diff options
| author | Jonathan Bauer | 2013-06-18 19:08:04 +0200 |
|---|---|---|
| committer | Jonathan Bauer | 2013-06-18 19:08:04 +0200 |
| commit | 9a004451adc1a87e8058954803f5600f48cedf31 (patch) | |
| tree | 9da5f1a03d6e4799f7847196dc9785b10010c5d3 | |
| parent | [pam] home directory per kerberos (alpha) (diff) | |
| parent | [redsocks] NEW MODULE (diff) | |
| download | tm-scripts-9a004451adc1a87e8058954803f5600f48cedf31.tar.gz tm-scripts-9a004451adc1a87e8058954803f5600f48cedf31.tar.xz tm-scripts-9a004451adc1a87e8058954803f5600f48cedf31.zip | |
Merge branch 'master' of git:openslx-ng/tm-scripts
9 files changed, 163 insertions, 7 deletions
diff --git a/remote/modules/policykit/policykit.build b/remote/modules/policykit/policykit.build index 591c180f..52be1221 100644 --- a/remote/modules/policykit/policykit.build +++ b/remote/modules/policykit/policykit.build @@ -14,6 +14,7 @@ build () { } post_copy() { + COPYLIST="$MODULE_DIR/list_dpkg_output" local POLPATH="$(grep '/polkitd$' "$COPYLIST" | head -1 | sed -e 's/[\/&]/\\&/g')" [ -n "$POLPATH" ] && sed -i "s/%%POLKITD%%/${POLPATH}/g" "$TARGET_BUILD_DIR/etc/systemd/system/polkitd.service" #Add Polkit User/Group/Shadow to Stage3.2 diff --git a/remote/modules/redsocks/data/etc/redsocks.conf b/remote/modules/redsocks/data/etc/redsocks.conf new file mode 100644 index 00000000..c783258f --- /dev/null +++ b/remote/modules/redsocks/data/etc/redsocks.conf @@ -0,0 +1,56 @@ +base { + // debug: connection progress & client list on SIGUSR1 + log_debug = off; + + // info: start and end of client session + log_info = off; + + /* possible `log' values are: + * stderr + * "file:/path/to/file" + * syslog:FACILITY facility is any of "daemon", "local0"..."local7" + */ + log = "file:/root/redsocks.log"; + + // detach from console + daemon = on; + + /* Change uid, gid and root directory, these options require root + * privilegies on startup. + * Note, your chroot may requre /etc/localtime if you write log to syslog. + * Log is opened before chroot & uid changing. + */ + user = nobody; + group = nogroup; + // chroot = "/var/chroot"; + + /* possible `redirector' values are: + * iptables - for Linux + * ipf - for FreeBSD + * pf - for OpenBSD + * generic - some generic redirector that MAY work + */ + redirector = iptables; +} + +redsocks { + /* `local_ip' defaults to 127.0.0.1 for security reasons, + * use 0.0.0.0 if you want to listen on every interface. + * `local_*' are used as port to redirect to. + */ + local_ip = 0.0.0.0; + local_port = 12345; + + // `ip' and `port' are IP and tcp-port of proxy-server + ip = %%PROXY_IP%%; + port = %%PROXY_PORT%%; + + + // known types: socks4, socks5, http-connect, http-relay + // type = http-connect; + type = %%PROXY_TYPE%%; + + // login = "foobar"; + // password = "baz"; +} + diff --git a/remote/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup_proxy.service b/remote/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup_proxy.service new file mode 120000 index 00000000..0c7dc84b --- /dev/null +++ b/remote/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup_proxy.service @@ -0,0 +1 @@ +../setup_proxy.service
\ No newline at end of file diff --git a/remote/modules/redsocks/data/etc/systemd/system/redsocks.service b/remote/modules/redsocks/data/etc/systemd/system/redsocks.service new file mode 100644 index 00000000..6f207586 --- /dev/null +++ b/remote/modules/redsocks/data/etc/systemd/system/redsocks.service @@ -0,0 +1,9 @@ +[Unit] +Description=Transparent redirector of any TCP connection to proxy using your firewall + +[Service] +Type=forking +PIDFile=/run/redsocks.pid +ExecStart=/bin/redsocks -c /etc/redsocks.conf -p /run/redsocks.pid +ExecStopPost=/bin/rm /run/redsocks.pid +Restart=on-abort diff --git a/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service b/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service new file mode 100644 index 00000000..885e72dc --- /dev/null +++ b/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service @@ -0,0 +1,9 @@ +[Unit] +Description=Proxy setup detection +Before=sysinit.target shutdown.target +DefaultDependencies=no + +[Service] +Type=oneshot +ExecStart=/opt/openslx/bin/setup_proxy +RemainAfterExit=yes diff --git a/remote/modules/redsocks/data/opt/openslx/bin/setup_proxy b/remote/modules/redsocks/data/opt/openslx/bin/setup_proxy new file mode 100755 index 00000000..8fa5721c --- /dev/null +++ b/remote/modules/redsocks/data/opt/openslx/bin/setup_proxy @@ -0,0 +1,41 @@ +#!/bin/bash + +. /opt/openslx/config || echo "Error sourcing config for setup_proxy" + +[ -z "$SLX_PROXY_MODE" -o "x$SLX_PROXY_MODE" == "xoff" ] && echo "proxy mode disabled." && exit 0 + +PROXY=off +if [ "$SLX_PROXY_MODE" == "on" ]; then + PROXY=on +elif [ "$SLX_PROXY_MODE" == "auto" -a -n "$SLX_PXE_CLIENT_IP" ]; then + [[ "$SLX_PXE_CLIENT_IP" =~ ^10\. ]] && PROXY=on + [[ "$SLX_PXE_CLIENT_IP" =~ ^192\.168\. ]] && PROXY=on + [[ "$SLX_PXE_CLIENT_IP" =~ ^172\.[123] ]] && PROXY=on +fi + +[ "$PROXY" == "off" ] && echo "Proxy mode not required." && exit 0 + +sed -i "s/%%PROXY_IP%%/$SLX_PROXY_IP/g;s/%%PROXY_PORT%%/$SLX_PROXY_PORT/g;s/%%PROXY_TYPE%%/$SLX_PROXY_TYPE/g" /etc/redsocks.conf + +systemctl start redsocks + +iptables -t nat -N REDSOCKS +iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN +iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN +iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN +iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN +iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN +iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN +iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN +iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN +if [ -n "$SLX_PROXY_BLACKLIST" ]; then + for ADDR in $SLX_PROXY_BLACKLIST; do + iptables -t nat -A REDSOCKS -d "$ADDR" -j RETURN + done +fi +iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-port 12345 +iptables -t nat -A PREROUTING -p tcp -j REDSOCKS +iptables -t nat -A OUTPUT -p tcp -j REDSOCKS +iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE +iptables -A INPUT -i br0 -p tcp --dport 12345 -j DROP + diff --git a/remote/modules/redsocks/redsocks.build b/remote/modules/redsocks/redsocks.build new file mode 100644 index 00000000..eb5c238d --- /dev/null +++ b/remote/modules/redsocks/redsocks.build @@ -0,0 +1,24 @@ +#tool/distro specific functions for fetching, building and installing dependencies + + +fetch_source () { + mkdir -p src + cd src || perror "Could not cd to src" + if [ ! -d "redsocks" ]; then + git clone "$REQUIRED_GIT" "redsocks" || perror "Could not clone redoscks from github" + fi + cd redsocks || perror "Could not cd to src/redsocks" + git checkout "$REQUIRED_REVISION" || perror "Could not checkout revision $REQUIRED_REVISION" +} + +build () { + cd "$MODULE_DIR/src/redsocks" || perror "src/redsocks not found" + make || perror "make failed." + mkdir -p "$MODULE_BUILD_DIR/sbin" + cp "redsocks" "$MODULE_BUILD_DIR/sbin/" || perror "Could not copy redsocks binary to build dir" +} + +post_copy() { + : +} + diff --git a/remote/modules/redsocks/redsocks.conf b/remote/modules/redsocks/redsocks.conf new file mode 100644 index 00000000..db7bcfa3 --- /dev/null +++ b/remote/modules/redsocks/redsocks.conf @@ -0,0 +1,10 @@ +REQUIRED_GIT="git://github.com/darkk/redsocks.git" +REQUIRED_REVISION="2e3f648809e27cc19cb7a8702f19b553a7ef9a81" + +REQUIRED_INSTALLED_PACKAGES=" + libevent-dev +" +REQUIRED_BINARIES=" + redsocks +" + diff --git a/remote/modules/vmchooser/data/opt/openslx/bin/run-virt.sh b/remote/modules/vmchooser/data/opt/openslx/bin/run-virt.sh index 6c08653f..84ece685 100755 --- a/remote/modules/vmchooser/data/opt/openslx/bin/run-virt.sh +++ b/remote/modules/vmchooser/data/opt/openslx/bin/run-virt.sh @@ -376,15 +376,20 @@ writelog "\tVM Hostname:\t\t$hostname" ################################################################################ ### Setup the rest of the environment and run the configured vm ################################################################################ - +# 8086:1e20 +if lspci -n | grep -E -i '8086:1e20( |$)'; then + VOL="100%" # bwPC 4: Speaker too quiet :-( +else + VOL="80%" +fi # Adjust sound volume #writelog "Unmuting sound...\c " -amixer -q sset Master 80% unmute 2>/dev/null -amixer -q sset PCM 80% unmute 2>/dev/null -amixer -q sset CD 80% unmute 2>/dev/null -amixer -q sset Headphone 80% unmute 2>/dev/null -amixer -q sset Front 80% unmute 2>/dev/null # in SUSE 11.0 it's headphone -amixer -q sset Speaker 80% unmute 2>/dev/null # annoying built-in speaker +amixer -q sset Master "$VOL" unmute 2>/dev/null +amixer -q sset PCM "$VOL" unmute 2>/dev/null +amixer -q sset CD "$VOL" unmute 2>/dev/null +amixer -q sset Headphone "$VOL" unmute 2>/dev/null +amixer -q sset Front "$VOL" unmute 2>/dev/null # in SUSE 11.0 it's headphone +amixer -q sset Speaker "$VOL" unmute 2>/dev/null # annoying built-in speaker #writelog "finished\n" # Copy guest configuration (with added information) config.xml to be accessed |