7 if timeout
-s 9 5 ssh-keyscan
-p 2220 -t rsa
10.0.0.1 2>/dev
/null |
grep -qFx '[10.0.0.1]:2220 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCH+/h1dGEfKEusBblndU2e6QT4wLCm5+yqr/sqh/0X9YfjR7BfWWm8nNmuP55cYc+Wuf5ljB1H1acXEcsl1y8e0j3agHfF0V74FE1N1zz5nn2Ep8NHnmqgEhza38ZxMPh+4p3X7zklEKU7+3SzybKBi8sg0wLzlS2LM0JaUN80zR2sK11Kye3dURUXPk78u5wodOkgcEYRwSYaDMJlUzWP+poRXIDJwFaMQnwmxbl/c84yOyaU0x/d6hFwoRscWecihX+vvBNeSyxR4xr2HDOyUWwJkctyAgt2p7w3tfkXOKcCRzTAjGVIMQLTvo0sG/yJbcyHoEFdFybCsgDvfyYn'; then
8 # we are on home network
9 cur4
="$(host -4 b8.nz iankelling.org | sed -rn 's/.*has address (.*)/\1/p;T;q')"
10 if ip4
=$
(curl
-s4 https
://iankelling.org
/cgi
/pubip
); then
11 if [[ $cur4 && $ip4 && $cur4 != $ip4 ]]; then
17 # may not be set yet so allow fail
18 cur6
="$(host -4 -t aaaa $fqdn iankelling.org | sed -rn 's/.*has IPv6 address (.*)/\1/p;T;q')" ||
:
21 # maybe we dont have ipv6 working
22 if out6
=$
(curl
-s6 https
://iankelling.org
/cgi
/pubip
) && [[ $out6 ]]; then
23 dev
=$
(ip
-o a show to
$out6 |
awk '{print $2}')
24 # we use slaac with privacy extension, so get our less private more permanent address
25 mac
=$
(cat /sys
/class
/net
/$dev/address
)
27 IFS
=: read -a f
<<<$mac; set -- ${f[@]}
28 ip6
=${out6%:*:*:*:*}:$
(printf %x $
((0x
$1 + 2)))$2:$3'ff:fe'$4:$5$6
29 # in case we aren't using slaac
30 if ! ip a |
grep "^ *inet6 $ip6/" &>/dev
/null
; then
33 if [[ $cur6 != $ip6 ]]; then
39 if ! $up4 && ! $up6; then
43 # note, a simpler way to do this would be to ssh and use
45 # to update bind if needed.
55 update delete b8.nz. A
56 update delete wrt.b8.nz. A
57 update add b8.nz. 300 A $ip4
58 update add wrt.b8.nz. 300 A $ip4
63 if [[ $HOSTNAME == tp
]]; then
65 update delete b8.nz. AAAA
66 update add b8.nz. 60 AAAA $ip6
70 update delete $fqdn. AAAA
71 update add $fqdn. 60 AAAA $ip6
82 nsupdate
-k /p
/c
/machine_specific
/linode
/filesystem
/etc
/bind
/Kb8.nz.
*.private
<$f
83 sed -i 's/^server .*/server l2.b8.nz/' $f
84 nsupdate
-k /p
/c
/machine_specific
/linode
/filesystem
/etc
/bind
/Kb8.nz.
*.private
<$f
88 # # persistent initial setup for this:
89 # # create files in /a/c/machine_specific/linode/filesystem/etc/bind
90 # # note, conflink also does some group ownership stuff.
92 mkc
/p
/c
/machine_specific
/linode
/filesystem
/etc
/bind
93 sudo dnssec-keygen
-a HMAC-SHA512
-b 512 -n HOST b8.nz
95 sudo chown
$user:$user *
101 algorithm HMAC-SHA512;
102 secret "$(awk '$1 == "Key:" {print $2}' Kb8.nz.*.private)";
111 ssh li systemctl reload bind9