From 0ededceea41f85604eab6f69bfe05eb242f9c559 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Tue, 25 Apr 2023 00:18:04 +0200 Subject: [PATCH] wip --- bin/wireguard_client_config | 2 +- bundles/bind-acme/metadata.py | 8 ++--- bundles/bind/metadata.py | 4 ++- bundles/build-server/metadata.py | 4 +-- bundles/hetzner-cloud/metadata.py | 4 +-- bundles/icinga2/items.py | 2 +- bundles/letsencrypt/items.py | 2 +- bundles/network/metadata.py | 57 +++++++++++++++++++++++++------ bundles/ssh/items.py | 4 +-- bundles/wol-sleeper/metadata.py | 6 ++-- bundles/zfs-mirror/items.py | 2 +- nodes/home.backups.py | 12 ++++--- nodes/home.homematic.py | 6 ++-- nodes/home.openhab.py | 10 +++--- nodes/home.router.py | 22 +++++++----- nodes/home.server.py | 10 +++--- nodes/home.stromzaehler.py | 20 ++++++----- nodes/htz.games.py | 22 ++++++------ nodes/netcup.mails.py | 22 ++++++------ nodes/ovh.secondary.py | 14 ++++---- nodes/wb.offsite-backups.py | 10 +++--- 21 files changed, 151 insertions(+), 92 deletions(-) diff --git a/bin/wireguard_client_config b/bin/wireguard_client_config index ff81703..55274d5 100755 --- a/bin/wireguard_client_config +++ b/bin/wireguard_client_config @@ -13,7 +13,7 @@ data = server_node.metadata.get(f'wireguard/clients/{argv[2]}') vpn_network = ip_interface(server_node.metadata.get('wireguard/my_ip')).network allowed_ips = [ vpn_network, - ip_interface(server_node.metadata.get('network/internal/ipv4')).network, + ip_interface(server_node.metadata.get('network/internal_ipv4')).network, ] for peer in server_node.metadata.get('wireguard/s2s').values(): for network in peer['allowed_ips']: diff --git a/bundles/bind-acme/metadata.py b/bundles/bind-acme/metadata.py index eae945f..812b330 100644 --- a/bundles/bind-acme/metadata.py +++ b/bundles/bind-acme/metadata.py @@ -6,12 +6,12 @@ from ipaddress import ip_interface ) def acme_records(metadata): domains = set() - + for other_node in repo.nodes: for domain, conf in other_node.metadata.get('letsencrypt/domains', {}).items(): domains.add(domain) domains.update(conf.get('aliases', [])) - + return { 'dns': { f'_acme-challenge.{domain}': { @@ -30,7 +30,7 @@ def acme_records(metadata): def acme_zone(metadata): allowed_ips = { *{ - str(ip_interface(other_node.metadata.get('network/internal/ipv4')).ip) + str(ip_interface(other_node.metadata.get('network/internal_ipv4')).ip) for other_node in repo.nodes if other_node.metadata.get('letsencrypt/domains', {}) }, @@ -40,7 +40,7 @@ def acme_zone(metadata): if other_node.has_bundle('wireguard') }, } - + return { 'bind': { 'acls': { diff --git a/bundles/bind/metadata.py b/bundles/bind/metadata.py index 56155fc..1650214 100644 --- a/bundles/bind/metadata.py +++ b/bundles/bind/metadata.py @@ -1,5 +1,7 @@ from ipaddress import ip_interface from json import dumps + + h = repo.libs.hashable.hashable repo.libs.bind.repo = repo @@ -168,7 +170,7 @@ def ns_records(metadata): for nameserver in nameservers } } - for zone_name, zone_conf in view_conf['zones'].items() + for zone_name in view_conf['zones'] } } for view_name, view_conf in metadata.get('bind/views').items() diff --git a/bundles/build-server/metadata.py b/bundles/build-server/metadata.py index 49ec4d7..1b588f0 100644 --- a/bundles/build-server/metadata.py +++ b/bundles/build-server/metadata.py @@ -32,11 +32,11 @@ def agent_conf(metadata): 'build-server': { 'architectures': { architecture: { - 'ip': str(ip_interface(repo.get_node(conf['node']).metadata.get('network/internal/ipv4')).ip), + 'ip': str(ip_interface(repo.get_node(conf['node']).metadata.get('network/internal_ipv4')).ip), } for architecture, conf in metadata.get('build-server/architectures').items() }, - 'download_server_ip': str(ip_interface(download_server.metadata.get('network/internal/ipv4')).ip), + 'download_server_ip': str(ip_interface(download_server.metadata.get('network/internal_ipv4')).ip), }, } diff --git a/bundles/hetzner-cloud/metadata.py b/bundles/hetzner-cloud/metadata.py index 8484ddf..bcfcc02 100644 --- a/bundles/hetzner-cloud/metadata.py +++ b/bundles/hetzner-cloud/metadata.py @@ -5,10 +5,10 @@ from ipaddress import ip_network, ip_interface 'systemd/units', ) def network(metadata): - interface = ip_interface(metadata.get('network/internal/ipv4')) + interface = ip_interface(metadata.get('network/internal_ipv4')) network = ip_interface(f'{interface.ip}/24').network gateway = network[1] - + return { 'systemd': { 'units': { diff --git a/bundles/icinga2/items.py b/bundles/icinga2/items.py index 861dc1f..99d50ed 100644 --- a/bundles/icinga2/items.py +++ b/bundles/icinga2/items.py @@ -256,7 +256,7 @@ for other_node in repo.nodes: 'context': { 'host_name': other_node.name, 'host_settings': { - 'address': str(ip_interface(other_node.metadata.get('network/internal/ipv4', None) or other_node.metadata.get('wireguard/my_ip')).ip), + 'address': str(ip_interface(other_node.metadata.get('network/internal_ipv4', None) or other_node.metadata.get('wireguard/my_ip')).ip), }, 'services': other_node.metadata.get('monitoring/services'), }, diff --git a/bundles/letsencrypt/items.py b/bundles/letsencrypt/items.py index ff28e68..edff6fe 100644 --- a/bundles/letsencrypt/items.py +++ b/bundles/letsencrypt/items.py @@ -28,7 +28,7 @@ files = { '/etc/dehydrated/hook.sh': { 'content_type': 'mako', 'context': { - 'server': ip_interface(acme_node.metadata.get('network/internal/ipv4')).ip, + 'server': ip_interface(acme_node.metadata.get('network/internal_ipv4')).ip, 'zone': acme_node.metadata.get('bind/acme_zone'), 'acme_key_name': 'acme', 'acme_key': acme_node.metadata.get('bind/views/external/keys/acme/token'), diff --git a/bundles/network/metadata.py b/bundles/network/metadata.py index e9c552f..2796126 100644 --- a/bundles/network/metadata.py +++ b/bundles/network/metadata.py @@ -5,34 +5,69 @@ defaults = { } +@metadata_reactor.provides( + 'network/internal_interface', +) +def internal_interface(metadata): + if ( + metadata.get('network/interfaces/internal', None) + and not metadata.get('network/internal_interface', None) + ): + return { + 'network': { + 'internal_interface': 'internal', + } + } + else: + return {} + + +@metadata_reactor.provides( + 'network/internal_ipv4', +) +def internal_ipv4(metadata): + if ( + metadata.get('network/internal_interface', None) + and not metadata.get('network/internal_ipv4', None) + ): + internal_interface = metadata.get('network/internal_interface', None) + return { + 'network': { + 'internal_ipv4': metadata.get(f'network/interfaces/{internal_interface}/ipv4'), + } + } + else: + return {} + + @metadata_reactor.provides( 'systemd/units', ) def units(metadata): units = {} - for type, network in metadata.get('network').items(): - units[f'{type}.network'] = { + for name, conf in metadata.get('network/interfaces').items(): + units[f'{name}.network'] = { 'Match': { - 'Name': network['interface'], + 'Name': conf['match'], }, 'Network': { - 'DHCP': network.get('dhcp', 'no'), - 'IPv6AcceptRA': network.get('dhcp', 'no'), + 'DHCP': conf.get('dhcp', 'no'), + 'IPv6AcceptRA': conf.get('dhcp', 'no'), } } for i in [4, 6]: - if network.get(f'ipv{i}', None): - units[f'{type}.network'].update({ + if conf.get(f'ipv{i}', None): + units[f'{name}.network'].update({ f'Address#ipv{i}': { - 'Address': network[f'ipv{i}'], + 'Address': conf[f'ipv{i}'], }, }) - if f'gateway{i}' in network: - units[f'{type}.network'].update({ + if f'gateway{i}' in conf: + units[f'{name}.network'].update({ f'Route#ipv{i}': { - 'Gateway': network[f'gateway{i}'], + 'Gateway': conf[f'gateway{i}'], 'GatewayOnlink': 'yes', } }) diff --git a/bundles/ssh/items.py b/bundles/ssh/items.py index 49402ce..96dbb2c 100644 --- a/bundles/ssh/items.py +++ b/bundles/ssh/items.py @@ -29,10 +29,10 @@ files = { 'context': { 'multiplex_incoming': node.metadata.get('ssh/multiplex_incoming'), 'multiplex_hosts': set( - str(ip_interface(other_node.metadata.get('network/internal/ipv4')).ip) + str(ip_interface(other_node.metadata.get('network/internal_ipv4')).ip) for other_node in repo.nodes if other_node.has_bundle('ssh') - and other_node.metadata.get('network/internal/ipv4', None) + and other_node.metadata.get('network/internal_ipv4', None) and other_node.metadata.get('ssh/multiplex_incoming') ), }, diff --git a/bundles/wol-sleeper/metadata.py b/bundles/wol-sleeper/metadata.py index 0e056dc..2c9923c 100644 --- a/bundles/wol-sleeper/metadata.py +++ b/bundles/wol-sleeper/metadata.py @@ -48,8 +48,8 @@ defaults = { ) def wake_command(metadata): waker_hostname = repo.get_node(metadata.get('wol-sleeper/waker')).hostname - mac = metadata.get(f"network/{metadata.get('wol-sleeper/network')}/mac") - ip = ip_interface(metadata.get(f"network/{metadata.get('wol-sleeper/network')}/ipv4")).ip + mac = metadata.get(f"network/interfaces{metadata.get('wol-sleeper/network')}/mac") + ip = ip_interface(metadata.get(f"network/interfaces/{metadata.get('wol-sleeper/network')}/ipv4")).ip return { 'wol-sleeper': { @@ -63,7 +63,7 @@ def wake_command(metadata): 'systemd/services/wakeonline-setup.service', ) def systemd(metadata): - interface = metadata.get(f"network/{metadata.get('wol-sleeper/network')}/interface") + interface = metadata.get(f"network/interfaces/{metadata.get('wol-sleeper/network')}/match") return { 'systemd': { diff --git a/bundles/zfs-mirror/items.py b/bundles/zfs-mirror/items.py index de3c61a..b870b49 100644 --- a/bundles/zfs-mirror/items.py +++ b/bundles/zfs-mirror/items.py @@ -6,7 +6,7 @@ files = { 'content_type': 'mako', 'context': { 'server_ip': ip_interface( - repo.get_node(node.metadata.get('zfs-mirror/server')).metadata.get('network/internal/ipv4') + repo.get_node(node.metadata.get('zfs-mirror/server')).metadata.get('network/internal_ipv4') ).ip, }, } diff --git a/nodes/home.backups.py b/nodes/home.backups.py index f804828..7573ba7 100644 --- a/nodes/home.backups.py +++ b/nodes/home.backups.py @@ -17,11 +17,13 @@ 'metadata': { 'id': '9cf52515-63a1-4659-a8ec-6c3c881727e5', 'network': { - 'internal': { - 'interface': 'enp0s31f6', - 'ipv4': '10.0.0.5/24', - 'gateway4': '10.0.0.1', - 'mac': '4c:cc:6a:d5:96:f8', + 'interfaces': { + 'internal': { + 'match': 'enp0s31f6', + 'ipv4': '10.0.0.5/24', + 'gateway4': '10.0.0.1', + 'mac': '4c:cc:6a:d5:96:f8', + }, }, }, 'backup-server': { diff --git a/nodes/home.homematic.py b/nodes/home.homematic.py index 5b9357e..8f32d2d 100644 --- a/nodes/home.homematic.py +++ b/nodes/home.homematic.py @@ -12,8 +12,10 @@ 'metadata': { 'id': 'cc1c08ba-8a2e-4cda-9b82-1b88a940e8e8', 'network': { - 'internal': { - 'ipv4': '10.0.2.8/24', + 'interfaces': { + 'internal': { + 'ipv4': '10.0.2.8/24', + }, }, }, 'dns': { diff --git a/nodes/home.openhab.py b/nodes/home.openhab.py index b34280c..07e705f 100644 --- a/nodes/home.openhab.py +++ b/nodes/home.openhab.py @@ -19,10 +19,12 @@ 'metadata': { 'id': '34199b24-4621-42f4-85ae-ec354f9c43e6', 'network': { - 'internal': { - 'interface': 'eth0', - 'ipv4': '10.0.0.17/24', - 'gateway4': '10.0.0.1', + 'interfaces': { + 'internal': { + 'match': 'eth0', + 'ipv4': '10.0.0.17/24', + 'gateway4': '10.0.0.1', + }, }, }, 'nginx': { diff --git a/nodes/home.router.py b/nodes/home.router.py index 9ddff49..777138d 100644 --- a/nodes/home.router.py +++ b/nodes/home.router.py @@ -1,26 +1,30 @@ { - 'hostname': '10.0.0.119', - 'dummy': True, + 'hostname': '10.0.0.120', 'groups': [ + # system 'autologin', 'debian-11', 'hardware', 'home', 'monitored', + # application ], 'metadata': { 'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c', - 'network': { + 'interfaces': { 'internal': { - 'interface': 'eno1', - 'ipv4': '10.0.0.119/24', - 'gateway4': '10.0.0.1', + 'match': 'eno1', + 'ipv4': { + 'addresses': {'10.0.0.120/24'}, + 'gateway4': '10.0.0.1', + }, }, - 'exernal': { - 'interface': 'enx00e04c00135b', - 'mac': '00:e0:4c:00:13:5b', + 'wan': { + 'match': 'enx00e04c00135b', 'dhcp': 'yes', }, }, + 'network': { + }, }, } diff --git a/nodes/home.server.py b/nodes/home.server.py index 56fca00..a9a688c 100644 --- a/nodes/home.server.py +++ b/nodes/home.server.py @@ -40,10 +40,12 @@ 'metadata': { 'id': 'af96709e-b13f-4965-a588-ef2cd476437a', 'network': { - 'internal': { - 'interface': 'enp42s0', - 'ipv4': '10.0.0.2/24', - 'gateway4': '10.0.0.1', + 'interfaces': { + 'internal': { + 'match': 'enp42s0', + 'ipv4': '10.0.0.2/24', + 'gateway4': '10.0.0.1', + }, }, }, 'build-server': { diff --git a/nodes/home.stromzaehler.py b/nodes/home.stromzaehler.py index 3c6c68b..1b09e5f 100644 --- a/nodes/home.stromzaehler.py +++ b/nodes/home.stromzaehler.py @@ -14,15 +14,17 @@ 'metadata': { 'id': 'dd521b8a-dc03-43f5-b29f-068f948ba3b8', 'network': { - 'internal': { - 'interface': 'eth0', - 'ipv4': '10.0.0.15/24', - 'gateway4': '10.0.0.1', - }, - 'wlan': { - 'interface': 'wlan0', - 'ipv4': '10.0.0.16/24', - 'gateway4': '10.0.0.1', + 'interfaces': { + 'internal': { + 'match': 'eth0', + 'ipv4': '10.0.0.15/24', + 'gateway4': '10.0.0.1', + }, + 'wlan': { + 'match': 'wlan0', + 'ipv4': '10.0.0.16/24', + 'gateway4': '10.0.0.1', + }, }, }, 'stromzaehler': { diff --git a/nodes/htz.games.py b/nodes/htz.games.py index ea6b19d..6555729 100644 --- a/nodes/htz.games.py +++ b/nodes/htz.games.py @@ -35,17 +35,19 @@ }, 'id': '353bb086-f3ce-4f36-8533-e91786c91ed9', 'network': { - 'internal': { - 'interface': 'ens10', - 'ipv4': '10.0.10.3/32', + 'interfaces': { + 'internal': { + 'match': 'ens10', + 'ipv4': '10.0.10.3/32', + }, + 'external': { + 'match': 'eth0', + 'ipv4': '159.69.93.165/32', + 'ipv6': '2a01:4f8:c2c:867::2/64', + 'gateway4': '172.31.1.1', + 'gateway6': 'fe80::1', + }, }, - 'external': { - 'interface': 'eth0', - 'ipv4': '159.69.93.165/32', - 'ipv6': '2a01:4f8:c2c:867::2/64', - 'gateway4': '172.31.1.1', - 'gateway6': 'fe80::1', - } }, 'minecraft': { 'download': 'https://launcher.mojang.com/v1/objects/a16d67e5807f57fc4e550299cf20226194497dc2/server.jar', diff --git a/nodes/netcup.mails.py b/nodes/netcup.mails.py index f48d2af..6d99cc3 100644 --- a/nodes/netcup.mails.py +++ b/nodes/netcup.mails.py @@ -23,17 +23,19 @@ 'metadata': { 'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae', 'network': { - 'internal': { - 'interface': 'eth1', - 'ipv4': '10.0.11.3/24', + 'interfaces': { + 'internal': { + 'match': 'eth1', + 'ipv4': '10.0.11.3/24', + }, + 'external': { + 'match': 'eth0', + 'ipv4': '202.61.255.108/22', + 'gateway4': '202.61.252.1', + 'ipv6': '2a03:4000:55:a89::1/64', + 'gateway6': 'fe80::1', + }, }, - 'external': { - 'interface': 'eth0', - 'ipv4': '202.61.255.108/22', - 'gateway4': '202.61.252.1', - 'ipv6': '2a03:4000:55:a89::1/64', - 'gateway6': 'fe80::1', - } }, 'bind': { 'hostname': 'resolver.name', diff --git a/nodes/ovh.secondary.py b/nodes/ovh.secondary.py index 02ddf40..506cae3 100644 --- a/nodes/ovh.secondary.py +++ b/nodes/ovh.secondary.py @@ -11,12 +11,14 @@ 'metadata': { 'id': 'd5080b1a-b310-48be-bd5a-02cfcecf0c90', 'network': { - 'external': { - 'interface': 'ens3', - 'ipv4': '135.125.239.125/32', - 'gateway4': '135.125.238.1', - 'ipv6': '2001:41d0:701:1100::3dea/56', - 'gateway6': '2001:41d0:701:1100::1', + 'interfaces': { + 'external': { + 'match': 'ens3', + 'ipv4': '135.125.239.125/32', + 'gateway4': '135.125.238.1', + 'ipv6': '2001:41d0:701:1100::3dea/56', + 'gateway6': '2001:41d0:701:1100::1', + }, }, }, 'bind': { diff --git a/nodes/wb.offsite-backups.py b/nodes/wb.offsite-backups.py index 3948c41..cdc3bc7 100644 --- a/nodes/wb.offsite-backups.py +++ b/nodes/wb.offsite-backups.py @@ -15,10 +15,12 @@ 'metadata': { 'id': '23b898bd-203b-42d5-8150-cdb459915d77', 'network': { - 'internal': { - 'interface': 'eth0', - 'ipv4': '192.168.179.20/24', - 'gateway4': '192.168.179.1', + 'interfaces': { + 'internal': { + 'match': 'eth0', + 'ipv4': '192.168.179.20/24', + 'gateway4': '192.168.179.1', + }, }, }, 'backup-freshness-check': {