# Install VM Main Server -- Debian Buster 10.1.0
## Boot from Debian Buster 10.1.0 ISO file
### Download ISO files
* Install packages
| <span style="background-color:lightblue">`apt-get install`</span> ||
| ---------------- | --------------- |
| **`jigdo-file`** | Jigsaw Download |
* Download jigdo files
* https://cdimage.debian.org/debian-cd/current/amd64/jigdo-bd/
* <span style="background-color:lightblue">`jigdo-lite`</span> (in `/mnt/TMGN/iso/jigdo/debian-buster-10.1.0-amd64/`)
* jigdo: <span style="background-color:lightgreen">debian-10.1.0-amd64-BD-{1,2,3,4}.jigdo debian-edu-10.1.0-amd64-BD-1.jigdo</span>
* Files to scan: <span style="background-color:lightgreen"></span>
* Debian mirror [[trusted=yes]]: <span style="background-color:lightgreen">ftp://ftp.tw.debian.org/debian/</span>
* Debian non-US mirror: <span style="background-color:lightgreen">ftp://ftp.tw.debian.org/debian/</span>
### Boot from USB drive
* Copy ISO image to USB drive
* <span style="background-color:lightblue">`dd if=debian-10.1.0-amd64-BD-1.iso of=/dev/sdX bs=65536 oflag=direct`</span>
* Boot from USB drive
### Boot from ISO file in hard disk
* Prepare `.iso` image file
* Prepare a `ext4` disk partition
* `.iso` image file exceeds 4GB limit of `vfat` file system
* Copy `debian-10.1.0-amd64-BD-1.iso` into this `ext4` partition
* Prepare kernel modules being accessed while installation
* Prepare a `vfat` disk partition
* Only `vfat` fs module exists in CD's `initrd.gz`,
* Copy module packages into this `vfat` partition
| `pool/main/l/linux-signed-amd64/` | Description |
| --------------------------------- | ----------- |
| `ext4-modules-4.19.0-5-amd64-di_4.19.37-5_amd64.udeb` | ext4 file system for storing `.iso` image file |
| `loop-modules-4.19.0-5-amd64-di_4.19.37-5_amd64.udeb` | loopback device for mounting `.iso` image file
* Setup GRUB to enable boot from ISO file
* Prepare `/boot/grub/device.map`
* Correctly map `(hdX)` in GRUB and physical disks
* <span style="background-color:lightblue">`grub-mkdevicemap`</span>
* <span style="background-color:orange">`/boot/grub/device.map`</span>
```
(hd0) /dev/disk/by-id/ata-SanDisk_SD8SN8U256G1122_160908440972
(hd1) /dev/disk/by-id/ata-CT240BX200SSD1_1614F019EDFC
(hd2) /dev/disk/by-id/ata-ST1000DM003-1CH162_Z1D5CDJA
```
* <span style="background-color:orange">`/etc/grub.d/40_custom`</span>
```
insmod part_msdos
menuentry 'Debian install image' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-c4d18e61-2ff9-46b9-9a1d-e656c6318ce6' {
set isofile="/iso/Linux/debian-buster-10.1.0-amd64/debian-10.1.0-amd64-BD-1.iso"
insmod ext2
loopback loop (hd2,4)$isofile
echo "Starting $isofile..."
linux (loop)/install.amd/vmlinuz findiso=$isofile priority=low
initrd (loop)/install.amd/initrd.gz
}
```
Do not use `initrd.gz` from hd-media image, just use that in CD, since there
* <span style="background-color:lightblue">`grub-install /dev/sdc`</span>
* Booting
* GRUB: <span style="background-color:lightgreen">Debian install image</span>
* <span style="background-color:lightgreen">Alt-F2</span>: enter a console
* <span style="background-color:lightblue">`mount -t vfat /dev/sdXY /mnt/custom/module`</span>
* Install kernel modules
* <span style="background-color:lightblue">`udpkg -i /mnt/custom/module/ext4-modules-4.19.0-5-amd64-di_4.19.37-5_amd64.udeb`</span>
* <span style="background-color:lightblue">`udpkg -i /mnt/custom/module/loop-modules-4.19.0-5-amd64-di_4.19.37-5_amd64.udeb`</span>
* <span style="background-color:lightblue">`depmod`</span>
* <span style="background-color:lightblue">`modprobe ext4`</span>
* <span style="background-color:lightblue">`mount -t ext4 /dev/sdXY /mnt/custom/iso`</span>
* <span style="background-color:lightblue">`modprobe loop`</span>
## Install Debian Buster 10.1.0 amd64
* <span style="color:red">**Debian GNU/Linux UEFI Installer menu**</span>
<span style="background-color:lightgreen">Install</span>
* <span style="color:red">**[!!] Select a language**</span>
Language: <span style="background-color:lightgreen">English</span>
* <span style="color:red">**[!!] Select your location**</span>
Country, territory or area: <span style="background-color:lightgreen">other</span>
Continent or region: <span style="background-color:lightgreen">Asia</span>
Country, territory or area: <span style="background-color:lightgreen">Taiwan</span>
* <span style="color:red">**[!] Configure locales**</span>
Country to base default locale settings on: <span style="background-color:lightgreen">United States</span>
* <span style="color:red">**[!!] Configure the keyboard**</span>
Keymap to use: <span style="background-color:lightgreen">American English</span>
* <span style="color:red">**[!!] Configure the network**</span>
Primary network interface: <span style="background-color:lightgreen">enp2s0f0: Intel Corporation 82576 Gigabit Network Connection</span>
* <span style="color:red">**[!!] Configure the network**</span>
<span style="color:blue">Network autoconfiguration failed</span>
<span style="background-color:lightgreen">Continue</span>
* <span style="color:red">**[!!] Configure the network**</span>
Network configuration method: <span style="background-color:lightgreen">Configure network manually</span>
IP address: <span style="background-color:lightgreen">10.0.0.2</span>
Netmask: <span style="background-color:lightgreen">255.255.255.0</span>
Gateway: <span style="background-color:lightgreen"></span>
Name server addresses: <span style="background-color:lightgreen"></span>
* <span style="color:red">**[!] Configure the network**</span>
Hostname: <span style="background-color:lightgreen">vm-main</span>
Domain name: <span style="background-color:lightgreen">local</span>
* <span style="color:red">**[!!] Set up users and passwords**</span>
Root password: <span style="background-color:lightgreen">\*\*\*\*\*\*\*\*</span>
Re-enter password to verify: <span style="background-color:lightgreen">\*\*\*\*\*\*\*\*</span>
Full name for the new user: <span style="background-color:lightgreen">sysadm</span>
Username for your account: <span style="background-color:lightgreen">sysadm</span>
Choose a password for the new user: <span style="background-color:lightgreen">\*\*\*\*\*\*\*\*</span>
Re-enter password to verify: <span style="background-color:lightgreen">\*\*\*\*\*\*\*\*</span>
* <span style="color:red">**[!!] Partition disks**</span>
Force UEFI installation? <span style="background-color:lightgreen">No</span>
* <span style="color:red">**[!!] Partition disks**</span>
Partitioning method: <span style="background-color:lightgreen">Manual</span>
```
SCSI5 (0, 0, 0) (sdb) – 1.0 TB ATA ST1000DM010-2EP1
1.0 MB FREE SPACE
#1 931.5 GB f btrfs /home
335.4 kB FREE SPACE
SCSI5 (0, 0, 0) (sdc) – 256.1 GB ATA SanDisk SD8SN8U2
1.0 MB FREE SPACE
#1 254.8 MB K biosgrub
#2 2.0 GB f btrfs /boot
#3 20.0 GB f btrfs /
#4 233.8 GB f ext4 /var/lib/docker
335.4 kB FREE SPACE
```
<span style="background-color:lightgreen">Finish partitioning and write changes to disk</span>
Write the changes to disks? <span style="background-color:lightgreen">Yes</span>
* <span style="color:red">**[!] Configuring popularity-contest**</span>
Participate in the package usage survey? <span style="background-color:lightgreen">No</span>
* <span style="color:red">**[!] Software selection**</span>
Choose software to install:
<span style="background-color:lightgreen">[\*] Debian desktop environment</span>
<span style="background-color:lightgreen">[\*] SSH server</span>
<span style="background-color:lightgreen">[\*] standard system utilities</span>
* <span style="color:red">**[!] Install the GRUB boot loader on a hard disk**</span>
Install the GRUB boot loader to the master boot record? <span style="background-color:lightgreen">Yes</span>
* <span style="color:red">**[!] Install the GRUB boot loader on a hard disk**</span>
Device for boot loader installation: <span style="background-color:lightgreen">/dev/sda (ata-SanDisk_SD8SN8U256G1122_160908440972)</span>
Force GRUB installation to the EFI removable media path? <span style="background-color:lightgreen">Yes</span>
* <span style="color:red">**[!!] Finish the installation**</span>
<span style="color:blue">Installation complete</span>
<span style="background-color:lightgreen">Continue</span>
## Configure Xorg
* **Install firmwares**
* <span style="background-color:lightblue">`dmesg -S`</span>
* `[drm:radeon_pci_probe [radeon]] *ERROR* radeon kernel modesetting for R600 or later requires firmware installed`
* <span style="background-color:lightblue">`dpkg -i firmware-amd-graphics_20190114-2_all.deb`</span>
* https://packages.debian.org/buster/all/firmware-amd-graphics/download
* Non-free firmware for Radeon R600 driver
* `/boot/initrd.img-4.19.0-6-amd64` is updated
* No need to run <span style="background-color:lightblue">`grub-install /dev/sda`</span> since `initrd` is updated
* **Configurations**
| <span style="background-color:orange">`/etc/pam.d/gdm-password`</span> ||
| - | - |
| `#auth required pam_succeed_if.so user != root quite_success` | Allow root login from GDM |
| <span style="background-color:orange">`/etc/gdm3/greeter.dconf-defaults`</span> ||
| - | - |
| `[org/gnome/login-screen]`<br/>`disable-user-list=true` | Do not list user accounts<br/>while login |
| `[org/gnome/settings-daemon/plugins/power]`<br/>`sleep-inactive-ac-timeout=0`<br/>`sleep-inactive-ac-type='nothing'`<br/>`sleep-inactive-battery-timeout=0`<br/>`sleep-inactive-battery-type='nothing'`| Turn off power management |
| `[org/gnome/desktop/screensaver]`<br/>`idle-activation-enabled=false` | Disable screen saver |
* **Restart GDM**
* <span style="background-color:lightblue">`/etc/init.d/gdm3 restart`</span>
* **Configure clock**
<span style="background-color:yellow">[Activities]</span>
<span style="background-color:yellow">[Show Applications]</span>
<span style="background-color:yellow">[Tweeks]</span>
<span style="background-color:yellow">[Top Bar]</span>
**Clock**
Weekday <span style="background-color:lightgreen">ON</span>
Date <span style="background-color:lightgreen">ON</span>
Seconds <span style="background-color:lightgreen">ON</span>
* ~~**Configure audio**~~
<span style="background-color:yellow">[Activities]</span>
<span style="background-color:yellow">[Show Applications]</span>
<span style="background-color:yellow">[Settings]</span>
<span style="background-color:yellow">[Sound]</span>
<span style="background-color:yellow">[Output]</span>
Choose a device for sound output: <span style="background-color:lightgreen">RV620 HDMI Audio [Radeon HD 3400 Series] Digital Stereo (HDMI)</span>
* ~~**Disable screen saver**~~
<span style="background-color:yellow">[Activities]</span>
<span style="background-color:yellow">[Show Applications]</span>
<span style="background-color:yellow">[dconf Editor]</span>
<span style="background-color:yellow">[org.gnome.desktop.screensaver]</span>
idle-activation-enabled: <span style="background-color:lightgreen">[ ]</span>
## User accounts
| Account | Command | Comment |
| ----------------- | ------- | ------- |
| ~~**`backup`**~~ | <span style="background-color:lightblue">`smbpasswd -a backup`</span> | Used for system backups |
| **`vm`** | <span style="background-color:lightblue">`adduser vm`</span> | Account for VM administration |
| | <span style="background-color:lightblue">`addgroup vm backup`</span> | For accessing backup files |
## Network configuration
* ~~**Install packages**~~
| <span style="background-color:lightblue">`apt-get install`</span> ||
| ---------------- | - |
| **`resolvconf`** | |
* **Configure network interfaces**
* Configure `eno1`
* <span style="background-color:orange">`/etc/systemd/network/eno1.network`</span>
```
[Match]
Name=eno1
[Network]
```
* Configure `enp2s0f0`
* <span style="background-color:orange">`/etc/systemd/network/mac1@enp2s0f0.netdev`</span>
```
[NetDev]
Name=mac1@enp2s0f0
Kind=macvlan
[MACVLAN]
Mode=bridge
```
* <span style="background-color:orange">`/etc/systemd/network/mac1@enp2s0f0.network`</span>
```
[Match]
Name=mac1@enp2s0f0
[Network]
IPForward=yes
Address=10.0.0.2/24
Gateway=10.0.0.1
```
* <span style="background-color:orange">`/etc/systemd/network/enp2s0f0.network`</span>
```
[Match]
Name=enp2s0f0
[Network]
MACVLAN=mac1@enp2s0f0
```
* Configure `enp2s0f1`
* <span style="background-color:orange">`/etc/systemd/network/mac1@enp2s0f1.netdev`</span>
```
[NetDev]
Name=mac1@enp2s0f1
Kind=macvlan
[MACVLAN]
Mode=bridge
```
* <span style="background-color:orange">`/etc/systemd/network/mac1@enp2s0f1.network`</span>
```
[Match]
Name=mac1@enp2s0f1
[Network]
IPForward=yes
Address=172.16.0.2/24
```
* <span style="background-color:orange">`/etc/systemd/network/enp2s0f1.network`</span>
```
[Match]
Name=enp2s0f1
[Network]
MACVLAN=mac1@enp2s0f1
```
* **Modify services**
* <span style="background-color:lightblue">`systemctl disable network-manager`</span>
* <span style="background-color:lightblue">`systemctl enable systemd-networkd`</span>
* ~~**Disable auto-configuration of eth devices (a.k.a. eth0)**~~
<span style="background-color:yellow">[Activities]</span>
<span style="background-color:yellow">[Show Applications]</span>
<span style="background-color:yellow">[Settings]</span>
<span style="background-color:yellow">[Network]</span>
Ethernet (eno1) <span style="background-color:lightgreen">[]</span>
Ethernet (enp2s0f0) <span style="background-color:lightgreen">[]</span>
Ethernet (enp2s0f1) <span style="background-color:lightgreen">[]</span>
## System configurations
### Mount points
* **Install packages**
| <span style="background-color:lightblue">`apt-get install`</span> ||
| ---------------- | -------------- |
| **`cifs-utils`** | CIFS utilities |
* **Create mount points**
| <span style="background-color:lightblue">`mkdir -p`</span> ||
| --------------------- | ---------------- |
| **`/mnt/TMGN`** | NAS server |
| **`/mnt/debian/iso`<br/>`/mnt/debian/1`<br/>`/mnt/debian/2`<br/>`/mnt/debian/3`<br/>`/mnt/debian/4`** | Debian Buster BD ISO files |
| **`/mnt/vm`** | Virtual machines |
| **`/mnt/db`** | Databases |
| **`/mnt/vcs`** | VCSes |
| **`/mnt/www`** | WWW |
| **`/mnt/VirtualBox`** | VirtualBox |
* **Password file for accessing NAS**
* <span style="background-color:orange">`/etc/cifs/TMGN.passwd` (chmod 600)</span>
```
username=********
password=********
```
* **Mount table**
* <span style="background-color:orange">`/etc/fstab`</span>
```
+ //172.16.0.16/server/iso/Linux/debian-buster-10.1.0-amd64 /mnt/debian/iso cifs credentials=/etc/cifs/TMGN.passwd,ro 0 2
+ //172.16.0.16/server/vm /mnt/vm cifs credentials=/etc/cifs/TMGN.passwd,uid=vm,gid=vm 0 2
+ //172.16.0.16/server/db /mnt/db cifs credentials=/etc/cifs/TMGN.passwd,uid=www-data,gid=www-data,dir_mode=0775,file_mode=0664 0 2
+ //172.16.0.16/server/vcs /mnt/vcs cifs credentials=/etc/cifs/TMGN.passwd,uid=www-data,gid=www-data 0 2
+ //172.16.0.16/server/www /mnt/www cifs credentials=/etc/cifs/TMGN.passwd,uid=www-data,gid=www-data 0 2
+ //172.16.0.16/server/vm/VirtualBox /mnt/VirtualBox cifs credentials=/etc/cifs/TMGN.passwd,uid=vm,gid=vm,fsc 0 2
+ //172.16.0.16/server /mnt/TMGN cifs credentials=/etc/cifs/TMGN.passwd,uid=sysadm 0 2
+ /mnt/debian/iso/debian-10.1.0-amd64-BD-1.iso /mnt/debian/1 iso9660 ro,loop 0 0
+ /mnt/debian/iso/debian-10.1.0-amd64-BD-2.iso /mnt/debian/2 iso9660 ro,loop 0 0
+ /mnt/debian/iso/debian-10.1.0-amd64-BD-3.iso /mnt/debian/3 iso9660 ro,loop 0 0
+ /mnt/debian/iso/debian-10.1.0-amd64-BD-4.iso /mnt/debian/4 iso9660 ro,loop 0 0
```
* **Remount all**
* <span style="background-color:lightblue">`mount -a`</span>
### APT
* <span style="background-color:orange">`/etc/apt/sources.list`</span>
```
# deb cdrom:[.....]
+ deb [trusted=yes] file:///mnt/debian/1/debian/ buster main contrib
+ deb [trusted=yes] file:///mnt/debian/2/debian/ buster main contrib
+ deb [trusted=yes] file:///mnt/debian/3/debian/ buster main contrib
+ deb [trusted=yes] file:///mnt/debian/4/debian/ buster main contrib
# deb http://security.debian.org/ buster/updates main contrib
# deb-src http://security.debian.org/ buster/updates main contrib
```
* <span style="background-color:lightblue">`apt-get update`</span>
* **Install packages**
| <span style="background-color:lightblue">`apt-get install`</span> ||
| ------------------- | - |
| **`vim`** | |
| **`zip`** | |
| **`screen`** | |
| **`smartmontools`** | |
| **`net-tools`** | |
| ~~**`aufs-tools`**~~ | |
| ~~**`genisoimage`**~~ | |
### Software configurations
* **sudo**
| <span style="background-color:lightblue">`addgroup sysadm sudo`</span> | Allow administrator sudo |
| - | - |
* **vim**
| <span style="background-color:orange">`/etc/vim/vimrc`</span> ||
| ---------------- | ----------------------- |
| `syntax on` | Enable syntax highlight |
| `set mouse=a` | Enable mouse auto copy |
| + `set hlsearch` | Enable search highlight |
* **ssh daemon**
| <span style="background-color:orange">`/etc/ssh/sshd_config`</span> ||
| -------------------- | ----------------------------- |
| `PermitRootLogin no` | Deny root login from SSH |
| `UseDNS no` | Prevent waiting for SSH login |
* **Kernel modules**
| <span style="background-color:orange">`/etc/modprobe.d/loop.conf`</span> ||
| -------------------------- | ----------------------------------- |
| `options loop max_loop=64` | Maximum number of loop devices = 64 |
* **bash**
| <span style="background-color:orange">`/root/.bashrc`</span> ||
| -------------------------- | ---------------------- |
| `export LS_OPTIONS='--color=auto'`<br/>`eval $(dircolors)`<br/>`alias ls='ls $LS_OPTIONS'` | Show ls colors for root sh |
| + `. /etc/bash_completion` | Enable bash completion |
## Generate SSL ROOT certificate
### Generate root certificate
* Prepare `openssl.cnf`
* Generate root private key `abinitiogo.key`
* <span style="background-color:lightblue">`openssl genrsa -out private/abinitiogo.key 2048`</span>
* chmod: 640
* Generate root certificate `abinitiogo.crt`
* <span style="background-color:lightblue">`openssl req -new -sha512 -x509 -config openssl.cnf -key private/abinitiogo.key -out certs/abinitiogo.crt -days 7305`</span>
Country Name (2 letter code): <span style="background-color:lightgreen">TW</span>
State or Province Name (full name): <span style="background-color:lightgreen">Taiwan</span>
Locality Name (eg, city): <span style="background-color:lightgreen">Taipei</span>
Organization Name (eg, company): <span style="background-color:lightgreen">Ab Initio Go Organization</span>
Organizational Unit Name (eg, section): <span style="background-color:lightgreen">Certificate</span>
Common Name (e.g. server FQDN or YOUR name): <span style="background-color:lightgreen">abinitiogo.org</span>
Email Address: <span style="background-color:lightgreen">cert@abinitiogo.org</span>
* Prepare signing serial `abinitiogo.srl`
* <span style="background-color:lightblue">`echo 01 > certs/abinitiogo.srl`</span>
### Install root certificate
* Linux: Debian / Ubuntu
* Install packages
| <span style="background-color:lightblue">`apt-get install`</span> ||
| --------------------- | - |
| **`ca-certificates`** | |
* Obtain `abinitiogo.crt`, and put it in `/usr/local/share/ca-certificates/extra/`
* <span style="background-color:lightblue">`update-ca-certificates`</span>
### Generate client certificate
* At client side
* Generate certificate private key `ssl-cert.key`
* <span style="background-color:lightblue">`openssl genrsa -out private/ssl-cert.key 2048`</span>
* chmod: 640
* Generate certificate request `xxxxx.csr`
* <span style="background-color:lightblue">`openssl req -new -sha512 -config openssl.cnf -key private/ssl-cert.key -out reqs/xxxxx.csr`</span>
* At server side
* Obtain `xxxxx.csr` from client
* Generate client certificate `xxxxx.pem`
* <span style="background-color:lightblue">`openssl x509 -req -sha512 -extfile openssl.cnf -extensions v3_req -days 3652 -in reqs/xxxxx.csr -CA certs/abinitiogo.crt -CAkey private/abinitiogo.key -out certs/xxxxx.pem`</span>
* Deliver `xxxxx.pem` to client
## Install Docker
### References
https://docs.docker.com/install/linux/docker-ce/debian/
### Install Docker engine
* Install packages
| <span style="background-color:lightblue">`apt-get install`</span> ||
| -------------------------------- | - |
| **`apt-transport-https`** | |
| **`curl`** | |
| **`gnupg2`** | |
| **`software-properties-common`** | |
* Docker key
* <span style="background-color:lightblue">`curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -`</span>
* <span style="background-color:lightblue">`apt-key fingerprint 9DC858229FC7DD38854AE2D88D81803C0EBFCD88`</span>
* Docker repository
* <span style="background-color:orange">`/etc/apt/sources.list.d/docker.list`</span>
```
deb [arch=amd64] https://download.docker.com/linux/debian buster stable
```
* <span style="background-color:lightblue">`apt-get update`</span>
* Install Docker engine
| <span style="background-color:lightblue">`apt-get install`</span> | Version |
| ------------------- | ----------------------------- |
| **`docker-ce`** | `5:19.03.2~3-0~debian-buster` |
| **`docker-ce-cli`** | `5:19.03.2~3-0~debian-buster` |
| **`containerd.io`** | `1.2.6-3` |
* Configurations
* Enable user `vm` to access Docker
* <span style="background-color:lightblue">`addgroup vm docker`</span>
* Mount `/var/lib/docker` to a separate disk partition
* Link volume space
* <span style="background-color:lightblue">`ln -s /home/docker/volumes /var/lib/docker/volumes`</span>
* Enable Docker service
* <span style="background-color:lightblue">`systemctl enable docker`</span>
* <span style="background-color:lightblue">`systemctl start docker`</span>
### Install `docker-compose`
* Version 1.24.1
* <span style="background-color:lightblue">`curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose`</span>
* <span style="background-color:lightblue">`chmod +x /usr/local/bin/docker-compose`</span>
### Configure Docker networks
| Network | Command |
| ------- | ------- |
| eno1.docker-net<br/>eno1<br/>172.16.1.0/24 | <span style="background-color:lightblue">`docker network create --driver=macvlan --opt parent=eno1 --opt macvlan_mode=bridge --subnet=172.16.1.0/24 eno1.docker-net`</span> |
| enp2s0f0.docker-net<br/>enp2s0f0<br/>10.0.0.0/24 | <span style="background-color:lightblue">`docker network create --driver=macvlan --opt parent=enp2s0f0 --opt macvlan_mode=bridge --subnet=10.0.0.0/24 --gateway=10.0.0.1 enp2s0f0.docker-net`</span> |
| enp2s0f1.docker-net<br/>enp2s0f1<br/>172.16.0.0/24 | <span style="background-color:lightblue">`docker network create --driver=macvlan --opt parent=enp2s0f1 --opt macvlan_mode=bridge --subnet=172.16.0.0/24 --gateway=172.16.0.1 enp2s0f1.docker-net`</span> |
| dmz.docker-net<br/>172.18.0.0/16 | <span style="background-color:lightblue">`docker network create --driver=bridge --opt com.docker.network.bridge.name=br-d-dmz --opt com.docker.network.bridge.enable_ip_masquerade=false --subnet=172.18.0.0/16 --gateway=172.18.0.1 dmz.docker-net`</span> |
| adsl.docker-net<br/>192.168.255.0/29 | <span style="background-color:lightblue">`docker network create --driver=bridge --opt com.docker.network.bridge.name=br-d-adsl --opt com.docker.network.bridge.enable_ip_masquerade=false --subnet=192.168.255.0/29 --gateway=192.168.255.1 adsl.docker-net`</span> |
| l2tpd.docker-net<br/>192.168.255.8/29 | <span style="background-color:lightblue">`docker network create --driver=bridge --opt com.docker.network.bridge.name=br-d-l2tpd --opt com.docker.network.bridge.enable_ip_masquerade=false --subnet=192.168.255.8/29 --gateway=192.168.255.9 l2tpd.docker-net`</span> |
| pptpd.docker-net<br/>192.168.255.16/29 | <span style="background-color:lightblue">`docker network create --driver=bridge --opt com.docker.network.bridge.name=br-d-pptpd --opt com.docker.network.bridge.enable_ip_masquerade=false --subnet=192.168.255.16/29 --gateway=192.168.255.17 pptpd.docker-net`</span> |
### Setup boot
* <span style="background-color:orange">`/etc/rc.local (chmod 755)`</span>
```
#!/bin/sh
DOCKER_network_wait_ready() {
network=$1
for i in 0 1 2; do
for j in 0 1 2 3 4 5 6 7 8 9; do
if docker network inspect $network > /dev/null; then
return 0
fi
sleep 1
done
done
return 1
}
DOCKER_network_wait_ready dmz.docker-net || exit 1
ip addr del 172.18.0.1/16 dev br-d-dmz
ip addr add 172.18.255.254/16 dev br-d-dmz
DOCKER_network_wait_ready adsl.docker-net || exit 1
ip addr del 192.168.255.1/29 dev br-d-adsl
DOCKER_network_wait_ready l2tpd.docker-net || exit 1
ip addr del 192.168.255.9/29 dev br-d-l2tpd
DOCKER_network_wait_ready pptpd.docker-net || exit 1
ip addr del 192.168.255.17/29 dev br-d-pptpd
(cd ~vm/docker/network && runuser -u vm -- docker-compose up -d)
iptables -D DOCKER-ISOLATION-STAGE-1 -i br-d-dmz ! -o br-d-dmz -j DOCKER-ISOLATION-STAGE-2
```
Sign in with Wallet
Connect another wallet