From: Zoltán Felleg Date: Mon, 27 Jan 2020 13:49:18 +0000 (+0100) Subject: Updated pns.usr (added zft320), xfr.pm (added NameWidth=*). X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=25d157bf769e911f415296abf2026eda1f730926;p=user-lxc.git Updated pns.usr (added zft320), xfr.pm (added NameWidth=*). --- diff --git a/sources/cvm.usr.f30/01_setupnetworking.sh b/sources/cvm.usr.f30/01_setupnetworking.sh deleted file mode 100755 index ee1d450..0000000 --- a/sources/cvm.usr.f30/01_setupnetworking.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh - - -INTERNAL_DEVICE=internal -CONNECTION_LINE=$(nmcli --terse connection show | grep "${INTERNAL_DEVICE}$") -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id internal \ - connection.interface-name $INTERNAL_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "10.228.109.52/16" \ - ipv4.dns "10.228.109.104, 10.228.109.253" \ - ipv4.dns-search "usr.user.hu" \ - ipv4.gateway "10.228.109.254" \ - ipv4.method "manual" \ - ipv6.method "ignore" \ - save yes - -HOST_BRIDGE_DEVICE=brh -CONNECTION_LINE=$(nmcli --terse connection show | grep "${HOST_BRIDGE_DEVICE}$") -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id brh \ - connection.interface-name $HOST_BRIDGE_DEVICE \ - connection.type bridge \ - save yes - -nmcli connection show - -for LXC_DEVICE in efg ifg svc ldap vpn pns ins -do - CONNECTION_LINE=$(nmcli --terse connection show | grep "${LXC_DEVICE}$") - if [ -n "$CONNECTION_LINE" ] - then - CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') - nmcli connection delete uuid "$CONNECTION_UUID" - fi -done - -nmcli connection show diff --git a/sources/cvm.usr.f30/99_setupsystem.sh b/sources/cvm.usr.f30/99_setupsystem.sh deleted file mode 100755 index 112218a..0000000 --- a/sources/cvm.usr.f30/99_setupsystem.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -hostnamectl set-hostname cvm.usr.user.hu -systemctl enable lxc.service -systemctl start lxc.service diff --git a/sources/cvm.usr.f30/etc/lxc.conf b/sources/cvm.usr.f30/etc/lxc.conf deleted file mode 100644 index 48f7ddf..0000000 --- a/sources/cvm.usr.f30/etc/lxc.conf +++ /dev/null @@ -1 +0,0 @@ -lxc.lxcpath = /lxc/containers diff --git a/sources/cvm.usr.f30/etc/sysctl.d/01-lxc.conf b/sources/cvm.usr.f30/etc/sysctl.d/01-lxc.conf deleted file mode 100644 index 77fcb19..0000000 --- a/sources/cvm.usr.f30/etc/sysctl.d/01-lxc.conf +++ /dev/null @@ -1,8 +0,0 @@ -#fs.inotify.max_queued_events = 16384 -# This is the default. - -fs.inotify.max_user_instances = 1024 -# The default is 128. - -#fs.inotify.max_user_watches = 8192 -# This is the default. diff --git a/sources/cvm.usr.f30/etc/systemd/network/10-efg.link b/sources/cvm.usr.f30/etc/systemd/network/10-efg.link deleted file mode 100644 index 613cb07..0000000 --- a/sources/cvm.usr.f30/etc/systemd/network/10-efg.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:1e:28:92 - -[Link] -Name=efg diff --git a/sources/cvm.usr.f30/etc/systemd/network/10-ifg.link b/sources/cvm.usr.f30/etc/systemd/network/10-ifg.link deleted file mode 100644 index a2938a4..0000000 --- a/sources/cvm.usr.f30/etc/systemd/network/10-ifg.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:1e:6d:fe - -[Link] -Name=ifg diff --git a/sources/cvm.usr.f30/etc/systemd/network/10-ins.link b/sources/cvm.usr.f30/etc/systemd/network/10-ins.link deleted file mode 100644 index 9411067..0000000 --- a/sources/cvm.usr.f30/etc/systemd/network/10-ins.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:1e:6d:68 - -[Link] -Name=ins diff --git a/sources/cvm.usr.f30/etc/systemd/network/10-internal.link b/sources/cvm.usr.f30/etc/systemd/network/10-internal.link deleted file mode 100644 index 027ab24..0000000 --- a/sources/cvm.usr.f30/etc/systemd/network/10-internal.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:1e:6d:34 - -[Link] -Name=internal diff --git a/sources/cvm.usr.f30/etc/systemd/network/10-ldap.link b/sources/cvm.usr.f30/etc/systemd/network/10-ldap.link deleted file mode 100644 index 3cd6166..0000000 --- a/sources/cvm.usr.f30/etc/systemd/network/10-ldap.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:1e:6d:fc - -[Link] -Name=ldap diff --git a/sources/cvm.usr.f30/etc/systemd/network/10-pns.link b/sources/cvm.usr.f30/etc/systemd/network/10-pns.link deleted file mode 100644 index 2521dd9..0000000 --- a/sources/cvm.usr.f30/etc/systemd/network/10-pns.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:1e:6d:ae - -[Link] -Name=pns diff --git a/sources/cvm.usr.f30/etc/systemd/network/10-svc.link b/sources/cvm.usr.f30/etc/systemd/network/10-svc.link deleted file mode 100644 index 237346c..0000000 --- a/sources/cvm.usr.f30/etc/systemd/network/10-svc.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:1e:6d:fd - -[Link] -Name=svc diff --git a/sources/cvm.usr.f30/etc/systemd/network/10-vpn.link b/sources/cvm.usr.f30/etc/systemd/network/10-vpn.link deleted file mode 100644 index 1838bce..0000000 --- a/sources/cvm.usr.f30/etc/systemd/network/10-vpn.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:1e:6d:ec - -[Link] -Name=vpn diff --git a/sources/cvm.usr.f30/packages.txt b/sources/cvm.usr.f30/packages.txt deleted file mode 100644 index 93db914..0000000 --- a/sources/cvm.usr.f30/packages.txt +++ /dev/null @@ -1,6 +0,0 @@ -chrony -lxc -lxc-templates -mercurial -screen -vim-enhanced diff --git a/sources/cvmb.usr.f30/01_setupnetworking.sh b/sources/cvmb.usr.f30/01_setupnetworking.sh deleted file mode 100755 index 10552fc..0000000 --- a/sources/cvmb.usr.f30/01_setupnetworking.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh - - -INTERNAL_DEVICE=internal -CONNECTION_LINE=$(nmcli --terse connection show | grep "${INTERNAL_DEVICE}$") -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id internal \ - connection.interface-name $INTERNAL_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "10.228.92.52/16" \ - ipv4.dns "10.228.109.104, 10.228.109.253" \ - ipv4.dns-search "usr.user.hu" \ - ipv4.gateway "10.228.109.254" \ - ipv4.method "manual" \ - ipv6.method "ignore" \ - save yes - -HOST_BRIDGE_DEVICE=brh -CONNECTION_LINE=$(nmcli --terse connection show | grep "${HOST_BRIDGE_DEVICE}$") -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id brh \ - connection.interface-name $HOST_BRIDGE_DEVICE \ - connection.type bridge \ - save yes - -nmcli connection show - -for LXC_DEVICE in efg ifg svc ldap vpn pns ins -do - CONNECTION_LINE=$(nmcli --terse connection show | grep "${LXC_DEVICE}$") - if [ -n "$CONNECTION_LINE" ] - then - CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') - nmcli connection delete uuid "$CONNECTION_UUID" - fi -done - -nmcli connection show diff --git a/sources/cvmb.usr.f30/99_setupsystem.sh b/sources/cvmb.usr.f30/99_setupsystem.sh deleted file mode 100755 index 88aac25..0000000 --- a/sources/cvmb.usr.f30/99_setupsystem.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -hostnamectl set-hostname cvmb.usr.user.hu -systemctl enable lxc.service -systemctl start lxc.service diff --git a/sources/cvmb.usr.f30/etc/lxc.conf b/sources/cvmb.usr.f30/etc/lxc.conf deleted file mode 100644 index 48f7ddf..0000000 --- a/sources/cvmb.usr.f30/etc/lxc.conf +++ /dev/null @@ -1 +0,0 @@ -lxc.lxcpath = /lxc/containers diff --git a/sources/cvmb.usr.f30/etc/sysctl.d/01-lxc.conf b/sources/cvmb.usr.f30/etc/sysctl.d/01-lxc.conf deleted file mode 100644 index 77fcb19..0000000 --- a/sources/cvmb.usr.f30/etc/sysctl.d/01-lxc.conf +++ /dev/null @@ -1,8 +0,0 @@ -#fs.inotify.max_queued_events = 16384 -# This is the default. - -fs.inotify.max_user_instances = 1024 -# The default is 128. - -#fs.inotify.max_user_watches = 8192 -# This is the default. diff --git a/sources/cvmb.usr.f30/etc/systemd/network/10-efg.link b/sources/cvmb.usr.f30/etc/systemd/network/10-efg.link deleted file mode 100644 index 0002de5..0000000 --- a/sources/cvmb.usr.f30/etc/systemd/network/10-efg.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:9e:28:92 - -[Link] -Name=efg diff --git a/sources/cvmb.usr.f30/etc/systemd/network/10-ifg.link b/sources/cvmb.usr.f30/etc/systemd/network/10-ifg.link deleted file mode 100644 index 3ffc0b1..0000000 --- a/sources/cvmb.usr.f30/etc/systemd/network/10-ifg.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:9e:6d:fe - -[Link] -Name=ifg diff --git a/sources/cvmb.usr.f30/etc/systemd/network/10-ins.link b/sources/cvmb.usr.f30/etc/systemd/network/10-ins.link deleted file mode 100644 index 9ce7bf0..0000000 --- a/sources/cvmb.usr.f30/etc/systemd/network/10-ins.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:9e:6d:68 - -[Link] -Name=ins diff --git a/sources/cvmb.usr.f30/etc/systemd/network/10-internal.link b/sources/cvmb.usr.f30/etc/systemd/network/10-internal.link deleted file mode 100644 index 2b8b7db..0000000 --- a/sources/cvmb.usr.f30/etc/systemd/network/10-internal.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:9e:5c:34 - -[Link] -Name=internal diff --git a/sources/cvmb.usr.f30/etc/systemd/network/10-ldap.link b/sources/cvmb.usr.f30/etc/systemd/network/10-ldap.link deleted file mode 100644 index 36781b0..0000000 --- a/sources/cvmb.usr.f30/etc/systemd/network/10-ldap.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:9e:6d:fc - -[Link] -Name=ldap diff --git a/sources/cvmb.usr.f30/etc/systemd/network/10-pns.link b/sources/cvmb.usr.f30/etc/systemd/network/10-pns.link deleted file mode 100644 index dbafaba..0000000 --- a/sources/cvmb.usr.f30/etc/systemd/network/10-pns.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:9e:6d:ae - -[Link] -Name=pns diff --git a/sources/cvmb.usr.f30/etc/systemd/network/10-svc.link b/sources/cvmb.usr.f30/etc/systemd/network/10-svc.link deleted file mode 100644 index f07d4b0..0000000 --- a/sources/cvmb.usr.f30/etc/systemd/network/10-svc.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:9e:6d:fd - -[Link] -Name=svc diff --git a/sources/cvmb.usr.f30/etc/systemd/network/10-vpn.link b/sources/cvmb.usr.f30/etc/systemd/network/10-vpn.link deleted file mode 100644 index c4db4d8..0000000 --- a/sources/cvmb.usr.f30/etc/systemd/network/10-vpn.link +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -MACAddress=00:50:56:9e:6d:ec - -[Link] -Name=vpn diff --git a/sources/cvmb.usr.f30/packages.txt b/sources/cvmb.usr.f30/packages.txt deleted file mode 100644 index 93db914..0000000 --- a/sources/cvmb.usr.f30/packages.txt +++ /dev/null @@ -1,6 +0,0 @@ -chrony -lxc -lxc-templates -mercurial -screen -vim-enhanced diff --git a/sources/efg.pm.f30/config b/sources/efg.pm.f30/config deleted file mode 100644 index 1c80c0a..0000000 --- a/sources/efg.pm.f30/config +++ /dev/null @@ -1,23 +0,0 @@ -lxc.include = /usr/share/lxc/config/common.conf - -lxc.arch = x86_64 -lxc.uts.name = efg.pm.user.hu -lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.mount.auto = proc:rw sys:ro - -lxc.net.0.type = veth -lxc.net.0.flags = up -lxc.net.0.link = brh -lxc.net.0.hwaddr = 02:0c:18:03:ad:fe - -lxc.net.1.type = phys -lxc.net.1.flags = up -lxc.net.1.link = efg - -lxc.autodev = 1 - -lxc.signal.halt = SIGRTMIN+4 - -lxc.start.auto = 1 -lxc.start.order = 1 -lxc.start.delay = 3 diff --git a/sources/efg.pm.f30/envvars b/sources/efg.pm.f30/envvars deleted file mode 100644 index ccf11d8..0000000 --- a/sources/efg.pm.f30/envvars +++ /dev/null @@ -1,2 +0,0 @@ -BASE_PACKAGES="NetworkManager hostname initscripts iproute iputils rootfiles rsyslog tar vim-minimal" -SPEC_PACKAGES="nftables" diff --git a/sources/efg.pm.f30/firstboot/01_setupnetworking.sh b/sources/efg.pm.f30/firstboot/01_setupnetworking.sh deleted file mode 100755 index 2c140ad..0000000 --- a/sources/efg.pm.f30/firstboot/01_setupnetworking.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh -set -x - - -sleep 1 -systemctl --quiet is-active NetworkManager.service -NM_RC=$? -WAITED=0 -while [ $NM_RC -ne 0 ] -do - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active NetworkManager.service - NM_RC=$? -done -[ $WAITED -eq 1 ] && echo - -CONNECTION_DEVICES_UP=$(nmcli --terse connection show | grep -v ':$' | wc -l) -#while [ $CONNECTION_DEVICES_UP -lt 2 ] -while [ $CONNECTION_DEVICES_UP -lt 1 ] -do - sleep 1 - nmcli --terse connection show - CONNECTION_DEVICES_UP=$(nmcli --terse connection show | grep -v ':$' | wc -l) -done - -EXTERNAL_DEVICE=efg -PERIMETER_DEVICE=eth0 - -CONNECTIONS=$(nmcli --terse connection show | wc -l) -while [ $CONNECTIONS -gt 0 ] -do - CONNECTION_LINE=$(nmcli --terse connection show | head -n 1) - CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') - nmcli connection delete uuid "$CONNECTION_UUID" - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli connection show - -nmcli connection add \ - connection.autoconnect yes \ - connection.id perimeter \ - connection.interface-name $PERIMETER_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "192.168.173.254/24" \ - ipv4.dns "192.168.173.174" \ - ipv4.dns-search "pm.user.hu" \ - ipv4.method "manual" \ - ipv4.routes "10.228.0.0/16 192.168.173.1, 192.168.42.0/24 192.168.173.1, 192.168.43.0/24 192.168.173.1" \ - save yes - -nmcli connection show - -nmcli connection add \ - connection.autoconnect yes \ - connection.id dynamic \ - connection.interface-name $EXTERNAL_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "192.168.65.1/24, 194.149.40.146/28, 194.149.40.147/28, 194.149.40.148/28, 194.149.40.149/28, 194.149.40.150/28" \ - ipv4.gateway "194.149.40.145" \ - ipv4.method "manual" \ - save yes - -nmcli connection show diff --git a/sources/efg.pm.f30/firstboot/02_settimezone.sh b/sources/efg.pm.f30/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/efg.pm.f30/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/efg.pm.f30/firstboot/10_setupnftables.sh b/sources/efg.pm.f30/firstboot/10_setupnftables.sh deleted file mode 100755 index fd180f1..0000000 --- a/sources/efg.pm.f30/firstboot/10_setupnftables.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(realpath $(dirname $0)) - - -nft list ruleset -nft list ruleset | grep ^table | sed 's/ {$//' | while read TABLE_SPEC -do - nft flush $TABLE_SPEC - nft delete $TABLE_SPEC -done - -nft --echo --file $REAL_PATH/nftables.config -nft list ruleset >/etc/nftables/efg.nft - -systemctl enable nftables.service diff --git a/sources/efg.pm.f30/firstboot/99_cleanup.sh b/sources/efg.pm.f30/firstboot/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/efg.pm.f30/firstboot/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/efg.pm.f30/firstboot/nftables.config b/sources/efg.pm.f30/firstboot/nftables.config deleted file mode 100644 index 99353c1..0000000 --- a/sources/efg.pm.f30/firstboot/nftables.config +++ /dev/null @@ -1,328 +0,0 @@ -#!/usr/sbin/nft -f - - -################################ -# interface definitions -################################ - -# external interface -define EXTERNAL_IF = efg - -# loopback interface -define LOOPBACK_IF = lo - -# perimeter interface -define PERIMETER_IF = eth0 - -################################ -# address definitions -################################ - -# loopback address -define LOOPBACK_IP = 127.0.0.1 - -# public addresses -define PUBLIC_EFG_IP = 194.149.40.146 -define PUBLIC_MX_IP = 194.149.40.147 -define PUBLIC_NS_IP = 194.149.40.148 -define PUBLIC_VPN_IP = 194.149.40.149 -define PUBLIC_WS_IP = 194.149.40.150 -define PUBLIC_MINECRAFT_IP = 194.149.40.151 -define PUBLIC_IP_152 = 194.149.40.152 -define PUBLIC_IP_153 = 194.149.40.153 -define PUBLIC_IP_154 = 194.149.40.154 -define PUBLIC_IP_155 = 194.149.40.155 -define PUBLIC_IP_156 = 194.149.40.156 -define PUBLIC_IP_157 = 194.149.40.157 -define PUBLIC_DL380E_IP = 194.149.40.158 - -# efg address (perimeter network) -define EFG_PERIMETER_IP = 192.168.173.254 - -# transfer web server address (perimeter network) -define XFR_PERIMETER_IP = 192.168.173.251 - -# web server address (perimeter network) -define WS_PERIMETER_IP = 192.168.173.249 - -# perimeter name server address (perimeter network) -define PNS_PERIMETER_IP = 192.168.173.174 - -# external name server address (perimeter network) -define ENS_PERIMETER_IP = 192.168.173.64 - -# ifg address (perimeter network) -define IFG_PERIMETER_IP = 192.168.173.1 - -# dvredmine address (internal network) -define DVREDMINE_INTERNAL_IP = 10.228.62.193 - -# minicrm address (internal network) -define MINICRM_INTERNAL_IP = 10.228.109.133 - -# store address (internal network) -define STORE_INTERNAL_IP = 10.228.109.250 - -# service address (internal network) -define SVC_INTERNAL_IP = 10.228.109.253 - -# vpn address (internal network) -define VPN_INTERNAL_IP = 10.228.109.236 - -# primary name server address (internal network) -define PNS_INTERNAL_IP = 10.228.109.174 - -# internal name server address (internal network) -define INS_INTERNAL_IP = 10.228.109.104 - -# worksheet address (internal network) -define WORKSHEET_SR_IP = 192.168.42.248 - -################################ -# network definitions -################################ - -# internal networks -define USR_NET = 10.228.0.0/16 -define SR_NET = 192.168.42.0/24 -define IN_NET = 192.168.43.0/24 -define INTERNAL_NETS = { $USR_NET, $SR_NET, $IN_NET } - -# perimeter network -define PERIMETER_NET = 192.168.173.0/24 - -# vpn client network -define VPN_NET = 172.16.223.0/24 - -# peep-bo network -define PEEP_BO_NET = 10.162.104.0/24 - -################################ -# port definitions -################################ - -#define MX_PORTS = { 25, 110, 143, 465, 587, 993, 995 } -define WS_PORTS = { 80, 443 } - - -################################ -# reset nftables -################################ - -create table inet efg_filter -create table ip efg_nat - -create chain inet efg_filter input { type filter hook input priority 0; policy drop; } -create chain inet efg_filter forward { type filter hook forward priority 0; policy drop; } -create chain inet efg_filter output { type filter hook output priority 0; policy drop; } -create chain ip efg_nat prerouting { type nat hook prerouting priority 0; policy accept; } -create chain ip efg_nat postrouting { type nat hook postrouting priority 0; policy accept; } - - -################################ -# NAT prerouting rules -################################ - -add rule ip efg_nat prerouting \ - ip protocol udp \ - iifname $EXTERNAL_IF \ - ip daddr $PUBLIC_VPN_IP udp dport 1194 \ - counter dnat $VPN_INTERNAL_IP comment "Incoming VPN traffic" - -#add rule ip efg_nat prerouting \ -# ip protocol tcp \ -# iifname $EXTERNAL_IF \ -# ip daddr $PUBLIC_MX_IP tcp dport $MX_PORTS \ -# counter dnat $MX_PERIMETER_IP comment "Incoming MX traffic" - -add rule ip efg_nat prerouting \ - ip protocol udp \ - iifname $EXTERNAL_IF udp sport 1024-65535 \ - ip daddr $PUBLIC_NS_IP udp dport 53 \ - counter dnat $ENS_PERIMETER_IP comment "Incoming DNS requests (udp)" - -add rule ip efg_nat prerouting \ - ip protocol tcp \ - iifname $EXTERNAL_IF tcp sport 1024-65535 \ - ip daddr $PUBLIC_NS_IP tcp dport 53 \ - counter dnat $ENS_PERIMETER_IP comment "Incoming DNS requests (tcp)" - -add rule ip efg_nat prerouting \ - ip protocol tcp \ - iifname $EXTERNAL_IF tcp sport 1024-65535 \ - ip daddr $PUBLIC_WS_IP tcp dport $WS_PORTS \ - counter dnat $WS_PERIMETER_IP comment "Incoming http(s) requests" - - -################################ -# FILTER input rules -################################ - -add rule inet efg_filter input \ - ct state established \ - ip protocol udp \ - iifname $PERIMETER_IF ip saddr $PNS_PERIMETER_IP udp sport 53 \ - ip daddr $EFG_PERIMETER_IP udp dport 1024-65535 \ - counter accept comment "DNS replies" - -add rule inet efg_filter input \ - ip protocol icmp \ - counter accept comment "ICMP" - -add rule inet efg_filter input \ - counter log prefix "INPUT" - - -################################ -# FILTER forward rules -################################ - -add rule inet efg_filter forward \ - ct state established, related \ - iifname $EXTERNAL_IF \ - oifname $PERIMETER_IF ip daddr $INTERNAL_NETS \ - counter accept comment "Established sessions" - -add rule inet efg_filter forward \ - iifname $PERIMETER_IF ip saddr $INTERNAL_NETS \ - oifname $EXTERNAL_IF \ - counter accept comment "Internet access" - -add rule inet efg_filter forward \ - ip protocol udp \ - iifname $EXTERNAL_IF \ - oifname $PERIMETER_IF ip daddr $VPN_INTERNAL_IP udp dport 1194 \ - counter accept comment "Incoming VPN traffic" - -add rule inet efg_filter forward \ - ip protocol tcp \ - iifname $EXTERNAL_IF tcp sport 1024-65535 \ - oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IP tcp dport $WS_PORTS \ - counter accept comment "Incoming http(s) requests" - -add rule inet efg_filter forward \ - ct state established \ - ip protocol tcp \ - iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IP tcp sport $WS_PORTS \ - oifname $EXTERNAL_IF tcp dport 1024-65535 \ - counter accept comment "Outgoing http(s) replies" - -add rule inet efg_filter forward \ - ip protocol udp \ - iifname $EXTERNAL_IF udp sport 1024-65535 \ - oifname $PERIMETER_IF ip daddr $ENS_PERIMETER_IP udp dport 53 \ - counter accept comment "Incoming DNS requests/notifications (udp)" - -add rule inet efg_filter forward \ - ct state established, related \ - ip protocol udp \ - iifname $PERIMETER_IF ip saddr $ENS_PERIMETER_IP udp sport 53 \ - oifname $EXTERNAL_IF udp dport 1024-65535 \ - counter accept comment "Outgoing DNS replies (udp)" - -add rule inet efg_filter forward \ - ip protocol tcp \ - iifname $EXTERNAL_IF tcp sport 1024-65535 \ - oifname $PERIMETER_IF ip daddr $ENS_PERIMETER_IP tcp dport 53 \ - counter accept comment "Incoming DNS requests (tcp)" - -add rule inet efg_filter forward \ - ct state established, related \ - ip protocol tcp \ - iifname $PERIMETER_IF ip saddr $ENS_PERIMETER_IP tcp sport 53 \ - oifname $EXTERNAL_IF tcp dport 1024-65535 \ - counter accept comment "Outgoing DNS replies (tcp)" - -add rule inet efg_filter forward \ - ip protocol udp \ - iifname $PERIMETER_IF ip saddr { $ENS_PERIMETER_IP, $PNS_PERIMETER_IP } udp sport 1024-65535 \ - oifname $EXTERNAL_IF udp dport 53 \ - counter accept comment "Outgoing DNS requests/notifications (udp)" - -add rule inet efg_filter forward \ - ct state established, related \ - ip protocol udp \ - iifname $EXTERNAL_IF udp sport 53 \ - oifname $PERIMETER_IF ip daddr { $ENS_PERIMETER_IP, $PNS_PERIMETER_IP } udp dport 1024-65535 \ - counter accept comment "Incoming DNS replies (udp)" - -add rule inet efg_filter forward \ - ip protocol tcp \ - iifname $PERIMETER_IF ip saddr { $ENS_PERIMETER_IP, $PNS_PERIMETER_IP } tcp sport 1024-65535 \ - oifname $EXTERNAL_IF tcp dport 53 \ - counter accept comment "Outgoing DNS requests (tcp)" - -add rule inet efg_filter forward \ - ct state established, related \ - ip protocol tcp \ - iifname $EXTERNAL_IF tcp sport 53 \ - oifname $PERIMETER_IF ip daddr { $ENS_PERIMETER_IP, $PNS_PERIMETER_IP } tcp dport 1024-65535 \ - counter accept comment "Incoming DNS replies (tcp)" - -add rule inet efg_filter forward \ - ip protocol tcp \ - iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IP tcp sport 1024-65535 \ - oifname $EXTERNAL_IF tcp dport $WS_PORTS \ - counter accept comment "Outgoing let's encrypt requests" - -add rule inet efg_filter forward \ - ct state established \ - ip protocol tcp \ - iifname $EXTERNAL_IF tcp sport $WS_PORTS \ - oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IP tcp dport 1024-65535 \ - counter accept comment "Incoming let's encrypt replies" - -add rule inet efg_filter forward \ - ip protocol icmp \ - counter accept comment "ICMP" - -add rule inet efg_filter forward \ - counter log prefix "FORWARD" - - -################################ -# FILTER output rules -################################ - -add rule inet efg_filter output \ - ct state new \ - ip protocol udp \ - ip saddr $EFG_PERIMETER_IP udp sport 1024-65535 \ - oifname $PERIMETER_IF ip daddr $PNS_PERIMETER_IP udp dport 53 \ - counter accept comment "DNS requests" - -add rule inet efg_filter output \ - ip protocol icmp \ - counter accept comment "ICMP" - -add rule inet efg_filter output \ - counter log prefix "OUTPUT" - - -################################ -# NAT postrouting rules -################################ - -add rule ip efg_nat postrouting \ - oifname $EXTERNAL_IF ip saddr $VPN_INTERNAL_IP \ - counter snat $PUBLIC_VPN_IP comment "Outgoing VPN traffic" - -add rule ip efg_nat postrouting \ - oifname $EXTERNAL_IF ip saddr $INTERNAL_NETS \ - counter snat $PUBLIC_EFG_IP comment "Outgoing internal traffic" - -#add rule ip efg_nat postrouting \ -# oifname $EXTERNAL_IF ip saddr $MX_PERIMETER_IP \ -# counter snat $PUBLIC_MX_IP comment "Outgoing MX traffic" - -add rule ip efg_nat postrouting \ - oifname $EXTERNAL_IF ip saddr $ENS_PERIMETER_IP \ - counter snat $PUBLIC_NS_IP comment "Outgoing external DNS traffic" - -add rule ip efg_nat postrouting \ - oifname $EXTERNAL_IF ip saddr $PNS_PERIMETER_IP \ - counter snat $PUBLIC_EFG_IP comment "Outgoing perimeter DNS traffic" - -add rule ip efg_nat postrouting \ - oifname $EXTERNAL_IF ip saddr $WS_PERIMETER_IP \ - counter snat $PUBLIC_WS_IP comment "Outgoing WS traffic" diff --git a/sources/efg.pm.f30/firstboot/traversal.txt b/sources/efg.pm.f30/firstboot/traversal.txt deleted file mode 100644 index 97ebf2d..0000000 --- a/sources/efg.pm.f30/firstboot/traversal.txt +++ /dev/null @@ -1,53 +0,0 @@ -############################### - chain traversal - for all tables -############################### - - NETWORK - | - ______v_____ - / raw \ - | PREROUTING | - \____________/ - | - ________ ______v_____ - / mangle \ / mangle \ - | INPUT |<- | PREROUTING | - \________/ | \____________/ - | | | - ____v___ | ______v_____ - / filter \ | / nat \ - | INPUT | | | PREROUTING | - \________/ | \____________/ - | | | - ____v____ | ____v___ - | | | / \ - | local | |__/ routing \__________ - | process | \ decision / | - |_________| \________/ ____v____ - | / mangle \ - ___v____ | FORWARD | - / \ \_________/ - / routing \ | - \ decision / ____v____ - \________/ / filter \ - | | FORWARD | - ____v___ ________ \_________/ - / raw \ / \ | - | OUTPUT | / routing \ | - \________/ ->\ decision /<--------- - | | \________/ - ____v___ | | - / mangle \ | ______v______ - | OUTPUT | | / mangle \ - \________/ | | POSTROUTING | - | | \_____________/ - ____v___ | | - / nat \ | ______v______ - | OUTPUT | | / nat \ - \________/ | | POSTROUTING | - | | \_____________/ - ____v___ | | - / filter \ | v - | OUTPUT |-- NETWORK - \________/ diff --git a/sources/efg.pm.f30/postinstall/01_setownership.sh b/sources/efg.pm.f30/postinstall/01_setownership.sh deleted file mode 100755 index f2e6b94..0000000 --- a/sources/efg.pm.f30/postinstall/01_setownership.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install - -chown -R root.root $SOURCE_PATH/* diff --git a/sources/efg.pm.f30/postinstall/02_setpermissions.sh b/sources/efg.pm.f30/postinstall/02_setpermissions.sh deleted file mode 100755 index 241386a..0000000 --- a/sources/efg.pm.f30/postinstall/02_setpermissions.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install diff --git a/sources/efg.pm.f30/postinstall/03_installfiles.sh b/sources/efg.pm.f30/postinstall/03_installfiles.sh deleted file mode 100755 index f190caf..0000000 --- a/sources/efg.pm.f30/postinstall/03_installfiles.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -tar --create \ - --directory=$REAL_PATH \ - --to-stdout \ - install \ - | tar --extract \ - --backup \ - --directory=/ \ - --no-overwrite-dir \ - --strip-components=1 \ - --suffix=.orig diff --git a/sources/efg.pm.f30/postinstall/10_setupservices.sh b/sources/efg.pm.f30/postinstall/10_setupservices.sh deleted file mode 100755 index 69dd107..0000000 --- a/sources/efg.pm.f30/postinstall/10_setupservices.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -systemctl enable NetworkManager-wait-online.service - -systemctl mask wpa_supplicant.service diff --git a/sources/efg.pm.f30/postinstall/99_cleanup.sh b/sources/efg.pm.f30/postinstall/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/efg.pm.f30/postinstall/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/efg.pm.f30/postinstall/install/etc/hosts b/sources/efg.pm.f30/postinstall/install/etc/hosts deleted file mode 100644 index 278fb43..0000000 --- a/sources/efg.pm.f30/postinstall/install/etc/hosts +++ /dev/null @@ -1,4 +0,0 @@ -127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4 -::1 localhost6.localdomain6 localhost6 - -192.168.173.254 efg.pm.user.hu efg diff --git a/sources/efg.pm.f30/postinstall/install/etc/resolv.conf b/sources/efg.pm.f30/postinstall/install/etc/resolv.conf deleted file mode 100644 index 1a69e03..0000000 --- a/sources/efg.pm.f30/postinstall/install/etc/resolv.conf +++ /dev/null @@ -1,3 +0,0 @@ -nameserver 192.168.173.174 -domain pm.user.hu -search pm.user.hu diff --git a/sources/efg.pm.f30/postinstall/install/etc/sysconfig/nftables.conf b/sources/efg.pm.f30/postinstall/install/etc/sysconfig/nftables.conf deleted file mode 100644 index 0c461d7..0000000 --- a/sources/efg.pm.f30/postinstall/install/etc/sysconfig/nftables.conf +++ /dev/null @@ -1 +0,0 @@ -include "/etc/nftables/efg.nft" diff --git a/sources/efg.pm.f30/postinstall/install/etc/sysctl.d/01_ipforward.conf b/sources/efg.pm.f30/postinstall/install/etc/sysctl.d/01_ipforward.conf deleted file mode 100644 index 05b3f78..0000000 --- a/sources/efg.pm.f30/postinstall/install/etc/sysctl.d/01_ipforward.conf +++ /dev/null @@ -1 +0,0 @@ -net.ipv4.conf.all.forwarding = 1 diff --git a/sources/ens.pm.f30/config b/sources/ens.pm.f30/config deleted file mode 100644 index b8229be..0000000 --- a/sources/ens.pm.f30/config +++ /dev/null @@ -1,19 +0,0 @@ -lxc.include = /usr/share/lxc/config/common.conf - -lxc.arch = x86_64 -lxc.uts.name = ens.pm.user.hu -lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.mount.auto = proc:rw sys:ro - -lxc.net.0.type = veth -lxc.net.0.flags = up -lxc.net.0.link = brh -lxc.net.0.hwaddr = 02:0c:18:03:ad:40 - -lxc.autodev = 1 - -lxc.signal.halt = SIGRTMIN+4 - -lxc.start.auto = 1 -lxc.start.order = 11 -lxc.start.delay = 3 diff --git a/sources/ens.pm.f30/envvars b/sources/ens.pm.f30/envvars deleted file mode 100644 index 3d8e477..0000000 --- a/sources/ens.pm.f30/envvars +++ /dev/null @@ -1,2 +0,0 @@ -BASE_PACKAGES="NetworkManager hostname initscripts iproute iputils rootfiles rsyslog tar vim-minimal" -SPEC_PACKAGES="bind bind-utils" diff --git a/sources/ens.pm.f30/firstboot/01_setupnetworking.sh b/sources/ens.pm.f30/firstboot/01_setupnetworking.sh deleted file mode 100755 index 1556f1d..0000000 --- a/sources/ens.pm.f30/firstboot/01_setupnetworking.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active NetworkManager.service -NM_RC=$? -WAITED=0 -while [ $NM_RC -ne 0 ] -do - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active NetworkManager.service - NM_RC=$? -done -[ $WAITED -eq 1 ] && echo - -CONNECTIONS=$(nmcli --terse connection show | wc -l) -while [ $CONNECTIONS -ne 1 ] -do - echo "Number of connections: $CONNECTIONS" >&2 - sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done - -CONNECTION_LINE=$(nmcli --terse connection show) -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') -CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id perimeter \ - connection.interface-name $CONNECTION_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "192.168.173.64/24" \ - ipv4.dns "192.168.173.174" \ - ipv4.dns-search "pm.user.hu" \ - ipv4.gateway "192.168.173.254" \ - ipv4.method "manual" \ - ipv4.routes "10.228.0.0/16 192.168.173.1" \ - ipv6.method "ignore" \ - save yes - -nmcli connection show diff --git a/sources/ens.pm.f30/firstboot/02_settimezone.sh b/sources/ens.pm.f30/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/ens.pm.f30/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/ens.pm.f30/firstboot/03_setupldap.sh b/sources/ens.pm.f30/firstboot/03_setupldap.sh deleted file mode 100755 index 4b58626..0000000 --- a/sources/ens.pm.f30/firstboot/03_setupldap.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - - -exit 0 -authselect select sssd with-mkhomedir --force - -cat >>/etc/openldap/ldap.conf </etc/nftables/ifg.nft - -systemctl enable nftables.service diff --git a/sources/ifg.usr.f30/firstboot/99_cleanup.sh b/sources/ifg.usr.f30/firstboot/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/ifg.usr.f30/firstboot/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/ifg.usr.f30/firstboot/nftables.config b/sources/ifg.usr.f30/firstboot/nftables.config deleted file mode 100644 index 6694a10..0000000 --- a/sources/ifg.usr.f30/firstboot/nftables.config +++ /dev/null @@ -1,293 +0,0 @@ -#!/usr/sbin/nft -f - - -################################ -# interface definitions -################################ - -# internal interface -define INTERNAL_IF = ifg - -# loopback interface -define LOOPBACK_IF = lo - -# perimeter interface -define PERIMETER_IF = eth0 - -################################ -# address definitions -################################ - -# loopback address -define LOOPBACK_IP = 127.0.0.1 - -# public addresses -define PUBLIC_EFG_IP = 194.149.40.146 -define PUBLIC_MX_IP = 194.149.40.147 -define PUBLIC_NS_IP = 194.149.40.148 -define PUBLIC_VPN_IP = 194.149.40.149 -define PUBLIC_WS_IP = 194.149.40.150 -define PUBLIC_MINECRAFT_IP = 194.149.40.151 -define PUBLIC_IP_152 = 194.149.40.152 -define PUBLIC_IP_153 = 194.149.40.153 -define PUBLIC_IP_154 = 194.149.40.154 -define PUBLIC_IP_155 = 194.149.40.155 -define PUBLIC_IP_156 = 194.149.40.156 -define PUBLIC_RX300_IP = 194.149.40.157 -define PUBLIC_DL360E_IP = 194.149.40.158 - -define PUBLIC_IP_194 = 84.2.25.194 -define PUBLIC_IP_195 = 84.2.25.195 -define PUBLIC_IP_196 = 84.2.25.196 -define PUBLIC_IP_197 = 84.2.25.197 -define PUBLIC_IP_198 = 84.2.25.198 -define PUBLIC_IP_199 = 84.2.25.199 -define PUBLIC_IP_200 = 84.2.25.200 -define PUBLIC_IP_201 = 84.2.25.201 -define PUBLIC_IP_202 = 84.2.25.202 -define PUBLIC_IP_203 = 84.2.25.203 -define PUBLIC_IP_204 = 84.2.25.204 -define PUBLIC_IP_205 = 84.2.25.205 -define PUBLIC_IP_206 = 84.2.25.206 - -# efg address (perimeter network) -define EFG_PERIMETER_IP = 192.168.173.254 - -# service address (perimeter network) -#define SVC_PERIMETER_IP = 192.168.173.253 - -# transfer web server address (perimeter network) -define XFR_PERIMETER_IP = 192.168.173.251 - -# subversion address (perimeter network) -#define SVN_PERIMETER_IP = 192.168.173.250 - -# web server address (perimeter network) -define WS_PERIMETER_IP = 192.168.173.249 - -# perimeter name server address (perimeter network) -define PNS_PERIMETER_IP = 192.168.173.174 - -# external name server address (perimeter network) -define ENS_PERIMETER_IP = 192.168.173.64 - -# ifg address (perimeter network) -define IFG_PERIMETER_IP = 192.168.173.1 - -# ifg addresses (internal network) -define IFG_USR_IP = 10.228.109.254 -define IFG_SR_IP = 192.168.42.254 -define IFG_IN_IP = 192.168.43.254 - -# dvredmine address (internal network) -define DVREDMINE_INTERNAL_IP = 10.228.62.193 - -# minicrm address (internal network) -define MINICRM_INTERNAL_IP = 10.228.109.133 - -# store address (internal network) -define STORE_INTERNAL_IP = 10.228.109.250 - -# service address (internal network) -define SVC_INTERNAL_IP = 10.228.109.253 - -# vpn address (internal network) -define VPN_INTERNAL_IP = 10.228.109.236 - -# primary name server address (internal network) -define PNS_INTERNAL_IP = 10.228.109.174 - -# internal name server address (internal network) -define INS_INTERNAL_IP = 10.228.109.104 - -# worksheet address (internal network) -define WORKSHEET_SR_IP = 192.168.42.248 - -################################ -# network definitions -################################ - -# internal networks -define USR_NET = 10.228.0.0/16 -define SR_NET = 192.168.42.0/24 -define IN_NET = 192.168.43.0/24 -define INTERNAL_NETS = { $USR_NET, $SR_NET, $IN_NET } - -# perimeter network -define PERIMETER_NET = 192.168.173.0/24 - -# vpn client network -define VPN_NET = 172.16.223.0/24 - -# peep-bo network -define PEEP_BO_NET = 10.162.104.0/24 - -################################ -# port definitions -################################ - -#define MX_PORTS = { 25, 110, 143, 465, 587, 993, 995 } -define WS_PORTS = { 80, 443 } - - -################################ -# reset nftables -################################ - -create table inet ifg_filter -create table ip ifg_nat - -create chain inet ifg_filter input { type filter hook input priority 0; policy drop; } -create chain inet ifg_filter forward { type filter hook forward priority 0; policy drop; } -create chain inet ifg_filter output { type filter hook output priority 0; policy drop; } -create chain ip ifg_nat prerouting { type nat hook prerouting priority 0; policy accept; } - - -################################ -# NAT prerouting rules -################################ - -add rule ip ifg_nat prerouting \ - ip protocol tcp \ - iifname $INTERNAL_IF ip saddr $INTERNAL_NETS tcp sport 1024-65535 \ - ip daddr $PUBLIC_WS_IP tcp dport $WS_PORTS \ - counter dnat $WS_PERIMETER_IP comment "Webserver access" - - -################################ -# FILTER input rules -################################ - -add rule inet ifg_filter input \ - ct state established \ - ip protocol udp \ - iifname $INTERNAL_IF ip saddr { $INS_INTERNAL_IP, $SVC_INTERNAL_IP } udp sport 53 \ - ip daddr $IFG_USR_IP udp dport 1024-65535 \ - counter accept comment "DNS replies" - -add rule inet ifg_filter input \ - ip protocol icmp \ - counter accept comment "ICMP" - -add rule inet ifg_filter input \ - counter log prefix "INPUT" - - -################################ -# FILTER forward rules -################################ - -add rule inet ifg_filter forward \ - ct state established, related \ - iifname $PERIMETER_IF \ - oifname $INTERNAL_IF ip daddr $INTERNAL_NETS \ - counter accept comment "Established sessions" - -add rule inet ifg_filter forward \ - iifname $INTERNAL_IF ip saddr $INTERNAL_NETS \ - oifname $PERIMETER_IF ip daddr != $PERIMETER_NET \ - counter accept comment "Internet access" - -add rule inet ifg_filter forward \ - ct state new, established \ - ip protocol tcp \ - iifname $INTERNAL_IF ip saddr $INTERNAL_NETS tcp sport 1024-65535 \ - oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IP tcp dport $WS_PORTS \ - counter accept comment "Webserver access" - -add rule inet ifg_filter forward \ - ct state new \ - ip protocol udp \ - iifname $INTERNAL_IF ip saddr $PNS_INTERNAL_IP udp sport 1024-65535 \ - oifname $PERIMETER_IF ip daddr { $ENS_PERIMETER_IP, $PNS_PERIMETER_IP } udp dport 53 \ - counter accept comment "DNS zone notification" - -add rule inet ifg_filter forward \ - ct state new \ - ip protocol tcp \ - iifname $PERIMETER_IF ip saddr { $ENS_PERIMETER_IP, $PNS_PERIMETER_IP } tcp sport 1024-65535 \ - oifname $INTERNAL_IF ip daddr $PNS_INTERNAL_IP tcp dport 53 \ - counter accept comment "DNS zone transfer requests" - -add rule inet ifg_filter forward \ - ct state established \ - ip protocol tcp \ - iifname $INTERNAL_IF ip saddr $PNS_INTERNAL_IP tcp sport 53 \ - oifname $PERIMETER_IF ip daddr { $ENS_PERIMETER_IP, $PNS_PERIMETER_IP } tcp dport 1024-65535 \ - counter accept comment "DNS zone transfer replies" - -add rule inet ifg_filter forward \ - ip protocol udp \ - iifname $PERIMETER_IF ip saddr != $PERIMETER_NET udp sport 1024-65535 \ - oifname $INTERNAL_IF ip daddr $VPN_INTERNAL_IP udp dport 1194 \ - counter accept comment "Incoming VPN traffic" - -add rule inet ifg_filter forward \ - iifname $INTERNAL_IF \ - oifname $INTERNAL_IF \ - counter accept comment "Internal traffic" - -add rule inet ifg_filter forward \ - ip protocol tcp \ - iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IP tcp sport 1024-65535 \ - oifname $INTERNAL_IF ip daddr $DVREDMINE_INTERNAL_IP tcp dport 80 \ - counter accept comment "Redmine requests" - -add rule inet ifg_filter forward \ - ct state established \ - ip protocol tcp \ - iifname $INTERNAL_IF ip saddr $DVREDMINE_INTERNAL_IP tcp sport 80 \ - oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IP tcp dport 1024-65535 \ - counter accept comment "Redmine replies" - -add rule inet ifg_filter forward \ - ip protocol tcp \ - iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IP tcp sport 1024-65535 \ - oifname $INTERNAL_IF ip daddr $MINICRM_INTERNAL_IP tcp dport 8080 \ - counter accept comment "MiniCRM requests" - -add rule inet ifg_filter forward \ - ct state established \ - ip protocol tcp \ - iifname $INTERNAL_IF ip saddr $MINICRM_INTERNAL_IP tcp sport 8080 \ - oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IP tcp dport 1024-65535 \ - counter accept comment "MiniCRM replies" - -add rule inet ifg_filter forward \ - ip protocol tcp \ - iifname $PERIMETER_IF ip saddr $WS_PERIMETER_IP tcp sport 1024-65535 \ - oifname $INTERNAL_IF ip daddr $WORKSHEET_SR_IP tcp dport 8079 \ - counter accept comment "Worksheet requests" - -add rule inet ifg_filter forward \ - ct state established \ - ip protocol tcp \ - iifname $INTERNAL_IF ip saddr $WORKSHEET_SR_IP tcp sport 8079 \ - oifname $PERIMETER_IF ip daddr $WS_PERIMETER_IP tcp dport 1024-65535 \ - counter accept comment "Worksheet replies" - -add rule inet ifg_filter forward \ - ip protocol icmp \ - counter accept comment "ICMP" - -add rule inet ifg_filter forward \ - counter log prefix "FORWARD" - - -################################ -# FILTER output rules -################################ - -add rule inet ifg_filter output \ - ct state new \ - ip protocol udp \ - ip saddr $IFG_USR_IP udp sport 1024-65535 \ - oifname $INTERNAL_IF ip daddr { $INS_INTERNAL_IP, $SVC_INTERNAL_IP } udp dport 53 \ - counter accept comment "DNS requests" - -add rule inet ifg_filter output \ - ip protocol icmp \ - counter accept comment "ICMP" - -add rule inet ifg_filter output \ - counter log prefix "OUTPUT" diff --git a/sources/ifg.usr.f30/firstboot/traversal.txt b/sources/ifg.usr.f30/firstboot/traversal.txt deleted file mode 100644 index 97ebf2d..0000000 --- a/sources/ifg.usr.f30/firstboot/traversal.txt +++ /dev/null @@ -1,53 +0,0 @@ -############################### - chain traversal - for all tables -############################### - - NETWORK - | - ______v_____ - / raw \ - | PREROUTING | - \____________/ - | - ________ ______v_____ - / mangle \ / mangle \ - | INPUT |<- | PREROUTING | - \________/ | \____________/ - | | | - ____v___ | ______v_____ - / filter \ | / nat \ - | INPUT | | | PREROUTING | - \________/ | \____________/ - | | | - ____v____ | ____v___ - | | | / \ - | local | |__/ routing \__________ - | process | \ decision / | - |_________| \________/ ____v____ - | / mangle \ - ___v____ | FORWARD | - / \ \_________/ - / routing \ | - \ decision / ____v____ - \________/ / filter \ - | | FORWARD | - ____v___ ________ \_________/ - / raw \ / \ | - | OUTPUT | / routing \ | - \________/ ->\ decision /<--------- - | | \________/ - ____v___ | | - / mangle \ | ______v______ - | OUTPUT | | / mangle \ - \________/ | | POSTROUTING | - | | \_____________/ - ____v___ | | - / nat \ | ______v______ - | OUTPUT | | / nat \ - \________/ | | POSTROUTING | - | | \_____________/ - ____v___ | | - / filter \ | v - | OUTPUT |-- NETWORK - \________/ diff --git a/sources/ifg.usr.f30/postinstall/01_setownership.sh b/sources/ifg.usr.f30/postinstall/01_setownership.sh deleted file mode 100755 index f2e6b94..0000000 --- a/sources/ifg.usr.f30/postinstall/01_setownership.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install - -chown -R root.root $SOURCE_PATH/* diff --git a/sources/ifg.usr.f30/postinstall/02_setpermissions.sh b/sources/ifg.usr.f30/postinstall/02_setpermissions.sh deleted file mode 100755 index 241386a..0000000 --- a/sources/ifg.usr.f30/postinstall/02_setpermissions.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install diff --git a/sources/ifg.usr.f30/postinstall/03_installfiles.sh b/sources/ifg.usr.f30/postinstall/03_installfiles.sh deleted file mode 100755 index f190caf..0000000 --- a/sources/ifg.usr.f30/postinstall/03_installfiles.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -tar --create \ - --directory=$REAL_PATH \ - --to-stdout \ - install \ - | tar --extract \ - --backup \ - --directory=/ \ - --no-overwrite-dir \ - --strip-components=1 \ - --suffix=.orig diff --git a/sources/ifg.usr.f30/postinstall/10_setupservices.sh b/sources/ifg.usr.f30/postinstall/10_setupservices.sh deleted file mode 100755 index 5250ed4..0000000 --- a/sources/ifg.usr.f30/postinstall/10_setupservices.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - - -#systemctl enable iptables.service -systemctl enable NetworkManager-wait-online.service - -systemctl mask wpa_supplicant.service diff --git a/sources/ifg.usr.f30/postinstall/99_cleanup.sh b/sources/ifg.usr.f30/postinstall/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/ifg.usr.f30/postinstall/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/ifg.usr.f30/postinstall/install/etc/hosts b/sources/ifg.usr.f30/postinstall/install/etc/hosts deleted file mode 100644 index 98645cf..0000000 --- a/sources/ifg.usr.f30/postinstall/install/etc/hosts +++ /dev/null @@ -1,6 +0,0 @@ -127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4 -::1 localhost6.localdomain6 localhost6 - -10.228.109.254 ifg.usr.user.hu ifg -192.168.42.254 ifg.sr.user.hu -192.168.43.254 ifg.in.user.hu diff --git a/sources/ifg.usr.f30/postinstall/install/etc/resolv.conf b/sources/ifg.usr.f30/postinstall/install/etc/resolv.conf deleted file mode 100644 index 656e3f2..0000000 --- a/sources/ifg.usr.f30/postinstall/install/etc/resolv.conf +++ /dev/null @@ -1,4 +0,0 @@ -nameserver 10.228.109.253 -nameserver 10.228.109.104 -domain usr.user.hu -search usr.user.hu diff --git a/sources/ifg.usr.f30/postinstall/install/etc/sysconfig/nftables.conf b/sources/ifg.usr.f30/postinstall/install/etc/sysconfig/nftables.conf deleted file mode 100644 index a6d184f..0000000 --- a/sources/ifg.usr.f30/postinstall/install/etc/sysconfig/nftables.conf +++ /dev/null @@ -1 +0,0 @@ -include "/etc/nftables/ifg.nft" diff --git a/sources/ifg.usr.f30/postinstall/install/etc/sysctl.d/01_ipforward.conf b/sources/ifg.usr.f30/postinstall/install/etc/sysctl.d/01_ipforward.conf deleted file mode 100644 index 05b3f78..0000000 --- a/sources/ifg.usr.f30/postinstall/install/etc/sysctl.d/01_ipforward.conf +++ /dev/null @@ -1 +0,0 @@ -net.ipv4.conf.all.forwarding = 1 diff --git a/sources/ins.usr.f30/config b/sources/ins.usr.f30/config deleted file mode 100644 index f7b49cf..0000000 --- a/sources/ins.usr.f30/config +++ /dev/null @@ -1,18 +0,0 @@ -lxc.include = /usr/share/lxc/config/common.conf - -lxc.arch = x86_64 -lxc.uts.name = ins.usr.user.hu -lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.mount.auto = proc:rw sys:ro - -lxc.net.0.type = phys -lxc.net.0.flags = up -lxc.net.0.link = ins - -lxc.autodev = 1 - -lxc.signal.halt = SIGRTMIN+4 - -lxc.start.auto = 1 -lxc.start.order = 22 -lxc.start.delay = 3 diff --git a/sources/ins.usr.f30/envvars b/sources/ins.usr.f30/envvars deleted file mode 100644 index 3d8e477..0000000 --- a/sources/ins.usr.f30/envvars +++ /dev/null @@ -1,2 +0,0 @@ -BASE_PACKAGES="NetworkManager hostname initscripts iproute iputils rootfiles rsyslog tar vim-minimal" -SPEC_PACKAGES="bind bind-utils" diff --git a/sources/ins.usr.f30/firstboot/01_setupnetworking.sh b/sources/ins.usr.f30/firstboot/01_setupnetworking.sh deleted file mode 100755 index 2e1d525..0000000 --- a/sources/ins.usr.f30/firstboot/01_setupnetworking.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active NetworkManager.service -NM_RC=$? -WAITED=0 -while [ $NM_RC -ne 0 ] -do - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active NetworkManager.service - NM_RC=$? -done -[ $WAITED -eq 1 ] && echo - -CONNECTIONS=$(nmcli --terse connection show | wc -l) -while [ $CONNECTIONS -ne 1 ] -do - echo "Number of connections: $CONNECTIONS" >&2 - sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done - -CONNECTION_LINE=$(nmcli --terse connection show) -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') -CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id internal \ - connection.interface-name $CONNECTION_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "10.228.109.104/16" \ - ipv4.dns "10.228.109.253, 10.228.109.104" \ - ipv4.dns-search "usr.user.hu" \ - ipv4.gateway "10.228.109.254" \ - ipv4.method "manual" \ - ipv6.method "ignore" \ - save yes - -nmcli connection show diff --git a/sources/ins.usr.f30/firstboot/02_settimezone.sh b/sources/ins.usr.f30/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/ins.usr.f30/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/ins.usr.f30/firstboot/03_setupldap.sh b/sources/ins.usr.f30/firstboot/03_setupldap.sh deleted file mode 100755 index 4b58626..0000000 --- a/sources/ins.usr.f30/firstboot/03_setupldap.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - - -exit 0 -authselect select sssd with-mkhomedir --force - -cat >>/etc/openldap/ldap.conf <&2 - sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done - -CONNECTION_LINE=$(nmcli --terse connection show) -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') -CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id internal \ - connection.interface-name $CONNECTION_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "10.228.109.252/16" \ - ipv4.dns "10.228.109.104, 10.228.109.253" \ - ipv4.dns-search "usr.user.hu" \ - ipv4.gateway "10.228.109.254" \ - ipv4.method "manual" \ - ipv6.method "ignore" \ - save yes - -nmcli connection show diff --git a/sources/ldap.usr.f30/firstboot/02_settimezone.sh b/sources/ldap.usr.f30/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/ldap.usr.f30/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/ldap.usr.f30/firstboot/10_createldapcert.sh b/sources/ldap.usr.f30/firstboot/10_createldapcert.sh deleted file mode 100755 index 3ad9be8..0000000 --- a/sources/ldap.usr.f30/firstboot/10_createldapcert.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -set -x - -read -n 1 -p "Recreate ldap certificate? y/[n] " -t 5 RECREATE -if [ "$RECREATE" = "y" ] -then - cd /etc/pki/tls/certs - openssl genrsa -aes128 2048 >tmp.key - openssl rsa -in tmp.key -out slapd.key - openssl req -utf8 -new -key slapd.key -out slapd.csr - openssl x509 -in slapd.csr -out slapd.crt -req -signkey slapd.key -days 3650 - chmod 600 slapd.key - rm -f slapd.csr tmp.key -fi - -cp -p /etc/pki/tls/certs/slapd.key \ - /etc/pki/tls/certs/slapd.crt \ - /etc/pki/tls/certs/ca-bundle.crt \ - /etc/openldap/certs/ - -chown ldap.ldap /etc/openldap/certs/slapd.key \ - /etc/openldap/certs/slapd.crt \ - /etc/openldap/certs/ca-bundle.crt diff --git a/sources/ldap.usr.f30/firstboot/11_createusers.sh b/sources/ldap.usr.f30/firstboot/11_createusers.sh deleted file mode 100755 index 99eb9c7..0000000 --- a/sources/ldap.usr.f30/firstboot/11_createusers.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(realpath $(dirname $0)) - - ->$REAL_PATH/SEED.txt ->$REAL_PATH/UIDS.txt -cat $REAL_PATH/USERS.txt | while read LINE -do - COMPACT_LINE=$(echo $LINE | sed 's/, /,/g') - LOGIN=$(echo $COMPACT_LINE | cut -f 1 -d ',') - LOGIN_MD5SUM=$(echo $LOGIN | md5sum | awk '{print $1}') - UID_POSITION=30 - UID_IS_UNIQUE=0 - while [ $UID_IS_UNIQUE -eq 0 ] - do - LOGIN_UID=$(echo $LOGIN_MD5SUM | cut -c ${UID_POSITION}- | cut -c 1-3) - grep $LOGIN_UID $REAL_PATH/SEED.txt >/dev/null 2>&1 - if [ $? -eq 1 ] - then - INT_UID=$(python3 -c "print(10000 + int('$LOGIN_UID', 16))") - HEX_UID=$(python3 -c "print(hex($INT_UID))") - #echo $LOGIN $LOGIN_MD5SUM $LOGIN_UID $INT_UID $HEX_UID - echo $LOGIN_UID >>$REAL_PATH/SEED.txt - echo "${INT_UID},${HEX_UID},$COMPACT_LINE" >>$REAL_PATH/UIDS.txt - UID_IS_UNIQUE=1 - else - UID_POSITION=$(( $UID_POSITION - 1 )) - echo "shifted $LOGIN to $UID_POSITION" - if [ $UID_POSITION -eq 0 ] - then - echo "Cannot generate unique uid for $LOGIN" >&2 - exit 1 - fi - fi - done - #echo $LOGIN $LOGIN_UID $INT_UID $LOGIN_MD5SUM -done - ->$REAL_PATH/setupusers.ldif -cat $REAL_PATH/UIDS.txt | while read LINE -do - INT_UID=$(echo $LINE | cut -f 1 -d ',') - HEX_UID=$(echo $LINE | cut -f 2 -d ',') - LOGIN=$(echo $LINE | cut -f 3 -d ',') - FIRSTNAME=$(echo $LINE | cut -f 4 -d ',') - LASTNAME=$(echo $LINE | cut -f 5 -d ',') - MAIL_ADDRESS=$(echo $LINE | cut -f 6 -d ',') - MOBILE_NUMBER=$(echo $LINE | cut -f 7 -d ',') - sed -e "s/__UID__/$INT_UID/" \ - -e "s/__LOGIN__/$LOGIN/" \ - -e "s/__FIRSTNAME__/$FIRSTNAME/" \ - -e "s/__LASTNAME__/$LASTNAME/" \ - -e "s/__MAIL__/$MAIL_ADDRESS/" \ - -e "s/__MOBILE__/$MOBILE_NUMBER/" \ - <$REAL_PATH/user_template.ldif \ - >>$REAL_PATH/setupusers.ldif -done diff --git a/sources/ldap.usr.f30/firstboot/20_setupldap.sh b/sources/ldap.usr.f30/firstboot/20_setupldap.sh deleted file mode 100755 index d177823..0000000 --- a/sources/ldap.usr.f30/firstboot/20_setupldap.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -set -x - -REAL_PATH=$(realpath $(dirname $0)) -SLAPD_RUNNING=0 - - -while [ $SLAPD_RUNNING -ne 1 ] -do - echo -n '.' - sleep 1 - systemctl --quiet is-active slapd.service - SLAPD_RUNNING=$(( $? + 1 )) -done - -read -n 1 -p "Recreate ldap database? y/[n] " -t 5 RECREATE - -ldapadd -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setup0config.ldif -ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif -ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif -ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif -ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/share/doc/openssh-ldap/openssh-lpk-openldap.ldif -ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setup1monitor.ldif -ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setup2mdb.ldif -ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setuptls.ldif -if [ "$RECREATE" = "y" ] -then - ldapadd -x -D cn=Manager,dc=user,dc=hu -w pwd -f $REAL_PATH/setupdomain.ldif - ldapadd -x -D cn=Manager,dc=user,dc=hu -w pwd -f $REAL_PATH/setupusers.ldif -fi -ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/replacerootpw.ldif - -if [ "$RECREATE" != "y" ] -then - systemctl stop slapd.service - slapadd -n 2 -l $REAL_PATH/data.ldif - chown -R ldap.ldap /var/lib/ldap - systemctl start slapd.service -fi - -authselect select sssd with-mkhomedir --force -systemctl restart oddjobd.service -systemctl restart sssd.service - -# back up passwords -#ldapsearch -x -D cn=Manager,dc=user,dc=hu -W -b "ou=People,dc=user,dc=hu" "objectClass=*" userPassword shadowLastChange - -# back up openldap -#slapcat -n 0 >/tmp/config.ldif -#slapcat -n 2 >/tmp/data.ldif - -# restore openldap -#slapadd -n 0 -F /etc/openldap/slapd.d -l /tmp/config.ldif -#slapadd -n 2 -F /etc/openldap/slapd.d -l /tmp/data.ldif diff --git a/sources/ldap.usr.f30/firstboot/99_cleanup.sh b/sources/ldap.usr.f30/firstboot/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/ldap.usr.f30/firstboot/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/ldap.usr.f30/firstboot/USERS.txt b/sources/ldap.usr.f30/firstboot/USERS.txt deleted file mode 100644 index 7c6bc48..0000000 --- a/sources/ldap.usr.f30/firstboot/USERS.txt +++ /dev/null @@ -1,18 +0,0 @@ -akosztolanyi, Árpád, Kosztolányi, arpad.kosztolanyi@userrendszerhaz.hu, +36 20 583 7539 -azsamboki, Attila, Zsámboki, attila.zsamboki@userrendszerhaz.hu, +36 20 980 6592 -bcsoka, Barnabás, Csóka, barnabas.csoka@userrendszerhaz.hu, +36 30 939 7023 -csgulyas, Csaba, Gulyás, csaba.gulyas@userrendszerhaz.hu, +36 30 374 4065 -cslevai, Csilla, Lévai, csilla.levai@userrendszerhaz.hu, +36 30 280 8517 -dhorvath, Dénes, Horváth, denes.horvath@userrendszerhaz.hu, +36 30 971 8563 -dvasary, Dániel, Vásáry, daniel.vasary@userrendszerhaz.hu, +36 30 515 9417 -fritter, Ferenc, Ritter, ferenc.ritter@userrendszerhaz.hu, +36 20 937 8022 -fschnell, Ferenc, Schnellbach, ferenc.schnellbach@userrendszerhaz.hu, +36 30 950 2529 -ibartakovics, István, Bartakovics, istvan.bartakovics@userrendszerhaz.hu, +36 30 630 4920 -ifabian, Ildikó, Fábián, ildiko.fabian@userrendszerhaz.hu, +36 30 239 9891 -khorvath, Kálmán, Horváth, kalman.horvath@userrendszerhaz.hu, +36 20 444 8693 -kkele, Károly, Kele, karoly.kele@userrendszerhaz.hu, +36 70 942 2450 -mszabo, Marcell, Szabó, marcell.szabo@userrendszerhaz.hu, +36 70 458 1234 -rrendek, Róbert, Rendek, robert.rendek@userrendszerhaz.hu, +36 30 977 5888 -tlevai, Tibor, Lévai, tibor.levai@userrendszerhaz.hu, +36 30 297 6481 -zbartakovics, Zoltán, Bartakovics, zoltan.bartakovics@userrendszerhaz.hu, +36 30 944 0299 -zfelleg, Zoltán, Felleg, zoltan.felleg@userrendszerhaz.hu, +36 20 954 1513 diff --git a/sources/ldap.usr.f30/firstboot/pwd.txt b/sources/ldap.usr.f30/firstboot/pwd.txt deleted file mode 100644 index d096bb7..0000000 --- a/sources/ldap.usr.f30/firstboot/pwd.txt +++ /dev/null @@ -1,2 +0,0 @@ -temp (pwd): {SSHA}PaJYPlbWfzdt301XlzPy7PhfJkIDohyc -final : {SSHA}RWEH1A6dxFFVufJrFI5BchIyq3AIAq4I diff --git a/sources/ldap.usr.f30/firstboot/replacerootpw.ldif b/sources/ldap.usr.f30/firstboot/replacerootpw.ldif deleted file mode 100644 index 275d24c..0000000 --- a/sources/ldap.usr.f30/firstboot/replacerootpw.ldif +++ /dev/null @@ -1,4 +0,0 @@ -dn: olcDatabase={2}mdb,cn=config -changetype: modify -replace: olcRootPW -olcRootPW: {SSHA}RWEH1A6dxFFVufJrFI5BchIyq3AIAq4I diff --git a/sources/ldap.usr.f30/firstboot/setup0config.ldif b/sources/ldap.usr.f30/firstboot/setup0config.ldif deleted file mode 100644 index 15347ac..0000000 --- a/sources/ldap.usr.f30/firstboot/setup0config.ldif +++ /dev/null @@ -1,9 +0,0 @@ -dn: olcDatabase={0}config,cn=config -changetype: modify -add: olcRootPW -olcRootPW: {SSHA}Qta8GXQLA1k8WpxRd9FQ2qzi3jcJBfob - -#dn: cn=config -#changetype: modify -#replace: olcLogLevel -#olcLogLevel: Conns ACL diff --git a/sources/ldap.usr.f30/firstboot/setup1monitor.ldif b/sources/ldap.usr.f30/firstboot/setup1monitor.ldif deleted file mode 100644 index 4f225c2..0000000 --- a/sources/ldap.usr.f30/firstboot/setup1monitor.ldif +++ /dev/null @@ -1,7 +0,0 @@ -dn: olcDatabase={1}monitor,cn=config -changetype: modify -replace: olcAccess -olcAccess: {0}to * - by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read - by dn.base="cn=Manager,dc=user,dc=hu" read - by * none diff --git a/sources/ldap.usr.f30/firstboot/setup2mdb.ldif b/sources/ldap.usr.f30/firstboot/setup2mdb.ldif deleted file mode 100644 index 690f1da..0000000 --- a/sources/ldap.usr.f30/firstboot/setup2mdb.ldif +++ /dev/null @@ -1,32 +0,0 @@ -dn: olcDatabase={2}mdb,cn=config -changetype: modify -replace: olcSuffix -olcSuffix: dc=user,dc=hu - -dn: olcDatabase={2}mdb,cn=config -changetype: modify -replace: olcRootDN -olcRootDN: cn=Manager,dc=user,dc=hu - -dn: olcDatabase={2}mdb,cn=config -changetype: modify -add: olcRootPW -olcRootPW: {SSHA}PaJYPlbWfzdt301XlzPy7PhfJkIDohyc - -dn: olcDatabase={2}mdb,cn=config -changetype: modify -add: olcAccess -olcAccess: {0}to attrs=userPassword - by dn="cn=Manager,dc=user,dc=hu" write - by anonymous auth - by self write - by * none -olcAccess: {1}to attrs=shadowLastChange - by dn="cn=Manager,dc=user,dc=hu" write - by self write - by * read -olcAccess: {2}to dn.base="" - by * read -olcAccess: {3}to * - by dn="cn=Manager,dc=user,dc=hu" write - by * read diff --git a/sources/ldap.usr.f30/firstboot/setupdomain.ldif b/sources/ldap.usr.f30/firstboot/setupdomain.ldif deleted file mode 100644 index aaa0ccc..0000000 --- a/sources/ldap.usr.f30/firstboot/setupdomain.ldif +++ /dev/null @@ -1,19 +0,0 @@ -dn: dc=user,dc=hu -objectClass: top -objectClass: dcObject -objectclass: organization -o: USER Sytemhouse -dc: user - -dn: cn=Manager,dc=user,dc=hu -objectClass: organizationalRole -cn: Manager -description: Directory Manager - -dn: ou=People,dc=user,dc=hu -objectClass: organizationalUnit -ou: People - -dn: ou=Group,dc=user,dc=hu -objectClass: organizationalUnit -ou: Group diff --git a/sources/ldap.usr.f30/firstboot/setuptls.ldif b/sources/ldap.usr.f30/firstboot/setuptls.ldif deleted file mode 100644 index 141428c..0000000 --- a/sources/ldap.usr.f30/firstboot/setuptls.ldif +++ /dev/null @@ -1,10 +0,0 @@ -dn: cn=config -changetype: modify -add: olcTLSCACertificateFile -olcTLSCACertificateFile: /etc/openldap/certs/ca-bundle.crt -- -replace: olcTLSCertificateFile -olcTLSCertificateFile: /etc/openldap/certs/slapd.crt -- -replace: olcTLSCertificateKeyFile -olcTLSCertificateKeyFile: /etc/openldap/certs/slapd.key diff --git a/sources/ldap.usr.f30/firstboot/user_template.ldif b/sources/ldap.usr.f30/firstboot/user_template.ldif deleted file mode 100644 index 5ba1f24..0000000 --- a/sources/ldap.usr.f30/firstboot/user_template.ldif +++ /dev/null @@ -1,24 +0,0 @@ -# __LOGIN__ -dn: uid=__LOGIN__,ou=People,dc=user,dc=hu -objectClass: inetOrgPerson -objectClass: posixAccount -objectClass: shadowAccount -cn: __LOGIN__ -gn: __FIRSTNAME__ -sn: __LASTNAME__ -mail: __MAIL__ -mobile: __MOBILE__ -loginShell: /bin/bash -uidNumber: __UID__ -gidNumber: __UID__ -homeDirectory: /home/__LOGIN__ -userPassword: {SSHA}Be0QldINCqu8gM+Fii1cR2fpjCzSqEcO -shadowLastChange: 0 -shadowMax: 3650 - -dn: cn=__LOGIN__,ou=Group,dc=user,dc=hu -objectClass: posixGroup -cn: __LOGIN__ -gidNumber: __UID__ -memberUid: __LOGIN__ - diff --git a/sources/ldap.usr.f30/postinstall/01_setownership.sh b/sources/ldap.usr.f30/postinstall/01_setownership.sh deleted file mode 100755 index 0dd1234..0000000 --- a/sources/ldap.usr.f30/postinstall/01_setownership.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install - - -chown -R root.root $SOURCE_PATH -chown -R ldap.ldap $SOURCE_PATH/var/lib/ldap - -chgrp ssh_keys $SOURCE_PATH/etc/ssh/*_key diff --git a/sources/ldap.usr.f30/postinstall/02_setpermissions.sh b/sources/ldap.usr.f30/postinstall/02_setpermissions.sh deleted file mode 100755 index 6779033..0000000 --- a/sources/ldap.usr.f30/postinstall/02_setpermissions.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install - - -chmod 600 $SOURCE_PATH/etc/pki/tls/certs/slapd.key -chmod 400 $SOURCE_PATH/etc/ssh/*_key -chmod 444 $SOURCE_PATH/etc/ssh/*.pub -chmod 600 $SOURCE_PATH/etc/sssd/sssd.conf diff --git a/sources/ldap.usr.f30/postinstall/03_installfiles.sh b/sources/ldap.usr.f30/postinstall/03_installfiles.sh deleted file mode 100755 index f190caf..0000000 --- a/sources/ldap.usr.f30/postinstall/03_installfiles.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -tar --create \ - --directory=$REAL_PATH \ - --to-stdout \ - install \ - | tar --extract \ - --backup \ - --directory=/ \ - --no-overwrite-dir \ - --strip-components=1 \ - --suffix=.orig diff --git a/sources/ldap.usr.f30/postinstall/10_setupservices.sh b/sources/ldap.usr.f30/postinstall/10_setupservices.sh deleted file mode 100755 index e8ab8f0..0000000 --- a/sources/ldap.usr.f30/postinstall/10_setupservices.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - - -systemctl enable oddjobd.service -systemctl enable slapd.service -systemctl enable sssd.service -systemctl enable NetworkManager-wait-online.service - -systemctl mask wpa_supplicant.service diff --git a/sources/ldap.usr.f30/postinstall/20_setupsshldap.sh b/sources/ldap.usr.f30/postinstall/20_setupsshldap.sh deleted file mode 100755 index 177e4db..0000000 --- a/sources/ldap.usr.f30/postinstall/20_setupsshldap.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - - -echo "AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper" >>/etc/ssh/sshd_config -echo "AuthorizedKeysCommandUser nobody" >>/etc/ssh/sshd_config diff --git a/sources/ldap.usr.f30/postinstall/99_cleanup.sh b/sources/ldap.usr.f30/postinstall/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/ldap.usr.f30/postinstall/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/ldap.usr.f30/postinstall/install/etc/hosts b/sources/ldap.usr.f30/postinstall/install/etc/hosts deleted file mode 100644 index 10caea9..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/hosts +++ /dev/null @@ -1,4 +0,0 @@ -127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4 -::1 localhost6.localdomain6 localhost6 - -10.228.109.252 ldap.usr.user.hu ldap diff --git a/sources/ldap.usr.f30/postinstall/install/etc/openldap/ldap.conf b/sources/ldap.usr.f30/postinstall/install/etc/openldap/ldap.conf deleted file mode 100644 index cd331f3..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/openldap/ldap.conf +++ /dev/null @@ -1,30 +0,0 @@ -# -# LDAP Defaults -# - -# See ldap.conf(5) for details -# This file should be world readable but not world writable. - -#BASE dc=example,dc=com -#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 - -#SIZELIMIT 12 -#TIMELIMIT 15 -#DEREF never - -# When no CA certificates are specified the Shared System Certificates -# are in use. In order to have these available along with the ones specified -# by TLS_CACERTDIR one has to include them explicitly: -#TLS_CACERT /etc/pki/tls/cert.pem - -# System-wide Crypto Policies provide up to date cipher suite which should -# be used unless one needs a finer grinded selection of ciphers. Hence, the -# PROFILE=SYSTEM value represents the default behavior which is in place -# when no explicit setting is used. (see openssl-ciphers(1) for more info) -#TLS_CIPHER_SUITE PROFILE=SYSTEM - -# Turning this off breaks GSSAPI used with krb5 when rdns = false -SASL_NOCANON on - -BASE dc=user,dc=hu -URI ldap://ldap.usr.user.hu diff --git a/sources/ldap.usr.f30/postinstall/install/etc/pki/tls/certs/slapd.crt b/sources/ldap.usr.f30/postinstall/install/etc/pki/tls/certs/slapd.crt deleted file mode 100644 index 23e110a..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/pki/tls/certs/slapd.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDMjCCAhoCCQC4bVg+Y9rSOjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJI -VTERMA8GA1UEBwwIQnVkYXBlc3QxHjAcBgNVBAoMFVVTRVIgU3lzdGVtaG91c2Ug -THRkLjEZMBcGA1UEAwwQbGRhcC51c3IudXNlci5odTAeFw0xODEwMDEwOTU0MjJa -Fw0yODA5MjgwOTU0MjJaMFsxCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVz -dDEeMBwGA1UECgwVVVNFUiBTeXN0ZW1ob3VzZSBMdGQuMRkwFwYDVQQDDBBsZGFw -LnVzci51c2VyLmh1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1g5 -LJtdXNjzxSonx/FH5Mxo3Jx8pYOSjPfkQGMLn7k9hpaZFjlZQlMZURlP3lBntSpz -7ZUecEpIP1f5Yompk/zdDrAAToLpFoKwhp2sBwlcqgPMw8hi2WD88/jVcigbdQL+ -jhqHtYHXBF4HfwQf5AiJgqnQ+jY8jOKQgwSUsrNKVL/LDRW9rJzGrUwf1k0IYfnL -/eOhwzJj7aCpFY5cf9cMP1SeBq9UL7tzT2tIGneQLhxb38/aPKYVEP4vZavCW/G1 -B/p0DOXZ9njyy8sOj02vdZN8CIuOqyIOS79rWRkQlXt85httRF+rNOtHg6LqviH6 -ZKsbkjsALnyWj1FnwQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQADOaFtkRiO3pSn -5BGeWYIPu0iE0ADaZDjMIxd+7fQyMb8jx7S114ylWvdpmQAhUPqDgojW4xrSteR+ -fGIY2ai2ZBoVHgFqhDGcg/iAv/BeblspD81AdYy9/OGLkmNi2nvggmNQ5pEATqAO -CavZ6DIZp/i1Y2dxKvlnkKFo9jwpZVIqZdFYLsybq9xIcI5L942I0LVYL0Mgyhr0 -3VF1uwxva0apM7yl0KZ/MNcwsJU1s6ObnWyeybNwTnCKlyIStfhV3e3KJ5bHQLaI -snX6owJIAve99AmVw6aneGu27qlKYbuENYC06K+RuYrbYHRzrjbF5SGEHcLAhFVN -/Cb2K+qe ------END CERTIFICATE----- diff --git a/sources/ldap.usr.f30/postinstall/install/etc/pki/tls/certs/slapd.key b/sources/ldap.usr.f30/postinstall/install/etc/pki/tls/certs/slapd.key deleted file mode 100644 index 195323b..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/pki/tls/certs/slapd.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAm1g5LJtdXNjzxSonx/FH5Mxo3Jx8pYOSjPfkQGMLn7k9hpaZ -FjlZQlMZURlP3lBntSpz7ZUecEpIP1f5Yompk/zdDrAAToLpFoKwhp2sBwlcqgPM -w8hi2WD88/jVcigbdQL+jhqHtYHXBF4HfwQf5AiJgqnQ+jY8jOKQgwSUsrNKVL/L -DRW9rJzGrUwf1k0IYfnL/eOhwzJj7aCpFY5cf9cMP1SeBq9UL7tzT2tIGneQLhxb -38/aPKYVEP4vZavCW/G1B/p0DOXZ9njyy8sOj02vdZN8CIuOqyIOS79rWRkQlXt8 -5httRF+rNOtHg6LqviH6ZKsbkjsALnyWj1FnwQIDAQABAoIBABvNOUZLc/UW+uGx -frcg7n37O1UoSIKSvpquDtKbJ0xpqaI5t6Irl1bwalqCTjH6b+UTePXvNyhfkviL -NR22h3vtyF5Fj3h9o1uc/hzJgS0tNsFStsXfShmfawX65bBtjyRs6cPi6aDJYQLu -FSddRJvaD0osPDNbm5CXR8e6/SXR+zdDsdOTFnnM6KsNqw0SQgNVBoTHIHMGKU// -SprTYNgP5Jhib4kuUNa+iaNwv/I8BEzooRG+JXJezhtbUecM0poI1izyKhPTlFgx -KTJ0FmzpPtypOGWnPazt710wIUU/O4dODOKB/J6eF578QkHoOZ4Z0Ykes9p6RWMF -oPqb07ECgYEAzJKOf6fNWrWjzZksiP6NB5jvfEF3Fb3IyclH3z0cYLJ40DHYehp7 -Qs2/2BikPd4zsZHLCcp08gjlT8LsZQwYdJK4BsQ80xHVsiZY3Gfqm867EJJlnZ7b -Le1h0iCXmrkh9KeNHeWZdOpttJPo/5kvf9TdNL1dk3VHxXuVy9mBat0CgYEAwmWQ -Xh3egaIPYNdlPAeK8Q67CrQ0CKriwJMUeyMzU+IhbyRQgus5dWOnvdS0Jt8tT7dA -thrfWDQCaeSjsXW8vNdQxK9WMZoCYSI5gayu0WmlX9Vcgp1LSxuRkGpJvqdU4SlU -XGoP7NuIqxvDJ3TiWVV+1nufk74XLhlEKhuG6DUCgYAHQE6iwbzqsTOMLxjABl3T -Xh1nBx8Ee0SpumO8yvq9hrX3kzy8H0ItPQPG0iDIPJ8SdTuALlf02FHggOVGM6aO -Q0EYpE4PoTs05F0T+u769Nn2nWnSq3XTa+2iuBsHlfZZKLM80w2cck7PLsr8fF6N -pmrs2qV9e5O+sUG/BweqVQKBgFfvtaS9gj/F3YsDJMpI5zMwZK/s4HTjSHuwjN0/ -CSLy8gjitoDigzV1BRY8N9o1rruWu/Ekqs+th0H7qYjHJ7+M7v5qCmWZs2XZI4Zj -ZRlZ3vNBAv4axUqOiAR58C4MZ7sLBRxg5h9RF7u/bUJV/2ZF5ICFn6Qnozi5OTqL -BTXZAoGAS8bsX6GVqWd/FkBJCqFVbUQcbawQKy0ZVlEIPg06hPtxRcmNZt+dtOWT -6W/yoer/7oGGUoSHE1y6a5SX0vHOvtkToYy4zUjESaMsa9Wr/DoP9RDkCqUJijxY -zG3XPCj7maygTKSC77ao2bCyQqKYyjIU80CjmI8X8ybAQIkdgAo= ------END RSA PRIVATE KEY----- diff --git a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ldap.conf b/sources/ldap.usr.f30/postinstall/install/etc/ssh/ldap.conf deleted file mode 100644 index 30358af..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ldap.conf +++ /dev/null @@ -1,95 +0,0 @@ -# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $ -# -# This is the example configuration file for the OpenSSH -# LDAP backend -# -# see ssh-ldap.conf(5) -# - -# URI with your LDAP server name. This allows to use -# Unix Domain Sockets to connect to a local LDAP Server. -uri ldap://127.0.0.1/ -#uri ldaps://127.0.0.1/ -#uri ldapi://%2fvar%2frun%2fldapi_sock/ -# Note: %2f encodes the '/' used as directory separator - -# Another way to specify your LDAP server is to provide an -# host name and the port of our LDAP server. Host name -# must be resolvable without using LDAP. -# Multiple hosts may be specified, each separated by a -# space. How long nss_ldap takes to failover depends on -# whether your LDAP client library supports configurable -# network or connect timeouts (see bind_timelimit). -#host 127.0.0.1 - -# The port. -# Optional: default is 389. -#port 389 - -# The distinguished name to bind to the server with. -# Optional: default is to bind anonymously. -#binddn cn=openssh_keys,dc=example,dc=org - -# The credentials to bind with. -# Optional: default is no credential. -#bindpw TopSecret - -# The distinguished name of the search base. -#base dc=example,dc=org - -# The LDAP version to use (defaults to 3 -# if supported by client library) -#ldap_version 3 - -# The search scope. -#scope sub -#scope one -#scope base - -# Search timelimit -#timelimit 30 - -# Bind/connect timelimit -#bind_timelimit 30 - -# Reconnect policy: hard (default) will retry connecting to -# the software with exponential backoff, soft will fail -# immediately. -#bind_policy hard - -# SSL setup, may be implied by URI also. -ssl no -#ssl on -#ssl start_tls - -# OpenLDAP SSL options -# Require and verify server certificate (yes/no) -# Default is to use libldap's default behavior, which can be configured in -# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for -# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". -#tls_checkpeer hard - -# CA certificates for server certificate verification -# At least one of these are required if tls_checkpeer is "yes" -#tls_cacertfile /etc/ssl/ca.cert -#tls_cacertdir /etc/pki/tls/certs - -# Seed the PRNG if /dev/urandom is not provided -#tls_randfile /var/run/egd-pool - -# SSL cipher suite -# See man ciphers for syntax -#tls_ciphers TLSv1 - -# Client certificate and key -# Use these, if your server requires client authentication. -#tls_cert -#tls_key - -# OpenLDAP search_format -# format used to search for users in LDAP directory using substitution -# for %u for user name and %f for SSH_Filter option (optional, empty by default) -#search_format (&(objectclass=%c)(objectclass=ldapPublicKey)(uid=%u)%f) - -#AccountClass posixAccount - diff --git a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_ecdsa_key b/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_ecdsa_key deleted file mode 100644 index 495ef44..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_ecdsa_key +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS -1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRNhyIFsn1XHUZl3cXseM3xVxjVTDL4 -wBFyEQELvVGAEGmxqhETsNPb0xzFGXstoNZkQeBO72huapDROPbs72JXAAAAoLbGMeS2xj -HkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE2HIgWyfVcdRmXd -xex4zfFXGNVMMvjAEXIRAQu9UYAQabGqEROw09vTHMUZey2g1mRB4E7vaG5qkNE49uzvYl -cAAAAhALkbjaiJrtAkV7WAjDoFzCcjYavVqLSDWyq549QfKliMAAAAAAECAwQFBgc= ------END OPENSSH PRIVATE KEY----- diff --git a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub b/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub deleted file mode 100644 index d1e2908..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE2HIgWyfVcdRmXdxex4zfFXGNVMMvjAEXIRAQu9UYAQabGqEROw09vTHMUZey2g1mRB4E7vaG5qkNE49uzvYlc= diff --git a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_ed25519_key b/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_ed25519_key deleted file mode 100644 index 5c432d4..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_ed25519_key +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACAPqi+85zTZURcO07ZEkK/+WbPE0jeqbs5ezIefribFxwAAAIgiYFM1ImBT -NQAAAAtzc2gtZWQyNTUxOQAAACAPqi+85zTZURcO07ZEkK/+WbPE0jeqbs5ezIefribFxw -AAAEDv3ANgLBg7Rq+8xAZZLTCknzJn4WtmPtyQ9aqJUqFJMQ+qL7znNNlRFw7TtkSQr/5Z -s8TSN6puzl7Mh5+uJsXHAAAAAAECAwQF ------END OPENSSH PRIVATE KEY----- diff --git a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub b/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub deleted file mode 100644 index 139e2f2..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+qL7znNNlRFw7TtkSQr/5Zs8TSN6puzl7Mh5+uJsXH diff --git a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_rsa_key b/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_rsa_key deleted file mode 100644 index 9cf34b0..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_rsa_key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn -NhAAAAAwEAAQAAAQEAl33xHJr1IacdKzig31rgBuKL4kfuvLmXPzHgftSlH0q1r0zMizAE -aPcXMRHZ5w/TVUegd3qk2tNVQcJSPoqTjOFC2+tTpYYO6uJ7i5iDvP5v2Akm0VlSL3zwdv -k/TYBwpp3qXtLz4TNhcCjFpup63QgPCVlhZj7WyES4fWstR56ePAyBGydWUkwz1d4pZo8G -ChrSflt3F9nHcfTkgoZPD5GMQnm521rpL+yeuyUOmkO0DTkh00CP8nm9rhXUN99uGlYxDM -+lMcNn/1PV/8/BYMzhgeI1qJz10yXwPKQb5fxXdk/6qa4I9AKzscTV23/QAwgmz4bSYlzz -ypYlt0enEQAAA7h06oRJdOqESQAAAAdzc2gtcnNhAAABAQCXffEcmvUhpx0rOKDfWuAG4o -viR+68uZc/MeB+1KUfSrWvTMyLMARo9xcxEdnnD9NVR6B3eqTa01VBwlI+ipOM4ULb61Ol -hg7q4nuLmIO8/m/YCSbRWVIvfPB2+T9NgHCmnepe0vPhM2FwKMWm6nrdCA8JWWFmPtbIRL -h9ay1Hnp48DIEbJ1ZSTDPV3ilmjwYKGtJ+W3cX2cdx9OSChk8PkYxCebnbWukv7J67JQ6a -Q7QNOSHTQI/yeb2uFdQ3324aVjEMz6Uxw2f/U9X/z8FgzOGB4jWonPXTJfA8pBvl/Fd2T/ -qprgj0ArOxxNXbf9ADCCbPhtJiXPPKliW3R6cRAAAAAwEAAQAAAQA3Q7aF3PG4CSLW9Z2a -XaiEWnj1X5B0QLAwWZ2wJxrlw3dsL/QegrHZKOrI994qMNfDsJGVhKRHP/lGOAGQ1zTkm/ -isCblGFRW0ElNHpafJdniOsyf6Dz+wG0AN5vd06nouDkXFuedGLFxLclRIhBm2MI5rtrOV -fS8VeBxlhIfMLD2QGy6tZytksdqTIf8egAYv5QGn/LAYmjtiXfyWIGwN4LUKV6jeQUz9mk -P0UzY9VyOwXAthWE43MDM3zllzXF7Yw8vf2EJuOKLzXqbuKzNPAyNrOXMXYHMt2ZlJuy0b -JThk72tmR7aCiyKOsHxWPjwMad9hBvjV7Kg475UD+WkRAAAAgQCPim2W3nzD8i1mq89jr7 -VkQQWsmKmbeS/cufuHoJ23JqNyoO3dxfRT1GHupBYJXvjwQS9Dt/v2+GTVZa6Ldbx9T1Ew -COetJS1ZnrTUPbT6fesSuFZnCBDwGjx02bOcPbhDutTMDqCTPh8J45kIpw8U4UynWTIe9w -ZhObgUeKh2rQAAAIEAyJS2/z7CpwN7gtzRovSuaPFMtxBGlmkHDBa/AA9oCSleoXABMSiI -GE7Mfl6B3q+ryvLJMNj9ILSfPhBORMvO6RhKVV3qR0hUKuqFxy9p8e8e69N1QoYVgBsEtR -q+iij76B1cnwsV6wf4kxHKRHmivHATfKFPgZONmr4E9SST4ncAAACBAMFZHe0EdpReZGw4 -ARCyj6fvGLOu3ApM+PreNyVLXETNxvPIsqn1JTAPsMrX/82HKxD78c6nu1Ki0qJ7BuTEBQ -Rq6SiGjEEaW3skoppOK0md5cj7xNBY7eJFVbVAFmiudQaEbQlorf63jd0ErzIu0xKEi0Kg -l5RXrm5GsNIiwly3AAAAAAEC ------END OPENSSH PRIVATE KEY----- diff --git a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_rsa_key.pub b/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_rsa_key.pub deleted file mode 100644 index 7efa1e9..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/ssh/ssh_host_rsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXffEcmvUhpx0rOKDfWuAG4oviR+68uZc/MeB+1KUfSrWvTMyLMARo9xcxEdnnD9NVR6B3eqTa01VBwlI+ipOM4ULb61Olhg7q4nuLmIO8/m/YCSbRWVIvfPB2+T9NgHCmnepe0vPhM2FwKMWm6nrdCA8JWWFmPtbIRLh9ay1Hnp48DIEbJ1ZSTDPV3ilmjwYKGtJ+W3cX2cdx9OSChk8PkYxCebnbWukv7J67JQ6aQ7QNOSHTQI/yeb2uFdQ3324aVjEMz6Uxw2f/U9X/z8FgzOGB4jWonPXTJfA8pBvl/Fd2T/qprgj0ArOxxNXbf9ADCCbPhtJiXPPKliW3R6cR diff --git a/sources/ldap.usr.f30/postinstall/install/etc/sssd/sssd.conf b/sources/ldap.usr.f30/postinstall/install/etc/sssd/sssd.conf deleted file mode 100644 index 6f40aa8..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/sssd/sssd.conf +++ /dev/null @@ -1,18 +0,0 @@ -[domain/default] -id_provider = ldap -autofs_provider = ldap -auth_provider = ldap -chpass_provider = ldap -ldap_uri = ldap://ldap.usr.user.hu/ -ldap_search_base = dc=user,dc=hu -ldap_id_use_start_tls = True -ldap_tls_cacertdir = /etc/openldap/certs -cache_credentials = True -ldap_tls_reqcert = allow - -[sssd] -services = nss, pam, autofs -domains = default - -[nss] -homedir_substring = /home diff --git a/sources/ldap.usr.f30/postinstall/install/etc/sysctl.d/01-ipv6.conf b/sources/ldap.usr.f30/postinstall/install/etc/sysctl.d/01-ipv6.conf deleted file mode 100644 index 9b1dfc6..0000000 --- a/sources/ldap.usr.f30/postinstall/install/etc/sysctl.d/01-ipv6.conf +++ /dev/null @@ -1,2 +0,0 @@ -net.ipv6.conf.all.disable_ipv6 = 1 -net.ipv6.conf.ldap.disable_ipv6 = 1 diff --git a/sources/ldap.usr.f30/postinstall/install/var/lib/ldap/DB_CONFIG b/sources/ldap.usr.f30/postinstall/install/var/lib/ldap/DB_CONFIG deleted file mode 100644 index d0f2c68..0000000 --- a/sources/ldap.usr.f30/postinstall/install/var/lib/ldap/DB_CONFIG +++ /dev/null @@ -1,28 +0,0 @@ -# $OpenLDAP$ -# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. -# -# See the Oracle Berkeley DB documentation -# -# for detail description of DB_CONFIG syntax and semantics. -# -# Hints can also be found in the OpenLDAP Software FAQ -# -# in particular: -# - -# Note: most DB_CONFIG settings will take effect only upon rebuilding -# the DB environment. - -# one 0.25 GB cache -set_cachesize 0 268435456 1 - -# Data Directory -#set_data_dir db - -# Transaction Log settings -set_lg_regionmax 262144 -set_lg_bsize 2097152 -#set_lg_dir logs - -# Note: special DB_CONFIG flags are no longer needed for "quick" -# slapadd(8) or slapindex(8) access (see their -q option). diff --git a/sources/ldap.usr.f30/preinstall/01_backupldapdb.sh b/sources/ldap.usr.f30/preinstall/01_backupldapdb.sh deleted file mode 100755 index ee4177e..0000000 --- a/sources/ldap.usr.f30/preinstall/01_backupldapdb.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(realpath $(dirname $0)) -CONTAINER_NAME=$1 -CONTAINER_ROOTFS=$2 -CONTAINER_SOURCE_PATH=$3 - -lxc-attach --name=$CONTAINER_NAME -- systemctl stop slapd.service -lxc-attach --name=$CONTAINER_NAME -- slapcat -n 2 \ - >$CONTAINER_SOURCE_PATH/firstboot/data.ldif diff --git a/sources/pns.pm.f30/config b/sources/pns.pm.f30/config deleted file mode 100644 index bf6162c..0000000 --- a/sources/pns.pm.f30/config +++ /dev/null @@ -1,19 +0,0 @@ -lxc.include = /usr/share/lxc/config/common.conf - -lxc.arch = x86_64 -lxc.uts.name = pns.pm.user.hu -lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.mount.auto = proc:rw sys:ro - -lxc.net.0.type = veth -lxc.net.0.flags = up -lxc.net.0.link = brh -lxc.net.0.hwaddr = 02:0c:18:03:ad:ae - -lxc.autodev = 1 - -lxc.signal.halt = SIGRTMIN+4 - -lxc.start.auto = 1 -lxc.start.order = 12 -lxc.start.delay = 3 diff --git a/sources/pns.pm.f30/envvars b/sources/pns.pm.f30/envvars deleted file mode 100644 index 3d8e477..0000000 --- a/sources/pns.pm.f30/envvars +++ /dev/null @@ -1,2 +0,0 @@ -BASE_PACKAGES="NetworkManager hostname initscripts iproute iputils rootfiles rsyslog tar vim-minimal" -SPEC_PACKAGES="bind bind-utils" diff --git a/sources/pns.pm.f30/firstboot/01_setupnetworking.sh b/sources/pns.pm.f30/firstboot/01_setupnetworking.sh deleted file mode 100755 index 9c87c34..0000000 --- a/sources/pns.pm.f30/firstboot/01_setupnetworking.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active NetworkManager.service -NM_RC=$? -WAITED=0 -while [ $NM_RC -ne 0 ] -do - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active NetworkManager.service - NM_RC=$? -done -[ $WAITED -eq 1 ] && echo - -CONNECTIONS=$(nmcli --terse connection show | wc -l) -while [ $CONNECTIONS -ne 1 ] -do - echo "Number of connections: $CONNECTIONS" >&2 - sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done - -CONNECTION_LINE=$(nmcli --terse connection show) -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') -CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id perimeter \ - connection.interface-name $CONNECTION_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "192.168.173.174/24" \ - ipv4.dns "127.0.0.1" \ - ipv4.dns-search "pm.user.hu" \ - ipv4.gateway "192.168.173.254" \ - ipv4.method "manual" \ - ipv4.routes "10.228.0.0/16 192.168.173.1" \ - ipv6.method "ignore" \ - save yes - -nmcli connection show diff --git a/sources/pns.pm.f30/firstboot/02_settimezone.sh b/sources/pns.pm.f30/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/pns.pm.f30/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/pns.pm.f30/firstboot/03_setupldap.sh b/sources/pns.pm.f30/firstboot/03_setupldap.sh deleted file mode 100755 index 4b58626..0000000 --- a/sources/pns.pm.f30/firstboot/03_setupldap.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - - -exit 0 -authselect select sssd with-mkhomedir --force - -cat >>/etc/openldap/ldap.conf <&2 - sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done - -CONNECTION_LINE=$(nmcli --terse connection show) -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') -CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id internal \ - connection.interface-name $CONNECTION_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "10.228.109.174/16" \ - ipv4.dns "10.228.109.104, 10.228.109.253" \ - ipv4.dns-search "usr.user.hu" \ - ipv4.gateway "10.228.109.254" \ - ipv4.method "manual" \ - ipv6.method "ignore" \ - save yes - -nmcli connection show diff --git a/sources/pns.usr.f30/firstboot/02_settimezone.sh b/sources/pns.usr.f30/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/pns.usr.f30/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/pns.usr.f30/firstboot/03_setupldap.sh b/sources/pns.usr.f30/firstboot/03_setupldap.sh deleted file mode 100755 index 4b58626..0000000 --- a/sources/pns.usr.f30/firstboot/03_setupldap.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - - -exit 0 -authselect select sssd with-mkhomedir --force - -cat >>/etc/openldap/ldap.conf < machines routed through UPC -; network address: ...176 -; host addresses: ...177 - ...190 -; broadcast address: ...191 -robi IN A 192.168.43.179 -peti IN A 192.168.43.178 -fuge IN A 192.168.43.177 - -chronos IN A 192.168.43.161 ; Fixed DHCP client (chronos) -dhcp159 IN A 192.168.43.159 ; DHCP client -dhcp158 IN A 192.168.43.158 ; DHCP client -dhcp157 IN A 192.168.43.157 ; DHCP client -dhcp156 IN A 192.168.43.156 ; DHCP client -dhcp155 IN A 192.168.43.155 ; DHCP client -dhcp154 IN A 192.168.43.154 ; DHCP client -dhcp153 IN A 192.168.43.153 ; DHCP client -dhcp152 IN A 192.168.43.152 ; DHCP client -dhcp151 IN A 192.168.43.151 ; DHCP client -dhcp150 IN A 192.168.43.150 ; DHCP client -dhcp149 IN A 192.168.43.149 ; DHCP client -dhcp148 IN A 192.168.43.148 ; DHCP client -dhcp147 IN A 192.168.43.147 ; DHCP client -dhcp146 IN A 192.168.43.146 ; DHCP client -dhcp145 IN A 192.168.43.145 ; DHCP client -dhcp144 IN A 192.168.43.144 ; DHCP client -dhcp143 IN A 192.168.43.143 ; DHCP client -dhcp142 IN A 192.168.43.142 ; DHCP client -dhcp141 IN A 192.168.43.141 ; DHCP client -dhcp140 IN A 192.168.43.140 ; DHCP client -dhcp139 IN A 192.168.43.139 ; DHCP client -dhcp138 IN A 192.168.43.138 ; DHCP client -dhcp137 IN A 192.168.43.137 ; DHCP client -dhcp136 IN A 192.168.43.136 ; DHCP client -dhcp135 IN A 192.168.43.135 ; DHCP client -dhcp134 IN A 192.168.43.134 ; DHCP client -dhcp133 IN A 192.168.43.133 ; DHCP client -dhcp132 IN A 192.168.43.132 ; DHCP client -dhcp131 IN A 192.168.43.131 ; DHCP client -dhcp130 IN A 192.168.43.130 ; DHCP client -dhcp129 IN A 192.168.43.129 ; DHCP client -dhcp128 IN A 192.168.43.128 ; DHCP client -dhcp127 IN A 192.168.43.127 ; DHCP client -dhcp126 IN A 192.168.43.126 ; DHCP client -dhcp125 IN A 192.168.43.125 ; DHCP client -dhcp124 IN A 192.168.43.124 ; DHCP client -dhcp123 IN A 192.168.43.123 ; DHCP client -dhcp122 IN A 192.168.43.122 ; DHCP client -dhcp121 IN A 192.168.43.121 ; DHCP client -dhcp120 IN A 192.168.43.120 ; DHCP client -dhcp119 IN A 192.168.43.119 ; DHCP client -dhcp118 IN A 192.168.43.118 ; DHCP client -dhcp117 IN A 192.168.43.117 ; DHCP client -dhcp116 IN A 192.168.43.116 ; DHCP client -dhcp115 IN A 192.168.43.115 ; DHCP client -dhcp114 IN A 192.168.43.114 ; DHCP client -dhcp113 IN A 192.168.43.113 ; DHCP client -dhcp112 IN A 192.168.43.112 ; DHCP client -dhcp111 IN A 192.168.43.111 ; DHCP client -dhcp110 IN A 192.168.43.110 ; DHCP client -dhcp109 IN A 192.168.43.109 ; DHCP client -dhcp108 IN A 192.168.43.108 ; DHCP client -dhcp107 IN A 192.168.43.107 ; DHCP client -dhcp106 IN A 192.168.43.106 ; DHCP client -dhcp105 IN A 192.168.43.105 ; DHCP client -dhcp104 IN A 192.168.43.104 ; DHCP client -dhcp103 IN A 192.168.43.103 ; DHCP client -dhcp102 IN A 192.168.43.102 ; DHCP client -dhcp101 IN A 192.168.43.101 ; DHCP client -dhcp100 IN A 192.168.43.100 ; DHCP client - -chaos IN A 192.168.43.1 ; zfelleg -chaos IN AAAA 2a02:558:1000:1868:29c:2ff:fea9:275d diff --git a/sources/pns.usr.f30/postinstall/install/var/named/pm.user.hu.zone b/sources/pns.usr.f30/postinstall/install/var/named/pm.user.hu.zone deleted file mode 100644 index 00f0a02..0000000 --- a/sources/pns.usr.f30/postinstall/install/var/named/pm.user.hu.zone +++ /dev/null @@ -1,33 +0,0 @@ -$TTL 86400 -@ IN SOA ns.pm.user.hu. hostmaster.mx.pm.user.hu. ( - 2018100901 ; Serial - 86400 ; Refresh (1 day) - 7200 ; Retry (2 hours) - 2419200 ; Expire (4 weeks) - 3600) ; Minimum (1 hour) -; 0 1 2 -; 12345678901234567890123456 -; abcdefghijklmnopqrstuvwxyz - -@ IN NS ns -@ IN MX 10 mx -@ IN A 192.168.173.249 - -efg IN A 192.168.173.254 ; efg -svc IN A 192.168.173.253 ; svc -ns IN A 192.168.173.253 ; ns -mx IN A 192.168.173.253 ; mx - -oldwww IN A 192.168.173.252 ; www -oldxfr IN A 192.168.173.251 ; xfr -whmcs IN A 192.168.173.250 ; whmcs - -ws IN A 192.168.173.249 ; ws -www IN A 192.168.173.249 ; ws -xfr IN A 192.168.173.246 ; xf -vc IN A 192.168.173.223 ; vc (version control) -dvredmine IN A 192.168.173.193 ; rm -pns IN A 192.168.173.174 ; pn (perimeter ns) -ens IN A 192.168.173.64 ; en (external ns) - -ifg IN A 192.168.173.1 ; ifg diff --git a/sources/pns.usr.f30/postinstall/install/var/named/sr.user.hu.zone b/sources/pns.usr.f30/postinstall/install/var/named/sr.user.hu.zone deleted file mode 100644 index 1415fde..0000000 --- a/sources/pns.usr.f30/postinstall/install/var/named/sr.user.hu.zone +++ /dev/null @@ -1,227 +0,0 @@ -$TTL 86400 -@ IN SOA svc.sr.user.hu. hostmaster.svc.sr.user.hu. ( - 2019012801 ; Serial - 86400 ; Refresh (1 day) - 7200 ; Retry (2 hours) - 2419200 ; Expire (4 weeks) - 3600) ; Minimum (1 hour) - IN NS ns.sr.user.hu. - -sr.user.hu. IN A 192.168.42.253 - -ipg IN A 192.168.42.254 ; ipg -router IN CNAME ipg.sr.user.hu. -svc IN A 192.168.42.253 ; svc -ns IN A 192.168.42.253 ; ns -dhcp IN CNAME svc.sr.user.hu. -mx IN CNAME svc.sr.user.hu. -ntp IN CNAME svc.sr.user.hu. -management IN A 192.168.42.252 ; management -mgmt IN CNAME management.sr.user.hu. -vpn IN A 192.168.42.251 ; vpn -store IN A 192.168.42.250 ; store -domino IN A 192.168.42.249 ; domino -domino85 IN CNAME domino.sr.user.hu. -pop3 IN CNAME domino.sr.user.hu. -worksheet IN A 192.168.42.248 ; worksheet -kbsvr IN A 192.168.42.247 ; knowledgebase server -ads IN A 192.168.42.246 ; Active Directory server -spelive IN A 192.168.42.245 ; Sharepoint Enterprise Live -splive IN A 192.168.42.244 ; SharePoint Live -ccsvr IN A 192.168.42.243 ; ClearCase server -sg-1 IN A 192.168.42.242 ; shellinabox server (zsoos) -kickstart IN A 192.168.42.241 ; kickstart server (zfelleg) -verbatsm IN A 192.168.42.240 ; Arpinak TSM szerver -db2svr IN A 192.168.42.239 ; DB2 server -sp2010test IN A 192.168.42.238 ; Sharepoint 2010 test (srevesz) - -datacap-rr IN A 192.168.42.236 ; Datacap rulerunner (akosztolanyi) -tsm55 IN A 192.168.42.235 ; 5.5-os TSM szmarcell, flex, akosztolanyi -imrtest IN A 192.168.42.234 ; imrtest (fschnell) -sza IN A 192.168.42.233 ; szopoalarc -project IN A 192.168.42.232 ; project -testcibod IN A 192.168.42.231 ; CIB OnDemand test (fuge) -jazzserver IN A 192.168.42.230 ; jazz.net (RTC) server -netmon IN A 192.168.42.229 ; netmon (marcell, fritter) -test IN A 192.168.42.228 ; (kickstart) test -;vcsvr51 IN A 192.168.42.227 ; vCenter server - - -erstehit IN A 192.168.42.224 ; Erste (fuge) -wiki IN A 192.168.42.223 ; wiki (moinmoin) -xp-22 IN A 192.168.42.222 ; XP 22 -xp-21 IN A 192.168.42.221 ; XP 21 -xp-20 IN A 192.168.42.220 ; XP 20 -xp-19 IN A 192.168.42.219 ; XP 19 -xp-18 IN A 192.168.42.218 ; XP 18 -xp-17 IN A 192.168.42.217 ; XP 17 -xp-16 IN A 192.168.42.216 ; XP 16 -xp-15 IN A 192.168.42.215 ; XP 15 -xp-14 IN A 192.168.42.214 ; XP 14 -xp-13 IN A 192.168.42.213 ; XP 13 -xp-12 IN A 192.168.42.212 ; XP 12 -xp-11 IN A 192.168.42.211 ; XP 11 -xp-10 IN A 192.168.42.210 ; XP 10 -xp-template IN A 192.168.42.209 ; XP template -rtc IN A 192.168.42.208 ; rtc (arpi) -vmbkp IN A 192.168.42.207 ; VMWare Backup Server -vhost3 IN CNAME vmbkp.sr.user.hu. -mqsvr IN A 192.168.42.206 ; MQ server (srevesz) -mqback IN A 192.168.42.205 ; MQ backup server (srevesz) -mqfiles IN A 192.168.42.204 ; MQ file server (srevesz) -azsamboki01 IN A 192.168.42.203 ; azsamboki test 01 -praxis IN A 192.168.42.202 ; praxis (dvasary) -edoki IN CNAME praxis.sr.user.hu. -;ds5020b IN A 192.168.42.201 ; DS5020 ctrl B -;ds5020a IN A 192.168.42.200 ; DS5020 ctrl A - - -;vtlstgb IN A 192.168.42.197 ; VTL storage ctrl B -;vtlstga IN A 192.168.42.196 ; VTL storage ctrl A -lto IN A 192.168.42.195 ; TS3200 -csldallianz IN A 192.168.42.194 ; CSLD Allianz (fuge) -store-old IN A 192.168.42.193 ; old store -fcsw1 IN A 192.168.42.192 ; FC switch -fcsw0 IN A 192.168.42.191 ; FC switch -tsmmonp IN A 192.168.42.190 ; TSM monitoring primary -tsmmons IN A 192.168.42.189 ; TSM monitoring primary -accounting IN A 192.168.42.188 ; accounting server -jenkinslnx IN A 192.168.42.185 ; rhel -jenkinstst IN A 192.168.42.184 ; win 2008 -jenkinswin IN A 192.168.42.183 ; win 2008 -jenkinsaix IN A 192.168.42.182 ; aix -magdevdc IN A 192.168.42.181 ; MAG dev dc -ssam71 IN A 192.168.42.180 ; Arpinak, TSM-SSM teszt -dominoadmin IN A 192.168.42.174 ; rkonkoly domino administrator - -tsmclustera IN A 192.168.42.173 ; FRitter, BB Test cluster -tsmclusterb IN A 192.168.42.172 ; FRitter, BB Test cluster -tsmcluster IN A 192.168.42.171 ; FRitter, BB Test cluster - -;cwdba IN A 192.168.42.162 ; zfelleg temp -;cwdbb IN A 192.168.42.161 ; zfelleg temp -;cwbina IN A 192.168.42.160 ; zfelleg temp -;cwbinb IN A 192.168.42.159 ; zfelleg temp - -; network ...128/27 -> desktops -; network address: ...128 -; host addresses: ...129 - ...158 -; broadcast address: ...159 - -win-7-base IN A 192.168.42.158 ; Windows 7 base image -win-7-thinapp IN A 192.168.42.157 ; ThinApp build machine -win-7-20 IN A 192.168.42.148 ; Windows 7 20 -win-7-19 IN A 192.168.42.147 ; Windows 7 19 -win-7-18 IN A 192.168.42.146 ; Windows 7 18 -win-7-17 IN A 192.168.42.145 ; Windows 7 17 -win-7-16 IN A 192.168.42.144 ; Windows 7 16 -win-7-15 IN A 192.168.42.143 ; Windows 7 15 -win-7-14 IN A 192.168.42.142 ; Windows 7 14 -win-7-13 IN A 192.168.42.141 ; Windows 7 13 -win-7-12 IN A 192.168.42.140 ; Windows 7 12 -win-7-11 IN A 192.168.42.139 ; Windows 7 11 -win-7-10 IN A 192.168.42.138 ; Windows 7 10 -win-7-09 IN A 192.168.42.137 ; Windows 7 09 -win-7-08 IN A 192.168.42.136 ; Windows 7 08 -win-7-07 IN A 192.168.42.135 ; Windows 7 07 -win-7-06 IN A 192.168.42.134 ; Windows 7 06 -win-7-05 IN A 192.168.42.133 ; Windows 7 05 -win-7-04 IN A 192.168.42.132 ; Windows 7 04 -win-7-03 IN A 192.168.42.131 ; Windows 7 03 -win-7-02 IN A 192.168.42.130 ; Windows 7 02 -win-7-zfelleg IN CNAME win-7-02.sr.user.hu. -win-7-01 IN A 192.168.42.129 ; Windows 7 01 -win-7-rkallai IN CNAME win-7-01.sr.user.hu. - -jobworker IN A 192.168.42.116 ; job worker dvasary -jobengine IN A 192.168.42.115 ; job engine dvasary -astronfw IN A 192.168.42.114 ; firewall/gateway for Astron -wasng IN A 192.168.42.113 ; syslog-ng demo WAS -slng IN A 192.168.42.112 ; syslog-ng demo -nimol IN A 192.168.42.111 ; nimol teszt / temp / zsoos -lajos IN A 192.168.42.110 ; zsamboki p550 AIX -vtl IN A 192.168.42.109 ; zsamboki -gpfs02 IN A 192.168.42.108 ; gpfs demo zsamboki -gpfs01 IN A 192.168.42.107 ; gpfs demo zsamboki -redhat IN A 192.168.42.106 ; Exchange mentes demo zsamboki -ubuntu IN A 192.168.42.105 ; Exchange mentes demo zsamboki -mssql IN A 192.168.42.104 ; Exchange mentes demo zsamboki -exchsrv2 IN A 192.168.42.103 ; Exchange mentes demo zsamboki -exchsrv IN A 192.168.42.102 ; Exchange mentes demo zsamboki -exchdc IN A 192.168.42.101 ; Exchange mentes demo zsamboki -sptest IN A 192.168.42.100 ; SharePoint test (kalman) -director IN A 192.168.42.99 ; IBM Systems Director (zsamboki) -tpc IN A 192.168.42.97 ; tpc (zsamboki) -nas1 IN A 192.168.42.96 ; netapp test -nas2 IN A 192.168.42.95 ; netapp test -nas3 IN A 192.168.42.94 ; netapp test - -; HACMP zsamboki -hacmp61 IN A 192.168.42.93 ; HACMP PowerHA 6.1 node1 -hacmp62 IN A 192.168.42.92 ; HACMP PowerHA 6.1 node2 -ha1 IN A 192.168.42.91 ; HACMP PowerHA 6.1 service ip 1 -ha2 IN A 192.168.42.90 ; HACMP PowerHA 6.1 service ip 2 -kofax1 IN A 192.168.42.89 ; -kofax2 IN A 192.168.42.88 ; -kofax3 IN A 192.168.42.87 ; -tfsproxy IN A 192.168.42.86 ; -wpar01 IN A 192.168.42.85 ; -spatial IN A 192.168.42.84 ; szmarcell, oracle RMAN teszt -kofaxcluster IN A 192.168.42.83 ; -kofaxclusterfs IN A 192.168.42.82 ; -kofaxclustersrv IN A 192.168.42.81 ; -kofaxid1 IN A 192.168.42.80 ; -kofaxid2 IN A 192.168.42.79 ; -kofaxid IN A 192.168.42.78 ; -kofaxidfs IN A 192.168.42.77 ; -kofaxidcluster IN A 192.168.42.76 ; - -mirror1 IN A 192.168.42.75 ; PowerHA 7.1 zsamboki -mirror2 IN A 192.168.42.74 ; PowerHA 7.1 zsamboki -mirrorapp1 IN A 192.168.42.73 ; PowerHA 7.1 zsamboki -mavirnim IN A 192.168.42.72 ; MAVIR NIM restore test zsamboki -boinc4 IN A 192.168.42.68 ; boinc 4 (zfelleg) -boinc3 IN A 192.168.42.67 ; boinc 3 (zfelleg) -boinc2 IN A 192.168.42.66 ; boinc 2 (zfelleg) -boinc1 IN A 192.168.42.65 ; boinc 1 (zfelleg) -win2k8r2 IN A 192.168.42.64 ; Windows 2008 R2 Server Template IP cim, szmarcell -edmstest IN A 192.168.42.63 ; EDMS Test szerver Robinak, szmarcell -pftsm1 IN A 192.168.42.62 ; PureFlex szerver -pftsm2 IN A 192.168.42.61 ; PureFlex szerver -pftsm3 IN A 192.168.42.60 ; PureFlex szerver -pftws1 IN A 192.168.42.59 ; PureFlex szerver -pfsd1 IN A 192.168.42.58 ; PureFlex szerver -pfitm1 IN A 192.168.42.57 ; PureFlex szerver -pfbes1 IN A 192.168.42.56 ; PureFlex szerver -pfwinc1 IN A 192.168.42.55 ; PureFlex szerver -pflinc1 IN A 192.168.42.54 ; PureFlex szerver -tsmapiw IN A 192.168.42.53 ; PureFlex szerver -tsmapil IN A 192.168.42.52 ; PureFlex szerver -tfs IN A 192.168.42.51 ; TFS Verziokezelo, VasaryD, RendekR - - -; A 30-39 tartomanyt is foglalom az LPAR-oknak -fhbws IN A 192.168.42.39 ; FHB WebSphere Test, szmarcell -fhbws4 IN A 192.168.42.38 ; FHB WebSphere Test, szmarcell -prxy IN A 192.168.42.37 -build61w IN A 192.168.42.36 -fhbws3 IN A 192.168.42.35 ; FHB WebSphere Test, szmarcell -fhbws2 IN A 192.168.42.34 ; FHB WebSphere Test, szmarcell -fhbws1 IN A 192.168.42.33 ; FHB WebSphere Test, szmarcell -nim IN A 192.168.42.32 -vio2 IN A 192.168.42.31 -db2t IN A 192.168.42.28 -build71 IN A 192.168.42.27 -build61 IN A 192.168.42.26 -build53 IN A 192.168.42.25 -tsm IN A 192.168.42.24 -rac2 IN A 192.168.42.23 -rac1 IN A 192.168.42.22 -vio1 IN A 192.168.42.21 ; LPAR 1 vio (p7-750) -hmc IN A 192.168.42.20 ; hmc -fhbwsc2 IN A 192.168.42.19 ; FHB WebSphere Test, szmarcell -orasrv IN A 192.168.42.5 ; Oracle (srevesz) -dhcp4 IN A 192.168.42.4 ; DHCP address 4 -dhcp3 IN A 192.168.42.3 ; DHCP address 3 -dhcp2 IN A 192.168.42.2 ; DHCP address 2 -dhcp1 IN A 192.168.42.1 ; DHCP address 1 diff --git a/sources/pns.usr.f30/postinstall/install/var/named/useribm.hu.zone b/sources/pns.usr.f30/postinstall/install/var/named/useribm.hu.zone deleted file mode 100644 index 524e869..0000000 --- a/sources/pns.usr.f30/postinstall/install/var/named/useribm.hu.zone +++ /dev/null @@ -1,37 +0,0 @@ -$TTL 86400 -@ IN SOA ns1.useribm.hu. hostmaster.mx.useribm.hu. ( - 2019080501 ; Serial - 86400 ; Refresh (1 day) - 7200 ; Retry (2 hours) - 2419200 ; Expire (4 weeks) - 3600) ; Minimum (1 hour) - IN NS ns1.useribm.hu. - IN NS ns2.useribm.hu. - MX 10 mx.useribm.hu. - IN TXT "v=spf1 +mx -all" - IN SPF "v=spf1 +mx -all" - -efg IN A 194.149.40.146 ; efg -mx IN A 194.149.40.147 ; mail exchanger -ns IN A 194.149.40.148 ; primary name server -ns1 IN A 194.149.40.148 ; primary name server -ns2 IN A 46.107.213.35 ; secondary name server -vpn IN A 194.149.40.149 ; OpenVPN server -hg IN A 194.149.40.150 ; mercurial -jtrac IN A 194.149.40.150 ; jtrac -minicrm IN A 194.149.40.150 ; minicrm -redmine IN A 194.149.40.150 ; redmine -svn IN A 194.149.40.150 ; subversion -ws IN A 194.149.40.150 ; web server -www IN A 194.149.40.150 ; web server -@ IN A 194.149.40.150 ; userrendszerhaz.hu -minecraft IN A 194.149.40.151 ; akosztolanyi minecraft -unused152 IN A 194.149.40.152 ; unused -unused153 IN A 194.149.40.153 ; unused -unused154 IN A 194.149.40.154 ; unused -unused155 IN A 194.149.40.155 ; unused -unused156 IN A 194.149.40.156 ; unused -zfdl360e IN A 194.149.40.157 ; zfelleg DL360e -fschnell IN A 194.149.40.158 ; fschnell/zfelleg server -zfelleg IN A 194.149.40.158 ; fschnell/zfelleg server -zfdl380e IN A 194.149.40.158 ; zfelleg DL380e diff --git a/sources/pns.usr.f30/postinstall/install/var/named/userrendszerhaz.hu.zone b/sources/pns.usr.f30/postinstall/install/var/named/userrendszerhaz.hu.zone deleted file mode 100644 index d733b91..0000000 --- a/sources/pns.usr.f30/postinstall/install/var/named/userrendszerhaz.hu.zone +++ /dev/null @@ -1,48 +0,0 @@ -$TTL 86400 -@ IN SOA ns1.userrendszerhaz.hu. hostmaster.mx.userrendszerhaz.hu. ( - 2019080501 ; Serial - 86400 ; Refresh (1 day) - 7200 ; Retry (2 hours) - 2419200 ; Expire (4 weeks) - 3600) ; Minimum (1 hour) - IN NS ns1.userrendszerhaz.hu. - IN NS ns2.userrendszerhaz.hu. - MX 1 aspmx.l.google.com. - MX 5 alt1.aspmx.l.google.com. - MX 5 alt2.aspmx.l.google.com. - MX 10 aspmx2.googlemail.com. - MX 10 aspmx3.googlemail.com. - IN SPF "v=spf1 include:_spf.google.com ~all" - IN TXT "v=spf1 include:_spf.google.com ~all" - -efg IN A 194.149.40.146 ; efg -mx IN A 194.149.40.147 ; mail exchanger -ns IN A 194.149.40.148 ; primary name server -ns1 IN A 194.149.40.148 ; primary name server -ns2 IN A 46.107.213.35 ; secondary name server -vpn IN A 194.149.40.149 ; OpenVPN server -hg IN A 194.149.40.150 ; mercurial -jtrac IN A 194.149.40.150 ; jtrac -minicrm IN A 194.149.40.150 ; minicrm -redmine IN A 194.149.40.150 ; redmine -svn IN A 194.149.40.150 ; subversion -ws IN A 194.149.40.150 ; web server -www IN A 194.149.40.150 ; web server -@ IN A 194.149.40.150 ; userrendszerhaz.hu -minecraft IN A 194.149.40.151 ; akosztolanyi minecraft -unused152 IN A 194.149.40.152 ; unused -unused153 IN A 194.149.40.153 ; unused -unused154 IN A 194.149.40.154 ; unused -unused155 IN A 194.149.40.155 ; unused -unused156 IN A 194.149.40.156 ; unused -zfdl360e IN A 194.149.40.157 ; zfelleg DL360e -fschnell IN A 194.149.40.158 ; fschnell/zfelleg server -zfelleg IN A 194.149.40.158 ; fschnell/zfelleg server -zfdl380e IN A 194.149.40.158 ; zfelleg DL380e - -calendar IN CNAME ghs.google.com. -docs IN CNAME ghs.google.com. -mail IN CNAME ghs.google.com. -sites IN CNAME ghs.google.com. - -googleffffffff963b8d47 IN CNAME google.com. diff --git a/sources/pns.usr.f30/postinstall/install/var/named/usr.user.hu.zone b/sources/pns.usr.f30/postinstall/install/var/named/usr.user.hu.zone deleted file mode 100644 index 5967043..0000000 --- a/sources/pns.usr.f30/postinstall/install/var/named/usr.user.hu.zone +++ /dev/null @@ -1,350 +0,0 @@ -$TTL 86400 -@ IN SOA ns.usr.user.hu. hostmaster.mx.usr.user.hu. ( - 2019102401 ; Serial - 86400 ; Refresh (1 day) - 7200 ; Retry (2 hours) - 2419200 ; Expire (4 weeks) - 3600) ; Minimum (1 hour) - IN NS ns.usr.user.hu. - -; 1 2 -; 12345678901234567890123456 -; abcdefghijklmnopqrstuvwxyz -; 123456789 - -; ================================================================ -; wifi routers (wr = 23 * 10 + 18 = 248) -; ================================================================ -archer-c5-sf IN A 10.228.248.196 ; sf (second floor) -archer-c5-ff IN A 10.228.248.66 ; ff (first floor) - -; ================================================================ -; 2N/two n (tn = 20 * 10 + 15 = 215) -; ================================================================ -tn-phone-sf IN A 10.228.215.196 ; sf (second floor) -tn-intercom-gf IN A 10.228.215.76 ; gf (ground floor) -tn-phone-ff IN A 10.228.215.66 ; ff (first floor) -tn-ac IN A 10.228.215.13 ; ac (access control) - -; ================================================================ -; servers (sv = 19 * 10 + 22 = 212) -; ================================================================ -db2svr IN A 10.228.212.42 ; db/d2 -accounting IN A 10.228.212.13 ; ac - -; ================================================================ -; spectrum scale sandbox (ss = 19 * 10 + 19 = 209) -; ================================================================ -sssbn3 IN A 10.228.209.131 ; site b node 3 -sssbn2 IN A 10.228.209.130 ; site b node 2 -sssbn1 IN A 10.228.209.129 ; site b node 1 -sssan3 IN A 10.228.209.3 ; site a node 3 -sssan2 IN A 10.228.209.2 ; site a node 2 -sssan1 IN A 10.228.209.1 ; site a node 1 - -; ================================================================ -; sharepoint sandbox (sp = 19 * 10 + 16 = 206) -; ================================================================ -spstsql IN A 10.228.206.212 ; st + 2 -spstad IN A 10.228.206.211 ; st + 1 -spstsp IN A 10.228.206.210 ; st -spw2k08sql IN A 10.228.206.207 ; sq -spw2k08sp IN A 10.228.206.206 ; sp -spw2k08ad IN A 10.228.206.14 ; ad -ppitsp IN A 10.228.206.3 -ppitdb IN A 10.228.206.2 -ppitad IN A 10.228.206.1 - -; ================================================================ -; rrendek (rr = 18 * 10 + 18 = 198) -; ================================================================ -rruserdev1 IN A 10.228.198.214 -userdev1 IN A 10.228.198.214 -rredms IN A 10.228.198.53 ; dm -rrwas90 IN A 10.228.198.2 -was90 IN A 10.228.198.2 -rrdb2 IN A 10.228.198.1 - -; ================================================================ -; sandbox (sb = 19 * 10 + 2 = 192) -; ================================================================ -tsmapil IN A 10.228.192.212 ; tl -ssam IN A 10.228.192.209 ; ss -spsbsql IN A 10.228.192.207 ; sq -spsb IN A 10.228.192.206 ; sp -tsmddtest IN A 10.228.192.204 ; td -toolbox IN A 10.228.192.202 ; tb -spsbad IN A 10.228.192.191 ; sa -jenkinswin IN A 10.228.192.123 ; jw -oratest IN A 10.228.192.70 ; ot -mkbdarc2dev IN A 10.228.192.44 ; dd -blobtest IN A 10.228.192.40 ; bt - -; ================================================================ -; rkonkoly (rk = 18 * 10 + 11 = 191) -; ================================================================ -rkdominoadmin IN A 10.228.191.1 - -; ================================================================ -; redhat gluster storage server sandbox (rg = 18 * 10 + 7 = 187) -; ================================================================ -rhgssn3 IN A 10.228.187.3 ; node 2 -rhgssn2 IN A 10.228.187.2 ; node 2 -rhgssn1 IN A 10.228.187.1 ; node 1 - -; ================================================================ -; purebackup (pb = 16 * 10 + 2 = 162) -; ================================================================ -purebcw2k12 IN A 10.228.162.242 -purebcw2k08 IN A 10.228.162.238 -purebcw2k03 IN A 10.228.162.233 -purebcrhel7 IN A 10.228.162.187 -purebcrhel6 IN A 10.228.162.186 -purebcwdb2105 IN A 10.228.162.106 -purebcldb2105 IN A 10.228.162.105 -purebcldb297 IN A 10.228.162.97 -purebcaix71 IN A 10.228.162.17 - -; ================================================================ -; network switches (ns = 14 * 10 + 19 = 159) -; ================================================================ -t1600g-28ts-sfu IN A 10.228.159.211 ; su (second floor upper) -smcgs24c-srm IN A 10.228.159.203 ; sm (server room management) -t1600g-28ts-sfl IN A 10.228.159.202 ; sl (second floor lower) -t1600g-28ts-sri IN A 10.228.159.199 ; si (server room internal) -smcgs24c-sre IN A 10.228.159.195 ; se (server room external) -t1600g-28ts-ffu IN A 10.228.159.81 ; fu (first floor upper) -t1600g-28ts-ffl IN A 10.228.159.72 ; fl (first floor lower) - -; ================================================================ -; network printers (np = 14 * 10 + 16 = 156) -; ================================================================ -infoprint1120 IN A 10.228.156.106 ; ip -bizhubc253 IN A 10.228.156.28 ; bh - -; ================================================================ -; mszabo (ms = 13 * 10 + 19 = 149) -; ================================================================ -msexchange IN A 10.228.149.243 ; xc -msptt4 IN A 10.228.149.212 -msptt3 IN A 10.228.149.211 -msptt2 IN A 10.228.149.210 -msptt1 IN A 10.228.149.209 -msrdnt IN A 10.228.149.184 ; rd -mstsmdtest IN A 10.228.149.5 -msfhblbtest2 IN A 10.228.149.4 -msfhblbtest1 IN A 10.228.149.3 -msflashtest IN A 10.228.149.2 -mstsmupgrade IN A 10.228.149.1 - -; ================================================================ -; integration toolbox test servers (it = 9 * 10 + 20 = 110) -; ================================================================ -ittestrhel65 IN A 10.228.110.65 -ittestwin2012 IN A 10.228.110.12 - -; ================================================================ -; infrastructure servers (is = 9 * 10 + 19 = 109) -; ================================================================ -ifg IN A 10.228.109.254 -dhcp IN A 10.228.109.253 -mx IN A 10.228.109.253 -ns IN A 10.228.109.253 -svc IN A 10.228.109.253 -ldap IN A 10.228.109.252 -vpnvm IN A 10.228.109.251 -store IN A 10.228.109.250 -svn IN A 10.228.109.250 -tsm IN A 10.228.109.249 - -vpn IN A 10.228.109.236 ; vp - -isc IN A 10.228.109.193 ; sc (ibm spectrum connect) - -pns IN A 10.228.109.174 ; pn - -minicrm IN A 10.228.109.133 ; mc - -iscbe IN A 10.228.109.109 ; is - -ins IN A 10.228.109.104 ; in - -cvm IN A 10.228.109.52 ; cv (container virtual machine) -ntp IN A 10.228.109.52 - -winadk IN A 10.228.109.51 ; dk - -; ================================================================ -; infrastructure management (im = 9 * 10 + 13 = 103) -; ================================================================ -v5010svc2 IN A 10.228.103.246 ; v5 + (s + 2) -v5010svc1 IN A 10.228.103.245 ; v5 + (s + 1) -v5010b IN A 10.228.103.227 ; v5 + b -v5010 IN A 10.228.103.225 ; v5 -vhost5xcc IN A 10.228.103.5 -vhost4xcc IN A 10.228.103.4 -vhost3imm IN A 10.228.103.3 -vhost2imm IN A 10.228.103.2 -vhost1imm IN A 10.228.103.1 - -; ================================================================ -; hypervisor management (hm = 8 * 10 + 13 = 93) -; ================================================================ -vcsa67 IN A 10.228.93.67 -vcsa65 IN A 10.228.93.65 -vhost5 IN A 10.228.93.5 -vhost4 IN A 10.228.93.4 -vhost3 IN A 10.228.93.3 -vhost2 IN A 10.228.93.2 -vhost1 IN A 10.228.93.1 - -; ================================================================ -; infrastructure backup servers (ib = 9 * 10 + 2 = 92) -; ================================================================ -cvmb IN A 10.228.92.52 ; cv (container virtual machine) -ntpb IN A 10.228.92.52 - -; ================================================================ -; fuge (fu = 6 * 10 + 21 = 81) -; ================================================================ -fuonyffilenet IN A 10.228.81.2 -futmp IN A 10.228.81.1 - -; ================================================================ -; fschnell (fs = 6 * 10 + 19 = 79) -; ================================================================ -fsws IN A 10.228.79.249 -fs-iibv10 IN A 10.228.79.92 -fsmq8004 IN A 10.228.79.84 -fsmq80 IN A 10.228.79.80 -fsmq75 IN A 10.228.79.75 -fsmq70 IN A 10.228.79.70 - -; ================================================================ -; fritter (fr = 6 * 10 + 18 = 78) -; ================================================================ -frsppapp IN A 10.228.78.206 ; sp -frtsm71 IN A 10.228.78.71 -frtsmc7 IN A 10.228.78.37 -frtsm12 IN A 10.228.78.12 - -; ================================================================ -; fpga development (fd = 6 * 10 + 4 = 64) -; ================================================================ -fdthinkstation IN A 10.228.64.219 ; ts -fdlc922 IN A 10.228.64.123 ; lc -fdlc922bmc IN A 10.228.64.122 ; lb - -; ================================================================ -; dvasary (dv = 4 * 10 + 22 = 62) -; ================================================================ -dvredmine IN A 10.228.62.193 ; rm -dvedmstest IN A 10.228.62.70 ; et -dvaviglion IN A 10.228.62.32 ; av - -; ================================================================ -; desktops (dt = 4 * 10 + 20 = 60) -; ================================================================ -$GENERATE 1-9 desktop00$ A 10.228.60.$ -$GENERATE 10-99 desktop0$ A 10.228.60.$ -$GENERATE 100-254 desktop$ A 10.228.60.$ - -; ================================================================ -; dhcp clients (dc = 4 * 10 + 3 = 43) -; ================================================================ -$GENERATE 1-9 dhcp00$ A 10.228.43.$ -$GENERATE 10-99 dhcp0$ A 10.228.43.$ -$GENERATE 100-254 dhcp$ A 10.228.43.$ - -; ================================================================ -; old sr (192.168.42.0) static dhcp clients -; ================================================================ -ads IN A 10.228.42.246 -spelive IN A 10.228.42.245 -datacap-rr IN A 10.228.42.236 -testcibod9 IN A 10.228.42.231 -rtc4 IN A 10.228.42.208 -vmbkp IN A 10.228.42.207 -mqsvr IN A 10.228.42.206 -mqback IN A 10.228.42.205 -mqfiles IN A 10.228.42.204 -azsamboki01 IN A 10.228.42.203 -csldallianz IN A 10.228.42.194 -tsmmon-p IN A 10.228.42.190 -tsmmon-s IN A 10.228.42.189 -accounting IN A 10.228.42.188 -jenkinslnx IN A 10.228.42.185 -jenkinstst IN A 10.228.42.184 -ssam71 IN A 10.228.42.180 - -; ================================================================ -; azsamboki (az = 1 * 10 + 26 = 36) -; ================================================================ -azsssam IN A 10.228.36.209 ; ss -azsssamdev IN A 10.228.36.194 ; sd -azsnfs IN A 10.228.36.146 ; nf -azsgpfs2 IN A 10.228.36.88 ; gp + 2 -azsgpfs1 IN A 10.228.36.87 ; gp + 1 -azsgpfs IN A 10.228.36.86 ; gp - -; ================================================================ -; capi development (cd = 3 * 10 + 4 = 34) -; ================================================================ -cdvm IN A 10.228.34.233 -cdsmartlynq IN A 10.228.34.202 ; sl -cds822p4 IN A 10.228.34.25 -cds822p3 IN A 10.228.34.24 -cds822p2 IN A 10.228.34.23 -cds822p1 IN A 10.228.34.22 -cds822 IN A 10.228.34.22 -cds822hmc2 IN A 10.228.34.2 -cds822hmc1 IN A 10.228.34.1 - -; ================================================================ -; akosztolanyi (ak = 1 * 10 + 11 = 21) -; ================================================================ -akmacmini IN A 10.228.21.143 ; mm -akminecraft IN A 10.228.21.1 - -; ================================================================ -; artificial intelligence (ai = 1 * 10 + 9 = 19) -; ================================================================ -aiac922 IN A 10.228.19.13 ; ac -aiac922bmc IN A 10.228.19.12 ; ab -aiac922icell IN A 10.228.19.10 -aiac922icellbmc IN A 10.228.19.9 - -; ================================================================ -; acsiba (ac = 1 * 10 + 3 = 13) -; ================================================================ -acubuntu1804 IN A 10.228.13.18 ; tsmterminal -acubuntu14 IN A 10.228.13.14 ; tsmterminal -acopensuse11 IN A 10.228.13.11 ; tsmterminal -acwin10 IN A 10.228.13.10 -accentos5 IN A 10.228.13.5 ; tsmterminal - -; ================================================================ -; zfelleg (zf = 26 * 10 + 6 (mod 256) = 10) -; ================================================================ -zfws IN A 10.228.10.249 ; ws -zfvpn IN A 10.228.10.236 ; vp -zfwd IN A 10.228.10.234 ; wd -zfvc IN A 10.228.10.223 ; vc -zfmssql IN A 10.228.10.149 ; ms -zfdl380eilo IN A 10.228.10.140 ; il + 38 -zfdl360eilo IN A 10.228.10.138 ; il + 36 -zfilo IN A 10.228.10.102 ; il -zfdl380e IN A 10.228.10.90 ; dl + 38 -zfdl360e IN A 10.228.10.88 ; dl + 36 -zfhfe IN A 10.228.10.86 ; hf -zfdevrhel8b IN A 10.228.10.48 ; d8 -zfdevrhel7 IN A 10.228.10.47 ; d7 -zfbldw2k08 IN A 10.228.10.28 ; b8 -zfbldrhel7 IN A 10.228.10.27 ; b7 -zfbldrhel6 IN A 10.228.10.26 ; b6 -zfboinc2 IN A 10.228.10.22 -zfboinc1 IN A 10.228.10.21 -zfwin2k IN A 10.228.10.20 -zfwin7 IN A 10.228.10.7 -zfryzen IN A 10.228.10.3 ; ryzen 2400G -zfblu-r1-hd IN A 10.228.10.2 diff --git a/sources/pns.usr/postinstall/install/var/named/228.10.in-addr.arpa.zone b/sources/pns.usr/postinstall/install/var/named/228.10.in-addr.arpa.zone index dcdf64f..1d99bdb 100644 --- a/sources/pns.usr/postinstall/install/var/named/228.10.in-addr.arpa.zone +++ b/sources/pns.usr/postinstall/install/var/named/228.10.in-addr.arpa.zone @@ -1,6 +1,6 @@ $TTL 86400 @ IN SOA ns.usr.user.hu. hostmaster.mx.usr.user.hu. ( - 2019110401 ; Serial + 2020012701 ; Serial 86400 ; Refresh (1 day) 7200 ; Retry (2 hours) 2419200 ; Expire (4 weeks) @@ -326,10 +326,8 @@ $GENERATE 100-254 $.43 IN PTR dhcp$.usr.user.hu. 149.10 IN PTR zfmssql.usr.user.hu. 140.10 IN PTR zfdl380eilo.usr.user.hu. 138.10 IN PTR zfdl360eilo.usr.user.hu. -102.10 IN PTR zfilo.usr.user.hu. 90.10 IN PTR zfdl380e.usr.user.hu. 88.10 IN PTR zfdl360e.usr.user.hu. -86.10 IN PTR zfhfe.usr.user.hu. 48.10 IN PTR zfdevrhel8b.usr.user.hu. 47.10 IN PTR zfdevrhel7.usr.user.hu. 28.10 IN PTR zfbldw2k08.usr.user.hu. @@ -337,7 +335,6 @@ $GENERATE 100-254 $.43 IN PTR dhcp$.usr.user.hu. 26.10 IN PTR zfbldrhel6.usr.user.hu. 22.10 IN PTR zfboinc2.usr.user.hu. 21.10 IN PTR zfboinc1.usr.user.hu. -20.10 IN PTR zfwin2k.usr.user.hu. +8.10 IN PTR zft320.usr.user.hu. 7.10 IN PTR zfwin7.usr.user.hu. 3.10 IN PTR zfryzen.usr.user.hu. -2.10 IN PTR zfblu-r1-hd.usr.user.hu. diff --git a/sources/pns.usr/postinstall/install/var/named/usr.user.hu.zone b/sources/pns.usr/postinstall/install/var/named/usr.user.hu.zone index 3c663c4..a3664e8 100644 --- a/sources/pns.usr/postinstall/install/var/named/usr.user.hu.zone +++ b/sources/pns.usr/postinstall/install/var/named/usr.user.hu.zone @@ -1,6 +1,6 @@ $TTL 86400 @ IN SOA ns.usr.user.hu. hostmaster.mx.usr.user.hu. ( - 2019110401 ; Serial + 2020012701 ; Serial 86400 ; Refresh (1 day) 7200 ; Retry (2 hours) 2419200 ; Expire (4 weeks) @@ -333,13 +333,10 @@ zfws IN A 10.228.10.249 ; ws zfvpn IN A 10.228.10.236 ; vp zfwd IN A 10.228.10.234 ; wd zfvc IN A 10.228.10.223 ; vc -zfmssql IN A 10.228.10.149 ; ms zfdl380eilo IN A 10.228.10.140 ; il + 38 zfdl360eilo IN A 10.228.10.138 ; il + 36 -zfilo IN A 10.228.10.102 ; il zfdl380e IN A 10.228.10.90 ; dl + 38 zfdl360e IN A 10.228.10.88 ; dl + 36 -zfhfe IN A 10.228.10.86 ; hf zfdevrhel8b IN A 10.228.10.48 ; d8 zfdevrhel7 IN A 10.228.10.47 ; d7 zfbldw2k08 IN A 10.228.10.28 ; b8 @@ -347,7 +344,7 @@ zfbldrhel7 IN A 10.228.10.27 ; b7 zfbldrhel6 IN A 10.228.10.26 ; b6 zfboinc2 IN A 10.228.10.22 zfboinc1 IN A 10.228.10.21 -zfwin2k IN A 10.228.10.20 +zft320 IN A 10.228.10.8 ; t + 320 (mod256) zfwin7 IN A 10.228.10.7 zfryzen IN A 10.228.10.3 ; ryzen 2400G zfblu-r1-hd IN A 10.228.10.2 diff --git a/sources/svc.usr.f30/config b/sources/svc.usr.f30/config deleted file mode 100644 index 9c77947..0000000 --- a/sources/svc.usr.f30/config +++ /dev/null @@ -1,18 +0,0 @@ -lxc.include = /usr/share/lxc/config/common.conf - -lxc.arch = x86_64 -lxc.uts.name = svc.usr.user.hu -lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.mount.auto = proc:rw sys:ro - -lxc.net.0.type = phys -lxc.net.0.flags = up -lxc.net.0.link = svc - -lxc.autodev = 1 - -lxc.signal.halt = SIGRTMIN+4 - -lxc.start.auto = 1 -lxc.start.order = 23 -lxc.start.delay = 3 diff --git a/sources/svc.usr.f30/envvars b/sources/svc.usr.f30/envvars deleted file mode 100644 index ce531cc..0000000 --- a/sources/svc.usr.f30/envvars +++ /dev/null @@ -1,2 +0,0 @@ -BASE_PACKAGES="NetworkManager hostname initscripts iputils iproute rootfiles rsyslog tar vim-minimal" -SPEC_PACKAGES="bind bind-utils dhcp postfix python3 python3-dbus" diff --git a/sources/svc.usr.f30/firstboot/01_setupnetworking.sh b/sources/svc.usr.f30/firstboot/01_setupnetworking.sh deleted file mode 100755 index f425fed..0000000 --- a/sources/svc.usr.f30/firstboot/01_setupnetworking.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active NetworkManager.service -NM_RC=$? -WAITED=0 -while [ $NM_RC -ne 0 ] -do - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active NetworkManager.service - NM_RC=$? -done -[ $WAITED -eq 1 ] && echo - -CONNECTIONS=$(nmcli --terse connection show | wc -l) -while [ $CONNECTIONS -ne 1 ] -do - echo "Number of connections: $CONNECTIONS" >&2 - sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done - -CONNECTION_LINE=$(nmcli --terse connection show) -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') -CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id internal \ - connection.interface-name $CONNECTION_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "10.228.109.253/16" \ - ipv4.dns "10.228.109.104, 10.228.109.253" \ - ipv4.dns-search "usr.user.hu" \ - ipv4.gateway "10.228.109.254" \ - ipv4.method "manual" \ - ipv6.method "ignore" \ - save yes - -nmcli connection show diff --git a/sources/svc.usr.f30/firstboot/02_settimezone.sh b/sources/svc.usr.f30/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/svc.usr.f30/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/svc.usr.f30/firstboot/03_setupldap.sh b/sources/svc.usr.f30/firstboot/03_setupldap.sh deleted file mode 100755 index 4b58626..0000000 --- a/sources/svc.usr.f30/firstboot/03_setupldap.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - - -exit 0 -authselect select sssd with-mkhomedir --force - -cat >>/etc/openldap/ldap.conf <Firstname.Lastname mapping. - -# ADDRESS REDIRECTION (VIRTUAL DOMAIN) -# -# The VIRTUAL_README document gives information about the many forms -# of domain hosting that Postfix supports. - -# "USER HAS MOVED" BOUNCE MESSAGES -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# TRANSPORT MAP -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# ALIAS DATABASE -# -# The alias_maps parameter specifies the list of alias databases used -# by the local delivery agent. The default list is system dependent. -# -# On systems with NIS, the default is to search the local alias -# database, then the NIS alias database. See aliases(5) for syntax -# details. -# -# If you change the alias database, run "postalias /etc/aliases" (or -# wherever your system stores the mail alias file), or simply run -# "newaliases" to build the necessary DBM or DB file. -# -# It will take a minute or so before changes become visible. Use -# "postfix reload" to eliminate the delay. -# -#alias_maps = dbm:/etc/aliases -alias_maps = hash:/etc/aliases -#alias_maps = hash:/etc/aliases, nis:mail.aliases -#alias_maps = netinfo:/aliases - -# The alias_database parameter specifies the alias database(s) that -# are built with "newaliases" or "sendmail -bi". This is a separate -# configuration parameter, because alias_maps (see above) may specify -# tables that are not necessarily all under control by Postfix. -# -#alias_database = dbm:/etc/aliases -#alias_database = dbm:/etc/mail/aliases -alias_database = hash:/etc/aliases -#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases - -# ADDRESS EXTENSIONS (e.g., user+foo) -# -# The recipient_delimiter parameter specifies the separator between -# user names and address extensions (user+foo). See canonical(5), -# local(8), relocated(5) and virtual(5) for the effects this has on -# aliases, canonical, virtual, relocated and .forward file lookups. -# Basically, the software tries user+foo and .forward+foo before -# trying user and .forward. -# -#recipient_delimiter = + - -# DELIVERY TO MAILBOX -# -# The home_mailbox parameter specifies the optional pathname of a -# mailbox file relative to a user's home directory. The default -# mailbox file is /var/spool/mail/user or /var/mail/user. Specify -# "Maildir/" for qmail-style delivery (the / is required). -# -#home_mailbox = Mailbox -#home_mailbox = Maildir/ - -# The mail_spool_directory parameter specifies the directory where -# UNIX-style mailboxes are kept. The default setting depends on the -# system type. -# -#mail_spool_directory = /var/mail -#mail_spool_directory = /var/spool/mail - -# The mailbox_command parameter specifies the optional external -# command to use instead of mailbox delivery. The command is run as -# the recipient with proper HOME, SHELL and LOGNAME environment settings. -# Exception: delivery for root is done as $default_user. -# -# Other environment variables of interest: USER (recipient username), -# EXTENSION (address extension), DOMAIN (domain part of address), -# and LOCAL (the address localpart). -# -# Unlike other Postfix configuration parameters, the mailbox_command -# parameter is not subjected to $parameter substitutions. This is to -# make it easier to specify shell syntax (see example below). -# -# Avoid shell meta characters because they will force Postfix to run -# an expensive shell process. Procmail alone is expensive enough. -# -# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN -# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. -# -#mailbox_command = /some/where/procmail -#mailbox_command = /some/where/procmail -a "$EXTENSION" - -# The mailbox_transport specifies the optional transport in master.cf -# to use after processing aliases and .forward files. This parameter -# has precedence over the mailbox_command, fallback_transport and -# luser_relay parameters. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" -# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. -#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp - -# If using the cyrus-imapd IMAP server deliver local mail to the IMAP -# server using LMTP (Local Mail Transport Protocol), this is prefered -# over the older cyrus deliver program by setting the -# mailbox_transport as below: -# -# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp -# -# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via -# these settings. -# -# local_destination_recipient_limit = 300 -# local_destination_concurrency_limit = 5 -# -# Of course you should adjust these settings as appropriate for the -# capacity of the hardware you are using. The recipient limit setting -# can be used to take advantage of the single instance message store -# capability of Cyrus. The concurrency limit can be used to control -# how many simultaneous LMTP sessions will be permitted to the Cyrus -# message store. -# -# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and -# subsequent line in master.cf. -#mailbox_transport = cyrus - -# The fallback_transport specifies the optional transport in master.cf -# to use for recipients that are not found in the UNIX passwd database. -# This parameter has precedence over the luser_relay parameter. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp -#fallback_transport = - -# The luser_relay parameter specifies an optional destination address -# for unknown recipients. By default, mail for unknown@$mydestination, -# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned -# as undeliverable. -# -# The following expansions are done on luser_relay: $user (recipient -# username), $shell (recipient shell), $home (recipient home directory), -# $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $local (entire recipient -# localpart), $recipient_delimiter. Specify ${name?value} or -# ${name:value} to expand value only when $name does (does not) exist. -# -# luser_relay works only for the default Postfix local delivery agent. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must specify "local_recipient_maps =" (i.e. empty) in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#luser_relay = $user@other.host -#luser_relay = $local@other.host -#luser_relay = admin+$local - -# JUNK MAIL CONTROLS -# -# The controls listed here are only a very small subset. The file -# SMTPD_ACCESS_README provides an overview. - -# The header_checks parameter specifies an optional table with patterns -# that each logical message header is matched against, including -# headers that span multiple physical lines. -# -# By default, these patterns also apply to MIME headers and to the -# headers of attached messages. With older Postfix versions, MIME and -# attached message headers were treated as body text. -# -# For details, see "man header_checks". -# -#header_checks = regexp:/etc/postfix/header_checks - -# FAST ETRN SERVICE -# -# Postfix maintains per-destination logfiles with information about -# deferred mail, so that mail can be flushed quickly with the SMTP -# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". -# See the ETRN_README document for a detailed description. -# -# The fast_flush_domains parameter controls what destinations are -# eligible for this service. By default, they are all domains that -# this server is willing to relay mail to. -# -#fast_flush_domains = $relay_domains - -# SHOW SOFTWARE VERSION OR NOT -# -# The smtpd_banner parameter specifies the text that follows the 220 -# code in the SMTP server's greeting banner. Some people like to see -# the mail version advertised. By default, Postfix shows no version. -# -# You MUST specify $myhostname at the start of the text. That is an -# RFC requirement. Postfix itself does not care. -# -#smtpd_banner = $myhostname ESMTP $mail_name -#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) - -# PARALLEL DELIVERY TO THE SAME DESTINATION -# -# How many parallel deliveries to the same user or domain? With local -# delivery, it does not make sense to do massively parallel delivery -# to the same user, because mailbox updates must happen sequentially, -# and expensive pipelines in .forward files can cause disasters when -# too many are run at the same time. With SMTP deliveries, 10 -# simultaneous connections to the same domain could be sufficient to -# raise eyebrows. -# -# Each message delivery transport has its XXX_destination_concurrency_limit -# parameter. The default is $default_destination_concurrency_limit for -# most delivery transports. For the local delivery agent the default is 2. - -#local_destination_concurrency_limit = 2 -#default_destination_concurrency_limit = 20 - -# DEBUGGING CONTROL -# -# The debug_peer_level parameter specifies the increment in verbose -# logging level when an SMTP client or server host name or address -# matches a pattern in the debug_peer_list parameter. -# -debug_peer_level = 2 - -# The debug_peer_list parameter specifies an optional list of domain -# or network patterns, /file/name patterns or type:name tables. When -# an SMTP client or server host name or address matches a pattern, -# increase the verbose logging level by the amount specified in the -# debug_peer_level parameter. -# -#debug_peer_list = 127.0.0.1 -#debug_peer_list = some.domain - -# The debugger_command specifies the external command that is executed -# when a Postfix daemon program is run with the -D option. -# -# Use "command .. & sleep 5" so that the debugger can attach before -# the process marches on. If you use an X-based debugger, be sure to -# set up your XAUTHORITY environment variable before starting Postfix. -# -debugger_command = - PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin - ddd $daemon_directory/$process_name $process_id & sleep 5 - -# If you can't use X, use this to capture the call stack when a -# daemon crashes. The result is in a file in the configuration -# directory, and is named after the process name and the process ID. -# -# debugger_command = -# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; -# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 -# >$config_directory/$process_name.$process_id.log & sleep 5 -# -# Another possibility is to run gdb under a detached screen session. -# To attach to the screen sesssion, su root and run "screen -r -# " where uniquely matches one of the detached -# sessions (from "screen -list"). -# -# debugger_command = -# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen -# -dmS $process_name gdb $daemon_directory/$process_name -# $process_id & sleep 1 - -# INSTALL-TIME CONFIGURATION INFORMATION -# -# The following parameters are used when installing a new Postfix version. -# -# sendmail_path: The full pathname of the Postfix sendmail command. -# This is the Sendmail-compatible mail posting interface. -# -sendmail_path = /usr/sbin/sendmail.postfix - -# newaliases_path: The full pathname of the Postfix newaliases command. -# This is the Sendmail-compatible command to build alias databases. -# -newaliases_path = /usr/bin/newaliases.postfix - -# mailq_path: The full pathname of the Postfix mailq command. This -# is the Sendmail-compatible mail queue listing command. -# -mailq_path = /usr/bin/mailq.postfix - -# setgid_group: The group for mail submission and queue management -# commands. This must be a group name with a numerical group ID that -# is not shared with other accounts, not even with the Postfix account. -# -setgid_group = postdrop - -# html_directory: The location of the Postfix HTML documentation. -# -html_directory = no - -# manpage_directory: The location of the Postfix on-line manual pages. -# -manpage_directory = /usr/share/man - -# sample_directory: The location of the Postfix sample configuration files. -# This parameter is obsolete as of Postfix 2.1. -# -sample_directory = /usr/share/doc/postfix/samples - -# readme_directory: The location of the Postfix README files. -# -readme_directory = /usr/share/doc/postfix/README_FILES -meta_directory = /etc/postfix -shlib_directory = /usr/lib64/postfix - -message_size_limit = 67108864 diff --git a/sources/svc.usr.f30/postinstall/install/etc/sysctl.d/01-ipv6.conf b/sources/svc.usr.f30/postinstall/install/etc/sysctl.d/01-ipv6.conf deleted file mode 100644 index 0690211..0000000 --- a/sources/svc.usr.f30/postinstall/install/etc/sysctl.d/01-ipv6.conf +++ /dev/null @@ -1,2 +0,0 @@ -net.ipv6.conf.all.disable_ipv6 = 1 -net.ipv6.conf.svc.disable_ipv6 = 1 diff --git a/sources/vpn.usr.f30/config b/sources/vpn.usr.f30/config deleted file mode 100644 index 70d6fff..0000000 --- a/sources/vpn.usr.f30/config +++ /dev/null @@ -1,21 +0,0 @@ -lxc.include = /usr/share/lxc/config/common.conf - -lxc.arch = x86_64 -lxc.uts.name = vpn.usr.user.hu -lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.mount.auto = proc:rw sys:ro - -lxc.net.0.type = phys -lxc.net.0.flags = up -lxc.net.0.link = vpn - -lxc.autodev = 1 -lxc.hook.autodev = __CONTAINER_PATH__/hooks/autodev - -lxc.cgroup.devices.allow = c 10:200 rwm - -lxc.signal.halt = SIGRTMIN+4 - -lxc.start.auto = 1 -lxc.start.order = 25 -lxc.start.delay = 3 diff --git a/sources/vpn.usr.f30/envvars b/sources/vpn.usr.f30/envvars deleted file mode 100644 index 39e6341..0000000 --- a/sources/vpn.usr.f30/envvars +++ /dev/null @@ -1,2 +0,0 @@ -BASE_PACKAGES="NetworkManager hostname initscripts iproute iputils rootfiles rsyslog tar vim-minimal" -SPEC_PACKAGES="easy-rsa openvpn python" diff --git a/sources/vpn.usr.f30/firstboot/01_setupnetworking.sh b/sources/vpn.usr.f30/firstboot/01_setupnetworking.sh deleted file mode 100755 index eee7b91..0000000 --- a/sources/vpn.usr.f30/firstboot/01_setupnetworking.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active NetworkManager.service -NM_RC=$? -WAITED=0 -while [ $NM_RC -ne 0 ] -do - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active NetworkManager.service - NM_RC=$? -done -[ $WAITED -eq 1 ] && echo - -CONNECTIONS=$(nmcli --terse connection show | wc -l) -while [ $CONNECTIONS -ne 1 ] -do - echo "Number of connections: $CONNECTIONS" >&2 - sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done - -CONNECTION_LINE=$(nmcli --terse connection show) -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') -CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id internal \ - connection.interface-name $CONNECTION_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "10.228.109.236/16" \ - ipv4.dns "10.228.109.104, 10.228.109.253" \ - ipv4.dns-search "usr.user.hu" \ - ipv4.gateway "10.228.109.254" \ - ipv4.method "manual" \ - ipv6.method "ignore" \ - save yes - -nmcli connection show diff --git a/sources/vpn.usr.f30/firstboot/02_settimezone.sh b/sources/vpn.usr.f30/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/vpn.usr.f30/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/vpn.usr.f30/firstboot/03_displayvpndoc.sh b/sources/vpn.usr.f30/firstboot/03_displayvpndoc.sh deleted file mode 100755 index e4e8b06..0000000 --- a/sources/vpn.usr.f30/firstboot/03_displayvpndoc.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo "OpenVPN setup scripts can be found in /etc/openvpn/setupscripts" diff --git a/sources/vpn.usr.f30/firstboot/99_cleanup.sh b/sources/vpn.usr.f30/firstboot/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/vpn.usr.f30/firstboot/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/vpn.usr.f30/hooks/autodev b/sources/vpn.usr.f30/hooks/autodev deleted file mode 100755 index 313469e..0000000 --- a/sources/vpn.usr.f30/hooks/autodev +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -cd $LXC_ROOTFS_MOUNT/dev -mkdir net -mknod net/tun c 10 200 -chmod 0666 net/tun diff --git a/sources/vpn.usr.f30/postinstall/01_setownership.sh b/sources/vpn.usr.f30/postinstall/01_setownership.sh deleted file mode 100755 index f2e6b94..0000000 --- a/sources/vpn.usr.f30/postinstall/01_setownership.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install - -chown -R root.root $SOURCE_PATH/* diff --git a/sources/vpn.usr.f30/postinstall/02_setpermissions.sh b/sources/vpn.usr.f30/postinstall/02_setpermissions.sh deleted file mode 100755 index 241386a..0000000 --- a/sources/vpn.usr.f30/postinstall/02_setpermissions.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install diff --git a/sources/vpn.usr.f30/postinstall/03_installfiles.sh b/sources/vpn.usr.f30/postinstall/03_installfiles.sh deleted file mode 100755 index f190caf..0000000 --- a/sources/vpn.usr.f30/postinstall/03_installfiles.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -tar --create \ - --directory=$REAL_PATH \ - --to-stdout \ - install \ - | tar --extract \ - --backup \ - --directory=/ \ - --no-overwrite-dir \ - --strip-components=1 \ - --suffix=.orig diff --git a/sources/vpn.usr.f30/postinstall/10_setupservices.sh b/sources/vpn.usr.f30/postinstall/10_setupservices.sh deleted file mode 100755 index a6a9e38..0000000 --- a/sources/vpn.usr.f30/postinstall/10_setupservices.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - - -systemctl enable openvpn-server@server.service -systemctl enable NetworkManager-wait-online.service - -systemctl mask wpa_supplicant.service diff --git a/sources/vpn.usr.f30/postinstall/99_cleanup.sh b/sources/vpn.usr.f30/postinstall/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/vpn.usr.f30/postinstall/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/vpn.usr.f30/postinstall/install/etc/hosts b/sources/vpn.usr.f30/postinstall/install/etc/hosts deleted file mode 100644 index 219e747..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/hosts +++ /dev/null @@ -1,4 +0,0 @@ -127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4 -::1 localhost6.localdomain6 localhost6 - -10.228.109.236 vpn.usr.user.hu vpn diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/client-config/client.conf.template b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/client-config/client.conf.template deleted file mode 100644 index 0498910..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/client-config/client.conf.template +++ /dev/null @@ -1,127 +0,0 @@ -############################################## -# Sample client-side OpenVPN 2.0 config file # -# for connecting to multi-client server. # -# # -# This configuration can be used by multiple # -# clients, however each client should have # -# its own cert and key files. # -# # -# On Windows, you might want to rename this # -# file so it has a .ovpn extension # -############################################## - -# Specify that we are a client and that we -# will be pulling certain config file directives -# from the server. -client - -# Use the same setting as you are using on -# the server. -# On most systems, the VPN will not function -# unless you partially or fully disable -# the firewall for the TUN/TAP interface. -;dev tap -dev tun - -# Windows needs the TAP-Win32 adapter name -# from the Network Connections panel -# if you have more than one. On XP SP2, -# you may need to disable the firewall -# for the TAP adapter. -;dev-node MyTap - -# Are we connecting to a TCP or -# UDP server? Use the same setting as -# on the server. -;proto tcp -proto udp - -# The hostname/IP and port of the server. -# You can have multiple remote entries -# to load balance between the servers. -remote vpn.userrendszerhaz.hu 1194 - -# Choose a random host from the remote -# list for load-balancing. Otherwise -# try hosts in the order specified. -;remote-random - -# Keep trying indefinitely to resolve the -# host name of the OpenVPN server. Very useful -# on machines which are not permanently connected -# to the internet such as laptops. -resolv-retry infinite - -# Most clients don't need to bind to -# a specific local port number. -nobind - -# Downgrade privileges after initialization (non-Windows only) -user nobody -group nobody - -# Try to preserve some state across restarts. -persist-key -persist-tun - -# If you are connecting through an -# HTTP proxy to reach the actual OpenVPN -# server, put the proxy server/IP and -# port number here. See the man page -# if your proxy server requires -# authentication. -;http-proxy-retry # retry on connection failures -;http-proxy [proxy server] [proxy port #] - -# Wireless networks often produce a lot -# of duplicate packets. Set this flag -# to silence duplicate packet warnings. -;mute-replay-warnings - -# SSL/TLS parms. -# See the server config file for more -# description. It's best to use -# a separate .crt/.key file pair -# for each client. A single ca -# file can be used for all clients. -;ca ca.crt -;cert client.crt -;key client.key - -# Verify server certificate by checking that the -# certicate has the correct key usage set. -# This is an important precaution to protect against -# a potential attack discussed here: -# http://openvpn.net/howto.html#mitm -# -# To use this feature, you will need to generate -# your server certificates with the keyUsage set to -# digitalSignature, keyEncipherment -# and the extendedKeyUsage to -# serverAuth -# EasyRSA can do this for you. -remote-cert-tls server - -# If a tls-auth key is used on the server -# then every client must also have the key. -;tls-auth ta.key 1 -key-direction 1 - -# Select a cryptographic cipher. -# If the cipher option is used on the server -# then you must also specify it here. -# Note that v2.4 client/server will automatically -# negotiate AES-256-GCM in TLS mode. -# See also the ncp-cipher option in the manpage -cipher AES-256-CBC - -# Enable compression on the VPN link. -# Don't enable this unless it is also -# enabled in the server config file. -#comp-lzo - -# Set log file verbosity. -verb 3 - -# Silence repeating messages -;mute 20 diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/server/ccd/qqcs b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/server/ccd/qqcs deleted file mode 100644 index 7d8e4b8..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/server/ccd/qqcs +++ /dev/null @@ -1 +0,0 @@ -iroute 10.162.104.0 255.255.255.0 diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/server/server.conf b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/server/server.conf deleted file mode 100644 index e3b8c91..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/server/server.conf +++ /dev/null @@ -1,323 +0,0 @@ -################################################# -# Sample OpenVPN 2.0 config file for # -# multi-client server. # -# # -# This file is for the server side # -# of a many-clients <-> one-server # -# OpenVPN configuration. # -# # -# OpenVPN also supports # -# single-machine <-> single-machine # -# configurations (See the Examples page # -# on the web site for more info). # -# # -# This config should work on Windows # -# or Linux/BSD systems. Remember on # -# Windows to quote pathnames and use # -# double backslashes, e.g.: # -# "C:\\Program Files\\OpenVPN\\config\\foo.key" # -# # -# Comments are preceded with '#' or ';' # -################################################# - -# Which local IP address should OpenVPN -# listen on? (optional) -;local a.b.c.d - -# Which TCP/UDP port should OpenVPN listen on? -# If you want to run multiple OpenVPN instances -# on the same machine, use a different port -# number for each one. You will need to -# open up this port on your firewall. -port 1194 - -# TCP or UDP server? -;proto tcp -proto udp - -# "dev tun" will create a routed IP tunnel, -# "dev tap" will create an ethernet tunnel. -# Use "dev tap0" if you are ethernet bridging -# and have precreated a tap0 virtual interface -# and bridged it with your ethernet interface. -# If you want to control access policies -# over the VPN, you must create firewall -# rules for the the TUN/TAP interface. -# On non-Windows systems, you can give -# an explicit unit number, such as tun0. -# On Windows, use "dev-node" for this. -# On most systems, the VPN will not function -# unless you partially or fully disable -# the firewall for the TUN/TAP interface. -;dev tap -dev tun - -# Windows needs the TAP-Win32 adapter name -# from the Network Connections panel if you -# have more than one. On XP SP2 or higher, -# you may need to selectively disable the -# Windows firewall for the TAP adapter. -# Non-Windows systems usually don't need this. -;dev-node MyTap - -# SSL/TLS root certificate (ca), certificate -# (cert), and private key (key). Each client -# and the server must have their own cert and -# key file. The server and all clients will -# use the same ca file. -# -# See the "easy-rsa" directory for a series -# of scripts for generating RSA certificates -# and private keys. Remember to use -# a unique Common Name for the server -# and each of the client certificates. -# -# Any X509 key management system can be used. -# OpenVPN can also use a PKCS #12 formatted key file -# (see "pkcs12" directive in man page). -ca easy-rsa/pki/ca.crt -cert easy-rsa/pki/issued/server.crt -key easy-rsa/pki/private/server.key # This file should be kept secret -crl-verify easy-rsa/pki/crl.pem - -# Diffie hellman parameters. -# Generate your own with: -# openssl dhparam -out dh2048.pem 2048 -#dh dh2048.pem -dh easy-rsa/pki/dh.pem - -# Network topology -# Should be subnet (addressing via IP) -# unless Windows clients v2.0.9 and lower have to -# be supported (then net30, i.e. a /30 per client) -# Defaults to net30 (not recommended) -;topology subnet - -# Configure server mode and supply a VPN subnet -# for OpenVPN to draw client addresses from. -# The server will take 10.8.0.1 for itself, -# the rest will be made available to clients. -# Each client will be able to reach the server -# on 10.8.0.1. Comment this line out if you are -# ethernet bridging. See the man page for more info. -server 172.16.223.0 255.255.255.0 - -# Maintain a record of client <-> virtual IP address -# associations in this file. If OpenVPN goes down or -# is restarted, reconnecting clients can be assigned -# the same virtual IP address from the pool that was -# previously assigned. -ifconfig-pool-persist ipp.txt - -# Configure server mode for ethernet bridging. -# You must first use your OS's bridging capability -# to bridge the TAP interface with the ethernet -# NIC interface. Then you must manually set the -# IP/netmask on the bridge interface, here we -# assume 10.8.0.4/255.255.255.0. Finally we -# must set aside an IP range in this subnet -# (start=10.8.0.50 end=10.8.0.100) to allocate -# to connecting clients. Leave this line commented -# out unless you are ethernet bridging. -;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 - -# Configure server mode for ethernet bridging -# using a DHCP-proxy, where clients talk -# to the OpenVPN server-side DHCP server -# to receive their IP address allocation -# and DNS server addresses. You must first use -# your OS's bridging capability to bridge the TAP -# interface with the ethernet NIC interface. -# Note: this mode only works on clients (such as -# Windows), where the client-side TAP adapter is -# bound to a DHCP client. -;server-bridge - -# Push routes to the client to allow it -# to reach other private subnets behind -# the server. Remember that these -# private subnets will also need -# to know to route the OpenVPN client -# address pool (10.8.0.0/255.255.255.0) -# back to the OpenVPN server. -;push "route 192.168.10.0 255.255.255.0" -;push "route 192.168.20.0 255.255.255.0" -push "route 10.228.0.0 255.255.0.0" -push "route 192.168.42.0 255.255.255.0" -push "route 192.168.43.0 255.255.255.0" - -# To assign specific IP addresses to specific -# clients or if a connecting client has a private -# subnet behind it that should also have VPN access, -# use the subdirectory "ccd" for client-specific -# configuration files (see man page for more info). -client-config-dir ccd -route 10.162.104.0 255.255.255.0 - -# EXAMPLE: Suppose the client -# having the certificate common name "Thelonious" -# also has a small subnet behind his connecting -# machine, such as 192.168.40.128/255.255.255.248. -# First, uncomment out these lines: -;client-config-dir ccd -;route 192.168.40.128 255.255.255.248 -# Then create a file ccd/Thelonious with this line: -# iroute 192.168.40.128 255.255.255.248 -# This will allow Thelonious' private subnet to -# access the VPN. This example will only work -# if you are routing, not bridging, i.e. you are -# using "dev tun" and "server" directives. - -# EXAMPLE: Suppose you want to give -# Thelonious a fixed VPN IP address of 10.9.0.1. -# First uncomment out these lines: -;client-config-dir ccd -;route 10.9.0.0 255.255.255.252 -# Then add this line to ccd/Thelonious: -# ifconfig-push 10.9.0.1 10.9.0.2 - -# Suppose that you want to enable different -# firewall access policies for different groups -# of clients. There are two methods: -# (1) Run multiple OpenVPN daemons, one for each -# group, and firewall the TUN/TAP interface -# for each group/daemon appropriately. -# (2) (Advanced) Create a script to dynamically -# modify the firewall in response to access -# from different clients. See man -# page for more info on learn-address script. -;learn-address ./script - -# If enabled, this directive will configure -# all clients to redirect their default -# network gateway through the VPN, causing -# all IP traffic such as web browsing and -# and DNS lookups to go through the VPN -# (The OpenVPN server machine may need to NAT -# or bridge the TUN/TAP interface to the internet -# in order for this to work properly). -;push "redirect-gateway def1 bypass-dhcp" - -# Certain Windows-specific network settings -# can be pushed to clients, such as DNS -# or WINS server addresses. CAVEAT: -# http://openvpn.net/faq.html#dhcpcaveats -# The addresses below refer to the public -# DNS servers provided by opendns.com. -;push "dhcp-option DNS 208.67.222.222" -;push "dhcp-option DNS 208.67.220.220" -push "dhcp-option DNS 10.228.109.253" - -# Uncomment this directive to allow different -# clients to be able to "see" each other. -# By default, clients will only see the server. -# To force clients to only see the server, you -# will also need to appropriately firewall the -# server's TUN/TAP interface. -;client-to-client - -# Uncomment this directive if multiple clients -# might connect with the same certificate/key -# files or common names. This is recommended -# only for testing purposes. For production use, -# each client should have its own certificate/key -# pair. -# -# IF YOU HAVE NOT GENERATED INDIVIDUAL -# CERTIFICATE/KEY PAIRS FOR EACH CLIENT, -# EACH HAVING ITS OWN UNIQUE "COMMON NAME", -# UNCOMMENT THIS LINE OUT. -;duplicate-cn - -# The keepalive directive causes ping-like -# messages to be sent back and forth over -# the link so that each side knows when -# the other side has gone down. -# Ping every 10 seconds, assume that remote -# peer is down if no ping received during -# a 120 second time period. -keepalive 10 120 - -# For extra security beyond that provided -# by SSL/TLS, create an "HMAC firewall" -# to help block DoS attacks and UDP port flooding. -# -# Generate with: -# openvpn --genkey --secret ta.key -# -# The server and each client must have -# a copy of this key. -# The second parameter should be '0' -# on the server and '1' on the clients. -tls-auth easy-rsa/pki/ta.key 0 # This file is secret - -# Select a cryptographic cipher. -# This config item must be copied to -# the client config file as well. -# Note that 2.4 client/server will automatically -# negotiate AES-256-GCM in TLS mode. -# See also the ncp-cipher option in the manpage -cipher AES-256-CBC - -# Enable compression on the VPN link and push the -# option to the client (2.4+ only, for earlier -# versions see below) -;compress lz4-v2 -;push "compress lz4-v2" - -# For compression compatible with older clients use comp-lzo -# If you enable it here, you must also -# enable it in the client config file. -;comp-lzo - -# The maximum number of concurrently connected -# clients we want to allow. -;max-clients 100 - -# It's a good idea to reduce the OpenVPN -# daemon's privileges after initialization. -# -# You can uncomment this out on -# non-Windows systems. -user nobody -group nobody - -# The persist options will try to avoid -# accessing certain resources on restart -# that may no longer be accessible because -# of the privilege downgrade. -persist-key -persist-tun - -# Output a short status file showing -# current connections, truncated -# and rewritten every minute. -status openvpn-status.log - -# By default, log messages will go to the syslog (or -# on Windows, if running as a service, they will go to -# the "\Program Files\OpenVPN\log" directory). -# Use log or log-append to override this default. -# "log" will truncate the log file on OpenVPN startup, -# while "log-append" will append to it. Use one -# or the other (but not both). -;log openvpn.log -;log-append openvpn.log - -# Set the appropriate level of log -# file verbosity. -# -# 0 is silent, except for fatal errors -# 4 is reasonable for general usage -# 5 and 6 can help to debug connection problems -# 9 is extremely verbose -verb 3 - -# Silence repeating messages. At most 20 -# sequential messages of the same message -# category will be output to the log. -;mute 20 - -# Notify the client that when the server restarts so it -# can automatically reconnect. -explicit-exit-notify 1 diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/10_setupserver.sh b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/10_setupserver.sh deleted file mode 100755 index a931ef1..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/10_setupserver.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(realpath $(dirname $0)) -ERSA_PATH=/etc/openvpn/server/easy-rsa -ERSA_VERSION=$(rpm --query --queryformat "%{VERSION}\n" easy-rsa) -PKI_PATH=$ERSA_PATH/pki - - -if [ ! -d $PKI_PATH ] -then - if [ -d $ERSA_PATH ] - then - mv $ERSA_PATH ${ERSA_PATH}.orig - fi - mkdir $ERSA_PATH - cp -a /usr/share/doc/easy-rsa/vars.example $ERSA_PATH/vars - cp -a /usr/share/easy-rsa/$ERSA_VERSION/easyrsa $ERSA_PATH - cp -a /usr/share/easy-rsa/$ERSA_VERSION/openssl-easyrsa.cnf $ERSA_PATH - cp -a /usr/share/easy-rsa/$ERSA_VERSION/x509-types $ERSA_PATH - cd $ERSA_PATH - echo "Edit (review only) $ERSA_PATH/openssl-easyrsa.cnf" - read - vi $ERSA_PATH/openssl-easyrsa.cnf - echo "Edit (set EASYRSA_ALGO to ec) $ERSA_PATH/vars" - echo "Optionally set EASYRSA_CURVE to one of \$(openssl ecparam -list_curves)" - read - vi $ERSA_PATH/vars - - echo "Run ./easyrsa init-pki" - read - ./easyrsa init-pki - echo "Run ./easyrsa build-ca nopass" - read - ./easyrsa build-ca nopass - echo "Run ./easyrsa gen-crl" - read - ./easyrsa gen-crl - echo "Run ./easyrsa gen-req server nopass" - read - ./easyrsa gen-req server nopass - echo "Run ./easyrsa sign-req server server" - read - ./easyrsa sign-req server server - echo "Run ./easyrsa gen-dh" - read - ./easyrsa gen-dh - echo "Run openvpn --genkey --secret pki/ta.key" - read - openvpn --genkey --secret pki/ta.key - echo "Check server.conf" - read - echo "Run ./20_getuids.sh" - echo "Run ./30_create_client.sh for each client" -fi diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/20_getuids.sh b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/20_getuids.sh deleted file mode 100755 index 0ac7fa4..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/20_getuids.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(realpath $(dirname $0)) - - ->$REAL_PATH/SEED.txt ->$REAL_PATH/UIDS.txt -grep '^[a-z]' $REAL_PATH/NAMES.txt | while read LOGIN_NAME -do - LOGIN_MD5SUM=$(echo $LOGIN_NAME | md5sum | awk '{print $1}') - UID_POSITION=30 - UID_IS_UNIQUE=0 - while [ $UID_IS_UNIQUE -eq 0 ] - do - LOGIN_UID=$(echo $LOGIN_MD5SUM | cut -c ${UID_POSITION}- | cut -c 1-3) - grep $LOGIN_UID $REAL_PATH/SEED.txt >/dev/null 2>&1 - if [ $? -eq 1 ] - then - INT_UID=$(python -c "print(10000 + int('$LOGIN_UID', 16))") - HEX_UID=$(python -c "print(hex($INT_UID))") - echo $LOGIN_NAME $LOGIN_MD5SUM $LOGIN_UID $INT_UID $HEX_UID - echo $LOGIN_UID >>$REAL_PATH/SEED.txt - echo $LOGIN_NAME $INT_UID $HEX_UID >>$REAL_PATH/UIDS.txt - UID_IS_UNIQUE=1 - else - UID_POSITION=$(( $UID_POSITION - 1 )) - if [ $UID_POSITION -eq 0 ] - then - echo "Cannot generate unique uid for $LOGIN_NAME" >&2 - exit 1 - fi - fi - done -done diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/30_create_client.sh b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/30_create_client.sh deleted file mode 100755 index 54ed5a9..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/30_create_client.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(realpath $(dirname $0)) -OVPN_PATH=/etc/openvpn -ERSA_PATH=$OVPN_PATH/server/easy-rsa -PKI_PATH=$ERSA_PATH/pki -CCFG_PATH=$OVPN_PATH/client-config - - -if [ -z "$1" ] -then - echo "Usage: $(basename $0) clientname" -fi - -NAME=$1 -LINE=$(grep "^$NAME " UIDS.txt) -if [ -z "$LINE" ] -then - echo "$NAME not found." >&2 - exit 1 -fi - -SERIAL=$(echo $LINE | awk '{print $3}' | cut -c 3-6) - -if [ -f $CCFG_PATH/${NAME}.conf ] -then - echo "Configuration for $NAME already exists." -else - echo "Generating configuration for ${NAME}." - cd $ERSA_PATH - echo $SERIAL >${PKI_PATH}/serial - ./easyrsa gen-req $NAME nopass - ./easyrsa sign-req client $NAME - cp -a $CCFG_PATH/client.conf.template $CCFG_PATH/${NAME}.conf - echo >>$CCFG_PATH/${NAME}.conf - echo '' >>$CCFG_PATH/${NAME}.conf - cat $PKI_PATH/ca.crt >>$CCFG_PATH/${NAME}.conf - echo '' >>$CCFG_PATH/${NAME}.conf - echo >>$CCFG_PATH/${NAME}.conf - echo '' >>$CCFG_PATH/${NAME}.conf - cat $PKI_PATH/issued/${NAME}.crt >>$CCFG_PATH/${NAME}.conf - echo '' >>$CCFG_PATH/${NAME}.conf - echo >>$CCFG_PATH/${NAME}.conf - echo '' >>$CCFG_PATH/${NAME}.conf - cat $PKI_PATH/private/${NAME}.key >>$CCFG_PATH/${NAME}.conf - echo '' >>$CCFG_PATH/${NAME}.conf - echo >>$CCFG_PATH/${NAME}.conf - echo '' >>$CCFG_PATH/${NAME}.conf - cat $PKI_PATH/ta.key >>$CCFG_PATH/${NAME}.conf - echo '' >>$CCFG_PATH/${NAME}.conf -fi diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/40_create_all_clients.sh b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/40_create_all_clients.sh deleted file mode 100755 index b37fd02..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/40_create_all_clients.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - - -cat UIDS.txt | while read LINE -do - NAME=$(echo $LINE | awk '{print $1}') - ./30_create_client.sh $NAME -done diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/99_cleanup.sh b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/NAMES.txt b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/NAMES.txt deleted file mode 100644 index 0eed557..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/NAMES.txt +++ /dev/null @@ -1,21 +0,0 @@ -# Regular users -akosztolanyi -azsamboki -bcsoka -csgulyas -cslevai -dhorvath -dvasary -fritter -fschnell -ifabian -khorvath -kkele -mszabo -rrendek -tsuhajda -zbartakovics -zfelleg - -# zfelleg's home network -qqcs diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/README.txt b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/README.txt deleted file mode 100644 index 3f768d3..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/README.txt +++ /dev/null @@ -1,2 +0,0 @@ -login name -> uid: 10000+last 3 digits of md5sum(login name) - in case of collision: shift the 3 digits diff --git a/sources/vpn.usr.f30/postinstall/install/etc/sysctl.d/01-ipv4.conf b/sources/vpn.usr.f30/postinstall/install/etc/sysctl.d/01-ipv4.conf deleted file mode 100644 index fb3c483..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/sysctl.d/01-ipv4.conf +++ /dev/null @@ -1,2 +0,0 @@ -# Enable IPv4 packet forwarding -net.ipv4.ip_forward = 1 diff --git a/sources/vpn.usr.f30/postinstall/install/etc/sysctl.d/01-ipv6.conf b/sources/vpn.usr.f30/postinstall/install/etc/sysctl.d/01-ipv6.conf deleted file mode 100644 index 0690211..0000000 --- a/sources/vpn.usr.f30/postinstall/install/etc/sysctl.d/01-ipv6.conf +++ /dev/null @@ -1,2 +0,0 @@ -net.ipv6.conf.all.disable_ipv6 = 1 -net.ipv6.conf.svc.disable_ipv6 = 1 diff --git a/sources/ws.pm.f30/config b/sources/ws.pm.f30/config deleted file mode 100644 index 8638900..0000000 --- a/sources/ws.pm.f30/config +++ /dev/null @@ -1,23 +0,0 @@ -lxc.include = /usr/share/lxc/config/common.conf - -lxc.arch = x86_64 -lxc.uts.name = ws.pm.user.hu -lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.mount.auto = proc:rw sys:ro -lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/htdocs.useribm.hu.443 var/www/htdocs.useribm.hu.443 none bind,create=dir 0 0 -lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/htdocs.useribm.hu.80 var/www/htdocs.useribm.hu.80 none bind,create=dir 0 0 -lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/htdocs.userrendszerhaz.hu.443 var/www/htdocs.userrendszerhaz.hu.443 none bind,create=dir 0 0 -lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/htdocs.userrendszerhaz.hu.80 var/www/htdocs.userrendszerhaz.hu.80 none bind,create=dir 0 0 - -lxc.net.0.type = veth -lxc.net.0.flags = up -lxc.net.0.link = brh -lxc.net.0.hwaddr = 02:0c:18:03:ad:f9 - -lxc.autodev = 1 - -lxc.signal.halt = SIGRTMIN+4 - -lxc.start.auto = 1 -lxc.start.order = 13 -lxc.start.delay = 3 diff --git a/sources/ws.pm.f30/envvars b/sources/ws.pm.f30/envvars deleted file mode 100644 index a59122a..0000000 --- a/sources/ws.pm.f30/envvars +++ /dev/null @@ -1,2 +0,0 @@ -BASE_PACKAGES="NetworkManager hostname initscripts iproute iputils rootfiles rsyslog tar vim-minimal" -SPEC_PACKAGES="httpd mailx mod_ssl php postfix python3-certbot-apache" diff --git a/sources/ws.pm.f30/firstboot/01_setupnetworking.sh b/sources/ws.pm.f30/firstboot/01_setupnetworking.sh deleted file mode 100755 index dd750d3..0000000 --- a/sources/ws.pm.f30/firstboot/01_setupnetworking.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active NetworkManager.service -NM_RC=$? -WAITED=0 -while [ $NM_RC -ne 0 ] -do - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active NetworkManager.service - NM_RC=$? -done -[ $WAITED -eq 1 ] && echo - -CONNECTIONS=$(nmcli --terse connection show | wc -l) -while [ $CONNECTIONS -ne 1 ] -do - echo "Number of connections: $CONNECTIONS" >&2 - sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done - -CONNECTION_LINE=$(nmcli --terse connection show) -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') -CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id perimeter \ - connection.interface-name $CONNECTION_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "192.168.173.249/24" \ - ipv4.dns "192.168.173.174" \ - ipv4.dns-search "pm.user.hu" \ - ipv4.gateway "192.168.173.254" \ - ipv4.method "manual" \ - ipv4.routes "10.228.0.0/16 192.168.173.1, 192.168.42.0/24 192.168.173.1" \ - ipv6.method "ignore" \ - save yes - -nmcli connection show diff --git a/sources/ws.pm.f30/firstboot/02_settimezone.sh b/sources/ws.pm.f30/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/ws.pm.f30/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/ws.pm.f30/firstboot/03_setupldap.sh b/sources/ws.pm.f30/firstboot/03_setupldap.sh deleted file mode 100755 index 4b58626..0000000 --- a/sources/ws.pm.f30/firstboot/03_setupldap.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - - -exit 0 -authselect select sssd with-mkhomedir --force - -cat >>/etc/openldap/ldap.conf <>/etc/postfix/main.cf - -systemctl enable postfix.service -systemctl start postfix.service diff --git a/sources/ws.pm.f30/firstboot/99_cleanup.sh b/sources/ws.pm.f30/firstboot/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/ws.pm.f30/firstboot/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/ws.pm.f30/postinstall/01_setownership.sh b/sources/ws.pm.f30/postinstall/01_setownership.sh deleted file mode 100755 index f2e6b94..0000000 --- a/sources/ws.pm.f30/postinstall/01_setownership.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install - -chown -R root.root $SOURCE_PATH/* diff --git a/sources/ws.pm.f30/postinstall/02_setpermissions.sh b/sources/ws.pm.f30/postinstall/02_setpermissions.sh deleted file mode 100755 index 241386a..0000000 --- a/sources/ws.pm.f30/postinstall/02_setpermissions.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install diff --git a/sources/ws.pm.f30/postinstall/03_installfiles.sh b/sources/ws.pm.f30/postinstall/03_installfiles.sh deleted file mode 100755 index f190caf..0000000 --- a/sources/ws.pm.f30/postinstall/03_installfiles.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -tar --create \ - --directory=$REAL_PATH \ - --to-stdout \ - install \ - | tar --extract \ - --backup \ - --directory=/ \ - --no-overwrite-dir \ - --strip-components=1 \ - --suffix=.orig diff --git a/sources/ws.pm.f30/postinstall/10_setupservices.sh b/sources/ws.pm.f30/postinstall/10_setupservices.sh deleted file mode 100755 index f1593d2..0000000 --- a/sources/ws.pm.f30/postinstall/10_setupservices.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - - -systemctl disable httpd.service -systemctl enable NetworkManager-wait-online.service - -systemctl mask wpa_supplicant.service diff --git a/sources/ws.pm.f30/postinstall/99_cleanup.sh b/sources/ws.pm.f30/postinstall/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/ws.pm.f30/postinstall/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/ws.pm.f30/postinstall/install/etc/hosts b/sources/ws.pm.f30/postinstall/install/etc/hosts deleted file mode 100644 index 535cd64..0000000 --- a/sources/ws.pm.f30/postinstall/install/etc/hosts +++ /dev/null @@ -1,4 +0,0 @@ -127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4 -::1 localhost6.localdomain6 localhost6 - -192.168.173.249 ws.pm.user.hu ws diff --git a/sources/ws.pm.f30/postinstall/install/etc/httpd/conf.d/useribm.hu.443.conf.le b/sources/ws.pm.f30/postinstall/install/etc/httpd/conf.d/useribm.hu.443.conf.le deleted file mode 100644 index e6a998f..0000000 --- a/sources/ws.pm.f30/postinstall/install/etc/httpd/conf.d/useribm.hu.443.conf.le +++ /dev/null @@ -1,119 +0,0 @@ - - ServerName www.useribm.hu - ServerAlias useribm.hu - ServerAdmin webadmin@useribm.hu - DocumentRoot "/var/www/htdocs.useribm.hu.443" - - SSLCertificateFile /etc/letsencrypt/live/user/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/user/privkey.pem - Include /etc/letsencrypt/options-ssl-apache.conf - - - - Require all granted - - - - ProxyPreserveHost On - ProxyPass /ugyvitel http://192.168.42.248:8079/ugyvitel keepalive=On connectiontimeout=600 - ProxyPassReverse /ugyvitel http://192.168.42.248:8079/ugyvitel - - # avon file transfer -> shs.pm.user.hu:80 - ProxyPass /avonxfr http://192.168.173.251/avonxfr - ProxyPassReverse /avonxfr http://192.168.173.251/avonxfr - - # erste file transfer -> shs.pm.user.hu:80 - ProxyPass /erstexfr http://192.168.173.251/erstexfr - ProxyPassReverse /erstexfr http://192.168.173.251/erstexfr - - # onyf file transfer -> shs.pm.user.hu:80 - ProxyPass /onyfxfr http://192.168.173.251/onyfxfr - ProxyPassReverse /onyfxfr http://192.168.173.251/onyfxfr - - # ubis file transfer -> shs.pm.user.hu:80 - ProxyPass /ubisxfr http://192.168.173.251/ubisxfr - ProxyPassReverse /ubisxfr http://192.168.173.251/ubisxfr - - # dvasary's redmine -> dvredmine.usr.user.hu:80 - ProxyPass /redmine http://10.228.62.193/ - ProxyPassReverse /redmine http://10.228.62.193/ - - # webdav store -> store.usr.user.hu:80 - #ProxyPass /store http://store.usr.user.hu/ - #ProxyPassReverse /store http://store.usr.user.hu/ - - - - ServerName hg.useribm.hu - ServerAdmin webadmin@useribm.hu - DocumentRoot "/var/www/htdocs.useribm.hu.443" - - SSLCertificateFile /etc/letsencrypt/live/user/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/user/privkey.pem - Include /etc/letsencrypt/options-ssl-apache.conf - - - - Require all granted - - - - ProxyPass "/" "http://hg.pm.user.hu/jtrac" - - - - ServerName jtrac.useribm.hu - ServerAdmin webadmin@useribm.hu - DocumentRoot "/var/www/htdocs.useribm.hu.443" - - SSLCertificateFile /etc/letsencrypt/live/user/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/user/privkey.pem - Include /etc/letsencrypt/options-ssl-apache.conf - - - - Require all granted - - - - ProxyPass /jtrac http://192.168.43.210/jtrac - ProxyPassReverse /jtrac http://192.168.43.210/jtrac - - - - ServerName minicrm.useribm.hu - ServerAdmin webadmin@useribm.hu - DocumentRoot "/var/www/htdocs.useribm.hu.443" - - SSLCertificateFile /etc/letsencrypt/live/user/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/user/privkey.pem - Include /etc/letsencrypt/options-ssl-apache.conf - - - - Require all granted - - - - ProxyPass /minicrm http://minicrm.usr.user.hu:8080/minicrm - ProxyPassReverse /minicrm http://minicrm.usr.user.hu:8080/minicrm - - - - ServerName redmine.useribm.hu - ServerAdmin webadmin@useribm.hu - DocumentRoot "/var/www/htdocs.useribm.hu.443" - - SSLCertificateFile /etc/letsencrypt/live/user/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/user/privkey.pem - Include /etc/letsencrypt/options-ssl-apache.conf - - - - Require all granted - - - - ProxyPass / http://10.228.62.193/ - ProxyPassReverse / http://10.228.62.193/ - diff --git a/sources/ws.pm.f30/postinstall/install/etc/httpd/conf.d/useribm.hu.80.conf b/sources/ws.pm.f30/postinstall/install/etc/httpd/conf.d/useribm.hu.80.conf deleted file mode 100644 index cc36dcd..0000000 --- a/sources/ws.pm.f30/postinstall/install/etc/httpd/conf.d/useribm.hu.80.conf +++ /dev/null @@ -1,56 +0,0 @@ - - ServerName www.useribm.hu - ServerAlias useribm.hu - ServerAdmin webadmin@useribm.hu - DocumentRoot "/var/www/htdocs.useribm.hu.80" - - - - Require all granted - - - - Redirect permanent / https://www.useribm.hu/ - - - - ServerName jtrac.useribm.hu - ServerAdmin webadmin@useribm.hu - DocumentRoot "/var/www/htdocs.useribm.hu.80" - - - - Require all granted - - - - Redirect permanent / https://jtrac.useribm.hu/ - - - - ServerName minicrm.useribm.hu - ServerAdmin webadmin@useribm.hu - DocumentRoot "/var/www/htdocs.useribm.hu.80" - - - - Require all granted - - - - Redirect permanent / https://minicrm.useribm.hu/ - - - - ServerName redmine.useribm.hu - ServerAdmin webadmin@useribm.hu - DocumentRoot "/var/www/htdocs.useribm.hu.80" - - - - Require all granted - - - - Redirect permanent / https://redmine.useribm.hu/ - diff --git a/sources/ws.pm.f30/postinstall/install/etc/httpd/conf.d/userrendszerhaz.hu.443.conf.le b/sources/ws.pm.f30/postinstall/install/etc/httpd/conf.d/userrendszerhaz.hu.443.conf.le deleted file mode 100644 index 54247c7..0000000 --- a/sources/ws.pm.f30/postinstall/install/etc/httpd/conf.d/userrendszerhaz.hu.443.conf.le +++ /dev/null @@ -1,119 +0,0 @@ - - ServerName www.userrendszerhaz.hu - ServerAlias userrendszerhaz.hu - ServerAdmin webadmin@userrendszerhaz.hu - DocumentRoot "/var/www/htdocs.userrendszerhaz.hu.443" - - SSLCertificateFile /etc/letsencrypt/live/user/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/user/privkey.pem - Include /etc/letsencrypt/options-ssl-apache.conf - - - - Require all granted - - - - ProxyPreserveHost On - ProxyPass /ugyvitel http://192.168.42.248:8079/ugyvitel keepalive=On connectiontimeout=600 - ProxyPassReverse /ugyvitel http://192.168.42.248:8079/ugyvitel - - # avon file transfer -> shs.pm.user.hu:80 - ProxyPass /avonxfr http://192.168.173.251/avonxfr - ProxyPassReverse /avonxfr http://192.168.173.251/avonxfr - - # erste file transfer -> shs.pm.user.hu:80 - ProxyPass /erstexfr http://192.168.173.251/erstexfr - ProxyPassReverse /erstexfr http://192.168.173.251/erstexfr - - # onyf file transfer -> shs.pm.user.hu:80 - ProxyPass /onyfxfr http://192.168.173.251/onyfxfr - ProxyPassReverse /onyfxfr http://192.168.173.251/onyfxfr - - # ubis file transfer -> shs.pm.user.hu:80 - ProxyPass /ubisxfr http://192.168.173.251/ubisxfr - ProxyPassReverse /ubisxfr http://192.168.173.251/ubisxfr - - # dvasary's redmine -> dvredmine.usr.user.hu:80 - ProxyPass /redmine http://10.228.62.193/ - ProxyPassReverse /redmine http://10.228.62.193/ - - # webdav store -> store.usr.user.hu:80 - #ProxyPass /store http://store.usr.user.hu/ - #ProxyPassReverse /store http://store.usr.user.hu/ - - - - ServerName hg.userrendszerhaz.hu - ServerAdmin webadmin@userrendszerhaz.hu - DocumentRoot "/var/www/htdocs.userrendszerhaz.hu.443" - - SSLCertificateFile /etc/letsencrypt/live/user/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/user/privkey.pem - Include /etc/letsencrypt/options-ssl-apache.conf - - - - Require all granted - - - - ProxyPass "/" "http://hg.pm.user.hu/jtrac" - - - - ServerName jtrac.userrendszerhaz.hu - ServerAdmin webadmin@userrendszerhaz.hu - DocumentRoot "/var/www/htdocs.userrendszerhaz.hu.443" - - SSLCertificateFile /etc/letsencrypt/live/user/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/user/privkey.pem - Include /etc/letsencrypt/options-ssl-apache.conf - - - - Require all granted - - - - ProxyPass /jtrac http://192.168.43.210/jtrac - ProxyPassReverse /jtrac http://192.168.43.210/jtrac - - - - ServerName minicrm.userrendszerhaz.hu - ServerAdmin webadmin@userrendszerhaz.hu - DocumentRoot "/var/www/htdocs.userrendszerhaz.hu.443" - - SSLCertificateFile /etc/letsencrypt/live/user/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/user/privkey.pem - Include /etc/letsencrypt/options-ssl-apache.conf - - - - Require all granted - - - - ProxyPass /minicrm http://minicrm.usr.user.hu:8080/minicrm - ProxyPassReverse /minicrm http://minicrm.usr.user.hu:8080/minicrm - - - - ServerName redmine.userrendszerhaz.hu - ServerAdmin webadmin@userrendszerhaz.hu - DocumentRoot "/var/www/htdocs.userrendszerhaz.hu.443" - - SSLCertificateFile /etc/letsencrypt/live/user/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/user/privkey.pem - Include /etc/letsencrypt/options-ssl-apache.conf - - - - Require all granted - - - - ProxyPass / http://10.228.62.193/ - ProxyPassReverse / http://10.228.62.193/ - diff --git a/sources/ws.pm.f30/postinstall/install/etc/httpd/conf.d/userrendszerhaz.hu.80.conf b/sources/ws.pm.f30/postinstall/install/etc/httpd/conf.d/userrendszerhaz.hu.80.conf deleted file mode 100644 index e837293..0000000 --- a/sources/ws.pm.f30/postinstall/install/etc/httpd/conf.d/userrendszerhaz.hu.80.conf +++ /dev/null @@ -1,56 +0,0 @@ - - ServerName www.userrendszerhaz.hu - ServerAlias userrendszerhaz.hu - ServerAdmin webadmin@userrendszerhaz.hu - DocumentRoot "/var/www/htdocs.userrendszerhaz.hu.80" - - - - Require all granted - - - - Redirect permanent / https://www.userrendszerhaz.hu/ - - - - ServerName jtrac.userrendszerhaz.hu - ServerAdmin webadmin@userrendszerhaz.hu - DocumentRoot "/var/www/htdocs.userrendszerhaz.hu.80" - - - - Require all granted - - - - Redirect permanent / https://jtrac.userrendszerhaz.hu/ - - - - ServerName minicrm.userrendszerhaz.hu - ServerAdmin webadmin@userrendszerhaz.hu - DocumentRoot "/var/www/htdocs.userrendszerhaz.hu.80" - - - - Require all granted - - - - Redirect permanent / https://minicrm.userrendszerhaz.hu/ - - - - ServerName redmine.userrendszerhaz.hu - ServerAdmin webadmin@userrendszerhaz.hu - DocumentRoot "/var/www/htdocs.userrendszerhaz.hu.80" - - - - Require all granted - - - - Redirect permanent / https://redmine.userrendszerhaz.hu/ - diff --git a/sources/xfr.pm.f30/config b/sources/xfr.pm.f30/config deleted file mode 100644 index 5ee0a21..0000000 --- a/sources/xfr.pm.f30/config +++ /dev/null @@ -1,20 +0,0 @@ -lxc.include = /usr/share/lxc/config/common.conf - -lxc.arch = x86_64 -lxc.uts.name = xfr.pm.user.hu -lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.mount.auto = proc:rw sys:ro -lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/www.xfr var/www.xfr none bind,create=dir 0 0 - -lxc.net.0.type = veth -lxc.net.0.flags = up -lxc.net.0.link = brh -lxc.net.0.hwaddr = 02:0c:18:03:ad:fb - -lxc.autodev = 1 - -lxc.signal.halt = SIGRTMIN+4 - -lxc.start.auto = 1 -lxc.start.order = 14 -lxc.start.delay = 3 diff --git a/sources/xfr.pm.f30/envvars b/sources/xfr.pm.f30/envvars deleted file mode 100644 index 41470d0..0000000 --- a/sources/xfr.pm.f30/envvars +++ /dev/null @@ -1,2 +0,0 @@ -BASE_PACKAGES="NetworkManager hostname initscripts iproute iputils rootfiles rsyslog tar vim-minimal" -SPEC_PACKAGES="httpd mod_wsgi" diff --git a/sources/xfr.pm.f30/firstboot/01_setupnetworking.sh b/sources/xfr.pm.f30/firstboot/01_setupnetworking.sh deleted file mode 100755 index c36534e..0000000 --- a/sources/xfr.pm.f30/firstboot/01_setupnetworking.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active NetworkManager.service -NM_RC=$? -WAITED=0 -while [ $NM_RC -ne 0 ] -do - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active NetworkManager.service - NM_RC=$? -done -[ $WAITED -eq 1 ] && echo - -CONNECTIONS=$(nmcli --terse connection show | wc -l) -while [ $CONNECTIONS -ne 1 ] -do - echo "Number of connections: $CONNECTIONS" >&2 - sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done - -CONNECTION_LINE=$(nmcli --terse connection show) -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') -CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id perimeter \ - connection.interface-name $CONNECTION_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "192.168.173.251/24" \ - ipv4.dns "192.168.173.174" \ - ipv4.dns-search "pm.user.hu" \ - ipv4.gateway "192.168.173.254" \ - ipv4.method "manual" \ - ipv6.method "ignore" \ - save yes - -nmcli connection show diff --git a/sources/xfr.pm.f30/firstboot/02_settimezone.sh b/sources/xfr.pm.f30/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/xfr.pm.f30/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/xfr.pm.f30/firstboot/03_setupldap.sh b/sources/xfr.pm.f30/firstboot/03_setupldap.sh deleted file mode 100755 index 4b58626..0000000 --- a/sources/xfr.pm.f30/firstboot/03_setupldap.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - - -exit 0 -authselect select sssd with-mkhomedir --force - -cat >>/etc/openldap/ldap.conf < - ServerName xfr.userrendszerhaz.hu - ServerAdmin webadmin@userrendszerhaz.hu - DocumentRoot "/var/www.xfr/htdocs.80" - - - - Require all granted - - - - - AuthType Basic - AuthName "Avon File Transfer" - AuthUserFile /var/www.xfr/auth/avonxfr.users - Require valid-user - - Options Indexes - - - Alias /avonxfr/download /var/www.xfr/htdocs.80/avonxfr/download - - - Options Indexes - - - - AuthType Basic - AuthName "Erste File Transfer" - AuthUserFile /var/www.xfr/auth/erstexfr.users - Require valid-user - - Options Indexes - - - Alias /erstexfr/download /var/www.xfr/htdocs.80/erstexfr/download - - - Options Indexes - - - - AuthType Basic - AuthName "ONYF File Transfer" - AuthUserFile /var/www.xfr/auth/onyfxfr.users - Require valid-user - - Options Indexes - - - Alias /onyfxfr/download /var/www.xfr/htdocs.80/onyfxfr/download - - - Options Indexes - - - - AuthType Basic - AuthName "UBIS File Transfer" - AuthUserFile /var/www.xfr/auth/ubisxfr.users - Require valid-user - - Options Indexes - - - Alias /ubisxfr/download /var/www.xfr/htdocs.80/ubisxfr/download - - - Options Indexes - - - WSGIDaemonProcess was.80 processes=1 threads=1 maximum-requests=10000 shutdown-timeout=5 - WSGIProcessGroup was.80 - WSGIScriptAlias /avonxfr/upload/do /var/www.xfr/wsgi.80/upload.wsgi - WSGIScriptAlias /erstexfr/upload/do /var/www.xfr/wsgi.80/upload.wsgi - WSGIScriptAlias /onyfxfr/upload/do /var/www.xfr/wsgi.80/upload.wsgi - WSGIScriptAlias /ubisxfr/upload/do /var/www.xfr/wsgi.80/upload.wsgi - - - - Require all granted - - - diff --git a/sources/xfr.pm/postinstall/install/etc/httpd/conf.d/xfr.80.conf b/sources/xfr.pm/postinstall/install/etc/httpd/conf.d/xfr.80.conf index c8733f4..491d731 100644 --- a/sources/xfr.pm/postinstall/install/etc/httpd/conf.d/xfr.80.conf +++ b/sources/xfr.pm/postinstall/install/etc/httpd/conf.d/xfr.80.conf @@ -5,6 +5,8 @@ WSGISocketPrefix run/wsgi ServerAdmin webadmin@userrendszerhaz.hu DocumentRoot "/var/www.xfr/htdocs.80" + IndexOptions NameWidth=* + Require all granted