summaryrefslogtreecommitdiffstats
path: root/remote/modules
diff options
context:
space:
mode:
Diffstat (limited to 'remote/modules')
-rw-r--r--remote/modules/redsocks/data/etc/redsocks.conf56
l---------remote/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup_proxy.service1
-rw-r--r--remote/modules/redsocks/data/etc/systemd/system/redsocks.service9
-rw-r--r--remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service9
-rwxr-xr-xremote/modules/redsocks/data/opt/openslx/bin/setup_proxy41
-rw-r--r--remote/modules/redsocks/redsocks.build24
-rw-r--r--remote/modules/redsocks/redsocks.conf10
7 files changed, 150 insertions, 0 deletions
diff --git a/remote/modules/redsocks/data/etc/redsocks.conf b/remote/modules/redsocks/data/etc/redsocks.conf
new file mode 100644
index 00000000..c783258f
--- /dev/null
+++ b/remote/modules/redsocks/data/etc/redsocks.conf
@@ -0,0 +1,56 @@
+base {
+ // debug: connection progress & client list on SIGUSR1
+ log_debug = off;
+
+ // info: start and end of client session
+ log_info = off;
+
+ /* possible `log' values are:
+ * stderr
+ * "file:/path/to/file"
+ * syslog:FACILITY facility is any of "daemon", "local0"..."local7"
+ */
+ log = "file:/root/redsocks.log";
+
+ // detach from console
+ daemon = on;
+
+ /* Change uid, gid and root directory, these options require root
+ * privilegies on startup.
+ * Note, your chroot may requre /etc/localtime if you write log to syslog.
+ * Log is opened before chroot & uid changing.
+ */
+ user = nobody;
+ group = nogroup;
+ // chroot = "/var/chroot";
+
+ /* possible `redirector' values are:
+ * iptables - for Linux
+ * ipf - for FreeBSD
+ * pf - for OpenBSD
+ * generic - some generic redirector that MAY work
+ */
+ redirector = iptables;
+}
+
+redsocks {
+ /* `local_ip' defaults to 127.0.0.1 for security reasons,
+ * use 0.0.0.0 if you want to listen on every interface.
+ * `local_*' are used as port to redirect to.
+ */
+ local_ip = 0.0.0.0;
+ local_port = 12345;
+
+ // `ip' and `port' are IP and tcp-port of proxy-server
+ ip = %%PROXY_IP%%;
+ port = %%PROXY_PORT%%;
+
+
+ // known types: socks4, socks5, http-connect, http-relay
+ // type = http-connect;
+ type = %%PROXY_TYPE%%;
+
+ // login = "foobar";
+ // password = "baz";
+}
+
diff --git a/remote/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup_proxy.service b/remote/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup_proxy.service
new file mode 120000
index 00000000..0c7dc84b
--- /dev/null
+++ b/remote/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup_proxy.service
@@ -0,0 +1 @@
+../setup_proxy.service \ No newline at end of file
diff --git a/remote/modules/redsocks/data/etc/systemd/system/redsocks.service b/remote/modules/redsocks/data/etc/systemd/system/redsocks.service
new file mode 100644
index 00000000..6f207586
--- /dev/null
+++ b/remote/modules/redsocks/data/etc/systemd/system/redsocks.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Transparent redirector of any TCP connection to proxy using your firewall
+
+[Service]
+Type=forking
+PIDFile=/run/redsocks.pid
+ExecStart=/bin/redsocks -c /etc/redsocks.conf -p /run/redsocks.pid
+ExecStopPost=/bin/rm /run/redsocks.pid
+Restart=on-abort
diff --git a/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service b/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service
new file mode 100644
index 00000000..885e72dc
--- /dev/null
+++ b/remote/modules/redsocks/data/etc/systemd/system/setup_proxy.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Proxy setup detection
+Before=sysinit.target shutdown.target
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+ExecStart=/opt/openslx/bin/setup_proxy
+RemainAfterExit=yes
diff --git a/remote/modules/redsocks/data/opt/openslx/bin/setup_proxy b/remote/modules/redsocks/data/opt/openslx/bin/setup_proxy
new file mode 100755
index 00000000..8fa5721c
--- /dev/null
+++ b/remote/modules/redsocks/data/opt/openslx/bin/setup_proxy
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+. /opt/openslx/config || echo "Error sourcing config for setup_proxy"
+
+[ -z "$SLX_PROXY_MODE" -o "x$SLX_PROXY_MODE" == "xoff" ] && echo "proxy mode disabled." && exit 0
+
+PROXY=off
+if [ "$SLX_PROXY_MODE" == "on" ]; then
+ PROXY=on
+elif [ "$SLX_PROXY_MODE" == "auto" -a -n "$SLX_PXE_CLIENT_IP" ]; then
+ [[ "$SLX_PXE_CLIENT_IP" =~ ^10\. ]] && PROXY=on
+ [[ "$SLX_PXE_CLIENT_IP" =~ ^192\.168\. ]] && PROXY=on
+ [[ "$SLX_PXE_CLIENT_IP" =~ ^172\.[123] ]] && PROXY=on
+fi
+
+[ "$PROXY" == "off" ] && echo "Proxy mode not required." && exit 0
+
+sed -i "s/%%PROXY_IP%%/$SLX_PROXY_IP/g;s/%%PROXY_PORT%%/$SLX_PROXY_PORT/g;s/%%PROXY_TYPE%%/$SLX_PROXY_TYPE/g" /etc/redsocks.conf
+
+systemctl start redsocks
+
+iptables -t nat -N REDSOCKS
+iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
+iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
+iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
+iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
+iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
+if [ -n "$SLX_PROXY_BLACKLIST" ]; then
+ for ADDR in $SLX_PROXY_BLACKLIST; do
+ iptables -t nat -A REDSOCKS -d "$ADDR" -j RETURN
+ done
+fi
+iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-port 12345
+iptables -t nat -A PREROUTING -p tcp -j REDSOCKS
+iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
+iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
+iptables -A INPUT -i br0 -p tcp --dport 12345 -j DROP
+
diff --git a/remote/modules/redsocks/redsocks.build b/remote/modules/redsocks/redsocks.build
new file mode 100644
index 00000000..eb5c238d
--- /dev/null
+++ b/remote/modules/redsocks/redsocks.build
@@ -0,0 +1,24 @@
+#tool/distro specific functions for fetching, building and installing dependencies
+
+
+fetch_source () {
+ mkdir -p src
+ cd src || perror "Could not cd to src"
+ if [ ! -d "redsocks" ]; then
+ git clone "$REQUIRED_GIT" "redsocks" || perror "Could not clone redoscks from github"
+ fi
+ cd redsocks || perror "Could not cd to src/redsocks"
+ git checkout "$REQUIRED_REVISION" || perror "Could not checkout revision $REQUIRED_REVISION"
+}
+
+build () {
+ cd "$MODULE_DIR/src/redsocks" || perror "src/redsocks not found"
+ make || perror "make failed."
+ mkdir -p "$MODULE_BUILD_DIR/sbin"
+ cp "redsocks" "$MODULE_BUILD_DIR/sbin/" || perror "Could not copy redsocks binary to build dir"
+}
+
+post_copy() {
+ :
+}
+
diff --git a/remote/modules/redsocks/redsocks.conf b/remote/modules/redsocks/redsocks.conf
new file mode 100644
index 00000000..db7bcfa3
--- /dev/null
+++ b/remote/modules/redsocks/redsocks.conf
@@ -0,0 +1,10 @@
+REQUIRED_GIT="git://github.com/darkk/redsocks.git"
+REQUIRED_REVISION="2e3f648809e27cc19cb7a8702f19b553a7ef9a81"
+
+REQUIRED_INSTALLED_PACKAGES="
+ libevent-dev
+"
+REQUIRED_BINARIES="
+ redsocks
+"
+
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-03-01 20:47:19 +0100