From 58a803335d12a182b3419679e83656f4ed50b61a Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Tue, 18 Mar 2025 11:01:08 +0400 Subject: [PATCH 01/10] Implementing podman support Implementing podman support for X-ray --- client/server_scripts/xray/run_container.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/client/server_scripts/xray/run_container.sh b/client/server_scripts/xray/run_container.sh index 40cc6a09..e22ba496 100644 --- a/client/server_scripts/xray/run_container.sh +++ b/client/server_scripts/xray/run_container.sh @@ -12,6 +12,12 @@ sudo docker network connect amnezia-dns-net $CONTAINER_NAME # Create tun device if not exist sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi' +# Create service for podman +if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then \ + sudo sh -c "podman generate systemd --new --name $CONTAINER_NAME 2>/dev/null > $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service";\ + sudo mv $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service /etc/systemd/system/ + sudo systemctl daemon-reload && sudo systemctl enable --now container-$CONTAINER_NAME.service;\ +fi + # Prevent to route packets outside of the container in case if server behind of the NAT #sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up" - From ae32b26b835804cda374060eb8d3a8dfda70f348 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Tue, 18 Mar 2025 14:01:41 +0400 Subject: [PATCH 02/10] Adding variables Adding variables for the Docker service name and for checking the Docker variant being prepared for installation. --- client/server_scripts/install_docker.sh | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/client/server_scripts/install_docker.sh b/client/server_scripts/install_docker.sh index 619b08d6..abbfbedf 100644 --- a/client/server_scripts/install_docker.sh +++ b/client/server_scripts/install_docker.sh @@ -1,23 +1,24 @@ -if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); silent_inst="-yq install"; check_pkgs="-yq update"; docker_pkg="docker.io"; dist="debian";\ -elif which dnf > /dev/null 2>&1; then pm=$(which dnf); silent_inst="-yq install"; check_pkgs="-yq check-update"; docker_pkg="docker"; dist="fedora";\ -elif which yum > /dev/null 2>&1; then pm=$(which yum); silent_inst="-y -q install"; check_pkgs="-y -q check-update"; docker_pkg="docker"; dist="centos";\ -elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="-Sup"; docker_pkg="docker"; dist="archlinux";\ +if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); silent_inst="-yq install"; check_pkgs="-yq update"; wh_pkg="-s install"; docker_pkg="docker.io"; check_srv="docker"; dist="debian";\ +elif which dnf > /dev/null 2>&1; then pm=$(which dnf); silent_inst="-yq install"; check_pkgs="-yq check-update"; wh_pkg="--assumeno install --setopt=tsflags=test"; docker_pkg="docker"; check_srv="docker"; dist="fedora";\ +elif which yum > /dev/null 2>&1; then pm=$(which yum); silent_inst="-y -q install"; check_pkgs="-y -q check-update"; wh_pkg="--assumeno install --setopt=tsflags=test"; docker_pkg="docker"; check_srv="docker"; dist="centos";\ +elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="-Sup"; wh_pkg="-Sp"; docker_pkg="docker"; check_srv="docker"; dist="archlinux";\ else echo "Packet manager not found"; exit 1; fi;\ -echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, Docker pkg: $docker_pkg";\ +echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, What pkg command: $wh_pkg, Docker pkg: $docker_pkg", Check service: $check_srv";\ if [ "$dist" = "debian" ]; then export DEBIAN_FRONTEND=noninteractive; fi;\ +echo $LANG | grep -qE '^(en_US.UTF-8|C.UTF-8|C)$' || export LC_ALL=C;\ if ! command -v sudo > /dev/null 2>&1; then $pm $check_pkgs; $pm $silent_inst sudo; fi;\ if ! command -v fuser > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst psmisc; fi;\ if ! command -v lsof > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst lsof; fi;\ if ! command -v docker > /dev/null 2>&1; then \ sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\ - sleep 5; sudo systemctl enable --now docker; sleep 5;\ + sleep 5; sudo systemctl enable --now $check_srv; sleep 5;\ fi;\ if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = "Y" ]; then \ if ! command -v apparmor_parser > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst apparmor; fi;\ fi;\ -if [ "$(systemctl is-active docker)" != "active" ]; then \ +if [ "$(systemctl is-active $check_srv)" != "active" ]; then \ sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\ - sleep 5; sudo systemctl start docker; sleep 5;\ + sleep 5; sudo systemctl start $check_srv; sleep 5;\ fi;\ if ! command -v sudo > /dev/null 2>&1; then echo "Failed to install sudo, command not found"; exit 1; fi;\ docker --version From ecf5b7c68f766ffdb16d9b675a27d0ce617e1781 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Tue, 18 Mar 2025 16:12:20 +0400 Subject: [PATCH 03/10] Checking sudo docker and status of the service Checking presence Sudo and Docker on the server. Checking the status of the Docker service. --- client/core/controllers/serverController.cpp | 4 +++- client/core/defs.h | 1 + client/core/errorstrings.cpp | 1 + client/server_scripts/install_docker.sh | 6 +++--- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp index 05283195..b29e1aa5 100644 --- a/client/core/controllers/serverController.cpp +++ b/client/core/controllers/serverController.cpp @@ -409,8 +409,10 @@ ErrorCode ServerController::installDockerWorker(const ServerCredentials &credent qDebug().noquote() << "ServerController::installDockerWorker" << stdOut; if (stdOut.contains("lock")) return ErrorCode::ServerPacketManagerError; - if (stdOut.contains("command not found")) + if (stdOut.contains("sudo:") && stdOut.contains("not found")) return ErrorCode::ServerDockerFailedError; + if (stdOut.contains("Failed docker status")) + return ErrorCode::ServerDockerStatusNotActive; return error; } diff --git a/client/core/defs.h b/client/core/defs.h index e073d030..7e90d15b 100644 --- a/client/core/defs.h +++ b/client/core/defs.h @@ -58,6 +58,7 @@ namespace amnezia ServerUserDirectoryNotAccessible = 208, ServerUserNotAllowedInSudoers = 209, ServerUserPasswordRequired = 210, + ServerDockerStatusNotActive = 211, // Ssh connection errors SshRequestDeniedError = 300, diff --git a/client/core/errorstrings.cpp b/client/core/errorstrings.cpp index a3d54601..33dc3908 100644 --- a/client/core/errorstrings.cpp +++ b/client/core/errorstrings.cpp @@ -26,6 +26,7 @@ QString errorString(ErrorCode code) { case(ErrorCode::ServerUserDirectoryNotAccessible): errorMessage = QObject::tr("The server user's home directory is not accessible"); break; case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("Action not allowed in sudoers"); break; case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break; + case(ErrorCode::ServerDockerStatusNotActive): errorMessage = QObject::tr("Docker service status is not active"); break; // Libssh errors case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break; diff --git a/client/server_scripts/install_docker.sh b/client/server_scripts/install_docker.sh index abbfbedf..2a9cba93 100644 --- a/client/server_scripts/install_docker.sh +++ b/client/server_scripts/install_docker.sh @@ -3,7 +3,7 @@ elif which dnf > /dev/null 2>&1; then pm=$(which dnf); silent_inst="-yq install" elif which yum > /dev/null 2>&1; then pm=$(which yum); silent_inst="-y -q install"; check_pkgs="-y -q check-update"; wh_pkg="--assumeno install --setopt=tsflags=test"; docker_pkg="docker"; check_srv="docker"; dist="centos";\ elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="-Sup"; wh_pkg="-Sp"; docker_pkg="docker"; check_srv="docker"; dist="archlinux";\ else echo "Packet manager not found"; exit 1; fi;\ -echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, What pkg command: $wh_pkg, Docker pkg: $docker_pkg", Check service: $check_srv";\ +echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, What pkg command: $wh_pkg, Docker pkg: $docker_pkg, Check service: $check_srv";\ if [ "$dist" = "debian" ]; then export DEBIAN_FRONTEND=noninteractive; fi;\ echo $LANG | grep -qE '^(en_US.UTF-8|C.UTF-8|C)$' || export LC_ALL=C;\ if ! command -v sudo > /dev/null 2>&1; then $pm $check_pkgs; $pm $silent_inst sudo; fi;\ @@ -19,6 +19,6 @@ fi;\ if [ "$(systemctl is-active $check_srv)" != "active" ]; then \ sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\ sleep 5; sudo systemctl start $check_srv; sleep 5;\ + if [ "$(systemctl is-active $check_srv)" != "active" ]; then echo "Failed docker status"; fi;\ fi;\ -if ! command -v sudo > /dev/null 2>&1; then echo "Failed to install sudo, command not found"; exit 1; fi;\ -docker --version +sudo docker --version From bb6de0c22a5a73d190a64969f583a658af325007 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Tue, 18 Mar 2025 19:06:33 +0400 Subject: [PATCH 04/10] Implementing podman support (#867) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Đ•nable podman.socket Disabling message: Emulate Docker CLI using podman. Check which containerization application will be installed. The default value for the verification service is set to docker Add creation of aliases for podman for users with sudo Removing AmneziaVPN aliases for podman-docker when cleaning the server. Docker version with sudo for podman Creating systemd service to autostart container when the server is rebooted, when using podman-docker Clearing server for podman and removing container for podman --- client/server_scripts/awg/run_container.sh | 7 ++++++- client/server_scripts/build_container.sh | 17 +++++++++++++++ client/server_scripts/install_docker.sh | 21 +++++++++++++++---- .../server_scripts/remove_all_containers.sh | 4 ++++ client/server_scripts/remove_container.sh | 4 ++++ 5 files changed, 48 insertions(+), 5 deletions(-) diff --git a/client/server_scripts/awg/run_container.sh b/client/server_scripts/awg/run_container.sh index af2a1e17..47f41a40 100644 --- a/client/server_scripts/awg/run_container.sh +++ b/client/server_scripts/awg/run_container.sh @@ -11,8 +11,13 @@ sudo docker run -d \ --name $CONTAINER_NAME \ $CONTAINER_NAME +# Create service for podman +if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then \ + sudo sh -c "podman generate systemd --restart-policy=always -t 1 --name $CONTAINER_NAME 2>/dev/null > $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service";\ + sudo sh -c "systemctl enable --now $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service && docker update --restart no $CONTAINER_NAME > /dev/null";\ +fi + sudo docker network connect amnezia-dns-net $CONTAINER_NAME # Prevent to route packets outside of the container in case if server behind of the NAT #sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up" - diff --git a/client/server_scripts/build_container.sh b/client/server_scripts/build_container.sh index b996237f..c8e6b527 100644 --- a/client/server_scripts/build_container.sh +++ b/client/server_scripts/build_container.sh @@ -1 +1,18 @@ +if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then sudo sh -c "\ + test -d /var/cache/containers || mkdir -m 700 -p /var/cache/containers;\ + test -f /var/cache/containers/short-name-aliases.conf || chmod 600 /var/cache/containers/short-name-aliases.conf>>/var/cache/containers/short-name-aliases.conf;\ + grep -q '\[aliases\]' /var/cache/containers/short-name-aliases.conf || echo '[aliases]' >> /var/cache/containers/short-name-aliases.conf;\ + grep -q ' # Amnezia start' /var/cache/containers/short-name-aliases.conf || printf '%s\n' \ + ' # Amnezia start' \ + ' \"3proxy/3proxy\" = \"docker.io/3proxy/3proxy\"' \ + ' \"amneziavpn/amnezia-wg\" = \"docker.io/amneziavpn/amnezia-wg\"' \ + ' \"amneziavpn/amneziawg-go\" = \"docker.io/amneziavpn/amneziawg-go\"' \ + ' \"amneziavpn/ipsec-server\" = \"docker.io/amneziavpn/ipsec-server\"' \ + ' \"amneziavpn/torpress\" = \"docker.io/amneziavpn/torpress\"' \ + ' \"atmoz/sftp\" = \"docker.io/atmoz/sftp\"' \ + ' \"mvance/unbound\" = \"docker.io/mvance/unbound\"' \ + ' \"alpine\" = \"docker.io/library/alpine\"' \ + ' # Amnezia finish' \ + >> /var/cache/containers/short-name-aliases.conf";\ +fi;\ sudo docker build --no-cache --pull -t $CONTAINER_NAME $DOCKERFILE_FOLDER diff --git a/client/server_scripts/install_docker.sh b/client/server_scripts/install_docker.sh index 2a9cba93..50125125 100644 --- a/client/server_scripts/install_docker.sh +++ b/client/server_scripts/install_docker.sh @@ -10,15 +10,28 @@ if ! command -v sudo > /dev/null 2>&1; then $pm $check_pkgs; $pm $silent_inst su if ! command -v fuser > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst psmisc; fi;\ if ! command -v lsof > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst lsof; fi;\ if ! command -v docker > /dev/null 2>&1; then \ - sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\ - sleep 5; sudo systemctl enable --now $check_srv; sleep 5;\ + sudo $pm $check_pkgs;\ + if [ -n "$(sudo $pm $wh_pkg $docker_pkg 2>/dev/null | grep moby-engine)" ]; \ + then echo "Docker is not supported"; exit 1;\ + else sudo $pm $silent_inst $docker_pkg;\ + fi;\ + if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then docker_pkg="podman-docker"; check_srv="podman.socket podman";\ + if [ -n "$(sudo docker --version 2>&1 | grep /etc/containers/nodocker)" ]; then sudo touch /etc/containers/nodocker; fi;\ + fi;\ + sleep 5; sudo systemctl enable --now $check_srv 2>/dev/null; sleep 5;\ +fi;\ +if [ -n "$(sudo docker --version 2>&1 | grep moby-engine)" ]; then echo "Docker is not supported"; exit 1;\ +elif [ -n "$(sudo docker --version 2>&1 | grep podman)" ]; then check_srv="podman.socket podman"; docker_pkg="podman-docker";\ + if [ -n "$(sudo docker --version 2>&1 | grep /etc/containers/nodocker)" ]; then sudo touch /etc/containers/nodocker; fi;\ fi;\ if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = "Y" ]; then \ if ! command -v apparmor_parser > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst apparmor; fi;\ fi;\ -if [ "$(systemctl is-active $check_srv)" != "active" ]; then \ +if [ "$(systemctl is-active $check_srv | head -n1)" != "active" ]; then \ sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\ sleep 5; sudo systemctl start $check_srv; sleep 5;\ - if [ "$(systemctl is-active $check_srv)" != "active" ]; then echo "Failed docker status"; fi;\ + if [ "$(systemctl is-active $check_srv | head -n1)" != "active" ]; then echo "Failed docker status"; fi;\ fi;\ sudo docker --version + +# To allow autoinstallation of podman-docker, remove ' || [ -n "$(sudo $pm $wh_pkg $docker_pkg 2>/dev/null | grep podman-docker)" ]' and ' || [ -n "$(sudo docker --version 2>&1 | grep podman)" ]' diff --git a/client/server_scripts/remove_all_containers.sh b/client/server_scripts/remove_all_containers.sh index ce706f80..aed7cf9d 100644 --- a/client/server_scripts/remove_all_containers.sh +++ b/client/server_scripts/remove_all_containers.sh @@ -1,4 +1,8 @@ sudo docker ps -a | grep amnezia | awk '{print $1}' | xargs sudo docker stop;\ +sudo docker --version 2>/dev/null | grep -q podman && \ + sudo systemctl list-units | grep amnezia | awk '{print $1}' | xargs sudo systemctl disable --now && \ + sudo systemctl daemon-reload && sudo systemctl reset-failed && \ + sudo sed -i '/^ # Amnezia start/,/^ # Amnezia finish$/d' /var/cache/containers/short-name-aliases.conf;\ sudo docker ps -a | grep amnezia | awk '{print $1}' | xargs sudo docker rm -fv;\ sudo docker images -a | grep amnezia | awk '{print $3}' | xargs sudo docker rmi;\ sudo docker network ls | grep amnezia-dns-net | awk '{print $1}' | xargs sudo docker network rm;\ diff --git a/client/server_scripts/remove_container.sh b/client/server_scripts/remove_container.sh index 3e894e8f..3048b218 100644 --- a/client/server_scripts/remove_container.sh +++ b/client/server_scripts/remove_container.sh @@ -1,3 +1,7 @@ sudo docker stop $CONTAINER_NAME;\ +sudo docker --version 2>/dev/null | grep -q podman && \ + sudo systemctl disable --now container-$CONTAINER_NAME.service && \ + sudo systemctl daemon-reload && sudo systemctl reset-failed && \ + sudo rm -f $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service;\ sudo docker rm -fv $CONTAINER_NAME;\ sudo docker rmi $CONTAINER_NAME From 83850bd997ed90d89e6d603a2e75ef8add27538f Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Tue, 18 Mar 2025 19:57:00 +0400 Subject: [PATCH 05/10] Error for unsupported dockers Added error for unsupported moby-engine and podman-docker. --- client/core/controllers/serverController.cpp | 2 ++ client/core/defs.h | 3 ++- client/core/errorstrings.cpp | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp index b29e1aa5..31ee9f30 100644 --- a/client/core/controllers/serverController.cpp +++ b/client/core/controllers/serverController.cpp @@ -411,6 +411,8 @@ ErrorCode ServerController::installDockerWorker(const ServerCredentials &credent return ErrorCode::ServerPacketManagerError; if (stdOut.contains("sudo:") && stdOut.contains("not found")) return ErrorCode::ServerDockerFailedError; + if (stdOut.contains("Docker is not supported")) + return ErrorCode::ServerDockerNotSupported; if (stdOut.contains("Failed docker status")) return ErrorCode::ServerDockerStatusNotActive; diff --git a/client/core/defs.h b/client/core/defs.h index 7e90d15b..e58350d3 100644 --- a/client/core/defs.h +++ b/client/core/defs.h @@ -58,7 +58,8 @@ namespace amnezia ServerUserDirectoryNotAccessible = 208, ServerUserNotAllowedInSudoers = 209, ServerUserPasswordRequired = 210, - ServerDockerStatusNotActive = 211, + ServerDockerNotSupported = 211, + ServerDockerStatusNotActive = 212, // Ssh connection errors SshRequestDeniedError = 300, diff --git a/client/core/errorstrings.cpp b/client/core/errorstrings.cpp index 33dc3908..840a647a 100644 --- a/client/core/errorstrings.cpp +++ b/client/core/errorstrings.cpp @@ -26,6 +26,7 @@ QString errorString(ErrorCode code) { case(ErrorCode::ServerUserDirectoryNotAccessible): errorMessage = QObject::tr("The server user's home directory is not accessible"); break; case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("Action not allowed in sudoers"); break; case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break; + case(ErrorCode::ServerDockerNotSupported): errorMessage = QObject::tr("Docker, which is offered for installation by default by the server's OS, is not supported"); break; case(ErrorCode::ServerDockerStatusNotActive): errorMessage = QObject::tr("Docker service status is not active"); break; // Libssh errors From 7bf16406f55f3183db91c0b473794e741d00fef6 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Wed, 19 Mar 2025 03:09:58 +0400 Subject: [PATCH 06/10] Minor changes Minor changes --- client/core/errorstrings.cpp | 2 +- client/server_scripts/build_container.sh | 9 +++++---- client/server_scripts/install_docker.sh | 12 ++++++------ 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/client/core/errorstrings.cpp b/client/core/errorstrings.cpp index 840a647a..7cbadbad 100644 --- a/client/core/errorstrings.cpp +++ b/client/core/errorstrings.cpp @@ -26,7 +26,7 @@ QString errorString(ErrorCode code) { case(ErrorCode::ServerUserDirectoryNotAccessible): errorMessage = QObject::tr("The server user's home directory is not accessible"); break; case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("Action not allowed in sudoers"); break; case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break; - case(ErrorCode::ServerDockerNotSupported): errorMessage = QObject::tr("Docker, which is offered for installation by default by the server's OS, is not supported"); break; + case(ErrorCode::ServerDockerNotSupported): errorMessage = QObject::tr("Docker for installation by default is not supported"); break; case(ErrorCode::ServerDockerStatusNotActive): errorMessage = QObject::tr("Docker service status is not active"); break; // Libssh errors diff --git a/client/server_scripts/build_container.sh b/client/server_scripts/build_container.sh index c8e6b527..482d9997 100644 --- a/client/server_scripts/build_container.sh +++ b/client/server_scripts/build_container.sh @@ -4,13 +4,14 @@ if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then sudo sh -c grep -q '\[aliases\]' /var/cache/containers/short-name-aliases.conf || echo '[aliases]' >> /var/cache/containers/short-name-aliases.conf;\ grep -q ' # Amnezia start' /var/cache/containers/short-name-aliases.conf || printf '%s\n' \ ' # Amnezia start' \ - ' \"3proxy/3proxy\" = \"docker.io/3proxy/3proxy\"' \ - ' \"amneziavpn/amnezia-wg\" = \"docker.io/amneziavpn/amnezia-wg\"' \ - ' \"amneziavpn/amneziawg-go\" = \"docker.io/amneziavpn/amneziawg-go\"' \ ' \"amneziavpn/ipsec-server\" = \"docker.io/amneziavpn/ipsec-server\"' \ + ' \"amneziavpn/amneziawg-go\" = \"docker.io/amneziavpn/amneziawg-go\"' \ + ' \"amneziavpn/amnezia-wg\" = \"docker.io/amneziavpn/amnezia-wg\"' \ + ' \"amneziavpn/euphoria\" = \"docker.io/amneziavpn/euphoria\"' \ ' \"amneziavpn/torpress\" = \"docker.io/amneziavpn/torpress\"' \ - ' \"atmoz/sftp\" = \"docker.io/atmoz/sftp\"' \ ' \"mvance/unbound\" = \"docker.io/mvance/unbound\"' \ + ' \"3proxy/3proxy\" = \"docker.io/3proxy/3proxy\"' \ + ' \"atmoz/sftp\" = \"docker.io/atmoz/sftp\"' \ ' \"alpine\" = \"docker.io/library/alpine\"' \ ' # Amnezia finish' \ >> /var/cache/containers/short-name-aliases.conf";\ diff --git a/client/server_scripts/install_docker.sh b/client/server_scripts/install_docker.sh index 50125125..5b88e340 100644 --- a/client/server_scripts/install_docker.sh +++ b/client/server_scripts/install_docker.sh @@ -11,22 +11,22 @@ if ! command -v fuser > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $sil if ! command -v lsof > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst lsof; fi;\ if ! command -v docker > /dev/null 2>&1; then \ sudo $pm $check_pkgs;\ - if [ -n "$(sudo $pm $wh_pkg $docker_pkg 2>/dev/null | grep moby-engine)" ]; \ + if [ -n "$(sudo $pm $wh_pkg $docker_pkg 2>/dev/null | grep moby-engine)" ];\ then echo "Docker is not supported"; exit 1;\ else sudo $pm $silent_inst $docker_pkg;\ fi;\ - if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then docker_pkg="podman-docker"; check_srv="podman.socket podman";\ + if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then check_srv="podman.socket podman"; docker_pkg="podman-docker";\ if [ -n "$(sudo docker --version 2>&1 | grep /etc/containers/nodocker)" ]; then sudo touch /etc/containers/nodocker; fi;\ fi;\ sleep 5; sudo systemctl enable --now $check_srv 2>/dev/null; sleep 5;\ fi;\ -if [ -n "$(sudo docker --version 2>&1 | grep moby-engine)" ]; then echo "Docker is not supported"; exit 1;\ -elif [ -n "$(sudo docker --version 2>&1 | grep podman)" ]; then check_srv="podman.socket podman"; docker_pkg="podman-docker";\ - if [ -n "$(sudo docker --version 2>&1 | grep /etc/containers/nodocker)" ]; then sudo touch /etc/containers/nodocker; fi;\ -fi;\ if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = "Y" ]; then \ if ! command -v apparmor_parser > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst apparmor; fi;\ fi;\ +if [ -n "$(sudo docker --version 2>&1 | grep moby-engine)" ]; then echo "Docker is not supported"; exit 1;\ +elif [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then check_srv="podman.socket podman"; docker_pkg="podman-docker";\ + if [ -n "$(sudo docker --version 2>&1 | grep /etc/containers/nodocker)" ]; then sudo touch /etc/containers/nodocker; fi;\ +fi;\ if [ "$(systemctl is-active $check_srv | head -n1)" != "active" ]; then \ sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\ sleep 5; sudo systemctl start $check_srv; sleep 5;\ From 5aff154521df5efbebd5451787b966aaea27ee11 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Wed, 19 Mar 2025 04:22:58 +0400 Subject: [PATCH 07/10] changes in run_container.sh --- client/server_scripts/awg/run_container.sh | 10 +++++----- client/server_scripts/xray/run_container.sh | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/client/server_scripts/awg/run_container.sh b/client/server_scripts/awg/run_container.sh index 47f41a40..a222e39c 100644 --- a/client/server_scripts/awg/run_container.sh +++ b/client/server_scripts/awg/run_container.sh @@ -11,13 +11,13 @@ sudo docker run -d \ --name $CONTAINER_NAME \ $CONTAINER_NAME +sudo docker network connect amnezia-dns-net $CONTAINER_NAME + +# Prevent to route packets outside of the container in case if server behind of the NAT +#sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up" + # Create service for podman if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then \ sudo sh -c "podman generate systemd --restart-policy=always -t 1 --name $CONTAINER_NAME 2>/dev/null > $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service";\ sudo sh -c "systemctl enable --now $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service && docker update --restart no $CONTAINER_NAME > /dev/null";\ fi - -sudo docker network connect amnezia-dns-net $CONTAINER_NAME - -# Prevent to route packets outside of the container in case if server behind of the NAT -#sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up" diff --git a/client/server_scripts/xray/run_container.sh b/client/server_scripts/xray/run_container.sh index e22ba496..53702b3d 100644 --- a/client/server_scripts/xray/run_container.sh +++ b/client/server_scripts/xray/run_container.sh @@ -12,12 +12,12 @@ sudo docker network connect amnezia-dns-net $CONTAINER_NAME # Create tun device if not exist sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi' +# Prevent to route packets outside of the container in case if server behind of the NAT +#sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up" + # Create service for podman if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then \ sudo sh -c "podman generate systemd --new --name $CONTAINER_NAME 2>/dev/null > $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service";\ - sudo mv $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service /etc/systemd/system/ + sudo mv $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service /etc/systemd/system/;\ sudo systemctl daemon-reload && sudo systemctl enable --now container-$CONTAINER_NAME.service;\ fi - -# Prevent to route packets outside of the container in case if server behind of the NAT -#sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up" From 7efb681b022efd3e7000a633e974350856b1a357 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Wed, 19 Mar 2025 11:00:08 +0400 Subject: [PATCH 08/10] using system directory using the system directory to run services --- client/server_scripts/awg/run_container.sh | 5 +++-- client/server_scripts/remove_all_containers.sh | 2 ++ client/server_scripts/remove_container.sh | 3 ++- client/server_scripts/xray/run_container.sh | 4 ++-- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/client/server_scripts/awg/run_container.sh b/client/server_scripts/awg/run_container.sh index a222e39c..4d067126 100644 --- a/client/server_scripts/awg/run_container.sh +++ b/client/server_scripts/awg/run_container.sh @@ -18,6 +18,7 @@ sudo docker network connect amnezia-dns-net $CONTAINER_NAME # Create service for podman if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then \ - sudo sh -c "podman generate systemd --restart-policy=always -t 1 --name $CONTAINER_NAME 2>/dev/null > $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service";\ - sudo sh -c "systemctl enable --now $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service && docker update --restart no $CONTAINER_NAME > /dev/null";\ + sudo sh -c "podman generate systemd --restart-policy=always -t 10 --name $CONTAINER_NAME 2>/dev/null > $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service";\ + sudo cp $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service /etc/systemd/system/;\ + sudo systemctl daemon-reload && sudo systemctl enable --now container-$CONTAINER_NAME.service && sudo docker update --restart no $CONTAINER_NAME > /dev/null;\ fi diff --git a/client/server_scripts/remove_all_containers.sh b/client/server_scripts/remove_all_containers.sh index aed7cf9d..bbded5be 100644 --- a/client/server_scripts/remove_all_containers.sh +++ b/client/server_scripts/remove_all_containers.sh @@ -2,6 +2,8 @@ sudo docker ps -a | grep amnezia | awk '{print $1}' | xargs sudo docker stop;\ sudo docker --version 2>/dev/null | grep -q podman && \ sudo systemctl list-units | grep amnezia | awk '{print $1}' | xargs sudo systemctl disable --now && \ sudo systemctl daemon-reload && sudo systemctl reset-failed && \ + sudo rm -f /etc/systemd/system/container-amnezia-*.service && \ + sudo systemctl daemon-reload && \ sudo sed -i '/^ # Amnezia start/,/^ # Amnezia finish$/d' /var/cache/containers/short-name-aliases.conf;\ sudo docker ps -a | grep amnezia | awk '{print $1}' | xargs sudo docker rm -fv;\ sudo docker images -a | grep amnezia | awk '{print $3}' | xargs sudo docker rmi;\ diff --git a/client/server_scripts/remove_container.sh b/client/server_scripts/remove_container.sh index 3048b218..7619f76d 100644 --- a/client/server_scripts/remove_container.sh +++ b/client/server_scripts/remove_container.sh @@ -2,6 +2,7 @@ sudo docker stop $CONTAINER_NAME;\ sudo docker --version 2>/dev/null | grep -q podman && \ sudo systemctl disable --now container-$CONTAINER_NAME.service && \ sudo systemctl daemon-reload && sudo systemctl reset-failed && \ - sudo rm -f $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service;\ + sudo rm -f /etc/systemd/system/container-$CONTAINER_NAME.service && \ + sudo systemctl daemon-reload;\ sudo docker rm -fv $CONTAINER_NAME;\ sudo docker rmi $CONTAINER_NAME diff --git a/client/server_scripts/xray/run_container.sh b/client/server_scripts/xray/run_container.sh index 53702b3d..5014a817 100644 --- a/client/server_scripts/xray/run_container.sh +++ b/client/server_scripts/xray/run_container.sh @@ -18,6 +18,6 @@ sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/n # Create service for podman if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then \ sudo sh -c "podman generate systemd --new --name $CONTAINER_NAME 2>/dev/null > $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service";\ - sudo mv $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service /etc/systemd/system/;\ - sudo systemctl daemon-reload && sudo systemctl enable --now container-$CONTAINER_NAME.service;\ + sudo cp $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service /etc/systemd/system/;\ + sudo systemctl daemon-reload && sudo systemctl enable --now container-$CONTAINER_NAME.service && sudo docker update --restart no $CONTAINER_NAME > /dev/null;\ fi From bf65a57b321974c42d5d060824cbb0e51213e439 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Wed, 19 Mar 2025 13:03:16 +0400 Subject: [PATCH 09/10] Update remove_all --- client/server_scripts/remove_all_containers.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/client/server_scripts/remove_all_containers.sh b/client/server_scripts/remove_all_containers.sh index bbded5be..c5a105d7 100644 --- a/client/server_scripts/remove_all_containers.sh +++ b/client/server_scripts/remove_all_containers.sh @@ -1,10 +1,11 @@ sudo docker ps -a | grep amnezia | awk '{print $1}' | xargs sudo docker stop;\ -sudo docker --version 2>/dev/null | grep -q podman && \ - sudo systemctl list-units | grep amnezia | awk '{print $1}' | xargs sudo systemctl disable --now && \ - sudo systemctl daemon-reload && sudo systemctl reset-failed && \ - sudo rm -f /etc/systemd/system/container-amnezia-*.service && \ - sudo systemctl daemon-reload && \ +if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then \ + sudo systemctl list-units | grep amnezia | awk '{print $1}' | xargs sudo systemctl disable --now;\ + sudo systemctl daemon-reload; sudo systemctl reset-failed;\ + sudo rm -f /etc/systemd/system/container-amnezia-*.service;\ + sudo systemctl daemon-reload;\ sudo sed -i '/^ # Amnezia start/,/^ # Amnezia finish$/d' /var/cache/containers/short-name-aliases.conf;\ +fi;\ sudo docker ps -a | grep amnezia | awk '{print $1}' | xargs sudo docker rm -fv;\ sudo docker images -a | grep amnezia | awk '{print $3}' | xargs sudo docker rmi;\ sudo docker network ls | grep amnezia-dns-net | awk '{print $1}' | xargs sudo docker network rm;\ From 8d2a4990e77ecbcd2154bad6b0f42f5e83219175 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Wed, 19 Mar 2025 13:45:32 +0400 Subject: [PATCH 10/10] Update remove_container --- client/server_scripts/remove_container.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/client/server_scripts/remove_container.sh b/client/server_scripts/remove_container.sh index 7619f76d..37b91867 100644 --- a/client/server_scripts/remove_container.sh +++ b/client/server_scripts/remove_container.sh @@ -1,8 +1,9 @@ sudo docker stop $CONTAINER_NAME;\ -sudo docker --version 2>/dev/null | grep -q podman && \ - sudo systemctl disable --now container-$CONTAINER_NAME.service && \ - sudo systemctl daemon-reload && sudo systemctl reset-failed && \ - sudo rm -f /etc/systemd/system/container-$CONTAINER_NAME.service && \ +if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then \ + sudo systemctl disable --now container-$CONTAINER_NAME.service;\ + sudo systemctl daemon-reload; sudo systemctl reset-failed;\ + sudo rm -f /etc/systemd/system/container-$CONTAINER_NAME.service;\ sudo systemctl daemon-reload;\ +fi;\ sudo docker rm -fv $CONTAINER_NAME;\ sudo docker rmi $CONTAINER_NAME