minor improvements and misc changes

diff --git a/README b/README
index 97cf48388af3464d060f459432bdab2aafb5b219..314608189cb8b6d8c455fe4ac33ee705000a0894 100644 (file)
--- a/README
+++ b/README
@@ -130,7 +130,7 @@ export SPECIAL_DISK=/dev/REPLACEMENT_DEV
 
 
 ssh root@HOST
 
 
 ssh root@HOST

-for x in /target/*; do umount $x; done
+for x in /target/* /target; do umount $x; done

 cat >p
 PASSWORD HERE(ctrl-d ctrl-d)
 cd /dev/disk/by-id/
 cat >p
 PASSWORD HERE(ctrl-d ctrl-d)
 cd /dev/disk/by-id/

diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end
index 3948073df0ec311cbc01bc9efe63e52011b3409a..a6bc1137c56721a1eebee75080c4afd22b31188a 100755 (executable)
--- a/fai/config/distro-install-common/end
+++ b/fai/config/distro-install-common/end
@@ -4,8 +4,8 @@ set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 if [[ $EUID != 0 ]]; then
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 if [[ $EUID != 0 ]]; then

-    echo "$0: error: expected to be root."
-    exit 1
+  echo "$0: error: expected to be root."
+  exit 1

 fi
 
 # ssh host keys
 fi
 
 # ssh host keys


@@ -13,37 +13,37 @@ fi
 src=$(dirname "$0")/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh
 dst=$target/etc/ssh
 if [[ -e $src && -e $dst ]]; then
 src=$(dirname "$0")/p/c/machine_specific/$HOSTNAME/filesystem/etc/ssh
 dst=$target/etc/ssh
 if [[ -e $src && -e $dst ]]; then

-    # outside of fai context, we skip this
-    cp -rT $src $dst
+  # outside of fai context, we skip this
+  cp -rT $src $dst

 fi
 
 TPW=/q/root/shadow/traci-simple
 if ifclass tp; then
 fi
 
 TPW=/q/root/shadow/traci-simple
 if ifclass tp; then

-    ROOTPW=/q/root/shadow/standard
-#    ROOTPW="$TPW"
+  ROOTPW=/q/root/shadow/standard
+  #    ROOTPW="$TPW"

 else
 else

-    ROOTPW=/q/root/shadow/standard
+  ROOTPW=/q/root/shadow/standard

 fi
 
 chpw() {
 fi
 
 chpw() {

-    # generating a hashed password:
-    # under debian, you can do
-    # mkpasswd -m sha-512 -s >/q/root/shadow/standard
-    # On arch, best seems to be copy your shadow file to a temp location,
-    # then passwd, get out the new pass, then copy the shadow file back.
-
-    user=$1
-    pwfile=$2
-    if [[ $pwfile && -e $pwfile ]]; then
-        printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e
-    else
-        echo "$0: warning: no pw set for $user" >&2
-    fi
+  # generating a hashed password:
+  # under debian, you can do
+  # mkpasswd -m sha-512 -s >/q/root/shadow/standard
+  # On arch, best seems to be copy your shadow file to a temp location,
+  # then passwd, get out the new pass, then copy the shadow file back.
+
+  user=$1
+  pwfile=$2
+  if [[ $pwfile && -e $pwfile ]]; then
+    printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e
+  else
+    echo "$0: warning: no pw set for $user" >&2
+  fi

 }
 au() { # add user. i don't use adduser for portability
 }
 au() { # add user. i don't use adduser for portability

-    if ! $ROOTCMD getent passwd ${@: -1}; then
-        $ROOTCMD useradd -Um -s /bin/bash $@
-    fi
+  if ! $ROOTCMD getent passwd ${@: -1}; then
+    $ROOTCMD useradd -Um -s /bin/bash $@
+  fi

 }
 
 chpw root "$ROOTPW"
 }
 
 chpw root "$ROOTPW"


@@ -60,18 +60,18 @@ chpw iank "$ROOTPW"
 
 au traci
 if ifclass frodo; then
 
 au traci
 if ifclass frodo; then

-    chpw traci "$TPW"
+  chpw traci "$TPW"

 fi
 # comparing iank's groups to traci, I see none she should join on arch
 $ROOTCMD usermod -a -G traci iank
 
 fi
 # comparing iank's groups to traci, I see none she should join on arch
 $ROOTCMD usermod -a -G traci iank
 

+

 $ROOTCMD getent group docker &>/dev/null || $ROOTCMD groupadd -r docker
 $ROOTCMD usermod -a -G docker iank
 
 # based on unison error, with 8192 from
 # sysctl -a | grep fs.inotify.max_user_watches
 #http://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux
 $ROOTCMD getent group docker &>/dev/null || $ROOTCMD groupadd -r docker
 $ROOTCMD usermod -a -G docker iank
 
 # based on unison error, with 8192 from
 # sysctl -a | grep fs.inotify.max_user_watches
 #http://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux

-

 f=$target/etc/sysctl.d/99-sysctl.conf
 key=fs.inotify.max_user_watches
 if [[ -e $f ]]; then sed -ri --follow-symlinks "/^\s*$key\s*=/d" $f; fi
 f=$target/etc/sysctl.d/99-sysctl.conf
 key=fs.inotify.max_user_watches
 if [[ -e $f ]]; then sed -ri --follow-symlinks "/^\s*$key\s*=/d" $f; fi


@@ -82,22 +82,22 @@ $ROOTCMD sysctl --system
 f=$target/etc/sudoers
 line='iank  ALL=(ALL)  NOPASSWD: ALL'
 if [[ ! -e $f ]] || ! grep -xF "$line" $f; then
 f=$target/etc/sudoers
 line='iank  ALL=(ALL)  NOPASSWD: ALL'
 if [[ ! -e $f ]] || ! grep -xF "$line" $f; then

-    echo "$line" >> $f
+  echo "$line" >> $f

 fi
 
 dir=/p/c/machine_specific/$HOSTNAME/.unison
 $ROOTCMD mkdir -p $dir
 if ! $ROOTCMD test -L /root/.unison; then
 fi
 
 dir=/p/c/machine_specific/$HOSTNAME/.unison
 $ROOTCMD mkdir -p $dir
 if ! $ROOTCMD test -L /root/.unison; then

-    $ROOTCMD rm -rf /root/.unison
-    $ROOTCMD ln -s -T $dir /root/.unison
+  $ROOTCMD rm -rf /root/.unison
+  $ROOTCMD ln -s -T $dir /root/.unison

 fi
 
 $ROOTCMD chown -R 1000:1000 $dir
 while true; do
 fi
 
 $ROOTCMD chown -R 1000:1000 $dir
 while true; do

-    $ROOTCMD chown 1000:1000 $dir
-    $ROOTCMD chmod 700 $dir
-    dir=$(dirname $dir)
-    if [[ $dir == /p ]]; then break; fi
+  $ROOTCMD chown 1000:1000 $dir
+  $ROOTCMD chmod 700 $dir
+  dir=$(dirname $dir)
+  if [[ $dir == /p ]]; then break; fi

 done
 
 au --system -s /bin/false --home-dir /var/lib/bitcoind bitcoin
 done
 
 au --system -s /bin/false --home-dir /var/lib/bitcoind bitcoin

diff --git a/faiserver-setup b/faiserver-setup
index 4742ae1d1ed1948f8a5d183d65a17430e05e5afc..d8489eda2c0a1e31b8998ce6a9c41f25100ca7fd 100755 (executable)
--- a/faiserver-setup
+++ b/faiserver-setup
@@ -21,7 +21,7 @@ x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
 
 usage() {
   cat <<EOF
 
 usage() {
   cat <<EOF

-usage: ${0##*/} [-h|--help] [BASE_CODENAME]
+usage: ${0##*/} [-h|--help] [BASE_CODENAME] [ARCH]

 install fai-server on the current machine
 
 Initial setup of a fai server. works on localhost.  Set's the current ip
 install fai-server on the current machine
 
 Initial setup of a fai server. works on localhost.  Set's the current ip


@@ -29,8 +29,8 @@ as the tftp server. I vaguely remember that using a hostname does not
 work.  Separate from running this, faiserver needs to be setup in dns to
 point to whatever host this is run on.
 
 work.  Separate from running this, faiserver needs to be setup in dns to
 point to whatever host this is run on.
 

-Default BASE_CODENAME is stretch, and it expects corresponding
-$BASEFILE_DIR/${UPCASED_BASE_CODENAME}64.tar.gz to exist, and it must have been
+Default BASE_CODENAME is stretch. Default ARCH is 64. The script expects corresponding
+$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(gz|xz) to exist, and it must have been

 generated around the same time as the nfsroot, at least so it has the
 same kernel version.
 
 generated around the same time as the nfsroot, at least so it has the
 same kernel version.
 


@@ -42,15 +42,21 @@ case $1 in
 esac
 
 
 esac
 
 

-e() { echo "$@"; "$@"; }
+e() { echo "+ $@"; "$@"; }

 
 
 base=${1:-stretch}
 
 
 base=${1:-stretch}

-basefile=$BASEFILE_DIR/${base^^}64.tar.gz
+arch=${2:-64}
+basefile=($BASEFILE_DIR/${base^^}${arch^^}.tar.[gx]z)

 sed="sed -ri --follow-symlinks"
 
 if [[ ! -e $basefile ]]; then
 sed="sed -ri --follow-symlinks"
 
 if [[ ! -e $basefile ]]; then

-  printf "%s\n" "$0: error BASEFILE_DIR=$BASEFILE_DIR  does not exist"
+  printf "%s\n" "$0: error basefile=$basefile  does not exist" >&2
+  exit 1
+fi
+
+if [[ ! -d $BASEFILE_DIR ]]; then
+  printf "%s\n" "$0: error BASEFILE_DIR=$BASEFILE_DIR  does not exist" >&2

   exit 1
 fi
 
   exit 1
 fi
 


@@ -63,35 +69,12 @@ armhf() {
   [[ $(dpkg --print-architecture) == armhf ]]
 }
 
   [[ $(dpkg --print-architecture) == armhf ]]
 }
 

-if armhf; then
-  if apt-cache policy | grep o=Debian,a=testing,n=stretch &>/dev/null; then
-    cat >/etc/apt/sources.list.d/testing.list <<'EOF'
-deb http://http.us.debian.org/debian testing main contrib non-free
-deb-src http://http.us.debian.org/debian testing main contrib non-free
-
-deb http://security.debian.org/ testing/updates main contrib non-free
-deb-src http://security.debian.org/ testing/updates main contrib non-free
-
-deb http://http.us.debian.org/debian testing-updates main contrib non-free
-deb-src http://http.us.debian.org/debian testing-updates main contrib non-free
-EOF
-
-    cat >/etc/apt/preferences.d/fai <<'EOF'
-Package: fai-server fai-client fai-doc
-Pin: release a=testing
-Pin-Priority: 500
-
-Package: *
-Pin: release a=testing
-Pin-Priority: -10
-EOF
-  fi
-elif grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then
+if grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then

   gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
   cat >/etc/apt/sources.list.d/fai.list <<'EOF'
 deb https://fai-project.org/download jessie koeln
 EOF
   gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
   cat >/etc/apt/sources.list.d/fai.list <<'EOF'
 deb https://fai-project.org/download jessie koeln
 EOF

-elif grep -xFq 'VERSION="9 (stretch)"' /etc/os-release || grep -iE 'flidas|xenail' /etc/os-release ; then
+elif grep -iE 'VERSION=.*(stretch|flidas|xenail)' /etc/os-release; then

   # fai on ubuntu only has official support using the universe repo, but newer
   # tends to have less bugs.
   gpg --keyserver hkp://pool.sks-keyservers.net -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
   # fai on ubuntu only has official support using the universe repo, but newer
   # tends to have less bugs.
   gpg --keyserver hkp://pool.sks-keyservers.net -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -


@@ -128,10 +111,10 @@ else
 fi
 
 
 fi
 
 

-apt-get install -y ${pkgs[@]}
+e apt-get install -y ${pkgs[@]}

 # confnew since we edit /etc/fai/NFSROOT in an automated way
 # fai-client is already a fai-server dependency, but make sure it gets upgraded
 # confnew since we edit /etc/fai/NFSROOT in an automated way
 # fai-client is already a fai-server dependency, but make sure it gets upgraded

-apt-get install --no-install-recommends -y -o Dpkg::Options::="--force-confnew" fai-server fai-client
+e apt-get install --no-install-recommends -y -o Dpkg::Options::="--force-confnew" fai-server fai-client

 
 r=http://http.us.debian.org/debian
 # like default, but scrap httpredir, and nonfree.
 
 r=http://http.us.debian.org/debian
 # like default, but scrap httpredir, and nonfree.


@@ -184,6 +167,7 @@ $sed 's/#LOGUSER/LOGUSER/' /etc/fai/fai.conf
 $sed -i '/^LOGUSER=/d' /etc/fai/fai.conf
 $sed -i '/^FAI_FLAGS=/d' /etc/fai/fai.conf
 echo "FAI_FLAGS=verbose" >>/etc/fai/fai.conf
 $sed -i '/^LOGUSER=/d' /etc/fai/fai.conf
 $sed -i '/^FAI_FLAGS=/d' /etc/fai/fai.conf
 echo "FAI_FLAGS=verbose" >>/etc/fai/fai.conf

+# note if this isnt set, the user isnt created

 echo "LOGUSER=fai" >>/etc/fai/fai.conf
 
 # from man fai-make-nfsroot,
 echo "LOGUSER=fai" >>/etc/fai/fai.conf
 
 # from man fai-make-nfsroot,


@@ -200,8 +184,8 @@ fi
 
 if armhf; then
   cd /srv/fai
 
 if armhf; then
   cd /srv/fai

-  rm -rf nfsroot
-  tar Jxf $basefile
+  e rm -rf nfsroot
+  e tar Jxf $basefile

   # background: Can't build the nfsroot on my arm system now.  First,
   # fai-make-nfsroot won't work out of the box. One idea to make it work
   # is by installing qemu-user-static, then copying qemu-x86_64-static
   # background: Can't build the nfsroot on my arm system now.  First,
   # fai-make-nfsroot won't work out of the box. One idea to make it work
   # is by installing qemu-user-static, then copying qemu-x86_64-static


@@ -247,12 +231,12 @@ if armhf; then
 type setup_tftp
 EOF
                               )
 type setup_tftp
 EOF
                               )

-  setup_tftp
+  e setup_tftp

 
   # -g causes skipping set_root_pw() in fai-make-nfsroot, -ag
   # is the only way to make it run without chrooting. the options
   # seem contradictory, but it works.
 
   # -g causes skipping set_root_pw() in fai-make-nfsroot, -ag
   # is the only way to make it run without chrooting. the options
   # seem contradictory, but it works.

-  fai-setup -evag
+  e fai-setup -evag

 
 else # not armhf
   # note, this copies the -B arg to
 
 else # not armhf
   # note, this copies the -B arg to

diff --git a/lk b/lk
index dbe9d2ea7115ac87328d03f770c6435db6068aea..7715fda394945532dd615d1caf66589ab65400fb 100644 (file)
--- a/lk
+++ b/lk
@@ -23,7 +23,12 @@ fai kexec from upstream live cds, i.e. curl|bash
 You can copy this to a http server, then wget -O- url|sudo bash
 curl is sometimes not preinstalled on a live cd.
 
 You can copy this to a http server, then wget -O- url|sudo bash
 curl is sometimes not preinstalled on a live cd.
 

-This has been tested on trisquel belenos and ubuntu xenial & 18.10.
+Alternative to http server:
+1. on install machine nc -l 1234 | sudo bash
+2. On another machine nc INSTALL_MACHINE 1234 <live-kexec
+Obviously beware that anyone on your network could send commands to the install machine.
+
+This has been tested on trisquel 7 & 8 & ubuntu 16.04 & 18.10.

 With 18.10 on an x200, kexec was unreliable, resulting in freezes and
 kernel panics.
 
 With 18.10 on an x200, kexec was unreliable, resulting in freezes and
 kernel panics.
 

diff --git a/pxe-server b/pxe-server
index 3abb1bac0876916751ef25604c2205a25bb47602..c46c72eb34c1141433f9e8c3c177ab448f034d14 100755 (executable)
--- a/pxe-server
+++ b/pxe-server
@@ -22,26 +22,28 @@ x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
 
 usage() {
   cat <<EOF
 
 usage() {
   cat <<EOF

-Usage: ${0##*/} [OPTIONS] [HOST TYPE]
-Configure dnsmasq boot options and fai-chboot if appropriate.
+Usage: ${0##*/} [OPTIONS] [HOST] [TYPE]
+Configure dnsmasq boot options and fai-chboot if appropriate. This is
+not general purpose, it has code specific to dhcp servers I run.

 
 

-Without HOST TYPE, disable  server and fai server.
+Without TYPE, disable  server and fai server. In that case, HOST is only
+needed for fsf office network.

 
 HOST       A hostname known to the dhcp server, or default for all.
 TYPE       One of arch, parabola, plain, fai.
 
 
 HOST       A hostname known to the dhcp server, or default for all.
 TYPE       One of arch, parabola, plain, fai.
 

--d         Don't alter dhcp config. Only make sense for fai type, and on network
-           other than home network.
--r         Don't redeploy fai config. For example, if there is a different host
-           that is mid-install.
-

 -a         Don't setup pxe, just Wait for 2 dhcp acks, then disable the pxe
            server after a delay.  First ack is for pxe boot, 2nd ack is
            for os boot. Sometimes on debian, there is a 3rd one shortly
            after the 2nd. I can't remember exactly why this caused a
            problem, but I'm hoping the sleep will take care of it.
 -a         Don't setup pxe, just Wait for 2 dhcp acks, then disable the pxe
            server after a delay.  First ack is for pxe boot, 2nd ack is
            for os boot. Sometimes on debian, there is a 3rd one shortly
            after the 2nd. I can't remember exactly why this caused a
            problem, but I'm hoping the sleep will take care of it.

--S         sets FAI_ACTION=sysinfo, see myfai-chboot for more info.
+-d         Don't alter dhcp config. Only make sense for fai type, and on network
+           other than home or fsf.

 -k         Pass -k to myfai-chboot.
 -k         Pass -k to myfai-chboot.

+-r         Don't redeploy fai config. For example, if there is a different host
+           that is mid-install.
+
+-S         sets FAI_ACTION=sysinfo, see myfai-chboot for more info.

 -w         Setup pxe, then wait like -a.
 -h|--help  Print help and exit
 
 -w         Setup pxe, then wait like -a.
 -h|--help  Print help and exit
 


@@ -65,16 +67,22 @@ dhcp=true
 redep=true
 acks=2
 wait=false
 redep=true
 acks=2
 wait=false

+fsf=false
+
+case $HOSTNAME in
+  x3|kw) fsf=true ;;
+esac
+

 chboot_args=()
 chboot_args=()

-temp=$(getopt -l help adrSkwh "$@") || usage 1
+temp=$(getopt -l help adkrSwh "$@") || usage 1

 eval set -- "$temp"
 while true; do
   case $1 in
     -a) wait=true; set=false; shift ;;
     -d) dhcp=false; shift ;;
 eval set -- "$temp"
 while true; do
   case $1 in
     -a) wait=true; set=false; shift ;;
     -d) dhcp=false; shift ;;

+    -k) chboot_args+=(-k); shift ;;

     -r) redep=false; shift ;;
     -S) chboot_args+=(-S); shift ;;
     -r) redep=false; shift ;;
     -S) chboot_args+=(-S); shift ;;

-    -k) chboot_args+=(-k); shift ;;

     -w) wait=true; set=true; shift ;;
     -h|--help) usage ;;
     --) shift; break ;;
     -w) wait=true; set=true; shift ;;
     -h|--help) usage ;;
     --) shift; break ;;


@@ -85,7 +93,7 @@ done
 read -r host type <<<"$@"
 
 case $# in
 read -r host type <<<"$@"
 
 case $# in

-  0);;
+  [01]);;

   2)
     case $type in
       arch|parabola) cmd=archlike ;;
   2)
     case $type in
       arch|parabola) cmd=archlike ;;


@@ -98,7 +106,7 @@ case $# in
     esac
     ;;
   *)
     esac
     ;;
   *)

-    echo "$0: error: expected 0 or 2 arguments"
+    echo "$0: error: expected 0-2 arguments"

     echo
     usage 1
     ;;
     echo
     usage 1
     ;;


@@ -145,27 +153,52 @@ EOF
 }
 
 ack-wait() {
 }
 
 ack-wait() {

+  if $fsf; then
+    wait_cmd="ssh tarantula tail -n0 -f /var/log/syslog"
+  else
+    wait_cmd="ssh wrt logread -f"
+  fi

   wait_count=$1
   if [[ $host ]]; then
   wait_count=$1
   if [[ $host ]]; then

+    if $fsf; then
+      host_regex=" $(getent hosts kw | awk '{print $1}' | sed 's/\./\\./g')"
+      else

     host_regex=" $host"
     host_regex=" $host"

+    fi

   fi
   fi

-  regex=".*DHCPACK.*$host_regex$"
+  regex=".*DHCPACK.*$host_regex\b"

   i=0
   while (( i != wait_count )) && read -r line; do
     if [[ $line =~ $regex ]]; then
       i=$((i+1))
       echo $line
     fi
   i=0
   while (( i != wait_count )) && read -r line; do
     if [[ $line =~ $regex ]]; then
       i=$((i+1))
       echo $line
     fi

-  done < <(ssh wrt logread -f)
+  done < <($wait_cmd ||:) # tail returns 2 it seems

   e sleep 20
 }
 
 set-pxe() {
   $dhcp || return 0
   e sleep 20
 }
 
 set-pxe() {
   $dhcp || return 0

-  echo "$0: updating dnsmasq.conf:"
-  $cmd
-  ${cmd:-:}|ssh wrt "cedit pxe /etc/dnsmasq.conf || /etc/init.d/dnsmasq restart
+  if $fsf; then
+    if [[ ! $cmd ]]; then
+      echo "$0: removing pxe for $host on tarantula"
+      ssh tarantula bash -e <<EOF
+sed -ri 's/^( *host +$host *\{).*/\1/' /etc/dhcp3/dhcpd.conf
+/etc/init.d/dhcp3-server restart
+EOF
+    elif [[ $cmd == fai ]]; then
+      echo "$0: adding pxe for $host on tarantula"
+      ssh tarantula bash -e <<EOF
+sed -ri 's/^( *host +$host *\{).*/\1 next-server faiserver.office.fsf.org; filename "pxelinux.0";/' /etc/dhcp3/dhcpd.conf
+/etc/init.d/dhcp3-server restart
+EOF
+    fi
+  else
+    echo "$0: updating dnsmasq.conf:"
+    $cmd
+    ${cmd:-:}|ssh wrt "cedit pxe /etc/dnsmasq.conf || /etc/init.d/dnsmasq restart

 $([[ $type == arch || $type == parabola ]] && echo archlike-pxe-mount)"
 $([[ $type == arch || $type == parabola ]] && echo archlike-pxe-mount)"

+  fi

 }
 
 
 }
 
 

diff --git a/wrt-disabled-firewall-rules b/wrt-disabled-firewall-rules
index 29c80daf4a57b1f901e2a89e1e3012efa685ca2f..b2cfdf08a0df08a21ac92dd309f35855f719ecf2 100644 (file)
--- a/wrt-disabled-firewall-rules
+++ b/wrt-disabled-firewall-rules
@@ -20,16 +20,6 @@ config rule
     option target           ACCEPT
     option dest_port        63324
 
     option target           ACCEPT
     option dest_port        63324
 

-config redirect
-    option name frodobittorrent
-    option src              vpn
-    option src_dport        63326
-    option dest_ip          192.168.1.3
-    option dest             lan
-config rule
-    option src              vpn
-    option target           ACCEPT
-    option dest_port        63326

 
 
 config redirect
 
 
 config redirect

diff --git a/wrt-setup b/wrt-setup
index 3e71ef5099816bcdc45dd6b76785008ce0ea5819..e9d620efb2e800187f5a02aef36dbdf86c799a4f 100755 (executable)
--- a/wrt-setup
+++ b/wrt-setup
@@ -23,7 +23,7 @@ x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
 
 usage() {
   cat <<EOF
 
 usage() {
   cat <<EOF

-usage: ${0##*/} [-h|--help] [-d|--dev2] [HOST/IP]
+usage: ${0##*/} [-h|--help] [-2|--dev2] [HOST/IP]

 setup my router in general: dhcp, dns, etc.
 
 dev2 is for setting up a second device for testing etc.
 setup my router in general: dhcp, dns, etc.
 
 dev2 is for setting up a second device for testing etc.


@@ -55,7 +55,8 @@ fi
 cat ~/.ssh/home.pub | ssh $h dd of=/etc/dropbear/authorized_keys 2>/dev/null
 scp /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin
 # build for openwrt 18.06.2, r7676-cddd7b4c77
 cat ~/.ssh/home.pub | ssh $h dd of=/etc/dropbear/authorized_keys 2>/dev/null
 scp /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin
 # build for openwrt 18.06.2, r7676-cddd7b4c77

-scp /a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk $h:
+sudo scp /q/root/shadow/router \
+     /a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk $h:

 ssh $h <<EOF
 if ! opkg list-installed|grep bash; then
     opkg update
 ssh $h <<EOF
 if ! opkg list-installed|grep bash; then
     opkg update

diff --git a/wrt-setup-local b/wrt-setup-local
index ddf78d6f64a08db91db0a97f2f99b8c8cfdb7692..f465da5a75ceef8e8da54932133943a5c4c1dbb1 100755 (executable)
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -47,12 +47,40 @@ v() {
   "$@"
 }
 
   "$@"
 }
 

+######### uci example:#######
+# # https://wiki.openwrt.org/doc/uci
+# wan_index=$(uci show firewall | sed -rn 's/firewall\.@zone\[([0-9])+\]\.name=wan/\1/p')
+# wan="firewall.@zone[$wan_index]"
+# if [[ $(uci get firewall.@forwarding[0].dest) != $forward_dest ]]; then
+#     # default is wan
+#     v uci set firewall.@forwarding[0].dest=$forward_dest
+#     uci commit firewall
+#     firewall_restart=true
+# fi
+####### end uci example #####
+
+uset() {
+  local key="$1"
+  local val="$2"
+  local service="${key%%.*}"
+  restart_var=${service}_restart
+  if [[ ! ${!restart_var} ]]; then
+    eval $restart_var=false
+  fi
+  if [[ $(uci get "$key") != "$val" ]]; then
+    v uci set "$key"="$val"
+    uci commit $service
+    eval $restart_var=true
+  fi
+}
+
+

 ### network config
 ###
 ssid="check out gnu.org"
 lan=10.0.0.0
 if $dev2; then
 ### network config
 ###
 ssid="check out gnu.org"
 lan=10.0.0.0
 if $dev2; then

-  ssid="test1"
+  ssid="gnuv3"

   lan=10.1.0.0
 fi
 mask=255.255.0.0
   lan=10.1.0.0
 fi
 mask=255.255.0.0


@@ -60,6 +88,14 @@ l=${lan%.0}
 
 passwd -l root ||: #already locked fails
 
 
 passwd -l root ||: #already locked fails
 

+sed -ibak '/^root:/d' /etc/shadow
+# /root/router created by manually running passwd then copying the resulting
+# line. We have no mkpasswd on wrt/librecmc, then we scp it in.
+cat /root/router >>/etc/shadow
+# otherwise, serial console gets root login with no password
+uset system.@system[0].ttylogin 1
+
+

 cat >/usr/bin/archlike-pxe-mount <<'EOFOUTER'
 #!/bin/bash
 # symlinks are collapsed for nfs mount points, so use a bind mount.
 cat >/usr/bin/archlike-pxe-mount <<'EOFOUTER'
 #!/bin/bash
 # symlinks are collapsed for nfs mount points, so use a bind mount.


@@ -154,32 +190,6 @@ EOF
 
 
 
 
 
 

-######### uci example:#######
-# # https://wiki.openwrt.org/doc/uci
-# wan_index=$(uci show firewall | sed -rn 's/firewall\.@zone\[([0-9])+\]\.name=wan/\1/p')
-# wan="firewall.@zone[$wan_index]"
-# if [[ $(uci get firewall.@forwarding[0].dest) != $forward_dest ]]; then
-#     # default is wan
-#     v uci set firewall.@forwarding[0].dest=$forward_dest
-#     uci commit firewall
-#     firewall_restart=true
-# fi
-
-
-uset() {
-  local key="$1"
-  local val="$2"
-  local service="${key%%.*}"
-  restart_var=${service}_restart
-  if [[ ! ${!restart_var} ]]; then
-    eval $restart_var=false
-  fi
-  if [[ $(uci get "$key") != "$val" ]]; then
-    v uci set "$key"="$val"
-    uci commit $service
-    eval $restart_var=true
-  fi
-}

 
 uset dropbear.@dropbear[0].PasswordAuth 0
 uset dropbear.@dropbear[0].RootPasswordAuth 0
 
 uset dropbear.@dropbear[0].PasswordAuth 0
 uset dropbear.@dropbear[0].RootPasswordAuth 0


@@ -236,6 +246,8 @@ EOF
 
 firewall_restart=false
 v cedit /etc/config/firewall <<EOF || firewall_restart=true
 
 firewall_restart=false
 v cedit /etc/config/firewall <<EOF || firewall_restart=true

+
+

 config redirect
     option name ssh
     option src              wan
 config redirect
     option name ssh
     option src              wan


@@ -330,7 +342,8 @@ $l.4 htpc
 $l.5 x2
 $l.6 demohost
 $l.7 x3
 $l.5 x2
 $l.6 demohost
 $l.7 x3

-$l.8 tp faiserver b8.nz
+$l.8 tp b8.nz faiserver
+$l.9 bb8

 72.14.176.105 li
 
 # netns creation looks for next free subnet starting at 10.173, but I only
 72.14.176.105 li
 
 # netns creation looks for next free subnet starting at 10.173, but I only