From 72834bd1ad40f9a8e3281a97afe02abb700b9c8a Mon Sep 17 00:00:00 2001
From: Matthias Wirth <matthias.wirth@gmail.com>
Date: Fri, 22 Nov 2024 20:28:54 +0000
Subject: [PATCH] mask tailscale/zerotier as well as disabling them

disabling the service is good enough, but masking them as well doesn't
hurt
---
 .../adsb-feeder/filesystem/root/opt/adsb/adsb-setup/app.py | 5 +++++
 src/modules/adsb-feeder/start_chroot_script                | 2 ++
 src/variants/dietpi/Automation_Custom_Script.sh            | 7 ++++---
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/modules/adsb-feeder/filesystem/root/opt/adsb/adsb-setup/app.py b/src/modules/adsb-feeder/filesystem/root/opt/adsb/adsb-setup/app.py
index d0eebcf8..21a4d7d1 100644
--- a/src/modules/adsb-feeder/filesystem/root/opt/adsb/adsb-setup/app.py
+++ b/src/modules/adsb-feeder/filesystem/root/opt/adsb/adsb-setup/app.py
@@ -2141,6 +2141,10 @@ def do_halt():
                             continue
                     print_err(f"starting tailscale (args='{ts_args}')")
                     try:
+                        subprocess.run(
+                            ["/usr/bin/systemctl", "unmask", "tailscaled"],
+                            timeout=20.0,
+                        )
                         subprocess.run(
                             ["/usr/bin/systemctl", "enable", "--now", "tailscaled"],
                             timeout=20.0,
@@ -2269,6 +2273,7 @@ def do_halt():
                     self._d.env_by_tags("ssh_configured").value = True
                 if allow_insecure and key == "zerotierid":
                     try:
+                        subprocess.call("/usr/bin/systemctl unmask zerotier-one", shell=True)
                         subprocess.call("/usr/bin/systemctl enable --now zerotier-one", shell=True)
                         sleep(5.0)  # this gives the service enough time to get ready
                         subprocess.call(
diff --git a/src/modules/adsb-feeder/start_chroot_script b/src/modules/adsb-feeder/start_chroot_script
index def5c9cd..b582d7ef 100644
--- a/src/modules/adsb-feeder/start_chroot_script
+++ b/src/modules/adsb-feeder/start_chroot_script
@@ -91,6 +91,8 @@ systemctl mask isc-dhcp-server.service
 apt-get install -y zerotier-one tailscale
 systemctl disable tailscaled
 systemctl disable zerotier-one
+systemctl mask tailscaled
+systemctl mask zerotier-one
 
 # disable swapfile, we have swap on zram
 systemctl disable dphys-swapfile || true
diff --git a/src/variants/dietpi/Automation_Custom_Script.sh b/src/variants/dietpi/Automation_Custom_Script.sh
index 4ee42be0..9e002f82 100644
--- a/src/variants/dietpi/Automation_Custom_Script.sh
+++ b/src/variants/dietpi/Automation_Custom_Script.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
 
+# make sure the VPN services are stopped and disabled
+systemctl disable --now zerotier-one.service tailscaled.service
+systemctl mask zerotier-one tailscaled
+
 # override daemon.json with the options we want
 cat > /etc/docker/daemon.json <<EOF
 {
@@ -102,9 +106,6 @@ systemctl enable --now adsb-bootstrap.service adsb-setup.service adsb-update.tim
 # rely on dietpi to start adsb-docker but make sure it's enabled
 systemctl enable adsb-docker
 
-# make sure the VPN services are stopped and disabled
-systemctl disable --now zerotier-one.service tailscaled.service
-
 # Disable telemetry for tailscale
 # but only if it's not already there
 if ! grep -q -- "^FLAGS=\"--no-logs-no-support" /etc/default/tailscaled ; then