From abd1c8fc71fc8c74d19395fac87fedbe9155ccdb Mon Sep 17 00:00:00 2001 From: Eric Renfro Date: Fri, 18 Aug 2017 07:31:11 -0400 Subject: [PATCH] Updated documentation and included conf.d config templates --- .gitignore | 1 - README.md | 86 ++++++++++++++++++++++++++++++++-- src/conf.d/aws-sg.conf | 4 ++ src/conf.d/update-dns-r53.conf | 6 +++ 4 files changed, 93 insertions(+), 4 deletions(-) create mode 100644 src/conf.d/aws-sg.conf create mode 100644 src/conf.d/update-dns-r53.conf diff --git a/.gitignore b/.gitignore index 6a6a6a9..fbde737 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,5 @@ src/update.d/* src/aws/* !src/aws/.do-not-delete -src/conf.d/* !src/conf.d/.do-not-delete diff --git a/README.md b/README.md index 82d418d..b124290 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,85 @@ # dynamic-ip -Dynamic IP automation tool. - -A bash script that detects ipv4 and ipv6 IP's and automates running agents to handle them. Comes with agents to work with AWS Route53 and AWS Security Groups, but can work with anything. \ No newline at end of file +Dynamic IP automation tool. + +A bash script that detects ipv4 and ipv6 IP's and automates running agents to handle them. Comes with agents to work with AWS Route53 and AWS Security Groups, but can work with anything. + +# About + +This tool detects and runs agents upon detection of changes of both IPv4 and IPv6 IP addresses. These agents can do a number of things, including update DNS records, setup a firewall to adjust changes, or practically anything you want. + +I wrote this because I wanted a reliable means to handle being on a dynamic IP, but wanted the security of having the ability to update DNS records quickly, accurately, while also updating firewall rules such as with AWS Security Groups, Shorewall, etc, all automatically. + +# Installation + +This can be installed as root or as a regular non-root user. The instructions below will be assuming root, and on a system using systemd for init. + +## For root: + +``` +mkdir /etc/dynamic-ip +rsync -avhHi src/ /etc/dynamic-ip/ +cp init/dynamic-ip.timer init/dynamic-ip.target init/update-*.service /etc/systemd/system/ +cp init/dynamic-ip.sysconfig /etc/sysconfig/dynamic-ip +systemctl daemon-reload +``` + +Edit /etc/sysconfig/dynamic-ip and set the DOMAIN_NAME to the domain of filename you wish. + +## For user: + +``` +mkdir ~/.dynamic-ip +rsync -avhHi src/ ~/.dynamic-ip/ +mkdir -p ~/.config/systemd/user/ +cp init/dynamic-ip.timer init/dinamic-ip.target init/update-*.service ~/.config/systemd/user/ +cp init/dynamic-ip.sysconfig ~/.dynamic-ip/config +``` + +Edit the ~/.config/systemd/user/update-ipv4.service and ~/.config/systemd/user/update-ipv6.service files and change EnvironmentFile to: + +``` +EnvironmentFile=$HOME/.dynamic-ip/config +``` + +Then edit $HOME/.dynamic-ip/config and set DOMAIN_NAME to the domain or filename you wish. + + +# Service and Timers + +To configure the automated service portion of this, the services need to know what domain, or what domain file to use for it. That is defined in the domain-ip sysconfig file. + +dynamic-ip can either take single domain name on the command-line, or a file of domain names listed per each line as the domains. In the sysconfig file you can define either, and dynamic-ip will auto-detect whether it's a file, if not, treat it as a domain name. + +Once everything is configured, you can enable the services as follows: + +## For root: + +``` +systemctl enable --now dynamic-ip.timer +systemctl enable update-ipv4.service +systemctl enable update-ipv6.service +``` + +This will enable and start the timer, and enable the services for the dynamic-ip.target. + +## For user: + +``` +systemctl --user enable --now dynamic-ip.timer +systemctl --user enable update-ipv4.service +systemctl --user enable update-ipv6.service +``` + +This will enable and start the timer, and enable the services for the dynamic-ip.target for your user account. + +# Agents + +The agents included work with Route53 and AWS Security Groups. Though you can use these as baselines for creating any other kind of agents for your own needs, these agents are fully functional for the purposes they were designed as-is. + +update-dns-r53 is designed to use cli53, a golang utility, to deal with Route53 DNS record updates. I chose this because it was the fastest and most reliable I'd seen, and could work with ZoneID's directly which can be important, especially when you have internal zones and external zones in Route53. + +To configure it, you need to define your configuration in dynamic-ip's aws/config and aws/credentials for cli53 to use. And in conf.d/ you can configure, using the same name as update-dns-r53.conf, or you can use the exact name you link in update.d/, dynamic-ip reads the global one first, which is the same name plus .conf at the end, of the agent's original filename, and then if it exists, the linked name that was actually executed plus .conf at the end from the conf.d directory, so you can have multiple configurations as needed. + +update-dns-r53 uses agent_update_dns_r53_id for the ZoneID or ZoneName. +aws-sg uses agent_aws_sg_id for the SGID. diff --git a/src/conf.d/aws-sg.conf b/src/conf.d/aws-sg.conf new file mode 100644 index 0000000..f4e6304 --- /dev/null +++ b/src/conf.d/aws-sg.conf @@ -0,0 +1,4 @@ +# This is for the AWS Security Group ID to manipulate. Generally starts with sg-. + +#agent_aws_sg_id= + diff --git a/src/conf.d/update-dns-r53.conf b/src/conf.d/update-dns-r53.conf new file mode 100644 index 0000000..42d79e7 --- /dev/null +++ b/src/conf.d/update-dns-r53.conf @@ -0,0 +1,6 @@ +# This can be the ZoneID, or Domain Name. If you have multiple zones (internal +# & external) with the same domain, it's recommended to use the ZoneID to +# precisely target that zone specifically. + +#agent_update_dns_r53_id= +