iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
todo comment
[distro-setup] / untrusted-network
1 #!/bin/bash -l
2
3 set -eE -o pipefail
4 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
5
6 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
7
8 # Usage: use when switching from a trusted network to an untrusted one,
9 # like public wifi.
10
11
12
13 i() { # install file
14 local tmp tmpdir dest="$1"
15 local base="${dest##*/}"
16 mkdir -p ${dest%/*}
17 ir=false # i result
18 tmpdir=$(mktemp -d)
19 cat >$tmpdir/"$base"
20 tmp=$(rsync -ic $tmpdir/"$base" "$dest")
21 if [[ $tmp ]]; then
22 printf "%s\n" "$tmp"
23 ir=true
24 fi
25 rm -rf $tmpdir
26 }
27
28
29 read -r _ ver _ < <(systemd-resolve --version)
30
31 # removes malware and adult content
32 servers=(1.1.1.3 1.0.0.3 2606:4700:4700::1113 2606:4700:4700::1003)
33
34 servers=(1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001)
35
36 ## trying out google
37 #servers=(8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844)
38
39
40 # https://wiki.archlinux.org/index.php/Systemd-resolved#Manually
41 cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
42 [Resolve]
43 DNS=${servers[@]}
44 Domains=b8.nz
45 DNSOverTLS=yes
46 EOF
47
48 i /etc/NetworkManager/conf.d/dns.conf <<'EOF'
49 [main]
50 dns=none
51 systemd-resolved=false
52 EOF
53
54 if $ir && [[ $(systemctl is-active NetworkManager) == active ]]; then
55 m systemctl restart NetworkManager
56 m sleep 2
57 fi
58
59 dhclient_restart=false
60 # man dhclient.conf
61 if grep -qP '\bdomain-name-servers\b' /etc/dhcp/dhclient.conf; then
62 sed -i 's/domain-name-servers,\?//' /etc/dhcp/dhclient.conf
63 dhclient_restart=true
64 fi
65
66 read -r _ _ _ _ gateway_if _ < <(ip route get 8.8.8.8)
67 if [[ $gateway_if ]]; then
68 # we could do this, but dhclient is still running and will use its old settings
69 # from dependencies of ifupdown,
70 # from man dhclient-script
71 # from /etc/dhcp/dhclient-enter-hooks.d/resolved
72 # rm -f /run/systemd/resolved.conf.d/*$gateway_if*
73
74
75 if $dhclient_restart && grep -Pq "^ *auto ($gateway_if|.* $gateway_if( |$))" /etc/network/interfaces; then
76 m ifdown $gateway_if
77 m ifup $gateway_if
78 fi
79
80 # at least on systemd 237 ifupdown it sets a global and this is not needed
81 systemd-resolve --interface=$gateway_if --revert
82 fi
83
84 reresolv
85
86 # just for curiosity i did a
87 # wrapper around dhclient, then ifdown eth0; ifup eth0:
88
89 # Tue Mar 9 18:29:05 EST 2021
90 # args -4 -v -r -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0
91 # env
92 # ADDRFAM=inet
93 # PHASE=pre-down
94 # VERBOSITY=0
95 # PWD=/sbin
96 # IFACE=eth0
97 # METHOD=dhcp
98 # SHLVL=1
99 # LOGICAL=eth0
100 # MODE=stop
101 # PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
102 # IFUPDOWN_eth0=pre-down
103 # _=/usr/bin/env
104 # Tue Mar 9 18:29:07 EST 2021
105 # args -1 -4 -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0
106 # env
107 # ADDRFAM=inet
108 # PHASE=post-up
109 # VERBOSITY=0
110 # PWD=/sbin
111 # IFACE=eth0
112 # METHOD=dhcp
113 # SHLVL=1
114 # LOGICAL=eth0
115 # MODE=start
116 # PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
117 # IFUPDOWN_eth0=post-up
118 # _=/usr/bin/env
~16k lines of my .bashrc + lots of my configs