2018-02-20 09:32:15 +00:00
|
|
|
kernel:
|
2020-02-24 09:04:28 +00:00
|
|
|
image: linuxkit/kernel:5.4.19
|
2019-03-04 08:00:22 +00:00
|
|
|
# cmdline: "console=tty0 console=ttyS0"
|
2020-02-24 09:04:28 +00:00
|
|
|
cmdline: "console=tty0 adlin.network=alt"
|
2018-02-20 09:32:15 +00:00
|
|
|
|
|
|
|
init:
|
2020-02-24 09:04:28 +00:00
|
|
|
- linuxkit/init:a4fcf333298f644dfac6adf680b83140927aa85e
|
|
|
|
- linuxkit/runc:69b4a35eaa22eba4990ee52cccc8f48f6c08ed03
|
|
|
|
- linuxkit/containerd:09553963ed9da626c25cf8acdf6d62ec37645412
|
|
|
|
- linuxkit/ca-certificates:v0.7
|
|
|
|
# - linuxkit/firmware:v0.7
|
|
|
|
- linuxkit/getty:v0.7
|
|
|
|
- nemunaire/monit:f57bcdfc02e2523c714d657a4abda61d191aa15c
|
2019-03-04 08:00:22 +00:00
|
|
|
# - nemunaire/iscsi-target:8872d1c5e0cefe3c36b60e873b8452aefb19d84d
|
2018-02-20 09:32:15 +00:00
|
|
|
|
|
|
|
onboot:
|
|
|
|
- name: sysctl
|
2020-02-24 09:04:28 +00:00
|
|
|
image: linuxkit/sysctl:v0.7
|
2018-02-20 09:32:15 +00:00
|
|
|
binds:
|
|
|
|
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
|
|
|
|
2019-02-26 16:44:01 +00:00
|
|
|
# Mount first drive to enable some persistance
|
2019-02-24 19:32:24 +00:00
|
|
|
- name: mount
|
2020-02-24 09:04:28 +00:00
|
|
|
image: linuxkit/mount:v0.7
|
2019-02-24 19:32:24 +00:00
|
|
|
command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ]
|
|
|
|
|
2019-02-26 16:44:01 +00:00
|
|
|
# Network: interface for login-validator
|
2018-03-05 16:39:56 +00:00
|
|
|
- name: login-iface-setup
|
2020-02-24 09:04:28 +00:00
|
|
|
image: linuxkit/ip:v0.7
|
2018-03-05 16:39:56 +00:00
|
|
|
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
|
2018-02-20 09:32:15 +00:00
|
|
|
net: new
|
|
|
|
runtime:
|
|
|
|
interfaces:
|
2018-03-05 16:39:56 +00:00
|
|
|
- name: vethin-login
|
2018-02-20 09:32:15 +00:00
|
|
|
add: veth
|
2018-03-05 16:39:56 +00:00
|
|
|
peer: veth-login
|
2018-02-20 09:32:15 +00:00
|
|
|
bindNS:
|
2018-03-05 16:39:56 +00:00
|
|
|
net: /run/netns/login
|
2019-02-26 16:44:01 +00:00
|
|
|
|
|
|
|
# Network: DMZ ####################################################
|
|
|
|
|
|
|
|
# token-validator
|
2018-03-05 16:39:56 +00:00
|
|
|
- name: validator-iface-setup
|
2020-02-24 09:04:28 +00:00
|
|
|
image: linuxkit/ip:v0.7
|
2018-03-05 16:39:56 +00:00
|
|
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
|
2018-02-20 09:32:15 +00:00
|
|
|
net: new
|
|
|
|
runtime:
|
|
|
|
interfaces:
|
2018-03-05 16:39:56 +00:00
|
|
|
- name: vethin-vldtr
|
2018-02-20 09:32:15 +00:00
|
|
|
add: veth
|
2018-03-05 16:39:56 +00:00
|
|
|
peer: veth-validator
|
2018-02-20 09:32:15 +00:00
|
|
|
bindNS:
|
2018-03-05 16:39:56 +00:00
|
|
|
net: /run/netns/dmz-validator
|
2019-02-26 16:44:01 +00:00
|
|
|
|
|
|
|
# domain name
|
2018-03-05 16:39:56 +00:00
|
|
|
- name: ns-iface-setup
|
2020-02-24 09:04:28 +00:00
|
|
|
image: linuxkit/ip:v0.7
|
2018-03-05 16:39:56 +00:00
|
|
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
|
2018-02-20 09:32:15 +00:00
|
|
|
net: new
|
|
|
|
runtime:
|
|
|
|
interfaces:
|
2018-03-05 16:39:56 +00:00
|
|
|
- name: vethin-ns
|
2018-02-20 09:32:15 +00:00
|
|
|
add: veth
|
2018-03-05 16:39:56 +00:00
|
|
|
peer: veth-ns
|
2018-02-20 09:32:15 +00:00
|
|
|
bindNS:
|
2018-03-05 16:39:56 +00:00
|
|
|
net: /run/netns/dmz-ns
|
2019-02-26 16:44:01 +00:00
|
|
|
|
|
|
|
# time server
|
2018-03-05 16:39:56 +00:00
|
|
|
- name: time-iface-setup
|
2020-02-24 09:04:28 +00:00
|
|
|
image: linuxkit/ip:v0.7
|
2018-03-05 16:39:56 +00:00
|
|
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
|
2018-02-20 09:32:15 +00:00
|
|
|
net: new
|
|
|
|
runtime:
|
|
|
|
interfaces:
|
2018-03-05 16:39:56 +00:00
|
|
|
- name: vethin-time
|
2018-02-20 09:32:15 +00:00
|
|
|
add: veth
|
2018-03-05 16:39:56 +00:00
|
|
|
peer: veth-time
|
2018-02-20 09:32:15 +00:00
|
|
|
bindNS:
|
2018-03-05 16:39:56 +00:00
|
|
|
net: /run/netns/dmz-time
|
2019-02-26 16:44:01 +00:00
|
|
|
|
2020-02-24 09:04:28 +00:00
|
|
|
# mail server
|
2019-03-04 08:00:22 +00:00
|
|
|
- name: mail-iface-setup
|
2020-02-24 09:04:28 +00:00
|
|
|
image: linuxkit/ip:v0.7
|
2019-03-04 08:00:22 +00:00
|
|
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
|
|
|
|
net: new
|
|
|
|
runtime:
|
|
|
|
interfaces:
|
|
|
|
- name: vethin-mail
|
|
|
|
add: veth
|
|
|
|
peer: veth-mail
|
|
|
|
bindNS:
|
|
|
|
net: /run/netns/dmz-mail
|
2019-02-26 16:44:01 +00:00
|
|
|
|
2020-02-24 09:05:27 +00:00
|
|
|
# Network: exposed ################################################
|
2018-02-20 09:32:15 +00:00
|
|
|
|
2020-02-24 09:05:27 +00:00
|
|
|
# See etc/init.d/011-adlin instead
|
2018-02-20 09:32:15 +00:00
|
|
|
|
|
|
|
services:
|
|
|
|
- name: rngd
|
2020-02-24 09:04:28 +00:00
|
|
|
image: linuxkit/rngd:v0.7
|
2019-02-24 04:18:29 +00:00
|
|
|
- name: sshd
|
2020-02-24 09:04:28 +00:00
|
|
|
image: linuxkit/sshd:v0.7
|
2018-02-20 09:32:15 +00:00
|
|
|
|
2018-03-05 16:39:56 +00:00
|
|
|
- name: dhcpd
|
|
|
|
image: joebiellik/dhcpd
|
|
|
|
capabilities:
|
|
|
|
- CAP_NET_BIND_SERVICE
|
|
|
|
- CAP_NET_RAW
|
|
|
|
- CAP_CHOWN
|
|
|
|
- CAP_SETUID
|
|
|
|
- CAP_SETGID
|
|
|
|
binds:
|
|
|
|
- /etc/dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf:ro
|
2019-02-24 19:32:24 +00:00
|
|
|
- /var/lib/adlin/dhcp:/var/lib/dhcp/
|
2019-03-04 08:00:22 +00:00
|
|
|
runtime:
|
|
|
|
mkdir:
|
|
|
|
- /var/lib/adlin/dhcp
|
2018-02-20 09:32:15 +00:00
|
|
|
|
|
|
|
- name: tftpd
|
2020-02-24 09:19:07 +00:00
|
|
|
image: nemunaire/tftpd:b0d2e1de2660e81c329ecb49966c32aab8982f11
|
2018-03-05 16:39:56 +00:00
|
|
|
capabilities:
|
|
|
|
- all
|
2018-02-20 09:32:15 +00:00
|
|
|
binds:
|
|
|
|
- /srv/tftp:/srv/tftp:ro
|
2019-02-24 18:54:08 +00:00
|
|
|
- /var/lib/adlin/pxelinux.cfg:/srv/tftp/bios/pxelinux.cfg
|
2019-03-04 08:00:22 +00:00
|
|
|
- /var/lib/adlin/pxelinux.cfg:/srv/tftp/pxelinux.cfg
|
2018-02-20 09:32:15 +00:00
|
|
|
|
2018-03-05 16:39:56 +00:00
|
|
|
- name: login-validator
|
2020-02-20 23:18:56 +00:00
|
|
|
image: nemunaire/adlin-login-validator:87f1cf05e8037b934d293a48704bd3f8ee678d41
|
|
|
|
# command: ["/bin/login-validator", "-bind=:8081", "-auth=ldap", "-ldaphost=auth.cri.epita.net", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"]
|
2020-02-21 00:05:53 +00:00
|
|
|
command: ["/bin/login-validator", "-bind=:8081", "-auth=fwd", "-fwduri=https://adlin.nemunai.re/auth"]
|
|
|
|
# command: ["/bin/login-validator", "-bind=:8081", "-auth=none"]
|
2018-03-05 16:39:56 +00:00
|
|
|
net: /run/netns/login
|
|
|
|
binds:
|
|
|
|
- /etc/resolv.conf:/etc/resolv.conf:ro
|
2019-02-24 18:54:08 +00:00
|
|
|
- /var/lib/adlin/students.csv:/students.csv:ro
|
|
|
|
- /var/lib/adlin/pxelinux.cfg:/var/tftp/pxelinux.cfg
|
2018-03-05 16:39:56 +00:00
|
|
|
- /etc/ssl/certs:/etc/ssl/certs:ro
|
|
|
|
- /usr/share/ca-certificates:/usr/share/ca-certificates:ro
|
|
|
|
- name: nginx-login
|
|
|
|
image: nginx:stable-alpine
|
2018-02-20 09:32:15 +00:00
|
|
|
capabilities:
|
|
|
|
- CAP_NET_BIND_SERVICE
|
|
|
|
- CAP_CHOWN
|
|
|
|
- CAP_SETUID
|
|
|
|
- CAP_SETGID
|
|
|
|
- CAP_DAC_OVERRIDE
|
2018-03-05 16:39:56 +00:00
|
|
|
net: /run/netns/login
|
2018-02-20 09:32:15 +00:00
|
|
|
binds:
|
|
|
|
- /etc/resolv.conf:/etc/resolv.conf:ro
|
2018-03-05 16:39:56 +00:00
|
|
|
- /etc/nginx/nginx-login.conf:/etc/nginx/nginx.conf:ro
|
|
|
|
- /etc/nginx/ssl/:/etc/nginx/ssl/:ro
|
2018-02-20 09:32:15 +00:00
|
|
|
|
2018-03-05 16:39:56 +00:00
|
|
|
- name: nginx-gw
|
|
|
|
image: nginx:stable-alpine
|
|
|
|
capabilities:
|
|
|
|
- CAP_NET_BIND_SERVICE
|
|
|
|
- CAP_CHOWN
|
|
|
|
- CAP_SETUID
|
|
|
|
- CAP_SETGID
|
|
|
|
- CAP_DAC_OVERRIDE
|
2018-02-20 09:32:15 +00:00
|
|
|
binds:
|
2018-03-05 16:39:56 +00:00
|
|
|
- /etc/resolv.conf:/etc/resolv.conf:ro
|
|
|
|
- /etc/nginx/nginx-gw.conf:/etc/nginx/nginx.conf:ro
|
|
|
|
- /etc/nginx/ssl/:/etc/nginx/ssl/:ro
|
|
|
|
- /etc/ssl/certs:/etc/ssl/certs:ro
|
|
|
|
- /usr/share/ca-certificates:/usr/share/ca-certificates:ro
|
|
|
|
|
|
|
|
- name: nginx-dmz
|
|
|
|
image: nginx:stable-alpine
|
|
|
|
capabilities:
|
|
|
|
- CAP_NET_BIND_SERVICE
|
|
|
|
- CAP_CHOWN
|
|
|
|
- CAP_SETUID
|
|
|
|
- CAP_SETGID
|
|
|
|
- CAP_DAC_OVERRIDE
|
|
|
|
net: /run/netns/dmz-validator
|
|
|
|
binds:
|
|
|
|
- /etc/resolv.conf:/etc/resolv.conf:ro
|
|
|
|
- /etc/nginx/nginx-dmz.conf:/etc/nginx/nginx.conf:ro
|
|
|
|
- /etc/nginx/ssl/:/etc/nginx/ssl/:ro
|
|
|
|
- /etc/ssl/certs:/etc/ssl/certs:ro
|
|
|
|
- /usr/share/ca-certificates:/usr/share/ca-certificates:ro
|
2018-02-20 09:32:15 +00:00
|
|
|
|
2020-02-24 09:07:39 +00:00
|
|
|
- name: wg
|
2020-02-24 09:22:49 +00:00
|
|
|
image: nemunaire/wg-manager:a2c7f6c737d968ba8ef79c9b95ce29d707036d28
|
2020-02-24 09:07:39 +00:00
|
|
|
command: ["/bin/wg-manager", "-bind=172.17.0.15:81" ]
|
|
|
|
capabilities:
|
|
|
|
- all
|
|
|
|
|
2018-02-20 09:32:15 +00:00
|
|
|
- name: ns
|
2020-02-24 09:04:28 +00:00
|
|
|
image: nemunaire/unbound:ed3ccbb5340aefd48c53a97743fdc6edc7011103-amd64
|
2018-03-05 16:39:56 +00:00
|
|
|
net: /run/netns/dmz-ns
|
|
|
|
capabilities:
|
|
|
|
- all
|
2018-02-20 09:32:15 +00:00
|
|
|
binds:
|
|
|
|
- /etc/unbound:/etc/unbound:ro
|
|
|
|
|
|
|
|
- name: time
|
2020-02-24 09:04:28 +00:00
|
|
|
image: linuxkit/openntpd:v0.7
|
2018-03-05 16:39:56 +00:00
|
|
|
net: /run/netns/dmz-time
|
|
|
|
capabilities:
|
|
|
|
- CAP_NET_BIND_SERVICE
|
|
|
|
- CAP_SYS_TIME
|
|
|
|
- CAP_SYS_CHROOT
|
|
|
|
- CAP_SYS_NICE
|
|
|
|
- CAP_SETUID
|
|
|
|
- CAP_SETGID
|
2018-02-20 09:32:15 +00:00
|
|
|
binds:
|
2018-03-05 16:39:56 +00:00
|
|
|
- /etc/resolv.conf:/etc/resolv.conf:ro
|
2018-02-20 09:32:15 +00:00
|
|
|
- /etc/ntpd.conf:/etc/ntpd.conf:ro
|
|
|
|
|
2019-03-04 08:00:22 +00:00
|
|
|
- name: postfix
|
2020-02-24 09:06:53 +00:00
|
|
|
image: nemunaire/postfix:34430347e3a1221fd743774dc566420f748f3839
|
2019-03-04 08:00:22 +00:00
|
|
|
net: /run/netns/dmz-mail
|
|
|
|
capabilities:
|
|
|
|
- CAP_CHOWN
|
|
|
|
- CAP_SYS_CHROOT
|
|
|
|
- CAP_DAC_OVERRIDE
|
|
|
|
- CAP_FOWNER
|
|
|
|
- CAP_NET_BIND_SERVICE
|
|
|
|
- CAP_SETGID
|
|
|
|
- CAP_SETUID
|
|
|
|
env:
|
|
|
|
- POSTFIX_myhostname=adlin.nemunai.re
|
2020-02-24 09:06:53 +00:00
|
|
|
- POSTFIX_mydestination=""
|
|
|
|
- POSTFIX_local_transport="error:local mail delivery is disabled"
|
|
|
|
- POSTFIX_mynetworks=172.23.200.0/24
|
|
|
|
- POSTFIX_relay_domains=nemunai.re
|
2019-03-04 08:00:22 +00:00
|
|
|
- POSTFIX_smtp_tls_security_level=may
|
|
|
|
- POSTFIX_smtpd_tls_security_level=none
|
2020-02-24 09:06:53 +00:00
|
|
|
- POSTFIX_maillog_file=/dev/stdout
|
|
|
|
- POSTFIX_transport_maps=texthash:/etc/postfix/transport
|
2019-03-04 08:00:22 +00:00
|
|
|
binds:
|
|
|
|
- /etc/resolv.conf:/etc/resolv.conf:ro
|
|
|
|
- /var/lib/adlin/postfix/mail:/var/mail
|
|
|
|
- /var/lib/adlin/postfix/lib:/var/lib/postfix
|
|
|
|
- /var/lib/adlin/postfix/spool:/var/spool/postfix
|
2020-02-24 09:06:53 +00:00
|
|
|
- /etc/postfix/transport:/etc/postfix/transport
|
2019-03-04 08:00:22 +00:00
|
|
|
runtime:
|
|
|
|
mkdir:
|
|
|
|
- /var/lib/adlin/postfix
|
|
|
|
- /var/lib/adlin/postfix/mail
|
|
|
|
- /var/lib/adlin/postfix/lib
|
|
|
|
- /var/lib/adlin/postfix/spool
|
2018-03-05 16:39:56 +00:00
|
|
|
|
2018-02-20 09:32:15 +00:00
|
|
|
files:
|
2018-03-05 16:39:56 +00:00
|
|
|
- path: etc/init.d/011-copy-to-var
|
|
|
|
contents: |
|
|
|
|
#!/bin/sh
|
2019-03-04 08:00:22 +00:00
|
|
|
cp -r /srv/tftp/pxelinux.cfg /var/lib/adlin/
|
|
|
|
touch /var/lib/adlin/dhcp/dhcpd.leases
|
|
|
|
|
|
|
|
mkdir -p /var/spool/cron/crontabs
|
|
|
|
cat <<EOF > /var/spool/cron/crontabs/root
|
|
|
|
* * * * * SECRET_KEY=felixfixit /usr/sbin/ping-checker
|
|
|
|
EOF
|
|
|
|
|
|
|
|
/usr/sbin/crond
|
2018-03-05 16:39:56 +00:00
|
|
|
mode: "0755"
|
|
|
|
|
|
|
|
- path: etc/init.d/021-nameserver
|
|
|
|
contents: |
|
|
|
|
#!/bin/sh
|
|
|
|
echo nameserver 172.23.200.2 > /etc/resolv.conf
|
|
|
|
mode: "0755"
|
|
|
|
|
2020-02-24 09:05:27 +00:00
|
|
|
- path: etc/init.d/011-adlin-net
|
|
|
|
contents: |
|
|
|
|
#!/bin/sh
|
|
|
|
ip l add br-int type bridge
|
|
|
|
ip a add 172.23.200.254/24 dev br-int;
|
|
|
|
ip link set veth-validator master br-int;
|
|
|
|
ip link set veth-ns master br-int;
|
|
|
|
ip link set veth-time master br-int;
|
|
|
|
ip link set veth-mail master br-int;
|
|
|
|
ip link set br-int up;
|
|
|
|
ip link set veth-validator up;
|
|
|
|
ip link set veth-ns up;
|
|
|
|
ip link set veth-time up;
|
|
|
|
ip link set veth-mail up;
|
|
|
|
|
|
|
|
ip l add br-ext type bridge
|
|
|
|
ip a add 172.23.255.1/24 dev br-ext;
|
|
|
|
ip a add 172.17.0.15/16 dev br-ext;
|
|
|
|
ip a add 10.224.32.252/24 dev br-ext;
|
|
|
|
ip a add 172.23.0.1/17 dev br-ext;
|
|
|
|
ip link set eth0 master br-ext;
|
|
|
|
ip link set veth-login master br-ext;
|
|
|
|
ip link set br-ext up;
|
|
|
|
ip link set veth-login up;
|
|
|
|
ip link set eth0 up;
|
|
|
|
grep adlin.network=alt /proc/cmdline > /dev/null &&
|
|
|
|
ip route add default via 10.224.32.254 ||
|
|
|
|
ip route add default via 10.224.32.1
|
|
|
|
|
|
|
|
wg-quick up wg0
|
|
|
|
|
|
|
|
/sbin/iptables-restore < /etc/iptables/rules.v4;
|
|
|
|
mode: "0755"
|
2018-03-05 16:39:56 +00:00
|
|
|
|
|
|
|
- path: etc/sysctl.d/99-ipfwd.conf
|
|
|
|
contents: |
|
|
|
|
net.ipv4.ip_forward = 1
|
|
|
|
net.ipv6.conf.all.disable_ipv6 = 1
|
|
|
|
mode: "0644"
|
|
|
|
- path: etc/sysctl.d/00-linuxkit.conf
|
|
|
|
contents: |
|
|
|
|
# from Alpine defaults
|
|
|
|
net.ipv4.tcp_syncookies = 1
|
|
|
|
net.ipv4.conf.default.rp_filter = 1
|
|
|
|
net.ipv4.conf.all.rp_filter = 1
|
|
|
|
net.ipv4.ping_group_range=999 59999
|
|
|
|
# general limits
|
|
|
|
vm.max_map_count = 262144
|
|
|
|
vm.overcommit_memory = 1
|
|
|
|
net.core.somaxconn = 1024
|
|
|
|
net.ipv4.neigh.default.gc_thresh1 = 80000
|
|
|
|
net.ipv4.neigh.default.gc_thresh2 = 90000
|
|
|
|
net.ipv4.neigh.default.gc_thresh3 = 100000
|
|
|
|
fs.aio-max-nr = 1048576
|
|
|
|
fs.inotify.max_user_watches = 524288
|
|
|
|
fs.file-max = 524288
|
|
|
|
# for rngd
|
|
|
|
kernel.random.write_wakeup_threshold = 3072
|
|
|
|
# security restrictions
|
|
|
|
kernel.kptr_restrict = 2
|
|
|
|
net.ipv4.conf.all.send_redirects = 0
|
|
|
|
net.ipv4.conf.default.accept_redirects = 0
|
|
|
|
net.ipv4.conf.default.accept_source_route = 0
|
|
|
|
net.ipv6.conf.all.accept_redirects = 0
|
|
|
|
net.ipv6.conf.default.accept_redirects = 0
|
|
|
|
kernel.dmesg_restrict = 1
|
|
|
|
kernel.perf_event_paranoid = 3
|
|
|
|
fs.protected_hardlinks = 1
|
|
|
|
fs.protected_symlinks = 1
|
|
|
|
# Prevent ebpf privilege escalation
|
|
|
|
# see: https://lwn.net/Articles/742170
|
|
|
|
kernel.unprivileged_bpf_disabled=1
|
|
|
|
mode: "0644"
|
|
|
|
|
2018-02-20 09:32:15 +00:00
|
|
|
- path: root/.ssh/authorized_keys
|
|
|
|
source: ~/.ssh/id_ed25519.pub
|
|
|
|
mode: "0400"
|
|
|
|
|
2018-03-05 16:39:56 +00:00
|
|
|
- path: etc/iptables/rules.v4
|
2018-02-20 09:32:15 +00:00
|
|
|
contents: |
|
2018-03-05 16:39:56 +00:00
|
|
|
*nat
|
|
|
|
:PREROUTING ACCEPT [0:0]
|
|
|
|
:INPUT ACCEPT [0:0]
|
|
|
|
:OUTPUT ACCEPT [0:0]
|
|
|
|
:POSTROUTING ACCEPT [0:0]
|
|
|
|
[0:0] -A POSTROUTING -o br-ext ! -d 172.23.0.0/16 -j MASQUERADE
|
2018-02-20 09:32:15 +00:00
|
|
|
COMMIT
|
|
|
|
*filter
|
|
|
|
:INPUT DROP [0:0]
|
|
|
|
:FORWARD ACCEPT [0:0]
|
2018-03-05 16:39:56 +00:00
|
|
|
:OUTPUT ACCEPT [0:0]
|
2018-02-20 09:32:15 +00:00
|
|
|
[0:0] -A INPUT -i lo -j ACCEPT
|
|
|
|
[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
|
|
|
|
[0:0] -A INPUT -p icmp -j ACCEPT
|
|
|
|
[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
2020-02-24 09:05:27 +00:00
|
|
|
[0:0] -A INPUT -i br-ext -p tcp --dport 22 -j ACCEPT
|
2018-03-05 16:39:56 +00:00
|
|
|
[0:0] -A INPUT -i br-ext -p udp --sport 68 --dport 67 -j ACCEPT
|
|
|
|
[0:0] -A INPUT -i br-ext -p udp --dport 69 -j ACCEPT
|
|
|
|
[0:0] -A INPUT -i br-ext -p tcp --dport 80 -j ACCEPT
|
2020-02-24 09:05:27 +00:00
|
|
|
[0:0] -A INPUT -i br-ext -p tcp -s 172.17.0.0/16 -d 172.17.0.15 --dport 81 -j ACCEPT
|
|
|
|
[0:0] -A INPUT -i br-ext -p udp -s 172.17.0.0/16 -d 172.17.0.15 --dport 12912 -j ACCEPT
|
2019-03-04 08:00:22 +00:00
|
|
|
[0:0] -A INPUT -p udp --sport 7000 -j DROP
|
|
|
|
[0:0] -A INPUT -p udp --dport 7000 -j DROP
|
2018-02-20 09:32:15 +00:00
|
|
|
[0:0] -A INPUT -j LOG
|
2020-02-24 09:05:27 +00:00
|
|
|
[0:0] -A FORWARD -i wg0 -o br-ext -j ACCEPT
|
|
|
|
[0:0] -A FORWARD -o wg0 -i br-ext -j ACCEPT
|
2018-03-05 16:39:56 +00:00
|
|
|
[0:0] -A FORWARD -i br-int -j ACCEPT
|
|
|
|
[0:0] -A FORWARD -o br-int -j ACCEPT
|
|
|
|
[0:0] -A FORWARD -i br-ext -d 172.23.200.0/24 -j ACCEPT
|
|
|
|
[0:0] -A FORWARD -i br-ext -d 172.23.255.0/24 -j ACCEPT
|
|
|
|
[0:0] -A FORWARD -o br-ext -d 172.23.200.0/24 -j ACCEPT
|
|
|
|
[0:0] -A FORWARD -o br-ext -d 172.23.255.0/24 -j ACCEPT
|
|
|
|
[0:0] -A FORWARD -i br-ext -o br-ext -s 172.23.255.2/24 -j ACCEPT
|
|
|
|
[0:0] -A FORWARD -i br-ext -p udp --sport 68 --dport 67 -j DROP
|
2018-02-20 09:32:15 +00:00
|
|
|
[0:0] -A FORWARD -j LOG
|
|
|
|
COMMIT
|
|
|
|
mode: "0440"
|
|
|
|
|
|
|
|
- path: etc/unbound/unbound.conf
|
|
|
|
contents: |
|
|
|
|
server:
|
|
|
|
verbosity: 1
|
|
|
|
interface: 0.0.0.0
|
|
|
|
interface: ::0
|
|
|
|
prefer-ip6: no
|
|
|
|
access-control: 172.23.0.0/16 allow
|
|
|
|
log-queries: yes
|
|
|
|
log-replies: yes
|
2018-03-05 16:39:56 +00:00
|
|
|
use-syslog: no
|
2018-02-20 09:32:15 +00:00
|
|
|
hide-identity: yes
|
|
|
|
hide-version: yes
|
|
|
|
qname-minimisation: yes
|
|
|
|
domain-insecure: "."
|
|
|
|
val-permissive-mode: yes
|
|
|
|
trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key"
|
2018-03-05 16:39:56 +00:00
|
|
|
local-zone: "adlin.nemunai.re" typetransparent
|
2020-02-24 09:20:23 +00:00
|
|
|
local-data: "adlin.nemunai.re TXT 8dde678132d6c558fc6adaeb9f1d53bf6ec7b876308cf98c48604caa9138523c1ce58b672c87c7e7d9b7248b81804d3940dbf20bf263eeb683244f7c1143712d"
|
2018-03-05 16:39:56 +00:00
|
|
|
local-data: "auth.adlin.nemunai.re A 172.23.255.2"
|
2020-02-24 09:07:39 +00:00
|
|
|
local-data: "wg.adlin.nemunai.re A 172.17.0.15"
|
2018-02-20 09:32:15 +00:00
|
|
|
remote-control:
|
|
|
|
control-enable: no
|
|
|
|
forward-zone:
|
|
|
|
name: "."
|
2018-03-05 16:39:56 +00:00
|
|
|
forward-addr: 8.8.8.8
|
|
|
|
mode: "0440"
|
|
|
|
|
|
|
|
- path: etc/nginx/ssl/fullchain.pem
|
|
|
|
source: ssl/fullchain.pem
|
|
|
|
mode: "0644"
|
|
|
|
- path: etc/nginx/ssl/privkey.pem
|
|
|
|
source: ssl/privkey.pem
|
|
|
|
mode: "0644"
|
2020-02-24 09:20:02 +00:00
|
|
|
- path: etc/nginx/ssl/ec_cert.pem
|
|
|
|
source: pkg/challenge/ssl/ec_cert.pem
|
|
|
|
mode: "0644"
|
|
|
|
- path: etc/nginx/ssl/ec_key.pem
|
|
|
|
source: pkg/challenge/ssl/ec_key.pem
|
|
|
|
mode: "0644"
|
2018-03-05 16:39:56 +00:00
|
|
|
- path: etc/nginx/nginx-gw.conf
|
2018-02-20 09:32:15 +00:00
|
|
|
contents: |
|
|
|
|
user nginx;
|
|
|
|
worker_processes 2;
|
2018-03-05 16:39:56 +00:00
|
|
|
error_log /var/log/nginx/error.log warn;
|
2018-02-20 09:32:15 +00:00
|
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
|
|
worker_connections 1024;
|
|
|
|
}
|
|
|
|
http {
|
2018-03-05 16:39:56 +00:00
|
|
|
include /etc/nginx/mime.types;
|
|
|
|
default_type application/octet-stream;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request"'
|
2018-02-20 09:32:15 +00:00
|
|
|
'$status $body_bytes_sent "$http_referer"'
|
2018-03-05 16:39:56 +00:00
|
|
|
'"$http_user_agent""$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
2018-02-20 09:32:15 +00:00
|
|
|
sendfile on;
|
2018-03-05 16:39:56 +00:00
|
|
|
server_tokens off;
|
2018-02-20 09:32:15 +00:00
|
|
|
#tcp_nopush on;
|
|
|
|
keepalive_timeout 65;
|
|
|
|
#gzip on;
|
2018-03-05 16:39:56 +00:00
|
|
|
resolver 9.9.9.9;
|
2018-02-20 09:32:15 +00:00
|
|
|
server {
|
|
|
|
listen 80 default;
|
|
|
|
listen [::]:80 default;
|
|
|
|
location = /{
|
|
|
|
return 403;
|
|
|
|
}
|
2018-03-05 16:39:56 +00:00
|
|
|
location /iamalive {
|
|
|
|
proxy_pass https://82.64.31.248/challenge;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.0.1;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
mode: "0440"
|
|
|
|
|
|
|
|
- path: etc/nginx/nginx-login.conf
|
|
|
|
contents: |
|
|
|
|
user nginx;
|
|
|
|
worker_processes 2;
|
|
|
|
error_log /var/log/nginx/error.log warn;
|
|
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
|
|
worker_connections 1024;
|
|
|
|
}
|
|
|
|
http {
|
|
|
|
include /etc/nginx/mime.types;
|
|
|
|
default_type application/octet-stream;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request"'
|
|
|
|
'$status $body_bytes_sent "$http_referer"'
|
|
|
|
'"$http_user_agent""$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
sendfile on;
|
|
|
|
server_tokens off;
|
|
|
|
#tcp_nopush on;
|
|
|
|
keepalive_timeout 65;
|
|
|
|
#gzip on;
|
|
|
|
server {
|
|
|
|
listen 443 default ssl;
|
|
|
|
listen [::]:443 default ssl;
|
|
|
|
ssl_protocols TLSv1.2;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_certificate /etc/nginx/ssl/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
|
|
|
|
location = /{
|
|
|
|
return https://adlin.nemunai.re/;
|
|
|
|
}
|
|
|
|
location /login {
|
2020-02-24 09:04:28 +00:00
|
|
|
proxy_pass http://localhost:8081;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
}
|
|
|
|
location /logout {
|
|
|
|
proxy_pass http://localhost:8081;
|
2018-03-05 16:39:56 +00:00
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
}
|
2018-02-20 09:32:15 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
mode: "0440"
|
|
|
|
|
2018-03-05 16:39:56 +00:00
|
|
|
- path: etc/nginx/nginx-dmz.conf
|
|
|
|
contents: |
|
|
|
|
user nginx;
|
|
|
|
worker_processes 2;
|
|
|
|
error_log /var/log/nginx/error.log warn;
|
|
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
|
|
worker_connections 1024;
|
|
|
|
}
|
|
|
|
http {
|
|
|
|
include /etc/nginx/mime.types;
|
|
|
|
default_type applicationøctet-stream;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request"'
|
|
|
|
'$status $body_bytes_sent "$http_referer"'
|
|
|
|
'"$http_user_agent""$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
sendfile on;
|
|
|
|
server_tokens off;
|
|
|
|
#tcp_nopush on;
|
|
|
|
keepalive_timeout 65;
|
|
|
|
#gzip on;
|
|
|
|
resolver 9.9.9.9;
|
|
|
|
server {
|
|
|
|
listen 80 default;
|
|
|
|
listen [::]:80 default;
|
|
|
|
location = /{
|
|
|
|
return https://adlin.nemunai.re/;
|
|
|
|
}
|
|
|
|
location /challenge {
|
|
|
|
proxy_pass https://82.64.31.248/challenge;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto http;
|
2020-02-24 09:04:28 +00:00
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
location /toctoc {
|
|
|
|
proxy_pass https://82.64.31.248/toctoc;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto http;
|
2018-03-05 16:39:56 +00:00
|
|
|
proxy_redirect off;
|
|
|
|
}
|
2019-03-04 08:00:22 +00:00
|
|
|
location /echorequest {
|
|
|
|
proxy_pass https://82.64.31.248/echorequest;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto http;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
location /testdisk {
|
|
|
|
proxy_pass https://82.64.31.248/testdisk;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto http;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
2018-03-05 16:39:56 +00:00
|
|
|
location /sshkeys {
|
|
|
|
return https://adlin.nemunai.re/sshkeys;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
server {
|
|
|
|
listen 443 default ssl;
|
|
|
|
listen [::]:443 default ssl;
|
|
|
|
ssl_protocols TLSv1.2;
|
|
|
|
ssl_prefer_server_ciphers on;
|
2020-02-24 09:20:02 +00:00
|
|
|
ssl_certificate /etc/nginx/ssl/ec_cert.pem;
|
|
|
|
ssl_certificate_key /etc/nginx/ssl/ec_key.pem;
|
|
|
|
location = /{
|
|
|
|
return https://adlin.nemunai.re/;
|
|
|
|
}
|
|
|
|
location /challenge {
|
|
|
|
proxy_pass https://82.64.31.248/challenge;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
location /toctoc {
|
|
|
|
proxy_pass https://82.64.31.248/toctoc;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
location /echorequest {
|
|
|
|
proxy_pass https://82.64.31.248/echorequest;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
location /testdisk {
|
|
|
|
proxy_pass https://82.64.31.248/testdisk;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
location /sshkeys {
|
|
|
|
proxy_pass https://82.64.31.248/sshkeys;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
location /api/students {
|
|
|
|
proxy_pass https://82.64.31.248;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
server {
|
|
|
|
listen 443 ssl;
|
|
|
|
listen [::]:443 ssl;
|
|
|
|
ssl_protocols TLSv1.2;
|
|
|
|
ssl_prefer_server_ciphers on;
|
2018-03-05 16:39:56 +00:00
|
|
|
ssl_certificate /etc/nginx/ssl/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
|
2020-02-24 09:20:02 +00:00
|
|
|
server_name adlin.nemunai.re;
|
2018-03-05 16:39:56 +00:00
|
|
|
location = /{
|
|
|
|
return https://adlin.nemunai.re/;
|
|
|
|
}
|
|
|
|
location /challenge {
|
|
|
|
proxy_pass https://82.64.31.248/challenge;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
2019-03-04 08:00:22 +00:00
|
|
|
location /echorequest {
|
|
|
|
proxy_pass https://82.64.31.248/echorequest;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
location /testdisk {
|
|
|
|
proxy_pass https://82.64.31.248/testdisk;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
2018-03-05 16:39:56 +00:00
|
|
|
location /sshkeys {
|
|
|
|
proxy_pass https://82.64.31.248/sshkeys;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
2019-03-04 08:00:22 +00:00
|
|
|
location /api/students {
|
|
|
|
proxy_pass https://82.64.31.248;
|
|
|
|
proxy_set_header Host adlin.nemunai.re;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
2018-03-05 16:39:56 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
mode: "0440"
|
|
|
|
|
|
|
|
- path: etc/dhcp/dhcpd.conf
|
|
|
|
contents: |
|
|
|
|
authoritative;
|
|
|
|
default-lease-time 7200;
|
|
|
|
max-lease-time 7200;
|
2019-02-27 01:09:33 +00:00
|
|
|
option client-arch code 93 = unsigned integer 16;
|
2018-03-05 16:39:56 +00:00
|
|
|
subnet 172.23.255.0 netmask 255.255.255.0 {
|
|
|
|
range 172.23.255.10 172.23.255.254;
|
|
|
|
option subnet-mask 255.255.255.0;
|
|
|
|
option broadcast-address 172.23.255.255;
|
|
|
|
next-server 172.23.255.1;
|
2019-02-27 01:09:33 +00:00
|
|
|
if option client-arch != 00:00 {
|
|
|
|
filename "ipxe.efi";
|
|
|
|
} else {
|
|
|
|
filename "bios/pxelinux.0";
|
|
|
|
}
|
2018-03-05 16:39:56 +00:00
|
|
|
}
|
2019-03-04 08:00:22 +00:00
|
|
|
subnet 172.23.128.0 netmask 255.255.192.0 {
|
|
|
|
range 172.23.128.10 172.23.191.250;
|
|
|
|
option routers 172.23.191.254;
|
|
|
|
option subnet-mask 255.255.192.0;
|
|
|
|
option broadcast-address 172.23.191.255;
|
|
|
|
}
|
2018-03-05 16:39:56 +00:00
|
|
|
mode: "0440"
|
|
|
|
|
2020-02-24 09:06:53 +00:00
|
|
|
- path: etc/postfix/transport
|
|
|
|
contents: |
|
|
|
|
nemunai.re smtp:[82.64.31.248]
|
|
|
|
oupaout.ra.nemunai.re smtp:[82.64.151.41]
|
|
|
|
mode: "0440"
|
|
|
|
|
2018-02-20 09:32:15 +00:00
|
|
|
- path: etc/ntpd.conf
|
|
|
|
contents: |
|
|
|
|
listen on *
|
2020-02-24 09:20:51 +00:00
|
|
|
server 10.224.4.2
|
|
|
|
server pool.ntp.org
|
2018-02-20 09:32:15 +00:00
|
|
|
mode: "0440"
|
|
|
|
|
2020-02-24 09:07:39 +00:00
|
|
|
- path: etc/wireguard/wg0.conf
|
|
|
|
contents: |
|
|
|
|
[Interface]
|
|
|
|
PrivateKey = SCGCKDuTm4PMOw+LXdK/2s8mxnv145QHOohKRq3vc2A=
|
|
|
|
ListenPort = 12912
|
|
|
|
Address = 172.23.191.254/18
|
|
|
|
mode: "0644"
|
2019-03-04 08:00:22 +00:00
|
|
|
|
2018-02-20 09:32:15 +00:00
|
|
|
- path: srv/tftp
|
|
|
|
directory: true
|
|
|
|
mode: "0755"
|
|
|
|
|
2019-02-24 18:54:08 +00:00
|
|
|
- path: srv/tftp/bios/ldlinux.c32
|
2018-03-05 16:39:56 +00:00
|
|
|
source: /usr/share/syslinux/ldlinux.c32
|
|
|
|
mode: "0644"
|
2019-02-24 18:54:08 +00:00
|
|
|
- path: srv/tftp/bios/libcom32.c32
|
2018-03-05 16:39:56 +00:00
|
|
|
source: /usr/share/syslinux/libcom32.c32
|
|
|
|
mode: "0644"
|
2019-02-24 18:54:08 +00:00
|
|
|
- path: srv/tftp/bios/libutil.c32
|
2018-03-05 16:39:56 +00:00
|
|
|
source: /usr/share/syslinux/libutil.c32
|
|
|
|
mode: "0644"
|
2019-02-24 18:54:08 +00:00
|
|
|
- path: srv/tftp/bios/menu.c32
|
2018-03-05 16:39:56 +00:00
|
|
|
source: /usr/share/syslinux/menu.c32
|
|
|
|
mode: "0644"
|
2019-02-24 18:54:08 +00:00
|
|
|
- path: srv/tftp/bios/poweroff.c32
|
2018-03-05 16:39:56 +00:00
|
|
|
source: /usr/share/syslinux/poweroff.c32
|
|
|
|
mode: "0644"
|
2019-02-24 18:54:08 +00:00
|
|
|
- path: srv/tftp/bios/pxelinux.0
|
2018-03-05 16:39:56 +00:00
|
|
|
source: /usr/share/syslinux/pxelinux.0
|
|
|
|
mode: "0644"
|
2019-02-24 18:54:08 +00:00
|
|
|
- path: srv/tftp/bios/vesamenu.c32
|
|
|
|
source: /usr/share/syslinux/vesamenu.c32
|
|
|
|
mode: "0644"
|
|
|
|
- path: srv/tftp/bios/pxelinux.cfg
|
2018-03-05 16:39:56 +00:00
|
|
|
directory: true
|
|
|
|
mode: "0755"
|
2019-02-24 18:54:08 +00:00
|
|
|
|
2018-03-05 16:39:56 +00:00
|
|
|
- path: srv/tftp/pxelinux.cfg/default
|
|
|
|
source: tftp/pxelinux.cfg/default
|
|
|
|
mode: "0644"
|
|
|
|
- path: srv/tftp/pxelinux.cfg/tpl
|
|
|
|
source: tftp/pxelinux.cfg/tpl
|
|
|
|
mode: "0644"
|
2019-02-27 01:09:33 +00:00
|
|
|
- path: srv/tftp/pxelinux.cfg/tpl.ipxe
|
|
|
|
source: tftp/pxelinux.cfg/tpl.ipxe
|
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
- path: srv/tftp/ipxe.efi
|
|
|
|
source: tftp/ipxe.efi
|
|
|
|
mode: "0644"
|
2018-03-05 16:39:56 +00:00
|
|
|
|
2019-03-04 08:00:22 +00:00
|
|
|
- path: usr/sbin/ping-checker
|
|
|
|
source: ping-checker.sh
|
|
|
|
mode: "0755"
|
|
|
|
|
2018-03-05 16:39:56 +00:00
|
|
|
- path: srv/tftp/bzImage
|
2019-02-27 01:09:33 +00:00
|
|
|
source: challenge-kernel
|
2018-03-05 16:39:56 +00:00
|
|
|
mode: "0644"
|
2019-02-24 04:18:29 +00:00
|
|
|
- path: srv/tftp/login-initrd.img
|
|
|
|
source: tftp/login-initrd.img
|
2018-03-05 16:39:56 +00:00
|
|
|
mode: "0644"
|
2019-02-24 04:18:29 +00:00
|
|
|
- path: srv/tftp/challenge-initrd.img
|
2018-03-05 16:39:56 +00:00
|
|
|
source: challenge-initrd.img
|
|
|
|
mode: "0644"
|
|
|
|
|
2018-02-20 09:32:15 +00:00
|
|
|
trust:
|
|
|
|
org:
|
|
|
|
- linuxkit
|
|
|
|
- library
|