wip #7023 @2

author Vincent Vanwaelscappel <vincent@cubedesigners.com>

Wed, 5 Mar 2025 17:53:00 +0000 (18:53 +0100)

committer Vincent Vanwaelscappel <vincent@cubedesigners.com>

Wed, 5 Mar 2025 17:53:00 +0000 (18:53 +0100)
author Vincent Vanwaelscappel <vincent@cubedesigners.com>
Wed, 5 Mar 2025 17:53:00 +0000 (18:53 +0100)
committer Vincent Vanwaelscappel <vincent@cubedesigners.com>
Wed, 5 Mar 2025 17:53:00 +0000 (18:53 +0100)
diff --git a/app/Fluidbook/Farm.php b/app/Fluidbook/Farm.php

index 4895104ede83685439181eeee25efa088d354a3a..6bf67e9c82bfa6921a7c2f4cbdbf7168453b7b97 100644 (file)
--- a/app/Fluidbook/Farm.php
+++ b/app/Fluidbook/Farm.php
@@ -21,6 +21,7 @@ class Farm
  
      protected static $_farmServers = [
          ['name' => 'amadeus', 'host' => 'amadeus.cubedesigners.com', 'weight' => 4, 'region' => Region::EUROPE, 'local' => false],
+        ['name' => 'benhur', 'host' => 'amadeus.cubedesigners.com', 'weight' => 8, 'region' => Region::EUROPE, 'local' => false],
          ['name' => 'cloudatlas', 'host' => 'cloudatlas.cubedesigners.com', 'weight' => 2, 'region' => Region::EUROPE, 'local' => false],
          ['name' => 'dobermann', 'host' => 'dobermann.cubedesigners.com', 'weight' => 6, 'region' => Region::EUROPE, 'local' => false],
          ['name' => 'elephantman', 'host' => 'paris.cubedesigners.com', 'weight' => 2, 'region' => Region::EUROPE, 'local' => false],
diff --git a/app/Models/TeamServers.php b/app/Models/TeamServers.php

index bbe91373917839b25a9fbf4bffe6392ea74d7cb5..49582c0c6b47349c693e8c5f6ddec753565cafe6 100644 (file)
--- a/app/Models/TeamServers.php
+++ b/app/Models/TeamServers.php
@@ -37,13 +37,14 @@ class TeamServers extends CubistMagicAbstractModel
          $blacklist = Text::explodeNewLines($this->blacklist);
          $clients = Text::explodeNewLines($this->clients);
          $ip = Text::explodeNewLines($this->ip);
-        $forceContainers = Text::explodeNewLines($this->docker);
-        $excludeContainers = array_merge(['portainer', 'monit'], Text::explodeNewLines($this->docker_restricted));
-        $excludeContainers = array_diff($excludeContainers, $forceContainers);
  
          $sshports = [22, 22022, 22822, 22222];
  
          foreach ($servers as $sid => $server) {
+            $forceContainers = Text::explodeNewLines($server['docker']);
+            $excludeContainers = array_merge(['portainer', 'monit'], Text::explodeNewLines($server['docker_restricted']));
+            $excludeContainers = array_diff($excludeContainers, $forceContainers);
+
              $fw = '#!/bin/bash' . "\n\n";
  
              $fw .= 'export DEBIAN_FRONTEND=noninteractive' . "\n";
@@ -174,7 +175,7 @@ done' . "\n\n";
  
              $fw .= '
  
-skip_containers=(';
+restricted_containers=(';
              foreach ($excludeContainers as $excludeContainer) {
                  $fw .= '"' . $excludeContainer . '" ';
              }
@@ -191,8 +192,8 @@ ufw-docker install
  docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
         # Check if the current line is in the skip_lines array
      skip=false
-    for skip_container in "${skip_containers[@]}"; do
-        if [[ "$container" == "$skip_container" ]]; then
+    for restricted_container in "${restricted_containers[@]}"; do
+        if [[ "$container" == "$restricted_container" ]]; then
              skip=true
              break
          fi
diff --git a/resources/servers/amadeus/firewall b/resources/servers/amadeus/firewall

index c27ca37735394619c0c9940c599f4a4457cf3163..62947a013a12d85e5b60fcdfd6775aac00888c27 100644 (file)
--- a/resources/servers/amadeus/firewall
+++ b/resources/servers/amadeus/firewall
@@ -74,7 +74,7 @@ ufw deny out 22822
  ufw deny out 22222
  
  
-skip_containers=("portainer" "monit" )
+restricted_containers=("portainer" "monit" )
  
  sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
  sudo chmod +x /usr/local/bin/ufw-docker
@@ -86,8 +86,8 @@ ufw-docker install
  docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
         # Check if the current line is in the skip_lines array
      skip=false
-    for skip_container in "${skip_containers[@]}"; do
-        if [[ "$container" == "$skip_container" ]]; then
+    for restricted_container in "${restricted_containers[@]}"; do
+        if [[ "$container" == "$restricted_container" ]]; then
              skip=true
              break
          fi
diff --git a/resources/servers/benhur/firewall b/resources/servers/benhur/firewall

index 0cec4646ca70824d3f7e9aaf1b7bec14b51a2001..a9c5666b2d62ea948bb071467669e119e4d9a9d1 100644 (file)
--- a/resources/servers/benhur/firewall
+++ b/resources/servers/benhur/firewall
@@ -75,7 +75,7 @@ ufw deny out 22822
  ufw deny out 22222
  
  
-skip_containers=("portainer" "monit" )
+restricted_containers=("portainer" "monit" )
  
  sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
  sudo chmod +x /usr/local/bin/ufw-docker
@@ -87,8 +87,8 @@ ufw-docker install
  docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
         # Check if the current line is in the skip_lines array
      skip=false
-    for skip_container in "${skip_containers[@]}"; do
-        if [[ "$container" == "$skip_container" ]]; then
+    for restricted_container in "${restricted_containers[@]}"; do
+        if [[ "$container" == "$restricted_container" ]]; then
              skip=true
              break
          fi
diff --git a/resources/servers/cloudatlas/firewall b/resources/servers/cloudatlas/firewall

index e1759db040e6084fee9fcc46ae228f99c3668928..3e87e77ac18badd476bc9102a1dea980a646efe5 100644 (file)
--- a/resources/servers/cloudatlas/firewall
+++ b/resources/servers/cloudatlas/firewall
@@ -67,7 +67,7 @@ ufw deny out 22822
  ufw deny out 22222
  
  
-skip_containers=("portainer" "monit" )
+restricted_containers=("portainer" "monit" "satis" "git-daemon" "gitolite" "gitserver-http" )
  
  sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
  sudo chmod +x /usr/local/bin/ufw-docker
@@ -79,8 +79,8 @@ ufw-docker install
  docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
         # Check if the current line is in the skip_lines array
      skip=false
-    for skip_container in "${skip_containers[@]}"; do
-        if [[ "$container" == "$skip_container" ]]; then
+    for restricted_container in "${restricted_containers[@]}"; do
+        if [[ "$container" == "$restricted_container" ]]; then
              skip=true
              break
          fi
diff --git a/resources/servers/dobermann/firewall b/resources/servers/dobermann/firewall

index 185d7be6d3414a07b740a07d29730e57340e03b4..510d58625bb0230d898013d8f8741aa1b634ae68 100644 (file)
--- a/resources/servers/dobermann/firewall
+++ b/resources/servers/dobermann/firewall
@@ -85,7 +85,7 @@ ufw deny out 22822
  ufw deny out 22222
  
  
-skip_containers=("portainer" "monit" )
+restricted_containers=("portainer" "monit" )
  
  sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
  sudo chmod +x /usr/local/bin/ufw-docker
@@ -97,8 +97,8 @@ ufw-docker install
  docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
         # Check if the current line is in the skip_lines array
      skip=false
-    for skip_container in "${skip_containers[@]}"; do
-        if [[ "$container" == "$skip_container" ]]; then
+    for restricted_container in "${restricted_containers[@]}"; do
+        if [[ "$container" == "$restricted_container" ]]; then
              skip=true
              break
          fi
diff --git a/resources/servers/elephantman/firewall b/resources/servers/elephantman/firewall

index ea40f90404d285266dab882f5287c12aa8af29e3..4a45c6f5da39d2a6ccfe385d39c963072f010e5e 100644 (file)
--- a/resources/servers/elephantman/firewall
+++ b/resources/servers/elephantman/firewall
@@ -80,7 +80,7 @@ ufw deny out 22822
  ufw deny out 22222
  
  
-skip_containers=("portainer" "monit" )
+restricted_containers=("portainer" "monit" )
  
  sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
  sudo chmod +x /usr/local/bin/ufw-docker
@@ -92,8 +92,8 @@ ufw-docker install
  docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
         # Check if the current line is in the skip_lines array
      skip=false
-    for skip_container in "${skip_containers[@]}"; do
-        if [[ "$container" == "$skip_container" ]]; then
+    for restricted_container in "${restricted_containers[@]}"; do
+        if [[ "$container" == "$restricted_container" ]]; then
              skip=true
              break
          fi
diff --git a/resources/servers/fastandfurious/firewall b/resources/servers/fastandfurious/firewall

index 15bb0e76fccd0e0f4475a36c873b3f92c61ae2a7..b78c289c307eca61356b195590eafd1f7914ee50 100644 (file)
--- a/resources/servers/fastandfurious/firewall
+++ b/resources/servers/fastandfurious/firewall
@@ -81,7 +81,7 @@ ufw deny out 22822
  ufw deny out 22222
  
  
-skip_containers=("portainer" "monit" )
+restricted_containers=("portainer" "monit" )
  
  sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
  sudo chmod +x /usr/local/bin/ufw-docker
@@ -93,8 +93,8 @@ ufw-docker install
  docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
         # Check if the current line is in the skip_lines array
      skip=false
-    for skip_container in "${skip_containers[@]}"; do
-        if [[ "$container" == "$skip_container" ]]; then
+    for restricted_container in "${restricted_containers[@]}"; do
+        if [[ "$container" == "$restricted_container" ]]; then
              skip=true
              break
          fi
diff --git a/resources/servers/kingkong/firewall b/resources/servers/kingkong/firewall

index 66dc05b6b9ecd3684a80fac5c7c8f36f4fe2b8aa..102d0ae0d48071cab0760a81c13bd52dc6043119 100644 (file)
--- a/resources/servers/kingkong/firewall
+++ b/resources/servers/kingkong/firewall
@@ -80,7 +80,7 @@ ufw deny out 22822
  ufw deny out 22222
  
  
-skip_containers=("portainer" "monit" )
+restricted_containers=("portainer" "monit" )
  
  sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
  sudo chmod +x /usr/local/bin/ufw-docker
@@ -92,8 +92,8 @@ ufw-docker install
  docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
         # Check if the current line is in the skip_lines array
      skip=false
-    for skip_container in "${skip_containers[@]}"; do
-        if [[ "$container" == "$skip_container" ]]; then
+    for restricted_container in "${restricted_containers[@]}"; do
+        if [[ "$container" == "$restricted_container" ]]; then
              skip=true
              break
          fi
author	Vincent Vanwaelscappel <vincent@cubedesigners.com>
	Wed, 5 Mar 2025 17:53:00 +0000 (18:53 +0100)
committer	Vincent Vanwaelscappel <vincent@cubedesigners.com>
	Wed, 5 Mar 2025 17:53:00 +0000 (18:53 +0100)
app/Fluidbook/Farm.php		patch \| blob \| history
app/Models/TeamServers.php		patch \| blob \| history
resources/servers/amadeus/firewall		patch \| blob \| history
resources/servers/benhur/firewall		patch \| blob \| history
resources/servers/cloudatlas/firewall		patch \| blob \| history
resources/servers/dobermann/firewall		patch \| blob \| history
resources/servers/elephantman/firewall		patch \| blob \| history
resources/servers/fastandfurious/firewall		patch \| blob \| history
resources/servers/kingkong/firewall		patch \| blob \| history