3 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
8 if timeout
-s 9 5 ssh-keyscan
-p 2220 -t rsa
10.0.0.1 2>/dev
/null |
grep -qFx '[10.0.0.1]:2220 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCH+/h1dGEfKEusBblndU2e6QT4wLCm5+yqr/sqh/0X9YfjR7BfWWm8nNmuP55cYc+Wuf5ljB1H1acXEcsl1y8e0j3agHfF0V74FE1N1zz5nn2Ep8NHnmqgEhza38ZxMPh+4p3X7zklEKU7+3SzybKBi8sg0wLzlS2LM0JaUN80zR2sK11Kye3dURUXPk78u5wodOkgcEYRwSYaDMJlUzWP+poRXIDJwFaMQnwmxbl/c84yOyaU0x/d6hFwoRscWecihX+vvBNeSyxR4xr2HDOyUWwJkctyAgt2p7w3tfkXOKcCRzTAjGVIMQLTvo0sG/yJbcyHoEFdFybCsgDvfyYn'; then
9 # we are on home network
10 cur4
="$(host -4 b8.nz iankelling.org | sed -rn 's/.*has address (.*)/\1/p;T;q')"
11 if ip4
=$
(curl
-s4 https
://iankelling.org
/cgi
/pubip
); then
12 if [[ $cur4 && $ip4 && $cur4 != $ip4 ]]; then
18 # may not be set yet so allow fail
19 cur6
="$(host -4 -t aaaa $fqdn iankelling.org | sed -rn 's/.*has IPv6 address (.*)/\1/p;T;q')" ||
:
22 # maybe we dont have ipv6 working
23 if out6
=$
(curl
-s6 https
://iankelling.org
/cgi
/pubip
) && [[ $out6 ]]; then
24 dev
=$
(ip
-o a show to
$out6 |
awk '{print $2}')
25 # we use slaac with privacy extension, so get our less private more permanent address
26 mac
=$
(cat /sys
/class
/net
/$dev/address
)
28 IFS
=: read -a f
<<<$mac; set -- ${f[@]}
29 ip6
=${out6%:*:*:*:*}:$
(printf %x $
((0x
$1 + 2)))$2:$3'ff:fe'$4:$5$6
30 # in case we aren't using slaac
31 if ! ip a |
grep "^ *inet6 $ip6/" &>/dev
/null
; then
34 if [[ $cur6 != $ip6 ]]; then
40 if ! $up4 && ! $up6; then
44 # note, a simpler way to do this would be to ssh and use
46 # to update bind if needed.
56 update delete b8.nz. A
57 update delete wrt.b8.nz. A
58 update add b8.nz. 300 A $ip4
59 update add wrt.b8.nz. 300 A $ip4
64 if [[ $HOSTNAME == tp
]]; then
66 update delete b8.nz. AAAA
67 update add b8.nz. 60 AAAA $ip6
71 update delete $fqdn. AAAA
72 update add $fqdn. 60 AAAA $ip6
83 nsupdate
-k /p
/c
/machine_specific
/linode
/filesystem
/etc
/bind
/Kb8.nz.
*.private
<$f
84 sed -i 's/^server .*/server l2.b8.nz/' $f
85 nsupdate
-k /p
/c
/machine_specific
/linode
/filesystem
/etc
/bind
/Kb8.nz.
*.private
<$f
89 # # persistent initial setup for this:
90 # # create files in /a/c/machine_specific/linode/filesystem/etc/bind
91 # # note, conflink also does some group ownership stuff.
93 mkc
/p
/c
/machine_specific
/linode
/filesystem
/etc
/bind
94 s dnssec-keygen
-a HMAC-SHA512
-b 512 -n HOST b8.nz
102 algorithm HMAC-SHA512;
103 secret "$(awk '$1 == "Key:" {print $2}' Kb8.nz.*.private)";
112 ssh li systemctl reload bind9