diff --git a/hosts/freifunk/default.nix b/hosts/freifunk/default.nix index c320fcea..c4011f7b 100644 --- a/hosts/freifunk/default.nix +++ b/hosts/freifunk/default.nix @@ -14,6 +14,7 @@ let rt_table_hosts = 7; rt_table_nets = rt_table_hosts + 1; rt_table_tuns = rt_table_hosts + 2; + rt_table_ffgw = 244; sysinfo-json = import ./sysinfo-json.nix { inherit pkgs ddmeshNode; }; upstreams = [ "upstream4" "upstream3" ]; @@ -26,6 +27,29 @@ let core = "00:de:13:cb:9a:7b"; bmx = "00:de:13:cb:9a:7c"; }; + bmxdGatewayScript = with pkgs; writeScript "bmxd-gateway.sh" '' + #! ${runtimeShell} -e + + echo "bmxd-gateway.sh: $@" >&2 + + PATH=${lib.makeBinPath [ iproute2 ]} + case "$1" in + gateway) + ;; + del|init) + ;; + *) + ip tunnel del ffgw || true + + ip tunnel add ffgw mode ipip local 10.200.${ddmeshAddrPart} remote "$1" + ip link set ffgw up + ip addr add 10.200.${ddmeshAddrPart}/32 dev ffgw + ip route add 0/0 dev ffgw table ${toString rt_table_ffgw} + ip rule add pref 33500 table ${toString rt_table_ffgw} || true + ;; + esac + ''; + in { imports = [ "${modulesPath}/profiles/minimal.nix" @@ -234,8 +258,6 @@ in { FirewallMark = upstreamMark; }; } ]; - # reverse dependency - networkConfig.Tunnel = [ "wg-vpn6" ]; }; }; }; @@ -250,13 +272,20 @@ in { --no_fork 1 \ --throw-rules 0 \ --prio-rules 0 \ - --gateway_tunnel_network 10.200.0.0/16 \ - --purge_timeout 20 \ - --one_way_tunnel 1 \ + --network 10.200.0.0/16 \ + --netid 0 \ + --only_community_gw 1 \ + --script ${bmxdGatewayScript} \ + --hop_penalty 1 \ + --lateness_penalty 10 \ + --ogm_broadcasts 100 \ + --udp_data_size 512 \ + --ogm_interval 5000 \ + --purge_timeout 35 \ -r 3 --gateway_hysteresis 20 \ - dev=${meshLoopback} /linklayer 0 \ - dev=${meshInterface} /linklayer 1 \ - dev=ipip-node51001 /linklayer 1 + --dev ${meshLoopback} /linklayer 0 \ + --dev ${meshInterface} /linklayer 1 \ + --dev ipip-node51001 /linklayer 1 ''; Restart = "always"; RestartSec = "60";