[openwrt] bump version, add sing-box

lirundong · Dec 21, 2023 · 50e33ce · 50e33ce
1 parent c111258
commit 50e33ce
Show file tree

Hide file tree

Showing 12 changed files with 61 additions and 36 deletions.
diff --git a/.github/workflows/artifacts-release-nightly.yaml b/.github/workflows/artifacts-release-nightly.yaml
@@ -13,7 +13,7 @@ jobs:
     - name: setup-dependencies
       run: |
         pip3 install --user --upgrade cryptography emoji pycountry pytz pyyaml requests
-    - name: generate-clash-conf
+    - name: generate-proxy-conf
       env:
         PASSWORD: ${{ secrets.MASTER_PASSWORD }}
       run: |
@@ -31,7 +31,7 @@ jobs:
       env:
         PASSWORD: ${{ secrets.MASTER_PASSWORD }}
         TARGET: x86/64
-        VERSION: '23.05.0'
+        VERSION: '23.05.2'
         REPOSITORY: https://downloads.openwrt.org
         GCC_VERSION: 12.3.0_musl
         WORK_DIR: ${{ github.workspace }}/openwrt

diff --git a/conf-gen/source.yaml b/conf-gen/source.yaml
@@ -553,10 +553,10 @@ generates:
   experimental:
     clash_api:
       external_controller: :9090
-      external_ui: /root/.config/clash/clash-dashboard
+      external_ui: /root/.config/sing-box/ui
       secret: '@secret:CLASH_SECRET'
       # TODO: Move cache related options to cache_file once sing-box 1.8 release.
-      cache_file: /tmp/sing-box-cache.db
+      cache_file: /root/.config/sing-box/cache.db
       store_mode: true
       store_selected: true
       store_fakeip: true
diff --git a/openwrt-builder/build.sh b/openwrt-builder/build.sh
@@ -29,42 +29,44 @@ else
 fi
 pushd $WORK_DIR
 
-# Cross-compiled projects.
+# OpenWRT cross-compilation SDK.
 curl -sSLO $SDK_URL
-tar -Jxf $SDK.tar.xz
+tar -xf $SDK.tar.xz
 STAGING_DIR=$(realpath -- $SDK/staging_dir)
 SDK_BIN_DIR=$(realpath -- $SDK/staging_dir/toolchain-${TARGET/\//_}_gcc-$GCC_VERSION/bin)
-# VLMCSD.
-git clone https://github.com/Wind4/vlmcsd.git
-pushd vlmcsd
-STAGING_DIR=$STAGING_DIR PATH=$SDK_BIN_DIR:$PATH make CC=${TARGET/\//_}-openwrt-linux-gcc LD=${TARGET/\//_}-openwrt-linux-ld
-chmod +x bin/vlmcs bin/vlmcsd
-popd
+SDK_CC=${SDK_BIN_DIR}/${TARGET/\//_}-openwrt-linux-gcc
+SDK_LD=${SDK_BIN_DIR}/${TARGET/\//_}-openwrt-linux-ld
 
 # Prepare custom files.
 $ROOT_DIR/common/secret_decoder.py -r $SRC_DIR/files ./files -e '.*skip$' '__pycache__'
 mkdir -p files/usr/bin files/root
 CUSTOM_FILES_DIR=$(realpath -- ./files)
-# Clash.
-CLASH_VERSION=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/Dreamacro/clash/releases/latest | grep -Po 'v\K\d+\.\d+\.\d+')
-curl -sSL https://github.com/Dreamacro/clash/releases/download/v$CLASH_VERSION/clash-linux-amd64-v3-v$CLASH_VERSION.gz -o clash.gz
-gzip -d clash.gz
-chmod +x clash
-mv clash $CUSTOM_FILES_DIR/usr/bin/
-# Clash config and dashboard.
-mkdir -p $CUSTOM_FILES_DIR/root/.config/clash
-git clone https://github.com/Dreamacro/clash-dashboard.git --branch=gh-pages --single-branch --depth=1 $CUSTOM_FILES_DIR/root/.config/clash/clash-dashboard
-$ROOT_DIR/conf-gen/generate.py -s $ROOT_DIR/conf-gen/source.yaml -o clash-conf/
-cp clash-conf/clash-daemon.yaml $CUSTOM_FILES_DIR/root/.config/clash/config.yaml
-curl -sSL https://github.com/Dreamacro/maxmind-geoip/releases/latest/download/Country.mmdb -o $CUSTOM_FILES_DIR/root/.config/clash/Country.mmdb
-# Naive proxy.
-NAIVE_PROXY_VERSION=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/klzgrad/naiveproxy/releases/latest | grep -Po 'v\d+\.\d+\.\d+\.\d+-\d+')
-curl -sSLO "https://github.com/klzgrad/naiveproxy/releases/download/${NAIVE_PROXY_VERSION}/naiveproxy-${NAIVE_PROXY_VERSION}-openwrt-x86_64.tar.xz"
-tar -Jxvf naiveproxy-${NAIVE_PROXY_VERSION}-openwrt-x86_64.tar.xz
-cp naiveproxy-${NAIVE_PROXY_VERSION}-openwrt-x86_64/naive $CUSTOM_FILES_DIR/usr/bin/
-chmod +x $CUSTOM_FILES_DIR/usr/bin/naive
+
+# Sing-Box.
+SING_BOX_VERSION=${SING_BOX_VERSION:-$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/SagerNet/sing-box/releases/latest | grep -Po 'v\K\d+\.\d+\.\d+')}
+curl -sSL https://github.com/SagerNet/sing-box/releases/download/v${SING_BOX_VERSION}/sing-box-${SING_BOX_VERSION}-linux-amd64v3.tar.gz -o sing-box.tar.gz
+tar -xf sing-box-tar.gz
+chmod +x sing-box-${SING_BOX_VERSION}-linux-amd64v3/sing-box
+mv sing-box-${SING_BOX_VERSION}-linux-amd64v3/sing-box $CUSTOM_FILES_DIR/usr/bin/
+
+# Sing-Box web dashbord.
+mkdir -p $CUSTOM_FILES_DIR/root/.config/sing-box
+curl -sSLO https://github.com/MetaCubeX/yacd/archive/gh-pages.zip
+unzip gh-pages.zip
+mv Yacd-meta-gh-pages $CUSTOM_FILES_DIR/root/.config/sing-box/ui
+
+# Sing-Box config.
+$ROOT_DIR/conf-gen/generate.py -s $ROOT_DIR/conf-gen/source.yaml -o generated-conf/
+cp generated-conf/sing-box-daemon.json $CUSTOM_FILES_DIR/root/.config/sing-box/config.json
+
 # VLMCSD.
+git clone https://github.com/Wind4/vlmcsd.git
+pushd vlmcsd
+STAGING_DIR=$STAGING_DIR PATH=$SDK_BIN_DIR:$PATH make CC=${SDK_CC} LD=${SDK_LD}
+chmod +x bin/vlmcs bin/vlmcsd
+popd
 cp vlmcsd/bin/vlmcs vlmcsd/bin/vlmcsd $CUSTOM_FILES_DIR/usr/bin/
+
 # DDNS.
 rsync -aP --exclude='__pycache__' $ROOT_DIR/common $CUSTOM_FILES_DIR/root/
 rsync -aP --exclude='__pycache__' $ROOT_DIR/util-cookbook/tencent-cloud $CUSTOM_FILES_DIR/root/util-cookbook/

diff --git a/openwrt-builder/files/etc/crontabs/root b/openwrt-builder/files/etc/crontabs/root
@@ -1,2 +1,2 @@
-30 0 * * * curl -x http://@secret:CLASH_PROXY_USERNAME:@secret:[email protected]:10081 -sSL https://github.com/lirundong/homelab-infra/releases/download/nightly/clash-daemon.yaml.gpg | gpg --batch --passphrase="@secret:MASTER_PASSWORD" --yes -o /root/.config/clash/config.yaml -d && /etc/init.d/clash reload
+30 0 * * * curl -x http://@secret:CLASH_PROXY_USERNAME:@secret:[email protected]:10081 -sSL https://github.com/lirundong/homelab-infra/releases/download/nightly/sing-box-daemon.json.gpg | gpg --batch --passphrase="@secret:MASTER_PASSWORD" --yes -o /root/.config/sing-box/config.json -d && /etc/init.d/sing-box reload
 */15 * * * * PASSWORD="@secret:MASTER_PASSWORD" /usr/bin/timeout -k 3m 1m /usr/bin/python3 /root/util-cookbook/tencent-cloud/register_dns.py -d @secret:DOMAIN -s @secret:DDNS_HOSTNAME -i pppoe-wan --get-ipv4-method taobao --get-ipv6-method ifaddr
diff --git a/openwrt-builder/files/etc/init.d/clash → openwrt-builder/files/etc/init.d/clash.skip b/openwrt-builder/files/etc/init.d/clash → openwrt-builder/files/etc/init.d/clash.skip
diff --git a/openwrt-builder/files/etc/init.d/naiveproxy → ...-builder/files/etc/init.d/naiveproxy.skip b/openwrt-builder/files/etc/init.d/naiveproxy → ...-builder/files/etc/init.d/naiveproxy.skip
diff --git a/openwrt-builder/files/etc/init.d/sing-box b/openwrt-builder/files/etc/init.d/sing-box
@@ -5,11 +5,11 @@ START=99
 STOP=01
 
 start_service() {
-  local sing_box_root=/tmp/.config/sing-box
+  local sing_box_root=/root/.config/sing-box
   local sing_box_config=${sing_box_root}/config.json
 
   procd_open_instance "sing-box-daemon"
-  procd_set_param command /tmp/bin/sing-box run -c ${sing_box_config}
+  procd_set_param command /usr/bin/sing-box run -c ${sing_box_config}
   procd_set_param file ${sing_box_config}
   procd_set_param stdout 1
   procd_set_param stderr 1
@@ -18,7 +18,7 @@ start_service() {
 }
 
 reload_service() {
-  local sing_box_root=/tmp/.config/sing-box
+  local sing_box_root=/root/.config/sing-box
   local sing_box_config=${sing_box_root}/config.json
   local clash_secret=@secret:CLASH_SECRET
 

diff --git a/.../files/etc/nftables.d/99-clash-tproxy.nft → ...s/etc/nftables.d/99-clash-tproxy.nft.skip b/.../files/etc/nftables.d/99-clash-tproxy.nft → ...s/etc/nftables.d/99-clash-tproxy.nft.skip
diff --git a/openwrt-builder/files/etc/nftables.d/99-sing-box.nft b/openwrt-builder/files/etc/nftables.d/99-sing-box.nft
@@ -12,7 +12,6 @@ set direct_macs {
     type ether_addr
     elements = {
         00:11:32:ac:77:2e, # synonas eth0
-        64:ff:0a:4b:8c:c1, # Sony-TV WiFi
         00:e4:21:6a:eb:a3, # PS5 WiFi
         00:e4:21:fd:9f:0b, # PS5 Ethernet
         16:43:4b:30:19:84, # qemu-win10-compute

diff --git a/openwrt-builder/files/etc/uci-defaults/99-firewall.sh b/openwrt-builder/files/etc/uci-defaults/99-firewall.sh
@@ -1,5 +1,24 @@
 #!/bin/sh
 
+# ==============================================================================
+#   Zone rules.
+# ==============================================================================
+# Create a zone for sing-box tunnels and enable approperate forwardings.
+zone_id=$(uci add firewall zone)
+uci set firewall.$zone_id.name='sing-box'
+uci set firewall.$zone_id.device='tun+'
+uci set firewall.$zone_id.input='ACCEPT'
+uci set firewall.$zone_id.output='ACCEPT'
+uci set firewall.$zone_id.forward='REJECT'
+
+forwarding_id=$(uci add firewall forwarding)
+uci set firewall.$forwarding_id.src='sing-box'
+uci set firewall.$forwarding_id.dest='lan'
+
+forwarding_id=$(uci add firewall forwarding)
+uci set firewall.$forwarding_id.src='lan'
+uci set firewall.$forwarding_id.dest='sing-box'
+
 # ==============================================================================
 #   Input rules.
 # ==============================================================================

diff --git a/...files/root/.config/naiveproxy/config.json → .../root/.config/naiveproxy/config.json.skip b/...files/root/.config/naiveproxy/config.json → .../root/.config/naiveproxy/config.json.skip
diff --git a/openwrt-builder/packages/23.05.0.txt → openwrt-builder/packages/23.05.2.txt b/openwrt-builder/packages/23.05.0.txt → openwrt-builder/packages/23.05.2.txt
@@ -2,10 +2,15 @@ ca-bundle
 coreutils-timeout
 curl
 gnupg
+htop
 kmod-nft-tproxy
+kmod-tun
 luci
 python3-cryptography
 python3-ifaddr
 python3-requests
 python3-yaml
-qemu-ga
+qemu-ga
+vim-fuller
+vim-help
+vim-runtime