mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-10 02:38:10 +02:00
Kevin Veen-Birkenbach
59b652958f
Introduced new variable HEALTH_CSP_IGNORE_NETWORK_BLOCKS_FROM (list, default []) to suppress network block reports (e.g., ORB) from specific external domains. Updated script.py to accept and forward the flag, extended systemd exec command in tasks, added defaults, and documented usage in README. Ref: https://chatgpt.com/share/68dfc69b-7c94-800f-871b-3525deb8e374
77 lines
2.1 KiB
Python
77 lines
2.1 KiB
Python
#!/usr/bin/env python3
|
|
|
|
import os
|
|
import re
|
|
import subprocess
|
|
import sys
|
|
import argparse
|
|
|
|
def extract_domains(config_path):
|
|
"""
|
|
Extracts domain names from .conf filenames in the given directory.
|
|
"""
|
|
domain_pattern = re.compile(r'^([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}\.conf$')
|
|
try:
|
|
return [
|
|
fn[:-5]
|
|
for fn in os.listdir(config_path)
|
|
if fn.endswith(".conf") and domain_pattern.match(fn)
|
|
]
|
|
except FileNotFoundError:
|
|
print(f"Directory {config_path} not found.", file=sys.stderr)
|
|
return None
|
|
|
|
def run_checkcsp(domains, ignore_network_blocks_from):
|
|
"""
|
|
Executes the 'checkcsp' command with the given domains and optional ignores.
|
|
"""
|
|
cmd = ["checkcsp", "start", "--short"]
|
|
|
|
# pass through ignore list only if not empty
|
|
if ignore_network_blocks_from:
|
|
cmd.append("--ignore-network-blocks-from")
|
|
cmd.extend(ignore_network_blocks_from)
|
|
|
|
cmd += domains
|
|
|
|
try:
|
|
result = subprocess.run(cmd, check=True)
|
|
return result.returncode
|
|
except subprocess.CalledProcessError as e:
|
|
print(f"'checkcsp' reported issues (exit code {e.returncode})", file=sys.stderr)
|
|
return e.returncode
|
|
except Exception as e:
|
|
print(f"Unexpected error: {e}", file=sys.stderr)
|
|
return 1
|
|
|
|
def main():
|
|
parser = argparse.ArgumentParser(
|
|
description="Extract domains from NGINX and run checkcsp against them"
|
|
)
|
|
parser.add_argument(
|
|
"--nginx-config-dir",
|
|
required=True,
|
|
help="Directory containing NGINX .conf files"
|
|
)
|
|
parser.add_argument(
|
|
"--ignore-network-blocks-from",
|
|
nargs="*",
|
|
default=[],
|
|
help="Optional: one or more domains whose network block failures should be ignored"
|
|
)
|
|
args = parser.parse_args()
|
|
|
|
domains = extract_domains(args.nginx_config_dir)
|
|
if domains is None:
|
|
sys.exit(1)
|
|
|
|
if not domains:
|
|
print("No domains found to check.")
|
|
sys.exit(0)
|
|
|
|
rc = run_checkcsp(domains, args.ignore_network_blocks_from)
|
|
sys.exit(rc)
|
|
|
|
if __name__ == "__main__":
|
|
main()
|