Change to select

2024-09-03 20:06:10 +02:00 · 2022-10-11 18:01:56 +00:00 · 2022-10-11 18:01:56 +00:00 · 029c3b7686
commit 029c3b7686
parent ea20b1581d
7 changed files with 20 additions and 17 deletions
--- a/share/config_global.toml
+++ b/share/config_global.toml
@ -163,6 +163,9 @@ name = "Other"

    [misc.network]
    name = "Network"
-        [misc.network.network_ipv6_only]
-        type = "boolean"
-        default = false
+        [misc.network.dns_exposure]
+        type = "select"
+        choices.both = "Both"
+        choices.ipv4 = "IPv4 Only"
+        choices.ipv6 = "IPv6 Only"
+        default = "both"
--- a/src/diagnosers/10-ip.py
+++ b/src/diagnosers/10-ip.py
@ -122,7 +122,7 @@ class MyDiagnoser(Diagnoser):
        yield dict(
            meta={"test": "ipv4"},
            data={"global": ipv4, "local": get_local_ip("ipv4")},
-            status="SUCCESS" if ipv4 else "WARNING" if settings_get("network_ipv6_only") else "ERROR",
+            status="SUCCESS" if ipv4 else "ERROR" if settings_get("dns_exposure") == "ipv4" else "WARNING",
            summary="diagnosis_ip_connected_ipv4" if ipv4 else "diagnosis_ip_no_ipv4",
            details=["diagnosis_ip_global", "diagnosis_ip_local"] if ipv4 else None,
        )
@ -130,7 +130,7 @@ class MyDiagnoser(Diagnoser):
        yield dict(
            meta={"test": "ipv6"},
            data={"global": ipv6, "local": get_local_ip("ipv6")},
-            status="SUCCESS" if ipv6 else "ERROR" if settings_get("network_ipv6_only") else "WARNING",
+            status="SUCCESS" if ipv6 else "ERROR" if settings_get("dns_exposure") == "ipv6" else "WARNING",
            summary="diagnosis_ip_connected_ipv6" if ipv6 else "diagnosis_ip_no_ipv6",
            details=["diagnosis_ip_global", "diagnosis_ip_local"]
            if ipv6
--- a/src/diagnosers/14-ports.py
+++ b/src/diagnosers/14-ports.py
@ -47,7 +47,7 @@ class MyDiagnoser(Diagnoser):

        ipversions = []
        ipv4 = Diagnoser.get_cached_report("ip", item={"test": "ipv4"}) or {}
-        if ipv4.get("status") == "SUCCESS" and not settings_get("network_ipv6_only"):
+        if ipv4.get("status") == "SUCCESS" or not settings_get("dns_exposure") == "ipv6":
            ipversions.append(4)

        # To be discussed: we could also make this check dependent on the
@ -121,7 +121,7 @@ class MyDiagnoser(Diagnoser):
                        for record in dnsrecords.get("items", [])
                    )

-                if failed == 4 and not settings_get("network_ipv6_only") or ipv6_is_important():
+                if failed == 4 and not settings_get("dns_exposure") == "ipv6" or ipv6_is_important():
                    yield dict(
                        meta={"port": port},
                        data={
--- a/src/diagnosers/21-web.py
+++ b/src/diagnosers/21-web.py
@ -77,7 +77,7 @@ class MyDiagnoser(Diagnoser):

        ipversions = []
        ipv4 = Diagnoser.get_cached_report("ip", item={"test": "ipv4"}) or {}
-        if ipv4.get("status") == "SUCCESS" and not settings_get("network_ipv6_only"):
+        if ipv4.get("status") == "SUCCESS" and not settings_get("dns_exposure") == "ipv6":
            ipversions.append(4)

        # To be discussed: we could also make this check dependent on the
@ -97,7 +97,7 @@ class MyDiagnoser(Diagnoser):
        # "curl --head the.global.ip" will simply timeout...
        if self.do_hairpinning_test:
            global_ipv4 = ipv4.get("data", {}).get("global", None)
-            if global_ipv4 and not settings_get("network_ipv6_only"):
+            if global_ipv4 and settings_get("dns_exposure") != "ipv6":
                try:
                    requests.head("http://" + global_ipv4, timeout=5)
                except requests.exceptions.Timeout:
@ -148,7 +148,7 @@ class MyDiagnoser(Diagnoser):
            if all(
                results[ipversion][domain]["status"] == "ok" for ipversion in ipversions
            ):
-                if 4 in ipversions and not settings_get("network_ipv6_only"):
+                if 4 in ipversions and settings_get("dns_exposure") != "ipv6":
                    self.do_hairpinning_test = True
                yield dict(
                    meta={"domain": domain},
@ -186,7 +186,7 @@ class MyDiagnoser(Diagnoser):
                    )
                    AAAA_status = dnsrecords.get("data", {}).get("AAAA:@")

-                    return AAAA_status in ["OK", "WRONG"] or settings_get("network_ipv6_only")
+                    return AAAA_status in ["OK", "WRONG"] or settings_get("dns_exposure") != "ipv4"

                if failed == 4 or ipv6_is_important_for_this_domain():
                    yield dict(
--- a/src/diagnosers/24-mail.py
+++ b/src/diagnosers/24-mail.py
@ -302,13 +302,13 @@ class MyDiagnoser(Diagnoser):
        outgoing_ipversions = []
        outgoing_ips = []
        ipv4 = Diagnoser.get_cached_report("ip", {"test": "ipv4"}) or {}
-        if ipv4.get("status") == "SUCCESS" and not settings_get("network_ipv6_only"):
+        if ipv4.get("status") == "SUCCESS" and settings_get("dns_exposure") != "ipv6":
            outgoing_ipversions.append(4)
            global_ipv4 = ipv4.get("data", {}).get("global", {})
            if global_ipv4:
                outgoing_ips.append(global_ipv4)

-        if settings_get("email.smtp.smtp_allow_ipv6") or settings_get("network_ipv6_only"):
+        if settings_get("email.smtp.smtp_allow_ipv6") or settings_get("dns_exposure") != "ipv4":
            ipv6 = Diagnoser.get_cached_report("ip", {"test": "ipv6"}) or {}
            if ipv6.get("status") == "SUCCESS":
                outgoing_ipversions.append(6)
--- a/src/dns.py
+++ b/src/dns.py
@ -186,7 +186,7 @@ def _build_dns_conf(base_domain, include_empty_AAAA_if_no_ipv6=False):
        ###########################
        # Basic ipv4/ipv6 records #
        ###########################
-        if ipv4 and not settings_get("network_ipv6_only"):
+        if ipv4 and not settings_get("dns_exposure") == "ipv6":
            basic.append([basename, ttl, "A", ipv4])

        if ipv6:
@ -241,7 +241,7 @@ def _build_dns_conf(base_domain, include_empty_AAAA_if_no_ipv6=False):

        # Only recommend wildcard and CAA for the top level
        if domain == base_domain:
-            if ipv4 and not settings_get("network_ipv6_only"):
+            if ipv4 and settings_get("dns_exposure") != "ipv6":
                extra.append([f"*{suffix}", ttl, "A", ipv4])

            if ipv6:
--- a/src/settings.py
+++ b/src/settings.py
@ -310,7 +310,7 @@ def regen_ssowatconf(setting_name, old_value, new_value):
@post_change_hook("nginx_compatibility")
@post_change_hook("webadmin_allowlist_enabled")
@post_change_hook("webadmin_allowlist")
-@post_change_hook("network_ipv6_only")
+@post_change_hook("dns_exposure")
 def reconfigure_nginx(setting_name, old_value, new_value):
    if old_value != new_value:
        regen_conf(names=["nginx"])
@ -342,7 +342,7 @@ def reconfigure_ssh_and_fail2ban(setting_name, old_value, new_value):
@post_change_hook("smtp_relay_user")
@post_change_hook("smtp_relay_password")
@post_change_hook("postfix_compatibility")
-@post_change_hook("network_ipv6_only")
+@post_change_hook("dns_exposure")
 def reconfigure_postfix(setting_name, old_value, new_value):
    if old_value != new_value:
        regen_conf(names=["postfix"])