first commit

registry.json

@@ -0,0 +1,77 @@
+{
+  "zone": {
+    "soa": "eve.dn42.",
+    "ns": "eve.dn42.",
+    "serial": 93,
+    "refresh": "1H",
+    "retry": "4H",
+    "expire": "3W",
+    "minimum": "1D",
+    "v4_subnet": "172.23.75.0/24",
+    "v6_subnet": "fdc0:4992:6a6d::/48"
+  },
+  "host": {
+    "as": "4242420092",
+    "v4_tunnel": "172.23.75.1",
+    "start-port": 5001,
+    "end-port": 5020
+  },
+  "network": {
+    "hax404": {
+      "as": "76114",
+      "type": "openvpn",
+      "proto": "udp6",
+      "remote": "2a03:4000:6:145:11::1",
+      "v4_tunnel": "172.23.136.65",
+      "lport": 5001,
+      "rport": 5001
+    },
+    "chelnok": {
+      "as": "4242421375",
+      "type": "openvpn",
+      "proto": "udp6",
+      "remote": "portal.chelnok.de",
+      "v4_tunnel": "172.23.64.1",
+      "rport": 2322,
+      "lport": 5002
+    },
+    "wetu": {
+      "as": "64698",
+      "type": "openvpn",
+      "proto": "udp6",
+      "remote": "dn42.wetu.c3d2.de",
+      "v4_tunnel": "172.22.100.254",
+      "lport": 5003,
+      "rport": 5003
+    },
+    "tobee": {
+      "as": "4242420022",
+      "type": "openvpn",
+      "proto": "udp6",
+      "remote": "2001:1640:3::a",
+      "v4_tunnel": "172.23.67.1",
+      "lport": 5018,
+      "rport": 5018
+    },
+    "flatbert": {
+      "type": "openvpn",
+      "proto": "udp",
+      "float": true,
+      "v4_tunnel": "172.22.99.253",
+      "lport": 5002
+    },
+    "eve": {
+      "type": "local",
+      "ipv4": "172.23.75.1"
+    },
+    "matchbox": {
+      "type": "tinc",
+      "ipv4": "172.23.75.2"
+    },
+    "turingmachine": {
+      "type": "tinc",
+      "ipv4": "172.23.75.3",
+      "mac": "02:1f:02:a6:62:8e"
+    }
+  }
+}

scripts/dhcp

@@ -0,0 +1,88 @@
+#!/usr/bin/ruby
+require_relative "utils"
+require "optparse"
+
+class DhcpRegistry < Registry
+  def add_lease(name, macaddress, ipv4, ipv6)
+    data["network"][name] ||= {}
+    host = data["network"][name]
+    host["macaddress"] = macaddress
+    host["ipv4"] = ipv4 if ipv4
+    host["ipv6"] = ipv6 if ipv6
+  end
+
+  def remove_lease(name)
+    if data["network"].delete(name).nil?
+      die "no such lease name #{name} in registry.json"
+    end
+  end
+
+  def update_leases
+    template_path = Pathname.new(File.expand_path("../../templates", __FILE__))
+    dhcp_template = Template.new(template_path.join("dhcp.conf.erb"))
+    static_leases = data["network"].select do |name, data|
+      data["mac"] && (data["ipv4"] || data["ipv6"])
+    end.map do |name, data|
+      TemplateContext.new(data.merge(name: name))
+    end
+    dhcp_path = Pathname.new(File.expand_path("../../dhcp.peers.conf", __FILE__))
+    File.open(dhcp_path, "w+").write(dhcp_template.render(leases: static_leases))
+  end
+end
+
+GLOBAL_OPTIONS = OptionParser.new do |opts|
+  opts.banner = "Usage: dhcp [options] [subcommand [options]]"
+  opts.separator ""
+  opts.separator <<HELP
+Available subcommands:
+add [options] NAME MACADDRESS: add dhcp lease
+remove [options] NAME: remove dhcp static lease
+
+See 'dhcp COMMAND --help' for more information on a specific command.
+HELP
+end
+
+def add_command(registry, args)
+  ipv4, ipv6 = nil, nil
+  parser = OptionParser.new do |opts|
+    opts.banner = "Usage: dhcp add [options] NAME MACADDRESS"
+    opts.on("-4", "--ipv4 ADDRESS", "set fixed ipv4 address") do |address|
+      ipv4 = address
+    end
+    opts.on("-6", "--ipv6 ADDRESS", "set fixed ipv6 address") do |address|
+      ipv6 = address
+    end
+  end.order!
+  if ARGV.size < 2
+    $stderr.puts "no enough arguments"
+    die(parser.help)
+  end
+  name, macaddress = args
+  registry.add_lease(name, macaddress, ipv4, ipv6)
+end
+
+def remove_command(registry, args)
+  parser = OptionParser.new do |opts|
+    opts.banner = "Usage: dhcp remove NAME"
+  end.order!
+  if args.empty?
+    $stderr.puts "no enough arguments"
+    die(parser.help)
+  end
+  registry.remove_lease(args.first)
+end
+
+GLOBAL_OPTIONS.order!
+registry = DhcpRegistry.new
+case command = ARGV.shift
+when "add"
+  add_command(registry, ARGV)
+when "remove"
+  remove_command(registry, ARGV)
+when nil # just update
+else
+  die "unknown subcommand #{command}"
+end
+
+registry.save
+registry.update_leases

scripts/dns

@@ -0,0 +1,6 @@
+#!/usr/bin/ruby
+require_relative "utils"
+
+registry = Registry.new
+template_path = Pathname.new(File.expand_path("../../templates", __FILE__))
+dn42_zone_template = Template.new(template_path.join("dn42-zone.erb"))

scripts/openvpn

@@ -0,0 +1,43 @@
+#!/usr/bin/ruby
+require_relative "utils"
+
+template_path = Pathname.new(File.expand_path("../../templates", __FILE__))
+openvpn_path = Pathname.new(File.expand_path("../../openvpn", __FILE__))
+openvpn_template = Template.new(template_path.join("openvpn.conf.erb"))
+
+registry = Registry.new
+
+host = registry.data["host"]
+host["v4_tunnel"] || die("v4_tunnel not set for host")
+
+registry.data["network"].each do |name, data|
+  next unless data["type"] == "openvpn"
+  key = openvpn_path.join("#{name}.key")
+  unless File.exists?(key)
+    sh("openvpn", "--genkey", "--secret", key)
+  end
+  required_params = [:proto, :lport, :tunnel_v4]
+  unless data["float"]
+    required_params += [:remote, :rport]
+  end
+  required_params.each do |param|
+    unless data[param.to_s]
+      die "#{param.to_s} not set for peer #{name}"
+    end
+  end
+
+  context = data.merge(own_v4_tunnel: host["v4_tunnel"])
+  atomic_write(openvpn_path.join("#{name}.conf"), openvpn_template.render(context))
+end
+
+GLOBAL_OPTIONS = OptionParser.new do |opts|
+  opts.banner = "Usage: dhcp [options] [subcommand [options]]"
+  opts.separator ""
+  opts.separator <<HELP
+Available subcommands:
+add [options] NAME MACADDRESS: add dhcp lease
+remove [options] NAME: remove dhcp static lease
+
+See 'dhcp COMMAND --help' for more information on a specific command.
+HELP
+end

scripts/utils.rb

@@ -0,0 +1,53 @@
+require "ostruct"
+require "fileutils"
+require "erb"
+require "json"
+require "pathname"
+require "pry"
+
+class Registry
+  PATH = Pathname.new(File.expand_path("../../registry.json", __FILE__))
+  def initialize
+    @data = JSON.load(File.open(Registry::PATH))
+  end
+  attr_accessor :data
+  def save
+    f = File.open(Registry::PATH, "w+")
+    f.puts JSON.pretty_generate(@data)
+    f.close
+  end
+end
+
+def atomic_write(path, content)
+  temp_path = path.to_s + ".tmp"
+  File.open(temp_path, 'w+') do |f|
+    f.write(content)
+  end
+
+  FileUtils.mv(temp_path, path)
+end
+
+def sh(cmd, *args)
+  puts "$ #{cmd} "+ args.map {|a| "'#{a}'" }.join(" ")
+  #system(cmd, *args)
+end
+
+def die(msg)
+  $stderr.puts(msg)
+  exit(1)
+end
+
+class TemplateContext < OpenStruct
+  def get_binding
+    binding
+  end
+end
+
+class Template
+  def initialize(path)
+    @erb = ERB.new(File.read(path), nil, '-')
+  end
+  def render(params={})
+    @erb.result(TemplateContext.new(params).get_binding)
+  end
+end

templates/dhcp.conf.erb

@@ -0,0 +1,12 @@
+<% leases.each do |lease| -%>
+
+host <%= lease.name %> {
+  hardware ethernet <%= lease.mac %>;
+<% if lease.ipv4 -%>
+  fixed-address <%= lease.ipv4 %>;
+<% end -%>
+<% if lease.ipv6 -%>
+  fixed-address6 <%= lease.ipv6 %>;
+<% end -%>
+}
+<% end -%>

templates/dn42-zone.erb

@@ -0,0 +1,24 @@
+@     IN SOA   <%= data["zone"]["soa"] %> hostmaster (
+                        <%= data["zone"]["serial"] %> ; serial
+                        <%= data["zone"]["refresh"] %> ; refresh
+                        <%= data["zone"]["retry"] %> ; retry
+                        <%= data["zone"]["expire"] %> ; expire
+                        <%= data["zone"]["minimum"] %>) ; minimum
+        NS      <%= data["zone"]["ns"] %>
+
+<% data["network"].each do |name, value| %>
+<% if value["cname"] -%>
+<%= name %> CNAME <%= value["cname"] %>
+<% end -%>
+<% if value["srv"] -%>
+<%= name %> SRV <%= value["srv"] %>
+<% end -%>
+<% if value["ipv4"] -%>
+<%= name %> A <%= ip(value["ipv4"]) %>
+ipv4.<%= name %> A <%= ip(value["ipv4"]) %>
+<% end -%>
+<% if value["ipv6"] -%>
+<%= name %> AAAA <%= ip(value["ipv6"]) %>
+ipv6.<%= name %> AAAA <%= ip(value["ipv6"]) %>
+<% end -%>
+<% end -%>

templates/openvpn.conf.erb

@@ -0,0 +1,24 @@
+daemon
+proto       <%= proto %>
+mode        p2p
+dev-type    tun
+comp-lzo
+dev         <%= name %>
+persist-key
+persist-tun
+user nobody
+group nogroup
+
+<% if float %>
+float
+port        <%= lport %>
+<% else %>
+remote      <%= remote %>
+rport       <%= rport %>
+lport       <%= lport %>
+<% end %>
+
+ifconfig    <%= own_v4_tunnel %> <%= v4_tunnel %>
+secret /etc/openvpn/<%= name %>.key
+script-security 2 execve
+up "/etc/openvpn/scripts/ipv6.sh fd70:96c9:ef25::fe:6/124 <%= name %>"

templates/rdns-zone.erb

@@ -0,0 +1,11 @@
+@     IN SOA   <%= data["zone"]["soa"] %> hostmaster (
+                        <%= data["zone"]["serial"] %> ; serial
+                        <%= data["zone"]["refresh"] %> ; refresh
+                        <%= data["zone"]["retry"] %> ; retry
+                        <%= data["zone"]["expire"] %> ; expire
+                        <%= data["zone"]["minimum"] %>) ; minimum
+        NS      <%= data["zone"]["ns"] %>
+
+<% pointers do |addr, name| %>
+<%= addr %> PTR <%= name %>.lxc.
+<% end -%>