Преглед на файлове

If installed within docker certain things aren't needed

Bob Mottram преди 10 години
родител
ревизия
d2b72e35d9
променени са 1 файла, в които са добавени 40 реда и са изтрити 0 реда
  1. 40
    0
      install-freedombone.sh

+ 40
- 0
install-freedombone.sh Целия файл

@@ -66,6 +66,7 @@ FREEDNS_SUBDOMAIN_CODE=$3
66 66
 SSH_PORT=2222
67 67
 KERNEL_VERSION="v3.15.10-bone7"
68 68
 USE_HWRNG="yes"
69
+INSTALLED_WITHIN_DOCKER="no"
69 70
 
70 71
 GPG_KEYSERVER="hkp://keys.gnupg.net"
71 72
 
@@ -269,6 +270,9 @@ function update_the_kernel {
269 270
   if grep -Fxq "update_the_kernel" $COMPLETION_FILE; then
270 271
       return
271 272
   fi
273
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
274
+	  return
275
+  fi
272 276
   cd /opt/scripts/tools
273 277
   ./update_kernel.sh --kernel $KERNEL_VERSION
274 278
   echo 'update_the_kernel' >> $COMPLETION_FILE
@@ -278,6 +282,9 @@ function enable_zram {
278 282
   if grep -Fxq "enable_zram" $COMPLETION_FILE; then
279 283
       return
280 284
   fi
285
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
286
+	  return
287
+  fi
281 288
   if ! grep -q "options zram num_devices=1" /etc/modprobe.d/zram.conf; then
282 289
       echo 'options zram num_devices=1' >> /etc/modprobe.d/zram.conf
283 290
   fi
@@ -357,6 +364,11 @@ function random_number_generator {
357 364
   if grep -Fxq "random_number_generator" $COMPLETION_FILE; then
358 365
       return
359 366
   fi
367
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
368
+	  # it is assumed that docker uses the random number
369
+	  # generator of the host system
370
+	  return
371
+  fi
360 372
   if [ $USE_HWRNG == "yes" ]; then
361 373
     apt-get -y --force-yes install rng-tools
362 374
     sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
@@ -544,6 +556,10 @@ function configure_firewall {
544 556
   if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
545 557
       return
546 558
   fi
559
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
560
+	  # docker does its own firewalling
561
+	  return
562
+  fi
547 563
   iptables -P INPUT ACCEPT
548 564
   ip6tables -P INPUT ACCEPT
549 565
   iptables -F
@@ -570,6 +586,10 @@ function configure_firewall_for_dns {
570 586
   if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
571 587
       return
572 588
   fi
589
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
590
+	  # docker does its own firewalling
591
+	  return
592
+  fi
573 593
   iptables -A INPUT -i eth0 -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
574 594
   save_firewall_settings
575 595
   echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
@@ -579,6 +599,10 @@ function configure_firewall_for_ftp {
579 599
   if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then
580 600
       return
581 601
   fi
602
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
603
+	  # docker does its own firewalling
604
+	  return
605
+  fi
582 606
   iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
583 607
   save_firewall_settings
584 608
   echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
@@ -588,6 +612,10 @@ function configure_firewall_for_web {
588 612
   if grep -Fxq "configure_firewall_for_web" $COMPLETION_FILE; then
589 613
       return
590 614
   fi
615
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
616
+	  # docker does its own firewalling
617
+	  return
618
+  fi
591 619
   iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
592 620
   iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
593 621
   save_firewall_settings
@@ -598,6 +626,10 @@ function configure_firewall_for_ssh {
598 626
   if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
599 627
       return
600 628
   fi
629
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
630
+	  # docker does its own firewalling
631
+	  return
632
+  fi
601 633
   iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
602 634
   iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
603 635
   save_firewall_settings
@@ -608,6 +640,10 @@ function configure_firewall_for_git {
608 640
   if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
609 641
       return
610 642
   fi
643
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
644
+	  # docker does its own firewalling
645
+	  return
646
+  fi
611 647
   iptables -A INPUT -i eth0 -p tcp --dport 9418 -j ACCEPT
612 648
   save_firewall_settings
613 649
   echo 'configure_firewall_for_git' >> $COMPLETION_FILE
@@ -617,6 +653,10 @@ function configure_firewall_for_email {
617 653
   if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
618 654
       return
619 655
   fi
656
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
657
+	  # docker does its own firewalling
658
+	  return
659
+  fi
620 660
   iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
621 661
   iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
622 662
   iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT