# /dev/mapper/crypt_dev_${big_disks[0]} /mnt/i btrfs nofail,$fstabstd,noatime,subvolid=0 0 0
# EOF
# fi
- if [[ $HOSTNAME == kd ]]; then
- # note, having these with keyscript and initramfs causes a luks error in fai.log,
- # but it is safely ignorable and gets us the ability to just type our password
- # in once at boot. A downside is that they are probably needed to be plugged in to boot.
- cat >>/tmp/fai/crypttab <<EOF
+ # helpful for manually running later if these disks move hosts
+ target_etc=/etc
+ target_etc=/tmp/fai
+ if [[ $HOSTNAME == frodo ]]; then
+ cat >>$target_etc/crypttab <<EOF
crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /mnt/root/q/root/luks/iank discard,luks
crypt_dev_ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /dev/disk/by-id/ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /mnt/root/q/root/luks/iank discard,luks
crypt_dev_ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /dev/disk/by-id/ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /mnt/root/q/root/luks/iank discard,luks
EOF
- cat >> /tmp/fai/fstab <<EOF
+ cat >> $target_etc/fstab <<EOF
# r7 = root partition7. it isnt actually #7 anymore, not a great name, but whatever
/dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /mnt/r7 btrfs nofail,$fstabstd,noatime,compress=zstd,subvolid=0 0 0
/dev/mapper/crypt_dev_ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /mnt/rust1 btrfs nofail,$fstabstd,noatime,compress=zstd,subvolid=0 0 0
/dev/mapper/crypt_dev_ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /mnt/rust2 btrfs nofail,$fstabstd,noatime,compress=zstd,subvolid=0 0 0
EOF
fi
+ fi
fi
}
rsync /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
/p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} \
- /p/c/{ptr,dnsmasq,cmc-firewall}-data /p/c/cmc-firewall-data-http /b/bash-bear-trap/bash-bear $h:
+ /p/c/domain-info /p/c/host-info \
+ /p/c/{ptr,dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h:
rsync ../openwrtkeyring/usign/* $h:/etc/opkg/keys
ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
v command cedit -v "$@"
}
+# shellcheck source=/p/c/domain-info
+. /root/domain-info
+d_host_suffix=$(awk '$2 == "'$d_host'" {print $1}' /root/host-info)
### network config
###
option 'interface' 'lan'
option 'target' '10.174.0.0'
option 'netmask' '255.255.0.0'
- option 'gateway' '$l.2'
+ option 'gateway' '$l.$d_host_suffix'
option interface 'wg0'
option proto 'wireguard'
list addresses '10.3.0.1/24'
list addresses 'fdfd::1/64'
-# tp
+# tp # tp is decomissioned, but this is an example of a client.
config wireguard_wg0 'wgclient'
option public_key '3q+WJGrm85r59NgeXOIvppxoW4ux/+koSw6Fee1c1TI='
option preshared_key '$(cat /root/wg.psk)'
option name ssh
option src wan
option src_dport 22
- option dest_ip $l.2
+ option dest_ip $l.$d_host_suffix
option dest lan
EOF
;;
{
# shellcheck source=/p/c/cmc-firewall-data
. /root/cmc-firewall-data
- # sets $http_ip
- # shellcheck source=/p/c/cmc-firewall-data-http
- . /root/cmc-firewall-data-http
cat <<EOF
config redirect
option name http
option src wan
option src_dport 9091
option dest_port 9091
- option dest_ip $l.2
+ option dest_ip $l.$d_host_suffix
option dest lan
config rule
option src wan
# option src wan
# option src_dport 1196
# option dest_port 1196
-# option dest_ip $l.2
+# option dest_ip $l.$d_host_suffix
# option dest lan
# config rule
# option src wan
option src wan
option src_dport 8989
option dest_port 8989
- option dest_ip $l.2
+ option dest_ip $l.$d_host_suffix
option dest lan
config rule
option src wan
option src wan
option src_dport 8000
option dest_port 8000
- option dest_ip $l.2
+ option dest_ip $l.$d_host_suffix
option dest lan
config rule
option src wan
option src wan
option src_dport 4500
option dest_port 4500
- option dest_ip $l.2
+ option dest_ip $l.$d_host_suffix
option dest lan
config rule
option src wan
option src wan
option src_dport 4533
option dest_port 4533
- option dest_ip $l.2
+ option dest_ip $l.$d_host_suffix
option dest lan
config rule
option src wan
# option src lan
# option src_dport 4533
# option dest_port 4533
-# option dest_ip $l.2
+# option dest_ip $l.$d_host_suffix
# option dest lan
# option src wan
# option src_dport 8000
# option dest_port 8000
-# option dest_ip $l.2
+# option dest_ip $l.$d_host_suffix
# option dest lan
# config rule
# option src wan
# option src wan
# option src_dport 8448
# option dest lan
-# option dest_ip $l.2
+# option dest_ip $l.$d_host_suffix
# option proto tcp
# config rule
# option src wan
local-data-ptr: "10.2.0.1 cmc.b8.nz"
-local-data-ptr: "10.174.2.2 transmission.b8.nz"
+local-data-ptr: "10.174.2.$d_host_suffix transmission.b8.nz"
local-data-ptr: "10.173.8.1 defaultnn.b8.nz"
local-data-ptr: "10.173.8.2 nn.b8.nz"
iankelling.org / git / automated-distro-installer / commitdiff