From c97bca70b98e8965f292395494d0ff5a531417b2 Mon Sep 17 00:00:00 2001 From: "Alex A. Naanou" Date: Thu, 28 Dec 2023 20:08:03 +0300 Subject: [PATCH] added ns... Signed-off-by: Alex A. Naanou --- ns/assets/etc/dnsmasq.conf | 58 ++++++++ ns/assets/etc/network/.pve-ignore.interfaces | 0 ns/assets/etc/network/interfaces | 15 +++ ns/assets/root/leases | 6 + ns/make.sh | 134 +++++++++++++++++++ 5 files changed, 213 insertions(+) create mode 100644 ns/assets/etc/dnsmasq.conf create mode 100644 ns/assets/etc/network/.pve-ignore.interfaces create mode 100644 ns/assets/etc/network/interfaces create mode 100755 ns/assets/root/leases create mode 100644 ns/make.sh diff --git a/ns/assets/etc/dnsmasq.conf b/ns/assets/etc/dnsmasq.conf new file mode 100644 index 0000000..b82e84f --- /dev/null +++ b/ns/assets/etc/dnsmasq.conf @@ -0,0 +1,58 @@ + +# DNS + +# Never forward plain names (without a dot or domain part) +domain-needed +# Never forward addresses in the non-routed address spaces. +bogus-priv + +resolv-file=/etc/resolv.conf + +local-service + +listen-address=::1,127.0.0.1,10.1.1.1,10.0.0.1 + +expand-hosts + +local=/srv/ +domain=srv + + + +# DHCP + +#no-dhcp-interface=admin + +dhcp-authoritative + +#dhcp-range=192.168.1.0,static +dhcp-range=interface:admin,10.0.0.20,10.0.0.200,12h +dhcp-range=interface:lan,10.1.1.20,10.1.1.200,12h + +#dhcp-lease-max=150 +#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases + + +# ns +address=/ns/10.0.0.1 + +# gate +address=/gate/10.0.0.2 +dhcp-option=option:router,10.0.0.2 +dhcp-option=3,10.0.0.2 + +# pve +address=/pve/10.0.0.254 + +# directly routed services get specific IPs... +# NOTE: this is needed to reliably forward ports to these services. +dhcp-host=ssh,10.0.0.4,infinite +dhcp-host=wireguard,10.0.0.5,infinite + + + +# MISC + +# Include all files in a directory which end in .conf +conf-dir=/etc/dnsmasq.d/,*.conf + diff --git a/ns/assets/etc/network/.pve-ignore.interfaces b/ns/assets/etc/network/.pve-ignore.interfaces new file mode 100644 index 0000000..e69de29 diff --git a/ns/assets/etc/network/interfaces b/ns/assets/etc/network/interfaces new file mode 100644 index 0000000..d194fda --- /dev/null +++ b/ns/assets/etc/network/interfaces @@ -0,0 +1,15 @@ +auto lo +iface lo inet loopback +iface lo inet6 loopback + +auto lan +iface lan inet static + address 10.0.0.1/24 + gateway 10.0.0.2 + hostname $(hostname) + +auto admin +iface admin inet dhcp + hostname $(hostname) + + diff --git a/ns/assets/root/leases b/ns/assets/root/leases new file mode 100755 index 0000000..71df484 --- /dev/null +++ b/ns/assets/root/leases @@ -0,0 +1,6 @@ +#!/bin/bash + +cut -d " " -f 3,4 /var/lib/misc/dnsmasq.leases \ + | sort -t "." -k 4 -n \ + | sed 's/ /\t/;s/^/ /' + diff --git a/ns/make.sh b/ns/make.sh new file mode 100644 index 0000000..e98f667 --- /dev/null +++ b/ns/make.sh @@ -0,0 +1,134 @@ +#!/usr/bin/bash +#---------------------------------------------------------------------- + +source ../.pct-helpers + + +#---------------------------------------------------------------------- + +UPDATE_ON_LAN=1 +TIMEOUT=5 +TMP_PASS_LEN=32 + +TEMPLATE_DIR=templates +ASSETS_DIR=assets + +# EMAIL= +# DOMAIN= +# ID= +# CTHOSTNAME= +# WAN_IP= +# WAN_GATE= +# ROOTPASS= + +DFL_EMAIL=user@example.com +DFL_DOMAIN=example.com +DFL_ID=100 +DFL_CTHOSTNAME=ns +DFL_WAN_IP=192.168.1.101/24 +DFL_WAN_GATE=192.168.1.252 + +TMP_PASS=$(cat /dev/urandom | base64 | head -c ${TMP_PASS_LEN:=32}) + + +#---------------------------------------------------------------------- + +[ -z $EMAIL ] \ + && read -ep "Email: " -i "$DFL_EMAIL" EMAIL +EMAIL=${EMAIL:=$DFL_EMAIL} +[ -z $DOMAIN ] \ + && read -ep "Domain: " -i "$DFL_DOMAIN" DOMAIN +DOMAIN=${DOMAIN:=$DFL_DOMAIN} +[ -z $ID ] \ + && read -ep "ID: " -i "$DFL_ID" ID +[ -z $CTHOSTNAME ] \ + && read -ep "Hostname: " -i "$DFL_CTHOSTNAME" CTHOSTNAME +[ -z $WAN_IP ] \ + && read -ep "WAN ip (stub): " -i "$DFL_WAN_IP" WAN_IP +[ -z $WAN_GATE ] \ + && read -ep "WAN gateway (stub): " -i "$DFL_WAN_GATE" WAN_GATE +if [ -z $ROOTPASS ] ; then + read -sep "root password (Enter to skip): " PASS1 + echo + if [ $PASS1 ] ; then + read -sep "retype root password: " PASS2 + echo + if [[ $PASS1 != $PASS2 ]] ; then + echo "ERR: passwords do not match." + exit 1 + fi + PASS=$PASS1 + fi +else + PASS=$ROOTPASS +fi + + +#---------------------------------------------------------------------- + +echo Building config... +TEMPLATES=($(find "$TEMPLATE_DIR" -type f)) +for file in "${TEMPLATES[@]}" ; do + file=${file#${TEMPLATE_DIR}} + echo Generating: ${file}... + cat "${TEMPLATE_DIR}/${file}" \ + | sed \ + -e 's/\${EMAIL}/'$EMAIL'/' \ + -e 's/\${DOMAIN}/'$DOMAIN'/' \ + -e 's/\${CTHOSTNAME}/'$CTHOSTNAME'/' \ + -e 's/\${WAN_IP}/'${WAN_IP/\//\\/}'/' \ + -e 's/\${WAN_GATE}/'$WAN_GATE'/' \ + > "${ASSETS_DIR}/${file}" +done + + +#---------------------------------------------------------------------- + +echo Creating CT... + +TEMPLATE=($(ls /var/lib/vz/template/cache/alpine-3.18*.tar.xz)) + +# NOTE: we are not setting the password here to avoid printing it to the terminal... +@ pct create $ID \ + ${TEMPLATE[-1]} \ + --hostname $CTHOSTNAME \ + --memory 128 \ + --swap 128 \ + --net0 name=lan,bridge=vmbr0,firewall=1,ip=dhcp,type=veth \ + --net1 name=admin,bridge=vmbr1,firewall=1,type=veth \ + --net2 name=wan,bridge=vmbr2,firewall=1${WAN_GATE:+,gw=${WAN_GATE}}${WAN_IP:+,ip=${WAN_IP}},type=veth \ + --storage local-lvm \ + --rootfs local-lvm:0.5 \ + --unprivileged 1 \ + --password="$TMP_PASS" \ + --start 1 \ +|| exit 1 + + +echo Setting root password... +if [ $PASS ] ; then + echo "root:$PASS" \ + | @ lxc-attach $ID chpasswd +fi + +echo Updating container... +@ lxc-attach $ID apk update +@ lxc-attach $ID apk upgrade + +echo Installing dependencies... +@ lxc-attach $ID apk add bash dnsmasq + +echo Copying assets... +@ pct-push-r $ID ./assets / + +echo Setup: dnsmasq... +@ lxc-attach $ID rc-update add dnsmasq +@ lxc-attach $ID rc-service dnsmasq start + + + +echo Done. + + +#---------------------------------------------------------------------- +# vim:set ts=4 sw=4 :