Mercurial > code > home > repos > infra

changeset 69:659e4b228909

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
new host 'pipe'
author drewp@bigasterisk.com
date Sat, 11 Jun 2022 22:51:20 -0700
parents 4a28a6b26af4
children 136d86d06ce6
files inventory.py net.py packages.py system.py templates/net/house_net.service.j2 templates/net/pipe_10.2.network.j2 templates/net/pipe_isp.network.j2 templates/odroid_sources.list.j2 templates/wireguard/wg0.conf.j2 users.py
diffstat 10 files changed, 92 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/inventory.py	Thu May 05 00:04:08 2022 -0700
+++ b/inventory.py	Sat Jun 11 22:51:20 2022 -0700
@@ -22,6 +22,14 @@
     })
 ]
 
+small = [
+    ('pipe', {
+        'mac': '00:05:1b:33:3e:81',
+        'ssh_hostname': '10.2.0.3',
+        'wireguard_address': '10.5.0.3',
+    }),
+]
+
 pi = [
     ('frontbed', {
         'mac': 'b8:27:eb:e9:d3:44',
--- a/net.py	Thu May 05 00:04:08 2022 -0700
+++ b/net.py	Sat Jun 11 22:51:20 2022 -0700
@@ -56,6 +56,20 @@
 elif host.name == 'plus':
     pass
 
+elif host.name == 'pipe':   
+    cleanup()
+
+    files.directory('/etc/systemd/network')
+
+    files.template(src="templates/net/pipe_10.2.network.j2", dest="/etc/systemd/network/99-10.2.network")
+    files.template(src="templates/net/pipe_isp.network.j2", dest="/etc/systemd/network/99-isp.network")
+    systemd.service(service='systemd-networkd.service', enabled=True, running=True, restarted=True)
+    systemd.service(service='networking.service', enabled=False, running=False)
+    server.sysctl(key='net.ipv4.ip_forward', value=1, persist=True)
+    files.template(src="templates/net/house_net.service.j2", dest="/etc/systemd/system/house_net.service")
+    systemd.service(service='house_net.service', daemon_reload=True, enabled=True, running=True, restarted=True)
+
+
 else:
     cleanup()
 
--- a/packages.py	Thu May 05 00:04:08 2022 -0700
+++ b/packages.py	Sat Jun 11 22:51:20 2022 -0700
@@ -8,7 +8,11 @@
 if not is_pi:
     apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553')
 
-if is_pi:
+if host.name == 'pipe':
+    apt.packages(packages=['mandb', 'apt-listchanges'], present=False)
+    files.template(src='templates/odroid_sources.list.j2', dest='/etc/apt/sources.list', rel='focal')
+
+elif is_pi:
     apt.packages(packages=['mandb', 'apt-listchanges'], present=False)
     files.template(src='templates/pi_sources.list.j2', dest='/etc/apt/sources.list', rel='bullseye')
     # 'apt upgrade'?
--- a/system.py	Thu May 05 00:04:08 2022 -0700
+++ b/system.py	Sat Jun 11 22:51:20 2022 -0700
@@ -33,7 +33,7 @@
 fstab_file = f'files/fstab/{host.name}'
 if os.path.exists(fstab_file):
     files.put(src=fstab_file, dest='/etc/fstab')
-if is_pi:
+if is_pi and host.name != 'pipe':
     for line in [
             'tmpfs /var/log tmpfs defaults,noatime,mode=0755 0 0',
             'tmpfs /tmp tmpfs defaults,noatime 0 0',
@@ -60,9 +60,10 @@
     systemd.service(service='sshd', reloaded=True)
 
 
-if host.name == 'bang':
+if host.name in ['bang', 'pipe']:
     server.shell(commands=['systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target'])
 
+if host.name == 'bang':
     apt.packages(packages=['nfs-kernel-server'])
     files.template(src='templates/bang_exports.j2', dest='/etc/exports')
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/templates/net/house_net.service.j2	Sat Jun 11 22:51:20 2022 -0700
@@ -0,0 +1,8 @@
+[Unit]
+After=systemd-networkd.service
+After=docker.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/iptables -A POSTROUTING --table nat --out-interface eth0 --jump MASQUERADE
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/templates/net/pipe_10.2.network.j2	Sat Jun 11 22:51:20 2022 -0700
@@ -0,0 +1,11 @@
+# written by pyinfra
+
+[Match]
+# usb dongle
+MACAddress=00:05:1b:33:3e:81
+
+[Network]
+DHCP=no
+Address=10.2.0.3/16
+DNS=10.2.0.1
+Domains=bigasterisk.com
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/templates/net/pipe_isp.network.j2	Sat Jun 11 22:51:20 2022 -0700
@@ -0,0 +1,12 @@
+# written by pyinfra
+
+[Match]
+# onboard eth
+MACAddress=00:1e:06:43:20:d0
+
+[Network]
+DHCP=no
+Address=192.168.42.3/24
+Gateway=192.168.42.1
+DNS=10.2.0.1
+Domains=bigasterisk.com
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/templates/odroid_sources.list.j2	Sat Jun 11 22:51:20 2022 -0700
@@ -0,0 +1,29 @@
+
+deb http://ports.ubuntu.com/ubuntu-ports/ {{ rel }} main restricted
+deb-src http://ports.ubuntu.com/ubuntu-ports/ {{ rel }} main restricted
+
+deb http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-updates main restricted
+deb-src http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-updates main restricted
+
+deb http://ports.ubuntu.com/ubuntu-ports/ {{ rel }} universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ {{ rel }} universe
+deb http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-updates universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-updates universe
+
+deb http://ports.ubuntu.com/ubuntu-ports/ {{ rel }} multiverse
+deb-src http://ports.ubuntu.com/ubuntu-ports/ {{ rel }} multiverse
+deb http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-updates multiverse
+deb-src http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-updates multiverse
+
+deb http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-backports main restricted universe multiverse
+deb-src http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-backports main restricted universe multiverse
+
+deb http://archive.canonical.com/ubuntu {{ rel }} partner
+deb-src http://archive.canonical.com/ubuntu {{ rel }} partner
+
+deb http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-security main restricted
+deb-src http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-security main restricted
+deb http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-security universe
+deb-src http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-security universe
+deb http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-security multiverse
+deb-src http://ports.ubuntu.com/ubuntu-ports/ {{ rel }}-security multiverse
\ No newline at end of file
--- a/templates/wireguard/wg0.conf.j2	Thu May 05 00:04:08 2022 -0700
+++ b/templates/wireguard/wg0.conf.j2	Sat Jun 11 22:51:20 2022 -0700
@@ -13,6 +13,7 @@
     {{ peer_block('garage',      'kFMtVafPU8kJHYmdafc1g/OLRnNPQMGpYKcDqQ9rUjA=', '10.5.0.14/32', 'garage:1195') }}
     {{ peer_block('prime',       'vR9lfsUSOIMxkY/k2gRJ6E8ZudccfPpVhrbE9zuxalU=', '10.5.0.0/24',  'public.bigasterisk.com:1195', 50) }}
     {{ peer_block('slash',       'IRLLt2yFuXVJbpevAj9d84mGAvi6SbJr1AwLAK/pBTM=', '10.5.0.6/32',  'slash:1195') }}
+    {{ peer_block('pipe',        'yI0zt8/+baHjadhiBCX6u8sSkhjoh/Q5cIZkGf1H6S4=', '10.5.0.3/32',  'pipe:1195') }}
 {% elif host.name == 'prime' %}
     {{ peer_block('bang',        'pAxirNVF08R6zYyudhTKjZ9fqC9UKMxknfLi5A39QVY=', '10.5.0.0/24') }}
     {{ peer_block('plus',        'tH2og4BbXaH6BrHSBd73Fx1XT0DxR8vjQxjqHFa913A=', '10.5.0.110/32') }}
--- a/users.py	Thu May 05 00:04:08 2022 -0700
+++ b/users.py	Sat Jun 11 22:51:20 2022 -0700
@@ -7,7 +7,7 @@
 # raspbian took 1000 for 'pi' group, but drewp is rarely used on pi
 # setups so hopefully it won't matter much that drew group has a
 # different id.
-drewp_gid = 1000 if not is_pi else 501
+drewp_gid = 1000 if (not is_pi and host.name != 'pipe') else 501
 drewp_uid = 501
 drewp_groups = [
     'lp', 'adm', 'dialout', 'cdrom', 'sudo', 'audio', 'video', 'plugdev',