Skip to content

Commit

Permalink
add group membership setting for sqlite db
Browse files Browse the repository at this point in the history
  • Loading branch information
@rtertiaer
rtertiaer committed Jun 11, 2024
1 parent bf41cf0 commit e526e96
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 6 deletions.
6 changes: 6 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,12 @@ pip install -r requirements.txt

### `device`

Create a `support` group. Certain functions require root, like opening a wireguard device. Others don't. We use a `support` group for the backing SQLite database to share this between both contexts. For any non-root user calling these services, add them to this group.

```
groupadd support
```

Request a tunnel on your `device`. If you are a Micro-Nova employee, this is more or less what the updater does when you press the "Request support tunnel" button.

```
Expand Down
26 changes: 20 additions & 6 deletions device/models.py
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,17 @@
import os
import stat
import logging
import datetime
import common.tunnel
import common.models

from os import getenv
from sqlmodel import Field, SQLModel, create_engine
from grp import getgrnam
from pydantic import UUID4
from typing import Optional
from ipaddress import IPv4Address, IPv4Network
from wireguard_tools import WireguardKey
from sqlalchemy.types import Text

from wireguard_tools import WireguardKey
from ipaddress import IPv4Address, IPv4Network
from sqlmodel import Field, SQLModel, create_engine

class DeviceTunnel(SQLModel, table=True):
""" Represents the database table on a device, where each row
Expand Down Expand Up @@ -60,7 +62,19 @@ def to_WireguardTunnel(self) -> common.models.WireguardTunnel:
peers=peers,
)

SQLITE_DB = os.getenv("SQLITE_DB", "/var/lib/support_tunnel/device.db")
SQL_URI = f"sqlite:///{SQLITE_DB}"

SQL_URI = getenv("SQL_URI", "sqlite:////var/lib/support_tunnel/device.db")
engine = create_engine(SQL_URI)
SQLModel.metadata.create_all(engine)

try:
stat_result = os.stat(SQLITE_DB)
gid = getgrnam("support").gr_gid
if stat_result.st_gid != gid:
os.chown(SQLITE_DB, -1, gid)
if stat.filemode(stat_result.st_mode) != '-rw-rw----':
os.chmod(SQLITE_DB, 0o0660)
except Exception as e:
error_msg = f"unable to set permissions on {SQLITE_DB}: {e}"
logging.warning(error_msg)

0 comments on commit e526e96

Please sign in to comment.