You are here
I'm slowly developing a set of customizations which I apply to every Turnkey image I deploy on the live internet.. basically my own extended firewall setup, among other things.
What would be the best way if I wanted to share some of this work as a mod that people could potentially use? I don't really understand the development stack fully enough to know if that's something which would only be useful to others building stuff with TKLdev, or if it's something that could be shared to the point that some reasonably clever person can produce any of the Turnkey appliances, but with the mods added, without having to learn everything about TKLdev.
Does that make sense??
Thanks for the great work on version 16, I already have a few v16 servers deployed in various places :)
It depends...
It depends how universal your changes would be. If you have some specific examples/suggestions, then I'm happy to discuss more specifics.
If there are changes that everybody would benefit from, then they should be pre-configured in TurnKey. Where they should go exactly will depend on which appliance(s) the change applies to.
I.e.:
If the changes might be of value to most, but are not so clearly universally useful or valuable, then how to best share them will depend. Documentation is a good MVP (minimum viable product) IMO, especially if it can be copy/pasted in a SSH session.
Another option would be include them as a config script (included as per above rationale of which repo they would go in). To make them more use friendly and accessible to users, a Confconsole plugin might be a useful way to distribute them? That would require some basic Python understanding - and these resources might help too: doc page and example.py. Note that the example.py is included in the install and can be found locally at /usr/lib/confconsole/plugins.d/example.py.
If they are more exclusively for your own purposes, then our TKLPatch tool might be a good option? TKLPatch can apply a tklpatch archive or directory (which essentially uses a simplified version of the same layout as appliance build code). It can apply it to pre-built ISO file (and rebuild a new ISO) or to a rootfs (a chroot or even a running server, i.e. '/' - although that may be a little more fragile).
As a general rule though, I would argue that if you have some tweaks that provide value for you, then others would probably also get value from them! So it'd be great to share your tweaks. Even if we don't distribute them, just documenting them would be of value.
Cool thanks, this gives me
Cool thanks, this gives me some potential avenues to contribute.
Some of what I've done is simple firewall changes (fail2ban tweaks) which are probably a decent candidate for core.
I also have additional firewall setup which downloads IP blacklists once a day and blocks inbound packets from them, even a fairly conservative set of blacklists results in a drastic decrease in brute force traffic. However, this isn't something that should necessarily be turned on out of the box for a number of reasons. So maybe that's a candidate for a confconsole plugin to install??
Fail2ban tweaks would be warmly welcomed! :)
I did have a breif look at some improvments for v16.0 but backed out. v16.0 was so far behind schedule that I had to pull the pin. Perhaps if I was more familiar with fail2ban, it could have been done, but I got a bit bogged down and had to focus on getting v16.0 done.
But certainly if you have improvements, I'd love to see them included. FWIW, there is an issue on the tracker (I just noticed it was still pinned to the v16.0 milestone so have moved it to v16.1).
Your firewall blacklist sounds great. Sounds like a fantastic candidate for a Confconsole plugin! :)
As I say, I'm happy to discuss further specifics for other ideas you might have.
Add new comment