2025-12-28 14:22:25 +00:00
6 changed files with 1 additions and 212 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +0,0 @@
 .gitignore
 *.sw[po]
--- a/gate-traefik/templates/etc/traefik/traefik.yaml
+++ b/gate-traefik/templates/etc/traefik/traefik.yaml
@ -22,8 +22,6 @@ entryPoints:
    address: ':51820/udp'
  wireguard2:
    address: ':51821/udp'
  shadow:
    address: ':5555'
  http:
    address: ':80'
    http:
--- a/shadow/assets/root/update-shadowsocks.sh
+++ b/shadow/assets/root/update-shadowsocks.sh
@ -1,100 +0,0 @@
 #!/usr/bin/bash
 #
 # NOTE: re-run this if the IP/PORT change...
 #
 # get the current IP...
 HOST=$(ip addr show dev lan \
 	| grep 'inet ' \
 	| cut -d ' ' -f 6 \
 	| cut -d '/' -f 1)
 PORT=5555
 ENCRYPTION=aes-256-gcm
 USER=shadowsocks
 SCRIPT=shadowsocks
 CONFIG=shadowsocks.config
 # System and dependencies...
 if ! which ssserver > /dev/null ; then
 	#setup-apkrepos -cf
 	# add edge repos...
 	sed \
 		-e '/v3\.\d*/{p;s|v3\.\d*|edge|}' \
 		-i /etc/apk/repositories
 	apk update
 	apk add shadowsocks-rust
 fi
 # user...
 if ! [ -e /home/$USER ] ; then
 	adduser -D -s /sbin/nologin $USER
 fi
 # Configuration/scripts...
 cd /home/$USER
 # get/generate password...
 if [ -e /home/$USER/$CONFIG ] ; then
 	PASSWD=$(cat /home/$USER/$CONFIG \
 		| grep password \
 		| cut -d '"' -f 4)
 else
 	PASSWD=$(ssservice genkey -m "$ENCRYPTION")
 fi
 # /home/$USER/$CONFIG
 cat > $CONFIG << EOF
 {
 	"server": "${HOST}",
 	"server_port": ${PORT},
 	"password": "${PASSWD}",
 	"method": "${ENCRYPTION}"
 }
 EOF
 chown $USER:$USER $CONFIG
 chmod 600 $CONFIG
 # /home/$USER/$SCRIPT
 cat > $SCRIPT << EOF
 #!/sbin/openrc-run
 command="ssserver"
 command_args="-c /home/$USER/$CONFIG"
 command_user=$USER
 pidfile="/run/\$SVCNAME.pid"
 command_background=true
 # Debug
 #output_log="/home/$USER/\$SVCNAME.log"
 #error_log="/home/$USER/\$SVCNAME.err"
 depend() {
 	need net
 }
 EOF
 chown $USER:$USER $SCRIPT
 chmod +x $SCRIPT
 # Setup the service...
 ln -s /home/$USER/$SCRIPT /etc/init.d/$SCRIPT
 if ! [ -e /etc/runlevels/default/$SCRIPT ] ; then
 	rc-update add $SCRIPT default
 fi
 rc-service $SCRIPT restart
 # vim:set ts=4 sw=4 :
--- a/shadow/make.sh
+++ b/shadow/make.sh
@ -1,94 +0,0 @@
 #!/usr/bin/bash
 #----------------------------------------------------------------------
 cd $(dirname $0)
 PATH=$PATH:$(dirname "$(pwd)")
 #----------------------------------------------------------------------
 source ../.pct-helpers
 #----------------------------------------------------------------------
 readConfig
 #----------------------------------------------------------------------
 DFL_ID=${DFL_ID:=1010}
 DFL_CTHOSTNAME=${DFL_CTHOSTNAME:=shadow}
 DFL_CORES=${DFL_CORES:=1}
 DFL_RAM=${DFL_RAM:=256}
 DFL_SWAP=${DFL_SWAP:=${DFL_RAM}}
 DFL_DRIVE=${DFL_DRIVE:=0.5}
 # XXX this is not used yet -- need to set this at traefik endpoint... 
 #DFL_ENDPOINT_PORT=${DFL_ENDPOINT_PORT:=5555}
 #xread "Shadowsocks endpoint port: " ENDPOINT_PORT
 WAN_IP=SKIP
 WAN_GATE=SKIP
 ADMIN_IP=SKIP
 ADMIN_GATE=SKIP
 LAN_IP=SKIP
 LAN_GATE=SKIP
 REBOOT=${REBOOT:=1}
 readVars
 USER=shadowsocks
 #----------------------------------------------------------------------
 INTERFACES=(
 	"name=lan,bridge=vmbr${LAN_BRIDGE},firewall=1,ip=dhcp,type=veth"
 )
 OPTS_STAGE_2="\
 	--onboot 1 \
 "
 #----------------------------------------------------------------------
 echo "# Building config..."
 buildAssets
 echo "# Creating CT..."
 pctCreateAlpine $ID "$PASS"
 echo "# Installing dependencies..."
@ lxc-attach $ID -- \
 	sed \
 		-e '/v3\.\d*/{p;s|v3\.\d*|edge|}' \
 		-i /etc/apk/repositories
@ lxc-attach $ID apk add bash logrotate shadowsocks-rust
 echo "# Copying assets..."
 pctPushAssets $ID
 echo "# Generating/updating config and server script..."
@ lxc-attach $ID bash /root/update-shadowsocks.sh
 echo "# Post config..."
 pctSet $ID "${OPTS_STAGE_2}" $REBOOT
 pctSetNotes $ID
 saveLastRunConfig
 showNotes
 echo "# Done."
 #----------------------------------------------------------------------
 # vim:set ts=4 sw=4 :
--- a/shadow/traefik.yml
+++ b/shadow/traefik.yml
@ -1,13 +0,0 @@
 tcp:
  routers:
    ${CTHOSTNAME}:
      entryPoints:
        - ${CTHOSTNAME}
      service: ${CTHOSTNAME}
      rule: "HostSNI(`*`)"
  services:
    ${CTHOSTNAME}:
      loadBalancer:
        servers:
          - address: ${CTHOSTNAME}.srv:5555
--- a/wireguard/traefik.yml
+++ b/wireguard/traefik.yml
@ -2,7 +2,7 @@ udp:
  routers:
    ${CTHOSTNAME}:
      entryPoints:
-        - wireguard
+        - wireguard2
      service: ${CTHOSTNAME}
  services: