Add Bastillefile support to templates.

2025-12-28 00:10:47 +01:00 · 2020-05-23 21:03:12 -04:00
parent b515565bde
commit 61ee522f18
2 changed files with 65 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -696,6 +696,31 @@ The above example will include anything under "etc" and "usr" inside
 the template. You do not need to list individual files. Just include the
 top-level directory name.

+For more control over the order of operations when applying a template,
+create a `Bastillefile` inside the base template directory. Each line in
+the file should begin with an uppercase reference to a Bastille command
+followed by its arguments (omitting the target, which is deduced from the
+`template` arguments). Lines beginning with `#` are treated as comments.
+
+Bastillefile example:
+
+```shell
+LIMITS memoryuse 1G
+
+# Install and start nginx.
+PKG nginx
+SYSRC nginx_enable=YES
+SERVICE nginx restart
+
+# Copy files to nginx.
+CP www/ usr/local/www/nginx-dist/
+
+# Create a file on the server containing the jail's hostname.
+CMD hostname > /usr/local/www/nginx-dist/hostname.txt
+
+# Forward TCP port 80 on the host to port 80 in the container.
+RDR tcp 80 80
+```

 Applying Templates
 ------------------
--- a/usr/local/share/bastille/template.sh
+++ b/usr/local/share/bastille/template.sh
@@ -92,6 +92,46 @@ for _jail in ${JAILS}; do
        fi
    fi

+    if [ -s "${bastille_template}/Bastillefile" ]; then
+        # Ignore blank lines and comments. -- cwells
+        SCRIPT=$(grep -v '^\s*$' "${bastille_template}/Bastillefile" | grep -v '^\s*#')
+        # Use a newline as the separator. -- cwells
+        IFS='
+'
+        set -f
+        for _line in ${SCRIPT}; do
+            _cmd=$(echo "${_line}" | awk '{print tolower($1);}')
+            _args=$(echo "${_line}" | awk '{$1=""; sub(/^ */, ""); print;}')
+
+            # Apply overrides for commands/aliases and arguments. -- cwells
+            case $_cmd in
+                cmd)
+                    # Allow redirection within the jail. -- cwells
+                    _args="sh -c '${_args}'"
+                    ;;
+                cp)
+                    # Convert relative "from" path into absolute path inside the template directory. -- cwells
+                    if [ "${_args%${_args#?}}" != '/' ]; then
+                        _args="${bastille_template}/${_args}"
+                    fi
+                    ;;
+                include)
+                    _cmd='template' ;;
+                pkg)
+                    _args="install -y ${_args}" ;;
+            esac
+
+            if ! eval "bastille ${_cmd} ${_jail} ${_args}"; then
+                echo -e "${COLOR_RED}Failed to execute command: ${BASTILLE_COMMAND}${COLOR_RESET}"
+                set +f
+                unset IFS
+                exit 1
+            fi
+        done
+        set +f
+        unset IFS
+    fi
+
    ## LIMITS (RCTL)
    if [ -s "${bastille_template}/LIMITS" ]; then
        echo -e "${COLOR_GREEN}[${_jail}]:LIMITS -- START${COLOR_RESET}"