diff --git a/pib-setup.sh b/pib-setup.sh index b0e4438..f95486e 100755 --- a/pib-setup.sh +++ b/pib-setup.sh @@ -1,25 +1,33 @@ #!/bin/sh +# Assumptions: +# - pib is factory reset +# - WAN port is connected with an active upstream +# - You are connected via LAN/can ssh into it + if [ $# -ne 2 ]; then - echo "$0 ip-address vpn-network" + echo "$0 ip-address vpn-network [wireguard-private-key]" echo " ip-address: where to find the PIB" echo " network: 2a0a:e5c0:123::/48" + echo " private-key: specify if you already have a private key" exit 1 fi - - my_ip=$1; shift my_network=$1; shift +if [ $# -eq 1 ]; then + private_key=$1; shift +else + private_key=$(wg genkey) +fi + my_prefix=$(echo $my_network | sed 's,::/.*,,') my_hostname=pib-$(echo ${my_prefix} | sed 's/:/-/g') my_wireguard_ip=${my_prefix}::42 my_lan_ip=${my_prefix}:cafe::42 -my_lanv6_ip=${my_prefix}:7ea::42 -private_key=$(wg genkey) public_key=$(echo $private_key | wg pubkey) vpn_endpoint_host=vpn-2a0ae5c1.ungleich.ch @@ -28,7 +36,16 @@ vpn_endpoint_pubkey=hi60lGP+xEUQ+kVnqA7PlJAO1SVqTS1W36g0LhFP0xQ= cat < ${my_hostname}.public_key -exit 0 +cat < /dev/sda +- Remove your ssh key(s) from the device +- Setup a secure root password and forward it to the customer +EOF