From 4faa39f3a904b3550af52366e831270d4b62aab8 Mon Sep 17 00:00:00 2001 From: rrr-marble Date: Sun, 19 Jun 2022 21:13:46 +0300 Subject: [PATCH] initial commit --- dns4netns@.service | 12 ++++++++++++ propnetnsup@.service | 18 ++++++++++++++++++ ss2netns.service | 14 ++++++++++++++ systemd-netns@.service | 19 +++++++++++++++++++ tor2netns.service | 16 ++++++++++++++++ 5 files changed, 79 insertions(+) create mode 100644 dns4netns@.service create mode 100644 propnetnsup@.service create mode 100644 ss2netns.service create mode 100644 systemd-netns@.service create mode 100644 tor2netns.service diff --git a/dns4netns@.service b/dns4netns@.service new file mode 100644 index 0000000..600e486 --- /dev/null +++ b/dns4netns@.service @@ -0,0 +1,12 @@ +[Unit] +Description=DoH DNS server inside %I netns +BindsTo=systemd-netns@%i.service propnetnsup@%i.service +After=systemd-netns@%i.service propnetnsup@%i.service +JoinsNamespaceOf=systemd-netns@%i.service + +[Service] +Type=exec +ExecStart=/usr/bin/ip netns exec %I doh-client -conf /etc/dns-over-https/doh-client.conf -verbose + +PrivateNetwork=true +PrivateTmp=true diff --git a/propnetnsup@.service b/propnetnsup@.service new file mode 100644 index 0000000..650438b --- /dev/null +++ b/propnetnsup@.service @@ -0,0 +1,18 @@ +[Unit] +Description=Prop %I netns up with addresses and such +BindsTo=systemd-netns@%i.service +Requires=systemd-netns@%i.service sys-subsystem-net-devices-ens0.device +After=systemd-netns@%i.service sys-subsystem-net-devices-ens0.device + + + +[Service] +Type=oneshot +RemainAfterExit=true +ExecStart=/usr/bin/ip link set dev ens0 netns %I +ExecStart=/usr/bin/ip netns exec %I ip address add 10.0.0.11 dev ens0 +ExecStart=/usr/bin/ip netns exec %I ip link set dev ens0 up +ExecStart=/usr/bin/ip netns exec %I ip -6 route add default dev ens0 +ExecStart=/usr/bin/ip netns exec %I ip route add default dev ens0 + +PrivateTmp = true diff --git a/ss2netns.service b/ss2netns.service new file mode 100644 index 0000000..1eb1671 --- /dev/null +++ b/ss2netns.service @@ -0,0 +1,14 @@ +[Unit] +Description=Turn shadowsocks proxy into network namespace +BindsTo=systemd-netns@shadowed.service +After=systemd-netns@shadowed.service +Wants=dns4netns@shadowed.service propnetnsup@shadowed.service +Before=dns4netns@shadowed.service propnetnsup@shadowed.service +PropagatesStopTo=systemd-netns@shadowed.service dns4netns@shadowed.service propnetnsup@shadowed.service +PropagatesReloadTo=dns4netns@shadowed.service propnetnsup@shadowed.service + + +[Service] +Type=exec +ExecStart=/usr/bin/ssservice local --log-without-time --protocol tun --tun-interface-name ens0 --config /etc/shadowsocks/config.json +PrivateTmp = true diff --git a/systemd-netns@.service b/systemd-netns@.service new file mode 100644 index 0000000..acdf243 --- /dev/null +++ b/systemd-netns@.service @@ -0,0 +1,19 @@ +[Unit] +Description=Named network namespace %i +JoinsNamespaceOf=systemd-netns@%i.service +After=syslog.target network.target tor.service + +[Service] +Type=oneshot +RemainAfterExit=true +PrivateNetwork=true + +# Start process +ExecStartPre=-/usr/bin/ip netns delete %I +ExecStart=/usr/bin/ip netns add %I +ExecStart=/usr/bin/ip netns exec %I ip link set lo up +ExecStart=/usr/bin/umount /run/netns/%I +ExecStart=/usr/bin/mount --bind /proc/self/ns/net /run/netns/%I + +# Stop process +ExecStop=/usr/bin/ip netns delete %I diff --git a/tor2netns.service b/tor2netns.service new file mode 100644 index 0000000..71be658 --- /dev/null +++ b/tor2netns.service @@ -0,0 +1,16 @@ +[Unit] +Description=Turn tor socks proxy into network namespace +#Description=SOCKSPort unix:/run/tor/socks WorldWritable is requred +AssertPathExists=/run/tor/socks +BindsTo=tor.service systemd-netns@tored.service +After=tor.service systemd-netns@tored.service +Wants=dns4netns@tored.service propnetnsup@tored.service +Before=dns4netns@tored.service propnetnsup@tored.service +PropagatesStopTo=systemd-netns@tored.service +PropagatesReloadTo=dns4netns@tored.service + + +[Service] +Type=exec +ExecStart=/usr/bin/tun2socks --device ens0 --proxy /run/tor/socks +PrivateTmp = true