no ip range

This commit is contained in:
Jörg Thalheim 2015-08-05 15:33:37 +00:00
parent 1d7240f909
commit d5a49ae4ef
14 changed files with 310 additions and 169 deletions

View File

@ -1,7 +1,7 @@
{ {
"zone": { "zone": {
"soa": "ns1.higgsboson.tk.", "soa": "ns1.higgsboson.tk.",
"serial": 149, "serial": 175,
"refresh": "1H", "refresh": "1H",
"hostmaster": "hostmaster.higgsboson.tk", "hostmaster": "hostmaster.higgsboson.tk",
"domain": "eve.higgsboson.tk", "domain": "eve.higgsboson.tk",
@ -11,37 +11,24 @@
"retry": "4H", "retry": "4H",
"expire": "3W", "expire": "3W",
"minimum": "1D", "minimum": "1D",
"v4_subnet": "192.168.66.0/24", "v4_subnet": "172.23.75.0/26",
"dn42_v4_subnet": "172.23.75.0/24", "ula_subnet": "fdc0:4992:6a6d::/80",
"v6_subnet": "2a01:4f8:210:31fd:1::/80" "v6_subnet": "2a01:4f8:210:31fd:1::/80"
}, },
"network": { "network": {
"tinc1": {
"ipv4": "188.166.16.37",
"ipv6": "2a03:b0c0:2:d0::2a5:f004",
"lxc": false
},
"tinc2": {
"ipv4": "188.166.16.37",
"ipv6": "2a03:b0c0:0:1010::3d:b003",
"lxc": false
},
"eve": { "eve": {
"ipv4": "192.168.66.1", "ipv4": "172.23.75.2",
"ipv6": "2a01:4f8:210:31fd::1", "ipv6": "2a01:4f8:210:31fd::2",
"lxc": false
},
"eva": {
"ipv4": "192.168.67.1",
"ipv6": "2a03:b0c0:2:d0::2a5:f001",
"lxc": false "lxc": false
}, },
"bridge": { "bridge": {
"ipv4": "192.168.66.1/32", "ipv4": "172.23.75.2",
"ipv6": "2a01:4f8:210:31fd:1::1/128", "ipv6": "2a01:4f8:210:31fd:1::2/128",
"ula": "fdc0:4992:6a6d::2/128",
"lxc": false "lxc": false
}, },
"jabber": { "jabber": {
"ipv4": "172.23.75.22/32",
"ipv6": "2a01:4f8:210:31fd:1::16/128", "ipv6": "2a01:4f8:210:31fd:1::16/128",
"rdns6": "jabber.higgsboson.tk", "rdns6": "jabber.higgsboson.tk",
"lxc": false "lxc": false
@ -50,24 +37,79 @@
"srv": "0 5 5222 jabber", "srv": "0 5 5222 jabber",
"lxc": false "lxc": false
}, },
"olddevkid": {
"ipv4": "192.168.66.100/32",
"ipv6": "2a01:4f8:210:31fd:1::40/128",
"lxc": false
},
"base": { "base": {
"ipv4": "192.168.66.2/32", "ipv4": "172.23.75.63/32",
"ipv6": "2a01:4f8:210:31fd:1::2/128" "ipv6": "2a01:4f8:210:31fd:1::3f/128",
"ula": "fdc0:4992:6a6d::3f/128"
}, },
"ldap": { "ldap": {
"ipv4": "192.168.66.3/32", "ipv4": "172.23.75.3/32",
"ipv6": "2a01:4f8:210:31fd:1::3/128", "ipv6": "2a01:4f8:210:31fd:1::3/128",
"group": "php" "group": "php",
"ula": "fdc0:4992:6a6d::3/128"
}, },
"web": { "web": {
"ipv4": "192.168.66.5/32", "ipv4": "172.23.75.5/32",
"rdns6": "web.higgsboson.tk", "rdns6": "web.higgsboson.tk",
"ipv6": "2a01:4f8:210:31fd:1::5/128" "ipv6": "2a01:4f8:210:31fd:1::5/128",
"mounts": {
"istwiki": {
"srv/http/ist.devkid.net": true
},
"git": {
"usr/share/webapps/gitlab": true,
"var/lib/gitlab/assets": true,
"var/lib/gitlab/uploads": true
},
"halfcode": {
"srv/http/halfco.de": true
},
"jtes": {
"home/jtes/server/public": "srv/http/jtes.halfco.de"
},
"ldapadmin": {
"usr/share/webapps/phpldapadmin": true
},
"rainloop": {
"srv/http/mail.higgsboson.tk": true
},
"etherpad": {
"/usr/share/webapps/etherpad-lite/src/static": "/srv/http/pad.higgsboson.tk/static"
},
"parkendd": {
"srv/http/park-api.higgsboson.tk": true,
"srv/http/staging.park-api.higgsboson.tk": true,
"var/log/parkendd": true
},
"phonefinder": {
"srv/http/phonefinder.halfco.de": true
},
"seafile": {
"srv/seafile/seafile.higgsboson.tk/seahub-data/avatars": "srv/http/seafile/avatars",
"srv/seafile/seafile.higgsboson.tk/seafile-server/seahub/media": "srv/http/seafile/media"
},
"tweetnest": {
"srv/http/tweets.higgsboson.tk": true
},
"ytm": {
"srv/http/ytm.halfco.de": true
},
"owncloud": {
"usr/share/webapps/owncloud": true
},
"piwik": {
"usr/share/webapps/piwik": true
},
"pyload": {
"var/lib/pyload/Downloads": "mnt/pyload"
},
"phpmyadmin": true,
"ttrss": {
"usr/share/webapps/tt-rss": true,
"var/lib/tt-rss/feed-icons": true
}
},
"ula": "fdc0:4992:6a6d::5/128"
}, },
"ns1": { "ns1": {
"ns": true, "ns": true,
@ -82,81 +124,84 @@
"ipv6": "2a03:b0c0:0:1010::3d:b002/128" "ipv6": "2a03:b0c0:0:1010::3d:b002/128"
}, },
"dns": { "dns": {
"ipv4": "192.168.66.6/32", "ipv4": "172.23.75.6/32",
"ipv6": "2a01:4f8:210:31fd:1::6/128", "ipv6": "2a01:4f8:210:31fd:1::6/128",
"rdns6": "ns1.higgsboson.tk", "rdns6": "ns1.higgsboson.tk",
"dn42_ipv4": "172.23.75.6/32", "ula": "fdc0:4992:6a6d::6/128"
"dn42_ipv6": "fdc0:4992:6a6d:6::1/64"
}, },
"dn42": { "dn42": {
"ipv4": "192.168.66.31/32", "ipv4": "172.23.75.1/32",
"ipv6": "2a01:4f8:210:31fd:1::1f/128", "ipv6": "2a01:4f8:210:31fd:1::1/128",
"dn42_ipv4": "172.23.75.1/32", "ula": "fdc0:4992:6a6d::1/128"
"dn42_ipv6": "fdc0:4992:6a6d:1::1/64"
}, },
"faces": { "faces": {
"ipv4": "192.168.66.7/32", "ipv4": "172.23.75.7/32",
"ipv6": "2a01:4f8:210:31fd:1::7/128" "ipv6": "2a01:4f8:210:31fd:1::7/128",
"ula": "fdc0:4992:6a6d::7/128"
}, },
"jtes": { "jtes": {
"ipv4": "192.168.66.8/32", "ipv4": "172.23.75.8/32",
"ipv6": "2a01:4f8:210:31fd:1::8/128" "ipv6": "2a01:4f8:210:31fd:1::8/128",
"ula": "fdc0:4992:6a6d::8/128"
}, },
"mysql": { "mysql": {
"ipv4": "192.168.66.9/32", "ipv4": "172.23.75.9/32",
"ipv6": "2a01:4f8:210:31fd:1::9/128", "ipv6": "2a01:4f8:210:31fd:1::9/128",
"backup-scripts": [ "backup-scripts": [
{ {
"backupname": "mysqldbs", "backupname": "mysqldbs",
"command": "backup-mysql" "command": "backup-mysql"
} }
] ],
"ula": "fdc0:4992:6a6d::9/128"
}, },
"gitweb": { "gitweb": {
"cname": "web", "cname": "web",
"lxc": false "lxc": false
}, },
"git": { "git": {
"ipv4": "192.168.66.4/32", "ipv4": "172.23.75.4/32",
"rdns6": "git.higgsboson.tk", "rdns6": "git.higgsboson.tk",
"ipv6": "2a01:4f8:210:31fd:1::4/128" "ipv6": "2a01:4f8:210:31fd:1::4/128",
"ula": "fdc0:4992:6a6d::4/128"
}, },
"postgres": { "postgres": {
"ipv4": "192.168.66.10/32", "ipv4": "172.23.75.10/32",
"ipv6": "2a01:4f8:210:31fd:1::a/128", "ipv6": "2a01:4f8:210:31fd:1::a/128",
"backup-scripts": [ "backup-scripts": [
{ {
"backupname": "postgresdbs", "backupname": "postgresdbs",
"command": "backup-postgres" "command": "backup-postgres"
} }
] ],
"ula": "fdc0:4992:6a6d::a/128"
}, },
"phpmyadmin": { "phpmyadmin": {
"ipv4": "192.168.66.11/32", "ipv4": "172.23.75.11/32",
"ipv6": "2a01:4f8:210:31fd:1::b/128", "ipv6": "2a01:4f8:210:31fd:1::b/128",
"ula": "fdc0:4992:6a6d::b/128",
"group": "php", "group": "php",
"vars": { "vars": {
"php_extensions": [ "php_extensions": [
"mysql", "mysql",
"pdo_mysql" "pdo_mysql"
] ]
}, }
"lxc": false
}, },
"phppgadmin": { "phppgadmin": {
"ipv4": "192.168.66.13/32", "ipv4": "172.23.75.13/32",
"ipv6": "2a01:4f8:210:31fd:1::d/128", "ipv6": "2a01:4f8:210:31fd:1::d/128",
"ula": "fdc0:4992:6a6d::d/128",
"group": "php", "group": "php",
"vars": { "vars": {
"php_extensions": [ "php_extensions": [
"pgsql", "pgsql",
"pdo_pgsql" "pdo_pgsql"
] ]
}, }
"lxc": false
}, },
"adminer": { "adminer": {
"ipv4": "192.168.66.14/32", "ipv4": "172.23.75.14/32",
"ipv6": "2a01:4f8:210:31fd:1::e/128", "ipv6": "2a01:4f8:210:31fd:1::e/128",
"group": "php", "group": "php",
"vars": { "vars": {
@ -166,18 +211,20 @@
"pgsql", "pgsql",
"pdo_pgsql" "pdo_pgsql"
] ]
} },
"ula": "fdc0:4992:6a6d::e/128"
}, },
"mail": { "mail": {
"ipv4": "192.168.66.16/32", "ipv4": "172.23.75.16/32",
"ipv6": "2a01:4f8:210:31fd:1::10/128", "ipv6": "2a01:4f8:210:31fd:1::10/128",
"rdns6": "mail.higgsboson.tk", "rdns6": "mail.higgsboson.tk",
"backup-paths": [ "backup-paths": [
"var/vmail" "var/vmail"
] ],
"ula": "fdc0:4992:6a6d::10/128"
}, },
"istwiki": { "istwiki": {
"ipv4": "192.168.66.17/32", "ipv4": "172.23.75.17/32",
"ipv6": "2a01:4f8:210:31fd:1::11/128", "ipv6": "2a01:4f8:210:31fd:1::11/128",
"group": "php", "group": "php",
"vars": { "vars": {
@ -185,10 +232,11 @@
"mysql", "mysql",
"pdo_mysql" "pdo_mysql"
] ]
} },
"ula": "fdc0:4992:6a6d::11/128"
}, },
"ytm": { "ytm": {
"ipv4": "192.168.66.18/32", "ipv4": "172.23.75.18/32",
"ipv6": "2a01:4f8:210:31fd:1::12/128", "ipv6": "2a01:4f8:210:31fd:1::12/128",
"group": "php", "group": "php",
"vars": { "vars": {
@ -197,20 +245,22 @@
"mysqli", "mysqli",
"pdo_mysql" "pdo_mysql"
] ]
} },
"ula": "fdc0:4992:6a6d::12/128"
}, },
"ldapadmin": { "ldapadmin": {
"ipv4": "192.168.66.12/32", "ipv4": "172.23.75.12/32",
"ipv6": "2a01:4f8:210:31fd:1::c/128", "ipv6": "2a01:4f8:210:31fd:1::c/128",
"group": "php", "group": "php",
"vars": { "vars": {
"php_extensions": [ "php_extensions": [
"ldap" "ldap"
] ]
} },
"ula": "fdc0:4992:6a6d::c/128"
}, },
"rainloop": { "rainloop": {
"ipv4": "192.168.66.19/32", "ipv4": "172.23.75.19/32",
"ipv6": "2a01:4f8:210:31fd:1::13/128", "ipv6": "2a01:4f8:210:31fd:1::13/128",
"group": "php", "group": "php",
"vars": { "vars": {
@ -219,10 +269,11 @@
"pdo_pgsql", "pdo_pgsql",
"openssl" "openssl"
] ]
} },
"ula": "fdc0:4992:6a6d::13/128"
}, },
"owncloud": { "owncloud": {
"ipv4": "192.168.66.15/32", "ipv4": "172.23.75.15/32",
"ipv6": "2a01:4f8:210:31fd:1::f/128", "ipv6": "2a01:4f8:210:31fd:1::f/128",
"group": "php", "group": "php",
"vars": { "vars": {
@ -242,10 +293,11 @@
"exif", "exif",
"imagick" "imagick"
] ]
} },
"ula": "fdc0:4992:6a6d::f/128"
}, },
"ttrss": { "ttrss": {
"ipv4": "192.168.66.20/32", "ipv4": "172.23.75.20/32",
"ipv6": "2a01:4f8:210:31fd:1::14/128", "ipv6": "2a01:4f8:210:31fd:1::14/128",
"group": "php", "group": "php",
"vars": { "vars": {
@ -258,25 +310,28 @@
"ldap", "ldap",
"mcrypt" "mcrypt"
] ]
} },
"ula": "fdc0:4992:6a6d::14/128"
}, },
"teamspeak": { "teamspeak": {
"ipv4": "192.168.66.21/32", "ipv4": "172.23.75.21/32",
"ipv6": "2a01:4f8:210:31fd:1::15/128", "ipv6": "2a01:4f8:210:31fd:1::15/128",
"backup-paths": [ "backup-paths": [
"var/lib/teamspeak3-server" "var/lib/teamspeak3-server"
] ],
"ula": "fdc0:4992:6a6d::15/128"
}, },
"prosody": { "prosody": {
"ipv4": "192.168.66.22/32", "ipv4": "172.23.75.22/32",
"ipv6": "2a01:4f8:210:31fd:1::16/128", "ipv6": "2a01:4f8:210:31fd:1::16/128",
"rdns6": "jabber.higgsboson.tk", "rdns6": "jabber.higgsboson.tk",
"backup-paths": [ "backup-paths": [
"var/lib/prosody" "var/lib/prosody"
] ],
"ula": "fdc0:4992:6a6d::16/128"
}, },
"piwik": { "piwik": {
"ipv4": "192.168.66.23/32", "ipv4": "172.23.75.23/32",
"ipv6": "2a01:4f8:210:31fd:1::17/128", "ipv6": "2a01:4f8:210:31fd:1::17/128",
"group": "php", "group": "php",
"vars": { "vars": {
@ -287,10 +342,11 @@
"gd", "gd",
"iconv" "iconv"
] ]
} },
"ula": "fdc0:4992:6a6d::17/128"
}, },
"tweetnest": { "tweetnest": {
"ipv4": "192.168.66.24/32", "ipv4": "172.23.75.24/32",
"ipv6": "2a01:4f8:210:31fd:1::18/128", "ipv6": "2a01:4f8:210:31fd:1::18/128",
"group": "php", "group": "php",
"vars": { "vars": {
@ -300,59 +356,98 @@
"pdo_mysql", "pdo_mysql",
"curl" "curl"
] ]
} },
"ula": "fdc0:4992:6a6d::18/128"
}, },
"etherpad": { "etherpad": {
"ipv4": "192.168.66.25/32", "ipv4": "172.23.75.25/32",
"ipv6": "2a01:4f8:210:31fd:1::19/128" "ipv6": "2a01:4f8:210:31fd:1::19/128",
"ula": "fdc0:4992:6a6d::19/128"
}, },
"pyload": { "pyload": {
"ipv4": "192.168.66.26/32", "ipv4": "172.23.75.26/32",
"ipv6": "2a01:4f8:210:31fd:1::1a/128" "ipv6": "2a01:4f8:210:31fd:1::1a/128",
"ula": "fdc0:4992:6a6d::1a/128"
}, },
"squid": { "squid": {
"ipv4": "192.168.66.27/32", "ipv4": "172.23.75.27/32",
"ipv6": "2a01:4f8:210:31fd:1::1b/128" "ipv6": "2a01:4f8:210:31fd:1::1b/128",
"ula": "fdc0:4992:6a6d::1b/128"
}, },
"classifier": { "classifier": {
"ipv4": "192.168.66.28/32", "ipv4": "172.23.75.28/32",
"ipv6": "2a01:4f8:210:31fd:1::1c/128" "ipv6": "2a01:4f8:210:31fd:1::1c/128",
"ula": "fdc0:4992:6a6d::1c/128"
}, },
"seafile": { "seafile": {
"ipv4": "192.168.66.29/32", "ipv4": "172.23.75.29/32",
"ipv6": "2a01:4f8:210:31fd:1::1d/128" "ipv6": "2a01:4f8:210:31fd:1::1d/128",
"ula": "fdc0:4992:6a6d::1d/128"
}, },
"login": { "login": {
"ipv4": "192.168.66.30/32", "ipv4": "172.23.75.30/32",
"ipv6": "2a01:4f8:210:31fd:1::1e/128", "ipv6": "2a01:4f8:210:31fd:1::1e/128",
"rdns6": "login.higgsboson.tk", "rdns6": "login.higgsboson.tk",
"vars": { "mounts": {
"ssh_ldap": true "pyload": {
"var/lib/pyload/Downloads": "mnt/pyload"
} }
}, },
"vars": {
"ssh_ldap": true,
"install_dn42_ca": false,
"add_repo_in_pacman_conf": false,
"additional_admins": [
{
"dest": "/var/lib/aurrepo/",
"owner": "aurrepo",
"group": "aurrepo"
}
]
},
"ula": "fdc0:4992:6a6d::1e/128"
},
"halfcode": { "halfcode": {
"ipv4": "192.168.66.32/32", "ipv4": "172.23.75.32/32",
"ipv6": "2a01:4f8:210:31fd:1::20/128", "ipv6": "2a01:4f8:210:31fd:1::20/128",
"group": "php", "group": "php",
"vars": { "vars": {
"php_extensions": [ "php_extensions": [
] ]
} },
"ula": "fdc0:4992:6a6d::20/128"
}, },
"phonefinder": { "phonefinder": {
"ipv4": "192.168.66.33/32", "ipv4": "172.23.75.33/32",
"ipv6": "2a01:4f8:210:31fd:1::21/128", "ipv6": "2a01:4f8:210:31fd:1::21/128",
"group": "php", "group": "php",
"vars": { "vars": {
"php_extensions": [ "php_extensions": [
] ]
} },
"ula": "fdc0:4992:6a6d::21/128"
}, },
"terraria": { "terraria": {
"ipv4": "192.168.66.34/32", "ipv4": "172.23.75.34/32",
"ipv6": "2a01:4f8:210:31fd:1::22/128" "ipv6": "2a01:4f8:210:31fd:1::22/128",
"ula": "fdc0:4992:6a6d::22/128"
},
"ghost": {
"ipv4": "172.23.75.35/32",
"ipv6": "2a01:4f8:210:31fd:1::23/128",
"ula": "fdc0:4992:6a6d::23/128"
},
"bitlbee": {
"ipv4": "172.23.75.36/32",
"ipv6": "2a01:4f8:210:31fd:1::24/128",
"ula": "fdc0:4992:6a6d::24/128"
},
"parkendd": {
"ipv4": "172.23.75.37/32",
"ipv6": "2a01:4f8:210:31fd:1::25/128",
"ula": "fdc0:4992:6a6d::25/128"
} }
} }
} }

View File

@ -1,6 +1,6 @@
lxc.autodev = 1 lxc.autodev = 1
lxc.kmsg = 0 lxc.kmsg = 0
lxc.cap.drop = sys_module mac_admin mac_override sys_time net_admin sys_nice sys_pacct sys_rawio lxc.cap.keep = chown dac_override dac_read_search fowner fsetid ipc_owner kill lease linux_immutable net_bind_service net_broadcast net_raw setgid setfcap setpcap setuid sys_admin sys_chroot sys_nice sys_ptrace sys_tty_config sys_resource sys_boot audit_write audit_control mknod
# Setup the LXC devices in /dev/lxc/ # Setup the LXC devices in /dev/lxc/
lxc.devttydir = lxc lxc.devttydir = lxc
@ -21,8 +21,8 @@ lxc.network.link = br0
lxc.network.flags = up lxc.network.flags = up
lxc.network.name = eth0 lxc.network.name = eth0
lxc.network.mtu = 1500 lxc.network.mtu = 1500
lxc.network.ipv4.gateway = 192.168.66.1 lxc.network.ipv4.gateway = 172.23.75.2
lxc.network.ipv6.gateway = 2a01:4f8:210:31fd:1::1 lxc.network.ipv6.gateway = 2a01:4f8:210:31fd:1::2
# cgroups # cgroups
lxc.cgroup.devices.deny = a lxc.cgroup.devices.deny = a
@ -62,7 +62,7 @@ lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0 lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
lxc.mount.entry = /data/pacman/pkg var/cache/pacman/pkg none bind 0 0 lxc.mount.entry = /data/pacman/pkg var/cache/pacman/pkg none bind 0 0
lxc.mount.entry = /data/pacman/sync var/lib/pacman/sync none bind 0 0 lxc.mount.entry = /data/pacman/sync var/lib/pacman/sync none bind 0 0
lxc.mount.entry = /data/repo srv/repo none bind,ro,create=dir 0 0 lxc.mount.entry = /data/containers/login/rootfs/var/lib/aurrepo srv/repo none bind,ro,create=dir,umask=0 0 0
lxc.mount.entry = /run/systemd/journal mnt/journal none bind,ro,create=dir 0 0 lxc.mount.entry = /run/systemd/journal mnt/journal none bind,ro,create=dir 0 0
lxc.hook.clone = /etc/lxc/hooks/setup-machine-id lxc.hook.clone = /etc/lxc/hooks/setup-machine-id
@ -72,3 +72,4 @@ lxc.hook.clone = /etc/lxc/hooks/create-lxc-config
lxc.hook.clone = /etc/lxc/hooks/update-zone lxc.hook.clone = /etc/lxc/hooks/update-zone
lxc.hook.clone = /etc/lxc/hooks/update-hetzner-rdns lxc.hook.clone = /etc/lxc/hooks/update-hetzner-rdns
lxc.hook.clone = /etc/lxc/hooks/ansible lxc.hook.clone = /etc/lxc/hooks/ansible
lxc.hook.autodev = /etc/lxc/hooks/dn42-routes

View File

@ -14,7 +14,7 @@ network.each do |host, value|
end end
if modified if modified
registry.write registry.save
else else
puts "Unchanged" puts "Unchanged"
end end

View File

@ -13,6 +13,7 @@ options = OpenStruct.new
options.container_name = try_env("LXC_NAME") options.container_name = try_env("LXC_NAME")
options.container_config = try_env("LXC_CONFIG_FILE") options.container_config = try_env("LXC_CONFIG_FILE")
options.rootfs = try_env("LXC_ROOTFS_PATH") options.rootfs = try_env("LXC_ROOTFS_PATH")
options.mounts = Hash.new { |hash,key| hash[key] = {} }
OptionParser.new do |opts| OptionParser.new do |opts|
opts.banner = "Usage: create-lxc-config [options]" opts.banner = "Usage: create-lxc-config [options]"
@ -23,15 +24,18 @@ OptionParser.new do |opts|
opts.on("-6", "--ipv6", "public Ipv6 subnet") do |v| opts.on("-6", "--ipv6", "public Ipv6 subnet") do |v|
options.ipv6 = v options.ipv6 = v
end end
opts.on("--dn42-ipv4", String, "dn42 ipv4") do |v| opts.on("--ula", String, "private unique local ipv6 subnet") do |v|
options.dn42_ipv4 = v options.ula = v
end
opts.on("--dn42-ipv6", String, "dn42 ipv6") do |v|
options.dn42_ipv6 = v
end end
opts.on("--group GROUP", String, "set ansible group (default NONE)") do |group| opts.on("--group GROUP", String, "set ansible group (default NONE)") do |group|
options.group = group options.group = group
end end
opts.on("--mounts other_container,/src/dir,/dest/path", Array, "mount other container path") do |args|
if args.size != 3
abort "expect 3 arguments for --mounts got: #{args.size}: USAGE: other_container,/src/dir,/dest/path"
end
options.mounts[args[0]][args[1]] = args[2]
end
opts.on("--vars FILE", String, "set json file for ansible variables") do |vars| opts.on("--vars FILE", String, "set json file for ansible variables") do |vars|
begin begin
options.vars = JSON.load(File.open(vars)) options.vars = JSON.load(File.open(vars))
@ -52,9 +56,9 @@ container = Lxc::Container.new(registry.data,
ipv4: options.ipv4, ipv4: options.ipv4,
ipv6: options.ipv6, ipv6: options.ipv6,
rootfs: options.rootfs, rootfs: options.rootfs,
dn42_ipv4: options.dn42_ipv4, ula: options.ula,
dn42_ipv6: options.dn42_ipv4,
group: options.group, group: options.group,
vars: options.vars) vars: options.vars,
mounts: options.mounts)
container.write_config(options.container_config) container.write_config(options.container_config)
registry.save registry.save

View File

@ -1,7 +1,6 @@
#!/bin/bash #!/bin/bash
ip rule add from 172.23.75.0/24 table 42
ip route add 192.168.66.0/24 via 172.23.75.4 dev eth1 table 42
ip route add 172.16.0.0/12 via 172.23.75.1 ip route add 172.16.0.0/12 via 172.23.75.1
ip route add 10.0.0.0/8 via 172.23.75.1 ip route add 10.0.0.0/8 via 172.23.75.1
ip route flush cache ip -6 route add fc00::/7 via fdc0:4992:6a6d::1
exit 0

View File

@ -5,9 +5,7 @@ require "fileutils"
module Lxc module Lxc
class Container class Container
def initialize(data, name:, ipv4: nil, ipv6: nil, def initialize(data, name:, ipv4: nil, ipv6: nil, ula: nil, **options)
dn42_ipv4: nil, dn42_ipv6: nil,
**options)
@data = data @data = data
@data["network"] ||= {} @data["network"] ||= {}
@data["network"][name] = {} @data["network"][name] = {}
@ -15,25 +13,13 @@ module Lxc
zone = @data["zone"] || {} zone = @data["zone"] || {}
@ipv4_subnet = NetAddr::CIDR.create(zone["v4_subnet"] || "192.168.10.0/24") @ipv4_subnet = NetAddr::CIDR.create(zone["v4_subnet"] || "192.168.10.0/24")
@ipv6_subnet = NetAddr::CIDR.create(zone["v6_subnet"] || "fd7d:aed0:18aa::/48") @ipv6_subnet = NetAddr::CIDR.create(zone["v6_subnet"] || "fd7d:aed0:18aa::/48")
@ula_subnet = NetAddr::CIDR.create(zone["ula_subnet"] || "fdc5:bdb8:b81::/48")
if subnet = zone["dn42_v4_subnet"]
@dn42_ipv4_netmask = NetAddr::CIDR.create(subnet).to_i(:netmask)
else
@dn42_ipv4_netmask = 24
end
if subnet = zone["dn42_v6_subnet"]
@dn42_ipv6_netmask = NetAddr::CIDR.create(subnet).to_i(:netmask)
else
@dn42_ipv6_netmask = 48
end
network = data["network"] network = data["network"]
@name = name @name = name
@ipv4 = ipv4 ||= ipv4 || find_address(@ipv4_subnet, collect_subnets(network, "ipv4")) @ipv4 = ipv4 || find_address(@ipv4_subnet, collect_subnets(network, "ipv4"))
@ipv6 = ipv6 ||= find_address(@ipv6_subnet, collect_subnets(network, "ipv6")) @ipv6 = ipv6 || find_address(@ipv6_subnet, collect_subnets(network, "ipv6"))
@dn42_ipv4 = dn42_ipv4 @ula = ula || find_address(@ula_subnet, collect_subnets(network, "ula"))
@dn42_ipv6 = dn42_ipv6
@options = options @options = options
end end
@ -41,20 +27,14 @@ module Lxc
c = @data["network"][@name] || {} c = @data["network"][@name] || {}
c["ipv4"] = NetAddr::CIDR.create(@ipv4).to_s(Short: true) c["ipv4"] = NetAddr::CIDR.create(@ipv4).to_s(Short: true)
c["ipv6"] = NetAddr::CIDR.create(@ipv6).to_s(Short: true) c["ipv6"] = NetAddr::CIDR.create(@ipv6).to_s(Short: true)
c["ula"] = NetAddr::CIDR.create(@ula).to_s(Short: true)
c["group"] = @options[:group] if @options[:group] c["group"] = @options[:group] if @options[:group]
c["vars"] = @options[:vars] if @options[:vars] c["vars"] = @options[:vars] if @options[:vars]
opts = @options.merge(name: @name, opts = @options.merge(name: @name,
ipv4: format_address(@ipv4, @ipv4_subnet.to_i(:netmask)), ipv4: format_address(@ipv4, @ipv4_subnet.to_i(:netmask)),
ipv6: format_address(@ipv6, @ipv6_subnet.to_i(:netmask))) ipv6: format_address(@ipv6, @ipv6_subnet.to_i(:netmask)),
if @dn42_ipv4 ula: format_address(@ula, @ula_subnet.to_i(:netmask)))
opts[:dn42_ipv4] = format_address(@dn42_ipv4, @dn42_ipv4_netmask)
c["dn42_ipv4"] = NetAddr::CIDR.create(@dn42_ipv4).to_s(Short: true)
end
if @dn42_ipv6
opts[:dn42_ipv6] = format_address(@dn42_ipv6, @dn42_ipv6_netmask)
c["dn42_ipv6"] = NetAddr::CIDR.create(@dn42_ipv6).to_s(Short: true)
end
config_dir = File.dirname(config_path) config_dir = File.dirname(config_path)
local_conf = File.join(config_dir, "local.conf") local_conf = File.join(config_dir, "local.conf")
@ -73,9 +53,13 @@ module Lxc
end end
def collect_subnets(network, type) def collect_subnets(network, type)
network.map do |k,v| addrs = []
NetAddr::CIDR.create(v[type]) if v[type] network.each do |k,v|
end.compact if v[type]
addrs << NetAddr::CIDR.create(v[type])
end
end
addrs
end end
def find_address(subnet, assigned_subnets) def find_address(subnet, assigned_subnets)

View File

@ -20,6 +20,8 @@ module Lxc
arpa = NetAddr::CIDR.create(ip).arpa arpa = NetAddr::CIDR.create(ip).arpa
next unless arpa.end_with?(@subnet.arpa) next unless arpa.end_with?(@subnet.arpa)
host_part = arpa[0, arpa.size - @subnet.arpa.size - 1] host_part = arpa[0, arpa.size - @subnet.arpa.size - 1]
# only allowed characters in FQDN
name = name.gsub(/[^a-zA-Z0-9\-]/, "-")
yield name, host_part yield name, host_part
end end
end end

View File

@ -5,6 +5,9 @@ module Lxc
def get_binding def get_binding
binding binding
end end
def fqdn(v)
v.to_s.gsub(/[^a-zA-Z0-9\-]/, "-")
end
end end
class Template class Template

View File

@ -12,9 +12,8 @@ network.each do |name, container|
name: name, name: name,
ipv4: container["ipv4"], ipv4: container["ipv4"],
ipv6: container["ipv6"], ipv6: container["ipv6"],
ula: container["ula"],
rootfs: LXC_CONTAINER_ROOT.join(name, "rootfs"), rootfs: LXC_CONTAINER_ROOT.join(name, "rootfs"),
dn42_ipv4: container["dn42_ipv4"],
dn42_ipv6: container["dn42_ipv6"],
group: container["group"], group: container["group"],
vars: container["vars"]) vars: container["vars"])
container.write_config(LXC_CONTAINER_ROOT.join(name, "config")) container.write_config(LXC_CONTAINER_ROOT.join(name, "config"))

59
hooks/update-mounts Executable file
View File

@ -0,0 +1,59 @@
#!/usr/bin/env ruby
require 'pathname'
require_relative "lib/lxc"
LXC_ROOT = Pathname.new("/data/containers")
FSTAB_D = Pathname.new("/etc/fstab.d")
def fstab_entries(src_path, dest_path, mounts)
unless src_path.exist?
abort "container directory for shared mount does not exists #{dest_path}"
end
unless src_path.exist?
abort "container directory for shared mount does not exists #{src_path}"
end
entries = mounts.map do |src, dest|
src = src.gsub(/^\//, "")
src_mount = dest_path.join(src)
puts ("mkdir -p #{src_mount}")
if dest == true
dest_mount = src_path.join(src)
else
dest_mount = src_path.join(dest.gsub(/^\//, ""))
end
FileUtils.mkdir_p(dest_mount)
"#{src_mount} #{dest_mount} none bind,nofail,x-systemd.device-timeout=1 0 0"
end
entries
end
def main
registry = Lxc::Registry.new
network = registry.data["network"] || {}
network.each do |name, container|
src_path = LXC_ROOT.join(name, "rootfs")
containers = container["mounts"]
next if containers.nil?
fstab = []
containers.each do |dest_container, mounts|
dest_path = LXC_ROOT.join(dest_container, "rootfs")
fstab << fstab_entries(src_path, dest_path, mounts)
end
content = fstab.join("\n")
path = FSTAB_D.join("50_lxc_#{name}")
f = File.open(path, "w+")
f.write content
f.write "\n"
f.close
Lxc::Utils.sh("update-conf.d", "fstab")
Lxc::Utils.sh("mount", "-a")
end
end
main

View File

@ -4,14 +4,5 @@ lxc.utsname = <%= name %>
lxc.rootfs = <%= rootfs %> lxc.rootfs = <%= rootfs %>
lxc.network.ipv4 = <%= ipv4 %> lxc.network.ipv4 = <%= ipv4 %>
lxc.network.ipv6 = <%= ipv6 %> lxc.network.ipv6 = <%= ipv6 %>
lxc.network.ipv6 = <%= ula %>
lxc.network.veth.pair = lxc_<%= name[0..(16-4)] %> lxc.network.veth.pair = lxc_<%= name[0..(16-4)] %>
<% if dn42_ipv4 || dn42_ipv6 -%>
lxc.include = /etc/lxc/evenet.conf
<% if dn42_ipv4 -%>
lxc.network.ipv4 = <%= dn42_ipv4 %>
<% end -%>
<% if dn42_ipv6 -%>
lxc.network.ipv6 = <%= dn42_ipv6 %>
<% end -%>
<% end -%>

View File

@ -35,7 +35,7 @@ pubsub CNAME jabber
imap CNAME mail imap CNAME mail
smtp CNAME mail smtp CNAME mail
tinc1 CNAME dn42 muc CNAME web
archfeed CNAME arch-pkg-feed.herokuapp.com. archfeed CNAME arch-pkg-feed.herokuapp.com.
githubtags CNAME github-tags-feed.herokuapp.com. githubtags CNAME github-tags-feed.herokuapp.com.

View File

@ -11,7 +11,7 @@ $TTL <%= data["zone"]["ttl"] %>
<% data["network"].each do |name, value| -%> <% data["network"].each do |name, value| -%>
<% if value["ns"] -%> <% if value["ns"] -%>
NS <%= name %> NS <%= fqdn(name) %>
<% end -%> <% end -%>
<% end -%> <% end -%>
@ -23,17 +23,21 @@ $TTL <%= data["zone"]["ttl"] %>
<% end -%> <% end -%>
<% data["network"].each do |name, value| %> <% data["network"].each do |name, value| %>
<% if value["cname"] -%> <% if value["cname"] -%>
<%= name %> CNAME <%= value["cname"] %> <%= fqdn(name) %> CNAME <%= value["cname"] %>
<% end -%> <% end -%>
<% if value["srv"] -%> <% if value["srv"] -%>
<%= name %> SRV <%= value["srv"] %> <%= fqdn(name) %> SRV <%= value["srv"] %>
<% end -%> <% end -%>
<% if value["ipv4"] -%> <% if value["ipv4"] -%>
<%= name %> A <%= NetAddr::CIDR.create(value["ipv4"]).ip(Short: true) %> <%= fqdn(name) %> A <%= NetAddr::CIDR.create(value["ipv4"]).ip(Short: true) %>
ipv4.<%= name %> A <%= NetAddr::CIDR.create(value["ipv4"]).ip(Short: true) %> ipv4.<%= fqdn(name) %> A <%= NetAddr::CIDR.create(value["ipv4"]).ip(Short: true) %>
<% end -%> <% end -%>
<% if value["ipv6"] -%> <% if value["ipv6"] -%>
<%= name %> AAAA <%= NetAddr::CIDR.create(value["ipv6"]).ip(Short: true) %> <%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ipv6"]).ip(Short: true) %>
ipv6.<%= name %> AAAA <%= NetAddr::CIDR.create(value["ipv6"]).ip(Short: true) %> ipv6.<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ipv6"]).ip(Short: true) %>
<% end -%>
<% if value["ula"] -%>
<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ula"]).ip(Short: true) %>
ula.<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ula"]).ip(Short: true) %>
<% end -%> <% end -%>
<% end -%> <% end -%>

View File

@ -6,10 +6,10 @@
<%= data["zone"]["minimum"] %>) ; minimum <%= data["zone"]["minimum"] %>) ; minimum
<% data["network"].each do |name, value| -%> <% data["network"].each do |name, value| -%>
<% if value["ns"] -%> <% if value["ns"] -%>
IN NS <%= name %>.<%= data["zone"]["domain"] %>. IN NS <%= fqdn(name) %>.<%= data["zone"]["domain"] %>.
<% end -%> <% end -%>
<% end -%> <% end -%>
<% zone.pointers do |name, addr| -%> <% zone.pointers do |name, addr| -%>
<%= addr %> PTR <%= name %>.<%= data["zone"]["domain"] %>. <%= addr %> PTR <%= fqdn(name) %>.<%= data["zone"]["domain"] %>.
<% end -%> <% end -%>