From caabcc2f47c88dfa38911cf0ab4e993a2b1ddb12 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Mon, 7 Sep 2020 16:52:14 +0200
Subject: [PATCH] [pib] cleanup / document the script

---
 pib-setup.sh | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/pib-setup.sh b/pib-setup.sh
index f95486e..39b7c0b 100755
--- a/pib-setup.sh
+++ b/pib-setup.sh
@@ -1,11 +1,14 @@
 #!/bin/sh
 
 # Assumptions:
-# - pib is factory reset
-# - WAN port is connected with an active upstream
-# - You are connected via LAN/can ssh into it
+# - pib (APU) is factory reset OpenWRT
+# - WAN port is connected with an active upstream (pib has internet connectivity via WAN port)
+# - You are connected via LAN and you can ssh into it
 
-if [ $# -ne 2 ]; then
+# How it works
+#
+
+if [ $# -lt 2 ]; then
     echo "$0 ip-address vpn-network [wireguard-private-key]"
     echo "    ip-address: where to find the PIB"
     echo "    network: 2a0a:e5c0:123::/48"
@@ -44,8 +47,7 @@ opkg update
 opkg install libustream-openssl ca-bundle ca-certificates
 
 # install wireguard + gui
-opkg install wireguard
-opkg install luci-app-wireguard
+opkg install wireguard luci-app-wireguard
 
 # We are never authoritative for IPv4
 uci delete dhcp.@dnsmasq[0].authoritative
@@ -53,6 +55,9 @@ uci delete dhcp.@dnsmasq[0].authoritative
 # Do not announce ULA - we have GUA
 uci delete network.globals.ula_prefix
 
+# Setup hostname
+uci set system.@system[0].hostname="${my_hostname}"
+
 # Do not set/get? Was necessary, don't recall why
 uci set dhcp.@dnsmasq[0].noresolv='1'
 
@@ -107,8 +112,6 @@ uci set network.@wireguard_wg0[0].endpoint_host='${vpn_endpoint_host}'
 uci set network.@wireguard_wg0[0].endpoint_port='51820'
 uci set network.@wireguard_wg0[0].route_allowed_ips='1'
 
-uci set system.@system[0].hostname="${my_hostname}"
-
 # Firewall configuration
 if ! uci show firewall | grep "name='Allow-SSH'"; then
 uci add firewall rule
@@ -149,16 +152,19 @@ uci delete dhcp.@dnsmasq[0].server
 uci add_list dhcp.@dnsmasq[0].server='2a0a:e5c0:0:a::a'
 uci add_list dhcp.@dnsmasq[0].server='2a0a:e5c0:2:a::a'
 
+# This is the save & apply button in LUCI (or just save button)
 uci commit
+
 reboot
 
 EOF
 
 my_ip=$my_lan_ip
+
 echo "Waiting for it to come back..."
 while ! ping -c1 ${my_ip}; do
     echo "Cannot ping $my_ip yet - waiting"
-    sleep 1
+    sleep 2
 done
 
 echo "Wireguard public key and id: ${id} ${public_key}"
@@ -169,4 +175,5 @@ Open steps:
 
 - Remove your ssh key(s) from the device
 - Setup a secure root password and forward it to the customer
+
 EOF