#! /bin/bashnetworkd-systemd configuration /etc/systemd/network/net1.network
_______________________________________________________________________________
[Match]
Name=ens3
[Network]
Address=10.0.0.12/24
Gateway=10.0.0.1
DNS=10.0.0.1
/etc/systemd/network/net2.network
_______________________________________________________________________________
[Match]
Name=ens4
[Network]
Address=10.0.12.1/24
/etc/systemd/network/net3.network
_______________________________________________________________________________
[Match]
Name=ens5
[Address]
Address=10.0.112.1/24
/etc/unbound/unbound.conf:
_______________________________________________________________________________
server:
access-control: 10.0.0.0/24 allow
access-control: 10.0.2.0/24 allow
access-control: 10.0.12.0/24 allow
access-control: 10.0.112.0/24 allow
interface: 10.0.0.12
domain-insecure: "bujgrajel.una"
local-zone: "10.in-addr.arpa." nodefault
...
forward-zone:
name: "."
forward-addr: 10.0.0.1
...
stub-zone:
name: "bujgrajel.una"
stub-addr: 10.0.12.10
stub-addr: 10.0.112.10
stub-first: yes
stub-zone:
name: "10.in-addr.arpa"
stub-addr: 10.0.12.10
stub-addr: 10.0.112.10
stub-first: yes
/etc/sysctl.conf
_______________________________________________________________________________
net.ipv4.ip_forward = 1
/etc/postfix/master.cf
_______________________________________________________________________________
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_wrappermode=no
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
/etc/postfix/main.cf
_______________________________________________________________________________
myhostname = mail.bujgrajel.una
mydomain = bujgrajel.una
myorigin = $mydomain
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost, mail.$mydomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = mail/
virtual_alias_maps = hash:/etc/postfix/virtual
mynetworks = 10.0.0.0/24, 10.0.12.0/24, 10.0.112.0/24, 127.0.0.0/8
smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
smtpd_tls_protocols = !SSLv2, !SSLv3
/etc/postfix/virtual
_______________________________________________________________________________
[email protected] [email protected] , [email protected] , [email protected]
dovecot.conf
_______________________________________________________________________________
disable_plaintext_auth = no
mail_privileged_group = mail
mail_location = maildir:~/mail
userdb {
driver = passwd
}
passdb {
args = %s
driver = pam
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl=required
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
/etc/hostname
_______________________________________________________________________________
ns1
/etc/hosts
_______________________________________________________________________________
127.0.0.1 localhost
10.0.12.10 ns1.bujgrajel.una ns1
/etc/nsd/nsd.conf
_______________________________________________________________________________
server:
ip-address: 10.0.12.10
do-ip4: yes
port: 53
username: nsd
zonesdir: "/etc/nsd"
logfile: "/var/log/nsd.log"
pidfile: "/run/nsd/nsd.pid"
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 8952
server-key-file: "/etc/nsd/nsd_server.key"
server-cert-file: "/etc/nsd/nsd_server.pem"
control-key-file: "/etc/nsd/nsd_control.key"
control-cert-file: "/etc/nsd/nsd_control.pem"
key:
name: "key42"
algorithm: sha256
secret: "LN55XBn6Gpxy6uwRJGVG7uRxLlvRgz7mVRXzAVINMPs="
pattern:
name: "tosecondary"
notify: 10.0.112.10 key42
provide-xfr: 10.0.112.10 key42
outgoing-interface: 10.0.12.10
zone:
name: "bujgrajel.una"
include-pattern: "tosecondary"
zonefile: "bujgrajel.una.zone"
zone:
name: "10.in-addr.arpa"
include-pattern: "tosecondary"
zonefile: "10.zone"
bujgrajel.una.zone
_______________________________________________________________________________
$ORIGIN bujgrajel.una.
$TTL 1800
0 IN SOA ns1.bujgrajel.una. admin.bujgrajel.una. (
2020121603 ; serial number
3600 ; refresh
900 ; retry
1209600 ; expire
1800 ; till
)
; Name servers
IN NS ns1.bujgrajel.una.
IN NS ns2.bujgrajel.una.
; A record for name server
rt IN A 10.0.0.12
mail IN A 10.0.0.12
storage IN A 10.0.12.69
ns1 IN A 10.0.12.10
ns2 IN A 10.0.112.10
gw IN CNAME rt.bujgrajel.una.
bujgrajel.una. IN MX 10 mail.bujgrajel.una.
10.zone
_______________________________________________________________________________
$ORIGIN 10.in-addr.arpa
$TTL 1800
@ IN SOA ns1.bujgrajel.una. admin.bujgrajel.una. (
2020110501
3600
900
1209600
1800
)
IN NS ns1.bujgrajel.una.
IN NS ns2.bujgrajel.una.
10.12.10 IN PTR ns1.bujgrajel.una.
10.112.10 IN PTR ns2.bujgrajel.una.
12.0.0 IN PTR rt.bujgrajel.una.
12.0.0 IN PTR gw.bujgrajel.una.
12.0.0 IN PTR mail.bujgrajel.una.
69.12.0 IN PTR storage.bujgrajel.una.
/etc/hostname
_______________________________________________________________________________
ns2
/etc/hosts
_______________________________________________________________________________
127.0.0.1 localhost
10.0.112.10 ns2.bujgrajel.una ns2
/etc/nsd/nsd.conf
_______________________________________________________________________________
server:
ip-address: 10.0.112.10
do-ip4: yes
port: 53
username: nsd
zonesdir: "/etc/nsd"
logfile: "/var/log/nsd.log"
pidfile: "/run/nsd/nsd.pid"
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 8952
server-key-file: "/etc/nsd/nsd_server.key"
server-cert-file: "/etc/nsd/nsd_server.pem"
control-key-file: "/etc/nsd/nsd_control.key"
control-cert-file: "/etc/nsd/nsd_control.pem"
key:
name: "key42"
algorithm: sha256
secret: "LN55XBn6Gpxy6uwRJGVG7uRxLlvRgz7mVRXzAVINMPs="
pattern:
name: "fromprimary"
allow-notify: 10.0.12.10 key42
request-xfr: AXFR 10.0.12.10@53 key42
outgoing-interface: 10.0.112.10
zone:
name: "bujgrajel.una"
zonefile: "bujgrajel.com.zone"
include-pattern: "fromprimary"
zone:
name: "10.in-addr.arpa"
zonefile: "10.zone"
include-pattern: "fromprimary"
$ sudo mdadm --create --verbose /dev/md0 --level=6 --raid-devices=10 /dev/vd*
$ crypusetup -q luksFormat /dev/md0
$ cryptsetup luksOpen /dev/md0 big
$ pvcreate /dev/mapper/big
$ vgcreate bujgrajel /dev/mapper/big
$ lvcreate -L3G -n buj bujgrajel
$ lvcreate -L2G -n gra bujgrajel
$ lvcreate -L2G -n jel bujgrajel
$ mkfs.ext4 /dev/bujgrajel/buj
...
~/mount_bujgrajel.sh
_______________________________________________________________________________
#!/bin/bash
cryptsetup luksOpen /dev/md0 big
mount /dev/bujgrajel/buj /mnt/big/buj
mount /dev/bujgrajel/gra /mnt/big/gra
mount /dev/bujgrajel/jel /mnt/big/jel
NSD
