X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=wrt-setup;h=d721f6ad36aa3d976e75add20920bb55f4953ec9;hb=d29d21017de635db1d05769144db56f44addd055;hp=044bf826e5510f25541e908a77013dd4d291eeaf;hpb=d9b78f72ce932fff58c4b031f35f8722d8dbae33;p=automated-distro-installer

diff --git a/wrt-setup b/wrt-setup
index 044bf82..d721f6a 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -1,16 +1,27 @@
 #!/bin/bash
+# Copyright (C) 2016 Ian Kelling
 
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
 
-# ssh
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
 
 pmirror() {
     # background: upgrading all packages is not recommended because it
     # doesn't go into the firmware. build new firmware if you want
     # lots of upgrades.
     f=(/tmp/opkg-lists/*)
-    f=${f[0]}
     if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
         opkg update
     fi
@@ -157,6 +168,13 @@ v /etc/init.d/nfsd enable
 # EOF
 
 
+v cedit /etc/config/network <<'EOF' || v /etc/init.d/network reload
+config 'route' 'transmission'
+        option 'interface' 'lan'
+        option 'target' '10.173.0.0'
+        option 'netmask' '255.255.0.0'
+        option 'gateway' '192.168.1.2'
+EOF
 
 v cedit /etc/config/firewall <<'EOF' || firewall_restart=true
 config redirect
@@ -170,31 +188,67 @@ config rule
     option target           ACCEPT
     option dest_port        22
 
+config redirect
+    option name sshalt
+    option src              wan
+    option src_dport        2222
+    option dest_port        22
+    option dest_ip          192.168.1.3
+    option dest             lan
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        2222
+
+config redirect
+    option src              wan
+    option src_dport        443
+    option dest             lan
+    option dest_ip          192.168.1.2
+    option proto            tcp
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        443
+    option proto            tcp
+
+config redirect
+    option src              wan
+    option src_dport        1194
+    option dest             lan
+    option dest_ip          192.168.1.2
+    option proto            udp
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        1194
+    option proto            udp
+
 
-#http/https
 config redirect
-       option src              wan
-       option src_dport        443
-       option dest             lan
-       option dest_ip          192.168.1.2
-       option proto            tcp
+    option src              wan
+    option src_dport        80
+    option dest             lan
+    option dest_ip          192.168.1.2
+    option proto            tcp
 config rule
-       option src              wan
-       option target           ACCEPT
-       option dest_port        443
-       option proto            tcp
+    option src              wan
+    option target           ACCEPT
+    option dest_port        80
+    option proto            tcp
 
 config redirect
-       option src              wan
-       option src_dport        80
-       option dest             lan
-       option dest_ip          192.168.1.2
-       option proto            tcp
+    option name syncthing
+    option src              wan
+    option src_dport        22001
+    option dest_ip          192.168.1.2
+    option dest             lan
 config rule
-       option src              wan
-       option target           ACCEPT
-       option dest_port        80
-       option proto            tcp
+    option src              wan
+    option target           ACCEPT
+    option dest_port        22001
+
+
 
 EOF
 
@@ -203,36 +257,57 @@ EOF
 
 dnsmasq_restart=false
 v cedit /etc/hosts <<EOF || dnsmasq_restart=true
+127.0.1.1 wrt
 192.168.1.1 wrt
-192.168.1.2 treetowl faiserver
+192.168.1.2 treetowl b8.nz faiserver
 192.168.1.3 frodo
 192.168.1.4 htpc
 192.168.1.5 x2
-192.168.1.6 testvm
+192.168.1.6 demohost
+#192.168.1.7 faiserver
 192.168.1.8 tp
+192.168.1.9 n5
 72.14.176.105 li
-173.255.202.210 lj
-23.239.31.172 lk
+45.33.9.11 lj
 138.68.10.24 dopub
-# cant ssh to do when on vpn. some routing/firewall rule or something,
-# I don't know. I can get there from wrt but not my machine.
-# but we can get to it from this address, so, good enough.
-10.8.0.1 do
+# netns creation looks for next free subnet starting at 10.173, but I only
+# use one, and I would keep this one as the first created.
+10.173.0.2 transmission
 EOF
 
 
 # avoid using the dns servers that my isp tells me about.
 if [[ $(uci get dhcp.@dnsmasq[0].resolvfile) ]]; then
     # default is '/tmp/resolv.conf.auto', we switch to the dnsmasq default of
-    # /etc/resolv.conf
+    # /etc/resolv.conf. not sure why I did this.
     v uci delete dhcp.@dnsmasq[0].resolvfile
     uci commit dhcp
     dnsmasq_restart=true
 fi
 
+if [[ $(uci get dhcp.@dnsmasq[0].domain) != b8.nz ]]; then
+    v uci set dhcp.@dnsmasq[0].domain=b8.nz
+    uci commit dhcp
+    dnsmasq_restart=true
+fi
+if [[ $(uci get dhcp.@dnsmasq[0].local) != b8.nz ]]; then
+    v uci set dhcp.@dnsmasq[0].local=/b8.nz/
+    uci commit dhcp
+    dnsmasq_restart=true
+fi
+
+if [[ $(uci get system.@system[0].hostname) != wrt ]]; then
+    v uci set system.@system[0].hostname=wrt
+    uci commit system
+fi
+
 
 # useful: http://wiki.openwrt.org/doc/howto/dhcp.dnsmasq
 
+# sometimes /mnt/usb fails, cuz it's just a flash drive,
+# so make sure we have this dir or else dnsmasq will fail
+# to start.
+mkdir -p /mnt/usb/tftpboot
 v cedit /etc/dnsmasq.conf <<'EOF' || dnsmasq_restart=true
 
 ############ updating dns servers ###################3
@@ -281,8 +356,9 @@ dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2
 # reformatted. The mac is from doing a virt-install, cancelling it,
 # and copying the generated mac, so it should be randomish.
 dhcp-host=52:54:00:9c:ef:ad,set:demohost,192.168.1.6,demohost
-dhcp-host=52:54:00:56:09:f9,set:faiserver,192.168.1.7,faiserver
+#dhcp-host=52:54:00:56:09:f9,set:faiserver,192.168.1.7,faiserver
 dhcp-host=80:fa:5b:1c:6e:cf,set:tp,192.168.1.8,tp
+dhcp-host=c4:43:8f:f2:79:1f,set:n5,192.168.1.9,n5
 # this is the ip it picks by default if dhcp fails,
 # so might as well use it.
 # hostname is the name it uses according to telnet
@@ -294,6 +370,7 @@ dhcp-host=b4:75:0e:94:29:ca,set:switch9429ca,192.168.1.251,switch9429ca
 
 # Just leave the tftp server up even if we aren't doing pxe boot.
 # It has no sensitive info.
+enable-tftp=br-lan
 tftp-root=/mnt/usb/tftpboot
 EOF