KAZ/kaz-vagrant
12
0
Fork 0
Code Issues Pull Requests Projects Releases1 Wiki Activity

some progress...

Browse Source
This commit is contained in:
Francois Lesueur
2022-12-22 18:52:38 +01:00
parent a84600e42a
commit 5981655b54
7 changed files with 28 additions and 33 deletions

16
files/provision.sh

@ -164,9 +164,9 @@ EOF
cd "${CAROOT}" cd "${CAROOT}"
/root/mkcert/mkcert "*.kaz.milxc" # cert et clé dans /etc/letsencrypt/local/ /root/mkcert/mkcert "*.kaz.milxc" # cert et clé dans /etc/letsencrypt/local/
mkdir -p /etc/letsencrypt/live/kaz.local/ mkdir -p /etc/letsencrypt/live/kaz.milxc/
ln -s ../../local/_wildcard.kaz.local.pem /etc/letsencrypt/live/kaz.local/fullchain.pem ln -s ../../local/_wildcard.kaz.milxc.pem /etc/letsencrypt/live/kaz.milxc/fullchain.pem
ln -s ../../local/_wildcard.kaz.local-key.pem /etc/letsencrypt/live/kaz.local/privkey.pem ln -s ../../local/_wildcard.kaz.milxc-key.pem /etc/letsencrypt/live/kaz.milxc/privkey.pem
fi fi
# Essai pour faire accepter la CA à FFOX dès le début # Essai pour faire accepter la CA à FFOX dès le début
@ -192,6 +192,16 @@ EOF
cd snster cd snster
./install.sh ./install.sh
# SNSTER KAZ
cp -ar ${VAGRANT_SRC_DIR}/templates /root
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
# crypto keys
cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
# Build SNSTER KAZ !
snster -c /root/snster-kaz -t /root/templates create
# clear apt cache # clear apt cache
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y DEBIAN_FRONTEND=noninteractive apt-get autoremove -y

4
files/snster-kaz/isp-a/group.yml

@ -24,8 +24,8 @@ hosts:
- bgprouter: - bgprouter:
asn: 20 asn: 20
asdev: eth1;eth2 asdev: eth1;eth2
neighbors4: 100.64.1.1 as 31 neighbors4: 100.64.0.1 as 30
neighbors6: 2001:db8:b001::1 as 31 neighbors6: 2001:db8:b000::1 as 30
- resolv: - resolv:
nameserver: 100.100.100.100 nameserver: 100.100.100.100
domain: isp-a.milxc domain: isp-a.milxc

10
files/snster-kaz/isp-a/home/provision.sh

@ -14,9 +14,9 @@ chmod +x /clawsmail/genpasswd
DEBIAN_FRONTEND=noninteractive apt-get install -y claws-mail DEBIAN_FRONTEND=noninteractive apt-get install -y claws-mail
if [ -f /clawsmail/addclawsuser.sh ]; then if [ -f /clawsmail/addclawsuser.sh ]; then
/clawsmail/addclawsuser.sh contact1 kaz.milxc toto 1 su debian /clawsmail/addclawsuser.sh contact1 kaz.milxc toto 1
/clawsmail/addclawsuser.sh contact2 kaz.milxc toto 2 su debian /clawsmail/addclawsuser.sh contact2 kaz.milxc toto 2
/clawsmail/addclawsuser.sh contact3 kaz.milxc toto 3 su debian /clawsmail/addclawsuser.sh contact3 kaz.milxc toto 3
/clawsmail/addclawsuser.sh contact4 kaz.milxc toto 4 su debian /clawsmail/addclawsuser.sh contact4 kaz.milxc toto 4
/clawsmail/addclawsuser.sh email isp-a.milxc email 4 su debian /clawsmail/addclawsuser.sh email isp-a.milxc email 4
fi fi

2
files/snster-kaz/kaz/prod/dns.conf

@ -15,7 +15,7 @@ smtp IN CNAME dmz
imap IN CNAME dmz imap IN CNAME dmz
www IN CNAME dmz www IN CNAME dmz
mail IN CNAME dmz mail IN CNAME dmz
listes IN MX listes listes IN MX 10 listes
listes IN A 100.80.1.2 listes IN A 100.80.1.2
firewall IN A 100.80.0.1 firewall IN A 100.80.0.1
firewall IN AAAA 2001:db8:80::0:1 firewall IN AAAA 2001:db8:80::0:1

21
files/snster-kaz/kaz/prod/provision.sh

@ -9,26 +9,11 @@ cd `dirname $0`
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
systemctl stop systemd-resolved systemctl stop systemd-resolved
apt-get update DEBIAN_FRONTEND=noninteractive apt-get update
DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1` DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2
if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
then
DEBIAN_FRONTEND=noninteractive apt-get install -y certbot python3-certbot-apache
else
echo "Unsupported Debian version"
exit 1
fi
# preconfig TLS and certbot
a2enmod ssl
a2ensite default-ssl.conf
echo -e "
email=admin@kaz.milxc
agree-tos=1
no-verify-ssl=1
" >> /etc/letsencrypt/cli.ini
# Go KAZ ! # Go KAZ !
# KAZ specific things # KAZ specific things
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine #installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine

4
files/snster-kaz/mica/group.yml

@ -21,8 +21,8 @@ hosts:
- bgprouter: - bgprouter:
asn: 12 asn: 12
asdev: eth1 asdev: eth1
neighbors4: 100.64.1.1 as 31 neighbors4: 100.64.0.1 as 30
neighbors6: 2001:db8:b001::1 as 31 neighbors6: 2001:db8:b000::1 as 30
- resolv: - resolv:
nameserver: 100.100.100.100 nameserver: 100.100.100.100
domain: mica.milxc domain: mica.milxc

4
files/snster-kaz/opendns/group.yml

@ -21,8 +21,8 @@ hosts:
- bgprouter: - bgprouter:
asn: 7 asn: 7
asdev: eth2 asdev: eth2
neighbors4: 100.64.0.1 as 30;100.64.1.1 as 31 neighbors4: 100.64.0.1 as 30
neighbors6: 2001:db8:b000::1 as 30;2001:db8:b001::1 as 31 neighbors6: 2001:db8:b000::1 as 30
- resolv: - resolv:
nameserver: 100.100.100.100 nameserver: 100.100.100.100
domain: opendns.milxc domain: opendns.milxc