teach/adlin
Archived
0
0
Fork 0
Code Issues 1 Pull Requests 4 Releases Activity

tuto3: Use the entire /etc directory for mainrouter

Browse Source 
This is to avoid Ansible complaining about Resource busy files
This commit is contained in:
nemunaire 2021-04-01 09:47:32 +02:00
parent ff2a68332b
commit 8d8df75b6b
1 changed files with 43 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
tuto3.yml
View File

@ -144,8 +144,7 @@ services:
- type: cgroup - type: cgroup
options: ["rw","nosuid","noexec","nodev","relatime"] options: ["rw","nosuid","noexec","nodev","relatime"]
binds: binds:
- /var/lib/adlin/wrt-config:/etc/config - /var/lib/adlin/wrt-etc:/etc
- /etc/rshadow:/etc/shadow
- /etc/rinittab:/etc/inittab - /etc/rinittab:/etc/inittab
- /etc/hosts:/etc/hosts:ro - /etc/hosts:/etc/hosts:ro
- /etc/dresolv.conf:/etc/resolv.conf - /etc/dresolv.conf:/etc/resolv.conf
@ -554,23 +553,19 @@ files:
- path: etc/init.d/014-default-router-config - path: etc/init.d/014-default-router-config
contents: | contents: |
#!/bin/sh #!/bin/sh
[ -d /var/lib/adlin/wrt-config ] || { [ -d /var/lib/adlin/wrt-etc ] || {
mkdir -p /var/lib/adlin/wrt-config mkdir -p /var/lib/adlin/wrt-etc
cp /containers/services/mainrouter/lower/etc/config/* /var/lib/adlin/wrt-config/ cp -r /containers/services/mainrouter/lower/etc/* /var/lib/adlin/wrt-etc/
# Configured by students # Configured by students
rm -f /var/lib/adlin/wrt-config/firewall rm -f /var/lib/adlin/wrt-etc/config/firewall
touch /var/lib/adlin/wrt-etc/config/firewall
# Avoid listening on IPv6 # Avoid listening on IPv6
sed -r -i '/list\s+listen_http\s+\[::\]:80/d;/list\s+listen_http\s+\[::\]:443/d' /var/lib/adlin/wrt-config/uhttpd sed -r -i '/list\s+listen_http\s+\[::\]:80/d;/list\s+listen_https\s+\[::\]:443/d' /var/lib/adlin/wrt-etc/config/uhttpd
TUNPVKEY=$(sed 's/^.*PrivateKey = //p;d' adlin.conf /var/lib/adlin/wireguard/adlin.conf)
TUNIP=$(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf)
SRVIP=$(echo "${TUNIP}" | sed "s#:[^:/]*/.*\$#:1/96#")
WKSIP=$(echo "${TUNIP}" | sed "s#:[^:/]*/.*\$#1::1/96")
# Configure networking # Configure networking
cat > /etc/config/network <<EOF cat > /var/lib/adlin/wrt-etc/config/network <<EOF
config interface 'loopback' config interface 'loopback'
option ifname 'lo' option ifname 'lo'
@ -583,7 +578,37 @@ files:
option proto 'dhcp' option proto 'dhcp'
EOF EOF
[ -f /var/lib/adlin/wireguard/adlin.conf ] && cat >> /etc/config/network <<EOF }
[ -e /var/lib/adlin/wrt-config ] && {
mv /var/lib/adlin/wrt-config/* /var/lib/adlin/wrt-etc/config/
rmdir /var/lib/adlin/wrt-config
}
[ -f /var/lib/adlin/wrt-firewall.user ] && mv /var/lib/adlin/wrt-firewall.user /var/lib/adlin/wrt-etc/firewall.user
[ -f /var/lib/adlin/wrt-sysctl.conf ] && mv /var/lib/adlin/wrt-sysctl.conf /var/lib/adlin/wrt-etc/sysctl.conf
# Ensure custom rules are applied
grep -q /etc/firewall.user /var/lib/adlin/wrt-etc/config/firewall || cat >> /var/lib/adlin/wrt-etc/config/firewall <<EOF
config include
option path /etc/firewall.user
EOF
[ -f /var/lib/adlin/wireguard/adlin.conf ] && /usr/bin/update-wg-conf
mode: "0755"
- path: usr/bin/update-wg-conf
contents: |
#!/bin/sh
TUNPVKEY=$(sed 's/^.*PrivateKey = //p;d' /var/lib/adlin/wireguard/adlin.conf)
TUNIP=$(sed 's/^.*MyIPv6=//p;d' /var/lib/adlin/wireguard/adlin.conf)
SRVIP=$(echo "${TUNIP}" | sed "s#:[^:/]*/.*\$#:1/96#")
WKSIP=$(echo "${TUNIP}" | sed "s#:[^:/]*/.*\$#1::1/96#")
grep -q wireguard /var/lib/adlin/wrt-etc/config/network && {
sed -i -r "s#list addresses '[^']+'#list addresses '${TUNIP}'#;s#option private_key '[^']+'#option private_key '${TUNPVKEY}'#;" /var/lib/adlin/wrt-etc/config/network
}
grep -q wireguard /var/lib/adlin/wrt-etc/config/network || cat >> /var/lib/adlin/wrt-etc/config/network <<EOF
config interface 'wg0' config interface 'wg0'
option proto 'wireguard' option proto 'wireguard'
option force_link '1' option force_link '1'
@ -611,7 +636,6 @@ files:
option interface 'wg0' option interface 'wg0'
EOF EOF
}
mode: "0755" mode: "0755"
- path: etc/init.d/014-get-ssh-keys - path: etc/init.d/014-get-ssh-keys
@ -649,10 +673,10 @@ files:
- path: /etc/init.d/800-rw-passwd.sh - path: /etc/init.d/800-rw-passwd.sh
contents: | contents: |
#!/bin/sh #!/bin/sh
#sed -ri '/^root/s@^.*$@root:$6$QNuPvO59Xk4UO3le$3P0V2ef6dHlKgO1FHsKcPPgOvL.YeCOPFqfIVTtpYn5eEn3xkgGYeM1RMCQ9l/eTc6rRc.l.WeRe1iJVznVGj/:17968:0:99999:7:::@' /containers/services/mainrouter/rootfs/etc/shadow sed -ri '/^root/s@^root:x:.*$@root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow
#cp /etc/services /containers/services/mainrouter/rootfs/etc/services mkdir -p /var/lib/adlin/wrt-etc/dropbear/
mkdir /containers/services/mainrouter/rootfs/root/.ssh [ -f /var/lib/adlin/authorized_keys ] && ! [ -f /var/lib/adlin/wrt-etc/dropbear/authorized_keys ] && cp /var/lib/adlin/authorized_keys /var/lib/adlin/wrt-etc/dropbear/authorized_keys
[ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/mainrouter/rootfs/root/.ssh/authorized_keys
for svc in sshd-wks-rh1 sshd-wks-dg1 for svc in sshd-wks-rh1 sshd-wks-dg1
do do
mkdir -p /containers/services/${svc}/rootfs/root/.ssh mkdir -p /containers/services/${svc}/rootfs/root/.ssh