57 lines
1.0 KiB
Bash
57 lines
1.0 KiB
Bash
#!/bin/bash
|
|
|
|
# abort this script on errors
|
|
set -euxo pipefail
|
|
|
|
whoami
|
|
|
|
cd /vagrant
|
|
|
|
make_certs_writable() (
|
|
local certdir="/etc/docker/certs.d/$TINKERBELL_HOST_IP"
|
|
sudo mkdir -p "$certdir"
|
|
sudo chown -R "$USER" "$certdir"
|
|
)
|
|
|
|
secure_certs() (
|
|
local certdir="/etc/docker/certs.d/$TINKERBELL_HOST_IP"
|
|
sudo chown "root" "$certdir"
|
|
)
|
|
|
|
configure_vagrant_user() (
|
|
echo -n "$TINKERBELL_REGISTRY_PASSWORD" |
|
|
sudo -iu vagrant docker login \
|
|
--username="$TINKERBELL_REGISTRY_USERNAME" \
|
|
--password-stdin "$TINKERBELL_HOST_IP"
|
|
)
|
|
|
|
setup_nat() (
|
|
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
|
|
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
)
|
|
|
|
main() (
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
if [ ! -f ./.env ]; then
|
|
./generate-envrc.sh eth1 >.env
|
|
fi
|
|
|
|
# shellcheck disable=SC1091
|
|
. ./.env
|
|
|
|
make_certs_writable
|
|
|
|
./setup.sh
|
|
|
|
if [[ ${TINKERBELL_CONFIGURE_NAT:=true} != "false" ]]; then
|
|
setup_nat
|
|
fi
|
|
|
|
secure_certs
|
|
configure_vagrant_user
|
|
)
|
|
|
|
main
|