use Cubist\Backpack\Magic\Fields\BunchOfFieldsMultiple;
use Cubist\Backpack\Magic\Fields\Textarea;
use Cubist\Backpack\Magic\Models\CubistMagicAbstractModel;
+use Cubist\Util\Files\Files;
use Cubist\Util\Text;
class TeamServers extends CubistMagicAbstractModel
$this->addField('blacklist', Textarea::class, __('Liste noire'));
}
- public function generateFirewall($for)
+ public function postSave()
{
$servers = $this->servers;
- $found = false;
- foreach ($servers as $k => $server) {
- if ($server['name'] === $for) {
- $found = true;
- break;
- }
- }
-
- if (!$found) {
- return;
- }
$blacklist = Text::explodeNewLines($this->blacklist);
$clients = Text::explodeNewLines($this->clients);
$ip = Text::explodeNewLines($this->ip);
- $res = '#!/bin/bash' . "\n";
-
- $res .= 'apt install bind9 dnsutils' . "\n";
- $res .= 'service bind9 restart' . "\n";
-
- $res .= 'blacklist=(' . implode(' ', $blacklist) . ')' . "\n";
+ foreach ($servers as $k => $server) {
+ $fw = '#!/bin/bash' . "\n\n";
+
+ $fw .= 'apt install bind9 dnsutils' . "\n";
+ $fw .= 'service bind9 restart' . "\n\n";
+
+ $fw .= 'blacklist=(' . implode(' ', $blacklist) . ')' . "\n";
+
+ $hosts = [];
+ foreach ($servers as $k => $s) {
+ $hosts[] = '$s' . $k;
+ $fw .= 's' . $k . '=`dig +short ' . $s['name'] . '.cubedesigners.com | tail -1`' . "\n";
+ $others = Text::explodeNewLines($s['others']);
+ foreach ($others as $kk => $o) {
+ $hosts[] = '$s' . $k . '_' . $kk;
+ $fw .= 's' . $k . '_' . $kk . '=`dig +short ' . $o . ' | tail -1`' . "\n";
+ }
+ }
+ $fw .= "\n";
- $hosts = [];
- foreach ($servers as $k => $s) {
- $hosts[] = '$s' . $k;
- $res .= 's' . $k . '=`dig +short ' . $s['name'] . '.cubedesigners.com | tail -1`' . "\n";
- $others = Text::explodeNewLines($s['others']);
- foreach ($others as $kk => $o) {
- $hosts[] = '$s' . $k . '_' . $kk;
- $res .= 's' . $k . '_' . $kk . '=`dig +short ' . $o . ' | tail -1`' . "\n";
+ foreach ($ip as $k => $i) {
+ $hosts[] = '$i' . $k;
+ $fw .= 'i' . $k . '=`dig +short ' . $i . ' | tail -1`' . "\n";
}
- }
- foreach ($ip as $k => $i) {
- $hosts[] = '$i' . $k;
- $res .= 'i' . $k . '=`dig +short ' . $i . ' | tail -1`' . "\n";
- }
+ $fw .= "\n";
- $res .= 'auth=(' . implode(' ', $hosts) . ')' . "\n";
+ $fw .= 'auth=(' . implode(' ', $hosts) . ')' . "\n";
- if ($server['backup']) {
- $backup = [];
- foreach ($clients as $k => $c) {
- $backup[] = '$c' . $k;
- $res .= 'c' . $k . '=`dig +short ' . $c . ' | tail -1`' . "\n";
+ if ($server['backup']) {
+ $backup = [];
+ foreach ($clients as $k => $c) {
+ $backup[] = '$c' . $k;
+ $fw .= 'c' . $k . '=`dig +short ' . $c . ' | tail -1`' . "\n";
+ }
+ $fw .= 'backup=(' . implode(' ', $backup) . ')' . "\n";
}
- $res .= 'backup=(' . implode(' ', $backup) . ')' . "\n";
- }
- $openPorts = explode(',',);
- if ($server['dns']) {
- $openPorts[] = 53;
- }
- if ($server['http']) {
- $openPorts[] = 80;
- $openPorts[] = 443;
- }
+ $openPorts = explode(',', $server['ports']);
+ if ($server['dns']) {
+ $openPorts[] = 53;
+ }
+ if ($server['http']) {
+ $openPorts[] = 80;
+ $openPorts[] = 443;
+ }
+
+ foreach ($openPorts as $openPort) {
+ $fw .= 'ufw allow ' . $openPort . "\n";
+ }
+ $fw .= "\n";
- $res .= 'for ip in "${blacklist[@]}"
+ $fw .= 'for ip in "${blacklist[@]}"
do
ufw deny in from $ip
ufw deny in to $ip
ufw allow from $ip
ufw allow to $ip
done' . "\n\n";
- if (isset($backup) && count($backup)) {
- $res .= 'for ip in "${auth[@]}"
+ if (isset($backup) && count($backup)) {
+ $fw .= 'for ip in "${auth[@]}"
do
ufw allow in from $ip port 22
done' . "\n\n";
- }
- $res .= '#SSH
+ }
+ $fw .= '#SSH
ufw deny out 22
# Finally enable firewall
ufw --force enable
rm /lib/ufw/user6.rules.*
rm /lib/ufw/user.rules.*
';
+
+ file_put_contents(Files::mkdir(resource_path('servers/' . $server['name'])) . 'firewall', $fw);
+ }
+
+
}
}
projects / fluidbook-toolbox.git / commitdiff