From 8de4fb5a8e783ecd3cae414360e00e93276f02a3 Mon Sep 17 00:00:00 2001 From: Vincent Vanwaelscappel Date: Wed, 5 Mar 2025 18:53:00 +0100 Subject: [PATCH] wip #7023 @2 --- app/Fluidbook/Farm.php | 1 + app/Models/TeamServers.php | 13 +++++++------ resources/servers/amadeus/firewall | 6 +++--- resources/servers/benhur/firewall | 6 +++--- resources/servers/cloudatlas/firewall | 6 +++--- resources/servers/dobermann/firewall | 6 +++--- resources/servers/elephantman/firewall | 6 +++--- resources/servers/fastandfurious/firewall | 6 +++--- resources/servers/kingkong/firewall | 6 +++--- 9 files changed, 29 insertions(+), 27 deletions(-) diff --git a/app/Fluidbook/Farm.php b/app/Fluidbook/Farm.php index 4895104ed..6bf67e9c8 100644 --- a/app/Fluidbook/Farm.php +++ b/app/Fluidbook/Farm.php @@ -21,6 +21,7 @@ class Farm protected static $_farmServers = [ ['name' => 'amadeus', 'host' => 'amadeus.cubedesigners.com', 'weight' => 4, 'region' => Region::EUROPE, 'local' => false], + ['name' => 'benhur', 'host' => 'amadeus.cubedesigners.com', 'weight' => 8, 'region' => Region::EUROPE, 'local' => false], ['name' => 'cloudatlas', 'host' => 'cloudatlas.cubedesigners.com', 'weight' => 2, 'region' => Region::EUROPE, 'local' => false], ['name' => 'dobermann', 'host' => 'dobermann.cubedesigners.com', 'weight' => 6, 'region' => Region::EUROPE, 'local' => false], ['name' => 'elephantman', 'host' => 'paris.cubedesigners.com', 'weight' => 2, 'region' => Region::EUROPE, 'local' => false], diff --git a/app/Models/TeamServers.php b/app/Models/TeamServers.php index bbe913739..49582c0c6 100644 --- a/app/Models/TeamServers.php +++ b/app/Models/TeamServers.php @@ -37,13 +37,14 @@ class TeamServers extends CubistMagicAbstractModel $blacklist = Text::explodeNewLines($this->blacklist); $clients = Text::explodeNewLines($this->clients); $ip = Text::explodeNewLines($this->ip); - $forceContainers = Text::explodeNewLines($this->docker); - $excludeContainers = array_merge(['portainer', 'monit'], Text::explodeNewLines($this->docker_restricted)); - $excludeContainers = array_diff($excludeContainers, $forceContainers); $sshports = [22, 22022, 22822, 22222]; foreach ($servers as $sid => $server) { + $forceContainers = Text::explodeNewLines($server['docker']); + $excludeContainers = array_merge(['portainer', 'monit'], Text::explodeNewLines($server['docker_restricted'])); + $excludeContainers = array_diff($excludeContainers, $forceContainers); + $fw = '#!/bin/bash' . "\n\n"; $fw .= 'export DEBIAN_FRONTEND=noninteractive' . "\n"; @@ -174,7 +175,7 @@ done' . "\n\n"; $fw .= ' -skip_containers=('; +restricted_containers=('; foreach ($excludeContainers as $excludeContainer) { $fw .= '"' . $excludeContainer . '" '; } @@ -191,8 +192,8 @@ ufw-docker install docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do # Check if the current line is in the skip_lines array skip=false - for skip_container in "${skip_containers[@]}"; do - if [[ "$container" == "$skip_container" ]]; then + for restricted_container in "${restricted_containers[@]}"; do + if [[ "$container" == "$restricted_container" ]]; then skip=true break fi diff --git a/resources/servers/amadeus/firewall b/resources/servers/amadeus/firewall index c27ca3773..62947a013 100644 --- a/resources/servers/amadeus/firewall +++ b/resources/servers/amadeus/firewall @@ -74,7 +74,7 @@ ufw deny out 22822 ufw deny out 22222 -skip_containers=("portainer" "monit" ) +restricted_containers=("portainer" "monit" ) sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker sudo chmod +x /usr/local/bin/ufw-docker @@ -86,8 +86,8 @@ ufw-docker install docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do # Check if the current line is in the skip_lines array skip=false - for skip_container in "${skip_containers[@]}"; do - if [[ "$container" == "$skip_container" ]]; then + for restricted_container in "${restricted_containers[@]}"; do + if [[ "$container" == "$restricted_container" ]]; then skip=true break fi diff --git a/resources/servers/benhur/firewall b/resources/servers/benhur/firewall index 0cec4646c..a9c5666b2 100644 --- a/resources/servers/benhur/firewall +++ b/resources/servers/benhur/firewall @@ -75,7 +75,7 @@ ufw deny out 22822 ufw deny out 22222 -skip_containers=("portainer" "monit" ) +restricted_containers=("portainer" "monit" ) sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker sudo chmod +x /usr/local/bin/ufw-docker @@ -87,8 +87,8 @@ ufw-docker install docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do # Check if the current line is in the skip_lines array skip=false - for skip_container in "${skip_containers[@]}"; do - if [[ "$container" == "$skip_container" ]]; then + for restricted_container in "${restricted_containers[@]}"; do + if [[ "$container" == "$restricted_container" ]]; then skip=true break fi diff --git a/resources/servers/cloudatlas/firewall b/resources/servers/cloudatlas/firewall index e1759db04..3e87e77ac 100644 --- a/resources/servers/cloudatlas/firewall +++ b/resources/servers/cloudatlas/firewall @@ -67,7 +67,7 @@ ufw deny out 22822 ufw deny out 22222 -skip_containers=("portainer" "monit" ) +restricted_containers=("portainer" "monit" "satis" "git-daemon" "gitolite" "gitserver-http" ) sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker sudo chmod +x /usr/local/bin/ufw-docker @@ -79,8 +79,8 @@ ufw-docker install docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do # Check if the current line is in the skip_lines array skip=false - for skip_container in "${skip_containers[@]}"; do - if [[ "$container" == "$skip_container" ]]; then + for restricted_container in "${restricted_containers[@]}"; do + if [[ "$container" == "$restricted_container" ]]; then skip=true break fi diff --git a/resources/servers/dobermann/firewall b/resources/servers/dobermann/firewall index 185d7be6d..510d58625 100644 --- a/resources/servers/dobermann/firewall +++ b/resources/servers/dobermann/firewall @@ -85,7 +85,7 @@ ufw deny out 22822 ufw deny out 22222 -skip_containers=("portainer" "monit" ) +restricted_containers=("portainer" "monit" ) sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker sudo chmod +x /usr/local/bin/ufw-docker @@ -97,8 +97,8 @@ ufw-docker install docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do # Check if the current line is in the skip_lines array skip=false - for skip_container in "${skip_containers[@]}"; do - if [[ "$container" == "$skip_container" ]]; then + for restricted_container in "${restricted_containers[@]}"; do + if [[ "$container" == "$restricted_container" ]]; then skip=true break fi diff --git a/resources/servers/elephantman/firewall b/resources/servers/elephantman/firewall index ea40f9040..4a45c6f5d 100644 --- a/resources/servers/elephantman/firewall +++ b/resources/servers/elephantman/firewall @@ -80,7 +80,7 @@ ufw deny out 22822 ufw deny out 22222 -skip_containers=("portainer" "monit" ) +restricted_containers=("portainer" "monit" ) sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker sudo chmod +x /usr/local/bin/ufw-docker @@ -92,8 +92,8 @@ ufw-docker install docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do # Check if the current line is in the skip_lines array skip=false - for skip_container in "${skip_containers[@]}"; do - if [[ "$container" == "$skip_container" ]]; then + for restricted_container in "${restricted_containers[@]}"; do + if [[ "$container" == "$restricted_container" ]]; then skip=true break fi diff --git a/resources/servers/fastandfurious/firewall b/resources/servers/fastandfurious/firewall index 15bb0e76f..b78c289c3 100644 --- a/resources/servers/fastandfurious/firewall +++ b/resources/servers/fastandfurious/firewall @@ -81,7 +81,7 @@ ufw deny out 22822 ufw deny out 22222 -skip_containers=("portainer" "monit" ) +restricted_containers=("portainer" "monit" ) sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker sudo chmod +x /usr/local/bin/ufw-docker @@ -93,8 +93,8 @@ ufw-docker install docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do # Check if the current line is in the skip_lines array skip=false - for skip_container in "${skip_containers[@]}"; do - if [[ "$container" == "$skip_container" ]]; then + for restricted_container in "${restricted_containers[@]}"; do + if [[ "$container" == "$restricted_container" ]]; then skip=true break fi diff --git a/resources/servers/kingkong/firewall b/resources/servers/kingkong/firewall index 66dc05b6b..102d0ae0d 100644 --- a/resources/servers/kingkong/firewall +++ b/resources/servers/kingkong/firewall @@ -80,7 +80,7 @@ ufw deny out 22822 ufw deny out 22222 -skip_containers=("portainer" "monit" ) +restricted_containers=("portainer" "monit" ) sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker sudo chmod +x /usr/local/bin/ufw-docker @@ -92,8 +92,8 @@ ufw-docker install docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do # Check if the current line is in the skip_lines array skip=false - for skip_container in "${skip_containers[@]}"; do - if [[ "$container" == "$skip_container" ]]; then + for restricted_container in "${restricted_containers[@]}"; do + if [[ "$container" == "$restricted_container" ]]; then skip=true break fi -- 2.39.5