update so many things

8d504357 · nanahira · ea668061 · 8d504357 · 8d504357 · 8d504357
Commit 8d504357 authored Dec 11, 2020 by nanahira
12 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -110,6 +110,7 @@ dist
 /lists/chnroutes*
 /lists/gfwiplist*
 /lists/result.yaml
+/build

 *.retry
 *-setconf.conf.j2

--- a/ansible/bird.conf.bak
+++ b/ansible/bird.conf.bak
@@ -49,7 +49,7 @@ protocol kernel {

 {% for plan in route_plans %}
 ipv4 table {{plan.name}};
-{% for net in route_lists[plan.list] %}
+{% for net in routeLists[plan.list] %}
 protocol static {
  ipv4 {
    table {{plan.name}};

--- a/ansible/configure.yaml
+++ b/ansible/configure.yaml
 ---
 - hosts: wg
-  become: true
+  vars:
+    services: []
  tasks:
+    - name: directory
+      file:
+        path: '{{ansible_user_dir}}/nextgen-network/{{item}}'
+        state: directory
+        recurse: true
+      with_items:
+        - scripts
+        - services
+        - ipsets
    - name: post scripts
      template:
        src: scripts/{{item}}.sh.j2
-        dest: '/etc/wireguard/{{item}}.sh'
+        dest: '{{ansible_user_dir}}/nextgen-network/scripts/{{item}}.sh'
        mode: a+x
      with_items:
        - postup
        - predown
        - global-postup
-        - global-postdown
    - name: ipset files
      template:
        src: scripts/ipset.j2
-        dest: '/etc/wireguard/{{item}}.ipset'
-      with_items: '{{route_list_names}}'
+        dest: '{{ansible_user_dir}}/nextgen-network/scripts/{{item}}.ipset'
+      with_items: '{{routeListNames}}'
    - name: global-postup
-      shell: /etc/wireguard/global-postup.sh
+      become: true
+      shell: '{{ansible_user_dir}}/nextgen-network/scripts/global-postup.sh'
      args:
        creates: /tmp/mycard_global_postup_done
    - name: mycard ipset
+      become: true
      shell: 'ipset add mycard {{item}} || true'
-      with_items: '{{route_lists.mycard}}'
-    - name: 鸟配置 (Debian)
-      template:
-        src: bird.conf.j2
-        dest: '/etc/bird/bird.conf'
-      when: ansible_distribution == "Debian"
-      notify: restart_bird
-    - name: 鸟配置 (Ubuntu)
-      template:
-        src: bird.conf.j2
-        dest: '/usr/local/etc/bird.conf'
-      when: ansible_distribution == "Ubuntu"
-      notify: restart_bird
-    - name: 鸟配置 (RHEL)
-      template:
-        src: bird.conf.j2
-        dest: '/etc/bird.conf'
-      when: ansible_os_family == "RedHat"
-      notify: restart_bird
-    - name: start bird
-      systemd:
-        name: bird
-        state: started
-        enabled: yes
+      with_items: '{{routeLists.mycard}}'
+    - name: table pref 81 lookup main
+      become: true
+      shell: 'ip -4 rule add pref 81 to {{item}} lookup main || true'
 # 为了提高测试时候的性能，不改动wg的时候注释掉这段
    - name: 'clean up null connections first'
      include_tasks: 'protocols/{{item.protocol}}/configure.yaml'
@@ -60,11 +51,45 @@
        conn: '{{item}}'
      with_items: '{{ connections }}'
      when: "item.protocol != 'null'"
-    - name: 'frps'
-      include_tasks: 'protocols/wgfrp/frps.yaml'
-      when: 'frps_needed is defined'
+# end
+    - name: services conf
+      copy:
+        content: |
+          {{dockerServices | to_yaml}}
+
+        dest: '{{ansible_user_dir}}/nextgen-network/services/docker-compose.yml'
+    - name: bird conf
+      template:
+        src: bird.conf.j2
+        dest: '{{ansible_user_dir}}/nextgen-network/services/bird.conf'
+      notify: restart_bird
+    - name: frps conf
+      template:
+        src: protocols/wgfrp/frps.ini.j2
+        dest: '{{ansible_user_dir}}/nextgen-network/services/frps.ini'
+      when: frpsNeeded is defined
+      notify: restart_frps
+    - name: frpc conf
+      template:
+        src: protocols/wgfrp/frpc.ini.j2
+        dest: '{{ansible_user_dir}}/nextgen-network/services/frpc_{{item.name}}.ini'
+      with_items: '{{ connections }}'
+      when: item.type == "wgfrp" and item.frpType == "frpc"
+      notify:
+    - name: start services
+      docker_compose:
+        project_src: '{{ansible_user_dir}}/nextgen-network/services'
+        remove_orphans: true
  handlers:
    - name: restart_bird
-      systemd:
-        name: bird
-        state: reloaded
+      docker_compose:
+        project_src: '{{ansible_user_dir}}/nextgen-network/services'
+        restarted: true
+        services:
+          - bird
+    - name: restart_frps
+      docker_compose:
+        project_src: '{{ansible_user_dir}}/nextgen-network/services'
+        restarted: true
+        services:
+          - frps
--- a/ansible/protocols/wg/wg.conf.j2
+++ b/ansible/protocols/wg/wg.conf.j2
@@ -8,8 +8,8 @@ FwMark = {{conn.localGatewayMark}}

 MTU = {{conn.mtu|int - 80}}
 Table = off
-PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteNextMark={{conn.remoteNextMark}} remoteDestMark={{conn.remoteDestMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} /etc/wireguard/postup.sh
-PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteNextMark={{conn.remoteNextMark}} remoteDestMark={{conn.remoteDestMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} /etc/wireguard/predown.sh
+PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteNextMark={{conn.remoteNextMark}} remoteDestMark={{conn.remoteDestMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} {{ansible_user_dir}}/nextgen-network/scripts/postup.sh
+PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteNextMark={{conn.remoteNextMark}} remoteDestMark={{conn.remoteDestMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} {{ansible_user_dir}}/nextgen-network/scripts/predown.sh

 [Peer]
 PublicKey = {{conn.wgPublicKey}}

--- a/ansible/protocols/wgfrp/configure.yaml
+++ b/ansible/protocols/wgfrp/configure.yaml
@@ -2,27 +2,9 @@
 - name: '{{conn.name}}: frpc template'
  template:
    src: 'frpc.ini.j2'
-    dest: '/etc/frp/{{conn.name}}.ini'
+    dest: '{{ansible_user_dir}}/nextgen-network/services/frpc_{{item.name}}.ini'
  when: 'conn.frpType == "frpc"'
-  register: frpc_config_result
- name: '{{conn.name}}: start frpc'
-  systemd:
-    name: 'frpc@{{conn.name}}'
-    state: started
-    enabled: true
-  register: frpc_launch_result
-  when: 'conn.frpType == "frpc"'
- name: '{{conn.name}}: restart frpc'
-  systemd:
-    name: 'frpc@{{conn.name}}'
-    state: reloaded
-  when: 'conn.frpType == "frpc" and frpc_config_result.changed and not frpc_launch_result.changed'
-
-# frps
- name: '{{conn.name}}: register frps'
-  set_fact:
-    frps_needed: 1
-  when: 'conn.frpType == "frps"'
+  notify: restart_frpc

 # wg
 - name: '{{conn.name}}: wg conf'

--- a/ansible/protocols/wgfrp/wgfrp.conf.j2
+++ b/ansible/protocols/wgfrp/wgfrp.conf.j2
@@ -5,12 +5,12 @@ PrivateKey = {{key}}
 ListenPort = {{conn.localPort}}
 {% endif %}
 {% if conn.localGatewayMark != "" %}
-FwMark = {{conn.localGatewayMark}}
+# FwMark = {{conn.localGatewayMark}}
 {% endif %}
 MTU = {{conn.mtu|int - 80}}
 Table = off
-PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteNextMark={{conn.remoteNextMark}} remoteDestMark={{conn.remoteDestMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} /etc/wireguard/postup.sh
-PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteNextMark={{conn.remoteNextMark}} remoteDestMark={{conn.remoteDestMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} /etc/wireguard/predown.sh
+PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteNextMark={{conn.remoteNextMark}} remoteDestMark={{conn.remoteDestMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} {{ansible_user_dir}}/nextgen-network/scripts/postup.sh
+PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteNextMark={{conn.remoteNextMark}} remoteDestMark={{conn.remoteDestMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} {{ansible_user_dir}}/nextgen-network/scripts/predown.sh
 [Peer]
 PublicKey = {{conn.wgPublicKey}}
 AllowedIPs = 0.0.0.0/0, ::/0

--- a/ansible/scripts/global-postdown.sh.j2
+++ b/ansible/scripts/global-postdown.sh.j2
-#!/usr/bin/env bash
-
-# 临时梯子
-iptables -t mangle -D PREROUTING -m set --match-set ladder_needed src -m set --match-set gfwiplist dst -j MARK --set-xmark 812/0xffffffff
-
-
-rm -rf /tmp/mycard_global_postup_done
-
-exit 0
--- a/ansible/scripts/global-postup.sh.j2
+++ b/ansible/scripts/global-postup.sh.j2
 #!/usr/bin/env bash

+echo "running" > /tmp/mycard_global_postup_done
+
 # ipset
-{% for list in route_list_names %}
-ipset restore -f /etc/wireguard/{{list}}.ipset || true
+{% for list in routeListNames %}
+ipset restore -f {{ansible_user_dir}}/nextgen-network/ipsets/{{list}}.ipset || true
+{% endfor %}
+
+# ip rule
+{% for subnet in routeLists.mycard %}
+ip rule add pref 81 to {{subnet}} lookup main || true
 {% endfor %}

-# 临时梯子
-# iptables -t mangle -A PREROUTING -m set --match-set ladder_needed src -m set --match-set gfwiplist dst -j MARK --set-xmark 812/0xffffffff
+# gateway things
+{% for gateway in gateways %}

-echo 1 > /tmp/mycard_global_postup_done
+echo "finished" > /tmp/mycard_global_postup_done

 exit 0
--- a/ansible/scripts/ipset.j2
+++ b/ansible/scripts/ipset.j2
 create {{item}} hash:net family inet
-{% for subnet in route_lists[item] %}
+{% for subnet in routeLists[item] %}
 add {{item}} {{subnet}}
 {% endfor %}
--- a/package.json
+++ b/package.json
@@ -3,7 +3,8 @@
  "version": "1.0.0",
  "description": "",
  "scripts": {
-    "inventory": "node -r ts-node/register --unhandled-rejections=strict src/inventory.ts "
+    "build": "tsc",
+    "start": "node -r ts-node/register --unhandled-rejections=strict src/inventory.ts "
  },
  "dependencies": {
    "@types/lodash": "^4.14.149",

--- a/src/inventory.ts
+++ b/src/inventory.ts
@@ -11,7 +11,7 @@ class InventoryBuilder {
  hosts: { [key: string]: any };
  gateways: any;
  connections: string[];
-  route_lists: any;
+  routeLists: any;

  async load(sheetName) {
    const data = await fs.promises.readFile(path.join('data', `内网互联计划 - ${sheetName}.csv`));
@@ -21,12 +21,15 @@ class InventoryBuilder {

  async loadGateways() {
    const gateways = await this.load('gateways2');
+    for (let gateway of gateways) {
+      gateway.selectionMark = gateway.mark + 50;
+    }
    return gateways;
  }

  async main() {
    this.hosts = _.keyBy(await this.load('nextgen2'), 'name');
-    this.gateways = _.mapValues(_.groupBy(await this.loadGateways(), 'name'), g => _.keyBy(g, 'isp'));
+    this.gateways = _.mapValues(_.groupBy(await this.loadGateways(), 'router'), g => _.keyBy(g, 'isp'));
    //console.log(this.gateways);
    this.connections = _.intersection(Object.keys(this.hosts), Object.keys(_.find(this.hosts)));

@@ -43,29 +46,23 @@ class InventoryBuilder {

  async loadUtilities(hosts) {
    const raw_utility = _.keyBy(await this.load('configurations'), 'key');
-    //let route_plans = await this.load('route tables');
-    this.route_lists = YAML.parse(fs.readFileSync(path.join('lists', 'result.yaml'), "utf8"));
-    /*for (let plan of route_plans) {
-      plan.name = plan.list + "_" + plan.gateway.replace(/-/g, "_").split(".")[0]
-      //plan.list = JSON.parse(JSON.stringify(this.route_lists[plan.list]));
-      plan.gatewayAddress = hosts[plan.gateway].address;
-    }*/
+    this.routeLists = YAML.parse(fs.readFileSync(path.join('lists', 'result.yaml'), "utf8"));
    // 所有内网网段
-    this.route_lists.mycard = ["10.198.0.0/16", "10.200.0.0/15", "172.16.0.0/12"];
+    this.routeLists.mycard = ["10.198.0.0/16", "10.200.0.0/15", "172.16.0.0/12"];
    for (const h in this.hosts) {
      const host = this.hosts[h]
      for (const c of host.subnets.split(",")) {
        if (!c.length) {
          continue;
        }
-        this.route_lists.mycard.push(c);
+        this.routeLists.mycard.push(c);
      }
    }
    // temp user before gateways
-    this.route_lists.ladder_needed = raw_utility.ladderNeeded.value.split(",").map((m) => { return m.trim() });
+    this.routeLists.ladder_needed = raw_utility.ladderNeeded.value.split(",").map((m) => { return m.trim() });
    const vars = {
-      route_lists: this.route_lists,
-      route_list_names: Object.keys(this.route_lists),
+      routeLists: this.routeLists,
+      routeListNames: Object.keys(this.routeLists),
      //route_plans
    };
    for (let col in raw_utility) {
@@ -76,9 +73,21 @@ class InventoryBuilder {
  }
  host_vars(host) {
    const connections = [];
+    host.dockerServices = {
+      version: '2.4',
+      services: {
+        bird: {
+          restart: "always",
+          image: "git-registry.mycard.moe/nanahira/docker-bird",
+          network_mode: "host",
+          cap_add: ["NET_ADMIN"],
+          volumes: ["./bird.conf:/etc/bird/bird.conf:ro"]
+        }
+      }
+    };
+    host.frpsNeeded = false;
    const null_connection = "10000,null";
    const lanInterfaces = host.lanInterfaces.length > 0 ? host.lanInterfaces.split(",") : [];
-    const dns = host.dns;
    for (const h of this.connections) {
      if (h != host.name) {
        const to = host[h];
@@ -104,14 +113,12 @@ class InventoryBuilder {
      address: host.address,
      isCN: host.location.startsWith("CN"),
      key: host.wgPrivateKey,
+      frpsNeeded: host.frpsNeeded,
      frpsPort: host.frpsPort,
-      chinaMirror: host.chinaMirror,
-      //frpToken: host.frpToken,
-      //gateways: _.mapValues(this.gateways[host.name], gw => _.pick(gw, ['mark_gateway'])),
      gateways: _.values(this.gateways[host.name]),
      connections,
      lanInterfaces,
-      dns
+      dockerServices: host.dockerServices,
    };
  }

@@ -126,7 +133,7 @@ class InventoryBuilder {
    const name = `mc${!outbound ? 'i' : '-'}${remote.name}`;
    const localGatewayName = (cis ? params.lif : params.rif) || params.if;
    const localGateway = localGatewayName ? this.gateways[local.name][localGatewayName] : _.find(this.gateways[local.name]);
-    const localGatewayMark = localGatewayName ? localGateway.mark : "";
+    const localGatewayMark = localGatewayName ? localGateway.selectionMark : "";
    const remoteGatewayName = (cis ? params.rif : params.lif) || params.if;
    const remoteGateway = remoteGatewayName ? this.gateways[remote.name][remoteGatewayName] : _.find(this.gateways[remote.name]);
    //const remoteGatewayMark = remoteGatewayName ? remoteGateway.mark : undefined;
@@ -144,6 +151,27 @@ class InventoryBuilder {

    const frpType = protocol === 'wgfrp' ? (this.gatewayCompare(localGateway, remoteGateway) ? 'frps' : 'frpc') : undefined;

+    if (frpType === "frps" && !local.dockerServices.services.frps) {
+      local.frpsNeeded = true;
+      local.dockerServices.services.frps = {
+        restart: "always",
+        image: "fatedier/frps:v0.34.2",
+        network_mode: "host",
+        command: "-c /frps.ini",
+        volumes: ["./frps.ini:/frps.ini:ro"]
+      }
+    }
+
+    if (frpType === "frpc") {
+      local.dockerServices.services[`frpc_${remote.name}`] = {
+        restart: "always",
+        image: "fatedier/frpc:v0.34.2",
+        network_mode: "host",
+        command: "-c /frpc.ini",
+        volumes: [`./frpc_${remote.name}.ini:/frpc.ini:ro`]
+      }
+    }
+
    const mtu = Math.min(localGateway ? localGateway.mtu : 1500, remoteGateway ? remoteGateway.mtu : 1500);
    //console.log(local.name, name, mtu);

@@ -153,7 +181,6 @@ class InventoryBuilder {
      protocol,
      params,
      localGatewayMark,
-      //remoteGatewayMark,
      remoteNextMark,
      remoteDestMark,
      remoteAddress,

--- a/update.sh
+++ b/update.sh
@@ -8,7 +8,7 @@ set -e


 mkdir -p result
-npm run inventory
+npm start

 cd ansible || exit