...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>

.gitignore

@@ -0,0 +1,2 @@
+.gitignore
+*.sw[po]

gate-traefik/templates/etc/traefik/traefik.yaml

@@ -22,6 +22,8 @@ entryPoints:
     address: ':51820/udp'
   wireguard2:
     address: ':51821/udp'
+  shadow:
+    address: ':5555'
   http:
     address: ':80'
     http:

shadow/assets/root/update-shadowsocks.sh

@@ -0,0 +1,100 @@
+#!/usr/bin/bash
+#
+# NOTE: re-run this if the IP/PORT change...
+#
+
+# get the current IP...
+HOST=$(ip addr show dev lan \
+	| grep 'inet ' \
+	| cut -d ' ' -f 6 \
+	| cut -d '/' -f 1)
+PORT=5555
+ENCRYPTION=aes-256-gcm
+
+USER=shadowsocks
+SCRIPT=shadowsocks
+CONFIG=shadowsocks.config
+
+
+# System and dependencies...
+
+if ! which ssserver > /dev/null ; then
+	#setup-apkrepos -cf
+	# add edge repos...
+	sed \
+		-e '/v3\.\d*/{p;s|v3\.\d*|edge|}' \
+		-i /etc/apk/repositories
+	apk update
+	apk add shadowsocks-rust
+fi
+
+# user...
+if ! [ -e /home/$USER ] ; then
+	adduser -D -s /sbin/nologin $USER
+fi
+
+
+
+# Configuration/scripts...
+
+cd /home/$USER
+
+
+# get/generate password...
+if [ -e /home/$USER/$CONFIG ] ; then
+	PASSWD=$(cat /home/$USER/$CONFIG \
+		| grep password \
+		| cut -d '"' -f 4)
+else
+	PASSWD=$(ssservice genkey -m "$ENCRYPTION")
+fi
+
+
+# /home/$USER/$CONFIG
+cat > $CONFIG << EOF
+{
+	"server": "${HOST}",
+	"server_port": ${PORT},
+	"password": "${PASSWD}",
+	"method": "${ENCRYPTION}"
+}
+EOF
+chown $USER:$USER $CONFIG
+chmod 600 $CONFIG
+
+
+# /home/$USER/$SCRIPT
+cat > $SCRIPT << EOF
+#!/sbin/openrc-run
+
+command="ssserver"
+command_args="-c /home/$USER/$CONFIG"
+command_user=$USER
+
+pidfile="/run/\$SVCNAME.pid"
+command_background=true
+
+# Debug
+#output_log="/home/$USER/\$SVCNAME.log"
+#error_log="/home/$USER/\$SVCNAME.err"
+
+depend() {
+	need net
+}
+EOF
+chown $USER:$USER $SCRIPT
+chmod +x $SCRIPT
+
+
+
+# Setup the service...
+
+ln -s /home/$USER/$SCRIPT /etc/init.d/$SCRIPT
+if ! [ -e /etc/runlevels/default/$SCRIPT ] ; then
+	rc-update add $SCRIPT default
+fi
+rc-service $SCRIPT restart
+
+
+
+# vim:set ts=4 sw=4 :

shadow/make.sh

@@ -0,0 +1,94 @@
+#!/usr/bin/bash
+#----------------------------------------------------------------------
+
+cd $(dirname $0)
+PATH=$PATH:$(dirname "$(pwd)")
+
+
+#----------------------------------------------------------------------
+
+source ../.pct-helpers
+
+
+#----------------------------------------------------------------------
+
+readConfig
+
+
+#----------------------------------------------------------------------
+
+DFL_ID=${DFL_ID:=1010}
+DFL_CTHOSTNAME=${DFL_CTHOSTNAME:=shadow}
+
+DFL_CORES=${DFL_CORES:=1}
+DFL_RAM=${DFL_RAM:=256}
+DFL_SWAP=${DFL_SWAP:=${DFL_RAM}}
+DFL_DRIVE=${DFL_DRIVE:=0.5}
+
+# XXX this is not used yet -- need to set this at traefik endpoint... 
+#DFL_ENDPOINT_PORT=${DFL_ENDPOINT_PORT:=5555}
+#xread "Shadowsocks endpoint port: " ENDPOINT_PORT
+
+WAN_IP=SKIP
+WAN_GATE=SKIP
+ADMIN_IP=SKIP
+ADMIN_GATE=SKIP
+LAN_IP=SKIP
+LAN_GATE=SKIP
+
+REBOOT=${REBOOT:=1}
+
+readVars
+
+
+USER=shadowsocks
+
+
+#----------------------------------------------------------------------
+
+INTERFACES=(
+	"name=lan,bridge=vmbr${LAN_BRIDGE},firewall=1,ip=dhcp,type=veth"
+)
+
+OPTS_STAGE_2="\
+	--onboot 1 \
+"
+
+
+#----------------------------------------------------------------------
+
+echo "# Building config..."
+buildAssets
+
+echo "# Creating CT..."
+pctCreateAlpine $ID "$PASS"
+
+echo "# Installing dependencies..."
+@ lxc-attach $ID -- \
+	sed \
+		-e '/v3\.\d*/{p;s|v3\.\d*|edge|}' \
+		-i /etc/apk/repositories
+@ lxc-attach $ID apk add bash logrotate shadowsocks-rust
+
+
+echo "# Copying assets..."
+pctPushAssets $ID
+
+
+echo "# Generating/updating config and server script..."
+@ lxc-attach $ID bash /root/update-shadowsocks.sh
+
+
+echo "# Post config..."
+pctSet $ID "${OPTS_STAGE_2}" $REBOOT
+pctSetNotes $ID
+
+saveLastRunConfig
+
+showNotes
+echo "# Done."
+
+
+
+#----------------------------------------------------------------------
+# vim:set ts=4 sw=4 :

shadow/traefik.yml

@@ -0,0 +1,13 @@
+tcp:
+  routers:
+    ${CTHOSTNAME}:
+      entryPoints:
+        - ${CTHOSTNAME}
+      service: ${CTHOSTNAME}
+      rule: "HostSNI(`*`)"
+
+  services:
+    ${CTHOSTNAME}:
+      loadBalancer:
+        servers:
+          - address: ${CTHOSTNAME}.srv:5555

wireguard/traefik.yml

@@ -2,7 +2,7 @@ udp:
   routers:
     ${CTHOSTNAME}:
       entryPoints:
-        - wireguard2
+        - wireguard
       service: ${CTHOSTNAME}
 
   services: