From 140ed04828e1938ac0ed5804d92949b3d526fc21 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sat, 9 May 2020 11:23:05 -0400
Subject: [PATCH] cockpit env

---
 base.yml                                     |  2 +-
 scripts/install.sh                           |  3 +++
 scripts/services/Mistborn-base.service       | 14 +++++++-------
 scripts/services/Mistborn-bitwarden.service  |  2 +-
 scripts/services/Mistborn-jitsi.service      |  4 ++--
 scripts/services/Mistborn-rocketchat.service |  2 +-
 scripts/services/Mistborn-syncthing.service  |  4 ++--
 scripts/services/Mistborn-tor.service        |  2 +-
 scripts/subinstallers/gen_prod_env.sh        |  1 +
 9 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/base.yml b/base.yml
index 19fd8a6..4596b96 100644
--- a/base.yml
+++ b/base.yml
@@ -166,7 +166,7 @@ services:
      - DNSCRYPT_LISTEN_PORT=5054
      # resolvers: https://download.dnscrypt.info/dnscrypt-resolvers/v2/public-resolvers.md
      #- DNSCRYPT_SERVER_NAMES=['scaleway-fr','google','yandex','cloudflare'] 
-     - DNSCRYPT_SERVER_NAMES=['cloudflare','dnswarden-doh1','dnswarden-doh2','dnswarden-doh3','securedns-doh','adguard-dns-doh'] 
+     - DNSCRYPT_SERVER_NAMES=['cloudflare','dnswarden-doh1','dnswarden-doh2','dnswarden-doh3','adguard-dns-doh']
     networks:
       pihole_net:
         ipv4_address: 10.2.0.2
diff --git a/scripts/install.sh b/scripts/install.sh
index 1d81e21..7d48206 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -150,6 +150,9 @@ if [[ "$MISTBORN_INSTALL_COCKPIT" =~ ^([yY][eE][sS]|[yY])$ ]]
 then
     # install cockpit
     source ./scripts/subinstallers/cockpit.sh
+    
+    # set variable (that will be available in environment)
+    MISTBORN_INSTALL_COCKPIT=Y
 fi
 
 # Mistborn-cli (pip3 installed by docker)
diff --git a/scripts/services/Mistborn-base.service b/scripts/services/Mistborn-base.service
index 5857e07..2428a7b 100644
--- a/scripts/services/Mistborn-base.service
+++ b/scripts/services/Mistborn-base.service
@@ -14,13 +14,13 @@ ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down
 
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build
 ExecStartPre=-/sbin/ip address add 10.2.3.1/30 dev DIFACE
-ExecStartPre=/sbin/iptables -w 300 -I DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
-ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP
-ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP
-ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 443 -j MISTBORN_LOG_DROP
-ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 5555 -j MISTBORN_LOG_DROP
-ExecStartPre=/sbin/iptables -A OUTPUT -o DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
-ExecStartPre=/sbin/ip6tables -A OUTPUT -p udp --dport 53 -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 80 -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 443 -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 5555 -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -A OUTPUT -o DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/ip6tables -w -A OUTPUT -p udp --dport 53 -j MISTBORN_LOG_DROP
 ExecStartPre=/sbin/resolvconf -u
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml up
diff --git a/scripts/services/Mistborn-bitwarden.service b/scripts/services/Mistborn-bitwarden.service
index d722101..ff79fde 100644
--- a/scripts/services/Mistborn-bitwarden.service
+++ b/scripts/services/Mistborn-bitwarden.service
@@ -11,7 +11,7 @@ PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml down
 
-ExecStartPre=/sbin/iptables -w 300 -I DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 3012 -j MISTBORN_LOG_DROP
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/bitwarden.yml up --build
 # Stop container when unit is stopped
diff --git a/scripts/services/Mistborn-jitsi.service b/scripts/services/Mistborn-jitsi.service
index a5946db..49a9c21 100644
--- a/scripts/services/Mistborn-jitsi.service
+++ b/scripts/services/Mistborn-jitsi.service
@@ -13,8 +13,8 @@ EnvironmentFile=/opt/mistborn/.envs/.production/.jitsi
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jitsi-meet.yml down
 
-ExecStartPre=/sbin/iptables -w 300 -I DOCKER-USER -i DIFACE -p udp --dport $JVB_PORT -j MISTBORN_LOG_DROP
-ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport $JVB_TCP_PORT -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p udp --dport $JVB_PORT -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport $JVB_TCP_PORT -j MISTBORN_LOG_DROP
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/jitsi-meet.yml up --build
 # Stop container when unit is stopped
diff --git a/scripts/services/Mistborn-rocketchat.service b/scripts/services/Mistborn-rocketchat.service
index 1c75a6f..1ad5a84 100644
--- a/scripts/services/Mistborn-rocketchat.service
+++ b/scripts/services/Mistborn-rocketchat.service
@@ -11,7 +11,7 @@ PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml down
 
-ExecStartPre=/sbin/iptables -w 300 -I DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 3001 -j MISTBORN_LOG_DROP
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/rocketchat.yml up --build
 # Stop container when unit is stopped
diff --git a/scripts/services/Mistborn-syncthing.service b/scripts/services/Mistborn-syncthing.service
index 876a6c9..e3065f3 100644
--- a/scripts/services/Mistborn-syncthing.service
+++ b/scripts/services/Mistborn-syncthing.service
@@ -11,8 +11,8 @@ PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml down
 
-ExecStartPre=/sbin/iptables -w 300 -I DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP
-ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p udp --dport 21027 -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 22000 -j MISTBORN_LOG_DROP
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/syncthing.yml up --build
 # Stop container when unit is stopped
diff --git a/scripts/services/Mistborn-tor.service b/scripts/services/Mistborn-tor.service
index 90da6b9..bbb871f 100644
--- a/scripts/services/Mistborn-tor.service
+++ b/scripts/services/Mistborn-tor.service
@@ -11,7 +11,7 @@ PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml down
 
-ExecStartPre=/sbin/iptables -w 300 -I DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP
+ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 9150 -j MISTBORN_LOG_DROP
 # Start container when unit is started
 ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/tor.yml up --build
 # Stop container when unit is stopped
diff --git a/scripts/subinstallers/gen_prod_env.sh b/scripts/subinstallers/gen_prod_env.sh
index 3848efc..45d93b8 100755
--- a/scripts/subinstallers/gen_prod_env.sh
+++ b/scripts/subinstallers/gen_prod_env.sh
@@ -19,6 +19,7 @@ echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $DJANGO_PROD_FILE
 echo "#MAILGUN_API_KEY=" >> $DJANGO_PROD_FILE
 echo "#MAILGUN_API_URL=" >> $DJANGO_PROD_FILE
 echo "#SENTRY_DNS=" >> $DJANGO_PROD_FILE
+echo "MISTBORN_INSTALL_COCKPIT=$MISTBORN_INSTALL_COCKPIT" >> $DJANGO_PROD_FILE
 
 # generate production .env file for postgresql
 POSTGRES_PROD_FILE="./.envs/.production/.postgres"