Firewall rules wip, server show improved

2025-03-31 17:18:56 +00:00
parent 65073632f1
commit d6a0fb3838
11 changed files with 196 additions and 9 deletions
--- a/app/Enums/FirewallRuleStatus.php
+++ b/app/Enums/FirewallRuleStatus.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace App\Enums;
+
+enum FirewallRuleStatus: string
+{
+    case NOT_APPLIED = 'not-applied';
+    case APPLIED = 'applied';
+    case FAILED = 'failed';
+}
--- a/app/Http/Controllers/ServerController.php
+++ b/app/Http/Controllers/ServerController.php
@@ -83,7 +83,7 @@ class ServerController extends Controller
            'region' => $request->location,
            'os' => $request->image,
            'plan' => $request->server_type,
-            'user' => '',
+            'user' => 'keystone',
        ]);

        dispatch(new WaitForServerToConnect(
@@ -103,7 +103,7 @@ class ServerController extends Controller
        $server = $organisation->servers()->findOrFail($request->route('server'));

        return inertia('servers/Show', [
-            'server' => $server->load('services'),
+            'server' => $server->load('services.slices'),
        ]);
    }
 }
--- a/app/Jobs/Services/RunStep.php
+++ b/app/Jobs/Services/RunStep.php
@@ -30,9 +30,7 @@ class RunStep implements ShouldQueue

        $server = $this->step->deployment->target->server;

-        $ssh = Ssh::create('root', $server->ipv4)
-            ->usePrivateKey(storage_path('app/private/ssh/id_ed25519'))
-            ->disableStrictHostKeyChecking()
+        $ssh = $server->sshClient()
            ->onOutput(function ($output) {
                $this->step->update([
                    'logs' => $this->step->logs . "\n" . trim($output),
--- a/app/Models/FirewallRule.php
+++ b/app/Models/FirewallRule.php
@@ -0,0 +1,65 @@
+<?php
+
+namespace App\Models;
+
+use App\Enums\FirewallRuleStatus;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+
+class FirewallRule extends Model
+{
+    protected $guarded = [];
+
+    public static function boot(): void
+    {
+        parent::boot();
+
+        static::created(function (self $firewallRule) {
+            $firewallRule->execute();
+        });
+    }
+
+    protected function casts(): array
+    {
+        return [
+            'status' => FirewallRuleStatus::class,
+        ];
+    }
+
+    public function server(): BelongsTo
+    {
+        return $this->belongsTo(Server::class);
+    }
+
+    public function execute(): void
+    {
+        $ssh = $this->server->sshClient();
+
+        $command = "ufw";
+
+        if ($this->type === 'allow') {
+            $command .= " allow";
+        } elseif ($this->type === 'deny') {
+            $command .= " deny";
+        }
+
+        if ($this->from) {
+            $command .= " from {$this->from}";
+            $command .= " to any port";
+        }
+
+        $command .= " {$this->ports}";
+
+        $result = $ssh->execute($command);
+
+        if (! $result->isSuccessful()) {
+            $this->update([
+                'status' => FirewallRuleStatus::FAILED,
+            ]);
+            return;
+        }
+        $this->update([
+            'status' => FirewallRuleStatus::APPLIED,
+        ]);
+    }
+}
--- a/app/Models/Server.php
+++ b/app/Models/Server.php
@@ -7,6 +7,7 @@ use App\Enums\ServerStatus;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\HasMany;
+use Spatie\Ssh\Ssh;

 class Server extends Model
 {
@@ -29,4 +30,16 @@ class Server extends Model
    {
        return $this->hasMany(Service::class);
    }
+
+    public function firewallRules(): HasMany
+    {
+        return $this->hasMany(FirewallRule::class);
+    }
+
+    public function sshClient(string $user = 'root'): Ssh
+    {
+        return Ssh::create($user, $this->ipv4)
+            ->usePrivateKey(storage_path('app/private/ssh/id_ed25519'))
+            ->disableStrictHostKeyChecking();
+    }
 }