From bd10dc578f149bdb0d318e5e0efea4fe5516c088 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sat, 14 Aug 2021 07:55:01 +0200
Subject: [PATCH] bundles/pppd: refactor check_dyndns_update

We don't care about what the DNS provider said when updating the ip
address. The only thing we care about is wether the current external ip
of the system matches the resolved ip address.
---
 bundles/pppd/files/check_dyndns_update | 40 +++++++++++---------------
 bundles/pppd/files/dyndns              |  3 +-
 bundles/pppd/items.py                  | 18 ++++++------
 bundles/pppd/metadata.py               |  3 +-
 nodes/home/router.py                   |  1 +
 5 files changed, 30 insertions(+), 35 deletions(-)

diff --git a/bundles/pppd/files/check_dyndns_update b/bundles/pppd/files/check_dyndns_update
index c9e6f4f..eaf8dfe 100644
--- a/bundles/pppd/files/check_dyndns_update
+++ b/bundles/pppd/files/check_dyndns_update
@@ -1,28 +1,20 @@
 #!/bin/bash
 
-statusfile="/var/tmp/dyndns.monitoring"
-if ! [[ -f "$statusfile" ]]
-then
-    echo "Status file not found"
-    exit 3
-fi
+[[ -n "$DEBUG" ]] && set -x
 
-mtime=$(stat -c %Y $statusfile)
-now=$(date +%s)
-if (( $now - $mtime > 60*60*24*8 ))
-then
-    echo "Status file is older than 8 days!"
-    exit 3
-fi
+interface="$(ip link show | awk '/ ppp/ {print substr($2, 1, length($2)-1)}')"
+addr="$(ip addr show dev "$interface" | awk '/inet / {print $2}')"
+resolved="$(dig +short "${domain}" A)"
 
-statuscode=$(cat $statusfile)
-case "$statuscode" in
-    200)
-        echo "OK"
-        exit 0
-        ;;
-    *)
-        echo "Last statuscode was $statuscode"
-        exit 2
-        ;;
-esac
+if [[ -z "$addr" ]] || [[ -z "$resolved" ]]
+then
+    echo "Address on '$interface' is '$addr' - resolved '$resolved'"
+    exit 3
+elif [[ "$addr" == "$resolved" ]]
+then
+    echo "Resolved IP for ${domain} matches current ip on $interface"
+    exit 0
+else
+    echo "Resolved $resolved for ${domain}, but got $addr on $interface!"
+    exit 2
+fi
diff --git a/bundles/pppd/files/dyndns b/bundles/pppd/files/dyndns
index 543b848..a88d7c5 100644
--- a/bundles/pppd/files/dyndns
+++ b/bundles/pppd/files/dyndns
@@ -20,5 +20,4 @@ r = requests.get(
     )
 )
 
-with open('/var/tmp/dyndns.monitoring', 'w') as s:
-    s.write(str(r.status_code))
+print('got status {} when updating dns'.format(r.status_code))
diff --git a/bundles/pppd/items.py b/bundles/pppd/items.py
index 0ec6ed5..b55f0c5 100644
--- a/bundles/pppd/items.py
+++ b/bundles/pppd/items.py
@@ -38,7 +38,7 @@ files = {
     '/etc/ppp/chap-secrets': {
         'source': 'secrets',
         'content_type': 'mako',
-        'context': node.metadata['pppd'],
+        'context': node.metadata.get('pppd'),
         'mode': '0400',
         'triggers': {
             'svc_systemd:pppoe:restart',
@@ -47,7 +47,7 @@ files = {
     '/etc/ppp/pap-secrets': {
         'source': 'secrets',
         'content_type': 'mako',
-        'context': node.metadata['pppd'],
+        'context': node.metadata.get('pppd'),
         'mode': '0400',
         'triggers': {
             'svc_systemd:pppoe:restart',
@@ -63,7 +63,7 @@ files = {
     },
     '/etc/ppp/peers/provider': {
         'content_type': 'mako',
-        'context': node.metadata['pppd'],
+        'context': node.metadata.get('pppd'),
         'triggers': {
             'svc_systemd:pppoe:restart',
         },
@@ -87,15 +87,17 @@ files = {
     '/usr/local/bin/restart-pppoe-if-no-public-ip': {
         'mode': '0755',
     },
-    '/usr/local/share/icinga/plugins/check_dyndns_update': {
-        'mode': '0755',
-    },
 }
 
-if 'dyndns' in node.metadata['pppd']:
+if node.metadata.get('pppd/dyndns', {}):
     files['/etc/ppp/ip-up.d/dyndns'] = {
         'content_type': 'mako',
-        'context': node.metadata['pppd']['dyndns'],
+        'context': node.metadata.get('pppd/dyndns'),
+        'mode': '0755',
+    }
+    files['/usr/local/share/icinga/plugins/check_dyndns_update'] = {
+        'content_type': 'mako',
+        'context': node.metadata.get('pppd/dyndns'),
         'mode': '0755',
     }
 
diff --git a/bundles/pppd/metadata.py b/bundles/pppd/metadata.py
index c54db57..0f6725c 100644
--- a/bundles/pppd/metadata.py
+++ b/bundles/pppd/metadata.py
@@ -30,7 +30,7 @@ defaults = {
     'icinga2_api/pppd/services',
 )
 def icinga_dyndns(metadata):
-    if 'dyndns' not in metadata.get('pppd'):
+    if not metadata.get('pppd/dyndns', {}):
         return {}
 
     return {
@@ -39,6 +39,7 @@ def icinga_dyndns(metadata):
                 'services': {
                     'DYNDNS UPDATE': {
                         'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_dyndns_update',
+                        'vars.notification.mail': True,
                     },
                 },
             },
diff --git a/nodes/home/router.py b/nodes/home/router.py
index 928c342..ab85b3c 100644
--- a/nodes/home/router.py
+++ b/nodes/home/router.py
@@ -148,6 +148,7 @@ nodes['home.router'] = {
             'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='),
             'interface': 'enp1s0.100',
             'dyndns': {
+                'domain': 'franzi-home.kunbox.net',
                 'url': 'https://ns-1.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ip}',
                 'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='),
                 'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),