Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-01-03 02:50:47 -05:00
Code Issues Packages Projects Releases Wiki Activity

deploy nftables rules in deploy-initial

Browse Source
This commit is contained in:
Daniel Micay 2024-06-18 13:58:50 -04:00
parent f40a017ec3
commit 4475df98a4
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
deploy-initial
View File

@ -55,7 +55,9 @@ sed -i "s/{{ssh_users}}/${hosts_ssh_users[$host]:-root}/g" ssh/sshd_config.tmp
rsync -cv ssh/sshd_config.tmp $remote:/mnt/etc/ssh/sshd_config rsync -cv ssh/sshd_config.tmp $remote:/mnt/etc/ssh/sshd_config
rm ssh/sshd_config.tmp rm ssh/sshd_config.tmp
ssh $remote "arch-chroot /mnt systemctl enable chronyd.service fstrim.timer logrotate.timer plocate-updatedb.timer systemd-networkd.service sshd.service unbound.service" rsync -cv nftables/nftables-${hosts_firewall[$host]:-web}.conf $remote:/mnt/etc/nftables.conf
ssh $remote "arch-chroot /mnt systemctl enable chronyd.service fstrim.timer logrotate.timer nftables.service plocate-updatedb.timer systemd-networkd.service sshd.service unbound.service"
ssh $remote "arch-chroot /mnt systemctl disable remote-fs.target systemd-network-generator.service" ssh $remote "arch-chroot /mnt systemctl disable remote-fs.target systemd-network-generator.service"
ssh $remote "dd if=/dev/random of=/mnt/swapfile bs=1M count=$swap status=progress" ssh $remote "dd if=/dev/random of=/mnt/swapfile bs=1M count=$swap status=progress"