From 9cd10dbc7dc91d14cacee378d98e8a4eacc8ba2a Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Mon, 24 Feb 2020 10:04:28 +0100
Subject: [PATCH] server: update images

---
 server.yml | 68 +++++++++++++++++++++++++++---------------------------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/server.yml b/server.yml
index b2b158a..88bf4d9 100644
--- a/server.yml
+++ b/server.yml
@@ -1,32 +1,32 @@
 kernel:
-  image: linuxkit/kernel:4.20.3
+  image: linuxkit/kernel:5.4.19
 #  cmdline: "console=tty0 console=ttyS0"
-  cmdline: "console=tty0"
+  cmdline: "console=tty0 adlin.network=alt"
 
 init:
-  - linuxkit/init:a2166a6048ce041eebe005ab99454cfdeaa5c848
-  - linuxkit/runc:069d5cd3cc4f0aec70e4af53aed5d27a21c79c35
-  - linuxkit/containerd:2aff4d486220667364b2971b5fc6225bf165a069
-  - linuxkit/ca-certificates:v0.6
-#  - linuxkit/firmware:v0.6
-  - linuxkit/getty:2eb742cd7a68e14cf50577c02f30147bc406e478
-  - nemunaire/monit:39c75d3e1dbccfed7e6ebfb826cd28e018be7117
+  - linuxkit/init:a4fcf333298f644dfac6adf680b83140927aa85e
+  - linuxkit/runc:69b4a35eaa22eba4990ee52cccc8f48f6c08ed03
+  - linuxkit/containerd:09553963ed9da626c25cf8acdf6d62ec37645412
+  - linuxkit/ca-certificates:v0.7
+#  - linuxkit/firmware:v0.7
+  - linuxkit/getty:v0.7
+  - nemunaire/monit:f57bcdfc02e2523c714d657a4abda61d191aa15c
 #  - nemunaire/iscsi-target:8872d1c5e0cefe3c36b60e873b8452aefb19d84d
 
 onboot:
   - name: sysctl
-    image: linuxkit/sysctl:v0.6
+    image: linuxkit/sysctl:v0.7
     binds:
       - /etc/sysctl.d/:/etc/sysctl.d/:ro
 
     # Mount first drive to enable some persistance
   - name: mount
-    image: linuxkit/mount:v0.6
+    image: linuxkit/mount:v0.7
     command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ]
 
     # Network: interface for login-validator
   - name: login-iface-setup
-    image: linuxkit/ip:v0.6
+    image: linuxkit/ip:v0.7
     command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
     net: new
     runtime:
@@ -57,7 +57,7 @@ onboot:
 
     # token-validator
   - name: validator-iface-setup
-    image: linuxkit/ip:v0.6
+    image: linuxkit/ip:v0.7
     command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
     net: new
     runtime:
@@ -70,7 +70,7 @@ onboot:
 
     # domain name
   - name: ns-iface-setup
-    image: linuxkit/ip:v0.6
+    image: linuxkit/ip:v0.7
     command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
     net: new
     runtime:
@@ -83,7 +83,7 @@ onboot:
 
     # time server
   - name: time-iface-setup
-    image: linuxkit/ip:v0.6
+    image: linuxkit/ip:v0.7
     command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
     net: new
     runtime:
@@ -94,9 +94,9 @@ onboot:
       bindNS:
         net: /run/netns/dmz-time
 
-     # mail server
+    # mail server
   - name: mail-iface-setup
-    image: linuxkit/ip:v0.6
+    image: linuxkit/ip:v0.7
     command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
     net: new
     runtime:
@@ -124,9 +124,9 @@ onboot:
 
 services:
   - name: rngd
-    image: linuxkit/rngd:v0.6
+    image: linuxkit/rngd:v0.7
   - name: sshd
-    image: linuxkit/sshd:c4bc89cf0d66733c923ab9cb46198b599eb99320
+    image: linuxkit/sshd:v0.7
 
   - name: dhcpd
     image: joebiellik/dhcpd
@@ -210,7 +210,7 @@ services:
      - /usr/share/ca-certificates:/usr/share/ca-certificates:ro
 
   - name: ns
-    image: nemunaire/unbound:7fa2ef501be79db472de64f451b250173ace5ecf
+    image: nemunaire/unbound:ed3ccbb5340aefd48c53a97743fdc6edc7011103-amd64
     net: /run/netns/dmz-ns
     capabilities:
      - all
@@ -218,7 +218,7 @@ services:
      - /etc/unbound:/etc/unbound:ro
 
   - name: time
-    image: linuxkit/openntpd:v0.6
+    image: linuxkit/openntpd:v0.7
     net: /run/netns/dmz-time
     capabilities:
      - CAP_NET_BIND_SERVICE
@@ -408,17 +408,6 @@ files:
              forward-addr: 8.8.8.8
     mode: "0440"
 
-  - path: etc/postfix/main.cf
-    contents: |
-      myorigin = adlin.nemunai.re
-      mydestination =
-      local_recipient_maps =
-      local_transport = error:local mail delivery is disabled
-      mynetworks = 127.0.0.0/8
-      relay_domains = nemunai.re
-      parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
-    mode: "0440"
-
   - path: etc/nginx/ssl/fullchain.pem
     source: ssl/fullchain.pem
     mode: "0644"
@@ -496,9 +485,12 @@ files:
                   return https://adlin.nemunai.re/;
               }
               location /login {
-                  proxy_pass        http://localhost:8081/login;
+                  proxy_pass        http://localhost:8081;
+                  proxy_set_header  X-Forwarded-For  $remote_addr;
+              }
+              location /logout {
+                  proxy_pass        http://localhost:8081;
                   proxy_set_header  X-Forwarded-For  $remote_addr;
-                  proxy_redirect    off;
               }
           }
       }
@@ -540,6 +532,14 @@ files:
                   proxy_set_header  X-Forwarded-Proto http;
                   proxy_redirect    off;
               }
+              location /toctoc {
+                  proxy_pass        https://82.64.31.248/toctoc;
+                  proxy_set_header  Host             adlin.nemunai.re;
+                  proxy_set_header  X-Forwarded-For  $remote_addr;
+                  proxy_set_header  X-Forwarded-By   172.23.200.1;
+                  proxy_set_header  X-Forwarded-Proto http;
+                  proxy_redirect    off;
+              }
               location /echorequest {
                   proxy_pass        https://82.64.31.248/echorequest;
                   proxy_set_header  Host             adlin.nemunai.re;