voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

update

Browse Source
This commit is contained in:
David Schroeder
2023-11-11 11:24:18 -06:00
parent 6d2fc754eb
commit a41d0ece6b
4 changed files with 38 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
defaults.inc
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# VERS='4.12.120-11102023' # VERS='4.12.120-11102023'
VERS='4.12.125-KYLEUPGRADEv2' VERS='4.12.126-KYLEUPGRADEv3'
noheader=' service status-check nightlyrephp7.3-fpm,new backup report check checkcerts gitea update-nodes copynpmcerts singleservercheck update-dyndns backup-offsitepfsense gui nightlyreview update ' noheader=' service status-check nightlyrephp7.3-fpm,new backup report check checkcerts gitea update-nodes copynpmcerts singleservercheck update-dyndns backup-offsitepfsense gui nightlyreview update '
CERT_DAEMON='/snap/bin/certbot' CERT_DAEMON='/snap/bin/certbot'
@@ -213,6 +213,15 @@ CERT-CHECK(){
fi fi
} }
GET_AUTHELIA_IP(){
for NTYPE in "${NM_NODE_TYPES[@]}"; do
if [[ "${NM_DOCKERS_CHECK[${NTYPE}]}" == *"authelia"* ]]; then
echo ${NM_SINGLESRVR_IP[${NTYPE}]}
break
fi
done
}
SENDNOTICE(){ SENDNOTICE(){
[ "${PUSHOVER_USER_TOKEN}" != "" ] && PUSH_TO_MOBILE "${2} [ "${PUSHOVER_USER_TOKEN}" != "" ] && PUSH_TO_MOBILE "${2}

2
inc/services.inc
View File

@@ -309,7 +309,7 @@ SERVICE(){
NOGOCHK=true; NOGOCHK=true;
if [ "${1}" == "gitea" ]; then if [ "${1}" == "gitea" ]; then
if [[ $($NCMD ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1) != *${NM_SINGLESRVR_IP['WEB']}* ]]; then if [[ $($NCMD ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1) != *$(GET_AUTHELIA_IP)* ]]; then
NOGOCHK=false; NOGOCHK=false;
fi fi
elif [ "${1}" == "headscale" ]; then elif [ "${1}" == "headscale" ]; then

92
inc/sites.inc
View File

@@ -49,48 +49,14 @@ DELSITE(){
echo echo
if [ "${DEL_SSL}" == "yes" ]; then if [ "${DEL_SSL}" == "yes" ]; then
DEL-SSL ${DEL_SITE} DEL-SSL ${DEL_SITE}
NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
echo echo
fi fi
ssh root@${NM_SINGLESRVR_IP['WEB']} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml [ "${NM_AUTHELIA_IP}" != "" ] && ssh root@${NM_AUTHELIA_IP} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
# echo -en "${idsCL[LightCyan]}Reloading NGINX ... ${idsCL[Default]}"
SERVICE nginx restart SERVICE nginx restart
# echo -e "${idsCL[Green]}Done${idsCL[Default]}"
# nid=1
# for nip in "${NM_HOSTS['WEB'][@]}"; do
# if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) == *"${nip}"* ]]; then
# nip='localhost '
# NCMD=''
# else
# NCMD="ssh root@${nip}"
# fi
# echo -en "Removing from Webserver-Node${nid} ($nip)... ${idsCL[Default]}"
# if [ "${NCMD}" != "" ]; then
# checkhost=$(CHECK_HOST ${nip})
# fi
# if [ "${checkhost}" != "false" ]; then
# #if [ -f ${NM_NGINXPATH}/sites-available/${DEL_SITE} ]; then
# ${NCMD} rm -f ${NM_NGINXPATH}/sites-available/${DEL_SITE}*
# ${NCMD} rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}*
# #fi
# #if [ -d /var/www/${DEL_SITE} ]; then
# ${NCMD} rm -rf /var/www/${DEL_SITE}
# #fi
# if [ "${DEL_SSL}" = "yes" ]; then
# ${NCMD} rm -rf ${NM_CERTPATH}/archive/${DEL_SITE}
# ${NCMD} rm -rf ${NM_CERTPATH}/live/${DEL_SITE}
# ${NCMD} rm -f ${NM_CERTPATH}/renewal/${DEL_SITE}.conf
# fi
# echo -e "${idsCL[Green]}OK${idsCL[Default]}"
# else
# echo -e "${idsCL[Red]}Node is down${idsCL[Default]}"
# fi
# nid=`expr $nid + 1`
# done
# echo
# SERVICE nginx reload ns
echo -e "${idsCL[LightRed]}Site has been deleted.${idsCL[Default]}\n" echo -e "${idsCL[LightRed]}Site has been deleted.${idsCL[Default]}\n"
else else
echo "Missing arguments" echo "Missing arguments"
@@ -245,8 +211,6 @@ NEWSITE(){
showdivide=yes showdivide=yes
if [[ $CREATE_SSL =~ ^[Yy]$ ]] || [ "${CREATE_SSL}" = "" ]; then if [[ $CREATE_SSL =~ ^[Yy]$ ]] || [ "${CREATE_SSL}" = "" ]; then
CREATE_SSL=yes CREATE_SSL=yes
# echo -en "${idsCL[LightCyan]}Add additonal domain names to the SSL cert (comma seperated)? : ${idsCL[Default]}"
# read ssladd
else else
CREATE_SSL=no CREATE_SSL=no
fi fi
@@ -325,6 +289,7 @@ NEWSITE(){
read MFA read MFA
showdivide=yes showdivide=yes
([[ ${MFA} =~ ^[Yy]$ ]] || [ "${MFA}" = "" ]) && SECURE="2FA" || SECURE="1FA" ([[ ${MFA} =~ ^[Yy]$ ]] || [ "${MFA}" = "" ]) && SECURE="2FA" || SECURE="1FA"
NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
else else
SECURE=no SECURE=no
fi fi
@@ -362,6 +327,22 @@ NEWSITE(){
fi fi
nginxconfig=${NM_NGINXPATH}/sites-enabled/${MAIN_SITE}.conf nginxconfig=${NM_NGINXPATH}/sites-enabled/${MAIN_SITE}.conf
if [ -f ${nginxconfig} ]; then
echo -en "${idsCL[LightRed]}This site already exists, overwrite it? (y/N): ${idsCL[Default]}"
read EXPLOITS
showdivide=yes
echo
if [[ ${EXPLOITS} =~ ^[Nn]$ ]] || [ "${EXPLOITS}" = "" ]; then
exit 0
elif [[ ${EXPLOITS} =~ ^[Yy]$ ]]; then
rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}* >/dev/null 2>&1
ssh root@${NM_AUTHELIA_IP} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
else
exit 0
fi
fi
if [ "${SITE_TYPE}" = "proxy" ]; then if [ "${SITE_TYPE}" = "proxy" ]; then
if [ ! -z ${PROXYSCHEME+x} ] && [ ! -z ${PROXYHOST+x} ] && [ ! -z ${PROXYPORT+x} ]; then GO=true; fi if [ ! -z ${PROXYSCHEME+x} ] && [ ! -z ${PROXYHOST+x} ] && [ ! -z ${PROXYPORT+x} ]; then GO=true; fi
else GO=true else GO=true
@@ -375,12 +356,7 @@ NEWSITE(){
[ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d\/include\/block-exploits.conf;" || EXPLOITS="" [ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d\/include\/block-exploits.conf;" || EXPLOITS=""
if [[ "${SECURE}" = *"FA"* ]] && [ "${NM_DOCKER_COMPOSE_LOC['authelia']}" != "" ]; then if [[ "${SECURE}" = *"FA"* ]] && [ "${NM_DOCKER_COMPOSE_LOC['authelia']}" != "" ]; then
echo -e "${idsCL[LightGreen]}Configuring Authelia SSO for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}" echo -e "${idsCL[LightGreen]}Configuring Authelia SSO for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}"
for NTYPE in "${NM_NODE_TYPES[@]}"; do
if [[ "${NM_DOCKERS_CHECK[${NTYPE}]}" == *"authelia"* ]]; then
NM_AUTHELIA_IP=${NM_SINGLESRVR_IP[${NTYPE}]}
break
fi
done
if [ "${SECURE}" == "2FA" ]; then if [ "${SECURE}" == "2FA" ]; then
ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
else else
@@ -438,28 +414,8 @@ NEWSITE(){
fi fi
echo -e "}" >> ${nginxconfig} echo -e "}" >> ${nginxconfig}
sudo -u www-data mkdir -p /var/www/${MAIN_SITE}/{public_html,nginx_logs} sudo -u www-data mkdir -p /var/www/${MAIN_SITE}/{public_html,nginx_logs}
# echo -en "${idsCL[LightYellow]}Waiting for folder replication across the webserver nodes... ${idsCL[Default]}"
# for nip in "${NM_HOSTS['WEB'][@]}"; do
# checkhost=$(CHECK_HOST ${nip})
# if [ "${checkhost}" != "false" ]; then
# if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then
# checked=false
# until [ "${checked}" = "" ]; do
# checked=`ssh root@${nip} "[ ! -d /var/www/${MAIN_SITE} ] && echo does not exist"`
# done
# fi
# fi
# done
# echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
#
# echo -en "${idsCL[LightYellow]}Setting folder permissions... ${idsCL[Default]}"
# SET-PERMISSIONS ${MAIN_SITE}
# echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
######################################### PROXY ######################################### PROXY
else else
@@ -477,10 +433,8 @@ NEWSITE(){
fi fi
if [ "${CREATE_SSL}" = "yes" ]; then if [ "${CREATE_SSL}" = "yes" ]; then
[ "${ssladd}" != "" ] && NEWCERT ${NEW_SITE},${ssladd} newsite ${CERTTEST} || NEWCERT ${NEW_SITE} newsite ${CERTTEST} [ -f ${NM_NGINXPATH}/sites-enabled/default* ] && SERVICE nginx restart >/dev/null 2>&1
# if [ "${SITE_TYPE}" == "proxy" ]; then NEWCERT ${NEW_SITE} newsite ${CERTTEST}
# sed -i "s/#ssl_certificate/ssl_certificate/g" ${nginxconfig}
# fi
fi fi
rm -f ${NM_LOGFOLDER}/new-site.lastrun rm -f ${NM_LOGFOLDER}/new-site.lastrun

9
inc/status.inc
View File

@@ -187,8 +187,9 @@ STATUS(){
srvcstotest="$(join_by " " ${!srvcs})" srvcstotest="$(join_by " " ${!srvcs})"
[ "${NTYPE}" != "OFW" ] && srvctst=(`${NCMD} "systemctl is-active ${srvcstotest}"`) [ "${NTYPE}" != "OFW" ] && srvctst=(`${NCMD} "systemctl is-active ${srvcstotest}"`)
sr=0 sr=0
[ "${NM_AUTHELIA_IP}" == "" ] && NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
for srvc in "${!srvcs}"; do for srvc in "${!srvcs}"; do
[ "${srvc}" == "gitea" ] && [ "${NTYPE}" == "WEB" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_SINGLESRVR_IP['WEB']}* ]] && NOGOCHK=false || NOGOCHK=true [ "${srvc}" == "gitea" ] && [ "${NTYPE}" == "WEB" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_AUTHELIA_IP}* ]] && NOGOCHK=false || NOGOCHK=true
[ "${srvc}" == "headscale" ] && [ "${NTYPE}" == "HS" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_SINGLESRVR_IP['HS']}* ]] && NOGOCHK=false [ "${srvc}" == "headscale" ] && [ "${NTYPE}" == "HS" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_SINGLESRVR_IP['HS']}* ]] && NOGOCHK=false
[ "${srvc}" == "keepalived" ] && ([ "${nip}" == "10.2.1.2" ] || [ "${nip}" == "10.2.1.51" ]) && NOGOCHK=false [ "${srvc}" == "keepalived" ] && ([ "${nip}" == "10.2.1.2" ] || [ "${nip}" == "10.2.1.51" ]) && NOGOCHK=false
if [ ${NOGOCHK} == true ]; then if [ ${NOGOCHK} == true ]; then
@@ -350,12 +351,10 @@ STATUS(){
echo -e "${idsCL[Yellow]} Docker Service(s) Status${idsCL[Default]}" echo -e "${idsCL[Yellow]} Docker Service(s) Status${idsCL[Default]}"
echo -e "${idsCL[Yellow]}----------------------------------------------------${idsCL[Default]}" echo -e "${idsCL[Yellow]}----------------------------------------------------${idsCL[Default]}"
fi fi
[ "${NM_AUTHELIA_IP}" != "" ] && NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
for docker in "${!dockers}"; do for docker in "${!dockers}"; do
if [ "${NTYPE}" == "WEB" ]; then if [ "${NTYPE}" == "WEB" ]; then
([ "${docker}" == "vaultwarden" ] || [ "${docker}" == "heimdall" ] || [ "${docker}" == "authelia" ]) && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_SINGLESRVR_IP['WEB']}* ]] && NOGOCHK=false || NOGOCHK=true ([ "${docker}" == "vaultwarden" ] || [ "${docker}" == "heimdall" ] || [ "${docker}" == "authelia" ]) && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_AUTHELIA_IP}* ]] && NOGOCHK=false || NOGOCHK=true
elif [ "${NTYPE}" == "LPD" ]; then
[ "${docker}" == "uptime-kuma" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *10.2.1.2* ]] && NOGOCHK=false || NOGOCHK=true
else else
NOGOCHK=true NOGOCHK=true
fi fi