voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

update

Browse Source
This commit is contained in:
David Schroeder
2023-11-11 23:12:38 -06:00
parent 1fa5e691e1
commit 9fd2be9a75
3 changed files with 56 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
defaults.inc
View File

@@ -1,5 +1,5 @@
#!/usr/bin/env bash
VERS='4.13.1-11112023'
VERS='4.13.2-11112023'
noheader=' service status-check nightlyrephp7.3-fpm,new backup report check checkcerts gitea update-nodes copynpmcerts singleservercheck update-dyndns backup-offsitepfsense gui nightlyreview update '
CERT_DAEMON='/snap/bin/certbot'
@@ -168,8 +168,12 @@ NM_BACKUP_ITEMS['keepalived']=/etc/keepalived
NM_BACKUP_ITEMS['fail2ban']=/etc/fail2ban
# NM_BACKUP_ITEMS[nginx]=/
for NTYPE in "${NM_NODE_TYPES[@]}"; do
if [[ "${NM_DOCKERS_CHECK[${NTYPE}]}" == *"authelia"* ]]; then
NM_AUTHELIA_IP=${NM_SINGLESRVR_IP[${NTYPE}]}
break
fi
done
GET-CHECKCERT-DOMAINS(){
declare -A CHECKCERT_DOMAINS
@@ -212,15 +216,6 @@ CERT-CHECK(){
fi
}
GET_AUTHELIA_IP(){
for NTYPE in "${NM_NODE_TYPES[@]}"; do
if [[ "${NM_DOCKERS_CHECK[${NTYPE}]}" == *"authelia"* ]]; then
echo ${NM_SINGLESRVR_IP[${NTYPE}]}
break
fi
done
}
SENDNOTICE(){
[ "${PUSHOVER_USER_TOKEN}" != "" ] && PUSH_TO_MOBILE "${2}

61
inc/sites.inc
View File

@@ -49,7 +49,6 @@ DELSITE(){
echo
if [ "${DEL_SSL}" == "yes" ]; then
DEL-SSL ${DEL_SITE}
NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
echo
fi
@@ -540,10 +539,19 @@ NEWPROXYSITE_CREATE(){
sed -i "s/include conf.d\/include\/ssl-ciphers.conf/#include conf.d\/include\/ssl-ciphers.conf/g" ${nginxconfig}
sed -i "s/include conf.d\/include\/force-ssl.conf/#include conf.d\/include\/force-ssl.conf/g" ${nginxconfig}
fi
if [ "${SECURE^^}" == "YES" ] || [[ "${SECURE}" = *"FA"* ]]; then
if [[ "${SECURE}" = *"FA"* ]]; then
sed -i "s/#include conf.d\/include\/secure-access.conf/include conf.d\/include\/secure-access.conf/g" ${nginxconfig}
ssh root@${NM_AUTHELIA_IP} sed -i "/${SITENAME}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
if [ "${SECURE}" == "2FA" ]; then
ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
else
ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
fi
ssh root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
ssh root@${NM_AUTHELIA_IP} "/usr/bin/docker restart authelia >/dev/null 2>&1"
else
sed -i "s/include conf.d\/include\/secure-access.conf/#include conf.d\/include\/secure-access.conf/g" ${nginxconfig}
[ "${NM_AUTHELIA_IP}" != "" ] && ssh root@${NM_AUTHELIA_IP} sed -i "/${SITENAME}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
fi
if [ "${WEBSOCKET^^}" == "YES" ]; then
sed -i "s/#include conf.d\/include\/websocket-support.conf/include conf.d\/include\/websocket-support.conf/g" ${nginxconfig}
@@ -619,6 +627,26 @@ SITEINFO(){
[ "$(grep '\#include conf.d/include/block-exploits.conf' ${sitefile})" != "" ] && explt='' || explt='Yes'
[ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" != "" ] && lock='' || lock='Yes'
if [ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" == "" ]; then
if [ "${onefacline}" == "" ]; then
onefacline=$(ssh root@${NM_AUTHELIA_IP} grep -Fn one_factor /mnt/web-data/authelia/config/configuration.yml | sort | tail -n1)
onefacline=${onefacline%%:*}
twofacline=$(ssh root@${NM_AUTHELIA_IP} grep -Fn two_factor /mnt/web-data/authelia/config/configuration.yml | sort | tail -n1)
twofacline=${twofacline%%:*}
fi
sitefacline=$(ssh root@${NM_AUTHELIA_IP} grep -Fn ${site} /mnt/web-data/authelia/config/configuration.yml | sort | tail -n1)
sitefacline=${onefacline%%:*}
if "${sitefacline}" == "" ]; then
lock='error'
elif [ ${sitefacline} -lt ${onefacline} ]; then
lock='1FA'
elif [ ${sitefacline} -lt ${twofacline} ]; then
lock='2FA'
fi
else
lock='-'
fi
[ ${i} -lt 10 ] && ii=" ${i}" || ii=${i}
[ "${1}" == "edit" ] && msg1="${ii}) ${site}" || msg1="${site}"
@@ -686,7 +714,20 @@ SITEINFO(){
[ "$(grep '\#include conf.d/include/hsts-support.conf' ${sitefile})" != "" ] && hsts='-' || hsts='Yes'
[ "$(grep '\#include conf.d/include/websocket-support.conf' ${sitefile})" != "" ] && wbskt='-' || wbskt='Yes'
[ "$(grep '\#include conf.d/include/block-exploits.conf' ${sitefile})" != "" ] && explt='-' || explt='Yes'
[ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" != "" ] && lock='-' || lock='Yes'
# [ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" != "" ] && lock='-' || lock='Yes'
if [ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" == "" ]; then
sitefacline=$(ssh root@${NM_AUTHELIA_IP} grep -Fn ${site} /mnt/web-data/authelia/config/configuration.yml | sort | tail -n1)
sitefacline=${onefacline%%:*}
if "${sitefacline}" == "" ]; then
lock='error'
elif [ ${sitefacline} -lt ${onefacline} ]; then
lock='1FA'
elif [ ${sitefacline} -lt ${twofacline} ]; then
lock='2FA'
fi
else
lock='-'
fi
f=0
until [ "${edit}" = "c" ]; do
echo -e "\033[K${idsCL[White]}0) Site Address(es): ${idsCL[Cyan]}${idsST[Bold]}${servernames}${idsST[Reset]}"
@@ -732,7 +773,10 @@ SITEINFO(){
3) [ "${hsts}" == "-" ] && hsts='Yes' || hsts='-';;
4) [ "${wbskt}" == "-" ] && wbskt='Yes' || wbskt='-';;
5) [ "${explt}" == "-" ] && explt='Yes' || explt='-';;
6) [ "${lock}" == "-" ] && lock='Yes' || lock='-';;
6) [ "${lock}" == "-" ] && lock='1FA'
[ "${lock}" == "1FA" ] && lock='2FA'
[ "${lock}" == "2FA" ] && lock='-'
;;
7) echo -e "\033[K\n\033[K"
echo -en "\033[KEnter new Proxy Address: "
read -i "${server}" -e server
@@ -740,14 +784,7 @@ SITEINFO(){
# echo -e "\033[5A"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[5A"
;;
8) [ "${scheme}" == "http" ] && scheme='https' || scheme='http';;
# 8)
# echo -e "\033[K\n\033[K"
# echo -en "\033[KEnter new Proxy Scheme (http/https): "
# read scheme
# echo -e "\033[5A"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[5A"
# ;;
9)
echo -e "\033[K\n\033[K"
9) echo -e "\033[K\n\033[K"
echo -en "\033[KEnter new Proxy Port: "
read -i "${port}" -e port
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"

2
inc/status.inc
View File

@@ -187,7 +187,6 @@ STATUS(){
srvcstotest="$(join_by " " ${!srvcs})"
[ "${NTYPE}" != "OFW" ] && srvctst=(`${NCMD} "systemctl is-active ${srvcstotest}"`)
sr=0
[ "${NM_AUTHELIA_IP}" == "" ] && NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
for srvc in "${!srvcs}"; do
[ "${srvc}" == "gitea" ] && [ "${NTYPE}" == "WEB" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_AUTHELIA_IP}* ]] && NOGOCHK=false || NOGOCHK=true
[ "${srvc}" == "headscale" ] && [ "${NTYPE}" == "HS" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_SINGLESRVR_IP['HS']}* ]] && NOGOCHK=false
@@ -351,7 +350,6 @@ STATUS(){
echo -e "${idsCL[Yellow]} Docker Service(s) Status${idsCL[Default]}"
echo -e "${idsCL[Yellow]}----------------------------------------------------${idsCL[Default]}"
fi
[ "${NM_AUTHELIA_IP}" != "" ] && NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
for docker in "${!dockers}"; do
if [ "${NTYPE}" == "WEB" ]; then
([ "${docker}" == "vaultwarden" ] || [ "${docker}" == "heimdall" ] || [ "${docker}" == "authelia" ]) && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_AUTHELIA_IP}* ]] && NOGOCHK=false || NOGOCHK=true