Moved Debian package sources to a subdirectory of the repository.

debian-package/debian/postinst

@@ -0,0 +1,53 @@
+#!/bin/sh
+set -e
+. /usr/share/debconf/confmodule
+
+case "$1" in
+    configure)
+        # ── Read debconf answers ──────────────────────────────────────────────
+        db_get cloud-router/local_addrs;           CLOUD_ROUTER_LOCAL_ADDRS="$RET"
+        db_get cloud-router/local_fqdn;            CLOUD_ROUTER_LOCAL_FQDN="$RET"
+        db_get cloud-router/local_id_mode;         CLOUD_ROUTER_LOCAL_ID_MODE="$RET"
+        db_get cloud-router/local_cidrs;           CLOUD_ROUTER_LOCAL_CIDRS="$RET"
+        db_get cloud-router/remote_addrs;          CLOUD_ROUTER_REMOTE_ADDRS="$RET"
+        db_get cloud-router/remote_id;             CLOUD_ROUTER_REMOTE_ID="$RET"
+        db_get cloud-router/psk;                   CLOUD_ROUTER_PSK="$RET"
+        db_get cloud-router/remote_cidrs;          CLOUD_ROUTER_REMOTE_CIDRS="$RET"
+        db_get cloud-router/router_int_gateway_ip; CLOUD_ROUTER_ROUTER_INT_GATEWAY_IP="$RET"
+        db_get cloud-router/p2s_address_pool;      CLOUD_ROUTER_P2S_ADDRESS_POOL="$RET"
+        db_get cloud-router/wg_enabled;            CLOUD_ROUTER_WG_ENABLED="$RET"
+        db_get cloud-router/wg_address;            CLOUD_ROUTER_WG_ADDRESS="$RET"
+        db_get cloud-router/wg_listen_port;        CLOUD_ROUTER_WG_LISTEN_PORT="$RET"
+
+        # ── Render configuration files via Jinja2 templates ─────────────────
+        export CLOUD_ROUTER_LOCAL_ADDRS CLOUD_ROUTER_LOCAL_FQDN \
+               CLOUD_ROUTER_LOCAL_ID_MODE CLOUD_ROUTER_LOCAL_CIDRS \
+               CLOUD_ROUTER_REMOTE_ADDRS CLOUD_ROUTER_REMOTE_ID \
+               CLOUD_ROUTER_PSK CLOUD_ROUTER_REMOTE_CIDRS \
+               CLOUD_ROUTER_ROUTER_INT_GATEWAY_IP CLOUD_ROUTER_P2S_ADDRESS_POOL \
+               CLOUD_ROUTER_WG_ENABLED CLOUD_ROUTER_WG_ADDRESS \
+               CLOUD_ROUTER_WG_LISTEN_PORT
+
+        /usr/lib/cloud-router/configure
+
+        db_set cloud-router/psk ""
+
+        # ── Apply system settings ─────────────────────────────────────────────
+        sysctl --system
+        netplan apply
+        systemctl daemon-reload
+        systemctl restart systemd-resolved
+
+        # ── UFW: ensure SSH is allowed then enable ────────────────────────────
+        ufw allow 22/tcp
+        ufw --force enable
+        ufw reload
+
+        # ── strongSwan ────────────────────────────────────────────────────────
+        systemctl enable --now strongswan
+        ;;
+esac
+
+#DEBHELPER#
+
+db_stop