Add host routing watcher for cistech-tunnel (same pattern as rego-tunnel)
Some checks failed
Test / test (push) Has been cancelled
Some checks failed
Test / test (push) Has been cancelled
- Add shared/host-routing.sh with nft for NAT masquerade - Add shared/install-host-services.sh to set up systemd watcher - Add shared/uninstall-host-services.sh for cleanup - Add /runtime volume mount for trigger file - Update entrypoint.sh to trigger host routing when VPN connects Run install-host-services.sh on host after app install. Requires image rebuild for entrypoint changes. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
68
apps/cistech-tunnel/shared/install-host-services.sh
Normal file
68
apps/cistech-tunnel/shared/install-host-services.sh
Normal file
@@ -0,0 +1,68 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# Install host-side systemd services for cistech-tunnel
|
||||
# Run this ONCE on the host after app install
|
||||
#
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
APP_DATA_DIR="/etc/runtipi/app-data/runtipi/cistech-tunnel"
|
||||
|
||||
echo "Installing cistech-tunnel host services..."
|
||||
|
||||
# Create app-data directory for trigger file
|
||||
sudo mkdir -p "$APP_DATA_DIR"
|
||||
|
||||
# Create the path unit (watches for trigger file)
|
||||
sudo tee /etc/systemd/system/cistech-routing-watcher.path > /dev/null << EOF
|
||||
[Unit]
|
||||
Description=Watch for cistech-tunnel routing trigger
|
||||
|
||||
[Path]
|
||||
PathExists=$APP_DATA_DIR/restart-routing
|
||||
Unit=cistech-routing-watcher.service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
# Create the service unit (applies routes when triggered)
|
||||
sudo tee /etc/systemd/system/cistech-routing-watcher.service > /dev/null << EOF
|
||||
[Unit]
|
||||
Description=Apply cistech-tunnel routing rules
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=$SCRIPT_DIR/host-routing.sh restart
|
||||
ExecStartPost=/bin/rm -f $APP_DATA_DIR/restart-routing
|
||||
ExecStartPost=/bin/bash -c 'echo "trigger cleared at \$(date)" >> $APP_DATA_DIR/watcher.log'
|
||||
EOF
|
||||
|
||||
# Make host-routing.sh executable
|
||||
chmod +x "$SCRIPT_DIR/host-routing.sh"
|
||||
|
||||
# Reload systemd and enable the watcher
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable cistech-routing-watcher.path
|
||||
sudo systemctl start cistech-routing-watcher.path
|
||||
|
||||
# Disable the old boot-only service if it exists
|
||||
if systemctl is-enabled cistech-routing.service &>/dev/null; then
|
||||
echo "Disabling old cistech-routing.service (replaced by watcher)..."
|
||||
sudo systemctl stop cistech-routing.service 2>/dev/null || true
|
||||
sudo systemctl disable cistech-routing.service 2>/dev/null || true
|
||||
fi
|
||||
|
||||
# Apply routes now
|
||||
echo "Applying initial routes..."
|
||||
sudo "$SCRIPT_DIR/host-routing.sh" start
|
||||
|
||||
echo ""
|
||||
echo "Done! Watcher installed and routes applied."
|
||||
echo ""
|
||||
echo "To trigger route refresh from container:"
|
||||
echo " touch /runtime/restart-routing"
|
||||
echo ""
|
||||
echo "To check watcher status:"
|
||||
echo " systemctl status cistech-routing-watcher.path"
|
||||
Reference in New Issue
Block a user