teach/adlin
Archived
0
0
Fork 0
Code Issues 1 Pull requests 4 Releases Activity

this is tuto1

Browse source
This commit is contained in:
nemunaire 2019-03-04 09:00:22 +01:00
commit 9262917553
19 changed files with 928 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

145
server.yml
View file

@ -1,14 +1,17 @@
kernel:
image: linuxkit/kernel:4.20.3
cmdline: "console=tty0 console=ttyS0"
# cmdline: "console=tty0 console=ttyS0"
cmdline: "console=tty0"
init:
- linuxkit/init:a2166a6048ce041eebe005ab99454cfdeaa5c848
- linuxkit/runc:069d5cd3cc4f0aec70e4af53aed5d27a21c79c35
- linuxkit/containerd:2aff4d486220667364b2971b5fc6225bf165a069
- linuxkit/ca-certificates:v0.6
- linuxkit/firmware:v0.6
# - linuxkit/firmware:v0.6
- linuxkit/getty:2eb742cd7a68e14cf50577c02f30147bc406e478
- nemunaire/monit:39c75d3e1dbccfed7e6ebfb826cd28e018be7117
# - nemunaire/iscsi-target:8872d1c5e0cefe3c36b60e873b8452aefb19d84d
onboot:
- name: sysctl
@ -44,7 +47,7 @@ onboot:
# Bridge between std LAN, PXE LAN services (login-validator) and default route (as it uses the same wire)
- name: bridge-ext-setup
image: linuxkit/ip:v0.6
command: ["/bin/sh", "-c", "ip a add 172.23.255.1/24 dev br-ext; ip a add 172.17.0.16/16 dev br-ext; ip a add 172.23.0.1/17 dev br-ext; ip link set eth0 master br-ext; ip link set veth-login master br-ext; ip link set br-ext up; ip link set veth-login up; ip link set eth0 up; ip route add default via 172.17.0.1;" ]
command: ["/bin/sh", "-c", "ip a add 172.23.255.1/24 dev br-ext; ip a add 172.17.0.16/16 dev br-ext; ip a add 10.224.32.252/24 dev br-ext; ip a add 172.23.0.1/17 dev br-ext; ip link set eth0 master br-ext; ip link set veth-login master br-ext; ip link set br-ext up; ip link set veth-login up; ip link set eth0 up; ip route add default via 10.224.32.1;" ]
runtime:
interfaces:
- name: br-ext
@ -92,17 +95,17 @@ onboot:
net: /run/netns/dmz-time
# mail server
# - name: mail-iface-setup
# image: linuxkit/ip:v0.6
# command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
# net: new
# runtime:
# interfaces:
# - name: vethin-mail
# add: veth
# peer: veth-mail
# bindNS:
# net: /run/netns/dmz-mail
- name: mail-iface-setup
image: linuxkit/ip:v0.6
command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
net: new
runtime:
interfaces:
- name: vethin-mail
add: veth
peer: veth-mail
bindNS:
net: /run/netns/dmz-mail
# Bridge for DMZ services
- name: bridge-int-setup
@ -136,6 +139,9 @@ services:
binds:
- /etc/dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf:ro
- /var/lib/adlin/dhcp:/var/lib/dhcp/
runtime:
mkdir:
- /var/lib/adlin/dhcp
- name: tftpd
image: nemunaire/tftpd:5340825352f9af28f5ac77bbe3243bdb70176903
@ -144,11 +150,11 @@ services:
binds:
- /srv/tftp:/srv/tftp:ro
- /var/lib/adlin/pxelinux.cfg:/srv/tftp/bios/pxelinux.cfg
- /var/lib/adlin/pxelinux.cfg:/srv/tftp/e64/pxelinux.cfg
- /var/lib/adlin/pxelinux.cfg:/srv/tftp/pxelinux.cfg
- name: login-validator
image: nemunaire/adlin-login-validator:137bdec06d5e09885e7a0cd5d603bd4b2b2aa3ad
# command: ["/bin/login-validator", "-bind=:8081", "-ldaphost=auth.cri.epita.fr", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"]
image: nemunaire/adlin-login-validator:a5fee7db6c578a6d698983be8e74e7ce7420791e
# command: ["/bin/login-validator", "-bind=:8081", "-ldaphost=auth.cri.epita.net", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"]
command: ["/bin/login-validator", "-bind=:8081", "-noauth"]
net: /run/netns/login
binds:
@ -224,22 +230,48 @@ services:
- /etc/resolv.conf:/etc/resolv.conf:ro
- /etc/ntpd.conf:/etc/ntpd.conf:ro
# - name: postfix
# image: mwader/postfix-relay
# net: /run/netns/dmz-mail
# environment:
# - POSTFIX_myhostname=adlin.nemunai.re
# binds:
# - /var/lib/adlin/postfix/mail:/var/mail
# - /var/lib/adlin/postfix/lib:/var/lib/postfix
# - /var/lib/adlin/postfix/spool:/var/spool/postfix
- name: postfix
image: mwader/postfix-relay
net: /run/netns/dmz-mail
capabilities:
- CAP_CHOWN
- CAP_SYS_CHROOT
- CAP_DAC_OVERRIDE
- CAP_FOWNER
- CAP_NET_BIND_SERVICE
- CAP_SETGID
- CAP_SETUID
env:
- POSTFIX_myhostname=adlin.nemunai.re
- POSTFIX_mydestination=localhost
- POSTFIX_mynetworks=172.23.0.0/16
- POSTFIX_smtp_tls_security_level=may
- POSTFIX_smtpd_tls_security_level=none
binds:
- /etc/resolv.conf:/etc/resolv.conf:ro
- /var/lib/adlin/postfix/mail:/var/mail
- /var/lib/adlin/postfix/lib:/var/lib/postfix
- /var/lib/adlin/postfix/spool:/var/spool/postfix
runtime:
mkdir:
- /var/lib/adlin/postfix
- /var/lib/adlin/postfix/mail
- /var/lib/adlin/postfix/lib
- /var/lib/adlin/postfix/spool
files:
- path: etc/init.d/011-copy-to-var
contents: |
#!/bin/sh
mkdir -p /var/tftp/
cp -r /srv/tftp/pxelinux.cfg /var/lib/adlin/pxelinux.cfg
cp -r /srv/tftp/pxelinux.cfg /var/lib/adlin/
touch /var/lib/adlin/dhcp/dhcpd.leases
mkdir -p /var/spool/cron/crontabs
cat <<EOF > /var/spool/cron/crontabs/root
* * * * * SECRET_KEY=felixfixit /usr/sbin/ping-checker
EOF
/usr/sbin/crond
mode: "0755"
- path: etc/init.d/021-nameserver
@ -327,10 +359,12 @@ files:
[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
[0:0] -A INPUT -p icmp -j ACCEPT
[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -i br-ext -s 172.23.0.0/17 -p tcp -m conntrack --ctstate NEW -m tcp --dport ssh -j ACCEPT
[0:0] -A INPUT -i br-ext -m tcp --dport ssh -j ACCEPT
[0:0] -A INPUT -i br-ext -p udp --sport 68 --dport 67 -j ACCEPT
[0:0] -A INPUT -i br-ext -p udp --dport 69 -j ACCEPT
[0:0] -A INPUT -i br-ext -p tcp --dport 80 -j ACCEPT
[0:0] -A INPUT -p udp --sport 7000 -j DROP
[0:0] -A INPUT -p udp --dport 7000 -j DROP
[0:0] -A INPUT -j LOG
[0:0] -A FORWARD -i eth0.7 -o br-ext -j ACCEPT
[0:0] -A FORWARD -o eth0.7 -i br-ext -j ACCEPT
@ -505,6 +539,22 @@ files:
proxy_set_header X-Forwarded-Proto http;
proxy_redirect off;
}
location /echorequest {
proxy_pass https://82.64.31.248/echorequest;
proxy_set_header Host adlin.nemunai.re;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-By 172.23.200.1;
proxy_set_header X-Forwarded-Proto http;
proxy_redirect off;
}
location /testdisk {
proxy_pass https://82.64.31.248/testdisk;
proxy_set_header Host adlin.nemunai.re;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-By 172.23.200.1;
proxy_set_header X-Forwarded-Proto http;
proxy_redirect off;
}
location /sshkeys {
return https://adlin.nemunai.re/sshkeys;
}
@ -527,6 +577,22 @@ files:
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
location /echorequest {
proxy_pass https://82.64.31.248/echorequest;
proxy_set_header Host adlin.nemunai.re;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-By 172.23.200.1;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
location /testdisk {
proxy_pass https://82.64.31.248/testdisk;
proxy_set_header Host adlin.nemunai.re;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-By 172.23.200.1;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
location /sshkeys {
proxy_pass https://82.64.31.248/sshkeys;
proxy_set_header Host adlin.nemunai.re;
@ -535,6 +601,14 @@ files:
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
location /api/students {
proxy_pass https://82.64.31.248;
proxy_set_header Host adlin.nemunai.re;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-By 172.23.200.1;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
}
mode: "0440"
@ -547,17 +621,21 @@ files:
option client-arch code 93 = unsigned integer 16;
subnet 172.23.255.0 netmask 255.255.255.0 {
range 172.23.255.10 172.23.255.254;
#option routers 172.23.255.1;
option subnet-mask 255.255.255.0;
option broadcast-address 172.23.255.255;
next-server 172.23.255.1;
if option client-arch != 00:00 {
filename "ipxe.efi";
# filename "e64/syslinux.efi";
} else {
filename "bios/pxelinux.0";
}
}
subnet 172.23.128.0 netmask 255.255.192.0 {
range 172.23.128.10 172.23.191.250;
option routers 172.23.191.254;
option subnet-mask 255.255.192.0;
option broadcast-address 172.23.191.255;
}
mode: "0440"
- path: etc/ntpd.conf
@ -569,6 +647,7 @@ files:
server 51.15.180.229
mode: "0440"
- path: srv/tftp
directory: true
mode: "0755"
@ -612,6 +691,10 @@ files:
source: tftp/ipxe.efi
mode: "0644"
- path: usr/sbin/ping-checker
source: ping-checker.sh
mode: "0755"
- path: srv/tftp/bzImage
source: challenge-kernel
mode: "0644"