diff --git a/tuto3.yml b/tuto3.yml index 1279da2..e236736 100644 --- a/tuto3.yml +++ b/tuto3.yml @@ -213,6 +213,21 @@ services: - /etc/hosts:/etc/hosts:ro - /etc/dresolv.conf:/etc/resolv.conf - /etc/services:/etc/services:ro + - name: web + image: nemunaire/tinydeb:eaa617bf726fb4cadfa22b3947709579e6001212 + net: /run/netns/web + pid: new + ipc: new + uts: new + hostname: vitrine + command: ["/sbin/init"] + capabilities: + - all + mounts: + - type: cgroup + options: ["rw","nosuid","noexec","nodev","relatime"] + binds: + - /etc/dresolv.conf:/etc/resolv.conf files: - path: etc/hosts @@ -350,6 +365,17 @@ files: ip netns exec ttrss ip route add default via $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1#") } + ip netns add web + ip link add vethin-web type veth peer name veth-web + ip link set vethin-web netns web + ip netns exec web ip link set vethin-web up + ip netns exec web ip a add 172.23.42.7/24 dev vethin-web + ip netns exec web ip route add default via 172.23.42.1 + grep MyIPv6= /var/lib/adlin/wireguard/adlin.conf > /dev/null && { + ip netns exec web ip a add $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:7/96#") dev vethin-web + ip netns exec web ip route add default via $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1#") + } + # Network: bridges ip l add brsrv type bridge ip link set veth-srv master brsrv @@ -358,12 +384,14 @@ files: ip link set veth-db master brsrv ip link set veth-chat master brsrv ip link set veth-ttrss master brsrv + ip link set veth-web master brsrv ip link set veth-srv up ip link set veth-ns up ip link set veth-nsauth up ip link set veth-db up ip link set veth-chat up ip link set veth-ttrss up + ip link set veth-web up ip link set brsrv up ip l add brwks type bridge @@ -390,6 +418,8 @@ files: sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/matrix/rootfs/etc/shadow cp /etc/services /containers/services/matrix/rootfs/etc/services sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/ns-auth/rootfs/etc/shadow + cp /etc/services /containers/services/web/rootfs/etc/services + sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/web/rootfs/etc/shadow exit 0 mode: "0555" @@ -471,6 +501,7 @@ files: local-zone: "adlin.p0m.fr" typetransparent local-data: "news.adlin.p0m.fr A 172.23.42.1" local-data: "matrix.adlin.p0m.fr A 172.23.42.1" + local-data: "www.adlin.p0m.fr A 172.23.42.1" remote-control: control-enable: no forward-zone: