tuto3: various fixes to help students

pkg/debian-tuto2/Dockerfile

@@ -19,7 +19,8 @@ RUN echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/so
     udev \
     vim.tiny \
     wireguard-tools \
-  && rm -rf /var/lib/apt/lists/*
+  && rm -rf /var/lib/apt/lists/* \
+  && rm -rf /etc/ssh/ssh_host_*_key*
 
 RUN rm -rf /etc/init.d/ && \
     mkdir /overlay && \

pkg/debian-tuto3/Dockerfile

@@ -19,6 +19,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y \
     tcpdump \
     udev \
     vim.tiny \
-  && rm -rf /var/lib/apt/lists/*
+  && rm -rf /var/lib/apt/lists/* \
+  && rm -rf /etc/ssh/ssh_host_*_key*
 
 COPY sshd_config /etc/ssh/sshd_config

pkg/tinydeb/Dockerfile

@@ -8,7 +8,8 @@ RUN apt-get update && apt-get install --no-install-recommends -y \
     python-apt \
     systemd-sysv \
     vim.tiny \
-  && rm -rf /var/lib/apt/lists/*
+  && rm -rf /var/lib/apt/lists/* \
+  && rm -rf /etc/ssh/ssh_host_*_key*
 
 COPY gai.conf /etc/gai.conf
 COPY sshd_config /etc/ssh/sshd_config

pkg/wg/ask.sh

@@ -12,7 +12,7 @@ cmdline() {
 [ -f "/var/lib/adlin/wireguard/adlin.token" ] && WGTOKEN=$(cat /var/lib/adlin/wireguard/adlin.token)
 [ -z "${WGTOKEN}" ] && WGTOKEN=$(cmdline adlin.token)
 [ -z "${WGTOKEN}" ] && {
-    echo -n "You didn't define your token to connect the network. Please copy it into /var/lib/adlin/wireguard/adlin.token and reboot."
+    echo "You didn't define your token to connect the network. Please run here `join-p0m` and then reboot."
     exit 1
 }
 [ -f "/var/lib/adlin/wireguard/adlin.conf" ] && WGPRVKEY=$(sed 's/^.*PrivateKey *= *//p;d' /var/lib/adlin/wireguard/adlin.conf)

token-validator/htdocs/js/adlin-main.js

@@ -86,7 +86,7 @@ angular.module("AdLinApp")
 	    });
 	};
 	$rootScope.checkLoginState();
-	$interval($rootScope.checkLoginState, 20000);
+	$interval($rootScope.checkLoginState, 40000);
 
 	$rootScope.disconnectCurrentUser = function() {
 	    $http({

tuto3.yml

@@ -207,7 +207,7 @@ services:
     hostname: miniflux
     capabilities:
       - all
-    command: ["/bin/sh", "-c", "sleep 5; /usr/bin/miniflux"]
+    command: ["/bin/sh", "-c", "sleep 10; /usr/bin/miniflux"]
     env:
       - DATABASE_URL=postgres://miniflux:adlin2021@db/miniflux?sslmode=disable
       - RUN_MIGRATIONS=1
@@ -248,6 +248,11 @@ files:
       172.23.42.7 web
     mode: "0444"
 
+  - path: etc/sysctl.d/adlin.conf
+    contents: |
+      net.netfilter.nf_log_all_netns=1
+    mode: "0444"
+
   - path: usr/bin/ask.sh
     source: pkg/wg/ask.sh
     mode: "0755"
@@ -297,10 +302,18 @@ files:
       GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix;
     mode: "0444"
 
+  - path: /initdb/init-website.sql
+    contents: |
+      CREATE USER website WITH PASSWORD 'adlin2021';
+      CREATE DATABASE website ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER website;
+      GRANT ALL PRIVILEGES ON DATABASE website TO website;
+    mode: "0444"
+
   - path: etc/init.d/011-init-disk
     contents: |
       #!/bin/sh
       mkdir -p /var/lib/adlin/
+      rm -rf /var/lib/adlin/wks1resolv.conf /var/lib/adlin/wks2resolv.conf
       touch /var/lib/adlin/wks1resolv.conf /var/lib/adlin/wks2resolv.conf
     mode: "0755"
 
@@ -464,7 +477,7 @@ files:
       echo
       cat /etc/issue.adlin
       echo
-      nsenter -n/run/netns/router ip -c a show dev wg0 2> /dev/null || echo "You didn't define your token to connect the network. Please run here `join-p0m` and then reboot."
+      nsenter -n/run/netns/router ip -c a show dev wg0 2> /dev/null || nsenter -n/run/netns/router /usr/bin/ask.sh
       nsenter -n/run/netns/router ip -c a show dev eth0
       nsenter -n/run/netns/wks1 ip -c a show dev eth1 2> /dev/null || echo "Attachez une seconde carte ethernet à la VM pour pouvoir vous connecter à un poste de travail."
       exit 0
@@ -513,6 +526,51 @@ files:
       echo "Token saved. You need to reboot now."
     mode: "0755"
 
+  - path: /usr/sbin/diagnostic
+    contents: |
+      #!/bin/sh
+      ok() { [ $# -gt 1 ] && MSG=$2 || MSG="OK"; echo -e $1 "\033[0;32m${MSG}\033[0m"; }
+      ko() { [ $# -gt 1 ] && MSG=$2 || MSG="KO"; echo -e $1 "\033[0;41m${MSG}\033[0m"; }
+
+      echo "TP3 VM diagnostic"
+      echo
+      echo -n "Disque dur monté : "; df /var/lib/adlin/ | grep ^/dev/sd > /dev/null && ok || ko
+      echo
+      echo -n "Token Maatma renseigné : "; [ -s "/var/lib/adlin/wireguard/adlin.token" ] && ok -n || ko -n
+      echo -n " - Tunnel monté : "; nsenter -n/run/netns/router /usr/bin/wg show wg0 > /dev/null 2> /dev/null && ok -n || ko -n
+      echo -n " - Tunnel établit : "; [ "$(nsenter -n/run/netns/router /usr/bin/wg show wg0 dump | tail -1 | cut -f 6 2> /dev/null)" != "0" ] && ok || ko
+      echo -n "Ping Gateway Maatma : "; nsenter -n/run/netns/router ping -w 2 -c 1 2a01:e0a:2b:2252::1 > /dev/null 2> /dev/null && ok -n || ko -n
+      echo -n " - Ping Internet IPv4 : "; nsenter -n/run/netns/router ping -w 2 -c 1 1.1.1.1 > /dev/null 2> /dev/null && ok || ko
+      echo
+      echo -n "États serveurs : ";
+      ctr -n services.linuxkit t ls | grep mainrouter | grep RUNNING > /dev/null && ok -n "Routeur" || ko -n "Routeur"
+      echo -n " "
+      pgrep unbound > /dev/null && ok -n "Résolveur" || ko -n "Résolveur"
+      echo -n " "
+      pgrep openrc > /dev/null && ok -n "NS autoritaire" || ko -n "NS autoritaire"
+      echo -n " "
+      pgrep postgres > /dev/null && ok -n "Database" || ko -n "Database"
+      echo -n " "
+      ctr -n services.linuxkit t ls | grep matrix | grep RUNNING > /dev/null && ok -n "Matrix" || ko -n "Matrix"
+      echo -n " "
+      pgrep miniflux > /dev/null && ok -n "Miniflux" || ko -n "Miniflux"
+      echo -n " "
+      ctr -n services.linuxkit t ls | grep web | grep RUNNING > /dev/null && ok -n "Vitrine" || ko -n "Vitrine"
+      echo
+      echo
+      echo -n "États Workstations : "
+      ctr -n services.linuxkit t ls | grep dhcpcd-wks1 | grep RUNNING > /dev/null && ok -n "WKS-1" || ko -n "WKS-1"
+      echo -n "("
+      ctr -n services.linuxkit t ls | grep sshd-wks1 | grep RUNNING > /dev/null && ok -n "SSH" || ko -n "SSH"
+      echo -n ") "
+      ctr -n services.linuxkit t ls | grep dhcpcd-wks2 | grep RUNNING > /dev/null && ok -n "WKS-2" || ko -n "WKS-2"
+      echo -n "("
+      ctr -n services.linuxkit t ls | grep sshd-wks2 | grep RUNNING > /dev/null && ok -n "SSH" || ko -n "SSH"
+      echo -n ") "
+      echo
+      echo
+    mode: "0755"
+
   - path: etc/network/interfaces
     contents: |
       auto lo