diff options
Diffstat (limited to 'bootstrap.d/20-networking.sh')
| -rw-r--r-- | bootstrap.d/20-networking.sh | 62 |
1 files changed, 33 insertions, 29 deletions
diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh index c9f866f..3216f4e 100644 --- a/bootstrap.d/20-networking.sh +++ b/bootstrap.d/20-networking.sh @@ -5,64 +5,68 @@ # Load utility functions . ./functions.sh -# Set up IPv4 hosts +# Install and setup hostname install_readonly files/network/hostname $R/etc/hostname sed -i "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname +# Install and setup hosts install_readonly files/network/hosts $R/etc/hosts sed -i "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts +# Setup hostname entry with static IP if [ "$NET_ADDRESS" != "" ] ; then NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/') sed -i "s/^127.0.1.1/${NET_IP}/" $R/etc/hosts fi -# Set up IPv6 hosts -if [ "$ENABLE_IPV6" = true ] ; then - cat <<EOM >>$R/etc/hosts - -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -EOM +# Remove IPv6 hosts +if [ "$ENABLE_IPV6" = false ] ; then + sed -i -e "/::[1-9]/d" -e "/^$/d" $R/etc/hosts fi -# Place hint about network configuration +# Install hint about network configuration install_readonly files/network/interfaces $R/etc/network/interfaces +# Install configuration for interface eth0 +install_readonly files/network/eth.network $R/etc/systemd/network/eth.network + if [ "$ENABLE_DHCP" = true ] ; then - # Enable systemd-networkd DHCP configuration for interface eth0 - install_readonly files/network/eth.network $R/etc/systemd/network/eth.network + # Enable DHCP configuration for interface eth0 + sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" $R/etc/systemd/network/eth.network # Set DHCP configuration to IPv4 only if [ "$ENABLE_IPV6" = false ] ; then - sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network + sed -i "s/DHCP=.*/DHCP=v4/" $R/etc/systemd/network/eth.network fi else # ENABLE_DHCP=false - cat <<EOM >$R/etc/systemd/network/eth.network -[Match] -Name=eth0 - -[Network] -DHCP=no -Address=${NET_ADDRESS} -Gateway=${NET_GATEWAY} -DNS=${NET_DNS_1} -DNS=${NET_DNS_2} -Domains=${NET_DNS_DOMAINS} -NTP=${NET_NTP_1} -NTP=${NET_NTP_2} -EOM + # Set static network configuration for interface eth0 + sed -i\ + -e "s|DHCP=.*|DHCP=no|"\ + -e "s|Address=\$|Address=${NET_ADDRESS}|"\ + -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\ + -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\ + -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\ + -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\ + -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ + -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ + $R/etc/systemd/network/eth.network fi +# Remove empty settings from network configuration +sed -i "/.*=\$/d" $R/etc/systemd/network/eth.network + # Enable systemd-networkd service chroot_exec systemctl enable systemd-networkd +# Install host.conf resolver configuration +install_readonly files/network/host.conf $R/etc/host.conf + # Enable network stack hardening if [ "$ENABLE_HARDNET" = true ] ; then + # Install sysctl.d configuration files install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf - # Enable resolver warnings about spoofed addresses - install_readonly files/network/host.conf $R/etc/host.conf + # Setup resolver warnings about spoofed addresses + sed -i "s/^# spoof warn/spoof warn/" $R/etc/host.conf fi |