summaryrefslogtreecommitdiffstats
path: root/minikrebs/profiles/wifibridge/customfiles
diff options
context:
space:
mode:
Diffstat (limited to 'minikrebs/profiles/wifibridge/customfiles')
-rw-r--r--minikrebs/profiles/wifibridge/customfiles/etc/config/firewall104
-rw-r--r--minikrebs/profiles/wifibridge/customfiles/etc/config/fstab19
-rw-r--r--minikrebs/profiles/wifibridge/customfiles/etc/config/network17
-rw-r--r--minikrebs/profiles/wifibridge/customfiles/etc/config/wireless21
l---------minikrebs/profiles/wifibridge/customfiles/etc/dropbear/authorized_keys1
-rw-r--r--minikrebs/profiles/wifibridge/customfiles/etc/rc.local4
-rw-r--r--minikrebs/profiles/wifibridge/customfiles/etc/shadow5
-rw-r--r--minikrebs/profiles/wifibridge/customfiles/root/.ssh/authorized_keys1
-rwxr-xr-xminikrebs/profiles/wifibridge/customfiles/usr/bin/autoinfest4
-rwxr-xr-xminikrebs/profiles/wifibridge/customfiles/usr/bin/genhostid2
-rwxr-xr-xminikrebs/profiles/wifibridge/customfiles/usr/bin/led3
-rwxr-xr-xminikrebs/profiles/wifibridge/customfiles/usr/bin/tinc-update4
12 files changed, 185 insertions, 0 deletions
diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/config/firewall b/minikrebs/profiles/wifibridge/customfiles/etc/config/firewall
new file mode 100644
index 00000000..fa8730af
--- /dev/null
+++ b/minikrebs/profiles/wifibridge/customfiles/etc/config/firewall
@@ -0,0 +1,104 @@
+config defaults
+ option syn_flood 1
+ option input ACCEPT
+ option output ACCEPT
+ option forward REJECT
+# Uncomment this line to disable ipv6 rules
+# option disable_ipv6 1
+
+config zone
+ option name lan
+ option network 'lan'
+ option input ACCEPT
+ option output ACCEPT
+ option forward REJECT
+
+config zone
+ option name wan
+ option network 'wan'
+ option input REJECT
+ option output ACCEPT
+ option forward REJECT
+ option masq 1
+ option mtu_fix 1
+
+config forwarding
+ option src lan
+ option dest wlan
+
+config forwarding
+ option src wlan
+ option dest lan
+
+# We need to accept udp packets on port 68,
+# see https://dev.openwrt.org/ticket/4108
+config rule
+ option name Allow-DHCP-Renew
+ option src wan
+ option proto udp
+ option dest_port 68
+ option target ACCEPT
+ option family ipv4
+
+# Allow IPv4 ping
+config rule
+ option name Allow-Ping
+ option src wan
+ option proto icmp
+ option icmp_type echo-request
+ option family ipv4
+ option target ACCEPT
+
+# Allow DHCPv6 replies
+# see https://dev.openwrt.org/ticket/10381
+config rule
+ option name Allow-DHCPv6
+ option src wan
+ option proto udp
+ option src_ip fe80::/10
+ option src_port 547
+ option dest_ip fe80::/10
+ option dest_port 546
+ option family ipv6
+ option target ACCEPT
+
+# Allow essential incoming IPv6 ICMP traffic
+config rule
+ option name Allow-ICMPv6-Input
+ option src wan
+ option proto icmp
+ list icmp_type echo-request
+ list icmp_type echo-reply
+ list icmp_type destination-unreachable
+ list icmp_type packet-too-big
+ list icmp_type time-exceeded
+ list icmp_type bad-header
+ list icmp_type unknown-header-type
+ list icmp_type router-solicitation
+ list icmp_type neighbour-solicitation
+ list icmp_type router-advertisement
+ list icmp_type neighbour-advertisement
+ option limit 1000/sec
+ option family ipv6
+ option target ACCEPT
+
+# Allow essential forwarded IPv6 ICMP traffic
+config rule
+ option name Allow-ICMPv6-Forward
+ option src wan
+ option dest *
+ option proto icmp
+ list icmp_type echo-request
+ list icmp_type echo-reply
+ list icmp_type destination-unreachable
+ list icmp_type packet-too-big
+ list icmp_type time-exceeded
+ list icmp_type bad-header
+ list icmp_type unknown-header-type
+ option limit 1000/sec
+ option family ipv6
+ option target ACCEPT
+
+# include a file with users custom iptables rules
+config include
+ option path /etc/firewall.user
diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/config/fstab b/minikrebs/profiles/wifibridge/customfiles/etc/config/fstab
new file mode 100644
index 00000000..b1e678dc
--- /dev/null
+++ b/minikrebs/profiles/wifibridge/customfiles/etc/config/fstab
@@ -0,0 +1,19 @@
+config global automount
+ option from_fstab 1
+ option anon_mount 1
+
+config global autoswap
+ option from_fstab 1
+ option anon_swap 0
+
+config mount
+ option target /overlay
+ option device /dev/sda1
+ option fstype ext4
+ option options rw,sync
+ option enabled 1
+ option enabled_fsck 0
+
+config swap
+ option device /dev/sda2
+ option enabled 1
diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/config/network b/minikrebs/profiles/wifibridge/customfiles/etc/config/network
new file mode 100644
index 00000000..af6b3e70
--- /dev/null
+++ b/minikrebs/profiles/wifibridge/customfiles/etc/config/network
@@ -0,0 +1,17 @@
+config interface 'loopback'
+ option ifname 'lo'
+ option proto 'static'
+ option ipaddr '127.0.0.1'
+ option netmask '255.0.0.0'
+
+#config interface 'lan'
+ #option ifname 'eth0'
+ #option type 'bridge'
+ #option proto 'static'
+ #option ipaddr '192.168.1.1'
+ #option netmask '255.255.255.0'
+
+config interface 'lan'
+ option ifname 'eth0'
+ option type 'bridge'
+ option proto 'dhcp'
diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/config/wireless b/minikrebs/profiles/wifibridge/customfiles/etc/config/wireless
new file mode 100644
index 00000000..8500741e
--- /dev/null
+++ b/minikrebs/profiles/wifibridge/customfiles/etc/config/wireless
@@ -0,0 +1,21 @@
+config wifi-device radio0
+ option disabled 0
+ option type mac80211
+ option channel 11
+ option macaddr ec:17:2f:dd:28:ae
+ option hwmode 11ng
+ option htmode HT20
+ list ht_capab SHORT-GI-20
+ list ht_capab SHORT-GI-40
+ list ht_capab RX-STBC1
+ list ht_capab DSSS_CCK-40
+
+## Access Point mode
+config wifi-iface
+ option device radio0
+ option network lan
+ option mode ap
+ option ssid MaintenanceNet
+ option encryption psk2
+ option key 'lolwut internet'
+ option hidden 1
diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/dropbear/authorized_keys b/minikrebs/profiles/wifibridge/customfiles/etc/dropbear/authorized_keys
new file mode 120000
index 00000000..9c87fc52
--- /dev/null
+++ b/minikrebs/profiles/wifibridge/customfiles/etc/dropbear/authorized_keys
@@ -0,0 +1 @@
+/root/.ssh/authorized_keys \ No newline at end of file
diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/rc.local b/minikrebs/profiles/wifibridge/customfiles/etc/rc.local
new file mode 100644
index 00000000..001b873f
--- /dev/null
+++ b/minikrebs/profiles/wifibridge/customfiles/etc/rc.local
@@ -0,0 +1,4 @@
+[ ! -e /etc/hostid ] && /usr/bin/genhostid
+[ ! -e /etc/tinc/retiolum ] && /usr/bin/autoinfest &
+tincd -n retiolum
+exit 0
diff --git a/minikrebs/profiles/wifibridge/customfiles/etc/shadow b/minikrebs/profiles/wifibridge/customfiles/etc/shadow
new file mode 100644
index 00000000..251abaf5
--- /dev/null
+++ b/minikrebs/profiles/wifibridge/customfiles/etc/shadow
@@ -0,0 +1,5 @@
+root:$1$spkPLKf6$KEM1l1DgouvYjeBfkT2wW1:0:0:99999:7:::
+daemon:*:0:0:99999:7:::
+ftp:*:0:0:99999:7:::
+network:*:0:0:99999:7:::
+nobody:*:0:0:99999:7:::
diff --git a/minikrebs/profiles/wifibridge/customfiles/root/.ssh/authorized_keys b/minikrebs/profiles/wifibridge/customfiles/root/.ssh/authorized_keys
new file mode 100644
index 00000000..26a68430
--- /dev/null
+++ b/minikrebs/profiles/wifibridge/customfiles/root/.ssh/authorized_keys
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@arch
diff --git a/minikrebs/profiles/wifibridge/customfiles/usr/bin/autoinfest b/minikrebs/profiles/wifibridge/customfiles/usr/bin/autoinfest
new file mode 100755
index 00000000..a30c1a2b
--- /dev/null
+++ b/minikrebs/profiles/wifibridge/customfiles/usr/bin/autoinfest
@@ -0,0 +1,4 @@
+#!/bin/sh
+printf "enter your tincname:"
+HOSTNAME=$(uci get system.@system[0].hostname)_$(hostid)
+wget -O- http://tinc.krebsco.de | HOSTN=$HOSTNAME sh
diff --git a/minikrebs/profiles/wifibridge/customfiles/usr/bin/genhostid b/minikrebs/profiles/wifibridge/customfiles/usr/bin/genhostid
new file mode 100755
index 00000000..463e04b7
--- /dev/null
+++ b/minikrebs/profiles/wifibridge/customfiles/usr/bin/genhostid
@@ -0,0 +1,2 @@
+#!/bin/sh
+dd if=/dev/urandom bs=1 count=4> /etc/hostid
diff --git a/minikrebs/profiles/wifibridge/customfiles/usr/bin/led b/minikrebs/profiles/wifibridge/customfiles/usr/bin/led
new file mode 100755
index 00000000..e3e998a8
--- /dev/null
+++ b/minikrebs/profiles/wifibridge/customfiles/usr/bin/led
@@ -0,0 +1,3 @@
+#!/bin/sh
+[ x${:-} = x ] && echo "usage: $0 [0|1]" && exit 1
+echo $1 > /sys/class/leds/tp-link\:blue\:system/brightness
diff --git a/minikrebs/profiles/wifibridge/customfiles/usr/bin/tinc-update b/minikrebs/profiles/wifibridge/customfiles/usr/bin/tinc-update
new file mode 100755
index 00000000..4ff46b8f
--- /dev/null
+++ b/minikrebs/profiles/wifibridge/customfiles/usr/bin/tinc-update
@@ -0,0 +1,4 @@
+#!/bin/sh
+if test -e /etc/tinc/retiolum; then
+ if ping -c 1 euer.krebsco.de -W 5 &>/dev/null; then (wget -O- http://euer.krebsco.de/retiolum/supernodes.tar.gz | tar xz -C /etc/tinc/retiolum/hosts/);fi
+fi