From dfd0273a2c15a037e02bdd9a7abf69c412a9f55a Mon Sep 17 00:00:00 2001
From: Disassembler <disassembler@dasm.cz>
Date: Fri, 22 Mar 2019 08:49:00 +0100
Subject: [PATCH] Implement VPN + SSH configuration

---
 _build/install-toolchain.sh         | 7 +------
 _build/root/.profile                | 2 +-
 _build/root/.ssh/authorized_keys    | 1 -
 _vm.sh                              | 4 ++--
 _vm/etc/network/interfaces          | 6 +++---
 _vm/etc/wireguard/wg0.conf.disabled | 3 +++
 vmmgr                               | 2 +-
 7 files changed, 11 insertions(+), 14 deletions(-)
 delete mode 100644 _build/root/.ssh/authorized_keys
 create mode 100644 _vm/etc/wireguard/wg0.conf.disabled

diff --git a/_build/install-toolchain.sh b/_build/install-toolchain.sh
index ae9f912..66f7c2c 100755
--- a/_build/install-toolchain.sh
+++ b/_build/install-toolchain.sh
@@ -5,7 +5,7 @@ cd $(realpath $(dirname "${0}"))
 
 # Install basic build tools
 apk update
-apk add git file htop less openssh-client openssh-server openssh-sftp-server tar xz
+apk add git file htop less openssh-client tar xz
 # Install Alpine SDK
 apk add alpine-sdk
 # Install Sphinx support
@@ -15,13 +15,8 @@ pip3 install recommonmark sphinx-markdown-tables
 # Copy root profile files and settings
 mkdir -p /root/.config/htop /root/.ssh
 cp root/.profile /root/.profile
-cp root/.ssh/authorized_keys /root/.ssh/authorized_keys
 cp root/.config/htop/htoprc /root/.config/htop/htoprc
 
-# Start SSH
-rc-update add sshd boot
-service sshd start
-
 # Prepare abuild toolchain
 adduser root abuild
 cp etc/abuild.conf /etc/abuild.conf
diff --git a/_build/root/.profile b/_build/root/.profile
index 8b14555..ecc3ad3 100644
--- a/_build/root/.profile
+++ b/_build/root/.profile
@@ -1,2 +1,2 @@
 alias ll="ls -la"
-alias view="vi"
+alias view="vi -R"
diff --git a/_build/root/.ssh/authorized_keys b/_build/root/.ssh/authorized_keys
deleted file mode 100644
index caa45cd..0000000
--- a/_build/root/.ssh/authorized_keys
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILc3Mu7OlKrV7VqDQZ31vT3I3JJxtNNBiemUTRQVOZ3I Disassembler
diff --git a/_vm.sh b/_vm.sh
index 1a99144..cee8fdd 100755
--- a/_vm.sh
+++ b/_vm.sh
@@ -86,10 +86,10 @@ chroot /mnt setup-timezone -z Europe/Prague
 # Install basic system
 apk --no-cache add apache2-utils gettext
 wget https://dl.dasm.cz/_vm.tar -O - | tar xf - -C /mnt
-chroot /mnt apk --no-cache add ca-certificates curl bridge e2fsprogs-extra gettext iptables kbd-misc libressl lxc postfix nginx util-linux wireguard-virt@et wireguard-tools-wg@et acme-sh@vm vmmgr@vm
+chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc libressl lxc postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt@et wireguard-tools-wg@et acme-sh@vm vmmgr@vm
 chroot /mnt newaliases
 mkdir /mnt/var/log/lxc
-for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix swap urandom vmmgr; do
+for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix sshd swap urandom vmmgr; do
     ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot
 done
 ADMINPWD=$(htpasswd -bnBC 10 "" "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst </mnt/etc/vmmgr/config.default.json >/mnt/etc/vmmgr/config.json
diff --git a/_vm/etc/network/interfaces b/_vm/etc/network/interfaces
index 646b496..beb0049 100644
--- a/_vm/etc/network/interfaces
+++ b/_vm/etc/network/interfaces
@@ -14,8 +14,8 @@ iface lxcbr0 inet static
 
 auto wg0
 iface wg0 inet static
-    address 172.18.0.2
-    netmask 255.255.255.252
+    address 172.17.255.1
+    netmask 255.255.255.0
     pre-up ip link add $IFACE type wireguard
-    pre-up wg setconf $IFACE /etc/wireguard/wg0.conf
+    pre-up wg setconf $IFACE /etc/wireguard/wg0.conf || ip link del $IFACE
     post-down ip link del $IFACE
diff --git a/_vm/etc/wireguard/wg0.conf.disabled b/_vm/etc/wireguard/wg0.conf.disabled
new file mode 100644
index 0000000..ffd3d6d
--- /dev/null
+++ b/_vm/etc/wireguard/wg0.conf.disabled
@@ -0,0 +1,3 @@
+[Interface]
+ListenPort = 51820
+PrivateKey = None
diff --git a/vmmgr b/vmmgr
index d863fe6..bba7e03 160000
--- a/vmmgr
+++ b/vmmgr
@@ -1 +1 @@
-Subproject commit d863fe6675db3da57a81600d3b53bade7712e192
+Subproject commit bba7e0383c4926a73b7485f83d8f7d2c5cfb7ad8