bob*: modularize init-container extra commands

ilyaluk · ilyaluk · commit c5a5e5499d00 · 2025-10-24T01:15:57.000+04:00
diff --git a/bob-common/mkosi.extra/usr/bin/init-container.sh b/bob-common/mkosi.extra/usr/bin/init-container.sh
@@ -41,7 +41,7 @@ su -s /bin/sh searcher -c "cd ~ && podman run -d \
         while true; do /usr/sbin/sshd -D -e; sleep 5; done'"
 
 # Attempt a quick check that the container is running
-for i in 1 2 3 4 5; do
+for i in $(seq 1 5); do
     status=$(su -s /bin/sh - searcher -c "podman inspect --format '{{.State.Status}}' $NAME 2>/dev/null || true")
     if [ "$status" = "running" ]; then
         break
@@ -63,24 +63,25 @@ if [ -z "$pid" ] || [ "$pid" = "0" ]; then
 fi
 
 echo "Applying iptables rules in $NAME (PID: $pid) network namespace..."
+ns_iptables() { nsenter --target "$pid" --net iptables "$@" }
 
-# Enter network namespace and apply DROP rules on port 9000 TCP/UDP
-nsenter --target "$pid" --net iptables -A OUTPUT -p tcp --dport 9000 -j DROP
-nsenter --target "$pid" --net iptables -A OUTPUT -p udp --dport 9000 -j DROP
+ns_iptables -A OUTPUT -d 169.254.169.254 -j DROP
 
-# Enter network namespace and apply DROP rule on port 123 UDP
-nsenter --target "$pid" --net iptables -A OUTPUT -p udp --dport 123 -j DROP
+ns_iptables -A OUTPUT -p tcp --dport 9000 -j DROP
+ns_iptables -A OUTPUT -p udp --dport 9000 -j DROP
 
-# Drop outbound traffic from SEARCHER_INPUT_CHANNEL
-nsenter --target "$pid" --net iptables -A OUTPUT -p udp --sport $SEARCHER_INPUT_CHANNEL -j DROP
-nsenter --target "$pid" --net iptables -A OUTPUT -p tcp --sport $SEARCHER_INPUT_CHANNEL -j DROP
+ns_iptables -A OUTPUT -p udp --dport 123 -j DROP
 
-echo "Injecting static hosts into $NAME..."
+ns_iptables -A OUTPUT -p udp --sport $SEARCHER_INPUT_CHANNEL -j DROP
+ns_iptables -A OUTPUT -p tcp --sport $SEARCHER_INPUT_CHANNEL -j DROP
 
-su -s /bin/sh searcher -c "podman exec $NAME /bin/sh -c '
-    echo \"3.149.14.12 tx.tee-searcher.flashbots.net\" >> /etc/hosts &&
-    echo \"3.136.107.142 tx.tee-searcher.flashbots.net\" >> /etc/hosts &&
-    echo \"18.221.59.61 backruns.tee-searcher.flashbots.net\" >> /etc/hosts &&
-    echo \"3.15.88.156 backruns.tee-searcher.flashbots.net\" >> /etc/hosts &&
-    echo \"52.207.17.217 fbtee.titanbuilder.xyz\" >> /etc/hosts
-'"
+# Helper, only used in sourced script below
+exec_in_container() {
+    su -s /bin/sh searcher -c "podman exec $NAME /bin/sh -c '$1'"
+}
+
+# Run extra commands which are customized per image,
+# see bob*/mkosi.extra/etc/searcher-container-init-extra
+#
+# `source` is not supported in dash
+. /etc/searcher-container-init-extra
diff --git a/bob-l1/mkosi.extra/etc/searcher-container-init-extra b/bob-l1/mkosi.extra/etc/searcher-container-init-extra
@@ -0,0 +1,12 @@
+# This script is sourced from init-container.sh and contains image-specific stuff
+# See also: bob-common/mkosi.extra/usr/bin/init-container.sh
+
+echo "Injecting static hosts into searcher container..."
+exec_in_container '
+    cat <<EOF >> /etc/hosts
+3.149.14.12   tx.tee-searcher.flashbots.net
+3.136.107.142 tx.tee-searcher.flashbots.net
+18.221.59.61  backruns.tee-searcher.flashbots.net
+3.15.88.156   backruns.tee-searcher.flashbots.net
+52.207.17.217 fbtee.titanbuilder.xyz
+EOF'
diff --git a/bob-l2/mkosi.extra/etc/searcher-container-init-extra b/bob-l2/mkosi.extra/etc/searcher-container-init-extra
@@ -0,0 +1,7 @@
+# This script is sourced from init-container.sh and contains image-specific stuff
+# See also: bob-common/mkosi.extra/usr/bin/init-container.sh
+
+echo "Injecting static hosts into searcher container..."
+exec_in_container '
+    cat <<EOF >> /etc/hosts
+EOF'
