If installed within docker certain things aren't needed
This commit is contained in:
parent
e94545a91a
commit
d2b72e35d9
|
@ -66,6 +66,7 @@ FREEDNS_SUBDOMAIN_CODE=$3
|
||||||
SSH_PORT=2222
|
SSH_PORT=2222
|
||||||
KERNEL_VERSION="v3.15.10-bone7"
|
KERNEL_VERSION="v3.15.10-bone7"
|
||||||
USE_HWRNG="yes"
|
USE_HWRNG="yes"
|
||||||
|
INSTALLED_WITHIN_DOCKER="no"
|
||||||
|
|
||||||
GPG_KEYSERVER="hkp://keys.gnupg.net"
|
GPG_KEYSERVER="hkp://keys.gnupg.net"
|
||||||
|
|
||||||
|
@ -269,6 +270,9 @@ function update_the_kernel {
|
||||||
if grep -Fxq "update_the_kernel" $COMPLETION_FILE; then
|
if grep -Fxq "update_the_kernel" $COMPLETION_FILE; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
cd /opt/scripts/tools
|
cd /opt/scripts/tools
|
||||||
./update_kernel.sh --kernel $KERNEL_VERSION
|
./update_kernel.sh --kernel $KERNEL_VERSION
|
||||||
echo 'update_the_kernel' >> $COMPLETION_FILE
|
echo 'update_the_kernel' >> $COMPLETION_FILE
|
||||||
|
@ -278,6 +282,9 @@ function enable_zram {
|
||||||
if grep -Fxq "enable_zram" $COMPLETION_FILE; then
|
if grep -Fxq "enable_zram" $COMPLETION_FILE; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
if ! grep -q "options zram num_devices=1" /etc/modprobe.d/zram.conf; then
|
if ! grep -q "options zram num_devices=1" /etc/modprobe.d/zram.conf; then
|
||||||
echo 'options zram num_devices=1' >> /etc/modprobe.d/zram.conf
|
echo 'options zram num_devices=1' >> /etc/modprobe.d/zram.conf
|
||||||
fi
|
fi
|
||||||
|
@ -357,6 +364,11 @@ function random_number_generator {
|
||||||
if grep -Fxq "random_number_generator" $COMPLETION_FILE; then
|
if grep -Fxq "random_number_generator" $COMPLETION_FILE; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
||||||
|
# it is assumed that docker uses the random number
|
||||||
|
# generator of the host system
|
||||||
|
return
|
||||||
|
fi
|
||||||
if [ $USE_HWRNG == "yes" ]; then
|
if [ $USE_HWRNG == "yes" ]; then
|
||||||
apt-get -y --force-yes install rng-tools
|
apt-get -y --force-yes install rng-tools
|
||||||
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
|
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
|
||||||
|
@ -544,6 +556,10 @@ function configure_firewall {
|
||||||
if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
|
if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
||||||
|
# docker does its own firewalling
|
||||||
|
return
|
||||||
|
fi
|
||||||
iptables -P INPUT ACCEPT
|
iptables -P INPUT ACCEPT
|
||||||
ip6tables -P INPUT ACCEPT
|
ip6tables -P INPUT ACCEPT
|
||||||
iptables -F
|
iptables -F
|
||||||
|
@ -570,6 +586,10 @@ function configure_firewall_for_dns {
|
||||||
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
|
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
||||||
|
# docker does its own firewalling
|
||||||
|
return
|
||||||
|
fi
|
||||||
iptables -A INPUT -i eth0 -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
|
iptables -A INPUT -i eth0 -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
|
||||||
save_firewall_settings
|
save_firewall_settings
|
||||||
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
|
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
|
||||||
|
@ -579,6 +599,10 @@ function configure_firewall_for_ftp {
|
||||||
if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then
|
if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
||||||
|
# docker does its own firewalling
|
||||||
|
return
|
||||||
|
fi
|
||||||
iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
|
iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
|
||||||
save_firewall_settings
|
save_firewall_settings
|
||||||
echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
|
echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
|
||||||
|
@ -588,6 +612,10 @@ function configure_firewall_for_web {
|
||||||
if grep -Fxq "configure_firewall_for_web" $COMPLETION_FILE; then
|
if grep -Fxq "configure_firewall_for_web" $COMPLETION_FILE; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
||||||
|
# docker does its own firewalling
|
||||||
|
return
|
||||||
|
fi
|
||||||
iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
|
iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
|
||||||
iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
|
iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
|
||||||
save_firewall_settings
|
save_firewall_settings
|
||||||
|
@ -598,6 +626,10 @@ function configure_firewall_for_ssh {
|
||||||
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
|
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
||||||
|
# docker does its own firewalling
|
||||||
|
return
|
||||||
|
fi
|
||||||
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
|
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
|
||||||
iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
|
iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
|
||||||
save_firewall_settings
|
save_firewall_settings
|
||||||
|
@ -608,6 +640,10 @@ function configure_firewall_for_git {
|
||||||
if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
|
if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
||||||
|
# docker does its own firewalling
|
||||||
|
return
|
||||||
|
fi
|
||||||
iptables -A INPUT -i eth0 -p tcp --dport 9418 -j ACCEPT
|
iptables -A INPUT -i eth0 -p tcp --dport 9418 -j ACCEPT
|
||||||
save_firewall_settings
|
save_firewall_settings
|
||||||
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
|
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
|
||||||
|
@ -617,6 +653,10 @@ function configure_firewall_for_email {
|
||||||
if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
|
if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
||||||
|
# docker does its own firewalling
|
||||||
|
return
|
||||||
|
fi
|
||||||
iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
|
iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
|
||||||
iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
|
iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
|
||||||
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
|
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
|
||||||
|
|
Loading…
Reference in New Issue