Update LinuxKit pkgs
This commit is contained in:
parent
d41785fd9a
commit
dc84fd6fac
@ -1,6 +1,6 @@
|
|||||||
init:
|
init:
|
||||||
- busybox
|
- busybox
|
||||||
- nemunaire/adlin-login-app:c71f57c845cd1e26df4a95143c86c98699bf7b6c
|
- nemunaire/adlin-login-app:a6ceb3829e7c6e65187654eb212fbd0e888b9dd4
|
||||||
|
|
||||||
files:
|
files:
|
||||||
- path: /etc/ssl/certs/DST_Root_CA_X3.pem
|
- path: /etc/ssl/certs/DST_Root_CA_X3.pem
|
||||||
|
46
server.yml
46
server.yml
@ -5,29 +5,29 @@ kernel:
|
|||||||
cmdline: "console=tty0"
|
cmdline: "console=tty0"
|
||||||
|
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:a68f9fa0c1d9dbfc9c23663749a0b7ac510cbe1c
|
- linuxkit/init:7e3d51e6ab5896ecb36a4829450f7430f2878927
|
||||||
- linuxkit/runc:v0.8
|
- linuxkit/runc:9f7aad4eb5e4360cc9ed8778a5c501cce6e21601
|
||||||
- linuxkit/containerd:1ae8f054e9fe792d1dbdb9a65f1b5e14491cb106
|
- linuxkit/containerd:2f0907913dd54ab5186006034eb224a0da12443e
|
||||||
- linuxkit/ca-certificates:v0.8
|
- linuxkit/ca-certificates:c1c73ef590dffb6a0138cf758fe4a4305c9864f4
|
||||||
# - linuxkit/firmware:v0.7
|
# - linuxkit/firmware:v0.7
|
||||||
- linuxkit/getty:v0.8
|
- linuxkit/getty:3c6e89681a988c3d4e2610fcd7aaaa0247ded3ec
|
||||||
- nemunaire/monit:efb921ff9d2e564dfa43880c608e87dce6ad22b1
|
- nemunaire/monit:90a16ed909ca82b5a2a277cb290301e97ee36063
|
||||||
# - nemunaire/iscsi-target:8872d1c5e0cefe3c36b60e873b8452aefb19d84d
|
# - nemunaire/iscsi-target:8872d1c5e0cefe3c36b60e873b8452aefb19d84d
|
||||||
|
|
||||||
onboot:
|
onboot:
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
image: linuxkit/sysctl:v0.8
|
image: linuxkit/sysctl:bdc99eeedc224439ff237990ee06e5b992c8c1ae
|
||||||
binds:
|
binds:
|
||||||
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
||||||
|
|
||||||
# Mount first drive to enable some persistance
|
# Mount first drive to enable some persistance
|
||||||
- name: mount
|
- name: mount
|
||||||
image: linuxkit/mount:v0.8
|
image: linuxkit/mount:422b219bb1c7051096126ac83e6dcc8b2f3f1176
|
||||||
command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ]
|
command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ]
|
||||||
|
|
||||||
# Network: interface for login-validator
|
# Network: interface for login-validator
|
||||||
- name: login-iface-setup
|
- name: login-iface-setup
|
||||||
image: linuxkit/ip:v0.8
|
image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -42,7 +42,7 @@ onboot:
|
|||||||
|
|
||||||
# wg-manager
|
# wg-manager
|
||||||
- name: wg-iface-setup
|
- name: wg-iface-setup
|
||||||
image: linuxkit/ip:v0.8
|
image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.17.0.15/16 dev vethin-wg; ip a add 10.224.33.251/24 dev vethin-wg; ip link set vethin-wg address 0e:f2:7e:10:58:69; ip link set vethin-wg up; ip route add default via 10.224.33.252; wg-quick up wg0; /sbin/iptables-restore < /etc/iptables/rules.v4;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.17.0.15/16 dev vethin-wg; ip a add 10.224.33.251/24 dev vethin-wg; ip link set vethin-wg address 0e:f2:7e:10:58:69; ip link set vethin-wg up; ip route add default via 10.224.33.252; wg-quick up wg0; /sbin/iptables-restore < /etc/iptables/rules.v4;" ]
|
||||||
net: new
|
net: new
|
||||||
binds:
|
binds:
|
||||||
@ -60,7 +60,7 @@ onboot:
|
|||||||
|
|
||||||
# token-validator
|
# token-validator
|
||||||
- name: validator-iface-setup
|
- name: validator-iface-setup
|
||||||
image: linuxkit/ip:v0.8
|
image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -73,7 +73,7 @@ onboot:
|
|||||||
|
|
||||||
# domain name
|
# domain name
|
||||||
- name: ns-iface-setup
|
- name: ns-iface-setup
|
||||||
image: linuxkit/ip:v0.8
|
image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -86,7 +86,7 @@ onboot:
|
|||||||
|
|
||||||
# time server
|
# time server
|
||||||
- name: time-iface-setup
|
- name: time-iface-setup
|
||||||
image: linuxkit/ip:v0.8
|
image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -99,7 +99,7 @@ onboot:
|
|||||||
|
|
||||||
# mail server
|
# mail server
|
||||||
- name: mail-iface-setup
|
- name: mail-iface-setup
|
||||||
image: linuxkit/ip:v0.8
|
image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
|
||||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
|
command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -116,9 +116,9 @@ onboot:
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
- name: rngd
|
- name: rngd
|
||||||
image: linuxkit/rngd:v0.8
|
image: linuxkit/rngd:4f85d8de3f6f45973a8c88dc8fba9ec596e5495a
|
||||||
- name: sshd
|
- name: sshd
|
||||||
image: linuxkit/sshd:v0.8
|
image: linuxkit/sshd:4696ba61c3ec091328e1c14857d77e675802342f
|
||||||
|
|
||||||
- name: dhcpd
|
- name: dhcpd
|
||||||
image: joebiellik/dhcpd
|
image: joebiellik/dhcpd
|
||||||
@ -136,7 +136,7 @@ services:
|
|||||||
- /var/lib/adlin/dhcp
|
- /var/lib/adlin/dhcp
|
||||||
|
|
||||||
- name: tftpd
|
- name: tftpd
|
||||||
image: nemunaire/tftpd:b0d2e1de2660e81c329ecb49966c32aab8982f11
|
image: nemunaire/tftpd:de6fcc89d7cbaa46aa5e37821aeac24136f84761
|
||||||
capabilities:
|
capabilities:
|
||||||
- all
|
- all
|
||||||
binds:
|
binds:
|
||||||
@ -145,11 +145,11 @@ services:
|
|||||||
- /var/lib/adlin/pxelinux.cfg:/srv/tftp/pxelinux.cfg
|
- /var/lib/adlin/pxelinux.cfg:/srv/tftp/pxelinux.cfg
|
||||||
|
|
||||||
- name: arp-spoofer
|
- name: arp-spoofer
|
||||||
image: nemunaire/adlin-arp-spoofer:5c78e97a8c90b9faf8395f7084a05d0fb44c779a
|
image: nemunaire/adlin-arp-spoofer:9cfd4b106e4a70281fad33fb36df1a189f846cb6
|
||||||
command: ["/bin/arp-spoofer", "-iface=br-ext", "-ip-spoof=172.17.0.15"]
|
command: ["/bin/arp-spoofer", "-iface=br-ext", "-ip-spoof=172.17.0.15"]
|
||||||
|
|
||||||
- name: login-validator
|
- name: login-validator
|
||||||
image: nemunaire/adlin-login-validator:5e8ae6a40d2764d66a0e65f7ebd68961729f3a90-dirty
|
image: nemunaire/adlin-login-validator:29c8b8434f26e7f0e0b02e19992bf67c90da3675
|
||||||
# command: ["/bin/login-validator", "-bind=:8081", "-auth=ldap", "-ldaphost=auth.cri.epita.net", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"]
|
# command: ["/bin/login-validator", "-bind=:8081", "-auth=ldap", "-ldaphost=auth.cri.epita.net", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"]
|
||||||
# command: ["/bin/login-validator", "-bind=:8081", "-auth=krb5", "-krb5realm=CRI.EPITA.FR"]
|
# command: ["/bin/login-validator", "-bind=:8081", "-auth=krb5", "-krb5realm=CRI.EPITA.FR"]
|
||||||
command: ["/bin/login-validator", "-bind=:8081", "-auth=fwd", "-fwduri=https://adlin.nemunai.re/auth"]
|
command: ["/bin/login-validator", "-bind=:8081", "-auth=fwd", "-fwduri=https://adlin.nemunai.re/auth"]
|
||||||
@ -207,7 +207,7 @@ services:
|
|||||||
- /usr/share/ca-certificates:/usr/share/ca-certificates:ro
|
- /usr/share/ca-certificates:/usr/share/ca-certificates:ro
|
||||||
|
|
||||||
- name: wg
|
- name: wg
|
||||||
image: nemunaire/wg-manager:13a3c9000f68327b3051d089f86cd5a136ec48e4
|
image: nemunaire/wg-manager:5f60162cc1d934a209bbac8d963a2d9f6ba10c04
|
||||||
command: ["/bin/wg-manager", "-bind=:80" ]
|
command: ["/bin/wg-manager", "-bind=:80" ]
|
||||||
capabilities:
|
capabilities:
|
||||||
- all
|
- all
|
||||||
@ -216,7 +216,7 @@ services:
|
|||||||
- /etc/resolv.conf:/etc/resolv.conf:ro
|
- /etc/resolv.conf:/etc/resolv.conf:ro
|
||||||
|
|
||||||
- name: ns
|
- name: ns
|
||||||
image: nemunaire/unbound:57b1e5e6d435a27af880036aed2c320073f7dffb
|
image: nemunaire/unbound:bd37359b69eb87eb5764fc18d9842cf78afc656c
|
||||||
net: /run/netns/dmz-ns
|
net: /run/netns/dmz-ns
|
||||||
capabilities:
|
capabilities:
|
||||||
- all
|
- all
|
||||||
@ -224,7 +224,7 @@ services:
|
|||||||
- /etc/unbound:/etc/unbound:ro
|
- /etc/unbound:/etc/unbound:ro
|
||||||
|
|
||||||
- name: time
|
- name: time
|
||||||
image: linuxkit/openntpd:v0.8
|
image: linuxkit/openntpd:d6c36ac367ed26a6eeffd8db78334d9f8041b038
|
||||||
command: ["/bin/sh", "-c", "sleep 10; /usr/sbin/ntpd -d -s" ]
|
command: ["/bin/sh", "-c", "sleep 10; /usr/sbin/ntpd -d -s" ]
|
||||||
net: /run/netns/dmz-time
|
net: /run/netns/dmz-time
|
||||||
capabilities:
|
capabilities:
|
||||||
@ -239,7 +239,7 @@ services:
|
|||||||
- /etc/ntpd.conf:/etc/ntpd.conf:ro
|
- /etc/ntpd.conf:/etc/ntpd.conf:ro
|
||||||
|
|
||||||
- name: postfix
|
- name: postfix
|
||||||
image: nemunaire/postfix:34430347e3a1221fd743774dc566420f748f3839
|
image: nemunaire/postfix:6c556b4517ddb596ae0d084ec9783de9eba6534d
|
||||||
net: /run/netns/dmz-mail
|
net: /run/netns/dmz-mail
|
||||||
capabilities:
|
capabilities:
|
||||||
- CAP_CHOWN
|
- CAP_CHOWN
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
kernel:
|
kernel:
|
||||||
image: linuxkit/kernel:4.19.121
|
image: linuxkit/kernel:5.10.92
|
||||||
cmdline: "console=tty0 console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.format=/dev/sda quiet"
|
cmdline: "console=tty0 console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.format=/dev/sda quiet"
|
||||||
|
|
||||||
init:
|
init:
|
||||||
|
34
tuto3.yml
34
tuto3.yml
@ -1,36 +1,36 @@
|
|||||||
kernel:
|
kernel:
|
||||||
image: linuxkit/kernel:4.19.121
|
image: linuxkit/kernel:5.10.92
|
||||||
# cmdline: "console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.token=LqCdJDfniA"
|
# cmdline: "console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.token=LqCdJDfniA"
|
||||||
cmdline: "console=tty0"
|
cmdline: "console=tty0"
|
||||||
|
|
||||||
init:
|
init:
|
||||||
- linuxkit/init:a68f9fa0c1d9dbfc9c23663749a0b7ac510cbe1c
|
- linuxkit/init:7e3d51e6ab5896ecb36a4829450f7430f2878927
|
||||||
- linuxkit/runc:v0.8
|
- linuxkit/runc:9f7aad4eb5e4360cc9ed8778a5c501cce6e21601
|
||||||
- linuxkit/containerd:1ae8f054e9fe792d1dbdb9a65f1b5e14491cb106
|
- linuxkit/containerd:2f0907913dd54ab5186006034eb224a0da12443e
|
||||||
- linuxkit/ca-certificates:v0.8
|
- linuxkit/ca-certificates:c1c73ef590dffb6a0138cf758fe4a4305c9864f4
|
||||||
- linuxkit/getty:v0.8
|
- linuxkit/getty:3c6e89681a988c3d4e2610fcd7aaaa0247ded3ec
|
||||||
|
|
||||||
onboot:
|
onboot:
|
||||||
- name: format
|
- name: format
|
||||||
image: linuxkit/format:v0.8
|
image: linuxkit/format:7efa07559dd23cb4dbebfd3ab48c50fd33625918
|
||||||
command: ["/usr/bin/format", "/dev/sda"]
|
command: ["/usr/bin/format", "/dev/sda"]
|
||||||
|
|
||||||
- name: mount
|
- name: mount
|
||||||
image: linuxkit/mount:v0.8
|
image: linuxkit/mount:422b219bb1c7051096126ac83e6dcc8b2f3f1176
|
||||||
command: ["/usr/bin/mountie", "/dev/sda1", "/var/lib/adlin"]
|
command: ["/usr/bin/mountie", "/dev/sda1", "/var/lib/adlin"]
|
||||||
|
|
||||||
- name: sysctl
|
- name: sysctl
|
||||||
image: linuxkit/sysctl:v0.8
|
image: linuxkit/sysctl:bdc99eeedc224439ff237990ee06e5b992c8c1ae
|
||||||
binds:
|
binds:
|
||||||
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
||||||
|
|
||||||
- name: rngd1
|
- name: rngd1
|
||||||
image: linuxkit/rngd:v0.8
|
image: linuxkit/rngd:4f85d8de3f6f45973a8c88dc8fba9ec596e5495a
|
||||||
command: ["/sbin/rngd", "-1"]
|
command: ["/sbin/rngd", "-1"]
|
||||||
|
|
||||||
# Network: external
|
# Network: external
|
||||||
- name: dhcpcd
|
- name: dhcpcd
|
||||||
image: linuxkit/dhcpcd:v0.8
|
image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450
|
||||||
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1", "eth0"]
|
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1", "eth0"]
|
||||||
net: new
|
net: new
|
||||||
runtime:
|
runtime:
|
||||||
@ -41,7 +41,7 @@ onboot:
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
- name: dhcpcd-wks-dg1
|
- name: dhcpcd-wks-dg1
|
||||||
image: linuxkit/dhcpcd:v0.8
|
image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450
|
||||||
hostname: wks-dg1
|
hostname: wks-dg1
|
||||||
net: new
|
net: new
|
||||||
pid: new
|
pid: new
|
||||||
@ -57,7 +57,7 @@ services:
|
|||||||
- /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
|
- /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
|
||||||
|
|
||||||
- name: dhcpcd-wks-rh1
|
- name: dhcpcd-wks-rh1
|
||||||
image: linuxkit/dhcpcd:v0.8
|
image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450
|
||||||
hostname: wks-rh1
|
hostname: wks-rh1
|
||||||
net: new
|
net: new
|
||||||
pid: new
|
pid: new
|
||||||
@ -74,7 +74,7 @@ services:
|
|||||||
- /var/lib/adlin/wks-rh1resolv.conf:/etc/resolv.conf
|
- /var/lib/adlin/wks-rh1resolv.conf:/etc/resolv.conf
|
||||||
|
|
||||||
- name: dhcpcd-wks-rh2
|
- name: dhcpcd-wks-rh2
|
||||||
image: linuxkit/dhcpcd:v0.8
|
image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450
|
||||||
hostname: wks-rh2
|
hostname: wks-rh2
|
||||||
net: new
|
net: new
|
||||||
pid: new
|
pid: new
|
||||||
@ -90,7 +90,7 @@ services:
|
|||||||
- /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf
|
- /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf
|
||||||
|
|
||||||
- name: dhcpcd-wks-cm1
|
- name: dhcpcd-wks-cm1
|
||||||
image: linuxkit/dhcpcd:v0.8
|
image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450
|
||||||
hostname: wks-cm1
|
hostname: wks-cm1
|
||||||
net: new
|
net: new
|
||||||
pid: new
|
pid: new
|
||||||
@ -106,7 +106,7 @@ services:
|
|||||||
- /var/lib/adlin/wks-cm1resolv.conf:/etc/resolv.conf
|
- /var/lib/adlin/wks-cm1resolv.conf:/etc/resolv.conf
|
||||||
|
|
||||||
- name: sshd-wks-dg1
|
- name: sshd-wks-dg1
|
||||||
image: linuxkit/sshd:v0.8
|
image: linuxkit/sshd:4696ba61c3ec091328e1c14857d77e675802342f
|
||||||
net: /run/netns/wks-dg1
|
net: /run/netns/wks-dg1
|
||||||
uts: /run/utsns/wks-dg1
|
uts: /run/utsns/wks-dg1
|
||||||
pid: new
|
pid: new
|
||||||
@ -118,7 +118,7 @@ services:
|
|||||||
- /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
|
- /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
|
||||||
|
|
||||||
- name: sshd-wks-rh1
|
- name: sshd-wks-rh1
|
||||||
image: linuxkit/sshd:v0.8
|
image: linuxkit/sshd:4696ba61c3ec091328e1c14857d77e675802342f
|
||||||
net: /run/netns/wks-rh1
|
net: /run/netns/wks-rh1
|
||||||
uts: /run/utsns/wks-rh1
|
uts: /run/utsns/wks-rh1
|
||||||
pid: new
|
pid: new
|
||||||
|
Reference in New Issue
Block a user