some progress...

This commit is contained in:
Francois Lesueur 2022-12-22 18:52:38 +01:00
parent a84600e42a
commit 5981655b54
7 changed files with 28 additions and 33 deletions

View File

@ -164,9 +164,9 @@ EOF
cd "${CAROOT}"
/root/mkcert/mkcert "*.kaz.milxc" # cert et clé dans /etc/letsencrypt/local/
mkdir -p /etc/letsencrypt/live/kaz.local/
ln -s ../../local/_wildcard.kaz.local.pem /etc/letsencrypt/live/kaz.local/fullchain.pem
ln -s ../../local/_wildcard.kaz.local-key.pem /etc/letsencrypt/live/kaz.local/privkey.pem
mkdir -p /etc/letsencrypt/live/kaz.milxc/
ln -s ../../local/_wildcard.kaz.milxc.pem /etc/letsencrypt/live/kaz.milxc/fullchain.pem
ln -s ../../local/_wildcard.kaz.milxc-key.pem /etc/letsencrypt/live/kaz.milxc/privkey.pem
fi
# Essai pour faire accepter la CA à FFOX dès le début
@ -192,6 +192,16 @@ EOF
cd snster
./install.sh
# SNSTER KAZ
cp -ar ${VAGRANT_SRC_DIR}/templates /root
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
# crypto keys
cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
# Build SNSTER KAZ !
snster -c /root/snster-kaz -t /root/templates create
# clear apt cache
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y

View File

@ -24,8 +24,8 @@ hosts:
- bgprouter:
asn: 20
asdev: eth1;eth2
neighbors4: 100.64.1.1 as 31
neighbors6: 2001:db8:b001::1 as 31
neighbors4: 100.64.0.1 as 30
neighbors6: 2001:db8:b000::1 as 30
- resolv:
nameserver: 100.100.100.100
domain: isp-a.milxc

View File

@ -14,9 +14,9 @@ chmod +x /clawsmail/genpasswd
DEBIAN_FRONTEND=noninteractive apt-get install -y claws-mail
if [ -f /clawsmail/addclawsuser.sh ]; then
/clawsmail/addclawsuser.sh contact1 kaz.milxc toto 1
/clawsmail/addclawsuser.sh contact2 kaz.milxc toto 2
/clawsmail/addclawsuser.sh contact3 kaz.milxc toto 3
/clawsmail/addclawsuser.sh contact4 kaz.milxc toto 4
/clawsmail/addclawsuser.sh email isp-a.milxc email 4
su debian /clawsmail/addclawsuser.sh contact1 kaz.milxc toto 1
su debian /clawsmail/addclawsuser.sh contact2 kaz.milxc toto 2
su debian /clawsmail/addclawsuser.sh contact3 kaz.milxc toto 3
su debian /clawsmail/addclawsuser.sh contact4 kaz.milxc toto 4
su debian /clawsmail/addclawsuser.sh email isp-a.milxc email 4
fi

View File

@ -15,7 +15,7 @@ smtp IN CNAME dmz
imap IN CNAME dmz
www IN CNAME dmz
mail IN CNAME dmz
listes IN MX listes
listes IN MX 10 listes
listes IN A 100.80.1.2
firewall IN A 100.80.0.1
firewall IN AAAA 2001:db8:80::0:1

View File

@ -9,26 +9,11 @@ cd `dirname $0`
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
systemctl stop systemd-resolved
apt-get update
DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
then
DEBIAN_FRONTEND=noninteractive apt-get install -y certbot python3-certbot-apache
else
echo "Unsupported Debian version"
exit 1
fi
DEBIAN_FRONTEND=noninteractive apt-get update
DEBIAN_FRONTEND=noninteractive apt-get remove -y apache2
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
# preconfig TLS and certbot
a2enmod ssl
a2ensite default-ssl.conf
echo -e "
email=admin@kaz.milxc
agree-tos=1
no-verify-ssl=1
" >> /etc/letsencrypt/cli.ini
# Go KAZ !
# KAZ specific things
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine

View File

@ -21,8 +21,8 @@ hosts:
- bgprouter:
asn: 12
asdev: eth1
neighbors4: 100.64.1.1 as 31
neighbors6: 2001:db8:b001::1 as 31
neighbors4: 100.64.0.1 as 30
neighbors6: 2001:db8:b000::1 as 30
- resolv:
nameserver: 100.100.100.100
domain: mica.milxc

View File

@ -21,8 +21,8 @@ hosts:
- bgprouter:
asn: 7
asdev: eth2
neighbors4: 100.64.0.1 as 30;100.64.1.1 as 31
neighbors6: 2001:db8:b000::1 as 30;2001:db8:b001::1 as 31
neighbors4: 100.64.0.1 as 30
neighbors6: 2001:db8:b000::1 as 30
- resolv:
nameserver: 100.100.100.100
domain: opendns.milxc