freifunk/puppet-ff_gw
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initial commit

Browse source
This commit is contained in:
Martin Schuette 2014-03-31 23:18:29 +02:00
commit a363bde348
15 changed files with 1189 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

143
templates/etc/bird.conf.erb Normal file
View file

@ -0,0 +1,143 @@
router id <%= @own_ipv4 %>;
table ffhh; # BGP Peerings
table ibgp;
table icvpn; # BGP Peerings (ICVPN)
table freifunk; # Kernel table 42 (Routing from Freifunk networks)
function is_freifunk_dn42() {
return (net ~ [
10.0.0.0/8{12,32},
10.100.0.0/14,
172.22.0.0/15+,
172.31.0.0/16
]);
}
function is_freifunk() {
return (net ~ [10.0.0.0/8+]);
}
function is_chaosvpn() {
return (net ~ [172.31.0.0/16+]);
}
function is_self_net() {
return (net ~ [10.112.0.0/16+]);
}
function is_self() {
return (proto = "static_ffhh");
}
function is_dn42_aggregate() {
return (net ~ [172.22.0.0/15{16,32}]);
}
filter ffhh_internal_export {
if (proto = "dn42_aggregate_ffhh" || proto = "local_ffhh") then accept;
if (source != RTS_BGP && proto != "pipe_icvpn") then reject;
if (proto ~ "bgp_ibgp_*") then reject;
if (is_dn42_aggregate()) then reject;
accept;
}
protocol pipe pipe_ffhh {
peer table ffhh;
import all;
export none;
};
protocol pipe pipe_icvpn {
table ffhh;
peer table icvpn;
export where is_self();
import all;
mode opaque;
};
protocol pipe pipe_freifunk {
peer table freifunk;
import none;
export all;
};
protocol pipe pipe_ibgp {
peer table ibgp;
import all;
export where !is_self_net();
mode opaque;
};
protocol kernel kernel_master {
scan time 20;
import none;
export filter {
krt_prefsrc = <%= @own_ipv4 %>;
accept;
};
};
protocol kernel kernel_freifunk {
scan time 20;
import none;
export filter {
krt_prefsrc = <%= @own_ipv4 %>;
accept;
};
table freifunk;
device routes;
kernel table 42;
};
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10; # Scan interfaces every 10 seconds
};
protocol static unreachable_default {
table freifunk;
route 0.0.0.0/0 reject;
};
protocol static static_ffhh {
table ffhh;
route 10.112.0.0/16 reject;
};
protocol static local_ffhh {
table ffhh;
route 10.112.0.0/18 via "freifunk";
};
protocol static dn42_aggregate_ffhh {
table ffhh;
route 172.22.0.0/15 reject;
};
template bgp bgp_ibgp {
local as 65112;
table ibgp;
import filter {
preference = 99;
accept;
};
export all;
gateway direct;
next hop self;
};
template bgp bgp_icvpn {
local as 65112;
table icvpn;
import where (is_freifunk_dn42() && !is_self_net());
export all;
};
<% @peerings_v4.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv4 -%>
protocol bgp <%= key %> from <%= hash["template"] %> {
neighbor <%= hash["ip"] %> as <%= hash["as"] %>;
};
<% end -%><% end -%>

79
templates/etc/bird6.conf.erb Normal file
View file

@ -0,0 +1,79 @@
# managed by puppet
#
# the ff ip of the gateway
router id <%= @own_ipv4 %>;
# routing tables
table ffhh;
# filter to check ulas
function is_ula() {
return (net ~ [ fc00::/7{48,64} ]);
}
function is_self() {
return (proto = "static_ffhh");
}
filter ffhh_internal_export {
if (proto = "local_ffhh") then accept;
if (source != RTS_BGP) then reject;
if (is_ula() && proto != "static_ffhh") then accept;
else reject;
}
# don't use kernel's routes for bird, but export bird's routes to kernel
protocol kernel {
scan time 20; # Scan kernel routing table every 20 seconds
import none; # Default is import all
export all;
}
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
# define our routes
protocol static static_ffhh {
table ffhh;
# reject route if announced from external
route fd51:2bb2:fd0d::/48 reject;
};
protocol static local_ffhh {
table ffhh;
route fd51:2bb2:fd0d::/64 via "br-ffhh";
};
protocol pipe pipe_ffhh {
peer table ffhh;
import all;
export none;
};
# template for internal routing
template bgp bgp_ibgp {
table ffhh;
local as 65112;
source address <%= @own_ipv6 %>;
import all;
export where source = RTS_BGP;
gateway direct;
next hop self;
};
# icvpn template for hamburg03
template bgp bgp_icvpn {
local as 65112;
source address <%= @own_ipv6 %>;
table ffhh;
import where is_ula();
export where is_self() || (source = RTS_BGP);
};
<% @peerings_v6.each_pair do |key, hash| -%><% if hash["ip"] != @own_ipv6 -%>
protocol bgp <%= key %> from <%= hash["template"] %> {
neighbor <%= hash["ip"] %> as <%= hash["as"] %>;
};
<% end -%><% end -%>

25
templates/etc/dhcp/dhcpd.conf.erb Normal file
View file

@ -0,0 +1,25 @@
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# option definitions common to all supported networks...
option domain-name ".ffhh";
default-lease-time 600;
max-lease-time 3600;
log-facility local7;
subnet 10.112.0.0 netmask 255.255.192.0 {
authoritative;
range <%= @dhcprange_start %> <%= @dhcprange_end %>;
# DNS: srv01 (10.112.1.1) & gw01 (10.112.14.1)
option domain-name-servers 10.112.1.1, 10.112.14.1;
option routers <%= @gw_ipv4 %>;
}
include "/etc/dhcp/static.conf";

16
templates/etc/fastd/ffhh-mesh-vpn/fastd.conf.erb Normal file
View file

@ -0,0 +1,16 @@
# managed by puppet -- editing is futile
log to syslog level info;
interface "ffhh-mesh-vpn";
method "salsa2012+gmac"; # new method, between gateways for the moment (faster)
method "xsalsa20-poly1305"; # old method
bind 0.0.0.0:10000;
hide ip addresses yes;
hide mac addresses yes;
include "secret.conf";
mtu 1426; # 1492 - IPv4 Header - fastd Header...
include peers from "peers";
on up "
ifup bat0
ip link set address <%= @mesh_mac %> up dev $INTERFACE
";

15
templates/etc/radvd.conf.erb Normal file
View file

@ -0,0 +1,15 @@
# managed by puppet
interface br-ffhh
{
AdvSendAdvert on;
MaxRtrAdvInterval 200;
prefix fd51:2bb2:fd0d::/64 {
};
RDNSS <%= @own_ipv6 %> {
};
};
# vim: noai:ts=4:sw=4:ff=unix:ft=text:fdm=marker