Implement VPN + SSH configuration

This commit is contained in:
Disassembler 2019-03-22 08:49:00 +01:00
parent 508cb47c1e
commit dfd0273a2c
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499
7 changed files with 11 additions and 14 deletions

View File

@ -5,7 +5,7 @@ cd $(realpath $(dirname "${0}"))
# Install basic build tools # Install basic build tools
apk update apk update
apk add git file htop less openssh-client openssh-server openssh-sftp-server tar xz apk add git file htop less openssh-client tar xz
# Install Alpine SDK # Install Alpine SDK
apk add alpine-sdk apk add alpine-sdk
# Install Sphinx support # Install Sphinx support
@ -15,13 +15,8 @@ pip3 install recommonmark sphinx-markdown-tables
# Copy root profile files and settings # Copy root profile files and settings
mkdir -p /root/.config/htop /root/.ssh mkdir -p /root/.config/htop /root/.ssh
cp root/.profile /root/.profile cp root/.profile /root/.profile
cp root/.ssh/authorized_keys /root/.ssh/authorized_keys
cp root/.config/htop/htoprc /root/.config/htop/htoprc cp root/.config/htop/htoprc /root/.config/htop/htoprc
# Start SSH
rc-update add sshd boot
service sshd start
# Prepare abuild toolchain # Prepare abuild toolchain
adduser root abuild adduser root abuild
cp etc/abuild.conf /etc/abuild.conf cp etc/abuild.conf /etc/abuild.conf

View File

@ -1,2 +1,2 @@
alias ll="ls -la" alias ll="ls -la"
alias view="vi" alias view="vi -R"

View File

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILc3Mu7OlKrV7VqDQZ31vT3I3JJxtNNBiemUTRQVOZ3I Disassembler

4
_vm.sh
View File

@ -86,10 +86,10 @@ chroot /mnt setup-timezone -z Europe/Prague
# Install basic system # Install basic system
apk --no-cache add apache2-utils gettext apk --no-cache add apache2-utils gettext
wget https://dl.dasm.cz/_vm.tar -O - | tar xf - -C /mnt wget https://dl.dasm.cz/_vm.tar -O - | tar xf - -C /mnt
chroot /mnt apk --no-cache add ca-certificates curl bridge e2fsprogs-extra gettext iptables kbd-misc libressl lxc postfix nginx util-linux wireguard-virt@et wireguard-tools-wg@et acme-sh@vm vmmgr@vm chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc libressl lxc postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt@et wireguard-tools-wg@et acme-sh@vm vmmgr@vm
chroot /mnt newaliases chroot /mnt newaliases
mkdir /mnt/var/log/lxc mkdir /mnt/var/log/lxc
for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix swap urandom vmmgr; do for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix sshd swap urandom vmmgr; do
ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot
done done
ADMINPWD=$(htpasswd -bnBC 10 "" "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst </mnt/etc/vmmgr/config.default.json >/mnt/etc/vmmgr/config.json ADMINPWD=$(htpasswd -bnBC 10 "" "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst </mnt/etc/vmmgr/config.default.json >/mnt/etc/vmmgr/config.json

View File

@ -14,8 +14,8 @@ iface lxcbr0 inet static
auto wg0 auto wg0
iface wg0 inet static iface wg0 inet static
address 172.18.0.2 address 172.17.255.1
netmask 255.255.255.252 netmask 255.255.255.0
pre-up ip link add $IFACE type wireguard pre-up ip link add $IFACE type wireguard
pre-up wg setconf $IFACE /etc/wireguard/wg0.conf pre-up wg setconf $IFACE /etc/wireguard/wg0.conf || ip link del $IFACE
post-down ip link del $IFACE post-down ip link del $IFACE

View File

@ -0,0 +1,3 @@
[Interface]
ListenPort = 51820
PrivateKey = None

2
vmmgr

@ -1 +1 @@
Subproject commit d863fe6675db3da57a81600d3b53bade7712e192 Subproject commit bba7e0383c4926a73b7485f83d8f7d2c5cfb7ad8