cd $(dirname $(readlink -f "$BASH_SOURCE"))
-export ROOTPW="$1"
-export hostname="$2"
-mirror=$3
+ROOTPW="$(cat /root/shadow/standard)"
+export ROOTPW
+export hostname="$1"
+mirror=$2
+TPPASS="$(cat /root/shadow/traci-simple)"
+export TPPASS
+if [[ $hostname == tp ]]; then
+ ROOTPW="$TPPASS"
+fi
(( $# >= 2 )) || { echo "error: need 2 arguments"; exit 1; }
-case $hostname in
- x2)
- export grubdisk=/dev/sda
- ;;
- demohost)
- export grubdisk=/dev/vda
- ;;
- treetowl)
- bootid=64d495ee-c9fe-4174-b20a-6c5e47abcfa1
- export grubdisk=$(blkid|sed -nr "/$bootid/s/^([^0-9]+).*/\1/p")
- ;;
- frodo)
- rootid=e9ce7b46-9a21-4e79-b7f7-0b18acb57587
- export grubdisk=$(blkid|sed -nr "/$rootid/s/(^[^0-9]*).*/\1/p")
- ;;
- *)
- echo "unrecognized hostname: $hostname"
- exit 1
-esac
-
-if [[ -e /root/devbyid ]]; then
- mv /root/devbyid /usr/bin
-fi
+mv /root/devbyid /usr/bin
rm -f /etc/pacman.d/mirrorlist
# https://wiki.archlinux.org/index.php/Mirrors#Sorting_mirrors
export HOSTNAME=$hostname
export DISTRO=arch
chmod +x partition.DEFAULT
-./partition.DEFAULT
+
+export PARTITION_PROMPT=true
+
+already_partitioned=true
+mount_out=$(mount)
+for dir in /mnt{,/home,/boot,/q}; do
+ regex=" on $dir "
+ if [[ ! $mount_out =~ $regex ]]; then
+ already_partitioned=false
+ break
+ fi
+done
+
+if ! $already_partitioned; then
+ ./partition.DEFAULT
+fi
+
+. /tmp/fai/disk_var.sh
+
+
# arch doesn't need crypttab entries for initramfs crypt partititions
export rootn=1
export bootn=3
export swapn=2
-sed -ri '/^crypt_dev/d' /tmp/fai/crypttab
-mount -o subvol=root_$DISTRO /dev/mapper/crypt_dev_?da$rootn /mnt
-mkdir -p /mnt/{q,home}
-mount -o subvol=q /dev/mapper/crypt_dev_?da$rootn /mnt/q
-mount -o subvol=home_$DISTRO /dev/mapper/crypt_dev_?da$rootn /mnt/home
-mkdir -p /mnt/boot
-mount -o subvol=boot_$DISTRO /dev/?da$bootn /mnt/boot
+export BOOT_DEVICE
+sed -ri "/^crypt_dev_\S+$rootn /d" /tmp/fai/crypttab
+
+if ! $already_partitioned; then
+ mount -o subvol=root_$DISTRO $ROOT_PARTITION /mnt
+ mkdir -p /mnt/{q,home,boot}
+ mount -o subvol=q $ROOT_PARTITION /mnt/q
+ mount -o subvol=home_$DISTRO $ROOT_PARTITION /mnt/home
+ mount -o subvol=boot_$DISTRO $BOOT_PARTITION /mnt/boot
+fi
# https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Keyfiles
cp /root/luks/host-$hostname /mnt/crypto_keyfile.bin
shopt -s extglob
case $hostname in
- # these hosts are broken, not updated to new fai hyrbrid scripts.
+ # todo: these hosts are broken, not updated to new fai hyrbrid scripts.
frodo)
# for this system, no separate /boot, to keep partitions simple,
fi
pacstrap /mnt base
cp /tmp/fai/{fstab,crypttab} /mnt/etc
+cp /usr/bin/devbyid /mnt/root
case $hostname in
frodo)
# the root .ssh needs to be like this,
done
echo $hostname > /etc/hostname
-ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
+[[ -L /etc/localtime ]] || ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
l=en_US.UTF-8
echo "$l UTF-8" > /etc/locale.gen
locale-gen
# # remove extra space
# sed -ri 's/^( *MODULES *=[^"]*)" */\1"/' /etc/mkinitcpio.conf
-# https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
-# used to have lvm2 after encrypt for lvm.
-for x in encrypt encrypt1 btrfs; do sed -ri -f - /etc/mkinitcpio.conf <<EOF
-/^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
-EOF
-done
pacman -S --noconfirm grub gptfdisk
-if [[ $hostname == x2 || $hostname == demohost ]]; then
- echo "$0: fstab:"
- cat /etc/fstab
- # https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
- # if cryptdevice was lvm, it woulde be in this format,
- # where x2-vg is from lvdisplay, VG Name field.
- # cryptdevice=/dev/disk/by-uuid/585dff23-136f-446f-815f-01053b70c957:x2-vg
- # but, if you are using your own fstab, it seems you just give it a name,
- # which will be the crypt device name under /dev/mapper/
- # https://wiki.archlinux.org/index.php/GRUB#Additional_arguments
- crypt_dev=(/dev/?da$rootn)
- crypt_name=crypt_dev_${crypt_dev##/dev/}
- k_args=(
- cryptdevice=$crypt_dev:$crypt_name:allow-discards
- root=/dev/mapper/$crypt_name
- resume=${crypt_dev%[0-9]}$swapn
- )
- crypt_mapper_devs=(/dev/mapper/crypt_dev_?d[a-z]$rootn)
- keyfile_vars=()
- for ((i=1; i < ${#crypt_mapper_devs[@]}; i++)); do
- ((i!=1)) || dup_keys=(" ")
- cp /crypto_keyfile.bin /crypto_keyfile$i.bin
- dup_keys+=(/crypto_keyfile$i.bin)
- base=/usr/lib/initcpio
- cp $base/hooks/encrypt{,$i}
- cp $base/install/encrypt{,$i}
- sed -i "s/cryptdevice/cryptdevice$i/" $base/hooks/encrypt$i
- sed -i "s/cryptkey/cryptkey$i/" $base/hooks/encrypt$i
- crypt_name=${crypt_mapper_devs[i]#/dev/mapper/}
- crypt_dev=/dev/${crypt_name#crypt_dev_}
- k_args+=(cryptdevice$i=$crypt_dev:$crypt_name:allow-discards
- cryptkey$i=rootfs:/crypto_keyfile$i.bin)
- done
- # this is the default file, otherwise you use cryptkey=device:fstype:path
+
+shopt -s extglob
+echo "$0: fstab:"
+cat /etc/fstab
+# https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
+# if cryptdevice was lvm, it woulde be in this format,
+# where x2-vg is from lvdisplay, VG Name field.
+# cryptdevice=/dev/disk/by-uuid/585dff23-136f-446f-815f-01053b70c957:x2-vg
+# but, if you are using your own fstab, it seems you just give it a name,
+# which will be the crypt device name under /dev/mapper/
+# https://wiki.archlinux.org/index.php/GRUB#Additional_arguments
+
+first_boot_dev=${BOOT_DEVICE%% *}
+crypt_dev=${first_boot_dev}$rootn
+crypt_name=$(/root/devbyid $crypt_dev)
+crypt_name=crypt_dev_${crypt_name##*/}
+
+
+k_args=(
+ cryptdevice=$crypt_dev:$crypt_name:allow-discards
+ root=/dev/mapper/$crypt_name
+ resume=${crypt_dev%[0-9]}$swapn
+)
+crypt_mapper_devs=(/dev/mapper/crypt_dev_*$rootn)
+crypt_count=${#crypt_mapper_devs[@]}
+if [[ crypt_count == 0 ]]; then
+ echo "$0: error: expected crypt_mapper_devs length to be > 0"
+ ls -la /dev/mapper
+ exit 1
+fi
+keyfile_vars=()
+dup_keys=()
+extra_encrypt_hooks=()
+
+
+# If we have more than 1 to decrypt, arch wiki lead me onto
+# a sort of hacky way run the encrypt hook multiple times.
+for ((i=1; i < $crypt_count; i++)); do
+ extra_encrypt_hooks+=(encrypt$i)
+ if (( i = 1 )); then dup_keys=(" "); fi # prefix with an empty space
+ cp /crypto_keyfile.bin /crypto_keyfile$i.bin
+ dup_keys+=(/crypto_keyfile$i.bin)
+ base=/usr/lib/initcpio
+ cp $base/hooks/encrypt{,$i}
+ cp $base/install/encrypt{,$i}
+ sed -i "s/cryptdevice/cryptdevice$i/" $base/hooks/encrypt$i
+ sed -i "s/cryptkey/cryptkey$i/" $base/hooks/encrypt$i
+ crypt_name=${crypt_mapper_devs[i]#/dev/mapper/}
+ crypt_dev=/dev/${crypt_name#crypt_dev_}
+ k_args+=(cryptdevice$i=$crypt_dev:$crypt_name:allow-discards
+ cryptkey$i=rootfs:/crypto_keyfile$i.bin)
+done
+
+# https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
+# used to have lvm2 after encrypt for lvm, but not using lvm anymore
+for x in encrypt ${extra_encrypt_hooks[@]} btrfs; do
sed -ri -f - /etc/mkinitcpio.conf <<EOF
+/^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
+EOF
+done
+
+# this is the default file, otherwise you use cryptkey=device:fstype:path
+sed -ri -f - /etc/mkinitcpio.conf <<EOF
s#^\s*FILES=.*#FILES="/crypto_keyfile.bin${dup_keys[*]}"#
EOF
- echo "$0: FILES:"
- grep FILES /etc/mkinitcpio.conf
- k_args="${k_args[*]}"
- echo "$0: grub cmdline additions: $k_args"
- sed -ri -f - /etc/default/grub <<EOF
+echo "$0: FILES:"
+grep FILES /etc/mkinitcpio.conf
+k_args="${k_args[*]}"
+echo "$0: grub cmdline additions: $k_args"
+sed -ri -f - /etc/default/grub <<EOF
\%$k_args%!s%^ *GRUB_CMDLINE_LINUX_DEFAULT *= *"%\0$k_args %
EOF
-fi
mkinitcpio -p linux
#sed -ri 's/^( *GRUB_CMDLINE_LINUX_DEFAULT *= *.*) ?\bquiet\b(.*)/\1\2/' /etc/default/grub
# https://wiki.archlinux.org/index.php/GRUB#Install_to_disk
-grub-install --recheck $grubdisk
+for dev in $BOOT_DEVICE; do
+ grub-install --recheck $dev
+done
grub-mkconfig -o /boot/grub/grub.cfg
pacman -S --noconfirm openssh unison
pacman -S --noconfirm sudo
-useradd -m -p "$ROOTPW" ian
+# 9 = user already exists. so we are idempotent.
+useradd -m -p "$ROOTPW" ian || [[ $? == 9 ]]
+
+if [[ $hostname == frodo ]]; then
+ useradd -m -p "$TPPASS" traci || [[ $? == 9 ]]
+else
+ useradd -m traci || [[ $? == 9 ]]
+fi
+# comparing ian's groups to traci, I see none she should join on arch
+usermod -a -G traci ian
+
/root/distro-install-common/end
systemctl enable sshd
# https://wiki.archlinux.org/index.php/Users_and_groups#Group_list
usermod -aG games,rfkill,users,uucp,wheel ian
-# setup a bridge, so we can have 1st class vms.
+
+pacman -S --noconfirm net-tools # for route
+# get the mac of the interface used by the broadcast route.
+mac=$(cat /sys/class/net/$(route -n | sed -rn 's/^0\.0\.0\.0.*[[:space:]]([^[:space:]]+)[[:space:]]*$/\1/p')/address)
+
+
+# simple bridge.
cat > /etc/systemd/network/wired.network <<EOF
[Match]
Name=en*
DHCP=ipv4
EOF
-pacman -S --noconfirm net-tools # for route
-mac=$(cat /sys/class/net/$(route -n | sed -rn 's/^0\.0\.0\.0.*[[:space:]]([^[:space:]]+)[[:space:]]*$/\1/p')/address)
cat > /etc/systemd/network/br0.netdev <<EOF
[NetDev]
Name=br0
MACAddress=$mac
EOF
+
+
+
for x in networkd resolved; do systemctl enable systemd-$x; done
-#!/bin/bash -lx
+#!/bin/bash -l
+set -x
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
+if [[ ! $1 ]]; then
+ echo "error: expect a hostname in \$1 "
+ exit 1
+fi
host=$1
[[ $host == frodo ]] && scp /a/c/machine_specific/frodo/subdir_files/.ssh/* frodo:.ssh/
sudo scp -r /a/bin/fai/arch-init{,-chroot} \
${fai_files[@]/#//a/bin/fai/fai/config/} \
/a/bin/devbyid \
- /q/root/luks /q/root/shadow root@$host:
+ /q/root/luks /q/root/shadow root@$host:
# creating shadow file string:
# on debian, you can use mkpasswd -m sha-512 to generate a pass.
# arch doesn't have this program. instead, you can do passwd,
# and extract it from the shadow file.
-ssh root@$host bash -x ./arch-init "'$(cat /p/shadow/standard)'" $host $url
+ssh root@$host bash -x ./arch-init $host $url
ssh root@$host reboot now || [[ $? == 255 ]]
# next up is:
# ssh $host /a/bin/distro-begin
-#!/bin/bash -x
+#!/bin/bash
# Set grub to boot into a different distro, and reboot unless -r
# $0 [DISTRO_NAME]
reboot=true
while [[ $1 == -* ]]; do
case $1 in
+ -d) set -x; shift ;;
-r) reboot=false; shift ;;
--) break ;;
esac
# On arch, best seems to be copy your shadow file to a temp location,
# then passwd, get out the new pass, then copy the shadow file back.
-if [[ -e /q/root/shadow/standard ]]; then
- # note, it would be best to have some kind of security on this file
+f=/q/root/shadow/standard
+if s test -e $f; then
ssh root@faiserver tee -a /srv/fai/config/class/DEFAULT.var <<EOF
-ROOTPW='$(cat /q/root/shadow/standard)'
+ROOTPW='$(s cat $f)'
EOF
fi
scp ~/.ssh/id_rsa.pub \
root@faiserver:/srv/fai/config/files/home/ian/.ssh/authorized_keys/GRUB_PC
+# todo: automatically disable faiserver after a period so
+# these files are not exposed.
s scp -r /q/root/luks /q/root/shadow/traci{,-simple} \
root@faiserver:/srv/fai/config/distro-install-common
scp /a/bin/devbyid root@faiserver:/srv/fai/nfsroot/usr/local/bin
-ssh root@faiserver chmod -R a+rX /srv/fai/config/distro-install-common
+ssh root@faiserver bash <<'EOF'
+set -eE -o pipefail
+chmod 644 /srv/fai/config/files/home/ian/.ssh/authorized_keys/GRUB_PC
+chmod -R a+rX /srv/fai/config/distro-install-common
+EOF
demohost)
echo "FAIBASE DEBIAN DESKTOP STABLE" ;;
x2)
- echo "FAIBASE DEBIAN DESKTOP STABLE" ;;
+ echo "FAIBASE DEBIAN DESKTOP STABLE PARTITION_PROMPT" ;;
tp)
- echo "FAIBASE DEBIAN DESKTOP REPARTITION" ;;
+ echo "FAIBASE DEBIAN DESKTOP STABLE PARTITION_PROMPT" ;;
frodo)
echo "FAIBASE DEBIAN DESKTOP STABLE PARTITION_PROMPT" ;;
# faiserver)
# based on unison error, with 8192 from
# sysctl -a | grep fs.inotify.max_user_watches
#http://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux
-echo "fs.inotify.max_user_watches = 1000000" >> $target/etc/sysctl.d/99-sysctl.conf
+
+f=$target/etc/sysctl.d/99-sysctl.conf
+key=fs.inotify.max_user_watches
+if [[ -e $f ]]; then sed -ri "/^\s*$key\s*=/d" $f; fi
+echo "fs.inotify.max_user_watches = 1000000" >> $f
# if we weren't rebooting, you could apply it now with:
# sysctl --system
-echo 'ian ALL=(ALL) NOPASSWD: ALL' >> $target/etc/sudoers
+f=$target/etc/sudoers
+line='ian ALL=(ALL) NOPASSWD: ALL'
+if [[ ! -e $f ]] || ! grep -xF "$line" $f; then
+ echo "$line" >> $f
+fi
dir=/q/p/c/machine_specific/$HOSTNAME/.unison
$ROOTCMD mkdir -p $dir
$ROOTCMD rm -rf /root/.unison
-$ROOTCMD ln -s $dir /root
-$ROOTCMD ln -s /q/p /
+$ROOTCMD ln -sf $dir /root
+$ROOTCMD ln -sf /q/p /
while true; do
$ROOTCMD chown 1000:1000 $dir
# kvm is normally created by some package,
# but unison doesn't like unknown groups, so make it now so initial sync works.
-$ROOTCMD groupadd kvm
+$ROOTCMD groupadd -r kvm || [[ $? == 9 ]]
chmod -R o-rwx $d
d=$target/q/root/luks
mkdir -p $d
- cp /var/lib/fai/config/distro-install-common/host-{tp,demohost} $d
+ cp /var/lib/fai/config/distro-install-common/luks/host-{tp,demohost} $d
chmod -R o-rwx $d
fi
#### begin configuration
-bootn=3
rootn=1
swapn=2
+bootn=3
bios_grubn=4
boot_mib=1500
lastn=$bios_grubn
-hds=()
+hdds=()
ssds=()
cd /sys/block
for disk in [sv]d[a-z]; do
case $(cat $disk/queue/rotational) in
0) ssds+=(/dev/$disk) ;;
- 1) hds+=(/dev/$disk) ;;
+ 1) hdds+=(/dev/$disk) ;;
*) echo "$0: error: unknown /sys/block/$disk/queue/rotational: \
$(cat $disk/queue/rotational)"; exit 1 ;;
esac
if (( ${#ssds[@]} > 0 )); then
short_devs=( ${ssds[@]} )
else
- short_devs=( ${hds[@]} )
+ short_devs=( ${hdds[@]} )
fi
# check if the partitions exist have the right filesystems
bios_grubn=4
# 1.5 x based on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-disk-partitioning-setup-x86.html#sect-custom-partitioning-x86
swap_mib=$(( $(grep ^MemTotal: /proc/meminfo | \
- awk '{print $2}') * 3/(${#devs[@]} * 2 ) / 1024 ))
+ awk '{print $2}') * 3/(${#devs[@]} * 2 ) / 1024 ))
mkdir -p /tmp/fai
shopt -s nullglob
# parted print error output is expected. example:
# Error: /dev/vda: unrecognised disk label
disk_mib=$(( $(parted -m $dev unit MiB print | \
- sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
+ sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
root_end=$(( disk_mib - swap_mib - boot_mib / ${#boot_devs[@]} ))
swap_end=$(( root_end + swap_mib))
mount -o subvolid=0 $first_root_crypt /mnt
# systemd creates subvolumes we want to delete.
s=($(btrfs subvolume list --sort=-path /mnt |
- sed -rn "s#^.*path\s*(root_$DISTRO/\S+)\s*\$#\1#p"))
+ sed -rn "s#^.*path\s*(root_$DISTRO/\S+)\s*\$#\1#p"))
for subvol in ${s[@]}; do btrfs subvolume delete /mnt/$subvol; done
btrfs subvolume set-default 0 /mnt
[[ ! -e /mnt/root_$DISTRO ]] || btrfs subvolume delete /mnt/root_$DISTRO
cd /mnt
for x in q home_$DISTRO root_$DISTRO; do
btrfs subvolume list . | grep "$x$" >/dev/null || btrfs subvolume create $x
- chown root:1000 q
done
+chown root:1000 q
+
+
mkdir -p /mnt/root_$DISTRO/boot
for x in root/a q/a; do
mkdir -p $x
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
$ROOTCMD adduser --disabled-password --gecos ian ian
+
+if [[ ! $ROOTPW ]]; then
+ echo "$0: error: empty \$ROOTPW"
+ exit 1
+fi
+
$ROOTCMD usermod -p "$ROOTPW" ian
if ifclass STABLE; then
fi
-# -i, ignore nonmatching class error, always return 0.
-fcopy -r -M -i /home/ian/.ssh
+# note:
+# fcopy -i = ignore nonmatching class error, always return 0.
+
+f=/target/home/ian/.ssh/authorized_keys
+if [[ ! -L $f || -e $f ]]; then
+ fcopy -r -M /home/ian/.ssh
+fi
/var/lib/fai/config/distro-install-common/end
rm -f /target/etc/apt/sources.list
chroot /target bash <<'EOF'
+set -eE -o pipefail
chown -R 1000:1000 /home/ian/.ssh
chmod -R u=Xrw,og= /home/ian/.ssh
cp -ar /home/ian/.ssh /root
# a single package which is primarily a single binary
$ROOTCMD apt-get -y install unison-gtk/testing
fi
+
+
+
+$ROOTCMD adduser --disabled-password --gecos traci traci
+$ROOTCMD usermod -a -G traci ian
+# reading through the groups that ian is in but traci isn't,
+for g in plugdev audio video cdrom; do
+ $ROOTCMD usermod -a -G $g traci
+done
+
+if ifclass frodo; then
+ $ROOTCMD usermod -p "$(cat /var/lib/fai/config/distro-install-common/shadow/traci-simple)" traci
+fi
for pkg in $deps; do
dpkg -s $pkg &>/dev/null && continue ||:
to_install+=($pkg)
- echo $pkg >> /etc/fai/fai-manually-installed-packages
+ echo $pkg >>/etc/fai/fai-manually-installed-packages
done
if [[ $to_install ]]; then
apt-get -y install ${to_install[@]}
# Setup dhcp server to point to tftp server,
# and depending on the type, setup the tftp server.
-# usage: $0 [TYPE]
+# usage: $0 TYPE
# default distro is the base debian/fedora type. others are fai & arch
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
-action=${1:-default}
+if [[ ! $1 ]]; then
+ echo "$0: error: exptected 1 argument of type"
+fi
+action=$1
arch() {
default
EOF
}
-default() {
+plain-tftp() {
+ # if arch was used before, this additionally needs
+ # the tftp link in /mnt/usb to be changed.
cat <<'EOF'
enable-tftp
tftp-root=/mnt/usb/tftpboot
exit
}
EOF
-v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server
+v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server tcpdump
v /etc/init.d/portmap enable
v /etc/init.d/nfsd enable
-
+# default is 250, but my switch wants a high static address by default,
+# and I don't need that many, so lets just reduce it.
+sed -ri 's/^(.*option limit ).*/\1100/' /etc/config/dhcp
cedit /etc/config/firewall <<'EOF' || /etc/init.d/firewall restart
# port forwarding
option target ACCEPT
option dest_port 63324
+config redirect
+option name frodobittorrent
+option src wan
+option src_dport 63326
+option dest_ip 192.168.1.3
+option dest lan
+
+config rule
+option src wan
+option target ACCEPT
+option dest_port 63326
+
+
+config redirect
+option name treetowlsyncthing
+option src wan
+option src_dport 22000
+option dest_ip 192.168.1.2
+option dest lan
+option proto tcp
+
+config rule
+option src wan
+option target ACCEPT
+option dest_port 22000
+
config redirect
option name bithtpc
option dest_port 443
option proto tcp
-
-config redirect
- option src wan
- option src_dport 80
- option dest lan
- option dest_ip 192.168.1.2
- option proto tcp
-
-config rule
- option src wan
- option target ACCEPT
- option dest_port 80
- option proto tcp
+# not using http server atm, so disable it.
+# config redirect
+# option src wan
+# option src_dport 80
+# option dest lan
+# option dest_ip 192.168.1.2
+# option proto tcp
+
+# config rule
+# option src wan
+# option target ACCEPT
+# option dest_port 80
+# option proto tcp
EOF
cedit /etc/hosts <<EOF || dnsmasq_restart=true
192.168.1.1 wrt
192.168.1.2 treetowl
-192.168.1.3 frodo
+192.168.1.3 frodo faiserver
192.168.1.4 htpc
-192.168.1.5 x2 faiserver
+192.168.1.5 x2
192.168.1.6 testvm
192.168.1.8 tp
72.14.176.105 li
# to fixup existin ips, on the client you can do
# sudo dhclient -r; sudo dhclient <interface-name>
+# default dhcp range is 100-150
dhcp-host=f4:6d:04:02:ee:eb,192.168.1.2,treetowl
dhcp-host=00:26:18:97:bb:16,192.168.1.3,frodo
dhcp-host=10:78:d2:da:29:22,192.168.1.4,htpc
dhcp-host=52:54:00:9c:ef:ad,192.168.1.6,demohost
dhcp-host=52:54:00:56:09:f9,192.168.1.7,faiserver
dhcp-host=80:fa:5b:1c:6e:cf,192.168.1.8,tp
+# this is the ip it picks by default if dhcp fails,
+# so might as well use it.
+# hostname is the name it uses according to telnet
+dhcp-host=b4:75:0e:94:29:ca,192.168.1.251,switch9429ca
# template
iankelling.org / git / automated-distro-installer / commitdiff