go all-in on systemd managing the launching of the dojo

pwncollege · Oct 27, 2024 · 94fe39a · 94fe39a
1 parent a07b9ef
commit 94fe39a
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 5 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -36,6 +36,7 @@ RUN echo 'tmpfs /run/dojofs tmpfs defaults,mode=755,shared 0 0' > /etc/fstab &&
     echo '/data/homes /run/homefs none defaults,bind,nosuid 0 0' >> /etc/fstab
 
 RUN ln -s /opt/pwn.college/etc/systemd/system/pwn.college.service /etc/systemd/system/pwn.college.service && \
+    ln -s /opt/pwn.college/etc/systemd/system/pwn.college.init.service /etc/systemd/system/pwn.college.init.service && \
     ln -s /opt/pwn.college/etc/systemd/system/pwn.college.backup.service /etc/systemd/system/pwn.college.backup.service && \
     ln -s /opt/pwn.college/etc/systemd/system/pwn.college.backup.timer /etc/systemd/system/pwn.college.backup.timer && \
     ln -s /opt/pwn.college/etc/systemd/system/pwn.college.cachewarmer.service /etc/systemd/system/pwn.college.cachewarmer.service && \
@@ -44,6 +45,7 @@ RUN ln -s /opt/pwn.college/etc/systemd/system/pwn.college.service /etc/systemd/s
     ln -s /opt/pwn.college/etc/systemd/system/pwn.college.imagepuller.timer /etc/systemd/system/pwn.college.imagepuller.timer && \
     ln -s /opt/pwn.college/etc/systemd/system/pwn.college.cloud.backup.service /etc/systemd/system/pwn.college.cloud.backup.service && \
     ln -s /opt/pwn.college/etc/systemd/system/pwn.college.cloud.backup.timer /etc/systemd/system/pwn.college.cloud.backup.timer && \
+    ln -s /etc/systemd/system/pwn.college.init.service /etc/systemd/system/multi-user.target.wants/pwn.college.init.service && \
     ln -s /etc/systemd/system/pwn.college.service /etc/systemd/system/multi-user.target.wants/pwn.college.service && \
     ln -s /etc/systemd/system/pwn.college.backup.timer /etc/systemd/system/timers.target.wants/pwn.college.backup.timer && \
     ln -s /etc/systemd/system/pwn.college.cachewarmer.timer /etc/systemd/system/timers.target.wants/pwn.college.cachewarmer.timer && \
@@ -58,4 +60,4 @@ RUN find /opt/pwn.college/dojo -type f -exec ln -s {} /usr/bin/ \;
 EXPOSE 22
 EXPOSE 80
 EXPOSE 443
-CMD ["dojo-init"]
+CMD ["/usr/bin/systemd"]
diff --git a/dojo/dojo-init b/dojo/dojo-init
@@ -123,7 +123,3 @@ iptables -I DOCKER-USER -i workspace_net -s 10.0.0.0/24 -m conntrack --ctstate N
 iptables -I DOCKER-USER -i workspace_net -d 10.0.0.0/8 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 iptables -I DOCKER-USER -i workspace_net -s 192.168.42.0/24 -m conntrack --ctstate NEW -j ACCEPT
 iptables -I DOCKER-USER -i workspace_net -d 192.168.42.0/24 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-
-echo "[+] Starting systemd. If this is the first start, the challenge container"
-echo "    will be built, which will take a very long time."
-exec /usr/bin/systemd
diff --git a/etc/systemd/system/pwn.college.init.service b/etc/systemd/system/pwn.college.init.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=pwn.college initialization service
+Before=docker.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+WorkingDirectory=/opt/pwn.college
+ExecStart=/usr/bin/dojo-init
+
+[Install]
+WantedBy=multi-user.target
diff --git a/etc/systemd/system/pwn.college.service b/etc/systemd/system/pwn.college.service
@@ -2,6 +2,7 @@
 Description=pwn.college docker compose service
 Requires=docker.service
 After=docker.service
+After=pwn.college.init.service
 
 [Service]
 Type=oneshot