snster bootstrap

files/snster-kaz/isp-a/group.yml

@@ -0,0 +1,61 @@
+version: 1
+
+header:
+  name: ISP-A AS
+  comment: An ISP
+
+hosts:
+  router:
+    master: alpine
+    network:
+      interfaces:
+        eth0:
+          bridge: transit-a
+          ipv4: 100.64.0.110/24
+          ipv6: 2001:db8:b000::110/48
+        eth1:
+          bridge: isp-a-cust
+          ipv4: 100.120.0.1/24
+        eth2:
+          bridge: isp-a-infra
+          ipv4: 100.120.1.1/24
+          ipv6: 2001:db8:120:1::1/64
+    templates:
+      - bgprouter:
+          asn: 20
+          asdev: eth1;eth2
+          neighbors4: 100.64.1.1 as 31
+          neighbors6: 2001:db8:b001::1 as 31
+      - resolv:
+          nameserver: 100.100.100.100
+          domain: isp-a.milxc
+
+  infra:
+    network:
+      interfaces:
+        eth0:
+          bridge: isp-a-infra
+          ipv4: 100.120.1.2/24
+          ipv6: 2001:db8:120:1::2/64
+      gatewayv4: 100.120.1.1
+      gatewayv6: 2001:db8:120:1::1
+    templates:
+      - mailserver:
+          domain: isp-a.milxc
+      - resolverns:
+      - resolv:
+          domain: isp-a.milxc
+          ns: 100.120.1.2
+
+  home:
+    network:
+      interfaces:
+        eth0:
+          bridge: isp-a-cust
+          ipv4: 100.120.0.3/24
+      gatewayv4: 100.120.0.1
+    templates:
+      - updatecaroots:
+      - resolv:
+          domain: isp-a.milxc
+          ns: 100.120.1.2

files/snster-kaz/isp-a/infra/dns.conf

@@ -0,0 +1,9 @@
+server:
+  interface: 0.0.0.0
+  access-control: 100.64.0.0/10 allow
+	
+  local-zone: "isp-a.milxc." static
+  local-data: "smtp.isp-a.milxc. IN A 100.120.1.2"
+  local-data: "imap.isp-a.milxc. IN A 100.120.1.2"
+  local-data: "ns.isp-a.milxc. IN A 100.120.1.2"
+  local-data: "isp-a.milxc. IN MX 10 smtp.isp-a.milxc."

files/snster-kaz/isp-a/infra/provision.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# ISP-A infra
+set -e
+if [ -z $MILXCGUARD ] ; then exit 1; fi
+DIR=`dirname $0`
+cd `dirname $0`
+
+# Email's mail account email@isp-a.milxc
+useradd -m -s "/bin/bash" -p `mkpasswd --method=sha-512 email` email || true
+addgroup email mail
+#mkdir /home/hacker/mail
+#touch /home/hacker/mail/Drafts /home/hacker/mail/Queue /home/hacker/mail/Sent /home/hacker/mail/Trash
+
+# disable systemd-resolved which conflicts with nsd
+echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
+systemctl stop systemd-resolved
+
+# manage isp-a.milxc zone
+apt-get update
+DEBIAN_FRONTEND=noninteractive apt-get install -y unbound
+cp dns.conf /etc/unbound/unbound.conf.d/