1 # The software in this package is distributed under the GNU General
2 # Public License version 2 (with a special exception described below).
4 # A copy of GNU General Public License (GPL) is included in this distribution,
5 # in the file COPYING.GPL.
7 # As a special exception, if other files instantiate templates or use macros
8 # or inline functions from this file, or you compile this file and link it
9 # with other works to produce a work based on this file, this file
10 # does not by itself cause the resulting work to be covered
11 # by the GNU General Public License.
13 # However the source code for this file must still be made available
14 # in accordance with section (3) of the GNU General Public License.
16 # This exception does not invalidate any other reasons why a work based
17 # on this file might be covered by the GNU General Public License.
19 # Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com>
24 ------------------------------------------------------
25 Module for one-step dynamic cnfvar generation from default value templates.
27 .. codeauthor:: Intra2net
31 -------------------------------------------------------
32 These templates contain the bare defaults the UI adds upon
33 creation of each major and frequently used cnfvar.
37 ------------------------------------------------------
45 from .model import Cnf, CnfList
48 log = logging.getLogger('pyi2ncommon.cnfvar.templates')
51 ###############################################################################
53 ###############################################################################
56 #: UI defaults for a user instance
60 "USER_GROUPWARE_FOLDER_CALENDAR": "INBOX/Kalender",
61 "USER_GROUPWARE_FOLDER_CONTACTS": "INBOX/Kontakte",
62 "USER_GROUPWARE_FOLDER_DRAFTS": "INBOX/Entwürfe",
63 "USER_GROUPWARE_FOLDER_NOTES": "INBOX/Notizen",
64 "USER_GROUPWARE_FOLDER_OUTBOX": "INBOX/Gesendete Elemente",
65 "USER_GROUPWARE_FOLDER_TASKS": "INBOX/Aufgaben",
66 "USER_GROUPWARE_FOLDER_TRASH": "INBOX/Gelöschte Elemente",
67 # always a member of the 'Alle' group
68 "USER_GROUP_MEMBER_REF": "2",
70 "USER_PASSWORD": "test1234",
71 "USER_TRASH_DELETEDAYS": "30",
72 "USER_WEBMAIL_MESSAGES_PER_PAGE": "25",
73 "USER_WEBMAIL_SIGNATURE": "",
75 #: UI defaults for a group instance
78 "GROUP_ACCESS_GO_ONLINE_ALLOWED": "1",
79 "GROUP_EMAILFILTER_BAN_FILTERLIST_REF": "-1",
80 "GROUP_EMAIL_RELAY_RIGHTS": "RELAY_FROM_INTRANET",
81 "GROUP_PROXY_PROFILE_REF": "1",
83 #: UI defaults for an intraclient instance
84 intraclient_defaults = {
85 "INTRACLIENT_COMMENT": "",
86 "INTRACLIENT_DNS_RELAYING_ALLOWED": "1",
87 "INTRACLIENT_EMAIL_RELAYING_ALLOWED": "1",
88 "INTRACLIENT_FIREWALL_RULESET_REF": "5",
89 "INTRACLIENT_IP": None,
90 "INTRACLIENT_MAC": None,
91 "INTRACLIENT_PROXY_PROFILE_REF": "-1",
93 #: UI defaults for a NIC instance
96 "NIC_DRIVER": "virtio_net",
97 "NIC_MAC": "02:00:00:00:20:00",
100 #: UI defaults for a provider instance
101 provider_defaults = {
102 "PROVIDER_PROXY_SERVER": "",
103 "PROVIDER_PROXY_PORT": "",
104 "PROVIDER_PROXY_PASSWORD": "",
105 "PROVIDER_PROXY_LOGIN": "",
106 "PROVIDER_NIC_REF": "1",
107 "PROVIDER_NETMASK": "255.255.0.0",
108 "PROVIDER_MTU_SIZE": "1500",
109 "PROVIDER_MODE": "ROUTER",
110 "PROVIDER_MAILTRANSFER_MODE": "IMMEDIATE",
111 "PROVIDER_LOCALIP": "",
113 "PROVIDER_FIREWALL_RULESET_REF": "7",
114 "PROVIDER_FALLBACK_TIMEOUT": "60",
115 "PROVIDER_FALLBACK_PROVIDER_REF": "-1",
116 "PROVIDER_EMAIL_RELAY_REF": "-1",
117 "PROVIDER_DYNDNS_WEBCHECKIP": "0",
118 "PROVIDER_DYNDNS_ENABLE": "1",
119 "PROVIDER_DNS_MODE": "ROOT",
121 "PROVIDER_BWIDTH_MANAGEMENT_UPSTREAM_SPEED": "",
122 "PROVIDER_BWIDTH_MANAGEMENT_ENABLE": "0",
123 "PROVIDER_BWIDTH_MANAGEMENT_DOWNSTREAM_SPEED": "",
124 "PROVIDER_PINGCHECK_SERVERLIST_REF": "-2",
126 #: UI defaults for a port forwarding instance
127 port_forwarding_defaults = {
128 "PORT_FORWARDING_DST_IP_REF": "1",
129 "PORT_FORWARDING_DST_PORT": "",
130 "PORT_FORWARDING_DST_PORT_END": "",
131 "PORT_FORWARDING_PROTOCOL_TYPE": "TCP",
132 "PORT_FORWARDING_SRC_PORT": "",
133 "PORT_FORWARDING_SRC_PORT_END": "",
135 #: UI defaults for a firewall ruleset instance
136 firewall_ruleset_defaults = {
137 "FIREWALL_RULESET_PROFILE_TYPE": "FULL",
139 #: UI defaults for a proxy accesslist instance
140 proxy_accesslist_defaults = {
141 "PROXY_ACCESSLIST_ENTRY_COUNT": "123",
142 "PROXY_ACCESSLIST_MODE": "1",
143 "PROXY_ACCESSLIST_SIZETYPE": "1",
144 "PROXY_ACCESSLIST_TYPE": "0",
146 #: UI defaults for a key instance
148 "KEY_OWN_FINGERPRINT_MD5": "76:3B:CF:8E:CB:BF:A5:7D:CC:87:39:FA:CE:99:2E:96",
149 "KEY_OWN_FINGERPRINT_SHA1": "ED:5A:C6:D9:5B:BE:47:1F:B9:4F:CF:A3:80:3B:42:08:F4:00:16:96",
150 "KEY_OWN_ID_X509": "CN=some.net.lan",
151 "KEY_OWN_ISSUER": "CN=ab, C=fd, L=ab, ST=ab, O=ab, OU=ab/emailAddress=ab@ab.com",
152 "KEY_OWN_KEYSIZE": "2048",
153 "KEY_OWN_HASH_ALGO": "SHA2_256",
154 "KEY_OWN_PRIVATE_KEY": "-----BEGIN PRIVATE KEY-----\\nMIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKk" +
155 "ZTzqHXg41RZMiY+ywRZ037pBq8J3BkH\\n-----END PRIVATE KEY-----\\n",
156 "KEY_OWN_PUBLIC_KEY": "-----BEGIN CERTIFICATE-----\\nMIIFCTCCAvGgAwIBAgIEVBGDuTANBgkqhkiG" +
157 "9w0BAQsFADCBgTEPMA0GA1UEAwwG\\n-----END CERTIFICATE-----\\n",
158 "KEY_OWN_REQUEST": "-----BEGIN CERTIFICATE REQUEST-----\\nMIIDCzCCAfMCAQAwIjEgMB4GA1UEAww" +
159 "XaW50cmFkZXYtYWllc\\n-----END CERTIFICATE REQUEST-----\\n",
160 "KEY_OWN_SUBJECT": "CN=some.net.lan",
161 "KEY_OWN_VALIDFROM": "20140911T111257",
162 "KEY_OWN_VALIDTILL": "20160731T134608",
163 "KEY_OWN_TYPE": "SELF",
164 # the ones bellow should be set when using 'generate' to create the key
165 "KEY_OWN_CREATE_CN": "somehost",
166 "KEY_OWN_CREATE_EMAIL": "default@intra2net.com"
168 #: UI defaults for a VPN connection instance
170 "VPNCONN_ACTIVATION": "ALWAYS",
171 "VPNCONN_DISABLED": "0",
172 "VPNCONN_DNS_RELAYING_ALLOWED": "1",
173 "VPNCONN_EMAIL_RELAYING_ALLOWED": "1",
174 "VPNCONN_ENCRYPTION_PROFILE_REF": "0",
175 "VPNCONN_FIREWALL_RULESET_REF": "5",
176 "VPNCONN_IKE_VERSION": "1",
177 "VPNCONN_KEY_FOREIGN_REF": "1",
178 "VPNCONN_KEY_OWN_REF": "1",
179 "VPNCONN_KEY_TYPE": "PUBLIC",
180 "VPNCONN_LAN_NAT_IP": "",
181 "VPNCONN_LAN_NAT_MODE": "UNMODIFIED",
182 "VPNCONN_LAN_NAT_NETWORK": "",
183 "VPNCONN_LAN_NIC_REF": "2",
184 "VPNCONN_LAN_NET": "172.17.0.0",
185 "VPNCONN_LAN_NETMASK": "255.255.0.0",
186 "VPNCONN_LAN_TYPE": "NIC",
187 "VPNCONN_LIFETIME_IKE": "480",
188 "VPNCONN_LIFETIME_IPSECSA": "60",
189 "VPNCONN_OFFLINE_DETECTION_SEC": "60",
190 "VPNCONN_PEER_DNS": "",
191 "VPNCONN_PEER_IP": None,
192 "VPNCONN_PEER_TYPE": "IP",
193 "VPNCONN_PROXY_PROFILE_REF": "-2",
195 "VPNCONN_PSK_FOREIGN_ID": "",
196 "VPNCONN_PSK_FOREIGN_ID_TYPE": "IP",
197 "VPNCONN_PSK_OWN_ID": "",
198 "VPNCONN_PSK_OWN_ID_TYPE": "IP",
199 "VPNCONN_REMOTE_INET_NAT": "1",
200 "VPNCONN_REMOTE_MODECONFIG_IP": "192.168.99.1",
201 "VPNCONN_REMOTE_NAT_ENABLE": "0",
202 "VPNCONN_REMOTE_NAT_NETWORK": "",
203 "VPNCONN_REMOTE_NET": "172.18.0.0",
204 "VPNCONN_REMOTE_NETMASK": "255.255.0.0",
205 "VPNCONN_REMOTE_TYPE": "CUSTOM",
206 "VPNCONN_RETRIES": "3",
207 "VPNCONN_SECURED": "ESP",
208 "VPNCONN_XAUTH_SERVER_ENABLE": "0"
212 ###############################################################################
213 # MINOR CONFIGURATION
214 ###############################################################################
217 def template(name, value, instance=-1, defaults=None, **kwargs):
219 Generate a template cnf variable from provided defaults.
221 :param str name: cnf variable name
222 :param str value: cnf variable data value
223 :param int instance: cnf variable instance number
224 :param defaults: default child variables to populate the cnf variable with
225 :type defaults: {str, str or {}} or None
226 :returns: generated cnf variable
227 :rtype: :py:class:`Cnf`
229 All additional keyword arguments will be used to overwrite the defaults.
231 log.info(f"Generating a template {name} cnfvar")
232 cnf = Cnf(name, value=value, instance=instance)
233 defaults = {} if defaults is None else defaults
234 cnf.add_children(*[(key, value) for key, value in defaults.items()])
235 for key in kwargs.keys():
236 cnf.children.single_with_name(f"{name}_{key}").value = kwargs[key]
240 def user(name, password, instance=-1, **kwargs):
242 Generate a user cnf variable.
244 :param str name: username for the user
245 :param str password: password for the user
246 :param int instance: instance number for the user
247 :returns: generated cnf variable
248 :rtype: :py:class:`Cnf`
250 log.info(f"Generating a user {name} cnfvar")
251 user_cnf = template("user", name, instance=instance, defaults=user_defaults, **kwargs)
252 user_cnf.children.single_with_name("user_fullname").value = name.capitalize()
253 user_cnf.children.single_with_name("user_password").value = password
257 def group(name, instance=-1, **kwargs):
259 Generate a group cnf variable.
261 :param str name: name for the group
262 :param int instance: instance number for the group
263 :returns: generated cnf variable
264 :rtype: :py:class:`Cnf`
266 log.info(f"Generating a group {name} cnfvar")
267 group_cnf = template("group", name, instance=instance, defaults=group_defaults, **kwargs)
271 def nic(instance=-1, **kwargs):
273 Generate a nic cnf variable.
275 :param int instance: instance number for the nic
276 :returns: generated cnf variable
277 :rtype: :py:class:`Cnf`
279 log.info(f"Generating a nic cnfvar")
280 nic_cnf = template("nic", "", instance=instance, defaults=nic_defaults, **kwargs)
284 def intraclient(name, instance=-1, **kwargs):
286 Generate an intraclient cnf variable.
288 :param str name: name for the intraclient
289 :param int instance: instance number for the intraclient
290 :returns: generated cnf variable
291 :rtype: :py:class:`Cnf`
293 log.info(f"Generating an intraclient {name} cnfvar")
294 intraclient_cnf = template("intraclient", name, instance=instance,
295 defaults=intraclient_defaults, **kwargs)
296 return intraclient_cnf
299 def provider(name, ip, dns, instance=-1, **kwargs):
301 Generate a provider cnf variable.
303 :param str name: name for the provider
304 :param str ip: IP address of the provider
305 :param str dns: IP address of the DNS server
306 :param int instance: instance number for the provider
307 :returns: generated cnf variable
308 :rtype: :py:class:`Cnf`
310 log.info(f"Generating a provider {name} cnfvar")
311 provider_cnf = template("provider", name, instance=instance,
312 defaults=provider_defaults, **kwargs)
313 provider_cnf.children.single_with_name("provider_ip").value = ip
314 provider_cnf.children.single_with_name("provider_dns").value = dns
318 def port_forwarding(name, src_port="1234", dst_port="1234", instance=-1, **kwargs):
320 Generate a port forwarding cnf variable.
322 :param str name: name for the port forwarding mapping
323 :param str src_port: forwarded source port
324 :param str dst_port: forwarded destination port
325 :param int instance: instance number for the port forwarding mapping
326 :returns: generated cnf variable
327 :rtype: :py:class:`Cnf`
329 log.info(f"Generating a port forwarding {name} cnfvar")
330 port_forwarding_cnf = template("port_forwarding", name, instance=instance,
331 defaults=port_forwarding_defaults, **kwargs)
332 port_forwarding_cnf.children.single_with_name("port_forwarding_src_port").value = src_port
333 port_forwarding_cnf.children.single_with_name("port_forwarding_dst_port").value = dst_port
334 return port_forwarding_cnf
337 def firewall_ruleset(name, instance=-1, **kwargs):
339 Generate a firewall ruleset cnf variable.
341 :param str name: name for the firewall ruleset
342 :param int instance: instance number for the firewall ruleset
343 :returns: generated cnf variable
344 :rtype: :py:class:`Cnf`
346 log.info(f"Generating a firewall ruleset {name} cnfvar")
347 firewall_ruleset_cnf = template("firewall_ruleset", name, instance=instance,
348 defaults=firewall_ruleset_defaults, **kwargs)
349 return firewall_ruleset_cnf
352 def proxy_accesslist(name, instance=-1, **kwargs):
354 Generate a proxy accesslist cnf variable.
356 :param str name: name for the proxy accesslist
357 :param int instance: instance number for the proxy accesslist
358 :returns: generated cnf variable
359 :rtype: :py:class:`Cnf`
361 log.info(f"Generating a proxy accesslist {name} cnfvar")
362 proxy_accesslist_cnf = template("proxy_accesslist", name, instance=instance,
363 defaults=proxy_accesslist_defaults, **kwargs)
364 return proxy_accesslist_cnf
367 def key_own(name, instance=-1, **kwargs):
369 Generate an own key cnf variable.
371 :param str name: name for the own key
372 :param int instance: instance number for the own key
373 :returns: generated cnf variable
374 :rtype: :py:class:`Cnf`
376 log.info(f"Generating an own key {name} cnfvar")
377 key_own_cnf = template("key_own", name, instance=instance,
378 defaults=key_own_defaults, **kwargs)
382 def vpnconn(name, instance=-1, **kwargs):
384 Generate a vpn connection cnf variable.
386 :param str name: name for the vpn connection
387 :param int instance: instance number for the vpn connection
388 :returns: generated cnf variable
389 :rtype: :py:class:`Cnf`
391 log.info(f"Generating a vpn connection {name} cnfvar")
392 vpnconn_cnf = template("vpnconn", name, instance=instance,
393 defaults=vpnconn_defaults, **kwargs)