From f085b7de029c9a9b73a65e837cce72067bd858c3 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 26 Jul 2017 20:40:54 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 499409e0..daf39805 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -930,18 +930,17 @@ alarmClock oncalendar (User user) command = combineProperties "goodmorning timer & "/etc/systemd/logind.conf" `ConfFile.containsIniSetting` ("Login", "LidSwitchIgnoreInhibited", "no") --- | Enable IP masqerading, from the intif to the extif. -ipmasq :: String -> String -> Property DebianLike -ipmasq extif intif = script `File.hasContent` +-- | Enable IP masqerading, on whatever other interfaces come up. +ipmasq :: String -> Property DebianLike +ipmasq intif = script `File.hasContent` [ "#!/bin/sh" - , "EXTIF=" ++ extif , "INTIF=" ++ intif - , "if [ \"$IFACE\" != $EXTIF; then" + , "if [ \"$IFACE\" = $INTIF ] || [ \"$IFACE\" = lo ]; then" , "exit 0" , "fi" - , "iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT" - , "iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT" - , "iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE" + , "iptables -A FORWARD -i $IFACE -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT" + , "iptables -A FORWARD -i $INTIF -o $IFACE -j ACCEPT" + , "iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE" , "echo 1 > /proc/sys/net/ipv4/ip_forward" ] `requires` Apt.installed ["iptables"] -- cgit v1.2.3 From 08e5a3bed32738d7be71a51990554d97651b9ba6 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 26 Jul 2017 21:02:39 -0400 Subject: propellor spin --- joeyconfig.hs | 2 +- src/Propellor/Property/SiteSpecific/JoeySites.hs | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/joeyconfig.hs b/joeyconfig.hs index cb2c3bc0..360a4075 100644 --- a/joeyconfig.hs +++ b/joeyconfig.hs @@ -244,7 +244,7 @@ honeybee = host "honeybee.kitenet.net" $ props , "noauth" ] `before` File.hasPrivContent "/etc/ppp/pap-secrets" (Context "joeyh@arczip.com") - & Apt.installed ["mtr", "iftop", "git-annex", "screen"] + & Apt.installed ["mtr", "iftop", "screen"] & Postfix.satellite -- Autobuild runs only on weekdays. diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index daf39805..3f3f657f 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -938,6 +938,7 @@ ipmasq intif = script `File.hasContent` , "if [ \"$IFACE\" = $INTIF ] || [ \"$IFACE\" = lo ]; then" , "exit 0" , "fi" + , "iptables -F" , "iptables -A FORWARD -i $IFACE -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT" , "iptables -A FORWARD -i $INTIF -o $IFACE -j ACCEPT" , "iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE" -- cgit v1.2.3