teach
/
adlin
Archived
0
0
Fork 0
Code Issues 1 Pull Requests 4 Releases Activity

tuto3: regroup all network setup into one script

This commit is contained in:
nemunaire 2020-03-29 18:32:04 +02:00
parent 4d7e5a5331
commit 1dd6de8fb8
2 changed files with 117 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/wg/ask.sh
View File

@ -9,23 +9,23 @@ cmdline() {
[ "$value" != "" ] && echo "$value"
}
[ -f "/etc/wireguard/adlin.token" ] && WGTOKEN=$(cat /etc/wireguard/adlin.token)
[ -f "/var/lib/adlin/wireguard/adlin.token" ] && WGTOKEN=$(cat /var/lib/adlin/wireguard/adlin.token)
[ -z "${WGTOKEN}" ] && WGTOKEN=$(cmdline adlin.token)
[ -z "${WGTOKEN}" ] && {
echo -n "You didn't define your token to connect the network. Please copy it into /var/lib/adlin/wireguard/adlin.token and reboot."
exit 1
}
[ -f "/etc/wireguard/adlin.conf" ] && WGPRVKEY=$(sed 's/^.*PrivateKey *= *//p;d' /etc/wireguard/adlin.conf)
[ -f "/var/lib/adlin/wireguard/adlin.conf" ] && WGPRVKEY=$(sed 's/^.*PrivateKey *= *//p;d' /var/lib/adlin/wireguard/adlin.conf)
[ -z "${WGPRVKEY}" ] && WGPRVKEY=$(/usr/bin/wg genkey)
WGPUBKEY=$(echo $WGPRVKEY | /usr/bin/wg pubkey)
while ! { echo -e "[Interface]\nPrivateKey = ${WGPRVKEY}"; /usr/bin/wget -O - --header "X-WG-pubkey: $WGPUBKEY" https://adlin.nemunai.re/api/wg/$(echo -n "$WGTOKEN" | /usr/bin/sha512sum | /usr/bin/cut -d ' ' -f 1); } > /etc/wireguard/adlin.conf
while ! { echo -e "[Interface]\nPrivateKey = ${WGPRVKEY}"; /usr/bin/wget -O - --header "X-WG-pubkey: $WGPUBKEY" https://adlin.nemunai.re/api/wg/$(echo -n "$WGTOKEN" | /usr/bin/sha512sum | /usr/bin/cut -d ' ' -f 1); } > /var/lib/adlin/wireguard/adlin.conf
do
exit 1
done
echo -n "${WGTOKEN}" > /etc/wireguard/adlin.token
echo -n "${WGTOKEN}" > /var/lib/adlin/wireguard/adlin.token
/sbin/ip link add dev wg0 type wireguard
/usr/bin/wg setconf wg0 /etc/wireguard/adlin.conf
/sbin/ip address add dev wg0 $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf)
/usr/bin/wg setconf wg0 /var/lib/adlin/wireguard/adlin.conf
/sbin/ip address add dev wg0 $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf)
/sbin/ip link set up dev wg0
/sbin/ip -6 route del default
/sbin/ip -6 route add default via $(sed 's/^.*GWIPv6=//p;d' /etc/wireguard/adlin.conf) pref high
/sbin/ip -6 route add default via $(sed 's/^.*GWIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf) pref high

226
tuto3.yml
View File

@ -39,121 +39,6 @@ onboot:
bindNS:
net: /run/netns/router
- name: wg
image: linuxkit/ip:7b1cf3150bf5d9a0df7ef07572e2d81fe3c0c3d3
net: /run/netns/router
binds:
- /etc/ssl:/etc/ssl:ro
- /etc/mresolv.conf:/etc/resolv.conf
- /usr/bin/ask.sh:/usr/bin/ask.sh:ro
- /usr/bin/ssl_client:/usr/bin/ssl_client:ro
- /lib/libcrypto.so.1.1:/lib/libcrypto.so.1.1:ro
- /lib/libssl.so.1.1:/lib/libssl.so.1.1:ro
- /usr/lib/libcrypto.so.1.1:/usr/lib/libcrypto.so.1.1:ro
- /usr/lib/libssl.so.1.1:/usr/lib/libssl.so.1.1:ro
- /usr/lib/libtls-standalone.so.1:/usr/lib/libtls-standalone.so.1:ro
- /usr/lib/libtls-standalone.so.1.0.0:/usr/lib/libtls-standalone.so.1.0.0:ro
- /usr/share/ca-certificates:/usr/share/ca-certificates:ro
- /var/lib/adlin/wireguard:/etc/wireguard
command: ["/bin/ash", "-c", "/usr/bin/ask.sh"]
runtime:
mkdir:
- /var/lib/adlin/wireguard
# Network: workstations
- name: net-wks-setup
image: linuxkit/ip:7b1cf3150bf5d9a0df7ef07572e2d81fe3c0c3d3
command: ["/bin/sh", "-c", "ip a add 192.168.6.254/24 dev ethwks; ip link set ethwks up; grep MyIPv6= /etc/wireguard/adlin.conf > /dev/null && ip a add $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf | sed \"s#:[^:/]*/.*\\$#1::1/96#\") dev ethwks;" ]
net: /run/netns/router
runtime:
interfaces:
- name: ethwks
add: veth
peer: veth-wks
# # Network: servers
- name: net-srv-setup
image: linuxkit/ip:7b1cf3150bf5d9a0df7ef07572e2d81fe3c0c3d3
command: ["/bin/sh", "-c", "ip a add 172.23.42.1/24 dev ethsrv; ip link set ethsrv up; grep MyIPv6= /etc/wireguard/adlin.conf > /dev/null && ip a add $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf | sed \"s#:[^:/]*/.*\\$#:1/96#\") dev ethsrv;" ]
net: /run/netns/router
runtime:
interfaces:
- name: ethsrv
add: veth
peer: veth-srv
- name: net-srvns-setup
image: linuxkit/ip:7b1cf3150bf5d9a0df7ef07572e2d81fe3c0c3d3
command: ["/bin/sh", "-c", "ip a add 172.23.42.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.42.1; grep MyIPv6= /etc/wireguard/adlin.conf > /dev/null && { ip a add $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf | sed \"s#:[^:/]*/.*\\$#:2/96#\") dev vethin-ns; ip route add default via $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf | sed \"s#:[^:/]*/.*\\$#:1#\"); }" ]
net: new
runtime:
interfaces:
- name: vethin-ns
add: veth
peer: veth-ns
bindNS:
net: /run/netns/ns
- name: net-srvnsauth-setup
image: linuxkit/ip:7b1cf3150bf5d9a0df7ef07572e2d81fe3c0c3d3
command: ["/bin/sh", "-c", "ip a add 172.23.42.3/24 dev vethin-nsauth; ip link set vethin-nsauth up; ip route add default via 172.23.42.1; grep MyIPv6= /etc/wireguard/adlin.conf > /dev/null && { ip a add $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf | sed \"s#:[^:/]*/.*\\$#:3/96#\") dev vethin-nsauth; ip route add default via $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf | sed \"s#:[^:/]*/.*\\$#:1#\"); }" ]
net: new
runtime:
interfaces:
- name: vethin-nsauth
add: veth
peer: veth-nsauth
bindNS:
net: /run/netns/ns-auth
- name: net-srvdb-setup
image: linuxkit/ip:7b1cf3150bf5d9a0df7ef07572e2d81fe3c0c3d3
command: ["/bin/sh", "-c", "ip a add 172.23.42.4/24 dev vethin-db; ip link set vethin-db up; ip route add default via 172.23.42.1; grep MyIPv6= /etc/wireguard/adlin.conf > /dev/null && { ip a add $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf | sed \"s#:[^:/]*/.*\\$#:4/96#\") dev vethin-db; ip route add default via $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf | sed \"s#:[^:/]*/.*\\$#:1#\"); }" ]
net: new
runtime:
interfaces:
- name: vethin-db
add: veth
peer: veth-db
bindNS:
net: /run/netns/db
- name: net-srvchat-setup
image: linuxkit/ip:7b1cf3150bf5d9a0df7ef07572e2d81fe3c0c3d3
command: ["/bin/sh", "-c", "ip a add 172.23.42.5/24 dev vethin-chat; ip link set vethin-chat up; ip route add default via 172.23.42.1; grep MyIPv6= /etc/wireguard/adlin.conf > /dev/null && { ip a add $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf | sed \"s#:[^:/]*/.*\\$#:5/96#\") dev vethin-chat; ip route add default via $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf | sed \"s#:[^:/]*/.*\\$#:1#\"); }" ]
net: new
runtime:
interfaces:
- name: vethin-chat
add: veth
peer: veth-chat
bindNS:
net: /run/netns/chat
- name: net-srvttrss-setup
image: linuxkit/ip:7b1cf3150bf5d9a0df7ef07572e2d81fe3c0c3d3
command: ["/bin/sh", "-c", "ip a add 172.23.42.6/24 dev vethin-ttrss; ip link set vethin-ttrss up; ip route add default via 172.23.42.1; grep MyIPv6= /etc/wireguard/adlin.conf > /dev/null && { ip a add $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf | sed \"s#:[^:/]*/.*\\$#:6/96#\") dev vethin-ttrss; ip route add default via $(sed 's/^.*MyIPv6=//p;d' /etc/wireguard/adlin.conf | sed \"s#:[^:/]*/.*\\$#:1#\"); }" ]
net: new
runtime:
interfaces:
- name: vethin-ttrss
add: veth
peer: veth-ttrss
bindNS:
net: /run/netns/miniflux
# Network: bridges
- name: bridges-setup
image: linuxkit/ip:7b1cf3150bf5d9a0df7ef07572e2d81fe3c0c3d3
command: ["/bin/sh", "-c", "ip link set veth-srv master brsrv; ip link set veth-ns master brsrv; ip link set veth-nsauth master brsrv; ip link set veth-db master brsrv; ip link set veth-chat master brsrv; ip link set veth-ttrss master brsrv; ip link set veth-srv up; ip link set veth-ns up; ip link set veth-nsauth up; ip link set veth-db up; ip link set veth-chat up; ip link set veth-ttrss up; ip link set brsrv up; ip link set veth-wks master brwks; ip link set veth-wks1 master brwks; ip link set veth-wks2 master brwks; ip link set veth-wks up; ip link set veth-wks1 up; ip link set veth-wks2 up; ip link set brwks up; ip l | grep eth2 > /dev/null && { ip link set eth2 up; ip link set eth2 master brwks; }" ]
runtime:
interfaces:
- name: brsrv
add: bridge
- name: brwks
add: bridge
- name: veth-wks1
add: veth
peer: ethwks1
- name: veth-wks2
add: veth
peer: ethwks2
services:
- name: dhcpcd-wks1
image: linuxkit/dhcpcd:v0.7
@ -270,7 +155,7 @@ services:
# - /etc/hosts:/etc/hosts:ro
- name: miniflux
image: miniflux/miniflux:latest
net: /run/netns/miniflux
net: /run/netns/ttrss
capabilities:
- all
command: ["/bin/sh", "-c", "sleep 5; /usr/bin/miniflux"]
@ -338,6 +223,115 @@ files:
GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix;
mode: "0444"
- path: etc/init.d/011-tuto-net
contents: |
#!/bin/sh
mkdir -p /var/lib/adlin/wireguard/
nsenter -n/run/netns/router /usr/bin/ask.sh
# Network: workstations
ip link add ethwks type veth peer name veth-wks
ip link set ethwks up
ip link set ethwks netns router
ip netns exec router ip a add 192.168.6.254/24 dev ethwks
grep MyIPv6= /var/lib/adlin/wireguard/adlin.conf > /dev/null &&
ip netns exec router ip a add $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#1::1/96#") dev ethwks
# Network: servers
ip link add ethsrv type veth peer name veth-srv
ip link set ethsrv netns router
ip netns exec router ip link set ethsrv up
ip netns exec router ip a add 172.23.42.1/24 dev ethsrv
grep MyIPv6= /var/lib/adlin/wireguard/adlin.conf > /dev/null &&
ip netns exec router ip a add $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1/96#") dev ethsrv
ip netns add ns
ip link add vethin-ns type veth peer name veth-ns
ip link set vethin-ns netns ns
ip netns exec ns ip link set vethin-ns up
ip netns exec ns ip a add 172.23.42.2/24 dev vethin-ns
ip netns exec ns ip route add default via 172.23.42.1
grep MyIPv6= /var/lib/adlin/wireguard/adlin.conf > /dev/null && {
ip netns exec ns ip a add $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:2/96#") dev vethin-ns
ip netns exec ns ip route add default via $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1#")
}
ip netns add ns-auth
ip link add vethin-nsauth type veth peer name veth-nsauth
ip link set vethin-nsauth netns ns-auth
ip netns exec ns-auth ip link set vethin-nsauth up
ip netns exec ns-auth ip a add 172.23.42.3/24 dev vethin-nsauth
ip netns exec ns-auth ip route add default via 172.23.42.1
grep MyIPv6= /var/lib/adlin/wireguard/adlin.conf > /dev/null && {
ip netns exec ns-auth ip a add $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:3/96#") dev vethin-nsauth
ip netns exec ns-auth ip route add default via $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1#")
}
ip netns add db
ip link add vethin-db type veth peer name veth-db
ip link set vethin-db netns db
ip netns exec db ip link set vethin-db up
ip netns exec db ip a add 172.23.42.4/24 dev vethin-db
ip netns exec db ip route add default via 172.23.42.1
grep MyIPv6= /var/lib/adlin/wireguard/adlin.conf > /dev/null && {
ip netns exec db ip a add $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:4/96#") dev vethin-db
ip netns exec db ip route add default via $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1#")
}
ip netns add chat
ip link add vethin-chat type veth peer name veth-chat
ip link set vethin-chat netns chat
ip netns exec chat ip link set vethin-chat up
ip netns exec chat ip a add 172.23.42.5/24 dev vethin-chat
ip netns exec chat ip route add default via 172.23.42.1
grep MyIPv6= /var/lib/adlin/wireguard/adlin.conf > /dev/null && {
ip netns exec chat ip a add $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:5/96#") dev vethin-chat
ip netns exec chat ip route add default via $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1#")
}
ip netns add ttrss
ip link add vethin-ttrss type veth peer name veth-ttrss
ip link set vethin-ttrss netns ttrss
ip netns exec ttrss ip link set vethin-ttrss up
ip netns exec ttrss ip a add 172.23.42.6/24 dev vethin-ttrss
ip netns exec ttrss ip route add default via 172.23.42.1
grep MyIPv6= /var/lib/adlin/wireguard/adlin.conf > /dev/null && {
ip netns exec ttrss ip a add $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:6/96#") dev vethin-ttrss
ip netns exec ttrss ip route add default via $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1#")
}
# Network: bridges
ip l add brsrv type bridge
ip link set veth-srv master brsrv
ip link set veth-ns master brsrv
ip link set veth-nsauth master brsrv
ip link set veth-db master brsrv
ip link set veth-chat master brsrv
ip link set veth-ttrss master brsrv
ip link set veth-srv up
ip link set veth-ns up
ip link set veth-nsauth up
ip link set veth-db up
ip link set veth-chat up
ip link set veth-ttrss up
ip link set brsrv up
ip l add brwks type bridge
ip link add veth-wks1 type veth peer name ethwks1
ip link add veth-wks2 type veth peer name ethwks2
ip link set veth-wks master brwks
ip link set veth-wks1 master brwks
ip link set veth-wks2 master brwks
ip link set veth-wks up
ip link set veth-wks1 up
ip link set veth-wks2 up
ip link set brwks up
ip l | grep eth2 > /dev/null && {
ip link set eth2 up
ip link set eth2 master brwks
}
mode: "0755"
- path: /etc/init.d/999-rw-passwd.sh
contents: |
#!/bin/sh