clean

2024-06-26 00:38:36 +00:00 · 2023-06-12 07:11:22 +01:00 · 2023-06-12 07:11:22 +01:00 · 459d81ac5d
commit 459d81ac5d
parent 147b728e95
7 changed files with 33 additions and 14 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -76,8 +76,9 @@ services:
    volumes:
      - "${SF_BASEDIR:-.}/config/db:/config/db:ro"
      - "${SF_BASEDIR:-.}/data:/encfs/raw"
+      - "${SF_SHMDIR:-/dev/shm/sf}/self-for-guest:/config/self-for-guest"
      - "${SF_SHMDIR:-/dev/shm/sf}/encfs-sec:/encfs/sec:shared"
-      - "${SF_SHMDIR:-/dev/shm/sf}/run/encfsd/user/:/sf/run/encfsd/user"
+      - "${SF_SHMDIR:-/dev/shm/sf}/run:/sf/run"
      - "${SF_SHMDIR:-/dev/shm/sf}/run/redis/sock:/redis-sock"
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "${SF_BASEDIR:-.}/sfbin:/sf/bin:ro"
@ -465,6 +466,7 @@ services:
    entrypoint: ["nginx", "-g", "daemon off;"]
    volumes:
      - "${SF_SHMDIR:-/dev/shm/sf}:/dev/shm/sf"
+      - "${SF_BASEDIR:-.}/config/db:/config/db"
      - "${SF_BASEDIR:-.}/config/etc/nginx/nginx-rpc.conf:/etc/nginx/nginx.conf:ro"

  wg:
@ -627,7 +629,7 @@ services:
      - "${SF_SHMDIR:-/dev/shm/sf}/run:/sf/run"
      - "${SF_SHMDIR:-/dev/shm/sf}/encfs-sec/www-root:/sec/www-root:slave"
      - "${SF_SHMDIR:-/dev/shm/sf}/config-for-guest:/config/guest"
-      - "${SF_SHMDIR:-/dev/shm/sf}/self-for-guest:/config/self-for-guest:shared"
+      - "${SF_SHMDIR:-/dev/shm/sf}/self-for-guest:/config/self-for-guest"
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "/var/lib/lxcfs:/var/lib/lxcfs:ro"
      - "${SF_SHMDIR:-/dev/shm/sf}/run/redis/sock:/redis-sock"
--- a/encfsd/destructor.sh
+++ b/encfsd/destructor.sh
@ -30,6 +30,7 @@ stop_lg()
 	rm -f "/sf/run/encfsd/user/lg-${lid}"
 	rm -f "/sf/run/pids/lg-${lid}.pid"
 	rm -f "/sf/run/ips/lg-${lid}.ip"
+	rm -rf "/config/self-for-guest/lg-${lid}"

 	# Tear down container
 	[[ -n $is_container ]] && docker stop "lg-$lid" &>/dev/nuill
@ -38,7 +39,15 @@ stop_lg()
 	# inside the container even that we never moved it into the container's
 	# Process Namespace. EncFS will also die when the lg- is shut down.
 	# This is only neede for cgroup1:
-	[[ -n $is_encfs ]] && pkill -SIGTERM -f "^\[encfs-${lid}\]" 2>/dev/null
+	[[ -n $is_encfs ]] && {
+		pkill -SIGTERM -f "^\[encfs-${lid}\]" 2>/dev/null
+		# Give kernel time to unmount mountpoint
+		sleep 1
+	}
+	# Do not use 'rm -rf' here as this might still be a mounted drive
+	# when encfsd is not killed fast enough (failing to delete is acceptable).
+	rm -f "/encfs/sec/lg-${lid}/THIS-DIRECTORY-IS-NOT-ENCRYPTED--DO-NOT-USE.txt"
+	rmdir "/encfs/sec/lg-${lid}"
 }

 # [lg-$LID]
--- a/guest/fs-root/etc/shellrc
+++ b/guest/fs-root/etc/shellrc
@ -9,8 +9,8 @@ alias lss='ls -AlhrS'
 alias xterm='xterm-dark'

 function dmesg {
-	[[ ! -t 1 ]] && { command curl -s rpc/dmesg/ -dnocolor=1; return; }
-	command curl -s rpc/dmesg/
+	[[ ! -t 1 ]] && { command curl -s sf/dmesg/ -dnocolor=1; return; }
+	command curl -s sf/dmesg/
 }

 [[ -e /usr/bin/nvim ]] && {
--- a/guest/fs-root/sf/bin/destruct
+++ b/guest/fs-root/sf/bin/destruct
@ -33,7 +33,7 @@ This system will ${CRY}SELF-DESTRUCT${CN} in 10 seconds."

 echo -e "${CDR}***DESTRUCT***${CN}"

-curl -s rpc/net/del -dname=all -dnocolor=1 >/dev/null
+curl -s sf/net/del -dname=all -dnocolor=1 >/dev/null
 shopt -s dotglob
 rm -rf /onion/*
 rm -rf "/everyone/${SF_HOSTNAME,,}/"*
--- a/guest/fs-root/sf/bin/sf-setup.sh
+++ b/guest/fs-root/sf/bin/sf-setup.sh
@ -96,7 +96,7 @@ link_etc()
 	done
 }

-# Setup the instance
+# Setup the container
 # - Create home directories in /sec/root and /sec/home
 # - 
 setup()
@ -130,6 +130,9 @@ setup()
 		sed "s/^SITEURL.*/SITEURL = '\/${SF_HOSTNAME,,}'/" -i /sec/www/pelicanconf.py
 	}

+	# Re-Create Wireguard Endpoint
+	[[ -n $WGNAME_UP ]] && curl -s sf/net/up -dnocreat=1 -dname="${WGNAME_UP}"
+
 	# Setup rc.local (if not exist)
 	[[ ! -f /sec/usr/etc/rc.local ]] && setup_rclocal
 	# Link any /etc/* file to /sec/usr/etc if it exists...
@ -137,13 +140,10 @@ setup()
 	# Execute rc.local startup script
 	/bin/bash /sec/usr/etc/rc.local

-	# Re-Create Wireguard Endpoint
-	[[ -f /config/self/wgname ]] && curl -s rpc/net/up -dnocreat=1 -dname="$(</config/self/wgname)" >/dev/null
-
 	return 0 # TRUE
 }

-DEBUGF "Setting up user's instance..."
+DEBUGF "Setting up user's container..."
 setup
 [[ -n $SF_IS_NEW_SERVER ]] && {
 	# Newly created server.
--- a/host/fs-root/bin/segfaultsh
+++ b/host/fs-root/bin/segfaultsh
@ -1263,7 +1263,9 @@ exec_devnull docker exec sf-router /user-limit.sh "${YOUR_IP_HASH}" "${YOUR_IP}"
 exec_devnull docker exec sf-master /ready-lg.sh "${LID}" "${C_IP}" "${LG_PID}" || STOPEXIT "${LID}" 246 "Failed-#3 to ready guest container..."

 # Setup container (within container's namespace)
-exec_devnull docker exec --user 0:0 --env SF_IS_NEW_SERVER="${SF_IS_NEW_SERVER}" "lg-${LID}" /sf/bin/sf-setup.sh || STOPEXIT "${LID}" 247 "Failed-#2 to set up guest container..."
+unset WGNAME_UP
+[[ -s "${SF_USER_DB_DIR}/wg/name_up" ]] && WGNAME_UP="$(<"${SF_USER_DB_DIR}/wg/name_up")"
+exec_devnull docker exec --user 0:0 --env SF_IS_NEW_SERVER="${SF_IS_NEW_SERVER}" --env WGNAME_UP="${WGNAME_UP}" "lg-${LID}" /sf/bin/sf-setup.sh || STOPEXIT "${LID}" 247 "Failed-#2 to set up guest container..."
 touch "/config/self-for-guest/lg-${LID}/THIS-DIRECTORY-IS-IN-MEMORY-ONLY"
 tofile "${C_IP:?}" "/config/self-for-guest/lg-${LID}/c_ip"

--- a/master/cgi-bin/rpc
+++ b/master/cgi-bin/rpc
@ -403,7 +403,7 @@ net_down()
 	# Empty file
 	>"${LID_PROMPT_FN}"
 	# Delete WG NAME
-	rm -f "${LID_WGNAME_FN:?}"
+	rm -f "${LID_WGNAME_FN:?}" "${USER_DB_WGNAME_UP_FN:?}"
 }

 cmd_net_del()
@ -463,7 +463,7 @@ cmd_net_show()
 		# Use 'script' to force color output
 		str=$(script -q -c "nsenter.u1000 --setuid 0 --setgid 0 -t \"${PID}\" -n wg show \"${WG_DEV}\"" /dev/null </dev/null)
 	fi
-	[[ -z $str ]] && {
+	{ [[ -z $str ]] || [[ $str == *"No such device"* ]]; } && {
 		echo -e "\
 ${Y}WARNING${N}: No Exit Node enabled.
 Use ${C}curl sf/net/list${N} to list all Exit Nodes.
@ -595,7 +595,12 @@ IFS=$_IFS
 	LID_WGDIR="/config/db/user/lg-${LID}/wg"
 	[[ ! -d "${LID_WGDIR}" ]] && mkdir "${LID_WGDIR}"
 	LID_PROMPT_FN="/dev/shm/sf/self-for-guest/lg-${LID}/prompt"
+	# The WGNAME needs to be stored in user's self-config so that it is avaialble to the
+	# user (which must be on /dev/shm) but also perm. in db/user/lg-* to restart WG
+	# after a SSC restart.
 	LID_WGNAME_FN="/dev/shm/sf/self-for-guest/lg-${LID}/wgname"
+	USER_DB_WGNAME_UP_FN="/config/db/user/lg-${LID}/wg/name_up"
+
 	# CID="${arr[1]}"
 	PID="${arr[2]}"

@ -698,6 +703,7 @@ IFS=$_IFS
 	nsenter.u1000 --setuid 0 --setgid 0 -t "${PID}" -n ip6tables -I FORWARD -i "${WG_DEV}" -j DROP

 	echo "${WT_NAME}" >"${LID_WGNAME_FN}"
+	echo "${WT_NAME}" >"${USER_DB_WGNAME_UP_FN}"
 	echo "(%F{yellow}EXIT:%B${WT_NAME}%b%F{%(#.blue.green)})" >"${LID_PROMPT_FN}"
 	echo -e "${G}SUCCESS${N}"
 	net_print_example  "${WT_NAME}"