kernel: image: linuxkit/kernel:4.14.27 cmdline: "console=tty0" init: - linuxkit/init:b212cfeb4bb6330e0a7547d8010fe2e8489b677a - linuxkit/runc:7c39a68490a12cde830e1922f171c451fb08e731 - linuxkit/containerd:37e397ebfc6bd5d8e18695b121166ffd0cbfd9f0 - linuxkit/ca-certificates:v0.2 - linuxkit/getty:v0.2 onboot: - name: sysctl image: linuxkit/sysctl:v0.2 binds: - /etc/sysctl.d/:/etc/sysctl.d/:ro # Network: external - name: dhcpcd image: linuxkit/dhcpcd:v0.2 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] net: new runtime: interfaces: - name: eth0 bindNS: net: /run/netns/router # Network: workstations - name: net-wks-setup image: linuxkit/ip:v0.2 command: ["/bin/sh", "-c", "ip a add 192.168.6.254/24 dev ethwks; ip link set ethwks up;" ] net: /run/netns/router runtime: interfaces: - name: ethwks add: veth peer: veth-wks # Network: servers - name: net-srv-setup image: linuxkit/ip:v0.2 command: ["/bin/sh", "-c", "ip a add 172.23.42.1/24 dev ethsrv; ip link set ethsrv up;" ] net: /run/netns/router runtime: interfaces: - name: ethsrv add: veth peer: veth-srv - name: net-srvns-setup image: linuxkit/ip:v0.2 command: ["/bin/sh", "-c", "ip a add 172.23.42.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.42.1;" ] net: new runtime: interfaces: - name: vethin-ns add: veth peer: veth-ns bindNS: net: /run/netns/ns # - name: net-srvmail-setup # image: linuxkit/ip:v0.2 # command: ["/bin/sh", "-c", "ip a add 172.23.42.3/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.42.1;" ] # net: new # runtime: # interfaces: # - name: vethin-mail # add: veth # peer: veth-mail # bindNS: # net: /run/netns/mail - name: net-srvdb-setup image: linuxkit/ip:v0.2 command: ["/bin/sh", "-c", "ip a add 172.23.42.4/24 dev vethin-db; ip link set vethin-db up; ip route add default via 172.23.42.1;" ] net: new runtime: interfaces: - name: vethin-db add: veth peer: veth-db bindNS: net: /run/netns/db - name: net-srvchat-setup image: linuxkit/ip:v0.2 command: ["/bin/sh", "-c", "ip a add 172.23.42.5/24 dev vethin-chat; ip link set vethin-chat up; ip route add default via 172.23.42.1;" ] net: new runtime: interfaces: - name: vethin-chat add: veth peer: veth-chat bindNS: net: /run/netns/chat - name: net-srvttrss-setup image: linuxkit/ip:v0.2 command: ["/bin/sh", "-c", "ip a add 172.23.42.6/24 dev vethin-ttrss; ip link set vethin-ttrss up; ip route add default via 172.23.42.1;" ] net: new runtime: interfaces: - name: vethin-ttrss add: veth peer: veth-ttrss bindNS: net: /run/netns/ttrss # Network: bridges - name: bridges-setup image: linuxkit/ip:v0.2 command: ["/bin/sh", "-c", "ip link set veth-srv master brsrv; ip link set veth-ns master brsrv; ip link set veth-mail master brsrv; ip link set veth-db master brsrv; ip link set veth-chat master brsrv; ip link set veth-ttrss master brsrv; ip link set veth-srv up; ip link set veth-ns up; ip link set veth-mail up; ip link set veth-db up; ip link set veth-chat up; ip link set veth-ttrss up; ip link set brsrv up; ip link set veth-wks master brwks; ip link set veth-wks1 master brwks; ip link set veth-wks2 master brwks; ip link set veth-wks up; ip link set veth-wks1 up; ip link set veth-wks2 up; ip link set brwks up;" ] runtime: interfaces: - name: brsrv add: bridge - name: brwks add: bridge services: - name: dhcpcd-wks1 image: linuxkit/dhcpcd:v0.2 net: new runtime: interfaces: - name: eth1 - name: ethwks1 add: veth peer: veth-wks1 bindNS: net: /run/netns/wks1 - name: dhcpcd-wks2 image: linuxkit/dhcpcd:v0.2 net: new runtime: interfaces: - name: ethwks2 add: veth peer: veth-wks2 bindNS: net: /run/netns/wks2 - name: sshd-wks1 image: linuxkit/sshd:v0.2 net: /run/netns/wks1 binds: - /etc/dpasswd:/etc/passwd - /etc/dshadow:/etc/shadow - name: sshd-wks2 image: linuxkit/sshd:v0.2 net: /run/netns/wks2 binds: - /etc/dpasswd:/etc/passwd - /etc/dshadow:/etc/shadow - name: router image: nemunaire/adlin-tuto3:0fa628c796ff914e9a0f160c27a79a30092868e3-dirty net: /run/netns/router command: ["/bin/sh", "-c", "mkdir -p /run/sshd && exec /usr/sbin/sshd -D"] capabilities: - all binds: - /etc/dresolv.conf:/etc/resolv.conf - /etc/dpasswd:/etc/passwd - /etc/dshadow:/etc/shadow - name: ns image: nemunaire/unbound:528445043685979b1b479c6c44d68de36bc872ad net: /run/netns/ns capabilities: - all binds: - /etc/unbound:/etc/unbound:ro - name: db image: postgres:alpine net: /run/netns/db capabilities: - all command: ["/docker-entrypoint.sh", "postgres"] env: - LANG=en_US.utf8 - PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/" - PGDATA=/var/lib/postgresql/data - POSTGRES_PASSWORD=adlin2019 binds: - /initdb/init-ttrss.sh:/docker-entrypoint-initdb.d/init-ttrss.sh:ro - /initdb/init-mattermost.sh:/docker-entrypoint-initdb.d/init-mattermost.sh:ro - name: chat image: nemunaire/mattermost:ecb81e668c64d07b4453f9b465a6998fc6ceb067-dirty net: /run/netns/chat capabilities: - all command: ["/entrypoint.sh", "/mattermost/bin/platform"] env: - MM_USERNAME=mattermost - MM_DBNAME=mattermost - MM_PASSWORD=adlin2019 binds: - /etc/hosts:/etc/hosts:ro - name: ttrss image: nemunaire/ttrss:89149d186daf3ebf752a764807dee3180f46b93d-dirty net: /run/netns/ttrss capabilities: - all command: ["/usr/bin/ttrss_entrypoint.sh", "/sbin/start_ttrss"] env: - TTRSS_PORT=80 - TTRSS_DB_TYPE=pgsql - TTRSS_DB_HOST=db - TTRSS_DB_PORT=5432 - TTRSS_DB_NAME=ttrss - TTRSS_DB_USER=ttrss - TTRSS_DB_PASS=adlin2019 - TTRSS_SELF_URL_PATH=http://localhost/ binds: - /etc/hosts:/etc/hosts:ro files: - path: etc/hosts contents: | 127.0.0.1 localhost ::1 localhost 172.23.42.4 db mode: "0444" - path: /initdb/init-ttrss.sh contents: | #!/bin/sh set -e psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL CREATE USER ttrss WITH PASSWORD 'adlin2019'; CREATE DATABASE ttrss; GRANT ALL PRIVILEGES ON DATABASE ttrss TO ttrss; EOSQL mode: "0555" - path: /initdb/init-mattermost.sh contents: | #!/bin/sh set -e psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL CREATE USER mattermost WITH PASSWORD 'adlin2019'; CREATE DATABASE mattermost; GRANT ALL PRIVILEGES ON DATABASE mattermost TO mattermost; EOSQL mode: "0555" - path: /etc/init.d/500-showip.sh contents: | #!/bin/sh nsenter -n/run/netns/router ip a show dev eth0 nsenter -n/run/netns/wks1 ip a show dev eth1 exit 0 mode: "0555" - path: /etc/init.d/999-getty.sh contents: | #!/bin/sh while true do /usr/bin/setsid /usr/bin/nsenter -t $(echo $(ps a | grep sshd | head -1) | cut -d ' ' -f 1) -m -u -i -n -p -- /sbin/agetty -l /sbin/login 38400 tty1 linux sleep 1 done & mode: "0555" - path: etc/unbound/unbound.conf contents: | server: verbosity: 1 interface: 0.0.0.0 interface: ::0 prefer-ip6: no access-control: 172.23.0.0/16 allow access-control: 192.168.0.0/16 allow log-queries: yes log-replies: yes use-syslog: no hide-identity: yes hide-version: yes qname-minimisation: yes domain-insecure: "." val-permissive-mode: yes trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key" local-zone: "adlin.nemunai.re" typetransparent local-data: "news.adlin.nemunai.re A 172.23.42.1" local-data: "im.adlin.nemunai.re A 172.23.42.1" remote-control: control-enable: no forward-zone: name: "." forward-addr: 9.9.9.9 mode: "0440" - path: etc/dpasswd contents: | root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin _apt:x:100:65534::/nonexistent:/bin/false messagebus:x:101:102::/var/run/dbus:/bin/false sshd:x:102:65534::/run/sshd:/usr/sbin/nologin systemd-timesync:x:103:105:systemd Time Synchronization,,,:/run/systemd:/bin/false systemd-network:x:104:106:systemd Network Management,,,:/run/systemd/netif:/bin/false systemd-resolve:x:105:107:systemd Resolver,,,:/run/systemd/resolve:/bin/false systemd-bus-proxy:x:106:108:systemd Bus Proxy,,,:/run/systemd:/bin/false mode: "0644" - path: etc/dshadow contents: | root:$6$fCh6fLfB$wTiBuIJB2/QLl37VlJ16MsqGmfSDct8ALRpY8kemFC2T4N4eZgdlTnEqTuYn5i4FMc5GoDBx1nfENHQqm0Zgm.:17594:0:99999:7::: daemon:*:17575:0:99999:7::: bin:*:17575:0:99999:7::: sys:*:17575:0:99999:7::: sync:*:17575:0:99999:7::: games:*:17575:0:99999:7::: man:*:17575:0:99999:7::: lp:*:17575:0:99999:7::: mail:*:17575:0:99999:7::: news:*:17575:0:99999:7::: uucp:*:17575:0:99999:7::: proxy:*:17575:0:99999:7::: www-data:*:17575:0:99999:7::: backup:*:17575:0:99999:7::: list:*:17575:0:99999:7::: irc:*:17575:0:99999:7::: gnats:*:17575:0:99999:7::: nobody:*:17575:0:99999:7::: _apt:*:17575:0:99999:7::: messagebus:*:17594:0:99999:7::: sshd:*:17594:0:99999:7::: systemd-timesync:*:17594:0:99999:7::: systemd-network:*:17594:0:99999:7::: systemd-resolve:*:17594:0:99999:7::: systemd-bus-proxy:*:17594:0:99999:7::: mode: "0640" - path: etc/dresolv.conf contents: | nameserver 172.23.42.2 mode: "0644" trust: org: - linuxkit - library