Each app now carries everything under containers/<app>/: Tools-tab actions in tools/ (declaration <app>.tools.json + function <app>_<tool_id>.sh) and logic helpers in scripts/ (e.g. <app>_auth.sh). The container scan live-sources every .sh under the app (maxdepth 3, prunes only resources/) and webui_tools.sh auto-merges the .tools.json, so an app is a true drop-in — no central edit, no array regen. - Empty the central webui_tools.sh heredoc; all 34 tools across 11 apps now come from per-app declarations (verified byte-identical to the old output). - Retire the orphaned mattermost tool scripts to scripts/unused (there is no containers/mattermost; its install fn already lived in unused). - Update the dispatch comment/error path, the auth-adapter doc, and DEVELOPMENT.md to the new convention. - Regenerate static arrays (files_app.sh no longer lists app/containers/*). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
34 lines
1.4 KiB
Bash
34 lines
1.4 KiB
Bash
#!/bin/bash
|
|
|
|
appCrowdSecVerifyFirewall() {
|
|
echo "=== nftables tables present ==="
|
|
runSystem nft list tables 2>&1
|
|
echo
|
|
echo "=== chain priorities (input hook) ==="
|
|
runSystem nft list ruleset 2>/dev/null | grep -E 'chain |hook input.*priority' | head -30
|
|
echo
|
|
echo "=== priority comparison ==="
|
|
local cs_prio ufw_prio
|
|
cs_prio=$(runSystem nft list ruleset 2>/dev/null | awk '/table .* crowdsec/{flag=1} flag && /priority/{match($0,/priority [-0-9]+/); print substr($0,RSTART+9,RLENGTH-9); exit}')
|
|
ufw_prio=$(runSystem nft list ruleset 2>/dev/null | awk '/chain ufw[a-z0-9-]*input/{flag=1} flag && /priority/{match($0,/priority [-0-9]+/); print substr($0,RSTART+9,RLENGTH-9); exit}')
|
|
|
|
echo "CrowdSec priority: ${cs_prio:-not present}"
|
|
echo "UFW priority: ${ufw_prio:-not present}"
|
|
|
|
if [[ -z "$cs_prio" ]]; then
|
|
isNotice "CrowdSec nftables table missing — bouncer may not be running."
|
|
runSystem systemctl is-active crowdsec-firewall-bouncer
|
|
return 1
|
|
fi
|
|
if [[ -z "$ufw_prio" ]]; then
|
|
isSuccessful "UFW not in nftables — no ordering needed."
|
|
return 0
|
|
fi
|
|
if [[ "$cs_prio" -lt "$ufw_prio" ]]; then
|
|
isSuccessful "Order is correct: CrowdSec ($cs_prio) runs before UFW ($ufw_prio)."
|
|
else
|
|
isNotice "WARNING: CrowdSec ($cs_prio) does not run before UFW ($ufw_prio). Run the 'crowdsec_fix_priority' Tools action to fix."
|
|
return 1
|
|
fi
|
|
}
|