Slackware/system-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update configurations for dehydrated deployment.

Browse source
This commit is contained in:
Darren 'Tadgy' Austin 2025-09-16 18:12:27 +00:00
commit 06de93d4bc
7 changed files with 78 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.gitattributesdb
View file

@ -7,11 +7,10 @@ LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106 1757519106 root:root 0755 - -
LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - -
LmdpdGlnbm9yZQ== 1757789404 1757593248 root:root 0644 - - LmdpdGlnbm9yZQ== 1757789404 1757593248 root:root 0644 - -
LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - - LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - -
ZXRjLy5naXRpZ25vcmU= 1757874149 1757611781 root:root 0644 - - ZXRjLy5naXRpZ25vcmU= 1758046301 1757611781 root:root 0644 - -
ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - - ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - -
ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1757785734 1757785514 root:root 0644 - - ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758045891 1757785514 root:root 0644 - -
ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1757786703 1757785113 root:root 0644 - - ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758045929 1757785113 root:root 0644 - -
ZXRjL2NlcnRpZmljYXRlcy8uZ2l0aWdub3Jl 1758036869 1758036066 root:root 0644 - -
ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1757609410 1757609410 root:root 0644 - - ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1757609410 1757609410 root:root 0644 - -
ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - - ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - -
ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - - ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - -
@ -19,15 +18,16 @@ ZXRjL2NvbmYuZC9zYW1iYQ== 1757592912 1757592912 root:root 0644 - -
ZXRjL2NvbmYuZC9zc2hk 1757593051 1757593051 root:root 0644 - - ZXRjL2NvbmYuZC9zc2hk 1757593051 1757593051 root:root 0644 - -
ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757771663 1757595391 root:root 0644 - - ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757771663 1757595391 root:root 0644 - -
ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - - ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - -
ZXRjL2RlaHlkcmF0ZWQvLmdpdGlnbm9yZQ== 1758038054 1758038054 root:root 0644 - -
ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvLmdpdGlnbm9yZQ== 1757873230 1757873230 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvLmdpdGlnbm9yZQ== 1757873230 1757873230 root:root 0644 - -
ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1757873275 1757873275 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1757873275 1757873275 root:root 0644 - -
ZXRjL2RlaHlkcmF0ZWQvYXJjaGl2ZS8uZ2l0aWdub3Jl 1757874259 1757873451 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvYXJjaGl2ZS8uZ2l0aWdub3Jl 1757874259 1757873451 root:root 0644 - -
ZXRjL2RlaHlkcmF0ZWQvY2VydHMvLmdpdGlnbm9yZQ== 1757874303 1757873537 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvY2VydHMvLmdpdGlnbm9yZQ== 1757874303 1757873537 root:root 0644 - -
ZXRjL2RlaHlkcmF0ZWQvY29uZmln 1757863188 1757862077 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvY29uZmln 1758044465 1757862077 root:root 0644 - -
ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucw== 1757862328 1757862077 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucw== 1757862328 1757862077 root:root 0644 - -
ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL19leGFtcGxlXw== 1757863238 1757862077 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL19leGFtcGxlXw== 1757863238 1757862077 root:root 0644 - -
ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL2NvcmUuc2xhY2t3YXJlLnVrLm5ldA== 1757863250 1757863250 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL2NvcmUuc2xhY2t3YXJlLnVrLm5ldA== 1757863250 1757863250 root:root 0644 - -
ZXRjL2RlaHlkcmF0ZWQvaG9va3MvZGVmYXVsdA== 1758036605 1757862077 root:root 0755 - - ZXRjL2RlaHlkcmF0ZWQvaG9va3MvZGVmYXVsdA== 1758045829 1757862077 root:root 0755 - -
ZXRjL2dyb3Vw 1757873802 1757869538 root:root 0644 - - ZXRjL2dyb3Vw 1757873802 1757869538 root:root 0644 - -
ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - - ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - -
ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - - ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - -
@ -41,7 +41,7 @@ ZXRjL3Bhc3N3ZA== 1757873724 1757869538 root:root 0644 - -
ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2ItZGVoeWRyYXRlZA== 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2ItZGVoeWRyYXRlZA== 1757708520 1757708520 root:root 0777 - -
ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2ItdXBkYXRlLXBhY2thZ2VzLWxpc3Q= 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2ItdXBkYXRlLXBhY2thZ2VzLWxpc3Q= 1757708520 1757708520 root:root 0777 - -
ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2Itd2Fybi1naXQtc3RhdHVz 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2Itd2Fybi1naXQtc3RhdHVz 1757708520 1757708520 root:root 0777 - -
ZXRjL3BrZ2xpc3Q= 1757955745 1757609913 root:root 0644 - - ZXRjL3BrZ2xpc3Q= 1758041087 1757609913 root:root 0644 - -
ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - -
ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - -
ZXRjL3J1bmxldmVscy9ib290L3JzeXNsb2c= 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9ib290L3JzeXNsb2c= 1757708520 1757708520 root:root 0777 - -

3
etc/.gitignore vendored
View file

@ -3,6 +3,7 @@
/apk/ /apk/
/bash/ /bash/
/busybox-paths.d/ /busybox-paths.d/
/certificates/
/doas.conf /doas.conf
/doas.d/ /doas.d/
/environment /environment
@ -15,6 +16,8 @@
/issue /issue
/lbu/ /lbu/
/logrotate.d/ /logrotate.d/
/lynx.cfg
/lynx.lss
/mail.rc /mail.rc
/mdev.conf /mdev.conf
/modprobe.d/ /modprobe.d/

16
etc/apache2/httpd.conf
View file

@ -15,8 +15,8 @@ LoadModule unixd_module /usr/lib/apache2/mod_unixd.so
LoadModule http2_module /usr/lib/apache2/mod_http2.so LoadModule http2_module /usr/lib/apache2/mod_http2.so
# SSL. # SSL.
#LoadModule ssl_module /usr/lib/apache2/mod_ssl.so LoadModule ssl_module /usr/lib/apache2/mod_ssl.so
#LoadModule socache_shmcb_module /usr/lib/apache2/mod_socache_shmcb.so LoadModule socache_shmcb_module /usr/lib/apache2/mod_socache_shmcb.so
# SSI. # SSI.
LoadModule include_module /usr/lib/apache2/mod_include.so LoadModule include_module /usr/lib/apache2/mod_include.so
@ -151,9 +151,7 @@ MimeMagicFile /etc/apache2/magic
# Lets Encrypt validation. # Lets Encrypt validation.
<IfModule ssl_module> Alias /.well-known/acme-challenge/ /srv/dehydrated/
Alias /.well-known/acme-challenge/ /srv/dehydrated/
</IfModule>
# Access control. # Access control.
@ -167,19 +165,19 @@ MimeMagicFile /etc/apache2/magic
Require all denied Require all denied
</Directory> </Directory>
<Directory /var/empty> <Directory /var/empty/>
Options None Options None
AllowOverride None AllowOverride None
Require all granted Require all granted
</Directory> </Directory>
<Directory /srv/dehydrated> <Directory /srv/dehydrated/>
Options None Options None
AllowOverride None AllowOverride None
Require all granted Require all granted
</Directory> </Directory>
<Directory /srv/www/*/html> <Directory /srv/www/*/html/>
Options Includes MultiViews SymLinksIfOwnerMatch Options Includes MultiViews SymLinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Indexes Limit AllowOverride AuthConfig FileInfo Indexes Limit
@ -208,7 +206,7 @@ MimeMagicFile /etc/apache2/magic
</Directory> </Directory>
<IfModule cgid_module> <IfModule cgid_module>
<Directory /srv/www/*/cgi-bin> <Directory /srv/www/*/cgi-bin/>
Options ExecCGI Includes MultiViews SymLinksIfOwnerMatch Options ExecCGI Includes MultiViews SymLinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Limit AllowOverride AuthConfig FileInfo Limit

6
etc/apache2/sites.d/core.slackware.uk.net.conf
View file

@ -12,9 +12,9 @@
<VirtualHost 5.101.171.215:443 [2a01:a500:2981:1::d7]:443> <VirtualHost 5.101.171.215:443 [2a01:a500:2981:1::d7]:443>
ServerName core.slackware.uk.net ServerName core.slackware.uk.net
SSLCertificateFile /etc/certificates/core.slackware.uk.net-cert.pem SSLCertificateFile /etc/certificates/core.slackware.uk.net_cert.pem
SSLCertificateKeyFile /etc/certificates/core.slackware.uk.net-key.pem SSLCertificateKeyFile /etc/certificates/core.slackware.uk.net_key.pem
SSLCertificateChainFile /etc/certificates/core.slackware.uk.net-chain.pem SSLCertificateChainFile /etc/certificates/core.slackware.uk.net_chain.pem
SetEnvIf REQUEST_URI ^/robots\.txt$ no_log SetEnvIf REQUEST_URI ^/robots\.txt$ no_log
SetEnvIf REQUEST_URI ^/favicon\.ico$ no_log SetEnvIf REQUEST_URI ^/favicon\.ico$ no_log

3
etc/certificates/.gitignore vendored
View file

@ -1,3 +0,0 @@
/*
!/.*
!/*.gpg

1
etc/dehydrated/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
/chains/

65
etc/dehydrated/hooks/default
View file

@ -11,7 +11,7 @@ CERTSDIR="/etc/certificates"
FACILITY="local3" FACILITY="local3"
TAG="dehydrated" TAG="dehydrated"
# Where from/to to send emails. # Where from/to to send emails.
EMAIL_FROM="Systems' Administrator <nobody@slackware.uk>" EMAIL_FROM="\"Server: ${HOSTNAME%%.*}\" <noreply@slackware.uk>"
EMAIL_TO=("Systems' Administrator <sysadmin@slackware.uk>") EMAIL_TO=("Systems' Administrator <sysadmin@slackware.uk>")
# Get the system ID. # Get the system ID.
@ -48,12 +48,12 @@ notify() {
# Service configurations (used at startup/shutdown). # Service configurations (used at startup/shutdown).
services() { services() {
local DAEMON ERR=0 LOG_PREFIX="Dehydrated configuration" PIDFILE RCFILE local DAEMON ERR=0 LOG_PREFIX="Dehydrated configuration" PIDFILE RCFILE SANITY="$1"
# Select the service configuration based on the distribution. # Select the service configuration based on the distribution.
# RCFILE_<service> is required for any service. # RCFILE_<service> is required for any service.
# Either DAEMON_<service> or PIDFILE_<service>, or both is required for any service. # Either DAEMON_<service> or PIDFILE_<service>, or both is required for any service.
if [[ "$ID" == "slackware" ]]; then if [[ "$SYSTEM_ID" == "slackware" ]]; then
# HTTP daemon selection. # HTTP daemon selection.
if [[ -x "/etc/rc.d/rc.httpd" ]]; then if [[ -x "/etc/rc.d/rc.httpd" ]]; then
RCFILE_HTTPD="/etc/rc.d/rc.httpd" RCFILE_HTTPD="/etc/rc.d/rc.httpd"
@ -76,7 +76,7 @@ services() {
DAEMON_SMTPD="exim" DAEMON_SMTPD="exim"
PIDFILE_SMTPD="/run/exim.pid" PIDFILE_SMTPD="/run/exim.pid"
fi fi
elif [[ "$ID" == "void" ]]; then elif [[ "$SYSTEM_ID" == "void" ]]; then
# HTTP daemon selection. # HTTP daemon selection.
# thttpd on Void doesn't have a directly callable rc script, so can't be supported. # thttpd on Void doesn't have a directly callable rc script, so can't be supported.
if [[ -x "/usr/sbin/apachectl" ]]; then if [[ -x "/usr/sbin/apachectl" ]]; then
@ -84,7 +84,7 @@ services() {
DAEMON_HTTPD="httpd" DAEMON_HTTPD="httpd"
PIDFILE_HTTPD="/run/httpd/httpd.pid" PIDFILE_HTTPD="/run/httpd/httpd.pid"
fi fi
elif [[ "$ID" == "alpine" ]]; then elif [[ "$SYSTEM_ID" == "alpine" ]]; then
# HTTP daemon selection. # HTTP daemon selection.
if [[ -x "/etc/init.d/apache2" ]]; then if [[ -x "/etc/init.d/apache2" ]]; then
RCFILE_HTTPD="/etc/init.d/apache2" RCFILE_HTTPD="/etc/init.d/apache2"
@ -97,22 +97,24 @@ services() {
fi fi
# Samba daemon selection. # Samba daemon selection.
if [[ -x "/etc/init.d/samba" ]]; then if [[ -x "/etc/init.d/samba" ]]; then
SAMBA_RCFILE="/etc/init.d/samba" # FIXME:
SAMBA_SERVICENAME="samba" # RCFILE_SAMBA="/etc/init.d/samba"
SAMBA_PIDFILE="/run/samba.pid" DAEMON_SAMBA="samba"
PIDFILE_SAMBA="/run/samba.pid"
fi fi
fi fi
# Sanity check settings. # Sanity check settings.
((SANITY == 1)) && {
[[ -z "$RCFILE_HTTPD" ]] && notify "warning" "No configuration settings for an HTTP daemon - no start/restart of HTTP daemon is possible -- check configuration" [[ -z "$RCFILE_HTTPD" ]] && notify "warning" "No configuration settings for an HTTP daemon - no start/restart of HTTP daemon is possible -- check configuration"
for RCFILE in "${!RCFILE_@}"; do for RCFILE in "${!RCFILE_@}"; do
DAEMON="DAEMON_${RCFILE#RCFILE_}" DAEMON="DAEMON_${RCFILE#RCFILE_}"
PIDFILE="PIDFILE_${RCFILE#RCFILE_}" PIDFILE="PIDFILE_${RCFILE#RCFILE_}"
[[ -n "${!RCFILE}" ]] && [[ -z "${!DAEMON}" ]] && [[ -z "${!PIDFILE}" ]] && [[ ! -v "SERVICES_ERROR_REPORTED" ]] && notify "error" "'$RCFILE' is set, but neither '$DAEMON' nor '$PIDFILE' is set - at least one setting is required -- aborting" && ERR=1 [[ -n "${!RCFILE}" ]] && [[ -z "${!DAEMON}" ]] && [[ -z "${!PIDFILE}" ]] && notify "error" "'$RCFILE' is set, but neither '$DAEMON' nor '$PIDFILE' is set - at least one setting is required -- aborting" && ERR=1
done done
}
# Don't report configuration errors more than once. ((ERR == 1)) && return 1
((ERR == 1)) && SERVICES_ERROR_REPORTED=1 && return 1
return 0 return 0
} }
@ -198,6 +200,7 @@ deploy_cert() {
# The first time through this will create the files readable by root only, but better to err on the side of caution. # The first time through this will create the files readable by root only, but better to err on the side of caution.
# Subsequent runs will retain whatever permissions were set by the admin after the first run. # Subsequent runs will retain whatever permissions were set by the admin after the first run.
cmp "$CERTFILE" "$CERTSDIR/${DOMAIN}_cert.pem" >/dev/null 2>&1 || {
umask 066 umask 066
# shellcheck disable=SC2015 # shellcheck disable=SC2015
cat "$CERTFILE" >"$CERTSDIR/${DOMAIN}_cert.pem" && cat "$KEYFILE" >"$CERTSDIR/${DOMAIN}_key.pem" && cat "$CHAINFILE" >"$CERTSDIR/${DOMAIN}_chain.pem" && cat "$FULLCHAINFILE" >"$CERTSDIR/${DOMAIN}_fullchain.pem" || { cat "$CERTFILE" >"$CERTSDIR/${DOMAIN}_cert.pem" && cat "$KEYFILE" >"$CERTSDIR/${DOMAIN}_key.pem" && cat "$CHAINFILE" >"$CERTSDIR/${DOMAIN}_chain.pem" && cat "$FULLCHAINFILE" >"$CERTSDIR/${DOMAIN}_fullchain.pem" || {
@ -213,6 +216,7 @@ deploy_cert() {
# Return 0 so that dehydrated doesn't stop - there may be some more certificates to renew. # Return 0 so that dehydrated doesn't stop - there may be some more certificates to renew.
return 0 return 0
} }
}
# Notify the sysadmin of the sucessful renewal. # Notify the sysadmin of the sucessful renewal.
notify "information" "Sucessful renewal and deployment of certificate/key for '$DOMAIN'" notify "information" "Sucessful renewal and deployment of certificate/key for '$DOMAIN'"
@ -314,12 +318,22 @@ startup_hook() {
local LOG_PREFIX="Dehydrated startup" local LOG_PREFIX="Dehydrated startup"
# Read services configuration. # Read services configuration (with sanity check)
services || return 1 services 1 || return 1
# Make sure the certificates directory exists.
[[ -n "$CERTSDIR" ]] && {
umask 022
# shellcheck disable=SC2174
mkdir -p -m 0755 "$CERTSDIR" 2>/dev/null || {
notify "error" "Failed to create certificate storage directory -- aborting"
return 1
}
}
# If an HTTP daemon rc script is available and the service is not already running, start it. # If an HTTP daemon rc script is available and the service is not already running, start it.
[[ -n "$RCFILE_HTTPD" ]] && { [[ -n "$RCFILE_HTTPD" ]] && {
if ! pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1; then pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 || {
"$RCFILE_HTTPD" start >/dev/null 2>&1 "$RCFILE_HTTPD" start >/dev/null 2>&1
sleep 5 sleep 5
if pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1; then if pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1; then
@ -329,9 +343,7 @@ startup_hook() {
notify "error" "Failure of '$RCFILE_HTTPD' to start HTTP daemon -- aborting" notify "error" "Failure of '$RCFILE_HTTPD' to start HTTP daemon -- aborting"
return 1 return 1
fi fi
else }
notify "warning" "'$DAEMON_HTTPD' is already running - will not be shutdown at exit -- check server"
fi
} }
# Add firewall rules to allow HTTP traffic so the nonce can be validated. # Add firewall rules to allow HTTP traffic so the nonce can be validated.
@ -353,11 +365,16 @@ exit_hook() {
local DAEMON ERR=0 LOG_PREFIX="Dehydrated shutdown" PIDFILE RCFILE TIMEOUT=30 local DAEMON ERR=0 LOG_PREFIX="Dehydrated shutdown" PIDFILE RCFILE TIMEOUT=30
# Read services configuration. # Read services configuration (without sanity check - this was already done at startup)
services || return 1 services 0 || return 1
# Delete firewall rules that was added to allow HTTP traffic. # Delete firewall rules that was added to allow HTTP traffic.
{ iptables -D dehydrated -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT && ip6tables -D dehydrated -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT && iptables -D INPUT -j dehydrated && ip6tables -D INPUT -j dehydrated && iptables -X dehydrated && ip6tables -X dehydrated; } >/dev/null 2>&1 || notify "warning" "Failed to remove firewall rules that were added to allow HTTP traffic -- check server" iptables -C INPUT -j dehydrated >/dev/null 2>&1 && iptables -D INPUT -j dehydrated >/dev/null 2>&1
ip6tables -C INPUT -j dehydrated >/dev/null 2>&1 && ip6tables -D INPUT -j dehydrated >/dev/null 2>&1
iptables -F dehydrated >/dev/null 2>&1
ip6tables -F dehydrated >/dev/null 2>&1
iptables -X dehydrated >/dev/null 2>&1
ip6tables -X dehydrated >/dev/null 2>&1
# If the reload marker was set, restart services. # If the reload marker was set, restart services.
[[ -e /run/dehydrated-reload-marker ]] && { [[ -e /run/dehydrated-reload-marker ]] && {
@ -365,12 +382,12 @@ exit_hook() {
DAEMON="DAEMON_${RCFILE#RCFILE_}" DAEMON="DAEMON_${RCFILE#RCFILE_}"
PIDFILE="PIDFILE_${RCFILE#RCFILE_}" PIDFILE="PIDFILE_${RCFILE#RCFILE_}"
# If the HTTP daemon is going to be shut down, there's no need to restart it. # If the HTTP daemon is going to be shut down, there's no need to restart it.
[[ "$RCFILE" == "RCFILE_HTTPD" ]] && [[ ! -e /run/dehydrated-http-daemon-stop-marker ]] && continue [[ "$RCFILE" == "RCFILE_HTTPD" ]] && [[ -e /run/dehydrated-http-daemon-stop-marker ]] && continue
# Restart the service. # Restart the service.
"${!RCFILE}" restart >/dev/null 2>&1 || notify "warning" "Failed to restart service '${!DAEMON}' -- check server" "${!RCFILE}" restart >/dev/null 2>&1 || notify "warning" "Failed to restart service '${!DAEMON}' -- check server"
sleep "$TIMEOUT" sleep "$TIMEOUT"
pgrep -c ${PIDFILE:+-F "${!PIDFILE}"} "${!DAEMON}" >/dev/null 2>&1 || { pgrep -c ${PIDFILE:+-F "${!PIDFILE}"} "${!DAEMON}" >/dev/null 2>&1 || {
notice "warning" "Service '${!DAEMON}' exited unexpectedly - trying to start again" notify "warning" "Service '${!DAEMON}' exited unexpectedly - trying to start again"
"${!RCFILE}" start >/dev/null 2>&1 || notify "warning" "Failed to start service '${!DAEMON}' -- check server" "${!RCFILE}" start >/dev/null 2>&1 || notify "warning" "Failed to start service '${!DAEMON}' -- check server"
sleep "$TIMEOUT" sleep "$TIMEOUT"
pgrep -c ${PIDFILE:+-F "${!PIDFILE}"} "${!DAEMON}" >/dev/null 2>&1 || { pgrep -c ${PIDFILE:+-F "${!PIDFILE}"} "${!DAEMON}" >/dev/null 2>&1 || {
@ -415,7 +432,5 @@ if declare -pF "$HANDLER" >/dev/null 2>&1; then
"$HANDLER" "$@" "$HANDLER" "$@"
exit "$?" exit "$?"
else else
LOG_PREFIX="Dehydrated configuration" exit 0
notify "error" "Hook script called with undefined function name '$HANDLER' -- check configuration"
exit 1
fi fi