teach/adlin
Archived
0
0
Fork 0
Code Issues 1 Pull requests 4 Releases Activity

Compare commits

base: teach:ef1acd369a8e25e945cc0f9d9522428b20abafde
Branches Tags
teach:master
teach:renovate/github.com-gdamore-tcell-v2-2.x
teach:renovate/linuxkit-kernel-6.x
teach:renovate/golang-1.x
teach:renovate/postgres-16.x
teach:srs2024-tutorial2-v2
teach:srs2024-tutorial2-v1
teach:srs2023-tutorial3-1
teach:srs2023-tutorial3-0
teach:srs2023-tutorial2-0
teach:challenge-srs2023
teach:srs2023-tutorial2-test
..
compare: teach:d23dc76713a581d47580edf4d0309631e993097e
Branches Tags
teach:renovate/github.com-gdamore-tcell-v2-2.x
teach:master
teach:renovate/linuxkit-kernel-6.x
teach:renovate/golang-1.x
teach:renovate/postgres-16.x
teach:srs2024-tutorial2-v2
teach:srs2024-tutorial2-v1
teach:srs2023-tutorial3-1
teach:srs2023-tutorial3-0
teach:srs2023-tutorial2-0
teach:challenge-srs2023
teach:srs2023-tutorial2-test

No commits in common. "ef1acd369a8e25e945cc0f9d9522428b20abafde" and "d23dc76713a581d47580edf4d0309631e993097e" have entirely different histories.
ef1acd369a ... d23dc76713

4 changed files with 29 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

53
tuto3.yml
View file

@ -1,5 +1,5 @@
kernel: kernel:
image: linuxkit/kernel:5.15.27 image: linuxkit/kernel:5.10.92
# cmdline: "console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.token=LqCdJDfniA" # cmdline: "console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.token=LqCdJDfniA"
cmdline: "console=tty0" cmdline: "console=tty0"
@ -130,7 +130,8 @@ services:
- /var/lib/adlin/wks-rh1resolv.conf:/etc/resolv.conf - /var/lib/adlin/wks-rh1resolv.conf:/etc/resolv.conf
- name: mainrouter - name: mainrouter
image: nemunaire/router-tuto3:ad91a16906567e1dcf90b39519691bea16954053 #image: nemunaire/adlin-tuto3:485bb9556ca3bc33e7fee16edd93c05f35eb1455
image: nemunaire/router-tuto3:c07718ca23c03ff5033c4042f0cbeca6c26d4e6f
net: /run/netns/router net: /run/netns/router
pid: new pid: new
ipc: new ipc: new
@ -153,7 +154,7 @@ services:
- /lib/preinit/30_failsafe_wait:/lib/preinit/30_failsafe_wait - /lib/preinit/30_failsafe_wait:/lib/preinit/30_failsafe_wait
- /lib/preinit/99_10_failsafe_login:/lib/preinit/99_10_failsafe_login - /lib/preinit/99_10_failsafe_login:/lib/preinit/99_10_failsafe_login
- name: matrix - name: matrix
image: nemunaire/tinydeb:642bb2fd0ed04a0f72ff21096c7aa656cce5d34f image: nemunaire/tinydeb:2ec3c0260da7242df267799dfe08fe2eb0d014b1
net: /run/netns/chat net: /run/netns/chat
pid: new pid: new
ipc: new ipc: new
@ -169,7 +170,7 @@ services:
- /etc/hosts:/etc/hosts:ro - /etc/hosts:/etc/hosts:ro
- /etc/dresolv.conf:/etc/resolv.conf - /etc/dresolv.conf:/etc/resolv.conf
- name: ns-resolv - name: ns-resolv
image: nemunaire/resolver:37943d61abe99963ca57666576af76461add2948 image: nemunaire/resolver:4988e30d81f3b1782e7bc520d2d24123930d72a6
net: /run/netns/ns net: /run/netns/ns
pid: new pid: new
ipc: new ipc: new
@ -185,7 +186,7 @@ services:
- /etc/unbound:/etc/unbound:ro - /etc/unbound:/etc/unbound:ro
- /etc/services:/etc/services:ro - /etc/services:/etc/services:ro
- name: ns-auth - name: ns-auth
image: docker.io/nemunaire/nsd:37be535f826c14608bff17e2ab0688df526282c0 image: nemunaire/nsd:b96e6b002e08afd42e4c77ee71766264c42cac57
net: /run/netns/ns-auth net: /run/netns/ns-auth
pid: new pid: new
ipc: new ipc: new
@ -208,7 +209,7 @@ services:
- /var/lib/adlin/nsd - /var/lib/adlin/nsd
- /var/lib/adlin/nsd-db - /var/lib/adlin/nsd-db
- name: db - name: db
image: postgres:10-alpine image: postgres:alpine
net: /run/netns/db net: /run/netns/db
pid: new pid: new
ipc: new ipc: new
@ -220,7 +221,7 @@ services:
- LANG=en_US.utf8 - LANG=en_US.utf8
- PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/" - PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/"
- PGDATA=/var/lib/postgresql/data - PGDATA=/var/lib/postgresql/data
- POSTGRES_PASSWORD=adlin2023 - POSTGRES_PASSWORD=adlin2022
binds: binds:
- /etc/services:/etc/services:ro - /etc/services:/etc/services:ro
- /initdb/:/docker-entrypoint-initdb.d/:ro - /initdb/:/docker-entrypoint-initdb.d/:ro
@ -237,7 +238,7 @@ services:
# env: # env:
# - MM_USERNAME=mattermost # - MM_USERNAME=mattermost
# - MM_DBNAME=mattermost # - MM_DBNAME=mattermost
# - MM_PASSWORD=adlin2023 # - MM_PASSWORD=adlin2022
# binds: # binds:
# - /etc/services:/etc/services:ro # - /etc/services:/etc/services:ro
# - /etc/hosts:/etc/hosts:ro # - /etc/hosts:/etc/hosts:ro
@ -252,18 +253,18 @@ services:
- all - all
command: ["/bin/sh", "-c", "sleep 10; /usr/bin/miniflux"] command: ["/bin/sh", "-c", "sleep 10; /usr/bin/miniflux"]
env: env:
- DATABASE_URL=postgres://miniflux:adlin2023@db/miniflux?sslmode=disable - DATABASE_URL=postgres://miniflux:adlin2022@db/miniflux?sslmode=disable
- RUN_MIGRATIONS=1 - RUN_MIGRATIONS=1
- CREATE_ADMIN=1 - CREATE_ADMIN=1
- ADMIN_USERNAME=adeline - ADMIN_USERNAME=adeline
- ADMIN_PASSWORD=adlin2023 - ADMIN_PASSWORD=adlin2022
- LISTEN_ADDR=0.0.0.0:8080 - LISTEN_ADDR=0.0.0.0:8080
binds: binds:
- /etc/hosts:/etc/hosts:ro - /etc/hosts:/etc/hosts:ro
- /etc/dresolv.conf:/etc/resolv.conf - /etc/dresolv.conf:/etc/resolv.conf
- /etc/services:/etc/services:ro - /etc/services:/etc/services:ro
- name: web - name: web
image: nemunaire/tinydeb:642bb2fd0ed04a0f72ff21096c7aa656cce5d34f image: nemunaire/tinydeb:2ec3c0260da7242df267799dfe08fe2eb0d014b1
net: /run/netns/web net: /run/netns/web
pid: new pid: new
ipc: new ipc: new
@ -280,7 +281,7 @@ services:
# Workstation testers # Workstation testers
- name: minichecker-wks-rh2 - name: minichecker-wks-rh2
image: nemunaire/minichecker:58a22accfab97d6c9bcabfc03c66904ebc6e5cf6 image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
net: /run/netns/wks-rh2 net: /run/netns/wks-rh2
pid: new pid: new
ipc: new ipc: new
@ -290,7 +291,7 @@ services:
- /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf - /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf
- /var/lib/adlin/wireguard/:/etc/wireguard/:ro - /var/lib/adlin/wireguard/:/etc/wireguard/:ro
- name: minichecker-wks-dg1 - name: minichecker-wks-dg1
image: nemunaire/minichecker:58a22accfab97d6c9bcabfc03c66904ebc6e5cf6 image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
net: /run/netns/wks-dg1 net: /run/netns/wks-dg1
pid: new pid: new
ipc: new ipc: new
@ -301,7 +302,7 @@ services:
- /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf - /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
- /var/lib/adlin/wireguard/:/etc/wireguard/:ro - /var/lib/adlin/wireguard/:/etc/wireguard/:ro
- name: minichecker-wks-cm1 - name: minichecker-wks-cm1
image: nemunaire/minichecker:58a22accfab97d6c9bcabfc03c66904ebc6e5cf6 image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
net: /run/netns/wks-cm1 net: /run/netns/wks-cm1
pid: new pid: new
ipc: new ipc: new
@ -376,7 +377,7 @@ files:
#!/bin/sh #!/bin/sh
set -e set -e
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE USER miniflux WITH PASSWORD 'adlin2023'; CREATE USER miniflux WITH PASSWORD 'adlin2022';
CREATE DATABASE miniflux; CREATE DATABASE miniflux;
GRANT ALL PRIVILEGES ON DATABASE miniflux TO miniflux; GRANT ALL PRIVILEGES ON DATABASE miniflux TO miniflux;
EOSQL EOSQL
@ -387,14 +388,14 @@ files:
- path: /initdb/init-matrix.sql - path: /initdb/init-matrix.sql
contents: | contents: |
CREATE USER matrix WITH PASSWORD 'adlin2023'; CREATE USER matrix WITH PASSWORD 'adlin2022';
CREATE DATABASE matrix ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER matrix; CREATE DATABASE matrix ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER matrix;
GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix; GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix;
mode: "0444" mode: "0444"
- path: /initdb/init-website.sql - path: /initdb/init-website.sql
contents: | contents: |
CREATE USER website WITH PASSWORD 'adlin2023'; CREATE USER website WITH PASSWORD 'adlin2022';
CREATE DATABASE website ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER website; CREATE DATABASE website ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER website;
GRANT ALL PRIVILEGES ON DATABASE website TO website; GRANT ALL PRIVILEGES ON DATABASE website TO website;
mode: "0444" mode: "0444"
@ -571,13 +572,13 @@ files:
[ -f /var/lib/adlin/wrt-etc/config/network ] || cat > /var/lib/adlin/wrt-etc/config/network <<EOF [ -f /var/lib/adlin/wrt-etc/config/network ] || cat > /var/lib/adlin/wrt-etc/config/network <<EOF
config interface 'loopback' config interface 'loopback'
option device 'lo' option ifname 'lo'
option proto 'static' option proto 'static'
option ipaddr '127.0.0.1' option ipaddr '127.0.0.1'
option netmask '255.0.0.0' option netmask '255.0.0.0'
config interface 'wan' config interface 'wan'
option device 'eth0' option ifname 'eth0'
option proto 'dhcp' option proto 'dhcp'
EOF EOF
@ -627,7 +628,7 @@ files:
option endpoint_port '42912' option endpoint_port '42912'
config interface 'srv' config interface 'srv'
option device 'ethsrv' option ifname 'ethsrv'
option proto 'static' option proto 'static'
option netmask '255.255.255.0' option netmask '255.255.255.0'
option ipaddr '172.23.42.1' option ipaddr '172.23.42.1'
@ -684,7 +685,7 @@ files:
- path: /etc/init.d/800-rw-passwd.sh - path: /etc/init.d/800-rw-passwd.sh
contents: | contents: |
#!/bin/sh #!/bin/sh
sed -ri '/^root/s@^root::.*$@root:$1$XMaL.0yJ$Z9imHkT2P9ddci.FeYhVK0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow sed -ri '/^root/s@^root::.*$@root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow
mkdir -p /var/lib/adlin/wrt-etc/dropbear/ mkdir -p /var/lib/adlin/wrt-etc/dropbear/
[ -f /var/lib/adlin/authorized_keys ] && ! [ -f /var/lib/adlin/wrt-etc/dropbear/authorized_keys ] && cp /var/lib/adlin/authorized_keys /var/lib/adlin/wrt-etc/dropbear/authorized_keys [ -f /var/lib/adlin/authorized_keys ] && ! [ -f /var/lib/adlin/wrt-etc/dropbear/authorized_keys ] && cp /var/lib/adlin/authorized_keys /var/lib/adlin/wrt-etc/dropbear/authorized_keys
@ -696,11 +697,11 @@ files:
for svc in matrix ns-auth ns-resolv web for svc in matrix ns-auth ns-resolv web
do do
sed -ri '/^root/s@^.*$@root:$6$R0XGKnrwzA4kTcET$6JsBy0Ib7xzy3OUZLq81/Cu4XswmOzv4VmCBJ76jAq/lJ049rxrHsyzGhUY8TONLdlbKfm0.EhCKB4NLivdck/:18707:0:99999:7:::@' /containers/services/${svc}/rootfs/etc/shadow sed -ri '/^root/s@^.*$@root:$6$4/xWhDY0JERkg6eg$ZKglx2TQT2ITM525di2aOhda9r9L.kUjYArPTF5pVTzi3/SRe.My4Z5Cg9vabK0ax2kZ.lLPFHA8v7jw.0N/8.:18707:0:99999:7:::@' /containers/services/${svc}/rootfs/etc/shadow
cp /etc/services /containers/services/${svc}/rootfs/etc/services cp /etc/services /containers/services/${svc}/rootfs/etc/services
mkdir -p /containers/services/${svc}/rootfs/root/.ssh mkdir -p /containers/services/${svc}/rootfs/root/.ssh
[ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/${svc}/rootfs/root/.ssh/authorized_keys [ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/${svc}/rootfs/root/.ssh/authorized_keys
nsenter -t $(ctr -n services.linuxkit t ls | grep ${svc} | awk '{ print $2 }') -a -- sh -c 'ssh-keygen -A; service sshd restart;' nsenter -t $(ctr -n services.linuxkit t ls | grep ${svc} | awk '{ print $2 }') -a -- ssh-keygen -A
done done
exit 0 exit 0
@ -717,7 +718,7 @@ files:
contents: | contents: |
#!/bin/sh #!/bin/sh
sleep 20 sleep 20
nsenter -t $(pgrep procd | head -1) -a -- curl -s -u adeline:adlin2023 -d @- http://172.23.42.6:8080/v1/import < /root/feeds.opml 2> /dev/null > /dev/null nsenter -t $(pgrep procd | head -1) -a -- curl -s -u adeline:adlin2022 -d @- http://172.23.42.6:8080/v1/import < /root/feeds.opml 2> /dev/null > /dev/null
exit 0 exit 0
mode: "0555" mode: "0555"
@ -906,7 +907,7 @@ files:
- path: etc/rshadow - path: etc/rshadow
contents: | contents: |
root:$1$XMaL.0yJ$Z9imHkT2P9ddci.FeYhVK0:18706:0:99999:7::: root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::
daemon:*:0:0:99999:7::: daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7::: ftp:*:0:0:99999:7:::
network:*:0:0:99999:7::: network:*:0:0:99999:7:::
@ -944,7 +945,7 @@ files:
- path: etc/wshadow - path: etc/wshadow
contents: | contents: |
root:$6$R0XGKnrwzA4kTcET$6JsBy0Ib7xzy3OUZLq81/Cu4XswmOzv4VmCBJ76jAq/lJ049rxrHsyzGhUY8TONLdlbKfm0.EhCKB4NLivdck/:18707:0:99999:7::: root:$6$4/xWhDY0JERkg6eg$ZKglx2TQT2ITM525di2aOhda9r9L.kUjYArPTF5pVTzi3/SRe.My4Z5Cg9vabK0ax2kZ.lLPFHA8v7jw.0N/8.:18707:0:99999:7:::
daemon:*:17575:0:99999:7::: daemon:*:17575:0:99999:7:::
bin:*:17575:0:99999:7::: bin:*:17575:0:99999:7:::
sys:*:17575:0:99999:7::: sys:*:17575:0:99999:7:::

1
tutorial/header.tex
View file

@ -18,7 +18,6 @@
\renewcommand{\maketitlehooka}{\sffamily} \renewcommand{\maketitlehooka}{\sffamily}
% Use monospaced font for URLs % Use monospaced font for URLs
\usepackage{hyperref}
\urlstyle{tt} \urlstyle{tt}
% In french, list item starts with dash, not bullet % In french, list item starts with dash, not bullet

3
tutorial/nat/netfilter.md
View file

@ -98,9 +98,8 @@ Depuis le routeur, vous pouvez vous SSH en utilisant le nom d'hôte attribué au
machines : machines :
<div lang="en-US"> <div lang="en-US">
- `ssh root@news`
- `ssh root@matrix` - `ssh root@matrix`
- `ssh root@ns`
- `ssh root@ns-auth`
- `ssh root@web` - `ssh root@web`
</div> </div>

2
tutorial/nat/what.md
View file

@ -86,7 +86,7 @@ pris en compte.
### Connexions SSH ### Connexions SSH
Vous pouvez vous connecter en utilisant le compte `root` et le mot de passe Vous pouvez vous connecter en utilisant le compte `root` et le mot de passe
`adlin2023`. Comme au précédent TP, si vous disposez d'une ou plusieurs [clefs `adlin2022`. Comme au précédent TP, si vous disposez d'une ou plusieurs [clefs
SSH enregistrées au CRI](https://cri.epita.fr/users/nemunaire/ssh-keys/), SSH enregistrées au CRI](https://cri.epita.fr/users/nemunaire/ssh-keys/),
celles-ci sont automatiquement ajoutées aux différents serveurs. Cependant, celles-ci sont automatiquement ajoutées aux différents serveurs. Cependant,
seuls les clefs RSA et DSA sont utilisables pour se connecter sur le routeur, seuls les clefs RSA et DSA sont utilisables pour se connecter sur le routeur,