#!/bin/bash # postinst script for #PACKAGE# # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see https://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) ## START gather all the info from the box and generate the variabels export LOOPBACKv4=$(dig a +short ${HOSTNAME}) export LOOPBACKv6=$(dig aaaa +short ${HOSTNAME}) NODEASN=$(dig txt +short asn.${HOSTNAME}) NODEASN="${NODEASN%\"}" NODEASN="${NODEASN#\"}" export NODEASN if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ] || [ -z $NODEASN ]; then echo "unable to find my LOOPBACK IP and/or ASN: $LOOPBACKv4/$LOOPBACKv6/$NODEASN" exit 2 fi ## END variables ## START nic config compile IFCONFIG="/etc/network/interfaces" UDEVCONFIG="/etc/udev/rules.d/70-persistent-net.rules" # gathering supported interfaces declare -A MACS MACS["mgmt1"]=$(dig txt +short mac.mgmt.${HOSTNAME}) for if in feth up ibgp do for i in {1..9} do MACS["${if}${i}"]=$(dig txt +short mac.${if}${i}.${HOSTNAME}) done done # wiping existing config in prep for de-deploying it mv -f ${IFCONFIG} ${IFCONFIG}.dpkg-old || true mv -f ${UDEVCONFIG} ${UDEVCONFIG}.dpkg-old || true # write loopback config cat <<-EOF >/etc/network/interfaces auto lo iface lo inet loopback iface lo inet static address ${LOOPBACKv4}/32 iface lo inet6 static address ${LOOPBACKv6}/128 EOF for if in ${!MACS[@]} do [ -z ${MACS[$if]} ] && continue ## skip undefined interfaces echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=='${MACS[$if]}', ATTR{type}=="1", NAME="'${if}'"' >>$UDEVCONFIG if [[ $if = feth? ]]; then cat <<-EOF >>$IFCONFIG auto $if iface $if inet manual mtu 9000 EOF fi if [[ $if = mgmt? ]]; then cat <<-EOF >>$IFCONFIG auto $if iface $if inet6 auto iface $if inet dhcp pre-up /bin/ip link add mgmt type vrf table mgmt pre-up /bin/ip link set up dev mgmt pre-up /bin/ip link set master mgmt dev $if post-down /bin/ip link del dev mgmt EOF fi if [[ $if = ibgp? ]]; then cat <<-EOF >>$IFCONFIG auto $if iface $if inet manual mtu 9000 EOF fi if [[ $if = up? ]]; then cat <<-EOF >>$IFCONFIG auto $if iface $if inet static address $(dig txt +short ipv4.$if.$HOSTNAME) mtu 9000 iface $if inet6 static address $(dig txt +short ipv6.$if.$HOSTNAME) EOF fi done ## START nic config compile ## START writing config files # set frr config sed -i -e "s/FRRROUTERID/${LOOPBACKv4}/" -e "s/NODEASN/${NODEASN}/" /etc/frr/frr.conf.wit chown frr.frr /etc/frr/frr.conf.wit /etc/frr/daemons.wit # set ipsec config sed -i -e "s/FQHOSTNAME/${HOSTNAME}/" /etc/ipsec.conf.wit echo ": RSA ${HOSTNAME}.key" >/etc/ipsec.secrets # wite grub rules for serial terminal sed -i -e '/GRUB_CMDLINE_LINUX_DEFAULT=/d' -e '/GRUB_CMDLINE_LINUX=/d' -e '/GRUB_SERIAL_COMMAND=/d' -e '/GRUB_TERMINAL=/d' /etc/default/grub cat <<-EOF >>/etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT="" GRUB_CMDLINE_LINUX="console=tty0 console=ttyS1,115200n8" GRUB_TERMINAL=serial GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1" EOF # disable password logins on ssh sed -i -e '/#*\s*PasswordAuthentication /d' /etc/ssh/sshd_config echo "PasswordAuthentication no" >>/etc/ssh/sshd_config ## END config file section ## START configuring services as we need it systemctl disable strongswan # disable ipsec till we have the certs and all systemctl enable firewall systemctl restart systemd-timesyncd systemctl restart ssh update-grub sysctl -p /etc/sysctl.d/10-frr.conf ## END services section ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0