iankelling.org / git / automated-distro-installer / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add wrt and fai server setup scripts
[automated-distro-installer] / wrt-setup
1 #!/bin/bash
2
3 set -eE -o pipefail
4 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
5
6
7 # ssh
8
9 pmirror() {
10 # background: upgrading all packages is not recommended because it
11 # doesn't go into the firmware. build new firmware if you want
12 # lots of upgrades.
13 f=(/tmp/opkg-lists/*)
14 f=${f[0]}
15 if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
16 opkg update
17 fi
18 }
19
20 pi() {
21 for x in "$@"; do
22 if [[ ! $(opkg list-installed "$x") ]]; then
23 pmirror
24 opkg install "$@"
25 fi
26 done
27 }
28
29 v() {
30 printf "+ %s\n" "$*"
31 "$@"
32 }
33
34 cat >/usr/bin/arch-pxe-mount <<'EOFOUTER'
35 #!/bin/bash
36 # symlinks are collapsed for nfs mount points, so use a bind mount.
37 # tried putting this in /etc/config/fstab,
38 # then doig block mount, it didn't work. This doesn't persist across reboots,
39 # todo: figure that out
40 d=/run/archiso/bootmnt
41 cat > /etc/fstab <<EOF
42 /mnt/usb/tftpboot $d none bind 0 0
43 EOF
44 mount | grep $d &>/dev/null || mount $d
45 /etc/init.d/nfsd restart
46 EOFOUTER
47 chmod +x /usr/bin/arch-pxe-mount
48
49 cat >.profile <<'EOF'
50 # changing login shell emits spam on ssh single commands & scp
51 # sed -i 's#/bin/ash$#/bin/bash#' /etc/passwd
52 #https://dev.openwrt.org/ticket/13852
53 [ "$PS1" = "" ] || {
54 /bin/bash
55 exit
56 }
57 EOF
58 v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server
59
60
61
62 sed -ri "s/option[[:space:]]*encryption[[:space:]]*'?none'?/option encryption psk2\n option key pictionary49/" /etc/config/wireless
63 sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless
64 v wifi
65
66
67 v /etc/init.d/fstab enable ||:
68
69 # rebooting makes mounting work, but comparing lsmod,
70 # i'm guessing this will too. todo, test it.
71 # 255 == module already loaded
72 for mod in scsi_mod sd_mod; do v modprobe $mod || [[ $? == 255 ]]; done
73
74 # for arch pxe. The default settings in the installer expect to find
75 # the NFS at /run/archiso/bootmnt
76 mkdir -p /run/archiso/bootmnt
77
78 # todo: at some later time, i found /mnt/usb not mounted, watch to see if
79 # that is the case after running this or rebooting.
80 # wiki says safe to do in case of fstab changes:
81 cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; }
82 config global automount
83 option from_fstab 1
84 option anon_mount 1
85
86 config global autoswap
87 option from_fstab 1
88 option anon_swap 1
89
90 config mount
91 option target /mnt/usb
92 option device /dev/sda2
93 option fstype ext4
94 option options rw,async,noatime,nodiratime
95 option enabled 1
96 option enabled_fsck 0
97
98 config swap
99 option device /dev/sda1
100 option enabled 1
101
102 EOF
103
104
105
106 # exportfs -ra won't cut it when its the same path, but now a bind mount
107 cedit /etc/exports <<'EOF' || v /etc/init.d/nfsd restart ||:
108 /mnt/usb 192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
109 # for arch pxe
110 /run/archiso/bootmnt 192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
111
112 EOF
113
114
115 v /etc/init.d/portmap start
116 v /etc/init.d/nfsd start
117 v /etc/init.d/portmap enable
118 v /etc/init.d/nfsd enable
119
120
121
122 cedit /etc/config/firewall <<'EOF' || /etc/init.d/firewall restart
123 # port forwarding
124 config redirect
125 option name bittorrent
126 option src wan
127 option src_dport 63324
128 option dest_ip 192.168.1.2
129 option dest lan
130 # making the port open (not sure if this is actually needed)
131 config rule
132 option src wan
133 option target ACCEPT
134 option dest_port 63324
135
136
137 config redirect
138 option name bithtpc
139 option src wan
140 option src_dport 63325
141 option dest_ip 192.168.1.4
142 option dest lan
143
144 config rule
145 option src wan
146 option target ACCEPT
147 option dest_port 63325
148
149
150 config redirect
151 option name ssh
152 option src wan
153 #uncomment the 2 lines for security of using a non-standard port
154 # and comment out the 22 port line
155 # option src_dport 63321
156 option src_dport 22
157 option dest_ip 192.168.1.2
158 option dest lan
159 # option dest_port 22 # already default
160
161 config rule
162 option src wan
163 option target ACCEPT
164 option dest_port 22
165
166
167 # for https
168 config redirect
169 option src wan
170 option src_dport 443
171 option dest lan
172 option dest_ip 192.168.1.2
173 option proto tcp
174
175 config rule
176 option src wan
177 option target ACCEPT
178 option dest_port 443
179 option proto tcp
180
181
182 config redirect
183 option src wan
184 option src_dport 80
185 option dest lan
186 option dest_ip 192.168.1.2
187 option proto tcp
188
189 config rule
190 option src wan
191 option target ACCEPT
192 option dest_port 80
193 option proto tcp
194 EOF
195
196
197 dnsmasq_restart=false
198 cedit /etc/hosts <<EOF || dnsmasq_restart=true
199 192.168.1.1 wrt
200 192.168.1.2 treetowl
201 192.168.1.3 frodo
202 192.168.1.4 htpc
203 192.168.1.5 x2
204 192.168.1.6 testvm
205 192.168.1.7 faiserver
206 72.14.176.105 li
207 EOF
208
209
210
211 # useful: http://wiki.openwrt.org/doc/howto/dhcp.dnsmasq
212
213 cedit /etc/dnsmasq.conf <<'EOF' || dnsmasq_restart=true
214
215 ############ updating dns servers ###################3
216 # download namebench and run it like this:
217 # for x in all regional isp global preferred nearby; do ./namebench.py -s $x -c US -i firefox -m weighted -J 10 -w; echo $x; hr; done
218
219
220 # this says the ip of default gateway and dns server,
221 # but I think they are unneded and default
222 #dhcp-option=3,192.168.1.1
223 #dhcp-option=6,192.168.1.1
224
225
226
227 # results from googling around dnsmasq optimizations
228 # about 50k in memory. router has 62 megs.
229 # in a browsing session, I probably won't ever do 5000 lookups
230 # before the ttl expiration or whatever does expiration.
231 cache-size=10000
232 # http://ma.ttwagner.com/make-dns-fly-with-dnsmasq-all-servers/
233 all-servers
234 # namebench showed 4 servers fairly close ranking:
235 # qwest
236 server=205.171.3.65
237 server=205.171.2.25
238 # clearwire anchorage
239 server=64.13.115.12
240 # comcast spokane
241 server=68.87.69.146
242 # google
243 server=8.8.4.4
244 # NTT
245 server=129.250.35.250
246 # isp servers
247 server=75.75.76.76
248 server=75.75.75.75
249
250
251
252 # to fixup existin ips, on the client you can do
253 # sudo dhclient -r; sudo dhclient <interface-name>
254
255 dhcp-host=f4:6d:04:02:ee:eb,192.168.1.2,treetowl
256 dhcp-host=00:26:18:97:bb:16,192.168.1.3,frodo
257 dhcp-host=10:78:d2:da:29:22,192.168.1.4,htpc
258 dhcp-host=00:1f:16:16:39:24,192.168.1.5,x2
259 # this is so fai can have an explicit name to use for testing,
260 # or else any random machine which did a pxe boot would get
261 # reformatted. The mac is from doing a virt-install, cancelling it,
262 # and copying the generated mac, so it should be randomish.
263 dhcp-host=52:54:00:9c:ef:ad,192.168.1.6,demohost
264 dhcp-host=52:54:00:56:09:f9,192.168.1.7,faiserver
265 dhcp-host=80:fa:5b:1c:6e:cf,192.168.1.8,tp
266
267
268 # template
269 # dhcp-host=,192.168.1.,
270 EOF
271
272 if $dnsmasq_restart; then
273 v /etc/init.d/dnsmasq restart
274 fi
PXE install w multi-boot, btrfs & Libreboot support