From: Martin Mareš Date: Sat, 14 Feb 2026 17:27:20 +0000 (+0100) Subject: pyinfra: přesunuto do dns.git X-Git-Url: http://mj.ucw.cz/gitweb/?a=commitdiff_plain;h=bcd0ed38cc3f03b32d308ea8ff18bb754dbd3a28;p=jablonka.git pyinfra: přesunuto do dns.git --- diff --git a/pyinfra/configure.py b/pyinfra/configure.py deleted file mode 100644 index 1686829..0000000 --- a/pyinfra/configure.py +++ /dev/null @@ -1,14 +0,0 @@ -from pyinfra.context import host -from pyinfra.operations import files, systemd - -upload_config = files.put( - src='etc/jablonka.conf', - dest=host.data.unbound_dir + '/jablonka.conf', - mode='644', -) - -systemd.service( - service='unbound', - restarted=True, - _if=upload_config.did_change, -) diff --git a/pyinfra/etc/jablonka.conf b/pyinfra/etc/jablonka.conf deleted file mode 100644 index 7a8a452..0000000 --- a/pyinfra/etc/jablonka.conf +++ /dev/null @@ -1,73 +0,0 @@ -# Maintained by PyInfra, please don't change manually - -server: - access-control: 0.0.0.0/0 refuse - access-control: 10.32.0.0/16 allow - access-control: 10.33.0.0/16 allow - access-control: 10.86.0.0/16 allow - access-control: 127.0.0.0/8 allow - access-control: ::0/0 refuse - access-control: ::1 allow - access-control: ::ffff:127.0.0.1 allow - - # Ignore chain of trust. Domain is treated as insecure. - # domain-insecure: "example.com" - domain-insecure: "czf" - domain-insecure: "10.in-addr.arpa" - - local-zone: "10.in-addr.arpa" nodefault - - num-threads: 4 - - do-ip6: no - - statistics-interval: 300 - extended-statistics: yes - - verbosity: 1 - log-time-ascii: yes - #log-queries: yes - #log-replies: yes - #log-servfail: yes - #log-local-actions: yes - - # Have the validator log failed validations for your diagnosis. - # 0: off. 1: A line per failed user query. 2: With reason and bad IP. - val-log-level: 1 - - # Harden the referral path by performing additional queries for - # infrastructure data. Validates the replies (if possible). - # Default off, because the lookups burden the server. Experimental - # implementation of draft-wijngaards-dnsext-resolver-side-mitigation. - harden-referral-path: yes - - - -# Nase nameservery jsou tez neverejne sekundarni pro .czf, navic s nekterymi -# zonami, o kterych oficialni root czf nic nevi. Takze .czf smerujeme na ne -# a jenom vysledky cacheujeme. - -stub-zone: - name: "czf" - stub-addr: 10.33.0.2 - stub-addr: 10.33.0.7 - -stub-zone: - name: "10.in-addr.arpa" - stub-addr: 10.33.0.2 - stub-addr: 10.33.0.7 - -stub-zone: - name: "jablonka.cz" - stub-addr: 10.33.0.2 - stub-addr: 10.33.0.7 - -stub-zone: - name: "kobylisy.czf" - stub-addr: 10.32.0.148 - stub-addr: 10.32.0.157 - -stub-zone: - name: "32.10.in-addr.arpa" - stub-addr: 10.32.0.148 - stub-addr: 10.32.0.157 diff --git a/pyinfra/known_hosts b/pyinfra/known_hosts deleted file mode 100644 index 9c0f106..0000000 --- a/pyinfra/known_hosts +++ /dev/null @@ -1,4 +0,0 @@ -10.33.160.2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMfMxFMPazG1qiiBDZo6fcDEMkUD9OLtDjhN9SZqeEj -10.33.148.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALadb/dog11xNa9IYKysnfYHwXbRQnk7sUtyTT+KpSH -10.32.148.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmYoMgFPnqkD10+shdaIOTtm4aXhqzbEEcU1nBdCE2P -10.33.160.3 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMfMxFMPazG1qiiBDZo6fcDEMkUD9OLtDjhN9SZqeEj diff --git a/pyinfra/resolvers.py b/pyinfra/resolvers.py deleted file mode 100644 index d454f4a..0000000 --- a/pyinfra/resolvers.py +++ /dev/null @@ -1,14 +0,0 @@ -hosts = ( - [ - ('resolver6', {'ssh_hostname': '10.33.160.2'}), - ('resolver7', {'ssh_hostname': '10.33.160.3'}), - ('dusk', {'ssh_hostname': '10.32.148.1', 'unbound_dir': '/etc/unbound/conf.d'}) - ], - { - 'ssh_user': 'root', - # pyinfra uses paramiko, which is unable to parse my ~/.ssh/authorized_keys - # that contains @cert-authority lines. - 'ssh_known_hosts_file': 'known_hosts', - 'unbound_dir': '/etc/unbound/unbound.conf.d', - } -)