Initial commit

README.rst

@@ -0,0 +1,45 @@
+********
+maszt.5g
+********
+
+About
+=====
+
+This is fake "administration interface", which is "accidentally" discovered as
+captive portal ("Sign in to the WiFi network") served by ``MASZT 5G TEST 200%
+MOCY`` network connected to by the conspiracy theorist determined to uncover the
+truth about 5G.
+
+Implemented as simple Flask app on uWSGI and Nginx, for the limited amount of
+dynamic content (like current date, in the future maybe some info about
+connected device). In reference deployment uses openwrt as AP+router for captive
+portal redirection.
+
+Features
+========
+
+* confirmation of various conspiracy theories about:
+  * 5G base stations spreading coronavirus
+  * chemtrails
+  * world government
+
+Installation
+============
+
+on captive portal host
+----------------------
+
+.. code-block:: sh
+
+   git clone https://code.hackerspace.pl/woju/fiveg /srv/www/maszt.5g
+   ln -s "$PWD"/contrib/nginx.conf /etc/nginx/sites-enabled/fiveg.conf
+   ln -s "$PWD"/contrib/uwsgi.ini /etc/uwsgi/apps-enabled/fiveg.ini
+   systemctl restart uwsgi nginx
+
+on OpenWrt host
+---------------
+
+This has to be done manually, and better be. The files in
+:file:`contrib/openwrt/config/{*}` should be appended to their respective
+counterparts in :file:`/etc/config`. :file:`contrib/openwrt/firewall.user`
+should be copied/appended to :file:`/etc/firewall.user`

contrib/nginx.conf

@@ -0,0 +1,16 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name maszt.5g;
+
+	root /srv/www/maszt.5g/root;
+
+ 	location / {
+		include uwsgi_params;
+		uwsgi_pass unix:/run/uwsgi/app/fiveg/socket;
+
+		location /static {
+			alias /srv/www/maszt.5g/static;
+		}
+ 	}
+}

contrib/openwrt/config/dhcp

@@ -0,0 +1,9 @@
+config dhcp '5g'                      
+        option start '100'            
+        option leasetime '12h'        
+        option limit '150'        
+        option interface '5g'     
+
+config domain                 
+        option name 'maszt.5g'
+        option ip 'FIXME'

contrib/openwrt/config/firewall

@@ -0,0 +1,5 @@
+config zone
+        option input 'ACCEPT'
+        option name '5g'
+        option output 'ACCEPT'
+        option forward 'REJECT'

contrib/openwrt/config/network

@@ -0,0 +1,5 @@
+config interface '5g'                 
+	option proto 'static'
+	option ipaddr 'FIXME'
+	option netmask '24'
+	option type 'bridge'

contrib/openwrt/config/wireless

@@ -0,0 +1,6 @@
+config wifi-iface '5g_radio0'
+	option device 'radio0'
+	option mode 'ap'
+	option ssid 'MASZT 5G TEST 200% MOCY'
+	option network '5g'
+	option encryption 'none'

contrib/openwrt/firewall.user

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+lookup() {
+    # on resolution failure, this will attempt to index nil value
+    # and lua will exit nonzero
+    lua -l nixio -e "print(nixio.getaddrinfo('$1')[1].address)" 2>/dev/null
+}
+
+ip_captive=$(lookup maszt.5g)
+ip_login=$(lookup pis.org.pl)
+
+if test -n "$ip_login"
+then
+    iptables -t nat -A prerouting_rule -i br-5g -d "$ip_login" \
+        -j ACCEPT
+    iptables -t filter -A forwarding_rule -p tcp --dport 80 -d "$ip_login" \
+        -j ACCEPT
+fi
+
+iptables -t nat -A prerouting_rule -i br-5g -p tcp --dport 80 \
+    -j DNAT --to-destination "$ip_captive"
+iptables -t filter -A forwarding_rule -p tcp --dport 80 -d "$ip_captive" \
+    -j ACCEPT
+
+# vim: ts=4 sts=4 sw=4 et

contrib/uwsgi.ini

@@ -0,0 +1,8 @@
+[uwsgi]
+plugin = python3
+master = true
+processes = 2
+uid = nobody
+
+wsgi-file = /srv/www/maszt.5g/fiveg.py
+buffer-size = 65536

fiveg.py

@@ -0,0 +1,20 @@
+import datetime
+import flask
+
+app = flask.Flask(__name__)
+
+@app.context_processor
+def inject_libs():
+    return {
+        'datetime': datetime
+    }
+
+@app.route('/')
+def index():
+    return flask.render_template('index.html', today=datetime.date.today())
+
+@app.errorhandler(404)
+def error_404(error):
+    return flask.render_template('error.html', error=error)
+
+application = app

static/style.css

@@ -0,0 +1,45 @@
+html {
+    font-family: sans;
+    max-width: 790px;
+    margin: 0 auto;
+}
+
+h1 {
+    font-size: 1.5rem;
+}
+
+fieldset {
+    border: 1px solid #000;
+}
+
+.float {
+    float: right;
+    text-align: right;
+    width: 75%;
+}
+
+td, th {
+    text-align: left;
+    vertical-align: top;
+    padding: 2px;
+}
+
+td.ok {
+    background-color: #4e9a06;
+    color: #fff;
+}
+
+.warning {
+    color: #cc0000;
+    margin-bottom: 0.8rem;
+}
+
+label.warning {
+    color: #fff;
+    background-color: #cc0000;
+    padding: 2px;
+}
+
+footer {
+    margin-top: 0.5rem;
+}

templates/error.html

@@ -0,0 +1,11 @@
+{% extends 'layout.html' %}
+{% block body %}
+<fieldset>
+    <legend>Błąd</legend>
+    <div class="warning">
+        {{ error }}
+    </div>
+</fieldset>
+{% endblock %}
+
+{# vim: set ft=jinja : #}

templates/index.html

@@ -0,0 +1,71 @@
+{% extends 'layout.html' %}
+
+{% set test_start = today - datetime.timedelta(days=today.weekday()) %}
+{% set test_end = test_start + datetime.timedelta(days=7) %}
+
+{% block body %}
+<fieldset><legend>Status</legend>
+    <table>
+        <tr><th>Status:</th><td class="ok">OK</td></tr>
+        <tr><th>Pozostała ilość płynu:</th><td>12,7 l</td></tr>
+        <tr><th>Aktywny okres testu:</th>
+            <td>{{ test_start.strftime('%d.%m.%Y') }}
+                &mdash; {{ test_end.strftime('%d.%m.%Y') }}</td></tr>
+    </table>
+</fieldset>
+
+<fieldset><legend>Moc nadajnika</legend>
+    <div class="float warning">
+        UWAGA: ustawianie mocy powyżej&nbsp;100% jest niewskazane!
+    </div>
+
+    <table>
+    {% for power in [25, 50, 75, 90, 95, 100, 150, 200] %}
+        <tr>
+            <td>
+                <input type="radio" disabled="disabled" name="power"
+                    id="power-{{ power }}" value="{{ power }}"
+                    {%- if power == 200 %} checked="checked"{% endif %}>
+            </td>
+            <td><label for="power-{{ power }}"
+                {%- if power > 100 %} class="warning"{% endif -%}
+                >{{ power }}%</label>
+            </td>
+        </tr>
+    {% endfor %}
+    </table>
+</fieldset>
+
+{% macro checkbox(name, checked) %}
+    <tr>
+        <td>
+            <input type="checkbox" disabled="disabled" name="{{ name }}"
+                {%- if checked %} checked="checked"{% endif %}>
+        </td>
+        <td><label for="{{ name }}">{{ caller() }}</label></td>
+    </tr>
+{% endmacro -%}
+
+<fieldset><legend>Inne ustawienia</legend>
+    <table>
+        {% call checkbox('surveillance', true) -%}
+            Upoważnij operatora sieci 5G do przeglądania zawartości
+            urządzeń elektronicznych w&nbsp;zasięgu nadajnika.{% endcall %}
+        {% call checkbox('sars-cov-2', true) -%}
+            Test integracji z&nbsp;modułem CN-CNV-19.{% endcall %}
+        {% call checkbox('acl', false) -%}
+            Zabezpiecz interfejs przed dostępem osób niepowołanych.{% endcall %}
+    </table>
+</fieldset>
+
+<fieldset><legend>Zapisz ustawienia</legend>
+    <div class="warning">
+        Dostęp tylko do odczytu. Zmiana ustawień jest możliwa po zalogowaniu.
+    </div>
+    <input type="submit" value="OK" disabled="disabled">
+    <input type="reset" value="Anuluj">
+    <a href="http://pis.org.pl/login">Login</a>
+</fieldset>
+{% endblock %}
+
+{# vim: set ft=jinja : #}

templates/layout.html

@@ -0,0 +1,18 @@
+<!doctype html>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Interfejs administracyjny</title>
+<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
+
+<body>
+    <h1>Interfejs administracyjny</h1>
+    <form>
+{% block body %}{% endblock %}
+    </form>
+
+    <footer>
+        Copyright &copy; B.&nbsp;G.&nbsp;Foundation
+    </footer>
+</body>
+
+{#- vim: set ft=jinja : #}