2025-12-26 05:12:06 +00:00
6 changed files with 5 additions and 108 deletions
--- a/.pct-helpers
+++ b/.pct-helpers
@ -221,7 +221,6 @@ xread(){
 #
 #	xreadYes MSG VAR
 #
 # XXX make VAR optional...
 xreadYes(){
 	# XXX check DFL_..???
 	if [[ "${!2}" == "SKIP" ]] ; then
@ -253,10 +252,6 @@ xreadYes(){
 	fi
 	[ $SCRIPTING ] \
 		&& echo "$2=${!2}"
 	if [ -z ${!2} ] ; then
 		return 1
 	fi
 }
 #
--- a/host/make.sh
+++ b/host/make.sh
@ -1,52 +0,0 @@
 #!/usr/bin/bash
 #----------------------------------------------------------------------
 cd $(dirname $0)
 PATH=$PATH:$(dirname "$(pwd)")
 #----------------------------------------------------------------------
 source ../.pct-helpers
 #----------------------------------------------------------------------
 readConfig
 SOFTWARE=(
 	make
 	w3m links
 	qrencode
 	htop iftop iotop
 	tmux
 )
 #----------------------------------------------------------------------
 # Tools
 if xreadYes "# Update system?" UPDATE ; then
 	@ apt update
 	@ apt upgrade
 fi
 if xreadYes "# Install additional apps?" APPS ; then
 	@ apt install $(SOFTWARE[@])
 fi
 # Networking
 if xreadYes "# Create bridges?" BRIDGES ; then
 	echo
 fi
 # Firewall
 if xreadYes "# Update firewall rules?" FIREWALL ; then
 	@ cp --backup -i templates/etc/pve/firewall/cluster.fw /etc/pve/firewall/
 fi
 #----------------------------------------------------------------------
 # vim:set ts=4 sw=4 :
--- a/host/templates/pve/etc/firewall/cluster.fw
+++ b/host/templates/pve/etc/firewall/cluster.fw
@ -1,30 +0,0 @@
 [OPTIONS]
 enable: 1
 [IPSET management]
 [RULES]
 IN ACCEPT -i vmbr3 -log nolog # STUB
 IN REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp
 IN REJECT -i vmbr0 -p udp -dport 67 -sport 67 -log nolog # dhcp
 OUT REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp
 OUT REJECT -i vmbr0 -p udp -dport 67 -sport 67 -log nolog # dhcp
 IN DHCPfwd(REJECT) -i vmbr0 -log nolog
 OUT DHCPfwd(REJECT) -i vmbr0 -log nolog
 IN DNS(ACCEPT) -i vmbr0 -log nolog
 IN Ping(ACCEPT) -i vmbr0 -log nolog
 IN SSH(ACCEPT) -i vmbr0 -log nolog
 |IN OpenVPN(ACCEPT) -i vmbr0 -log nolog
 IN Web(ACCEPT) -i vmbr0 -log nolog
 IN ACCEPT -i vmbr0 -p udp -dport 22027 -log nolog # syncthing
 IN ACCEPT -i vmbr0 -p udp -dport 22000 -log nolog # syncthing
 IN ACCEPT -i vmbr0 -p tcp -dport 22000 -log nolog # syncthing
 IN SMB(ACCEPT) -i vmbr0 -log nolog
 IN Git(ACCEPT) -i vmbr0 -log nolog
 |IN Rsync(ACCEPT) -i vmbr0 -log nolog
 |IN REJECT -i vmbr0 -log nolog # ALL
 [group landings]
--- a/nextcloud/make.sh
+++ b/nextcloud/make.sh
@ -94,15 +94,12 @@ echo "# Updating config..."
 	sed -i \
 		-e \"/trusted_domains/i\\  'trusted_proxies' =>\\n  array (\\n    '${GATE_LAN_IP/\/*}\\/32',\\n  ),\" \
 		/var/www/nextcloud/config/config.php"
 # add self IP to trusted_domains -- enable setup from local network...
-# XXX is this actually needed???
+IP=$([ -z $DRY_RUN ] && lxc-attach $ID -- hostname -I)
-#IP=$([ -z $DRY_RUN ] && lxc-attach $ID -- hostname -I)
+@ lxc-attach $ID -- bash -c "\
-#@ lxc-attach $ID -- bash -c "\
+	sed -z -i \
-#	sed -z -i \
+		-e \"s/\\(trusted_domains[^)]*\\)/\\1  2 => '${IP/ *}',\\n  /\" \
-#		-e \"s/\\(trusted_domains[^)]*\\)/\\1  2 => '${IP/ *}',\\n  /\" \
+		/var/www/nextcloud/config/config.php"
 #		/var/www/nextcloud/config/config.php"
 # remove /index.php from urls...
 # for more info see:
 #	https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#pretty-urls
--- a/syncthing/fw/ID.fw
+++ b/syncthing/fw/ID.fw
@ -1,10 +0,0 @@
 [OPTIONS]
 enable: 1
 [RULES]
 IN ACCEPT -i net1 -log nolog
 IN HTTPS(DROP) -i net0 -log nolog
 IN HTTP(DROP) -i net0 -log nolog
--- a/syncthing/make.sh
+++ b/syncthing/make.sh
@ -77,9 +77,6 @@ sleep ${TIMEOUT:=5}
 		-e 's/127\.0\.0\.1:8384/0.0.0.0:8384/g' \
 		-i /var/lib/syncthing/.config/syncthing/config.xml
 echo "# Setup: firewall..."
@ cp --backup -i fw/ID.fw /etc/pve/firewall/$ID.fw
 echo "# Post config..."
 pctSet $ID "${OPTS_STAGE_2}" $REBOOT