Development
This commit is contained in:
parent
21db91d512
commit
be7ccd3390
4 changed files with 67 additions and 52 deletions
|
|
@ -2556,18 +2556,18 @@ def disable_all(data):
|
|||
subprocess.run(["systemctl", "daemon-reload"], capture_output=True, text=True)
|
||||
print("systemd daemon reloaded.")
|
||||
print()
|
||||
print("-- Removing nftables rules -------------------------------------------")
|
||||
print("Removing nftables rules =============================================")
|
||||
delete_our_tables()
|
||||
remove_nat_service()
|
||||
if radius_enabled(data):
|
||||
print()
|
||||
print("-- Stopping RADIUS ---------------------------------------------------")
|
||||
print("Stopping RADIUS =====================================================")
|
||||
subprocess.run(["systemctl", "disable", "--now", "freeradius"],
|
||||
capture_output=True, text=True)
|
||||
print("freeradius stopped and disabled.")
|
||||
if avahi_enabled(data):
|
||||
print()
|
||||
print("-- Stopping mDNS Reflector -------------------------------------------")
|
||||
print("Stopping mDNS Reflector =============================================")
|
||||
disable_avahi()
|
||||
|
||||
def _write_client_network(iface, dhcp, static_cidr=None):
|
||||
|
|
@ -2667,7 +2667,7 @@ def _svc_enabled(unit):
|
|||
return r.stdout.strip() in ("enabled", "enabled-runtime")
|
||||
|
||||
def _dry_run_conflicting_services(data):
|
||||
print("-- Conflicting services (dry-run) ------------------------------------")
|
||||
print("Conflicting services (dry-run) ======================================")
|
||||
|
||||
for unit, label in [("systemd-resolved", "systemd-resolved"),
|
||||
("systemd-timesyncd", "systemd-timesyncd")]:
|
||||
|
|
@ -2727,7 +2727,7 @@ def _dry_run_conflicting_services(data):
|
|||
print(f" /etc/resolv.conf already points to {gw} - no change needed")
|
||||
|
||||
def _dry_run_blocklists(data):
|
||||
print("-- Blocklists (dry-run) ----------------------------------------------")
|
||||
print("Blocklists (dry-run) ================================================")
|
||||
for entry in data.get("blocklists", []):
|
||||
print(f" Would download: {entry['description']}")
|
||||
print(f" URL: {entry['url']}")
|
||||
|
|
@ -2744,7 +2744,7 @@ def _dry_run_blocklists(data):
|
|||
print(f" Sources: {', '.join(sorted(names))}")
|
||||
|
||||
def _dry_run_timer(data):
|
||||
print("-- Timer (dry-run) ---------------------------------------------------")
|
||||
print("Timer (dry-run) =====================================================")
|
||||
general = data.get("general", {})
|
||||
execute_time = general.get("daily_execute_time_24hr_local", "02:30")
|
||||
for path, label in [(BLIST_TIMER_FILE, "timer unit"), (BLIST_TIMER_SVC_FILE, "service unit")]:
|
||||
|
|
@ -2753,7 +2753,7 @@ def _dry_run_timer(data):
|
|||
print(f" Schedule: daily at {execute_time} local time (Persistent=true - catches up if missed)")
|
||||
|
||||
def _dry_run_boot_service():
|
||||
print("-- Boot service (dry-run) --------------------------------------------")
|
||||
print("Boot service (dry-run) ==============================================")
|
||||
script_path = Path(__file__).resolve()
|
||||
action = "update" if NAT_SERVICE_FILE.exists() else "create and enable"
|
||||
print(f" Would {action}: {NAT_SERVICE_FILE}")
|
||||
|
|
@ -2791,7 +2791,7 @@ def _dry_run_disable(data, iface, use_dhcp, static_cidr, resolv_ok, dns_choice,
|
|||
print(f" {NAT_SERVICE_NAME}.service: not installed - no action needed")
|
||||
print()
|
||||
|
||||
print("-- Restoring NTP client (dry-run) ------------------------------------")
|
||||
print("Restoring NTP client (dry-run) ======================================")
|
||||
state = _svc_state("chrony")
|
||||
if state == "active":
|
||||
print(f" Would stop and disable: chrony (currently: active)")
|
||||
|
|
@ -2805,7 +2805,7 @@ def _dry_run_disable(data, iface, use_dhcp, static_cidr, resolv_ok, dns_choice,
|
|||
print(f" systemd-timesyncd: not available on this system")
|
||||
print()
|
||||
|
||||
print("-- Network interface (dry-run) ----------------------------------------")
|
||||
print("Network interface (dry-run) =========================================")
|
||||
router_net = list(NETWORKD_DIR.glob(f"10-{PRODUCT_NAME}-*.network"))
|
||||
router_dev = list(NETWORKD_DIR.glob(f"10-{PRODUCT_NAME}-*.netdev"))
|
||||
client_file = NETWORKD_DIR / f"10-client-{iface}.network"
|
||||
|
|
@ -2822,7 +2822,7 @@ def _dry_run_disable(data, iface, use_dhcp, static_cidr, resolv_ok, dns_choice,
|
|||
print()
|
||||
|
||||
if not resolv_ok:
|
||||
print("-- DNS (dry-run) -----------------------------------------------------")
|
||||
print("DNS (dry-run) =======================================================")
|
||||
if dns_choice == "resolved":
|
||||
print(" Would enable: systemd-resolved")
|
||||
print(" Would restore: /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf")
|
||||
|
|
@ -2998,16 +2998,16 @@ def cmd_disable(data, dry_run=False):
|
|||
disable_all(data)
|
||||
print()
|
||||
|
||||
print("-- Restoring NTP client ----------------------------------------------")
|
||||
print("Restoring NTP client ================================================")
|
||||
restore_ntp()
|
||||
print()
|
||||
|
||||
print("-- Configuring network interface -------------------------------------")
|
||||
print("Configuring network interface =======================================")
|
||||
_write_client_network(iface, dhcp=use_dhcp, static_cidr=static_cidr)
|
||||
print()
|
||||
|
||||
if not resolv_ok:
|
||||
print("-- Configuring DNS ---------------------------------------------------")
|
||||
print("Configuring DNS =====================================================")
|
||||
if dns_choice == "static":
|
||||
_configure_dns_static(static_nameserver)
|
||||
else:
|
||||
|
|
@ -3045,13 +3045,13 @@ def cmd_apply(data, dry_run=False):
|
|||
print()
|
||||
_dry_run_conflicting_services(data)
|
||||
print()
|
||||
print("-- systemd-networkd (dry-run) ----------------------------------------")
|
||||
print("systemd-networkd (dry-run) ==========================================")
|
||||
apply_networkd(data, dry_run=True)
|
||||
print()
|
||||
print("-- dnsmasq instances (dry-run) ---------------------------------------")
|
||||
print("dnsmasq instances (dry-run) =========================================")
|
||||
apply_dnsmasq_instances(data, dry_run=True, start_if_needed=True)
|
||||
print()
|
||||
print("-- nftables (dry-run) ------------------------------------------------")
|
||||
print("nftables (dry-run) ==================================================")
|
||||
apply_nftables(data, dry_run=True)
|
||||
print()
|
||||
_dry_run_timer(data)
|
||||
|
|
@ -3059,7 +3059,7 @@ def cmd_apply(data, dry_run=False):
|
|||
_dry_run_boot_service()
|
||||
if radius_enabled(data):
|
||||
print()
|
||||
print("-- RADIUS (dry-run) --------------------------------------------------")
|
||||
print("RADIUS (dry-run) ====================================================")
|
||||
num_clients = len(radius_clients(data))
|
||||
default_vlan = next((v for v in data["vlans"] if v.get("radius_default") is True), None)
|
||||
total_macs = sum(
|
||||
|
|
@ -3075,7 +3075,7 @@ def cmd_apply(data, dry_run=False):
|
|||
print(f" Would ensure freeradius is running")
|
||||
if avahi_enabled(data):
|
||||
print()
|
||||
print("-- mDNS Reflection (dry-run) -----------------------------------------")
|
||||
print("mDNS Reflection (dry-run) ===========================================")
|
||||
ifaces = avahi_interfaces(data)
|
||||
print(f" Would write: {AVAHI_CONF_FILE}")
|
||||
print(f" Reflecting across: {', '.join(ifaces)}")
|
||||
|
|
@ -3098,67 +3098,67 @@ def cmd_apply(data, dry_run=False):
|
|||
f"{total_enabled} reservation(s), {total_disabled} skipped{wg_part}.")
|
||||
print()
|
||||
|
||||
print("-- Conflicting services ----------------------------------------------")
|
||||
print("Conflicting services ================================================")
|
||||
disable_systemd_timesyncd()
|
||||
ensure_chrony(data)
|
||||
disable_ufw()
|
||||
print()
|
||||
|
||||
print("-- systemd-networkd --------------------------------------------------")
|
||||
print("systemd-networkd ====================================================")
|
||||
apply_networkd(data, only_if_changed=True)
|
||||
print()
|
||||
|
||||
if any(is_wg(v) for v in data["vlans"]):
|
||||
print("-- WireGuard interfaces ----------------------------------------------")
|
||||
print("WireGuard interfaces ================================================")
|
||||
ensure_wg_interfaces(data)
|
||||
print()
|
||||
|
||||
print("-- dnsmasq instances -------------------------------------------------")
|
||||
print("dnsmasq instances ===================================================")
|
||||
if not blocklists_available(data):
|
||||
print(" NOTE: No merged blocklist files found -- blocklist rules will be absent.")
|
||||
print(" Run --update-blocklists to download and merge blocklists.")
|
||||
apply_dnsmasq_instances(data, start_if_needed=True)
|
||||
print()
|
||||
|
||||
print("-- nftables ----------------------------------------------------------")
|
||||
print("nftables ============================================================")
|
||||
apply_nftables(data)
|
||||
print()
|
||||
|
||||
print("-- Timer -------------------------------------------------------------")
|
||||
print("Timer ===============================================================")
|
||||
install_timer(data)
|
||||
print()
|
||||
|
||||
print("-- Dashboard timer ---------------------------------------------------")
|
||||
print("Dashboard timer =====================================================")
|
||||
install_dashboard_timer()
|
||||
print()
|
||||
|
||||
print("-- Boot service ------------------------------------------------------")
|
||||
print("Boot service ========================================================")
|
||||
install_nat_service()
|
||||
print()
|
||||
|
||||
if radius_enabled(data):
|
||||
print("-- RADIUS ------------------------------------------------------------")
|
||||
print("RADIUS ==============================================================")
|
||||
apply_radius(data)
|
||||
print()
|
||||
else:
|
||||
svc = "freeradius"
|
||||
if subprocess.run(["systemctl", "is-active", svc],
|
||||
capture_output=True, text=True).stdout.strip() == "active":
|
||||
print("-- RADIUS ------------------------------------------------------------")
|
||||
print("RADIUS ==============================================================")
|
||||
subprocess.run(["systemctl", "disable", "--now", svc],
|
||||
capture_output=True, text=True)
|
||||
print("freeradius stopped and disabled (no radius_client reservations).")
|
||||
print()
|
||||
|
||||
if avahi_enabled(data):
|
||||
print("-- mDNS Reflection ---------------------------------------------------")
|
||||
print("mDNS Reflection =====================================================")
|
||||
apply_avahi(data)
|
||||
print()
|
||||
else:
|
||||
svc = "avahi-daemon"
|
||||
if subprocess.run(["systemctl", "is-active", svc],
|
||||
capture_output=True, text=True).stdout.strip() == "active":
|
||||
print("-- mDNS Reflection ---------------------------------------------------")
|
||||
print("mDNS Reflection =====================================================")
|
||||
disable_avahi()
|
||||
print()
|
||||
|
||||
|
|
@ -3170,11 +3170,11 @@ def cmd_update_blocklists(data):
|
|||
cmd_apply to reload dnsmasq instances with the new blocklists.
|
||||
"""
|
||||
check_root()
|
||||
print("-- Updating blocklists -----------------------------------------------")
|
||||
print("Updating blocklists =================================================")
|
||||
success = update_blocklists(data)
|
||||
print()
|
||||
if success:
|
||||
print("-- Applying updated configs ------------------------------------------")
|
||||
print("Applying updated configs ============================================")
|
||||
cmd_apply(data)
|
||||
else:
|
||||
print("WARNING: Blocklist update had errors -- skipping --apply.")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue