#!/bin/bash
set -ex

apt update
apt install -y dante-server

useradd socks

cat <<EOF >/etc/danted.conf
logoutput: syslog stdout /var/log/danted.log

internal: enX0 port = 1080
external: enX0

user.privileged: root
user.unprivileged: socks

socksmethod: none
clientmethod: none

socks pass {
        from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
	log: connect disconnect error
}

client pass {
	from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
	log: connect disconnect error
}
EOF

cat <<EOF >/lib/systemd/system/danted.service
[Unit]
Description=SOCKS (v4 and v5) proxy daemon (danted)
Documentation=man:danted(8) man:danted.conf(5)
After=network.target

[Service]
Type=simple
PIDFile=/run/danted.pid
ExecStart=/usr/sbin/danted
ExecStartPre=/bin/sh -c ' \
	uid=`sed -n -e "s/[[:space:]]//g" -e "s/#.*//" -e "/^user\\.privileged/{s/[^:]*://p;q;}" /etc/danted.conf`; \
	if [ -n "$uid" ]; then \
		touch /var/run/danted.pid; \
		chown $uid /var/run/danted.pid; \
	fi \
	'
PrivateTmp=yes
InaccessibleDirectories=/boot /home /media /mnt /opt /root
ReadOnlyDirectories=/bin /etc /lib -/lib64 /sbin /usr /var
ReadWriteDirectories=/var/log
DeviceAllow=/dev/null rw

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
service danted restart