ab/homelab
1
1
Fork 1
Code Issues Pull Requests 109 Actions Packages Wiki Activity

Added amnezia exporter
Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s
Details
Check with kubeconform / lint (push) Successful in 7s
Details
Auto-update README / Generate README and Create MR (push) Successful in 11s
Details

Browse Source
This commit is contained in:
Ultradesu
2026-06-29 20:46:07 +03:00
parent 976ea1fbe1
commit 67104123a5
7 changed files with 273 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
k8s/apps/amnezia/configmap-scripts.yaml
+102 -6
View File
@@ -128,6 +128,9 @@ data:
SERVER_CONFIG="/etc/amnezia/server/awg0.conf"
CLIENTS_DIR="/etc/amnezia/clients"
RUNTIME_CONFIG="/run/amnezia/awg0.conf"
SYNC_CONFIG="/run/amnezia/awg0.sync.conf"
STATUS_FILE="/run/amnezia/reload-status"
RELOAD_INTERVAL="${AMNEZIAWG_RELOAD_INTERVAL:-10}"
cleanup() {
if awg show awg0 >/dev/null 2>&1; then
@@ -137,32 +140,125 @@ data:
render_config() {
mkdir -p "$(dirname "${RUNTIME_CONFIG}")"
cp "${SERVER_CONFIG}" "${RUNTIME_CONFIG}"
chmod 0600 "${RUNTIME_CONFIG}"
local tmp_config="${RUNTIME_CONFIG}.tmp"
cp "${SERVER_CONFIG}" "${tmp_config}"
chmod 0600 "${tmp_config}"
local clients_found=0
for client_config in "${CLIENTS_DIR}"/*; do
[ -f "${client_config}" ] || continue
[ -s "${client_config}" ] || continue
printf '\n' >> "${RUNTIME_CONFIG}"
cat "${client_config}" >> "${RUNTIME_CONFIG}"
printf '\n' >> "${tmp_config}"
cat "${client_config}" >> "${tmp_config}"
clients_found=1
done
if [ "${clients_found}" = "0" ]; then
echo "No client peer configs found in ${CLIENTS_DIR}; starting without peers"
fi
mv "${tmp_config}" "${RUNTIME_CONFIG}"
chmod 0600 "${RUNTIME_CONFIG}"
}
client_config_hash() {
{
for client_config in "${CLIENTS_DIR}"/*; do
[ -f "${client_config}" ] || continue
sha256sum "${client_config}"
done
} | sha256sum | awk '{print $1}'
}
write_reload_status() {
local state="${1}"
local hash="${2:-}"
local applied_at_ms=""
if [ "${state}" = "applied" ]; then
applied_at_ms="$(($(date +%s) * 1000))"
fi
mkdir -p "$(dirname "${STATUS_FILE}")"
{
printf 'state=%s\n' "${state}"
printf 'hash=%s\n' "${hash}"
printf 'applied_at_ms=%s\n' "${applied_at_ms}"
} > "${STATUS_FILE}.tmp"
mv "${STATUS_FILE}.tmp" "${STATUS_FILE}"
}
apply_live_config() {
render_config
awg-quick strip "${RUNTIME_CONFIG}" > "${SYNC_CONFIG}"
chmod 0600 "${SYNC_CONFIG}"
awg syncconf awg0 "${SYNC_CONFIG}"
}
watch_client_config() {
local last_hash="${1}"
while true; do
sleep "${RELOAD_INTERVAL}" &
wait "$!" || return 0
local current_hash
current_hash="$(client_config_hash)"
if [ "${current_hash}" = "${last_hash}" ]; then
continue
fi
echo "Detected AmneziaWG client peer config change; applying with awg syncconf"
if apply_live_config; then
last_hash="${current_hash}"
write_reload_status applied "${current_hash}"
awg show awg0 || true
else
echo "ERROR: failed to hot-reload AmneziaWG client peer config" >&2
write_reload_status error "${current_hash}"
fi
done
}
trap cleanup EXIT
trap 'exit 0' TERM INT
initial_hash="$(client_config_hash)"
render_config
cleanup
awg-quick up "${RUNTIME_CONFIG}"
awg show awg0 || true
write_reload_status applied "${initial_hash}"
watch_client_config "${initial_hash}"
status-patch.sh: |
#!/usr/bin/env bash
set -euo pipefail
STATUS_FILE="/run/amnezia/reload-status"
PATCH_INTERVAL="${AMNEZIAWG_STATUS_PATCH_INTERVAL:-5}"
NAMESPACE="${POD_NAMESPACE:-$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)}"
: "${POD_NAME:?POD_NAME is required}"
last_file_hash=""
patch_status() {
local state="unknown"
local hash=""
local applied_at_ms=""
# The file is generated by run.sh and contains only shell assignments.
# shellcheck disable=SC1090
source "${STATUS_FILE}"
kubectl patch pod "${POD_NAME}" -n "${NAMESPACE}" --type merge -p "{\"metadata\":{\"annotations\":{\"amnezia-fellow.hexor.cy/client-secret-reload-status\":\"${state}\",\"amnezia-fellow.hexor.cy/client-secret-applied-at-ms\":\"${applied_at_ms}\",\"amnezia-fellow.hexor.cy/client-secret-applied-hash\":\"${hash}\"}}}"
}
while true; do
sleep 3600 &
wait "$!"
if [ -f "${STATUS_FILE}" ]; then
file_hash="$(sha256sum "${STATUS_FILE}" | awk '{print $1}')"
if [ "${file_hash}" != "${last_file_hash}" ]; then
patch_status || true
last_file_hash="${file_hash}"
fi
fi
sleep "${PATCH_INTERVAL}"
done