network/roles/firewall/files/update

42 lines
891 B
Plaintext
Raw Permalink Normal View History

2023-12-18 10:22:14 +00:00
#!/bin/sh
set -e
2023-12-18 10:22:14 +00:00
apply() {
cp -R /opt/config/etc/nftables.d /etc || return 1
ip vrf exec mgmt nft -I /etc/nftables.d -f /etc/nftables.nft || return 2
2023-12-18 10:22:14 +00:00
cp -R /opt/config/etc/wireguard /etc || return 3
wg syncconf wg /etc/wireguard/wg.conf || return 4
}
cleanup() {
rm -fr /opt/config
}
message() {
logger "${@}"
echo "${@}"
}
2023-12-18 10:22:14 +00:00
# clean now and on exit
cleanup
trap cleanup EXIT
mkdir -p /opt/config
tar xz -C /opt/config --warning=no-timestamp
current="$(cat /opt/version 2>/dev/null || echo -1)"
next="$(cat /opt/config/version 2>/dev/null || echo -1)"
message "Updating config from v${current} to v${next}"
2023-12-18 10:22:14 +00:00
if [ "${next:-0}" -ne "${current:-0}" ] ; then
message "Applying config v${next}"
2023-12-18 10:22:14 +00:00
if apply ; then
echo "${next}" > /opt/version
message "Applied config v${next}"
2023-12-18 10:22:14 +00:00
else
error="$?"
message "Could not apply config v${next}, error ${error}"
2023-12-18 10:22:14 +00:00
exit "${error}"
fi
fi