100 lines
2.4 KiB
Bash
Executable file
100 lines
2.4 KiB
Bash
Executable file
#!/bin/sh
|
|
# Nico Schottelius, 2024-07-22
|
|
# This script assumes a clean/newly setup openwrt device
|
|
#
|
|
# Assumption:
|
|
# VIIRB being used to...
|
|
# - monitor camera
|
|
# - monitor UPS via USB
|
|
|
|
if [ $# -lt 8 ] ; then
|
|
echo $0 "address hostname passwd wifi-ssid wifi-psk"
|
|
fi
|
|
|
|
address=$1; shift
|
|
hostname=$1; shift
|
|
root_password=$1; shift
|
|
wifi_ssid=$1; shift
|
|
wifi_psk=$1; shift
|
|
|
|
# Allow passwordless to avoid nightmare
|
|
cat ~/.ssh/id_rsa.pub | ssh root@${address} "cat > /etc/dropbear/authorized_keys"
|
|
|
|
cat <<EOF | ssh -t "root@${address}"
|
|
set -x
|
|
# opkg update
|
|
|
|
# add jool + bird2 + tcpdump
|
|
# opkg install jool-tools-netfilter bird2 bird2c tcpdump tmux atop nload
|
|
|
|
# Do not announce ULA - we have GUA
|
|
uci delete network.globals.ula_prefix
|
|
|
|
# Remove IPv6 assign, we are using static IPv6
|
|
uci delete network.lan.ip6assign
|
|
|
|
# Disable firewalling effectively to allow traffic any direction
|
|
# uci set firewall.@defaults[0].input=ACCEPT
|
|
# uci set firewall.@defaults[0].forward=ACCEPT
|
|
|
|
# Set hostname
|
|
uci set system.@system[0].hostname="${hostname}"
|
|
|
|
# Make LAN IPv6 dynamic
|
|
#uci delete network.lan.ipaddr
|
|
#uci delete network.lan.netmask
|
|
#uci delete network.lan.gateway
|
|
#uci set network.lan.proto="dhcpv6"
|
|
|
|
# Need to remove ipv6 source based routing - leads to route not working
|
|
#uci set network.lan.sourcefilter=0
|
|
|
|
# Disable DHCP/RA on LAN
|
|
uci delete dhcp.lan.dhcpv4
|
|
uci delete dhcp.lan.dhcpv6
|
|
uci delete dhcp.lan.ra
|
|
uci set dhcp.lan.ignore=1
|
|
|
|
# Base wifi settings
|
|
uci set wireless.radio0.htmode='HT40'
|
|
uci set wireless.radio0.channel='auto'
|
|
|
|
# Remove old AP entry
|
|
uci delete wireless.default_radio0
|
|
|
|
# Create device for wifi
|
|
uci set network.wwan=interface
|
|
uci set network.wwan.proto=dhcpv6
|
|
uci set network.wwan.device=phy0-sta0
|
|
|
|
# Add wwan to lan zone, if it is not in there already
|
|
is_in=""
|
|
for net in \$(uci get firewall.@zone[0].network); do
|
|
echo \$net | grep ^wwan\$ && is_in=yes && break
|
|
done
|
|
|
|
if [ -z "\$is_in" ]; then
|
|
uci add_list firewall.@zone[0].network="wwan"
|
|
fi
|
|
|
|
# Create wireless entry for wifi
|
|
uci set wireless.wifinet1=wifi-iface
|
|
uci set wireless.wifinet1.device='radio0'
|
|
uci set wireless.wifinet1.mode='sta'
|
|
uci set wireless.wifinet1.network='wwan'
|
|
uci set wireless.wifinet1.ssid='${wifi_ssid}'
|
|
uci set wireless.wifinet1.encryption='psk2'
|
|
uci set wireless.wifinet1.key='${wifi_psk}'
|
|
|
|
uci delete wireless.radio0.disabled
|
|
|
|
uci commit
|
|
|
|
printf "${root_password}\n${root_password}\n" | passwd
|
|
|
|
# Apply all changes
|
|
reboot
|
|
|
|
EOF
|
|
|
|
echo "Restart router to restart firewall, network, dhcp"
|