tuto3: Ready for 2023

This commit is contained in:
nemunaire 2022-04-05 10:10:08 +02:00
parent d23dc76713
commit 33bc82e28c

View File

@ -1,5 +1,5 @@
kernel:
image: linuxkit/kernel:5.10.92
image: linuxkit/kernel:5.15.27
# cmdline: "console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.token=LqCdJDfniA"
cmdline: "console=tty0"
@ -130,8 +130,7 @@ services:
- /var/lib/adlin/wks-rh1resolv.conf:/etc/resolv.conf
- name: mainrouter
#image: nemunaire/adlin-tuto3:485bb9556ca3bc33e7fee16edd93c05f35eb1455
image: nemunaire/router-tuto3:c07718ca23c03ff5033c4042f0cbeca6c26d4e6f
image: nemunaire/router-tuto3:ad91a16906567e1dcf90b39519691bea16954053
net: /run/netns/router
pid: new
ipc: new
@ -154,7 +153,7 @@ services:
- /lib/preinit/30_failsafe_wait:/lib/preinit/30_failsafe_wait
- /lib/preinit/99_10_failsafe_login:/lib/preinit/99_10_failsafe_login
- name: matrix
image: nemunaire/tinydeb:2ec3c0260da7242df267799dfe08fe2eb0d014b1
image: nemunaire/tinydeb:642bb2fd0ed04a0f72ff21096c7aa656cce5d34f
net: /run/netns/chat
pid: new
ipc: new
@ -170,7 +169,7 @@ services:
- /etc/hosts:/etc/hosts:ro
- /etc/dresolv.conf:/etc/resolv.conf
- name: ns-resolv
image: nemunaire/resolver:4988e30d81f3b1782e7bc520d2d24123930d72a6
image: nemunaire/resolver:37943d61abe99963ca57666576af76461add2948
net: /run/netns/ns
pid: new
ipc: new
@ -186,7 +185,7 @@ services:
- /etc/unbound:/etc/unbound:ro
- /etc/services:/etc/services:ro
- name: ns-auth
image: nemunaire/nsd:b96e6b002e08afd42e4c77ee71766264c42cac57
image: docker.io/nemunaire/nsd:37be535f826c14608bff17e2ab0688df526282c0
net: /run/netns/ns-auth
pid: new
ipc: new
@ -209,7 +208,7 @@ services:
- /var/lib/adlin/nsd
- /var/lib/adlin/nsd-db
- name: db
image: postgres:alpine
image: postgres:10-alpine
net: /run/netns/db
pid: new
ipc: new
@ -221,7 +220,7 @@ services:
- LANG=en_US.utf8
- PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/"
- PGDATA=/var/lib/postgresql/data
- POSTGRES_PASSWORD=adlin2022
- POSTGRES_PASSWORD=adlin2023
binds:
- /etc/services:/etc/services:ro
- /initdb/:/docker-entrypoint-initdb.d/:ro
@ -238,7 +237,7 @@ services:
# env:
# - MM_USERNAME=mattermost
# - MM_DBNAME=mattermost
# - MM_PASSWORD=adlin2022
# - MM_PASSWORD=adlin2023
# binds:
# - /etc/services:/etc/services:ro
# - /etc/hosts:/etc/hosts:ro
@ -253,18 +252,18 @@ services:
- all
command: ["/bin/sh", "-c", "sleep 10; /usr/bin/miniflux"]
env:
- DATABASE_URL=postgres://miniflux:adlin2022@db/miniflux?sslmode=disable
- DATABASE_URL=postgres://miniflux:adlin2023@db/miniflux?sslmode=disable
- RUN_MIGRATIONS=1
- CREATE_ADMIN=1
- ADMIN_USERNAME=adeline
- ADMIN_PASSWORD=adlin2022
- ADMIN_PASSWORD=adlin2023
- LISTEN_ADDR=0.0.0.0:8080
binds:
- /etc/hosts:/etc/hosts:ro
- /etc/dresolv.conf:/etc/resolv.conf
- /etc/services:/etc/services:ro
- name: web
image: nemunaire/tinydeb:2ec3c0260da7242df267799dfe08fe2eb0d014b1
image: nemunaire/tinydeb:642bb2fd0ed04a0f72ff21096c7aa656cce5d34f
net: /run/netns/web
pid: new
ipc: new
@ -281,7 +280,7 @@ services:
# Workstation testers
- name: minichecker-wks-rh2
image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
image: nemunaire/minichecker:58a22accfab97d6c9bcabfc03c66904ebc6e5cf6
net: /run/netns/wks-rh2
pid: new
ipc: new
@ -291,7 +290,7 @@ services:
- /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf
- /var/lib/adlin/wireguard/:/etc/wireguard/:ro
- name: minichecker-wks-dg1
image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
image: nemunaire/minichecker:58a22accfab97d6c9bcabfc03c66904ebc6e5cf6
net: /run/netns/wks-dg1
pid: new
ipc: new
@ -302,7 +301,7 @@ services:
- /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
- /var/lib/adlin/wireguard/:/etc/wireguard/:ro
- name: minichecker-wks-cm1
image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
image: nemunaire/minichecker:58a22accfab97d6c9bcabfc03c66904ebc6e5cf6
net: /run/netns/wks-cm1
pid: new
ipc: new
@ -377,7 +376,7 @@ files:
#!/bin/sh
set -e
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE USER miniflux WITH PASSWORD 'adlin2022';
CREATE USER miniflux WITH PASSWORD 'adlin2023';
CREATE DATABASE miniflux;
GRANT ALL PRIVILEGES ON DATABASE miniflux TO miniflux;
EOSQL
@ -388,14 +387,14 @@ files:
- path: /initdb/init-matrix.sql
contents: |
CREATE USER matrix WITH PASSWORD 'adlin2022';
CREATE USER matrix WITH PASSWORD 'adlin2023';
CREATE DATABASE matrix ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER matrix;
GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix;
mode: "0444"
- path: /initdb/init-website.sql
contents: |
CREATE USER website WITH PASSWORD 'adlin2022';
CREATE USER website WITH PASSWORD 'adlin2023';
CREATE DATABASE website ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER website;
GRANT ALL PRIVILEGES ON DATABASE website TO website;
mode: "0444"
@ -572,13 +571,13 @@ files:
[ -f /var/lib/adlin/wrt-etc/config/network ] || cat > /var/lib/adlin/wrt-etc/config/network <<EOF
config interface 'loopback'
option ifname 'lo'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'wan'
option ifname 'eth0'
option device 'eth0'
option proto 'dhcp'
EOF
@ -628,7 +627,7 @@ files:
option endpoint_port '42912'
config interface 'srv'
option ifname 'ethsrv'
option device 'ethsrv'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '172.23.42.1'
@ -685,7 +684,7 @@ files:
- path: /etc/init.d/800-rw-passwd.sh
contents: |
#!/bin/sh
sed -ri '/^root/s@^root::.*$@root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow
sed -ri '/^root/s@^root::.*$@root:$1$XMaL.0yJ$Z9imHkT2P9ddci.FeYhVK0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow
mkdir -p /var/lib/adlin/wrt-etc/dropbear/
[ -f /var/lib/adlin/authorized_keys ] && ! [ -f /var/lib/adlin/wrt-etc/dropbear/authorized_keys ] && cp /var/lib/adlin/authorized_keys /var/lib/adlin/wrt-etc/dropbear/authorized_keys
@ -697,11 +696,11 @@ files:
for svc in matrix ns-auth ns-resolv web
do
sed -ri '/^root/s@^.*$@root:$6$4/xWhDY0JERkg6eg$ZKglx2TQT2ITM525di2aOhda9r9L.kUjYArPTF5pVTzi3/SRe.My4Z5Cg9vabK0ax2kZ.lLPFHA8v7jw.0N/8.:18707:0:99999:7:::@' /containers/services/${svc}/rootfs/etc/shadow
sed -ri '/^root/s@^.*$@root:$6$R0XGKnrwzA4kTcET$6JsBy0Ib7xzy3OUZLq81/Cu4XswmOzv4VmCBJ76jAq/lJ049rxrHsyzGhUY8TONLdlbKfm0.EhCKB4NLivdck/:18707:0:99999:7:::@' /containers/services/${svc}/rootfs/etc/shadow
cp /etc/services /containers/services/${svc}/rootfs/etc/services
mkdir -p /containers/services/${svc}/rootfs/root/.ssh
[ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/${svc}/rootfs/root/.ssh/authorized_keys
nsenter -t $(ctr -n services.linuxkit t ls | grep ${svc} | awk '{ print $2 }') -a -- ssh-keygen -A
nsenter -t $(ctr -n services.linuxkit t ls | grep ${svc} | awk '{ print $2 }') -a -- sh -c 'ssh-keygen -A; service sshd restart;'
done
exit 0
@ -718,7 +717,7 @@ files:
contents: |
#!/bin/sh
sleep 20
nsenter -t $(pgrep procd | head -1) -a -- curl -s -u adeline:adlin2022 -d @- http://172.23.42.6:8080/v1/import < /root/feeds.opml 2> /dev/null > /dev/null
nsenter -t $(pgrep procd | head -1) -a -- curl -s -u adeline:adlin2023 -d @- http://172.23.42.6:8080/v1/import < /root/feeds.opml 2> /dev/null > /dev/null
exit 0
mode: "0555"
@ -907,7 +906,7 @@ files:
- path: etc/rshadow
contents: |
root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::
root:$1$XMaL.0yJ$Z9imHkT2P9ddci.FeYhVK0:18706:0:99999:7:::
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
@ -945,7 +944,7 @@ files:
- path: etc/wshadow
contents: |
root:$6$4/xWhDY0JERkg6eg$ZKglx2TQT2ITM525di2aOhda9r9L.kUjYArPTF5pVTzi3/SRe.My4Z5Cg9vabK0ax2kZ.lLPFHA8v7jw.0N/8.:18707:0:99999:7:::
root:$6$R0XGKnrwzA4kTcET$6JsBy0Ib7xzy3OUZLq81/Cu4XswmOzv4VmCBJ76jAq/lJ049rxrHsyzGhUY8TONLdlbKfm0.EhCKB4NLivdck/:18707:0:99999:7:::
daemon:*:17575:0:99999:7:::
bin:*:17575:0:99999:7:::
sys:*:17575:0:99999:7:::