jeka/ansible-openwrt-hirkn
1
0
Fork 0
mirror of https://github.com/itdoginfo/ansible-openwrt-hirkn.git synced 2025-12-24 16:13:35 +05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: jeka:role
Branches Tags
jeka:master jeka:role
jeka:0.1.10 jeka:0.1.9 jeka:0.1.8 jeka:0.1.7 jeka:0.1.6 jeka:0.1.5 jeka:0.1.4 jeka:0.1.3 jeka:0.1.2 jeka:0.1.1 jeka:0.1
...
compare: jeka:f7e31459b068e216ec1000a901e24c1a9a88ce57
Branches Tags
jeka:master jeka:role
jeka:0.1.10 jeka:0.1.9 jeka:0.1.8 jeka:0.1.7 jeka:0.1.6 jeka:0.1.5 jeka:0.1.4 jeka:0.1.3 jeka:0.1.2 jeka:0.1.1 jeka:0.1

10 Commits
role ... f7e31459b0

Author SHA1 Message Date
Morozov Dmitriy
f7e31459b0 Merge fb91e5c9f5 into aae9c50f10 2024-06-04 13:26:36 +00:00
Morozov Dmitriy
fb91e5c9f5 added sleep in getdomains 2024-06-04 16:26:16 +03:00
Morozov Dmitriy
5625c795ba ограничение количества попыток скачки списка доменов 2024-06-03 14:53:47 +03:00
itdoginfo
aae9c50f10 Fix examples 2024-05-06 14:05:03 +03:00
itdoginfo
db0d06408a Fix order 2024-05-06 13:48:30 +03:00
itdoginfo
b5b6a7ad5f Added sing-box handler 2024-05-05 19:25:13 +03:00
itdoginfo
3fdf04518f Fix 2024-04-18 17:24:24 +03:00
itdoginfo
5f015d069f Fixed workflow 2024-04-18 17:21:38 +03:00
itdoginfo
76fcd4860f Several fixes 2024-04-18 17:14:35 +03:00
itdoginfo
96c8ceee44 Merge pull request #9 from itdoginfo/role 
Conversion to a role
 2024-04-18 16:59:35 +03:00
7 changed files with 68 additions and 27 deletions
Expand all files Collapse all files

1
.github/workflows/public-galaxy.yml vendored
View File

@@ -2,7 +2,6 @@ name: Public to Ansible Galaxy
on: on:
push: push:
branches: [ "master" ]
tags: tags:
- '*' - '*'

14
README.EN.md
View File

@@ -69,7 +69,7 @@ Wireguard, only domains, stubby, Russia, acces from wg network, host 192.168.1.1
remote_user: root remote_user: root
roles: roles:
- domain-routing-openwrt - itdoginfo.domain_routing_openwrt
vars: vars:
tunnel: wg tunnel: wg
@@ -93,12 +93,22 @@ Sing-box, stubby, Russia
remote_user: root remote_user: root
roles: roles:
- domain-routing-openwrt - itdoginfo.domain_routing_openwrt
vars: vars:
tunnel: singbox tunnel: singbox
dns_encrypt: stubby dns_encrypt: stubby
country: russia-inside country: russia-inside
tasks:
- name: sing-box config
template:
src: "templates/openwrt-sing-box-json.j2"
dest: "/etc/sing-box/config.json"
mode: 0644
notify:
- Restart sing-box
- Restart network
``` ```
License License

17
README.md
View File

@@ -1,7 +1,7 @@
[English role README](https://github.com/itdoginfo/domain-routing-openwrt/blob/master/README.EN.md) [English role README](https://github.com/itdoginfo/domain-routing-openwrt/blob/master/README.EN.md)
# Описание # Описание
Shell скрипт и playbook для Ansible. Автоматизируют настройку роутера на OpenWrt для роутинга по доменам и спискам IP-адресов. Shell скрипт и [роль для Ansible](https://galaxy.ansible.com/ui/standalone/roles/itdoginfo/domain_routing_openwrt). Автоматизируют настройку роутера на OpenWrt для роутинга по доменам и спискам IP-адресов.
Полное описание происходящего: Полное описание происходящего:
- [Статья на хабре](https://habr.com/ru/articles/767464/) - [Статья на хабре](https://habr.com/ru/articles/767464/)
@@ -44,7 +44,7 @@ ansible-galaxy role install itdoginfo.domain_routing_openwrt
Примеры playbooks Примеры playbooks
Wireguard, only domains, stubby, Russia, acces from wg network (примерное значение 192.168.80.0/24), host 192.168.1.1 Wireguard, only domains, stubby, Russia, acces from wg network (пример 192.168.80.0/24), host 192.168.1.1
``` ```
- hosts: 192.168.1.1 - hosts: 192.168.1.1
remote_user: root remote_user: root
@@ -81,6 +81,16 @@ Sing-box, stubby, Russia
tunnel: singbox tunnel: singbox
dns_encrypt: stubby dns_encrypt: stubby
country: russia-inside country: russia-inside
tasks:
- name: sing-box config
template:
src: "templates/openwrt-sing-box-json.j2"
dest: "/etc/sing-box/config.json"
mode: 0644
notify:
- Restart sing-box
- Restart network
``` ```
В inventory файле роутер обязательно должен быть в группе `[openwrt]` В inventory файле роутер обязательно должен быть в группе `[openwrt]`
@@ -183,8 +193,7 @@ service getdomains start
[Инструкция для OpenWrt 21.02](https://t.me/itdoginfo/8) [Инструкция для OpenWrt 21.02](https://t.me/itdoginfo/8)
## Текстовый редактор nano ## Текстовый редактор nano
Устанавливается по умолчанию Устанавливается по умолчанию. Можно выключить
Можно выключить
``` ```
nano: false nano: false
``` ```

2
getdomains-check.sh
View File

@@ -134,7 +134,7 @@ if [ "$WG" == true ]; then
if [ $ROUTE_TABLE -eq 1 ]; then if [ $ROUTE_TABLE -eq 1 ]; then
checkpoint_true "Route table WG" checkpoint_true "Route table WG"
else else
checkpoint_false "Route table VPN" checkpoint_false "Route table WG"
echo "Details: https://cli.co/Atxr6U3" echo "Details: https://cli.co/Atxr6U3"
fi fi
fi fi

40
getdomains-install.sh
View File

@@ -26,7 +26,7 @@ EOF
add_mark() { add_mark() {
grep -q "99 vpn" /etc/iproute2/rt_tables || echo '99 vpn' >> /etc/iproute2/rt_tables grep -q "99 vpn" /etc/iproute2/rt_tables || echo '99 vpn' >> /etc/iproute2/rt_tables
if ! uci show network | grep -q mark0x1; then if ! uci show network | grep -q mark0x1; then
printf "\033[32;1mConfigure mark rule\033[0m\n" printf "\033[32;1mConfigure mark rule\033[0m\n"
uci add network rule uci add network rule
@@ -49,9 +49,9 @@ add_tunnel() {
while true; do while true; do
read -r -p '' TUNNEL read -r -p '' TUNNEL
case $TUNNEL in case $TUNNEL in
1) 1)
TUNNEL=wg TUNNEL=wg
break break
;; ;;
@@ -61,12 +61,12 @@ add_tunnel() {
break break
;; ;;
3) 3)
TUNNEL=singbox TUNNEL=singbox
break break
;; ;;
4) 4)
TUNNEL=tun2socks TUNNEL=tun2socks
break break
;; ;;
@@ -114,7 +114,7 @@ add_tunnel() {
if [ "$WG_ENDPOINT_PORT" = '51820' ]; then if [ "$WG_ENDPOINT_PORT" = '51820' ]; then
echo $WG_ENDPOINT_PORT echo $WG_ENDPOINT_PORT
fi fi
uci set network.wg0=interface uci set network.wg0=interface
uci set network.wg0.proto='wireguard' uci set network.wg0.proto='wireguard'
uci set network.wg0.private_key=$WG_PRIVATE_KEY uci set network.wg0.private_key=$WG_PRIVATE_KEY
@@ -182,7 +182,7 @@ cat << 'EOF' > /etc/sing-box/config.json
"inet4_address": "172.16.250.1/30", "inet4_address": "172.16.250.1/30",
"auto_route": false, "auto_route": false,
"strict_route": false, "strict_route": false,
"sniff": true "sniff": true
} }
], ],
"outbounds": [ "outbounds": [
@@ -275,7 +275,7 @@ add_zone() {
uci set firewall.@zone[-1].family='ipv4' uci set firewall.@zone[-1].family='ipv4'
uci commit firewall uci commit firewall
fi fi
if [ "$TUNNEL" == 0 ]; then if [ "$TUNNEL" == 0 ]; then
printf "\033[32;1mForwarding setting skipped\033[0m\n" printf "\033[32;1mForwarding setting skipped\033[0m\n"
elif uci show firewall | grep -q "@forwarding.*name='$TUNNEL-lan'"; then elif uci show firewall | grep -q "@forwarding.*name='$TUNNEL-lan'"; then
@@ -354,7 +354,7 @@ add_set() {
add_dns_resolver() { add_dns_resolver() {
echo "Configure DNSCrypt2 or Stubby? It does matter if your ISP is spoofing DNS requests" echo "Configure DNSCrypt2 or Stubby? It does matter if your ISP is spoofing DNS requests"
DISK=$(df -m / | awk 'NR==2{ print $2 }') DISK=$(df -m / | awk 'NR==2{ print $2 }')
if [[ "$DISK" -lt 32 ]]; then if [[ "$DISK" -lt 32 ]]; then
printf "\033[31;1mYour router a disk have less than 32MB. It is not recommended to install DNSCrypt, it takes 10MB\033[0m\n" printf "\033[31;1mYour router a disk have less than 32MB. It is not recommended to install DNSCrypt, it takes 10MB\033[0m\n"
fi fi
echo "Select:" echo "Select:"
@@ -364,9 +364,9 @@ add_dns_resolver() {
while true; do while true; do
read -r -p '' DNS_RESOLVER read -r -p '' DNS_RESOLVER
case $DNS_RESOLVER in case $DNS_RESOLVER in
1) 1)
echo "Skiped" echo "Skiped"
break break
;; ;;
@@ -376,7 +376,7 @@ add_dns_resolver() {
break break
;; ;;
3) 3)
DNS_RESOLVER=STUBBY DNS_RESOLVER=STUBBY
break break
;; ;;
@@ -408,7 +408,7 @@ add_dns_resolver() {
uci add_list dhcp.@dnsmasq[0].server="127.0.0.53#53" uci add_list dhcp.@dnsmasq[0].server="127.0.0.53#53"
uci add_list dhcp.@dnsmasq[0].server='/use-application-dns.net/' uci add_list dhcp.@dnsmasq[0].server='/use-application-dns.net/'
uci commit dhcp uci commit dhcp
printf "\033[32;1mDnsmasq restart\033[0m\n" printf "\033[32;1mDnsmasq restart\033[0m\n"
/etc/init.d/dnsmasq restart /etc/init.d/dnsmasq restart
@@ -468,9 +468,9 @@ add_getdomains() {
while true; do while true; do
read -r -p '' COUNTRY read -r -p '' COUNTRY
case $COUNTRY in case $COUNTRY in
1) 1)
COUNTRY=russia_inside COUNTRY=russia_inside
break break
;; ;;
@@ -480,12 +480,12 @@ add_getdomains() {
break break
;; ;;
3) 3)
COUNTRY=ukraine COUNTRY=ukraine
break break
;; ;;
4) 4)
echo "Skiped" echo "Skiped"
COUNTRY=0 COUNTRY=0
break break
@@ -518,13 +518,19 @@ start () {
EOF EOF
cat << 'EOF' >> /etc/init.d/getdomains cat << 'EOF' >> /etc/init.d/getdomains
count=0 count=0
maxCount=10
while true; do while true; do
if [ ${count} -eq ${maxCount} ]; then
echo "Break on ${maxCount} attempt"
break
fi
if curl -m 3 github.com; then if curl -m 3 github.com; then
curl -f $DOMAINS --output /tmp/dnsmasq.d/domains.lst curl -f $DOMAINS --output /tmp/dnsmasq.d/domains.lst
break break
else else
echo "GitHub is not available. Check the internet availability [$count]" echo "GitHub is not available. Check the internet availability [$count]"
count=$((count+1)) count=$((count+1))
sleep 5
fi fi
done done

5
handlers/main.yml
View File

@@ -1,4 +1,9 @@
--- ---
- name: Restart sing-box
service:
name: sing-box
state: restarted
- name: Restart network - name: Restart network
service: service:
name: network name: network

16
templates/openwrt-getdomains.j2
View File

@@ -22,13 +22,19 @@ start () {
DOMAINS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Ukraine/inside-dnsmasq-ipset.lst DOMAINS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Ukraine/inside-dnsmasq-ipset.lst
{% endif %} {% endif %}
count=0 count=0
maxCount=10
while true; do while true; do
if [ ${count} -eq ${maxCount} ]; then
echo "Break on ${maxCount} attempt"
break
fi
if curl -m 3 github.com; then if curl -m 3 github.com; then
curl -f $DOMAINS --output /tmp/dnsmasq.d/domains.lst curl -f $DOMAINS --output /tmp/dnsmasq.d/domains.lst
break break
else else
echo "GitHub is not available. Check the internet availability [$count]" echo "GitHub is not available. Check the internet availability [$count]"
count=$((count+1)) count=$((count+1))
sleep 5
fi fi
done done
@@ -46,7 +52,12 @@ start () {
mkdir -p $dir mkdir -p $dir
count=0 count=0
maxCount=10
while true; do while true; do
if [ ${count} -eq ${maxCount} ]; then
echo "Break on ${maxCount} attempt"
break
fi
if curl -m 3 https://antifilter.download/; then if curl -m 3 https://antifilter.download/; then
{% if list_subnet %} {% if list_subnet %}
curl -f -z $dir/subnet.lst https://antifilter.download/list/subnet.lst --output $dir/subnet.lst curl -f -z $dir/subnet.lst https://antifilter.download/list/subnet.lst --output $dir/subnet.lst
@@ -56,15 +67,16 @@ start () {
{% endif %} {% endif %}
{% if list_community %} {% if list_community %}
curl -f -z $dir/community.lst https://community.antifilter.download/list/community.lst --output $dir/community.lst curl -f -z $dir/community.lst https://community.antifilter.download/list/community.lst --output $dir/community.lst
{% endif %} {% endif %}
break break
else else
echo "antifilter.download is not available. Check the internet availability [$count]" echo "antifilter.download is not available. Check the internet availability [$count]"
count=$((count+1)) count=$((count+1))
sleep 5
fi fi
done done
echo "Firewall restart" echo "Firewall restart"
/etc/init.d/firewall restart /etc/init.d/firewall restart
{% endif %} {% endif %}
} }