#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
-f=/usr/local/lib/err;test -r $f || { echo "error: $0 no $f" >&2;exit 1;}; . $f
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+set -e; . /usr/local/lib/bash-bear; set +e
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
fi
return 0
fi
- if ip4=$(curl -s4 https://iankelling.org/cgi/pubip); then
- if $force || [[ $cur4 && $ip4 && $cur4 != $ip4 ]]; then
+ if ip4=$(curl --connect-timeout 10 -s4 https://iankelling.org/cgi/pubip); then
+ if $force || [[ $cur4 && $ip4 && $cur4 != "$ip4" ]]; then
up4=true # update ipv4
fi
fi
up6=false
- out6=$(curl -s6 https://iankelling.org/cgi/pubip) ||: # failure allowed if we have no ipv6
+ out6=$(curl --connect-timeout 10 -s6 https://iankelling.org/cgi/pubip) ||: # failure allowed if we have no ipv6
if [[ $out6 ]]; then
dev=$(ip -o a show to $out6 | awk '{print $2}')
# we use slaac with privacy extension, so get our less private more permanent address
mac=$(cat /sys/class/net/$dev/address)
- IFS=: read -a f <<<$mac; set -- ${f[@]}
+ IFS=: read -ra f <<<$mac; set -- ${f[@]}
ip6=${out6%:*:*:*:*}:$(printf %x $((0x$1 + 2)))$2:$3'ff:fe'$4:$5$6
# in case we aren't using slaac
if ! ip a | grep "^ *inet6 $ip6/" &>/dev/null; then
fi
fi
- if $force || [[ $cur6 != $ip6 ]]; then
+ if $force || [[ $cur6 != "$ip6" ]]; then
up6=true
fi
+ # if we failed to get our ipv6 addr, we probably have ipv6
+ # connectivity problem.
+ if [[ ! $ip6 ]]; then
+ ip_arg=-4
+ fi
+
if ! $up4 && ! $up6; then
return 0
fi
# "${SSH_CLIENT%% *}
# to update bind if needed.
- f=$(mktemp)
- cat >>$f <<EOF
+ tmpf=$(mktemp)
+ cat >>$tmpf <<EOF
server iankelling.org
zone b8.nz
EOF
if $up4; then
- cat >>$f <<EOF
+ cat >>$tmpf <<EOF
update delete $dynhost. A
update add $dynhost. 300 A $ip4
update delete $dyndomain. A
if $up6; then
if [[ $ip6 ]]; then
- cat >>$f <<EOF
+ cat >>$tmpf <<EOF
update delete $fqdn. AAAA
update add $fqdn. 60 AAAA $ip6
EOF
else
- cat >>$f <<EOF
+ cat >>$tmpf <<EOF
update delete $fqdn. AAAA
EOF
fi
fi
- cat >>$f <<EOF
+ cat >>$tmpf <<EOF
show
send
answer
quit
EOF
- nsupdate -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$f || nsupdate_fails=$((nsupdate_fails + 1))
- sed -i 's/^server .*/server bk.b8.nz/' $f
- nsupdate -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$f || nsupdate_fails=$((nsupdate_fails + 1))
+ chronic nsupdate $ip_arg -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$tmpf || nsupdate_fails=$((nsupdate_fails + 1))
+ sed -i 's/^server .*/server bk.b8.nz/' $tmpf
+ chronic nsupdate $ip_arg -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$tmpf || nsupdate_fails=$((nsupdate_fails + 1))
if (( nsupdate_fails > nsupdate_fail_limit )); then
echo error: nsupdate is persistently failing >&2
exit 1
fi
+ rm -f $tmpf
}
loop-main() {
# f=key.b8.nz
-# cat >$f <<EOF
+# cat >$tmpf <<EOF
# key b8.nz. {
# algorithm HMAC-SHA512;
# secret "$(awk '$1 == "Key:" {print $2}' Kb8.nz.*.private)";