diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 021ebb1..d2acc0a 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -1,6 +1,7 @@ #!/usr/bin/python3 import sys, subprocess +from pathlib import Path # display config script info if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help": @@ -9,20 +10,102 @@ if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help": print("note that [INTERNAL-PORT]:[EXTERNAL-PORT] can one or multiple forwardings") sys.exit(1) +# +# CONSTANTS +# + +SERVICENAME="autossh-tunnel.service" +SERVICEFILE="/etc/systemd/system/"+SERVICENAME +SERVICETEMPLATE="""# see config script internet.sshtunnel.py +[Unit] +Description=AutoSSH tunnel service +After=network.target + +[Service] +User=root +Group=root +Environment="AUTOSSH_GATETIME=0" +ExecStart=/usr/bin/autossh -M 0 -N -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" [PLACEHOLDER] +StandardOutput=journal + +[Install] +WantedBy=multi-user.target +""" + # # SWITCHING ON # if sys.argv[1] == "on": - # check if already running -> systemctl is-enabled autossh-tunnel.service - alreadyRunning = subprocess.check_output('systemctl is-enabled autossh-tunnel.service' ,shell=True, universal_newlines=True) - print(alreadyRunning) - if str(alreadyRunning).count("enabled") > 0: - print("already running - run 'internet.sshtunnel.py off' first") + # check if already running + already_running = subprocess.check_output(f"systemctl is-enabled {SERVICENAME}" ,shell=True, universal_newlines=True) + if str(already_running).count("enabled") > 0: + print("already ON - run 'internet.sshtunnel.py off' first") + sys.exit(1) + + # check server address + ssh_server = sys.argv[2] + if ssh_server.count("@") != 1: + print(f"[USER]@[SERVER] wrong - use 'internet.sshtunnel.py -h' for help") + sys.exit(1) + + # check minimal forwardings + if len(sys.argv) < 4: + print("[INTERNAL-PORT]:[EXTERNAL-PORT] missing - run 'internet.sshtunnel.py off' first") sys.exit(1) - print ("TODO: Switch ON") + # genenate additional parameter for autossh (forwarding ports) + additional_parameters="" + i = 3 + while i < len(sys.argv): + + # check forwarding format + if sys.argv[i].count(":") != 1: + print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] wrong format '{sys.argv[i]}'") + sys.exit(1) + + # get ports + ports = sys.argv[i].split(":") + port_internal = ports[0] + port_external = ports[1] + if port_internal.isdigit() == False: + print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] internal not number '{sys.argv[i]}'") + sys.exit(1) + if port_external.isdigit() == False: + print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] external not number '{sys.argv[i]}'") + sys.exit(1) + + additional_parameters= additional_parameters + f"-R {port_external}:localhost:{port_internal} " + i=i+1 + + # genenate additional parameter for autossh (server) + additional_parameters= additional_parameters + ssh_server + + # generate custom service config + service_data = SERVICETEMPLATE.replace("[PLACEHOLDER]", additional_parameters) + + # DEBUG exit + print("****** SERVICE ******") + print(service_data) + sys.exit(0) + + # write service file + service_file = open(SERVICEFILE, "w") + service_file.write(service_data) + service_file.close() + + # enable service + print(f"*** Enabling systemd service: {{SERVICENAME}}") + subprocess.call(f"systemctl daemon-reload", shell=True) + subprocess.call(f"systemctl enable {SERVICENAME}", shell=True) + print() + + # final info (can be ignored if run by other script) + print(f"*** OK - SSH TUNNEL SERVICE STARTED ***") + print(f"- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of {} ") + print(f"- Tunnel service needs final reboot to start.") + print(f"- After reboot check logs: sudo journalctl -f -u {SERVICENAME}") # # SWITCHING OFF @@ -30,6 +113,12 @@ if sys.argv[1] == "on": elif sys.argv[1] == "off": + # check if already disabled + alreadyRunning = subprocess.check_output(f"systemctl is-enabled {SERVICENAME}" ,shell=True, universal_newlines=True) + if str(alreadyRunning).count("enabled") == 0: + print("Was already OFF") + sys.exit(0) + print ("TODO: Switch OFF") #