tuto3: add vm for vitrine
This commit is contained in:
parent
c880529034
commit
259375f316
31
tuto3.yml
31
tuto3.yml
@ -213,6 +213,21 @@ services:
|
|||||||
- /etc/hosts:/etc/hosts:ro
|
- /etc/hosts:/etc/hosts:ro
|
||||||
- /etc/dresolv.conf:/etc/resolv.conf
|
- /etc/dresolv.conf:/etc/resolv.conf
|
||||||
- /etc/services:/etc/services:ro
|
- /etc/services:/etc/services:ro
|
||||||
|
- name: web
|
||||||
|
image: nemunaire/tinydeb:eaa617bf726fb4cadfa22b3947709579e6001212
|
||||||
|
net: /run/netns/web
|
||||||
|
pid: new
|
||||||
|
ipc: new
|
||||||
|
uts: new
|
||||||
|
hostname: vitrine
|
||||||
|
command: ["/sbin/init"]
|
||||||
|
capabilities:
|
||||||
|
- all
|
||||||
|
mounts:
|
||||||
|
- type: cgroup
|
||||||
|
options: ["rw","nosuid","noexec","nodev","relatime"]
|
||||||
|
binds:
|
||||||
|
- /etc/dresolv.conf:/etc/resolv.conf
|
||||||
|
|
||||||
files:
|
files:
|
||||||
- path: etc/hosts
|
- path: etc/hosts
|
||||||
@ -350,6 +365,17 @@ files:
|
|||||||
ip netns exec ttrss ip route add default via $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1#")
|
ip netns exec ttrss ip route add default via $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1#")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ip netns add web
|
||||||
|
ip link add vethin-web type veth peer name veth-web
|
||||||
|
ip link set vethin-web netns web
|
||||||
|
ip netns exec web ip link set vethin-web up
|
||||||
|
ip netns exec web ip a add 172.23.42.7/24 dev vethin-web
|
||||||
|
ip netns exec web ip route add default via 172.23.42.1
|
||||||
|
grep MyIPv6= /var/lib/adlin/wireguard/adlin.conf > /dev/null && {
|
||||||
|
ip netns exec web ip a add $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:7/96#") dev vethin-web
|
||||||
|
ip netns exec web ip route add default via $(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf | sed "s#:[^:/]*/.*\$#:1#")
|
||||||
|
}
|
||||||
|
|
||||||
# Network: bridges
|
# Network: bridges
|
||||||
ip l add brsrv type bridge
|
ip l add brsrv type bridge
|
||||||
ip link set veth-srv master brsrv
|
ip link set veth-srv master brsrv
|
||||||
@ -358,12 +384,14 @@ files:
|
|||||||
ip link set veth-db master brsrv
|
ip link set veth-db master brsrv
|
||||||
ip link set veth-chat master brsrv
|
ip link set veth-chat master brsrv
|
||||||
ip link set veth-ttrss master brsrv
|
ip link set veth-ttrss master brsrv
|
||||||
|
ip link set veth-web master brsrv
|
||||||
ip link set veth-srv up
|
ip link set veth-srv up
|
||||||
ip link set veth-ns up
|
ip link set veth-ns up
|
||||||
ip link set veth-nsauth up
|
ip link set veth-nsauth up
|
||||||
ip link set veth-db up
|
ip link set veth-db up
|
||||||
ip link set veth-chat up
|
ip link set veth-chat up
|
||||||
ip link set veth-ttrss up
|
ip link set veth-ttrss up
|
||||||
|
ip link set veth-web up
|
||||||
ip link set brsrv up
|
ip link set brsrv up
|
||||||
|
|
||||||
ip l add brwks type bridge
|
ip l add brwks type bridge
|
||||||
@ -390,6 +418,8 @@ files:
|
|||||||
sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/matrix/rootfs/etc/shadow
|
sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/matrix/rootfs/etc/shadow
|
||||||
cp /etc/services /containers/services/matrix/rootfs/etc/services
|
cp /etc/services /containers/services/matrix/rootfs/etc/services
|
||||||
sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/ns-auth/rootfs/etc/shadow
|
sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/ns-auth/rootfs/etc/shadow
|
||||||
|
cp /etc/services /containers/services/web/rootfs/etc/services
|
||||||
|
sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/web/rootfs/etc/shadow
|
||||||
exit 0
|
exit 0
|
||||||
mode: "0555"
|
mode: "0555"
|
||||||
|
|
||||||
@ -471,6 +501,7 @@ files:
|
|||||||
local-zone: "adlin.p0m.fr" typetransparent
|
local-zone: "adlin.p0m.fr" typetransparent
|
||||||
local-data: "news.adlin.p0m.fr A 172.23.42.1"
|
local-data: "news.adlin.p0m.fr A 172.23.42.1"
|
||||||
local-data: "matrix.adlin.p0m.fr A 172.23.42.1"
|
local-data: "matrix.adlin.p0m.fr A 172.23.42.1"
|
||||||
|
local-data: "www.adlin.p0m.fr A 172.23.42.1"
|
||||||
remote-control:
|
remote-control:
|
||||||
control-enable: no
|
control-enable: no
|
||||||
forward-zone:
|
forward-zone:
|
||||||
|
Reference in New Issue
Block a user