teach/adlin
Archived
0
0
Fork 0
Code Issues 1 Pull Requests 4 Releases Activity

Compare commits

base: teach:917a307d251f2f5fcab26e2ad7af6fd4faa708d8
Branches Tags
teach:master
teach:renovate/github.com-gdamore-tcell-v2-2.x
teach:renovate/linuxkit-kernel-6.x
teach:renovate/golang-1.x
teach:renovate/postgres-16.x
teach:srs2024-tutorial2-v2
teach:srs2024-tutorial2-v1
teach:srs2023-tutorial3-1
teach:srs2023-tutorial3-0
teach:srs2023-tutorial2-0
teach:challenge-srs2023
teach:srs2023-tutorial2-test
..
compare: teach:a2a056f3ffaea8ed67358f4cf0257b3c5f8ecb88
Branches Tags
teach:renovate/github.com-gdamore-tcell-v2-2.x
teach:master
teach:renovate/linuxkit-kernel-6.x
teach:renovate/golang-1.x
teach:renovate/postgres-16.x
teach:srs2024-tutorial2-v2
teach:srs2024-tutorial2-v1
teach:srs2023-tutorial3-1
teach:srs2023-tutorial3-0
teach:srs2023-tutorial2-0
teach:challenge-srs2023
teach:srs2023-tutorial2-test

No commits in common. "917a307d251f2f5fcab26e2ad7af6fd4faa708d8" and "a2a056f3ffaea8ed67358f4cf0257b3c5f8ecb88" have entirely different histories.
917a307d25 ... a2a056f3ff

39 changed files with 84 additions and 324 deletions
Show Stats Expand all files Collapse all files

54
.drone.yml
View File

@ -76,57 +76,3 @@ steps:
trigger:
event:
- push
---
kind: pipeline
type: docker
name: build-tutorial-2-subject
platform:
os: linux
arch: amd64
steps:
- name: render subject
image: pandoc/latex:2.17.1
commands:
- sed -i s/v3.12/v3.14/ /etc/apk/repositories
- apk add --no-cache make ttf-linux-libertine
- tlmgr update --self
- tlmgr install enumitem environ etoolbox preprint sectsty selnolig tcolorbox titling
- wget -O /tmp/FantasqueSansMono-Normal.tar.gz https://github.com/belluzj/fantasque-sans/releases/download/v1.8.0/FantasqueSansMono-Normal.tar.gz
- mkdir /usr/share/fonts/fantasque-sans-mono
- tar xf /tmp/FantasqueSansMono-Normal.tar.gz -C /usr/share/fonts/fantasque-sans-mono OTF/ TTF/ --strip-component=1
- mkdir dist
- make -C tutorial/ansible
- mv tutorial/ansible/tutorial.pdf dist/tutorial-2.pdf
trigger:
ref:
- refs/tags/tutorial2-*
---
kind: pipeline
type: docker
name: build-tutorial-3-subject
platform:
os: linux
arch: amd64
steps:
- name: render subject
image: pandoc/latex:2.17.1
commands:
- sed -i s/v3.12/v3.14/ /etc/apk/repositories
- apk add --no-cache make ttf-linux-libertine
- tlmgr update --self
- tlmgr install enumitem environ etoolbox preprint sectsty selnolig tcolorbox titling
- wget -O /tmp/FantasqueSansMono-Normal.tar.gz https://github.com/belluzj/fantasque-sans/releases/download/v1.8.0/FantasqueSansMono-Normal.tar.gz
- mkdir /usr/share/fonts/fantasque-sans-mono
- tar xf /tmp/FantasqueSansMono-Normal.tar.gz -C /usr/share/fonts/fantasque-sans-mono OTF/ TTF/ --strip-component=1
- mkdir dist
- make -C tutorial/nat
- mv tutorial/nat/tutorial.pdf dist/tutorial-3.pdf
trigger:
ref:
- refs/tags/tutorial3-*

3
.gitignore vendored
View File

@ -22,5 +22,4 @@ tuto3.iso.gz
tuto3-kernel
tuto3-state/
fonts/
students*.csv
vendor/
students*.csv

54
Makefile
View File

@ -1,86 +1,84 @@
LINUXKIT ?= $(GOPATH)/bin/linuxkit
tuto1: token-validator/token-validator server.iso
pkg/login-app: pkg/login-app/cmd/login.go pkg/login-app/cmd/dialog-checklogin.go pkg/login-app/cmd/cmd pkg/login-app/cmd/dialog-login.go pkg/login-app/cmd/login-app pkg/login-app/cmd/dialog-errmsg.go pkg/login-app/cmd/main.go pkg/login-app/cmd/stream.go pkg/login-app/cmd/cinematic.go pkg/login-app/build.yml pkg/login-app/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/login-app/
#$(LINUXKIT) pkg push -org nemunaire --sign=false pkg/login-app/
linuxkit pkg build -org nemunaire pkg/login-app/
#linuxkit pkg push -org nemunaire --sign=false pkg/login-app/
touch pkg/login-app
login-initrd.img: login.yml pkg/login-app
$(LINUXKIT) build -docker $<
linuxkit build -docker $<
token-validator/token-validator: token-validator/*.go
go generate ./token-validator
GOOS=linux GOARM=5 GOARCH=arm go build -tags netgo -ldflags '-w -extldflags "-static"' -o $@ ./token-validator
challenge: pkg/challenge/adlin pkg/challenge/issue pkg/challenge/init
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/challenge/
linuxkit pkg build -org nemunaire pkg/challenge/
challenge-initrd.img: challenge.yml subject/adlin.6.gz subject/adlin-TP1-topologie.png
$(LINUXKIT) build -docker $<
linuxkit build -docker $<
pkg/arp-spoofer: pkg/arp-spoofer/cmd/main.go pkg/arp-spoofer/cmd/arp.go pkg/arp-spoofer/build.yml pkg/arp-spoofer/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire $@
linuxkit pkg build -org nemunaire $@
touch $@
pkg/login-validator: pkg/login-validator/cmd/login.go pkg/login-validator/cmd/main.go pkg/login-validator/cmd/pxetpl.go pkg/login-validator/cmd/logout.go pkg/login-validator/cmd/auth.go pkg/login-validator/cmd/arp.go pkg/login-validator/cmd/auth_krb5.go pkg/login-validator/cmd/auth_ldap.go pkg/login-validator/cmd/students.go pkg/login-validator/cmd/auth_fwd.go pkg/login-validator/cmd/ssh.go pkg/login-validator/build.yml pkg/login-validator/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/login-validator/
linuxkit pkg build -org nemunaire pkg/login-validator/
touch pkg/login-validator
pkg/monit: pkg/monit/build.yml pkg/monit/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/monit/
linuxkit pkg build -org nemunaire pkg/monit/
touch pkg/monit
pkg/postfix: pkg/postfix/build.yml pkg/postfix/docker-entrypoint.sh pkg/postfix/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/postfix/
linuxkit pkg build -org nemunaire pkg/postfix/
touch pkg/postfix
pkg/tftpd: pkg/tftpd/build.yml pkg/tftpd/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/tftpd/
linuxkit pkg build -org nemunaire pkg/tftpd/
touch pkg/tftpd
pkg/unbound: pkg/unbound/build.yml pkg/unbound/docker-entrypoint.sh pkg/unbound/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/unbound/
linuxkit pkg build -org nemunaire pkg/unbound/
touch pkg/unbound
pkg/wg-manager: pkg/wg-manager/cmd/register.go pkg/wg-manager/cmd/main.go pkg/wg-manager/build.yml pkg/wg-manager/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/wg-manager/
linuxkit pkg build -org nemunaire pkg/wg-manager/
touch pkg/wg-manager
server.iso: server.yml students.csv ssl/fullchain.pem ssl/privkey.pem challenge-initrd.img pkg/arp-spoofer pkg/login-validator pkg/monit pkg/postfix pkg/tftpd pkg/unbound pkg/wg-manager challenge-kernel login-initrd.img
$(LINUXKIT) build -docker -format iso-bios $<
linuxkit build -docker -format iso-bios $<
pkg/debian-tuto2: pkg/debian-tuto2/sshd_config pkg/debian-tuto2/gai.conf pkg/debian-tuto2/isolinux.cfg pkg/debian-tuto2/build.yml pkg/debian-tuto2/default.script pkg/debian-tuto2/issue pkg/debian-tuto2/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/debian-tuto2/
linuxkit pkg build -org nemunaire pkg/debian-tuto2/
touch pkg/debian-tuto2
pkg/debian-tuto3: pkg/debian-tuto3/sshd_config pkg/debian-tuto3/build.yml pkg/debian-tuto3/issue pkg/debian-tuto3/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/debian-tuto3/
linuxkit pkg build -org nemunaire pkg/debian-tuto3/
touch pkg/debian-tuto3
pkg/router-tuto3: pkg/router-tuto3/build.yml pkg/router-tuto3/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/router-tuto3/
linuxkit pkg build -org nemunaire pkg/router-tuto3/
touch pkg/router-tuto3
pkg/tinydeb: pkg/tinydeb/sshd_config pkg/tinydeb/gai.conf pkg/tinydeb/build.yml pkg/tinydeb/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/tinydeb/
linuxkit pkg build -org nemunaire pkg/tinydeb/
touch pkg/tinydeb
pkg/nsd: pkg/nsd/sshd_config pkg/nsd/build.yml pkg/nsd/init pkg/nsd/Dockerfile
$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/tinydeb/
linuxkit pkg build -org nemunaire pkg/tinydeb/
touch pkg/nsd
tuto2-kernel: tuto2.yml
$(LINUXKIT) build -docker $<
linuxkit build -docker $<
tuto2-initrd.img: tuto2.yml
$(LINUXKIT) build -docker $<
linuxkit build -docker $<
tuto2-cmdline: tuto2.yml
$(LINUXKIT) build -docker $<
linuxkit build -docker $<
tuto2.iso: tuto2.yml pkg/debian-tuto2 tuto2-kernel tuto2-initrd.img tuto2-cmdline
$(LINUXKIT) build -docker -format iso-bios $<
linuxkit build -docker -format iso-bios $<
tuto2-srs.iso: tuto2.iso pkg/debian-tuto2/isolinux.cfg
$(eval TDIR := $(shell mktemp -d))
@ -95,14 +93,14 @@ tuto2-srs.iso: tuto2.iso pkg/debian-tuto2/isolinux.cfg
tuto3-kernel: tuto3.yml
$(LINUXKIT) build -docker $<
linuxkit build -docker $<
tuto3-initrd.img: tuto3.yml
$(LINUXKIT) build -docker $<
linuxkit build -docker $<
tuto3-cmdline: tuto3.yml
$(LINUXKIT) build -docker $<
linuxkit build -docker $<
tuto3.iso: tuto3.yml pkg/debian-tuto3 pkg/router-tuto3 pkg/tinydeb pkg/unbound pkg/nsd
$(LINUXKIT) build -docker -format iso-bios $<
linuxkit build -docker -format iso-bios $<
%.gz: %

2
login.yml
View File

@ -1,6 +1,6 @@
init:
- busybox
- nemunaire/adlin-login-app:a6ceb3829e7c6e65187654eb212fbd0e888b9dd4
- nemunaire/adlin-login-app:c71f57c845cd1e26df4a95143c86c98699bf7b6c
files:
- path: /etc/ssl/certs/DST_Root_CA_X3.pem

2
pkg/adlin-tuto1/build.yml
View File

@ -1,4 +1,2 @@
image: adlin-tuto1
network: true
arches:
- x86_64

2
pkg/arp-spoofer/build.yml
View File

@ -1,4 +1,2 @@
image: adlin-arp-spoofer
network: true
arches:
- x86_64

12
pkg/arp-spoofer/cmd/go.mod
View File

@ -1,12 +0,0 @@
module git.nemunai.re/srs/adlin/pkg/arp-spoofer
go 1.16
require github.com/mdlayher/arp v0.0.0-20191213142603-f72070a231fc
require (
github.com/mdlayher/ethernet v0.0.0-20190313224307-5b5fc417d966 // indirect
github.com/mdlayher/raw v0.0.0-20190313224157-43dbcdd7739d // indirect
golang.org/x/net v0.0.0-20190313220215-9f648a60d977 // indirect
golang.org/x/sys v0.0.0-20190312061237-fead79001313 // indirect
)

15
pkg/arp-spoofer/cmd/go.sum
View File

@ -1,15 +0,0 @@
github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/mdlayher/arp v0.0.0-20191213142603-f72070a231fc h1:m7rJJJeXrYCFpsxXYapkDW53wJCDmf9bsIXUg0HoeQY=
github.com/mdlayher/arp v0.0.0-20191213142603-f72070a231fc/go.mod h1:eOj1DDj3NAZ6yv+WafaKzY37MFZ58TdfIhQ+8nQbiis=
github.com/mdlayher/ethernet v0.0.0-20190313224307-5b5fc417d966 h1:O3p5UmisBhl3V6lgs4Vdfg8HpjzbWJPyOfGLdwVJSmI=
github.com/mdlayher/ethernet v0.0.0-20190313224307-5b5fc417d966/go.mod h1:5s5p/sMJ6sNsFl6uCh85lkFGV8kLuIYJCRJLavVJwvg=
github.com/mdlayher/raw v0.0.0-20190313224157-43dbcdd7739d h1:rjAS0af7FIYCScTtEU5KjIldC6qVaEScUJhABHC+ccM=
github.com/mdlayher/raw v0.0.0-20190313224157-43dbcdd7739d/go.mod h1:r1fbeITl2xL/zLbVnNHFyOzQJTgr/3fpf1lJX/cjzR8=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/net v0.0.0-20190313220215-9f648a60d977 h1:actzWV6iWn3GLqN8dZjzsB+CLt+gaV2+wsxroxiQI8I=
golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313 h1:pczuHS43Cp2ktBEEmLwScxgjWsBSzdaQiKzUyf3DTTc=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

2
pkg/awx_web/build.yml
View File

@ -1,4 +1,2 @@
image: awx_web
network: true
arches:
- x86_64

2
pkg/challenge/build.yml
View File

@ -1,4 +1,2 @@
image: challenge
network: true
arches:
- x86_64

2
pkg/debian-tuto2/build.yml
View File

@ -1,4 +1,2 @@
image: adlin-tuto2
network: true
arches:
- x86_64

2
pkg/debian-tuto3/build.yml
View File

@ -1,4 +1,2 @@
image: adlin-tuto3
network: true
arches:
- x86_64

2
pkg/debug/build.yml
View File

@ -1,4 +1,2 @@
image: debug
network: true
arches:
- x86_64

2
pkg/iscsi-target/build.yml
View File

@ -1,4 +1,2 @@
image: iscsi-target
network: true
arches:
- x86_64

2
pkg/login-app/build.yml
View File

@ -1,4 +1,2 @@
image: adlin-login-app
network: true
arches:
- x86_64

1
pkg/login-app/cmd/.gitignore vendored
View File

@ -1 +0,0 @@
cmd

2
pkg/login-validator/build.yml
View File

@ -1,4 +1,2 @@
image: adlin-login-validator
network: true
arches:
- x86_64

4
pkg/login-validator/cmd/auth_krb5.go
View File

@ -49,9 +49,9 @@ func (f *Krb5Auth) checkAuth(username, password string) (res bool, err error) {
if err := c.Login(); err != nil {
if errk, ok := err.(krberror.Krberror); ok {
if errk.RootCause == krberror.NetworkingError {
return false, errors.New("Authentication system unavailable, please retry")
return false, errors.New(`{"status": "Authentication system unavailable, please retry."}`)
} else if errk.RootCause == krberror.KDCError {
return false, errors.New("Invalid username or password")
return false, errors.New(`{"status": "Invalid username or password"}`)
}
}
return false, err

20
pkg/login-validator/cmd/go.mod
View File

@ -1,20 +0,0 @@
module git.nemunai.re/srs/adlin/pkg/login-validator
go 1.17
require (
github.com/go-ldap/ldap/v3 v3.4.2
github.com/jcmturner/gokrb5/v8 v8.4.2
)
require (
github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c // indirect
github.com/go-asn1-ber/asn1-ber v1.5.1 // indirect
github.com/hashicorp/go-uuid v1.0.2 // indirect
github.com/jcmturner/aescts/v2 v2.0.0 // indirect
github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect
github.com/jcmturner/gofork v1.0.0 // indirect
github.com/jcmturner/rpc/v2 v2.0.3 // indirect
golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9 // indirect
golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa // indirect
)

44
pkg/login-validator/cmd/go.sum
View File

@ -1,44 +0,0 @@
github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzUzbJPqhK839ygXJ82sde8x3ogr6R28=
github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-asn1-ber/asn1-ber v1.5.1 h1:pDbRAunXzIUXfx4CB2QJFv5IuPiuoW+sWvr/Us009o8=
github.com/go-asn1-ber/asn1-ber v1.5.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
github.com/go-ldap/ldap/v3 v3.4.2 h1:zFZKcXKLqZpFMrMQGHeHWKXbDTdNCmhGY9AK41zPh+8=
github.com/go-ldap/ldap/v3 v3.4.2/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg=
github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=
github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo=
github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM=
github.com/jcmturner/gofork v1.0.0 h1:J7uCkflzTEhUZ64xqKnkDxq3kzc96ajM1Gli5ktUem8=
github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o=
github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o=
github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg=
github.com/jcmturner/gokrb5/v8 v8.4.2 h1:6ZIM6b/JJN0X8UM43ZOM6Z4SJzla+a/u7scXFJzodkA=
github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc=
github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9 h1:umElSU9WZirRdgu2yFHY0ayQkEnKiOC1TtM3fWXFnoU=
golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa h1:F+8P+gmewFQYRk6JoLQLwjBCTu3mcIURZfNkVweuRKA=
golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

11
pkg/login-validator/cmd/login.go
View File

@ -15,10 +15,7 @@ import (
"time"
)
var (
loginSalt string
justLogin bool
)
var loginSalt string
type loginChecker struct {
students []Student
@ -84,12 +81,6 @@ func (l loginChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}
if justLogin {
log.Println("Successful login of", lu.Username, "at", r.RemoteAddr)
http.Error(w, "You're now successfully logged.", http.StatusOK)
return
}
// Find corresponding MAC
var ip net.IP
spl := strings.SplitN(r.RemoteAddr, ":", 2)

2
pkg/login-validator/cmd/main.go
View File

@ -18,8 +18,6 @@ var tftpDir string
func main() {
var studentsFile string
flag.BoolVar(&justLogin, "just-login", justLogin, "Don't perform MAC assignation and remote registration")
var bind = flag.String("bind", ":8081", "Bind port/socket")
flag.StringVar(&studentsFile, "students", "./students.csv", "Path to a CSV file containing students list")
flag.StringVar(&ARPTable, "arp", ARPTable, "Path to ARP table")

2
pkg/minichecker/build.yml
View File

@ -1,4 +1,2 @@
image: minichecker
network: true
arches:
- x86_64

2
pkg/monit/build.yml
View File

@ -1,4 +1,2 @@
image: monit
network: true
arches:
- x86_64

2
pkg/nsd/build.yml
View File

@ -1,4 +1,2 @@
image: nsd
network: true
arches:
- x86_64

2
pkg/postfix/build.yml
View File

@ -1,4 +1,2 @@
image: postfix
network: true
arches:
- x86_64

2
pkg/router-tuto3/build.yml
View File

@ -1,4 +1,2 @@
image: router-tuto3
network: true
arches:
- x86_64

2
pkg/tftpd/build.yml
View File

@ -1,4 +1,2 @@
image: tftpd
network: true
arches:
- x86_64

2
pkg/tinydeb/build.yml
View File

@ -1,4 +1,2 @@
image: tinydeb
network: true
arches:
- x86_64

2
pkg/unbound/build.yml
View File

@ -1,4 +1,2 @@
image: unbound
network: true
arches:
- x86_64

2
pkg/wg-manager/build.yml
View File

@ -1,4 +1,2 @@
image: wg-manager
network: true
arches:
- x86_64

3
pkg/wg-manager/cmd/go.mod
View File

@ -1,3 +0,0 @@
module git.nemunai.re/srs/adlin/pkg/wg-manager
go 1.16

2
pkg/wg/build.yml
View File

@ -1,7 +1,5 @@
image: wg
network: true
arches:
- x86_64
config:
capabilities:
- CAP_NET_ADMIN

9
renovate.json
View File

@ -2,14 +2,7 @@
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"packageRules": [
{
"matchPackageNames": [
"github.com/julienschmidt/httprouter",
"github.com/go-sql-driver/mysql",
"github.com/miekg/dns",
"github.com/rivo/tview",
"golang.org/x/oauth2",
"gopkg.in/asn1-ber.v1"
],
"matchPackageNames": ["github.com/rivo/tview", "github.com/go-sql-driver/mysql", "github.com/julienschmidt/httprouter", "github.com/miekg/dns", "golang.org/x/oauth2", "gopkg.in/asn1-ber.v1"],
"automerge": true,
"automergeType": "branch"
}

46
server.yml
View File

@ -5,29 +5,29 @@ kernel:
cmdline: "console=tty0"
init:
- linuxkit/init:7e3d51e6ab5896ecb36a4829450f7430f2878927
- linuxkit/runc:9f7aad4eb5e4360cc9ed8778a5c501cce6e21601
- linuxkit/containerd:2f0907913dd54ab5186006034eb224a0da12443e
- linuxkit/ca-certificates:c1c73ef590dffb6a0138cf758fe4a4305c9864f4
- linuxkit/init:a68f9fa0c1d9dbfc9c23663749a0b7ac510cbe1c
- linuxkit/runc:v0.8
- linuxkit/containerd:1ae8f054e9fe792d1dbdb9a65f1b5e14491cb106
- linuxkit/ca-certificates:v0.8
# - linuxkit/firmware:v0.7
- linuxkit/getty:3c6e89681a988c3d4e2610fcd7aaaa0247ded3ec
- nemunaire/monit:90a16ed909ca82b5a2a277cb290301e97ee36063
- linuxkit/getty:v0.8
- nemunaire/monit:efb921ff9d2e564dfa43880c608e87dce6ad22b1
# - nemunaire/iscsi-target:8872d1c5e0cefe3c36b60e873b8452aefb19d84d
onboot:
- name: sysctl
image: linuxkit/sysctl:bdc99eeedc224439ff237990ee06e5b992c8c1ae
image: linuxkit/sysctl:v0.8
binds:
- /etc/sysctl.d/:/etc/sysctl.d/:ro
# Mount first drive to enable some persistance
- name: mount
image: linuxkit/mount:422b219bb1c7051096126ac83e6dcc8b2f3f1176
image: linuxkit/mount:v0.8
command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ]
# Network: interface for login-validator
- name: login-iface-setup
image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
image: linuxkit/ip:v0.8
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
net: new
runtime:
@ -42,7 +42,7 @@ onboot:
# wg-manager
- name: wg-iface-setup
image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
image: linuxkit/ip:v0.8
command: ["/bin/sh", "-c", "ip a add 172.17.0.15/16 dev vethin-wg; ip a add 10.224.33.251/24 dev vethin-wg; ip link set vethin-wg address 0e:f2:7e:10:58:69; ip link set vethin-wg up; ip route add default via 10.224.33.252; wg-quick up wg0; /sbin/iptables-restore < /etc/iptables/rules.v4;" ]
net: new
binds:
@ -60,7 +60,7 @@ onboot:
# token-validator
- name: validator-iface-setup
image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
image: linuxkit/ip:v0.8
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
net: new
runtime:
@ -73,7 +73,7 @@ onboot:
# domain name
- name: ns-iface-setup
image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
image: linuxkit/ip:v0.8
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
net: new
runtime:
@ -86,7 +86,7 @@ onboot:
# time server
- name: time-iface-setup
image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
image: linuxkit/ip:v0.8
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
net: new
runtime:
@ -99,7 +99,7 @@ onboot:
# mail server
- name: mail-iface-setup
image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
image: linuxkit/ip:v0.8
command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
net: new
runtime:
@ -116,9 +116,9 @@ onboot:
services:
- name: rngd
image: linuxkit/rngd:4f85d8de3f6f45973a8c88dc8fba9ec596e5495a
image: linuxkit/rngd:v0.8
- name: sshd
image: linuxkit/sshd:4696ba61c3ec091328e1c14857d77e675802342f
image: linuxkit/sshd:v0.8
- name: dhcpd
image: joebiellik/dhcpd
@ -136,7 +136,7 @@ services:
- /var/lib/adlin/dhcp
- name: tftpd
image: nemunaire/tftpd:de6fcc89d7cbaa46aa5e37821aeac24136f84761
image: nemunaire/tftpd:b0d2e1de2660e81c329ecb49966c32aab8982f11
capabilities:
- all
binds:
@ -145,11 +145,11 @@ services:
- /var/lib/adlin/pxelinux.cfg:/srv/tftp/pxelinux.cfg
- name: arp-spoofer
image: nemunaire/adlin-arp-spoofer:9cfd4b106e4a70281fad33fb36df1a189f846cb6
image: nemunaire/adlin-arp-spoofer:5c78e97a8c90b9faf8395f7084a05d0fb44c779a
command: ["/bin/arp-spoofer", "-iface=br-ext", "-ip-spoof=172.17.0.15"]
- name: login-validator
image: nemunaire/adlin-login-validator:29c8b8434f26e7f0e0b02e19992bf67c90da3675
image: nemunaire/adlin-login-validator:5e8ae6a40d2764d66a0e65f7ebd68961729f3a90-dirty
# command: ["/bin/login-validator", "-bind=:8081", "-auth=ldap", "-ldaphost=auth.cri.epita.net", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"]
# command: ["/bin/login-validator", "-bind=:8081", "-auth=krb5", "-krb5realm=CRI.EPITA.FR"]
command: ["/bin/login-validator", "-bind=:8081", "-auth=fwd", "-fwduri=https://adlin.nemunai.re/auth"]
@ -207,7 +207,7 @@ services:
- /usr/share/ca-certificates:/usr/share/ca-certificates:ro
- name: wg
image: nemunaire/wg-manager:5f60162cc1d934a209bbac8d963a2d9f6ba10c04
image: nemunaire/wg-manager:13a3c9000f68327b3051d089f86cd5a136ec48e4
command: ["/bin/wg-manager", "-bind=:80" ]
capabilities:
- all
@ -216,7 +216,7 @@ services:
- /etc/resolv.conf:/etc/resolv.conf:ro
- name: ns
image: nemunaire/unbound:bd37359b69eb87eb5764fc18d9842cf78afc656c
image: nemunaire/unbound:57b1e5e6d435a27af880036aed2c320073f7dffb
net: /run/netns/dmz-ns
capabilities:
- all
@ -224,7 +224,7 @@ services:
- /etc/unbound:/etc/unbound:ro
- name: time
image: linuxkit/openntpd:d6c36ac367ed26a6eeffd8db78334d9f8041b038
image: linuxkit/openntpd:v0.8
command: ["/bin/sh", "-c", "sleep 10; /usr/sbin/ntpd -d -s" ]
net: /run/netns/dmz-time
capabilities:
@ -239,7 +239,7 @@ services:
- /etc/ntpd.conf:/etc/ntpd.conf:ro
- name: postfix
image: nemunaire/postfix:6c556b4517ddb596ae0d084ec9783de9eba6534d
image: nemunaire/postfix:34430347e3a1221fd743774dc566420f748f3839
net: /run/netns/dmz-mail
capabilities:
- CAP_CHOWN

2
tuto2.yml
View File

@ -1,5 +1,5 @@
kernel:
image: linuxkit/kernel:5.10.92
image: linuxkit/kernel:4.19.121
cmdline: "console=tty0 console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.format=/dev/sda quiet"
init:

58
tuto3.yml
View File

@ -1,36 +1,36 @@
kernel:
image: linuxkit/kernel:5.10.92
image: linuxkit/kernel:4.19.121
# cmdline: "console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.token=LqCdJDfniA"
cmdline: "console=tty0"
init:
- linuxkit/init:7e3d51e6ab5896ecb36a4829450f7430f2878927
- linuxkit/runc:9f7aad4eb5e4360cc9ed8778a5c501cce6e21601
- linuxkit/containerd:2f0907913dd54ab5186006034eb224a0da12443e
- linuxkit/ca-certificates:c1c73ef590dffb6a0138cf758fe4a4305c9864f4
- linuxkit/getty:3c6e89681a988c3d4e2610fcd7aaaa0247ded3ec
- linuxkit/init:a68f9fa0c1d9dbfc9c23663749a0b7ac510cbe1c
- linuxkit/runc:v0.8
- linuxkit/containerd:1ae8f054e9fe792d1dbdb9a65f1b5e14491cb106
- linuxkit/ca-certificates:v0.8
- linuxkit/getty:v0.8
onboot:
- name: format
image: linuxkit/format:7efa07559dd23cb4dbebfd3ab48c50fd33625918
image: linuxkit/format:v0.8
command: ["/usr/bin/format", "/dev/sda"]
- name: mount
image: linuxkit/mount:422b219bb1c7051096126ac83e6dcc8b2f3f1176
image: linuxkit/mount:v0.8
command: ["/usr/bin/mountie", "/dev/sda1", "/var/lib/adlin"]
- name: sysctl
image: linuxkit/sysctl:bdc99eeedc224439ff237990ee06e5b992c8c1ae
image: linuxkit/sysctl:v0.8
binds:
- /etc/sysctl.d/:/etc/sysctl.d/:ro
- name: rngd1
image: linuxkit/rngd:4f85d8de3f6f45973a8c88dc8fba9ec596e5495a
image: linuxkit/rngd:v0.8
command: ["/sbin/rngd", "-1"]
# Network: external
- name: dhcpcd
image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450
image: linuxkit/dhcpcd:v0.8
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1", "eth0"]
net: new
runtime:
@ -41,7 +41,7 @@ onboot:
services:
- name: dhcpcd-wks-dg1
image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450
image: linuxkit/dhcpcd:v0.8
hostname: wks-dg1
net: new
pid: new
@ -57,7 +57,7 @@ services:
- /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
- name: dhcpcd-wks-rh1
image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450
image: linuxkit/dhcpcd:v0.8
hostname: wks-rh1
net: new
pid: new
@ -74,7 +74,7 @@ services:
- /var/lib/adlin/wks-rh1resolv.conf:/etc/resolv.conf
- name: dhcpcd-wks-rh2
image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450
image: linuxkit/dhcpcd:v0.8
hostname: wks-rh2
net: new
pid: new
@ -90,7 +90,7 @@ services:
- /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf
- name: dhcpcd-wks-cm1
image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450
image: linuxkit/dhcpcd:v0.8
hostname: wks-cm1
net: new
pid: new
@ -106,7 +106,7 @@ services:
- /var/lib/adlin/wks-cm1resolv.conf:/etc/resolv.conf
- name: sshd-wks-dg1
image: linuxkit/sshd:4696ba61c3ec091328e1c14857d77e675802342f
image: linuxkit/sshd:v0.8
net: /run/netns/wks-dg1
uts: /run/utsns/wks-dg1
pid: new
@ -118,7 +118,7 @@ services:
- /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
- name: sshd-wks-rh1
image: linuxkit/sshd:4696ba61c3ec091328e1c14857d77e675802342f
image: linuxkit/sshd:v0.8
net: /run/netns/wks-rh1
uts: /run/utsns/wks-rh1
pid: new
@ -145,7 +145,6 @@ services:
options: ["rw","nosuid","noexec","nodev","relatime"]
binds:
- /var/lib/adlin/wrt-etc:/etc
- /var/lib/adlin/wireguard/ansible.fact:/etc/ansible/facts.d/maatma.fact
- /etc/rinittab:/etc/inittab
- /etc/hosts:/etc/hosts:ro
- /etc/dresolv.conf:/etc/resolv.conf
@ -565,11 +564,8 @@ files:
# Avoid listening on IPv6
sed -r -i '/list\s+listen_http\s+\[::\]:80/d;/list\s+listen_https\s+\[::\]:443/d' /var/lib/adlin/wrt-etc/config/uhttpd
rm /var/lib/adlin/wrt-etc/config/network
}
# Configure networking
[ -f /var/lib/adlin/wrt-etc/config/network ] || cat > /var/lib/adlin/wrt-etc/config/network <<EOF
# Configure networking
cat > /var/lib/adlin/wrt-etc/config/network <<EOF
config interface 'loopback'
option ifname 'lo'
@ -582,6 +578,7 @@ files:
option proto 'dhcp'
EOF
}
[ -e /var/lib/adlin/wrt-config ] && {
mv /var/lib/adlin/wrt-config/* /var/lib/adlin/wrt-etc/config/
@ -597,7 +594,6 @@ files:
EOF
[ -f /var/lib/adlin/wireguard/adlin.conf ] && /usr/bin/update-wg-conf
[ -f /var/lib/adlin/wireguard/ansible.fact ] || touch /var/lib/adlin/wireguard/ansible.fact
mode: "0755"
- path: usr/bin/update-wg-conf
@ -609,7 +605,7 @@ files:
WKSIP=$(echo "${TUNIP}" | sed "s#:[^:/]*/.*\$#1::1/96#")
grep -q wireguard /var/lib/adlin/wrt-etc/config/network && {
sed -i -r "s#list addresses '[^']*'#list addresses '${TUNIP}'#;s#option private_key '[^']*'#option private_key '${TUNPVKEY}'#;" /var/lib/adlin/wrt-etc/config/network
sed -i -r "s#list addresses '[^']+'#list addresses '${TUNIP}'#;s#option private_key '[^']+'#option private_key '${TUNPVKEY}'#;" /var/lib/adlin/wrt-etc/config/network
}
grep -q wireguard /var/lib/adlin/wrt-etc/config/network || cat >> /var/lib/adlin/wrt-etc/config/network <<EOF
@ -640,14 +636,6 @@ files:
option interface 'wg0'
EOF
cat <<EOF > /var/lib/adlin/wireguard/ansible.fact
[tun]
pvkey=${TUNPVKEY}
ip6=${TUNIP}
srvip6=${SRVIP}
wksip6=${WKSIP}
EOF
mode: "0755"
- path: etc/init.d/014-get-ssh-keys
@ -685,7 +673,7 @@ files:
- path: /etc/init.d/800-rw-passwd.sh
contents: |
#!/bin/sh
sed -ri '/^root/s@^root::.*$@root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow
sed -ri '/^root/s@^root:x:.*$@root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow
mkdir -p /var/lib/adlin/wrt-etc/dropbear/
[ -f /var/lib/adlin/authorized_keys ] && ! [ -f /var/lib/adlin/wrt-etc/dropbear/authorized_keys ] && cp /var/lib/adlin/authorized_keys /var/lib/adlin/wrt-etc/dropbear/authorized_keys
@ -701,7 +689,7 @@ files:
cp /etc/services /containers/services/${svc}/rootfs/etc/services
mkdir -p /containers/services/${svc}/rootfs/root/.ssh
[ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/${svc}/rootfs/root/.ssh/authorized_keys
nsenter -t $(ctr -n services.linuxkit t ls | grep ${svc} | awk '{ print $2 }') -a -- ssh-keygen -A
nsenter -t $(ctr -n services.linuxkit t ls | grep ${svc} | awk '{ print $2 }') -a ssh-keygen -A
done
exit 0

10
tutorial/nat/rendu.md
View File

@ -55,23 +55,19 @@ login_x-TP3/roles/revproxy/templates/nginx.conf.j2
- votre routeur filtre les paquets entrants (IPv4, IPv6) selon la politique que vous avez défini,
- votre routeur bloque les connexions entrantes vers le réseau des stations de travail,
- votre routeur effectue du NAT en IPv4 pour les serveurs et les stations de travail.
\
- Votre vitrine est exposée en HTTP et HTTPS,
- les options HTTPS ont été choisies avec soin, selon les recommandations de l'ANSSI,
- le visiteur est redirigé systématiquement vers la version HTTPS,
- le visiteur est redirigé vers `www.login_x.srs.p0m.fr` lorsqu'il visite `login_x.srs.p0m.fr`,
- `news.login_x.srs.p0m.fr` affiche miniflux,
- `matrix.login_x.srs.p0m.fr` est prêt.
\
- Votre serveur de nom de domaines est accessible en TCP et UDP,
- votre nom de domaine se résout depuis un résolveur public,
\
- La configuration de tous les serveurs accessibles respectent les recommandations de l'ANSSI,
- votre IPv6 publique peut évoluer en changeant simplement une variable `group_vars/all`.
\
- Vous avez utilisé des
[rôles](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html)
pour rendre vos recettes Ansible réutilisables.
## Signature du rendu

18
tutorial/nat/what.md
View File

@ -85,8 +85,8 @@ celles-ci sont automatiquement ajoutées aux différents serveurs. Cependant,
seuls les clefs RSA et DSA sont utilisables pour se connecter sur le routeur,
le serveur SSH ne gère pas les courbes éliptiques.
Notez que vous n'avez pas accès à la machine hébergeant la base de données, ni
à celle hébergeant le lecteur de flux RSS.
Notez que vous n'avez pas accès à la machine hébergeant la base de données, le
lecteur de flux RSS, ni à celle du résolveur DNS.
Objectif du TP
@ -103,20 +103,6 @@ s'assurer que ce soit également le cas des stations de travail).
*Playbook* Ansible semble plutôt adaptée !
### Mots de passes
Tous les mots de passes sont `adlin2022` pour tous les services.
3 bases de données Postgres sont à votre disposition pour vos différents
services :
- `matrix`
- `miniflux`
- `website`
Pour chacune, un utilisateur du même nom existe pour s'y connecter à distance.
Au secours ça ne marche pas !
-----------------------------