freifunk: doc

hosts/containers/freifunk/configuration.nix

@@ -37,8 +37,12 @@ in {
   networking.firewall.enable = false;
   networking.nat = {
     enable = true;
+    # This doesn't really work, hence the `extraCommands`
     externalInterface = meshInterface;
     #internalInterfaces = [ "core" ];
+
+    # Setup routing into Freifunk,
+    # masquerading anything that isn't already their IP range
     extraCommands = ''
       set +e
       ${pkgs.iproute}/bin/ip rule add to 10.200.0.0/16 table bmx priority 300
@@ -47,17 +51,19 @@ in {
       set -e
     '';
   };
+  # Configure rt_table name
   networking.iproute2 = {
     enable = true;
     rttablesExtraConfig = "${toString rt_table} bmx";
   };
 
-  # Required for krops
+  # Required for krops: ssh git
   services.openssh.enable = true;
   environment.systemPackages = with pkgs; [ git tcpdump ];
 
   systemd.network = {
     netdevs = {
+      # Dummy interface for primary (10.200) address
       bmx_prime = {
         enable = true;
         netdevConfig = {
@@ -67,6 +73,7 @@ in {
       };
     };
     networks = {
+      # Wired mesh interface
       "10-bmx" = {
         enable = true;
         matchConfig = { Name = meshInterface; };
@@ -77,6 +84,7 @@ in {
           };
         } ];
       };
+      # Dummy interface for primary (10.200) address
       "11-bmx-loopback" = {
         enable = true;
         matchConfig = { Name = meshLoopback; };
@@ -87,22 +95,15 @@ in {
           };
         } ];
       };
+      # ZW
       "20-core" = {
         enable = true;
         matchConfig = { Name = "core"; };
-        addresses = [ {
-          addressConfig = {
-            Address = "${coreAddress}/${toString corePrefixlen}";
-          };
-        } {
-          addressConfig = {
-            Address = "2a02:8106:208:5281:8000::1/64";
-          };
-        } {
-          addressConfig = {
-            Address = "fd23:42:c3d2:581:8000::1/64";
-          };
-        } ];
+        addresses = map (Address: { addressConfig = { inherit Address; }; }) [
+          "${coreAddress}/${toString corePrefixlen}"
+          "2a02:8106:208:5281:8000::1/64"
+          "fd23:42:c3d2:581:8000::1/64"
+        ];
         routes = [ {
           routeConfig = {
             # upstream1
@@ -117,22 +118,25 @@ in {
       };
     };
   };
+  # Freifunk Dresden routing daemon
   systemd.services.bmxd = {
-      after = [ "systemd-networkd.service" ];
-      wantedBy = [ "network.target" ];
-      serviceConfig = {
-        ExecStart = ''
-          ${bmxd}/sbin/bmxd \
-            --rt_table_offset=${toString rt_table} \
-            --no_fork 1 \
-            --throw-rules 0 \
-            --prio-rules 0 \
-            dev=bmx_prime /linklayer 0 \
-            dev=${meshInterface} /linklayer 1
+    after = [ "systemd-networkd.service" ];
+    wantedBy = [ "network.target" ];
+    serviceConfig = {
+      ExecStart = ''
+        ${bmxd}/sbin/bmxd \
+          --rt_table_offset=${toString rt_table} \
+          --no_fork 1 \
+          --throw-rules 0 \
+          --prio-rules 0 \
+          dev=bmx_prime /linklayer 0 \
+          dev=${meshInterface} /linklayer 1
         '';
-        Restart = "always";
-      };
+      Restart = "always";
     };
+  };
+
+  # Re-register periodically
   systemd.services.ddmesh-register-node = {
     script = ''
       ${pkgs.curl}/bin/curl \
@@ -149,6 +153,8 @@ in {
     wantedBy    = [ "timers.target" ];
     timerConfig.OnCalendar = "daily";
   };
+
+  # Refresh sysinfo.json
   systemd.services.sysinfo-json = {
     script = ''
       ${sysinfo-json}/bin/bmxddump.sh
@@ -161,6 +167,7 @@ in {
     timerConfig.OnCalendar = "minutely";
   };
 
+  # Advertise Freifunk routes to ZW core
   services.bird2 = {
     enable = true;
     config = ''
@@ -209,6 +216,7 @@ in {
       '';
   };
 
+  # HTTP Reverse Proxy to provide services into Freifunk
   services.nginx = {
     enable = true;
     recommendedOptimisation = true;