tuto3: Use the entire /etc directory for mainrouter
This is to avoid Ansible complaining about Resource busy files
This commit is contained in:
parent
ff2a68332b
commit
8d8df75b6b
62
tuto3.yml
62
tuto3.yml
@ -144,8 +144,7 @@ services:
|
||||
- type: cgroup
|
||||
options: ["rw","nosuid","noexec","nodev","relatime"]
|
||||
binds:
|
||||
- /var/lib/adlin/wrt-config:/etc/config
|
||||
- /etc/rshadow:/etc/shadow
|
||||
- /var/lib/adlin/wrt-etc:/etc
|
||||
- /etc/rinittab:/etc/inittab
|
||||
- /etc/hosts:/etc/hosts:ro
|
||||
- /etc/dresolv.conf:/etc/resolv.conf
|
||||
@ -554,23 +553,19 @@ files:
|
||||
- path: etc/init.d/014-default-router-config
|
||||
contents: |
|
||||
#!/bin/sh
|
||||
[ -d /var/lib/adlin/wrt-config ] || {
|
||||
mkdir -p /var/lib/adlin/wrt-config
|
||||
cp /containers/services/mainrouter/lower/etc/config/* /var/lib/adlin/wrt-config/
|
||||
[ -d /var/lib/adlin/wrt-etc ] || {
|
||||
mkdir -p /var/lib/adlin/wrt-etc
|
||||
cp -r /containers/services/mainrouter/lower/etc/* /var/lib/adlin/wrt-etc/
|
||||
|
||||
# Configured by students
|
||||
rm -f /var/lib/adlin/wrt-config/firewall
|
||||
rm -f /var/lib/adlin/wrt-etc/config/firewall
|
||||
touch /var/lib/adlin/wrt-etc/config/firewall
|
||||
|
||||
# Avoid listening on IPv6
|
||||
sed -r -i '/list\s+listen_http\s+\[::\]:80/d;/list\s+listen_http\s+\[::\]:443/d' /var/lib/adlin/wrt-config/uhttpd
|
||||
|
||||
TUNPVKEY=$(sed 's/^.*PrivateKey = //p;d' adlin.conf /var/lib/adlin/wireguard/adlin.conf)
|
||||
TUNIP=$(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf)
|
||||
SRVIP=$(echo "${TUNIP}" | sed "s#:[^:/]*/.*\$#:1/96#")
|
||||
WKSIP=$(echo "${TUNIP}" | sed "s#:[^:/]*/.*\$#1::1/96")
|
||||
sed -r -i '/list\s+listen_http\s+\[::\]:80/d;/list\s+listen_https\s+\[::\]:443/d' /var/lib/adlin/wrt-etc/config/uhttpd
|
||||
|
||||
# Configure networking
|
||||
cat > /etc/config/network <<EOF
|
||||
cat > /var/lib/adlin/wrt-etc/config/network <<EOF
|
||||
|
||||
config interface 'loopback'
|
||||
option ifname 'lo'
|
||||
@ -583,7 +578,37 @@ files:
|
||||
option proto 'dhcp'
|
||||
|
||||
EOF
|
||||
[ -f /var/lib/adlin/wireguard/adlin.conf ] && cat >> /etc/config/network <<EOF
|
||||
}
|
||||
|
||||
[ -e /var/lib/adlin/wrt-config ] && {
|
||||
mv /var/lib/adlin/wrt-config/* /var/lib/adlin/wrt-etc/config/
|
||||
rmdir /var/lib/adlin/wrt-config
|
||||
}
|
||||
[ -f /var/lib/adlin/wrt-firewall.user ] && mv /var/lib/adlin/wrt-firewall.user /var/lib/adlin/wrt-etc/firewall.user
|
||||
[ -f /var/lib/adlin/wrt-sysctl.conf ] && mv /var/lib/adlin/wrt-sysctl.conf /var/lib/adlin/wrt-etc/sysctl.conf
|
||||
|
||||
# Ensure custom rules are applied
|
||||
grep -q /etc/firewall.user /var/lib/adlin/wrt-etc/config/firewall || cat >> /var/lib/adlin/wrt-etc/config/firewall <<EOF
|
||||
config include
|
||||
option path /etc/firewall.user
|
||||
EOF
|
||||
|
||||
[ -f /var/lib/adlin/wireguard/adlin.conf ] && /usr/bin/update-wg-conf
|
||||
mode: "0755"
|
||||
|
||||
- path: usr/bin/update-wg-conf
|
||||
contents: |
|
||||
#!/bin/sh
|
||||
TUNPVKEY=$(sed 's/^.*PrivateKey = //p;d' /var/lib/adlin/wireguard/adlin.conf)
|
||||
TUNIP=$(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf)
|
||||
SRVIP=$(echo "${TUNIP}" | sed "s#:[^:/]*/.*\$#:1/96#")
|
||||
WKSIP=$(echo "${TUNIP}" | sed "s#:[^:/]*/.*\$#1::1/96#")
|
||||
|
||||
grep -q wireguard /var/lib/adlin/wrt-etc/config/network && {
|
||||
sed -i -r "s#list addresses '[^']+'#list addresses '${TUNIP}'#;s#option private_key '[^']+'#option private_key '${TUNPVKEY}'#;" /var/lib/adlin/wrt-etc/config/network
|
||||
}
|
||||
|
||||
grep -q wireguard /var/lib/adlin/wrt-etc/config/network || cat >> /var/lib/adlin/wrt-etc/config/network <<EOF
|
||||
config interface 'wg0'
|
||||
option proto 'wireguard'
|
||||
option force_link '1'
|
||||
@ -611,7 +636,6 @@ files:
|
||||
option interface 'wg0'
|
||||
|
||||
EOF
|
||||
}
|
||||
mode: "0755"
|
||||
|
||||
- path: etc/init.d/014-get-ssh-keys
|
||||
@ -649,10 +673,10 @@ files:
|
||||
- path: /etc/init.d/800-rw-passwd.sh
|
||||
contents: |
|
||||
#!/bin/sh
|
||||
#sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/mainrouter/rootfs/etc/shadow
|
||||
#cp /etc/services /containers/services/mainrouter/rootfs/etc/services
|
||||
mkdir /containers/services/mainrouter/rootfs/root/.ssh
|
||||
[ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/mainrouter/rootfs/root/.ssh/authorized_keys
|
||||
sed -ri '/^root/s@^root:x:.*$@root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow
|
||||
mkdir -p /var/lib/adlin/wrt-etc/dropbear/
|
||||
[ -f /var/lib/adlin/authorized_keys ] && ! [ -f /var/lib/adlin/wrt-etc/dropbear/authorized_keys ] && cp /var/lib/adlin/authorized_keys /var/lib/adlin/wrt-etc/dropbear/authorized_keys
|
||||
|
||||
for svc in sshd-wks-rh1 sshd-wks-dg1
|
||||
do
|
||||
mkdir -p /containers/services/${svc}/rootfs/root/.ssh
|
||||
|
||||
Reference in New Issue
Block a user