ungleich-public/ungleich-learning-circle
6
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[cdist #6] create __my_firewall type

Browse source
This commit is contained in:
kjg 2020-05-15 23:58:20 +09:00
parent 93b1d1baa1
commit 292b617463
9 changed files with 95 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
kjg/dot-cdist/manifest/firewall Normal file
View file

@ -0,0 +1,10 @@
case "$__target_host" in
# Everybody has this
localhost)
__package nftables
require="__package/nftables" __my_firewall --file basic
;;
*)
__my_nginx
__my_nginx_site $__target_host #test
esac

5
kjg/dot-cdist/manifest/init
View file

@ -1,3 +1,7 @@
#!/bin/sh
sh -e "$__manifest/firewall"
case "$__target_host" in case "$__target_host" in
# Everybody has this # Everybody has this
localhost) localhost)
@ -10,3 +14,4 @@ case "$__target_host" in
__my_nginx __my_nginx
__my_nginx_site $__target_host #test __my_nginx_site $__target_host #test
esac esac

3
kjg/dot-cdist/type/__my_firewall/explorer/exists Normal file
View file

@ -0,0 +1,3 @@
#!/bin/sh
nft -V | grpe v* || true

3
kjg/dot-cdist/type/__my_firewall/explorer/nfrule Normal file
View file

@ -0,0 +1,3 @@
nft list ruleset

5
kjg/dot-cdist/type/__my_firewall/gencode-remote Normal file
View file

@ -0,0 +1,5 @@
#!/bin/sh -e
if [! -f echo "diff /etc/my-nftables /etc/readrule"]; then
echo "nft -f /etc/my-nftables"
fi

5
kjg/dot-cdist/type/__my_firewall/gencode-remote~ Normal file
View file

@ -0,0 +1,5 @@
#!/bin/sh -e
if [! -f echo "diff /etc/my-nftables /etc/readnfrule"]; then
echo "nft -f /etc/my-nftables"
fi

24
kjg/dot-cdist/type/__my_firewall/manifest Normal file
View file

@ -0,0 +1,24 @@
#!/bin/sh
os=$(cat "$__global/explorer/os")
nft_path="/etc/my-nftables"
if [ ! -f "$__global/explorer/exists" ];then
echo "crrently no nft" >&2
exit 1
fi
if ["-" -eq "$__object/parameter/file" ]; then
filename="$__object/stdin"
else
filename=($__object/parameter/file)
fi
__file ${nft_path} --mode 644 --source "$__type/files/${filename}"
if [ -f "$__global/explorer/nfrule" ]; then
echo "$__global/explorer//nfrule" > /etc/readrule
fi

40
kjg/dot-cdist/type/__my_firewall/manifest~ Normal file
View file

@ -0,0 +1,40 @@
#!/bin/sh
os=$(cat "$__global/explorer/os")
nft_path="/etc/my-nftables"
case "$os" in
alpine)
os_pkgs="netcat-openbsd and tshark"
;;
debian|devuan)
os_pkgs="netcat tshark"
;;
fedora)
os_pkgs="nmap-ncat wireshark-cli"
;;
*)
echo "OS $os currently not supported" >&2
exit 1
;;
esac
if [ ! -f "$__global/explorer/exists" ];then
echo "crrently no nft" >&2
exit 1
fi
if ["-" -eq "$__object/parameter/file" ]; then
filename="$__object/stdin"
else
filename=($__object/parameter/file)
fi
__file ${nft_path} --mode 644 --source "$__type/files/${filename}"
if [ -f "$__global/explorer/nfrule" ]; then
echo "$__global/explorer//nfrule" > /etc/readrule
fi

0
kjg/dot-cdist/type/__my_firewall/singleton Normal file
View file