From d5a67e2bbb5a9cb4c0e24ec292299b1f2bbf91cc Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Thu, 3 Feb 2022 18:05:17 +0100 Subject: [PATCH 1/8] login-validator: New parameter -just-login --- pkg/login-validator/cmd/login.go | 11 ++++++++++- pkg/login-validator/cmd/main.go | 2 ++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/pkg/login-validator/cmd/login.go b/pkg/login-validator/cmd/login.go index f7aa233..e45c36f 100644 --- a/pkg/login-validator/cmd/login.go +++ b/pkg/login-validator/cmd/login.go @@ -15,7 +15,10 @@ import ( "time" ) -var loginSalt string +var ( + loginSalt string + justLogin bool +) type loginChecker struct { students []Student @@ -81,6 +84,12 @@ func (l loginChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } + if justLogin { + log.Println("Successful login of", lu.Username, "at", r.RemoteAddr) + http.Error(w, "You're now successfully logged.", http.StatusOK) + return + } + // Find corresponding MAC var ip net.IP spl := strings.SplitN(r.RemoteAddr, ":", 2) diff --git a/pkg/login-validator/cmd/main.go b/pkg/login-validator/cmd/main.go index a0a2536..93f4bc7 100644 --- a/pkg/login-validator/cmd/main.go +++ b/pkg/login-validator/cmd/main.go @@ -18,6 +18,8 @@ var tftpDir string func main() { var studentsFile string + flag.BoolVar(&justLogin, "just-login", justLogin, "Don't perform MAC assignation and remote registration") + var bind = flag.String("bind", ":8081", "Bind port/socket") flag.StringVar(&studentsFile, "students", "./students.csv", "Path to a CSV file containing students list") flag.StringVar(&ARPTable, "arp", ARPTable, "Path to ARP table") From 0cbe2ba9c0054d2f3a6723fe6cf24930141d59fc Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Thu, 3 Feb 2022 18:05:39 +0100 Subject: [PATCH 2/8] login-validator: Fix invalid error returned --- pkg/login-validator/cmd/auth_krb5.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/login-validator/cmd/auth_krb5.go b/pkg/login-validator/cmd/auth_krb5.go index 4068d9e..c560299 100644 --- a/pkg/login-validator/cmd/auth_krb5.go +++ b/pkg/login-validator/cmd/auth_krb5.go @@ -49,9 +49,9 @@ func (f *Krb5Auth) checkAuth(username, password string) (res bool, err error) { if err := c.Login(); err != nil { if errk, ok := err.(krberror.Krberror); ok { if errk.RootCause == krberror.NetworkingError { - return false, errors.New(`{"status": "Authentication system unavailable, please retry."}`) + return false, errors.New("Authentication system unavailable, please retry") } else if errk.RootCause == krberror.KDCError { - return false, errors.New(`{"status": "Invalid username or password"}`) + return false, errors.New("Invalid username or password") } } return false, err From dfce26064115ff565f720abae227182801403ab9 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Tue, 8 Feb 2022 17:04:20 +0100 Subject: [PATCH 3/8] renovate: Make list more readable --- renovate.json | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index b7a3cdc..408c0dc 100644 --- a/renovate.json +++ b/renovate.json @@ -2,7 +2,14 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "packageRules": [ { - "matchPackageNames": ["github.com/rivo/tview", "github.com/go-sql-driver/mysql", "github.com/julienschmidt/httprouter", "github.com/miekg/dns", "golang.org/x/oauth2", "gopkg.in/asn1-ber.v1"], + "matchPackageNames": [ + "github.com/julienschmidt/httprouter", + "github.com/go-sql-driver/mysql", + "github.com/miekg/dns", + "github.com/rivo/tview", + "golang.org/x/oauth2", + "gopkg.in/asn1-ber.v1" + ], "automerge": true, "automergeType": "branch" } From 72b8c1d32c6b2e9485af66cd1d62a8c007763490 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Fri, 18 Feb 2022 22:34:58 +0100 Subject: [PATCH 4/8] Upgrade LinuxKit --- .gitignore | 3 +- Makefile | 54 ++++++++++++++++++---------------- pkg/adlin-tuto1/build.yml | 2 ++ pkg/arp-spoofer/build.yml | 2 ++ pkg/awx_web/build.yml | 2 ++ pkg/challenge/build.yml | 2 ++ pkg/debian-tuto2/build.yml | 2 ++ pkg/debian-tuto3/build.yml | 2 ++ pkg/debug/build.yml | 2 ++ pkg/iscsi-target/build.yml | 2 ++ pkg/login-app/build.yml | 2 ++ pkg/login-app/cmd/.gitignore | 1 + pkg/login-validator/build.yml | 2 ++ pkg/login-validator/cmd/go.mod | 20 +++++++++++++ pkg/login-validator/cmd/go.sum | 44 +++++++++++++++++++++++++++ pkg/minichecker/build.yml | 2 ++ pkg/monit/build.yml | 2 ++ pkg/nsd/build.yml | 2 ++ pkg/postfix/build.yml | 2 ++ pkg/router-tuto3/build.yml | 2 ++ pkg/tftpd/build.yml | 2 ++ pkg/tinydeb/build.yml | 2 ++ pkg/unbound/build.yml | 2 ++ pkg/wg-manager/build.yml | 2 ++ pkg/wg/build.yml | 2 ++ 25 files changed, 135 insertions(+), 27 deletions(-) create mode 100644 pkg/login-app/cmd/.gitignore create mode 100644 pkg/login-validator/cmd/go.mod create mode 100644 pkg/login-validator/cmd/go.sum diff --git a/.gitignore b/.gitignore index f250ed6..fea0345 100644 --- a/.gitignore +++ b/.gitignore @@ -22,4 +22,5 @@ tuto3.iso.gz tuto3-kernel tuto3-state/ fonts/ -students*.csv \ No newline at end of file +students*.csv +vendor/ \ No newline at end of file diff --git a/Makefile b/Makefile index 39dd5db..b75c0b7 100644 --- a/Makefile +++ b/Makefile @@ -1,84 +1,86 @@ +LINUXKIT ?= $(GOPATH)/bin/linuxkit + tuto1: token-validator/token-validator server.iso pkg/login-app: pkg/login-app/cmd/login.go pkg/login-app/cmd/dialog-checklogin.go pkg/login-app/cmd/cmd pkg/login-app/cmd/dialog-login.go pkg/login-app/cmd/login-app pkg/login-app/cmd/dialog-errmsg.go pkg/login-app/cmd/main.go pkg/login-app/cmd/stream.go pkg/login-app/cmd/cinematic.go pkg/login-app/build.yml pkg/login-app/Dockerfile - linuxkit pkg build -org nemunaire pkg/login-app/ - #linuxkit pkg push -org nemunaire --sign=false pkg/login-app/ + $(LINUXKIT) pkg build -org nemunaire pkg/login-app/ + #$(LINUXKIT) pkg push -org nemunaire --sign=false pkg/login-app/ touch pkg/login-app login-initrd.img: login.yml pkg/login-app - linuxkit build -docker $< + $(LINUXKIT) build -docker $< token-validator/token-validator: token-validator/*.go go generate ./token-validator GOOS=linux GOARM=5 GOARCH=arm go build -tags netgo -ldflags '-w -extldflags "-static"' -o $@ ./token-validator challenge: pkg/challenge/adlin pkg/challenge/issue pkg/challenge/init - linuxkit pkg build -org nemunaire pkg/challenge/ + $(LINUXKIT) pkg build -org nemunaire pkg/challenge/ challenge-initrd.img: challenge.yml subject/adlin.6.gz subject/adlin-TP1-topologie.png - linuxkit build -docker $< + $(LINUXKIT) build -docker $< pkg/arp-spoofer: pkg/arp-spoofer/cmd/main.go pkg/arp-spoofer/cmd/arp.go pkg/arp-spoofer/build.yml pkg/arp-spoofer/Dockerfile - linuxkit pkg build -org nemunaire $@ + $(LINUXKIT) pkg build -org nemunaire $@ touch $@ pkg/login-validator: pkg/login-validator/cmd/login.go pkg/login-validator/cmd/main.go pkg/login-validator/cmd/pxetpl.go pkg/login-validator/cmd/logout.go pkg/login-validator/cmd/auth.go pkg/login-validator/cmd/arp.go pkg/login-validator/cmd/auth_krb5.go pkg/login-validator/cmd/auth_ldap.go pkg/login-validator/cmd/students.go pkg/login-validator/cmd/auth_fwd.go pkg/login-validator/cmd/ssh.go pkg/login-validator/build.yml pkg/login-validator/Dockerfile - linuxkit pkg build -org nemunaire pkg/login-validator/ + $(LINUXKIT) pkg build -org nemunaire pkg/login-validator/ touch pkg/login-validator pkg/monit: pkg/monit/build.yml pkg/monit/Dockerfile - linuxkit pkg build -org nemunaire pkg/monit/ + $(LINUXKIT) pkg build -org nemunaire pkg/monit/ touch pkg/monit pkg/postfix: pkg/postfix/build.yml pkg/postfix/docker-entrypoint.sh pkg/postfix/Dockerfile - linuxkit pkg build -org nemunaire pkg/postfix/ + $(LINUXKIT) pkg build -org nemunaire pkg/postfix/ touch pkg/postfix pkg/tftpd: pkg/tftpd/build.yml pkg/tftpd/Dockerfile - linuxkit pkg build -org nemunaire pkg/tftpd/ + $(LINUXKIT) pkg build -org nemunaire pkg/tftpd/ touch pkg/tftpd pkg/unbound: pkg/unbound/build.yml pkg/unbound/docker-entrypoint.sh pkg/unbound/Dockerfile - linuxkit pkg build -org nemunaire pkg/unbound/ + $(LINUXKIT) pkg build -org nemunaire pkg/unbound/ touch pkg/unbound pkg/wg-manager: pkg/wg-manager/cmd/register.go pkg/wg-manager/cmd/main.go pkg/wg-manager/build.yml pkg/wg-manager/Dockerfile - linuxkit pkg build -org nemunaire pkg/wg-manager/ + $(LINUXKIT) pkg build -org nemunaire pkg/wg-manager/ touch pkg/wg-manager server.iso: server.yml students.csv ssl/fullchain.pem ssl/privkey.pem challenge-initrd.img pkg/arp-spoofer pkg/login-validator pkg/monit pkg/postfix pkg/tftpd pkg/unbound pkg/wg-manager challenge-kernel login-initrd.img - linuxkit build -docker -format iso-bios $< + $(LINUXKIT) build -docker -format iso-bios $< pkg/debian-tuto2: pkg/debian-tuto2/sshd_config pkg/debian-tuto2/gai.conf pkg/debian-tuto2/isolinux.cfg pkg/debian-tuto2/build.yml pkg/debian-tuto2/default.script pkg/debian-tuto2/issue pkg/debian-tuto2/Dockerfile - linuxkit pkg build -org nemunaire pkg/debian-tuto2/ + $(LINUXKIT) pkg build -org nemunaire pkg/debian-tuto2/ touch pkg/debian-tuto2 pkg/debian-tuto3: pkg/debian-tuto3/sshd_config pkg/debian-tuto3/build.yml pkg/debian-tuto3/issue pkg/debian-tuto3/Dockerfile - linuxkit pkg build -org nemunaire pkg/debian-tuto3/ + $(LINUXKIT) pkg build -org nemunaire pkg/debian-tuto3/ touch pkg/debian-tuto3 pkg/router-tuto3: pkg/router-tuto3/build.yml pkg/router-tuto3/Dockerfile - linuxkit pkg build -org nemunaire pkg/router-tuto3/ + $(LINUXKIT) pkg build -org nemunaire pkg/router-tuto3/ touch pkg/router-tuto3 pkg/tinydeb: pkg/tinydeb/sshd_config pkg/tinydeb/gai.conf pkg/tinydeb/build.yml pkg/tinydeb/Dockerfile - linuxkit pkg build -org nemunaire pkg/tinydeb/ + $(LINUXKIT) pkg build -org nemunaire pkg/tinydeb/ touch pkg/tinydeb pkg/nsd: pkg/nsd/sshd_config pkg/nsd/build.yml pkg/nsd/init pkg/nsd/Dockerfile - linuxkit pkg build -org nemunaire pkg/tinydeb/ + $(LINUXKIT) pkg build -org nemunaire pkg/tinydeb/ touch pkg/nsd tuto2-kernel: tuto2.yml - linuxkit build -docker $< + $(LINUXKIT) build -docker $< tuto2-initrd.img: tuto2.yml - linuxkit build -docker $< + $(LINUXKIT) build -docker $< tuto2-cmdline: tuto2.yml - linuxkit build -docker $< + $(LINUXKIT) build -docker $< tuto2.iso: tuto2.yml pkg/debian-tuto2 tuto2-kernel tuto2-initrd.img tuto2-cmdline - linuxkit build -docker -format iso-bios $< + $(LINUXKIT) build -docker -format iso-bios $< tuto2-srs.iso: tuto2.iso pkg/debian-tuto2/isolinux.cfg $(eval TDIR := $(shell mktemp -d)) @@ -93,14 +95,14 @@ tuto2-srs.iso: tuto2.iso pkg/debian-tuto2/isolinux.cfg tuto3-kernel: tuto3.yml - linuxkit build -docker $< + $(LINUXKIT) build -docker $< tuto3-initrd.img: tuto3.yml - linuxkit build -docker $< + $(LINUXKIT) build -docker $< tuto3-cmdline: tuto3.yml - linuxkit build -docker $< + $(LINUXKIT) build -docker $< tuto3.iso: tuto3.yml pkg/debian-tuto3 pkg/router-tuto3 pkg/tinydeb pkg/unbound pkg/nsd - linuxkit build -docker -format iso-bios $< + $(LINUXKIT) build -docker -format iso-bios $< %.gz: % diff --git a/pkg/adlin-tuto1/build.yml b/pkg/adlin-tuto1/build.yml index d5637f6..af8f064 100644 --- a/pkg/adlin-tuto1/build.yml +++ b/pkg/adlin-tuto1/build.yml @@ -1,2 +1,4 @@ image: adlin-tuto1 network: true +arches: +- x86_64 diff --git a/pkg/arp-spoofer/build.yml b/pkg/arp-spoofer/build.yml index abce10c..aea7ea1 100644 --- a/pkg/arp-spoofer/build.yml +++ b/pkg/arp-spoofer/build.yml @@ -1,2 +1,4 @@ image: adlin-arp-spoofer network: true +arches: +- x86_64 diff --git a/pkg/awx_web/build.yml b/pkg/awx_web/build.yml index ce6aa2b..eede9a5 100644 --- a/pkg/awx_web/build.yml +++ b/pkg/awx_web/build.yml @@ -1,2 +1,4 @@ image: awx_web network: true +arches: +- x86_64 diff --git a/pkg/challenge/build.yml b/pkg/challenge/build.yml index a5566a2..8cf36e6 100644 --- a/pkg/challenge/build.yml +++ b/pkg/challenge/build.yml @@ -1,2 +1,4 @@ image: challenge network: true +arches: +- x86_64 diff --git a/pkg/debian-tuto2/build.yml b/pkg/debian-tuto2/build.yml index 2db4222..4f5c1d6 100644 --- a/pkg/debian-tuto2/build.yml +++ b/pkg/debian-tuto2/build.yml @@ -1,2 +1,4 @@ image: adlin-tuto2 network: true +arches: +- x86_64 diff --git a/pkg/debian-tuto3/build.yml b/pkg/debian-tuto3/build.yml index cd0c17d..e6fa19f 100644 --- a/pkg/debian-tuto3/build.yml +++ b/pkg/debian-tuto3/build.yml @@ -1,2 +1,4 @@ image: adlin-tuto3 network: true +arches: +- x86_64 diff --git a/pkg/debug/build.yml b/pkg/debug/build.yml index 9cda98b..552c3f0 100644 --- a/pkg/debug/build.yml +++ b/pkg/debug/build.yml @@ -1,2 +1,4 @@ image: debug network: true +arches: +- x86_64 diff --git a/pkg/iscsi-target/build.yml b/pkg/iscsi-target/build.yml index 9e89775..7929b3c 100644 --- a/pkg/iscsi-target/build.yml +++ b/pkg/iscsi-target/build.yml @@ -1,2 +1,4 @@ image: iscsi-target network: true +arches: +- x86_64 diff --git a/pkg/login-app/build.yml b/pkg/login-app/build.yml index f12a2cf..8568fbe 100644 --- a/pkg/login-app/build.yml +++ b/pkg/login-app/build.yml @@ -1,2 +1,4 @@ image: adlin-login-app network: true +arches: +- x86_64 diff --git a/pkg/login-app/cmd/.gitignore b/pkg/login-app/cmd/.gitignore new file mode 100644 index 0000000..911dc38 --- /dev/null +++ b/pkg/login-app/cmd/.gitignore @@ -0,0 +1 @@ +cmd \ No newline at end of file diff --git a/pkg/login-validator/build.yml b/pkg/login-validator/build.yml index 46d595c..5dcc4bf 100644 --- a/pkg/login-validator/build.yml +++ b/pkg/login-validator/build.yml @@ -1,2 +1,4 @@ image: adlin-login-validator network: true +arches: +- x86_64 diff --git a/pkg/login-validator/cmd/go.mod b/pkg/login-validator/cmd/go.mod new file mode 100644 index 0000000..b8d09bf --- /dev/null +++ b/pkg/login-validator/cmd/go.mod @@ -0,0 +1,20 @@ +module git.nemunai.re/srs/adlin/pkg/login-validator + +go 1.17 + +require ( + github.com/go-ldap/ldap/v3 v3.4.2 + github.com/jcmturner/gokrb5/v8 v8.4.2 +) + +require ( + github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c // indirect + github.com/go-asn1-ber/asn1-ber v1.5.1 // indirect + github.com/hashicorp/go-uuid v1.0.2 // indirect + github.com/jcmturner/aescts/v2 v2.0.0 // indirect + github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect + github.com/jcmturner/gofork v1.0.0 // indirect + github.com/jcmturner/rpc/v2 v2.0.3 // indirect + golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9 // indirect + golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa // indirect +) diff --git a/pkg/login-validator/cmd/go.sum b/pkg/login-validator/cmd/go.sum new file mode 100644 index 0000000..eed4b73 --- /dev/null +++ b/pkg/login-validator/cmd/go.sum @@ -0,0 +1,44 @@ +github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzUzbJPqhK839ygXJ82sde8x3ogr6R28= +github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-asn1-ber/asn1-ber v1.5.1 h1:pDbRAunXzIUXfx4CB2QJFv5IuPiuoW+sWvr/Us009o8= +github.com/go-asn1-ber/asn1-ber v1.5.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= +github.com/go-ldap/ldap/v3 v3.4.2 h1:zFZKcXKLqZpFMrMQGHeHWKXbDTdNCmhGY9AK41zPh+8= +github.com/go-ldap/ldap/v3 v3.4.2/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= +github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= +github.com/jcmturner/gofork v1.0.0 h1:J7uCkflzTEhUZ64xqKnkDxq3kzc96ajM1Gli5ktUem8= +github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o= +github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.2 h1:6ZIM6b/JJN0X8UM43ZOM6Z4SJzla+a/u7scXFJzodkA= +github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc= +github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9 h1:umElSU9WZirRdgu2yFHY0ayQkEnKiOC1TtM3fWXFnoU= +golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa h1:F+8P+gmewFQYRk6JoLQLwjBCTu3mcIURZfNkVweuRKA= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/pkg/minichecker/build.yml b/pkg/minichecker/build.yml index 3a00da6..9d2d162 100644 --- a/pkg/minichecker/build.yml +++ b/pkg/minichecker/build.yml @@ -1,2 +1,4 @@ image: minichecker network: true +arches: +- x86_64 diff --git a/pkg/monit/build.yml b/pkg/monit/build.yml index 412a8ef..c5dd087 100644 --- a/pkg/monit/build.yml +++ b/pkg/monit/build.yml @@ -1,2 +1,4 @@ image: monit network: true +arches: +- x86_64 diff --git a/pkg/nsd/build.yml b/pkg/nsd/build.yml index 7799a07..75f0284 100644 --- a/pkg/nsd/build.yml +++ b/pkg/nsd/build.yml @@ -1,2 +1,4 @@ image: nsd network: true +arches: +- x86_64 diff --git a/pkg/postfix/build.yml b/pkg/postfix/build.yml index 69c195a..3da2e9b 100644 --- a/pkg/postfix/build.yml +++ b/pkg/postfix/build.yml @@ -1,2 +1,4 @@ image: postfix network: true +arches: +- x86_64 diff --git a/pkg/router-tuto3/build.yml b/pkg/router-tuto3/build.yml index 4da7442..be89342 100644 --- a/pkg/router-tuto3/build.yml +++ b/pkg/router-tuto3/build.yml @@ -1,2 +1,4 @@ image: router-tuto3 network: true +arches: +- x86_64 diff --git a/pkg/tftpd/build.yml b/pkg/tftpd/build.yml index ab52a30..d84395f 100644 --- a/pkg/tftpd/build.yml +++ b/pkg/tftpd/build.yml @@ -1,2 +1,4 @@ image: tftpd network: true +arches: +- x86_64 diff --git a/pkg/tinydeb/build.yml b/pkg/tinydeb/build.yml index a3dc509..4b76a93 100644 --- a/pkg/tinydeb/build.yml +++ b/pkg/tinydeb/build.yml @@ -1,2 +1,4 @@ image: tinydeb network: true +arches: +- x86_64 diff --git a/pkg/unbound/build.yml b/pkg/unbound/build.yml index dfeab06..74febfd 100644 --- a/pkg/unbound/build.yml +++ b/pkg/unbound/build.yml @@ -1,2 +1,4 @@ image: unbound network: true +arches: +- x86_64 diff --git a/pkg/wg-manager/build.yml b/pkg/wg-manager/build.yml index 52d425a..66f98f6 100644 --- a/pkg/wg-manager/build.yml +++ b/pkg/wg-manager/build.yml @@ -1,2 +1,4 @@ image: wg-manager network: true +arches: +- x86_64 diff --git a/pkg/wg/build.yml b/pkg/wg/build.yml index 517ecaa..89785bd 100644 --- a/pkg/wg/build.yml +++ b/pkg/wg/build.yml @@ -1,5 +1,7 @@ image: wg network: true +arches: +- x86_64 config: capabilities: - CAP_NET_ADMIN From ad11e9ce7f1ec6762683a68bf847e4a3d447d360 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Fri, 18 Feb 2022 22:36:00 +0100 Subject: [PATCH 5/8] Last fixes 2022 tuto3 --- tuto3.yml | 24 ++++++++++++++++++------ tutorial/nat/rendu.md | 10 +++++++--- tutorial/nat/what.md | 18 ++++++++++++++++-- 3 files changed, 41 insertions(+), 11 deletions(-) diff --git a/tuto3.yml b/tuto3.yml index e666e7b..c9b58ab 100644 --- a/tuto3.yml +++ b/tuto3.yml @@ -145,6 +145,7 @@ services: options: ["rw","nosuid","noexec","nodev","relatime"] binds: - /var/lib/adlin/wrt-etc:/etc + - /var/lib/adlin/wireguard/ansible.fact:/etc/ansible/facts.d/maatma.fact - /etc/rinittab:/etc/inittab - /etc/hosts:/etc/hosts:ro - /etc/dresolv.conf:/etc/resolv.conf @@ -564,8 +565,11 @@ files: # Avoid listening on IPv6 sed -r -i '/list\s+listen_http\s+\[::\]:80/d;/list\s+listen_https\s+\[::\]:443/d' /var/lib/adlin/wrt-etc/config/uhttpd - # Configure networking - cat > /var/lib/adlin/wrt-etc/config/network < /var/lib/adlin/wrt-etc/config/network <> /var/lib/adlin/wrt-etc/config/network < /var/lib/adlin/wireguard/ansible.fact + [tun] + pvkey=${TUNPVKEY} + ip6=${TUNIP} + srvip6=${SRVIP} + wksip6=${WKSIP} + EOF mode: "0755" - path: etc/init.d/014-get-ssh-keys @@ -673,7 +685,7 @@ files: - path: /etc/init.d/800-rw-passwd.sh contents: | #!/bin/sh - sed -ri '/^root/s@^root:x:.*$@root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow + sed -ri '/^root/s@^root::.*$@root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow mkdir -p /var/lib/adlin/wrt-etc/dropbear/ [ -f /var/lib/adlin/authorized_keys ] && ! [ -f /var/lib/adlin/wrt-etc/dropbear/authorized_keys ] && cp /var/lib/adlin/authorized_keys /var/lib/adlin/wrt-etc/dropbear/authorized_keys @@ -689,7 +701,7 @@ files: cp /etc/services /containers/services/${svc}/rootfs/etc/services mkdir -p /containers/services/${svc}/rootfs/root/.ssh [ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/${svc}/rootfs/root/.ssh/authorized_keys - nsenter -t $(ctr -n services.linuxkit t ls | grep ${svc} | awk '{ print $2 }') -a ssh-keygen -A + nsenter -t $(ctr -n services.linuxkit t ls | grep ${svc} | awk '{ print $2 }') -a -- ssh-keygen -A done exit 0 diff --git a/tutorial/nat/rendu.md b/tutorial/nat/rendu.md index d47a2bd..b12fad7 100644 --- a/tutorial/nat/rendu.md +++ b/tutorial/nat/rendu.md @@ -55,19 +55,23 @@ login_x-TP3/roles/revproxy/templates/nginx.conf.j2 - votre routeur filtre les paquets entrants (IPv4, IPv6) selon la politique que vous avez défini, - votre routeur bloque les connexions entrantes vers le réseau des stations de travail, - votre routeur effectue du NAT en IPv4 pour les serveurs et les stations de travail. - +\ - Votre vitrine est exposée en HTTP et HTTPS, - les options HTTPS ont été choisies avec soin, selon les recommandations de l'ANSSI, - le visiteur est redirigé systématiquement vers la version HTTPS, - le visiteur est redirigé vers `www.login_x.srs.p0m.fr` lorsqu'il visite `login_x.srs.p0m.fr`, - `news.login_x.srs.p0m.fr` affiche miniflux, - `matrix.login_x.srs.p0m.fr` est prêt. - +\ - Votre serveur de nom de domaines est accessible en TCP et UDP, - votre nom de domaine se résout depuis un résolveur public, - +\ - La configuration de tous les serveurs accessibles respectent les recommandations de l'ANSSI, - votre IPv6 publique peut évoluer en changeant simplement une variable `group_vars/all`. +\ +- Vous avez utilisé des + [rôles](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html) + pour rendre vos recettes Ansible réutilisables. ## Signature du rendu diff --git a/tutorial/nat/what.md b/tutorial/nat/what.md index 995932d..dc523c2 100644 --- a/tutorial/nat/what.md +++ b/tutorial/nat/what.md @@ -85,8 +85,8 @@ celles-ci sont automatiquement ajoutées aux différents serveurs. Cependant, seuls les clefs RSA et DSA sont utilisables pour se connecter sur le routeur, le serveur SSH ne gère pas les courbes éliptiques. -Notez que vous n'avez pas accès à la machine hébergeant la base de données, le -lecteur de flux RSS, ni à celle du résolveur DNS. +Notez que vous n'avez pas accès à la machine hébergeant la base de données, ni +à celle hébergeant le lecteur de flux RSS. Objectif du TP @@ -103,6 +103,20 @@ s'assurer que ce soit également le cas des stations de travail). *Playbook* Ansible semble plutôt adaptée ! +### Mots de passes + +Tous les mots de passes sont `adlin2022` pour tous les services. + +3 bases de données Postgres sont à votre disposition pour vos différents +services : + + - `matrix` + - `miniflux` + - `website` + +Pour chacune, un utilisateur du même nom existe pour s'y connecter à distance. + + Au secours ça ne marche pas ! ----------------------------- From d41785fd9a77d6638be7e2941234dcb7645865d6 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Sat, 19 Feb 2022 00:12:13 +0100 Subject: [PATCH 6/8] Add go module --- Makefile | 28 ++++++++++++++-------------- pkg/arp-spoofer/cmd/go.mod | 12 ++++++++++++ pkg/arp-spoofer/cmd/go.sum | 15 +++++++++++++++ pkg/wg-manager/cmd/go.mod | 3 +++ 4 files changed, 44 insertions(+), 14 deletions(-) create mode 100644 pkg/arp-spoofer/cmd/go.mod create mode 100644 pkg/arp-spoofer/cmd/go.sum create mode 100644 pkg/wg-manager/cmd/go.mod diff --git a/Makefile b/Makefile index b75c0b7..2007900 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ LINUXKIT ?= $(GOPATH)/bin/linuxkit tuto1: token-validator/token-validator server.iso pkg/login-app: pkg/login-app/cmd/login.go pkg/login-app/cmd/dialog-checklogin.go pkg/login-app/cmd/cmd pkg/login-app/cmd/dialog-login.go pkg/login-app/cmd/login-app pkg/login-app/cmd/dialog-errmsg.go pkg/login-app/cmd/main.go pkg/login-app/cmd/stream.go pkg/login-app/cmd/cinematic.go pkg/login-app/build.yml pkg/login-app/Dockerfile - $(LINUXKIT) pkg build -org nemunaire pkg/login-app/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/login-app/ #$(LINUXKIT) pkg push -org nemunaire --sign=false pkg/login-app/ touch pkg/login-app @@ -15,61 +15,61 @@ token-validator/token-validator: token-validator/*.go GOOS=linux GOARM=5 GOARCH=arm go build -tags netgo -ldflags '-w -extldflags "-static"' -o $@ ./token-validator challenge: pkg/challenge/adlin pkg/challenge/issue pkg/challenge/init - $(LINUXKIT) pkg build -org nemunaire pkg/challenge/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/challenge/ challenge-initrd.img: challenge.yml subject/adlin.6.gz subject/adlin-TP1-topologie.png $(LINUXKIT) build -docker $< pkg/arp-spoofer: pkg/arp-spoofer/cmd/main.go pkg/arp-spoofer/cmd/arp.go pkg/arp-spoofer/build.yml pkg/arp-spoofer/Dockerfile - $(LINUXKIT) pkg build -org nemunaire $@ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire $@ touch $@ pkg/login-validator: pkg/login-validator/cmd/login.go pkg/login-validator/cmd/main.go pkg/login-validator/cmd/pxetpl.go pkg/login-validator/cmd/logout.go pkg/login-validator/cmd/auth.go pkg/login-validator/cmd/arp.go pkg/login-validator/cmd/auth_krb5.go pkg/login-validator/cmd/auth_ldap.go pkg/login-validator/cmd/students.go pkg/login-validator/cmd/auth_fwd.go pkg/login-validator/cmd/ssh.go pkg/login-validator/build.yml pkg/login-validator/Dockerfile - $(LINUXKIT) pkg build -org nemunaire pkg/login-validator/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/login-validator/ touch pkg/login-validator pkg/monit: pkg/monit/build.yml pkg/monit/Dockerfile - $(LINUXKIT) pkg build -org nemunaire pkg/monit/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/monit/ touch pkg/monit pkg/postfix: pkg/postfix/build.yml pkg/postfix/docker-entrypoint.sh pkg/postfix/Dockerfile - $(LINUXKIT) pkg build -org nemunaire pkg/postfix/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/postfix/ touch pkg/postfix pkg/tftpd: pkg/tftpd/build.yml pkg/tftpd/Dockerfile - $(LINUXKIT) pkg build -org nemunaire pkg/tftpd/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/tftpd/ touch pkg/tftpd pkg/unbound: pkg/unbound/build.yml pkg/unbound/docker-entrypoint.sh pkg/unbound/Dockerfile - $(LINUXKIT) pkg build -org nemunaire pkg/unbound/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/unbound/ touch pkg/unbound pkg/wg-manager: pkg/wg-manager/cmd/register.go pkg/wg-manager/cmd/main.go pkg/wg-manager/build.yml pkg/wg-manager/Dockerfile - $(LINUXKIT) pkg build -org nemunaire pkg/wg-manager/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/wg-manager/ touch pkg/wg-manager server.iso: server.yml students.csv ssl/fullchain.pem ssl/privkey.pem challenge-initrd.img pkg/arp-spoofer pkg/login-validator pkg/monit pkg/postfix pkg/tftpd pkg/unbound pkg/wg-manager challenge-kernel login-initrd.img $(LINUXKIT) build -docker -format iso-bios $< pkg/debian-tuto2: pkg/debian-tuto2/sshd_config pkg/debian-tuto2/gai.conf pkg/debian-tuto2/isolinux.cfg pkg/debian-tuto2/build.yml pkg/debian-tuto2/default.script pkg/debian-tuto2/issue pkg/debian-tuto2/Dockerfile - $(LINUXKIT) pkg build -org nemunaire pkg/debian-tuto2/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/debian-tuto2/ touch pkg/debian-tuto2 pkg/debian-tuto3: pkg/debian-tuto3/sshd_config pkg/debian-tuto3/build.yml pkg/debian-tuto3/issue pkg/debian-tuto3/Dockerfile - $(LINUXKIT) pkg build -org nemunaire pkg/debian-tuto3/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/debian-tuto3/ touch pkg/debian-tuto3 pkg/router-tuto3: pkg/router-tuto3/build.yml pkg/router-tuto3/Dockerfile - $(LINUXKIT) pkg build -org nemunaire pkg/router-tuto3/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/router-tuto3/ touch pkg/router-tuto3 pkg/tinydeb: pkg/tinydeb/sshd_config pkg/tinydeb/gai.conf pkg/tinydeb/build.yml pkg/tinydeb/Dockerfile - $(LINUXKIT) pkg build -org nemunaire pkg/tinydeb/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/tinydeb/ touch pkg/tinydeb pkg/nsd: pkg/nsd/sshd_config pkg/nsd/build.yml pkg/nsd/init pkg/nsd/Dockerfile - $(LINUXKIT) pkg build -org nemunaire pkg/tinydeb/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/tinydeb/ touch pkg/nsd tuto2-kernel: tuto2.yml diff --git a/pkg/arp-spoofer/cmd/go.mod b/pkg/arp-spoofer/cmd/go.mod new file mode 100644 index 0000000..d18df48 --- /dev/null +++ b/pkg/arp-spoofer/cmd/go.mod @@ -0,0 +1,12 @@ +module git.nemunai.re/srs/adlin/pkg/arp-spoofer + +go 1.16 + +require github.com/mdlayher/arp v0.0.0-20191213142603-f72070a231fc + +require ( + github.com/mdlayher/ethernet v0.0.0-20190313224307-5b5fc417d966 // indirect + github.com/mdlayher/raw v0.0.0-20190313224157-43dbcdd7739d // indirect + golang.org/x/net v0.0.0-20190313220215-9f648a60d977 // indirect + golang.org/x/sys v0.0.0-20190312061237-fead79001313 // indirect +) diff --git a/pkg/arp-spoofer/cmd/go.sum b/pkg/arp-spoofer/cmd/go.sum new file mode 100644 index 0000000..9994050 --- /dev/null +++ b/pkg/arp-spoofer/cmd/go.sum @@ -0,0 +1,15 @@ +github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/mdlayher/arp v0.0.0-20191213142603-f72070a231fc h1:m7rJJJeXrYCFpsxXYapkDW53wJCDmf9bsIXUg0HoeQY= +github.com/mdlayher/arp v0.0.0-20191213142603-f72070a231fc/go.mod h1:eOj1DDj3NAZ6yv+WafaKzY37MFZ58TdfIhQ+8nQbiis= +github.com/mdlayher/ethernet v0.0.0-20190313224307-5b5fc417d966 h1:O3p5UmisBhl3V6lgs4Vdfg8HpjzbWJPyOfGLdwVJSmI= +github.com/mdlayher/ethernet v0.0.0-20190313224307-5b5fc417d966/go.mod h1:5s5p/sMJ6sNsFl6uCh85lkFGV8kLuIYJCRJLavVJwvg= +github.com/mdlayher/raw v0.0.0-20190313224157-43dbcdd7739d h1:rjAS0af7FIYCScTtEU5KjIldC6qVaEScUJhABHC+ccM= +github.com/mdlayher/raw v0.0.0-20190313224157-43dbcdd7739d/go.mod h1:r1fbeITl2xL/zLbVnNHFyOzQJTgr/3fpf1lJX/cjzR8= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/net v0.0.0-20190313220215-9f648a60d977 h1:actzWV6iWn3GLqN8dZjzsB+CLt+gaV2+wsxroxiQI8I= +golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313 h1:pczuHS43Cp2ktBEEmLwScxgjWsBSzdaQiKzUyf3DTTc= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/pkg/wg-manager/cmd/go.mod b/pkg/wg-manager/cmd/go.mod new file mode 100644 index 0000000..6f78a29 --- /dev/null +++ b/pkg/wg-manager/cmd/go.mod @@ -0,0 +1,3 @@ +module git.nemunai.re/srs/adlin/pkg/wg-manager + +go 1.16 From dc84fd6facb2c4be63ec3dc21e29c8b632e21d10 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Sat, 19 Feb 2022 00:16:04 +0100 Subject: [PATCH 7/8] Update LinuxKit pkgs --- login.yml | 2 +- server.yml | 46 +++++++++++++++++++++++----------------------- tuto2.yml | 2 +- tuto3.yml | 34 +++++++++++++++++----------------- 4 files changed, 42 insertions(+), 42 deletions(-) diff --git a/login.yml b/login.yml index a142415..017ca01 100644 --- a/login.yml +++ b/login.yml @@ -1,6 +1,6 @@ init: - busybox - - nemunaire/adlin-login-app:c71f57c845cd1e26df4a95143c86c98699bf7b6c + - nemunaire/adlin-login-app:a6ceb3829e7c6e65187654eb212fbd0e888b9dd4 files: - path: /etc/ssl/certs/DST_Root_CA_X3.pem diff --git a/server.yml b/server.yml index 5451eb0..dadfa80 100644 --- a/server.yml +++ b/server.yml @@ -5,29 +5,29 @@ kernel: cmdline: "console=tty0" init: - - linuxkit/init:a68f9fa0c1d9dbfc9c23663749a0b7ac510cbe1c - - linuxkit/runc:v0.8 - - linuxkit/containerd:1ae8f054e9fe792d1dbdb9a65f1b5e14491cb106 - - linuxkit/ca-certificates:v0.8 + - linuxkit/init:7e3d51e6ab5896ecb36a4829450f7430f2878927 + - linuxkit/runc:9f7aad4eb5e4360cc9ed8778a5c501cce6e21601 + - linuxkit/containerd:2f0907913dd54ab5186006034eb224a0da12443e + - linuxkit/ca-certificates:c1c73ef590dffb6a0138cf758fe4a4305c9864f4 # - linuxkit/firmware:v0.7 - - linuxkit/getty:v0.8 - - nemunaire/monit:efb921ff9d2e564dfa43880c608e87dce6ad22b1 + - linuxkit/getty:3c6e89681a988c3d4e2610fcd7aaaa0247ded3ec + - nemunaire/monit:90a16ed909ca82b5a2a277cb290301e97ee36063 # - nemunaire/iscsi-target:8872d1c5e0cefe3c36b60e873b8452aefb19d84d onboot: - name: sysctl - image: linuxkit/sysctl:v0.8 + image: linuxkit/sysctl:bdc99eeedc224439ff237990ee06e5b992c8c1ae binds: - /etc/sysctl.d/:/etc/sysctl.d/:ro # Mount first drive to enable some persistance - name: mount - image: linuxkit/mount:v0.8 + image: linuxkit/mount:422b219bb1c7051096126ac83e6dcc8b2f3f1176 command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ] # Network: interface for login-validator - name: login-iface-setup - image: linuxkit/ip:v0.8 + image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ] net: new runtime: @@ -42,7 +42,7 @@ onboot: # wg-manager - name: wg-iface-setup - image: linuxkit/ip:v0.8 + image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf command: ["/bin/sh", "-c", "ip a add 172.17.0.15/16 dev vethin-wg; ip a add 10.224.33.251/24 dev vethin-wg; ip link set vethin-wg address 0e:f2:7e:10:58:69; ip link set vethin-wg up; ip route add default via 10.224.33.252; wg-quick up wg0; /sbin/iptables-restore < /etc/iptables/rules.v4;" ] net: new binds: @@ -60,7 +60,7 @@ onboot: # token-validator - name: validator-iface-setup - image: linuxkit/ip:v0.8 + image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ] net: new runtime: @@ -73,7 +73,7 @@ onboot: # domain name - name: ns-iface-setup - image: linuxkit/ip:v0.8 + image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ] net: new runtime: @@ -86,7 +86,7 @@ onboot: # time server - name: time-iface-setup - image: linuxkit/ip:v0.8 + image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ] net: new runtime: @@ -99,7 +99,7 @@ onboot: # mail server - name: mail-iface-setup - image: linuxkit/ip:v0.8 + image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ] net: new runtime: @@ -116,9 +116,9 @@ onboot: services: - name: rngd - image: linuxkit/rngd:v0.8 + image: linuxkit/rngd:4f85d8de3f6f45973a8c88dc8fba9ec596e5495a - name: sshd - image: linuxkit/sshd:v0.8 + image: linuxkit/sshd:4696ba61c3ec091328e1c14857d77e675802342f - name: dhcpd image: joebiellik/dhcpd @@ -136,7 +136,7 @@ services: - /var/lib/adlin/dhcp - name: tftpd - image: nemunaire/tftpd:b0d2e1de2660e81c329ecb49966c32aab8982f11 + image: nemunaire/tftpd:de6fcc89d7cbaa46aa5e37821aeac24136f84761 capabilities: - all binds: @@ -145,11 +145,11 @@ services: - /var/lib/adlin/pxelinux.cfg:/srv/tftp/pxelinux.cfg - name: arp-spoofer - image: nemunaire/adlin-arp-spoofer:5c78e97a8c90b9faf8395f7084a05d0fb44c779a + image: nemunaire/adlin-arp-spoofer:9cfd4b106e4a70281fad33fb36df1a189f846cb6 command: ["/bin/arp-spoofer", "-iface=br-ext", "-ip-spoof=172.17.0.15"] - name: login-validator - image: nemunaire/adlin-login-validator:5e8ae6a40d2764d66a0e65f7ebd68961729f3a90-dirty + image: nemunaire/adlin-login-validator:29c8b8434f26e7f0e0b02e19992bf67c90da3675 # command: ["/bin/login-validator", "-bind=:8081", "-auth=ldap", "-ldaphost=auth.cri.epita.net", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"] # command: ["/bin/login-validator", "-bind=:8081", "-auth=krb5", "-krb5realm=CRI.EPITA.FR"] command: ["/bin/login-validator", "-bind=:8081", "-auth=fwd", "-fwduri=https://adlin.nemunai.re/auth"] @@ -207,7 +207,7 @@ services: - /usr/share/ca-certificates:/usr/share/ca-certificates:ro - name: wg - image: nemunaire/wg-manager:13a3c9000f68327b3051d089f86cd5a136ec48e4 + image: nemunaire/wg-manager:5f60162cc1d934a209bbac8d963a2d9f6ba10c04 command: ["/bin/wg-manager", "-bind=:80" ] capabilities: - all @@ -216,7 +216,7 @@ services: - /etc/resolv.conf:/etc/resolv.conf:ro - name: ns - image: nemunaire/unbound:57b1e5e6d435a27af880036aed2c320073f7dffb + image: nemunaire/unbound:bd37359b69eb87eb5764fc18d9842cf78afc656c net: /run/netns/dmz-ns capabilities: - all @@ -224,7 +224,7 @@ services: - /etc/unbound:/etc/unbound:ro - name: time - image: linuxkit/openntpd:v0.8 + image: linuxkit/openntpd:d6c36ac367ed26a6eeffd8db78334d9f8041b038 command: ["/bin/sh", "-c", "sleep 10; /usr/sbin/ntpd -d -s" ] net: /run/netns/dmz-time capabilities: @@ -239,7 +239,7 @@ services: - /etc/ntpd.conf:/etc/ntpd.conf:ro - name: postfix - image: nemunaire/postfix:34430347e3a1221fd743774dc566420f748f3839 + image: nemunaire/postfix:6c556b4517ddb596ae0d084ec9783de9eba6534d net: /run/netns/dmz-mail capabilities: - CAP_CHOWN diff --git a/tuto2.yml b/tuto2.yml index bcd1223..cbcfbc7 100644 --- a/tuto2.yml +++ b/tuto2.yml @@ -1,5 +1,5 @@ kernel: - image: linuxkit/kernel:4.19.121 + image: linuxkit/kernel:5.10.92 cmdline: "console=tty0 console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.format=/dev/sda quiet" init: diff --git a/tuto3.yml b/tuto3.yml index c9b58ab..ebe6a39 100644 --- a/tuto3.yml +++ b/tuto3.yml @@ -1,36 +1,36 @@ kernel: - image: linuxkit/kernel:4.19.121 + image: linuxkit/kernel:5.10.92 # cmdline: "console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.token=LqCdJDfniA" cmdline: "console=tty0" init: - - linuxkit/init:a68f9fa0c1d9dbfc9c23663749a0b7ac510cbe1c - - linuxkit/runc:v0.8 - - linuxkit/containerd:1ae8f054e9fe792d1dbdb9a65f1b5e14491cb106 - - linuxkit/ca-certificates:v0.8 - - linuxkit/getty:v0.8 + - linuxkit/init:7e3d51e6ab5896ecb36a4829450f7430f2878927 + - linuxkit/runc:9f7aad4eb5e4360cc9ed8778a5c501cce6e21601 + - linuxkit/containerd:2f0907913dd54ab5186006034eb224a0da12443e + - linuxkit/ca-certificates:c1c73ef590dffb6a0138cf758fe4a4305c9864f4 + - linuxkit/getty:3c6e89681a988c3d4e2610fcd7aaaa0247ded3ec onboot: - name: format - image: linuxkit/format:v0.8 + image: linuxkit/format:7efa07559dd23cb4dbebfd3ab48c50fd33625918 command: ["/usr/bin/format", "/dev/sda"] - name: mount - image: linuxkit/mount:v0.8 + image: linuxkit/mount:422b219bb1c7051096126ac83e6dcc8b2f3f1176 command: ["/usr/bin/mountie", "/dev/sda1", "/var/lib/adlin"] - name: sysctl - image: linuxkit/sysctl:v0.8 + image: linuxkit/sysctl:bdc99eeedc224439ff237990ee06e5b992c8c1ae binds: - /etc/sysctl.d/:/etc/sysctl.d/:ro - name: rngd1 - image: linuxkit/rngd:v0.8 + image: linuxkit/rngd:4f85d8de3f6f45973a8c88dc8fba9ec596e5495a command: ["/sbin/rngd", "-1"] # Network: external - name: dhcpcd - image: linuxkit/dhcpcd:v0.8 + image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1", "eth0"] net: new runtime: @@ -41,7 +41,7 @@ onboot: services: - name: dhcpcd-wks-dg1 - image: linuxkit/dhcpcd:v0.8 + image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450 hostname: wks-dg1 net: new pid: new @@ -57,7 +57,7 @@ services: - /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf - name: dhcpcd-wks-rh1 - image: linuxkit/dhcpcd:v0.8 + image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450 hostname: wks-rh1 net: new pid: new @@ -74,7 +74,7 @@ services: - /var/lib/adlin/wks-rh1resolv.conf:/etc/resolv.conf - name: dhcpcd-wks-rh2 - image: linuxkit/dhcpcd:v0.8 + image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450 hostname: wks-rh2 net: new pid: new @@ -90,7 +90,7 @@ services: - /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf - name: dhcpcd-wks-cm1 - image: linuxkit/dhcpcd:v0.8 + image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450 hostname: wks-cm1 net: new pid: new @@ -106,7 +106,7 @@ services: - /var/lib/adlin/wks-cm1resolv.conf:/etc/resolv.conf - name: sshd-wks-dg1 - image: linuxkit/sshd:v0.8 + image: linuxkit/sshd:4696ba61c3ec091328e1c14857d77e675802342f net: /run/netns/wks-dg1 uts: /run/utsns/wks-dg1 pid: new @@ -118,7 +118,7 @@ services: - /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf - name: sshd-wks-rh1 - image: linuxkit/sshd:v0.8 + image: linuxkit/sshd:4696ba61c3ec091328e1c14857d77e675802342f net: /run/netns/wks-rh1 uts: /run/utsns/wks-rh1 pid: new From 917a307d251f2f5fcab26e2ad7af6fd4faa708d8 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Sat, 19 Feb 2022 00:25:12 +0100 Subject: [PATCH 8/8] CI: Add event on tag to compile tuto subjects --- .drone.yml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/.drone.yml b/.drone.yml index 164b07e..a37a562 100644 --- a/.drone.yml +++ b/.drone.yml @@ -76,3 +76,57 @@ steps: trigger: event: - push +--- +kind: pipeline +type: docker +name: build-tutorial-2-subject + +platform: + os: linux + arch: amd64 + +steps: +- name: render subject + image: pandoc/latex:2.17.1 + commands: + - sed -i s/v3.12/v3.14/ /etc/apk/repositories + - apk add --no-cache make ttf-linux-libertine + - tlmgr update --self + - tlmgr install enumitem environ etoolbox preprint sectsty selnolig tcolorbox titling + - wget -O /tmp/FantasqueSansMono-Normal.tar.gz https://github.com/belluzj/fantasque-sans/releases/download/v1.8.0/FantasqueSansMono-Normal.tar.gz + - mkdir /usr/share/fonts/fantasque-sans-mono + - tar xf /tmp/FantasqueSansMono-Normal.tar.gz -C /usr/share/fonts/fantasque-sans-mono OTF/ TTF/ --strip-component=1 + - mkdir dist + - make -C tutorial/ansible + - mv tutorial/ansible/tutorial.pdf dist/tutorial-2.pdf + +trigger: + ref: + - refs/tags/tutorial2-* +--- +kind: pipeline +type: docker +name: build-tutorial-3-subject + +platform: + os: linux + arch: amd64 + +steps: +- name: render subject + image: pandoc/latex:2.17.1 + commands: + - sed -i s/v3.12/v3.14/ /etc/apk/repositories + - apk add --no-cache make ttf-linux-libertine + - tlmgr update --self + - tlmgr install enumitem environ etoolbox preprint sectsty selnolig tcolorbox titling + - wget -O /tmp/FantasqueSansMono-Normal.tar.gz https://github.com/belluzj/fantasque-sans/releases/download/v1.8.0/FantasqueSansMono-Normal.tar.gz + - mkdir /usr/share/fonts/fantasque-sans-mono + - tar xf /tmp/FantasqueSansMono-Normal.tar.gz -C /usr/share/fonts/fantasque-sans-mono OTF/ TTF/ --strip-component=1 + - mkdir dist + - make -C tutorial/nat + - mv tutorial/nat/tutorial.pdf dist/tutorial-3.pdf + +trigger: + ref: + - refs/tags/tutorial3-*