diff options
author | makefu <github@syntax-fehler.de> | 2016-01-19 20:03:40 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2016-01-19 20:03:40 +0100 |
commit | 40c077570d47776abd86694c9a0966cc9849909d (patch) | |
tree | fff6b0689dc4d187f07fa334bd4e226b034f947d /build-stuff/build-host.py | |
parent | a3ea7268d8aa44aa15f5c9c3b99aec77ba362f89 (diff) |
build-stuff/* -> init-stockholm
Diffstat (limited to 'build-stuff/build-host.py')
-rw-r--r-- | build-stuff/build-host.py | 168 |
1 files changed, 0 insertions, 168 deletions
diff --git a/build-stuff/build-host.py b/build-stuff/build-host.py deleted file mode 100644 index 40fbc20..0000000 --- a/build-stuff/build-host.py +++ /dev/null @@ -1,168 +0,0 @@ -#!/bin/sh -""" usage: build-host [options] HOSTNAME - -Options: - --secrets-dir DIR Path to secrets [Default: ~/secrets/] - --stockholm-dir DIR Path to stockholm [Default: ~/stockholm/] - --username USER Primary username of the new host [Default: $LOGNAME] - --create-passwords creates <secrets/hashedPasswords.nix>, password input is interactive - -Tinc keys are stored in secrets-dir/HOSTNAME/retiolum.rsa_key.priv . -For building shared hosts set secrets-dir to `<secrets/krebs/>` -""" -import sys -import os -from os.path import join as path_join,exists -import logging as log -log.basicConfig(level=log.DEBUG) - -def retiolum_ip(hostname): - """ warning this function actually writes stuff to the disk - """ - import ipaddress as ip - from random import randint - - mynet4 = ip.ip_network("10.243.0.0/16") - mynet6 = ip.ip_network("42::/16") - - ret = {"hostname": hostname} - ret["v6"] = str(ip.IPv6Address(mynet6[0] + - randint(0,mynet6.num_addresses)))+"/128" - ret["v4"] = str(ip.IPv4Address(mynet4[0] + - randint(0,mynet4.num_addresses)))+"/32" - return ret - -def write_stockholm_1systems(ret,stockholm_dir): - """ writes new nix file in stockholm/$LOGNAME/1systems/${HOSTNAME}.nix if - it not yet exists""" - p=path_join(stockholm_dir, ret['username'],'1systems',ret['hostname']) - if exists (p): - log.warn(" {} already exists, will not override with minimal config".format(p)) - else: - log.info("Creating {} with minimal config".format(p)) - with open(p,"w+") as f: - f.write("""{{ config, pkgs, ... }}: -{{ - krebs = {{ - enable = true; - build.user = config.krebs.users.{username}; - build.host = config.krebs.hosts.{hostname}; - }}; - # You want to change these :) - boot.loader.grub.device = "/dev/sda"; - fileSystems."/" = {{ - device = "/dev/sda1"; - }}; -}} - """.format(**ret)) - - -def print_stockholm_krebs_entry(ret): - print("""# this entry is autogenerated and can be added to -# stockholm/krebs/3modules/{username}/default.nix -{hostname} = rec {{ - cores = 1; - dc = "none"; - nets = {{ - retiolm = {{ - addrs4 = ["{v4}"]; - addrs6 = ["{v6}"]; - aliases = [ - "{hostname}.retiolum" - ]; - tinc.pubkey = '' -{pubkey}'' - }}; - }}; -}}; - """.format(**ret)) - -def create_zhosts_file(ret,path): - """ creates a new tinc hosts file in path - (stockholm/krebs/Zhosts/$hostname) """ - with open(path,"w+") as f: - for i in ('v4','v6'): - f.write("Subnet = {}\n".format(ret[i])) - f.write(ret['pubkey']) - -def generate_tinc_keys(base): - """ creates tinc public and private keys in `base` - returns rsa public key - """ - from subprocess import Popen,PIPE - import shutil - from os import rmdir - from tempfile import mkdtemp - tmpdir = mkdtemp() - process = Popen(["tinc","--batch","--config",tmpdir,"generate-keys","2048"],stdout=PIPE,stderr=PIPE,stdin=PIPE,bufsize=0) - process.communicate() - for i in ["ed25519_key.priv", "ed25519_key.pub", - "rsa_key.priv","rsa_key.pub"]: - shutil.move(path_join(tmpdir,i),base+"."+i) - # should be empty now - shutil.rmtree(tmpdir) - with open(base+".rsa_key.pub") as pubfile: - return pubfile.read() - -def prepare_secrets(sec): - if not exists(sec): - os.makedirs(sec,mode=488) - log.info("Creating {}".format(sec)) - else: - log.error(" {} already exists".format(sec)) - log.error("Use another hostname or remove the folder to continue") - sys.exit(1) - -def check_existence(files): - for f in files: - if not exists(f): - log.error(" {} does not exist but is a hard requirement for \ -continuing".format(f)) - log.error("Create/Clone the folder or set it to the correct \ -location via cli options (--help)") - log.error(__doc__) - sys.exit(1) - -def create_passwords(sec,usernames): - import crypt - from getpass import getpass - with open(path_join(sec,"hashedPasswords.nix"),"w+") as f: - f.write("{\n") - for usr in usernames: - # TODO: do not block, set password via another channel - pw = getpass("Password for {}:".format(usr)) - crypted = crypt.crypt(pw, crypt.mksalt(crypt.METHOD_SHA512)) - f.write(' {} = "{}";\n'.format(usr,crypted)) - f.write("}\n") - - -def main(): - from os.path import expanduser,expandvars - from docopt import docopt - args = docopt(__doc__) - hostname = args["HOSTNAME"] - secrets_dir = expanduser(args["--secrets-dir"]) - username = expandvars(args["--username"]) - stockholm_dir = expanduser(args["--stockholm-dir"]) - - check_existence([secrets_dir,stockholm_dir]) - - host_secrets = path_join(secrets_dir,hostname) - prepare_secrets(host_secrets) - - ret = retiolum_ip(hostname) - ret['username'] = username - - # generate tinc keys, return pubkey - retiolum = path_join(secrets_dir,hostname,"retiolum") - ret['pubkey'] = generate_tinc_keys(retiolum) - - create_zhosts_file(ret,path_join(stockholm_dir,"krebs/Zhosts",hostname)) - - write_stockholm_1systems(ret,stockholm_dir) - print_stockholm_krebs_entry(ret) - if args["--create-passwords"]: - create_passwords(host_secrets,["root",username]) - -if __name__ == '__main__': - main() |