class Kitsune::Kit::Commands::SetupFirewall
def create
def create filled_options = Kitsune::Kit::OptionsBuilder.build( options, required: [:server_ip], defaults: Kitsune::Kit::Defaults.ssh ) with_ssh_connection(filled_options) do |ssh| perform_setup(ssh, filled_options) end end
def perform_rollback(ssh, filled_options)
def perform_rollback(ssh, filled_options) ssh_port = filled_options[:ssh_port] output = ssh.exec! <<~EOH set -e echo "🔁 Removing UFW rules…" delete_rule() { local rule="$1" if sudo ufw status | grep -q "$rule"; then sudo ufw delete allow "$rule" >/dev/null 2>&1 && echo " - rule '$rule' removed" else echo " - rule '$rule' does not exist" fi } delete_rule "#{ssh_port}/tcp" delete_rule "80/tcp" delete_rule "443/tcp" echo "✍🏻 Disabling UFW if active…" if sudo ufw status | grep -q "Status: inactive"; then echo " - UFW is already inactive" else sudo ufw --force disable >/dev/null 2>&1 && echo " - UFW disabled" fi EOH say output say "✅ Firewall rollback completed", :green end
def perform_setup(ssh, filled_options)
def perform_setup(ssh, filled_options) ssh_port = filled_options[:ssh_port] output = ssh.exec! <<~EOH set -e echo "✍🏻 Updating repositories and ensuring UFW is installed…" if ! dpkg -l | grep -q ufw; then sudo apt-get update -y sudo apt-get install -y ufw && echo " - ufw installed" else echo " - ufw is already installed" fi echo "✍🏻 Configuring UFW rules…" add_rule() { local rule="$1" if ! sudo ufw status | grep -q "$rule"; then sudo ufw allow "$rule" >/dev/null 2>&1 && echo " - rule '$rule' added" else echo " - rule '$rule' already exists" fi } add_rule "#{ssh_port}/tcp" add_rule "80/tcp" add_rule "443/tcp" echo "✍🏻 Enabling UFW logging…" if ! sudo ufw status verbose | grep -q "Logging: on"; then sudo ufw logging on >/dev/null 2>&1 && echo " - logging enabled" else echo " - logging was already enabled" fi echo "✍🏻 Enabling UFW…" if sudo ufw status | grep -q "Status: inactive"; then sudo ufw --force enable >/dev/null 2>&1 && echo " - UFW enabled" else echo " - UFW is already enabled" fi EOH say output say "✅ Firewall setup completed", :green end
def rollback
def rollback filled_options = Kitsune::Kit::OptionsBuilder.build( options, required: [:server_ip], defaults: Kitsune::Kit::Defaults.ssh ) with_ssh_connection(filled_options) do |ssh| perform_rollback(ssh, filled_options) end end
def with_ssh_connection(filled_options)
def with_ssh_connection(filled_options) server = filled_options[:server_ip] port = filled_options[:ssh_port] key = File.expand_path(filled_options[:ssh_key_path]) say "🔑 Connecting as deploy@#{server}:#{port}", :green Net::SSH.start(server, "deploy", port: port, keys: [key], non_interactive: true, timeout: 5) do |ssh| yield ssh end end