feat: dns server

2025-06-26 18:28:06 +00:00 · 2024-05-29 18:59:49 +03:30
parent ae787625b9
commit 06a0a3008b
24 changed files with 386 additions and 165 deletions
--- a/rootfs/etc/tor/torrc.d/bridges.conf
+++ b/rootfs/etc/tor/torrc.d/bridges.conf
@@ -0,0 +1,22 @@
+Bridge obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1
+Bridge obfs4 209.148.46.65:443 74FAD13168806246602538555B5521A0383A1875 cert=ssH+9rP8dG2NLDN2XuFw63hIO/9MNNinLmxQDpVa+7kTOa9/m+tGWT1SmSYpQ9uTBGa6Hw iat-mode=0
+Bridge obfs4 193.11.166.194:27020 86AC7B8D430DAC4117E9F42C9EAED18133863AAF cert=0LDeJH4JzMDtkJJrFphJCiPqKx7loozKN7VNfuukMGfHO0Z8OGdzHVkhVAOfo1mUdv9cMg iat-mode=0
+Bridge obfs4 146.57.248.225:22 10A6CD36A537FCE513A322361547444B393989F0 cert=K1gDtDAIcUfeLqbstggjIw2rtgIKqdIhUlHp82XRqNSq/mtAjp1BIC9vHKJ2FAEpGssTPw iat-mode=0
+Bridge obfs4 85.31.186.26:443 91A6354697E6B02A386312F68D82CF86824D3606 cert=PBwr+S8JTVZo6MPdHnkTwXJPILWADLqfMGoVvhZClMq/Urndyd42BwX9YFJHZnBB3H0XCw iat-mode=0
+Bridge obfs4 193.11.166.194:27025 1AE2C08904527FEA90C4C4F8C1083EA59FBC6FAF cert=ItvYZzW5tn6v3G4UnQa6Qz04Npro6e81AP70YujmK/KXwDFPTs3aHXcHp4n8Vt6w/bv8cA iat-mode=0
+Bridge obfs4 51.222.13.177:80 5EDAC3B810E12B01F6FD8050D2FD3E277B289A08 cert=2uplIpLQ0q9+0qMFrK5pkaYRDOe460LL9WHBvatgkuRr/SL31wBOEupaMMJ6koRE6Ld0ew iat-mode=0
+Bridge obfs4 104.248.160.91:2222 A325B20EFB810998C288AC1A0FD6A436A9FEB315 cert=S58sPEqveRCFfV9zkWBaqAyM5hX3eHKZ62kNdbGGfvcYPY2K93KDIkeCpTcfDgYk08rNcQ iat-mode=0
+Bridge obfs4 85.31.186.98:443 011F2599C0E9B27EE74B353155E244813763C3E5 cert=ayq0XzCwhpdysn5o0EyDUbmSOx3X/oTEbzDMvczHOdBJKlvIdHHLJGkZARtT4dcBFArPPg iat-mode=0
+Bridge obfs4 37.218.245.14:38224 D9A82D2F9C2F65A18407B1D2B764F130847F8B5D cert=bjRaMrr1BRiAW8IE9U5z27fQaYgOhX1UCmOpg2pFpoMvo6ZgQMzLsaTzzQNTlm7hNcb+Sg iat-mode=0
+Bridge obfs4 31.18.117.18:9899 13BD8D1786AB84231D2630840142E81B0DDDAD19 cert=E31AG94vkhaX3Wc8X3Q/jy93q9bAXnzJsAAYY4yOgt7aTmtnfDf8/DJxyx37CTKYOaEJGw iat-mode=0
+Bridge obfs4 86.88.234.28:50001 DE6145637D189CEBF7B052DFC111A511B2BE8072 cert=FXAneGUETzpaw5oxNqO1Wi3EWLBSgbeIN0Z8GVFxromPutq6JkduMpzzvbQpyfYcGYjyJw iat-mode=0
+Bridge obfs4 65.108.214.170:23909 8ABD0C0130A37EB3F686F883BCE6D5E59F66C228 cert=mJZdHhaAk6VzaOjQA1UWGkVbDbGqLRuNSuBSk0evlfKRKVzb2EmNio2N0ja+JG1to8KWYw iat-mode=0
+Bridge obfs4 92.243.27.238:46311 2E5DC5F2632535630E87883262F967DA376700E2 cert=1BAr2DKmCPxel2DTMXKyOQgoxHM2q6SqJ0tDrZdlyCCrBXhJhsGCICWWZpBEuVB6bdMVWA iat-mode=0
+Bridge obfs4 129.213.132.232:50913 5F163F907B3CFCCA66639EE297C2CD27006F7235 cert=ojqfACdTxWZNEPZwfEbAbDMMumnxzwoRAVMRwjkVl5RDH1h1j38YALzRhFFVpzsu7ZthQw iat-mode=0
+Bridge obfs4 79.215.99.47:9531 DC1A7B010A348F3A6BE0750D38428D1EAD976D69 cert=TX3XOj1SX3fAB9yoA4dCx8Geu325i564gwIBgnAMyhP6NBdd9dW90gJpWQXKL/VC2BlTNQ iat-mode=0
+Bridge obfs4 167.235.71.161:25754 EED9A10892988E28ADCFDDF19AB4F8868C51892D cert=6q19P7O+Zcai7mCxDCVIjiQnrufsMO4X5Ky88dcNBI2H5+LUqNMIcr3kNV3Cd7sKcgUSeg iat-mode=0
+Bridge obfs4 65.21.6.66:15751 4D0BEE93BABCFBCD837BB33344850B78FFECD9FF cert=29a0bbjME3mTxC5wcafYAS4v43DVyOtSQWx374De7R38ARiVQZZ3fORSwgGCtDMCFZyxcw iat-mode=0
+Bridge obfs4 185.177.207.205:11205 084113B9A27A8087C26236EF67A16784DF58D7F0 cert=pzuLxMv5n+7nRqX2czUQGh8JZBCMEVUHlkciocGRpX2IsPlTqd1YyXFQxRwfsYEFuuBdBQ iat-mode=2
+Bridge obfs4 51.75.74.245:8356 18C27C9850967FD4BF4188963C1AEBEC40807823 cert=y6cQEx4d/25KALeqJA+2uB+6rmzoD9KZ0FrQGNwxb10yVj3mDjHtOneqcqhRT+BADhCTYg iat-mode=0
+Bridge obfs4 91.134.100.128:51106 ABB9F62BEC331EE5DE7B3C3BEA014F8910E0C6BD cert=bC5k/PWVu06cSPhSm6mrQDBevReEpdtpokmDibpK0MBxRaVnn0S3O6YvEi4BDUeasn71bA iat-mode=0
+Bridge obfs4 51.83.252.216:45918 C2B7E51665111C9BE43894E90B9A65DD8A25490D cert=oQgHCdMhvfF44gwHJssSHXltUE4r8gddEQeZ4iy17XHZMP+ql2QTG9LziiEqNfNCqFDBSw iat-mode=0
--- a/rootfs/etc/tor/torrc.template
+++ b/rootfs/etc/tor/torrc.template
@@ -0,0 +1,9 @@
+##### Auto-Generated by the WireAdmin. Do not edit. #####
+AutomapHostsOnResolve 1
+VirtualAddrNetwork 10.192.0.0/10
+DNSPort {{INET_ADDRESS}}:53530
+User tor
+DataDirectory /var/lib/tor
+TransPort {{INET_ADDRESS}}:59040 IsolateClientAddr IsolateClientProtocol IsolateDestAddr IsolateDestPort
+ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/lyrebird
+%include /etc/tor/torrc.d/*.conf
--- a/rootfs/etc/wireadmin/internal/dns.sh
+++ b/rootfs/etc/wireadmin/internal/dns.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+DNSMASQ_CONFIG=/etc/dnsmasq.d/tor-dns.conf
+
+setup_dns() {
+  local _TOR_DNS_PORT="$(get_torrc_option "DNSPort")"
+  local _TOR_DNS_HOST="127.0.0.1"
+  if [ -z "$_TOR_DNS_PORT" ]; then
+    log ERROR "DNSPort is not set in $TOR_CONFIG"
+    exit 1
+  fi
+
+  if echo "$_TOR_DNS_PORT" | grep -q ":"; then
+    _TOR_DNS_HOST="$(awk -F: '{print $1}' <<< "$_TOR_DNS_PORT")"
+    _TOR_DNS_PORT="$(awk -F: '{print $2}' <<< "$_TOR_DNS_PORT")"
+  fi
+
+  # DNS must be a number
+  if ! [[ "$_TOR_DNS_PORT" =~ ^[0-9]+$ ]]; then
+    log ERROR "DNSPort options is malformed."
+    exit 1
+  fi
+
+  log NOTICE "Setting up Dnsmasq to use Tor DNS on $_TOR_DNS_HOST:$_TOR_DNS_PORT"
+
+  _IFACE="$(ip route show default | awk '/default/ {print $5}')"
+
+  tee /etc/resolv.conf &> /dev/null << EOF
+# Generated by WireAdmin; DO NOT EDIT
+nameserver 127.0.0.1
+option allow-domains *.onion
+search .
+EOF
+
+  tee "$DNSMASQ_CONFIG" &> /dev/null << EOF
+pid-file=/var/run/dnsmasq.pid
+interface=$_IFACE
+user=dnsmasq
+group=dnsmasq
+bind-dynamic
+no-resolv
+no-poll
+no-negcache
+bogus-priv
+log-queries
+domain-needed
+cache-size=1500
+min-port=4096
+server=$_TOR_DNS_HOST#$_TOR_DNS_PORT
+log-facility=/var/log/dnsmasq/dnsmasq.log
+EOF
+  mkdir -p /var/log/dnsmasq
+  uown dnsmasq /var/log/dnsmasq
+}
--- a/rootfs/etc/wireadmin/internal/logrotate.sh
+++ b/rootfs/etc/wireadmin/internal/logrotate.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+setup_logrotate() {
+  tee "/etc/logrotate.d/rotator" &> /dev/null << EOF
+/var/log/dnsmasq/dnsmasq.log
+/var/log/wireadmin/*.log {
+  size 512K
+  rotate 3
+  missingok
+  notifempty
+  create 0640 root adm
+  copytruncate
+}
+EOF
+}
--- a/rootfs/etc/wireadmin/internal/tor.sh
+++ b/rootfs/etc/wireadmin/internal/tor.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+
+TOR_CONFIG="/etc/tor/torrc"
+TOR_CONFIG_TEMPLATE="$TOR_CONFIG.template"
+
+_cleanse_config() {
+  # Remove comment line with single Hash
+  sed -i '/^#\([^#]\)/d' "$TOR_CONFIG"
+
+  # Remove options with no value. (KEY[:space:]{...VALUE})
+  sed -i '/^[^ ]* $/d' "$TOR_CONFIG"
+
+  # Remove duplicate lines
+  sed -i '/^$/N;/\n.*\n/d' "$TOR_CONFIG"
+
+  # Remove double empty lines
+  sed -i '/^$/N;/^\n$/D' "$TOR_CONFIG"
+}
+
+_fix_permissions() {
+  mkdir -p /var/lib/tor
+  uown tor /var/lib/tor
+  chmod +x /var/lib/tor
+}
+
+_load_from_env() {
+  local added_count=0
+  local updated_count=0
+  for _env_name in $(env | grep -o "^TOR_[^=]*"); do
+
+    # skip custom options
+    if [[ " ${CUSTOM_TOR_OPTIONS[*]} " == *" ${_env_name} "* ]]; then
+      continue
+    fi
+
+    local env_value="${!_env_name}"
+
+    # remove prefix and convert to camel case
+    local option=$(to_camel_case "${_env_name#TOR_}")
+    if [ -n "$env_value" ]; then
+
+      # Check if there is a corresponding option in the torrc file, and update it
+      if grep -i -q "^$option" "$TOR_CONFIG"; then
+        sed -i "s/^$option.*/$option $env_value/" "$TOR_CONFIG"
+        updated_count=$((updated_count + 1))
+      else
+        echo "$option $env_value" >> "$TOR_CONFIG"
+        added_count=$((added_count + 1))
+      fi
+
+    fi
+  done
+
+  # Add a blank line at the end of the file
+  echo "" >> "$TOR_CONFIG"
+
+  if [ "$added_count" -gt 0 ] || [ "$updated_count" -gt 0 ]; then
+    echo ""
+    log NOTICE "Added $added_count and updated $updated_count options from environment variables."
+  fi
+
+}
+
+generate_tor_config() {
+  # Copying the torrc template to the torrc file
+  cp "${TOR_CONFIG_TEMPLATE}" "$TOR_CONFIG"
+
+  # IP address of the container
+  local inet_address="$(hostname -i | awk '{print $1}')"
+
+  sed -i "s/{{INET_ADDRESS}}/$inet_address/g" "$TOR_CONFIG"
+
+  # any other environment variables that start with TOR_ are added to the torrc
+  # file
+  env | grep ^TOR_ | sed -e 's/TOR_//' -e 's/=/ /' | while read -r line; do
+    key=$(echo "$line" | awk '{print $1}')
+    value=$(echo "$line" | awk '{print $2}')
+    key=$(to_camel_case "$key")
+    echo "$key $value" >> "$TOR_CONFIG"
+  done
+
+  # Removing duplicated tor options
+  awk -F= '!a[tolower($1)]++' "$TOR_CONFIG" > "/tmp/$(basename "$TOR_CONFIG")" \
+    && mv "/tmp/$(basename "$TOR_CONFIG")" "$TOR_CONFIG"
+
+  _load_from_env
+  _cleanse_config
+  _fix_permissions
+
+  log "notice" "Tor configuration file has been generated"
+}
+
+get_torrc_option() {
+  grep -i "^$1" "$TOR_CONFIG" | awk '{print $2}'
+}
--- a/rootfs/etc/wireadmin/xscript.sh
+++ b/rootfs/etc/wireadmin/xscript.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+source /etc/wireadmin/internal/dns.sh
+source /etc/wireadmin/internal/logrotate.sh
+source /etc/wireadmin/internal/tor.sh
+
+uppercase() {
+  echo "$1" | tr '[:lower:]' '[:upper:]'
+}
+
+log() {
+  echo -e "$(date +"%b %d %H:%M:%S %Z") [$(uppercase "$1")] $2"
+}
+
+to_camel_case() {
+  echo "$1" | awk -F_ '{for(i=1;i<=NF;i++) $i=toupper(substr($i,1,1)) tolower(substr($i,2));}1' OFS=""
+}
+
+uown() {
+  _UID="$(id -u "$1")"
+  chown -R "$_UID":"$_UID" "$2"
+}