Asger Weirsøe
3f170293f5
release / release (push) Successful in 1m19s
Keep the N always-on tunnel slots fixed but let each slot's WireGuard config
rotate through a larger pool, so a 10-concurrent provider cap (e.g. Proton) can
still cycle 50-100 profiles.
- lxc/rotate.sh + weircon-rotate.{service,timer}: round-robin one slot at a
time through wg-pool/, repointing a symlink and restarting only that slot.
- service: proxyManager tracks per-slot in-flight + drain/undrain state; a
localhost admin server (WEIRCON_ADMIN_LISTEN) lets rotate.sh drain a slot
before teardown and warm it back in after, so no request is routed to a
tunnel mid-rotation. Slots self-heal if undrain never arrives.
- GET /status: poll-friendly JSON of per-slot egress IP/state plus inferred
next-rotation slot + ETA, fed by a background egress-IP prober.
- docs + env examples for all new knobs.
121 lines
4.2 KiB
Bash
121 lines
4.2 KiB
Bash
#!/bin/bash
|
|
# Køres som root inde i LXC'en. Idempotent.
|
|
set -euo pipefail
|
|
|
|
if [[ "$EUID" -ne 0 ]]; then
|
|
echo "must be run as root" >&2
|
|
exit 1
|
|
fi
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
|
|
# 1. APT deps
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends \
|
|
wireguard-tools \
|
|
iproute2 \
|
|
iptables \
|
|
ca-certificates \
|
|
git \
|
|
build-essential \
|
|
procps
|
|
|
|
# 2. Build + install microsocks (lille, ingen runtime deps)
|
|
if ! command -v microsocks >/dev/null 2>&1; then
|
|
tmp=$(mktemp -d)
|
|
git clone --depth=1 https://github.com/rofl0r/microsocks.git "$tmp"
|
|
make -C "$tmp"
|
|
install -Dm755 "$tmp/microsocks" /usr/local/bin/microsocks
|
|
rm -rf "$tmp"
|
|
fi
|
|
|
|
# 3. Install fetch-service binary.
|
|
# Forventes pushet/lagt på plads af brugeren før dette script køres
|
|
# (enten via `pct push` fra Proxmox-hosten, eller lokalt med `cp`).
|
|
BIN=/usr/local/bin/weircon-random-proxy
|
|
if [[ ! -f "$BIN" ]]; then
|
|
cat >&2 <<EOF
|
|
ERR: $BIN mangler.
|
|
|
|
Læg binæren på plads med én af:
|
|
- fra Proxmox-host: pct push <ctid> ./weircon-random-proxy $BIN --perms 0755
|
|
- fra inde i LXC: cp /path/to/weircon-random-proxy $BIN
|
|
chmod +x $BIN
|
|
- download release: curl -fLo $BIN https://<gitea>/<owner>/weircon-random-proxy/releases/download/<tag>/weircon-random-proxy
|
|
chmod +x $BIN
|
|
|
|
Kør derefter setup-container.sh igen.
|
|
EOF
|
|
exit 1
|
|
fi
|
|
chmod +x "$BIN"
|
|
|
|
# 4. Helper-scripts
|
|
install -Dm755 "$SCRIPT_DIR/netns-up.sh" /usr/local/sbin/weircon-netns-up
|
|
install -Dm755 "$SCRIPT_DIR/netns-down.sh" /usr/local/sbin/weircon-netns-down
|
|
install -Dm755 "$SCRIPT_DIR/rotate.sh" /usr/local/sbin/weircon-rotate
|
|
|
|
# 5. systemd units
|
|
install -Dm644 "$SCRIPT_DIR/weircon-proxies.target" /etc/systemd/system/weircon-proxies.target
|
|
install -Dm644 "$SCRIPT_DIR/weircon-proxy@.service" /etc/systemd/system/weircon-proxy@.service
|
|
install -Dm644 "$SCRIPT_DIR/weircon-fetch.service" /etc/systemd/system/weircon-fetch.service
|
|
install -Dm644 "$SCRIPT_DIR/weircon-rotate.service" /etc/systemd/system/weircon-rotate.service
|
|
install -Dm644 "$SCRIPT_DIR/weircon-rotate.timer" /etc/systemd/system/weircon-rotate.timer
|
|
|
|
# 6. Config-dir + default env
|
|
# wg/ = aktive slot-configs (proxy0.conf..proxyN.conf, evt. symlinks)
|
|
# wg-pool/ = valgfri pulje af ekstra configs som rotationen cykler igennem
|
|
mkdir -p /etc/weircon-random-proxy/wg /etc/weircon-random-proxy/wg-pool
|
|
chmod 700 /etc/weircon-random-proxy/wg /etc/weircon-random-proxy/wg-pool
|
|
if [[ ! -f /etc/weircon-random-proxy/fetch.env ]]; then
|
|
install -m640 "$SCRIPT_DIR/fetch.env.example" /etc/weircon-random-proxy/fetch.env
|
|
fi
|
|
if [[ ! -f /etc/weircon-random-proxy/rotate.env ]]; then
|
|
install -m640 "$SCRIPT_DIR/rotate.env.example" /etc/weircon-random-proxy/rotate.env
|
|
fi
|
|
|
|
systemctl daemon-reload
|
|
|
|
# 7. Tjek at WG-configs er på plads
|
|
missing=0
|
|
for i in 0 1 2 3 4 5 6 7 8 9; do
|
|
if [[ ! -f /etc/weircon-random-proxy/wg/proxy${i}.conf ]]; then
|
|
echo "WARN: /etc/weircon-random-proxy/wg/proxy${i}.conf mangler"
|
|
missing=1
|
|
fi
|
|
done
|
|
|
|
cat <<EOF
|
|
|
|
Setup done.
|
|
|
|
Configs til stede: $([[ $missing -eq 0 ]] && echo "alle 10 OK" || echo "MANGLER — push dem ind før du starter")
|
|
|
|
Start stakken:
|
|
systemctl enable --now weircon-proxies.target
|
|
systemctl enable --now weircon-proxy@{0..9}.service
|
|
systemctl enable --now weircon-fetch.service
|
|
|
|
(Valgfrit) Roter over en STØRRE pulje af configs end de 10 slots:
|
|
# læg fx 50-100 configs i puljen
|
|
cp proton-*.conf /etc/weircon-random-proxy/wg-pool/
|
|
# seed de 10 aktive slots som symlinks ind i puljen
|
|
weircon-rotate init
|
|
systemctl restart weircon-proxy@{0..9}.service
|
|
# roter automatisk én slot ad gangen (interval i weircon-rotate.timer)
|
|
systemctl enable --now weircon-rotate.timer
|
|
# juster intervallet: systemctl edit weircon-rotate.timer (default 5min)
|
|
|
|
Verificér:
|
|
systemctl status 'weircon-proxy@*'
|
|
curl http://127.0.0.1:8080/health
|
|
curl -H 'X-Weircon-Random-Ip-Redirect: https://api.ipify.org' http://127.0.0.1:8080/
|
|
|
|
Egress-IP tjek (skal vise N distinkte upstream-IPs):
|
|
for i in 0 1 2 3 4 5 6 7 8 9; do
|
|
curl -sS -H "X-Weircon-Proxy-Id: \$i" -H "X-Weircon-Random-Ip-Redirect: https://api.ipify.org" http://127.0.0.1:8080/
|
|
echo " ← proxy\$i"
|
|
done
|
|
EOF
|