From 2ee7b55c3811815cdec75025cefa94918cf99ba7 Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Tue, 12 Mar 2019 16:50:59 -0400
Subject: [PATCH] wrt setup fixes and improvements

---
 wrt-setup       |  24 ++++++++--
 wrt-setup-local | 122 +++++++++++++++++++++++++-----------------------
 2 files changed, 84 insertions(+), 62 deletions(-)

diff --git a/wrt-setup b/wrt-setup
index 746b16f..3e71ef5 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -23,28 +23,44 @@ x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
 
 usage() {
   cat <<EOF
-usage: ${0##*/} [-h|--help] [HOST/IP]
+usage: ${0##*/} [-h|--help] [-d|--dev2] [HOST/IP]
 setup my router in general: dhcp, dns, etc.
+
+dev2 is for setting up a second device for testing etc.
 EOF
   exit $1
 }
 
 h=root@10.0.0.1
 
-if [[ $1 ]]; then
+temp=$(getopt -l help,dev2 h2 "$@") || usage 1
+eval set -- "$temp"
+while true; do
   case $1 in
+    -2|--dev2) local_arg=-2; shift ;;
     -h|--help) usage ;;
-    *) h=root@$1 ;;
+    --) shift; break ;;
+    *) echo "$0: Internal error! unexpected args: $*" ; exit 1 ;;
   esac
+done
+
+if (( $# > 1 )); then
+  usage 1
+fi
+
+if [[ $# == 1 ]]; then
+  read h <<<"$@"
 fi
 
 cat ~/.ssh/home.pub | ssh $h dd of=/etc/dropbear/authorized_keys 2>/dev/null
 scp /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin
+# build for openwrt 18.06.2, r7676-cddd7b4c77
+scp /a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk $h:
 ssh $h <<EOF
 if ! opkg list-installed|grep bash; then
     opkg update
     opkg install bash
 fi
 export HOME_DOMAIN=$HOME_DOMAIN
-wrt-setup-local
+wrt-setup-local $local_arg
 EOF
diff --git a/wrt-setup-local b/wrt-setup-local
index 43628bc..e043e7d 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -18,6 +18,11 @@
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
+dev2=false
+if [[ $1 == -2 ]]; then
+  dev2=true
+fi
+
 pmirror() {
   # background: upgrading all packages is not recommended because it
   # doesn't go into the firmware. build new firmware if you want
@@ -46,6 +51,10 @@ v() {
 ###
 ssid="check out gnu.org"
 lan=10.0.0.0
+if $dev2; then
+  ssid="test1"
+  lan=10.1.0.0
+fi
 mask=255.255.0.0
 l=${lan%.0}
 
@@ -68,14 +77,9 @@ done
 EOFOUTER
 chmod +x /usr/bin/archlike-pxe-mount
 
-cat >.profile <<'EOF'
-# changing login shell emits spam on ssh single commands & scp
-    # sed -i 's#/bin/ash$#/bin/bash#' /etc/passwd
-# https://github.com/openwrt/packages/issues/6137
-[ "$BASH_VERSION" != "" ] || exec /bin/bash -i
-EOF
+sed -i '/^root:/s,/bin/ash$,/bin/bash,' /etc/passwd
 v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \
-  tcpdump openvpn-openssl adblock
+  tcpdump openvpn-openssl adblock libusb-compat /root/relay_1.0-1_mips_24kc.ipk
 
 
 
@@ -99,17 +103,20 @@ mkdir -p /run/parabolaiso/bootmnt
 
 ## ian: usb broke on old router. if that happens, can just comment this to disable problems
 echo | cedit /etc/config/fstab ||:
-cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; }
+cedit /etc/config/fstab <<EOF || { v block umount; v block mount; }
 config global automount
       option from_fstab 1
       option anon_mount 1
 
 config mount
+# /overlay is an / overlay mount for installing extra packages, etc.
+# https://openwrt.org/docs/guide-user/additional-software/extroot_configuration
       option target	/mnt/usb
+#      option target	/overlay
       option device	/dev/sda1
       option fstype	ext4
       option options	rw,async,noatime,nodiratime
-      option enabled	1
+      option enabled	0
 EOF
 
 
@@ -126,7 +133,9 @@ EOF
 
 
 # exportfs -ra wont cut it when its the same path, but now a bind mount
-cedit /etc/exports <<EOF || v /etc/init.d/nfsd restart ||:
+# todo: restart nfs when nfs is enabled?
+#cedit /etc/exports <<EOF || v /etc/init.d/nfsd restart ||:
+cedit /etc/exports <<EOF ||:
 /mnt/usb  $lan/$netmask(rw,no_root_squash,insecure,sync,no_subtree_check)
 # for arch pxe
 /run/archiso/bootmnt	$lan/$netmask(rw,no_root_squash,insecure,sync,no_subtree_check)
@@ -134,10 +143,11 @@ cedit /etc/exports <<EOF || v /etc/init.d/nfsd restart ||:
 EOF
 
 
-v /etc/init.d/portmap start
-v /etc/init.d/nfsd start
-v /etc/init.d/portmap enable
-v /etc/init.d/nfsd enable
+# todo: enable nfs when we need it only.
+# v /etc/init.d/portmap start
+# v /etc/init.d/nfsd start
+# v /etc/init.d/portmap enable
+# v /etc/init.d/nfsd enable
 
 
 
@@ -156,29 +166,38 @@ v /etc/init.d/nfsd enable
 # fi
 
 
+uset() {
+  local key="$1"
+  local val="$2"
+  local service="${key%%.*}"
+  restart_var=${service}_restart
+  if [[ ! ${!restart_var} ]]; then
+    eval $restart_var=false
+  fi
+  if [[ $(uci get "$key") != "$val" ]]; then
+    v uci set "$key"="$val"
+    uci commit $service
+    eval $restart_var=true
+  fi
+}
+
+uset dropbear.@dropbear[0].PasswordAuth 0
+uset dropbear.@dropbear[0].RootPasswordAuth 0
+uset dropbear.@dropbear[0].Port 2220
+
 wireless_restart=false
 key=pictionary49
 for x in 0 1; do
-  if [[ $(uci get wireless.default_radio$x.ssid) != "$ssid" ]]; then
-    v uci set wireless.default_radio$x.ssid="$ssid"
-    wireless_restart=true
-  fi
-  if [[ $(uci get wireless.default_radio$x.key) != $key ]]; then
-    v uci set wireless.default_radio$x.key=$key
-    wireless_restart=true
-  fi
-  if [[ $(uci get wireless.default_radio$x.encryption) != psk2 ]]; then
-    v uci set wireless.default_radio$x.encryption=psk2
-    wireless_restart=true
-  fi
-  if [[ $(uci get wireless.default_radio$x.disabled 2>/dev/null) ]]; then
-    v uci delete wireless.default_radio$x.disabled
+  uset wireless.default_radio$x.ssid "$ssid"
+  uset wireless.default_radio$x.key $key
+  uset wireless.default_radio$x.encryption psk2
+  if [[ $(uci get wireless.radio$x.disabled 2>/dev/null) ]]; then
+    v uci delete wireless.radio$x.disabled
     wireless_restart=true
   fi
 done
 
 if $wireless_restart; then
-  uci commit wireless
   v wifi
 fi
 
@@ -240,6 +259,12 @@ config rule
     option target           ACCEPT
     option dest_port        2222
 
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        2220
+
+
 config redirect
     option src              wan
     option src_dport        443
@@ -296,7 +321,6 @@ EOF
 
 
 dnsmasq_restart=false
-mail_host=$(grep -F mail.iankelling.org /etc/hosts | awk '{print $1}')
 v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 127.0.1.1 wrt
 $l.1 wrt
@@ -318,6 +342,7 @@ $l.12 fz
 10.173.0.2 transmission
 EOF
 
+#mail_host=$(grep -F mail.iankelling.org /etc/hosts | awk '{print $1}')
 # if [[ $mail_host ]]; then
 #     sed -i '/^$mail_host/a mail.iankelling.org' /etc/hosts
 # fi
@@ -332,22 +357,9 @@ if [[ $(uci get dhcp.@dnsmasq[0].resolvfile 2>/dev/null) ]]; then
   dnsmasq_restart=true
 fi
 
-if [[ $(uci get dhcp.@dnsmasq[0].domain) != b8.nz ]]; then
-  v uci set dhcp.@dnsmasq[0].domain=b8.nz
-  uci commit dhcp
-  dnsmasq_restart=true
-fi
-if [[ $(uci get dhcp.@dnsmasq[0].local) != /b8.nz/ ]]; then
-  v uci set dhcp.@dnsmasq[0].local=/b8.nz/
-  uci commit dhcp
-  dnsmasq_restart=true
-fi
-
-if [[ $(uci get system.@system[0].hostname) != wrt ]]; then
-  v uci set system.@system[0].hostname=wrt
-  uci commit system
-fi
-
+uset dhcp.@dnsmasq[0].domain b8.nz
+uset dhcp.@dnsmasq[0].local /b8.nz/
+uset system.@system[0].hostname wrt
 
 if [[ $(uci get adblock.global.adb_enabled) != 1 ]]; then
   v uci set adblock.global.adb_enabled=1
@@ -443,20 +455,14 @@ if $firewall_restart; then
   v /etc/init.d/firewall restart
 fi
 
+uset network.lan.ipaddr $l.1
+uset network.lan.netmask $mask
 
-reboot=false
-if [[ $(uci get network.lan.ipaddr) != $l.1 ]]; then
-  v uci set network.lan.ipaddr=$l.1
-  uci commit network
-  reboot=true
+if $network_restart; then
+  reboot
 fi
-if [[ $(uci get network.lan.netmask) != $mask ]]; then
-  v uci set network.lan.netmask=$mask
-  uci commit network
-  reboot=true
+if $dropbear_restart; then
+  v /etc/init.d/dropbear restart
 fi
 
-if $reboot; then
-  reboot
-fi
 exit 0
-- 
2.30.2