From 8ddd0585ff177777b696d073ce2518e3f4113b77 Mon Sep 17 00:00:00 2001 From: Mika Kaukoranta Date: Tue, 10 Mar 2026 10:54:55 +0200 Subject: [PATCH 1/7] Detect available docker range --- .../ytl-linux-digabi2-examnet | 32 +++++++++++++------ 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet b/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet index bf1449c..9128592 100755 --- a/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet +++ b/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet @@ -35,7 +35,6 @@ readonly PARAM_SERVER_NUMBER=$3 readonly PARAM_SERVER_FRIENDLY_NAME=$4 readonly NETWORK_DEVICE_FILTER_RE="^docker|^br|^veth|^lo$" -readonly DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP="172.17.0.1" readonly PATH_TEMPLATES=/etc/ytl-linux-digabi2-examnet/templates readonly PATH_RESOLVED=/etc/systemd/resolved.conf.d @@ -283,14 +282,27 @@ function check_server_number() { fi } -function get_lan_ip_prefix() { - _IP_WAN=$1 +function get_ip_prefix() { + echo "${1%.*.*}." +} - if [[ "$_IP_WAN" =~ ^192\.168\. ]]; then - $BIN_ECHO "10.0." - else - $BIN_ECHO "192.168." - fi +function get_available_ip_range() { + _ALLOWED_IP_RANGES=("10.0." "192.168." "172.17.") + + for range in "${_ALLOWED_IP_RANGES[@]}"; do + _USED=false + for reserved in "$@"; do + if [[ $reserved == $range* ]]; then + _USED=true + break + fi + done + if [[ "$_USED" == false ]]; then + # return the first available + echo "$range" + return + fi + done } function write_file() { @@ -674,9 +686,11 @@ export IP_WAN export IP_LAN export SERVER_NUMBER -IP_LAN_PREFIX=$(get_lan_ip_prefix "$IP_WAN") +IP_LAN_PREFIX=$(get_ip_prefix "$IP_LAN") export IP_LAN_PREFIX +DOCKER_NETWORK_PREFIX=$(get_available_ip_range "$IP_WAN" "$IP_LAN") +DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP="$DOCKER_NETWORK_PREFIX".0.1 export DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP debug "SUBNETS_PER_SERVER: $CONST_SUBNETS_PER_SERVER" From 64eb97963a38caa76dc48013397cc8b4a0b94d61 Mon Sep 17 00:00:00 2001 From: Mika Kaukoranta Date: Tue, 10 Mar 2026 12:20:15 +0200 Subject: [PATCH 2/7] Define docker address pool --- .../templates/docker-daemon.json.template | 6 +++++- .../ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template b/packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template index 5b26125..dd3851b 100644 --- a/packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template +++ b/packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template @@ -1,3 +1,7 @@ { - "dns": ["${DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP}"] + "dns": ["${DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP}"], + "default-address-pools": + [ + {"base": "${DOCKER_BRIDGE_NETWORK_POOL_BASE_IP}/16", "size":26} + ] } diff --git a/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet b/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet index 9128592..9fe0bb5 100755 --- a/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet +++ b/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet @@ -692,6 +692,8 @@ export IP_LAN_PREFIX DOCKER_NETWORK_PREFIX=$(get_available_ip_range "$IP_WAN" "$IP_LAN") DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP="$DOCKER_NETWORK_PREFIX".0.1 export DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP +DOCKER_BRIDGE_NETWORK_POOL_BASE_IP="$DOCKER_NETWORK_PREFIX".0.0 +export DOCKER_BRIDGE_NETWORK_POOL_BASE_IP debug "SUBNETS_PER_SERVER: $CONST_SUBNETS_PER_SERVER" From 4071d67ca3aa94cd9e869f71daca76dbdb2fd51b Mon Sep 17 00:00:00 2001 From: Mika Kaukoranta Date: Tue, 10 Mar 2026 12:51:27 +0200 Subject: [PATCH 3/7] Update version --- packages/ytl-linux-digabi2-examnet/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/ytl-linux-digabi2-examnet/Makefile b/packages/ytl-linux-digabi2-examnet/Makefile index c577efa..c24a1ac 100644 --- a/packages/ytl-linux-digabi2-examnet/Makefile +++ b/packages/ytl-linux-digabi2-examnet/Makefile @@ -1,5 +1,5 @@ NAME := ytl-linux-digabi2-examnet -VERSION := 0.0.19 +VERSION := 0.0.20 DEPENDENCIES := \ --depends apt \ From 1940d133db8e5f86f3b4c4a0c4336c5c07ded831 Mon Sep 17 00:00:00 2001 From: Mika Kaukoranta Date: Tue, 10 Mar 2026 13:58:44 +0200 Subject: [PATCH 4/7] Rename variables --- .../templates/docker-daemon.json.template | 4 ++-- .../ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template b/packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template index dd3851b..833e27e 100644 --- a/packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template +++ b/packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template @@ -1,7 +1,7 @@ { - "dns": ["${DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP}"], + "dns": ["${DOCKER_NETWORK_DNS_RESOLVER_IP}"], "default-address-pools": [ - {"base": "${DOCKER_BRIDGE_NETWORK_POOL_BASE_IP}/16", "size":26} + {"base": "${DOCKER_NETWORK_POOL_BASE_IP}/16", "size":26} ] } diff --git a/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet b/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet index 9fe0bb5..bd2070b 100755 --- a/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet +++ b/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet @@ -690,10 +690,10 @@ IP_LAN_PREFIX=$(get_ip_prefix "$IP_LAN") export IP_LAN_PREFIX DOCKER_NETWORK_PREFIX=$(get_available_ip_range "$IP_WAN" "$IP_LAN") -DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP="$DOCKER_NETWORK_PREFIX".0.1 -export DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP -DOCKER_BRIDGE_NETWORK_POOL_BASE_IP="$DOCKER_NETWORK_PREFIX".0.0 -export DOCKER_BRIDGE_NETWORK_POOL_BASE_IP +DOCKER_NETWORK_DNS_RESOLVER_IP="$DOCKER_NETWORK_PREFIX".0.1 +export DOCKER_NETWORK_DNS_RESOLVER_IP +DOCKER_NETWORK_POOL_BASE_IP="$DOCKER_NETWORK_PREFIX".0.0 +export DOCKER_NETWORK_POOL_BASE_IP debug "SUBNETS_PER_SERVER: $CONST_SUBNETS_PER_SERVER" From c8f4454598fdfe7d53b34e8801d2a299d18dd5b1 Mon Sep 17 00:00:00 2001 From: Mika Kaukoranta Date: Tue, 10 Mar 2026 15:08:29 +0200 Subject: [PATCH 5/7] Update README.md --- packages/ytl-linux-digabi2-examnet/README.md | 54 +++++++++++++++----- 1 file changed, 42 insertions(+), 12 deletions(-) diff --git a/packages/ytl-linux-digabi2-examnet/README.md b/packages/ytl-linux-digabi2-examnet/README.md index 6727e27..da91cc7 100644 --- a/packages/ytl-linux-digabi2-examnet/README.md +++ b/packages/ytl-linux-digabi2-examnet/README.md @@ -4,19 +4,22 @@ This is a proof-of-concept of a procedure which creates proper network settings for Abitti 2 exam server. The setup requires that the server has two network devices - * A WAN device connected to the internet. At the moment this is used to get a - SSL certificate and DNS address for the server. According to the initial plans - it might be later used e.g. to download exam items and upload candidate data. - At the moment a wireless device is good enough for a WAN connection. - * A LAN device connected to the closed local area network. This is an Abitti 1 - style network without any external DHCP/DNS servers. After executing the script - the server starts working as a DHCP/DNS server for the LAN. + +- A WAN device connected to the internet. At the moment this is used to get a + SSL certificate and DNS address for the server. According to the initial plans + it might be later used e.g. to download exam items and upload candidate data. + At the moment a wireless device is good enough for a WAN connection. +- A LAN device connected to the closed local area network. This is an Abitti 1 + style network without any external DHCP/DNS servers. After executing the script + the server starts working as a DHCP/DNS server for the LAN. ## Usage The script is executed from command line: -`$ sudo ytl-linux-digabi2-examnet` +```bash +sudo ytl-linux-digabi2-examnet +``` If executed without parameters, it asks the WAN and LAN devices as well as the server number. It is possible to run multiple servers in one LAN but they must have @@ -24,11 +27,15 @@ different server numbers. It is possible to supply the three parameters in command line: -`ytl-linux-digabi2-examnet wan-device lan-device server-number` +```bash +ytl-linux-digabi2-examnet wan-device lan-device server-number` +``` Example: -`$ sudo ytl-linux-digabi2-examnet wlo1 eth0 1` +```bash +sudo ytl-linux-digabi2-examnet wlo1 eth0 1 +``` It is also possible to run the script in GUI mode (parameter `--gui`). In this case the parameters are asked with Zenity. @@ -37,7 +44,9 @@ parameters are asked with Zenity. Following command should restore the system to pristine state: -`$ sudo ytl-linux-digabi2-examnet --remove` +```bash +sudo ytl-linux-digabi2-examnet --remove +``` It removes the settings files created by this script. It also removes all NetworkManager connections which have a name starting with `yo-`. This is the prefix used by the @@ -47,6 +56,27 @@ script to create the static connection for the local network. The debugging messages can be printed to a given file: -`$ DEBUG=/tmp/whatta.log sudo ytl-linux-digabi2-examnet` +```bash +DEBUG=/tmp/whatta.log sudo ytl-linux-digabi2-examnet +``` The list of exit codes can be found in the script. + +## Building locally + +For macOS, install fpm e.g. with Ruby gem: + +```bash +# Install Ruby and gem, set path +brew install ruby +echo 'export PATH="/opt/homebrew/opt/ruby/bin:$PATH"' >> ~/.zshrc +echo 'export PATH="$(gem environment gemdir)/bin:$PATH"' >> ~/.zshrc +# Install fpm +gem install fpm +``` + +Then build the Debian package: + +```bash +make deb +``` From 6c1102affbe495f89b35f1967b6c261a0014b99e Mon Sep 17 00:00:00 2001 From: Mika Kaukoranta Date: Fri, 13 Mar 2026 15:09:50 +0200 Subject: [PATCH 6/7] Configure Docker in a separate script --- .../ytl-linux-digabi2-docker-configure.sh | 44 +++++++++++++++++++ .../ytl-linux-digabi2-examnet | 35 +++------------ 2 files changed, 49 insertions(+), 30 deletions(-) create mode 100755 packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-docker-configure.sh diff --git a/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-docker-configure.sh b/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-docker-configure.sh new file mode 100755 index 0000000..599c231 --- /dev/null +++ b/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-docker-configure.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +set -euo pipefail + +readonly PATH_DOCKER=/etc/docker +readonly PATH_DOCKER_DAEMON_CONF=$PATH_DOCKER/daemon.json +readonly PATH_TEMPLATES=/etc/ytl-linux-digabi2-examnet/templates +readonly PATH_DOCKER_DAEMON_CONF_TEMPLATE=$PATH_TEMPLATES/docker-daemon.json.template + +function restart_docker() { + /usr/bin/systemctl restart docker +} + +function get_available_ip_range() { + _ALLOWED_IP_RANGES=("10.0." "192.168." "172.17.") + + for range in "${_ALLOWED_IP_RANGES[@]}"; do + _USED=false + for reserved in "$@"; do + if [[ $reserved == $range* ]]; then + _USED=true + break + fi + done + if [[ "$_USED" == false ]]; then + # return the first available + echo "$range" + return + fi + done + exit -1 +} + +DOCKER_NETWORK_PREFIX=$(get_available_ip_range "$@") +DOCKER_NETWORK_DNS_RESOLVER_IP="$DOCKER_NETWORK_PREFIX"0.1 +DOCKER_NETWORK_POOL_BASE_IP="$DOCKER_NETWORK_PREFIX"0.0 + +export DOCKER_NETWORK_DNS_RESOLVER_IP +export DOCKER_NETWORK_POOL_BASE_IP + +echo "Created Docker configuration, writing to $PATH_DOCKER_DAEMON_CONF" +echo "$(envsubst < $PATH_DOCKER_DAEMON_CONF_TEMPLATE)" +write_file $PATH_DOCKER_DAEMON_CONF "$(envsubst < $PATH_DOCKER_DAEMON_CONF_TEMPLATE)" +restart_docker diff --git a/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet b/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet index bd2070b..e4714e1 100755 --- a/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet +++ b/packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet @@ -27,6 +27,7 @@ readonly EXIT_CODE_CANNOT_CHANGE_SERVICE_STATE=23 # Cannot change service st readonly EXIT_CODE_MISSING_CERTIFICATE=24 # Cannot find certificate (e.g. download failure, missing file, invalid API key) readonly EXIT_CODE_INVALID_FRIENDLY_NAME=25 # Friendly name contains illegal characters readonly EXIT_CODE_NETWORK_NOT_ONLINE=27 # Network did not come up within timeout +readonly EXIT_CODE_FAILED_TO_CONFIGURE_DOCKER=28 # Failed to configure or restart Docker readonly SCRIPT_PATH=$0 readonly PARAM_NET_DEVICE_WAN=$1 @@ -44,9 +45,6 @@ readonly PATH_DNSMASQ=/etc/dnsmasq.d readonly PATH_DNSMASQ_CONF=$PATH_DNSMASQ/ytl-linux.conf readonly PATH_DNSMASQ_CONF_TEMPLATE=$PATH_TEMPLATES/dnsmasq.conf.template readonly PATH_DNSMASQ_STATIC_DNS_CONF=$PATH_DNSMASQ/ytl-linux-static-dns-records.conf -readonly PATH_DOCKER=/etc/docker -readonly PATH_DOCKER_DAEMON_CONF=$PATH_DOCKER/daemon.json -readonly PATH_DOCKER_DAEMON_CONF_TEMPLATE=$PATH_TEMPLATES/docker-daemon.json.template readonly PATH_NAKSU2_WORKDIR="${NAKSU2_WORKDIR:-/home/school/.local/share/digabi/naksu2}" readonly PATH_NAKSU2_CERTS_DIR="$PATH_NAKSU2_WORKDIR/certs" readonly PATH_NAKSU2_CERT="$PATH_NAKSU2_CERTS_DIR/cert.pem" @@ -286,25 +284,6 @@ function get_ip_prefix() { echo "${1%.*.*}." } -function get_available_ip_range() { - _ALLOWED_IP_RANGES=("10.0." "192.168." "172.17.") - - for range in "${_ALLOWED_IP_RANGES[@]}"; do - _USED=false - for reserved in "$@"; do - if [[ $reserved == $range* ]]; then - _USED=true - break - fi - done - if [[ "$_USED" == false ]]; then - # return the first available - echo "$range" - return - fi - done -} - function write_file() { _FILE_FILENAME=$1 _FILE_CONTENT=$2 @@ -689,12 +668,6 @@ export SERVER_NUMBER IP_LAN_PREFIX=$(get_ip_prefix "$IP_LAN") export IP_LAN_PREFIX -DOCKER_NETWORK_PREFIX=$(get_available_ip_range "$IP_WAN" "$IP_LAN") -DOCKER_NETWORK_DNS_RESOLVER_IP="$DOCKER_NETWORK_PREFIX".0.1 -export DOCKER_NETWORK_DNS_RESOLVER_IP -DOCKER_NETWORK_POOL_BASE_IP="$DOCKER_NETWORK_PREFIX".0.0 -export DOCKER_NETWORK_POOL_BASE_IP - debug "SUBNETS_PER_SERVER: $CONST_SUBNETS_PER_SERVER" SERVER_HOST_NUMBER=$((SERVER_NUMBER * CONST_SUBNETS_PER_SERVER)) @@ -749,7 +722,6 @@ restart_networkmanager wait_for_network_online write_file $PATH_RESOLVED_CONF "$(envsubst < $PATH_RESOLVED_CONF_TEMPLATE)" -write_file $PATH_DOCKER_DAEMON_CONF "$(envsubst < $PATH_DOCKER_DAEMON_CONF_TEMPLATE)" remove_dnsmasq_settings write_file $PATH_DNSMASQ_CONF "$(envsubst < $PATH_DNSMASQ_CONF_TEMPLATE)" @@ -772,6 +744,9 @@ enable_systemd_services restart_systemd_resolved restart_dnsmasq restart_examnet_daemon -restart_docker + +debug "Configuring Docker daemon" +ytl-linux-digabi2-docker-configure.sh "${IP_WAN}" "${IP_LAN}" +exit_if_error $? $EXIT_CODE_FAILED_TO_CONFIGURE_DOCKER "Failed to configure and restart Docker" print_info "Changes made successfully" From abc7fa513c2f922b106127b1b868b90c654f687e Mon Sep 17 00:00:00 2001 From: Mika Kaukoranta Date: Fri, 13 Mar 2026 15:29:10 +0200 Subject: [PATCH 7/7] Increase the number of IPs in Docker networks --- .../templates/docker-daemon.json.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template b/packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template index 833e27e..3c837fe 100644 --- a/packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template +++ b/packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template @@ -2,6 +2,6 @@ "dns": ["${DOCKER_NETWORK_DNS_RESOLVER_IP}"], "default-address-pools": [ - {"base": "${DOCKER_NETWORK_POOL_BASE_IP}/16", "size":26} + {"base": "${DOCKER_NETWORK_POOL_BASE_IP}/16", "size":24} ] }