# comparing ian's groups to traci, I see none she should join on arch
$ROOTCMD usermod -a -G traci ian
-getent group docker &>/dev/null || groupadd -r docker
-usermod -a -G docker ian
+$ROOTCMD getent group docker &>/dev/null || $ROOTCMD groupadd -r docker
+$ROOTCMD usermod -a -G docker ian
# based on unison error, with 8192 from
# sysctl -a | grep fs.inotify.max_user_watches
Usage: ${0##*/} [OPTIONS] [HOST TYPE]
Configure dnsmasq pxe server options and fai-chboot if appropriate.
-
Without HOST TYPE, disable pxe server and fai server.
-TYPE is one of arch, plain, fai.
-HOST is a hostname known to the dhcp server, or default for all
-Note, when switching between plain and arch, you will need to
-do something like:
-ssh wrt
-cd /mnt/usb
-rm tftpboot
-ln -s <arch/debian iso dir> tftpboot
+
+HOST A hostname known to the dhcp server, or default for all.
+TYPE One of arch, plain, fai.
-r Don't redeploy fai config. For example, if there is a different host
-h|--help Print help and exit
+Note, when switching between plain and arch, you will need to
+do something like:
+ssh wrt
+cd /mnt/usb
+rm tftpboot
+ln -s <arch/debian iso dir> tftpboot
+
+
Note: Uses GNU getopt options parsing style
EOF
exit $1
option dest_port 2222
config redirect
- option src wan
- option src_dport 443
- option dest lan
- option dest_ip 192.168.1.2
- option proto tcp
+ option src wan
+ option src_dport 443
+ option dest lan
+ option dest_ip 192.168.1.2
+ option proto tcp
config rule
- option src wan
- option target ACCEPT
- option dest_port 443
- option proto tcp
+ option src wan
+ option target ACCEPT
+ option dest_port 443
+ option proto tcp
config redirect
- option src wan
- option src_dport 80
- option dest lan
- option dest_ip 192.168.1.2
- option proto tcp
+ option src wan
+ option src_dport 80
+ option dest lan
+ option dest_ip 192.168.1.2
+ option proto tcp
config rule
- option src wan
- option target ACCEPT
- option dest_port 80
- option proto tcp
+ option src wan
+ option target ACCEPT
+ option dest_port 80
+ option proto tcp
config redirect
option name syncthing
option target ACCEPT
option dest_port 22001
+#### begin rules for nfs ####
+# https://serverfault.com/questions/377170/which-ports-do-i-need-to-open-in-the-firewall-to-use-nfs
+# https://wiki.debian.org/SecuringNFS
+# I had no /etc/default/quota, or any process named quota anything,
+# so, assumed that was unneeded. seems to work.
+config redirect
+ option src wan
+ option src_dport 111
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 111
+config redirect
+ option src wan
+ option src_dport 2049
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 2049
+config redirect
+ option src wan
+ option src_dport 32764
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 32764
+config redirect
+ option src wan
+ option src_dport 32765
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 32765
+config redirect
+ option src wan
+ option src_dport 32766
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 32766
+config redirect
+ option src wan
+ option src_dport 32767
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 32767
+config redirect
+ option src wan
+ option src_dport 32768
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 32768
+#### end rules for nfs ####
+
+
+config redirect
+ option name mariadb
+ option src wan
+ option src_dport 3306
+ option dest lan
+ option dest_ip 192.168.1.2
+ option proto tcp
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 3306
+ option proto tcp
+
+
EOF
iankelling.org / git / automated-distro-installer / commitdiff