Merge branch 'haproxy'

.gitignore

@@ -118,3 +118,4 @@ certs
 # babeld-reload.conf.j2
 
 __pycache__
+*.pyc

ansible/configure.yaml

@@ -144,6 +144,12 @@
         dest: '{{ansible_user_dir}}/nextgen-network/services/babeld.conf'
       #notify: restart_babeld
       when: not noBird and not systemBird
+    - name: gost.json
+      copy:
+        content: '{{gostConfig | to_nice_json}}'
+        dest: '{{ansible_user_dir}}/nextgen-network/services/gost.json'
+      notify: restart_gost
+      when: installGost
     - name: monitor route plans
       template:
         src: route-plans.j2
@@ -231,6 +237,13 @@
         services:
           - ocserv
       when: not noBird
+    - name: restart_gost
+      docker_compose:
+        project_src: '{{ansible_user_dir}}/nextgen-network/services'
+        restarted: true
+        services:
+          - gost
+      when: installGost
     - name: restart_openconnect
       docker_compose:
         project_src: '{{ansible_user_dir}}/nextgen-network/services'

ansible/route-plans.j2

+# force reload 8.5
 declare -A ROUTE_PLANS=(
 {% for plan in routePlans %}
 	[{{plan.destMark}}]="{{plan.addressesString}}"

ansible/scripts/global-postup.sh.j2

@@ -34,6 +34,9 @@ $IPTABLES_EXEC -t mangle -A PREROUTING -m mark --mark 0x0 ! -p ospf -m set ! --m
 
 $IPTABLES_EXEC -t mangle -I OUTPUT -m mark ! --mark 0 -j RETURN
 
+$IPTABLES_EXEC -t nat -N NEXTGEN_SWITCH
+$IPTABLES_EXEC -t nat -A PREROUTING -j NEXTGEN_SWITCH
+
 # switch rules
 {{ansible_user_dir}}/nextgen-network/scripts/switch-rules-up.sh
 

ansible/scripts/switch-rules-down.sh.j2

@@ -2,6 +2,7 @@
 source {{ansible_user_dir}}/nextgen-network/scripts/utility.sh
 
 iptables -t mangle -F NEXTGEN_SWITCH
+iptables -t nat -F NEXTGEN_SWITCH
 
 ## restore mark
 {% for plan in routePlans %}

ansible/scripts/switch-rules-up.sh.j2

 #!/bin/bash
-## reloaded at 6.24
+## reloaded at 8.13
 source {{ansible_user_dir}}/nextgen-network/scripts/utility.sh
 
 ## route plans
@@ -12,11 +12,14 @@ restore_mark_switch -A {{plan.destMark}}
 
 ## local gateways
 {% for gw in gateways %}
+{% if not gw.hidden %}
 {% if gw.selectionMark > 0 %}
 interface_switch_china -A u_{{gw.isp}}_china {{gw.selectionMark}}
 interface_switch_oversea -A u_{{gw.isp}}_oversea {{gw.selectionMark}}
 restore_mark_switch -A {{gw.selectionMark}}
 {% endif %}
+interface_switch_redirect -A {{gw.selectionMark}} {{gw.redirectPort}}
+{% endif %}
 {% endfor %}
 
 true

ansible/scripts/utility.sh.j2

@@ -67,3 +67,10 @@ interface_switch_oversea() {
   ipset create "$IPSET" hash:net maxelem 1000000 || true
   $IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark 0 -m set --match-set "$IPSET" src -m set ! --match-set mycard dst -m set --match-set chnrouter dst -j CONNMARK --set-xmark "$MARK"
 }
+
+interface_switch_redirect() {
+  OPTION=$1
+  MARK=$2
+  REDIR_PORT=$3
+  $IPTABLES_EXEC -t nat "$OPTION" NEXTGEN_SWITCH -m mark --mark $MARK -m set --match-set mycard src -m set ! --match-set mycard dst -p tcp -m multiport --dports 80,443,21,22,23,8080,8443 -j DNAT --to-destination {{address}}:$REDIR_PORT
+}

config-with-proxy.sh

 #!/bin/bash
 LADDER="jue"
 ssh root@10.198.1.1 -p 55322 ipset add u_${LADDER}_oversea 10.198.1.57
-#ssh nanahira@10.198.0.6 sudo ipset add u_${LADDER}_oversea 10.198.1.57
+ssh nanahira@10.198.0.6 sudo ipset add u_${LADDER}_oversea 10.198.1.57
 ./config.sh
 ssh root@10.198.1.1 -p 55322 ipset del u_${LADDER}_oversea 10.198.1.57
-#ssh nanahira@10.198.0.6 sudo ipset del u_${LADDER}_oversea 10.198.1.57
+ssh nanahira@10.198.0.6 sudo ipset del u_${LADDER}_oversea 10.198.1.57

lists/special.txt

 0.0.0.0/8
-1.1.1.0/24
 1.0.0.0/24
-8.8.8.0/24
-8.8.4.0/24
 10.0.0.0/7
 100.64.0.0/10
 127.0.0.0/8

src/inventory.ts

@@ -27,6 +27,18 @@ interface GatewayGroup extends Record<string, any> {
   destMark: number;
 }
 
+interface GostRoute {
+  Retries?: string;
+  ServeNodes: string[];
+  ChainNodes?: string[];
+  Mark?: number
+}
+
+interface GostConfig extends Partial<GostRoute> {
+  Routes: GostRoute[];
+  Debug?: boolean;
+}
+
 type CommonEntry = Record<string, any>;
 
 class InventoryBuilder {
@@ -47,7 +59,7 @@ class InventoryBuilder {
     this.resolver.setServers(process.env.DNS ? [process.env.DNS] : ['114.114.114.114', '223.5.5.5']);
   }
 
-  getDockerImageTag(host: any) {
+  getDockerImageTag(host: CommonEntry) {
     if (host.arch && host.arch.length) {
       return `:master-${host.arch}`;
     } else {
@@ -90,11 +102,13 @@ class InventoryBuilder {
     const gateways = await this.load('gateways2');
     for (let gateway of gateways) {
       gateway.isCN = this.hosts[gateway.router] && this.hosts[gateway.router].location.startsWith('CN');
+      gateway.hidden = !!gateway.hidden;
       if (gateway.mark) {
         gateway.selectionMark = gateway.mark + 50;
+        gateway.redirectPort = gateway.mark + 60000;
       } else {
-        gateway.mark = 0;
         gateway.selectionMark = 0;
+        gateway.redirectPort = 60100;
       }
     }
     return gateways;
@@ -126,7 +140,7 @@ class InventoryBuilder {
       this.linksLimit = process.env.LIMIT_LINKS.split(",");
     }
     this.vars = await this.loadUtilities();
-    const inventoryValue = { wg: {hosts: Object.fromEntries(Object.values(this.hosts).map(host => [host.name, this.getHostConnectionInfo(host)]))} };
+    const inventoryValue = { wg: { hosts: Object.fromEntries(Object.values(this.hosts).map(host => [host.name, this.getHostConnectionInfo(host)])) } };
     await fs.promises.writeFile('result/inventory.yaml', YAML.stringify(inventoryValue));
     // console.log(Object.values(this.hosts));
     const hosts = await Promise.all(Object.values(this.hosts).map(async (h) => ({
@@ -172,7 +186,7 @@ class InventoryBuilder {
     }
     return addresses.join(" ");
   }
-  isGatewayGroupContains(gatewayGroup: GatewayGroup, host: any) {
+  isGatewayGroupContains(gatewayGroup: GatewayGroup, host: CommonEntry) {
     const locationPrefixes = gatewayGroup.locationPrefix.split(",");
     const excludeRouters = gatewayGroup.excludeRouters.split(",");
     const includeRouters = gatewayGroup.includeRouters.split(",");
@@ -194,11 +208,11 @@ class InventoryBuilder {
     }
     return false;
   }
-  getAddressesFromGatewayGroup(gatewayGroup: GatewayGroup, hosts: any[]) {
+  getAddressesFromGatewayGroup(gatewayGroup: GatewayGroup, hosts: CommonEntry[]) {
     const suitableHosts = hosts.filter(host => this.isGatewayGroupContains(gatewayGroup, host));
     return suitableHosts.map(host => host.address);
   }
-  getRoutePlansFromGatewayGroups(host: any) {
+  getRoutePlansFromGatewayGroups(host: CommonEntry) {
     const allOtherHosts = Object.values(this.hosts).filter(h => h !== host.name)
     const routePlans = this.gatewayGroups.filter(group => !this.isGatewayGroupContains(group, host)).map(group => {
       const addresses = this.getAddressesFromGatewayGroup(group, allOtherHosts);
@@ -212,7 +226,7 @@ class InventoryBuilder {
     return routePlans;
   }
 
-  getHostConnectionInfo(host) {
+  getHostConnectionInfo(host: CommonEntry) {
     return {
       ansible_ssh_host: host.host,
       ansible_ssh_user: host.user,
@@ -223,7 +237,7 @@ class InventoryBuilder {
     }
   }
 
-  async host_vars(host) {
+  async host_vars(host: CommonEntry) {
     const connections = [];
     host.dockerServices = {
       version: '2.4',
@@ -248,6 +262,26 @@ class InventoryBuilder {
         volumes: ['./babeld.conf:/etc/babeld.conf:ro']
       };
     }
+
+    const gostConfig: GostConfig = {
+      Routes: Object.values(this.gateways[host.name]).filter(gateway => !gateway.hidden).map(gateway => ({
+        ServeNodes: [`red://${host.address}:${gateway.redirectPort}`],
+        Mark: gateway.selectionMark as number,
+      }))
+    };
+
+    if (gostConfig.Routes.length) {
+      host.gostConfig = gostConfig;
+      host.dockerServices.services.gost = {
+        restart: 'always',
+        image: `git-registry.mycard.moe/nanahira/gost${this.getDockerImageTag(host)}`,
+        network_mode: 'host',
+        privileged: true,
+        volumes: ['./gost.json:/etc/gost/gost.json:ro'],
+        command: '-C /etc/gost/gost.json'
+      };
+    }
+    
     host.frpcRestarts = [];
     host.ocRestarts = [];
     host.frpsNeeded = false;
@@ -290,8 +324,8 @@ class InventoryBuilder {
         });
       }
     }
-    
-    
+
+
 
     return {
       //ansible_ssh_host: host.host,
@@ -319,6 +353,8 @@ class InventoryBuilder {
       dockerServices: host.dockerServices,
       routePlans,
       iptables_type: host.iptables || 'auto',
+      gostConfig,
+      installGost: !!gostConfig,
     };
   }