diff --git a/README.md b/README.md index e25ef62..33163ac 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ -# mycloud +# My Clould Configurations and Scripts -These are scripts for my cloud. \ No newline at end of file +These are scripts for my cloud. diff --git a/bin/arch/backup.git.sh b/bin/arch/backup.git.sh new file mode 100755 index 0000000..cbb33ac --- /dev/null +++ b/bin/arch/backup.git.sh @@ -0,0 +1,67 @@ +#!/bin/bash + +CD=cd +DATE=/bin/date +TAR=/bin/tar +BZIP2=/bin/bzip2 +GIT=/usr/bin/git +GPG=/usr/bin/gpg +PASS=/home/vahagn/.gnupg/backup-passphrase +SRC=/home/vahagn/git +KEEP=5 +BACKUP_DIR=/home/vahagn/gdrive/backup + +TIMESTAMP=`$DATE +%Y%m%d-%H:%M%z` +LOG=/mnt/hdd/backup/backup.git.$TIMESTAMP.log +BACKUP=$BACKUP_DIR/git.$TIMESTAMP.tar.bz2.gpg +SIGNATURE=$BACKUP_DIR/git.$TIMESTAMP.tar.bz2.sig + +# +# debug +# +#LOG=/home/vahagn/devel/scripts/backup/log.log +#BACKUP=/home/vahagn/devel/scripts/backup/git.tar.bz2.gpg +#SRC=/home/vahagn/git/scripts.git + +# +# Header +# +echo Starting $LOG | tee -a $LOG +echo start `$DATE` | tee -a $LOG +# +# Sync with BitBucket upstream repos. +# +$CD $SRC/scripts.git +$GIT fetch +$CD $SRC/test.git +$GIT fetch +# +# cd to git directory and then bzip2 all content and crypt it. +# +$CD $SRC +($TAR -cvp . | $BZIP2 -c | $GPG -c --passphrase-file $PASS --output $BACKUP --batch --quiet ) 2>&1| tee -a $LOG +# +# Remove old files +# +$CD $BACKUP_DIR +i=0 +for FILE in `ls -t git.*.tar.bz2.gpg`; do + if [ $i -ge $KEEP ]; then + echo "$FILE is removed to meet keep number of backups $KEEP." | tee -a $LOG + rm $FILE 2>&1| tee -a $LOG + fi; + i=$(($i+1)) +done +i=0 +for FILE in `ls -t git.*.tar.bz2.sig`; do + if [ $i -ge $KEEP ]; then + echo "$FILE is removed to meet keep number of backups $KEEP." | tee -a $LOG + rm $FILE 2>&1| tee -a $LOG + fi; + i=$(($i+1)) +done +# +# Footer +# +echo end `$DATE` | tee -a $LOG + diff --git a/bin/arch/backup.mybook.vahagn.sh b/bin/arch/backup.mybook.vahagn.sh new file mode 100755 index 0000000..0b0bd42 --- /dev/null +++ b/bin/arch/backup.mybook.vahagn.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +DATE=/bin/date +SYNC="/usr/bin/rsync -auAX --delete" +TIMESTAMP=`$DATE +%Y%m%d-%H:%M%z` + +LOG=/mnt/hdd/backup/backup.mybook.vahagn.$TIMESTAMP.log +echo Starting $LOG | tee -a $LOG +echo start `$DATE` | tee -a $LOG +$SYNC /mnt/mybook/vahagn /mnt/hdd/backup | tee -a $LOG +echo end `$DATE` | tee -a $LOG + diff --git a/bin/arch/backup.root.sh b/bin/arch/backup.root.sh new file mode 100755 index 0000000..d539ceb --- /dev/null +++ b/bin/arch/backup.root.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +DATE=/bin/date +RSYNC=/usr/bin/rsync +TIMESTAMP=`$DATE +%Y%m%d-%H:%M%z` + +LOGFILE=/mnt/hdd/backup/log/backup.mybook.public.$TIMESTAMP.log +LOG="/usr/bin/tee -a $LOGFILE" + +function term() { + echo "Terminating." | $LOG + exit 1 +} +trap term INT + +function backup() { + ORIG_DIR=$1 + MIRROR_DIR=$2 + echo "Sync $ORIG_DIR to $MIRROR_DIR" + $RSYNC -aXv --delete --force $ORIG_DIR $MIRROR_DIR | $LOG +} + +function backupwd() { + ORIG_DIR=$1 + MIRROR_DIR=192.168.0.6:/DataVolume/$2 + backup $ORIG_DIR $MIRROR_DIR +} + + +# +# Log Header +# +echo Starting $LOGFILE | $LOG +echo start `$DATE` | $LOG +# +# Sync folders +# +backupwd "/srv/gitlab/" "backup/gitlab" +backupwd "/srv/nextcloud/" "backup/nextcloud" +backupwd "/mnt/hdd/public/_captured_MY_VIDEO/" "public/_captured_MY_VIDEO" +backupwd "/mnt/hdd/public/pix/" "public/pix" +backupwd "/mnt/hdd/public/music/" "public/music" +backupwd "/mnt/hdd/public/books/" "public/books" +backupwd "/mnt/hdd/vahagn/" "backup/vahagn" + +backup "/srv/gitlab" "/mnt/hdd/backup/gitlab" +backup "/srv/nextcloud" "/mnt/hdd/backup/nextcloud" +# +# Log Footer +# +echo end `$DATE` | $LOG diff --git a/bin/backup.hdd.sh b/bin/backup.hdd.sh new file mode 100755 index 0000000..5150008 --- /dev/null +++ b/bin/backup.hdd.sh @@ -0,0 +1,102 @@ +#!/bin/bash + +#set -x + +DATE=/bin/date +RSYNC=/usr/bin/rsync +TIMESTAMP=`$DATE +%Y%m%d-%H:%M%z` + +LOGFILE=/mnt/hdd/backup/log/backup.$TIMESTAMP.log +LOG="/usr/bin/tee -a $LOGFILE" + +function term() { + echo "Terminating." | $LOG + exit 1 +} +trap term INT + +function backup() { + ORIG_DIR=$1 + MIRROR_DIR=$2 + shift 2 + echo "" + echo "Sync $ORIG_DIR to $MIRROR_DIR" + echo "========================================================" + # Use --progress if interactive. + $RSYNC -aAXv --delete --force "$@" $ORIG_DIR $MIRROR_DIR 2>&1 | $LOG + if [ $? -ne 0 ]; then + echo "There were errors while backing up $ORIG_DIR" + fi + echo "" +} + +function backuphdd() { + HDD_ORIG=/mnt/hdd + HDD_MIRROR=/mnt/hdd2 + ORIG_DIR=$HDD_ORIG/$1 + MIRROR_DIR=$HDD_MIRROR/$(dirname $1) + backup $ORIG_DIR $MIRROR_DIR +} + +function backupwd() { + ORIG_DIR=$1 + MIRROR_DIR=192.168.0.6:/DataVolume/$2 + backup $ORIG_DIR $MIRROR_DIR +} + +function backuplusntag() { + ORIG_DIR="vahagn@192.168.0.3:$1" + MIRROR_DIR=$2 + backup $ORIG_DIR $MIRROR_DIR -e "ssh -i /home/vahagn/.ssh/id_rsa" +} + +function backupyerevak() { + ORIG_DIR="vahagn@yerevak.vostan.org:$1" + MIRROR_DIR=$2 + backup $ORIG_DIR $MIRROR_DIR -e "ssh -i /home/vahagn/.ssh/id_rsa -p 24" +} + + +# +# Log Header +# +echo Starting $LOGFILE | $LOG +echo start `$DATE` | $LOG +# +# Sync folders +# +backup "/srv/nextcloud" "/mnt/hdd/backup/docker" +backup "/var/lib/docker/volumes" "/mnt/hdd/backup/docker" + +backup "/src/gerbera/music" "/mnt/hdd/public" + +#backup "/srv/gitlab" "/mnt/hdd/backup/gitlab" +#backup "/srv/git" "/mnt/hdd/backup/git" + +# +# Backup Lusntag +# +backuplusntag "/home/vahagn/msdos" "/mnt/hdd/backup" +backuplusntag "/home/vahagn/devel" "/mnt/hdd/backup/lusntag" +backuplusntag "/var/www" "/mnt/hdd/backup/lusntag" +backuplusntag "/etc/nginx" "/mnt/hdd/backup/lusntag/etc" +# +# Backup Yerevak +# +backupyerevak "/home/vahagn/devel" "/mnt/hdd/backup/yerevak" + +# +# Backup hdd1 to hdd2 +# +backuphdd "backup" +backuphdd "vahagn" +for i in $(ls /mnt/hdd/public); do + if [ $i != "movies" ]; then + backuphdd "public/$i" + fi +done + +# +# Log Footer +# +echo end `$DATE` | $LOG diff --git a/bin/deluge-tunnel.sh b/bin/deluge-tunnel.sh new file mode 100755 index 0000000..801a29a --- /dev/null +++ b/bin/deluge-tunnel.sh @@ -0,0 +1,7 @@ +#!/bin/sh +ssh -N \ + -D *:1080 \ + -L *:58846:127.0.0.1:58846 \ + -L *:8112:127.0.0.1:8112 \ + yerevak + diff --git a/bin/docker-calibre.sh b/bin/docker-calibre.sh new file mode 100755 index 0000000..0446296 --- /dev/null +++ b/bin/docker-calibre.sh @@ -0,0 +1,8 @@ +sudo docker create \ + --name=calibre --restart=always \ + -v /srv/calibre/books:/books \ + -v /srv/calibre/config:/calibre-web/config \ + -v /etc/localtime:/etc/localtime:ro \ + -e PGID=33 -e PUID=33 -p 8095:8083 \ + technosoft2000/calibre-web + diff --git a/bin/docker-gerbera.sh b/bin/docker-gerbera.sh new file mode 100755 index 0000000..504dac1 --- /dev/null +++ b/bin/docker-gerbera.sh @@ -0,0 +1,13 @@ +docker run \ + -d \ + --net=host \ + --name gerbera \ + --hostname gerbera \ + --restart always \ + --volume /srv/gerbera/config:/root/.config \ + --volume /srv/gerbera/music:/mnt/music \ + --volume /srv/gerbera/video:/mnt/video \ + --volume /mnt/hdd2/public/movies:/mnt/hdd_video \ + --volume /mnt/hdd/public/music:/mnt/hdd_music \ + gerbera/gerbera + diff --git a/bin/docker-gitlab.sh b/bin/docker-gitlab.sh new file mode 100755 index 0000000..e69721a --- /dev/null +++ b/bin/docker-gitlab.sh @@ -0,0 +1,12 @@ +sudo docker run --detach \ + --name gitlab \ + --hostname gitlab \ + --env GITLAB_OMNIBUS_CONFIG="external_url 'http://gitlab.vostan.org/'; gitlab_rails['lfs_enabled'] = true; gitlab_rails['gitlab_signin_enabled'] = false;" \ + --publish 8443:443 \ + --publish 8080:80 \ + --publish 8022:22 \ + --restart always \ + --volume /srv/gitlab/config:/etc/gitlab \ + --volume /srv/gitlab/logs:/var/log/gitlab \ + --volume /srv/gitlab/data:/var/opt/gitlab \ + gitlab/gitlab-ce:latest diff --git a/bin/docker-nextcloud.sh b/bin/docker-nextcloud.sh new file mode 100755 index 0000000..b1b1bdb --- /dev/null +++ b/bin/docker-nextcloud.sh @@ -0,0 +1,7 @@ +sudo docker run \ + --name nextcloud \ + -d \ + --publish 8090:80 \ + --restart always \ + --volume /srv/nextcloud:/var/www/html \ + nextcloud diff --git a/bin/lsync.sh b/bin/lsync.sh new file mode 100755 index 0000000..c9fe0d7 --- /dev/null +++ b/bin/lsync.sh @@ -0,0 +1 @@ +rsync -av --progress --inplace --append-verify --remove-source-files -e "ssh -p 24" /mnt/ssd/deluge/done/$1 lusntag.vostan.org:/mnt/home/vahagn/tmp/tmp diff --git a/bin/lusntag.socks5.bat b/bin/lusntag.socks5.bat new file mode 100644 index 0000000..c79899b Binary files /dev/null and b/bin/lusntag.socks5.bat differ diff --git a/bin/lusntag.socks5.ps1 b/bin/lusntag.socks5.ps1 new file mode 100644 index 0000000..c79899b Binary files /dev/null and b/bin/lusntag.socks5.ps1 differ diff --git a/bin/lusntag.socks5.sh b/bin/lusntag.socks5.sh new file mode 100644 index 0000000..c79899b Binary files /dev/null and b/bin/lusntag.socks5.sh differ diff --git a/bin/rtorrent.sh b/bin/rtorrent.sh new file mode 100755 index 0000000..1e00805 --- /dev/null +++ b/bin/rtorrent.sh @@ -0,0 +1,3 @@ +#!/bin/sh +sudo ip netns exec soghancq sudo -u vahagn rtorrent -o http_capath=/etc/ssl/certs + diff --git a/bin/socks5-hrat.sh b/bin/socks5-hrat.sh new file mode 100755 index 0000000..3dc7854 --- /dev/null +++ b/bin/socks5-hrat.sh @@ -0,0 +1,3 @@ +#!/bin/sh +ssh -D 192.168.0.4:1085 127.0.0.1 -N + diff --git a/bin/socks5-yerevak.sh b/bin/socks5-yerevak.sh new file mode 100755 index 0000000..eec360b --- /dev/null +++ b/bin/socks5-yerevak.sh @@ -0,0 +1,3 @@ +#!/bin/sh +ssh -N -D 192.168.0.4:1080 yerevak + diff --git a/bin/suspend.sh b/bin/suspend.sh new file mode 100755 index 0000000..ee09429 --- /dev/null +++ b/bin/suspend.sh @@ -0,0 +1 @@ +sudo systemctl suspend diff --git a/bin/upload.ready.deluge.sh b/bin/upload.ready.deluge.sh new file mode 100755 index 0000000..8a17ca0 --- /dev/null +++ b/bin/upload.ready.deluge.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -x +if [ "$1" != "no-progress" ]; then + PROG=--progress +else + shift +fi +if [ ! -z "$*" ]; then + for i in "$@"; do + /usr/bin/rsync -av --inplace --progress --append-verify "/mnt/ssd/deluge/done/$i" "hrat:tmp/tmp/done/" + done +else + /usr/bin/rsync -av --inplace --append-verify $PROG /mnt/ssd/deluge/done hrat:tmp/tmp +fi + + diff --git a/bin/yerevak.socks5.ps1 b/bin/yerevak.socks5.ps1 new file mode 100644 index 0000000..ca2bb53 Binary files /dev/null and b/bin/yerevak.socks5.ps1 differ diff --git a/bin/yerevak_download.sh b/bin/yerevak_download.sh new file mode 100755 index 0000000..c9f4471 --- /dev/null +++ b/bin/yerevak_download.sh @@ -0,0 +1 @@ + rsync -av --progress -e "ssh -p 24" yerevak.vostan.org:/mnt/ssd/deluge/done/$1 $2 diff --git a/docker/docker-calibre.sh b/docker/docker-calibre.sh new file mode 100755 index 0000000..0446296 --- /dev/null +++ b/docker/docker-calibre.sh @@ -0,0 +1,8 @@ +sudo docker create \ + --name=calibre --restart=always \ + -v /srv/calibre/books:/books \ + -v /srv/calibre/config:/calibre-web/config \ + -v /etc/localtime:/etc/localtime:ro \ + -e PGID=33 -e PUID=33 -p 8095:8083 \ + technosoft2000/calibre-web + diff --git a/docker/gerbera/docker-compose.yml b/docker/gerbera/docker-compose.yml new file mode 100644 index 0000000..ff41ced --- /dev/null +++ b/docker/gerbera/docker-compose.yml @@ -0,0 +1,18 @@ +version: '2' + + +services: + gerbera: + hostname: gerbera + image: gerbera/gerbera:latest + network_mode: host + volumes: + - gerbera:/root/.config + - /srv/gerbera/music:/music + - /srv/gerbera/cached:/cached/cartoons + - /mnt/hdd2_2/movies:/video/movies + - /home/vahagn/tmp/tmp/done:/newvideo/new + restart: always + +volumes: + gerbera: diff --git a/docker/gitea/docker-compose.yml b/docker/gitea/docker-compose.yml new file mode 100644 index 0000000..6529e7e --- /dev/null +++ b/docker/gitea/docker-compose.yml @@ -0,0 +1,27 @@ +version: "3" + +networks: + gitea: + external: false + +services: + server: + image: gitea/gitea:1.12.6 + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + restart: always + networks: + - gitea + volumes: + - gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3000:3000" + - "222:22" + +volumes: + gitea: + diff --git a/docker/nextcloud/docker-compose.yml b/docker/nextcloud/docker-compose.yml new file mode 100644 index 0000000..3eae39d --- /dev/null +++ b/docker/nextcloud/docker-compose.yml @@ -0,0 +1,50 @@ +version: '2' + +services: + nextcloud: + image: nextcloud:20 + ports: + - 8092:80 + volumes: + - /srv/nextcloud:/var/www/html + restart: always + links: + - db + + db: + image: postgres + restart: always + volumes: + - db:/var/lib/postgresql/data + environment: + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=nextcloud123 + + app: + image: nextcloud:20-fpm-alpine + restart: always + volumes: + - nextcloud:/var/www/html + links: + - db + depends_on: + - db + + web: + image: nginx:alpine + restart: always + ports: + #- 8090:80 + - 8090:80 + links: + - app + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf:ro + - nextcloud:/var/www/html:ro + +volumes: + db: + nextcloud: + + diff --git a/docker/nextcloud/nginx.conf b/docker/nextcloud/nginx.conf new file mode 100644 index 0000000..9fc3e28 --- /dev/null +++ b/docker/nextcloud/nginx.conf @@ -0,0 +1,173 @@ +worker_processes auto; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + real_ip_header X-Real-IP; + + #gzip on; + + upstream php-handler { + server app:9000; + } + + server { + listen 80; + + # Add headers to serve security related headers + # Before enabling Strict-Transport-Security headers please read into this + # topic first. + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # The following 2 rules are only needed for the user_webfinger app. + # Uncomment it if you're planning to use this app. + #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + + # The following rule is only needed for the Social app. + # Uncomment it if you're planning to use this app. + #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; + + location = /.well-known/carddav { + return 301 $scheme://$host:$server_port/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host:$server_port/remote.php/dav; + } + + # set max upload size + client_max_body_size 10G; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Uncomment if your server is build with the ngx_pagespeed module + # This module is currently not supported. + #pagespeed off; + + location / { + rewrite ^ /index.php; + } + + location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { + deny all; + } + location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { + fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + # fastcgi_param HTTPS on; + + # Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + + # Enable pretty urls + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { + try_files $uri/ =404; + index index.php; + } + + # Adding the cache control header for js, css and map files + # Make sure it is BELOW the PHP block + location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; + # Add headers to serve security related headers (It is intended to + # have those duplicated to the ones above) + # Before enabling Strict-Transport-Security headers please read into + # this topic first. + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Optional: Don't log access to assets + access_log off; + } + + location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { + try_files $uri /index.php$request_uri; + # Optional: Don't log access to other assets + access_log off; + } + } +} diff --git a/motd/hrat.motd b/motd/hrat.motd new file mode 100644 index 0000000..ab72707 --- /dev/null +++ b/motd/hrat.motd @@ -0,0 +1,7 @@ + __ + \ \ _____ _ _ _ _ ____ + / / / _ | | | | | | | / _ \ + / /___| | |_| |_| |_| | |_| | | | + (______| | \________/\_____/ |_| + |_| + diff --git a/motd/lusntag.motd b/motd/lusntag.motd new file mode 100644 index 0000000..d368dd7 --- /dev/null +++ b/motd/lusntag.motd @@ -0,0 +1,7 @@ + _ _ + | | ____ _ |_\_ ___ _ _ _ ___ + | | / _ \ _ | | | | | __/ _ \| | | | | |/ _ \ + | |__| | | | |_| |_| | |_) | |/) / |_| | | | (_) |_ + \____|_| |_|___,\___/ \___/| |\_/\_________/\__ _| + |_| |_| + diff --git a/motd/yerevak.motd b/motd/yerevak.motd new file mode 100644 index 0000000..83cc486 --- /dev/null +++ b/motd/yerevak.motd @@ -0,0 +1,9 @@ + + _ _ _ + | |__ ____ | |_ _ _ _| | + | __|_/ _ \| _|_ _ | | | | | | | _ + | |__| | | |_| |_| | |_| |_| |_| | |_| | + \____/| | \____/\___\_______ _/\__ | + |_| |_| + + diff --git a/service/ssh_lusntag.service b/service/ssh_lusntag.service new file mode 100644 index 0000000..54d4eaf --- /dev/null +++ b/service/ssh_lusntag.service @@ -0,0 +1,20 @@ +[Unit] +#SourcePath=/etc/init.d/rpcbind +Description=SSH lusntag.vostan.org +#DefaultDependencies=no +Before=shutdown.target +After=network-online.target local-fs.target +Wants=network-online.target +Conflicts=shutdown.target + +[Service] +Type=simple +User=vahagn +Group=vahagn +Restart=always +RestartSec=5s +WorkingDirectory=/tmp +ExecStart=/usr/bin/ssh -N -R *:8022:127.0.0.1:22 -R *:58846:127.0.0.1:58846 -R *:8112:127.0.0.1:8112 -p 8080 -i /home/vahagn/.ssh/id_rsa vahagn@lusntag.vostan.org + +[Install] +WantedBy=multi-user.target diff --git a/service/ssh_socks5.service b/service/ssh_socks5.service new file mode 100644 index 0000000..d144bc9 --- /dev/null +++ b/service/ssh_socks5.service @@ -0,0 +1,20 @@ +[Unit] +#SourcePath=/etc/init.d/rpcbind +Description=Local SOCKS5 +#DefaultDependencies=no +Before=shutdown.target +After=network-online.target local-fs.target +Wants=network-online.target +Conflicts=shutdown.target + +[Service] +Type=simple +User=vahagn +Group=vahagn +Restart=always +RestartSec=1s +WorkingDirectory=/tmp +ExecStart=/usr/bin/ssh -N -D 0.0.0.0:1080 -i /home/vahagn/.ssh/id_rsa vahagn@127.0.0.1 + +[Install] +WantedBy=multi-user.target diff --git a/service/ssh_yerevak.service b/service/ssh_yerevak.service new file mode 100644 index 0000000..1ab606d --- /dev/null +++ b/service/ssh_yerevak.service @@ -0,0 +1,20 @@ +[Unit] +#SourcePath=/etc/init.d/rpcbind +Description=SSH lusntag.vostan.org +#DefaultDependencies=no +Before=shutdown.target +After=network-online.target local-fs.target +Wants=network-online.target +Conflicts=shutdown.target + +[Service] +Type=simple +User=vahagn +Group=vahagn +Restart=always +RestartSec=5s +WorkingDirectory=/tmp +ExecStart=/usr/bin/ssh -N -R *:8022:127.0.0.1:22 -p 24 -i /home/vahagn/.ssh/id_rsa vahagn@yerevak.vostan.org + +[Install] +WantedBy=multi-user.target diff --git a/service/tun2socks.service b/service/tun2socks.service new file mode 100644 index 0000000..d5d4ef0 --- /dev/null +++ b/service/tun2socks.service @@ -0,0 +1,20 @@ +# Automatically generated by systemd-sysv-generator + +[Unit] +Description=tun0 to SOCKS5 tunel +Before=shutdown.target +After=network-online.target local-fs.target +Wants=network-online.target ssh_socks5.service +Conflicts=shutdown.target + +[Service] +Type=simple +Restart=always +GuessMainPID=no +RemainAfterExit=yes +WorkingDirectory=/tmp +ExecStartPre=/usr/local/sbin/tun2socks_pre.sh +ExecStart=/sbin/ip netns exec soghancq /usr/local/sbin/tun2socks --tundev tun0 --netif-ipaddr 10.0.0.2 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:1080 --udpgw-remote-server-addr 127.0.0.1:7300 + +[Install] +WantedBy=multi-user.target diff --git a/service/tun2socks_pre.sh b/service/tun2socks_pre.sh new file mode 100644 index 0000000..51b9195 --- /dev/null +++ b/service/tun2socks_pre.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +NETNS=soghancq +IP=/sbin/ip +NS="$IP netns exec $NETNS" + +# +# Set ip forwarding. +# Do it from /ete/sysctl.conf +#sysctl -w net.ipv4.ip_forward=1 + +# +# Create network namesapce. +# +$IP netns add $NETNS + +# +# Peer to peer to default namespace. +# +$IP link add veth0 type veth peer name veth1 +$IP addr add 10.1.1.1/30 dev veth0 +$IP link set veth0 up + +$IP link set veth1 netns $NETNS +$NS $IP addr add 10.1.1.2/30 dev veth1 +$NS $IP link set veth1 up +$NS $IP route add 127.0.0.0/24 via 10.1.1.1 metric 5 +$NS $IP route add 192.168.0.0/24 via 10.1.1.1 metric 5 +#$NS $IP route add 8.8.8.8 via 10.1.1.1 metric 5 + +# +# Configure tun0 which goes through socks5. +# +$NS $IP tuntap add dev tun0 mode tun user root +$IP link set tun0 netns $NETNS +$NS $IP addr add 10.0.0.1/24 dev tun0 +$NS $IP link set dev tun0 up +$NS $IP route add default via 10.0.0.2 metric 6 +#$NS /usr/local/sbin/tun2socks \ +# --tundev tun0 \ +# --netif-ipaddr 10.0.0.2 \ +# --netif-netmask 255.255.255.0 \ +# --socks-server-addr 127.0.0.1:1080 \ +# --udpgw-remote-server-addr 127.0.0.1:7300 & + diff --git a/yerevak/.ssh/config b/yerevak/.ssh/config new file mode 100644 index 0000000..61b40ed --- /dev/null +++ b/yerevak/.ssh/config @@ -0,0 +1,24 @@ +# Note that value for 'User' must be 'git'. + +Host lusntag + HostName lusntag.vostan.org + Port 8080 + PreferredAuthentications publickey + IdentityFile ~/.ssh/id_rsa + User vahagn + +Host yerevak + HostName yerevak.vostan.org + Port 24 + PreferredAuthentications publickey + IdentityFile ~/.ssh/id_rsa + User vahagn + + +Host hrat + HostName 192.168.0.4 + PreferredAuthentications publickey + IdentityFile ~/.ssh/id_rsa + User vahagn + ProxyCommand=ssh -W %h:%p lusntag +