config: add webssh service

NethServer · Mar 7, 2024 · 021339e · 021339e
1 parent a63ce3c
commit 021339e
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 4 deletions.
diff --git a/imageroot/actions/configure-module/20configure b/imageroot/actions/configure-module/20configure
@@ -81,6 +81,20 @@ response = agent.tasks.run(
 )
 agent.assert_exp(response['exit_code'] == 0)
 
+response = agent.tasks.run(
+    agent_id=agent.resolve_agent_id('traefik@node'),
+    action='set-route',
+    data={
+        'instance': os.environ['MODULE_ID'] + '_webssh',
+        'url':  f'http://127.0.0.1:{ports[9]}',
+        'http2https': True,
+        'lets_encrypt': request["lets_encrypt"],
+        'host': request["host"],
+        'path': '/webssh'
+    },
+)
+agent.assert_exp(response['exit_code'] == 0)
+
 
 # Replace password if passed as parameter, otherwise read the old one
 if 'api_password' in request and request['api_password'] != '':

diff --git a/imageroot/actions/create-module/20initialize b/imageroot/actions/create-module/20initialize
@@ -18,6 +18,7 @@ promtail_port=$(($start+4))
 # port 6 and 7 are reserved for loki
 # port 8 is reserved for prometheus
 # port 9 is reserved for grafana
+webssh_port=$(($start+9))
 
 num=$(echo $MODULE_ID | sed 's/nethsecurity\-controller//')
 
@@ -33,6 +34,7 @@ UI_PORT=$ui_port
 UI_BIND_IP=127.0.0.1
 PROXY_PORT=$proxy_port
 PROXY_BIND_UI=127.0.0.1
+WEBSSH_PORT=$webssh_port
 EOF
 
 cat << EOF > secret.env

diff --git a/imageroot/actions/destroy-module/20destroy b/imageroot/actions/destroy-module/20destroy
@@ -23,12 +23,12 @@ if default_traefik_id is None:
     sys.exit(2)
 
 # Remove traefik routes
-for instance in [os.environ['MODULE_ID'], os.environ['MODULE_ID'] + '_grafana', os.environ['MODULE_ID'] + '_loki', os.environ['MODULE_ID'] + '_prometheus']:
+for instance in ['', '_grafana', '_loki', '_prometheus', '_webssh']:
     response = agent.tasks.run(
         agent_id=default_traefik_id,
         action='delete-route',
         data={
-            'instance': instance
+            'instance': os.environ['MODULE_ID'] + instance
         },
     )
     agent.assert_exp(response['exit_code'] == 0)
diff --git a/imageroot/systemd/user/controller.service b/imageroot/systemd/user/controller.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Podman controller.service
-Requires=vpn.service api.service ui.service proxy.service promtail.service metrics-exporter.path loki.service prometheus.service grafana.service
-Before=vpn.service api.service ui.service proxy.service promtail.service metrics-exporter.path loki.service prometheus.service grafana.service
+Requires=vpn.service api.service ui.service proxy.service promtail.service metrics-exporter.path loki.service prometheus.service grafana.service webssh.service
+Before=vpn.service api.service ui.service proxy.service promtail.service metrics-exporter.path loki.service prometheus.service grafana.service webssh.service
 ConditionPathExists=%S/state/environment
 ConditionPathExists=%S/state/network.env
 

diff --git a/imageroot/systemd/user/webssh.service b/imageroot/systemd/user/webssh.service
@@ -0,0 +1,28 @@
+
+[Unit]
+Description=Podman webssh.service
+BindsTo=controller.service
+After=vpm.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+EnvironmentFile=%S/state/environment
+EnvironmentFile=%S/state/network.env
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/.pid %t/webssh.ctr-id
+ExecStart=/usr/bin/podman run \
+    --conmon-pidfile %t/webssh.pid \
+    --cidfile %t/webssh.ctr-id \
+    --cgroups=no-conmon \
+    --pod-id-file %t/controller.pod-id \
+    --replace -d --name webssh \
+    --network=host \
+    ${WEBSSH_IMAGE} --address='127.0.0.1' --port=${WEBSSH_PORT}
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/webssh.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/webssh.ctr-id
+PIDFile=%t/webssh.pid
+Type=forking
+
+[Install]
+WantedBy=default.target