diff --git a/bundles/bind/metadata.py b/bundles/bind/metadata.py index c896a63..fbf0e78 100644 --- a/bundles/bind/metadata.py +++ b/bundles/bind/metadata.py @@ -9,7 +9,6 @@ defaults = { }, }, 'bind': { - 'zones': {}, 'slaves': {}, 'views': { 'internal': { @@ -22,6 +21,7 @@ defaults = { '192.168.0.0/16', }, 'keys': {}, + 'zones': {}, }, 'external': { 'default': True, @@ -31,6 +31,7 @@ defaults = { 'any', }, 'keys': {}, + 'zones': {}, }, }, 'keys': { @@ -81,36 +82,40 @@ def collect_records(metadata): if metadata.get('bind/type') == 'slave': return {} - zones = {} - - for other_node in repo.nodes: - for fqdn, records in other_node.metadata.get('dns', {}).items(): - matching_zones = sorted( - filter( - lambda potential_zone: fqdn.endswith(potential_zone), - metadata.get('bind/zones').keys() - ), - key=len, - ) - if matching_zones: - zone = matching_zones[-1] - else: - continue + views = {} - name = fqdn[0:-len(zone) - 1] + for view_name, view_conf in metadata.get('bind/views').items(): + for other_node in repo.nodes: + for fqdn, records in other_node.metadata.get('dns', {}).items(): + matching_zones = sorted( + filter( + lambda potential_zone: fqdn.endswith(potential_zone), + metadata.get('bind/zones').keys() + ), + key=len, + ) + if matching_zones: + zone = matching_zones[-1] + else: + continue - for type, values in records.items(): - for value in values: - zones\ - .setdefault(zone, {})\ - .setdefault('records', set())\ - .add( - h({'name': name, 'type': type, 'value': value}) - ) + name = fqdn[0:-len(zone) - 1] + + for type, values in records.items(): + for value in values: + if repo.libs.bind.record_matches_view(value, type, name, zone, view_name, metadata, repo): + views\ + .setdefault(view_name, {})\ + .setdefault('zones', {})\ + .setdefault(zone, {})\ + .setdefault('records', set())\ + .add( + h({'name': name, 'type': type, 'value': value}) + ) return { 'bind': { - 'zones': zones, + 'views': views, }, } diff --git a/libs/bind.py b/libs/bind.py new file mode 100644 index 0000000..75acec2 --- /dev/null +++ b/libs/bind.py @@ -0,0 +1,32 @@ +from ipaddress import ip_address + +def record_matches_view(value, type, name, zone, view, metadata, repo): + if type not in ['A', 'AAAA']: + return True + if metadata.get(f'bind/views/{view}/is_internal'): + if ip_address(value).is_private: + return True + elif not list(filter( + lambda other_value: ip_address(other_value).is_private, + { + other_value + for other_node in repo.nodes + if other_node.metadata.get(f'dns/{name}.{zone}/{type}', []) + for other_value in other_node.metadata.get(f'dns/{name}.{zone}/{type}') + } + )): + return True + else: + if ip_address(value).is_global: + if value == "10.0.0.17" and view == 'external': print(333) + return True + elif not list(filter( + lambda other_value: ip_address(other_value).is_global, + { + other_value + for other_node in repo.nodes + if other_node.metadata.get(f'dns/{name}.{zone}/{type}', []) + for other_value in other_node.metadata.get(f'dns/{name}.{zone}/{type}') + } + )): + return True diff --git a/nodes/home.openhab3.py b/nodes/home.openhab3.py index 3254b93..46ed10c 100644 --- a/nodes/home.openhab3.py +++ b/nodes/home.openhab3.py @@ -40,11 +40,6 @@ }, }, }, - 'letsencrypt': { - 'domains': { - 'test11.ckn.li': {}, - } - }, 'java': { 'version': 11, }, diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py index 63f37ea..f989a22 100644 --- a/nodes/htz.mails.py +++ b/nodes/htz.mails.py @@ -64,12 +64,6 @@ 'letsencrypt': { 'domains': { 'ckn.li': {}, - 'test6.ckn.li': { - 'aliases': {'www.test6.ckn.li'}, - 'location': '/root/temp', - 'owner': 'telegraf', - 'reload': {'telegraf'}, - }, 'sublimity.de': {}, 'freibrief.net': {}, },