2019-03-10 18:32:38 +00:00
kernel :
2019-03-29 11:48:57 +00:00
image : linuxkit/kernel:4.9.165
# cmdline: "console=ttyS0 adlin.token=AlFnv.8pLQ"
2019-03-10 18:32:38 +00:00
cmdline : "console=tty0"
init :
2019-03-29 11:48:57 +00:00
- linuxkit/init:629fdad56e62ae72bf8becf0c8a668241480d3ff
- linuxkit/runc:606971451ea29b4238029804ca638f9f85caf5af
- linuxkit/containerd:39ac21278cfcc10dbcc32ad7f5abbe820852c5bd
- linuxkit/ca-certificates:906c46a26fd2df271bf64c0259bf2267f7593213
- linuxkit/getty:01993189b8c583dc91cbbc7d4be131832c0fc205
2019-03-10 18:32:38 +00:00
onboot :
2019-03-29 11:48:57 +00:00
- name : format
image : linuxkit/format:ada5fd97592c33399140f5f93f517c02f55edb14
command : [ "/usr/bin/format" , "/dev/sda" ]
- name : mount
image : linuxkit/mount:019bc551972cf2d136b443d70b4bf94c54d0d1fe
command : [ "/usr/bin/mountie" , "/dev/sda1" , "/var/lib/adlin" ]
2019-03-10 18:32:38 +00:00
- name : sysctl
2019-03-29 11:48:57 +00:00
image : linuxkit/sysctl:713e535f2d4e4c74aba50cc7f73e3826b2dd3857
2019-03-10 18:32:38 +00:00
binds :
- /etc/sysctl.d/:/etc/sysctl.d/:ro
2019-03-29 11:48:57 +00:00
- name : rngd1
image : linuxkit/rngd:dc49cff2c835b196610a3f2efb585bb276658bce
command : [ "/sbin/rngd" , "-1" ]
2019-03-10 18:32:38 +00:00
# Network: external
- name : dhcpcd
2019-03-29 11:48:57 +00:00
image : linuxkit/dhcpcd:85738d3d2f152a7879e17a61444f7714b858c2ee
2019-03-10 18:32:38 +00:00
command : [ "/sbin/dhcpcd" , "--nobackground" , "-f" , "/dhcpcd.conf" , "-1" ]
net : new
runtime :
interfaces :
- name : eth0
bindNS :
net : /run/netns/router
2019-03-29 11:48:57 +00:00
- name : wg
image : nemunaire/wg:9d34420193aee27109e118f27e30e4a197c5f69e
net : /run/netns/router
binds :
- /etc/mresolv.conf:/etc/resolv.conf
- /var/lib/adlin/wireguard:/etc/wireguard
command : [ "/bin/ash" , "-c" , "/usr/bin/ask.sh" ]
runtime :
mkdir :
- /var/lib/adlin/wireguard
2019-03-10 18:32:38 +00:00
# Network: workstations
- name : net-wks-setup
2019-03-29 11:48:57 +00:00
image : linuxkit/ip:4787413a729748bcf7560c73e0b46d38b8a8df2b
2019-03-10 18:32:38 +00:00
command : [ "/bin/sh" , "-c" , "ip a add 192.168.6.254/24 dev ethwks; ip link set ethwks up;" ]
net : /run/netns/router
runtime :
interfaces :
- name : ethwks
add : veth
peer : veth-wks
2019-03-29 11:48:57 +00:00
# # Network: servers
2019-03-10 18:32:38 +00:00
- name : net-srv-setup
2019-03-29 11:48:57 +00:00
image : linuxkit/ip:4787413a729748bcf7560c73e0b46d38b8a8df2b
2019-03-10 18:32:38 +00:00
command : [ "/bin/sh" , "-c" , "ip a add 172.23.42.1/24 dev ethsrv; ip link set ethsrv up;" ]
net : /run/netns/router
runtime :
interfaces :
- name : ethsrv
add : veth
peer : veth-srv
- name : net-srvns-setup
2019-03-29 11:48:57 +00:00
image : linuxkit/ip:4787413a729748bcf7560c73e0b46d38b8a8df2b
2019-03-10 18:32:38 +00:00
command : [ "/bin/sh" , "-c" , "ip a add 172.23.42.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.42.1;" ]
net : new
runtime :
interfaces :
- name : vethin-ns
add : veth
peer : veth-ns
bindNS :
net : /run/netns/ns
2019-03-29 11:48:57 +00:00
- name : net-srvnsauth-setup
image : linuxkit/ip:4787413a729748bcf7560c73e0b46d38b8a8df2b
command : [ "/bin/sh" , "-c" , "ip a add 172.23.42.3/24 dev vethin-nsauth; ip link set vethin-nsauth up; ip route add default via 172.23.42.1;" ]
net : new
runtime :
interfaces :
- name : vethin-nsauth
add : veth
peer : veth-nsauth
bindNS :
net : /run/netns/ns-auth
2019-03-10 18:32:38 +00:00
- name : net-srvdb-setup
2019-03-29 11:48:57 +00:00
image : linuxkit/ip:4787413a729748bcf7560c73e0b46d38b8a8df2b
2019-03-10 18:32:38 +00:00
command : [ "/bin/sh" , "-c" , "ip a add 172.23.42.4/24 dev vethin-db; ip link set vethin-db up; ip route add default via 172.23.42.1;" ]
net : new
runtime :
interfaces :
- name : vethin-db
add : veth
peer : veth-db
bindNS :
net : /run/netns/db
- name : net-srvchat-setup
2019-03-29 11:48:57 +00:00
image : linuxkit/ip:4787413a729748bcf7560c73e0b46d38b8a8df2b
2019-03-10 18:32:38 +00:00
command : [ "/bin/sh" , "-c" , "ip a add 172.23.42.5/24 dev vethin-chat; ip link set vethin-chat up; ip route add default via 172.23.42.1;" ]
net : new
runtime :
interfaces :
- name : vethin-chat
add : veth
peer : veth-chat
bindNS :
net : /run/netns/chat
- name : net-srvttrss-setup
2019-03-29 11:48:57 +00:00
image : linuxkit/ip:4787413a729748bcf7560c73e0b46d38b8a8df2b
2019-03-10 18:32:38 +00:00
command : [ "/bin/sh" , "-c" , "ip a add 172.23.42.6/24 dev vethin-ttrss; ip link set vethin-ttrss up; ip route add default via 172.23.42.1;" ]
net : new
runtime :
interfaces :
- name : vethin-ttrss
add : veth
peer : veth-ttrss
bindNS :
net : /run/netns/ttrss
2019-03-29 11:48:57 +00:00
# - name: net-srvmail-setup
# image: linuxkit/ip:4787413a729748bcf7560c73e0b46d38b8a8df2b
# command: ["/bin/sh", "-c", "ip a add 172.23.42.7/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.42.1;" ]
# net: new
# runtime:
# interfaces:
# - name: vethin-mail
# add: veth
# peer: veth-mail
# bindNS:
# net: /run/netns/mail
2019-03-10 18:32:38 +00:00
# Network: bridges
- name : bridges-setup
2019-03-29 11:48:57 +00:00
image : linuxkit/ip:4787413a729748bcf7560c73e0b46d38b8a8df2b
command : [ "/bin/sh" , "-c" , "ip link set veth-srv master brsrv; ip link set veth-ns master brsrv; ip link set veth-nsauth master brsrv; ip link set veth-db master brsrv; ip link set veth-chat master brsrv; ip link set veth-ttrss master brsrv; ip link set veth-srv up; ip link set veth-ns up; ip link set veth-nsauth up; ip link set veth-db up; ip link set veth-chat up; ip link set veth-ttrss up; ip link set brsrv up; ip link set veth-wks master brwks; ip link set veth-wks1 master brwks; ip link set veth-wks2 master brwks; ip link set veth-wks up; ip link set veth-wks1 up; ip link set veth-wks2 up; ip link set brwks up;" ]
2019-03-10 18:32:38 +00:00
runtime :
interfaces :
- name : brsrv
add : bridge
- name : brwks
add : bridge
2019-03-29 11:48:57 +00:00
- name : veth-wks1
add : veth
peer : ethwks1
- name : veth-wks2
add : veth
peer : ethwks2
2019-03-10 18:32:38 +00:00
services :
- name : dhcpcd-wks1
2019-03-29 11:48:57 +00:00
image : linuxkit/dhcpcd:85738d3d2f152a7879e17a61444f7714b858c2ee
2019-03-10 18:32:38 +00:00
net : new
runtime :
interfaces :
- name : eth1
- name : ethwks1
bindNS :
net : /run/netns/wks1
- name : dhcpcd-wks2
2019-03-29 11:48:57 +00:00
image : linuxkit/dhcpcd:85738d3d2f152a7879e17a61444f7714b858c2ee
2019-03-10 18:32:38 +00:00
net : new
runtime :
interfaces :
- name : ethwks2
bindNS :
net : /run/netns/wks2
- name : sshd-wks1
2019-03-29 11:48:57 +00:00
image : linuxkit/sshd:6e4740bee64bf44e9913a1db4a38b5c3a5fb6ab1
2019-03-10 18:32:38 +00:00
net : /run/netns/wks1
binds :
- /etc/dpasswd:/etc/passwd
- /etc/dshadow:/etc/shadow
- name : sshd-wks2
2019-03-29 11:48:57 +00:00
image : linuxkit/sshd:6e4740bee64bf44e9913a1db4a38b5c3a5fb6ab1
2019-03-10 18:32:38 +00:00
net : /run/netns/wks2
binds :
- /etc/dpasswd:/etc/passwd
- /etc/dshadow:/etc/shadow
2019-03-29 11:48:57 +00:00
- name : mainrouter
image : nemunaire/adlin-tuto3:0a3be87ab71564521401498b84280b5d6d1d5649
2019-03-10 18:32:38 +00:00
net : /run/netns/router
command : [ "/bin/sh" , "-c" , "mkdir -p /run/sshd && exec /usr/sbin/sshd -D" ]
capabilities :
- all
binds :
- /etc/dresolv.conf:/etc/resolv.conf
- /etc/dpasswd:/etc/passwd
- /etc/dshadow:/etc/shadow
2019-03-29 11:48:57 +00:00
- name : matrix
image : nemunaire/tinydeb:1f217c10a67219a46133578b0c316ba80d943b59
net : /run/netns/chat
command : [ "/bin/sh" , "-c" , "mkdir -p /run/sshd && exec /usr/sbin/sshd -D" ]
capabilities :
- all
binds :
- /etc/dresolv.conf:/etc/resolv.conf
- /etc/dpasswd:/etc/passwd
- /etc/dshadow:/etc/shadow
- name : ns-resolv
2019-03-10 18:32:38 +00:00
image : nemunaire/unbound:528445043685979b1b479c6c44d68de36bc872ad
net : /run/netns/ns
capabilities :
2019-03-29 11:48:57 +00:00
- all
binds :
- /etc/unbound:/etc/unbound:ro
- name : ns-auth
image : nemunaire/nsd:1ae159aeaef958859cb2591f8af3a63faa7d4aa5
net : /run/netns/ns-auth
capabilities :
- all
2019-03-10 18:32:38 +00:00
binds :
2019-03-29 11:48:57 +00:00
- /var/lib/adlin/nsd:/etc/nsd:rw
- /var/lib/adlin/nsd-db:/var/db/nsd:rw
- /etc/nsd:/etc/nsd.sample:ro
- /etc/network:/etc/network:ro
- /etc/dpasswd:/etc/passwd
- /etc/dshadow:/etc/shadow
runtime :
mkdir :
- /var/lib/adlin/nsd
- /var/lib/adlin/nsd-db
2019-03-10 18:32:38 +00:00
- name : db
image : postgres:alpine
net : /run/netns/db
capabilities :
- all
command : [ "/docker-entrypoint.sh" , "postgres" ]
env :
- LANG=en_US.utf8
- PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/"
- PGDATA=/var/lib/postgresql/data
2019-03-29 11:48:57 +00:00
- POSTGRES_PASSWORD=adlin2020
2019-03-10 18:32:38 +00:00
binds :
- /initdb/init-ttrss.sh:/docker-entrypoint-initdb.d/init-ttrss.sh:ro
2019-03-29 11:48:57 +00:00
- /initdb/init-matrix.sh:/docker-entrypoint-initdb.d/init-matrix.sh:ro
# - name: chat
# image: nemunaire/mattermost:ecb81e668c64d07b4453f9b465a6998fc6ceb067-dirty
# net: /run/netns/chat
# capabilities:
# - all
# command: ["/entrypoint.sh", "/mattermost/bin/platform"]
# env:
# - MM_USERNAME=mattermost
# - MM_DBNAME=mattermost
# - MM_PASSWORD=adlin2020
# binds:
# - /etc/hosts:/etc/hosts:ro
2019-03-10 18:32:38 +00:00
- name : ttrss
image : nemunaire/ttrss:89149d186daf3ebf752a764807dee3180f46b93d-dirty
net : /run/netns/ttrss
capabilities :
- all
command : [ "/usr/bin/ttrss_entrypoint.sh" , "/sbin/start_ttrss" ]
env :
- TTRSS_PORT=80
- TTRSS_DB_TYPE=pgsql
- TTRSS_DB_HOST=db
- TTRSS_DB_PORT=5432
- TTRSS_DB_NAME=ttrss
- TTRSS_DB_USER=ttrss
2019-03-29 11:48:57 +00:00
- TTRSS_DB_PASS=adlin2020
2019-03-10 18:32:38 +00:00
- TTRSS_SELF_URL_PATH=http://localhost/
binds :
- /etc/hosts:/etc/hosts:ro
files :
- path : etc/hosts
contents : |
127.0 .0 .1 localhost
: : 1 localhost
172.23 .42 .4 db
mode : "0444"
- path : /initdb/init-ttrss.sh
contents : |
#!/bin/sh
set -e
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
2019-03-29 11:48:57 +00:00
CREATE USER ttrss WITH PASSWORD 'adlin2020';
2019-03-10 18:32:38 +00:00
CREATE DATABASE ttrss;
GRANT ALL PRIVILEGES ON DATABASE ttrss TO ttrss;
EOSQL
mode : "0555"
2019-03-29 11:48:57 +00:00
- path : /initdb/init-matrix.sh
2019-03-10 18:32:38 +00:00
contents : |
#!/bin/sh
set -e
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
2019-03-29 11:48:57 +00:00
CREATE USER matrix WITH PASSWORD 'adlin2020';
CREATE DATABASE matrix;
GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix;
2019-03-10 18:32:38 +00:00
EOSQL
mode : "0555"
- path : /etc/init.d/500-showip.sh
contents : |
#!/bin/sh
nsenter -n/run/netns/router ip a show dev eth0
nsenter -n/run/netns/wks1 ip a show dev eth1
exit 0
mode : "0555"
2019-03-29 11:48:57 +00:00
# - path: /etc/init.d/999-getty.sh
# contents: |
# #!/bin/sh
# while true
# do
# /usr/bin/setsid /usr/bin/nsenter -t $(echo $(ps a | grep sshd | head -1) | cut -d ' ' -f 1) -m -u -n -p -- /sbin/agetty -l /sbin/login 38400 tty1 linux
# sleep 1
# done &
# mode: "0555"
- path : etc/network/interfaces
2019-03-10 18:32:38 +00:00
contents : |
2019-03-29 11:48:57 +00:00
mode : "0440"
- path : etc/nsd/nsd.conf
contents : |
remote-control :
control-enable : yes
zone :
name : login-x.srs.p0m.fr
zonefile : /etc/nsd/login-x.srs.p0m.fr.zone
mode : "0440"
- path : etc/nsd/login-x.srs.p0m.fr.zone
contents : |
login-x.srs.p0m.fr. 900 SOA ns.login-x.srs.p0m.fr. root.login-x.srs.p0m.fr. 2019032900 172800 3600 2419200 86400
login-x.srs.p0m.fr. 900 NS ns.login-x.srs.p0m.fr.
ns.login-x.srs.p0m.fr. 900 AAAA 2a01:e0a:2b:2250::b
mode : "0440"
2019-03-10 18:32:38 +00:00
- path : etc/unbound/unbound.conf
contents : |
server :
verbosity : 1
interface : 0.0 .0 .0
interface : : : 0
prefer-ip6 : no
access-control : 172.23 .0 .0 /16 allow
access-control : 192.168 .0 .0 /16 allow
log-queries : yes
log-replies : yes
use-syslog : no
hide-identity : yes
hide-version : yes
qname-minimisation : yes
domain-insecure : "."
val-permissive-mode : yes
trust-anchor-file : "/usr/share/dnssec-root/trusted-key.key"
2019-03-29 11:48:57 +00:00
local-zone : "adlin.p0m.fr" typetransparent
local-data : "news.adlin.p0m.fr A 172.23.42.1"
local-data : "matrix.adlin.p0m.fr A 172.23.42.1"
2019-03-10 18:32:38 +00:00
remote-control :
control-enable : no
forward-zone :
name : "."
forward-addr : 9.9 .9 .9
mode : "0440"
- path : etc/dpasswd
contents : |
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/bin/false
messagebus:x:101:102::/var/run/dbus:/bin/false
sshd:x:102:65534::/run/sshd:/usr/sbin/nologin
systemd-timesync:x:103:105:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:104:106:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:105:107:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:106:108:systemd Bus Proxy,,,:/run/systemd:/bin/false
2019-03-29 11:48:57 +00:00
nsd:x:107:109::/run/nsd:/usr/sbin/nologin
2019-03-10 18:32:38 +00:00
mode : "0644"
- path : etc/dshadow
contents : |
2019-03-29 11:48:57 +00:00
root:$6$B0qzwsEh$vfWGpIFUrKGrkT0PVtGhhomBwc.60IBIxjMLyG8mz.NJLFRryjqLK9sA/mzxNSaQViiHsYYrsgmcWVHblfdHg1:17968:0:99999:7:: :
2019-03-10 18:32:38 +00:00
daemon:*:17575:0:99999:7:: :
bin:*:17575:0:99999:7:: :
sys:*:17575:0:99999:7:: :
sync:*:17575:0:99999:7:: :
games:*:17575:0:99999:7:: :
man:*:17575:0:99999:7:: :
lp:*:17575:0:99999:7:: :
mail:*:17575:0:99999:7:: :
news:*:17575:0:99999:7:: :
uucp:*:17575:0:99999:7:: :
proxy:*:17575:0:99999:7:: :
www-data:*:17575:0:99999:7:: :
backup:*:17575:0:99999:7:: :
list:*:17575:0:99999:7:: :
irc:*:17575:0:99999:7:: :
gnats:*:17575:0:99999:7:: :
nobody:*:17575:0:99999:7:: :
_apt:*:17575:0:99999:7:: :
messagebus:*:17594:0:99999:7:: :
sshd:*:17594:0:99999:7:: :
systemd-timesync:*:17594:0:99999:7:: :
systemd-network:*:17594:0:99999:7:: :
systemd-resolve:*:17594:0:99999:7:: :
systemd-bus-proxy:*:17594:0:99999:7:: :
2019-03-29 11:48:57 +00:00
nsd:*:17594:0:99999:7:: :
2019-03-10 18:32:38 +00:00
mode : "0640"
- path : etc/dresolv.conf
contents : |
nameserver 172.23.42.2
mode : "0644"
2019-03-29 11:48:57 +00:00
- path : var/lib/adlin
directory : true
mode : "0755"
- path : etc/mresolv.conf
contents : |
nameserver 9.9.9.9
nameserver 1.1.1.1
mode : "0644"
2019-03-10 18:32:38 +00:00
trust :
org :
- linuxkit
- library