From 5981655b54d30ff17f3f298a3443c06ee33c2278 Mon Sep 17 00:00:00 2001 From: Francois Lesueur Date: Thu, 22 Dec 2022 18:52:38 +0100 Subject: [PATCH] some progress... --- files/provision.sh | 16 +++++++++++++--- files/snster-kaz/isp-a/group.yml | 4 ++-- files/snster-kaz/isp-a/home/provision.sh | 10 +++++----- files/snster-kaz/kaz/prod/dns.conf | 2 +- files/snster-kaz/kaz/prod/provision.sh | 21 +++------------------ files/snster-kaz/mica/group.yml | 4 ++-- files/snster-kaz/opendns/group.yml | 4 ++-- 7 files changed, 28 insertions(+), 33 deletions(-) diff --git a/files/provision.sh b/files/provision.sh index bea1e46..34bd75f 100755 --- a/files/provision.sh +++ b/files/provision.sh @@ -164,9 +164,9 @@ EOF cd "${CAROOT}" /root/mkcert/mkcert "*.kaz.milxc" # cert et clé dans /etc/letsencrypt/local/ - mkdir -p /etc/letsencrypt/live/kaz.local/ - ln -s ../../local/_wildcard.kaz.local.pem /etc/letsencrypt/live/kaz.local/fullchain.pem - ln -s ../../local/_wildcard.kaz.local-key.pem /etc/letsencrypt/live/kaz.local/privkey.pem + mkdir -p /etc/letsencrypt/live/kaz.milxc/ + ln -s ../../local/_wildcard.kaz.milxc.pem /etc/letsencrypt/live/kaz.milxc/fullchain.pem + ln -s ../../local/_wildcard.kaz.milxc-key.pem /etc/letsencrypt/live/kaz.milxc/privkey.pem fi # Essai pour faire accepter la CA à FFOX dès le début @@ -192,6 +192,16 @@ EOF cd snster ./install.sh + # SNSTER KAZ + cp -ar ${VAGRANT_SRC_DIR}/templates /root + cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root + + # crypto keys + cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/ + cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/ + + # Build SNSTER KAZ ! + snster -c /root/snster-kaz -t /root/templates create # clear apt cache DEBIAN_FRONTEND=noninteractive apt-get autoremove -y diff --git a/files/snster-kaz/isp-a/group.yml b/files/snster-kaz/isp-a/group.yml index a728fec..7c24d76 100644 --- a/files/snster-kaz/isp-a/group.yml +++ b/files/snster-kaz/isp-a/group.yml @@ -24,8 +24,8 @@ hosts: - bgprouter: asn: 20 asdev: eth1;eth2 - neighbors4: 100.64.1.1 as 31 - neighbors6: 2001:db8:b001::1 as 31 + neighbors4: 100.64.0.1 as 30 + neighbors6: 2001:db8:b000::1 as 30 - resolv: nameserver: 100.100.100.100 domain: isp-a.milxc diff --git a/files/snster-kaz/isp-a/home/provision.sh b/files/snster-kaz/isp-a/home/provision.sh index 685399b..175a353 100644 --- a/files/snster-kaz/isp-a/home/provision.sh +++ b/files/snster-kaz/isp-a/home/provision.sh @@ -14,9 +14,9 @@ chmod +x /clawsmail/genpasswd DEBIAN_FRONTEND=noninteractive apt-get install -y claws-mail if [ -f /clawsmail/addclawsuser.sh ]; then - /clawsmail/addclawsuser.sh contact1 kaz.milxc toto 1 - /clawsmail/addclawsuser.sh contact2 kaz.milxc toto 2 - /clawsmail/addclawsuser.sh contact3 kaz.milxc toto 3 - /clawsmail/addclawsuser.sh contact4 kaz.milxc toto 4 - /clawsmail/addclawsuser.sh email isp-a.milxc email 4 + su debian /clawsmail/addclawsuser.sh contact1 kaz.milxc toto 1 + su debian /clawsmail/addclawsuser.sh contact2 kaz.milxc toto 2 + su debian /clawsmail/addclawsuser.sh contact3 kaz.milxc toto 3 + su debian /clawsmail/addclawsuser.sh contact4 kaz.milxc toto 4 + su debian /clawsmail/addclawsuser.sh email isp-a.milxc email 4 fi diff --git a/files/snster-kaz/kaz/prod/dns.conf b/files/snster-kaz/kaz/prod/dns.conf index 783d8c4..219fcaa 100644 --- a/files/snster-kaz/kaz/prod/dns.conf +++ b/files/snster-kaz/kaz/prod/dns.conf @@ -15,7 +15,7 @@ smtp IN CNAME dmz imap IN CNAME dmz www IN CNAME dmz mail IN CNAME dmz -listes IN MX listes +listes IN MX 10 listes listes IN A 100.80.1.2 firewall IN A 100.80.0.1 firewall IN AAAA 2001:db8:80::0:1 diff --git a/files/snster-kaz/kaz/prod/provision.sh b/files/snster-kaz/kaz/prod/provision.sh index 5aaf4be..5c8f7a5 100644 --- a/files/snster-kaz/kaz/prod/provision.sh +++ b/files/snster-kaz/kaz/prod/provision.sh @@ -9,26 +9,11 @@ cd `dirname $0` echo "DNSStubListener=no" >> /etc/systemd/resolved.conf systemctl stop systemd-resolved -apt-get update -DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1` -if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye -then - DEBIAN_FRONTEND=noninteractive apt-get install -y certbot python3-certbot-apache -else - echo "Unsupported Debian version" - exit 1 -fi +DEBIAN_FRONTEND=noninteractive apt-get update +DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2 +DEBIAN_FRONTEND=noninteractive apt-get autoremove -y -# preconfig TLS and certbot -a2enmod ssl -a2ensite default-ssl.conf -echo -e " -email=admin@kaz.milxc -agree-tos=1 -no-verify-ssl=1 -" >> /etc/letsencrypt/cli.ini - # Go KAZ ! # KAZ specific things #installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine diff --git a/files/snster-kaz/mica/group.yml b/files/snster-kaz/mica/group.yml index 31d00dd..897a743 100644 --- a/files/snster-kaz/mica/group.yml +++ b/files/snster-kaz/mica/group.yml @@ -21,8 +21,8 @@ hosts: - bgprouter: asn: 12 asdev: eth1 - neighbors4: 100.64.1.1 as 31 - neighbors6: 2001:db8:b001::1 as 31 + neighbors4: 100.64.0.1 as 30 + neighbors6: 2001:db8:b000::1 as 30 - resolv: nameserver: 100.100.100.100 domain: mica.milxc diff --git a/files/snster-kaz/opendns/group.yml b/files/snster-kaz/opendns/group.yml index 2da0cac..c19ea01 100644 --- a/files/snster-kaz/opendns/group.yml +++ b/files/snster-kaz/opendns/group.yml @@ -21,8 +21,8 @@ hosts: - bgprouter: asn: 7 asdev: eth2 - neighbors4: 100.64.0.1 as 30;100.64.1.1 as 31 - neighbors6: 2001:db8:b000::1 as 30;2001:db8:b001::1 as 31 + neighbors4: 100.64.0.1 as 30 + neighbors6: 2001:db8:b000::1 as 30 - resolv: nameserver: 100.100.100.100 domain: opendns.milxc