Reinstall test on Debian 12 surfaced three rootless-only breakages (rooted was byte-identical/fine): 1. pasta blocked by Debian's passt AppArmor profile (DENIED ptrace read -> can't open container netns -> rootless dockerd never starts). Default CFG_ROOTLESS_NET back to slirp4netns (reliable); pasta stays selectable for hosts that relax the profile. 2. de-sudo mis-assigned helpers by owner. /docker management layer (apps DB chowned to libreportal by install_sqlite, /docker/logs) is MANAGER-owned, not dockerinstall. Add runInstallWrite; move apps-DB sqlite3 -> runInstallOp and /docker/logs appends -> runInstallWrite. Revert ownership-SETUP scripts (libreportal_folders, app_folder) to runSystem — they must run as root to establish ownership during install. Container files (/docker/containers/<app>) stay runFileOp. 3. kernel hardening sysctls written to /etc/sysctl/99-custom.conf, which 'sysctl --system' does not read -> never applied. Write them to /etc/sysctl.d/99-libreportal-hardening.conf instead. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
128 lines
3.3 KiB
Bash
Executable File
128 lines
3.3 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Category : Networking
|
|
# Description : Self-hosted WireGuard orchestrator (c/u/s/r/i):
|
|
|
|
installHeadscale()
|
|
{
|
|
local config_variables="$1"
|
|
|
|
if [[ "$headscale" == *[cCtTuUsSrRiI]* ]]; then
|
|
dockerConfigSetupToContainer silent headscale;
|
|
local app_name=$CFG_HEADSCALE_APP_NAME
|
|
initializeAppVariables $app_name;
|
|
fi
|
|
|
|
if [[ "$headscale" == *[cC]* ]]; then
|
|
editAppConfig $app_name;
|
|
fi
|
|
|
|
if [[ "$headscale" == *[uU]* ]]; then
|
|
dockerUninstallApp $app_name;
|
|
fi
|
|
|
|
if [[ "$headscale" == *[sS]* ]]; then
|
|
dockerComposeDown $app_name;
|
|
fi
|
|
|
|
if [[ "$headscale" == *[rR]* ]]; then
|
|
dockerComposeRestart $app_name;
|
|
fi
|
|
|
|
if [[ "$headscale" == *[iI]* ]]; then
|
|
isHeader "Install $app_name"
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Setting up install folder and config file for $app_name."
|
|
echo ""
|
|
|
|
dockerConfigSetupToContainer "loud" "$app_name" "install" "$config_variables";
|
|
isSuccessful "Install folders and Config files have been setup for $app_name."
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Setting up the $app_name docker-compose.yml file."
|
|
echo ""
|
|
|
|
dockerComposeSetupFile $app_name;
|
|
|
|
local result=$(createFolders "loud" $docker_install_user $containers_dir$app_name/config)
|
|
checkSuccess "Create config folder"
|
|
|
|
local result=$(copyResource "$app_name" "config.yaml" "config" | runInstallWrite -a "$logs_dir/$docker_log_file" 2>&1)
|
|
checkSuccess "Copying config.yaml to config folder."
|
|
|
|
configSetupFileWithData $app_name "config.yaml" "config";
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Updating file permissions before starting."
|
|
echo ""
|
|
|
|
fixPermissionsBeforeStart $app_name;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Running the docker-compose.yml to install and start $app_name"
|
|
echo ""
|
|
|
|
dockerComposeUpdateAndStartApp $app_name install;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Running Application specific updates (if required)"
|
|
echo ""
|
|
|
|
appUpdateSpecifics $app_name;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Running Headscale setup (if required)"
|
|
echo ""
|
|
|
|
setupHeadscale $app_name;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Setting up database records"
|
|
echo ""
|
|
|
|
databaseInstallApp $app_name;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Updating WebUI config file."
|
|
echo ""
|
|
|
|
webuiContainerSetup $app_name install;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Refreshing monitoring integration."
|
|
echo ""
|
|
|
|
monitoringRefreshAll;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. You can find $app_name files at $containers_dir$app_name"
|
|
echo ""
|
|
echo " You can now navigate to your $app_name service using any of the options below : "
|
|
echo ""
|
|
echo " NOTE - The password to login in defined in the yml install file that was installed"
|
|
echo ""
|
|
|
|
menuShowFinalMessages $app_name;
|
|
|
|
menu_number=0
|
|
#sleep 3s
|
|
cd
|
|
fi
|
|
headscale=n
|
|
}
|