raspiblitz/home.admin/config.scripts/internet.sshtunnel.py

#!/usr/bin/python3

import sys, subprocess
from pathlib import Path

# display config script info
if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help":
    print("forward ports from another server to raspiblitz with reverse SSH tunnel")
    print("internet.sshtunnel.py [on|off] [USER]@[SERVER] [INTERNAL-PORT]:[EXTERNAL-PORT]")
    print("note that [INTERNAL-PORT]:[EXTERNAL-PORT] can one or multiple forwardings")
    sys.exit(1)

#
# CONSTANTS
#

SERVICENAME="autossh-tunnel.service"
SERVICEFILE="/etc/systemd/system/"+SERVICENAME
SERVICETEMPLATE="""# see config script internet.sshtunnel.py
[Unit]
Description=AutoSSH tunnel service
After=network.target

[Service]
User=root
Group=root
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -N -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" [PLACEHOLDER]
StandardOutput=journal

[Install]
WantedBy=multi-user.target
"""

#
# SWITCHING ON
#

if sys.argv[1] == "on":

    # check if already running
    already_running = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True)
    print(already_running)
    if str(already_running).count("enabled") > 0:
        print("already ON - run 'internet.sshtunnel.py off' first")
        sys.exit(1)

    # check server address
    ssh_server = sys.argv[2]
    if ssh_server.count("@") != 1:
        print("[USER]@[SERVER] wrong - use 'internet.sshtunnel.py -h' for help")
        sys.exit(1)

    # check minimal forwardings
    if len(sys.argv) < 4:
        print("[INTERNAL-PORT]:[EXTERNAL-PORT] missing - run 'internet.sshtunnel.py off' first")
        sys.exit(1)

    # genenate additional parameter for autossh (forwarding ports)
    additional_parameters=""
    i = 3
    while i < len(sys.argv):

        # check forwarding format
        if sys.argv[i].count(":") != 1:
            print("[INTERNAL-PORT]:[EXTERNAL-PORT] wrong format '%s'" % (sys.argv[i]))
            sys.exit(1)

        # get ports
        ports = sys.argv[i].split(":")
        port_internal = ports[0]
        port_external = ports[1]
        if port_internal.isdigit() == False:
            print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] internal not number '%s'" % (sys.argv[i]))
            sys.exit(1)
        if port_external.isdigit() == False:
            print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] external not number '%s'" % (sys.argv[i]))
            sys.exit(1) 

        additional_parameters= additional_parameters + "-R %s:localhost:%s " % (port_external,port_internal)
        i=i+1

    # genenate additional parameter for autossh (server)
    additional_parameters= additional_parameters + ssh_server

    # generate custom service config
    service_data = SERVICETEMPLATE.replace("[PLACEHOLDER]", additional_parameters)

    # DEBUG exit
    print("****** SERVICE ******")
    print(service_data)
    sys.exit(0)

    # write service file
    service_file = open(SERVICEFILE, "w")
    service_file.write(service_data)
    service_file.close()

    # enable service
    print(f"*** Enabling systemd service: {{SERVICENAME}}")
    subprocess.call(f"systemctl daemon-reload", shell=True)
    #subprocess.call(f"systemctl enable {SERVICENAME}", shell=True)
    print()

    # final info (can be ignored if run by other script)
    print(f"*** OK - SSH TUNNEL SERVICE STARTED ***")
    print(f"- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of {} ")
    print(f"- Tunnel service needs final reboot to start.")
    #print(f"- After reboot check logs: sudo journalctl -f -u {SERVICENAME}")

#
# SWITCHING OFF
#

elif sys.argv[1] == "off":

    # check if already disabled
    #alreadyRunning = subprocess.check_output(f"systemctl is-enabled {SERVICENAME}" ,shell=True, universal_newlines=True)
    #if str(alreadyRunning).count("enabled") == 0:
    #    print("Was already OFF")
    #    sys.exit(0)

    print ("TODO: Switch OFF")

#
# UNKOWN PARAMETER
#

else:
    print ("unkown parameter - use 'internet.sshtunnel.py -h' for help")