tuto2: wg working
This commit is contained in:
parent
cd848e3ff6
commit
33f0698f1e
9 changed files with 196 additions and 30 deletions
62
tuto2.yml
62
tuto2.yml
|
|
@ -1,11 +1,11 @@
|
|||
kernel:
|
||||
image: linuxkit/kernel:4.9.85
|
||||
image: linuxkit/kernel:4.20.3
|
||||
# cmdline: "console=ttyS0 console=tty0"
|
||||
# cmdline: "console=tty0 console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.net=easy"
|
||||
cmdline: "console=tty0 console=ttyS0 root=/dev/sda1 root=/dev/sr0"
|
||||
cmdline: "console=tty0 console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.format=/dev/sda quiet"
|
||||
|
||||
init:
|
||||
- nemunaire/adlin-tuto2:8f13bab1bcb9b7b3f977ffd0f32bf596412b7094-dirty
|
||||
- nemunaire/adlin-tuto2:35a9354900bb9a419e9e54758c069e8b97472ec5-dirty
|
||||
|
||||
files:
|
||||
- path: etc/hostname
|
||||
|
|
@ -16,6 +16,7 @@ files:
|
|||
- path: etc/resolv.conf
|
||||
contents: |
|
||||
nameserver 9.9.9.9
|
||||
nameserver 1.1.1.1
|
||||
mode: "0644"
|
||||
|
||||
- path: etc/systemd/network/49-main.link
|
||||
|
|
@ -27,15 +28,13 @@ files:
|
|||
mode: "0644"
|
||||
|
||||
- path: etc/systemd/network/50-dhcp.network
|
||||
contents: ""
|
||||
mode: "0644"
|
||||
|
||||
- path: etc/systemd/network/.50-dhcp
|
||||
contents: |
|
||||
[Match]
|
||||
Name=eth0
|
||||
[Network]
|
||||
DHCP=yes
|
||||
IPv6AcceptRA=no
|
||||
LinkLocalAddressing=no
|
||||
mode: "0644"
|
||||
|
||||
- path: init
|
||||
|
|
@ -61,7 +60,7 @@ files:
|
|||
|
||||
INITP=$(cmdline init)
|
||||
[ -z "$INITP" ] && INITP=/lib/systemd/systemd
|
||||
|
||||
WGTOKEN=$(cmdline adlin.token)
|
||||
|
||||
|
||||
ROOTFS=$(cmdline root)
|
||||
|
|
@ -74,6 +73,7 @@ files:
|
|||
[ -b "$ROOTFS" ] || { echo "Invalid provided rootfs: not a valid block device."; exit 1; }
|
||||
}
|
||||
|
||||
|
||||
mkdir -p /overlay
|
||||
/bin/mount -n -t tmpfs none /overlay
|
||||
/bin/mkdir -p /overlay/rwdata
|
||||
|
|
@ -93,10 +93,7 @@ files:
|
|||
mkdir -p ${ovr_rwdata}/work
|
||||
/bin/mount -n -t overlay -o upperdir=${ovr_rwdata}/data,workdir=${ovr_rwdata}/work,lowerdir=${ovr_robase} overlay ${ovr_combined} || { echo "Unable to create overlayfs."; exit 3; }
|
||||
|
||||
grep adlin.net=easy /proc/cmdline > /dev/null && mount --bind ${ovr_combined}/etc/systemd/network/.50-dhcp ${ovr_combined}/etc/systemd/network/50-dhcp.network
|
||||
|
||||
/bin/umount -n /proc
|
||||
/bin/umount -n /dev
|
||||
|
||||
/bin/mkdir -p ${ovr_combined}/overlay/rwdata
|
||||
/bin/mount -n --move ${ovr_rwdata} ${ovr_combined}/overlay/rwdata
|
||||
|
|
@ -106,8 +103,49 @@ files:
|
|||
|
||||
cd ${ovr_combined}
|
||||
|
||||
mount --move /dev dev
|
||||
mount --move . /
|
||||
/bin/umount -n /overlay
|
||||
|
||||
# Setting up wireguard tunnel
|
||||
[ -z "${WGTOKEN}" ] && [ -f "etc/adlin.token" ] && WGTOKEN=$(cat etc/adlin.token)
|
||||
[ -z "${WGTOKEN}" ] && {
|
||||
echo -n "You didn't define your token to connect the network. Please copy it here now: "
|
||||
read WGTOKEN
|
||||
}
|
||||
echo -n "${WGTOKEN}" > etc/adlin.token
|
||||
/sbin/sysctl -w net.ipv6.conf.eth0.autoconf=0
|
||||
/bin/ip link set up dev eth0
|
||||
/bin/busybox udhcpc -n -q
|
||||
[ -f "etc/wireguard/adlin.conf" ] && WGPRVKEY=$(sed 's/^.*PrivateKey *= *//p;d' etc/wireguard/adlin.conf)
|
||||
[ -z "${WGPRVKEY}" ] && WGPRVKEY=$(/usr/bin/wg genkey)
|
||||
WGPUBKEY=$(echo $WGPRVKEY | /usr/bin/wg pubkey)
|
||||
while ! { echo "[Interface]\nPrivateKey = ${WGPRVKEY}"; /usr/sbin/chroot . /usr/bin/curl -f -d '{"pubkey": "'$WGPUBKEY'"}' https://adlin.nemunai.re/api/wg/$(echo -n "$WGTOKEN" | /usr/bin/sha512sum | /usr/bin/cut -d ' ' -f 1); } > etc/wireguard/adlin.conf
|
||||
do
|
||||
echo ""
|
||||
echo "****************************************"
|
||||
echo "******* SWITCHING TO RESCUE MODE *******"
|
||||
echo "****************************************"
|
||||
echo ""
|
||||
echo "Sorry, I was unable to establish a connection to adlin.nemunai.re."
|
||||
echo "Please verify that your primary network interface can obtain an IPv4 through DHCP."
|
||||
echo ""
|
||||
echo "Dropping to a shell, please fix your network, then press Ctrl+D or exit to retry."
|
||||
echo ""
|
||||
echo "****************************************"
|
||||
echo ""
|
||||
/bin/busybox cttyhack /usr/sbin/chroot . /bin/sh
|
||||
echo "Retrying connection..."
|
||||
done
|
||||
/sbin/modprobe wireguard
|
||||
/bin/ip link add dev wg0 type wireguard
|
||||
/usr/bin/wg setconf wg0 etc/wireguard/adlin.conf
|
||||
/bin/ip address add dev wg0 $(sed 's/^.*MyIPv6=//p;d' etc/wireguard/adlin.conf)
|
||||
/bin/ip link set up dev wg0
|
||||
/bin/ip -6 route del default
|
||||
/bin/ip -6 route add default via $(sed 's/^.*GWIPv6=//p;d' etc/wireguard/adlin.conf) pref high
|
||||
|
||||
# To the user
|
||||
exec /usr/sbin/chroot . "${INITP}"
|
||||
mode: "0755"
|
||||
|
||||
|
|
@ -149,7 +187,7 @@ files:
|
|||
|
||||
- path: etc/shadow
|
||||
contents: |
|
||||
root:$6$fCh6fLfB$wTiBuIJB2/QLl37VlJ16MsqGmfSDct8ALRpY8kemFC2T4N4eZgdlTnEqTuYn5i4FMc5GoDBx1nfENHQqm0Zgm.:17594:0:99999:7:::
|
||||
root:$6$B0qzwsEh$vfWGpIFUrKGrkT0PVtGhhomBwc.60IBIxjMLyG8mz.NJLFRryjqLK9sA/mzxNSaQViiHsYYrsgmcWVHblfdHg1:17968:0:99999:7:::
|
||||
daemon:*:17575:0:99999:7:::
|
||||
bin:*:17575:0:99999:7:::
|
||||
sys:*:17575:0:99999:7:::
|
||||
|
|
|
|||
Reference in a new issue