mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-28 17:51:22 +00:00
destruct
This commit is contained in:
parent
c07b1ede83
commit
33d239f394
@ -1,5 +1,7 @@
|
||||
0.4.7 - 2023-06-00
|
||||
* LXCFS - report correct uptime, cpuinfo, ...
|
||||
* geoip and /sf/share
|
||||
* XPRA/SF-UI improvements
|
||||
|
||||
0.4.6 - 2023-05-08
|
||||
* SF-UI alpha
|
||||
|
5
Makefile
5
Makefile
@ -26,6 +26,7 @@ FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/bin/chromium-hook"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/code/code-hook"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/share/code/bin/code-hook"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/bin/xterm-dark"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/usr/bin/xterm-dark-xpra"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/profile.d/segfault.sh"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/shellrc"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/skel/.config/htop/htoprc"
|
||||
@ -34,10 +35,14 @@ FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/zsh_command_not_found"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/zsh/zshenv"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/proxychains.conf"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/sf-motd.sh"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/funcs.sh"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/destruct"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/funcs_motd-xpra"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/sf-setup.sh"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/startxvnc"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/startxweb"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/startfb"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/geoip"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/pkg-install.sh"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/rc.local-example"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/vim/vimrc.local"
|
||||
|
@ -507,6 +507,7 @@ RUN /pkg-install.sh DEVEL pip install --break-system-packages \
|
||||
pyTelegramBotAPI \
|
||||
tgcrypto \
|
||||
wsgidav
|
||||
RUN /pkg-install.sh LARGE pipx install gdown
|
||||
RUN /pkg-install.sh LARGE bin 'https://gitlab.com/api/v4/projects/32089582/packages/generic/geonet-rs/0.4.3/geonet_0.4.3_%arch:x86_64=amd64:DEFAULT=SKIP%.deb' `# x86_64 only` \
|
||||
&& /pkg-install.sh MINI bash -c "{ [[ -f /usr/share/locale/locale.alias ]] && localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8; }" \
|
||||
&& /pkg-install.sh DEVEL bash -c '{ arch=amd64; [[ $HOSTTYPE == "aarch64" ]] && arch=arm64; apt-get install -y --no-install-recommends linux-headers-${arch}; }'
|
||||
@ -525,6 +526,7 @@ RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
|
||||
cups-client \
|
||||
byobu \
|
||||
fish \
|
||||
parallel \
|
||||
sshuttle
|
||||
RUN /pkg-install.sh HUGE apt-get install -y --no-install-recommends \
|
||||
gopls \
|
||||
@ -536,6 +538,7 @@ RUN /pkg-install.sh HACK ghbin shadow1ng/fscan 'fscan_%arch:x86_64=amd64:aarch64
|
||||
&& /pkg-install.sh HACK ghbin 'theaog/spirit' 'spirit%arch:x86_64=:DEFAULT=SKIP%.tgz$' spirit `# x86_64 only, spirit-arm bad` \
|
||||
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/tomnomnom/gf@latest; }' \
|
||||
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/tomnomnom/hacks/inscope@latest; }' \
|
||||
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/Emoe/kxss@latest; }' \
|
||||
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/Josue87/analyticsrelationships@latest; }' \
|
||||
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/Josue87/gotator@latest; }' \
|
||||
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/Josue87/roboxtractor@latest; }' \
|
||||
@ -604,6 +607,7 @@ RUN /pkg-install.sh WEB apt-get install -y --no-install-recommends \
|
||||
RUN /pkg-install.sh DEV apt-get install -y --no-install-recommends \
|
||||
ninja-build \
|
||||
repo
|
||||
# Android build tools:
|
||||
RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
|
||||
aria2 \
|
||||
buildtorrent \
|
||||
@ -649,6 +653,8 @@ RUN /pkg-install.sh HACK bin https://raw.githubusercontent.com/trustedsec/hardci
|
||||
RUN /pkg-install.sh NET bin https://github.com/hackerschoice/binary/raw/main/gsocket/latest/gsocket_latest_all.deb `# x86_64 only` \
|
||||
&& /pkg-install.sh NET ghbin shadowsocks/shadowsocks-rust '%arch%.*linux.musl.tar.xz$' \
|
||||
&& /pkg-install.sh NET ghbin ginuerzh/gost 'linux-%arch:x86_64=amd64:aarch64=armv8%.*gz$' gost \
|
||||
&& /pkg-install.sh NET ghbin tulir/gomuks 'linux-%arch:x86_64=amd64:aarch64=arm64%' gomuks \
|
||||
&& /pkg-install.sh NET ghbin maxmind/mmdbinspect 'linux_amd64.tar.gz$' mmdbinspect `# x86_64 only` \
|
||||
&& /pkg-install.sh NET ghbin KaranGauswami/socks-to-http-proxy 'sthp-linux' sthp `# x86_64 only` \
|
||||
&& /pkg-install.sh NET ghbin schollz/croc 'Linux-%arch:x86_64=64bit:aarch64=ARM64%.deb' \
|
||||
&& /pkg-install.sh NET ghbin vi/websocat '%arch%.*linux-musl' websocat \
|
||||
|
@ -31,6 +31,9 @@ function dmesg {
|
||||
alias norg="gron --ungron"
|
||||
alias ungron="gron --ungron"
|
||||
alias carbonyl="carbonyl --no-sandbox"
|
||||
alias seppuku="destruct"
|
||||
|
||||
[[ -n $IS_SHOW_MOTD_XPRA ]] && [[ -f /sf/bin/funcs_motd-xpra ]] && source /sf/bin/funcs_motd-xpra
|
||||
|
||||
tty -s && [[ -n $TERM ]] && [[ "$TERM" != dumb ]] && {
|
||||
_grccmd()
|
||||
|
40
guest/fs-root/sf/bin/destruct
Executable file
40
guest/fs-root/sf/bin/destruct
Executable file
@ -0,0 +1,40 @@
|
||||
#! /bin/bash
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
source "/sf/bin/funcs.sh"
|
||||
cd /
|
||||
|
||||
[[ "$1" != now ]] && {
|
||||
echo -e "\
|
||||
This system will ${CRY}SELF-DESTRUCT${CN} in 10 seconds.
|
||||
|
||||
${CDR}*** ALL DATA WILL BE WIPED ***${CN}
|
||||
Press ${CDY}ANY KEY${CN} to stop or type ${CDC}now${CN} to proceed immediatly.
|
||||
|
||||
Consider ${CDC}halt${CN} to shut down this server instead. This way all your
|
||||
encrypted data will remain until next log in (with the correct SECRET).
|
||||
|
||||
This system will ${CRY}SELF-DESTRUCT${CN} in 10 seconds."
|
||||
read -r -n8 -t10 str && {
|
||||
echo -e "${CDR}Self-Destruct cancelled...${CDY}*phew*${CN}"
|
||||
[[ $str == "halt" ]] && {
|
||||
echo -e "HALT instead..."
|
||||
halt
|
||||
exit 255
|
||||
}
|
||||
[[ $str != "now" ]] && exit 255
|
||||
}
|
||||
}
|
||||
|
||||
[[ "$str" == halt ]] && {
|
||||
halt
|
||||
exit 0; }
|
||||
|
||||
echo -e "${CDR}***DESTRUCT***${CN}"
|
||||
|
||||
shopt -s dotglob
|
||||
rm -rf /onion/*
|
||||
rm -rf "/everyone/${SF_HOSTNAME,,}/"*
|
||||
rm -rf /sec/*
|
||||
echo -e "${CDG}DONE.${CN}"
|
||||
halt
|
13
guest/fs-root/sf/bin/funcs_motd-xpra
Normal file
13
guest/fs-root/sf/bin/funcs_motd-xpra
Normal file
@ -0,0 +1,13 @@
|
||||
### Sources from /etc/shellrc
|
||||
### Display a welcome screen when the first xterm is started from
|
||||
### inside an xpra session.
|
||||
|
||||
unset IS_SHOW_MOTD_XPRA
|
||||
|
||||
echo -e "\
|
||||
${CDY}---------------------------------------------------------------${CN}
|
||||
${CDY}-->${CN} Welcome to ${CDG}Segfault GUI${CN}.
|
||||
${CDY}-->${CN} Use the ${CDM}menu${CN} at the TOP to start apps.
|
||||
${CDY}-->${CN} Type ${CDC}brave-browser &${CN} to start a web browser.
|
||||
${CDY}-->${CN} Type ${CDC}xterm &${CN} to start another terminal.
|
||||
${CDY}---------------------------------------------------------------${CN}"
|
26
guest/fs-root/sf/bin/geoip
Executable file
26
guest/fs-root/sf/bin/geoip
Executable file
@ -0,0 +1,26 @@
|
||||
#! /bin/bash
|
||||
|
||||
ip=$1
|
||||
[[ -z $ip ]] && { echo >&2 "$0 [IP-Address]"; exit 255; }
|
||||
|
||||
db="/sf/share/GeoLite2-City.mmdb"
|
||||
[[ -f "/sf/share/dbip-city-lite.mmdb" ]] && db="/sf/share/dbip-city-lite.mmdb"
|
||||
|
||||
res=$(mmdbinspect --db "$db" "$ip") || exit
|
||||
city=$(echo "$res" | jq -r '.[0].Records[0].Record.city.names.en | select(. != null)')
|
||||
country=$(echo "$res" | jq -r '.[0].Records[0].Record.country.names.en | select(. != null)')
|
||||
|
||||
unset YOUR_GEOIP
|
||||
if [[ -n $city ]] && [[ -n $country ]]; then
|
||||
YOUR_GEOIP="${city}/${country}"
|
||||
elif [[ -n $city ]] || [[ -n $country ]]; then
|
||||
YOUR_GEOIP="${city}${country}" # Either one but not both
|
||||
fi
|
||||
|
||||
[[ -z $YOUR_GEOIP ]] && {
|
||||
echo >&2 "NOT FOUND"
|
||||
exit 255
|
||||
}
|
||||
|
||||
echo "${YOUR_GEOIP}"
|
||||
|
@ -1,32 +1,43 @@
|
||||
#! /bin/bash
|
||||
|
||||
[[ -t 1 ]] && {
|
||||
# CY="\e[1;33m" # yellow
|
||||
# CG="\e[1;32m" # green
|
||||
CR="\e[1;31m" # red
|
||||
CC="\e[1;36m" # cyan
|
||||
# CM="\e[1;35m" # magenta
|
||||
# CW="\e[1;37m" # white
|
||||
CB="\e[1;34m" # blue
|
||||
CF="\e[2m" # faint
|
||||
CN="\e[0m" # none
|
||||
|
||||
# CBG="\e[42;1m" # Background Green
|
||||
|
||||
# night-mode
|
||||
CDY="\e[0;33m" # yellow
|
||||
CDG="\e[0;32m" # green
|
||||
# CDR="\e[0;31m" # red
|
||||
CDB="\e[0;34m" # blue
|
||||
CDC="\e[0;36m" # cyan
|
||||
CDM="\e[0;35m" # magenta
|
||||
CUL="\e[4m"
|
||||
}
|
||||
# BINDIR="$(cd "$(dirname "${0}")" || exit; pwd)"
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
source "/sf/bin/funcs.sh" 2>/dev/null
|
||||
# shellcheck disable=SC1091
|
||||
source "/config/guest/vpn_status" 2>/dev/null
|
||||
|
||||
print_ssh_access()
|
||||
{
|
||||
local key_suffix
|
||||
|
||||
key_suffix="sf-${SF_FQDN//./-}"
|
||||
echo 1>&2 -e "\
|
||||
:Cut & Paste these lines to your workstation's shell to retain access:
|
||||
######################################################################
|
||||
${CDC}cat >~/.ssh/id_${key_suffix} ${CDR}<<__EOF__
|
||||
${CN}${CF}$(<"/config/guest/id_ed25519")
|
||||
${CDR}__EOF__
|
||||
${CDC}cat >>~/.ssh/config ${CDR}<<${CDR}__EOF__
|
||||
${CN}${CF}host ${SF_HOSTNAME,,}
|
||||
User root
|
||||
HostName ${SF_FQDN}
|
||||
IdentityFile ~/.ssh/id_${key_suffix}
|
||||
SetEnv SECRET=${SF_SEC}
|
||||
${CDR}__EOF__
|
||||
${CDC}chmod 600 ~/.ssh/config ~/.ssh/id_${key_suffix}${CN}
|
||||
######################################################################
|
||||
Thereafter use these commands:
|
||||
--> ${CDC}ssh ${SF_HOSTNAME,,}${CN}
|
||||
--> ${CDC}sftp ${SF_HOSTNAME,,}${CN}
|
||||
--> ${CDC}scp ${SF_HOSTNAME,,}:stuff.tar.gz ~/${CN}
|
||||
--> ${CDC}sshfs -o reconnect ${SF_HOSTNAME,,}:/sec ~/sec ${CN}
|
||||
----------------------------------------------------------------------"
|
||||
}
|
||||
|
||||
[[ -n $SF_IS_NEW_SERVER ]] && _IS_SHOW_MORE=1
|
||||
[[ "${0##*/}" == "info" ]] && _IS_SHOW_MORE=1
|
||||
[[ -n $_IS_SHOW_MORE ]] && print_ssh_access
|
||||
|
||||
if [[ -z $IS_VPN_CONNECTED ]]; then
|
||||
if source "/config/guest/vpn_status.direct" 2>/dev/null; then
|
||||
str="${SFVPN_EXIT_IP} "
|
||||
@ -69,8 +80,6 @@ Reverse Port : ${IPPORT}${CN}
|
||||
${VPN_DST}"
|
||||
|
||||
# All below should only be displayed if user types 'info' or a newly created server.
|
||||
[[ -n $SF_IS_NEW_SERVER ]] && _IS_SHOW_MORE=1
|
||||
[[ "${0##*/}" == "info" ]] && _IS_SHOW_MORE=1
|
||||
[[ -z $_IS_SHOW_MORE ]] && {
|
||||
echo -e "\
|
||||
Hint : ${CDC}Type ${CC}info${CDC} for more details.${CN}"
|
||||
@ -109,5 +118,5 @@ SSH (gsocket) : ${CC}gsocket -s $(cat /config/guest/gsnc-access-22.txt) ssh$
|
||||
${SF_USER:-UNKNOWN}@${SF_FQDN%.*}.gsocket${CN}"
|
||||
}
|
||||
str="SECRET : ${CDY}${SF_SEC}"
|
||||
[[ -n $SF_IS_LOGINSHELL ]] && str+=" \e[0;33;41m<<< WRITE THIS DOWN <<<"
|
||||
[[ -n $SF_IS_LOGINSHELL ]] && str+=" ${CRY}<<< WRITE THIS DOWN <<<"
|
||||
echo -e "${str}${CN}"
|
||||
|
@ -32,7 +32,7 @@ sv_startx()
|
||||
local str_auth
|
||||
|
||||
[[ -n $PASSWORD ]] && str_auth="env"
|
||||
XPRA_PASSWORD="${PASSWORD}" xpra.orig start --pulseaudio=yes --resize-display=1280x1024 --bind-tcp=127.0.0.1:2000,auth="${str_auth:-allow}" --html=on --start=xterm-dark --daemon=no &>/dev/null &
|
||||
XPRA_PASSWORD="${PASSWORD}" xpra.orig start --pulseaudio=yes --resize-display=1280x1024 --bind-tcp=127.0.0.1:2000,auth="${str_auth:-allow}" --html=on --start=xterm-dark-xpra --daemon=no &>/dev/null &
|
||||
# XPRA_PASSWORD="${PASSWORD}" xpra.orig start-desktop --pulseaudio=yes --bind-tcp=127.0.0.1:2000,auth="${str_auth}" --html=on --start-child=xfce4-session --start=xterm-dark --systemd-run=no --exit-with-children --daemon=no &>/dev/null &
|
||||
PID_V=$!
|
||||
|
||||
|
6
guest/fs-root/usr/bin/xterm-dark-xpra
Executable file
6
guest/fs-root/usr/bin/xterm-dark-xpra
Executable file
@ -0,0 +1,6 @@
|
||||
#! /bin/bash
|
||||
|
||||
### xpra does not honor --env=IS_SHOW_MOTD_XPRA=1 and thus we have to trampoline
|
||||
### through this function.
|
||||
|
||||
IS_SHOW_MOTD_XPRA=1 exec xterm-dark "$@"
|
@ -27,7 +27,7 @@ setup_sshd()
|
||||
# Default is for user to use 'ssh root@segfault.net' but this can be changed
|
||||
# in .env to any other user name. In case it is 'root' then we need to move
|
||||
# the true root out of the way for the docker-sshd to work.
|
||||
tail -n1 /etc/passwd | grep ^"${SF_USER}" >/dev/null && return
|
||||
tail -n1 /etc/passwd | grep ^secret >/dev/null && return
|
||||
|
||||
if [[ "$SF_USER" == "root" ]]; then
|
||||
# rename root user
|
||||
@ -170,9 +170,9 @@ while [[ $i -lt $SF_HM_SIZE_LG ]]; do
|
||||
done
|
||||
|
||||
# LXCFS creates different directories depending on the version.
|
||||
[[ -d /var/lib/lxcfs ]] && {
|
||||
[[ -d /var/lib/lxcfs/proc ]] && {
|
||||
unset str
|
||||
for fn in $(cd /var/lib/lxcfs; find proc -type f; find sys -type f); do
|
||||
for fn in $(cd /var/lib/lxcfs; find proc -type f 2>/dev/null; find sys -type f 2>/dev/null); do
|
||||
str+="'-v' '/var/lib/lxcfs/${fn}:/$fn:ro' "
|
||||
done
|
||||
LXCFS_STR=$str
|
||||
|
@ -21,7 +21,7 @@ SSH_SF_DEBUG="${SF_DEBUG}" # Set by SSH client
|
||||
[[ -f /dev/shm/env.txt ]] && eval "$(</dev/shm/env.txt)"
|
||||
[[ -z $SF_DEBUG ]] && SF_DEBUG="${SSH_SF_DEBUG}"
|
||||
unset SSH_SF_DEBUG
|
||||
eval "$(</sf/bin/funcs_redis.sh)"
|
||||
eval "$(</sf/bin/funcs_redis.sh)" || exit
|
||||
# Debug Trace. see sf_trace-DISABLED
|
||||
[[ -f /bin/sf_trace ]] && eval "$(</bin/sf_trace)"
|
||||
|
||||
@ -393,37 +393,6 @@ ${CR}######################################################################
|
||||
######################################################################${CN}"
|
||||
}
|
||||
|
||||
print_ssh_access()
|
||||
{
|
||||
local key_suffix
|
||||
# [[ -z $IS_LOGIN ]] && return => Still display help if this is a new server even if just cmd execution.
|
||||
[[ -n $SF_HUSHLOGIN ]] && return
|
||||
[[ -z $SF_IS_NEW_SERVER ]] && return
|
||||
|
||||
key_suffix="sf-${SF_FQDN//./-}"
|
||||
echo 1>&2 -e "\
|
||||
:Cut & Paste these lines to your workstation's shell to retain access:
|
||||
######################################################################
|
||||
${CDC}cat >~/.ssh/id_${key_suffix} ${CDR}<<__EOF__
|
||||
${CN}${CF}$(<"/config/guest/id_ed25519")
|
||||
${CDR}__EOF__
|
||||
${CDC}cat >>~/.ssh/config ${CDR}<<${CDR}__EOF__
|
||||
${CN}${CF}host ${SF_HOSTNAME,,}
|
||||
User root
|
||||
HostName ${SF_FQDN}
|
||||
IdentityFile ~/.ssh/id_${key_suffix}
|
||||
SetEnv SECRET=${SF_SEC}
|
||||
${CDR}__EOF__
|
||||
${CDC}chmod 600 ~/.ssh/config ~/.ssh/id_${key_suffix}${CN}
|
||||
######################################################################
|
||||
Thereafter use these commands:
|
||||
--> ${CDC}ssh ${SF_HOSTNAME,,}${CN}
|
||||
--> ${CDC}sftp ${SF_HOSTNAME,,}${CN}
|
||||
--> ${CDC}scp ${SF_HOSTNAME,,}:stuff.tar.gz ~/${CN}
|
||||
--> ${CDC}sshfs -o reconnect ${SF_HOSTNAME,,}:/sec ~/sec ${CN}
|
||||
----------------------------------------------------------------------"
|
||||
}
|
||||
|
||||
# Output GOODBYE message with infos how to connect back to this shell
|
||||
print_goodbye()
|
||||
{
|
||||
@ -684,6 +653,8 @@ load_limits()
|
||||
|
||||
[[ -n $SF_SHM_SIZE ]] && DOCKER_ARGS+=("--shm-size=$SF_SHM_SIZE")
|
||||
|
||||
[[ -n $SF_SYSBOX ]] && SYSBOX_ARGS+=("--runtime=sysbox-runc")
|
||||
|
||||
setup_fs_limit || ERREXIT 202 "Can't configure XFS limit"
|
||||
}
|
||||
|
||||
@ -886,10 +857,10 @@ mk_geoip()
|
||||
country=$(echo "$res" | jq -r '.[0].Records[0].Record.country.names.en | select(. != null)')
|
||||
|
||||
unset YOUR_GEOIP
|
||||
if [[ -n $city && -n $country ]]; then
|
||||
YOUR_GEOIP+="${city}/${country}"
|
||||
elif [[ -n $city || -n $country ]]; then
|
||||
YOUR_GEOIP+="${city}${country}" # Either one but not both
|
||||
if [[ -n $city ]] && [[ -n $country ]]; then
|
||||
YOUR_GEOIP="${city}/${country}"
|
||||
elif [[ -n $city ]] || [[ -n $country ]]; then
|
||||
YOUR_GEOIP="${city}${country}" # Either one but not both
|
||||
fi
|
||||
}
|
||||
|
||||
@ -963,8 +934,13 @@ fi
|
||||
SF_PRJ="${PRJ//[^a-zA-Z0-9._]}"
|
||||
SF_PRJ="${SF_PRJ:0:32}"
|
||||
}
|
||||
|
||||
[[ -n $TOKEN ]] && {
|
||||
SF_TOKEN="${TOKEN//[^a-zA-Z0-9._:]}"
|
||||
SF_TOKEN="${SF_TOKEN:0:32}"
|
||||
}
|
||||
# Unset user supplied env variables
|
||||
unset SECRET HUSTLOGIN HIDEIP PRJ
|
||||
unset SECRET HUSTLOGIN HIDEIP PRJ TOKEN
|
||||
### ----END SANITIZE----
|
||||
|
||||
# Only output progress if this is a login shell _and_ not HUSHLOGIN
|
||||
@ -1116,6 +1092,7 @@ xmkdir "${selfdir}"
|
||||
[[ -n $SF_DEBUG ]] && export SF_DEBUG
|
||||
# exec_devnull docker run --runtime=sysbox-runc \
|
||||
exec_devnull docker run \
|
||||
"${SYSBOX_ARGS[@]}" \
|
||||
--hostname "sf-${SF_HOSTNAME}" \
|
||||
"${DOCKER_ARGS[@]}" \
|
||||
--rm \
|
||||
@ -1144,6 +1121,7 @@ exec_devnull docker run \
|
||||
--log-driver "${SF_DOCKER_LOG}" \
|
||||
--tmpfs /tmp:exec `# GoLang needs /tmp to be executeable` \
|
||||
--sysctl net.ipv6.conf.all.disable_ipv6=0 `# Allow IPv6 (used by WireGuard FOBs)` \
|
||||
-v "${SF_BASEDIR}/data/share/:/sf/share:ro" \
|
||||
-v "${SF_CFG_GUEST_DIR:?}/:/config/guest:ro" \
|
||||
-v "${SF_GUEST_SELFDIR:?}/lg-${LID}:/config/self:ro,slave" \
|
||||
-v "${SF_ENCFS_SEC_DIR}/lg-${LID}:/sec:slave" \
|
||||
@ -1202,9 +1180,6 @@ tofile "${C_IP:?}" "/config/self-for-guest/lg-${LID}/c_ip"
|
||||
|
||||
echo_pty -e "....[${CG}OK${CN}]"
|
||||
|
||||
# Show help how to connect elegantly
|
||||
print_ssh_access
|
||||
|
||||
# Spawn shell
|
||||
spawn_shell_exit "$@"
|
||||
# NOT REACHED
|
||||
|
@ -21,9 +21,14 @@ LG_MAC=$(docker inspect -f '{{ (index .NetworkSettings.Networks "sf-guest").MacA
|
||||
# nsenter -t "${SF_ROUTER_PID:?}" -n ip neigh add "${C_IP:?}" lladdr "${LG_MAC:?}" dev XXX
|
||||
nsenter -t "${SF_ROUTER_PID:?}" -n arp -s "${C_IP:?}" "${LG_MAC:?}"
|
||||
|
||||
# echo nsenter.u1000 -t "${LG_PID:?}" --setuid 0 --setgid 0 -n arp -s "${SF_NET_LG_ROUTER_IP}" "${LG_ROUTER_MAC}"
|
||||
nsenter.u1000 -t "${LG_PID:?}" --setuid 0 --setgid 0 -n arp -s "${SF_NET_LG_ROUTER_IP}" "${LG_ROUTER_MAC}"
|
||||
# echo nsenter.u1000 -t "${LG_PID:?}" --setuid 0 --setgid 0 -n arp -s "${SF_RPC_IP}" "${LG_RPC_MAC}"
|
||||
nsenter.u1000 -t "${LG_PID:?}" --setuid 0 --setgid 0 -n arp -s "${SF_RPC_IP}" "${LG_RPC_MAC}"
|
||||
|
||||
# 255.0.0.1 always points to guest's localhost: user can now set up a ssh -D1080 and connect with browser to
|
||||
# 255.0.0.1 and reach guest's 127.0.0.1.
|
||||
# echo nsenter.u1000 -t "${LG_PID}" -n iptables -t nat -A OUTPUT -p tcp --dst 255.0.0.1 -j DNAT --to-destination 127.0.0.1
|
||||
nsenter.u1000 -t "${LG_PID}" -n iptables -t nat -A OUTPUT -p tcp --dst 255.0.0.1 -j DNAT --to-destination 127.0.0.1
|
||||
|
||||
exit 0
|
Loading…
Reference in New Issue
Block a user