add generator script

diyvpn.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+set -xeuo pipefail
+
+opdir="$1"
+
+common_ssh_cfg_path="$HOME/diyvpn_sshconfig"
+diyvpn_cfg="$HOME/.config/diyvpn/servers"
+
+generate() {
+		local cfgpath opdir name server_ssh_cfg idle_timeout listen_port
+		cfgpath="$1"
+		opdir="$2"
+		name=$(basename "$cfgpath")
+		server_ssh_cfg="$cfgpath"/ssh_config # TODO validate
+		source "$cfgpath/config.rc"
+
+		idle_timeout="${IDLE_TIMEOUT:-10min}"
+		listen_port="${LISTEN_PORT:?LISTEN_PORT should be set}"
+
+		cat > "$opdir/diyvpnssh-$name.service" <<-EOF
+		[Unit]
+		Description=ssh to $name
+		StopWhenUnneeded=yes
+
+		[Service]
+		Type=notify
+		NotifyAccess=all
+
+		Restart=no # TODO change to yes
+		RuntimeDirectory=diyvpn-$name
+		Environment=SSH_CFG_PATH=$server_ssh_cfg
+		ExecStart=ssh -F $common_ssh_cfg_path  default
+		EOF
+
+		cat > "$opdir/diyvpnact-$name.service" <<-EOF
+		[Unit]
+		Requires=diyvpnssh-$name.service
+		After=diyvpnssh-$name.service
+		BindsTo=diyvpnssh-$name.service
+
+		[Service]
+		ExecStart=/usr/lib/systemd/systemd-socket-proxyd --exit-idle-time=$idle_timeout %t/diyvpn-$name/sock
+		EOF
+
+		cat > "$opdir/diyvpnact-$name.socket" <<-EOF
+		[Unit]
+		Description=Socket activation for diyvpn
+
+		[Socket]
+		ListenStream=$listen_port
+
+		[Install]
+		WantedBy=sockets.target
+		EOF
+}
+
+for server in "$diyvpn_cfg"/*
+do
+		(generate "$server" "$opdir")
+done

diyvpn_sshconfig

@@ -0,0 +1,15 @@
+Include ${SSH_CFG_PATH}
+Host default
+    IdentitiesOnly yes
+    StreamLocalBindMask 0111 # TODO: check this
+    StreamLocalBindUnlink yes
+    DynamicForward ${RUNTIME_DIRECTORY}/sock
+    SessionType none
+    ExitOnForwardFailure yes
+    ServerAliveInterval 60
+    StrictHostKeyChecking accept-new
+    PermitLocalCommand yes
+    LocalCommand systemd-notify --ready
+    LogLevel VERBOSE
+
+# vim: set filetype=sshconfig: