minor nowipe fix

[automated-distro-installer] / wrt-setup-local

diff --git a/wrt-setup-local b/wrt-setup-local
index 642c1935150c17dd756a08740f8ed4d94a5c1f04..b8d36e02b2bd6bd23b29366945db079a939156c3 100755 (executable)
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -212,6 +212,7 @@ cat /root/router >>/etc/shadow
 uset system.@system[0].ttylogin 1
 
 
+
 cat >/usr/bin/archlike-pxe-mount <<'EOFOUTER'
 #!/bin/bash
 # symlinks are collapsed for nfs mount points, so use a bind mount.
@@ -408,18 +409,38 @@ EOF
 #         option config /etc/openvpn/client.conf
 # EOF
 
+wgip4=10.3.0.1/24
+wgip6=fdfd::1/64
+wgport=26000
 
 
 v cedit /etc/config/network <<EOF || v /etc/init.d/network reload
 config 'route' 'transmission'
-        option 'interface' 'lan'
-        option 'target' '10.173.0.0'
-        option 'netmask' '255.255.0.0'
-        option 'gateway' '$l.3'
+ option 'interface' 'lan'
+ option 'target' '10.173.0.0'
+ option 'netmask' '255.255.0.0'
+ option 'gateway' '$l.3'
+
+option interface 'wg0'
+ option proto 'wireguard'
+ option private_key '$(cat /root/wg.key)'
+ option listen_port $wgport
+ list addresses '10.3.0.1/24'
+ list addresses 'fdfd::1/64'
+
+# tp
+config wireguard_wg0 'wgclient'
+ option public_key '3q+WJGrm85r59NgeXOIvppxoW4ux/+koSw6Fee1c1TI='
+ option preshared_key '$(cat /root/wg.psk)'
+ list allowed_ips '10.3.0.2/24'
+ list allowed_ips 'fdfd::2/64'
 EOF
 
+
 firewall_restart=false
-v cedit /etc/config/firewall <<EOF || firewall_restart=true
+
+firewall-cedit() {
+  v cedit /etc/config/firewall <<EOF
 
 config redirect
  option name ssh
@@ -499,6 +520,13 @@ config rule
  option target           ACCEPT
  option dest_port        2220
 
+config rule
+ option name wg
+ option src              wan
+ option target           ACCEPT
+ option dest_port        $wgport
+ option proto            udp
+
 
 config redirect
  option name vpntp
@@ -595,23 +623,31 @@ config rule
  option target ACCEPT
  option family ipv6
 
-
 EOF
-
-
+}
+firewall-cedit || firewall_restart=true
+
+if ! uci get firewall.@zone[1].network | grep wg0 &>/dev/null; then
+  # cant mix cedit plus uci
+  echo | cedit /etc/config/firewall ||:
+  uci add_list firewall.@zone[1].network=wg0
+  uci commit firewall
+  firewall-cedit ||:
+  firewall_restart=true
+fi
 
 
 dnsmasq_restart=false
 v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 127.0.1.1 $hostname
-$l.1 $hostname
+$l.1 $hostname b8.nz
 $l.2 kd faiserver
 $l.3 frodo
 $l.4 wrt2
 $l.5 x2
 $l.6 demohost
 #$l.7 x3
-$l.8 tp b8.nz
+$l.8 tp
 $l.9 bb8
 $l.14 wrt3
 2600:3c00::f03c:91ff:fe6d:baf8 li