#!/bin/sh
#
# router.customize - configure router disk image for management by ansible
#
# This sets up a very basic image, just enough to allow ansible to log
# in and become root with sudo. Also, bring up DHCP server on LAN
# ports to allow access over ssh. All the rest of the configuration
# happens via ansible.
#
# Copyright 2016  Lars Wirzenius
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


set -eu

# Avoid any problems (mainly weird perl warnings) from inherited
# locale from user.
export LC_ALL=C

rootdir="$1"

# Configure network ports. eth0 is WAN and gets its adress using DHCP.
# The rest will serve the LAN and dnsmasq will serve address to LAN via
# DHCP on these ports. The LAN interfaces have a static config.

cat <<EOF > "$rootdir/etc/network/interfaces.d/router"
auto eth0
inet eth0 inet dhcp

auto eth1
iface eth1 inet static
    address 10.0.0.2
    netmask 255.255.255.0
    gateway 10.0.0.255

auto eth2
iface eth2 inet static
    address 10.0.0.3
    netmask 255.255.255.0
    gateway 10.0.0.255

auto eth3
iface eth3 inet static
    address 10.0.0.4
    netmask 255.255.255.0
    gateway 10.0.0.255
EOF

# Configure dnsmasq to server 10.0.0.x addresss on the LAN ports.
cat <<EOF > "$rootdir/etc/dnsmasq.d/router"
interface=eth1
interface=eth2
interface=eth3
dhcp-range=10.0.0.10,10.0.0.250,255.255.255.0,720h
EOF


# Create an account for ansible.
chroot "$rootdir" adduser --gecos 'Ansible' --disabled-password ansible

# Install an authorize_keys file so that ansible can access the account.
chroot "$rootdir" install -d -o ansible -g ansible -m 0700 /home/ansible/.ssh
install -m 0600 authorized_keys "$rootdir/home/ansible/.ssh/authorized_keys"
chroot "$rootdir" chown ansible:ansible /home/ansible/.ssh/authorized_keys

# Add ansible to sudoers, without password.
cat <<EOF >> "$rootdir/etc/sudoers.d/ansible"
ansible ALL=(ALL:ALL) NOPASSWD: ALL
EOF
chroot "$rootdir" chown root:root /etc/sudoers.d/ansible
chroot "$rootdir" chmod 0440 /etc/sudoers.d/ansible