diff --git a/goss/goss.yaml b/goss/goss.yaml new file mode 100644 index 0000000..676f342 --- /dev/null +++ b/goss/goss.yaml @@ -0,0 +1,61 @@ +package: + apache2: + installed: true + versions: + - 2.4.52-1~deb11u2 + wireguard: + installed: true + versions: + - 1.0.20210223-1 +port: + tcp6:80: + listening: true + ip: [] + tcp:3306: + listening: true + ip: + - 127.0.0.1 +service: + apache2: + enabled: true + running: true + mysql: + enabled: true + running: true + ssh: + enabled: true + running: true +user: + mysql: + exists: true + uid: 106 + gid: 113 + groups: + - mysql + home: /nonexistent + shell: /bin/false +group: + mysql: + exists: true + gid: 113 + ssh: + exists: true + gid: 111 +process: + apache2: + running: true +http: + http://onfarbo42/adminer.php: + status: 200 + allow-insecure: false + no-follow-redirects: false + timeout: 5000 + body: + - Adminer + http://onfarbo42/doku/doku.php: + status: 200 + allow-insecure: false + no-follow-redirects: false + timeout: 5000 + body: + - MISSION diff --git a/wireguard/android.sh b/wireguard/android.sh new file mode 100644 index 0000000..e270eaf --- /dev/null +++ b/wireguard/android.sh @@ -0,0 +1,79 @@ +#!/bin/bash +set -u +set -e + +AddressAwg=10.0.0.1/32 # Adresse VPN Wireguard extremite A +EndpointA=10.121.38.68 # Adresse extremite A +PortA=51820 # Port ecoute extremite A +AddressBwg=10.0.0.2/32 # Adresse VPN Wireguard extremite B +EndpointB=192.168.1.82 # Adresse extremite B +PortB=51820 # Port ecoute extremite B +AddressCwg=10.0.0.3/32 +EndpointC=x.y.z.t +PortC=51820 + +umask 077 ; +wg genkey > endpoint-a.key +wg pubkey < endpoint-a.key > endpoint-a.pub + +wg genkey > endpoint-b.key +wg pubkey < endpoint-b.key > endpoint-b.pub + +wg genkey > endpoint-c.key +wg pubkey < endpoint-c.key > endpoint-c.pub + +PKA=$(cat endpoint-a.key) +pKA=$(cat endpoint-a.pub) +PKB=$(cat endpoint-b.key) +pKB=$(cat endpoint-b.pub) +PKC=$(cat endpoint-c.key) +pKC=$(cat endpoint-c.pub) + +cat < wg0-a.conf +# local settings for Endpoint A +[Interface] +PrivateKey = $PKA +Address = $AddressAwg +ListenPort = $PortA + +# remote settings for Endpoint B +[Peer] +PublicKey = $pKB +#Endpoint = ${EndpointB}:$PortB +AllowedIPs = $AddressBwg + +# remote settings for Endpoint C +[Peer] +PublicKey = $pKC +#EndPoint = ${EndpointC}:$PortC +AllowedIPs = $AddressCwg +FINI + + +cat < wg0-b.conf +# local settings for Endpoint B +[Interface] +PrivateKey = $PKB +Address = $AddressBwg +ListenPort = $PortB + +# remote settings for Endpoint A +[Peer] +PublicKey = $pKA +Endpoint = ${EndpointA}:$PortA +AllowedIPs = $AddressAwg +FINI + +cat < wg0-c.conf +# local settings for Endpoint C +[Interface] +PrivateKey = $PKC +Address = $AddressCwg +ListenPort = $PortC + +# remote settings for Endpoint A +[Peer] +PublicKey = $pKA +Endpoint = ${EndpointA}:$PortA +AllowedIPs = $AddressAwg +FINI diff --git a/wireguard/wg0-b.conf b/wireguard/wg0-b.conf index 44343e7..cbcaa40 100644 --- a/wireguard/wg0-b.conf +++ b/wireguard/wg0-b.conf @@ -1,11 +1,15 @@ # local settings for Endpoint B [Interface] -PrivateKey = 0Nb+sT20LbiRTMk4Ll5FsASVSFTgdA+JyMpd8shxJFA= +PrivateKey = oMcR7DZkrkUumSdvGgC3F/uuLVYICP8kTF/6BdNsFGU= Address = 10.0.0.2/32 ListenPort = 51820 +# IP forwarding +PreUp = sysctl -w net.ipv4.ip_forward=1 + # remote settings for Endpoint A [Peer] -PublicKey = uKQUgVq/uud3tIV2Qibth/8YHzDL2Z0SmcsnC+LkAms= -Endpoint = 10.121.38.68:51820 -AllowedIPs = 10.0.0.1/32 +PublicKey = ihizRzwgz/HEF8QHNPRYa7LYB/HTtnwWZlHltI0ZdDc= +Endpoint = 192.168.0.51:51820 +AllowedIPs = 10.0.0.1/32, 192.168.1.0/24 +