From 0ff470d35c4368638bba7c2ba4c564002b3f2032 Mon Sep 17 00:00:00 2001
From: Simon <simon@gb7fr.org.uk>
Date: Sat, 13 May 2023 11:07:22 +0100
Subject: [PATCH] Add priv-control to default install

---
 docker-configs/docker-compose.yml        | 17 +++++++++++++++++
 docker-configs/docker-compose_install.sh |  7 +++----
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/docker-configs/docker-compose.yml b/docker-configs/docker-compose.yml
index a16282f..26fbf3a 100644
--- a/docker-configs/docker-compose.yml
+++ b/docker-configs/docker-compose.yml
@@ -22,12 +22,16 @@ services:
         container_name: freedmr
         cpu_shares: 1024
         mem_reservation: 600m
+        depends_on:
+          -freedmr-priv-control
         volumes:
             - '/etc/freedmr/freedmr.cfg:/opt/freedmr/freedmr.cfg'
             - '/var/log/freedmr/:/opt/freedmr/log/'
             - '/etc/freedmr/rules.py:/opt/freedmr/rules.py'
             #Write JSON files outside of container
             - '/etc/freedmr/json/:/opt/freedmr/json/'
+            - '/etc/freedmr/sockets/priv_control:/run/priv_control/'
+
 
         ports:
             - '62031:62031/udp'
@@ -103,6 +107,19 @@ services:
         logging:
               driver: json-file
 
+    freedmr-priv-control:
+        container_name: freedmr-priv-control
+        image: 'gitlab.hacknix.net:5050/freedmr/freedmr-privileged-control/priv_control:bullseye-latest'
+        restart: "unless-stopped"
+        volumes:
+            - '/etc/freedmr/sockets/priv_control:/run/priv_control/'
+        logging:
+              driver: json-file
+        cap_add:
+           - NET_ADMIN
+        network_mode: "host"
+
+
 networks:
   app_net:
     driver: bridge
diff --git a/docker-configs/docker-compose_install.sh b/docker-configs/docker-compose_install.sh
index 525408c..b95a800 100644
--- a/docker-configs/docker-compose_install.sh
+++ b/docker-configs/docker-compose_install.sh
@@ -22,9 +22,9 @@ echo FreeDMR Docker installer...
 
 echo Installing required packages...
 echo Install Docker Community Edition...
-apt-get -y remove docker docker-engine docker.io &&
+apt-get -y remove docker docker-engine docker.io ufw &&
 apt-get -y update &&
-apt-get -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common &&
+apt-get -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common conntrack iptables &&
 curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - &&
 ARCH=`/usr/bin/arch`
 echo "System architecture is $ARCH" 
@@ -62,6 +62,7 @@ echo Make config directory...
 mkdir /etc/freedmr &&
 mkdir -p /etc/freedmr/acme.sh && 
 mkdir -p /etc/freedmr/certs &&
+mkdir -p /etc/freedmr/sockets &&
 chmod -R 755 /etc/freedmr &&
 
 echo make json directory...
@@ -186,8 +187,6 @@ echo Get docker-compose.yml...
 cd /etc/freedmr &&
 curl https://gitlab.hacknix.net/hacknix/FreeDMR/-/raw/master/docker-configs/docker-compose.yml -o docker-compose.yml &&
 
-chmod 755 /etc/cron.daily/lastheard
-
 echo Tune network stack...
 cat << EOF > /etc/sysctl.conf &&
 net.core.rmem_default=134217728