diff --git a/README.md b/README.md new file mode 100644 index 0000000..51cb7d9 --- /dev/null +++ b/README.md @@ -0,0 +1,173 @@ +# 工场网 V2.0 + +# 架构 + +![](docs/diagram.png) + +# 服务器 Setup + +## 建议安装 Debian latest (>= 10) + +### Enter root (if not) +**(All repo files is placed under /root)** +```bash +sudo -i +``` + +### Verify SSH key (optional) +```bash +ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key +``` + +### Generate GPG key without passphrase +```bash +apt install -y gpg +gpg --batch --passphrase '' --quick-gen-key +``` + +### Add GPG key to ssh +```bash +gpg -K --with-keygrip +echo >> ~/.gnupg/sshcontrol +``` + +### Enable GPG ssh support +```bash +echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf +echo "export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)" >> ~/.bashrc +echo "gpgconf --launch gpg-agent" >> ~/.bashrc +. ~/.bashrc +``` + +### (On development PC) Tell this key the secrets on repo +To view GPG key: +```bash +gpg --armor --export +``` + +### (On github) Add this key to server code repo's deploy SSH keys +To view SSH key: +```bash +ssh-add -L +``` + +### Setup networking +Put /etc/network/interfaces with server-specific interface configuration +```bash +nano /etc/network/interfaces +``` + +### Clone server repo +```bash +cd ~ +apt install -y git +git clone --recursive git@github.com:skyw-me/skynet-server-.git +``` + +### Server automatic setup + +**WARNING: this script will reboot when finished** +```bash +./public/setup-debian.sh +``` + +### Start services + +**Services will automatic startup, by using docker restart option** +```bash +cd skynet-server- +./public/deploy.sh +``` + +# 网络设置 + +## Cloud + +```properties +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +allow-hotplug eth0 +iface eth0 inet dhcp + +auto eth1 +iface eth1 inet static + address 104.149.164.34 + netmask 255.255.255.252 + gateway 104.149.164.33 + + dns-nameservers 1.1.1.1 + +iface eth1 inet6 static + address 2604:6600:0:48::2/64 + gateway 2604:6600:0:48::1 +``` + +## Gateway + +```properties +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# Primary: eno1 VLAN Trunk +auto eno1 +iface eno1 inet manual + +# VLAN3: WAN +auto br-wan +iface br-wan inet static + bridge_ports eno1.3 + bridge_stp off + + bridge_hw ac:cb:51:ef:ed:cc + address 166.111.17.67 + netmask 255.255.255.192 + gateway 166.111.17.65 + + dns-nameservers 1.1.1.1 + +# ipv6 dhcp is unstable... +#iface br-wan inet6 dhcp +# dns-nameservers 2606:4700:4700::1111 + +# use isatap for ipv6 +auto br-wan-ipv6 +iface br-wan-ipv6 inet6 static + address 2402:f000:1:1501:200:5efe:166.111.17.67 + netmask 64 + gateway fe80::200:5efe:166.111.21.1 + + pre-up ip tunnel add $IFACE mode isatap remote any local 166.111.17.67 + pre-up ip tunnel prl dev $IFACE prl-default 166.111.21.1 + +# VLAN100: LAN +auto br-lan +iface br-lan inet static + bridge_ports eno1.100 + bridge_stp off + + bridge_hw 00:81:33:a9:d0:02 + + address 10.0.0.1 + netmask 255.255.0.0 + +iface br-lan inet6 static + address fd99:23eb:1682::1/64 +``` + +# 域名 + +[TODO] diff --git a/docs/diagram.png b/docs/diagram.png new file mode 100644 index 0000000..40055b5 --- /dev/null +++ b/docs/diagram.png Binary files differ