#!/bin/bash # Usage # ... # exit if any commands returns non-zero status set -e # ONLY ENABLE THIS TO DEBUG # set -x # Check if scipt is run in debug mode so we can hide secrets if [[ "$-" =~ 'x' ]] then echo 'Running with xtrace enabled!' xtrace=true else echo 'Running with xtrace disabled!' xtrace=false fi PROVIDER='ci.leap.se' INVITE_CODE=${BITMASK_INVITE_CODE:?"Need to set BITMASK_INVITE_CODE non-empty"} BCTL='bitmaskctl' LEAP_HOME="$HOME/.config/leap" username="tmp_user_$(date +%Y%m%d%H%M%S)" user="${username}@${PROVIDER}" pw="$(head -c 10 < /dev/urandom | base64)" # Stop any previously started bitmaskd # and start a new instance "$BCTL" stop [ -d "$LEAP_HOME" ] && rm -rf "$LEAP_HOME" # Register a new user # Disable xtrace set +x "$BCTL" user create "$user" --pass "$pw" --invite "$INVITE_CODE" # Enable xtrace again only if it was set at beginning of script [[ $xtrace == true ]] && set -x # Authenticate "$BCTL" user auth "$user" --pass "$pw" > /dev/null # Get VPN cert "$BCTL" vpn get_cert "$user" # Start VPN, wait a bit "$BCTL" vpn start --json sleep 5 "$BCTL" vpn status --json if [[ $EUID > 0 ]] then echo "Not running as root, no dns workaround needed..."; else echo "no-iptables workaround on CI: adding gateway dns..."; echo "nameserver 10.42.0.1" > /etc/resolv.conf # cat /etc/resolv.conf fi sleep 5 ip link show cat ~/.config/leap/bitmaskd.log # TEST that we're going through the provider's VPN tests/e2e/check_ip vpn_on "$BCTL" vpn stop sleep 5 if [[ $EUID > 0 ]] then echo "Not running as root, no dns workaround needed..."; else echo "no-iptables workaround on CI: restoring dns..."; echo "nameserver 77.109.148.136" > /etc/resolv.conf fi # TEST that we're NOT going through the provider's VPN tests/e2e/check_ip vpn_off echo "Succeeded - the vpn routed you through the expected address"