extern/workspaces-images
1
0
Fork 0
mirror of https://github.com/kasmtech/workspaces-images.git synced 2024-10-05 01:31:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/KASM-5055_launch_config_vpn' into 'develop'

Browse Source 
KASM-5055 KASM-5289 jq install and vpn startup launch_config support

Closes KASM-5289

See merge request kasm-technologies/internal/workspaces-images!154
This commit is contained in:
Richard Koliser 2023-12-20 15:19:54 +00:00
commit 26ad957d24
2 changed files with 205 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/ubuntu/install/vpn/install_vpn.sh
View File

@ -9,37 +9,43 @@ if [[ "${DISTRO}" == @(ubuntu|kali|debian|parrotos5) ]]; then
openvpn \
resolvconf \
wireguard-tools \
zenity
zenity \
jq
elif [ "${DISTRO}" == "alpine" ]; then
apk add --no-cache \
openresolv \
openvpn \
tailscale \
wireguard-tools \
zenity
zenity \
jq
elif [[ "${DISTRO}" == @(oracle8|oracle9|rockylinux8|rockylinux9|almalinux8|almalinux9) ]] ; then
dnf install -y epel-release
dnf install -y \
openvpn \
wireguard-tools
wireguard-tools \
jq
elif [[ "${DISTRO}" == @(centos|oracle7) ]]; then
yum install -y epel-release
yum install -y \
openvpn \
wireguard-tools \
zenity
zenity \
jq
elif [[ "${DISTRO}" == @(fedora37|fedora38) ]] ; then
dnf install -y \
openresolv \
openvpn \
wireguard-tools \
zenity
zenity \
jq
elif [ "${DISTRO}" == "opensuse" ]; then
zypper install -y \
openresolv \
openvpn \
wireguard-tools \
zenity
zenity \
jq
fi
# Install tailscale
@ -90,5 +96,5 @@ fi
sed -i '/cmd sysctl -q/d' $(which wg-quick)
# Copy startup script
cp ${INST_DIR}/ubuntu/install/vpn/start_vpn.sh /
chmod +x /start_vpn.sh
cp ${INST_DIR}/ubuntu/install/vpn/start_vpn.sh /dockerstartup/start_vpn.sh
chmod +x /dockerstartup/start_vpn.sh

241
src/ubuntu/install/vpn/start_vpn.sh
View File

@ -1,11 +1,30 @@
#!/usr/bin/env bash
set -x
set -ex
ICON_SUCCESS="/usr/share/icons/ubuntu-mono-dark/status/22/nm-signal-100-secure.svg"
ICON_ERROR="/usr/share/icons/ubuntu-mono-dark/status/22/network-error.svg"
ICON_OFFLINE="/usr/share/icons/ubuntu-mono-dark/status/22/network-offline.svg"
OPENVPN_STATUS_LOG="/tmp/openvpn-status.log"
DEFAULT_OPENVPN_CONFIG="/dockerstartup/openvpn.conf"
DEFAULT_OPENVPN_CREDS="/dockerstartup/openvpn-auth"
DEFAULT_WIREGUARD_CONFIG="/dockerstartup/wireguard.conf"
SHOW_VPN_STATUS_DEFAULT="1"
SHOW_VPN_STAT=${SHOW_VPN_STATUS:-$SHOW_VPN_STATUS_DEFAULT}
SHOW_IP_STATUS_DEFAULT="1"
SHOW_IP_STAT=${SHOW_IP_STATUS:-$SHOW_IP_STATUS_DEFAULT}
# Logging and trap
LOGFILE="/vpn_start.log"
LOGFILE="/dockerstartup/vpn_start.log"
function notify_err() {
zenity --error --text="An error has occurred configuring the VPN please review the log at ${LOGFILE}"
local exit_code=$?
local failed_command="$BASH_COMMAND"
msg="An error occurred with exit code $exit_code while executing: $failed_command.\n\nPlease review the log at ${LOGFILE}"
echo msg
notify-send -u critical -t 0 -i "${ICON_ERROR}" "VPN Configuration Failed" "${msg}"
exit $exit_code
}
function cleanup_log() {
rm -f ${LOGFILE}
@ -27,64 +46,178 @@ function get_set_creds() {
VPN_CONFIG=/home/kasm-user/vpn.ovpn
}
# Start VPN based on content
if [ ! -z ${VPN_CONFIG+x} ]; then
if [ "${VPN_CONFIG: -4}" == "conf" ]; then
echo "wireguard config detected checking for support"
if ip link add dev test type wireguard; then
echo "wireguard kernel module is present on this host continuing"
ip link del dev test
else
zenity --error --text="wireguard kernel module is not present on this host and a wireguard config was passed will not continue"
echo "wireguard kernel module is not present on this host and a wireguard config was passed will not continue"
exit 1
function tailscale_status() {
if [ "$SHOW_VPN_STAT" == "1" ]; then
tailscale_status=$(tailscale status)
notify-send -u critical -t 0 -i "${ICON_SUCCESS}" "Tailscale Status" "${tailscale_status}"
fi
wg-quick up ${VPN_CONFIG}
}
function ip_status(){
if [ "$SHOW_IP_STAT" == "1" ]; then
ip_status=$(curl https://ipinfo.io/json)
notify-send -u critical -t 0 -i "${ICON_SUCCESS}" "Public IP Status" "${ip_status}"
fi
if [ "${VPN_CONFIG: -4}" == "ovpn" ]; then
# Check if we need user credentials
if grep -x auth-user-pass ${VPN_CONFIG}; then
get_set_creds
fi
# Create tun device
if [ ! -c /dev/net/tun ]; then
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
fi
if which resolvconf; then
openvpn --pull-filter ignore route-ipv6 --pull-filter ignore ifconfig-ipv6 --config "${VPN_CONFIG}" &
sleep 10
if ! pgrep openvpn; then
zenity --error --text="An error has occurred starting the VPN please review the log at ${LOGFILE}"
echo "An error has occurred starting the VPN please review the log at ${LOGFILE}"
exit 1
fi
else
zenity --error --text="Resolvconf is not found on this system this container is not compatible with wireguard"
echo "Resolvconf is not found on this system this container is not compatible with wireguard"
exit 1
fi
fi
if [ "${VPN_CONFIG:0:5}" == "tskey" ]; then
# Create tun device
}
function process_tailscale(){
local tailscale_key=$1
if [ ! -c /dev/net/tun ]; then
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
fi
tailscaled &
sleep 2
tailscale up --authkey=${VPN_CONFIG}
fi
else
zenity --error --text="VPN_CONFIG is not defined there is no tunnel to start"
echo "VPN_CONFIG is not defined there is no tunnel to start"
set +e
tailscale up --authkey=${tailscale_key}
if [ $? -ne 0 ]; then
msg="Failed to establish tailscale connection. Please review the log at ${LOGFILE}"
echo msg
notify-send -u critical -t 0 -i "${ICON_ERROR}" "VPN Configuration Failed" "${msg}"
exit 1
fi
fi
set -e
# Log success
zenity \
--info \
--title "VPN configured" \
--text "VPN connected!"
echo "VPN started using the config file ${VPN_CONFIG}"
cleanup_log
notify-send -u critical -t 0 -i "${ICON_SUCCESS}" "VPN Connected!" "Tailscale VPN Connected Successfully"
tailscale_status
ip_status
cleanup_log
exit 0
}
function openvpn_status() {
if [ "$SHOW_VPN_STAT" == "1" ]; then
openvpn_status=$(cat ${OPENVPN_STATUS_LOG})
notify-send -u critical -t 0 -i "${ICON_SUCCESS}" "OpenVPN Status" "${openvpn_status}"
fi
}
function process_openvpn() {
local openvpn_config=$1
# Create tun device
if [ ! -c /dev/net/tun ]; then
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
fi
if which resolvconf; then
openvpn --pull-filter ignore route-ipv6 --pull-filter ignore ifconfig-ipv6 --config "${openvpn_config}" --status ${OPENVPN_STATUS_LOG} &
sleep 10
if ! pgrep openvpn; then
msg="An error has occurred starting the VPN please review the log at ${LOGFILE}"
echo msg
notify-send -u critical -t 0 -i "${ICON_ERROR}" "VPN Configuration Failed" "${msg}"
exit 1
else
notify-send -u critical -t 0 -i "${ICON_SUCCESS}" "VPN Connected!" "OpenVPN Connected Successfully"
openvpn_status
ip_status
cleanup_log
exit 0
fi
else
msg="Resolvconf is not found on this system this container is not compatible with OpenVPN"
echo msg
notify-send -u critical -t 0 -i "${ICON_ERROR}" "VPN Configuration Failed" "${msg}"
exit 1
fi
}
function wireguard_status() {
if [ "$SHOW_VPN_STAT" == "1" ]; then
wg_show=$(wg show)
notify-send -u critical -t 0 -i "${ICON_SUCCESS}" "WireGuard Status" "${wg_show}"
fi
}
function process_wireguard() {
local wireguard_conf=$1
echo "WireGuard config detected checking for support"
if ip link add dev test type wireguard; then
echo "WireGuard kernel module is present on this host continuing"
ip link del dev test
else
msg="WireGuard kernel module is not present on this host and a WireGuard config was passed will not continue"
echo msg
notify-send -u critical -t 0 -i "${ICON_ERROR}" "VPN Configuration Failed" "${msg}"
exit 1
fi
wg-quick up ${wireguard_conf}
if [ $? -ne 0 ]; then
msg="Failed to establish WireGuard connection. Please review the log at ${LOGFILE}"
echo msg
notify-send -u critical -t 0 -i "${ICON_ERROR}" "VPN Configuration Failed" "${msg}"
exit 1
fi
notify-send -u critical -t 0 -i "${ICON_SUCCESS}" "VPN Connected!" "WireGuard VPN Connected Successfully"
wireguard_status
ip_status
cleanup_log
exit 0
}
notify-send -u critical -t 0 -i "${ICON_OFFLINE}" "Connecting to VPN" "Please wait while the VPN connection is being established..."
VPN_LAUNCH_CONFIG='/dockerstartup/launch_selections.json'
# Launch Config Based Workflow
if [ -e ${VPN_LAUNCH_CONFIG} ]; then
VPN_SERVICE="$(jq -r '.vpn_service' ${VPN_LAUNCH_CONFIG})"
if [ "${VPN_SERVICE}" == "tailscale" ]; then
ts_key="$(jq -r '.tailscale_key' ${VPN_LAUNCH_CONFIG})"
process_tailscale $ts_key
elif [ "${VPN_SERVICE}" == "openvpn" ]; then
OPENVPN_USERNAME="$(jq -r '.openvpn_username' ${VPN_LAUNCH_CONFIG})"
OPENVPN_PASSWORD="$(jq -r '.openvpn_password' ${VPN_LAUNCH_CONFIG})"
echo ${OPENVPN_USERNAME} > ${DEFAULT_OPENVPN_CREDS}
echo ${OPENVPN_PASSWORD} >> ${DEFAULT_OPENVPN_CREDS}
jq -r '.openvpn_config' ${VPN_LAUNCH_CONFIG} > ${DEFAULT_OPENVPN_CONFIG}
sed -i "s#auth-user-pass#auth-user-pass ${DEFAULT_OPENVPN_CREDS}#g" ${DEFAULT_OPENVPN_CONFIG}
process_openvpn $DEFAULT_OPENVPN_CONFIG
elif [ "${VPN_SERVICE}" == "wireguard" ]; then
jq -r '.wireguard_config' ${VPN_LAUNCH_CONFIG} > /dockerstartup/wireguard.conf
process_wireguard "/dockerstartup/wireguard.conf"
else
notify-send -u critical -t 0 -i "${ICON_ERROR}" "VPN Configuration Failed" "Unknown or missing vpn_service"
exit 1
fi
else
# File-Mapping/Env Based Workflow
### Tailscale ###
if [ "${TAILSCALE_KEY:0:5}" == "tskey" ]; then
process_tailscale $TAILSCALE_KEY
### WireGuard ###
elif [ -e ${DEFAULT_WIREGUARD_CONFIG} ]; then
process_wireguard $DEFAULT_WIREGUARD_CONFIG
### OpenVPN ###
elif [ -e ${DEFAULT_OPENVPN_CONFIG} ]; then
VPN_CONFIG=$DEFAULT_OPENVPN_CONFIG
# Check if we need user credentials
if grep -x auth-user-pass ${VPN_CONFIG}; then
get_set_creds
fi
process_openvpn $VPN_CONFIG
else
msg="VPN Config File or TAILSCALE_KEY is not defined"
echo msg
notify-send -u critical -t 0 -i "${ICON_ERROR}" "VPN Configuration Failed" "${msg}"
exit 1
fi
fi