From 92296188afad9d157d120704f9812ef601afecf6 Mon Sep 17 00:00:00 2001 From: Peter Galonza Date: Sat, 29 Mar 2025 22:59:12 +0300 Subject: [PATCH 1/2] fix: set iptables rules after reboot --- client/core/controllers/serverController.cpp | 14 ++++++-- client/server_scripts/prepare_host.sh | 37 ++++++++++++++++++++ 2 files changed, 49 insertions(+), 2 deletions(-) diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp index d8c94f4d..5a2caa14 100644 --- a/client/core/controllers/serverController.cpp +++ b/client/core/controllers/serverController.cpp @@ -417,8 +417,18 @@ ErrorCode ServerController::installDockerWorker(const ServerCredentials &credent ErrorCode ServerController::prepareHostWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config) { - // create folder on host - return runScript(credentials, replaceVars(amnezia::scriptData(SharedScriptType::prepare_host), genVarsForScript(credentials, container))); + QString sctiptFileName = QString("/opt/amnezia/setup_host_firewall.sh") + errorCode = uploadFileToHost(credentials, amnezia::scriptData(SharedScriptType::setup_host_firewall).toUtf8(), sctiptFileName); + + if (errorCode) + return errorCode; + + ErrorCode errorCode = runScript(credentials, replaceVars(amnezia::scriptData(SharedScriptType::prepare_host), genVarsForScript(credentials, container))); + + if (errorCode) + return errorCode; + + return errorCode } ErrorCode ServerController::buildContainerWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config) diff --git a/client/server_scripts/prepare_host.sh b/client/server_scripts/prepare_host.sh index 1cc56a01..6cf266ef 100644 --- a/client/server_scripts/prepare_host.sh +++ b/client/server_scripts/prepare_host.sh @@ -7,3 +7,40 @@ if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network --opt com.docker.network.bridge.name=amn0 \ amnezia-dns-net;\ fi + +if ! grep -q "#!/bin/bash" /opt/amnezia/setup_host_firewall.sh; then + sudo sed -i '1i\#!/bin/bash\n' /opt/amnezia/setup_host_firewall.sh +fi + +if lsmod | grep -qw nf_tables; then + sudo update-alternatives --set iptables /usr/sbin/iptables-nft + sudo cat > /etc/systemd/system/setup-host-firewall.service << EOF +[Unit] +Description=Run setup_host_firewall.sh +PartOf=nftables.service +After=nftables.service + +[Service] +Type=oneshot +ExecStart=/opt/amnezia/setup_host_firewall.sh +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +EOF +else + sudo cat > /etc/systemd/system/setup-host-firewall.service << EOF +[Unit] +Description=Run setup_host_firewall.sh + +[Service] +Type=oneshot +ExecStart=/opt/amnezia/setup_host_firewall.sh +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +EOF +fi + +sudo systemctl enable setup-host-firewall.service \ No newline at end of file From 88203ce804f293b52ba06e98268f8342373830c0 Mon Sep 17 00:00:00 2001 From: Peter Galonza Date: Sun, 30 Mar 2025 20:08:40 +0300 Subject: [PATCH 2/2] fix: mistakes --- client/core/controllers/serverController.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp index 5a2caa14..f6953082 100644 --- a/client/core/controllers/serverController.cpp +++ b/client/core/controllers/serverController.cpp @@ -417,13 +417,13 @@ ErrorCode ServerController::installDockerWorker(const ServerCredentials &credent ErrorCode ServerController::prepareHostWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config) { - QString sctiptFileName = QString("/opt/amnezia/setup_host_firewall.sh") - errorCode = uploadFileToHost(credentials, amnezia::scriptData(SharedScriptType::setup_host_firewall).toUtf8(), sctiptFileName); + QString sctiptFileName = QString("/opt/amnezia/setup_host_firewall.sh"); + ErrorCode errorCode = uploadFileToHost(credentials, amnezia::scriptData(SharedScriptType::setup_host_firewall).toUtf8(), sctiptFileName); if (errorCode) return errorCode; - ErrorCode errorCode = runScript(credentials, replaceVars(amnezia::scriptData(SharedScriptType::prepare_host), genVarsForScript(credentials, container))); + errorCode = runScript(credentials, replaceVars(amnezia::scriptData(SharedScriptType::prepare_host), genVarsForScript(credentials, container))); if (errorCode) return errorCode;