initial commit
This commit is contained in:
commit
c76d512806
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
nnss*pkg.tar.zst
|
||||
src/
|
||||
pkg/
|
||||
32
PKGBUILD
Normal file
32
PKGBUILD
Normal file
@ -0,0 +1,32 @@
|
||||
pkgname=nnss
|
||||
pkgver=0.1.0
|
||||
pkgrel=1
|
||||
pkgdesc='Network Namespace setup using SSH SOCKS proxy'
|
||||
arch=('any')
|
||||
license=('MIT')
|
||||
depends=('tun2socks')
|
||||
url="https://gitea.balki.me/balki/$pkgname"
|
||||
source=(
|
||||
nnss-ssh@.service
|
||||
nnss-tunsocks@.service
|
||||
ssh_config
|
||||
tunsocks.sh
|
||||
README.md
|
||||
tmpfiles.conf
|
||||
)
|
||||
sha256sums=('e67d279bbb82fdd5325ba2aae0e71e5ac74ce0d2e5d0c52672bf6bf7b967c1e4'
|
||||
'a3feff1f18bcff7aec4a18c724111e9ac5b761e0601df36b53e33db17db38430'
|
||||
'07db0f63afa5798501b1a85522be0840a27f291f26bc972585bc753a91f07b8c'
|
||||
'e7ea1b14390befffae07ae9fbf7ecafd41b75a740a791408949500cf16166870'
|
||||
'64fd74de73b0b6ee3a209495fb16867a4d8689380bf04550eb8228b18202247b'
|
||||
'654a3615be4eb635957a4ab33e733a1c6655225f6ff34ec8a58f6dabc9ac0d70')
|
||||
|
||||
package() {
|
||||
install -Dm 644 "${srcdir}/nnss-ssh@.service" -t "${pkgdir}/usr/lib/systemd/system"
|
||||
install -Dm 644 "${srcdir}/nnss-tunsocks@.service" -t "${pkgdir}/usr/lib/systemd/system"
|
||||
install -Dm 644 "${srcdir}/ssh_config" -t "${pkgdir}/usr/lib/nnss"
|
||||
install -Dm 755 "${srcdir}/tunsocks.sh" -t "${pkgdir}/usr/lib/nnss"
|
||||
install -Dm 644 "${srcdir}/README.md" -t "${pkgdir}/usr/share/doc/nnss"
|
||||
|
||||
install -Dm 644 "${srcdir}/tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/nnss.conf"
|
||||
}
|
||||
22
README.md
Normal file
22
README.md
Normal file
@ -0,0 +1,22 @@
|
||||
|
||||
# Network Namespace setup using SSH SOCKS proxy
|
||||
|
||||
## Creating new namespace
|
||||
|
||||
```bash
|
||||
❯ sudo mkdir /etc/nnss/vps1
|
||||
|
||||
❯ sudo tee /etc/nnss/vps1/config > /dev/null
|
||||
Hostname xx.xx.xx.xx
|
||||
User vps_user_name_here
|
||||
Port 8822 # If the ssh server is not on default port 22
|
||||
|
||||
❯ cp ~/.ssh/id_ed25519_for_vps1 /etc/nnss/vps1/privatekey
|
||||
```
|
||||
|
||||
|
||||
## Entering namespace
|
||||
|
||||
```bash
|
||||
❯ sudo systemd-run --property=NetworkNamespacePath=/run/netns/vps1ns --property=User=$USER --shell
|
||||
```
|
||||
20
nnss-ssh@.service
Normal file
20
nnss-ssh@.service
Normal file
@ -0,0 +1,20 @@
|
||||
[Unit]
|
||||
Description=Create SSH connection to %I
|
||||
After=network.target
|
||||
StopWhenUnneeded=yes
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
NotifyAccess=all
|
||||
DynamicUser=yes
|
||||
|
||||
LoadCredential=ssh:/etc/nnss/%i
|
||||
|
||||
RuntimeDirectory=nnss-%i
|
||||
StateDirectory=nnss-%i
|
||||
ExecStart=ssh -F /usr/lib/nnss/ssh_config default
|
||||
|
||||
NoNewPrivileges=yes
|
||||
CapabilityBoundingSet=
|
||||
RestrictNamespaces=true
|
||||
SystemCallFilter=@system-service
|
||||
18
nnss-tunsocks@.service
Normal file
18
nnss-tunsocks@.service
Normal file
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=Create network namespace and tun device to %I
|
||||
After=nnss-ssh@%i.service
|
||||
Requires=nnss-ssh@%i.service
|
||||
StopWhenUnneeded=yes
|
||||
|
||||
[Service]
|
||||
|
||||
Type=notify
|
||||
NotifyAccess=all
|
||||
|
||||
RuntimeDirectory=nnss-tunsocks%i
|
||||
|
||||
ExecStart=/usr/lib/nnss/tunsocks.sh "%i" setup
|
||||
ExecStop=/usr/lib/nnss/tunsocks.sh "%i" cleanup
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
17
ssh_config
Normal file
17
ssh_config
Normal file
@ -0,0 +1,17 @@
|
||||
Include ${CREDENTIALS_DIRECTORY}/ssh_config
|
||||
Host default
|
||||
IdentitiesOnly yes
|
||||
StreamLocalBindMask 0111
|
||||
StreamLocalBindUnlink yes
|
||||
DynamicForward ${RUNTIME_DIRECTORY}/sock
|
||||
SessionType none
|
||||
ExitOnForwardFailure yes
|
||||
ServerAliveInterval 60
|
||||
IdentityFile ${CREDENTIALS_DIRECTORY}/ssh_privatekey
|
||||
StrictHostKeyChecking accept-new
|
||||
UserKnownHostsFile ${STATE_DIRECTORY}/known_hosts
|
||||
PermitLocalCommand yes
|
||||
LocalCommand systemd-notify --ready
|
||||
LogLevel VERBOSE
|
||||
|
||||
# vim:filetype=sshconfig
|
||||
1
tmpfiles.conf
Normal file
1
tmpfiles.conf
Normal file
@ -0,0 +1 @@
|
||||
d /etc/nnss 0700 root root -
|
||||
39
tunsocks.sh
Executable file
39
tunsocks.sh
Executable file
@ -0,0 +1,39 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -xeuo pipefail
|
||||
|
||||
pidfile=${RUNTIME_DIRECTORY:-/tmp}/tunsocks.pid
|
||||
|
||||
nsname="$1"
|
||||
device="tun${nsname}"
|
||||
ns="${nsname}ns"
|
||||
socketpath="/run/nnss-${nsname}/sock"
|
||||
|
||||
setup()
|
||||
{
|
||||
ip tuntap add mode tun dev "$device"
|
||||
|
||||
/usr/bin/tun2socks -device "$device" -proxy "socks5://$socketpath" &
|
||||
echo "$!" > "$pidfile"
|
||||
sleep 5
|
||||
|
||||
ip netns add "$ns"
|
||||
ip link set "$device" netns "$ns"
|
||||
|
||||
ip -n "$ns" addr add 198.19.1.1/30 dev "$device"
|
||||
ip -n "$ns" link set dev "$device" up
|
||||
ip -n "$ns" route add default via 198.19.1.1 dev "$device" metric 100
|
||||
ip -n "$ns" link set lo up
|
||||
systemd-notify --ready
|
||||
wait
|
||||
}
|
||||
|
||||
cleanup()
|
||||
{
|
||||
ip tuntap del mode tun dev "$device" || true
|
||||
kill $(cat "$pidfile")
|
||||
ip -n "$ns" tuntap del mode tun dev "$device"
|
||||
ip netns del "$ns"
|
||||
}
|
||||
|
||||
$2
|
||||
Loading…
x
Reference in New Issue
Block a user