Mercurial > code > home > repos > infra
changeset 12:15c5ce7c74b5
refactor, cleanup, split large deploys
line wrap: on
line diff
--- a/.hgignore Thu Nov 11 22:46:32 2021 -0800 +++ b/.hgignore Thu Nov 11 23:31:21 2021 -0800 @@ -1,2 +1,3 @@ env pyinfra-debug.log +secrets/
--- a/files/bang_fstab Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,9 +0,0 @@ -# /etc/fstab: static file system information. -# -# Use 'blkid' to print the universally unique identifier for a -# device; this may be used with UUID= as a more robust way to name devices -# that works even if disks are added and removed. See fstab(5). -# -# <file system> <mount point> <type> <options> <dump> <pass> -/dev/disk/by-uuid/8c7a2d08-60d1-486a-8136-d9f43d83a064 / ext4 relatime 0 0 -/dev/disk/by-uuid/d9a1e1e4-9eba-4988-8b01-c5f6732a2972 /d3 ext4 relatime 0 0
--- a/files/dash_fstab Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,6 +0,0 @@ -# <file system> <mount point> <type> <options> <dump> <pass> -/dev/disk/by-uuid/3b6780e0-ec86-43be-8d09-e462dbad762e / ext4 defaults 0 0 -/dev/disk/by-uuid/b88f75cd-9022-4af9-a11b-5a5a1fbd3132 /d2 ext4 defaults 0 0 -/dev/disk/by-uuid/73bcd201-5f77-4f68-9fba-47835c3c1692 /prev ext4 defaults 0 0 -/swap.img none swap sw 0 0 -bang:/stor6/my /my nfs4 defaults 0 0
--- a/files/frontbed_fstab Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ -proc /proc proc defaults 0 0 -PARTUUID=ba053f31-01 /boot vfat defaults 0 2 -PARTUUID=ba053f31-02 / ext4 defaults,noatime 0 1
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/files/fstab/bang Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,5 @@ +# written by pyinfra + +# <file system> <mount point> <type> <options> <dump> <pass> +/dev/disk/by-uuid/8c7a2d08-60d1-486a-8136-d9f43d83a064 / ext4 relatime 0 0 +/dev/disk/by-uuid/d9a1e1e4-9eba-4988-8b01-c5f6732a2972 /d3 ext4 relatime 0 0
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/files/fstab/dash Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,8 @@ +# written by pyinfra + +# <file system> <mount point> <type> <options> <dump> <pass> +/dev/disk/by-uuid/3b6780e0-ec86-43be-8d09-e462dbad762e / ext4 defaults 0 0 +/dev/disk/by-uuid/b88f75cd-9022-4af9-a11b-5a5a1fbd3132 /d2 ext4 defaults 0 0 +/dev/disk/by-uuid/73bcd201-5f77-4f68-9fba-47835c3c1692 /prev ext4 defaults 0 0 +/swap.img none swap sw 0 0 +bang:/stor6/my /my nfs4 defaults 0 0
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/files/fstab/slash Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,5 @@ +# written by pyinfra + +# <file system> <mount point> <type> <options> <dump> <pass> +UUID=d2999404-d8e1-47e7-b52c-797b282708ac / ext4 errors=remount-ro 0 1 +bang:/stor6/my /my nfs defaults 0 0
--- a/files/pi_wlan0_powersave Thu Nov 11 22:46:32 2021 -0800 +++ b/files/pi_wlan0_powersave Thu Nov 11 23:31:21 2021 -0800 @@ -1,3 +1,5 @@ +# written by pyinfra + auto wlan0 iface wlan0 inet dhcp post-up iw wlan0 set power_save off
--- a/files/slash_fstab Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ -# <file system> <mount point> <type> <options> <dump> <pass> -UUID=d2999404-d8e1-47e7-b52c-797b282708ac / ext4 errors=remount-ro 0 1 -10.1.0.1:/stor6/my /my nfs defaults 0 0
--- a/kube.py Thu Nov 11 22:46:32 2021 -0800 +++ b/kube.py Thu Nov 11 23:31:21 2021 -0800 @@ -1,7 +1,7 @@ from pyinfra import host -from pyinfra.operations import server, files, apt, ssh, systemd -from pyinfra.facts.server import LinuxDistribution, Arch from pyinfra.facts.files import FindInFile +from pyinfra.facts.server import Arch, LinuxDistribution +from pyinfra.operations import files, server, systemd bang_is_old = True # remove after upgrade is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] @@ -10,20 +10,16 @@ k3s_version = 'v1.21.2+k3s1' master_ip = "10.5.0.1" -token = open('secrets/k3s_token', 'rt').read().strip() - server.sysctl(key='net.ipv4.ip_forward', value="1", persist=True) server.sysctl(key='net.ipv6.conf.all.forwarding', value="1", persist=True) -# - role: download -if host.get_fact(Arch) == 'x86_64': - src = f'https://github.com/rancher/k3s/releases/download/{k3s_version}/k3s' -else: - src = f'https://github.com/rancher/k3s/releases/download/{k3s_version}/k3s-armhf' +tail = 'k3s' if host.get_fact(Arch) == 'x86_64' else 'k3s-armhf' +files.download(src=f'https://github.com/rancher/k3s/releases/download/{k3s_version}/{tail}', + dest='/usr/local/bin/k3s', + user='root', + group='root', + mode='755') -files.download(src=src, dest='/usr/local/bin/k3s', user='root', group='root', mode='755') - -# - role: raspbian if is_pi: old_cmdline = host.get_fact(FindInFile, path='/boot/cmdline.txt', pattern=r'.*')[0] print(repr(old_cmdline)) @@ -38,20 +34,17 @@ ]) # needs reboot if this changed -# - role: registries_fix # See https://github.com/rancher/k3s/issues/1802 and https://rancher.com/docs/k3s/latest/en/installation/private-registry/ files.directory(path='/etc/rancher/k3s') -files.template(src='templates/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml') +files.template(src='templates/kube/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml') -if host.name == 'bang': - # - role: k3s/master +if host.name == 'bang': # master files.template( - src='templates/k3s-server.service.j2', + src='templates/kube/k3s-server.service.j2', dest='/etc/systemd/system/k3s.service', master_ip=master_ip, ) systemd.service(service='k3s.service', daemon_reload=True, enabled=True, restarted=True) - # /var/lib/rancher/k3s/server/node-token will soon contain secrets/k3s_token # one-time thing at cluster create time? not sure # - name: Replace https://localhost:6443 by https://master-ip:6443 @@ -61,9 +54,11 @@ # --kubeconfig ~{{ ansible_user }}/.kube/config if host.name in ['slash', 'dash', 'frontbed', 'garage']: # nodes - # - role: k3s/node + # /var/lib/rancher/k3s/server/node-token is the source of the string in secrets/k3s_token + token = open('secrets/k3s_token', 'rt').read().strip() + files.template( - src='templates/k3s-node.service.j2', + src='templates/kube/k3s-node.service.j2', dest='/etc/systemd/system/k3s-node.service', master_ip=master_ip, token=token, @@ -74,15 +69,6 @@ if host.name in ['bang', 'slash', 'dash']: # hosts to admin from files.link(path='/usr/local/bin/kubectl', target='/usr/local/bin/k3s') files.directory(path='/home/drewp/.kube', user='drewp', group='drewp') - # files.template( - # src='templates/kube-config.j2', - # dest='/home/drewp/.kube/config', - # user='drewp', - # group='drewp', - # mode='600', - # master_ip=master_ip, - # token=token, - # ) files.line(path="/home/drewp/.zshrc", line="KUBECONFIG", replace='export KUBECONFIG=/etc/rancher/k3s/k3s.yaml') files.chown(target='/etc/rancher/k3s/k3s.yaml', user='root', group='drewp')
--- a/net.py Thu Nov 11 22:46:32 2021 -0800 +++ b/net.py Thu Nov 11 23:31:21 2021 -0800 @@ -9,7 +9,7 @@ ssh_host = host.host_data.get('ssh_hostname', host.name) if is_wifi: - files.put(src="files/wpa_supplicant.conf", dest="/etc/wpa_supplicant/wpa_supplicant.conf") + files.put(src="secrets/wpa_supplicant.conf", dest="/etc/wpa_supplicant/wpa_supplicant.conf") files.template(src='templates/hosts.j2', dest='/etc/hosts') @@ -30,14 +30,14 @@ ns = '10.1.0.1' files.template(src='templates/resolv.conf.j2', dest='/etc/resolv.conf', ns=ns) -if host.name in ['dash', 'slash', 'garage']: +if host.name in ['dash', 'slash', 'garage', 'frontbed']: # might need to upgrade pi systemd if there are errors in this part apt.packages(packages=['netplan.io']) files.file(path='/etc/netplan/00-installer-config.yaml', present=False) addrs = host.get_fact(Ipv4Addrs) ipv4Interface = host.host_data['interface'] ipv4Address = host.host_data['addr'] - files.template(src='templates/netplan_dns.yaml.j2', + files.template(src='templates/netplan.yaml.j2', dest='/etc/netplan/99-ansible-written.yaml', ipv4Interface=ipv4Interface, ipv4Address=ipv4Address) @@ -64,11 +64,13 @@ for net_name in ['10.1', '10.2', '10.5']: files.directory(path=f'/opt/dnsmasq/{net_name}') - files.template(src='templates/dnsmasq.conf.j2', dest=f'/opt/dnsmasq/{net_name}/dnsmasq.conf', net=net_name) - files.template(src='templates/dhcp_hosts_file.j2', dest=f'/opt/dnsmasq/{net_name}/hosts', net=net_name) - files.template(src='templates/dhcp_hosts.j2', dest=f'/opt/dnsmasq/{net_name}/dhcp_hosts', net=net_name) + files.template(src='templates/dnsmasq/dnsmasq.conf.j2', dest=f'/opt/dnsmasq/{net_name}/dnsmasq.conf', net=net_name) + files.template(src='templates/dnsmasq/hosts.j2', dest=f'/opt/dnsmasq/{net_name}/hosts', net=net_name) + files.template(src='templates/dnsmasq/dhcp_hosts.j2', dest=f'/opt/dnsmasq/{net_name}/dhcp_hosts', net=net_name) - files.template(src='templates/dnsmasq.service.j2', dest=f'/etc/systemd/system/dnsmasq_{net_name}.service', net=net_name) + files.template(src='templates/dnsmasq/dnsmasq.service.j2', + dest=f'/etc/systemd/system/dnsmasq_{net_name}.service', + net=net_name) systemd.service(service=f'dnsmasq_{net_name}', restarted=True, daemon_reload=True) if host.name == 'prime':
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/packages.py Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,70 @@ +from pyinfra import host +from pyinfra.facts.server import LinuxDistribution +from pyinfra.operations import apt, files, ssh + +bang_is_old = True # remove after upgrade +is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] +is_wifi_pi = host.name in ['frontdoor', 'living'] + +if not is_pi: + apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553') + +if is_pi: + apt.packages(packages=['mandb', 'apt-listchanges'], present=False) + files.template(src='templates/pi_sources.list.j2', dest='/etc/apt/sources.list', rel='bullseye') + # 'apt upgrade'? + apt.packages(update=True, packages=['dirmngr', 'gnupg2', 'apt-utils']) + + apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc') + apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc') + apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc') + + files.file(path='/etc/apt/sources.list.d/raspi.list', present=False) + + if is_wifi_pi: + files.put(dest="/etc/network/interfaces.d/wlan0", src="files/pi_wlan0_powersave") + ssh.command(host.name, "iw wlan0 set power_save off") + + files.template(src='templates/boot_config.txt.j2', dest='/boot/config.txt') + +if not is_pi and host.name != 'prime': + apt.key(src='https://dl.google.com/linux/linux_signing_key.pub') + apt.repo(src='deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main') + + apt.key(src='https://packages.microsoft.com/keys/microsoft.asc') + apt.repo(src="deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code stable main") + + apt.ppa(src="ppa:savoury1/blender") + + apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7') + apt.repo(src="deb [arch=amd64,i386] https://repo.steampowered.com/steam/ stable steam") + +apt.packages(packages=[ + 'build-essential', + # 'i2c-tools', + 'rsync', + 'dstat', + 'ifstat', +]) + +if not is_pi: + apt.packages(packages=[ + 'keychain', + 'python3-docker', + 'python3-invoke', + 'python3-pip', + 'python3-virtualenv', + 'sysstat', + ]) + +if not is_pi and not bang_is_old: + apt.packages(packages='mlocate', present=False) + apt.packages(packages='plocate') + +if host.name == "bang": + apt.packages(packages=[ + 'libzfs2linux', + 'zfsutils-linux', + 'zfs-zed', + 'zfs-auto-snapshot', + ])
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ssh.py Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,22 @@ +from pyinfra import host +from pyinfra.facts.server import LinuxDistribution +from pyinfra.operations import files, systemd + +is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] + +systemd.service( + service='ssh', + running=True, + enabled=True, +) + +files.line(path='/etc/ssh/ssh_config', line="HashKnownHosts", replace="HashKnownHosts no") + +if is_pi: + auth_keys = '/home/pi/.ssh/authorized_keys' + files.file(path=auth_keys, user='pi', group='pi', mode=600) + for pubkey in [ + 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNlR7hereUHqw/RHQau0F7+vQZKAxduM+SD4R76FhC+4Zi078Pv04ZLe9qdM/NBlB/grLGhG58vaGmnWPpJ3QJs= drewp@plus', + 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOR+iV8Qm/rAfmq0epXYfnp5ZTfBl8eidFzw1GmyZ3fPUFAshWn839fQ5DPj9xDPtMy9kTtrB5bK1SnynFzDqzQ= drewp@bang', + ]: + files.line(path=auth_keys, line=pubkey, replace=pubkey)
--- a/system.py Thu Nov 11 22:46:32 2021 -0800 +++ b/system.py Thu Nov 11 23:31:21 2021 -0800 @@ -2,19 +2,18 @@ from pyinfra import host from pyinfra.facts.server import LinuxDistribution -from pyinfra.operations import apt, files, server, ssh, systemd +from pyinfra.operations import apt, files, server, systemd -bang_is_old = True # remove after upgrade is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] -is_wifi_pi = host.name in ['frontdoor', 'living'] TZ = 'America/Los_Angeles' +server.hostname(hostname=host.name) + # -# system +# timezone # -server.hostname(hostname=host.name) files.link(path='/etc/localtime', target=f'/usr/share/zoneinfo/{TZ}') files.replace(path='/etc/timezone', match='.*', replace=TZ) apt.packages(update=True, @@ -31,7 +30,7 @@ # fstab # -fstab_file = f'files/{host.name}_fstab' +fstab_file = f'files/fstab/{host.name}' if os.path.exists(fstab_file): files.put(src=fstab_file, dest='/etc/fstab') if is_pi: @@ -45,86 +44,6 @@ apt.packages(packages=['dphys-swapfile'], present=False) # -# pkgs -# - -if not is_pi: - apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553') - -if is_pi: - apt.packages(packages=['mandb', 'apt-listchanges'], present=False) - files.template(src='templates/pi_sources.list.j2', dest='/etc/apt/sources.list', rel='bullseye') - # 'apt upgrade'? - apt.packages(update=True, packages=['dirmngr', 'gnupg2', 'apt-utils']) - - apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc') - apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc') - apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc') - - files.file(path='/etc/apt/sources.list.d/raspi.list', present=False) - - if is_wifi_pi: - files.put(dest="/etc/network/interfaces.d/wlan0", src="files/pi_wlan0_powersave") - ssh.command(host.name, "iw wlan0 set power_save off") - - files.template(src='templates/boot_config.txt.j2', dest='/boot/config.txt') - -if not is_pi and host.name != 'prime': - apt.key(src='https://dl.google.com/linux/linux_signing_key.pub') - apt.repo(src='deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main') - - apt.key(src='https://packages.microsoft.com/keys/microsoft.asc') - apt.repo(src="deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code stable main") - - apt.ppa(src="ppa:savoury1/blender") - - apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7') - apt.repo(src="deb [arch=amd64,i386] https://repo.steampowered.com/steam/ stable steam") - -apt.packages(packages=[ - 'build-essential', - # 'i2c-tools', - 'rsync', - 'dstat', - 'ifstat', -]) - -if not is_pi: - apt.packages(packages=[ - 'keychain', - 'python3-docker', - 'python3-invoke', - 'python3-pip', - 'python3-virtualenv', - 'sysstat', - ]) - -if not is_pi and not bang_is_old: - apt.packages(packages='mlocate', present=False) - apt.packages(packages='plocate') - -# -# ssh -# - -systemd.service( - service='ssh', - running=True, - enabled=True, -) - -files.line(path='/etc/ssh/ssh_config', line="HashKnownHosts", replace="HashKnownHosts no") - -if is_pi: - auth_keys = '/home/pi/.ssh/authorized_keys' - files.file(path=auth_keys, user='pi', group='pi', mode=600) - for pubkey in [ - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNlR7hereUHqw/RHQau0F7+vQZKAxduM+SD4R76FhC+4Zi078Pv04ZLe9qdM/NBlB/grLGhG58vaGmnWPpJ3QJs= drewp@plus', - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOR+iV8Qm/rAfmq0epXYfnp5ZTfBl8eidFzw1GmyZ3fPUFAshWn839fQ5DPj9xDPtMy9kTtrB5bK1SnynFzDqzQ= drewp@bang', - ]: - files.line(path=auth_keys, line=pubkey, replace=pubkey) - -# # docker (delete this?) # @@ -139,15 +58,3 @@ files.line(path='/etc/ssh/sshd_config', line="^UseDNS\b", replace="UseDNS no") systemd.service(service='sshd', reloaded=True) - -# -# special hosts -# - -if host.name == "bang": - apt.packages(packages=[ - 'libzfs2linux', - 'zfsutils-linux', - 'zfs-zed', - 'zfs-auto-snapshot', - ])
--- a/tasks.py Thu Nov 11 22:46:32 2021 -0800 +++ b/tasks.py Thu Nov 11 23:31:21 2021 -0800 @@ -14,16 +14,26 @@ @task +def ssh(ctx): + ctx.run(cmd + 'inventory.py ssh.py', pty=True) + + +@task def system(ctx): ctx.run(cmd + 'inventory.py system.py', pty=True) @task +def packages(ctx): + ctx.run(cmd + 'inventory.py packages.py', pty=True) + + +@task def net(ctx): # workaround for https://github.com/Fizzadar/pyinfra/issues/702 - ctx.run(cmd + '-vv inventory.py exec -- rm -f /tmp/pyinfra-7ed098bf43cef74d8ab8ea095e4a95c92605c61c', pty=True) + ctx.run(cmd + 'inventory.py exec -- rm -f /tmp/pyinfra-7ed098bf43cef74d8ab8ea095e4a95c92605c61c', pty=True, warn=True) - ctx.run(cmd + '-vv inventory.py net.py --limit slash ', pty=True) + ctx.run(cmd + 'inventory.py net.py', pty=True) @task @@ -33,7 +43,8 @@ @task def kube(ctx): - ctx.run(cmd + 'inventory.py kube.py --limit dash --limit garage', pty=True) + ctx.run(cmd + 'inventory.py kube.py ', pty=True) + @task
--- a/templates/bang_exports.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/bang_exports.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,1 +1,3 @@ +# written by pyinfra + # none; zfs takes care of its own \ No newline at end of file
--- a/templates/bang_interfaces.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/bang_interfaces.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,4 +1,4 @@ -# written by ansible; do not edit +# written by pyinfra # For more information, see interfaces(5).
--- a/templates/boot_config.txt.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/boot_config.txt.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,4 +1,4 @@ -# Written by pyinfra +# written by pyinfra # For more options and information see # http://rpf.io/configtxt
--- a/templates/dhcp_hosts.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,70 +0,0 @@ -b8:97:5a:17:d7:1f,dash,10.1.0.5,infinite -c8:60:00:98:ec:74,slash,10.1.0.6,infinite -7c:c3:a1:b0:83:03,kelsi-imac,10.1.0.7,infinite -1c:c1:de:56:e6:70,music,10.1.0.8,infinite - -a0:40:a0:6f:96:d5,orbi,10.2.0.5,infinite -a0:40:a0:6f:aa:f8,orbi-sat1,10.2.0.6,infinite -8c:3b:ad:c4:8d:ce,orbi-sat2,10.2.0.7,infinite - -# 00:0f:54:13:36:d2,prevkitchen,10.2.0.10,infinite -b8:27:eb:d9:86:22,kitchen,10.2.0.10,infinite -b8:27:eb:00:26:92,living,10.2.0.11,infinite -b8:27:eb:6d:2b:6f,workshop,10.2.0.13,infinite -b8:27:eb:81:17:92,garage,10.2.0.14,infinite -b8:27:eb:86:28:02,bed,10.2.0.15,infinite -b8:27:eb:d6:15:72,changing,10.2.0.16,infinite -b8:27:eb:e9:d3:44,frontbed,10.2.0.17,infinite -b8:27:eb:83:40:27,changing-wifi,10.2.0.18,infinite -b8:27:eb:d4:42:c7,garage-wifi,10.2.0.19,infinite - -# pi4 # dc:a6:32:00:d1:de,frontdoor,10.2.0.12,infinite -b8:27:eb:6a:41:e3,frontdoor,10.2.0.12,infinite - -1c:c1:de:56:e6:70,dot,10.2.0.30,infinite -7c:c3:a1:b0:83:03,kelsi-imac,10.2.0.31,infinite - -78:11:dc:44:4a:48,gardencam,10.2.0.40,infinite -78:11:dc:78:00:8d,ashercam,10.2.0.41,infinite -34:ce:00:e4:a4:11,livingcam,10.2.0.42,infinite -78:11:dc:78:39:31,twinscam,10.2.0.43,infinite -24:62:ab:f8:6f:20,office_back_cam,10.2.0.44,infinite -#...,garage_hall_cam,10.2.0.45,infinite - - -94:9f:3e:7e:7d:b4,sonos-bed,10.2.0.50,infinite -# skip .51 for old lease -94:9f:3e:7b:45:a8,sonos-kitchen,10.2.0.52,infinite - -30:fd:38:79:2f:48,googlehome-ari,10.2.0.60,infinite -38:8b:59:5b:63:5f,googlehome-bed,10.2.0.61,infinite -48:d6:d5:75:f5:7b,googlehome-asher,10.2.0.62,infinite - -30:fd:38:8b:98:c0,chromecast1,10.2.0.70,infinite -cc:08:8d:e9:60:65,chromecast2,10.2.0.71,infinite -6c:ad:f8:1b:c5:31,chromecast3,10.2.0.72,infinite - -a0:cc:2b:f5:a2:21,tradfri,10.2.0.80,infinite -d8:d5:b9:00:2c:41,powereagle,10.2.0.81,infinite - -3c:71:bf:8c:49:c4,cabin,10.2.0.90,infinite -80:7d:3a:33:bd:72,kitchen-counter-lights,10.2.0.91,infinite -dc:4f:22:4b:d9:65,kitchen-ceiling-lights,10.2.0.92,infinite -24:0a:c4:9b:cb:c8,frontdoorlock,10.2.0.93,infinite -18:fe:34:a6:04:31,greenhouse,10.2.0.94,infinite -5c:cf:7f:01:58:8a,ridecontrol,10.2.0.95,infinite -a0:20:a6:0a:87:a8,nightlight_ari,10.2.0.96,infinite -84:f3:eb:e3:a7:84,nightlight_display1,10.2.0.97,infinite -a0:20:a6:0b:9e:68,bed_bar_asher,10.2.0.98,infinite - -9c:b6:d0:1d:d1:03,plus,10.2.0.110,infinite -#6c:19:c0:70:7e:98,unknown -48:60:5f:69:1a:e6,drew-work-phone,10.2.0.111,infinite -dc:ef:ca:ed:58:27,drew-note8,10.2.0.112,infinite -fc:db:b3:ff:f3:d1,drew-note5,10.2.0.113,infinite -38:8b:59:5b:63:5f,kelsi-ipad,10.2.0.114,infinite -68:ab:1e:38:14:ed,kelsi-watch,10.2.0.115,infinite -7c:c3:a1:b0:83:03,kelsi-imac-wifi,10.2.0.116,infinite -7c:b0:c2:83:31:0f,ari-chromebook,10.2.0.117,infinite -b0:19:c6:79:ef:55,daniele-phone,10.2.0.118,infinite -e8:f2:e2:83:cc:c0,pf1500-projector,10.2.0.119,infinite
--- a/templates/dhcp_hosts_file.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,38 +0,0 @@ -# by pyinfra - -162.243.138.136 prime-ext.bigasterisk.com public.bigasterisk.com primary.bigasterisk.com maildirfetch.bigasterisk.com vpn-ext.bigasterisk.com - -# This is the dns trick-- hosts at home should use the local address -# for 'bigasterisk.com' etc instead of taking a trip to prime. -10.2.0.1 bang bang.bigasterisk.com bigasterisk.com file.bigasterisk.com local.fantasyfamegame.com imap.bigasterisk.com repo.bigasterisk.com mail.bigasterisk.com puppet.bigasterisk.com computeracronym.quickwitretort.com csigen.quickwitretort.com drewp.quickwitretort.com kelsi.quickwitretort.com owncloud.bigasterisk.com photo.bigasterisk.com projects.bigasterisk.com quickwitretort.com whatsplayingnext.com whopickedthis.com aask.bigasterisk.com bebop.bigasterisk.com brazilog.bigasterisk.com cinepaint.bigasterisk.com craigslist.bigasterisk.com cuisine.bigasterisk.com cvs.bigasterisk.com dafnaandjonas.bigasterisk.com darcs.bigasterisk.com daveandlisa.bigasterisk.com digibook.bigasterisk.com gasuse.bigasterisk.com graphite.bigasterisk.com johnmuir.bigasterisk.com jazz.bigasterisk.com js.bigasterisk.com karinandjohn.bigasterisk.com light9.bigasterisk.com linuxmovies.bigasterisk.com lisa.bigasterisk.com lisaanddave.bigasterisk.com magma.bigasterisk.com maps.bigasterisk.com monk.bigasterisk.com ov099.bigasterisk.com picreferer.bigasterisk.com rayz.bigasterisk.com seabird.bigasterisk.com semfile.bigasterisk.com sinai.bigasterisk.com stef.bigasterisk.com wedding.bigasterisk.com wedding-john-karin.bigasterisk.com www.bigasterisk.com vpn-home.bigasterisk.com file.bigasterisk.com - -{% if net != '10.5' %} -# so bang can see these names -10.1.0.5 dash.bigasterisk.com -10.1.0.6 slash.bigasterisk.com -{% endif %} - -10.5.0.1 bang5.bigasterisk.com local.bigasterisk.com mail.bigasterisk.com -10.5.0.2 prime5.bigasterisk.com prime.bigasterisk.com prime.vpn-ext.bigasterisk.com -10.5.0.5 dash5.bigasterisk.com -10.5.0.6 slash5.bigasterisk.com -10.5.0.8 piedmont5.bigasterisk.com -10.5.0.10 kitchen5.bigasterisk.com -10.5.0.11 living5.bigasterisk.com -10.5.0.12 frontdoor5.bigasterisk.com -10.5.0.13 workshop5.bigasterisk.com -10.5.0.14 garage5.bigasterisk.com -10.5.0.15 bed5.bigasterisk.com -10.5.0.16 changing5.bigasterisk.com -10.5.0.17 frontbed5.bigasterisk.com -10.5.0.30 dot5.bigasterisk.com -10.5.0.99 piedmont5.bigasterisk.com -10.5.0.110 plus5.bigasterisk.com -10.5.0.112 drew-note85.bigasterisk.com - - -{% if net == '10.5' %} -10.5.0.1 bang.bigasterisk.com -10.5.0.2 prime.bigasterisk.com -10.5.0.5 dash.bigasterisk.com -{% endif %}
--- a/templates/dnsmasq.conf.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,54 +0,0 @@ -user=nobody -keep-in-foreground -log-facility=- - -listen-address={{ net }}.0.1 -{% if net == "10.2" %} -listen-address=127.0.0.1 -{% endif %} -bind-interfaces - -domain-needed -no-resolv -# i didn't say --all-servers, but it was behaving like that -server=208.201.224.11 -#server=208.201.224.33 -#server=8.8.4.4 -#server=8.8.8.8 -local=/bigasterisk.com/ -no-hosts -addn-hosts=/opt/dnsmasq/{{ net }}/hosts -local-ttl=30 -mx-host=bigasterisk.com,prime6.bigasterisk.com -cache-size=10000 -neg-ttl=60 -dns-forward-max=1000 -domain=bigasterisk.com - -log-dhcp -dhcp-sequential-ip -{% if net == "10.1" %} -dhcp-broadcast -dhcp-authoritative -dhcp-option=option:domain-name,bigasterisk.com -dhcp-hostsfile=/opt/dnsmasq/{{ net }}/dhcp_hosts -dhcp-leasefile=/opt/dnsmasq/{{ net }}/leases -dhcp-range=enp1s0,10.1.0.0,static,infinite -dhcp-range=tag:!known,enp1s0,10.1.0.100,10.1.0.180 -dhcp-option=enp1s0,option:dns-server,10.1.0.1 -dhcp-option=enp1s0,option:router,10.1.0.1 -{% endif %} - -{% if net == "10.2" %} -dhcp-broadcast -dhcp-authoritative -dhcp-option=option:domain-name,bigasterisk.com -dhcp-hostsfile=/opt/dnsmasq/{{ net }}/dhcp_hosts -dhcp-leasefile=/opt/dnsmasq/{{ net }}/leases -dhcp-range=ens5,10.2.0.0,static,infinite -dhcp-range=tag:!known,ens5,10.2.0.21,10.2.0.120,24h -dhcp-option=ens5,option:dns-server,10.2.0.1 -dhcp-option=ens5,option:router,10.2.0.1 -{% endif %} - -# net==10.5 is not used for dhcp at all
--- a/templates/dnsmasq.service.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,27 +0,0 @@ -# custom, installed with ansible -[Unit] -Description=dnsmasq for {{ net }} network -Requires=network.target -Wants=nss-lookup.target -Before=nss-lookup.target -After=network.target - -[Service] -Type=simple - -# Test the config file and refuse starting if it is not valid. -ExecStartPre=/usr/sbin/dnsmasq --conf-file=/opt/dnsmasq/{{ net }}/dnsmasq.conf --test - -ExecStart=/usr/sbin/dnsmasq --conf-file=/opt/dnsmasq/{{ net }}/dnsmasq.conf - -# The systemd-*-resolvconf functions configure (and deconfigure) -# resolvconf to work with the dnsmasq DNS server. They're called like -# this to get correct error handling (ie don't start-resolvconf if the -# dnsmasq daemon fails to start. -ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf -ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf - -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/dnsmasq/dhcp_hosts.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,70 @@ +b8:97:5a:17:d7:1f,dash,10.1.0.5,infinite +c8:60:00:98:ec:74,slash,10.1.0.6,infinite +7c:c3:a1:b0:83:03,kelsi-imac,10.1.0.7,infinite +1c:c1:de:56:e6:70,music,10.1.0.8,infinite + +a0:40:a0:6f:96:d5,orbi,10.2.0.5,infinite +a0:40:a0:6f:aa:f8,orbi-sat1,10.2.0.6,infinite +8c:3b:ad:c4:8d:ce,orbi-sat2,10.2.0.7,infinite + +# 00:0f:54:13:36:d2,prevkitchen,10.2.0.10,infinite +b8:27:eb:d9:86:22,kitchen,10.2.0.10,infinite +b8:27:eb:00:26:92,living,10.2.0.11,infinite +b8:27:eb:6d:2b:6f,workshop,10.2.0.13,infinite +b8:27:eb:81:17:92,garage,10.2.0.14,infinite +b8:27:eb:86:28:02,bed,10.2.0.15,infinite +b8:27:eb:d6:15:72,changing,10.2.0.16,infinite +b8:27:eb:e9:d3:44,frontbed,10.2.0.17,infinite +b8:27:eb:83:40:27,changing-wifi,10.2.0.18,infinite +b8:27:eb:d4:42:c7,garage-wifi,10.2.0.19,infinite + +# pi4 # dc:a6:32:00:d1:de,frontdoor,10.2.0.12,infinite +b8:27:eb:6a:41:e3,frontdoor,10.2.0.12,infinite + +1c:c1:de:56:e6:70,dot,10.2.0.30,infinite +7c:c3:a1:b0:83:03,kelsi-imac,10.2.0.31,infinite + +78:11:dc:44:4a:48,gardencam,10.2.0.40,infinite +78:11:dc:78:00:8d,ashercam,10.2.0.41,infinite +34:ce:00:e4:a4:11,livingcam,10.2.0.42,infinite +78:11:dc:78:39:31,twinscam,10.2.0.43,infinite +24:62:ab:f8:6f:20,office_back_cam,10.2.0.44,infinite +#...,garage_hall_cam,10.2.0.45,infinite + + +94:9f:3e:7e:7d:b4,sonos-bed,10.2.0.50,infinite +# skip .51 for old lease +94:9f:3e:7b:45:a8,sonos-kitchen,10.2.0.52,infinite + +30:fd:38:79:2f:48,googlehome-ari,10.2.0.60,infinite +38:8b:59:5b:63:5f,googlehome-bed,10.2.0.61,infinite +48:d6:d5:75:f5:7b,googlehome-asher,10.2.0.62,infinite + +30:fd:38:8b:98:c0,chromecast1,10.2.0.70,infinite +cc:08:8d:e9:60:65,chromecast2,10.2.0.71,infinite +6c:ad:f8:1b:c5:31,chromecast3,10.2.0.72,infinite + +a0:cc:2b:f5:a2:21,tradfri,10.2.0.80,infinite +d8:d5:b9:00:2c:41,powereagle,10.2.0.81,infinite + +3c:71:bf:8c:49:c4,cabin,10.2.0.90,infinite +80:7d:3a:33:bd:72,kitchen-counter-lights,10.2.0.91,infinite +dc:4f:22:4b:d9:65,kitchen-ceiling-lights,10.2.0.92,infinite +24:0a:c4:9b:cb:c8,frontdoorlock,10.2.0.93,infinite +18:fe:34:a6:04:31,greenhouse,10.2.0.94,infinite +5c:cf:7f:01:58:8a,ridecontrol,10.2.0.95,infinite +a0:20:a6:0a:87:a8,nightlight_ari,10.2.0.96,infinite +84:f3:eb:e3:a7:84,nightlight_display1,10.2.0.97,infinite +a0:20:a6:0b:9e:68,bed_bar_asher,10.2.0.98,infinite + +9c:b6:d0:1d:d1:03,plus,10.2.0.110,infinite +#6c:19:c0:70:7e:98,unknown +48:60:5f:69:1a:e6,drew-work-phone,10.2.0.111,infinite +dc:ef:ca:ed:58:27,drew-note8,10.2.0.112,infinite +fc:db:b3:ff:f3:d1,drew-note5,10.2.0.113,infinite +38:8b:59:5b:63:5f,kelsi-ipad,10.2.0.114,infinite +68:ab:1e:38:14:ed,kelsi-watch,10.2.0.115,infinite +7c:c3:a1:b0:83:03,kelsi-imac-wifi,10.2.0.116,infinite +7c:b0:c2:83:31:0f,ari-chromebook,10.2.0.117,infinite +b0:19:c6:79:ef:55,daniele-phone,10.2.0.118,infinite +e8:f2:e2:83:cc:c0,pf1500-projector,10.2.0.119,infinite
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/dnsmasq/dnsmasq.conf.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,54 @@ +user=nobody +keep-in-foreground +log-facility=- + +listen-address={{ net }}.0.1 +{% if net == "10.2" %} +listen-address=127.0.0.1 +{% endif %} +bind-interfaces + +domain-needed +no-resolv +# i didn't say --all-servers, but it was behaving like that +server=208.201.224.11 +#server=208.201.224.33 +#server=8.8.4.4 +#server=8.8.8.8 +local=/bigasterisk.com/ +no-hosts +addn-hosts=/opt/dnsmasq/{{ net }}/hosts +local-ttl=30 +mx-host=bigasterisk.com,prime6.bigasterisk.com +cache-size=10000 +neg-ttl=60 +dns-forward-max=1000 +domain=bigasterisk.com + +log-dhcp +dhcp-sequential-ip +{% if net == "10.1" %} +dhcp-broadcast +dhcp-authoritative +dhcp-option=option:domain-name,bigasterisk.com +dhcp-hostsfile=/opt/dnsmasq/{{ net }}/dhcp_hosts +dhcp-leasefile=/opt/dnsmasq/{{ net }}/leases +dhcp-range=enp1s0,10.1.0.0,static,infinite +dhcp-range=tag:!known,enp1s0,10.1.0.100,10.1.0.180 +dhcp-option=enp1s0,option:dns-server,10.1.0.1 +dhcp-option=enp1s0,option:router,10.1.0.1 +{% endif %} + +{% if net == "10.2" %} +dhcp-broadcast +dhcp-authoritative +dhcp-option=option:domain-name,bigasterisk.com +dhcp-hostsfile=/opt/dnsmasq/{{ net }}/dhcp_hosts +dhcp-leasefile=/opt/dnsmasq/{{ net }}/leases +dhcp-range=ens5,10.2.0.0,static,infinite +dhcp-range=tag:!known,ens5,10.2.0.21,10.2.0.120,24h +dhcp-option=ens5,option:dns-server,10.2.0.1 +dhcp-option=ens5,option:router,10.2.0.1 +{% endif %} + +# net==10.5 is not used for dhcp at all
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/dnsmasq/dnsmasq.service.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,28 @@ +# written by pyinfra + +[Unit] +Description=dnsmasq for {{ net }} network +Requires=network.target +Wants=nss-lookup.target +Before=nss-lookup.target +After=network.target + +[Service] +Type=simple + +# Test the config file and refuse starting if it is not valid. +ExecStartPre=/usr/sbin/dnsmasq --conf-file=/opt/dnsmasq/{{ net }}/dnsmasq.conf --test + +ExecStart=/usr/sbin/dnsmasq --conf-file=/opt/dnsmasq/{{ net }}/dnsmasq.conf + +# The systemd-*-resolvconf functions configure (and deconfigure) +# resolvconf to work with the dnsmasq DNS server. They're called like +# this to get correct error handling (ie don't start-resolvconf if the +# dnsmasq daemon fails to start. +ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf +ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf + +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/dnsmasq/hosts.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,38 @@ +# written by pyinfra + +162.243.138.136 prime-ext.bigasterisk.com public.bigasterisk.com primary.bigasterisk.com maildirfetch.bigasterisk.com vpn-ext.bigasterisk.com + +# This is the dns trick-- hosts at home should use the local address +# for 'bigasterisk.com' etc instead of taking a trip to prime. +10.2.0.1 bang bang.bigasterisk.com bigasterisk.com file.bigasterisk.com local.fantasyfamegame.com imap.bigasterisk.com repo.bigasterisk.com mail.bigasterisk.com puppet.bigasterisk.com computeracronym.quickwitretort.com csigen.quickwitretort.com drewp.quickwitretort.com kelsi.quickwitretort.com owncloud.bigasterisk.com photo.bigasterisk.com projects.bigasterisk.com quickwitretort.com whatsplayingnext.com whopickedthis.com aask.bigasterisk.com bebop.bigasterisk.com brazilog.bigasterisk.com cinepaint.bigasterisk.com craigslist.bigasterisk.com cuisine.bigasterisk.com cvs.bigasterisk.com dafnaandjonas.bigasterisk.com darcs.bigasterisk.com daveandlisa.bigasterisk.com digibook.bigasterisk.com gasuse.bigasterisk.com graphite.bigasterisk.com johnmuir.bigasterisk.com jazz.bigasterisk.com js.bigasterisk.com karinandjohn.bigasterisk.com light9.bigasterisk.com linuxmovies.bigasterisk.com lisa.bigasterisk.com lisaanddave.bigasterisk.com magma.bigasterisk.com maps.bigasterisk.com monk.bigasterisk.com ov099.bigasterisk.com picreferer.bigasterisk.com rayz.bigasterisk.com seabird.bigasterisk.com semfile.bigasterisk.com sinai.bigasterisk.com stef.bigasterisk.com wedding.bigasterisk.com wedding-john-karin.bigasterisk.com www.bigasterisk.com vpn-home.bigasterisk.com file.bigasterisk.com + +{% if net != '10.5' %} +# so bang can see these names +10.1.0.5 dash.bigasterisk.com +10.1.0.6 slash.bigasterisk.com +{% endif %} + +10.5.0.1 bang5.bigasterisk.com local.bigasterisk.com mail.bigasterisk.com +10.5.0.2 prime5.bigasterisk.com prime.bigasterisk.com prime.vpn-ext.bigasterisk.com +10.5.0.5 dash5.bigasterisk.com +10.5.0.6 slash5.bigasterisk.com +10.5.0.8 piedmont5.bigasterisk.com +10.5.0.10 kitchen5.bigasterisk.com +10.5.0.11 living5.bigasterisk.com +10.5.0.12 frontdoor5.bigasterisk.com +10.5.0.13 workshop5.bigasterisk.com +10.5.0.14 garage5.bigasterisk.com +10.5.0.15 bed5.bigasterisk.com +10.5.0.16 changing5.bigasterisk.com +10.5.0.17 frontbed5.bigasterisk.com +10.5.0.30 dot5.bigasterisk.com +10.5.0.99 piedmont5.bigasterisk.com +10.5.0.110 plus5.bigasterisk.com +10.5.0.112 drew-note85.bigasterisk.com + + +{% if net == '10.5' %} +10.5.0.1 bang.bigasterisk.com +10.5.0.2 prime.bigasterisk.com +10.5.0.5 dash.bigasterisk.com +{% endif %}
--- a/templates/k3s-node.service.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,24 +0,0 @@ -[Unit] -Description=Lightweight Kubernetes -Documentation=https://k3s.io -After=network-online.target - -[Service] -Type=notify -ExecStartPre=-/sbin/modprobe br_netfilter -ExecStartPre=-/sbin/modprobe overlay -ExecStart=/usr/local/bin/k3s agent --server https://{{ master_ip }}:6443 --token {{ token }} -KillMode=process -Delegate=yes -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=1048576 -LimitNPROC=infinity -LimitCORE=infinity -TasksMax=infinity -TimeoutStartSec=0 -Restart=always -RestartSec=5s - -[Install] -WantedBy=multi-user.target
--- a/templates/k3s-server.service.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,24 +0,0 @@ -[Unit] -Description=Lightweight Kubernetes -Documentation=https://k3s.io -After=network-online.target - -[Service] -Type=notify -ExecStartPre=-/sbin/modprobe br_netfilter -ExecStartPre=-/sbin/modprobe overlay -ExecStart=/usr/local/bin/k3s server --debug --write-kubeconfig-mode=640 --bind-address {{ master_ip }} --node-external-ip {{ master_ip }} --node-ip {{ master_ip }} --disable traefik -KillMode=process -Delegate=yes -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=1048576 -LimitNPROC=infinity -LimitCORE=infinity -TasksMax=infinity -TimeoutStartSec=0 -Restart=always -RestartSec=5s - -[Install] -WantedBy=multi-user.target
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/kube/k3s-node.service.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,26 @@ +# written by pyinfra + +[Unit] +Description=Lightweight Kubernetes +Documentation=https://k3s.io +After=network-online.target + +[Service] +Type=notify +ExecStartPre=-/sbin/modprobe br_netfilter +ExecStartPre=-/sbin/modprobe overlay +ExecStart=/usr/local/bin/k3s agent --server https://{{ master_ip }}:6443 --token {{ token }} +KillMode=process +Delegate=yes +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/kube/k3s-server.service.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,26 @@ +# written by pyinfra + +[Unit] +Description=Lightweight Kubernetes +Documentation=https://k3s.io +After=network-online.target + +[Service] +Type=notify +ExecStartPre=-/sbin/modprobe br_netfilter +ExecStartPre=-/sbin/modprobe overlay +ExecStart=/usr/local/bin/k3s server --debug --write-kubeconfig-mode=640 --bind-address {{ master_ip }} --node-external-ip {{ master_ip }} --node-ip {{ master_ip }} --disable traefik +KillMode=process +Delegate=yes +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/kube/registries.yaml.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,6 @@ +# written by pyinfra + +mirrors: + "bang5:5000": + endpoint: + - "http://bang5:5000"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/netplan.yaml.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,28 @@ +# written by pyinfra + +network: + version: 2 + ethernets: + {{ipv4Interface}}: +{% if host.name in ['prime'] %} + link-local: [ ipv4 ] + addresses: ['{{ipv4Address}}/32'] + routes: + - to: 0.0.0.0/0 + via: 162.243.138.1 + nameservers: + search: ['bigasterisk.com'] + addresses: + - 10.5.0.1 + - 8.8.4.4 + - 8.8.8.8 +{% else %} + dhcp4: true +# routes: +# - to: 0.0.0.0/0 +# via: {{ipv4Address.rsplit('.', 1)[0]}}.1 +# nameservers: +# search: ['bigasterisk.com'] +# addresses: +# - 10.2.0.1 +{% endif %}
--- a/templates/netplan_dns.yaml.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,26 +0,0 @@ -network: - version: 2 - ethernets: - {{ipv4Interface}}: -{% if host.name in ['prime'] %} - link-local: [ ipv4 ] - addresses: ['{{ipv4Address}}/32'] - routes: - - to: 0.0.0.0/0 - via: 162.243.138.1 - nameservers: - search: ['bigasterisk.com'] - addresses: - - 10.5.0.1 - - 8.8.4.4 - - 8.8.8.8 -{% else %} - dhcp4: true -# routes: -# - to: 0.0.0.0/0 -# via: {{ipv4Address.rsplit('.', 1)[0]}}.1 -# nameservers: -# search: ['bigasterisk.com'] -# addresses: -# - 10.2.0.1 -{% endif %}
--- a/templates/pi_sources.list.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/pi_sources.list.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,3 +1,5 @@ +# written by pyinfra + deb http://archive.raspberrypi.org/debian/ {{rel}} main deb http://raspbian.raspberrypi.org/raspbian/ {{rel}} main contrib non-free rpi #deb http://security.debian.org/ {{rel}}/updates main contrib non-free rpi
--- a/templates/prime_resolved.conf.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/prime_resolved.conf.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,3 +1,5 @@ +# written by pyinfra + [Resolve] DNS=10.5.0.1 8.8.8.8 8.8.4.4 Domains=bigasterisk.com
--- a/templates/registries.yaml.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,4 +0,0 @@ -mirrors: - "bang5:5000": - endpoint: - - "http://bang5:5000"
--- a/templates/resolv.conf.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/resolv.conf.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,4 +1,4 @@ -# installed by pyinfra +# written by pyinfra # see 'resolvectl status' for more
--- a/templates/resolved.conf.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/resolved.conf.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,4 +1,4 @@ -# Written by pyinfra +# written by pyinfra # See resolved.conf(5) for details
--- a/templates/webforward.service.j2 Thu Nov 11 22:46:32 2021 -0800 +++ b/templates/webforward.service.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -1,4 +1,5 @@ -# custom, installed with pyinfra +# written by pyinfra + [Unit] Description=web forward for port {{ port }} Requires=network.target
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/wireguard/bogasterisk.conf.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,12 @@ +# written by pyinfra + +[Interface] +# {{ host.name }} +Address = 10.7.0.2/16 +PrivateKey = {{priv_key}} +ListenPort = 2113 + +{{ peer_block('monk', 'aroc8MNdTnKg175HYxri+Yr1afuaC0awyr6TfGMpvxI=', '10.7.0.42/32') }} +{{ peer_block('firebert (phone)', 'Rr9N6dGbMLzl6wuEJlaq67gNQ5QW2ZcwD4Brn/3XJyA=', '10.7.0.88/32') }} +{{ peer_block('bird', '9CkgqeAiX1GhNM+t9m2nJD5QJHx9iTCFRB5c1x7h704=', '10.7.0.46/32') }} +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/wireguard/wg0.conf.j2 Thu Nov 11 23:31:21 2021 -0800 @@ -0,0 +1,25 @@ +# written by pyinfra + +[Interface] +# {{ host.name }} +Address = {{wireguard_ip}}/24 +PrivateKey = {{priv_key}} +ListenPort = 1195 + +{% if host.name == 'bang' %} + {{ peer_block('dash', 'X39ewB2uYLZTFaG+RFeLpyOrnCgjc4wRKrcV0Jz3sTM=', '10.5.0.5/32', 'dash:1195') }} + {{ peer_block('dot', 'sav1VQE1XzbOGfNjDRxcHAmEWtmVGYC1B7KXH+5IKxY=', '10.5.0.30/32', 'dot:1195') }} + {{ peer_block('frontbed', 'ENhRhEgGaFfwV74MqYBHJgkOFpNAF5kVHVK5/tRVTjU=', '10.5.0.17/32', 'frontbed:1195') }} + {{ peer_block('garage', 'kFMtVafPU8kJHYmdafc1g/OLRnNPQMGpYKcDqQ9rUjA=', '10.5.0.14/32', 'garage:1195') }} + {{ peer_block('prime', 'vR9lfsUSOIMxkY/k2gRJ6E8ZudccfPpVhrbE9zuxalU=', '10.5.0.0/24', 'public.bigasterisk.com:1195', 50) }} + {{ peer_block('slash', 'IRLLt2yFuXVJbpevAj9d84mGAvi6SbJr1AwLAK/pBTM=', '10.5.0.6/32', 'slash:1195') }} +{% elif host.name == 'prime' %} + {{ peer_block('bang', 'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24') }} + {{ peer_block('plus', 'tH2og4BbXaH6BrHSBd73Fx1XT0DxR8vjQxjqHFa913A=', '10.5.0.110/32') }} + {{ peer_block('drew-note10', 'QMgx4cmuUTfJ7RH4Q46b54tSQl4eISOmdEney17fnE8=', '10.5.0.112/32') }} +{% elif host.name == 'plus' %} + {{ peer_block('bang', 'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24', '10.1.0.1:1195', 50) }} +{% else %} + {{ peer_block('bang', 'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24', '10.1.0.1:1195', 50) }} +{% endif %} +
--- a/templates/wireguard_bogasterisk.conf.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -# written by pyinfra - -[Interface] -# {{ host.name }} -Address = 10.7.0.2/16 -PrivateKey = {{priv_key}} -ListenPort = 2113 - -{{ peer_block('monk', 'aroc8MNdTnKg175HYxri+Yr1afuaC0awyr6TfGMpvxI=', '10.7.0.42/32') }} -{{ peer_block('firebert (phone)', 'Rr9N6dGbMLzl6wuEJlaq67gNQ5QW2ZcwD4Brn/3XJyA=', '10.7.0.88/32') }} -{{ peer_block('bird', '9CkgqeAiX1GhNM+t9m2nJD5QJHx9iTCFRB5c1x7h704=', '10.7.0.46/32') }} -
--- a/templates/wireguard_wg0.conf.j2 Thu Nov 11 22:46:32 2021 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,25 +0,0 @@ -# written by pyinfra - -[Interface] -# {{ host.name }} -Address = {{wireguard_ip}}/24 -PrivateKey = {{priv_key}} -ListenPort = 1195 - -{% if host.name == 'bang' %} - {{ peer_block('dash', 'X39ewB2uYLZTFaG+RFeLpyOrnCgjc4wRKrcV0Jz3sTM=', '10.5.0.5/32', 'dash:1195') }} - {{ peer_block('dot', 'sav1VQE1XzbOGfNjDRxcHAmEWtmVGYC1B7KXH+5IKxY=', '10.5.0.30/32', 'dot:1195') }} - {{ peer_block('frontbed', 'ENhRhEgGaFfwV74MqYBHJgkOFpNAF5kVHVK5/tRVTjU=', '10.5.0.17/32', 'frontbed:1195') }} - {{ peer_block('garage', 'kFMtVafPU8kJHYmdafc1g/OLRnNPQMGpYKcDqQ9rUjA=', '10.5.0.14/32', 'garage:1195') }} - {{ peer_block('prime', 'vR9lfsUSOIMxkY/k2gRJ6E8ZudccfPpVhrbE9zuxalU=', '10.5.0.0/24', 'public.bigasterisk.com:1195', 50) }} - {{ peer_block('slash', 'IRLLt2yFuXVJbpevAj9d84mGAvi6SbJr1AwLAK/pBTM=', '10.5.0.6/32', 'slash:1195') }} -{% elif host.name == 'prime' %} - {{ peer_block('bang', 'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24') }} - {{ peer_block('plus', 'tH2og4BbXaH6BrHSBd73Fx1XT0DxR8vjQxjqHFa913A=', '10.5.0.110/32') }} - {{ peer_block('drew-note10', 'QMgx4cmuUTfJ7RH4Q46b54tSQl4eISOmdEney17fnE8=', '10.5.0.112/32') }} -{% elif host.name == 'plus' %} - {{ peer_block('bang', 'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24', '10.1.0.1:1195', 50) }} -{% else %} - {{ peer_block('bang', 'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24', '10.1.0.1:1195', 50) }} -{% endif %} -
--- a/wireguard.py Thu Nov 11 22:46:32 2021 -0800 +++ b/wireguard.py Thu Nov 11 23:31:21 2021 -0800 @@ -46,7 +46,7 @@ # todo: if this was new, it should be added to a file of pubkeys that peer_block can refer to files.template( - src=f'templates/wireguard_{wireguard_interface}.conf.j2', + src=f'templates/wireguard/{wireguard_interface}.conf.j2', dest=f'/etc/wireguard/{wireguard_interface}.conf', mode='600', wireguard_ip=wireguard_ip,