Replace the central app-name if-ladder in app_update_specifics.sh with a generic dispatcher: each app ships containers/<app>/scripts/<app>_update_specifics.sh defining appUpdateSpecifics_<app> (live-sourced by the container scan, dispatched by `declare -F` — same pattern as tools). A hook may set shouldrestart=true. Apps with no specifics ship no hook. - Move the adguard/pihole (DNS updater), dashy (conf refresh), focalboard (nobody ownership + restart), and libreportal (webui regen) branches to per-app hooks. - Move scripts/gluetun/gluetun_route_apps.sh -> containers/gluetun/scripts/ (scripts/gluetun/ removed). - Move scripts/install/install_crowdsec.sh -> containers/crowdsec/scripts/ crowdsec_install_host.sh; fix the path note in crowdsec.sh. - Regenerate arrays (moved files drop out; the per-app files are container-scanned, not arrayed). Dispatch verified with stubs: adguard/pihole/dashy/focalboard/libreportal behave identically to the old ladder (incl. shouldrestart propagation), apps without a hook are a clean no-op. The CLI itself had no per-app branches — app-specific CLI is already the (now fully modular) tools system. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
101 lines
4.0 KiB
Bash
101 lines
4.0 KiB
Bash
#!/bin/bash
|
|
|
|
# Category : Security
|
|
# Description : CrowdSec - Intrusion Prevention (c/u/s/r/i):
|
|
#
|
|
# Host-installed agent (apt + systemd) — no Docker container. Host install
|
|
# logic lives in scripts/crowdsec_install_host.sh (installCrowdsecHost) beside
|
|
# this file; install registration uses the shared hostAppInstall helper
|
|
# (scripts/install/host_app.sh). uninstall/stop/restartCrowdsec (below) are the
|
|
# host-side hooks dockerUninstallApp / dockerStopApp / dockerRestartApp invoke.
|
|
|
|
installCrowdsec()
|
|
{
|
|
local config_variables="$1"
|
|
|
|
if [[ "$crowdsec" == *[cCtTuUsSrRiI]* ]]; then
|
|
dockerConfigSetupToContainer silent crowdsec;
|
|
initializeAppVariables "$CFG_CROWDSEC_APP_NAME";
|
|
fi
|
|
local app_name=$CFG_CROWDSEC_APP_NAME
|
|
|
|
if [[ "$crowdsec" == *[cC]* ]]; then
|
|
editAppConfig $app_name;
|
|
fi
|
|
|
|
# Uninstall / stop / restart are NOT dispatched here — the CLI and menu call
|
|
# dockerUninstallApp / dockerStopApp / dockerRestartApp directly. Those run
|
|
# the generic docker teardown (a no-op for a host app) and then invoke the
|
|
# uninstall/stop/restartCrowdsec hooks (bottom of this file) for the
|
|
# host-side work.
|
|
|
|
if [[ "$crowdsec" == *[iI]* ]]; then
|
|
installCrowdsecHost;
|
|
|
|
if command -v cscli >/dev/null 2>&1; then
|
|
# Register crowdsec as an installed host app — apps DB row + WebUI regen.
|
|
hostAppInstall "$app_name";
|
|
|
|
# Monitoring: gather crowdsec's scrape fragment + Grafana dashboards
|
|
# into Prometheus/Grafana. Run unconditionally — the refresh is
|
|
# self-correcting (adds when CFG_CROWDSEC_MONITORING=true, removes
|
|
# crowdsec's entry when it's been toggled off). No-ops with a notice
|
|
# when Prometheus/Grafana aren't installed.
|
|
monitoringRefreshAll;
|
|
else
|
|
isNotice "cscli missing — crowdsec host install did not complete. Skipping registration."
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# Host-side uninstall, invoked by dockerUninstallApp's uninstall<App> hook.
|
|
# dockerUninstallApp already handles the generic teardown (data dir, DB rows,
|
|
# WebUI regen) — this does what the generic path can't: stopping + purging the
|
|
# apt packages and detaching the log bind-mounts.
|
|
uninstallCrowdsec()
|
|
{
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Stopping CrowdSec host services."
|
|
echo ""
|
|
local result=$(runSystem systemctl disable --now crowdsec-firewall-bouncer 2>&1)
|
|
checkSuccess "Disabling firewall bouncer"
|
|
local result=$(runSystem systemctl disable --now crowdsec 2>&1)
|
|
checkSuccess "Disabling agent"
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Removing CrowdSec packages."
|
|
echo ""
|
|
local result=$(runSystem DEBIAN_FRONTEND=noninteractive apt-get purge -y -q crowdsec crowdsec-firewall-bouncer-nftables </dev/null 2>&1)
|
|
checkSuccess "Purged packages"
|
|
local result=$(runSystem DEBIAN_FRONTEND=noninteractive apt-get autoremove -y -q </dev/null 2>&1)
|
|
checkSuccess "Removed orphaned dependencies"
|
|
|
|
crowdsecToggleLibrePortalLogMounts off
|
|
}
|
|
|
|
# Host-side stop, invoked by dockerStopApp's stop<App> hook. crowdsec ships no
|
|
# docker container, so dockerStopApp is a no-op — this stops the host agent +
|
|
# bouncer. The package stays installed; only Uninstall removes it.
|
|
stopCrowdsec()
|
|
{
|
|
isNotice "Stopping CrowdSec host services..."
|
|
local result=$(runSystem systemctl stop crowdsec-firewall-bouncer 2>&1)
|
|
checkSuccess "Stopped firewall bouncer"
|
|
local result=$(runSystem systemctl stop crowdsec 2>&1)
|
|
checkSuccess "Stopped agent"
|
|
}
|
|
|
|
# Host-side restart, invoked by dockerRestartApp's restart<App> hook. crowdsec
|
|
# ships no docker container, so dockerRestartApp is a no-op — this restarts the
|
|
# host agent + bouncer.
|
|
restartCrowdsec()
|
|
{
|
|
isNotice "Restarting CrowdSec host services..."
|
|
local result=$(runSystem systemctl restart crowdsec 2>&1)
|
|
checkSuccess "Restarted agent"
|
|
local result=$(runSystem systemctl restart crowdsec-firewall-bouncer 2>&1)
|
|
checkSuccess "Restarted firewall bouncer"
|
|
}
|