|
@@ -66,6 +66,7 @@ FREEDNS_SUBDOMAIN_CODE=$3
|
66
|
66
|
SSH_PORT=2222
|
67
|
67
|
KERNEL_VERSION="v3.15.10-bone7"
|
68
|
68
|
USE_HWRNG="yes"
|
|
69
|
+INSTALLED_WITHIN_DOCKER="no"
|
69
|
70
|
|
70
|
71
|
GPG_KEYSERVER="hkp://keys.gnupg.net"
|
71
|
72
|
|
|
@@ -269,6 +270,9 @@ function update_the_kernel {
|
269
|
270
|
if grep -Fxq "update_the_kernel" $COMPLETION_FILE; then
|
270
|
271
|
return
|
271
|
272
|
fi
|
|
273
|
+ if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
|
274
|
+ return
|
|
275
|
+ fi
|
272
|
276
|
cd /opt/scripts/tools
|
273
|
277
|
./update_kernel.sh --kernel $KERNEL_VERSION
|
274
|
278
|
echo 'update_the_kernel' >> $COMPLETION_FILE
|
|
@@ -278,6 +282,9 @@ function enable_zram {
|
278
|
282
|
if grep -Fxq "enable_zram" $COMPLETION_FILE; then
|
279
|
283
|
return
|
280
|
284
|
fi
|
|
285
|
+ if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
|
286
|
+ return
|
|
287
|
+ fi
|
281
|
288
|
if ! grep -q "options zram num_devices=1" /etc/modprobe.d/zram.conf; then
|
282
|
289
|
echo 'options zram num_devices=1' >> /etc/modprobe.d/zram.conf
|
283
|
290
|
fi
|
|
@@ -357,6 +364,11 @@ function random_number_generator {
|
357
|
364
|
if grep -Fxq "random_number_generator" $COMPLETION_FILE; then
|
358
|
365
|
return
|
359
|
366
|
fi
|
|
367
|
+ if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
|
368
|
+ # it is assumed that docker uses the random number
|
|
369
|
+ # generator of the host system
|
|
370
|
+ return
|
|
371
|
+ fi
|
360
|
372
|
if [ $USE_HWRNG == "yes" ]; then
|
361
|
373
|
apt-get -y --force-yes install rng-tools
|
362
|
374
|
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
|
|
@@ -544,6 +556,10 @@ function configure_firewall {
|
544
|
556
|
if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
|
545
|
557
|
return
|
546
|
558
|
fi
|
|
559
|
+ if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
|
560
|
+ # docker does its own firewalling
|
|
561
|
+ return
|
|
562
|
+ fi
|
547
|
563
|
iptables -P INPUT ACCEPT
|
548
|
564
|
ip6tables -P INPUT ACCEPT
|
549
|
565
|
iptables -F
|
|
@@ -570,6 +586,10 @@ function configure_firewall_for_dns {
|
570
|
586
|
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
|
571
|
587
|
return
|
572
|
588
|
fi
|
|
589
|
+ if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
|
590
|
+ # docker does its own firewalling
|
|
591
|
+ return
|
|
592
|
+ fi
|
573
|
593
|
iptables -A INPUT -i eth0 -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
|
574
|
594
|
save_firewall_settings
|
575
|
595
|
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
|
|
@@ -579,6 +599,10 @@ function configure_firewall_for_ftp {
|
579
|
599
|
if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then
|
580
|
600
|
return
|
581
|
601
|
fi
|
|
602
|
+ if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
|
603
|
+ # docker does its own firewalling
|
|
604
|
+ return
|
|
605
|
+ fi
|
582
|
606
|
iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
|
583
|
607
|
save_firewall_settings
|
584
|
608
|
echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
|
|
@@ -588,6 +612,10 @@ function configure_firewall_for_web {
|
588
|
612
|
if grep -Fxq "configure_firewall_for_web" $COMPLETION_FILE; then
|
589
|
613
|
return
|
590
|
614
|
fi
|
|
615
|
+ if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
|
616
|
+ # docker does its own firewalling
|
|
617
|
+ return
|
|
618
|
+ fi
|
591
|
619
|
iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
|
592
|
620
|
iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
|
593
|
621
|
save_firewall_settings
|
|
@@ -598,6 +626,10 @@ function configure_firewall_for_ssh {
|
598
|
626
|
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
|
599
|
627
|
return
|
600
|
628
|
fi
|
|
629
|
+ if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
|
630
|
+ # docker does its own firewalling
|
|
631
|
+ return
|
|
632
|
+ fi
|
601
|
633
|
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
|
602
|
634
|
iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
|
603
|
635
|
save_firewall_settings
|
|
@@ -608,6 +640,10 @@ function configure_firewall_for_git {
|
608
|
640
|
if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
|
609
|
641
|
return
|
610
|
642
|
fi
|
|
643
|
+ if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
|
644
|
+ # docker does its own firewalling
|
|
645
|
+ return
|
|
646
|
+ fi
|
611
|
647
|
iptables -A INPUT -i eth0 -p tcp --dport 9418 -j ACCEPT
|
612
|
648
|
save_firewall_settings
|
613
|
649
|
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
|
|
@@ -617,6 +653,10 @@ function configure_firewall_for_email {
|
617
|
653
|
if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
|
618
|
654
|
return
|
619
|
655
|
fi
|
|
656
|
+ if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
|
|
657
|
+ # docker does its own firewalling
|
|
658
|
+ return
|
|
659
|
+ fi
|
620
|
660
|
iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
|
621
|
661
|
iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
|
622
|
662
|
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
|