update: added a dhcp server and moved socat

This commit is contained in:
Kaley, Fischer 2024-04-17 07:36:48 +02:00
parent 28d8ec0788
commit eb4aaa3b57
12 changed files with 448 additions and 109 deletions

View file

@ -0,0 +1,116 @@
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "owo.nya";
default-lease-time 600;
max-lease-time 7200;
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
subnet 192.168.12.0 netmask 255.255.255.0 {
range 192.168.12.20 192.168.12.200;
option domain-name-servers 10.10.0.1;
option domain-name "owo.nya";
option routers 192.168.12.1;
}
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
#subnet 10.254.239.0 netmask 255.255.255.224 {
# range 10.254.239.10 10.254.239.20;
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}
# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.example.com";
#}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.example.com;
#}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}
#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}

View file

@ -0,0 +1,102 @@
# Server configuration file example for DHCPv6
# From the file used for TAHI tests - addresses chosen
# to match TAHI rather than example block.
# IPv6 address valid lifetime
# (at the end the address is no longer usable by the client)
# (set to 30 days, the usual IPv6 default)
default-lease-time 2592000;
# IPv6 address preferred lifetime
# (at the end the address is deprecated, i.e., the client should use
# other addresses for new connections)
# (set to 7 days, the usual IPv6 default)
preferred-lifetime 604800;
# T1, the delay before Renew
# (default is 1/2 preferred lifetime)
# (set to 1 hour)
option dhcp-renewal-time 3600;
# T2, the delay before Rebind (if Renews failed)
# (default is 3/4 preferred lifetime)
# (set to 2 hours)
option dhcp-rebinding-time 7200;
# Enable RFC 5007 support (same than for DHCPv4)
allow leasequery;
# Global definitions for name server address(es) and domain search list
option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
option dhcp6.domain-search "test.example.com","example.com";
# Set preference to 255 (maximum) in order to avoid waiting for
# additional servers when there is only one
##option dhcp6.preference 255;
# Server side command to enable rapid-commit (2 packet exchange)
##option dhcp6.rapid-commit;
# The delay before information-request refresh
# (minimum is 10 minutes, maximum one day, default is to not refresh)
# (set to 6 hours)
option dhcp6.info-refresh-time 21600;
# Static definition (must be global)
#host myclient {
# # The entry is looked up by this
# host-identifier option
# dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
#
# # A fixed address
# fixed-address6 3ffe:501:ffff:100::1234;
#
# # A fixed prefix
# fixed-prefix6 3ffe:501:ffff:101::/64;
#
# # Override of the global definitions,
# # works only when a resource (address or prefix) is assigned
# option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
#
# # For debug (to see when the entry statements are executed)
# # (log "sol" when a matching Solicitation is received)
# ##if packet(0,1) = 1 { log(debug,"sol"); }
#}
#
#host otherclient {
# # This host entry is hopefully matched if the client supplies a DUID-LL
# # or DUID-LLT containing this MAC address.
# hardware ethernet 01:00:80:a2:55:67;
#
# fixed-address6 3ffe:501:ffff:100::4321;
#}
# The subnet where the server is attached
# (i.e., the server has an address in this subnet)
#subnet6 3ffe:501:ffff:100::/64 {
# # Two addresses available to clients
# # (the third client should get NoAddrsAvail)
# range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
#
# # Use the whole /64 prefix for temporary addresses
# # (i.e., direct application of RFC 4941)
# range6 3ffe:501:ffff:100:: temporary;
#
# # Some /64 prefixes available for Prefix Delegation (RFC 3633)
# prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
#}
# A second subnet behind a relay agent
#subnet6 3ffe:501:ffff:101::/64 {
# range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
#
# # Override of the global definitions,
# # works only when a resource (address or prefix) is assigned
# option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
#
#}
# A third subnet behind a relay agent chain
#subnet6 3ffe:501:ffff:102::/64 {
# range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
#}

View file

@ -0,0 +1,158 @@
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.4.3-P1
# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;
server-duid "\000\001\000\001-\261\365a\002B\300\250\014\002";
lease 192.168.12.20 {
starts 3 2024/04/17 02:53:08;
ends 3 2024/04/17 03:03:08;
cltt 3 2024/04/17 02:53:08;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet bc:24:11:35:3e:af;
uid "\001\274$\0215>\257";
client-hostname "rander-standardpc";
}
lease 192.168.12.21 {
starts 3 2024/04/17 02:55:15;
ends 3 2024/04/17 03:05:15;
cltt 3 2024/04/17 02:55:15;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet bc:24:11:35:3e:af;
set vendor-class-identifier = "Linux ipconfig";
}
lease 192.168.12.20 {
starts 3 2024/04/17 02:58:38;
ends 3 2024/04/17 03:08:38;
cltt 3 2024/04/17 02:58:38;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet bc:24:11:35:3e:af;
uid "\001\274$\0215>\257";
set vendor-class-identifier = "PXEClient:Arch:00000:UNDI:002001";
client-hostname "manjaro";
}
lease 192.168.12.20 {
starts 3 2024/04/17 03:03:38;
ends 3 2024/04/17 03:13:38;
cltt 3 2024/04/17 03:03:38;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet bc:24:11:35:3e:af;
uid "\001\274$\0215>\257";
set vendor-class-identifier = "PXEClient:Arch:00000:UNDI:002001";
client-hostname "manjaro";
}
lease 192.168.12.21 {
starts 3 2024/04/17 02:55:15;
ends 3 2024/04/17 03:05:15;
tstp 3 2024/04/17 03:05:15;
cltt 3 2024/04/17 02:55:15;
binding state free;
hardware ethernet bc:24:11:35:3e:af;
set vendor-class-identifier = "Linux ipconfig";
}
lease 192.168.12.22 {
starts 3 2024/04/17 03:07:42;
ends 3 2024/04/17 03:17:42;
cltt 3 2024/04/17 03:07:42;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet bc:24:11:d8:b7:a7;
uid "\001\274$\021\330\267\247";
set vendor-class-identifier = "PXEClient:Arch:00000:UNDI:002001";
}
lease 192.168.12.23 {
starts 3 2024/04/17 03:08:09;
ends 3 2024/04/17 03:18:09;
cltt 3 2024/04/17 03:08:09;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet bc:24:11:d8:b7:a7;
client-hostname "(none)";
}
lease 192.168.12.20 {
starts 3 2024/04/17 03:08:38;
ends 3 2024/04/17 03:18:38;
cltt 3 2024/04/17 03:08:38;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet bc:24:11:35:3e:af;
uid "\001\274$\0215>\257";
set vendor-class-identifier = "PXEClient:Arch:00000:UNDI:002001";
client-hostname "manjaro";
}
lease 192.168.12.22 {
starts 3 2024/04/17 03:09:55;
ends 3 2024/04/17 03:19:55;
cltt 3 2024/04/17 03:09:55;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet bc:24:11:d8:b7:a7;
uid "\001\274$\021\330\267\247";
set vendor-class-identifier = "PXEClient:Arch:00000:UNDI:002001";
client-hostname "ubuntu";
}
lease 192.168.12.23 {
starts 3 2024/04/17 03:12:43;
ends 3 2024/04/17 03:22:43;
cltt 3 2024/04/17 03:12:43;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet bc:24:11:d8:b7:a7;
set vendor-class-identifier = "Linux ipconfig";
}
lease 192.168.12.20 {
starts 3 2024/04/17 03:13:38;
ends 3 2024/04/17 03:23:38;
cltt 3 2024/04/17 03:13:38;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet bc:24:11:35:3e:af;
uid "\001\274$\0215>\257";
set vendor-class-identifier = "PXEClient:Arch:00000:UNDI:002001";
client-hostname "manjaro";
}
lease 192.168.12.22 {
starts 3 2024/04/17 03:09:55;
ends 3 2024/04/17 03:19:55;
tstp 3 2024/04/17 03:19:55;
cltt 3 2024/04/17 03:12:09;
binding state free;
hardware ethernet bc:24:11:d8:b7:a7;
uid "\001\274$\021\330\267\247";
set vendor-class-identifier = "PXEClient:Arch:00000:UNDI:002001";
}
lease 192.168.12.23 {
starts 3 2024/04/17 03:12:43;
ends 3 2024/04/17 03:22:43;
tstp 3 2024/04/17 03:22:43;
cltt 3 2024/04/17 03:12:43;
binding state free;
hardware ethernet bc:24:11:d8:b7:a7;
set vendor-class-identifier = "Linux ipconfig";
}
lease 192.168.12.20 {
starts 3 2024/04/17 03:13:38;
ends 3 2024/04/17 03:23:38;
tstp 3 2024/04/17 03:23:38;
cltt 3 2024/04/17 03:13:38;
binding state free;
hardware ethernet bc:24:11:35:3e:af;
uid "\001\274$\0215>\257";
set vendor-class-identifier = "PXEClient:Arch:00000:UNDI:002001";
}

18
data/network/dhcp/int Normal file
View file

@ -0,0 +1,18 @@
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="vmbr0"
INTERFACESv6=""

View file

@ -4,10 +4,10 @@ networks:
name: netvm name: netvm
services: services:
openssh-server: pve-server2:
image: ssh-custom image: pve-custom2
build: ./pve build: ./pve
container_name: sshcustom-server container_name: pve-server2
privileged: true privileged: true
hostname: pve-owo hostname: pve-owo
networks: networks:
@ -17,12 +17,6 @@ services:
- PUID=1000 - PUID=1000
- PGID=1000 - PGID=1000
- TZ=Etc/UTC - TZ=Etc/UTC
- SUDO_ACCESS=true #optional
- PASSWORD_ACCESS=true #optional
- USER_PASSWORD=password #optional
- USER_PASSWORD_FILE=/path/to/file #optional
- USER_NAME=rander #optional
- LOG_STDOUT= #optional
volumes: volumes:
- "./data/logs:/var/log" - "./data/logs:/var/log"
- "./data/pve/pve_cluster:/var/lib/pve-cluster" - "./data/pve/pve_cluster:/var/lib/pve-cluster"
@ -30,18 +24,8 @@ services:
- "./data/bin:/srv/bin" - "./data/bin:/srv/bin"
- "./data/disks:/var/lib/vz" - "./data/disks:/var/lib/vz"
- "./data/network/interfaces:/etc/network/interfaces" - "./data/network/interfaces:/etc/network/interfaces"
- "./data/network/dhcp/conf:/etc/dhcp"
- "./data/network/dhcp/dhcpd.leases:/var/lib/dhcp/dhcpd.leases"
- "./data/network/dhcp/int:/etc/default/isc-dhcp-server"
- "/etc/resolv.conf:/etc/resolv.conf" - "/etc/resolv.conf:/etc/resolv.conf"
restart: unless-stopped restart: unless-stopped
socat-server:
image: socat-custom
build: ./sc
container_name: socat-server
privileged: true
networks:
netvm:
ipv4_address: 192.168.12.3
ports:
- 8006:8006
- 2222:22
restart: unless-stopped

View file

@ -1,4 +1,3 @@
# syntax=docker/dockerfile:1
FROM quay.io/toolbx-images/debian-toolbox:12 FROM quay.io/toolbx-images/debian-toolbox:12
ENV PVE_VERSION=8.1 \ ENV PVE_VERSION=8.1 \
@ -15,7 +14,7 @@ RUN apt-get update && \
RUN \ RUN \
echo "**** install runtime packages ****" && \ echo "**** install runtime packages ****" && \
apt update && apt install -y logrotate neovim netcat-openbsd sudo openssh-server wget systemctl curl gnupg ca-certificates rsyslog net-tools iputils-ping && \ apt update && apt install -y isc-dhcp-server kitty-terminfo btop logrotate neovim netcat-openbsd sudo openssh-server wget systemctl curl gnupg ca-certificates rsyslog net-tools iputils-ping && \
echo "**** setup openssh environment ****" && \ echo "**** setup openssh environment ****" && \
useradd -m rander && \ useradd -m rander && \
usermod --shell /bin/bash rander && \ usermod --shell /bin/bash rander && \
@ -81,9 +80,9 @@ RUN apt-get update && \
#set (temporary) password for root #set (temporary) password for root
RUN echo "root:root"|chpasswd RUN echo "root:root"|chpasswd
RUN systemctl enable pvenetcommit.service pve-firewall RUN systemctl enable pvenetcommit.service pve-firewall isc-dhcp-server
RUN mkdir -p /var/lib/dhcp && apt update && apt install ifupdown2 -y || true && mkdir -p /run/sshd && systemctl enable networking RUN mkdir -p /var/lib/dhcp && apt update && apt install ifupdown2 -y || true
# add local files # add local files
EXPOSE 2222 EXPOSE 2222
@ -93,8 +92,6 @@ COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh RUN chmod +x /entrypoint.sh
RUN mkdir -p /run/ssh systemctl enable ssh
#use setup.sh to start proxmox service #use setup.sh to start proxmox service
STOPSIGNAL SIGINT STOPSIGNAL SIGINT
ENTRYPOINT [ "/entrypoint.sh" ] ENTRYPOINT [ "/entrypoint.sh" ]

View file

@ -31,6 +31,7 @@ docker_setup_pve() {
echo "root:$ADMIN_PASSWORD"|chpasswd echo "root:$ADMIN_PASSWORD"|chpasswd
} }
systemctl start networking && systemctl start isc-dhcp-server &
RELAY_HOST=${RELAY_HOST:-ext.home.local} RELAY_HOST=${RELAY_HOST:-ext.home.local}
sed -i "s/RELAY_HOST/$RELAY_HOST/" /etc/postfix/main.cf sed -i "s/RELAY_HOST/$RELAY_HOST/" /etc/postfix/main.cf
PVE_ENTERPRISE=${PVE_ENTERPRISE:-no} PVE_ENTERPRISE=${PVE_ENTERPRISE:-no}
@ -39,28 +40,6 @@ rm -f /etc/apt/sources.list.d/pve-enterprise.list
docker_verify_minimum_env docker_verify_minimum_env
echo 'rander:12345' | chpasswd echo 'rander:12345' | chpasswd
mkdir -p /run/sshd
chmod 755 /run/sshd
/usr/sbin/sshd
#ip route add default via 192.168.0.2/20
#bridge
#brctl addbr vmbr0 eth1
#brctl addif vmbr0 eth1
#ip link set vmbr0 up
# Start api first in background
#echo -n "Starting Proxmox VE API..."
#/usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-backup-api &
#while true; do
# if [ ! -f /run/proxmox-backup/api.pid ]; then
# echo -n "..."
# sleep 3
# else
# break
# fi
#done
#echo "OK"
docker_setup_pve docker_setup_pve
@ -73,6 +52,8 @@ if [ -n "$ENABLE_PVE_FIREWALL" -a "$ENABLE_PVE_FIREWALL" == "no" ]; then
systemctl mask pve-firewall.service systemctl mask pve-firewall.service
fi fi
mkdir /run/sshd && chmod 0755 /run/sshd && /usr/sbin/sshd &
systemctl start networking && systemctl start isc-dhcp-server &
echo "Running PVE..." echo "Running PVE..."
exec "$@" exec "$@"

View file

@ -1,56 +0,0 @@
#!/bin/bash
set -eo pipefail
shopt -s nullglob
ADMIN_PASSWORD="nyaowo"
# Verify that the minimally required password settings are set for new databases.
docker_setup_pve() {
#Set pve user
echo "root:$ADMIN_PASSWORD"|chpasswd
}
mkdir -p /var/lib/dhcp
#sudo apt install ifupdown2 -y || true
echo 'rander:12345' | chpasswd
mkdir -p /run/sshd
sudo chmod 755 /run/sshd
/usr/sbin/sshd
sudo socat -dd TCP-LISTEN:8006,fork,reuseaddr,keepalive,keepidle=60,keepintvl=60 TCP:192.168.12.2:8006,keepalive,keepidle=60,keepintvl=60 && \
sudo socat -dd TCP-LISTEN:2222,fork,reuseaddr,keepalive,keepidle=60,keepintvl=60 TCP:192.168.12.2:22,keepalive,keepidle=60,keepintvl=60
#systemctl enable networking
#ip route add default via 192.168.0.2/20
#bridge
#brctl addbr vmbr0 eth1
#brctl addif vmbr0 eth1
#ip link set vmbr0 up
# Start api first in background
#echo -n "Starting Proxmox VE API..."
#/usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-backup-api &
#while true; do
# if [ ! -f /run/proxmox-backup/api.pid ]; then
# echo -n "..."
# sleep 3
# else
# break
# fi
#done
#echo "OK"
docker_setup_pve
echo "Running SOCAT..."
exec "$@"
while true; do
# Your commands or checks here
sleep 60 # Adjust the sleep interval as needed
done
#exec gosu backup /usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-backup-proxy "$@"

3
socat/data/socat.sh Normal file
View file

@ -0,0 +1,3 @@
socat -dd TCP-LISTEN:8006,fork,reuseaddr,keepalive,keepidle=60,keepintvl=60 TCP:192.168.12.2:8006,keepalive,keepidle=60,keepintvl=60 &
socat -dd TCP-LISTEN:2222,fork,reuseaddr,keepalive,keepidle=60,keepintvl=60 TCP:192.168.12.2:22,keepalive,keepidle=60,keepintvl=60 &

20
socat/docker-compose.yml Normal file
View file

@ -0,0 +1,20 @@
networks:
netvm:
external: true
name: netvm
services:
socat-server:
image: socat-custom
build: ./sc
container_name: socat-server
privileged: true
networks:
netvm:
ipv4_address: 192.168.12.3
ports:
- 8006:8006
- 2222:2222
volumes:
- "./data/socat.sh:/root/socat.sh"
restart: unless-stopped

View file

@ -15,10 +15,8 @@ RUN apt-get update && \
RUN \ RUN \
echo "**** install runtime packages ****" && \ echo "**** install runtime packages ****" && \
apt update && apt install -y socat logrotate neovim netcat-openbsd sudo openssh-server wget systemctl curl gnupg ca-certificates rsyslog net-tools iputils-ping && \ apt update && apt install -y socat logrotate btop kitty-terminfo neovim netcat-openbsd sudo wget systemctl curl gnupg ca-certificates rsyslog net-tools iputils-ping && \
echo "**** setup openssh environment ****" && \ echo "**** setup openssh environment ****" && \
useradd -m rander && \
usermod --shell /bin/bash rander && \
rm -rf \ rm -rf \
/tmp/* \ /tmp/* \
$HOME/.cache $HOME/.cache

18
socat/sc/entrypoint.sh Normal file
View file

@ -0,0 +1,18 @@
#!/bin/bash
set -eo pipefail
shopt -s nullglob
ADMIN_PASSWORD="nyaowo"
# Verify that the minimally required password settings are set for new databases.
echo "root:$ADMIN_PASSWORD"|chpasswd
mkdir -p /var/lib/dhcp
/bin/bash /root/socat.sh &
echo "Running SOCAT..."
exec "$@"
while true; do
# Your commands or checks here
sleep 60 # Adjust the sleep interval as needed
done