freifunk: setup all the correct details
This commit is contained in:
parent
d589cba320
commit
c3792f16ce
|
@ -1,7 +1,16 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
coreAddress = "172.20.72.40";
|
||||||
|
corePrefixlen = 26;
|
||||||
meshInterface = "bmx";
|
meshInterface = "bmx";
|
||||||
|
meshLoopback = "bmx_prime";
|
||||||
|
ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php";
|
||||||
|
secrets = import <secrets/hosts/freifunk>;
|
||||||
|
ddmeshRegisterKey = secrets.ddmeshRegisterKey;
|
||||||
|
ddmeshNode = 51073;
|
||||||
|
ddmeshAddrPart = "200.74";
|
||||||
|
rt_table = 7;
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||||
|
@ -13,30 +22,72 @@ in {
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = false;
|
isInHq = false;
|
||||||
enableHail = false;
|
enableHail = false;
|
||||||
|
hq.statistics.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.hostName = "freifunk";
|
networking.hostName = "freifunk";
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
networking.nat = {
|
||||||
|
enable = true;
|
||||||
|
externalInterface = meshInterface;
|
||||||
|
#internalInterfaces = [ "core" ];
|
||||||
|
extraCommands = ''
|
||||||
|
set +e
|
||||||
|
${pkgs.iproute}/bin/ip rule add to 10.200.0.0/16 table bmx priority 300
|
||||||
|
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING \
|
||||||
|
\! --source 10.200.0.0/15 -o ${meshInterface} -j SNAT --to 10.200.${ddmeshAddrPart}
|
||||||
|
set -e
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
networking.iproute2 = {
|
||||||
|
enable = true;
|
||||||
|
rttablesExtraConfig = "${toString rt_table} bmx";
|
||||||
|
};
|
||||||
|
|
||||||
# Required for krops
|
# Required for krops
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
environment.systemPackages = with pkgs; [ git tcpdump ];
|
environment.systemPackages = with pkgs; [ git tcpdump ];
|
||||||
|
|
||||||
systemd.network.networks = {
|
systemd.network = {
|
||||||
"10-bmx" = {
|
netdevs = {
|
||||||
enable = true;
|
bmx_prime = {
|
||||||
matchConfig = { Name = meshInterface; };
|
enable = true;
|
||||||
networkConfig = {
|
netdevConfig = {
|
||||||
Address = "10.200.0.15/16";
|
Kind = "bridge";
|
||||||
|
Name = meshLoopback;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"20-core" = {
|
networks = {
|
||||||
enable = true;
|
"10-bmx" = {
|
||||||
matchConfig = { Name = "core"; };
|
enable = true;
|
||||||
networkConfig = {
|
matchConfig = { Name = meshInterface; };
|
||||||
Address = "172.20.72.40/26";
|
addresses = [ {
|
||||||
Gateway = "172.20.72.7";
|
addressConfig = {
|
||||||
|
Address = "10.201.${ddmeshAddrPart}/16";
|
||||||
|
Broadcast = "10.255.255.255";
|
||||||
|
};
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
"11-bmx-loopback" = {
|
||||||
|
enable = true;
|
||||||
|
matchConfig = { Name = meshLoopback; };
|
||||||
|
addresses = [ {
|
||||||
|
addressConfig = {
|
||||||
|
Address = "10.200.${ddmeshAddrPart}/16";
|
||||||
|
Broadcast = "10.255.255.255";
|
||||||
|
};
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
"20-core" = {
|
||||||
|
enable = true;
|
||||||
|
matchConfig = { Name = "core"; };
|
||||||
|
networkConfig = {
|
||||||
|
Address = "${coreAddress}/${toString corePrefixlen}";
|
||||||
|
Gateway = "172.20.72.7";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -47,10 +98,64 @@ in {
|
||||||
after = [ "systemd-networkd.service" ];
|
after = [ "systemd-networkd.service" ];
|
||||||
wantedBy = [ "network.target" ];
|
wantedBy = [ "network.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${bmxd}/sbin/bmxd --no_fork 1 --throw-rules 0 --prio-rules 0 dev=${meshInterface} /linklayer 0";
|
ExecStart = ''
|
||||||
|
${bmxd}/sbin/bmxd \
|
||||||
|
--rt_table_offset=${toString rt_table} \
|
||||||
|
--no_fork 1 \
|
||||||
|
--throw-rules 0 \
|
||||||
|
--prio-rules 0 \
|
||||||
|
dev=bmx_prime /linklayer 0 \
|
||||||
|
dev=${meshInterface} /linklayer 1
|
||||||
|
'';
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
systemd.services.ddmesh-register-node = {
|
||||||
|
script = ''
|
||||||
|
${pkgs.curl}/bin/curl \
|
||||||
|
-o /tmp/ddmesh-registration.json \
|
||||||
|
'${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${toString ddmeshNode}'
|
||||||
|
'';
|
||||||
|
serviceConfig = {
|
||||||
|
User = "nobody";
|
||||||
|
Group = "nogroup";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.timers.ddmesh-register-node = {
|
||||||
|
partOf = [ "ddmesh-register-node.service" ];
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
timerConfig.OnCalendar = "daily";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.bird2 = {
|
||||||
|
enable = true;
|
||||||
|
config = ''
|
||||||
|
protocol kernel {
|
||||||
|
ipv4 {
|
||||||
|
export all;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
protocol device {
|
||||||
|
scan time 10;
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol ospf ZW4 {
|
||||||
|
ipv4;
|
||||||
|
area 0 {
|
||||||
|
networks {
|
||||||
|
172.20.72.0/21;
|
||||||
|
};
|
||||||
|
stubnet 10.200.0.0/16;
|
||||||
|
interface "core" {
|
||||||
|
authentication cryptographic;
|
||||||
|
password "${import <secrets/shared/ospf/message-digest-key.nix>}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
router id ${coreAddress};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
# This value determines the NixOS release with which your system is to be
|
||||||
# compatible, in order to avoid breaking some software such as database
|
# compatible, in order to avoid breaking some software such as database
|
||||||
|
|
2
secrets
2
secrets
|
@ -1 +1 @@
|
||||||
Subproject commit 35a994c6ea2f2720e8ec045ea1369163ea69a35f
|
Subproject commit 8f732b652a03432da81ed67aa9d968d6842ed0b4
|
Loading…
Reference in New Issue