diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 146c478f3..007b6735d 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -1,7 +1,8 @@ #!/usr/bin/python3 -import sys, subprocess, re -from pathlib import Path +import re +import subprocess +import sys # IDEA: At the momemt its just Reverse-SSh Tunnels thats why [INTERNAL-PORT]<[EXTERNAL-PORT] # For the future also just local ssh tunnels could be added with [INTERNAL-PORT]-[EXTERNAL-PORT] @@ -19,9 +20,9 @@ if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help": # sudo journalctl -f -u autossh-tunnel # -SERVICENAME="autossh-tunnel.service" -SERVICEFILE="/etc/systemd/system/"+SERVICENAME -SERVICETEMPLATE="""# see config script internet.sshtunnel.py +SERVICE_NAME = "autossh-tunnel.service" +SERVICE_FILE = "/etc/systemd/system/" + SERVICE_NAME +SERVICE_TEMPLATE = """# see config script internet.sshtunnel.py [Unit] Description=AutoSSH tunnel service After=network.target @@ -38,35 +39,22 @@ WantedBy=multi-user.target """ # get LND port form lnd.conf -LNDPORT = subprocess.getoutput("sudo cat /mnt/hdd/lnd/lnd.conf | grep '^listen=*' | cut -f2 -d':'") -if len(LNDPORT) == 0: - LNDPORT="9735" +LND_PORT = subprocess.getoutput("sudo cat /mnt/hdd/lnd/lnd.conf | grep '^listen=*' | cut -f2 -d':'") +if len(LND_PORT) == 0: + LND_PORT = "9735" - -# -# RESTORE = SWITCHING ON with restore flag on -# on restore other external scripts dont need calling -# - -forwardingLND = False -restoringOnUpdate = False -if sys.argv[1] == "restore": - print("internet.sshtunnel.py -> running with restore flag") - sys.argv[1] = "on" - restoringOnUpdate = True - -# +####################### # SWITCHING ON -# - -if sys.argv[1] == "on": +####################### +def on(restore_on_update=False): + forwarding_lnd = False # check if already running - isRunning = subprocess.getoutput("sudo systemctl --no-pager | grep -c '%s'" % (SERVICENAME)) - if int(isRunning) > 0: - print("SSH TUNNEL SERVICE IS RUNNING - run 'internet.sshtunnel.py off' first to set new tunnel") - sys.exit(1) + is_running = subprocess.getoutput("sudo systemctl --no-pager | grep -c '{}'".format(SERVICE_NAME)) + if int(is_running) > 0: + print("SSH TUNNEL SERVICE IS RUNNING - run 'internet.sshtunnel.py off' first to set new tunnel") + sys.exit(1) # check server address if len(sys.argv) < 3: @@ -85,13 +73,14 @@ if sys.argv[1] == "on": ssh_server_port = ssh_server_split[1] else: print("[USER]@[SERVER:PORT] wrong - use 'internet.sshtunnel.py -h' for help") + sys.exit(1) - # genenate additional parameter for autossh (forwarding ports) + # generate additional parameter for autossh (forwarding ports) if len(sys.argv) < 4: print("[INTERNAL-PORT]<[EXTERNAL-PORT] missing") sys.exit(1) - ssh_ports="" - additional_parameters="" + ssh_ports = "" + additional_parameters = "" i = 3 while i < len(sys.argv): @@ -101,101 +90,108 @@ if sys.argv[1] == "on": sys.exit(1) # get ports - sys.argv[i] = re.sub('"','', sys.argv[i] ) + sys.argv[i] = re.sub('"', '', sys.argv[i]) ports = sys.argv[i].split("<") port_internal = ports[0] port_external = ports[1] - if port_internal.isdigit() == False: + if not port_internal.isdigit(): print("[INTERNAL-PORT]<[EXTERNAL-PORT] internal not number '%s'" % (sys.argv[i])) sys.exit(1) - if port_external.isdigit() == False: + if not port_external.isdigit(): print("[INTERNAL-PORT]<[EXTERNAL-PORT] external not number '%s'" % (sys.argv[i])) - sys.exit(1) - if port_internal == LNDPORT: + sys.exit(1) + if port_internal == LND_PORT: print("Detected LND Port Forwarding") - forwardingLND = True + forwarding_lnd = True if port_internal != port_external: - print("FAIL: When tunneling your local LND port '%s' it needs to be the same on the external server, but is '%s'" % (LNDPORT, port_external)) - print("Try again by using the same port. If you cant change the external port, change local LND port with: /home/admin/config.scripts/lnd.setport.sh") + print("FAIL: When tunneling your local LND port " + "'{}' it needs to be the same on the external server, but is '{}'".format(LND_PORT, + port_external)) + print( + "Try again by using the same port. If you cant change the external port, " + "change local LND port with: /home/admin/config.scripts/lnd.setport.sh") sys.exit(1) ssh_ports = ssh_ports + "\"%s\" " % (sys.argv[i]) - additional_parameters= additional_parameters + "-R %s:localhost:%s " % (port_external, port_internal) + additional_parameters = additional_parameters + "-R %s:localhost:%s " % (port_external, port_internal) i = i + 1 - # genenate additional parameter for autossh (server) + # generate additional parameter for autossh (server) ssh_ports = ssh_ports.strip() - additional_parameters = additional_parameters + "-p " + ssh_server_port + " " + ssh_server_host + additional_parameters = additional_parameters + "-p " + ssh_server_port + " " + ssh_server_host # generate custom service config - service_data = SERVICETEMPLATE.replace("[PLACEHOLDER]", additional_parameters) + service_data = SERVICE_TEMPLATE.replace("[PLACEHOLDER]", additional_parameters) # debug print out service print() - print("*** New systemd service: %s" % (SERVICENAME)) + print("*** New systemd service: {}".format(SERVICE_NAME)) print(service_data) # write service file service_file = open("/home/admin/temp.service", "w") service_file.write(service_data) service_file.close() - subprocess.call("sudo mv /home/admin/temp.service %s" % (SERVICEFILE), shell=True) + subprocess.call("sudo mv /home/admin/temp.service {}".format(SERVICE_FILE), shell=True) # check if SSH keys for root user need to be created print() print("*** Checking root SSH pub keys") - ssh_pubkey="" try: ssh_pubkey = subprocess.check_output("sudo cat /root/.ssh/id_rsa.pub", shell=True, universal_newlines=True) print("OK - root id_rsa.pub file exists") - except subprocess.CalledProcessError as e: + except subprocess.CalledProcessError: print("Generating root SSH keys ...") - subprocess.call("sudo sh -c 'yes y | sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N \"\"'", shell=True) + subprocess.call("sudo sh -c 'yes y | sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N \"\"'", + shell=True) ssh_pubkey = subprocess.check_output("sudo cat /root/.ssh/id_rsa.pub", shell=True, universal_newlines=True) - + # copy SSH keys for backup (for update with new sd card) print("making backup copy of SSH keys") subprocess.call("sudo cp -r /root/.ssh /mnt/hdd/ssh/root_backup", shell=True) print("DONE") - + # write ssh tunnel data to raspiblitz config (for update with new sd card) print("*** Updating RaspiBlitz Config") with open('/mnt/hdd/raspiblitz.conf') as f: file_content = f.read() if file_content.count("sshtunnel=") == 0: - file_content = file_content+"\nsshtunnel=''" + file_content = file_content + "\nsshtunnel=''" file_content = re.sub("sshtunnel=.*", "sshtunnel='%s %s'" % (ssh_server, ssh_ports), file_content) - if restoringOnUpdate == False: - serverdomain=ssh_server.split("@")[1] - ssh_server = serverdomain + if not restore_on_update: + server_domain = ssh_server.split("@")[1] + + ssh_server = server_domain if ssh_server.count(":") == 0: ssh_server_host = ssh_server - ssh_server_port = "22" + ssh_server_port = "22" # ToDo(frennkie) this is not used elif ssh_server.count(":") == 1: ssh_server_split = ssh_server.split(":") ssh_server_host = ssh_server_split[0] - ssh_server_port = ssh_server_split[1] + ssh_server_port = ssh_server_split[1] # ToDo(frennkie) this is not used else: print("syntax error!") sys.exit(1) - # make sure serverdomain is set as tls alias + # make sure server_domain is set as tls alias print("Setting server as tls alias") - oldConfigHash=subprocess.getoutput("sudo shasum -a 256 /mnt/hdd/lnd/lnd.conf") + old_config_hash = subprocess.getoutput("sudo shasum -a 256 /mnt/hdd/lnd/lnd.conf") subprocess.call("sudo sed -i \"s/^#tlsextradomain=.*/tlsextradomain=/g\" /mnt/hdd/lnd/lnd.conf", shell=True) - subprocess.call("sudo sed -i \"s/^tlsextradomain=.*/tlsextradomain=%s/g\" /mnt/hdd/lnd/lnd.conf" % (ssh_server_host), shell=True) - newConfigHash=subprocess.getoutput("sudo shasum -a 256 /mnt/hdd/lnd/lnd.conf") - if oldConfigHash != newConfigHash: + subprocess.call( + "sudo sed -i \"s/^tlsextradomain=.*/tlsextradomain={}/g\" /mnt/hdd/lnd/lnd.conf".format(ssh_server_host), + shell=True) + new_config_hash = subprocess.getoutput("sudo shasum -a 256 /mnt/hdd/lnd/lnd.conf") + if old_config_hash != new_config_hash: print("lnd.conf changed ... generating new TLS cert") - subprocess.call(sudo /home/admin/config.scripts/lnd.tlscert.sh refresh", shell=True) + subprocess.call("sudo /home/admin/config.scripts/lnd.tlscert.sh refresh", shell=True) else: print("lnd.conf unchanged... keep TLS cert") - if forwardingLND: + if forwarding_lnd: # setting server explicitly on LND if LND port is forwarded print("Setting fixed address for LND with raspiblitz lndAddress") - file_content = re.sub("lndAddress=.*", "lndAddress='%s'" % (ssh_server_host), file_content) + file_content = re.sub("lndAddress=.*", "lndAddress='{}'".format(ssh_server_host), file_content) else: print("No need to set fixed address for LND with raspiblitz lndAddress") file_content = "".join([s for s in file_content.splitlines(True) if s.strip("\r\n")]) + "\n" @@ -209,12 +205,12 @@ if sys.argv[1] == "on": print() print("*** Install autossh") subprocess.call("sudo apt-get install -y autossh", shell=True) - + # enable service print() - print("*** Enabling systemd service: %s" % (SERVICENAME)) + print("*** Enabling systemd service: {}".format(SERVICE_NAME)) subprocess.call("sudo systemctl daemon-reload", shell=True) - subprocess.call("sudo systemctl enable %s" % (SERVICENAME), shell=True) + subprocess.call("sudo systemctl enable {}".format(SERVICE_NAME), shell=True) # final info (can be ignored if run by other script) print() @@ -224,22 +220,21 @@ if sys.argv[1] == "on": print("See chapter 'How to setup port-forwarding with a SSH tunnel?' in:") print("https://github.com/rootzoll/raspiblitz/blob/master/FAQ.md") print("- Tunnel service needs final reboot to start.") - print("- After reboot check logs: sudo journalctl -f -u %s" % (SERVICENAME)) - print("- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of %s:" % (ssh_server_host)) + print("- After reboot check logs: sudo journalctl -f -u {}".format(SERVICE_NAME)) + print("- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of {}:".format(ssh_server_host)) print(ssh_pubkey) print() -# + +####################### # SWITCHING OFF -# - -elif sys.argv[1] == "off": - - print("*** Disabling systemd service: %s" % (SERVICENAME)) - subprocess.call("sudo systemctl stop %s" % (SERVICENAME), shell=True) - subprocess.call("sudo systemctl disable %s" % (SERVICENAME), shell=True) +####################### +def off(): + print("*** Disabling systemd service: {}".format(SERVICE_NAME)) + subprocess.call("sudo systemctl stop {}".format(SERVICE_NAME), shell=True) + subprocess.call("sudo systemctl disable {}".format(SERVICE_NAME), shell=True) subprocess.call("sudo systemctl reset-failed", shell=True) - subprocess.call("sudo rm %s" % (SERVICEFILE), shell=True) + subprocess.call("sudo rm {}".format(SERVICE_FILE), shell=True) subprocess.call("sudo systemctl daemon-reload", shell=True) print("OK Done") print() @@ -258,9 +253,22 @@ elif sys.argv[1] == "off": text_file.write(file_content) print("OK Done") -# -# UNKOWN PARAMETER -# -else: - print ("unkown parameter - use 'internet.sshtunnel.py -h' for help") +def main(): + if sys.argv[1] == "restore": + print("internet.sshtunnel.py -> running with restore flag") + on(restore_on_update=True) + + elif sys.argv[1] == "on": + on() + + elif sys.argv[1] == "off": + off() + + else: + # UNKNOWN PARAMETER + print("unknown parameter - use 'internet.sshtunnel.py -h' for help") + + +if __name__ == '__main__': + main()