il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.0.0 Release IaaS

Browse Source
This commit is contained in:
Il Lee
2026-03-15 04:41:02 +09:00
commit a7365da431
292 changed files with 36059 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/bin/.gitkeep
View File
data/create_all_structure.sh
+56
View File
@@ -0,0 +1,56 @@
#!/bin/bash
FILE_PATH="$HOME/workspace/homelab/docs/archives/textfiles/$(date "+%Y-%m-%d")"
mkdir -p $FILE_PATH
echo "--- Ansible contents ---" > "$FILE_PATH/ansible.txt"
find ~/workspace/homelab/ansible -type f \
-print0 | \
sort -z | \
xargs -0 awk 'FNR==1{print "\n\n---------------------\nFILE PATH: " FILENAME "\n---------------------\n"}1' \
>> "$FILE_PATH/ansible.txt"
echo "---------------------" | sort >> "$FILE_PATH/ansible.txt"
echo "--- Data contents ---" > "$FILE_PATH/data.txt"
find ~/workspace/homelab/data -type f \
! -path "*volumes*" \
! -name "*.deb" \
! -name "*.gz" \
! -name "*.qcow2" \
! -name "*.iso" \
! -name "*.gpg" \
! -name "*.sql" \
-print0 | \
sort -z | \
xargs -0 awk 'FNR==1{print "\n\n---------------------\nFILE PATH: " FILENAME "\n---------------------\n"}1' \
>> "$FILE_PATH/data.txt"
echo "---------------------" | sort >> "$FILE_PATH/data.txt"
echo "--- Config contents ---" > "$FILE_PATH/config.txt"
find ~/workspace/homelab/config -type f \
! -path "*/grafana/etc/dashboards*" \
! -name "*.sql" \
-print0 | \
sort -z | \
xargs -0 awk 'FNR==1{print "\n\n---------------------\nFILE PATH: " FILENAME "\n---------------------\n"}1' \
>> "$FILE_PATH/config.txt"
echo "---------------------" | sort >> "$FILE_PATH/config.txt"
echo "--- Docs contents ---" > "$FILE_PATH/docs.txt"
find ~/workspace/homelab/docs -type f \
! -path "*archives/*" \
! -name "*.deb" \
! -name "*.gz" \
! -name "*.qcow2" \
! -name "*.iso" \
! -name "*.gpg" \
! -name "*.sql" \
-print0 | \
sort -z | \
xargs -0 awk 'FNR==1{print "\n\n---------------------\nFILE PATH: " FILENAME "\n---------------------\n"}1' \
>> "$FILE_PATH/docs.txt"
echo "---------------------" | sort >> "$FILE_PATH/docs.txt"
cp ~/workspace/homelab/README.md $FILE_PATH/README.md
data/ilnmors_root_ca.crt
+11
View File
@@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBijCCATCgAwIBAgIRAKPu8PZdfsvjvryosyWb01owCgYIKoZIzj0EAwIwIzEh
MB8GA1UEAxMYaWxubW9ycy5pbnRlcm5hbCBSb290IENBMB4XDTI1MTIxOTA0MDM0
N1oXDTM1MTIxNzA0MDM0N1owIzEhMB8GA1UEAxMYaWxubW9ycy5pbnRlcm5hbCBS
b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKDZLQ+47J72K9281V6qG
I8kBScUpJOppbbIaCwi94dp6Tqbe9PfT4eChOSt2lkmb7bG0PmgfYOXv/FUvgFGP
DKNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0O
BBYEFCZMiE3SKrzUqlHM6BYDJYkYyelRMAoGCCqGSM49BAMCA0gAMEUCIC3+tXyt
6uz75leUXhQsa0gQ/QfPd/dtjRQvuRPURAZ1AiEAjTFJe7cID6rSByF3e0rhgyeL
d6BE/tcQ7ymDBWUTGn0=
-----END CERTIFICATE-----
data/images/.gitkeep
View File
data/vmm_init/grub.d/iommu.cfg
+1
View File
@@ -0,0 +1 @@
GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt"
data/vmm_init/modprobe.d/vfio.conf
+3
View File
@@ -0,0 +1,3 @@
options vfio-pci ids=8086:46d4,1b21:1064
softdep i915 pre: vfio-pci
softdep ahci pre: vfio-pci
data/vmm_init/network/00-vmm-eth0.link
+5
View File
@@ -0,0 +1,5 @@
[Match]
MACAddress=c8:ff:bf:05:aa:b0
[Link]
Name=eth0
data/vmm_init/network/01-vmm-eth1.link
+5
View File
@@ -0,0 +1,5 @@
[Match]
MACAddress=c8:ff:bf:05:aa:b1
[Link]
Name=eth1
data/vmm_init/network/10-vmm-br0.netdev
+3
View File
@@ -0,0 +1,3 @@
[NetDev]
Name=br0
Kind=bridge
data/vmm_init/network/11-vmm-br1.netdev
+7
View File
@@ -0,0 +1,7 @@
[NetDev]
Name=br1
Kind=bridge
[Bridge]
VLANFiltering=true
DefaultPVID=1
data/vmm_init/network/12-vmm-vlan1.netdev
+6
View File
@@ -0,0 +1,6 @@
[NetDev]
Name=vlan1
Kind=vlan
[VLAN]
Id=1
data/vmm_init/network/13-vmm-vlan10.netdev
+6
View File
@@ -0,0 +1,6 @@
[NetDev]
Name=vlan10
Kind=vlan
[VLAN]
Id=10
data/vmm_init/network/14-vmm-vlan20.netdev
+6
View File
@@ -0,0 +1,6 @@
[NetDev]
Name=vlan20
Kind=vlan
[VLAN]
Id=20
data/vmm_init/network/20-vmm-eth0.network
+6
View File
@@ -0,0 +1,6 @@
[Match]
Name=eth0
[Network]
Bridge=br0
LinkLocalAddressing=false
data/vmm_init/network/21-vmm-eth1.network
+15
View File
@@ -0,0 +1,15 @@
[Match]
Name=eth1
[Network]
Bridge=br1
LinkLocalAddressing=false
[BridgeVLAN]
VLAN=1
PVID=true
EgressUntagged=true
[BridgeVLAN]
VLAN=10
VLAN=20
data/vmm_init/network/22-vmm-br0.network
+5
View File
@@ -0,0 +1,5 @@
[Match]
Name=br0
[Network]
LinkLocalAddressing=false
data/vmm_init/network/23-vmm-br1.network
+17
View File
@@ -0,0 +1,17 @@
[Match]
Name=br1
[Network]
VLAN=vlan1
VLAN=vlan10
VLAN=vlan20
LinkLocalAddressing=false
[BridgeVLAN]
VLAN=1
PVID=yes
EgressUntagged=true
[BridgeVLAN]
VLAN=10
VLAN=20
data/vmm_init/network/24-vmm-vlan1.network
+28
View File
@@ -0,0 +1,28 @@
[Match]
Name=vlan1
[Network]
# IPv4
Address=192.168.1.10/24
# IPv6
Address=fd00:1::10/64
[RoutingPolicyRule]
From=192.168.1.10/32
Table=1
Priority=100
[Route]
Destination=192.168.1.0/24
Scope=link
Table=1
[RoutingPolicyRule]
From=fd00:1::10/128
Table=61
Priority=100
[Route]
Destination=fd00:1::/64
Scope=link
Table=61
data/vmm_init/network/25-vmm-vlan10.network
+32
View File
@@ -0,0 +1,32 @@
[Match]
Name=vlan10
[Network]
RequiredForOnline=false
# IPv4
Address=192.168.10.10/24
Gateway=192.168.10.1
DNS=192.168.10.2
# IPv6
Address=fd00:10::10/64
Gateway=fd00:10::1
DNS=fd00:10::2
[RoutingPolicyRule]
From=192.168.10.10/32
Table=2
Priority=100
[Route]
Destination=0.0.0.0/0
Gateway=192.168.10.1
Table=2
[RoutingPolicyRule]
From=fd00:10::10/128
Table=62
Priority=100
[Route]
Destination=::/0
Gateway=fd00:10::1
Table=62
data/vmm_init/nftables.conf
+25
View File
@@ -0,0 +1,25 @@
#!/usr/sbin/nft -f
flush ruleset
define HOSTS4_CONSOLE = { 192.168.1.20, 192.168.99.20 }
define HOSTS6_CONSOLE = { fd00:1::20, fd00:99::20 }
define PORTS_SSH = 22
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
ct state invalid drop comment "deny invalid connection"
ct state established, related accept comment "allow all connection already existing"
iifname "lo" accept comment "allow local connection"
meta l4proto { icmp, icmpv6 } accept comment "allow icmp connection: > VMM"
ip saddr $HOSTS4_CONSOLE tcp dport $PORTS_SSH accept comment "allow ipv4 ssh connection: CONSOLE > VMM"
ip6 saddr $HOSTS6_CONSOLE tcp dport $PORTS_SSH accept comment "allow ipv6 ssh connection: CONSOLE > VMM"
}
chain forward {
type filter hook forward priority 0; policy drop;
}
chain output {
type filter hook output priority 0; policy accept;
}
}
data/vmm_init/ssh/local_ssh_ca.pub
+1
View File
@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtBbAyORSd3qece5jHnEFrJPR7QxIzeIUsTEYoBLMKd LOCAL_SSH_CA
data/vmm_init/ssh/sshd_config.d/prohibit_root.conf
+1
View File
@@ -0,0 +1 @@
PermitRootLogin no
data/vmm_init/ssh/sshd_config.d/ssh_ca.conf
+1
View File
@@ -0,0 +1 @@
TrustedUserCAKeys /etc/ssh/local_ssh_ca.pub
data/vmm_init/sysctl.d/bridge.conf
+3
View File
@@ -0,0 +1,3 @@
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
data/volumes/.gitkeep
View File