mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-26 00:38:36 +00:00
clean
This commit is contained in:
parent
147b728e95
commit
459d81ac5d
@ -76,8 +76,9 @@ services:
|
||||
volumes:
|
||||
- "${SF_BASEDIR:-.}/config/db:/config/db:ro"
|
||||
- "${SF_BASEDIR:-.}/data:/encfs/raw"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/self-for-guest:/config/self-for-guest"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/encfs-sec:/encfs/sec:shared"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/run/encfsd/user/:/sf/run/encfsd/user"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/run:/sf/run"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/run/redis/sock:/redis-sock"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
- "${SF_BASEDIR:-.}/sfbin:/sf/bin:ro"
|
||||
@ -465,6 +466,7 @@ services:
|
||||
entrypoint: ["nginx", "-g", "daemon off;"]
|
||||
volumes:
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}:/dev/shm/sf"
|
||||
- "${SF_BASEDIR:-.}/config/db:/config/db"
|
||||
- "${SF_BASEDIR:-.}/config/etc/nginx/nginx-rpc.conf:/etc/nginx/nginx.conf:ro"
|
||||
|
||||
wg:
|
||||
@ -627,7 +629,7 @@ services:
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/run:/sf/run"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/encfs-sec/www-root:/sec/www-root:slave"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/config-for-guest:/config/guest"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/self-for-guest:/config/self-for-guest:shared"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/self-for-guest:/config/self-for-guest"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
- "/var/lib/lxcfs:/var/lib/lxcfs:ro"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/run/redis/sock:/redis-sock"
|
||||
|
@ -30,6 +30,7 @@ stop_lg()
|
||||
rm -f "/sf/run/encfsd/user/lg-${lid}"
|
||||
rm -f "/sf/run/pids/lg-${lid}.pid"
|
||||
rm -f "/sf/run/ips/lg-${lid}.ip"
|
||||
rm -rf "/config/self-for-guest/lg-${lid}"
|
||||
|
||||
# Tear down container
|
||||
[[ -n $is_container ]] && docker stop "lg-$lid" &>/dev/nuill
|
||||
@ -38,7 +39,15 @@ stop_lg()
|
||||
# inside the container even that we never moved it into the container's
|
||||
# Process Namespace. EncFS will also die when the lg- is shut down.
|
||||
# This is only neede for cgroup1:
|
||||
[[ -n $is_encfs ]] && pkill -SIGTERM -f "^\[encfs-${lid}\]" 2>/dev/null
|
||||
[[ -n $is_encfs ]] && {
|
||||
pkill -SIGTERM -f "^\[encfs-${lid}\]" 2>/dev/null
|
||||
# Give kernel time to unmount mountpoint
|
||||
sleep 1
|
||||
}
|
||||
# Do not use 'rm -rf' here as this might still be a mounted drive
|
||||
# when encfsd is not killed fast enough (failing to delete is acceptable).
|
||||
rm -f "/encfs/sec/lg-${lid}/THIS-DIRECTORY-IS-NOT-ENCRYPTED--DO-NOT-USE.txt"
|
||||
rmdir "/encfs/sec/lg-${lid}"
|
||||
}
|
||||
|
||||
# [lg-$LID]
|
||||
|
@ -9,8 +9,8 @@ alias lss='ls -AlhrS'
|
||||
alias xterm='xterm-dark'
|
||||
|
||||
function dmesg {
|
||||
[[ ! -t 1 ]] && { command curl -s rpc/dmesg/ -dnocolor=1; return; }
|
||||
command curl -s rpc/dmesg/
|
||||
[[ ! -t 1 ]] && { command curl -s sf/dmesg/ -dnocolor=1; return; }
|
||||
command curl -s sf/dmesg/
|
||||
}
|
||||
|
||||
[[ -e /usr/bin/nvim ]] && {
|
||||
|
@ -33,7 +33,7 @@ This system will ${CRY}SELF-DESTRUCT${CN} in 10 seconds."
|
||||
|
||||
echo -e "${CDR}***DESTRUCT***${CN}"
|
||||
|
||||
curl -s rpc/net/del -dname=all -dnocolor=1 >/dev/null
|
||||
curl -s sf/net/del -dname=all -dnocolor=1 >/dev/null
|
||||
shopt -s dotglob
|
||||
rm -rf /onion/*
|
||||
rm -rf "/everyone/${SF_HOSTNAME,,}/"*
|
||||
|
@ -96,7 +96,7 @@ link_etc()
|
||||
done
|
||||
}
|
||||
|
||||
# Setup the instance
|
||||
# Setup the container
|
||||
# - Create home directories in /sec/root and /sec/home
|
||||
# -
|
||||
setup()
|
||||
@ -130,6 +130,9 @@ setup()
|
||||
sed "s/^SITEURL.*/SITEURL = '\/${SF_HOSTNAME,,}'/" -i /sec/www/pelicanconf.py
|
||||
}
|
||||
|
||||
# Re-Create Wireguard Endpoint
|
||||
[[ -n $WGNAME_UP ]] && curl -s sf/net/up -dnocreat=1 -dname="${WGNAME_UP}"
|
||||
|
||||
# Setup rc.local (if not exist)
|
||||
[[ ! -f /sec/usr/etc/rc.local ]] && setup_rclocal
|
||||
# Link any /etc/* file to /sec/usr/etc if it exists...
|
||||
@ -137,13 +140,10 @@ setup()
|
||||
# Execute rc.local startup script
|
||||
/bin/bash /sec/usr/etc/rc.local
|
||||
|
||||
# Re-Create Wireguard Endpoint
|
||||
[[ -f /config/self/wgname ]] && curl -s rpc/net/up -dnocreat=1 -dname="$(</config/self/wgname)" >/dev/null
|
||||
|
||||
return 0 # TRUE
|
||||
}
|
||||
|
||||
DEBUGF "Setting up user's instance..."
|
||||
DEBUGF "Setting up user's container..."
|
||||
setup
|
||||
[[ -n $SF_IS_NEW_SERVER ]] && {
|
||||
# Newly created server.
|
||||
|
@ -1263,7 +1263,9 @@ exec_devnull docker exec sf-router /user-limit.sh "${YOUR_IP_HASH}" "${YOUR_IP}"
|
||||
exec_devnull docker exec sf-master /ready-lg.sh "${LID}" "${C_IP}" "${LG_PID}" || STOPEXIT "${LID}" 246 "Failed-#3 to ready guest container..."
|
||||
|
||||
# Setup container (within container's namespace)
|
||||
exec_devnull docker exec --user 0:0 --env SF_IS_NEW_SERVER="${SF_IS_NEW_SERVER}" "lg-${LID}" /sf/bin/sf-setup.sh || STOPEXIT "${LID}" 247 "Failed-#2 to set up guest container..."
|
||||
unset WGNAME_UP
|
||||
[[ -s "${SF_USER_DB_DIR}/wg/name_up" ]] && WGNAME_UP="$(<"${SF_USER_DB_DIR}/wg/name_up")"
|
||||
exec_devnull docker exec --user 0:0 --env SF_IS_NEW_SERVER="${SF_IS_NEW_SERVER}" --env WGNAME_UP="${WGNAME_UP}" "lg-${LID}" /sf/bin/sf-setup.sh || STOPEXIT "${LID}" 247 "Failed-#2 to set up guest container..."
|
||||
touch "/config/self-for-guest/lg-${LID}/THIS-DIRECTORY-IS-IN-MEMORY-ONLY"
|
||||
tofile "${C_IP:?}" "/config/self-for-guest/lg-${LID}/c_ip"
|
||||
|
||||
|
@ -403,7 +403,7 @@ net_down()
|
||||
# Empty file
|
||||
>"${LID_PROMPT_FN}"
|
||||
# Delete WG NAME
|
||||
rm -f "${LID_WGNAME_FN:?}"
|
||||
rm -f "${LID_WGNAME_FN:?}" "${USER_DB_WGNAME_UP_FN:?}"
|
||||
}
|
||||
|
||||
cmd_net_del()
|
||||
@ -463,7 +463,7 @@ cmd_net_show()
|
||||
# Use 'script' to force color output
|
||||
str=$(script -q -c "nsenter.u1000 --setuid 0 --setgid 0 -t \"${PID}\" -n wg show \"${WG_DEV}\"" /dev/null </dev/null)
|
||||
fi
|
||||
[[ -z $str ]] && {
|
||||
{ [[ -z $str ]] || [[ $str == *"No such device"* ]]; } && {
|
||||
echo -e "\
|
||||
${Y}WARNING${N}: No Exit Node enabled.
|
||||
Use ${C}curl sf/net/list${N} to list all Exit Nodes.
|
||||
@ -595,7 +595,12 @@ IFS=$_IFS
|
||||
LID_WGDIR="/config/db/user/lg-${LID}/wg"
|
||||
[[ ! -d "${LID_WGDIR}" ]] && mkdir "${LID_WGDIR}"
|
||||
LID_PROMPT_FN="/dev/shm/sf/self-for-guest/lg-${LID}/prompt"
|
||||
# The WGNAME needs to be stored in user's self-config so that it is avaialble to the
|
||||
# user (which must be on /dev/shm) but also perm. in db/user/lg-* to restart WG
|
||||
# after a SSC restart.
|
||||
LID_WGNAME_FN="/dev/shm/sf/self-for-guest/lg-${LID}/wgname"
|
||||
USER_DB_WGNAME_UP_FN="/config/db/user/lg-${LID}/wg/name_up"
|
||||
|
||||
# CID="${arr[1]}"
|
||||
PID="${arr[2]}"
|
||||
|
||||
@ -698,6 +703,7 @@ IFS=$_IFS
|
||||
nsenter.u1000 --setuid 0 --setgid 0 -t "${PID}" -n ip6tables -I FORWARD -i "${WG_DEV}" -j DROP
|
||||
|
||||
echo "${WT_NAME}" >"${LID_WGNAME_FN}"
|
||||
echo "${WT_NAME}" >"${USER_DB_WGNAME_UP_FN}"
|
||||
echo "(%F{yellow}EXIT:%B${WT_NAME}%b%F{%(#.blue.green)})" >"${LID_PROMPT_FN}"
|
||||
echo -e "${G}SUCCESS${N}"
|
||||
net_print_example "${WT_NAME}"
|
||||
|
Loading…
Reference in New Issue
Block a user