## Machine virtuelle GENERIC 

#### (c'est-à-dire le modèle de toutes les machines virtuelles)

...

### Matériel virtuel

CPU : 1  
RAM : 1000 Mio
Stockage de masse : 50 Gio (fichier `sparse` i.e les zéros ne sont pas écrits sur le disque)

### Logiciel

Système d'exploitation : Debian GNU/Linux-libre 11 (Bullseye)  
Noyau : Linux-libre LTS (`linux-libre-lts` des dépôts https://linux-libre.fsfla.org)  
Sécurités de la maintenance : `etckeeper`, `mollyguard`, `git`, `tig`, `screen`  
Mail Transfer Agent : `postfix`  

### Caractéristiques notables

Domaine : dns.libre-en-communs.org  
Adresse ipv4 publique : 80.67.179.96  
Adresse ipv4 interne : 192.169.1.195  
Adresse ipv6 publique : 2001:910:1360::4

### Configuration réseau

#### /etc/network/interfaces
<details>

    # The primary network interface
    allow-hotplug enp1s0
    iface enp1s0 inet dhcp
    iface enp1s0 inet6 static
        address 2001:910:1360::4/128
        gateway 2001:910:1360::
</details>

### Configuration SSH

#### /etc/ssh/sshd_config
<details>

    #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.

    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

        Port 22
        AddressFamily any
        ListenAddress 0.0.0.0
        ListenAddress ::

        PubkeyAuthentication yes

        PasswordAuthentication no
        PermitEmptyPasswords no

        ChallengeResponseAuthentication no

        UsePAM yes

        PrintMotd no

        AcceptEnv LANG LC_* GIT_*

        Subsystem	sftp	/usr/lib/openssh/sftp-server

        Match Group ssh-login
            PasswordAuthentication yes

</details>

#### /etc/host.allow
    
    sshd: 192.169.1.0/24, [2001:910:1360::]/48

#### /etc/host/deny
    
    sshd: ALL

### Configuration SUDO

#### /etc/sudoers
<details>

    #
    # This file MUST be edited with the 'visudo' command as root.
    #
    # Please consider adding local content in /etc/sudoers.d/ instead of
    # directly modifying this file.
    #
    # See the man page for details on how to write a sudoers file.
    #
    Defaults	env_reset
    Defaults        env_keep += "GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL"
    Defaults	mail_badpass, insults
    Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

    # Host alias specification

    # User alias specification

    # Cmnd alias specification

    # User privilege specification
    root	ALL=(ALL:ALL) ALL

    # Allow members of group sudo to execute any command
    %sudo	ALL=(ALL:ALL) NOPASSWD:ALL

    # See sudoers(5) for more information on "#include" directives:

    #includedir /etc/sudoers.d


</details>

### Configuration MTA

#### /etc/postfix/transport

    a-lec.org    :
    *              discard:

#### /etc/postfix/virtual

    @localhost admin@a-lec.org
    @generic.a-lec.org admin@a-lec.org