From f12d1c5fa35e5e79549e3f71ea68e62e2c0041f9 Mon Sep 17 00:00:00 2001
From: James Andariese <james@strudelline.net>
Date: Tue, 15 Aug 2023 14:08:24 -0500
Subject: [PATCH] add nordproxy (socks/ss/http/dns through nord)

---
 nordproxy/deployment.yaml | 117 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 117 insertions(+)
 create mode 100644 nordproxy/deployment.yaml

diff --git a/nordproxy/deployment.yaml b/nordproxy/deployment.yaml
new file mode 100644
index 0000000..16b4e0c
--- /dev/null
+++ b/nordproxy/deployment.yaml
@@ -0,0 +1,117 @@
+# kubectl create cm openvpn-config --from-file=vpn.conf=$HOME/Downloads/us6902.nordvpn.com.udp.ovpn
+# kubectl create secret generic openvpn-auth --from-literal=VPN_AUTH='abcdefghijklmnop12345678;qrstuvwxyz0987654321abcd'
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nordproxy
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: nordproxy
+  name: nordproxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nordproxy
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: nordproxy
+    spec:
+      terminationGracePeriodSeconds: 0
+      containers:
+        - image: ginuerzh/gost
+          name: socks5
+          command:
+          - gost
+          - -L
+          - socks5://0.0.0.0:1080
+        - image: ginuerzh/gost
+          name: gost-auto
+          command:
+          - gost
+          - -L
+          - auto://0.0.0.0:4080
+        - image: ginuerzh/gost
+          name: http
+          command:
+          - gost
+          - -L
+          - http://0.0.0.0:8080
+        - image: ginuerzh/gost
+          name: dns
+          command:
+          - gost
+          - -L
+          - dns://:5353?mode=udp&dns=https://cloudflare-dns.com/dns-query
+        - image: dperson/openvpn-client:latest
+          name: vpn
+          command: ["/bin/sh", "-c"]
+          args:
+          - |
+              mkdir -p /dev/net
+              mknod /dev/net/tun c 10 200
+              openvpn.sh
+          env:
+          - name: DNS
+            value: "yes"
+          envFrom:
+          - secretRef:
+              name: openvpn-auth
+          volumeMounts:
+          - mountPath: /vpn/vpn.conf
+            name: config
+            subPath: vpn.conf
+          securityContext:
+            capabilities:
+              add: ["NET_ADMIN","SYS_TIME"]
+      volumes:
+      - configMap:
+          defaultMode: 420
+          name: openvpn-config
+        name: config
+      restartPolicy: Always
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    metallb.universe.tf/allow-shared-ip: 172.16.17.180
+    metallb.universe.tf/loadBalancerIPs: 172.16.17.180
+  labels:
+    app: nordproxy
+  name: nordproxy
+  namespace: nordproxy
+spec:
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - name: dns
+    port: 53
+    protocol: UDP
+    targetPort: 5353
+  - name: socks
+    port: 1080
+    protocol: TCP
+    targetPort: 1080
+  - name: gost-auto
+    port: 4080
+    protocol: TCP
+    targetPort: 4080
+  - name: http
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: nordproxy
+  sessionAffinity: None
+  type: LoadBalancer
+
+
+