kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests Releases Activity

The big VLAN migration at home #59

Merged
kunsi merged 7 commits from the-big-home-migration into main 2023-03-29 16:17:48 +00:00
Conversation 0 Commits 7 Files changed 7 +88 -86
7 changed files with 88 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

83
configs/netbox_device_home.switch-rack.json
View file

@ -10,7 +10,7 @@
"untagged_vlan": null "untagged_vlan": null
}, },
"ether10": { "ether10": {
"description": "", "description": "dect",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "ACCESS",
@ -91,7 +91,7 @@
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether19": { "ether19": {
"description": "", "description": "kodi",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "ACCESS",
@ -100,16 +100,16 @@
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether2": { "ether2": {
"description": "", "description": "Fritz!Box",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "A_1000BASE_T", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.wan"
}, },
"ether20": { "ether20": {
"description": "", "description": "Schreibtisch Franzi",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "ACCESS",
@ -118,7 +118,7 @@
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether21": { "ether21": {
"description": "Patchpanel oben (4)", "description": "Schreibtisch Sophie",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "ACCESS",
@ -127,30 +127,25 @@
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether22": { "ether22": {
"description": "home.nas (eno1)", "description": "Schreibtisch Sophie",
"enabled": true,
"ips": [],
"mode": "TAGGED",
"tagged_vlans": [
"ffwi.client",
"ffwi.mesh",
"home.clients",
"home.dmz"
],
"type": "A_1000BASE_T",
"untagged_vlan": null
},
"ether23": {
"description": "uplink",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "A_1000BASE_T", "type": "A_1000BASE_T",
"untagged_vlan": "home.wan" "untagged_vlan": "home.clients"
},
"ether23": {
"description": "Wohnzimmer Kabel",
"enabled": true,
"ips": [],
"mode": "ACCESS",
"tagged_vlans": [],
"type": "A_1000BASE_T",
"untagged_vlan": "home.clients"
}, },
"ether24": { "ether24": {
"description": "", "description": "Wohnzimmer Telefon",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "ACCESS",
@ -159,61 +154,67 @@
"untagged_vlan": "home.clients" "untagged_vlan": "home.clients"
}, },
"ether3": { "ether3": {
"description": "", "description": "Freifunk",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "TAGGED",
"tagged_vlans": [], "tagged_vlans": [
"ffwi.mesh",
"home.clients"
],
"type": "A_1000BASE_T", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": null
}, },
"ether4": { "ether4": {
"description": "", "description": "Freifunk",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "TAGGED",
"tagged_vlans": [], "tagged_vlans": [
"ffwi.mesh",
"home.clients"
],
"type": "A_1000BASE_T", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": null
}, },
"ether5": { "ether5": {
"description": "", "description": "home.nas (eno1)",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "TAGGED_ALL",
"tagged_vlans": [], "tagged_vlans": [],
"type": "A_1000BASE_T", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": null
}, },
"ether6": { "ether6": {
"description": "", "description": "info-beamer",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "A_1000BASE_T", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.dmz"
}, },
"ether7": { "ether7": {
"description": "", "description": "Isanet",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "A_1000BASE_T", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.dmz"
}, },
"ether8": { "ether8": {
"description": "", "description": "ripe-probe",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "ACCESS",
"tagged_vlans": [], "tagged_vlans": [],
"type": "A_1000BASE_T", "type": "A_1000BASE_T",
"untagged_vlan": "home.clients" "untagged_vlan": "home.dmz"
}, },
"ether9": { "ether9": {
"description": "", "description": "drucker sophie",
"enabled": true, "enabled": true,
"ips": [], "ips": [],
"mode": "ACCESS", "mode": "ACCESS",

3
nodes.py
View file

@ -15,3 +15,6 @@ for node in Path(join(repo_path, "nodes")).rglob("*.py"):
for name, data in nodes.items(): for name, data in nodes.items():
data.setdefault('hostname', '.'.join(reversed(name.split('.'))) + '.kunbox.net') data.setdefault('hostname', '.'.join(reversed(name.split('.'))) + '.kunbox.net')
data.setdefault('metadata', {}).setdefault('hostname', '.'.join(reversed(name.split('.'))) + '.kunbox.net') data.setdefault('metadata', {}).setdefault('hostname', '.'.join(reversed(name.split('.'))) + '.kunbox.net')
if 'password' in data:
data['password'] = vault.decrypt(data['password'])

3
nodes/home.switch-rack.toml
View file

@ -1,5 +1,6 @@
bundles = ["routeros"] bundles = ["routeros"]
hostname = "172.19.138.4" hostname = "172.19.138.4"
locking_node = "home.router"
os = "routeros" os = "routeros"
password = "encrypt$gAAAAABkI1Eqsust7XuYFK2-FaRzXWM5fOXumhdi5fWNokLtM0CBAqVqc5zcg37XH_JIZvkhp3buKvswcvd_znaV3Rb8kKeJTs4_VJo6OsvbiWkujfT50HspoUXER0JSZSmeZts8a_2i"
username = "admin" username = "admin"
# TODO password

6
nodes/home/downloadhelper.py
View file

@ -9,11 +9,11 @@ nodes['home.downloadhelper'] = {
}, },
'metadata': { 'metadata': {
'interfaces': { 'interfaces': {
'enp1s0.8': { 'enp1s0.3001': {
'dhcp': True, 'dhcp': True,
'send_hostname': False, 'send_hostname': False,
}, },
'enp1s0.42': { 'enp1s0.1138': {
'ips': { 'ips': {
'172.19.138.27/24', '172.19.138.27/24',
}, },
@ -30,7 +30,7 @@ nodes['home.downloadhelper'] = {
}, },
'lldp': { 'lldp': {
'interfaces': { 'interfaces': {
'enp1s0.42', 'enp1s0.1138',
}, },
}, },
'nfs-client': { 'nfs-client': {

16
nodes/home/nas.py
View file

@ -18,7 +18,7 @@ nodes['home.nas'] = {
}, },
'metadata': { 'metadata': {
'interfaces': { 'interfaces': {
'br42': { 'br1138': {
'ips': { 'ips': {
'172.19.138.20/24', '172.19.138.20/24',
}, },
@ -148,23 +148,15 @@ nodes['home.nas'] = {
}, },
}, },
'systemd-networkd': { 'systemd-networkd': {
'bonds': {
'bond0': {
'match': {
'enp8*',
'enp9*',
},
},
},
'bridges': { 'bridges': {
'br0': { 'br0': {
'match': { 'match': {
'bond0', 'enp1s0',
}, },
}, },
'br42': { 'br1138': {
'match': { 'match': {
'br0.42', 'br0.1138',
}, },
}, },
}, },

52
nodes/home/router.py
View file

@ -16,16 +16,16 @@ nodes['home.router'] = {
}, },
'metadata': { 'metadata': {
'interfaces': { 'interfaces': {
'enp1s0.23': { 'enp1s0.1138': {
'ips': {
'172.19.139.1/24',
},
},
'enp1s0.42': {
'ips': { 'ips': {
'172.19.138.1/24', '172.19.138.1/24',
}, },
}, },
'enp1s0.1139': {
'ips': {
'172.19.139.1/24',
},
},
}, },
'backups': { 'backups': {
'exclude_from_backups': True, 'exclude_from_backups': True,
@ -47,18 +47,7 @@ nodes['home.router'] = {
}, },
'dhcpd': { 'dhcpd': {
'subnets': { 'subnets': {
'enp1s0.23': { 'enp1s0.1138': {
'range_lower': '172.19.139.200',
'range_higher': '172.19.139.250',
'subnet': '172.19.139.0/24',
'options': {
'broadcast-address': '172.19.139.255',
'domain-name-servers': '172.19.139.1',
'routers': '172.19.139.1',
'subnet-mask': '255.255.255.0',
},
},
'enp1s0.42': {
'range_lower': '172.19.138.100', 'range_lower': '172.19.138.100',
'range_higher': '172.19.138.250', 'range_higher': '172.19.138.250',
'subnet': '172.19.138.0/24', 'subnet': '172.19.138.0/24',
@ -71,6 +60,17 @@ nodes['home.router'] = {
'subnet-mask': '255.255.255.0', 'subnet-mask': '255.255.255.0',
}, },
}, },
'enp1s0.1139': {
'range_lower': '172.19.139.200',
'range_higher': '172.19.139.250',
'subnet': '172.19.139.0/24',
'options': {
'broadcast-address': '172.19.139.255',
'domain-name-servers': '172.19.139.1',
'routers': '172.19.139.1',
'subnet-mask': '255.255.255.0',
},
},
}, },
}, },
'hosts': { 'hosts': {
@ -118,8 +118,8 @@ nodes['home.router'] = {
}, },
'radvd': { 'radvd': {
'interfaces': { 'interfaces': {
'enp1s0.23': {}, 'enp1s0.1138': {},
'enp1s0.42': {}, 'enp1s0.1138': {},
}, },
}, },
'postfix': { 'postfix': {
@ -130,7 +130,7 @@ nodes['home.router'] = {
'pppd': { 'pppd': {
'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='), 'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='),
'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='), 'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='),
'interface': 'enp1s0.100', 'interface': 'enp1s0.7',
'dyndns': { 'dyndns': {
'domain': 'franzi-home.kunbox.net', 'domain': 'franzi-home.kunbox.net',
'url': 'https://ns-primary.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ip}', 'url': 'https://ns-primary.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ip}',
@ -138,8 +138,8 @@ nodes['home.router'] = {
'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='), 'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
}, },
'nftables-rules.d': { 'nftables-rules.d': {
'inet filter forward iifname enp1s0.23 oif $INTERFACE accept', 'inet filter forward iifname enp1s0.1138 accept',
'inet filter forward iifname enp1s0.42 accept', 'inet filter forward iifname enp1s0.1139 oif $INTERFACE accept',
}, },
}, },
'unbound': { 'unbound': {
@ -161,7 +161,7 @@ nodes['home.router'] = {
}, },
}, },
'vnstat': { 'vnstat': {
'interface': 'enp1s0.100', 'interface': 'enp1s0.7',
}, },
'vm': { 'vm': {
'cpu': 2, 'cpu': 2,
@ -170,8 +170,8 @@ nodes['home.router'] = {
'wide-dhcp6c': { 'wide-dhcp6c': {
'source': 'ppp0', 'source': 'ppp0',
'targets': { 'targets': {
'enp1s0.23': '2', 'enp1s0.1138': '1',
'enp1s0.42': '1', 'enp1s0.1139': '2',
}, },
}, },
'wireguard': { 'wireguard': {

11
scripts/passwords-for
View file

@ -2,6 +2,7 @@
from os import environ from os import environ
from sys import argv from sys import argv
from bundlewrap.metagen import NodeMetadataProxy
from bundlewrap.exceptions import FaultUnavailable from bundlewrap.exceptions import FaultUnavailable
from bundlewrap.repo import Repository from bundlewrap.repo import Repository
from bundlewrap.utils import Fault from bundlewrap.utils import Fault
@ -19,13 +20,17 @@ def print_faults(dictionary, keypath=[]):
else: else:
if '\n' not in resolved_fault: if '\n' not in resolved_fault:
print('{}/{}: {}'.format('/'.join(keypath), key, value)) print('{}/{}: {}'.format('/'.join(keypath), key, value))
elif isinstance(value, dict): elif isinstance(value, (list, set, tuple)):
print_faults(dict(enumerate(value)), keypath=keypath+[key])
elif isinstance(value, (dict, NodeMetadataProxy)):
print_faults(value, keypath=keypath+[key]) print_faults(value, keypath=keypath+[key])
if len(argv) == 1: if len(argv) == 1:
print('node name missing') print('node name missing')
exit(1) exit(1)
node = repo.get_node(argv[1]) node = repo.get_node(argv[1])
print_faults(node.metadata) print_faults({
'password': node.password,
'metadata': node.metadata,
})