proxmox-utils/gate-traefik/make.sh

#!/usr/bin/bash
#----------------------------------------------------------------------

source ../.pct-helpers

PATH=$PATH:$(dirname "$(pwd)")


#----------------------------------------------------------------------

[ -e ../config.global ] \
	&& source ../config.global

[ -e ./config ] \
	&& source ./config


#----------------------------------------------------------------------

TEMPLATE_DIR=${TEMPLATE_DIR:=templates}
ASSETS_DIR=${ASSETS_DIR:=assets}

# ROOTPASS=
TMP_PASS_LEN=${TMP_PASS_LEN:=32}

DFL_EMAIL=${DFL_EMAIL:=user@example.com}
DFL_DOMAIN=${DFL_DOMAIN:=example.com}
DFL_ID=${DFL_ID:=500}
DFL_CTHOSTNAME=${DFL_CTHOSTNAME:=gate}
DFL_WAN_IP=${DFL_WAN_IP:=192.168.1.101/24}
DFL_WAN_GATE=${DFL_WAN_GATE:=192.168.1.252}

DFL_WAN_BRIDGE=${DFL_WAN_BRIDGE:=2}
DFL_LAN_BRIDGE=${DFL_LAN_BRIDGE:=0}
DFL_ADMIN_BRIDGE=${DFL_ADMIN_BRIDGE:=1}

DFL_PCT_EXTRA=${DFL_PCT_EXTRA:=}

REBOOT=${REBOOT:=1}


#----------------------------------------------------------------------

[ -z $EMAIL ] \
	&& read -ep "Email: " -i "$DFL_EMAIL" EMAIL
EMAIL=${EMAIL:=$DFL_EMAIL}
[ -z $DOMAIN ] \
	&& read -ep "Domain: " -i "$DFL_DOMAIN" DOMAIN
DOMAIN=${DOMAIN:=$DFL_DOMAIN}
[ -z $ID ] \
	&& read -ep "ID: " -i "$DFL_ID" ID
[ -z $CTHOSTNAME ] \
	&& read -ep "Hostname: " -i "$DFL_CTHOSTNAME" CTHOSTNAME
# bridge config...
[ -z $WAN_BRIDGE ] \
	&& read -ep "WAN bridge: vmbr" -i "$DFL_WAN_BRIDGE" WAN_BRIDGE
[ -z $LAN_BRIDGE ] \
	&& read -ep "LAN bridge: vmbr" -i "$DFL_LAN_BRIDGE" LAN_BRIDGE
[ -z $ADMIN_BRIDGE ] \
	&& read -ep "ADMIN bridge: vmbr" -i "$DFL_ADMIN_BRIDGE" ADMIN_BRIDGE
# wan...
[ -z $WAN_IP ] \
	&& read -ep "WAN ip: " -i "$DFL_WAN_IP" WAN_IP
[ -z $WAN_GATE ] \
	&& read -ep "WAN gateway: " -i "$DFL_WAN_GATE" WAN_GATE
# root password...
TMP_PASS=$(cat /dev/urandom | base64 | head -c ${TMP_PASS_LEN:=32})
if [ -z $ROOTPASS ] ; then
	read -sep "root password (Enter to skip): " PASS1
	echo
	if [ $PASS1 ] ; then
		read -sep "retype root password: " PASS2
		echo
		if [[ $PASS1 != $PASS2 ]] ; then
			echo "ERR: passwords do not match."
			exit 1
		fi
		PASS=$PASS1
	fi
else
	PASS=$ROOTPASS
fi
# extra stuff...
[ -z $PCT_EXTRA ] \
	&& read -ep "pct extra options: " -i "$DFL_PCT_EXTRA" PCT_EXTRA


#----------------------------------------------------------------------

TEMPLATE=($(ls /var/lib/vz/template/cache/alpine-3.18*.tar.xz))

# XXX should we set the initial ip as 10.x.x.2/23, dhcp or empty???
#	--net0 name=lan,bridge=vmbr${LAN_BRIDGE},firewall=1,ip=10.1.1.2/24,type=veth \
#	--net1 name=admin,bridge=vmbr${ADMIN_BRIDGE},firewall=1,ip=10.0.0.2/24,type=veth \
OPTS_STAGE_1="\
	--hostname $CTHOSTNAME \
	--memory 128 \
	--swap 128 \
	--net0 name=wan,bridge=vmbr${WAN_BRIDGE},firewall=1${WAN_GATE:+,gw=${WAN_GATE}}${WAN_IP:+,ip=${WAN_IP}},type=veth \
	--net1 name=admin,bridge=vmbr${ADMIN_BRIDGE},firewall=1,ip=10.0.0.2/24,type=veth \
	--net2 name=lan,bridge=vmbr${LAN_BRIDGE},firewall=1,ip=10.1.1.2/24,type=veth \
	--storage local-lvm \
	--rootfs local-lvm:0.5 \
	--unprivileged 1 \
	${PCT_EXTRA} \
"

OPTS_STAGE_2="\
	--startup order=80 \
	--onboot 1 \
"


#----------------------------------------------------------------------

echo Building config...
TEMPLATES=($(find "$TEMPLATE_DIR" -type f))
for file in "${TEMPLATES[@]}" ; do
	file=${file#${TEMPLATE_DIR}}
	echo Generating: ${file}...
	# ensure the directory exists...
	mkdir -p "$(dirname "${ASSETS_DIR}/${file}")"
	cat "${TEMPLATE_DIR}/${file}" \
		| sed \
			-e 's/\${EMAIL}/'$EMAIL'/' \
			-e 's/\${DOMAIN}/'$DOMAIN'/' \
			-e 's/\${CTHOSTNAME}/'$CTHOSTNAME'/' \
			-e 's/\${WAN_IP}/'${WAN_IP/\//\\/}'/' \
			-e 's/\${WAN_GATE}/'$WAN_GATE'/' \
		> "${ASSETS_DIR}/${file}"
done


#----------------------------------------------------------------------

echo Creating CT...
# NOTE: we are not setting the password here to avoid printing it to the terminal...
@ pct create $ID \
	${TEMPLATE[-1]} \
	${OPTS_STAGE_1} \
	--password="$TMP_PASS" \
	--start 1 \
|| exit 1

if [ $PASS ] ; then
	echo Setting root password...
	echo "root:$PASS" \
		| @ lxc-attach $ID chpasswd
fi

echo Updating container...
@ lxc-attach $ID apk update
@ lxc-attach $ID apk upgrade

echo Installing dependencies...
@ lxc-attach $ID apk add bash bridge iptables traefik

echo Copying assets...
@ pct-push-r $ID ./assets /

echo Setup: traefik...
@ lxc-attach $ID rc-update add traefik
@ lxc-attach $ID rc-service traefik start

echo Setup: iptables...
@ lxc-attach $ID rc-update add iptables
@ lxc-attach $ID bash /root/routing.sh
@ lxc-attach $ID rc-service iptables save
@ lxc-attach $ID rc-service iptables start

echo "Post config..."
[ "$OPTS_STAGE_2" ] \
	&& @ pct set $ID \
		${OPTS_STAGE_2}

[ "$REBOOT" ] \
	&& @ pct reboot $ID

echo Done.


#----------------------------------------------------------------------
# vim:set ts=4 sw=4 :
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00			`#!/usr/bin/bash`
			`#----------------------------------------------------------------------`

			`source ../.pct-helpers`

tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-30 18:05:58 +03:00			`PATH=$PATH:$(dirname "$(pwd)")`

started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00
minor fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 15:29:38 +03:00			`#----------------------------------------------------------------------`

			`[ -e ../config.global ] \`
			`&& source ../config.global`

fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 15:30:54 +03:00			`[ -e ./config ] \`
minor fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 15:29:38 +03:00			`&& source ./config`


started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00			`#----------------------------------------------------------------------`

tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 17:01:17 +03:00			`TEMPLATE_DIR=${TEMPLATE_DIR:=templates}`
			`ASSETS_DIR=${ASSETS_DIR:=assets}`

started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00			`# ROOTPASS=`
tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 17:01:17 +03:00			`TMP_PASS_LEN=${TMP_PASS_LEN:=32}`

			`DFL_EMAIL=${DFL_EMAIL:=user@example.com}`
			`DFL_DOMAIN=${DFL_DOMAIN:=example.com}`
			`DFL_ID=${DFL_ID:=500}`
added udp/tcp port tests... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2024-01-01 04:15:49 +03:00			`DFL_CTHOSTNAME=${DFL_CTHOSTNAME:=gate}`
tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 17:01:17 +03:00			`DFL_WAN_IP=${DFL_WAN_IP:=192.168.1.101/24}`
			`DFL_WAN_GATE=${DFL_WAN_GATE:=192.168.1.252}`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00
tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 17:01:17 +03:00			`DFL_WAN_BRIDGE=${DFL_WAN_BRIDGE:=2}`
			`DFL_LAN_BRIDGE=${DFL_LAN_BRIDGE:=0}`
			`DFL_ADMIN_BRIDGE=${DFL_ADMIN_BRIDGE:=1}`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00
tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 17:01:17 +03:00			`DFL_PCT_EXTRA=${DFL_PCT_EXTRA:=}`
minor fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 15:29:38 +03:00
tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 17:01:17 +03:00			`REBOOT=${REBOOT:=1}`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00

			`#----------------------------------------------------------------------`

			`[ -z $EMAIL ] \`
			`&& read -ep "Email: " -i "$DFL_EMAIL" EMAIL`
			`EMAIL=${EMAIL:=$DFL_EMAIL}`
			`[ -z $DOMAIN ] \`
			`&& read -ep "Domain: " -i "$DFL_DOMAIN" DOMAIN`
			`DOMAIN=${DOMAIN:=$DFL_DOMAIN}`
			`[ -z $ID ] \`
			`&& read -ep "ID: " -i "$DFL_ID" ID`
			`[ -z $CTHOSTNAME ] \`
			`&& read -ep "Hostname: " -i "$DFL_CTHOSTNAME" CTHOSTNAME`
minor fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 15:29:38 +03:00			`# bridge config...`
			`[ -z $WAN_BRIDGE ] \`
			`&& read -ep "WAN bridge: vmbr" -i "$DFL_WAN_BRIDGE" WAN_BRIDGE`
			`[ -z $LAN_BRIDGE ] \`
			`&& read -ep "LAN bridge: vmbr" -i "$DFL_LAN_BRIDGE" LAN_BRIDGE`
			`[ -z $ADMIN_BRIDGE ] \`
			`&& read -ep "ADMIN bridge: vmbr" -i "$DFL_ADMIN_BRIDGE" ADMIN_BRIDGE`
			`# wan...`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00			`[ -z $WAN_IP ] \`
			`&& read -ep "WAN ip: " -i "$DFL_WAN_IP" WAN_IP`
			`[ -z $WAN_GATE ] \`
			`&& read -ep "WAN gateway: " -i "$DFL_WAN_GATE" WAN_GATE`
tweaks + docs... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 16:10:14 +03:00			`# root password...`
			`TMP_PASS=$(cat /dev/urandom \| base64 \| head -c ${TMP_PASS_LEN:=32})`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00			`if [ -z $ROOTPASS ] ; then`
			`read -sep "root password (Enter to skip): " PASS1`
			`echo`
			`if [ $PASS1 ] ; then`
			`read -sep "retype root password: " PASS2`
			`echo`
			`if [[ $PASS1 != $PASS2 ]] ; then`
			`echo "ERR: passwords do not match."`
			`exit 1`
			`fi`
			`PASS=$PASS1`
			`fi`
			`else`
			`PASS=$ROOTPASS`
			`fi`
tweaks + docs... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 16:10:14 +03:00			`# extra stuff...`
			`[ -z $PCT_EXTRA ] \`
			`&& read -ep "pct extra options: " -i "$DFL_PCT_EXTRA" PCT_EXTRA`


			`#----------------------------------------------------------------------`

			`TEMPLATE=($(ls /var/lib/vz/template/cache/alpine-3.18*.tar.xz))`

refactoring... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-31 02:02:59 +03:00			`# XXX should we set the initial ip as 10.x.x.2/23, dhcp or empty???`
			`# --net0 name=lan,bridge=vmbr${LAN_BRIDGE},firewall=1,ip=10.1.1.2/24,type=veth \`
			`# --net1 name=admin,bridge=vmbr${ADMIN_BRIDGE},firewall=1,ip=10.0.0.2/24,type=veth \`
tweaks + docs... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 16:10:14 +03:00			`OPTS_STAGE_1="\`
			`--hostname $CTHOSTNAME \`
			`--memory 128 \`
			`--swap 128 \`
tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-31 05:20:11 +03:00			`--net0 name=wan,bridge=vmbr${WAN_BRIDGE},firewall=1${WAN_GATE:+,gw=${WAN_GATE}}${WAN_IP:+,ip=${WAN_IP}},type=veth \`
oops... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-31 05:21:48 +03:00			`--net1 name=admin,bridge=vmbr${ADMIN_BRIDGE},firewall=1,ip=10.0.0.2/24,type=veth \`
			`--net2 name=lan,bridge=vmbr${LAN_BRIDGE},firewall=1,ip=10.1.1.2/24,type=veth \`
tweaks + docs... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 16:10:14 +03:00			`--storage local-lvm \`
			`--rootfs local-lvm:0.5 \`
			`--unprivileged 1 \`
			`${PCT_EXTRA} \`
			`"`

			`OPTS_STAGE_2="\`
tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 17:01:17 +03:00			`--startup order=80 \`
			`--onboot 1 \`
tweaks + docs... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 16:10:14 +03:00			`"`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00

			`#----------------------------------------------------------------------`

			`echo Building config...`
			`TEMPLATES=($(find "$TEMPLATE_DIR" -type f))`
			`for file in "${TEMPLATES[@]}" ; do`
			`file=${file#${TEMPLATE_DIR}}`
			`echo Generating: ${file}...`
minor fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 15:29:38 +03:00			`# ensure the directory exists...`
			`mkdir -p "$(dirname "${ASSETS_DIR}/${file}")"`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00			`cat "${TEMPLATE_DIR}/${file}" \`
			`\| sed \`
			`-e 's/\${EMAIL}/'$EMAIL'/' \`
			`-e 's/\${DOMAIN}/'$DOMAIN'/' \`
			`-e 's/\${CTHOSTNAME}/'$CTHOSTNAME'/' \`
			`-e 's/\${WAN_IP}/'${WAN_IP/\//\\/}'/' \`
			`-e 's/\${WAN_GATE}/'$WAN_GATE'/' \`
			`> "${ASSETS_DIR}/${file}"`
			`done`


			`#----------------------------------------------------------------------`

			`echo Creating CT...`
minor fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 15:29:38 +03:00			`# NOTE: we are not setting the password here to avoid printing it to the terminal...`
			`@ pct create $ID \`
			`${TEMPLATE[-1]} \`
			`${OPTS_STAGE_1} \`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00			`--password="$TMP_PASS" \`
fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 15:33:13 +03:00			`--start 1 \`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00			`\|\| exit 1`

			`if [ $PASS ] ; then`
tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 17:01:17 +03:00			`echo Setting root password...`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00			`echo "root:$PASS" \`
			`\| @ lxc-attach $ID chpasswd`
			`fi`

			`echo Updating container...`
			`@ lxc-attach $ID apk update`
			`@ lxc-attach $ID apk upgrade`

			`echo Installing dependencies...`
added broken dependency... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 19:14:34 +03:00			`@ lxc-attach $ID apk add bash bridge iptables traefik`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00
			`echo Copying assets...`
			`@ pct-push-r $ID ./assets /`

			`echo Setup: traefik...`
			`@ lxc-attach $ID rc-update add traefik`
			`@ lxc-attach $ID rc-service traefik start`

			`echo Setup: iptables...`
			`@ lxc-attach $ID rc-update add iptables`
			`@ lxc-attach $ID bash /root/routing.sh`
			`@ lxc-attach $ID rc-service iptables save`
			`@ lxc-attach $ID rc-service iptables start`

tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 17:01:17 +03:00			`echo "Post config..."`
fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 15:44:52 +03:00			`[ "$OPTS_STAGE_2" ] \`
minor fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 15:29:38 +03:00			`&& @ pct set $ID \`
fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 15:47:25 +03:00			`${OPTS_STAGE_2}`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00
tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 17:01:17 +03:00			`[ "$REBOOT" ] \`
			`&& @ pct reboot $ID`
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00
			`echo Done.`


tweaks... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-29 17:01:17 +03:00
started work on generating infrastructure.... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2023-12-28 07:24:50 +03:00			`#----------------------------------------------------------------------`
			`# vim:set ts=4 sw=4 :`