server.yml: some documentation
This commit is contained in:
parent
ff9c6bacdf
commit
13c5a3cabd
35
server.yml
35
server.yml
@ -16,14 +16,12 @@ onboot:
|
||||
binds:
|
||||
- /etc/sysctl.d/:/etc/sysctl.d/:ro
|
||||
|
||||
# Mount first drive to enable some persistance
|
||||
- name: mount
|
||||
image: linuxkit/mount:v0.6
|
||||
command: ["/usr/bin/mountie", "-device", "/dev/sda", "/var/lib/adlin" ]
|
||||
|
||||
# Network: exposed
|
||||
- name: netvlan-iface-setup
|
||||
image: linuxkit/ip:v0.6
|
||||
command: ["/bin/sh", "-c", "ip link add link eth0 name eth0.7 type vlan id 7; ip a add 172.23.191.254/18 dev eth0.7; ip link set eth0.7 up;" ]
|
||||
# Network: interface for login-validator
|
||||
- name: login-iface-setup
|
||||
image: linuxkit/ip:v0.6
|
||||
command: ["/bin/sh", "-c", "ip a add 172.23.255.2/24 dev vethin-login; ip link set vethin-login up; ip route add default via 172.23.255.1;" ]
|
||||
@ -35,6 +33,15 @@ onboot:
|
||||
peer: veth-login
|
||||
bindNS:
|
||||
net: /run/netns/login
|
||||
|
||||
# Network: exposed ################################################
|
||||
|
||||
# VLAN7, path to internet
|
||||
- name: netvlan-iface-setup
|
||||
image: linuxkit/ip:v0.6
|
||||
command: ["/bin/sh", "-c", "ip link add link eth0 name eth0.7 type vlan id 7; ip a add 172.23.191.254/18 dev eth0.7; ip link set eth0.7 up;" ]
|
||||
|
||||
# Bridge between std LAN, PXE LAN services (login-validator) and default route (as it uses the same wire)
|
||||
- name: bridge-ext-setup
|
||||
image: linuxkit/ip:v0.6
|
||||
command: ["/bin/sh", "-c", "ip a add 172.23.255.1/24 dev br-ext; ip a add 172.17.0.16/16 dev br-ext; ip a add 172.23.0.1/17 dev br-ext; ip link set eth0 master br-ext; ip link set veth-login master br-ext; ip link set br-ext up; ip link set veth-login up; ip link set eth0 up; ip route add default via 172.17.0.1;" ]
|
||||
@ -43,7 +50,9 @@ onboot:
|
||||
- name: br-ext
|
||||
add: bridge
|
||||
|
||||
# Network: DMZ
|
||||
# Network: DMZ ####################################################
|
||||
|
||||
# token-validator
|
||||
- name: validator-iface-setup
|
||||
image: linuxkit/ip:v0.6
|
||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.1/24 dev vethin-vldtr; ip link set vethin-vldtr up; ip route add default via 172.23.200.254;" ]
|
||||
@ -55,6 +64,8 @@ onboot:
|
||||
peer: veth-validator
|
||||
bindNS:
|
||||
net: /run/netns/dmz-validator
|
||||
|
||||
# domain name
|
||||
- name: ns-iface-setup
|
||||
image: linuxkit/ip:v0.6
|
||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.2/24 dev vethin-ns; ip link set vethin-ns up; ip route add default via 172.23.200.254;" ]
|
||||
@ -66,6 +77,8 @@ onboot:
|
||||
peer: veth-ns
|
||||
bindNS:
|
||||
net: /run/netns/dmz-ns
|
||||
|
||||
# time server
|
||||
- name: time-iface-setup
|
||||
image: linuxkit/ip:v0.6
|
||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.3/24 dev vethin-time; ip link set vethin-time up; ip route add default via 172.23.200.254;" ]
|
||||
@ -77,6 +90,8 @@ onboot:
|
||||
peer: veth-time
|
||||
bindNS:
|
||||
net: /run/netns/dmz-time
|
||||
|
||||
# mail server
|
||||
# - name: mail-iface-setup
|
||||
# image: linuxkit/ip:v0.6
|
||||
# command: ["/bin/sh", "-c", "ip a add 172.23.200.4/24 dev vethin-mail; ip link set vethin-mail up; ip route add default via 172.23.200.254;" ]
|
||||
@ -88,6 +103,8 @@ onboot:
|
||||
# peer: veth-mail
|
||||
# bindNS:
|
||||
# net: /run/netns/dmz-mail
|
||||
|
||||
# Bridge for DMZ services
|
||||
- name: bridge-int-setup
|
||||
image: linuxkit/ip:v0.6
|
||||
command: ["/bin/sh", "-c", "ip a add 172.23.200.254/24 dev br-int; ip link set veth-validator master br-int; ip link set veth-ns master br-int; ip link set veth-time master br-int; ip link set veth-mail master br-int; ip link set br-int up; ip link set veth-validator up; ip link set veth-ns up; ip link set veth-time up; ip link set veth-mail up" ]
|
||||
@ -208,10 +225,14 @@ services:
|
||||
- /etc/ntpd.conf:/etc/ntpd.conf:ro
|
||||
|
||||
# - name: postfix
|
||||
# image: TBD
|
||||
# image: mwader/postfix-relay
|
||||
# net: /run/netns/dmz-mail
|
||||
# environment:
|
||||
# - POSTFIX_myhostname=adlin.nemunai.re
|
||||
# binds:
|
||||
# - /etc/postfix/main.cf:/etc/postfix/main.cf:ro
|
||||
# - /var/lib/adlin/postfix/mail:/var/mail
|
||||
# - /var/lib/adlin/postfix/lib:/var/lib/postfix
|
||||
# - /var/lib/adlin/postfix/spool:/var/spool/postfix
|
||||
|
||||
files:
|
||||
- path: etc/init.d/011-copy-to-var
|
||||
|
Reference in New Issue
Block a user