From a3a621acd5c2f5abd1dd810369dc7b254bd9d722 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Tue, 28 Jan 2025 17:58:51 +0100 Subject: [PATCH 01/31] Improve title --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 78fcfc7..a20d100 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Docker Magic Firewall Service: README.md +# Docker Magic Firewall Service ## Project Overview From 7c218fc664c4559062f48784b78f1f5383e567b1 Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Tue, 28 Jan 2025 19:02:32 +0100 Subject: [PATCH 02/31] add build workflow --- .forgejo/workflows/build-debian-package.yml | 44 +++++++++++++++++++++ debian/changelog.in | 5 +++ debian/control | 12 ++++++ debian/install | 2 + debian/rules | 3 ++ debian/source/format | 1 + main.py => src/main.py | 0 7 files changed, 67 insertions(+) create mode 100644 .forgejo/workflows/build-debian-package.yml create mode 100644 debian/changelog.in create mode 100644 debian/control create mode 100644 debian/install create mode 100644 debian/rules create mode 100644 debian/source/format rename main.py => src/main.py (100%) diff --git a/.forgejo/workflows/build-debian-package.yml b/.forgejo/workflows/build-debian-package.yml new file mode 100644 index 0000000..aa6ca00 --- /dev/null +++ b/.forgejo/workflows/build-debian-package.yml @@ -0,0 +1,44 @@ +name: Build and Deploy Debian Package + +on: + push: + tags: + - '*' + +jobs: + build-package: + runs-on: docker + container: + image: catthehacker/ubuntu:act-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Parse distribution + run: | + if [[ "$GITHUB_REF_NAME" == *"@stable"* ]]; then + echo "DISTRO=stable" >> $GITHUB_ENV + else + echo "DISTRO=unstable" >> $GITHUB_ENV + fi + + - name: Setup Debian Packaging + run: | + sudo apt-get update + sudo apt-get install -y devscripts debhelper dh-python dh-systemd build-essential + + - name: Build Debian Package + run: | + debuild -us -uc -b + + - name: Upload to Forgejo Debian Registry + env: + FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }} + run: | + PACKAGE_NAME="magicfw_0.1.0-1_all.deb" # Update version accordingly + DISTRO="debian" # e.g., bullseye, bookworm + COMPONENT="main" + + curl --user "your_username:$FORGEJO_TOKEN" \ + --upload-file ../${PACKAGE_NAME} \ + "https://git.marcorealacci.me/api/packages/${{ github.repository_owner }}/debian/pool/${DISTRO}/${COMPONENT}/${PACKAGE_NAME}" \ No newline at end of file diff --git a/debian/changelog.in b/debian/changelog.in new file mode 100644 index 0000000..b759478 --- /dev/null +++ b/debian/changelog.in @@ -0,0 +1,5 @@ +magicfw ({{VERSION}}) unstable; urgency=medium + + * Automatic release from Git tag {{TAG}} + + -- Auto Release Bot $(date -R) \ No newline at end of file diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..1b68312 --- /dev/null +++ b/debian/control @@ -0,0 +1,12 @@ +Source: magicfw +Section: utils +Priority: optional +Maintainer: Marco Realacci +Build-Depends: debhelper-compat (= 13), dh-python, python3-all +Standards-Version: 4.6.0 + +Package: magicfw +Architecture: all +Depends: ${python3:Depends}, ${misc:Depends} +Description: A magic firewall service + Automatic build from Git tag ${TAG}. \ No newline at end of file diff --git a/debian/install b/debian/install new file mode 100644 index 0000000..8ccaa70 --- /dev/null +++ b/debian/install @@ -0,0 +1,2 @@ +src/main.py usr/bin/ +systemd/magicfw.service lib/systemd/system/ \ No newline at end of file diff --git a/debian/rules b/debian/rules new file mode 100644 index 0000000..a81fae6 --- /dev/null +++ b/debian/rules @@ -0,0 +1,3 @@ +#!/usr/bin/make -f +%: + dh $@ --with python3,systemd --buildsystem=pybuild \ No newline at end of file diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..46ebe02 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) \ No newline at end of file diff --git a/main.py b/src/main.py similarity index 100% rename from main.py rename to src/main.py From d72596fe0447bd1a807dd8d7caf464becda2e548 Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Tue, 28 Jan 2025 19:11:01 +0100 Subject: [PATCH 03/31] replace image --- .forgejo/workflows/build-debian-package.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/build-debian-package.yml b/.forgejo/workflows/build-debian-package.yml index aa6ca00..5490273 100644 --- a/.forgejo/workflows/build-debian-package.yml +++ b/.forgejo/workflows/build-debian-package.yml @@ -9,11 +9,23 @@ jobs: build-package: runs-on: docker container: - image: catthehacker/ubuntu:act-latest + image: debian:bookworm steps: - name: Checkout code uses: actions/checkout@v3 + - name: Setup Debian Packaging + run: | + apt-get update + apt-get install -y \ + devscripts \ + debhelper \ + dh-python \ + python3-all \ + build-essential \ + git \ + curl + - name: Parse distribution run: | if [[ "$GITHUB_REF_NAME" == *"@stable"* ]]; then From d6890b19e360d97b430994b0abc7f97aeffa5f5e Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Tue, 28 Jan 2025 19:15:24 +0100 Subject: [PATCH 04/31] back to ubuntu --- .forgejo/workflows/build-debian-package.yml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/.forgejo/workflows/build-debian-package.yml b/.forgejo/workflows/build-debian-package.yml index 5490273..aa6ca00 100644 --- a/.forgejo/workflows/build-debian-package.yml +++ b/.forgejo/workflows/build-debian-package.yml @@ -9,23 +9,11 @@ jobs: build-package: runs-on: docker container: - image: debian:bookworm + image: catthehacker/ubuntu:act-latest steps: - name: Checkout code uses: actions/checkout@v3 - - name: Setup Debian Packaging - run: | - apt-get update - apt-get install -y \ - devscripts \ - debhelper \ - dh-python \ - python3-all \ - build-essential \ - git \ - curl - - name: Parse distribution run: | if [[ "$GITHUB_REF_NAME" == *"@stable"* ]]; then From 733c53899ddf131406a679253136367758620daa Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Tue, 28 Jan 2025 23:09:27 +0100 Subject: [PATCH 05/31] Update title --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a20d100..62b106a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Docker Magic Firewall Service +# Docker Magic Firewall ## Project Overview From 25af0cff8bccc08bfe3971d471421c8be1cf3f34 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 02:01:50 +0100 Subject: [PATCH 06/31] Aggiorna .forgejo/workflows/build-debian-package.yml --- .forgejo/workflows/build-debian-package.yml | 63 +++++++++++++-------- 1 file changed, 39 insertions(+), 24 deletions(-) diff --git a/.forgejo/workflows/build-debian-package.yml b/.forgejo/workflows/build-debian-package.yml index aa6ca00..05acb96 100644 --- a/.forgejo/workflows/build-debian-package.yml +++ b/.forgejo/workflows/build-debian-package.yml @@ -1,12 +1,15 @@ -name: Build and Deploy Debian Package +name: Build and Publish Debian Package on: push: - tags: - - '*' + branches: + - main + pull_request: + branches: + - main jobs: - build-package: + build: runs-on: docker container: image: catthehacker/ubuntu:act-latest @@ -14,31 +17,43 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - - name: Parse distribution - run: | - if [[ "$GITHUB_REF_NAME" == *"@stable"* ]]; then - echo "DISTRO=stable" >> $GITHUB_ENV - else - echo "DISTRO=unstable" >> $GITHUB_ENV - fi + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.13' - - name: Setup Debian Packaging + - name: Install FPM dependencies run: | sudo apt-get update - sudo apt-get install -y devscripts debhelper dh-python dh-systemd build-essential + sudo apt-get install -y ruby ruby-dev build-essential + sudo gem install --no-document fpm - - name: Build Debian Package + - name: Prepare package structure run: | - debuild -us -uc -b + # Create temporary packaging directory + mkdir -p package/usr/local/bin + mkdir -p package/etc/systemd/system + # Copy main.py as the executable and rename if needed + cp main.py package/usr/local/bin/magicfw + chmod +x package/usr/local/bin/magicfw + # Copy the systemd service file + cp systemd/magicfw.service package/etc/systemd/system/ - - name: Upload to Forgejo Debian Registry - env: - FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }} + - name: Build Debian package with FPM run: | - PACKAGE_NAME="magicfw_0.1.0-1_all.deb" # Update version accordingly - DISTRO="debian" # e.g., bullseye, bookworm - COMPONENT="main" + # The -s dir option tells FPM the source is a directory. + # The -t deb option builds a deb package. + # -n is the package name and -v the version. + fpm -s dir -t deb -n magicfw -v 1.0.0 -C package . - curl --user "your_username:$FORGEJO_TOKEN" \ - --upload-file ../${PACKAGE_NAME} \ - "https://git.marcorealacci.me/api/packages/${{ github.repository_owner }}/debian/pool/${DISTRO}/${COMPONENT}/${PACKAGE_NAME}" \ No newline at end of file + # - name: Upload to Forgejo Debian Registry + # env: + # FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }} + # run: | + # PACKAGE_NAME="@magicfw_1.0.0_amd64.deb" # Update version accordingly + # DISTRO="debian" # e.g., bullseye, bookworm + # COMPONENT="main" + + # curl --user "your_username:$FORGEJO_TOKEN" \ + # --upload-file ../${PACKAGE_NAME} \ + # "https://git.marcorealacci.me/api/packages/${{ github.repository_owner }}/debian/pool/${DISTRO}/${COMPONENT}/${PACKAGE_NAME}" \ No newline at end of file From d95c49a1c42e057a7af4130792bb32d4606a49b1 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 02:02:38 +0100 Subject: [PATCH 07/31] Aggiorna .forgejo/workflows/build-debian-package.yml --- .forgejo/workflows/build-debian-package.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/build-debian-package.yml b/.forgejo/workflows/build-debian-package.yml index 05acb96..a066333 100644 --- a/.forgejo/workflows/build-debian-package.yml +++ b/.forgejo/workflows/build-debian-package.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - test pull_request: branches: - main From 4d52e80b0f1373bc3d246031007266a15675dcc9 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 02:03:42 +0100 Subject: [PATCH 08/31] Aggiorna .forgejo/workflows/build-debian-package.yml --- .forgejo/workflows/build-debian-package.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.forgejo/workflows/build-debian-package.yml b/.forgejo/workflows/build-debian-package.yml index a066333..3f7fd11 100644 --- a/.forgejo/workflows/build-debian-package.yml +++ b/.forgejo/workflows/build-debian-package.yml @@ -1,13 +1,17 @@ name: Build and Publish Debian Package + on: push: - branches: - - main - - test - pull_request: - branches: - - main + tags: + - '*' +# on: +# push: +# branches: +# - main +# pull_request: +# branches: +# - main jobs: build: From 0951031c35f7955744a83c269b77b2a611c65837 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 02:06:08 +0100 Subject: [PATCH 09/31] Aggiorna .forgejo/workflows/build-debian-package.yml --- .forgejo/workflows/build-debian-package.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.forgejo/workflows/build-debian-package.yml b/.forgejo/workflows/build-debian-package.yml index 3f7fd11..efb82c7 100644 --- a/.forgejo/workflows/build-debian-package.yml +++ b/.forgejo/workflows/build-debian-package.yml @@ -1,10 +1,10 @@ name: Build and Publish Debian Package - -on: - push: - tags: - - '*' +on: [push] +# on: +# push: +# tags: +# - '*' # on: # push: # branches: From bcb21618a2b39de14e83af2602804f1ba03baab9 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 02:06:46 +0100 Subject: [PATCH 10/31] Aggiorna README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 78fcfc7..a20d100 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Docker Magic Firewall Service: README.md +# Docker Magic Firewall Service ## Project Overview From f1a0ef62d21dbed3aaedd63832447efe655a91ca Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Sat, 15 Mar 2025 02:10:49 +0100 Subject: [PATCH 11/31] Trigger CI From bf1e27cad3079e6b2840a1e442597eef572b99bf Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Sat, 15 Mar 2025 02:11:33 +0100 Subject: [PATCH 12/31] test --- .forgejo/workflows/{build-debian-package.yml => build.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .forgejo/workflows/{build-debian-package.yml => build.yml} (100%) diff --git a/.forgejo/workflows/build-debian-package.yml b/.forgejo/workflows/build.yml similarity index 100% rename from .forgejo/workflows/build-debian-package.yml rename to .forgejo/workflows/build.yml From 5524987bebce710d86886c4abb0e0684908b0712 Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Sat, 15 Mar 2025 02:12:34 +0100 Subject: [PATCH 13/31] test --- .forgejo/workflows/build.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index efb82c7..e0cae2c 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -1,10 +1,10 @@ name: Build and Publish Debian Package -on: [push] -# on: -# push: -# tags: -# - '*' +#on: [push] +on: + push: + tags: + - '*' # on: # push: # branches: From d55391bf15fb432f3d60751e6854d87d8de6896b Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Sat, 15 Mar 2025 02:30:31 +0100 Subject: [PATCH 14/31] Trigger CI From b7aaf2253b1411f9494c66be6b0743aba292d1f9 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 02:31:09 +0100 Subject: [PATCH 15/31] Aggiorna .forgejo/workflows/build.yml --- .forgejo/workflows/build.yml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index e0cae2c..3c6a9c1 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -1,17 +1,15 @@ name: Build and Publish Debian Package #on: [push] + on: push: - tags: - - '*' -# on: -# push: -# branches: -# - main -# pull_request: -# branches: -# - main + branches: + - main + - test + pull_request: + branches: + - main jobs: build: From a5db9d457d91dbeacc959a2ec2787da5a67e7385 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 02:36:00 +0100 Subject: [PATCH 16/31] Aggiorna .forgejo/workflows/build.yml --- .forgejo/workflows/build.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index 3c6a9c1..925bd8f 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -20,6 +20,12 @@ jobs: - name: Checkout code uses: actions/checkout@v3 + - name: Debug file structure + run: ls -R + + - name: Debug pwd + run: pwd + - name: Set up Python uses: actions/setup-python@v4 with: From dd5ee5c83228693ed947bad624749068a12f5848 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 02:37:29 +0100 Subject: [PATCH 17/31] Aggiorna .forgejo/workflows/build.yml --- .forgejo/workflows/build.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index 925bd8f..3c490ac 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -20,11 +20,11 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - - name: Debug file structure - run: ls -R + # - name: Debug file structure + # run: ls -R - - name: Debug pwd - run: pwd + # - name: Debug pwd + # run: pwd - name: Set up Python uses: actions/setup-python@v4 @@ -43,7 +43,7 @@ jobs: mkdir -p package/usr/local/bin mkdir -p package/etc/systemd/system # Copy main.py as the executable and rename if needed - cp main.py package/usr/local/bin/magicfw + cp src/main.py package/usr/local/bin/magicfw chmod +x package/usr/local/bin/magicfw # Copy the systemd service file cp systemd/magicfw.service package/etc/systemd/system/ From 2ad4a883827cff06b9085926959c97d93a6f81ac Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 02:47:50 +0100 Subject: [PATCH 18/31] Aggiorna .forgejo/workflows/build.yml --- .forgejo/workflows/build.yml | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index 3c490ac..a73fb70 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -11,6 +11,10 @@ on: branches: - main +env: + DISTRIBUTION: bookworm + COMPONENT: main + jobs: build: runs-on: docker @@ -48,21 +52,24 @@ jobs: # Copy the systemd service file cp systemd/magicfw.service package/etc/systemd/system/ + - name: Generate version number + run: | + VERSION=$(git describe --tags --abbrev=0 2>/dev/null || echo "0.1.$(git rev-list --count HEAD)") + echo "VERSION=$VERSION" >> $GITHUB_ENV + - name: Build Debian package with FPM run: | # The -s dir option tells FPM the source is a directory. # The -t deb option builds a deb package. # -n is the package name and -v the version. - fpm -s dir -t deb -n magicfw -v 1.0.0 -C package . + fpm -s dir -t deb -n magicfw -v $VERSION -C package . - # - name: Upload to Forgejo Debian Registry - # env: - # FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }} - # run: | - # PACKAGE_NAME="@magicfw_1.0.0_amd64.deb" # Update version accordingly - # DISTRO="debian" # e.g., bullseye, bookworm - # COMPONENT="main" + - name: Upload to Forgejo Debian Registry + env: + FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }} + run: | + PACKAGE_NAME="@magicfw_${VERSION}_amd64.deb" # Update version accordingly - # curl --user "your_username:$FORGEJO_TOKEN" \ - # --upload-file ../${PACKAGE_NAME} \ - # "https://git.marcorealacci.me/api/packages/${{ github.repository_owner }}/debian/pool/${DISTRO}/${COMPONENT}/${PACKAGE_NAME}" \ No newline at end of file + curl --user "your_username:$FORGEJO_TOKEN" \ + --upload-file ../${PACKAGE_NAME} \ + "https://git.marcorealacci.me/api/packages/${{ github.repository_owner }}/debian/pool/${{env.DISTRIBUTION}}/${{env.COMPONENT}}/upload" \ No newline at end of file From 409ad256f0573f5d955699e05bb8e40fc8b564ea Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 02:48:59 +0100 Subject: [PATCH 19/31] Aggiorna .forgejo/workflows/build.yml --- .forgejo/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index a73fb70..d39d431 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -68,7 +68,7 @@ jobs: env: FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }} run: | - PACKAGE_NAME="@magicfw_${VERSION}_amd64.deb" # Update version accordingly + PACKAGE_NAME="magicfw_${VERSION}_amd64.deb" # Update version accordingly curl --user "your_username:$FORGEJO_TOKEN" \ --upload-file ../${PACKAGE_NAME} \ From 063ea9b64b8057ba05ae972cdea24d96ecd23265 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 02:50:36 +0100 Subject: [PATCH 20/31] Aggiorna .forgejo/workflows/build.yml --- .forgejo/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index d39d431..3b9c42b 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -71,5 +71,5 @@ jobs: PACKAGE_NAME="magicfw_${VERSION}_amd64.deb" # Update version accordingly curl --user "your_username:$FORGEJO_TOKEN" \ - --upload-file ../${PACKAGE_NAME} \ + --upload-file ./${PACKAGE_NAME} \ "https://git.marcorealacci.me/api/packages/${{ github.repository_owner }}/debian/pool/${{env.DISTRIBUTION}}/${{env.COMPONENT}}/upload" \ No newline at end of file From 0a7a3f70eb3e6e02d3cc104fbe14a6f1ae75755f Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Sat, 15 Mar 2025 02:54:49 +0100 Subject: [PATCH 21/31] rename package --- .forgejo/workflows/build.yml | 4 ++-- src/{main.py => magicfw.py} | 1 + systemd/magicfw.service | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) rename src/{main.py => magicfw.py} (99%) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index 3b9c42b..98e0b57 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -46,8 +46,8 @@ jobs: # Create temporary packaging directory mkdir -p package/usr/local/bin mkdir -p package/etc/systemd/system - # Copy main.py as the executable and rename if needed - cp src/main.py package/usr/local/bin/magicfw + # Copy magicfw.py as the executable and rename if needed + cp src/magicfw.py package/usr/local/bin/magicfw chmod +x package/usr/local/bin/magicfw # Copy the systemd service file cp systemd/magicfw.service package/etc/systemd/system/ diff --git a/src/main.py b/src/magicfw.py similarity index 99% rename from src/main.py rename to src/magicfw.py index 619a415..182103a 100644 --- a/src/main.py +++ b/src/magicfw.py @@ -1,3 +1,4 @@ +#!/usr/bin/env python import os import json import logging diff --git a/systemd/magicfw.service b/systemd/magicfw.service index bede43d..a769714 100644 --- a/systemd/magicfw.service +++ b/systemd/magicfw.service @@ -10,7 +10,7 @@ StartLimitBurst=10 Type=exec Restart=on-failure RestartSec=5s -ExecStart=/usr/bin/python3 /opt/docker_magicfw.py +ExecStart=/usr/local/bin/magicfw # Environment variables (customize as needed) Environment=LOG_LEVEL=INFO From ac5e859977bbdfbafb5a44b0aa7d5ce4aa59ddfd Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Sat, 15 Mar 2025 03:01:53 +0100 Subject: [PATCH 22/31] release --- .forgejo/workflows/build.yml | 4 ++-- debian/changelog.in | 5 ----- debian/control | 12 ------------ debian/install | 2 -- debian/rules | 3 --- debian/source/format | 1 - 6 files changed, 2 insertions(+), 25 deletions(-) delete mode 100644 debian/changelog.in delete mode 100644 debian/control delete mode 100644 debian/install delete mode 100644 debian/rules delete mode 100644 debian/source/format diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index 98e0b57..228222d 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -62,13 +62,13 @@ jobs: # The -s dir option tells FPM the source is a directory. # The -t deb option builds a deb package. # -n is the package name and -v the version. - fpm -s dir -t deb -n magicfw -v $VERSION -C package . + fpm -s dir -t deb -n magicfw-docker -v $VERSION -C package . - name: Upload to Forgejo Debian Registry env: FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }} run: | - PACKAGE_NAME="magicfw_${VERSION}_amd64.deb" # Update version accordingly + PACKAGE_NAME="magicfw-docker_${VERSION}_amd64.deb" # Update version accordingly curl --user "your_username:$FORGEJO_TOKEN" \ --upload-file ./${PACKAGE_NAME} \ diff --git a/debian/changelog.in b/debian/changelog.in deleted file mode 100644 index b759478..0000000 --- a/debian/changelog.in +++ /dev/null @@ -1,5 +0,0 @@ -magicfw ({{VERSION}}) unstable; urgency=medium - - * Automatic release from Git tag {{TAG}} - - -- Auto Release Bot $(date -R) \ No newline at end of file diff --git a/debian/control b/debian/control deleted file mode 100644 index 1b68312..0000000 --- a/debian/control +++ /dev/null @@ -1,12 +0,0 @@ -Source: magicfw -Section: utils -Priority: optional -Maintainer: Marco Realacci -Build-Depends: debhelper-compat (= 13), dh-python, python3-all -Standards-Version: 4.6.0 - -Package: magicfw -Architecture: all -Depends: ${python3:Depends}, ${misc:Depends} -Description: A magic firewall service - Automatic build from Git tag ${TAG}. \ No newline at end of file diff --git a/debian/install b/debian/install deleted file mode 100644 index 8ccaa70..0000000 --- a/debian/install +++ /dev/null @@ -1,2 +0,0 @@ -src/main.py usr/bin/ -systemd/magicfw.service lib/systemd/system/ \ No newline at end of file diff --git a/debian/rules b/debian/rules deleted file mode 100644 index a81fae6..0000000 --- a/debian/rules +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/make -f -%: - dh $@ --with python3,systemd --buildsystem=pybuild \ No newline at end of file diff --git a/debian/source/format b/debian/source/format deleted file mode 100644 index 46ebe02..0000000 --- a/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (quilt) \ No newline at end of file From aa12d238584c6854179318b3dcbbc0d4d8336f90 Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Sat, 15 Mar 2025 03:03:57 +0100 Subject: [PATCH 23/31] update CI --- .forgejo/workflows/build.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index 228222d..439e96b 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -4,12 +4,8 @@ name: Build and Publish Debian Package on: push: - branches: - - main - - test - pull_request: - branches: - - main + tags: + - "v*" env: DISTRIBUTION: bookworm From c7578c1fc8547227ab0143dc63776261ae315f66 Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Sat, 15 Mar 2025 03:07:50 +0100 Subject: [PATCH 24/31] fix version generation --- .forgejo/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index 439e96b..55cfbfa 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -50,7 +50,7 @@ jobs: - name: Generate version number run: | - VERSION=$(git describe --tags --abbrev=0 2>/dev/null || echo "0.1.$(git rev-list --count HEAD)") + VERSION=$(git describe --tags --abbrev=0 2>/dev/null | sed 's/^v//') echo "VERSION=$VERSION" >> $GITHUB_ENV - name: Build Debian package with FPM From 3201ac7be68a7276485d337acf3fd3fab0f182fe Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Sat, 15 Mar 2025 03:10:48 +0100 Subject: [PATCH 25/31] set python3 instead of python --- src/magicfw.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/magicfw.py b/src/magicfw.py index 182103a..cefe783 100644 --- a/src/magicfw.py +++ b/src/magicfw.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 import os import json import logging From 7e7dd0527665fea3798410affdedd9146b67b71f Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Sat, 15 Mar 2025 03:16:12 +0100 Subject: [PATCH 26/31] add python dependencies --- .forgejo/workflows/build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml index 55cfbfa..8dacf58 100644 --- a/.forgejo/workflows/build.yml +++ b/.forgejo/workflows/build.yml @@ -58,7 +58,9 @@ jobs: # The -s dir option tells FPM the source is a directory. # The -t deb option builds a deb package. # -n is the package name and -v the version. - fpm -s dir -t deb -n magicfw-docker -v $VERSION -C package . + fpm -s dir -t deb -n magicfw-docker -v $VERSION -C package \ + -d "python3" \ + -d "python3-docker" - name: Upload to Forgejo Debian Registry env: From 021c4ca4de444a0cdda276cd1dc0873a702cae10 Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Sat, 15 Mar 2025 03:23:49 +0100 Subject: [PATCH 27/31] Update project structure # Conflicts: # README.md --- .forgejo/workflows/build.yml | 73 ++++++++++++++++++++++++++++++++++++ README.md | 7 +++- main.py => src/magicfw.py | 1 + systemd/magicfw.service | 2 +- 4 files changed, 81 insertions(+), 2 deletions(-) create mode 100644 .forgejo/workflows/build.yml rename main.py => src/magicfw.py (99%) diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml new file mode 100644 index 0000000..8dacf58 --- /dev/null +++ b/.forgejo/workflows/build.yml @@ -0,0 +1,73 @@ +name: Build and Publish Debian Package + +#on: [push] + +on: + push: + tags: + - "v*" + +env: + DISTRIBUTION: bookworm + COMPONENT: main + +jobs: + build: + runs-on: docker + container: + image: catthehacker/ubuntu:act-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + # - name: Debug file structure + # run: ls -R + + # - name: Debug pwd + # run: pwd + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.13' + + - name: Install FPM dependencies + run: | + sudo apt-get update + sudo apt-get install -y ruby ruby-dev build-essential + sudo gem install --no-document fpm + + - name: Prepare package structure + run: | + # Create temporary packaging directory + mkdir -p package/usr/local/bin + mkdir -p package/etc/systemd/system + # Copy magicfw.py as the executable and rename if needed + cp src/magicfw.py package/usr/local/bin/magicfw + chmod +x package/usr/local/bin/magicfw + # Copy the systemd service file + cp systemd/magicfw.service package/etc/systemd/system/ + + - name: Generate version number + run: | + VERSION=$(git describe --tags --abbrev=0 2>/dev/null | sed 's/^v//') + echo "VERSION=$VERSION" >> $GITHUB_ENV + + - name: Build Debian package with FPM + run: | + # The -s dir option tells FPM the source is a directory. + # The -t deb option builds a deb package. + # -n is the package name and -v the version. + fpm -s dir -t deb -n magicfw-docker -v $VERSION -C package \ + -d "python3" \ + -d "python3-docker" + + - name: Upload to Forgejo Debian Registry + env: + FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }} + run: | + PACKAGE_NAME="magicfw-docker_${VERSION}_amd64.deb" # Update version accordingly + + curl --user "your_username:$FORGEJO_TOKEN" \ + --upload-file ./${PACKAGE_NAME} \ + "https://git.marcorealacci.me/api/packages/${{ github.repository_owner }}/debian/pool/${{env.DISTRIBUTION}}/${{env.COMPONENT}}/upload" \ No newline at end of file diff --git a/README.md b/README.md index 62b106a..b70179a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Docker Magic Firewall +# Docker Magic Firewall Service: README.md ## Project Overview @@ -28,6 +28,11 @@ You can define rules per container using specific Docker labels: - **Automatic Rule Cleanup:** When a container is restarted, stopped, or removed, the corresponding firewall rules are automatically cleaned. - **Support for Published Ports:** Rules are auto-generated for any published ports, restricting incoming traffic to only the ports explicitly exposed via Docker. +## Install +To make the installation easy, I provide a package for Debian-based distros, follow the instructions here: [https://git.marcorealacci.me/marcorealacci/-/packages/debian/magicfw-docker](https://git.marcorealacci.me/marcorealacci/-/packages/debian/magicfw-docker) + +To install the script manually, the required dependencies are `python3` and the `docker` library available from PyPI (`pip3 install docker`). + ## Configuration ### Environment Variables diff --git a/main.py b/src/magicfw.py similarity index 99% rename from main.py rename to src/magicfw.py index 619a415..cefe783 100644 --- a/main.py +++ b/src/magicfw.py @@ -1,3 +1,4 @@ +#!/usr/bin/env python3 import os import json import logging diff --git a/systemd/magicfw.service b/systemd/magicfw.service index bede43d..a769714 100644 --- a/systemd/magicfw.service +++ b/systemd/magicfw.service @@ -10,7 +10,7 @@ StartLimitBurst=10 Type=exec Restart=on-failure RestartSec=5s -ExecStart=/usr/bin/python3 /opt/docker_magicfw.py +ExecStart=/usr/local/bin/magicfw # Environment variables (customize as needed) Environment=LOG_LEVEL=INFO From 29aebce7aeb7132f62ef35728137e7e5ab7b895d Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 12:38:01 +0100 Subject: [PATCH 28/31] Aggiorna README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b70179a..910d929 100644 --- a/README.md +++ b/README.md @@ -20,11 +20,11 @@ You can define rules per container using specific Docker labels: | **Label Key** | **Description** | **Default** | |----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------|-------------| | `magicfw.firewall.allow_icc` | Enables communication between the container and other containers on different Docker networks (not normally possible in Docker environments). | `false` | -| `magicfw.firewall.allow_external` | Enables access to external networks (e.g., the internet) for the container. | `false` | +| `magicfw.firewall.allow_external` | Enables access from external networks (e.g., the internet) for the container. | `false` | ### Behavior and Functionalities - **Allow ICC (Inter-Container Communication):** When `magicfw.firewall.allow_icc` is `true`, the container can communicate with other containers across **different Docker networks** (useful for applications like reverse proxies such as Traefik). If `false`, the container is isolated from other Docker networks (default Docker behavior). -- **External Traffic:** When `magicfw.firewall.allow_external` is `true`, the container's network rules allow communication with external IPs. +- **External Traffic:** When `magicfw.firewall.allow_external` is `true`, the container's network rules allow communication from external networks (useful when NAT is disabled). - **Automatic Rule Cleanup:** When a container is restarted, stopped, or removed, the corresponding firewall rules are automatically cleaned. - **Support for Published Ports:** Rules are auto-generated for any published ports, restricting incoming traffic to only the ports explicitly exposed via Docker. From 4c377a124b746e7a8712dee3817c3a3ffc6e0617 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sat, 15 Mar 2025 12:43:54 +0100 Subject: [PATCH 29/31] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 910d929..dcf02d4 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Docker Magic Firewall Service: README.md +# Docker Magic Firewall Service ## Project Overview From b1d05cf84cf140bd8a98a29e0f8572f29789f423 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sun, 16 Mar 2025 16:02:33 +0100 Subject: [PATCH 30/31] Update examples --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index dcf02d4..97ffbef 100644 --- a/README.md +++ b/README.md @@ -61,8 +61,6 @@ services: labels: magicfw.firewall.allow_icc: "true" magicfw.firewall.allow_external: "true" - ports: - - 8080:80 ``` In the above example: From c37a1d23bf44d7ba52d3affd3f5348f3d69729f8 Mon Sep 17 00:00:00 2001 From: marcorealacci Date: Sun, 16 Mar 2025 16:05:56 +0100 Subject: [PATCH 31/31] Improve examples --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 97ffbef..70a6fbf 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ services: In the above example: - The `web` container can communicate with other containers on different Docker networks (`magicfw.firewall.allow_icc: true`). -- The container can be accessed by external hosts using the container's IP (`magicfw.firewall.allow_external: true`). +- The container can be accessed by external hosts using the container's IP (**not host IP!**) (`magicfw.firewall.allow_external: true`). This requires a route on other hosts or the router. #### Example 2 ```yaml @@ -95,7 +95,7 @@ services: In the above example: - The `web` container can communicate with other containers on different Docker networks (`magicfw.firewall.allow_icc: true`). -- External hosts can access the container via both :80 and :8080 (port mapping still works even with DISABLE_NAT) +- External hosts can access the container via both :80 and :8080 (port mapping still works even with `DISABLE_NAT` set to `true`, as only Source NAT will be disabled) - External hosts will not be able to access the container on ports other than 80 ---