added net scripts

script/host/net/printAllShortManagedHostnamesFromHostsFile.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Select just lines containing 'managedHost'.
+# 1.) Remove everything after a '#' (including the #).
+# 2.) Remove every indenting.
+# 3.) Remove blanks (spaces or tabs) at the end of lines.
+# 4.) Replace blanks (spaces or tabs) with one ';' between the values.
+# 5.) Delete empty lines.
+# Then cut the second field
+# Then cut the first field to get the short hostname
+grep 'managedHost' /etc/hosts \
+    | sed -e 's/#.*//' \
+        -e 's/^[[:blank:]]*//' \
+        -e 's/[[:blank:]]*$//' \
+        -e 's/\s\+/;/g' \
+        -e '/^$/d' \
+    | cut -d';' -f2 \
+    | cut -d'.' -f1
+

script/host/net/printOwnDefaultMACAdress.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+cat /sys/class/net/e*/address \
+    | head -n 1

script/host/net/printOwnIPv4Adress.sh

@@ -0,0 +1,108 @@
+#!/bin/bash
+
+#grep -E '(:|^(127|169\.254|10|172\.(1(6|7|8|9)|2[0-9]|30|31)|192\.168|(22(4|5|6|7|8|9)|23(0|1|2|3|4|5|6|7|8|9))).*)' findet:
+#  loopback:  127.0.0.0/8
+#  linklocal: 169.254.0.0/16
+#  private:   10.0.0.0/8,
+#             172.16.0.0/12,   (172.16… bis 172.31…)
+#             192.168.0.0/16
+# multicast:  224.0.0.0/4      (224… bis 239…)
+
+
+function all() {
+    # Select just lines containing 'inet'.
+    # 1.) Remove every indenting.
+    # 2.) Remove 'inet '.
+    # 3.) Remove everything after a '/' (including the /).
+    ip -4 addr \
+        | grep 'inet' \
+        | sed -e 's/^[[:blank:]]*//' \
+            -e 's/inet //' \
+            -e 's/\/.*//'
+}
+
+function routed() {
+    local _DEVICE
+    _DEVICE="$(ip -4 route show default | xargs -n 1 | grep -A1 -i dev | tail -n 1)"
+    readonly _DEVICE
+
+    ip -4 addr show dev "${_DEVICE:?"Missing DEVICE"}" scope global \
+        | grep 'inet' | xargs -n 1 \
+        | grep -A1 'inet' \
+        | tail -n 1 \
+        | cut -d/ -f1
+}
+
+function public() {
+    hostname -I | xargs -n 1 \
+        | grep -vE '(:|^(127|169\.254|10|172\.(1(6|7|8|9)|2[0-9]|30|31)|192\.168|(22(4|5|6|7|8|9)|23(0|1|2|3|4|5|6|7|8|9))).*)'
+}
+
+# Maybe use "resolvectl status" to get DNS Server and specify 'nslookup'
+function published() {
+    local _BOOT_HOSTNAME
+    _BOOT_HOSTNAME="$(hostname -b)"
+    readonly _BOOT_HOSTNAME
+
+    nslookup -type=A "${_BOOT_HOSTNAME:?"Missing BOOT_HOSTNAME"}" | xargs -n 1 \
+        | grep -A2 -i "${_BOOT_HOSTNAME}" \
+        | grep -A1 -i 'address' \
+        | tail -n1
+}
+
+function verified() {
+    local _PUBLISHED_IP
+    _PUBLISHED_IP="$(published)"
+    readonly _PUBLISHED_IP
+
+    [ -z "${_PUBLISHED_IP}" ] \
+        && return 0
+
+    all | grep "${_PUBLISHED_IP}"
+}
+
+function usage() {
+    echo "Use one of the following options:"
+    echo "  --all       : prints all IPv4 addresses"
+    echo "  --routed    : prints the IPv4 address used to send traffic to the default gateway"
+    echo "  --public    : prints all IPv4 addresses direct accessable from the internet"
+    echo "  --published : prints the IPv4 address provided by DNS using this host's name"
+    echo "  --verified  : prints the IPv4 included in 'all' und respended by 'published'"
+}
+
+
+
+function main(){
+
+    case "${1}" in
+        --all)
+            all
+            return 0
+            ;;
+        --routed)
+            routed
+            return 0
+            ;;
+        --public)
+            public
+            return 0
+            ;;
+        --published)
+            published
+            return 0
+            ;;
+        --verified)
+            verified
+            return 0
+            ;;
+        *)
+            usage
+            return 1
+            ;;
+    esac
+
+    return 1
+
+}
+
+ main "$@" && exit 0 || exit 1

script/host/net/printOwnIPv6Adress.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+
+#grep -E '(^::1|(^fc.*|^fd.*)|^fe80::.*|^ff.*)' findet:
+#  loopback: ::1/128
+#  uniquelocal: fc00::/7   (fc00… bis fdff…)
+#  linklocal:   fe80::/64
+#  multicast:   ff00::/8   (ff…)
+
+
+
+function all() {
+    # Select just lines containing 'inet6'.
+    # 1.) Remove every indenting.
+    # 2.) Remove 'inet6 '.
+    # 3.) Remove everything after a '/' (including the /).
+    ip -6 addr \
+        | grep 'inet6' \
+        | sed -e 's/^[[:blank:]]*//' \
+            -e 's/inet6 //' \
+            -e 's/\/.*//'
+}
+
+function routed() {
+    local _DEVICE
+    _DEVICE="$(ip -6 route show default | xargs -n 1 | grep -A1 -i dev | tail -n 1)"
+    readonly _DEVICE
+
+    ip -6 addr show dev "${_DEVICE:?"Missing DEVICE"}" scope global \
+        | grep 'inet6' \
+        | xargs -n 1 \
+        | grep -A1 'inet6' \
+        | grep ':' \
+        | cut -d/ -f1
+}
+
+function public() {
+    hostname -I | xargs -n 1 \
+        | grep ':' \
+        | grep -vE '(^::1|(^fc.*|^fd.*)|^fe80::.*|^ff.*)'
+}
+
+# Maybe use "resolvectl status" to get DNS Server and specify 'nslookup'
+function published() {
+    local _BOOT_HOSTNAME
+    _BOOT_HOSTNAME="$(hostname -b)"
+    readonly _BOOT_HOSTNAME
+
+    nslookup -type=AAAA "${_BOOT_HOSTNAME:?"Missing BOOT_HOSTNAME"}" | xargs -n 1 \
+        | grep -A2 -i "${_BOOT_HOSTNAME}" \
+        | grep -A1 -i address \
+        | tail -n1
+}
+
+function verified() {
+    local _PUBLISHED_IP
+    _PUBLISHED_IP="$(published)"
+    readonly _PUBLISHED_IP
+
+    [ -z "${_PUBLISHED_IP}" ] \
+        && return 0
+
+    all | grep "${_PUBLISHED_IP}"
+}
+
+function usage() {
+    echo "Use one of the following options:"
+    echo "  --all       : prints all IPv6 addresses"
+    echo "  --routed    : prints the IPv6 address used to send traffic to the default gateway"
+    echo "  --public    : prints all IPv6 addresses direct accessable from the internet"
+    echo "  --published : prints the IPv6 address provided by DNS using this host's name"
+    echo "  --verified  : prints the IPv6 included in 'all' und respended by 'published'"
+}
+
+
+
+function main(){
+
+    case "${1}" in
+        --all)
+            all
+            return 0
+            ;;
+        --routed)
+            routed
+            return 0
+            ;;
+        --public)
+            public
+            return 0
+            ;;
+        --published)
+            published
+            return 0
+            ;;
+        --verified)
+            verified
+            return 0
+            ;;
+        *)
+            usage
+            return 1
+            ;;
+    esac
+
+    return 1
+
+}
+
+ main "$@" && exit 0 || exit 1

script/host/net/printOwnMACAdresses.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+cat /sys/class/net/e*/address

script/host/net/printOwnShortHostnameFromHostsFile.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# Select just lines containing 'inet'.
+# 1.) Remove every indenting.
+# 2.) Remove 'inet '.
+# 3.) Remove everything after a '/' (including the /).
+# Search each IP of the IPv4-list in file '/etc/hosts' 
+# Select just lines containing 'managedHost'.
+# 1.) Remove everything after a '#' (including the #).
+# 2.) Remove every indenting.
+# 3.) Remove blanks (spaces or tabs) at the end of lines.
+# 4.) Replace blanks (spaces or tabs) with one ';' between the values.
+# 5.) Delete empty lines.
+# Then cut the second field
+# Then cut the first field to get the short hostname
+ip -4 addr \
+    | grep 'inet' \
+    | sed -e 's/^[[:blank:]]*//' \
+        -e 's/inet //' \
+        -e 's/\/.*//' \
+    | xargs -i grep {} /etc/hosts \
+    | grep 'managedHost' \
+    | sed -e 's/#.*//' \
+        -e 's/^[[:blank:]]*//' \
+        -e 's/[[:blank:]]*$//' \
+        -e 's/\s\+/;/g' \
+        -e '/^$/d' \
+    | cut -d';' -f2 \
+    | cut -d'.' -f1
+

script/host/nginx/restartIfConfigurationIsValid.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+nginx -t &> /dev/null \
+    && systemctl restart nginx.service \
+    && exit 0
+
+exit 1

script/host/nginx/setup.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+function main() {
+    local _SCRIPTPATH _DH_PATH _SELF_SIGNED_PATH
+    _SCRIPTPATH="$(cd -- "$(dirname "$0")" > /dev/null 2>&1; pwd -P)"
+    _DH_PATH="/etc/ssl/private"
+    _SELF_SIGNED_PATH="/etc/ssl/private"
+    readonly _SCRIPTPATH _DH_PATH _SELF_SIGNED_PATH
+
+    ! dpkg -s nginx > /dev/null 2>&1 \
+        && apt-get --yes install nginx-full \
+        && echo "Nginx erfolgreich installiert." \
+        || echo "Nginx ist bereits installiert."
+
+    ! dpkg -s openssl > /dev/null 2>&1 \
+        && apt-get --yes install openssl \
+        && echo "OpenSSL erfolgreich installiert." \
+        || echo "OpenSSL ist bereits installiert."
+
+    ! [ -f "${_DH_PATH}/dhparam4096.pem" ] \
+        && mkdir -p "${_DH_PATH}" \
+        && chmod go-rwx "${_DH_PATH}" \
+        && openssl dhparam -out "${_DH_PATH}/dhparam4096.pem" 4096 \
+        && echo "Diffie-Hellman-Parameters erfolgreich erstellt." \
+        || echo "Diffie-Hellman-Parameters bereits vorhanden."
+
+    ! [ -f "${_SELF_SIGNED_PATH}/selfsigned-private.key" ] \
+        && mkdir -p "${_SELF_SIGNED_PATH}" \
+        && chmod go-rwx "${_SELF_SIGNED_PATH}" \
+        && openssl req -x509 -days 36524 -nodes -newkey rsa:4096 \
+             -keyout "${_SELF_SIGNED_PATH}/selfsigned-private.key" \
+             -out "${_SELF_SIGNED_PATH}/selfsigned-fullchain.crt" \
+        && echo "Selbstsignierte Standardschlüssel erfolgreich erstellt." \
+        || echo "Selbstsignierte Standardschlüssel bereits vorhanden."
+
+#TODO Links erstellen
+#    [ -d "/etc/nginx/" ] \
+#        && cp "${_SCRIPTPATH}/etc_nginx_conf.d/"* "/etc/nginx/conf.d/" \
+#        && mkdir -p /etc/nginx/ssl-trusted \
+#        && cp "${_SCRIPTPATH}/etc_nginx_ssl-trusted/"* "/etc/nginx/ssl-trusted/" \
+#        && mkdir -p /var/www/letsencrypt/.well-known/acme-challenge \
+#        && echo "Basis-Konfiguration erfolgreich erstellt." \
+#        || echo "Basis-Konfiguration bereits vorhanden."
+
+    echo \
+        && echo "Nginx neu starten:" \
+        && nginx -t \
+        && systemctl restart nginx.service \
+        && return 0
+
+    return 1
+}
+
+main "$@" && exit 0 || exit 1

script/host/nginx/update_nginx_conf.sh

@@ -0,0 +1,375 @@
+#!/bin/bash
+NGINX_DIR="/etc/nginx"
+HOSTNAME=$(hostname)
+
+if [ ! -d "$NGINX_DIR" ]; then
+	exit
+fi
+rm $NGINX_DIR/site-*/*
+TEMP_HOST_FILE=`mktemp`
+cp /etc/hosts $TEMP_HOST_FILE
+INDENT=4
+
+function appendProxyServerBlock() {
+	INDENT=$((INDENT+4))
+	local DOMAIN
+	local PORT
+	local INCLUDE_DOMAIN
+	local SSL
+	local FILE
+	DOMAIN=$1
+	PORT=$2
+	INCLUDE_DOMAIN=$3
+	FILE=$4
+	if [[ "$5" == "ssl" ]]; then
+		SSL=" ssl"
+	fi
+
+	if [[ -z "$DOMAIN" || -z "$INCLUDE_DOMAIN" ]]; then
+		return
+	fi
+	echo "$(echo "" | pr -to $INDENT)append proxy server block: '${DOMAIN}'${SSL}"
+	cat >> "$FILE" << EOF
+server {
+	listen ${PORT}${SSL};
+
+	server_name ${DOMAIN};
+EOF
+
+	if [[ ! -z "$SSL" ]]; then
+		cat >> "$FILE" << EOF
+
+	ssl_certificate /etc/nginx/ssl/${DOMAIN}/server.crt;
+	ssl_certificate_key /etc/nginx/ssl/${DOMAIN}/server.key;
+
+	add_header Strict-Transport-Security max-age=15552000;
+EOF
+	else
+		cat >> "$FILE" << EOF
+	server_name www.${DOMAIN};
+EOF
+	fi
+
+	cat >> "$FILE" << EOF
+	root /var/www;
+
+	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+	proxy_set_header Host \$http_host;
+	proxy_set_header X-Forwarded-Proto \$scheme;
+	proxy_set_header X-Real-IP \$remote_addr;
+
+	# WebSocket support
+	proxy_http_version 1.1;
+	proxy_set_header Upgrade \$http_upgrade;
+	proxy_set_header Connection \$connection_upgrade;
+
+	proxy_redirect off;
+	location /.well-known/acme-challenge {
+		root /tmp/acme;
+	}
+
+	include /etc/nginx/site-${INCLUDE_DOMAIN}/*;
+}
+EOF
+	INDENT=$((INDENT-4))
+}
+
+function appendProxy() {
+	INDENT=$((INDENT+4))
+	local DOMAIN
+	local INCLUDE_DOMAIN
+	local FILE
+	DOMAIN=$1
+	INCLUDE_DOMAIN=$2
+	FILE="$NGINX_DIR/sites-enabled/${DOMAIN}"
+
+
+	if [[ -z "$TARGET_PUBLIC_PORT" ]]; then
+		TARGET_PUBLIC_PORT=80
+	fi
+
+	if [[ -z "$TARGET_PUBLIC_PORT_SSL" ]]; then
+		TARGET_PUBLIC_PORT_SSL=443
+	fi
+
+	echo "$(echo "" | pr -to $INDENT)creating proxy for domain ${DOMAIN}"
+	#VHost-Datei leeren
+	printf "" > "$FILE"
+
+	#Proxy mit ssl (redirect HTTP -> HTTPS)
+	if [ -f "$NGINX_DIR/ssl/${DOMAIN}/server.crt" ]; then
+
+		if [ -f "$NGINX_DIR/ssl/${DOMAIN}/allow_http" ]; then
+			appendProxyServerBlock "${DOMAIN}" "${TARGET_PUBLIC_PORT}" "${INCLUDE_DOMAIN}" "$FILE"
+		else
+			cat >> "${FILE}" << EOF
+server {
+	listen ${TARGET_PUBLIC_PORT};
+	server_name ${DOMAIN};
+	server_name www.${DOMAIN};
+	location /.well-known/acme-challenge {
+		root /tmp/acme;
+	}
+	root /var/www;
+	${CUSTOM_NGINX_HTTP_CONFIG}
+
+	add_header Strict-Transport-Security max-age=15552000;
+	location / {
+		return 301 https://${DOMAIN}:${TARGET_PUBLIC_PORT_SSL}\$request_uri;
+	}
+}
+EOF
+		fi
+		appendProxyServerBlock "${DOMAIN}" "${TARGET_PUBLIC_PORT_SSL}" "${INCLUDE_DOMAIN}" "$FILE" "ssl"
+
+	# Proxy ohne ssl
+	else
+		appendProxyServerBlock "${DOMAIN}" "${TARGET_PUBLIC_PORT}" "${INCLUDE_DOMAIN}" "$FILE"
+	fi
+	INDENT=$((INDENT-4))
+}
+
+function configureProxyForTargetDomain() {
+	INDENT=$((INDENT+4))
+	local DOMAIN=$1
+
+	echo "$(echo "" | pr -to $INDENT)configure proxy for domain $DOMAIN"
+	appendProxy "${DOMAIN}" "${DOMAIN}"
+
+	# Proxy für Domain mit www Präfix
+	if [ -f "$NGINX_DIR/ssl/www.${DOMAIN}/server.crt" ]; then
+		FILE="$NGINX_DIR/sites-enabled/www.${DOMAIN}"
+		printf "" > "$FILE"
+		appendProxyServerBlock "www.${DOMAIN}" "${TARGET_PUBLIC_PORT_SSL}" "${DOMAIN}" "$FILE" "ssl"
+	fi
+
+	mkdir -p "$NGINX_DIR/site-${DOMAIN}"
+	if [[ -z "$PROXY_CONTEXTS" ]]; then
+		if [[ -z "$CONTAINER_HTTPS_PORT" ]]; then
+			cat >> $NGINX_DIR/site-${DOMAIN}/${TARGET_CONTAINER} << EOF
+				location / {
+					proxy_pass http://${CONTAINER_IP}:${CONTAINER_HTTP_PORT};
+				}
+EOF
+		else
+			cat >> $NGINX_DIR/site-${DOMAIN}/${TARGET_CONTAINER} << EOF
+				location / {
+					proxy_pass https://${CONTAINER_IP}:${CONTAINER_HTTPS_PORT};
+				}
+EOF
+		fi
+	else
+		if [[ ! -z "$ROOT_REDIRECT" ]]; then
+			cat >> $NGINX_DIR/site-${DOMAIN}/${TARGET_CONTAINER} << EOF
+				location = / {
+					return 302 \$scheme://${DOMAIN}/${ROOT_REDIRECT};
+				}
+EOF
+		fi
+		for PROXY_CONTEXT in $PROXY_CONTEXTS; do
+			if [[ -z "$CONTAINER_HTTPS_PORT" ]]; then
+				cat >> $NGINX_DIR/site-${DOMAIN}/${TARGET_CONTAINER} << EOF
+					location /${PROXY_CONTEXT} {
+						proxy_pass http://${CONTAINER_IP}:${CONTAINER_HTTP_PORT}/${PROXY_CONTEXT};
+					}
+EOF
+			else
+				cat >> $NGINX_DIR/site-${DOMAIN}/${TARGET_CONTAINER} << EOF
+					location /${PROXY_CONTEXT} {
+						proxy_pass https://${CONTAINER_IP}:${CONTAINER_HTTPS_PORT}/${PROXY_CONTEXT};
+					}
+EOF
+			fi
+		done;
+	fi
+
+
+	CONTAINER_CONFIG_DIR="/invra/state/$(cat /invra/hostowner)/containers"
+	for FWD in $PROXY_FORWARDS; do
+		SOURCE_PATH="`echo $FWD | cut -d: -f1`"
+		TARGET_URL="`echo $FWD | cut -d: -s -f2-`"
+		CONTINUE=0
+
+		# Prüfen ob Proxy bereits durch neues Schema im invra/state angelegt wurde
+		while read PROXY_FILE; do
+			CUR_HOST_FILE="$(dirname "$(dirname "$PROXY_FILE")")/current-host"
+			CUR_HOST=$(cat $CUR_HOST_FILE)
+			if [[ -f "$CUR_HOST_FILE" && ( "$CUR_HOST" != "$HOSTNAME" || "$DOMAIN" != "$HOSTNAME" ) ]]; then
+				CONTINUE=1
+				break
+			fi
+		#Process Substitution nutzen, damit CONTINUE-Variable die Schleife überlebt
+		done < <(grep -lER "^/?${SOURCE_PATH}/?$" ${CONTAINER_CONFIG_DIR}/*/httpproxy/${DOMAIN} 2> /dev/null)
+
+		if [ $CONTINUE -eq 1 ]; then
+			continue
+		fi
+		echo "$(echo "" | pr -to $INDENT)create proxy for context-path '${SOURCE_PATH}' to URL '${TARGET_URL}'"
+		cat >> $NGINX_DIR/site-${DOMAIN}/${TARGET_CONTAINER} << EOF
+				location /${SOURCE_PATH} {
+					proxy_pass ${TARGET_URL};
+				}
+EOF
+
+	done
+	INDENT=$((INDENT-4))
+}
+
+function getVar() {
+	local _VAR_NAME=$1
+	local _CONF_FILE=$2
+	local _RESULT
+	_RESULT=$(grep -E "^${_VAR_NAME}=" "${_CONF_FILE}" | grep -oE "[^=]+$")
+	_CLEAN_RESULT=$(echo "$_RESULT" | sed -E 's/[()"]//g')
+	GET_VAR_RESULT=$_CLEAN_RESULT
+}
+
+echo "creating proxy forwards..."
+TARGET_PUBLIC_PORT=""
+TARGET_PUBLIC_PORT_SSL=""
+for CONTAINER in /invra/state/$(cat /invra/hostowner)/containers/*; do
+	CONTAINER_HOST="$(cat $CONTAINER/current-host)"
+	TARGET_CONTAINER="$(basename "$CONTAINER")"
+
+	echo "    creating forward proxies for container '${TARGET_CONTAINER}' on Host '${CONTAINER_HOST}'"
+	for DOMAIN_FILE in $CONTAINER/httpproxy/*; do
+		if [ ! -f "${DOMAIN_FILE}" ]; then
+			continue
+		fi
+
+		TARGET_DOMAIN="$(basename "$DOMAIN_FILE")"
+
+		#Proxy für Domain, die direkt auf diesen Host verweisen, überspringen => werden für die gehosteten Containern später angelegt
+		if [[ "$TARGET_DOMAIN" == "$HOSTNAME" && "$CONTAINER_HOST" == "$HOSTNAME" ]]; then
+			echo "    skipping '${TARGET_DOMAIN}'"
+			continue
+		fi
+
+		appendProxy "${TARGET_DOMAIN}" "${TARGET_DOMAIN}"
+
+		cat "$DOMAIN_FILE" | while read PROXY_CONTEXT; do
+
+			echo "            with context path '${PROXY_CONTEXT}'"
+
+			mkdir -p "$NGINX_DIR/site-${TARGET_DOMAIN}"
+			case $PROXY_CONTEXT in
+				/) TARGET_LOCATION="" ;;
+				/*) TARGET_LOCATION="${PROXY_CONTEXT}" ;;
+				*) TARGET_LOCATION="/${PROXY_CONTEXT}"; PROXY_CONTEXT="${TARGET_LOCATION}" ;;
+			esac
+
+			if [[ "$CONTAINER_HOST" == "$HOSTNAME" ]]; then
+				# neuer docker client
+				CONTAINER_IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}:{{end}}' $TARGET_CONTAINER | cut -d: -f1)
+				if [ -z "$CONTAINER_IP" ]; then
+					# alter docker client
+					CONTAINER_IP=$(docker inspect -f '{{.NetworkSettings.IPAddress}}' $TARGET_CONTAINER)
+					if [ -z "$CONTAINER_IP" ]; then
+						continue
+					fi
+				fi
+				CONTAINER_CONFIG="/persistent/${TARGET_CONTAINER}/containersettings"
+				getVar "CONTAINER_HTTP_PORT" "${CONTAINER_CONFIG}"
+				CONTAINER_HTTP_PORT=${GET_VAR_RESULT:-8080}
+
+				cat >> "$NGINX_DIR/site-${TARGET_DOMAIN}/${TARGET_CONTAINER}" << EOF
+					location ${PROXY_CONTEXT} {
+						proxy_pass http://${CONTAINER_IP}:${CONTAINER_HTTP_PORT};
+					}
+EOF
+				CONTAINER_CONFIG=""
+				CONTAINER_HTTP_PORT=""
+			else
+				cat >> "$NGINX_DIR/site-${TARGET_DOMAIN}/fw-${TARGET_CONTAINER}" << EOF
+					location ${PROXY_CONTEXT} {
+						proxy_pass https://${CONTAINER_HOST}${TARGET_LOCATION};
+						proxy_set_header Host ${TARGET_DOMAIN};
+					}
+EOF
+			fi
+		done
+	done
+done
+
+echo ""
+echo "creating proxies for local container..."
+for CONTAINER_CONFIG in /persistent/*/containersettings; do
+
+	getVar "TARGET_CONTAINER" "${CONTAINER_CONFIG}"
+	TARGET_CONTAINER=$GET_VAR_RESULT
+	getVar "CONTAINER_HTTP_PORT" "${CONTAINER_CONFIG}"
+	CONTAINER_HTTP_PORT=${GET_VAR_RESULT:-8080}
+	getVar "CONTAINER_HTTPS_PORT" "${CONTAINER_CONFIG}"
+	CONTAINER_HTTPS_PORT=$GET_VAR_RESULT
+	getVar "TARGET_DOMAIN" "${CONTAINER_CONFIG}"
+	TARGET_DOMAIN=$GET_VAR_RESULT
+	getVar "TARGET_PUBLIC_PORT" "${CONTAINER_CONFIG}"
+	TARGET_PUBLIC_PORT=$GET_VAR_RESULT
+	getVar "TARGET_PUBLIC_PORT_SSL" "${CONTAINER_CONFIG}"
+	TARGET_PUBLIC_PORT_SSL=$GET_VAR_RESULT
+	getVar "ADDITIONAL_TARGET_DOMAIN" "${CONTAINER_CONFIG}"
+	ADDITIONAL_TARGET_DOMAIN=$GET_VAR_RESULT
+	getVar "PROXY_CONTEXTS" "${CONTAINER_CONFIG}"
+	PROXY_CONTEXTS=$GET_VAR_RESULT
+	getVar "PROXY_FORWARDS" "${CONTAINER_CONFIG}"
+	PROXY_FORWARDS=$GET_VAR_RESULT
+	getVar "CUSTOM_NGINX_HTTP_CONFIG" "${CONTAINER_CONFIG}"
+	CUSTOM_NGINX_HTTP_CONFIG=""
+	grep -E "CUSTOM_NGINX_HTTP_CONFIG" "${CONTAINER_CONFIG}" > /dev/null 
+	if [[ $? -eq 0 ]]; then
+		echo "CUSTOM_NGINX_HTTP_CONFIG wird in containersettings nicht mehr unterstützt"
+	fi
+	getVar "ROOT_REDIRECT" "${CONTAINER_CONFIG}"
+	ROOT_REDIRECT=$GET_VAR_RESULT
+
+	if [[ "${TARGET_CONTAINER}" == "" ]]; then
+		echo "'${CONTAINER_CONFIG}' enthält keinen TARGET_CONTAINER"
+		continue
+	fi
+
+	CURRENT_HOST_FILE="/invra/state/$(cat /invra/hostowner)/containers/${TARGET_CONTAINER}/current-host"
+	if [ -f "$CURRENT_HOST_FILE" ]; then
+		CURRENT_HOST="$(cat "$CURRENT_HOST_FILE")"
+		if [ ! -z "$CURRENT_HOST" ] && [[ "$CURRENT_HOST" != "$HOSTNAME" ]]; then
+			continue
+		fi
+	fi
+	echo "    configuring container '$TARGET_CONTAINER'"
+	# neuer docker client
+	CONTAINER_IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}:{{end}}' $TARGET_CONTAINER | cut -d: -f1)
+	if [ -z "$CONTAINER_IP" ]; then
+		# alter docker client
+		CONTAINER_IP=$(docker inspect -f '{{.NetworkSettings.IPAddress}}' $TARGET_CONTAINER)
+		if [ -z "$CONTAINER_IP" ]; then
+			continue
+		fi
+	fi
+	echo "        updating ip from container $TARGET_CONTAINER"
+	sed -i "s/.*$TARGET_CONTAINER\.cont.*//" $TEMP_HOST_FILE
+	sed -i '/^\s*$/d' "${TEMP_HOST_FILE}" #löscht alle Zeilen, die nur unsichtbare Zeichen enthalten
+	sed -i "/# DOCKER-IPS/a\\$CONTAINER_IP $TARGET_CONTAINER\.cont" $TEMP_HOST_FILE
+
+	if [ -z "$TARGET_DOMAIN" ]; then
+		continue
+	fi
+
+	for DOMAIN_I in ${TARGET_DOMAIN}; do
+		OLDSETTINGSFILE="$NGINX_DIR/site-${DOMAIN_I}/${TARGET_CONTAINER}"
+		if [ -f $OLDSETTINGSFILE ]; then
+			rm $OLDSETTINGSFILE
+		fi
+		configureProxyForTargetDomain "${DOMAIN_I}"
+	done
+
+	if [[ ! -z "${ADDITIONAL_TARGET_DOMAIN}" ]]; then
+		for DOMAIN_I in ${ADDITIONAL_TARGET_DOMAIN}; do
+			appendProxy "${DOMAIN_I}" "$(echo ${TARGET_DOMAIN} | awk '{print $1}')"
+		done
+	fi
+
+done
+cat $TEMP_HOST_FILE > /etc/hosts
+rm $TEMP_HOST_FILE
+service nginx configtest
+service nginx reload
+

script/host/user/addUserToSudoGroup.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo usermod --append --groups sudo "${1:?"Missing first parameter USER"}"

script/host/user/removeUserFromSudoGroup.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo usermod --remove --groups sudo "${1:?"Missing first parameter USER"}"

script/host/zfs/snapshot/snapshot-cleanup.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+MIN_MIN=$(date --date="- 5 minutes" -u "+%Y%m%d%H%M")
+HOUR_MIN=$(date --date="- 1 days" -u "+%Y%m%d%H")
+DAY_MIN=$(date --date="- 7 days" -u "+%Y%m%d")
+MONTH_MIN=$(date --date="- 3 years" -u "+%Y%m")
+ 
+zfs list -Hr -o name -t snapshot -r "zpool1/persistent" | grep -E "^zpool1/persistent/[a-zA-Z0-9_-]+@(SNAPHOURLY|SNAPDAILY|SNAPMONTHLY|SNAPMINUTLY)_[0-9]{6,12}$" | while read SNAPSHOT; do
+        SNAPSHOT_TIME=$(echo "$SNAPSHOT" | grep -oE "[0-9]+$")
+        if [[ ${#SNAPSHOT_TIME} == 12 && "$SNAPSHOT_TIME" < "${MIN_MIN}" ]]; then
+                zfs destroy "${SNAPSHOT}"
+        fi
+        if [[ ${#SNAPSHOT_TIME} == 10 && "$SNAPSHOT_TIME" < "${HOUR_MIN}" ]]; then
+                zfs destroy "${SNAPSHOT}"
+        fi
+        if [[ ${#SNAPSHOT_TIME} == 8 && "${SNAPSHOT_TIME}" < "${DAY_MIN}" ]]; then
+                zfs destroy "${SNAPSHOT}"
+        fi
+        if [[ ${#SNAPSHOT_TIME} == 6 && "${SNAPSHOT_TIME}" < "${MONTH_MIN}" ]]; then
+                zfs destroy "${SNAPSHOT}"
+        fi
+done
+ 
+ 
+ 
+MONTH_MIN_QA=$(date --date="- 1 month" -u "+%Y%m")
+ 
+zfs list -Hr -o name -t snapshot -r "zpool1/persistent" | grep -E "^zpool1/persistent/[a-zA-Z0-9_-]+-qa@SNAPMONTHLY_[0-9]{6}$" | while read SNAPSHOT_QA; do
+        SNAPSHOT_TIME_QA=$(echo "$SNAPSHOT_QA" | grep -oE "[0-9]+$")
+        if [[ "${SNAPSHOT_TIME_QA}" < "${MONTH_MIN_QA}" ]]; then
+                zfs destroy "${SNAPSHOT_QA}"
+        fi
+done
+

script/host/zfs/snapshot/snapshot-minutly.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
+
+_TIMESTAMP="$(date -u "+%Y%m%d%H%M")"
+_ZFS_FILESYSTEM="${1:?"Missing first parameter ZFS_FILESYSTEM."}"
+echo "${_ZFS_FILESYSTEM}" | grep -E '\-prod$' &> /dev/null \
+    && zfs snapshot "${_ZFS_FILESYSTEM}@SNAPMINUTLY_${_TIMESTAMP}" \
+    && exit 0
+
+echo "Snapshot konnte nicht angelegt werden:"
+echo "  - ${_ZFS_FILESYSTEM}@SNAPMINUTLY_${_TIMESTAMP}"
+echo "  (Minuten-Snapshots sollen nur auf 'PROD'-Containeren angelegt werden, sodass diese dann syncronisiert werden)"
+exit 1

script/host/zfs/snapshot/snapshot.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+HOUR=$(date -u "+%Y%m%d%H")
+DAY=${HOUR:0:8}
+MONTH=${HOUR:0:6}
+HOSTOWNER=$(cat /invra/hostowner)
+if [ ! -d /tmp/locks ]; then
+	mkdir /tmp/locks
+fi
+
+zfs list -Hr -o name zpool1/persistent | grep -v -- -BACKUP | tail -n +2 | while read DATASET; do
+	CONTAINER=${DATASET#zpool1/persistent/}
+	(
+		flock -n 9 || exit 1
+
+		MODE_FILE="/invra/state/$HOSTOWNER/containers/$CONTAINER/snapshot-mode"
+		HOURLY=1
+		DAILY=1
+		MONTHLY=1
+
+		if [ -f "$MODE_FILE" ]; then
+			grep -i "NONE" "$MODE_FILE" &> /dev/null
+			if [ $? -eq 0 ]; then
+				exit
+			fi
+			grep -i "HOURLY" "$MODE_FILE" &> /dev/null
+			if [ $? -ne 0 ]; then
+				HOURLY=0
+			fi
+			grep -i "DAILY" "$MODE_FILE" &> /dev/null
+			if [ $? -ne 0 ]; then
+				DAILY=0
+			fi
+			grep -i "MONTHLY" "$MODE_FILE" &> /dev/null
+			if [ $? -ne 0 ]; then
+				MONTHLY=0
+			fi
+		fi
+		SNAPSHOT_HOUR="${DATASET}@SNAPHOURLY_${HOUR}"
+		SNAPSHOT_DAY="${DATASET}@SNAPDAILY_${DAY}"
+		SNAPSHOT_MONTH="${DATASET}@SNAPMONTHLY_${MONTH}"
+
+		zfs list -H -t snapshot -o name -r "$DATASET" | grep -E "^${SNAPSHOT_HOUR}$" > /dev/null
+		if [[ $? -ne 0 && $HOURLY -eq 1 ]]; then
+			zfs snapshot "${SNAPSHOT_HOUR}"
+		fi
+
+		zfs list -H -t snapshot -o name -r "$DATASET" | grep -E "^${SNAPSHOT_DAY}$" > /dev/null
+		if [[ $? -ne 0 && $DAILY -eq 1 ]]; then
+			zfs snapshot "${SNAPSHOT_DAY}"
+		fi
+
+		zfs list -H -t snapshot -o name -r "$DATASET" | grep -E "^${SNAPSHOT_MONTH}$" > /dev/null
+		if [[ $? -ne 0 && $MONTHLY -eq 1 ]]; then
+			zfs snapshot "${SNAPSHOT_MONTH}"
+		fi
+	) 9>>/tmp/locks/snapshot.${CONTAINER}.lock
+done

script/host/zfs/sync/synccontainer-all.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+HOSTOWNER=$(cat /invra/hostowner)
+BACKUPHOST=$(hostname)
+STATE_DIR=/invra/state/${HOSTOWNER}/containers/;
+
+screen -ls | grep -oE "[0-9]+\.synccontainer\.[a-zA-Z0-9_-]+" | while read -r SCREEN_SESSION; do
+	CONTAINER=$(echo "$SCREEN_SESSION" | grep -oE "[^.]+$")
+	PID=$(echo "$SCREEN_SESSION" | grep -oE "^[0-9]+")
+	grep -iE "^${BACKUPHOST}$" ${STATE_DIR}/${CONTAINER}/standby-hosts > /dev/null
+	if [ $? -ne 0 ]; then
+		echo "quit screen session ${SCREEN_SESSION}"
+		screen -XS "$PID" quit
+	fi
+done
+
+grep -lrE "^${BACKUPHOST}$" /invra/state/${HOSTOWNER}/containers/*/standby-hosts > /dev/null
+if [ $? -eq 0 ]; then
+	grep -lrE "^${BACKUPHOST}$" /invra/state/${HOSTOWNER}/containers/*/standby-hosts | while read -r STANDBY_FILE; do
+		CONTAINER=$(basename $(dirname ${STANDBY_FILE}))
+		screen -ls | grep -oE "[0-9]+\.synccontainer\.$CONTAINER" > /dev/null
+		if [ $? -ne 0 ]; then
+			echo "starte container sync"
+			screen -dmS "synccontainer.$CONTAINER" /invra/scripts/hosts/zfs/synccontainer.sh "$CONTAINER"
+		fi
+	done
+fi
+

script/host/zfs/sync/synccontainer-check.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+TMP="$(mktemp)"
+(
+	HOSTNAME="$(hostname)"
+	HOSTOWNER="$(cat /invra/hostowner)"
+	MAX_BEHIND=0
+	CURRENT_UNIXTIME=$(date -u +%s)
+	echo "OK#Checks running" 
+	for CONTAINER_PATH in /invra/state/${HOSTOWNER}/containers/*; do 
+		grep -E "^${HOSTNAME}$" "${CONTAINER_PATH}/standby-hosts" &> /dev/null || continue;
+		CONTAINER_NAME="$(basename "$CONTAINER_PATH")";
+		TS=$(zfs list -o name -r -t snapshot "zpool1/persistent/${CONTAINER_NAME}-BACKUP" | grep "@SYNC_${HOSTNAME}" | head -n1 | grep -oP "\\d{4}-\\d{2}-\\d{2}_\\d{2}:\\d{2}:\\d{2}")
+		LAST_SNAPSHOT_TIME="$(echo "${TS}" | sed "s/_/ /g")"
+		LAST_SNAPSHOT_UNIXTIME=$(date -u --date="TZ=\"UTC\" ${LAST_SNAPSHOT_TIME}" +%s)
+		SECONDS_BEHIND=$[ $CURRENT_UNIXTIME - $LAST_SNAPSHOT_UNIXTIME ]
+		if [ "$SECONDS_BEHIND" -gt "$MAX_BEHIND" ]; then
+			MAX_BEHIND="$SECONDS_BEHIND"
+		fi
+		if [ "$SECONDS_BEHIND" -gt 30 ]; then
+			echo "LAGGING_SYNC_${CONTAINER_NAME}_${HOSTNAME}?FAIL#${SECONDS_BEHIND} behind"
+			
+		fi
+	done
+	echo $CURRENT_UNIXTIME
+) > "$TMP"
+chmod 655 "$TMP"
+mkdir -p /var/www/html/monitoring &>/dev/null
+mv "$TMP" /var/www/html/monitoring/synccontainer.check.txt
+
+

script/host/zfs/sync/synccontainer-receiver.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+CONTAINER=${1:?"CONTAINER missing"}
+CONTAINER=$(echo $1 | sed -E 's|[^a-zA-Z0-9_-]*||g')
+(
+	flock -n 9 || exit 1
+
+	BACKUPHOST=$(hostname)
+	HOSTOWNER=$(cat /invra/hostowner)
+	SOURCEHOST=$(cat /invra/state/${HOSTOWNER}/containers/${CONTAINER}/current-host)
+
+	MOUNTPOINT="none"
+	DATASET="zpool1/persistent/${CONTAINER}-BACKUP"
+	SNAPSHOT_PREFIX="${DATASET}@SYNC_${BACKUPHOST}_"
+
+	LAST_SNAPSHOT_NAME=""
+	RESUME_TOKEN=""
+	zfs list -Hr -o name -s name "${DATASET}" | grep -E "^${DATASET}$" > /dev/null
+	if [ $? -eq 0 ]; then
+		LAST_SNAPSHOT_NAME=$(zfs list -H -o name -S name -t snapshot -r "${DATASET}" | grep -E "^${SNAPSHOT_PREFIX}" | head -n 1)
+		RESUME_TOKEN="$(zfs get -o value -H receive_resume_token "${DATASET}")"
+	fi
+
+	if [[ "x$RESUME_TOKEN" != "x" && "x$RESUME_TOKEN" != "x-" ]]; then
+		echo "Resume token present trying to resume at $RESUME_TOKEN"
+		LAST_SNAPSHOT_NAME="RESUME"
+	fi
+	
+	if [[ "x${LAST_SNAPSHOT_NAME}" != "x" && "${LAST_SNAPSHOT_NAME}" != "RESUME" ]]; then
+		zfs rollback -r "${LAST_SNAPSHOT_NAME}"
+	fi
+
+	# Beiim zfs receive in der nächsten Zeile fehlt noch das "-s" für resumable streams. Der tzrlxsrv kann das aber momentan nicht. Fehlermeldung: cannot receive resume stream: kernel modules must be upgraded to receive this stream.
+	(while sleep 1; do echo; done) | ssh -o ConnectTimeout=20 -C invencom@${SOURCEHOST} "sudo /invra/scripts/hosts/zfs/synccontainer-sender.sh \"${BACKUPHOST}\" \"${CONTAINER}\" \"${LAST_SNAPSHOT_NAME#$SNAPSHOT_PREFIX}\"" \"${RESUME_TOKEN}\" | zfs receive -v "${DATASET}"
+	if [ $? -ne 0 ]; then
+		exit 1
+	fi
+
+	# Dataset gegen Veränderungen sichern
+	zfs set readonly=on "${DATASET}"
+	zfs set "mountpoint=${MOUNTPOINT}" "${DATASET}"
+
+	# Aufsetzpunkte fremder Synchronisierer wegräumen
+	zfs list -t snapshot -o name -r "${DATASET}" | grep -- "${DATASET}@SYNC" | grep -v -i "_${BACKUPHOST}_" | while read SNAP; do
+		echo "Destroying $SNAP"
+		zfs destroy $SNAP
+	done
+
+	# Alte Snapshots wegräumen
+	while read -r ZEILE
+	do
+		if [ "$ZEILE" = "" ]; then
+			break
+		fi
+		if [[ "$ZEILE" > "$LAST_SNAPSHOT_NAME"  ]]; then
+			break
+		fi
+		zfs destroy "$ZEILE"
+	done < <(zfs list -Hr -o name -s name -t snapshot "${DATASET}" | grep -E "^${SNAPSHOT_PREFIX}")
+) 9>>/tmp/synccontainer.${CONTAINER}.lock
+
+if [ $? -ne 0 ]; then
+	exit 1
+fi
+exit 0

script/host/zfs/sync/synccontainer-sender.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+
+BACKUPHOST=${1:?"BACKUPHOST missing"}
+CONTAINER=${2:?"CONTAINER missing"}
+BACKUPHOST=$(echo $1 | sed -E 's|[^a-zA-Z0-9._-]*||g')
+CONTAINER=$(echo $2 | sed -E 's|[^a-zA-Z0-9_-]*||g')
+LAST_SNAPSHOT=$(echo $3 | sed -E 's|[^a-zA-Z0-9._:-]*||g')
+NEW_SNAPSHOT=$(date -u "+%Y-%m-%d_%H:%M:%S")
+
+if [[ "${LAST_SNAPSHOT}" == "RESUME" ]]; then
+	RESUME_TOKEN=$(echo $4 | sed -E 's|[^a-zA-Z0-9._:-]*||g')
+        zfs send -t "${RESUME_TOKEN}"
+        exit
+fi
+
+DATASET="zpool1/persistent/$CONTAINER"
+SNAPSHOT_PREFIX="${DATASET}@SYNC_${BACKUPHOST}_"
+LAST_SNAPSHOT_NAME="${SNAPSHOT_PREFIX}${LAST_SNAPSHOT}"
+NEW_SNAPSHOT_NAME="${SNAPSHOT_PREFIX}${NEW_SNAPSHOT}"
+SNAPSHOT_FOUND=""
+
+# Existiert der Snapshot?
+while read -r ZEILE
+do
+	if [[ "$ZEILE" == "$LAST_SNAPSHOT_NAME" ]]; then
+		SNAPSHOT_FOUND="1"
+		continue
+	fi
+done < <(zfs list -H -o name -s name -t snapshot "${DATASET}" | grep -E "^${SNAPSHOT_PREFIX}")
+
+# Falls ja, alle anderen Snapshots wegräumen - eine frühere Version des Skripts hat hier nur die Älteren weggeräumt. Das führt allerdings zum Vollmüllen
+# mit neueren Snapshots, wenn der Sync immer wieder fehlschlägt - im Einzelfall bis zur Unbenutzbarkeit des Senders
+if [[ "${SNAPSHOT_FOUND}x" == "1x" ]]; then
+	while read -r ZEILE
+	do
+	        if [[ "$ZEILE" == "$LAST_SNAPSHOT_NAME" ]]; then
+        	        continue
+	        fi
+        	zfs destroy "$ZEILE"
+	done < <(zfs list -H -o name -s name -t snapshot "${DATASET}" | grep -E "^${SNAPSHOT_PREFIX}")
+fi
+
+zfs snapshot "$NEW_SNAPSHOT_NAME"
+
+if [[ "$LAST_SNAPSHOT" != "" ]]; then
+	if [[ "$SNAPSHOT_FOUND" == "" ]]; then
+		echo "Angeforderter Snapshot '${LAST_SNAPSHOT}' nicht vorhanden"
+		exit 1;
+	fi
+	zfs send -I "${LAST_SNAPSHOT_NAME}" "${NEW_SNAPSHOT_NAME}"
+else
+	zfs send "${NEW_SNAPSHOT_NAME}"
+fi

script/host/zfs/sync/synccontainer.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+BACKUPHOST=$(hostname)
+CONTAINER=${1:?"Kein Container angegeben"}
+DATASET="zpool1/persistent/$CONTAINER"
+SNAPSHOT_PREFIX="${DATASET}@SYNC_${BACKUPHOST}_"
+
+while true; do
+
+	/invra/scripts/hosts/zfs/synccontainer-receiver.sh "$CONTAINER"
+	sleep 5
+
+#	LAST_SNAPSHOT_NAME=$(zfs list -Hr -o name -S name -t snapshot "${DATASET}" | grep -E "^${SNAPSHOT_PREFIX}" | head -n 1)
+#	LAST_SNAPSHOT_TIME=${LAST_SNAPSHOT_NAME#${SNAPSHOT_PREFIX}}
+#	LAST_SNAPSHOT_TIME="$(echo "${LAST_SNAPSHOT_TIME}" | sed "s/_/ /g")"
+#	LAST_SNAPSHOT_UNIXTIME=$(date -u --date="TZ=\"UTC\" ${LAST_SNAPSHOT_TIME}" +%s)
+#	CURRENT_UNIXTIME=$(date -u +%s)
+#	SECONDS_BEHIND=$[ $CURRENT_UNIXTIME - $LAST_SNAPSHOT_UNIXTIME ]
+#	mkdir -p /var/www/html/monitoring > /dev/null 2>&1
+#	echo $CURRENT_UNIXTIME > "/var/www/html/monitoring/containersync.${CONTAINER}"
+#	echo "OK: $SECONDS_BEHIND seconds behind" >> "/var/www/html/monitoring/containersync.${CONTAINER}"
+
+done
+