# HG changeset patch # User drewp@bigasterisk.com # Date 1636702281 28800 # Node ID 15c5ce7c74b59c7cc6736ac6fd8c6df164f217a1 # Parent 82e46d7ff527a4e50976f5f8a04227946f173157 refactor, cleanup, split large deploys diff -r 82e46d7ff527 -r 15c5ce7c74b5 .hgignore --- a/.hgignore Thu Nov 11 22:46:32 2021 -0800 +++ b/.hgignore Thu Nov 11 23:31:21 2021 -0800 @@ -1,2 +1,3 @@ env pyinfra-debug.log +secrets/ diff -r 82e46d7ff527 -r 15c5ce7c74b5 config.py diff -r 82e46d7ff527 -r 15c5ce7c74b5 files/bang_fstab --- a/files/bang_fstab Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,9 +0,0 @@ -# /etc/fstab: static file system information. -# -# Use 'blkid' to print the universally unique identifier for a -# device; this may be used with UUID= as a more robust way to name devices -# that works even if disks are added and removed. See fstab(5). -# -# -/dev/disk/by-uuid/8c7a2d08-60d1-486a-8136-d9f43d83a064 / ext4 relatime 0 0 -/dev/disk/by-uuid/d9a1e1e4-9eba-4988-8b01-c5f6732a2972 /d3 ext4 relatime 0 0 diff -r 82e46d7ff527 -r 15c5ce7c74b5 files/dash_fstab --- a/files/dash_fstab Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,6 +0,0 @@ -# -/dev/disk/by-uuid/3b6780e0-ec86-43be-8d09-e462dbad762e / ext4 defaults 0 0 -/dev/disk/by-uuid/b88f75cd-9022-4af9-a11b-5a5a1fbd3132 /d2 ext4 defaults 0 0 -/dev/disk/by-uuid/73bcd201-5f77-4f68-9fba-47835c3c1692 /prev ext4 defaults 0 0 -/swap.img none swap sw 0 0 -bang:/stor6/my /my nfs4 defaults 0 0 diff -r 82e46d7ff527 -r 15c5ce7c74b5 files/frontbed_fstab --- a/files/frontbed_fstab Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ -proc /proc proc defaults 0 0 -PARTUUID=ba053f31-01 /boot vfat defaults 0 2 -PARTUUID=ba053f31-02 / ext4 defaults,noatime 0 1 diff -r 82e46d7ff527 -r 15c5ce7c74b5 files/fstab/bang --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/files/fstab/bang Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,5 @@ +# written by pyinfra + +# +/dev/disk/by-uuid/8c7a2d08-60d1-486a-8136-d9f43d83a064 / ext4 relatime 0 0 +/dev/disk/by-uuid/d9a1e1e4-9eba-4988-8b01-c5f6732a2972 /d3 ext4 relatime 0 0 diff -r 82e46d7ff527 -r 15c5ce7c74b5 files/fstab/dash --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/files/fstab/dash Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,8 @@ +# written by pyinfra + +# +/dev/disk/by-uuid/3b6780e0-ec86-43be-8d09-e462dbad762e / ext4 defaults 0 0 +/dev/disk/by-uuid/b88f75cd-9022-4af9-a11b-5a5a1fbd3132 /d2 ext4 defaults 0 0 +/dev/disk/by-uuid/73bcd201-5f77-4f68-9fba-47835c3c1692 /prev ext4 defaults 0 0 +/swap.img none swap sw 0 0 +bang:/stor6/my /my nfs4 defaults 0 0 diff -r 82e46d7ff527 -r 15c5ce7c74b5 files/fstab/slash --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/files/fstab/slash Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,5 @@ +# written by pyinfra + +# +UUID=d2999404-d8e1-47e7-b52c-797b282708ac / ext4 errors=remount-ro 0 1 +bang:/stor6/my /my nfs defaults 0 0 diff -r 82e46d7ff527 -r 15c5ce7c74b5 files/pi_wlan0_powersave --- a/files/pi_wlan0_powersave Thu Nov 11 22:46:32 2021 -0800 +++ b/files/pi_wlan0_powersave Thu Nov 11 23:31:21 2021 -0800 @@ -1,3 +1,5 @@ +# written by pyinfra + auto wlan0 iface wlan0 inet dhcp post-up iw wlan0 set power_save off diff -r 82e46d7ff527 -r 15c5ce7c74b5 files/slash_fstab --- a/files/slash_fstab Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ -# -UUID=d2999404-d8e1-47e7-b52c-797b282708ac / ext4 errors=remount-ro 0 1 -10.1.0.1:/stor6/my /my nfs defaults 0 0 diff -r 82e46d7ff527 -r 15c5ce7c74b5 kube.py --- a/kube.py Thu Nov 11 22:46:32 2021 -0800 +++ b/kube.py Thu Nov 11 23:31:21 2021 -0800 @@ -1,7 +1,7 @@ from pyinfra import host -from pyinfra.operations import server, files, apt, ssh, systemd -from pyinfra.facts.server import LinuxDistribution, Arch from pyinfra.facts.files import FindInFile +from pyinfra.facts.server import Arch, LinuxDistribution +from pyinfra.operations import files, server, systemd bang_is_old = True # remove after upgrade is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] @@ -10,20 +10,16 @@ k3s_version = 'v1.21.2+k3s1' master_ip = "10.5.0.1" -token = open('secrets/k3s_token', 'rt').read().strip() - server.sysctl(key='net.ipv4.ip_forward', value="1", persist=True) server.sysctl(key='net.ipv6.conf.all.forwarding', value="1", persist=True) -# - role: download -if host.get_fact(Arch) == 'x86_64': - src = f'https://github.com/rancher/k3s/releases/download/{k3s_version}/k3s' -else: - src = f'https://github.com/rancher/k3s/releases/download/{k3s_version}/k3s-armhf' +tail = 'k3s' if host.get_fact(Arch) == 'x86_64' else 'k3s-armhf' +files.download(src=f'https://github.com/rancher/k3s/releases/download/{k3s_version}/{tail}', + dest='/usr/local/bin/k3s', + user='root', + group='root', + mode='755') -files.download(src=src, dest='/usr/local/bin/k3s', user='root', group='root', mode='755') - -# - role: raspbian if is_pi: old_cmdline = host.get_fact(FindInFile, path='/boot/cmdline.txt', pattern=r'.*')[0] print(repr(old_cmdline)) @@ -38,20 +34,17 @@ ]) # needs reboot if this changed -# - role: registries_fix # See https://github.com/rancher/k3s/issues/1802 and https://rancher.com/docs/k3s/latest/en/installation/private-registry/ files.directory(path='/etc/rancher/k3s') -files.template(src='templates/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml') +files.template(src='templates/kube/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml') -if host.name == 'bang': - # - role: k3s/master +if host.name == 'bang': # master files.template( - src='templates/k3s-server.service.j2', + src='templates/kube/k3s-server.service.j2', dest='/etc/systemd/system/k3s.service', master_ip=master_ip, ) systemd.service(service='k3s.service', daemon_reload=True, enabled=True, restarted=True) - # /var/lib/rancher/k3s/server/node-token will soon contain secrets/k3s_token # one-time thing at cluster create time? not sure # - name: Replace https://localhost:6443 by https://master-ip:6443 @@ -61,9 +54,11 @@ # --kubeconfig ~{{ ansible_user }}/.kube/config if host.name in ['slash', 'dash', 'frontbed', 'garage']: # nodes - # - role: k3s/node + # /var/lib/rancher/k3s/server/node-token is the source of the string in secrets/k3s_token + token = open('secrets/k3s_token', 'rt').read().strip() + files.template( - src='templates/k3s-node.service.j2', + src='templates/kube/k3s-node.service.j2', dest='/etc/systemd/system/k3s-node.service', master_ip=master_ip, token=token, @@ -74,15 +69,6 @@ if host.name in ['bang', 'slash', 'dash']: # hosts to admin from files.link(path='/usr/local/bin/kubectl', target='/usr/local/bin/k3s') files.directory(path='/home/drewp/.kube', user='drewp', group='drewp') - # files.template( - # src='templates/kube-config.j2', - # dest='/home/drewp/.kube/config', - # user='drewp', - # group='drewp', - # mode='600', - # master_ip=master_ip, - # token=token, - # ) files.line(path="/home/drewp/.zshrc", line="KUBECONFIG", replace='export KUBECONFIG=/etc/rancher/k3s/k3s.yaml') files.chown(target='/etc/rancher/k3s/k3s.yaml', user='root', group='drewp') diff -r 82e46d7ff527 -r 15c5ce7c74b5 net.py --- a/net.py Thu Nov 11 22:46:32 2021 -0800 +++ b/net.py Thu Nov 11 23:31:21 2021 -0800 @@ -9,7 +9,7 @@ ssh_host = host.host_data.get('ssh_hostname', host.name) if is_wifi: - files.put(src="files/wpa_supplicant.conf", dest="/etc/wpa_supplicant/wpa_supplicant.conf") + files.put(src="secrets/wpa_supplicant.conf", dest="/etc/wpa_supplicant/wpa_supplicant.conf") files.template(src='templates/hosts.j2', dest='/etc/hosts') @@ -30,14 +30,14 @@ ns = '10.1.0.1' files.template(src='templates/resolv.conf.j2', dest='/etc/resolv.conf', ns=ns) -if host.name in ['dash', 'slash', 'garage']: +if host.name in ['dash', 'slash', 'garage', 'frontbed']: # might need to upgrade pi systemd if there are errors in this part apt.packages(packages=['netplan.io']) files.file(path='/etc/netplan/00-installer-config.yaml', present=False) addrs = host.get_fact(Ipv4Addrs) ipv4Interface = host.host_data['interface'] ipv4Address = host.host_data['addr'] - files.template(src='templates/netplan_dns.yaml.j2', + files.template(src='templates/netplan.yaml.j2', dest='/etc/netplan/99-ansible-written.yaml', ipv4Interface=ipv4Interface, ipv4Address=ipv4Address) @@ -64,11 +64,13 @@ for net_name in ['10.1', '10.2', '10.5']: files.directory(path=f'/opt/dnsmasq/{net_name}') - files.template(src='templates/dnsmasq.conf.j2', dest=f'/opt/dnsmasq/{net_name}/dnsmasq.conf', net=net_name) - files.template(src='templates/dhcp_hosts_file.j2', dest=f'/opt/dnsmasq/{net_name}/hosts', net=net_name) - files.template(src='templates/dhcp_hosts.j2', dest=f'/opt/dnsmasq/{net_name}/dhcp_hosts', net=net_name) + files.template(src='templates/dnsmasq/dnsmasq.conf.j2', dest=f'/opt/dnsmasq/{net_name}/dnsmasq.conf', net=net_name) + files.template(src='templates/dnsmasq/hosts.j2', dest=f'/opt/dnsmasq/{net_name}/hosts', net=net_name) + files.template(src='templates/dnsmasq/dhcp_hosts.j2', dest=f'/opt/dnsmasq/{net_name}/dhcp_hosts', net=net_name) - files.template(src='templates/dnsmasq.service.j2', dest=f'/etc/systemd/system/dnsmasq_{net_name}.service', net=net_name) + files.template(src='templates/dnsmasq/dnsmasq.service.j2', + dest=f'/etc/systemd/system/dnsmasq_{net_name}.service', + net=net_name) systemd.service(service=f'dnsmasq_{net_name}', restarted=True, daemon_reload=True) if host.name == 'prime': diff -r 82e46d7ff527 -r 15c5ce7c74b5 packages.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/packages.py Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,70 @@ +from pyinfra import host +from pyinfra.facts.server import LinuxDistribution +from pyinfra.operations import apt, files, ssh + +bang_is_old = True # remove after upgrade +is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] +is_wifi_pi = host.name in ['frontdoor', 'living'] + +if not is_pi: + apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553') + +if is_pi: + apt.packages(packages=['mandb', 'apt-listchanges'], present=False) + files.template(src='templates/pi_sources.list.j2', dest='/etc/apt/sources.list', rel='bullseye') + # 'apt upgrade'? + apt.packages(update=True, packages=['dirmngr', 'gnupg2', 'apt-utils']) + + apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc') + apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc') + apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc') + + files.file(path='/etc/apt/sources.list.d/raspi.list', present=False) + + if is_wifi_pi: + files.put(dest="/etc/network/interfaces.d/wlan0", src="files/pi_wlan0_powersave") + ssh.command(host.name, "iw wlan0 set power_save off") + + files.template(src='templates/boot_config.txt.j2', dest='/boot/config.txt') + +if not is_pi and host.name != 'prime': + apt.key(src='https://dl.google.com/linux/linux_signing_key.pub') + apt.repo(src='deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main') + + apt.key(src='https://packages.microsoft.com/keys/microsoft.asc') + apt.repo(src="deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code stable main") + + apt.ppa(src="ppa:savoury1/blender") + + apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7') + apt.repo(src="deb [arch=amd64,i386] https://repo.steampowered.com/steam/ stable steam") + +apt.packages(packages=[ + 'build-essential', + # 'i2c-tools', + 'rsync', + 'dstat', + 'ifstat', +]) + +if not is_pi: + apt.packages(packages=[ + 'keychain', + 'python3-docker', + 'python3-invoke', + 'python3-pip', + 'python3-virtualenv', + 'sysstat', + ]) + +if not is_pi and not bang_is_old: + apt.packages(packages='mlocate', present=False) + apt.packages(packages='plocate') + +if host.name == "bang": + apt.packages(packages=[ + 'libzfs2linux', + 'zfsutils-linux', + 'zfs-zed', + 'zfs-auto-snapshot', + ]) diff -r 82e46d7ff527 -r 15c5ce7c74b5 ssh.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ssh.py Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,22 @@ +from pyinfra import host +from pyinfra.facts.server import LinuxDistribution +from pyinfra.operations import files, systemd + +is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] + +systemd.service( + service='ssh', + running=True, + enabled=True, +) + +files.line(path='/etc/ssh/ssh_config', line="HashKnownHosts", replace="HashKnownHosts no") + +if is_pi: + auth_keys = '/home/pi/.ssh/authorized_keys' + files.file(path=auth_keys, user='pi', group='pi', mode=600) + for pubkey in [ + 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNlR7hereUHqw/RHQau0F7+vQZKAxduM+SD4R76FhC+4Zi078Pv04ZLe9qdM/NBlB/grLGhG58vaGmnWPpJ3QJs= drewp@plus', + 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOR+iV8Qm/rAfmq0epXYfnp5ZTfBl8eidFzw1GmyZ3fPUFAshWn839fQ5DPj9xDPtMy9kTtrB5bK1SnynFzDqzQ= drewp@bang', + ]: + files.line(path=auth_keys, line=pubkey, replace=pubkey) diff -r 82e46d7ff527 -r 15c5ce7c74b5 system.py --- a/system.py Thu Nov 11 22:46:32 2021 -0800 +++ b/system.py Thu Nov 11 23:31:21 2021 -0800 @@ -2,19 +2,18 @@ from pyinfra import host from pyinfra.facts.server import LinuxDistribution -from pyinfra.operations import apt, files, server, ssh, systemd +from pyinfra.operations import apt, files, server, systemd -bang_is_old = True # remove after upgrade is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] -is_wifi_pi = host.name in ['frontdoor', 'living'] TZ = 'America/Los_Angeles' +server.hostname(hostname=host.name) + # -# system +# timezone # -server.hostname(hostname=host.name) files.link(path='/etc/localtime', target=f'/usr/share/zoneinfo/{TZ}') files.replace(path='/etc/timezone', match='.*', replace=TZ) apt.packages(update=True, @@ -31,7 +30,7 @@ # fstab # -fstab_file = f'files/{host.name}_fstab' +fstab_file = f'files/fstab/{host.name}' if os.path.exists(fstab_file): files.put(src=fstab_file, dest='/etc/fstab') if is_pi: @@ -45,86 +44,6 @@ apt.packages(packages=['dphys-swapfile'], present=False) # -# pkgs -# - -if not is_pi: - apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553') - -if is_pi: - apt.packages(packages=['mandb', 'apt-listchanges'], present=False) - files.template(src='templates/pi_sources.list.j2', dest='/etc/apt/sources.list', rel='bullseye') - # 'apt upgrade'? - apt.packages(update=True, packages=['dirmngr', 'gnupg2', 'apt-utils']) - - apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc') - apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc') - apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc') - - files.file(path='/etc/apt/sources.list.d/raspi.list', present=False) - - if is_wifi_pi: - files.put(dest="/etc/network/interfaces.d/wlan0", src="files/pi_wlan0_powersave") - ssh.command(host.name, "iw wlan0 set power_save off") - - files.template(src='templates/boot_config.txt.j2', dest='/boot/config.txt') - -if not is_pi and host.name != 'prime': - apt.key(src='https://dl.google.com/linux/linux_signing_key.pub') - apt.repo(src='deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main') - - apt.key(src='https://packages.microsoft.com/keys/microsoft.asc') - apt.repo(src="deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code stable main") - - apt.ppa(src="ppa:savoury1/blender") - - apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7') - apt.repo(src="deb [arch=amd64,i386] https://repo.steampowered.com/steam/ stable steam") - -apt.packages(packages=[ - 'build-essential', - # 'i2c-tools', - 'rsync', - 'dstat', - 'ifstat', -]) - -if not is_pi: - apt.packages(packages=[ - 'keychain', - 'python3-docker', - 'python3-invoke', - 'python3-pip', - 'python3-virtualenv', - 'sysstat', - ]) - -if not is_pi and not bang_is_old: - apt.packages(packages='mlocate', present=False) - apt.packages(packages='plocate') - -# -# ssh -# - -systemd.service( - service='ssh', - running=True, - enabled=True, -) - -files.line(path='/etc/ssh/ssh_config', line="HashKnownHosts", replace="HashKnownHosts no") - -if is_pi: - auth_keys = '/home/pi/.ssh/authorized_keys' - files.file(path=auth_keys, user='pi', group='pi', mode=600) - for pubkey in [ - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNlR7hereUHqw/RHQau0F7+vQZKAxduM+SD4R76FhC+4Zi078Pv04ZLe9qdM/NBlB/grLGhG58vaGmnWPpJ3QJs= drewp@plus', - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOR+iV8Qm/rAfmq0epXYfnp5ZTfBl8eidFzw1GmyZ3fPUFAshWn839fQ5DPj9xDPtMy9kTtrB5bK1SnynFzDqzQ= drewp@bang', - ]: - files.line(path=auth_keys, line=pubkey, replace=pubkey) - -# # docker (delete this?) # @@ -139,15 +58,3 @@ files.line(path='/etc/ssh/sshd_config', line="^UseDNS\b", replace="UseDNS no") systemd.service(service='sshd', reloaded=True) - -# -# special hosts -# - -if host.name == "bang": - apt.packages(packages=[ - 'libzfs2linux', - 'zfsutils-linux', - 'zfs-zed', - 'zfs-auto-snapshot', - ]) diff -r 82e46d7ff527 -r 15c5ce7c74b5 tasks.py --- a/tasks.py Thu Nov 11 22:46:32 2021 -0800 +++ b/tasks.py Thu Nov 11 23:31:21 2021 -0800 @@ -14,16 +14,26 @@ @task +def ssh(ctx): + ctx.run(cmd + 'inventory.py ssh.py', pty=True) + + +@task def system(ctx): ctx.run(cmd + 'inventory.py system.py', pty=True) @task +def packages(ctx): + ctx.run(cmd + 'inventory.py packages.py', pty=True) + + +@task def net(ctx): # workaround for https://github.com/Fizzadar/pyinfra/issues/702 - ctx.run(cmd + '-vv inventory.py exec -- rm -f /tmp/pyinfra-7ed098bf43cef74d8ab8ea095e4a95c92605c61c', pty=True) + ctx.run(cmd + 'inventory.py exec -- rm -f /tmp/pyinfra-7ed098bf43cef74d8ab8ea095e4a95c92605c61c', pty=True, warn=True) - ctx.run(cmd + '-vv inventory.py net.py --limit slash ', pty=True) + ctx.run(cmd + 'inventory.py net.py', pty=True) @task @@ -33,7 +43,8 @@ @task def kube(ctx): - ctx.run(cmd + 'inventory.py kube.py --limit dash --limit garage', pty=True) + ctx.run(cmd + 'inventory.py kube.py ', pty=True) + @task diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/bang_exports.j2 --- a/templates/bang_exports.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/bang_exports.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,1 +1,3 @@ +# written by pyinfra + # none; zfs takes care of its own \ No newline at end of file diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/bang_interfaces.j2 --- a/templates/bang_interfaces.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/bang_interfaces.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,4 +1,4 @@ -# written by ansible; do not edit +# written by pyinfra # For more information, see interfaces(5). diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/boot_config.txt.j2 --- a/templates/boot_config.txt.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/boot_config.txt.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,4 +1,4 @@ -# Written by pyinfra +# written by pyinfra # For more options and information see # http://rpf.io/configtxt diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/dhcp_hosts.j2 --- a/templates/dhcp_hosts.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,70 +0,0 @@ -b8:97:5a:17:d7:1f,dash,10.1.0.5,infinite -c8:60:00:98:ec:74,slash,10.1.0.6,infinite -7c:c3:a1:b0:83:03,kelsi-imac,10.1.0.7,infinite -1c:c1:de:56:e6:70,music,10.1.0.8,infinite - -a0:40:a0:6f:96:d5,orbi,10.2.0.5,infinite -a0:40:a0:6f:aa:f8,orbi-sat1,10.2.0.6,infinite -8c:3b:ad:c4:8d:ce,orbi-sat2,10.2.0.7,infinite - -# 00:0f:54:13:36:d2,prevkitchen,10.2.0.10,infinite -b8:27:eb:d9:86:22,kitchen,10.2.0.10,infinite -b8:27:eb:00:26:92,living,10.2.0.11,infinite -b8:27:eb:6d:2b:6f,workshop,10.2.0.13,infinite -b8:27:eb:81:17:92,garage,10.2.0.14,infinite -b8:27:eb:86:28:02,bed,10.2.0.15,infinite -b8:27:eb:d6:15:72,changing,10.2.0.16,infinite -b8:27:eb:e9:d3:44,frontbed,10.2.0.17,infinite -b8:27:eb:83:40:27,changing-wifi,10.2.0.18,infinite -b8:27:eb:d4:42:c7,garage-wifi,10.2.0.19,infinite - -# pi4 # dc:a6:32:00:d1:de,frontdoor,10.2.0.12,infinite -b8:27:eb:6a:41:e3,frontdoor,10.2.0.12,infinite - -1c:c1:de:56:e6:70,dot,10.2.0.30,infinite -7c:c3:a1:b0:83:03,kelsi-imac,10.2.0.31,infinite - -78:11:dc:44:4a:48,gardencam,10.2.0.40,infinite -78:11:dc:78:00:8d,ashercam,10.2.0.41,infinite -34:ce:00:e4:a4:11,livingcam,10.2.0.42,infinite -78:11:dc:78:39:31,twinscam,10.2.0.43,infinite -24:62:ab:f8:6f:20,office_back_cam,10.2.0.44,infinite -#...,garage_hall_cam,10.2.0.45,infinite - - -94:9f:3e:7e:7d:b4,sonos-bed,10.2.0.50,infinite -# skip .51 for old lease -94:9f:3e:7b:45:a8,sonos-kitchen,10.2.0.52,infinite - -30:fd:38:79:2f:48,googlehome-ari,10.2.0.60,infinite -38:8b:59:5b:63:5f,googlehome-bed,10.2.0.61,infinite -48:d6:d5:75:f5:7b,googlehome-asher,10.2.0.62,infinite - -30:fd:38:8b:98:c0,chromecast1,10.2.0.70,infinite -cc:08:8d:e9:60:65,chromecast2,10.2.0.71,infinite -6c:ad:f8:1b:c5:31,chromecast3,10.2.0.72,infinite - -a0:cc:2b:f5:a2:21,tradfri,10.2.0.80,infinite -d8:d5:b9:00:2c:41,powereagle,10.2.0.81,infinite - -3c:71:bf:8c:49:c4,cabin,10.2.0.90,infinite -80:7d:3a:33:bd:72,kitchen-counter-lights,10.2.0.91,infinite -dc:4f:22:4b:d9:65,kitchen-ceiling-lights,10.2.0.92,infinite -24:0a:c4:9b:cb:c8,frontdoorlock,10.2.0.93,infinite -18:fe:34:a6:04:31,greenhouse,10.2.0.94,infinite -5c:cf:7f:01:58:8a,ridecontrol,10.2.0.95,infinite -a0:20:a6:0a:87:a8,nightlight_ari,10.2.0.96,infinite -84:f3:eb:e3:a7:84,nightlight_display1,10.2.0.97,infinite -a0:20:a6:0b:9e:68,bed_bar_asher,10.2.0.98,infinite - -9c:b6:d0:1d:d1:03,plus,10.2.0.110,infinite -#6c:19:c0:70:7e:98,unknown -48:60:5f:69:1a:e6,drew-work-phone,10.2.0.111,infinite -dc:ef:ca:ed:58:27,drew-note8,10.2.0.112,infinite -fc:db:b3:ff:f3:d1,drew-note5,10.2.0.113,infinite -38:8b:59:5b:63:5f,kelsi-ipad,10.2.0.114,infinite -68:ab:1e:38:14:ed,kelsi-watch,10.2.0.115,infinite -7c:c3:a1:b0:83:03,kelsi-imac-wifi,10.2.0.116,infinite -7c:b0:c2:83:31:0f,ari-chromebook,10.2.0.117,infinite -b0:19:c6:79:ef:55,daniele-phone,10.2.0.118,infinite -e8:f2:e2:83:cc:c0,pf1500-projector,10.2.0.119,infinite diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/dhcp_hosts_file.j2 --- a/templates/dhcp_hosts_file.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,38 +0,0 @@ -# by pyinfra - -162.243.138.136 prime-ext.bigasterisk.com public.bigasterisk.com primary.bigasterisk.com maildirfetch.bigasterisk.com vpn-ext.bigasterisk.com - -# This is the dns trick-- hosts at home should use the local address -# for 'bigasterisk.com' etc instead of taking a trip to prime. -10.2.0.1 bang bang.bigasterisk.com bigasterisk.com file.bigasterisk.com local.fantasyfamegame.com imap.bigasterisk.com repo.bigasterisk.com mail.bigasterisk.com puppet.bigasterisk.com computeracronym.quickwitretort.com csigen.quickwitretort.com drewp.quickwitretort.com kelsi.quickwitretort.com owncloud.bigasterisk.com photo.bigasterisk.com projects.bigasterisk.com quickwitretort.com whatsplayingnext.com whopickedthis.com aask.bigasterisk.com bebop.bigasterisk.com brazilog.bigasterisk.com cinepaint.bigasterisk.com craigslist.bigasterisk.com cuisine.bigasterisk.com cvs.bigasterisk.com dafnaandjonas.bigasterisk.com darcs.bigasterisk.com daveandlisa.bigasterisk.com digibook.bigasterisk.com gasuse.bigasterisk.com graphite.bigasterisk.com johnmuir.bigasterisk.com jazz.bigasterisk.com js.bigasterisk.com karinandjohn.bigasterisk.com light9.bigasterisk.com linuxmovies.bigasterisk.com lisa.bigasterisk.com lisaanddave.bigasterisk.com magma.bigasterisk.com maps.bigasterisk.com monk.bigasterisk.com ov099.bigasterisk.com picreferer.bigasterisk.com rayz.bigasterisk.com seabird.bigasterisk.com semfile.bigasterisk.com sinai.bigasterisk.com stef.bigasterisk.com wedding.bigasterisk.com wedding-john-karin.bigasterisk.com www.bigasterisk.com vpn-home.bigasterisk.com file.bigasterisk.com - -{% if net != '10.5' %} -# so bang can see these names -10.1.0.5 dash.bigasterisk.com -10.1.0.6 slash.bigasterisk.com -{% endif %} - -10.5.0.1 bang5.bigasterisk.com local.bigasterisk.com mail.bigasterisk.com -10.5.0.2 prime5.bigasterisk.com prime.bigasterisk.com prime.vpn-ext.bigasterisk.com -10.5.0.5 dash5.bigasterisk.com -10.5.0.6 slash5.bigasterisk.com -10.5.0.8 piedmont5.bigasterisk.com -10.5.0.10 kitchen5.bigasterisk.com -10.5.0.11 living5.bigasterisk.com -10.5.0.12 frontdoor5.bigasterisk.com -10.5.0.13 workshop5.bigasterisk.com -10.5.0.14 garage5.bigasterisk.com -10.5.0.15 bed5.bigasterisk.com -10.5.0.16 changing5.bigasterisk.com -10.5.0.17 frontbed5.bigasterisk.com -10.5.0.30 dot5.bigasterisk.com -10.5.0.99 piedmont5.bigasterisk.com -10.5.0.110 plus5.bigasterisk.com -10.5.0.112 drew-note85.bigasterisk.com - - -{% if net == '10.5' %} -10.5.0.1 bang.bigasterisk.com -10.5.0.2 prime.bigasterisk.com -10.5.0.5 dash.bigasterisk.com -{% endif %} diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/dnsmasq.conf.j2 --- a/templates/dnsmasq.conf.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,54 +0,0 @@ -user=nobody -keep-in-foreground -log-facility=- - -listen-address={{ net }}.0.1 -{% if net == "10.2" %} -listen-address=127.0.0.1 -{% endif %} -bind-interfaces - -domain-needed -no-resolv -# i didn't say --all-servers, but it was behaving like that -server=208.201.224.11 -#server=208.201.224.33 -#server=8.8.4.4 -#server=8.8.8.8 -local=/bigasterisk.com/ -no-hosts -addn-hosts=/opt/dnsmasq/{{ net }}/hosts -local-ttl=30 -mx-host=bigasterisk.com,prime6.bigasterisk.com -cache-size=10000 -neg-ttl=60 -dns-forward-max=1000 -domain=bigasterisk.com - -log-dhcp -dhcp-sequential-ip -{% if net == "10.1" %} -dhcp-broadcast -dhcp-authoritative -dhcp-option=option:domain-name,bigasterisk.com -dhcp-hostsfile=/opt/dnsmasq/{{ net }}/dhcp_hosts -dhcp-leasefile=/opt/dnsmasq/{{ net }}/leases -dhcp-range=enp1s0,10.1.0.0,static,infinite -dhcp-range=tag:!known,enp1s0,10.1.0.100,10.1.0.180 -dhcp-option=enp1s0,option:dns-server,10.1.0.1 -dhcp-option=enp1s0,option:router,10.1.0.1 -{% endif %} - -{% if net == "10.2" %} -dhcp-broadcast -dhcp-authoritative -dhcp-option=option:domain-name,bigasterisk.com -dhcp-hostsfile=/opt/dnsmasq/{{ net }}/dhcp_hosts -dhcp-leasefile=/opt/dnsmasq/{{ net }}/leases -dhcp-range=ens5,10.2.0.0,static,infinite -dhcp-range=tag:!known,ens5,10.2.0.21,10.2.0.120,24h -dhcp-option=ens5,option:dns-server,10.2.0.1 -dhcp-option=ens5,option:router,10.2.0.1 -{% endif %} - -# net==10.5 is not used for dhcp at all diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/dnsmasq.service.j2 --- a/templates/dnsmasq.service.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,27 +0,0 @@ -# custom, installed with ansible -[Unit] -Description=dnsmasq for {{ net }} network -Requires=network.target -Wants=nss-lookup.target -Before=nss-lookup.target -After=network.target - -[Service] -Type=simple - -# Test the config file and refuse starting if it is not valid. -ExecStartPre=/usr/sbin/dnsmasq --conf-file=/opt/dnsmasq/{{ net }}/dnsmasq.conf --test - -ExecStart=/usr/sbin/dnsmasq --conf-file=/opt/dnsmasq/{{ net }}/dnsmasq.conf - -# The systemd-*-resolvconf functions configure (and deconfigure) -# resolvconf to work with the dnsmasq DNS server. They're called like -# this to get correct error handling (ie don't start-resolvconf if the -# dnsmasq daemon fails to start. -ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf -ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf - -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/dnsmasq/dhcp_hosts.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/dnsmasq/dhcp_hosts.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,70 @@ +b8:97:5a:17:d7:1f,dash,10.1.0.5,infinite +c8:60:00:98:ec:74,slash,10.1.0.6,infinite +7c:c3:a1:b0:83:03,kelsi-imac,10.1.0.7,infinite +1c:c1:de:56:e6:70,music,10.1.0.8,infinite + +a0:40:a0:6f:96:d5,orbi,10.2.0.5,infinite +a0:40:a0:6f:aa:f8,orbi-sat1,10.2.0.6,infinite +8c:3b:ad:c4:8d:ce,orbi-sat2,10.2.0.7,infinite + +# 00:0f:54:13:36:d2,prevkitchen,10.2.0.10,infinite +b8:27:eb:d9:86:22,kitchen,10.2.0.10,infinite +b8:27:eb:00:26:92,living,10.2.0.11,infinite +b8:27:eb:6d:2b:6f,workshop,10.2.0.13,infinite +b8:27:eb:81:17:92,garage,10.2.0.14,infinite +b8:27:eb:86:28:02,bed,10.2.0.15,infinite +b8:27:eb:d6:15:72,changing,10.2.0.16,infinite +b8:27:eb:e9:d3:44,frontbed,10.2.0.17,infinite +b8:27:eb:83:40:27,changing-wifi,10.2.0.18,infinite +b8:27:eb:d4:42:c7,garage-wifi,10.2.0.19,infinite + +# pi4 # dc:a6:32:00:d1:de,frontdoor,10.2.0.12,infinite +b8:27:eb:6a:41:e3,frontdoor,10.2.0.12,infinite + +1c:c1:de:56:e6:70,dot,10.2.0.30,infinite +7c:c3:a1:b0:83:03,kelsi-imac,10.2.0.31,infinite + +78:11:dc:44:4a:48,gardencam,10.2.0.40,infinite +78:11:dc:78:00:8d,ashercam,10.2.0.41,infinite +34:ce:00:e4:a4:11,livingcam,10.2.0.42,infinite +78:11:dc:78:39:31,twinscam,10.2.0.43,infinite +24:62:ab:f8:6f:20,office_back_cam,10.2.0.44,infinite +#...,garage_hall_cam,10.2.0.45,infinite + + +94:9f:3e:7e:7d:b4,sonos-bed,10.2.0.50,infinite +# skip .51 for old lease +94:9f:3e:7b:45:a8,sonos-kitchen,10.2.0.52,infinite + +30:fd:38:79:2f:48,googlehome-ari,10.2.0.60,infinite +38:8b:59:5b:63:5f,googlehome-bed,10.2.0.61,infinite +48:d6:d5:75:f5:7b,googlehome-asher,10.2.0.62,infinite + +30:fd:38:8b:98:c0,chromecast1,10.2.0.70,infinite +cc:08:8d:e9:60:65,chromecast2,10.2.0.71,infinite +6c:ad:f8:1b:c5:31,chromecast3,10.2.0.72,infinite + +a0:cc:2b:f5:a2:21,tradfri,10.2.0.80,infinite +d8:d5:b9:00:2c:41,powereagle,10.2.0.81,infinite + +3c:71:bf:8c:49:c4,cabin,10.2.0.90,infinite +80:7d:3a:33:bd:72,kitchen-counter-lights,10.2.0.91,infinite +dc:4f:22:4b:d9:65,kitchen-ceiling-lights,10.2.0.92,infinite +24:0a:c4:9b:cb:c8,frontdoorlock,10.2.0.93,infinite +18:fe:34:a6:04:31,greenhouse,10.2.0.94,infinite +5c:cf:7f:01:58:8a,ridecontrol,10.2.0.95,infinite +a0:20:a6:0a:87:a8,nightlight_ari,10.2.0.96,infinite +84:f3:eb:e3:a7:84,nightlight_display1,10.2.0.97,infinite +a0:20:a6:0b:9e:68,bed_bar_asher,10.2.0.98,infinite + +9c:b6:d0:1d:d1:03,plus,10.2.0.110,infinite +#6c:19:c0:70:7e:98,unknown +48:60:5f:69:1a:e6,drew-work-phone,10.2.0.111,infinite +dc:ef:ca:ed:58:27,drew-note8,10.2.0.112,infinite +fc:db:b3:ff:f3:d1,drew-note5,10.2.0.113,infinite +38:8b:59:5b:63:5f,kelsi-ipad,10.2.0.114,infinite +68:ab:1e:38:14:ed,kelsi-watch,10.2.0.115,infinite +7c:c3:a1:b0:83:03,kelsi-imac-wifi,10.2.0.116,infinite +7c:b0:c2:83:31:0f,ari-chromebook,10.2.0.117,infinite +b0:19:c6:79:ef:55,daniele-phone,10.2.0.118,infinite +e8:f2:e2:83:cc:c0,pf1500-projector,10.2.0.119,infinite diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/dnsmasq/dnsmasq.conf.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/dnsmasq/dnsmasq.conf.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,54 @@ +user=nobody +keep-in-foreground +log-facility=- + +listen-address={{ net }}.0.1 +{% if net == "10.2" %} +listen-address=127.0.0.1 +{% endif %} +bind-interfaces + +domain-needed +no-resolv +# i didn't say --all-servers, but it was behaving like that +server=208.201.224.11 +#server=208.201.224.33 +#server=8.8.4.4 +#server=8.8.8.8 +local=/bigasterisk.com/ +no-hosts +addn-hosts=/opt/dnsmasq/{{ net }}/hosts +local-ttl=30 +mx-host=bigasterisk.com,prime6.bigasterisk.com +cache-size=10000 +neg-ttl=60 +dns-forward-max=1000 +domain=bigasterisk.com + +log-dhcp +dhcp-sequential-ip +{% if net == "10.1" %} +dhcp-broadcast +dhcp-authoritative +dhcp-option=option:domain-name,bigasterisk.com +dhcp-hostsfile=/opt/dnsmasq/{{ net }}/dhcp_hosts +dhcp-leasefile=/opt/dnsmasq/{{ net }}/leases +dhcp-range=enp1s0,10.1.0.0,static,infinite +dhcp-range=tag:!known,enp1s0,10.1.0.100,10.1.0.180 +dhcp-option=enp1s0,option:dns-server,10.1.0.1 +dhcp-option=enp1s0,option:router,10.1.0.1 +{% endif %} + +{% if net == "10.2" %} +dhcp-broadcast +dhcp-authoritative +dhcp-option=option:domain-name,bigasterisk.com +dhcp-hostsfile=/opt/dnsmasq/{{ net }}/dhcp_hosts +dhcp-leasefile=/opt/dnsmasq/{{ net }}/leases +dhcp-range=ens5,10.2.0.0,static,infinite +dhcp-range=tag:!known,ens5,10.2.0.21,10.2.0.120,24h +dhcp-option=ens5,option:dns-server,10.2.0.1 +dhcp-option=ens5,option:router,10.2.0.1 +{% endif %} + +# net==10.5 is not used for dhcp at all diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/dnsmasq/dnsmasq.service.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/dnsmasq/dnsmasq.service.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,28 @@ +# written by pyinfra + +[Unit] +Description=dnsmasq for {{ net }} network +Requires=network.target +Wants=nss-lookup.target +Before=nss-lookup.target +After=network.target + +[Service] +Type=simple + +# Test the config file and refuse starting if it is not valid. +ExecStartPre=/usr/sbin/dnsmasq --conf-file=/opt/dnsmasq/{{ net }}/dnsmasq.conf --test + +ExecStart=/usr/sbin/dnsmasq --conf-file=/opt/dnsmasq/{{ net }}/dnsmasq.conf + +# The systemd-*-resolvconf functions configure (and deconfigure) +# resolvconf to work with the dnsmasq DNS server. They're called like +# this to get correct error handling (ie don't start-resolvconf if the +# dnsmasq daemon fails to start. +ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf +ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf + +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/dnsmasq/hosts.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/dnsmasq/hosts.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,38 @@ +# written by pyinfra + +162.243.138.136 prime-ext.bigasterisk.com public.bigasterisk.com primary.bigasterisk.com maildirfetch.bigasterisk.com vpn-ext.bigasterisk.com + +# This is the dns trick-- hosts at home should use the local address +# for 'bigasterisk.com' etc instead of taking a trip to prime. +10.2.0.1 bang bang.bigasterisk.com bigasterisk.com file.bigasterisk.com local.fantasyfamegame.com imap.bigasterisk.com repo.bigasterisk.com mail.bigasterisk.com puppet.bigasterisk.com computeracronym.quickwitretort.com csigen.quickwitretort.com drewp.quickwitretort.com kelsi.quickwitretort.com owncloud.bigasterisk.com photo.bigasterisk.com projects.bigasterisk.com quickwitretort.com whatsplayingnext.com whopickedthis.com aask.bigasterisk.com bebop.bigasterisk.com brazilog.bigasterisk.com cinepaint.bigasterisk.com craigslist.bigasterisk.com cuisine.bigasterisk.com cvs.bigasterisk.com dafnaandjonas.bigasterisk.com darcs.bigasterisk.com daveandlisa.bigasterisk.com digibook.bigasterisk.com gasuse.bigasterisk.com graphite.bigasterisk.com johnmuir.bigasterisk.com jazz.bigasterisk.com js.bigasterisk.com karinandjohn.bigasterisk.com light9.bigasterisk.com linuxmovies.bigasterisk.com lisa.bigasterisk.com lisaanddave.bigasterisk.com magma.bigasterisk.com maps.bigasterisk.com monk.bigasterisk.com ov099.bigasterisk.com picreferer.bigasterisk.com rayz.bigasterisk.com seabird.bigasterisk.com semfile.bigasterisk.com sinai.bigasterisk.com stef.bigasterisk.com wedding.bigasterisk.com wedding-john-karin.bigasterisk.com www.bigasterisk.com vpn-home.bigasterisk.com file.bigasterisk.com + +{% if net != '10.5' %} +# so bang can see these names +10.1.0.5 dash.bigasterisk.com +10.1.0.6 slash.bigasterisk.com +{% endif %} + +10.5.0.1 bang5.bigasterisk.com local.bigasterisk.com mail.bigasterisk.com +10.5.0.2 prime5.bigasterisk.com prime.bigasterisk.com prime.vpn-ext.bigasterisk.com +10.5.0.5 dash5.bigasterisk.com +10.5.0.6 slash5.bigasterisk.com +10.5.0.8 piedmont5.bigasterisk.com +10.5.0.10 kitchen5.bigasterisk.com +10.5.0.11 living5.bigasterisk.com +10.5.0.12 frontdoor5.bigasterisk.com +10.5.0.13 workshop5.bigasterisk.com +10.5.0.14 garage5.bigasterisk.com +10.5.0.15 bed5.bigasterisk.com +10.5.0.16 changing5.bigasterisk.com +10.5.0.17 frontbed5.bigasterisk.com +10.5.0.30 dot5.bigasterisk.com +10.5.0.99 piedmont5.bigasterisk.com +10.5.0.110 plus5.bigasterisk.com +10.5.0.112 drew-note85.bigasterisk.com + + +{% if net == '10.5' %} +10.5.0.1 bang.bigasterisk.com +10.5.0.2 prime.bigasterisk.com +10.5.0.5 dash.bigasterisk.com +{% endif %} diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/k3s-node.service.j2 --- a/templates/k3s-node.service.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,24 +0,0 @@ -[Unit] -Description=Lightweight Kubernetes -Documentation=https://k3s.io -After=network-online.target - -[Service] -Type=notify -ExecStartPre=-/sbin/modprobe br_netfilter -ExecStartPre=-/sbin/modprobe overlay -ExecStart=/usr/local/bin/k3s agent --server https://{{ master_ip }}:6443 --token {{ token }} -KillMode=process -Delegate=yes -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=1048576 -LimitNPROC=infinity -LimitCORE=infinity -TasksMax=infinity -TimeoutStartSec=0 -Restart=always -RestartSec=5s - -[Install] -WantedBy=multi-user.target diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/k3s-server.service.j2 --- a/templates/k3s-server.service.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,24 +0,0 @@ -[Unit] -Description=Lightweight Kubernetes -Documentation=https://k3s.io -After=network-online.target - -[Service] -Type=notify -ExecStartPre=-/sbin/modprobe br_netfilter -ExecStartPre=-/sbin/modprobe overlay -ExecStart=/usr/local/bin/k3s server --debug --write-kubeconfig-mode=640 --bind-address {{ master_ip }} --node-external-ip {{ master_ip }} --node-ip {{ master_ip }} --disable traefik -KillMode=process -Delegate=yes -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=1048576 -LimitNPROC=infinity -LimitCORE=infinity -TasksMax=infinity -TimeoutStartSec=0 -Restart=always -RestartSec=5s - -[Install] -WantedBy=multi-user.target diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/kube/k3s-node.service.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/kube/k3s-node.service.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,26 @@ +# written by pyinfra + +[Unit] +Description=Lightweight Kubernetes +Documentation=https://k3s.io +After=network-online.target + +[Service] +Type=notify +ExecStartPre=-/sbin/modprobe br_netfilter +ExecStartPre=-/sbin/modprobe overlay +ExecStart=/usr/local/bin/k3s agent --server https://{{ master_ip }}:6443 --token {{ token }} +KillMode=process +Delegate=yes +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/kube/k3s-server.service.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/kube/k3s-server.service.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,26 @@ +# written by pyinfra + +[Unit] +Description=Lightweight Kubernetes +Documentation=https://k3s.io +After=network-online.target + +[Service] +Type=notify +ExecStartPre=-/sbin/modprobe br_netfilter +ExecStartPre=-/sbin/modprobe overlay +ExecStart=/usr/local/bin/k3s server --debug --write-kubeconfig-mode=640 --bind-address {{ master_ip }} --node-external-ip {{ master_ip }} --node-ip {{ master_ip }} --disable traefik +KillMode=process +Delegate=yes +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/kube/registries.yaml.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/kube/registries.yaml.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,6 @@ +# written by pyinfra + +mirrors: + "bang5:5000": + endpoint: + - "http://bang5:5000" diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/netplan.yaml.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/netplan.yaml.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,28 @@ +# written by pyinfra + +network: + version: 2 + ethernets: + {{ipv4Interface}}: +{% if host.name in ['prime'] %} + link-local: [ ipv4 ] + addresses: ['{{ipv4Address}}/32'] + routes: + - to: 0.0.0.0/0 + via: 162.243.138.1 + nameservers: + search: ['bigasterisk.com'] + addresses: + - 10.5.0.1 + - 8.8.4.4 + - 8.8.8.8 +{% else %} + dhcp4: true +# routes: +# - to: 0.0.0.0/0 +# via: {{ipv4Address.rsplit('.', 1)[0]}}.1 +# nameservers: +# search: ['bigasterisk.com'] +# addresses: +# - 10.2.0.1 +{% endif %} diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/netplan_dns.yaml.j2 --- a/templates/netplan_dns.yaml.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,26 +0,0 @@ -network: - version: 2 - ethernets: - {{ipv4Interface}}: -{% if host.name in ['prime'] %} - link-local: [ ipv4 ] - addresses: ['{{ipv4Address}}/32'] - routes: - - to: 0.0.0.0/0 - via: 162.243.138.1 - nameservers: - search: ['bigasterisk.com'] - addresses: - - 10.5.0.1 - - 8.8.4.4 - - 8.8.8.8 -{% else %} - dhcp4: true -# routes: -# - to: 0.0.0.0/0 -# via: {{ipv4Address.rsplit('.', 1)[0]}}.1 -# nameservers: -# search: ['bigasterisk.com'] -# addresses: -# - 10.2.0.1 -{% endif %} diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/pi_sources.list.j2 --- a/templates/pi_sources.list.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/pi_sources.list.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,3 +1,5 @@ +# written by pyinfra + deb http://archive.raspberrypi.org/debian/ {{rel}} main deb http://raspbian.raspberrypi.org/raspbian/ {{rel}} main contrib non-free rpi #deb http://security.debian.org/ {{rel}}/updates main contrib non-free rpi diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/prime_resolved.conf.j2 --- a/templates/prime_resolved.conf.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/prime_resolved.conf.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,3 +1,5 @@ +# written by pyinfra + [Resolve] DNS=10.5.0.1 8.8.8.8 8.8.4.4 Domains=bigasterisk.com diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/registries.yaml.j2 --- a/templates/registries.yaml.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,4 +0,0 @@ -mirrors: - "bang5:5000": - endpoint: - - "http://bang5:5000" diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/resolv.conf.j2 --- a/templates/resolv.conf.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/resolv.conf.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,4 +1,4 @@ -# installed by pyinfra +# written by pyinfra # see 'resolvectl status' for more diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/resolved.conf.j2 --- a/templates/resolved.conf.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/resolved.conf.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,4 +1,4 @@ -# Written by pyinfra +# written by pyinfra # See resolved.conf(5) for details diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/webforward.service.j2 --- a/templates/webforward.service.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/webforward.service.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,4 +1,5 @@ -# custom, installed with pyinfra +# written by pyinfra + [Unit] Description=web forward for port {{ port }} Requires=network.target diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/wireguard/bogasterisk.conf.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/wireguard/bogasterisk.conf.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,12 @@ +# written by pyinfra + +[Interface] +# {{ host.name }} +Address = 10.7.0.2/16 +PrivateKey = {{priv_key}} +ListenPort = 2113 + +{{ peer_block('monk', 'aroc8MNdTnKg175HYxri+Yr1afuaC0awyr6TfGMpvxI=', '10.7.0.42/32') }} +{{ peer_block('firebert (phone)', 'Rr9N6dGbMLzl6wuEJlaq67gNQ5QW2ZcwD4Brn/3XJyA=', '10.7.0.88/32') }} +{{ peer_block('bird', '9CkgqeAiX1GhNM+t9m2nJD5QJHx9iTCFRB5c1x7h704=', '10.7.0.46/32') }} + diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/wireguard/wg0.conf.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/wireguard/wg0.conf.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,25 @@ +# written by pyinfra + +[Interface] +# {{ host.name }} +Address = {{wireguard_ip}}/24 +PrivateKey = {{priv_key}} +ListenPort = 1195 + +{% if host.name == 'bang' %} + {{ peer_block('dash', 'X39ewB2uYLZTFaG+RFeLpyOrnCgjc4wRKrcV0Jz3sTM=', '10.5.0.5/32', 'dash:1195') }} + {{ peer_block('dot', 'sav1VQE1XzbOGfNjDRxcHAmEWtmVGYC1B7KXH+5IKxY=', '10.5.0.30/32', 'dot:1195') }} + {{ peer_block('frontbed', 'ENhRhEgGaFfwV74MqYBHJgkOFpNAF5kVHVK5/tRVTjU=', '10.5.0.17/32', 'frontbed:1195') }} + {{ peer_block('garage', 'kFMtVafPU8kJHYmdafc1g/OLRnNPQMGpYKcDqQ9rUjA=', '10.5.0.14/32', 'garage:1195') }} + {{ peer_block('prime', 'vR9lfsUSOIMxkY/k2gRJ6E8ZudccfPpVhrbE9zuxalU=', '10.5.0.0/24', 'public.bigasterisk.com:1195', 50) }} + {{ peer_block('slash', 'IRLLt2yFuXVJbpevAj9d84mGAvi6SbJr1AwLAK/pBTM=', '10.5.0.6/32', 'slash:1195') }} +{% elif host.name == 'prime' %} + {{ peer_block('bang', 'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24') }} + {{ peer_block('plus', 'tH2og4BbXaH6BrHSBd73Fx1XT0DxR8vjQxjqHFa913A=', '10.5.0.110/32') }} + {{ peer_block('drew-note10', 'QMgx4cmuUTfJ7RH4Q46b54tSQl4eISOmdEney17fnE8=', '10.5.0.112/32') }} +{% elif host.name == 'plus' %} + {{ peer_block('bang', 'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24', '10.1.0.1:1195', 50) }} +{% else %} + {{ peer_block('bang', 'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24', '10.1.0.1:1195', 50) }} +{% endif %} + diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/wireguard_bogasterisk.conf.j2 --- a/templates/wireguard_bogasterisk.conf.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -# written by pyinfra - -[Interface] -# {{ host.name }} -Address = 10.7.0.2/16 -PrivateKey = {{priv_key}} -ListenPort = 2113 - -{{ peer_block('monk', 'aroc8MNdTnKg175HYxri+Yr1afuaC0awyr6TfGMpvxI=', '10.7.0.42/32') }} -{{ peer_block('firebert (phone)', 'Rr9N6dGbMLzl6wuEJlaq67gNQ5QW2ZcwD4Brn/3XJyA=', '10.7.0.88/32') }} -{{ peer_block('bird', '9CkgqeAiX1GhNM+t9m2nJD5QJHx9iTCFRB5c1x7h704=', '10.7.0.46/32') }} - diff -r 82e46d7ff527 -r 15c5ce7c74b5 templates/wireguard_wg0.conf.j2 --- a/templates/wireguard_wg0.conf.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,25 +0,0 @@ -# written by pyinfra - -[Interface] -# {{ host.name }} -Address = {{wireguard_ip}}/24 -PrivateKey = {{priv_key}} -ListenPort = 1195 - -{% if host.name == 'bang' %} - {{ peer_block('dash', 'X39ewB2uYLZTFaG+RFeLpyOrnCgjc4wRKrcV0Jz3sTM=', '10.5.0.5/32', 'dash:1195') }} - {{ peer_block('dot', 'sav1VQE1XzbOGfNjDRxcHAmEWtmVGYC1B7KXH+5IKxY=', '10.5.0.30/32', 'dot:1195') }} - {{ peer_block('frontbed', 'ENhRhEgGaFfwV74MqYBHJgkOFpNAF5kVHVK5/tRVTjU=', '10.5.0.17/32', 'frontbed:1195') }} - {{ peer_block('garage', 'kFMtVafPU8kJHYmdafc1g/OLRnNPQMGpYKcDqQ9rUjA=', '10.5.0.14/32', 'garage:1195') }} - {{ peer_block('prime', 'vR9lfsUSOIMxkY/k2gRJ6E8ZudccfPpVhrbE9zuxalU=', '10.5.0.0/24', 'public.bigasterisk.com:1195', 50) }} - {{ peer_block('slash', 'IRLLt2yFuXVJbpevAj9d84mGAvi6SbJr1AwLAK/pBTM=', '10.5.0.6/32', 'slash:1195') }} -{% elif host.name == 'prime' %} - {{ peer_block('bang', 'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24') }} - {{ peer_block('plus', 'tH2og4BbXaH6BrHSBd73Fx1XT0DxR8vjQxjqHFa913A=', '10.5.0.110/32') }} - {{ peer_block('drew-note10', 'QMgx4cmuUTfJ7RH4Q46b54tSQl4eISOmdEney17fnE8=', '10.5.0.112/32') }} -{% elif host.name == 'plus' %} - {{ peer_block('bang', 'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24', '10.1.0.1:1195', 50) }} -{% else %} - {{ peer_block('bang', 'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24', '10.1.0.1:1195', 50) }} -{% endif %} - diff -r 82e46d7ff527 -r 15c5ce7c74b5 wireguard.py --- a/wireguard.py Thu Nov 11 22:46:32 2021 -0800 +++ b/wireguard.py Thu Nov 11 23:31:21 2021 -0800 @@ -46,7 +46,7 @@ # todo: if this was new, it should be added to a file of pubkeys that peer_block can refer to files.template( - src=f'templates/wireguard_{wireguard_interface}.conf.j2', + src=f'templates/wireguard/{wireguard_interface}.conf.j2', dest=f'/etc/wireguard/{wireguard_interface}.conf', mode='600', wireguard_ip=wireguard_ip,