#!/bin/sh set -e . /usr/share/debconf/confmodule case "$1" in configure) # ── Read debconf answers ────────────────────────────────────────────── db_get cloud-router/local_addrs; CLOUD_ROUTER_LOCAL_ADDRS="$RET" db_get cloud-router/local_fqdn; CLOUD_ROUTER_LOCAL_FQDN="$RET" db_get cloud-router/local_id_mode; CLOUD_ROUTER_LOCAL_ID_MODE="$RET" db_get cloud-router/local_cidrs; CLOUD_ROUTER_LOCAL_CIDRS="$RET" db_get cloud-router/remote_addrs; CLOUD_ROUTER_REMOTE_ADDRS="$RET" db_get cloud-router/remote_id; CLOUD_ROUTER_REMOTE_ID="$RET" db_get cloud-router/psk; CLOUD_ROUTER_PSK="$RET" db_get cloud-router/remote_cidrs; CLOUD_ROUTER_REMOTE_CIDRS="$RET" db_get cloud-router/router_int_gateway_ip; CLOUD_ROUTER_ROUTER_INT_GATEWAY_IP="$RET" db_get cloud-router/p2s_address_pool; CLOUD_ROUTER_P2S_ADDRESS_POOL="$RET" db_get cloud-router/wg_enabled; CLOUD_ROUTER_WG_ENABLED="$RET" db_get cloud-router/wg_address; CLOUD_ROUTER_WG_ADDRESS="$RET" db_get cloud-router/wg_listen_port; CLOUD_ROUTER_WG_LISTEN_PORT="$RET" # ── Render configuration files via Jinja2 templates ───────────────── export CLOUD_ROUTER_LOCAL_ADDRS CLOUD_ROUTER_LOCAL_FQDN \ CLOUD_ROUTER_LOCAL_ID_MODE CLOUD_ROUTER_LOCAL_CIDRS \ CLOUD_ROUTER_REMOTE_ADDRS CLOUD_ROUTER_REMOTE_ID \ CLOUD_ROUTER_PSK CLOUD_ROUTER_REMOTE_CIDRS \ CLOUD_ROUTER_ROUTER_INT_GATEWAY_IP CLOUD_ROUTER_P2S_ADDRESS_POOL \ CLOUD_ROUTER_WG_ENABLED CLOUD_ROUTER_WG_ADDRESS \ CLOUD_ROUTER_WG_LISTEN_PORT /usr/lib/cloud-router/configure db_set cloud-router/psk "" # ── Apply system settings ───────────────────────────────────────────── sysctl --system netplan apply systemctl daemon-reload systemctl restart systemd-resolved # ── UFW: ensure SSH is allowed then enable ──────────────────────────── ufw allow 22/tcp ufw --force enable ufw reload # ── strongSwan ──────────────────────────────────────────────────────── systemctl enable --now strongswan ;; esac #DEBHELPER# db_stop