networking: introduced $vpn_net4, $vpn_ipv5, $host_ipv4, $host_ipv6.

10 files changed, 55 insertions, 9 deletions

diff --git a/public/fs/etc/openvpn/hostvpn-conf.sh b/public/fs/etc/openvpn/hostvpn-conf.sh
index cdfdb1c..a438a54 100755
--- a/public/fs/etc/openvpn/hostvpn-conf.sh
+++ b/public/fs/etc/openvpn/hostvpn-conf.sh
@@ -12,4 +12,8 @@ source /root/config/private/config/hostinfo/${sitezone}
 
 sed -e 's/@vpn_port@/'${vpn_port}'/g'    \
 	-e 's/@hostname@/'${hostname}'/g' \
+	-e 's/@vpn_net4@/'${vpn_net4}'/g'  \
+	-e 's/@vpn_ipv4@/'${vpn_ipv4}'/g'   \
+	-e 's/@host_ipv4@/'${host_ipv4}'/g'  \
+	-e 's/@host_ipv6@/'${host_ipv6}'/g'   \
 	"${cfg_srcdir}/hostvpn.conf.in"
diff --git a/public/fs/etc/openvpn/hostvpn.conf.in b/public/fs/etc/openvpn/hostvpn.conf.in
index a285e12..bf58a4f 100644
--- a/public/fs/etc/openvpn/hostvpn.conf.in
+++ b/public/fs/etc/openvpn/hostvpn.conf.in
@@ -16,16 +16,16 @@ dh           /etc/easy-rsa/pki/dh.pem
 status        /var/log/openvpn/openvpn-status.log
 log-append    /var/log/openvpn/openvpn.log
 
-server       10.8.0.0 255.255.255.0
-server-ipv6  2a01:4f9:2b:20f0:8000::/65
+server       @vpn_net4@ 255.255.255.0
+server-ipv6  @host_ipv6@:8000::/65
 
 push         "route-ipv6 2000::/3"
-push         "route-ipv6 2a01:4f9:2b:20f0::/64"
+push         "route-ipv6 host_ipv6::/64"
 
 push         "block-outside-dns"
 push         "redirect-gateway def1"
 push         "route 192.168.0.0 255.255.255.0"
-push         "dhcp-option DNS 10.8.0.1"
+push         "dhcp-option DNS @vpn_ipv4@"
 
 duplicate-cn
 client-to-client
diff --git a/public/fs/etc/pagure/pagure.cfg.in b/public/fs/etc/pagure/pagure.cfg.in
index bfc1122..a80c469 100644
--- a/public/fs/etc/pagure/pagure.cfg.in
+++ b/public/fs/etc/pagure/pagure.cfg.in
@@ -113,7 +113,7 @@ GIT_URL_GIT                 = 'https://dev.@sitezone@/'
 
 
 ### gunicorn
-IP_ALLOWED_INTERNAL         = ['10.8.0.1', '127.0.0.1', 'localhost', '::1', '']
+IP_ALLOWED_INTERNAL         = ['@vpn_ipv4@', '127.0.0.1', 'localhost', '::1', '']
 
 
 ### event source options
diff --git a/public/fs/etc/sysconfig/network/ifcfg-eth0-conf.sh b/public/fs/etc/sysconfig/network/ifcfg-eth0-conf.sh
new file mode 100755
index 0000000..d116219
--- /dev/null
+++ b/public/fs/etc/sysconfig/network/ifcfg-eth0-conf.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -eu
+
+cfg_script="$0"
+cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P)
+
+source /root/config/private/config/server.ports
+
+sed -e 's/@host_ipv4@/'${host_ipv4}'/g'     \
+	-e 's/@host_ipv6@/'${host_ipv6}'/g'  \
+	"${cfg_srcdir}/ifcfg-eth0.in"
diff --git a/public/fs/etc/sysconfig/network/ifcfg-eth0 b/public/fs/etc/sysconfig/network/ifcfg-eth0.in
index c2fc421..8060f46 100644
--- a/public/fs/etc/sysconfig/network/ifcfg-eth0
+++ b/public/fs/etc/sysconfig/network/ifcfg-eth0.in
@@ -1,6 +1,6 @@
 BOOTPROTO='dhcp'
 STARTMODE='auto'
 
-IPADDR_0='2a01:4f9:2b:20f0::2/65'
+IPADDR_0='@host_ipv6@::2/65'
 LABEL_0='ipv6'
 NETMASK_0=''
diff --git a/public/fs/home/pgsql/data/pg_hba-conf.sh b/public/fs/home/pgsql/data/pg_hba-conf.sh
new file mode 100755
index 0000000..a64b161
--- /dev/null
+++ b/public/fs/home/pgsql/data/pg_hba-conf.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -eu
+
+sitezone="$1"
+
+cfg_script="$0"
+cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P)
+
+source /root/config/private/config/server.ports
+source /root/config/private/config/hostinfo/${sitezone}
+
+sed -e 's/@vpn_net4@/'${vpn_net4}'/g' \
+	-e 's/@vpn_ipv4@/'${vpn_ipv4}'/g' \
+	"${cfg_srcdir}/pg_hba.conf.in"
diff --git a/public/fs/home/pgsql/data/pg_hba.conf b/public/fs/home/pgsql/data/pg_hba.conf.in
index 6abd582..07fef10 100644
--- a/public/fs/home/pgsql/data/pg_hba.conf
+++ b/public/fs/home/pgsql/data/pg_hba.conf.in
@@ -8,7 +8,7 @@
 
 local   all             all                                     peer
 host    all             all             127.0.0.1/32            scram-sha-256
-host    all             all             10.8.0.0/24             scram-sha-256
+host    all             all             @vpn_net4@/24             scram-sha-256
 host    all             all             ::1/128                 scram-sha-256
 
 local   replication     all                                     peer
diff --git a/public/fs/home/pgsql/data/postgresql-conf.sh b/public/fs/home/pgsql/data/postgresql-conf.sh
new file mode 100755
index 0000000..2a6a6e1
--- /dev/null
+++ b/public/fs/home/pgsql/data/postgresql-conf.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -eu
+
+sitezone="$1"
+
+cfg_script="$0"
+cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P)
+
+source /root/config/private/config/server.ports
+source /root/config/private/config/hostinfo/${sitezone}
+
+sed -e 's/@vpn_net4@/'${vpn_net4}'/g' \
+	-e 's/@vpn_ipv4@/'${vpn_ipv4}'/g' \
+	"${cfg_srcdir}/postgresql.conf.in"
diff --git a/public/fs/home/pgsql/data/postgresql.conf b/public/fs/home/pgsql/data/postgresql.conf.in
index 45d0eab..42a1c26 100644
--- a/public/fs/home/pgsql/data/postgresql.conf
+++ b/public/fs/home/pgsql/data/postgresql.conf.in
@@ -1,4 +1,4 @@
-listen_addresses                = 'localhost, 10.8.0.1'
+listen_addresses                = 'localhost, @vpn_ipv4@'
 port                            = 5432
 max_connections                 = 128
 superuser_reserved_connections  = 16
diff --git a/public/notes/networking/ipv6 b/public/notes/networking/ipv6
index 5a956f5..0fab21d 100644
--- a/public/notes/networking/ipv6
+++ b/public/notes/networking/ipv6
@@ -1,5 +1,5 @@
 /etc/sysconfig/network/ifcfg-eth0:
-IPADDR_0='2a01:4f9:2b:20f0::2/64'
+IPADDR_0='@host_ipv6@::2/64'
 LABEL_0='ipv6'