config.global.example

@@ -1,17 +0,0 @@
-#
-# Setting an option here will disable its interactive dialog. prefixing 
-# an option (except for ROOTPASS) with "DFL_" will set the default value 
-# and show the dialog enabling the user to tweak/confirm the value.
-#
-
-DFL_EMAIL=user@example.com
-DFL_DOMAIN=example.com
-DFL_WAN_IP=192.168.1.101/24
-DFL_WAN_GATE=192.168.1.252
-
-DFL_WAN_BRIDGE=2
-DFL_LAN_BRIDGE=0
-DFL_ADMIN_BRIDGE=1
-
-DFL_PCT_EXTRA=
-

gate-traefik/make.sh

@@ -6,35 +6,29 @@ source ../.pct-helpers
 
 #----------------------------------------------------------------------
 
-[ -e ../config.global ] \
-	&& source ../config.global
+UPDATE_ON_LAN=1
+TIMEOUT=5
+TMP_PASS_LEN=32
 
-[ -e ./config ] \
-	&& source ./config
-
-
-#----------------------------------------------------------------------
-
-TEMPLATE_DIR=${TEMPLATE_DIR:=templates}
-ASSETS_DIR=${ASSETS_DIR:=assets}
+TEMPLATE_DIR=templates
+ASSETS_DIR=assets
 
+# EMAIL=
+# DOMAIN=
+# ID=
+# CTHOSTNAME=
+# WAN_IP=
+# WAN_GATE=
 # ROOTPASS=
-TMP_PASS_LEN=${TMP_PASS_LEN:=32}
 
-DFL_EMAIL=${DFL_EMAIL:=user@example.com}
-DFL_DOMAIN=${DFL_DOMAIN:=example.com}
-DFL_ID=${DFL_ID:=500}
-DFL_CTHOSTNAME=${DFL_CTHOSTNAME:=gate-test}
-DFL_WAN_IP=${DFL_WAN_IP:=192.168.1.101/24}
-DFL_WAN_GATE=${DFL_WAN_GATE:=192.168.1.252}
+DFL_EMAIL=user@example.com
+DFL_DOMAIN=example.com
+DFL_ID=500
+DFL_CTHOSTNAME=gate-test
+DFL_WAN_IP=192.168.1.101/24
+DFL_WAN_GATE=192.168.1.252
 
-DFL_WAN_BRIDGE=${DFL_WAN_BRIDGE:=2}
-DFL_LAN_BRIDGE=${DFL_LAN_BRIDGE:=0}
-DFL_ADMIN_BRIDGE=${DFL_ADMIN_BRIDGE:=1}
-
-DFL_PCT_EXTRA=${DFL_PCT_EXTRA:=}
-
-REBOOT=${REBOOT:=1}
+TMP_PASS=$(cat /dev/urandom | base64 | head -c ${TMP_PASS_LEN:=32})
 
 
 #----------------------------------------------------------------------
@@ -49,20 +43,10 @@ DOMAIN=${DOMAIN:=$DFL_DOMAIN}
 	&& read -ep "ID: " -i "$DFL_ID" ID
 [ -z $CTHOSTNAME ] \
 	&& read -ep "Hostname: " -i "$DFL_CTHOSTNAME" CTHOSTNAME
-# bridge config...
-[ -z $WAN_BRIDGE ] \
-	&& read -ep "WAN bridge: vmbr" -i "$DFL_WAN_BRIDGE" WAN_BRIDGE
-[ -z $LAN_BRIDGE ] \
-	&& read -ep "LAN bridge: vmbr" -i "$DFL_LAN_BRIDGE" LAN_BRIDGE
-[ -z $ADMIN_BRIDGE ] \
-	&& read -ep "ADMIN bridge: vmbr" -i "$DFL_ADMIN_BRIDGE" ADMIN_BRIDGE
-# wan...
 [ -z $WAN_IP ] \
 	&& read -ep "WAN ip: " -i "$DFL_WAN_IP" WAN_IP
 [ -z $WAN_GATE ] \
 	&& read -ep "WAN gateway: " -i "$DFL_WAN_GATE" WAN_GATE
-# root password...
-TMP_PASS=$(cat /dev/urandom | base64 | head -c ${TMP_PASS_LEN:=32})
 if [ -z $ROOTPASS ] ; then
 	read -sep "root password (Enter to skip): " PASS1
 	echo
@@ -78,32 +62,6 @@ if [ -z $ROOTPASS ] ; then
 else
 	PASS=$ROOTPASS
 fi
-# extra stuff...
-[ -z $PCT_EXTRA ] \
-	&& read -ep "pct extra options: " -i "$DFL_PCT_EXTRA" PCT_EXTRA
-
-
-#----------------------------------------------------------------------
-
-TEMPLATE=($(ls /var/lib/vz/template/cache/alpine-3.18*.tar.xz))
-
-OPTS_STAGE_1="\
-	--hostname $CTHOSTNAME \
-	--memory 128 \
-	--swap 128 \
-	--net0 name=lan,bridge=vmbr${LAN_BRIDGE},firewall=1,ip=dhcp,type=veth \
-	--net1 name=admin,bridge=vmbr${ADMIN_BRIDGE},firewall=1,type=veth \
-	--storage local-lvm \
-	--rootfs local-lvm:0.5 \
-	--unprivileged 1 \
-	${PCT_EXTRA} \
-"
-
-OPTS_STAGE_2="\
-	--net2 name=wan,bridge=vmbr${WAN_BRIDGE},firewall=1${WAN_GATE:+,gw=${WAN_GATE}}${WAN_IP:+,ip=${WAN_IP}},type=veth \
-	--startup order=80 \
-	--onboot 1 \
-"
 
 
 #----------------------------------------------------------------------
@@ -113,8 +71,6 @@ TEMPLATES=($(find "$TEMPLATE_DIR" -type f))
 for file in "${TEMPLATES[@]}" ; do
 	file=${file#${TEMPLATE_DIR}}
 	echo Generating: ${file}...
-	# ensure the directory exists...
-	mkdir -p "$(dirname "${ASSETS_DIR}/${file}")"
 	cat "${TEMPLATE_DIR}/${file}" \
 		| sed \
 			-e 's/\${EMAIL}/'$EMAIL'/' \
@@ -129,16 +85,44 @@ done
 #----------------------------------------------------------------------
 
 echo Creating CT...
+
+TEMPLATE=($(ls /var/lib/vz/template/cache/alpine-3.18*.tar.xz))
+
 # NOTE: we are not setting the password here to avoid printing it to the terminal...
 @ pct create $ID \
 	${TEMPLATE[-1]} \
-	${OPTS_STAGE_1} \
+	--hostname $CTHOSTNAME \
+	--memory 128 \
+	--swap 128 \
+	--net0 name=lan,bridge=vmbr0,firewall=1,ip=dhcp,type=veth \
+	--net1 name=admin,bridge=vmbr1,firewall=1,type=veth \
+	--net2 name=wan,bridge=vmbr2,firewall=1${WAN_GATE:+,gw=${WAN_GATE}}${WAN_IP:+,ip=${WAN_IP}},type=veth \
+	--storage local-lvm \
+	--rootfs local-lvm:0.5 \
+	--unprivileged 1 \
 	--password="$TMP_PASS" \
 	--start 1 \
 || exit 1
 
+
+# wait for network to initialize...
+sleep $TIMEOUT
+if [ $UPDATE_ON_LAN ] ; then
+	tries=5
+	while ! @ lxc-attach $ID ifdown wan 2> /dev/null ; do
+		tries=$(( tries - 1 ))
+		if [[ $tries == "0" ]] ; then
+			echo Giving up.
+			break
+		fi
+		echo Waiting for networking to start...
+		sleep $TIMEOUT
+	done
+fi
+
+
+echo Setting root password...
 if [ $PASS ] ; then
-	echo Setting root password...
 	echo "root:$PASS" \
 		| @ lxc-attach $ID chpasswd
 fi
@@ -163,17 +147,13 @@ echo Setup: iptables...
 @ lxc-attach $ID rc-service iptables save
 @ lxc-attach $ID rc-service iptables start
 
-echo "Post config..."
-[ "$OPTS_STAGE_2" ] \
-	&& @ pct set $ID \
-		${OPTS_STAGE_2}
 
-[ "$REBOOT" ] \
-	&& @ pct reboot $ID
+[ $UPDATE_ON_LAN ] \
+	&& @ lxc-attach $ID ifup wan
+
 
 echo Done.
 
 
-
 #----------------------------------------------------------------------
 # vim:set ts=4 sw=4 :

gate-traefik/templates/etc/network/interfaces

@@ -18,7 +18,7 @@ iface wan inet static
 
 auto br0
 iface br0 inet stattic
-	pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
+	post-up echo 1 > /proc/sys/net/ipv4/ip_forward
 	pre-up brctl addbr br0
 
 	bridge-ports lan wan