Browse Source

Void busybox Gateway shmgmt states

Olivier Mauras 1 year ago
commit
0dbee5b766

+ 7
- 0
files/boot/extlinux/extlinux.conf View File

@@ -0,0 +1,7 @@
1
+PROMPT 1
2
+TIMEOUT 20
3
+DEFAULT void
4
+
5
+LABEL void
6
+  LINUX vmlinuz
7
+  APPEND root=/dev/vda1 rw if_bond0=10.60.60.3/24 if_eth0=10.50.50.1/24 if_eth1=172.17.0.1/24 if_eth2=10.100.0.1/24 default_gw=10.60.60.254

+ 28
- 0
files/etc/iptables/iptables.rules View File

@@ -0,0 +1,28 @@
1
+# Default host iptables
2
+*nat
3
+:PREROUTING ACCEPT [0:0]
4
+:INPUT ACCEPT [0:0]
5
+:OUTPUT ACCEPT [0:0]
6
+:POSTROUTING ACCEPT [0:0]
7
+-A POSTROUTING -o bond0 -j MASQUERADE
8
+COMMIT
9
+# Each network should only be able to communicate with their own interface and not others
10
+*filter
11
+:INPUT ACCEPT [0:0]
12
+:FORWARD FORWARD [0:0]
13
+:OUTPUT ACCEPT [0:0]
14
+-A FORWARD -s 172.17.0.0/24 -d 10.0.0.0/8 -j DROP
15
+-A FORWARD -s 10.0.0.0/8 -d 172.17.0.0/24 -j DROP
16
+-A FORWARD -s 10.100.0.0/24 -d 10.50.50.0/24 -j DROP
17
+-A FORWARD -s 10.100.0.0/24 -d 10.60.60.0/24 -j DROP
18
+
19
+-A INPUT -s 10.50.50.0/24 -d 172.17.0.0/24 -j DROP
20
+-A INPUT -s 10.50.50.0/24 -d 10.100.0.0/24 -j DROP
21
+
22
+-A INPUT -s 172.17.0.0/24 -d 10.50.50.0/24 -j DROP
23
+-A INPUT -s 172.17.0.0/24 -d 10.100.0.0/24 -j DROP
24
+
25
+-A INPUT -s 10.100.0.0/24 -d 10.50.50.0/24 -j DROP
26
+-A INPUT -s 10.100.0.0/24 -d 172.17.0.0/24 -j DROP
27
+COMMIT
28
+

+ 4
- 0
files/etc/rc.local View File

@@ -0,0 +1,4 @@
1
+#!/bin/sh
2
+for SCRIPT in /etc/rc.local.d/*; do
3
+  . ${SCRIPT}
4
+done

+ 6
- 0
files/etc/rc.local.d/000_bonding View File

@@ -0,0 +1,6 @@
1
+# Setting up bonding
2
+/usr/bin/echo 100 > /sys/class/net/bond0/bonding/miimon
3
+/usr/bin/echo 1 > /sys/class/net/bond0/bonding/mode
4
+/usr/bin/echo +hw_eth0 > /sys/class/net/bond0/bonding/slaves
5
+/usr/bin/echo +hw_wlan0 > /sys/class/net/bond0/bonding/slaves
6
+/usr/bin/echo hw_eth0 > /sys/class/net/bond0/bonding/primary

+ 2
- 0
files/etc/rc.local.d/001_wpa_supplicant View File

@@ -0,0 +1,2 @@
1
+# Start wpa_supplicant
2
+wpa_supplicant -B -i hw_wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf

+ 18
- 0
files/etc/rc.local.d/002_network View File

@@ -0,0 +1,18 @@
1
+#!/bin/sh
2
+# Setting up network based on cmdline
3
+# We're not going to be too smart here
4
+for i in `cat /proc/cmdline`; do
5
+  export $i
6
+done
7
+
8
+for i in `env | grep -o -E 'if_[a-z]+[0-9]+' | sort | uniq`; do
9
+  IF=`env | grep $i | cut -f 2 -d '_' | cut -f 1 -d '='`
10
+  IP=`env | grep $i | cut -f 2 -d '='`
11
+  ip a add $IP dev $IF
12
+  ip link set $IF up
13
+done
14
+
15
+if [ `env | grep default_gw` ]; then
16
+  GW=`env | grep default_gw | cut -f 2 -d '='`
17
+  ip route add default via $GW
18
+fi

+ 7
- 0
files/etc/unbound/unbound.conf View File

@@ -0,0 +1,7 @@
1
+server:
2
+  interface: 10.50.50.1
3
+  interface: 172.17.0.1
4
+  port: 53
5
+  access-control: 0.0.0.0/0 refuse
6
+  access-control: 10.50.50.0/24 allow
7
+  access-control: 172.17.0.0/24 allow

+ 7
- 0
states/extlinux View File

@@ -0,0 +1,7 @@
1
+#!/bin/sh
2
+set -e
3
+
4
+# Deploy custom extlinux.conf
5
+$SHELL ${TMPDIR}/modules/dir -d /boot/extlinux
6
+$SHELL ${TMPDIR}/modules/file -b -s ${TMPDIR}/files/boot/extlinux/extlinux.conf \
7
+                              -d /boot/extlinux/extlinux.conf

+ 13
- 0
states/iptables View File

@@ -0,0 +1,13 @@
1
+#!/bin/sh
2
+set -e
3
+
4
+# First install package and exit if fails as it's required for subsequent steps
5
+$SHELL ${TMPDIR}/modules/${DIST}_package install iptables || exit 1
6
+
7
+# Then deploy file but ensure directory is present
8
+$SHELL ${TMPDIR}/modules/dir -d /etc/iptables
9
+$SHELL ${TMPDIR}/modules/file -b -s ${TMPDIR}/files/etc/iptables/iptables.rules \
10
+                              -d /etc/iptables/iptables.rules
11
+
12
+# Then if successful restart service
13
+$SHELL ${TMPDIR}/modules/${DIST}_service -e restart iptables

+ 14
- 0
states/rc_local View File

@@ -0,0 +1,14 @@
1
+#!/bin/sh
2
+set -e
3
+
4
+# Deploy rc.local.* for network setup
5
+$SHELL ${TMPDIR}/modules/dir -d /etc/rc.local.d
6
+
7
+for FILE in ${TMPDIR}/files/etc/rc.local.d/*; do
8
+  $SHELL ${TMPDIR}/modules/file -b -s ${FILE} \
9
+                                -d /etc/rc.local.d/`basename ${FILE}`
10
+done
11
+
12
+$SHELL ${TMPDIR}/modules/file -b -s ${TMPDIR}/files/etc/rc.local \
13
+                              -d /etc/rc.local \
14
+                              -m 750

+ 13
- 0
states/unbound View File

@@ -0,0 +1,13 @@
1
+#!/bin/sh
2
+set -e
3
+
4
+# First install package and exit if fails as it's required for subsequent steps
5
+$SHELL ${TMPDIR}/modules/${DIST}_package install unbound || exit 1
6
+
7
+# Then deploy file but ensure directory is present
8
+$SHELL ${TMPDIR}/modules/dir -d /etc/unbound
9
+$SHELL ${TMPDIR}/modules/file -b -s ${TMPDIR}/files/etc/unbound/unbound.conf \
10
+                              -d /etc/unbound/unbound.conf
11
+
12
+# Then if successful restart service
13
+$SHELL ${TMPDIR}/modules/${DIST}_service -e restart unbound