Jafner/Jafner.net
1
0
Fork 0
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity

Delete deprecated/redundant files for Wizard

Browse Source 
Move inxi report to vyso dir
Fix typo in vyos.sh
Add documentation for using vyos.sh to README
This commit is contained in:
Joey Hafner 2024-10-23 15:27:17 -07:00
parent 5e9029196e
commit 7aa42a7ae8
No known key found for this signature in database
10 changed files with 21 additions and 1045 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
homelab/local-hosts/wizard/config/secrets.env
View File

@ -1,59 +0,0 @@
{
"system_login_user_vyos_authentication_encryptedpassword": "ENC[AES256_GCM,data:LMItDzOvWkn8KJZNPtRx+HBeZ346TWsFW4HRayqBBFVoyGX8aA0TvqjkC+6TLg+YhGNRL/Y4cnXAtePh7sE/NMJ5ihaG9wf+TCklrPmDDzjFXwuIGFhr7sEmgGsmYv0oqL0ztJvfb2buBtAc,iv:fhfMBfkO+UGsoiZr+5bsbYX9+cERGeECgo1oFe4MwGI=,tag:fJJsvZ4REqt3EjAAMvPakg==,type:str]",
"system_login_user_vyos_authentication_otp_key": "ENC[AES256_GCM,data:dPzChtqcRrONEF4IjoosjBoUEi85CdAx5g2oQcU2KHgP8A==,iv:YdXnKZQH0tFzBsCFuLWFLHJ+UVkbak88GprjzHRLIyY=,tag:rs5/cwjkkPUWMHPpacsVWg==,type:str]",
"sops": {
"shamir_threshold": 2,
"key_groups": [
{
"hc_vault": null,
"age": [
{
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdysveFBRQUFtelI5YmVu\nakZmQmdaYmU2bG91K1F4RU51Q1BTMVFWb3dvClc2YitpcU1LK1FuajFrNG9TckRX\nUmE1RVliZmtNUFFjSnNwL3kwa0IzUGMKLS0tIDI4YitzWnNWWlRoU3ZGdXFkZzVn\nc3hoUk9LWEFmYmUwb2p5QWsxUXNPQ0UKGmYlumH9AXTX0kXN0zOOC+atXR7bDZHr\nf/d/qz9ynOJmK1jBhY4I9sxoeifkezWdl1mxkSee6RU0VekZn8GN8c0=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
},
{
"hc_vault": null,
"age": [
{
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzKzBxU0NYTE9BVVZZaWc3\nNit2ZkZWMHRtMmxuL3JaTmQybWpQZTlvZFdzCkxmV0RkeWVxY2pyd0lMWUhtbVBF\nQ0pyMktoeXZYSkFRQ3FBYmI2akwwNlEKLS0tICsxcG9IR3dWc2hJVXI1REI1QU5H\nbnhZbHk4Nks0dGVPVVc5NDFiRkE5LzAKYxZNckU9X0WxSh/CFmAJg8qPc1RE4cH/\nTu/VC5n8AZLkBFWkXGNZH4IxU3drqd2rBBU9oo3bqNl8uqluE89sKxY=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
},
{
"hc_vault": null,
"age": [
{
"recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWnRFRlNROVMxMFNtYWt3\nQkNMaVA2QWphaVVEd0sxc1Vtck5BVXFlZXhjClZjR2F6R0l0SGI1eGhtc3ZidWRU\nK3BGd0xIdXdGSjJia2ZzVFN4bmpRVzgKLS0tIHNPVE5kbUpXS0V4bTRXMHdZUjlH\nV0ZqbC9MbFZFYU9VTUhJU0M2WVc3MVkKAAeJHWVC1eygLtcTU0Bzh8ItfW7KgXJ8\npmpdOGVcdY6UvkTbia7mIIpyonCh4EuCzW+KMrbGcYRYItvwUmOkAm0=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
},
{
"hc_vault": null,
"age": [
{
"recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrbHRwbHVlQ1h3YThOSVZI\nWDlpN2hOTGVZcTluVkJpZU9UT1Y1VHc4Z2hvClAvblRaZCtOQU9DSEtWRnNYdlJU\nc3c5OFN0ZGtuNDhSS25EeC9KL0tyMzAKLS0tIEJvYTRpVjBqSS9PeVRpekIvVG5H\nMktvV0ZWdHgrSjY4RHVzVkt2WjM4TEUKj/UTs+CpHO1/dTOouz3XINlA4WlNERpa\nM0yF2wi5k1+VhrBF/svAulSXkpWH2rZKmY47hunf8r2r+GI30xg9eao=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MGNOQUxQenpReWZ1R0dO\na2lBSmh3dXg4V1hvMzZoV3ZjU1pRS0VRbzBRClhNVU1ETUJsSkhEeFdOYU9kaGRI\naCtYc01KT2ZJWXFrK21nNlFEeUFzSUEKLS0tIHFQckN0eVlJZjJGTkFvNmFCMGlY\nWVJyRUY4aG9IUEZEOG5iMGR2aXNMTGcKMtL2iC5w4UXMv2bkjHgfgLRIX1IbcNao\nRu/rgYbRxYwj9pJVsGk6xslGh2SvWHsBQoAnu6U4LGscXQiT5KXy2BQ=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
}
],
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": null,
"lastmodified": "2024-10-21T21:56:18Z",
"mac": "ENC[AES256_GCM,data:NnBaJ92vq4QZws60NZQNIv7SSuFnMhFY2q2uIio3aIaW/KmMlUhHRS224obBvkqBWbn8zy28IE3AHeVEvKvD4/d17oRB8cafnPimqGaHh/jRmCWOCX1eS9/5cQuE9XLXR/maC6igo+G3mo5rcWrO6UISfUhY7I0qZGwotjfB38E=,iv:idx7KJgXrqUSbwNvvF82jJjpIF2hjyziqC6Op30HNKk=,tag:dH5S8rKtOEilIAxXaYPmwA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

2
homelab/local-hosts/wizard/config/vyos.env
View File

@ -1,2 +0,0 @@
#!/bin/bash
PUBLIC_IP=$(curl ipinfo.io/ip)

787
homelab/local-hosts/wizard/config/vyos.json
View File

@ -1,787 +0,0 @@
{
"firewall": {
"global-options": {
"all-ping": "enable",
"broadcast-ping": "disable",
"ip-src-route": "disable",
"ipv6-receive-redirects": "disable",
"ipv6-src-route": "disable",
"log-martians": "enable",
"receive-redirects": "disable",
"send-redirects": "enable",
"source-validation": "disable",
"syn-cookies": "enable",
"timeout": {
"tcp": {
"time-wait": "15"
}
}
},
"group": {
"interface-group": {
"IG_LAN": {
"interface": [
"eth6"
]
},
"IG_WAN": {
"interface": [
"eth5"
]
}
}
},
"ipv4": {
"forward": {
"filter": {
"default-action": "accept",
"rule": {
"5": {
"action": "jump",
"inbound-interface": {
"name": "eth5"
},
"jump-target": "WAN_IN"
},
"101": {
"action": "accept",
"inbound-interface": {
"group": "IG_LAN"
},
"outbound-interface": {
"group": "IG_LAN"
}
},
"106": {
"action": "jump",
"inbound-interface": {
"group": "IG_WAN"
},
"jump-target": "WAN_IN",
"outbound-interface": {
"group": "IG_LAN"
}
},
"111": {
"action": "drop",
"description": "zone_LAN default-action",
"outbound-interface": {
"group": "IG_LAN"
}
},
"116": {
"action": "accept",
"inbound-interface": {
"group": "IG_WAN"
},
"outbound-interface": {
"group": "IG_WAN"
}
},
"121": {
"action": "jump",
"inbound-interface": {
"group": "IG_LAN"
},
"jump-target": "IN_WAN",
"outbound-interface": {
"group": "IG_WAN"
}
},
"126": {
"action": "drop",
"description": "zone_WAN default-action",
"outbound-interface": {
"group": "IG_WAN"
}
}
}
}
},
"input": {
"filter": {
"default-action": "accept",
"rule": {
"5": {
"action": "jump",
"inbound-interface": {
"name": "eth5"
},
"jump-target": "WAN_LOCAL"
},
"101": {
"action": "jump",
"inbound-interface": {
"group": "IG_LAN"
},
"jump-target": "IN_LOCAL"
},
"106": {
"action": "jump",
"inbound-interface": {
"group": "IG_WAN"
},
"jump-target": "WAN_LOCAL"
},
"111": {
"action": "drop"
}
}
}
},
"name": {
"IN_LOCAL": {
"default-action": "accept"
},
"IN_WAN": {
"default-action": "accept"
},
"LOCAL_IN": {
"default-action": "accept"
},
"LOCAL_WAN": {
"default-action": "accept"
},
"WAN_IN": {
"default-action": "drop",
"description": "WAN to internal",
"rule": {
"10": {
"action": "accept",
"description": "Allow established/related"
},
"20": {
"action": "drop",
"description": "Drop invalid state"
},
"1000": {
"action": "accept",
"description": "Plex",
"destination": {
"port": "32400"
},
"protocol": "tcp_udp"
},
"1001": {
"action": "accept",
"description": "BitTorrent",
"destination": {
"port": "49500"
},
"protocol": "tcp_udp"
},
"1002": {
"action": "accept",
"description": "WireGuard",
"destination": {
"port": "53820-53829"
},
"protocol": "tcp_udp"
},
"1003": {
"action": "accept",
"description": "Minecraft",
"destination": {
"port": "25565"
},
"protocol": "tcp_udp"
},
"1005": {
"action": "accept",
"description": "Web",
"destination": {
"port": "443,80"
},
"protocol": "tcp_udp"
}
}
},
"WAN_LOCAL": {
"default-action": "drop",
"description": "WAN to router",
"rule": {
"10": {
"action": "accept",
"description": "Allow established/related"
},
"20": {
"action": "accept",
"protocol": "icmp"
},
"30": {
"action": "drop",
"description": "Drop invalid state"
}
}
}
},
"output": {
"filter": {
"default-action": "accept",
"rule": {
"101": {
"action": "jump",
"jump-target": "LOCAL_IN",
"outbound-interface": {
"group": "IG_LAN"
}
},
"106": {
"action": "jump",
"jump-target": "LOCAL_WAN",
"outbound-interface": {
"group": "IG_WAN"
}
},
"111": {
"action": "drop"
}
}
}
}
},
"ipv6": {
"forward": {
"filter": {
"default-action": "accept",
"rule": {
"101": {
"action": "accept",
"inbound-interface": {
"group": "IG_LAN"
},
"outbound-interface": {
"group": "IG_LAN"
}
},
"106": {
"action": "drop",
"description": "zone_LAN default-action",
"outbound-interface": {
"group": "IG_LAN"
}
},
"111": {
"action": "accept",
"inbound-interface": {
"group": "IG_WAN"
},
"outbound-interface": {
"group": "IG_WAN"
}
},
"116": {
"action": "drop",
"description": "zone_WAN default-action",
"outbound-interface": {
"group": "IG_WAN"
}
}
}
}
},
"input": {
"filter": {
"default-action": "accept",
"rule": {
"101": {
"action": "drop"
}
}
}
},
"output": {
"filter": {
"default-action": "accept",
"rule": {
"101": {
"action": "drop"
}
}
}
}
}
},
"interfaces": {
"ethernet": {
"eth0": {
"hw-id": "d4:3d:7e:94:6e:eb",
"offload": {
"gro": {}
}
},
"eth5": {
"address": [
"dhcp"
],
"hw-id": "6c:b3:11:32:46:24",
"offload": {
"gro": {},
"gso": {},
"sg": {},
"tso": {}
}
},
"eth6": {
"address": [
"192.168.1.1/24"
],
"description": "Primary Switch",
"duplex": "auto",
"hw-id": "6c:b3:11:32:46:25",
"offload": {
"gro": {},
"gso": {},
"rps": {},
"sg": {},
"tso": {}
},
"speed": "auto"
}
},
"loopback": {
"lo": {}
}
},
"nat": {
"destination": {
"rule": {
"1000": {
"description": "Plex",
"destination": {
"port": "32400"
},
"inbound-interface": {
"name": "eth5"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1001": {
"description": "BitTorrent",
"destination": {
"port": "49500"
},
"inbound-interface": {
"name": "eth5"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1002": {
"description": "WireGuard",
"destination": {
"port": "53820-53829"
},
"inbound-interface": {
"name": "eth5"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1003": {
"description": "Minecraft",
"destination": {
"port": "25565"
},
"inbound-interface": {
"name": "eth5"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1005": {
"description": "Web",
"destination": {
"port": "443,80"
},
"inbound-interface": {
"name": "eth5"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1100": {
"description": "Plex (Hairpin NAT)",
"destination": {
"address": "$PUBLIC_IP",
"port": "32400"
},
"inbound-interface": {
"name": "eth6"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1102": {
"description": "Wireguard (Hairpin NAT)",
"destination": {
"address": "$PUBLIC_IP",
"port": "53820-53829"
},
"inbound-interface": {
"name": "eth6"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1103": {
"description": "Minecraft (Hairpin NAT)",
"destination": {
"address": "$PUBLIC_IP",
"port": "25565"
},
"inbound-interface": {
"name": "eth6"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1105": {
"description": "Web (Hairpin NAT)",
"destination": {
"address": "$PUBLIC_IP",
"port": "80,443"
},
"inbound-interface": {
"name": "eth6"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
}
}
},
"source": {
"rule": {
"99": {
"description": "Masquerade as public IP on internet",
"outbound-interface": {
"name": "eth5"
},
"source": {
"address": "192.168.1.0/24"
},
"translation": {
"address": "masquerade"
}
},
"100": {
"description": "NAT Reflection",
"destination": {
"address": "192.168.1.0/24"
},
"outbound-interface": {
"name": "eth6"
},
"protocol": "tcp_udp",
"source": {
"address": "192.168.1.0/24"
},
"translation": {
"address": "masquerade"
}
}
}
}
},
"qos": {
"interface": {
"eth5": {
"ingress": "LIMITER"
},
"eth6": {
"ingress": "LIMITER"
}
},
"policy": {
"limiter": {
"LIMITER": {
"default": {
"bandwidth": "750mbit",
"burst": "750mbit"
}
}
}
}
},
"service": {
"dhcp-server": {
"shared-network-name": {
"LAN": {
"option": {
"domain-name": "local",
"domain-search": [
"local"
],
"name-server": [
"192.168.1.32"
]
},
"subnet": {
"192.168.1.0/24": {
"lease": "86400",
"option": {
"default-router": "192.168.1.1"
},
"range": {
"1": {
"start": "192.168.1.100",
"stop": "192.168.1.254"
}
},
"static-mapping": {
"U6-Lite": {
"ip-address": "192.168.1.3",
"mac": "78:45:58:67:87:14"
},
"UAP-AC-LR": {
"ip-address": "192.168.1.2",
"mac": "18:e8:29:50:f7:5b"
},
"barbarian": {
"ip-address": "192.168.1.10",
"mac": "40:8d:5c:52:41:89"
},
"joey-desktop": {
"ip-address": "192.168.1.100",
"mac": "04:92:26:DA:BA:C5"
},
"joey-server2": {
"ip-address": "192.168.1.24",
"mac": "24:4b:fe:57:bc:85"
},
"joey-server3": {
"ip-address": "192.168.1.25",
"mac": "78:45:c4:05:4f:21"
},
"joey-server4": {
"ip-address": "192.168.1.26",
"mac": "90:2b:34:37:ce:e8"
},
"monk": {
"ip-address": "192.168.1.11",
"mac": "90:2b:34:37:ce:ea"
},
"paladin": {
"ip-address": "192.168.1.12",
"mac": "00:02:c9:50:d6:9a"
},
"pihole1": {
"ip-address": "192.168.1.21",
"mac": "b8:27:eb:3c:8e:bb"
},
"pihole2": {
"ip-address": "192.168.1.22",
"mac": "b8:27:eb:ff:76:6e"
},
"tasmota-1": {
"ip-address": "192.168.1.50",
"mac": "3C:61:05:F6:44:1E"
},
"tasmota-2": {
"ip-address": "192.168.1.51",
"mac": "3c:61:05:f6:d7:d3"
},
"tasmota-3": {
"ip-address": "192.168.1.52",
"mac": "3c:61:05:f6:f0:62"
},
"tasmota-55": {
"ip-address": "192.168.1.55",
"mac": "3C:61:05:F7:1F:C4"
},
"tasmota-cowboy-day": {
"disable": {},
"ip-address": "192.168.1.52",
"mac": "3C:61:05:F6:F0:62"
},
"tasmota-figment-day": {
"ip-address": "192.168.1.53",
"mac": "3C:61:05:F6:60:A1"
},
"tasmota-figment-night": {
"ip-address": "192.168.1.54",
"mac": "3C:61:05:F7:34:CD"
},
"tasmota-lab-rack": {
"disable": {},
"ip-address": "192.168.1.51",
"mac": "3C:61:05:F6:D7:D3"
},
"tasmota-sprout-day": {
"ip-address": "192.168.1.57",
"mac": "3C:61:05:F7:52:DB"
},
"tasmota-toes-day": {
"disable": {},
"ip-address": "192.168.1.50",
"mac": "3C:61:05:F6:44:1E"
},
"tasmota-toes-night": {
"ip-address": "192.168.1.56",
"mac": "3C:61:05:F7:33:29"
},
"wyse1": {
"ip-address": "192.168.1.31",
"mac": "6c:2b:59:37:89:40"
},
"wyse2": {
"ip-address": "192.168.1.32",
"mac": "6c:2b:59:37:9e:91"
},
"wyse3": {
"ip-address": "192.168.1.33",
"mac": "6c:2b:59:37:9e:00"
}
},
"subnet-id": "1"
}
}
}
}
},
"dns": {
"forwarding": {
"allow-from": [
"192.168.1.0/24"
],
"cache-size": "1000000",
"listen-address": [
"192.168.1.1"
],
"name-server": {
"192.168.1.32": {}
}
}
},
"monitoring": {
"telegraf": {
"prometheus-client": {}
}
},
"ntp": {
"allow-client": {
"address": [
"0.0.0.0/0",
"::/0"
]
},
"server": {
"time-a-wwv.nist.gov": {},
"time-b-wwv.nist.gov": {},
"time-c-wwv.nist.gov": {},
"time-d-wwv.nist.gov": {},
"time-e-wwv.nist.gov": {}
}
},
"ssh": {
"disable-password-authentication": {},
"port": [
"22"
]
}
},
"system": {
"config-management": {
"commit-revisions": "200"
},
"conntrack": {
"expect-table-size": "8192",
"hash-size": "32768",
"modules": {
"ftp": {},
"h323": {},
"nfs": {},
"pptp": {},
"sip": {},
"sqlnet": {},
"tftp": {}
},
"table-size": "262144",
"timeout": {}
},
"console": {
"device": {
"ttyS0": {
"speed": "115200"
}
}
},
"host-name": "vyos",
"login": {
"banner": {},
"user": {
"vyos": {
"authentication": {
"encrypted-password": "$system_login_user_vyos_authentication_encryptedpassword",
"otp": {
"key": "$system_login_user_vyos_authentication_otp_key",
"rate-limit": "3",
"rate-time": "30",
"window-size": "3"
},
"public-keys": {
"deploy@gitea.jafner.tools": {
"key": "AAAAC3NzaC1lZDI1NTE5AAAAIBzQU/ZbpLXgAXUImNKNfkyEkggRfgVDCozOVby/CLMR",
"type": "ssh-ed25519"
},
"jafner425@gmail.com": {
"key": "AAAAC3NzaC1lZDI1NTE5AAAAIMbzncsWNWxoDSqeva/ZoGHv32A0ggUMWfzx2Gz6Kmkk",
"type": "ssh-ed25519"
}
}
}
}
}
},
"name-server": [
"192.168.1.32",
"eth5"
],
"option": {
"performance": "latency"
},
"syslog": {
"global": {
"facility": {
"all": {
"level": "info"
},
"local7": {
"level": "debug"
}
}
}
},
"task-scheduler": {
"task": {
"cfddns-jafner-net": {
"executable": {
"arguments": "jafner.net $(cat /config/scripts/cloudflare.token)",
"path": "/config/scripts/cfddns.sh"
},
"interval": "1d"
}
}
},
"time-zone": "America/Los_Angeles"
}
}

50
homelab/local-hosts/wizard/scripts/cfddns.sh
View File

@ -1,50 +0,0 @@
#!/bin/bash
# Takes two positional arguments:
# $1 is the name of the zone to update
# E.g. jafner.net
# $2 is an auth token for Cloudflare;
# Must have the following permissions
# for the given zone:
# - Zone: Read
# - DNS: Read
# - DNS: Edit
function cfddns () {
ZONE=$1
TOKEN=$2
# 1. Get the zone ID from the zone name
ZONE_ID=$(
curl -s \
-X GET "https://api.cloudflare.com/client/v4/zones" \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type:application/json" |\
jq -r --arg NAME "$ZONE" '.[] | .[]? | select(.name?==$NAME) | .id' 2>/dev/null |\
xargs
); echo $ZONE_ID
# 2. Get the record ID of the root A record
RECORD_ID=$(
curl -s \
-X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \
--header "Authorization: Bearer $TOKEN" \
--header 'Content-Type:application/json' |\
jq -r --arg NAME "$ZONE" '.[] | .[]? | select(.type=="A") | select(.name?==$NAME) | .id' 2>/dev/null |\
xargs
); echo $RECORD_ID
# 3. Compose the json payload for the record to push
DATA=$(jq --null-input \
--arg CONTENT "$(curl -s ipinfo.io/ip)" \
--arg NAME "$ZONE" \
'{"content": $CONTENT, "name": $NAME, "type": "A"}'
); echo $DATA
# 4. Finally submit the updated record to Cloudflare
curl --request PUT \
--url https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID \
--header "Authorization: Bearer $TOKEN" \
--header 'Content-Type:application/json' \
--data "$DATA" > /dev/null 2>&1
}
cfddns $1 $2

58
homelab/local-hosts/wizard/scripts/cloudflare.token
View File

@ -1,58 +0,0 @@
{
"data": "ENC[AES256_GCM,data:WW3tLEQ5gpskDW0sbRuEoUPrtEq5CURCIQyF0/g5CrUJNzKCYZdoOQ==,iv:m2zxDMWh2EQSGesLOMoF33nM2k2VMfDxSLHHr1dHk98=,tag:+dmidHt4ZLNg7RJZZili6g==,type:str]",
"sops": {
"shamir_threshold": 2,
"key_groups": [
{
"hc_vault": null,
"age": [
{
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibVM4VEJxazRwZ21KQVk1\nc1hTU0tncDIvdHFTN2FDM0dpWCsva24zZFdzCm1lV3NlZmQ3TFV5RmVaOUY4Ungw\neE82OHFUVTdjRmw5OGgvc1lvMUNpTUEKLS0tIEpoS1FiTmxXazk5TmQwZER6dUZN\nMzlRUlN4RkV3R1dDQi9XMWdpc3NCbFUKTOJKhnNxIzKtqJzXyp5MWFgzEsahvL/c\nP+bhXBXDFqr8BF/kvgGlW8JqvBOWFZrF25LKTIx2W6ikCn2b2iGc3ZE=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
},
{
"hc_vault": null,
"age": [
{
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0R3Y4c1dNTGhtRmNMV201\nS0VnYWJWL0J3ZG92cTZ6anROT1pyVFlidGpNCm1zQmZoanFHRnpCUHZiTFpXbGRP\nNmxha2pQZ2czcEhwV3krK09IaTl5UFEKLS0tIE12QUxyclM1YW0rQVJSRjBCOHU0\nZmVRVERHamRtSGhaT1d6dW80ZGo1bnMKk6tWBHMkOZcoE2dZ7Wp9ots0AVxgrjhM\nB3Rlmt3qxB01cmTJoPEuVnm9PtvWsMEApjphzsGH7Ko7aJLEmfXXK7w=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
},
{
"hc_vault": null,
"age": [
{
"recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhc1QrNEFwaG1JZFNUQXR3\nckNTbk9jNGx4Q1hBNkUvUmlNMHFXWnRtNVcwCkUzVHVFOWEzcXBTUVd5UW9sNEpu\nQ05XQXhiS3c2NWdCaVptQ2ZGZWF4Qk0KLS0tIFJEWVhTME5kOVdRWnRUZTJkb2hL\nNjMxRXB0VjByRVA5Z2NFeGowVktZeVEK6N2RPbcogdBOc3lmulptkwhsYm6wzm6O\nWU5yIVmArIfo0fozlUl3DbsFOims2HxeD9Kx8CrlqJZ7lnbomPkKsjI=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
},
{
"hc_vault": null,
"age": [
{
"recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZMDZPZ1ZiNnFJcWFsUm1j\nOUp0YmI3MmFuWjJEUWkyYmd0bUNkRVF0WlIwCm9hUHVrbHV1ajkrVXlna0xzU2Jy\nclFDMkhMd0t4L0hlczRETHVOTllXYW8KLS0tIHAyenBTZ2VFTHFZRCtVQ1ZtV0Qx\nZUtNNzgyNktlUHgvU0xZRm1HUlpoTjAKZ0qN1YN4hUBgQfcs26/BI+PjtfheNwUP\noD6yd1B8VIyOuWJnw1b5x4n3r+bVsWnYfN43wVR4zvaoNSA1gCk1Q+w=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0S1JJeW1NUm5EUCtuNmRn\nYjliNkh6VzFVRCtza3pVdmJYalZ0VUdRUXpjCkl1UUdmTTRxR0ZMZWgzZHVmTmla\neDdVUzE3TUtMdUFFVEtvNkFTUzZvS00KLS0tIE9qSm9NL21xc1l0NlhIdmxtMlJm\nSENLdEJxK0VGWUdlT3NYWCt4QXJrYWMKf2kz7iWe7ggIxsXi9EKWVh2N0FhlNjv6\n/fH0Cg6o7lNS6CF2/cgQBnLnyjfH0iRlO5B/8p3x9TrQJ59FS7/58d8=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
}
],
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": null,
"lastmodified": "2024-10-21T21:56:18Z",
"mac": "ENC[AES256_GCM,data:rZ8mJQpBH9H+dAoeUnItgfjaK1fA9HMh5DHidcplbQNQOmKpnLeuHEVMnGoAlAdGUIzvvvpd65bONLbNWBrACIcWOjuJ7pETCcb1zB8pUBvkzTTkONuv+mhtYsLoV+uxStf43zZ1++gtiYeWhx3Jx8Nad3OK5TqsWcc7aXi2tN4=,iv:5TxYIHV9coFG+A/uYjqw+EiR1F+2n3W4Fjfr1qgEwYs=,tag:UNo+oeS4zNVGiteEZpPfVw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

30
homelab/local-hosts/wizard/scripts/ipupdate.sh
View File

@ -1,30 +0,0 @@
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template
SCRIPT_PATH="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
WEBHOOK_URL="$(cat $SCRIPT_PATH/webhook.token)"
NAT_COMMANDS="$(run show configuration commands | grep 'set nat destination' | grep 'destination address')"
# Assert all destination nat rules use the same IP
if [[ "$(echo "$NAT_COMMANDS" | cut -d' ' -f8 | sort -u | wc -l)" != "1" ]]; then
curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$SCRIPT_PATH/ipupdate.sh: Error: Existing NAT rules are not consistent\"}" $WEBHOOK_URL
fi
# Get new and old public IPs
PUBLIC_IP="$(curl -s ipinfo.io/ip)"
echo "$NAT_COMMANDS" | cut -d' ' -f-7 | while read line; do echo $line "$PUBLIC_IP"; done > /tmp/commands
configure; source /tmp/commands > /dev/null; rm /tmp/commands
compare |\
if [[ "$(cat -)" != *"No changes between working and active configurations."* ]]; then
curl -s -o /dev/null -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$SCRIPT_PATH/ipupdate.sh: Info: Attempting to update hairpin NAT rules. New public IP: $PUBLIC_IP\"}" $WEBHOOK_URL
{ # try commit, save, exit
commit && save && exit
} || { # catch, exit discard and create a very basic error file
exit discard
curl -s -o /dev/null -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$SCRIPT_PATH/ipupdate.sh: Error: Failed during commit, save, exit.\"}" $WEBHOOK_URL
}
else
exit
fi

58
homelab/local-hosts/wizard/scripts/webhook.token
View File

@ -1,58 +0,0 @@
{
"data": "ENC[AES256_GCM,data:ACj5JKudyqsk+L4+JnoGtbsIrHcH+DFk77TSGIT92mssquBIc0gKmGbhc9BTMnI4CoaBrg1Mu/uagTcWqVR+rHaMAVYCL8LsExKgXAwd4+cjhOAOe6s/CSM7kbEKwi0VPFJ2MuU3PPsyhFnO0xJ82Q/gBYUoTE4QXA==,iv:hgv0UkuJnNAY+1KLyMUzGNT7oMZAjy8tHJgTjKFAvMo=,tag:pc5kmIqByzZiCmvMFxLXzw==,type:str]",
"sops": {
"shamir_threshold": 2,
"key_groups": [
{
"hc_vault": null,
"age": [
{
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Nml2OEF4cjVVTDN4Zklu\nVDkycmQ3TG5jSjM5TzY3ZnZrakkrOEM3VHkwCjBVbXhQV2dJNXNsd3B0L1JJZ00z\neFJpbHZQSVJKSWhSSmxlZUh6V0xnUjAKLS0tIHN2c01DQ1JCek84RzFqL1FBMkJK\nZUNPdlNxSS9YUmg5OG9vVzZBUnJMaFUKfw79TYGNLFAo6xx9vr2w/5vnOLs0uURe\nVnmqFrVW6XAOHjgjtcaD/eD1P5cVlgnx1PU9bObcWSosehn26TgBovQ=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
},
{
"hc_vault": null,
"age": [
{
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaek4xTko0dllvM2FsY3pu\nNXVxbGFlUlRVOTNJZWJjWWVrczJ1bjE1T0JFCjNkR21iTGNvTXFpT3pOdkQ1dW1D\naVBXZWxQTWxKUmt2ZmVLZ3RQU0lDUzgKLS0tIE94M3dkUXVrV3paR1NSOWpBdEJP\nYkxxdFVTYzZFd1NGMWZkcVhXRmgzcjAKBKW2qcLAPboA4vx+UZdqcbRurU6mIz3i\nWbNbDGuZkVdEIuZEMtNQKEIcatsG7QrOhdVVdRxqA08qFj/jTKfBQxY=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
},
{
"hc_vault": null,
"age": [
{
"recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cW9yOUI3aExZdTJodzlO\nKzdkbFdINkNQeS90aFBpOGlST1F3NHp6a1FrCm1yNkI0K2c3S2I1YXMxbHh1bVFj\nVy8yWVhhaVNhZ2JlMFBILzA5aUVVVzgKLS0tIHIvSHdLb3ZUYlVHL2pxQnFKQktT\nMDlYeWxrWG1DS2JHb2J0NVRQYXk1a2MKBB6hlGFXQZJqASgOnstueoKu8FqD3YBq\nHtXBVZrDo3M8rcapXwewyvO1eRIy0mToCDZEj189htWYtoqxUW6UnfQ=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
},
{
"hc_vault": null,
"age": [
{
"recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrbEFxWXNlWjgwSEY4dlpm\nTFh3b1BZNHNGbTN6RjVHNlRpaGtVMlo3NUgwCjA5WHlHM0NtNXdVWG5EQlBUMWVZ\nTTNUYmgrNDU3NGVDaFN5WnFSZC8zUFUKLS0tIFpLZncxbnJkRHloSHZkNDN3Q0do\naGJReXVhL1QwN25zL0FpV1JTd2F1TWMKLXSL0lvzyfEkXMGbWR13Xldidzj4GgTQ\n/USb8PVJCou8YwAjdy28sp99gm6DzPEGVd/PImO3dBvomuC088c8EVg=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTcHJYTUR0eU8vbkxNM09N\nbExuNG5tamZmN3pPNm9FdkdzamEvaUUzL3dnCnRwd2t0aHRmYS83SEMvVkg3R2pn\nT2Q1QXhaa3BlVDFtUG94SWw0ODFybnMKLS0tIHFiVzcvMEt1VDBzR0xTTE1NeCsv\nM2NZYnYxeXJldm0yNXpPVU9iL3RsUjQKzVoWU4H6X4479rhWrwcjrxEz6X5N//+Y\nbvqcBe2Ype/IW8gFo4hFQsHG7acDKQmYu86mg1TKxlnviLM6mn16wv0=\n-----END AGE ENCRYPTED FILE-----\n"
}
]
}
],
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": null,
"lastmodified": "2024-10-21T21:56:18Z",
"mac": "ENC[AES256_GCM,data:ujHnenWKEwVR7xWUoO+sl9I+LMPYfPzNVK7pSsTF+YbEQwJcBbochogjzRoDfAQbybv4iWKQA7iIpaUqa0/UlyjaUgXcJryLfGuGn2Gu0k0c3y93gn2fpzgW9LEfRYbMfm5le5WMfd6GeyAejFMc5Ku8/brOuQqFlhBRNZRLBPo=,iv:5ER4xgf3o8rzvstz/RuTS05S+obpzUqozk2ydyOY+lg=,tag:B3i98bLzr78ufGkMyMwwtA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

20
homelab/local-hosts/wizard/README.md → homelab/vyos/README.md
View File

@ -1,3 +1,23 @@
# Working With VyOS
We have a helper script, [`vyos.sh`](./vyos.sh) that provides useful utilities for interacting with our VyOS host.
Run `alias vy="$(realpath ./vyos.sh)"` for faster usage.
- The host to interact with is configured via the `VYOS_TARGET` near the top of the script.
- `get_config_saved` Prints the contents of `/config/config.boot` to stdout.
- `get_config_active` Prints the active config (like `show` in config mode) to stdout.
- `post_config` Copies the local `config.boot` to the remote `/home/vyos/config.boot`.
- `load_config` Enters config mode and runs `load /home/vyos/config.boot`, then attempts to `commit; exit` (note: does not save config).
- `save_config` Enters config mode and runs `save; exit`.
- `op` Runs the proceding commands in op mode on the target.
## Workflow Examples
1. Pull the latest config with `vy get_config_saved > config.boot`
2. Edit the config file with the desired changes.
3. Push the changes to the remote with `vy post_config && vy load_config && vy save_config`
This workflow is provided with a compound function from the helper script; `vy edit`.
# Update VyOS
1. Navigate to [VyOS nightly builds](https://vyos.net/get/nightly-builds/) and copy the link for the most recent build.
2. SSH into the VyOS host and run `add system image <link to build image>`

0
homelab/local-hosts/wizard/inxi.txt → homelab/vyos/inxi.txt
View File

2
homelab/vyos/vyos.sh
View File

@ -18,7 +18,7 @@ function get_config_active () {
# Push local ./config.boot to remote /home/vyos/config.boot
function post_config () {
scp -q ./config.boot :/home/vyos/config.boot
scp -q ./config.boot $VYOS_TARGET:/home/vyos/config.boot
}
function load_config () {