Compare commits
3 Commits
Author | SHA1 | Date | |
---|---|---|---|
3d0670bde8 | |||
5ebac252b3 | |||
5d4e4c3dae |
2
apk/spoc
2
apk/spoc
@ -1 +1 @@
|
|||||||
Subproject commit 8c22df2e71de329a286e75af9bff69e82876db35
|
Subproject commit 855c5526f691e622b2d98cf6276820ebadf286f1
|
@ -1 +1 @@
|
|||||||
Subproject commit 1c810db9472f50bd9dbe1e0f38df72590b120124
|
Subproject commit 57b0020a914eded95cb21651798d609bc01e85d3
|
23
vm.sh
23
vm.sh
@ -14,8 +14,8 @@ echo
|
|||||||
|
|
||||||
# Set up repositories
|
# Set up repositories
|
||||||
cat <<EOF >/etc/apk/repositories
|
cat <<EOF >/etc/apk/repositories
|
||||||
http://dl-cdn.alpinelinux.org/alpine/v3.12/main
|
http://dl-cdn.alpinelinux.org/alpine/v3.15/main
|
||||||
http://dl-cdn.alpinelinux.org/alpine/v3.12/community
|
http://dl-cdn.alpinelinux.org/alpine/v3.15/community
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Install disk management tools
|
# Install disk management tools
|
||||||
@ -35,10 +35,6 @@ p
|
|||||||
2
|
2
|
||||||
|
|
||||||
|
|
||||||
t
|
|
||||||
2
|
|
||||||
8e
|
|
||||||
w
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Set up partition encryption
|
# Set up partition encryption
|
||||||
@ -72,12 +68,8 @@ UUID=${BOOT_UUID} /boot ext4 rw,noatime,data=ordered 0 2
|
|||||||
EOF
|
EOF
|
||||||
echo "system UUID=${CRYPT_UUID} none luks" >/mnt/etc/crypttab
|
echo "system UUID=${CRYPT_UUID} none luks" >/mnt/etc/crypttab
|
||||||
|
|
||||||
# Rebuild initfs
|
|
||||||
sed -i 's/lvm/lvm cryptsetup/' /mnt/etc/mkinitfs/mkinitfs.conf
|
|
||||||
mkinitfs -c /mnt/etc/mkinitfs/mkinitfs.conf -b /mnt $(ls /mnt/lib/modules)
|
|
||||||
|
|
||||||
# Update extlinux (ignore the errors)
|
# Update extlinux (ignore the errors)
|
||||||
sed -i "s/rootfstype=ext4/rootfstype=ext4 cryptroot=UUID=${CRYPT_UUID} cryptdm=system/" /mnt/etc/update-extlinux.conf
|
sed -i "s/crypdm=root/cryptdm=system/" /mnt/etc/update-extlinux.conf
|
||||||
chroot /mnt update-extlinux
|
chroot /mnt update-extlinux
|
||||||
sed -i 's/overwrite=1/overwrite=0/' /mnt/etc/update-extlinux.conf
|
sed -i 's/overwrite=1/overwrite=0/' /mnt/etc/update-extlinux.conf
|
||||||
|
|
||||||
@ -89,11 +81,16 @@ apk --no-cache add apache2-utils gettext
|
|||||||
wget https://repo.spotter.cz/vm.tar.gz -O - | tar xzf - -C /mnt
|
wget https://repo.spotter.cz/vm.tar.gz -O - | tar xzf - -C /mnt
|
||||||
envsubst </mnt/boot/extlinux.conf >/mnt/boot/extlinux.conf.new
|
envsubst </mnt/boot/extlinux.conf >/mnt/boot/extlinux.conf.new
|
||||||
mv /mnt/boot/extlinux.conf.new /mnt/boot/extlinux.conf
|
mv /mnt/boot/extlinux.conf.new /mnt/boot/extlinux.conf
|
||||||
chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc logrotate lxc postfix nginx openssh-server openssh-sftp-server util-linux spoc@vm vmmgr@vm
|
chroot /mnt apk --no-cache add ca-certificates curl e2fsprogs-extra gettext kbd-misc logrotate postfix nginx openssh-server openssh-sftp-server util-linux podman spoc@spotter vmmgr@spotter
|
||||||
chroot /mnt newaliases
|
chroot /mnt newaliases
|
||||||
for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix spoc swap urandom vmmgr; do
|
|
||||||
|
# Enable services
|
||||||
|
for SERVICE in cgroups consolefont crond networking nginx ntpd postfix spoc swap urandom vmmgr; do
|
||||||
ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot
|
ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Configure spoc and vmmgr
|
||||||
|
chroot /mnt adduser -D spoc
|
||||||
ADMINPWD=$(htpasswd -bnBC 10 '' "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst </mnt/etc/vmmgr/config.json >/mnt/etc/vmmgr/config.json.new
|
ADMINPWD=$(htpasswd -bnBC 10 '' "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst </mnt/etc/vmmgr/config.json >/mnt/etc/vmmgr/config.json.new
|
||||||
mv /mnt/etc/vmmgr/config.json.new /mnt/etc/vmmgr/config.json
|
mv /mnt/etc/vmmgr/config.json.new /mnt/etc/vmmgr/config.json
|
||||||
|
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
http://dl-cdn.alpinelinux.org/alpine/v3.12/main
|
http://dl-cdn.alpinelinux.org/alpine/v3.15/main
|
||||||
http://dl-cdn.alpinelinux.org/alpine/v3.12/community
|
http://dl-cdn.alpinelinux.org/alpine/v3.15/community
|
||||||
@vm https://repo.spotter.cz/alpine/v3.12/apk
|
@spotter https://repo.spotter.cz/alpine/v3.15/apk
|
||||||
|
@ -1,14 +0,0 @@
|
|||||||
# /etc/conf.d/iptables
|
|
||||||
|
|
||||||
# Location in which iptables initscript will save set rules on
|
|
||||||
# service shutdown
|
|
||||||
IPTABLES_SAVE="/etc/iptables/rules-save"
|
|
||||||
|
|
||||||
# Options to pass to iptables-save and iptables-restore
|
|
||||||
SAVE_RESTORE_OPTIONS="-c"
|
|
||||||
|
|
||||||
# Save state on stopping iptables
|
|
||||||
SAVE_ON_STOP="no"
|
|
||||||
|
|
||||||
# Enable/disable IPv4 forwarding with the rules
|
|
||||||
IPFORWARD="yes"
|
|
@ -1,3 +1,2 @@
|
|||||||
127.0.0.1 localhost
|
127.0.0.1 localhost
|
||||||
::1 localhost
|
::1 localhost
|
||||||
172.17.0.1 host
|
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
*nat
|
|
||||||
:PREROUTING ACCEPT [0:0]
|
|
||||||
:INPUT ACCEPT [0:0]
|
|
||||||
:OUTPUT ACCEPT [0:0]
|
|
||||||
:POSTROUTING ACCEPT [0:0]
|
|
||||||
[0:0] -A POSTROUTING -o eth0 -j MASQUERADE
|
|
||||||
COMMIT
|
|
@ -4,14 +4,6 @@ iface lo inet loopback
|
|||||||
auto eth0
|
auto eth0
|
||||||
iface eth0 inet dhcp
|
iface eth0 inet dhcp
|
||||||
|
|
||||||
auto spocbr0
|
|
||||||
iface spocbr0 inet static
|
|
||||||
address 172.17.0.1
|
|
||||||
netmask 255.255.0.0
|
|
||||||
bridge_fd 0
|
|
||||||
bridge_stp off
|
|
||||||
bridge_waitport 0
|
|
||||||
|
|
||||||
auto wg0
|
auto wg0
|
||||||
iface wg0 inet static
|
iface wg0 inet static
|
||||||
address 172.17.255.1
|
address 172.17.255.1
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
append_dot_mydomain = no
|
append_dot_mydomain = no
|
||||||
biff = no
|
biff = no
|
||||||
compatibility_level = 2
|
compatibility_level = 2
|
||||||
mynetworks = 127.0.0.0/8 172.17.0.0/16 [::1]/128
|
mynetworks = 127.0.0.0/8 10.88.0.0/16 [::1]/128
|
||||||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||||||
smtp_use_tls = yes
|
smtp_use_tls = yes
|
||||||
|
1
vm/etc/subgid
Normal file
1
vm/etc/subgid
Normal file
@ -0,0 +1 @@
|
|||||||
|
spoc:100000:65536
|
1
vm/etc/subuid
Normal file
1
vm/etc/subuid
Normal file
@ -0,0 +1 @@
|
|||||||
|
spoc:100000:65536
|
Loading…
Reference in New Issue
Block a user