#!/bin/bash
# postinst script for #PACKAGE#
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see https://www.debian.org/doc/debian-policy/ or
# the debian-policy package
case "$1" in
configure)
### START gather all the info from the box and generate the variabels
export LOOPBACKv4=$(dig a +short ${HOSTNAME})
export LOOPBACKv6=$(dig aaaa +short ${HOSTNAME})
NODEASN=$(dig txt +short asn.${HOSTNAME})
NODEASN="${NODEASN%\"}"
NODEASN="${NODEASN#\"}"
export NODEASN
if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ] || [ -z $NODEASN ]; then
echo "unable to find my LOOPBACK IP and/or ASN: $LOOPBACKv4/$LOOPBACKv6/$NODEASN"
exit 2
fi
declare -A MACS
for if in mgmt feth1 feth2 up1 up2
do
MACS["$if"]=$(dig txt +short mac.$if.$HOSTNAME) ## careful mac will be wrapped in quotes, but we don't care since we'll need it again wrapped in quotes (so far)
done
## END variables
## START writing config files
# disable password logins on ssh
sed -i -e '/#*\s*PasswordAuthentication /d' /etc/ssh/sshd_config
echo "PasswordAuthentication no" >>/etc/ssh/sshd_config
# set network interface configurations
cat <<-EOF >/etc/network/interfaces
source-directory /etc/network/interfaces.d
EOF
cat <<-EOF >/etc/network/interfaces.d/lo
auto lo
iface lo inet loopback
iface lo inet static
address ${LOOPBACKv4}/32
iface lo inet6 static
address ${LOOPBACKv6}/128
EOF
cat <<-"EOF" >/etc/network/interfaces.d/mgmt1
auto mgmt1
iface mgmt1 inet dhcp
pre-up /bin/ip link add mgmt type vrf table mgmt
pre-up /bin/ip link set up dev mgmt
pre-up /bin/ip link set master mgmt dev mgmt1
post-down /bin/ip link del dev mgmt
iface mgmt1 inet6 auto
EOF
cat <<-"EOF" >/etc/network/interfaces.d/feth
auto feth1
iface feth1 inet manual
mtu 9000
auto feth2
iface feth2 inet manual
mtu 9000
EOF
# set frr config
sed -i -e "s/FRRROUTERID/${LOOPBACKv4}/" -e "s/NODEASN/${NODEASN}/" /etc/frr/frr.conf.wit
chown frr.frr /etc/frr/frr.conf.wit /etc/frr/daemons.wit
# set ipsec config
sed -i -e "s/FQHOSTNAME/${HOSTNAME}/" /etc/ipsec.conf.wit
echo ": RSA ${HOSTNAME}.key" >/etc/ipsec.secrets
# write udev rules for device names
for if in ${!MACS[@]}
do
ifmac=${MACS[$if]}
[ "$if" == "mgmt" ] && if=mgmt1
[ -z "$ifmac" ] || echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=='$mac', ATTR{type}=="1", NAME="'${if}'"'
done >/etc/udev/rules.d/70-persistent-net.rules
# wite grub rules for serial terminal
sed -i -e '/GRUB_CMDLINE_LINUX_DEFAULT=/d' -e '/GRUB_CMDLINE_LINUX=/d' -e '/GRUB_SERIAL_COMMAND=/d' -e '/GRUB_TERMINAL=/d' /etc/default/grub
cat <<-EOF >>/etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS1,115200n8"
GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1"
EOF
## END config file section
## START configuring services as we need it
systemctl enable firewall
systemctl restart systemd-timesyncd
systemctl restart ssh
update-grub
sysctl -p /etc/sysctl.d/10-frr.conf
## END services section
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0