X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=brc2;fp=brc2;h=53d713a54c4a9a9b8d6a6f1aa5b76e971e5a7541;hb=f68d910fd20082a8c1bacd511b321296f328a799;hp=45249e6a8f533e812f6a15d394058503c14ad793;hpb=d4794b0f6ba0896e70ae1b04ae519b0e45af20da;p=distro-setup

diff --git a/brc2 b/brc2
index 45249e6..53d713a 100644
--- a/brc2
+++ b/brc2
@@ -2574,10 +2574,13 @@ ilog-local() {
   done
 }
 ilog() {
-  local chan
+  local chan tmpf
+  tmpf=$(mktemp)
   chan="${1:-#fsfsys}"
   # use * instead of -r since that does sorted order
-  sl root@iankelling.org ilog-local "$chan" | less +G
+  sl root@li.b8.nz ilog-local "$chan" > $tmpf
+  less +G $tmpf
+  rm -f $tmpf
 }
 
 o() {
@@ -2644,7 +2647,7 @@ host-info-all() {
 # wrt-setup
 host-info-update() {
 
-  local -A vpn_ips host_ips host_macs nonvpn_ips
+  local -A vpn_ips host_ips host_macs nonvpn_ips all_ips
   local -a root_hosts nonroot_hosts
 
   # the hosts with no mac
@@ -2656,39 +2659,101 @@ host-info-update() {
 
   while read -r ip host mac opts; do
     if [[ $ip == *#*  || ! $host ]]; then continue; fi
-    if [[ $opts == vpn ]]; then
+
+    # opt parsing
+    vpn=false
+    root=false
+    for opt in $opts; do
+      case $opt in
+        user=root)
+          root=true
+          ;;
+        vpn)
+          vpn=true
+          ;;
+      esac
+    done
+
+    all_ips[$host]=$ip
+    if $vpn; then
       vpn_ips[$host]=$ip
     else
       nonvpn_ips[$host]=$ip
     fi
-
-
-    if [[ $opts == user=root ]]; then
-      # note: the b8.nz suffix is for the User part, the IdentityFile
-      # part is redundant to *.b8.nz.
-      root_hosts+=($host i$host $host.b8.nz i$host.b8.nz)
+    if $root; then
+      # note: the reason we have b8.nz suffix here but not for non_root
+      # hosts is that it is for the User part, the IdentityFile part is
+      # redundant to *.b8.nz. Also note ${host}i, we only setup those for vpn hosts, but there is no harm in overspecifying here.
+      root_hosts+=($host ${host}i $host.b8.nz ${host}i.b8.nz)
     else
-      nonroot_hosts+=($host i$host)
+      nonroot_hosts+=($host ${host}i)
     fi
 
     host_ips[$host]=$ip
     host_macs[$host]=$mac
   done </p/c/host-info
 
-  cedit /p/c/subdir_files/.ssh/config <<EOF || [[ $? == 1 ]]
+  {
+    cat <<EOF
 Host ${nonroot_hosts[@]}
 User iank
 IdentityFile ~/.ssh/home
 
 Host ${root_hosts[@]}
 IdentityFile ~/.ssh/home
+
 EOF
+    for host in ${!vpn_ips[@]}; do
+      ipsuf=${vpn_ips[$host]}
+      cat <<EOF
+Host ${host}i
+Hostname b8.nz
+Port $((2200 + ipsuf))
+
+EOF
+    done
+
+    # convenience of one auth key entry
+    for host in ${!all_ips[@]}; do
+      cat <<EOF
+Host $host ${host}i $host.b8.nz ${host}i.b8.nz
+HostKeyAlias $host.b8.nz
+EOF
+    done
+  } | cedit /p/c/subdir_files/.ssh/config || [[ $? == 1 ]]
+
+  {
+    echo "cat <<EOF"
+    for host in ${!vpn_ips[@]}; do
+      ipsuf=${vpn_ips[$host]}
+      i_port=$(( 2200 + ipsuf ))
+      cat <<EOF
+config redirect
+ option name ssh$host
+ option src              wan
+ option src_dport        $i_port
+ option dest_port        22
+ option dest_ip          \$l.$ipsuf
+ option dest             lan
+config rule
+ option src              wan
+ option target           ACCEPT
+ option dest_port        $i_port
+EOF
+    done
+    echo "EOF"
+  } >/p/c/cmc-firewall-data
 
 
   local host ipsuf f files
 
+  # shellcheck disable=SC2016 # shellcheck doesnt know this is sed
   sedi '/edits below here are made automatically/,$d' /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf
   for host in ${!vpn_ips[@]}; do
+    if [[ ${root_ips[$host]} ]]; then
+      # root machines dont run transmission
+      continue
+    fi
     ipsuf=${vpn_ips[$host]}
     wghole $host $ipsuf
     u /a/bin/ds/machine_specific/$host/filesystem/etc/systemd/system/openvpn-client-tr@.service <<EOF
@@ -2735,6 +2800,7 @@ EOF
     echo "cat <<EOF"
     for host in ${!host_ips[@]}; do
       ipsuf=${host_ips[$host]}
+      # shellcheck disable=SC2016 # intentional
       echo 'local-data-ptr: "$l.'$ipsuf $host.b8.nz'"'
     done
     echo "EOF"