darkk/sshmole

## sshmole
#!/bin/sh /etc/rc.common

# NB: instance name is pure alpha-numeric, it can't have dashes!!!
#
# ==> /etc/config/sshmole <==
# config sshmole consrv
#	option remote 4242
#	option srv tun-user-c25ca8ab@consrv.example.org
#	option respawn_retry 0 ~~ disables stop-on-crashloop
#	option respawn_timeout 15 ~~ is sleep() between restarts

START=99
USE_PROCD=1

validate_section_sshmole() {
	uci_validate_section sshmole sshmole "${1}" \
		'local:port:22' \
		'remote:port' \
		'srv:string' \
		'respawn_threshold:uinteger:600' \
		'respawn_timeout:uinteger:15' \
		'respawn_retry:uinteger:0' \
		'enable:bool:1'
}

sshmole_instance () {
	local local remote srv enable respawn_threshold respawn_timeout respawn_retry
	validate_section_sshmole "${1}" || {
		echo "validation failed"
		return 1
	}

	[ "$enable" = "0" -o -z "$srv" -o -z "$remote" ] && return 1

	rm -f /tmp/sshmole-meet."$1"
	cat >/tmp/sshmole-meet."$1" <<EOF
#!/bin/sh -x
# to cache server host key /etc/sshmole/.ssh/known_hosts
exec env HOME=/etc/sshmole start-stop-daemon -c network:network -x /usr/bin/ssh -S -- -i /etc/sshmole/id "${srv}" date
EOF
	chmod +x /tmp/sshmole-meet."$1"

	procd_open_instance "$1"
	procd_set_param command /usr/bin/ssh \
		-o ExitOnForwardFailure=yes \
		-N -T -i /etc/sshmole/id -K 40 \
		-R "127.0.0.1:${remote}:127.0.0.1:${local}" \
		"${srv}"
	procd_set_param env HOME=/etc/sshmole
	# respawn_count = (runtime < respawn_threshold) ? (respawn_count + 1) : 0;
	# if (respawn_count > respawn_retry && respawn_retry > 0) {
	#   LOG("Instance %s::%s s in a crash loop %d crashes, %ld seconds since last crash\n", ...
	# } else {
	#  uloop_timeout_set(&timeout, respawn_timeout * 1000); ...
	# }
	# -- https://git.openwrt.org/?p=project/procd.git;a=blob;f=service/instance.c;h=a5742b7300d0b9075a605126b9574f3da0c13190;hb=HEAD#l551
	procd_set_param respawn "$respawn_threshold" "$respawn_timeout" "$respawn_retry"
	procd_set_param stdout 1 # forward to logd
	procd_set_param stderr 1 # same for stderr
	procd_set_param user network
	procd_close_instance
}

start_service() {
	if [ ! -f /etc/sshmole/.ssh/known_hosts ]; then
		mkdir -p /etc/sshmole/.ssh
		touch /etc/sshmole/.ssh/known_hosts
		chown network:network /etc/sshmole/.ssh/known_hosts
	fi
	if [ ! -f /etc/sshmole/id ]; then
		dropbearkey -t rsa -s 2048 -f /etc/sshmole/id
		dropbearkey -y -f /etc/sshmole/id | grep ^ssh >/etc/sshmole/id.pub
		chown network:network /etc/sshmole/id /etc/sshmole/id.pub
	fi

	config_load sshmole
	config_foreach sshmole_instance sshmole
}
	#!/bin/sh /etc/rc.common

	# NB: instance name is pure alpha-numeric, it can't have dashes!!!
	#
	# ==> /etc/config/sshmole <==
	# config sshmole consrv
	# option remote 4242
	# option srv tun-user-c25ca8ab@consrv.example.org
	# option respawn_retry 0 ~~ disables stop-on-crashloop
	# option respawn_timeout 15 ~~ is sleep() between restarts

	START=99
	USE_PROCD=1

	validate_section_sshmole() {
	uci_validate_section sshmole sshmole "${1}" \
	'local:port:22' \
	'remote:port' \
	'srv:string' \
	'respawn_threshold:uinteger:600' \
	'respawn_timeout:uinteger:15' \
	'respawn_retry:uinteger:0' \
	'enable:bool:1'
	}

	sshmole_instance () {
	local local remote srv enable respawn_threshold respawn_timeout respawn_retry
	validate_section_sshmole "${1}" \|\| {
	echo "validation failed"
	return 1
	}

	[ "$enable" = "0" -o -z "$srv" -o -z "$remote" ] && return 1

	rm -f /tmp/sshmole-meet."$1"
	cat >/tmp/sshmole-meet."$1" <<EOF
	#!/bin/sh -x
	# to cache server host key /etc/sshmole/.ssh/known_hosts
	exec env HOME=/etc/sshmole start-stop-daemon -c network:network -x /usr/bin/ssh -S -- -i /etc/sshmole/id "${srv}" date
	EOF
	chmod +x /tmp/sshmole-meet."$1"

	procd_open_instance "$1"
	procd_set_param command /usr/bin/ssh \
	-o ExitOnForwardFailure=yes \
	-N -T -i /etc/sshmole/id -K 40 \
	-R "127.0.0.1:${remote}:127.0.0.1:${local}" \
	"${srv}"
	procd_set_param env HOME=/etc/sshmole
	# respawn_count = (runtime < respawn_threshold) ? (respawn_count + 1) : 0;
	# if (respawn_count > respawn_retry && respawn_retry > 0) {
	# LOG("Instance %s::%s s in a crash loop %d crashes, %ld seconds since last crash\n", ...
	# } else {
	# uloop_timeout_set(&timeout, respawn_timeout * 1000); ...
	# }
	# -- https://git.openwrt.org/?p=project/procd.git;a=blob;f=service/instance.c;h=a5742b7300d0b9075a605126b9574f3da0c13190;hb=HEAD#l551
	procd_set_param respawn "$respawn_threshold" "$respawn_timeout" "$respawn_retry"
	procd_set_param stdout 1 # forward to logd
	procd_set_param stderr 1 # same for stderr
	procd_set_param user network
	procd_close_instance
	}

	start_service() {
	if [ ! -f /etc/sshmole/.ssh/known_hosts ]; then
	mkdir -p /etc/sshmole/.ssh
	touch /etc/sshmole/.ssh/known_hosts
	chown network:network /etc/sshmole/.ssh/known_hosts
	fi
	if [ ! -f /etc/sshmole/id ]; then
	dropbearkey -t rsa -s 2048 -f /etc/sshmole/id
	dropbearkey -y -f /etc/sshmole/id \| grep ^ssh >/etc/sshmole/id.pub
	chown network:network /etc/sshmole/id /etc/sshmole/id.pub
	fi

	config_load sshmole
	config_foreach sshmole_instance sshmole
	}