[pib] cleanup / document the script
This commit is contained in:
Nico Schottelius
parent
3470ca62df
commit
caabcc2f47
1 changed files with 16 additions and 9 deletions
25
pib-setup.sh
25
pib-setup.sh
|
|
@ -1,11 +1,14 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Assumptions:
|
||||
# - pib is factory reset
|
||||
# - WAN port is connected with an active upstream
|
||||
# - You are connected via LAN/can ssh into it
|
||||
# - pib (APU) is factory reset OpenWRT
|
||||
# - WAN port is connected with an active upstream (pib has internet connectivity via WAN port)
|
||||
# - You are connected via LAN and you can ssh into it
|
||||
|
||||
if [ $# -ne 2 ]; then
|
||||
# How it works
|
||||
#
|
||||
|
||||
if [ $# -lt 2 ]; then
|
||||
echo "$0 ip-address vpn-network [wireguard-private-key]"
|
||||
echo " ip-address: where to find the PIB"
|
||||
echo " network: 2a0a:e5c0:123::/48"
|
||||
|
|
@ -44,8 +47,7 @@ opkg update
|
|||
opkg install libustream-openssl ca-bundle ca-certificates
|
||||
|
||||
# install wireguard + gui
|
||||
opkg install wireguard
|
||||
opkg install luci-app-wireguard
|
||||
opkg install wireguard luci-app-wireguard
|
||||
|
||||
# We are never authoritative for IPv4
|
||||
uci delete dhcp.@dnsmasq[0].authoritative
|
||||
|
|
@ -53,6 +55,9 @@ uci delete dhcp.@dnsmasq[0].authoritative
|
|||
# Do not announce ULA - we have GUA
|
||||
uci delete network.globals.ula_prefix
|
||||
|
||||
# Setup hostname
|
||||
uci set system.@system[0].hostname="${my_hostname}"
|
||||
|
||||
# Do not set/get? Was necessary, don't recall why
|
||||
uci set dhcp.@dnsmasq[0].noresolv='1'
|
||||
|
||||
|
|
@ -107,8 +112,6 @@ uci set network.@wireguard_wg0[0].endpoint_host='${vpn_endpoint_host}'
|
|||
uci set network.@wireguard_wg0[0].endpoint_port='51820'
|
||||
uci set network.@wireguard_wg0[0].route_allowed_ips='1'
|
||||
|
||||
uci set system.@system[0].hostname="${my_hostname}"
|
||||
|
||||
# Firewall configuration
|
||||
if ! uci show firewall | grep "name='Allow-SSH'"; then
|
||||
uci add firewall rule
|
||||
|
|
@ -149,16 +152,19 @@ uci delete dhcp.@dnsmasq[0].server
|
|||
uci add_list dhcp.@dnsmasq[0].server='2a0a:e5c0:0:a::a'
|
||||
uci add_list dhcp.@dnsmasq[0].server='2a0a:e5c0:2:a::a'
|
||||
|
||||
# This is the save & apply button in LUCI (or just save button)
|
||||
uci commit
|
||||
|
||||
reboot
|
||||
|
||||
EOF
|
||||
|
||||
my_ip=$my_lan_ip
|
||||
|
||||
echo "Waiting for it to come back..."
|
||||
while ! ping -c1 ${my_ip}; do
|
||||
echo "Cannot ping $my_ip yet - waiting"
|
||||
sleep 1
|
||||
sleep 2
|
||||
done
|
||||
|
||||
echo "Wireguard public key and id: ${id} ${public_key}"
|
||||
|
|
@ -169,4 +175,5 @@ Open steps:
|
|||
|
||||
- Remove your ssh key(s) from the device
|
||||
- Setup a secure root password and forward it to the customer
|
||||
|
||||
EOF
|
||||
|
|
|
|||
Loading…
Reference in a new issue