added ns...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>

ns/assets/etc/dnsmasq.conf

@@ -0,0 +1,58 @@
+
+# DNS
+
+# Never forward plain names (without a dot or domain part)
+domain-needed
+# Never forward addresses in the non-routed address spaces.
+bogus-priv
+
+resolv-file=/etc/resolv.conf
+
+local-service
+
+listen-address=::1,127.0.0.1,10.1.1.1,10.0.0.1
+
+expand-hosts
+
+local=/srv/
+domain=srv
+
+
+
+# DHCP
+
+#no-dhcp-interface=admin
+
+dhcp-authoritative
+
+#dhcp-range=192.168.1.0,static
+dhcp-range=interface:admin,10.0.0.20,10.0.0.200,12h
+dhcp-range=interface:lan,10.1.1.20,10.1.1.200,12h
+
+#dhcp-lease-max=150
+#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
+
+
+# ns
+address=/ns/10.0.0.1
+
+# gate
+address=/gate/10.0.0.2
+dhcp-option=option:router,10.0.0.2
+dhcp-option=3,10.0.0.2
+
+# pve
+address=/pve/10.0.0.254
+
+# directly routed services get specific IPs...
+# NOTE: this is needed to reliably forward ports to these services.
+dhcp-host=ssh,10.0.0.4,infinite
+dhcp-host=wireguard,10.0.0.5,infinite
+
+
+
+# MISC
+
+# Include all files in a directory which end in .conf
+conf-dir=/etc/dnsmasq.d/,*.conf
+

ns/assets/etc/network/interfaces

@@ -0,0 +1,15 @@
+auto lo
+iface lo inet loopback
+iface lo inet6 loopback
+
+auto lan
+iface lan inet static
+	address 10.0.0.1/24
+	gateway 10.0.0.2
+	hostname $(hostname)
+
+auto admin
+iface admin inet dhcp
+	hostname $(hostname)
+
+

ns/assets/root/leases

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+cut -d " " -f 3,4 /var/lib/misc/dnsmasq.leases \
+	| sort -t "." -k 4 -n \
+	| sed 's/ /\t/;s/^/    /'
+

ns/make.sh

@@ -0,0 +1,134 @@
+#!/usr/bin/bash
+#----------------------------------------------------------------------
+
+source ../.pct-helpers
+
+
+#----------------------------------------------------------------------
+
+UPDATE_ON_LAN=1
+TIMEOUT=5
+TMP_PASS_LEN=32
+
+TEMPLATE_DIR=templates
+ASSETS_DIR=assets
+
+# EMAIL=
+# DOMAIN=
+# ID=
+# CTHOSTNAME=
+# WAN_IP=
+# WAN_GATE=
+# ROOTPASS=
+
+DFL_EMAIL=user@example.com
+DFL_DOMAIN=example.com
+DFL_ID=100
+DFL_CTHOSTNAME=ns
+DFL_WAN_IP=192.168.1.101/24
+DFL_WAN_GATE=192.168.1.252
+
+TMP_PASS=$(cat /dev/urandom | base64 | head -c ${TMP_PASS_LEN:=32})
+
+
+#----------------------------------------------------------------------
+
+[ -z $EMAIL ] \
+	&& read -ep "Email: " -i "$DFL_EMAIL" EMAIL
+EMAIL=${EMAIL:=$DFL_EMAIL}
+[ -z $DOMAIN ] \
+	&& read -ep "Domain: " -i "$DFL_DOMAIN" DOMAIN
+DOMAIN=${DOMAIN:=$DFL_DOMAIN}
+[ -z $ID ] \
+	&& read -ep "ID: " -i "$DFL_ID" ID
+[ -z $CTHOSTNAME ] \
+	&& read -ep "Hostname: " -i "$DFL_CTHOSTNAME" CTHOSTNAME
+[ -z $WAN_IP ] \
+	&& read -ep "WAN ip (stub): " -i "$DFL_WAN_IP" WAN_IP
+[ -z $WAN_GATE ] \
+	&& read -ep "WAN gateway (stub): " -i "$DFL_WAN_GATE" WAN_GATE
+if [ -z $ROOTPASS ] ; then
+	read -sep "root password (Enter to skip): " PASS1
+	echo
+	if [ $PASS1 ] ; then
+		read -sep "retype root password: " PASS2
+		echo
+		if [[ $PASS1 != $PASS2 ]] ; then
+			echo "ERR: passwords do not match."
+			exit 1
+		fi
+		PASS=$PASS1
+	fi
+else
+	PASS=$ROOTPASS
+fi
+
+
+#----------------------------------------------------------------------
+
+echo Building config...
+TEMPLATES=($(find "$TEMPLATE_DIR" -type f))
+for file in "${TEMPLATES[@]}" ; do
+	file=${file#${TEMPLATE_DIR}}
+	echo Generating: ${file}...
+	cat "${TEMPLATE_DIR}/${file}" \
+		| sed \
+			-e 's/\${EMAIL}/'$EMAIL'/' \
+			-e 's/\${DOMAIN}/'$DOMAIN'/' \
+			-e 's/\${CTHOSTNAME}/'$CTHOSTNAME'/' \
+			-e 's/\${WAN_IP}/'${WAN_IP/\//\\/}'/' \
+			-e 's/\${WAN_GATE}/'$WAN_GATE'/' \
+		> "${ASSETS_DIR}/${file}"
+done
+
+
+#----------------------------------------------------------------------
+
+echo Creating CT...
+
+TEMPLATE=($(ls /var/lib/vz/template/cache/alpine-3.18*.tar.xz))
+
+# NOTE: we are not setting the password here to avoid printing it to the terminal...
+@ pct create $ID \
+	${TEMPLATE[-1]} \
+	--hostname $CTHOSTNAME \
+	--memory 128 \
+	--swap 128 \
+	--net0 name=lan,bridge=vmbr0,firewall=1,ip=dhcp,type=veth \
+	--net1 name=admin,bridge=vmbr1,firewall=1,type=veth \
+	--net2 name=wan,bridge=vmbr2,firewall=1${WAN_GATE:+,gw=${WAN_GATE}}${WAN_IP:+,ip=${WAN_IP}},type=veth \
+	--storage local-lvm \
+	--rootfs local-lvm:0.5 \
+	--unprivileged 1 \
+	--password="$TMP_PASS" \
+	--start 1 \
+|| exit 1
+
+
+echo Setting root password...
+if [ $PASS ] ; then
+	echo "root:$PASS" \
+		| @ lxc-attach $ID chpasswd
+fi
+
+echo Updating container...
+@ lxc-attach $ID apk update
+@ lxc-attach $ID apk upgrade
+
+echo Installing dependencies...
+@ lxc-attach $ID apk add bash dnsmasq
+
+echo Copying assets...
+@ pct-push-r $ID ./assets /
+
+echo Setup: dnsmasq...
+@ lxc-attach $ID rc-update add dnsmasq
+@ lxc-attach $ID rc-service dnsmasq start
+
+
+
+echo Done.
+
+
+#----------------------------------------------------------------------
+# vim:set ts=4 sw=4 :