diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml new file mode 100644 index 0000000..8dacf58 --- /dev/null +++ b/.forgejo/workflows/build.yml @@ -0,0 +1,73 @@ +name: Build and Publish Debian Package + +#on: [push] + +on: + push: + tags: + - "v*" + +env: + DISTRIBUTION: bookworm + COMPONENT: main + +jobs: + build: + runs-on: docker + container: + image: catthehacker/ubuntu:act-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + # - name: Debug file structure + # run: ls -R + + # - name: Debug pwd + # run: pwd + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.13' + + - name: Install FPM dependencies + run: | + sudo apt-get update + sudo apt-get install -y ruby ruby-dev build-essential + sudo gem install --no-document fpm + + - name: Prepare package structure + run: | + # Create temporary packaging directory + mkdir -p package/usr/local/bin + mkdir -p package/etc/systemd/system + # Copy magicfw.py as the executable and rename if needed + cp src/magicfw.py package/usr/local/bin/magicfw + chmod +x package/usr/local/bin/magicfw + # Copy the systemd service file + cp systemd/magicfw.service package/etc/systemd/system/ + + - name: Generate version number + run: | + VERSION=$(git describe --tags --abbrev=0 2>/dev/null | sed 's/^v//') + echo "VERSION=$VERSION" >> $GITHUB_ENV + + - name: Build Debian package with FPM + run: | + # The -s dir option tells FPM the source is a directory. + # The -t deb option builds a deb package. + # -n is the package name and -v the version. + fpm -s dir -t deb -n magicfw-docker -v $VERSION -C package \ + -d "python3" \ + -d "python3-docker" + + - name: Upload to Forgejo Debian Registry + env: + FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }} + run: | + PACKAGE_NAME="magicfw-docker_${VERSION}_amd64.deb" # Update version accordingly + + curl --user "your_username:$FORGEJO_TOKEN" \ + --upload-file ./${PACKAGE_NAME} \ + "https://git.marcorealacci.me/api/packages/${{ github.repository_owner }}/debian/pool/${{env.DISTRIBUTION}}/${{env.COMPONENT}}/upload" \ No newline at end of file diff --git a/README.md b/README.md index 62b106a..b70179a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Docker Magic Firewall +# Docker Magic Firewall Service: README.md ## Project Overview @@ -28,6 +28,11 @@ You can define rules per container using specific Docker labels: - **Automatic Rule Cleanup:** When a container is restarted, stopped, or removed, the corresponding firewall rules are automatically cleaned. - **Support for Published Ports:** Rules are auto-generated for any published ports, restricting incoming traffic to only the ports explicitly exposed via Docker. +## Install +To make the installation easy, I provide a package for Debian-based distros, follow the instructions here: [https://git.marcorealacci.me/marcorealacci/-/packages/debian/magicfw-docker](https://git.marcorealacci.me/marcorealacci/-/packages/debian/magicfw-docker) + +To install the script manually, the required dependencies are `python3` and the `docker` library available from PyPI (`pip3 install docker`). + ## Configuration ### Environment Variables diff --git a/main.py b/src/magicfw.py similarity index 99% rename from main.py rename to src/magicfw.py index 619a415..cefe783 100644 --- a/main.py +++ b/src/magicfw.py @@ -1,3 +1,4 @@ +#!/usr/bin/env python3 import os import json import logging diff --git a/systemd/magicfw.service b/systemd/magicfw.service index bede43d..a769714 100644 --- a/systemd/magicfw.service +++ b/systemd/magicfw.service @@ -10,7 +10,7 @@ StartLimitBurst=10 Type=exec Restart=on-failure RestartSec=5s -ExecStart=/usr/bin/python3 /opt/docker_magicfw.py +ExecStart=/usr/local/bin/magicfw # Environment variables (customize as needed) Environment=LOG_LEVEL=INFO