freifunk: doc
This commit is contained in:
parent
b163f350de
commit
6f16c99c38
|
@ -37,8 +37,12 @@ in {
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
networking.nat = {
|
networking.nat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
# This doesn't really work, hence the `extraCommands`
|
||||||
externalInterface = meshInterface;
|
externalInterface = meshInterface;
|
||||||
#internalInterfaces = [ "core" ];
|
#internalInterfaces = [ "core" ];
|
||||||
|
|
||||||
|
# Setup routing into Freifunk,
|
||||||
|
# masquerading anything that isn't already their IP range
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
set +e
|
set +e
|
||||||
${pkgs.iproute}/bin/ip rule add to 10.200.0.0/16 table bmx priority 300
|
${pkgs.iproute}/bin/ip rule add to 10.200.0.0/16 table bmx priority 300
|
||||||
|
@ -47,17 +51,19 @@ in {
|
||||||
set -e
|
set -e
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
# Configure rt_table name
|
||||||
networking.iproute2 = {
|
networking.iproute2 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
rttablesExtraConfig = "${toString rt_table} bmx";
|
rttablesExtraConfig = "${toString rt_table} bmx";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Required for krops
|
# Required for krops: ssh git
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
environment.systemPackages = with pkgs; [ git tcpdump ];
|
environment.systemPackages = with pkgs; [ git tcpdump ];
|
||||||
|
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
netdevs = {
|
netdevs = {
|
||||||
|
# Dummy interface for primary (10.200) address
|
||||||
bmx_prime = {
|
bmx_prime = {
|
||||||
enable = true;
|
enable = true;
|
||||||
netdevConfig = {
|
netdevConfig = {
|
||||||
|
@ -67,6 +73,7 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
networks = {
|
networks = {
|
||||||
|
# Wired mesh interface
|
||||||
"10-bmx" = {
|
"10-bmx" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
matchConfig = { Name = meshInterface; };
|
matchConfig = { Name = meshInterface; };
|
||||||
|
@ -77,6 +84,7 @@ in {
|
||||||
};
|
};
|
||||||
} ];
|
} ];
|
||||||
};
|
};
|
||||||
|
# Dummy interface for primary (10.200) address
|
||||||
"11-bmx-loopback" = {
|
"11-bmx-loopback" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
matchConfig = { Name = meshLoopback; };
|
matchConfig = { Name = meshLoopback; };
|
||||||
|
@ -87,22 +95,15 @@ in {
|
||||||
};
|
};
|
||||||
} ];
|
} ];
|
||||||
};
|
};
|
||||||
|
# ZW
|
||||||
"20-core" = {
|
"20-core" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
matchConfig = { Name = "core"; };
|
matchConfig = { Name = "core"; };
|
||||||
addresses = [ {
|
addresses = map (Address: { addressConfig = { inherit Address; }; }) [
|
||||||
addressConfig = {
|
"${coreAddress}/${toString corePrefixlen}"
|
||||||
Address = "${coreAddress}/${toString corePrefixlen}";
|
"2a02:8106:208:5281:8000::1/64"
|
||||||
};
|
"fd23:42:c3d2:581:8000::1/64"
|
||||||
} {
|
];
|
||||||
addressConfig = {
|
|
||||||
Address = "2a02:8106:208:5281:8000::1/64";
|
|
||||||
};
|
|
||||||
} {
|
|
||||||
addressConfig = {
|
|
||||||
Address = "fd23:42:c3d2:581:8000::1/64";
|
|
||||||
};
|
|
||||||
} ];
|
|
||||||
routes = [ {
|
routes = [ {
|
||||||
routeConfig = {
|
routeConfig = {
|
||||||
# upstream1
|
# upstream1
|
||||||
|
@ -117,22 +118,25 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
# Freifunk Dresden routing daemon
|
||||||
systemd.services.bmxd = {
|
systemd.services.bmxd = {
|
||||||
after = [ "systemd-networkd.service" ];
|
after = [ "systemd-networkd.service" ];
|
||||||
wantedBy = [ "network.target" ];
|
wantedBy = [ "network.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${bmxd}/sbin/bmxd \
|
${bmxd}/sbin/bmxd \
|
||||||
--rt_table_offset=${toString rt_table} \
|
--rt_table_offset=${toString rt_table} \
|
||||||
--no_fork 1 \
|
--no_fork 1 \
|
||||||
--throw-rules 0 \
|
--throw-rules 0 \
|
||||||
--prio-rules 0 \
|
--prio-rules 0 \
|
||||||
dev=bmx_prime /linklayer 0 \
|
dev=bmx_prime /linklayer 0 \
|
||||||
dev=${meshInterface} /linklayer 1
|
dev=${meshInterface} /linklayer 1
|
||||||
'';
|
'';
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Re-register periodically
|
||||||
systemd.services.ddmesh-register-node = {
|
systemd.services.ddmesh-register-node = {
|
||||||
script = ''
|
script = ''
|
||||||
${pkgs.curl}/bin/curl \
|
${pkgs.curl}/bin/curl \
|
||||||
|
@ -149,6 +153,8 @@ in {
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
timerConfig.OnCalendar = "daily";
|
timerConfig.OnCalendar = "daily";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Refresh sysinfo.json
|
||||||
systemd.services.sysinfo-json = {
|
systemd.services.sysinfo-json = {
|
||||||
script = ''
|
script = ''
|
||||||
${sysinfo-json}/bin/bmxddump.sh
|
${sysinfo-json}/bin/bmxddump.sh
|
||||||
|
@ -161,6 +167,7 @@ in {
|
||||||
timerConfig.OnCalendar = "minutely";
|
timerConfig.OnCalendar = "minutely";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Advertise Freifunk routes to ZW core
|
||||||
services.bird2 = {
|
services.bird2 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
config = ''
|
config = ''
|
||||||
|
@ -209,6 +216,7 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# HTTP Reverse Proxy to provide services into Freifunk
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
|
|
Loading…
Reference in New Issue