server.yml: some documentation
This commit is contained in:
parent
ff9c6bacdf
commit
13c5a3cabd
35
server.yml
35
server.yml
@ -16,14 +16,12 @@ onboot:
|
|||||||
binds:
|
binds:
|
||||||
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
||||||
|
|
||||||
|
# Mount first drive to enable some persistance
|
||||||
- name: mount
|
- name: mount
|
||||||
image: linuxkit/mount:v0.6
|
image: linuxkit/mount:v0.6
|
||||||
command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ]
|
command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ]
|
||||||
|
|
||||||
# Network: exposed
|
# Network: interface for login-validator
|
||||||
- name: netvlan-iface-setup
|
|
||||||
image: linuxkit/ip:v0.6
|
|
||||||
command: ["/bin/sh", "-c", "ip link add link eth0 name eth0.7 type vlan id 7; ip a add 172.23.191.254/18 dev eth0.7; ip link set eth0.7 up;" ]
|
|
||||||
- name: login-iface-setup
|
- name: login-iface-setup
|
||||||
image: linuxkit/ip:v0.6
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
|
||||||
@ -35,6 +33,15 @@ onboot:
|
|||||||
peer: veth-login
|
peer: veth-login
|
||||||
bindNS:
|
bindNS:
|
||||||
net: /run/netns/login
|
net: /run/netns/login
|
||||||
|
|
||||||
|
# Network: exposed ################################################
|
||||||
|
|
||||||
|
# VLAN7, path to internet
|
||||||
|
- name: netvlan-iface-setup
|
||||||
|
image: linuxkit/ip:v0.6
|
||||||
|
command: ["/bin/sh", "-c", "ip link add link eth0 name eth0.7 type vlan id 7; ip a add 172.23.191.254/18 dev eth0.7; ip link set eth0.7 up;" ]
|
||||||
|
|
||||||
|
# Bridge between std LAN, PXE LAN services (login-validator) and default route (as it uses the same wire)
|
||||||
- name: bridge-ext-setup
|
- name: bridge-ext-setup
|
||||||
image: linuxkit/ip:v0.6
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.255.1/24 dev br-ext; ip a add 172.17.0.16/16 dev br-ext; ip a add 172.23.0.1/17 dev br-ext; ip link set eth0 master br-ext; ip link set veth-login master br-ext; ip link set br-ext up; ip link set veth-login up; ip link set eth0 up; ip route add default via 172.17.0.1;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.255.1/24 dev br-ext; ip a add 172.17.0.16/16 dev br-ext; ip a add 172.23.0.1/17 dev br-ext; ip link set eth0 master br-ext; ip link set veth-login master br-ext; ip link set br-ext up; ip link set veth-login up; ip link set eth0 up; ip route add default via 172.17.0.1;" ]
|
||||||
@ -43,7 +50,9 @@ onboot:
|
|||||||
- name: br-ext
|
- name: br-ext
|
||||||
add: bridge
|
add: bridge
|
||||||
|
|
||||||
# Network: DMZ
|
# Network: DMZ ####################################################
|
||||||
|
|
||||||
|
# token-validator
|
||||||
- name: validator-iface-setup
|
- name: validator-iface-setup
|
||||||
image: linuxkit/ip:v0.6
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
|
||||||
@ -55,6 +64,8 @@ onboot:
|
|||||||
peer: veth-validator
|
peer: veth-validator
|
||||||
bindNS:
|
bindNS:
|
||||||
net: /run/netns/dmz-validator
|
net: /run/netns/dmz-validator
|
||||||
|
|
||||||
|
# domain name
|
||||||
- name: ns-iface-setup
|
- name: ns-iface-setup
|
||||||
image: linuxkit/ip:v0.6
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
|
||||||
@ -66,6 +77,8 @@ onboot:
|
|||||||
peer: veth-ns
|
peer: veth-ns
|
||||||
bindNS:
|
bindNS:
|
||||||
net: /run/netns/dmz-ns
|
net: /run/netns/dmz-ns
|
||||||
|
|
||||||
|
# time server
|
||||||
- name: time-iface-setup
|
- name: time-iface-setup
|
||||||
image: linuxkit/ip:v0.6
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
|
||||||
@ -77,6 +90,8 @@ onboot:
|
|||||||
peer: veth-time
|
peer: veth-time
|
||||||
bindNS:
|
bindNS:
|
||||||
net: /run/netns/dmz-time
|
net: /run/netns/dmz-time
|
||||||
|
|
||||||
|
# mail server
|
||||||
# - name: mail-iface-setup
|
# - name: mail-iface-setup
|
||||||
# image: linuxkit/ip:v0.6
|
# image: linuxkit/ip:v0.6
|
||||||
# command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
|
# command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
|
||||||
@ -88,6 +103,8 @@ onboot:
|
|||||||
# peer: veth-mail
|
# peer: veth-mail
|
||||||
# bindNS:
|
# bindNS:
|
||||||
# net: /run/netns/dmz-mail
|
# net: /run/netns/dmz-mail
|
||||||
|
|
||||||
|
# Bridge for DMZ services
|
||||||
- name: bridge-int-setup
|
- name: bridge-int-setup
|
||||||
image: linuxkit/ip:v0.6
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.254/24 dev br-int; ip link set veth-validator master br-int; ip link set veth-ns master br-int; ip link set veth-time master br-int; ip link set veth-mail master br-int; ip link set br-int up; ip link set veth-validator up; ip link set veth-ns up; ip link set veth-time up; ip link set veth-mail up" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.254/24 dev br-int; ip link set veth-validator master br-int; ip link set veth-ns master br-int; ip link set veth-time master br-int; ip link set veth-mail master br-int; ip link set br-int up; ip link set veth-validator up; ip link set veth-ns up; ip link set veth-time up; ip link set veth-mail up" ]
|
||||||
@ -208,10 +225,14 @@ services:
|
|||||||
- /etc/ntpd.conf:/etc/ntpd.conf:ro
|
- /etc/ntpd.conf:/etc/ntpd.conf:ro
|
||||||
|
|
||||||
# - name: postfix
|
# - name: postfix
|
||||||
# image: TBD
|
# image: mwader/postfix-relay
|
||||||
# net: /run/netns/dmz-mail
|
# net: /run/netns/dmz-mail
|
||||||
|
# environment:
|
||||||
|
# - POSTFIX_myhostname=adlin.nemunai.re
|
||||||
# binds:
|
# binds:
|
||||||
# - /etc/postfix/main.cf:/etc/postfix/main.cf:ro
|
# - /var/lib/adlin/postfix/mail:/var/mail
|
||||||
|
# - /var/lib/adlin/postfix/lib:/var/lib/postfix
|
||||||
|
# - /var/lib/adlin/postfix/spool:/var/spool/postfix
|
||||||
|
|
||||||
files:
|
files:
|
||||||
- path: etc/init.d/011-copy-to-var
|
- path: etc/init.d/011-copy-to-var
|
||||||
|
Reference in New Issue
Block a user