oxidized 0.30.1 → 0.31.0

data/examples/device-simulation/yaml/routeros_CHR_7.16.yaml

@@ -0,0 +1,79 @@
+---
+init_prompt:
+commands:
+  /system resource print: |-
+    \x20                  uptime: 32m36s
+                      version: 7.16 (stable)
+                   build-time: 2024-09-20 13:00:27
+             factory-software: 7.1
+                  free-memory: 165.6MiB
+                 total-memory: 384.0MiB
+                          cpu: QEMU
+                    cpu-count: 1
+                cpu-frequency: 2999MHz
+                     cpu-load: 2%
+               free-hdd-space: 71.2MiB
+              total-hdd-space: 89.2MiB
+      write-sect-since-reboot: 584
+             write-sect-total: 584
+            architecture-name: x86_64
+                   board-name: CHR QEMU Standard PC (i440FX + PIIX, 1996)
+                     platform: MikroTik
+    
+  /system package update print: |-
+    \x20           channel: stable
+      installed-version: 7.16
+    
+  /system history print without-paging: |-
+    
+  /export show-sensitive: |-
+    # 2024-11-16 06:25:32 by RouterOS 7.16
+    # software id =\x20
+    #
+    /interface ethernet
+    set [ find default-name=ether1 ] disable-running-check=no
+    set [ find default-name=ether2 ] disable-running-check=no
+    set [ find default-name=ether3 ] disable-running-check=no
+    set [ find default-name=ether4 ] disable-running-check=no
+    set [ find default-name=ether5 ] disable-running-check=no
+    set [ find default-name=ether6 ] disable-running-check=no
+    set [ find default-name=ether7 ] disable-running-check=no
+    set [ find default-name=ether8 ] disable-running-check=no
+    /port
+    set 0 name=serial0
+    /ip address
+    add address=10.0.2.100/24 interface=ether1 network=10.0.2.0
+    /ip dhcp-client
+    add interface=ether1
+    /system note
+    set show-at-login=no
+  quit: |-
+    interrupted
+oxidized_output: |
+  #                   version: 7.16 (stable)
+  #          factory-software: 7.1
+  #              total-memory: 384.0MiB
+  #                       cpu: QEMU
+  #                 cpu-count: 1
+  #           total-hdd-space: 89.2MiB
+  #         architecture-name: x86_64
+  #                board-name: CHR QEMU Standard PC (i440FX + PIIX, 1996)
+  #                  platform: MikroTik#   installed-version: 7.16# software id =\x20
+  #
+  /interface ethernet
+  set [ find default-name=ether1 ] disable-running-check=no
+  set [ find default-name=ether2 ] disable-running-check=no
+  set [ find default-name=ether3 ] disable-running-check=no
+  set [ find default-name=ether4 ] disable-running-check=no
+  set [ find default-name=ether5 ] disable-running-check=no
+  set [ find default-name=ether6 ] disable-running-check=no
+  set [ find default-name=ether7 ] disable-running-check=no
+  set [ find default-name=ether8 ] disable-running-check=no
+  /port
+  set 0 name=serial0
+  /ip address
+  add address=10.0.2.100/24 interface=ether1 network=10.0.2.0
+  /ip dhcp-client
+  add interface=ether1
+  /system note
+  set show-at-login=no

data/examples/device-simulation/yaml/routeros_L009UiGS_7.15.2.yaml

@@ -0,0 +1,353 @@
+---
+init_prompt:
+commands:
+  /system resource print: |-
+    \x20                  uptime: 14w1d19h55m4s
+    \x20                 version: 7.15.2 (stable)
+    \x20              build-time: 2024-06-26 11:42:37
+    \x20        factory-software: 7.12
+    \x20             free-memory: 432.4MiB
+    \x20            total-memory: 512.0MiB
+    \x20                     cpu: ARM
+    \x20               cpu-count: 2
+    \x20           cpu-frequency: 800MHz
+    \x20                cpu-load: 0%
+    \x20          free-hdd-space: 103.8MiB
+    \x20         total-hdd-space: 128.0MiB
+    \x20 write-sect-since-reboot: 361943
+    \x20        write-sect-total: 669893
+    \x20              bad-blocks: 0%
+    \x20       architecture-name: arm
+    \x20              board-name: L009UiGS
+    \x20                platform: MikroTik
+    
+  /system package update print: |-
+    \x20           channel: stable
+    \x20 installed-version: 7.15.2
+    \x20    latest-version: 7.15.3
+    \x20            status: New version is available
+    
+  /system history print without-paging: |-
+    Flags: U - UNDOABLE
+    Columns: ACTION, BY, POLICY, TIME
+    \x20 ACTION                            BY           POLICY  TIME              \x20
+    U bridge port changed               user  write   2024-07-31 09:33:47
+    U bridge port changed               user  write   2024-07-31 09:32:52
+    U bridge port changed               user  write   2024-07-31 09:32:50
+    U detect-internet settings changed  user  write   2024-07-31 09:28:59
+    
+  /export show-sensitive: |-
+    # 2024-10-25 12:09:43 by RouterOS 7.15.2
+    # software id = A0AA-AAA0
+    #
+    # model = L009UiGS
+    # serial number = AA111AAAAAA
+    /interface bridge
+    add admin-mac=00:00:5E:00:53:00 auto-mac=no comment=defconf name=bridge \\
+    \x20   port-cost-mode=short
+    /interface vlan
+    add interface=ether1 name=vlan6 vlan-id=6
+    /interface pppoe-client
+    add add-default-route=yes disabled=no interface=vlan6 name=pppoe-out1 \\
+    \x20   password=password use-peer-dns=yes user=user
+    /interface list
+    add comment=defconf name=WAN
+    add comment=defconf name=LAN
+    /interface wireless security-profiles
+    set [ find default=yes ] supplicant-identity=MikroTik
+    /ip pool
+    add name=default-dhcp ranges=192.0.2.0-192.0.2.254
+    /ip dhcp-server
+    add address-pool=default-dhcp interface=bridge lease-time=10m name=defconf
+    /port
+    set 0 name=serial0
+    /snmp community
+    add addresses=0.0.0.0/0 name=community security=authorized
+    /interface bridge port
+    add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \\
+    \x20   path-cost=10
+    add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \\
+    \x20   path-cost=10
+    add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \\
+    \x20   path-cost=10
+    add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 \\
+    \x20   path-cost=10
+    add bridge=bridge comment=defconf interface=ether6 internal-path-cost=10 \\
+    \x20   path-cost=10
+    add bridge=bridge comment=defconf interface=ether7 internal-path-cost=10 \\
+    \x20   path-cost=10
+    add bridge=bridge comment=defconf interface=ether8 internal-path-cost=10 \\
+    \x20   path-cost=10
+    add bridge=bridge comment=defconf interface=sfp1 internal-path-cost=10 \\
+    \x20   path-cost=10
+    /ip firewall connection tracking
+    set udp-timeout=10s
+    /ip neighbor discovery-settings
+    set discover-interface-list=LAN
+    /ip settings
+    set max-neighbor-entries=14336
+    /ipv6 settings
+    set max-neighbor-entries=7168
+    /interface list member
+    add comment=defconf interface=bridge list=LAN
+    add comment=defconf interface=ether1 list=WAN
+    add interface=pppoe-out1 list=WAN
+    /ip address
+    add address=192.0.2.1/24 comment=defconf interface=bridge network=\\
+    \x20   192.0.2.0
+    /ip dhcp-client
+    add comment=defconf interface=ether1
+    /ip dhcp-server network
+    add address=192.0.2.0/24 comment=defconf dns-server=192.0.2.1 gateway=\\
+    \x20   192.0.2.1
+    /ip dns
+    set allow-remote-requests=yes
+    /ip dns static
+    add address=192.0.2.1 comment=defconf name=router.lan
+    /ip firewall address-list
+    add address=198.51.100.1 list=\"office\"
+    add address=198.51.100.2 list=\"nms\"
+    /ip firewall filter
+    add action=accept chain=input comment=\\
+    \x20   \"defconf: accept established,related,untracked\" connection-state=\\
+    \x20   established,related,untracked
+    add action=drop chain=input comment=\"defconf: drop invalid\" connection-state=\\
+    \x20   invalid
+    add action=accept chain=input comment=\"defconf: accept ICMP\" protocol=icmp
+    add action=accept chain=input comment=\"Remote MGTM\" in-interface-list=WAN \\
+    \x20   src-address-list=\"office\"
+    add action=accept chain=input in-interface-list=WAN src-address-list=\\
+    \x20   \"nms\"
+    add action=accept chain=input comment=\\
+    \x20   \"defconf: accept to local loopback (for CAPsMAN)\" dst-address=127.0.0.1
+    add action=drop chain=input comment=\"defconf: drop all not coming from LAN\" \\
+    \x20   in-interface-list=!LAN
+    add action=accept chain=forward comment=\"defconf: accept in ipsec policy\" \\
+    \x20   ipsec-policy=in,ipsec
+    add action=accept chain=forward comment=\"defconf: accept out ipsec policy\" \\
+    \x20   ipsec-policy=out,ipsec
+    add action=fasttrack-connection chain=forward comment=\"defconf: fasttrack\" \\
+    \x20   connection-state=established,related hw-offload=yes
+    add action=accept chain=forward comment=\\
+    \x20   \"defconf: accept established,related, untracked\" connection-state=\\
+    \x20   established,related,untracked
+    add action=drop chain=forward comment=\"defconf: drop invalid\" \\
+    \x20   connection-state=invalid
+    add action=drop chain=forward comment=\\
+    \x20   \"defconf: drop all from WAN not DSTNATed\" connection-nat-state=!dstnat \\
+    \x20   connection-state=new in-interface-list=WAN
+    /ip firewall nat
+    add action=masquerade chain=srcnat comment=\"defconf: masquerade\" \\
+    \x20   ipsec-policy=out,none out-interface-list=WAN
+    /ipv6 firewall address-list
+    add address=::/128 comment=\"defconf: unspecified address\" list=bad_ipv6
+    add address=::1/128 comment=\"defconf: lo\" list=bad_ipv6
+    add address=fec0::/10 comment=\"defconf: site-local\" list=bad_ipv6
+    add address=::ffff:0.0.0.0/96 comment=\"defconf: ipv4-mapped\" list=bad_ipv6
+    add address=::/96 comment=\"defconf: ipv4 compat\" list=bad_ipv6
+    add address=100::/64 comment=\"defconf: discard only \" list=bad_ipv6
+    add address=2001:db8::/32 comment=\"defconf: documentation\" list=bad_ipv6
+    add address=2001:10::/28 comment=\"defconf: ORCHID\" list=bad_ipv6
+    add address=3ffe::/16 comment=\"defconf: 6bone\" list=bad_ipv6
+    /ipv6 firewall filter
+    add action=accept chain=input comment=\\
+    \x20   \"defconf: accept established,related,untracked\" connection-state=\\
+    \x20   established,related,untracked
+    add action=drop chain=input comment=\"defconf: drop invalid\" connection-state=\\
+    \x20   invalid
+    add action=accept chain=input comment=\"defconf: accept ICMPv6\" protocol=\\
+    \x20   icmpv6
+    add action=accept chain=input comment=\"defconf: accept UDP traceroute\" port=\\
+    \x20   33434-33534 protocol=udp
+    add action=accept chain=input comment=\\
+    \x20   \"defconf: accept DHCPv6-Client prefix delegation.\" dst-port=546 protocol=\\
+    \x20   udp src-address=fe80::/10
+    add action=accept chain=input comment=\"defconf: accept IKE\" dst-port=500,4500 \\
+    \x20   protocol=udp
+    add action=accept chain=input comment=\"defconf: accept ipsec AH\" protocol=\\
+    \x20   ipsec-ah
+    add action=accept chain=input comment=\"defconf: accept ipsec ESP\" protocol=\\
+    \x20   ipsec-esp
+    add action=accept chain=input comment=\\
+    \x20   \"defconf: accept all that matches ipsec policy\" ipsec-policy=in,ipsec
+    add action=drop chain=input comment=\\
+    \x20   \"defconf: drop everything else not coming from LAN\" in-interface-list=\\
+    \x20   !LAN
+    add action=accept chain=forward comment=\\
+    \x20   \"defconf: accept established,related,untracked\" connection-state=\\
+    \x20   established,related,untracked
+    add action=drop chain=forward comment=\"defconf: drop invalid\" \\
+    \x20   connection-state=invalid
+    add action=drop chain=forward comment=\\
+    \x20   \"defconf: drop packets with bad src ipv6\" src-address-list=bad_ipv6
+    add action=drop chain=forward comment=\\
+    \x20   \"defconf: drop packets with bad dst ipv6\" dst-address-list=bad_ipv6
+    add action=drop chain=forward comment=\"defconf: rfc4890 drop hop-limit=1\" \\
+    \x20   hop-limit=equal:1 protocol=icmpv6
+    add action=accept chain=forward comment=\"defconf: accept ICMPv6\" protocol=\\
+    \x20   icmpv6
+    add action=accept chain=forward comment=\"defconf: accept HIP\" protocol=139
+    add action=accept chain=forward comment=\"defconf: accept IKE\" dst-port=\\
+    \x20   500,4500 protocol=udp
+    add action=accept chain=forward comment=\"defconf: accept ipsec AH\" protocol=\\
+    \x20   ipsec-ah
+    add action=accept chain=forward comment=\"defconf: accept ipsec ESP\" protocol=\\
+    \x20   ipsec-esp
+    add action=accept chain=forward comment=\\
+    \x20   \"defconf: accept all that matches ipsec policy\" ipsec-policy=in,ipsec
+    add action=drop chain=forward comment=\\
+    \x20   \"defconf: drop everything else not coming from LAN\" in-interface-list=\\
+    \x20   !LAN
+    /snmp
+    set contact=user enabled=yes location=\"Riga, LATIVA\" \\
+    \x20   trap-community=community
+    /system clock
+    set time-zone-name=Europe/Riga
+    /system identity
+    set name=router
+    /system note
+    set show-at-login=no
+    /system routerboard settings
+    set enter-setup-on=delete-key
+    /tool mac-server
+    set allowed-interface-list=LAN
+    /tool mac-server mac-winbox
+    set allowed-interface-list=LAN
+  quit: |-
+    interrupted
+oxidized_output: |
+  #                   version: 7.15.2 (stable)
+  #          factory-software: 7.12
+  #              total-memory: 512.0MiB
+  #                       cpu: ARM
+  #                 cpu-count: 2
+  #           total-hdd-space: 128.0MiB
+  #         architecture-name: arm
+  #                board-name: L009UiGS
+  #                  platform: MikroTik#   installed-version: 7.15.2
+  # Flags: U - UNDOABLE
+  # Columns: ACTION, BY, POLICY, TIME
+  #   ACTION                            BY           POLICY  TIME              \x20
+  # U bridge port changed               user  write   2024-07-31 09:33:47
+  # U bridge port changed               user  write   2024-07-31 09:32:52
+  # U bridge port changed               user  write   2024-07-31 09:32:50
+  # U detect-internet settings changed  user  write   2024-07-31 09:28:59# software id = A0AA-AAA0
+  #
+  # model = L009UiGS
+  # serial number = AA111AAAAAA
+  /interface bridge
+  add admin-mac=00:00:5E:00:53:00 auto-mac=no comment=defconf name=bridge port-cost-mode=short
+  /interface vlan
+  add interface=ether1 name=vlan6 vlan-id=6
+  /interface pppoe-client
+  add add-default-route=yes disabled=no interface=vlan6 name=pppoe-out1 password=password use-peer-dns=yes user=user
+  /interface list
+  add comment=defconf name=WAN
+  add comment=defconf name=LAN
+  /interface wireless security-profiles
+  set [ find default=yes ] supplicant-identity=MikroTik
+  /ip pool
+  add name=default-dhcp ranges=192.0.2.0-192.0.2.254
+  /ip dhcp-server
+  add address-pool=default-dhcp interface=bridge lease-time=10m name=defconf
+  /port
+  set 0 name=serial0
+  /snmp community
+  add addresses=0.0.0.0/0 name=community security=authorized
+  /interface bridge port
+  add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 path-cost=10
+  add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 path-cost=10
+  add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 path-cost=10
+  add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 path-cost=10
+  add bridge=bridge comment=defconf interface=ether6 internal-path-cost=10 path-cost=10
+  add bridge=bridge comment=defconf interface=ether7 internal-path-cost=10 path-cost=10
+  add bridge=bridge comment=defconf interface=ether8 internal-path-cost=10 path-cost=10
+  add bridge=bridge comment=defconf interface=sfp1 internal-path-cost=10 path-cost=10
+  /ip firewall connection tracking
+  set udp-timeout=10s
+  /ip neighbor discovery-settings
+  set discover-interface-list=LAN
+  /ip settings
+  set max-neighbor-entries=14336
+  /ipv6 settings
+  set max-neighbor-entries=7168
+  /interface list member
+  add comment=defconf interface=bridge list=LAN
+  add comment=defconf interface=ether1 list=WAN
+  add interface=pppoe-out1 list=WAN
+  /ip address
+  add address=192.0.2.1/24 comment=defconf interface=bridge network=192.0.2.0
+  /ip dhcp-client
+  add comment=defconf interface=ether1
+  /ip dhcp-server network
+  add address=192.0.2.0/24 comment=defconf dns-server=192.0.2.1 gateway=192.0.2.1
+  /ip dns
+  set allow-remote-requests=yes
+  /ip dns static
+  add address=192.0.2.1 comment=defconf name=router.lan
+  /ip firewall address-list
+  add address=198.51.100.1 list=\"office\"
+  add address=198.51.100.2 list=\"nms\"
+  /ip firewall filter
+  add action=accept chain=input comment=\"defconf: accept established,related,untracked\" connection-state=established,related,untracked
+  add action=drop chain=input comment=\"defconf: drop invalid\" connection-state=invalid
+  add action=accept chain=input comment=\"defconf: accept ICMP\" protocol=icmp
+  add action=accept chain=input comment=\"Remote MGTM\" in-interface-list=WAN src-address-list=\"office\"
+  add action=accept chain=input in-interface-list=WAN src-address-list=\"nms\"
+  add action=accept chain=input comment=\"defconf: accept to local loopback (for CAPsMAN)\" dst-address=127.0.0.1
+  add action=drop chain=input comment=\"defconf: drop all not coming from LAN\" in-interface-list=!LAN
+  add action=accept chain=forward comment=\"defconf: accept in ipsec policy\" ipsec-policy=in,ipsec
+  add action=accept chain=forward comment=\"defconf: accept out ipsec policy\" ipsec-policy=out,ipsec
+  add action=fasttrack-connection chain=forward comment=\"defconf: fasttrack\" connection-state=established,related hw-offload=yes
+  add action=accept chain=forward comment=\"defconf: accept established,related, untracked\" connection-state=established,related,untracked
+  add action=drop chain=forward comment=\"defconf: drop invalid\" connection-state=invalid
+  add action=drop chain=forward comment=\"defconf: drop all from WAN not DSTNATed\" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
+  /ip firewall nat
+  add action=masquerade chain=srcnat comment=\"defconf: masquerade\" ipsec-policy=out,none out-interface-list=WAN
+  /ipv6 firewall address-list
+  add address=::/128 comment=\"defconf: unspecified address\" list=bad_ipv6
+  add address=::1/128 comment=\"defconf: lo\" list=bad_ipv6
+  add address=fec0::/10 comment=\"defconf: site-local\" list=bad_ipv6
+  add address=::ffff:0.0.0.0/96 comment=\"defconf: ipv4-mapped\" list=bad_ipv6
+  add address=::/96 comment=\"defconf: ipv4 compat\" list=bad_ipv6
+  add address=100::/64 comment=\"defconf: discard only \" list=bad_ipv6
+  add address=2001:db8::/32 comment=\"defconf: documentation\" list=bad_ipv6
+  add address=2001:10::/28 comment=\"defconf: ORCHID\" list=bad_ipv6
+  add address=3ffe::/16 comment=\"defconf: 6bone\" list=bad_ipv6
+  /ipv6 firewall filter
+  add action=accept chain=input comment=\"defconf: accept established,related,untracked\" connection-state=established,related,untracked
+  add action=drop chain=input comment=\"defconf: drop invalid\" connection-state=invalid
+  add action=accept chain=input comment=\"defconf: accept ICMPv6\" protocol=icmpv6
+  add action=accept chain=input comment=\"defconf: accept UDP traceroute\" port=33434-33534 protocol=udp
+  add action=accept chain=input comment=\"defconf: accept DHCPv6-Client prefix delegation.\" dst-port=546 protocol=udp src-address=fe80::/10
+  add action=accept chain=input comment=\"defconf: accept IKE\" dst-port=500,4500 protocol=udp
+  add action=accept chain=input comment=\"defconf: accept ipsec AH\" protocol=ipsec-ah
+  add action=accept chain=input comment=\"defconf: accept ipsec ESP\" protocol=ipsec-esp
+  add action=accept chain=input comment=\"defconf: accept all that matches ipsec policy\" ipsec-policy=in,ipsec
+  add action=drop chain=input comment=\"defconf: drop everything else not coming from LAN\" in-interface-list=!LAN
+  add action=accept chain=forward comment=\"defconf: accept established,related,untracked\" connection-state=established,related,untracked
+  add action=drop chain=forward comment=\"defconf: drop invalid\" connection-state=invalid
+  add action=drop chain=forward comment=\"defconf: drop packets with bad src ipv6\" src-address-list=bad_ipv6
+  add action=drop chain=forward comment=\"defconf: drop packets with bad dst ipv6\" dst-address-list=bad_ipv6
+  add action=drop chain=forward comment=\"defconf: rfc4890 drop hop-limit=1\" hop-limit=equal:1 protocol=icmpv6
+  add action=accept chain=forward comment=\"defconf: accept ICMPv6\" protocol=icmpv6
+  add action=accept chain=forward comment=\"defconf: accept HIP\" protocol=139
+  add action=accept chain=forward comment=\"defconf: accept IKE\" dst-port=500,4500 protocol=udp
+  add action=accept chain=forward comment=\"defconf: accept ipsec AH\" protocol=ipsec-ah
+  add action=accept chain=forward comment=\"defconf: accept ipsec ESP\" protocol=ipsec-esp
+  add action=accept chain=forward comment=\"defconf: accept all that matches ipsec policy\" ipsec-policy=in,ipsec
+  add action=drop chain=forward comment=\"defconf: drop everything else not coming from LAN\" in-interface-list=!LAN
+  /snmp
+  set contact=user enabled=yes location=\"Riga, LATIVA\" trap-community=community
+  /system clock
+  set time-zone-name=Europe/Riga
+  /system identity
+  set name=router
+  /system note
+  set show-at-login=no
+  /system routerboard settings
+  set enter-setup-on=delete-key
+  /tool mac-server
+  set allowed-interface-list=LAN
+  /tool mac-server mac-winbox
+  set allowed-interface-list=LAN

data/examples/podman-compose/Makefile

@@ -6,12 +6,18 @@ help:
 
 rights:
 	podman unshare chown -R 30000:30000 oxidized-config oxidized-ssh
+	podman unshare chown -R 30001 gitserver/repo.git
 
 clean-rights:
 	podman unshare chown -R 0:0 *
 
-start: rights model-image
-	podman-compose -p oxidized up
+start: gitserver-createrepo rights images
+	if [ -f oxidized-config/config ]; then \
+	  podman-compose -p oxidized up ; \
+	else { \
+	  echo "\n########\noxidized-config/config does not exist"; \
+	  echo "create one or copy an example in the folder"; \
+	} fi
 
 run: start
 
@@ -23,7 +29,7 @@ start-local:
 	if [ -f oxidized-config/config.local ]; then \
 	  cp oxidized-config/config.local oxidized-config/config; \
 	else \
-	  echo "oxidized-config/config.local does not exist"; \
+	  echo "\n########\noxidized-config/config.local does not exist"; \
 	fi
 	$(MAKE) start
 
@@ -31,31 +37,68 @@ stop-local: stop
 	if [ -f oxidized-config/config.local ]; then \
 	  git checkout -- oxidized-config/config; \
 	else \
-	  echo "oxidized-config/config.local does not exist"; \
+	  echo "\n########\noxidized-config/config.local does not exist"; \
 	fi
 
+# creates a container image for the model simulation
 model-image:
-	podman image exists localhost/local/model || \
+	podman image exists local/model || \
 	  podman build -t local/model -f model-simulation/Dockerfile-model .
 
 model-clean:
 	podman rmi local/model
 
-clean: stop-local model-clean
+# creates a container image for gitserver
+gitserver-image:
+	podman image exists local/gitserver || \
+	  podman build -t local/gitserver gitserver/
+
+# create the repo repo.git inside the gitserver mapped volume
+gitserver-createrepo: clean-rights
+	if [ ! -d gitserver/repo.git ]; then \
+	  git init --bare gitserver/repo.git; \
+	fi
+
+gitserver-clean:
+	podman rmi local/gitserver
+	rm -rf gitserver/repo.git
+
+gitserver-getkey:
+	podman exec --user oxidized -t oxidized_oxidized_1 sh -c "ssh-keyscan gitserver > /home/oxidized/.ssh/known_hosts"
+
+# build all helper containter images
+images: model-image gitserver-image oxidized-image
+
+# build the oxidized image from the curent repository
+oxidized-image:
+	podman image exists local/oxidized || \
+	  podman build -t local/oxidized ../../
+
+# removes the oxidized image
+oxidized-image-clean:
+	podman rmi local/oxidized
+
+# run evey clean line, even if the previous fails
+clean:
+	-$(MAKE) stop-local
+	-$(MAKE) model-clean
+	-$(MAKE) gitserver-clean
+	-$(MAKE) oxidized-image-clean
 
 define HELP
 make help           - This help
-make rights         - Change the rights of mapped folders for user oxidized
-                      in the container
+make rights         - Change the rights of mapped folders for the users inside
+                      the container
 make clean-rights   - Revert the rights of mapped folders to the local user
-make start          - Start the containter
+make start          - Start the pod with all containers (alias - make run)
                       You can interrupt with Ctrl-C, but make sure you run
-                      make stop to realy stop the container
-make run            - Same as make start
-make stop           - Stop the containter
-make start-local    - Starts the container with the local configuration config.local
-make stop-local     - Stops the container and restores oxidized-config/config from git
-make model-image    - Creates a local OCI-Image to run simulated devices
-make model-clean    - Removes the local OCI-Image to run simulated devices
-make clean          - make stop-local + model-clean
+                      'make stop' to realy stop the container
+make stop           - Stop the pod
+make start-local    - Starts the pod with the local configuration
+                      oxidized-config/config.local
+make stop-local     - Stops the pod and restores
+                      oxidized-config/config from git
+make gitserver-getkey - stores the public key of the gitserver into
+                      oxidized-ssh/known_hosts (the pod must be running)
+make clean          - reverts everything to its original state
 endef

data/examples/podman-compose/README.md

@@ -1,35 +1,47 @@
-# Running oxidized with podman-compose
-This is an example of Oxidized running within an OCI container, provided by
-podman and podman-compose.
+# Running Oxidized with podman-compose
+This example demonstrates running Oxidized within an OCI container using
+podman-compose. It’s actively used in Oxidized development to validate the
+container’s functionality and to simulate potential issues.
 
-In order to have the example work out of the box, a network device is simulated.
-The model asternos has been chosen because there were not too many commands to
-implement.
+While this example uses podman and podman-compose, it should also be compatible
+with docker, as podman supports docker’s CLI.
 
-To run the example, just run `make start`. You should be sure to have installed the
-[dependencies](#dependencies) before.
+To make this example work seamlessly, a simulated network device is included.
+The asternos model is used here for simplicity, as it requires minimal commands
+to implement. The simulated output doesn’t replicate real device responses but
+provides changing lines over time to test Oxidized’s functionality.
 
-To exit, press `CTRL-C` or run `make stop` in a separate shell. If you exit
-with `CTRL-C`, make sure to run `make stop` after it, in order to clean up the
-running environment.
+
+The example also provides a Git server to test the interaction with it.
+
+# Run the example
+> :warning: the example builds local containers and will require at least 2 GB
+> of disk space along with some CPU and time during the first run.
+
+To start the example, simply run `make start`. Ensure you have installed the
+necessary [dependencies](#dependencies) before.
+
+To stop, press `CTRL-C` or run `make stop` in a separate shell. If you exit
+with `CTRL-C`, make sure to run `make stop` afterward to properly clean up the
+environment.
 
 ## Running Environment
-This example of oxidized with podman-compose has been run on Debian
-Bookworm (Version 12), but should work with few adaptations on any Linux
+This example of oxidized with podman-compose is running on Debian
+Bookworm (Version 12). It should work with few adaptations on any Linux
 box running podman, and maybe also with docker.
 
 ## Dependencies
-You need to install some packages on your debian system:
+To get started, install the required packages on your Debian system:
 ```shell
 sudo apt install podman containers-storage podman-compose make
 ```
 
-You also want to make sure that podman uses the overlay driver for storing its images.
-If not, it will save every layer of the container to disk (and not only the delta),
-so it will fill your disk very fast.
+Ensure Podman is using the overlay driver for image storage.
+Without this driver, Podman may save every container layer separately rather
+than only the changes, which can quickly consume disk space.
 
-This happens if you run podman without having installed the package `container-storage`
-before.
+This issue can occur if podman was run before installing the
+`container-storage`  package.
 
 ```shell
 podman info | grep graphDriverName
@@ -43,16 +55,40 @@ You should get this reply
 If not, the quick way I found to solve it is to delete `~/.local/share/containers/`.
 Beware - this will delete **all** your containers!
 
-## I want to adapt this to my needs
-Feel free and have fun. You probably want to edit docker-compose.yml in order to remove the
-simulated model.
+## Adapting to your needs
+Feel free to customize this setup as you wish! You may want to edit
+`docker-compose.yml` to remove any containers simulating specific components.
 
-## Use your own oxidized configuration within the git repository
-When developing oxidized and testing the container, you may want to use your
-own configuration. This can be done by saving it under `oxidized-config/config.local`
+## Use your own oxidized configuration in the git repository
+When developing oxidized or testing the container, you may want to use a custom
+configuration. This can be done by saving it under `oxidized-config/config.local`
 
 `make start-local` will recognize the local configuration and copy it to
 `oxidized-config/config` before starting the container.
 
-You shoud stop the container with `make stop-local` in order to restore the original
-configuration from git.
+You should stop the container with `make stop-local` in order to restore the
+original configuration from the git repository.
+
+In the folder `oxidized-config/, you will also find some example configs,
+for example `config_csv-gitserver`. To use them, just copy the file to `config`.
+
+## Git server public keys
+To enable Oxidized to access the Git server, you'll need to retrieve the
+servers' public SSH keys and store them under `oxidized-ssh/known_hosts`.
+Without this, you will encounter the following error:
+
+```
+ERROR -- : Hook push_to_remote (#<GithubRepo:0x00007f4cff47d918>) failed (#<Rugged::SshError: invalid or unknown remote ssh hostkey>) for event :post_store
+```
+
+While the container environment is running (`make start`), open a separate shell
+and run:
+```
+make gitserver-getkey
+```
+
+You do not need to restart the container environment; Oxidized will
+automatically use the key the next time it pushes to the remote Git repository.
+
+
+