cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
cronekorkn 2023-04-25 00:18:04 +02:00
parent 5fa4969cfe
commit 0ededceea4
Signed by: cronekorkn
SSH key fingerprint: SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
21 changed files with 151 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bin/wireguard_client_config
View file

@ -13,7 +13,7 @@ data = server_node.metadata.get(f'wireguard/clients/{argv[2]}')
vpn_network = ip_interface(server_node.metadata.get('wireguard/my_ip')).network vpn_network = ip_interface(server_node.metadata.get('wireguard/my_ip')).network
allowed_ips = [ allowed_ips = [
vpn_network, vpn_network,
ip_interface(server_node.metadata.get('network/internal/ipv4')).network, ip_interface(server_node.metadata.get('network/internal_ipv4')).network,
] ]
for peer in server_node.metadata.get('wireguard/s2s').values(): for peer in server_node.metadata.get('wireguard/s2s').values():
for network in peer['allowed_ips']: for network in peer['allowed_ips']:

8
bundles/bind-acme/metadata.py
View file

@ -6,12 +6,12 @@ from ipaddress import ip_interface
) )
def acme_records(metadata): def acme_records(metadata):
domains = set() domains = set()
for other_node in repo.nodes: for other_node in repo.nodes:
for domain, conf in other_node.metadata.get('letsencrypt/domains', {}).items(): for domain, conf in other_node.metadata.get('letsencrypt/domains', {}).items():
domains.add(domain) domains.add(domain)
domains.update(conf.get('aliases', [])) domains.update(conf.get('aliases', []))
return { return {
'dns': { 'dns': {
f'_acme-challenge.{domain}': { f'_acme-challenge.{domain}': {
@ -30,7 +30,7 @@ def acme_records(metadata):
def acme_zone(metadata): def acme_zone(metadata):
allowed_ips = { allowed_ips = {
*{ *{
str(ip_interface(other_node.metadata.get('network/internal/ipv4')).ip) str(ip_interface(other_node.metadata.get('network/internal_ipv4')).ip)
for other_node in repo.nodes for other_node in repo.nodes
if other_node.metadata.get('letsencrypt/domains', {}) if other_node.metadata.get('letsencrypt/domains', {})
}, },
@ -40,7 +40,7 @@ def acme_zone(metadata):
if other_node.has_bundle('wireguard') if other_node.has_bundle('wireguard')
}, },
} }
return { return {
'bind': { 'bind': {
'acls': { 'acls': {

4
bundles/bind/metadata.py
View file

@ -1,5 +1,7 @@
from ipaddress import ip_interface from ipaddress import ip_interface
from json import dumps from json import dumps
h = repo.libs.hashable.hashable h = repo.libs.hashable.hashable
repo.libs.bind.repo = repo repo.libs.bind.repo = repo
@ -168,7 +170,7 @@ def ns_records(metadata):
for nameserver in nameservers for nameserver in nameservers
} }
} }
for zone_name, zone_conf in view_conf['zones'].items() for zone_name in view_conf['zones']
} }
} }
for view_name, view_conf in metadata.get('bind/views').items() for view_name, view_conf in metadata.get('bind/views').items()

4
bundles/build-server/metadata.py
View file

@ -32,11 +32,11 @@ def agent_conf(metadata):
'build-server': { 'build-server': {
'architectures': { 'architectures': {
architecture: { architecture: {
'ip': str(ip_interface(repo.get_node(conf['node']).metadata.get('network/internal/ipv4')).ip), 'ip': str(ip_interface(repo.get_node(conf['node']).metadata.get('network/internal_ipv4')).ip),
} }
for architecture, conf in metadata.get('build-server/architectures').items() for architecture, conf in metadata.get('build-server/architectures').items()
}, },
'download_server_ip': str(ip_interface(download_server.metadata.get('network/internal/ipv4')).ip), 'download_server_ip': str(ip_interface(download_server.metadata.get('network/internal_ipv4')).ip),
}, },
} }

4
bundles/hetzner-cloud/metadata.py
View file

@ -5,10 +5,10 @@ from ipaddress import ip_network, ip_interface
'systemd/units', 'systemd/units',
) )
def network(metadata): def network(metadata):
interface = ip_interface(metadata.get('network/internal/ipv4')) interface = ip_interface(metadata.get('network/internal_ipv4'))
network = ip_interface(f'{interface.ip}/24').network network = ip_interface(f'{interface.ip}/24').network
gateway = network[1] gateway = network[1]
return { return {
'systemd': { 'systemd': {
'units': { 'units': {

2
bundles/icinga2/items.py
View file

@ -256,7 +256,7 @@ for other_node in repo.nodes:
'context': { 'context': {
'host_name': other_node.name, 'host_name': other_node.name,
'host_settings': { 'host_settings': {
'address': str(ip_interface(other_node.metadata.get('network/internal/ipv4', None) or other_node.metadata.get('wireguard/my_ip')).ip), 'address': str(ip_interface(other_node.metadata.get('network/internal_ipv4', None) or other_node.metadata.get('wireguard/my_ip')).ip),
}, },
'services': other_node.metadata.get('monitoring/services'), 'services': other_node.metadata.get('monitoring/services'),
}, },

2
bundles/letsencrypt/items.py
View file

@ -28,7 +28,7 @@ files = {
'/etc/dehydrated/hook.sh': { '/etc/dehydrated/hook.sh': {
'content_type': 'mako', 'content_type': 'mako',
'context': { 'context': {
'server': ip_interface(acme_node.metadata.get('network/internal/ipv4')).ip, 'server': ip_interface(acme_node.metadata.get('network/internal_ipv4')).ip,
'zone': acme_node.metadata.get('bind/acme_zone'), 'zone': acme_node.metadata.get('bind/acme_zone'),
'acme_key_name': 'acme', 'acme_key_name': 'acme',
'acme_key': acme_node.metadata.get('bind/views/external/keys/acme/token'), 'acme_key': acme_node.metadata.get('bind/views/external/keys/acme/token'),

57
bundles/network/metadata.py
View file

@ -5,34 +5,69 @@ defaults = {
} }
@metadata_reactor.provides(
'network/internal_interface',
)
def internal_interface(metadata):
if (
metadata.get('network/interfaces/internal', None)
and not metadata.get('network/internal_interface', None)
):
return {
'network': {
'internal_interface': 'internal',
}
}
else:
return {}
@metadata_reactor.provides(
'network/internal_ipv4',
)
def internal_ipv4(metadata):
if (
metadata.get('network/internal_interface', None)
and not metadata.get('network/internal_ipv4', None)
):
internal_interface = metadata.get('network/internal_interface', None)
return {
'network': {
'internal_ipv4': metadata.get(f'network/interfaces/{internal_interface}/ipv4'),
}
}
else:
return {}
@metadata_reactor.provides( @metadata_reactor.provides(
'systemd/units', 'systemd/units',
) )
def units(metadata): def units(metadata):
units = {} units = {}
for type, network in metadata.get('network').items(): for name, conf in metadata.get('network/interfaces').items():
units[f'{type}.network'] = { units[f'{name}.network'] = {
'Match': { 'Match': {
'Name': network['interface'], 'Name': conf['match'],
}, },
'Network': { 'Network': {
'DHCP': network.get('dhcp', 'no'), 'DHCP': conf.get('dhcp', 'no'),
'IPv6AcceptRA': network.get('dhcp', 'no'), 'IPv6AcceptRA': conf.get('dhcp', 'no'),
} }
} }
for i in [4, 6]: for i in [4, 6]:
if network.get(f'ipv{i}', None): if conf.get(f'ipv{i}', None):
units[f'{type}.network'].update({ units[f'{name}.network'].update({
f'Address#ipv{i}': { f'Address#ipv{i}': {
'Address': network[f'ipv{i}'], 'Address': conf[f'ipv{i}'],
}, },
}) })
if f'gateway{i}' in network: if f'gateway{i}' in conf:
units[f'{type}.network'].update({ units[f'{name}.network'].update({
f'Route#ipv{i}': { f'Route#ipv{i}': {
'Gateway': network[f'gateway{i}'], 'Gateway': conf[f'gateway{i}'],
'GatewayOnlink': 'yes', 'GatewayOnlink': 'yes',
} }
}) })

4
bundles/ssh/items.py
View file

@ -29,10 +29,10 @@ files = {
'context': { 'context': {
'multiplex_incoming': node.metadata.get('ssh/multiplex_incoming'), 'multiplex_incoming': node.metadata.get('ssh/multiplex_incoming'),
'multiplex_hosts': set( 'multiplex_hosts': set(
str(ip_interface(other_node.metadata.get('network/internal/ipv4')).ip) str(ip_interface(other_node.metadata.get('network/internal_ipv4')).ip)
for other_node in repo.nodes for other_node in repo.nodes
if other_node.has_bundle('ssh') if other_node.has_bundle('ssh')
and other_node.metadata.get('network/internal/ipv4', None) and other_node.metadata.get('network/internal_ipv4', None)
and other_node.metadata.get('ssh/multiplex_incoming') and other_node.metadata.get('ssh/multiplex_incoming')
), ),
}, },

6
bundles/wol-sleeper/metadata.py
View file

@ -48,8 +48,8 @@ defaults = {
) )
def wake_command(metadata): def wake_command(metadata):
waker_hostname = repo.get_node(metadata.get('wol-sleeper/waker')).hostname waker_hostname = repo.get_node(metadata.get('wol-sleeper/waker')).hostname
mac = metadata.get(f"network/{metadata.get('wol-sleeper/network')}/mac") mac = metadata.get(f"network/interfaces{metadata.get('wol-sleeper/network')}/mac")
ip = ip_interface(metadata.get(f"network/{metadata.get('wol-sleeper/network')}/ipv4")).ip ip = ip_interface(metadata.get(f"network/interfaces/{metadata.get('wol-sleeper/network')}/ipv4")).ip
return { return {
'wol-sleeper': { 'wol-sleeper': {
@ -63,7 +63,7 @@ def wake_command(metadata):
'systemd/services/wakeonline-setup.service', 'systemd/services/wakeonline-setup.service',
) )
def systemd(metadata): def systemd(metadata):
interface = metadata.get(f"network/{metadata.get('wol-sleeper/network')}/interface") interface = metadata.get(f"network/interfaces/{metadata.get('wol-sleeper/network')}/match")
return { return {
'systemd': { 'systemd': {

2
bundles/zfs-mirror/items.py
View file

@ -6,7 +6,7 @@ files = {
'content_type': 'mako', 'content_type': 'mako',
'context': { 'context': {
'server_ip': ip_interface( 'server_ip': ip_interface(
repo.get_node(node.metadata.get('zfs-mirror/server')).metadata.get('network/internal/ipv4') repo.get_node(node.metadata.get('zfs-mirror/server')).metadata.get('network/internal_ipv4')
).ip, ).ip,
}, },
} }

12
nodes/home.backups.py
View file

@ -17,11 +17,13 @@
'metadata': { 'metadata': {
'id': '9cf52515-63a1-4659-a8ec-6c3c881727e5', 'id': '9cf52515-63a1-4659-a8ec-6c3c881727e5',
'network': { 'network': {
'internal': { 'interfaces': {
'interface': 'enp0s31f6', 'internal': {
'ipv4': '10.0.0.5/24', 'match': 'enp0s31f6',
'gateway4': '10.0.0.1', 'ipv4': '10.0.0.5/24',
'mac': '4c:cc:6a:d5:96:f8', 'gateway4': '10.0.0.1',
'mac': '4c:cc:6a:d5:96:f8',
},
}, },
}, },
'backup-server': { 'backup-server': {

6
nodes/home.homematic.py
View file

@ -12,8 +12,10 @@
'metadata': { 'metadata': {
'id': 'cc1c08ba-8a2e-4cda-9b82-1b88a940e8e8', 'id': 'cc1c08ba-8a2e-4cda-9b82-1b88a940e8e8',
'network': { 'network': {
'internal': { 'interfaces': {
'ipv4': '10.0.2.8/24', 'internal': {
'ipv4': '10.0.2.8/24',
},
}, },
}, },
'dns': { 'dns': {

10
nodes/home.openhab.py
View file

@ -19,10 +19,12 @@
'metadata': { 'metadata': {
'id': '34199b24-4621-42f4-85ae-ec354f9c43e6', 'id': '34199b24-4621-42f4-85ae-ec354f9c43e6',
'network': { 'network': {
'internal': { 'interfaces': {
'interface': 'eth0', 'internal': {
'ipv4': '10.0.0.17/24', 'match': 'eth0',
'gateway4': '10.0.0.1', 'ipv4': '10.0.0.17/24',
'gateway4': '10.0.0.1',
},
}, },
}, },
'nginx': { 'nginx': {

22
nodes/home.router.py
View file

@ -1,26 +1,30 @@
{ {
'hostname': '10.0.0.119', 'hostname': '10.0.0.120',
'dummy': True,
'groups': [ 'groups': [
# system
'autologin', 'autologin',
'debian-11', 'debian-11',
'hardware', 'hardware',
'home', 'home',
'monitored', 'monitored',
# application
], ],
'metadata': { 'metadata': {
'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c', 'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c',
'network': { 'interfaces': {
'internal': { 'internal': {
'interface': 'eno1', 'match': 'eno1',
'ipv4': '10.0.0.119/24', 'ipv4': {
'gateway4': '10.0.0.1', 'addresses': {'10.0.0.120/24'},
'gateway4': '10.0.0.1',
},
}, },
'exernal': { 'wan': {
'interface': 'enx00e04c00135b', 'match': 'enx00e04c00135b',
'mac': '00:e0:4c:00:13:5b',
'dhcp': 'yes', 'dhcp': 'yes',
}, },
}, },
'network': {
},
}, },
} }

10
nodes/home.server.py
View file

@ -40,10 +40,12 @@
'metadata': { 'metadata': {
'id': 'af96709e-b13f-4965-a588-ef2cd476437a', 'id': 'af96709e-b13f-4965-a588-ef2cd476437a',
'network': { 'network': {
'internal': { 'interfaces': {
'interface': 'enp42s0', 'internal': {
'ipv4': '10.0.0.2/24', 'match': 'enp42s0',
'gateway4': '10.0.0.1', 'ipv4': '10.0.0.2/24',
'gateway4': '10.0.0.1',
},
}, },
}, },
'build-server': { 'build-server': {

20
nodes/home.stromzaehler.py
View file

@ -14,15 +14,17 @@
'metadata': { 'metadata': {
'id': 'dd521b8a-dc03-43f5-b29f-068f948ba3b8', 'id': 'dd521b8a-dc03-43f5-b29f-068f948ba3b8',
'network': { 'network': {
'internal': { 'interfaces': {
'interface': 'eth0', 'internal': {
'ipv4': '10.0.0.15/24', 'match': 'eth0',
'gateway4': '10.0.0.1', 'ipv4': '10.0.0.15/24',
}, 'gateway4': '10.0.0.1',
'wlan': { },
'interface': 'wlan0', 'wlan': {
'ipv4': '10.0.0.16/24', 'match': 'wlan0',
'gateway4': '10.0.0.1', 'ipv4': '10.0.0.16/24',
'gateway4': '10.0.0.1',
},
}, },
}, },
'stromzaehler': { 'stromzaehler': {

22
nodes/htz.games.py
View file

@ -35,17 +35,19 @@
}, },
'id': '353bb086-f3ce-4f36-8533-e91786c91ed9', 'id': '353bb086-f3ce-4f36-8533-e91786c91ed9',
'network': { 'network': {
'internal': { 'interfaces': {
'interface': 'ens10', 'internal': {
'ipv4': '10.0.10.3/32', 'match': 'ens10',
'ipv4': '10.0.10.3/32',
},
'external': {
'match': 'eth0',
'ipv4': '159.69.93.165/32',
'ipv6': '2a01:4f8:c2c:867::2/64',
'gateway4': '172.31.1.1',
'gateway6': 'fe80::1',
},
}, },
'external': {
'interface': 'eth0',
'ipv4': '159.69.93.165/32',
'ipv6': '2a01:4f8:c2c:867::2/64',
'gateway4': '172.31.1.1',
'gateway6': 'fe80::1',
}
}, },
'minecraft': { 'minecraft': {
'download': 'https://launcher.mojang.com/v1/objects/a16d67e5807f57fc4e550299cf20226194497dc2/server.jar', 'download': 'https://launcher.mojang.com/v1/objects/a16d67e5807f57fc4e550299cf20226194497dc2/server.jar',

22
nodes/netcup.mails.py
View file

@ -23,17 +23,19 @@
'metadata': { 'metadata': {
'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae', 'id': 'ea29bdf0-0b47-4bf4-8346-67d60c9dc4ae',
'network': { 'network': {
'internal': { 'interfaces': {
'interface': 'eth1', 'internal': {
'ipv4': '10.0.11.3/24', 'match': 'eth1',
'ipv4': '10.0.11.3/24',
},
'external': {
'match': 'eth0',
'ipv4': '202.61.255.108/22',
'gateway4': '202.61.252.1',
'ipv6': '2a03:4000:55:a89::1/64',
'gateway6': 'fe80::1',
},
}, },
'external': {
'interface': 'eth0',
'ipv4': '202.61.255.108/22',
'gateway4': '202.61.252.1',
'ipv6': '2a03:4000:55:a89::1/64',
'gateway6': 'fe80::1',
}
}, },
'bind': { 'bind': {
'hostname': 'resolver.name', 'hostname': 'resolver.name',

14
nodes/ovh.secondary.py
View file

@ -11,12 +11,14 @@
'metadata': { 'metadata': {
'id': 'd5080b1a-b310-48be-bd5a-02cfcecf0c90', 'id': 'd5080b1a-b310-48be-bd5a-02cfcecf0c90',
'network': { 'network': {
'external': { 'interfaces': {
'interface': 'ens3', 'external': {
'ipv4': '135.125.239.125/32', 'match': 'ens3',
'gateway4': '135.125.238.1', 'ipv4': '135.125.239.125/32',
'ipv6': '2001:41d0:701:1100::3dea/56', 'gateway4': '135.125.238.1',
'gateway6': '2001:41d0:701:1100::1', 'ipv6': '2001:41d0:701:1100::3dea/56',
'gateway6': '2001:41d0:701:1100::1',
},
}, },
}, },
'bind': { 'bind': {

10
nodes/wb.offsite-backups.py
View file

@ -15,10 +15,12 @@
'metadata': { 'metadata': {
'id': '23b898bd-203b-42d5-8150-cdb459915d77', 'id': '23b898bd-203b-42d5-8150-cdb459915d77',
'network': { 'network': {
'internal': { 'interfaces': {
'interface': 'eth0', 'internal': {
'ipv4': '192.168.179.20/24', 'match': 'eth0',
'gateway4': '192.168.179.1', 'ipv4': '192.168.179.20/24',
'gateway4': '192.168.179.1',
},
}, },
}, },
'backup-freshness-check': { 'backup-freshness-check': {