wip

2021-07-07 20:53:13 +02:00 · 2021-07-07 20:53:13 +02:00 · e4d1c00d4e
commit e4d1c00d4e
parent d0857ecf09
3 changed files with 33 additions and 10 deletions
--- a/bundles/letsencrypt/metadata.py
+++ b/bundles/letsencrypt/metadata.py
@ -1,13 +1,11 @@
+from ipaddress import ip_interface
+
 defaults = {
    'apt': {
        'packages': {
            'dehydrated': {},
        },
    },
-    'cron': {
-        'letsencrypt_renew': '{} 4 * * *    root    /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)),
-        'letsencrypt_cleanup': '{} 4 * * 0    root    /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)),
-    },
    'letsencrypt': {
        'domains': {},
    },
@ -19,6 +17,34 @@ defaults = {
 }


+@metadata_reactor.provides(
+    'systemd-timers/letsencrypt',
+    'mirror/certs',
+)
+def renew(metadata):
+    delegated_node = metadata.get('letsencrypt/delegate_to_node', False)
+    
+    if delegated_node:
+        delegated_ip = ip_interface(repo.get_node(delegated_node).metadata.get('network/internal/ipv4')).ip
+        return {
+            'mirror': {
+                'certs': {
+                    'from': f"{delegated_ip}:/var/lib/dehydrated/certs",
+                    'to': '/var/lib/dehydrated',
+                },
+            },
+        }
+    else:
+        return {
+            'systemd-timers': {
+                'letsencrypt': {
+                    'command': '/usr/bin/dehydrated --cron --accept-terms --challenge http-01 && /usr/bin/dehydrated --cleanup',
+                    'when': 'daily',
+                },
+            },
+        }
+
+
@metadata_reactor.provides(
    'letsencrypt/domains'
 )
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@ -20,12 +20,6 @@
    ],
    'metadata': {
        'id': 'af96709e-b13f-4965-a588-ef2cd476437a',
-        'mirror': {
-            'certs': {
-                'from': '10.0.10.2:/var/lib/dehydrated/certs',
-                'to': '/var/lib/dehydrated/certs',
-            },
-        },
        'network': {
            'internal': {
                'interface': 'enp1s0f0',
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@ -105,6 +105,9 @@
                'authorized_users': [
                    'root@home.server',
                ],
+                'authorized_keys': [
+                    'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHMKTJLw6Cb+MLt+9JFOkuo2QBpuA8EoTKOFpb3IFQHEq19YLMzOhcErWmzaRfiCnILhnwTQz0njS+n9Qu4aghk= root@mail.sublimity.de'
+                ],
            },
        },
        'vm': {