uset system.@system[0].ttylogin 1
+
cat >/usr/bin/archlike-pxe-mount <<'EOFOUTER'
#!/bin/bash
# symlinks are collapsed for nfs mount points, so use a bind mount.
# option config /etc/openvpn/client.conf
# EOF
+wgip4=10.3.0.1/24
+wgip6=fdfd::1/64
+wgport=26000
v cedit /etc/config/network <<EOF || v /etc/init.d/network reload
config 'route' 'transmission'
- option 'interface' 'lan'
- option 'target' '10.173.0.0'
- option 'netmask' '255.255.0.0'
- option 'gateway' '$l.3'
+ option 'interface' 'lan'
+ option 'target' '10.173.0.0'
+ option 'netmask' '255.255.0.0'
+ option 'gateway' '$l.3'
+
+option interface 'wg0'
+ option proto 'wireguard'
+ option private_key '$(cat /root/wg.key)'
+ option listen_port $wgport
+ list addresses '10.3.0.1/24'
+ list addresses 'fdfd::1/64'
+
+# tp
+config wireguard_wg0 'wgclient'
+ option public_key '3q+WJGrm85r59NgeXOIvppxoW4ux/+koSw6Fee1c1TI='
+ option preshared_key '$(cat /root/wg.psk)'
+ list allowed_ips '10.3.0.2/24'
+ list allowed_ips 'fdfd::2/64'
EOF
+
firewall_restart=false
-v cedit /etc/config/firewall <<EOF || firewall_restart=true
+
+firewall-cedit() {
+ v cedit /etc/config/firewall <<EOF
config redirect
option name ssh
option target ACCEPT
option dest_port 2220
+config rule
+ option name wg
+ option src wan
+ option target ACCEPT
+ option dest_port $wgport
+ option proto udp
+
config redirect
option name vpntp
option target ACCEPT
option family ipv6
-
EOF
-
-
+}
+firewall-cedit || firewall_restart=true
+
+if ! uci get firewall.@zone[1].network | grep wg0 &>/dev/null; then
+ # cant mix cedit plus uci
+ echo | cedit /etc/config/firewall ||:
+ uci add_list firewall.@zone[1].network=wg0
+ uci commit firewall
+ firewall-cedit ||:
+ firewall_restart=true
+fi
dnsmasq_restart=false
v cedit /etc/hosts <<EOF || dnsmasq_restart=true
127.0.1.1 $hostname
-$l.1 $hostname
+$l.1 $hostname b8.nz
$l.2 kd faiserver
$l.3 frodo
$l.4 wrt2
$l.5 x2
$l.6 demohost
#$l.7 x3
-$l.8 tp b8.nz
+$l.8 tp
$l.9 bb8
$l.14 wrt3
2600:3c00::f03c:91ff:fe6d:baf8 li