Add uninstall script 'remove.sh'.
This commit is contained in:
3
.gitignore
vendored
3
.gitignore
vendored
@@ -5,3 +5,6 @@
|
||||
# Built artifacts
|
||||
*.tar.gz
|
||||
*.zip
|
||||
|
||||
# Removed and Backuped files
|
||||
uninstalled-*/
|
||||
|
||||
101
remove.sh
Executable file
101
remove.sh
Executable file
@@ -0,0 +1,101 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
say(){ echo "[nft-fw-nd-priv:remove] $*"; }
|
||||
ts(){ date +"%Y%m%d-%H%M%S"; }
|
||||
|
||||
need_root() {
|
||||
if [[ "${EUID:-$(id -u)}" -ne 0 ]]; then
|
||||
say "ERROR: Please run as root."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Determine directory of this script (works even when called via symlink)
|
||||
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
|
||||
BACKUP_DIR="${SCRIPT_DIR}/uninstalled-$(ts)"
|
||||
|
||||
ensure_backup_dir() {
|
||||
mkdir -p "$BACKUP_DIR"
|
||||
}
|
||||
|
||||
# Move a file into BACKUP_DIR while preserving its absolute path structure
|
||||
# e.g. /etc/default/nft-fw -> $BACKUP_DIR/etc/default/nft-fw
|
||||
backup_then_remove() {
|
||||
local src="$1"
|
||||
|
||||
if [[ -e "$src" ]]; then
|
||||
ensure_backup_dir
|
||||
local rel="${src#/}" # strip leading /
|
||||
local dst="${BACKUP_DIR}/${rel}"
|
||||
mkdir -p "$(dirname -- "$dst")"
|
||||
say "Backing up $src -> $dst"
|
||||
mv -f -- "$src" "$dst"
|
||||
else
|
||||
say "Not present: $src"
|
||||
fi
|
||||
}
|
||||
|
||||
remove_file() {
|
||||
local f="$1"
|
||||
if [[ -e "$f" ]]; then
|
||||
say "Removing $f"
|
||||
rm -f -- "$f"
|
||||
else
|
||||
say "Not present: $f"
|
||||
fi
|
||||
}
|
||||
|
||||
need_root
|
||||
|
||||
SERVICE="nft-fw.service"
|
||||
|
||||
say "Backup directory (if needed): $BACKUP_DIR"
|
||||
|
||||
say "Stopping/disabling systemd unit (if present)..."
|
||||
if command -v systemctl >/dev/null 2>&1; then
|
||||
if systemctl list-unit-files | awk '{print $1}' | grep -qx "$SERVICE"; then
|
||||
systemctl disable --now "$SERVICE" || true
|
||||
else
|
||||
systemctl stop "$SERVICE" 2>/dev/null || true
|
||||
fi
|
||||
fi
|
||||
|
||||
say "Trying to stop firewall via fw-stop (if installed)..."
|
||||
if [[ -x /usr/local/sbin/fw-stop ]]; then
|
||||
/usr/local/sbin/fw-stop || true
|
||||
fi
|
||||
|
||||
say "Removing installed scripts..."
|
||||
remove_file /usr/local/sbin/fw-apply
|
||||
remove_file /usr/local/sbin/fw-stop
|
||||
|
||||
say "Removing template..."
|
||||
backup_then_remove /etc/nftables.conf.in
|
||||
|
||||
say "Removing default config..."
|
||||
backup_then_remove /etc/default/nft-fw
|
||||
|
||||
say "Removing systemd unit file..."
|
||||
backup_then_remove /etc/systemd/system/nft-fw.service
|
||||
|
||||
say "Reloading systemd..."
|
||||
if command -v systemctl >/dev/null 2>&1; then
|
||||
systemctl daemon-reload || true
|
||||
fi
|
||||
|
||||
say "Cleaning fail2ban drop-in (leaving fail2ban installed)..."
|
||||
F2B_DROPIN="/etc/fail2ban/jail.d/nft-fw-nd-priv.local"
|
||||
if [[ -e "$F2B_DROPIN" ]]; then
|
||||
backup_then_remove "$F2B_DROPIN"
|
||||
if command -v systemctl >/dev/null 2>&1; then
|
||||
systemctl restart fail2ban 2>/dev/null || true
|
||||
fi
|
||||
else
|
||||
say "Not present: $F2B_DROPIN"
|
||||
fi
|
||||
|
||||
say "Done."
|
||||
say "Note: update-alternatives were left unchanged (as requested)."
|
||||
say "Backups (if any) are in: $BACKUP_DIR"
|
||||
|
||||
Reference in New Issue
Block a user