safety commit
This commit is contained in:
75
rpi5_lav_setup/lavadmin@192.168.1.34
Executable file
75
rpi5_lav_setup/lavadmin@192.168.1.34
Executable file
@@ -0,0 +1,75 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# ==== EDIT THESE ====
|
||||
WIFI_SSID="Lav.Studio"
|
||||
WIFI_PASS="0147258369"
|
||||
|
||||
LIGHT_IP="192.168.50.10/24" # Pi's address on eth0
|
||||
LIGHT_NET_DNS="" # usually blank; no DNS on lighting net
|
||||
# If you truly need a gateway on lighting (rare), set LIGHT_GW here and see notes below.
|
||||
LIGHT_GW=""
|
||||
|
||||
# Optional: if you want a static Wi-Fi IP instead of DHCP, set WIFI_STATIC="yes"
|
||||
WIFI_STATIC="no"
|
||||
WIFI_IP="192.168.10.20/24"
|
||||
WIFI_GW="192.168.10.1"
|
||||
WIFI_DNS="192.168.10.1"
|
||||
# =====================
|
||||
|
||||
echo "[*] Updating system..."
|
||||
sudo apt update
|
||||
sudo apt full-upgrade -y
|
||||
|
||||
echo "[*] Ensure NetworkManager is active (Bookworm default)..."
|
||||
sudo systemctl enable --now NetworkManager
|
||||
|
||||
echo "[*] Create Ethernet profile for lighting (static IP, NO gateway)..."
|
||||
# Delete default connection if it exists, to avoid conflicts
|
||||
nmcli -t -f NAME,TYPE con | grep -q "^Wired connection 1:ethernet$" && nmcli con delete "Wired connection 1" || true
|
||||
nmcli con delete lighting >/dev/null 2>&1 || true
|
||||
|
||||
nmcli con add type ethernet ifname eth0 con-name lighting ipv4.method manual ipv4.addresses "${LIGHT_IP}" ipv4.gateway "" ipv4.dns "${LIGHT_NET_DNS}" ipv6.method ignore
|
||||
# Make sure this interface never installs a default route
|
||||
nmcli con mod lighting ipv4.never-default yes
|
||||
# Prefer Wi-Fi for routing by giving Ethernet a higher metric
|
||||
nmcli con mod lighting ipv4.route-metric 300
|
||||
|
||||
echo "[*] Create Wi-Fi profile for Xilica..."
|
||||
nmcli con delete xilica >/dev/null 2>&1 || true
|
||||
if [ "${WIFI_STATIC}" = "yes" ]; then
|
||||
nmcli con add type wifi ifname wlan0 con-name xilica ssid "${WIFI_SSID}" \
|
||||
ipv4.method manual ipv4.addresses "${WIFI_IP}" ipv4.gateway "${WIFI_GW}" ipv4.dns "${WIFI_DNS}" ipv6.method ignore
|
||||
else
|
||||
nmcli dev wifi connect "${WIFI_SSID}" password "${WIFI_PASS}" ifname wlan0 name xilica
|
||||
nmcli con mod xilica ipv6.method ignore
|
||||
fi
|
||||
# Lower metric so Wi-Fi becomes preferred default route (if it has a gateway)
|
||||
nmcli con mod xilica ipv4.route-metric 200
|
||||
|
||||
echo "[*] Disable IP forwarding to keep networks isolated..."
|
||||
sudo bash -c 'cat >/etc/sysctl.d/99-no-forwarding.conf <<EOF
|
||||
net.ipv4.ip_forward=0
|
||||
net.ipv6.conf.all.forwarding=0
|
||||
EOF'
|
||||
sudo sysctl --system
|
||||
|
||||
echo "[*] Install Node-RED via the official script..."
|
||||
bash <(curl -sL https://raw.githubusercontent.com/node-red/linux-installers/master/deb/update-nodejs-and-nodered)
|
||||
|
||||
echo "[*] Enable Node-RED as a service..."
|
||||
sudo systemctl enable nodered --now
|
||||
|
||||
echo "[*] (Optional) Lock down firewall to your subnets only..."
|
||||
sudo apt install -y ufw
|
||||
sudo ufw default deny incoming
|
||||
sudo ufw default allow outgoing
|
||||
# Allow Node-RED editor/UI from both subnets (adjust nets if different)
|
||||
sudo ufw allow from 192.168.50.0/24 to any port 1880 proto tcp
|
||||
sudo ufw allow from 192.168.10.0/24 to any port 1880 proto tcp
|
||||
sudo ufw --force enable
|
||||
|
||||
echo "[*] Done. Current addresses:"
|
||||
ip -4 addr show eth0 | sed -n 's/ *inet \([0-9.\/]*\).*/eth0: \1/p'
|
||||
ip -4 addr show wlan0 | sed -n 's/ *inet \([0-9.\/]*\).*/wlan0: \1/p'
|
||||
echo "Node-RED should be reachable at: http://<eth0-ip>:1880 and/or http://<wlan0-ip>:1880"
|
||||
75
rpi5_lav_setup/rpi5_lav_setup.txt
Executable file
75
rpi5_lav_setup/rpi5_lav_setup.txt
Executable file
@@ -0,0 +1,75 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# ==== EDIT THESE ====
|
||||
WIFI_SSID="Lav.Studio"
|
||||
WIFI_PASS="0147258369"
|
||||
|
||||
LIGHT_IP="192.168.50.10/24" # Pi's address on eth0
|
||||
LIGHT_NET_DNS="" # usually blank; no DNS on lighting net
|
||||
# If you truly need a gateway on lighting (rare), set LIGHT_GW here and see notes below.
|
||||
LIGHT_GW=""
|
||||
|
||||
# Optional: if you want a static Wi-Fi IP instead of DHCP, set WIFI_STATIC="yes"
|
||||
WIFI_STATIC="no"
|
||||
WIFI_IP="192.168.10.20/24"
|
||||
WIFI_GW="192.168.10.1"
|
||||
WIFI_DNS="192.168.10.1"
|
||||
# =====================
|
||||
|
||||
echo "[*] Updating system..."
|
||||
sudo apt update
|
||||
sudo apt full-upgrade -y
|
||||
|
||||
echo "[*] Ensure NetworkManager is active (Bookworm default)..."
|
||||
sudo systemctl enable --now NetworkManager
|
||||
|
||||
echo "[*] Create Ethernet profile for lighting (static IP, NO gateway)..."
|
||||
# Delete default connection if it exists, to avoid conflicts
|
||||
nmcli -t -f NAME,TYPE con | grep -q "^Wired connection 1:ethernet$" && nmcli con delete "Wired connection 1" || true
|
||||
nmcli con delete lighting >/dev/null 2>&1 || true
|
||||
|
||||
nmcli con add type ethernet ifname eth0 con-name lighting ipv4.method manual ipv4.addresses "${LIGHT_IP}" ipv4.gateway "" ipv4.dns "${LIGHT_NET_DNS}" ipv6.method ignore
|
||||
# Make sure this interface never installs a default route
|
||||
nmcli con mod lighting ipv4.never-default yes
|
||||
# Prefer Wi-Fi for routing by giving Ethernet a higher metric
|
||||
nmcli con mod lighting ipv4.route-metric 300
|
||||
|
||||
echo "[*] Create Wi-Fi profile for Xilica..."
|
||||
nmcli con delete xilica >/dev/null 2>&1 || true
|
||||
if [ "${WIFI_STATIC}" = "yes" ]; then
|
||||
nmcli con add type wifi ifname wlan0 con-name xilica ssid "${WIFI_SSID}" \
|
||||
ipv4.method manual ipv4.addresses "${WIFI_IP}" ipv4.gateway "${WIFI_GW}" ipv4.dns "${WIFI_DNS}" ipv6.method ignore
|
||||
else
|
||||
nmcli dev wifi connect "${WIFI_SSID}" password "${WIFI_PASS}" ifname wlan0 name xilica
|
||||
nmcli con mod xilica ipv6.method ignore
|
||||
fi
|
||||
# Lower metric so Wi-Fi becomes preferred default route (if it has a gateway)
|
||||
nmcli con mod xilica ipv4.route-metric 200
|
||||
|
||||
echo "[*] Disable IP forwarding to keep networks isolated..."
|
||||
sudo bash -c 'cat >/etc/sysctl.d/99-no-forwarding.conf <<EOF
|
||||
net.ipv4.ip_forward=0
|
||||
net.ipv6.conf.all.forwarding=0
|
||||
EOF'
|
||||
sudo sysctl --system
|
||||
|
||||
echo "[*] Install Node-RED via the official script..."
|
||||
bash <(curl -sL https://raw.githubusercontent.com/node-red/linux-installers/master/deb/update-nodejs-and-nodered)
|
||||
|
||||
echo "[*] Enable Node-RED as a service..."
|
||||
sudo systemctl enable nodered --now
|
||||
|
||||
echo "[*] (Optional) Lock down firewall to your subnets only..."
|
||||
sudo apt install -y ufw
|
||||
sudo ufw default deny incoming
|
||||
sudo ufw default allow outgoing
|
||||
# Allow Node-RED editor/UI from both subnets (adjust nets if different)
|
||||
sudo ufw allow from 192.168.50.0/24 to any port 1880 proto tcp
|
||||
sudo ufw allow from 192.168.10.0/24 to any port 1880 proto tcp
|
||||
sudo ufw --force enable
|
||||
|
||||
echo "[*] Done. Current addresses:"
|
||||
ip -4 addr show eth0 | sed -n 's/ *inet \([0-9.\/]*\).*/eth0: \1/p'
|
||||
ip -4 addr show wlan0 | sed -n 's/ *inet \([0-9.\/]*\).*/wlan0: \1/p'
|
||||
echo "Node-RED should be reachable at: http://<eth0-ip>:1880 and/or http://<wlan0-ip>:1880"
|
||||
Reference in New Issue
Block a user