construqt 0.0.5 → 0.0.6

data/lib/construqt/flavour/ciscian/dialect_hp-2510g.rb

@@ -13,6 +13,30 @@ module Construqt
         def commit
         end
 
+        def sort_section_keys(keys)
+          return keys.sort do |a,b|
+            a = a.to_s
+            b = b.to_s
+            match_a=/^(.*[^\d])(\d+)$/.match(a)||[nil,a,1]
+            match_b=/^(.*[^\d])(\d+)$/.match(b)||[nil,b,1]
+            #puts match_a, match_b, a, b
+            ret=0
+            ret = rate_higher("hostname", match_a[1], match_b[1]) if ret==0
+            ret = rate_higher("snmp", match_a[1], match_b[1]) if ret==0
+            ret = rate_higher("trunk", match_a[1], match_b[1]) if ret==0
+            ret = rate_higher("max-vlans", match_a[1], match_b[1]) if ret==0
+            ret = rate_higher("vlan", match_a[1], match_b[1]) if ret==0
+            ret = rate_higher("vlan", match_a[1], match_b[1]) if ret==0
+            ret = match_a[1]<=>match_b[1] if ret==0
+            ret = match_a[2].to_i<=>match_b[2].to_i if ret==0
+            ret
+          end
+        end
+
+        def rate_higher(prefix, a, b)
+          return a.start_with?(prefix) ^ b.start_with?(prefix) ? (a.start_with?(prefix) ? -1 : 1) : 0
+        end
+
         def expand_vlan_device_name(device)
           expand_device_name(device, { "po" => "Trk%s", "ge" => "%s" })
         end
@@ -25,45 +49,71 @@ module Construqt
         end
 
         def add_host(host)
-          @result.add("hostname", Ciscian::SingleValueVerb).add(@result.host.name)
-          @result.add("max-vlans", Ciscian::SingleValueVerb).add(64)
-          @result.add("snmp-server community \"public\" Unrestricted", Ciscian::SingleValueVerb)
+          @result.add("hostname").add(@result.host.name).quotes
+          @result.add("max-vlans").add(64)
+          @result.add("snmp-server community \"public\"")
+
+          #enable ssh per default
+          @result.add("ip ssh")
+
           @result.host.interfaces.values.each do |iface|
             next unless iface.delegate.address
             iface.delegate.address.routes.each do |route|
-              @result.add("ip route #{route.dst.to_s} #{route.dst.netmask} #{route.via.to_s}", Ciscian::SingleValueVerb)
+              @result.add("ip route #{route.dst.to_s} #{route.dst.netmask} #{route.via.to_s}")
             end
           end
+
+          if host.delegate.sntp
+            @result.add("sntp server").add(host.delegate.sntp)
+            @result.add("timesync sntp")
+            @result.add("sntp unicast")
+          end
+
+          if host.delegate.logging
+            @result.add("logging").add(host.delegate.logging)
+          end
+
         end
 
         def add_device(device)
         end
 
         def add_bond(bond)
-          @result.add("trunk", TrunkVerb).add("{+ports}" => bond.interfaces.map{|i| i.delegate.number }, "{*channel}" => bond.delegate.number)
+          @result.add("trunk", TrunkVerb).add("{+ports}" => bond.interfaces.map{|i| i.delegate.number }, "{*channel}" => bond.delegate.number, "{=mode}"=>"LACP")
           @result.add("spanning-tree #{expand_vlan_device_name(bond)} priority 4")
         end
 
         def add_vlan(vlan)
-          @result.add("vlan #{vlan.delegate.vlan_id} jumbo") do |section|
+          @result.add("vlan #{vlan.delegate.vlan_id}", NestedSection) do |section|
             next unless vlan.delegate.description && !vlan.delegate.description.empty?
             throw "vlan name too long, max 32 chars" if vlan.delegate.description.length > 32
-            section.add("name", Ciscian::SingleValueVerb).add(vlan.delegate.description)
+            section.add("name").add(vlan.delegate.description).quotes
+            section.add("jumbo")
             vlan.interfaces.each do |port|
-
-              section.add({
-                            true => "tagged",
-                            false => "untagged"
-              }[port.template.is_tagged?(vlan.vlan_id)], Ciscian::RangeVerb).add(expand_vlan_device_name(port))
+              range=nil
+              if port.template.is_tagged?(vlan.vlan_id)
+                range=section.add("tagged", Tagged)
+                range.add("{+ports}" => [expand_vlan_device_name(port)])
+              elsif port.template.is_untagged?(vlan.vlan_id)
+                range=section.add("tagged", Tagged)
+                range.add("{+uports}" => [expand_vlan_device_name(port)])
+              elsif port.template.is_nountagged?(vlan.vlan_id)
+                range=section.add("tagged", Tagged)
+                range.add("{-uports}" => [expand_vlan_device_name(port)])
+              end
             end
 
             if vlan.delegate.address
               if vlan.delegate.address.first_ipv4
-                section.add("ip address").add(vlan.delegate.address.first_ipv4.to_string)
+                section.add("ip address").add(vlan.delegate.address.first_ipv4.to_s + " " + vlan.delegate.address.first_ipv4.netmask)
               elsif vlan.delegate.address.dhcpv4?
                 section.add("ip address").add("dhcp-bootp")
               end
             end
+
+            if vlan.delegate.igmp
+              section.add("ip igmp")
+            end
           end
         end
 
@@ -81,6 +131,10 @@ module Construqt
           end.flatten.join(' ')
         end
 
+        def is_virtual?(line)
+          line.include?("vlan")
+        end
+
         def block_end?(line)
           ['end','exit'].include?(line.strip)
         end
@@ -101,8 +155,14 @@ module Construqt
             "trunk"
           end
 
+          def self.find_regex(variable)
+            {
+              "mode" => "(Trunk|LACP)"
+            }[variable]
+          end
+
           def self.patterns
-            ["no trunk {-ports}", "trunk {+ports} Trk{*channel} Trunk"]
+            ["no trunk {-ports}", "trunk {+ports} Trk{*channel} {=mode}"]
           end
         end
       end

data/lib/construqt/flavour/delegates.rb

@@ -9,6 +9,7 @@ module Construqt
 
       def delegate=(a)
         throw "delegate needs to be !nil" unless a
+        a.delegate = self
         @delegate = a
       end
 
@@ -28,6 +29,14 @@ module Construqt
         @vrrp
       end
 
+      def ipsec
+        self.delegate.ipsec
+      end
+
+      def firewalls
+        self.delegate.firewalls
+      end
+
       def description
         self.delegate.description
       end

data/lib/construqt/flavour/mikrotik/flavour_mikrotik.rb

@@ -408,9 +408,6 @@ OUT
       def self.create_interface(name, cfg)
         cfg['name'] = name
         clazz(cfg['clazz']).new(cfg)
-        #cfg['name'] = name
-        #iface = Interface.new(cfg)
-        #iface
       end
 
       def self.create_bgp(cfg)

data/lib/construqt/flavour/mikrotik/flavour_mikrotik_bgp.rb

@@ -14,7 +14,16 @@ module Construqt
             host.result.add("set [ find chain=#{v4_name.inspect} ] comment=to_remove", nil, "routing", "filter")
             host.result.add("set [ find chain=#{v6_name.inspect} ] comment=to_remove", nil, "routing", "filter")
             filter.list.each do |rule|
-              rule['network'].ips.each do |ip|
+              nets = rule['network']
+              if nets.kind_of?(String)
+                #binding.pry
+                nets = Construqt::Tags.find(nets, Construqt::Addresses::IPV4) + Construqt::Tags.find(nets, Construqt::Addresses::IPV6)
+                #            puts ">>>>>>>>>> #{nets.map{|i| i.class.name}}"
+                nets = IPAddress::summarize(nets)
+              else
+                nets = nets.ips
+              end
+              nets.each do |ip|
                 prefix_len = ""
                 if rule['prefix_length']
                   prefix_len = "prefix-length=#{rule['prefix_length'].first}-#{rule['prefix_length'].last}"
@@ -115,6 +124,7 @@ module Construqt
                                                                    "address-families" => "ip",
                                                                    "default-originate" => self.default_originate,
                                                                    "remote-address" => self.other.my.address.first_ipv4,
+                                                                   "use-bfd" => self.cfg.use_bfd.kind_of?(false.class) ? false : true,
                                                                    "tcp-md5-key" => self.cfg.password,
                                                                    "in-filter" => "v4-"+self.filter['in'].name,
                                                                    "out-filter" => "v4-"+self.filter['out'].name)
@@ -124,6 +134,7 @@ module Construqt
                                                                    "remote-as" => self.other.as.num,
                                                                    "address-families" => "ipv6",
                                                                    "remote-address" => self.other.my.address.first_ipv6,
+                                                                   "use-bfd" => self.cfg.use_bfd.kind_of?(false.class) ? false : true,
                                                                    "tcp-md5-key" => self.cfg.password,
                                                                    "in-filter" => "v6-"+self.filter['in'].name,
                                                                    "out-filter" => "v6-"+self.filter['out'].name)

data/lib/construqt/flavour/mikrotik/flavour_mikrotik_interface.rb

@@ -43,12 +43,16 @@ module Construqt
           end
 
           cfg['distance'] = rt.metric if rt.metric
+
+          cfg['routing-mark'] = rt.routing_table if rt.routing_table
+
           default = {
             "dst-address" => Schema.network.required.key(0),
             "gateway" => Schema.address,
             "type" => Schema.identifier,
             "distance" => Schema.int,
-            "comment" => Schema.string.required.key(1)
+            "comment" => Schema.string.required.key(1),
+            "routing-mark" => Schema.identifier
           }
           cfg['comment'] = "#{cfg['dst-address']} via #{cfg['gateway']} CONSTRUQT"
           if rt.dst.ipv6?
@@ -58,10 +62,37 @@ module Construqt
           end
         end
 
+        def self.render_firewall_mangle(host, iface)
+          cfg = {
+            "in-interface" => iface.name,
+            "new-routing-mark" => iface.routing_table,
+            "chain" => "prerouting",
+            "action" => "mark-routing"
+          }
+          cfg['comment'] = "tag interface #{cfg['in-interface']} with routing-mark #{cfg['new-routing-mark']} CONSTRUQT"
+
+          default = {
+            "chain" => Schema.identifier.required,
+            "action" => Schema.identifier.required,
+            "new-routing-mark" => Schema.identifier.required,
+            "in-interface" => Schema.identifier.required,
+            "comment" => Schema.string.required.key(1),
+          }
+
+          host.result.render_mikrotik(default, cfg, "ipv6", "firewall", "mangle")
+          host.result.render_mikrotik(default, cfg, "ip", "firewall", "mangle")
+        end
+
+
         def self.build_config(host, iface)
+          if iface.routing_table
+            render_firewall_mangle(host, iface)
+          end
+
           #name = File.join(host.name, "interface", "device")
           #ret = []
           #ret += self.clazz.build_config(host, iface||self)
+
           if !(iface.address.nil? || iface.address.ips.empty?)
             iface.address.ips.each do |ip|
               render_ip(host, iface, ip)

data/lib/construqt/flavour/mikrotik/flavour_mikrotik_result.rb

@@ -155,9 +155,11 @@ module Construqt
             "interface vrrp",
             "interface gre6",
             "ipv6 address",
+            "ipv6 firewall mangle",
             "ipv6 route",
             "ip address",
             "ip dns",
+            "ip firewall mangle",
             "ip route",
             "ip ipsec proposal",
             "ip ipsec peer",

data/lib/construqt/flavour/mikrotik/flavour_mikrotik_schema.rb

@@ -101,7 +101,7 @@ module Construqt
           end
 
           def self.serialize(schema, val)
-            throw "Address:val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
+            throw "Address:val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(Construqt::Addresses::CqIpAddress) || val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
             #        throw "only 0-9:\.\/ are allowed #{val}" unless val.match(/^[a-fA-F0-9:\.\/]+$/)
             return Flavour::Mikrotik.compress_address(val)
           end
@@ -113,7 +113,7 @@ module Construqt
           end
 
           def self.serialize(schema, val)
-            throw "Address:val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
+            throw "Address:val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(Construqt::Addresses::CqIpAddress) || val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
             #        throw "only 0-9:\.\/ are allowed #{val}" unless val.match(/^[a-fA-F0-9:\.\/]+$/)
             return "#{Flavour::Mikrotik.compress_address(val)}/#{val.prefix}"
           end
@@ -125,7 +125,7 @@ module Construqt
           end
 
           def self.serialize(schema, val)
-            throw "Network::val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
+            throw "Network::val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(Construqt::Addresses::CqIpAddress) || val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
             #throw "only 0-9:\.\/ are allowed #{val}" unless val.match(/^[a-fA-F0-9:\.\/]+$/)
             return "#{Flavour::Mikrotik.compress_address(val)}/#{val.prefix}"
           end

data/lib/construqt/flavour/plantuml/plantuml.rb

@@ -138,11 +138,11 @@ UML
           end
         end
 
-        iface.delegate.firewalls && iface.delegate.firewalls.each_with_index do |fw, idx|
+        iface.delegate && iface.delegate.firewalls && iface.delegate.firewalls.each_with_index do |fw, idx|
           out << "fw(#{idx}) = \"#{fw.name}\""
         end
 
-        (iface.tags+tags).sort.uniq.each_with_index do |tag, idx|
+        iface.tags && (iface.tags+tags).sort.uniq.each_with_index do |tag, idx|
           out << "tag(#{idx}) = \"#{tag}\""
         end
 

data/lib/construqt/flavour/ubuntu/flavour_ubuntu.rb

@@ -39,7 +39,8 @@ module Construqt
             return
           end
 
-          writer.header.mode(EtcNetworkInterfaces::Entry::Header::MODE_DHCP) if iface.address.dhcpv4?
+          writer.header.dhcpv4 if iface.address.dhcpv4?
+          writer.header.dhcpv6 if iface.address.dhcpv6?
           writer.header.mode(EtcNetworkInterfaces::Entry::Header::MODE_LOOPBACK) if iface.address.loopback?
           lines.add(iface.flavour) if iface.flavour
           iface.address.ips.each do |ip|
@@ -83,6 +84,15 @@ module Construqt
           writer.lines.down("ip link set dev #{ifname} down")
           add_address(host, ifname, iface.delegate, writer.lines, writer) #unless iface.address.nil? || iface.address.ips.empty?
           add_services(host, ifname, iface.delegate, writer)
+          host.ipsecs.find do |ipsec|
+            if ipsec.left.remote.interface == iface || ipsec.right.remote.interface == iface
+              writer.lines.up("STARTED_BY_CONSTRUQT=yes /etc/init.d/racoon start")
+              writer.lines.down("STARTED_BY_CONSTRUQT=yes /etc/init.d/racoon restart")
+              true
+            else
+              false
+            end
+          end
         end
       end
 
@@ -142,7 +152,7 @@ BOND
         end
 
         def build_config(host, unused)
-          host.result.add(self, <<SCTL, Construqt::Resources::Rights::ROOT_0644, "etc", "sysctl.conf")
+          host.result.add(self, <<SCTL, Construqt::Resources::Rights.root_0644, "etc", "sysctl.conf")
 net.ipv4.conf.all.forwarding = 1
 net.ipv4.conf.default.forwarding = 1
 net.ipv4.vs.pmtu_disc=1
@@ -151,7 +161,7 @@ net.ipv6.conf.all.autoconf=0
 net.ipv6.conf.all.accept_ra=0
 net.ipv6.conf.all.forwarding=1
 SCTL
-          host.result.add(self, <<HOSTS, Construqt::Resources::Rights::ROOT_0644, "etc", "hosts")
+          host.result.add(self, <<HOSTS, Construqt::Resources::Rights.root_0644, "etc", "hosts")
 127.0.0.1       localhost
 ::1             localhost ip6-localhost ip6-loopback
 fe00::0         ip6-localnet
@@ -161,12 +171,12 @@ ff02::2         ip6-allrouters
 
 127.0.1.1       #{host.name} #{host.region.network.fqdn(host.name)}
 HOSTS
-          host.result.add(self, host.name, Construqt::Resources::Rights::ROOT_0644, "etc", "hostname")
-          host.result.add(self, "# WTF resolvconf", Construqt::Resources::Rights::ROOT_0644, "etc", "resolvconf", "resolv.conf.d", "orignal");
+          host.result.add(self, host.name, Construqt::Resources::Rights.root_0644, "etc", "hostname")
+          host.result.add(self, "# WTF resolvconf", Construqt::Resources::Rights.root_0644, "etc", "resolvconf", "resolv.conf.d", "orignal");
           host.result.add(self,
                           (host.region.network.dns_resolver.nameservers.ips.map{|i| "nameserver #{i.to_s}" }+
                            ["search #{host.region.network.dns_resolver.search.join(' ')}"]).join("\n"),
-                          Construqt::Resources::Rights::ROOT_0644, "etc", "resolv.conf")
+                          Construqt::Resources::Rights.root_0644, "etc", "resolv.conf")
           #binding.pry
           Dns.build_config(host) if host.delegate.dns_server
           akeys = []
@@ -178,11 +188,11 @@ HOSTS
             skeys << "#{u.shadow}" if u.shadow
           end
 
-          host.result.add(self, skeys.join(), Construqt::Resources::Rights::ROOT_0644, "etc", "shadow.merge")
-          host.result.add(self, akeys.join(), Construqt::Resources::Rights::ROOT_0644, "root", ".ssh", "authorized_keys")
-          host.result.add(self, ykeys.join("\n"), Construqt::Resources::Rights::ROOT_0644, "etc", "yubikey_mappings")
+          #host.result.add(self, skeys.join(), Construqt::Resources::Rights.root_0644, "etc", "shadow.merge")
+          host.result.add(self, akeys.join(), Construqt::Resources::Rights.root_0644, "root", ".ssh", "authorized_keys")
+          host.result.add(self, ykeys.join("\n"), Construqt::Resources::Rights.root_0644, "etc", "yubikey_mappings")
 
-          host.result.add(self, <<SSH , Construqt::Resources::Rights::ROOT_0644, "etc", "ssh", "sshd_config")
+          host.result.add(self, <<SSH , Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::SSH), "etc", "ssh", "sshd_config")
 # Package generated configuration file
 # See the sshd_config(5) manpage for details
 
@@ -272,7 +282,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
 # and ChallengeResponseAuthentication to 'no'.
 UsePAM yes
 SSH
-          host.result.add(self, <<PAM , Construqt::Resources::Rights::ROOT_0644, "etc", "pam.d", "openvpn")
+          host.result.add(self, <<PAM , Construqt::Resources::Rights::root_0644, "etc", "pam.d", "openvpn")
           #{host.delegate.yubikey ? '':'# '}auth required pam_yubico.so id=16 authfile=/etc/yubikey_mappings
 auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass
 auth requisite pam_deny.so
@@ -297,7 +307,6 @@ PAM
 
         def build_config(host, gre)
           gre_delegate = gre.delegate
-          #      binding.pry
           cfg = nil
           if gre_delegate.local.first_ipv6
             cfg = OpenStruct.new(:prefix=>6, :my=>gre_delegate.local.first_ipv6, :other => gre_delegate.remote.first_ipv6, :mode => "ip6gre")
@@ -306,7 +315,7 @@ PAM
           end
 
           throw "need a local address #{host.name}:#{gre_delegate.name}" unless cfg
-          local_iface = host.interfaces.values.find { |iface| iface.address.match_network(cfg.my) }
+          local_iface = host.interfaces.values.find { |iface| iface.address && iface.address.match_network(cfg.my) }
           throw "need a interface with address #{host.name}:#{cfg.my}" unless local_iface
           iname = Util.clean_if("gt#{cfg.prefix}", gre_delegate.name)
 
@@ -318,6 +327,8 @@ PAM
           writer = host.result.etc_network_interfaces.get(gre_delegate)
           writer.skip_interfaces.header.interface_name(iname)
           writer.lines.up("ip -#{cfg.prefix} tunnel add #{iname} mode #{cfg.mode} local #{cfg.my.to_s} remote #{cfg.other.to_s}")
+          #writer.lines.up("ip -#{cfg.prefix} tunnel add #{iname} mode #{cfg.mode} local #{cfg.my.to_s} remote #{cfg.other.to_s}")
+          #/sbin/ip -6 tunnel add gt4nactr01 mode ip4ip6 remote 2a04:2f80:f:f003::2 local 2a04:2f80:f:f003::1
           #      writer.lines.up("ip -#{cfg.prefix} link set dev #{iname} up")
           Device.build_config(host, gre)
           #      Device.add_address(host, iname, iface, writer.lines, writer)

data/lib/construqt/flavour/ubuntu/flavour_ubuntu_bgp.rb

@@ -10,10 +10,16 @@ module Construqt
         def self.header(host)
           return if host.bgps.empty?
           # binding.pry
-          bird_v4 = self.header_bird(host, OpenStruct.new(:net_clazz => IPAddress::IPv4, :filter => lambda {|ip| ip.ipv4? }))
-          host.result.add(self, bird_v4, Construqt::Resources::Rights::ROOT_0644, "etc", "bird", "bird.conf")
-          bird_v6 = self.header_bird(host, OpenStruct.new(:net_clazz => IPAddress::IPv6, :filter => lambda {|ip| ip.ipv6? }))
-          host.result.add(self, bird_v6, Construqt::Resources::Rights::ROOT_0644, "etc", "bird", "bird6.conf")
+          bird_v4 = self.header_bird(host, OpenStruct.new(:net_clazz => lambda {|o|
+            (o.kind_of?(IPAddress::IPv4)||o.kind_of?(Construqt::Addresses::CqIpAddress)) && o.ipv4?
+          },
+                                                          :filter => lambda {|ip| ip.ipv4? }))
+          host.result.add(self, bird_v4, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::BGP), "etc", "bird", "bird.conf")
+          bird_v6 = self.header_bird(host, OpenStruct.new(:net_clazz => lambda {|o|
+            (o.kind_of?(IPAddress::IPv6)||o.kind_of?(Construqt::Addresses::CqIpAddress)) && o.ipv6?
+          },
+                                                          :filter => lambda {|ip| ip.ipv6? }))
+          host.result.add(self, bird_v6, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::BGP), "etc", "bird", "bird6.conf")
         end
 
         def self.header_bird(host, mode)
@@ -40,6 +46,7 @@ BGP
             filter.list.each do |rule|
               nets = rule['network']
               if nets.kind_of?(String)
+                #binding.pry
                 nets = Construqt::Tags.find(nets, mode.net_clazz)
                 #            puts ">>>>>>>>>> #{nets.map{|i| i.class.name}}"
                 nets = IPAddress::summarize(nets)
@@ -50,7 +57,9 @@ BGP
               nets.each do |ip|
                 next unless mode.filter.call(ip)
                 ip_str = ip.to_string
-                if rule['prefix_length']
+                if rule['addr_sub_prefix']
+                  ip_str = "#{ip.to_string}{#{ip.prefix},#{ip.ipv4? ? 32 : 128}}"
+                elsif rule['prefix_length']
                   ip_str = "#{ip.to_string}{#{rule['prefix_length'].first},#{rule['prefix_length'].last}}"
                 end
 
@@ -66,7 +75,7 @@ BGP
 
         def build_bird_conf
           if self.my.address.first_ipv4 && self.other.my.address.first_ipv4
-            self.my.host.result.add(self, <<BGP, Construqt::Resources::Rights::ROOT_0644, "etc", "bird", "bird.conf")
+            self.my.host.result.add(self, <<BGP, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::BGP), "etc", "bird", "bird.conf")
 protocol bgp #{Util.clean_bgp(self.my.host.name)}_#{Util.clean_bgp(self.other.host.name)} {
         description "#{self.my.host.name} <=> #{self.other.host.name}";
         direct;
@@ -85,7 +94,7 @@ BGP
         def build_bird6_conf
           #      binding.pry
           if self.my.address.first_ipv6 && self.other.my.address.first_ipv6
-            self.my.host.result.add(self, <<BGP, Construqt::Resources::Rights::ROOT_0644, "etc", "bird", "bird6.conf")
+            self.my.host.result.add(self, <<BGP, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::BGP), "etc", "bird", "bird6.conf")
 protocol bgp #{Util.clean_bgp(self.my.host.name)}_#{Util.clean_bgp(self.other.host.name)} {
         description "#{self.my.host.name} <=> #{self.other.host.name}";
         direct;

data/lib/construqt/flavour/ubuntu/flavour_ubuntu_dns.rb

@@ -70,18 +70,18 @@ OUT
           include = {}
           forward.each do |domain, lines|
             include[domain] = "/etc/bind/tables/#{domain}.forward"
-            host.result.add(self, write_header(host.region, domain), Construqt::Resources::Rights::ROOT_0644, "etc/bind/tables", "#{domain}.forward")
-            host.result.add(self, lines.sort.join("\n"), Construqt::Resources::Rights::ROOT_0644, "etc/bind/tables", "#{domain}.forward")
+            host.result.add(self, write_header(host.region, domain), Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::DNS), "etc/bind/tables", "#{domain}.forward")
+            host.result.add(self, lines.sort.join("\n"), Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::DNS), "etc/bind/tables", "#{domain}.forward")
           end
 
           reverse.each do |domain, lines|
             include[domain.rev_domains.first] = "/etc/bind/tables/#{domain}.reverse"
-            host.result.add(self, write_header(host.region, domain.rev_domains.first), Construqt::Resources::Rights::ROOT_0644, "etc/bind/tables", "#{domain.to_s}.reverse")
-            host.result.add(self, lines.values.sort.join("\n"), Construqt::Resources::Rights::ROOT_0644, "etc/bind/tables", "#{domain.to_s}.reverse")
+            host.result.add(self, write_header(host.region, domain.rev_domains.first), Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::DNS), "etc/bind/tables", "#{domain.to_s}.reverse")
+            host.result.add(self, lines.values.sort.join("\n"), Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::DNS), "etc/bind/tables", "#{domain.to_s}.reverse")
           end
 
           include.each do |domain,path|
-            host.result.add(self, <<DNS, Construqt::Resources::Rights::ROOT_0644, "etc/bind/named.conf.local")
+            host.result.add(self, <<DNS, Construqt::Resources::Rights.root_0644(Construqt::Resources::Component::DNS), "etc/bind/named.conf.local")
 zone "#{domain.to_s}" {
         type master;
         file "#{path}";