enabling debug post-script again and removing hardcoded domain name in post-script for subnets lookups

debian/wit-network-config.postinst

@@ -3,7 +3,7 @@
 #
 # see: dh_installdeb(1)
 
-set -e
+set -xe
 
 # summary of how this script can be called:
 #        * <postinst> `configure' <most-recently-configured-version>
@@ -27,6 +27,7 @@ case "$1" in
         FRRCONFIG="/etc/frr/frr.conf.wit"
         IPSECCONFIG="/etc/ipsec.conf.wit"
         SWANCTLCONFIG="/etc/swanctl/conf.d/wit-swanctl.conf"
+        DOMAINNAME=$(hostname -d)
 
 
 
@@ -263,7 +264,7 @@ case "$1" in
          ## compile public IP space prefix lists, this is what's going to be advertised out the upstream provider
             i=1
             while true; do 
-                TEMP="$(dig_txt $i.ipv4.public.prefixlist.usw2.admin.wit.com)" || break
+                TEMP="$(dig_txt $i.ipv4.public.prefixlist.$DOMAINNAME)" || break
                 TEMPAGGS="  !!!  aggregate-address ${TEMP}\n"
                 FRR_IPV4_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV4_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
                 TEMPSUM="!!!  ip prefix-list WITv4-SUMMARIES seq $((i*5)) permit ${TEMP}\n"
@@ -273,7 +274,7 @@ case "$1" in
 
             i=1
             while true; do 
-                TEMP="$(dig_txt $i.ipv6.public.prefixlist.usw2.admin.wit.com)" || break
+                TEMP="$(dig_txt $i.ipv6.public.prefixlist.$DOMAINNAME)" || break
                 TEMPAGGS="  !!!  aggregate-address ${TEMP}\n"
                 FRR_IPV6_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV6_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
                 TEMPSUM="!!!  ipv6 prefix-list WITv6-SUMMARIES seq $((i*5)) permit ${TEMP}\n"
@@ -285,7 +286,7 @@ case "$1" in
          ## compile customer IP blocks that we accept. this in theory should be a combination of *all* public blocks used accross regions while limiting it a smaller subnet size
             i=1
             while true; do 
-                TEMP="$(dig_txt $i.ipv4.customers.prefixlist.usw2.admin.wit.com)" || break
+                TEMP="$(dig_txt $i.ipv4.customers.prefixlist.$DOMAINNAME)" || break
                 TEMPSUM="ip prefix-list WITv4-CUSTOMERS seq $((i*5)) permit ${TEMP} ge 25\n"
                 FRR_IPV4_CUSTOMERS_PFLIST="${FRR_IPV4_CUSTOMERS_PFLIST}${TEMPSUM}"
                 let i+=1
@@ -293,7 +294,7 @@ case "$1" in
 
             i=1
             while true; do 
-                TEMP="$(dig_txt $i.ipv6.customers.prefixlist.usw2.admin.wit.com)" || break
+                TEMP="$(dig_txt $i.ipv6.customers.prefixlist.$DOMAINNAME)" || break
                 TEMPSUM="ipv6 prefix-list WITv6-CUSTOMERS seq $((i*5)) permit ${TEMP} ge 64\n"
                 FRR_IPV6_CUSTOMERS_PFLIST="${FRR_IPV6_CUSTOMERS_PFLIST}${TEMPSUM}"
                 let i+=1
@@ -303,7 +304,7 @@ case "$1" in
          ## compile loopback IP blocks that we wanna accept to be injected into the bgp
             i=1
             while true; do 
-                TEMP="$(dig_txt $i.ipv4.loopback.prefixlist.usw2.admin.wit.com)" || break
+                TEMP="$(dig_txt $i.ipv4.loopback.prefixlist.$DOMAINNAME)" || break
                 TEMPSUM="ip prefix-list LOOPBACKv4 seq $((i*5)) permit ${TEMP} ge 32\n"
                 FRR_IPV4_LOOPBACK_PFLIST="${FRR_IPV4_LOOPBACK_PFLIST}${TEMPSUM}"
                 [ -z $IPSEC_IPV4_SUBNETS ] || IPSEC_IPV4_SUBNETS="${IPSEC_IPV4_SUBNETS},"
@@ -313,7 +314,7 @@ case "$1" in
 
             i=1
             while true; do 
-                TEMP="$(dig_txt $i.ipv6.loopback.prefixlist.usw2.admin.wit.com)" || break
+                TEMP="$(dig_txt $i.ipv6.loopback.prefixlist.$DOMAINNAME)" || break
                 TEMPSUM="ipv6 prefix-list LOOPBACKv6 seq $((i*5)) permit ${TEMP} ge 128\n"
                 FRR_IPV6_LOOPBACK_PFLIST="${FRR_IPV6_LOOPBACK_PFLIST}${TEMPSUM}"
                 [ -z $IPSEC_IPV6_SUBNETS ] || IPSEC_IPV6_SUBNETS="${IPSEC_IPV6_SUBNETS},"

files/ipsec.conf.wit

@@ -4,7 +4,7 @@ config setup
 
 
 conn %default
-    #keyexchange=ikev1
+    #keyexchange=ikev2
     keyingtries=%forever
     dpdtimeout=10
     dpddelay=2