X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=wrt-setup;h=1e0d6362befbc4d56a9d1352cbf901f632cb0538;hp=86e82cfd128c78beb2cad792db041b3bb5f07ec0;hb=1b08e82a978c8db76e1ebc67f3b4ae875ba27537;hpb=efcfb463ceda4de1d9953da31a2c0737471e5cf8 diff --git a/wrt-setup b/wrt-setup index 86e82cf..1e0d636 100755 --- a/wrt-setup +++ b/wrt-setup @@ -15,425 +15,69 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR -# ssh - -pmirror() { - # background: upgrading all packages is not recommended because it - # doesn't go into the firmware. build new firmware if you want - # lots of upgrades. - f=(/tmp/opkg-lists/*) - if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then - opkg update - fi -} - -pi() { - for x in "$@"; do - if [[ ! $(opkg list-installed "$x") ]]; then - pmirror - opkg install "$@" - fi - done -} - -v() { - printf "+ %s\n" "$*" - "$@" -} - -cat >/usr/bin/arch-pxe-mount <<'EOFOUTER' -#!/bin/bash -# symlinks are collapsed for nfs mount points, so use a bind mount. -# tried putting this in /etc/config/fstab, -# then doig block mount, it didn't work. This doesn't persist across reboots, -# todo: figure that out -d=/run/archiso/bootmnt -cat > /etc/fstab </dev/null || mount $d -/etc/init.d/nfsd restart -EOFOUTER -chmod +x /usr/bin/arch-pxe-mount - -cat >.profile <<'EOF' -# changing login shell emits spam on ssh single commands & scp - # sed -i 's#/bin/ash$#/bin/bash#' /etc/passwd -#https://dev.openwrt.org/ticket/13852 -[ "$PS1" = "" ] || { - /bin/bash - exit -} -EOF -v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \ - tcpdump openvpn-openssl - - - -sed -ri "s/option[[:space:]]*encryption[[:space:]]*'?none'?/option encryption psk2\n option key pictionary49/" /etc/config/wireless -sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless -v wifi - - -v /etc/init.d/fstab enable ||: - -# rebooting makes mounting work, but comparing lsmod, -# i'm guessing this will too. todo, test it. -# 255 == module already loaded -for mod in scsi_mod sd_mod; do v modprobe $mod || [[ $? == 255 ]]; done - -# for arch pxe. The default settings in the installer expect to find -# the NFS at /run/archiso/bootmnt -mkdir -p /run/archiso/bootmnt - -# todo: at some later time, i found /mnt/usb not mounted, watch to see if -# that is the case after running this or rebooting. -# wiki says safe to do in case of fstab changes: -cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; } -config global automount - option from_fstab 1 - option anon_mount 1 - -config global autoswap - option from_fstab 1 - option anon_swap 1 - -config mount - option target /mnt/usb - option device /dev/sda2 - option fstype ext4 - option options rw,async,noatime,nodiratime - option enabled 1 - option enabled_fsck 0 - -config swap - option device /dev/sda1 - option enabled 1 - -EOF - - - -# exportfs -ra wont cut it when its the same path, but now a bind mount -cedit /etc/exports <<'EOF' || v /etc/init.d/nfsd restart ||: -/mnt/usb 192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check) -# for arch pxe -/run/archiso/bootmnt 192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check) -EOF - - -v /etc/init.d/portmap start -v /etc/init.d/nfsd start -v /etc/init.d/portmap enable -v /etc/init.d/nfsd enable - - - - +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" +x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*} -######### uci example:####### -# # https://wiki.openwrt.org/doc/uci -# wan_index=$(uci show firewall | sed -rn 's/firewall\.@zone\[([0-9])+\]\.name=wan/\1/p') -# wan="firewall.@zone[$wan_index]" -# if [[ $(uci get firewall.@forwarding[0].dest) != $forward_dest ]]; then -# # default is wan -# v uci set firewall.@forwarding[0].dest=$forward_dest -# uci commit firewall -# firewall_restart=true -# fi +usage() { + cat </dev/null +scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin +# relay is built for openwrt 18.06.2, r7676-cddd7b4c77 -# useful: http://wiki.openwrt.org/doc/howto/dhcp.dnsmasq +#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \ -# sometimes /mnt/usb fails, cuz it's just a flash drive, -# so make sure we have this dir or else dnsmasq will fail -# to start. -mkdir -p /mnt/usb/tftpboot -v cedit /etc/dnsmasq.conf <<'EOF' || dnsmasq_restart=true +scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \ + /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} $h: +scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys -############ updating dns servers ###################3 - - -# this says the ip of default gateway and dns server, -# but I think they are unneded and default -#dhcp-option=3,192.168.1.1 -#dhcp-option=6,192.168.1.1 - - - -# results from googling around dnsmasq optimizations -# about 50k in memory. router has 62 megs. -# in a browsing session, I probably won't ever do 5000 lookups -# before the ttl expiration or whatever does expiration. -cache-size=10000 - -# ask all servers, use the one which responds first. -# http://ma.ttwagner.com/make-dns-fly-with-dnsmasq-all-servers/ -all-servers - -# namebench benchmarks dns servers. google's dns was only -# slightly less fast than some others, and I trust it more -# to give accurate results, stay relatively fast, and -# not do anythin too malicious, so just use that. -# download namebench and run it like this: -# for x in all regional isp global preferred nearby; do ./namebench.py -s $x -c US -i firefox -m weighted -J 10 -w; echo $x; hr; done -# google -server=8.8.4.4 -server=8.8.8.8 -server=2001:4860:4860::8888 -server=2001:4860:4860::8844 - - -# to fixup existin ips, on the client you can do -# sudo dhclient -r; sudo dhclient - -# default dhcp range is 100-150 -dhcp-host=f4:6d:04:02:ed:66,set:treetowl,192.168.1.2,treetowl -dhcp-host=00:26:18:97:bb:16,set:frodo,192.168.1.3,frodo -dhcp-host=10:78:d2:da:29:22,set:htpc,192.168.1.4,htpc -dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2 -# this is so fai can have an explicit name to use for testing, -# or else any random machine which did a pxe boot would get -# reformatted. The mac is from doing a virt-install, cancelling it, -# and copying the generated mac, so it should be randomish. -dhcp-host=52:54:00:9c:ef:ad,set:demohost,192.168.1.6,demohost -#dhcp-host=52:54:00:56:09:f9,set:faiserver,192.168.1.7,faiserver -dhcp-host=80:fa:5b:1c:6e:cf,set:tp,192.168.1.8,tp -dhcp-host=c4:43:8f:f2:79:1f,set:n5,192.168.1.9,n5 -# this is the ip it picks by default if dhcp fails, -# so might as well use it. -# hostname is the name it uses according to telnet -dhcp-host=b4:75:0e:94:29:ca,set:switch9429ca,192.168.1.251,switch9429ca - - -# template -# dhcp-host=,192.168.1., - -# Just leave the tftp server up even if we aren't doing pxe boot. -# It has no sensitive info. -enable-tftp=br-lan -tftp-root=/mnt/usb/tftpboot -EOF - -if $dnsmasq_restart; then - v /etc/init.d/dnsmasq restart -fi - -if $firewall_restart; then - v /etc/init.d/firewall restart -fi +ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"