teach/adlin
Archived
0
0
Fork 0
Code Issues 1 Pull Requests 4 Releases Activity

server: update images

Browse Source
This commit is contained in:
nemunaire 2020-02-24 10:04:28 +01:00
parent 75abc025e2
commit 9cd10dbc7d
1 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
server.yml
View File

@ -1,32 +1,32 @@
kernel: kernel:
image: linuxkit/kernel:4.20.3 image: linuxkit/kernel:5.4.19
# cmdline: "console=tty0 console=ttyS0" # cmdline: "console=tty0 console=ttyS0"
cmdline: "console=tty0" cmdline: "console=tty0 adlin.network=alt"
init: init:
- linuxkit/init:a2166a6048ce041eebe005ab99454cfdeaa5c848 - linuxkit/init:a4fcf333298f644dfac6adf680b83140927aa85e
- linuxkit/runc:069d5cd3cc4f0aec70e4af53aed5d27a21c79c35 - linuxkit/runc:69b4a35eaa22eba4990ee52cccc8f48f6c08ed03
- linuxkit/containerd:2aff4d486220667364b2971b5fc6225bf165a069 - linuxkit/containerd:09553963ed9da626c25cf8acdf6d62ec37645412
- linuxkit/ca-certificates:v0.6 - linuxkit/ca-certificates:v0.7
# - linuxkit/firmware:v0.6 # - linuxkit/firmware:v0.7
- linuxkit/getty:2eb742cd7a68e14cf50577c02f30147bc406e478 - linuxkit/getty:v0.7
- nemunaire/monit:39c75d3e1dbccfed7e6ebfb826cd28e018be7117 - nemunaire/monit:f57bcdfc02e2523c714d657a4abda61d191aa15c
# - nemunaire/iscsi-target:8872d1c5e0cefe3c36b60e873b8452aefb19d84d # - nemunaire/iscsi-target:8872d1c5e0cefe3c36b60e873b8452aefb19d84d
onboot: onboot:
- name: sysctl - name: sysctl
image: linuxkit/sysctl:v0.6 image: linuxkit/sysctl:v0.7
binds: binds:
- /etc/sysctl.d/:/etc/sysctl.d/:ro - /etc/sysctl.d/:/etc/sysctl.d/:ro
# Mount first drive to enable some persistance # Mount first drive to enable some persistance
- name: mount - name: mount
image: linuxkit/mount:v0.6 image: linuxkit/mount:v0.7
command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ] command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ]
# Network: interface for login-validator # Network: interface for login-validator
- name: login-iface-setup - name: login-iface-setup
image: linuxkit/ip:v0.6 image: linuxkit/ip:v0.7
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ] command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
net: new net: new
runtime: runtime:
@ -57,7 +57,7 @@ onboot:
# token-validator # token-validator
- name: validator-iface-setup - name: validator-iface-setup
image: linuxkit/ip:v0.6 image: linuxkit/ip:v0.7
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ] command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
net: new net: new
runtime: runtime:
@ -70,7 +70,7 @@ onboot:
# domain name # domain name
- name: ns-iface-setup - name: ns-iface-setup
image: linuxkit/ip:v0.6 image: linuxkit/ip:v0.7
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ] command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
net: new net: new
runtime: runtime:
@ -83,7 +83,7 @@ onboot:
# time server # time server
- name: time-iface-setup - name: time-iface-setup
image: linuxkit/ip:v0.6 image: linuxkit/ip:v0.7
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ] command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
net: new net: new
runtime: runtime:
@ -94,9 +94,9 @@ onboot:
bindNS: bindNS:
net: /run/netns/dmz-time net: /run/netns/dmz-time
# mail server # mail server
- name: mail-iface-setup - name: mail-iface-setup
image: linuxkit/ip:v0.6 image: linuxkit/ip:v0.7
command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ] command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
net: new net: new
runtime: runtime:
@ -124,9 +124,9 @@ onboot:
services: services:
- name: rngd - name: rngd
image: linuxkit/rngd:v0.6 image: linuxkit/rngd:v0.7
- name: sshd - name: sshd
image: linuxkit/sshd:c4bc89cf0d66733c923ab9cb46198b599eb99320 image: linuxkit/sshd:v0.7
- name: dhcpd - name: dhcpd
image: joebiellik/dhcpd image: joebiellik/dhcpd
@ -210,7 +210,7 @@ services:
- /usr/share/ca-certificates:/usr/share/ca-certificates:ro - /usr/share/ca-certificates:/usr/share/ca-certificates:ro
- name: ns - name: ns
image: nemunaire/unbound:7fa2ef501be79db472de64f451b250173ace5ecf image: nemunaire/unbound:ed3ccbb5340aefd48c53a97743fdc6edc7011103-amd64
net: /run/netns/dmz-ns net: /run/netns/dmz-ns
capabilities: capabilities:
- all - all
@ -218,7 +218,7 @@ services:
- /etc/unbound:/etc/unbound:ro - /etc/unbound:/etc/unbound:ro
- name: time - name: time
image: linuxkit/openntpd:v0.6 image: linuxkit/openntpd:v0.7
net: /run/netns/dmz-time net: /run/netns/dmz-time
capabilities: capabilities:
- CAP_NET_BIND_SERVICE - CAP_NET_BIND_SERVICE
@ -408,17 +408,6 @@ files:
forward-addr: 8.8.8.8 forward-addr: 8.8.8.8
mode: "0440" mode: "0440"
- path: etc/postfix/main.cf
contents: |
myorigin = adlin.nemunai.re
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
mynetworks = 127.0.0.0/8
relay_domains = nemunai.re
parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
mode: "0440"
- path: etc/nginx/ssl/fullchain.pem - path: etc/nginx/ssl/fullchain.pem
source: ssl/fullchain.pem source: ssl/fullchain.pem
mode: "0644" mode: "0644"
@ -496,9 +485,12 @@ files:
return https://adlin.nemunai.re/; return https://adlin.nemunai.re/;
} }
location /login { location /login {
proxy_pass http://localhost:8081/login; proxy_pass http://localhost:8081;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /logout {
proxy_pass http://localhost:8081;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
} }
} }
} }
@ -540,6 +532,14 @@ files:
proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Forwarded-Proto http;
proxy_redirect off; proxy_redirect off;
} }
location /toctoc {
proxy_pass https://82.64.31.248/toctoc;
proxy_set_header Host adlin.nemunai.re;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-By 172.23.200.1;
proxy_set_header X-Forwarded-Proto http;
proxy_redirect off;
}
location /echorequest { location /echorequest {
proxy_pass https://82.64.31.248/echorequest; proxy_pass https://82.64.31.248/echorequest;
proxy_set_header Host adlin.nemunai.re; proxy_set_header Host adlin.nemunai.re;