Support launching old dagger.

2024-06-30 16:18:55 -04:00 · 2024-06-30 16:18:55 -04:00 · 0363a462a0
parent f09844c03c
commit 0363a462a0
6 changed files with 26 additions and 24 deletions
--- a/ansible/environments/home/host_vars/homeserver
+++ b/ansible/environments/home/host_vars/homeserver
@ -31,7 +31,6 @@ pflog_conf:
 network_rc: "homeserver_network.conf"
 rc_conf: "homeserver_rc.conf"
 loader_conf: "homeserver_loader.conf"
-netgraph_config: "setup_netgraph_homeserver"
 cputype: "intel"
 hwpstate: false
 devfs_rules: "homeserver_devfs.rules"
@ -51,6 +50,9 @@ jail_list:
  - name: dagger
    conf:
      src: dagger
+  - name: olddagger
+    conf:
+      src: olddagger
  - name: sftp
    conf:
      src: sftp
--- a/ansible/roles/firewall/files/homeserver_pf.conf
+++ b/ansible/roles/firewall/files/homeserver_pf.conf
@ -25,9 +25,14 @@ rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1
 nat pass on $ext_if inet from 10.215.2.0/24 to !10.215.2.0/24 -> (wlan0)
 rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.2.1 port 53 -> 1.1.1.1 port 53

+# cloak -> dagger
 rdr pass on $ext_if inet proto tcp from $not_restricted_nat_v4 to any port 8081 -> 10.215.2.2 port 8081
 nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8081 -> 10.215.2.1

+# cloak -> olddagger
+rdr pass on $ext_if inet proto tcp from $not_restricted_nat_v4 to any port 8082 -> 10.215.2.2 port 8082
+nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8082 -> 10.215.2.1
+
 # Forward ports for unifi controller
 # rdr pass on $ext_if inet proto tcp from any to any port 65022 -> 10.213.177.8 port 22
 rdr pass on $ext_if inet proto {udp, tcp} from any to any port $unifi_ports -> 10.215.1.202
--- a/ansible/roles/jail/files/jails/cloak.conf
+++ b/ansible/roles/jail/files/jails/cloak.conf
@ -2,6 +2,9 @@ cloak {
    path = "/jail/${name}";
    vnet;
    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start restricted_nat jail${name} 10.215.2.1/24";
+    # Create a dummy interface that is never used, just to create the cloak bridge that is used by children.
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak dummy${name} 192.168.1.0/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak dummy{name}";
    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop restricted_nat jail${name}";
    vnet.interface += "jail${name}";
    vnet.interface += "cloak";
--- a/ansible/roles/jail/files/jails/dagger.conf
+++ b/ansible/roles/jail/files/jails/dagger.conf
@ -3,6 +3,9 @@ dagger {
    vnet;
    vnet.interface += "dagger";

+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak ${name} 192.168.1.0/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak ${name}";
+
    exec.start += "/bin/sh /etc/rc";
    exec.stop = "/bin/sh /etc/rc.shutdown jail";
    exec.consolelog = "/var/log/jail_${name}_console.log";
--- a/ansible/roles/jail/files/jails/olddagger.conf
+++ b/ansible/roles/jail/files/jails/olddagger.conf
@ -0,0 +1,12 @@
+olddagger {
+    path = "/jail/${name}";
+    vnet;
+    vnet.interface += "olddagger";
+
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak ${name} 192.168.1.0/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak ${name}";
+
+    exec.start += "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown jail";
+    exec.consolelog = "/var/log/jail_${name}_console.log";
+}
--- a/ansible/roles/jail/files/setup_netgraph_homeserver
+++ b/ansible/roles/jail/files/setup_netgraph_homeserver
@ -1,23 +0,0 @@
-#!/usr/local/bin/bash
-
-cleanup() {
-    /usr/local/bin/jail_netgraph_bridge stop cloak dagger
-}
-
-setup_netgraph_start() {
-    cleanup
-
-    /usr/local/bin/jail_netgraph_bridge start cloak dagger 192.168.1.0/24
-}
-
-setup_netgraph_stop() {
-    cleanup
-}
-
-if [ "$1" = "start" ]; then
-    setup_netgraph_start
-elif [ "$1" = "stop" ]; then
-    setup_netgraph_stop
-else
-    >&2 echo "Unrecognized command"
-fi