feat: deploy NC01 Sub2API target
Pipelines as Code CI / hwlab-web-probe-sentinel-nc01- Success

This commit is contained in:
Codex
2026-07-09 13:16:58 +02:00
parent 21935e7319
commit 8347d5ed1b
17 changed files with 483 additions and 37 deletions
+5
View File
@@ -548,6 +548,11 @@ function restrictedHostAccessScript(config: UniDeskConfig): string {
];
return [
"iptables -N DOCKER-USER 2>/dev/null || true",
...access.allowedForwardRules.map((rule) => [
`iptables -C DOCKER-USER -s ${shellQuote(rule.sourceCidr)} -d ${shellQuote(rule.destinationCidr)} -p tcp --dport ${rule.port} -j ACCEPT 2>/dev/null`,
` || iptables -I DOCKER-USER 1 -s ${shellQuote(rule.sourceCidr)} -d ${shellQuote(rule.destinationCidr)} -p tcp --dport ${rule.port} -j ACCEPT`,
`echo ${shellJoin(["restricted_host_forward_access", rule.id, rule.sourceCidr, rule.destinationCidr, String(rule.port), rule.purpose])}`,
].join(" \\\n")),
...ports.flatMap((port) => [
...access.allowedSourceCidrs.map((source) => [
`iptables -C DOCKER-USER -s ${shellQuote(source)} -p tcp --dport ${port.containerPort} -j ACCEPT 2>/dev/null`,