# # Cookbook:: esh_go_mmproxy # Resource:: service # # Copyright:: 2023, https://easyself.host # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. unified_mode true property :to, String, required: true, name_property: true property :listen, String default_action :service action :service do listen = new_resource.listen to = new_resource.to systemd_unit "go-mmproxy-#{listen}.service" do content <<~EOU [Unit] Description=go-mmproxy redirect on #{to}, listen on #{listen} Documentation=https://github.com/path-network/go-mmproxy/blob/master/go-mmproxy.service.example After=network.target [Service] Type=simple LimitNOFILE=65535 ExecStartPost=-/sbin/ip rule add from 127.0.0.1/8 iif lo table 123 ExecStartPost=-/sbin/ip route add local 0.0.0.0/0 dev lo table 123 ExecStartPost=-/sbin/ip -6 rule add from ::1/128 iif lo table 123 ExecStartPost=-/sbin/ip -6 route add local ::/0 dev lo table 123 ExecStart=/usr/local/bin/go-mmproxy -4 127.0.0.1:#{to} -6 "[::1]:#{to}" -allowed-subnets /usr/share/path-prefixes.txt -l 0.0.0.0:#{listen} ExecStopPost=-/sbin/ip rule del from 127.0.0.1/8 iif lo table 123 ExecStopPost=-/sbin/ip route del local 0.0.0.0/0 dev lo table 123 ExecStopPost=-/sbin/ip -6 rule del from ::1/128 iif lo table 123 ExecStopPost=-/sbin/ip -6 route del local ::/0 dev lo table 123 Restart=on-failure RestartSec=10s [Install] WantedBy=multi-user.target EOU verify false action :create end service "go-mmproxy-#{listen}" do action [:enable, :start] end end