summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2018-08-24 21:08:36 +0200
committerJonas Smedegaard <dr@jones.dk>2018-08-24 21:09:42 +0200
commit6d0be66a7b06ca4407c1259672afcd96719a005d (patch)
treea68014cf2f08d99ee60081c2fd97feba646d13e0
parent695d52e43e395ce95d215d7eb8316b1012deaf5d (diff)
Update node gateway: Use dhcp, and firewall zone internal for eth0 and external by default.
-rw-r--r--nodes/gateway.yml55
1 files changed, 55 insertions, 0 deletions
diff --git a/nodes/gateway.yml b/nodes/gateway.yml
index f1ff44e..7db374b 100644
--- a/nodes/gateway.yml
+++ b/nodes/gateway.yml
@@ -36,6 +36,8 @@ parameters:
- use HDMI (not serial port) as initial boot console
- avoid bufferbloat
- set wireless regulatory domain to Denmark
+ - have ethernet devices use dhcp and firewall zone external by default
+ - have ethernet device eth0 use dhcp and firewall zone internal
pkg:
- avahi-autoipd
- network-manager
@@ -66,3 +68,56 @@ parameters:
- >
_setappendvar /target/etc/default/crda \
REGDOMAIN DK
+ - >
+ _uuid(){ set -e;\
+ tmpfile=$(mktemp);\
+ (umask 077; fallocate --length 40kib "$tmpfile");\
+ PATH="/usr/sbin:/sbin:$PATH" mkswap "$tmpfile" | grep -Po '\bUUID=\K\S+';\
+ rm -f "$tmpfile"; }
+# nmcli connection add type ethernet con-name eth0 ifname eth0 autoconnect on connection.zone internal
+ - >
+ file=/target/etc/NetworkManager/system-connections/eth0;\
+ _backup "$file";\
+ echo "[connection]" > "$file";\
+ echo "id=eth0" >> "$file";\
+ echo "uuid=$(_uuid)" >> "$file";\
+ echo "type=ethernet" >> "$file";\
+ echo "interface-name=eth0" >> "$file";\
+ echo "permissions=" >> "$file";\
+ echo "zone=internal" >> "$file";\
+ echo "" >> "$file";\
+ echo "[ethernet]" >> "$file";\
+ echo "mac-address-blacklist=" >> "$file";\
+ echo "" >> "$file";\
+ echo "[ipv4]" >> "$file";\
+ echo "dns-search=" >> "$file";\
+ echo "method=auto" >> "$file";\
+ echo "" >> "$file";\
+ echo "[ipv6]" >> "$file";\
+ echo "addr-gen-mode=stable-privacy" >> "$file";\
+ echo "dns-search=" >> "$file";\
+ echo "method=auto" >> "$file";\
+ chmod go= "$file"
+# nmcli connection add type ethernet con-name dhcp ifname '*' autoconnect on connection.zone external
+ - >
+ file=/target/etc/NetworkManager/system-connections/dhcp;\
+ _backup "$file";\
+ echo "[connection]" > "$file";\
+ echo "id=dhcp" >> "$file";\
+ echo "uuid=$(_uuid)" >> "$file";\
+ echo "type=ethernet" >> "$file";\
+ echo "permissions=" >> "$file";\
+ echo "zone=external" >> "$file";\
+ echo "" >> "$file";\
+ echo "[ethernet]" >> "$file";\
+ echo "mac-address-blacklist=" >> "$file";\
+ echo "" >> "$file";\
+ echo "[ipv4]" >> "$file";\
+ echo "dns-search=" >> "$file";\
+ echo "method=auto" >> "$file";\
+ echo "" >> "$file";\
+ echo "[ipv6]" >> "$file";\
+ echo "addr-gen-mode=stable-privacy" >> "$file";\
+ echo "dns-search=" >> "$file";\
+ echo "method=auto" >> "$file";\
+ chmod go= "$file"