tweaks...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>

config.global.example

@@ -0,0 +1,17 @@
+#
+# Setting an option here will disable its interactive dialog. prefixing 
+# an option (except for ROOTPASS) with "DFL_" will set the default value 
+# and show the dialog enabling the user to tweak/confirm the value.
+#
+
+DFL_EMAIL=user@example.com
+DFL_DOMAIN=example.com
+DFL_WAN_IP=192.168.1.101/24
+DFL_WAN_GATE=192.168.1.252
+
+DFL_WAN_BRIDGE=2
+DFL_LAN_BRIDGE=0
+DFL_ADMIN_BRIDGE=1
+
+DFL_PCT_EXTRA=
+

gate-traefik/make.sh

@@ -6,29 +6,35 @@ source ../.pct-helpers
 
 #----------------------------------------------------------------------
 
-UPDATE_ON_LAN=1
-TIMEOUT=5
-TMP_PASS_LEN=32
+[ -e ../config.global ] \
+	&& source ../config.global
 
-TEMPLATE_DIR=templates
-ASSETS_DIR=assets
+[ -e ./config ] \
+	&& source ./config
+
+
+#----------------------------------------------------------------------
+
+TEMPLATE_DIR=${TEMPLATE_DIR:=templates}
+ASSETS_DIR=${ASSETS_DIR:=assets}
 
-# EMAIL=
-# DOMAIN=
-# ID=
-# CTHOSTNAME=
-# WAN_IP=
-# WAN_GATE=
 # ROOTPASS=
+TMP_PASS_LEN=${TMP_PASS_LEN:=32}
 
-DFL_EMAIL=user@example.com
-DFL_DOMAIN=example.com
-DFL_ID=500
-DFL_CTHOSTNAME=gate-test
-DFL_WAN_IP=192.168.1.101/24
-DFL_WAN_GATE=192.168.1.252
+DFL_EMAIL=${DFL_EMAIL:=user@example.com}
+DFL_DOMAIN=${DFL_DOMAIN:=example.com}
+DFL_ID=${DFL_ID:=500}
+DFL_CTHOSTNAME=${DFL_CTHOSTNAME:=gate-test}
+DFL_WAN_IP=${DFL_WAN_IP:=192.168.1.101/24}
+DFL_WAN_GATE=${DFL_WAN_GATE:=192.168.1.252}
 
-TMP_PASS=$(cat /dev/urandom | base64 | head -c ${TMP_PASS_LEN:=32})
+DFL_WAN_BRIDGE=${DFL_WAN_BRIDGE:=2}
+DFL_LAN_BRIDGE=${DFL_LAN_BRIDGE:=0}
+DFL_ADMIN_BRIDGE=${DFL_ADMIN_BRIDGE:=1}
+
+DFL_PCT_EXTRA=${DFL_PCT_EXTRA:=}
+
+REBOOT=${REBOOT:=1}
 
 
 #----------------------------------------------------------------------
@@ -43,10 +49,20 @@ DOMAIN=${DOMAIN:=$DFL_DOMAIN}
 	&& read -ep "ID: " -i "$DFL_ID" ID
 [ -z $CTHOSTNAME ] \
 	&& read -ep "Hostname: " -i "$DFL_CTHOSTNAME" CTHOSTNAME
+# bridge config...
+[ -z $WAN_BRIDGE ] \
+	&& read -ep "WAN bridge: vmbr" -i "$DFL_WAN_BRIDGE" WAN_BRIDGE
+[ -z $LAN_BRIDGE ] \
+	&& read -ep "LAN bridge: vmbr" -i "$DFL_LAN_BRIDGE" LAN_BRIDGE
+[ -z $ADMIN_BRIDGE ] \
+	&& read -ep "ADMIN bridge: vmbr" -i "$DFL_ADMIN_BRIDGE" ADMIN_BRIDGE
+# wan...
 [ -z $WAN_IP ] \
 	&& read -ep "WAN ip: " -i "$DFL_WAN_IP" WAN_IP
 [ -z $WAN_GATE ] \
 	&& read -ep "WAN gateway: " -i "$DFL_WAN_GATE" WAN_GATE
+# root password...
+TMP_PASS=$(cat /dev/urandom | base64 | head -c ${TMP_PASS_LEN:=32})
 if [ -z $ROOTPASS ] ; then
 	read -sep "root password (Enter to skip): " PASS1
 	echo
@@ -62,6 +78,32 @@ if [ -z $ROOTPASS ] ; then
 else
 	PASS=$ROOTPASS
 fi
+# extra stuff...
+[ -z $PCT_EXTRA ] \
+	&& read -ep "pct extra options: " -i "$DFL_PCT_EXTRA" PCT_EXTRA
+
+
+#----------------------------------------------------------------------
+
+TEMPLATE=($(ls /var/lib/vz/template/cache/alpine-3.18*.tar.xz))
+
+OPTS_STAGE_1="\
+	--hostname $CTHOSTNAME \
+	--memory 128 \
+	--swap 128 \
+	--net0 name=lan,bridge=vmbr${LAN_BRIDGE},firewall=1,ip=dhcp,type=veth \
+	--net1 name=admin,bridge=vmbr${ADMIN_BRIDGE},firewall=1,type=veth \
+	--storage local-lvm \
+	--rootfs local-lvm:0.5 \
+	--unprivileged 1 \
+	${PCT_EXTRA} \
+"
+
+OPTS_STAGE_2="\
+	--net2 name=wan,bridge=vmbr${WAN_BRIDGE},firewall=1${WAN_GATE:+,gw=${WAN_GATE}}${WAN_IP:+,ip=${WAN_IP}},type=veth \
+	--startup order=80 \
+	--onboot 1 \
+"
 
 
 #----------------------------------------------------------------------
@@ -71,6 +113,8 @@ TEMPLATES=($(find "$TEMPLATE_DIR" -type f))
 for file in "${TEMPLATES[@]}" ; do
 	file=${file#${TEMPLATE_DIR}}
 	echo Generating: ${file}...
+	# ensure the directory exists...
+	mkdir -p "$(dirname "${ASSETS_DIR}/${file}")"
 	cat "${TEMPLATE_DIR}/${file}" \
 		| sed \
 			-e 's/\${EMAIL}/'$EMAIL'/' \
@@ -85,44 +129,16 @@ done
 #----------------------------------------------------------------------
 
 echo Creating CT...
-
-TEMPLATE=($(ls /var/lib/vz/template/cache/alpine-3.18*.tar.xz))
-
 # NOTE: we are not setting the password here to avoid printing it to the terminal...
 @ pct create $ID \
 	${TEMPLATE[-1]} \
-	--hostname $CTHOSTNAME \
-	--memory 128 \
-	--swap 128 \
-	--net0 name=lan,bridge=vmbr0,firewall=1,ip=dhcp,type=veth \
-	--net1 name=admin,bridge=vmbr1,firewall=1,type=veth \
-	--net2 name=wan,bridge=vmbr2,firewall=1${WAN_GATE:+,gw=${WAN_GATE}}${WAN_IP:+,ip=${WAN_IP}},type=veth \
-	--storage local-lvm \
-	--rootfs local-lvm:0.5 \
-	--unprivileged 1 \
+	${OPTS_STAGE_1} \
 	--password="$TMP_PASS" \
 	--start 1 \
 || exit 1
 
-
-# wait for network to initialize...
-sleep $TIMEOUT
-if [ $UPDATE_ON_LAN ] ; then
-	tries=5
-	while ! @ lxc-attach $ID ifdown wan 2> /dev/null ; do
-		tries=$(( tries - 1 ))
-		if [[ $tries == "0" ]] ; then
-			echo Giving up.
-			break
-		fi
-		echo Waiting for networking to start...
-		sleep $TIMEOUT
-	done
-fi
-
-
-echo Setting root password...
 if [ $PASS ] ; then
+	echo Setting root password...
 	echo "root:$PASS" \
 		| @ lxc-attach $ID chpasswd
 fi
@@ -147,13 +163,17 @@ echo Setup: iptables...
 @ lxc-attach $ID rc-service iptables save
 @ lxc-attach $ID rc-service iptables start
 
+echo "Post config..."
+[ "$OPTS_STAGE_2" ] \
+	&& @ pct set $ID \
+		${OPTS_STAGE_2}
 
-[ $UPDATE_ON_LAN ] \
-	&& @ lxc-attach $ID ifup wan
-
+[ "$REBOOT" ] \
+	&& @ pct reboot $ID
 
 echo Done.
 
 
+
 #----------------------------------------------------------------------
 # vim:set ts=4 sw=4 :

gate-traefik/templates/etc/network/interfaces

@@ -18,7 +18,7 @@ iface wan inet static
 
 auto br0
 iface br0 inet stattic
-	post-up echo 1 > /proc/sys/net/ipv4/ip_forward
+	pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
 	pre-up brctl addbr br0
 
 	bridge-ports lan wan