From 2228abd12a3c02ed64d91e4d568c62c53775c67b Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Sun, 1 Nov 2020 14:50:37 +0900 Subject: [PATCH] Set up `go-mmproxy`. --- .../etc/consul.d/service-go-mmproxy.json | 12 ++++++ .../etc/systemd/system/go-mmproxy.service | 17 ++++++++ cookbooks/gitea/setup-go-mmproxy.rb | 39 +++++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json create mode 100644 cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service create mode 100644 cookbooks/gitea/setup-go-mmproxy.rb diff --git a/cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json b/cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json new file mode 100644 index 0000000..f45b065 --- /dev/null +++ b/cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json @@ -0,0 +1,12 @@ +{ + "service": { + "name": "go-mmproxy", + "port": 50021, + "check":{ + "tcp": "localhost:50021", + "interval": "60s", + "timeout": "1s", + "success_before_passing": 3 + } + } +} diff --git a/cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service b/cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service new file mode 100644 index 0000000..cc14caf --- /dev/null +++ b/cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service @@ -0,0 +1,17 @@ +[Unit] +Description=go-mmproxy +After=network.target + +[Service] +Type=simple +LimitNOFILE=65535 +ExecStartPost=/sbin/ip rule add from 127.0.0.1/8 iif lo table 123 +ExecStartPost=/sbin/ip route add local 0.0.0.0/0 dev lo table 123 +ExecStart=/usr/local/bin/go-mmproxy -l 0.0.0.0:50021 -4 127.0.0.1:10022 -v 2 +ExecStopPost=/sbin/ip rule del from 127.0.0.1/8 iif lo table 123 +ExecStopPost=/sbin/ip route del local 0.0.0.0/0 dev lo table 123 +Restart=on-failure +RestartSec=10s + +[Install] +WantedBy=multi-user.target diff --git a/cookbooks/gitea/setup-go-mmproxy.rb b/cookbooks/gitea/setup-go-mmproxy.rb new file mode 100644 index 0000000..f1c81e9 --- /dev/null +++ b/cookbooks/gitea/setup-go-mmproxy.rb @@ -0,0 +1,39 @@ +# Deploy `supervisord` config`: +remote_file '/etc/systemd/system/go-mmproxy.service' do + owner 'root' + group 'root' + mode '644' + + notifies :restart, 'service[go-mmproxy]' +end + +service 'go-mmproxy' do + action [ :enable, :restart ] +end + +# Depoy `consul` service configuration for `gitea`: +remote_file '/etc/consul.d/service-go-mmproxy.json' do + owner 'root' + group 'root' + mode '644' + + notifies :restart, 'service[supervisor]' +end + +# Firewall settings here: +%w( 50021/tcp ).each do |p| + execute "ufw allow #{p}" do + user 'root' + + not_if "LANG=c ufw status | grep #{p}" + + notifies :run, 'execute[ufw reload-or-enable]' + end +end + +execute 'ufw reload-or-enable' do + user 'root' + command 'LANG=C ufw reload | grep skipping && ufw --force enable || exit 0' + + action :nothing +end