warn when no environment is set, fix config indentation

FyraLabs · Jul 27, 2024 · 09291e5 · 09291e5
1 parent c67935d
commit 09291e5
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 17 deletions.
diff --git a/src/cloud/cloud_init.rs b/src/cloud/cloud_init.rs
@@ -4,25 +4,26 @@ pub fn generate_cloud_init_config(password: &str, port: u16) -> String {
       "write_files": [{
         "path": "/etc/systemd/system/chisel.service",
         "content": format!(r#"
-      [Unit]
-      Description=Chisel Tunnel
-      Wants=network-online.target
-      After=network-online.target
-      StartLimitIntervalSec=0
+[Unit]
+Description=Chisel Tunnel
+Wants=network-online.target
+After=network-online.target
+StartLimitIntervalSec=0
 
-      [Install]
-      WantedBy=multi-user.target
+[Install]
+WantedBy=multi-user.target
 
-      [Service]
-      Restart=always
-      RestartSec=1
-      User=root
-      # You can add any additional flags here
-      # This example uses port 9090 for the tunnel socket. `--reverse` is required for our use case.
-      ExecStart=/usr/local/bin/chisel server --port={port} --reverse
-      # Additional .env file for auth and secrets
-      EnvironmentFile=-/etc/sysconfig/chisel
-      "#)
+[Service]
+Restart=always
+RestartSec=1
+User=root
+# You can add any additional flags here
+# This example uses port 9090 for the tunnel socket. `--reverse` is required for our use case.
+ExecStart=/usr/local/bin/chisel server --port={port} --reverse
+# Additional .env file for auth and secrets
+EnvironmentFile=-/etc/sysconfig/chisel
+PassEnvironment=AUTH
+"#)
       }, {
         "path": "/etc/sysconfig/chisel",
         "content": format!("AUTH=chisel:{}\n", password)

diff --git a/src/daemon.rs b/src/daemon.rs
@@ -604,6 +604,7 @@ async fn reconcile_nodes(obj: Arc<ExitNode>, ctx: Arc<Context>) -> Result<Action
             .await
             .map_err(|_| crate::error::ReconcileError::CloudProvisionerSecretNotFound)?
             .ok_or(ReconcileError::CloudProvisionerSecretNotFound)?;
+
         finalizer::finalizer(
             &exit_nodes.clone(),
             EXIT_NODE_FINALIZER,

diff --git a/src/deployment.rs b/src/deployment.rs
@@ -212,6 +212,11 @@ pub async fn create_pod_template(
         }]
     });
 
+    // Warn when auth is not set
+    if env.is_none() {
+        tracing::warn!("No auth secret set for exit node! Tunnel will not be secure!");
+    }
+
     Ok(PodTemplateSpec {
         metadata: Some(ObjectMeta {
             labels: Some([("tunnel".to_string(), service_name.to_owned())].into()),