From: Vincent Vanwaelscappel Date: Mon, 18 Sep 2023 07:18:43 +0000 (+0200) Subject: wip #6286 @1.5 X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=1aa520c823a27f7de32808f20d62864a4366b785;p=fluidbook-toolbox.git wip #6286 @1.5 --- diff --git a/.docker/dev/update.sh b/.docker/dev/update.sh index 7c00c55e6..90538f346 100644 --- a/.docker/dev/update.sh +++ b/.docker/dev/update.sh @@ -7,4 +7,4 @@ docker compose down docker compose up -d /home/toolbox/www/scripts/fixrights.sh docker exec -it fluidbook-toolbox /application/scripts/update.sh - +find /home/toolbox/dev/ -type d \( -path /home/toolbox/dev/.docker \) -prune -o -exec chown -R toolbox:www-data {} \; diff --git a/.docker/update.sh b/.docker/update.sh index 378ae0d8a..6f9fe5a17 100644 --- a/.docker/update.sh +++ b/.docker/update.sh @@ -7,3 +7,4 @@ docker compose down docker compose up -d /home/toolbox/www/scripts/fixrights.sh docker exec -it fluidbook-toolbox /application/scripts/update.sh +find /home/toolbox/www/ -type d \( -path /home/toolbox/www/.docker \) -prune -o -exec chown -R toolbox:www-data {} \; diff --git a/app/Models/TeamServers.php b/app/Models/TeamServers.php new file mode 100644 index 000000000..de60378cc --- /dev/null +++ b/app/Models/TeamServers.php @@ -0,0 +1,128 @@ + 'team-servers', + 'singular' => 'paramètre', + 'plural' => 'paramètres', + 'oneinstance' => true]; + + public function setFields() + { + parent::setFields(); + $this->addField('servers', BunchOfFieldsMultiple::class, __('Serveurs Cubedesigners'), ['bunch' => TeamServer::class]); + $this->addField('ip', Textarea::class, __('IP Cubedesigners à autoriser')); + $this->addField('clients', Textarea::class, __('Serveurs des clients')); + $this->addField('blacklist', Textarea::class, __('Liste noire')); + } + + public function generateFirewall($for) + { + $servers = $this->servers; + $found = false; + foreach ($servers as $k => $server) { + if ($server['name'] === $for) { + $found = true; + break; + } + } + + if (!$found) { + return; + } + + $blacklist = Text::explodeNewLines($this->blacklist); + $clients = Text::explodeNewLines($this->clients); + $ip = Text::explodeNewLines($this->ip); + + $res = '#!/bin/bash' . "\n"; + + $res .= 'apt install bind9 dnsutils' . "\n"; + $res .= 'service bind9 restart' . "\n"; + + $res .= 'blacklist=(' . implode(' ', $blacklist) . ')' . "\n"; + + $hosts = []; + foreach ($servers as $k => $s) { + $hosts[] = '$s' . $k; + $res .= 's' . $k . '=`dig +short ' . $s['name'] . '.cubedesigners.com | tail -1`' . "\n"; + $others = Text::explodeNewLines($s['others']); + foreach ($others as $kk => $o) { + $hosts[] = '$s' . $k . '_' . $kk; + $res .= 's' . $k . '_' . $kk . '=`dig +short ' . $o . ' | tail -1`' . "\n"; + } + } + foreach ($ip as $k => $i) { + $hosts[] = '$i' . $k; + $res .= 'i' . $k . '=`dig +short ' . $i . ' | tail -1`' . "\n"; + } + + + $res .= 'auth=(' . implode(' ', $hosts) . ')' . "\n"; + + if ($server['backup']) { + $backup = []; + foreach ($clients as $k => $c) { + $backup[] = '$c' . $k; + $res .= 'c' . $k . '=`dig +short ' . $c . ' | tail -1`' . "\n"; + } + $res .= 'backup=(' . implode(' ', $backup) . ')' . "\n"; + } + + $openPorts = explode(',',); + if ($server['dns']) { + $openPorts[] = 53; + } + if ($server['http']) { + $openPorts[] = 80; + $openPorts[] = 443; + } + + $res .= 'for ip in "${blacklist[@]}" +do + ufw deny in from $ip + ufw deny in to $ip + ufw deny out from $ip + ufw deny out to $ip +done + +for ip in "${auth[@]}" +do + ufw allow out to $ip port 22 + ufw allow from $ip + ufw allow to $ip +done' . "\n\n"; + if (isset($backup) && count($backup)) { + $res .= 'for ip in "${auth[@]}" +do + ufw allow in from $ip port 22 +done' . "\n\n"; + } + $res .= '#SSH +ufw deny out 22 +# Finally enable firewall +ufw --force enable +# Enable loging +ufw logging on +# Display status +ufw status verbose + +rm /etc/ufw/after.rules.* +rm /etc/ufw/after6.rules.* +rm /etc/ufw/before.rules.* +rm /etc/ufw/before6.rules.* +rm /lib/ufw/user6.rules.* +rm /lib/ufw/user.rules.* +'; + } +} diff --git a/app/SubForms/TeamServer.php b/app/SubForms/TeamServer.php new file mode 100644 index 000000000..fcc1b848f --- /dev/null +++ b/app/SubForms/TeamServer.php @@ -0,0 +1,26 @@ +addField('name', Text::class, __('Nom du serveur'), ['suffix' => '.cubedesigners.com']); + $this->addField('port', Integer::class, __('Port SSH'), ['default' => 22]); + $this->addField('others', Textarea::class, __('Autres noms d\'hôte')); + $this->addField('dns', Checkbox::class, __('Serveur DNS')); + $this->addField('mail', Checkbox::class, __('Serveur Mail')); + $this->addField('http', Checkbox::class, __('Serveur HTTP')); + $this->addField('backup', Checkbox::class, __('Serveur de backup')); + $this->addField('ports', Text::class, __('Autres ports à ouvrir')); + } +} diff --git a/resources/views/vendor/backpack/base/inc/sidebar_content.blade.php b/resources/views/vendor/backpack/base/inc/sidebar_content.blade.php index 0b4419598..aa5895d60 100644 --- a/resources/views/vendor/backpack/base/inc/sidebar_content.blade.php +++ b/resources/views/vendor/backpack/base/inc/sidebar_content.blade.php @@ -49,37 +49,37 @@ @endpush
  • {{ trans('backpack::base.dashboard') }} + class='nav-icon la la-dashboard'>{{ trans('backpack::base.dashboard') }}
  • {{ __('Notifications') }} + class='nav-icon la la-bell'>{{ __('Notifications') }}
    • @can('files:read')
  • {{ __('Partage de fichiers') }} + class='nav-icon las la-cloud'>{{ __('Partage de fichiers') }}
    • @endcan @canany(['quiz:read','quiztranslation:read','elearning_media:read'])
  • {{__('e-Learning')}} + class='nav-icon la la-chalkboard-teacher'>{{__('e-Learning')}}
    • @@ -87,70 +87,70 @@ @canany(['fluidbook-quote:read','signature:read','fluidbook-theme:read','fluidbook-iconset:read','fluibook-translate:write','fluidbook-publication:read'])
  • {{__('Fluidbook')}} + class="nav-icon la">{{__('Fluidbook')}}
    • @endcanany @can('tools')
  • {{__('Outils')}} + class='nav-icon la la-tools'>{{__('Outils')}} @include('tools.sidebar')
    • @endcan @canany(['users:read','company:read','managerolesandpersmissions'])
  • {{__('Clients')}} + class='nav-icon la la-group'>{{__('Clients')}}
    • @@ -158,33 +158,40 @@ @canany(['team-leave:read','team-overtime:read','extranet:manage_emails'])
  • {{__('Équipe')}} + class='nav-icon la la-mug-hot'>{{__('Équipe')}}