From 0c3c2ca28bb1c571828c3e77618170e3db1fa99e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrien=20Gallou=C3=ABt?= Date: Wed, 24 Jan 2018 11:03:56 +0000 Subject: [PATCH] Simplify systemd files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Adrien Gallouët --- systemd/glorytun-run | 35 +++-------------------------------- systemd/glorytun-setup | 29 +++++++++++++++++++++++------ systemd/glorytun@.service.in | 4 +++- 3 files changed, 29 insertions(+), 39 deletions(-) diff --git a/systemd/glorytun-run b/systemd/glorytun-run index 757898b..1d9d518 100755 --- a/systemd/glorytun-run +++ b/systemd/glorytun-run @@ -1,37 +1,8 @@ #!/bin/sh -set -e - -if [ ! -f "$1" ]; then - echo "usage: $(basename "$0") FILE" - exit 1 -fi - -. "$(readlink -f "$1")" - -DEV="gt${HOST:+c}-$(basename "$1")" - -# Setting BIND is like going to 'expert mode' -# This helper is pretty stupid and still needs some work -if [ -n "$HOST" ]; then - if [ -z "$PREF" ]; then - PREF=$(ip rule | awk '/from all lookup main/{print $1; exit}' | tr -d :) - PREF=$((PREF-1)) - fi - if [ -z "$BIND" ]; then - BIND=$(ip route get "$HOST" | awk '/src/{getline;print $0}' RS=' ') - ip rule add from "$BIND" table main pref "$((PREF-1))" || true - fi - ip rule add from all table 200 pref "$PREF" || true -fi - -exec glorytun \ - v4only \ - keyfile "$1".key \ - dev "$DEV" \ +exec glorytun "$@" \ + ${DEV:+dev "$DEV"} \ ${HOST:+host "$HOST"} \ ${PORT:+port "$PORT"} \ ${BIND:+bind "$BIND"} \ - ${BIND_PORT:+bind-port "$BIND_PORT"} \ - ${MTU:+mtu "$MTU"} \ - ${MTU_AUTO:+mtu-auto} + ${BIND_PORT:+bind-port "$BIND_PORT"} diff --git a/systemd/glorytun-setup b/systemd/glorytun-setup index 6f7fe0d..b630886 100755 --- a/systemd/glorytun-setup +++ b/systemd/glorytun-setup @@ -9,8 +9,9 @@ _ask() { _ask "Config filename (tun0)" NAME NAME=${NAME:-tun0} +DIR="/etc/glorytun/$NAME" -if [ -f /etc/glorytun/"$NAME" ]; then +if [ -d "$DIR" ]; then echo "This config already exit!" exit 1 fi @@ -31,16 +32,32 @@ if [ -z "$KEY" ]; then fi # install files -mkdir -p /etc/glorytun +mkdir -p "$DIR" -cat > /etc/glorytun/"$NAME" < "$DIR/env" < /etc/glorytun/"$NAME".key ) +( umask 077; echo "$KEY" > "$DIR/key" ) + +[ "$HOST" ] && cat > "$DIR/post.sh" <<'EOF' +#!/bin/sh + +PREF=32765 +TABLE=200 + +# keep the current route to HOST +src=$(ip route get "$HOST" | awk '/src/{getline;print $0}' RS=' ') +ip rule add from "$src" table main pref "$((PREF-1))" || true + +# forward everything else to the tunnel +ip rule add from all table "$TABLE" pref "$PREF" || true +EOF +[ -f "$DIR/post.sh" ] && chmod u+x "$DIR/post.sh" # start services _ask "Start glorytun now ? (enter to skip)" START diff --git a/systemd/glorytun@.service.in b/systemd/glorytun@.service.in index 3d641de..832d693 100644 --- a/systemd/glorytun@.service.in +++ b/systemd/glorytun@.service.in @@ -5,7 +5,9 @@ After=network.target [Service] Type=simple Restart=always -ExecStart=@bindir@/glorytun-run /etc/glorytun/%i +EnvironmentFile=/etc/glorytun/%i/env +ExecStart=@bindir@/glorytun-run keyfile /etc/glorytun/%i/key $OPTIONS +ExecStartPost=-/etc/glorytun/%i/post.sh CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW [Install]