now ssh target does not ask if one wants to install stuff...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>

.pct-helpers

@@ -317,51 +317,68 @@ readVars(){
 
 
 #
-#	buildAssets [TEMPLATES [ASSETS]]
+#	buildAssets [VAR ..]
 #
 buildAssets(){
-	local TEMPLATE_DIR=$1
+	local template_dir=${TEMPLATE_DIR:-templates}
-	TEMPLATE_DIR=${TEMPLATE_DIR:=templates}
+	local assets_dir=${ASSETS_DIR:-assets}
-	local ASSETS_DIR=$2
-	ASSETS_DIR=${ASSETS_DIR:=assets}
 
-	if ! [ -e $TEMPLATE_DIR ] ; then
+	if ! [ -e $template_dir ] ; then
 		return
 	fi
 
-	local TEMPLATES=($(find "$TEMPLATE_DIR" -type f))
+	local PATTERNS=()
+	local DFL_VARS=(
+		EMAIL
+		DOMAIN
+		CTHOSTNAME
+		GATE_HOSTNAME
+		NS_HOSTNAME
+		GATE_LAN_IP
+		GATE_ADMIN_IP
+		NS_LAN_IP
+		NS_ADMIN_IP
+		WAN_IP
+		WAN_GATE
+		LAN_IP
+		LAN_GATE
+		ADMIN_IP
+		ADMIN_GATE
+	)
+	for var in ${DFL_VARS[@]} ; do
+		local val=${!var}
+		PATTERNS+=("-e 's/\\\${${var}}/${val/\//\\/}/g'")
+	done
+	local IP_VARS=(
+		GATE_LAN_IPn
+		GATE_ADMIN_IPn
+		NS_LAN_IPn
+		NS_ADMIN_IPn
+		WAN_IPn
+		LAN_IPn
+		ADMIN_IPn
+	)
+	for var in ${IP_VARS[@]} ; do
+		local val=${!var}
+		PATTERNS+=("-e 's/\\\${${var}}/${val/\/*}/g'")
+	done
+	# args...
+	for var in $@ ; do
+		local val=${!var}
+		PATTERNS+=("-e 's/\\\${${var}}/${val/\//\\/}/g'")
+	done
+
+	local TEMPLATES=($(find "$template_dir" -type f))
 	for file in "${TEMPLATES[@]}" ; do
-		file=${file#${TEMPLATE_DIR}}
+		file=${file#${template_dir}}
 		echo Generating: ${file}...
 		[ $DRY_RUN ] \
 			&& continue
 		# ensure the directory exists...
-		mkdir -p "$(dirname "${ASSETS_DIR}/${file}")"
+		mkdir -p "$(dirname "${assets_dir}/${file}")"
-		cat "${TEMPLATE_DIR}/${file}" \
+		cat "${template_dir}/${file}" \
-			| sed \
+			| eval "sed ${PATTERNS[@]}" \
-				-e 's/\${EMAIL}/'${EMAIL/\//\\/}'/g' \
+			> "${assets_dir}/${file}"
-				-e 's/\${DOMAIN}/'${DOMAIN/\//\\/}'/g' \
-				-e 's/\${CTHOSTNAME}/'${CTHOSTNAME/\//\\/}'/g' \
-				-e 's/\${GATE_HOSTNAME}/'${GATE_HOSTNAME/\//\\/}'/g' \
-				-e 's/\${NS_HOSTNAME}/'${NS_HOSTNAME/\//\\/}'/g' \
-				-e 's/\${GATE_LAN_IP}/'${GATE_LAN_IP/\//\\/}'/g' \
-				-e 's/\${GATE_LAN_IPn}/'${GATE_LAN_IP/\/*}'/g' \
-				-e 's/\${GATE_ADMIN_IP}/'${GATE_ADMIN_IP/\//\\/}'/g' \
-				-e 's/\${GATE_ADMIN_IPn}/'${GATE_ADMIN_IP/\/*}'/g' \
-				-e 's/\${NS_LAN_IP}/'${NS_LAN_IP/\//\\/}'/g' \
-				-e 's/\${NS_LAN_IPn}/'${NS_LAN_IP/\/*}'/g' \
-				-e 's/\${NS_ADMIN_IP}/'${NS_ADMIN_IP/\//\\/}'/g' \
-				-e 's/\${NS_ADMIN_IPn}/'${NS_ADMIN_IP/\/*}'/g' \
-				-e 's/\${WAN_IP}/'${WAN_IP/\//\\/}'/g' \
-				-e 's/\${WAN_IPn}/'${WAN_IP/\/*}'/g' \
-				-e 's/\${WAN_GATE}/'${WAN_GATE/\//\\/}'/g' \
-				-e 's/\${LAN_IP}/'${LAN_IP/\//\\/}'/g' \
-				-e 's/\${LAN_IPn}/'${LAN_IP/\/*}'/g' \
-				-e 's/\${LAN_GATE}/'${LAN_GATE/\//\\/}'/' \
-				-e 's/\${ADMIN_IP}/'${ADMIN_IP/\//\\/}'/g' \
-				-e 's/\${ADMIN_IPn}/'${ADMIN_IP/\/*}'/g' \
-				-e 's/\${ADMIN_GATE}/'${ADMIN_GATE/\//\\/}'/g' \
-			> "${ASSETS_DIR}/${file}"
 	done
 }
 

gate-traefik/make.sh

@@ -67,7 +67,7 @@ OPTS_STAGE_2="\
 #----------------------------------------------------------------------
 
 echo "# Building config..."
-buildAssets "$TEMPLATE_DIR" "$ASSETS_DIR"
+buildAssets
 
 echo "# Creating CT..."
 pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS"
@@ -90,7 +90,7 @@ echo "# Setup: iptables..."
 
 echo "# Setup: iptables update script..."
 @ lxc-attach $ID rc-update add local
-@ lxc-attach $ID ln -s /root/routing.sh /etc/local.d/iptables-update.start
+@ lxc-attach $ID -- ln -s /root/routing.sh /etc/local.d/iptables-update.start
 
 echo "# Post config..."
 pctSet $ID "${OPTS_STAGE_2}" $REBOOT

gate-traefik/templates/etc/network/interfaces

@@ -19,7 +19,7 @@ iface wan inet static
 	hostname $(hostname)
 
 auto br0
-iface br0 inet stattic
+iface br0 inet static
 	pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
 	pre-up brctl addbr br0
 

nextcloud/make.sh

@@ -67,7 +67,7 @@ OPTS_STAGE_2="\
 #----------------------------------------------------------------------
 
 echo "# Building config..."
-buildAssets "$TEMPLATE_DIR" "$ASSETS_DIR"
+buildAssets
 
 echo "# Creating CT..."
 getLatestTemplate '.*-turnkey-nextcloud' TEMPLATE

ns/make.sh

@@ -66,7 +66,7 @@ OPTS_STAGE_2="\
 #----------------------------------------------------------------------
 
 echo "# Building config..."
-buildAssets "$TEMPLATE_DIR" "$ASSETS_DIR"
+buildAssets
 
 echo "# Creating CT..."
 pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS"

ssh/make.sh

@@ -65,12 +65,19 @@ echo "# Creating CT..."
 pctCreateDebian $ID "${OPTS_STAGE_1}" "$PASS"
 
 echo "# Installing dependencies..."
-@ lxc-attach $ID apt install vim htop iftop iotop tmux mc
+@ lxc-attach $ID -- bash -c 'yes | apt install vim htop iftop iotop tmux mc sudo'
 
-echo "# Setup: user..."
+echo "# Setup: users..."
+while true ; do
 	xread "user name for ssh: " SSH_USER
 	[ -z $SSH_USER ] \
 		|| @ lxc-attach $ID -- adduser $SSH_USER
+	read -ep "Add another user? [y/N] " MORE
+	if [[ $MORE == 'y' ]] ; then
+		continue
+	fi
+	break
+done
 
 echo "# Post config..."
 pctSet $ID "${OPTS_STAGE_2}" $REBOOT

wireguard/assets/etc/network/interfaces

@@ -0,0 +1,18 @@
+auto lo
+iface lo inet loopback
+iface lo inet6 loopback
+
+auto admin
+iface admin inet dhcp
+	hostname $(hostname)
+
+auto lan
+iface lan inet dhcp
+	hostname $(hostname)
+
+auto wg0
+iface wg0 inet static
+	pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
+	pre-up wg-quick up wg0
+	hostname $(hostname)
+	post-down wg-quick down wg0

wireguard/assets/root/Makefile

@@ -1,69 +0,0 @@
-
-
-
-SERVER_DIR := /etc/wireguard/
-SERVER_TPL := templates/wg0.conf
-SERVER_CLIENT_TPL := templates/wg0-client.tpl
-SERVER_CONF := $(SERVER_DIR)/wg0.conf
-SERVER_KEY := $(SERVER_DIR)/server_id
-SERVER_PUBLIC_KEY := $(SERVER_DIR)/server_id.pub
-
-CLIENT_TPL := templates/client.conf
-CLIENT_DIR := $(SERVER_DIR)/clients/
-
-CLIENT_IPS ?= 10.42.0.0/16
-ENDPOINT_PORT ?= 51820
-ENDPOINT ?= 1.2.3.4
-
-# XXX need to generate this...
-CLIENT_IP ?= 10.42.0.1/32
-DNS ?= 10.1.1.1
-ALLOWED_IPS ?= 0.0.0.0/0
-
-
-%_id:
-	@ mkdir -p $$(dirname $@)
-	wg genkey 2> /dev/null > $@
-	chmod 600 $@
-
-%_id.pub: %_id
-	cat $< | wg pubkey > $@
-
-
-$(SERVER_CONF): $(SERVER_TPL) $(SERVER_KEY)
-	cat $< \
-		| sed \
-			-e 's/\$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
-			-e 's/\$${CLIENT_IPS}/$(subst /,\/,$(CLIENT_IPS))/g' \
-			-e 's/\$${SERVER_PRIVATE_KEY}/'$$(cat "$(SERVER_KEY)" | sed -e 's/\//\\\//g')'/g' \
-		> "$@"
-
-%.client: $(CLIENT_TPL) $(SERVER_CLIENT_TPL) \
-		$(CLIENT_DIR)/%_id $(CLIENT_DIR)/%_id.pub \
-		$(SERVER_CONF) $(SERVER_PUBLIC_KEY)
-	@ mkdir -p $(CLIENT_DIR)
-	cat "$<" \
-		| sed \
-			-e 's/\$${DNS}/$(DNS)/g' \
-			-e 's/\$${ENDPOINT}/$(ENDPOINT)/g' \
-			-e 's/\$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
-			-e 's/\$${ALLOWED_IPS}/$(subst /,\/,$(ALLOWED_IPS))/g' \
-			-e 's/\$${CLIENT_IP}/$(subst /,\/,$(CLIENT_IP))/g' \
-			-e 's/\$${CLIENT_PRIVATE_KEY}/'$$(cat "$(CLIENT_DIR)/$*_id" | sed -e 's/\//\\\//g')'/g' \
-			-e 's/\$${SERVER_PUBLIC_KEY}/'$$(cat "$(SERVER_PUBLIC_KEY)" | sed -e 's/\//\\\//g')'/g' \
-		> "$(CLIENT_DIR)/$*.conf"
-	cat "$(SERVER_CLIENT_TPL)" \
-		| sed \
-			-e 's/\$${CLIENT_IP}/$(subst /,\/,$(CLIENT_IP))/g' \
-			-e 's/\$${ENDPOINT}/$(ENDPOINT)/g' \
-			-e 's/\$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
-			-e 's/\$${CLIENT_PUBLIC_KEY}/'$$(cat "$(CLIENT_DIR)/$*_id.pub" | sed -e 's/\//\\\//g')'/g' \
-			-e 's/\$${SERVER_PUBLIC_KEY}/'$$(cat "$(SERVER_PUBLIC_KEY)" | sed -e 's/\//\\\//g')'/g' \
-		>> "$(SERVER_CONF)"
-
-
-
-server: $(SERVER_CONF)
-
-
-

wireguard/assets/root/make-client

@@ -1,8 +0,0 @@
-#!/usr/bin/bash
-
-SERVER_TEMPLATE=
-CLIENT_TEMPLATE=
-
-PRIVATE_KEY=
-PUBLIC_KEY=
-

wireguard/assets/root/make-server

@@ -1,24 +0,0 @@
-#!/usr/bin/bash
-
-SERVER_TEMPLATE=${SERVER_TEMPLATE:=templates/wg0.conf}
-SERVER_CONF=/etc/wireguard/wg0.conf
-
-PUBLIC_KEY=/etc/wireguard/server_id
-PRIVATE_KEY=/etc/wireguard/server_id.pub
-
-
-if ! [ -e "$PRIVATE_KEY" ] ; then
-	wg genkey > "$PRIVATE_KEY" 
-fi
-if ! [ -e "$PUBLIC_KEY" ] ; then
-	cat "$PRIVATE_KEY" | wg pubkey > "$PUBLIC_KEY"
-fi
-
-PRIVATE_KEY=$(cat "$PRIVATE_KEY")
-cat ${SERVER_TEMPLATE} \
-	| sed \
-		-q 's/\${SERVER_PRIVATE_KEY}/'${PRIVATE_KEY}'/g' \
-	> "${SERVER_CONF}"
-
-./make-client
-

wireguard/make.sh

@@ -35,9 +35,19 @@ LAN_GATE=-
 
 REBOOT=${REBOOT:=1}
 
+DFL_ENDPOINT=${DFL_ENDPOINT:=$(dig +short ${DOMAIN:-$DFL_DOMAIN} | tail -1)}
+xread "Wireguard endpoint: " ENDPOINT
+
+DFL_ENDPOINT_PORT=${DFL_ENDPOINT_PORT:=51820}
+xread "Wireguard endpoint port: " ENDPOINT_PORT
+
+
 readVars
 
 
+DNS=${NS_LAN_IP/\/*}
+
+
 
 #----------------------------------------------------------------------
 
@@ -63,13 +73,13 @@ OPTS_STAGE_2="\
 #----------------------------------------------------------------------
 
 echo "# Building config..."
-buildAssets "$TEMPLATE_DIR" "$ASSETS_DIR"
+buildAssets ENDPOINT ENDPOINT_PORT DNS
 
 echo "# Creating CT..."
 pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS"
 
 echo "# Installing dependencies..."
-@ lxc-attach $ID apk add iptables wireguard-tools-wg-quick make
+@ lxc-attach $ID apk add iptables wireguard-tools-wg-quick make bind-tools
 
 echo "# Copying assets..."
 @ pct-push-r $ID ./assets /
@@ -79,20 +89,14 @@ echo "# Copying assets..."
 
 echo "# Setup: wireguard default profile..."
 @ lxc-attach $ID -- bash -c "cd /root && \
-	ENDPOINT_PORT=51820
+	CLIENT_IP=10.42.0.1/32 \
-	ENDPOINT=${DOMAIN}
+	ALLOWED_IPS=0.0.0.0/0 \
-	CLIENT_IP=10.42.0.1/32
-	DNS=${NS_LAN_IP}
-	ALLOWED_IPS=0.0.0.0/0
 		make default.client" 
 @ lxc-attach $ID -- chmod 600 /etc/wireguard/wg0.conf
 
 echo "# client config:"
 @ mkdir -p clients
 @ pct pull $ID /etc/wireguard/clients/default.conf clients/default.conf
-echo "# ---"
-@ lxc-attach $ID -- cat /etc/wireguard/clients/default.conf
-echo "# ---"
 
 #echo "# Setup: bridge device..."
 @ lxc-attach $ID wg-quick up wg0 

wireguard/templates/root/Makefile

@@ -0,0 +1,71 @@
+
+
+
+SERVER_DIR := /etc/wireguard/
+SERVER_TPL := templates/wg0.conf
+SERVER_CLIENT_TPL := templates/wg0-client.tpl
+SERVER_CONF := $(SERVER_DIR)/wg0.conf
+SERVER_KEY := $(SERVER_DIR)/server_id
+SERVER_PUBLIC_KEY := $(SERVER_DIR)/server_id.pub
+
+CLIENT_TPL := templates/client.conf
+CLIENT_DIR := $(SERVER_DIR)/clients/
+
+CLIENT_IPS ?= 10.42.0.0/16
+ENDPOINT_PORT ?= ${ENDPOINT_PORT}
+ENDPOINT ?= ${ENDPOINT}
+
+DNS ?= ${DNS}
+ALLOWED_IPS ?= 0.0.0.0/0
+# XXX need to generate this...
+CLIENT_IP ?= 10.42.0.1/32
+
+
+%_id:
+	@ mkdir -p $$(dirname $@)
+	wg genkey 2> /dev/null > $@
+	chmod 600 $@
+
+%_id.pub: %_id
+	cat $< | wg pubkey > $@
+
+
+# NOTE: the first letter of each pattern is quoted to prevent it from 
+# 	being substituted when generating this Makefile from template.
+$(SERVER_CONF): $(SERVER_TPL) $(SERVER_KEY)
+	cat $< \
+		| sed \
+			-e 's/\$${\ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
+			-e 's/\$${\CLIENT_IPS}/$(subst /,\/,$(CLIENT_IPS))/g' \
+			-e 's/\$${\SERVER_PRIVATE_KEY}/'$$(sed -e 's/\//\\\//g' "$(SERVER_KEY)")'/g' \
+		> "$@"
+
+%.client: $(CLIENT_TPL) $(SERVER_CLIENT_TPL) \
+		$(CLIENT_DIR)/%_id $(CLIENT_DIR)/%_id.pub \
+		$(SERVER_CONF) $(SERVER_PUBLIC_KEY)
+	@ mkdir -p $(CLIENT_DIR)
+	cat "$<" \
+		| sed \
+			-e 's/\$${\DNS}/$(DNS)/g' \
+			-e 's/\$${\ENDPOINT}/$(ENDPOINT)/g' \
+			-e 's/\$${\ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
+			-e 's/\$${\ALLOWED_IPS}/$(subst /,\/,$(ALLOWED_IPS))/g' \
+			-e 's/\$${\CLIENT_IP}/$(subst /,\/,$(CLIENT_IP))/g' \
+			-e 's/\$${\CLIENT_PRIVATE_KEY}/'$$(sed -e 's/\//\\\//g' "$(CLIENT_DIR)/$*_id")'/g' \
+			-e 's/\$${\SERVER_PUBLIC_KEY}/'$$(sed -e 's/\//\\\//g' "$(SERVER_PUBLIC_KEY)")'/g' \
+		> "$(CLIENT_DIR)/$*.conf"
+	cat "$(SERVER_CLIENT_TPL)" \
+		| sed \
+			-e 's/\$${\CLIENT_IP}/$(subst /,\/,$(CLIENT_IP))/g' \
+			-e 's/\$${\ENDPOINT}/$(ENDPOINT)/g' \
+			-e 's/\$${\ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
+			-e 's/\$${\CLIENT_PUBLIC_KEY}/'$$(sed -e 's/\//\\\//g' "$(CLIENT_DIR)/$*_id.pub")'/g' \
+			-e 's/\$${\SERVER_PUBLIC_KEY}/'$$(sed -e 's/\//\\\//g' "$(SERVER_PUBLIC_KEY)")'/g' \
+		>> "$(SERVER_CONF)"
+
+
+
+server: $(SERVER_CONF)
+
+
+