working on host setup...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>
2025-12-18 17:41:47 +00:00 · 2024-01-15 16:47:30 +03:00 · 2024-01-15 16:47:30 +03:00 · 9a34d48f5f
commit 9a34d48f5f
parent 6c88be17f2
4 changed files with 96 additions and 5 deletions
--- a/.pct-helpers
+++ b/.pct-helpers
@ -221,6 +221,7 @@ xread(){
 #
 #	xreadYes MSG VAR
 #
 # XXX make VAR optional...
 xreadYes(){
 	# XXX check DFL_..???
 	if [[ "${!2}" == "SKIP" ]] ; then
@ -252,6 +253,10 @@ xreadYes(){
 	fi
 	[ $SCRIPTING ] \
 		&& echo "$2=${!2}"
 	if [ -z ${!2} ] ; then
 		return 1
 	fi
 }
 #
--- a/host/make.sh
+++ b/host/make.sh
@ -0,0 +1,53 @@
 #!/usr/bin/bash
 #----------------------------------------------------------------------
 cd $(dirname $0)
 PATH=$PATH:$(dirname "$(pwd)")
 #----------------------------------------------------------------------
 source ../.pct-helpers
 #----------------------------------------------------------------------
 readConfig
 SOFTWARE=(
 	make
 	w3m links
 	qrencode
 	htop iftop iotop
 	tmux
 )
 #----------------------------------------------------------------------
 # Tools
 if xreadYes "# Update system?" UPDATE ; then
 	@ apt update
 	@ apt upgrade
 fi
 if xreadYes "# Install additional apps?" APPS ; then
 	@ apt install $(SOFTWARE[@])
 fi
 # Networking
 if xreadYes "# Create bridges?" BRIDGES ; then
 	echo
 fi
 # Firewall
 # XXX this should be done after the setup process...
 if xreadYes "# Update firewall rules?" BRIDGES ; then
 	echo
 fi
 #----------------------------------------------------------------------
 # vim:set ts=4 sw=4 :
--- a/host/templates/etc/firewall/cluster.fw
+++ b/host/templates/etc/firewall/cluster.fw
@ -0,0 +1,30 @@
 [OPTIONS]
 enable: 1
 [IPSET management]
 [RULES]
 IN ACCEPT -i vmbr3 -log nolog # STUB
 IN REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp
 IN REJECT -i vmbr0 -p udp -dport 67 -sport 67 -log nolog # dhcp
 OUT REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp
 OUT REJECT -i vmbr0 -p udp -dport 67 -sport 67 -log nolog # dhcp
 IN DHCPfwd(REJECT) -i vmbr0 -log nolog
 OUT DHCPfwd(REJECT) -i vmbr0 -log nolog
 IN DNS(ACCEPT) -i vmbr0 -log nolog
 IN Ping(ACCEPT) -i vmbr0 -log nolog
 IN SSH(ACCEPT) -i vmbr0 -log nolog
 IN OpenVPN(ACCEPT) -i vmbr0 -log nolog
 IN Web(ACCEPT) -i vmbr0 -log nolog
 IN ACCEPT -i vmbr0 -p udp -dport 22027 -log nolog # syncthing
 IN ACCEPT -i vmbr0 -p udp -dport 22000 -log nolog # syncthing
 IN ACCEPT -i vmbr0 -p tcp -dport 22000 -log nolog # syncthing
 IN SMB(ACCEPT) -i vmbr0 -log nolog
 IN Git(ACCEPT) -i vmbr0 -log nolog
 |IN Rsync(ACCEPT) -i vmbr0 -log nolog
 |IN REJECT -i vmbr0 -log nolog # ALL
 [group landings]
--- a/nextcloud/make.sh
+++ b/nextcloud/make.sh
@ -94,12 +94,15 @@ echo "# Updating config..."
 	sed -i \
 		-e \"/trusted_domains/i\\  'trusted_proxies' =>\\n  array (\\n    '${GATE_LAN_IP/\/*}\\/32',\\n  ),\" \
 		/var/www/nextcloud/config/config.php"
 # add self IP to trusted_domains -- enable setup from local network...
-IP=$([ -z $DRY_RUN ] && lxc-attach $ID -- hostname -I)
+# XXX is this actually needed???
-@ lxc-attach $ID -- bash -c "\
+#IP=$([ -z $DRY_RUN ] && lxc-attach $ID -- hostname -I)
-	sed -z -i \
+#@ lxc-attach $ID -- bash -c "\
-		-e \"s/\\(trusted_domains[^)]*\\)/\\1  2 => '${IP/ *}',\\n  /\" \
+#	sed -z -i \
-		/var/www/nextcloud/config/config.php"
+#		-e \"s/\\(trusted_domains[^)]*\\)/\\1  2 => '${IP/ *}',\\n  /\" \
 #		/var/www/nextcloud/config/config.php"
 # remove /index.php from urls...
 # for more info see:
 #	https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#pretty-urls