cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-06-17 01:48:34 +02:00
parent a4d1b4d817
commit a3caa8481e
8 changed files with 77 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
bundles/hetzner-cloud/metadata.py Normal file
View file

@ -0,0 +1,6 @@
defaults = {
'network': {
'gateway4': '172.31.1.1',
'gateway6': 'fe80::1',
},
}

16
bundles/network/metadata.py Normal file
View file

@ -0,0 +1,16 @@
@metadata_reactor.provides(
'interfaces',
)
def interfaces(metadata):
return {
'interfaces': {
metadata.get('network/interface'): {
'ips': list(filter(None.__ne__, [
metadata.get('network/ipv4', None),
metadata.get('network/ipv6', None),
])),
'gateway4': metadata.get('network/gateway4', None),
'gateway6': metadata.get('network/gateway6', None),
},
}
}

23
bundles/nginx/metadata.py
View file

@ -1,3 +1,4 @@
from ipaddress import ip_interface
from bundlewrap.metadata import atomic
defaults = {
@ -12,6 +13,28 @@ defaults = {
}
@metadata_reactor.provides(
'dns',
)
def dns(metadata):
dns = {}
for config in metadata.get('nginx/vhosts', {}).values():
dns[config['domain']] = {}
if metadata.get('network/ipv4'):
dns[config['domain']]['A'] = [
str(ip_interface(metadata.get('network/ipv4')).ip)
]
if metadata.get('network/ipv6'):
dns[config['domain']]['AAAA'] = [
str(ip_interface(metadata.get('network/ipv6')).ip)
]
return {
'dns': dns,
}
@metadata_reactor.provides(
'letsencrypt/domains',
'letsencrypt/reload_after',

3
bundles/opendkim/metadata.py
View file

@ -1,4 +1,5 @@
from os.path import join, exists
from re import sub
from cryptography.hazmat.primitives import serialization as crypto_serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.backends import default_backend as crypto_default_backend
@ -83,7 +84,7 @@ def dns(metadata):
dns = {}
for domain, keys in metadata.get('opendkim/keys').items():
raw_key = keys['public'].replace('ssh-rsa ', '')
raw_key = sub('^ssh-rsa ', '', keys['public'])
dns[f'mail._domainkey.{domain}'] = {
'TXT': [f'v=DKIM1; k=rsa; p={raw_key}'],
}

5
groups/hardware/hetzner-cloud.py Normal file
View file

@ -0,0 +1,5 @@
{
'bundles': [
'hetzner-cloud',
],
}

2
groups/os/debian.py
View file

@ -4,8 +4,6 @@
],
'bundles': [
'apt',
'systemd',
'systemd-networkd',
],
'os': 'debian',
'pip_command': 'pip3',

8
groups/os/linux.py
View file

@ -1 +1,7 @@
{}
{
'bundles': [
'network',
'systemd',
'systemd-networkd',
],
}

40
nodes/htz.mails.py
View file

@ -1,6 +1,7 @@
{
'hostname': '162.55.188.157',
'groups': [
'hetzner-cloud',
'debian-10',
'mailserver',
'webserver',
@ -10,29 +11,11 @@
'zfs',
],
'metadata': {
'opendkim': {
'domains': [
'mail2.sublimity.de',
# 'sublimity.de',
# 'freibrief.net',
# 'nadenau.net',
# 'naeder.net',
# 'rolfwerner.eu',
# 'wettengl.net',
# 'wingl.de',
# 'woodpipe.de',
],
'network': {
'interface': 'eth0',
'ipv4': '162.55.188.157/32',
'ipv6': '2a01:4f8:1c1c:4121::1/64',
},
'interfaces': {
'eth0': {
'ips': {
'162.55.188.157',
'2a01:4f8:1c1c:4121::1/64',
},
'gateway4': '172.31.1.1',
'gateway6': 'fe80::1',
},
},
'nginx': {
'vhosts': {
'nextcloud': {
@ -55,6 +38,19 @@
'hostname': 'mail2.sublimity.de',
'admin_email': 'postmaster@sublimity.de',
},
'opendkim': {
'domains': [
'mail2.sublimity.de',
# 'sublimity.de',
# 'freibrief.net',
# 'nadenau.net',
# 'naeder.net',
# 'rolfwerner.eu',
# 'wettengl.net',
# 'wingl.de',
# 'woodpipe.de',
],
},
'roundcube': {
'product_name': 'Sublimity Mail',
'version': '1.4.11',