Mercurial > code > home > repos > infra
comparison net.py @ 37:fbd0849dfdbd
redo networking to be much simpler. Uses systemd-networkd
| author | drewp@bigasterisk.com |
|---|---|
| date | Sat, 15 Jan 2022 17:10:10 -0800 |
| parents | dc2100504c45 |
| children | 49a69852a4f4 |
comparison
equal
deleted
inserted
replaced
| 36:dc2100504c45 | 37:fbd0849dfdbd |
|---|---|
| 1 from pyinfra import host | 1 from pyinfra import host |
| 2 from pyinfra.operations import apt, files, server, systemd | 2 from pyinfra.operations import apt, files, server, systemd |
| 3 | 3 |
| 4 is_wifi = host.name in ['frontdoor', 'living', 'plus'] | 4 is_wifi = host.name in ['frontdoor', 'living', 'plus'] |
| 5 prime_public_addr = '162.243.138.136' | |
| 6 prime_gateway = '162.243.138.1' | |
| 7 | 5 |
| 8 | 6 |
| 9 def cleanup(): | 7 def cleanup(): |
| 10 # past attempts | 8 # past attempts |
| 11 files.file(path='/etc/netplan/99-pyinfra-written.yaml', present=False) | 9 files.file(path='/etc/netplan/99-pyinfra-written.yaml', present=False) |
| 23 delete=True, | 21 delete=True, |
| 24 ) | 22 ) |
| 25 | 23 |
| 26 apt.packages(packages=['network-manager'], present=False) | 24 apt.packages(packages=['network-manager'], present=False) |
| 27 | 25 |
| 26 # On bang: | |
| 27 # Now using a HW router for this firewall. No incoming connections. | |
| 28 # test connections from the outside: | |
| 29 # http://www.t1shopper.com/tools/port-scanner/ | |
| 30 # On prime: | |
| 31 # using digitalocean network config: | |
| 32 # https://cloud.digitalocean.com/networking/firewalls/f68899ae-1aac-4469-b379-59ce2bbc988f/droplets?i=7c5072 | |
| 33 apt.packages(packages=['ufw'], present=False) | |
| 28 | 34 |
| 29 if host.name in [ | 35 |
| 30 'garage', | 36 if host.name == 'prime': |
| 31 'dash', | |
| 32 'slash', | |
| 33 'frontbed', | |
| 34 'prime', | |
| 35 ]: | |
| 36 cleanup() | 37 cleanup() |
| 37 | 38 |
| 38 addr = host.host_data['addr'] | 39 files.directory('/etc/systemd/network') |
| 39 if addr.startswith('10.'): | 40 files.template( |
| 40 net = addr[:4] | 41 src="templates/net/prime.network.j2", |
| 41 gateway = net + '.0.1' | 42 dest="/etc/systemd/network/99-prime.network", |
| 42 dns = gateway | 43 mac=host.host_data['mac'], |
| 43 elif addr == prime_public_addr: | 44 ) |
| 44 gateway = prime_gateway | 45 |
| 45 dns = '10.5.0.1 8.8.8.8 8.8.4.4' | 46 elif host.name == 'bang': |
| 46 else: | 47 cleanup() |
| 47 raise ValueError(addr) | 48 |
| 49 files.directory('/etc/systemd/network') | |
| 50 files.template(src="templates/net/bang_10.1.network.j2", dest="/etc/systemd/network/99-10.1.network") | |
| 51 files.template(src="templates/net/bang_10.2.network.j2", dest="/etc/systemd/network/99-10.2.network") | |
| 52 files.template(src="templates/net/bang_isp.network.j2", dest="/etc/systemd/network/99-isp.network") | |
| 53 systemd.service(service='systemd-networkd.service', running=True, restarted=True) | |
| 54 | |
| 55 elif host.name == 'plus': | |
| 56 pass | |
| 57 | |
| 58 else: | |
| 59 cleanup() | |
| 48 | 60 |
| 49 if is_wifi: | 61 if is_wifi: |
| 50 files.put(src="secrets/wpa_supplicant.conf", dest="/etc/wpa_supplicant/wpa_supplicant.conf") | 62 files.put(src="secrets/wpa_supplicant.conf", dest="/etc/wpa_supplicant/wpa_supplicant.conf") |
| 51 | 63 |
| 52 files.template(src="templates/house.network.j2", | 64 addr = host.host_data['addr'] |
| 53 dest="/etc/systemd/network/99-house.network", | 65 net = addr[:4] |
| 66 gateway = net + '.0.1' | |
| 67 dns = gateway | |
| 68 | |
| 69 files.template(src="templates/net/singlenic.network.j2", | |
| 70 dest="/etc/systemd/network/99-bigasterisk.network", | |
| 54 create_remote_dir=True, | 71 create_remote_dir=True, |
| 55 mac=host.host_data['mac'], | 72 mac=host.host_data['mac'], |
| 56 addr=addr, | 73 addr=addr, |
| 57 gateway=gateway, | 74 gateway=gateway, |
| 58 dns=dns) | 75 dns=dns) |
| 59 systemd.service(service='systemd-networkd.service', running=True, restarted=True) | 76 systemd.service(service='systemd-networkd.service', running=True, restarted=True) |
| 60 | |
| 61 # ns = '10.2.0.1' | |
| 62 # if host.name == 'prime': | |
| 63 # ns = '8.8.8.8' | |
| 64 # elif host.name in ['slash']: | |
| 65 # ns = '10.1.0.1' | |
| 66 # files.template(src='templates/resolv.conf.j2', dest='/etc/resolv.conf', ns=ns) | |
| 67 | |
| 68 if host.name == 'plus': | |
| 69 apt.packages(packages=['network-manager'], present=True) | |
| 70 | |
| 71 if host.name == 'bang': | |
| 72 files.template(src='templates/bang_interfaces.j2', dest='/etc/network/interfaces', user='root', group='root', mode='644') | |
| 73 | |
| 74 # Now using a HW router for this firewall. No incoming connections. | |
| 75 # test connections from the outside: | |
| 76 # http://www.t1shopper.com/tools/port-scanner/ | |
| 77 apt.packages(packages=['ufw'], present=False) | |
| 78 | |
| 79 if host.name == 'prime': | |
| 80 # using digitalocean network config: | |
| 81 # https://cloud.digitalocean.com/networking/firewalls/f68899ae-1aac-4469-b379-59ce2bbc988f/droplets?i=7c5072 | |
| 82 apt.packages(packages=['ufw'], present=False) | |
| 83 | |
| 84 files.line(name='shorter systemctl log window, for disk space', | |
| 85 path='/etc/systemd/journald.conf', | |
| 86 line='MaxFileSec', | |
| 87 replace="MaxFileSec=7day") | |
| 88 | |
| 89 for port in [80, 443]: | |
| 90 files.template(src="templates/webforward.service.j2", dest=f"/etc/systemd/system/web_forward_{port}.service", port=port) | |
| 91 systemd.service(service=f'web_forward_{port}', enabled=True, restarted=True) |