host-info-update() {
local -A vpn_ips host_ips host_macs nonvpn_ips all_ips
- local -a root_hosts nonroot_hosts host_usbs
+ local -a root_hosts nonroot_hosts
# the hosts with no mac
root_hosts=( bk je li b8.nz )
# hosts is that it is for the User part, the IdentityFile part is
# redundant to *.b8.nz. Also note ${host}i, we only setup those for vpn hosts, but there is no harm in overspecifying here.
root_hosts+=($host ${host}i $host.b8.nz ${host}i.b8.nz)
+ root_hosts_a[$host]=t # a for associative array
else
nonroot_hosts+=($host ${host}i)
fi
# shellcheck disable=SC2016 # shellcheck doesnt know this is sed
sedi '/edits below here are made automatically/,$d' /p/c/machine_specific/li/filesystem/etc/wireguard/wgmail.conf
for host in ${!vpn_ips[@]}; do
- if [[ ${root_ips[$host]} ]]; then
+ if [[ ${root_hosts_a[$host]} ]]; then
# root machines dont actually need vpn, but
# the classification still helps with other
# configurations.
fi
ipsuf=${vpn_ips[$host]}
wghole $host $ipsuf
- sd /b/ds/machine_specific/li/filesystem/etc/openvpn/client-config-hole/$host <<EOF
+ u /b/ds/machine_specific/li/filesystem/etc/openvpn/client-config-hole/$host <<EOF
ifconfig-push 10.5.5.${vpn_ips[$host]} 255.255.255.0
EOF
u /a/bin/ds/machine_specific/$host/filesystem/etc/systemd/system/openvpn-client-tr@.service <<EOF
{
echo "cat <<EOF"
- for host in ${!host_ips[@]}; do
+ for host in ${!host_macs[@]}; do
ipsuf=${host_ips[$host]}
echo "dhcp-host=${host_macs[$host]},set:$host,\$l.$ipsuf,$host"
done
/p/c/machine_specific filesystem/etc/wireguard/wghole.conf
EOF
- files=(/b/ds/machine_specific/li/filesystem/etc/openvpn/client-config-hole/* )
+ files=( /b/ds/machine_specific/li/filesystem/etc/openvpn/client-config-hole/* )
for f in "${files[@]}"; do
- host=${f##/*}
+ host=${f##*/}
if [[ ! ${vpn_ips[$host]} ]]; then
e rm $f
e ssh root@li.b8.nz rm -f $f
fi
done
+
+ {
+ printf "%s" "Host * "
+ sed -n '/^Host /h;/^IdentityFile .*\/home/{g;s/^Host//;s/ / !/gp}' ~/.ssh/config | tr '\n' ' '
+ echo "IdentityFile ~/.ssh/work"
+ } | cedit work-identity ~/.ssh/config || [[ $? == 1 ]]
+
+
}
# usage host ipsuf [extrahost]
# we use .1 to make this be on a different network than kd, so that we can
# talk to transmission on kd from remote host, and still use this
# vpn.
-ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.23 start %i
+ExecStartPre=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.174.28 start %i
ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules
# allow wireguard network to connect
-ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.23.1 dev veth1-client
+ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.28.1 dev veth1-client
ExecStopPost=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop %i
PrivateNetwork=true
BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind
iankelling.org / git / distro-setup / commitdiff