teach
/
adlin
Archived
0
0
Fork 0
Code Issues 1 Pull Requests 4 Releases Activity

server.yml: some documentation

This commit is contained in:
nemunaire 2019-02-26 17:44:01 +01:00
parent ff9c6bacdf
commit 13c5a3cabd
1 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
server.yml
View File

@ -16,14 +16,12 @@ onboot:
binds:
- /etc/sysctl.d/:/etc/sysctl.d/:ro
# Mount first drive to enable some persistance
- name: mount
image: linuxkit/mount:v0.6
command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ]
# Network: exposed
- name: netvlan-iface-setup
image: linuxkit/ip:v0.6
command: ["/bin/sh", "-c", "ip link add link eth0 name eth0.7 type vlan id 7; ip a add 172.23.191.254/18 dev eth0.7; ip link set eth0.7 up;" ]
# Network: interface for login-validator
- name: login-iface-setup
image: linuxkit/ip:v0.6
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
@ -35,6 +33,15 @@ onboot:
peer: veth-login
bindNS:
net: /run/netns/login
# Network: exposed ################################################
# VLAN7, path to internet
- name: netvlan-iface-setup
image: linuxkit/ip:v0.6
command: ["/bin/sh", "-c", "ip link add link eth0 name eth0.7 type vlan id 7; ip a add 172.23.191.254/18 dev eth0.7; ip link set eth0.7 up;" ]
# Bridge between std LAN, PXE LAN services (login-validator) and default route (as it uses the same wire)
- name: bridge-ext-setup
image: linuxkit/ip:v0.6
command: ["/bin/sh", "-c", "ip a add 172.23.255.1/24 dev br-ext; ip a add 172.17.0.16/16 dev br-ext; ip a add 172.23.0.1/17 dev br-ext; ip link set eth0 master br-ext; ip link set veth-login master br-ext; ip link set br-ext up; ip link set veth-login up; ip link set eth0 up; ip route add default via 172.17.0.1;" ]
@ -43,7 +50,9 @@ onboot:
- name: br-ext
add: bridge
# Network: DMZ
# Network: DMZ ####################################################
# token-validator
- name: validator-iface-setup
image: linuxkit/ip:v0.6
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
@ -55,6 +64,8 @@ onboot:
peer: veth-validator
bindNS:
net: /run/netns/dmz-validator
# domain name
- name: ns-iface-setup
image: linuxkit/ip:v0.6
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
@ -66,6 +77,8 @@ onboot:
peer: veth-ns
bindNS:
net: /run/netns/dmz-ns
# time server
- name: time-iface-setup
image: linuxkit/ip:v0.6
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
@ -77,6 +90,8 @@ onboot:
peer: veth-time
bindNS:
net: /run/netns/dmz-time
# mail server
# - name: mail-iface-setup
# image: linuxkit/ip:v0.6
# command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
@ -88,6 +103,8 @@ onboot:
# peer: veth-mail
# bindNS:
# net: /run/netns/dmz-mail
# Bridge for DMZ services
- name: bridge-int-setup
image: linuxkit/ip:v0.6
command: ["/bin/sh", "-c", "ip a add 172.23.200.254/24 dev br-int; ip link set veth-validator master br-int; ip link set veth-ns master br-int; ip link set veth-time master br-int; ip link set veth-mail master br-int; ip link set br-int up; ip link set veth-validator up; ip link set veth-ns up; ip link set veth-time up; ip link set veth-mail up" ]
@ -208,10 +225,14 @@ services:
- /etc/ntpd.conf:/etc/ntpd.conf:ro
# - name: postfix
# image: TBD
# image: mwader/postfix-relay
# net: /run/netns/dmz-mail
# environment:
# - POSTFIX_myhostname=adlin.nemunai.re
# binds:
# - /etc/postfix/main.cf:/etc/postfix/main.cf:ro
# - /var/lib/adlin/postfix/mail:/var/mail
# - /var/lib/adlin/postfix/lib:/var/lib/postfix
# - /var/lib/adlin/postfix/spool:/var/spool/postfix
files:
- path: etc/init.d/011-copy-to-var