X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=wrt-setup;h=1a03ad3a787c8a1eab9281944b5faa236b8fdd95;hp=ab2e5c53739b1f43e8aaa99520ff64410e1ee081;hb=ac4e0089e245c96a388b8fcdd92fc05da3399694;hpb=34839ddd0fbddfe203a3aa5b3387186a273e31df

diff --git a/wrt-setup b/wrt-setup
index ab2e5c5..1a03ad3 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -15,382 +15,36 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
+
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
+x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
 
-pmirror() {
-    # background: upgrading all packages is not recommended because it
-    # doesn't go into the firmware. build new firmware if you want
-    # lots of upgrades.
-    f=(/tmp/opkg-lists/*)
-    if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
-        opkg update
-    fi
-}
-
-pi() {
-    for x in "$@"; do
-        if [[ ! $(opkg list-installed "$x") ]]; then
-            pmirror
-            opkg install "$@"
-        fi
-    done
-}
-
-v() {
-    printf "+ %s\n" "$*"
-    "$@"
-}
-
-cat >/usr/bin/arch-pxe-mount <<'EOFOUTER'
-#!/bin/bash
-# symlinks are collapsed for nfs mount points, so use a bind mount.
-# tried putting this in /etc/config/fstab,
-# then doig block mount, it didn't work. This doesn't persist across reboots,
-# todo: figure that out
-d=/run/archiso/bootmnt
-cat > /etc/fstab <<EOF
-/mnt/usb/tftpboot $d none bind 0 0
+usage() {
+  cat <<EOF
+usage: ${0##*/} [-h|--help] [HOST/IP]
+setup my router in general: dhcp, dns, etc.
 EOF
-mount | grep $d &>/dev/null || mount $d
-/etc/init.d/nfsd restart
-EOFOUTER
-chmod +x /usr/bin/arch-pxe-mount
-
-cat >.profile <<'EOF'
-# changing login shell emits spam on ssh single commands & scp
-    # sed -i 's#/bin/ash$#/bin/bash#' /etc/passwd
-#https://dev.openwrt.org/ticket/13852
-[ "$PS1" = "" ] || {
-       /bin/bash
-       exit
+  exit $1
 }
-EOF
-v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \
-  tcpdump openvpn-openssl
-
-
-
-sed -ri "s/option[[:space:]]*encryption[[:space:]]*'?none'?/option encryption psk2\n        option key  pictionary49/" /etc/config/wireless
-sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless
-v wifi
-
-
-v /etc/init.d/fstab enable ||:
-
-# rebooting makes mounting work, but comparing lsmod,
-# i'm guessing this will too. todo, test it.
-# 255 == module already loaded
-for mod in scsi_mod sd_mod; do v modprobe $mod || [[ $? == 255 ]]; done
-
-# for arch pxe. The default settings in the installer expect to find
-# the NFS at /run/archiso/bootmnt
-mkdir -p /run/archiso/bootmnt
-
-# todo: at some later time, i found /mnt/usb not mounted, watch to see if
-# that is the case after running this or rebooting.
-# wiki says safe to do in case of fstab changes:
-
-## ian: commented and replaced with just an echo
-## since usb port seems to be busted.
-echo | cedit /etc/config/fstab ||:
-# cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; }
-# config global automount
-#       option from_fstab 1
-#       option anon_mount 1
-
-# config global autoswap
-#       option from_fstab 1
-#       option anon_swap 1
-
-# config mount
-#       option target	/mnt/usb
-#       option device	/dev/sda2
-#       option fstype	ext2
-#       option options	rw,async,noatime,nodiratime
-#       option enabled	1
-#       option enabled_fsck 0
-
-# config swap
-#       option device	/dev/sda1
-#       option enabled	1
-
-# EOF
-
-
-
-# exportfs -ra wont cut it when its the same path, but now a bind mount
-cedit /etc/exports <<'EOF' || v /etc/init.d/nfsd restart ||:
-/mnt/usb  192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
-# for arch pxe
-/run/archiso/bootmnt	192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
-EOF
-
-
-v /etc/init.d/portmap start
-v /etc/init.d/nfsd start
-v /etc/init.d/portmap enable
-v /etc/init.d/nfsd enable
-
-
-
-
-
-
-######### uci example:#######
-# # https://wiki.openwrt.org/doc/uci
-# wan_index=$(uci show firewall | sed -rn 's/firewall\.@zone\[([0-9])+\]\.name=wan/\1/p')
-# wan="firewall.@zone[$wan_index]"
-# if [[ $(uci get firewall.@forwarding[0].dest) != $forward_dest ]]; then
-#     # default is wan
-#     v uci set firewall.@forwarding[0].dest=$forward_dest
-#     uci commit firewall
-#     firewall_restart=true
-# fi
-
-
-
-########## openvpn exampl
-########## missing firewall settings for routing lan
-########## traffic
-# v /etc/init.d/openvpn start
-# v /etc/init.d/openvpn enable
-
-# # from https://wiki.openwrt.org/doc/uci/firewall
-# # todo: not sure if /etc/init.d/network needs restarting.
-# # I did, and I had to restart the vpn afterwards.
-# # This maps a uci interface to a real interface which is
-# # managed outside of uci.
-# v cedit /etc/config/network <<'EOF' ||:
-# config interface 'tun0'
-#         option ifname 'tun0'
-#         option proto 'none'
-# EOF
-# v cedit /etc/config/openvpn <<'EOF' || v /etc/init.d/openvpn restart
-# config openvpn my_client_config
-#         option enabled 1
-#         option config /etc/openvpn/client.conf
-# EOF
-
-
-v cedit /etc/config/network <<'EOF' || v /etc/init.d/network reload
-config 'route' 'transmission'
-        option 'interface' 'lan'
-        option 'target' '10.173.0.0'
-        option 'netmask' '255.255.0.0'
-        option 'gateway' '192.168.1.3'
-EOF
-
-v cedit /etc/config/firewall <<'EOF' || firewall_restart=true
-config redirect
-    option name ssh
-    option src              wan
-    option src_dport        22
-    option dest_ip          192.168.1.8
-    option dest             lan
-config rule
-    option src              wan
-    option target           ACCEPT
-    option dest_port        22
-
-config redirect
-    option name sshalt
-    option src              wan
-    option src_dport        2222
-    option dest_port        22
-    option dest_ip          192.168.1.3
-    option dest             lan
-config rule
-    option src              wan
-    option target           ACCEPT
-    option dest_port        2222
-
-config redirect
-    option src              wan
-    option src_dport        443
-    option dest             lan
-    option dest_ip          192.168.1.8
-    option proto            tcp
-config rule
-    option src              wan
-    option target           ACCEPT
-    option dest_port        443
-    option proto            tcp
-
-config redirect
-    option src              wan
-    option src_dport        1196
-    option dest             lan
-    option dest_ip          192.168.1.8
-    option proto            udp
-config rule
-    option src              wan
-    option target           ACCEPT
-    option dest_port        1196
-    option proto            udp
-
-
-config redirect
-    option src              wan
-    option src_dport        80
-    option dest             lan
-    option dest_ip          192.168.1.8
-    option proto            tcp
-config rule
-    option src              wan
-    option target           ACCEPT
-    option dest_port        80
-    option proto            tcp
-
-config redirect
-    option name syncthing
-    option src              wan
-    option src_dport        22001
-    option dest_ip          192.168.1.8
-    option dest             lan
-config rule
-    option src              wan
-    option target           ACCEPT
-    option dest_port        22001
-
 
+h=root@10.0.0.1
 
-EOF
-
-
-
-
-dnsmasq_restart=false
-mail_host=$(grep -F mail.iankelling.org /etc/hosts | awk '{print $1}')
-v cedit /etc/hosts <<EOF || dnsmasq_restart=true
-127.0.1.1 wrt
-192.168.1.1 wrt
-192.168.1.2 treetowl
-192.168.1.3 frodo
-192.168.1.4 htpc
-192.168.1.5 x2
-192.168.1.6 demohost
-#192.168.1.7 faiserver
-192.168.1.8 tp faiserver b8.nz
-192.168.1.9 n5
-192.168.1.10 so
-192.168.1.12 fz
-72.14.176.105 li
-45.33.9.11 lj
-138.68.10.24 dopub
-# netns creation looks for next free subnet starting at 10.173, but I only
-# use one, and I would keep this one as the first created.
-10.173.0.2 transmission
-EOF
-
-# if [[ $mail_host ]]; then
-#     sed -i '/^$mail_host/a mail.iankelling.org' /etc/hosts
-# fi
-
-
-# avoid using the dns servers that my isp tells me about.
-if [[ $(uci get dhcp.@dnsmasq[0].resolvfile) ]]; then
-    # default is '/tmp/resolv.conf.auto', we switch to the dnsmasq default of
-    # /etc/resolv.conf. not sure why I did this.
-    v uci delete dhcp.@dnsmasq[0].resolvfile
-    uci commit dhcp
-    dnsmasq_restart=true
+if [[ $1 ]]; then
+  case $1 in
+    -h|--help) usage ;;
+    *) h=root@$1 ;;
+  esac
 fi
 
-if [[ $(uci get dhcp.@dnsmasq[0].domain) != b8.nz ]]; then
-    v uci set dhcp.@dnsmasq[0].domain=b8.nz
-    uci commit dhcp
-    dnsmasq_restart=true
-fi
-if [[ $(uci get dhcp.@dnsmasq[0].local) != b8.nz ]]; then
-    v uci set dhcp.@dnsmasq[0].local=/b8.nz/
-    uci commit dhcp
-    dnsmasq_restart=true
-fi
 
-if [[ $(uci get system.@system[0].hostname) != wrt ]]; then
-    v uci set system.@system[0].hostname=wrt
-    uci commit system
+scp /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin
+ssh $h <<EOF
+if ! opkg list-installed|grep bash; then
+    opkg update
+    opkg install bash
 fi
-
-
-# useful: http://wiki.openwrt.org/doc/howto/dhcp.dnsmasq
-
-# sometimes /mnt/usb fails, cuz it's just a flash drive,
-# so make sure we have this dir or else dnsmasq will fail
-# to start.
-mkdir -p /mnt/usb/tftpboot
-v cedit /etc/dnsmasq.conf <<'EOF' || dnsmasq_restart=true
-
-# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
-stop-dns-rebind
-
-# this says the ip of default gateway and dns server,
-# but I think they are unneded and default
-#dhcp-option=3,192.168.1.1
-#dhcp-option=6,192.168.1.1
-
-
-
-# results from googling around dnsmasq optimizations
-# about 50k in memory. router has 62 megs.
-# in a browsing session, I probably won't ever do 5000 lookups
-# before the ttl expiration or whatever does expiration.
-cache-size=10000
-
-# ask all servers, use the one which responds first.
-# http://ma.ttwagner.com/make-dns-fly-with-dnsmasq-all-servers/
-all-servers
-
-# namebench benchmarks dns servers. google's dns was only
-# slightly less fast than some others, and I trust it more
-# to give accurate results, stay relatively fast, and
-# not do anythin too malicious, so just use that.
-# download namebench and run it like this:
-# for x in all regional isp global preferred nearby; do ./namebench.py -s $x -c US -i firefox -m weighted -J 10 -w; echo $x; hr;  done
-# google
-server=8.8.4.4
-server=8.8.8.8
-server=2001:4860:4860::8888
-server=2001:4860:4860::8844
-
-
-# to fixup existin ips, on the client you can do
-# sudo dhclient -r; sudo dhclient <interface-name>
-
-# default dhcp range is 100-150
-dhcp-host=f4:6d:04:02:ed:66,set:treetowl,192.168.1.2,treetowl
-dhcp-host=00:26:18:97:bb:16,set:frodo,192.168.1.3,frodo
-dhcp-host=10:78:d2:da:29:22,set:htpc,192.168.1.4,htpc
-dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2
-#dhcp-host=00:c0:ca:27:e9:b2,set:kww,192.168.1.11,x2w
-#wireless interface
-# this is so fai can have an explicit name to use for testing,
-# or else any random machine which did a pxe boot would get
-# reformatted. The mac is from doing a virt-install, cancelling it,
-# and copying the generated mac, so it should be randomish.
-dhcp-host=52:54:00:9c:ef:ad,set:demohost,192.168.1.6,demohost
-#dhcp-host=52:54:00:56:09:f9,set:faiserver,192.168.1.7,faiserver
-dhcp-host=80:fa:5b:1c:6e:cf,set:tp,192.168.1.8,tp
-# this is the ip it picks by default if dhcp fails,
-# so might as well use it.
-# hostname is the name it uses according to telnet
-dhcp-host=b4:75:0e:94:29:ca,set:switch9429ca,192.168.1.251,switch9429ca
-
-# template
-# dhcp-host=,192.168.1.,
-
-# Just leave the tftp server up even if we aren't doing pxe boot.
-# It has no sensitive info.
-enable-tftp=br-lan
-tftp-root=/mnt/usb/tftpboot
+export HOME_DOMAIN=$HOME_DOMAIN
+wrt-setup-local
 EOF
-
-if $dnsmasq_restart; then
-    v /etc/init.d/dnsmasq restart
-fi
-
-if $firewall_restart; then
-    v /etc/init.d/firewall restart
-fi