teach/adlin
Archived
0
0
Fork 0
Code Issues 1 Pull Requests 4 Releases Activity

tuto3: Ready for 2023

Browse Source
This commit is contained in:
nemunaire 2022-04-05 10:10:08 +02:00
parent d23dc76713
commit 33bc82e28c
1 changed files with 26 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
tuto3.yml
View File

@ -1,5 +1,5 @@
kernel: kernel:
image: linuxkit/kernel:5.10.92 image: linuxkit/kernel:5.15.27
# cmdline: "console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.token=LqCdJDfniA" # cmdline: "console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.token=LqCdJDfniA"
cmdline: "console=tty0" cmdline: "console=tty0"
@ -130,8 +130,7 @@ services:
- /var/lib/adlin/wks-rh1resolv.conf:/etc/resolv.conf - /var/lib/adlin/wks-rh1resolv.conf:/etc/resolv.conf
- name: mainrouter - name: mainrouter
#image: nemunaire/adlin-tuto3:485bb9556ca3bc33e7fee16edd93c05f35eb1455 image: nemunaire/router-tuto3:ad91a16906567e1dcf90b39519691bea16954053
image: nemunaire/router-tuto3:c07718ca23c03ff5033c4042f0cbeca6c26d4e6f
net: /run/netns/router net: /run/netns/router
pid: new pid: new
ipc: new ipc: new
@ -154,7 +153,7 @@ services:
- /lib/preinit/30_failsafe_wait:/lib/preinit/30_failsafe_wait - /lib/preinit/30_failsafe_wait:/lib/preinit/30_failsafe_wait
- /lib/preinit/99_10_failsafe_login:/lib/preinit/99_10_failsafe_login - /lib/preinit/99_10_failsafe_login:/lib/preinit/99_10_failsafe_login
- name: matrix - name: matrix
image: nemunaire/tinydeb:2ec3c0260da7242df267799dfe08fe2eb0d014b1 image: nemunaire/tinydeb:642bb2fd0ed04a0f72ff21096c7aa656cce5d34f
net: /run/netns/chat net: /run/netns/chat
pid: new pid: new
ipc: new ipc: new
@ -170,7 +169,7 @@ services:
- /etc/hosts:/etc/hosts:ro - /etc/hosts:/etc/hosts:ro
- /etc/dresolv.conf:/etc/resolv.conf - /etc/dresolv.conf:/etc/resolv.conf
- name: ns-resolv - name: ns-resolv
image: nemunaire/resolver:4988e30d81f3b1782e7bc520d2d24123930d72a6 image: nemunaire/resolver:37943d61abe99963ca57666576af76461add2948
net: /run/netns/ns net: /run/netns/ns
pid: new pid: new
ipc: new ipc: new
@ -186,7 +185,7 @@ services:
- /etc/unbound:/etc/unbound:ro - /etc/unbound:/etc/unbound:ro
- /etc/services:/etc/services:ro - /etc/services:/etc/services:ro
- name: ns-auth - name: ns-auth
image: nemunaire/nsd:b96e6b002e08afd42e4c77ee71766264c42cac57 image: docker.io/nemunaire/nsd:37be535f826c14608bff17e2ab0688df526282c0
net: /run/netns/ns-auth net: /run/netns/ns-auth
pid: new pid: new
ipc: new ipc: new
@ -209,7 +208,7 @@ services:
- /var/lib/adlin/nsd - /var/lib/adlin/nsd
- /var/lib/adlin/nsd-db - /var/lib/adlin/nsd-db
- name: db - name: db
image: postgres:alpine image: postgres:10-alpine
net: /run/netns/db net: /run/netns/db
pid: new pid: new
ipc: new ipc: new
@ -221,7 +220,7 @@ services:
- LANG=en_US.utf8 - LANG=en_US.utf8
- PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/" - PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/"
- PGDATA=/var/lib/postgresql/data - PGDATA=/var/lib/postgresql/data
- POSTGRES_PASSWORD=adlin2022 - POSTGRES_PASSWORD=adlin2023
binds: binds:
- /etc/services:/etc/services:ro - /etc/services:/etc/services:ro
- /initdb/:/docker-entrypoint-initdb.d/:ro - /initdb/:/docker-entrypoint-initdb.d/:ro
@ -238,7 +237,7 @@ services:
# env: # env:
# - MM_USERNAME=mattermost # - MM_USERNAME=mattermost
# - MM_DBNAME=mattermost # - MM_DBNAME=mattermost
# - MM_PASSWORD=adlin2022 # - MM_PASSWORD=adlin2023
# binds: # binds:
# - /etc/services:/etc/services:ro # - /etc/services:/etc/services:ro
# - /etc/hosts:/etc/hosts:ro # - /etc/hosts:/etc/hosts:ro
@ -253,18 +252,18 @@ services:
- all - all
command: ["/bin/sh", "-c", "sleep 10; /usr/bin/miniflux"] command: ["/bin/sh", "-c", "sleep 10; /usr/bin/miniflux"]
env: env:
- DATABASE_URL=postgres://miniflux:adlin2022@db/miniflux?sslmode=disable - DATABASE_URL=postgres://miniflux:adlin2023@db/miniflux?sslmode=disable
- RUN_MIGRATIONS=1 - RUN_MIGRATIONS=1
- CREATE_ADMIN=1 - CREATE_ADMIN=1
- ADMIN_USERNAME=adeline - ADMIN_USERNAME=adeline
- ADMIN_PASSWORD=adlin2022 - ADMIN_PASSWORD=adlin2023
- LISTEN_ADDR=0.0.0.0:8080 - LISTEN_ADDR=0.0.0.0:8080
binds: binds:
- /etc/hosts:/etc/hosts:ro - /etc/hosts:/etc/hosts:ro
- /etc/dresolv.conf:/etc/resolv.conf - /etc/dresolv.conf:/etc/resolv.conf
- /etc/services:/etc/services:ro - /etc/services:/etc/services:ro
- name: web - name: web
image: nemunaire/tinydeb:2ec3c0260da7242df267799dfe08fe2eb0d014b1 image: nemunaire/tinydeb:642bb2fd0ed04a0f72ff21096c7aa656cce5d34f
net: /run/netns/web net: /run/netns/web
pid: new pid: new
ipc: new ipc: new
@ -281,7 +280,7 @@ services:
# Workstation testers # Workstation testers
- name: minichecker-wks-rh2 - name: minichecker-wks-rh2
image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51 image: nemunaire/minichecker:58a22accfab97d6c9bcabfc03c66904ebc6e5cf6
net: /run/netns/wks-rh2 net: /run/netns/wks-rh2
pid: new pid: new
ipc: new ipc: new
@ -291,7 +290,7 @@ services:
- /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf - /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf
- /var/lib/adlin/wireguard/:/etc/wireguard/:ro - /var/lib/adlin/wireguard/:/etc/wireguard/:ro
- name: minichecker-wks-dg1 - name: minichecker-wks-dg1
image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51 image: nemunaire/minichecker:58a22accfab97d6c9bcabfc03c66904ebc6e5cf6
net: /run/netns/wks-dg1 net: /run/netns/wks-dg1
pid: new pid: new
ipc: new ipc: new
@ -302,7 +301,7 @@ services:
- /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf - /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
- /var/lib/adlin/wireguard/:/etc/wireguard/:ro - /var/lib/adlin/wireguard/:/etc/wireguard/:ro
- name: minichecker-wks-cm1 - name: minichecker-wks-cm1
image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51 image: nemunaire/minichecker:58a22accfab97d6c9bcabfc03c66904ebc6e5cf6
net: /run/netns/wks-cm1 net: /run/netns/wks-cm1
pid: new pid: new
ipc: new ipc: new
@ -377,7 +376,7 @@ files:
#!/bin/sh #!/bin/sh
set -e set -e
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE USER miniflux WITH PASSWORD 'adlin2022'; CREATE USER miniflux WITH PASSWORD 'adlin2023';
CREATE DATABASE miniflux; CREATE DATABASE miniflux;
GRANT ALL PRIVILEGES ON DATABASE miniflux TO miniflux; GRANT ALL PRIVILEGES ON DATABASE miniflux TO miniflux;
EOSQL EOSQL
@ -388,14 +387,14 @@ files:
- path: /initdb/init-matrix.sql - path: /initdb/init-matrix.sql
contents: | contents: |
CREATE USER matrix WITH PASSWORD 'adlin2022'; CREATE USER matrix WITH PASSWORD 'adlin2023';
CREATE DATABASE matrix ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER matrix; CREATE DATABASE matrix ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER matrix;
GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix; GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix;
mode: "0444" mode: "0444"
- path: /initdb/init-website.sql - path: /initdb/init-website.sql
contents: | contents: |
CREATE USER website WITH PASSWORD 'adlin2022'; CREATE USER website WITH PASSWORD 'adlin2023';
CREATE DATABASE website ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER website; CREATE DATABASE website ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER website;
GRANT ALL PRIVILEGES ON DATABASE website TO website; GRANT ALL PRIVILEGES ON DATABASE website TO website;
mode: "0444" mode: "0444"
@ -572,13 +571,13 @@ files:
[ -f /var/lib/adlin/wrt-etc/config/network ] || cat > /var/lib/adlin/wrt-etc/config/network <<EOF [ -f /var/lib/adlin/wrt-etc/config/network ] || cat > /var/lib/adlin/wrt-etc/config/network <<EOF
config interface 'loopback' config interface 'loopback'
option ifname 'lo' option device 'lo'
option proto 'static' option proto 'static'
option ipaddr '127.0.0.1' option ipaddr '127.0.0.1'
option netmask '255.0.0.0' option netmask '255.0.0.0'
config interface 'wan' config interface 'wan'
option ifname 'eth0' option device 'eth0'
option proto 'dhcp' option proto 'dhcp'
EOF EOF
@ -628,7 +627,7 @@ files:
option endpoint_port '42912' option endpoint_port '42912'
config interface 'srv' config interface 'srv'
option ifname 'ethsrv' option device 'ethsrv'
option proto 'static' option proto 'static'
option netmask '255.255.255.0' option netmask '255.255.255.0'
option ipaddr '172.23.42.1' option ipaddr '172.23.42.1'
@ -685,7 +684,7 @@ files:
- path: /etc/init.d/800-rw-passwd.sh - path: /etc/init.d/800-rw-passwd.sh
contents: | contents: |
#!/bin/sh #!/bin/sh
sed -ri '/^root/s@^root::.*$@root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow sed -ri '/^root/s@^root::.*$@root:$1$XMaL.0yJ$Z9imHkT2P9ddci.FeYhVK0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow
mkdir -p /var/lib/adlin/wrt-etc/dropbear/ mkdir -p /var/lib/adlin/wrt-etc/dropbear/
[ -f /var/lib/adlin/authorized_keys ] && ! [ -f /var/lib/adlin/wrt-etc/dropbear/authorized_keys ] && cp /var/lib/adlin/authorized_keys /var/lib/adlin/wrt-etc/dropbear/authorized_keys [ -f /var/lib/adlin/authorized_keys ] && ! [ -f /var/lib/adlin/wrt-etc/dropbear/authorized_keys ] && cp /var/lib/adlin/authorized_keys /var/lib/adlin/wrt-etc/dropbear/authorized_keys
@ -697,11 +696,11 @@ files:
for svc in matrix ns-auth ns-resolv web for svc in matrix ns-auth ns-resolv web
do do
sed -ri '/^root/s@^.*$@root:$6$4/xWhDY0JERkg6eg$ZKglx2TQT2ITM525di2aOhda9r9L.kUjYArPTF5pVTzi3/SRe.My4Z5Cg9vabK0ax2kZ.lLPFHA8v7jw.0N/8.:18707:0:99999:7:::@' /containers/services/${svc}/rootfs/etc/shadow sed -ri '/^root/s@^.*$@root:$6$R0XGKnrwzA4kTcET$6JsBy0Ib7xzy3OUZLq81/Cu4XswmOzv4VmCBJ76jAq/lJ049rxrHsyzGhUY8TONLdlbKfm0.EhCKB4NLivdck/:18707:0:99999:7:::@' /containers/services/${svc}/rootfs/etc/shadow
cp /etc/services /containers/services/${svc}/rootfs/etc/services cp /etc/services /containers/services/${svc}/rootfs/etc/services
mkdir -p /containers/services/${svc}/rootfs/root/.ssh mkdir -p /containers/services/${svc}/rootfs/root/.ssh
[ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/${svc}/rootfs/root/.ssh/authorized_keys [ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/${svc}/rootfs/root/.ssh/authorized_keys
nsenter -t $(ctr -n services.linuxkit t ls | grep ${svc} | awk '{ print $2 }') -a -- ssh-keygen -A nsenter -t $(ctr -n services.linuxkit t ls | grep ${svc} | awk '{ print $2 }') -a -- sh -c 'ssh-keygen -A; service sshd restart;'
done done
exit 0 exit 0
@ -718,7 +717,7 @@ files:
contents: | contents: |
#!/bin/sh #!/bin/sh
sleep 20 sleep 20
nsenter -t $(pgrep procd | head -1) -a -- curl -s -u adeline:adlin2022 -d @- http://172.23.42.6:8080/v1/import < /root/feeds.opml 2> /dev/null > /dev/null nsenter -t $(pgrep procd | head -1) -a -- curl -s -u adeline:adlin2023 -d @- http://172.23.42.6:8080/v1/import < /root/feeds.opml 2> /dev/null > /dev/null
exit 0 exit 0
mode: "0555" mode: "0555"
@ -907,7 +906,7 @@ files:
- path: etc/rshadow - path: etc/rshadow
contents: | contents: |
root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7::: root:$1$XMaL.0yJ$Z9imHkT2P9ddci.FeYhVK0:18706:0:99999:7:::
daemon:*:0:0:99999:7::: daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7::: ftp:*:0:0:99999:7:::
network:*:0:0:99999:7::: network:*:0:0:99999:7:::
@ -945,7 +944,7 @@ files:
- path: etc/wshadow - path: etc/wshadow
contents: | contents: |
root:$6$4/xWhDY0JERkg6eg$ZKglx2TQT2ITM525di2aOhda9r9L.kUjYArPTF5pVTzi3/SRe.My4Z5Cg9vabK0ax2kZ.lLPFHA8v7jw.0N/8.:18707:0:99999:7::: root:$6$R0XGKnrwzA4kTcET$6JsBy0Ib7xzy3OUZLq81/Cu4XswmOzv4VmCBJ76jAq/lJ049rxrHsyzGhUY8TONLdlbKfm0.EhCKB4NLivdck/:18707:0:99999:7:::
daemon:*:17575:0:99999:7::: daemon:*:17575:0:99999:7:::
bin:*:17575:0:99999:7::: bin:*:17575:0:99999:7:::
sys:*:17575:0:99999:7::: sys:*:17575:0:99999:7:::