From 40c077570d47776abd86694c9a0966cc9849909d Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 19 Jan 2016 20:03:40 +0100 Subject: build-stuff/* -> init-stockholm --- README | 2 +- build-stuff/build-host.py | 168 ---------------------------------------------- init-stockholm/host.py | 168 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 169 insertions(+), 169 deletions(-) delete mode 100644 build-stuff/build-host.py create mode 100644 init-stockholm/host.py diff --git a/README b/README index 6b2515a..8a930ef 100644 --- a/README +++ b/README @@ -1,6 +1,6 @@ # Build-Stuff -Init stuff for stockholm, see `build-stuff/build-host.py --help` for usage. +Init stuff for stockholm, see `init-stockholm/host.py --help` for usage. # TODO diff --git a/build-stuff/build-host.py b/build-stuff/build-host.py deleted file mode 100644 index 40fbc20..0000000 --- a/build-stuff/build-host.py +++ /dev/null @@ -1,168 +0,0 @@ -#!/bin/sh -""" usage: build-host [options] HOSTNAME - -Options: - --secrets-dir DIR Path to secrets [Default: ~/secrets/] - --stockholm-dir DIR Path to stockholm [Default: ~/stockholm/] - --username USER Primary username of the new host [Default: $LOGNAME] - --create-passwords creates , password input is interactive - -Tinc keys are stored in secrets-dir/HOSTNAME/retiolum.rsa_key.priv . -For building shared hosts set secrets-dir to `` -""" -import sys -import os -from os.path import join as path_join,exists -import logging as log -log.basicConfig(level=log.DEBUG) - -def retiolum_ip(hostname): - """ warning this function actually writes stuff to the disk - """ - import ipaddress as ip - from random import randint - - mynet4 = ip.ip_network("10.243.0.0/16") - mynet6 = ip.ip_network("42::/16") - - ret = {"hostname": hostname} - ret["v6"] = str(ip.IPv6Address(mynet6[0] + - randint(0,mynet6.num_addresses)))+"/128" - ret["v4"] = str(ip.IPv4Address(mynet4[0] + - randint(0,mynet4.num_addresses)))+"/32" - return ret - -def write_stockholm_1systems(ret,stockholm_dir): - """ writes new nix file in stockholm/$LOGNAME/1systems/${HOSTNAME}.nix if - it not yet exists""" - p=path_join(stockholm_dir, ret['username'],'1systems',ret['hostname']) - if exists (p): - log.warn(" {} already exists, will not override with minimal config".format(p)) - else: - log.info("Creating {} with minimal config".format(p)) - with open(p,"w+") as f: - f.write("""{{ config, pkgs, ... }}: -{{ - krebs = {{ - enable = true; - build.user = config.krebs.users.{username}; - build.host = config.krebs.hosts.{hostname}; - }}; - # You want to change these :) - boot.loader.grub.device = "/dev/sda"; - fileSystems."/" = {{ - device = "/dev/sda1"; - }}; -}} - """.format(**ret)) - - -def print_stockholm_krebs_entry(ret): - print("""# this entry is autogenerated and can be added to -# stockholm/krebs/3modules/{username}/default.nix -{hostname} = rec {{ - cores = 1; - dc = "none"; - nets = {{ - retiolm = {{ - addrs4 = ["{v4}"]; - addrs6 = ["{v6}"]; - aliases = [ - "{hostname}.retiolum" - ]; - tinc.pubkey = '' -{pubkey}'' - }}; - }}; -}}; - """.format(**ret)) - -def create_zhosts_file(ret,path): - """ creates a new tinc hosts file in path - (stockholm/krebs/Zhosts/$hostname) """ - with open(path,"w+") as f: - for i in ('v4','v6'): - f.write("Subnet = {}\n".format(ret[i])) - f.write(ret['pubkey']) - -def generate_tinc_keys(base): - """ creates tinc public and private keys in `base` - returns rsa public key - """ - from subprocess import Popen,PIPE - import shutil - from os import rmdir - from tempfile import mkdtemp - tmpdir = mkdtemp() - process = Popen(["tinc","--batch","--config",tmpdir,"generate-keys","2048"],stdout=PIPE,stderr=PIPE,stdin=PIPE,bufsize=0) - process.communicate() - for i in ["ed25519_key.priv", "ed25519_key.pub", - "rsa_key.priv","rsa_key.pub"]: - shutil.move(path_join(tmpdir,i),base+"."+i) - # should be empty now - shutil.rmtree(tmpdir) - with open(base+".rsa_key.pub") as pubfile: - return pubfile.read() - -def prepare_secrets(sec): - if not exists(sec): - os.makedirs(sec,mode=488) - log.info("Creating {}".format(sec)) - else: - log.error(" {} already exists".format(sec)) - log.error("Use another hostname or remove the folder to continue") - sys.exit(1) - -def check_existence(files): - for f in files: - if not exists(f): - log.error(" {} does not exist but is a hard requirement for \ -continuing".format(f)) - log.error("Create/Clone the folder or set it to the correct \ -location via cli options (--help)") - log.error(__doc__) - sys.exit(1) - -def create_passwords(sec,usernames): - import crypt - from getpass import getpass - with open(path_join(sec,"hashedPasswords.nix"),"w+") as f: - f.write("{\n") - for usr in usernames: - # TODO: do not block, set password via another channel - pw = getpass("Password for {}:".format(usr)) - crypted = crypt.crypt(pw, crypt.mksalt(crypt.METHOD_SHA512)) - f.write(' {} = "{}";\n'.format(usr,crypted)) - f.write("}\n") - - -def main(): - from os.path import expanduser,expandvars - from docopt import docopt - args = docopt(__doc__) - hostname = args["HOSTNAME"] - secrets_dir = expanduser(args["--secrets-dir"]) - username = expandvars(args["--username"]) - stockholm_dir = expanduser(args["--stockholm-dir"]) - - check_existence([secrets_dir,stockholm_dir]) - - host_secrets = path_join(secrets_dir,hostname) - prepare_secrets(host_secrets) - - ret = retiolum_ip(hostname) - ret['username'] = username - - # generate tinc keys, return pubkey - retiolum = path_join(secrets_dir,hostname,"retiolum") - ret['pubkey'] = generate_tinc_keys(retiolum) - - create_zhosts_file(ret,path_join(stockholm_dir,"krebs/Zhosts",hostname)) - - write_stockholm_1systems(ret,stockholm_dir) - print_stockholm_krebs_entry(ret) - if args["--create-passwords"]: - create_passwords(host_secrets,["root",username]) - -if __name__ == '__main__': - main() diff --git a/init-stockholm/host.py b/init-stockholm/host.py new file mode 100644 index 0000000..8740f33 --- /dev/null +++ b/init-stockholm/host.py @@ -0,0 +1,168 @@ +#!/bin/sh +""" usage: init-host [options] HOSTNAME + +Options: + --secrets-dir DIR Path to secrets [Default: ~/secrets/] + --stockholm-dir DIR Path to stockholm [Default: ~/stockholm/] + --username USER Primary username of the new host [Default: $LOGNAME] + --create-passwords creates , password input is interactive + +Tinc keys are stored in secrets-dir/HOSTNAME/retiolum.rsa_key.priv . +For building shared hosts set secrets-dir to `` +""" +import sys +import os +from os.path import join as path_join,exists +import logging as log +log.basicConfig(level=log.DEBUG) + +def retiolum_ip(hostname): + """ warning this function actually writes stuff to the disk + """ + import ipaddress as ip + from random import randint + + mynet4 = ip.ip_network("10.243.0.0/16") + mynet6 = ip.ip_network("42::/16") + + ret = {"hostname": hostname} + ret["v6"] = str(ip.IPv6Address(mynet6[0] + + randint(0,mynet6.num_addresses)))+"/128" + ret["v4"] = str(ip.IPv4Address(mynet4[0] + + randint(0,mynet4.num_addresses)))+"/32" + return ret + +def write_stockholm_1systems(ret,stockholm_dir): + """ writes new nix file in stockholm/$LOGNAME/1systems/${HOSTNAME}.nix if + it not yet exists""" + p=path_join(stockholm_dir, + ret['username'],'1systems', + "{}.nix".format(ret['hostname'])) + if exists (p): + log.warn(" {} already exists, will not override with minimal config".format(p)) + else: + log.info("Creating {} with minimal config".format(p)) + with open(p,"w+") as f: + f.write("""{{ config, pkgs, ... }}: +{{ + krebs = {{ + enable = true; + build.user = config.krebs.users.{username}; + build.host = config.krebs.hosts.{hostname}; + }}; + # You want to change these :) + boot.loader.grub.device = "/dev/sda"; + fileSystems."/" = {{ + device = "/dev/sda1"; + }}; +}}""".format(**ret)) + + +def print_stockholm_krebs_entry(ret): + print("""# this entry is autogenerated and can be added to +# stockholm/krebs/3modules/{username}/default.nix +{hostname} = rec {{ + cores = 1; + dc = "none"; + nets = {{ + retiolm = {{ + addrs4 = ["{v4}"]; + addrs6 = ["{v6}"]; + aliases = [ + "{hostname}.retiolum" + ]; + tinc.pubkey = '' +{pubkey}''; + }}; + }}; +}};""".format(**ret)) + +def create_zhosts_file(ret,path): + """ creates a new tinc hosts file in path + (stockholm/krebs/Zhosts/$hostname) """ + with open(path,"w+") as f: + for i in ('v4','v6'): + f.write("Subnet = {}\n".format(ret[i])) + f.write(ret['pubkey']) + +def generate_tinc_keys(base): + """ creates tinc public and private keys in `base` + returns rsa public key + """ + from subprocess import Popen,PIPE + import shutil + from os import rmdir + from tempfile import mkdtemp + tmpdir = mkdtemp() + process = Popen(["tinc","--batch","--config",tmpdir,"generate-keys","2048"],stdout=PIPE,stderr=PIPE,stdin=PIPE,bufsize=0) + process.communicate() + for i in ["ed25519_key.priv", "ed25519_key.pub", + "rsa_key.priv","rsa_key.pub"]: + shutil.move(path_join(tmpdir,i),base+"."+i) + # should be empty now + shutil.rmtree(tmpdir) + with open(base+".rsa_key.pub") as pubfile: + return pubfile.read() + +def prepare_secrets(sec): + if not exists(sec): + os.makedirs(sec,mode=488) + log.info("Creating {}".format(sec)) + else: + log.error(" {} already exists".format(sec)) + log.error("Use another hostname or remove the folder to continue") + sys.exit(1) + +def check_existence(files): + for f in files: + if not exists(f): + log.error(" {} does not exist but is a hard requirement for \ +continuing".format(f)) + log.error("Create/Clone the folder or set it to the correct \ +location via cli options (--help)") + log.error(__doc__) + sys.exit(1) + +def create_passwords(sec,usernames): + import crypt + from getpass import getpass + with open(path_join(sec,"hashedPasswords.nix"),"w+") as f: + f.write("{\n") + for usr in usernames: + # TODO: do not block, set password via another channel + pw = getpass("Password for {}:".format(usr)) + crypted = crypt.crypt(pw, crypt.mksalt(crypt.METHOD_SHA512)) + f.write(' {} = "{}";\n'.format(usr,crypted)) + f.write("}\n") + + +def main(): + from os.path import expanduser,expandvars + from docopt import docopt + args = docopt(__doc__) + hostname = args["HOSTNAME"] + secrets_dir = expanduser(args["--secrets-dir"]) + username = expandvars(args["--username"]) + stockholm_dir = expanduser(args["--stockholm-dir"]) + + check_existence([secrets_dir,stockholm_dir]) + + host_secrets = path_join(secrets_dir,hostname) + prepare_secrets(host_secrets) + + ret = retiolum_ip(hostname) + ret['username'] = username + + # generate tinc keys, return pubkey + retiolum = path_join(secrets_dir,hostname,"retiolum") + ret['pubkey'] = generate_tinc_keys(retiolum) + + create_zhosts_file(ret,path_join(stockholm_dir,"krebs/Zhosts",hostname)) + + write_stockholm_1systems(ret,stockholm_dir) + print_stockholm_krebs_entry(ret) + if args["--create-passwords"]: + create_passwords(host_secrets,["root",username]) + +if __name__ == '__main__': + main() -- cgit v1.2.3