cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
cronekorkn 2023-04-25 00:18:04 +02:00
parent 5fa4969cfe
commit 0ededceea4
Signed by: cronekorkn
SSH key fingerprint: SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
21 changed files with 151 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bin/wireguard_client_config
View file

@ -13,7 +13,7 @@ data = server_node.metadata.get(f'wireguard/clients/{argv[2]}')
vpn_network = ip_interface(server_node.metadata.get('wireguard/my_ip')).network
allowed_ips = [
vpn_network,
ip_interface(server_node.metadata.get('network/internal/ipv4')).network,
ip_interface(server_node.metadata.get('network/internal_ipv4')).network,
]
for peer in server_node.metadata.get('wireguard/s2s').values():
for network in peer['allowed_ips']:

8
bundles/bind-acme/metadata.py
View file

@ -6,12 +6,12 @@ from ipaddress import ip_interface
)
def acme_records(metadata):
domains = set()
for other_node in repo.nodes:
for domain, conf in other_node.metadata.get('letsencrypt/domains', {}).items():
domains.add(domain)
domains.update(conf.get('aliases', []))
return {
'dns': {
f'_acme-challenge.{domain}': {
@ -30,7 +30,7 @@ def acme_records(metadata):
def acme_zone(metadata):
allowed_ips = {
*{
str(ip_interface(other_node.metadata.get('network/internal/ipv4')).ip)
str(ip_interface(other_node.metadata.get('network/internal_ipv4')).ip)
for other_node in repo.nodes
if other_node.metadata.get('letsencrypt/domains', {})
},
@ -40,7 +40,7 @@ def acme_zone(metadata):
if other_node.has_bundle('wireguard')
},
}
return {
'bind': {
'acls': {

4
bundles/bind/metadata.py
View file

@ -1,5 +1,7 @@
from ipaddress import ip_interface
from json import dumps
h = repo.libs.hashable.hashable
repo.libs.bind.repo = repo
@ -168,7 +170,7 @@ def ns_records(metadata):
for nameserver in nameservers
}
}
for zone_name, zone_conf in view_conf['zones'].items()
for zone_name in view_conf['zones']
}
}
for view_name, view_conf in metadata.get('bind/views').items()

4
bundles/build-server/metadata.py
View file

@ -32,11 +32,11 @@ def agent_conf(metadata):
'build-server': {
'architectures': {
architecture: {
'ip': str(ip_interface(repo.get_node(conf['node']).metadata.get('network/internal/ipv4')).ip),
'ip': str(ip_interface(repo.get_node(conf['node']).metadata.get('network/internal_ipv4')).ip),
}
for architecture, conf in metadata.get('build-server/architectures').items()
},
'download_server_ip': str(ip_interface(download_server.metadata.get('network/internal/ipv4')).ip),
'download_server_ip': str(ip_interface(download_server.metadata.get('network/internal_ipv4')).ip),
},
}

4
bundles/hetzner-cloud/metadata.py
View file

@ -5,10 +5,10 @@ from ipaddress import ip_network, ip_interface
'systemd/units',
)
def network(metadata):
interface = ip_interface(metadata.get('network/internal/ipv4'))
interface = ip_interface(metadata.get('network/internal_ipv4'))
network = ip_interface(f'{interface.ip}/24').network
gateway = network[1]
return {
'systemd': {
'units': {

2
bundles/icinga2/items.py
View file

@ -256,7 +256,7 @@ for other_node in repo.nodes:
'context': {
'host_name': other_node.name,
'host_settings': {
'address': str(ip_interface(other_node.metadata.get('network/internal/ipv4', None) or other_node.metadata.get('wireguard/my_ip')).ip),
'address': str(ip_interface(other_node.metadata.get('network/internal_ipv4', None) or other_node.metadata.get('wireguard/my_ip')).ip),
},
'services': other_node.metadata.get('monitoring/services'),
},

2
bundles/letsencrypt/items.py
View file

@ -28,7 +28,7 @@ files = {
'/etc/dehydrated/hook.sh': {
'content_type': 'mako',
'context': {
'server': ip_interface(acme_node.metadata.get('network/internal/ipv4')).ip,
'server': ip_interface(acme_node.metadata.get('network/internal_ipv4')).ip,
'zone': acme_node.metadata.get('bind/acme_zone'),
'acme_key_name': 'acme',
'acme_key': acme_node.metadata.get('bind/views/external/keys/acme/token'),

57
bundles/network/metadata.py
View file

@ -5,34 +5,69 @@ defaults = {
}
@metadata_reactor.provides(
'network/internal_interface',
)
def internal_interface(metadata):
if (
metadata.get('network/interfaces/internal', None)
and not metadata.get('network/internal_interface', None)
):
return {
'network': {
'internal_interface': 'internal',
}
}
else:
return {}
@metadata_reactor.provides(
'network/internal_ipv4',
)
def internal_ipv4(metadata):
if (
metadata.get('network/internal_interface', None)
and not metadata.get('network/internal_ipv4', None)
):
internal_interface = metadata.get('network/internal_interface', None)
return {
'network': {
'internal_ipv4': metadata.get(f'network/interfaces/{internal_interface}/ipv4'),
}
}
else:
return {}
@metadata_reactor.provides(
'systemd/units',
)
def units(metadata):
units = {}
for type, network in metadata.get('network').items():
units[f'{type}.network'] = {
for name, conf in metadata.get('network/interfaces').items():
units[f'{name}.network'] = {
'Match': {
'Name': network['interface'],
'Name': conf['match'],
},
'Network': {
'DHCP': network.get('dhcp', 'no'),
'IPv6AcceptRA': network.get('dhcp', 'no'),
'DHCP': conf.get('dhcp', 'no'),
'IPv6AcceptRA': conf.get('dhcp', 'no'),
}
}
for i in [4, 6]:
if network.get(f'ipv{i}', None):
units[f'{type}.network'].update({
if conf.get(f'ipv{i}', None):
units[f'{name}.network'].update({
f'Address#ipv{i}': {
'Address': network[f'ipv{i}'],
'Address': conf[f'ipv{i}'],
},
})
if f'gateway{i}' in network:
units[f'{type}.network'].update({
if f'gateway{i}' in conf:
units[f'{name}.network'].update({
f'Route#ipv{i}': {
'Gateway': network[f'gateway{i}'],
'Gateway': conf[f'gateway{i}'],
'GatewayOnlink': 'yes',
}
})

4
bundles/ssh/items.py
View file

@ -29,10 +29,10 @@ files = {
'context': {
'multiplex_incoming': node.metadata.get('ssh/multiplex_incoming'),
'multiplex_hosts': set(
str(ip_interface(other_node.metadata.get('network/internal/ipv4')).ip)
str(ip_interface(other_node.metadata.get('network/internal_ipv4')).ip)
for other_node in repo.nodes
if other_node.has_bundle('ssh')
and other_node.metadata.get('network/internal/ipv4', None)
and other_node.metadata.get('network/internal_ipv4', None)
and other_node.metadata.get('ssh/multiplex_incoming')
),
},

6
bundles/wol-sleeper/metadata.py
View file

@ -48,8 +48,8 @@ defaults = {
)
def wake_command(metadata):
waker_hostname = repo.get_node(metadata.get('wol-sleeper/waker')).hostname
mac = metadata.get(f"network/{metadata.get('wol-sleeper/network')}/mac")
ip = ip_interface(metadata.get(f"network/{metadata.get('wol-sleeper/network')}/ipv4")).ip
mac = metadata.get(f"network/interfaces{metadata.get('wol-sleeper/network')}/mac")
ip = ip_interface(metadata.get(f"network/interfaces/{metadata.get('wol-sleeper/network')}/ipv4")).ip
return {
'wol-sleeper': {
@ -63,7 +63,7 @@ def wake_command(metadata):
'systemd/services/wakeonline-setup.service',
)
def systemd(metadata):
interface = metadata.get(f"network/{metadata.get('wol-sleeper/network')}/interface")
interface = metadata.get(f"network/interfaces/{metadata.get('wol-sleeper/network')}/match")
return {
'systemd': {

2
bundles/zfs-mirror/items.py
View file

@ -6,7 +6,7 @@ files = {
'content_type': 'mako',
'context': {
'server_ip': ip_interface(
repo.get_node(node.metadata.get('zfs-mirror/server')).metadata.get('network/internal/ipv4')
repo.get_node(node.metadata.get('zfs-mirror/server')).metadata.get('network/internal_ipv4')
).ip,
},
}

12
nodes/home.backups.py
View file

@ -17,11 +17,13 @@
'metadata': {
'id': '9cf52515-63a1-4659-a8ec-6c3c881727e5',
'network': {
'internal': {
'interface': 'enp0s31f6',
'ipv4': '10.0.0.5/24',
'gateway4': '10.0.0.1',
'mac': '4c:cc:6a:d5:96:f8',
'interfaces': {
'internal': {
'match': 'enp0s31f6',
'ipv4': '10.0.0.5/24',
'gateway4': '10.0.0.1',
'mac': '4c:cc:6a:d5:96:f8',
},
},
},
'backup-server': {

6
nodes/home.homematic.py
View file

@ -12,8 +12,10 @@
'metadata': {
'id': 'cc1c08ba-8a2e-4cda-9b82-1b88a940e8e8',
'network': {
'internal': {
'ipv4': '10.0.2.8/24',
'interfaces': {
'internal': {
'ipv4': '10.0.2.8/24',
},
},
},
'dns': {

10
nodes/home.openhab.py
View file

@ -19,10 +19,12 @@
'metadata': {
'id': '34199b24-4621-42f4-85ae-ec354f9c43e6',
'network': {
'internal': {
'interface': 'eth0',
'ipv4': '10.0.0.17/24',
'gateway4': '10.0.0.1',
'interfaces': {
'internal': {
'match': 'eth0',
'ipv4': '10.0.0.17/24',
'gateway4': '10.0.0.1',
},
},
},
'nginx': {

22
nodes/home.router.py
View file

@ -1,26 +1,30 @@
{
'hostname': '10.0.0.119',
'dummy': True,
'hostname': '10.0.0.120',
'groups': [
# system
'autologin',
'debian-11',
'hardware',
'home',
'monitored',
# application
],
'metadata': {
'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c',
'network': {
'interfaces': {
'internal': {
'interface': 'eno1',
'ipv4': '10.0.0.119/24',
'gateway4': '10.0.0.1',
'match': 'eno1',
'ipv4': {
'addresses': {'10.0.0.120/24'},
'gateway4': '10.0.0.1',
},
},
'exernal': {
'interface': 'enx00e04c00135b',
'mac': '00:e0:4c:00:13:5b',
'wan': {
'match': 'enx00e04c00135b',
'dhcp': 'yes',
},
},
'network': {
},
},
}

10
nodes/home.server.py
View file

@ -40,10 +40,12 @@
'metadata': {
'id': 'af96709e-b13f-4965-a588-ef2cd476437a',
'network': {
'internal': {
'interface': 'enp42s0',
'ipv4': '10.0.0.2/24',
'gateway4': '10.0.0.1',
'interfaces': {
'internal': {
'match': 'enp42s0',
'ipv4': '10.0.0.2/24',
'gateway4': '10.0.0.1',
},
},
},
'build-server': {

20
nodes/home.stromzaehler.py
View file

@ -14,15 +14,17 @@
'metadata': {
'id': 'dd521b8a-dc03-43f5-b29f-068f948ba3b8',
'network': {
'internal': {
'interface': 'eth0',
'ipv4': '10.0.0.15/24',
'gateway4': '10.0.0.1',
},
'wlan': {
'interface': 'wlan0',
'ipv4': '10.0.0.16/24',
'gateway4': '10.0.0.1',
'interfaces': {
'internal': {
'match': 'eth0',
'ipv4': '10.0.0.15/24',
'gateway4': '10.0.0.1',
},
'wlan': {
'match': 'wlan0',
'ipv4': '10.0.0.16/24',
'gateway4': '10.0.0.1',
},
},
},
'stromzaehler': {

22
nodes/htz.games.py
View file

@ -35,17 +35,19 @@
},
'id': '353bb086-f3ce-4f36-8533-e91786c91ed9',
'network': {
'internal': {
'interface': 'ens10',
'ipv4': '10.0.10.3/32',
'interfaces': {
'internal': {
'match': 'ens10',
'ipv4': '10.0.10.3/32',
},
'external': {
'match': 'eth0',
'ipv4': '159.69.93.165/32',
'ipv6': '2a01:4f8:c2c:867::2/64',
'gateway4': '172.31.1.1',
'gateway6': 'fe80::1',
},
},
'external': {
'interface': 'eth0',
'ipv4': '159.69.93.165/32',
'ipv6': '2a01:4f8:c2c:867::2/64',
'gateway4': '172.31.1.1',
'gateway6': 'fe80::1',
}
},
'minecraft': {
'download': 'https://launcher.mojang.com/v1/objects/a16d67e5807f57fc4e550299cf20226194497dc2/server.jar',

22
nodes/netcup.mails.py
View file

@ -23,17 +23,19 @@
'metadata': {
'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae',
'network': {
'internal': {
'interface': 'eth1',
'ipv4': '10.0.11.3/24',
'interfaces': {
'internal': {
'match': 'eth1',
'ipv4': '10.0.11.3/24',
},
'external': {
'match': 'eth0',
'ipv4': '202.61.255.108/22',
'gateway4': '202.61.252.1',
'ipv6': '2a03:4000:55:a89::1/64',
'gateway6': 'fe80::1',
},
},
'external': {
'interface': 'eth0',
'ipv4': '202.61.255.108/22',
'gateway4': '202.61.252.1',
'ipv6': '2a03:4000:55:a89::1/64',
'gateway6': 'fe80::1',
}
},
'bind': {
'hostname': 'resolver.name',

14
nodes/ovh.secondary.py
View file

@ -11,12 +11,14 @@
'metadata': {
'id': 'd5080b1a-b310-48be-bd5a-02cfcecf0c90',
'network': {
'external': {
'interface': 'ens3',
'ipv4': '135.125.239.125/32',
'gateway4': '135.125.238.1',
'ipv6': '2001:41d0:701:1100::3dea/56',
'gateway6': '2001:41d0:701:1100::1',
'interfaces': {
'external': {
'match': 'ens3',
'ipv4': '135.125.239.125/32',
'gateway4': '135.125.238.1',
'ipv6': '2001:41d0:701:1100::3dea/56',
'gateway6': '2001:41d0:701:1100::1',
},
},
},
'bind': {

10
nodes/wb.offsite-backups.py
View file

@ -15,10 +15,12 @@
'metadata': {
'id': '23b898bd-203b-42d5-8150-cdb459915d77',
'network': {
'internal': {
'interface': 'eth0',
'ipv4': '192.168.179.20/24',
'gateway4': '192.168.179.1',
'interfaces': {
'internal': {
'match': 'eth0',
'ipv4': '192.168.179.20/24',
'gateway4': '192.168.179.1',
},
},
},
'backup-freshness-check': {