From a261aa089f879b6854c7b8fc7676d6b23ac25588 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Sun, 2 Jan 2022 04:31:50 +0100
Subject: Network rewrites.

---
 manifests/site.pp                                  | 17 ++++------
 modules/networking/manifests/init.pp               | 18 ++++++++++
 modules/networking/manifests/networkd.pp           | 32 ++++++++++++++++++
 modules/networking/templates/interface.epp         | 16 +++++++++
 modules/nspawn/manifests/machine.pp                |  2 +-
 modules/nspawn/manifests/os/arch.pp                | 32 +++---------------
 modules/nspawn/manifests/os/debian.pp              | 39 +++++-----------------
 .../nspawn/manifests/util/disable_networking.pp    | 22 ++++++++++++
 modules/nspawn/manifests/util/enable_networkd.pp   | 35 +++++++++++++++++++
 9 files changed, 144 insertions(+), 69 deletions(-)
 create mode 100644 modules/networking/manifests/init.pp
 create mode 100644 modules/networking/manifests/networkd.pp
 create mode 100644 modules/networking/templates/interface.epp
 create mode 100644 modules/nspawn/manifests/util/disable_networking.pp
 create mode 100644 modules/nspawn/manifests/util/enable_networkd.pp

diff --git a/manifests/site.pp b/manifests/site.pp
index 7467e93..676eb18 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,23 +1,20 @@
-
 node 'gandalf.adrift.space' {
 
   include ::rss_filter
 
-  notify { 'hiera paths?':
-    message => "This is a [${lookup('test2')}]",
-  }
-
   nspawn::machine { 'busting':
-    os         => 'debian',
-    enable     => true,
-    os_opts    => {
+    os           => 'debian',
+    enable       => true,
+    os_opts      => {
       os_version => 'buster',
     }
   }
 
+  # busting 10.0.0.42/23
+
   nspawn::machine { 'yoursql':
-    os     => 'arch',
-    enable => true,
+    os       => 'arch',
+    enable   => true,
   }
 
   class { '::dns':
diff --git a/modules/networking/manifests/init.pp b/modules/networking/manifests/init.pp
new file mode 100644
index 0000000..bd1fda8
--- /dev/null
+++ b/modules/networking/manifests/init.pp
@@ -0,0 +1,18 @@
+class networking (
+  String $addr4,
+  String $gw4, # TODO default this to first address in subnet
+) {
+
+  # TODO choose a sensible provider here
+
+  networking::networkd { '20-puppet':
+    network        => {
+      'Address'      => $addr4,
+      'Gateway'      => $gw4,
+      'IPv6AcceptRA' => 1,
+    },
+    notify_          => true,
+    manage_directory => true,
+  }
+
+}
diff --git a/modules/networking/manifests/networkd.pp b/modules/networking/manifests/networkd.pp
new file mode 100644
index 0000000..4376a29
--- /dev/null
+++ b/modules/networking/manifests/networkd.pp
@@ -0,0 +1,32 @@
+define networking::networkd (
+  Hash $network,
+  Optional[Hash] $match = { 'Name' => $facts['networking']['primary'] },
+  String $root = '/',
+  String $path = "${root}/etc/systemd/network",
+  String $filename = $name,
+  String $file = "${path}/${filename}.conf",
+  Boolean $notify_ = true,
+  Boolean $manage_directory = true,
+) {
+
+  if $manage_directory {
+    file { $path:
+      ensure  => directory,
+      purge   => true,
+      recurse => true,
+    }
+  }
+
+  inifile::create_ini_settings({
+    'Match'   => $match,
+    'Network' => $network,
+  }, { path => $file, })
+
+  if $notify_ {
+    Ini_Setting <| path == $file |> 
+    ~> exec { 'networkctl reload':
+      path        => ['/bin', '/usr/bin',],
+      refreshonly => true,
+    }
+  }
+}
diff --git a/modules/networking/templates/interface.epp b/modules/networking/templates/interface.epp
new file mode 100644
index 0000000..d824f69
--- /dev/null
+++ b/modules/networking/templates/interface.epp
@@ -0,0 +1,16 @@
+# File managed by puppet
+auto host0
+# allow-hotplug host0
+
+iface host0 inet <%= if $addr4 { 'static' } else { 'dhcp' } %>
+<%- if $addr4 { -%>
+  address <%= $addr4 %>
+  <%- if $gw4 { -%>
+  gateway <%= $gw4 %>
+  <%- } -%>
+<%- } -%>
+
+
+iface host0 inet6 auto
+  private 0
+
diff --git a/modules/nspawn/manifests/machine.pp b/modules/nspawn/manifests/machine.pp
index a16a82c..8ba9bf3 100644
--- a/modules/nspawn/manifests/machine.pp
+++ b/modules/nspawn/manifests/machine.pp
@@ -32,7 +32,7 @@ define nspawn::machine (
   create_resources("nspawn::os::${os}", { $machine => $os_opts })
 
   service { "systemd-nspawn@${machine}.service":
-    enable => true,
+    enable => $enable,
   }
 
 }
diff --git a/modules/nspawn/manifests/os/arch.pp b/modules/nspawn/manifests/os/arch.pp
index 0affee1..e5fc210 100644
--- a/modules/nspawn/manifests/os/arch.pp
+++ b/modules/nspawn/manifests/os/arch.pp
@@ -4,35 +4,11 @@ define nspawn::os::arch (
 
   ensure_packages(['arch-install-scripts'])
 
-  exec { "/usr/bin/pacstrap /var/lib/machines/${machine} base puppet":
-    creates => "/var/lib/machines/${machine}/etc/os-release",
-  }
-
-  file { "/var/lib/machines/${machine}/etc/systemd/network/20-puppet.conf":
-    content => @(EOF)
-    [Match]
-    Name=host0
+  $machine_path = "/var/lib/machines/${machine}"
 
-    [Network]
-    Address=10.0.0.43/23
-    Gateway=10.0.0.1
-    IPv6AcceptRA=1
-    | EOF
+  exec { "/usr/bin/pacstrap '${machine_path}' base puppet":
+    creates => "${machine_path}/etc/os-release",
   }
 
-  if $facts['machined-info'][$machine]['State'] == 'running' {
-    notify { "Notify skipping ${machine} setup":
-      message => "Skipping setup for ${machine}, already running",
-    }
-  } else {
-    exec { "Enable systemd-networkd on ${machine}":
-      command => [ '/usr/bin/systemd-nspawn',
-        '-M', $machine,
-        '--quiet',
-        'systemctl', 'enable', 'systemd-networkd',
-      ],
-      # among others
-      creates => "/var/lib/machines/${machine}/etc/systemd/system/multi-user.target.wants/systemd-networkd.service",
-    }
-  }
+  nspawn::util::enable_networkd { $machine: }
 }
diff --git a/modules/nspawn/manifests/os/debian.pp b/modules/nspawn/manifests/os/debian.pp
index b8a1bd4..fbab9ac 100644
--- a/modules/nspawn/manifests/os/debian.pp
+++ b/modules/nspawn/manifests/os/debian.pp
@@ -2,48 +2,23 @@ define nspawn::os::debian (
   String $os_version,
   String $machine = $name,
 ) {
+
   ensure_packages(['debootstrap'])
 
   exec { "/usr/bin/deboostrap ${os_version} /var/lib/machines/${machine}":
     creates => "/var/lib/machines/${machine}/etc/os-release",
   }
 
-  file { "/var/lib/machines/${machine}/etc/network/interfaces":
-    ensure  => file,
-    content => @(EOF)
-    # File managed by puppet
-    # See interfaces(5)
-    source-directory /etc/network/interfaces.d
-    | EOF
-  }
-
-  file { "/var/lib/machines/${machine}/etc/network/interfaces.d":
-    ensure  => directory,
-  }
-
-  file { "/var/lib/machines/${machine}/etc/network/interfaces.d/puppet":
-    ensure  => file,
-    content => @(EOF)
-    # File managed by puppet
-    auto host0
-    # allow-hotplug host0
-
-    iface host0 inet static
-      address 10.0.0.42/23
-      gateway 10.0.0.1
-
-    iface host0 inet6 auto
-      private 0
-    | EOF
-  }
-
   $puppet_deb = "/var/lib/machines/${machine}/tmp/puppet7-release-${os_version}.deb"
   file { $puppet_deb:
     ensure => file,
     source => "https://apt.puppet.com/puppet7-release-${os_version}.deb"
   }
 
-  if $facts['machined-info'][$machine]['State'] == 'running' {
+  $running = $facts['machined-info'][$machine] != Undef or $facts['machined-info'][$machine]['State'] == 'running' 
+
+  if $running {
+    # TODO
     notify { "Notify skipping ${machine} setup":
       message => "Skipping setup for ${machine}, already running",
     }
@@ -67,4 +42,8 @@ define nspawn::os::debian (
       creates => "/var/lib/machines/${machine}/opt/puppetlabs/bin/puppet",
     }
   }
+
+  nspawn::util::disable_networking { $machine: }
+  nspawn::util::enable_networkd { $machine: }
+
 }
diff --git a/modules/nspawn/manifests/util/disable_networking.pp b/modules/nspawn/manifests/util/disable_networking.pp
new file mode 100644
index 0000000..4a9b31b
--- /dev/null
+++ b/modules/nspawn/manifests/util/disable_networking.pp
@@ -0,0 +1,22 @@
+define nspawn::util::disable_networking (
+  String $machine = $name,
+  String $machine_path = "/var/lib/machines/${machine}",
+) {
+
+
+  $cmd = if $facts['machined-info'][$machine]['State'] == 'running' {
+    [ 'systemctl', '-M', $machine, 'disable', 'networking' ]
+  } else {
+    [ 'systemd-nspawn', '-M', $machine, '--quiet',
+      'systemctl', 'disable', 'networking' ]
+  }
+
+  exec { "Disable networking on ${machine}":
+    command => $cmd,
+    path    => [ '/bin', '/usr/bin', ],
+    # among others
+    # creates => "${machine_path}/etc/systemd/system/multi-user.target.wants/systemd-networkd.service",
+  }
+
+}
+
diff --git a/modules/nspawn/manifests/util/enable_networkd.pp b/modules/nspawn/manifests/util/enable_networkd.pp
new file mode 100644
index 0000000..2b532b9
--- /dev/null
+++ b/modules/nspawn/manifests/util/enable_networkd.pp
@@ -0,0 +1,35 @@
+define nspawn::util::enable_networkd (
+  String $machine = $name,
+  String $machine_path = "/var/lib/machines/${machine}",
+) {
+
+  # TODO only do this if the directory is empty
+  networking::networkd { "Initial networking on ${machine}":
+    filename => '20-puppet-initial',
+    match  => { 'Name' => 'host0', },
+    root   => $machine_path,
+    network => {
+      'DHCP'         => 'ipv4',
+      'IPv6AcceptRA' => 1,
+    },
+    notify_          => false,
+    manage_directory => false,
+  }
+
+  $running = $facts['machined-info'][$machine] != Undef or $facts['machined-info'][$machine]['State'] == 'running' 
+
+  $cmd = if $running {
+    [ 'systemctl', '-M', $machine, 'enable', 'systemd-networkd' ]
+  } else {
+    [ 'systemd-nspawn', '-M', $machine, '--quiet',
+      'systemctl', 'enable', 'systemd-networkd' ]
+  }
+
+  exec { "Enable systemd-networkd on ${machine}":
+    command => $cmd,
+    path    => [ '/bin', '/usr/bin', ],
+    # among others
+    creates => "${machine_path}/etc/systemd/system/multi-user.target.wants/systemd-networkd.service",
+  }
+
+}
-- 
cgit v1.2.3