aboutsummaryrefslogtreecommitdiff
path: root/share/provision
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2020-12-13 10:25:19 -0300
committerSilvio Rhatto <rhatto@riseup.net>2020-12-13 10:25:19 -0300
commit7799e36e0f057625f29bba0394597da5645fcc30 (patch)
treeae294d1c763f38f9d0b007f71291aa22b9f7e846 /share/provision
parent71e615a3faae973342ae5debdd76b28a33430817 (diff)
downloadkvmx-7799e36e0f057625f29bba0394597da5645fcc30.tar.gz
kvmx-7799e36e0f057625f29bba0394597da5645fcc30.tar.bz2
Fix: provision cleanup and organize
Diffstat (limited to 'share/provision')
-rwxr-xr-xshare/provision/debian/basic (renamed from share/provision/basic)0
-rwxr-xr-xshare/provision/debian/desktop-basic (renamed from share/provision/desktop-basic)0
-rwxr-xr-xshare/provision/debian/desktop-full (renamed from share/provision/desktop-full)0
-rwxr-xr-xshare/provision/debian/development (renamed from share/provision/development)0
-rw-r--r--share/provision/debian/files/desktop-basic/etc/default/keyboard (renamed from share/provision/files/desktop-basic/etc/default/keyboard)0
-rw-r--r--share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf (renamed from share/provision/files/desktop-basic/etc/lightdm/lightdm.conf)0
-rw-r--r--share/provision/debian/files/desktop-basic/home/user/.custom/xsession (renamed from share/provision/files/desktop-basic/home/user/.custom/xsession)0
-rwxr-xr-xshare/provision/debian/lsd (renamed from share/provision/lsd)0
-rwxr-xr-xshare/provision/debian/messenger (renamed from share/provision/messenger)0
-rwxr-xr-xshare/provision/debian/openbox (renamed from share/provision/openbox)12
-rwxr-xr-xshare/provision/debian/openvpn (renamed from share/provision/openvpn)0
-rwxr-xr-xshare/provision/debian/tor-browser (renamed from share/provision/tor-browser)0
-rwxr-xr-xshare/provision/debian/trashman (renamed from share/provision/trashman)0
-rwxr-xr-xshare/provision/debian/web-basic (renamed from share/provision/web-basic)0
-rwxr-xr-xshare/provision/debian/web-full (renamed from share/provision/web-full)0
-rwxr-xr-xshare/provision/debian/webserver (renamed from share/provision/webserver)0
-rwxr-xr-xshare/provision/debian/wireguard (renamed from share/provision/wireguard)0
-rw-r--r--share/provision/files/njalla-openvpn/etc/ferm/ferm.conf181
-rw-r--r--share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules2
-rwxr-xr-xshare/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh39
-rw-r--r--share/provision/files/njalla-wireguard/etc/ferm/ferm.conf179
-rw-r--r--share/provision/files/njalla-wireguard/etc/udev/rules.d/81-vpn-firewall.rules2
-rwxr-xr-xshare/provision/files/njalla-wireguard/usr/local/bin/fermreload.sh39
-rwxr-xr-xshare/provision/njalla-openvpn49
-rwxr-xr-xshare/provision/njalla-wireguard42
25 files changed, 10 insertions, 535 deletions
diff --git a/share/provision/basic b/share/provision/debian/basic
index 11a4d7d..11a4d7d 100755
--- a/share/provision/basic
+++ b/share/provision/debian/basic
diff --git a/share/provision/desktop-basic b/share/provision/debian/desktop-basic
index ec49414..ec49414 100755
--- a/share/provision/desktop-basic
+++ b/share/provision/debian/desktop-basic
diff --git a/share/provision/desktop-full b/share/provision/debian/desktop-full
index b4dce46..b4dce46 100755
--- a/share/provision/desktop-full
+++ b/share/provision/debian/desktop-full
diff --git a/share/provision/development b/share/provision/debian/development
index bb2f890..bb2f890 100755
--- a/share/provision/development
+++ b/share/provision/debian/development
diff --git a/share/provision/files/desktop-basic/etc/default/keyboard b/share/provision/debian/files/desktop-basic/etc/default/keyboard
index f18fc73..f18fc73 100644
--- a/share/provision/files/desktop-basic/etc/default/keyboard
+++ b/share/provision/debian/files/desktop-basic/etc/default/keyboard
diff --git a/share/provision/files/desktop-basic/etc/lightdm/lightdm.conf b/share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf
index 7614cc2..7614cc2 100644
--- a/share/provision/files/desktop-basic/etc/lightdm/lightdm.conf
+++ b/share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf
diff --git a/share/provision/files/desktop-basic/home/user/.custom/xsession b/share/provision/debian/files/desktop-basic/home/user/.custom/xsession
index ee206e0..ee206e0 100644
--- a/share/provision/files/desktop-basic/home/user/.custom/xsession
+++ b/share/provision/debian/files/desktop-basic/home/user/.custom/xsession
diff --git a/share/provision/lsd b/share/provision/debian/lsd
index 2b4a35e..2b4a35e 100755
--- a/share/provision/lsd
+++ b/share/provision/debian/lsd
diff --git a/share/provision/messenger b/share/provision/debian/messenger
index bdd8f7e..bdd8f7e 100755
--- a/share/provision/messenger
+++ b/share/provision/debian/messenger
diff --git a/share/provision/openbox b/share/provision/debian/openbox
index 26a6db0..df47622 100755
--- a/share/provision/openbox
+++ b/share/provision/debian/openbox
@@ -28,5 +28,13 @@ APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
# Use a stacked window manager to reduce browser fingerprinting
$APT_INSTALL openbox gmrun
-apps/metadot/metadot load openbox
-sed -i -e 's/^WINDOW_MANAGER=.*$/WINDOW_MANAGER="openbox"/' $HOME/.custom/xsession
+
+# Dotfiles configuration
+if [ -x "$HOME/apps/metadot/metadot" ]; then
+ $HOME/apps/metadot/metadot load openbox
+fi
+
+# Custom xsession config
+if [ -f "$HOME/.custom/xsession" ]; then
+ sed -i -e 's/^WINDOW_MANAGER=.*$/WINDOW_MANAGER="openbox"/' $HOME/.custom/xsession
+fi
diff --git a/share/provision/openvpn b/share/provision/debian/openvpn
index 5722c3e..5722c3e 100755
--- a/share/provision/openvpn
+++ b/share/provision/debian/openvpn
diff --git a/share/provision/tor-browser b/share/provision/debian/tor-browser
index afbab58..afbab58 100755
--- a/share/provision/tor-browser
+++ b/share/provision/debian/tor-browser
diff --git a/share/provision/trashman b/share/provision/debian/trashman
index b1f7bc5..b1f7bc5 100755
--- a/share/provision/trashman
+++ b/share/provision/debian/trashman
diff --git a/share/provision/web-basic b/share/provision/debian/web-basic
index 11a94b5..11a94b5 100755
--- a/share/provision/web-basic
+++ b/share/provision/debian/web-basic
diff --git a/share/provision/web-full b/share/provision/debian/web-full
index a21a15d..a21a15d 100755
--- a/share/provision/web-full
+++ b/share/provision/debian/web-full
diff --git a/share/provision/webserver b/share/provision/debian/webserver
index 650452f..650452f 100755
--- a/share/provision/webserver
+++ b/share/provision/debian/webserver
diff --git a/share/provision/wireguard b/share/provision/debian/wireguard
index 0aad2c9..0aad2c9 100755
--- a/share/provision/wireguard
+++ b/share/provision/debian/wireguard
diff --git a/share/provision/files/njalla-openvpn/etc/ferm/ferm.conf b/share/provision/files/njalla-openvpn/etc/ferm/ferm.conf
deleted file mode 100644
index a25a3d2..0000000
--- a/share/provision/files/njalla-openvpn/etc/ferm/ferm.conf
+++ /dev/null
@@ -1,181 +0,0 @@
-# -*- shell-script -*-
-#
-# Configuration file for ferm(1).
-#
-# V: 0.1
-#
-# ferm manual: http://ferm.foo-projects.org/download/2.2/ferm.html
-# Blog post: https://blog.ipredator.se/linux-firewall-howto.html
-#
-
-# Really make sure that these modules exist and are loaded.
-@hook pre "/sbin/modprobe nf_conntrack_ftp";
-@hook pre "/sbin/modprobe nfnetlink_log";
-
-# Network interfaces.
-#@def $DEV_LAN = eth0;
-@def $DEV_LAN = ens3;
-@def $DEV_LOOPBACK = lo0;
-@def $DEV_VPN = tun0;
-
-# Network definition for the loopback device. This is needed to allow
-# DNS resolution on Ubuntu Linux where the local resolver is bound
-# to 127.0.1.1 - as opposed to the default 127.0.0.1.
-@def $NET_LOOPBACK = 127.0.0.0/8;
-
-# Common application ports.
-@def $PORT_DNS = 53;
-@def $PORT_FTP = ( 20 21 );
-@def $PORT_NTP = 123;
-@def $PORT_SSH = 22;
-@def $PORT_WEB = ( 80 443 );
-
-# The ports we allow OpenVPN to connect to. IPredator allows you
-# to connect on _any_ port. Simply add more ports if desired but
-# stick to only those that you really need.
-@def $PORT_OPENVPN = (1194 1234 1337 2342 5060);
-
-# See https://blog.ipredator.se/howto/restricting-transmission-to-the-vpn-interface-on-ubuntu-linux.html
-# Ports Transmission is allowed to use.
-@def $PORT_TRANSMISSION = 16384:65535;
-
-# Public DNS servers and those that are only reachable via VPN.
-# DNS servers are specified in the outbound DNS rules to prevent DNS leaks
-# (https://www.dnsleaktest.com/). The public DNS servers configured on your
-# system should be the IPredator ones (https://www.ipredator.se/page/services#service_dns),
-# but you need to verify this.
-#
-@def $IP_DNS_IPR_PUBLIC = (194.132.32.32/32 46.246.46.246/32);
-
-# Add your ISP name server to this object if you want to restrict
-# which DNS servers can be queried.
-@def $IP_DNS_PUBLIC = 0.0.0.0/0;
-
-# DNS server available within the VPN.
-@def $IP_DNS_VPN = ( 46.246.46.46/32 194.132.32.23/32 );
-
-# Make sure to use the proper VPN interface (e.g. tun0 in this case).
-# Note: You cannot reference $DEV_VPN here, substition does not take
-# place for commands passed to a sub shell.
-@def $VPN_ACTIVE = `ip link show tun0 >/dev/null 2>/dev/null && echo 1 || echo`;
-
-# VPN interface conditional. If true the following rules are loaded.
-@if $VPN_ACTIVE {
- domain ip {
- table filter {
- chain INPUT {
- interface $DEV_VPN {
- proto (tcp udp) dport $PORT_TRANSMISSION ACCEPT;
- }
- }
- chain OUTPUT {
- # Default allowed outbound services on the VPN interface.
- # If you need more simply add your rules here.
- outerface $DEV_VPN {
- proto (tcp udp) daddr ( $IP_DNS_VPN $IP_DNS_IPR_PUBLIC ) dport $PORT_DNS ACCEPT;
- proto tcp dport $PORT_FTP ACCEPT;
- proto udp dport $PORT_NTP ACCEPT;
- proto tcp dport $PORT_SSH ACCEPT;
- proto (tcp udp) sport $PORT_TRANSMISSION ACCEPT;
- proto tcp dport $PORT_WEB ACCEPT;
- }
- }
- }
- }
-}
-
-# The main IPv4 rule set.
-domain ip {
- table filter {
- chain INPUT {
- # The default policy for the chain. Usually ACCEPT or DROP or REJECT.
- policy DROP;
-
- # Connection tracking.
- mod state state INVALID DROP;
- mod state state (ESTABLISHED RELATED) ACCEPT;
-
- # Allow local traffic to loopback interface.
- daddr $NET_LOOPBACK ACCEPT;
-
- # Allow inbound SSH on your LAN interface _only_.
- interface $DEV_LAN {
- proto tcp dport $PORT_SSH ACCEPT;
- }
-
- # Respond to ping ... makes debugging easier.
- proto icmp icmp-type echo-request ACCEPT;
-
- # Log dropped packets.
- NFLOG nflog-group 1;
- DROP;
- }
-
- chain OUTPUT {
- policy DROP;
-
- # Connection tracking.
- mod state state INVALID DROP;
- mod state state (ESTABLISHED RELATED) ACCEPT;
-
- # Allow local traffic from the loopback interface.
- saddr $NET_LOOPBACK ACCEPT;
-
- # Respond to ping.
- proto icmp icmp-type echo-request ACCEPT;
-
- # Allowed services on the LAN interface.
- outerface $DEV_LAN {
- proto (tcp udp) daddr $IP_DNS_PUBLIC dport $PORT_DNS ACCEPT;
- proto udp dport $PORT_NTP ACCEPT;
- proto (tcp udp) dport $PORT_OPENVPN ACCEPT;
- proto tcp dport $PORT_SSH ACCEPT;
- }
-
- # Log dropped packets.
- NFLOG nflog-group 1;
- DROP;
- }
-
- chain FORWARD {
- policy DROP;
-
- # If you use your machine to route traffic eg.
- # from a VM you have to add rules here!
-
- # Log dropped packets.
- NFLOG nflog-group 1;
- DROP;
- }
- }
-}
-
-# IPv6 is generally disabled, communication on the loopback device is allowed.
-domain ip6 {
- table filter {
- chain INPUT {
- policy DROP;
-
- # Allow local traffic.
- interface $DEV_LOOPBACK ACCEPT;
-
- # Log dropped packets.
- NFLOG nflog-group 1;
- DROP;
- }
- chain OUTPUT {
- policy DROP;
-
- # Log dropped packets.
- NFLOG nflog-group 1;
- DROP;
- }
- chain FORWARD {
- policy DROP;
-
- # Log dropped packets.
- NFLOG nflog-group 1;
- DROP;
- }
- }
-}
diff --git a/share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules b/share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules
deleted file mode 100644
index 64d8bd1..0000000
--- a/share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules
+++ /dev/null
@@ -1,2 +0,0 @@
-KERNEL=="tun0", ACTION=="add", RUN+="/usr/local/bin/fermreload.sh add"
-KERNEL=="tun0", ACTION=="remove", RUN+="/usr/local/bin/fermreload.sh remove"
diff --git a/share/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh b/share/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh
deleted file mode 100755
index cebf7cc..0000000
--- a/share/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/bash
-#
-# fermreload.sh
-# V: 0.1
-#
-# Reloads the ferm firewall ruleset and is invoked by
-# the udev via /etc/udev/rules.d/81-vpn-firewall.rules.
-#
-# IPredator 2014
-# Released under the Kopimi license.
-#
-# Blog post: https://blog.ipredator.se/linux-firewall-howto.html
-#
-
-LOGGER=/usr/bin/logger
-LOGGER_TAG=$0
-
-UDEV_ACTION=$1
-
-FERM=/usr/sbin/ferm
-FERM_CONF=/etc/ferm/ferm.conf
-
-MSG_FW_RULE_ADD="Adding VPN firewall rules."
-MSG_FW_RULE_REMOVE="Removing VPN firewall rules."
-MSG_UDEV_ACTION_UNKNOWN="Unknown udev action."
-
-case "$UDEV_ACTION" in
- add)
- $LOGGER -t $LOGGER_TAG $MSG_FW_RULE_ADD
- $FERM $FERM_CONF
- ;;
- remove)
- $LOGGER -t $LOGGER_TAG $MSG_FW_RULE_REMOVE
- $FERM $FERM_CONF
- ;;
- *)
- $LOGGER -t $LOGGER_TAG $MSG_UDEV_ACTION_UNKNOWN
- exit 1
-esac
diff --git a/share/provision/files/njalla-wireguard/etc/ferm/ferm.conf b/share/provision/files/njalla-wireguard/etc/ferm/ferm.conf
deleted file mode 100644
index 9ef8208..0000000
--- a/share/provision/files/njalla-wireguard/etc/ferm/ferm.conf
+++ /dev/null
@@ -1,179 +0,0 @@
-# -*- shell-script -*-
-#
-# Configuration file for ferm(1).
-#
-# V: 0.1
-#
-# ferm manual: http://ferm.foo-projects.org/download/2.2/ferm.html
-# Blog post: https://blog.ipredator.se/linux-firewall-howto.html
-#
-
-# Really make sure that these modules exist and are loaded.
-@hook pre "/sbin/modprobe nf_conntrack_ftp";
-@hook pre "/sbin/modprobe nfnetlink_log";
-
-# Network interfaces.
-#@def $DEV_LAN = eth0;
-@def $DEV_LAN = ens3;
-@def $DEV_LOOPBACK = lo0;
-@def $DEV_VPN = wg0;
-
-# Network definition for the loopback device. This is needed to allow
-# DNS resolution on Ubuntu Linux where the local resolver is bound
-# to 127.0.1.1 - as opposed to the default 127.0.0.1.
-@def $NET_LOOPBACK = 127.0.0.0/8;
-
-# Common application ports.
-@def $PORT_DNS = 53;
-@def $PORT_FTP = ( 20 21 );
-@def $PORT_NTP = 123;
-@def $PORT_SSH = 22;
-@def $PORT_WEB = ( 80 443 );
-
-# The ports we allow to connect to.
-@def $PORT_WIREGUARD = ( 51820 );
-
-# See https://blog.ipredator.se/howto/restricting-transmission-to-the-vpn-interface-on-ubuntu-linux.html
-# Ports Transmission is allowed to use.
-@def $PORT_TRANSMISSION = 16384:65535;
-
-# Public DNS servers and those that are only reachable via VPN.
-# DNS servers are specified in the outbound DNS rules to prevent DNS leaks
-# (https://www.dnsleaktest.com/). The public DNS servers configured on your
-# system should be the IPredator ones (https://www.ipredator.se/page/services#service_dns),
-# but you need to verify this.
-#
-@def $IP_DNS_IPR_PUBLIC = ( 95.215.19.53/32 );
-
-# Add your ISP name server to this object if you want to restrict
-# which DNS servers can be queried.
-@def $IP_DNS_PUBLIC = 0.0.0.0/0;
-
-# DNS server available within the VPN.
-@def $IP_DNS_VPN = ( 95.215.19.53/32 );
-
-# Make sure to use the proper VPN interface (e.g. wg0 in this case).
-# Note: You cannot reference $DEV_VPN here, substition does not take
-# place for commands passed to a sub shell.
-@def $VPN_ACTIVE = `ip link show wg0 >/dev/null 2>/dev/null && echo 1 || echo`;
-
-# VPN interface conditional. If true the following rules are loaded.
-@if $VPN_ACTIVE {
- domain ip {
- table filter {
- chain INPUT {
- interface $DEV_VPN {
- proto (tcp udp) dport $PORT_TRANSMISSION ACCEPT;
- }
- }
- chain OUTPUT {
- # Default allowed outbound services on the VPN interface.
- # If you need more simply add your rules here.
- outerface $DEV_VPN {
- proto (tcp udp) daddr ( $IP_DNS_VPN $IP_DNS_IPR_PUBLIC ) dport $PORT_DNS ACCEPT;
- proto tcp dport $PORT_FTP ACCEPT;
- proto udp dport $PORT_NTP ACCEPT;
- proto tcp dport $PORT_SSH ACCEPT;
- proto (tcp udp) sport $PORT_TRANSMISSION ACCEPT;
- proto tcp dport $PORT_WEB ACCEPT;
- }
- }
- }
- }
-}
-
-# The main IPv4 rule set.
-domain ip {
- table filter {
- chain INPUT {
- # The default policy for the chain. Usually ACCEPT or DROP or REJECT.
- policy DROP;
-
- # Connection tracking.
- mod state state INVALID DROP;
- mod state state (ESTABLISHED RELATED) ACCEPT;
-
- # Allow local traffic to loopback interface.
- daddr $NET_LOOPBACK ACCEPT;
-
- # Allow inbound SSH on your LAN interface _only_.
- interface $DEV_LAN {
- proto tcp dport $PORT_SSH ACCEPT;
- }
-
- # Respond to ping ... makes debugging easier.
- proto icmp icmp-type echo-request ACCEPT;
-
- # Log dropped packets.
- NFLOG nflog-group 1;
- DROP;
- }
-
- chain OUTPUT {
- policy DROP;
-
- # Connection tracking.
- mod state state INVALID DROP;
- mod state state (ESTABLISHED RELATED) ACCEPT;
-
- # Allow local traffic from the loopback interface.
- saddr $NET_LOOPBACK ACCEPT;
-
- # Respond to ping.
- proto icmp icmp-type echo-request ACCEPT;
-
- # Allowed services on the LAN interface.
- outerface $DEV_LAN {
- proto (tcp udp) daddr $IP_DNS_PUBLIC dport $PORT_DNS ACCEPT;
- proto udp dport $PORT_NTP ACCEPT;
- proto (tcp udp) dport $PORT_WIREGUARD ACCEPT;
- proto tcp dport $PORT_SSH ACCEPT;
- }
-
- # Log dropped packets.
- NFLOG nflog-group 1;
- DROP;
- }
-
- chain FORWARD {
- policy DROP;
-
- # If you use your machine to route traffic eg.
- # from a VM you have to add rules here!
-
- # Log dropped packets.
- NFLOG nflog-group 1;
- DROP;
- }
- }
-}
-
-# IPv6 is generally disabled, communication on the loopback device is allowed.
-domain ip6 {
- table filter {
- chain INPUT {
- policy DROP;
-
- # Allow local traffic.
- interface $DEV_LOOPBACK ACCEPT;
-
- # Log dropped packets.
- NFLOG nflog-group 1;
- DROP;
- }
- chain OUTPUT {
- policy DROP;
-
- # Log dropped packets.
- NFLOG nflog-group 1;
- DROP;
- }
- chain FORWARD {
- policy DROP;
-
- # Log dropped packets.
- NFLOG nflog-group 1;
- DROP;
- }
- }
-}
diff --git a/share/provision/files/njalla-wireguard/etc/udev/rules.d/81-vpn-firewall.rules b/share/provision/files/njalla-wireguard/etc/udev/rules.d/81-vpn-firewall.rules
deleted file mode 100644
index 8c9d744..0000000
--- a/share/provision/files/njalla-wireguard/etc/udev/rules.d/81-vpn-firewall.rules
+++ /dev/null
@@ -1,2 +0,0 @@
-KERNEL=="wg0", ACTION=="add", RUN+="/usr/local/bin/fermreload.sh add"
-KERNEL=="wg0", ACTION=="remove", RUN+="/usr/local/bin/fermreload.sh remove"
diff --git a/share/provision/files/njalla-wireguard/usr/local/bin/fermreload.sh b/share/provision/files/njalla-wireguard/usr/local/bin/fermreload.sh
deleted file mode 100755
index cebf7cc..0000000
--- a/share/provision/files/njalla-wireguard/usr/local/bin/fermreload.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/bash
-#
-# fermreload.sh
-# V: 0.1
-#
-# Reloads the ferm firewall ruleset and is invoked by
-# the udev via /etc/udev/rules.d/81-vpn-firewall.rules.
-#
-# IPredator 2014
-# Released under the Kopimi license.
-#
-# Blog post: https://blog.ipredator.se/linux-firewall-howto.html
-#
-
-LOGGER=/usr/bin/logger
-LOGGER_TAG=$0
-
-UDEV_ACTION=$1
-
-FERM=/usr/sbin/ferm
-FERM_CONF=/etc/ferm/ferm.conf
-
-MSG_FW_RULE_ADD="Adding VPN firewall rules."
-MSG_FW_RULE_REMOVE="Removing VPN firewall rules."
-MSG_UDEV_ACTION_UNKNOWN="Unknown udev action."
-
-case "$UDEV_ACTION" in
- add)
- $LOGGER -t $LOGGER_TAG $MSG_FW_RULE_ADD
- $FERM $FERM_CONF
- ;;
- remove)
- $LOGGER -t $LOGGER_TAG $MSG_FW_RULE_REMOVE
- $FERM $FERM_CONF
- ;;
- *)
- $LOGGER -t $LOGGER_TAG $MSG_UDEV_ACTION_UNKNOWN
- exit 1
-esac
diff --git a/share/provision/njalla-openvpn b/share/provision/njalla-openvpn
deleted file mode 100755
index eb8d1f4..0000000
--- a/share/provision/njalla-openvpn
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/bin/env bash
-#
-# Full desktop provision example
-#
-# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published
-# by the Free Software Foundation, either version 3 of the License,
-# or any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-# Parameters
-DIRNAME="`dirname $0`"
-BASENAME="`basename $0`"
-HOSTNAME="$1"
-DOMAIN="$2"
-MIRROR="$3"
-APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
-
-# Provision the basic stuff
-$DIRNAME/openvpn $HOSTNAME $DOMAIN $MIRROR
-
-# Firewall
-$APT_INSTALL ferm ulogd2 ulogd2-pcap
-sudo cp $DIRNAME/files/njalla-openvpn/etc/ferm/ferm.conf /etc/ferm
-sudo cp $DIRNAME/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules /etc/udev/rules.d
-sudo cp $DIRNAME/files/njalla-openvpn/usr/local/bin/fermreload.sh /usr/local/bin
-sudo chmod 555 /usr/local/bin/fermreload.sh
-sudo sed -i -e 's/^ENABLED=.*$/ENABLED="yes"/' /etc/default/ferm
-sudo service ferm restart
-
-# Njalla
-#sudo cp $DIRNAME/files/njalla/etc/openvpn/njalla.conf /etc/openvpn
-#sudo touch /etc/openvpn/njalla.auth
-#sudo chown root:root /etc/openvpn/njalla.conf
-#sudo chown root:root /etc/openvpn/njalla.auth
-#sudo chmod 400 /etc/openvpn/njalla.conf
-#sudo chmod 400 /etc/openvpn/njalla.auth
-#echo "Please set user/password at /etc/openvpn/njalla.auth"
-echo "Please configure /etc/openvpn/njalla.conf"
diff --git a/share/provision/njalla-wireguard b/share/provision/njalla-wireguard
deleted file mode 100755
index df364bf..0000000
--- a/share/provision/njalla-wireguard
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/env bash
-#
-# Full desktop provision example
-#
-# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published
-# by the Free Software Foundation, either version 3 of the License,
-# or any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-# Parameters
-DIRNAME="`dirname $0`"
-BASENAME="`basename $0`"
-HOSTNAME="$1"
-DOMAIN="$2"
-MIRROR="$3"
-APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
-
-# Provision the basic stuff
-$DIRNAME/wireguard $HOSTNAME $DOMAIN $MIRROR
-
-# Firewall
-$APT_INSTALL ferm ulogd2 ulogd2-pcap
-sudo cp $DIRNAME/files/njalla-wireguard/etc/ferm/ferm.conf /etc/ferm
-sudo cp $DIRNAME/files/njalla-wireguard/etc/udev/rules.d/81-vpn-firewall.rules /etc/udev/rules.d
-sudo cp $DIRNAME/files/njalla-wireguard/usr/local/bin/fermreload.sh /usr/local/bin
-sudo chmod 555 /usr/local/bin/fermreload.sh
-sudo sed -i -e 's/^ENABLED=.*$/ENABLED="yes"/' /etc/default/ferm
-sudo service ferm restart
-
-# Njalla
-echo "Please configure /etc/wireguard/ng0.conf"