Skip to content

Instantly share code, notes, and snippets.

@pedrom34
Last active December 21, 2023 14:04
Show Gist options
  • Save pedrom34/187c896fa3ad3e6aebf212b9597ed0f1 to your computer and use it in GitHub Desktop.
Save pedrom34/187c896fa3ad3e6aebf212b9597ed0f1 to your computer and use it in GitHub Desktop.
Whitelist public IP in Authelia and Crowdsec, notify, log and restart containers.
#!/bin/bash
# Set the path to the .last_ip file
LAST_IP_FILE=/opt/scripts/.last_ip
# Get the current IP address
CURRENT_IP=$(curl -s ifconfig.co)
VALID_IP=$( [[ $CURRENT_IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && echo true || echo false )
# set telegram infos
TOKEN="XX:XX-XX"
CHAT_ID="XX"
URL="https://api.telegram.org/bot$TOKEN/sendMessage"
function whitelist() {
## - authelia
authelia="/opt/containers/nginx/authelia/configuration.yml"
sed -i "s/^.*#WAN_IP$/ - '$CURRENT_IP\/32' #WAN_IP/" "$authelia"
nohup /usr/bin/docker restart authelia >/dev/null 2>&1 &
## - crowdsec
crowdsec="/opt/containers/nginx/crowdsec/hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml"
sed -i "s/^.*# WAN_IP.*/ - \"$CURRENT_IP\" # WAN_IP/" "$crowdsec"
nohup /usr/bin/docker restart crowdsec >/dev/null 2>&1 &
}
#if invalid ip, i.e. lookup error, log and exit
if [[ $VALID_IP == false ]]; then
echo "$(date '+%Y-%m-%d %H:%M:%S') - Unable to get IP, value: $CURRENT_IP" >> /opt/scripts/ip_change.log
exit 1
fi
# Check if the .last_ip file exists
if [ -f "$LAST_IP_FILE" ]; then
# Read the last IP address from the file
read -ru 0 last_ip < "$LAST_IP_FILE"
# Compare the current IP address to the last IP address
if [ "$CURRENT_IP" != "$last_ip" ]; then
# Log a message indicating that the IP address has changed
echo "$(date '+%Y-%m-%d %H:%M:%S') - IP address has changed from $last_ip to $CURRENT_IP" >> /opt/scripts/ip_change.log
# Update the last IP address in the file
echo "$CURRENT_IP" > "$LAST_IP_FILE"
whitelist "$CURRENT_IP"
# send pushover alert
curl -s -X POST $URL -d chat_id=$CHAT_ID -d text="New IP !%0APublic IP has changed. New IP: $CURRENT_IP.%0AReminder, last IP: $last_ip"
fi
else
# The .last_ip file doesn't exist, so create it and store the current IP address in it
echo "$CURRENT_IP" > "$LAST_IP_FILE"
# Set permissions for the .last_ip file so it can be read by other users
chmod 644 "$LAST_IP_FILE"
# Set ownership for the .last_ip file to root and the group to root
chown root:root "$LAST_IP_FILE"
# log IP to file
echo "$(date '+%Y-%m-%d %H:%M:%S') - IP address has been set to $CURRENT_IP" >> /root/scripts/ip_change.log
whitelist "$CURRENT_IP"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment