diff options
| author | fokx | 2023-05-05 20:42:39 +0800 |
|---|---|---|
| committer | fokx | 2023-05-05 20:42:39 +0800 |
| commit | ec156192455db8deb2d5ffc5b47ad697e315b817 (patch) | |
| tree | 6271e99cab6496dba3432fe4c7ef6ab48ad1fa72 | |
| download | aur-ec156192455db8deb2d5ffc5b47ad697e315b817.tar.gz | |
init
| -rw-r--r-- | .SRCINFO | 23 | ||||
| -rw-r--r-- | PKGBUILD | 47 | ||||
| -rw-r--r-- | client.json | 22 | ||||
| -rw-r--r-- | server.json | 15 | ||||
| -rw-r--r-- | tuic.sysusers | 1 | ||||
| -rw-r--r-- | tuicc@.service | 48 | ||||
| -rw-r--r-- | tuics@.service | 21 |
7 files changed, 177 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..7a9e1809cb06 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,23 @@ +pkgbase = tuic + pkgdesc = Delicately-TUICed 0-RTT proxy server and client + pkgver = 0.8.5 + pkgrel = 1 + url = https://github.com/EAimTY/tuic + arch = x86_64 + license = GPL3 + makedepends = rust + makedepends = git + source = tuic::git+https://github.com/EAimTY/tuic + source = client.json + source = server.json + source = tuic.sysusers + source = tuicc@.service + source = tuics@.service + b2sums = SKIP + b2sums = d471a743a0b9dd3f58ace81ebea40cf42812b0d980f72fdb358452de256d65b064e9b427d9ad528abd6b23ceadfca758ec0e7426e69c6299ae4202d4daf6d57d + b2sums = 2da39cc99b576ac0c3052489d91a01623aee24dbf835a8ef96e2095a19c9505bc78b63eadc9e5f79937737e02be0292894397e14a8e4da73fbab30d47004a50e + b2sums = 6f65065fff93d97ff528aafbf4d5b891587263162003681c8ec59f932673d4484237cbea4a32680d1c7d3d78d97ccfd9ea8d816bf740dd638929df3a5ad88034 + b2sums = ee32f841a33e3c71bc957ef622fdc93fc4779b0cb593ddae0c85e4d573e2339f0a0b2630874a504bb180cafcd3b4229bdcefff349ad4f46466d49539693036a4 + b2sums = 955d2447f08f6762ba23f67796b34bba466dc8860d389fd7899ac0b68ac9153770757205d965056a5161b7515042a722a7dd683149b3dee3a777453ec2b2b34d + +pkgname = tuic diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..173d08399da3 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,47 @@ +# Maintainer: soh @ AUR + +pkgname=tuic +pkgver=0.8.5 +pkgrel=1 +pkgdesc='Delicately-TUICed 0-RTT proxy server and client' +arch=('x86_64') +url=https://github.com/EAimTY/tuic +license=('GPL3') +depends=() +makedepends=('rust' 'git') +source=("${pkgname}::git+$url" + client.json + server.json + tuic.sysusers + tuicc@.service + tuics@.service +) +b2sums=('SKIP' + 'd471a743a0b9dd3f58ace81ebea40cf42812b0d980f72fdb358452de256d65b064e9b427d9ad528abd6b23ceadfca758ec0e7426e69c6299ae4202d4daf6d57d' + '2da39cc99b576ac0c3052489d91a01623aee24dbf835a8ef96e2095a19c9505bc78b63eadc9e5f79937737e02be0292894397e14a8e4da73fbab30d47004a50e' + '6f65065fff93d97ff528aafbf4d5b891587263162003681c8ec59f932673d4484237cbea4a32680d1c7d3d78d97ccfd9ea8d816bf740dd638929df3a5ad88034' + 'ee32f841a33e3c71bc957ef622fdc93fc4779b0cb593ddae0c85e4d573e2339f0a0b2630874a504bb180cafcd3b4229bdcefff349ad4f46466d49539693036a4' + '955d2447f08f6762ba23f67796b34bba466dc8860d389fd7899ac0b68ac9153770757205d965056a5161b7515042a722a7dd683149b3dee3a777453ec2b2b34d') + + +prepare() { + cd $pkgname + git submodule sync --recursive; git submodule foreach -q git config remote.origin.url; git submodule update --init --recursive --remote + git checkout $pkgver +} + +build() { + cd $pkgname + cargo build --release +} + +package() { + cd $pkgname + install -Dm644 "${srcdir}/tuic.sysusers" "${pkgdir}/usr/lib/sysusers.d/tuic.conf" + install -Dm755 "target/release/$pkgname-client" -t "${pkgdir}/usr/bin/" + install -Dm755 "target/release/$pkgname-server" -t "${pkgdir}/usr/bin/" + install -dm755 "${pkgdir}/etc/tuic" + install -Dm644 "${srcdir}/client.json" "${srcdir}/server.json" -t "${pkgdir}/etc/tuic/" + install -Dm644 "${srcdir}/tuicc@.service" "${srcdir}/tuics@.service" -t "${pkgdir}/usr/lib/systemd/system/" + install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/$pkgname/LICENSE" +} diff --git a/client.json b/client.json new file mode 100644 index 000000000000..0f8374702615 --- /dev/null +++ b/client.json @@ -0,0 +1,22 @@ +{ + "relay": { + "server": "<my server domain>", + "port": 443, + "token": "mypassword", + "ip": "<my server ip>", + "udp_relay_mode": "native", + "congestion_controller": "bbr", + "heartbeat_interval": 10000, + "alpn": ["h3"], + "disable_sni": false, + "reduce_rtt": false, + "request_timeout": 8000, + "max_udp_relay_packet_size": 1500 + }, + "local": { + "port": 1080, + "ip": "127.0.0.1" + }, + "log_level": "info" +} + diff --git a/server.json b/server.json new file mode 100644 index 000000000000..837e1edd6bb5 --- /dev/null +++ b/server.json @@ -0,0 +1,15 @@ +{ + "port": 443, + "token": ["myPassword1", "myPassword2"], + "certificate": "/etc/tuic/cer", + "private_key": "/etc/tuic/key", + + "ip": "0.0.0.0", + "congestion_controller": "bbr", + "max_idle_time": 15000, + "authentication_timeout": 1000, + "alpn": ["h3"], + "max_udp_relay_packet_size": 1500, + "log_level": "info" +} + diff --git a/tuic.sysusers b/tuic.sysusers new file mode 100644 index 000000000000..796d1e0e5eb8 --- /dev/null +++ b/tuic.sysusers @@ -0,0 +1 @@ +u tuic - "tuic daemon" /etc/tuic diff --git a/tuicc@.service b/tuicc@.service new file mode 100644 index 000000000000..f3426c4287f0 --- /dev/null +++ b/tuicc@.service @@ -0,0 +1,48 @@ +[Unit] +Description=tuic client +After=network-online.target + +[Service] +Type=simple +User=tuic +Restart=on-failure +RestartSec=5s +ExecStart=/usr/bin/tuic-client-0.8 -c /etc/tuic/%i.json +# Proc filesystem +ProcSubset=pid +ProtectProc=invisible +# Capabilities +CapabilityBoundingSet= +# Security +NoNewPrivileges=true +# Sandboxing +ProtectSystem=strict +PrivateTmp=true +PrivateDevices=true +PrivateUsers=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +ProtectHome=true +RestrictAddressFamilies=AF_INET +RestrictAddressFamilies=AF_INET6 +RestrictAddressFamilies=AF_NETLINK +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=true +LockPersonality=true +RestrictRealtime=true +RestrictSUIDSGID=true +RemoveIPC=true +PrivateMounts=true +ProtectClock=true +# System Call Filtering +SystemCallArchitectures=native +SystemCallFilter=~@cpu-emulation @debug @keyring @ipc @mount @obsolete @privileged @setuid +SystemCallFilter=pipe +SystemCallFilter=pipe2 + +[Install] +WantedBy=default.target + diff --git a/tuics@.service b/tuics@.service new file mode 100644 index 000000000000..7629e36e2a4e --- /dev/null +++ b/tuics@.service @@ -0,0 +1,21 @@ +[Unit] +Description=tuic server +Documentation=https://github.com/EAimTY/tuic/ +After=network.target network-online.target +Requires=network-online.target + +[Service] +User=tuic +Group=tuic +ExecStart=/usr/bin/tuic-server -c /etc/tuic/%i.json +ExecReload=/usr/bin/tuic-server -c /etc/tuic/%i.json +TimeoutStopSec=5s +LimitNOFILE=1048576 +LimitNPROC=512 +PrivateTmp=true +ProtectSystem=full +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target + |