iankelling.org Git - automated-distro-installer/blob - wrt-setup

   1 #!/bin/bash
   2
   3 set -eE -o pipefail
   4 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
   5
   6
   7 # ssh
   8
   9 pmirror() {
  10     # background: upgrading all packages is not recommended because it
  11     # doesn't go into the firmware. build new firmware if you want
  12     # lots of upgrades.
  13     f=(/tmp/opkg-lists/*)
  14     f=${f[0]}
  15     if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
  16         opkg update
  17     fi
  18 }
  19
  20 pi() {
  21     for x in "$@"; do
  22         if [[ ! $(opkg list-installed "$x") ]]; then
  23             pmirror
  24             opkg install "$@"
  25         fi
  26     done
  27 }
  28
  29 v() {
  30     printf "+ %s\n" "$*"
  31     "$@"
  32 }
  33
  34 cat >/usr/bin/arch-pxe-mount <<'EOFOUTER'
  35 #!/bin/bash
  36 # symlinks are collapsed for nfs mount points, so use a bind mount.
  37 # tried putting this in /etc/config/fstab,
  38 # then doig block mount, it didn't work. This doesn't persist across reboots,
  39 # todo: figure that out
  40 d=/run/archiso/bootmnt
  41 cat > /etc/fstab <<EOF
  42 /mnt/usb/tftpboot $d none bind 0 0
  43 EOF
  44 mount | grep $d &>/dev/null || mount $d
  45 /etc/init.d/nfsd restart
  46 EOFOUTER
  47 chmod +x /usr/bin/arch-pxe-mount
  48
  49 cat >.profile <<'EOF'
  50 # changing login shell emits spam on ssh single commands & scp
  51     # sed -i 's#/bin/ash$#/bin/bash#' /etc/passwd
  52 #https://dev.openwrt.org/ticket/13852
  53 [ "$PS1" = "" ] || {
  54        /bin/bash
  55        exit
  56 }
  57 EOF
  58 v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server tcpdump
  59
  60
  61
  62 sed -ri "s/option[[:space:]]*encryption[[:space:]]*'?none'?/option encryption psk2\n        option key  pictionary49/" /etc/config/wireless
  63 sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless
  64 v wifi
  65
  66
  67 v /etc/init.d/fstab enable ||:
  68
  69 # rebooting makes mounting work, but comparing lsmod,
  70 # i'm guessing this will too. todo, test it.
  71 # 255 == module already loaded
  72 for mod in scsi_mod sd_mod; do v modprobe $mod || [[ $? == 255 ]]; done
  73
  74 # for arch pxe. The default settings in the installer expect to find
  75 # the NFS at /run/archiso/bootmnt
  76 mkdir -p /run/archiso/bootmnt
  77
  78 # todo: at some later time, i found /mnt/usb not mounted, watch to see if
  79 # that is the case after running this or rebooting.
  80 # wiki says safe to do in case of fstab changes:
  81 cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; }
  82 config global automount
  83       option from_fstab 1
  84       option anon_mount 1
  85
  86 config global autoswap
  87       option from_fstab 1
  88       option anon_swap 1
  89
  90 config mount
  91       option target     /mnt/usb
  92       option device     /dev/sda2
  93       option fstype     ext4
  94       option options    rw,async,noatime,nodiratime
  95       option enabled    1
  96       option enabled_fsck 0
  97
  98 config swap
  99       option device     /dev/sda1
 100       option enabled    1
 101
 102 EOF
 103
 104
 105
 106  # exportfs -ra won't cut it when its the same path, but now a bind mount
 107 cedit /etc/exports <<'EOF' || v /etc/init.d/nfsd restart ||:
 108 /mnt/usb  192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
 109 # for arch pxe
 110 /run/archiso/bootmnt    192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
 111
 112 EOF
 113
 114
 115 v /etc/init.d/portmap start
 116 v /etc/init.d/nfsd start
 117 v /etc/init.d/portmap enable
 118 v /etc/init.d/nfsd enable
 119
 120 # default is 250, but my switch wants a high static address by default,
 121 # and I don't need that many, so lets just reduce it.
 122 sed -ri 's/^(.*option limit ).*/\1100/' /etc/config/dhcp
 123
 124 cedit /etc/config/firewall <<'EOF' || /etc/init.d/firewall restart
 125 # port forwarding
 126 config redirect
 127 option name bittorrent
 128 option src              wan
 129 option src_dport        63324
 130 option dest_ip          192.168.1.2
 131 option dest             lan
 132 # making the port open (not sure if this is actually needed)
 133 config rule
 134 option src              wan
 135 option target           ACCEPT
 136 option dest_port        63324
 137
 138 config redirect
 139 option name frodobittorrent
 140 option src              wan
 141 option src_dport        63326
 142 option dest_ip          192.168.1.3
 143 option dest             lan
 144
 145 config rule
 146 option src              wan
 147 option target           ACCEPT
 148 option dest_port        63326
 149
 150
 151 config redirect
 152 option name treetowlsyncthing
 153 option src              wan
 154 option src_dport        22000
 155 option dest_ip          192.168.1.2
 156 option dest             lan
 157 option proto            tcp
 158
 159 config rule
 160 option src              wan
 161 option target           ACCEPT
 162 option dest_port        22000
 163
 164
 165 config redirect
 166 option name bithtpc
 167 option src              wan
 168 option src_dport        63325
 169 option dest_ip          192.168.1.4
 170 option dest             lan
 171
 172 config rule
 173 option src              wan
 174 option target           ACCEPT
 175 option dest_port        63325
 176
 177
 178 config redirect
 179 option name ssh
 180 option src              wan
 181 #uncomment the 2 lines for security of using a non-standard port
 182 # and comment out the 22 port line
 183 #   option src_dport        63321
 184 option src_dport        22
 185 option dest_ip          192.168.1.2
 186 option dest             lan
 187 #   option dest_port        22  # already default
 188
 189 config rule
 190 option src              wan
 191 option target           ACCEPT
 192 option dest_port        22
 193
 194
 195 # for https
 196 config redirect
 197        option src                      wan
 198        option src_dport        443
 199        option dest                     lan
 200        option dest_ip          192.168.1.2
 201        option proto            tcp
 202
 203 config rule
 204        option src              wan
 205        option target           ACCEPT
 206        option dest_port        443
 207        option proto            tcp
 208
 209 # not using http server atm, so disable it.
 210 # config redirect
 211 #        option src                      wan
 212 #        option src_dport        80
 213 #        option dest                     lan
 214 #        option dest_ip          192.168.1.2
 215 #        option proto            tcp
 216
 217 # config rule
 218 #        option src              wan
 219 #        option target           ACCEPT
 220 #        option dest_port        80
 221 #        option proto            tcp
 222 EOF
 223
 224
 225 dnsmasq_restart=false
 226 cedit /etc/hosts <<EOF || dnsmasq_restart=true
 227 192.168.1.1 wrt
 228 192.168.1.2 treetowl
 229 192.168.1.3 frodo faiserver
 230 192.168.1.4 htpc
 231 192.168.1.5 x2
 232 192.168.1.6 testvm
 233 192.168.1.8 tp
 234 72.14.176.105 li
 235 EOF
 236
 237
 238
 239 # useful: http://wiki.openwrt.org/doc/howto/dhcp.dnsmasq
 240
 241 cedit /etc/dnsmasq.conf <<'EOF' || dnsmasq_restart=true
 242
 243 ############ updating dns servers ###################3
 244 # download namebench and run it like this:
 245 # for x in all regional isp global preferred nearby; do ./namebench.py -s $x -c US -i firefox -m weighted -J 10 -w; echo $x; hr;  done
 246
 247
 248 # this says the ip of default gateway and dns server,
 249 # but I think they are unneded and default
 250 #dhcp-option=3,192.168.1.1
 251 #dhcp-option=6,192.168.1.1
 252
 253
 254
 255 # results from googling around dnsmasq optimizations
 256 # about 50k in memory. router has 62 megs.
 257 # in a browsing session, I probably won't ever do 5000 lookups
 258 # before the ttl expiration or whatever does expiration.
 259 cache-size=10000
 260 # http://ma.ttwagner.com/make-dns-fly-with-dnsmasq-all-servers/
 261 all-servers
 262 # namebench showed 4 servers fairly close ranking:
 263 # qwest
 264 server=205.171.3.65
 265 server=205.171.2.25
 266 # clearwire anchorage
 267 server=64.13.115.12
 268 # comcast spokane
 269 server=68.87.69.146
 270 # google
 271 server=8.8.4.4
 272 # NTT
 273 server=129.250.35.250
 274 # isp servers
 275 server=75.75.76.76
 276 server=75.75.75.75
 277
 278
 279
 280 # to fixup existin ips, on the client you can do
 281 # sudo dhclient -r; sudo dhclient <interface-name>
 282
 283 # default dhcp range is 100-150
 284 dhcp-host=f4:6d:04:02:ee:eb,192.168.1.2,treetowl
 285 dhcp-host=00:26:18:97:bb:16,192.168.1.3,frodo
 286 dhcp-host=10:78:d2:da:29:22,192.168.1.4,htpc
 287 dhcp-host=00:1f:16:16:39:24,192.168.1.5,x2
 288 # this is so fai can have an explicit name to use for testing,
 289 # or else any random machine which did a pxe boot would get
 290 # reformatted. The mac is from doing a virt-install, cancelling it,
 291 # and copying the generated mac, so it should be randomish.
 292 dhcp-host=52:54:00:9c:ef:ad,192.168.1.6,demohost
 293 dhcp-host=52:54:00:56:09:f9,192.168.1.7,faiserver
 294 dhcp-host=80:fa:5b:1c:6e:cf,192.168.1.8,tp
 295 # this is the ip it picks by default if dhcp fails,
 296 # so might as well use it.
 297 # hostname is the name it uses according to telnet
 298 dhcp-host=b4:75:0e:94:29:ca,192.168.1.251,switch9429ca
 299
 300
 301 # template
 302 # dhcp-host=,192.168.1.,
 303 EOF
 304
 305 if $dnsmasq_restart; then
 306     v /etc/init.d/dnsmasq restart
 307 fi