now starts webserver in goroutine, can now (in theory) listen on SSL
ci/woodpecker/push/woodpecker Pipeline failed Details

why
Johannes Bülow 2024-01-29 16:45:51 +01:00
parent a6df7487b0
commit d8e9d7a738
Signed by untrusted user who does not match committer: jmb
GPG Key ID: B56971CF7B8F83A6
7 changed files with 54 additions and 25 deletions

3
Vagrantfile vendored
View File

@ -93,10 +93,11 @@ Vagrant.configure("2") do |config|
# OS # OS
apt-get update apt-get update
apt-get upgrade -y apt-get upgrade -y
apt-get install -y vim curl git wget qemu-guest-agent apt-get install -y vim curl git wget qemu-guest-agent make-ssl-cert
apt-get install -y nfs-common podman pwgen open-vm-tools make gcc libgpgme-dev apt-get install -y nfs-common podman pwgen open-vm-tools make gcc libgpgme-dev
apt-get install -y build-essential pkgconf pkgconf-bin libdevmapper-dev libbtrfs-dev apt-get install -y build-essential pkgconf pkgconf-bin libdevmapper-dev libbtrfs-dev
echo "export EDITOR=vim" >> /etc/profile echo "export EDITOR=vim" >> /etc/profile
make-ssl-cert generate-default-snakeoil
useradd -r -s /bin/false podterminal useradd -r -s /bin/false podterminal
## NEOVIM ## NEOVIM

View File

@ -14,3 +14,8 @@ image: lscr.io/linuxserver/webtop
maxage: 10800 maxage: 10800
# Port Podterminal should listen to # Port Podterminal should listen to
port: 80 port: 80
# Files that will be copied into container on startup
skel: /etc/podterminal/skel/
ssl: false
ssl_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_cert_key: /etc/ssl/private/ssl-cert-snakeoil.key

33
main.go
View File

@ -2,45 +2,48 @@ package main
import ( import (
"log" "log"
"net"
"os" "os"
"github.com/spf13/viper" "github.com/spf13/viper"
"golang.org/x/sync/errgroup"
"git.jmbit.de/jmb/podterminal/pods" "git.jmbit.de/jmb/podterminal/pods"
"git.jmbit.de/jmb/podterminal/utils" "git.jmbit.de/jmb/podterminal/utils"
"git.jmbit.de/jmb/podterminal/web" "git.jmbit.de/jmb/podterminal/web"
) )
var (
g errgroup.Group
)
func main() { func main() {
readConfigFile() readConfigFile()
laddr := &net.TCPAddr{
IP: net.IPv4zero,
Port: viper.GetInt("port"),
}
log.Println("Binding Port ", viper.GetInt("port"))
listener, err := net.ListenTCP("tcp", laddr)
if err != nil {
log.Fatalln("could not bind to port ", viper.GetInt("port"), ": ", err)
}
pods.ConnectSocket() pods.ConnectSocket()
// Dumm, ich weiß
// Start Webserver
g.Go(web.Run)
utils.DropPrivileges("podterminal") utils.DropPrivileges("podterminal")
log.Println("Dropped Privileges") log.Println("Dropped Privileges")
pods.PullImage() g.Go(pods.GarbageCollector)
// Jank g.Go(pods.PullImage)
go pods.GarbageCollector()
web.Run(listener) // prevent main thread from dying
if err := g.Wait(); err != nil {
log.Fatal(err)
}
} }
func readConfigFile() { func readConfigFile() {
log.Println("Reading Config") log.Println("Reading Config")
viper.SetConfigFile("/etc/podterminal/config.yaml") viper.SetConfigFile("/etc/podterminal/config.yaml")
viper.SetDefault("port", 80) viper.SetDefault("port", 80)
viper.SetDefault("ip_addr", "0.0.0.0")
viper.SetDefault("image", "lscr.io/linuxserver/webtop") viper.SetDefault("image", "lscr.io/linuxserver/webtop")
viper.SetDefault("maxAge", 10800) viper.SetDefault("maxAge", 10800)
viper.SetDefault("dri", false) viper.SetDefault("dri", false)
viper.SetDefault("dir_node", "/dev/dri/renderD128") viper.SetDefault("dir_node", "/dev/dri/renderD128")
viper.SetDefault("skel", "/etc/podterminal/skel")
viper.SetDefault("envvars", viper.SetDefault("envvars",
map[string]string{ map[string]string{
"CUSTOM_USER": "user", "CUSTOM_USER": "user",

View File

@ -4,9 +4,12 @@ import (
"time" "time"
) )
func GarbageCollector() { func GarbageCollector() error {
for { for {
Cleanup() err := Cleanup()
if err != nil {
return err
}
time.Sleep(time.Minute * 10) time.Sleep(time.Minute * 10)
} }
} }

View File

@ -31,18 +31,20 @@ func ConnectSocket() {
Socket = socketConnection() Socket = socketConnection()
} }
func PullImage() { func PullImage() error {
log.Println("Downloading Container image ", viper.GetString("image")) log.Println("Downloading Container image ", viper.GetString("image"))
image := viper.GetString("image") image := viper.GetString("image")
conn := Socket conn := Socket
_, err := images.Pull(conn, image, nil) _, err := images.Pull(conn, image, nil)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return err
} }
return nil
} }
// Cleanup deletes Containers older than the specified maximum Age (Equal to session cookie maximum age) // Cleanup deletes Containers older than the specified maximum Age (Equal to session cookie maximum age)
func Cleanup() { func Cleanup() error {
log.Println("Starting cleanup function") log.Println("Starting cleanup function")
containerList := containerList() containerList := containerList()
@ -55,13 +57,16 @@ func Cleanup() {
err := containers.Kill(Socket, container.ID, nil) err := containers.Kill(Socket, container.ID, nil)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return err
} }
_, err = containers.Remove(Socket, container.ID, nil) _, err = containers.Remove(Socket, container.ID, nil)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return err
} }
} }
} }
return nil
} }
func containerList() []entities.ListContainer { func containerList() []entities.ListContainer {

View File

@ -4,7 +4,7 @@ After=podman.service
[Service] [Service]
ExecStart=/usr/local/bin/podterminal ExecStart=/usr/local/bin/podterminal
Type=Simple Type=simple
Restart=on-failure Restart=on-failure
DeviceAllow=/dev/dri/renderD128 DeviceAllow=/dev/dri/renderD128
ProtectKernelModules=true ProtectKernelModules=true

View File

@ -3,7 +3,6 @@ package web
import ( import (
"fmt" "fmt"
"log" "log"
"net"
"net/http/httputil" "net/http/httputil"
"net/url" "net/url"
"time" "time"
@ -19,9 +18,22 @@ import (
var proxies = make(map[string]*httputil.ReverseProxy) var proxies = make(map[string]*httputil.ReverseProxy)
func Run(listener net.Listener) error { func Run() error {
router := setupRouter() router := setupRouter()
err := router.RunListener(listener) address := fmt.Sprintf("%s:%d", viper.GetString("ip_addr"), viper.GetInt("port"))
log.Println("Listening on address", address)
var err error
if viper.GetBool("ssl") == true {
err = router.RunTLS(
address,
viper.GetString("ssl_cert"),
viper.GetString("ssl_cert_key"),
)
log.Println("Using SSL")
} else {
err = router.Run(address)
}
log.Println("Router is ready")
if err != nil { if err != nil {
return err return err
} }
@ -42,7 +54,6 @@ func setupRouter() *gin.Engine {
//router.Use(urlLog()) //router.Use(urlLog())
router.Use(containerProxy) router.Use(containerProxy)
// router.Any("/", containerProxy) // router.Any("/", containerProxy)
log.Println("Router is ready")
return router return router
} }
@ -79,6 +90,7 @@ func createReverseProxy(backendService string) (*httputil.ReverseProxy, error) {
func containerProxy(c *gin.Context) { func containerProxy(c *gin.Context) {
session := sessions.Default(c) session := sessions.Default(c)
session.Save()
sessionID := session.ID() sessionID := session.ID()
if session.Get("ct") == nil { if session.Get("ct") == nil {
log.Println("Creating Container for Session ", sessionID) log.Println("Creating Container for Session ", sessionID)