docs: add configure-server cleanup design
This commit is contained in:
Storm Dragon
@@ -0,0 +1,89 @@
|
||||
# Configure-Server Cleanup And Firewall Design
|
||||
|
||||
## Goal
|
||||
|
||||
Turn this repository from a copied `configure-stormux` launcher into a minimal server-focused entrypoint that starts where the conversion process leaves off. For the first pass, the top-level interface should expose only firewall management and exit.
|
||||
|
||||
## Current State
|
||||
|
||||
`configure-server.sh` is still structured like the workstation-oriented `configure-stormux` script. Most menu entries and helper includes target desktop, accessibility, gaming, or first-boot setup behavior that should already be complete before this tool is run. The only server-specific behavior is `.includes/convert-to-server.sh`, which is a destructive one-shot conversion script rather than an ongoing management interface.
|
||||
|
||||
## Scope
|
||||
|
||||
This change covers:
|
||||
|
||||
- Reworking `configure-server.sh` into a server-specific launcher.
|
||||
- Adding a dedicated firewall submenu implemented in a new `.includes/firewall.sh`.
|
||||
- Removing obsolete `.includes` scripts that are no longer used by the server launcher.
|
||||
- Updating touched user-facing strings from `configure-stormux` or `Stormux` phrasing where it materially improves correctness for this repo.
|
||||
|
||||
This change does not cover:
|
||||
|
||||
- User management.
|
||||
- Nginx or other service setup.
|
||||
- Advanced firewall rule editing beyond basic allow/status/enable/disable flows.
|
||||
- Reusing `.includes/convert-to-server.sh` from the main menu.
|
||||
|
||||
## Top-Level Interface
|
||||
|
||||
The top-level menu in `configure-server.sh` will contain exactly:
|
||||
|
||||
- `Firewall`
|
||||
- `Exit`
|
||||
|
||||
Selecting `Firewall` will source `.includes/firewall.sh`. Selecting `Exit` or cancelling the menu will terminate the script cleanly.
|
||||
|
||||
## Firewall Submenu
|
||||
|
||||
The firewall submenu is intentionally narrow and dialog-driven. It will provide:
|
||||
|
||||
- `Install ufw`
|
||||
- `Enable firewall`
|
||||
- `Disable firewall`
|
||||
- `Allow SSH`
|
||||
- `Open custom port`
|
||||
- `View status`
|
||||
- `Back`
|
||||
|
||||
Behavior details:
|
||||
|
||||
- `Install ufw` installs the package only if it is not already present.
|
||||
- `Enable firewall` runs `ufw enable`.
|
||||
- `Disable firewall` runs `ufw disable`.
|
||||
- `Allow SSH` allows the current OpenSSH port if detectable from `sshd_config` or `sshd_config.d`; otherwise it falls back to port `22/tcp`.
|
||||
- `Open custom port` prompts for either a bare port such as `80` or an explicit `port/protocol` string such as `443/tcp` and validates the input before calling `ufw allow`.
|
||||
- `View status` shows `ufw status verbose` in a dialog-friendly text view.
|
||||
|
||||
## File Boundaries
|
||||
|
||||
- `configure-server.sh`
|
||||
- Owns startup checks, logging, shared include loading, and the top-level menu loop.
|
||||
- `.includes/firewall.sh`
|
||||
- Owns the firewall submenu and firewall-specific helper functions.
|
||||
- `.includes/functions.sh`
|
||||
- Continues to own shared helpers still used by the launcher or firewall flow.
|
||||
- `.includes/ui.sh`
|
||||
- Continues to own dialog wrapper functions.
|
||||
|
||||
Obsolete include files that are no longer referenced by the top-level server launcher will be deleted as part of this cleanup.
|
||||
|
||||
## Cleanup Rules
|
||||
|
||||
- Remove menu options and code paths tied to desktop setup, screen readers, gaming, IRC help, GUI installs, EEPROM updates, timezone setup, first-user renaming, or the old conversion step.
|
||||
- Delete the corresponding unused `.includes` scripts from the repository rather than leaving dead files behind.
|
||||
- Keep changes scoped to this server cleanup and firewall addition; do not add placeholders for future subsystems.
|
||||
|
||||
## Error Handling
|
||||
|
||||
- Missing `ufw` will be reported clearly for actions that require it, with `Install ufw` available as the explicit fix path.
|
||||
- Invalid custom port input will show a message and return to the firewall menu without applying a rule.
|
||||
- Commands that require privilege will continue using the existing `sudoFlags` handling.
|
||||
|
||||
## Verification
|
||||
|
||||
Verification for this change will be limited to the narrowest relevant shell checks:
|
||||
|
||||
- `bash -n` on each edited shell script.
|
||||
- `shellcheck` on each edited shell script.
|
||||
|
||||
No runtime firewall manipulation will be claimed as verified unless it is actually executed in this environment.
|
||||
Reference in New Issue
Block a user