free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

If installed within docker certain things aren't needed

Bob Mottram 10 years ago
parent
e94545a91a
commit
d2b72e35d9
1 changed files with 40 additions and 0 deletions
Split View Show Diff Stats
  1. 40
    0
      install-freedombone.sh

+ 40
- 0
install-freedombone.sh View File 

@@ -66,6 +66,7 @@ FREEDNS_SUBDOMAIN_CODE=$3
66 66 
 SSH_PORT=2222
67 67 
 KERNEL_VERSION="v3.15.10-bone7"
68 68 
 USE_HWRNG="yes"
69 
+INSTALLED_WITHIN_DOCKER="no"
69 70
70 71 
 GPG_KEYSERVER="hkp://keys.gnupg.net"
71 72 
 
@@ -269,6 +270,9 @@ function update_the_kernel {
269 270 
   if grep -Fxq "update_the_kernel" $COMPLETION_FILE; then
270 271 
       return
271 272 
   fi
273 
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
274 
+	  return
275 
+  fi
272 276 
   cd /opt/scripts/tools
273 277 
   ./update_kernel.sh --kernel $KERNEL_VERSION
274 278 
   echo 'update_the_kernel' >> $COMPLETION_FILE
 
@@ -278,6 +282,9 @@ function enable_zram {
278 282 
   if grep -Fxq "enable_zram" $COMPLETION_FILE; then
279 283 
       return
280 284 
   fi
285 
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
286 
+	  return
287 
+  fi
281 288 
   if ! grep -q "options zram num_devices=1" /etc/modprobe.d/zram.conf; then
282 289 
       echo 'options zram num_devices=1' >> /etc/modprobe.d/zram.conf
283 290 
   fi
 
@@ -357,6 +364,11 @@ function random_number_generator {
357 364 
   if grep -Fxq "random_number_generator" $COMPLETION_FILE; then
358 365 
       return
359 366 
   fi
367 
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
368 
+	  # it is assumed that docker uses the random number
369 
+	  # generator of the host system
370 
+	  return
371 
+  fi
360 372 
   if [ $USE_HWRNG == "yes" ]; then
361 373 
     apt-get -y --force-yes install rng-tools
362 374 
     sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
 
@@ -544,6 +556,10 @@ function configure_firewall {
544 556 
   if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
545 557 
       return
546 558 
   fi
559 
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
560 
+	  # docker does its own firewalling
561 
+	  return
562 
+  fi
547 563 
   iptables -P INPUT ACCEPT
548 564 
   ip6tables -P INPUT ACCEPT
549 565 
   iptables -F
 
@@ -570,6 +586,10 @@ function configure_firewall_for_dns {
570 586 
   if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
571 587 
       return
572 588 
   fi
589 
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
590 
+	  # docker does its own firewalling
591 
+	  return
592 
+  fi
573 593 
   iptables -A INPUT -i eth0 -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
574 594 
   save_firewall_settings
575 595 
   echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
 
@@ -579,6 +599,10 @@ function configure_firewall_for_ftp {
579 599 
   if grep -Fxq "configure_firewall_for_ftp" $COMPLETION_FILE; then
580 600 
       return
581 601 
   fi
602 
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
603 
+	  # docker does its own firewalling
604 
+	  return
605 
+  fi
582 606 
   iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
583 607 
   save_firewall_settings
584 608 
   echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
 
@@ -588,6 +612,10 @@ function configure_firewall_for_web {
588 612 
   if grep -Fxq "configure_firewall_for_web" $COMPLETION_FILE; then
589 613 
       return
590 614 
   fi
615 
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
616 
+	  # docker does its own firewalling
617 
+	  return
618 
+  fi
591 619 
   iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
592 620 
   iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
593 621 
   save_firewall_settings
 
@@ -598,6 +626,10 @@ function configure_firewall_for_ssh {
598 626 
   if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
599 627 
       return
600 628 
   fi
629 
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
630 
+	  # docker does its own firewalling
631 
+	  return
632 
+  fi
601 633 
   iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
602 634 
   iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
603 635 
   save_firewall_settings
 
@@ -608,6 +640,10 @@ function configure_firewall_for_git {
608 640 
   if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
609 641 
       return
610 642 
   fi
643 
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
644 
+	  # docker does its own firewalling
645 
+	  return
646 
+  fi
611 647 
   iptables -A INPUT -i eth0 -p tcp --dport 9418 -j ACCEPT
612 648 
   save_firewall_settings
613 649 
   echo 'configure_firewall_for_git' >> $COMPLETION_FILE
 
@@ -617,6 +653,10 @@ function configure_firewall_for_email {
617 653 
   if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
618 654 
       return
619 655 
   fi
656 
+  if [ $INSTALLED_WITHIN_DOCKER == "yes" ]; then
657 
+	  # docker does its own firewalling
658 
+	  return
659 
+  fi
620 660 
   iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
621 661 
   iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
622 662 
   iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT