2018-03-05 17:01:34 +00:00
|
|
|
kernel:
|
2019-04-19 17:06:14 +00:00
|
|
|
image: linuxkit/kernel:4.9.165
|
2019-03-10 18:32:59 +00:00
|
|
|
# cmdline: "console=ttyS0 console=tty0"
|
|
|
|
# cmdline: "console=tty0 console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.net=easy"
|
2019-03-14 05:46:09 +00:00
|
|
|
cmdline: "console=tty0 console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.format=/dev/sda quiet"
|
2018-03-05 17:01:34 +00:00
|
|
|
|
|
|
|
init:
|
2019-04-19 17:06:14 +00:00
|
|
|
- nemunaire/adlin-tuto2:017a5c0b4eb825e9f7f979e7261fa17573ee3c58
|
2018-03-05 17:01:34 +00:00
|
|
|
|
|
|
|
files:
|
|
|
|
- path: etc/hostname
|
|
|
|
contents: |
|
|
|
|
adlin2
|
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
- path: etc/resolv.conf
|
|
|
|
contents: |
|
|
|
|
nameserver 9.9.9.9
|
2019-03-14 05:46:09 +00:00
|
|
|
nameserver 1.1.1.1
|
2018-03-05 17:01:34 +00:00
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
- path: etc/systemd/network/49-main.link
|
|
|
|
contents: |
|
|
|
|
[Match]
|
|
|
|
OriginalName=eth0
|
|
|
|
[Link]
|
|
|
|
Name=eth0
|
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
- path: etc/systemd/network/50-dhcp.network
|
|
|
|
contents: |
|
|
|
|
[Match]
|
|
|
|
Name=eth0
|
|
|
|
[Network]
|
|
|
|
DHCP=yes
|
2019-03-14 05:46:09 +00:00
|
|
|
IPv6AcceptRA=no
|
|
|
|
LinkLocalAddressing=no
|
2018-03-05 17:01:34 +00:00
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
- path: init
|
|
|
|
contents: |
|
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
# /proc/cmdline parser (from Gentoo Wiki)
|
|
|
|
cmdline() {
|
|
|
|
local value
|
|
|
|
value=" $(cat /proc/cmdline) "
|
|
|
|
value="${value#* $1=}"
|
|
|
|
value="${value%% *}"
|
|
|
|
[ "$value" != "" ] && echo "$value"
|
|
|
|
}
|
|
|
|
|
|
|
|
# Hide us!
|
|
|
|
/bin/rm -f /init /linuxrc
|
|
|
|
|
|
|
|
mount -n -t devtmpfs devtmpfs /dev
|
|
|
|
mount -n -t proc proc /proc
|
|
|
|
#mount -n -t tmpfs run /run
|
|
|
|
#mount -m -t sysfs sys /sys
|
|
|
|
|
|
|
|
INITP=$(cmdline init)
|
|
|
|
[ -z "$INITP" ] && INITP=/lib/systemd/systemd
|
2019-03-14 05:46:09 +00:00
|
|
|
WGTOKEN=$(cmdline adlin.token)
|
2018-03-05 17:01:34 +00:00
|
|
|
|
|
|
|
|
|
|
|
ROOTFS=$(cmdline root)
|
|
|
|
echo "rootfs=$ROOTFS"
|
|
|
|
[ -z "$ROOTFS" ] && { echo "No root= provided, continuing on initramfs only."; exec "${INITP}"; }
|
|
|
|
[ "$ROOTFS" = "/dev/sr0" ] && { echo "No root= provided, continuing on initramfs only."; exec "${INITP}"; }
|
2019-03-15 18:09:15 +00:00
|
|
|
[ -b "$ROOTFS" -a -z "$(cmdline adlin.alwaysformat)" ] || {
|
2018-03-05 17:01:34 +00:00
|
|
|
FORMATDD=$(cmdline adlin.format)
|
2019-03-15 18:09:15 +00:00
|
|
|
[ -b "$FORMATDD" ] && { echo "o\nn\np\n1\n\n\np\nw\nq\n" | fdisk "${FORMATDD}" && mkfs.ext4 -q "$FORMATDD"1; }
|
2018-03-05 17:01:34 +00:00
|
|
|
[ -b "$ROOTFS" ] || { echo "Invalid provided rootfs: not a valid block device."; exit 1; }
|
|
|
|
}
|
|
|
|
|
2019-03-14 05:46:09 +00:00
|
|
|
|
2018-03-05 17:01:34 +00:00
|
|
|
mkdir -p /overlay
|
|
|
|
/bin/mount -n -t tmpfs none /overlay
|
|
|
|
/bin/mkdir -p /overlay/rwdata
|
|
|
|
/bin/mkdir -p /overlay/robase
|
|
|
|
/bin/mkdir -p /overlay/combined
|
|
|
|
/bin/mount --bind / /overlay/robase
|
|
|
|
|
|
|
|
ovr_rwdata=/overlay/rwdata
|
|
|
|
ovr_robase=/overlay/robase
|
|
|
|
ovr_combined=/overlay/combined
|
|
|
|
|
|
|
|
# Prepare filesystem for local data storage...
|
|
|
|
/bin/mkdir -p ${ovr_rwdata}
|
|
|
|
/bin/mount -n "${ROOTFS}" ${ovr_rwdata} || { echo "Unable to mount rootfs."; exit 2; }
|
|
|
|
|
|
|
|
mkdir -p ${ovr_rwdata}/data
|
|
|
|
mkdir -p ${ovr_rwdata}/work
|
|
|
|
/bin/mount -n -t overlay -o upperdir=${ovr_rwdata}/data,workdir=${ovr_rwdata}/work,lowerdir=${ovr_robase} overlay ${ovr_combined} || { echo "Unable to create overlayfs."; exit 3; }
|
|
|
|
|
|
|
|
/bin/umount -n /proc
|
|
|
|
|
|
|
|
/bin/mkdir -p ${ovr_combined}/overlay/rwdata
|
|
|
|
/bin/mount -n --move ${ovr_rwdata} ${ovr_combined}/overlay/rwdata
|
|
|
|
/bin/mkdir -p ${ovr_combined}/overlay/robase
|
|
|
|
/bin/mount -n --move ${ovr_robase} ${ovr_combined}/overlay/robase
|
|
|
|
/bin/mkdir -p ${ovr_combined}/overlay/pivot
|
|
|
|
|
|
|
|
cd ${ovr_combined}
|
|
|
|
|
2019-03-14 05:46:09 +00:00
|
|
|
mount --move /dev dev
|
2018-03-05 17:01:34 +00:00
|
|
|
mount --move . /
|
|
|
|
/bin/umount -n /overlay
|
2019-03-14 05:46:09 +00:00
|
|
|
|
2019-03-31 14:07:19 +00:00
|
|
|
[ -f "etc/adlin.init" ] && source etc/adlin.init
|
2019-03-15 17:28:38 +00:00
|
|
|
|
2019-03-14 05:46:09 +00:00
|
|
|
# Setting up wireguard tunnel
|
|
|
|
[ -z "${WGTOKEN}" ] && [ -f "etc/adlin.token" ] && WGTOKEN=$(cat etc/adlin.token)
|
|
|
|
[ -z "${WGTOKEN}" ] && {
|
2019-03-31 14:07:19 +00:00
|
|
|
echo
|
2019-03-14 05:46:09 +00:00
|
|
|
echo -n "You didn't define your token to connect the network. Please copy it here now: "
|
|
|
|
read WGTOKEN
|
|
|
|
}
|
|
|
|
/sbin/sysctl -w net.ipv6.conf.eth0.autoconf=0
|
2019-03-31 14:07:19 +00:00
|
|
|
/bin/ip link set up dev eth0 || { /sbin/modprobe e1000; /bin/ip link set up dev eth0; }
|
2019-03-14 05:46:09 +00:00
|
|
|
/bin/busybox udhcpc -n -q
|
|
|
|
[ -f "etc/wireguard/adlin.conf" ] && WGPRVKEY=$(sed 's/^.*PrivateKey *= *//p;d' etc/wireguard/adlin.conf)
|
|
|
|
[ -z "${WGPRVKEY}" ] && WGPRVKEY=$(/usr/bin/wg genkey)
|
|
|
|
WGPUBKEY=$(echo $WGPRVKEY | /usr/bin/wg pubkey)
|
|
|
|
while ! { echo "[Interface]\nPrivateKey = ${WGPRVKEY}"; /usr/sbin/chroot . /usr/bin/curl -f -d '{"pubkey": "'$WGPUBKEY'"}' https://adlin.nemunai.re/api/wg/$(echo -n "$WGTOKEN" | /usr/bin/sha512sum | /usr/bin/cut -d ' ' -f 1); } > etc/wireguard/adlin.conf
|
|
|
|
do
|
|
|
|
echo ""
|
|
|
|
echo "****************************************"
|
|
|
|
echo "******* SWITCHING TO RESCUE MODE *******"
|
|
|
|
echo "****************************************"
|
|
|
|
echo ""
|
|
|
|
echo "Sorry, I was unable to establish a connection to adlin.nemunai.re."
|
|
|
|
echo "Please verify that your primary network interface can obtain an IPv4 through DHCP."
|
|
|
|
echo ""
|
2019-03-15 17:26:12 +00:00
|
|
|
echo "If curl report a 400 error, then you probably mistyped the token, you should reboot now."
|
|
|
|
echo ""
|
2019-03-14 05:46:09 +00:00
|
|
|
echo "Dropping to a shell, please fix your network, then press Ctrl+D or exit to retry."
|
|
|
|
echo ""
|
|
|
|
echo "****************************************"
|
|
|
|
echo ""
|
|
|
|
/bin/busybox cttyhack /usr/sbin/chroot . /bin/sh
|
|
|
|
echo "Retrying connection..."
|
|
|
|
done
|
2019-03-15 17:26:12 +00:00
|
|
|
echo -n "${WGTOKEN}" > etc/adlin.token
|
2019-03-14 05:46:09 +00:00
|
|
|
/sbin/modprobe wireguard
|
|
|
|
/bin/ip link add dev wg0 type wireguard
|
|
|
|
/usr/bin/wg setconf wg0 etc/wireguard/adlin.conf
|
|
|
|
/bin/ip address add dev wg0 $(sed 's/^.*MyIPv6=//p;d' etc/wireguard/adlin.conf)
|
|
|
|
/bin/ip link set up dev wg0
|
|
|
|
/bin/ip -6 route del default
|
|
|
|
/bin/ip -6 route add default via $(sed 's/^.*GWIPv6=//p;d' etc/wireguard/adlin.conf) pref high
|
|
|
|
|
|
|
|
# To the user
|
2018-03-05 17:01:34 +00:00
|
|
|
exec /usr/sbin/chroot . "${INITP}"
|
|
|
|
mode: "0755"
|
|
|
|
|
|
|
|
# - path: etc/systemd/system/systemd-networkd.service.d/10-debug.conf
|
|
|
|
# contents: |
|
|
|
|
# [Service]
|
|
|
|
# Environment=SYSTEMD_LOG_LEVEL=debug
|
|
|
|
# mode: "0644"
|
|
|
|
|
|
|
|
- path: etc/passwd
|
|
|
|
contents: |
|
|
|
|
root:x:0:0:root:/root:/bin/bash
|
|
|
|
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
|
|
|
|
bin:x:2:2:bin:/bin:/usr/sbin/nologin
|
|
|
|
sys:x:3:3:sys:/dev:/usr/sbin/nologin
|
|
|
|
sync:x:4:65534:sync:/bin:/bin/sync
|
|
|
|
games:x:5:60:games:/usr/games:/usr/sbin/nologin
|
|
|
|
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
|
|
|
|
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
|
|
|
|
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
|
|
|
|
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
|
|
|
|
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
|
|
|
|
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
|
|
|
|
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
|
|
|
|
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
|
|
|
|
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
|
|
|
|
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
|
|
|
|
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
|
|
|
|
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
|
|
|
|
_apt:x:100:65534::/nonexistent:/bin/false
|
|
|
|
messagebus:x:101:102::/var/run/dbus:/bin/false
|
|
|
|
sshd:x:102:65534::/run/sshd:/usr/sbin/nologin
|
|
|
|
systemd-timesync:x:103:105:systemd Time Synchronization,,,:/run/systemd:/bin/false
|
|
|
|
systemd-network:x:104:106:systemd Network Management,,,:/run/systemd/netif:/bin/false
|
|
|
|
systemd-resolve:x:105:107:systemd Resolver,,,:/run/systemd/resolve:/bin/false
|
|
|
|
systemd-bus-proxy:x:106:108:systemd Bus Proxy,,,:/run/systemd:/bin/false
|
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
|
|
|
|
- path: etc/shadow
|
|
|
|
contents: |
|
2019-03-14 05:46:09 +00:00
|
|
|
root:$6$B0qzwsEh$vfWGpIFUrKGrkT0PVtGhhomBwc.60IBIxjMLyG8mz.NJLFRryjqLK9sA/mzxNSaQViiHsYYrsgmcWVHblfdHg1:17968:0:99999:7:::
|
2018-03-05 17:01:34 +00:00
|
|
|
daemon:*:17575:0:99999:7:::
|
|
|
|
bin:*:17575:0:99999:7:::
|
|
|
|
sys:*:17575:0:99999:7:::
|
|
|
|
sync:*:17575:0:99999:7:::
|
|
|
|
games:*:17575:0:99999:7:::
|
|
|
|
man:*:17575:0:99999:7:::
|
|
|
|
lp:*:17575:0:99999:7:::
|
|
|
|
mail:*:17575:0:99999:7:::
|
|
|
|
news:*:17575:0:99999:7:::
|
|
|
|
uucp:*:17575:0:99999:7:::
|
|
|
|
proxy:*:17575:0:99999:7:::
|
|
|
|
www-data:*:17575:0:99999:7:::
|
|
|
|
backup:*:17575:0:99999:7:::
|
|
|
|
list:*:17575:0:99999:7:::
|
|
|
|
irc:*:17575:0:99999:7:::
|
|
|
|
gnats:*:17575:0:99999:7:::
|
|
|
|
nobody:*:17575:0:99999:7:::
|
|
|
|
_apt:*:17575:0:99999:7:::
|
|
|
|
messagebus:*:17594:0:99999:7:::
|
|
|
|
sshd:*:17594:0:99999:7:::
|
|
|
|
systemd-timesync:*:17594:0:99999:7:::
|
|
|
|
systemd-network:*:17594:0:99999:7:::
|
|
|
|
systemd-resolve:*:17594:0:99999:7:::
|
|
|
|
systemd-bus-proxy:*:17594:0:99999:7:::
|
|
|
|
mode: "0640"
|
|
|
|
|
|
|
|
trust:
|
|
|
|
org:
|
|
|
|
- linuxkit
|
|
|
|
- library
|