-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-
-# ssh
-
-pmirror() {
- # background: upgrading all packages is not recommended because it
- # doesn't go into the firmware. build new firmware if you want
- # lots of upgrades.
- f=(/tmp/opkg-lists/*)
- f=${f[0]}
- if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
- opkg update
- fi
-}
-
-pi() {
- for x in "$@"; do
- if [[ ! $(opkg list-installed "$x") ]]; then
- pmirror
- opkg install "$@"
- fi
- done
-}
-
-v() {
- printf "+ %s\n" "$*"
- "$@"
-}
-
-cat >/usr/bin/arch-pxe-mount <<'EOFOUTER'
-#!/bin/bash
-# symlinks are collapsed for nfs mount points, so use a bind mount.
-# tried putting this in /etc/config/fstab,
-# then doig block mount, it didn't work. This doesn't persist across reboots,
-# todo: figure that out
-d=/run/archiso/bootmnt
-cat > /etc/fstab <<EOF
-/mnt/usb/tftpboot $d none bind 0 0
-EOF
-mount | grep $d &>/dev/null || mount $d
-/etc/init.d/nfsd restart
-EOFOUTER
-chmod +x /usr/bin/arch-pxe-mount
-
-cat >.profile <<'EOF'
-# changing login shell emits spam on ssh single commands & scp
- # sed -i 's#/bin/ash$#/bin/bash#' /etc/passwd
-#https://dev.openwrt.org/ticket/13852
-[ "$PS1" = "" ] || {
- /bin/bash
- exit
-}
-EOF
-v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \
- tcpdump openvpn-openssl
-
-
-
-sed -ri "s/option[[:space:]]*encryption[[:space:]]*'?none'?/option encryption psk2\n option key pictionary49/" /etc/config/wireless
-sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless
-v wifi
-
-
-v /etc/init.d/fstab enable ||:
-
-# rebooting makes mounting work, but comparing lsmod,
-# i'm guessing this will too. todo, test it.
-# 255 == module already loaded
-for mod in scsi_mod sd_mod; do v modprobe $mod || [[ $? == 255 ]]; done
-
-# for arch pxe. The default settings in the installer expect to find
-# the NFS at /run/archiso/bootmnt
-mkdir -p /run/archiso/bootmnt
-
-# todo: at some later time, i found /mnt/usb not mounted, watch to see if
-# that is the case after running this or rebooting.
-# wiki says safe to do in case of fstab changes:
-cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; }
-config global automount
- option from_fstab 1
- option anon_mount 1
-
-config global autoswap
- option from_fstab 1
- option anon_swap 1
-
-config mount
- option target /mnt/usb
- option device /dev/sda2
- option fstype ext4
- option options rw,async,noatime,nodiratime
- option enabled 1
- option enabled_fsck 0
-
-config swap
- option device /dev/sda1
- option enabled 1
-
-EOF
-
-
-
-# exportfs -ra wont cut it when its the same path, but now a bind mount
-cedit /etc/exports <<'EOF' || v /etc/init.d/nfsd restart ||:
-/mnt/usb 192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
-# for arch pxe
-/run/archiso/bootmnt 192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
-EOF
-
-
-v /etc/init.d/portmap start
-v /etc/init.d/nfsd start
-v /etc/init.d/portmap enable
-v /etc/init.d/nfsd enable
-
-v /etc/init.d/openvpn start
-v /etc/init.d/openvpn enable
-
-
-# setup to use only vpn in 5 ways:
-# set lan forward to vpn instead of wan,
-# disable wan masquerade,
-# set the default for outgoing to reject,
-# open wan port 1194 and 22 (ssh is too useful),
-# setup port forwardings to use vpn.
-firewall_restart=false
-# https://wiki.openwrt.org/doc/uci
-if [[ $(uci get firewall.@forwarding[0].dest) != vpn ]]; then
- # default is wan
- # https://wiki.openwrt.org/doc/uci
- v uci set firewall.@forwarding[0].dest=vpn
- uci commit firewall
- firewall_restart=true
-fi
-
-wan_index=$(uci show firewall | sed -rn 's/firewall\.@zone\[([0-9])+\]\.name=wan/\1/p')
-w="firewall.@zone[$wan_index]"
-if [[ $(uci get $w.masq) == 1 ]]; then
- v uci set $w.masq=0
- uci commit firewall
- firewall_restart=true
-fi