diff --git a/server.yml b/server.yml index b790322..928f8bd 100644 --- a/server.yml +++ b/server.yml @@ -16,14 +16,12 @@ onboot: binds: - /etc/sysctl.d/:/etc/sysctl.d/:ro + # Mount first drive to enable some persistance - name: mount image: linuxkit/mount:v0.6 command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ] - # Network: exposed - - name: netvlan-iface-setup - image: linuxkit/ip:v0.6 - command: ["/bin/sh", "-c", "ip link add link eth0 name eth0.7 type vlan id 7; ip a add 172.23.191.254/18 dev eth0.7; ip link set eth0.7 up;" ] + # Network: interface for login-validator - name: login-iface-setup image: linuxkit/ip:v0.6 command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ] @@ -35,6 +33,15 @@ onboot: peer: veth-login bindNS: net: /run/netns/login + + # Network: exposed ################################################ + + # VLAN7, path to internet + - name: netvlan-iface-setup + image: linuxkit/ip:v0.6 + command: ["/bin/sh", "-c", "ip link add link eth0 name eth0.7 type vlan id 7; ip a add 172.23.191.254/18 dev eth0.7; ip link set eth0.7 up;" ] + + # Bridge between std LAN, PXE LAN services (login-validator) and default route (as it uses the same wire) - name: bridge-ext-setup image: linuxkit/ip:v0.6 command: ["/bin/sh", "-c", "ip a add 172.23.255.1/24 dev br-ext; ip a add 172.17.0.16/16 dev br-ext; ip a add 172.23.0.1/17 dev br-ext; ip link set eth0 master br-ext; ip link set veth-login master br-ext; ip link set br-ext up; ip link set veth-login up; ip link set eth0 up; ip route add default via 172.17.0.1;" ] @@ -43,7 +50,9 @@ onboot: - name: br-ext add: bridge - # Network: DMZ + # Network: DMZ #################################################### + + # token-validator - name: validator-iface-setup image: linuxkit/ip:v0.6 command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ] @@ -55,6 +64,8 @@ onboot: peer: veth-validator bindNS: net: /run/netns/dmz-validator + + # domain name - name: ns-iface-setup image: linuxkit/ip:v0.6 command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ] @@ -66,6 +77,8 @@ onboot: peer: veth-ns bindNS: net: /run/netns/dmz-ns + + # time server - name: time-iface-setup image: linuxkit/ip:v0.6 command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ] @@ -77,6 +90,8 @@ onboot: peer: veth-time bindNS: net: /run/netns/dmz-time + + # mail server # - name: mail-iface-setup # image: linuxkit/ip:v0.6 # command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ] @@ -88,6 +103,8 @@ onboot: # peer: veth-mail # bindNS: # net: /run/netns/dmz-mail + + # Bridge for DMZ services - name: bridge-int-setup image: linuxkit/ip:v0.6 command: ["/bin/sh", "-c", "ip a add 172.23.200.254/24 dev br-int; ip link set veth-validator master br-int; ip link set veth-ns master br-int; ip link set veth-time master br-int; ip link set veth-mail master br-int; ip link set br-int up; ip link set veth-validator up; ip link set veth-ns up; ip link set veth-time up; ip link set veth-mail up" ] @@ -208,10 +225,14 @@ services: - /etc/ntpd.conf:/etc/ntpd.conf:ro # - name: postfix -# image: TBD +# image: mwader/postfix-relay # net: /run/netns/dmz-mail +# environment: +# - POSTFIX_myhostname=adlin.nemunai.re # binds: -# - /etc/postfix/main.cf:/etc/postfix/main.cf:ro +# - /var/lib/adlin/postfix/mail:/var/mail +# - /var/lib/adlin/postfix/lib:/var/lib/postfix +# - /var/lib/adlin/postfix/spool:/var/spool/postfix files: - path: etc/init.d/011-copy-to-var