working on host setup...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>
2025-12-18 09:31:47 +00:00 · 2024-01-15 16:47:30 +03:00 · 2024-01-15 16:47:30 +03:00 · 9a34d48f5f
commit 9a34d48f5f
parent 6c88be17f2
4 changed files with 96 additions and 5 deletions
--- a/.pct-helpers
+++ b/.pct-helpers
@ -221,6 +221,7 @@ xread(){
 #
 #	xreadYes MSG VAR
 #
+# XXX make VAR optional...
 xreadYes(){
 	# XXX check DFL_..???
 	if [[ "${!2}" == "SKIP" ]] ; then
@ -252,6 +253,10 @@ xreadYes(){
 	fi
 	[ $SCRIPTING ] \
 		&& echo "$2=${!2}"
+
+	if [ -z ${!2} ] ; then
+		return 1
+	fi
 }

 #
--- a/host/make.sh
+++ b/host/make.sh
@ -0,0 +1,53 @@
+#!/usr/bin/bash
+#----------------------------------------------------------------------
+
+cd $(dirname $0)
+PATH=$PATH:$(dirname "$(pwd)")
+
+
+#----------------------------------------------------------------------
+
+source ../.pct-helpers
+
+
+#----------------------------------------------------------------------
+
+readConfig
+
+
+SOFTWARE=(
+	make
+	w3m links
+	qrencode
+	htop iftop iotop
+	tmux
+)
+
+
+#----------------------------------------------------------------------
+
+# Tools
+if xreadYes "# Update system?" UPDATE ; then
+	@ apt update
+	@ apt upgrade
+fi
+if xreadYes "# Install additional apps?" APPS ; then
+	@ apt install $(SOFTWARE[@])
+fi
+
+# Networking
+if xreadYes "# Create bridges?" BRIDGES ; then
+	echo
+fi
+
+# Firewall
+# XXX this should be done after the setup process...
+if xreadYes "# Update firewall rules?" BRIDGES ; then
+	echo
+fi
+
+
+
+
+#----------------------------------------------------------------------
+# vim:set ts=4 sw=4 :
--- a/host/templates/etc/firewall/cluster.fw
+++ b/host/templates/etc/firewall/cluster.fw
@ -0,0 +1,30 @@
+[OPTIONS]
+
+enable: 1
+
+[IPSET management]
+
+
+[RULES]
+
+IN ACCEPT -i vmbr3 -log nolog # STUB
+IN REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp
+IN REJECT -i vmbr0 -p udp -dport 67 -sport 67 -log nolog # dhcp
+OUT REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp
+OUT REJECT -i vmbr0 -p udp -dport 67 -sport 67 -log nolog # dhcp
+IN DHCPfwd(REJECT) -i vmbr0 -log nolog
+OUT DHCPfwd(REJECT) -i vmbr0 -log nolog
+IN DNS(ACCEPT) -i vmbr0 -log nolog
+IN Ping(ACCEPT) -i vmbr0 -log nolog
+IN SSH(ACCEPT) -i vmbr0 -log nolog
+IN OpenVPN(ACCEPT) -i vmbr0 -log nolog
+IN Web(ACCEPT) -i vmbr0 -log nolog
+IN ACCEPT -i vmbr0 -p udp -dport 22027 -log nolog # syncthing
+IN ACCEPT -i vmbr0 -p udp -dport 22000 -log nolog # syncthing
+IN ACCEPT -i vmbr0 -p tcp -dport 22000 -log nolog # syncthing
+IN SMB(ACCEPT) -i vmbr0 -log nolog
+IN Git(ACCEPT) -i vmbr0 -log nolog
+|IN Rsync(ACCEPT) -i vmbr0 -log nolog
+|IN REJECT -i vmbr0 -log nolog # ALL
+
+[group landings]
--- a/nextcloud/make.sh
+++ b/nextcloud/make.sh
@ -94,12 +94,15 @@ echo "# Updating config..."
 	sed -i \
 		-e \"/trusted_domains/i\\  'trusted_proxies' =>\\n  array (\\n    '${GATE_LAN_IP/\/*}\\/32',\\n  ),\" \
 		/var/www/nextcloud/config/config.php"
+
 # add self IP to trusted_domains -- enable setup from local network...
-IP=$([ -z $DRY_RUN ] && lxc-attach $ID -- hostname -I)
-@ lxc-attach $ID -- bash -c "\
-	sed -z -i \
-		-e \"s/\\(trusted_domains[^)]*\\)/\\1  2 => '${IP/ *}',\\n  /\" \
-		/var/www/nextcloud/config/config.php"
+# XXX is this actually needed???
+#IP=$([ -z $DRY_RUN ] && lxc-attach $ID -- hostname -I)
+#@ lxc-attach $ID -- bash -c "\
+#	sed -z -i \
+#		-e \"s/\\(trusted_domains[^)]*\\)/\\1  2 => '${IP/ *}',\\n  /\" \
+#		/var/www/nextcloud/config/config.php"
+
 # remove /index.php from urls...
 # for more info see:
 #	https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#pretty-urls