-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsetup_tinc.sh
150 lines (145 loc) · 5.02 KB
/
setup_tinc.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
setup_tinc_base() {
if [ ! -d /etc/tinc/ffsbb/.git ]; then
mkdir -p /etc/tinc
git clone git+ssh://[email protected]/freifunk-stuttgart/tinc-ffsbb /etc/tinc/ffsbb
fi
if [ ! -e /etc/tinc/ffsbb/tinc.conf ]; then
ln -s $TINCBASE/tinc.conf.sample /etc/tinc/ffsbb/tinc.conf
fi
if [ ! -e /etc/tinc/ffsbb/subnet-up ]; then
ln -s $TINCBASE/subnet-up.sample /etc/tinc/ffsbb/subnet-up
fi
if [ ! -e /etc/tinc/ffsbb/subnet-down ]; then
ln -s $TINCBASE/subnet-down.sample /etc/tinc/ffsbb/subnet-down
fi
}
setup_tinc_config() {
ensureline "PMTUDiscovery = yes" /etc/tinc/ffsbb/hosts/$HOSTNAME
ensureline "Digest = sha256" /etc/tinc/ffsbb/hosts/$HOSTNAME
ensureline "ClampMSS = yes" /etc/tinc/ffsbb/hosts/$HOSTNAME
ensureline "Address = $HOSTNAME.freifunk-stuttgart.de" /etc/tinc/ffsbb/hosts/$HOSTNAME
ensureline "Port = 119${GWLID}" /etc/tinc/ffsbb/hosts/$HOSTNAME
ensureline "ConnectTo = $HOSTNAME" /etc/tinc/ffsbb/tinc.conf.sample
if [ ! -e /etc/tinc/ffsbb/conf.d/$HOSTNAME ]; then
echo ConnectTo = $HOSTNAME > /etc/tinc/ffsbb/conf.d/$HOSTNAME
( cd /etc/tinc/ffsbb && git add conf.d/$HOSTNAME )
fi
}
setup_tinc_key() {
if [ ! -e /etc/tinc/rsa_key.priv ]; then
echo | tincd -K 4096
fi
if [ ! -e /etc/tinc/ffsbb/rsa_key.priv ]; then
cp /etc/tinc/rsa_key.priv /etc/tinc/ffsbb/
fi
if ! grep -q "BEGIN RSA PUBLIC KEY" /etc/tinc/ffsbb/hosts/$HOSTNAME; then
cat /etc/tinc/rsa_key.pub >> /etc/tinc/ffsbb/hosts/$HOSTNAME
fi
}
setup_tinc_git_push() {
if [ x$TINC_BB == x1 ]; then
git add hosts/$HOSTNAME
git commit -m "hosts/$HOSTNAME" -a || true
git push
fi
}
setup_tinc_interface() {
cat <<EOF >/etc/network/interfaces.d/ffsbb
allow-hotplug ffsbb
auto ffsbb
iface ffsbb inet static
tinc-net ffsbb
tinc-mlock yes
tinc-pidfile /var/run/tinc.ffsbb.pid
address 10.191.255.$(($GWID*10+$GWSUBID))
netmask 255.255.255.0
broadcast 10.191.255.255
post-up /sbin/ip rule add iif \$IFACE table stuttgart priority 7000 || true
pre-down /sbin/ip rule del iif \$IFACE table stuttgart priority 7000 || true
post-up /sbin/ip route add 10.191.255.0/24 dev \$IFACE table stuttgart || true
post-down /sbin/ip route del 10.191.255.0/24 dev \$IFACE table stuttgart || true
iface ffsbb inet6 static
address fd21:b4dc:4b00::a38:$(($GWID*10+$GWSUBID))
netmask 64
EOF
}
setup_tinc_segments() {
OLDDIR=$(pwd)
mkdir -p /root/git
cd /root/git
if [ ! -d /root/git/tinc ]; then
git clone [email protected]:freifunk-stuttgart/tinc.git
cd tinc
else
cd /root/git/tinc && git pull
fi
if [ ! -e /etc/tinc/rsa_key.priv ]; then
echo | tincd -K 4096
fi
for seg in $(seq 0 $SEGMENTS); do
net=$(printf "ffsl2s%02i" $seg)
ensureline "PMTUDiscovery = yes" /root/git/tinc/$net/hosts/$HOSTNAME
ensureline "Digest = sha256" /root/git/tinc/$net/hosts/$HOSTNAME
ensureline "ClampMSS = yes" /root/git/tinc/$net/hosts/$HOSTNAME
ensureline "Address = $HOSTNAME.freifunk-stuttgart.de" /root/git/tinc/$net/hosts/$HOSTNAME
ensureline "Port = 12${GWID}$(printf '%02i' $seg)" /root/git/tinc/$net/hosts/$HOSTNAME
ensureline "ConnectTo = $HOSTNAME" /root/git/tinc/$net/tinc.conf.sample
if ! grep -q "BEGIN RSA PUBLIC KEY" /root/git/tinc/$net/hosts/$HOSTNAME; then
cat /etc/tinc/rsa_key.pub >> /root/git/tinc/$net/hosts/$HOSTNAME
fi
mkdir -p /root/git/tinc/$net/conf.d
# if [ ! -e /root/git/tinc/$net/conf.d/$HOSTNAME ]; then
# echo ConnectTo = $HOSTNAME > /root/git/tinc/$net/conf.d/$HOSTNAME
# fi
git add $net/hosts/$HOSTNAME $net/conf.d
done
git commit -m $HOSTNAME -a || true
git push
for seg in $(seq 0 $SEGMENTS); do
net=$(printf "ffsl2s%02i" $seg)
cat << EOF > /etc/network/interfaces.d/$net
auto $net
iface $net inet manual
tinc-net $net
tinc-mlock 1
tinc-pidfile /var/run/tinc.$net
hwaddress 02:00:37:$(printf "%02i" $seg):$GWLID:$GWLSUBID
pre-up /sbin/modprobe batman_adv || true
post-up /sbin/ip link set $net address 02:00:37:$(printf "%02i" $seg):$GWLID:$GWLSUBID up || true
post-up /sbin/ip link set dev $net up || true
post-up /usr/sbin/batctl -m bat$(printf "%02i" $seg) if add $net || true
EOF
done
cd $OLDPWD
mkdir -p /usr/local/bin
cat <<'EOF' >/usr/local/bin/tinc-segments
#/bin/bash
cd /root/git/tinc
git pull
for net in ffsl2s00 ffsl2s01 ffsl2s02 ffsl2s03 ffsl2s04; do
if [ ! -d /etc/tinc/$net ]; then
mkdir /etc/tinc/$net
fi
rsync -rlHpogDtSvx --delete \
--exclude=rsa_key.priv \
--exclude=tinc.conf \
--exclude=subnet-up \
--exclude=subnet-down \
--exclude=host-up \
--exclude=host-down \
/root/git/tinc/$net/. \
/etc/tinc/$net/
done
killall -HUP tincd || true
EOF
chmod +x /usr/local/bin/tinc-segments
/usr/local/bin/tinc-segments
for net in ffsl2s00 ffsl2s01 ffsl2s02 ffsl2s03 ffsl2s04; do
if [ ! -e /etc/tinc/$net/rsa_key.priv ]; then
cp /etc/tinc/rsa_key.priv /etc/tinc/$net/
fi
if [ ! -e /etc/tinc/$net/tinc.conf ]; then
ln -s /etc/tinc/$net/tinc.conf.sample /etc/tinc/$net/tinc.conf
fi
done
}