-
Notifications
You must be signed in to change notification settings - Fork 0
/
update-icvpn.sh
executable file
·95 lines (74 loc) · 2.22 KB
/
update-icvpn.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/bin/bash
#
# Depending on cli parameter $1, this script will
# 1) update tinc and bird configuration for ICVPN peerings
# 2) updates DNS delegations to other freifunk communities
# and generate a ROA table
#
# It needs to run by cron.
# Parameter $1 may be "icvpn" or "ice"
#
[ "$(whoami)" != 'root' ] && (
logger "update-icvpn: error: please execute as user root"
exit 1
)
# Get mode (see decription at top; ice == 2, icvpn == 1 & 2)
MODE=ice
[ $# -eq 1 ] && MODE=$1
TINC_NETWORK=icvpn
ICVPN_META=/opt/icvpn-meta
ICVPN_SCRIPTS=/opt/icvpn-scripts
BIRD_ROOT=/etc/bird
BIRD4_ROA=$BIRD_ROOT/icvpn/bird4-roa-icvpn.conf
BIRD4_PEERS=$BIRD_ROOT/icvpn/bird4-peers-icvpn.conf
BIRD6_ROA=$BIRD_ROOT/icvpn/bird6-roa-icvpn.conf
BIRD6_PEERS=$BIRD_ROOT/icvpn/bird6-peers-icvpn.conf
BIND_ROOT=/etc/bind
BIND_CONFIG=$BIND_ROOT/named.conf.icvpn
update_roa() (
$ICVPN_SCRIPTS/mkroa -4 -m 24 -f bird -x fulda -s $ICVPN_META > $BIRD4_ROA
$ICVPN_SCRIPTS/mkroa -6 -m 64 -f bird -x fulda -s $ICVPN_META > $BIRD6_ROA
)
update_bgp_peers() (
$ICVPN_SCRIPTS/mkbgp -4 -f bird -p icvpn_ -s $ICVPN_META -x fulda -d bgp_icvpn > $BIRD4_PEERS
birdc configure check
birdc configure
)
update_bgp6_peers() (
$ICVPN_SCRIPTS/mkbgp -6 -f bird -p icvpn_ -s $ICVPN_META -x fulda -d bgp_icvpn > $BIRD6_PEERS
birdc6 configure check
birdc6 configure
)
update_bind() (
$ICVPN_SCRIPTS/mkdns -f bind -s $ICVPN_META -x fulda > $BIND_CONFIG
named-checkconf $BIND_CONFIG
rndc reload
)
PATH=/usr/sbin:$PATH
# depending on $MODE, update tinc peers
#
if [ "$MODE" == "icvpn" ]; then
cd /etc/tinc/$TINC_NETWORK/
git remote update >/dev/null
if [ $FORCE_VPN ] || [ $(git rev-parse HEAD) != $(git rev-parse @{u}) ]; then
logger "update-icvpn: repo icvpn: update available"
git pull origin master
# post-merge hook handles configuration update
fi
fi
# depending on $MODE, update bird peers, ROA and DNS delegations
#
cd $ICVPN_META
git remote update >/dev/null
if [ $FORCE_META ] || [ $(git rev-parse HEAD) != $(git rev-parse @{u}) ]; then
logger "update-icvpn: repo icvpn-meta: update available"
git pull origin master
# update bird peers
if [ "$MODE" == "icvpn" ]; then
update_bgp_peers
update_bgp6_peers
fi
# update ROA and DNS delegations
update_roa
update_bind
fi