X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=wrt-setup;h=1e0d6362befbc4d56a9d1352cbf901f632cb0538;hp=8023523759fff8e2873b21b48b5afcfb49cc3237;hb=53b932c6f960b7f4a9bd2171cdfd630304f15fd8;hpb=4261ad7e021ec77e7198cf42c3576dad07f12a64

diff --git a/wrt-setup b/wrt-setup
index 8023523..1e0d636 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -1,274 +1,83 @@
 #!/bin/bash
+# Copyright (C) 2016 Ian Kelling
 
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
-
-
-# ssh
-
-pmirror() {
-    # background: upgrading all packages is not recommended because it
-    # doesn't go into the firmware. build new firmware if you want
-    # lots of upgrades.
-    f=(/tmp/opkg-lists/*)
-    f=${f[0]}
-    if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
-        opkg update
-    fi
-}
-
-pi() {
-    for x in "$@"; do
-        if [[ ! $(opkg list-installed "$x") ]]; then
-            pmirror
-            opkg install "$@"
-        fi
-    done
-}
-
-v() {
-    printf "+ %s\n" "$*"
-    "$@"
-}
-
-cat >/usr/bin/arch-pxe-mount <<'EOFOUTER'
-#!/bin/bash
-# symlinks are collapsed for nfs mount points, so use a bind mount.
-# tried putting this in /etc/config/fstab,
-# then doig block mount, it didn't work. This doesn't persist across reboots,
-# todo: figure that out
-d=/run/archiso/bootmnt
-cat > /etc/fstab <<EOF
-/mnt/usb/tftpboot $d none bind 0 0
-EOF
-mount | grep $d &>/dev/null || mount $d
-/etc/init.d/nfsd restart
-EOFOUTER
-chmod +x /usr/bin/arch-pxe-mount
-
-cat >.profile <<'EOF'
-# changing login shell emits spam on ssh single commands & scp
-    # sed -i 's#/bin/ash$#/bin/bash#' /etc/passwd
-#https://dev.openwrt.org/ticket/13852
-[ "$PS1" = "" ] || {
-       /bin/bash
-       exit
-}
-EOF
-v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
-sed -ri "s/option[[:space:]]*encryption[[:space:]]*'?none'?/option encryption psk2\n        option key  pictionary49/" /etc/config/wireless
-sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless
-v wifi
 
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-v /etc/init.d/fstab enable ||:
-
-# rebooting makes mounting work, but comparing lsmod,
-# i'm guessing this will too. todo, test it.
-# 255 == module already loaded
-for mod in scsi_mod sd_mod; do v modprobe $mod || [[ $? == 255 ]]; done
-
-# for arch pxe. The default settings in the installer expect to find
-# the NFS at /run/archiso/bootmnt
-mkdir -p /run/archiso/bootmnt
-
-# todo: at some later time, i found /mnt/usb not mounted, watch to see if
-# that is the case after running this or rebooting.
-# wiki says safe to do in case of fstab changes:
-cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; }
-config global automount
-      option from_fstab 1
-      option anon_mount 1
-
-config global autoswap
-      option from_fstab 1
-      option anon_swap 1
-
-config mount
-      option target	/mnt/usb
-      option device	/dev/sda2
-      option fstype	ext4
-      option options	rw,async,noatime,nodiratime
-      option enabled	1
-      option enabled_fsck 0
-
-config swap
-      option device	/dev/sda1
-      option enabled	1
-
-EOF
-
-
-
- # exportfs -ra won't cut it when its the same path, but now a bind mount
-cedit /etc/exports <<'EOF' || v /etc/init.d/nfsd restart ||:
-/mnt/usb  192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
-# for arch pxe
-/run/archiso/bootmnt	192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
-
-EOF
-
-
-v /etc/init.d/portmap start
-v /etc/init.d/nfsd start
-v /etc/init.d/portmap enable
-v /etc/init.d/nfsd enable
-
-
-
-cedit /etc/config/firewall <<'EOF' || /etc/init.d/firewall restart
-# port forwarding
-config redirect
-option name bittorrent
-option src              wan
-option src_dport        63324
-option dest_ip          192.168.1.2
-option dest             lan
-# making the port open (not sure if this is actually needed)
-config rule
-option src              wan
-option target           ACCEPT
-option dest_port        63324
-
-
-config redirect
-option name bithtpc
-option src              wan
-option src_dport        63325
-option dest_ip          192.168.1.4
-option dest             lan
-
-config rule
-option src              wan
-option target           ACCEPT
-option dest_port        63325
-
-
-config redirect
-option name ssh
-option src              wan
-#uncomment the 2 lines for security of using a non-standard port
-# and comment out the 22 port line
-#   option src_dport        63321
-option src_dport        22
-option dest_ip          192.168.1.2
-option dest             lan
-#   option dest_port        22  # already default
-
-config rule
-option src              wan
-option target           ACCEPT
-option dest_port        22
-
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 
-# for https
-config redirect
-       option src                      wan
-       option src_dport        443
-       option dest                     lan
-       option dest_ip          192.168.1.2
-       option proto            tcp
+x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
 
-config rule
-       option src              wan
-       option target           ACCEPT
-       option dest_port        443
-       option proto            tcp
+usage() {
+  cat <<EOF
+usage: ${0##*/} [-h|--help] [HOST/IP] [wrt-setup-local_ARGS]
+setup my router in general: dhcp, dns, etc.
 
+Default HOST is 10.0.0.1 or 10.2.0.1 if they are the gateway, otherwise
+it must be specified.
 
-config redirect
-       option src                      wan
-       option src_dport        80
-       option dest                     lan
-       option dest_ip          192.168.1.2
-       option proto            tcp
+Note, use -m "''" to send an empty mac arg. When we get a new enough
+bash, we can use ${@@Q} to properly pass an empty var.
 
-config rule
-       option src              wan
-       option target           ACCEPT
-       option dest_port        80
-       option proto            tcp
-EOF
 
+Note, if we dont have internet yet, then just download the bash package,
+scp it over manually and install it, eg:
 
-dnsmasq_restart=false
-cedit /etc/hosts <<EOF || dnsmasq_restart=true
-192.168.1.1 wrt
-192.168.1.2 treetowl
-192.168.1.3 frodo
-192.168.1.4 htpc
-192.168.1.5 x2 faiserver
-192.168.1.6 testvm
-192.168.1.8 tp
-72.14.176.105 li
+cat /etc/opkg/distfeeds.conf
+wget https://librecmc.org/librecmc/downloads/snapshots/v1.5.1-core/packages/mips_24kc/packages/bash_5.0-3_mips_24kc.ipk
+scp bash_5.0-3_mips_24kc.ipk wrt:
+ssh wrt
+opkg install /root/bash_5.0-3_mips_24kc.ipk
 EOF
+  wrt-setup-local -h
+  exit $1
+}
 
 
+case $1 in
+  -h|--help) usage ;;
+  -*) : ;;
+  ?*) h="$1"; shift ;;
+esac
+
+if [[ ! $h ]]; then
+  read -r _ _  gateway _ < <(ip -4 route get 8.8.8.8)
+  case $gateway in
+    10.0.0.1|10.2.0.1)
+      h=root@$gateway
+      ;;
+    *)
+      echo "$0: error: gateway = $gateway and no HOST/IP specified"
+      exit 1
+      ;;
+  esac
+fi
 
-# useful: http://wiki.openwrt.org/doc/howto/dhcp.dnsmasq
-
-cedit /etc/dnsmasq.conf <<'EOF' || dnsmasq_restart=true
-
-############ updating dns servers ###################3
-# download namebench and run it like this:
-# for x in all regional isp global preferred nearby; do ./namebench.py -s $x -c US -i firefox -m weighted -J 10 -w; echo $x; hr;  done
-
-
-# this says the ip of default gateway and dns server,
-# but I think they are unneded and default
-#dhcp-option=3,192.168.1.1
-#dhcp-option=6,192.168.1.1
-
-
-
-# results from googling around dnsmasq optimizations
-# about 50k in memory. router has 62 megs.
-# in a browsing session, I probably won't ever do 5000 lookups
-# before the ttl expiration or whatever does expiration.
-cache-size=10000
-# http://ma.ttwagner.com/make-dns-fly-with-dnsmasq-all-servers/
-all-servers
-# namebench showed 4 servers fairly close ranking:
-# qwest
-server=205.171.3.65
-server=205.171.2.25
-# clearwire anchorage
-server=64.13.115.12
-# comcast spokane
-server=68.87.69.146
-# google
-server=8.8.4.4
-# NTT
-server=129.250.35.250
-# isp servers
-server=75.75.76.76
-server=75.75.75.75
-
-
-
-# to fixup existin ips, on the client you can do
-# sudo dhclient -r; sudo dhclient <interface-name>
-
-dhcp-host=f4:6d:04:02:ee:eb,192.168.1.2,treetowl
-dhcp-host=00:26:18:97:bb:16,192.168.1.3,frodo
-dhcp-host=10:78:d2:da:29:22,192.168.1.4,htpc
-dhcp-host=00:1f:16:16:39:24,192.168.1.5,x2
-# this is so fai can have an explicit name to use for testing,
-# or else any random machine which did a pxe boot would get
-# reformatted. The mac is from doing a virt-install, cancelling it,
-# and copying the generated mac, so it should be randomish.
-dhcp-host=52:54:00:9c:ef:ad,192.168.1.6,demohost
-dhcp-host=52:54:00:56:09:f9,192.168.1.7,faiserver
-dhcp-host=80:fa:5b:1c:6e:cf,192.168.1.8,tp
+echo "$0: h=$h"
+# todo: ecdsa key not working with dropbear
+cat ~/.ssh/{h,hrsa,home}.pub | ssh $h dd of=/etc/dropbear/authorized_keys 2>/dev/null
+scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin
+# relay is built for openwrt 18.06.2, r7676-cddd7b4c77
 
+#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
 
-# template
-# dhcp-host=,192.168.1.,
-EOF
+scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
+     /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} $h:
+scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
 
-if $dnsmasq_restart; then
-    v /etc/init.d/dnsmasq restart
-fi
+ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"