Make daemon work!

Signed-off-by: Manevolent <manevolent@team.lixo>
This commit is contained in:
Manevolent 2021-09-21 12:37:42 -06:00
parent 20b1290066
commit 929f22d0d3
No known key found for this signature in database
GPG Key ID: 2E9B7592DFA4F344
4 changed files with 102 additions and 24 deletions

View File

@ -1,14 +1,16 @@
FROM docker/compose:alpine-1.25.5
MAINTAINER Team Lixo <lixonet@team.lixo>
RUN apk add gnupg curl git py-pip openssh && pip install netcalc
RUN apk add gnupg curl git py-pip openssh bash && pip install netcalc
RUN curl -L "https://github.com/gliderlabs/sigil/releases/download/v0.5.0/sigil_0.5.0_$(uname -sm|tr \ _).tgz" | tar -zxC /usr/local/bin
RUN adduser -u 431 -g docker -s /sbin/nologin -D lixonet
VOLUME /etc/lixonet
WORKDIR /run
WORKDIR /app
ADD . .
RUN chmod +x run.sh
RUN chown -R lixonet:lixonet /app && chmod -R 700 /app && chmod +x /app/run.sh
USER lixonet
CMD ["./run.sh"]
CMD ["/app/run.sh"]

View File

@ -1,9 +1,15 @@
#!/bin/ash
# https://stackoverflow.com/questions/3474526/stop-on-first-error
# http://web.archive.org/web/20110314180918/http://www.davidpashley.com/articles/writing-robust-shell-scripts.html
set +e
process_template ( ) {
processed_filename=$(dirname $1)/$(basename $1 .tmpl)
echo "Processing template $1 -> $processed_filename"
set -e
sh -c "sigil -f $1 -p $2 > $processed_filename"
set +e
rm $1
}
@ -41,7 +47,7 @@ do
# Clone and copy the repository
rm -rf "$(basename "$git" .git)"
git clone $git || { echo "clone $git failed, quitting" ; exit 1; }
GIT_SSH_COMMAND="ssh -i /etc/lixonet/${netname}/id_rsa -o IdentitiesOnly=yes" git clone $git || { echo "clone $git failed, quitting" ; exit 1; }
echo "Creating work directory..."
rm -rf work
mkdir --verbose work
@ -60,6 +66,7 @@ do
# Tinc
# Remove existing configuration
rm -v -rf /etc/tinc/$netname/*
# Copy all tinc default files to /etc/(tinc)
find tinc -type d | sed -e "s@tinc@tinc/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{}
find tinc -type f | sed -e "s@tinc/@@g" | xargs -I '{}' cp --verbose tinc/{} /etc/tinc/$netname/{}
@ -71,10 +78,7 @@ do
# Copy private key
cp /etc/lixonet/$netname/tinc.key /etc/tinc/$netname/rsa_key.priv
# Set permissions for tinc scripts
chmod +x /etc/tinc/$netname/tinc-up
chmod +x /etc/tinc/$netname/tinc-down
chmod +x /etc/tinc/$netname/subnet-up
chmod +x /etc/tinc/$netname/subnet-down
chmod +x /etc/tinc/$netname/tinc-up /etc/tinc/$netname/tinc-down /etc/tinc/$netname/subnet-up /etc/tinc/$netname/subnet-down
# Bird
# Remove existing configuration
@ -105,8 +109,12 @@ do
echo $sigil_vars | tr ' ' '\n' > .env
cat docker-compose.yml
set -e
docker-compose -p $netname down
docker-compose -p $netname up -d --build --remove-orphans
set +e
rm .env
# Pop directory

View File

@ -1,3 +1,45 @@
#!/bin/ash
docker build -t lixonet-ee . && docker run --restart always -d -e GIT_URL=git@github.com:Manevolent/lixonet-ee.git -v /var/run/docker.sock:/var/run/docker.sock -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /root/.ssh/id_rsa:/home/lixonet/.ssh/id_rsa lixonet-ee
# See: Dockerfile
UID=431
GID=431
# Grab origin
ORIGIN=`git remote get-url origin`
echo "Setting access to /var/run/docker.sock."
chown -v $UID:$GID /var/run/docker.sock
echo "Setting read access to /etc/lixonet/."
chown -R $UID:$GID /etc/lixonet/
chmod -R 440 /etc/lixonet/
chmod -R a+X /etc/lixonet/
echo "Setting write access to service directories."
mkdir /etc/bind
chown -R $UID:$GID /etc/bind/
chmod -R 660 /etc/bind/
chmod -R a+X /etc/bind/
mkdir /etc/bird
chown -R $UID:$GID /etc/bird/
chmod -R 660 /etc/bird/
chmod -R a+X /etc/bird/
mkdir /etc/tinc
chown -R $UID:$GID /etc/tinc/
chmod -R 660 /etc/tinc/
chmod -R a+X /etc/tinc/
echo "Setting exclusive read access to SSH keys."
chmod -v 400 /etc/lixonet/id_rsa
chmod -v 400 /etc/lixonet/*/id_rsa
stat /etc/lixonet/id_rsa
stat /etc/lixonet/*/id_rsa
echo "Enabling write access to /etc/lixonet/version."
touch /etc/lixonet/version
chmod 660 /etc/lixonet/version
stat /etc/lixonet/version
docker build -t lixonet-ee . && docker run --restart always -d -e DOCKER_HOST=unix:///var/run/docker.sock -e GIT_URL=$ORIGIN -v /var/run/docker.sock:/var/run/docker.sock -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /etc/lixonet/known_hosts:/home/lixonet/.ssh/known_hosts -v /etc/lixonet/id_rsa:/home/lixonet/.ssh/id_rsa lixonet-ee

54
run.sh
View File

@ -1,29 +1,55 @@
#!/bin/ash
#!/bin/bash
delay=900
version_file=/etc/lixonet/version
log=/app/log/lixonet.log
mkdir /app/log
while true
do
(
set -e
set +e
current_version=`cat $version_file || echo 0`
gpg --import <trusted_signers > /dev/null
(echo 5; echo y; echo save) | gpg --command-fd 0 --no-tty --no-greeting -q --edit-key "$(gpg --list-packets <trusted_signers | awk '$1=="keyid:"{print$2;exit}')" trust > /dev/null
git fetch $GIT_URL
latest_commit=`git log "--format=%G? %H" | grep ^G | head -n 1 | cut -d' ' -f2`
if test -z $latest_commit; then
echo "No trusted commits found! Re-checking in 60 seconds..."
sleep 60
gpg --import <trusted_signers >> $log 2>&1
(echo 5; echo y; echo save) | gpg --command-fd 0 --no-tty --no-greeting -q --edit-key "$(gpg --list-packets <trusted_signers | awk '$1=="keyid:"{print$2;exit}')" trust >> $log 2>&1
if [ $? -ne 0 ]; then
echo "GPG import from trusted_signers failed. For more details, see $log"
sleep $delay
continue
fi
git checkout $latest_commit
git fetch $GIT_URL >> $log 2>&1
if [ $? -ne 0 ]; then
echo "Git fetch from $GIT_URL failed. For more details, see $log"
sleep $delay
continue
fi
latest_commit=`git log "--format=%G? %H" | grep ^G | head -n 1 | cut -d' ' -f2`
if test -z $latest_commit; then
sleep $delay
continue
fi
git checkout $latest_commit >> $log 2>&1
if [ $? -ne 0 ]; then
echo "Git checkout failed. For more details, see $log"
sleep $delay
continue
fi
checkout_version=`cat version`
if [ "$checkout_version" -gt "$current_version" ]; then
echo "Updating to version $checkout_version..."
chmod +x build.sh && ./build.sh
echo "Updated to version $checkout_version."
echo $checkout_version > $version_file
chmod +x build.sh && ./build.sh >> $log 2>&1
if [ $? -eq 0 ]; then
echo "Update completed successfully."
echo $checkout_version > $version_file
else
echo "Update failed; version was not updated. Trying again in $delay seconds. For more details, see $log"
continue
fi
fi
)
sleep $delay