in options.json +JSONSOURCE="/data/options.json" + +# Export keys as env variables +# echo "All addon options were exported as variables" +mapfile -t arr < <(jq -r 'keys[]' ${JSONSOURCE}) +for KEYS in ${arr[@]}; do + # export key + VALUE=$(jq .$KEYS ${JSONSOURCE}) + line="${KEYS}=${VALUE//[\"\']/} &>/dev/null" + # Use locally + export $line + # Export the variable to run scripts + sed -i "1a export $line" /etc/services.d/*/*run* 2>/dev/null || sed -i "1a export $line" /scripts/*run* +done + +################ +# Set timezone # +################ +if [ ! -z "TZ" ] && [ -f /etc/localtime ]; then + if [ -f /usr/share/zoneinfo/$TZ ]; then + echo "Timezone set from $(cat /etc/timezone) to $TZ" + ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ >/etc/timezone + fi +fi diff --git a/arpspoof/rootfs/scripts/99-run.sh b/arpspoof/rootfs/scripts/99-run.sh new file mode 100644 index 000000000..58a8ddd23 --- /dev/null +++ b/arpspoof/rootfs/scripts/99-run.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bashio + +bashio::log.info "Starting..." +/usr/bin/python3 /opt/arpspoof/arpspoof.py \ No newline at end of file