teach
/
adlin
Archived
0
0
Fork 0
Code Issues 1 Pull Requests 4 Releases Activity
This repository has been archived on 2024-03-03. You can view files and clone it, but cannot push or open issues or pull requests.
adlin/tuto3.yml

360 lines
11 KiB
YAML
Raw Normal View History

Backup tuto3
2019-03-10 18:32:38 +00:00
kernel:
image: linuxkit/kernel:4.14.27
cmdline: "console=tty0"
init:
- linuxkit/init:b212cfeb4bb6330e0a7547d8010fe2e8489b677a
- linuxkit/runc:7c39a68490a12cde830e1922f171c451fb08e731
- linuxkit/containerd:37e397ebfc6bd5d8e18695b121166ffd0cbfd9f0
- linuxkit/ca-certificates:v0.2
- linuxkit/getty:v0.2
onboot:
- name: sysctl
image: linuxkit/sysctl:v0.2
binds:
- /etc/sysctl.d/:/etc/sysctl.d/:ro
# Network: external
- name: dhcpcd
image: linuxkit/dhcpcd:v0.2
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
net: new
runtime:
interfaces:
- name: eth0
bindNS:
net: /run/netns/router
# Network: workstations
- name: net-wks-setup
image: linuxkit/ip:v0.2
command: ["/bin/sh", "-c", "ip a add 192.168.6.254/24 dev ethwks; ip link set ethwks up;" ]
net: /run/netns/router
runtime:
interfaces:
- name: ethwks
add: veth
peer: veth-wks
# Network: servers
- name: net-srv-setup
image: linuxkit/ip:v0.2
command: ["/bin/sh", "-c", "ip a add 172.23.42.1/24 dev ethsrv; ip link set ethsrv up;" ]
net: /run/netns/router
runtime:
interfaces:
- name: ethsrv
add: veth
peer: veth-srv
- name: net-srvns-setup
image: linuxkit/ip:v0.2
command: ["/bin/sh", "-c", "ip a add 172.23.42.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.42.1;" ]
net: new
runtime:
interfaces:
- name: vethin-ns
add: veth
peer: veth-ns
bindNS:
net: /run/netns/ns
# - name: net-srvmail-setup
# image: linuxkit/ip:v0.2
# command: ["/bin/sh", "-c", "ip a add 172.23.42.3/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.42.1;" ]
# net: new
# runtime:
# interfaces:
# - name: vethin-mail
# add: veth
# peer: veth-mail
# bindNS:
# net: /run/netns/mail
- name: net-srvdb-setup
image: linuxkit/ip:v0.2
command: ["/bin/sh", "-c", "ip a add 172.23.42.4/24 dev vethin-db; ip link set vethin-db up; ip route add default via 172.23.42.1;" ]
net: new
runtime:
interfaces:
- name: vethin-db
add: veth
peer: veth-db
bindNS:
net: /run/netns/db
- name: net-srvchat-setup
image: linuxkit/ip:v0.2
command: ["/bin/sh", "-c", "ip a add 172.23.42.5/24 dev vethin-chat; ip link set vethin-chat up; ip route add default via 172.23.42.1;" ]
net: new
runtime:
interfaces:
- name: vethin-chat
add: veth
peer: veth-chat
bindNS:
net: /run/netns/chat
- name: net-srvttrss-setup
image: linuxkit/ip:v0.2
command: ["/bin/sh", "-c", "ip a add 172.23.42.6/24 dev vethin-ttrss; ip link set vethin-ttrss up; ip route add default via 172.23.42.1;" ]
net: new
runtime:
interfaces:
- name: vethin-ttrss
add: veth
peer: veth-ttrss
bindNS:
net: /run/netns/ttrss
# Network: bridges
- name: bridges-setup
image: linuxkit/ip:v0.2
command: ["/bin/sh", "-c", "ip link set veth-srv master brsrv; ip link set veth-ns master brsrv; ip link set veth-mail master brsrv; ip link set veth-db master brsrv; ip link set veth-chat master brsrv; ip link set veth-ttrss master brsrv; ip link set veth-srv up; ip link set veth-ns up; ip link set veth-mail up; ip link set veth-db up; ip link set veth-chat up; ip link set veth-ttrss up; ip link set brsrv up; ip link set veth-wks master brwks; ip link set veth-wks1 master brwks; ip link set veth-wks2 master brwks; ip link set veth-wks up; ip link set veth-wks1 up; ip link set veth-wks2 up; ip link set brwks up;" ]
runtime:
interfaces:
- name: brsrv
add: bridge
- name: brwks
add: bridge
services:
- name: dhcpcd-wks1
image: linuxkit/dhcpcd:v0.2
net: new
runtime:
interfaces:
- name: eth1
- name: ethwks1
add: veth
peer: veth-wks1
bindNS:
net: /run/netns/wks1
- name: dhcpcd-wks2
image: linuxkit/dhcpcd:v0.2
net: new
runtime:
interfaces:
- name: ethwks2
add: veth
peer: veth-wks2
bindNS:
net: /run/netns/wks2
- name: sshd-wks1
image: linuxkit/sshd:v0.2
net: /run/netns/wks1
binds:
- /etc/dpasswd:/etc/passwd
- /etc/dshadow:/etc/shadow
- name: sshd-wks2
image: linuxkit/sshd:v0.2
net: /run/netns/wks2
binds:
- /etc/dpasswd:/etc/passwd
- /etc/dshadow:/etc/shadow
- name: router
image: nemunaire/adlin-tuto3:0fa628c796ff914e9a0f160c27a79a30092868e3-dirty
net: /run/netns/router
command: ["/bin/sh", "-c", "mkdir -p /run/sshd && exec /usr/sbin/sshd -D"]
capabilities:
- all
binds:
- /etc/dresolv.conf:/etc/resolv.conf
- /etc/dpasswd:/etc/passwd
- /etc/dshadow:/etc/shadow
- name: ns
image: nemunaire/unbound:528445043685979b1b479c6c44d68de36bc872ad
net: /run/netns/ns
capabilities:
- all
binds:
- /etc/unbound:/etc/unbound:ro
- name: db
image: postgres:alpine
net: /run/netns/db
capabilities:
- all
command: ["/docker-entrypoint.sh", "postgres"]
env:
- LANG=en_US.utf8
- PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/"
- PGDATA=/var/lib/postgresql/data
- POSTGRES_PASSWORD=adlin2019
binds:
- /initdb/init-ttrss.sh:/docker-entrypoint-initdb.d/init-ttrss.sh:ro
- /initdb/init-mattermost.sh:/docker-entrypoint-initdb.d/init-mattermost.sh:ro
- name: chat
image: nemunaire/mattermost:ecb81e668c64d07b4453f9b465a6998fc6ceb067-dirty
net: /run/netns/chat
capabilities:
- all
command: ["/entrypoint.sh", "/mattermost/bin/platform"]
env:
- MM_USERNAME=mattermost
- MM_DBNAME=mattermost
- MM_PASSWORD=adlin2019
binds:
- /etc/hosts:/etc/hosts:ro
- name: ttrss
image: nemunaire/ttrss:89149d186daf3ebf752a764807dee3180f46b93d-dirty
net: /run/netns/ttrss
capabilities:
- all
command: ["/usr/bin/ttrss_entrypoint.sh", "/sbin/start_ttrss"]
env:
- TTRSS_PORT=80
- TTRSS_DB_TYPE=pgsql
- TTRSS_DB_HOST=db
- TTRSS_DB_PORT=5432
- TTRSS_DB_NAME=ttrss
- TTRSS_DB_USER=ttrss
- TTRSS_DB_PASS=adlin2019
- TTRSS_SELF_URL_PATH=http://localhost/
binds:
- /etc/hosts:/etc/hosts:ro
files:
- path: etc/hosts
contents: |
127.0.0.1 localhost
::1 localhost
172.23.42.4 db
mode: "0444"
- path: /initdb/init-ttrss.sh
contents: |
#!/bin/sh
set -e
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE USER ttrss WITH PASSWORD 'adlin2019';
CREATE DATABASE ttrss;
GRANT ALL PRIVILEGES ON DATABASE ttrss TO ttrss;
EOSQL
mode: "0555"
- path: /initdb/init-mattermost.sh
contents: |
#!/bin/sh
set -e
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE USER mattermost WITH PASSWORD 'adlin2019';
CREATE DATABASE mattermost;
GRANT ALL PRIVILEGES ON DATABASE mattermost TO mattermost;
EOSQL
mode: "0555"
- path: /etc/init.d/500-showip.sh
contents: |
#!/bin/sh
nsenter -n/run/netns/router ip a show dev eth0
nsenter -n/run/netns/wks1 ip a show dev eth1
exit 0
mode: "0555"
- path: /etc/init.d/999-getty.sh
contents: |
#!/bin/sh
while true
do
/usr/bin/setsid /usr/bin/nsenter -t $(echo $(ps a | grep sshd | head -1) | cut -d ' ' -f 1) -m -u -i -n -p -- /sbin/agetty -l /sbin/login 38400 tty1 linux
sleep 1
done &
mode: "0555"
- path: etc/unbound/unbound.conf
contents: |
server:
verbosity: 1
interface: 0.0.0.0
interface: ::0
prefer-ip6: no
access-control: 172.23.0.0/16 allow
access-control: 192.168.0.0/16 allow
log-queries: yes
log-replies: yes
use-syslog: no
hide-identity: yes
hide-version: yes
qname-minimisation: yes
domain-insecure: "."
val-permissive-mode: yes
trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key"
local-zone: "adlin.nemunai.re" typetransparent
local-data: "news.adlin.nemunai.re A 172.23.42.1"
local-data: "im.adlin.nemunai.re A 172.23.42.1"
remote-control:
control-enable: no
forward-zone:
name: "."
forward-addr: 9.9.9.9
mode: "0440"
- path: etc/dpasswd
contents: |
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/bin/false
messagebus:x:101:102::/var/run/dbus:/bin/false
sshd:x:102:65534::/run/sshd:/usr/sbin/nologin
systemd-timesync:x:103:105:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:104:106:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:105:107:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:106:108:systemd Bus Proxy,,,:/run/systemd:/bin/false
mode: "0644"
- path: etc/dshadow
contents: |
root:$6$fCh6fLfB$wTiBuIJB2/QLl37VlJ16MsqGmfSDct8ALRpY8kemFC2T4N4eZgdlTnEqTuYn5i4FMc5GoDBx1nfENHQqm0Zgm.:17594:0:99999:7:::
daemon:*:17575:0:99999:7:::
bin:*:17575:0:99999:7:::
sys:*:17575:0:99999:7:::
sync:*:17575:0:99999:7:::
games:*:17575:0:99999:7:::
man:*:17575:0:99999:7:::
lp:*:17575:0:99999:7:::
mail:*:17575:0:99999:7:::
news:*:17575:0:99999:7:::
uucp:*:17575:0:99999:7:::
proxy:*:17575:0:99999:7:::
www-data:*:17575:0:99999:7:::
backup:*:17575:0:99999:7:::
list:*:17575:0:99999:7:::
irc:*:17575:0:99999:7:::
gnats:*:17575:0:99999:7:::
nobody:*:17575:0:99999:7:::
_apt:*:17575:0:99999:7:::
messagebus:*:17594:0:99999:7:::
sshd:*:17594:0:99999:7:::
systemd-timesync:*:17594:0:99999:7:::
systemd-network:*:17594:0:99999:7:::
systemd-resolve:*:17594:0:99999:7:::
systemd-bus-proxy:*:17594:0:99999:7:::
mode: "0640"
- path: etc/dresolv.conf
contents: |
nameserver 172.23.42.2
mode: "0644"
trust:
org:
- linuxkit
- library