fi
done <<<"$(get instance/metadata/ssh_authorized_keys)"
- # Download the user-data script only on the first boot
- if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
- # Download a startup script
- local script="$(get instance/metadata/user_data)"
-
- # Execute the script
- if [ "${script:0:2}" = "#!" ]; then
- echo "${script}" > /tmp/user-data.script
- chmod 700 /tmp/user-data.script
-
- # Run the script
- local now="$(date -u +"%s")"
- /tmp/user-data.script &>/var/log/user-data.log.${now}
-
- # Delete the script right away
- rm /tmp/user-data.script
- fi
+ # End here if it isn't the first boot
+ if [ -e "/var/ipfire/main/firstsetup_ok" ]; then
+ return 0
+ fi
+
+ # Download the user-data script
+ local script="$(get instance/metadata/user_data)"
+
+ # Execute the script
+ if [ "${script:0:2}" = "#!" ]; then
+ echo "${script}" > /tmp/user-data.script
+ chmod 700 /tmp/user-data.script
+
+ # Run the script
+ local now="$(date -u +"%s")"
+ /tmp/user-data.script &>/var/log/user-data.log.${now}
+
+ # Delete the script right away
+ rm /tmp/user-data.script
fi
# Import network configuration
# Calculate the network and broadcast addresses
local netaddress="${subnet%/*}"
- local index="$(oci_get_interface_param "${id}" "nicIndex")"
+ # RED
+ local interface_name="red0"
+ local gateway="$(oci_get_interface_param "${id}" "virtualRouterIp")"
- # Set index to zero if it was empty
- if [ -z "${index}" ]; then
- index=0
- fi
-
- case "${index}" in
- # RED
- 0)
- local interface_name="red0"
- local gateway="$(oci_get_interface_param "${id}" "virtualRouterIp")"
-
- (
- echo "RED_TYPE=STATIC"
- echo "RED_DEV=${interface_name}"
- echo "RED_MACADDR=${mac}"
- echo "RED_DESCRIPTION='${id}'"
- echo "RED_ADDRESS=${ipv4_address}"
- echo "RED_NETMASK=${netmask}"
- echo "RED_NETADDRESS=${netaddress}"
- echo "RED_MTU=1500"
- echo "DEFAULT_GATEWAY=${gateway}"
- ) >> /var/ipfire/ethernet/settings
-
- # Import aliases for RED
- #for alias in $(get "instance/network-interfaces/${device_number}/ip-aliases"); do
- # echo "${alias},on,"
- #done > /var/ipfire/ethernet/aliases
- ;;
-
- # GREEN
- 1)
- local interface_name="green0"
-
- (
- echo "GREEN_DEV=${interface_name}"
- echo "GREEN_MACADDR=${mac}"
- echo "GREEN_DESCRIPTION='${id}'"
- echo "GREEN_ADDRESS=${ipv4_address}"
- echo "GREEN_NETMASK=${netmask}"
- echo "GREEN_NETADDRESS=${netaddress}"
- echo "GREEN_MTU=${DEFAULT_MTU}"
- ) >> /var/ipfire/ethernet/settings
- ;;
-
- # ORANGE
- 2)
- local interface_name="orange0"
- config_type=2
-
- (
- echo "ORANGE_DEV=${interface_name}"
- echo "ORANGE_MACADDR=${mac}"
- echo "ORANGE_DESCRIPTION='${id}'"
- echo "ORANGE_ADDRESS=${ipv4_address}"
- echo "ORANGE_NETMASK=${netmask}"
- echo "ORANGE_NETADDRESS=${netaddress}"
- echo "ORANGE_MTU=${DEFAULT_MTU}"
- ) >> /var/ipfire/ethernet/settings
- ;;
- esac
+ (
+ echo "RED_TYPE=DHCP"
+ echo "RED_DEV=${interface_name}"
+ echo "RED_MACADDR=${mac}"
+ echo "RED_DESCRIPTION='${id}'"
+ ) >> /var/ipfire/ethernet/settings
done
# Save CONFIG_TYPE
echo "CONFIG_TYPE=${config_type}" >> /var/ipfire/ethernet/settings
- # Actions performed only on the very first start
- if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
- # Disable using ISP nameservers
- sed -e "s/^USE_ISP_NAMESERVERS=.*/USE_ISP_NAMESERVERS=off/" -i /var/ipfire/dns/settings
+ # Disable using ISP nameservers
+ sed -e "s/^USE_ISP_NAMESERVERS=.*/USE_ISP_NAMESERVERS=off/" -i /var/ipfire/dns/settings
- # Enable SSH
- sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings
+ # Enable SSH
+ sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings
- # Disable SSH password authentication
- sed -e "s/^ENABLE_SSH_PASSWORDS=.*/ENABLE_SSH_PASSWORDS=off/" -i /var/ipfire/remote/settings
+ # Disable SSH password authentication
+ sed -e "s/^ENABLE_SSH_PASSWORDS=.*/ENABLE_SSH_PASSWORDS=off/" -i /var/ipfire/remote/settings
- # Enable SSH key authentication
- sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings
+ # Enable SSH key authentication
+ sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings
- # Apply SSH settings
- /usr/local/bin/sshctrl
+ # Apply SSH settings
+ /usr/local/bin/sshctrl
- # Mark SSH to start immediately (but not right now)
- touch /var/ipfire/remote/enablessh
- chown nobody:nobody /var/ipfire/remote/enablessh
+ # Mark SSH to start immediately (but not right now)
+ touch /var/ipfire/remote/enablessh
+ chown nobody:nobody /var/ipfire/remote/enablessh
- # Firewall rules for SSH and WEBIF
- (
- echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
- echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
- ) >> /var/ipfire/firewall/input
+ # Firewall rules for SSH and WEBIF
+ (
+ echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
+ echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
+ ) >> /var/ipfire/firewall/input
- # This script has now completed the first steps of setup
- touch /var/ipfire/main/firstsetup_ok
- fi
+ # This script has now completed the first steps of setup
+ touch /var/ipfire/main/firstsetup_ok
# All done
echo_ok