mask tailscale/zerotier as well as disabling them

disabling the service is good enough, but masking them as well doesn't hurt
dirkhh · Nov 22, 2024 · 72834bd · 72834bd
1 parent b6fab92
commit 72834bd
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/src/modules/adsb-feeder/filesystem/root/opt/adsb/adsb-setup/app.py b/src/modules/adsb-feeder/filesystem/root/opt/adsb/adsb-setup/app.py
@@ -2141,6 +2141,10 @@ def do_halt():
                             continue
                     print_err(f"starting tailscale (args='{ts_args}')")
                     try:
+                        subprocess.run(
+                            ["/usr/bin/systemctl", "unmask", "tailscaled"],
+                            timeout=20.0,
+                        )
                         subprocess.run(
                             ["/usr/bin/systemctl", "enable", "--now", "tailscaled"],
                             timeout=20.0,
@@ -2269,6 +2273,7 @@ def do_halt():
                     self._d.env_by_tags("ssh_configured").value = True
                 if allow_insecure and key == "zerotierid":
                     try:
+                        subprocess.call("/usr/bin/systemctl unmask zerotier-one", shell=True)
                         subprocess.call("/usr/bin/systemctl enable --now zerotier-one", shell=True)
                         sleep(5.0)  # this gives the service enough time to get ready
                         subprocess.call(

diff --git a/src/modules/adsb-feeder/start_chroot_script b/src/modules/adsb-feeder/start_chroot_script
@@ -91,6 +91,8 @@ systemctl mask isc-dhcp-server.service
 apt-get install -y zerotier-one tailscale
 systemctl disable tailscaled
 systemctl disable zerotier-one
+systemctl mask tailscaled
+systemctl mask zerotier-one
 
 # disable swapfile, we have swap on zram
 systemctl disable dphys-swapfile || true

diff --git a/src/variants/dietpi/Automation_Custom_Script.sh b/src/variants/dietpi/Automation_Custom_Script.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
 
+# make sure the VPN services are stopped and disabled
+systemctl disable --now zerotier-one.service tailscaled.service
+systemctl mask zerotier-one tailscaled
+
 # override daemon.json with the options we want
 cat > /etc/docker/daemon.json <<EOF
 {
@@ -102,9 +106,6 @@ systemctl enable --now adsb-bootstrap.service adsb-setup.service adsb-update.tim
 # rely on dietpi to start adsb-docker but make sure it's enabled
 systemctl enable adsb-docker
 
-# make sure the VPN services are stopped and disabled
-systemctl disable --now zerotier-one.service tailscaled.service
-
 # Disable telemetry for tailscale
 # but only if it's not already there
 if ! grep -q -- "^FLAGS=\"--no-logs-no-support" /etc/default/tailscaled ; then