Implement firewall script and morev0.1.2

3 files changed, 68 insertions, 38 deletions

diff --git a/firewall/multiconfig.sh b/firewall/multiconfig.sh
new file mode 100755
index 0000000..1c9b6ff
--- /dev/null
+++ b/firewall/multiconfig.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+mkdir /etc/iptables
+
+configure() {
+	if ! grep -q "$3_SAVE=\"/etc/iptables/$1\""; then
+		echo "Reconfiguring $2 service configuration"
+		sed -i "s#^$3_SAVE=.*\$#$3_SAVE=\"/etc/iptables/$1\"#" "/etc/conf.d/$2"
+	fi
+}
+configure ipv4 iptables IPTABLES
+configure ipv6 ip6tables IP6TABLES
+
+H="$(hostname)"
+
+if inst "firewall/$H.ipv4" /etc/iptables/ipv4; then
+	echo "Reloading IPv4 firewall"
+	service iptables reload
+fi
+
+if inst "firewall/$H.ipv6" /etc/iptables/ipv6; then
+	echo "Reloading IPv6 firewall"
+	service ip6tables reload
+fi
diff --git a/multiconfig.sh b/multiconfig.sh
index 1519e48..e85f0c0 100755
--- a/multiconfig.sh
+++ b/multiconfig.sh
@@ -1,39 +1,27 @@
 #!/bin/sh
 set -e
 
-ARGS=""
+MODS=""
 LOCAL=false
-SYSLOG=false
 
 # TODO email notifications
+# TODO version verification
 
 while [ $# -gt 0 ]; do
 	case "$1" in
 		-h|--help)
-			echo "Multiconfig system call script"
-			echo "Usage: multiconfig.sh [OPTION]..."
+			echo "Multiconfig system script"
+			echo "Usage: multiconfig.sh [OPTION]... [MODULE]..."
 			echo
 			echo "Options:"
-			echo "--local - Use current working directory as multiconfig source."
-			echo "--syslog - pipe output to syslog"
-			echo "Passed options:"
-			echo "--verbose - Make output more verbose"
-			echo "--quiet - Make output more quiet"
-			echo "--operation OPT - run only given operation"
+			echo "--local - use current working directory as source for files"
 			exit 0
 			;;
-		--verbose|-v|--quiet|-q)
-			ARGS="$ARGS $1"
-			;;
-		--operation|-o)
-			ARGS="$ARGS $1 $2"
-			shift
-			;;
 		--local)
 			LOCAL=true
 			;;
-		--syslog)
-			SYSLOG=true
+		*)
+			MODS="$MODS $1"
 			;;
 	esac
 	shift
@@ -44,30 +32,47 @@ done
 	exit 1
 }
 
-PREFIX="/root/.multiconfig"
-
-# Check if we have key
-if [ ! -f "$PREFIX/key" ]; then
-	echo "Key is not in expected path. Please setup this host for multiconfig."
-	exit 1
-fi
-
-# TODO check key access rights
-
 if ! $LOCAL; then
-	if [ -d "$PREFIX/repo" ]; then
-		true
-		# TODO git clone
+	if [ ! -d "/root/.multiconfig" ]; then
+		echo "No files directory. Please setup it first."
+		exit 1
 	fi
-	cd "$PREFIX/repo"
-	# Pull git repository
+	cd "/root/.multiconfig"
+	# Update git repository
 	git fetch
 	git reset --hard origin/master
 	git clean -xdf
+	# Verify trunk
+	# TODO gpg home?
+	#git verify-commit HEAD
 fi
 
-# TODO check repository signature
+MODDIR="/usr/lib/multiconfig"
+# No modules given means to process all modules
+if [ -z "$MODS" ]; then
+	for M in $(find "$MODDIR" -executable); do
+		MODS="$MODS $M"
+	done
+else
+	# Go trough all given modules and check if we have such module
+	NMODS=""
+	for M in $MODS; do
+		if [ ! -x "$M" ]; then # Is not path directly to script
+			if [ ! -x "$MODDIR/$M" ]; then
+				echo "No such mode: $M"
+				exit 1
+			else
+				NMODS="$NMODS $MODDIR/$M"
+			fi
+		else
+			NMODS="$NMODS $M"
+		fi
+	done
+	MODS="$NMODS"
+fi
 
-CMD="./run.sh --key $PREFIX/key $ARGS"
-# Run command
-$CMD
+mkdir -p /var/log/multiconfig
+for M in $MODS; do
+	LOG="/var/log/multiconfig/$(basename "$M")"
+	"$M" | logger -s -t "multiconfig-$M" | tee "$LOG" || echo "TODO send email!"
+done
diff --git a/openvpn/multiconfig.sh b/openvpn/multiconfig.sh
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/openvpn/multiconfig.sh