From 5218307be04779754664c914f611a3264cbfe1b3 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Mon, 27 Mar 2023 13:47:35 +0200 Subject: [PATCH 1/7] bump netbox dump for home.switch-rack --- configs/netbox_device_home.switch-rack.json | 83 +++++++++++---------- 1 file changed, 42 insertions(+), 41 deletions(-) diff --git a/configs/netbox_device_home.switch-rack.json b/configs/netbox_device_home.switch-rack.json index 1e84e4b..1570cbe 100644 --- a/configs/netbox_device_home.switch-rack.json +++ b/configs/netbox_device_home.switch-rack.json @@ -10,7 +10,7 @@ "untagged_vlan": null }, "ether10": { - "description": "", + "description": "dect", "enabled": true, "ips": [], "mode": "ACCESS", @@ -91,7 +91,7 @@ "untagged_vlan": "home.clients" }, "ether19": { - "description": "", + "description": "kodi", "enabled": true, "ips": [], "mode": "ACCESS", @@ -100,16 +100,16 @@ "untagged_vlan": "home.clients" }, "ether2": { - "description": "", + "description": "Fritz!Box", "enabled": true, "ips": [], "mode": "ACCESS", "tagged_vlans": [], "type": "A_1000BASE_T", - "untagged_vlan": "home.clients" + "untagged_vlan": "home.wan" }, "ether20": { - "description": "", + "description": "Schreibtisch Franzi", "enabled": true, "ips": [], "mode": "ACCESS", @@ -118,7 +118,7 @@ "untagged_vlan": "home.clients" }, "ether21": { - "description": "Patchpanel oben (4)", + "description": "Schreibtisch Sophie", "enabled": true, "ips": [], "mode": "ACCESS", @@ -127,30 +127,25 @@ "untagged_vlan": "home.clients" }, "ether22": { - "description": "home.nas (eno1)", - "enabled": true, - "ips": [], - "mode": "TAGGED", - "tagged_vlans": [ - "ffwi.client", - "ffwi.mesh", - "home.clients", - "home.dmz" - ], - "type": "A_1000BASE_T", - "untagged_vlan": null - }, - "ether23": { - "description": "uplink", + "description": "Schreibtisch Sophie", "enabled": true, "ips": [], "mode": "ACCESS", "tagged_vlans": [], "type": "A_1000BASE_T", - "untagged_vlan": "home.wan" + "untagged_vlan": "home.clients" + }, + "ether23": { + "description": "Wohnzimmer Kabel", + "enabled": true, + "ips": [], + "mode": "ACCESS", + "tagged_vlans": [], + "type": "A_1000BASE_T", + "untagged_vlan": "home.clients" }, "ether24": { - "description": "", + "description": "Wohnzimmer Telefon", "enabled": true, "ips": [], "mode": "ACCESS", @@ -159,61 +154,67 @@ "untagged_vlan": "home.clients" }, "ether3": { - "description": "", + "description": "Freifunk", "enabled": true, "ips": [], - "mode": "ACCESS", - "tagged_vlans": [], + "mode": "TAGGED", + "tagged_vlans": [ + "ffwi.mesh", + "home.clients" + ], "type": "A_1000BASE_T", - "untagged_vlan": "home.clients" + "untagged_vlan": null }, "ether4": { - "description": "", + "description": "Freifunk", "enabled": true, "ips": [], - "mode": "ACCESS", - "tagged_vlans": [], + "mode": "TAGGED", + "tagged_vlans": [ + "ffwi.mesh", + "home.clients" + ], "type": "A_1000BASE_T", - "untagged_vlan": "home.clients" + "untagged_vlan": null }, "ether5": { - "description": "", + "description": "home.nas (eno1)", "enabled": true, "ips": [], - "mode": "ACCESS", + "mode": "TAGGED_ALL", "tagged_vlans": [], "type": "A_1000BASE_T", - "untagged_vlan": "home.clients" + "untagged_vlan": null }, "ether6": { - "description": "", + "description": "info-beamer", "enabled": true, "ips": [], "mode": "ACCESS", "tagged_vlans": [], "type": "A_1000BASE_T", - "untagged_vlan": "home.clients" + "untagged_vlan": "home.dmz" }, "ether7": { - "description": "", + "description": "Isanet", "enabled": true, "ips": [], "mode": "ACCESS", "tagged_vlans": [], "type": "A_1000BASE_T", - "untagged_vlan": "home.clients" + "untagged_vlan": "home.dmz" }, "ether8": { - "description": "", + "description": "ripe-probe", "enabled": true, "ips": [], "mode": "ACCESS", "tagged_vlans": [], "type": "A_1000BASE_T", - "untagged_vlan": "home.clients" + "untagged_vlan": "home.dmz" }, "ether9": { - "description": "", + "description": "drucker sophie", "enabled": true, "ips": [], "mode": "ACCESS", -- 2.39.2 From 1070101fd323a2a15c3b75835cbf2e2aa9fba224 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Mon, 27 Mar 2023 13:51:44 +0200 Subject: [PATCH 2/7] home.downloadhelper: rotate all the vlans --- nodes/home/downloadhelper.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nodes/home/downloadhelper.py b/nodes/home/downloadhelper.py index 56a3b7d..4396651 100644 --- a/nodes/home/downloadhelper.py +++ b/nodes/home/downloadhelper.py @@ -9,11 +9,11 @@ nodes['home.downloadhelper'] = { }, 'metadata': { 'interfaces': { - 'enp1s0.8': { + 'enp1s0.3301': { 'dhcp': True, 'send_hostname': False, }, - 'enp1s0.42': { + 'enp1s0.1138': { 'ips': { '172.19.138.27/24', }, -- 2.39.2 From f1381857c43c5a5bcb0779fba9f36ccaacffdfc2 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Mon, 27 Mar 2023 13:52:08 +0200 Subject: [PATCH 3/7] home.router: rotate all the vlans --- nodes/home/router.py | 52 ++++++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/nodes/home/router.py b/nodes/home/router.py index d7a7d20..740c3f0 100644 --- a/nodes/home/router.py +++ b/nodes/home/router.py @@ -16,16 +16,16 @@ nodes['home.router'] = { }, 'metadata': { 'interfaces': { - 'enp1s0.23': { - 'ips': { - '172.19.139.1/24', - }, - }, - 'enp1s0.42': { + 'enp1s0.1138': { 'ips': { '172.19.138.1/24', }, }, + 'enp1s0.1139': { + 'ips': { + '172.19.139.1/24', + }, + }, }, 'backups': { 'exclude_from_backups': True, @@ -47,18 +47,7 @@ nodes['home.router'] = { }, 'dhcpd': { 'subnets': { - 'enp1s0.23': { - 'range_lower': '172.19.139.200', - 'range_higher': '172.19.139.250', - 'subnet': '172.19.139.0/24', - 'options': { - 'broadcast-address': '172.19.139.255', - 'domain-name-servers': '172.19.139.1', - 'routers': '172.19.139.1', - 'subnet-mask': '255.255.255.0', - }, - }, - 'enp1s0.42': { + 'enp1s0.1138': { 'range_lower': '172.19.138.100', 'range_higher': '172.19.138.250', 'subnet': '172.19.138.0/24', @@ -71,6 +60,17 @@ nodes['home.router'] = { 'subnet-mask': '255.255.255.0', }, }, + 'enp1s0.1139': { + 'range_lower': '172.19.139.200', + 'range_higher': '172.19.139.250', + 'subnet': '172.19.139.0/24', + 'options': { + 'broadcast-address': '172.19.139.255', + 'domain-name-servers': '172.19.139.1', + 'routers': '172.19.139.1', + 'subnet-mask': '255.255.255.0', + }, + }, }, }, 'hosts': { @@ -118,8 +118,8 @@ nodes['home.router'] = { }, 'radvd': { 'interfaces': { - 'enp1s0.23': {}, - 'enp1s0.42': {}, + 'enp1s0.1138': {}, + 'enp1s0.1138': {}, }, }, 'postfix': { @@ -130,7 +130,7 @@ nodes['home.router'] = { 'pppd': { 'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='), 'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='), - 'interface': 'enp1s0.100', + 'interface': 'enp1s0.7', 'dyndns': { 'domain': 'franzi-home.kunbox.net', 'url': 'https://ns-primary.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ip}', @@ -138,8 +138,8 @@ nodes['home.router'] = { 'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='), }, 'nftables-rules.d': { - 'inet filter forward iifname enp1s0.23 oif $INTERFACE accept', - 'inet filter forward iifname enp1s0.42 accept', + 'inet filter forward iifname enp1s0.1138 accept', + 'inet filter forward iifname enp1s0.1139 oif $INTERFACE accept', }, }, 'unbound': { @@ -161,7 +161,7 @@ nodes['home.router'] = { }, }, 'vnstat': { - 'interface': 'enp1s0.100', + 'interface': 'enp1s0.7', }, 'vm': { 'cpu': 2, @@ -170,8 +170,8 @@ nodes['home.router'] = { 'wide-dhcp6c': { 'source': 'ppp0', 'targets': { - 'enp1s0.23': '2', - 'enp1s0.42': '1', + 'enp1s0.1138': '1', + 'enp1s0.1139': '2', }, }, 'wireguard': { -- 2.39.2 From 3cc9267eee19f0c32f9204037beec55ddb74976d Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Mon, 27 Mar 2023 13:52:23 +0200 Subject: [PATCH 4/7] home.nas: rotate all the vlans --- nodes/home/nas.py | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/nodes/home/nas.py b/nodes/home/nas.py index 34ae010..b67b1de 100644 --- a/nodes/home/nas.py +++ b/nodes/home/nas.py @@ -18,7 +18,7 @@ nodes['home.nas'] = { }, 'metadata': { 'interfaces': { - 'br42': { + 'br1138': { 'ips': { '172.19.138.20/24', }, @@ -148,23 +148,15 @@ nodes['home.nas'] = { }, }, 'systemd-networkd': { - 'bonds': { - 'bond0': { - 'match': { - 'enp8*', - 'enp9*', - }, - }, - }, 'bridges': { 'br0': { 'match': { - 'bond0', + 'enp1s0', }, }, - 'br42': { + 'br1138': { 'match': { - 'br0.42', + 'br0.1138', }, }, }, -- 2.39.2 From 54c6499fc01af69dfdf849926dffdbc909fbe255 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Mon, 27 Mar 2023 13:52:50 +0200 Subject: [PATCH 5/7] home.downloadhelper: more vlans --- nodes/home/downloadhelper.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodes/home/downloadhelper.py b/nodes/home/downloadhelper.py index 4396651..19f6c9c 100644 --- a/nodes/home/downloadhelper.py +++ b/nodes/home/downloadhelper.py @@ -30,7 +30,7 @@ nodes['home.downloadhelper'] = { }, 'lldp': { 'interfaces': { - 'enp1s0.42', + 'enp1s0.1138', }, }, 'nfs-client': { -- 2.39.2 From 6e32e6f4424f4a9aafcd0ff9972f322b24fdf920 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Tue, 28 Mar 2023 22:52:10 +0200 Subject: [PATCH 6/7] home.switch-rack: use password for authentication --- nodes.py | 3 +++ nodes/home.switch-rack.toml | 3 ++- scripts/passwords-for | 11 ++++++++--- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/nodes.py b/nodes.py index b9110ad..9be84b4 100644 --- a/nodes.py +++ b/nodes.py @@ -15,3 +15,6 @@ for node in Path(join(repo_path, "nodes")).rglob("*.py"): for name, data in nodes.items(): data.setdefault('hostname', '.'.join(reversed(name.split('.'))) + '.kunbox.net') data.setdefault('metadata', {}).setdefault('hostname', '.'.join(reversed(name.split('.'))) + '.kunbox.net') + + if 'password' in data: + data['password'] = vault.decrypt(data['password']) diff --git a/nodes/home.switch-rack.toml b/nodes/home.switch-rack.toml index 2f5dbda..1944e1e 100644 --- a/nodes/home.switch-rack.toml +++ b/nodes/home.switch-rack.toml @@ -1,5 +1,6 @@ bundles = ["routeros"] hostname = "172.19.138.4" +locking_node = "home.router" os = "routeros" +password = "encrypt$gAAAAABkI1Eqsust7XuYFK2-FaRzXWM5fOXumhdi5fWNokLtM0CBAqVqc5zcg37XH_JIZvkhp3buKvswcvd_znaV3Rb8kKeJTs4_VJo6OsvbiWkujfT50HspoUXER0JSZSmeZts8a_2i" username = "admin" -# TODO password diff --git a/scripts/passwords-for b/scripts/passwords-for index c12fa7b..10beb14 100755 --- a/scripts/passwords-for +++ b/scripts/passwords-for @@ -2,6 +2,7 @@ from os import environ from sys import argv +from bundlewrap.metagen import NodeMetadataProxy from bundlewrap.exceptions import FaultUnavailable from bundlewrap.repo import Repository from bundlewrap.utils import Fault @@ -19,13 +20,17 @@ def print_faults(dictionary, keypath=[]): else: if '\n' not in resolved_fault: print('{}/{}: {}'.format('/'.join(keypath), key, value)) - elif isinstance(value, dict): + elif isinstance(value, (list, set, tuple)): + print_faults(dict(enumerate(value)), keypath=keypath+[key]) + elif isinstance(value, (dict, NodeMetadataProxy)): print_faults(value, keypath=keypath+[key]) - if len(argv) == 1: print('node name missing') exit(1) node = repo.get_node(argv[1]) -print_faults(node.metadata) +print_faults({ + 'password': node.password, + 'metadata': node.metadata, +}) -- 2.39.2 From bd505d2fefc9738e46efbd8c1a76ff94620fe4ca Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Tue, 28 Mar 2023 22:57:05 +0200 Subject: [PATCH 7/7] home.downloadhelper: fix vlan id --- nodes/home/downloadhelper.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodes/home/downloadhelper.py b/nodes/home/downloadhelper.py index 19f6c9c..d09d558 100644 --- a/nodes/home/downloadhelper.py +++ b/nodes/home/downloadhelper.py @@ -9,7 +9,7 @@ nodes['home.downloadhelper'] = { }, 'metadata': { 'interfaces': { - 'enp1s0.3301': { + 'enp1s0.3001': { 'dhcp': True, 'send_hostname': False, }, -- 2.39.2