diff --git a/diyvpn.sh b/diyvpn.sh new file mode 100644 index 0000000..eae991a --- /dev/null +++ b/diyvpn.sh @@ -0,0 +1,60 @@ +#!/bin/bash +set -xeuo pipefail + +opdir="$1" + +common_ssh_cfg_path="$HOME/diyvpn_sshconfig" +diyvpn_cfg="$HOME/.config/diyvpn/servers" + +generate() { + local cfgpath opdir name server_ssh_cfg idle_timeout listen_port + cfgpath="$1" + opdir="$2" + name=$(basename "$cfgpath") + server_ssh_cfg="$cfgpath"/ssh_config # TODO validate + source "$cfgpath/config.rc" + + idle_timeout="${IDLE_TIMEOUT:-10min}" + listen_port="${LISTEN_PORT:?LISTEN_PORT should be set}" + + cat > "$opdir/diyvpnssh-$name.service" <<-EOF + [Unit] + Description=ssh to $name + StopWhenUnneeded=yes + + [Service] + Type=notify + NotifyAccess=all + + Restart=no # TODO change to yes + RuntimeDirectory=diyvpn-$name + Environment=SSH_CFG_PATH=$server_ssh_cfg + ExecStart=ssh -F $common_ssh_cfg_path default + EOF + + cat > "$opdir/diyvpnact-$name.service" <<-EOF + [Unit] + Requires=diyvpnssh-$name.service + After=diyvpnssh-$name.service + BindsTo=diyvpnssh-$name.service + + [Service] + ExecStart=/usr/lib/systemd/systemd-socket-proxyd --exit-idle-time=$idle_timeout %t/diyvpn-$name/sock + EOF + + cat > "$opdir/diyvpnact-$name.socket" <<-EOF + [Unit] + Description=Socket activation for diyvpn + + [Socket] + ListenStream=$listen_port + + [Install] + WantedBy=sockets.target + EOF +} + +for server in "$diyvpn_cfg"/* +do + (generate "$server" "$opdir") +done diff --git a/diyvpn_sshconfig b/diyvpn_sshconfig new file mode 100644 index 0000000..c83f156 --- /dev/null +++ b/diyvpn_sshconfig @@ -0,0 +1,15 @@ +Include ${SSH_CFG_PATH} +Host default + IdentitiesOnly yes + StreamLocalBindMask 0111 # TODO: check this + StreamLocalBindUnlink yes + DynamicForward ${RUNTIME_DIRECTORY}/sock + SessionType none + ExitOnForwardFailure yes + ServerAliveInterval 60 + StrictHostKeyChecking accept-new + PermitLocalCommand yes + LocalCommand systemd-notify --ready + LogLevel VERBOSE + +# vim: set filetype=sshconfig: