Mercurial > code > home > repos > infra

changeset 94:122ba5444176

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
dhcp,dns to pipe
author drewp@bigasterisk.com
date Fri, 15 Jul 2022 14:32:10 -0700
parents e4613207a78b
children dd0db3c78329
files dns.py templates/dnsmasq/dnsmasq.conf.j2 templates/net/bang_10.2.network.j2 templates/net/house_net.service.j2 templates/net/pipe_10.2.network.j2 templates/resolved.conf.j2
diffstat 6 files changed, 61 insertions(+), 43 deletions(-) [+]
line wrap: on
line diff
--- a/dns.py	Fri Jul 15 14:27:34 2022 -0700
+++ b/dns.py	Fri Jul 15 14:32:10 2022 -0700
@@ -29,21 +29,36 @@
     dhcp_hosts.flush()
     return dhcp_hosts
 
+
 def resolv_conf_use_systemd_networkd():
     files.link(path='/etc/resolv.conf', target='/run/systemd/resolve/resolv.conf', force=True)
+
+
 def resolv_conf_static_file():
     files.file(path='/etc/resolv.conf', present=False, force=True)
-    files.template(src='templates/resolv.conf.j2',
-                dest='/etc/resolv.conf',
-                # review this- it's probably a bad dep on bang. maybe both 10.5.0.1 and a public ns would be ok
-                ns='10.5.0.1' if host.name in ['prime', 'plus'] else '10.2.0.1',
-                force=True)
+    files.template(
+        src='templates/resolv.conf.j2',
+        dest='/etc/resolv.conf',
+        # review this- it's probably a bad dep on bang. maybe both 10.5.0.1 and a public ns would be ok
+        ns='10.5.0.1' if host.name in ['prime', 'plus'] else '10.2.0.3',
+        force=True)
+
 
-def dnsmasq_instance(dhcp_hosts, net_name):
+def dnsmasq_instance(net_name, house_iface, dhcp_range, router):
     files.directory(path=f'/opt/dnsmasq/{net_name}')
-    files.template(src='templates/dnsmasq/dnsmasq.conf.j2', dest=f'/opt/dnsmasq/{net_name}/dnsmasq.conf', net=net_name)
+    files.template(
+        src='templates/dnsmasq/dnsmasq.conf.j2',
+        dest=f'/opt/dnsmasq/{net_name}/dnsmasq.conf',
+        net=net_name,
+        house_iface=house_iface,
+        dhcp_range=dhcp_range,
+        router=router,
+        dhcp_enabled=net_name == '10.2' and host.name in [
+            #'bang',
+            'pipe',
+        ])
     files.template(src='templates/dnsmasq/hosts.j2', dest=f'/opt/dnsmasq/{net_name}/hosts', net=net_name)
-    files.template(src=dhcp_hosts.name, dest=f'/opt/dnsmasq/{net_name}/dhcp_hosts', net=net_name)
+    files.template(src='/dev/null', dest=f'/opt/dnsmasq/{net_name}/dhcp_hosts', net=net_name)
 
     files.template(src='templates/dnsmasq/dnsmasq.service.j2',
                    dest=f'/etc/systemd/system/dnsmasq_{net_name}.service',
@@ -51,28 +66,28 @@
     if net_name == '10.2':
         systemd.service(service=f'dnsmasq_{net_name}', enabled=True, restarted=True, daemon_reload=True)
         # 10.5 is after wireguard setup
-    
+
+
+files.template(src='templates/hosts.j2', dest='/etc/hosts')
+resolv_conf_use_systemd_networkd()
+files.template(src='templates/resolved.conf.j2', dest='/etc/systemd/resolved.conf')
+systemd.service(service='systemd-resolved.service', running=True, restarted=True)
+
 if host.name == 'bang':
-    resolv_conf_static_file()
     apt.packages(packages=['dnsmasq'])
     systemd.service(service='dnsmasq', enabled=False, running=False)
     files.directory(path='/opt/dnsmasq')
 
-    dhcp_hosts = prepare_dhcp_hosts()
+    #dhcp_hosts = prepare_dhcp_hosts()
 
-    dnsmasq_instance(dhcp_hosts, '10.2')
-    dnsmasq_instance(dhcp_hosts, '10.5') # only works after wireguard is up
+    # dnsmasq_instance('10.2', house_iface='ens5', dhcp_range='unused', router='unused')
+    dnsmasq_instance('10.5', house_iface='unused', dhcp_range='unused', router='unused')  # only works after wireguard is up
 
-        
-if host.name in [
-        'garage',
-        'dash',
-        'slash',
-        'frontbed',
-        'prime',
-        'pipe'
-]:
-    resolv_conf_use_systemd_networkd()
-    files.template(src='templates/hosts.j2', dest='/etc/hosts')
-    files.template(src='templates/resolved.conf.j2', dest='/etc/systemd/resolved.conf')
-    systemd.service(service='systemd-resolved.service', running=True, restarted=True)
+elif host.name == 'pipe':
+    apt.packages(packages=['dnsmasq'])
+    systemd.service(service='dnsmasq', enabled=False, running=False)
+    files.directory(path='/opt/dnsmasq')
+    dnsmasq_instance('10.2', house_iface='eth1', dhcp_range='10.2.0.20,10.2.0.120', router='10.2.0.3')
+
+else:
+    pass
\ No newline at end of file
--- a/templates/dnsmasq/dnsmasq.conf.j2	Fri Jul 15 14:27:34 2022 -0700
+++ b/templates/dnsmasq/dnsmasq.conf.j2	Fri Jul 15 14:32:10 2022 -0700
@@ -2,7 +2,7 @@
 keep-in-foreground
 log-facility=-
 
-listen-address={{ net }}.0.1
+listen-address={{ router }}
 {% if net == "10.2" %}
 # dnsmasq will not automatically listen on the loopback interface. To achieve
 # this, its IP address, 127.0.0.1, must be explicitly given as a
@@ -23,20 +23,21 @@
 domain=bigasterisk.com
 # log-queries
 # log-debug
+
+{% if dhcp_enabled %}
 log-dhcp
 
 dhcp-sequential-ip
-
-{% if net == "10.2" %}
 dhcp-broadcast
 dhcp-authoritative
 dhcp-option=option:domain-name,bigasterisk.com
 dhcp-hostsfile=/opt/dnsmasq/{{ net }}/dhcp_hosts
 dhcp-leasefile=/opt/dnsmasq/{{ net }}/leases
-dhcp-range=ens5,10.2.0.0,static,infinite
-dhcp-range=tag:!known,ens5,10.2.0.125,10.2.0.220,24h
-dhcp-option=ens5,option:dns-server,10.2.0.1
-dhcp-option=ens5,option:router,10.2.0.1
+dhcp-range={{ house_iface }},10.2.0.0,static,infinite
+dhcp-range=tag:!known,{{ house_iface }},{{ dhcp_range }},24h
+dhcp-option={{ house_iface }},option:dns-server,{{ router }}
+dhcp-option={{ house_iface }},option:router,{{ router }}
+{% endif %}
 
 local=/bigasterisk.com/
 # i didn't say --all-servers, but it was behaving like that
@@ -44,10 +45,9 @@
 #server=208.201.224.33
 #server=8.8.4.4
 #server=8.8.8.8
-{% endif %}
 
 {% if net == "10.5" %}
 # net==10.5 is not used for dhcp at all
 # use ./hosts, then try the server that knows the dhcp leases
-server=10.2.0.1
+server={{ router }}
 {% endif %}
--- a/templates/net/bang_10.2.network.j2	Fri Jul 15 14:27:34 2022 -0700
+++ b/templates/net/bang_10.2.network.j2	Fri Jul 15 14:32:10 2022 -0700
@@ -6,5 +6,5 @@
 [Network]
 DHCP=no
 Address=10.2.0.1/16
-DNS=10.2.0.1
-DNSDefaultRoute=true
+DNS=10.2.0.3
+Gateway=10.2.0.3
--- a/templates/net/house_net.service.j2	Fri Jul 15 14:27:34 2022 -0700
+++ b/templates/net/house_net.service.j2	Fri Jul 15 14:32:10 2022 -0700
@@ -1,11 +1,14 @@
+# written by pyinfra
+
 [Unit]
-After=systemd-networkd.service
-#After=docker.service
+After=network-online.target nss-lookup.target
+Wants=network-online.target nss-lookup.target
 
 [Service]
 Type=oneshot
-# haven't yet debugged why this doesn't work right away
-ExecStart=bash -c "sleep 10; /usr/sbin/iptables -A POSTROUTING --table nat --out-interface {{out_interface}} --jump MASQUERADE"
+ExecStart=/usr/sbin/iptables -A POSTROUTING --table nat --out-interface eth0 --jump MASQUERADE
+RemainAfterExit=yes
+
 
 [Install]
 WantedBy=multi-user.target
--- a/templates/net/pipe_10.2.network.j2	Fri Jul 15 14:27:34 2022 -0700
+++ b/templates/net/pipe_10.2.network.j2	Fri Jul 15 14:32:10 2022 -0700
@@ -7,5 +7,5 @@
 [Network]
 DHCP=no
 Address=10.2.0.3/16
-DNS=10.2.0.1
+DNS=10.2.0.3
 Domains=bigasterisk.com
\ No newline at end of file
--- a/templates/resolved.conf.j2	Fri Jul 15 14:27:34 2022 -0700
+++ b/templates/resolved.conf.j2	Fri Jul 15 14:32:10 2022 -0700
@@ -11,7 +11,7 @@
 
 {% else %}
 [Resolve]
-DNS=10.2.0.1
+DNS=10.2.0.3
 #FallbackDNS=
 Domains=bigasterisk.com
 #LLMNR=no