Mercurial > code > home > repos > infra
changeset 37:fbd0849dfdbd
redo networking to be much simpler. Uses systemd-networkd
| author | drewp@bigasterisk.com |
|---|---|
| date | Sat, 15 Jan 2022 17:10:10 -0800 |
| parents | dc2100504c45 |
| children | 4026b6b8028f |
| files | net.py packages.py system.py templates/bang_interfaces.j2 templates/house.network.j2 templates/net/bang_10.1.network.j2 templates/net/bang_10.2.network.j2 templates/net/bang_isp.network.j2 templates/net/prime.network.j2 templates/net/singlenic.network.j2 templates/netplan.yaml.j2 templates/netplan_new.yaml.j2 |
| diffstat | 12 files changed, 100 insertions(+), 159 deletions(-) [+] |
line wrap: on
line diff
--- a/net.py Sat Jan 15 15:42:02 2022 -0800 +++ b/net.py Sat Jan 15 17:10:10 2022 -0800 @@ -2,8 +2,6 @@ from pyinfra.operations import apt, files, server, systemd is_wifi = host.name in ['frontdoor', 'living', 'plus'] -prime_public_addr = '162.243.138.136' -prime_gateway = '162.243.138.1' def cleanup(): @@ -25,67 +23,54 @@ apt.packages(packages=['network-manager'], present=False) + # On bang: + # Now using a HW router for this firewall. No incoming connections. + # test connections from the outside: + # http://www.t1shopper.com/tools/port-scanner/ + # On prime: + # using digitalocean network config: + # https://cloud.digitalocean.com/networking/firewalls/f68899ae-1aac-4469-b379-59ce2bbc988f/droplets?i=7c5072 + apt.packages(packages=['ufw'], present=False) -if host.name in [ - 'garage', - 'dash', - 'slash', - 'frontbed', - 'prime', -]: + +if host.name == 'prime': cleanup() - addr = host.host_data['addr'] - if addr.startswith('10.'): - net = addr[:4] - gateway = net + '.0.1' - dns = gateway - elif addr == prime_public_addr: - gateway = prime_gateway - dns = '10.5.0.1 8.8.8.8 8.8.4.4' - else: - raise ValueError(addr) + files.directory('/etc/systemd/network') + files.template( + src="templates/net/prime.network.j2", + dest="/etc/systemd/network/99-prime.network", + mac=host.host_data['mac'], + ) + +elif host.name == 'bang': + cleanup() + + files.directory('/etc/systemd/network') + files.template(src="templates/net/bang_10.1.network.j2", dest="/etc/systemd/network/99-10.1.network") + files.template(src="templates/net/bang_10.2.network.j2", dest="/etc/systemd/network/99-10.2.network") + files.template(src="templates/net/bang_isp.network.j2", dest="/etc/systemd/network/99-isp.network") + systemd.service(service='systemd-networkd.service', running=True, restarted=True) + +elif host.name == 'plus': + pass + +else: + cleanup() if is_wifi: files.put(src="secrets/wpa_supplicant.conf", dest="/etc/wpa_supplicant/wpa_supplicant.conf") - files.template(src="templates/house.network.j2", - dest="/etc/systemd/network/99-house.network", + addr = host.host_data['addr'] + net = addr[:4] + gateway = net + '.0.1' + dns = gateway + + files.template(src="templates/net/singlenic.network.j2", + dest="/etc/systemd/network/99-bigasterisk.network", create_remote_dir=True, mac=host.host_data['mac'], addr=addr, gateway=gateway, dns=dns) systemd.service(service='systemd-networkd.service', running=True, restarted=True) - - # ns = '10.2.0.1' - # if host.name == 'prime': - # ns = '8.8.8.8' - # elif host.name in ['slash']: - # ns = '10.1.0.1' - # files.template(src='templates/resolv.conf.j2', dest='/etc/resolv.conf', ns=ns) - -if host.name == 'plus': - apt.packages(packages=['network-manager'], present=True) - -if host.name == 'bang': - files.template(src='templates/bang_interfaces.j2', dest='/etc/network/interfaces', user='root', group='root', mode='644') - - # Now using a HW router for this firewall. No incoming connections. - # test connections from the outside: - # http://www.t1shopper.com/tools/port-scanner/ - apt.packages(packages=['ufw'], present=False) - -if host.name == 'prime': - # using digitalocean network config: - # https://cloud.digitalocean.com/networking/firewalls/f68899ae-1aac-4469-b379-59ce2bbc988f/droplets?i=7c5072 - apt.packages(packages=['ufw'], present=False) - - files.line(name='shorter systemctl log window, for disk space', - path='/etc/systemd/journald.conf', - line='MaxFileSec', - replace="MaxFileSec=7day") - - for port in [80, 443]: - files.template(src="templates/webforward.service.j2", dest=f"/etc/systemd/system/web_forward_{port}.service", port=port) - systemd.service(service=f'web_forward_{port}', enabled=True, restarted=True)
--- a/packages.py Sat Jan 15 15:42:02 2022 -0800 +++ b/packages.py Sat Jan 15 17:10:10 2022 -0800 @@ -75,3 +75,6 @@ 'zfs-zed', 'zfs-auto-snapshot', ]) + +if host.name == 'plus': + apt.packages(packages=['network-manager']) \ No newline at end of file
--- a/system.py Sat Jan 15 15:42:02 2022 -0800 +++ b/system.py Sat Jan 15 17:10:10 2022 -0800 @@ -65,3 +65,13 @@ apt.packages(packages=['nfs-kernel-server']) files.template(src='templates/bang_exports.j2', dest='/etc/exports') + +if host.name == 'prime': + files.line(name='shorter systemctl log window, for disk space', + path='/etc/systemd/journald.conf', + line='MaxFileSec', + replace="MaxFileSec=7day") + + for port in [80, 443]: + files.template(src="templates/webforward.service.j2", dest=f"/etc/systemd/system/web_forward_{port}.service", port=port) + systemd.service(service=f'web_forward_{port}', enabled=True, restarted=True)
--- a/templates/bang_interfaces.j2 Sat Jan 15 15:42:02 2022 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,34 +0,0 @@ -# written by pyinfra - -# For more information, see interfaces(5). - -# see /etc/udev/rules.d/70-persistent-net.rules for assignments - -# boot will stall for these to be up -auto lo - -# to comcast router, who would also serve dhcp but that was hanging on boot -allow-hotplug ens4 ens5 enp1s0 - -iface lo inet loopback - -# 60:e3:27:04:4a:85 -iface ens5 inet static - address 10.2.0.1 - netmask 255.255.255.0 - broadcast 10.2.0.255 - - -# e8:39:35:46:0d:bb -iface enp1s0 inet static - address 10.1.0.1 - netmask 255.255.255.0 - broadcast 10.1.0.255 - - -# ...:81:9e -iface ens4 inet dhcp - # house nat: (see /etc/ufw/after.rules) - post-up iptables -A POSTROUTING --table nat --out-interface ens4 --jump MASQUERADE - # fix bang to use itself as its dns. Not sure when this command needs to run. - post-up ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
--- a/templates/house.network.j2 Sat Jan 15 15:42:02 2022 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,8 +0,0 @@ -[Match] -MACAddress={{ mac }} - -[Network] -Address={{ addr }}/16 -Gateway={{ gateway }} -DNS={{ dns }} -Domains=bigasterisk.com \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/net/bang_10.1.network.j2 Sat Jan 15 17:10:10 2022 -0800 @@ -0,0 +1,9 @@ +# written by pyinfra + +[Match] +MACAddress=e8:39:35:46:0d:bb + +[Network] +Address=10.1.0.1 +DNS=10.2.0.1 +Domains=bigasterisk.com \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/net/bang_10.2.network.j2 Sat Jan 15 17:10:10 2022 -0800 @@ -0,0 +1,9 @@ +# written by pyinfra + +[Match] +MACAddress=60:e3:27:04:4a:85 + +[Network] +Address=10.2.0.1/16 +DNS=10.2.0.1 +Domains=bigasterisk.com \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/net/bang_isp.network.j2 Sat Jan 15 17:10:10 2022 -0800 @@ -0,0 +1,11 @@ +# written by pyinfra + +[Match] +MACAddress=64:ee:b7:14:81:9e + +[Network] +# DHCP=yes +Address=192.168.42.2/24 +Gateway=192.168.42.1 +DNS=10.2.0.1 +Domains=bigasterisk.com \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/net/prime.network.j2 Sat Jan 15 17:10:10 2022 -0800 @@ -0,0 +1,10 @@ +# written by pyinfra + +[Match] +MACAddress={{ mac }} + +[Network] +Address=162.243.138.136/24 +Gateway=162.243.138.1 +DNS=10.5.0.1 8.8.8.8 8.8.4.4 +Domains=bigasterisk.com \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/templates/net/singlenic.network.j2 Sat Jan 15 17:10:10 2022 -0800 @@ -0,0 +1,10 @@ +# written by pyinfra + +[Match] +MACAddress={{ mac }} + +[Network] +Address={{ addr }}/16 +Gateway={{ gateway }} +DNS={{ dns }} +Domains=bigasterisk.com
--- a/templates/netplan.yaml.j2 Sat Jan 15 15:42:02 2022 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,28 +0,0 @@ -# written by pyinfra - -network: - version: 2 - ethernets: - {{ipv4Interface}}: -{% if host.name in ['prime'] %} - link-local: [ ipv4 ] - addresses: ['{{ipv4Address}}/32'] - routes: - - to: 0.0.0.0/0 - via: 162.243.138.1 - nameservers: - search: ['bigasterisk.com'] - addresses: - - 10.5.0.1 - - 8.8.4.4 - - 8.8.8.8 -{% else %} - dhcp4: true -# routes: -# - to: 0.0.0.0/0 -# via: {{ipv4Address.rsplit('.', 1)[0]}}.1 -# nameservers: -# search: ['bigasterisk.com'] -# addresses: -# - 10.2.0.1 -{% endif %}
--- a/templates/netplan_new.yaml.j2 Sat Jan 15 15:42:02 2022 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,36 +0,0 @@ -# written by pyinfra - -network: - version: 2 -{% if host.name == 'garage' %} - ethernets: - match: - macaddress: b8:27:eb:81:17:92 - link-local: [ ipv4 ] - addresses: ['10.2.0.14/32'] - routes: - - to: 0.0.0.0/0 - via: 10.2.0.1 - nameservers: - search: ['bigasterisk.com'] - addresses: - - 10.2.0.1 - wifi: - link-local: [] -{% endif %} - - -{% if host.name == 'dash' %} - ethernets: - match: - macaddress: b8:97:5a:17:d7:1f - link-local: [ ipv4 ] - addresses: ['10.1.0.5/32'] - routes: - - to: default - via: 10.1.0.1 - nameservers: - search: ['bigasterisk.com'] - addresses: - - 10.1.0.1 -{% endif %} \ No newline at end of file