From 3c54c44235ac444edea7b373ea8c979df6b4dc90 Mon Sep 17 00:00:00 2001 From: deadcxap Date: Tue, 17 Mar 2026 13:21:02 +0300 Subject: [PATCH] =?UTF-8?q?=D1=83=D0=B1=D1=80=D0=B0=D0=BB=20=D1=81=D0=BE?= =?UTF-8?q?=D0=B7=D0=B4=D0=B0=D0=BD=D0=B8=D0=B5=20ufw=20=D0=B4=D0=BB=D1=8F?= =?UTF-8?q?=20=D1=82=D1=83=D0=B5=D0=B8=D1=88=D0=BA=D0=B2=20=D0=B8=D0=B7=20?= =?UTF-8?q?=D0=BE=D1=81=D0=BD=D0=BE=D0=B2=D0=BD=D0=BE=D0=B3=D0=BE=20=D1=81?= =?UTF-8?q?=D0=BA=D1=80=D0=B8=D0=BF=D1=82=D0=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- node/remnawave/docker-compose.yml | 8 ++++++++ node/remnawave/init.sh | 5 ++++- setup.sh | 16 +--------------- 3 files changed, 13 insertions(+), 16 deletions(-) diff --git a/node/remnawave/docker-compose.yml b/node/remnawave/docker-compose.yml index 5808a22..193c06f 100644 --- a/node/remnawave/docker-compose.yml +++ b/node/remnawave/docker-compose.yml @@ -14,6 +14,12 @@ services: network_mode: host depends_on: - remnanode + healthcheck: + test: [ "CMD-SHELL", "wget -q -O /dev/null http://127.0.0.1/ || exit 1" ] + interval: 10s + timeout: 5s + retries: 12 + start_period: 10s logging: driver: 'json-file' options: @@ -35,6 +41,8 @@ services: nofile: soft: 1048576 hard: 1048576 + cap_add: + - NET_ADMIN logging: driver: 'json-file' options: diff --git a/node/remnawave/init.sh b/node/remnawave/init.sh index fc99f4b..ab00200 100644 --- a/node/remnawave/init.sh +++ b/node/remnawave/init.sh @@ -1,8 +1,11 @@ #!/usr/bin/env bash +# ПРОВЕРИТЬ ЧТО ЗАПУСТИТСЯ НЕ ОТ ROOT +# ТАК КАК ИНИТ ВЫЗЫВАЕТСЯ КОМАНДОЙ sudo -u "$USERNAME" -H bash "$init_script" + # Скрипт инициализации ноды. # 1. Скачивает случайный шаблон сайта и разворачивает его в /var/www/html. -# 2. Создаёт докер-сеть, указанную в docker-compose.yml. +# ПРОПУСТИТЬ 2. Создаёт докер-сеть, указанную в docker-compose.yml. # 3. Запрашивает необходимые параметры у пользователя и записывает их в .env. # 4. Открывает порт панели только для центрального сервера. # 5. Запускает docker compose. diff --git a/setup.sh b/setup.sh index 83bc0c3..d678401 100644 --- a/setup.sh +++ b/setup.sh @@ -99,8 +99,6 @@ Usage: $0 --user NAME --sshkey KEY [options] -v, --vector URL (optional) URL of Vector sink -r, --role NAME (optional) Role name to bootstrap -n, --netbird-key KEY (optional) Netbird setup key - -i, --netbird-ip IP (optional) Netbird central server IP - -p, --netbird-port PORT (optional) Netbird central server port -o, --hostname NAME (optional) Hostname to set on server USAGE } @@ -112,14 +110,12 @@ MONITOR_IP="" VECTOR_ENDPOINT="" ROLE="" NETBIRD_KEY="" -NETBIRD_IP="" -NETBIRD_PORT="" HOSTNAME_VALUE="" parse_args() { local opts if ! opts=$(getopt \ -o u:k:s:m:v:r:n:i:p:o:h \ - --long user:,sshkey:,ssh-ip:,monitor-ip:,vector:,role:,netbird-key:,netbird-ip:,netbird-port:,hostname:,help \ + --long user:,sshkey:,ssh-ip:,monitor-ip:,vector:,role:,netbird-key:,hostname:,help \ -n "$0" -- "$@"); then usage exit 1 @@ -134,8 +130,6 @@ parse_args() { -v|--vector) VECTOR_ENDPOINT="$2"; shift 2 ;; -r|--role) ROLE="$2"; shift 2 ;; -n|--netbird-key) NETBIRD_KEY="$2"; shift 2 ;; - -i|--netbird-ip) NETBIRD_IP="$2"; shift 2 ;; - -p|--netbird-port) NETBIRD_PORT="$2"; shift 2 ;; -o|--hostname) HOSTNAME_VALUE="$2"; shift 2 ;; -h|--help) usage; exit 0 ;; --) shift; break ;; @@ -238,9 +232,6 @@ configure_ufw() { if [[ -n "$MONITOR_IP" ]]; then run "Allow Beszel from $MONITOR_IP" ufw allow from "$MONITOR_IP" to any port 45876 proto tcp comment 'Beszel monitoring' fi - if [[ -n "$NETBIRD_KEY" && -n "$NETBIRD_IP" && -n "$NETBIRD_PORT" ]]; then - run "Allow Netbird central from $NETBIRD_IP:$NETBIRD_PORT" ufw allow from "$NETBIRD_IP" to any port "$NETBIRD_PORT" proto tcp comment 'Netbird central' - fi run "Enable UFW" ufw --force enable run "Checking UFW active" bash -c "ufw status | grep -q 'Status: active'" run "Checking UFW SSH rule" bash -c "ufw status | grep -q '22/tcp'" @@ -248,9 +239,6 @@ configure_ufw() { if [[ -n "$MONITOR_IP" ]]; then run "Checking UFW Beszel rule" bash -c "ufw status | grep -q '45876/tcp'" fi - if [[ -n "$NETBIRD_KEY" && -n "$NETBIRD_IP" && -n "$NETBIRD_PORT" ]]; then - run "Checking UFW Netbird rule" bash -c "ufw status | grep -q '$NETBIRD_PORT/tcp'" - fi } install_docker() { @@ -432,8 +420,6 @@ setup_role() { echo \"WARN: Timed out: containers not Up after \${timeout}s\" >&2 exit 0 " - # run "Checking $service_name stack" bash -c "cd \"$target_dir\" && docker compose ps | grep -q 'Up'" - run "Removing init.sh for $service_name" rm -f "$init_script" else log "WARN: init.sh not found in $target_dir, skipping" SUMMARY+=("init.sh for $service_name: MISSING")