DGNum/Netconf-Module
7
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Activity

feat: support for some system configuration

Browse source 
includes:
- hostname
- root-auth (hashedPasswd & ssh-keys)
- root-login over ssh policy
- netconf port
This commit is contained in:
catvayor 2024-12-08 09:39:51 +01:00
parent 55a09d1579
commit 0bdbc339da
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
3 changed files with 97 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
junos/default.nix
View file

@ -1,5 +1,4 @@
{
name,
lib,
config,
...
@ -22,6 +21,7 @@ in
./interfaces.nix
./vlans.nix
./poe.nix
./system.nix
];
options = {
netconf.xmls.configuration = mkOption {
@ -58,6 +58,7 @@ in
mapAttrs mkIntf config.netconf.mandatoryInterfaces;
config.netconf.xmls.configuration = ''
<configuration>
${config.netconf.xmls.system}
${config.netconf.xmls.interfaces}
${config.netconf.xmls.protocols}
${config.netconf.xmls.vlans}

72
junos/system.nix Normal file
View file

@ -0,0 +1,72 @@
{ lib, config, ... }:
with lib;
{
options = {
system = {
host-name = mkOption {
type = types.str;
description = "The hostname of the switch.";
};
root-authentication = {
hashedPasswd = mkOption {
type = types.str;
description = "Hashed password for root.";
};
ssh-keys = mkOption {
type = types.listOf types.str;
description = "ssh keys for root user.";
default = [ ];
};
};
services = {
ssh.root-login = mkOption {
type = types.enum [
"allow"
"deny"
"deny-password"
];
description = "Login policy to use for root.";
};
netconf.port = mkOption {
type = types.port;
description = "Port to use for netconf.";
default = 830;
};
};
};
netconf.xmls.system = mkOption {
type = types.str;
visible = false;
readOnly = true;
};
};
config.netconf.xmls.system =
let
ssh-keys1 = map (splitString " ") config.system.root-authentication.ssh-keys;
ssh-keys2 = map (key: if length key < 3 then key ++ [ "foo@bar" ] else key) ssh-keys1;
ssh-keys = map (concatStringsSep " ") ssh-keys2;
edsca = map (key: "<ssh-edsca><name>${key}</name></ssh-edsca>") (
filter (hasPrefix "ssh-edsca ") ssh-keys
);
rsa = map (key: "<ssh-rsa><name>${key}</name></ssh-rsa>") (filter (hasPrefix "ssh-rsa ") ssh-keys);
ed25519 = map (key: "<ssh-ed25519><name>${key}</name></ssh-ed25519>") (
filter (hasPrefix "ssh-ed25519 ") ssh-keys
);
in
''
<system>
<host-name operation="replace">${config.system.host-name}</host-name>
<root-authentication operation="replace">
<encrypted-password>${config.system.root-authentication.hashedPasswd}</encrypted-password>
${concatStrings (edsca ++ rsa ++ ed25519)}
</root-authentication>
<services operation="replace">
<ssh><root-login>${config.system.services.ssh.root-login}</root-login></ssh>
<netconf>
<ssh><port>${toString config.system.services.netconf.port}</port></ssh>
<rfc-compliant/><yang-compliant/>
</netconf>
</services>
</system>
'';
}

27
netconf-hive.nix
View file

@ -33,12 +33,29 @@ let
vlans = [ "ap-staging" ];
};
};
default =
{ name, ... }:
{
vlans = vlansPlan;
system = {
host-name = name;
services.ssh.root-login = "deny-password";
root-authentication = {
hashedPasswd = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0";
ssh-keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
];
};
};
};
in
{
netcore02 = {
deployment.targetHost = "netcore02.dgn";
imports = [ ./ex2300.nix ];
vlans = vlansPlan;
imports = [
./ex2300.nix
default
];
dgn-interfaces = {
# "ge-0/0/0" = AP-staging;
# "ge-0/0/1" = AP-staging;
@ -120,8 +137,10 @@ in
netaccess01 = {
deployment.targetHost = "netaccess01.dgn";
imports = [ ./ex2300.nix ];
vlans = vlansPlan;
imports = [
./ex2300.nix
default
];
dgn-interfaces = {
# "ge-0/0/0" = AP-staging;