kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests Releases Activity

The big VLAN migration at home #59

Merged
kunsi merged 7 commits from the-big-home-migration into main 2023-03-29 16:17:48 +00:00
Conversation 0 Commits 7 Files changed 7 +88 -86
7 changed files with 88 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

83
configs/netbox_device_home.switch-rack.json
View file

@ -10,7 +10,7 @@
"untagged_vlan": null
},
"ether10": {
"description": "",
"description": "dect",
"enabled": true,
"ips": [],
"mode": "ACCESS",
@ -91,7 +91,7 @@
"untagged_vlan": "home.clients"
},
"ether19": {
"description": "",
"description": "kodi",
"enabled": true,
"ips": [],
"mode": "ACCESS",
@ -100,16 +100,16 @@
"untagged_vlan": "home.clients"
},
"ether2": {
"description": "",
"description": "Fritz!Box",
"enabled": true,
"ips": [],
"mode": "ACCESS",
"tagged_vlans": [],
"type": "A_1000BASE_T",
"untagged_vlan": "home.clients"
"untagged_vlan": "home.wan"
},
"ether20": {
"description": "",
"description": "Schreibtisch Franzi",
"enabled": true,
"ips": [],
"mode": "ACCESS",
@ -118,7 +118,7 @@
"untagged_vlan": "home.clients"
},
"ether21": {
"description": "Patchpanel oben (4)",
"description": "Schreibtisch Sophie",
"enabled": true,
"ips": [],
"mode": "ACCESS",
@ -127,30 +127,25 @@
"untagged_vlan": "home.clients"
},
"ether22": {
"description": "home.nas (eno1)",
"enabled": true,
"ips": [],
"mode": "TAGGED",
"tagged_vlans": [
"ffwi.client",
"ffwi.mesh",
"home.clients",
"home.dmz"
],
"type": "A_1000BASE_T",
"untagged_vlan": null
},
"ether23": {
"description": "uplink",
"description": "Schreibtisch Sophie",
"enabled": true,
"ips": [],
"mode": "ACCESS",
"tagged_vlans": [],
"type": "A_1000BASE_T",
"untagged_vlan": "home.wan"
"untagged_vlan": "home.clients"
},
"ether23": {
"description": "Wohnzimmer Kabel",
"enabled": true,
"ips": [],
"mode": "ACCESS",
"tagged_vlans": [],
"type": "A_1000BASE_T",
"untagged_vlan": "home.clients"
},
"ether24": {
"description": "",
"description": "Wohnzimmer Telefon",
"enabled": true,
"ips": [],
"mode": "ACCESS",
@ -159,61 +154,67 @@
"untagged_vlan": "home.clients"
},
"ether3": {
"description": "",
"description": "Freifunk",
"enabled": true,
"ips": [],
"mode": "ACCESS",
"tagged_vlans": [],
"mode": "TAGGED",
"tagged_vlans": [
"ffwi.mesh",
"home.clients"
],
"type": "A_1000BASE_T",
"untagged_vlan": "home.clients"
"untagged_vlan": null
},
"ether4": {
"description": "",
"description": "Freifunk",
"enabled": true,
"ips": [],
"mode": "ACCESS",
"tagged_vlans": [],
"mode": "TAGGED",
"tagged_vlans": [
"ffwi.mesh",
"home.clients"
],
"type": "A_1000BASE_T",
"untagged_vlan": "home.clients"
"untagged_vlan": null
},
"ether5": {
"description": "",
"description": "home.nas (eno1)",
"enabled": true,
"ips": [],
"mode": "ACCESS",
"mode": "TAGGED_ALL",
"tagged_vlans": [],
"type": "A_1000BASE_T",
"untagged_vlan": "home.clients"
"untagged_vlan": null
},
"ether6": {
"description": "",
"description": "info-beamer",
"enabled": true,
"ips": [],
"mode": "ACCESS",
"tagged_vlans": [],
"type": "A_1000BASE_T",
"untagged_vlan": "home.clients"
"untagged_vlan": "home.dmz"
},
"ether7": {
"description": "",
"description": "Isanet",
"enabled": true,
"ips": [],
"mode": "ACCESS",
"tagged_vlans": [],
"type": "A_1000BASE_T",
"untagged_vlan": "home.clients"
"untagged_vlan": "home.dmz"
},
"ether8": {
"description": "",
"description": "ripe-probe",
"enabled": true,
"ips": [],
"mode": "ACCESS",
"tagged_vlans": [],
"type": "A_1000BASE_T",
"untagged_vlan": "home.clients"
"untagged_vlan": "home.dmz"
},
"ether9": {
"description": "",
"description": "drucker sophie",
"enabled": true,
"ips": [],
"mode": "ACCESS",

3
nodes.py
View file

@ -15,3 +15,6 @@ for node in Path(join(repo_path, "nodes")).rglob("*.py"):
for name, data in nodes.items():
data.setdefault('hostname', '.'.join(reversed(name.split('.'))) + '.kunbox.net')
data.setdefault('metadata', {}).setdefault('hostname', '.'.join(reversed(name.split('.'))) + '.kunbox.net')
if 'password' in data:
data['password'] = vault.decrypt(data['password'])

3
nodes/home.switch-rack.toml
View file

@ -1,5 +1,6 @@
bundles = ["routeros"]
hostname = "172.19.138.4"
locking_node = "home.router"
os = "routeros"
password = "encrypt$gAAAAABkI1Eqsust7XuYFK2-FaRzXWM5fOXumhdi5fWNokLtM0CBAqVqc5zcg37XH_JIZvkhp3buKvswcvd_znaV3Rb8kKeJTs4_VJo6OsvbiWkujfT50HspoUXER0JSZSmeZts8a_2i"
username = "admin"
# TODO password

6
nodes/home/downloadhelper.py
View file

@ -9,11 +9,11 @@ nodes['home.downloadhelper'] = {
},
'metadata': {
'interfaces': {
'enp1s0.8': {
'enp1s0.3001': {
'dhcp': True,
'send_hostname': False,
},
'enp1s0.42': {
'enp1s0.1138': {
'ips': {
'172.19.138.27/24',
},
@ -30,7 +30,7 @@ nodes['home.downloadhelper'] = {
},
'lldp': {
'interfaces': {
'enp1s0.42',
'enp1s0.1138',
},
},
'nfs-client': {

16
nodes/home/nas.py
View file

@ -18,7 +18,7 @@ nodes['home.nas'] = {
},
'metadata': {
'interfaces': {
'br42': {
'br1138': {
'ips': {
'172.19.138.20/24',
},
@ -148,23 +148,15 @@ nodes['home.nas'] = {
},
},
'systemd-networkd': {
'bonds': {
'bond0': {
'match': {
'enp8*',
'enp9*',
},
},
},
'bridges': {
'br0': {
'match': {
'bond0',
'enp1s0',
},
},
'br42': {
'br1138': {
'match': {
'br0.42',
'br0.1138',
},
},
},

52
nodes/home/router.py
View file

@ -16,16 +16,16 @@ nodes['home.router'] = {
},
'metadata': {
'interfaces': {
'enp1s0.23': {
'ips': {
'172.19.139.1/24',
},
},
'enp1s0.42': {
'enp1s0.1138': {
'ips': {
'172.19.138.1/24',
},
},
'enp1s0.1139': {
'ips': {
'172.19.139.1/24',
},
},
},
'backups': {
'exclude_from_backups': True,
@ -47,18 +47,7 @@ nodes['home.router'] = {
},
'dhcpd': {
'subnets': {
'enp1s0.23': {
'range_lower': '172.19.139.200',
'range_higher': '172.19.139.250',
'subnet': '172.19.139.0/24',
'options': {
'broadcast-address': '172.19.139.255',
'domain-name-servers': '172.19.139.1',
'routers': '172.19.139.1',
'subnet-mask': '255.255.255.0',
},
},
'enp1s0.42': {
'enp1s0.1138': {
'range_lower': '172.19.138.100',
'range_higher': '172.19.138.250',
'subnet': '172.19.138.0/24',
@ -71,6 +60,17 @@ nodes['home.router'] = {
'subnet-mask': '255.255.255.0',
},
},
'enp1s0.1139': {
'range_lower': '172.19.139.200',
'range_higher': '172.19.139.250',
'subnet': '172.19.139.0/24',
'options': {
'broadcast-address': '172.19.139.255',
'domain-name-servers': '172.19.139.1',
'routers': '172.19.139.1',
'subnet-mask': '255.255.255.0',
},
},
},
},
'hosts': {
@ -118,8 +118,8 @@ nodes['home.router'] = {
},
'radvd': {
'interfaces': {
'enp1s0.23': {},
'enp1s0.42': {},
'enp1s0.1138': {},
'enp1s0.1138': {},
},
},
'postfix': {
@ -130,7 +130,7 @@ nodes['home.router'] = {
'pppd': {
'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='),
'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='),
'interface': 'enp1s0.100',
'interface': 'enp1s0.7',
'dyndns': {
'domain': 'franzi-home.kunbox.net',
'url': 'https://ns-primary.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ip}',
@ -138,8 +138,8 @@ nodes['home.router'] = {
'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
},
'nftables-rules.d': {
'inet filter forward iifname enp1s0.23 oif $INTERFACE accept',
'inet filter forward iifname enp1s0.42 accept',
'inet filter forward iifname enp1s0.1138 accept',
'inet filter forward iifname enp1s0.1139 oif $INTERFACE accept',
},
},
'unbound': {
@ -161,7 +161,7 @@ nodes['home.router'] = {
},
},
'vnstat': {
'interface': 'enp1s0.100',
'interface': 'enp1s0.7',
},
'vm': {
'cpu': 2,
@ -170,8 +170,8 @@ nodes['home.router'] = {
'wide-dhcp6c': {
'source': 'ppp0',
'targets': {
'enp1s0.23': '2',
'enp1s0.42': '1',
'enp1s0.1138': '1',
'enp1s0.1139': '2',
},
},
'wireguard': {

11
scripts/passwords-for
View file

@ -2,6 +2,7 @@
from os import environ
from sys import argv
from bundlewrap.metagen import NodeMetadataProxy
from bundlewrap.exceptions import FaultUnavailable
from bundlewrap.repo import Repository
from bundlewrap.utils import Fault
@ -19,13 +20,17 @@ def print_faults(dictionary, keypath=[]):
else:
if '\n' not in resolved_fault:
print('{}/{}: {}'.format('/'.join(keypath), key, value))
elif isinstance(value, dict):
elif isinstance(value, (list, set, tuple)):
print_faults(dict(enumerate(value)), keypath=keypath+[key])
elif isinstance(value, (dict, NodeMetadataProxy)):
print_faults(value, keypath=keypath+[key])
if len(argv) == 1:
print('node name missing')
exit(1)
node = repo.get_node(argv[1])
print_faults(node.metadata)
print_faults({
'password': node.password,
'metadata': node.metadata,
})