diff options
author | root@culturestrings <root@culturestrings> | 2020-07-01 08:57:05 +0000 |
---|---|---|
committer | root@culturestrings <root@culturestrings> | 2020-07-01 08:57:05 +0000 |
commit | 2caf08d5dd9d82087c16390a34e8ab169be75369 (patch) | |
tree | 93f726587321c6e03fd86f74088e57dbbc2a1292 /public/fs | |
parent | 065c23e1561fad50c66c30447a4886d2727a47cf (diff) | |
download | culturestrings-2caf08d5dd9d82087c16390a34e8ab169be75369.tar.bz2 culturestrings-2caf08d5dd9d82087c16390a34e8ab169be75369.tar.xz |
networking: introduced $vpn_net4, $vpn_ipv5, $host_ipv4, $host_ipv6.
Diffstat (limited to 'public/fs')
-rwxr-xr-x | public/fs/etc/openvpn/hostvpn-conf.sh | 4 | ||||
-rw-r--r-- | public/fs/etc/openvpn/hostvpn.conf.in | 8 | ||||
-rw-r--r-- | public/fs/etc/pagure/pagure.cfg.in | 2 | ||||
-rwxr-xr-x | public/fs/etc/sysconfig/network/ifcfg-eth0-conf.sh | 12 | ||||
-rw-r--r-- | public/fs/etc/sysconfig/network/ifcfg-eth0.in (renamed from public/fs/etc/sysconfig/network/ifcfg-eth0) | 2 | ||||
-rwxr-xr-x | public/fs/home/pgsql/data/pg_hba-conf.sh | 15 | ||||
-rw-r--r-- | public/fs/home/pgsql/data/pg_hba.conf.in (renamed from public/fs/home/pgsql/data/pg_hba.conf) | 2 | ||||
-rwxr-xr-x | public/fs/home/pgsql/data/postgresql-conf.sh | 15 | ||||
-rw-r--r-- | public/fs/home/pgsql/data/postgresql.conf.in (renamed from public/fs/home/pgsql/data/postgresql.conf) | 2 |
9 files changed, 54 insertions, 8 deletions
diff --git a/public/fs/etc/openvpn/hostvpn-conf.sh b/public/fs/etc/openvpn/hostvpn-conf.sh index cdfdb1c..a438a54 100755 --- a/public/fs/etc/openvpn/hostvpn-conf.sh +++ b/public/fs/etc/openvpn/hostvpn-conf.sh @@ -12,4 +12,8 @@ source /root/config/private/config/hostinfo/${sitezone} sed -e 's/@vpn_port@/'${vpn_port}'/g' \ -e 's/@hostname@/'${hostname}'/g' \ + -e 's/@vpn_net4@/'${vpn_net4}'/g' \ + -e 's/@vpn_ipv4@/'${vpn_ipv4}'/g' \ + -e 's/@host_ipv4@/'${host_ipv4}'/g' \ + -e 's/@host_ipv6@/'${host_ipv6}'/g' \ "${cfg_srcdir}/hostvpn.conf.in" diff --git a/public/fs/etc/openvpn/hostvpn.conf.in b/public/fs/etc/openvpn/hostvpn.conf.in index a285e12..bf58a4f 100644 --- a/public/fs/etc/openvpn/hostvpn.conf.in +++ b/public/fs/etc/openvpn/hostvpn.conf.in @@ -16,16 +16,16 @@ dh /etc/easy-rsa/pki/dh.pem status /var/log/openvpn/openvpn-status.log log-append /var/log/openvpn/openvpn.log -server 10.8.0.0 255.255.255.0 -server-ipv6 2a01:4f9:2b:20f0:8000::/65 +server @vpn_net4@ 255.255.255.0 +server-ipv6 @host_ipv6@:8000::/65 push "route-ipv6 2000::/3" -push "route-ipv6 2a01:4f9:2b:20f0::/64" +push "route-ipv6 host_ipv6::/64" push "block-outside-dns" push "redirect-gateway def1" push "route 192.168.0.0 255.255.255.0" -push "dhcp-option DNS 10.8.0.1" +push "dhcp-option DNS @vpn_ipv4@" duplicate-cn client-to-client diff --git a/public/fs/etc/pagure/pagure.cfg.in b/public/fs/etc/pagure/pagure.cfg.in index bfc1122..a80c469 100644 --- a/public/fs/etc/pagure/pagure.cfg.in +++ b/public/fs/etc/pagure/pagure.cfg.in @@ -113,7 +113,7 @@ GIT_URL_GIT = 'https://dev.@sitezone@/' ### gunicorn -IP_ALLOWED_INTERNAL = ['10.8.0.1', '127.0.0.1', 'localhost', '::1', ''] +IP_ALLOWED_INTERNAL = ['@vpn_ipv4@', '127.0.0.1', 'localhost', '::1', ''] ### event source options diff --git a/public/fs/etc/sysconfig/network/ifcfg-eth0-conf.sh b/public/fs/etc/sysconfig/network/ifcfg-eth0-conf.sh new file mode 100755 index 0000000..d116219 --- /dev/null +++ b/public/fs/etc/sysconfig/network/ifcfg-eth0-conf.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +set -eu + +cfg_script="$0" +cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) + +source /root/config/private/config/server.ports + +sed -e 's/@host_ipv4@/'${host_ipv4}'/g' \ + -e 's/@host_ipv6@/'${host_ipv6}'/g' \ + "${cfg_srcdir}/ifcfg-eth0.in" diff --git a/public/fs/etc/sysconfig/network/ifcfg-eth0 b/public/fs/etc/sysconfig/network/ifcfg-eth0.in index c2fc421..8060f46 100644 --- a/public/fs/etc/sysconfig/network/ifcfg-eth0 +++ b/public/fs/etc/sysconfig/network/ifcfg-eth0.in @@ -1,6 +1,6 @@ BOOTPROTO='dhcp' STARTMODE='auto' -IPADDR_0='2a01:4f9:2b:20f0::2/65' +IPADDR_0='@host_ipv6@::2/65' LABEL_0='ipv6' NETMASK_0='' diff --git a/public/fs/home/pgsql/data/pg_hba-conf.sh b/public/fs/home/pgsql/data/pg_hba-conf.sh new file mode 100755 index 0000000..a64b161 --- /dev/null +++ b/public/fs/home/pgsql/data/pg_hba-conf.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -eu + +sitezone="$1" + +cfg_script="$0" +cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) + +source /root/config/private/config/server.ports +source /root/config/private/config/hostinfo/${sitezone} + +sed -e 's/@vpn_net4@/'${vpn_net4}'/g' \ + -e 's/@vpn_ipv4@/'${vpn_ipv4}'/g' \ + "${cfg_srcdir}/pg_hba.conf.in" diff --git a/public/fs/home/pgsql/data/pg_hba.conf b/public/fs/home/pgsql/data/pg_hba.conf.in index 6abd582..07fef10 100644 --- a/public/fs/home/pgsql/data/pg_hba.conf +++ b/public/fs/home/pgsql/data/pg_hba.conf.in @@ -8,7 +8,7 @@ local all all peer host all all 127.0.0.1/32 scram-sha-256 -host all all 10.8.0.0/24 scram-sha-256 +host all all @vpn_net4@/24 scram-sha-256 host all all ::1/128 scram-sha-256 local replication all peer diff --git a/public/fs/home/pgsql/data/postgresql-conf.sh b/public/fs/home/pgsql/data/postgresql-conf.sh new file mode 100755 index 0000000..2a6a6e1 --- /dev/null +++ b/public/fs/home/pgsql/data/postgresql-conf.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -eu + +sitezone="$1" + +cfg_script="$0" +cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) + +source /root/config/private/config/server.ports +source /root/config/private/config/hostinfo/${sitezone} + +sed -e 's/@vpn_net4@/'${vpn_net4}'/g' \ + -e 's/@vpn_ipv4@/'${vpn_ipv4}'/g' \ + "${cfg_srcdir}/postgresql.conf.in" diff --git a/public/fs/home/pgsql/data/postgresql.conf b/public/fs/home/pgsql/data/postgresql.conf.in index 45d0eab..42a1c26 100644 --- a/public/fs/home/pgsql/data/postgresql.conf +++ b/public/fs/home/pgsql/data/postgresql.conf.in @@ -1,4 +1,4 @@ -listen_addresses = 'localhost, 10.8.0.1' +listen_addresses = 'localhost, @vpn_ipv4@' port = 5432 max_connections = 128 superuser_reserved_connections = 16 |