iankelling.org Git - automated-distro-installer/blob - wrt-setup

   1 #!/bin/bash
   2
   3 set -eE -o pipefail
   4 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
   5
   6
   7 # ssh
   8
   9 pmirror() {
  10     # background: upgrading all packages is not recommended because it
  11     # doesn't go into the firmware. build new firmware if you want
  12     # lots of upgrades.
  13     f=(/tmp/opkg-lists/*)
  14     f=${f[0]}
  15     if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
  16         opkg update
  17     fi
  18 }
  19
  20 pi() {
  21     for x in "$@"; do
  22         if [[ ! $(opkg list-installed "$x") ]]; then
  23             pmirror
  24             opkg install "$@"
  25         fi
  26     done
  27 }
  28
  29 v() {
  30     printf "+ %s\n" "$*"
  31     "$@"
  32 }
  33
  34 cat >/usr/bin/arch-pxe-mount <<'EOFOUTER'
  35 #!/bin/bash
  36 # symlinks are collapsed for nfs mount points, so use a bind mount.
  37 # tried putting this in /etc/config/fstab,
  38 # then doig block mount, it didn't work. This doesn't persist across reboots,
  39 # todo: figure that out
  40 d=/run/archiso/bootmnt
  41 cat > /etc/fstab <<EOF
  42 /mnt/usb/tftpboot $d none bind 0 0
  43 EOF
  44 mount | grep $d &>/dev/null || mount $d
  45 /etc/init.d/nfsd restart
  46 EOFOUTER
  47 chmod +x /usr/bin/arch-pxe-mount
  48
  49 cat >.profile <<'EOF'
  50 # changing login shell emits spam on ssh single commands & scp
  51     # sed -i 's#/bin/ash$#/bin/bash#' /etc/passwd
  52 #https://dev.openwrt.org/ticket/13852
  53 [ "$PS1" = "" ] || {
  54        /bin/bash
  55        exit
  56 }
  57 EOF
  58 v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server tcpdump
  59
  60
  61
  62 sed -ri "s/option[[:space:]]*encryption[[:space:]]*'?none'?/option encryption psk2\n        option key  pictionary49/" /etc/config/wireless
  63 sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless
  64 v wifi
  65
  66
  67 v /etc/init.d/fstab enable ||:
  68
  69 # rebooting makes mounting work, but comparing lsmod,
  70 # i'm guessing this will too. todo, test it.
  71 # 255 == module already loaded
  72 for mod in scsi_mod sd_mod; do v modprobe $mod || [[ $? == 255 ]]; done
  73
  74 # for arch pxe. The default settings in the installer expect to find
  75 # the NFS at /run/archiso/bootmnt
  76 mkdir -p /run/archiso/bootmnt
  77
  78 # todo: at some later time, i found /mnt/usb not mounted, watch to see if
  79 # that is the case after running this or rebooting.
  80 # wiki says safe to do in case of fstab changes:
  81 cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; }
  82 config global automount
  83       option from_fstab 1
  84       option anon_mount 1
  85
  86 config global autoswap
  87       option from_fstab 1
  88       option anon_swap 1
  89
  90 config mount
  91       option target     /mnt/usb
  92       option device     /dev/sda2
  93       option fstype     ext4
  94       option options    rw,async,noatime,nodiratime
  95       option enabled    1
  96       option enabled_fsck 0
  97
  98 config swap
  99       option device     /dev/sda1
 100       option enabled    1
 101
 102 EOF
 103
 104
 105
 106  # exportfs -ra won't cut it when its the same path, but now a bind mount
 107 cedit /etc/exports <<'EOF' || v /etc/init.d/nfsd restart ||:
 108 /mnt/usb  192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
 109 # for arch pxe
 110 /run/archiso/bootmnt    192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
 111
 112 EOF
 113
 114
 115 v /etc/init.d/portmap start
 116 v /etc/init.d/nfsd start
 117 v /etc/init.d/portmap enable
 118 v /etc/init.d/nfsd enable
 119
 120 # default is 250, but my switch wants a high static address by default,
 121 # and I don't need that many, so lets just reduce it.
 122 sed -ri 's/^(.*option limit ).*/\1100/' /etc/config/dhcp
 123
 124 cedit /etc/config/firewall <<'EOF' || /etc/init.d/firewall restart
 125 # port forwarding
 126 config redirect
 127 option name bittorrent
 128 option src              wan
 129 option src_dport        63324
 130 option dest_ip          192.168.1.2
 131 option dest             lan
 132 # making the port open (not sure if this is actually needed)
 133 config rule
 134 option src              wan
 135 option target           ACCEPT
 136 option dest_port        63324
 137
 138 config redirect
 139 option name frodobittorrent
 140 option src              wan
 141 option src_dport        63326
 142 option dest_ip          192.168.1.3
 143 option dest             lan
 144
 145 config rule
 146 option src              wan
 147 option target           ACCEPT
 148 option dest_port        63326
 149
 150
 151 config redirect
 152 option name treetowlsyncthing
 153 option src              wan
 154 option src_dport        22000
 155 option dest_ip          192.168.1.2
 156 option dest             lan
 157 option proto            tcp
 158
 159 config rule
 160 option src              wan
 161 option target           ACCEPT
 162 option dest_port        22000
 163
 164
 165 config redirect
 166 option name bithtpc
 167 option src              wan
 168 option src_dport        63325
 169 option dest_ip          192.168.1.4
 170 option dest             lan
 171
 172 config rule
 173 option src              wan
 174 option target           ACCEPT
 175 option dest_port        63325
 176
 177
 178 config redirect
 179 option name ssh
 180 option src              wan
 181 #uncomment the 2 lines for security of using a non-standard port
 182 # and comment out the 22 port line
 183 #   option src_dport        63321
 184 option src_dport        22
 185 option dest_ip          192.168.1.2
 186 option dest             lan
 187 #   option dest_port        22  # already default
 188
 189 config rule
 190 option src              wan
 191 option target           ACCEPT
 192 option dest_port        22
 193
 194
 195 # for https
 196 config redirect
 197        option src                      wan
 198        option src_dport        443
 199        option dest                     lan
 200        option dest_ip          192.168.1.2
 201        option proto            tcp
 202
 203 config rule
 204        option src              wan
 205        option target           ACCEPT
 206        option dest_port        443
 207        option proto            tcp
 208
 209 # not using http server atm, so disable it.
 210 # config redirect
 211 #        option src                      wan
 212 #        option src_dport        80
 213 #        option dest                     lan
 214 #        option dest_ip          192.168.1.2
 215 #        option proto            tcp
 216
 217 # config rule
 218 #        option src              wan
 219 #        option target           ACCEPT
 220 #        option dest_port        80
 221 #        option proto            tcp
 222 EOF
 223
 224
 225 dnsmasq_restart=false
 226 cedit /etc/hosts <<EOF || dnsmasq_restart=true
 227 192.168.1.1 wrt
 228 192.168.1.2 treetowl faiserver
 229 192.168.1.3 frodo
 230 192.168.1.4 htpc
 231 192.168.1.5 x2
 232 192.168.1.6 testvm
 233 192.168.1.8 tp
 234 72.14.176.105 li
 235 173.255.202.210 lj
 236 23.239.31.172 lk
 237 EOF
 238
 239
 240
 241 # useful: http://wiki.openwrt.org/doc/howto/dhcp.dnsmasq
 242
 243 cedit /etc/dnsmasq.conf <<'EOF' || dnsmasq_restart=true
 244
 245 ############ updating dns servers ###################3
 246 # download namebench and run it like this:
 247 # for x in all regional isp global preferred nearby; do ./namebench.py -s $x -c US -i firefox -m weighted -J 10 -w; echo $x; hr;  done
 248
 249
 250 # this says the ip of default gateway and dns server,
 251 # but I think they are unneded and default
 252 #dhcp-option=3,192.168.1.1
 253 #dhcp-option=6,192.168.1.1
 254
 255
 256
 257 # results from googling around dnsmasq optimizations
 258 # about 50k in memory. router has 62 megs.
 259 # in a browsing session, I probably won't ever do 5000 lookups
 260 # before the ttl expiration or whatever does expiration.
 261 cache-size=10000
 262 # ask all servers, use the one which responds first.
 263 # http://ma.ttwagner.com/make-dns-fly-with-dnsmasq-all-servers/
 264 all-servers
 265 # namebench showed 4 servers fairly close ranking.
 266 # qwest
 267 #server=205.171.3.65
 268 #server=205.171.2.25
 269 # clearwire anchorage
 270 #server=64.13.115.12
 271 # comcast spokane
 272 #server=68.87.69.146
 273 # google
 274 server=8.8.4.4
 275 server=8.8.8.8
 276 # NTT
 277 #server=129.250.35.250
 278 # isp servers
 279 #server=75.75.76.76
 280 #server=75.75.75.75
 281
 282
 283
 284 # to fixup existin ips, on the client you can do
 285 # sudo dhclient -r; sudo dhclient <interface-name>
 286
 287 # default dhcp range is 100-150
 288 dhcp-host=f4:6d:04:02:ed:66,set:treetowl,192.168.1.2,treetowl
 289 dhcp-host=00:26:18:97:bb:16,set:frodo,192.168.1.3,frodo
 290 dhcp-host=10:78:d2:da:29:22,set:htpc,192.168.1.4,htpc
 291 dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2
 292 # this is so fai can have an explicit name to use for testing,
 293 # or else any random machine which did a pxe boot would get
 294 # reformatted. The mac is from doing a virt-install, cancelling it,
 295 # and copying the generated mac, so it should be randomish.
 296 dhcp-host=52:54:00:9c:ef:ad,set:demohost,192.168.1.6,demohost
 297 dhcp-host=52:54:00:56:09:f9,set:faiserver,192.168.1.7,faiserver
 298 dhcp-host=80:fa:5b:1c:6e:cf,set:tp,192.168.1.8,tp
 299 # this is the ip it picks by default if dhcp fails,
 300 # so might as well use it.
 301 # hostname is the name it uses according to telnet
 302 dhcp-host=b4:75:0e:94:29:ca,set:switch9429ca,192.168.1.251,switch9429ca
 303
 304
 305 # template
 306 # dhcp-host=,192.168.1.,
 307
 308 # Just leave the tftp server up even if we aren't doing pxe boot.
 309 # It has no sensitive info.
 310 enable-tftp
 311 tftp-root=/mnt/usb/tftpboot
 312 EOF
 313
 314 if $dnsmasq_restart; then
 315     v /etc/init.d/dnsmasq restart
 316 fi