mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-30 18:51:22 +00:00
destruct
This commit is contained in:
parent
c07b1ede83
commit
33d239f394
@ -1,5 +1,7 @@
|
|||||||
0.4.7 - 2023-06-00
|
0.4.7 - 2023-06-00
|
||||||
* LXCFS - report correct uptime, cpuinfo, ...
|
* LXCFS - report correct uptime, cpuinfo, ...
|
||||||
|
* geoip and /sf/share
|
||||||
|
* XPRA/SF-UI improvements
|
||||||
|
|
||||||
0.4.6 - 2023-05-08
|
0.4.6 - 2023-05-08
|
||||||
* SF-UI alpha
|
* SF-UI alpha
|
||||||
|
5
Makefile
5
Makefile
@ -26,6 +26,7 @@ FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/bin/chromium-hook"
|
|||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/code/code-hook"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/code/code-hook"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/code/bin/code-hook"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/code/bin/code-hook"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/bin/xterm-dark"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/bin/xterm-dark"
|
||||||
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/bin/xterm-dark-xpra"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/profile.d/segfault.sh"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/profile.d/segfault.sh"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/shellrc"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/shellrc"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/skel/.config/htop/htoprc"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/skel/.config/htop/htoprc"
|
||||||
@ -34,10 +35,14 @@ FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/zsh_command_not_found"
|
|||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/zsh/zshenv"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/zsh/zshenv"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/proxychains.conf"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/proxychains.conf"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/sf-motd.sh"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/sf-motd.sh"
|
||||||
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/funcs.sh"
|
||||||
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/destruct"
|
||||||
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/funcs_motd-xpra"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/sf-setup.sh"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/sf-setup.sh"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/startxvnc"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/startxvnc"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/startxweb"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/startxweb"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/startfb"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/startfb"
|
||||||
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/geoip"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/pkg-install.sh"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/pkg-install.sh"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/rc.local-example"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/rc.local-example"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/vim/vimrc.local"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/vim/vimrc.local"
|
||||||
|
@ -507,6 +507,7 @@ RUN /pkg-install.sh DEVEL pip install --break-system-packages \
|
|||||||
pyTelegramBotAPI \
|
pyTelegramBotAPI \
|
||||||
tgcrypto \
|
tgcrypto \
|
||||||
wsgidav
|
wsgidav
|
||||||
|
RUN /pkg-install.sh LARGE pipx install gdown
|
||||||
RUN /pkg-install.sh LARGE bin 'https://gitlab.com/api/v4/projects/32089582/packages/generic/geonet-rs/0.4.3/geonet_0.4.3_%arch:x86_64=amd64:DEFAULT=SKIP%.deb' `# x86_64 only` \
|
RUN /pkg-install.sh LARGE bin 'https://gitlab.com/api/v4/projects/32089582/packages/generic/geonet-rs/0.4.3/geonet_0.4.3_%arch:x86_64=amd64:DEFAULT=SKIP%.deb' `# x86_64 only` \
|
||||||
&& /pkg-install.sh MINI bash -c "{ [[ -f /usr/share/locale/locale.alias ]] && localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8; }" \
|
&& /pkg-install.sh MINI bash -c "{ [[ -f /usr/share/locale/locale.alias ]] && localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8; }" \
|
||||||
&& /pkg-install.sh DEVEL bash -c '{ arch=amd64; [[ $HOSTTYPE == "aarch64" ]] && arch=arm64; apt-get install -y --no-install-recommends linux-headers-${arch}; }'
|
&& /pkg-install.sh DEVEL bash -c '{ arch=amd64; [[ $HOSTTYPE == "aarch64" ]] && arch=arm64; apt-get install -y --no-install-recommends linux-headers-${arch}; }'
|
||||||
@ -525,6 +526,7 @@ RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
|
|||||||
cups-client \
|
cups-client \
|
||||||
byobu \
|
byobu \
|
||||||
fish \
|
fish \
|
||||||
|
parallel \
|
||||||
sshuttle
|
sshuttle
|
||||||
RUN /pkg-install.sh HUGE apt-get install -y --no-install-recommends \
|
RUN /pkg-install.sh HUGE apt-get install -y --no-install-recommends \
|
||||||
gopls \
|
gopls \
|
||||||
@ -536,6 +538,7 @@ RUN /pkg-install.sh HACK ghbin shadow1ng/fscan 'fscan_%arch:x86_64=amd64:aarch64
|
|||||||
&& /pkg-install.sh HACK ghbin 'theaog/spirit' 'spirit%arch:x86_64=:DEFAULT=SKIP%.tgz$' spirit `# x86_64 only, spirit-arm bad` \
|
&& /pkg-install.sh HACK ghbin 'theaog/spirit' 'spirit%arch:x86_64=:DEFAULT=SKIP%.tgz$' spirit `# x86_64 only, spirit-arm bad` \
|
||||||
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/tomnomnom/gf@latest; }' \
|
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/tomnomnom/gf@latest; }' \
|
||||||
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/tomnomnom/hacks/inscope@latest; }' \
|
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/tomnomnom/hacks/inscope@latest; }' \
|
||||||
|
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/Emoe/kxss@latest; }' \
|
||||||
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/Josue87/analyticsrelationships@latest; }' \
|
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/Josue87/analyticsrelationships@latest; }' \
|
||||||
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/Josue87/gotator@latest; }' \
|
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/Josue87/gotator@latest; }' \
|
||||||
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/Josue87/roboxtractor@latest; }' \
|
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/Josue87/roboxtractor@latest; }' \
|
||||||
@ -604,6 +607,7 @@ RUN /pkg-install.sh WEB apt-get install -y --no-install-recommends \
|
|||||||
RUN /pkg-install.sh DEV apt-get install -y --no-install-recommends \
|
RUN /pkg-install.sh DEV apt-get install -y --no-install-recommends \
|
||||||
ninja-build \
|
ninja-build \
|
||||||
repo
|
repo
|
||||||
|
# Android build tools:
|
||||||
RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
|
RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
|
||||||
aria2 \
|
aria2 \
|
||||||
buildtorrent \
|
buildtorrent \
|
||||||
@ -649,6 +653,8 @@ RUN /pkg-install.sh HACK bin https://raw.githubusercontent.com/trustedsec/hardci
|
|||||||
RUN /pkg-install.sh NET bin https://github.com/hackerschoice/binary/raw/main/gsocket/latest/gsocket_latest_all.deb `# x86_64 only` \
|
RUN /pkg-install.sh NET bin https://github.com/hackerschoice/binary/raw/main/gsocket/latest/gsocket_latest_all.deb `# x86_64 only` \
|
||||||
&& /pkg-install.sh NET ghbin shadowsocks/shadowsocks-rust '%arch%.*linux.musl.tar.xz$' \
|
&& /pkg-install.sh NET ghbin shadowsocks/shadowsocks-rust '%arch%.*linux.musl.tar.xz$' \
|
||||||
&& /pkg-install.sh NET ghbin ginuerzh/gost 'linux-%arch:x86_64=amd64:aarch64=armv8%.*gz$' gost \
|
&& /pkg-install.sh NET ghbin ginuerzh/gost 'linux-%arch:x86_64=amd64:aarch64=armv8%.*gz$' gost \
|
||||||
|
&& /pkg-install.sh NET ghbin tulir/gomuks 'linux-%arch:x86_64=amd64:aarch64=arm64%' gomuks \
|
||||||
|
&& /pkg-install.sh NET ghbin maxmind/mmdbinspect 'linux_amd64.tar.gz$' mmdbinspect `# x86_64 only` \
|
||||||
&& /pkg-install.sh NET ghbin KaranGauswami/socks-to-http-proxy 'sthp-linux' sthp `# x86_64 only` \
|
&& /pkg-install.sh NET ghbin KaranGauswami/socks-to-http-proxy 'sthp-linux' sthp `# x86_64 only` \
|
||||||
&& /pkg-install.sh NET ghbin schollz/croc 'Linux-%arch:x86_64=64bit:aarch64=ARM64%.deb' \
|
&& /pkg-install.sh NET ghbin schollz/croc 'Linux-%arch:x86_64=64bit:aarch64=ARM64%.deb' \
|
||||||
&& /pkg-install.sh NET ghbin vi/websocat '%arch%.*linux-musl' websocat \
|
&& /pkg-install.sh NET ghbin vi/websocat '%arch%.*linux-musl' websocat \
|
||||||
|
@ -31,6 +31,9 @@ function dmesg {
|
|||||||
alias norg="gron --ungron"
|
alias norg="gron --ungron"
|
||||||
alias ungron="gron --ungron"
|
alias ungron="gron --ungron"
|
||||||
alias carbonyl="carbonyl --no-sandbox"
|
alias carbonyl="carbonyl --no-sandbox"
|
||||||
|
alias seppuku="destruct"
|
||||||
|
|
||||||
|
[[ -n $IS_SHOW_MOTD_XPRA ]] && [[ -f /sf/bin/funcs_motd-xpra ]] && source /sf/bin/funcs_motd-xpra
|
||||||
|
|
||||||
tty -s && [[ -n $TERM ]] && [[ "$TERM" != dumb ]] && {
|
tty -s && [[ -n $TERM ]] && [[ "$TERM" != dumb ]] && {
|
||||||
_grccmd()
|
_grccmd()
|
||||||
|
40
guest/fs-root/sf/bin/destruct
Executable file
40
guest/fs-root/sf/bin/destruct
Executable file
@ -0,0 +1,40 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
# shellcheck disable=SC1091
|
||||||
|
source "/sf/bin/funcs.sh"
|
||||||
|
cd /
|
||||||
|
|
||||||
|
[[ "$1" != now ]] && {
|
||||||
|
echo -e "\
|
||||||
|
This system will ${CRY}SELF-DESTRUCT${CN} in 10 seconds.
|
||||||
|
|
||||||
|
${CDR}*** ALL DATA WILL BE WIPED ***${CN}
|
||||||
|
Press ${CDY}ANY KEY${CN} to stop or type ${CDC}now${CN} to proceed immediatly.
|
||||||
|
|
||||||
|
Consider ${CDC}halt${CN} to shut down this server instead. This way all your
|
||||||
|
encrypted data will remain until next log in (with the correct SECRET).
|
||||||
|
|
||||||
|
This system will ${CRY}SELF-DESTRUCT${CN} in 10 seconds."
|
||||||
|
read -r -n8 -t10 str && {
|
||||||
|
echo -e "${CDR}Self-Destruct cancelled...${CDY}*phew*${CN}"
|
||||||
|
[[ $str == "halt" ]] && {
|
||||||
|
echo -e "HALT instead..."
|
||||||
|
halt
|
||||||
|
exit 255
|
||||||
|
}
|
||||||
|
[[ $str != "now" ]] && exit 255
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
[[ "$str" == halt ]] && {
|
||||||
|
halt
|
||||||
|
exit 0; }
|
||||||
|
|
||||||
|
echo -e "${CDR}***DESTRUCT***${CN}"
|
||||||
|
|
||||||
|
shopt -s dotglob
|
||||||
|
rm -rf /onion/*
|
||||||
|
rm -rf "/everyone/${SF_HOSTNAME,,}/"*
|
||||||
|
rm -rf /sec/*
|
||||||
|
echo -e "${CDG}DONE.${CN}"
|
||||||
|
halt
|
13
guest/fs-root/sf/bin/funcs_motd-xpra
Normal file
13
guest/fs-root/sf/bin/funcs_motd-xpra
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
### Sources from /etc/shellrc
|
||||||
|
### Display a welcome screen when the first xterm is started from
|
||||||
|
### inside an xpra session.
|
||||||
|
|
||||||
|
unset IS_SHOW_MOTD_XPRA
|
||||||
|
|
||||||
|
echo -e "\
|
||||||
|
${CDY}---------------------------------------------------------------${CN}
|
||||||
|
${CDY}-->${CN} Welcome to ${CDG}Segfault GUI${CN}.
|
||||||
|
${CDY}-->${CN} Use the ${CDM}menu${CN} at the TOP to start apps.
|
||||||
|
${CDY}-->${CN} Type ${CDC}brave-browser &${CN} to start a web browser.
|
||||||
|
${CDY}-->${CN} Type ${CDC}xterm &${CN} to start another terminal.
|
||||||
|
${CDY}---------------------------------------------------------------${CN}"
|
26
guest/fs-root/sf/bin/geoip
Executable file
26
guest/fs-root/sf/bin/geoip
Executable file
@ -0,0 +1,26 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
ip=$1
|
||||||
|
[[ -z $ip ]] && { echo >&2 "$0 [IP-Address]"; exit 255; }
|
||||||
|
|
||||||
|
db="/sf/share/GeoLite2-City.mmdb"
|
||||||
|
[[ -f "/sf/share/dbip-city-lite.mmdb" ]] && db="/sf/share/dbip-city-lite.mmdb"
|
||||||
|
|
||||||
|
res=$(mmdbinspect --db "$db" "$ip") || exit
|
||||||
|
city=$(echo "$res" | jq -r '.[0].Records[0].Record.city.names.en | select(. != null)')
|
||||||
|
country=$(echo "$res" | jq -r '.[0].Records[0].Record.country.names.en | select(. != null)')
|
||||||
|
|
||||||
|
unset YOUR_GEOIP
|
||||||
|
if [[ -n $city ]] && [[ -n $country ]]; then
|
||||||
|
YOUR_GEOIP="${city}/${country}"
|
||||||
|
elif [[ -n $city ]] || [[ -n $country ]]; then
|
||||||
|
YOUR_GEOIP="${city}${country}" # Either one but not both
|
||||||
|
fi
|
||||||
|
|
||||||
|
[[ -z $YOUR_GEOIP ]] && {
|
||||||
|
echo >&2 "NOT FOUND"
|
||||||
|
exit 255
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "${YOUR_GEOIP}"
|
||||||
|
|
@ -1,32 +1,43 @@
|
|||||||
#! /bin/bash
|
#! /bin/bash
|
||||||
|
|
||||||
[[ -t 1 ]] && {
|
|
||||||
# CY="\e[1;33m" # yellow
|
|
||||||
# CG="\e[1;32m" # green
|
|
||||||
CR="\e[1;31m" # red
|
|
||||||
CC="\e[1;36m" # cyan
|
|
||||||
# CM="\e[1;35m" # magenta
|
|
||||||
# CW="\e[1;37m" # white
|
|
||||||
CB="\e[1;34m" # blue
|
|
||||||
CF="\e[2m" # faint
|
|
||||||
CN="\e[0m" # none
|
|
||||||
|
|
||||||
# CBG="\e[42;1m" # Background Green
|
|
||||||
|
|
||||||
# night-mode
|
|
||||||
CDY="\e[0;33m" # yellow
|
|
||||||
CDG="\e[0;32m" # green
|
|
||||||
# CDR="\e[0;31m" # red
|
|
||||||
CDB="\e[0;34m" # blue
|
|
||||||
CDC="\e[0;36m" # cyan
|
|
||||||
CDM="\e[0;35m" # magenta
|
|
||||||
CUL="\e[4m"
|
|
||||||
}
|
|
||||||
# BINDIR="$(cd "$(dirname "${0}")" || exit; pwd)"
|
# BINDIR="$(cd "$(dirname "${0}")" || exit; pwd)"
|
||||||
|
# shellcheck disable=SC1091
|
||||||
|
source "/sf/bin/funcs.sh" 2>/dev/null
|
||||||
# shellcheck disable=SC1091
|
# shellcheck disable=SC1091
|
||||||
source "/config/guest/vpn_status" 2>/dev/null
|
source "/config/guest/vpn_status" 2>/dev/null
|
||||||
|
|
||||||
|
print_ssh_access()
|
||||||
|
{
|
||||||
|
local key_suffix
|
||||||
|
|
||||||
|
key_suffix="sf-${SF_FQDN//./-}"
|
||||||
|
echo 1>&2 -e "\
|
||||||
|
:Cut & Paste these lines to your workstation's shell to retain access:
|
||||||
|
######################################################################
|
||||||
|
${CDC}cat >~/.ssh/id_${key_suffix} ${CDR}<<__EOF__
|
||||||
|
${CN}${CF}$(<"/config/guest/id_ed25519")
|
||||||
|
${CDR}__EOF__
|
||||||
|
${CDC}cat >>~/.ssh/config ${CDR}<<${CDR}__EOF__
|
||||||
|
${CN}${CF}host ${SF_HOSTNAME,,}
|
||||||
|
User root
|
||||||
|
HostName ${SF_FQDN}
|
||||||
|
IdentityFile ~/.ssh/id_${key_suffix}
|
||||||
|
SetEnv SECRET=${SF_SEC}
|
||||||
|
${CDR}__EOF__
|
||||||
|
${CDC}chmod 600 ~/.ssh/config ~/.ssh/id_${key_suffix}${CN}
|
||||||
|
######################################################################
|
||||||
|
Thereafter use these commands:
|
||||||
|
--> ${CDC}ssh ${SF_HOSTNAME,,}${CN}
|
||||||
|
--> ${CDC}sftp ${SF_HOSTNAME,,}${CN}
|
||||||
|
--> ${CDC}scp ${SF_HOSTNAME,,}:stuff.tar.gz ~/${CN}
|
||||||
|
--> ${CDC}sshfs -o reconnect ${SF_HOSTNAME,,}:/sec ~/sec ${CN}
|
||||||
|
----------------------------------------------------------------------"
|
||||||
|
}
|
||||||
|
|
||||||
|
[[ -n $SF_IS_NEW_SERVER ]] && _IS_SHOW_MORE=1
|
||||||
|
[[ "${0##*/}" == "info" ]] && _IS_SHOW_MORE=1
|
||||||
|
[[ -n $_IS_SHOW_MORE ]] && print_ssh_access
|
||||||
|
|
||||||
if [[ -z $IS_VPN_CONNECTED ]]; then
|
if [[ -z $IS_VPN_CONNECTED ]]; then
|
||||||
if source "/config/guest/vpn_status.direct" 2>/dev/null; then
|
if source "/config/guest/vpn_status.direct" 2>/dev/null; then
|
||||||
str="${SFVPN_EXIT_IP} "
|
str="${SFVPN_EXIT_IP} "
|
||||||
@ -69,8 +80,6 @@ Reverse Port : ${IPPORT}${CN}
|
|||||||
${VPN_DST}"
|
${VPN_DST}"
|
||||||
|
|
||||||
# All below should only be displayed if user types 'info' or a newly created server.
|
# All below should only be displayed if user types 'info' or a newly created server.
|
||||||
[[ -n $SF_IS_NEW_SERVER ]] && _IS_SHOW_MORE=1
|
|
||||||
[[ "${0##*/}" == "info" ]] && _IS_SHOW_MORE=1
|
|
||||||
[[ -z $_IS_SHOW_MORE ]] && {
|
[[ -z $_IS_SHOW_MORE ]] && {
|
||||||
echo -e "\
|
echo -e "\
|
||||||
Hint : ${CDC}Type ${CC}info${CDC} for more details.${CN}"
|
Hint : ${CDC}Type ${CC}info${CDC} for more details.${CN}"
|
||||||
@ -109,5 +118,5 @@ SSH (gsocket) : ${CC}gsocket -s $(cat /config/guest/gsnc-access-22.txt) ssh$
|
|||||||
${SF_USER:-UNKNOWN}@${SF_FQDN%.*}.gsocket${CN}"
|
${SF_USER:-UNKNOWN}@${SF_FQDN%.*}.gsocket${CN}"
|
||||||
}
|
}
|
||||||
str="SECRET : ${CDY}${SF_SEC}"
|
str="SECRET : ${CDY}${SF_SEC}"
|
||||||
[[ -n $SF_IS_LOGINSHELL ]] && str+=" \e[0;33;41m<<< WRITE THIS DOWN <<<"
|
[[ -n $SF_IS_LOGINSHELL ]] && str+=" ${CRY}<<< WRITE THIS DOWN <<<"
|
||||||
echo -e "${str}${CN}"
|
echo -e "${str}${CN}"
|
||||||
|
@ -32,7 +32,7 @@ sv_startx()
|
|||||||
local str_auth
|
local str_auth
|
||||||
|
|
||||||
[[ -n $PASSWORD ]] && str_auth="env"
|
[[ -n $PASSWORD ]] && str_auth="env"
|
||||||
XPRA_PASSWORD="${PASSWORD}" xpra.orig start --pulseaudio=yes --resize-display=1280x1024 --bind-tcp=127.0.0.1:2000,auth="${str_auth:-allow}" --html=on --start=xterm-dark --daemon=no &>/dev/null &
|
XPRA_PASSWORD="${PASSWORD}" xpra.orig start --pulseaudio=yes --resize-display=1280x1024 --bind-tcp=127.0.0.1:2000,auth="${str_auth:-allow}" --html=on --start=xterm-dark-xpra --daemon=no &>/dev/null &
|
||||||
# XPRA_PASSWORD="${PASSWORD}" xpra.orig start-desktop --pulseaudio=yes --bind-tcp=127.0.0.1:2000,auth="${str_auth}" --html=on --start-child=xfce4-session --start=xterm-dark --systemd-run=no --exit-with-children --daemon=no &>/dev/null &
|
# XPRA_PASSWORD="${PASSWORD}" xpra.orig start-desktop --pulseaudio=yes --bind-tcp=127.0.0.1:2000,auth="${str_auth}" --html=on --start-child=xfce4-session --start=xterm-dark --systemd-run=no --exit-with-children --daemon=no &>/dev/null &
|
||||||
PID_V=$!
|
PID_V=$!
|
||||||
|
|
||||||
|
6
guest/fs-root/usr/bin/xterm-dark-xpra
Executable file
6
guest/fs-root/usr/bin/xterm-dark-xpra
Executable file
@ -0,0 +1,6 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
### xpra does not honor --env=IS_SHOW_MOTD_XPRA=1 and thus we have to trampoline
|
||||||
|
### through this function.
|
||||||
|
|
||||||
|
IS_SHOW_MOTD_XPRA=1 exec xterm-dark "$@"
|
@ -27,7 +27,7 @@ setup_sshd()
|
|||||||
# Default is for user to use 'ssh root@segfault.net' but this can be changed
|
# Default is for user to use 'ssh root@segfault.net' but this can be changed
|
||||||
# in .env to any other user name. In case it is 'root' then we need to move
|
# in .env to any other user name. In case it is 'root' then we need to move
|
||||||
# the true root out of the way for the docker-sshd to work.
|
# the true root out of the way for the docker-sshd to work.
|
||||||
tail -n1 /etc/passwd | grep ^"${SF_USER}" >/dev/null && return
|
tail -n1 /etc/passwd | grep ^secret >/dev/null && return
|
||||||
|
|
||||||
if [[ "$SF_USER" == "root" ]]; then
|
if [[ "$SF_USER" == "root" ]]; then
|
||||||
# rename root user
|
# rename root user
|
||||||
@ -170,9 +170,9 @@ while [[ $i -lt $SF_HM_SIZE_LG ]]; do
|
|||||||
done
|
done
|
||||||
|
|
||||||
# LXCFS creates different directories depending on the version.
|
# LXCFS creates different directories depending on the version.
|
||||||
[[ -d /var/lib/lxcfs ]] && {
|
[[ -d /var/lib/lxcfs/proc ]] && {
|
||||||
unset str
|
unset str
|
||||||
for fn in $(cd /var/lib/lxcfs; find proc -type f; find sys -type f); do
|
for fn in $(cd /var/lib/lxcfs; find proc -type f 2>/dev/null; find sys -type f 2>/dev/null); do
|
||||||
str+="'-v' '/var/lib/lxcfs/${fn}:/$fn:ro' "
|
str+="'-v' '/var/lib/lxcfs/${fn}:/$fn:ro' "
|
||||||
done
|
done
|
||||||
LXCFS_STR=$str
|
LXCFS_STR=$str
|
||||||
|
@ -21,7 +21,7 @@ SSH_SF_DEBUG="${SF_DEBUG}" # Set by SSH client
|
|||||||
[[ -f /dev/shm/env.txt ]] && eval "$(</dev/shm/env.txt)"
|
[[ -f /dev/shm/env.txt ]] && eval "$(</dev/shm/env.txt)"
|
||||||
[[ -z $SF_DEBUG ]] && SF_DEBUG="${SSH_SF_DEBUG}"
|
[[ -z $SF_DEBUG ]] && SF_DEBUG="${SSH_SF_DEBUG}"
|
||||||
unset SSH_SF_DEBUG
|
unset SSH_SF_DEBUG
|
||||||
eval "$(</sf/bin/funcs_redis.sh)"
|
eval "$(</sf/bin/funcs_redis.sh)" || exit
|
||||||
# Debug Trace. see sf_trace-DISABLED
|
# Debug Trace. see sf_trace-DISABLED
|
||||||
[[ -f /bin/sf_trace ]] && eval "$(</bin/sf_trace)"
|
[[ -f /bin/sf_trace ]] && eval "$(</bin/sf_trace)"
|
||||||
|
|
||||||
@ -393,37 +393,6 @@ ${CR}######################################################################
|
|||||||
######################################################################${CN}"
|
######################################################################${CN}"
|
||||||
}
|
}
|
||||||
|
|
||||||
print_ssh_access()
|
|
||||||
{
|
|
||||||
local key_suffix
|
|
||||||
# [[ -z $IS_LOGIN ]] && return => Still display help if this is a new server even if just cmd execution.
|
|
||||||
[[ -n $SF_HUSHLOGIN ]] && return
|
|
||||||
[[ -z $SF_IS_NEW_SERVER ]] && return
|
|
||||||
|
|
||||||
key_suffix="sf-${SF_FQDN//./-}"
|
|
||||||
echo 1>&2 -e "\
|
|
||||||
:Cut & Paste these lines to your workstation's shell to retain access:
|
|
||||||
######################################################################
|
|
||||||
${CDC}cat >~/.ssh/id_${key_suffix} ${CDR}<<__EOF__
|
|
||||||
${CN}${CF}$(<"/config/guest/id_ed25519")
|
|
||||||
${CDR}__EOF__
|
|
||||||
${CDC}cat >>~/.ssh/config ${CDR}<<${CDR}__EOF__
|
|
||||||
${CN}${CF}host ${SF_HOSTNAME,,}
|
|
||||||
User root
|
|
||||||
HostName ${SF_FQDN}
|
|
||||||
IdentityFile ~/.ssh/id_${key_suffix}
|
|
||||||
SetEnv SECRET=${SF_SEC}
|
|
||||||
${CDR}__EOF__
|
|
||||||
${CDC}chmod 600 ~/.ssh/config ~/.ssh/id_${key_suffix}${CN}
|
|
||||||
######################################################################
|
|
||||||
Thereafter use these commands:
|
|
||||||
--> ${CDC}ssh ${SF_HOSTNAME,,}${CN}
|
|
||||||
--> ${CDC}sftp ${SF_HOSTNAME,,}${CN}
|
|
||||||
--> ${CDC}scp ${SF_HOSTNAME,,}:stuff.tar.gz ~/${CN}
|
|
||||||
--> ${CDC}sshfs -o reconnect ${SF_HOSTNAME,,}:/sec ~/sec ${CN}
|
|
||||||
----------------------------------------------------------------------"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Output GOODBYE message with infos how to connect back to this shell
|
# Output GOODBYE message with infos how to connect back to this shell
|
||||||
print_goodbye()
|
print_goodbye()
|
||||||
{
|
{
|
||||||
@ -684,6 +653,8 @@ load_limits()
|
|||||||
|
|
||||||
[[ -n $SF_SHM_SIZE ]] && DOCKER_ARGS+=("--shm-size=$SF_SHM_SIZE")
|
[[ -n $SF_SHM_SIZE ]] && DOCKER_ARGS+=("--shm-size=$SF_SHM_SIZE")
|
||||||
|
|
||||||
|
[[ -n $SF_SYSBOX ]] && SYSBOX_ARGS+=("--runtime=sysbox-runc")
|
||||||
|
|
||||||
setup_fs_limit || ERREXIT 202 "Can't configure XFS limit"
|
setup_fs_limit || ERREXIT 202 "Can't configure XFS limit"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -886,10 +857,10 @@ mk_geoip()
|
|||||||
country=$(echo "$res" | jq -r '.[0].Records[0].Record.country.names.en | select(. != null)')
|
country=$(echo "$res" | jq -r '.[0].Records[0].Record.country.names.en | select(. != null)')
|
||||||
|
|
||||||
unset YOUR_GEOIP
|
unset YOUR_GEOIP
|
||||||
if [[ -n $city && -n $country ]]; then
|
if [[ -n $city ]] && [[ -n $country ]]; then
|
||||||
YOUR_GEOIP+="${city}/${country}"
|
YOUR_GEOIP="${city}/${country}"
|
||||||
elif [[ -n $city || -n $country ]]; then
|
elif [[ -n $city ]] || [[ -n $country ]]; then
|
||||||
YOUR_GEOIP+="${city}${country}" # Either one but not both
|
YOUR_GEOIP="${city}${country}" # Either one but not both
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -963,8 +934,13 @@ fi
|
|||||||
SF_PRJ="${PRJ//[^a-zA-Z0-9._]}"
|
SF_PRJ="${PRJ//[^a-zA-Z0-9._]}"
|
||||||
SF_PRJ="${SF_PRJ:0:32}"
|
SF_PRJ="${SF_PRJ:0:32}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[[ -n $TOKEN ]] && {
|
||||||
|
SF_TOKEN="${TOKEN//[^a-zA-Z0-9._:]}"
|
||||||
|
SF_TOKEN="${SF_TOKEN:0:32}"
|
||||||
|
}
|
||||||
# Unset user supplied env variables
|
# Unset user supplied env variables
|
||||||
unset SECRET HUSTLOGIN HIDEIP PRJ
|
unset SECRET HUSTLOGIN HIDEIP PRJ TOKEN
|
||||||
### ----END SANITIZE----
|
### ----END SANITIZE----
|
||||||
|
|
||||||
# Only output progress if this is a login shell _and_ not HUSHLOGIN
|
# Only output progress if this is a login shell _and_ not HUSHLOGIN
|
||||||
@ -1116,6 +1092,7 @@ xmkdir "${selfdir}"
|
|||||||
[[ -n $SF_DEBUG ]] && export SF_DEBUG
|
[[ -n $SF_DEBUG ]] && export SF_DEBUG
|
||||||
# exec_devnull docker run --runtime=sysbox-runc \
|
# exec_devnull docker run --runtime=sysbox-runc \
|
||||||
exec_devnull docker run \
|
exec_devnull docker run \
|
||||||
|
"${SYSBOX_ARGS[@]}" \
|
||||||
--hostname "sf-${SF_HOSTNAME}" \
|
--hostname "sf-${SF_HOSTNAME}" \
|
||||||
"${DOCKER_ARGS[@]}" \
|
"${DOCKER_ARGS[@]}" \
|
||||||
--rm \
|
--rm \
|
||||||
@ -1144,6 +1121,7 @@ exec_devnull docker run \
|
|||||||
--log-driver "${SF_DOCKER_LOG}" \
|
--log-driver "${SF_DOCKER_LOG}" \
|
||||||
--tmpfs /tmp:exec `# GoLang needs /tmp to be executeable` \
|
--tmpfs /tmp:exec `# GoLang needs /tmp to be executeable` \
|
||||||
--sysctl net.ipv6.conf.all.disable_ipv6=0 `# Allow IPv6 (used by WireGuard FOBs)` \
|
--sysctl net.ipv6.conf.all.disable_ipv6=0 `# Allow IPv6 (used by WireGuard FOBs)` \
|
||||||
|
-v "${SF_BASEDIR}/data/share/:/sf/share:ro" \
|
||||||
-v "${SF_CFG_GUEST_DIR:?}/:/config/guest:ro" \
|
-v "${SF_CFG_GUEST_DIR:?}/:/config/guest:ro" \
|
||||||
-v "${SF_GUEST_SELFDIR:?}/lg-${LID}:/config/self:ro,slave" \
|
-v "${SF_GUEST_SELFDIR:?}/lg-${LID}:/config/self:ro,slave" \
|
||||||
-v "${SF_ENCFS_SEC_DIR}/lg-${LID}:/sec:slave" \
|
-v "${SF_ENCFS_SEC_DIR}/lg-${LID}:/sec:slave" \
|
||||||
@ -1202,9 +1180,6 @@ tofile "${C_IP:?}" "/config/self-for-guest/lg-${LID}/c_ip"
|
|||||||
|
|
||||||
echo_pty -e "....[${CG}OK${CN}]"
|
echo_pty -e "....[${CG}OK${CN}]"
|
||||||
|
|
||||||
# Show help how to connect elegantly
|
|
||||||
print_ssh_access
|
|
||||||
|
|
||||||
# Spawn shell
|
# Spawn shell
|
||||||
spawn_shell_exit "$@"
|
spawn_shell_exit "$@"
|
||||||
# NOT REACHED
|
# NOT REACHED
|
||||||
|
@ -21,9 +21,14 @@ LG_MAC=$(docker inspect -f '{{ (index .NetworkSettings.Networks "sf-guest").MacA
|
|||||||
# nsenter -t "${SF_ROUTER_PID:?}" -n ip neigh add "${C_IP:?}" lladdr "${LG_MAC:?}" dev XXX
|
# nsenter -t "${SF_ROUTER_PID:?}" -n ip neigh add "${C_IP:?}" lladdr "${LG_MAC:?}" dev XXX
|
||||||
nsenter -t "${SF_ROUTER_PID:?}" -n arp -s "${C_IP:?}" "${LG_MAC:?}"
|
nsenter -t "${SF_ROUTER_PID:?}" -n arp -s "${C_IP:?}" "${LG_MAC:?}"
|
||||||
|
|
||||||
|
# echo nsenter.u1000 -t "${LG_PID:?}" --setuid 0 --setgid 0 -n arp -s "${SF_NET_LG_ROUTER_IP}" "${LG_ROUTER_MAC}"
|
||||||
nsenter.u1000 -t "${LG_PID:?}" --setuid 0 --setgid 0 -n arp -s "${SF_NET_LG_ROUTER_IP}" "${LG_ROUTER_MAC}"
|
nsenter.u1000 -t "${LG_PID:?}" --setuid 0 --setgid 0 -n arp -s "${SF_NET_LG_ROUTER_IP}" "${LG_ROUTER_MAC}"
|
||||||
|
# echo nsenter.u1000 -t "${LG_PID:?}" --setuid 0 --setgid 0 -n arp -s "${SF_RPC_IP}" "${LG_RPC_MAC}"
|
||||||
nsenter.u1000 -t "${LG_PID:?}" --setuid 0 --setgid 0 -n arp -s "${SF_RPC_IP}" "${LG_RPC_MAC}"
|
nsenter.u1000 -t "${LG_PID:?}" --setuid 0 --setgid 0 -n arp -s "${SF_RPC_IP}" "${LG_RPC_MAC}"
|
||||||
|
|
||||||
# 255.0.0.1 always points to guest's localhost: user can now set up a ssh -D1080 and connect with browser to
|
# 255.0.0.1 always points to guest's localhost: user can now set up a ssh -D1080 and connect with browser to
|
||||||
# 255.0.0.1 and reach guest's 127.0.0.1.
|
# 255.0.0.1 and reach guest's 127.0.0.1.
|
||||||
|
# echo nsenter.u1000 -t "${LG_PID}" -n iptables -t nat -A OUTPUT -p tcp --dst 255.0.0.1 -j DNAT --to-destination 127.0.0.1
|
||||||
nsenter.u1000 -t "${LG_PID}" -n iptables -t nat -A OUTPUT -p tcp --dst 255.0.0.1 -j DNAT --to-destination 127.0.0.1
|
nsenter.u1000 -t "${LG_PID}" -n iptables -t nat -A OUTPUT -p tcp --dst 255.0.0.1 -j DNAT --to-destination 127.0.0.1
|
||||||
|
|
||||||
|
exit 0
|
Loading…
Reference in New Issue
Block a user