From eab5eca5bda076aae57e6cc82b6e08dbd5025ff3 Mon Sep 17 00:00:00 2001
From: Tom Barrett <tom@tombarrett.xyz>
Date: Fri, 20 Mar 2020 04:30:39 -0500
Subject: new way of generating interfaces, only have to change hosts file now

---
 .gitignore                  |  2 ++
 configs/interfaces          | 14 ++++++++++++++
 configs/kerberos/interfaces | 14 --------------
 configs/kerberos/kadm5.acl  |  6 ------
 configs/kerberos/kdc.conf   | 16 ----------------
 configs/kerberos/krb5.conf  | 13 -------------
 configs/krb/kadm5.acl       |  6 ++++++
 configs/krb/kdc.conf        | 16 ++++++++++++++++
 configs/krb/krb5.conf       | 13 +++++++++++++
 configs/ldap/interfaces     | 14 --------------
 configs/nfs/interfaces      | 14 --------------
 create                      |  8 ++++----
 destroy                     | 12 ++++++------
 scripts/debian_roll         | 45 +++++++++++++++++++++++----------------------
 scripts/kerberos            | 22 ----------------------
 scripts/krb                 | 23 +++++++++++++++++++++++
 scripts/ldap                |  2 +-
 tmp/.gitignore              |  0
 18 files changed, 108 insertions(+), 132 deletions(-)
 create mode 100644 configs/interfaces
 delete mode 100644 configs/kerberos/interfaces
 delete mode 100644 configs/kerberos/kadm5.acl
 delete mode 100644 configs/kerberos/kdc.conf
 delete mode 100644 configs/kerberos/krb5.conf
 create mode 100644 configs/krb/kadm5.acl
 create mode 100644 configs/krb/kdc.conf
 create mode 100644 configs/krb/krb5.conf
 delete mode 100644 configs/ldap/interfaces
 delete mode 100644 configs/nfs/interfaces
 delete mode 100755 scripts/kerberos
 create mode 100755 scripts/krb
 create mode 100644 tmp/.gitignore

diff --git a/.gitignore b/.gitignore
index ef2917b..02036f1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 logs/*
 !logs/.gitignore
+tmp/*
+!tmp/.gitignore
diff --git a/configs/interfaces b/configs/interfaces
new file mode 100644
index 0000000..b663d7f
--- /dev/null
+++ b/configs/interfaces
@@ -0,0 +1,14 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+	address ADDRESS/24
+        post-up route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1
+        pre-down route del -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1
+
+source /etc/network/interfaces.d/*.cfg
diff --git a/configs/kerberos/interfaces b/configs/kerberos/interfaces
deleted file mode 100644
index cf65d6a..0000000
--- a/configs/kerberos/interfaces
+++ /dev/null
@@ -1,14 +0,0 @@
-# This file describes the network interfaces available on your system
-# and how to activate them. For more information, see interfaces(5).
-
-# The loopback network interface
-auto lo
-iface lo inet loopback
-
-auto eth0
-iface eth0 inet static
-	address 192.168.122.100/24
-        post-up route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1
-        pre-down route del -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1
-
-source /etc/network/interfaces.d/*.cfg
diff --git a/configs/kerberos/kadm5.acl b/configs/kerberos/kadm5.acl
deleted file mode 100644
index 76df603..0000000
--- a/configs/kerberos/kadm5.acl
+++ /dev/null
@@ -1,6 +0,0 @@
-# This file Is the access control list for krb5 administration.
-# When this file is edited run service krb5-admin-server restart to activate
-# One common way to set up Kerberos administration is to allow any principal 
-# ending in /admin  is given full administrative rights.
-# To enable this, uncomment the following line:
-*/admin *
diff --git a/configs/kerberos/kdc.conf b/configs/kerberos/kdc.conf
deleted file mode 100644
index baa19a0..0000000
--- a/configs/kerberos/kdc.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-[kdcdefaults]
-    kdc_ports = 750,88
-
-[realms]
-    HADES.HR = {
-        database_name = /var/lib/krb5kdc/principal
-        admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
-        acl_file = /etc/krb5kdc/kadm5.acl
-        key_stash_file = /etc/krb5kdc/stash
-        kdc_ports = 750,88
-        max_life = 10h 0m 0s
-        max_renewable_life = 7d 0h 0m 0s
-        master_key_type = des3-hmac-sha1
-        #supported_enctypes = aes256-cts:normal aes128-cts:normal
-        default_principal_flags = +preauth
-    }
diff --git a/configs/kerberos/krb5.conf b/configs/kerberos/krb5.conf
deleted file mode 100644
index c78717b..0000000
--- a/configs/kerberos/krb5.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-[libdefaults]
-	default_realm = HADES.HR
-
-[realms]
-	HADES.HR = {
-		kdc = krb.hades.hr
-		admin_server = krb.hades.hr
-		default_domain = hades.hr
-	}
-
-[domain_realm]
-	.hades.hr = HADES.HR
-	hades.hr = HADES.HR
diff --git a/configs/krb/kadm5.acl b/configs/krb/kadm5.acl
new file mode 100644
index 0000000..76df603
--- /dev/null
+++ b/configs/krb/kadm5.acl
@@ -0,0 +1,6 @@
+# This file Is the access control list for krb5 administration.
+# When this file is edited run service krb5-admin-server restart to activate
+# One common way to set up Kerberos administration is to allow any principal 
+# ending in /admin  is given full administrative rights.
+# To enable this, uncomment the following line:
+*/admin *
diff --git a/configs/krb/kdc.conf b/configs/krb/kdc.conf
new file mode 100644
index 0000000..baa19a0
--- /dev/null
+++ b/configs/krb/kdc.conf
@@ -0,0 +1,16 @@
+[kdcdefaults]
+    kdc_ports = 750,88
+
+[realms]
+    HADES.HR = {
+        database_name = /var/lib/krb5kdc/principal
+        admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+        acl_file = /etc/krb5kdc/kadm5.acl
+        key_stash_file = /etc/krb5kdc/stash
+        kdc_ports = 750,88
+        max_life = 10h 0m 0s
+        max_renewable_life = 7d 0h 0m 0s
+        master_key_type = des3-hmac-sha1
+        #supported_enctypes = aes256-cts:normal aes128-cts:normal
+        default_principal_flags = +preauth
+    }
diff --git a/configs/krb/krb5.conf b/configs/krb/krb5.conf
new file mode 100644
index 0000000..c78717b
--- /dev/null
+++ b/configs/krb/krb5.conf
@@ -0,0 +1,13 @@
+[libdefaults]
+	default_realm = HADES.HR
+
+[realms]
+	HADES.HR = {
+		kdc = krb.hades.hr
+		admin_server = krb.hades.hr
+		default_domain = hades.hr
+	}
+
+[domain_realm]
+	.hades.hr = HADES.HR
+	hades.hr = HADES.HR
diff --git a/configs/ldap/interfaces b/configs/ldap/interfaces
deleted file mode 100644
index 78fd4c1..0000000
--- a/configs/ldap/interfaces
+++ /dev/null
@@ -1,14 +0,0 @@
-# This file describes the network interfaces available on your system
-# and how to activate them. For more information, see interfaces(5).
-
-# The loopback network interface
-auto lo
-iface lo inet loopback
-
-auto eth0
-iface eth0 inet static
-	address 192.168.122.120/24
-        post-up route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1
-        pre-down route del -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1
-
-source /etc/network/interfaces.d/*.cfg
diff --git a/configs/nfs/interfaces b/configs/nfs/interfaces
deleted file mode 100644
index f5d11ed..0000000
--- a/configs/nfs/interfaces
+++ /dev/null
@@ -1,14 +0,0 @@
-# This file describes the network interfaces available on your system
-# and how to activate them. For more information, see interfaces(5).
-
-# The loopback network interface
-auto lo
-iface lo inet loopback
-
-auto eth0
-iface eth0 inet static
-	address 192.168.122.110/24
-        post-up route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1
-        pre-down route del -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.122.1
-
-source /etc/network/interfaces.d/*.cfg
diff --git a/create b/create
index 9790514..e7ff891 100755
--- a/create
+++ b/create
@@ -1,11 +1,11 @@
 #!/bin/bash
 set -e
 
-scripts/kerberos > logs/kerberos
-lxc-info -n kerberos
+scripts/krb > logs/krb
+lxc-info krb
 
 scripts/nfs > logs/nfs
-lxc-info -n nfs
+lxc-info nfs
 
 scripts/ldap > logs/ldap
-lxc-info -n ldap
+lxc-info ldap
diff --git a/destroy b/destroy
index 4f26cc9..d8f7712 100755
--- a/destroy
+++ b/destroy
@@ -1,13 +1,13 @@
 #!/bin/bash
 
-lxc-stop -n kerberos
-lxc-destroy -n kerberos
+lxc-stop krb
+lxc-destroy krb
 ssh-keygen -R "192.168.122.100"
 
-lxc-stop -n nfs
-lxc-destroy -n nfs
+lxc-stop nfs
+lxc-destroy nfs
 ssh-keygen -R "192.168.122.110"
 
-lxc-stop -n ldap
-lxc-destroy -n ldap
+lxc-stop ldap
+lxc-destroy ldap
 ssh-keygen -R "192.168.122.120"
diff --git a/scripts/debian_roll b/scripts/debian_roll
index 83b7d76..caf652c 100755
--- a/scripts/debian_roll
+++ b/scripts/debian_roll
@@ -7,35 +7,36 @@ PASS=tom
 ROOT_PASS=root
 
 # init
-lxc-create -n $NAME -t download -- --dist debian --release buster --arch amd64
-lxc-start  -n $NAME
+lxc-create $NAME -t download -- --dist debian --release buster --arch amd64
+lxc-start $NAME
 # TODO maybe just info until ip shows up?
 sleep 15
 
 # install basics
-lxc-attach -n $NAME -- apt-get update
-lxc-attach -n $NAME -- apt-get dist-upgrade
-lxc-attach -n $NAME -- apt-get install -y apt-utils
-lxc-attach -n $NAME -- apt-get install -y sudo openssh-server x11-xserver-utils
+lxc-attach $NAME -- apt-get update
+lxc-attach $NAME -- apt-get dist-upgrade
+lxc-attach $NAME -- apt-get install -y apt-utils
+lxc-attach $NAME -- apt-get install -y sudo openssh-server x11-xserver-utils
 
 # setup users
-lxc-attach -n $NAME -- bash -c 'echo -e "'$ROOT_PASS'\n'$ROOT_PASS'" | passwd'
-lxc-attach -n $NAME -- adduser $USER --gecos "" --disabled-password
-lxc-attach -n $NAME -- bash -c 'echo -e "'$PASS'\n'$PASS'" | passwd $USER'
+lxc-attach $NAME -- bash -c 'echo -e "'$ROOT_PASS'\n'$ROOT_PASS'" | passwd'
+lxc-attach $NAME -- adduser $USER --gecos "" --disabled-password
+lxc-attach $NAME -- bash -c 'echo -e "'$PASS'\n'$PASS'" | passwd $USER'
 
 # setup x11 forwarding
-lxc-attach -n $NAME -- bash -c 'echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config'
-lxc-attach -n $NAME -- bash -c 'echo "X11UseLocalhost yes" >> /etc/ssh/sshd_config'
-lxc-attach -n $NAME -- bash -c 'echo "PermitRootLogin yes" >> /etc/ssh/sshd_config'
-lxc-attach -n $NAME -- systemctl restart sshd
+lxc-attach $NAME -- bash -c 'echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config'
+lxc-attach $NAME -- bash -c 'echo "X11UseLocalhost yes" >> /etc/ssh/sshd_config'
+lxc-attach $NAME -- bash -c 'echo "PermitRootLogin yes" >> /etc/ssh/sshd_config'
+lxc-attach $NAME -- systemctl restart sshd
 
 # setup networking
-IP="$(lxc-info -n $NAME | grep IP | tr -s ' ' | cut -d ' ' -f 2)"
-sshpass -p $ROOT_PASS ssh-copy-id -o "StrictHostKeyChecking=no" root@$IP
-scp configs/$NAME/interfaces root@$IP:/etc/network/
-scp configs/hosts root@$IP:/etc/
-lxc-attach -n $NAME -- systemctl restart networking
-ssh-keygen -R "$IP"
-
-IP="$(lxc-info -n $NAME | grep IP | tr -s ' ' | cut -d ' ' -f 2)"
-sshpass -p $ROOT_PASS ssh-copy-id -o "StrictHostKeyChecking=no" root@$IP
+IP="$(lxc-info $NAME | grep IP | tr -s ' ' | cut -d ' ' -f 2)"
+DESIRED_IP="$(grep $NAME configs/hosts | cut -d ' ' -f 1)"
+
+sed "s/ADDRESS/$DESIRED_IP/" configs/interfaces > tmp/interfaces
+sshpass -p $ROOT_PASS scp -o "StrictHostKeyChecking=no" tmp/interfaces root@$IP:/etc/network/interfaces
+sshpass -p $ROOT_PASS scp -o "StrictHostKeyChecking=no" configs/hosts root@$IP:/etc/hosts
+lxc-attach $NAME -- systemctl restart networking
+
+# add ssh key
+sshpass -p $ROOT_PASS ssh-copy-id -o "StrictHostKeyChecking=no" root@$DESIRED_IP
diff --git a/scripts/kerberos b/scripts/kerberos
deleted file mode 100755
index 919ee7d..0000000
--- a/scripts/kerberos
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-set -e
-
-ROOT_PASS=root
-KRB5_PASS=krb5
-KRB5_ADMIN_PASS=pass
-USER_PASS=tommie
-
-scripts/debian_roll kerberos
-lxc-attach -n kerberos -v DEBIAN_FRONTEND=noninteractive -- apt-get -y install krb5-admin-server
-
-scp configs/kerberos/krb5.conf root@192.168.122.100:/etc/
-scp configs/kerberos/kdc.conf root@192.168.122.100:/etc/krb5kdc/
-scp configs/kerberos/kadm5.acl root@192.168.122.100:/etc/krb5kdc/
-
-lxc-attach -n kerberos -- bash -c 'echo -e "'$KRB5_PASS'\n'$KRB5_PASS'" | krb5_newrealm'
-lxc-attach -n kerberos -- bash -c 'echo -e "'$KRB5_ADMIN_PASS'\n'$KRB5_ADMIN_PASS'" | kadmin.local addprinc root/admin'
-
-lxc-attach -n kerberos -- systemctl restart krb5-admin-server
-lxc-attach -n kerberos -- systemctl restart krb5-kdc
-
-lxc-attach --clear-env -n kerberos -- bash -c 'echo -e "'$KRB5_ADMIN_PASS'\n'$USER_PASS'\n'$USER_PASS'\n" | kadmin addprinc tom'
diff --git a/scripts/krb b/scripts/krb
new file mode 100755
index 0000000..4df7fef
--- /dev/null
+++ b/scripts/krb
@@ -0,0 +1,23 @@
+#!/bin/bash
+set -e
+
+ROOT_PASS=root
+KRB5_PASS=krb5
+KRB5_ADMIN_PASS=pass
+USER_PASS=tommie
+IP="$(grep krb configs/hosts | cut -d ' ' -f 1)"
+
+scripts/debian_roll krb
+lxc-attach krb -v DEBIAN_FRONTEND=noninteractive -- apt-get -y install krb5-admin-server
+
+scp configs/krb/krb5.conf root@$IP:/etc/
+scp configs/krb/kdc.conf root@$IP:/etc/krb5kdc/
+scp configs/krb/kadm5.acl root@$IP:/etc/krb5kdc/
+
+lxc-attach krb -- bash -c 'echo -e "'$KRB5_PASS'\n'$KRB5_PASS'" | krb5_newrealm'
+lxc-attach krb -- bash -c 'echo -e "'$KRB5_ADMIN_PASS'\n'$KRB5_ADMIN_PASS'" | kadmin.local addprinc root/admin'
+
+lxc-attach krb -- systemctl restart krb5-admin-server
+lxc-attach krb -- systemctl restart krb5-kdc
+
+lxc-attach --clear-env krb -- bash -c 'echo -e "'$KRB5_ADMIN_PASS'\n'$USER_PASS'\n'$USER_PASS'\n" | kadmin addprinc tom'
diff --git a/scripts/ldap b/scripts/ldap
index 26afcf8..594f37b 100755
--- a/scripts/ldap
+++ b/scripts/ldap
@@ -2,4 +2,4 @@
 set -e
 
 scripts/debian_roll ldap
-#lxc-attach -n ldap -v DEBIAN_FRONTEND=noninteractive -- apt-get -y install slapd ldap-utils ldapscripts
+#lxc-attach ldap -v DEBIAN_FRONTEND=noninteractive -- apt-get -y install slapd ldap-utils ldapscripts
diff --git a/tmp/.gitignore b/tmp/.gitignore
new file mode 100644
index 0000000..e69de29
-- 
cgit v1.2.3