iankelling.org Git - distro-setup/blob - dynamic-ip-update

   1 #!/bin/bash
   2 source ~/.bashrc
   3
   4 fqdn=$(hostname -f)
   5
   6 up4=false
   7 if timeout -s 9 5 ssh-keyscan -p 2220 -t rsa 10.0.0.1 2>/dev/null | grep -qFx '[10.0.0.1]:2220 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCH+/h1dGEfKEusBblndU2e6QT4wLCm5+yqr/sqh/0X9YfjR7BfWWm8nNmuP55cYc+Wuf5ljB1H1acXEcsl1y8e0j3agHfF0V74FE1N1zz5nn2Ep8NHnmqgEhza38ZxMPh+4p3X7zklEKU7+3SzybKBi8sg0wLzlS2LM0JaUN80zR2sK11Kye3dURUXPk78u5wodOkgcEYRwSYaDMJlUzWP+poRXIDJwFaMQnwmxbl/c84yOyaU0x/d6hFwoRscWecihX+vvBNeSyxR4xr2HDOyUWwJkctyAgt2p7w3tfkXOKcCRzTAjGVIMQLTvo0sG/yJbcyHoEFdFybCsgDvfyYn'; then
   8   # we are on home network
   9   cur4="$(host -4 b8.nz iankelling.org | sed -rn 's/.*has address (.*)/\1/p;T;q')"
  10   if ip4=$(curl -s4 https://iankelling.org/cgi/pubip); then
  11     if [[ $cur4 && $ip4 && $cur4 != $ip4 ]]; then
  12       up4=true
  13     fi
  14   fi
  15 fi
  16
  17 # may not be set yet so allow fail
  18 cur6="$(host -4 -t aaaa $fqdn iankelling.org | sed -rn 's/.*has IPv6 address (.*)/\1/p;T;q')" ||:
  19
  20 up6=false
  21 # maybe we dont have ipv6 working
  22 if out6=$(curl -s6 https://iankelling.org/cgi/pubip) && [[ $out6 ]]; then
  23   dev=$(ip -o a show to $out6 | awk '{print $2}')
  24   # we use slaac with privacy extension, so get our less private more permanent address
  25   mac=$(cat /sys/class/net/$dev/address)
  26
  27   IFS=: read -a f <<<$mac; set -- ${f[@]}
  28   ip6=${out6%:*:*:*:*}:$(printf %x $((0x$1 + 2)))$2:$3'ff:fe'$4:$5$6
  29   # in case we aren't using slaac
  30   if ! ip a | grep "^ *inet6 $ip6/" &>/dev/null; then
  31     ip6=$out6
  32   fi
  33   if [[ $cur6 != $ip6 ]]; then
  34     up6=true
  35   fi
  36 fi
  37
  38
  39 if ! $up4 && ! $up6; then
  40   exit 0
  41 fi
  42
  43 # note, a simpler way to do this would be to ssh and use
  44 # "${SSH_CLIENT%% *}
  45 # to update bind if needed.
  46
  47 f=$(mktemp)
  48 cat >>$f <<EOF
  49 server iankelling.org
  50 zone b8.nz
  51 EOF
  52
  53 if $up4; then
  54   cat >>$f <<EOF
  55 update delete b8.nz. A
  56 update delete wrt.b8.nz. A
  57 update add b8.nz. 300 A $ip4
  58 update add wrt.b8.nz. 300 A $ip4
  59 EOF
  60 fi
  61
  62 if $up6; then
  63   if [[ $HOSTNAME == tp ]]; then
  64     cat >>$f <<EOF
  65 update delete b8.nz. AAAA
  66 update add b8.nz. 60 AAAA $ip6
  67 EOF
  68   fi
  69   cat >>$f <<EOF
  70 update delete $fqdn. AAAA
  71 update add $fqdn. 60 AAAA $ip6
  72 EOF
  73 fi
  74
  75 cat >>$f <<EOF
  76 show
  77 send
  78 answer
  79 quit
  80 EOF
  81
  82 nsupdate -k /p/c/machine_specific/linode/filesystem/etc/bind/Kb8.nz.*.private <$f
  83 sed -i 's/^server .*/server l2.b8.nz/' $f
  84 nsupdate -k /p/c/machine_specific/linode/filesystem/etc/bind/Kb8.nz.*.private <$f
  85
  86 exit
  87
  88 # # persistent initial setup for this:
  89 # # create files in /a/c/machine_specific/linode/filesystem/etc/bind
  90 # # note, conflink also does some group ownership stuff.
  91
  92 mkc /p/c/machine_specific/linode/filesystem/etc/bind
  93 sudo dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST b8.nz
  94 user=$(id -un)
  95 sudo chown $user:$user *
  96
  97
  98 f=key.b8.nz
  99 cat >$f <<EOF
 100 key b8.nz. {
 101 algorithm HMAC-SHA512;
 102 secret "$(awk '$1 == "Key:" {print $2}' Kb8.nz.*.private)";
 103 };
 104 EOF
 105
 106 chmod 640 [kK]*
 107
 108 # push here?
 109 #myunison -ob li
 110 #ssh li conflink
 111 ssh li systemctl reload bind9