-#!/bin/bash -l
+#!/bin/bash
+
+# Usage: run to trust or untrust dns. public wifi sometimes needs to
+# trust dns initially to log in.
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-# Usage: run when switching from an untrusted network like public wifi
-# to a trusted one.
+source /a/bin/errhandle/err
+
+readonly this_file=$(readlink -f -- "${BASH_SOURCE[0]}")
+readonly this_dir="${this_file%/*}"
+script_name="${BASH_SOURCE[0]}"
+script_name="${script_name##*/}"
+
+# removes malware and adult content
+servers=(1.1.1.3 1.0.0.3 2606:4700:4700::1113 2606:4700:4700::1003)
+
+servers=(1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001)
+
+## trying out google
+servers=(8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844)
+
+
+
+m() { printf "%s\n" "$*"; "$@"; }
+e() { printf "%s\n" "$@"; }
+i() { # install file
+ local tmp tmpdir dest="$1"
+ local base="${dest##*/}"
+ mkdir -p ${dest%/*}
+ ir=false # i result
+ tmpdir=$(mktemp -d)
+ cat >$tmpdir/"$base"
+ tmp=$(rsync -ic $tmpdir/"$base" "$dest")
+ if [[ $tmp ]]; then
+ printf "%s\n" "$tmp"
+ ir=true
+ fi
+ rm -rf $tmpdir
+}
+
+e $script_name
+exit 0
+
+# i symlinked the script to another name to make it work different
+trust=true
+case $script_name in
+ untrusted-network)
+ trust=false
+ ;;
+esac
+
-if [[ -e /etc/NetworkManager/conf.d/dns.conf ]]; then
- rm -fv /etc/NetworkManager/conf.d/dns.conf
- if [[ $(systemctl is-active NetworkManager) == active ]]; then
+if $trust; then
+ if [[ -e /etc/NetworkManager/conf.d/dns.conf ]]; then
+ rm -fv /etc/NetworkManager/conf.d/dns.conf
+ if [[ $(systemctl is-active NetworkManager) == active ]]; then
+ m systemctl restart NetworkManager
+ fi
+ fi
+
+ rm -fv /etc/systemd/resolved.conf.d/untrusted-network.conf
+else #untrusted
+ # https://wiki.archlinux.org/index.php/Systemd-resolved#Manually
+ cat >/etc/systemd/resolved.conf.d/untrusted-network.conf <<EOF
+[Resolve]
+DNS=${servers[@]}
+Domains=b8.nz
+DNSOverTLS=yes
+EOF
+
+ i /etc/NetworkManager/conf.d/dns.conf <<'EOF'
+[main]
+dns=none
+systemd-resolved=false
+EOF
+
+ if $ir && [[ $(systemctl is-active NetworkManager) == active ]]; then
m systemctl restart NetworkManager
fi
fi
-rm -f /etc/systemd/resolved.conf.d/untrusted-network.conf
-
dhclient_restart=false
# man dhclient.conf
if ! grep -qP '\bdomain-name-servers\b' /etc/dhcp/dhclient.conf; then
fi
+# wait for networkmanager to come back
+for f in {1..20}; do
+ if read -r _ _ _ _ gateway_if _ < <(ip route get 8.8.8.8); then
+ break
+ fi
+ m sleep 2
+done
+
-read -r _ _ _ _ gateway_if _ < <(ip route get 8.8.8.8)
if [[ $gateway_if ]]; then
# we could do this, but dhclient is still running and will use its old settings
# from dependencies of ifupdown,
e $0: no gateway_if found
fi
-reresolv
+m systemctl restart systemd-resolved
+
+
+
+# just for curiosity i did a
+# wrapper around dhclient, then ifdown eth0; ifup eth0:
+
+# Tue Mar 9 18:29:05 EST 2021
+# args -4 -v -r -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0
+# env
+# ADDRFAM=inet
+# PHASE=pre-down
+# VERBOSITY=0
+# PWD=/sbin
+# IFACE=eth0
+# METHOD=dhcp
+# SHLVL=1
+# LOGICAL=eth0
+# MODE=stop
+# PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# IFUPDOWN_eth0=pre-down
+# _=/usr/bin/env
+# Tue Mar 9 18:29:07 EST 2021
+# args -1 -4 -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0
+# env
+# ADDRFAM=inet
+# PHASE=post-up
+# VERBOSITY=0
+# PWD=/sbin
+# IFACE=eth0
+# METHOD=dhcp
+# SHLVL=1
+# LOGICAL=eth0
+# MODE=start
+# PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# IFUPDOWN_eth0=post-up
+# _=/usr/bin/env
iankelling.org / git / distro-setup / blobdiff