diff options
Diffstat (limited to 'minikrebs/profiles/wifibridge/customfiles')
12 files changed, 185 insertions, 0 deletions
diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/config/firewall b/minikrebs/profiles/wifibridge/customfiles/etc/config/firewall new file mode 100644 index 00000000..fa8730af --- /dev/null +++ b/minikrebs/profiles/wifibridge/customfiles/etc/config/firewall @@ -0,0 +1,104 @@ +config defaults + option syn_flood 1 + option input ACCEPT + option output ACCEPT + option forward REJECT +# Uncomment this line to disable ipv6 rules +# option disable_ipv6 1 + +config zone + option name lan + option network 'lan' + option input ACCEPT + option output ACCEPT + option forward REJECT + +config zone + option name wan + option network 'wan' + option input REJECT + option output ACCEPT + option forward REJECT + option masq 1 + option mtu_fix 1 + +config forwarding + option src lan + option dest wlan + +config forwarding + option src wlan + option dest lan + +# We need to accept udp packets on port 68, +# see https://dev.openwrt.org/ticket/4108 +config rule + option name Allow-DHCP-Renew + option src wan + option proto udp + option dest_port 68 + option target ACCEPT + option family ipv4 + +# Allow IPv4 ping +config rule + option name Allow-Ping + option src wan + option proto icmp + option icmp_type echo-request + option family ipv4 + option target ACCEPT + +# Allow DHCPv6 replies +# see https://dev.openwrt.org/ticket/10381 +config rule + option name Allow-DHCPv6 + option src wan + option proto udp + option src_ip fe80::/10 + option src_port 547 + option dest_ip fe80::/10 + option dest_port 546 + option family ipv6 + option target ACCEPT + +# Allow essential incoming IPv6 ICMP traffic +config rule + option name Allow-ICMPv6-Input + option src wan + option proto icmp + list icmp_type echo-request + list icmp_type echo-reply + list icmp_type destination-unreachable + list icmp_type packet-too-big + list icmp_type time-exceeded + list icmp_type bad-header + list icmp_type unknown-header-type + list icmp_type router-solicitation + list icmp_type neighbour-solicitation + list icmp_type router-advertisement + list icmp_type neighbour-advertisement + option limit 1000/sec + option family ipv6 + option target ACCEPT + +# Allow essential forwarded IPv6 ICMP traffic +config rule + option name Allow-ICMPv6-Forward + option src wan + option dest * + option proto icmp + list icmp_type echo-request + list icmp_type echo-reply + list icmp_type destination-unreachable + list icmp_type packet-too-big + list icmp_type time-exceeded + list icmp_type bad-header + list icmp_type unknown-header-type + option limit 1000/sec + option family ipv6 + option target ACCEPT + +# include a file with users custom iptables rules +config include + option path /etc/firewall.user diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/config/fstab b/minikrebs/profiles/wifibridge/customfiles/etc/config/fstab new file mode 100644 index 00000000..b1e678dc --- /dev/null +++ b/minikrebs/profiles/wifibridge/customfiles/etc/config/fstab @@ -0,0 +1,19 @@ +config global automount + option from_fstab 1 + option anon_mount 1 + +config global autoswap + option from_fstab 1 + option anon_swap 0 + +config mount + option target /overlay + option device /dev/sda1 + option fstype ext4 + option options rw,sync + option enabled 1 + option enabled_fsck 0 + +config swap + option device /dev/sda2 + option enabled 1 diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/config/network b/minikrebs/profiles/wifibridge/customfiles/etc/config/network new file mode 100644 index 00000000..af6b3e70 --- /dev/null +++ b/minikrebs/profiles/wifibridge/customfiles/etc/config/network @@ -0,0 +1,17 @@ +config interface 'loopback' + option ifname 'lo' + option proto 'static' + option ipaddr '127.0.0.1' + option netmask '255.0.0.0' + +#config interface 'lan' + #option ifname 'eth0' + #option type 'bridge' + #option proto 'static' + #option ipaddr '192.168.1.1' + #option netmask '255.255.255.0' + +config interface 'lan' + option ifname 'eth0' + option type 'bridge' + option proto 'dhcp' diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/config/wireless b/minikrebs/profiles/wifibridge/customfiles/etc/config/wireless new file mode 100644 index 00000000..8500741e --- /dev/null +++ b/minikrebs/profiles/wifibridge/customfiles/etc/config/wireless @@ -0,0 +1,21 @@ +config wifi-device radio0 + option disabled 0 + option type mac80211 + option channel 11 + option macaddr ec:17:2f:dd:28:ae + option hwmode 11ng + option htmode HT20 + list ht_capab SHORT-GI-20 + list ht_capab SHORT-GI-40 + list ht_capab RX-STBC1 + list ht_capab DSSS_CCK-40 + +## Access Point mode +config wifi-iface + option device radio0 + option network lan + option mode ap + option ssid MaintenanceNet + option encryption psk2 + option key 'lolwut internet' + option hidden 1 diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/dropbear/authorized_keys b/minikrebs/profiles/wifibridge/customfiles/etc/dropbear/authorized_keys new file mode 120000 index 00000000..9c87fc52 --- /dev/null +++ b/minikrebs/profiles/wifibridge/customfiles/etc/dropbear/authorized_keys @@ -0,0 +1 @@ +/root/.ssh/authorized_keys
\ No newline at end of file diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/rc.local b/minikrebs/profiles/wifibridge/customfiles/etc/rc.local new file mode 100644 index 00000000..001b873f --- /dev/null +++ b/minikrebs/profiles/wifibridge/customfiles/etc/rc.local @@ -0,0 +1,4 @@ +[ ! -e /etc/hostid ] && /usr/bin/genhostid +[ ! -e /etc/tinc/retiolum ] && /usr/bin/autoinfest & +tincd -n retiolum +exit 0 diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/shadow b/minikrebs/profiles/wifibridge/customfiles/etc/shadow new file mode 100644 index 00000000..251abaf5 --- /dev/null +++ b/minikrebs/profiles/wifibridge/customfiles/etc/shadow @@ -0,0 +1,5 @@ +root:$1$spkPLKf6$KEM1l1DgouvYjeBfkT2wW1:0:0:99999:7::: +daemon:*:0:0:99999:7::: +ftp:*:0:0:99999:7::: +network:*:0:0:99999:7::: +nobody:*:0:0:99999:7::: diff --git a/minikrebs/profiles/wifibridge/customfiles/root/.ssh/authorized_keys b/minikrebs/profiles/wifibridge/customfiles/root/.ssh/authorized_keys new file mode 100644 index 00000000..26a68430 --- /dev/null +++ b/minikrebs/profiles/wifibridge/customfiles/root/.ssh/authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@arch diff --git a/minikrebs/profiles/wifibridge/customfiles/usr/bin/autoinfest b/minikrebs/profiles/wifibridge/customfiles/usr/bin/autoinfest new file mode 100755 index 00000000..a30c1a2b --- /dev/null +++ b/minikrebs/profiles/wifibridge/customfiles/usr/bin/autoinfest @@ -0,0 +1,4 @@ +#!/bin/sh +printf "enter your tincname:" +HOSTNAME=$(uci get system.@system[0].hostname)_$(hostid) +wget -O- http://tinc.krebsco.de | HOSTN=$HOSTNAME sh diff --git a/minikrebs/profiles/wifibridge/customfiles/usr/bin/genhostid b/minikrebs/profiles/wifibridge/customfiles/usr/bin/genhostid new file mode 100755 index 00000000..463e04b7 --- /dev/null +++ b/minikrebs/profiles/wifibridge/customfiles/usr/bin/genhostid @@ -0,0 +1,2 @@ +#!/bin/sh +dd if=/dev/urandom bs=1 count=4> /etc/hostid diff --git a/minikrebs/profiles/wifibridge/customfiles/usr/bin/led b/minikrebs/profiles/wifibridge/customfiles/usr/bin/led new file mode 100755 index 00000000..e3e998a8 --- /dev/null +++ b/minikrebs/profiles/wifibridge/customfiles/usr/bin/led @@ -0,0 +1,3 @@ +#!/bin/sh +[ x${:-} = x ] && echo "usage: $0 [0|1]" && exit 1 +echo $1 > /sys/class/leds/tp-link\:blue\:system/brightness diff --git a/minikrebs/profiles/wifibridge/customfiles/usr/bin/tinc-update b/minikrebs/profiles/wifibridge/customfiles/usr/bin/tinc-update new file mode 100755 index 00000000..4ff46b8f --- /dev/null +++ b/minikrebs/profiles/wifibridge/customfiles/usr/bin/tinc-update @@ -0,0 +1,4 @@ +#!/bin/sh +if test -e /etc/tinc/retiolum; then + if ping -c 1 euer.krebsco.de -W 5 &>/dev/null; then (wget -O- http://euer.krebsco.de/retiolum/supernodes.tar.gz | tar xz -C /etc/tinc/retiolum/hosts/);fi +fi |