jeka/openwrt-auto-extroot-gw-aramil
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
72fb447b874035e36614d966393cf32a9d120eb9
openwrt-auto-extroot-gw-aramil/image-extras/tplink_tl-wdr3600-v1/etc/uci-defaults/99-defaults
jeka 72fb447b87 join settings
2023-12-16 22:56:35 +05:00

394 lines
15 KiB
Bash
Raw Blame History

#!/bin/sh
#
# Beware! This script will be in /rom/etc/uci-defaults/ as part of the image.
# Uncomment lines to apply:
wlan_name="office"
wlan_password="fuckingwep"
root_password="AsD7fg"
lan_ip_address="192.168.47.1"
hostname="gw-aramil"
# dhcp server 1 disable, 0 enable
dhcpsrv="0"
# log potential errors
exec >/tmp/setup.log 2>&1
if [ -n "$root_password" ]; then
(echo "$root_password"; sleep 1; echo "$root_password") | passwd > /dev/null
fi
# Configure LAN
# More options: https://openwrt.org/docs/guide-user/base-system/basic-networking
if [ -n "$lan_ip_address" ]; then
uci set network.lan.ipaddr="$lan_ip_address"
uci commit network
fi
# Configure WLAN
# More options: https://openwrt.org/docs/guide-user/network/wifi/basic#wi-fi_interfaces
if [ -n "$wlan_name" -a -n "$wlan_password" -a ${#wlan_password} -ge 8 ]; then
uci set wireless.@wifi-device[0].disabled='0'
uci set wireless.@wifi-device[0].channel='11'
uci set wireless.@wifi-device[0].txpower='15'
uci set wireless.@wifi-device[0].disabled='0'
uci set wireless.@wifi-device[0].country='RU'
uci set wireless.@wifi-iface[0].mode='ap'
uci set wireless.@wifi-iface[0].encryption='psk2'
uci set wireless.@wifi-iface[0].ssid="$wlan_name"
uci set wireless.@wifi-iface[0].key="$wlan_password"
#uci set wireless.@wifi-iface[0].macfilter='allow'
#uci add_list wireless.@wifi-iface[0].maclist=''
uci commit wireless
fi
# Configure system
uci set system.@system[0].hostname="$hostname"
uci set system.@system[0].timezone='<+05>-5'
uci set system.ntp.enable_server='1'
uci set system.ntp.interface='lan'
uci set system.@system[0].zonename='Asia/Yekaterinburg'
uci commit system
/etc/init.d/system restart
# Configure ssh dropbear
SSHPUB="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSZsnOKXMTO7GTdrDUzuemE2h+SAIwMBbsrLVtx/CFoYidtT5qQ4ukAJG5JvRIkmZUl0t2C69z0nEEZXInTycsqQW7IlYpiy9yTlImd9QmyckZcHptTtEzyNdcCDOXOcW2Q0YEykpOoccTCkk2PHa3Xufel67jTwXfaqAVzaN5fXy6uO2I1ab5HHwCFX8zTuagBXKSYDMlHxrz9friu8ipuiPsEgl5n1LOvasypnZkpjhb5XnJi7tyRHfbzx+X+DIZc/ZW21BPtcExSXn+mmVhTD0vQh9MGG/hnfdvCXGPSKGGHMPiZEL9vzN3PvBYVchp/8DDSKtRZtJnBpNhdtl+8LjGsOgDPN51otOxcDtIQgOiMGbgX6fzMB7EN642b3f8tlFp3aVswtH3isBz6AgeVO+qqI/nW6Io7mayNXrDXVIULh0Ol4TKTZ61KGLCUhX/ZL9ifXdXWlTVeXzidaxIZ7BGF5SaTRlHJhRfqVc8fZI9BBaPFFSqxBYzybYkGzU= jeka@x220"
cat << EOI > /etc/dropbear/authorized_keys
${SSHPUB}
EOI
chmod 600 /etc/dropbear/authorized_keys
uci set dropbear.@dropbear[0].PasswordAuth="0"
uci set dropbear.@dropbear[0].RootPasswordAuth="0"
uci set dropbear.@dropbear[0].GatewayPorts='on'
uci commit dropbear
/etc/init.d/dropbear restart
# Configure uhttpd
uci set uhttpd.main.listen_http='0.0.0.0:8080'
uci set uhttpd.main.listen_https='0.0.0.0:4431'
uci commit uhttpd
/etc/init.d/uhttpd restart
# DHCP server on/off
uci set dhcp.lan.start='90'
uci set dhcp.lan.limit='100'
uci set dhcp.lan.ignore="$dhcpsrv"
uci add host
uci set dhcp.@host[-1].name='kyocera0'
uci set dhcp.@host[-1].mac='00:17:C8:76:43:91'
uci set dhcp.@host[-1].ip='192.168.47.30'
uci add host
uci set dhcp.@host[-1].name='kyocera1'
uci set dhcp.@host[-1].mac='00:17:C8:42:1C:AA'
uci set dhcp.@host[-1].ip='192.168.47.31'
uci add host
uci set dhcp.@host[-1].name='lg-webos-1F'
uci set dhcp.@host[-1].mac='A8:23:FE:7A:D4:1E'
uci set dhcp.@host[-1].ip='192.168.47.36'
uci add host
uci set dhcp.@host[-1].name='camera1'
uci set dhcp.@host[-1].mac='c0:56:e3:86:2d:22'
uci set dhcp.@host[-1].ip='192.168.47.20'
uci add host
uci set dhcp.@host[-1].name='camera2'
uci set dhcp.@host[-1].mac='c0:56:e3:87:de:b0'
uci set dhcp.@host[-1].ip='192.168.47.21'
uci add host
uci set dhcp.@host[-1].name='camera3'
uci set dhcp.@host[-1].mac='c0:56:e3:86:2d:33'
uci set dhcp.@host[-1].ip='192.168.47.22'
uci add host
uci set dhcp.@host[-1].name='camera4'
uci set dhcp.@host[-1].mac='c0:56:e3:87:df:37'
uci set dhcp.@host[-1].ip='192.168.47.23'
uci add host
uci set dhcp.@host[-1].name='camera5'
uci set dhcp.@host[-1].mac='f8:4d:fc:0b:dd:59'
uci set dhcp.@host[-1].ip='192.168.47.24'
uci add host
uci set dhcp.@host[-1].name='kodi-aramil'
uci set dhcp.@host[-1].mac='90:0E:B3:03:97:96'
uci set dhcp.@host[-1].ip='192.168.47.19'
uci add host
uci set dhcp.@host[-1].name='switch-des2110'
uci set dhcp.@host[-1].mac='00:11:95:28:7F:F4'
uci set dhcp.@host[-1].ip='192.168.47.155'
uci add host
uci set dhcp.@host[-1].name='Pap2t'
uci set dhcp.@host[-1].mac='00:0e:08:20:22:68'
uci set dhcp.@host[-1].ip='192.168.47.40'
uci add host
uci set dhcp.@host[-1].name='CiscoATA186'
uci set dhcp.@host[-1].mac='00:0D:29:51:31:E9'
uci set dhcp.@host[-1].ip='192.168.47.41'
uci add host
uci set dhcp.@host[-1].name='PBX'
uci set dhcp.@host[-1].mac='00:16:3E:5F:0F:15'
uci set dhcp.@host[-1].ip='192.168.47.7'
uci add host
uci set dhcp.@host[-1].name='Ogorod-mikrotik'
uci set dhcp.@host[-1].mac='D4:CA:6D:7F:6F:3E'
uci set dhcp.@host[-1].ip='192.168.47.38'
uci add host
uci set dhcp.@host[-1].name='Yandexstation-1F'
uci set dhcp.@host[-1].mac='70:4A:0E:62:C1:1A'
uci set dhcp.@host[-1].ip='192.168.47.33'
uci add host
uci set dhcp.@host[-1].name='esphome-pogreb'
uci set dhcp.@host[-1].mac='C4:5B:BE:63:51:4F'
uci set dhcp.@host[-1].ip='192.168.47.45'
uci add host
uci set dhcp.@host[-1].name='esphome-kotelnaya'
uci set dhcp.@host[-1].mac='4C:75:25:2A:5B:64'
uci set dhcp.@host[-1].ip='192.168.47.46'
uci add host
uci set dhcp.@host[-1].name='esphome-garage-dvor'
uci set dhcp.@host[-1].mac='40:91:51:52:C3:24'
uci set dhcp.@host[-1].ip='192.168.47.47'
uci commit dhcp
/etc/init.d/dnsmasq restart
# Configure network
# VPN BAUMANA
uci set network.vpn0=interface
uci set network.vpn0.proto='wireguard'
uci set network.vpn0.private_key='CC2sqK5H1gyertWCa7RtTobRSCO75LX5VAkHW5VjRUI='
uci set network.vpn0.listen_port='23557'
uci add network wireguard_vpn0
uci set network.@wireguard_vpn0[0]=wireguard_vpn0
uci set network.@wireguard_vpn0[0].description='Site Baumana Home'
uci set network.@wireguard_vpn0[0].public_key='AFMw2q1JP16ckXnho04M7J2hheUIXtjdRcGQSrs2BHM='
uci set network.@wireguard_vpn0[0].preshared_key='afYl4qqDwk0f0RGNscnBFRfnKG5Jm6wR3FPA60TTFII='
uci set network.@wireguard_vpn0[0].allowed_ips='192.168.75.0/24'
uci set network.@wireguard_vpn0[0].route_allowed_ips='1'
uci set network.@wireguard_vpn0[0].persistent_keepalive='25'
uci set network.@wireguard_vpn0[0].endpoint_host='wg.npau.ru'
uci set network.@wireguard_vpn0[0].endpoint_port='23557'
# VPN ELMASH
uci set network.vpn1=interface
uci set network.vpn1.proto='wireguard'
uci set network.vpn1.private_key='yBYYOXkzZflQpfp0PdmZCKx1klz2IdjnWxxEwsmlJ1U='
uci set network.vpn1.listen_port='23556'
uci add network wireguard_vpn1
uci set network.@wireguard_vpn1[0]=wireguard_vpn1
uci set network.@wireguard_vpn1[0].description='Site Elmash Office'
uci set network.@wireguard_vpn1[0].public_key='UjhGEeZkSpeeh0GfKvvtdAL9khP8hNiCpkIutlJiuFg='
uci set network.@wireguard_vpn1[0].preshared_key='GdSszP+e86Vhs+/GD7uHpsLCnBCpyBZwMmOlxbS6OOg='
uci set network.@wireguard_vpn1[0].allowed_ips='192.168.77.0/24'
uci set network.@wireguard_vpn1[0].route_allowed_ips='1'
uci set network.@wireguard_vpn1[0].persistent_keepalive='25'
uci set network.@wireguard_vpn1[0].endpoint_host='elmash.npau.ru'
uci set network.@wireguard_vpn1[0].endpoint_port='23556'
# VPN PIVKO
uci set network.vpn2=interface
uci set network.vpn2.proto='wireguard'
uci set network.vpn2.private_key='wKGUSB76waHrZKjxTutJJ+B50Cafl/O16X7VLCUBfls='
uci set network.vpn2.listen_port='23558'
uci add network wireguard_vpn2
uci set network.@wireguard_vpn2[0]=wireguard_vpn2
uci set network.@wireguard_vpn2[0].description='Site Pivko Dvurechensk'
uci set network.@wireguard_vpn2[0].public_key='i0/zXWRpNIgk4KOwDa/qzBubFehgVmTfPv7yk2gYgBk='
uci set network.@wireguard_vpn2[0].preshared_key='ONgqoU8Q6mT42E/RVUAhRwKarmF8H5z/7SR7df5Mn48='
uci set network.@wireguard_vpn2[0].allowed_ips='192.168.76.0/24'
uci set network.@wireguard_vpn2[0].route_allowed_ips='1'
uci set network.@wireguard_vpn2[0].persistent_keepalive='25'
uci set network.@wireguard_vpn2[0].endpoint_host='pivko.npau.ru'
uci set network.@wireguard_vpn2[0].endpoint_port='23558'
# Antizapret
uci set network.wg0=interface
uci set network.wg0.proto='wireguard'
uci set network.wg0.listen_port='51820'
uci set network.wg0.private_key='qFTjFepaM+mUnzePCs2BF81lEszlau4bgayYAayApXo='
uci set network.wg0.addresses='192.168.100.4/24'
uci add network wireguard_wg0
uci set network.@wireguard_wg0[0]=wireguard_wg0
uci set network.@wireguard_wg0[0].name='wg0_client'
uci set network.@wireguard_wg0[0].route_allowed_ips='0'
uci set network.@wireguard_wg0[0].persistent_keepalive='25'
uci set network.@wireguard_wg0[0].allowed_ips='0.0.0.0/0'
uci set network.@wireguard_wg0[0].endpoint_host='88.210.11.80'
uci set network.@wireguard_wg0[0].endpoint_port='51820'
uci set network.@wireguard_wg0[0].public_key='E/3AhjY3/nteAEy7uPR72kKbXwyJL3ANEhsEoMHP43o='
uci set network.@wireguard_wg0[0].preshared_key='sqW/LnZMocBhkuDTwSBnsUGilk+KznRMXk8LJnaOEXk='
uci commit network
/etc/init.d/network restart
# Configure firewall
# SETTINGS
uci set firewall.@defaults[0].synflood_protect='1'
uci set firewall.@defaults[0].drop_invalid='1'
# ADD ZONE
uci add firewall zone
uci set firewall.@zone[-1].name='vpn0'
uci set firewall.@zone[-1].network='vpn0'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].forward='ACCEPT'
uci set firewall.@zone[-1].device='vpn0'
uci set firewall.@zone[-1].output='ACCEPT'
uci add firewall zone
uci set firewall.@zone[-1].name='vpn1'
uci set firewall.@zone[-1].network='vpn1'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].forward='ACCEPT'
uci set firewall.@zone[-1].device='vpn1'
uci set firewall.@zone[-1].output='ACCEPT'
uci add firewall zone
uci set firewall.@zone[-1].name='vpn2'
uci set firewall.@zone[-1].network='vpn2'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].forward='ACCEPT'
uci set firewall.@zone[-1].device='vpn2'
uci set firewall.@zone[-1].output='ACCEPT'
uci add firewall zone
uci set firewall.@zone[-1].name='wg'
uci set firewall.@zone[-1].family='ipv4'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].mtu_fix='1'
uci set firewall.@zone[-1].network='wg0'
# ADD FORWARDING
uci add firewall forwarding
uci set firewall.@forwarding[1].dest='lan'
uci set firewall.@forwarding[1].src='vpn0'
uci add firewall forwarding
uci set firewall.@forwarding[2].dest='vpn0'
uci set firewall.@forwarding[2].src='lan'
uci add firewall forwarding
uci set firewall.@forwarding[3].dest='lan'
uci set firewall.@forwarding[3].src='vpn1'
uci add firewall forwarding
uci set firewall.@forwarding[4].dest='vpn1'
uci set firewall.@forwarding[4].src='lan'
uci add firewall forwarding
uci set firewall.@forwarding[5].dest='lan'
uci set firewall.@forwarding[5].src='vpn2'
uci add firewall forwarding
uci set firewall.@forwarding[6].dest='vpn2'
uci set firewall.@forwarding[6].src='lan'
uci add firewall forwarding
uci set firewall.@forwarding[7].family='ipv4'
uci set firewall.@forwarding[7].src='lan'
uci set firewall.@forwarding[7].dest='wg'
# ADD RULE
uci add firewall rule
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].proto='udp'
uci set firewall.@rule[-1].dest_port='23558'
uci set firewall.@rule[-1].name='Allow-Aramil-Pivko-Inbound'
uci set firewall.@rule[-1].src='wan'
uci add firewall rule
uci set firewall.@rule[10].target='ACCEPT'
uci set firewall.@rule[10].proto='udp'
uci set firewall.@rule[10].dest_port='51820'
uci set firewall.@rule[10].name='Allow-Wireguard-VPS'
uci set firewall.@rule[10].src='wan'
uci add firewall rule
uci set firewall.@rule[11].target='ACCEPT'
uci set firewall.@rule[11].proto='udp'
uci set firewall.@rule[11].dest_port='23557'
uci set firewall.@rule[11].name='Allow-Wireguard-Inbound'
uci set firewall.@rule[11].src='wan'
uci add firewall rule
uci set firewall.@rule[12].target='ACCEPT'
uci set firewall.@rule[12].proto='udp'
uci set firewall.@rule[12].dest_port='23556'
uci set firewall.@rule[12].name='Allow-Elmash-Aramil-Inbound'
uci set firewall.@rule[12].src='wan'
uci add firewall rule
uci set firewall.@rule[13].dest_port='5201'
uci set firewall.@rule[13].src='wan'
uci set firewall.@rule[13].name='iperf'
uci set firewall.@rule[13].target='ACCEPT'
uci add network rule
uci set network.@rule[-1].name='mark0x1'
uci set network.@rule[-1].mark='0x1'
uci set network.@rule[-1].priority='100'
uci set network.@rule[-1].lookup='vpn'
# ADD REDIRECT
uci add firewall redirect
uci set firewall.@redirect[0].target='DNAT'
uci set firewall.@redirect[0].src='wan'
uci set firewall.@redirect[0].dest='lan'
uci set firewall.@redirect[0].dest_ip='192.168.47.9'
uci set firewall.@redirect[0].dest_port='6881'
uci set firewall.@redirect[0].proto='tcp' 'udp'
uci set firewall.@redirect[0].name='qbittorrent'
uci set firewall.@redirect[0].src_dport='6881'
uci add firewall redirect
uci set firewall.@redirect[1].dest_port='25'
uci set firewall.@redirect[1].src='wan'
uci set firewall.@redirect[1].name='smtp_25'
uci set firewall.@redirect[1].src_dport='25'
uci set firewall.@redirect[1].target='DNAT'
uci set firewall.@redirect[1].dest_ip='192.168.47.2'
uci set firewall.@redirect[1].dest='lan'
uci add firewall redirect
uci set firewall.@redirect[2].dest_port='143'
uci set firewall.@redirect[2].src='wan'
uci set firewall.@redirect[2].name='imap_143'
uci set firewall.@redirect[2].src_dport='143'
uci set firewall.@redirect[2].target='DNAT'
uci set firewall.@redirect[2].dest_ip='192.168.47.2'
uci set firewall.@redirect[2].dest='lan'
uci add firewall redirect
uci set firewall.@redirect[3].dest_port='993'
uci set firewall.@redirect[3].src='wan'
uci set firewall.@redirect[3].name='imaps_993'
uci set firewall.@redirect[3].src_dport='993'
uci set firewall.@redirect[3].target='DNAT'
uci set firewall.@redirect[3].dest_ip='192.168.47.2'
uci set firewall.@redirect[3].dest='lan'
uci add firewall redirect
uci set firewall.@redirect[4].dest_port='465'
uci set firewall.@redirect[4].src='wan'
uci set firewall.@redirect[4].src_dport='465'
uci set firewall.@redirect[4].target='DNAT'
uci set firewall.@redirect[4].dest_ip='192.168.47.2'
uci set firewall.@redirect[4].dest='lan'
uci set firewall.@redirect[4].name='smtp_465'
uci add firewall redirect
uci set firewall.@redirect[5].dest_port='4190'
uci set firewall.@redirect[5].src='wan'
uci set firewall.@redirect[5].name='mail_sieve_4190'
uci set firewall.@redirect[5].src_dport='4190'
uci set firewall.@redirect[5].target='DNAT'
uci set firewall.@redirect[5].dest_ip='192.168.47.2'
uci set firewall.@redirect[5].dest='lan'
uci add firewall redirect
uci set firewall.@redirect[6].dest_port='587'
uci set firewall.@redirect[6].src='wan'
uci set firewall.@redirect[6].name='smtp_587'
uci set firewall.@redirect[6].src_dport='587'
uci set firewall.@redirect[6].target='DNAT'
uci set firewall.@redirect[6].dest_ip='192.168.47.2'
uci set firewall.@redirect[6].dest='lan'
uci add firewall redirect
uci set firewall.@redirect[7].dest_port='80'
uci set firewall.@redirect[7].src='wan'
uci set firewall.@redirect[7].src_dport='80'
uci set firewall.@redirect[7].target='DNAT'
uci set firewall.@redirect[7].dest='lan'
uci set firewall.@redirect[7].name='NPM-80'
uci set firewall.@redirect[7].dest_ip='192.168.47.191'
uci add firewall redirect
uci set firewall.@redirect[8].dest_port='443'
uci set firewall.@redirect[8].src='wan'
uci set firewall.@redirect[8].src_dport='443'
uci set firewall.@redirect[8].target='DNAT'
uci set firewall.@redirect[8].dest='lan'
uci set firewall.@redirect[8].name='NPM-443'
uci set firewall.@redirect[8].dest_ip='192.168.47.191'
uci commit firewall
/etc/init.d/firewall restart
echo "All done"
Reference in New Issue View Git Blame Copy Permalink