Merge pull request #4 from gitsang/configs

feat: Format add CHECK_INTERVAL config option
2024-11-25 15:01:23 +08:00 · 2024-11-25 15:01:23 +08:00 · 5a5313b3ec
commit 5a5313b3ec
parent b3815608f5 ce1d66c27c
4 changed files with 97 additions and 51 deletions
--- a/README.md
+++ b/README.md
@ -4,24 +4,33 @@ lxc-iptag is a simple script to add ip tags to LXC containers.

 ![](./img/pve-lxc-iptag.png)

-## Installation
+## 1. Installation

 ```sh
 curl -sL https://github.com/gitsang/lxc-iptag/raw/main/install.sh | sudo bash
 ```

-## Configure
+This script will:

-### CIDRs
+- Install script prerequisites
+- Install the `lxc-iptag` script to `/usr/local/bin/lxc-iptag`
+- Copy config file to `/usr/local/etc/lxc-iptag.conf`
+- Add a systemd unit to start the service

-Open `/usr/local/bin/lxc-iptag` and change the `cidr_list`
-
-The default CIDRs are
+### 1.1 Update

 ```sh
-cidr_list=(
-    192.168.0.0/16
-    100.64.0.0/10
-    10.0.0.0/8
-)
+sudo curl -sSL https://raw.githubusercontent.com/gitsang/lxc-iptag/main/lxc-iptag -o /usr/local/bin/lxc-iptag && sudo chmod +x /usr/local/bin/lxc-iptag
+sudo systemctl restart lxc-iptag.service
 ```
+
+This script will only update the `lxc-iptag` executable script
+
+## 2. Configure
+
+Open `/usr/local/ect/lxc-iptag.conf` and change the config
+
+| Option         | Example                                     | Description                       |
+| -------------- | ------------------------------------------- | --------------------------------- |
+| CIDR_LIST      | `(192.168.0.0/16 100.64.0.0/10 10.0.0.0/8)` | IP filter list in CIDR format     |
+| CHECK_INTERVAL | `60`                                        | Checking loop interval in seconds |
--- a/install.sh
+++ b/install.sh
@ -2,11 +2,17 @@

 set -xe

+# install prerequisites
 sudo apt install -y ipcalc
-curl -sSL https://raw.githubusercontent.com/gitsang/lxc-iptag/main/lxc-iptag -o /usr/local/bin/lxc-iptag
-curl -sSL https://raw.githubusercontent.com/gitsang/lxc-iptag/main/lxc-iptag.service -o /lib/systemd/system/lxc-iptag.service
-chmod +x /usr/local/bin/lxc-iptag

+# install lxc-iptag
+curl -sSL https://raw.githubusercontent.com/gitsang/lxc-iptag/main/lxc-iptag -o /usr/local/bin/lxc-iptag && chmod +x /usr/local/bin/lxc-iptag
+curl -sSL https://raw.githubusercontent.com/gitsang/lxc-iptag/main/lxc-iptag.conf -o /usr/local/etc/lxc-iptag.conf
+
+# configure lxc-iptag systemd
+curl -sSL https://raw.githubusercontent.com/gitsang/lxc-iptag/main/lxc-iptag.service -o /lib/systemd/system/lxc-iptag.service
+
+# start lxc-iptag
 sudo systemctl daemon-reload
 sudo systemctl enable lxc-iptag.service
 sudo systemctl start lxc-iptag.service
--- a/99
+++ b/99
@ -1,11 +1,24 @@
 #!/bin/bash

-cidr_list=(
+# =============== CONFIGURATION =============== #
+
+CIDR_LIST=(
    192.168.0.0/16
    100.64.0.0/10
    10.0.0.0/8
 )

+CHECK_INTERVAL=60
+
+if [ -f "/usr/local/etc/lxc-iptag.conf" ]; then
+    # shellcheck source=./lxc-iptag.conf
+    # shellcheck source=/usr/local/etc/lxc-iptag.conf
+    source /usr/local/etc/lxc-iptag.conf
+fi
+
+# =============== UTIL_FUNCTION =============== #
+
+# Convert IP to integer for comparison
 ip_to_int() {
    local ip="${1}"
    local a b c d
@ -13,6 +26,7 @@ ip_to_int() {
    echo "$((a << 24 | b << 16 | c << 8 | d))"
 }

+# Check if IP is in CIDR
 ip_in_cidr() {
    local ip="${1}"
    local cidr="${2}"
@ -22,14 +36,18 @@ ip_in_cidr() {
    [[ ${ip_int} -eq ${masked_ip_int} ]] && return 0 || return 1
 }

+# Check if IP is in any CIDRs
 ip_in_cidrs() {
    local ip="${1}"
-    for cidr in "${cidr_list[@]}"; do
+    local cidrs=()
+    mapfile -t cidrs < <(echo "${2}" | tr ' ' '\n')
+    for cidr in "${cidrs[@]}"; do
        ip_in_cidr "${ip}" "${cidr}" && return 0
    done
    return 1
 }

+# Check if IP is valid
 is_valid_ipv4() {
    local ip=$1
    local regex="^([0-9]{1,3}\.){3}[0-9]{1,3}$"
@ -46,46 +64,53 @@ is_valid_ipv4() {
    fi
 }

-main() {
-    while true; do
-        # Set the IP tags for all LXC containers
-        lxc_name_list=$(pct list 2>/dev/null | grep -v VMID | awk '{print $1}')
-        for lxc_name in ${lxc_name_list}; do
-            new_tags=()
-            old_ips=()
-            new_ips=()
+# =============== MAIN =============== #

-            # Get tags
-            old_tags=$(pct config "${lxc_name}" | grep tags | awk '{print $2}' | sed 's/;/ /g')
-            for old_tag in ${old_tags}; do
-                if is_valid_ipv4 "${old_tag}"; then
-                    old_ips+=("${old_tag}")
-                    continue
-                fi
-                new_tags+=("${old_tag}")
-            done
+update_lxc_iptags() {
+    vmid_list=$(pct list 2>/dev/null | grep -v VMID | awk '{print $1}')
+    for vmid in ${vmid_list}; do
+        last_tagged_ips=()
+        current_valid_ips=()
+        next_tags=()

-            # Get the valid IPv4s
-            ips=$(lxc-info -n "${lxc_name}" -i | awk '{print $2}')
-            for ip in ${ips}; do
-                if is_valid_ipv4 "${ip}" && ip_in_cidrs "${ip}"; then
-                    new_ips+=("${ip}")
-                    new_tags+=("${ip}")
-                fi
-            done
-
-            # Skip if no change
-            if [[ "$(echo "${old_ips[@]}" | tr ' ' '\n' | sort -u)" == "$(echo "${new_ips[@]}" | tr ' ' '\n' | sort -u)" ]]; then
-                echo "Skipping ${lxc_name} cause ip no changes"
+        # Parse current tags
+        mapfile -t current_tags < <(pct config "${vmid}" | grep tags | awk '{print $2}' | sed 's/;/\n/g')
+        for current_tag in "${current_tags[@]}"; do
+            if is_valid_ipv4 "${current_tag}"; then
+                last_tagged_ips+=("${current_tag}")
                continue
            fi
-
-            # Set the tags
-            joined_tags=$(IFS=';'; echo "${new_tags[*]}")
-            echo "Setting ${lxc_name} tags from ${old_tags} to ${joined_tags}"
-            pct set "${lxc_name}" -tags "${joined_tags}"
+            next_tags+=("${current_tag}")
        done
-        sleep 60
+
+        # Get current IPs
+        current_ips_full=$(lxc-info -n "${vmid}" -i | awk '{print $2}')
+        for ip in ${current_ips_full}; do
+            if is_valid_ipv4 "${ip}" && ip_in_cidrs "${ip}" "${CIDR_LIST[*]}"; then
+                current_valid_ips+=("${ip}")
+                next_tags+=("${ip}")
+            fi
+        done
+
+        # Skip if no ip change
+        if [[ "$(echo "${last_tagged_ips[@]}" | tr ' ' '\n' | sort -u)" == "$(echo "${current_valid_ips[@]}" | tr ' ' '\n' | sort -u)" ]]; then
+            echo "Skipping ${vmid} cause ip no changes"
+            continue
+        fi
+
+        # Set tags
+        echo "Setting ${vmid} tags from ${current_tags[*]} to ${next_tags[*]}"
+        fmted_next_tags=$(IFS=';'; echo "${next_tags[*]}")
+        pct set "${vmid}" -tags "${fmted_next_tags}"
+    done
+}
+
+# main: Set the IP tags for all LXC containers
+main() {
+    while true; do
+        update_lxc_iptags
+
+        sleep "${CHECK_INTERVAL}"
    done
 }

--- a/lxc-iptag.conf
+++ b/lxc-iptag.conf
@ -0,0 +1,6 @@
+CIDR_LIST=(
+    192.168.0.0/16
+    100.64.0.0/10
+    10.0.0.0/8
+)
+CHECK_INTERVAL=60