35 lines
1.4 KiB
Bash
Executable file
35 lines
1.4 KiB
Bash
Executable file
#!/bin/bash -e
|
|
|
|
HOST_NAME=$1
|
|
if [ -z "$HOST_NAME" ]; then
|
|
echo "usage: $0 host name"
|
|
exit 1
|
|
fi
|
|
# remove current rules
|
|
systemctl stop risottofirewall.service || true
|
|
apt install --yes systemd-container dnf jq debootstrap htop gettext patch unzip mlocate xz-utils iptables
|
|
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
|
|
systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
|
|
systemctl daemon-reload
|
|
systemctl restart systemd-sysctl.service
|
|
systemctl enable systemd-networkd
|
|
systemctl restart systemd-networkd
|
|
systemctl enable systemd-resolved
|
|
systemctl restart systemd-resolved
|
|
# systemctl mask dev-hugepages.mount
|
|
systemctl enable risotto-images.timer
|
|
systemctl restart risotto-images.timer
|
|
systemctl enable risottofirewall.service
|
|
systemctl start risottofirewall.service
|
|
|
|
#nft add table nat
|
|
#nft flush table nat;
|
|
#nft 'add chain nat prerouting { type nat hook prerouting priority -100; }'
|
|
#nft 'add rule nat prerouting iif enp0s3 tcp dport { 80, 443 } dnat to 192.168.45.12'
|
|
#nft 'add chain nat postrouting { type nat hook postrouting priority -100; }'
|
|
#nft 'add rule nat postrouting ip saddr 192.168.45.10 oif enp0s8 tcp dport 53 snat to 10.0.3.15'
|
|
#nft 'add rule nat postrouting ip saddr 192.168.45.10 oif enp0s8 udp dport 53 snat to 10.0.3.15'
|
|
|
|
echo "install host OK"
|
|
|
|
exit 0
|