X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=trusted-network;h=1b0ee8d8f39f97bcca562b3029fd8bc1b86e3eef;hb=ce4cacd36c5b5babeea85d0f93771017e6169180;hp=3f5154162d9f94530210764441988eab0f977530;hpb=b28eebdf9143aa17733f233b30b96f462008f3b6;p=distro-setup

diff --git a/trusted-network b/trusted-network
index 3f51541..1b0ee8d 100755
--- a/trusted-network
+++ b/trusted-network
@@ -1,22 +1,86 @@
-#!/bin/bash -l
+#!/bin/bash
+
+# Usage: run to trust or untrust dns. public wifi sometimes needs to
+# trust dns initially to log in.
 
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 
-# Usage: run when switching from an untrusted network like public wifi
-# to a trusted one.
+source /a/bin/errhandle/err
+
+readonly this_file=$(readlink -f -- "${BASH_SOURCE[0]}")
+readonly this_dir="${this_file%/*}"
+script_name="${BASH_SOURCE[0]}"
+script_name="${script_name##*/}"
+
+# removes malware and adult content
+servers=(1.1.1.3 1.0.0.3 2606:4700:4700::1113 2606:4700:4700::1003)
+
+servers=(1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001)
+
+## trying out google
+servers=(8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844)
+
+
+
+m() { printf "%s\n" "$*";  "$@"; }
+e() { printf "%s\n" "$@"; }
+i() { # install file
+  local tmp tmpdir dest="$1"
+  local base="${dest##*/}"
+  mkdir -p ${dest%/*}
+  ir=false # i result
+  tmpdir=$(mktemp -d)
+  cat >$tmpdir/"$base"
+  tmp=$(rsync -ic $tmpdir/"$base" "$dest")
+  if [[ $tmp ]]; then
+    printf "%s\n" "$tmp"
+    ir=true
+  fi
+  rm -rf $tmpdir
+}
+
+e $script_name
+exit 0
+
+# i symlinked the script to another name to make it work different
+trust=true
+case $script_name in
+  untrusted-network)
+    trust=false
+    ;;
+esac
+
 
-if [[ -e /etc/NetworkManager/conf.d/dns.conf ]]; then
-  rm -fv /etc/NetworkManager/conf.d/dns.conf
-  if [[ $(systemctl is-active NetworkManager) == active ]]; then
+if $trust; then
+  if [[ -e /etc/NetworkManager/conf.d/dns.conf ]]; then
+    rm -fv /etc/NetworkManager/conf.d/dns.conf
+    if [[ $(systemctl is-active NetworkManager) == active ]]; then
+      m systemctl restart NetworkManager
+    fi
+  fi
+
+  rm -fv /etc/systemd/resolved.conf.d/untrusted-network.conf
+else  #untrusted
+  # https://wiki.archlinux.org/index.php/Systemd-resolved#Manually
+  cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
+[Resolve]
+DNS=${servers[@]}
+Domains=b8.nz
+DNSOverTLS=yes
+EOF
+
+  i /etc/NetworkManager/conf.d/dns.conf <<'EOF'
+[main]
+dns=none
+systemd-resolved=false
+EOF
+
+  if $ir && [[ $(systemctl is-active NetworkManager) == active ]]; then
     m systemctl restart NetworkManager
   fi
 fi
 
-rm -f /etc/systemd/resolved.conf.d/untrusted-network.conf
-
 dhclient_restart=false
 # man dhclient.conf
 if ! grep -qP '\bdomain-name-servers\b' /etc/dhcp/dhclient.conf; then
@@ -26,8 +90,15 @@ if ! grep -qP '\bdomain-name-servers\b' /etc/dhcp/dhclient.conf; then
 fi
 
 
+# wait for networkmanager to come back
+for f in {1..20}; do
+  if read -r _ _ _ _  gateway_if _ < <(ip route get 8.8.8.8); then
+    break
+  fi
+  m sleep 2
+done
+
 
-read -r _ _ _ _  gateway_if _ < <(ip route get 8.8.8.8)
 if [[ $gateway_if ]]; then
   # we could do this, but dhclient is still running and will use its old settings
   # from dependencies of ifupdown,
@@ -47,4 +118,40 @@ else
   e $0: no gateway_if found
 fi
 
-reresolv
+m systemctl restart systemd-resolved
+
+
+
+# just for curiosity i did a
+# wrapper around dhclient, then ifdown eth0; ifup eth0:
+
+# Tue Mar  9 18:29:05 EST 2021
+# args -4 -v -r -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0
+# env
+# ADDRFAM=inet
+# PHASE=pre-down
+# VERBOSITY=0
+# PWD=/sbin
+# IFACE=eth0
+# METHOD=dhcp
+# SHLVL=1
+# LOGICAL=eth0
+# MODE=stop
+# PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# IFUPDOWN_eth0=pre-down
+# _=/usr/bin/env
+# Tue Mar  9 18:29:07 EST 2021
+# args -1 -4 -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0
+# env
+# ADDRFAM=inet
+# PHASE=post-up
+# VERBOSITY=0
+# PWD=/sbin
+# IFACE=eth0
+# METHOD=dhcp
+# SHLVL=1
+# LOGICAL=eth0
+# MODE=start
+# PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# IFUPDOWN_eth0=post-up
+# _=/usr/bin/env