m() { printf "%s\n" "$*"; "$@"; }
+source $FAI/distro-install-common/bash-misc-functions
fcopy -riB /root
# that a non-root user can disrupt the system, eg cause a reboot.
sed -i '$a kernel.sysrq=1
/^kernel.sysrq=/d' /etc/sysctl.conf
-
EOFOUTER
cmdline_extra="$d16_cmdline $fsf_cmdline_extra"
# and with rd.luks.crypttab=no, it works.
cmdline="rd.luks.crypttab=no net.ifnames=0 $cmdline_extra"
-chroot $FAI_ROOT bash <<EOF
-set -x
-set -eE -o pipefail
-# https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
-
-sed -ri 's/(^GRUB_CMDLINE_LINUX_DEFAULT=")quiet/\1/;s/^(GRUB_CMDLINE_LINUX_DEFAULT=".*) quiet([ "])/\1\2/' /etc/default/grub
-sed -ri 's/(^GRUB_CMDLINE_LINUX_DEFAULT=")splash/\1/;s/^(GRUB_CMDLINE_LINUX_DEFAULT=".*) splash([ "])/\1\2/' /etc/default/grub
-
-for arg in $cmdline; do
- if ! grep "^GRUB_CMDLINE_LINUX_DEFAULT=.*[\" ]\${arg//./\\.}[\" ]" /etc/default/grub; then
- sed -ri "s/^GRUB_CMDLINE_LINUX_DEFAULT=\"(.*)/GRUB_CMDLINE_LINUX_DEFAULT=\"\$arg \1/" /etc/default/grub
- fi
-done
-
-if grep -qF "$cmdline" /etc/default/grub; then
- # already set things, exit
- exit 0
-fi
-
-# required to show vga grub on d16, at least for t11
-echo GRUB_TERMINAL=console >>/etc/default/grub
+u /etc/default/grub.d/iank.cfg <<'EOF'
+# note: in git history, you can see code that modified the existing
+# GRUB_CMDLINE_LINUX_DEFAULT. That was being cautious in case something
+# else modified it, but experience has shown nothing else modifying it.
-sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
-sed -ri 's/^ *GRUB_TIMEOUT_STYLE=.*/GRUB_TIMEOUT_STYLE=menu/' /etc/default/grub
-sed -ri 's/^ *GRUB_TIMEOUT=.*/GRUB_TIMEOUT=6/' /etc/default/grub
+GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"
+GRUB_TERMINAL=console
# on xenial, no grub is displayed at all. fix that.
-# found just by noticing this in the config file, and a
-# warning about it in error.log
-sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
-
-if type -P update-grub2 &>/dev/null; then
- update-grub2
-else
- update-grub
-fi
-
+# found just by noticing a warning about it in error.log
+GRUB_HIDDEN_TIMEOUT=
+GRUB_TIMEOUT_STYLE=menu
+GRUB_TIMEOUT=4
+# grub tries to detect error in booting and then wait longer with this entry.
+# but that detection doesn't work for us because we have btrfs /boot, and so it flags
+# failure always.
+GRUB_RECORDFAIL_TIMEOUT=4
EOF
+if $ur; then
+ $ROOTCMD update-grub
+fi
# I prefer to stick with ifup/down or networkmanager: networkd is not in its
# own package, so cant use in other init systems. b. it works fine.
#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
rsync /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
- /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/{ptr,dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h:
+ /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} \
+ /p/c/{ptr,dnsmasq,cmc-firewall}-data /p/c/cmc-firewall-data-http /b/bash-bear-trap/bash-bear $h:
rsync ../openwrtkeyring/usign/* $h:/etc/opkg/keys
ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
{
# shellcheck source=/p/c/cmc-firewall-data
. /root/cmc-firewall-data
+ # sets $http_ip
+ # shellcheck source=/p/c/cmc-firewall-data-http
+ . /root/cmc-firewall-data-http
cat <<EOF
+config redirect
+ option name http
+ option src wan
+ option src_dport 80
+ option dest lan
+ option dest_ip $l.$http_ip
+ option proto tcp
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 80
+ option proto tcp
+
+config redirect
+ option name https
+ option src wan
+ option src_dport 443
+ option dest lan
+ option dest_ip $l.$http_ip
+ option proto tcp
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 443
+ option proto tcp
+
+
## begin no external dns for ziva
config rule
option src lan
# option target ACCEPT
# option dest_port 8000
-config redirect
- option name http
- option src wan
- option src_dport 80
- option dest lan
- option dest_ip $l.3
- option proto tcp
-config rule
- option src wan
- option target ACCEPT
- option dest_port 80
- option proto tcp
-
-config redirect
- option name https
- option src wan
- option src_dport 443
- option dest lan
- option dest_ip $l.3
- option proto tcp
-config rule
- option src wan
- option target ACCEPT
- option dest_port 443
- option proto tcp
# config redirect
# option name httpskd8448
iankelling.org / git / automated-distro-installer / commitdiff