diff --git a/.pct-helpers b/.pct-helpers index 5e7b3a0..51a4590 100644 --- a/.pct-helpers +++ b/.pct-helpers @@ -139,5 +139,160 @@ normpath(){ } +#---------------------------------------------------------------------- + +# +# xread [-n] MSG VAR +# +xread(){ + local non_empty= + if [[ $1 == '-n' ]] ; then + shift + local non_empty=1 + fi + [ -z ${!2} ] \ + && eval 'read -ep "'$1'" -i "$DFL_'$2'" '${2}'' + if [ -z $non_empty ] ; then + eval ''$2'=${'$2':=$DFL_'$2'}' + fi +} + + +# +# Variables this handles: +# EMAIL +# DOMAIN +# ID +# CTHOSTNAME +# WAN_BRIDGE +# LAN_BRIDGE +# ADMIN_BRIDGE +# WAN_IP +# WAN_GATE +# LAN_IP +# LAN_GATE +# ADMIN_IP +# ADMIN_GATE +# ROOTPASS +# PCT_EXTRA +# +# Variables this sets: +# PASS +# +# Variables used: +# TMP_PASS_LEN +# ROOTPASS +# +readVars(){ + xread -n "Email: " EMAIL + xread -n "Domain: " DOMAIN + xread "ID: " ID + xread "Hostname: " CTHOSTNAME + + # bridge config... + xread "WAN bridge: vmbr" WAN_BRIDGE + xread "LAN bridge: vmbr" LAN_BRIDGE + xread "ADMIN bridge: vmbr" ADMIN_BRIDGE + + # gateway... + xread "WAN ip: " WAN_IP + xread "WAN gateway: " WAN_GATE + xread "LAN ip: " LAN_IP + xread "LAN gateway: " LAN_GATE + xread "ADMIN ip: " ADMIN_IP + xread "ADMIN gateway: " ADMIN_GATE + + # root password... + if [ -z $ROOTPASS ] ; then + read -sep "root password (Enter to skip): " PASS1 + echo + if [ $PASS1 ] ; then + read -sep "retype root password: " PASS2 + echo + if [[ $PASS1 != $PASS2 ]] ; then + echo "ERR: passwords do not match." + exit 1 + fi + PASS=$PASS1 + fi + else + PASS=$ROOTPASS + fi + + # extra stuff... + xread "pct extra options: " PCT_EXTRA +} + + +# buildAssets [TEMPLATES [ASSETS]] +buildAssets(){ + local TEMPLATE_DIR=$1 + TEMPLATE_DIR=${TEMPLATE_DIR:=templates} + local ASSETS_DIR=$2 + TEMPLATE_DIR=${ASSETS_DIR:=assets} + + local TEMPLATES=($(find "$TEMPLATE_DIR" -type f)) + for file in "${TEMPLATES[@]}" ; do + file=${file#${TEMPLATE_DIR}} + echo Generating: ${file}... + [ $DRY_RUN ] \ + && continue + # ensure the directory exists... + mkdir -p "$(dirname "${ASSETS_DIR}/${file}")" + cat "${TEMPLATE_DIR}/${file}" \ + | sed \ + -e 's/\${EMAIL}/'$EMAIL'/' \ + -e 's/\${DOMAIN}/'$DOMAIN'/' \ + -e 's/\${CTHOSTNAME}/'$CTHOSTNAME'/' \ + -e 's/\${WAN_IP}/'${WAN_IP/\//\\/}'/' \ + -e 's/\${WAN_GATE}/'$WAN_GATE'/' \ + -e 's/\${LAN_IP}/'${LAN_IP/\//\\/}'/' \ + -e 's/\${LAN_GATE}/'$LAN_GATE'/' \ + -e 's/\${ADMIN_IP}/'${ADMIN_IP/\//\\/}'/' \ + -e 's/\${ADMIN_GATE}/'$ADMIN_GATE'/' \ + > "${ASSETS_DIR}/${file}" + done +} + + +# pctCreate ID TEMPLATE ARGS [PASS] +pctCreate(){ + local TMP_PASS=$(cat /dev/urandom | base64 | head -c ${TMP_PASS_LEN:=32}) + # NOTE: we are not setting the password here to avoid printing it to the terminal... + @ pct create $1 \ + ${2} \ + ${3} \ + --password="$TMP_PASS" \ + --start 1 \ + || exit 1 + # set actual root password... + if [ "$4" ] ; then + echo "root:$4" \ + | @ lxc-attach $1 chpasswd + fi +} + +# pctCreate ID ARGS [PASS] +pctCreateAlpine(){ + if [ $DRY_RUN ] ; then + local TEMPLATE=(/var/lib/vz/template/cache/alpine-3.18\*.tar.xz) + else + local TEMPLATE=($(ls /var/lib/vz/template/cache/alpine-3.18*.tar.xz)) + fi + pctCreate $1 "${TEMPLATE[-1]}" "$2" "$3" +} + + +# pctSet ID [ARGS [REBOOT]] +pctSet(){ + [ "$2" ] \ + && @ pct set $1 \ + ${2} + [ "$3" ] \ + && @ pct reboot $1 +} + + + #---------------------------------------------------------------------- # vim:set ts=4 sw=4 nowrap : diff --git a/gate-traefik/make.sh b/gate-traefik/make.sh index 908bb87..aabb133 100755 --- a/gate-traefik/make.sh +++ b/gate-traefik/make.sh @@ -17,78 +17,32 @@ PATH=$PATH:$(dirname "$(pwd)") #---------------------------------------------------------------------- -TEMPLATE_DIR=${TEMPLATE_DIR:=templates} -ASSETS_DIR=${ASSETS_DIR:=assets} - -# ROOTPASS= -TMP_PASS_LEN=${TMP_PASS_LEN:=32} - -DFL_EMAIL=${DFL_EMAIL:=user@example.com} -DFL_DOMAIN=${DFL_DOMAIN:=example.com} -DFL_ID=${DFL_ID:=500} +DFL_ID=${DFL_ID:=101} DFL_CTHOSTNAME=${DFL_CTHOSTNAME:=gate} + DFL_WAN_IP=${DFL_WAN_IP:=192.168.1.101/24} DFL_WAN_GATE=${DFL_WAN_GATE:=192.168.1.252} +# these can be: +# +# / +# dhcp +DFL_ADMIN_IP=${DFL_ADMIN_IP:=10.0.0.2/24} +ADMIN_GATE=- +DFL_LAN_IP=${DFL_LAN_IP:=10.1.1.2/24} +LAN_GATE=- + DFL_WAN_BRIDGE=${DFL_WAN_BRIDGE:=2} DFL_LAN_BRIDGE=${DFL_LAN_BRIDGE:=0} DFL_ADMIN_BRIDGE=${DFL_ADMIN_BRIDGE:=1} -DFL_PCT_EXTRA=${DFL_PCT_EXTRA:=} - REBOOT=${REBOOT:=1} - -#---------------------------------------------------------------------- - -[ -z $EMAIL ] \ - && read -ep "Email: " -i "$DFL_EMAIL" EMAIL -EMAIL=${EMAIL:=$DFL_EMAIL} -[ -z $DOMAIN ] \ - && read -ep "Domain: " -i "$DFL_DOMAIN" DOMAIN -DOMAIN=${DOMAIN:=$DFL_DOMAIN} -[ -z $ID ] \ - && read -ep "ID: " -i "$DFL_ID" ID -[ -z $CTHOSTNAME ] \ - && read -ep "Hostname: " -i "$DFL_CTHOSTNAME" CTHOSTNAME -# bridge config... -[ -z $WAN_BRIDGE ] \ - && read -ep "WAN bridge: vmbr" -i "$DFL_WAN_BRIDGE" WAN_BRIDGE -[ -z $LAN_BRIDGE ] \ - && read -ep "LAN bridge: vmbr" -i "$DFL_LAN_BRIDGE" LAN_BRIDGE -[ -z $ADMIN_BRIDGE ] \ - && read -ep "ADMIN bridge: vmbr" -i "$DFL_ADMIN_BRIDGE" ADMIN_BRIDGE -# wan... -[ -z $WAN_IP ] \ - && read -ep "WAN ip: " -i "$DFL_WAN_IP" WAN_IP -[ -z $WAN_GATE ] \ - && read -ep "WAN gateway: " -i "$DFL_WAN_GATE" WAN_GATE -# root password... -TMP_PASS=$(cat /dev/urandom | base64 | head -c ${TMP_PASS_LEN:=32}) -if [ -z $ROOTPASS ] ; then - read -sep "root password (Enter to skip): " PASS1 - echo - if [ $PASS1 ] ; then - read -sep "retype root password: " PASS2 - echo - if [[ $PASS1 != $PASS2 ]] ; then - echo "ERR: passwords do not match." - exit 1 - fi - PASS=$PASS1 - fi -else - PASS=$ROOTPASS -fi -# extra stuff... -[ -z $PCT_EXTRA ] \ - && read -ep "pct extra options: " -i "$DFL_PCT_EXTRA" PCT_EXTRA +readVars #---------------------------------------------------------------------- -TEMPLATE=($(ls /var/lib/vz/template/cache/alpine-3.18*.tar.xz)) - # XXX should we set the initial ip as 10.x.x.2/23, dhcp or empty??? # --net0 name=lan,bridge=vmbr${LAN_BRIDGE},firewall=1,ip=10.1.1.2/24,type=veth \ # --net1 name=admin,bridge=vmbr${ADMIN_BRIDGE},firewall=1,ip=10.0.0.2/24,type=veth \ @@ -97,8 +51,8 @@ OPTS_STAGE_1="\ --memory 128 \ --swap 128 \ --net0 name=wan,bridge=vmbr${WAN_BRIDGE},firewall=1${WAN_GATE:+,gw=${WAN_GATE}}${WAN_IP:+,ip=${WAN_IP}},type=veth \ - --net1 name=admin,bridge=vmbr${ADMIN_BRIDGE},firewall=1,ip=10.0.0.2/24,type=veth \ - --net2 name=lan,bridge=vmbr${LAN_BRIDGE},firewall=1,ip=10.1.1.2/24,type=veth \ + --net1 name=admin,bridge=vmbr${ADMIN_BRIDGE},firewall=1${ADMIN_IP:+,ip=${ADMIN_IP}},type=veth \ + --net2 name=lan,bridge=vmbr${LAN_BRIDGE},firewall=1${LAN_IP:+,ip=${LAN_IP}},type=veth \ --storage local-lvm \ --rootfs local-lvm:0.5 \ --unprivileged 1 \ @@ -114,39 +68,10 @@ OPTS_STAGE_2="\ #---------------------------------------------------------------------- echo Building config... -TEMPLATES=($(find "$TEMPLATE_DIR" -type f)) -for file in "${TEMPLATES[@]}" ; do - file=${file#${TEMPLATE_DIR}} - echo Generating: ${file}... - # ensure the directory exists... - mkdir -p "$(dirname "${ASSETS_DIR}/${file}")" - cat "${TEMPLATE_DIR}/${file}" \ - | sed \ - -e 's/\${EMAIL}/'$EMAIL'/' \ - -e 's/\${DOMAIN}/'$DOMAIN'/' \ - -e 's/\${CTHOSTNAME}/'$CTHOSTNAME'/' \ - -e 's/\${WAN_IP}/'${WAN_IP/\//\\/}'/' \ - -e 's/\${WAN_GATE}/'$WAN_GATE'/' \ - > "${ASSETS_DIR}/${file}" -done - - -#---------------------------------------------------------------------- +buildAssets "$TEMPLATE_DIR" "$ASSETS_DIR" echo Creating CT... -# NOTE: we are not setting the password here to avoid printing it to the terminal... -@ pct create $ID \ - ${TEMPLATE[-1]} \ - ${OPTS_STAGE_1} \ - --password="$TMP_PASS" \ - --start 1 \ -|| exit 1 - -if [ $PASS ] ; then - echo Setting root password... - echo "root:$PASS" \ - | @ lxc-attach $ID chpasswd -fi +pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS" echo Updating container... @ lxc-attach $ID apk update @@ -169,12 +94,7 @@ echo Setup: iptables... @ lxc-attach $ID rc-service iptables start echo "Post config..." -[ "$OPTS_STAGE_2" ] \ - && @ pct set $ID \ - ${OPTS_STAGE_2} - -[ "$REBOOT" ] \ - && @ pct reboot $ID +pctSet $ID "${OPTS_STAGE_2}" $REBOOT echo Done. diff --git a/ns/make.sh b/ns/make.sh index 93e7dba..72c7210 100755 --- a/ns/make.sh +++ b/ns/make.sh @@ -15,112 +15,49 @@ source ../.pct-helpers #---------------------------------------------------------------------- -UPDATE_ON_LAN=1 -TIMEOUT=5 -TMP_PASS_LEN=32 - -TEMPLATE_DIR=templates -ASSETS_DIR=assets - -# EMAIL= -# DOMAIN= -# ID= -# CTHOSTNAME= -# WAN_IP= -# WAN_GATE= -# ROOTPASS= - -DFL_EMAIL=user@example.com -DFL_DOMAIN=example.com DFL_ID=100 DFL_CTHOSTNAME=ns -DFL_WAN_IP=192.168.1.101/24 -DFL_WAN_GATE=192.168.1.252 -TMP_PASS=$(cat /dev/urandom | base64 | head -c ${TMP_PASS_LEN:=32}) +WAN_IP=- +WAN_GATE=- +DFL_ADMIN_IP=${DFL_ADMIN_IP:=10.0.0.1/24} +ADMIN_GATE=- +DFL_LAN_IP=${DFL_LAN_IP:=10.1.1.1/24} +DFL_LAN_GATE=${DFL_LAN_IP:=10.1.1.2/24} + +# ignored variables... + +readVars #---------------------------------------------------------------------- -[ -z $EMAIL ] \ - && read -ep "Email: " -i "$DFL_EMAIL" EMAIL -EMAIL=${EMAIL:=$DFL_EMAIL} -[ -z $DOMAIN ] \ - && read -ep "Domain: " -i "$DFL_DOMAIN" DOMAIN -DOMAIN=${DOMAIN:=$DFL_DOMAIN} -[ -z $ID ] \ - && read -ep "ID: " -i "$DFL_ID" ID -[ -z $CTHOSTNAME ] \ - && read -ep "Hostname: " -i "$DFL_CTHOSTNAME" CTHOSTNAME -[ -z $WAN_IP ] \ - && read -ep "WAN ip (stub): " -i "$DFL_WAN_IP" WAN_IP -[ -z $WAN_GATE ] \ - && read -ep "WAN gateway (stub): " -i "$DFL_WAN_GATE" WAN_GATE -if [ -z $ROOTPASS ] ; then - read -sep "root password (Enter to skip): " PASS1 - echo - if [ $PASS1 ] ; then - read -sep "retype root password: " PASS2 - echo - if [[ $PASS1 != $PASS2 ]] ; then - echo "ERR: passwords do not match." - exit 1 - fi - PASS=$PASS1 - fi -else - PASS=$ROOTPASS -fi +OPTS_STAGE_1="\ + --hostname $CTHOSTNAME \ + --memory 128 \ + --swap 128 \ + --net0 name=lan,bridge=vmbr0,firewall=1${LAN_GATE:+,gw=$LAN_GATE}${LAN_IP:+,ip=$LAN_IP},type=veth \ + --net1 name=admin,bridge=vmbr1,firewall=1${ADMIN_IP:+,ip=$ADMIN_IP},type=veth \ + --storage local-lvm \ + --rootfs local-lvm:0.5 \ + --unprivileged 1 \ + ${PCT_EXTRA} \ +" + +OPTS_STAGE_2="\ + --startup order=90 \ + --onboot 1 \ +" + #---------------------------------------------------------------------- echo Building config... -TEMPLATES=($(find "$TEMPLATE_DIR" -type f)) -for file in "${TEMPLATES[@]}" ; do - file=${file#${TEMPLATE_DIR}} - echo Generating: ${file}... - cat "${TEMPLATE_DIR}/${file}" \ - | sed \ - -e 's/\${EMAIL}/'$EMAIL'/' \ - -e 's/\${DOMAIN}/'$DOMAIN'/' \ - -e 's/\${CTHOSTNAME}/'$CTHOSTNAME'/' \ - -e 's/\${WAN_IP}/'${WAN_IP/\//\\/}'/' \ - -e 's/\${WAN_GATE}/'$WAN_GATE'/' \ - > "${ASSETS_DIR}/${file}" -done - - -#---------------------------------------------------------------------- +buildAssets "$TEMPLATE_DIR" "$ASSETS_DIR" echo Creating CT... - -TEMPLATE=($(ls /var/lib/vz/template/cache/alpine-3.18*.tar.xz)) - -# XXX option to configure bridges... -# NOTE: we are not setting the password here to avoid printing it to the terminal... -@ pct create $ID \ - ${TEMPLATE[-1]} \ - --hostname $CTHOSTNAME \ - --memory 128 \ - --swap 128 \ - --net0 name=lan,bridge=vmbr0,firewall=1,ip=dhcp,type=veth \ - --net1 name=admin,bridge=vmbr1,firewall=1,type=veth \ - --net2 name=wan,bridge=vmbr2,firewall=1${WAN_GATE:+,gw=${WAN_GATE}}${WAN_IP:+,ip=${WAN_IP}},type=veth \ - --storage local-lvm \ - --rootfs local-lvm:0.5 \ - --unprivileged 1 \ - --password="$TMP_PASS" \ - --start 1 \ -|| exit 1 - -# XXX ifdown admin lan interfaces fro bootstrap... - -echo Setting root password... -if [ $PASS ] ; then - echo "root:$PASS" \ - | @ lxc-attach $ID chpasswd -fi +pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS" echo Updating container... @ lxc-attach $ID apk update @@ -136,7 +73,8 @@ echo Setup: dnsmasq... @ lxc-attach $ID rc-update add dnsmasq @ lxc-attach $ID rc-service dnsmasq start - +echo "Post config..." +pctSet $ID "${OPTS_STAGE_2}" $REBOOT echo Done.