alexz
27c46542e8
Some checks failed
Test / test (push) Has been cancelled
- Add shared/host-routing.sh with nft for NAT masquerade - Add shared/install-host-services.sh to set up systemd watcher - Add shared/uninstall-host-services.sh for cleanup - Add /runtime volume mount for trigger file - Update entrypoint.sh to trigger host routing when VPN connects Run install-host-services.sh on host after app install. Requires image rebuild for entrypoint changes. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
69 lines
2.0 KiB
Bash
69 lines
2.0 KiB
Bash
#!/usr/bin/env bash
|
|
#
|
|
# Install host-side systemd services for cistech-tunnel
|
|
# Run this ONCE on the host after app install
|
|
#
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
APP_DATA_DIR="/etc/runtipi/app-data/runtipi/cistech-tunnel"
|
|
|
|
echo "Installing cistech-tunnel host services..."
|
|
|
|
# Create app-data directory for trigger file
|
|
sudo mkdir -p "$APP_DATA_DIR"
|
|
|
|
# Create the path unit (watches for trigger file)
|
|
sudo tee /etc/systemd/system/cistech-routing-watcher.path > /dev/null << EOF
|
|
[Unit]
|
|
Description=Watch for cistech-tunnel routing trigger
|
|
|
|
[Path]
|
|
PathExists=$APP_DATA_DIR/restart-routing
|
|
Unit=cistech-routing-watcher.service
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
# Create the service unit (applies routes when triggered)
|
|
sudo tee /etc/systemd/system/cistech-routing-watcher.service > /dev/null << EOF
|
|
[Unit]
|
|
Description=Apply cistech-tunnel routing rules
|
|
After=docker.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=$SCRIPT_DIR/host-routing.sh restart
|
|
ExecStartPost=/bin/rm -f $APP_DATA_DIR/restart-routing
|
|
ExecStartPost=/bin/bash -c 'echo "trigger cleared at \$(date)" >> $APP_DATA_DIR/watcher.log'
|
|
EOF
|
|
|
|
# Make host-routing.sh executable
|
|
chmod +x "$SCRIPT_DIR/host-routing.sh"
|
|
|
|
# Reload systemd and enable the watcher
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable cistech-routing-watcher.path
|
|
sudo systemctl start cistech-routing-watcher.path
|
|
|
|
# Disable the old boot-only service if it exists
|
|
if systemctl is-enabled cistech-routing.service &>/dev/null; then
|
|
echo "Disabling old cistech-routing.service (replaced by watcher)..."
|
|
sudo systemctl stop cistech-routing.service 2>/dev/null || true
|
|
sudo systemctl disable cistech-routing.service 2>/dev/null || true
|
|
fi
|
|
|
|
# Apply routes now
|
|
echo "Applying initial routes..."
|
|
sudo "$SCRIPT_DIR/host-routing.sh" start
|
|
|
|
echo ""
|
|
echo "Done! Watcher installed and routes applied."
|
|
echo ""
|
|
echo "To trigger route refresh from container:"
|
|
echo " touch /runtime/restart-routing"
|
|
echo ""
|
|
echo "To check watcher status:"
|
|
echo " systemctl status cistech-routing-watcher.path"
|