From b5682902b6dce0a3d799e129877c8b43c4509774 Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Mon, 18 Jan 2021 20:25:22 -0500
Subject: [PATCH] host config changes

---
 fai/config/scripts/GRUB_PC/11-iank | 10 ++-
 wrt-setup                          |  4 +-
 wrt-setup-local                    | 99 ++++++++++++++++++++++--------
 3 files changed, 87 insertions(+), 26 deletions(-)

diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank
index 7cb6a03..9b71647 100755
--- a/fai/config/scripts/GRUB_PC/11-iank
+++ b/fai/config/scripts/GRUB_PC/11-iank
@@ -118,7 +118,6 @@ sudo -u iank mkdir -p $d
 sudo -u iank ln -sf /usr/lib/systemd/user/ssh-agent.service $d
 #### end .ssh setup ###
 
-
 ## duplicated in ssh-emacs-setup
 # done here so its setup earlier for convenience
 line='AcceptEnv INSIDE_EMACS BRC COLUMNS'
@@ -248,6 +247,15 @@ EOF
 [main]
 dns=systemd-resolved
 EOF
+  if [[ $HOSTNAME == frodo ]]; then
+    cat > $target/etc/network/interfaces <<-EOF
+# generated by FAI
+auto lo eth0
+iface lo inet loopback
+iface eth0 inet static
+address 10.3.0.2/16
+EOF
+  fi
 
 else
   cat > $target/etc/network/interfaces <<-EOF
diff --git a/wrt-setup b/wrt-setup
index 7d3416b..42c4127 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -71,8 +71,10 @@ echo "$0: host=$h"
 cat ~/.ssh/home.pub | ssh $h dd of=/etc/dropbear/authorized_keys 2>/dev/null
 scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin
 # relay is built for openwrt 18.06.2, r7676-cddd7b4c77
+
+#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
+
 sudo scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
-     /a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
      /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} $h:
 scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
 
diff --git a/wrt-setup-local b/wrt-setup-local
index 4cad00c..6201f86 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -15,21 +15,22 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
+
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 
 usage() {
   cat <<EOF
-usage: ${0##*/} [-h] [-t 2|3|test] [-m WIRELESS_MAC]
+usage: ${0##*/} [-h] [-t 2|3|test|client] [-m WIRELESS_MAC]
 setup my router in general: dhcp, dns, etc.
 
 Type 2 or 3 is for setting up a backup device, there are two kinds so
 that you can switch the main device to a backup, then a backup to the
 main. Type test is for setting up a testing device.
 
-Passing an empty string for WIRELESS_MAC will cause the device's native
-mac to be used.
+Passing an empty string for WIRELESS_MAC, or if none is defined in the
+secrets file, will cause the device's native mac to be used.
 
 EOF
 
@@ -78,6 +79,9 @@ while getopts hm:t: opt; do
         test)
           test=true
           ;;
+        client)
+          client=true
+          ;;
         *) echo "$0: unexpected arg to -t: $*" >&2; usage 1 ;;
       esac
       ;;
@@ -192,6 +196,8 @@ if $test; then
   lan=10.1.0.0
 elif [[ $hostname == cmc ]]; then
   lan=10.2.0.0
+elif $client; then
+  lan=10.3.0.0
 fi
 
 if $test; then
@@ -259,10 +265,12 @@ fi
 
 uset network.lan.ipaddr $l.$lanip
 uset network.lan.netmask $mask
-if $dev2; then
-  uset network.lan.gateway $l.1
-  uset network.wan.proto none
-  uset network.wan6.proto none
+if $dev2  || $client; then
+  if $dev2; then
+    uset network.lan.gateway $l.1
+    uset network.wan.proto none
+    uset network.wan6.proto none
+  fi
   /etc/init.d/dnsmasq stop
   /etc/init.d/dnsmasq disable
   /etc/init.d/odhcpd stop
@@ -296,27 +304,42 @@ else
 fi
 
 wireless_restart=false
-for x in 0 1; do
-  uset wireless.default_radio$x.ssid "$ssid"
-  uset wireless.default_radio$x.key $key
-  uset wireless.default_radio$x.encryption psk2
-  if [[ $mac ]]; then
-    uset wireless.default_radio$x.macaddr $macpre$((macsuf + 2*x))
-  fi
-  # secondary device has wireless disabled
-  uset wireless.radio$x.disabled $dev2
-done
 
-if $wireless_restart; then
-  v wifi
+if $client; then
+  uset wireless.default_radio0.network 'wwan'
+  uset wireless.default_radio0.ssid ${rclientssid[$rmac]}
+  uset wireless.default_radio0.encryption 'psk2'
+  uset wireless.default_radio0.device 'radio0'
+  uset wireless.default_radio0.mode 'sta'
+  uset wireless.default_radio0.bssid ${rclientbssid[$rmac]}
+  # todo: look into whether 5g network is available.
+  uset wireless.default_radio0.key ${rclientkey[$rmac]}
+  uset wireless.radio0.disabled false
+  uset wireless.radio1.disabled true
+else
+  for x in 0 1; do
+    uset wireless.default_radio$x.ssid "$ssid"
+    uset wireless.default_radio$x.key $key
+    uset wireless.default_radio$x.encryption psk2
+    if [[ $mac ]]; then
+      uset wireless.default_radio$x.macaddr $macpre$((macsuf + 2*x))
+    fi
+    # secondary device has wireless disabled
+    uset wireless.radio$x.disabled $dev2
+  done
 fi
 
 
 
+
+
 # usb, screen, relay are for libremanage
 # rsync is for brc
+#
+# relay package temporarily disabled
+# /root/relay_1.0-1_mips_24kc.ipk
 v pi kmod-usb-storage block-mount kmod-fs-ext4 nfs-kernel-server \
-  tcpdump openvpn-openssl adblock libusb-compat /root/relay_1.0-1_mips_24kc.ipk \
+  tcpdump openvpn-openssl adblock libusb-compat \
   screen kmod-usb-serial-cp210x kmod-usb-serial-ftdi rsync
 
 cat >/etc/libremanage.conf <<EOF
@@ -423,8 +446,16 @@ wgip4=10.3.0.1/24
 wgip6=fdfd::1/64
 wgport=26000
 
+network_restart=false
+if $client; then
+  v cedit wific /etc/config/network <<EOF || network_restart=true
+# https://openwrt.org/docs/guide-user/network/wifi/connect_client_wifi
+config interface 'wwan'
+ option proto 'dhcp'
+EOF
+fi
 
-v cedit /etc/config/network <<EOF || v /etc/init.d/network reload
+v cedit /etc/config/network <<EOF || network_restart=true
 config 'route' 'transmission'
  option 'interface' 'lan'
  option 'target' '10.173.0.0'
@@ -446,9 +477,25 @@ config wireguard_wg0 'wgclient'
  list allowed_ips 'fdfd::2/64'
 EOF
 
-
+if $network_restart; then
+  v /etc/init.d/network reload
+fi
 
 firewall-cedit() {
+
+  if $client; then
+    v cedit wific /etc/config/firewall <<EOF
+config zone
+ option name    wwan
+ option input    REJECT
+ option output   ACCEPT
+ option forward  REJECT
+ option masq     1
+ option mtu_fix  1
+ option network  wwan
+EOF
+  fi
+
   case $hostname in
     wrt)
       v cedit host /etc/config/firewall <<EOF
@@ -689,6 +736,7 @@ $l.9 bb8
 $l.14 wrt3
 #$l.18 x3
 $l.19 brother
+$l.25 hp
 #$l.28 frodow
 EOF
     ;;
@@ -799,6 +847,7 @@ dhcp-host=62:03:cb:a8:3e:a3,set:trp,$1.13,trp
 dhcp-host=00:1f:16:14:01:d8,set:tp,$l.18,x3
 # BRN001BA98CA823 in dhcp logs
 dhcp-host=00:1b:a9:8c:a8:23,set:tp,$l.19,brother
+dhcp-host=38:63:bb:07:5a:f9,set:tp,$l.25,hp
 dhcp-host=00:26:b6:f6:0f:e9,set:frodow,$l.28,frodow
 
 
@@ -823,8 +872,6 @@ dhcp-optsfile=/etc/dnsmasq-dhcpopts.conf
 EOF
 
 
-
-
 if $dnsmasq_restart && ! $dev2; then
   v /etc/init.d/dnsmasq restart
 fi
@@ -833,6 +880,10 @@ if $firewall_restart; then
   v /etc/init.d/firewall restart
 fi
 
+# this may just restart the network and take care of the network_restart below.
+if $wireless_restart; then
+  v wifi
+fi
 
 # todo: we should catch errors and still run this if needed
 if $network_restart; then
-- 
2.30.2