diff --git a/shadow/assets/root/.update-shadowsocks.sh.swp b/shadow/assets/root/.update-shadowsocks.sh.swp new file mode 100644 index 0000000..529d620 Binary files /dev/null and b/shadow/assets/root/.update-shadowsocks.sh.swp differ diff --git a/shadow/assets/root/update-shadowsocks.sh b/shadow/assets/root/update-shadowsocks.sh new file mode 100644 index 0000000..a75eac1 --- /dev/null +++ b/shadow/assets/root/update-shadowsocks.sh @@ -0,0 +1,100 @@ +#!/usr/bin/bash +# +# NOTE: re-run this if the IP/PORT change... +# + +# get the current IP... +HOST=$(ip addr show dev lan \ + | grep 'inet ' \ + | cut -d ' ' -f 6 \ + | cut -d '/' -f 1) +PORT=5555 +ENCRYPTION=aes-256-gcm + +USER=shadowsocks +SCRIPT=shadowsocks +CONFIG=shadowsocks.config + + +# System and dependencies... + +if ! which ssserver > /dev/null ; then + #setup-apkrepos -cf + # add edge repos... + sed \ + -e '/v3\.\d*/{p;s|v3\.\d*|edge|}' \ + -i /etc/apk/repositories + apk update + apk add shadowsocks-rust +fi + +# user... +if ! [ -e /home/$USER ] ; then + adduser -D -s /sbin/nologin $USER +fi + + + +# Configuration/scripts... + +cd /home/$USER + + +# get/generate password... +if [ -e /home/$USER/$CONFIG ] ; then + PASSWD=$(cat /home/$USER/$CONFIG \ + | grep password \ + | cut -d '"' -f 4) +else + PASSWD=$(ssservice genkey -m "$ENCRYPTION") +fi + + +# /home/$USER/$CONFIG +cat > $CONFIG << EOF +{ + "server": "${HOST}", + "server_port": ${PORT}, + "password": "${PASSWD}", + "method": "${ENCRYPTION}" +} +EOF +chown $USER:$USER $CONFIG +chmod 600 $CONFIG + + +# /home/$USER/$SCRIPT +cat > $SCRIPT << EOF +#!/sbin/openrc-run + +command="ssserver" +command_args="-c /home/$USER/$CONFIG" +command_user=$USER + +pidfile="/run/\$SVCNAME.pid" +command_background=true + +# Debug +#output_log="/home/$USER/\$SVCNAME.log" +#error_log="/home/$USER/\$SVCNAME.err" + +depend() { + need net +} +EOF +chown $USER:$USER $SCRIPT +chmod +x $SCRIPT + + + +# Setup the service... + +ln -s /home/$USER/$SCRIPT /etc/init.d/$SCRIPT +if ! [ -e /etc/runlevels/default/$SCRIPT ] ; then + rc-update add $SCRIPT default +fi +rc-service $SCRIPT restart + + + +# vim:set ts=4 sw=4 : diff --git a/shadow/make.sh b/shadow/make.sh new file mode 100755 index 0000000..6d5882c --- /dev/null +++ b/shadow/make.sh @@ -0,0 +1,90 @@ +#!/usr/bin/bash +#---------------------------------------------------------------------- + +cd $(dirname $0) +PATH=$PATH:$(dirname "$(pwd)") + + +#---------------------------------------------------------------------- + +source ../.pct-helpers + + +#---------------------------------------------------------------------- + +readConfig + + +#---------------------------------------------------------------------- + +DFL_ID=${DFL_ID:=1010} +DFL_CTHOSTNAME=${DFL_CTHOSTNAME:=shadow} + +DFL_CORES=${DFL_CORES:=1} +DFL_RAM=${DFL_RAM:=256} +DFL_SWAP=${DFL_SWAP:=${DFL_RAM}} +DFL_DRIVE=${DFL_DRIVE:=0.5} + +WAN_IP=SKIP +WAN_GATE=SKIP +ADMIN_IP=SKIP +ADMIN_GATE=SKIP +LAN_IP=SKIP +LAN_GATE=SKIP + +REBOOT=${REBOOT:=1} + +readVars + + +USER=shadowsocks + + +#---------------------------------------------------------------------- + +INTERFACES=( + "name=lan,bridge=vmbr${LAN_BRIDGE},firewall=1,ip=dhcp,type=veth" +) + +OPTS_STAGE_2="\ + --onboot 1 \ +" + + +#---------------------------------------------------------------------- + +echo "# Building config..." +buildAssets + +echo "# Creating CT..." +pctCreateAlpine $ID "$PASS" + +echo "# Installing dependencies..." +@ lxc-attach $ID -- \ + sed \ + -e '/v3\.\d*/{p;s|v3\.\d*|edge|}' \ + -i /etc/apk/repositories +@ lxc-attach $ID apk add bash logrotate shadowsocks-rust + + +echo "# Copying assets..." +pctPushAssets $ID + + +echo "# Generating/updating config and server script..." +@ lxc-attach $ID bash /root/update-shadowsocks.sh + + +echo "# Post config..." +pctSet $ID "${OPTS_STAGE_2}" $REBOOT +pctSetNotes $ID + +saveLastRunConfig + +showNotes +echo "# Done." + + + +#---------------------------------------------------------------------- +# vim:set ts=4 sw=4 :