jeka/ansible-openwrt-hirkn
1
0
Fork 0
mirror of https://github.com/itdoginfo/ansible-openwrt-hirkn.git synced 2026-01-01 20:33:36 +05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: jeka:0.1.5
Branches Tags
jeka:master jeka:role
jeka:0.1.10 jeka:0.1.9 jeka:0.1.8 jeka:0.1.7 jeka:0.1.6 jeka:0.1.5 jeka:0.1.4 jeka:0.1.3 jeka:0.1.2 jeka:0.1.1 jeka:0.1
...
compare: jeka:2e0dc3b79e4137a1b2f9087b688d1d360e290037
Branches Tags
jeka:master jeka:role
jeka:0.1.10 jeka:0.1.9 jeka:0.1.8 jeka:0.1.7 jeka:0.1.6 jeka:0.1.5 jeka:0.1.4 jeka:0.1.3 jeka:0.1.2 jeka:0.1.1 jeka:0.1

6 Commits
0.1.5 ... 2e0dc3b79e

Author SHA1 Message Date
Morozov Dmitriy
2e0dc3b79e Merge fb91e5c9f5 into 20262f21db 2024-07-30 23:39:08 +03:00
itdoginfo
20262f21db Added internal wg logic 2024-07-28 17:09:58 +03:00
Morozov Dmitriy
fb91e5c9f5 added sleep in getdomains 2024-06-04 16:26:16 +03:00
Morozov Dmitriy
5625c795ba ограничение количества попыток скачки списка доменов 2024-06-03 14:53:47 +03:00
itdoginfo
aae9c50f10 Fix examples 2024-05-06 14:05:03 +03:00
itdoginfo
db0d06408a Fix order 2024-05-06 13:48:30 +03:00
5 changed files with 218 additions and 28 deletions
Expand all files Collapse all files

14
README.EN.md
View File

@@ -69,7 +69,7 @@ Wireguard, only domains, stubby, Russia, acces from wg network, host 192.168.1.1
remote_user: root remote_user: root
roles: roles:
- domain-routing-openwrt - itdoginfo.domain_routing_openwrt
vars: vars:
tunnel: wg tunnel: wg
@@ -93,12 +93,22 @@ Sing-box, stubby, Russia
remote_user: root remote_user: root
roles: roles:
- domain-routing-openwrt - itdoginfo.domain_routing_openwrt
vars: vars:
tunnel: singbox tunnel: singbox
dns_encrypt: stubby dns_encrypt: stubby
country: russia-inside country: russia-inside
tasks:
- name: sing-box config
template:
src: "templates/openwrt-sing-box-json.j2"
dest: "/etc/sing-box/config.json"
mode: 0644
notify:
- Restart sing-box
- Restart network
``` ```
License License

10
README.md
View File

@@ -81,6 +81,16 @@ Sing-box, stubby, Russia
tunnel: singbox tunnel: singbox
dns_encrypt: stubby dns_encrypt: stubby
country: russia-inside country: russia-inside
tasks:
- name: sing-box config
template:
src: "templates/openwrt-sing-box-json.j2"
dest: "/etc/sing-box/config.json"
mode: 0644
notify:
- Restart sing-box
- Restart network
``` ```
В inventory файле роутер обязательно должен быть в группе `[openwrt]` В inventory файле роутер обязательно должен быть в группе `[openwrt]`

196
getdomains-install.sh
View File

@@ -26,7 +26,7 @@ EOF
add_mark() { add_mark() {
grep -q "99 vpn" /etc/iproute2/rt_tables || echo '99 vpn' >> /etc/iproute2/rt_tables grep -q "99 vpn" /etc/iproute2/rt_tables || echo '99 vpn' >> /etc/iproute2/rt_tables
if ! uci show network | grep -q mark0x1; then if ! uci show network | grep -q mark0x1; then
printf "\033[32;1mConfigure mark rule\033[0m\n" printf "\033[32;1mConfigure mark rule\033[0m\n"
uci add network rule uci add network rule
@@ -45,13 +45,14 @@ add_tunnel() {
echo "2) OpenVPN" echo "2) OpenVPN"
echo "3) Sing-box" echo "3) Sing-box"
echo "4) tun2socks" echo "4) tun2socks"
echo "5) Skip this step" echo "5) wgForYoutube"
echo "6) Skip this step"
while true; do while true; do
read -r -p '' TUNNEL read -r -p '' TUNNEL
case $TUNNEL in case $TUNNEL in
1) 1)
TUNNEL=wg TUNNEL=wg
break break
;; ;;
@@ -61,17 +62,22 @@ add_tunnel() {
break break
;; ;;
3) 3)
TUNNEL=singbox TUNNEL=singbox
break break
;; ;;
4) 4)
TUNNEL=tun2socks TUNNEL=tun2socks
break break
;; ;;
5) 5)
TUNNEL=wgForYoutube
break
;;
6)
echo "Skip" echo "Skip"
TUNNEL=0 TUNNEL=0
break break
@@ -114,7 +120,7 @@ add_tunnel() {
if [ "$WG_ENDPOINT_PORT" = '51820' ]; then if [ "$WG_ENDPOINT_PORT" = '51820' ]; then
echo $WG_ENDPOINT_PORT echo $WG_ENDPOINT_PORT
fi fi
uci set network.wg0=interface uci set network.wg0=interface
uci set network.wg0.proto='wireguard' uci set network.wg0.proto='wireguard'
uci set network.wg0.private_key=$WG_PRIVATE_KEY uci set network.wg0.private_key=$WG_PRIVATE_KEY
@@ -182,7 +188,7 @@ cat << 'EOF' > /etc/sing-box/config.json
"inet4_address": "172.16.250.1/30", "inet4_address": "172.16.250.1/30",
"auto_route": false, "auto_route": false,
"strict_route": false, "strict_route": false,
"sniff": true "sniff": true
} }
], ],
"outbounds": [ "outbounds": [
@@ -207,6 +213,11 @@ EOF
printf "\033[32;1mConfigure route for Sing-box\033[0m\n" printf "\033[32;1mConfigure route for Sing-box\033[0m\n"
route_vpn route_vpn
fi fi
if [ "$TUNNEL" == 'wgForYoutube' ]; then
add_internal_wg
fi
} }
dnsmasqfull() { dnsmasqfull() {
@@ -275,7 +286,7 @@ add_zone() {
uci set firewall.@zone[-1].family='ipv4' uci set firewall.@zone[-1].family='ipv4'
uci commit firewall uci commit firewall
fi fi
if [ "$TUNNEL" == 0 ]; then if [ "$TUNNEL" == 0 ]; then
printf "\033[32;1mForwarding setting skipped\033[0m\n" printf "\033[32;1mForwarding setting skipped\033[0m\n"
elif uci show firewall | grep -q "@forwarding.*name='$TUNNEL-lan'"; then elif uci show firewall | grep -q "@forwarding.*name='$TUNNEL-lan'"; then
@@ -354,7 +365,7 @@ add_set() {
add_dns_resolver() { add_dns_resolver() {
echo "Configure DNSCrypt2 or Stubby? It does matter if your ISP is spoofing DNS requests" echo "Configure DNSCrypt2 or Stubby? It does matter if your ISP is spoofing DNS requests"
DISK=$(df -m / | awk 'NR==2{ print $2 }') DISK=$(df -m / | awk 'NR==2{ print $2 }')
if [[ "$DISK" -lt 32 ]]; then if [[ "$DISK" -lt 32 ]]; then
printf "\033[31;1mYour router a disk have less than 32MB. It is not recommended to install DNSCrypt, it takes 10MB\033[0m\n" printf "\033[31;1mYour router a disk have less than 32MB. It is not recommended to install DNSCrypt, it takes 10MB\033[0m\n"
fi fi
echo "Select:" echo "Select:"
@@ -364,9 +375,9 @@ add_dns_resolver() {
while true; do while true; do
read -r -p '' DNS_RESOLVER read -r -p '' DNS_RESOLVER
case $DNS_RESOLVER in case $DNS_RESOLVER in
1) 1)
echo "Skiped" echo "Skiped"
break break
;; ;;
@@ -376,7 +387,7 @@ add_dns_resolver() {
break break
;; ;;
3) 3)
DNS_RESOLVER=STUBBY DNS_RESOLVER=STUBBY
break break
;; ;;
@@ -408,7 +419,7 @@ add_dns_resolver() {
uci add_list dhcp.@dnsmasq[0].server="127.0.0.53#53" uci add_list dhcp.@dnsmasq[0].server="127.0.0.53#53"
uci add_list dhcp.@dnsmasq[0].server='/use-application-dns.net/' uci add_list dhcp.@dnsmasq[0].server='/use-application-dns.net/'
uci commit dhcp uci commit dhcp
printf "\033[32;1mDnsmasq restart\033[0m\n" printf "\033[32;1mDnsmasq restart\033[0m\n"
/etc/init.d/dnsmasq restart /etc/init.d/dnsmasq restart
@@ -468,9 +479,9 @@ add_getdomains() {
while true; do while true; do
read -r -p '' COUNTRY read -r -p '' COUNTRY
case $COUNTRY in case $COUNTRY in
1) 1)
COUNTRY=russia_inside COUNTRY=russia_inside
break break
;; ;;
@@ -480,12 +491,12 @@ add_getdomains() {
break break
;; ;;
3) 3)
COUNTRY=ukraine COUNTRY=ukraine
break break
;; ;;
4) 4)
echo "Skiped" echo "Skiped"
COUNTRY=0 COUNTRY=0
break break
@@ -518,13 +529,19 @@ start () {
EOF EOF
cat << 'EOF' >> /etc/init.d/getdomains cat << 'EOF' >> /etc/init.d/getdomains
count=0 count=0
maxCount=10
while true; do while true; do
if [ ${count} -eq ${maxCount} ]; then
echo "Break on ${maxCount} attempt"
break
fi
if curl -m 3 github.com; then if curl -m 3 github.com; then
curl -f $DOMAINS --output /tmp/dnsmasq.d/domains.lst curl -f $DOMAINS --output /tmp/dnsmasq.d/domains.lst
break break
else else
echo "GitHub is not available. Check the internet availability [$count]" echo "GitHub is not available. Check the internet availability [$count]"
count=$((count+1)) count=$((count+1))
sleep 5
fi fi
done done
@@ -552,6 +569,147 @@ EOF
fi fi
} }
add_internal_wg() {
printf "\033[32;1mConfigure WireGuard\033[0m\n"
if opkg list-installed | grep -q wireguard-tools; then
echo "Wireguard already installed"
else
echo "Installed wg..."
opkg install wireguard-tools
fi
read -r -p "Enter the private key (from [Interface]):"$'\n' WG_PRIVATE_KEY_INT
while true; do
read -r -p "Enter internal IP address with subnet, example 192.168.100.5/24 (from [Interface]):"$'\n' WG_IP
if echo "$WG_IP" | egrep -oq '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+$'; then
break
else
echo "This IP is not valid. Please repeat"
fi
done
read -r -p "Enter the public key (from [Peer]):"$'\n' WG_PUBLIC_KEY_INT
read -r -p "If use PresharedKey, Enter this (from [Peer]). If your don't use leave blank:"$'\n' WG_PRESHARED_KEY_INT
read -r -p "Enter Endpoint host without port (Domain or IP) (from [Peer]):"$'\n' WG_ENDPOINT_INT
read -r -p "Enter Endpoint host port (from [Peer]) [51820]:"$'\n' WG_ENDPOINT_PORT_INT
WG_ENDPOINT_PORT_INT=${WG_ENDPOINT_PORT_INT:-51820}
if [ "$WG_ENDPOINT_PORT_INT" = '51820' ]; then
echo $WG_ENDPOINT_PORT_INT
fi
uci set network.wg1=interface
uci set network.wg1.proto='wireguard'
uci set network.wg1.private_key=$WG_PRIVATE_KEY_INT
uci set network.wg1.listen_port='51820'
uci set network.wg1.addresses=$WG_IP
if ! uci show network | grep -q wireguard_wg1; then
uci add network wireguard_wg1
fi
uci set network.@wireguard_wg1[0]=wireguard_wg1
uci set network.@wireguard_wg1[0].name='wg1_client'
uci set network.@wireguard_wg1[0].public_key=$WG_PUBLIC_KEY_INT
uci set network.@wireguard_wg1[0].preshared_key=$WG_PRESHARED_KEY_INT
uci set network.@wireguard_wg1[0].route_allowed_ips='0'
uci set network.@wireguard_wg1[0].persistent_keepalive='25'
uci set network.@wireguard_wg1[0].endpoint_host=$WG_ENDPOINT_INT
uci set network.@wireguard_wg1[0].allowed_ips='0.0.0.0/0'
uci set network.@wireguard_wg1[0].endpoint_port=$WG_ENDPOINT_PORT_INT
uci commit network
grep -q "110 vpninternal" /etc/iproute2/rt_tables || echo '110 vpninternal' >> /etc/iproute2/rt_tables
if ! uci show network | grep -q mark0x2; then
printf "\033[32;1mConfigure mark rule\033[0m\n"
uci add network rule
uci set network.@rule[-1].name='mark0x2'
uci set network.@rule[-1].mark='0x2'
uci set network.@rule[-1].priority='110'
uci set network.@rule[-1].lookup='vpninternal'
uci commit
fi
if ! uci show network | grep -q vpn_route_internal; then
printf "\033[32;1mAdd route\033[0m\n"
uci set network.vpn_route_internal=route
uci set network.vpn_route_internal.name='vpninternal'
uci set network.vpn_route_internal.interface='wg1'
uci set network.vpn_route_internal.table='vpninternal'
uci set network.vpn_route_internal.target='0.0.0.0/0'
uci commit network
fi
if ! uci show firewall | grep -q "@zone.*name='wg_internal'"; then
printf "\033[32;1mZone Create\033[0m\n"
uci add firewall zone
uci set firewall.@zone[-1].name="wg_internal"
uci set firewall.@zone[-1].network='wg1'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci set firewall.@zone[-1].family='ipv4'
uci commit firewall
fi
if ! uci show firewall | grep -q "@forwarding.*name='wg_internal'"; then
printf "\033[32;1mConfigured forwarding\033[0m\n"
uci add firewall forwarding
uci set firewall.@forwarding[-1]=forwarding
uci set firewall.@forwarding[-1].name="wg_internal-lan"
uci set firewall.@forwarding[-1].dest="wg_internal"
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].family='ipv4'
uci commit firewall
fi
if uci show firewall | grep -q "@ipset.*name='vpn_domains_internal'"; then
printf "\033[32;1mSet already exist\033[0m\n"
else
printf "\033[32;1mCreate set\033[0m\n"
uci add firewall ipset
uci set firewall.@ipset[-1].name='vpn_domains_internal'
uci set firewall.@ipset[-1].match='dst_net'
uci commit firewall
fi
if uci show firewall | grep -q "@rule.*name='mark_domains_intenal'"; then
printf "\033[32;1mRule for set already exist\033[0m\n"
else
printf "\033[32;1mCreate rule set\033[0m\n"
uci add firewall rule
uci set firewall.@rule[-1]=rule
uci set firewall.@rule[-1].name='mark_domains_intenal'
uci set firewall.@rule[-1].src='lan'
uci set firewall.@rule[-1].dest='*'
uci set firewall.@rule[-1].proto='all'
uci set firewall.@rule[-1].ipset='vpn_domains_internal'
uci set firewall.@rule[-1].set_mark='0x2'
uci set firewall.@rule[-1].target='MARK'
uci set firewall.@rule[-1].family='ipv4'
uci commit firewall
fi
if uci show dhcp | grep -q "@ipset.*name='vpn_domains_internal'"; then
printf "\033[32;1mDomain on vpn_domains_internal already exist\033[0m\n"
else
printf "\033[32;1mCreate domain for vpn_domains_internal\033[0m\n"
uci add dhcp ipset
uci add_list dhcp.@ipset[-1].name='vpn_domains_internal'
uci add_list dhcp.@ipset[-1].domain='googlevideo.com'
uci add_list dhcp.@ipset[-1].domain='yt3.ggpht.com'
uci commit dhcp
fi
service dnsmasq restart
service network restart
exit 0
}
# System Details # System Details
MODEL=$(grep machine /proc/cpuinfo | cut -d ':' -f 2) MODEL=$(grep machine /proc/cpuinfo | cut -d ':' -f 2)
RELEASE=$(grep OPENWRT_RELEASE /etc/os-release | awk -F '"' '{print $2}') RELEASE=$(grep OPENWRT_RELEASE /etc/os-release | awk -F '"' '{print $2}')

10
handlers/main.yml
View File

@@ -1,4 +1,9 @@
--- ---
- name: Restart sing-box
service:
name: sing-box
state: restarted
- name: Restart network - name: Restart network
service: service:
name: network name: network
@@ -23,9 +28,4 @@
- name: Restart dnsmasq - name: Restart dnsmasq
service: service:
name: dnsmasq name: dnsmasq
state: restarted
- name: Restart sing-box
service:
name: sing-box
state: restarted state: restarted

16
templates/openwrt-getdomains.j2
View File

@@ -22,13 +22,19 @@ start () {
DOMAINS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Ukraine/inside-dnsmasq-ipset.lst DOMAINS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Ukraine/inside-dnsmasq-ipset.lst
{% endif %} {% endif %}
count=0 count=0
maxCount=10
while true; do while true; do
if [ ${count} -eq ${maxCount} ]; then
echo "Break on ${maxCount} attempt"
break
fi
if curl -m 3 github.com; then if curl -m 3 github.com; then
curl -f $DOMAINS --output /tmp/dnsmasq.d/domains.lst curl -f $DOMAINS --output /tmp/dnsmasq.d/domains.lst
break break
else else
echo "GitHub is not available. Check the internet availability [$count]" echo "GitHub is not available. Check the internet availability [$count]"
count=$((count+1)) count=$((count+1))
sleep 5
fi fi
done done
@@ -46,7 +52,12 @@ start () {
mkdir -p $dir mkdir -p $dir
count=0 count=0
maxCount=10
while true; do while true; do
if [ ${count} -eq ${maxCount} ]; then
echo "Break on ${maxCount} attempt"
break
fi
if curl -m 3 https://antifilter.download/; then if curl -m 3 https://antifilter.download/; then
{% if list_subnet %} {% if list_subnet %}
curl -f -z $dir/subnet.lst https://antifilter.download/list/subnet.lst --output $dir/subnet.lst curl -f -z $dir/subnet.lst https://antifilter.download/list/subnet.lst --output $dir/subnet.lst
@@ -56,15 +67,16 @@ start () {
{% endif %} {% endif %}
{% if list_community %} {% if list_community %}
curl -f -z $dir/community.lst https://community.antifilter.download/list/community.lst --output $dir/community.lst curl -f -z $dir/community.lst https://community.antifilter.download/list/community.lst --output $dir/community.lst
{% endif %} {% endif %}
break break
else else
echo "antifilter.download is not available. Check the internet availability [$count]" echo "antifilter.download is not available. Check the internet availability [$count]"
count=$((count+1)) count=$((count+1))
sleep 5
fi fi
done done
echo "Firewall restart" echo "Firewall restart"
/etc/init.d/firewall restart /etc/init.d/firewall restart
{% endif %} {% endif %}
} }