DKBgit/Build Steps for -fwcore- .md

## Build Steps for -fwcore- .md

      
    Raw
  

              Build Steps for -fwcore- .md
            
          
    Phase 1


Goal


Create a virt pc on a Proxmox server
virt pc will act as a firewall/gateway for the other vms on a virtual network
virt pc will act as a DHCP server
virt pc will act as a DNS server
the DHCP and DNS services will be synced so as to offer Dynamic DNS to the virtual network

Solution


Use vm instead of lxc containers because it allows for more kernel control/edits within virt pc

Less changes to the host proxmox since kernel edits and installs will need to be done


Use Debian for vm

Install webmin for easy monitoring via browser

plugin management of desired services
central access point to link to other webmins residing on other virt pcs on network


Use shorewall as the firewall

pfSense and OPNsense were not allowing other vms to communicate with the internet due to hardware fragmentation of packets?

Will need to do further RESEARCH


Easy and flexible accessiblity to firewall logs and a cli
Browser plugin on webmin


Use isc-dhcp-server as the DHCP server

Browser plugin on webmin


Use bind9 as the DNS server

Browser plugin on webmin


Actions


Setup Debian OS
Setup Docker Apps


## fwcore -docker.md

      
    Raw
  

              fwcore -docker.md
            
          
    Setup Docker & Kubernetes Apps

Configure docker

Configure kubernetes

References :

discourse.ubuntu.com/t/install-a-local-kubernetes-with-microk8s/13981
microk8s.io/docs/getting-started
blog.antosubash.com/posts/setup-micro-k8s-with-ubuntu


Install microk8s to act as a local kubernetes

sudo snap install microk8s --classic


Configure firewall to allow pod-to-pod and pod-to-internet

sudo ufw allow in on cni0 && sudo ufw allow out on cni0
sudo ufw default allow routed


Enable addons

microk8s enable dns dashboard storage


Post install

Use mk8s.sh file


## fwcore -setup os.md

      
    Raw
  

              fwcore -setup os.md
            
          
    Setup Debian OS

Configure network

References :

wiki.debian.org/NetworkConfiguration


Add at least two nics
Edit /etc/network/interfaces
To restart nic to show new configuration

# ifdown ens18; ifup ens18;


Or restart all networking

# systemctl restart networking


Setup hostnames

References :

cyberciti.biz/faq/how-to-change-hostname-on-debian-10-linux


To fix debian missing /etc/machine-id and /etc is mounted read-only error

# systemd-machine-id-setup


Change hostname

# hostnamectl set-hostname fwcore.example.localnet
# hostnamectl set-hostname "Datacenter core vm" --pretty


Edit /etc/hosts (do split hostnames for public facing ip)

Setup openssh-server

References :

cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices

Setup tmux

# mkdir -p ~/.config/tmux/plugins
# git clone https://github.com/tmux-plugins/tpm ~/.config/tmux/plugins/tpm


Edit ~/.config/system/user/tmux.service
For first time, load the plugins inorder specific 'tmux resurrect' dirs to be made

$ tmux
prefix + I (capital i, as in Install) to fetch the plugin.


## hosts
127.0.0.1       loaclhost.localdomain localhost
127.0.1.1       fwcore
10.65.1.1       fwcore.example.localnet
xx.xx.xx.xx     dcfw.example.net dcfw

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

## interfaces(network)
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# WAN (internet) network
auto ens18
iface ens18 inet dhcp

# LOC (internal/local) network
auto ens19
iface ens19 inet static
  address 10.65.1.1
  netmask 255.255.0.0

## mk8s.sh
#!/bin/bash

<<COMMENT
Install and test local microk8s
Pulled from :
https://blog.antosubash.com/posts/setup-micro-k8s-with-ubuntu
COMMENT

sudo apt update
sudo apt upgrade
sudo apt install snapd -y
snap version
sudo snap install microk8s --classic
sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube
su - $USER
microk8s status --wait-ready
alias kubectl='microk8s kubectl'
kubectl cluster-info
microk8s enable dns ingress dashboard hostpath-storage
microk8s kubectl get all --all-namespaces
microk8s kubectl get nodes

## tmux.conf
# --------------------------------------------------
# Base
# --------------------------------------------------
# Environments
setenv -g 'LC_ALL' 'en_US.UTF-8'

# Setup new sessions
new -s tmuxsrv

# remap prefix
set -g prefix C-b

# enable mouse support
set -g mouse on

# start windows and panes at 1, not 0
set -g base-index 1
set -gw pane-base-index 1

# Focus events enabled for terminals that support them
set -g focus-events on

# Super useful when using "grouped sessions" and multi-monitor setup
setw -g aggressive-resize on

# Address vim mode switching delay (http://superuser.com/a/252717/65504)
set -s escape-time 0

# Increase scrollback buffer size from 2000 to 50000 lines
set -g history-limit 50000

# --------------------------------------------------
# Bindings
# --------------------------------------------------
#bind r source ~/.config/tmux/tmux.conf \; display-message "source tmux.conf done!"
bind r source ~/.config/tmux/tmux.conf
bind c command-prompt -p "window name:" "new-window; rename-window '%%'"

# --------------------------------------------------
# Appearance
# --------------------------------------------------
set -g default-terminal "tmux-256color"
set -ga terminal-overrides ",*-256color*:Tc"

# --------------------------------------------------
# Status Bar
# --------------------------------------------------
set-option -g status on                # turn the status bar on
#set -g status-utf8 on                  # set utf-8 for the status bar
set -g status-interval 5               # set update frequencey (default 15 seconds)
set -g status-justify centre           # center window list for clarity
set-option -g status-position top      # position the status bar at top of screen

# Left side: show host name and IP address
set -g status-left-length 60
set -g status-left " #S "
#set -g status-left "#S #[fg=green,bg=black]#($TMUX_PLUGIN_MANAGER_PATH/tmux-mem-cpu-load/tmux-mem-cpu-load --colors --interval 5)#[default]"
set -g status-left-style "bg=blue,fg=white bold"

# Right side: show session name, window & pane number, date and time
set -g status-right-length 60
set -g status-right "#[fg=yellow]\"#U@#T:#(ip addr show dev vmbr0 | grep "inet[^6]" | awk '{print $2}')\" #[default]%Y-%m-%d %H:%M #{tmux_mode_indicator}"
set -g status-style "bg=black,fg=brightwhite"

#set -g allow-rename on
set -gw automatic-rename off
set -g allow-rename off

set -gw clock-mode-colour "blue"

set -gw pane-active-border-style "fg=magenta"
set -gw pane-border-style "bg=black,fg=brightwhite"

set -gw window-status-activity-style "fg=blue"
set -gw window-status-bell-style "fg=yellow"
set -gw window-status-current-format " #F#I:#W "
set -gw window-status-current-style "bg=green,fg=black"
set -gw window-status-format " #F#I:#W "
set -gw window-status-last-style "fg=green"
set -gw window-status-separator ""
set -gw window-status-style "bg=black,fg=brightwhite"

# Increase tmux messages display duration from 750ms to 4s
set -g display-time 4000
set -g display-panes-active-colour "brightwhite"
set -g display-panes-colour "black"

set -g message-command-style "bg=black,fg=brightwhite"
set -g message-style "bg=black,fg=brightwhite"

# --------------------------------------------------
# Plugins
# --------------------------------------------------
# List of plugins
set -g @plugin 'tmux-plugins/tpm'
#set -g @plugin 'tmux-plugins/tmux-sensible'

# Resurrect
set -g @plugin 'tmux-plugins/tmux-resurrect'
set -g @resurrect-save 'S'
set -g @resurrect-restore 'R'
set -g @resurrect-capture-pane-contents 'on'
set -g @resurrect-processes 'journalctl ssh nano mc lnav watch walias'
# Continuum
set -g @plugin 'tmux-plugins/tmux-continuum'
set -g @continuum-boot 'on'
set -g @continuum-systemd-start-cmd 'start-server'
set -g @continuum-restore 'on'
set -g @continuum-save-interval '0'

# SideBar
# prefix + Tab - toggle sidebar with a directory tree
# prefix + Backspace - toggle sidebar and move cursor to it (focus it)
set -g @sidebar-tree-width '100'
set -g @plugin 'tmux-plugins/tmux-sidebar'
set -g @sidebar-tree-command 'tree -pughDacFfCL 2'

# Ssh Status
set -g @plugin 'soyuka/tmux-current-pane-hostname'
#set -g status-right '#[fg=red]%H:%M %d-%b#[default] #[fg=cyan,bold]#U@#H #[default]#[fg=blue]#(tmux display-message -p "#{pane_current_path}" | sed "s#$HOME#~#g") '

# Menus
# default trigger is <prefix> \
set -g @plugin 'jaclu/tmux-menus'

# Copying to system clipboard.
# <prefix> y — copies text from the command line to the clipboard.
set -g @plugin 'tmux-plugins/tmux-yank'

# Mem-cpu-load indicator
#set -g @plugin 'thewtex/tmux-mem-cpu-load'

# Mode Indicator
set -g @plugin 'MunifTanjim/tmux-mode-indicator'

# Suspend
# default trigger is F12
set -g @plugin 'MunifTanjim/tmux-suspend'
  # remove colors from status line for suspended state
set -g @suspend_suspended_options " \
  status-left-style::bg=brightblack\\,fg=white bold dim, \
  status-right-style::fg=brightblack, \
  window-status-current-style:gw:bg=brightblack\\,fg=black, \
  window-status-last-style:gw:fg=brightblack, \
  window-status-style:gw:bg=black\\,fg=brightblack, \
  @mode_indicator_custom_prompt:: ---- , \
  @mode_indicator_custom_mode_style::bg=brightblack\\,fg=black, \
"

# Other examples:
# set -g @plugin 'github_username/plugin_name'
# set -g @plugin 'github_username/plugin_name#branch'
# set -g @plugin 'git@github.com:user/plugin'
# set -g @plugin 'git@bitbucket.com:user/plugin'

# Initialize TMUX plugin manager (keep this line at the very bottom of tmux.conf)
run '~/.config/tmux/plugins/tpm/tpm'

## tmux.service
[Unit]
Description=tmux default session (detached)
Documentation=man:tmux(1)

[Service]
Type=forking
Environment=DISPLAY=:0
ExecStart=/usr/bin/tmux start-server

ExecStop=/home/user/.config/tmux/plugins/tmux-resurrect/scripts/save.sh
ExecStop=/usr/bin/tmux kill-server
KillMode=control-group

RestartSec=2

[Install]
WantedBy=default.target
	127.0.0.1 loaclhost.localdomain localhost
	127.0.1.1 fwcore
	10.65.1.1 fwcore.example.localnet
	xx.xx.xx.xx dcfw.example.net dcfw

	# The following lines are desirable for IPv6 capable hosts
	::1 localhost ip6-localhost ip6-loopback
	ff02::1 ip6-allnodes
	ff02::2 ip6-allrouters
	# This file describes the network interfaces available on your system
	# and how to activate them. For more information, see interfaces(5).

	source /etc/network/interfaces.d/*

	# The loopback network interface
	auto lo
	iface lo inet loopback

	# WAN (internet) network
	auto ens18
	iface ens18 inet dhcp

	# LOC (internal/local) network
	auto ens19
	iface ens19 inet static
	address 10.65.1.1
	netmask 255.255.0.0
	#!/bin/bash

	<<COMMENT
	Install and test local microk8s
	Pulled from :
	https://blog.antosubash.com/posts/setup-micro-k8s-with-ubuntu
	COMMENT

	sudo apt update
	sudo apt upgrade
	sudo apt install snapd -y
	snap version
	sudo snap install microk8s --classic
	sudo usermod -a -G microk8s $USER
	sudo chown -f -R $USER ~/.kube
	su - $USER
	microk8s status --wait-ready
	alias kubectl='microk8s kubectl'
	kubectl cluster-info
	microk8s enable dns ingress dashboard hostpath-storage
	microk8s kubectl get all --all-namespaces
	microk8s kubectl get nodes
	# --------------------------------------------------
	# Base
	# --------------------------------------------------
	# Environments
	setenv -g 'LC_ALL' 'en_US.UTF-8'

	# Setup new sessions
	new -s tmuxsrv

	# remap prefix
	set -g prefix C-b

	# enable mouse support
	set -g mouse on

	# start windows and panes at 1, not 0
	set -g base-index 1
	set -gw pane-base-index 1

	# Focus events enabled for terminals that support them
	set -g focus-events on

	# Super useful when using "grouped sessions" and multi-monitor setup
	setw -g aggressive-resize on

	# Address vim mode switching delay (http://superuser.com/a/252717/65504)
	set -s escape-time 0

	# Increase scrollback buffer size from 2000 to 50000 lines
	set -g history-limit 50000

	# --------------------------------------------------
	# Bindings
	# --------------------------------------------------
	#bind r source ~/.config/tmux/tmux.conf \; display-message "source tmux.conf done!"
	bind r source ~/.config/tmux/tmux.conf
	bind c command-prompt -p "window name:" "new-window; rename-window '%%'"

	# --------------------------------------------------
	# Appearance
	# --------------------------------------------------
	set -g default-terminal "tmux-256color"
	set -ga terminal-overrides ",-256color:Tc"

	# --------------------------------------------------
	# Status Bar
	# --------------------------------------------------
	set-option -g status on # turn the status bar on
	#set -g status-utf8 on # set utf-8 for the status bar
	set -g status-interval 5 # set update frequencey (default 15 seconds)
	set -g status-justify centre # center window list for clarity
	set-option -g status-position top # position the status bar at top of screen

	# Left side: show host name and IP address
	set -g status-left-length 60
	set -g status-left " #S "
	#set -g status-left "#S #[fg=green,bg=black]#($TMUX_PLUGIN_MANAGER_PATH/tmux-mem-cpu-load/tmux-mem-cpu-load --colors --interval 5)#[default]"
	set -g status-left-style "bg=blue,fg=white bold"

	# Right side: show session name, window & pane number, date and time
	set -g status-right-length 60
	set -g status-right "#[fg=yellow]\"#U@#T:#(ip addr show dev vmbr0 \| grep "inet[^6]" \| awk '{print $2}')\" #[default]%Y-%m-%d %H:%M #{tmux_mode_indicator}"
	set -g status-style "bg=black,fg=brightwhite"

	#set -g allow-rename on
	set -gw automatic-rename off
	set -g allow-rename off

	set -gw clock-mode-colour "blue"

	set -gw pane-active-border-style "fg=magenta"
	set -gw pane-border-style "bg=black,fg=brightwhite"

	set -gw window-status-activity-style "fg=blue"
	set -gw window-status-bell-style "fg=yellow"
	set -gw window-status-current-format " #F#I:#W "
	set -gw window-status-current-style "bg=green,fg=black"
	set -gw window-status-format " #F#I:#W "
	set -gw window-status-last-style "fg=green"
	set -gw window-status-separator ""
	set -gw window-status-style "bg=black,fg=brightwhite"

	# Increase tmux messages display duration from 750ms to 4s
	set -g display-time 4000
	set -g display-panes-active-colour "brightwhite"
	set -g display-panes-colour "black"

	set -g message-command-style "bg=black,fg=brightwhite"
	set -g message-style "bg=black,fg=brightwhite"

	# --------------------------------------------------
	# Plugins
	# --------------------------------------------------
	# List of plugins
	set -g @plugin 'tmux-plugins/tpm'
	#set -g @plugin 'tmux-plugins/tmux-sensible'

	# Resurrect
	set -g @plugin 'tmux-plugins/tmux-resurrect'
	set -g @resurrect-save 'S'
	set -g @resurrect-restore 'R'
	set -g @resurrect-capture-pane-contents 'on'
	set -g @resurrect-processes 'journalctl ssh nano mc lnav watch walias'
	# Continuum
	set -g @plugin 'tmux-plugins/tmux-continuum'
	set -g @continuum-boot 'on'
	set -g @continuum-systemd-start-cmd 'start-server'
	set -g @continuum-restore 'on'
	set -g @continuum-save-interval '0'

	# SideBar
	# prefix + Tab - toggle sidebar with a directory tree
	# prefix + Backspace - toggle sidebar and move cursor to it (focus it)
	set -g @sidebar-tree-width '100'
	set -g @plugin 'tmux-plugins/tmux-sidebar'
	set -g @sidebar-tree-command 'tree -pughDacFfCL 2'

	# Ssh Status
	set -g @plugin 'soyuka/tmux-current-pane-hostname'
	#set -g status-right '#[fg=red]%H:%M %d-%b#[default] #[fg=cyan,bold]#U@#H #[default]#[fg=blue]#(tmux display-message -p "#{pane_current_path}" \| sed "s#$HOME#~#g") '

	# Menus
	# default trigger is <prefix> \
	set -g @plugin 'jaclu/tmux-menus'

	# Copying to system clipboard.
	# <prefix> y — copies text from the command line to the clipboard.
	set -g @plugin 'tmux-plugins/tmux-yank'

	# Mem-cpu-load indicator
	#set -g @plugin 'thewtex/tmux-mem-cpu-load'

	# Mode Indicator
	set -g @plugin 'MunifTanjim/tmux-mode-indicator'

	# Suspend
	# default trigger is F12
	set -g @plugin 'MunifTanjim/tmux-suspend'
	# remove colors from status line for suspended state
	set -g @suspend_suspended_options " \
	status-left-style::bg=brightblack\\,fg=white bold dim, \
	status-right-style::fg=brightblack, \
	window-status-current-style:gw:bg=brightblack\\,fg=black, \
	window-status-last-style:gw:fg=brightblack, \
	window-status-style:gw:bg=black\\,fg=brightblack, \
	@mode_indicator_custom_prompt:: ---- , \
	@mode_indicator_custom_mode_style::bg=brightblack\\,fg=black, \
	"

	# Other examples:
	# set -g @plugin 'github_username/plugin_name'
	# set -g @plugin 'github_username/plugin_name#branch'
	# set -g @plugin 'git@github.com:user/plugin'
	# set -g @plugin 'git@bitbucket.com:user/plugin'

	# Initialize TMUX plugin manager (keep this line at the very bottom of tmux.conf)
	run '~/.config/tmux/plugins/tpm/tpm'
	[Unit]
	Description=tmux default session (detached)
	Documentation=man:tmux(1)

	[Service]
	Type=forking
	Environment=DISPLAY=:0
	ExecStart=/usr/bin/tmux start-server

	ExecStop=/home/user/.config/tmux/plugins/tmux-resurrect/scripts/save.sh
	ExecStop=/usr/bin/tmux kill-server
	KillMode=control-group

	RestartSec=2

	[Install]
	WantedBy=default.target