From 0363a462a0c2f6743a7a15f03191b6cff43c849f Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 30 Jun 2024 16:18:55 -0400
Subject: [PATCH] Support launching old dagger.

---
 .../environments/home/host_vars/homeserver    |  4 +++-
 .../roles/firewall/files/homeserver_pf.conf   |  5 ++++
 ansible/roles/jail/files/jails/cloak.conf     |  3 +++
 ansible/roles/jail/files/jails/dagger.conf    |  3 +++
 ansible/roles/jail/files/jails/olddagger.conf | 12 ++++++++++
 .../jail/files/setup_netgraph_homeserver      | 23 -------------------
 6 files changed, 26 insertions(+), 24 deletions(-)
 create mode 100644 ansible/roles/jail/files/jails/olddagger.conf
 delete mode 100644 ansible/roles/jail/files/setup_netgraph_homeserver

diff --git a/ansible/environments/home/host_vars/homeserver b/ansible/environments/home/host_vars/homeserver
index 96f0987..3c9aa1a 100644
--- a/ansible/environments/home/host_vars/homeserver
+++ b/ansible/environments/home/host_vars/homeserver
@@ -31,7 +31,6 @@ pflog_conf:
 network_rc: "homeserver_network.conf"
 rc_conf: "homeserver_rc.conf"
 loader_conf: "homeserver_loader.conf"
-netgraph_config: "setup_netgraph_homeserver"
 cputype: "intel"
 hwpstate: false
 devfs_rules: "homeserver_devfs.rules"
@@ -51,6 +50,9 @@ jail_list:
   - name: dagger
     conf:
       src: dagger
+  - name: olddagger
+    conf:
+      src: olddagger
   - name: sftp
     conf:
       src: sftp
diff --git a/ansible/roles/firewall/files/homeserver_pf.conf b/ansible/roles/firewall/files/homeserver_pf.conf
index ea6f03f..f7fe566 100644
--- a/ansible/roles/firewall/files/homeserver_pf.conf
+++ b/ansible/roles/firewall/files/homeserver_pf.conf
@@ -25,9 +25,14 @@ rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1
 nat pass on $ext_if inet from 10.215.2.0/24 to !10.215.2.0/24 -> (wlan0)
 rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.2.1 port 53 -> 1.1.1.1 port 53
 
+# cloak -> dagger
 rdr pass on $ext_if inet proto tcp from $not_restricted_nat_v4 to any port 8081 -> 10.215.2.2 port 8081
 nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8081 -> 10.215.2.1
 
+# cloak -> olddagger
+rdr pass on $ext_if inet proto tcp from $not_restricted_nat_v4 to any port 8082 -> 10.215.2.2 port 8082
+nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8082 -> 10.215.2.1
+
 # Forward ports for unifi controller
 # rdr pass on $ext_if inet proto tcp from any to any port 65022 -> 10.213.177.8 port 22
 rdr pass on $ext_if inet proto {udp, tcp} from any to any port $unifi_ports -> 10.215.1.202
diff --git a/ansible/roles/jail/files/jails/cloak.conf b/ansible/roles/jail/files/jails/cloak.conf
index d614640..55cd45f 100644
--- a/ansible/roles/jail/files/jails/cloak.conf
+++ b/ansible/roles/jail/files/jails/cloak.conf
@@ -2,6 +2,9 @@ cloak {
     path = "/jail/${name}";
     vnet;
     exec.prestart += "/usr/local/bin/jail_netgraph_bridge start restricted_nat jail${name} 10.215.2.1/24";
+    # Create a dummy interface that is never used, just to create the cloak bridge that is used by children.
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak dummy${name} 192.168.1.0/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak dummy{name}";
     exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop restricted_nat jail${name}";
     vnet.interface += "jail${name}";
     vnet.interface += "cloak";
diff --git a/ansible/roles/jail/files/jails/dagger.conf b/ansible/roles/jail/files/jails/dagger.conf
index c6322c1..d41fd04 100644
--- a/ansible/roles/jail/files/jails/dagger.conf
+++ b/ansible/roles/jail/files/jails/dagger.conf
@@ -3,6 +3,9 @@ dagger {
     vnet;
     vnet.interface += "dagger";
 
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak ${name} 192.168.1.0/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak ${name}";
+
     exec.start += "/bin/sh /etc/rc";
     exec.stop = "/bin/sh /etc/rc.shutdown jail";
     exec.consolelog = "/var/log/jail_${name}_console.log";
diff --git a/ansible/roles/jail/files/jails/olddagger.conf b/ansible/roles/jail/files/jails/olddagger.conf
new file mode 100644
index 0000000..9c35ea7
--- /dev/null
+++ b/ansible/roles/jail/files/jails/olddagger.conf
@@ -0,0 +1,12 @@
+olddagger {
+    path = "/jail/${name}";
+    vnet;
+    vnet.interface += "olddagger";
+
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak ${name} 192.168.1.0/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak ${name}";
+
+    exec.start += "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown jail";
+    exec.consolelog = "/var/log/jail_${name}_console.log";
+}
diff --git a/ansible/roles/jail/files/setup_netgraph_homeserver b/ansible/roles/jail/files/setup_netgraph_homeserver
deleted file mode 100644
index cfa53bf..0000000
--- a/ansible/roles/jail/files/setup_netgraph_homeserver
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/local/bin/bash
-
-cleanup() {
-    /usr/local/bin/jail_netgraph_bridge stop cloak dagger
-}
-
-setup_netgraph_start() {
-    cleanup
-
-    /usr/local/bin/jail_netgraph_bridge start cloak dagger 192.168.1.0/24
-}
-
-setup_netgraph_stop() {
-    cleanup
-}
-
-if [ "$1" = "start" ]; then
-    setup_netgraph_start
-elif [ "$1" = "stop" ]; then
-    setup_netgraph_stop
-else
-    >&2 echo "Unrecognized command"
-fi