RedXen/aports
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add vtun proxy

Browse Source
This commit is contained in:
Alex D. 2022-03-26 19:00:15 +00:00
parent 7e81b8abf5
commit 6ebbfa5dfc
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
13 changed files with 73 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
PORT-ALLOCATION
View File

@ -41,6 +41,7 @@ Internal ports: 7500-7600
unbound: 7583
HAProxy PROM: 7581
Promtail: 7590
vtun: 7591
Public ports:
SSH: 22

4
config/haproxy/APKBUILD
View File

@ -3,7 +3,7 @@
. ../APKBUILD-config.template
pkgver=2022.03.25.02
pkgver=2022.03.26.02
pkgrel=0
depends="redxen-secret-letsencrypt-full redxen-data-haproxy-errorpages"
checkdepends="haproxy"
@ -15,5 +15,5 @@ check() {
}
sha512sums="
5fe08e3ba3317fe09e8408141d567758f5fddb1c67233042a5eb02d4a0f2fd96e8945588c22ef371da31f7b0c88e580bb398083c85a939a313ea1f88422d8cac main.cfg
45bd2aa36469225968df94843d4548064f601ebc7d353fed75d8e50cd1eb0edad12e9ba07e1d05cd88ce2597cb4d411585a613f349ceb08fb5061e30cc6be97b main.cfg
"

7
config/haproxy/main.cfg
View File

@ -84,6 +84,7 @@ frontend http
acl btdaemon hdr_beg(host) -i seed.redxen
acl packs hdr_beg(host) -i packages.redxen
acl cal hdr_beg(host) -i cal.redxen
acl wssproxy hdr_beg(host) -i wssproxy.redxen
acl monerod hdr_beg(host) -i monerod.redxen
redirect location https://en.uncyclopedia.co/wiki/South_Africa code 302 if fedi
@ -97,6 +98,7 @@ frontend http
use_backend backend-btdaemon if btdaemon
use_backend backend-packages if packs
use_backend backend-radicale if cal
use_backend backend-wssproxy if wssproxy
#use_backend backend-monerod if monerod
backend backend-home
@ -138,6 +140,11 @@ backend backend-radicale
http-check send hdr Host cal.redxen.eu
http-check expect status 401
backend backend-wssproxy
server-template wssproxy 1 _wssproxy._tcp.routinginfo.internal
option httpchk HEAD / HTTP/1.1
http-check send hdr Host wss-proxy.redxen.eu
#backend backend-monerod
# server-template monerod 1 _monerod._tcp.routinginfo.internal
# option httpchk POST /json_rpc HTTP/1.1

9
config/nftables/APKBUILD
View File

@ -3,13 +3,14 @@
. ../APKBUILD-config.template
pkgver=2022.03.23.01
pkgver=2022.03.26.01
pkgrel=0
options="!check" # check requires root?
subpackages="
$pkgname-base
$pkgname-openssh
$pkgname-vtun
$pkgname-haproxy:_defmodule
$pkgname-murmur:_defmodule
$pkgname-dovecot:_defmodule
@ -51,6 +52,12 @@ openssh() {
_module "$_modname"
}
vtun() {
_modname="${subpkgname##$pkgname-}"
install_if="$pkgname redxen-openrc-$_modname"
_module "$_modname"
}
_defmodule() {
_modname="${subpkgname##$pkgname-}"
install_if="$pkgname redxen-config-$_modname"

2
config/nftables/nft/inet/redxenfirewall/filter/forward/vtun Normal file
View File

@ -0,0 +1,2 @@
ip saddr 172.24.0.0/24 oifname "eth0" counter accept;
iifname "eth0" ip daddr 172.24.0.0/24 counter accept;

1
config/nftables/nft/inet/redxenfirewall/nat/postrouting/vtun Normal file
View File

@ -0,0 +1 @@
oifname "eth0" ip saddr 172.24.0.0/24 counter masquerade; # SNAT MASQUERADE v4

6
data/bindzone/APKBUILD
View File

@ -3,7 +3,7 @@
. ../APKBUILD-data.template
pkgver=2022.03.25.01
pkgver=2022.03.26.01
pkgrel=0
checkdepends="bind-tools"
makedepends="
@ -69,6 +69,6 @@ internal() {
}
sha512sums="
23f72394a1508eeb9a828451da79b9c5a6daffe59a2966c1507eb0e98aff17cbb4db838d0357135108bc926b24f132b629c64f1b487c84fa222106baaba486a5 redxen.eu
3f441f898f605366c0e411c13c5357000d4fbc1ef8e3d7c0aad51b5723df224fa413491e6cd741381fcb384697f1f37ca55bea64f8978fd47a30fec511faf72d internal
5f9d73185620ca3cb066137c5c92f942190f7c215fee0d255f079664e72554a06b8f0420d67b0fb8bb37ffd57a501b64d9a47e038a8f0e2245149e6b1c2d3346 redxen.eu
983b02166c5dd2fbb804916806b4bf8d7e2b0a9c8fb571d52802569804d6ecf74b8b3f88ee61b43bd653db71781d87e9066a4c6ee46224ddf759e290287c372d internal
"

1
data/bindzone/internal
View File

@ -45,6 +45,7 @@ _root._tcp.routinginfo SRV 0 5 7575 12180710
_packages._tcp.routinginfo SRV 0 5 7574 12180710.fsn1-dc14.hetzner
_seedown._tcp.routinginfo SRV 0 5 7576 12180710.fsn1-dc14.hetzner
_radicale._tcp.routinginfo SRV 0 5 7578 12180710.fsn1-dc14.hetzner
_wssproxy._tcp.routinginfo SRV 0 5 7591 12180621.nbg1-dc3.hetzner
postgresql.routinginfo CNAME 12180625.nbg1-dc3.hetzner
redis.routinginfo CNAME 12180625.nbg1-dc3.hetzner

1
data/bindzone/redxen.eu
View File

@ -64,6 +64,7 @@ sd CNAME @
packages CNAME @
seed CNAME @
cal CNAME @
wssproxy CNAME @
; Wireguard
wireguard CNAME 12180621.nbg1-dc3.hetzner

31
openrc/vtun/APKBUILD Normal file
View File

@ -0,0 +1,31 @@
# Contributor: Alex Denes <caskd@redxen.eu>
# Maintainer: Alex Denes <caskd@redxen.eu>
. ../APKBUILD-openrc.template
pkgver=2022.03.26.02
pkgrel=0
source="$source secret"
depends="openrc $_rx_pkgname"
prepare() {
default_prepare
cp conffile conffile-mod
}
build() {
. secret
rx_replace "VTUN_KEY" "${VTUN_KEY:?'Missing VTUN key'}" "conffile-mod"
}
package() {
rx_openrc_runlevel_add
rx_openrc_runfile_install
rx_openrc_conffile_install "conffile-mod"
}
sha512sums="
65ef90c9ff340770755c63cf786474c95c5e3fde1bb4811b2730926a3bbe8cae763cfc03e07b2cbe627c254f0a695c5ea03ffe7d1c545b8b6df7efe8dbb48a2c runfile
8ef6c3f8679e97906ced5b2bc3faa8dd992ccbe0d46ab9f0f351c56f977bc912c2aec5afe4c481e5f03c721bc55e1e83801f0a60a5e2ac7c5c3ad8caf04cf68c conffile
5e2c06013faae6cfcc9cc1e24545a2d2aafadcf513227bb69ef6f5249b3a00ec4f8ba6740399b3681dedac8490f2c6f262c2fc812ab0be3c4c0e15841da68c9f secret
"

1
openrc/vtun/conffile Normal file
View File

@ -0,0 +1 @@
command_args="-S -d 127.0.0.1:53 -obfs -l :7591 -k 'VTUN_KEY' -path /freedom -p ws -c 172.24.0.1/24"

14
openrc/vtun/runfile Normal file
View File

@ -0,0 +1,14 @@
#!/sbin/openrc-run
supervisor=supervise-daemon
command="/usr/bin/vtun"
command_background="yes"
depend() {
need net
after firewall
}
start_pre() {
modprobe tun
}

1
openrc/vtun/secret Normal file
View File

@ -0,0 +1 @@
VTUN_KEY="2FEmRf4ABK7hOvfR"