summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-hooks/16-i2p_config
blob: 112e12150b938932392325afbed8e0cd82cd3b29 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/sh

set -e

echo "Configuring I2P"

I2P="/usr/share/i2p"
I2PROUTER="/usr/bin/i2prouter"
WRAPPER="/etc/i2p/wrapper.config"

# This must be set in order for the i2p init script to work
sed -i 's/^RUN_DAEMON=.*$/RUN_DAEMON="true"/' /etc/default/i2p

# Remove the "i2prouter" script, its man page, and its apparmor profile
# since these are not used by Tails:
rm /etc/apparmor.d/usr.bin.i2prouter /usr/share/man/man1/i2prouter.1.gz

# Install custom i2prouter stub scripts
for script in ${I2PROUTER} ${I2PROUTER}-nowrapper; do
    echo "Removing $script"
    dpkg-divert --rename --add "${script}"
    cat > "$script" << EOF
#!/bin/sh
echo "This script is not used by Tails."
echo "See https://tails.boum.org/doc/anonymous_internet/i2p/ for more information."
exit 0
EOF
    chmod 755 "$script"
done

# Remove the outproxy from the tunnel on port 4444
# This will remove the following lines:
#      tunnel.0.proxyList=false.i2p
#      tunnel.0.option.i2ptunnel.httpclient.SSLOutproxies=false.i2p
# The SSLOutproxies option was first set in I2P 0.9.15
sed -i '/^.*tunnel\.0\.\(proxyList\|option\.i2ptunnel\.httpclient\.SSLOutproxies\)/d' "$I2P/i2ptunnel.config"

# Disable the https outproxy (port 4445)
sed -i 's|^.*\(tunnel\.6\.startOnLoad\).*|\1=false|' "$I2P/i2ptunnel.config"

# Don't serve the router console on IPv6
sed -i 's|^clientApp\.0\.args=7657\s\+::1,127\.0\.0\.1|clientApp.0.args=7657 127.0.0.1|' "$I2P/clients.config"

# Disable IPv6 in the wrapper
sed -i 's|^.*\(wrapper\.java\.additional\.5=-Djava\.net\.preferIPv4Stack=\).*|\1true|' "$WRAPPER"
sed -i 's|^.*\(wrapper\.java\.additional\.6=-Djava\.net\.preferIPv6Addresses=\).*|\1false|' "$WRAPPER"

# Tails specific router configs:
# * i2cp: allows java clients to communicate with I2P outside of the JVM. Disabled.
# * IPv6: Disabled
# * HiddenMode: Enabled
# * In-I2P Network Updates: Disabled
# * Inbound connections: Disabled (setting is "i2cp.ntcp.autoip")
# * Disable I2P plugins
# * Disable NTP
cat > "$I2P/router.config" << EOF
# NOTE: This I2P config file must use UTF-8 encoding
i2cp.disableInterface=true
i2np.ntcp.ipv6=false
i2np.ntcp.autoip=false
i2np.udp.ipv6=false
router.isHidden=true
router.updateDisabled=true
router.enablePlugins=false
time.disabled=true
EOF

cat > "$I2P/susimail.config" << EOF
susimail.pop3.leave.on.server=true
EOF

# enforce apparmor
echo Setting the I2P apparmor profile to enforce mode
sed  -i -re 's|flags=\(complain\)||' /etc/apparmor.d/system_i2p