2025-12-25 12:52:04 +00:00
7 changed files with 2 additions and 232 deletions
--- a/gate-traefik/make.sh
+++ b/gate-traefik/make.sh
@ -132,7 +132,7 @@ echo Updating container...
@ lxc-attach $ID apk upgrade
 echo Installing dependencies...
-@ lxc-attach $ID apk add bash bridge iptables traefik
+@ lxc-attach $ID apk add bash iptables traefik
 echo Copying assets...
@ pct-push-r $ID ./assets /
--- a/gate-traefik/templates/etc/network/interfaces
+++ b/gate-traefik/templates/etc/network/interfaces
@ -4,6 +4,7 @@ iface lo inet6 loopback
 auto lan
 iface lan inet dhcp
 	post-up echo 1 > /proc/sys/net/ipv4/ip_forward
 	hostname $(hostname)
 auto admin
@ -15,14 +16,3 @@ iface wan inet static
 	address ${WAN_IP}
 	gateway ${WAN_GATE} 
 	hostname $(hostname)
 auto br0
 iface br0 inet stattic
 	post-up echo 1 > /proc/sys/net/ipv4/ip_forward
 	pre-up brctl addbr br0
 	bridge-ports lan wan
 	bridge-sip off
 	hostname $(hostname)
 	post-down brctl delbr br0
--- a/ns/assets/etc/dnsmasq.conf
+++ b/ns/assets/etc/dnsmasq.conf
@ -1,58 +0,0 @@
 # DNS
 # Never forward plain names (without a dot or domain part)
 domain-needed
 # Never forward addresses in the non-routed address spaces.
 bogus-priv
 resolv-file=/etc/resolv.conf
 local-service
 listen-address=::1,127.0.0.1,10.1.1.1,10.0.0.1
 expand-hosts
 local=/srv/
 domain=srv
 # DHCP
 #no-dhcp-interface=admin
 dhcp-authoritative
 #dhcp-range=192.168.1.0,static
 dhcp-range=interface:admin,10.0.0.20,10.0.0.200,12h
 dhcp-range=interface:lan,10.1.1.20,10.1.1.200,12h
 #dhcp-lease-max=150
 #dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
 # ns
 address=/ns/10.0.0.1
 # gate
 address=/gate/10.0.0.2
 dhcp-option=option:router,10.0.0.2
 dhcp-option=3,10.0.0.2
 # pve
 address=/pve/10.0.0.254
 # directly routed services get specific IPs...
 # NOTE: this is needed to reliably forward ports to these services.
 dhcp-host=ssh,10.0.0.4,infinite
 dhcp-host=wireguard,10.0.0.5,infinite
 # MISC
 # Include all files in a directory which end in .conf
 conf-dir=/etc/dnsmasq.d/,*.conf
--- a/ns/assets/etc/network/.pve-ignore.interfaces
+++ b/ns/assets/etc/network/.pve-ignore.interfaces
--- a/ns/assets/root/leases
+++ b/ns/assets/root/leases
@ -1,6 +0,0 @@
 #!/bin/bash
 cut -d " " -f 3,4 /var/lib/misc/dnsmasq.leases \
 	| sort -t "." -k 4 -n \
 	| sed 's/ /\t/;s/^/    /'
--- a/ns/make.sh
+++ b/ns/make.sh
@ -1,134 +0,0 @@
 #!/usr/bin/bash
 #----------------------------------------------------------------------
 source ../.pct-helpers
 #----------------------------------------------------------------------
 UPDATE_ON_LAN=1
 TIMEOUT=5
 TMP_PASS_LEN=32
 TEMPLATE_DIR=templates
 ASSETS_DIR=assets
 # EMAIL=
 # DOMAIN=
 # ID=
 # CTHOSTNAME=
 # WAN_IP=
 # WAN_GATE=
 # ROOTPASS=
 DFL_EMAIL=user@example.com
 DFL_DOMAIN=example.com
 DFL_ID=100
 DFL_CTHOSTNAME=ns
 DFL_WAN_IP=192.168.1.101/24
 DFL_WAN_GATE=192.168.1.252
 TMP_PASS=$(cat /dev/urandom | base64 | head -c ${TMP_PASS_LEN:=32})
 #----------------------------------------------------------------------
 [ -z $EMAIL ] \
 	&& read -ep "Email: " -i "$DFL_EMAIL" EMAIL
 EMAIL=${EMAIL:=$DFL_EMAIL}
 [ -z $DOMAIN ] \
 	&& read -ep "Domain: " -i "$DFL_DOMAIN" DOMAIN
 DOMAIN=${DOMAIN:=$DFL_DOMAIN}
 [ -z $ID ] \
 	&& read -ep "ID: " -i "$DFL_ID" ID
 [ -z $CTHOSTNAME ] \
 	&& read -ep "Hostname: " -i "$DFL_CTHOSTNAME" CTHOSTNAME
 [ -z $WAN_IP ] \
 	&& read -ep "WAN ip (stub): " -i "$DFL_WAN_IP" WAN_IP
 [ -z $WAN_GATE ] \
 	&& read -ep "WAN gateway (stub): " -i "$DFL_WAN_GATE" WAN_GATE
 if [ -z $ROOTPASS ] ; then
 	read -sep "root password (Enter to skip): " PASS1
 	echo
 	if [ $PASS1 ] ; then
 		read -sep "retype root password: " PASS2
 		echo
 		if [[ $PASS1 != $PASS2 ]] ; then
 			echo "ERR: passwords do not match."
 			exit 1
 		fi
 		PASS=$PASS1
 	fi
 else
 	PASS=$ROOTPASS
 fi
 #----------------------------------------------------------------------
 echo Building config...
 TEMPLATES=($(find "$TEMPLATE_DIR" -type f))
 for file in "${TEMPLATES[@]}" ; do
 	file=${file#${TEMPLATE_DIR}}
 	echo Generating: ${file}...
 	cat "${TEMPLATE_DIR}/${file}" \
 		| sed \
 			-e 's/\${EMAIL}/'$EMAIL'/' \
 			-e 's/\${DOMAIN}/'$DOMAIN'/' \
 			-e 's/\${CTHOSTNAME}/'$CTHOSTNAME'/' \
 			-e 's/\${WAN_IP}/'${WAN_IP/\//\\/}'/' \
 			-e 's/\${WAN_GATE}/'$WAN_GATE'/' \
 		> "${ASSETS_DIR}/${file}"
 done
 #----------------------------------------------------------------------
 echo Creating CT...
 TEMPLATE=($(ls /var/lib/vz/template/cache/alpine-3.18*.tar.xz))
 # NOTE: we are not setting the password here to avoid printing it to the terminal...
@ pct create $ID \
 	${TEMPLATE[-1]} \
 	--hostname $CTHOSTNAME \
 	--memory 128 \
 	--swap 128 \
 	--net0 name=lan,bridge=vmbr0,firewall=1,ip=dhcp,type=veth \
 	--net1 name=admin,bridge=vmbr1,firewall=1,type=veth \
 	--net2 name=wan,bridge=vmbr2,firewall=1${WAN_GATE:+,gw=${WAN_GATE}}${WAN_IP:+,ip=${WAN_IP}},type=veth \
 	--storage local-lvm \
 	--rootfs local-lvm:0.5 \
 	--unprivileged 1 \
 	--password="$TMP_PASS" \
 	--start 1 \
 || exit 1
 echo Setting root password...
 if [ $PASS ] ; then
 	echo "root:$PASS" \
 		| @ lxc-attach $ID chpasswd
 fi
 echo Updating container...
@ lxc-attach $ID apk update
@ lxc-attach $ID apk upgrade
 echo Installing dependencies...
@ lxc-attach $ID apk add bash dnsmasq
 echo Copying assets...
@ pct-push-r $ID ./assets /
 echo Setup: dnsmasq...
@ lxc-attach $ID rc-update add dnsmasq
@ lxc-attach $ID rc-service dnsmasq start
 echo Done.
 #----------------------------------------------------------------------
 # vim:set ts=4 sw=4 :
--- a/ns/templates/etc/network/interfaces
+++ b/ns/templates/etc/network/interfaces
@ -1,22 +0,0 @@
 auto lo
 iface lo inet loopback
 iface lo inet6 loopback
 # bootstrap...
 auto wan
 iface wan inet static
 	address ${WAN_IP}
 	gateway ${WAN_GATE}
 	hostname $(hostname)
 auto lan
 iface lan inet static
 	address 10.0.0.1/24
 	gateway 10.0.0.2
 	hostname $(hostname)
 auto admin
 iface admin inet dhcp
 	hostname $(hostname)