From: Ian Kelling Date: Fri, 5 May 2017 15:52:32 +0000 (-0700) Subject: fix docker group, add public nfs X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=commitdiff_plain;h=17ef86e0555e0c8db46708b9833da4f4591e74be fix docker group, add public nfs --- diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index 3b07687..f230d3c 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -61,8 +61,8 @@ fi # comparing ian's groups to traci, I see none she should join on arch $ROOTCMD usermod -a -G traci ian -getent group docker &>/dev/null || groupadd -r docker -usermod -a -G docker ian +$ROOTCMD getent group docker &>/dev/null || $ROOTCMD groupadd -r docker +$ROOTCMD usermod -a -G docker ian # based on unison error, with 8192 from # sysctl -a | grep fs.inotify.max_user_watches diff --git a/pxe-server b/pxe-server index a3df1a5..bba53e6 100755 --- a/pxe-server +++ b/pxe-server @@ -31,16 +31,10 @@ usage() { Usage: ${0##*/} [OPTIONS] [HOST TYPE] Configure dnsmasq pxe server options and fai-chboot if appropriate. - Without HOST TYPE, disable pxe server and fai server. -TYPE is one of arch, plain, fai. -HOST is a hostname known to the dhcp server, or default for all -Note, when switching between plain and arch, you will need to -do something like: -ssh wrt -cd /mnt/usb -rm tftpboot -ln -s tftpboot + +HOST A hostname known to the dhcp server, or default for all. +TYPE One of arch, plain, fai. -r Don't redeploy fai config. For example, if there is a different host @@ -56,6 +50,14 @@ ln -s tftpboot -h|--help Print help and exit +Note, when switching between plain and arch, you will need to +do something like: +ssh wrt +cd /mnt/usb +rm tftpboot +ln -s tftpboot + + Note: Uses GNU getopt options parsing style EOF exit $1 diff --git a/wrt-setup b/wrt-setup index 17c31c2..020385f 100755 --- a/wrt-setup +++ b/wrt-setup @@ -204,28 +204,28 @@ config rule option dest_port 2222 config redirect - option src wan - option src_dport 443 - option dest lan - option dest_ip 192.168.1.2 - option proto tcp + option src wan + option src_dport 443 + option dest lan + option dest_ip 192.168.1.2 + option proto tcp config rule - option src wan - option target ACCEPT - option dest_port 443 - option proto tcp + option src wan + option target ACCEPT + option dest_port 443 + option proto tcp config redirect - option src wan - option src_dport 80 - option dest lan - option dest_ip 192.168.1.2 - option proto tcp + option src wan + option src_dport 80 + option dest lan + option dest_ip 192.168.1.2 + option proto tcp config rule - option src wan - option target ACCEPT - option dest_port 80 - option proto tcp + option src wan + option target ACCEPT + option dest_port 80 + option proto tcp config redirect option name syncthing @@ -238,6 +238,91 @@ config rule option target ACCEPT option dest_port 22001 +#### begin rules for nfs #### +# https://serverfault.com/questions/377170/which-ports-do-i-need-to-open-in-the-firewall-to-use-nfs +# https://wiki.debian.org/SecuringNFS +# I had no /etc/default/quota, or any process named quota anything, +# so, assumed that was unneeded. seems to work. +config redirect + option src wan + option src_dport 111 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 111 +config redirect + option src wan + option src_dport 2049 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 2049 +config redirect + option src wan + option src_dport 32764 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32764 +config redirect + option src wan + option src_dport 32765 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32765 +config redirect + option src wan + option src_dport 32766 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32766 +config redirect + option src wan + option src_dport 32767 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32767 +config redirect + option src wan + option src_dport 32768 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32768 +#### end rules for nfs #### + + +config redirect + option name mariadb + option src wan + option src_dport 3306 + option dest lan + option dest_ip 192.168.1.2 + option proto tcp +config rule + option src wan + option target ACCEPT + option dest_port 3306 + option proto tcp + + EOF