#!/bin/bash # Køres som root inde i LXC'en. Idempotent. set -euo pipefail if [[ "$EUID" -ne 0 ]]; then echo "must be run as root" >&2 exit 1 fi SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" # 1. APT deps export DEBIAN_FRONTEND=noninteractive apt-get update apt-get install -y --no-install-recommends \ wireguard-tools \ iproute2 \ iptables \ ca-certificates \ git \ build-essential \ procps # 2. Build + install microsocks (lille, ingen runtime deps) if ! command -v microsocks >/dev/null 2>&1; then tmp=$(mktemp -d) git clone --depth=1 https://github.com/rofl0r/microsocks.git "$tmp" make -C "$tmp" install -Dm755 "$tmp/microsocks" /usr/local/bin/microsocks rm -rf "$tmp" fi # 3. Install fetch-service binary (forventes pushet ind af host-scriptet) if [[ ! -x /usr/local/bin/weircon-random-proxy ]]; then echo "ERR: /usr/local/bin/weircon-random-proxy mangler — push den fra host'en først" >&2 exit 1 fi # 4. Helper-scripts install -Dm755 "$SCRIPT_DIR/netns-up.sh" /usr/local/sbin/weircon-netns-up install -Dm755 "$SCRIPT_DIR/netns-down.sh" /usr/local/sbin/weircon-netns-down # 5. systemd units install -Dm644 "$SCRIPT_DIR/weircon-proxies.target" /etc/systemd/system/weircon-proxies.target install -Dm644 "$SCRIPT_DIR/weircon-proxy@.service" /etc/systemd/system/weircon-proxy@.service install -Dm644 "$SCRIPT_DIR/weircon-fetch.service" /etc/systemd/system/weircon-fetch.service # 6. Config-dir + default env mkdir -p /etc/weircon-random-proxy/wg chmod 700 /etc/weircon-random-proxy/wg if [[ ! -f /etc/weircon-random-proxy/fetch.env ]]; then install -m640 "$SCRIPT_DIR/fetch.env.example" /etc/weircon-random-proxy/fetch.env fi systemctl daemon-reload # 7. Tjek at WG-configs er på plads missing=0 for i in 0 1 2 3 4 5 6 7 8 9; do if [[ ! -f /etc/weircon-random-proxy/wg/proxy${i}.conf ]]; then echo "WARN: /etc/weircon-random-proxy/wg/proxy${i}.conf mangler" missing=1 fi done cat <