setup ufw

2022-11-16 16:34:30 +00:00 · 2022-11-16 16:34:30 +00:00 · 4206ffb5b7
parent b2c389141d
commit 4206ffb5b7
7 changed files with 48 additions and 10 deletions
--- a/make/apps/common.mk
+++ b/make/apps/common.mk
@ -12,7 +12,7 @@ bootstrap-app: install-bin-git

 # target bootstrap-docker: Install and configure docker
 .PHONY: bootstrap-docker
-bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd setup-sysctl
+bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd setup-sysctl setup-ufw

 # target bootstrap-stack: Call bootstrap target of each stack
 .PHONY: bootstrap-stack
--- a/make/apps/def.docker.mk
+++ b/make/apps/def.docker.mk
@ -32,7 +32,7 @@ DOCKER_COMPOSE                  ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_V
 DOCKER_COMPOSE_DOWN_OPTIONS     ?=
 DOCKER_COMPOSE_RUN_OPTIONS      ?= --rm
 DOCKER_COMPOSE_UP_OPTIONS       ?= -d
-DOCKER_IMAGE_TAG                ?= $(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest))
+DOCKER_IMAGE_TAG                ?= $(if $(filter true,$(DEPLOY)),$(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION)),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest))
 DOCKER_IMAGES                   ?= $(patsubst %/,%,$(patsubst docker/%,%,$(dir $(wildcard docker/*/Dockerfile))))
 DOCKER_PLUGIN                   ?= rexray/s3fs:latest
 DOCKER_PLUGIN_ARGS              ?= $(foreach var,$(DOCKER_PLUGIN_VARS),$(if $(DOCKER_PLUGIN_$(var)),$(var)='$(DOCKER_PLUGIN_$(var))'))
--- a/make/apps/myos/def.setup.mk
+++ b/make/apps/myos/def.setup.mk
@ -5,6 +5,8 @@ SETUP_NFSD                      ?= false
 SETUP_NFSD_OSX_CONFIG           ?= nfs.server.bonjour=0 nfs.server.mount.regular_files=1 nfs.server.mount.require_resv_port=0 nfs.server.nfsd_threads=16 nfs.server.async=1
 SETUP_SYSCTL                    ?= false
 SETUP_SYSCTL_CONFIG             ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.rmem_max=2500000
+SETUP_UFW                       ?= false
+SETUP_UFW_REPOSITORY            ?= https://github.com/chaifeng/ufw-docker

 define setup-nfsd-osx
 	$(call INFO,setup-nfsd-osx,$(1)$(comma) $(2)$(comma) $(3))
--- a/make/apps/myos/def.ufw.mk
+++ b/make/apps/myos/def.ufw.mk
@ -0,0 +1,14 @@
+CMDARGS                         += ufw ufw-docker
+
+ifeq ($(SETUP_UFW),true)
+define ufw
+	$(call INFO,ufw,$(1)$(comma))
+	$(call app-bootstrap,ufw-docker)
+	$(call app-exec,,ufw $(1))
+endef
+define ufw-docker
+	$(call INFO,ufw-docker,$(1)$(comma))
+	$(call app-bootstrap,ufw-docker)
+	$(call app-exec,,ufw-docker $(1))
+endef
+endif
--- a/make/apps/myos/setup.mk
+++ b/make/apps/myos/setup.mk
@ -1,6 +1,13 @@
 ##
 # SETUP

+# target setup-binfmt: Install binfmt abstraction layer
+.PHONY: setup-binfmt
+setup-binfmt:
+ifeq ($(SETUP_BINFMT),true)
+	$(call docker-run,--install $(SETUP_BINFMT_ARCH),--privileged tonistiigi/binfmt)
+endif
+
 # target setup-docker-group: Call ansible to add user in docker group if needed
 .PHONY: setup-docker-group
 setup-docker-group:
@ -30,9 +37,14 @@ ifeq ($(SETUP_SYSCTL),true)
 	$(RUN) $(SUDO) sysctl -q -w $(SETUP_SYSCTL_CONFIG)
 endif

-# target setup-binfmt: Install binfmt abstraction layer
-.PHONY: setup-binfmt
-setup-binfmt:
-ifeq ($(SETUP_BINFMT),true)
-	$(call docker-run,--install $(SETUP_BINFMT_ARCH),--privileged tonistiigi/binfmt)
+# target setup-ufw: Install ufw-docker
+.PHONY: setup-ufw
+setup-ufw:
+ifeq ($(SETUP_UFW),true)
+	$(call app-install,$(SETUP_UFW_REPOSITORY))
+	$(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY))))
+	$(call app-build)
+	$(eval DOCKER_RUN_OPTIONS := --rm --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw --network host)
+	$(call app-up)
+	$(call ufw-docker,install)
 endif
--- a/make/apps/myos/ufw.mk
+++ b/make/apps/myos/ufw.mk
@ -0,0 +1,5 @@
+ufw:
+	$(call ufw,$(ARGS))
+
+ufw-docker:
+	$(call ufw-docker,$(ARGS))
--- a/make/def.app.mk
+++ b/make/def.app.mk
@ -94,11 +94,12 @@ define app-exec
 	$(if $(filter-out $(APP_DIR),$(1)),
 	  $(eval DOCKER_FILE    := $(wildcard $(1)/docker/*/Dockerfile $(1)/*/Dockerfile $(1)/Dockerfile))
 	)
+	$(eval args             := $(or $(2), $(ARGS)))
 	$(if $(DOCKER_FILE),
 	  $(foreach dockerfile,$(DOCKER_FILE),
 	    $(call app-docker,$(dockerfile))
 	    $(if $(shell docker ps -q -f name=$(DOCKER_NAME) 2>/dev/null),
-	      $(RUN) docker exec -it $(DOCKER_NAME) $(ARGS)
+	      $(RUN) docker exec -it $(DOCKER_NAME) $(args)
 	    ,
 	      $(call WARNING,Unable to find docker,$(DOCKER_NAME))
 	    )
@ -113,7 +114,7 @@ define app-install
 	$(eval url              := $(or $(1), $(APP_REPOSITORY_URL)))
 	$(eval dir              := $(or $(2), $(RELATIVE)$(lastword $(subst /, ,$(url)))))
 	$(if $(wildcard $(dir)/.git),
-	  $(call INFO,app: $(url) already installed in dir: $(dir)),
+	  $(call INFO,app $(url) already installed in dir $(dir)),
 	  $(RUN) git clone $(QUIET) $(url) $(dir)
 	)
 endef
@ -186,7 +187,11 @@ endef
 define app-up
 	$(call INFO,app-up,$(1)$(comma))
 	$(eval DOCKER_RUN_OPTIONS += -d)
-	$(call app-run,$(1))
+	$(if $(shell docker ps -q -f name=$(DOCKER_NAME) 2>/dev/null),
+	  $(call INFO,docker $(DOCKER_NAME) already running)
+	,
+	  $(call app-run,$(1))
+	)
 endef

 # function app-update: Run 'cd dir 1 && git pull' or Call app-install