|
@ -177,12 +177,63 @@ function build_routes() { |
|
|
builtin echo -e "$raw_dnsmasq" | lxc network set $BRIDGE raw.dnsmasq - |
|
|
builtin echo -e "$raw_dnsmasq" | lxc network set $BRIDGE raw.dnsmasq - |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
function build_dmz_certbot { |
|
|
|
|
|
PREFIX="miaou:dmz:certbot" |
|
|
|
|
|
|
|
|
|
|
|
# FIXME: to remove |
|
|
|
|
|
# if [[ "$target" != dev ]]; then |
|
|
|
|
|
if [[ "$target" == dev ]]; then |
|
|
|
|
|
|
|
|
|
|
|
#TODO: check public ip available |
|
|
|
|
|
my_ip=$(dig +short myip.opendns.com @resolver1.opendns.com) |
|
|
|
|
|
if hostname -I | grep -q ${my_ip}; then |
|
|
|
|
|
echo "My PUBLIC IP address is: <$my_ip>" |
|
|
|
|
|
else |
|
|
|
|
|
echoerr "This machine can not respond to its PUBLIC IP address: <$my_ip>" #FIXME: && exit 100 |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
default_registrar=$(yqm '.registrar.default') |
|
|
|
|
|
[[ $default_registrar != 'OVH' ]] && echoerr "Sorry, no OVH registrar detected, please provide other registrar protocol" && exit 101 |
|
|
|
|
|
|
|
|
|
|
|
readarray -t services < <(yqmt '.expanded.services[] | [ .domain, .fqdn ]') |
|
|
|
|
|
for service in "${services[@]}"; do |
|
|
|
|
|
read -r -a item <<<"$service" |
|
|
|
|
|
|
|
|
|
|
|
domain=${item[0]} |
|
|
|
|
|
fqdn=${item[1]} |
|
|
|
|
|
subDomain=${fqdn%.$domain} |
|
|
|
|
|
|
|
|
|
|
|
echo "TODO: fqdn=$fqdn, domain=$domain" |
|
|
|
|
|
local server_ip |
|
|
|
|
|
server_ip=$(dig +short A $fqdn) |
|
|
|
|
|
if [[ $server_ip == "$my_ip" ]]; then |
|
|
|
|
|
echo "CNAME <$fqdn> approved successfuly!" |
|
|
|
|
|
else |
|
|
|
|
|
if [[ -n $server_ip ]]; then |
|
|
|
|
|
local server_name |
|
|
|
|
|
server_name=$(dig +short CNAME "$fqdn") |
|
|
|
|
|
echowarn "CNAME <$fqdn> points to another server: <$server_name>" |
|
|
|
|
|
else |
|
|
|
|
|
echo TODO:REGISTRAR needed |
|
|
|
|
|
"$MIAOU_BASEDIR"/lib/registrar/ovh-domain.sh "$domain" "$subDomain" |
|
|
|
|
|
fi |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
done |
|
|
|
|
|
else |
|
|
|
|
|
echo "bypass certbot certificate generation due to target=<$target>" |
|
|
|
|
|
fi |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
function build_dmz_reverseproxy() { |
|
|
function build_dmz_reverseproxy() { |
|
|
PREFIX="miaou:build:dmz" |
|
|
|
|
|
echo -n "building configuration for nginx ... " |
|
|
|
|
|
|
|
|
PREFIX="miaou:dmz:nginx" |
|
|
|
|
|
|
|
|
|
|
|
echo -n "building default configuration for nginx ... " |
|
|
mkdir -p "$MIAOU_CONFIGDIR/nginx" |
|
|
mkdir -p "$MIAOU_CONFIGDIR/nginx" |
|
|
tera -t "$MIAOU_BASEDIR/templates/nginx/_default.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/_default" &>/dev/null |
|
|
tera -t "$MIAOU_BASEDIR/templates/nginx/_default.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/_default" &>/dev/null |
|
|
|
|
|
PREFIX="" echo OK |
|
|
|
|
|
|
|
|
|
|
|
echo -n "building hosts configuration for nginx ... " |
|
|
tera -t "$MIAOU_BASEDIR/templates/nginx/hosts.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/hosts" &>/dev/null |
|
|
tera -t "$MIAOU_BASEDIR/templates/nginx/hosts.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/hosts" &>/dev/null |
|
|
PREFIX="" echo OK |
|
|
PREFIX="" echo OK |
|
|
|
|
|
|
|
@ -190,17 +241,14 @@ function build_dmz_reverseproxy() { |
|
|
for f in "$MIAOU_CONFIGDIR"/nginx/*; do |
|
|
for f in "$MIAOU_CONFIGDIR"/nginx/*; do |
|
|
lxc file push --uid=0 --gid=0 "$f" "$DMZ_CONTAINER/etc/nginx/sites-available/" &>/dev/null |
|
|
lxc file push --uid=0 --gid=0 "$f" "$DMZ_CONTAINER/etc/nginx/sites-available/" &>/dev/null |
|
|
done |
|
|
done |
|
|
PREFIX="" echo OK |
|
|
|
|
|
|
|
|
|
|
|
cat <<EOF | PREFIX="miaou:build:dmz" lxc_exec "$DMZ_CONTAINER" |
|
|
cat <<EOF | PREFIX="miaou:build:dmz" lxc_exec "$DMZ_CONTAINER" |
|
|
cd /etc/nginx/sites-enabled/ |
|
|
cd /etc/nginx/sites-enabled/ |
|
|
for i in ../sites-available/*; do |
|
|
for i in ../sites-available/*; do |
|
|
# echo dmz: enabling... \$i |
|
|
|
|
|
ln -sf \$i |
|
|
ln -sf \$i |
|
|
done |
|
|
done |
|
|
nginx -tq |
|
|
|
|
|
systemctl restart nginx |
|
|
|
|
|
|
|
|
nginx -tq && systemctl restart nginx |
|
|
EOF |
|
|
EOF |
|
|
|
|
|
PREFIX="" echo OK |
|
|
echo "nginx reloaded successfully!" |
|
|
echo "nginx reloaded successfully!" |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
@ -489,15 +537,16 @@ DMZ_IP=$(get_dmz_ip) |
|
|
readonly DMZ_IP DMZ_CONTAINER |
|
|
readonly DMZ_IP DMZ_CONTAINER |
|
|
|
|
|
|
|
|
if check_expand_conf; then |
|
|
if check_expand_conf; then |
|
|
archive_allconf |
|
|
|
|
|
|
|
|
# archive_allconf |
|
|
expand_conf |
|
|
expand_conf |
|
|
check_resolv_conf |
|
|
|
|
|
build_nftables |
|
|
|
|
|
prepare_containers |
|
|
|
|
|
build_services |
|
|
|
|
|
build_dmz_reverseproxy |
|
|
|
|
|
build_routes |
|
|
|
|
|
build_monit |
|
|
|
|
|
|
|
|
# check_resolv_conf |
|
|
|
|
|
# build_nftables |
|
|
|
|
|
# prepare_containers |
|
|
|
|
|
# build_services |
|
|
|
|
|
build_dmz_certbot |
|
|
|
|
|
# build_dmz_reverseproxy |
|
|
|
|
|
# build_routes |
|
|
|
|
|
# build_monit |
|
|
else |
|
|
else |
|
|
monit_show |
|
|
monit_show |
|
|
fi |
|
|
fi |