fredrick/dynamic-infra-tooling
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add certificate management module and schedule auto-renewal cron

Browse source
This commit is contained in:
Fredrick Amnehagen 2026-02-05 20:36:15 +01:00
parent 42767fd8bc
commit f793ddd02f
6 changed files with 214 additions and 198 deletions
Download patch file Download diff file Expand all files Collapse all files

114
README.md
View file

@ -1,14 +1,19 @@
# LoopAware Infrastructure CLI
A professional Python-based CLI for programmatically managing the LoopAware flat network (`10.32.0.0/16`).
A robust Python-based CLI designed for automated management of the LoopAware infrastructure. Built for developers and AI agents to provision and manage resources on a flat `10.32.0.0/16` network.
## Features
## Core Modules
- **DNS/DHCP:** Manage `dnsmasq` reservations and records on `la-dnsmasq-01`.
- **Ingress:** Dynamic HAProxy routing for subdomains.
- **Router:** Manage OpenWrt firewall DNAT rules (TCP/UDP).
- **Proxmox:** Provision and manage LXC containers across physical nodes (`vmh-07` to `vmh-13`).
- **Samba:** Automated User and Group management for Active Directory.
| Module | Command | Description |
|--------|---------|-------------|
| **Identity** | `infra samba` | Manage Active Directory users and groups. |
| **Compute** | `infra proxmox` | Provision and destroy LXC containers across nodes. |
| **Database**| `infra db` | Provision PostgreSQL databases and users. |
| **Network** | `infra dns` | Manage static DHCP leases and DNS records. |
| **IP AM** | `infra ip` | Automatic discovery of free IPs in the agent pool. |
| **Ingress** | `infra ingress` | Manage HAProxy subdomains and routing. |
| **Certificates**| `infra cert` | Manage SSL/TLS certificates (Let's Encrypt). |
| **External**| `infra cloudflare`| Manage Cloudflare DNS and Dynamic DNS updates. |
## Installation
@ -19,87 +24,50 @@ pip install -e .
## Configuration
The CLI requires a `config.yaml` file. A template is provided in `config.yaml.example`.
The CLI looks for a config file at `~/.config/loopaware/infra-cli.yaml` or the path specified in the `INFRA_CONFIG` environment variable.
```bash
# Set up your local config
cp config.yaml.example config.yaml
# Update the nodes, IPs, and SSH key paths
export INFRA_CONFIG=$(pwd)/config.yaml
```
### Environment Variables
- `ROUTER_PASS`: Required for router operations (if SSH keys are not deployed).
- `INFRA_CONFIG`: Optional path to a custom config file.
## Common Workflows
## Usage Guide
### Provisioning a New Service
1. **Find an IP:** `infra ip next-free`
2. **Create Database:** `infra db provision "project-name"`
3. **Provision LXC:** `infra proxmox create-lxc 12345 debian-13 "project-host" "10.32.70.x/16" "10.32.0.1" --node la-vmh-12`
4. **Setup DNS:** `infra dns add-host <MAC> 10.32.70.x "project-host"`
5. **Expose Ingress:** `infra ingress add "project.loopaware.com" 10.32.70.x 80`
### 1. Identity & Access (Samba)
### Full Decommission
Clean up every trace of a service in one command:
```bash
# List all users
infra samba list-users
# Create a new user
infra samba add-user "jdoe" "SecurePass123!"
# Grant XMPP access
infra samba add-to-group "xmpp-users" "jdoe"
infra decommission --domain project.loopaware.com --mac <MAC> --vmid 12345 --node la-vmh-12 --port-name project_udp
```
### 2. Compute (Proxmox)
### Certificate Management
```bash
# List containers on a specific node
infra proxmox list-lxcs --node la-vmh-12
# List all active certificates
infra cert list
# Create a new container (CLI resolves "debian-13" automatically)
infra proxmox create-lxc 12150 debian-13 "new-app" "10.32.70.100/16" "10.32.0.1" --node la-vmh-12
# Check main certificate expiry
infra cert status
# Trigger dynamic SAN discovery and renewal
infra cert renew --force
```
### 3. Database (PostgreSQL)
Provision project-specific databases instantly.
## Safety & Validation
- **Template Resolution:** The `debian-13` alias automatically finds the latest template on the target Proxmox node.
- **Input Validation:** All IPs, MACs, and Ports are validated before execution.
- **Pre-flight Checks:** The CLI verifies SSH connectivity to nodes before attempting changes.
```bash
# List all databases
infra db list-dbs
## Development
# Provision a new database and user for a project
infra db provision "my-new-project"
```
### 4. Networking (IP, DNS & DHCP)
Assign a static identity to your new machine. The CLI helps you find free addresses in the dedicated agent pool (`10.32.70.0/16` through `10.32.80.0/16`).
```bash
# Find the next available IP for your project
infra ip next-free
# List top 5 available IPs
infra ip list-free --count 5
# Register the machine in DHCP
infra dns add-host "aa:bb:cc:dd:ee:ff" "10.32.70.100" "new-app"
```
### 4. Cloudflare DDNS
The list of domains to update is managed dynamically on the server.
```bash
# Add a domain to the update list
infra cloudflare add-ddns "my-new-domain.com"
# List all domains being updated
infra cloudflare list-ddns
# Run the update (usually via cron)
infra cloudflare update-ddns
```
## Advanced Workflows for AI Agents
For detailed automation workflows, see [Workflow Documentation](../../docs/guides/dynamic-infrastructure-workflow.md).
## Development and Testing
Run the integration test suite:
### Running Tests
```bash
export ROUTER_PASS="..."
pytest tests/test_cli.py -s
```
pytest tests/test_cli.py -v
```