Implement VPN + SSH configuration

2019-03-22 08:49:00 +01:00 · 2019-03-22 08:49:00 +01:00 · dfd0273a2c
commit dfd0273a2c
parent 508cb47c1e
7 changed files with 11 additions and 14 deletions
--- a/_build/install-toolchain.sh
+++ b/_build/install-toolchain.sh
@ -5,7 +5,7 @@ cd $(realpath $(dirname "${0}"))

 # Install basic build tools
 apk update
-apk add git file htop less openssh-client openssh-server openssh-sftp-server tar xz
+apk add git file htop less openssh-client tar xz
 # Install Alpine SDK
 apk add alpine-sdk
 # Install Sphinx support
@ -15,13 +15,8 @@ pip3 install recommonmark sphinx-markdown-tables
 # Copy root profile files and settings
 mkdir -p /root/.config/htop /root/.ssh
 cp root/.profile /root/.profile
-cp root/.ssh/authorized_keys /root/.ssh/authorized_keys
 cp root/.config/htop/htoprc /root/.config/htop/htoprc

-# Start SSH
-rc-update add sshd boot
-service sshd start
-
 # Prepare abuild toolchain
 adduser root abuild
 cp etc/abuild.conf /etc/abuild.conf
--- a/_build/root/.profile
+++ b/_build/root/.profile
@ -1,2 +1,2 @@
 alias ll="ls -la"
-alias view="vi"
+alias view="vi -R"
--- a/_build/root/.ssh/authorized_keys
+++ b/_build/root/.ssh/authorized_keys
@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILc3Mu7OlKrV7VqDQZ31vT3I3JJxtNNBiemUTRQVOZ3I Disassembler
--- a/_vm.sh
+++ b/_vm.sh
@ -86,10 +86,10 @@ chroot /mnt setup-timezone -z Europe/Prague
 # Install basic system
 apk --no-cache add apache2-utils gettext
 wget https://dl.dasm.cz/_vm.tar -O - | tar xf - -C /mnt
-chroot /mnt apk --no-cache add ca-certificates curl bridge e2fsprogs-extra gettext iptables kbd-misc libressl lxc postfix nginx util-linux wireguard-virt@et wireguard-tools-wg@et acme-sh@vm vmmgr@vm
+chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc libressl lxc postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt@et wireguard-tools-wg@et acme-sh@vm vmmgr@vm
 chroot /mnt newaliases
 mkdir /mnt/var/log/lxc
-for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix swap urandom vmmgr; do
+for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix sshd swap urandom vmmgr; do
    ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot
 done
 ADMINPWD=$(htpasswd -bnBC 10 "" "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst </mnt/etc/vmmgr/config.default.json >/mnt/etc/vmmgr/config.json
--- a/_vm/etc/network/interfaces
+++ b/_vm/etc/network/interfaces
@ -14,8 +14,8 @@ iface lxcbr0 inet static

 auto wg0
 iface wg0 inet static
-    address 172.18.0.2
-    netmask 255.255.255.252
+    address 172.17.255.1
+    netmask 255.255.255.0
    pre-up ip link add $IFACE type wireguard
-    pre-up wg setconf $IFACE /etc/wireguard/wg0.conf
+    pre-up wg setconf $IFACE /etc/wireguard/wg0.conf || ip link del $IFACE
    post-down ip link del $IFACE
--- a/_vm/etc/wireguard/wg0.conf.disabled
+++ b/_vm/etc/wireguard/wg0.conf.disabled
@ -0,0 +1,3 @@
+[Interface]
+ListenPort = 51820
+PrivateKey = None
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit d863fe6675db3da57a81600d3b53bade7712e192
+Subproject commit bba7e0383c4926a73b7485f83d8f7d2c5cfb7ad8
				`@ -1 +0,0 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILc3Mu7OlKrV7VqDQZ31vT3I3JJxtNNBiemUTRQVOZ3I Disassembler`