From 6f16c99c38d2de55c539e741a5d545126a0c75a1 Mon Sep 17 00:00:00 2001 From: Astro Date: Fri, 17 Apr 2020 02:14:14 +0200 Subject: [PATCH] freifunk: doc --- hosts/containers/freifunk/configuration.nix | 62 ++++++++++++--------- 1 file changed, 35 insertions(+), 27 deletions(-) diff --git a/hosts/containers/freifunk/configuration.nix b/hosts/containers/freifunk/configuration.nix index 478ef0c5..de62047e 100644 --- a/hosts/containers/freifunk/configuration.nix +++ b/hosts/containers/freifunk/configuration.nix @@ -37,8 +37,12 @@ in { networking.firewall.enable = false; networking.nat = { enable = true; + # This doesn't really work, hence the `extraCommands` externalInterface = meshInterface; #internalInterfaces = [ "core" ]; + + # Setup routing into Freifunk, + # masquerading anything that isn't already their IP range extraCommands = '' set +e ${pkgs.iproute}/bin/ip rule add to 10.200.0.0/16 table bmx priority 300 @@ -47,17 +51,19 @@ in { set -e ''; }; + # Configure rt_table name networking.iproute2 = { enable = true; rttablesExtraConfig = "${toString rt_table} bmx"; }; - # Required for krops + # Required for krops: ssh git services.openssh.enable = true; environment.systemPackages = with pkgs; [ git tcpdump ]; systemd.network = { netdevs = { + # Dummy interface for primary (10.200) address bmx_prime = { enable = true; netdevConfig = { @@ -67,6 +73,7 @@ in { }; }; networks = { + # Wired mesh interface "10-bmx" = { enable = true; matchConfig = { Name = meshInterface; }; @@ -77,6 +84,7 @@ in { }; } ]; }; + # Dummy interface for primary (10.200) address "11-bmx-loopback" = { enable = true; matchConfig = { Name = meshLoopback; }; @@ -87,22 +95,15 @@ in { }; } ]; }; + # ZW "20-core" = { enable = true; matchConfig = { Name = "core"; }; - addresses = [ { - addressConfig = { - Address = "${coreAddress}/${toString corePrefixlen}"; - }; - } { - addressConfig = { - Address = "2a02:8106:208:5281:8000::1/64"; - }; - } { - addressConfig = { - Address = "fd23:42:c3d2:581:8000::1/64"; - }; - } ]; + addresses = map (Address: { addressConfig = { inherit Address; }; }) [ + "${coreAddress}/${toString corePrefixlen}" + "2a02:8106:208:5281:8000::1/64" + "fd23:42:c3d2:581:8000::1/64" + ]; routes = [ { routeConfig = { # upstream1 @@ -117,22 +118,25 @@ in { }; }; }; + # Freifunk Dresden routing daemon systemd.services.bmxd = { - after = [ "systemd-networkd.service" ]; - wantedBy = [ "network.target" ]; - serviceConfig = { - ExecStart = '' - ${bmxd}/sbin/bmxd \ - --rt_table_offset=${toString rt_table} \ - --no_fork 1 \ - --throw-rules 0 \ - --prio-rules 0 \ - dev=bmx_prime /linklayer 0 \ - dev=${meshInterface} /linklayer 1 + after = [ "systemd-networkd.service" ]; + wantedBy = [ "network.target" ]; + serviceConfig = { + ExecStart = '' + ${bmxd}/sbin/bmxd \ + --rt_table_offset=${toString rt_table} \ + --no_fork 1 \ + --throw-rules 0 \ + --prio-rules 0 \ + dev=bmx_prime /linklayer 0 \ + dev=${meshInterface} /linklayer 1 ''; - Restart = "always"; - }; + Restart = "always"; }; + }; + + # Re-register periodically systemd.services.ddmesh-register-node = { script = '' ${pkgs.curl}/bin/curl \ @@ -149,6 +153,8 @@ in { wantedBy = [ "timers.target" ]; timerConfig.OnCalendar = "daily"; }; + + # Refresh sysinfo.json systemd.services.sysinfo-json = { script = '' ${sysinfo-json}/bin/bmxddump.sh @@ -161,6 +167,7 @@ in { timerConfig.OnCalendar = "minutely"; }; + # Advertise Freifunk routes to ZW core services.bird2 = { enable = true; config = '' @@ -209,6 +216,7 @@ in { ''; }; + # HTTP Reverse Proxy to provide services into Freifunk services.nginx = { enable = true; recommendedOptimisation = true;