launch-vpn-client

#! /bin/bash

IMAGE_PATH=                  # singularity image to run. set with --image
NAME_MAX_TRIES=10            # number of attempts to find a unique name for the instance --max-tries
SINGULARITY=singularity      # assume singularity is in path, otherwise specify with --singularity
VPN_SERVER=                  # vpn server to connect to. set with --vpn-server
SERVERPIN=                   # sha256 pin of the vpn server
VPN_MODE=auto                # auto or ns or socks
START_CLIENT=yes             # should start client connection automatically
SOCKS_PORT=11080
SIN_HOME=/srv

show_help () {
    echo "$0 [options] -- CMD ARG ARG ..."
    echo "required options are:"
    echo "  --image  IMAGEPATH       Path to the singularity image to execute. (Required.)"
    echo "  --server SERVER          VPN server to connect to. (Required.)"
    echo "  --servercert SERVERPIN   Server pin, of the form: pin-sha256:XXXX...= (Required)"
    echo "  --user USER              Username for VPN server login. (Required.)" 
    echo "  --passwd PASSWD          Password for VPN server login. (Required.)" 
    echo ""
    echo "other options are:"
    echo "  --max-tries N            Maximum number of attempts to find a valid instance name. (Default: $NAME_MAX_TRIES)"
    echo "  --vpn-mode auto|ns|socks ns:    create virtually network interface"
    echo "                           socks: use a socks5 server"
    echo "                           auto:  try ns and fallback to socks. (Default: auto)"
    echo "  --singularity PATH       Path to the singularity executable. (Default: $SINGULARITY)"
    echo "  --socks-port PORT        Port for the socks5 server (Default $SOCKS_PORT)"
    echo "  --start-client yes|no    Whether to start client on startup. If no, it can"
    echo "                           be started with: source /etc/cms-vpn/vpn-client-start.sh"
    echo ""
    echo "  CMD ARG ...:             Command and args to execute inside the container."
    echo "                           Must be specified last after: --"
}

start_instance () {
    while [[ "${NAME_MAX_TRIES}" -gt 0 ]]
    do
        NAME_MAX_TRIES=$((NAME_MAX_TRIES-1))
        CANDIDATE=ins-${RANDOM}
        if ${SINGULARITY} instance start --home $(pwd):${SIN_HOME} --bind $(pwd):$(pwd) ${IMAGE_PATH} ${CANDIDATE}
        then
            INSTANCE_NAME=${CANDIDATE}
            return 0
        fi
        echo $CANDIDATE
    done

    echo "Could not find a unique name for the instance."
    exit 1
}

cleanup () {
    if [[ -n "${INSTANCE_NAME}" ]]
    then
        ${SINGULARITY} instance stop ${INSTANCE_NAME}
    fi
}
trap cleanup EXIT

# parse arguments
while [[ $# -gt 0 ]]
do
    arg="$1"
    case "${arg}" in
        --image)
            shift
            IMAGE_PATH="$1"
            ;;
        --max-tries)
            shift
            NAME_MAX_TRIES="$1"
            ;;
        --singularity)
            shift
            SINGULARITY="$1"
            ;;
        --vpn-mode)
            shift
            VPN_MODE="$1"
            ;;
        --start-client)
            shift
            START_CLIENT="$1"
            ;;
        --server)
            shift
            VPN_SERVER="$1"
            ;;
        --servercert)
            shift
            SERVERPIN="$1"
            ;;
        --user)
            shift
            VPN_USER="$1"
            ;;
        --passwd)
            shift
            VPN_PASSWD="$1"
            ;;
        --socks-port)
            shift
            SOCKS_PORT="$1"
            ;;
        --help)
            show_help
            exit 0
            ;;
        --)
            # Rest is taken as the command to execute.
            shift
            break
            ;;
        *)
            echo "Unrecognized option: $arg"
            show_help
            exit 1
            ;;
    esac
    shift
done

missing_arg=no
if [[ -z "${IMAGE_PATH}" ]]
then
    echo "Missing --image option."
    missing_arg=yes
fi

if [[ -z "${VPN_SERVER}" ]]
then
    echo "Missing --server option."
    missing_arg=yes
fi

if [[ -z "${SERVERPIN}" ]]
then
    echo "Missing --servercert option."
    missing_arg=yes
fi

if [[ -z "${VPN_USER}" ]]
then
    echo "Missing --user option."
    missing_arg=yes
fi

if [[ -z "${VPN_PASSWD}" ]]
then
    echo "Missing --passwd option."
    missing_arg=yes
fi

if [[ "$missing_arg" = yes ]]
then
    show_help
    exit 1
fi

if [[ $# = 0 ]]
then
    # use /bin/bash as the default command to execute
    set /bin/bash
fi

start_instance

export VPN_SERVER
export SERVERPIN
export VPN_MODE
export SOCKS_PORT
export SIN_HOME

# Warning: Only for testing. To do: Find better way to communicate credentials to clients.
export VPN_USER
export VPN_PASSWD

if [[ "${START_CLIENT}" = yes ]]
then
    ${SINGULARITY} run instance://${INSTANCE_NAME} /etc/cms-vpn/vpn-client-start.sh "$@"
else
    echo "Not starting vpn client as requested. Ignoring COMMAND."
    echo "To activate vpn client use: /etc/cms-vpn/vpn-client-start.sh COMMAND"

    ${SINGULARITY} run instance://${INSTANCE_NAME} /bin/bash
fi