From db6def2d96063304bd84dcb43557aa7d943630b9 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Mon, 21 Aug 2023 16:51:34 +0200
Subject: [PATCH] Clarify the confusing 'virtualisation' variable thingies ...

---
 conf/mount_disk.sh   |  4 +++-
 conf/systemd.service | 10 +++++-----
 conf/umount_disk.sh  |  6 ++++--
 scripts/_common.sh   | 29 ++++++++++++-----------------
 scripts/config       |  4 ++--
 scripts/install      | 24 ++++++------------------
 scripts/remove       |  7 +------
 scripts/restore      |  3 +--
 8 files changed, 34 insertions(+), 53 deletions(-)

diff --git a/conf/mount_disk.sh b/conf/mount_disk.sh
index c42ae46..bcc4d7d 100755
--- a/conf/mount_disk.sh
+++ b/conf/mount_disk.sh
@@ -1,5 +1,7 @@
 #!/bin/bash
-if [ "$VIRTUALISATION" = "true" ] 
+
+# If we're inside a container
+if systemd-detect-virt -c -q
 then
     data_dir=__DATA_DIR__
     format=$1
diff --git a/conf/systemd.service b/conf/systemd.service
index 0e2106c..05f78ac 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -5,7 +5,7 @@ Wants=network-online.target
 
 [Service]
 User=__APP__
-Environment='RUST_LOG=garage=info' 'VIRTUALISATION=__VIRTUALISATION__'   'RUST_BACKTRACE=1'
+Environment='RUST_LOG=garage=info' 'VIRTUALISATION=__SYSTEM_IS_INSIDE_CONTAINER__'   'RUST_BACKTRACE=1'
 ExecStartPre=+__INSTALL_DIR__/mount_disk.sh 
 ExecStart=__INSTALL_DIR__/garage -c __INSTALL_DIR__/garage.toml server
 ExecStopPost=+__INSTALL_DIR__/umount_disk.sh 
@@ -17,16 +17,16 @@ StandardError=inherit
 # Depending on specificities of your service/app, you may need to tweak these
 # .. but this should be a good baseline
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
-__VIRT_PROTECTION__PrivateTmp=yes
+__COMMENT_IF_SYSTEM_IS_INSIDE_CONTAINER__PrivateTmp=yes
 #PrivateDevices=yes
 # RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 RestrictNamespaces=yes
 RestrictRealtime=yes
 #DevicePolicy=closed
-__VIRT_PROTECTION__ProtectSystem=full
-__VIRT_PROTECTION__ProtectControlGroups=yes
+__COMMENT_IF_SYSTEM_IS_INSIDE_CONTAINER__ProtectSystem=full
+__COMMENT_IF_SYSTEM_IS_INSIDE_CONTAINER__ProtectControlGroups=yes
 #ProtectKernelModules=yes
-__VIRT_PROTECTION__ProtectKernelTunables=yes
+__COMMENT_IF_SYSTEM_IS_INSIDE_CONTAINER__ProtectKernelTunables=yes
 LockPersonality=yes
 SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
 
diff --git a/conf/umount_disk.sh b/conf/umount_disk.sh
index 7222ef0..15e6314 100755
--- a/conf/umount_disk.sh
+++ b/conf/umount_disk.sh
@@ -1,7 +1,9 @@
 #!/bin/bash
-if [ "$VIRTUALISATION" = "true" ] 
+
+# If we're inside a container
+if systemd-detect-virt -c -q
 then
-     data_dir=__DATA_DIR__
+    data_dir=__DATA_DIR__
     nbd=$(cat $data_dir/nbd_index)
     umount  /dev/nbd$nbd
     qemu-nbd --disconnect  /dev/nbd$nbd
diff --git a/scripts/_common.sh b/scripts/_common.sh
index d0fbbaa..ae268d3 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -4,27 +4,22 @@
 # COMMON VARIABLES
 #=================================================
 
+GARAGE_VERSION="0.8.2"
+
+if systemd-detect-virt  -c -q
+then
+    system_is_inside_container="true"
+    # used to comment systemd isolation to allow mount disk
+    comment_if_system_is_inside_container="#"
+else
+    system_is_inside_container="false"
+    comment_if_system_is_inside_container=""
+fi
+
 #=================================================
 # PERSONAL HELPERS
 #=================================================
 
-systemd-detect-virt  -c -q
-if [ $? ] 
-then #system is inside a container, 
-    export VIRTUALISATION=true
-    virtualisation=true
-    # comment systemd isolation to allow mount disk
-    virt_protection="#"
-else
-    virtualisation=false
-    export VIRTUALISATION=false
-    # uncomment systemd isolation
-    virt_protection=""
-fi
-    
-
-GARAGE_VERSION="0.8.2"
-
 garage_connect() {
   local command="$1"
   local peer="$2" 
diff --git a/scripts/config b/scripts/config
index a39681c..f96b00b 100644
--- a/scripts/config
+++ b/scripts/config
@@ -17,7 +17,7 @@ ynh_abort_if_errors
 final_path=$(ynh_app_setting_get $app final_path)
 node_id=$(ynh_app_setting_get $app node_id)
 datadir=$(ynh_app_setting_get $app datadir)
-if [ "$virtualisation" = "true" ] 
+if [[ "$system_is_inside_container" == "true" ]]
 then
     nbd_index=$(cat $datadir/nbd_index)
 fi
@@ -28,7 +28,7 @@ get__weight() {
 }
 
 set__weight() {
-    if [ "$virtualisation" = "true" ] 
+    if [[ "$system_is_inside_container" == "true" ]]
     then
         systemctl stop $app
         old_weight="$(ynh_app_setting_get --app=$app --key=weight)"
diff --git a/scripts/install b/scripts/install
index 1be7697..0c68f56 100755
--- a/scripts/install
+++ b/scripts/install
@@ -66,26 +66,14 @@ chown $app:$app "$install_dir/garage.toml"
 #=================================================
 ynh_script_progression --message="Creating a data directory..."  --weight=5
 
-if [ "$virtualisation" = "true" ]
+if [[ "$system_is_inside_container" == "true" ]]
 then
- ynh_print_warn --message="This may take time regarding disk size…"
-fi
-
-#=================================================
-# create data partition
-#=================================================
-
-if [ "$virtualisation" = "true" ]
-then
-	# to be sure to not exceed size limit, i use a virtual disk with a fix size to have a max limit size.
+    ynh_print_warn --message="This may take time regarding disk size…"
+	
+    # to be sure to not exceed size limit, i use a virtual disk with a fix size to have a max limit size.
 	qemu-img create -f qcow2 $data_dir/garage_data.qcow2 "$weight"G
-	VIRTUALISATION=true $install_dir/mount_disk.sh true
-fi
-
-
-if [ "$virtualisation" = "true" ]
-then
-	VIRTUALISATION=true $install_dir/umount_disk.sh
+	$install_dir/mount_disk.sh true
+	$install_dir/umount_disk.sh
 fi
 
 #=================================================
diff --git a/scripts/remove b/scripts/remove
index ecbf940..d97f6be 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -13,11 +13,6 @@ source /usr/share/yunohost/helpers
 # LOAD SETTINGS
 #=================================================
 
-if [ "$virtualisation" = "true" ]
-then
-	export VIRTUALISTATION=true
-fi
-
 #=================================================
 # REMOVE NODE CONFIGURATION
 #=================================================
@@ -60,7 +55,7 @@ ynh_script_progression --message="Removing logrotate configuration..."  --weight
 ynh_remove_logrotate
 
 
-if [ "$virtualisation" = "true" ]
+if [[ "$system_is_inside_container" == "true" ]]
 then
 	#=================================================
 	# REMOVE VIRTUAL DISK
diff --git a/scripts/restore b/scripts/restore
index 29eadd6..8995364 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -26,9 +26,8 @@ ynh_script_progression --message="Restoring the data directory..."  --weight=1
 
 mkdir -p "$data_dir/data"
 
-if [ "$virtualisation" = "true" ]
+if [[ "$system_is_inside_container" == "true" ]]
 then
-    export VIRTUALISATION=true
 	# to be sure to not exceed size limit, i use a virtual disk with a fix size to have a max limit size.
 	qemu-img create -f qcow2 $data_dir/garage_data.qcow2 "$weight"G
 	$install_dir/mount_disk.sh true