freifunk/puppet-ff_gw
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initial commit

Browse source
This commit is contained in:
Martin Schuette 2014-03-31 23:18:29 +02:00
commit a363bde348
15 changed files with 1189 additions and 0 deletions
files
etc
iptables
rules.v4
openvpn
mullvad.conf
root/bin
autoupdate_fastd_keys.sh
usr
local/bin
check_gateway
share/munin/plugins
udp-statisticsvnstat_

26
files/etc/iptables/rules.v4 Normal file
View file

@ -0,0 +1,26 @@
# Generated by iptables-save v1.4.14 on Sun Mar 24 14:14:50 2013
*filter
:INPUT ACCEPT [273:40363]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [194:28568]
COMMIT
# Completed on Mon Mar 25 19:41:40 2013
# Generated by iptables-save v1.4.14 on Mon Mar 25 19:41:40 2013
*mangle
:PREROUTING ACCEPT [286:41734]
:INPUT ACCEPT [273:40363]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [194:28568]
:POSTROUTING ACCEPT [194:28568]
-A PREROUTING -i br-ffhh -j MARK --set-xmark 0x1/0xffffffff
COMMIT
# Completed on Mon Mar 25 19:41:40 2013
# Generated by iptables-save v1.4.14 on Mon Mar 25 19:41:40 2013
*nat
:PREROUTING ACCEPT [15:1459]
:INPUT ACCEPT [2:88]
:OUTPUT ACCEPT [1:74]
:POSTROUTING ACCEPT [1:74]
-A POSTROUTING -o mullvad -j MASQUERADE
COMMIT
# Completed on Mon Mar 25 19:41:40 2013

45
files/etc/openvpn/mullvad.conf Normal file
View file

@ -0,0 +1,45 @@
client
dev mullvad
dev-type tun
proto udp
remote nl.mullvad.net # Servers in the Netherlands
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Enable compression on the VPN link.
comp-lzo
# Set log file verbosity.
verb 3
remote-cert-tls server
ping-restart 60
# Allow calling of built-in executables and user-defined scripts.
script-security 2
# Parses DHCP options from openvpn to update resolv.conf
route-noexec
up /etc/openvpn/mullvad/mullvad-up
ping 10
ca /etc/openvpn/mullvad/ca.crt
cert /etc/openvpn/mullvad/client.crt
key /etc/openvpn/mullvad/client.key

35
files/root/bin/autoupdate_fastd_keys.sh Normal file
View file

@ -0,0 +1,35 @@
#!/bin/bash
# Simple script to update fastd peers from git upstream
# and only send HUP to fastd when changes happend.
# CONFIGURE THIS TO YOUR PEER DIRECTORY
FASTD_PEERS=/etc/fastd/ffhh-mesh-vpn/peers
function getCurrentVersion() {
# Get hash from latest revision
git log --format=format:%H -1
}
cd $FASTD_PEERS
# Get current version hash
GIT_REVISION=$(getCurrentVersion)
# Automagically commit local changes
# This preserves local changes
git commit -m "CRON: auto commit"
# Pull latest changes from upstream
git fetch
git merge origin/master -m "Auto Merge"
# Get new version hash
GIT_NEW_REVISION=$(getCurrentVersion)
if [ $GIT_REVISION != $GIT_NEW_REVISION ]
then
# Version has changed we need to update
echo "Reload fastd peers"
kill -HUP $(pidof fastd)
fi

22
files/usr/local/bin/check_gateway Normal file
View file

@ -0,0 +1,22 @@
#!/bin/bash
INTERFACE=mullvad
shopt -s nullglob
ping -q -I $INTERFACE 8.8.8.8 -c 4 -i 1 -W 5 >/dev/null 2>&1
if test $? -eq 0; then
NEW_STATE=server
else
NEW_STATE=off
fi
for MESH in /sys/class/net/*/mesh; do
OLD_STATE="$(cat $MESH/gw_mode)"
[ "$OLD_STATE" == "$NEW_STATE" ] && continue
echo $NEW_STATE > $MESH/gw_mode
echo 54MBit/54MBit > $MESH/gw_bandwidth
logger "batman gateway mode changed to $NEW_STATE"
done
# vim: noai:ts=4:sw=4:ff=unix:ft=text:fdm=marker

40
files/usr/share/munin/plugins/udp-statistics Normal file
View file

@ -0,0 +1,40 @@
#!/usr/bin/perl -w
if ( $ARGV[0] ) {
if ( $ARGV[0] eq 'autoconf' ) {
if ( -r '/bin/netstat') {
print "yes\n";
exit 0;
}
print "no\n";
exit 0;
} elsif ( $ARGV[0] eq 'config' ) {
print <<EOM;
graph_title UDP Statistics
graph_args --base 1000 -l 0
graph_vlabel Packets/\${graph_period}
graph_category network
received.label Received
received.draw AREA
received.type DERIVE
received.min 0
errors.label Errors
errors.draw LINE1
errors.type DERIVE
errors.min 0
sent.label Sent
sent.draw LINE1
sent.type DERIVE
sent.min 0
EOM
exit 0;
}
}
@netstat = qx{/bin/netstat -us | awk '/packets sent/ \{ print "sent.value " \$1 \}
/packets received/ \{ print "received.value " \$1 \}
/packet receive errors/ \{ print "errors.value " \$1 \}'};
print @netstat;

132
files/usr/share/munin/plugins/vnstat_ Normal file
View file

@ -0,0 +1,132 @@
#!/bin/bash
# Munin plugin which reads the hourly, daily and monthly bandwidth usage.
#
# (c) 2011 Bram Schoenmakers <me@bramschoenmakers.nl>
#%# family=contrib
#%# capabilities=autoconf
# par1 message
error() {
[ $# = 1 ] && echo "$1" >&2
exit 1
}
# par1: "hourly", "daily" or "monthly"
# par2: "tx" or "rx"
getBandwidth() {
[ $# != 2 ] && exit 1
local FIELD=-1
[ $2 = "rx" ] && FIELD=4
[ $2 = "tx" ] && FIELD=5
[ "$FIELD" -eq -1 ] && exit 1
local DATA=$(echo "$VNSTAT" | grep "^${1:0:1};0")
local MIB=$(echo "$DATA" | cut -d ';' -f $FIELD)
local KIB=$(echo "$DATA" | cut -d ';' -f $(( $FIELD + 2 )) )
echo "scale=3; $MIB + ( $KIB / 1024 )" | bc
}
# par1: "hourly", "daily" or "monthly"
# par2: value so far
getEstimate() {
[ $# != 2 ] && exit 1
case "$1" in
"hourly")
local MINUTESPASSED=$(( $( date +%M ) ))
local MINUTESTOTAL=60
;;
"daily")
local MINUTESPASSED=$( echo "$( date +%H ) * 60 + $( date +%M )" | bc )
local MINUTESTOTAL=1440
;;
"monthly")
local MINUTESPASSED=$( echo "( $( date +%d ) - 1 ) * 1440 + $( date +%H ) * 60 + $( date +%M )" | bc )
local DAYSINMONTH=$(date -d "$(date +%Y)-$(($(date +%-m)+1))-01 -1 day" +%d)
local MINUTESTOTAL=$(( $DAYSINMONTH * 1440 ))
;;
esac
echo "scale=1; $MINUTESTOTAL * $2 / $MINUTESPASSED" | bc
}
PARAMS=${0#*vnstat_}
INTERFACE=$(echo "$PARAMS" | cut -d _ -f 1) # eth0
PERIOD=$(echo "$PARAMS" | cut -d _ -f 2) # hourly, daily, monthly
DIRECTION=$(echo "$PARAMS" | cut -d _ -f 3) # rx or tx
# determine whether estimates should be shown
[ \( "${estimate:-0}" = 1 \) -o \( "${estimate:-0}" = "yes" \) -o \( "${estimate:-0}" = "true" \) ] && ESTIMATE=1 || ESTIMATE=0
# sanity checks
[ "$PERIOD" = "hourly" ] || [ "$PERIOD" = "daily" ] || [ "$PERIOD" = "monthly" ] || error "Invalid period."
[ "$DIRECTION" = "rx" ] || [ "$DIRECTION" = "tx" ] || [ "$DIRECTION" = "total" ] || [ "$DIRECTION" = "rxtx" ] || error "Invalid direction."
case "$1" in
config)
echo graph_category network
echo graph_vlabel MiB
PERIODSTRING=${PERIOD%ly}
PERIODSTRING=${PERIODSTRING/dai/day}
if [ "$DIRECTION" = "rxtx" ]; then
echo "graph_title Network bandwidth for $INTERFACE ($PERIOD, rx and tx)"
echo value.label rx
echo value2.label tx
# show estimates
if [ $ESTIMATE -eq 1 ]; then
echo "estimate.label rx estimate for this $PERIODSTRING"
echo "estimate2.label tx estimate for this $PERIODSTRING"
fi
else
echo "graph_title Network bandwidth for $INTERFACE ($PERIOD, $DIRECTION)"
echo value.label $DIRECTION
[ $ESTIMATE -eq 1 ] && echo "estimate.label estimate for this ${PERIODSTRING}"
fi
exit 0;;
autoconf)
if ! which vnstat > /dev/null; then
echo "no (vnstat unavailable)"
elif ! which bc > /dev/null; then
echo "no (bc unavailable)"
else
echo yes
fi
exit 0
;;
esac
VNSTAT=$(vnstat -i $INTERFACE --dumpdb)
if [ "$DIRECTION" = "total" ] || [ "$DIRECTION" = "rxtx" ]; then
VALUE1=$(getBandwidth $PERIOD rx)
[ $? = 1 ] && error "Could not obtain data."
VALUE2=$(getBandwidth $PERIOD tx)
[ $? = 1 ] && error "Could not obtain data."
[ "$DIRECTION" = "total" ] && VALUE1=$( echo "scale=3; $VALUE1 + $VALUE2" | bc )
else
VALUE1=$(getBandwidth $PERIOD $DIRECTION)
[ $? = 1 ] && error "Could not obtain data."
fi
if [ "$DIRECTION" = "rxtx" ]; then
echo value.value $VALUE1
echo value2.value $VALUE2
if [ "$ESTIMATE" -eq 1 ]; then
echo estimate.value $(getEstimate $PERIOD $VALUE1)
echo estimate2.value $(getEstimate $PERIOD $VALUE2)
fi
else
echo value.value $VALUE1
[ "$ESTIMATE" -eq 1 ] && echo estimate.value $(getEstimate $PERIOD $VALUE1)
fi