infra: net.py comparison

comparison net.py @ 289:65e28d2e0cd8

move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors

author	drewp@bigasterisk.com
date	Sun, 21 Apr 2024 17:07:23 -0700
parents	3af02e24eaf9
children	11d3bcedb9f0

comparison

equal deleted inserted replaced

-:3af02e24eaf9
+:65e28d2e0cd8
 from pyinfra import host
 from pyinfra.operations import apt, files, server, systemd
-from pyinfra.facts.server import Arch, LinuxDistribution
-is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
-is_wifi = False
 def cleanup():
 # past attempts
 files.file(path='/etc/network/interfaces', present=False)
 src="files/empty_dir/",
 dest=search_dir,
 delete=True,
 )
-# On bang (now pipe):
+# On pipe:
 #   Now using a HW router for this firewall. No incoming connections.
 #   test connections from the outside:
 #   http://www.t1shopper.com/tools/port-scanner/
 # On prime:
 #   using digitalocean network config:
 #   https://cloud.digitalocean.com/networking/firewalls/f68899ae-1aac-4469-b379-59ce2bbc988f/droplets?i=7c5072
 apt.packages(packages=['ufw'], present=False)
-# https://github.com/k3s-io/k3s/issues/1812 unclear, but more importantly, this has to be set
+def iptables_version():
-# on pipe in a way that works with the commands in house_net.service (and net_routes)
+# https://github.com/k3s-io/k3s/issues/1812 unclear, but more importantly, this has to be set
-server.shell(commands=[
+# on pipe in a way that works with the commands in house_net.service (and net_routes)
-'update-alternatives --set iptables /usr/sbin/iptables-legacy',
+server.shell(commands=[
-'update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy',
+'update-alternatives --set iptables /usr/sbin/iptables-legacy',
-])
+'update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy',
-# needs reboot if this changed
+])
+# needs reboot if this changed
-if host.name in ['prime', 'bang', 'pipe', 'ditto']:
-server.sysctl(key='net.ipv6.conf.all.disable_ipv6', value=1, persist=True)
-# if is_wifi_pi:
+iptables_version()
-#     files.put(dest="/etc/network/interfaces.d/wlan0", src="files/pi_wlan0_powersave")
+server.sysctl(key='net.ipv6.conf.all.disable_ipv6', value=1, persist=True)
-#     ssh.command(host.name, "iw wlan0 set power_save off")
-files.directory('/etc/systemd/network')
+if host.name == 'prime':
-if host.name == 'prime':
+cleanup()
-cleanup()
 files.template(
-src="templates/net/prime.network.j2",
+src="files/net/prime.network",
 dest="/etc/systemd/network/99-prime.network",
-mac=host.host_data['mac'],
+)
-)
+systemd.service(service='systemd-networkd.service', enabled=True, running=True, restarted=True)
-elif host.name == 'bang':
+if host.name == 'bang':
 cleanup()
-files.template(src="templates/net/bang_10.2.network.j2", dest="/etc/systemd/network/20-10.2.network")
+files.template(src="files/net/bang_10.2.network", dest="/etc/systemd/network/20-10.2.network")
 apt.packages(packages=['network-manager'], present=False)
+systemd.service(service='systemd-networkd.service', enabled=True, running=True, restarted=True)
-elif host.name == 'plus':
+if host.name == 'pipe':
-apt.packages(packages=['network-manager'], present=True)
+cleanup()
-elif host.name == 'pipe':
+files.template(src="files/net/pipe_10.2.network", dest="/etc/systemd/network/99-10.2.network")
-cleanup()
+files.template(src="files/net/pipe_isp.network", dest="/etc/systemd/network/99-isp.network")
+server.sysctl(key='net.ipv4.ip_forward', value=1, persist=True)
+files.template(src="files/net/house_net.service", dest="/etc/systemd/system/house_net.service", out_interface='eth0')
+systemd.service(service='house_net.service', daemon_reload=True, enabled=True, running=True, restarted=True)
+systemd.service(service='systemd-networkd.service', enabled=True, running=True, restarted=True)
-files.template(src="templates/net/pipe_10.2.network.j2", dest="/etc/systemd/network/99-10.2.network")
+if host.name == 'ditto':
-files.template(src="templates/net/pipe_isp.network.j2", dest="/etc/systemd/network/99-isp.network")
+files.template(
-server.sysctl(key='net.ipv4.ip_forward', value=1, persist=True)
+src="files/net/ditto-netplan.yaml",
-files.template(src="templates/net/house_net.service.j2",
+dest="/etc/netplan/00-installer-config.yaml",
-dest="/etc/systemd/system/house_net.service",
+create_remote_dir=True,
-out_interface='eth0')
+)
-systemd.service(service='house_net.service', daemon_reload=True, enabled=True, running=True, restarted=True)
-elif host.name == 'ditto':
-files.template(
-src="templates/net/ditto-netplan.yaml.j2",
-dest="/etc/netplan/00-installer-config.yaml",
-create_remote_dir=True,
-)
-else:
-cleanup()
-if is_wifi:
-files.put(src="secrets/wpa_supplicant.conf", dest="/etc/wpa_supplicant/wpa_supplicant.conf")
-files.template(
-src="templates/net/singlenic.network.j2",
-dest="/etc/systemd/network/20-bigasterisk.network",
-create_remote_dir=True,
-)
-apt.packages(packages=['network-manager'], present=False)
 systemd.service(service='systemd-networkd.service', enabled=True, running=True, restarted=True)
-# delete?
-# # TODO this breaks wireguard wg on garage, i think. workaround:
-# if host.name == 'garage':
-#     server.shell('ip -4 address add 10.5.0.14/24 dev wg0')

Mercurial > code > home > repos > infra

comparison net.py @ 289:65e28d2e0cd8