Streamline startup

Dockerfile

@@ -36,6 +36,7 @@ RUN echo 'tmpfs /run/dojofs tmpfs defaults,mode=755,shared 0 0' > /etc/fstab &&
     echo '/data/homes /run/homefs none defaults,bind,nosuid 0 0' >> /etc/fstab
 
 RUN ln -s /opt/pwn.college/etc/systemd/system/pwn.college.service /etc/systemd/system/pwn.college.service && \
+    ln -s /opt/pwn.college/etc/systemd/system/pwn.college.init.service /etc/systemd/system/pwn.college.init.service && \
     ln -s /opt/pwn.college/etc/systemd/system/pwn.college.backup.service /etc/systemd/system/pwn.college.backup.service && \
     ln -s /opt/pwn.college/etc/systemd/system/pwn.college.backup.timer /etc/systemd/system/pwn.college.backup.timer && \
     ln -s /opt/pwn.college/etc/systemd/system/pwn.college.cachewarmer.service /etc/systemd/system/pwn.college.cachewarmer.service && \
@@ -44,6 +45,7 @@ RUN ln -s /opt/pwn.college/etc/systemd/system/pwn.college.service /etc/systemd/s
     ln -s /opt/pwn.college/etc/systemd/system/pwn.college.imagepuller.timer /etc/systemd/system/pwn.college.imagepuller.timer && \
     ln -s /opt/pwn.college/etc/systemd/system/pwn.college.cloud.backup.service /etc/systemd/system/pwn.college.cloud.backup.service && \
     ln -s /opt/pwn.college/etc/systemd/system/pwn.college.cloud.backup.timer /etc/systemd/system/pwn.college.cloud.backup.timer && \
+    ln -s /etc/systemd/system/pwn.college.init.service /etc/systemd/system/multi-user.target.wants/pwn.college.init.service && \
     ln -s /etc/systemd/system/pwn.college.service /etc/systemd/system/multi-user.target.wants/pwn.college.service && \
     ln -s /etc/systemd/system/pwn.college.backup.timer /etc/systemd/system/timers.target.wants/pwn.college.backup.timer && \
     ln -s /etc/systemd/system/pwn.college.cachewarmer.timer /etc/systemd/system/timers.target.wants/pwn.college.cachewarmer.timer && \
@@ -58,4 +60,4 @@ RUN find /opt/pwn.college/dojo -type f -exec ln -s {} /usr/bin/ \;
 EXPOSE 22
 EXPOSE 80
 EXPOSE 443
-CMD ["dojo", "init"]
+CMD ["/usr/bin/systemd"]

dojo/dojo

@@ -13,13 +13,13 @@ fi
 DOCKER_ARGS=${DOCKER_ARGS:--i}
 [ -t 0 ] && DOCKER_ARGS="-t $DOCKER_ARGS"
 
-if [ "$ACTION" != "init" ] && [ -f /data/config.env ]; then
-    . /data/config.env
-fi
+[ -f /data/config.env ] && . /data/config.env
 
 case "$ACTION" in
     # HELP: up: bring the dojo up
     "up")
+        echo "[+] Starting the dojo. If this is the first start, the challenge"
+        echo "[+} container will be built, which will take a very long time."
         dojo sync
         dojo compose up -d --build --remove-orphans "$@"
         ;;
@@ -124,11 +124,12 @@ case "$ACTION" in
 
     # HELP: logs: display dojo logs
     "logs")
-        journalctl -u pwn.college -f --no-tail
+        journalctl -u pwn.college.* -f --no-tail
         ;;
 
     # HELP: wait: wait for the dojo to finish starting
     "wait")
+        sleep 10
         dojo logs | while IFS= read -r line; do
             echo "$line"
             case "$line" in
@@ -142,15 +143,6 @@ case "$ACTION" in
         done
         ;;
 
-    # HELP: init: main entry point for the docker image
-    "init")
-        echo "[+] Initializing dojo."
-        dojo-init
-        echo "[+] Starting systemd. If this is the first start, the challenge container"
-        echo "    will be built, which will take a very long time."
-        exec /usr/bin/systemd
-        ;;
-
     # HELP: help: displays this help
     "help")
         echo "Usage: $0 COMMAND [ ARG ]"

dojo/dojo-init

@@ -1,5 +1,6 @@
 #!/bin/sh
 
+echo "[+] Checking /data mount properties..."
 data_mnt_opts="$(findmnt -n -o OPTIONS /data)"
 if [ "$?" -ne 0 ]; then
     echo '[!] Data mount does not exist. Please start the dojo with a data mount (`-v /data:/data`).'
@@ -65,12 +66,15 @@ define MAC_USERNAME
 define MAC_KEY_FILE
 define MAC_GUEST_CONTROL_FILE
 
+echo "[+] Sourcing config.env..."
 mv /data/.config.env /data/config.env
 . /data/config.env
 
+echo "[+] Creating workspace directories..."
 mkdir -p /data/workspace/nix
 mkdir -p /data/workspacefs/bin
 
+echo "[+] Configuring homes..."
 mkdir -p /data/homes
 if [ "$(findmnt -n -o FSTYPE /data/homes)" != "btrfs" ] && [ "$(findmnt -n -o FSTYPE /data)" != "btrfs" ]; then
     if [ ! -f /data/homes/btrfs.img ]; then
@@ -82,6 +86,7 @@ if [ "$(findmnt -n -o FSTYPE /data/homes)" != "btrfs" ] && [ "$(findmnt -n -o FS
 fi
 btrfs quota enable /data/homes
 
+echo "[+] Configuring ssh..."
 if [ ! -d /data/ssh_host_keys ]; then
     mkdir -p /data/ssh_host_keys
     rm /etc/ssh/ssh_host_*_key*
@@ -95,16 +100,20 @@ for file in $(ls /data/ssh_host_keys/*); do
     cp -a $file /etc/ssh
 done
 
+echo "[+] Configuring backup keys..."
 if [ ! -z ${BACKUP_AES_KEY_FILE+x} ] && [ ! -f ${BACKUP_AES_KEY_FILE} ]
 then
     openssl rand 214 > "${BACKUP_AES_KEY_FILE}"
 fi
 
+echo "[+] Setting kernel parameters..."
 sysctl -w kernel.pty.max=1048576
 echo core > /proc/sys/kernel/core_pattern
 
+echo "[+] Configuring dojo nodes..."
 dojo-node refresh
 
+echo "[+] Configuring firewalling..."
 iptables -N DOCKER-USER
 iptables -I DOCKER-USER -i workspace_net -j DROP
 for host in $(cat /opt/pwn.college/user_firewall.allowed); do

etc/systemd/system/pwn.college.init.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=pwn.college initialization service
+Before=docker.service
+Before=containerd.service
+Before=sysinit.target
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+WorkingDirectory=/opt/pwn.college
+ExecStart=/usr/bin/dojo-init
+
+[Install]
+WantedBy=sysinit.target

etc/systemd/system/pwn.college.service

@@ -2,6 +2,7 @@
 Description=pwn.college docker compose service
 Requires=docker.service
 After=docker.service
+After=pwn.college.init.service
 
 [Service]
 Type=oneshot