From ac4e0089e245c96a388b8fcdd92fc05da3399694 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 28 May 2018 18:41:42 -0400 Subject: [PATCH] dirinstall fixes/improvements, other minor changes --- README | 41 +-- debian-pxe-preseed | 2 + fai-redep | 22 +- fai-revm | 93 +++--- fai/config/basefiles/mk-basefile | 14 +- fai/config/class/50-host-classes | 2 +- fai/config/distro-install-common/end | 4 +- fai/config/hooks/instsoft.DEFAULT | 4 +- fai/config/package_config/FAIBASE | 2 +- fai/config/scripts/GRUB_PC/11-iank | 10 + faiserver-revm | 4 +- faiserver-setup | 2 +- mk-basefile-big | 105 +++++++ myfai-chboot-local | 105 +++---- wrt-setup | 386 ++----------------------- wrt-setup-local | 413 +++++++++++++++++++++++++++ wrt-setup-remote | 45 --- 17 files changed, 684 insertions(+), 570 deletions(-) create mode 100755 mk-basefile-big create mode 100755 wrt-setup-local delete mode 100755 wrt-setup-remote diff --git a/README b/README index 60c6e6f..15ed8a3 100644 --- a/README +++ b/README @@ -12,22 +12,22 @@ Utilizes multiple disks, with scripts to automatically decrypt on intentional reboots, but not after shutdown or power loss. Normal install mode for fai is using pxe, but on a libreboot system, -there is no pxe. The pxe in a normal computer is nonfree firmware. What -I've done instead: +there is no pxe. The pxe in a normal computer is nonfree +firmware. Alternatives to normal pxe that I've tried: + +* libreboot + seabios + ipxe * Use a live cd to call pxe-kexec, this is described later in this file. * Use the fai autodiscover iso. This is more automated, so nicer. * Use an install method above to setup a gnu/linux disk partition that - acts like a pxe boot using kexec, but it takes a bit longer. This is + coordinates with libreboot grub to acts like a pxe boot using + kexec. The boot process takes a bit longer than normal pxe. This is the bootstrap partition in my scripts. Things I haven't tried: -* There is iPXE, which requires standard bios functions, which can be - provided by seabios, which can be a libreboot payload. - * The bios chip has enough room for an initrd. This could be setup to work like the partition I use to kexec, but it would be faster, and not require installing to disk. @@ -77,7 +77,7 @@ faiserver-uninstall # uninstall fai-server faiserver-setup # install fai-server on the current machine myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot -wrt-setup-remote # setup my router in general: dhcp, dns, etc. +wrt-setup # setup my router in general: dhcp, dns, etc. # Script to do a distro install @@ -126,33 +126,6 @@ exit reboot -# dirinstall - -host=kw -distro=trisquel -t=/dev/shm/t -myfai-chboot default -sudo sed -i 's/^LOGUSER=/#LOGUSER=/' /etc/fai/fai.conf -# config umount required after a failed run, proc umount always required -sudo umount /var/lib/fai/config ||: ; sudo umount -R $t/proc ||: -fai-redep faiserver $distro -sudo rm -rf $t ; mkdir $t; time sudo LANG= fai -N -u $host dirinstall $t - -# cleanup: -sudo sed -i 's/^#LOGUSER=/LOGUSER=/' /etc/fai/fai.conf -sudo umount -R $t/proc - - -# Turning a dirinstall into a basefile. taken from mk-basefile - -sudo chroot $t apt-get clean -sudo rm -f $t/etc/hostname $t/etc/resolv.conf \ - $t/var/lib/apt/lists/*_* $t/usr/bin/qemu-*-static \ - $t/etc/udev/rules.d/70-persistent-net.rules -echo | sudo dd of=$t/etc/machine-id -sudo tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/FLIDAS64X.tar.gz - - # License diff --git a/debian-pxe-preseed b/debian-pxe-preseed index 31a038a..a3ed886 100755 --- a/debian-pxe-preseed +++ b/debian-pxe-preseed @@ -16,6 +16,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# WARNING: outdated! needs docs and update to debian-stretch + x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" [[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@" diff --git a/fai-redep b/fai-redep index 94a85db..1a7ed88 100755 --- a/fai-redep +++ b/fai-redep @@ -24,6 +24,8 @@ usage() { usage: ${0##*/} [-h|--help] [HOST] [DISTRO] Deploy fai config (the one in nfs) to HOST or default faiserver Specify DISTRO for setting up DESKTOP packages. + +Note: uses paths specific to authors machine. EOF exit $1 } @@ -60,21 +62,6 @@ pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro)) ssh root@$faiserver_host dd of=/srv/fai/config/package_config/DESKTOP 2>/dev/null ||: # broken pipe -# built BELENOS basefile with mk-basefile -J BELENOS64. it's stored in -# it's own repo which is published alongside this one called -# fai-basefiles due to being a large binary file. - -declare -A sums -while read -r sum file; do - sums[$file]=$sum -done < <(cat /a/bin/fai-basefiles/md5sums.txt) - -{ timeout 2 curl -s http://fai-project.org/download/basefiles/md5sums.txt ||:; } | - while read -r sum file; do - if [[ ${sums[$file]} && ${sums[$file]} != $sum ]]; then - echo "${0##*/}: WARNING!!!!!!!!! NEW UPSTREAM BASEFILE: $file" - fi - done rsync -r --delete /a/bin/fai-basefiles/basefiles root@$faiserver_host:/srv/fai/config ssh root@$faiserver_host bash <<'EOF' set -eE -o pipefail @@ -88,11 +75,6 @@ sed -ri 's,^ *(TFTP_DIRECTORY=).*,\1"/srv/tftp/fai",' /etc/default/tftpd-hpa systemctl restart tftpd-hpa chmod 644 /srv/fai/config/files/root/.ssh/authorized_keys/GRUB_PC chmod -R a+rX /srv/fai/config/distro-install-common -# this basefile has tar acls bug, so I'm using my own -# local one for now. -#cd /srv/fai/config/basefiles -#u=http://fai-project.org/download/basefiles/XENIAL64.tar.xz -#wget -nv -N $u changed=false f=/srv/fai/nfsroot/root/.ssh/known_hosts diff --git a/fai-revm b/fai-revm index 4b3d0d0..30f5419 100755 --- a/fai-revm +++ b/fai-revm @@ -25,7 +25,7 @@ e() { echo "$*"; "$@"; } usage() { - cat <&2 fi } -au() { # add user +au() { # add user. i don't use adduser for portability if ! $ROOTCMD getent passwd ${@: -1}; then - $ROOTCMD useradd -m -s /bin/bash $@ + $ROOTCMD useradd -Um -s /bin/bash $@ fi } diff --git a/fai/config/hooks/instsoft.DEFAULT b/fai/config/hooks/instsoft.DEFAULT index a2a6100..f02f1cf 100755 --- a/fai/config/hooks/instsoft.DEFAULT +++ b/fai/config/hooks/instsoft.DEFAULT @@ -1,7 +1,7 @@ #!/bin/bash -# exit for any vm which is not our test vm -if ifclass VM && ! ifclass demohost || ifclass VOL_STRETCH_BOOTSTRAP; then +# exit for any vm except demohost, or if we are doing a dirinstall +if ifclass VM && ! ifclass demohost || ifclass VOL_STRETCH_BOOTSTRAP || [[ ! $FAI_ACTION || $FAI_ACTION = dirinstall ]]; then exit 0 fi diff --git a/fai/config/package_config/FAIBASE b/fai/config/package_config/FAIBASE index f2d0b29..401c641 100644 --- a/fai/config/package_config/FAIBASE +++ b/fai/config/package_config/FAIBASE @@ -1,4 +1,4 @@ -PACKAGES install-norec DEBIAN UBUNTU +PACKAGES install DEBIAN UBUNTU apt-transport-https fai-client debconf-utils diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank index 0df904b..ff65eb2 100755 --- a/fai/config/scripts/GRUB_PC/11-iank +++ b/fai/config/scripts/GRUB_PC/11-iank @@ -98,6 +98,16 @@ EOF if [[ $FAI_ACTION != dirinstall ]]; then + + cat >$FAI_ROOT/etc/grub.d/40_custom <<'EOF' +# https://www.coreboot.org/Serial_console +# but removed unneeded stuff + +serial --speed=115200 +terminal_input --append serial +terminal_output --append serial +EOF + chroot $FAI_ROOT bash <<'EOF' # https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst # it suggests not having plymouth-theme-ubuntu-text, but diff --git a/faiserver-revm b/faiserver-revm index 65a23d6..ddd27a2 100755 --- a/faiserver-revm +++ b/faiserver-revm @@ -14,6 +14,8 @@ Create a vm which is a fai server. This assumes you've set the dhcp server to make 52:54:00:56:09:f9 be faiserver. That mac is a randomly generated one in the libvirt range. + +WARNING: has hardcoded IP and name for for my local lan EOF exit $1 } @@ -22,7 +24,7 @@ case $1 in esac cleanup() { pxe-server :; } -./debian-pxe-preseed -i 192.168.1.1 -u ian -g vda +./debian-pxe-preseed -i 10.0.0.1 -u iank -g vda name=faiserver s virshrm $name ||: diff --git a/faiserver-setup b/faiserver-setup index 544d3db..416c264 100755 --- a/faiserver-setup +++ b/faiserver-setup @@ -238,7 +238,7 @@ EOF else # not armhf # note, this copies the -B arg to # /srv/fai/nfsroot/var/tmp/base.tar.xz - e fai-setup -evf -B /a/bin/fai-basefiles/basefiles/STRETCH64.tar.xz + e fai-setup -evf -B /a/bin/fai-basefiles/basefiles/STRETCH64.tar.gz # fai-setup expert mode avoids writing to /var/log/fai/variables # at least config_src is needed for autodiscover $sed '/^FAI_CONFIGDIR|^FAI_CONFIG_SRC|^LOGUSER/d' /var/log/fai/variables diff --git a/mk-basefile-big b/mk-basefile-big new file mode 100755 index 0000000..eee1a4c --- /dev/null +++ b/mk-basefile-big @@ -0,0 +1,105 @@ +#!/bin/bash +# Copyright (C) 2018 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + +[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@" + + +x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" +x="$(readlink -f -- "$BASH_SOURCE")"; PATH="${x%/*}:$PATH" # directory of this file + +usage() { + cat < /srv/fai/config/class/51-multi-boot + +rm -rf $t; mkdir -p $t + +LANG= fai -N -u hostname_does_not_matter dirinstall $t + +# Turn a dirinstall into a basefile. taken from mk-basefile +chroot $t apt-get clean +rm -f $t/etc/hostname $t/etc/resolv.conf \ + $t/var/lib/apt/lists/*_* $t/usr/bin/qemu-*-static \ + $t/etc/udev/rules.d/70-persistent-net.rules +echo | dd of=$t/etc/machine-id +tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.gz + + +cleanup +exit 0 diff --git a/myfai-chboot-local b/myfai-chboot-local index b2df864..f493db1 100755 --- a/myfai-chboot-local +++ b/myfai-chboot-local @@ -4,29 +4,30 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR - +fai_action=install fai_action_arg=I fai_reboot_arg=,reboot case $1 in - -h|--help) - echo "see help from myfai-chboot" - exit 0 - ;; - -S) - fai_action_arg=S - fai_reboot_arg= - shift - ;; + -h|--help) + echo "see help from myfai-chboot" + exit 0 + ;; + -S) + fai_action=sysinfo + fai_action_arg=S + fai_reboot_arg= + shift + ;; esac [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@" e() { - echo "$*" - if ! "$@"; then - echo "$0: error: exit code $? from: $*" - exit 1 - fi + echo "$*" + if ! "$@"; then + echo "$0: error: exit code $? from: $*" + exit 1 + fi } host=$1 @@ -35,48 +36,48 @@ host=$1 # in an ipv4 + ipv6 network. my_ip=$(ip -4 route get 8.8.8.8 | sed -nr 's,^.*src\s+(\S+).*,\1,p') if [[ ! $my_ip || $my_ip =~ [[:space:]] ]]; then - echo "$0: error: failed to get \$my_ip, got: $my_ip" - exit 1 + echo "$0: error: failed to get \$my_ip, got: $my_ip" + exit 1 fi if [[ $host == default ]]; then - ip='*' + ip='*' elif [[ $host == [0-9]*.[0-9]*.[0-9]*.[0-9]* ]]; then - ip=$host/32 + ip=$host/32 else - type -t host &>/dev/null || apt-get -y install dnsutils - ip=$(host $host | sed -rn 's/^\S+ has address //p;T;q')/32 - if [[ ! $ip || $ip =~ [[:space:]] ]]; then - echo "$0: error: failed to get \$my_ip, got: $my_ip" - exit 1 - fi + type -t host &>/dev/null || apt-get -y install dnsutils + ip=$(host $host | sed -rn 's/^\S+ has address //p;T;q')/32 + if [[ ! $ip || $ip =~ [[:space:]] ]]; then + echo "$0: error: failed to get \$my_ip, got: $my_ip" + exit 1 + fi fi if modprobe nfsd &>/dev/null; then - std_arg="-u nfs://faiserver/srv/fai/config" - # nfsv4 wont do rw with overlayfs yet - # https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html - root_arg="$my_ip:/srv/fai/nfsroot:vers=3" - # fai-setup without -e sets the ip to the local_ip/local_network, eg 192.168.1.3/24 - # I restrict it to one ip as simple but imperfect access control. + std_arg="-u nfs://faiserver/srv/fai/config" + # nfsv4 wont do rw with overlayfs yet + # https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html + root_arg="$my_ip:/srv/fai/nfsroot:vers=3" + # fai-setup without -e sets the ip to the local_ip/local_network, eg 192.168.1.3/24 + # I restrict it to one ip as simple but imperfect access control. - # we may chattr +i /etc/exports if we dun want it modified - # for example, if we made these exports more widely available - # while doing multiple installs or a recovery. - if [[ -w /etc/exports ]]; then - sed -ri --follow-symlinks '\%^/srv/fai/%d' /etc/exports - cat >>/etc/exports <>/etc/exports < Deny from all Allow from $ip @@ -86,7 +87,7 @@ fi rm -f /srv/tftp/fai/pxelinux.cfg/* if [[ ! $1 ]]; then - exit 0 + exit 0 fi @@ -95,17 +96,21 @@ fi e fai-chboot -${fai_action_arg}v $std_arg default # set it to default to get a val out of it next kernel=$(fai-chboot -L '^default$' | awk '{print $3}') default_k_args=$(fai-chboot -L '^default$' | \ - sed -r "s/^(\S+\s+){3}(.*)/\2/") + sed -r "s/^(\S+\s+){3}(.*)/\2/") # example of default_k_args # initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot aufs FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config FAI_ACTION=install k_args=() for arg in $default_k_args; do - case $arg in - # default root arg is /srv/fai/nfsroot - root=*) k_args+=(root=$root_arg) ;; - *) k_args+=($arg) ;; - esac + case $arg in + # default root arg is /srv/fai/nfsroot + root=*) k_args+=(root=$root_arg) ;; + *) k_args+=($arg) ;; + esac done rm -f /srv/tftp/fai/pxelinux.cfg/* e fai-chboot -k "${k_args[*]}" -v -f verbose,sshd,createvt$fai_reboot_arg $std_arg $kernel "$host" + +# this is needed for autodiscover iso. i'm not sure, it might override +# the fai-chboot method of setting this, i'm not sure. +echo FAI_ACTION=$fai_action >> /srv/fai/config/class/LAST.var diff --git a/wrt-setup b/wrt-setup index ab2e5c5..1a03ad3 100755 --- a/wrt-setup +++ b/wrt-setup @@ -15,382 +15,36 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR +x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*} -pmirror() { - # background: upgrading all packages is not recommended because it - # doesn't go into the firmware. build new firmware if you want - # lots of upgrades. - f=(/tmp/opkg-lists/*) - if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then - opkg update - fi -} - -pi() { - for x in "$@"; do - if [[ ! $(opkg list-installed "$x") ]]; then - pmirror - opkg install "$@" - fi - done -} - -v() { - printf "+ %s\n" "$*" - "$@" -} - -cat >/usr/bin/arch-pxe-mount <<'EOFOUTER' -#!/bin/bash -# symlinks are collapsed for nfs mount points, so use a bind mount. -# tried putting this in /etc/config/fstab, -# then doig block mount, it didn't work. This doesn't persist across reboots, -# todo: figure that out -d=/run/archiso/bootmnt -cat > /etc/fstab </dev/null || mount $d -/etc/init.d/nfsd restart -EOFOUTER -chmod +x /usr/bin/arch-pxe-mount - -cat >.profile <<'EOF' -# changing login shell emits spam on ssh single commands & scp - # sed -i 's#/bin/ash$#/bin/bash#' /etc/passwd -#https://dev.openwrt.org/ticket/13852 -[ "$PS1" = "" ] || { - /bin/bash - exit + exit $1 } -EOF -v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \ - tcpdump openvpn-openssl - - - -sed -ri "s/option[[:space:]]*encryption[[:space:]]*'?none'?/option encryption psk2\n option key pictionary49/" /etc/config/wireless -sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless -v wifi - - -v /etc/init.d/fstab enable ||: - -# rebooting makes mounting work, but comparing lsmod, -# i'm guessing this will too. todo, test it. -# 255 == module already loaded -for mod in scsi_mod sd_mod; do v modprobe $mod || [[ $? == 255 ]]; done - -# for arch pxe. The default settings in the installer expect to find -# the NFS at /run/archiso/bootmnt -mkdir -p /run/archiso/bootmnt - -# todo: at some later time, i found /mnt/usb not mounted, watch to see if -# that is the case after running this or rebooting. -# wiki says safe to do in case of fstab changes: - -## ian: commented and replaced with just an echo -## since usb port seems to be busted. -echo | cedit /etc/config/fstab ||: -# cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; } -# config global automount -# option from_fstab 1 -# option anon_mount 1 - -# config global autoswap -# option from_fstab 1 -# option anon_swap 1 - -# config mount -# option target /mnt/usb -# option device /dev/sda2 -# option fstype ext2 -# option options rw,async,noatime,nodiratime -# option enabled 1 -# option enabled_fsck 0 - -# config swap -# option device /dev/sda1 -# option enabled 1 - -# EOF - - - -# exportfs -ra wont cut it when its the same path, but now a bind mount -cedit /etc/exports <<'EOF' || v /etc/init.d/nfsd restart ||: -/mnt/usb 192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check) -# for arch pxe -/run/archiso/bootmnt 192.168.1.0/255.255.255.0(rw,no_root_squash,insecure,sync,no_subtree_check) -EOF - - -v /etc/init.d/portmap start -v /etc/init.d/nfsd start -v /etc/init.d/portmap enable -v /etc/init.d/nfsd enable - - - - - - -######### uci example:####### -# # https://wiki.openwrt.org/doc/uci -# wan_index=$(uci show firewall | sed -rn 's/firewall\.@zone\[([0-9])+\]\.name=wan/\1/p') -# wan="firewall.@zone[$wan_index]" -# if [[ $(uci get firewall.@forwarding[0].dest) != $forward_dest ]]; then -# # default is wan -# v uci set firewall.@forwarding[0].dest=$forward_dest -# uci commit firewall -# firewall_restart=true -# fi - - - -########## openvpn exampl -########## missing firewall settings for routing lan -########## traffic -# v /etc/init.d/openvpn start -# v /etc/init.d/openvpn enable - -# # from https://wiki.openwrt.org/doc/uci/firewall -# # todo: not sure if /etc/init.d/network needs restarting. -# # I did, and I had to restart the vpn afterwards. -# # This maps a uci interface to a real interface which is -# # managed outside of uci. -# v cedit /etc/config/network <<'EOF' ||: -# config interface 'tun0' -# option ifname 'tun0' -# option proto 'none' -# EOF -# v cedit /etc/config/openvpn <<'EOF' || v /etc/init.d/openvpn restart -# config openvpn my_client_config -# option enabled 1 -# option config /etc/openvpn/client.conf -# EOF - - -v cedit /etc/config/network <<'EOF' || v /etc/init.d/network reload -config 'route' 'transmission' - option 'interface' 'lan' - option 'target' '10.173.0.0' - option 'netmask' '255.255.0.0' - option 'gateway' '192.168.1.3' -EOF - -v cedit /etc/config/firewall <<'EOF' || firewall_restart=true -config redirect - option name ssh - option src wan - option src_dport 22 - option dest_ip 192.168.1.8 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 22 - -config redirect - option name sshalt - option src wan - option src_dport 2222 - option dest_port 22 - option dest_ip 192.168.1.3 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2222 - -config redirect - option src wan - option src_dport 443 - option dest lan - option dest_ip 192.168.1.8 - option proto tcp -config rule - option src wan - option target ACCEPT - option dest_port 443 - option proto tcp - -config redirect - option src wan - option src_dport 1196 - option dest lan - option dest_ip 192.168.1.8 - option proto udp -config rule - option src wan - option target ACCEPT - option dest_port 1196 - option proto udp - - -config redirect - option src wan - option src_dport 80 - option dest lan - option dest_ip 192.168.1.8 - option proto tcp -config rule - option src wan - option target ACCEPT - option dest_port 80 - option proto tcp - -config redirect - option name syncthing - option src wan - option src_dport 22001 - option dest_ip 192.168.1.8 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 22001 - +h=root@10.0.0.1 -EOF - - - - -dnsmasq_restart=false -mail_host=$(grep -F mail.iankelling.org /etc/hosts | awk '{print $1}') -v cedit /etc/hosts < - -# default dhcp range is 100-150 -dhcp-host=f4:6d:04:02:ed:66,set:treetowl,192.168.1.2,treetowl -dhcp-host=00:26:18:97:bb:16,set:frodo,192.168.1.3,frodo -dhcp-host=10:78:d2:da:29:22,set:htpc,192.168.1.4,htpc -dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2 -#dhcp-host=00:c0:ca:27:e9:b2,set:kww,192.168.1.11,x2w -#wireless interface -# this is so fai can have an explicit name to use for testing, -# or else any random machine which did a pxe boot would get -# reformatted. The mac is from doing a virt-install, cancelling it, -# and copying the generated mac, so it should be randomish. -dhcp-host=52:54:00:9c:ef:ad,set:demohost,192.168.1.6,demohost -#dhcp-host=52:54:00:56:09:f9,set:faiserver,192.168.1.7,faiserver -dhcp-host=80:fa:5b:1c:6e:cf,set:tp,192.168.1.8,tp -# this is the ip it picks by default if dhcp fails, -# so might as well use it. -# hostname is the name it uses according to telnet -dhcp-host=b4:75:0e:94:29:ca,set:switch9429ca,192.168.1.251,switch9429ca - -# template -# dhcp-host=,192.168.1., - -# Just leave the tftp server up even if we aren't doing pxe boot. -# It has no sensitive info. -enable-tftp=br-lan -tftp-root=/mnt/usb/tftpboot +export HOME_DOMAIN=$HOME_DOMAIN +wrt-setup-local EOF - -if $dnsmasq_restart; then - v /etc/init.d/dnsmasq restart -fi - -if $firewall_restart; then - v /etc/init.d/firewall restart -fi diff --git a/wrt-setup-local b/wrt-setup-local new file mode 100755 index 0000000..f5dbe50 --- /dev/null +++ b/wrt-setup-local @@ -0,0 +1,413 @@ +#!/bin/bash +# Copyright (C) 2016 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + + +pmirror() { + # background: upgrading all packages is not recommended because it + # doesn't go into the firmware. build new firmware if you want + # lots of upgrades. I think /tmp/opkg-lists is a pre openwrt 14 location. + f=(/tmp/opkg-lists/* /var/opkg-lists/*) + if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then + opkg update + fi +} + +pi() { + for x in "$@"; do + if [[ ! $(opkg list-installed "$x") ]]; then + pmirror + opkg install "$@" + fi + done +} + +v() { + printf "+ %s\n" "$*" + "$@" +} + +### network config +### +l=10.0.0 +lan=10.0.0.0 +mask=255.255.0.0 + +cat >/usr/bin/arch-pxe-mount <<'EOFOUTER' +#!/bin/bash +# symlinks are collapsed for nfs mount points, so use a bind mount. +# tried putting this in /etc/config/fstab, +# then doig block mount, it didn't work. This doesn't persist across reboots, +# todo: figure that out +d=/run/archiso/bootmnt +cat > /etc/fstab </dev/null || mount $d +/etc/init.d/nfsd restart +EOFOUTER +chmod +x /usr/bin/arch-pxe-mount + +cat >.profile <<'EOF' +# changing login shell emits spam on ssh single commands & scp + # sed -i 's#/bin/ash$#/bin/bash#' /etc/passwd +# https://github.com/openwrt/packages/issues/6137 +[ "$BASH_VERSION" != "" ] || exec /bin/bash -i +EOF +v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \ + tcpdump openvpn-openssl adblock + + + +sed -ri "s/option[[:space:]]+encryption[[:space:]].*/option encryption psk2/;s/option[[:space:]]+key.*/option key pictionary49/" /etc/config/wireless +sed -i '/^[[:space:]]*option disabled/d' /etc/config/wireless +v wifi + + +v /etc/init.d/fstab enable ||: + +# rebooting makes mounting work, but comparing lsmod, +# i'm guessing this will too. todo, test it. +# 255 == module already loaded +for mod in scsi_mod sd_mod; do v modprobe $mod || [[ $? == 255 ]]; done + +# for arch pxe. The default settings in the installer expect to find +# the NFS at /run/archiso/bootmnt +mkdir -p /run/archiso/bootmnt + +# todo: at some later time, i found /mnt/usb not mounted, watch to see if +# that is the case after running this or rebooting. +# wiki says safe to do in case of fstab changes: + +## ian: usb broke on old router. if that happens, can just comment this to disable problems +echo | cedit /etc/config/fstab ||: +cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; } +config global automount + option from_fstab 1 + option anon_mount 1 + +config mount + option target /mnt/usb + option device /dev/sda1 + option fstype ext4 + option options rw,async,noatime,nodiratime + option enabled 1 +EOF + + +# ian: disabled because afaik I don't need it, no benefit. +# config global autoswap +# option from_fstab 1 +# option anon_swap 1 + +# config swap +# option device /dev/sda1 +# option enabled 1 + + + + +# exportfs -ra wont cut it when its the same path, but now a bind mount +cedit /etc/exports </dev/null) ]]; then + # default is '/tmp/resolv.conf.auto', we switch to the dnsmasq default of + # /etc/resolv.conf. not sure why I did this. + v uci delete dhcp.@dnsmasq[0].resolvfile + uci commit dhcp + dnsmasq_restart=true +fi + +if [[ $(uci get dhcp.@dnsmasq[0].domain) != b8.nz ]]; then + v uci set dhcp.@dnsmasq[0].domain=b8.nz + uci commit dhcp + dnsmasq_restart=true +fi +if [[ $(uci get dhcp.@dnsmasq[0].local) != b8.nz ]]; then + v uci set dhcp.@dnsmasq[0].local=/b8.nz/ + uci commit dhcp + dnsmasq_restart=true +fi + +if [[ $(uci get system.@system[0].hostname) != wrt ]]; then + v uci set system.@system[0].hostname=wrt + uci commit system +fi + + +if [[ $(uci get adblock.global.adb_enabled) != 1 ]]; then + v uci set adblock.global.adb_enabled=1 + uci commit adblock + /etc/init.d/adblock restart +fi +# https://github.com/openwrt/packages/tree/master/net/adblock/files +cat >/etc/crontabs/root <<'EOF' +0 06 * * * /etc/init.d/adblock reload +EOF + + +# useful: http://wiki.openwrt.org/doc/howto/dhcp.dnsmasq + +# sometimes /mnt/usb fails, cuz it's just a flash drive, +# so make sure we have this dir or else dnsmasq will fail +# to start. +mkdir -p /mnt/usb/tftpboot +v cedit /etc/dnsmasq.conf < + +# default dhcp range is 100-150 +# bottom port, iPXE (PCI 03:00.0) in seabios boot menu +dhcp-host=c8:60:00:31:6b:75,set:kd,$l.2,kd +# top port, iPXE (PCI 04:00.0) in seabios boot menu +#dhcp-host=c8:60:00:2b:15:07,set:kd,$l.2,kd +dhcp-host=00:26:18:97:bb:16,set:frodo,$l.3,frodo +dhcp-host=10:78:d2:da:29:22,set:htpc,$l.4,htpc +dhcp-host=00:1f:16:16:39:24,set:x2,$l.5,x2 +#dhcp-host=00:c0:ca:27:e9:b2,set:x2w,$l.11,x2w +#wireless interface +# this is so fai can have an explicit name to use for testing, +# or else any random machine which did a pxe boot would get +# reformatted. The mac is from doing a virt-install, cancelling it, +# and copying the generated mac, so it should be randomish. +dhcp-host=52:54:00:9c:ef:ad,set:demohost,$l.6,demohost +#dhcp-host=52:54:00:56:09:f9,set:faiserver,$l.7,faiserver +dhcp-host=80:fa:5b:1c:6e:cf,set:tp,$l.8,tp +# this is the ip it picks by default if dhcp fails, +# so might as well use it. +# hostname is the name it uses according to telnet +dhcp-host=b4:75:0e:94:29:ca,set:switch9429ca,$l.251,switch9429ca + +# template +# dhcp-host=,$l., + +# Just leave the tftp server up even if we aren't doing pxe boot. +# It has no sensitive info. +enable-tftp=br-lan +tftp-root=/mnt/usb/tftpboot +EOF + +if $dnsmasq_restart; then + v /etc/init.d/dnsmasq restart +fi + +if $firewall_restart; then + v /etc/init.d/firewall restart +fi diff --git a/wrt-setup-remote b/wrt-setup-remote deleted file mode 100755 index 3dadb14..0000000 --- a/wrt-setup-remote +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -# Copyright (C) 2016 Ian Kelling - -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - - -set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR - -x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*} - -usage() { - cat <