first

66e7e1be · nanahira · 3d1c6a89 · 66e7e1be · 66e7e1be · 66e7e1be
Commit 66e7e1be authored Nov 05, 2020 by nanahira
Showing with 121 additions and 0 deletions

.gitlab-ci.yml .gitlab-ci.yml +43 -0

Dockerfile Dockerfile +27 -0

data/post-script.sh data/post-script.sh +25 -0

data/run.sh data/run.sh +8 -0

data/wait-daemon.sh data/wait-daemon.sh +18 -0

No files found.
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+stages:
+  - build
+  - deploy
+variables:
+  GIT_DEPTH: "1"
+  CONTAINER_TEST_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+  CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE:latest
+before_script:
+  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+build:
+  stage: build
+  tags: 
+    - docker
+  script:
+    - docker build --pull -t $CONTAINER_TEST_IMAGE .
+    - docker push $CONTAINER_TEST_IMAGE
+deploy_latest:
+  stage: deploy
+  tags: 
+    - docker
+  script:
+    - docker pull $CONTAINER_TEST_IMAGE
+    - docker tag $CONTAINER_TEST_IMAGE $CONTAINER_RELEASE_IMAGE
+    - docker push $CONTAINER_RELEASE_IMAGE
+  only:
+    - master
+deploy_tag:
+  stage: deploy
+  tags: 
+    - docker
+  variables:
+    CONTAINER_TAG_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+  script:
+    - docker pull $CONTAINER_TEST_IMAGE
+    - docker tag $CONTAINER_TEST_IMAGE $CONTAINER_TAG_IMAGE
+    - docker push $CONTAINER_TAG_IMAGE
+  only:
+    - tags
--- a/Dockerfile
+++ b/Dockerfile
+FROM debian:buster-slim
+RUN apt update && \
+	apt -y install openssh-client iptables ipset iproute2 gettext-base coreutils && \
+	rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+COPY ./data /data
+WORKDIR /data
+ENV SSH_HOST "root@1.1.1.1"
+ENV SSH_PORT 22
+ENV LOCAL_TUN_ID 1
+ENV LOCAL_TUN_ADDRESS 10.0.0.1/24
+ENV LOCAL_TUN_TABLE none
+ENV LOCAL_TUN_TABLE_2 none
+ENV LOCAL_TUN_PREF 300
+ENV LOCAL_TUN_POST_SCRIPT "echo 'local success'"
+ENV REMOTE_TUN_ID 2
+ENV REMOTE_TUN_ADDRESS 10.0.0.2/24
+ENV REMOTE_TUN_TABLE none
+ENV REMOTE_TUN_TABLE_2 none
+ENV REMOTE_TUN_PREF 300
+ENV REMOTE_TUN_POST_SCRIPT "echo 'remote success'"
+CMD [ "./run.sh" ]
--- a/data/post-script.sh
+++ b/data/post-script.sh
+#!/bin/bash
+# TUN_INTERFACE
+# TUN_ADDRESS
+# TUN_TABLE
+# TUN_TABLE_2
+# TUN_PREF
+# TUN_POST_SCRIPT
+ip link set "$TUN_INTERFACE" up
+ip addr add "$TUN_ADDRESS" dev "$TUN_INTERFACE"
+if [[ "$TUN_TABLE" != "none" ]]; then
+	ip route replace default dev "$TUN_INTERFACE" table "$TUN_TABLE";
+	ip rule del pref "$TUN_PREF" fwmark "$TUN_TABLE" lookup "$TUN_TABLE" || true;
+	ip rule add pref "$TUN_PREF" fwmark "$TUN_TABLE" lookup "$TUN_TABLE";
+	if [[ "$TUN_TABLE_2" != "none" ]]; then
+		ip rule del pref "$TUN_PREF" fwmark "$TUN_TABLE_2" lookup "$TUN_TABLE" || true;
+		ip rule add pref "$TUN_PREF" fwmark "$TUN_TABLE_2" lookup "$TUN_TABLE";
+	fi
+fi
+bash -c "$TUN_POST_SCRIPT"
+sleep infinity
--- a/data/run.sh
+++ b/data/run.sh
+#!/bin/bash
+export LOCAL_TUN_INTERFACE="tun$LOCAL_TUN_ID"
+export REMOTE_TUN_INTERFACE="tun$REMOTE_TUN_ID"
+nohup ./wait-daemon.sh &
+cat ./post-script.sh | env TUN_INTERFACE="$REMOTE_TUN_INTERFACE" TUN_ADDRESS="$REMOTE_TUN_ADDRESS" TUN_TABLE="$REMOTE_TUN_TABLE" TUN_TABLE_2="$REMOTE_TUN_TABLE_2" TUN_PREF="$REMOTE_TUN_PREF" TUN_POST_SCRIPT="$REMOTE_TUN_POST_SCRIPT" envsubst | ssh -TCw "$LOCAL_TUN_ID:$REMOTE_TUN_ID" -i "/data/ssh/id_rsa" -o StrictHostKeyChecking=no -p "$SSH_PORT" "$SSH_HOST" /bin/bash
--- a/data/wait-daemon.sh
+++ b/data/wait-daemon.sh
+#!/bin/bash
+# TUN_INTERFACE
+# TUN_ADDRESS
+# TUN_TABLE
+# TUN_TABLE_2
+# TUN_PREF
+# TUN_POST_SCRIPT
+until ip link show dev "$LOCAL_TUN_INTERFACE"
+do
+	echo "Waiting for $LOCAL_TUN_INTERFACE to be up ..."
+	sleep 1
+done
+echo "$LOCAL_TUN_INTERFACE is up. Initializing..."
+env TUN_INTERFACE="$LOCAL_TUN_INTERFACE" TUN_ADDRESS="$LOCAL_TUN_ADDRESS" TUN_TABLE="$LOCAL_TUN_TABLE" TUN_TABLE_2="$LOCAL_TUN_TABLE_2" TUN_PREF="$LOCAL_TUN_PREF" TUN_POST_SCRIPT="$LOCAL_TUN_POST_SCRIPT" ./post-script.sh