some progress...

files/provision.sh

@@ -164,9 +164,9 @@ EOF
 	cd "${CAROOT}"
 	/root/mkcert/mkcert "*.kaz.milxc" # cert et clé dans /etc/letsencrypt/local/
 
-	mkdir -p /etc/letsencrypt/live/kaz.local/
-	ln -s ../../local/_wildcard.kaz.local.pem /etc/letsencrypt/live/kaz.local/fullchain.pem
-	ln -s ../../local/_wildcard.kaz.local-key.pem /etc/letsencrypt/live/kaz.local/privkey.pem
+	mkdir -p /etc/letsencrypt/live/kaz.milxc/
+	ln -s ../../local/_wildcard.kaz.milxc.pem /etc/letsencrypt/live/kaz.milxc/fullchain.pem
+	ln -s ../../local/_wildcard.kaz.milxc-key.pem /etc/letsencrypt/live/kaz.milxc/privkey.pem
     fi
 
     # Essai pour faire accepter la CA à FFOX dès le début
@@ -192,6 +192,16 @@ EOF
     cd snster
     ./install.sh
 
+    # SNSTER KAZ
+    cp -ar ${VAGRANT_SRC_DIR}/templates /root
+    cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
+
+    # crypto keys
+    cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/
+    cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
+
+    # Build SNSTER KAZ !
+    snster -c /root/snster-kaz -t /root/templates create
 
     # clear apt cache
     DEBIAN_FRONTEND=noninteractive apt-get autoremove -y

files/snster-kaz/isp-a/group.yml

@@ -24,8 +24,8 @@ hosts:
       - bgprouter:
           asn: 20
           asdev: eth1;eth2
-          neighbors4: 100.64.1.1 as 31
-          neighbors6: 2001:db8:b001::1 as 31
+          neighbors4: 100.64.0.1 as 30
+          neighbors6: 2001:db8:b000::1 as 30
       - resolv:
           nameserver: 100.100.100.100
           domain: isp-a.milxc

files/snster-kaz/isp-a/home/provision.sh

@@ -14,9 +14,9 @@ chmod +x /clawsmail/genpasswd
 DEBIAN_FRONTEND=noninteractive apt-get install -y claws-mail
 
 if [ -f /clawsmail/addclawsuser.sh ]; then
-    /clawsmail/addclawsuser.sh contact1 kaz.milxc toto 1
-    /clawsmail/addclawsuser.sh contact2 kaz.milxc toto 2
-    /clawsmail/addclawsuser.sh contact3 kaz.milxc toto 3
-    /clawsmail/addclawsuser.sh contact4 kaz.milxc toto 4
-    /clawsmail/addclawsuser.sh email isp-a.milxc email 4
+    su debian /clawsmail/addclawsuser.sh contact1 kaz.milxc toto 1
+    su debian /clawsmail/addclawsuser.sh contact2 kaz.milxc toto 2
+    su debian /clawsmail/addclawsuser.sh contact3 kaz.milxc toto 3
+    su debian /clawsmail/addclawsuser.sh contact4 kaz.milxc toto 4
+    su debian /clawsmail/addclawsuser.sh email isp-a.milxc email 4
 fi

files/snster-kaz/kaz/prod/dns.conf

@@ -15,7 +15,7 @@ smtp  IN CNAME 	dmz
 imap  IN CNAME 	dmz
 www   IN CNAME 	dmz
 mail	IN	CNAME	dmz
-listes	IN	MX	listes
+listes	IN	MX	10	listes
 listes	IN	A	100.80.1.2
 firewall   IN A 100.80.0.1
 firewall	IN	AAAA	2001:db8:80::0:1

files/snster-kaz/kaz/prod/provision.sh

@@ -9,26 +9,11 @@ cd `dirname $0`
 echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
 systemctl stop systemd-resolved
 
-apt-get update
-DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
-if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
-then
-  DEBIAN_FRONTEND=noninteractive apt-get install -y  certbot python3-certbot-apache
-else
-  echo "Unsupported Debian version"
-  exit 1
-fi
+DEBIAN_FRONTEND=noninteractive apt-get update
+DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2
+DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
 
 
-# preconfig TLS and certbot
-a2enmod ssl
-a2ensite default-ssl.conf
-echo -e "
-email=admin@kaz.milxc
-agree-tos=1
-no-verify-ssl=1
-" >> /etc/letsencrypt/cli.ini
-
 # Go KAZ !
 # KAZ specific things
 #installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine

files/snster-kaz/mica/group.yml

@@ -21,8 +21,8 @@ hosts:
       - bgprouter:
           asn: 12
           asdev: eth1
-          neighbors4: 100.64.1.1 as 31
-          neighbors6: 2001:db8:b001::1 as 31
+          neighbors4: 100.64.0.1 as 30
+          neighbors6: 2001:db8:b000::1 as 30
       - resolv:
           nameserver: 100.100.100.100
           domain: mica.milxc

files/snster-kaz/opendns/group.yml

@@ -21,8 +21,8 @@ hosts:
       - bgprouter:
           asn: 7
           asdev: eth2
-          neighbors4: 100.64.0.1 as 30;100.64.1.1 as 31
-          neighbors6: 2001:db8:b000::1 as 30;2001:db8:b001::1 as 31
+          neighbors4: 100.64.0.1 as 30
+          neighbors6: 2001:db8:b000::1 as 30
       - resolv:
           nameserver: 100.100.100.100
           domain: opendns.milxc