diff --git a/bin/ncp/CONFIG/nc-nextcloud.sh b/bin/ncp/CONFIG/nc-nextcloud.sh index 4b9cf9de7..17333bd60 100644 --- a/bin/ncp/CONFIG/nc-nextcloud.sh +++ b/bin/ncp/CONFIG/nc-nextcloud.sh @@ -19,11 +19,9 @@ install() # During build, this step is run before ncp.sh. Avoid executing twice [[ -f /usr/lib/systemd/system/nc-provisioning.service ]] && return 0 - source /usr/local/etc/library.sh # sets PHPVER RELEASE - # Optional packets for Nextcloud and Apps apt-get update - $APTINSTALL lbzip2 iputils-ping jq + $APTINSTALL lbzip2 iputils-ping jq wget $APTINSTALL -t $RELEASE php-smbclient exfat-fuse exfat-utils # for external storage $APTINSTALL -t $RELEASE php${PHPVER}-exif # for gallery $APTINSTALL -t $RELEASE php${PHPVER}-gmp # for bookmarks @@ -56,6 +54,16 @@ install() echo "maxmemory $REDIS_MEM" >> $REDIS_CONF echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf + if is_lxc; then + # Otherwise it fails to start in Buster LXC container + mkdir -p /etc/systemd/system/redis-server.service.d + cat > /etc/systemd/system/redis-server.service.d/lxc_fix.conf <<'EOF' +[Service] +ReadOnlyDirectories= +EOF + systemctl daemon-reload + fi + chown redis: "$REDIS_CONF" usermod -a -G redis www-data diff --git a/bin/ncp/SYSTEM/nc-swapfile.sh b/bin/ncp/SYSTEM/nc-swapfile.sh index 48f8de7ce..c4ce3d4fc 100644 --- a/bin/ncp/SYSTEM/nc-swapfile.sh +++ b/bin/ncp/SYSTEM/nc-swapfile.sh @@ -47,8 +47,7 @@ configure() install() { - apt-get update - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends dphys-swapfile + apt_install dphys-swapfile } diff --git a/Vagrantfile b/build/Vagrantfile similarity index 96% rename from Vagrantfile rename to build/Vagrantfile index 7cb94facc..c924cf9e1 100644 --- a/Vagrantfile +++ b/build/Vagrantfile @@ -26,7 +26,7 @@ Vagrant.configure("2") do |config| BRANCH=master #BRANCH=devel # uncomment to install devel apt-get update - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends git + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends git ca-certificates # install git clone -b "$BRANCH" https://github.com/nextcloud/nextcloudpi.git /tmp/nextcloudpi diff --git a/armbian.sh b/build/armbian/armbian.sh similarity index 100% rename from armbian.sh rename to build/armbian/armbian.sh diff --git a/config-odroidc2.conf b/build/armbian/config-odroidc2.conf similarity index 100% rename from config-odroidc2.conf rename to build/armbian/config-odroidc2.conf diff --git a/config-odroidhc4.conf b/build/armbian/config-odroidhc4.conf similarity index 100% rename from config-odroidhc4.conf rename to build/armbian/config-odroidhc4.conf diff --git a/config-odroidxu4.conf b/build/armbian/config-odroidxu4.conf similarity index 100% rename from config-odroidxu4.conf rename to build/armbian/config-odroidxu4.conf diff --git a/config-orangepizeroplus2-h5.conf b/build/armbian/config-orangepizeroplus2-h5.conf similarity index 100% rename from config-orangepizeroplus2-h5.conf rename to build/armbian/config-orangepizeroplus2-h5.conf diff --git a/config-rock64.conf b/build/armbian/config-rock64.conf similarity index 100% rename from config-rock64.conf rename to build/armbian/config-rock64.conf diff --git a/batch.sh b/build/batch.sh similarity index 86% rename from batch.sh rename to build/batch.sh index 00749e099..82cdf7394 100755 --- a/batch.sh +++ b/build/batch.sh @@ -8,12 +8,9 @@ # set -e - -version=$(git describe --tags --always) -version=${version%-*-*} +source build/buildlib.sh # initializes $IMGNAME ## BUILDING -source buildlib.sh # initializes $IMGNAME [[ "$FTPPASS" == "" ]] && { echo -e "\e[1mNo FTPPASS variable found, FTP won't work.\nYou can ^C to cancel now\e[0m" @@ -29,27 +26,28 @@ sleep 5 rm -f ncp-web/wizard.cfg # Raspbian -./build-SD-rpi.sh +#build/build-SD-rpi.sh IMG="$( ls -1t tmp/*.img | head -1 )" -./build-SD-berryboot.sh "$IMG" +#build/build-SD-berryboot.sh "$IMG" # Armbian -./build-SD-armbian.sh odroidxu4 OdroidHC2 -./build-SD-armbian.sh rockpro64 RockPro64 -./build-SD-armbian.sh rock64 Rock64 -./build-SD-armbian.sh bananapi Bananapi -./build-SD-armbian.sh odroidhc4 OdroidHC4 -./build-SD-armbian.sh odroidc4 OdroidC4 -./build-SD-armbian.sh odroidc2 OdroidC2 -#./build-SD-armbian.sh orangepizeroplus2-h5 OrangePiZeroPlus2 +build/build-SD-armbian.sh odroidxu4 OdroidHC2 +exit 0 +build/build-SD-armbian.sh rockpro64 RockPro64 +build/build-SD-armbian.sh rock64 Rock64 +build/build-SD-armbian.sh bananapi Bananapi +build/build-SD-armbian.sh odroidhc4 OdroidHC4 +build/build-SD-armbian.sh odroidc4 OdroidC4 +build/build-SD-armbian.sh odroidc2 OdroidC2 +#build/build-SD-armbian.sh orangepizeroplus2-h5 OrangePiZeroPlus2 # VM -./build-VM.sh +build/build-VM.sh # Docker -./build-docker.sh x86 -./build-docker.sh armhf -./build-docker.sh arm64 +build/build-docker.sh x86 +build/build-docker.sh armhf +build/build-docker.sh arm64 [[ "$FTPPASS" == "" ]] && exit diff --git a/build/build-LXC.sh b/build/build-LXC.sh new file mode 100755 index 000000000..59493f3ff --- /dev/null +++ b/build/build-LXC.sh @@ -0,0 +1,72 @@ +#!/bin/bash + +# Batch creation of NextCloudPi LXC image +# +# Copyleft 2021 by Ignacio Nunez Hernanz +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# + +set -e +source build/buildlib.sh + +#CLEAN=0 # Pass this envvar to skip cleaning download cache +IMG="NextCloudPi_LXC_$( date "+%m-%d-%y" ).img" +IMG=tmp/"$IMG" + +TAR=output/"$( basename "$IMG" .img ).tar.bz2" + +test -f "$TAR" && { echo "$TAR already exists. Skipping... "; exit 0; } + +############################################################################## + +## preparations + +test -f "$TAR" && { echo "$TAR already exists. Skipping... "; exit 0; } +set -e +prepare_dirs # tmp cache output + +## BUILD NCP + +echo -e "\e[1m\n[ Build NCP ]\e[0m" + +# TODO sudo +sudo lxc-destroy ncp -f +sudo lxc-create -n ncp -t download -B btrfs -- --dist debian --release buster --arch amd64 # TODO vars for distro and stuff +sudo cp lxc_config /var/lib/lxc/ncp/config +sudo lxc-start -n ncp +sudo lxc-attach -n ncp --clear-env -- bash -c 'while [ "$(systemctl is-system-running 2>/dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done' +sudo lxc-attach -n ncp --clear-env -- bash /build/install.sh +sudo lxc-attach -n ncp --clear-env -- poweroff + +exit 0 # TODO + +## pack +pack_image "$IMG" "$TAR" + +## test +#set_static_IP "$IMG" "$IP" +#test_image "$IMG" "$IP" # TODO fix tests + +# upload +create_torrent "$TAR" +upload_ftp "$( basename "$TAR" .tar.bz2 )" + + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA diff --git a/build/build-LXD.sh b/build/build-LXD.sh new file mode 100755 index 000000000..87e679425 --- /dev/null +++ b/build/build-LXD.sh @@ -0,0 +1,74 @@ +#!/bin/bash + +# Batch creation of NextCloudPi LXD image +# +# Copyleft 2021 by Ignacio Nunez Hernanz +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# + +set -e +source build/buildlib.sh + +#CLEAN=0 # Pass this envvar to skip cleaning download cache +IMG="NextCloudPi_LXD_$( date "+%m-%d-%y" ).img" +IMG=tmp/"$IMG" + +TAR=output/"$( basename "$IMG" .img ).tar.bz2" + +test -f "$TAR" && { echo "$TAR already exists. Skipping... "; exit 0; } + +############################################################################## + +## preparations + +test -f "$TAR" && { echo "$TAR already exists. Skipping... "; exit 0; } +set -e +prepare_dirs # tmp cache output + +## BUILD NCP + +echo -e "\e[1m\n[ Build NCP ]\e[0m" + +lxc delete -f ncp +lxc launch images:debian/buster ncp -c security.privileged=true # TODO this is privileged +lxc config device add ncp buildcode disk source=`pwd` path=/build +lxc exec ncp -- bash -c 'while [ "$(systemctl is-system-running 2>/dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done' +lxc exec ncp -- bash -c 'CODE_DIR=/build bash /build/install.sh' +lxc config device remove ncp buildcode +lxc publish ncp -f --alias ncp:${version} +lxc export ncp "$TAR" + +# TODO set up auto testing + +exit 0 # TODO + +## pack +pack_image "$IMG" "$TAR" + +## test +#set_static_IP "$IMG" "$IP" +#test_image "$IMG" "$IP" # TODO fix tests + +# upload +create_torrent "$TAR" +upload_ftp "$( basename "$TAR" .tar.bz2 )" + + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA diff --git a/build-SD-armbian.sh b/build/build-SD-armbian.sh similarity index 95% rename from build-SD-armbian.sh rename to build/build-SD-armbian.sh index da1a19451..93069e533 100755 --- a/build-SD-armbian.sh +++ b/build/build-SD-armbian.sh @@ -17,10 +17,11 @@ IMG="NextCloudPi_${BNAME}_$( date "+%m-%d-%y" ).img" IMG=tmp/"$IMG" TAR=output/"$( basename "$IMG" .img ).tar.bz2" +set -e +source build/buildlib.sh + test -f "$TAR" && { echo "$TAR already exists. Skipping... "; exit 0; } -set -e -source buildlib.sh source etc/library.sh # sets RELEASE prepare_dirs # tmp cache output @@ -32,7 +33,7 @@ prepare_dirs # tmp cache output # add NCP modifications mkdir -p armbian/userpatches armbian/userpatches/overlay rm -f ncp-web/{wizard.cfg,ncp-web.cfg} -cp armbian.sh armbian/userpatches/customize-image.sh +cp build/armbian/armbian.sh armbian/userpatches/customize-image.sh rsync -Aax --delete --exclude-from .gitignore --exclude *.img --exclude *.bz2 . armbian/userpatches/overlay/ # GENERATE IMAGE diff --git a/build-SD-berryboot.sh b/build/build-SD-berryboot.sh similarity index 98% rename from build-SD-berryboot.sh rename to build/build-SD-berryboot.sh index 4857902d6..115ed9946 100755 --- a/build-SD-berryboot.sh +++ b/build/build-SD-berryboot.sh @@ -8,13 +8,13 @@ # Usage: ./build-SD-berryboot.sh # +set -e +source build/buildlib.sh + SRC="$1" IMG="NextCloudPi_RPi_Berryboot_$( date "+%m-%d-%y" ).img" TAR=output/"$( basename "$IMG" .img ).tar.bz2" -set -e -source buildlib.sh - test -f "$TAR" && { echo "$TAR already exists. Skipping... "; exit 0; } [[ -f "$SRC" ]] || { echo "$SRC not found"; exit 1; } diff --git a/build-SD-rpi.sh b/build/build-SD-rpi.sh similarity index 97% rename from build-SD-rpi.sh rename to build/build-SD-rpi.sh index 91e22e0a3..c2ecb50f7 100755 --- a/build-SD-rpi.sh +++ b/build/build-SD-rpi.sh @@ -9,7 +9,7 @@ # set -e -source buildlib.sh +source build/buildlib.sh URL="https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2020-08-24/2020-08-20-raspios-buster-arm64-lite.zip" SIZE=3G # Raspbian image size @@ -50,6 +50,9 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ # mark the image as an image build touch /.ncp-image + # allow oldstable + apt-get update --allow-releaseinfo-change + # As of 10-2018 this upgrades raspi-kernel and messes up wifi and BTRFS #apt-get upgrade -y #apt-get dist-upgrade -y diff --git a/build-VM.sh b/build/build-VM.sh similarity index 100% rename from build-VM.sh rename to build/build-VM.sh diff --git a/build-docker.sh b/build/build-docker.sh similarity index 97% rename from build-docker.sh rename to build/build-docker.sh index cd72dc067..d1462816f 100755 --- a/build-docker.sh +++ b/build/build-docker.sh @@ -6,8 +6,7 @@ set -e -version=$(git describe --tags --always) -version=${version%-*-*} +source build/buildlib.sh release=$(jq -r .release < etc/ncp.cfg) function docker_build() { DOCKER_BUILDKIT=1 docker build --progress=plain . "$@"; } diff --git a/buildlib.sh b/build/buildlib.sh similarity index 99% rename from buildlib.sh rename to build/buildlib.sh index d35079168..d589111f3 100644 --- a/buildlib.sh +++ b/build/buildlib.sh @@ -10,6 +10,9 @@ DBG=x +version=$(git describe --tags --always) +version=${version%-*-*} + # $IMG is the source image # $IP is the IP of the QEMU images # $IMGOUT will contain the name of the generated image diff --git a/docker-compose-ncpdev.yml b/build/docker-compose-ncpdev.yml similarity index 100% rename from docker-compose-ncpdev.yml rename to build/docker-compose-ncpdev.yml diff --git a/docker-compose.yml b/build/docker-compose.yml similarity index 100% rename from docker-compose.yml rename to build/docker-compose.yml diff --git a/docker/debian-ncp/Dockerfile b/build/docker/debian-ncp/Dockerfile similarity index 100% rename from docker/debian-ncp/Dockerfile rename to build/docker/debian-ncp/Dockerfile diff --git a/docker/debian-ncp/run-parts.sh b/build/docker/debian-ncp/run-parts.sh similarity index 100% rename from docker/debian-ncp/run-parts.sh rename to build/docker/debian-ncp/run-parts.sh diff --git a/docker/lamp/010lamp b/build/docker/lamp/010lamp similarity index 100% rename from docker/lamp/010lamp rename to build/docker/lamp/010lamp diff --git a/docker/lamp/Dockerfile b/build/docker/lamp/Dockerfile similarity index 100% rename from docker/lamp/Dockerfile rename to build/docker/lamp/Dockerfile diff --git a/docker/nextcloud/020nextcloud b/build/docker/nextcloud/020nextcloud similarity index 100% rename from docker/nextcloud/020nextcloud rename to build/docker/nextcloud/020nextcloud diff --git a/docker/nextcloud/Dockerfile b/build/docker/nextcloud/Dockerfile similarity index 100% rename from docker/nextcloud/Dockerfile rename to build/docker/nextcloud/Dockerfile diff --git a/docker/nextcloudpi/000ncp b/build/docker/nextcloudpi/000ncp similarity index 100% rename from docker/nextcloudpi/000ncp rename to build/docker/nextcloudpi/000ncp diff --git a/docker/nextcloudpi/Dockerfile b/build/docker/nextcloudpi/Dockerfile similarity index 100% rename from docker/nextcloudpi/Dockerfile rename to build/docker/nextcloudpi/Dockerfile diff --git a/build/lxc_config b/build/lxc_config new file mode 100644 index 000000000..59640994e --- /dev/null +++ b/build/lxc_config @@ -0,0 +1,31 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-download +# Parameters passed to the template: --dist debian --release buster --arch amd64 +# Template script checksum (SHA-1): 1ad14dde73ae69ed485f71e26793af87573947d4 +# For additional config options, please look at lxc.container.conf(5) + +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) + + +# Distribution configuration +lxc.include = /usr/share/lxc/config/common.conf +lxc.arch = linux64 + +# Container specific configuration +lxc.rootfs.path = btrfs:/var/lib/lxc/ncp/rootfs +lxc.uts.name = ncp + +# Network configuration +#lxc.net.0.type = empty +lxc.net.0.type = veth +lxc.net.0.link = lxcbr0 +lxc.net.0.flags = up +lxc.net.0.hwaddr = 00:16:3e:2d:5d:80 + +# Mounts +lxc.mount.entry = /media/DATA/src/nextcloudpi build none bind,create=dir 0 0 + +# Moar privileges (TODO review) +#lxc.apparmor.profile = unconfined +#lxc.cgroup2.devices.allow = a diff --git a/docker-compose-armhf.yml b/docker-compose-armhf.yml deleted file mode 100644 index 27e033cba..000000000 --- a/docker-compose-armhf.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: '3' -services: - nextcloudpi: - image: ownyourbits/nextcloudpi-armhf - command: "${IP}" - ports: - - "80:80" - - "443:443" - - "4443:4443" - volumes: - - ncdata:/data - - /etc/localtime:/etc/localtime:ro - container_name: nextcloudpi - -volumes: - ncdata: diff --git a/docker-compose-nc-armhf.yml b/docker-compose-nc-armhf.yml deleted file mode 100644 index 3ed6c7e18..000000000 --- a/docker-compose-nc-armhf.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: '3' -services: - nextcloud: - image: ownyourbits/nextcloud-armhf - command: "${IP}" - ports: - - "80:80" - - "443:443" - volumes: - - ncdata:/data - - /etc/localtime:/etc/localtime:ro - container_name: nextcloudpi - -volumes: - ncdata: diff --git a/docker-compose-nc.yml b/docker-compose-nc.yml deleted file mode 100644 index e45f7bedf..000000000 --- a/docker-compose-nc.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: '3' -services: - nextcloud: - image: ownyourbits/nextcloud-x86 - command: "${IP}" - ports: - - "80:80" - - "443:443" - volumes: - - ncdata:/data - - /etc/localtime:/etc/localtime:ro - container_name: nextcloudpi - -volumes: - ncdata: diff --git a/etc/library.sh b/etc/library.sh index 2e1476451..aa2f716d1 100644 --- a/etc/library.sh +++ b/etc/library.sh @@ -417,7 +417,15 @@ function clear_password_fields() function apt_install() { apt-get update --allow-releaseinfo-change - apt-get install -y --no-install-recommends -o Dpkg::Options::=--force-confdef -o Dpkg::Options::="--force-confold" "$@" + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends -o Dpkg::Options::=--force-confdef -o Dpkg::Options::="--force-confold" "$@" +} + +function is_docker() { + [[ -f /.dockerenv ]] +} + +function is_lxc() { + grep -q container=lxc /proc/1/environ &>/dev/null } function notify_admin() diff --git a/install.sh b/install.sh index b5c2b9ee9..78afffa6a 100644 --- a/install.sh +++ b/install.sh @@ -10,6 +10,7 @@ # more details at https://ownyourbits.com BRANCH="${BRANCH:-master}" + DBG=x set -e$DBG @@ -32,8 +33,11 @@ echo "Getting build code..." apt-get update apt-get install --no-install-recommends -y git ca-certificates sudo lsb-release -git clone -b "${BRANCH}" https://github.com/nextcloud/nextcloudpi.git "${TMPDIR}"/nextcloudpi -cd "${TMPDIR}"/nextcloudpi +if [[ "${CODE_DIR}" == "" ]]; then + CODE_DIR="${TMPDIR}"/nextcloudpi + git clone -b "${BRANCH}" https://github.com/nextcloud/nextcloudpi.git "${CODE_DIR}" +fi +cd "${CODE_DIR}" # install NCP echo -e "\nInstalling NextCloudPi..." diff --git a/tests/libvirt_forwarding.sh b/tests/libvirt_forwarding.sh new file mode 100755 index 000000000..0c3d715d2 --- /dev/null +++ b/tests/libvirt_forwarding.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# copy to /etc/libvirt/hooks/qemu and restart libvirtd + +function manage_ports() +{ + local GUEST_IP=$1 + local GUEST_PORT=$2 + local HOST_PORT=$3 + local OP=$4 + + if [ "${OP}" = "stopped" ] || [ "${OP}" = "reconnect" ]; then + /sbin/iptables -D FORWARD -o virbr1 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT + /sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT + fi + if [ "${OP}" = "start" ] || [ "${OP}" = "reconnect" ]; then + /sbin/iptables -I FORWARD -o virbr1 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT + /sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT + fi +} + +VM_NAME="${1}" +OP="${2}" +GUEST_IP=192.168.121.243 + +# IMPORTANT: Change the "VM NAME" string to match your actual VM Name. +# In order to create rules to other VMs, just duplicate the below block and configure +# it accordingly. +[ "${VM_NAME}" = "nextcloudpi_default" ] || exit 0 + +manage_ports "${GUEST_IP}" 80 80 "${OP}" +manage_ports "${GUEST_IP}" 443 443 "${OP}" +manage_ports "${GUEST_IP}" 4443 4443 "${OP}" + +# these are for SMB +manage_ports "${GUEST_IP}" 137 137 "${OP}" +manage_ports "${GUEST_IP}" 138 138 "${OP}" +manage_ports "${GUEST_IP}" 139 139 "${OP}" +manage_ports "${GUEST_IP}" 445 445 "${OP}" +manage_ports "${GUEST_IP}" 900 900 "${OP}" diff --git a/tests/lxc_forwarding.sh b/tests/lxc_forwarding.sh new file mode 100755 index 000000000..2bc4d4bf8 --- /dev/null +++ b/tests/lxc_forwarding.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +GUEST_IP="${1}" +OP="${2}" +IFACE=lxcbr0 + +function manage_ports() +{ + local GUEST_IP=$1 + local GUEST_PORT=$2 + local HOST_PORT=$3 + local OP=$4 + + if [ "${OP}" = "stopped" ] || [ "${OP}" = "reconnect" ]; then + /sbin/iptables -D FORWARD -o "${IFACE}" -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT + /sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT + fi + if [ "${OP}" = "start" ] || [ "${OP}" = "reconnect" ]; then + /sbin/iptables -I FORWARD -o "${IFACE}" -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT + /sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT + fi +} + +manage_ports "${GUEST_IP}" 80 80 "${OP}" +manage_ports "${GUEST_IP}" 443 443 "${OP}" +manage_ports "${GUEST_IP}" 4443 4443 "${OP}" + +# these are for SMB +manage_ports "${GUEST_IP}" 137 137 "${OP}" +manage_ports "${GUEST_IP}" 138 138 "${OP}" +manage_ports "${GUEST_IP}" 139 139 "${OP}" +manage_ports "${GUEST_IP}" 445 445 "${OP}" +manage_ports "${GUEST_IP}" 900 900 "${OP}" diff --git a/update.sh b/update.sh index 4fa4e70ec..ab3cd41a2 100755 --- a/update.sh +++ b/update.sh @@ -39,10 +39,12 @@ NFS metrics " +if is_docker; then # better use a designated container EXCL_DOCKER+=" samba " +fi # check running apt pgrep apt &>/dev/null && { echo "apt is currently running. Try again later"; exit 1; } @@ -54,11 +56,11 @@ source /usr/local/etc/library.sh mkdir -p "$CONFDIR" # prevent installing some ncp-apps in the docker version -[[ -f /.docker-image ]] && { +if is_docker || is_lxc; then for opt in $EXCL_DOCKER; do touch $CONFDIR/$opt.cfg done -} +fi # copy all files in bin and etc cp -r bin/* /usr/local/bin/