Firewall rules wip, server show improved

2025-03-31 17:18:56 +00:00
parent 65073632f1
commit d6a0fb3838
11 changed files with 196 additions and 9 deletions
--- a/app/Models/FirewallRule.php
+++ b/app/Models/FirewallRule.php
@@ -0,0 +1,65 @@
+<?php
+
+namespace App\Models;
+
+use App\Enums\FirewallRuleStatus;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+
+class FirewallRule extends Model
+{
+    protected $guarded = [];
+
+    public static function boot(): void
+    {
+        parent::boot();
+
+        static::created(function (self $firewallRule) {
+            $firewallRule->execute();
+        });
+    }
+
+    protected function casts(): array
+    {
+        return [
+            'status' => FirewallRuleStatus::class,
+        ];
+    }
+
+    public function server(): BelongsTo
+    {
+        return $this->belongsTo(Server::class);
+    }
+
+    public function execute(): void
+    {
+        $ssh = $this->server->sshClient();
+
+        $command = "ufw";
+
+        if ($this->type === 'allow') {
+            $command .= " allow";
+        } elseif ($this->type === 'deny') {
+            $command .= " deny";
+        }
+
+        if ($this->from) {
+            $command .= " from {$this->from}";
+            $command .= " to any port";
+        }
+
+        $command .= " {$this->ports}";
+
+        $result = $ssh->execute($command);
+
+        if (! $result->isSuccessful()) {
+            $this->update([
+                'status' => FirewallRuleStatus::FAILED,
+            ]);
+            return;
+        }
+        $this->update([
+            'status' => FirewallRuleStatus::APPLIED,
+        ]);
+    }
+}
--- a/app/Models/Server.php
+++ b/app/Models/Server.php
@@ -7,6 +7,7 @@ use App\Enums\ServerStatus;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\HasMany;
+use Spatie\Ssh\Ssh;

 class Server extends Model
 {
@@ -29,4 +30,16 @@ class Server extends Model
    {
        return $this->hasMany(Service::class);
    }
+
+    public function firewallRules(): HasMany
+    {
+        return $this->hasMany(FirewallRule::class);
+    }
+
+    public function sshClient(string $user = 'root'): Ssh
+    {
+        return Ssh::create($user, $this->ipv4)
+            ->usePrivateKey(storage_path('app/private/ssh/id_ed25519'))
+            ->disableStrictHostKeyChecking();
+    }
 }