mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-28 17:51:22 +00:00
nginx-delay
This commit is contained in:
parent
e6592598c7
commit
4fff75b1ec
@ -1,5 +1,26 @@
|
||||
version: "3.7"
|
||||
services:
|
||||
# EncFS for /onion and /everyone
|
||||
sf-encfs:
|
||||
build: encfs
|
||||
image: sf-encfs
|
||||
restart: ${SF_RESTART:-on-failure}
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
security_opt:
|
||||
- apparmor:unconfined
|
||||
environment:
|
||||
- SF_SEED
|
||||
- SF_DEBUG
|
||||
command: ["/mount.sh", "server"]
|
||||
network_mode: none
|
||||
devices:
|
||||
- "/dev/fuse:/dev/fuse"
|
||||
volumes:
|
||||
- "${SF_BASEDIR:-.}/config/etc/seed:/config/etc/seed"
|
||||
- "${SF_BASEDIR:-.}/data/sf:/encfs/raw"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/encfs-sec/sf:/encfs/sec:shared"
|
||||
|
||||
dns-doh:
|
||||
image: crazymax/cloudflared
|
||||
restart: ${SF_RESTART:-on-failure}
|
||||
@ -117,7 +138,7 @@ services:
|
||||
- SF_SEED
|
||||
volumes:
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/run/gsnc:/sf/run/gsnc"
|
||||
- "${SF_BASEDIR:-.}/config/etc/seed:/config/seed"
|
||||
- "${SF_BASEDIR:-.}/config/etc/seed:/config/etc/seed"
|
||||
entrypoint: ["/sf-gsnc.sh", "172.20.0.110"]
|
||||
|
||||
segfault:
|
||||
@ -151,36 +172,16 @@ services:
|
||||
volumes:
|
||||
- "${SF_BASEDIR:-.}/config/etc/ssh:/config/etc/ssh"
|
||||
- "${SF_BASEDIR:-.}/config/db:/config/db"
|
||||
- "${SF_BASEDIR:-.}/config/etc/seed:/config/seed"
|
||||
- "${SF_BASEDIR:-.}/config/etc/seed:/config/etc/seed"
|
||||
- "${SF_BASEDIR:-.}/config/etc/info:/config/etc/info:ro"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/encfs-sec/sf:/sec:slave"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
|
||||
# EncFS for /onion and /everyone
|
||||
sf-encfs:
|
||||
build: encfs
|
||||
image: sf-encfs
|
||||
restart: ${SF_RESTART:-on-failure}
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
security_opt:
|
||||
- apparmor:unconfined
|
||||
environment:
|
||||
- SF_SEED
|
||||
- SF_DEBUG
|
||||
command: ["/mount.sh", "server"]
|
||||
network_mode: none
|
||||
devices:
|
||||
- "/dev/fuse:/dev/fuse"
|
||||
volumes:
|
||||
- "${SF_BASEDIR:-.}/config/etc/seed:/config/seed"
|
||||
- "${SF_BASEDIR:-.}/data/sf:/encfs/raw"
|
||||
- "${SF_SHMDIR:-/dev/shm/sf}/encfs-sec/sf:/encfs/sec:shared"
|
||||
|
||||
nginx:
|
||||
image: nginx
|
||||
restart: ${SF_RESTART:-on-failure}
|
||||
depends_on:
|
||||
- dnsmasq # FIXME: This delays nginx until SHMDIR/encfs-sec/sf/onion-www is available
|
||||
- sf-encfs
|
||||
dns: 255.255.255.255
|
||||
networks:
|
||||
|
@ -22,10 +22,10 @@ _term()
|
||||
create_load_seed()
|
||||
{
|
||||
[[ -n $SF_SEED ]] && return
|
||||
[[ ! -f "/config/seed/seed.txt" ]] && {
|
||||
head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32 >/config/seed/seed.txt || { echo >&2 "Can't create \${SF_BASEDIR}/config/etc/seed/seed.txt"; exit 255; }
|
||||
[[ ! -f "/config/etc/seed/seed.txt" ]] && {
|
||||
head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32 >/config/etc/seed/seed.txt || { echo >&2 "Can't create \${SF_BASEDIR}/config/etc/seed/seed.txt"; exit 255; }
|
||||
}
|
||||
SF_SEED="$(cat /config/seed/seed.txt)"
|
||||
SF_SEED="$(cat /config/etc/seed/seed.txt)"
|
||||
[[ -z $SF_SEED ]] && { echo -e >&2 "mount.sh: Failed to generated SF_SEED="; exit 254; }
|
||||
}
|
||||
|
||||
@ -39,6 +39,10 @@ sf_server_init()
|
||||
ENCFS_SERVER_PASS=$(echo -n "EncFS-SERVER-PASS-${SF_SEED}" | sha512sum | base64 | tr -dc '[:alpha:]' | head -c 24)
|
||||
}
|
||||
|
||||
# The server needs to be initialized differently. All instances are started
|
||||
# from docker compose. Some are started before EncFS can mount the directory.
|
||||
# NgingX is a good example. Thus Nginx needs to check unti IS-ENCRYPTED.TXT
|
||||
# appears and exit otherwise.
|
||||
sf_server()
|
||||
{
|
||||
sf_server_init
|
||||
@ -46,7 +50,14 @@ sf_server()
|
||||
echo "THIS-IS-NOT-ENCRYPTED *** DO NOT USE *** " >/encfs/sec/IS-NOT-ENCRYPTED.txt
|
||||
encfs --standard -o nonempty -o allow_other -f --extpass="echo \"${ENCFS_SERVER_PASS}\"" "/encfs/raw" "/encfs/sec" -- -o noexec,noatime &
|
||||
cpid=$!
|
||||
wait $cpid # SIGTERM will wake us
|
||||
|
||||
# Give it 5 seconds and check if it is encrypted.
|
||||
sleep 5
|
||||
[[ ! -e /encfs/sec/IS-NOT-ENCRYPTED.txt ]] && {
|
||||
# We are encrypted!
|
||||
touch /encfs/sec/IS-ENCRYPTED.txt
|
||||
wait $cpid # SIGTERM will wake us
|
||||
}
|
||||
# SIGTERM or wrong SF_SEED
|
||||
echo -e "${CR}[$cpid] EncFS EXITED with $?..."
|
||||
|
||||
|
@ -3,15 +3,15 @@
|
||||
create_load_seed()
|
||||
{
|
||||
[[ -n $SF_SEED ]] && return
|
||||
[[ ! -f "/config/seed/seed.txt" ]] && {
|
||||
head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32 >/config/seed/seed.txt || { echo >&2 "Can't create \${SF_BASEDIR}/config/etc/seed/seed.txt"; exit 255; }
|
||||
[[ ! -f "/config/etc/seed/seed.txt" ]] && {
|
||||
head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32 >/config/etc/seed/seed.txt || { echo >&2 "Can't create \${SF_BASEDIR}/config/etc/seed/seed.txt"; exit 255; }
|
||||
}
|
||||
SF_SEED="$(cat /config/seed/seed.txt)"
|
||||
SF_SEED="$(cat /config/etc/seed/seed.txt)"
|
||||
[[ -z $SF_SEED ]] && { echo >&2 "Failed to generated SF_SEED="; exit 254; }
|
||||
}
|
||||
|
||||
[[ ! -d /sf/run/gsnc ]] && { echo >&2 "Forgot -v \${SF_SHMDIR:-/dev/shm/sf}/run/gsnc:/sf/run/gsnc?"; sleep 5; exit 253; }
|
||||
[[ ! -d /config/seed ]] && { echo >&2 "Forgot -v config/etc/seed:/config/seed?"; sleep 5; exit 252; }
|
||||
[[ ! -d /config/etc/seed ]] && { echo >&2 "Forgot -v config/etc/seed:/config/etc/seed?"; sleep 5; exit 252; }
|
||||
|
||||
create_load_seed
|
||||
|
||||
|
@ -6,7 +6,7 @@ CR="\e[1;31m" # red
|
||||
CN="\e[0m" # none
|
||||
|
||||
|
||||
ERREXIT()
|
||||
SLEEPEXIT()
|
||||
{
|
||||
local s
|
||||
local code
|
||||
@ -25,10 +25,10 @@ create_load_seed()
|
||||
{
|
||||
[[ -n $SF_SEED ]] && return
|
||||
[[ ! -f "/config/etc/seed/seed.txt" ]] && {
|
||||
head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32 >/config/seed/seed.txt || { echo >&2 "Can't create \${SF_BASEDIR}/config/etc/seed/seed.txt"; exit 255; }
|
||||
head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32 >/config/etc/seed/seed.txt || { echo >&2 "Can't create \${SF_BASEDIR}/config/etc/seed/seed.txt"; exit 255; }
|
||||
}
|
||||
SF_SEED="$(cat /config/etc/seed/seed.txt)"
|
||||
[[ -z $SF_SEED ]] && ERREXIT 254 "Failed to generated SF_SEED="
|
||||
[[ -z $SF_SEED ]] && SLEEPEXIT 254 5 "Failed to generated SF_SEED="
|
||||
}
|
||||
|
||||
setup_sshd()
|
||||
@ -54,7 +54,7 @@ setup_sshd()
|
||||
done
|
||||
}
|
||||
|
||||
[[ -d /config/db ]] || ERREXIT 255 5 "${CR}Not found: /config/db${CN}. Try -v \${SF_BASEDIR}/config:/config,ro -v \${SF_BASEDIR}/config/db:/config/db"
|
||||
[[ -d /config/db ]] || SLEEPEXIT 255 5 "${CR}Not found: /config/db${CN}. Try -v \${SF_BASEDIR}/config:/config,ro -v \${SF_BASEDIR}/config/db:/config/db"
|
||||
|
||||
create_load_seed
|
||||
|
||||
@ -63,15 +63,15 @@ setup_sshd
|
||||
# This is the entry point for SF-HOST (e.g. host/Dockerfile)
|
||||
# Fix ownership if mounted from within vbox
|
||||
[[ -e /config/etc/ssh/ssh_host_rsa_key ]] || {
|
||||
[[ ! -d "/config/etc/ssh" ]] && { mkdir -p "/config/etc/ssh" || ERREXIT 255 5; }
|
||||
[[ ! -d "/config/etc/ssh" ]] && { mkdir -p "/config/etc/ssh" || SLEEPEXIT 255 5; }
|
||||
|
||||
ssh-keygen -A -f "/config" 2>&1 # Always return 0, even on failure.
|
||||
[[ ! -f "/config/etc/ssh/ssh_host_rsa_key" ]] && ERREXIT 255 5
|
||||
[[ ! -f "/config/etc/ssh/ssh_host_rsa_key" ]] && SLEEPEXIT 255 5
|
||||
}
|
||||
|
||||
[[ -e /config/etc/ssh/id_ed25519 ]] || {
|
||||
ssh-keygen -q -t ed25519 -C "" -N "" -f /config/etc/ssh/id_ed25519 2>&1
|
||||
[[ ! -f "/config/etc/ssh/id_ed25519" ]] && ERREXIT 255 5
|
||||
[[ ! -f "/config/etc/ssh/id_ed25519" ]] && SLEEPEXIT 255 5
|
||||
}
|
||||
|
||||
chmod 644 /config/etc/ssh/id_ed25519
|
||||
|
@ -247,6 +247,7 @@ if [[ "$(exec_errnull docker container inspect "encfs-${LID}" -f '{{.State.Statu
|
||||
--cpu-shares=256 \
|
||||
--blkio-weight=10 \
|
||||
--oom-score-adj=500 \
|
||||
--rm \
|
||||
--name "encfs-${LID}" \
|
||||
--cap-add SYS_ADMIN \
|
||||
--device /dev/fuse \
|
||||
|
@ -112,7 +112,7 @@ init_config_run()
|
||||
[[ ! -d "${SF_BASEDIR}/config/etc/tc" ]] && SUDO_SF "cp -r \"${SFI_SRCDIR}/config/etc/tc\" \"${SF_BASEDIR}/config/etc\""
|
||||
|
||||
# Copy info directory
|
||||
[[ ! -d "${SF_BASEDIR}/config/etc/info" ]] && SUDO_SF "cp -r \"${SFI_SRCDIR}/config/etc/info\" \"${SF_BASEDIR}/config/info\""
|
||||
[[ ! -d "${SF_BASEDIR}/config/etc/info" ]] && SUDO_SF "cp -r \"${SFI_SRCDIR}/config/etc/info\" \"${SF_BASEDIR}/config/etc\""
|
||||
|
||||
# Create Master-SEED
|
||||
if [[ -z $SF_SEED ]]; then
|
||||
|
Loading…
Reference in New Issue
Block a user