talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Support launching old dagger.

Browse Source
This commit is contained in:
Tom Alexander 2024-06-30 16:18:55 -04:00
parent f09844c03c
commit 0363a462a0
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
6 changed files with 26 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/environments/home/host_vars/homeserver
View File

@ -31,7 +31,6 @@ pflog_conf:
network_rc: "homeserver_network.conf"
rc_conf: "homeserver_rc.conf"
loader_conf: "homeserver_loader.conf"
netgraph_config: "setup_netgraph_homeserver"
cputype: "intel"
hwpstate: false
devfs_rules: "homeserver_devfs.rules"
@ -51,6 +50,9 @@ jail_list:
- name: dagger
conf:
src: dagger
- name: olddagger
conf:
src: olddagger
- name: sftp
conf:
src: sftp

5
ansible/roles/firewall/files/homeserver_pf.conf
View File

@ -25,9 +25,14 @@ rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1
nat pass on $ext_if inet from 10.215.2.0/24 to !10.215.2.0/24 -> (wlan0)
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.2.1 port 53 -> 1.1.1.1 port 53
# cloak -> dagger
rdr pass on $ext_if inet proto tcp from $not_restricted_nat_v4 to any port 8081 -> 10.215.2.2 port 8081
nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8081 -> 10.215.2.1
# cloak -> olddagger
rdr pass on $ext_if inet proto tcp from $not_restricted_nat_v4 to any port 8082 -> 10.215.2.2 port 8082
nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8082 -> 10.215.2.1
# Forward ports for unifi controller
# rdr pass on $ext_if inet proto tcp from any to any port 65022 -> 10.213.177.8 port 22
rdr pass on $ext_if inet proto {udp, tcp} from any to any port $unifi_ports -> 10.215.1.202

3
ansible/roles/jail/files/jails/cloak.conf
View File

@ -2,6 +2,9 @@ cloak {
path = "/jail/${name}";
vnet;
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start restricted_nat jail${name} 10.215.2.1/24";
# Create a dummy interface that is never used, just to create the cloak bridge that is used by children.
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak dummy${name} 192.168.1.0/24";
exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak dummy{name}";
exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop restricted_nat jail${name}";
vnet.interface += "jail${name}";
vnet.interface += "cloak";

3
ansible/roles/jail/files/jails/dagger.conf
View File

@ -3,6 +3,9 @@ dagger {
vnet;
vnet.interface += "dagger";
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak ${name} 192.168.1.0/24";
exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak ${name}";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";
exec.consolelog = "/var/log/jail_${name}_console.log";

12
ansible/roles/jail/files/jails/olddagger.conf Normal file
View File

@ -0,0 +1,12 @@
olddagger {
path = "/jail/${name}";
vnet;
vnet.interface += "olddagger";
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak ${name} 192.168.1.0/24";
exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak ${name}";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";
exec.consolelog = "/var/log/jail_${name}_console.log";
}

23
ansible/roles/jail/files/setup_netgraph_homeserver
View File

@ -1,23 +0,0 @@
#!/usr/local/bin/bash
cleanup() {
/usr/local/bin/jail_netgraph_bridge stop cloak dagger
}
setup_netgraph_start() {
cleanup
/usr/local/bin/jail_netgraph_bridge start cloak dagger 192.168.1.0/24
}
setup_netgraph_stop() {
cleanup
}
if [ "$1" = "start" ]; then
setup_netgraph_start
elif [ "$1" = "stop" ]; then
setup_netgraph_stop
else
>&2 echo "Unrecognized command"
fi