Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2026-01-06 04:34:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #918 from BastilleBSD/tschettervictor-patch-2

Browse Source 
template: Add LINE_IN_FILE as HOOK
This commit is contained in:
tschettervictor
2025-04-20 18:17:50 -06:00
committed by GitHub
parent 90a8b6f85a 56e621b099
commit b4a8d01c98
2 changed files with 68 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
docs/chapters/template.rst
View File

@@ -23,37 +23,39 @@ template hook commands.
Template Automation Hooks Template Automation Hooks
------------------------- -------------------------
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| HOOK | format | example | | HOOK | format | example |
+=============+=====================+=========================================+ +===============+=====================+=========================================+
| ARG | ARG=VALUE | MINECRAFT_MEMX="1024M" | | ARG | ARG=VALUE | MINECRAFT_MEMX="1024M" |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| CMD | /bin/sh command | /usr/bin/chsh -s /usr/local/bin/zsh | | CMD | /bin/sh command | /usr/bin/chsh -s /usr/local/bin/zsh |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| CONFIG | set property value | set allow.mlock 1 | | CONFIG | set property value | set allow.mlock 1 |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| CP/OVERLAY | path(s) | etc root usr (one per line) | | CP/OVERLAY | path(s) | etc root usr (one per line) |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| INCLUDE | template path/URL | http?://TEMPLATE_URL or project/path | | INCLUDE | template path/URL | http?://TEMPLATE_URL or project/path |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| LIMITS | resource value | memoryuse 1G | | LIMITS | resource value | memoryuse 1G |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| LINE_IN_FILE | line file_path | word /usr/local/word/word.conf |
+---------------+---------------------+-----------------------------------------+
| MOUNT | fstab syntax | /host/path container/path nullfs ro 0 0 | | MOUNT | fstab syntax | /host/path container/path nullfs ro 0 0 |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| OVERLAY | path(s) | etc root usr (one per line) | | OVERLAY | path(s) | etc root usr (one per line) |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| PKG | port/pkg name(s) | vim-console zsh git-lite tree htop | | PKG | port/pkg name(s) | vim-console zsh git-lite tree htop |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| RDR | tcp port port | tcp 2200 22 (hostport jailport) | | RDR | tcp port port | tcp 2200 22 (hostport jailport) |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| RENDER | /path/file.txt | /usr/local/etc/gitea/conf/app.ini | | RENDER | /path/file.txt | /usr/local/etc/gitea/conf/app.ini |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| RESTART | | (restart jail) | | RESTART | | (restart jail) |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| SERVICE | service command | 'nginx start' OR 'postfix reload' | | SERVICE | service command | 'nginx start' OR 'postfix reload' |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
| SYSRC | sysrc command(s) | nginx_enable=YES | | SYSRC | sysrc command(s) | nginx_enable=YES |
+-------------+---------------------+-----------------------------------------+ +---------------+---------------------+-----------------------------------------+
Template Hook Descriptions Template Hook Descriptions
-------------------------- --------------------------
@@ -82,6 +84,8 @@ INCLUDE - specify a template to include. Make sure the template is
LIMITS - set the specified resource value for the jail LIMITS - set the specified resource value for the jail
LINE_IN_FILE - add specified word to specified file if not present
MOUNT - mount specified files/directories inside the jail MOUNT - mount specified files/directories inside the jail
PKG - install specified packages inside jail PKG - install specified packages inside jail

17
usr/local/share/bastille/template.sh
View File

@@ -114,6 +114,19 @@ render() {
fi fi
} }
line_in_file() {
_jailpath="${1}"
_filepath="$(echo ${2} | awk '{print $2}')"
_line="$(echo ${2} | awk '{print $1}')"
if [ -f "${_jailpath}/${_filepath}" ]; then
if ! grep -qxF "${_line}" "${_jailpath}/${_filepath}"; then
echo "${_line}" >> "${_jailpath}/${_filepath}"
fi
else
warn "Path not found for line_in_file: ${_filepath}"
fi
}
# Handle options. # Handle options.
AUTO=0 AUTO=0
while [ "$#" -gt 0 ]; do while [ "$#" -gt 0 ]; do
@@ -380,6 +393,10 @@ for _jail in ${JAILS}; do
render "${bastille_jail_path}" "${_args}" render "${bastille_jail_path}" "${_args}"
continue continue
;; ;;
lif|lineinfile|line_in_file)
line_in_file "${bastille_jail_path}" "${_args}"
continue
;;
esac esac
if ! eval "bastille ${_cmd} ${_jail} ${_args}"; then if ! eval "bastille ${_cmd} ${_jail} ${_args}"; then