update
This commit is contained in:
11
defaults.inc
11
defaults.inc
@@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
# VERS='4.12.120-11102023'
|
||||
VERS='4.12.125-KYLEUPGRADEv2'
|
||||
VERS='4.12.126-KYLEUPGRADEv3'
|
||||
|
||||
noheader=' service status-check nightlyrephp7.3-fpm,new backup report check checkcerts gitea update-nodes copynpmcerts singleservercheck update-dyndns backup-offsitepfsense gui nightlyreview update '
|
||||
CERT_DAEMON='/snap/bin/certbot'
|
||||
@@ -213,6 +213,15 @@ CERT-CHECK(){
|
||||
fi
|
||||
}
|
||||
|
||||
GET_AUTHELIA_IP(){
|
||||
for NTYPE in "${NM_NODE_TYPES[@]}"; do
|
||||
if [[ "${NM_DOCKERS_CHECK[${NTYPE}]}" == *"authelia"* ]]; then
|
||||
echo ${NM_SINGLESRVR_IP[${NTYPE}]}
|
||||
break
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
SENDNOTICE(){
|
||||
[ "${PUSHOVER_USER_TOKEN}" != "" ] && PUSH_TO_MOBILE "${2}
|
||||
|
||||
|
||||
@@ -309,7 +309,7 @@ SERVICE(){
|
||||
|
||||
NOGOCHK=true;
|
||||
if [ "${1}" == "gitea" ]; then
|
||||
if [[ $($NCMD ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1) != *${NM_SINGLESRVR_IP['WEB']}* ]]; then
|
||||
if [[ $($NCMD ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1) != *$(GET_AUTHELIA_IP)* ]]; then
|
||||
NOGOCHK=false;
|
||||
fi
|
||||
elif [ "${1}" == "headscale" ]; then
|
||||
|
||||
@@ -49,48 +49,14 @@ DELSITE(){
|
||||
echo
|
||||
if [ "${DEL_SSL}" == "yes" ]; then
|
||||
DEL-SSL ${DEL_SITE}
|
||||
NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
|
||||
echo
|
||||
fi
|
||||
|
||||
ssh root@${NM_SINGLESRVR_IP['WEB']} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
|
||||
[ "${NM_AUTHELIA_IP}" != "" ] && ssh root@${NM_AUTHELIA_IP} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
|
||||
|
||||
# echo -en "${idsCL[LightCyan]}Reloading NGINX ... ${idsCL[Default]}"
|
||||
SERVICE nginx restart
|
||||
# echo -e "${idsCL[Green]}Done${idsCL[Default]}"
|
||||
|
||||
# nid=1
|
||||
# for nip in "${NM_HOSTS['WEB'][@]}"; do
|
||||
# if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) == *"${nip}"* ]]; then
|
||||
# nip='localhost '
|
||||
# NCMD=''
|
||||
# else
|
||||
# NCMD="ssh root@${nip}"
|
||||
# fi
|
||||
# echo -en "Removing from Webserver-Node${nid} ($nip)... ${idsCL[Default]}"
|
||||
# if [ "${NCMD}" != "" ]; then
|
||||
# checkhost=$(CHECK_HOST ${nip})
|
||||
# fi
|
||||
# if [ "${checkhost}" != "false" ]; then
|
||||
# #if [ -f ${NM_NGINXPATH}/sites-available/${DEL_SITE} ]; then
|
||||
# ${NCMD} rm -f ${NM_NGINXPATH}/sites-available/${DEL_SITE}*
|
||||
# ${NCMD} rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}*
|
||||
# #fi
|
||||
# #if [ -d /var/www/${DEL_SITE} ]; then
|
||||
# ${NCMD} rm -rf /var/www/${DEL_SITE}
|
||||
# #fi
|
||||
# if [ "${DEL_SSL}" = "yes" ]; then
|
||||
# ${NCMD} rm -rf ${NM_CERTPATH}/archive/${DEL_SITE}
|
||||
# ${NCMD} rm -rf ${NM_CERTPATH}/live/${DEL_SITE}
|
||||
# ${NCMD} rm -f ${NM_CERTPATH}/renewal/${DEL_SITE}.conf
|
||||
# fi
|
||||
# echo -e "${idsCL[Green]}OK${idsCL[Default]}"
|
||||
# else
|
||||
# echo -e "${idsCL[Red]}Node is down${idsCL[Default]}"
|
||||
# fi
|
||||
# nid=`expr $nid + 1`
|
||||
# done
|
||||
# echo
|
||||
# SERVICE nginx reload ns
|
||||
|
||||
echo -e "${idsCL[LightRed]}Site has been deleted.${idsCL[Default]}\n"
|
||||
else
|
||||
echo "Missing arguments"
|
||||
@@ -245,8 +211,6 @@ NEWSITE(){
|
||||
showdivide=yes
|
||||
if [[ $CREATE_SSL =~ ^[Yy]$ ]] || [ "${CREATE_SSL}" = "" ]; then
|
||||
CREATE_SSL=yes
|
||||
# echo -en "${idsCL[LightCyan]}Add additonal domain names to the SSL cert (comma seperated)? : ${idsCL[Default]}"
|
||||
# read ssladd
|
||||
else
|
||||
CREATE_SSL=no
|
||||
fi
|
||||
@@ -325,6 +289,7 @@ NEWSITE(){
|
||||
read MFA
|
||||
showdivide=yes
|
||||
([[ ${MFA} =~ ^[Yy]$ ]] || [ "${MFA}" = "" ]) && SECURE="2FA" || SECURE="1FA"
|
||||
NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
|
||||
else
|
||||
SECURE=no
|
||||
fi
|
||||
@@ -362,6 +327,22 @@ NEWSITE(){
|
||||
fi
|
||||
nginxconfig=${NM_NGINXPATH}/sites-enabled/${MAIN_SITE}.conf
|
||||
|
||||
if [ -f ${nginxconfig} ]; then
|
||||
echo -en "${idsCL[LightRed]}This site already exists, overwrite it? (y/N): ${idsCL[Default]}"
|
||||
read EXPLOITS
|
||||
showdivide=yes
|
||||
echo
|
||||
if [[ ${EXPLOITS} =~ ^[Nn]$ ]] || [ "${EXPLOITS}" = "" ]; then
|
||||
exit 0
|
||||
elif [[ ${EXPLOITS} =~ ^[Yy]$ ]]; then
|
||||
rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}* >/dev/null 2>&1
|
||||
ssh root@${NM_AUTHELIA_IP} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if [ "${SITE_TYPE}" = "proxy" ]; then
|
||||
if [ ! -z ${PROXYSCHEME+x} ] && [ ! -z ${PROXYHOST+x} ] && [ ! -z ${PROXYPORT+x} ]; then GO=true; fi
|
||||
else GO=true
|
||||
@@ -375,12 +356,7 @@ NEWSITE(){
|
||||
[ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d\/include\/block-exploits.conf;" || EXPLOITS=""
|
||||
if [[ "${SECURE}" = *"FA"* ]] && [ "${NM_DOCKER_COMPOSE_LOC['authelia']}" != "" ]; then
|
||||
echo -e "${idsCL[LightGreen]}Configuring Authelia SSO for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}"
|
||||
for NTYPE in "${NM_NODE_TYPES[@]}"; do
|
||||
if [[ "${NM_DOCKERS_CHECK[${NTYPE}]}" == *"authelia"* ]]; then
|
||||
NM_AUTHELIA_IP=${NM_SINGLESRVR_IP[${NTYPE}]}
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "${SECURE}" == "2FA" ]; then
|
||||
ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
|
||||
else
|
||||
@@ -438,28 +414,8 @@ NEWSITE(){
|
||||
fi
|
||||
echo -e "}" >> ${nginxconfig}
|
||||
|
||||
|
||||
sudo -u www-data mkdir -p /var/www/${MAIN_SITE}/{public_html,nginx_logs}
|
||||
# echo -en "${idsCL[LightYellow]}Waiting for folder replication across the webserver nodes... ${idsCL[Default]}"
|
||||
# for nip in "${NM_HOSTS['WEB'][@]}"; do
|
||||
# checkhost=$(CHECK_HOST ${nip})
|
||||
# if [ "${checkhost}" != "false" ]; then
|
||||
# if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then
|
||||
# checked=false
|
||||
# until [ "${checked}" = "" ]; do
|
||||
# checked=`ssh root@${nip} "[ ! -d /var/www/${MAIN_SITE} ] && echo does not exist"`
|
||||
# done
|
||||
# fi
|
||||
# fi
|
||||
# done
|
||||
# echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
|
||||
#
|
||||
# echo -en "${idsCL[LightYellow]}Setting folder permissions... ${idsCL[Default]}"
|
||||
# SET-PERMISSIONS ${MAIN_SITE}
|
||||
# echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
|
||||
|
||||
|
||||
|
||||
######################################### PROXY
|
||||
else
|
||||
|
||||
@@ -477,10 +433,8 @@ NEWSITE(){
|
||||
fi
|
||||
|
||||
if [ "${CREATE_SSL}" = "yes" ]; then
|
||||
[ "${ssladd}" != "" ] && NEWCERT ${NEW_SITE},${ssladd} newsite ${CERTTEST} || NEWCERT ${NEW_SITE} newsite ${CERTTEST}
|
||||
# if [ "${SITE_TYPE}" == "proxy" ]; then
|
||||
# sed -i "s/#ssl_certificate/ssl_certificate/g" ${nginxconfig}
|
||||
# fi
|
||||
[ -f ${NM_NGINXPATH}/sites-enabled/default* ] && SERVICE nginx restart >/dev/null 2>&1
|
||||
NEWCERT ${NEW_SITE} newsite ${CERTTEST}
|
||||
fi
|
||||
|
||||
rm -f ${NM_LOGFOLDER}/new-site.lastrun
|
||||
|
||||
@@ -187,8 +187,9 @@ STATUS(){
|
||||
srvcstotest="$(join_by " " ${!srvcs})"
|
||||
[ "${NTYPE}" != "OFW" ] && srvctst=(`${NCMD} "systemctl is-active ${srvcstotest}"`)
|
||||
sr=0
|
||||
[ "${NM_AUTHELIA_IP}" == "" ] && NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
|
||||
for srvc in "${!srvcs}"; do
|
||||
[ "${srvc}" == "gitea" ] && [ "${NTYPE}" == "WEB" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_SINGLESRVR_IP['WEB']}* ]] && NOGOCHK=false || NOGOCHK=true
|
||||
[ "${srvc}" == "gitea" ] && [ "${NTYPE}" == "WEB" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_AUTHELIA_IP}* ]] && NOGOCHK=false || NOGOCHK=true
|
||||
[ "${srvc}" == "headscale" ] && [ "${NTYPE}" == "HS" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_SINGLESRVR_IP['HS']}* ]] && NOGOCHK=false
|
||||
[ "${srvc}" == "keepalived" ] && ([ "${nip}" == "10.2.1.2" ] || [ "${nip}" == "10.2.1.51" ]) && NOGOCHK=false
|
||||
if [ ${NOGOCHK} == true ]; then
|
||||
@@ -350,12 +351,10 @@ STATUS(){
|
||||
echo -e "${idsCL[Yellow]} Docker Service(s) Status${idsCL[Default]}"
|
||||
echo -e "${idsCL[Yellow]}----------------------------------------------------${idsCL[Default]}"
|
||||
fi
|
||||
|
||||
[ "${NM_AUTHELIA_IP}" != "" ] && NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
|
||||
for docker in "${!dockers}"; do
|
||||
if [ "${NTYPE}" == "WEB" ]; then
|
||||
([ "${docker}" == "vaultwarden" ] || [ "${docker}" == "heimdall" ] || [ "${docker}" == "authelia" ]) && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_SINGLESRVR_IP['WEB']}* ]] && NOGOCHK=false || NOGOCHK=true
|
||||
elif [ "${NTYPE}" == "LPD" ]; then
|
||||
[ "${docker}" == "uptime-kuma" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *10.2.1.2* ]] && NOGOCHK=false || NOGOCHK=true
|
||||
([ "${docker}" == "vaultwarden" ] || [ "${docker}" == "heimdall" ] || [ "${docker}" == "authelia" ]) && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_AUTHELIA_IP}* ]] && NOGOCHK=false || NOGOCHK=true
|
||||
else
|
||||
NOGOCHK=true
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user