jeka/openwrt-auto-extroot-gw-elmash
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
b39795c16e65a274b4b234985ca333dafae45318
openwrt-auto-extroot-gw-elmash/image-extras/tplink_tl-wdr3600-v1/etc/uci-defaults/99defaults
jeka 1b57777156 ssh restrict access
2023-12-15 19:07:41 +05:00

116 lines
4.1 KiB
Plaintext
Raw Blame History

# Beware! This script will be in /rom/etc/uci-defaults/ as part of the image.
# Uncomment lines to apply:
wlan_name="office"
wlan_password="fuckingwep"
root_password="AsD7fg"
lan_ip_address="192.168.77.4"
hostname="gw-elmash"
# dhcp server 1 disable, 0 enable
dhcpsrv="1"
# log potential errors
exec >/tmp/setup.log 2>&1
if [ -n "$root_password" ]; then
(echo "$root_password"; sleep 1; echo "$root_password") | passwd > /dev/null
fi
# Configure LAN
# More options: https://openwrt.org/docs/guide-user/base-system/basic-networking
if [ -n "$lan_ip_address" ]; then
uci set network.lan.ipaddr="$lan_ip_address"
uci commit network
fi
# Configure WLAN
# More options: https://openwrt.org/docs/guide-user/network/wifi/basic#wi-fi_interfaces
if [ -n "$wlan_name" -a -n "$wlan_password" -a ${#wlan_password} -ge 8 ]; then
uci set wireless.@wifi-device[0].disabled='0'
uci set wireless.@wifi-device[0].channel='11'
uci set wireless.@wifi-device[0].txpower='15'
uci set wireless.@wifi-device[0].disabled='0'
uci set wireless.@wifi-device[0].country='RU'
uci set wireless.@wifi-iface[0].mode='ap'
uci set wireless.@wifi-iface[0].encryption='psk2'
uci set wireless.@wifi-iface[0].ssid="$wlan_name"
uci set wireless.@wifi-iface[0].key="$wlan_password"
#uci set wireless.@wifi-iface[0].macfilter='allow'
#uci add_list wireless.@wifi-iface[0].maclist=''
uci commit wireless
fi
# Configure system
uci set system.@system[0].hostname="$hostname"
uci set system.@system[0].timezone='<+05>-5'
uci set system.ntp.enable_server='1'
uci set system.ntp.interface='lan'
uci set system.@system[0].zonename='Asia/Yekaterinburg
commit system
/etc/init.d/system restart
# Configure ssh dropbear
USER_NAME="admin"
USER_SSHPUB="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSZsnOKXMTO7GTdrDUzuemE2h+SAIwMBbsrLVtx/CFoYidtT5qQ4ukAJG5JvRIkmZUl0t2C69z0nEEZXInTycsqQW7IlYpiy9yTlImd9QmyckZcHptTtEzyNdcCDOXOcW2Q0YEykpOoccTCkk2PHa3Xufel67jTwXfaqAVzaN5fXy6uO2I1ab5HHwCFX8zTuagBXKSYDMlHxrz9friu8ipuiPsEgl5n1LOvasypnZkpjhb5XnJi7tyRHfbzx+X+DIZc/ZW21BPtcExSXn+mmVhTD0vQh9MGG/hnfdvCXGPSKGGHMPiZEL9vzN3PvBYVchp/8DDSKtRZtJnBpNhdtl+8LjGsOgDPN51otOxcDtIQgOiMGbgX6fzMB7EN642b3f8tlFp3aVswtH3isBz6AgeVO+qqI/nW6Io7mayNXrDXVIULh0Ol4TKTZ61KGLCUhX/ZL9ifXdXWlTVeXzidaxIZ7BGF5SaTRlHJhRfqVc8fZI9BBaPFFSqxBYzybYkGzU= jeka@x220"
USER_SHELL="/bin/ash"
SUDO_USER="root"
SUDO_GROUP="sudo"
groupadd -r "${SUDO_GROUP}"
useradd -m -G "${SUDO_GROUP}" -s "${USER_SHELL}" "${USER_NAME}"
passwd -l "${SUDO_USER}"
cat << EOI > /etc/sudoers.d/00-custom
%${SUDO_GROUP} ALL=(ALL) ALL
EOI
USER_HOME="$(eval echo ~"${USER_NAME}")"
mkdir -p "${USER_HOME}"/.ssh
cat << EOI > "${USER_HOME}"/.ssh/authorized_keys
${USER_SSHPUB}
EOI
uci set dropbear.@dropbear[0].PasswordAuth="0"
uci set dropbear.@dropbear[0].RootPasswordAuth="0"
uci set dropbear.@dropbear[0].GatewayPorts='on'
uci commit dropbear
/etc/init.d/dropbear restart
# Configure uhttpd
uci set uhttpd.main.listen_http='0.0.0.0:8080'
uci set uhttpd.main.listen_https='0.0.0.0:4431'
commit uhttpd
/etc/init.d/uhttpd restart
# DHCP server on/off
uci set dhcp.lan.ignore="$dhcpsrv"
uci add host
uci set dhcp.@host[-1].name='jeka-office'
uci set dhcp.@host[-1].mac='4c:cc:6a:01:5d:30'
uci set dhcp.@host[-1].ip='192.168.77.35'
uci add host
uci set dhcp.@host[-1].name='fs1370dn'
uci set dhcp.@host[-1].mac='00:C0:EE:9E:01:55'
uci set dhcp.@host[-1].ip='192.168.77.33'
uci add host
uci set dhcp.@host[-1].name='kyoceraigor'
uci set dhcp.@host[-1].mac='00:17:C8:21:A7:F2'
uci set dhcp.@host[-1].ip='192.168.77.30'
uci add host
uci set dhcp.@host[-1].name='kyocerascanner'
uci set dhcp.@host[-1].mac='00:C0:EE:BB:85:2C'
uci set dhcp.@host[-1].ip='192.168.77.31'
uci add host
uci set dhcp.@host[-1].name='natasha-office'
uci set dhcp.@host[-1].mac='50:46:5D:09:D0:69'
uci set dhcp.@host[-1].ip='192.168.77.36'
uci add host
uci set dhcp.@host[-1].name='klipper'
uci set dhcp.@host[-1].mac='B8:27:EB:B9:82:6D'
uci set dhcp.@host[-1].ip='192.168.77.44'
uci commit dhcp
/etc/init.d/dnsmasq restart
# Configure network
/etc/init.d/network restart
# Configure firewall
/etc/init.d/firewall restart
echo "All done!"
Reference in New Issue View Git Blame Copy Permalink