firewall.table detect dev windowmanager samba

README.md

@@ -8,15 +8,6 @@ provisioning tool for building opinionated architecture following these principl
 * secured: NFT
 * monitored: MONIT
 
-TODO
-----
-
-* [ ] backup postgresql missing out on **saturday**
-* [ ] TOOLBOOX/nc (binary)
-* [ ] final ansible-like indicators: same/new
-* [ ] patched editor (backup+editor+diff+patch)
-* [ ] to improve log journal for each `recipe` (apache, for example) in order to shorten disk space
-
 ORIGIN
 ------
 

TODO.md

@@ -0,0 +1,14 @@
+TODO
+====
+
+* [ ] backup postgresql missing out on **saturday**
+* [ ] TOOLBOOX/nc (binary)
+* [ ] final ansible-like indicators: same/new
+* [ ] patched editor (backup+editor+diff+patch)
+* [ ] to improve log journal for each `recipe` (apache, for example) in order to shorten disk space
+
+
+DONE
+
+* [x] detect running on window-manager desktop
+  * [x] `command -v xprop`

lib/functions.sh

@@ -112,14 +112,26 @@ function prepare_nftables() {
     fi
 
     current_target="${TARGET:-not_defined_yet}"
+    desktop=false
+    samba=false
     if [[ $current_target == not_defined_yet ]]; then
         echo -n "generating new firewall table first time... "
     else
-        echo -n "generating new firewall table according to target=<${current_target}>... "
+        if [[ $current_target == 'dev' ]]; then
+            if exist_command 'xprop'; then
+                desktop=true
+            fi
+            if exist_command 'smbstatus'; then
+                samba=true
+            fi
+            echo -n "generating new firewall table according to target=<${current_target}>, desktop=<$desktop>, samba=<$samba> ..."
+        else
+            echo -n "generating new firewall table according to target=<${current_target}>..."
+        fi
     fi
-    sudo env target="$current_target" tera -e --env-only --env-key env -t "$MIAOU_BASEDIR/templates/nftables/firewall.table.j2" -o /etc/nftables.rules.d/firewall.table &>/dev/null
+    sudo env target="$current_target" desktop="$desktop" samba="$samba" tera -e --env-only --env-key env -t "$MIAOU_BASEDIR/templates/nftables/firewall.table.j2" -o /etc/nftables.rules.d/firewall.table &>/dev/null
     sudo systemctl reload nftables
-    echo "OK"
+    PREFIX="" echoinfo "DONE"
 
 }
 
@@ -196,7 +208,7 @@ function trap_error() {
 # test all commands exist, else fail
 function exist_command() {
     for i in "$@"; do
-        command -v "$i" &>/dev/null || return 50
+        command -v "$i" >/dev/null || return 50
     done
 }
 

templates/nftables/firewall.table.j2

@@ -17,15 +17,23 @@ table inet firewall {
         tcp dport {22, 2222, 80, 443} accept
         
         {%- if env.target == 'dev' %}
-        
+            {%- if env.desktop == 'true' %}
+
+        # DESKTOP RULES BELOW
+        # -------------------
+
         # allow mDNS
         udp dport mdns accept
 
+                {%- if env.samba == 'true' %}
+
         # allow SAMBA
         udp dport netbios-ns accept comment "Accept NetBIOS Name Service (nmbd)"
         udp dport netbios-dgm accept comment "Accept NetBIOS Datagram Service (nmbd)"
         tcp dport netbios-ssn accept comment "Accept NetBIOS Session Service (smbd)"
         tcp dport microsoft-ds accept comment "Accept Microsoft Directory Service (smbd)"       
+                {%- endif %}
+            {%- endif %}
         {%- endif %}
     }