Handle exposed ldap allowlist

src/scripts/setldapallowlist.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+if [[ ${EUID} -ne 0 ]]; then
+    echo "This script should be run as root." > /dev/stderr
+    exit 1
+fi
+
+if [[ $# == 1 && "$1" == "--check" ]]; then
+    echo "OK"
+    exit 0
+fi
+
+[[ "${BOX_ENV}" == "test" ]] && exit
+
+ipset flush cloudron_ldap_allowlist
+
+ldap_allowlist_json="/home/yellowtent/platformdata/firewall/ldap_allowlist.txt"
+
+if [[ -f "${ldap_allowlist_json}" ]]; then
+    # without the -n block, any last line without a new line won't be read it!
+    while read -r line || [[ -n "$line" ]]; do
+        [[ -z "${line}" ]] && continue # ignore empty lines
+        [[ "$line" =~ ^#.*$ ]] && continue # ignore lines starting with #
+        ipset add -! cloudron_ldap_allowlist "${line}" # the -! ignore duplicates
+    done < "${ldap_allowlist_json}"
+fi