jeka/openwrt-auto-extroot-gw-elmash
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

join

Browse Source
This commit is contained in:
jeka
2023-12-17 16:09:14 +05:00
parent ee7567cfa2
commit 31a7dfe14c
2 changed files with 602 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
image-extras/common/root/autoprovision-stage2.sh
View File

@@ -4,6 +4,134 @@
. /root/autoprovision-functions.sh
check_repo()
{
printf "\033[32;1mChecking OpenWrt repo availability...\033[0m\n"
opkg update | grep -q "Failed to download" && printf "\033[32;1mopkg failed. Check internet or date. Command for force ntp sync: ntpd -p ptbtime1.ptb.de\033[0m\n" && exit 1
}
route_vpn()
{
cat << EOF > /etc/hotplug.d/iface/30-rknroute
#!/bin/sh
ip route add table vpn default dev wg0
EOF
}
add_mark()
{
grep -q "99 vpn" /etc/iproute2/rt_tables || echo '99 vpn' >> /etc/iproute2/rt_tables
if ! uci show network | grep -q mark0x1; then
printf "\033[32;1mConfigure mark rule\033[0m\n"
uci add network rule
uci set network.@rule[-1].name='mark0x1'
uci set network.@rule[-1].mark='0x1'
uci set network.@rule[-1].priority='100'
uci set network.@rule[-1].lookup='vpn'
uci commit
fi
}
dnsmasqfull()
{
if opkg list-installed | grep -q dnsmasq-full; then
printf "\033[32;1mdnsmasq-full already installed\033[0m\n"
else
printf "\033[32;1mInstalled dnsmasq-full\033[0m\n"
cd /tmp/ && opkg download dnsmasq-full
opkg remove dnsmasq && opkg install dnsmasq-full --cache /tmp/
[ -f /etc/config/dhcp-opkg ] && cp /etc/config/dhcp /etc/config/dhcp-old && mv /etc/config/dhcp-opkg /etc/config/dhcp
/etc/init.d/dnsmasq restart
fi
}
dnscrypt2()
{
if opkg list-installed | grep -q dnscrypt-proxy2; then
printf "\033[32;1mDNSCrypt2 already installed\033[0m\n"
else
printf "\033[32;1mInstalled dnscrypt-proxy2\033[0m\n"
opkg install dnscrypt-proxy2
if grep -q "# server_names" /etc/dnscrypt-proxy2/dnscrypt-proxy.toml; then
sed -i "s/^# server_names =.*/server_names = [\'google\', \'cloudflare\', \'scaleway-fr\', \'yandex\']/g" /etc/dnscrypt-proxy2/dnscrypt-proxy.toml
fi
printf "\033[32;1mDNSCrypt restart\033[0m\n"
service dnscrypt-proxy restart
printf "\033[32;1mDNSCrypt needs to load the relays list. Please wait\033[0m\n"
sleep 30
if [ -f /etc/dnscrypt-proxy2/relays.md ]; then
uci set dhcp.@dnsmasq[0].noresolv="1"
uci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server="127.0.0.53#53"
uci add_list dhcp.@dnsmasq[0].server='/use-application-dns.net/'
uci commit dhcp
printf "\033[32;1mDnsmasq restart\033[0m\n"
/etc/init.d/dnsmasq restart
else
printf "\033[31;1mDNSCrypt not download list on /etc/dnscrypt-proxy2. Repeat install DNSCrypt by script.\033[0m\n"
fi
fi
}
add_getdomains()
{
COUNTRY=russia_inside
EOF_DOMAINS=DOMAINS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Russia/inside-dnsmasq-nfset.lst
if [ "$COUNTRY" != '0' ]; then
printf "\033[32;1mCreate script /etc/init.d/getdomains\033[0m\n"
cat << EOF > /etc/init.d/getdomains
#!/bin/sh /etc/rc.common
START=99
start () {
$EOF_DOMAINS
EOF
cat << 'EOF' >> /etc/init.d/getdomains
count=0
while true; do
if curl -m 3 github.com; then
curl -f $DOMAINS --output /tmp/dnsmasq.d/domains.lst
break
else
echo "GitHub is not available. Check the internet availability [$count]"
count=$((count+1))
fi
done
if dnsmasq --conf-file=/tmp/dnsmasq.d/domains.lst --test 2>&1 | grep -q "syntax check OK"; then
/etc/init.d/dnsmasq restart
fi
}
EOF
chmod +x /etc/init.d/getdomains
/etc/init.d/getdomains enable
if crontab -l | grep -q /etc/init.d/getdomains; then
printf "\033[32;1mCrontab already configured\033[0m\n"
else
crontab -l | { cat; echo "0 */8 * * * /etc/init.d/getdomains start"; } | crontab -
printf "\033[32;1mIgnore this error. This is normal for a new installation\033[0m\n"
/etc/init.d/cron restart
fi
printf "\033[32;1mStart script\033[0m\n"
/etc/init.d/getdomains start
fi
}
installPackages()
{
signalAutoprovisionWaitingForUser
@@ -20,37 +148,10 @@ installPackages()
log "Autoprovisioning stage2 is about to install packages"
# switch ssh from dropbear to openssh (needed to install sshtunnel)
#opkg remove dropbear
#opkg install openssh-server openssh-sftp-server sshtunnel
#/etc/init.d/sshd enable
#mkdir /root/.ssh
#chmod 0700 /root/.ssh
#mv /etc/dropbear/authorized_keys /root/.ssh/
#rm -rf /etc/dropbear
# CUSTOMIZE
# install some more packages that don't need any extra steps
#opkg install lua luci ppp-mod-pppoe screen mc unzip logrotate
opkg install logrotate curl sing-box dnscrypt-proxy2
dnsmasqfull() {
if opkg list-installed | grep -q dnsmasq-full; then
printf "\033[32;1mdnsmasq-full already installed\033[0m\n"
else
printf "\033[32;1mInstalled dnsmasq-full\033[0m\n"
cd /tmp/ && opkg download dnsmasq-full
opkg remove dnsmasq && opkg install dnsmasq-full --cache /tmp/
[ -f /etc/config/dhcp-opkg ] && cp /etc/config/dhcp /etc/config/dhcp-old && mv /etc/config/dhcp-opkg /etc/config/dhcp
fi
}
# this is needed for the vlans on tp-link 3020 with only a single hw ethernet port
#opkg install kmod-macvlan ip
# just in case if we were run in a firmware that didn't already have luci
#/etc/init.d/uhttpd enable
opkg install logrotate curl
}
autoprovisionStage2()
@@ -74,7 +175,6 @@ autoprovisionStage2()
# available default password anywhere, therefore the random here...
#setRootPassword "AsD7fg"
installPackages
crontab - <<EOF
# */10 * * * * /root/autoprovision-stage3.py
@@ -96,4 +196,15 @@ EOF
fi
}
installPackages
check_repo
route_vpn
add_mark
dnsmasqfull
dnscrypt2
add_getdomains
autoprovisionStage2
printf "\033[32;1mRestart network\033[0m\n"
/etc/init.d/network restart