kernel: image: linuxkit/kernel:4.20.3 # cmdline: "console=ttyS0 console=tty0" # cmdline: "console=tty0 console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.net=easy" cmdline: "console=tty0 console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.format=/dev/sda quiet" init: - nemunaire/adlin-tuto2:35a9354900bb9a419e9e54758c069e8b97472ec5-dirty files: - path: etc/hostname contents: | adlin2 mode: "0644" - path: etc/resolv.conf contents: | nameserver 9.9.9.9 nameserver 1.1.1.1 mode: "0644" - path: etc/systemd/network/49-main.link contents: | [Match] OriginalName=eth0 [Link] Name=eth0 mode: "0644" - path: etc/systemd/network/50-dhcp.network contents: | [Match] Name=eth0 [Network] DHCP=yes IPv6AcceptRA=no LinkLocalAddressing=no mode: "0644" - path: init contents: | #!/bin/sh # /proc/cmdline parser (from Gentoo Wiki) cmdline() { local value value=" $(cat /proc/cmdline) " value="${value#* $1=}" value="${value%% *}" [ "$value" != "" ] && echo "$value" } # Hide us! /bin/rm -f /init /linuxrc mount -n -t devtmpfs devtmpfs /dev mount -n -t proc proc /proc #mount -n -t tmpfs run /run #mount -m -t sysfs sys /sys INITP=$(cmdline init) [ -z "$INITP" ] && INITP=/lib/systemd/systemd WGTOKEN=$(cmdline adlin.token) ROOTFS=$(cmdline root) echo "rootfs=$ROOTFS" [ -z "$ROOTFS" ] && { echo "No root= provided, continuing on initramfs only."; exec "${INITP}"; } [ "$ROOTFS" = "/dev/sr0" ] && { echo "No root= provided, continuing on initramfs only."; exec "${INITP}"; } [ -b "$ROOTFS" ] || { FORMATDD=$(cmdline adlin.format) [ -b "$FORMATDD" ] && { echo "o\nn\np\n1\n\n\np\nw\nq\n" | fdisk "${FORMATDD}" && mkfs.ext4 "$FORMATDD"1; } [ -b "$ROOTFS" ] || { echo "Invalid provided rootfs: not a valid block device."; exit 1; } } mkdir -p /overlay /bin/mount -n -t tmpfs none /overlay /bin/mkdir -p /overlay/rwdata /bin/mkdir -p /overlay/robase /bin/mkdir -p /overlay/combined /bin/mount --bind / /overlay/robase ovr_rwdata=/overlay/rwdata ovr_robase=/overlay/robase ovr_combined=/overlay/combined # Prepare filesystem for local data storage... /bin/mkdir -p ${ovr_rwdata} /bin/mount -n "${ROOTFS}" ${ovr_rwdata} || { echo "Unable to mount rootfs."; exit 2; } mkdir -p ${ovr_rwdata}/data mkdir -p ${ovr_rwdata}/work /bin/mount -n -t overlay -o upperdir=${ovr_rwdata}/data,workdir=${ovr_rwdata}/work,lowerdir=${ovr_robase} overlay ${ovr_combined} || { echo "Unable to create overlayfs."; exit 3; } /bin/umount -n /proc /bin/mkdir -p ${ovr_combined}/overlay/rwdata /bin/mount -n --move ${ovr_rwdata} ${ovr_combined}/overlay/rwdata /bin/mkdir -p ${ovr_combined}/overlay/robase /bin/mount -n --move ${ovr_robase} ${ovr_combined}/overlay/robase /bin/mkdir -p ${ovr_combined}/overlay/pivot cd ${ovr_combined} mount --move /dev dev mount --move . / /bin/umount -n /overlay # Setting up wireguard tunnel [ -z "${WGTOKEN}" ] && [ -f "etc/adlin.token" ] && WGTOKEN=$(cat etc/adlin.token) [ -z "${WGTOKEN}" ] && { echo -n "You didn't define your token to connect the network. Please copy it here now: " read WGTOKEN } echo -n "${WGTOKEN}" > etc/adlin.token /sbin/sysctl -w net.ipv6.conf.eth0.autoconf=0 /bin/ip link set up dev eth0 /bin/busybox udhcpc -n -q [ -f "etc/wireguard/adlin.conf" ] && WGPRVKEY=$(sed 's/^.*PrivateKey *= *//p;d' etc/wireguard/adlin.conf) [ -z "${WGPRVKEY}" ] && WGPRVKEY=$(/usr/bin/wg genkey) WGPUBKEY=$(echo $WGPRVKEY | /usr/bin/wg pubkey) while ! { echo "[Interface]\nPrivateKey = ${WGPRVKEY}"; /usr/sbin/chroot . /usr/bin/curl -f -d '{"pubkey": "'$WGPUBKEY'"}' https://adlin.nemunai.re/api/wg/$(echo -n "$WGTOKEN" | /usr/bin/sha512sum | /usr/bin/cut -d ' ' -f 1); } > etc/wireguard/adlin.conf do echo "" echo "****************************************" echo "******* SWITCHING TO RESCUE MODE *******" echo "****************************************" echo "" echo "Sorry, I was unable to establish a connection to adlin.nemunai.re." echo "Please verify that your primary network interface can obtain an IPv4 through DHCP." echo "" echo "Dropping to a shell, please fix your network, then press Ctrl+D or exit to retry." echo "" echo "****************************************" echo "" /bin/busybox cttyhack /usr/sbin/chroot . /bin/sh echo "Retrying connection..." done /sbin/modprobe wireguard /bin/ip link add dev wg0 type wireguard /usr/bin/wg setconf wg0 etc/wireguard/adlin.conf /bin/ip address add dev wg0 $(sed 's/^.*MyIPv6=//p;d' etc/wireguard/adlin.conf) /bin/ip link set up dev wg0 /bin/ip -6 route del default /bin/ip -6 route add default via $(sed 's/^.*GWIPv6=//p;d' etc/wireguard/adlin.conf) pref high # To the user exec /usr/sbin/chroot . "${INITP}" mode: "0755" # - path: etc/systemd/system/systemd-networkd.service.d/10-debug.conf # contents: | # [Service] # Environment=SYSTEMD_LOG_LEVEL=debug # mode: "0644" - path: etc/passwd contents: | root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin _apt:x:100:65534::/nonexistent:/bin/false messagebus:x:101:102::/var/run/dbus:/bin/false sshd:x:102:65534::/run/sshd:/usr/sbin/nologin systemd-timesync:x:103:105:systemd Time Synchronization,,,:/run/systemd:/bin/false systemd-network:x:104:106:systemd Network Management,,,:/run/systemd/netif:/bin/false systemd-resolve:x:105:107:systemd Resolver,,,:/run/systemd/resolve:/bin/false systemd-bus-proxy:x:106:108:systemd Bus Proxy,,,:/run/systemd:/bin/false mode: "0644" - path: etc/shadow contents: | root:$6$B0qzwsEh$vfWGpIFUrKGrkT0PVtGhhomBwc.60IBIxjMLyG8mz.NJLFRryjqLK9sA/mzxNSaQViiHsYYrsgmcWVHblfdHg1:17968:0:99999:7::: daemon:*:17575:0:99999:7::: bin:*:17575:0:99999:7::: sys:*:17575:0:99999:7::: sync:*:17575:0:99999:7::: games:*:17575:0:99999:7::: man:*:17575:0:99999:7::: lp:*:17575:0:99999:7::: mail:*:17575:0:99999:7::: news:*:17575:0:99999:7::: uucp:*:17575:0:99999:7::: proxy:*:17575:0:99999:7::: www-data:*:17575:0:99999:7::: backup:*:17575:0:99999:7::: list:*:17575:0:99999:7::: irc:*:17575:0:99999:7::: gnats:*:17575:0:99999:7::: nobody:*:17575:0:99999:7::: _apt:*:17575:0:99999:7::: messagebus:*:17594:0:99999:7::: sshd:*:17594:0:99999:7::: systemd-timesync:*:17594:0:99999:7::: systemd-network:*:17594:0:99999:7::: systemd-resolve:*:17594:0:99999:7::: systemd-bus-proxy:*:17594:0:99999:7::: mode: "0640" trust: org: - linuxkit - library