From ba2a6b887fe5a9ed627e9f0947265b37abbcf7aa Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Sun, 21 Jan 2018 20:54:49 -0500
Subject: [PATCH] formatting and dns changes

---
 arch-pxe                           |  2 +-
 chost                              |  2 +-
 debian-preseed                     |  2 +-
 fai-redep                          |  2 +-
 fai-revm                           |  3 ++
 fai/config/scripts/GRUB_PC/11-iank |  5 ++
 faiserver-setup                    | 80 ++++++++++++++----------------
 wrt-setup                          | 27 ++++++----
 8 files changed, 67 insertions(+), 56 deletions(-)

diff --git a/arch-pxe b/arch-pxe
index 52885b3..7820544 100755
--- a/arch-pxe
+++ b/arch-pxe
@@ -64,7 +64,7 @@ s rm -rf squashfs-root # remove any existing folder
 s unsquashfs $sfs
 s mkdir -p squashfs-root/root/.ssh
 s chmod 755 squashfs-root/root/.ssh
-s cp ~/.ssh/id_rsa.pub squashfs-root/root/.ssh/authorized_keys
+s cp ~/.ssh/home.pub squashfs-root/root/.ssh/authorized_keys
 
 s cp $script_dir/arch-iso-init squashfs-root/root
 s rm $sfs
diff --git a/chost b/chost
index 6168741..c02c8c2 100755
--- a/chost
+++ b/chost
@@ -10,4 +10,4 @@ host=$1
 addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q')
 h=$(host $addr)
 h=${h##* }
-echo ${h%%.*}
+echo $h
diff --git a/debian-preseed b/debian-preseed
index ea1e847..e3df0dc 100755
--- a/debian-preseed
+++ b/debian-preseed
@@ -136,7 +136,7 @@ d-i pkgsel/update-policy select unattended-upgrades
 d-i preseed/late_command string \
 in-target sed -i 's/^%sudo.*$/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' /etc/sudoers; \
 in-target mkdir -p /home/$user/.ssh; \
-in-target /bin/sh -c "echo '$(cat ~/.ssh/id_rsa.pub)'  >> /home/$user/.ssh/authorized_keys"; \
+in-target /bin/sh -c "echo '$(cat ~/.ssh/home.pub)'  >> /home/$user/.ssh/authorized_keys"; \
 in-target chown -R $user:$user /home/$user; \
 in-target chmod -R go-rwx /home/$user/.ssh/authorized_keys; \
 in-target cp -r /home/$user/.ssh /root; \
diff --git a/fai-redep b/fai-redep
index 840f2c4..7dc0d09 100755
--- a/fai-redep
+++ b/fai-redep
@@ -41,7 +41,7 @@ faiserver_host=$(chost $host) || faiserver_host=$host
 rsync -rlp --delete --relative --exclude /fai/config/basefiles/ fai/config root@$faiserver_host:/srv
 
 
-scp -q ~/.ssh/id_rsa.pub \
+scp -q ~/.ssh/home.pub \
     root@$faiserver_host:/srv/fai/config/files/root/.ssh/authorized_keys/GRUB_PC
 # todo: automatically disable faiserver after a period so
 # these files are not exposed.
diff --git a/fai-revm b/fai-revm
index 2dbae8f..bd9a9d6 100755
--- a/fai-revm
+++ b/fai-revm
@@ -120,6 +120,9 @@ if [[ $SSH_CLIENT ]]; then
     console_arg=--noautoconsole
 fi
 
+# docker makes forward default to drop, which blocks the vm pxe on flidas. easiest solution:
+s iptables -P FORWARD ACCEPT
+
 # --cpu host: this causes mkfs.btrfs to fail with a stack trace which began
 # something like:
 # init_module+0x108/0x1000 [raid6_pq]
diff --git a/fai/config/scripts/GRUB_PC/11-iank b/fai/config/scripts/GRUB_PC/11-iank
index c6948e7..12d5182 100755
--- a/fai/config/scripts/GRUB_PC/11-iank
+++ b/fai/config/scripts/GRUB_PC/11-iank
@@ -61,6 +61,7 @@ $ROOTCMD apt-get update
 
 
 chroot $FAI_ROOT bash <<'EOF'
+#### begin .ssh setup ###
 set -eE -o pipefail
 mkdir -p /home/iank/.ssh
 f=/root/.ssh/authorized_keys
@@ -75,7 +76,11 @@ find /home/iank/.ssh -xtype l -exec rm '{}' \;
 cp -rL /home/iank/.ssh /root
 chown -R root:root /root/.ssh
 chmod 700 /root/.ssh
+#### end .ssh setup ###
 
+# this is needed to enable resolvconf, making /etc/resolv.conf be a symlink.
+# why? i dun know, it\'s really  dumb.
+dpkg-reconfigure -fnoninteractive resolvconf
 
 # default jessie groups + kvm, systemd-journal, adm
 usermod -aG adm,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev iank
diff --git a/faiserver-setup b/faiserver-setup
index 491cfda..f1ede11 100755
--- a/faiserver-setup
+++ b/faiserver-setup
@@ -20,7 +20,7 @@ x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
 [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
 
 usage() {
-    cat <<EOF
+  cat <<EOF
 usage: ${0##*/} [-h|--help]
 install fai-server on the current machine
 
@@ -34,10 +34,10 @@ For running on arm, it expects Ian's fai-basefiles repository at
 /a/bin/fai-basefiles
 
 EOF
-    exit $1
+  exit $1
 }
 case $1 in
-    -h|--help) usage ;;
+  -h|--help) usage ;;
 esac
 
 
@@ -54,7 +54,7 @@ if ! type -p wget &>/dev/null; then
 fi
 
 armhf() {
-    [[ $(dpkg --print-architecture) == armhf ]]
+  [[ $(dpkg --print-architecture) == armhf ]]
 }
 
 if armhf; then
@@ -91,16 +91,12 @@ elif grep -xFq 'VERSION="9 (stretch)"' /etc/os-release; then
   cat >/etc/apt/sources.list.d/fai.list <<'EOF'
 deb http://fai-project.org/download stretch koeln
 EOF
+elif grep -iE 'flidas|xenail' /etc/os-release; then
+    add-apt-repository -y ppa:fai/ppa
 else
-    rm -f /etc/apt/sources.list.d/fai.list
+  rm -f /etc/apt/sources.list.d/fai.list
 fi
 
-# for ubuntu:
-#add-apt-repository -y ppa:fai/ppa
-
-# for debian:
-
-
 apt-get update
 
 # Relevant packages from fai-quickstart depends and fai-server recommends.
@@ -111,7 +107,7 @@ pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils)
 if modprobe nfsd &>/dev/null; then
   pkgs+=(nfs-kernel-server)
 else
-    pkgs+=(apache2)
+  pkgs+=(apache2)
 fi
 
 
@@ -129,13 +125,13 @@ EOF
 
 
 case $base in
-    jessie|stretch)
-        cat >>/etc/fai/apt/sources.list <<EOF
+  jessie|stretch)
+    cat >>/etc/fai/apt/sources.list <<EOF
 # use fai repo. it's commented in the defaults. it's got bug fixes.
 # and may contain newer packages.
 deb http://fai-project.org/download $base koeln
 EOF
-        ;;
+    ;;
 esac
 
 if [[ $base == jessie ]]; then
@@ -195,28 +191,28 @@ if armhf; then
   # and if not, run it.
   setup_tftp(){
 
-      # tftp environment
-      local pxebin
-
-      # wheezy path
-      if [ -f $NFSROOT/usr/lib/PXELINUX/pxelinux.0 ]; then
-        pxebin=$NFSROOT/usr/lib/PXELINUX/pxelinux.0
-      else
-	  # jessie/stretch path
-          pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
-      fi
-
-      rm -f $NFSROOT/boot/*.bak
-      mkdir -p $TFTPROOT/pxelinux.cfg
-      chmod a+r $NFSROOT/boot/initrd.img-* || die 9 "No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
-      cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
-      cp -u $pxebin $TFTPROOT
-      if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then
-	cp -u $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 $TFTPROOT
-      fi
-      if [ X$verbose = X1 ]; then
-	echo "TFTP environment prepared. Enable DHCP and start the TFTP daemon on root $TFTPROOT."
-      fi
+    # tftp environment
+    local pxebin
+
+    # wheezy path
+    if [ -f $NFSROOT/usr/lib/PXELINUX/pxelinux.0 ]; then
+      pxebin=$NFSROOT/usr/lib/PXELINUX/pxelinux.0
+    else
+      # jessie/stretch path
+      pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
+    fi
+
+    rm -f $NFSROOT/boot/*.bak
+    mkdir -p $TFTPROOT/pxelinux.cfg
+    chmod a+r $NFSROOT/boot/initrd.img-* || die 9 "No initrd was created. Check the package name of the linux-image package in /etc/fai/NFSROOT."
+    cp -p $v $NFSROOT/boot/vmlinu?-* $NFSROOT/boot/initrd.img-* $TFTPROOT
+    cp -u $pxebin $TFTPROOT
+    if [ -f $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 ]; then
+      cp -u $NFSROOT/usr/lib/syslinux/modules/bios/ldlinux.c32 $TFTPROOT
+    fi
+    if [ X$verbose = X1 ]; then
+      echo "TFTP environment prepared. Enable DHCP and start the TFTP daemon on root $TFTPROOT."
+    fi
   }
   diff -u <(type setup_tftp) <(cat <(sed -n '/^setup_tftp(){/,/^}/p' $(which fai-make-nfsroot) ) - <<'EOF' |bash
 type setup_tftp
@@ -230,11 +226,11 @@ EOF
   fai-setup -evag
 
 else # not armhf
-    # note, this copies the -B arg to
-    # /srv/fai/nfsroot/var/tmp/base.tar.xz
-    e fai-setup -evf -B /a/bin/fai-basefiles/basefiles/STRETCH64.tar.xz
-    # make the faiserver also the apt proxy server
-    apt-get -y install apt-cacher-ng
+  # note, this copies the -B arg to
+  # /srv/fai/nfsroot/var/tmp/base.tar.xz
+  e fai-setup -evf -B /a/bin/fai-basefiles/basefiles/STRETCH64.tar.xz
+  # make the faiserver also the apt proxy server
+  apt-get -y install apt-cacher-ng
 fi
 
 { head -n 1 /srv/fai/nfsroot/root/.ssh/known_hosts | awk '{print $1}' \
diff --git a/wrt-setup b/wrt-setup
index 24aa3a0..69b55eb 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -94,7 +94,7 @@ mkdir -p /run/archiso/bootmnt
 
 ## ian: commented and replaced with just an echo
 ## since usb port seems to be busted.
-echo | cedit /etc/config/fstab
+echo | cedit /etc/config/fstab ||:
 # cedit /etc/config/fstab <<'EOF' || { v block umount; v block mount; }
 # config global automount
 #       option from_fstab 1
@@ -187,7 +187,7 @@ config redirect
     option name ssh
     option src              wan
     option src_dport        22
-    option dest_ip          192.168.1.2
+    option dest_ip          192.168.1.8
     option dest             lan
 config rule
     option src              wan
@@ -210,7 +210,7 @@ config redirect
     option src              wan
     option src_dport        443
     option dest             lan
-    option dest_ip          192.168.1.2
+    option dest_ip          192.168.1.8
     option proto            tcp
 config rule
     option src              wan
@@ -222,7 +222,7 @@ config redirect
     option src              wan
     option src_dport        1196
     option dest             lan
-    option dest_ip          192.168.1.2
+    option dest_ip          192.168.1.8
     option proto            udp
 config rule
     option src              wan
@@ -235,7 +235,7 @@ config redirect
     option src              wan
     option src_dport        80
     option dest             lan
-    option dest_ip          192.168.1.2
+    option dest_ip          192.168.1.8
     option proto            tcp
 config rule
     option src              wan
@@ -247,7 +247,7 @@ config redirect
     option name syncthing
     option src              wan
     option src_dport        22001
-    option dest_ip          192.168.1.2
+    option dest_ip          192.168.1.8
     option dest             lan
 config rule
     option src              wan
@@ -262,18 +262,21 @@ EOF
 
 
 dnsmasq_restart=false
+mail_host=$(grep -F mail.iankelling.org /etc/hosts | awk '{print $1}')
 v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 127.0.1.1 wrt
 192.168.1.1 wrt
 192.168.1.2 treetowl
 192.168.1.3 frodo
 192.168.1.4 htpc
-192.168.1.5 x2 faiserver b8.nz
+192.168.1.5 x2
 192.168.1.6 demohost
 #192.168.1.7 faiserver
-192.168.1.8 tp
+192.168.1.8 tp faiserver b8.nz
 192.168.1.9 n5
 192.168.1.10 kw
+192.168.1.11 kww
+192.168.1.12 fz
 72.14.176.105 li
 45.33.9.11 lj
 138.68.10.24 dopub
@@ -282,6 +285,10 @@ v cedit /etc/hosts <<EOF || dnsmasq_restart=true
 10.173.0.2 transmission
 EOF
 
+# if [[ $mail_host ]]; then
+#     sed -i '/^$mail_host/a mail.iankelling.org' /etc/hosts
+# fi
+
 
 # avoid using the dns servers that my isp tells me about.
 if [[ $(uci get dhcp.@dnsmasq[0].resolvfile) ]]; then
@@ -357,7 +364,7 @@ server=2001:4860:4860::8844
 dhcp-host=f4:6d:04:02:ed:66,set:treetowl,192.168.1.2,treetowl
 dhcp-host=00:26:18:97:bb:16,set:frodo,192.168.1.3,frodo
 dhcp-host=10:78:d2:da:29:22,set:htpc,192.168.1.4,htpc
-dhcp-host=00:1f:16:16:39:24,set:x2,192.168.1.5,x2
+dhcp-host=00:1f:16:16:39:24,set:fz,192.168.1.5,fz
 # this is so fai can have an explicit name to use for testing,
 # or else any random machine which did a pxe boot would get
 # reformatted. The mac is from doing a virt-install, cancelling it,
@@ -371,7 +378,7 @@ dhcp-host=c4:43:8f:f2:79:1f,set:n5,192.168.1.9,n5
 # hostname is the name it uses according to telnet
 dhcp-host=b4:75:0e:94:29:ca,set:switch9429ca,192.168.1.251,switch9429ca
 dhcp-host=10:78:d2:da:28:4f,set:kw,192.168.1.10,kw
-
+dhcp-host=00:c0:ca:27:e9:b2,set:kww,192.168.1.11,kww
 
 # template
 # dhcp-host=,192.168.1.,
-- 
2.30.2