soleprint init commit

station/tools/hub/README.md

@@ -0,0 +1,73 @@
+# Hub Port Management Scripts
+
+Super alpha version of firewall port management for Core Nest services.
+
+## Files
+
+- **ports** - List of ports to manage (one per line, comments allowed)
+- **update-ports.sh** - Generate ports file from .env configurations
+- **iptables.sh** - Manage ports using iptables
+- **ufw.sh** - Manage ports using ufw
+- **firewalld.sh** - Manage ports using firewalld
+
+## Firewall Tools
+
+Choose the tool that matches your system:
+
+- **iptables** - Most Linux systems (rules not persistent by default)
+- **ufw** - Ubuntu/Debian (Uncomplicated Firewall)
+- **firewalld** - RHEL/CentOS/Fedora
+
+## Usage
+
+### Update ports from configuration
+```bash
+./update-ports.sh
+```
+
+### Open ports (choose your firewall)
+```bash
+# Using iptables
+sudo ./iptables.sh open
+
+# Using ufw
+sudo ./ufw.sh open
+
+# Using firewalld
+sudo ./firewalld.sh open
+```
+
+### Close ports (choose your firewall)
+```bash
+# Using iptables
+sudo ./iptables.sh close
+
+# Using ufw
+sudo ./ufw.sh close
+
+# Using firewalld
+sudo ./firewalld.sh close
+```
+
+## Default Ports
+
+- **3000** - Amar Frontend
+- **8000** - Amar Backend
+- **13000** - Pawprint
+- **13001** - Artery
+- **13002** - Album
+- **13003** - Ward
+
+## Notes
+
+- **iptables**: Rules are not persistent across reboots unless you install `iptables-persistent`
+- **ufw**: Remember to run `sudo ufw reload` after making changes
+- **firewalld**: Scripts automatically reload the firewall
+
+## Future Improvements
+
+- Auto-detect firewall system
+- Support for multiple nests
+- Integration with ward UI
+- Per-service port management
+- LAN subnet restrictions

station/tools/hub/firewalld.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+# Manage Core Nest ports using firewalld
+# Usage: sudo ./firewalld.sh [open|close]
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PORTS_FILE="$SCRIPT_DIR/ports"
+
+if [ "$EUID" -ne 0 ]; then
+    echo "Error: This script must be run as root (use sudo)"
+    exit 1
+fi
+
+if ! command -v firewall-cmd &> /dev/null; then
+    echo "Error: firewalld is not installed"
+    exit 1
+fi
+
+if [ ! -f "$PORTS_FILE" ]; then
+    echo "Error: ports file not found at $PORTS_FILE"
+    exit 1
+fi
+
+ACTION="${1:-}"
+if [ "$ACTION" != "open" ] && [ "$ACTION" != "close" ]; then
+    echo "Usage: sudo $0 [open|close]"
+    exit 1
+fi
+
+if [ "$ACTION" = "open" ]; then
+    echo "=== Opening Core Nest Ports (firewalld) ==="
+else
+    echo "=== Closing Core Nest Ports (firewalld) ==="
+fi
+echo ""
+
+# Read ports and apply action
+while IFS= read -r line || [ -n "$line" ]; do
+    # Skip comments and empty lines
+    [[ "$line" =~ ^#.*$ ]] && continue
+    [[ -z "$line" ]] && continue
+
+    port=$(echo "$line" | tr -d ' ')
+
+    if [ "$ACTION" = "open" ]; then
+        echo "  Port $port: Opening..."
+        firewall-cmd --permanent --add-port="${port}/tcp"
+        echo "  Port $port: ✓ Opened"
+    else
+        echo "  Port $port: Closing..."
+        firewall-cmd --permanent --remove-port="${port}/tcp" 2>/dev/null || echo "  Port $port: Not found (already closed)"
+        echo "  Port $port: ✓ Closed"
+    fi
+done < "$PORTS_FILE"
+
+# Reload firewall to apply changes
+echo ""
+echo "Reloading firewall..."
+firewall-cmd --reload
+
+echo ""
+echo "=== Done ==="

station/tools/hub/iptables.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+# Manage Core Nest ports using iptables
+# Usage: sudo ./iptables.sh [open|close]
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PORTS_FILE="$SCRIPT_DIR/ports"
+
+if [ "$EUID" -ne 0 ]; then
+    echo "Error: This script must be run as root (use sudo)"
+    exit 1
+fi
+
+if [ ! -f "$PORTS_FILE" ]; then
+    echo "Error: ports file not found at $PORTS_FILE"
+    exit 1
+fi
+
+ACTION="${1:-}"
+if [ "$ACTION" != "open" ] && [ "$ACTION" != "close" ]; then
+    echo "Usage: sudo $0 [open|close]"
+    exit 1
+fi
+
+if [ "$ACTION" = "open" ]; then
+    echo "=== Opening Core Nest Ports (iptables) ==="
+else
+    echo "=== Closing Core Nest Ports (iptables) ==="
+fi
+echo ""
+
+# Read ports and apply action
+while IFS= read -r line || [ -n "$line" ]; do
+    # Skip comments and empty lines
+    [[ "$line" =~ ^#.*$ ]] && continue
+    [[ -z "$line" ]] && continue
+
+    port=$(echo "$line" | tr -d ' ')
+
+    if [ "$ACTION" = "open" ]; then
+        # Open port
+        if iptables -C INPUT -p tcp --dport "$port" -j ACCEPT 2>/dev/null; then
+            echo "  Port $port: Already open"
+        else
+            echo "  Port $port: Opening..."
+            iptables -I INPUT -p tcp --dport "$port" -j ACCEPT
+            echo "  Port $port: ✓ Opened"
+        fi
+    else
+        # Close port
+        if iptables -C INPUT -p tcp --dport "$port" -j ACCEPT 2>/dev/null; then
+            echo "  Port $port: Closing..."
+            iptables -D INPUT -p tcp --dport "$port" -j ACCEPT
+            echo "  Port $port: ✓ Closed"
+        else
+            echo "  Port $port: Already closed"
+        fi
+    fi
+done < "$PORTS_FILE"
+
+echo ""
+echo "=== Done ==="
+
+if [ "$ACTION" = "open" ]; then
+    echo ""
+    echo "Note: iptables rules are not persistent across reboots."
+    echo "To make persistent, install iptables-persistent:"
+    echo "  apt-get install iptables-persistent"
+    echo "  netfilter-persistent save"
+fi

station/tools/hub/ports

@@ -0,0 +1,13 @@
+# Core Nest Ports
+# Format: one port per line
+# Comments allowed with #
+
+# Amar
+3000
+8000
+
+# Pawprint Services
+13000
+13001
+13002
+13003

station/tools/hub/ufw.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+# Manage Core Nest ports using ufw
+# Usage: sudo ./ufw.sh [open|close]
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PORTS_FILE="$SCRIPT_DIR/ports"
+
+if [ "$EUID" -ne 0 ]; then
+    echo "Error: This script must be run as root (use sudo)"
+    exit 1
+fi
+
+if ! command -v ufw &> /dev/null; then
+    echo "Error: ufw is not installed"
+    exit 1
+fi
+
+if [ ! -f "$PORTS_FILE" ]; then
+    echo "Error: ports file not found at $PORTS_FILE"
+    exit 1
+fi
+
+ACTION="${1:-}"
+if [ "$ACTION" != "open" ] && [ "$ACTION" != "close" ]; then
+    echo "Usage: sudo $0 [open|close]"
+    exit 1
+fi
+
+if [ "$ACTION" = "open" ]; then
+    echo "=== Opening Core Nest Ports (ufw) ==="
+else
+    echo "=== Closing Core Nest Ports (ufw) ==="
+fi
+echo ""
+
+# Read ports and apply action
+while IFS= read -r line || [ -n "$line" ]; do
+    # Skip comments and empty lines
+    [[ "$line" =~ ^#.*$ ]] && continue
+    [[ -z "$line" ]] && continue
+
+    port=$(echo "$line" | tr -d ' ')
+
+    if [ "$ACTION" = "open" ]; then
+        echo "  Port $port: Opening..."
+        ufw allow "$port/tcp" comment "Core Nest"
+        echo "  Port $port: ✓ Opened"
+    else
+        echo "  Port $port: Closing..."
+        ufw delete allow "$port/tcp" 2>/dev/null || echo "  Port $port: Not found (already closed)"
+        echo "  Port $port: ✓ Closed"
+    fi
+done < "$PORTS_FILE"
+
+echo ""
+echo "=== Done ==="
+echo ""
+echo "Reload ufw to apply changes:"
+echo "  ufw reload"

station/tools/hub/update-ports.sh

@@ -0,0 +1,88 @@
+#!/bin/bash
+# Update ports file from core_nest configuration
+# Gathers ports from pawprint and amar .env files
+#
+# Usage: ./update-ports.sh
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PORTS_FILE="$SCRIPT_DIR/ports"
+
+# TODO: Make these configurable or auto-detect
+CORE_NEST_ROOT="${CORE_NEST_ROOT:-/home/mariano/core_nest}"
+PAWPRINT_ENV="$CORE_NEST_ROOT/pawprint/.env"
+AMAR_ENV="$CORE_NEST_ROOT/amar/.env"
+
+echo "=== Updating Core Nest Ports ==="
+echo ""
+
+# Backup existing ports file
+if [ -f "$PORTS_FILE" ]; then
+    cp "$PORTS_FILE" "$PORTS_FILE.bak"
+    echo "  ✓ Backed up existing ports to ports.bak"
+fi
+
+# Start new ports file
+cat > "$PORTS_FILE" <<'EOF'
+# Core Nest Ports
+# Auto-generated by update-ports.sh
+# Format: one port per line
+# Comments allowed with #
+
+EOF
+
+# Extract ports from amar .env
+if [ -f "$AMAR_ENV" ]; then
+    echo "  Reading amar ports..."
+    echo "# Amar" >> "$PORTS_FILE"
+
+    # Frontend port (default 3000)
+    AMAR_FRONTEND_PORT=$(grep "^AMAR_FRONTEND_PORT=" "$AMAR_ENV" 2>/dev/null | cut -d'=' -f2 || echo "3000")
+    echo "$AMAR_FRONTEND_PORT" >> "$PORTS_FILE"
+
+    # Backend port (default 8000)
+    AMAR_BACKEND_PORT=$(grep "^AMAR_BACKEND_PORT=" "$AMAR_ENV" 2>/dev/null | cut -d'=' -f2 || echo "8000")
+    echo "$AMAR_BACKEND_PORT" >> "$PORTS_FILE"
+
+    echo "  ✓ Added amar ports: $AMAR_FRONTEND_PORT, $AMAR_BACKEND_PORT"
+else
+    echo "  ⚠ Amar .env not found, using defaults"
+    echo "# Amar (defaults)" >> "$PORTS_FILE"
+    echo "3000" >> "$PORTS_FILE"
+    echo "8000" >> "$PORTS_FILE"
+fi
+
+echo "" >> "$PORTS_FILE"
+
+# Extract ports from pawprint .env
+if [ -f "$PAWPRINT_ENV" ]; then
+    echo "  Reading pawprint ports..."
+    echo "# Pawprint Services" >> "$PORTS_FILE"
+
+    PAWPRINT_PORT=$(grep "^PAWPRINT_PORT=" "$PAWPRINT_ENV" 2>/dev/null | cut -d'=' -f2 || echo "13000")
+    ARTERY_PORT=$(grep "^ARTERY_PORT=" "$PAWPRINT_ENV" 2>/dev/null | cut -d'=' -f2 || echo "13001")
+    ALBUM_PORT=$(grep "^ALBUM_PORT=" "$PAWPRINT_ENV" 2>/dev/null | cut -d'=' -f2 || echo "13002")
+    WARD_PORT=$(grep "^WARD_PORT=" "$PAWPRINT_ENV" 2>/dev/null | cut -d'=' -f2 || echo "13003")
+
+    echo "$PAWPRINT_PORT" >> "$PORTS_FILE"
+    echo "$ARTERY_PORT" >> "$PORTS_FILE"
+    echo "$ALBUM_PORT" >> "$PORTS_FILE"
+    echo "$WARD_PORT" >> "$PORTS_FILE"
+
+    echo "  ✓ Added pawprint ports: $PAWPRINT_PORT, $ARTERY_PORT, $ALBUM_PORT, $WARD_PORT"
+else
+    echo "  ⚠ Pawprint .env not found, using defaults"
+    echo "# Pawprint Services (defaults)" >> "$PORTS_FILE"
+    echo "13000" >> "$PORTS_FILE"
+    echo "13001" >> "$PORTS_FILE"
+    echo "13002" >> "$PORTS_FILE"
+    echo "13003" >> "$PORTS_FILE"
+fi
+
+echo ""
+echo "=== Done ==="
+echo ""
+echo "Updated ports file: $PORTS_FILE"
+echo ""
+cat "$PORTS_FILE"