raijin-server 0.3.0__tar.gz → 0.3.1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {raijin_server-0.3.0/src/raijin_server.egg-info → raijin_server-0.3.1}/PKG-INFO +2 -1
- {raijin_server-0.3.0 → raijin_server-0.3.1}/README.md +1 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/setup.cfg +1 -1
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/__init__.py +1 -1
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/vpn_client.py +122 -34
- {raijin_server-0.3.0 → raijin_server-0.3.1/src/raijin_server.egg-info}/PKG-INFO +2 -1
- {raijin_server-0.3.0 → raijin_server-0.3.1}/LICENSE +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/pyproject.toml +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/cli.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/config.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/healthchecks.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/module_manager.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/__init__.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/apokolips_demo.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/bootstrap.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/calico.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/cert_manager.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/essentials.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/firewall.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/full_install.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/grafana.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/hardening.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/harness.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/internal_dns.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/istio.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/kafka.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/kong.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/kubernetes.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/loki.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/metallb.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/minio.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/network.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/observability_dashboards.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/observability_ingress.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/prometheus.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/sanitize.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/secrets.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/ssh_hardening.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/traefik.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/velero.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/vpn.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/scripts/__init__.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/scripts/checklist.sh +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/scripts/install.sh +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/scripts/log_size_metric.sh +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/scripts/pre-deploy-check.sh +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/utils.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/validators.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server.egg-info/SOURCES.txt +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server.egg-info/dependency_links.txt +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server.egg-info/entry_points.txt +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server.egg-info/requires.txt +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server.egg-info/top_level.txt +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/tests/test_full_install_sequence.py +0 -0
- {raijin_server-0.3.0 → raijin_server-0.3.1}/tests/test_registry.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: raijin-server
|
|
3
|
-
Version: 0.3.
|
|
3
|
+
Version: 0.3.1
|
|
4
4
|
Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
|
|
5
5
|
Home-page: https://example.com/raijin-server
|
|
6
6
|
Author: Equipe Raijin
|
|
@@ -269,6 +269,7 @@ kubectl port-forward svc/grafana -n observability 3000:80
|
|
|
269
269
|
| [ARCHITECTURE.md](ARCHITECTURE.md) | Arquitetura técnica do ambiente |
|
|
270
270
|
| [SECURITY.md](SECURITY.md) | Políticas de segurança |
|
|
271
271
|
| [AUDIT.md](AUDIT.md) | Relatório de auditoria |
|
|
272
|
+
| [docs/VERSIONING.md](docs/VERSIONING.md) | Versionamento e tags |
|
|
272
273
|
| [docs/INFRASTRUCTURE_GUIDE.md](docs/INFRASTRUCTURE_GUIDE.md) | Guia completo de infraestrutura |
|
|
273
274
|
| [docs/VPN_REMOTE_ACCESS.md](docs/VPN_REMOTE_ACCESS.md) | Configuração de VPN |
|
|
274
275
|
| [docs/INTERNAL_DNS.md](docs/INTERNAL_DNS.md) | DNS interno para domínios privados |
|
|
@@ -236,6 +236,7 @@ kubectl port-forward svc/grafana -n observability 3000:80
|
|
|
236
236
|
| [ARCHITECTURE.md](ARCHITECTURE.md) | Arquitetura técnica do ambiente |
|
|
237
237
|
| [SECURITY.md](SECURITY.md) | Políticas de segurança |
|
|
238
238
|
| [AUDIT.md](AUDIT.md) | Relatório de auditoria |
|
|
239
|
+
| [docs/VERSIONING.md](docs/VERSIONING.md) | Versionamento e tags |
|
|
239
240
|
| [docs/INFRASTRUCTURE_GUIDE.md](docs/INFRASTRUCTURE_GUIDE.md) | Guia completo de infraestrutura |
|
|
240
241
|
| [docs/VPN_REMOTE_ACCESS.md](docs/VPN_REMOTE_ACCESS.md) | Configuração de VPN |
|
|
241
242
|
| [docs/INTERNAL_DNS.md](docs/INTERNAL_DNS.md) | DNS interno para domínios privados |
|
|
@@ -103,22 +103,58 @@ def _list_existing_clients() -> List[dict]:
|
|
|
103
103
|
content = WG0_CONF.read_text()
|
|
104
104
|
clients = []
|
|
105
105
|
|
|
106
|
-
# Parse peers
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
106
|
+
# Parse peers - suporta múltiplos formatos de comentário
|
|
107
|
+
lines = content.split("\n")
|
|
108
|
+
i = 0
|
|
109
|
+
|
|
110
|
+
while i < len(lines):
|
|
111
|
+
line = lines[i].strip()
|
|
112
|
+
|
|
113
|
+
# Detecta início de um bloco [Peer]
|
|
114
|
+
if line == "[Peer]":
|
|
115
|
+
peer_name = None
|
|
116
|
+
public_key = None
|
|
117
|
+
allowed_ips = None
|
|
118
|
+
|
|
119
|
+
# Verifica linha anterior para comentário com nome
|
|
120
|
+
if i > 0:
|
|
121
|
+
prev_line = lines[i - 1].strip()
|
|
122
|
+
# Formato: "# cliente_nome" ou "# Cliente: nome"
|
|
123
|
+
if prev_line.startswith("#"):
|
|
124
|
+
comment = prev_line[1:].strip()
|
|
125
|
+
if comment.lower().startswith("cliente:"):
|
|
126
|
+
peer_name = comment.split(":", 1)[1].strip()
|
|
127
|
+
else:
|
|
128
|
+
# Nome direto após # (formato do módulo vpn)
|
|
129
|
+
peer_name = comment
|
|
130
|
+
|
|
131
|
+
# Lê configurações do peer
|
|
132
|
+
i += 1
|
|
133
|
+
while i < len(lines):
|
|
134
|
+
peer_line = lines[i].strip()
|
|
135
|
+
if peer_line.startswith("[") or (peer_line.startswith("#") and i + 1 < len(lines) and lines[i + 1].strip() == "[Peer]"):
|
|
136
|
+
break
|
|
137
|
+
|
|
138
|
+
if peer_line.startswith("PublicKey"):
|
|
139
|
+
public_key = peer_line.split("=", 1)[1].strip()
|
|
140
|
+
elif peer_line.startswith("AllowedIPs"):
|
|
141
|
+
allowed_ips = peer_line.split("=", 1)[1].strip()
|
|
142
|
+
# Comentário inline com nome do cliente
|
|
143
|
+
elif peer_line.startswith("#") and not peer_name:
|
|
144
|
+
peer_name = peer_line[1:].strip()
|
|
145
|
+
|
|
146
|
+
i += 1
|
|
147
|
+
|
|
148
|
+
# Adiciona peer se tiver pelo menos chave pública
|
|
149
|
+
if public_key:
|
|
150
|
+
clients.append({
|
|
151
|
+
"name": peer_name or f"cliente_{len(clients) + 1}",
|
|
152
|
+
"public_key": public_key,
|
|
153
|
+
"ip": allowed_ips or "N/A",
|
|
154
|
+
})
|
|
155
|
+
continue
|
|
110
156
|
|
|
111
|
-
|
|
112
|
-
if current_peer:
|
|
113
|
-
clients.append(current_peer)
|
|
114
|
-
current_peer = {"name": line.split(":", 1)[1].strip()}
|
|
115
|
-
elif line.startswith("PublicKey =") and current_peer:
|
|
116
|
-
current_peer["public_key"] = line.split("=")[1].strip()
|
|
117
|
-
elif line.startswith("AllowedIPs =") and current_peer:
|
|
118
|
-
current_peer["ip"] = line.split("=")[1].strip()
|
|
119
|
-
|
|
120
|
-
if current_peer:
|
|
121
|
-
clients.append(current_peer)
|
|
157
|
+
i += 1
|
|
122
158
|
|
|
123
159
|
return clients
|
|
124
160
|
|
|
@@ -148,57 +184,81 @@ def _add_peer_to_server(name: str, public_key: str, client_ip: str, ctx: Executi
|
|
|
148
184
|
"""Adiciona peer ao arquivo de configuração do servidor."""
|
|
149
185
|
content = WG0_CONF.read_text()
|
|
150
186
|
|
|
187
|
+
# Remove linhas em branco extras no final
|
|
188
|
+
content = content.rstrip() + "\n"
|
|
189
|
+
|
|
190
|
+
# Formato compatível com o módulo vpn original
|
|
151
191
|
peer_block = f"""
|
|
152
|
-
#
|
|
192
|
+
# {name}
|
|
153
193
|
[Peer]
|
|
154
194
|
PublicKey = {public_key}
|
|
155
195
|
AllowedIPs = {client_ip}
|
|
156
196
|
"""
|
|
157
197
|
|
|
158
198
|
# Adiciona peer ao final
|
|
159
|
-
content +=
|
|
199
|
+
content += peer_block
|
|
160
200
|
|
|
161
201
|
write_file(WG0_CONF, content, ctx)
|
|
162
202
|
|
|
163
|
-
# Recarrega configuração
|
|
203
|
+
# Recarrega configuração via wg syncconf (mais rápido) ou restart
|
|
164
204
|
typer.echo("Recarregando WireGuard...")
|
|
165
|
-
|
|
205
|
+
# Tenta wg syncconf primeiro (não derruba conexões existentes)
|
|
206
|
+
result = run_cmd(
|
|
207
|
+
["bash", "-c", f"wg syncconf wg0 <(wg-quick strip wg0)"],
|
|
208
|
+
ctx,
|
|
209
|
+
check=False
|
|
210
|
+
)
|
|
211
|
+
if result.returncode != 0:
|
|
212
|
+
# Fallback para restart
|
|
213
|
+
run_cmd(["systemctl", "restart", "wg-quick@wg0"], ctx, check=False)
|
|
166
214
|
|
|
167
215
|
|
|
168
216
|
def _remove_peer_from_server(public_key: str, ctx: ExecutionContext) -> None:
|
|
169
217
|
"""Remove peer do arquivo de configuração do servidor."""
|
|
170
218
|
content = WG0_CONF.read_text()
|
|
171
219
|
|
|
172
|
-
# Remove bloco do peer
|
|
220
|
+
# Remove bloco do peer - suporta múltiplos formatos
|
|
173
221
|
lines = content.split("\n")
|
|
174
222
|
new_lines = []
|
|
175
223
|
skip_until_next_section = False
|
|
176
224
|
|
|
177
|
-
for line in lines:
|
|
225
|
+
for i, line in enumerate(lines):
|
|
178
226
|
if f"PublicKey = {public_key}" in line:
|
|
179
227
|
skip_until_next_section = True
|
|
180
|
-
# Remove também o comentário anterior
|
|
181
|
-
|
|
182
|
-
new_lines.
|
|
183
|
-
|
|
184
|
-
new_lines.
|
|
185
|
-
|
|
228
|
+
# Remove também o comentário anterior e [Peer]
|
|
229
|
+
while new_lines and (
|
|
230
|
+
new_lines[-1].startswith("#") or
|
|
231
|
+
new_lines[-1].strip() == "" or
|
|
232
|
+
new_lines[-1].strip() == "[Peer]"
|
|
233
|
+
):
|
|
186
234
|
new_lines.pop()
|
|
187
235
|
continue
|
|
188
236
|
|
|
189
237
|
if skip_until_next_section:
|
|
190
|
-
|
|
238
|
+
# Próximo peer ou seção
|
|
239
|
+
stripped = line.strip()
|
|
240
|
+
if stripped.startswith("[") or (stripped.startswith("#") and i + 1 < len(lines) and lines[i + 1].strip() == "[Peer]"):
|
|
191
241
|
skip_until_next_section = False
|
|
192
242
|
else:
|
|
193
243
|
continue
|
|
194
244
|
|
|
195
245
|
new_lines.append(line)
|
|
196
246
|
|
|
197
|
-
|
|
247
|
+
# Remove linhas em branco extras no final
|
|
248
|
+
while new_lines and new_lines[-1].strip() == "":
|
|
249
|
+
new_lines.pop()
|
|
250
|
+
|
|
251
|
+
write_file(WG0_CONF, "\n".join(new_lines) + "\n", ctx)
|
|
198
252
|
|
|
199
253
|
# Recarrega configuração
|
|
200
254
|
typer.echo("Recarregando WireGuard...")
|
|
201
|
-
run_cmd(
|
|
255
|
+
result = run_cmd(
|
|
256
|
+
["bash", "-c", f"wg syncconf wg0 <(wg-quick strip wg0)"],
|
|
257
|
+
ctx,
|
|
258
|
+
check=False
|
|
259
|
+
)
|
|
260
|
+
if result.returncode != 0:
|
|
261
|
+
run_cmd(["systemctl", "restart", "wg-quick@wg0"], ctx, check=False)
|
|
202
262
|
|
|
203
263
|
|
|
204
264
|
def _create_client_config(
|
|
@@ -387,6 +447,8 @@ def show_client_config(ctx: ExecutionContext) -> None:
|
|
|
387
447
|
|
|
388
448
|
if not client_file.exists():
|
|
389
449
|
typer.secho(f"Arquivo de configuração não encontrado: {client_file}", fg=typer.colors.RED)
|
|
450
|
+
typer.echo("\nDica: O cliente pode ter sido criado pelo módulo 'vpn' (inicial).")
|
|
451
|
+
typer.echo(f"Verifique se existe: {CLIENTS_DIR}")
|
|
390
452
|
raise typer.Exit(1)
|
|
391
453
|
|
|
392
454
|
typer.echo(f"\n{'='*60}")
|
|
@@ -396,11 +458,37 @@ def show_client_config(ctx: ExecutionContext) -> None:
|
|
|
396
458
|
|
|
397
459
|
typer.echo(client_file.read_text())
|
|
398
460
|
|
|
461
|
+
# Detecta hostname/IP do servidor
|
|
462
|
+
import socket
|
|
463
|
+
hostname = socket.gethostname()
|
|
464
|
+
|
|
465
|
+
typer.echo(f"\n{'='*60}")
|
|
466
|
+
typer.secho("COMO COPIAR PARA WINDOWS/MAC/LINUX:", fg=typer.colors.CYAN, bold=True)
|
|
467
|
+
typer.echo(f"{'='*60}")
|
|
468
|
+
|
|
469
|
+
typer.echo("\n📋 Opção 1 - SCP (requer SSH configurado):")
|
|
470
|
+
typer.echo(f" scp usuario@{hostname}:{client_file} .")
|
|
471
|
+
typer.echo(f" # ou com IP: scp usuario@SEU_IP:{client_file} .")
|
|
472
|
+
|
|
473
|
+
typer.echo("\n📋 Opção 2 - Copiar conteúdo manualmente:")
|
|
474
|
+
typer.echo(" 1. Copie o texto acima (entre as linhas de '=')")
|
|
475
|
+
typer.echo(f" 2. No Windows, crie arquivo: {name}.conf")
|
|
476
|
+
typer.echo(" 3. Cole o conteúdo e salve")
|
|
477
|
+
|
|
478
|
+
typer.echo("\n📋 Opção 3 - SFTP (FileZilla, WinSCP):")
|
|
479
|
+
typer.echo(f" Conecte no servidor e baixe: {client_file}")
|
|
480
|
+
|
|
481
|
+
typer.echo("\n📱 Para celular (QR Code):")
|
|
482
|
+
typer.echo(f" qrencode -t ansiutf8 < {client_file}")
|
|
483
|
+
|
|
399
484
|
typer.echo(f"\n{'='*60}")
|
|
400
|
-
typer.
|
|
401
|
-
typer.echo(f"
|
|
402
|
-
typer.echo("
|
|
403
|
-
typer.echo(
|
|
485
|
+
typer.secho("NO WINDOWS 11:", fg=typer.colors.GREEN, bold=True)
|
|
486
|
+
typer.echo(f"{'='*60}")
|
|
487
|
+
typer.echo(" 1. Baixe WireGuard: https://www.wireguard.com/install/")
|
|
488
|
+
typer.echo(" 2. Abra WireGuard → 'Import tunnel(s) from file...'")
|
|
489
|
+
typer.echo(f" 3. Selecione o arquivo {name}.conf")
|
|
490
|
+
typer.echo(" 4. Clique 'Activate' para conectar")
|
|
491
|
+
typer.echo("")
|
|
404
492
|
|
|
405
493
|
|
|
406
494
|
def run(ctx: ExecutionContext) -> None:
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: raijin-server
|
|
3
|
-
Version: 0.3.
|
|
3
|
+
Version: 0.3.1
|
|
4
4
|
Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
|
|
5
5
|
Home-page: https://example.com/raijin-server
|
|
6
6
|
Author: Equipe Raijin
|
|
@@ -269,6 +269,7 @@ kubectl port-forward svc/grafana -n observability 3000:80
|
|
|
269
269
|
| [ARCHITECTURE.md](ARCHITECTURE.md) | Arquitetura técnica do ambiente |
|
|
270
270
|
| [SECURITY.md](SECURITY.md) | Políticas de segurança |
|
|
271
271
|
| [AUDIT.md](AUDIT.md) | Relatório de auditoria |
|
|
272
|
+
| [docs/VERSIONING.md](docs/VERSIONING.md) | Versionamento e tags |
|
|
272
273
|
| [docs/INFRASTRUCTURE_GUIDE.md](docs/INFRASTRUCTURE_GUIDE.md) | Guia completo de infraestrutura |
|
|
273
274
|
| [docs/VPN_REMOTE_ACCESS.md](docs/VPN_REMOTE_ACCESS.md) | Configuração de VPN |
|
|
274
275
|
| [docs/INTERNAL_DNS.md](docs/INTERNAL_DNS.md) | DNS interno para domínios privados |
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/observability_dashboards.py
RENAMED
|
File without changes
|
{raijin_server-0.3.0 → raijin_server-0.3.1}/src/raijin_server/modules/observability_ingress.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|