iankelling.org
/
git
/
automated-distro-installer
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
enable ecne and noble
[automated-distro-installer]
/
wrt-setup-local
diff --git
a/wrt-setup-local
b/wrt-setup-local
index 3d2edb85e513645d678aea7c236f69787b5d8afe..ac33e3a647499339caa8b4acc4b12fa9101bd606 100755
(executable)
--- a/
wrt-setup-local
+++ b/
wrt-setup-local
@@
-16,7
+16,8
@@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-f=/usr/local/lib/bash-bear;test -r $f || { echo "error: $0 no $f" >&2;exit 1;}; . $f
+set -e; . /usr/local/lib/bash-bear; set +e
+
usage() {
cat <<EOF
usage() {
cat <<EOF
@@
-53,7
+54,7
@@
libremanage_host=wrt2
lanip=1
while getopts hm:t:yz opt; do
case $opt in
lanip=1
while getopts hm:t:yz opt; do
case $opt in
- h) usage ;;
+ h) usage
0
;;
t)
case $2 in
2|3)
t)
case $2 in
2|3)
@@
-112,6
+113,7
@@
fi
secrets=false
if [[ -e /root/router-secrets ]]; then
secrets=true
secrets=false
if [[ -e /root/router-secrets ]]; then
secrets=true
+ # shellcheck source=/p/router-secrets
source /root/router-secrets
fi
source /root/router-secrets
fi
@@
-139,7
+141,7
@@
pmirror() {
# doesn't go into the firmware. build new firmware if you want
# lots of upgrades. I think /tmp/opkg-lists is a pre openwrt 14 location.
f=(/var/opkg-lists/*)
# doesn't go into the firmware. build new firmware if you want
# lots of upgrades. I think /tmp/opkg-lists is a pre openwrt 14 location.
f=(/var/opkg-lists/*)
- if ! (( $(date -r $
f
+%s) + 60*60*24 > $(date +%s) )); then
+ if ! (( $(date -r $
{f[0]}
+%s) + 60*60*24 > $(date +%s) )); then
if ! opkg update; then
echo "$0: warning: opkg update failed" >&2
fi
if ! opkg update; then
echo "$0: warning: opkg update failed" >&2
fi
@@
-157,7
+159,7
@@
pi() {
pmirror
fi
done
pmirror
fi
done
- if
[[ $to_install ]]
; then
+ if
(( ${#to_install[@]} >= 1 ))
; then
opkg install ${to_install[@]}
fi
}
opkg install ${to_install[@]}
fi
}
@@
-238,7
+240,7
@@
fi
if $secrets; then
key=${rkey[$h]}
fi
if $secrets; then
key=${rkey[$h]}
fi
-:
${key:=pictionary49}
+:
"${key:=pictionary49}"
mask=255.255.0.0
cidr=16
mask=255.255.0.0
cidr=16
@@
-536,8
+538,7
@@
EOF
# option config /etc/openvpn/client.conf
# EOF
# option config /etc/openvpn/client.conf
# EOF
-wgip4=10.3.0.1/24
-wgip6=fdfd::1/64
+
wgport=26000
network_restart=false
wgport=26000
network_restart=false
@@
-577,10
+578,10
@@
if $network_restart; then
v /etc/init.d/network reload
fi
v /etc/init.d/network reload
fi
-firewall-cedit() {
- if $client; then
- cedit wific /etc/config/firewall <<EOF
+### begin firewall edits ###
+if $client; then
+ cedit wific /etc/config/firewall <<EOF || firewall_restart=true
config zone
option name wwan
option input REJECT
config zone
option name wwan
option input REJECT
@@
-590,11
+591,11
@@
config zone
option mtu_fix 1
option network wwan
EOF
option mtu_fix 1
option network wwan
EOF
-
fi
+fi
-
case $hostname in
-
wrt)
- cedit host /etc/config/firewall <<EOF
+case $hostname in
+ wrt)
+ cedit host /etc/config/firewall <<EOF || firewall_restart=true
config redirect
option name ssh
option src wan
config redirect
option name ssh
option src wan
@@
-602,9
+603,9
@@
config redirect
option dest_ip $l.3
option dest lan
EOF
option dest_ip $l.3
option dest lan
EOF
-
;;
-
cmc)
- cedit host /etc/config/firewall <<EOF
+ ;;
+ cmc)
+ cedit host /etc/config/firewall <<EOF || firewall_restart=true
config redirect
option name ssh
option src wan
config redirect
option name ssh
option src wan
@@
-612,11
+613,12
@@
config redirect
option dest_ip $l.2
option dest lan
EOF
option dest_ip $l.2
option dest lan
EOF
-
;;
-
esac
+ ;;
+esac
-
- cedit /etc/config/firewall <<EOF
+{
+ . /root/cmc-firewall-data
+ cat <<EOF
## begin no external dns for ziva
config rule
option src lan
## begin no external dns for ziva
config rule
option src lan
@@
-666,7
+668,6
@@
config rule
option target REJECT
## end no external dns for ziva
option target REJECT
## end no external dns for ziva
-$(. /root/cmc-firewall-data)
config rule
option src wan
config rule
option src wan
@@
-790,7
+791,7
@@
config redirect
option src wan
option src_dport 80
option dest lan
option src wan
option src_dport 80
option dest lan
- option dest_ip $l.
7
+ option dest_ip $l.
9
option proto tcp
config rule
option src wan
option proto tcp
config rule
option src wan
@@
-803,7
+804,7
@@
config redirect
option src wan
option src_dport 443
option dest lan
option src wan
option src_dport 443
option dest lan
- option dest_ip $l.
7
+ option dest_ip $l.
9
option proto tcp
config rule
option src wan
option proto tcp
config rule
option src wan
@@
-891,8
+892,9
@@
config rule
option family ipv6
EOF
option family ipv6
EOF
-}
-firewall-cedit || firewall_restart=true
+} | cedit /etc/config/firewall || firewall_restart=true
+### end firewall edits ###
+
# firewall comment:
# not using and in newer wrt, fails, probably due to nonexistent file, error output
# firewall comment:
# not using and in newer wrt, fails, probably due to nonexistent file, error output
@@
-1028,9
+1030,10
@@
EOF
# order to be comprehensive
# order to be comprehensive
- cedit /etc/unbound/unbound_ext.conf <<EOF || unbound_restart=true
-$(. /root/ptr-data)
+ {
+ . /root/ptr-data
+ cat <<EOF
local-data-ptr: "10.2.0.1 cmc.b8.nz"
local-data-ptr: "10.2.0.1 cmc.b8.nz"
@@
-1073,6
+1076,7
@@
view:
# try global if no match in view
view-first: yes
EOF
# try global if no match in view
view-first: yes
EOF
+ } | cedit /etc/unbound/unbound_ext.conf || unbound_restart=true
if $unbound_restart; then
if $unbound_restart; then
@@
-1103,15
+1107,16
@@
fi # end if $ap
# so make sure we have this dir or else dnsmasq will fail
# to start.
mkdir -p /mnt/usb/tftpboot
# so make sure we have this dir or else dnsmasq will fail
# to start.
mkdir -p /mnt/usb/tftpboot
-cedit /etc/dnsmasq.conf <<EOF || dnsmasq_restart=true
+{
+ # generated with host-info-update
+ . /root/dnsmasq-data
+ cat <<EOF
# no dns
port=0
server=/b8.nz/#
ptr-record=1.0.2.10.in-addr.arpa.,cmc.b8.nz
# no dns
port=0
server=/b8.nz/#
ptr-record=1.0.2.10.in-addr.arpa.,cmc.b8.nz
-# generated with host-info-update
-$(. /root/dnsmasq-data)
# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
stop-dns-rebind
# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
stop-dns-rebind
@@
-1184,6
+1189,8
@@
dhcp-optsfile=/var/run/dnsmasq/dhcpopts.conf
# for debugging dhcp
#log-queries=extra
EOF
# for debugging dhcp
#log-queries=extra
EOF
+} | cedit /etc/dnsmasq.conf || dnsmasq_restart=true
+
if $dnsmasq_restart && ! $dev2 && ! $ap; then
if $dnsmasq_restart && ! $dev2 && ! $ap; then