intentional reboots, but not after shutdown or power loss.
Normal install mode for fai is using pxe, but on a libreboot system,
-there is no pxe. The pxe in a normal computer is nonfree firmware. What
-I've done instead:
+there is no pxe. The pxe in a normal computer is nonfree
+firmware. Alternatives to normal pxe that I've tried:
+
+* libreboot + seabios + ipxe
* Use a live cd to call pxe-kexec, this is described later in this file.
* Use the fai autodiscover iso. This is more automated, so nicer.
* Use an install method above to setup a gnu/linux disk partition that
- acts like a pxe boot using kexec, but it takes a bit longer. This is
+ coordinates with libreboot grub to acts like a pxe boot using
+ kexec. The boot process takes a bit longer than normal pxe. This is
the bootstrap partition in my scripts.
Things I haven't tried:
-* There is iPXE, which requires standard bios functions, which can be
- provided by seabios, which can be a libreboot payload.
-
* The bios chip has enough room for an initrd. This could be setup to
work like the partition I use to kexec, but it would be faster, and
not require installing to disk.
faiserver-setup # install fai-server on the current machine
myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec
pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot
-wrt-setup-remote # setup my router in general: dhcp, dns, etc.
+wrt-setup # setup my router in general: dhcp, dns, etc.
# Script to do a distro install
reboot
-# dirinstall
-
-host=kw
-distro=trisquel
-t=/dev/shm/t
-myfai-chboot default
-sudo sed -i 's/^LOGUSER=/#LOGUSER=/' /etc/fai/fai.conf
-# config umount required after a failed run, proc umount always required
-sudo umount /var/lib/fai/config ||: ; sudo umount -R $t/proc ||:
-fai-redep faiserver $distro
-sudo rm -rf $t ; mkdir $t; time sudo LANG= fai -N -u $host dirinstall $t
-
-# cleanup:
-sudo sed -i 's/^#LOGUSER=/LOGUSER=/' /etc/fai/fai.conf
-sudo umount -R $t/proc
-
-
-# Turning a dirinstall into a basefile. taken from mk-basefile
-
-sudo chroot $t apt-get clean
-sudo rm -f $t/etc/hostname $t/etc/resolv.conf \
- $t/var/lib/apt/lists/*_* $t/usr/bin/qemu-*-static \
- $t/etc/udev/rules.d/70-persistent-net.rules
-echo | sudo dd of=$t/etc/machine-id
-sudo tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/FLIDAS64X.tar.gz
-
-
# License
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# WARNING: outdated! needs docs and update to debian-stretch
+
x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
usage: ${0##*/} [-h|--help] [HOST] [DISTRO]
Deploy fai config (the one in nfs) to HOST or default faiserver
Specify DISTRO for setting up DESKTOP packages.
+
+Note: uses paths specific to authors machine.
EOF
exit $1
}
ssh root@$faiserver_host dd of=/srv/fai/config/package_config/DESKTOP 2>/dev/null ||: # broken pipe
-# built BELENOS basefile with mk-basefile -J BELENOS64. it's stored in
-# it's own repo which is published alongside this one called
-# fai-basefiles due to being a large binary file.
-
-declare -A sums
-while read -r sum file; do
- sums[$file]=$sum
-done < <(cat /a/bin/fai-basefiles/md5sums.txt)
-
-{ timeout 2 curl -s http://fai-project.org/download/basefiles/md5sums.txt ||:; } |
- while read -r sum file; do
- if [[ ${sums[$file]} && ${sums[$file]} != $sum ]]; then
- echo "${0##*/}: WARNING!!!!!!!!! NEW UPSTREAM BASEFILE: $file"
- fi
- done
rsync -r --delete /a/bin/fai-basefiles/basefiles root@$faiserver_host:/srv/fai/config
ssh root@$faiserver_host bash <<'EOF'
set -eE -o pipefail
systemctl restart tftpd-hpa
chmod 644 /srv/fai/config/files/root/.ssh/authorized_keys/GRUB_PC
chmod -R a+rX /srv/fai/config/distro-install-common
-# this basefile has tar acls bug, so I'm using my own
-# local one for now.
-#cd /srv/fai/config/basefiles
-#u=http://fai-project.org/download/basefiles/XENIAL64.tar.xz
-#wget -nv -N $u
changed=false
f=/srv/fai/nfsroot/root/.ssh/known_hosts
usage() {
- cat <<EOF
+ cat <<EOF
# Usage: ${0##*/} [OPTIONS]
Setup fai or arch pxe (depending on $0 name)
then start a virtual machine to test the config
Note: Uses GNU getopt options parsing style
EOF
- exit $1
+ exit $1
}
orig_args=("$@")
temp=$(getopt -l help dnprh "$@") || usage 1
eval set -- "$temp"
while true; do
- case $1 in
- -d) dhcp_arg=-d; shift ;;
- -n) new_disk=true; shift ;;
- -p) pxe=true; shift ;;
- -r) reboot_arg=--noreboot; shift ;;
- -h|--help) usage ;;
- --) shift; break ;;
- *) echo "$0: Internal error!" ; exit 1 ;;
- esac
+ case $1 in
+ -d) dhcp_arg=-d; shift ;;
+ -n) new_disk=true; shift ;;
+ -p) pxe=true; shift ;;
+ -r) reboot_arg=--noreboot; shift ;;
+ -h|--help) usage ;;
+ --) shift; break ;;
+ *) echo "$0: Internal error!" ; exit 1 ;;
+ esac
done
if [[ $script_dir == /a/bin/* ]]; then
- # Copy our script elsewhere so we can develop it
- # and save it at the same time it's running
- rm -rf /tmp/faifreeze
- cp -ar /a/bin/fai /tmp/faifreeze
- exec /tmp/faifreeze/${BASH_SOURCE##*/} "${orig_args[@]}"
+ # Copy our script elsewhere so we can develop it
+ # and save it at the same time it's running
+ rm -rf /tmp/faifreeze
+ cp -ar /a/bin/fai /tmp/faifreeze
+ exec /tmp/faifreeze/${BASH_SOURCE##*/} "${orig_args[@]}"
fi
cd $script_dir
is_arch_revm() {
- [[ ${0##*/} == arch-revm ]]
+ [[ ${0##*/} == arch-revm ]]
}
cleanup() {
- echo "doing cleanup"
- e ./pxe-server $dhcp_arg
- ./faiserver-disable
+ echo "doing cleanup"
+ e ./pxe-server $dhcp_arg
+ ./faiserver-disable
}
_errcatch_cleanup=cleanup
boot_arg=--pxe
if is_arch_revm; then
- e ./pxe-server $dhcp_arg demohost arch
- sleep 2
- # via osinfo-query os. guessing arch is closest to latest fedora.
- variant=fedora22
+ e ./pxe-server $dhcp_arg demohost arch
+ sleep 2
+ # via osinfo-query os. guessing arch is closest to latest fedora.
+ variant=fedora22
else
if $pxe; then
e ./pxe-server $dhcp_arg demohost fai
sleep 2
- else
- boot_arg="--cdrom /a/bin/fai-basefiles/autodiscover.iso"
- e fai-redep
- e myfai-chboot default
-fi
- # I don't think these variants actually make a diff for us, but I
- # use the appropriate one when trying a new distro just in case.
- variant=ubuntu14.04
- #variant=ubuntu16.04
- #variant=debian8
+ else
+ fai-monitor&
+ boot_arg="--cdrom /a/bin/fai-basefiles/autodiscover.iso"
+ e fai-redep
+ e myfai-chboot default
+ fi
+ # I don't think these variants actually make a diff for us, but I
+ # use the appropriate one when trying a new distro just in case.
+ variant=ubuntu14.04
+ #variant=ubuntu16.04
+ #variant=debian8
fi
name=demohost
disk_arg=()
for ((i=1; i <= disk_count; i++)); do
- f=/var/lib/libvirt/images/${name}$i
- disk_arg+=("--disk path=$f")
- if $new_disk || [[ ! -e $f ]]; then
- s rm -f $f
- e s qemu-img create -o preallocation=metadata -f qcow2 $f 50G
- fi
+ f=/var/lib/libvirt/images/${name}$i
+ disk_arg+=("--disk path=$f")
+ if $new_disk || [[ ! -e $f ]]; then
+ s rm -f $f
+ e s qemu-img create -o preallocation=metadata -f qcow2 $f 50G
+ fi
done
if [[ $SSH_CLIENT ]]; then
- console_arg=--noautoconsole
+ console_arg=--noautoconsole
fi
# docker makes forward default to drop, which blocks the vm pxe on flidas. easiest solution:
#
# uniq is to stop gtk-warning spam
# e s virt-install --os-variant $variant -n $name --pxe -r 2048 --vcpus 1 \
-# ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
-# --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
+ # ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
+ # --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
e s virt-install --os-variant $variant -n $name $boot_arg -r 2048 --vcpus 1 \
if [[ $SSH_CLIENT ]]; then
- fg
+ fg
fi
sleep 30
while ! timeout -s 9 10 ssh -oBatchMode=yes root@$name /bin/true; do
- e sleep 5
+ e sleep 5
done
unset _errcatch_cleanup
e pxe-server
if is_arch_revm; then
- ./arch-init-remote $name
+ ./arch-init-remote $name
fi
cleanup-deb() {
+ if [[ $cmd ]]; then
+ if [[ -e $cmd ]]; then
+ cp "$cmd" $xtmp/tmp
+ chroot $xtmp "/tmp/$cmd"
+ else
+ chroot $xtmp $cmd
+ fi
+ fi
chroot $xtmp apt-get clean
rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \
$xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \
-z Use gzip for compressing the tar file.
-J Use xz for compressing the tar file.
-k Keep the temporary subtree structure, do not remove it.
+ -x CMD Run CMD in chroot. If CMD exists as a file, copy it and run it.
+ Debian based only
-h Print help.
Usage example: mk-basefile -J STRETCH64
zip=cat
attributes=
cleanup=1
+cmd=
-while getopts ashzJd:kf: opt ; do
+while getopts ashzJd:kf:x: opt ; do
case "$opt" in
a) attributes="--xattrs --selinux --acl" ;;
d) export TMPDIR=$OPTARG ;;
k) cleanup=0 ;;
h) usage ;;
s) prtdists ; exit 0;;
+ x) cmd="$OPTARG" ;;
?) exit 3 ;; # error in option parsing
esac
done
# Debian stable basefile gets built by faisetup and gets used otherwise.
# With X suffix, means it has gone through the dirinstall process and has eXtra
# things installed, to speed up installation.
-# STRETCH64, XENIAL64, BELENOS64, FLIDAS64, FLIDAS64X
+# STRETCH64, XENIAL64, BELENOS64, FLIDAS64, FLIDAS64BIG
#
# The distro subvol name, we can add as many of these as we want:
# VOL_TESTING, VOL_STRETCH, VOL_XENIAL, VOL_BELENOS, VOL_FLIDAS, VOL_STRETCH_BOOTSTRAP
echo "$0: warning: no pw set for $user" >&2
fi
}
-au() { # add user
+au() { # add user. i don't use adduser for portability
if ! $ROOTCMD getent passwd ${@: -1}; then
- $ROOTCMD useradd -m -s /bin/bash $@
+ $ROOTCMD useradd -Um -s /bin/bash $@
fi
}
#!/bin/bash
-# exit for any vm which is not our test vm
-if ifclass VM && ! ifclass demohost || ifclass VOL_STRETCH_BOOTSTRAP; then
+# exit for any vm except demohost, or if we are doing a dirinstall
+if ifclass VM && ! ifclass demohost || ifclass VOL_STRETCH_BOOTSTRAP || [[ ! $FAI_ACTION || $FAI_ACTION = dirinstall ]]; then
exit 0
fi
-PACKAGES install-norec DEBIAN UBUNTU
+PACKAGES install DEBIAN UBUNTU
apt-transport-https
fai-client
debconf-utils
if [[ $FAI_ACTION != dirinstall ]]; then
+
+ cat >$FAI_ROOT/etc/grub.d/40_custom <<'EOF'
+# https://www.coreboot.org/Serial_console
+# but removed unneeded stuff
+
+serial --speed=115200
+terminal_input --append serial
+terminal_output --append serial
+EOF
+
chroot $FAI_ROOT bash <<'EOF'
# https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
# it suggests not having plymouth-theme-ubuntu-text, but
This assumes you've set the dhcp server to make 52:54:00:56:09:f9 be
faiserver. That mac is a randomly generated one in the libvirt range.
+
+WARNING: has hardcoded IP and name for for my local lan
EOF
exit $1
}
esac
cleanup() { pxe-server :; }
-./debian-pxe-preseed -i 192.168.1.1 -u ian -g vda
+./debian-pxe-preseed -i 10.0.0.1 -u iank -g vda
name=faiserver
s virshrm $name ||:
else # not armhf
# note, this copies the -B arg to
# /srv/fai/nfsroot/var/tmp/base.tar.xz
- e fai-setup -evf -B /a/bin/fai-basefiles/basefiles/STRETCH64.tar.xz
+ e fai-setup -evf -B /a/bin/fai-basefiles/basefiles/STRETCH64.tar.gz
# fai-setup expert mode avoids writing to /var/log/fai/variables
# at least config_src is needed for autodiscover
$sed '/^FAI_CONFIGDIR|^FAI_CONFIG_SRC|^LOGUSER/d' /var/log/fai/variables
--- /dev/null
+#!/bin/bash
+# Copyright (C) 2018 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+
+[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+
+
+x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
+x="$(readlink -f -- "$BASH_SOURCE")"; PATH="${x%/*}:$PATH" # directory of this file
+
+usage() {
+ cat <<EOF
+Usage: ${0##*/} DISTRO_CODENAME
+Make basefile with desktop packages preinstalled
+
+The longest amount of time when doing a new install is installing
+packages. We can make that faster by preinstalling them in a
+basefile. When a basefile is created, debootstrap allows you to
+specify extra packages, but in trisquel, most packages don't install
+that way. Not sure exactly why. So, we can do a fai dirinstall (fancy
+chroot) to install packages, then turn that into a new basefile.
+
+The script depnds on being in a directory with other scripts from it's repo.
+
+Warning: uses paths specific to author's machine.
+
+-h|--help Print help and exit.
+
+Note: Uses GNU getopt options parsing style
+EOF
+ exit $1
+}
+
+read distver <<<"$@"
+
+if [[ $# != 1 ]]; then
+ echo "$0: error: expected one argument"
+ usage 1
+fi
+
+
+case $distver in
+ flidas)
+ distro=trisquel
+ classes="UBUNTU FLIDAS64 VOL_FLIDAS FLIDAS DESKTOP"
+ ;;
+ *)
+ echo "$0: error: unknown DISTRO_CODENAME"
+ usage 1
+ ;;
+esac
+
+distro=trisquel
+
+# background: i tried using a tmpfs for this. it had minimal effect, like 17 mins vs 18 mins
+t=/tmp/dirinstall
+
+
+cleanup() {
+ sed -i 's/^#LOGUSER=/LOGUSER=/' /etc/fai/fai.conf
+ for d in proc var/lib/dpkg var/cache; do
+ umount -R $t/$d ||:
+ done
+ rm -rf $t
+}
+_errcatch_cleanup=cleanup
+
+
+myfai-chboot default
+sed -i 's/^LOGUSER=/#LOGUSER=/' /etc/fai/fai.conf
+# config umount required after a failed run, proc umount always required
+umount /var/lib/fai/config ||: ; umount -R $t/proc ||:
+
+fai-redep faiserver $distro
+echo "echo $classes" > /srv/fai/config/class/51-multi-boot
+
+rm -rf $t; mkdir -p $t
+
+LANG= fai -N -u hostname_does_not_matter dirinstall $t
+
+# Turn a dirinstall into a basefile. taken from mk-basefile
+chroot $t apt-get clean
+rm -f $t/etc/hostname $t/etc/resolv.conf \
+ $t/var/lib/apt/lists/*_* $t/usr/bin/qemu-*-static \
+ $t/etc/udev/rules.d/70-persistent-net.rules
+echo | dd of=$t/etc/machine-id
+tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.gz
+
+
+cleanup
+exit 0
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
+fai_action=install
fai_action_arg=I
fai_reboot_arg=,reboot
case $1 in
- -h|--help)
- echo "see help from myfai-chboot"
- exit 0
- ;;
- -S)
- fai_action_arg=S
- fai_reboot_arg=
- shift
- ;;
+ -h|--help)
+ echo "see help from myfai-chboot"
+ exit 0
+ ;;
+ -S)
+ fai_action=sysinfo
+ fai_action_arg=S
+ fai_reboot_arg=
+ shift
+ ;;
esac
[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
e() {
- echo "$*"
- if ! "$@"; then
- echo "$0: error: exit code $? from: $*"
- exit 1
- fi
+ echo "$*"
+ if ! "$@"; then
+ echo "$0: error: exit code $? from: $*"
+ exit 1
+ fi
}
host=$1
# in an ipv4 + ipv6 network.
my_ip=$(ip -4 route get 8.8.8.8 | sed -nr 's,^.*src\s+(\S+).*,\1,p')
if [[ ! $my_ip || $my_ip =~ [[:space:]] ]]; then
- echo "$0: error: failed to get \$my_ip, got: $my_ip"
- exit 1
+ echo "$0: error: failed to get \$my_ip, got: $my_ip"
+ exit 1
fi
if [[ $host == default ]]; then
- ip='*'
+ ip='*'
elif [[ $host == [0-9]*.[0-9]*.[0-9]*.[0-9]* ]]; then
- ip=$host/32
+ ip=$host/32
else
- type -t host &>/dev/null || apt-get -y install dnsutils
- ip=$(host $host | sed -rn 's/^\S+ has address //p;T;q')/32
- if [[ ! $ip || $ip =~ [[:space:]] ]]; then
- echo "$0: error: failed to get \$my_ip, got: $my_ip"
- exit 1
- fi
+ type -t host &>/dev/null || apt-get -y install dnsutils
+ ip=$(host $host | sed -rn 's/^\S+ has address //p;T;q')/32
+ if [[ ! $ip || $ip =~ [[:space:]] ]]; then
+ echo "$0: error: failed to get \$my_ip, got: $my_ip"
+ exit 1
+ fi
fi
if modprobe nfsd &>/dev/null; then
- std_arg="-u nfs://faiserver/srv/fai/config"
- # nfsv4 wont do rw with overlayfs yet
- # https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html
- root_arg="$my_ip:/srv/fai/nfsroot:vers=3"
- # fai-setup without -e sets the ip to the local_ip/local_network, eg 192.168.1.3/24
- # I restrict it to one ip as simple but imperfect access control.
+ std_arg="-u nfs://faiserver/srv/fai/config"
+ # nfsv4 wont do rw with overlayfs yet
+ # https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html
+ root_arg="$my_ip:/srv/fai/nfsroot:vers=3"
+ # fai-setup without -e sets the ip to the local_ip/local_network, eg 192.168.1.3/24
+ # I restrict it to one ip as simple but imperfect access control.
- # we may chattr +i /etc/exports if we dun want it modified
- # for example, if we made these exports more widely available
- # while doing multiple installs or a recovery.
- if [[ -w /etc/exports ]]; then
- sed -ri --follow-symlinks '\%^/srv/fai/%d' /etc/exports
- cat >>/etc/exports <<EOF
+ # we may chattr +i /etc/exports if we dun want it modified
+ # for example, if we made these exports more widely available
+ # while doing multiple installs or a recovery.
+ if [[ -w /etc/exports ]]; then
+ sed -ri --follow-symlinks '\%^/srv/fai/%d' /etc/exports
+ cat >>/etc/exports <<EOF
/srv/fai/config $ip(async,ro,no_subtree_check)
/srv/fai/nfsroot $ip(async,ro,no_subtree_check,no_root_squash)
EOF
- exportfs -ra
- fi
- systemctl start nfs-server # assumes recent os
+ exportfs -ra
+ fi
+ systemctl start nfs-server # assumes recent os
else
- std_arg="-u http://faiserver:8080/config.tar.gz"
- root_arg="live:http://faiserver:8080/squash.img"
- /a/exe/web-conf -i -p 8080 - apache2 faiserver <<EOF
+ std_arg="-u http://faiserver:8080/config.tar.gz"
+ root_arg="live:http://faiserver:8080/squash.img"
+ /a/exe/web-conf -i -p 8080 - apache2 faiserver <<EOF
<Location />
Deny from all
Allow from $ip
rm -f /srv/tftp/fai/pxelinux.cfg/*
if [[ ! $1 ]]; then
- exit 0
+ exit 0
fi
e fai-chboot -${fai_action_arg}v $std_arg default # set it to default to get a val out of it next
kernel=$(fai-chboot -L '^default$' | awk '{print $3}')
default_k_args=$(fai-chboot -L '^default$' | \
- sed -r "s/^(\S+\s+){3}(.*)/\2/")
+ sed -r "s/^(\S+\s+){3}(.*)/\2/")
# example of default_k_args
# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot aufs FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config FAI_ACTION=install
k_args=()
for arg in $default_k_args; do
- case $arg in
- # default root arg is /srv/fai/nfsroot
- root=*) k_args+=(root=$root_arg) ;;
- *) k_args+=($arg) ;;
- esac
+ case $arg in
+ # default root arg is /srv/fai/nfsroot
+ root=*) k_args+=(root=$root_arg) ;;
+ *) k_args+=($arg) ;;
+ esac
done
rm -f /srv/tftp/fai/pxelinux.cfg/*
e fai-chboot -k "${k_args[*]}" -v -f verbose,sshd,createvt$fai_reboot_arg $std_arg $kernel "$host"
+
+# this is needed for autodiscover iso. i'm not sure, it might override
+# the fai-chboot method of setting this, i'm not sure.
+echo FAI_ACTION=$fai_action >> /srv/fai/config/class/LAST.var
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
-pmirror() {
- # background: upgrading all packages is not recommended because it
- # doesn't go into the firmware. build new firmware if you want
- # lots of upgrades.
- f=(/tmp/opkg-lists/*)
- if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
- opkg update
- fi
-}
-
-pi() {
- for x in "$@"; do
- if [[ ! $(opkg list-installed "$x") ]]; then
- pmirror
- opkg install "$@"
- fi
- done
-}
-
-v() {
- printf "+ %s\n" "$*"
- "$@"
-}
-
-cat >/usr/bin/arch-pxe-mount <<'EOFOUTER'
-#!/bin/bash
-# symlinks are collapsed for nfs mount points, so use a bind mount.
-# tried putting this in /etc/config/fstab,
-# then doig block mount, it didn't work. This doesn't persist across reboots,
-# todo: figure that out
-d=/run/archiso/bootmnt
-cat > /etc/fstab <<EOF
-/mnt/usb/tftpboot $d none bind 0 0
+usage() {
+ cat <<EOF
+usage: ${0##*/} [-h|--help] [HOST/IP]
+setup my router in general: dhcp, dns, etc.
EOF
-mount | grep $d &>/dev/null || mount $d
-/etc/init.d/nfsd restart
-EOFOUTER
-chmod +x /usr/bin/arch-pxe-mount
-
-cat >.profile <<'EOF'
-# changing login shell emits spam on ssh single commands & scp
- # sed -i 's#/bin/ash$#/bin/bash#' /etc/passwd
-#https://dev.openwrt.org/ticket/13852
-[ "$PS1" = "" ] || {
- /bin/bash
- exit
+ exit $1
}
-EOF
-v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \
- tcpdump openvpn-openssl
-
-
-
-sed -ri "s/option[[:space:]]*encryption[[:space:]]*'?none'?/option encryption psk2\n option key pictionary49/" /etc/config/wireless
-sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless
-v wifi
-
-
-v /etc/init.d/fstab enable ||:
-
-# rebooting makes mounting work, but comparing lsmod,
-# i'm guessing this will too. todo, test it.
-# 255 == module already loaded
-for mod in scsi_mod sd_mod; do v modprobe $mod || [[ $? == 255 ]]; done
-
-# for arch pxe. The default settings in the installer expect to find
-# the NFS at /run/archiso/bootmnt
-mkdir -p /run/archiso/bootmnt
-
-# todo: at some later time, i found /mnt/usb not mounted, watch to see if
-# that is the case after running this or rebooting.
-# wiki says safe to do in case of fstab changes:
-
-## ian: commented and replaced with just an echo
-## since usb port seems to be busted.
-echo | cedit /etc/config/fstab ||:
-# cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; }
-# config global automount
-# option from_fstab 1
-# option anon_mount 1
-
-# config global autoswap
-# option from_fstab 1
-# option anon_swap 1
-
-# config mount
-# option target /mnt/usb
-# option device /dev/sda2
-# option fstype ext2
-# option options rw,async,noatime,nodiratime
-# option enabled 1
-# option enabled_fsck 0
-
-# config swap
-# option device /dev/sda1
-# option enabled 1
-
-# EOF
-
-
-
-# exportfs -ra wont cut it when its the same path, but now a bind mount
-cedit /etc/exports <<'EOF' || v /etc/init.d/nfsd restart ||:
-/mnt/usb 192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
-# for arch pxe
-/run/archiso/bootmnt 192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check)
-EOF
-
-
-v /etc/init.d/portmap start
-v /etc/init.d/nfsd start
-v /etc/init.d/portmap enable
-v /etc/init.d/nfsd enable
-
-
-
-
-
-
-######### uci example:#######
-# # https://wiki.openwrt.org/doc/uci
-# wan_index=$(uci show firewall | sed -rn 's/firewall\.@zone\[([0-9])+\]\.name=wan/\1/p')
-# wan="firewall.@zone[$wan_index]"
-# if [[ $(uci get firewall.@forwarding[0].dest) != $forward_dest ]]; then
-# # default is wan
-# v uci set firewall.@forwarding[0].dest=$forward_dest
-# uci commit firewall
-# firewall_restart=true
-# fi
-
-
-
-########## openvpn exampl
-########## missing firewall settings for routing lan
-########## traffic
-# v /etc/init.d/openvpn start
-# v /etc/init.d/openvpn enable
-
-# # from https://wiki.openwrt.org/doc/uci/firewall
-# # todo: not sure if /etc/init.d/network needs restarting.
-# # I did, and I had to restart the vpn afterwards.
-# # This maps a uci interface to a real interface which is
-# # managed outside of uci.
-# v cedit /etc/config/network <<'EOF' ||:
-# config interface 'tun0'
-# option ifname 'tun0'
-# option proto 'none'
-# EOF
-# v cedit /etc/config/openvpn <<'EOF' || v /etc/init.d/openvpn restart
-# config openvpn my_client_config
-# option enabled 1
-# option config /etc/openvpn/client.conf
-# EOF
-
-
-v cedit /etc/config/network <<'EOF' || v /etc/init.d/network reload
-config 'route' 'transmission'
- option 'interface' 'lan'
- option 'target' '10.173.0.0'
- option 'netmask' '255.255.0.0'
- option 'gateway' '192.168.1.3'
-EOF
-
-v cedit /etc/config/firewall <<'EOF' || firewall_restart=true
-config redirect
- option name ssh
- option src wan
- option src_dport 22
- option dest_ip 192.168.1.8
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 22
-
-config redirect
- option name sshalt
- option src wan
- option src_dport 2222
- option dest_port 22
- option dest_ip 192.168.1.3
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2222
-
-config redirect
- option src wan
- option src_dport 443
- option dest lan
- option dest_ip 192.168.1.8
- option proto tcp
-config rule
- option src wan
- option target ACCEPT
- option dest_port 443
- option proto tcp
-
-config redirect
- option src wan
- option src_dport 1196
- option dest lan
- option dest_ip 192.168.1.8
- option proto udp
-config rule
- option src wan
- option target ACCEPT
- option dest_port 1196
- option proto udp
-
-
-config redirect
- option src wan
- option src_dport 80
- option dest lan
- option dest_ip 192.168.1.8
- option proto tcp
-config rule
- option src wan
- option target ACCEPT
- option dest_port 80
- option proto tcp
-
-config redirect
- option name syncthing
- option src wan
- option src_dport 22001
- option dest_ip 192.168.1.8
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 22001
-
+h=root@10.0.0.1
-EOF
-
-
-
-
-dnsmasq_restart=false
-mail_host=$(grep -F mail.iankelling.org /etc/hosts | awk '{print $1}')
-v cedit /etc/hosts <<EOF || dnsmasq_restart=true
-127.0.1.1 wrt
-192.168.1.1 wrt
-192.168.1.2 treetowl
-192.168.1.3 frodo
-192.168.1.4 htpc
-192.168.1.5 x2
-192.168.1.6 demohost
-#192.168.1.7 faiserver
-192.168.1.8 tp faiserver b8.nz
-192.168.1.9 n5
-192.168.1.10 so
-192.168.1.12 fz
-72.14.176.105 li
-45.33.9.11 lj
-138.68.10.24 dopub
-# netns creation looks for next free subnet starting at 10.173, but I only
-# use one, and I would keep this one as the first created.
-10.173.0.2 transmission
-EOF
-
-# if [[ $mail_host ]]; then
-# sed -i '/^$mail_host/a mail.iankelling.org' /etc/hosts
-# fi
-
-
-# avoid using the dns servers that my isp tells me about.
-if [[ $(uci get dhcp.@dnsmasq[0].resolvfile) ]]; then
- # default is '/tmp/resolv.conf.auto', we switch to the dnsmasq default of
- # /etc/resolv.conf. not sure why I did this.
- v uci delete dhcp.@dnsmasq[0].resolvfile
- uci commit dhcp
- dnsmasq_restart=true
+if [[ $1 ]]; then
+ case $1 in
+ -h|--help) usage ;;
+ *) h=root@$1 ;;
+ esac
fi
-if [[ $(uci get dhcp.@dnsmasq[0].domain) != b8.nz ]]; then
- v uci set dhcp.@dnsmasq[0].domain=b8.nz
- uci commit dhcp
- dnsmasq_restart=true
-fi
-if [[ $(uci get dhcp.@dnsmasq[0].local) != b8.nz ]]; then
- v uci set dhcp.@dnsmasq[0].local=/b8.nz/
- uci commit dhcp
- dnsmasq_restart=true
-fi
-if [[ $(uci get system.@system[0].hostname) != wrt ]]; then
- v uci set system.@system[0].hostname=wrt
- uci commit system
+scp /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin
+ssh $h <<EOF
+if ! opkg list-installed|grep bash; then
+ opkg update
+ opkg install bash
fi
-
-
-# useful: http://wiki.openwrt.org/doc/howto/dhcp.dnsmasq
-
-# sometimes /mnt/usb fails, cuz it's just a flash drive,
-# so make sure we have this dir or else dnsmasq will fail
-# to start.
-mkdir -p /mnt/usb/tftpboot
-v cedit /etc/dnsmasq.conf <<'EOF' || dnsmasq_restart=true
-
-# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
-stop-dns-rebind
-
-# this says the ip of default gateway and dns server,
-# but I think they are unneded and default
-#dhcp-option=3,192.168.1.1
-#dhcp-option=6,192.168.1.1
-
-
-
-# results from googling around dnsmasq optimizations
-# about 50k in memory. router has 62 megs.
-# in a browsing session, I probably won't ever do 5000 lookups
-# before the ttl expiration or whatever does expiration.
-cache-size=10000
-
-# ask all servers, use the one which responds first.
-# http://ma.ttwagner.com/make-dns-fly-with-dnsmasq-all-servers/
-all-servers
-
-# namebench benchmarks dns servers. google's dns was only
-# slightly less fast than some others, and I trust it more
-# to give accurate results, stay relatively fast, and
-# not do anythin too malicious, so just use that.
-# download namebench and run it like this:
-# for x in all regional isp global preferred nearby; do ./namebench.py -s $x -c US -i firefox -m weighted -J 10 -w; echo $x; hr; done
-# google
-server=8.8.4.4
-server=8.8.8.8
-server=2001:4860:4860::8888
-server=2001:4860:4860::8844
-
-
-# to fixup existin ips, on the client you can do
-# sudo dhclient -r; sudo dhclient <interface-name>
-
-# default dhcp range is 100-150
-dhcp-host=f4:6d:04:02:ed:66,set:treetowl,192.168.1.2,treetowl
-dhcp-host=00:26:18:97:bb:16,set:frodo,192.168.1.3,frodo
-dhcp-host=10:78:d2:da:29:22,set:htpc,192.168.1.4,htpc
-dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2
-#dhcp-host=00:c0:ca:27:e9:b2,set:kww,192.168.1.11,x2w
-#wireless interface
-# this is so fai can have an explicit name to use for testing,
-# or else any random machine which did a pxe boot would get
-# reformatted. The mac is from doing a virt-install, cancelling it,
-# and copying the generated mac, so it should be randomish.
-dhcp-host=52:54:00:9c:ef:ad,set:demohost,192.168.1.6,demohost
-#dhcp-host=52:54:00:56:09:f9,set:faiserver,192.168.1.7,faiserver
-dhcp-host=80:fa:5b:1c:6e:cf,set:tp,192.168.1.8,tp
-# this is the ip it picks by default if dhcp fails,
-# so might as well use it.
-# hostname is the name it uses according to telnet
-dhcp-host=b4:75:0e:94:29:ca,set:switch9429ca,192.168.1.251,switch9429ca
-
-# template
-# dhcp-host=,192.168.1.,
-
-# Just leave the tftp server up even if we aren't doing pxe boot.
-# It has no sensitive info.
-enable-tftp=br-lan
-tftp-root=/mnt/usb/tftpboot
+export HOME_DOMAIN=$HOME_DOMAIN
+wrt-setup-local
EOF
-
-if $dnsmasq_restart; then
- v /etc/init.d/dnsmasq restart
-fi
-
-if $firewall_restart; then
- v /etc/init.d/firewall restart
-fi
--- /dev/null
+#!/bin/bash
+# Copyright (C) 2016 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+
+pmirror() {
+ # background: upgrading all packages is not recommended because it
+ # doesn't go into the firmware. build new firmware if you want
+ # lots of upgrades. I think /tmp/opkg-lists is a pre openwrt 14 location.
+ f=(/tmp/opkg-lists/* /var/opkg-lists/*)
+ if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
+ opkg update
+ fi
+}
+
+pi() {
+ for x in "$@"; do
+ if [[ ! $(opkg list-installed "$x") ]]; then
+ pmirror
+ opkg install "$@"
+ fi
+ done
+}
+
+v() {
+ printf "+ %s\n" "$*"
+ "$@"
+}
+
+### network config
+###
+l=10.0.0
+lan=10.0.0.0
+mask=255.255.0.0
+
+cat >/usr/bin/arch-pxe-mount <<'EOFOUTER'
+#!/bin/bash
+# symlinks are collapsed for nfs mount points, so use a bind mount.
+# tried putting this in /etc/config/fstab,
+# then doig block mount, it didn't work. This doesn't persist across reboots,
+# todo: figure that out
+d=/run/archiso/bootmnt
+cat > /etc/fstab <<EOF
+/mnt/usb/tftpboot $d none bind 0 0
+EOF
+mount | grep $d &>/dev/null || mount $d
+/etc/init.d/nfsd restart
+EOFOUTER
+chmod +x /usr/bin/arch-pxe-mount
+
+cat >.profile <<'EOF'
+# changing login shell emits spam on ssh single commands & scp
+ # sed -i 's#/bin/ash$#/bin/bash#' /etc/passwd
+# https://github.com/openwrt/packages/issues/6137
+[ "$BASH_VERSION" != "" ] || exec /bin/bash -i
+EOF
+v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \
+ tcpdump openvpn-openssl adblock
+
+
+
+sed -ri "s/option[[:space:]]+encryption[[:space:]].*/option encryption psk2/;s/option[[:space:]]+key.*/option key pictionary49/" /etc/config/wireless
+sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless
+v wifi
+
+
+v /etc/init.d/fstab enable ||:
+
+# rebooting makes mounting work, but comparing lsmod,
+# i'm guessing this will too. todo, test it.
+# 255 == module already loaded
+for mod in scsi_mod sd_mod; do v modprobe $mod || [[ $? == 255 ]]; done
+
+# for arch pxe. The default settings in the installer expect to find
+# the NFS at /run/archiso/bootmnt
+mkdir -p /run/archiso/bootmnt
+
+# todo: at some later time, i found /mnt/usb not mounted, watch to see if
+# that is the case after running this or rebooting.
+# wiki says safe to do in case of fstab changes:
+
+## ian: usb broke on old router. if that happens, can just comment this to disable problems
+echo | cedit /etc/config/fstab ||:
+cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; }
+config global automount
+ option from_fstab 1
+ option anon_mount 1
+
+config mount
+ option target /mnt/usb
+ option device /dev/sda1
+ option fstype ext4
+ option options rw,async,noatime,nodiratime
+ option enabled 1
+EOF
+
+
+# ian: disabled because afaik I don't need it, no benefit.
+# config global autoswap
+# option from_fstab 1
+# option anon_swap 1
+
+# config swap
+# option device /dev/sda1
+# option enabled 1
+
+
+
+
+# exportfs -ra wont cut it when its the same path, but now a bind mount
+cedit /etc/exports <<EOF || v /etc/init.d/nfsd restart ||:
+/mnt/usb $lan/$netmask(rw,no_root_squash,insecure,sync,no_subtree_check)
+# for arch pxe
+/run/archiso/bootmnt $lan/$netmask(rw,no_root_squash,insecure,sync,no_subtree_check)
+EOF
+
+
+v /etc/init.d/portmap start
+v /etc/init.d/nfsd start
+v /etc/init.d/portmap enable
+v /etc/init.d/nfsd enable
+
+
+
+
+
+
+######### uci example:#######
+# # https://wiki.openwrt.org/doc/uci
+# wan_index=$(uci show firewall | sed -rn 's/firewall\.@zone\[([0-9])+\]\.name=wan/\1/p')
+# wan="firewall.@zone[$wan_index]"
+# if [[ $(uci get firewall.@forwarding[0].dest) != $forward_dest ]]; then
+# # default is wan
+# v uci set firewall.@forwarding[0].dest=$forward_dest
+# uci commit firewall
+# firewall_restart=true
+# fi
+
+
+
+########## openvpn exampl
+########## missing firewall settings for routing lan
+########## traffic
+# v /etc/init.d/openvpn start
+# v /etc/init.d/openvpn enable
+
+# # from https://wiki.openwrt.org/doc/uci/firewall
+# # todo: not sure if /etc/init.d/network needs restarting.
+# # I did, and I had to restart the vpn afterwards.
+# # This maps a uci interface to a real interface which is
+# # managed outside of uci.
+# v cedit /etc/config/network <<'EOF' ||:
+# config interface 'tun0'
+# option ifname 'tun0'
+# option proto 'none'
+# EOF
+# v cedit /etc/config/openvpn <<'EOF' || v /etc/init.d/openvpn restart
+# config openvpn my_client_config
+# option enabled 1
+# option config /etc/openvpn/client.conf
+# EOF
+
+
+v cedit /etc/config/network <<EOF || v /etc/init.d/network reload
+config 'route' 'transmission'
+ option 'interface' 'lan'
+ option 'target' '10.173.0.0'
+ option 'netmask' '255.255.0.0'
+ option 'gateway' '$l.3'
+EOF
+
+v cedit /etc/config/firewall <<EOF || firewall_restart=true
+config redirect
+ option name ssh
+ option src wan
+ option src_dport 22
+ option dest_ip $l.8
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 22
+
+config redirect
+ option name sshalt
+ option src wan
+ option src_dport 2222
+ option dest_port 22
+ option dest_ip $l.3
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 2222
+
+config redirect
+ option src wan
+ option src_dport 443
+ option dest lan
+ option dest_ip $l.8
+ option proto tcp
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 443
+ option proto tcp
+
+config redirect
+ option src wan
+ option src_dport 1196
+ option dest lan
+ option dest_ip $l.8
+ option proto udp
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 1196
+ option proto udp
+
+
+config redirect
+ option src wan
+ option src_dport 80
+ option dest lan
+ option dest_ip $l.8
+ option proto tcp
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 80
+ option proto tcp
+
+config redirect
+ option name syncthing
+ option src wan
+ option src_dport 22001
+ option dest_ip $l.8
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 22001
+
+
+
+EOF
+
+
+
+
+dnsmasq_restart=false
+mail_host=$(grep -F mail.iankelling.org /etc/hosts | awk '{print $1}')
+v cedit /etc/hosts <<EOF || dnsmasq_restart=true
+127.0.1.1 wrt
+$l.1 wrt
+$l.2 kd
+$l.3 frodo
+$l.4 htpc
+$l.5 x2
+$l.6 demohost
+#$l.7 faiserver
+$l.8 tp faiserver b8.nz
+$l.9 n5
+$l.10 so
+$l.12 fz
+72.14.176.105 li
+45.33.9.11 lj
+138.68.10.24 dopub
+# netns creation looks for next free subnet starting at 10.173, but I only
+# use one, and I would keep this one as the first created.
+10.173.0.2 transmission
+EOF
+
+# if [[ $mail_host ]]; then
+# sed -i '/^$mail_host/a mail.iankelling.org' /etc/hosts
+# fi
+
+
+# avoid using the dns servers that my isp tells me about.
+if [[ $(uci get dhcp.@dnsmasq[0].resolvfile 2>/dev/null) ]]; then
+ # default is '/tmp/resolv.conf.auto', we switch to the dnsmasq default of
+ # /etc/resolv.conf. not sure why I did this.
+ v uci delete dhcp.@dnsmasq[0].resolvfile
+ uci commit dhcp
+ dnsmasq_restart=true
+fi
+
+if [[ $(uci get dhcp.@dnsmasq[0].domain) != b8.nz ]]; then
+ v uci set dhcp.@dnsmasq[0].domain=b8.nz
+ uci commit dhcp
+ dnsmasq_restart=true
+fi
+if [[ $(uci get dhcp.@dnsmasq[0].local) != b8.nz ]]; then
+ v uci set dhcp.@dnsmasq[0].local=/b8.nz/
+ uci commit dhcp
+ dnsmasq_restart=true
+fi
+
+if [[ $(uci get system.@system[0].hostname) != wrt ]]; then
+ v uci set system.@system[0].hostname=wrt
+ uci commit system
+fi
+
+
+if [[ $(uci get adblock.global.adb_enabled) != 1 ]]; then
+ v uci set adblock.global.adb_enabled=1
+ uci commit adblock
+ /etc/init.d/adblock restart
+fi
+# https://github.com/openwrt/packages/tree/master/net/adblock/files
+cat >/etc/crontabs/root <<'EOF'
+0 06 * * * /etc/init.d/adblock reload
+EOF
+
+
+# useful: http://wiki.openwrt.org/doc/howto/dhcp.dnsmasq
+
+# sometimes /mnt/usb fails, cuz it's just a flash drive,
+# so make sure we have this dir or else dnsmasq will fail
+# to start.
+mkdir -p /mnt/usb/tftpboot
+v cedit /etc/dnsmasq.conf <<EOF || dnsmasq_restart=true
+
+# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
+stop-dns-rebind
+
+# this says the ip of default gateway and dns server,
+# but I think they are unneded and default
+#dhcp-option=3,$l.1
+#dhcp-option=6,$l.1
+
+
+
+# results from googling around dnsmasq optimizations
+# about 50k in memory. router has 62 megs.
+# in a browsing session, I probably won't ever do 5000 lookups
+# before the ttl expiration or whatever does expiration.
+cache-size=10000
+
+# ask all servers, use the one which responds first.
+# http://ma.ttwagner.com/make-dns-fly-with-dnsmasq-all-servers/
+all-servers
+
+# namebench benchmarks dns servers. google's dns was only
+# slightly less fast than some others, and I trust it more
+# to give accurate results, stay relatively fast, and
+# not do anythin too malicious, so just use that.
+# download namebench and run it like this:
+# for x in all regional isp global preferred nearby; do ./namebench.py -s \$x -c US -i firefox -m weighted -J 10 -w; echo \$x; hr; done
+# google
+server=8.8.4.4
+server=8.8.8.8
+server=2001:4860:4860::8888
+server=2001:4860:4860::8844
+
+
+# to fixup existin ips, on the client you can do
+# sudo dhclient -r; sudo dhclient <interface-name>
+
+# default dhcp range is 100-150
+# bottom port, iPXE (PCI 03:00.0) in seabios boot menu
+dhcp-host=c8:60:00:31:6b:75,set:kd,$l.2,kd
+# top port, iPXE (PCI 04:00.0) in seabios boot menu
+#dhcp-host=c8:60:00:2b:15:07,set:kd,$l.2,kd
+dhcp-host=00:26:18:97:bb:16,set:frodo,$l.3,frodo
+dhcp-host=10:78:d2:da:29:22,set:htpc,$l.4,htpc
+dhcp-host=00:1f:16:16:39:24,set:x2,$l.5,x2
+#dhcp-host=00:c0:ca:27:e9:b2,set:x2w,$l.11,x2w
+#wireless interface
+# this is so fai can have an explicit name to use for testing,
+# or else any random machine which did a pxe boot would get
+# reformatted. The mac is from doing a virt-install, cancelling it,
+# and copying the generated mac, so it should be randomish.
+dhcp-host=52:54:00:9c:ef:ad,set:demohost,$l.6,demohost
+#dhcp-host=52:54:00:56:09:f9,set:faiserver,$l.7,faiserver
+dhcp-host=80:fa:5b:1c:6e:cf,set:tp,$l.8,tp
+# this is the ip it picks by default if dhcp fails,
+# so might as well use it.
+# hostname is the name it uses according to telnet
+dhcp-host=b4:75:0e:94:29:ca,set:switch9429ca,$l.251,switch9429ca
+
+# template
+# dhcp-host=,$l.,
+
+# Just leave the tftp server up even if we aren't doing pxe boot.
+# It has no sensitive info.
+enable-tftp=br-lan
+tftp-root=/mnt/usb/tftpboot
+EOF
+
+if $dnsmasq_restart; then
+ v /etc/init.d/dnsmasq restart
+fi
+
+if $firewall_restart; then
+ v /etc/init.d/firewall restart
+fi
+++ /dev/null
-#!/bin/bash
-# Copyright (C) 2016 Ian Kelling
-
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
-
-usage() {
- cat <<EOF
-usage: ${0##*/} [-h|--help]
-setup my router in general: dhcp, dns, etc.
-EOF
- exit $1
-}
-case $1 in
- -h|--help) usage ;;
-esac
-
-
-h=root@192.168.1.1
-scp /a/bin/fai/wrt-setup /a/bin/cedit/cedit $h:/usr/bin
-ssh $h <<EOF
-if ! opkg list-installed|grep bash; then
- opkg update
- opkg install bash
-fi
-export HOME_DOMAIN=$HOME_DOMAIN
-wrt-setup
-EOF
iankelling.org / git / automated-distro-installer / commitdiff