diff --git a/.env b/.env new file mode 100644 index 0000000..e69de29 diff --git a/.gitignore b/.gitignore index fa8523c..74cc240 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,10 @@ windows windows_2025 win11x64.iso -win2025-eval.iso \ No newline at end of file +win2025-eval.iso +windows_11_storage +windows_2025_storage +data_folder_win11/error.txt +data_folder_2025_server/errors.txt +windows_2025_storage_task1 +windows_11_storage_task1 diff --git a/README.md b/README.md new file mode 100644 index 0000000..dc2cac4 --- /dev/null +++ b/README.md @@ -0,0 +1,33 @@ +Before doing the docker compose up always use the command + +1) Create a macvlan network for the containers + +Pick a tiny slice of your LAN that you won’t use for normal devices; we’ll use .200–.206. + +# stop your current containers first +docker compose down + +# create the macvlan network (parent is your NIC that’s on 192.168.10.0/24) +# \\ here remember that you have to set the subnet gateway ip-range and the parent with your network configuration +docker network create -d macvlan \ + --subnet=192.168.10.0/24 \ + --gateway=192.168.10.1 \ + --ip-range=192.168.10.200/29 \ + -o parent=enp6s0 \ + ad_vlan +Why: macvlan lets each container appear as its own L2 host on your 192.168.10.0/24. + +2) Allow the host to talk to macvlan endpoints (host-access workaround) + +macvlan blocks host↔︎container by design. Create a macvlan sub-interface on the host so Arch can reach them: + +# create a host-side macvlan interface that shares the same parent +sudo ip link add adhost link enp6s0 type macvlan mode bridge +sudo ip addr add 192.168.10.9/24 dev adhost +sudo ip link set adhost up + +# route the small pool via this host-side macvlan interface +sudo ip route add 192.168.10.200/29 dev adhost + +Now your Arch host (192.168.10.10) can reach the macvlan IPs through adhost (192.168.10.9). + diff --git a/backup.ps1 b/backup.ps1 new file mode 100644 index 0000000..8dd2e38 --- /dev/null +++ b/backup.ps1 @@ -0,0 +1,56 @@ +# scripts/dc_setup.ps1 + +# TODO: remove to avoid priv errors +# Start-Transcript -Path "$env:TEMP\transcript.log" -Force + +# --- Script Parameters --- +$DomainName = "ttpl.local" +$DomainNetbiosName = "TTPL" +$AdminPassword = "P@raveeen123" # Use a secure method in production + +# TODO: features may be already installed, but check if domain is other than WORKGROUP +# --- Idempotency Check: Exit if already a Domain Controller --- +# Write-Host "Checking if this server is already a Domain Controller..." +# if ((Get-WindowsFeature -Name AD-Domain-Services).Installed) { +# Write-Host "Active Directory Domain Services are already installed. Exiting script." +# exit +# } +Write-Host "Server is not a DC. Proceeding with configuration." + +# --- 1. Network Configuration --- +Write-Host "Configuring static IP address..." +$ipAddress = "192.168.10.20" +$subnetMask = "255.255.255.0" +$gateway = "192.168.10.1" +$dnsServer = "127.0.0.1" # The DC is its own DNS server + +# TODO: MSFT doc uses New-NetIPAddress, but it fails if IP already exists fixit +Get-NetAdapter | ForEach-Object { + $_ | New-NetIPAddress -AddressFamily IPv4 -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway + $_ | Set-DnsClientServerAddress -ServerAddresses $dnsServer +} +Write-Host "Static IP configured." + +# --- 2. Install Active Directory Domain Services --- +Write-Host "Installing AD-Domain-Services role..." +Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools + +# --- 3. Promote to Domain Controller --- +Write-Host "Promoting server to a Domain Controller for '$DomainName'..." +$securePassword = ConvertTo-SecureString $AdminPassword -AsPlainText -Force + +Install-ADDSForest ` + -CreateDnsDelegation:$false ` + -DatabasePath "C:\WINDOWS\NTDS" ` + -DomainMode "Win2025" ` # Using a more compatible default + -DomainName $DomainName ` + -DomainNetbiosName $DomainNetbiosName ` + -ForestMode "Win2025" ` + -InstallDns:$true ` + -LogPath "C:\WINDOWS\NTDS" ` + -SysvolPath "C:\WINDOWS\SYSVOL" ` + -Force:$true ` + -SafeModeAdministratorPassword $securePassword + +# The promotion process will automatically trigger a reboot. +Write-Host "Configuration complete. The server will restart automatically." \ No newline at end of file diff --git a/compose.yml b/compose.yml index c7f991b..9235c5f 100644 --- a/compose.yml +++ b/compose.yml @@ -1,32 +1,3 @@ -# services: -# windows: -# image: dockurr/windows -# container_name: windows_11 -# privileged: true -# environment: -# VERSION: "11" -# devices: -# - /dev/kvm -# - /dev/net/tun -# cap_add: -# - NET_ADMIN -# ports: -# - 192.168.10.10:8006:8006 -# - 192.168.10.10:3389:3389/tcp -# - 192.168.10.10:3389:3389/udp -# volumes: -# - ./win11x64.iso:/boot.iso -# - ./windows:/storage -# # - ./src/entry.sh:/run/entry.sh -# restart: always -# stop_grace_period: 2m -# networks: -# - ad_network - -# networks: -# ad_network: -# external: true - services: windows_2025: image: dockurr/windows @@ -34,7 +5,8 @@ services: privileged: true environment: VERSION: "2025" - DHCP: "Y" + DHCP: "Y" + # IP: "192.168.10.20" devices: - /dev/kvm - /dev/net/tun @@ -45,13 +17,13 @@ services: - NET_ADMIN volumes: - ./win2025-eval.iso:/boot.iso - - ./windows_2025:/storage - - ./src/entry.sh:/run/entry.sh + - ./windows_2025_storage_task1:/storage + - ./data_folder_2025_server:/data restart: always stop_grace_period: 2m networks: ad_vlan: - ipv4_address: 192.168.10.201 # container IP (Linux side). Windows guest will DHCP a *different* IP. + ipv4_address: 192.168.10.201 # Fix AD(Server_2025) server IP for Docker network windows_11: image: dockurr/windows @@ -60,6 +32,7 @@ services: environment: VERSION: "11" DHCP: "Y" + # IP: "192.168.10.21" devices: - /dev/kvm - /dev/net/tun @@ -70,13 +43,14 @@ services: - NET_ADMIN volumes: - ./win11x64.iso:/boot.iso - - ./windows:/storage - - ./src/entry.sh:/run/entry.sh - restart: always + - ./windows_11_storage_task1:/storage + - ./data_folder_win11:/data stop_grace_period: 2m networks: ad_vlan: - ipv4_address: 192.168.10.202 # container IP (Linux side) + ipv4_address: 192.168.10.202 # Fix Windows 11 IP for Docker network + depends_on: + - windows_2025 networks: ad_vlan: diff --git a/data_folder_2025_server/dc_setup.ps1 b/data_folder_2025_server/dc_setup.ps1 new file mode 100644 index 0000000..0ed3fbf --- /dev/null +++ b/data_folder_2025_server/dc_setup.ps1 @@ -0,0 +1,85 @@ +# This script is designed to be idempotent. It can be run multiple times without causing errors. + +# --- Reliable Logging --- +# Start-Transcript now logs to the user's temporary folder, which is always writable. +Start-Transcript -Path "$env:TEMP\transcript.log" -Force + +# --- Script Parameters --- +$DomainName = "ttpl.local" +$DomainNetbiosName = "TTPL" +$AdminPassword = "P@raveeen123" # Use a secure method in production + +# --- Robust Idempotency Check --- +# This is a much better check. It tries to get the AD Domain information. +# If it succeeds AND the domain name matches our target, we know the script is already done. +try { + if ((Get-ADDomain).DNSRoot -eq $DomainName) { + Write-Host "This server is already a Domain Controller for the '$DomainName' domain. No action needed. Exiting." + exit + } +} +catch { + Write-Host "This server is not yet a Domain Controller . Proceeding with configuration." +} + +# --- 1. Idempotent Network Configuration --- +Write-Host "Configuring static IP address..." +$ipAddress = "192.168.10.220" +$gateway = "192.168.10.1" +$dnsServer = "127.0.0.1" # The DC is its own DNS server + +# This logic is now safe to re-run. It finds the primary network adapter. +$adapter = Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | Select-Object -First 1 + +if ($adapter) { + Write-Host "Found active network adapter: $($adapter.Name)" + + # First, set the DNS. This is always safe to do. + Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses $dnsServer + + # Check if the correct IP is already set. If not, configure it. + $currentIP = Get-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -AddressFamily IPv4 | Where-Object { $_.IPAddress -eq $ipAddress } + + # if (-not $currentIP) { //alwa + Write-Host "IP address not set correctly. Configuring static IP..." + # Remove any other IPv4 addresses to prevent conflicts + Get-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -AddressFamily IPv4 | Remove-NetIPAddress -Confirm:$false + + # Set the new IP address + New-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway + Write-Host "Static IP configured." + # } else { + # Write-Host "IP address is already correctly set to $ipAddress." + # } +} +else { + Write-Error "Could not find an active network adapter." + exit +} + +# --- 2. Install Active Directory Domain Services (if needed) --- +if (-not (Get-WindowsFeature -Name AD-Domain-Services).Installed) { + Write-Host "Installing AD-Domain-Services role..." + Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools +} else { + Write-Host "AD-Domain-Services role is already installed." +} + +# --- 3. Promote to Domain Controller --- +Write-Host "Promoting server to a Domain Controller for '$DomainName'..." +$securePassword = ConvertTo-SecureString $AdminPassword -AsPlainText -Force + +Install-ADDSForest ` + -CreateDnsDelegation:$false ` + -DatabasePath "C:\WINDOWS\NTDS" ` + -DomainMode "Win2025" ` + -DomainName $DomainName ` + -DomainNetbiosName $DomainNetbiosName ` + -ForestMode "Win2025" ` + -InstallDns:$true ` + -LogPath "C:\WINDOWS\NTDS" ` + -SysvolPath "C:\WINDOWS\SYSVOL" ` + -Force:$true ` + -SafeModeAdministratorPassword $securePassword + +Write-Host "Configuration complete. The server will restart automatically." \ No newline at end of file diff --git a/data_folder_win11/client_setup.ps1 b/data_folder_win11/client_setup.ps1 new file mode 100644 index 0000000..beaaba0 --- /dev/null +++ b/data_folder_win11/client_setup.ps1 @@ -0,0 +1,73 @@ +# This script is designed to be idempotent and robust. + +# --- Script Parameters --- +# CRITICAL: Make sure these values are correct! +$DomainName = "ttpl.local" +$DC_IP = "192.168.10.220" # IMPORTANT: Use the NEW IP address of your DC +$AdminUser = "administrator" +$AdminPassword = "admin" # CRITICAL: This MUST match the password used to create the domain + +# --- Idempotency Check --- +Write-Host "Checking if this PC is already joined to the domain..." +if ((Get-ComputerInfo).Domain -eq $DomainName) { + Write-Host "This PC is already a member of the '$DomainName' domain. Exiting script." + exit +} +Write-Host "PC is not domain-joined. Proceeding..." + +# --- 1. Wait for Domain Controller --- +Write-Host "Waiting for the Domain Controller at $DC_IP to come online..." +while (-not (Test-NetConnection -ComputerName $DC_IP -Port 389 -InformationLevel "Quiet")) { + Write-Host "DC is not reachable yet. Retrying in 10 seconds..." + Start-Sleep -Seconds 10 +} +Write-Host "Domain Controller is online!" + +# --- 2. Robust Network Configuration --- +Write-Host "Configuring static IP and DNS..." +$ipAddress = "192.168.10.219" # A free IP for this client +$gateway = "192.168.10.1" +$dnsServer = $DC_IP # DNS MUST point to the Domain Controller + +# Find the primary active network adapter +$adapter = Get-NetAdapter | Where-Object { $_.Status -eq "Up" } | Select-Object -First 1 + +if ($adapter) { + Write-Host "Found active network adapter: $($adapter.Name)" + + # THE NEW FIX: This logic uses 'Set-' cmdlets to modify the existing configuration. + # It avoids the '...already exists' error by not trying to create a new configuration. + + # First, get the existing IP configuration object. + $ipconfig = Get-NetIPConfiguration -InterfaceIndex $adapter.InterfaceIndex | Where-Object { $_.IPv4Address } | Select-Object -First 1 + + if ($ipconfig) { + Write-Host "Modifying existing IP configuration..." + # Use Set-NetIPAddress to change the IP and Gateway on the existing configuration + Set-NetIPAddress -InputObject $ipconfig -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway + # Use Set-DnsClientServerAddress to set the DNS + Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses $dnsServer + } + else { + # Fallback for a completely unconfigured adapter (unlikely in this case, but safe) + Write-Host "No existing IP configuration found. Creating a new one..." + New-NetIPAddress -InterfaceIndex $adapter.InterfaceIndex -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $gateway + Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses $dnsServer + } + + Write-Host "Static IP and DNS configured." + Start-Sleep -Seconds 15 # Give network settings a moment to apply +} +else { + Write-Error "Could not find an active network adapter." + exit +} + +# --- 3. Join the Domain --- +Write-Host "Joining the domain '$DomainName'..." +$username = "$DomainName\$AdminUser" +$credential = New-Object System.Management.Automation.PSCredential($username, (ConvertTo-SecureString $AdminPassword -AsPlainText -Force)) + +Add-Computer -DomainName $DomainName -Credential $credential -Restart -Force +Write-Host "Domain join complete. The computer will restart automatically." +