X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=wrt-setup-local;h=fcab6e5a265920b0c8fe159681df978b5ef2d3a3;hb=21353fd35096ba6786c1bae3046b763bfeac5890;hp=1c5338f16b54baf1114fe4f93f5935e0b73e305b;hpb=ed6e4bd94df7d149cf041e95aaad01b6e2da3f85;p=automated-distro-installer

diff --git a/wrt-setup-local b/wrt-setup-local
index 1c5338f..fcab6e5 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -15,21 +15,22 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
+
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 
 usage() {
   cat <<EOF
-usage: ${0##*/} [-h] [-t 2|test] [-m WIRELESS_MAC]
+usage: ${0##*/} [-h] [-t 2|3|test|client] [-m WIRELESS_MAC]
 setup my router in general: dhcp, dns, etc.
 
 Type 2 or 3 is for setting up a backup device, there are two kinds so
 that you can switch the main device to a backup, then a backup to the
 main. Type test is for setting up a testing device.
 
-Passing an empty string for WIRELESS_MAC will cause the device's native
-mac to be used.
+Passing an empty string for WIRELESS_MAC, or if none is defined in the
+secrets file, will cause the device's native mac to be used.
 
 EOF
 
@@ -37,11 +38,27 @@ EOF
 }
 
 
+
+
+
+secrets=false
+if [[ -e /root/router-secrets ]]; then
+  secrets=true
+  source /root/router-secrets
+fi
+rmac=$(cat /sys/class/net/eth0/address)
+if $secrets; then
+  hostname=${rhost[$rmac]}
+fi
+: ${hostname:=wrt}
+
+
+dnsmasq_restart=false
+firewall_restart=false
 dev2=false
 test=false
-hostname=wrt
+client=false
 libremanage_host=wrt2
-
 lanip=1
 while getopts hm:t: opt; do
   case $opt in
@@ -50,7 +67,7 @@ while getopts hm:t: opt; do
       case $2 in
         2|3)
           dev2=true
-          libremanage_host=wrt
+          libremanage_host=$hostname
           ;;&
         2)
           lanip=4
@@ -63,6 +80,9 @@ while getopts hm:t: opt; do
         test)
           test=true
           ;;
+        client)
+          client=true
+          ;;
         *) echo "$0: unexpected arg to -t: $*" >&2; usage 1 ;;
       esac
       ;;
@@ -72,10 +92,10 @@ while getopts hm:t: opt; do
 done
 shift "$((OPTIND-1))"   # Discard the options and sentinel --
 
-if [[ ! $mac ]] && ! $test; then
+if [[ ! $mac ]] && ! $test && $secrets; then
   # if we wanted to increment it
-  #WIRELESSMAC=${WIRELESSMAC:0: -1}$((${WIRELESSMAC: -1} + 2))
-  mac=$WIRELESSMAC
+  #mac=${mac:0: -1}$((${mac: -1} + 2))
+  mac=${rwmac[$rmac]}
 fi
 
 if (( $# != 0 )); then
@@ -152,15 +172,49 @@ uset() {
   fi
 }
 
+udel() {
+  printf "+ udel %s\n" "$*"
+  local key="$1"
+  local val="$2"
+  local service="${key%%.*}"
+  restart_var=${service}_restart
+  if [[ ! ${!restart_var} ]]; then
+    eval $restart_var=false
+  fi
+  if uci get "$key" &>/dev/null; then
+    v uci set "$key"="$val"
+    uci commit $service
+    eval $restart_var=true
+  fi
+}
+
+
 
 ### network config
 ###
-ssid="check out gnu.org"
 lan=10.0.0.0
 if $test; then
-  ssid="gnuv3"
   lan=10.1.0.0
+elif [[ $hostname == cmc ]]; then
+  lan=10.2.0.0
+elif $client; then
+  lan=10.3.0.0
+fi
+
+if $test; then
+  ssid="gnuv3"
+elif $secrets; then
+  ssid=${rssid[$rmac]}
 fi
+
+: ${ssid:=librecmc}
+
+
+if $secrets; then
+  key=${rkey[$rmac]}
+fi
+: ${key:=pictionary49}
+
 mask=255.255.0.0
 cidr=16
 l=${lan%.0}
@@ -175,6 +229,7 @@ cat /root/router >>/etc/shadow
 uset system.@system[0].ttylogin 1
 
 
+
 cat >/usr/bin/archlike-pxe-mount <<'EOFOUTER'
 #!/bin/bash
 # symlinks are collapsed for nfs mount points, so use a bind mount.
@@ -193,10 +248,103 @@ EOFOUTER
 chmod +x /usr/bin/archlike-pxe-mount
 
 sed -i '/^root:/s,/bin/ash$,/bin/bash,' /etc/passwd
+
+
+
+uset dropbear.@dropbear[0].PasswordAuth 0
+uset dropbear.@dropbear[0].RootPasswordAuth 0
+uset dropbear.@dropbear[0].Port 2220
+if ! cmp -s /root/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key; then
+  cp /root/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key
+  dropbear_restart=true
+fi
+
+if $dropbear_restart; then
+  v /etc/init.d/dropbear restart
+fi
+
+
+uset network.lan.ipaddr $l.$lanip
+uset network.lan.netmask $mask
+if $dev2  || $client; then
+  if $dev2; then
+    uset network.lan.gateway $l.1
+    uset network.wan.proto none
+    uset network.wan6.proto none
+  fi
+  /etc/init.d/dnsmasq stop
+  /etc/init.d/dnsmasq disable
+  /etc/init.d/odhcpd stop
+  /etc/init.d/odhcpd disable
+  rm -f /etc/resolv.conf
+  cat >/etc/resolv.conf <<'EOF'
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+EOF
+
+  # things i tried to keep dnsmasq running but not enabled except local dns,
+  # but it didnt work right and i dont need it anyways.
+  # uset dhcp.wan.ignore $dev2 # default is false
+  # uset dhcp.lan.ignore $dev2 # default is false
+  # uset dhcp.@dnsmasq[0].interface lo
+  # uset dhcp.@dnsmasq[0].localuse 0
+  # uset dhcp.@dnsmasq[0].resolvfile /etc/dnsmasq.conf
+  # uset dhcp.@dnsmasq[0].noresolv 1
+  # todo: populate /etc/resolv.conf with a static value
+
+else
+  # these are the defaults
+  uset network.lan.gateway ''
+  uset network.wan.proto dhcp
+  uset network.wan6.proto dhcpv6
+  /etc/init.d/dnsmasq start
+  # todo: figure out why this returns 1
+  /etc/init.d/dnsmasq enable ||:
+  /etc/init.d/odhcpd start
+  /etc/init.d/odhcpd enable
+fi
+
+wireless_restart=false
+
+if $client; then
+  uset wireless.default_radio0.network 'wwan'
+  uset wireless.default_radio0.ssid ${rclientssid[$rmac]}
+  uset wireless.default_radio0.encryption 'psk2'
+  uset wireless.default_radio0.device 'radio0'
+  uset wireless.default_radio0.mode 'sta'
+  uset wireless.default_radio0.bssid ${rclientbssid[$rmac]}
+  # todo: look into whether 5g network is available.
+  uset wireless.default_radio0.key ${rclientkey[$rmac]}
+  uset wireless.radio0.disabled false
+  uset wireless.radio1.disabled true
+else
+  # defaults, just reseting in case client config ran
+  uset wireless.default_radio0.network lan
+  uset wireless.default_radio0.mode ap
+  for x in 0 1; do
+    uset wireless.default_radio$x.ssid "$ssid"
+    uset wireless.default_radio$x.key $key
+    uset wireless.default_radio$x.encryption psk2
+    if [[ $mac ]]; then
+      uset wireless.default_radio$x.macaddr $macpre$((macsuf + 2*x))
+    fi
+    # secondary device has wireless disabled
+    uset wireless.radio$x.disabled $dev2
+  done
+fi
+
+
+
+
+
 # usb, screen, relay are for libremanage
+# rsync is for brc
+#
+# relay package temporarily disabled
+# /root/relay_1.0-1_mips_24kc.ipk
 v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \
-  tcpdump openvpn-openssl adblock libusb-compat /root/relay_1.0-1_mips_24kc.ipk \
-  screen kmod-usb-serial-cp210x kmod-usb-serial-ftdi
+  tcpdump openvpn-openssl adblock libusb-compat \
+  screen kmod-usb-serial-cp210x kmod-usb-serial-ftdi rsync
 
 cat >/etc/libremanage.conf <<EOF
 ${libremanage_host}_type=switch
@@ -275,31 +423,6 @@ EOF
 
 
 
-uset dropbear.@dropbear[0].PasswordAuth 0
-uset dropbear.@dropbear[0].RootPasswordAuth 0
-uset dropbear.@dropbear[0].Port 2220
-if ! cmp -s /root/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key; then
-  cp /root/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key
-  dropbear_restart=true
-fi
-
-wireless_restart=false
-key=pictionary49
-for x in 0 1; do
-  uset wireless.default_radio$x.ssid "$ssid"
-  uset wireless.default_radio$x.key $key
-  uset wireless.default_radio$x.encryption psk2
-  if [[ $mac ]]; then
-    uset wireless.default_radio$x.macaddr $macpre$((macsuf + 2*x))
-  fi
-  # secondary device has wireless disabled
-  uset wireless.radio$x.disabled $dev2
-done
-
-if $wireless_restart; then
-  v wifi
-fi
-
 
 ########## openvpn exampl
 ########## missing firewall settings for routing lan
@@ -323,79 +446,181 @@ fi
 #         option config /etc/openvpn/client.conf
 # EOF
 
+wgip4=10.3.0.1/24
+wgip6=fdfd::1/64
+wgport=26000
 
+network_restart=false
+if $client; then
+  v cedit wific /etc/config/network <<EOF || network_restart=true
+# https://openwrt.org/docs/guide-user/network/wifi/connect_client_wifi
+config interface 'wwan'
+ option proto 'dhcp'
+EOF
+fi
 
-v cedit /etc/config/network <<EOF || v /etc/init.d/network reload
+v cedit /etc/config/network <<EOF || network_restart=true
 config 'route' 'transmission'
-        option 'interface' 'lan'
-        option 'target' '10.173.0.0'
-        option 'netmask' '255.255.0.0'
-        option 'gateway' '$l.3'
+ option 'interface' 'lan'
+ option 'target' '10.173.0.0'
+ option 'netmask' '255.255.0.0'
+ option 'gateway' '$l.3'
+
+option interface 'wg0'
+ option proto 'wireguard'
+ option private_key '$(cat /root/wg.key)'
+ option listen_port $wgport
+ list addresses '10.3.0.1/24'
+ list addresses 'fdfd::1/64'
+
+# tp
+config wireguard_wg0 'wgclient'
+ option public_key '3q+WJGrm85r59NgeXOIvppxoW4ux/+koSw6Fee1c1TI='
+ option preshared_key '$(cat /root/wg.psk)'
+ list allowed_ips '10.3.0.2/24'
+ list allowed_ips 'fdfd::2/64'
 EOF
 
-firewall_restart=false
-v cedit /etc/config/firewall <<EOF || firewall_restart=true
+if $network_restart; then
+  v /etc/init.d/network reload
+fi
 
+firewall-cedit() {
+
+  if $client; then
+    v cedit wific /etc/config/firewall <<EOF
+config zone
+ option name    wwan
+ option input    REJECT
+ option output   ACCEPT
+ option forward  REJECT
+ option masq     1
+ option mtu_fix  1
+ option network  wwan
+EOF
+  fi
 
+  case $hostname in
+    wrt)
+      v cedit host /etc/config/firewall <<EOF
 config redirect
  option name ssh
  option src              wan
  option src_dport        22
- option dest_ip          $l.8
+ option dest_ip          $l.3
+ option dest             lan
+EOF
+      ;;
+    cmc)
+      v cedit host /etc/config/firewall <<EOF
+config redirect
+ option name ssh
+ option src              wan
+ option src_dport        22
+ option dest_ip          $l.2
  option dest             lan
+EOF
+      ;;
+  esac
+
+  v cedit /etc/config/firewall <<EOF
 config rule
  option src              wan
  option target           ACCEPT
  option dest_port        22
 
 config redirect
- option name sshalt
+ option name sshtp
  option src              wan
- option src_dport        2222
+ option src_dport        2202
  option dest_port        22
- option dest_ip          $l.3
+ option dest_ip          $l.2
  option dest             lan
 config rule
  option src              wan
  option target           ACCEPT
- option dest_port        2222
+ option dest_port        2202
 
+config redirect
+ option name sshx2
+ option src              wan
+ option src_dport        2205
+ option dest_port        22
+ option dest_ip          $l.5
+ option dest             lan
 config rule
  option src              wan
  option target           ACCEPT
- option dest_port        2220
-
+ option dest_port        2205
 
 config redirect
+ option name sshx3
  option src              wan
- option src_dport        443
+ option src_dport        2207
+ option dest_port        22
+ option dest_ip          $l.7
  option dest             lan
+config rule
+ option src              wan
+ option target           ACCEPT
+ option dest_port        2207
+
+config redirect
+ option name sshtp
+ option src              wan
+ option src_dport        2208
+ option dest_port        22
  option dest_ip          $l.8
- option proto            tcp
+ option dest             lan
 config rule
  option src              wan
  option target           ACCEPT
- option dest_port        443
- option proto            tcp
+ option dest_port        2208
 
 config redirect
+ option name sshbb8
  option src              wan
- option src_dport        1196
+ option src_dport        2209
+ option dest_port        22
+ option dest_ip          $l.9
  option dest             lan
- option dest_ip          $l.8
- option proto            udp
 config rule
  option src              wan
  option target           ACCEPT
- option dest_port        1196
+ option dest_port        2209
+
+config redirect
+ option name icecast
+ option src              wan
+ option src_dport        8000
+ option dest_port        8000
+ option dest_ip          $l.2
+ option dest             lan
+config rule
+ option src              wan
+ option target           ACCEPT
+ option dest_port        8000
+
+config rule
+ option name sshwrt
+ option src              wan
+ option target           ACCEPT
+ option dest_port        2220
+
+config rule
+ option name wg
+ option src              wan
+ option target           ACCEPT
+ option dest_port        $wgport
  option proto            udp
 
 
 config redirect
+ option name httpkd
  option src              wan
  option src_dport        80
  option dest             lan
- option dest_ip          $l.8
+ option dest_ip          $l.2
  option proto            tcp
 config rule
  option src              wan
@@ -403,6 +628,19 @@ config rule
  option dest_port        80
  option proto            tcp
 
+config redirect
+ option name httpskd
+ option src              wan
+ option src_dport        443
+ option dest             lan
+ option dest_ip          $l.2
+ option proto            tcp
+config rule
+ option src              wan
+ option target           ACCEPT
+ option dest_port        443
+ option proto            tcp
+
 config redirect
  option name syncthing
  option src              wan
@@ -458,32 +696,34 @@ config rule
  option target ACCEPT
  option family ipv6
 
-
 EOF
+}
+firewall-cedit || firewall_restart=true
+
+# not using wireguard for now
+# if ! uci get firewall.@zone[1].network | grep wg0 &>/dev/null; then
+#   # cant mix cedit plus uci
+#   echo | cedit /etc/config/firewall ||:
+#   uci add_list firewall.@zone[1].network=wg0
+#   uci commit firewall
+#   firewall-cedit ||:
+#   firewall_restart=true
+# fi
 
 
 
-
-dnsmasq_restart=false
 v cedit /etc/hosts <<EOF || dnsmasq_restart=true
-127.0.1.1 wrt
-$l.1 wrt
-$l.2 kd
-$l.3 frodo
-$l.4 wrt2
-$l.5 x2
-$l.6 demohost
-$l.7 x3
-$l.8 tp b8.nz faiserver
-$l.9 bb8
-$l.14 wrt3
-72.14.176.105 li
-172.105.84.95 l2
-
-# netns creation looks for next free subnet starting at 10.173, but I only
-# use one, and I would keep this one as the first created.
-10.173.0.2 transmission
+127.0.1.1 $hostname
 EOF
+# not sure this case statement is needed
+case $hostname in
+  cmc)
+    v cedit host /etc/hosts <<EOF || dnsmasq_restart=true
+$l.1 $hostname
+EOF
+    ;;
+esac
+
 
 #mail_host=$(grep -F mail.iankelling.org /etc/hosts | awk '{print $1}')
 # if [[ $mail_host ]]; then
@@ -491,21 +731,20 @@ EOF
 # fi
 
 
-# avoid using the dns servers that my isp tells me about.
-if [[ $(uci get dhcp.@dnsmasq[0].resolvfile 2>/dev/null) ]]; then
-  # default is '/tmp/resolv.conf.auto', we switch to the dnsmasq default of
-  # /etc/resolv.conf. not sure why I did this.
-  v uci delete dhcp.@dnsmasq[0].resolvfile
-  uci commit dhcp
-  dnsmasq_restart=true
-fi
-
 uset dhcp.@dnsmasq[0].domain b8.nz
-uset dhcp.@dnsmasq[0].local /b8.nz/
 uset system.@system[0].hostname $hostname
-
-if [[ $(uci get adblock.global.adb_enabled) != 1 ]]; then
-  v uci set adblock.global.adb_enabled=1
+uset dhcp.@dnsmasq[0].local
+
+# uci doesnt seem to have a way to set an empty value,
+# if you delete it, it goes back to the default. this seems
+# to be a decent workaround.
+# todo: setup /etc/resolv.conf to point to 127.0.0.1
+uset dhcp.@dnsmasq[0].resolvfile=/dev/null
+
+# disabled for now. i want to selectively enable it
+# for specific hosts.
+if [[ $(uci get adblock.global.adb_enabled) != 0 ]]; then
+  v uci set adblock.global.adb_enabled=0
   uci commit adblock
   /etc/init.d/adblock restart
 fi
@@ -522,17 +761,24 @@ EOF
 # to start.
 mkdir -p /mnt/usb/tftpboot
 v cedit /etc/dnsmasq.conf <<EOF || dnsmasq_restart=true
-server=/dmarctest.b8.nz/#
-server=/_domainkey.b8.nz/#
-server=/_dmarc.b8.nz/#
-server=/ns1.b8.nz/#
-server=/ns2.b8.nz/#
-mx-host=b8.nz,mail.iankelling.org,10
-txt-record=b8.nz,"v=spf1 a ?all"
-
+server=/b8.nz/#
+ptr-record=1.0.2.10.in-addr.arpa.,cmc.b8.nz
+ptr-record=2.0.2.10.in-addr.arpa.,kd.b8.nz
+ptr-record=4.0.2.10.in-addr.arpa.,wrt2.b8.nz
+ptr-record=5.0.2.10.in-addr.arpa.,x2.b8.nz
+ptr-record=6.0.2.10.in-addr.arpa.,xw2.b8.nz
+ptr-record=7.0.2.10.in-addr.arpa.,rp.b8.nz
+ptr-record=8.0.2.10.in-addr.arpa.,tp.b8.nz
+ptr-record=9.0.2.10.in-addr.arpa.,bb8.b8.nz
+ptr-record=12.0.2.10.in-addr.arpa.,demohost.b8.nz
+ptr-record=14.0.2.10.in-addr.arpa.,wrt3.b8.nz
+ptr-record=19.0.2.10.in-addr.arpa.,brother.b8.nz
+ptr-record=25.0.2.10.in-addr.arpa.,hp.b8.nz
+ptr-record=.0.2.10.in-addr.arpa.,transmission.b8.nz
 
 # https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
 stop-dns-rebind
+rebind-domain-ok=b8.nz
 
 # this says the ip of default gateway and dns server,
 # but I think they are unneded and default
@@ -573,15 +819,25 @@ dhcp-host=c8:60:00:31:6b:75,set:kd,$l.2,kd
 # top port, iPXE (PCI 04:00.0) in seabios boot menu
 #dhcp-host=c8:60:00:2b:15:07,set:kd,$l.2,kd
 dhcp-host=00:26:18:97:bb:16,set:frodo,$l.3,frodo
-# 4 is reserved for a staticly configured host.
-dhcp-host=00:1f:16:16:39:24,set:x2,$l.5,x2
+# 4 is reserved for a staticly configured host wrt2
+# old x2 with bad fan
+#dhcp-host=00:1f:16:16:39:24,set:x2,$l.5,x2
+dhcp-host=f0:de:f1:81:ec:88,set:x2,$l.5,x2
+dhcp-host=c4:8e:8f:44:f5:63,set:x2w,$l.6,x2w
 # This is so fai can have an explicit name to use for testing,
 # or else any random machine which did a pxe boot would get
 # reformatted. The mac is from doing a virt-install, cancelling it,
 # and copying the generated mac, so it should be randomish.
-dhcp-host=52:54:00:9c:ef:ad,set:demohost,$l.6,demohost
-dhcp-host=00:1f:16:14:01:d8,set:tp,$l.7,x3
+dhcp-host=fa:08:f8:4c:14:1c,set:tp,$l.7,rp
 dhcp-host=80:fa:5b:1c:6e:cf,set:tp,$l.8,tp
+dhcp-host=52:54:00:9c:ef:ad,set:demohost,$l.12,demohost
+dhcp-host=62:03:cb:a8:3e:a3,set:trp,$1.13,trp
+dhcp-host=00:1f:16:14:01:d8,set:tp,$l.18,x3
+# BRN001BA98CA823 in dhcp logs
+dhcp-host=00:1b:a9:8c:a8:23,set:tp,$l.19,brother
+dhcp-host=38:63:bb:07:5a:f9,set:tp,$l.25,hp
+dhcp-host=00:26:b6:f6:0f:e9,set:frodow,$l.28,frodow
+
 
 # faiserver vm
 dhcp-host=52:54:00:56:09:f9,set:faiserver,$l.15,faiserver
@@ -598,25 +854,26 @@ dhcp-host=b4:75:0e:94:29:ca,set:switch9429ca,$l.251,switch9429ca
 # It has no sensitive info.
 enable-tftp=br-lan
 tftp-root=/mnt/usb/tftpboot
-EOF
+dhcp-optsfile=/etc/dnsmasq-dhcpopts.conf
 
-uset network.lan.ipaddr $l.$lanip
-uset network.lan.netmask $mask
-uset dhcp.wan.ignore $dev2 # default is false
-uset dhcp.lan.ignore $dev2 # default is false
-if $dev2; then
-  uset network.lan.gateway $l.1
-  uset network.wan.proto none
-  uset network.wan6.proto none
-else
-  # these are the defaults
-  uset network.lan.gateway ''
-  uset network.wan.proto dhcp
-  uset network.wan6.proto dhcpv6
-fi
+#log-queries=extra
+EOF
 
 
-if $dnsmasq_restart; then
+if $dnsmasq_restart && ! $dev2; then
+  # todo: can our ptr records be put in /etc/hosts?
+  # eg: user normal /etc/hosts records, and they wont be used for A resolution
+  # due to the other settings, but will be used for ptr? then maybe
+  # we dont have to restart dnsmasq for a dns update?
+  #
+  # todo: according to this
+  # https://www.redpill-linpro.com/techblog/2019/08/27/evaluating-local-dnssec-validators.html#toggling-dnssec-validation-1
+  # we should turn on dnssec validation when wrt gets version > 2.80. currently at 2.80.
+  # todo: download https://downloads.openwrt.org/snapshots/packages/mipsel_24kc/base/dnsmasq_2.84~~test3-1_mipsel_24kc.ipk
+  # and install it. then we can turn off dnssec in systemd-resolved
+  #
+  # Also, reload of dnsmasq seems to break things, wifi
+  # clients were not getting internet connectivity.
   v /etc/init.d/dnsmasq restart
 fi
 
@@ -624,13 +881,14 @@ if $firewall_restart; then
   v /etc/init.d/firewall restart
 fi
 
+# this may just restart the network and take care of the network_restart below.
+if $wireless_restart; then
+  v wifi
+fi
 
-
+# todo: we should catch errors and still run this if needed
 if $network_restart; then
   reboot
 fi
-if $dropbear_restart; then
-  v /etc/init.d/dropbear restart
-fi
 
 exit 0