challenge: update images
This commit is contained in:
parent
867b4ef194
commit
30b59bbc99
56
server.yml
56
server.yml
@ -1,27 +1,27 @@
|
|||||||
kernel:
|
kernel:
|
||||||
image: linuxkit/kernel:4.9.82
|
image: linuxkit/kernel:4.20.3
|
||||||
cmdline: "console=tty0 console=ttyS0"
|
cmdline: "console=tty0 console=ttyS0"
|
||||||
|
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:d899eee3560a40aa3b4bdd67b3bb82703714b2b9
|
- linuxkit/init:a2166a6048ce041eebe005ab99454cfdeaa5c848
|
||||||
- linuxkit/runc:7c39a68490a12cde830e1922f171c451fb08e731
|
- linuxkit/runc:069d5cd3cc4f0aec70e4af53aed5d27a21c79c35
|
||||||
- linuxkit/containerd:37e397ebfc6bd5d8e18695b121166ffd0cbfd9f0
|
- linuxkit/containerd:2aff4d486220667364b2971b5fc6225bf165a069
|
||||||
- linuxkit/ca-certificates:v0.2
|
- linuxkit/ca-certificates:v0.6
|
||||||
- linuxkit/firmware:v0.2
|
- linuxkit/firmware:v0.6
|
||||||
- linuxkit/getty:v0.2
|
- linuxkit/getty:2eb742cd7a68e14cf50577c02f30147bc406e478
|
||||||
|
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
image: linuxkit/sysctl:v0.2
|
image: linuxkit/sysctl:v0.6
|
||||||
binds:
|
binds:
|
||||||
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
||||||
|
|
||||||
# Network: exposed
|
# Network: exposed
|
||||||
- name: netvlan-iface-setup
|
- name: netvlan-iface-setup
|
||||||
image: linuxkit/ip:v0.2
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip link add link eth0 name eth0.7 type vlan id 7; ip a add 172.23.191.254/18 dev eth0.7; ip link set eth0.7 up;" ]
|
command: ["/bin/sh", "-c", "ip link add link eth0 name eth0.7 type vlan id 7; ip a add 172.23.191.254/18 dev eth0.7; ip link set eth0.7 up;" ]
|
||||||
- name: login-iface-setup
|
- name: login-iface-setup
|
||||||
image: linuxkit/ip:v0.2
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -32,7 +32,7 @@ onboot:
|
|||||||
bindNS:
|
bindNS:
|
||||||
net: /run/netns/login
|
net: /run/netns/login
|
||||||
- name: bridge-ext-setup
|
- name: bridge-ext-setup
|
||||||
image: linuxkit/ip:v0.2
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.255.1/24 dev br-ext; ip a add 172.17.0.16/16 dev br-ext; ip a add 172.23.0.1/17 dev br-ext; ip link set eth0 master br-ext; ip link set veth-login master br-ext; ip link set br-ext up; ip link set veth-login up; ip link set eth0 up; ip route add default via 172.17.0.1;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.255.1/24 dev br-ext; ip a add 172.17.0.16/16 dev br-ext; ip a add 172.23.0.1/17 dev br-ext; ip link set eth0 master br-ext; ip link set veth-login master br-ext; ip link set br-ext up; ip link set veth-login up; ip link set eth0 up; ip route add default via 172.17.0.1;" ]
|
||||||
runtime:
|
runtime:
|
||||||
interfaces:
|
interfaces:
|
||||||
@ -41,7 +41,7 @@ onboot:
|
|||||||
|
|
||||||
# Network: DMZ
|
# Network: DMZ
|
||||||
- name: validator-iface-setup
|
- name: validator-iface-setup
|
||||||
image: linuxkit/ip:v0.2
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -52,7 +52,7 @@ onboot:
|
|||||||
bindNS:
|
bindNS:
|
||||||
net: /run/netns/dmz-validator
|
net: /run/netns/dmz-validator
|
||||||
- name: ns-iface-setup
|
- name: ns-iface-setup
|
||||||
image: linuxkit/ip:v0.2
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -63,7 +63,7 @@ onboot:
|
|||||||
bindNS:
|
bindNS:
|
||||||
net: /run/netns/dmz-ns
|
net: /run/netns/dmz-ns
|
||||||
- name: time-iface-setup
|
- name: time-iface-setup
|
||||||
image: linuxkit/ip:v0.2
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -74,7 +74,7 @@ onboot:
|
|||||||
bindNS:
|
bindNS:
|
||||||
net: /run/netns/dmz-time
|
net: /run/netns/dmz-time
|
||||||
# - name: mail-iface-setup
|
# - name: mail-iface-setup
|
||||||
# image: linuxkit/ip:v0.2
|
# image: linuxkit/ip:v0.6
|
||||||
# command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
|
# command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
|
||||||
# net: new
|
# net: new
|
||||||
# runtime:
|
# runtime:
|
||||||
@ -85,7 +85,7 @@ onboot:
|
|||||||
# bindNS:
|
# bindNS:
|
||||||
# net: /run/netns/dmz-mail
|
# net: /run/netns/dmz-mail
|
||||||
- name: bridge-int-setup
|
- name: bridge-int-setup
|
||||||
image: linuxkit/ip:v0.2
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.254/24 dev br-int; ip link set veth-validator master br-int; ip link set veth-ns master br-int; ip link set veth-time master br-int; ip link set veth-mail master br-int; ip link set br-int up; ip link set veth-validator up; ip link set veth-ns up; ip link set veth-time up; ip link set veth-mail up" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.254/24 dev br-int; ip link set veth-validator master br-int; ip link set veth-ns master br-int; ip link set veth-time master br-int; ip link set veth-mail master br-int; ip link set br-int up; ip link set veth-validator up; ip link set veth-ns up; ip link set veth-time up; ip link set veth-mail up" ]
|
||||||
runtime:
|
runtime:
|
||||||
interfaces:
|
interfaces:
|
||||||
@ -93,16 +93,16 @@ onboot:
|
|||||||
add: bridge
|
add: bridge
|
||||||
|
|
||||||
- name: fw
|
- name: fw
|
||||||
image: linuxkit/ip:v0.2
|
image: linuxkit/ip:v0.6
|
||||||
command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules.v4" ]
|
command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules.v4" ]
|
||||||
binds:
|
binds:
|
||||||
- /etc/iptables/rules.v4:/etc/iptables/rules.v4:ro
|
- /etc/iptables/rules.v4:/etc/iptables/rules.v4:ro
|
||||||
|
|
||||||
services:
|
services:
|
||||||
- name: rngd
|
- name: rngd
|
||||||
image: linuxkit/rngd:v0.2
|
image: linuxkit/rngd:v0.6
|
||||||
# - name: sshd
|
- name: sshd
|
||||||
# image: linuxkit/sshd:v0.2
|
image: linuxkit/sshd:c4bc89cf0d66733c923ab9cb46198b599eb99320
|
||||||
|
|
||||||
- name: dhcpd
|
- name: dhcpd
|
||||||
image: joebiellik/dhcpd
|
image: joebiellik/dhcpd
|
||||||
@ -116,7 +116,7 @@ services:
|
|||||||
- /etc/dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf:ro
|
- /etc/dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf:ro
|
||||||
|
|
||||||
- name: tftpd
|
- name: tftpd
|
||||||
image: nemunaire/tftpd:50bdb5c4e9f17b13d848fc474fd98d3639cb36e9-dirty
|
image: nemunaire/tftpd:5340825352f9af28f5ac77bbe3243bdb70176903
|
||||||
capabilities:
|
capabilities:
|
||||||
- all
|
- all
|
||||||
binds:
|
binds:
|
||||||
@ -124,7 +124,7 @@ services:
|
|||||||
- /var/tftp/pxelinux.cfg:/srv/tftp/pxelinux.cfg
|
- /var/tftp/pxelinux.cfg:/srv/tftp/pxelinux.cfg
|
||||||
|
|
||||||
- name: login-validator
|
- name: login-validator
|
||||||
image: nemunaire/adlin-login-validator:6d341b97fc44723ea121c1f9a145fc7d7e7b17ca
|
image: nemunaire/adlin-login-validator:137bdec06d5e09885e7a0cd5d603bd4b2b2aa3ad
|
||||||
# command: ["/bin/login-validator", "-bind=:8081", "-ldaphost=auth.cri.epita.fr", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"]
|
# command: ["/bin/login-validator", "-bind=:8081", "-ldaphost=auth.cri.epita.fr", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"]
|
||||||
command: ["/bin/login-validator", "-bind=:8081", "-noauth"]
|
command: ["/bin/login-validator", "-bind=:8081", "-noauth"]
|
||||||
net: /run/netns/login
|
net: /run/netns/login
|
||||||
@ -180,7 +180,7 @@ services:
|
|||||||
- /usr/share/ca-certificates:/usr/share/ca-certificates:ro
|
- /usr/share/ca-certificates:/usr/share/ca-certificates:ro
|
||||||
|
|
||||||
- name: ns
|
- name: ns
|
||||||
image: nemunaire/unbound:999f99022b07a84063baa48b7143c90186c937d0-dirty
|
image: nemunaire/unbound:7fa2ef501be79db472de64f451b250173ace5ecf
|
||||||
net: /run/netns/dmz-ns
|
net: /run/netns/dmz-ns
|
||||||
capabilities:
|
capabilities:
|
||||||
- all
|
- all
|
||||||
@ -188,7 +188,7 @@ services:
|
|||||||
- /etc/unbound:/etc/unbound:ro
|
- /etc/unbound:/etc/unbound:ro
|
||||||
|
|
||||||
- name: time
|
- name: time
|
||||||
image: linuxkit/openntpd:v0.2
|
image: linuxkit/openntpd:v0.6
|
||||||
net: /run/netns/dmz-time
|
net: /run/netns/dmz-time
|
||||||
capabilities:
|
capabilities:
|
||||||
- CAP_NET_BIND_SERVICE
|
- CAP_NET_BIND_SERVICE
|
||||||
@ -304,7 +304,7 @@ files:
|
|||||||
[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
|
[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||||
[0:0] -A INPUT -p icmp -j ACCEPT
|
[0:0] -A INPUT -p icmp -j ACCEPT
|
||||||
[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
[0:0] -A INPUT -i eth0 -s 172.23.0.0/17 -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT
|
[0:0] -A INPUT -i br-ext -s 172.23.0.0/17 -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT
|
||||||
[0:0] -A INPUT -i br-ext -p udp --sport 68 --dport 67 -j ACCEPT
|
[0:0] -A INPUT -i br-ext -p udp --sport 68 --dport 67 -j ACCEPT
|
||||||
[0:0] -A INPUT -i br-ext -p udp --dport 69 -j ACCEPT
|
[0:0] -A INPUT -i br-ext -p udp --dport 69 -j ACCEPT
|
||||||
[0:0] -A INPUT -i br-ext -p tcp --dport 80 -j ACCEPT
|
[0:0] -A INPUT -i br-ext -p tcp --dport 80 -j ACCEPT
|
||||||
@ -578,10 +578,10 @@ files:
|
|||||||
- path: srv/tftp/bzImage
|
- path: srv/tftp/bzImage
|
||||||
source: tftp/bzImage
|
source: tftp/bzImage
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
- path: srv/tftp/initramfs-login.img
|
- path: srv/tftp/login-initrd.img
|
||||||
source: tftp/initramfs-login.img
|
source: tftp/login-initrd.img
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
- path: srv/tftp/initramfs-challenge.img
|
- path: srv/tftp/challenge-initrd.img
|
||||||
source: challenge-initrd.img
|
source: challenge-initrd.img
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user