cloudron-support: ipv6 checks

scripts/cloudron-support

@@ -361,14 +361,46 @@ function check_node() {
     success "node version is correct"
 }
 
+function print_ipv6_disable_howto() {
+    echo "Instead of disabling IPv6 globally, you can disable it at an interface level."
+    for iface in $(ls /sys/class/net | grep -vE '^(lo|veth|docker|virbr|br|vmnet|tun|tap|wl|we)'); do
+        echo -e "\tsysctl -w net.ipv6.conf.${iface}.disable_ipv6=1"
+    done
+
+    echo "For above configuration to persist reboots, you have to add below to /etc/sysctl.conf"
+    for iface in $(ls /sys/class/net | grep -vE '^(lo|veth|docker|virbr|br|vmnet|tun|tap|wl|we)'); do
+        echo -e "\tnet.ipv6.conf.${iface}.disable_ipv6=1"
+    done
+}
+
 function check_ipv6() {
     ipv6_disable=$(cat /sys/module/ipv6/parameters/disable)
     if [[ "${ipv6_disable}" == "1" ]]; then
         fail "IPv6 is disabled in kernel. Cloudron requires IPv6 in kernel"
-        echo "Instead of disabling IPv6 globally, you can disable it at an interface level using 'net.ipv6.conf.<interface>.disable_ipv6 = 1'"
+        print_ipv6_disable_howto
+        exit 1
     fi
 
-    success "IPv6 is enabled"
+    # check if server has IPv6 address
+    has_ipv6_address=0
+    for iface in $(ls /sys/class/net | grep -vE '^(lo|veth|docker|virbr|br|vmnet|tun|tap|wl|we)'); do
+        if ipv6=$(ip -6 addr show dev ${iface} | grep -o 'inet6 [^ ]*' | awk '{print $2}' | grep -v '^fe80'); then
+            [[ -n "${ipv6}" ]]  && has_ipv6_address=1
+        fi
+    done
+
+    if [[ "${has_ipv6_address}" == "0" ]]; then
+        success "IPv6 is enabled. No public IPv6 address"
+        return
+    fi
+
+    if ! ping6 -q -c 1 api.cloudron.io; then
+        fail "Server has an IPv6 address but api.cloudron.io is unreachable via IPv6"
+        print_ipv6_disable_howto
+        exit 1
+    fi
+
+    success "IPv6 is enabled and public IPv6 address is working"
 }
 
 function check_docker() {