1 files changed, 73 insertions, 42 deletions

diff --git a/frontends/Rexfile b/frontends/Rexfile
index 5f27fee..3853500 100644
--- a/frontends/Rexfile
+++ b/frontends/Rexfile
@@ -19,6 +19,8 @@ group dnsmaster => 'blowfish.buetow.org:2';
 group dnsslaves => 'fishfinger.buetow.org:2';
 our $ircbouncer_server = 'fishfinger.buetow.org:2';
 group ircbouncer => $ircbouncer_server;
+group wgserver => 'fishfinger.buetow.org:2';
+group wgclient => 'blowfish.buetow.org:2';
 group openbsd_canary => 'blowfish.buetow.org:2';
 
 user 'rex';
@@ -30,29 +32,44 @@ parallelism 5;
 # Note we using anonymous subs here. This is so we can pass the subs as
 # Rex template variables too.
 
+our %ips = (
+  'fishfinger' => {
+    'ipv4' => '46.23.94.99',
+    'ipv6' => '2a03:6000:6f67:624::99',
+  },
+  'blowfish' => {
+    'ipv4' => '23.88.35.144',
+    'ipv6' => '2a01:4f8:c17:20f1::42',
+  },
+  'domain' => 'buetow.org',
+);
+
+$ips{current_master} = $ips{fishfinger};
+$ips{current_master}{fqdn} = 'fishfinger.' . $ips{domain};
+
+$ips{current_standby} = $ips{blowfish};
+$ips{current_standby}{fqdn} = 'blowfish.' . $ips{domain};
+
 # Gather IPv6 addresses based on hostname.
 our $ipv6address = sub {
   my $hostname = shift;
-  return '2a01:4f8:c17:20f1::42' if $hostname eq 'blowfish';
-  return '2a03:6000:6f67:624::99' if $hostname eq 'fishfinger';
-  Rex::Logger::info("Unable to determine IPv6 address for $hostname", 'error');
-  return '::1';
+  my $ip = $ips{$hostname}{ipv6};
+  unless (defined $ip) {
+    Rex::Logger::info("Unable to determine IPv6 address for $hostname", 'error');
+    return '::1';
+  }
+  return $ip;
 };
 
 # Bootstrapping the FQDN based on the server IP as the hostname and domain
 # facts aren't set yet due to the myname file in the first place.
 our $fqdns = sub {
   my $ipv4 = shift;
-  return 'blowfish.buetow.org' if $ipv4 eq '23.88.35.144';
-  return 'fishfinger.buetow.org' if $ipv4 eq '46.23.94.99';
+  while (my ($hostname, $ips) = each %ips) {
+    return "$hostname." . $ips{domain} if $ips->{ipv4} eq $ipv4;
+  }
   Rex::Logger::info("Unable to determine hostname for $ipv4", 'error');
-  return 'HOSTNAME-UNKNOWN.buetow.org';
-};
-
-# To determine whether te server is te primary or the secondary.
-our $is_primary = sub {
-  my $ipv4 = shift;
-  $fqdns->($ipv4) eq 'blowfish.buetow.org';
+  return 'HOSTNAME-UNKNOWN.' . $ips{domain};
 };
 
 # The secret store. Note to myself: "geheim cat rexfilesecrets.txt"
@@ -60,7 +77,7 @@ our $secrets =  sub { read_file './secrets/' . shift };
 
 our @dns_zones = qw/buetow.org dtail.dev foo.zone irregular.ninja snonux.foo/;
 our @dns_zones_remove = qw/paul.cyou snonux.land/;
-our @acme_hosts = qw/buetow.org paul.buetow.org tmp.buetow.org dory.buetow.org fotos.buetow.org znc.buetow.org dtail.dev foo.zone irregular.ninja snonux.foo/;
+our @acme_hosts = qw/buetow.org paul.buetow.org dory.buetow.org fotos.buetow.org znc.buetow.org dtail.dev foo.zone irregular.ninja snonux.foo/;
 
 # UTILITY TASKS
 
@@ -111,8 +128,7 @@ task 'rsync', group => 'frontends',
       mode => '644';
 
     file '/usr/local/bin/rsync.sh',
-      content => template('./scripts/rsync.sh.tpl',
-        is_primary => $is_primary),
+      content => template('./scripts/rsync.sh.tpl'),
       owner => 'root',
       group => 'wheel',
       mode => '755';
@@ -124,8 +140,7 @@ desc 'Configure the gemtexter sites';
 task 'gemtexter', group => 'frontends',
   sub {
     file '/usr/local/bin/gemtexter.sh',
-      content => template('./scripts/gemtexter.sh.tpl',
-        is_primary => $is_primary),
+      content => template('./scripts/gemtexter.sh.tpl'),
       owner => 'root',
       group => 'wheel',
       mode => '744';
@@ -162,21 +177,19 @@ task 'taskwarrior', group => 'frontends',
 desc 'Configure ACME client';
 task 'acme', group => 'frontends',
   sub {
-    file '/etc/acme-client.conf',
-      content => template('./etc/acme-client.conf.tpl',
-        acme_hosts => \@acme_hosts,
-        is_primary => $is_primary),
-      owner => 'root',
-      group => 'wheel',
-      mode => '644';
-
-    file '/usr/local/bin/acme.sh',
-      content => template('./scripts/acme.sh.tpl',
-        acme_hosts => \@acme_hosts,
-        is_primary => $is_primary),
-      owner => 'root',
-      group => 'wheel',
-      mode => '744';
+   file '/etc/acme-client.conf',
+     content => template('./etc/acme-client.conf.tpl',
+       acme_hosts => \@acme_hosts),
+     owner => 'root',
+     group => 'wheel',
+     mode => '644';
+
+   file '/usr/local/bin/acme.sh',
+     content => template('./scripts/acme.sh.tpl',
+       acme_hosts => \@acme_hosts),
+     owner => 'root',
+     group => 'wheel',
+     mode => '744';
 
     file '/etc/daily.local',
       ensure => 'present',
@@ -200,9 +213,7 @@ task 'httpd', group => 'frontends',
     #delete_lines_according_to qr{httpd_flags}, '/etc/rc.conf.local';
 
     file '/etc/httpd.conf',
-      content => template('./etc/httpd.conf.tpl',
-        acme_hosts => \@acme_hosts,
-        is_primary => $is_primary),
+      content => template('./etc/httpd.conf.tpl', acme_hosts => \@acme_hosts),
       owner => 'root',
       group => 'wheel',
       mode => '644',
@@ -238,9 +249,7 @@ task 'relayd', group => 'frontends',
     append_if_no_such_line '/etc/rc.conf.local', 'relayd_flags=';
 
     file '/etc/relayd.conf',
-      content => template('./etc/relayd.conf.tpl',
-        ipv6address => $ipv6address,
-        is_primary => $is_primary),
+      content => template('./etc/relayd.conf.tpl', ipv6address => $ipv6address),
       owner => 'root',
       group => 'wheel',
       mode => '600',
@@ -296,7 +305,7 @@ task 'nsd_master', group => 'dnsmaster',
     Rex::Logger::info('Dealing with master DNS key');
     file '/var/nsd/etc/key.conf',
       content => template('./var/nsd/etc/key.conf.tpl',
-          nsd_key => $secrets->('/var/nsd/etc/nsd_key.txt')),
+        nsd_key => $secrets->('/var/nsd/etc/nsd_key.txt')),
       owner => 'root',
       group => '_nsd',
       mode => '640',
@@ -305,7 +314,8 @@ task 'nsd_master', group => 'dnsmaster',
     Rex::Logger::info('Dealing with master DNS config');
     file '/var/nsd/etc/nsd.conf',
       content => template('./var/nsd/etc/nsd.conf.master.tpl',
-          dns_zones => \@dns_zones),
+        dns_zones => \@dns_zones,
+      ),
       owner => 'root',
       group => '_nsd',
       mode => '640',
@@ -314,7 +324,9 @@ task 'nsd_master', group => 'dnsmaster',
     for my $zone (@dns_zones) {
       Rex::Logger::info("Dealing with DNS zone $zone");
       file "/var/nsd/zones/master/$zone.zone",
-        content => template("./var/nsd/zones/master/$zone.zone.tpl"),
+        content => template("./var/nsd/zones/master/$zone.zone.tpl",
+          ips => \%ips,
+        ),
         owner => 'root',
         group => 'wheel',
         mode => '644',
@@ -506,6 +518,25 @@ task 'gorum', group => 'frontends',
       service 'gorum', ensure => 'started';
   };
 
+#desc 'Setup Wireguard server';
+#task 'wireguard_server', group => 'wgserver',
+#  sub {
+    # Following https://ianix.com/wireguard/openbsd-howto.html
+#    pkg 'wireguard-tools', ensure => present;
+
+#  concat_fragment 'ipforwarding',
+#    target => '/etc/sysctl.conf',
+#    content => 'net.inet.ip.forwarding=1';
+#
+#  concat_fragment 'ip6forwarding',
+#    target => '/etc/sysctl.conf',
+#    content => 'net.inet6.ip6.forwarding=1';
+#
+#  concat '/etc/sysctl.conf',
+#    ensure => 'present',
+#    on_change => sub { say "Changed" };
+#  };
+
 desc 'Setup IRC bouncer';
 task 'ircbouncer', group => 'ircbouncer',
   sub {