summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobert Gerus <arachnist@i.am-a.cat>2013-08-25 23:33:34 +0200
committerRobert Gerus <arachnist@i.am-a.cat>2013-08-25 23:33:34 +0200
commit98ed8fec9cbfa6f05518562440289792c62f6479 (patch)
tree5d14d4bbf2573210250f260f4615bf3cd4d7453c
parent3ddcb48412ce9be9cbb4d0213d894a517b23ef27 (diff)
downloadhs-fw-98ed8fec9cbfa6f05518562440289792c62f6479.tar.gz
hs-fw-98ed8fec9cbfa6f05518562440289792c62f6479.tar.bz2
hs-fw-98ed8fec9cbfa6f05518562440289792c62f6479.tar.xz
hs-fw-98ed8fec9cbfa6f05518562440289792c62f6479.zip
Add the post-receive hook to the repository, for reference.
-rwxr-xr-xhooks/post-receive58
1 files changed, 58 insertions, 0 deletions
diff --git a/hooks/post-receive b/hooks/post-receive
new file mode 100755
index 0000000..9c2838b
--- /dev/null
+++ b/hooks/post-receive
@@ -0,0 +1,58 @@
+#!/usr/local/bin/bash
+
+set -o errexit
+set -o pipefail
+set -o nounset
+
+PFCTL="/sbin/pfctl"
+FIREWALL_DIR="/etc/firewall"
+TEMPFILE="$(/usr/bin/mktemp -t fw)"
+PFCONF_PATH="${FIREWALL_DIR}/pf.conf"
+PFCONF_PATH_TEMPLATE="${PFCONF_PATH}.in"
+CAT="/bin/cat"
+MV="/bin/mv"
+
+isok() {
+ if [[ $1 = 0 ]]; then
+ if [[ $# -gt 1 ]]; then
+ if [[ $2 = "-q" ]]; then
+ :
+ else
+ echo "Unexpected argument: ${2}"
+ exit 1
+ fi
+ else
+ echo "[ OK ]"
+ fi
+ else
+ rm ${TEMPFILE}
+ echo "[ FAIL ]"
+ exit $1
+ fi
+}
+
+echo -n "Checking out new firewall configuration to ${FIREWALL_DIR}... "
+GIT_WORK_TREE="${FIREWALL_DIR}" git checkout -f
+isok $?
+
+echo -n "Generating ${PFCONF_PATH}... "
+[[ -e ${PFCONF_PATH_TEMPLATE} ]]
+isok $? -q
+${CAT} "${PFCONF_PATH_TEMPLATE}" > ${TEMPFILE}
+isok $? -q
+for rulefile in /etc/firewall/rules.d/*; do
+ echo 'include "'${rulefile}'"' >> ${TEMPFILE}
+ isok $? -q
+done
+
+${MV} ${TEMPFILE} ${PFCONF_PATH}
+isok $?
+
+echo -n "Testing if new config is sane... "
+${PFCTL} -nf ${PFCONF_PATH}
+isok $?
+
+echo -n "Loading new config... "
+${PFCTL} -f ${PFCONF_PATH}
+isok $?
+