miaou
/
miaou-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

passthrough ok

main
pvincent 3 weeks ago
parent
bcaab103ea
commit
97139919fb
6 changed files with 123 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      .gitignore
  2. 78
      lib/registrar/ovh-domain.sh
  3. 34
      lib/registrar/ovh-me.sh
  4. 2
      scripts/lxc-miaou-create
  5. 16
      scripts/miaou
  6. 3
      templates/nftables/lxd.table.j2

2
.gitignore
View File

@ -0,0 +1,2 @@
lib/registrar/.ovh-credential.sh
lib/registrar/.ovh-credential

78
lib/registrar/ovh-domain.sh
View File

@ -0,0 +1,78 @@
#!/bin/bash
# GET DOMAIN : https://eu.api.ovh.com/createToken/?GET=/domain*&POST=/domain*&PUT=/domain*&DELETE=/domain*
function set_base {
BASE_URL="https://eu.api.ovh.com/1.0"
source ./.ovh-credential
}
function build_url_list_records {
zone="$1"
result="${BASE_URL}/domain/zone/$zone/record"
fieldType="${2:-}"
subDomain="${3:-}"
any="$fieldType$subDomain"
[[ -n $any ]] && result+="?"
[[ -n $fieldType ]] && result+="fieldType=$fieldType&"
[[ -n $subDomain ]] && result+="subDomain=$subDomain&"
result=${result::-1}
echo "$result"
}
function list_records {
zone="$1"
fieldType="${2:-}"
subDomain="${3:-}"
query=$(build_url_list_records "$zone" "$fieldType" "$subDomain")
method="GET"
body=""
tstamp=$(date +%s)
sha=$(echo -n "$AS+$CK+$method+$query+$body+$tstamp" | shasum | cut -d ' ' -f 1)
signature="\$1\$$sha"
curl -s \
-X $method \
-H "Content-type: application/json" \
-H "X-Ovh-Application: $AK" \
-H "X-Ovh-Consumer: $CK" \
-H "X-Ovh-Signature: $signature" \
-H "X-Ovh-Timestamp: $tstamp" \
"$query" | yq .[] # values of array
}
function get_record {
zone="$1"
record="$2"
method="GET"
query="${BASE_URL}/domain/zone/$zone/record/$record"
body=""
tstamp=$(date +%s)
sha=$(echo -n "$AS+$CK+$method+$query+$body+$tstamp" | shasum | cut -d ' ' -f 1)
signature="\$1\$$sha"
curl -s \
-X $method \
-H "Content-type: application/json" \
-H "X-Ovh-Application: $AK" \
-H "X-Ovh-Consumer: $CK" \
-H "X-Ovh-Signature: $signature" \
-H "X-Ovh-Timestamp: $tstamp" \
"$query" | yq -o=props
}
##-----------
## -- MAIN --
##-----------
. "$MIAOU_BASEDIR/lib/init.sh"
set_base
for i in $(list_records "$1" CNAME "$2"); do
get_record "$1" "$i"
done

34
lib/registrar/ovh-me.sh
View File

@ -0,0 +1,34 @@
#!/bin/bash
# GET DOMAIN : https://eu.api.ovh.com/createToken/?GET=/me*&POST=/me*&PUT=/me*&DELETE=/me*
function set_base {
BASE_URL="https://eu.api.ovh.com/1.0"
source ./.ovh-credential
}
function get_me {
local method query body tstamp sha signature
method="GET"
query="${BASE_URL}/me"
body=""
tstamp=$(date +%s)
sha=$(echo -n "$AS+$CK+$method+$query+$body+$tstamp" | shasum | cut -d ' ' -f 1)
signature="\$1\$$sha"
curl -s \
-X $method \
-H "Content-type: application/json" \
-H "X-Ovh-Application: $AK" \
-H "X-Ovh-Consumer: $CK" \
-H "X-Ovh-Signature: $signature" \
-H "X-Ovh-Timestamp: $tstamp" \
"$query" | yq -P
}
. "$MIAOU_BASEDIR/lib/init.sh"
set_base
get_me

2
scripts/lxc-miaou-create
View File

@ -59,7 +59,7 @@ function create() {
packages_string=$(join ', ' "${packages[@]}")
timezone=$(cat /etc/timezone)
debian_repo=$(cat /etc/apt/sources.list | head -n1 | cut -d '/' -f3)
debian_repo=$(grep ^deb /etc/apt/sources.list | head -n1 | cut -d '/' -f3)
user_data="$(
cat <<EOF

16
scripts/miaou
View File

@ -463,23 +463,21 @@ if containsElement options "config"; then
fi
fi
DMZ_CONTAINER=$(get_unique_container_dmz)
DMZ_IP=$(get_dmz_ip)
readonly DMZ_IP DMZ_CONTAINER
if check_expand_conf; then
archive_allconf
expand_conf
check_resolv_conf
build_nftables
prepare_containers
DMZ_CONTAINER=$(get_unique_container_dmz)
readonly DMZ_CONTAINER
build_services
DMZ_IP=$(get_dmz_ip)
readonly DMZ_IP
build_dmz_reverseproxy
build_routes
build_monit
else
build_routes
monit_show
fi
monit_show

3
templates/nftables/lxd.table.j2
View File

@ -4,8 +4,7 @@ table inet lxd {
{%- if target != 'prod' %}
# BLOCK SMTP PORTS
tcp dport { 25, 465, 587 } ip saddr {{ firewall.bridge_subnet }} {%- if firewall.container_mail_passthrough %} ip saddr
!= {{ env.ip_mail_passthrough }} {% endif %} log prefix "Drop SMTP away from container: " drop
tcp dport { 25, 465, 587 } ip saddr {{ firewall.bridge_subnet }} {%- if firewall.container_mail_passthrough %} ip saddr != {{ env.ip_mail_passthrough }} {% endif %} log prefix "Drop SMTP away from container: " drop
{% endif -%}
ip saddr {{ firewall.bridge_subnet }} ip daddr != {{ firewall.bridge_subnet }} masquerade

Write Preview
Loading…
Cancel
Save