From a3caa8481e0dcf978d92f45b659c03bf459d5f3e Mon Sep 17 00:00:00 2001 From: mwiegand Date: Thu, 17 Jun 2021 01:48:34 +0200 Subject: [PATCH] wip --- bundles/hetzner-cloud/metadata.py | 6 +++++ bundles/network/metadata.py | 16 +++++++++++++ bundles/nginx/metadata.py | 23 ++++++++++++++++++ bundles/opendkim/metadata.py | 3 ++- groups/hardware/hetzner-cloud.py | 5 ++++ groups/os/debian.py | 2 -- groups/os/linux.py | 8 ++++++- nodes/htz.mails.py | 40 ++++++++++++++----------------- 8 files changed, 77 insertions(+), 26 deletions(-) create mode 100644 bundles/hetzner-cloud/metadata.py create mode 100644 bundles/network/metadata.py create mode 100644 groups/hardware/hetzner-cloud.py diff --git a/bundles/hetzner-cloud/metadata.py b/bundles/hetzner-cloud/metadata.py new file mode 100644 index 0000000..b09f962 --- /dev/null +++ b/bundles/hetzner-cloud/metadata.py @@ -0,0 +1,6 @@ +defaults = { + 'network': { + 'gateway4': '172.31.1.1', + 'gateway6': 'fe80::1', + }, +} diff --git a/bundles/network/metadata.py b/bundles/network/metadata.py new file mode 100644 index 0000000..3eb82b8 --- /dev/null +++ b/bundles/network/metadata.py @@ -0,0 +1,16 @@ +@metadata_reactor.provides( + 'interfaces', +) +def interfaces(metadata): + return { + 'interfaces': { + metadata.get('network/interface'): { + 'ips': list(filter(None.__ne__, [ + metadata.get('network/ipv4', None), + metadata.get('network/ipv6', None), + ])), + 'gateway4': metadata.get('network/gateway4', None), + 'gateway6': metadata.get('network/gateway6', None), + }, + } + } diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index 2714c32..5fd11dc 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -1,3 +1,4 @@ +from ipaddress import ip_interface from bundlewrap.metadata import atomic defaults = { @@ -12,6 +13,28 @@ defaults = { } +@metadata_reactor.provides( + 'dns', +) +def dns(metadata): + dns = {} + + for config in metadata.get('nginx/vhosts', {}).values(): + dns[config['domain']] = {} + + if metadata.get('network/ipv4'): + dns[config['domain']]['A'] = [ + str(ip_interface(metadata.get('network/ipv4')).ip) + ] + if metadata.get('network/ipv6'): + dns[config['domain']]['AAAA'] = [ + str(ip_interface(metadata.get('network/ipv6')).ip) + ] + + return { + 'dns': dns, + } + @metadata_reactor.provides( 'letsencrypt/domains', 'letsencrypt/reload_after', diff --git a/bundles/opendkim/metadata.py b/bundles/opendkim/metadata.py index d002d8e..5f2d68f 100644 --- a/bundles/opendkim/metadata.py +++ b/bundles/opendkim/metadata.py @@ -1,4 +1,5 @@ from os.path import join, exists +from re import sub from cryptography.hazmat.primitives import serialization as crypto_serialization from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.backends import default_backend as crypto_default_backend @@ -83,7 +84,7 @@ def dns(metadata): dns = {} for domain, keys in metadata.get('opendkim/keys').items(): - raw_key = keys['public'].replace('ssh-rsa ', '') + raw_key = sub('^ssh-rsa ', '', keys['public']) dns[f'mail._domainkey.{domain}'] = { 'TXT': [f'v=DKIM1; k=rsa; p={raw_key}'], } diff --git a/groups/hardware/hetzner-cloud.py b/groups/hardware/hetzner-cloud.py new file mode 100644 index 0000000..eb1d2a4 --- /dev/null +++ b/groups/hardware/hetzner-cloud.py @@ -0,0 +1,5 @@ +{ + 'bundles': [ + 'hetzner-cloud', + ], +} diff --git a/groups/os/debian.py b/groups/os/debian.py index c8d8142..e1eb4d9 100644 --- a/groups/os/debian.py +++ b/groups/os/debian.py @@ -4,8 +4,6 @@ ], 'bundles': [ 'apt', - 'systemd', - 'systemd-networkd', ], 'os': 'debian', 'pip_command': 'pip3', diff --git a/groups/os/linux.py b/groups/os/linux.py index 0967ef4..9917160 100644 --- a/groups/os/linux.py +++ b/groups/os/linux.py @@ -1 +1,7 @@ -{} +{ + 'bundles': [ + 'network', + 'systemd', + 'systemd-networkd', + ], +} diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py index ef744d9..735b9b1 100644 --- a/nodes/htz.mails.py +++ b/nodes/htz.mails.py @@ -1,6 +1,7 @@ { 'hostname': '162.55.188.157', 'groups': [ + 'hetzner-cloud', 'debian-10', 'mailserver', 'webserver', @@ -10,29 +11,11 @@ 'zfs', ], 'metadata': { - 'opendkim': { - 'domains': [ - 'mail2.sublimity.de', - # 'sublimity.de', - # 'freibrief.net', - # 'nadenau.net', - # 'naeder.net', - # 'rolfwerner.eu', - # 'wettengl.net', - # 'wingl.de', - # 'woodpipe.de', - ], + 'network': { + 'interface': 'eth0', + 'ipv4': '162.55.188.157/32', + 'ipv6': '2a01:4f8:1c1c:4121::1/64', }, - 'interfaces': { - 'eth0': { - 'ips': { - '162.55.188.157', - '2a01:4f8:1c1c:4121::1/64', - }, - 'gateway4': '172.31.1.1', - 'gateway6': 'fe80::1', - }, - }, 'nginx': { 'vhosts': { 'nextcloud': { @@ -55,6 +38,19 @@ 'hostname': 'mail2.sublimity.de', 'admin_email': 'postmaster@sublimity.de', }, + 'opendkim': { + 'domains': [ + 'mail2.sublimity.de', + # 'sublimity.de', + # 'freibrief.net', + # 'nadenau.net', + # 'naeder.net', + # 'rolfwerner.eu', + # 'wettengl.net', + # 'wingl.de', + # 'woodpipe.de', + ], + }, 'roundcube': { 'product_name': 'Sublimity Mail', 'version': '1.4.11',