iankelling.org Git - distro-setup/blob - dynamic-ip-update

   1 #!/bin/bash
   2 source ~/.bashrc
   3
   4 main() {
   5
   6   fqdn=$(hostname -f)
   7   domaintmp=${fqdn#*.}
   8   hostnametmp=${fqdn%%.*}
   9   # i for internet
  10   fqdn=${hostnametmp}i.${domaintmp}
  11
  12   up4=false
  13
  14   if ! tmp=$(ip -4 route get 85.119.83.50 2>/dev/null); then
  15     # our internet is down
  16     if [[ $INVOCATION_ID ]]; then
  17       return 0
  18     else
  19       echo $0: failed to get route, giving up
  20       exit 0
  21     fi
  22   fi
  23   read -r _ _  gateway _ ifdev _ <<<"$tmp"
  24
  25   case $gateway in
  26     10.2.0.1)
  27       dynhost=i.b8.nz
  28       ;;
  29     *)
  30       return 0
  31       ;;
  32   esac
  33
  34   athome=false
  35   if [[ -s /dev/shm/dynamic-ip-update-state ]]; then
  36     oldbytes=$(cat /dev/shm/dynamic-ip-update-state)
  37     newbytes=$(awk '$1 == "'$ifdev':" {print $2 + $10}' /proc/net/dev)
  38     if [[ $oldbytes == [1-9]* ]] && (( newbytes >= oldbytes )); then
  39       athome=true
  40       printf "%s\n" "$newbytes" >/dev/shm/dynamic-ip-update-state
  41     fi
  42   fi
  43   if ! $athome && timeout -s 9 5 ssh-keyscan -p 2220 -t rsa $gateway 2>/dev/null | grep -qFx "[$gateway]:2220 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCH+/h1dGEfKEusBblndU2e6QT4wLCm5+yqr/sqh/0X9YfjR7BfWWm8nNmuP55cYc+Wuf5ljB1H1acXEcsl1y8e0j3agHfF0V74FE1N1zz5nn2Ep8NHnmqgEhza38ZxMPh+4p3X7zklEKU7+3SzybKBi8sg0wLzlS2LM0JaUN80zR2sK11Kye3dURUXPk78u5wodOkgcEYRwSYaDMJlUzWP+poRXIDJwFaMQnwmxbl/c84yOyaU0x/d6hFwoRscWecihX+vvBNeSyxR4xr2HDOyUWwJkctyAgt2p7w3tfkXOKcCRzTAjGVIMQLTvo0sG/yJbcyHoEFdFybCsgDvfyYn"; then
  44     athome=true
  45     awk '$1 == "'$ifdev':" {print $2 + $10}' /proc/net/dev > /dev/shm/dynamic-ip-update-state
  46   fi
  47
  48
  49   if $athome; then
  50     if ! cur4="$(dig +short $dynhost @iankelling.org | tail -1)"; then
  51       if [[ ! $INVOCATION_ID ]]; then
  52         echo "$0: dig failed. internet looks down. giving up"
  53       fi
  54       return 0
  55     fi
  56     if ip4=$(curl -s4 https://iankelling.org/cgi/pubip); then
  57       if [[ $cur4 && $ip4 && $cur4 != $ip4 ]]; then
  58         up4=true # update ipv4
  59       fi
  60     fi
  61   fi
  62
  63   # may not be set yet so allow fail
  64   cur6="$(host -4 -t aaaa $fqdn iankelling.org | sed -rn 's/.*has IPv6 address (.*)/\1/p;T;q')" ||:
  65
  66   up6=false
  67
  68   out6=$(curl -s6 https://iankelling.org/cgi/pubip) ||: # failure allowed if we have no ipv6
  69
  70   if [[ $out6 ]]; then
  71     dev=$(ip -o a show to $out6 | awk '{print $2}')
  72     # we use slaac with privacy extension, so get our less private more permanent address
  73     mac=$(cat /sys/class/net/$dev/address)
  74
  75     IFS=: read -a f <<<$mac; set -- ${f[@]}
  76     ip6=${out6%:*:*:*:*}:$(printf %x $((0x$1 + 2)))$2:$3'ff:fe'$4:$5$6
  77     # in case we aren't using slaac
  78     if ! ip a | grep "^ *inet6 $ip6/" &>/dev/null; then
  79       ip6=$out6
  80     fi
  81   fi
  82
  83   if [[ $cur6 != $ip6 ]]; then
  84     up6=true
  85   fi
  86
  87   if ! $up4 && ! $up6; then
  88     return 0
  89   fi
  90
  91   # note, a simpler way to do this would be to ssh and use
  92   # "${SSH_CLIENT%% *}
  93   # to update bind if needed.
  94
  95   f=$(mktemp)
  96   cat >>$f <<EOF
  97 server iankelling.org
  98 zone b8.nz
  99 EOF
 100
 101   if $up4; then
 102     cat >>$f <<EOF
 103 update delete $dynhost. A
 104 update add $dynhost. 300 A $ip4
 105 EOF
 106   fi
 107
 108   if $up6; then
 109     if [[ $ip6 ]]; then
 110       cat >>$f <<EOF
 111 update delete $fqdn. AAAA
 112 update add $fqdn. 60 AAAA $ip6
 113 EOF
 114     else
 115       cat >>$f <<EOF
 116 update delete $fqdn. AAAA
 117 EOF
 118     fi
 119   fi
 120
 121   cat >>$f <<EOF
 122 show
 123 send
 124 answer
 125 quit
 126 EOF
 127
 128   nsupdate -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$f
 129   sed -i 's/^server .*/server bk.b8.nz/' $f
 130   nsupdate -k /p/c/machine_specific/vps/filesystem/etc/bind/Kb8.nz.*.private <$f
 131
 132
 133 }
 134
 135 loop-main() {
 136   while true; do
 137     main
 138     sleep 30
 139   done
 140 }
 141
 142
 143 if [[ $INVOCATION_ID ]]; then
 144   loop-main
 145 else
 146   main
 147 fi
 148
 149 exit 0
 150
 151
 152 #   # # persistent initial setup for this:
 153 #   # # create files in /a/c/machine_specific/vps/filesystem/etc/bind
 154 #   # # note, conflink also does some group ownership stuff.
 155 #   mkc /p/c/machine_specific/vps/filesystem/etc/bind
 156 #   sudo dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST b8.nz
 157 #   user=$(id -un)
 158 #   sudo chown $user:$user *
 159
 160
 161 #   f=key.b8.nz
 162 #   cat >$f <<EOF
 163 # key b8.nz. {
 164 # algorithm HMAC-SHA512;
 165 # secret "$(awk '$1 == "Key:" {print $2}' Kb8.nz.*.private)";
 166 # };
 167 # EOF
 168
 169 #   chmod 640 [kK]*
 170
 171 #   # push here?
 172 #   #myunison -ob li
 173 #   #ssh li conflink
 174 #   ssh li.b8.nz systemctl reload named
 175
 176
 177 #   # b8.nz has address 65.96.178.16
 178 #   # b8.nz has IPv6 address 2601:197:600:6efb:82fa:5bff:fe1c:6ecf