- restic_install, crowdsec_update/verify_firewall/fix_priority: pure host ops (apt/cscli/nft/systemctl, /etc/crowdsec) -> runSystem. - kopia_backup/borg_restore: ignore-file/target tee+chown+mkdir -> runFileOp/ runFileWrite; kept the 'sudo -E -u dockerinstall' engine calls as-is — those already run as the unprivileged backup user (least-privilege; the scoped sudoers will permit (dockerinstall)). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
41 lines
1.3 KiB
Bash
41 lines
1.3 KiB
Bash
#!/bin/bash
|
|
|
|
appCrowdSecUpdate() {
|
|
isHeader "Update CrowdSec"
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Updating apt package index."
|
|
echo ""
|
|
local result=$(runSystem apt-get update)
|
|
checkSuccess "apt-get update"
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Upgrading CrowdSec packages."
|
|
echo ""
|
|
local result=$(runSystem apt-get install -y --only-upgrade crowdsec crowdsec-firewall-bouncer-nftables)
|
|
checkSuccess "Upgraded crowdsec + crowdsec-firewall-bouncer-nftables"
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Refreshing hub collections."
|
|
echo ""
|
|
local result=$(runSystem cscli hub update)
|
|
checkSuccess "Refreshed hub index"
|
|
local result=$(runSystem cscli hub upgrade)
|
|
checkSuccess "Upgraded installed collections"
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Reloading services."
|
|
echo ""
|
|
local result=$(runSystem systemctl reload crowdsec)
|
|
checkSuccess "Reloaded crowdsec agent"
|
|
local result=$(runSystem systemctl restart crowdsec-firewall-bouncer)
|
|
checkSuccess "Restarted crowdsec-firewall-bouncer"
|
|
|
|
isSuccessful "CrowdSec updated. Run 'crowdsec_verify_firewall' if you want to re-check nftables priorities."
|
|
menu_number=0
|
|
}
|