From 4a1e577d65bc0bcddaadcdf6003d8765e3941a26 Mon Sep 17 00:00:00 2001
From: Steven Foerster <sfoerster@gmail.com>
Date: Sun, 26 Apr 2020 06:11:47 +0000
Subject: [PATCH] Resolve "DNS issue on Ubuntu 20.04"

---
 .gitignore                              |  1 +
 .gitlab-ci.yml                          |  1 +
 .gitmodules                             |  3 +++
 README.md                               |  4 ++--
 base.yml                                | 16 +++++++++-------
 modules/mistborn-cli                    |  1 +
 scripts/env/setup.sh                    | 21 +++++++++++++++++++++
 scripts/install.sh                      | 11 ++++++++++-
 scripts/services/Mistborn-base.service  |  1 +
 scripts/services/Mistborn-setup.service | 10 ++++++++++
 scripts/subinstallers/docker.sh         |  3 +++
 scripts/subinstallers/docker_manual.sh  |  3 ---
 scripts/update.sh                       | 18 ++++++++++++++++--
 13 files changed, 78 insertions(+), 15 deletions(-)
 create mode 100644 .gitmodules
 create mode 160000 modules/mistborn-cli
 create mode 100755 scripts/env/setup.sh
 create mode 100644 scripts/services/Mistborn-setup.service

diff --git a/.gitignore b/.gitignore
index ea8c8cf..0baf21e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 compose/production/traefik/traefik.toml
 .envs/
+.env
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f56b619..03623c1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,6 +6,7 @@ services:
 variables:
   GIT_SUBMODULE_STRATEGY: "recursive"
   MISTBORN_DEFAULT_PASSWORD: "default_password"
+  MISTBORN_DNS_BIND_IP: "10.2.3.1"
   
 stages:
   - test
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..067e6f8
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "modules/mistborn-cli"]
+	path = modules/mistborn-cli
+	url = https://gitlab.com/cyber5k/mistborn-cli.git
diff --git a/README.md b/README.md
index d80a835..913f02c 100644
--- a/README.md
+++ b/README.md
@@ -57,7 +57,7 @@ sudo bash ./mistborn/scripts/install.sh
 Get default admin Wireguard profile
 *wait 1 minute after "Mistborn Installed" message*
 ```
-sudo docker-compose -f /opt/mistborn/base.yml run --rm django python manage.py getconf admin default
+sudo mistborn-cli getconf 
 ```
 
 Connect via Wireguard then visit `http://home.mistborn`
@@ -130,7 +130,7 @@ sudo journalctl -xfu Mistborn-base
 
 The default Wireguard configuration file for `admin` may be obtained via:
 ```
-sudo docker-compose -f /opt/mistborn/base.yml run --rm django python manage.py getconf admin default
+sudo mistborn-cli getconf 
 ```
 Please notice that the following lines are **NOT** part of the Wireguard config:
 ```
diff --git a/base.yml b/base.yml
index 422c966..19fd8a6 100644
--- a/base.yml
+++ b/base.yml
@@ -7,7 +7,7 @@ volumes:
 
 services:
   django:
-    image: cyber5k/mistborn:latest 
+    image: "cyber5k/mistborn:${MISTBORN_TAG}"
     container_name: mistborn_production_django
     depends_on:
       - postgres
@@ -60,7 +60,7 @@ services:
     restart: unless-stopped
 
   celeryworker:
-    image: cyber5k/mistborn:latest 
+    image: "cyber5k/mistborn:${MISTBORN_TAG}"
     container_name: mistborn_production_celeryworker
     volumes:
       - /home/mistborn/.ssh:/ssh
@@ -83,7 +83,7 @@ services:
     restart: unless-stopped
   
   celeryworker-low-priority:
-    image: cyber5k/mistborn:latest 
+    image: "cyber5k/mistborn:${MISTBORN_TAG}"
     container_name: mistborn_production_celeryworker_low_priority
     volumes:
       - /home/mistborn/.ssh:/ssh
@@ -106,7 +106,7 @@ services:
     restart: unless-stopped
 
   celerybeat:
-    image: cyber5k/mistborn:latest 
+    image: "cyber5k/mistborn:${MISTBORN_TAG}"
     container_name: mistborn_production_celerybeat
     env_file:
       - ./.envs/.production/.django
@@ -116,7 +116,7 @@ services:
     
 
   flower:
-    image: cyber5k/mistborn:latest 
+    image: "cyber5k/mistborn:${MISTBORN_TAG}"
     container_name: mistborn_production_flower
     env_file:
       - ./.envs/.production/.django
@@ -129,9 +129,11 @@ services:
   pihole:
    container_name: mistborn_production_pihole
    image: pihole/pihole:latest
+   env_file:
+     - /opt/mistborn_volumes/base/base.txt
    ports:
-     - "53:53/tcp"
-     - "53:53/udp"
+     - "${MISTBORN_DNS_BIND_IP}:53:53/tcp"
+     - "${MISTBORN_DNS_BIND_IP}:53:53/udp"
    labels:
       - "traefik.enable=true"
    environment:
diff --git a/modules/mistborn-cli b/modules/mistborn-cli
new file mode 160000
index 0000000..00986bc
--- /dev/null
+++ b/modules/mistborn-cli
@@ -0,0 +1 @@
+Subproject commit 00986bcb7f945c611d13099672b4fb1e2d0721f2
diff --git a/scripts/env/setup.sh b/scripts/env/setup.sh
new file mode 100755
index 0000000..6b03c5a
--- /dev/null
+++ b/scripts/env/setup.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+VAR_FILE=/opt/mistborn/.env
+
+source /opt/mistborn/scripts/subinstallers/platform.sh
+
+MISTBORN_DNS_BIND_IP="0.0.0.0"
+if [ "$DISTRO" == "ubuntu" ] && [ "$VERSION_ID" == "20.04" ]; then
+    MISTBORN_DNS_BIND_IP="10.2.3.1"
+fi
+
+echo "MISTBORN_DNS_BIND_IP=${MISTBORN_DNS_BIND_IP}" | sudo tee ${VAR_FILE}
+sudo chown mistborn:mistborn ${VAR_FILE}
+
+GIT_BRANCH=$(git -C /opt/mistborn symbolic-ref --short HEAD || echo "master")
+MISTBORN_TAG="latest"
+if [ "$GIT_BRANCH" != "master" ]; then
+    MISTBORN_TAG="test"
+fi
+
+echo "MISTBORN_TAG=$MISTBORN_TAG" | sudo tee -a ${VAR_FILE}
diff --git a/scripts/install.sh b/scripts/install.sh
index 6857ea7..cb73dbf 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -148,6 +148,10 @@ then
     source ./scripts/subinstallers/cockpit.sh
 fi
 
+# Mistborn-cli (pip3 installed by docker)
+figlet "Mistborn: Installing mistborn-cli"
+sudo pip3 install -e ./modules/mistborn-cli
+
 # Mistborn
 # final setup vars
 iface=$(ip -o -4 route show to default | egrep -o 'dev [^ ]*' | awk 'NR==1{print $2}')
@@ -165,6 +169,7 @@ fi
 sudo docker volume rm -f mistborn_production_postgres_data 2>/dev/null || true
 sudo docker volume rm -f mistborn_production_postgres_data_backups 2>/dev/null || true
 sudo docker volume rm -f mistborn_production_traefik 2>/dev/null || true
+sudo docker volume prune -f 2>/dev/null || true
 
 # generate production .env file
 if [ ! -d ./.envs/.production ]; then
@@ -207,6 +212,10 @@ source ./scripts/subinstallers/openssl.sh
 sudo rm -rf ../mistborn_volumes/base/tls
 sudo mv ./tls ../mistborn_volumes/base/
 
+# enable and run setup to generate .env
+sudo systemctl enable Mistborn-setup.service
+sudo systemctl start Mistborn-setup.service
+
 # Download docker images while DNS is operable
 sudo docker-compose -f base.yml pull || true
 sudo docker-compose -f base.yml build
@@ -240,4 +249,4 @@ popd
 
 figlet "Mistborn Installed"
 echo "Watch Mistborn start: sudo journalctl -xfu Mistborn-base"
-echo "Retrieve Wireguard default config for admin: sudo docker-compose -f /opt/mistborn/base.yml run --rm django python manage.py getconf admin default"
+echo "Retrieve Wireguard default config for admin: sudo mistborn-cli getconf" 
diff --git a/scripts/services/Mistborn-base.service b/scripts/services/Mistborn-base.service
index b1c52b5..a810c4a 100644
--- a/scripts/services/Mistborn-base.service
+++ b/scripts/services/Mistborn-base.service
@@ -9,6 +9,7 @@ User=root
 Group=docker
 PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
+EnvironmentFile=/opt/mistborn/.env
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down
 
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build
diff --git a/scripts/services/Mistborn-setup.service b/scripts/services/Mistborn-setup.service
new file mode 100644
index 0000000..9b83c71
--- /dev/null
+++ b/scripts/services/Mistborn-setup.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Mistborn Environment Setup
+Before=Mistborn-base.service
+
+[Service]
+Type=oneshot
+ExecStart=/opt/mistborn/scripts/env/setup.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/scripts/subinstallers/docker.sh b/scripts/subinstallers/docker.sh
index 1542207..b21d452 100755
--- a/scripts/subinstallers/docker.sh
+++ b/scripts/subinstallers/docker.sh
@@ -1,5 +1,8 @@
 #!/bin/bash
 
+# Docker
+figlet "Mistborn: Installing Docker"
+
 sudo apt update
 sudo apt install -y python python3-pip python3-setuptools libffi-dev python3-dev libssl-dev
 
diff --git a/scripts/subinstallers/docker_manual.sh b/scripts/subinstallers/docker_manual.sh
index 176aba9..9692109 100755
--- a/scripts/subinstallers/docker_manual.sh
+++ b/scripts/subinstallers/docker_manual.sh
@@ -1,8 +1,5 @@
 #!/bin/bash
 
-# Docker
-figlet "Mistborn: Installing Docker"
-
 # dependencies
 echo "Installing Docker dependencies"
 sudo apt-get install -y \
diff --git a/scripts/update.sh b/scripts/update.sh
index 8f3d639..049fbec 100755
--- a/scripts/update.sh
+++ b/scripts/update.sh
@@ -2,7 +2,21 @@
 
 set -e
 
-sudo docker-compose -f /opt/mistborn/base.yml pull
-sudo docker-compose -f /opt/mistborn/base.yml build
+sudo git -C /opt/mistborn pull
+sudo git -C /opt/mistborn submodule update --init --recursive
+
+# ensure mistborn-cli is installed
+sudo pip3 install -e /opt/mistborn/modules/mistborn-cli
+
+iface=$(ip -o -4 route show to default | egrep -o 'dev [^ ]*' | awk 'NR==1{print $2}')
+sudo cp /opt/mistborn/scripts/services/Mistborn* /etc/systemd/system/
+sudo find /etc/systemd/system/ -type f -name 'Mistborn*' | xargs sudo sed -i "s/User=root/User=mistborn/"
+sudo find /etc/systemd/system/ -type f -name 'Mistborn*' | xargs sudo sed -i "s/DIFACE/$iface/"
+
+sudo systemctl daemon-reload
+sudo systemctl enable Mistborn-setup.service
+sudo systemctl restart Mistborn-setup.service
+
+sudo mistborn-cli pullbuild
 
 sudo systemctl restart Mistborn-base