refactoring
This commit is contained in:
parent
37a475c4ee
commit
f1b7ec18e8
|
@ -0,0 +1,155 @@
|
|||
# Quickstart
|
||||
|
||||
## Host configuration (debian)
|
||||
### sysctl.conf
|
||||
```
|
||||
net.core.default_qdisc = fq
|
||||
net.core.rmem_max = 134217728
|
||||
net.core.wmem_max = 134217728
|
||||
net.ipv4.conf.all.log_martians = 1
|
||||
net.ipv4.tcp_rmem = 4096 87380 67108864
|
||||
net.ipv4.tcp_wmem = 4096 65536 67108864
|
||||
net.ipv4.tcp_congestion_control = htcp
|
||||
net.ipv4.tcp_mtu_probing = 0
|
||||
net.ipv4.tcp_timestamps = 1
|
||||
net.ipv4.conf.default.accept_redirects = 0
|
||||
net.ipv4.conf.default.secure_redirects = 0
|
||||
net.ipv4.conf.default.send_redirects = 0
|
||||
net.ipv4.conf.all.rp_filter = 2
|
||||
net.ipv4.conf.all.accept_source_route = 0
|
||||
net.ipv4.tcp_syncookies = 1
|
||||
net.ipv6.conf.default.autoconf = 0
|
||||
net.ipv6.conf.default.accept_ra = 0
|
||||
net.ipv6.conf.default.accept_dad = 0
|
||||
net.ipv6.conf.default.accept_redirects = 0
|
||||
net.netfilter.nf_conntrack_checksum = 1
|
||||
net.netfilter.nf_conntrack_tcp_timeout_established = 120
|
||||
net.netfilter.nf_conntrack_log_invalid = 255
|
||||
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
|
||||
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 60
|
||||
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60
|
||||
net.netfilter.nf_conntrack_max = 524288
|
||||
net.netfilter.nf_conntrack_timestamp = 1
|
||||
net.netfilter.nf_conntrack_acct = 1
|
||||
```
|
||||
#### documentation
|
||||
- netfilter https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt
|
||||
|
||||
### Packages
|
||||
`apt install iptables-persistent docker tor`
|
||||
|
||||
### /etc/systemd/network/25-wan_interface.link
|
||||
- replace `aa:bb:cc:dd:ee:ff` with the MAC address of your VPS or server WAN interface
|
||||
```
|
||||
[Match]
|
||||
MACAddress=aa:bb:cc:dd:ee:ff
|
||||
|
||||
[Link]
|
||||
Description=WAN
|
||||
MACAddressPolicy=persistent
|
||||
Name=WAN
|
||||
```
|
||||
- `systemctl enable systemd-networkd`
|
||||
- `systemctl start systemd-networkd`
|
||||
- verify that your WAN interface is renamed to `WAN`
|
||||
|
||||
### IPTables
|
||||
```
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
-A POSTROUTING -o WAN -s 198.18.48.0/20 -j MASQUERADE
|
||||
COMMIT
|
||||
*filter
|
||||
:INPUT DROP [0:0]
|
||||
:FORWARD DROP [0:0]
|
||||
:OUTPUT DROP [0:0]
|
||||
:DOCKER-USER - [0:0]
|
||||
:INVALID_FORWARD - [0:0]
|
||||
:INVALID_IN - [0:0]
|
||||
:INVALID_OUT - [0:0]
|
||||
:LOG_FORWARD - [0:0]
|
||||
:LOG_INPUT - [0:0]
|
||||
:LOG_OUTPUT - [0:0]
|
||||
-A INPUT -m state --state INVALID -j INVALID_IN
|
||||
-A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
|
||||
-A INPUT -i WAN -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
-A INPUT -s 198.18.48.0/20 -d 198.18.48.1/32 -m udp -p udp --dport 53 -j ACCEPT
|
||||
-A INPUT -m tcp -p tcp --dport 22 -j ACCEPT
|
||||
-A INPUT -m tcp -p tcp --dport 6667 -j ACCEPT
|
||||
-A INPUT -m tcp -p tcp --dport 6697 -j ACCEPT
|
||||
-A INPUT -j LOG_INPUT
|
||||
-A FORWARD -m state --state INVALID -j INVALID_FORWARD
|
||||
-A FORWARD -s 198.18.0.0/20 -d 198.18.16.0/20 -j ACCEPT
|
||||
-A FORWARD -s 198.18.48.0/20 -d 198.18.16.0/20 -j ACCEPT
|
||||
-A FORWARD -s 198.18.16.0/20 -d 198.18.0.0/20 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
-A FORWARD -s 198.18.16.0/20 -d 198.18.48.0/20 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
-A FORWARD -s 198.18.48.0/20 ! -d 198.18.0.0/17 -j ACCEPT
|
||||
-A FORWARD ! -s 198.18.0.0/17 -d 198.18.48.0/20 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
-A FORWARD -j LOG_FORWARD
|
||||
-A OUTPUT -m state --state INVALID -j INVALID_OUT
|
||||
-A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
|
||||
-A OUTPUT -o WAN -j ACCEPT
|
||||
-A OUTPUT -s 198.18.48.1/32 -d 198.18.48.0/20 -m udp -p udp -j ACCEPT
|
||||
-A OUTPUT -j LOG_OUTPUT
|
||||
-A DOCKER-USER -j RETURN
|
||||
-A INVALID_FORWARD -m limit --limit 2/min -j LOG --log-prefix "4INVALID_FWD: "
|
||||
-A INVALID_FORWARD -j DROP
|
||||
-A INVALID_IN -m limit --limit 2/min -j LOG --log-prefix "4INVALID_IN: "
|
||||
-A INVALID_IN -j DROP
|
||||
-A INVALID_OUT -m limit --limit 2/min -j LOG --log-prefix "4INVALID_OUT: "
|
||||
-A INVALID_OUT -j DROP
|
||||
-A LOG_FORWARD -m limit --limit 2/min -j LOG --log-prefix "4FWD dropped: "
|
||||
-A LOG_FORWARD -j DROP
|
||||
-A LOG_INPUT -m limit --limit 2/min -j LOG --log-prefix "4IN dropped: "
|
||||
-A LOG_INPUT -j DROP
|
||||
-A LOG_OUTPUT -m limit --limit 2/min -j LOG --log-prefix "4OUT dropped: "
|
||||
-A LOG_OUTPUT -j DROP
|
||||
COMMIT
|
||||
```
|
||||
### /etc/tor/torrc
|
||||
```
|
||||
DNSPort 0.0.0.0:53
|
||||
Log notice syslog
|
||||
```
|
||||
- `systemctl enable tor`
|
||||
- `systemctl start tor`
|
||||
|
||||
### /etc/default/docker
|
||||
```
|
||||
DOCKER_OPTS="--dns='198.18.48.1' --userns-remap=default --iptables=false --ip-masq=false --bip=198.18.48.1/25 --fixed-cidr=198.18.48.0/25"
|
||||
```
|
||||
- `ip link del docker0`
|
||||
- `ip link add docker0 type bridge`
|
||||
- `ip addr add 198.18.48.1/25 dev docker0`
|
||||
|
||||
## Starting ircd
|
||||
### Console
|
||||
- `cd rb_console ; docker-compose up -d ; cd ..`
|
||||
|
||||
### Hub
|
||||
- `cd rb_hub ; docker-compose up -d ; cd ..`
|
||||
|
||||
### General leaf
|
||||
- `cd rb_general ; docker-compose up -d ; cd ..`
|
||||
|
||||
### Edge leaf
|
||||
- `cd rb_edge ; docker-compose up -d ; cd ..`
|
||||
|
||||
### Tor daemon
|
||||
- `cd rb_tor ; docker-compose up -d ; cd ..`
|
||||
|
||||
### Tor DMZ leaf
|
||||
- `cd rb_tor_dmz ; docker-compose up -d ; cd ..`
|
||||
|
||||
### Proxy DMZ leaf
|
||||
- `cd rb_proxy_dmz ; docker-compose up -d ; cd ..`
|
||||
|
||||
### Services
|
||||
- `cd rb_services ; docker-compose up -d ; cd ..`
|
||||
|
||||
## Uplinking
|
||||
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
version: "3.8"
|
||||
|
||||
networks:
|
||||
console_default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.3.8/30 # 198.18.0.0/20
|
||||
console:
|
||||
external:
|
||||
name: docker-ratbox_console
|
||||
services:
|
||||
console:
|
||||
restart: unless-stopped
|
||||
hostname: console
|
||||
domainname: netwerk.insecurity.corp
|
||||
userns_mode: "host"
|
||||
build:
|
||||
context: ./irssi
|
||||
dockerfile: Dockerfile
|
||||
command: "/usr/bin/irssi"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
TERM: xterm-256color
|
||||
IRCNICK: commodus
|
||||
IRCSERVER: 198.18.70.35
|
||||
IRCUSER: commodus
|
||||
IRCNAME: commodus
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
tty: true
|
||||
stdin_open: true
|
||||
networks:
|
||||
console_default:
|
||||
ipv4_address: 198.18.3.10
|
||||
console:
|
||||
ipv4_address: 198.18.70.34
|
||||
volumes:
|
||||
- ./irssi/volumes/.irssi:/home/console/.irssi
|
|
@ -1,12 +1,18 @@
|
|||
FROM debian:latest
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
RUN apt-get update && apt-get -y install subversion libssl-dev build-essential autoconf automake
|
||||
WORKDIR /tmp
|
||||
ENV NICK_LEN 9
|
||||
RUN apt-get update && apt-get -y install git subversion libssl-dev build-essential autoconf automake1.11 clang zlib1g-dev libsqlite3-dev
|
||||
RUN mkdir -p /tmp/ratbox
|
||||
WORKDIR /tmp/ratbox
|
||||
RUN svn co http://svn.ratbox.org/svnroot/ircd-ratbox/branches/RATBOX_3_0
|
||||
WORKDIR /tmp/RATBOX_3_0
|
||||
RUN ./configure && make && make install
|
||||
WORKDIR /tmp/ratbox/RATBOX_3_0
|
||||
RUN ./configure --enable-services --with-nicklen=${NICK_LEN}
|
||||
RUN make
|
||||
RUN make install
|
||||
RUN rm -rf /tmp/ratbox
|
||||
RUN apt -y remove git subversion libssl-dev build-essential autoconf automake1.11 clang zlib1g-dev libsqlite3-dev
|
||||
RUN groupadd -g 2000 ircd
|
||||
RUN useradd -m -u 2001 -g ircd ircd
|
||||
RUN useradd -m -u 2001 -g ircd ircd
|
||||
RUN mkdir -p /usr/local/ircd/logs
|
||||
RUN chown -R 2001:2000 /usr/local/ircd
|
||||
USER ircd
|
||||
|
|
|
@ -71,6 +71,15 @@ servers = (
|
|||
use_tls = "no";
|
||||
tls_verify = "no";
|
||||
autoconnect = "yes";
|
||||
},
|
||||
{
|
||||
address = "edge";
|
||||
chatnet = "edge";
|
||||
port = "6667";
|
||||
password = "password";
|
||||
use_tls = "no";
|
||||
tls_verify = "no";
|
||||
autoconnect = "yes";
|
||||
}
|
||||
);
|
||||
|
||||
|
@ -144,6 +153,7 @@ chatnets = {
|
|||
max_whois = "1";
|
||||
};
|
||||
hub = { type = "IRC"; autosendcmd = "/quote oper commodus password"; };
|
||||
edge = { type = "IRC"; autosendcmd = "/oper odysseus password"; };
|
||||
};
|
||||
|
||||
channels = (
|
|
@ -0,0 +1,75 @@
|
|||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.3.8/30 # 198.18.0.0/20
|
||||
hub:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.70.32/29 # 198.18.64.0/20
|
||||
edge:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.70.40/29 # 198.18.64.0/20
|
||||
general:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.70.48/29 # 198.18.64.0/20
|
||||
tor_dmz:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.70.56/29 # 198.18.64.0/20
|
||||
proxy_dmz:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.70.64/29 # 198.18.64.0/20
|
||||
|
||||
services:
|
||||
console:
|
||||
restart: unless-stopped
|
||||
hostname: console
|
||||
domainname: netwerk.insecurity.corp
|
||||
userns_mode: "host"
|
||||
build:
|
||||
context: ../irssi
|
||||
dockerfile: Dockerfile
|
||||
image: irssi:latest
|
||||
command: "/usr/bin/irssi"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
TERM: xterm-256color
|
||||
IRCNICK: commodus
|
||||
IRCSERVER: 198.18.70.35
|
||||
IRCUSER: commodus
|
||||
IRCNAME: commodus
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
tty: true
|
||||
stdin_open: true
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 198.18.3.10
|
||||
hub:
|
||||
ipv4_address: 198.18.70.34
|
||||
edge:
|
||||
ipv4_address: 198.18.70.43
|
||||
general:
|
||||
ipv4_address: 198.18.70.51
|
||||
tor_dmz:
|
||||
ipv4_address: 198.18.70.59
|
||||
proxy_dmz:
|
||||
ipv4_address: 198.18.70.67
|
||||
volumes:
|
||||
- ./.irssi/:/home/console/.irssi
|
|
@ -8,10 +8,10 @@ networks:
|
|||
- subnet: 198.18.3.12/30 # 198.18.0.0/20
|
||||
edge:
|
||||
external:
|
||||
name: docker-ratbox_edge_leaf
|
||||
name: rb_hub_edge_leaf
|
||||
console:
|
||||
external:
|
||||
name: docker-ratbox_console
|
||||
name: rb_console_edge
|
||||
|
||||
services:
|
||||
edge:
|
||||
|
@ -19,7 +19,10 @@ services:
|
|||
hostname: edge
|
||||
domainname: netwerk.insecurity.corp
|
||||
userns_mode: "host"
|
||||
image: "docker-ratbox_hub"
|
||||
build:
|
||||
context: ../ratbox
|
||||
dockerfile: Dockerfile
|
||||
image: ratbox:latest
|
||||
command: "/usr/local/ircd/bin/ircd -pidfile /run/ircd.pid -foreground || /usr/local/ircd/bin/ircd -conftest"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
|
@ -0,0 +1,75 @@
|
|||
.include <admin.conf>
|
||||
.include <modules.conf>
|
||||
.include <general.internal.conf>
|
||||
.include <classes.conf>
|
||||
.include <server.classes.conf>
|
||||
.include <channel.conf>
|
||||
|
||||
serverinfo {
|
||||
name = "edge.netwerk.insecurity.corp";
|
||||
sid = "32K";
|
||||
description = "N3tw3rk";
|
||||
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
|
||||
network_desc = "Powered by Eris-free Technology";
|
||||
hub = yes;
|
||||
default_max_clients = 102400;
|
||||
bandb = "ephemeral/db/edge.ban.db";
|
||||
};
|
||||
|
||||
serverhide {
|
||||
flatten_links = no;
|
||||
links_delay = 16 seconds;
|
||||
hidden = yes;
|
||||
disable_hidden = no;
|
||||
};
|
||||
|
||||
cluster {
|
||||
name = "*.netwerk.insecurity.corp";
|
||||
flags = kline, unkline, xline;
|
||||
name = "irc.netwerk.insecurity.corp";
|
||||
name = "ircd.netwerk.insecurity.corp";
|
||||
flags = locops;
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "console.netwerk.insecurity.corp";
|
||||
user = "*@198.18.70.34";
|
||||
class = "admins";
|
||||
flags = spambot_exempt, shide_exempt, jupe_exempt, no_tilde,
|
||||
gline_exempt, kline_exempt, exceed_limit;
|
||||
};
|
||||
|
||||
operator "odysseus" {
|
||||
user = "*@198.18.70.34";
|
||||
password = "password";
|
||||
|
||||
umodes = cconn, cconnext, debug, full, skill, nchange,
|
||||
rej, external, operwall, locops, unauth;
|
||||
|
||||
flags = ~encrypted, global_kill, remote, kline, unkline, gline,
|
||||
rehash, admin, xline, resv, operwall;
|
||||
};
|
||||
|
||||
connect "hub.netwerk.insecurity.corp" {
|
||||
host = "198.18.70.26";
|
||||
send_password = "password";
|
||||
accept_password = "password";
|
||||
port = 7003;
|
||||
aftype = ipv4;
|
||||
class = "hub_server";
|
||||
flags = autoconn;
|
||||
};
|
||||
|
||||
listen {
|
||||
host = "198.18.70.36";
|
||||
port = 6667;
|
||||
sslport = 6697;
|
||||
host = "198.18.70.27";
|
||||
port = 7003;
|
||||
sslport = 7103;
|
||||
};
|
||||
|
||||
exempt {
|
||||
ip = "198.18.64.0/20";
|
||||
ip = "127.0.0.0/8";
|
||||
};
|
|
@ -0,0 +1,43 @@
|
|||
version: "3.8"
|
||||
|
||||
networks:
|
||||
general_default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.55.0/30 # 198.18.48.0/20
|
||||
general:
|
||||
external:
|
||||
name: docker-ratbox_general_leaf
|
||||
console:
|
||||
external:
|
||||
name: docker-ratbox_console
|
||||
|
||||
services:
|
||||
general:
|
||||
restart: unless-stopped
|
||||
hostname: general
|
||||
domainname: netwerk.insecurity.corp
|
||||
userns_mode: "host"
|
||||
image: "docker-ratbox_hub"
|
||||
command: "/usr/local/ircd/bin/ircd -pidfile /run/ircd.pid -foreground || /usr/local/ircd/bin/ircd -conftest"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
networks:
|
||||
general_default:
|
||||
ipv4_address: 198.18.55.2
|
||||
general:
|
||||
ipv4_address: 198.18.70.3
|
||||
console:
|
||||
ipv4_address: 198.18.70.37
|
||||
volumes:
|
||||
- ./etc/:/usr/local/ircd/etc:rw
|
||||
- ./configs/general.conf:/usr/local/ircd/etc/ircd.conf:ro
|
||||
- ./ephemeral/logs:/usr/local/ircd/logs:rw
|
||||
- ./ephemeral/db:/usr/local/ircd/ephemeral/db:rw
|
|
@ -0,0 +1,78 @@
|
|||
.include <admin.conf>
|
||||
.include <modules.conf>
|
||||
.include <general.internal.conf>
|
||||
.include <classes.conf>
|
||||
.include <server.classes.conf>
|
||||
.include <channel.conf>
|
||||
|
||||
serverinfo {
|
||||
name = "general.netwerk.insecurity.corp";
|
||||
sid = "32K";
|
||||
description = "N3tw3rk";
|
||||
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
|
||||
network_desc = "N3tw3rk";
|
||||
hub = yes;
|
||||
default_max_clients = 102400;
|
||||
bandb = "ephemeral/db/general.ban.db";
|
||||
};
|
||||
|
||||
serverhide {
|
||||
flatten_links = no;
|
||||
links_delay = 16 seconds;
|
||||
hidden = yes;
|
||||
disable_hidden = no;
|
||||
};
|
||||
|
||||
cluster {
|
||||
name = "*.netwerk.insecurity.corp";
|
||||
flags = kline, unkline, xline;
|
||||
name = "irc.netwerk.insecurity.corp";
|
||||
name = "ircd.netwerk.insecurity.corp";
|
||||
flags = locops;
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "console.netwerk.insecurity.corp";
|
||||
user = "*@198.18.70.34";
|
||||
class = "admins";
|
||||
flags = spambot_exempt, shide_exempt, jupe_exempt, no_tilde,
|
||||
gline_exempt, kline_exempt, exceed_limit;
|
||||
};
|
||||
|
||||
operator "odysseus" {
|
||||
user = "*@198.18.70.34";
|
||||
password = "password";
|
||||
|
||||
umodes = cconn, cconnext, debug, full, skill, nchange,
|
||||
rej, external, operwall, locops, unauth;
|
||||
|
||||
flags = ~encrypted, global_kill, remote, kline, unkline, gline,
|
||||
rehash, admin, xline, resv, operwall;
|
||||
};
|
||||
|
||||
connect "hub.netwerk.insecurity.corp" {
|
||||
host = "198.18.70.2";
|
||||
send_password = "password";
|
||||
accept_password = "password";
|
||||
port = 7000;
|
||||
aftype = ipv4;
|
||||
class = "hub_server";
|
||||
flags = autoconn;
|
||||
};
|
||||
|
||||
listen {
|
||||
host = "198.18.55.2";
|
||||
port = 6667;
|
||||
sslport = 6697;
|
||||
host = "198.18.70.37";
|
||||
port = 6667;
|
||||
sslport = 6697;
|
||||
host = "198.18.70.3";
|
||||
port = 7000;
|
||||
sslport = 7100;
|
||||
};
|
||||
|
||||
exempt {
|
||||
ip = "198.18.64.0/20";
|
||||
ip = "127.0.0.0/8";
|
||||
};
|
|
@ -31,11 +31,9 @@ networks:
|
|||
- subnet: 198.18.70.24/29 # 198.18.64.0/20
|
||||
internal: true
|
||||
console:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.70.32/27 # 198.18.64.0/20
|
||||
|
||||
external:
|
||||
name: rb_console_hub
|
||||
|
||||
services:
|
||||
hub:
|
||||
restart: unless-stopped
|
||||
|
@ -43,9 +41,10 @@ services:
|
|||
domainname: netwerk.insecurity.corp
|
||||
userns_mode: "host"
|
||||
build:
|
||||
context: ./ratbox
|
||||
context: ../ratbox
|
||||
dockerfile: Dockerfile
|
||||
command: "/usr/local/ircd/bin/ircd -foreground -pidfile /usr/local/ircd/ephemeral/pid/hub.pid || /usr/local/ircd/bin/ircd -conftest"
|
||||
image: ratbox:latest
|
||||
command: "/usr/local/ircd/bin/ircd -foreground -pidfile /run/hub.pid || /usr/local/ircd/bin/ircd -conftest"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
|
@ -68,8 +67,8 @@ services:
|
|||
console:
|
||||
ipv4_address: 198.18.70.35
|
||||
volumes:
|
||||
- ./etc/:/usr/local/ircd/etc:rw
|
||||
- ./configs/hub.conf:/usr/local/ircd/etc/ircd.conf:ro
|
||||
- ./ephemeral/logs:/usr/local/ircd/logs:rw
|
||||
- ./ephemeral/db:/usr/local/ircd/ephemeral/db:rw
|
||||
- ./ephemeral/pid:/usr/local/ircd/ephemeral/pid:rw
|
||||
- ../etc/:/usr/local/ircd/etc:rw
|
||||
- ./hub.conf:/usr/local/ircd/etc/ircd.conf:ro
|
||||
- ../ephemeral/logs:/usr/local/ircd/logs:rw
|
||||
- ../ephemeral/db:/usr/local/ircd/ephemeral/db:rw
|
||||
- ../ephemeral/pid:/usr/local/ircd/ephemeral/pid:rw
|
|
@ -59,7 +59,7 @@ connect "general.netwerk.insecurity.corp" {
|
|||
class = "general_server";
|
||||
};
|
||||
|
||||
connect "tor.netwerk.insecurity.corp" {
|
||||
connect "tor-dmz.netwerk.insecurity.corp" {
|
||||
host = "198.18.70.12";
|
||||
send_password = "password";
|
||||
accept_password = "password";
|
||||
|
@ -68,7 +68,7 @@ connect "tor.netwerk.insecurity.corp" {
|
|||
class = "tor_dmz_server";
|
||||
};
|
||||
|
||||
connect "dmz.netwerk.insecurity.corp" {
|
||||
connect "proxy-dmz.netwerk.insecurity.corp" {
|
||||
host = "198.18.70.19";
|
||||
send_password = "password";
|
||||
accept_password = "password";
|
|
@ -0,0 +1,43 @@
|
|||
version: "3.8"
|
||||
|
||||
networks:
|
||||
proxy-dmz_default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.3.20/30 # 198.18.0.0/20
|
||||
proxy-dmz:
|
||||
external:
|
||||
name: docker-ratbox_proxy_leaf
|
||||
console:
|
||||
external:
|
||||
name: docker-ratbox_console
|
||||
|
||||
services:
|
||||
proxy-dmz:
|
||||
restart: unless-stopped
|
||||
hostname: proxy-dmz
|
||||
domainname: netwerk.insecurity.corp
|
||||
userns_mode: "host"
|
||||
image: "docker-ratbox_hub"
|
||||
command: "/usr/local/ircd/bin/ircd -pidfile /run/ircd.pid -foreground || /usr/local/ircd/bin/ircd -conftest"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
networks:
|
||||
proxy-dmz_default:
|
||||
ipv4_address: 198.18.3.22
|
||||
proxy-dmz:
|
||||
ipv4_address: 198.18.70.19
|
||||
console:
|
||||
ipv4_address: 198.18.70.37
|
||||
volumes:
|
||||
- ./etc/:/usr/local/ircd/etc:rw
|
||||
- ./configs/proxy-dmz.conf:/usr/local/ircd/etc/ircd.conf:ro
|
||||
- ./ephemeral/logs:/usr/local/ircd/logs:rw
|
||||
- ./ephemeral/db:/usr/local/ircd/ephemeral/db:rw
|
|
@ -57,6 +57,7 @@ connect "hub.netwerk.insecurity.corp" {
|
|||
port = 7003;
|
||||
aftype = ipv4;
|
||||
class = "hub_server";
|
||||
flags = autoconn;
|
||||
};
|
||||
|
||||
listen {
|
|
@ -0,0 +1,40 @@
|
|||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.55.4/30
|
||||
tor:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.70.64/29
|
||||
|
||||
services:
|
||||
tor:
|
||||
restart: unless-stopped
|
||||
hostname: tor
|
||||
domainname: tor-hidden-services.local
|
||||
userns_mode: "host"
|
||||
build:
|
||||
context: ../tor
|
||||
dockerfile: Dockerfile
|
||||
image: tor:latest
|
||||
command: "tor -f /tor/configs/torrc"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 198.18.55.6
|
||||
tor:
|
||||
ipv4_address: 198.18.70.66
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
volumes:
|
||||
- ./torrc:/tor/configs/torrc:ro
|
|
@ -0,0 +1,11 @@
|
|||
RunAsDaemon 0
|
||||
|
||||
SocksPort 0
|
||||
|
||||
DNSPort 0
|
||||
|
||||
TransPort 0
|
||||
|
||||
HiddenServiceDir /var/lib/tor/irc_6667/
|
||||
|
||||
HiddenServicePort 6667 198.18.70.67:6667
|
|
@ -0,0 +1,48 @@
|
|||
version: "3.8"
|
||||
|
||||
networks:
|
||||
tor-dmz_default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 198.18.3.24/30 # 198.18.0.0/20
|
||||
hub:
|
||||
external:
|
||||
name: docker-ratbox_tor_leaf
|
||||
console:
|
||||
external:
|
||||
name: docker-ratbox_console
|
||||
tor:
|
||||
external:
|
||||
name: docker-ratbox_tor
|
||||
|
||||
services:
|
||||
tor-dmz:
|
||||
restart: unless-stopped
|
||||
hostname: tor-dmz
|
||||
domainname: netwerk.insecurity.corp
|
||||
userns_mode: "host"
|
||||
image: "docker-ratbox_hub"
|
||||
command: "/usr/local/ircd/bin/ircd -pidfile /run/ircd.pid -foreground || /usr/local/ircd/bin/ircd -conftest"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
networks:
|
||||
tor-dmz_default:
|
||||
ipv4_address: 198.18.3.26
|
||||
hub:
|
||||
ipv4_address: 198.18.70.12
|
||||
console:
|
||||
ipv4_address: 198.18.70.38
|
||||
tor:
|
||||
ipv4_address: 198.18.70.67
|
||||
volumes:
|
||||
- ./etc/:/usr/local/ircd/etc:rw
|
||||
- ./configs/tor-dmz.conf:/usr/local/ircd/etc/ircd.conf:ro
|
||||
- ./ephemeral/logs:/usr/local/ircd/logs:rw
|
||||
- ./ephemeral/db:/usr/local/ircd/ephemeral/db:rw
|
|
@ -0,0 +1,75 @@
|
|||
.include <admin.conf>
|
||||
.include <modules.conf>
|
||||
.include <general.internal.conf>
|
||||
.include <classes.conf>
|
||||
.include <server.classes.conf>
|
||||
.include <channel.conf>
|
||||
|
||||
serverinfo {
|
||||
name = "edge.netwerk.insecurity.corp";
|
||||
sid = "32K";
|
||||
description = "N3tw3rk";
|
||||
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
|
||||
network_desc = "N3tw3rk";
|
||||
hub = yes;
|
||||
default_max_clients = 102400;
|
||||
bandb = "ephemeral/db/tor.ban.db";
|
||||
};
|
||||
|
||||
serverhide {
|
||||
flatten_links = no;
|
||||
links_delay = 16 seconds;
|
||||
hidden = yes;
|
||||
disable_hidden = no;
|
||||
};
|
||||
|
||||
cluster {
|
||||
name = "*.netwerk.insecurity.corp";
|
||||
flags = kline, unkline, xline;
|
||||
name = "irc.netwerk.insecurity.corp";
|
||||
name = "ircd.netwerk.insecurity.corp";
|
||||
flags = locops;
|
||||
};
|
||||
|
||||
auth {
|
||||
spoof = "console.netwerk.insecurity.corp";
|
||||
user = "*@198.18.70.34";
|
||||
class = "admins";
|
||||
flags = spambot_exempt, shide_exempt, jupe_exempt, no_tilde,
|
||||
gline_exempt, kline_exempt, exceed_limit;
|
||||
};
|
||||
|
||||
operator "tordmz" {
|
||||
user = "*@198.18.70.34";
|
||||
password = "password";
|
||||
|
||||
umodes = cconn, cconnext, debug, full, skill, nchange,
|
||||
rej, external, operwall, locops, unauth;
|
||||
|
||||
flags = ~encrypted, global_kill, remote, kline, unkline, gline,
|
||||
rehash, admin, xline, resv, operwall;
|
||||
};
|
||||
|
||||
connect "hub.netwerk.insecurity.corp" {
|
||||
host = "198.18.70.11";
|
||||
send_password = "password";
|
||||
accept_password = "password";
|
||||
port = 7001;
|
||||
aftype = ipv4;
|
||||
class = "hub_server";
|
||||
flags = autoconn;
|
||||
};
|
||||
|
||||
listen {
|
||||
host = "198.18.70.38";
|
||||
port = 6667;
|
||||
sslport = 6697;
|
||||
host = "198.18.70.27";
|
||||
port = 7003;
|
||||
sslport = 7103;
|
||||
};
|
||||
|
||||
exempt {
|
||||
ip = "198.18.64.0/20";
|
||||
ip = "127.0.0.0/8";
|
||||
};
|
|
@ -0,0 +1,4 @@
|
|||
FROM debian:latest
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
RUN apt-get update && apt-get -y install tor iputils-ping net-tools iproute2 iftop tcpdump mtr
|
||||
|
Loading…
Reference in New Issue