add firewall rules with a rules handler, setup command fix and rust server
This commit is contained in:
		
							parent
							
								
									fb7b388c8e
								
							
						
					
					
						commit
						01e4c835b2
					
				
					 5 changed files with 153 additions and 23 deletions
				
			
		|  | @ -19,8 +19,18 @@ services: | |||
|       TYPE: "PAPER" | ||||
|       VERSION: "1.19.2" | ||||
|     restart: always   | ||||
|     ports: | ||||
|     ports: # 280** and 25565 is allocated to SMPXMC | ||||
|       - "25565:25565" | ||||
|      #- "28016:28016" # Rcon | ||||
|     volumes: | ||||
|       - /srv/smpxmc/data:/data | ||||
|       - /srv/smpxmc/data:/data | ||||
| 
 | ||||
|   rust: | ||||
|     image: didstopia/rust-server:latest | ||||
|     environment: | ||||
|       - RUST_SERVER_NAME=smexypexyrustserver | ||||
|       - RUST_SERVER_MAXPLAYERS=20 | ||||
|     ports: # 281** is allocated for Rust | ||||
|       - "28115:28015" | ||||
|       - "28116:28016" | ||||
|       - "28182:28082" | ||||
							
								
								
									
										96
									
								
								man
									
										
									
									
									
								
							
							
						
						
									
										96
									
								
								man
									
										
									
									
									
								
							|  | @ -1,7 +1,7 @@ | |||
| #!/bin/sh | ||||
| 
 | ||||
| PROJECT_NAME=${PROJECT_NAME:-neo} | ||||
| BLACKLIST="" | ||||
| LIST=docker-compose.*.yml | ||||
| 
 | ||||
| alias dc="docker-compose -p $PROJECT_NAME" | ||||
| # alias dc="echo docker-compose -p $PROJECT_NAME" | ||||
|  | @ -11,28 +11,18 @@ fatal() { | |||
|     exit 1 | ||||
| } | ||||
| 
 | ||||
| only() { | ||||
|     FILE="docker-compose.$1.yml"; shift | ||||
|     default() { | ||||
|         dc -f $FILE $@ | ||||
|     } | ||||
|     handleFallthrough $@ | ||||
| } | ||||
| 
 | ||||
| default() { | ||||
|     file_opts="" | ||||
|     for f in docker-compose.*.yml; do | ||||
|         # echo $BLACKLIST | grep -q $f && continue | ||||
|         echo $BLACKLIST | grep -q $(echo $f | cut -d. -f2) && continue | ||||
|         file_opts="$file_opts -f $f" | ||||
|     fopts="" | ||||
|     for f in $LIST; do | ||||
|         fopts="$fopts -f $f" | ||||
|     done | ||||
|     dc $file_opts $@ | ||||
|     dc $fopts $* | ||||
| } | ||||
| 
 | ||||
| includechain=0 | ||||
| handleFallthrough() { | ||||
|     cmd=${1:-}; shift | ||||
|     case $cmd in | ||||
|         only) only $@ ;; | ||||
|         delete-project-files|dpf) | ||||
|             [ -n "$1" ] || fatal "no directory specified" | ||||
|             [ -d /srv/$1 ] || fatal "directory doesn't exist" | ||||
|  | @ -42,13 +32,21 @@ handleFallthrough() { | |||
|             [ "$answer" = "yes" ] && sudo rm -rf /srv/$1 || fatal "cancelled" | ||||
|         ;; | ||||
| 
 | ||||
|         -b) | ||||
|             BLACKLIST="$BLACKLIST $1"; shift | ||||
|         -i) #include | ||||
|             if [ $includechain -eq 0 ]; then | ||||
|                 LIST="docker-compose.$1.yml" | ||||
|                 includechain=1 | ||||
|             else | ||||
|                 LIST="$LIST docker-compose.$1.yml" | ||||
|             fi | ||||
|             shift | ||||
|             handleFallthrough $@ | ||||
|         ;;  | ||||
|         ;; | ||||
| 
 | ||||
|         setup-all)  | ||||
|             sh utils/setup.sh | ||||
|         -x) #exclude | ||||
|             LIST=$(echo $LIST | sed "s/docker-compose.$1.yml//") | ||||
|             shift | ||||
|             handleFallthrough $@ | ||||
|         ;; | ||||
| 
 | ||||
|         make:*) | ||||
|  | @ -71,9 +69,65 @@ handleFallthrough() { | |||
|             esac | ||||
|         ;; | ||||
| 
 | ||||
|         setup:*|s:*) | ||||
|             WHAT=`echo $cmd | cut -c8-` | ||||
|             case $WHAT in | ||||
|                 ports) sudo setup-ports.sh up ;; | ||||
|                 def) sudo setup.sh ;; | ||||
|                 all|a) | ||||
|                     sudo setup.sh | ||||
|                     sudo setup-ports.sh up | ||||
|                 ;; | ||||
|                 *) fatal "not supported" ;; | ||||
|             esac | ||||
|         ;; | ||||
| 
 | ||||
|         # preference | ||||
|         logs) default logs --tail=20 -f $@ ;; | ||||
|         up) default up -d $@ ;; | ||||
|         upr) default up -d --remove-orphans $@ ;; | ||||
| 
 | ||||
|         --help|-h) | ||||
|             __() { | ||||
|                 colsep="$1" | ||||
|                 cmd="$2" | ||||
|                 desc="$3" | ||||
|                 aliases="$4" | ||||
|                 printf "%s %-20s %s %-64s %s %-40s %s \n" "$colsep" "$cmd" "$colsep" "$desc" "$colsep" "$aliases" "$colsep" | ||||
|             } | ||||
|             _hr() { | ||||
|                 repchar() { | ||||
|                     printf "%$1s" | tr " " "$2" | ||||
|                 } | ||||
|                 __ "*" ${1:-$(repchar 20 -)} ${2:-$(repchar 64 -)} ${3:-$(repchar 40 -)} | ||||
|             } | ||||
|             _r() { | ||||
|                 __ "|" "$1" "$2" "$3" | ||||
|             } | ||||
|             _hr | ||||
|             _r $0 Description Aliases | ||||
|             _hr | ||||
|             _hr "Flags" " " " " | ||||
|             _hr | ||||
|             _r "-x" "Excludes a docker-compose file from the list." " " | ||||
|             _r "-i" "Includes a docker-compose file from the list." " " | ||||
|             _hr | ||||
|             _hr "Commands" " " " " | ||||
|             _hr | ||||
|             _r "dpf" "Delete project files." "delete-project-files <name>" | ||||
|             _r "setup" "Run setup script." "sh ./utils/setup.sh" | ||||
|             _r "make:dc <name>" "Make docker-compose file." "make:docker-compose <name>" | ||||
|             _r "make:backup <name>" "Make backup file." "tar cvf <name>.tar.gz /srv" | ||||
|             _hr | ||||
|             _hr "Commands/aliases" "(shortcuts)" " " | ||||
|             _hr | ||||
|             _r "up" "Bring up services. (-d)" "$0 default up -d" | ||||
|             _r "upr" "Bring up services and remove orphans." "$0 default up -d --remove-orphans" | ||||
|             _r "logs" "View logs and follow with a tail of 20." "$0 default logs --tail=20 -f" | ||||
|             _hr | ||||
|             _r "default" "fallback to the main docker-compose command with fileopts." "docker-compose"  | ||||
|             _hr | ||||
|         ;; | ||||
| 
 | ||||
|         default) default $@ ;; | ||||
|         *|'') default $cmd $@ ;; | ||||
|  |  | |||
							
								
								
									
										24
									
								
								utils/rulelist.rules
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								utils/rulelist.rules
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,24 @@ | |||
| # HTTP(s) | ||||
| INPUT -p tcp --dport 80 -j ACCEPT | ||||
| INPUT -p tcp --dport 443 -j ACCEPT | ||||
| 
 | ||||
| # SSH | ||||
| INPUT -p tcp --dport 8240 -j ACCEPT | ||||
| 
 | ||||
| # WIREGUARD | ||||
| INPUT -p udp --dport 51820 -j ACCEPT | ||||
| 
 | ||||
| # MINECRAFT (25565 && 280**) | ||||
| INPUT -p tcp --dport 25565 -j ACCEPT | ||||
| 
 | ||||
| # RUST (281**) | ||||
| INPUT -p tcp --dport 28115 -j ACCEPT | ||||
| INPUT -p udp --dport 28115 -j ACCEPT | ||||
| INPUT -p tcp --dport 28116 -j ACCEPT | ||||
| INPUT -p udp --dport 28116 -j ACCEPT | ||||
| INPUT -p tcp --dport 28182 -j ACCEPT | ||||
| INPUT -p udp --dport 28182 -j ACCEPT | ||||
| 
 | ||||
| # ALLOW ALL TRAFFIC FROM xxx.xxx.xxx.xxx | ||||
| INPUT -s 87.210.9.220 -j ACCEPT | ||||
| 
 | ||||
							
								
								
									
										42
									
								
								utils/setup-ports.sh
									
										
									
									
									
										Executable file
									
								
							
							
						
						
									
										42
									
								
								utils/setup-ports.sh
									
										
									
									
									
										Executable file
									
								
							|  | @ -0,0 +1,42 @@ | |||
| #!/bin/sh | ||||
| 
 | ||||
| run() { | ||||
|   echo "$@" | ||||
|   "$@" | ||||
| } | ||||
| 
 | ||||
| up() { | ||||
|   while read -r line; do | ||||
|     [ -z "$line" ] && continue | ||||
|     if [ "$(echo "$line" | cut -c1)" = "#" ]; then | ||||
|       echo "$line" | ||||
|     else | ||||
|       # shellcheck disable=SC2086 | ||||
|       run iptables -A $line | ||||
|     fi | ||||
|   done < "$1" | ||||
| } | ||||
| 
 | ||||
| down() { | ||||
|   while read -r line; do | ||||
|     [ -z "$line" ] && continue | ||||
|     if [ "$(echo "$line" | cut -c1)" = "#" ]; then | ||||
|       echo "$line" | ||||
|     else | ||||
|       # shellcheck disable=SC2086 | ||||
|       run iptables -D $line | ||||
|     fi | ||||
|   done < "$1" | ||||
| } | ||||
| 
 | ||||
| case "$1" in | ||||
|   up) | ||||
|     up "$2" | ||||
|     ;; | ||||
|   down) | ||||
|     down "$2" | ||||
|     ;; | ||||
|   *) | ||||
|     echo "Usage: $0 {up|down}" | ||||
|     exit 1 | ||||
| esac | ||||
							
								
								
									
										0
									
								
								utils/setup.sh
									
										
									
									
									
										
										
										Normal file → Executable file
									
								
							
							
						
						
									
										0
									
								
								utils/setup.sh
									
										
									
									
									
										
										
										Normal file → Executable file
									
								
							
		Reference in a new issue