-
Notifications
You must be signed in to change notification settings - Fork 0
/
bootstrap
executable file
·168 lines (131 loc) · 3.56 KB
/
bootstrap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
#!/bin/bash
# Bootstraps runit config
set -euo pipefail
TZ=${TZ:-Etc/UTC}
PUID=${PUID:-0}
PGID=${PGID:-0}
main() {
apply_permissions
configure_timezone
setup_etc_hosts || true
setup_iptables || true
exec "$@"
}
# Apply user id and group id
apply_permissions() {
if [ ! -e /dev/net/tun ]; then
fatal "TUN device is not available. Aborting."
fi
local group_id=$(stat -c %g /dev/net/tun)
info "Device /dev/net/tun has group ID '$group_id'"
if getent group "$group_id" >/dev/null; then
info "Adding user zerotier-one to group with ID '$group_id'"
usermod -a -G "$group_id" zerotier-one
else
info "Creating group with ID '$group_id' and adding user zerotier-one to it"
groupadd -g "$group_id" fixtunnel
usermod -a -G fixtunnel zerotier-one
fi
info "Allowing group read/write on /dev/net/tun"
chmod g+rw /dev/net/tun
if [ ! -d /var/lib/zerotier-one ]; then
info "Creating /var/lib/zerotier-one"
mkdir -p /var/lib/zerotier-one
fi
chown zerotier-one:zerotier-one /var/lib/zerotier-one
chmod 770 /var/lib/zerotier-one
}
# Configure timezone
configure_timezone() {
export TZ
if [ ! -f "/usr/share/zoneinfo/$TZ" ]; then
warn "Unknown timezone $TZ - defaulting to Etc/UTC"
TZ="Etc/UTC"
fi
ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime
echo "$TZ" > /etc/timezone
info "Setting timezone $TZ"
}
# Enable/disable IP protocols in /etc/hosts
setup_etc_hosts() {
local temp_hosts
temp_hosts="$(mktemp)"
cat /etc/hosts > "$temp_hosts"
if ipv4_enabled; then
sed -i -E "s/^#(127\.0\.0\.1.*)/\1/" "$temp_hosts"
else
sed -i -E "s/^(127\.0\.0\.1.*)/#\1/" "$temp_hosts"
fi
if ipv6_enabled; then
sed -i -E "s/^#(::1.*)/\1/" "$temp_hosts"
else
sed -i -E "s/^(::1.*)/#\1/" "$temp_hosts"
fi
# /etc/hosts is singularly mounted into the container.
# sed -i is not really working in-place but instead
# creates a temp file and then moves it. So would fail
# on /etc/hosts. Instead of atomically moving
# we cat the temp file into the destination.
cat "$temp_hosts" > /etc/hosts
rm -f "$temp_hosts"
}
# Enable NAT
setup_iptables() {
if [ -f /proc/sys/net/ipv4/ip_forward -a $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]; then
echo 1 > /proc/sys/net/ipv4/ip_forward
fi
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
}
ipv_enabled() {
local ip_version=$1
# shellcheck disable=SC2086
if [ "$(ip -$ip_version addr | wc -l)" -gt 0 ]; then
return 0
fi
return 1
}
ipv4_enabled() {
ipv_enabled 4
}
ipv6_enabled() {
ipv_enabled 6
}
# log levels
debug=50
info=40
warn=30
error=20
critical=10
fatal=5
log_level=${log_level:-$debug}
debug() { logstd $debug "DEBUG - [$$] - $*"; }
info() { logstd $info "INFO - $*"; }
warn() { logstd $warn "WARN - $*"; }
error() { logerr $error "ERROR - $*"; }
critical() { logerr $critical "CRITIAL - $*"; }
fatal() { logerr $fatal "FATAL - $*"; exit 1; }
logstd() {
local log_at_level
log_at_level="$1"; shift
printline "$log_at_level" "$*"
}
logstd() {
local log_at_level
log_at_level="$1"; shift
printline "$log_at_level" "$*"
}
logerr() {
local log_at_level
log_at_level="$1"; shift
printline "$log_at_level" "$*" >&2
}
printline() {
local log_at_level
local log_data
log_at_level="$1"; shift
log_data="$*"
if [ "$log_at_level" -le "$log_level" ]; then
echo "$log_data"
fi
}
main "$@"