LinuxWarez
/
docker-hybrid
1
0
Форкнуть 0
Код Задачи Запросы на слияние Релизы Вики Активность

various fixes, updates to hybrid config

Этот коммит содержится в:
*****DEAD ACCOUNT 2020-12-01 21:28:34 -05:00
родитель 3929aab88d
Коммит 00de079feb
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 7AF3499CBA8E6251
25 изменённых файлов: 116 добавлений и 190 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
README.md
Просмотреть файл

@ -37,7 +37,7 @@ are provided in https://github.com/philoctetes409bc/docker-hybrid/host/README.md
### Build images
```
for x in $(ls -1 | grep hb_); do ─╯
for x in $(ls -1 | grep hb_); do
docker-compose -f $x/docker-compose.yml build;
done
```

9
config/hybrid/edge.serverhide.conf
Просмотреть файл

@ -2,4 +2,11 @@
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
.include <include/serverhide.conf>
serverhide {
disable_remote_commands = no;
flatten_links = no;
hidden = yes;
hide_servers = no;
hide_services = no;
hide_server_ips = yes;
};

15
config/hybrid/general.auth.conf
Просмотреть файл

@ -5,17 +5,6 @@
.include <hb_conf/include/auth.conf>
auth {
spoof = "b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
user = "*@198.18.70.75";
class = "bounce_oper";
flags = need_ident, exceed_limit, kline_exempt,
xline_exempt, resv_exempt, can_flood;
user = "*@*";
class = "general_users";
};
auth {
spoof = "c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
user = "*@198.18.70.34";
class = "console_admin";
flags = need_password, exceed_limit, kline_exempt,
xline_exempt, resv_exempt, can_flood, no_tilde;
};

4
config/hybrid/general.conf
Просмотреть файл

@ -1,5 +1,5 @@
/* Configuration example located at
* https://gitgeneral.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
.include <hb_conf/general.admin.conf>
@ -25,7 +25,7 @@
serverinfo {
name = "g3n3r4l.n3tw3rk.1ns3cur1ty.c0rp";
sid = "11X";
description = "n3tw3rk 1ns3cur1ty c0rp0r4t10n g3n3r4l 4cc3$$ s3rv3r";
description = "n3tw3rk 1ns3cur1ty c0rp0r4t10n";
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
network_description = "General-purpose internet relay chat network";
hub = no;

31
config/hybrid/general.oper.conf
Просмотреть файл

@ -1,28 +1,5 @@
#.include <hb_conf/include/oper.conf>
/* Configuration example located at
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
operator {
user = "*@b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
password = "password";
whois = "I'm too lame to read BitchX.doc";
class = "bounce_oper";
umodes = locops, servnotice, wallop, softcallerid, hidden,
invisible, external, debug, rej, skill, hideidle,
wallop, expiration;
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
kline, module, rehash, restart, set, unkline, unxline, xline;
};
operator {
user = "*@c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
password = "password";
whois = "I'm too lame to read BitchX.doc";
class = "console_admin";
umodes = locops, servnotice, wallop, softcallerid, hidden,
invisible, external, debug, rej, skill, hideidle,
wallop, expiration;
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
kline, module, rehash, restart, set, unkline, unxline, xline;
};
.include <hb_conf/include/oper.conf>

10
config/hybrid/general.serverhide.conf
Просмотреть файл

@ -2,4 +2,12 @@
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
.include <include/serverhide.conf>
serverhide {
disable_remote_commands = no;
flatten_links = no;
hidden = no;
hide_servers = yes;
hide_services = yes;
hidden_name = "g3n3r4l.1ns3cur1ty.io";
hide_server_ips = yes;
};

2
config/hybrid/hub.oper.conf
Просмотреть файл

@ -2,8 +2,6 @@
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
#.include <hb_conf/include/oper.conf>
operator {
name = "external_hub_operator";
user = "*@b0unc3.n3tw3rk.1ns3cur1ty.c0rp";

9
config/hybrid/hub.serverhide.conf
Просмотреть файл

@ -2,4 +2,11 @@
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
.include <include/serverhide.conf>
serverhide {
disable_remote_commands = no;
flatten_links = no;
hidden = yes;
hide_servers = no;
hide_services = no;
hide_server_ips = no;
};

4
config/hybrid/include/resv.conf
Просмотреть файл

@ -4,14 +4,14 @@
resv {
mask = "&partyline";
reason = "it's mine and you can't use it";
reason = "It's mine and you can't use it";
exempt = "*@b0unc3.*.n3tw3rk.1ns3cur1ty.c0rp";
exempt = "*@c0ns0l3.*.n3tw3rk.1ns3cur1ty.c0rp";
};
resv {
mask = "#partyline";
reason = "it's mine and you can't use it";
reason = "It's mine and you can't use it";
exempt = "*@b0unc3.*.n3tw3rk.1ns3cur1ty.c0rp";
exempt = "*@c0ns0l3.*.n3tw3rk.1ns3cur1ty.c0rp";
exempt = "*@0p3r.*.n3tw3rk.1ns3cur1ty.c0rp";

2
config/hybrid/proxy-dmz.conf
Просмотреть файл

@ -1,5 +1,5 @@
/* Configuration example located at
* https://gitproxy-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
.include <hb_conf/proxy-dmz.admin.conf>

31
config/hybrid/proxy-dmz.oper.conf
Просмотреть файл

@ -1,28 +1,5 @@
#.include <hb_conf/include/oper.conf>
/* Configuration example located at
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
operator {
user = "*@b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
password = "password";
whois = "I'm too lame to read BitchX.doc";
class = "bounce_oper";
umodes = locops, servnotice, wallop, softcallerid, hidden,
invisible, external, debug, rej, skill, hideidle,
wallop, expiration;
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
kline, module, rehash, restart, set, unkline, unxline, xline;
};
operator {
user = "*@c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
password = "password";
whois = "I'm too lame to read BitchX.doc";
class = "console_admin";
umodes = locops, servnotice, wallop, softcallerid, hidden,
invisible, external, debug, rej, skill, hideidle,
wallop, expiration;
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
kline, module, rehash, restart, set, unkline, unxline, xline;
};
.include <hb_conf/include/oper.conf>

10
config/hybrid/proxy-dmz.serverhide.conf
Просмотреть файл

@ -2,4 +2,12 @@
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
.include <include/serverhide.conf>
serverhide {
disable_remote_commands = no;
flatten_links = no;
hidden = no;
hide_servers = yes;
hide_services = yes;
hidden_name = "pr0xy-dmz.1ns3cur1ty.io";
hide_server_ips = yes;
};

16
config/hybrid/tor-dmz.auth.conf
Просмотреть файл

@ -3,19 +3,3 @@
*/
.include <hb_conf/include/auth.conf>
auth {
spoof = "b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
user = "*@198.18.70.75";
class = "bounce_oper";
flags = need_ident, exceed_limit, kline_exempt,
xline_exempt, resv_exempt, can_flood;
};
auth {
spoof = "c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
user = "*@198.18.70.34";
class = "console_admin";
flags = need_password, exceed_limit, kline_exempt,
xline_exempt, resv_exempt, can_flood, no_tilde;
};

2
config/hybrid/tor-dmz.conf
Просмотреть файл

@ -1,5 +1,5 @@
/* Configuration example located at
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
.include <hb_conf/tor-dmz.admin.conf>

31
config/hybrid/tor-dmz.oper.conf
Просмотреть файл

@ -1,28 +1,5 @@
#.include <hb_conf/include/oper.conf>
/* Configuration example located at
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
operator {
user = "*@b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
password = "password";
whois = "I'm too lame to read BitchX.doc";
class = "bounce_oper";
umodes = locops, servnotice, wallop, softcallerid, hidden,
invisible, external, debug, rej, skill, hideidle,
wallop, expiration;
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
kline, module, rehash, restart, set, unkline, unxline, xline;
};
operator {
user = "*@c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
password = "password";
whois = "I'm too lame to read BitchX.doc";
class = "console_admin";
umodes = locops, servnotice, wallop, softcallerid, hidden,
invisible, external, debug, rej, skill, hideidle,
wallop, expiration;
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
kline, module, rehash, restart, set, unkline, unxline, xline;
};
.include <hb_conf/include/oper.conf>

10
config/hybrid/tor-dmz.serverhide.conf
Просмотреть файл

@ -2,4 +2,12 @@
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
.include <include/serverhide.conf>
serverhide {
disable_remote_commands = no;
flatten_links = no;
hidden = no;
hide_servers = yes;
hide_services = yes;
hidden_name = "t0r-dmz.1ns3cur1ty.io";
hide_server_ips = yes;
};

2
config/hybrid/tor-edge.conf
Просмотреть файл

@ -1,5 +1,5 @@
/* Configuration example located at
* https://gittor-edge.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
.include <hb_conf/tor-edge.admin.conf>

30
config/hybrid/tor-edge.oper.conf
Просмотреть файл

@ -1,28 +1,6 @@
#.include <hb_conf/include/oper.conf>
/* Configuration example located at
* https://github.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
operator {
user = "*@b0unc3.n3tw3rk.1ns3cur1ty.c0rp";
password = "password";
whois = "I'm too lame to read BitchX.doc";
class = "bounce_oper";
.include <hb_conf/include/oper.conf>
umodes = locops, servnotice, wallop, softcallerid, hidden,
invisible, external, debug, rej, skill, hideidle,
wallop, expiration;
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
kline, module, rehash, restart, set, unkline, unxline, xline;
};
operator {
user = "*@c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp";
password = "password";
whois = "I'm too lame to read BitchX.doc";
class = "console_admin";
umodes = locops, servnotice, wallop, softcallerid, hidden,
invisible, external, debug, rej, skill, hideidle,
wallop, expiration;
flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
kline, module, rehash, restart, set, unkline, unxline, xline;
};

9
config/hybrid/tor-edge.serverhide.conf
Просмотреть файл

@ -2,4 +2,11 @@
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
.include <include/serverhide.conf>
serverhide {
disable_remote_commands = no;
flatten_links = no;
hidden = yes;
hide_servers = no;
hide_services = no;
hide_server_ips = yes;
};

4
config/znc/znc.conf
Просмотреть файл

@ -21,13 +21,11 @@ AnonIPLimit = 0
AltNick = g0d_
LoadModule = controlpanel
<Network n3tw3rk>
Server = 100.64.48.42 6666
Server = 100.64.64.42 6666
<Chan #partyline>
</Chan>
<Chan #>
</Chan>
<Chan &>
</Chan>
</Network>
<Pass password>

2
hb_bounce/docker-compose.yml
Просмотреть файл

@ -35,4 +35,4 @@ services:
hub:
ipv4_address: 100.64.64.43
volumes:
- ../configs/znc/znc.conf:/home/znc/.znc/configs/znc.conf:rw
- ../config/znc/znc.conf:/home/znc/.znc/configs/znc.conf:rw

8
host/README.md
Просмотреть файл

@ -44,14 +44,14 @@ Host myhub
- `ssh myhub`
### Repo
- `git clone https://github.com/philoctetes409bc/docker-hybrid.git`
- `cd docker-hybrid/host`
### Packages
- `sudo apt -y install docker.io nftables tcpdump mtr tor git python3-pip`
- `pip3 install docker-compose`
### Repo
- `git clone https://github.com/philoctetes409bc/docker-hybrid.git`
- `cd docker-hybrid/host`
### Configuration files
- `cp tor/torrc /etc/tor/torrc`
- `chattr +i /etc/tor/torrc`

34
host/nftables/nftables.exterior.rules
Просмотреть файл

@ -1,48 +1,50 @@
table ip hybrid {
chain POSTROUTING {
type nat hook postrouting priority 0; policy accept;
type nat hook postrouting priority 100; policy accept;
oifname "WAN" ip saddr 100.64.48.0/20 counter masquerade comment "masqueraded egress-routed clients";
}
chain PREROUTING {
iif "WAN" tcp dport { 6667, 6697 } counter dnat 100.64.48.10 comment "general access leaf";
type nat hook prerouting priority -100;
iif "WAN" tcp dport { 6667 6697 } counter dnat 100.64.48.10 comment "general access leaf";
iif "WAN" tcp dport { 6668, 6698 } counter dnat 100.64.48.18 comment "proxy dmz access leaf";
iif "WAN" tcp dport { 7777 } counter dnat 100.64.48.14:6667 comment "edge uplink hub";
iif "WAN" tcp dport { 7797 } counter dnat 100.64.48.14:6697 comment "TLS edge uplink hub";
iif "WAN" tcp dport { 6666 } counter dnat 100.64.48.22:6667 comment "oper bouncer";
iif "WAN" tcp dport { 6696 } counter dnat 100.64.48.22:6667 comment "TLS oper bouncer";
iif "WAN" tcp dport { 6696 } counter dnat 100.64.48.22:6697 comment "TLS oper bouncer";
}
}
table inet filter {
chain INVALID {
limit rate 2/second burst 3 packets counter log prefix "NFBAD: " comment "invalid logged";
counter drop comment "invalid dropped";
}
chain input {
chain INPUT {
type filter hook input priority 0; policy drop;
ct state invalid counter jump INVALID comment "Invalid";
iifname "lo" ip saddr 127.0.0.0/8 ip daddr 127.0.0.0/8 counter accept comment "Host loop-back";
ct state {established, related} counter accept comment "Related/Established";
tcp dport 22 counter accept comment "SSH in to host";
tcp dport 22 counter accept comment "SSH in to host";
tcp dport { 6667, 6697, 6668, 6698, 7777, 7797, 6666, 6696 } counter accept comment "IRCd ervice ports";
udp dport 53 ip saddr 100.64.48.0/20 ip daddr 100.64.48.0/20 counter accept comment "ER->Host DNS (53) UDP";
limit rate 15/second burst 3 packets counter log prefix "NF_IN: " comment "input unmatched log";
counter drop comment "input dropped";
}
chain forward {
chain FORWARD {
type filter hook forward priority 0; policy drop;
ct state invalid counter jump INVALID comment "Invalid";
ct state { established, related } accept comment "Related/Established";
ip saddr 100.64.48.0/20 ip daddr 100.64.16.0/20 counter accept comment "ER->IR";
ip saddr 100.64.0.0/20 ip daddr 100.64.16.0/20 counter accept comment "NR->IR";
ip saddr 100.64.48.0/20 ip daddr != 100.64.0.0/17 counter accept comment "ER->!partition";
limit rate 15/second burst 3 packets counter log prefix "NFFWD: " comment "forward unmatched log";
counter drop comment "forward dropped";
ct state invalid counter jump INVALID comment "Invalid";
ct state { established, related } accept comment "Related/Established";
ip saddr != 100.64.0.0/17 ip daddr 100.64.48.0/20 counter accept comment "GLOBAL->ER";
ip saddr 100.64.48.0/20 ip daddr 100.64.16.0/20 counter accept comment "ER->IR";
ip saddr 100.64.0.0/20 ip daddr 100.64.16.0/20 counter accept comment "NR->IR";
ip saddr 100.64.48.0/20 ip daddr != 100.64.0.0/17 counter accept comment "ER->!partition";
limit rate 15/second burst 3 packets counter log prefix "NFFWD: " comment "forward unmatched log";
counter drop comment "forward dropped";
}
chain output {
chain OUTPUT {
type filter hook output priority 0; policy drop;
oifname "lo" ip saddr 127.0.0.0/8 ip daddr 127.0.0.0/8 counter accept comment "Host loop-back";
ct state invalid counter jump INVALID comment "Invalid";

27
host/nftables/nftables.top_site.rules
Просмотреть файл

@ -1,20 +1,20 @@
table ip hybrid {
chain POSTROUTING {
type nat hook postrouting priority 0; policy accept;
type nat hook postrouting priority 100; policy accept;
oifname "WAN" ip saddr 100.64.48.0/20 counter masquerade comment "masqueraded egress-routed clients";
}
chain PREROUTING {
type nat hook prerouting priority -100;
}
}
table inet filter {
chain INVALID {
limit rate 2/second burst 3 packets counter log prefix "NFBAD: " comment "invalid logged";
counter drop comment "invalid dropped";
}
chain input {
chain INPUT {
type filter hook input priority 0; policy drop;
ct state invalid counter jump INVALID comment "Invalid";
iifname "lo" ip saddr 127.0.0.0/8 ip daddr 127.0.0.0/8 counter accept comment "Host loop-back";
@ -25,18 +25,19 @@ table inet filter {
counter drop comment "input dropped";
}
chain forward {
chain FORWARD {
type filter hook forward priority 0; policy drop;
ct state invalid counter jump INVALID comment "Invalid";
ct state { established, related } accept comment "Related/Established";
ip saddr 100.64.48.0/20 ip daddr 100.64.16.0/20 counter accept comment "ER->IR";
ip saddr 100.64.0.0/20 ip daddr 100.64.16.0/20 counter accept comment "NR->IR";
ip saddr 100.64.48.0/20 ip daddr != 100.64.0.0/17 counter accept comment "ER->!partition";
limit rate 15/second burst 3 packets counter log prefix "NFFWD: " comment "forward unmatched log";
counter drop comment "forward dropped";
ct state invalid counter jump INVALID comment "Invalid";
ct state { established, related } accept comment "Related/Established";
ip saddr != 100.64.0.0/17 ip daddr 100.64.48.0/20 counter accept comment "GLOBAL->ER";
ip saddr 100.64.48.0/20 ip daddr 100.64.16.0/20 counter accept comment "ER->IR";
ip saddr 100.64.0.0/20 ip daddr 100.64.16.0/20 counter accept comment "NR->IR";
ip saddr 100.64.48.0/20 ip daddr != 100.64.0.0/17 counter accept comment "ER->!partition";
limit rate 15/second burst 3 packets counter log prefix "NFFWD: " comment "forward unmatched log";
counter drop comment "forward dropped";
}
chain output {
chain OUTPUT {
type filter hook output priority 0; policy drop;
oifname "lo" ip saddr 127.0.0.0/8 ip daddr 127.0.0.0/8 counter accept comment "Host loop-back";
ct state invalid counter jump INVALID comment "Invalid";

2
host/ssh/sshd_config
Просмотреть файл

@ -1,6 +1,6 @@
Port 22
AddressFamily any
ListenAddress ::
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key