to_address "$(( netmask ^ 0xffffffff ))"
}
+find_interface() {
+ local mac="${1}"
+
+ local path
+ for path in /sys/class/net/*; do
+ local address="$(<${path}/address)"
+
+ if [ "${mac}" = "${address}" ]; then
+ basename "${path}"
+ return 0
+ fi
+ done
+
+ return 1
+}
+
import_aws_configuration() {
local instance_id="$(get instance-id)"
boot_mesg "Importing AWS configuration for instance ${instance_id}..."
+ # Store instance ID
+ echo "${instance_id}" > /var/run/aws-instance-id
+
# Initialise system settings
local hostname=$(get local-hostname)
echo "DOMAINNAME=${hostname#*.}" >> /var/ipfire/main/settings
fi
+ # Create setup user
+ if ! getent passwd setup &>/dev/null; then
+ useradd setup -s /usr/bin/run-setup -g nobody -m
+
+ # Unlock the account
+ usermod -p "x" setup
+ fi
+
+ # Import SSH keys for setup user
+ local line
+ for line in $(get "public-keys/"); do
+ local key_no="${line%=*}"
+
+ local key="$(get public-keys/${key_no}/openssh-key)"
+ if [ -n "${key}" ] && ! grep -q "^${key}$" "/home/setup/.ssh/authorized_keys" 2>/dev/null; then
+ mkdir -p "/home/setup/.ssh"
+ chmod 700 "/home/setup/.ssh"
+
+ echo "${key}" >> "/home/setup/.ssh/authorized_keys"
+ chmod 600 "/home/setup/.ssh/authorized_keys"
+ fi
+ done
+
# Import any DNS server settings
eval $(/usr/local/bin/readhash <(grep -E "^DNS([0-9])=" /var/ipfire/ethernet/settings 2>/dev/null))
# Import network configuration
+ # After this, no network connectivity will be available from this script due to the
+ # renaming of the network interfaces for which they have to be shut down
local config_type=1
: > /var/ipfire/ethernet/settings
case "${device_number}" in
# RED
0)
+ local interface_name="red0"
+
# The gateway is always the first IP address in the subnet
local gateway="$(to_address $(( netaddress_num + 1 )))"
(
echo "RED_TYPE=STATIC"
- echo "RED_DEV=red0"
+ echo "RED_DEV=${interface_name}"
echo "RED_MACADDR=${mac}"
echo "RED_DESCRIPTION='${interface_id}'"
echo "RED_ADDRESS=${ipv4_address}"
# GREEN
1)
+ local interface_name="green0"
+
(
- echo "GREEN_DEV=green0"
+ echo "GREEN_DEV=${interface_name}"
echo "GREEN_MACADDR=${mac}"
echo "GREEN_DESCRIPTION='${interface_id}'"
echo "GREEN_ADDRESS=${ipv4_address}"
# ORANGE
2)
+ local interface_name="orange0"
config_type=2
(
- echo "ORANGE_DEV=orange0"
+ echo "ORANGE_DEV=${interface_name}"
echo "ORANGE_MACADDR=${mac}"
echo "ORANGE_DESCRIPTION='${interface_id}'"
echo "ORANGE_ADDRESS=${ipv4_address}"
) >> /var/ipfire/ethernet/settings
;;
esac
- done
-
- # Save CONFIG_TYPE
- echo "CONFIG_TYPE=${config_type}" >> /var/ipfire/ethernet/settings
- # Import SSH keys
- local line
- for line in $(get "public-keys/"); do
- local key_no="${line%=*}"
-
- local key="$(get public-keys/${key_no}/openssh-key)"
- if [ -n "${key}" ] && ! grep -q "^${key}$" /root/.ssh/authorized_keys 2>/dev/null; then
- mkdir -p /root/.ssh
- chmod 700 /root/.ssh
+ # Rename interface
+ local interface="$(find_interface "${mac}")"
- echo "${key}" >> /root/.ssh/authorized_keys
- chmod 600 /root/.ssh/authorized_keys
+ if [ -n "${interface}" ] && [ -n "${interface_name}" ] && [ "${interface}" != "${interface_name}" ]; then
+ ip link set "${interface}" down
+ ip link set "${interface}" name "${interface_name}"
fi
done
+ # Save CONFIG_TYPE
+ echo "CONFIG_TYPE=${config_type}" >> /var/ipfire/ethernet/settings
+
# Actions performed only on the very first start
if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
# Enable SSH
sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings
- touch /var/ipfire/remote/enablessh
- chown nobody:nobody /var/ipfire/remote/enablessh
-
# Enable SSH key authentication
sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings
+ # Apply SSH settings
+ /usr/local/bin/sshctrl
+
+ # Mark SSH to start immediately (but not right now)
+ touch /var/ipfire/remote/enablessh
+ chown nobody:nobody /var/ipfire/remote/enablessh
+
# Firewall rules for SSH and WEBIF
(
echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
projects / people / mfischer / ipfire-2.x.git / blobdiff