Mercurial > code > home > repos > infra

diff net.py @ 289:65e28d2e0cd8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
author drewp@bigasterisk.com
date Sun, 21 Apr 2024 17:07:23 -0700
parents 3af02e24eaf9
children 11d3bcedb9f0
line wrap: on
line diff
--- a/net.py	Sun Apr 21 17:01:13 2024 -0700
+++ b/net.py	Sun Apr 21 17:07:23 2024 -0700
@@ -1,9 +1,5 @@
 from pyinfra import host
 from pyinfra.operations import apt, files, server, systemd
-from pyinfra.facts.server import Arch, LinuxDistribution
-
-is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
-is_wifi = False
 
 
 def cleanup():
@@ -23,7 +19,7 @@
             delete=True,
         )
 
-    # On bang (now pipe):
+    # On pipe:
     #   Now using a HW router for this firewall. No incoming connections.
     #   test connections from the outside:
     #   http://www.t1shopper.com/tools/port-scanner/
@@ -33,74 +29,50 @@
     apt.packages(packages=['ufw'], present=False)
 
 
-# https://github.com/k3s-io/k3s/issues/1812 unclear, but more importantly, this has to be set
-# on pipe in a way that works with the commands in house_net.service (and net_routes)
-server.shell(commands=[
-    'update-alternatives --set iptables /usr/sbin/iptables-legacy',
-    'update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy',
-])
-# needs reboot if this changed
+def iptables_version():
+    # https://github.com/k3s-io/k3s/issues/1812 unclear, but more importantly, this has to be set
+    # on pipe in a way that works with the commands in house_net.service (and net_routes)
+    server.shell(commands=[
+        'update-alternatives --set iptables /usr/sbin/iptables-legacy',
+        'update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy',
+    ])
+    # needs reboot if this changed
 
-if host.name in ['prime', 'bang', 'pipe', 'ditto']:
-    server.sysctl(key='net.ipv6.conf.all.disable_ipv6', value=1, persist=True)
-
-    # if is_wifi_pi:
-    #     files.put(dest="/etc/network/interfaces.d/wlan0", src="files/pi_wlan0_powersave")
-    #     ssh.command(host.name, "iw wlan0 set power_save off")
 
-    files.directory('/etc/systemd/network')
-    if host.name == 'prime':
-        cleanup()
+iptables_version()
+server.sysctl(key='net.ipv6.conf.all.disable_ipv6', value=1, persist=True)
+
+if host.name == 'prime':
+    cleanup()
 
-        files.template(
-            src="templates/net/prime.network.j2",
-            dest="/etc/systemd/network/99-prime.network",
-            mac=host.host_data['mac'],
-        )
-
-    elif host.name == 'bang':
-        cleanup()
-
-        files.template(src="templates/net/bang_10.2.network.j2", dest="/etc/systemd/network/20-10.2.network")
-        apt.packages(packages=['network-manager'], present=False)
+    files.template(
+        src="files/net/prime.network",
+        dest="/etc/systemd/network/99-prime.network",
+    )
+    systemd.service(service='systemd-networkd.service', enabled=True, running=True, restarted=True)
 
-    elif host.name == 'plus':
-        apt.packages(packages=['network-manager'], present=True)
-
-    elif host.name == 'pipe':
-        cleanup()
+if host.name == 'bang':
+    cleanup()
 
-        files.template(src="templates/net/pipe_10.2.network.j2", dest="/etc/systemd/network/99-10.2.network")
-        files.template(src="templates/net/pipe_isp.network.j2", dest="/etc/systemd/network/99-isp.network")
-        server.sysctl(key='net.ipv4.ip_forward', value=1, persist=True)
-        files.template(src="templates/net/house_net.service.j2",
-                       dest="/etc/systemd/system/house_net.service",
-                       out_interface='eth0')
-        systemd.service(service='house_net.service', daemon_reload=True, enabled=True, running=True, restarted=True)
+    files.template(src="files/net/bang_10.2.network", dest="/etc/systemd/network/20-10.2.network")
+    apt.packages(packages=['network-manager'], present=False)
+    systemd.service(service='systemd-networkd.service', enabled=True, running=True, restarted=True)
+
+if host.name == 'pipe':
+    cleanup()
 
-    elif host.name == 'ditto':
-        files.template(
-            src="templates/net/ditto-netplan.yaml.j2",
-            dest="/etc/netplan/00-installer-config.yaml",
-            create_remote_dir=True,
-        )
-
-    else:
-        cleanup()
+    files.template(src="files/net/pipe_10.2.network", dest="/etc/systemd/network/99-10.2.network")
+    files.template(src="files/net/pipe_isp.network", dest="/etc/systemd/network/99-isp.network")
+    server.sysctl(key='net.ipv4.ip_forward', value=1, persist=True)
+    files.template(src="files/net/house_net.service", dest="/etc/systemd/system/house_net.service", out_interface='eth0')
+    systemd.service(service='house_net.service', daemon_reload=True, enabled=True, running=True, restarted=True)
+    systemd.service(service='systemd-networkd.service', enabled=True, running=True, restarted=True)
 
-        if is_wifi:
-            files.put(src="secrets/wpa_supplicant.conf", dest="/etc/wpa_supplicant/wpa_supplicant.conf")
-
-        files.template(
-            src="templates/net/singlenic.network.j2",
-            dest="/etc/systemd/network/20-bigasterisk.network",
-            create_remote_dir=True,
-        )
-        apt.packages(packages=['network-manager'], present=False)
+if host.name == 'ditto':
+    files.template(
+        src="files/net/ditto-netplan.yaml",
+        dest="/etc/netplan/00-installer-config.yaml",
+        create_remote_dir=True,
+    )
 
     systemd.service(service='systemd-networkd.service', enabled=True, running=True, restarted=True)
-
-    # delete?
-    # # TODO this breaks wireguard wg on garage, i think. workaround:
-    # if host.name == 'garage':
-    #     server.shell('ip -4 address add 10.5.0.14/24 dev wg0')