From ea20b1581d6998ed6aa8d6c9cd6c8fc5d8b3cb9a Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Sat, 26 Mar 2022 14:11:37 +0000 Subject: [PATCH] enh: ipv6 only global setting --- share/config_global.toml | 6 ++++++ src/diagnosers/10-ip.py | 5 +++-- src/diagnosers/14-ports.py | 5 +++-- src/diagnosers/21-web.py | 9 +++++---- src/diagnosers/24-mail.py | 5 +++-- src/dns.py | 5 +++-- src/settings.py | 2 ++ 7 files changed, 25 insertions(+), 12 deletions(-) diff --git a/share/config_global.toml b/share/config_global.toml index 1f3cc1b39..405157c5f 100644 --- a/share/config_global.toml +++ b/share/config_global.toml @@ -160,3 +160,9 @@ name = "Other" [misc.backup.backup_compress_tar_archives] type = "boolean" default = false + + [misc.network] + name = "Network" + [misc.network.network_ipv6_only] + type = "boolean" + default = false diff --git a/src/diagnosers/10-ip.py b/src/diagnosers/10-ip.py index b2bedc802..098bd569c 100644 --- a/src/diagnosers/10-ip.py +++ b/src/diagnosers/10-ip.py @@ -28,6 +28,7 @@ from moulinette.utils.filesystem import read_file from yunohost.diagnosis import Diagnoser from yunohost.utils.network import get_network_interfaces +from yunohost.settings import settings_get logger = log.getActionLogger("yunohost.diagnosis") @@ -121,7 +122,7 @@ class MyDiagnoser(Diagnoser): yield dict( meta={"test": "ipv4"}, data={"global": ipv4, "local": get_local_ip("ipv4")}, - status="SUCCESS" if ipv4 else "ERROR", + status="SUCCESS" if ipv4 else "WARNING" if settings_get("network_ipv6_only") else "ERROR", summary="diagnosis_ip_connected_ipv4" if ipv4 else "diagnosis_ip_no_ipv4", details=["diagnosis_ip_global", "diagnosis_ip_local"] if ipv4 else None, ) @@ -129,7 +130,7 @@ class MyDiagnoser(Diagnoser): yield dict( meta={"test": "ipv6"}, data={"global": ipv6, "local": get_local_ip("ipv6")}, - status="SUCCESS" if ipv6 else "WARNING", + status="SUCCESS" if ipv6 else "ERROR" if settings_get("network_ipv6_only") else "WARNING", summary="diagnosis_ip_connected_ipv6" if ipv6 else "diagnosis_ip_no_ipv6", details=["diagnosis_ip_global", "diagnosis_ip_local"] if ipv6 diff --git a/src/diagnosers/14-ports.py b/src/diagnosers/14-ports.py index 5671211b5..0ca39a42c 100644 --- a/src/diagnosers/14-ports.py +++ b/src/diagnosers/14-ports.py @@ -21,6 +21,7 @@ from typing import List from yunohost.diagnosis import Diagnoser from yunohost.service import _get_services +from yunohost.settings import settings_get class MyDiagnoser(Diagnoser): @@ -46,7 +47,7 @@ class MyDiagnoser(Diagnoser): ipversions = [] ipv4 = Diagnoser.get_cached_report("ip", item={"test": "ipv4"}) or {} - if ipv4.get("status") == "SUCCESS": + if ipv4.get("status") == "SUCCESS" and not settings_get("network_ipv6_only"): ipversions.append(4) # To be discussed: we could also make this check dependent on the @@ -120,7 +121,7 @@ class MyDiagnoser(Diagnoser): for record in dnsrecords.get("items", []) ) - if failed == 4 or ipv6_is_important(): + if failed == 4 and not settings_get("network_ipv6_only") or ipv6_is_important(): yield dict( meta={"port": port}, data={ diff --git a/src/diagnosers/21-web.py b/src/diagnosers/21-web.py index 4a69895b2..bdba89f78 100644 --- a/src/diagnosers/21-web.py +++ b/src/diagnosers/21-web.py @@ -26,6 +26,7 @@ from moulinette.utils.filesystem import read_file, mkdir, rm from yunohost.diagnosis import Diagnoser from yunohost.domain import domain_list from yunohost.utils.dns import is_special_use_tld +from yunohost.settings import settings_get DIAGNOSIS_SERVER = "diagnosis.yunohost.org" @@ -76,7 +77,7 @@ class MyDiagnoser(Diagnoser): ipversions = [] ipv4 = Diagnoser.get_cached_report("ip", item={"test": "ipv4"}) or {} - if ipv4.get("status") == "SUCCESS": + if ipv4.get("status") == "SUCCESS" and not settings_get("network_ipv6_only"): ipversions.append(4) # To be discussed: we could also make this check dependent on the @@ -96,7 +97,7 @@ class MyDiagnoser(Diagnoser): # "curl --head the.global.ip" will simply timeout... if self.do_hairpinning_test: global_ipv4 = ipv4.get("data", {}).get("global", None) - if global_ipv4: + if global_ipv4 and not settings_get("network_ipv6_only"): try: requests.head("http://" + global_ipv4, timeout=5) except requests.exceptions.Timeout: @@ -147,7 +148,7 @@ class MyDiagnoser(Diagnoser): if all( results[ipversion][domain]["status"] == "ok" for ipversion in ipversions ): - if 4 in ipversions: + if 4 in ipversions and not settings_get("network_ipv6_only"): self.do_hairpinning_test = True yield dict( meta={"domain": domain}, @@ -185,7 +186,7 @@ class MyDiagnoser(Diagnoser): ) AAAA_status = dnsrecords.get("data", {}).get("AAAA:@") - return AAAA_status in ["OK", "WRONG"] + return AAAA_status in ["OK", "WRONG"] or settings_get("network_ipv6_only") if failed == 4 or ipv6_is_important_for_this_domain(): yield dict( diff --git a/src/diagnosers/24-mail.py b/src/diagnosers/24-mail.py index 88d6a8259..536f870b3 100644 --- a/src/diagnosers/24-mail.py +++ b/src/diagnosers/24-mail.py @@ -31,6 +31,7 @@ from yunohost.diagnosis import Diagnoser from yunohost.domain import _get_maindomain, domain_list from yunohost.settings import settings_get from yunohost.utils.dns import dig +from yunohost.settings import settings_get DEFAULT_DNS_BLACKLIST = "/usr/share/yunohost/dnsbl_list.yml" @@ -301,13 +302,13 @@ class MyDiagnoser(Diagnoser): outgoing_ipversions = [] outgoing_ips = [] ipv4 = Diagnoser.get_cached_report("ip", {"test": "ipv4"}) or {} - if ipv4.get("status") == "SUCCESS": + if ipv4.get("status") == "SUCCESS" and not settings_get("network_ipv6_only"): outgoing_ipversions.append(4) global_ipv4 = ipv4.get("data", {}).get("global", {}) if global_ipv4: outgoing_ips.append(global_ipv4) - if settings_get("email.smtp.smtp_allow_ipv6"): + if settings_get("email.smtp.smtp_allow_ipv6") or settings_get("network_ipv6_only"): ipv6 = Diagnoser.get_cached_report("ip", {"test": "ipv6"}) or {} if ipv6.get("status") == "SUCCESS": outgoing_ipversions.append(6) diff --git a/src/dns.py b/src/dns.py index 1c6b99cf0..cc7ebd7e7 100644 --- a/src/dns.py +++ b/src/dns.py @@ -38,6 +38,7 @@ from yunohost.domain import ( from yunohost.utils.dns import dig, is_yunohost_dyndns_domain, is_special_use_tld from yunohost.utils.error import YunohostValidationError, YunohostError from yunohost.utils.network import get_public_ip +from yunohost.settings import settings_get from yunohost.log import is_unit_operation from yunohost.hook import hook_callback @@ -185,7 +186,7 @@ def _build_dns_conf(base_domain, include_empty_AAAA_if_no_ipv6=False): ########################### # Basic ipv4/ipv6 records # ########################### - if ipv4: + if ipv4 and not settings_get("network_ipv6_only"): basic.append([basename, ttl, "A", ipv4]) if ipv6: @@ -240,7 +241,7 @@ def _build_dns_conf(base_domain, include_empty_AAAA_if_no_ipv6=False): # Only recommend wildcard and CAA for the top level if domain == base_domain: - if ipv4: + if ipv4 and not settings_get("network_ipv6_only"): extra.append([f"*{suffix}", ttl, "A", ipv4]) if ipv6: diff --git a/src/settings.py b/src/settings.py index d9ea600a4..f52574785 100644 --- a/src/settings.py +++ b/src/settings.py @@ -310,6 +310,7 @@ def regen_ssowatconf(setting_name, old_value, new_value): @post_change_hook("nginx_compatibility") @post_change_hook("webadmin_allowlist_enabled") @post_change_hook("webadmin_allowlist") +@post_change_hook("network_ipv6_only") def reconfigure_nginx(setting_name, old_value, new_value): if old_value != new_value: regen_conf(names=["nginx"]) @@ -341,6 +342,7 @@ def reconfigure_ssh_and_fail2ban(setting_name, old_value, new_value): @post_change_hook("smtp_relay_user") @post_change_hook("smtp_relay_password") @post_change_hook("postfix_compatibility") +@post_change_hook("network_ipv6_only") def reconfigure_postfix(setting_name, old_value, new_value): if old_value != new_value: regen_conf(names=["postfix"])