From 7aa42a7ae87d8153f90c2623e20c35eae60d6b82 Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Wed, 23 Oct 2024 15:27:17 -0700 Subject: [PATCH] Delete deprecated/redundant files for Wizard Move inxi report to vyso dir Fix typo in vyos.sh Add documentation for using vyos.sh to README --- homelab/local-hosts/wizard/config/secrets.env | 59 -- homelab/local-hosts/wizard/config/vyos.env | 2 - homelab/local-hosts/wizard/config/vyos.json | 787 ------------------ homelab/local-hosts/wizard/scripts/cfddns.sh | 50 -- .../wizard/scripts/cloudflare.token | 58 -- .../local-hosts/wizard/scripts/ipupdate.sh | 30 - .../local-hosts/wizard/scripts/webhook.token | 58 -- .../{local-hosts/wizard => vyos}/README.md | 20 + homelab/{local-hosts/wizard => vyos}/inxi.txt | 0 homelab/vyos/vyos.sh | 2 +- 10 files changed, 21 insertions(+), 1045 deletions(-) delete mode 100644 homelab/local-hosts/wizard/config/secrets.env delete mode 100644 homelab/local-hosts/wizard/config/vyos.env delete mode 100644 homelab/local-hosts/wizard/config/vyos.json delete mode 100644 homelab/local-hosts/wizard/scripts/cfddns.sh delete mode 100644 homelab/local-hosts/wizard/scripts/cloudflare.token delete mode 100644 homelab/local-hosts/wizard/scripts/ipupdate.sh delete mode 100644 homelab/local-hosts/wizard/scripts/webhook.token rename homelab/{local-hosts/wizard => vyos}/README.md (86%) rename homelab/{local-hosts/wizard => vyos}/inxi.txt (100%) diff --git a/homelab/local-hosts/wizard/config/secrets.env b/homelab/local-hosts/wizard/config/secrets.env deleted file mode 100644 index 46c6bc59..00000000 --- a/homelab/local-hosts/wizard/config/secrets.env +++ /dev/null @@ -1,59 +0,0 @@ -{ - "system_login_user_vyos_authentication_encryptedpassword": "ENC[AES256_GCM,data:LMItDzOvWkn8KJZNPtRx+HBeZ346TWsFW4HRayqBBFVoyGX8aA0TvqjkC+6TLg+YhGNRL/Y4cnXAtePh7sE/NMJ5ihaG9wf+TCklrPmDDzjFXwuIGFhr7sEmgGsmYv0oqL0ztJvfb2buBtAc,iv:fhfMBfkO+UGsoiZr+5bsbYX9+cERGeECgo1oFe4MwGI=,tag:fJJsvZ4REqt3EjAAMvPakg==,type:str]", - "system_login_user_vyos_authentication_otp_key": "ENC[AES256_GCM,data:dPzChtqcRrONEF4IjoosjBoUEi85CdAx5g2oQcU2KHgP8A==,iv:YdXnKZQH0tFzBsCFuLWFLHJ+UVkbak88GprjzHRLIyY=,tag:rs5/cwjkkPUWMHPpacsVWg==,type:str]", - "sops": { - "shamir_threshold": 2, - "key_groups": [ - { - "hc_vault": null, - "age": [ - { - "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdysveFBRQUFtelI5YmVu\nakZmQmdaYmU2bG91K1F4RU51Q1BTMVFWb3dvClc2YitpcU1LK1FuajFrNG9TckRX\nUmE1RVliZmtNUFFjSnNwL3kwa0IzUGMKLS0tIDI4YitzWnNWWlRoU3ZGdXFkZzVn\nc3hoUk9LWEFmYmUwb2p5QWsxUXNPQ0UKGmYlumH9AXTX0kXN0zOOC+atXR7bDZHr\nf/d/qz9ynOJmK1jBhY4I9sxoeifkezWdl1mxkSee6RU0VekZn8GN8c0=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzKzBxU0NYTE9BVVZZaWc3\nNit2ZkZWMHRtMmxuL3JaTmQybWpQZTlvZFdzCkxmV0RkeWVxY2pyd0lMWUhtbVBF\nQ0pyMktoeXZYSkFRQ3FBYmI2akwwNlEKLS0tICsxcG9IR3dWc2hJVXI1REI1QU5H\nbnhZbHk4Nks0dGVPVVc5NDFiRkE5LzAKYxZNckU9X0WxSh/CFmAJg8qPc1RE4cH/\nTu/VC5n8AZLkBFWkXGNZH4IxU3drqd2rBBU9oo3bqNl8uqluE89sKxY=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWnRFRlNROVMxMFNtYWt3\nQkNMaVA2QWphaVVEd0sxc1Vtck5BVXFlZXhjClZjR2F6R0l0SGI1eGhtc3ZidWRU\nK3BGd0xIdXdGSjJia2ZzVFN4bmpRVzgKLS0tIHNPVE5kbUpXS0V4bTRXMHdZUjlH\nV0ZqbC9MbFZFYU9VTUhJU0M2WVc3MVkKAAeJHWVC1eygLtcTU0Bzh8ItfW7KgXJ8\npmpdOGVcdY6UvkTbia7mIIpyonCh4EuCzW+KMrbGcYRYItvwUmOkAm0=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrbHRwbHVlQ1h3YThOSVZI\nWDlpN2hOTGVZcTluVkJpZU9UT1Y1VHc4Z2hvClAvblRaZCtOQU9DSEtWRnNYdlJU\nc3c5OFN0ZGtuNDhSS25EeC9KL0tyMzAKLS0tIEJvYTRpVjBqSS9PeVRpekIvVG5H\nMktvV0ZWdHgrSjY4RHVzVkt2WjM4TEUKj/UTs+CpHO1/dTOouz3XINlA4WlNERpa\nM0yF2wi5k1+VhrBF/svAulSXkpWH2rZKmY47hunf8r2r+GI30xg9eao=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MGNOQUxQenpReWZ1R0dO\na2lBSmh3dXg4V1hvMzZoV3ZjU1pRS0VRbzBRClhNVU1ETUJsSkhEeFdOYU9kaGRI\naCtYc01KT2ZJWXFrK21nNlFEeUFzSUEKLS0tIHFQckN0eVlJZjJGTkFvNmFCMGlY\nWVJyRUY4aG9IUEZEOG5iMGR2aXNMTGcKMtL2iC5w4UXMv2bkjHgfgLRIX1IbcNao\nRu/rgYbRxYwj9pJVsGk6xslGh2SvWHsBQoAnu6U4LGscXQiT5KXy2BQ=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - } - ], - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2024-10-21T21:56:18Z", - "mac": "ENC[AES256_GCM,data:NnBaJ92vq4QZws60NZQNIv7SSuFnMhFY2q2uIio3aIaW/KmMlUhHRS224obBvkqBWbn8zy28IE3AHeVEvKvD4/d17oRB8cafnPimqGaHh/jRmCWOCX1eS9/5cQuE9XLXR/maC6igo+G3mo5rcWrO6UISfUhY7I0qZGwotjfB38E=,iv:idx7KJgXrqUSbwNvvF82jJjpIF2hjyziqC6Op30HNKk=,tag:dH5S8rKtOEilIAxXaYPmwA==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.9.0" - } -} \ No newline at end of file diff --git a/homelab/local-hosts/wizard/config/vyos.env b/homelab/local-hosts/wizard/config/vyos.env deleted file mode 100644 index 7861f7e3..00000000 --- a/homelab/local-hosts/wizard/config/vyos.env +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -PUBLIC_IP=$(curl ipinfo.io/ip) \ No newline at end of file diff --git a/homelab/local-hosts/wizard/config/vyos.json b/homelab/local-hosts/wizard/config/vyos.json deleted file mode 100644 index c18653a8..00000000 --- a/homelab/local-hosts/wizard/config/vyos.json +++ /dev/null @@ -1,787 +0,0 @@ -{ - "firewall": { - "global-options": { - "all-ping": "enable", - "broadcast-ping": "disable", - "ip-src-route": "disable", - "ipv6-receive-redirects": "disable", - "ipv6-src-route": "disable", - "log-martians": "enable", - "receive-redirects": "disable", - "send-redirects": "enable", - "source-validation": "disable", - "syn-cookies": "enable", - "timeout": { - "tcp": { - "time-wait": "15" - } - } - }, - "group": { - "interface-group": { - "IG_LAN": { - "interface": [ - "eth6" - ] - }, - "IG_WAN": { - "interface": [ - "eth5" - ] - } - } - }, - "ipv4": { - "forward": { - "filter": { - "default-action": "accept", - "rule": { - "5": { - "action": "jump", - "inbound-interface": { - "name": "eth5" - }, - "jump-target": "WAN_IN" - }, - "101": { - "action": "accept", - "inbound-interface": { - "group": "IG_LAN" - }, - "outbound-interface": { - "group": "IG_LAN" - } - }, - "106": { - "action": "jump", - "inbound-interface": { - "group": "IG_WAN" - }, - "jump-target": "WAN_IN", - "outbound-interface": { - "group": "IG_LAN" - } - }, - "111": { - "action": "drop", - "description": "zone_LAN default-action", - "outbound-interface": { - "group": "IG_LAN" - } - }, - "116": { - "action": "accept", - "inbound-interface": { - "group": "IG_WAN" - }, - "outbound-interface": { - "group": "IG_WAN" - } - }, - "121": { - "action": "jump", - "inbound-interface": { - "group": "IG_LAN" - }, - "jump-target": "IN_WAN", - "outbound-interface": { - "group": "IG_WAN" - } - }, - "126": { - "action": "drop", - "description": "zone_WAN default-action", - "outbound-interface": { - "group": "IG_WAN" - } - } - } - } - }, - "input": { - "filter": { - "default-action": "accept", - "rule": { - "5": { - "action": "jump", - "inbound-interface": { - "name": "eth5" - }, - "jump-target": "WAN_LOCAL" - }, - "101": { - "action": "jump", - "inbound-interface": { - "group": "IG_LAN" - }, - "jump-target": "IN_LOCAL" - }, - "106": { - "action": "jump", - "inbound-interface": { - "group": "IG_WAN" - }, - "jump-target": "WAN_LOCAL" - }, - "111": { - "action": "drop" - } - } - } - }, - "name": { - "IN_LOCAL": { - "default-action": "accept" - }, - "IN_WAN": { - "default-action": "accept" - }, - "LOCAL_IN": { - "default-action": "accept" - }, - "LOCAL_WAN": { - "default-action": "accept" - }, - "WAN_IN": { - "default-action": "drop", - "description": "WAN to internal", - "rule": { - "10": { - "action": "accept", - "description": "Allow established/related" - }, - "20": { - "action": "drop", - "description": "Drop invalid state" - }, - "1000": { - "action": "accept", - "description": "Plex", - "destination": { - "port": "32400" - }, - "protocol": "tcp_udp" - }, - "1001": { - "action": "accept", - "description": "BitTorrent", - "destination": { - "port": "49500" - }, - "protocol": "tcp_udp" - }, - "1002": { - "action": "accept", - "description": "WireGuard", - "destination": { - "port": "53820-53829" - }, - "protocol": "tcp_udp" - }, - "1003": { - "action": "accept", - "description": "Minecraft", - "destination": { - "port": "25565" - }, - "protocol": "tcp_udp" - }, - "1005": { - "action": "accept", - "description": "Web", - "destination": { - "port": "443,80" - }, - "protocol": "tcp_udp" - } - } - }, - "WAN_LOCAL": { - "default-action": "drop", - "description": "WAN to router", - "rule": { - "10": { - "action": "accept", - "description": "Allow established/related" - }, - "20": { - "action": "accept", - "protocol": "icmp" - }, - "30": { - "action": "drop", - "description": "Drop invalid state" - } - } - } - }, - "output": { - "filter": { - "default-action": "accept", - "rule": { - "101": { - "action": "jump", - "jump-target": "LOCAL_IN", - "outbound-interface": { - "group": "IG_LAN" - } - }, - "106": { - "action": "jump", - "jump-target": "LOCAL_WAN", - "outbound-interface": { - "group": "IG_WAN" - } - }, - "111": { - "action": "drop" - } - } - } - } - }, - "ipv6": { - "forward": { - "filter": { - "default-action": "accept", - "rule": { - "101": { - "action": "accept", - "inbound-interface": { - "group": "IG_LAN" - }, - "outbound-interface": { - "group": "IG_LAN" - } - }, - "106": { - "action": "drop", - "description": "zone_LAN default-action", - "outbound-interface": { - "group": "IG_LAN" - } - }, - "111": { - "action": "accept", - "inbound-interface": { - "group": "IG_WAN" - }, - "outbound-interface": { - "group": "IG_WAN" - } - }, - "116": { - "action": "drop", - "description": "zone_WAN default-action", - "outbound-interface": { - "group": "IG_WAN" - } - } - } - } - }, - "input": { - "filter": { - "default-action": "accept", - "rule": { - "101": { - "action": "drop" - } - } - } - }, - "output": { - "filter": { - "default-action": "accept", - "rule": { - "101": { - "action": "drop" - } - } - } - } - } - }, - "interfaces": { - "ethernet": { - "eth0": { - "hw-id": "d4:3d:7e:94:6e:eb", - "offload": { - "gro": {} - } - }, - "eth5": { - "address": [ - "dhcp" - ], - "hw-id": "6c:b3:11:32:46:24", - "offload": { - "gro": {}, - "gso": {}, - "sg": {}, - "tso": {} - } - }, - "eth6": { - "address": [ - "192.168.1.1/24" - ], - "description": "Primary Switch", - "duplex": "auto", - "hw-id": "6c:b3:11:32:46:25", - "offload": { - "gro": {}, - "gso": {}, - "rps": {}, - "sg": {}, - "tso": {} - }, - "speed": "auto" - } - }, - "loopback": { - "lo": {} - } - }, - "nat": { - "destination": { - "rule": { - "1000": { - "description": "Plex", - "destination": { - "port": "32400" - }, - "inbound-interface": { - "name": "eth5" - }, - "protocol": "tcp_udp", - "translation": { - "address": "192.168.1.23" - } - }, - "1001": { - "description": "BitTorrent", - "destination": { - "port": "49500" - }, - "inbound-interface": { - "name": "eth5" - }, - "protocol": "tcp_udp", - "translation": { - "address": "192.168.1.23" - } - }, - "1002": { - "description": "WireGuard", - "destination": { - "port": "53820-53829" - }, - "inbound-interface": { - "name": "eth5" - }, - "protocol": "tcp_udp", - "translation": { - "address": "192.168.1.23" - } - }, - "1003": { - "description": "Minecraft", - "destination": { - "port": "25565" - }, - "inbound-interface": { - "name": "eth5" - }, - "protocol": "tcp_udp", - "translation": { - "address": "192.168.1.23" - } - }, - "1005": { - "description": "Web", - "destination": { - "port": "443,80" - }, - "inbound-interface": { - "name": "eth5" - }, - "protocol": "tcp_udp", - "translation": { - "address": "192.168.1.23" - } - }, - "1100": { - "description": "Plex (Hairpin NAT)", - "destination": { - "address": "$PUBLIC_IP", - "port": "32400" - }, - "inbound-interface": { - "name": "eth6" - }, - "protocol": "tcp_udp", - "translation": { - "address": "192.168.1.23" - } - }, - "1102": { - "description": "Wireguard (Hairpin NAT)", - "destination": { - "address": "$PUBLIC_IP", - "port": "53820-53829" - }, - "inbound-interface": { - "name": "eth6" - }, - "protocol": "tcp_udp", - "translation": { - "address": "192.168.1.23" - } - }, - "1103": { - "description": "Minecraft (Hairpin NAT)", - "destination": { - "address": "$PUBLIC_IP", - "port": "25565" - }, - "inbound-interface": { - "name": "eth6" - }, - "protocol": "tcp_udp", - "translation": { - "address": "192.168.1.23" - } - }, - "1105": { - "description": "Web (Hairpin NAT)", - "destination": { - "address": "$PUBLIC_IP", - "port": "80,443" - }, - "inbound-interface": { - "name": "eth6" - }, - "protocol": "tcp_udp", - "translation": { - "address": "192.168.1.23" - } - } - } - }, - "source": { - "rule": { - "99": { - "description": "Masquerade as public IP on internet", - "outbound-interface": { - "name": "eth5" - }, - "source": { - "address": "192.168.1.0/24" - }, - "translation": { - "address": "masquerade" - } - }, - "100": { - "description": "NAT Reflection", - "destination": { - "address": "192.168.1.0/24" - }, - "outbound-interface": { - "name": "eth6" - }, - "protocol": "tcp_udp", - "source": { - "address": "192.168.1.0/24" - }, - "translation": { - "address": "masquerade" - } - } - } - } - }, - "qos": { - "interface": { - "eth5": { - "ingress": "LIMITER" - }, - "eth6": { - "ingress": "LIMITER" - } - }, - "policy": { - "limiter": { - "LIMITER": { - "default": { - "bandwidth": "750mbit", - "burst": "750mbit" - } - } - } - } - }, - "service": { - "dhcp-server": { - "shared-network-name": { - "LAN": { - "option": { - "domain-name": "local", - "domain-search": [ - "local" - ], - "name-server": [ - "192.168.1.32" - ] - }, - "subnet": { - "192.168.1.0/24": { - "lease": "86400", - "option": { - "default-router": "192.168.1.1" - }, - "range": { - "1": { - "start": "192.168.1.100", - "stop": "192.168.1.254" - } - }, - "static-mapping": { - "U6-Lite": { - "ip-address": "192.168.1.3", - "mac": "78:45:58:67:87:14" - }, - "UAP-AC-LR": { - "ip-address": "192.168.1.2", - "mac": "18:e8:29:50:f7:5b" - }, - "barbarian": { - "ip-address": "192.168.1.10", - "mac": "40:8d:5c:52:41:89" - }, - "joey-desktop": { - "ip-address": "192.168.1.100", - "mac": "04:92:26:DA:BA:C5" - }, - "joey-server2": { - "ip-address": "192.168.1.24", - "mac": "24:4b:fe:57:bc:85" - }, - "joey-server3": { - "ip-address": "192.168.1.25", - "mac": "78:45:c4:05:4f:21" - }, - "joey-server4": { - "ip-address": "192.168.1.26", - "mac": "90:2b:34:37:ce:e8" - }, - "monk": { - "ip-address": "192.168.1.11", - "mac": "90:2b:34:37:ce:ea" - }, - "paladin": { - "ip-address": "192.168.1.12", - "mac": "00:02:c9:50:d6:9a" - }, - "pihole1": { - "ip-address": "192.168.1.21", - "mac": "b8:27:eb:3c:8e:bb" - }, - "pihole2": { - "ip-address": "192.168.1.22", - "mac": "b8:27:eb:ff:76:6e" - }, - "tasmota-1": { - "ip-address": "192.168.1.50", - "mac": "3C:61:05:F6:44:1E" - }, - "tasmota-2": { - "ip-address": "192.168.1.51", - "mac": "3c:61:05:f6:d7:d3" - }, - "tasmota-3": { - "ip-address": "192.168.1.52", - "mac": "3c:61:05:f6:f0:62" - }, - "tasmota-55": { - "ip-address": "192.168.1.55", - "mac": "3C:61:05:F7:1F:C4" - }, - "tasmota-cowboy-day": { - "disable": {}, - "ip-address": "192.168.1.52", - "mac": "3C:61:05:F6:F0:62" - }, - "tasmota-figment-day": { - "ip-address": "192.168.1.53", - "mac": "3C:61:05:F6:60:A1" - }, - "tasmota-figment-night": { - "ip-address": "192.168.1.54", - "mac": "3C:61:05:F7:34:CD" - }, - "tasmota-lab-rack": { - "disable": {}, - "ip-address": "192.168.1.51", - "mac": "3C:61:05:F6:D7:D3" - }, - "tasmota-sprout-day": { - "ip-address": "192.168.1.57", - "mac": "3C:61:05:F7:52:DB" - }, - "tasmota-toes-day": { - "disable": {}, - "ip-address": "192.168.1.50", - "mac": "3C:61:05:F6:44:1E" - }, - "tasmota-toes-night": { - "ip-address": "192.168.1.56", - "mac": "3C:61:05:F7:33:29" - }, - "wyse1": { - "ip-address": "192.168.1.31", - "mac": "6c:2b:59:37:89:40" - }, - "wyse2": { - "ip-address": "192.168.1.32", - "mac": "6c:2b:59:37:9e:91" - }, - "wyse3": { - "ip-address": "192.168.1.33", - "mac": "6c:2b:59:37:9e:00" - } - }, - "subnet-id": "1" - } - } - } - } - }, - "dns": { - "forwarding": { - "allow-from": [ - "192.168.1.0/24" - ], - "cache-size": "1000000", - "listen-address": [ - "192.168.1.1" - ], - "name-server": { - "192.168.1.32": {} - } - } - }, - "monitoring": { - "telegraf": { - "prometheus-client": {} - } - }, - "ntp": { - "allow-client": { - "address": [ - "0.0.0.0/0", - "::/0" - ] - }, - "server": { - "time-a-wwv.nist.gov": {}, - "time-b-wwv.nist.gov": {}, - "time-c-wwv.nist.gov": {}, - "time-d-wwv.nist.gov": {}, - "time-e-wwv.nist.gov": {} - } - }, - "ssh": { - "disable-password-authentication": {}, - "port": [ - "22" - ] - } - }, - "system": { - "config-management": { - "commit-revisions": "200" - }, - "conntrack": { - "expect-table-size": "8192", - "hash-size": "32768", - "modules": { - "ftp": {}, - "h323": {}, - "nfs": {}, - "pptp": {}, - "sip": {}, - "sqlnet": {}, - "tftp": {} - }, - "table-size": "262144", - "timeout": {} - }, - "console": { - "device": { - "ttyS0": { - "speed": "115200" - } - } - }, - "host-name": "vyos", - "login": { - "banner": {}, - "user": { - "vyos": { - "authentication": { - "encrypted-password": "$system_login_user_vyos_authentication_encryptedpassword", - "otp": { - "key": "$system_login_user_vyos_authentication_otp_key", - "rate-limit": "3", - "rate-time": "30", - "window-size": "3" - }, - "public-keys": { - "deploy@gitea.jafner.tools": { - "key": "AAAAC3NzaC1lZDI1NTE5AAAAIBzQU/ZbpLXgAXUImNKNfkyEkggRfgVDCozOVby/CLMR", - "type": "ssh-ed25519" - }, - "jafner425@gmail.com": { - "key": "AAAAC3NzaC1lZDI1NTE5AAAAIMbzncsWNWxoDSqeva/ZoGHv32A0ggUMWfzx2Gz6Kmkk", - "type": "ssh-ed25519" - } - } - } - } - } - }, - "name-server": [ - "192.168.1.32", - "eth5" - ], - "option": { - "performance": "latency" - }, - "syslog": { - "global": { - "facility": { - "all": { - "level": "info" - }, - "local7": { - "level": "debug" - } - } - } - }, - "task-scheduler": { - "task": { - "cfddns-jafner-net": { - "executable": { - "arguments": "jafner.net $(cat /config/scripts/cloudflare.token)", - "path": "/config/scripts/cfddns.sh" - }, - "interval": "1d" - } - } - }, - "time-zone": "America/Los_Angeles" - } -} \ No newline at end of file diff --git a/homelab/local-hosts/wizard/scripts/cfddns.sh b/homelab/local-hosts/wizard/scripts/cfddns.sh deleted file mode 100644 index f5b0474c..00000000 --- a/homelab/local-hosts/wizard/scripts/cfddns.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# Takes two positional arguments: -# $1 is the name of the zone to update -# E.g. jafner.net -# $2 is an auth token for Cloudflare; -# Must have the following permissions -# for the given zone: -# - Zone: Read -# - DNS: Read -# - DNS: Edit -function cfddns () { - ZONE=$1 - TOKEN=$2 - - # 1. Get the zone ID from the zone name - ZONE_ID=$( - curl -s \ - -X GET "https://api.cloudflare.com/client/v4/zones" \ - --header "Authorization: Bearer $TOKEN" \ - --header "Content-Type:application/json" |\ - jq -r --arg NAME "$ZONE" '.[] | .[]? | select(.name?==$NAME) | .id' 2>/dev/null |\ - xargs - ); echo $ZONE_ID - - # 2. Get the record ID of the root A record - RECORD_ID=$( - curl -s \ - -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \ - --header "Authorization: Bearer $TOKEN" \ - --header 'Content-Type:application/json' |\ - jq -r --arg NAME "$ZONE" '.[] | .[]? | select(.type=="A") | select(.name?==$NAME) | .id' 2>/dev/null |\ - xargs - ); echo $RECORD_ID - - # 3. Compose the json payload for the record to push - DATA=$(jq --null-input \ - --arg CONTENT "$(curl -s ipinfo.io/ip)" \ - --arg NAME "$ZONE" \ - '{"content": $CONTENT, "name": $NAME, "type": "A"}' - ); echo $DATA - - # 4. Finally submit the updated record to Cloudflare - curl --request PUT \ - --url https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID \ - --header "Authorization: Bearer $TOKEN" \ - --header 'Content-Type:application/json' \ - --data "$DATA" > /dev/null 2>&1 -} - -cfddns $1 $2 \ No newline at end of file diff --git a/homelab/local-hosts/wizard/scripts/cloudflare.token b/homelab/local-hosts/wizard/scripts/cloudflare.token deleted file mode 100644 index 4d6a6dc9..00000000 --- a/homelab/local-hosts/wizard/scripts/cloudflare.token +++ /dev/null @@ -1,58 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:WW3tLEQ5gpskDW0sbRuEoUPrtEq5CURCIQyF0/g5CrUJNzKCYZdoOQ==,iv:m2zxDMWh2EQSGesLOMoF33nM2k2VMfDxSLHHr1dHk98=,tag:+dmidHt4ZLNg7RJZZili6g==,type:str]", - "sops": { - "shamir_threshold": 2, - "key_groups": [ - { - "hc_vault": null, - "age": [ - { - "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibVM4VEJxazRwZ21KQVk1\nc1hTU0tncDIvdHFTN2FDM0dpWCsva24zZFdzCm1lV3NlZmQ3TFV5RmVaOUY4Ungw\neE82OHFUVTdjRmw5OGgvc1lvMUNpTUEKLS0tIEpoS1FiTmxXazk5TmQwZER6dUZN\nMzlRUlN4RkV3R1dDQi9XMWdpc3NCbFUKTOJKhnNxIzKtqJzXyp5MWFgzEsahvL/c\nP+bhXBXDFqr8BF/kvgGlW8JqvBOWFZrF25LKTIx2W6ikCn2b2iGc3ZE=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0R3Y4c1dNTGhtRmNMV201\nS0VnYWJWL0J3ZG92cTZ6anROT1pyVFlidGpNCm1zQmZoanFHRnpCUHZiTFpXbGRP\nNmxha2pQZ2czcEhwV3krK09IaTl5UFEKLS0tIE12QUxyclM1YW0rQVJSRjBCOHU0\nZmVRVERHamRtSGhaT1d6dW80ZGo1bnMKk6tWBHMkOZcoE2dZ7Wp9ots0AVxgrjhM\nB3Rlmt3qxB01cmTJoPEuVnm9PtvWsMEApjphzsGH7Ko7aJLEmfXXK7w=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhc1QrNEFwaG1JZFNUQXR3\nckNTbk9jNGx4Q1hBNkUvUmlNMHFXWnRtNVcwCkUzVHVFOWEzcXBTUVd5UW9sNEpu\nQ05XQXhiS3c2NWdCaVptQ2ZGZWF4Qk0KLS0tIFJEWVhTME5kOVdRWnRUZTJkb2hL\nNjMxRXB0VjByRVA5Z2NFeGowVktZeVEK6N2RPbcogdBOc3lmulptkwhsYm6wzm6O\nWU5yIVmArIfo0fozlUl3DbsFOims2HxeD9Kx8CrlqJZ7lnbomPkKsjI=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZMDZPZ1ZiNnFJcWFsUm1j\nOUp0YmI3MmFuWjJEUWkyYmd0bUNkRVF0WlIwCm9hUHVrbHV1ajkrVXlna0xzU2Jy\nclFDMkhMd0t4L0hlczRETHVOTllXYW8KLS0tIHAyenBTZ2VFTHFZRCtVQ1ZtV0Qx\nZUtNNzgyNktlUHgvU0xZRm1HUlpoTjAKZ0qN1YN4hUBgQfcs26/BI+PjtfheNwUP\noD6yd1B8VIyOuWJnw1b5x4n3r+bVsWnYfN43wVR4zvaoNSA1gCk1Q+w=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0S1JJeW1NUm5EUCtuNmRn\nYjliNkh6VzFVRCtza3pVdmJYalZ0VUdRUXpjCkl1UUdmTTRxR0ZMZWgzZHVmTmla\neDdVUzE3TUtMdUFFVEtvNkFTUzZvS00KLS0tIE9qSm9NL21xc1l0NlhIdmxtMlJm\nSENLdEJxK0VGWUdlT3NYWCt4QXJrYWMKf2kz7iWe7ggIxsXi9EKWVh2N0FhlNjv6\n/fH0Cg6o7lNS6CF2/cgQBnLnyjfH0iRlO5B/8p3x9TrQJ59FS7/58d8=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - } - ], - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2024-10-21T21:56:18Z", - "mac": "ENC[AES256_GCM,data:rZ8mJQpBH9H+dAoeUnItgfjaK1fA9HMh5DHidcplbQNQOmKpnLeuHEVMnGoAlAdGUIzvvvpd65bONLbNWBrACIcWOjuJ7pETCcb1zB8pUBvkzTTkONuv+mhtYsLoV+uxStf43zZ1++gtiYeWhx3Jx8Nad3OK5TqsWcc7aXi2tN4=,iv:5TxYIHV9coFG+A/uYjqw+EiR1F+2n3W4Fjfr1qgEwYs=,tag:UNo+oeS4zNVGiteEZpPfVw==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.9.0" - } -} \ No newline at end of file diff --git a/homelab/local-hosts/wizard/scripts/ipupdate.sh b/homelab/local-hosts/wizard/scripts/ipupdate.sh deleted file mode 100644 index 02f981cd..00000000 --- a/homelab/local-hosts/wizard/scripts/ipupdate.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/vbash -source /opt/vyatta/etc/functions/script-template - -SCRIPT_PATH="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" -WEBHOOK_URL="$(cat $SCRIPT_PATH/webhook.token)" -NAT_COMMANDS="$(run show configuration commands | grep 'set nat destination' | grep 'destination address')" - -# Assert all destination nat rules use the same IP -if [[ "$(echo "$NAT_COMMANDS" | cut -d' ' -f8 | sort -u | wc -l)" != "1" ]]; then - curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$SCRIPT_PATH/ipupdate.sh: Error: Existing NAT rules are not consistent\"}" $WEBHOOK_URL -fi - -# Get new and old public IPs -PUBLIC_IP="$(curl -s ipinfo.io/ip)" - -echo "$NAT_COMMANDS" | cut -d' ' -f-7 | while read line; do echo $line "$PUBLIC_IP"; done > /tmp/commands - -configure; source /tmp/commands > /dev/null; rm /tmp/commands -compare |\ -if [[ "$(cat -)" != *"No changes between working and active configurations."* ]]; then - curl -s -o /dev/null -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$SCRIPT_PATH/ipupdate.sh: Info: Attempting to update hairpin NAT rules. New public IP: $PUBLIC_IP\"}" $WEBHOOK_URL - { # try commit, save, exit - commit && save && exit - } || { # catch, exit discard and create a very basic error file - exit discard - curl -s -o /dev/null -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$SCRIPT_PATH/ipupdate.sh: Error: Failed during commit, save, exit.\"}" $WEBHOOK_URL - } -else - exit -fi \ No newline at end of file diff --git a/homelab/local-hosts/wizard/scripts/webhook.token b/homelab/local-hosts/wizard/scripts/webhook.token deleted file mode 100644 index 40479904..00000000 --- a/homelab/local-hosts/wizard/scripts/webhook.token +++ /dev/null @@ -1,58 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:ACj5JKudyqsk+L4+JnoGtbsIrHcH+DFk77TSGIT92mssquBIc0gKmGbhc9BTMnI4CoaBrg1Mu/uagTcWqVR+rHaMAVYCL8LsExKgXAwd4+cjhOAOe6s/CSM7kbEKwi0VPFJ2MuU3PPsyhFnO0xJ82Q/gBYUoTE4QXA==,iv:hgv0UkuJnNAY+1KLyMUzGNT7oMZAjy8tHJgTjKFAvMo=,tag:pc5kmIqByzZiCmvMFxLXzw==,type:str]", - "sops": { - "shamir_threshold": 2, - "key_groups": [ - { - "hc_vault": null, - "age": [ - { - "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Nml2OEF4cjVVTDN4Zklu\nVDkycmQ3TG5jSjM5TzY3ZnZrakkrOEM3VHkwCjBVbXhQV2dJNXNsd3B0L1JJZ00z\neFJpbHZQSVJKSWhSSmxlZUh6V0xnUjAKLS0tIHN2c01DQ1JCek84RzFqL1FBMkJK\nZUNPdlNxSS9YUmg5OG9vVzZBUnJMaFUKfw79TYGNLFAo6xx9vr2w/5vnOLs0uURe\nVnmqFrVW6XAOHjgjtcaD/eD1P5cVlgnx1PU9bObcWSosehn26TgBovQ=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaek4xTko0dllvM2FsY3pu\nNXVxbGFlUlRVOTNJZWJjWWVrczJ1bjE1T0JFCjNkR21iTGNvTXFpT3pOdkQ1dW1D\naVBXZWxQTWxKUmt2ZmVLZ3RQU0lDUzgKLS0tIE94M3dkUXVrV3paR1NSOWpBdEJP\nYkxxdFVTYzZFd1NGMWZkcVhXRmgzcjAKBKW2qcLAPboA4vx+UZdqcbRurU6mIz3i\nWbNbDGuZkVdEIuZEMtNQKEIcatsG7QrOhdVVdRxqA08qFj/jTKfBQxY=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cW9yOUI3aExZdTJodzlO\nKzdkbFdINkNQeS90aFBpOGlST1F3NHp6a1FrCm1yNkI0K2c3S2I1YXMxbHh1bVFj\nVy8yWVhhaVNhZ2JlMFBILzA5aUVVVzgKLS0tIHIvSHdLb3ZUYlVHL2pxQnFKQktT\nMDlYeWxrWG1DS2JHb2J0NVRQYXk1a2MKBB6hlGFXQZJqASgOnstueoKu8FqD3YBq\nHtXBVZrDo3M8rcapXwewyvO1eRIy0mToCDZEj189htWYtoqxUW6UnfQ=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - }, - { - "hc_vault": null, - "age": [ - { - "recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrbEFxWXNlWjgwSEY4dlpm\nTFh3b1BZNHNGbTN6RjVHNlRpaGtVMlo3NUgwCjA5WHlHM0NtNXdVWG5EQlBUMWVZ\nTTNUYmgrNDU3NGVDaFN5WnFSZC8zUFUKLS0tIFpLZncxbnJkRHloSHZkNDN3Q0do\naGJReXVhL1QwN25zL0FpV1JTd2F1TWMKLXSL0lvzyfEkXMGbWR13Xldidzj4GgTQ\n/USb8PVJCou8YwAjdy28sp99gm6DzPEGVd/PImO3dBvomuC088c8EVg=\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTcHJYTUR0eU8vbkxNM09N\nbExuNG5tamZmN3pPNm9FdkdzamEvaUUzL3dnCnRwd2t0aHRmYS83SEMvVkg3R2pn\nT2Q1QXhaa3BlVDFtUG94SWw0ODFybnMKLS0tIHFiVzcvMEt1VDBzR0xTTE1NeCsv\nM2NZYnYxeXJldm0yNXpPVU9iL3RsUjQKzVoWU4H6X4479rhWrwcjrxEz6X5N//+Y\nbvqcBe2Ype/IW8gFo4hFQsHG7acDKQmYu86mg1TKxlnviLM6mn16wv0=\n-----END AGE ENCRYPTED FILE-----\n" - } - ] - } - ], - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2024-10-21T21:56:18Z", - "mac": "ENC[AES256_GCM,data:ujHnenWKEwVR7xWUoO+sl9I+LMPYfPzNVK7pSsTF+YbEQwJcBbochogjzRoDfAQbybv4iWKQA7iIpaUqa0/UlyjaUgXcJryLfGuGn2Gu0k0c3y93gn2fpzgW9LEfRYbMfm5le5WMfd6GeyAejFMc5Ku8/brOuQqFlhBRNZRLBPo=,iv:5ER4xgf3o8rzvstz/RuTS05S+obpzUqozk2ydyOY+lg=,tag:B3i98bLzr78ufGkMyMwwtA==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.9.0" - } -} \ No newline at end of file diff --git a/homelab/local-hosts/wizard/README.md b/homelab/vyos/README.md similarity index 86% rename from homelab/local-hosts/wizard/README.md rename to homelab/vyos/README.md index 4b17f6a0..f78bce66 100644 --- a/homelab/local-hosts/wizard/README.md +++ b/homelab/vyos/README.md @@ -1,3 +1,23 @@ +# Working With VyOS +We have a helper script, [`vyos.sh`](./vyos.sh) that provides useful utilities for interacting with our VyOS host. + +Run `alias vy="$(realpath ./vyos.sh)"` for faster usage. + +- The host to interact with is configured via the `VYOS_TARGET` near the top of the script. +- `get_config_saved` Prints the contents of `/config/config.boot` to stdout. +- `get_config_active` Prints the active config (like `show` in config mode) to stdout. +- `post_config` Copies the local `config.boot` to the remote `/home/vyos/config.boot`. +- `load_config` Enters config mode and runs `load /home/vyos/config.boot`, then attempts to `commit; exit` (note: does not save config). +- `save_config` Enters config mode and runs `save; exit`. +- `op` Runs the proceding commands in op mode on the target. + +## Workflow Examples +1. Pull the latest config with `vy get_config_saved > config.boot` +2. Edit the config file with the desired changes. +3. Push the changes to the remote with `vy post_config && vy load_config && vy save_config` + +This workflow is provided with a compound function from the helper script; `vy edit`. + # Update VyOS 1. Navigate to [VyOS nightly builds](https://vyos.net/get/nightly-builds/) and copy the link for the most recent build. 2. SSH into the VyOS host and run `add system image ` diff --git a/homelab/local-hosts/wizard/inxi.txt b/homelab/vyos/inxi.txt similarity index 100% rename from homelab/local-hosts/wizard/inxi.txt rename to homelab/vyos/inxi.txt diff --git a/homelab/vyos/vyos.sh b/homelab/vyos/vyos.sh index ce6d6f35..d8680565 100755 --- a/homelab/vyos/vyos.sh +++ b/homelab/vyos/vyos.sh @@ -18,7 +18,7 @@ function get_config_active () { # Push local ./config.boot to remote /home/vyos/config.boot function post_config () { - scp -q ./config.boot :/home/vyos/config.boot + scp -q ./config.boot $VYOS_TARGET:/home/vyos/config.boot } function load_config () {