From b74354500e068482ebd80119ba5b61d26aae1519 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zolt=C3=A1n=20Felleg?= <zoltan.felleg@userrendszerhaz.hu>
Date: Tue, 27 Jul 2021 16:13:17 +0200
Subject: [PATCH] Updated ifg.in and ws.pm (started configuration for store
 webdav).

---
 scripts/dnf.conf.fedora                       |  4 +--
 sources/ifg.in/firstboot/nftables.config      | 23 +++++++++++++++
 sources/ws.pm/firstboot/01_setupnetworking.sh |  6 +++-
 sources/ws.pm/firstboot/10_certbot.sh         |  1 +
 .../etc/httpd/conf.d/useribm.hu.443.conf.le   | 28 ++++++++++++++-----
 .../etc/httpd/conf.d/useribm.hu.80.conf       | 14 ++++++++++
 .../conf.d/userrendszerhaz.hu.443.conf.le     | 10 ++-----
 7 files changed, 69 insertions(+), 17 deletions(-)

diff --git a/scripts/dnf.conf.fedora b/scripts/dnf.conf.fedora
index 328cc4e..df65ef9 100644
--- a/scripts/dnf.conf.fedora
+++ b/scripts/dnf.conf.fedora
@@ -1,9 +1,9 @@
 [local-fedora]
 name=Fedora $releasever - $basearch
-baseurl=http://store.usr.user.hu/linux/fedora/releases/$releasever/Everything/$basearch/os/
+baseurl=http://store.in.useribm.hu/linux/fedora/releases/$releasever/Everything/$basearch/os/
 gpgcheck=0
 
 [local-updates]
 name=Fedora $releasever - $basearch - Updates
-baseurl=http://store.usr.user.hu/linux/fedora/updates/$releasever/Everything/$basearch/
+baseurl=http://store.in.useribm.hu/linux/fedora/updates/$releasever/Everything/$basearch/
 gpgcheck=0
diff --git a/sources/ifg.in/firstboot/nftables.config b/sources/ifg.in/firstboot/nftables.config
index 358dfe7..3b3b08c 100644
--- a/sources/ifg.in/firstboot/nftables.config
+++ b/sources/ifg.in/firstboot/nftables.config
@@ -50,6 +50,7 @@ define XFR_PERIMETER_IPV4 = 192.168.173.251
 
 # web server address (perimeter network)
 define WS_PERIMETER_IPV4 = 192.168.173.249
+define WS_PERIMETER_IPV6 = 2a02:d400:0000:f2ad:000c:18ff:fe03:adf9
 
 # perimeter name server address (perimeter network)
 define PNS_PERIMETER_IPV4 = 192.168.173.174
@@ -260,6 +261,28 @@ add rule ip ifg_filter forward \
     oifname $INTERNAL_IF \
     counter accept comment "Internal traffic"
 
+add rule ip ifg_filter forward \
+    ip protocol tcp \
+    iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IPV4 tcp sport 1024-65535 \
+    oifname $INTERNAL_IF ip daddr $STORE_INTERNAL_IPV4 tcp dport 80 \
+    counter accept comment "Store requests"
+add rule ip6 ifg_filter forward \
+    iifname $PERIMETER_IF ip6 saddr $WS_PERIMETER_IPV6 tcp sport 1024-65535 \
+    oifname $INTERNAL_IF ip6 daddr $STORE_INTERNAL_IPV6 tcp dport 80 \
+    counter accept comment "Store requests"
+
+add rule ip ifg_filter forward \
+    ct state established \
+    ip protocol tcp \
+    iifname $INTERNAL_IF ip saddr $STORE_INTERNAL_IPV4 tcp sport 80 \
+    oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IPV4 tcp dport 1024-65535 \
+    counter accept comment "Store replies"
+#add rule ip6 ifg_filter forward \
+#    ct state established \
+#    iifname $INTERNAL_IF ip6 saddr $STORE_INTERNAL_IPV6 tcp sport 80 \
+#    oifname $PERIMETER_IF ip6 daddr $WS_PERIMETER_IPV6 tcp dport 1024-65535 \
+#    counter accept comment "Store replies"
+
 add rule ip ifg_filter forward \
     ip protocol tcp \
     iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IPV4 tcp sport 1024-65535 \
diff --git a/sources/ws.pm/firstboot/01_setupnetworking.sh b/sources/ws.pm/firstboot/01_setupnetworking.sh
index 62d9d8c..b03ad51 100755
--- a/sources/ws.pm/firstboot/01_setupnetworking.sh
+++ b/sources/ws.pm/firstboot/01_setupnetworking.sh
@@ -50,7 +50,11 @@ nmcli connection add \
     ipv4.gateway "192.168.173.254" \
     ipv4.method "manual" \
     ipv4.routes "10.228.0.0/16 192.168.173.1, 192.168.42.0/24 192.168.173.1" \
-    ipv6.method "auto" \
+    ipv6.addresses "2a02:d400:0000:f2ad:000c:18ff:fe03:adf9/64" \
+    ipv6.dns "2a02:d400:0000:f2ad:000c:18ff:fe03:adae" \
+    ipv6.dns-search "pm.useribm.hu" \
+    ipv6.method "manual" \
+    ipv6.routes "2a02:d400:0000:f268::/64 2a02:d400:0000:f2ad:000c:18ff:fe03:ad01" \
     save yes
 
 nmcli connection show
diff --git a/sources/ws.pm/firstboot/10_certbot.sh b/sources/ws.pm/firstboot/10_certbot.sh
index 470a796..2e54159 100755
--- a/sources/ws.pm/firstboot/10_certbot.sh
+++ b/sources/ws.pm/firstboot/10_certbot.sh
@@ -18,6 +18,7 @@ certbot certonly \
         -d minicrm.userrendszerhaz.hu \
         -d redmine.useribm.hu \
         -d redmine.userrendszerhaz.hu \
+        -d store.useribm.hu \
         -d svn.useribm.hu \
         -d svn.userrendszerhaz.hu \
         -d useribm.hu \
diff --git a/sources/ws.pm/postinstall/install/etc/httpd/conf.d/useribm.hu.443.conf.le b/sources/ws.pm/postinstall/install/etc/httpd/conf.d/useribm.hu.443.conf.le
index 8036631..dde4e81 100644
--- a/sources/ws.pm/postinstall/install/etc/httpd/conf.d/useribm.hu.443.conf.le
+++ b/sources/ws.pm/postinstall/install/etc/httpd/conf.d/useribm.hu.443.conf.le
@@ -37,13 +37,9 @@
     ProxyPass /ubisxfr http://192.168.173.251/ubisxfr
     ProxyPassReverse /ubisxfr http://192.168.173.251/ubisxfr
 
-    # dvasary's redmine -> dvredmine.usr.user.hu:80
+    # dvasary's redmine -> dvredmine.in.useribm.hu:80
     ProxyPass /redmine http://10.228.62.193/
     ProxyPassReverse /redmine http://10.228.62.193/
-
-    # webdav store -> store.usr.user.hu:80
-    #ProxyPass /store http://store.usr.user.hu/
-    #ProxyPassReverse /store http://store.usr.user.hu/
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -95,8 +91,8 @@
         </RequireAny>
     </Directory>
 
-    ProxyPass /minicrm http://minicrm.usr.user.hu:8080/minicrm
-    ProxyPassReverse /minicrm http://minicrm.usr.user.hu:8080/minicrm
+    ProxyPass /minicrm http://minicrm.in.useribm.hu:8080/minicrm
+    ProxyPassReverse /minicrm http://minicrm.in.useribm.hu:8080/minicrm
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -116,3 +112,21 @@
     ProxyPass / http://10.228.62.193/
     ProxyPassReverse / http://10.228.62.193/
 </VirtualHost>
+
+<VirtualHost *:443>
+    ServerName store.useribm.hu
+    ServerAdmin webadmin@useribm.hu
+    DocumentRoot "/var/www/htdocs.useribm.hu.443"
+
+    SSLCertificateFile /etc/letsencrypt/live/user/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/user/privkey.pem
+
+    <Directory /var/www/htdocs.useribm.hu.443>
+        <RequireAny>
+            Require all granted
+        </RequireAny>
+    </Directory>
+
+    ProxyPass / http://store.in.useribm.hu/
+    ProxyPassReverse / http://store.in.useribm.hu/
+</VirtualHost>
diff --git a/sources/ws.pm/postinstall/install/etc/httpd/conf.d/useribm.hu.80.conf b/sources/ws.pm/postinstall/install/etc/httpd/conf.d/useribm.hu.80.conf
index cc36dcd..99502c5 100644
--- a/sources/ws.pm/postinstall/install/etc/httpd/conf.d/useribm.hu.80.conf
+++ b/sources/ws.pm/postinstall/install/etc/httpd/conf.d/useribm.hu.80.conf
@@ -54,3 +54,17 @@
 
     Redirect permanent / https://redmine.useribm.hu/
 </VirtualHost>
+
+<VirtualHost *:80>
+    ServerName store.useribm.hu
+    ServerAdmin webadmin@useribm.hu
+    DocumentRoot "/var/www/htdocs.useribm.hu.80"
+
+    <Directory /var/www/htdocs.useribm.hu.80>
+        <RequireAny>
+            Require all granted
+        </RequireAny>
+    </Directory>
+
+    Redirect permanent / https://store.useribm.hu/
+</VirtualHost>
diff --git a/sources/ws.pm/postinstall/install/etc/httpd/conf.d/userrendszerhaz.hu.443.conf.le b/sources/ws.pm/postinstall/install/etc/httpd/conf.d/userrendszerhaz.hu.443.conf.le
index 80dce71..1a38da0 100644
--- a/sources/ws.pm/postinstall/install/etc/httpd/conf.d/userrendszerhaz.hu.443.conf.le
+++ b/sources/ws.pm/postinstall/install/etc/httpd/conf.d/userrendszerhaz.hu.443.conf.le
@@ -33,13 +33,9 @@
     ProxyPass /ubisxfr http://192.168.173.251/ubisxfr
     ProxyPassReverse /ubisxfr http://192.168.173.251/ubisxfr
 
-    # dvasary's redmine -> dvredmine.usr.user.hu:80
+    # dvasary's redmine -> dvredmine.in.useribm.hu:80
     ProxyPass /redmine http://10.228.62.193/
     ProxyPassReverse /redmine http://10.228.62.193/
-
-    # webdav store -> store.usr.user.hu:80
-    #ProxyPass /store http://store.usr.user.hu/
-    #ProxyPassReverse /store http://store.usr.user.hu/
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -91,8 +87,8 @@
         </RequireAny>
     </Directory>
 
-    ProxyPass /minicrm http://minicrm.usr.user.hu:8080/minicrm
-    ProxyPassReverse /minicrm http://minicrm.usr.user.hu:8080/minicrm
+    ProxyPass /minicrm http://minicrm.in.useribm.hu:8080/minicrm
+    ProxyPassReverse /minicrm http://minicrm.in.useribm.hu:8080/minicrm
 </VirtualHost>
 
 <VirtualHost *:443>
-- 
2.54.0