config: nixify everything

This commit is contained in:
Astro 2021-11-13 01:23:23 +01:00
parent 6446c6b8a3
commit 32c0def45b
47 changed files with 6126 additions and 6809 deletions

4
.gitignore vendored
View File

@ -1 +1,3 @@
contact.md /contact.md
/config/secrets-production.nix
/config/secrets-production.nix.old

View File

@ -34,8 +34,8 @@ Wir, ein kleiner Kreis von Menschen die das Netzwerk im Zentralwerk betreuen, ha
- [x] Einlesen der Salt-Daten in Nix - [x] Einlesen der Salt-Daten in Nix
- [x] Containererstellung - [x] Containererstellung
- [x] Migration der Container - [x] Migration der Container
- [ ] device-scripts auf Site Config umstellen - [x] device-scripts auf Site Config umstellen
- [ ] Site Config ohne Entschlüsselung dumpen, Salt-Daten löschen - [x] Site Config ohne Entschlüsselung dumpen, Salt-Daten löschen
### Development Setup ### Development Setup
@ -77,8 +77,8 @@ auch `/etc/nixos` so dass `nixos-rebuild switch` problemlos
klappt. Ausserdem ist dieser lokale Checkout in der `nix registry` klappt. Ausserdem ist dieser lokale Checkout in der `nix registry`
eingetragen, was von bspw. von `build-container` verwendet wird. eingetragen, was von bspw. von `build-container` verwendet wird.
Der Flake-input `zentralwerk-network-key` ist mit einem lokalen Ausserdem wurden dort `nix run .#switch-to-production` und immer
Repository überschrieben, weshalb die `flake.lock` dirty ist. wieder `.#decrypt-secrets` ausgeführt.
### LXC-Containers auf Server ### LXC-Containers auf Server

5704
config/config.nix Normal file

File diff suppressed because it is too large Load Diff

8
config/default.nix Normal file
View File

@ -0,0 +1,8 @@
{
imports = [
./config.nix
./secrets.nix
./vlan.nix
];
}

View File

@ -0,0 +1,59 @@
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf6Axl7IpRsbhFaX8dJDQHlJrdK8LWP71VrUF/ukeF5qfjz
1CKM04e/RWQ8dUK7OKIgbKhirI8dcleMB+gCu2Y45vXauqsVSaKTOV+ZyZZ3f1Hs
gmHSxxKVoyMtCj+9dKGGTkNMgsB/0eIxTOc+dNrQb6FHpJjMBOzaDUI8N5AOeA+B
IwJO+fco1dIj0I6sym3UHzovY3teQoGhBszzs60pjp77eJpiuIfEFZH0karWixX3
Ktqn8q2+rD6+SVRcNADxnjiZ9dk4Ec7fFTqjCmZLwjiJDV0guhGPmc7ewsWnJA/z
LgErzyAXI/g6sY2G47g7KdbBFzzk5YWepW2MuH+ZjdLrAaEGjqZQ2k6OXlQkjFQK
AgP/u+KUPMd1o20QO/OX9jb6SzjKgr8rk+bM5ZnCJq0nxGLJQQZzb2Kq5/1KCIC+
2B8plQmQaR/wTUGjyrgwgzBGbGBUENk52AOgehrHb2A3vH7cEEpqdSZDRUoCovqa
amg5lIBYKeIQSL2WQjXYGfr+Mu82iAn4Rdvd2I5GRNlC3E12KKGQXDgrXhDKzAyF
6KD7zoLQlvK9fQp34ECUGaG0Qps+tOfXUIX+h+9rSQ10e/ZJfitFCsGg4CVunvsI
WzuDofIhQCmt8tOr2db5B5xGjylCCWnLlW2/j+Rrx2FzpIHrs6+2vcXkYQ7EFjnS
xMzPrudHUiLbv+CiciOcRe63DyG5wP31skJvAm7eQRaHaPXMEZFRSJ1xG06XEygg
a1RwBubnqRRONBvGy7u7b/Daj74Xk5Z6S3P9oBn5pDk25Na8xnJqz9jN21khE0w7
ARIHU6rybCVfUccCfBzaGF/5LIS4Q/7L2uAu+MWRDg2uJr4N/pkYMs8Pi/vqLNCw
XVV8jeilzIYqEAGp1thBfHiMO8kMKmQKxadETxTy7vCfS3jqcl19xTobH0non5Ie
HMONaE/AKhSUHNK14fEH0HipgCwpy79P4MjFC8e5z5YoCsAqqzKmJJ6jv0lzpaA6
iEamAg+0g1XhqTEHUnnC3RONnaY+VGAXSOXpH4cOlVocX2C/N9U6mev2/KN+xgC5
PytsfKPRoiLagHrxGN6LekaiiQrrjFOgPGE5pwMnI0ODWDl+Yun8CmXwjq2oQudF
Xe/eKtJmtEiZGWuPn5yUp/j3xyKue6sH4NIoFBcQUYX07yaPRetZITykjpYdYBxX
RzSLD7pYDXMrtjuP4MsvjT0WD/XE9086p2CDjDv0mQfQpc40LyiJw4djFRkTsBaB
zdv9gAYSuRfigpx+ygCvUZjLpSDHqixWdIJeo9NjIcbELjirQvxNGKew1JJBAPZJ
6BdElR9WCHBx7jdVYaG5PXqiWtiXgFX2hs5+d0yFRHPRZo2xG3nBpJbE1ixqLSMQ
aXK0YO2sH+Z7i1aIZpMkJF5FRNYb02jgGt89OciweU8vPeckw7lkVNxtHjsfKukB
moZIDbQ2K5IvpJoYMvOwsMTFyB6biJXcSsVEuvfxbzM9nunqeAoHKJM7A23R1Xw7
8fyYgN8EhxWl4bfk/sOVceAcVd+48oXr0dxbWw3OpxAeUJ6p9J4r/dKQopDW1VqV
u1t404j6JkzLaKLZ6cXg0yl/jLmuOyQQRzNT6CA36K7/n5QRgNPpQ4P4sbesWMnw
G04n6kkz29uX91SPaJkhliaXctotxCcSqz3ryNrz2isn8n4zuVgD7O/GKeSZobqD
hv7IBY5Th1F4yQ94U0u8nkr2OVccsXohXxsRXN38/qLqT2I8R00evrnwhPZE9JFn
dfJAMXCxtkwxuLYosrKyUTDbARLGAhP4RD9BXOijH0ec2lS/RKdcz0PI9Lz9zrzS
Oq1JmxqYBi+jlxPuCqPHP1QY2LRXq5Ckr4hXsiKVbnMTpW0eL9raNva/NleaSzaH
ovNyYVYzdGgBdM3IYcnm8bpuJHeuxHWkyw2buRUktxNGT//VXeAz0yyLuMVr1D20
fDrHPI1hEukcIw8Z1s0Bg0wkUfRDBEWG4aL9GruAV9WyyMAAudtAXDfjO7Wo2vkI
qdByXSsQw4pOUlLmOaFdf1Jr2pQYtQPsxJcyuyxBJ8pextUTtKIENRW8ENYHI7af
C7fL3DMdWkpH04nGmmiv/kisZ01q+13x/t83ENv049Z65rV9lr01C08I1xrQuxf8
rCKkcRNAXw0aVRoi7k4111mpzCWCqYCU6rbvlF3q5PyR5mYk7/m2k1lhgp4JSgfM
zJT9uGLKjP0XiubV8poJNqRuMkHAMsmD2GjqJRmhfDXBJKfrbTDDE8PV1jvQpur9
5z+bMnJ6A4eFK8+3KymbO58TTJr/YtIZg39tv67CmmvkzqI1ymHvUkYa1EYvmcjn
SplmwrNqWXS7Pnxehq4JDBwOccvITkdIrwnvHM8D3XyHeIvt6c1fCzIl0f0M5oqQ
nkurQrPWTrvA+H8BJ3AzLIk8HrduMgjSujWA+ZK4E0QLlC8ElSQ3vUpQ4CfErEy1
byVXi4Iphdxoy1NIgoRwlClSwprcT7wtEPRAKZtYZlUk7Ji7YH928PPv0hqdnPZW
t8jVO0Fy3bf1iHO4aPepmXzT5h6ouo64tlMobStlccz7YCVweNZdVQrPokBhcrIE
zCsNBY0vntcNXEkFUxneBzYHW22ov6bTL7GYTBnJ5AAUl0YJ5lij0rYv5YXRlJA9
c8CyGuXl3zCt9k2dG4oYBh9OwoUo+LJyuDym8O5xZs0KdhwSePfc2WCcuzjxAJat
Pxqa+RawZybWLq+RKfONJ6Ds5PwYGaxO0Ra+MJnWqC0aQBTrzn1mLUfZ5V8kaKsT
ARU/KONBagKvL279DcvU3wuDgKWmCKE2k31A45P3Z0N3KdadF7AGYb9YCjwpS5z8
ad40UZ2WeoLBcfXWJWfN27mmpVw9STiOOVVwg466OwLeO0pZeHO+26zGtsTW6ueT
p+W/ulIZYUM2LyCJfEhu2MdsO7CvTdLoEj/vGJpJAnOXRpsbRPCz4YbBmvcOmXt0
lwT/YWnWNGViDfI+WPRtVTMFmb2W93MdOU8l3G7XNp9WlZuG19MQT89hYe1zdBQX
r2nORbb+du7MnX7El3h9xJDAWUPfV1NrPdvlS6JtRvvRpphhTor6s4UY0hi77SRf
S+4rzvKSecS2rxKR2GJOYT9Bf+TAfTjCeiwsHEV43sY/jER7mqlitVJ4MzYCHIrU
q1oiBODbLrS0PDtn45mtBPqYmNHvp5+Mo3UFAOSZO03PY48hbDoByhh8On+Xhf/P
M5RDzDJSWAXJvFw2HftUAben4mXPZ0Ifum7Hm34PQV9VJ+Us5rmmShmGdacw4AYX
GsdNYJ4Ga8M6bsPLo5Vk6s7OOdSAGl/K8l+VJgOzjcBVUwM6d8lQMHAgVdYukY/h
beSMD2VemMYHhpCV+Ys/yeBRwC5rrHoyTJXN1aE4PuC/mg/ath3hPZibTugy0qYN
4HgSB8+r8YhJXiSu
=Hqtq
-----END PGP MESSAGE-----

242
config/secrets.nix Normal file
View File

@ -0,0 +1,242 @@
{
site.net = {
core.ospf.secret = "SECRET";
};
site.hosts = {
ap1.password = "SECRET";
ap2.password = "SECRET";
ap3.password = "SECRET";
ap4.password = "SECRET";
ap5.password = "SECRET";
ap6.password = "SECRET";
ap7.password = "SECRET";
ap8.password = "SECRET";
ap9.password = "SECRET";
ap10.password = "SECRET";
ap11.password = "SECRET";
ap12.password = "SECRET";
ap15.password = "SECRET";
ap17.password = "SECRET";
ap18.password = "SECRET";
ap19.password = "SECRET";
ap21.password = "SECRET";
ap22.password = "SECRET";
ap23.password = "SECRET";
ap24.password = "SECRET";
ap25.password = "SECRET";
ap26.password = "SECRET";
ap27.password = "SECRET";
ap28.password = "SECRET";
ap29.password = "SECRET";
ap30.password = "SECRET";
ap31.password = "SECRET";
ap32.password = "SECRET";
ap33.password = "SECRET";
ap34.password = "SECRET";
ap35.password = "SECRET";
ap36.password = "SECRET";
ap37.password = "SECRET";
ap38.password = "SECRET";
ap39.password = "SECRET";
ap40.password = "SECRET";
ap41.password = "SECRET";
ap42.password = "SECRET";
ap43.password = "SECRET";
ap44.password = "SECRET";
ap45.password = "SECRET";
ap46.password = "SECRET";
ap47.password = "SECRET";
ap48.password = "SECRET";
ap49.password = "SECRET";
ap50.password = "SECRET";
ap51.password = "SECRET";
ap52.password = "SECRET";
ap53.password = "SECRET";
ap54.password = "SECRET";
ap55.password = "SECRET";
ap56.password = "SECRET";
switch-a1.password = "SECRET";
switch-b1.password = "SECRET";
switch-b2.password = "SECRET";
switch-c1.password = "SECRET";
switch-c3d2-main.password = "SECRET";
switch-d1.password = "SECRET";
switch-dach.password = "SECRET";
upstream4.interfaces.up4-pppoe.upstream = {
user = "SECRET";
password = "SECRET";
};
anon1.wireguard.njalla = {
addresses = [ "fec0::1/64" "192.168.0.1/24" ];
endpoint = "0.0.0.1";
privateKey = "SECRET";
publicKey = "SECRET";
upBandwidth = 45000;
};
ap1.wifi."platform/qca953x_wmac".ssids."uebergangsnetz".psk = "SECRET";
ap10.wifi."platform/qca953x_wmac".ssids = {
"Ebs 2000".psk = "SECRET";
"iz-dresden.org".psk = "SECRET";
};
ap11.wifi."platform/qca955x_wmac".ssids."braeunigkoschnik".psk = "SECRET";
ap12.wifi."platform/ar934x_wmac".ssids = {
"IrèneMélix".psk = "SECRET";
"paperheart".psk = "SECRET";
};
ap15.wifi."platform/qca955x_wmac".ssids."etz250".psk = "SECRET";
ap17.wifi."platform/qca955x_wmac".ssids = {
"EDUB".psk = "SECRET";
"Zweitwohnsitz".psk = "SECRET";
"e-Stuetzpunkt".psk = "SECRET";
};
ap18.wifi."platform/qca953x_wmac".ssids."Restaurierung Wolff/Kober".psk = "SECRET";
ap19.wifi."platform/qca953x_wmac".ssids = {
"Studio 01127".psk = "SECRET";
"Walter".psk = "SECRET";
};
ap2.wifi = {
"pci0000:01/0000:01:00.0".ssids."C3D2".psk = "SECRET";
"platform/qca955x_wmac".ssids."C3D2 legacy".psk = "SECRET";
};
ap21.wifi = {
"pci0000:00/0000:00:00.0".ssids."ZW stage".psk = "SECRET";
"platform/qca956x_wmac".ssids."ZW stage legacy".psk = "SECRET";
};
ap23.wifi = {
"pci0000:00/0000:00:00.0".ssids."LBK Network".psk = "SECRET";
"platform/qca956x_wmac".ssids."LBK Network".psk = "SECRET";
};
ap24.wifi."platform/ar933x_wmac".ssids."farbwerk".psk = "SECRET";
ap25.wifi."platform/ar933x_wmac".ssids."farbwerk".psk = "SECRET";
ap26.wifi."pci0000:00/0000:00:00.0".ssids."Dezember".psk = "SECRET";
ap29.wifi = {
"pci0000:00/0000:00:00.0".ssids."jungnickel-fotografie".psk = "SECRET";
"platform/qca956x_wmac".ssids."jungnickel-fotografie".psk = "SECRET";
};
ap3.wifi = {
"pci0000:00/0000:00:00.0".ssids."C3D2".psk = "SECRET";
"platform/ar934x_wmac".ssids."C3D2 legacy".psk = "SECRET";
};
ap30.wifi."platform/qca956x_wmac".ssids."WLANb0402".psk = "SECRET";
ap31.wifi = {
"pci0000:00/0000:00:00.0".ssids."C3D2".psk = "SECRET";
"platform/qca956x_wmac".ssids = {
"C3D2 legacy" = { "psk" = "SECRET"; };
"FOTOAKADEMIEdd" = { "psk" = "SECRET"; };
};
};
ap32.wifi = {
"pci0000:00/0000:00:00.0".ssids."ZW stage".psk = "SECRET";
"platform/qca956x_wmac".ssids."ZW stage legacy".psk = "SECRET";
};
ap33.wifi = {
"pci0000:00/0000:00:00.0".ssids."C3D2".psk = "SECRET";
"platform/qca956x_wmac".ssids."C3D2 legacy".psk = "SECRET";
};
ap35.wifi."platform/qca956x_wmac".ssids."Koch".psk = "SECRET";
ap36.wifi."platform/ar933x_wmac".ssids."C3D2 legacy".psk = "SECRET";
ap37.wifi = {
"pci0000:00/0000:00:00.0".ssids."hechtfilm.de".psk = "SECRET";
"platform/ahb/18100000.wmac".ssids."hechtfilm.de legacy".psk = "SECRET";
};
ap38.wifi = {
"pci0000:00/0000:00:00.0".ssids = {
"ZW heinrichsgarten" = { "psk" = "SECRET"; };
"plop" = { "psk" = "SECRET"; };
};
"platform/qca956x_wmac".ssids = {
"ZW heinrichsgarten" = { "psk" = "SECRET"; };
"plop" = { "psk" = "SECRET"; };
};
};
ap39.wifi."platform/10180000.wmac".ssids."EckiTino".psk = "SECRET";
ap4.wifi."platform/qca955x_wmac".ssids."jam-circle.de".psk = "SECRET";
ap40.wifi = {
"pci0000:00/0000:00:00.0".ssids."M".psk = "SECRET";
"platform/qca956x_wmac".ssids."M legacy".psk = "SECRET";
};
ap41.wifi = {
"pci0000:00/0000:00:00.0".ssids."Walter".psk = "SECRET";
"platform/qca956x_wmac".ssids."Walter".psk = "SECRET";
};
ap42.wifi = {
"pci0000:00/0000:00:00.0".ssids."jam-circle.de".psk = "SECRET";
"platform/qca956x_wmac".ssids."jam-circle.de legacy".psk = "SECRET";
};
ap43.wifi."platform/qca955x_wmac".ssids."Kaffeetasse".psk = "SECRET";
ap44.wifi = {
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids."ZW stage legacy".psk = "SECRET";
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
};
ap45.wifi = {
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids."ZW stage legacy".psk = "SECRET";
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
};
ap46.wifi = {
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids = {
"EWW".psk = "SECRET";
"ZW stage legacy".psk = "SECRET";
};
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids = {
"EWW".psk = "SECRET";
"ZW stage".psk = "SECRET";
};
};
ap47.wifi = {
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids."ZW stage legacy".psk = "SECRET";
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
};
ap48.wifi = {
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids."ZW stage legacy".psk = "SECRET";
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
};
ap49.wifi = {
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids."ZW stage legacy".psk = "SECRET";
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
};
ap5.wifi."platform/qca955x_wmac".ssids."verbalwerk.de".psk = "SECRET";
ap50.wifi = {
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids = {
"ZW stage legacy".psk = "SECRET";
"gerdwork".psk = "SECRET";
};
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
};
ap51.wifi = {
"pci0000:01/0000:01:00.0".ssids."antrares".psk = "SECRET";
"platform/qca955x_wmac".ssids."antrares".psk = "SECRET";
};
ap52.wifi = {
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids."ZW stage legacy".psk = "SECRET";
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
};
ap53.wifi."platform/qca953x_wmac".ssids."Karen Koschnick".psk = "SECRET";
ap54.wifi = {
"pci0000:00/0000:00:00.0".ssids."Abyssinia".psk = "SECRET";
"platform/qca956x_wmac".ssids."Abyssinia".psk = "SECRET";
};
ap55.wifi = {
"pci0000:00/0000:00:00.0".ssids."MagLAN".psk = "SECRET";
"platform/qca956x_wmac".ssids."MagLAN (legacy)".psk = "SECRET";
};
ap56.wifi = {
"pci0000:00/0000:00:00.0".ssids."MagLAN".psk = "SECRET";
"platform/qca956x_wmac".ssids."MagLAN (legacy)".psk = "SECRET";
};
ap7.wifi."platform/qca953x_wmac".ssids."mino".psk = "SECRET";
ap8.wifi = {
"pci0000:00/0000:00:00.0".ssids."C3D2".psk = "SECRET";
"platform/ar934x_wmac".ssids = {
"C3D2 legacy".psk = "SECRET";
"teknologi".psk = "SECRET";
};
};
ap9.wifi."platform/qca953x_wmac".ssids."Herzzbuehne".psk = "SECRET";
};
site.dyndnsKey = "SECRET";
}

39
config/vlan.nix Normal file
View File

@ -0,0 +1,39 @@
let
range = cur: max:
if cur <= max
then [ cur ] ++ range (cur + 1) max
else [];
in
{
site.net = builtins.mapAttrs (_: vlan: { inherit vlan; }) {
# switches and CPE only have IP addresses configured in the management vlan
mgmt = 1;
# routers, OSPF area 0
core = 2;
# servers...
serv = 3;
# ZW public
pub = 4;
# C3D2 home network
c3d2 = 5;
cluster = 6;
bmx = 7;
# Modems
up1 = 10;
up2 = 11;
up3 = 12;
up4 = 13;
# Isolated neighbors directly connectied with their modems
iso1 = 101;
iso2 = 102;
iso3 = 103;
iso4 = 104;
iso5 = 105;
iso6 = 106;
} // builtins.foldl' (result: i:
# Neighbor subnets
result // {
"priv${toString i}".vlan = i + 39;
}
) {} (range 1 61);
}

View File

@ -52,25 +52,7 @@
"inputs": { "inputs": {
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"openwrt": "openwrt", "openwrt": "openwrt"
"zentralwerk-network-key": "zentralwerk-network-key"
}
},
"zentralwerk-network-key": {
"locked": {
"dir": "nix/key",
"lastModified": 1631808463,
"narHash": "sha256-5xMZkqqQbpXECnKEK2THT7u4+/vL7SPp3Jvoicm1Moc=",
"ref": "master",
"rev": "e4a5aee0e44ca058d2f12d6c6f34db6d484187fc",
"revCount": 1172,
"type": "git",
"url": "https://gitea.c3d2.de/zentralwerk/network.git?dir=nix%2fkey"
},
"original": {
"dir": "nix/key",
"type": "git",
"url": "https://gitea.c3d2.de/zentralwerk/network.git?dir=nix%2fkey"
} }
} }
}, },

View File

@ -6,13 +6,9 @@
nixpkgs-master.url = "github:NixOS/nixpkgs"; nixpkgs-master.url = "github:NixOS/nixpkgs";
openwrt.url = "git+https://git.openwrt.org/openwrt/openwrt.git?ref=openwrt-21.02"; openwrt.url = "git+https://git.openwrt.org/openwrt/openwrt.git?ref=openwrt-21.02";
openwrt.flake = false; openwrt.flake = false;
# `nix flake update --override-flake zentralwerk-network-key git+file:///...`
# to provide the GPG secret key
zentralwerk-network-key.url = "git+https://gitea.c3d2.de/zentralwerk/network.git?dir=nix/key";
}; };
outputs = inputs@{ self, nixpkgs, nixpkgs-master, openwrt, zentralwerk-network-key }: outputs = inputs@{ self, nixpkgs, nixpkgs-master, openwrt }:
let let
system = "x86_64-linux"; system = "x86_64-linux";
systems = [ system ]; systems = [ system ];
@ -33,7 +29,6 @@
lib = nixpkgs.lib.extend (final: prev: lib = nixpkgs.lib.extend (final: prev:
import ./nix/lib { import ./nix/lib {
inherit self; inherit self;
inherit (zentralwerk-network-key.lib) gpgKey;
inherit openwrt; inherit openwrt;
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
}); });

View File

@ -1,14 +0,0 @@
{
description = "Zentralwerk network secret GPG key";
outputs = { ... }: {
lib.gpgKey = null;
# test key
lib.dyndnsKey = "Dr1QHSfNtAwgbdoNBtCgl5NxsSXlaw9+qo7juiVTv58=";
# test credentials
lib.pppoe.upstream4 = {
user = "test@example.com";
password = "secret";
};
};
}

View File

@ -1,6 +1,5 @@
{ self { self
, pkgs ? import <nixpkgs> {} , pkgs ? import <nixpkgs> {}
, gpgKey
}: }:
let let
@ -22,18 +21,13 @@ let
default = []; default = [];
internal = true; internal = true;
}; };
options.gpgKey = mkOption {
type = with types; nullOr path;
};
config = {
inherit gpgKey;
};
} }
) )
./options.nix ./options.nix
./legacy.nix ../../../config
]; ];
}; };
inherit (result) config; inherit (result) config;
warn = result: warn = result:
@ -47,9 +41,9 @@ let
error = result: error = result:
let let
failed = failed = builtins.filter ({ assertion, ... }:
builtins.filter ({ assertion, ... }: !assertion) !assertion
config.assertions; ) config.assertions;
in in
if failed != [] if failed != []
then throw '' then throw ''
@ -58,9 +52,9 @@ let
${self.lib.concatMapStringsSep "\n" ({ message, ... }: message) failed} ${self.lib.concatMapStringsSep "\n" ({ message, ... }: message) failed}
'' ''
else result; else result;
in
warn ( in warn (error ({
error ( inherit (result) options;
builtins.removeAttrs config [ "assertions" "warnings" "gpgKey" "salt-pillar" ]
) config = builtins.removeAttrs config [ "assertions" "warnings" ];
) }))

View File

@ -1,588 +0,0 @@
{ config, pkgs, lib, self, ... }:
let
mainServers = [ "server1" "server2" ];
cephMonServers = [ "server5" "server6" "server8" ];
pillar = self.lib.saltPillarFor "*";
clusterServerNets = [
"mgmt" "pub" "core" "serv"
"c3d2" "cluster" "bmx" "priv23"
];
clusterServerInterfaces = builtins.foldl' (result: net:
result // {
"${net}".type = "bridge";
}
) {} clusterServerNets;
renameAttr = from: to: attrset:
builtins.foldl' (result: name:
if name == from
then result // { "${to}" = attrset.${name}; }
else result // { "${name}" = attrset.${name}; }
) {} (builtins.attrNames attrset);
# HACK: `type = "phys"` works but once an LXC container is stopped
# the VLAN interface is not moved back.
forceVeth = interface: interface // {
type = "veth";
};
netHasDHCP = net:
net == "pub" ||
net == "serv" ||
builtins.match "priv[[:digit:]]+" net != null;
whoLinksTo = target:
builtins.attrNames (
lib.filterAttrs (hostName: { ports, ... }:
hostName != target &&
ports ? ${target}
) pillar.switches
);
in
{
options.salt-pillar = lib.mkOption {};
config.salt-pillar = pillar;
config.site.net = lib.mkMerge ([
(builtins.mapAttrs (_: vlan: { vlan = vlan; }) pillar.vlans)
(builtins.mapAttrs (_: subnet4: { inherit subnet4; }) pillar.subnets-inet)
(builtins.mapAttrs (_: hosts4: { inherit hosts4; }) pillar.hosts-inet)
(builtins.mapAttrs (net: dhcpData: {
dhcp = {
inherit (dhcpData) start end time max-time;
server =
if netHasDHCP net
then "${net}-gw"
else null;
fixed-hosts =
if dhcpData ? fixed-hosts
then dhcpData.fixed-hosts
else {};
router = dhcpData.host-opts.routers;
};
domainName = dhcpData.string-opts.domain-name;
}) pillar.dhcp)
{
core.ospf.secret = pillar.ospf.secret;
pub.dynamicDomain = true;
cluster.extraRecords = map (host: {
name = "_ceph-mon._tcp";
type = "SRV";
data = "1 1 6789 ${host}";
}) cephMonServers ++
lib.lists.imap0 (i: host: {
name = "mon${toString i}";
type = "CNAME";
data = "${host}";
}) cephMonServers;
c3d2.dynamicDomain = true;
c3d2.dhcp = {
server = "c3d2-gw3";
router = "c3d2-anon";
start = "172.22.99.100";
end = "172.22.99.199";
fixed-hosts = {
"astron.hq.c3d2.de" = "aa:00:5b:08:f0:5b";
"astrom.hq.c3d2.de" = "aa:00:5b:08:f0:5c";
"www1.hq.c3d2.de" = "aa:00:13:8b:03:47";
"dn42.hq.c3d2.de" = "aa:00:42:7a:32:46";
"icq.hq.c3d2.de" = "aa:00:30:f6:27:89";
"jabber1.hq.c3d2.de" = "aa:00:0b:19:8f:14";
"jabber2.hq.c3d2.de" = "aa:00:3d:6a:23:b8";
"wiefelspuetz.hq.c3d2.de" = "aa:00:7f:01:8a:d0";
"git.hq.c3d2.de" = "aa:00:47:d8:57:10";
"fernandopoo.hq.c3d2.de" = "aa:00:f7:52:85:27";
"moleflap.hq.c3d2.de" = "aa:00:0d:b1:6c:67";
"wormhole.hq.c3d2.de" = "00:23:c3:d2:00:76";
"sharing.hq.c3d2.de" = "00:23:c3:d2:75:18";
"drucker.hq.c3d2.de" = "00:23:c3:d2:12:0f";
"knot.hq.c3d2.de" = "52:54:cf:fd:ce:3f";
"bender.hq.c3de.de" = "00:23:df:7e:c8:0a";
"sofafon.hq.c3d2.de" = "b8:27:eb:23:8d:01";
"schalter.hq.c3d2.de" = "b8:27:eb:4c:be:ff";
"beere.hq.c3d2.de" = "b8:27:eb:ac:65:d2";
"ledball1.hq.c3d2.de" = "b8:27:eb:53:0b:27";
"cider.hq.c3d2.de" = "00:0d:93:75:ee:fa";
"semanta.hq.c3d2.de" = "00:ff:e4:bb:ea:2a";
"leviathan.hq.c3d2.de" = "00:ff:08:31:db:e5";
"beere2.hq.c3d2.de" = "b8:27:eb:53:0b:27";
"feile.hq.c3d2.de" = "aa:00:5b:12:c1:f7";
"matemat.hq.c3d2.de" = "a2:1b:7c:e8:19:72";
"172.22.99.98" = "08:00:27:aa:90:e2";
"172.22.99.96" = "08:00:27:bb:8c:b3";
"batman.hq.c3d2.de" = "5c:cf:7f:c0:05:28";
"monit.hq.c3d2.de" = "00:23:ae:94:e7:19";
"storage2.hq.c3d2.de" = "42:5e:0f:4e:f3:cc";
"server2.hq.c3d2.de" = "d0:67:e5:f3:57:10";
"server3.hq.c3d2.de" = "e4:1f:13:2e:4f:c0";
"server4.hq.c3d2.de" = "00:9c:02:a9:26:01";
"minecraft.hq.c3d2.de" = "4a:57:d3:64:fe:e9";
"ustriper.hq.c3d2.de" = "aa:bb:95:33:bb:aa";
"lisbeth.hq.c3d2.de" = "b8:27:eb:a5:ee:5c";
"ruststripe1.hq.c3d2.de" = "06:32:0e:39:21:69";
"fhem.hq.c3d2.de" = "b8:27:eb:9e:8b:db";
"glotzbert.hq.c3d2.de" = "ec:a8:6b:fe:b4:cb";
"pulsebert.hq.c3d2.de" = "b8:27:eb:16:31:61";
"dacbert.hq.c3d2.de" = "dc:a6:32:31:b6:32";
"public-access-proxy.hq.c3d2.de" = "12:24:5f:bd:9b:e7";
"marenz-build.hq.c3d2.de" = "44:1e:a1:59:2e:e8";
"ledbeere.hq.c3d2.de" = "b8:27:eb:60:99:59";
};
time = 86400;
max-time = 30 * 86400;
};
}
# net priv* settings
(
builtins.mapAttrs (netName: _: {
dynamicDomain = true;
}) (
lib.filterAttrs (netName: _:
builtins.match "priv[[:digit:]]+" netName != null
) pillar.hosts-inet
)
)
] ++ (
map (ctx:
builtins.mapAttrs (_: subnet: { subnets6.${ctx} = subnet; }) pillar.subnets-inet6.${ctx}
) (builtins.attrNames pillar.subnets-inet6)
) ++ (
map (ctx:
builtins.mapAttrs (_: subnet: { hosts6.${ctx} = subnet; }) pillar.hosts-inet6.${ctx}
) (builtins.attrNames pillar.hosts-inet6)
));
config.site.hosts = lib.mkMerge (
[
{ # Static definitions
mgmt-gw.firewall.enable = true;
priv13-gw.firewall.enable = true;
dns.services.dns.enable = true;
dnscache = {
role = "container";
interfaces.serv = {
gw4 = "serv-gw";
gw6 = "serv-gw";
type = "veth";
};
services.dnscache.enable = true;
};
upstream1.interfaces.up1.upstream = {
provider = "vodafone";
staticIpv4Address = "24.134.104.53";
noNat.subnets6 = [
"2a02:8106:208:5200::/56"
];
};
upstream2.interfaces.up2.upstream = {
provider = "vodafone";
noNat.subnets6 = [
"2a02:8106:208:e900::/56"
];
};
upstream3.interfaces.up3.upstream.provider = "starlink";
upstream4.interfaces.up4-pppoe = {
type = "pppoe";
upstream = {
provider = "dsi";
link = "up4";
staticIpv4Address = "81.201.149.152";
upBandwidth = 98000;
noNat.subnets6 = [
"2a00:8180:2000:37::1/128"
"2a00:8180:2c00:200::/56"
];
};
};
upstream1.ospf.upstreamInstance = 3;
upstream2.ospf.upstreamInstance = 4;
anon1.ospf.upstreamInstance = 5;
freifunk.ospf.upstreamInstance = 6;
upstream3.ospf.upstreamInstance = 7;
upstream4.ospf.upstreamInstance = 8;
c3d2-gw1.ospf.allowedUpstreams = [ "upstream3" "upstream4" "upstream1" "anon1" "freifunk" ];
c3d2-gw2.ospf.allowedUpstreams = [ "upstream1" "upstream3" "upstream4" "anon1" "freifunk" ];
c3d2-gw3.ospf.allowedUpstreams = [ "upstream4" "upstream3" "upstream1" "anon1" "freifunk" ];
serv-gw.ospf.allowedUpstreams = [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ];
cls-gw.ospf.allowedUpstreams = [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ];
mgmt-gw.ospf.allowedUpstreams = [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ];
bgp.ospf.allowedUpstreams = [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ];
anon1.ospf.allowedUpstreams = [ "upstream1" "upstream3" "upstream4" "freifunk" ];
priv17-gw-up3.ospf.allowedUpstreams = [ "upstream3" "upstream4" "upstream1" "anon1" "freifunk" ];
pub-gw.ospf.allowedUpstreams = [ "anon1" "freifunk" ];
c3d2-anon.ospf.allowedUpstreams = [ "anon1" "freifunk" ];
upstream4.forwardPorts = [
{
destination = config.site.net.serv.hosts4.public-access-proxy;
proto = "tcp";
sourcePort = 80;
}
{
destination = config.site.net.serv.hosts4.public-access-proxy;
proto = "tcp";
sourcePort = 443;
}
{
destination = config.site.net.serv.hosts4.bind;
proto = "tcp";
sourcePort = 53;
reflect = false;
}
{
destination = config.site.net.serv.hosts4.bind;
proto = "udp";
sourcePort = 53;
reflect = false;
}
{
destination = config.site.net.c3d2.hosts4.dn42;
proto = "udp";
sourcePort = 2325;
}
{
destination = config.site.net.c3d2.hosts4.dn42;
proto = "udp";
sourcePort = 2399;
}
{
destination = config.site.net.c3d2.hosts4.dn42;
proto = "udp";
sourcePort = 2327;
}
{
destination = config.site.net.c3d2.hosts4.dn42;
proto = "udp";
sourcePort = 2338;
}
{
destination = config.site.net.c3d2.hosts4.dn42;
proto = "udp";
sourcePort = 2339;
}
{
destination = config.site.net.c3d2.hosts4.dn42;
proto = "udp";
sourcePort = 40533;
}
{
destination = config.site.net.c3d2.hosts4.dn42;
proto = "udp";
sourcePort = 61699;
}
{
destination = "${config.site.net.serv.hosts4.leonos}:22";
proto = "tcp";
sourcePort = 2223;
}
{
destination = config.site.net.serv.hosts4.minetest;
proto = "udp";
sourcePort = 30000;
}
{
destination = "172.22.99.175:22";
proto = "tcp";
sourcePort = 2224;
}
{ # Gitea ssh
destination = config.site.net.serv.hosts4.gitea;
proto = "tcp";
sourcePort = 22;
}
{ # Jabber C2S
destination = config.site.net.serv.hosts4.jabber;
proto = "tcp";
sourcePort = 5222;
}
{ # Jabber C2S+SSL
destination = config.site.net.serv.hosts4.jabber;
proto = "tcp";
sourcePort = 5223;
}
{ # Jabber S2S
destination = config.site.net.serv.hosts4.jabber;
proto = "tcp";
sourcePort = 5269;
}
{ # Jabber TURN
destination = config.site.net.serv.hosts4.jabber;
proto = "tcp";
sourcePort = 3478;
}
{ # Jabber TURN
destination = config.site.net.serv.hosts4.jabber;
proto = "tcp";
sourcePort = 3479;
}
{ # Jabber TURN
destination = config.site.net.serv.hosts4.jabber;
proto = "udp";
sourcePort = 3478;
}
{ # Jabber TURN
destination = config.site.net.serv.hosts4.jabber;
proto = "udp";
sourcePort = 3479;
}
{
destination = "${config.site.net.serv.hosts4.vps1}:22";
proto = "tcp";
sourcePort = 2225;
}
] ++ map (port: {
destination = config.site.net.serv.hosts4.mail;
proto = "tcp";
sourcePort = port;
}) [ 25 465 587 110 143 993 995 ];
server3.interfaces = clusterServerInterfaces;
server5.interfaces = clusterServerInterfaces;
server6.interfaces = clusterServerInterfaces;
server7.interfaces = clusterServerInterfaces;
server8.interfaces = clusterServerInterfaces;
server9.interfaces = clusterServerInterfaces;
ap-test1.interfaces = {
mgmt.type = "phys";
pub.type = "bridge";
c3d2.type = "bridge";
bmx.type = "bridge";
};
ap-test2.interfaces = {
mgmt.type = "phys";
pub.type = "bridge";
c3d2.type = "bridge";
bmx.type = "bridge";
};
ap4.links.switch-b2.ports = [ "wan" ];
ap6.links.switch-b2.ports = [ "wan" ];
ap21.links.switch-a1.ports = [ "lan" ];
ap27.links.switch-b2.ports = [ "wan" ];
ap32.links.switch-b2.ports = [ "lan" ];
ap33.links.switch-b2.ports = [ "lan" ];
ap36.links.switch-b2.ports = [ "wan" ];
ap43.links.switch-a1.ports = [ "wan" ];
ap44.links.switch-a1.ports = [ "lan" ];
ap45.links.switch-a1.ports = [ "lan" ];
ap46.links.switch-a1.ports = [ "lan" ];
ap47.links.switch-a1.ports = [ "lan" ];
ap48.links.switch-a1.ports = [ "lan" ];
ap49.links.switch-a1.ports = [ "lan" ];
ap50.links.switch-a1.ports = [ "lan" ];
ap52.links.switch-a1.ports = [ "lan" ];
ap28.links.ap3.ports = [ "wan" ];
ap3.links.ap28.ports = [ "lan:1" ];
ap3.links.c3d2.ports = lib.mkForce [
"lan:2"
"lan:3"
"lan:4"
];
ap34.links.ap42.ports = [ "lan" ];
ap42.links.priv4.ports = lib.mkForce [
"lan:1"
"lan:2"
"lan:4"
];
ap42.links.ap34.ports = [ "lan:3" ];
}
# host priv*-gw settings
(
builtins.mapAttrs (hostName: _: {
ospf.allowedUpstreams = [ "upstream4" "upstream3" "upstream1" "anon1" "freifunk" ];
}) (
lib.filterAttrs (hostName: _:
builtins.match "priv[[:digit:]]+-gw" hostName != null
) pillar.containers
)
)
(builtins.foldl' (result: hostName: result // {
"${hostName}" = {
role = "server";
interfaces = builtins.mapAttrs (net: _: {
type = "phys";
} // lib.optionalAttrs (net == "cluster") {
gw4 = "cls-gw";
gw6 = "cls-gw";
}) (
lib.filterAttrs (_: hosts: hosts ? ${hostName}) (
pillar.hosts-inet // (
builtins.foldl' (result: hosts: result // hosts) {} (builtins.attrValues pillar.hosts-inet6)
)
)
) // builtins.foldl' (result: container:
result // builtins.mapAttrs (net: interface: {
type = "bridge";
}) container.interfaces
) {} (builtins.attrValues pillar.containers);
};
}) {} mainServers)
(builtins.mapAttrs (_: switch: {
inherit (switch) model location password;
role = "switch";
interfaces.mgmt.type = "phys";
links = builtins.mapAttrs (_: { ports, group ? null, ... }: {
group = if group != null
then toString group
else null;
ports = map toString (
if builtins.isList ports
then ports
else [ ports ]
);
}) switch.ports;
}) pillar.switches)
(builtins.mapAttrs (hostName: ap: {
inherit (ap) model location password;
role = "ap";
interfaces = builtins.foldl' (interfaces: net: interfaces // {
"${net}" = {
type = "bridge";
};
}) {
mgmt = {
type = "phys";
gw4 = "mgmt-gw";
gw6 = "mgmt-gw";
};
} (
builtins.concatMap ({ ssids, ... }:
map ({ net, ... }: net) (builtins.attrValues ssids)
) (builtins.attrValues ap.radios)
);
links =
let
wanTargets = whoLinksTo hostName;
model = self.lib.getOpenwrtModel ap.model;
getPorts = regex:
map (port: {
port = port.port;
phys = port.port;
}.${port.type}) (
builtins.filter (port:
port ? port &&
builtins.match regex port.port != null
) (builtins.attrValues model.ports)
);
in
if model ? ports
then
if getPorts "wan" == [] && builtins.length wanTargets > 0
then {
# Only 1 Ethernet port, treat lan as uplink
"${builtins.head wanTargets}".ports = getPorts "lan";
}
else
lib.optionalAttrs (builtins.length wanTargets > 0) {
"${builtins.head wanTargets}".ports = getPorts "wan";
} // lib.optionalAttrs (ap ? lan-access) {
"${ap.lan-access}".ports = self.lib.unique (
getPorts "lan.*"
);
}
else
builtins.trace "No known ports for OpenWRT model ${ap.model}"
{};
wifi = ap.radios;
}) pillar.cpe)
(builtins.mapAttrs (name: container:
let
ctPillar = self.lib.saltPillarFor name;
in {
role = "container";
interfaces =
builtins.mapAttrs (net: interface:
renameAttr "gw" "gw4"
(forceVeth interface) // (
if ctPillar ? upstream &&
ctPillar.upstream.interface == net
then {
upstream.upBandwidth = ctPillar.upstream.up-bandwidth;
}
else {}
)
) container.interfaces;
wireguard =
lib.optionalAttrs (ctPillar ? wireguard-instances) (
builtins.mapAttrs (net: wgData: {
inherit (builtins.head wgData.peers) endpoint;
publicKey = (builtins.head wgData.peers).public_key;
privateKey = wgData.private_key;
addresses = builtins.filter builtins.isString (
builtins.split "[, ]+" wgData.addr
);
upBandwidth = ctPillar.upstream.up-bandwidth;
}) ctPillar.wireguard-instances);
ospf =
let
ospfConf = ctPillar.ospf;
in lib.optionalAttrs (ctPillar ? ospf && ospfConf ? stubnets-inet) {
stubNets4 = ospfConf.stubnets-inet;
} // lib.optionalAttrs (ctPillar ? ospf && ospfConf ? stubnets-inet6) {
stubNets6 = ospfConf.stubnets-inet6;
};
bgp =
if ctPillar ? bgp
then
let
bgpConf = ctPillar.bgp;
in {
inherit (bgpConf) asn;
peers = bgpConf.peers-inet // bgpConf.peers-inet6;
}
else null;
forwardPorts =
if ctPillar ? port-forwarding
then map ({ proto, port, to }: {
proto = proto;
sourcePort = port;
destination = to;
}) ctPillar.port-forwarding
else [];
}) pillar.containers)
] ++
(map (net:
builtins.mapAttrs (_: addr4: {
}) pillar.hosts-inet.${net}
) (builtins.attrNames pillar.hosts-inet)) ++
(builtins.concatMap (ctx:
map (net:
builtins.mapAttrs (_: addr6: {
}) pillar.hosts-inet6.${ctx}.${net}
) (builtins.attrNames pillar.hosts-inet6.${ctx})
) (builtins.attrNames pillar.hosts-inet6))
);
config.site.sshPubKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOFs2LdK23ysS0SSkXZuULUOCZHe1ZxvfOKj002J6rkvAaDLar9g5aKuiIV70ZR33A2rchoLMiM4pLLwoSAPJg1FgIgJjU+DFoWtiW+IjzKXdHHVspb2iOIhpfbfk8WC5HZ/6fPz4RUqadGQ43ImnMhSN0ge3s/oM48hpc96ne6tH+mGiugdPx8097NE9yTqJHi8deBhi3daeJH4eQeg66Fi+kDIAZv5TJ0Oca5h7PBd253/vf3l21jRH8u1D1trALv9KStGycTk5Nwih+OHx+Rnvue/B/nxgAz4I3mmQa+jhRlGaQVG0MtOBRY3Ae7ZNqhjuefDUCM2hwG70toU9xDUw0AihC2ownY+P2PjssoG1O8f/D7ilw7qrXJHEeM8HwzqMH8X4ELYHaHTwjeWfZTTFev1Djr969LjdS1UZzqCZHO0jmQ5Pa3eXw8xcoprtt620kYLTKSMs6exLstE48o57Yqfn+eTJDy7EkcjiLN6GNIi42b9Z73xXNpZx1WR9O6OulJf/6pWgrApasvxiGmxxILq98s1/VnZkOFXR8JXnpvKHEIOIr3bFQu3GLCrzY2Yuh4NL5wy6lcZNTr/0rr6AO24IbEWM7TApbXnKA5XQhAbThrVsuFBdT3+bBP2nedvWQ0W+Q6SUf+8T2o5InnFqs5ABnTixBItiWw+9BiQ== root@server1"
];
}

View File

@ -208,6 +208,14 @@ let
default = []; default = [];
description = "Do not NAT66 traffic from these public static subnets"; description = "Do not NAT66 traffic from these public static subnets";
}; };
user = mkOption {
type = with types; nullOr str;
default = null;
};
password = mkOption {
type = with types; nullOr str;
default = null;
};
}; };
interfaceOpts = { name, ... }: { interfaceOpts = { name, ... }: {
@ -503,6 +511,10 @@ in
sshPubKeys = mkOption { sshPubKeys = mkOption {
type = with types; listOf str; type = with types; listOf str;
}; };
dyndnsKey = mkOption {
type = types.str;
};
}; };
config.warnings = config.warnings =

View File

@ -1,13 +1,7 @@
{ self, gpgKey, pkgs, openwrt }: { self, pkgs, openwrt }:
rec { rec {
config = import ./config { inherit self pkgs gpgKey; }; config = (import ./config { inherit self pkgs; }).config;
saltPillarFor = import ./salt-support/salt-pillar.nix {
inherit pkgs gpgKey;
};
expandSaltTemplate = import ./salt-support/expand-template.nix { inherit pkgs; };
netmasks = import ./netmasks.nix; netmasks = import ./netmasks.nix;

View File

@ -1,23 +0,0 @@
{ pkgs ? import <nixpkgs> {}
}:
name: template: data:
let
jsonFile =
builtins.toFile "data.json" (builtins.toJSON data);
j2custom =
builtins.toFile "j2custom.py" ''
def j2_environment(env):
env.globals.update(
zip=zip
)
return env
'';
in
pkgs.runCommandLocal name {
nativeBuildInputs = with pkgs; [
pythonPackages.j2cli yaml2json
];
} ''
j2 --customize ${j2custom} -f json ${template} ${jsonFile} > $out
''

View File

@ -1,47 +0,0 @@
{ pkgs ? import <nixpkgs> {}
, gpgKey
}:
with pkgs.lib;
let
loadYaml = import ./load-yaml.nix { inherit pkgs; };
decryptMessage = x:
if gpgKey == null
then "encrypted"
else
builtins.readFile (
pkgs.runCommandLocal "decrypted-salt-value" {
nativeBuildInputs = [ pkgs.gnupg ];
} ''
export GNUPGHOME=$(mktemp -d)
gpg --import ${gpgKey}
gpg -d > $out << EOF
${x}
EOF
''
);
decrypt = x:
if builtins.isString x
then if builtins.substring 0 27 x == "-----BEGIN PGP MESSAGE-----"
then decryptMessage x
else x
else if builtins.isList x
then map decrypt x
else if builtins.isAttrs x
then builtins.mapAttrs (_: decrypt) x
else x;
loadSls = files:
decrypt (
builtins.foldl' (result: filename:
recursiveUpdate result (loadYaml filename)
) {} files
);
in
files:
if builtins.isList files
then loadSls files
else loadSls [ files ]

View File

@ -1,17 +0,0 @@
{ pkgs ? import <nixpkgs> {}
}:
path:
let
json = pkgs.runCommandLocal "desalinated-${builtins.baseNameOf path}" {
nativeBuildInputs = with pkgs; [
pythonPackages.j2cli ruby yaml2json
];
} ''
j2 ${path} > expanded.yaml
yaml2json < expanded.yaml > $out
'';
in
builtins.fromJSON (
builtins.readFile json
)

View File

@ -1,66 +0,0 @@
{ pkgs ? import <nixpkgs> {}
, ...
}@args:
hostName:
let
loadSls = import ./load-sls.nix args;
pillarBase = (loadSls ../../../salt-pillar/top.sls).base;
globToRegex = builtins.replaceStrings ["*"] [".*"];
baseMatches =
if hostName == "*"
then
builtins.attrNames pillarBase
else
builtins.filter (patterns:
pkgs.lib.any (pattern:
builtins.match (globToRegex pattern) hostName != null
) (
builtins.filter builtins.isString (
builtins.split " or " patterns
)
)
) (builtins.attrNames pillarBase);
fileIds = builtins.foldl' (result: matchName:
result ++ pillarBase.${matchName}
) [] baseMatches;
allFilePaths = pkgs.lib.filesystem.listFilesRecursive ../../../salt-pillar;
files = map (fileId:
let
parts = builtins.filter builtins.isString (
builtins.split "\\." fileId
);
matches = builtins.filter (filePath:
let
suffix1 = builtins.concatStringsSep "/" (parts ++ [ "init.sls" ]);
suffix2 = (builtins.concatStringsSep "/" parts) + ".sls";
check = suffix:
endsWith suffix (builtins.toString filePath);
in
check suffix1 || check suffix2
) allFilePaths;
matchesLength = builtins.length matches;
in
if matchesLength == 0
then throw "No pillar file for ${fileId}"
else if matchesLength > 1
then throw "Ambiguous choice of files for ${fileId}"
else builtins.head matches
) fileIds;
endsWith = suffix: s:
let
suffixLen = builtins.stringLength suffix;
sLen = builtins.stringLength s;
in
builtins.substring (sLen - suffixLen) suffixLen s == suffix;
in
loadSls files

View File

@ -24,7 +24,7 @@ in
ddns-update-style standard; ddns-update-style standard;
key dyndns { key dyndns {
algorithm hmac-sha256; algorithm hmac-sha256;
secret ${inputs.zentralwerk-network-key.lib.dyndnsKey}; secret ${config.site.dyndnsKey};
}; };
zone ${domainName}. { zone ${domainName}. {
primary ${config.site.net.serv.hosts4.dns}; primary ${config.site.net.serv.hosts4.dns};

View File

@ -122,7 +122,7 @@ in
extraConfig = '' extraConfig = ''
key "dyndns" { key "dyndns" {
algorithm hmac-sha256; algorithm hmac-sha256;
secret "${inputs.zentralwerk-network-key.lib.dyndnsKey}"; secret "${config.site.dyndnsKey}";
}; };
''; '';
extraOptions = '' extraOptions = ''
@ -159,7 +159,7 @@ in
path = [ pkgs.dnsutils ]; path = [ pkgs.dnsutils ];
script = '' script = ''
${lib.concatMapStrings (zone: '' ${lib.concatMapStrings (zone: ''
nsupdate -y "hmac-sha256:dyndns:${inputs.zentralwerk-network-key.lib.dyndnsKey}" <<EOF nsupdate -y "hmac-sha256:dyndns:${config.site.dyndnsKey}" <<EOF
server localhost server localhost
${lib.concatMapStringsSep "\n" ({ name, type, data }: '' ${lib.concatMapStringsSep "\n" ({ name, type, data }: ''

View File

@ -7,8 +7,6 @@ let
lib.filterAttrs (_: { type, ... }: type == "pppoe") lib.filterAttrs (_: { type, ... }: type == "pppoe")
hostConf.interfaces; hostConf.interfaces;
inherit (inputs.zentralwerk-network-key.lib.pppoe.${hostName}) user password;
in lib.mkIf (pppoeInterfaces != {}) { in lib.mkIf (pppoeInterfaces != {}) {
boot.postBootCommands = '' boot.postBootCommands = ''
if [ ! -c /dev/ppp ]; then if [ ! -c /dev/ppp ]; then
@ -16,12 +14,15 @@ in lib.mkIf (pppoeInterfaces != {}) {
fi fi
''; '';
environment.etc."ppp/pap-secrets".text = '' environment.etc."ppp/pap-secrets".text = lib.concatMapStrings (ifName:
"${user}" * "${password}" let
''; inherit (pppoeInterfaces.${ifName}) user password;
in ''
"${user}" * "${password}"
'') (builtins.attrNames pppoeInterfaces);
services.pppd = { services.pppd = {
enable = true; enable = true;
peers = builtins.mapAttrs (ifName: { upstream, ... }: { peers = builtins.mapAttrs (ifName: { upstream, user, ... }: {
enable = true; enable = true;
autostart = true; autostart = true;
config = '' config = ''
@ -48,7 +49,6 @@ in lib.mkIf (pppoeInterfaces != {}) {
default-asyncmap default-asyncmap
mtu 1492 mtu 1492
# IP settings. # IP settings.
#noipdefault
defaultroute defaultroute
+ipv6 +ipv6
defaultroute6 defaultroute6

View File

@ -12,18 +12,33 @@ let
nixpkgs.lib.generators.toPretty {} config nixpkgs.lib.generators.toPretty {} config
); );
salt-pillar-file = hostName: builtins.toFile "${hostName}.yaml" ( encrypt-secrets = pkgs.writeScriptBin "encrypt-secrets" ''
nixpkgs.lib.generators.toPretty {} (self.lib.saltPillarFor hostName) #! ${pkgs.runtimeShell} -e
);
salt-pillars = builtins.foldl' (result: hostName: result // { cd config
"${hostName}-pillar" = pkgs.runCommandLocal "${hostName}-pillar.nix" {} '' exec ${pkgs.gnupg}/bin/gpg --armor --batch --trust-model always \
cp ${salt-pillar-file hostName} $out --encrypt -r 1F0F221A7483B5EF5D103D8B32EBADE870BAF886 \
''; < secrets-production.nix \
}) {} ( > secrets-production.nix.gpg
builtins.filter (hostName: '';
builtins.elem config.site.hosts.${hostName}.role [ "server" "container" ] decrypt-secrets = pkgs.writeScriptBin "decrypt-secrets" ''
) (builtins.attrNames config.site.hosts) #! ${pkgs.runtimeShell} -e
);
cd config
[ -e secrets-production.nix ] && \
mv secrets-production.nix secrets-production.nix.old
exec ${pkgs.gnupg}/bin/gpg -d \
> secrets-production.nix \
< secrets-production.nix.gpg
'';
switch-to-production = pkgs.writeScriptBin "decrypt-secrets" ''
#! ${pkgs.runtimeShell} -e
${decrypt-secrets}
cd config
cp secrets-production.nix secrets.nix
'';
network-graphs = import ./network-graphs.nix { inherit config pkgs; }; network-graphs = import ./network-graphs.nix { inherit config pkgs; };
@ -65,6 +80,7 @@ let
inherit pkgs; inherit pkgs;
}; };
in in
salt-pillars // rootfs-packages // vm-packages // device-templates // network-graphs // starlink // { rootfs-packages // vm-packages // device-templates // network-graphs // starlink // {
inherit export-openwrt-models export-config dns-slaves; inherit export-openwrt-models export-config dns-slaves
encrypt-secrets decrypt-secrets switch-to-production;
} }

View File

@ -1,38 +0,0 @@
bind:
root-domain:
dn42: zentralwerk.dn42
up1: zentralwerk.org
master-ns:
dn42: dns.serv.zentralwerk.dn42
up1: dns.serv.zentralwerk.org
public-ns:
dn42:
- dns.serv.zentralwerk.dn42
up1:
- ns.c3d2.de
slaves:
# ns.c3d2.de
- 217.197.84.53
- 2001:67c:1400:2240::a
# dns.spaceboyz.net
- 172.22.24.4
- 2a01:4f9:4b:39ec::4
serial: 2021031200
reverse-zones-inet:
- 72.20.172.in-addr.arpa
- 73.20.172.in-addr.arpa
- 74.20.172.in-addr.arpa
- 75.20.172.in-addr.arpa
- 76.20.172.in-addr.arpa
- 77.20.172.in-addr.arpa
- 78.20.172.in-addr.arpa
- 79.20.172.in-addr.arpa
reverse-zones-inet6:
dn42:
- 8.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
- c.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
up1:
- 8.2.5.8.0.2.0.6.0.1.8.2.0.a.2.ip6.arpa
- c.2.5.8.0.2.0.6.0.1.8.2.0.a.2.ip6.arpa

View File

@ -1,18 +0,0 @@
#!yaml|gpg
dyndns:
anon1:
interface: ipredator
secret: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQgAjh9ugkiUCwnXHHJP7mJqmjnS6shfTXMqPYeR1KTwIWvC
xOSxQBvD/WYOg/p6Jai+dB5TAvI0l1G4oaaii3OoKot0flJPzWR5IgBHJBmDEuii
/pinHD4JpNTDPb2OBE/UXZjyJ4XGCwh8yVaOr5LmRPuB/DMfxk6FpPpDps6n5ioT
i9RkvgZTtyk8nyb3Q+Gg051vXKYOHiZbOtu08GRMDqBjkBwWAaVCWc/ts4Gs0SjG
GgxWR6VWhMSWIbuJmFY5Bix6rRuI6cVY48Xg+/aQXxrSMjI3SKjpeJ0Otn7Hi1Fh
vK6mIZtyESsNt3qHd65GPWJ0PPLiOg6M0peC9rfJgdJnAYq2n/f89jfraVTK3gYL
ch7EWeGAJbqf7srcDqjL/kHVSVrLlh3GSpFZsyD3hOeGMWrkQnnVrMBLo2oAoQSp
bVh+AjIkctnwHJSDS6FsijrQJicLVu/tG/Sg9PqELvWzMf+LvRL49Q==
=zrkj
-----END PGP MESSAGE-----

View File

@ -1,18 +0,0 @@
#!yaml|gpg
dyndns:
upstream1:
interface: up1
secret: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQgAlT62OyjlGRcQ8/RivPsFfJfVSoNhGFFbSm+1yfA7Efav
d/ELCj86zXTvYoa4S8jEvd6iqsKOukINlCkYHR3p5Qs31bsSh/B+0B09fksp7d4O
NCE4VVInZe9HY7DpSFEsu44gbit2MJKhhbtozkyEwn3dGaXHmGEWqS1V20fLFeUA
r1ZwqyI6nFHT28thugt36r6/ZblkeZDqH77JuR/AnIsCFtykErZsiTQiiuiiOrvU
/m0kTz0jHBVSRuil3+4uibOWf2eDPuLukD2RXszGnaaq066vlRVyTKTchVjBnqDs
tNYls0rmr6UOOQid7N0BcCjYKKkoF6AVb3R1eA1yG9JnAeSx1KAmIrzfYLJ/eRkw
CPXogzxlMQt1i4fNRVUPWX+V9SHsbw/bp0CgaI1FJsfnVL4+BZejxTpGvybuKR+O
ejuUPineVymhVULbK2bbUGhpn0aaaKmV4CmZusueHg2W2lpJS0UozQ==
=krxI
-----END PGP MESSAGE-----

View File

@ -1,18 +0,0 @@
#!yaml|gpg
dyndns:
upstream2:
interface: up2
secret: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf/dsFJZ7Ud81pppjYXlOAEe1Zz+VqFaR+8kjzTE1uSxqNF
cI3asqGG1ltqY4CNJ0Sw6dzFKgCvBMxY2PlAKi2W/d4VXW+Eq3fuLA9g8AZ3FHxL
8LgBaxoIuue8lI3FpQk3rbkhnELbwTp8A6Y0TCqexDp7NyieaHdsFkkg9lJn268B
RsIsg2n3ZlpPw6PgQ1qz0hqTlSIi/FyVTX0JLQ7GIpiPZPPsEtT0A62adkla0x4+
fkrqPBC3jD5ICz/mytkmwWilmkZHO+VXF7juAmwLnmp69w1yhsohVK1mecme60Rt
w6i6cVhvg/EaQnqhKxusLi3DnroaVTwU9wvw3aBiN9JnATYs/Y9LotYP3/4tiPO1
c45aNN6Oz/s7RwjTjiZv0LqnoXVLYPF2a0xok5eIklwp2f/wp7jh/SelJCZHY7H4
dx2TiwNW89qYfN4GNmfie+LgJDqs9DEZPBDDwjYBIPDMsh7kZiTo5A==
=pVXt
-----END PGP MESSAGE-----

View File

@ -1,21 +0,0 @@
ospf:
stubnets-inet:
- 172.20.0.0/14
- 10.0.0.0/8
stubnets-inet6:
- fd00::/8
- 2a02:8106:208:5200::/56
- 2a02:8106:211:e900::/56
bgp:
asn: 4242421127
peers-inet:
# dn42.hq.c3d2.de
'172.22.99.253':
asn: 64699
peers-inet6:
# dn42.hq.c3d2.de
'fe80::a800:42ff:fe7a:3246%c3d2':
asn: 64699

View File

@ -1,15 +0,0 @@
#!yaml|gpg
ospf:
secret: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf/UzB2wsDsIfUEIEx20IehQbTkw5A9gCYnuW09lvkzxlgY
IHDh8arul9ED7GFdVBja5cZVCs/dzqG0j+uP8zAwMjBLvvS6AopFnVdZnM0ANLth
WCam9LxN+pxweD5DugODYzHZq2I3ktDqUAXwG0ORT4RyrM3kqP1hmWq9pP37breA
QabQG4BF6hCx09P2MN/Wvy//9RNwNWlMsM2UAvsau+t35y3UEr/UbMNYYYPXKt2l
fcQntwl2VEDin9XbrskBxQzACvn0rthUZwJ8n1oB8m3f7uGw6kIEf3eZ0eSQHafm
8MwVeLqsw0ZDIww2Oi4+RWLrFPa8bwJO1U2C6k/8qNJLAelPUBWkCetDoRlf1xEh
Umyi2PS5RIeUU49CoAMbrIsjUsQTBjYwTdiGCvH0RL5NIgWWaxoO3913AliIDUBh
bQaDO9GE1xb//lO+
=4yPK
-----END PGP MESSAGE-----

View File

@ -1,33 +0,0 @@
radv:
pub-gw:
pub:
rdnss:
- dnscache.serv
dnssl:
- pub.zentralwerk.org
serv-gw:
serv:
rdnss:
- dnscache.serv
dnssl:
- serv.zentralwerk.org
cls-gw:
serv:
rdnss:
- dnscache.serv
dnssl:
- cluster.zentralwerk.org
c3d2-gw1:
c3d2:
rdnss:
- dnscache.serv
dnssl:
- hq.c3d2.de
{%- for i in range(1, 62) %}
priv{{ i }}-gw:
priv{{ i }}:
rdnss:
- dnscache.serv
dnssl:
- priv{{ i }}.zentralwerk.org
{%- endfor %}

View File

@ -1,5 +0,0 @@
collectd:
network: client
interface: True
conntrack: True
dhcpcount: True

View File

@ -1,14 +0,0 @@
collectd:
network: client
irq: True
cpu: True
load: True
memory: True
swap: True
entropy: True
disk: True
df: True
processes: True
hddtemp: True
sensors: True
thermal: True

View File

@ -1,8 +0,0 @@
collectd:
network: server
disk: True
df: True
rrdtool:
DataDir: "/var/lib/collectd/rrd"
CacheTimeout: 300
CacheFlush: 600

View File

@ -1,8 +0,0 @@
collectd:
network: client
interface: True
ping:
- google.de
- 8.8.8.8
- www.vodafone.de
conntrack: True

File diff suppressed because it is too large Load Diff

View File

@ -1,525 +0,0 @@
dhcp:
pub:
start: 172.20.78.2
end: 172.20.79.254
time: 300
max-time: 3600
lower-max-time: 50
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: pub-gw.pub
string-opts:
domain-name: pub.zentralwerk.org
priv1:
start: 172.20.74.2
end: 172.20.74.14
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv1-gw.priv1
string-opts:
domain-name: priv1.zentralwerk.org
priv2:
start: 172.20.75.2
end: 172.20.75.31
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv2-gw.priv2
string-opts:
domain-name: priv2.zentralwerk.org
fixed-hosts:
172.20.75.7: 60:33:4b:0b:cd:fc
172.20.75.9: 00:11:32:22:95:79
priv3:
start: 172.20.74.130
end: 172.20.74.142
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv3-gw.priv3
string-opts:
domain-name: priv3.zentralwerk.org
priv4:
start: 172.20.75.130
end: 172.20.75.142
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv4-gw.priv4
string-opts:
domain-name: priv4.zentralwerk.org
priv5:
start: 172.20.74.66
end: 172.20.74.78
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv5-gw.priv5
string-opts:
domain-name: priv5.zentralwerk.org
priv6:
start: 172.20.74.194
end: 172.20.74.206
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv6-gw.priv6
string-opts:
domain-name: priv6.zentralwerk.org
priv7:
start: 172.20.75.66
end: 172.20.75.78
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv7-gw.priv7
string-opts:
domain-name: priv7.zentralwerk.org
priv8:
start: 172.20.75.194
end: 172.20.75.206
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv8-gw.priv8
string-opts:
domain-name: priv8.zentralwerk.org
priv9:
start: 172.20.74.34
end: 172.20.74.46
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv9-gw.priv9
string-opts:
domain-name: priv9.zentralwerk.org
priv10:
start: 172.20.74.98
end: 172.20.74.110
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv10-gw.priv10
string-opts:
domain-name: priv10.zentralwerk.org
priv11:
start: 172.20.74.162
end: 172.20.74.174
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv11-gw.priv11
string-opts:
domain-name: priv11.zentralwerk.org
priv12:
start: 172.20.74.226
end: 172.20.74.238
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv12-gw.priv12
string-opts:
domain-name: priv12.zentralwerk.org
priv13:
start: 172.20.75.34
end: 172.20.75.46
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv13-gw.priv13
string-opts:
domain-name: priv13.zentralwerk.org
priv14:
start: 172.20.75.98
end: 172.20.75.110
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv14-gw.priv14
string-opts:
domain-name: priv14.zentralwerk.org
priv15:
start: 172.20.75.162
end: 172.20.75.174
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv15-gw.priv15
string-opts:
domain-name: priv15.zentralwerk.org
priv16:
start: 172.20.75.226
end: 172.20.75.238
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv16-gw.priv16
string-opts:
domain-name: priv16.zentralwerk.org
priv17:
start: 172.20.73.131
end: 172.20.73.158
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv17-gw.priv17
string-opts:
domain-name: priv17.zentralwerk.org
priv18:
start: 172.20.74.50
end: 172.20.74.62
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv18-gw.priv18
string-opts:
domain-name: priv18.zentralwerk.org
priv19:
start: 172.20.73.194
end: 172.20.73.254
time: 120
# 30 days
max-time: 2592000
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv19-gw.priv19
string-opts:
domain-name: priv19.zentralwerk.org
priv20:
start: 172.20.74.114
end: 172.20.74.126
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv20-gw.priv20
string-opts:
domain-name: priv20.zentralwerk.org
priv21:
start: 172.20.74.146
end: 172.20.74.158
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv21-gw.priv21
string-opts:
domain-name: priv21.zentralwerk.org
priv22:
start: 172.20.74.178
end: 172.20.74.190
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv22-gw.priv22
string-opts:
domain-name: priv22.zentralwerk.org
priv23:
start: 172.20.73.165
end: 172.20.73.190
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv23-gw.priv23
string-opts:
domain-name: priv23.zentralwerk.org
fixed-hosts:
172.20.73.162: da:2c:3a:2c:87:22
172.20.73.163: ca:9f:27:b2:bf:6d
172.20.73.164: 60:01:94:6f:81:a6
priv24:
start: 172.20.74.242
end: 172.20.74.254
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv24-gw.priv24
string-opts:
domain-name: priv24.zentralwerk.org
priv25:
start: 172.20.74.82
end: 172.20.74.94
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv25-gw.priv25
string-opts:
domain-name: priv25.zentralwerk.org
priv26:
start: 172.20.75.50
end: 172.20.75.62
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv26-gw.priv26
string-opts:
domain-name: priv26.zentralwerk.org
priv27:
start: 172.20.75.82
end: 172.20.75.94
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv27-gw.priv27
string-opts:
domain-name: priv27.zentralwerk.org
priv28:
start: 172.20.75.114
end: 172.20.75.126
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv28-gw.priv28
string-opts:
domain-name: priv28.zentralwerk.org
priv29:
start: 172.20.75.146
end: 172.20.75.158
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv29-gw.priv29
string-opts:
domain-name: priv29.zentralwerk.org
priv30:
start: 172.20.75.178
end: 172.20.75.190
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv30-gw.priv30
string-opts:
domain-name: priv30.zentralwerk.org
priv31:
start: 172.20.75.210
end: 172.20.75.222
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv31-gw.priv31
string-opts:
domain-name: priv31.zentralwerk.org
priv32:
start: 172.20.75.242
end: 172.20.75.254
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv32-gw.priv32
string-opts:
domain-name: priv32.zentralwerk.org
priv33:
start: 172.20.74.18
end: 172.20.74.30
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv33-gw.priv33
string-opts:
domain-name: priv33.zentralwerk.org
priv34:
start: 172.20.74.210
end: 172.20.74.222
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv34-gw.priv34
string-opts:
domain-name: priv34.zentralwerk.org
priv35:
start: 172.20.76.2
end: 172.20.76.14
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv35-gw.priv35
string-opts:
domain-name: priv35.zentralwerk.org
priv36:
start: 172.20.76.66
end: 172.20.76.78
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv36-gw.priv36
string-opts:
domain-name: priv36.zentralwerk.org
priv37:
start: 172.20.76.130
end: 172.20.76.142
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv37-gw.priv37
string-opts:
domain-name: priv37.zentralwerk.org
priv38:
start: 172.20.76.194
end: 172.20.76.206
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv38-gw.priv38
string-opts:
domain-name: priv38.zentralwerk.org
priv39:
start: 172.20.77.130
end: 172.20.77.142
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv39-gw.priv39
string-opts:
domain-name: priv39.zentralwerk.org
priv40:
start: 172.20.77.66
end: 172.20.77.78
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv40-gw.priv40
string-opts:
domain-name: priv40.zentralwerk.org
priv41:
start: 172.20.77.194
end: 172.20.77.206
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv41-gw.priv41
string-opts:
domain-name: priv41.zentralwerk.org
priv42:
start: 172.20.76.34
end: 172.20.76.46
time: 120
max-time: 86400
opts:
domain-name-servers: "172.20.73.8, 9.9.9.9"
host-opts:
routers: priv42-gw.priv42
string-opts:
domain-name: priv42.zentralwerk.org

View File

@ -1,785 +0,0 @@
hosts-inet:
mgmt:
server1: 10.0.0.1
server2: 10.0.0.2
server3: 10.0.0.3
server4: 10.0.0.4
server5: 10.0.0.5
server6: 10.0.0.6
server7: 10.0.0.7
server8: 10.0.0.8
server9: 10.0.0.9
switch-b1: 10.0.0.10
switch-b2: 10.0.0.11
switch-c1: 10.0.0.12
switch-d1: 10.0.0.13
switch-c3d2-main: 10.0.0.14
switch-a1: 10.0.0.15
switch-a1-cpe: 10.0.0.16
switch-dach: 10.0.0.17
ap1: 10.0.0.41
ap2: 10.0.0.42
ap3: 10.0.0.43
ap4: 10.0.0.44
ap5: 10.0.0.45
ap6: 10.0.0.46
ap7: 10.0.0.47
ap8: 10.0.0.48
ap9: 10.0.0.49
ap10: 10.0.0.50
ap11: 10.0.0.51
ap12: 10.0.0.52
ap13: 10.0.0.53
ap14: 10.0.0.54
ap15: 10.0.0.55
ap16: 10.0.0.56
ap17: 10.0.0.57
ap18: 10.0.0.58
ap19: 10.0.0.59
ap20: 10.0.0.60
ap21: 10.0.0.61
ap22: 10.0.0.62
ap23: 10.0.0.63
ap24: 10.0.0.64
ap25: 10.0.0.65
ap26: 10.0.0.66
ap27: 10.0.0.67
ap28: 10.0.0.68
ap29: 10.0.0.69
ap30: 10.0.0.70
ap31: 10.0.0.71
ap32: 10.0.0.72
ap33: 10.0.0.73
ap34: 10.0.0.74
ap35: 10.0.0.75
ap36: 10.0.0.76
ap37: 10.0.0.77
ap38: 10.0.0.78
ap39: 10.0.0.79
ap40: 10.0.0.80
ap41: 10.0.0.81
ap42: 10.0.0.82
ap43: 10.0.0.83
ap44: 10.0.0.84
ap45: 10.0.0.85
ap46: 10.0.0.86
ap47: 10.0.0.87
ap48: 10.0.0.88
ap49: 10.0.0.89
ap50: 10.0.0.90
ap51: 10.0.0.91
ap52: 10.0.0.92
ap53: 10.0.0.93
ap54: 10.0.0.94
ap55: 10.0.0.95
ap56: 10.0.0.96
ap57: 10.0.0.97
ap58: 10.0.0.98
ap59: 10.0.0.99
ap60: 10.0.0.100
ap61: 10.0.0.101
ap62: 10.0.0.102
ap63: 10.0.0.103
ap64: 10.0.0.104
server1-ipmi: 10.0.0.201
server2-ipmi: 10.0.0.202
server3-ipmi: 10.0.0.203
server4-ipmi: 10.0.0.204
server5-ipmi: 10.0.0.205
server6-ipmi: 10.0.0.206
server7-ipmi: 10.0.0.207
server8-ipmi: 10.0.0.208
server9-ipmi: 10.0.0.209
monit: 10.0.0.250
logging: 10.0.0.251
mgmt-gw: 10.0.0.254
core:
server3: 172.20.72.53
server4: 172.20.72.54
server5: 172.20.72.55
server6: 172.20.72.56
server7: 172.20.72.57
server8: 172.20.72.58
server9: 172.20.72.59
serv-gw: 172.20.72.2
pub-gw: 172.20.72.3
priv1-gw: 172.20.72.4
priv2-gw: 172.20.72.5
upstream1: 172.20.72.6
anon1: 172.20.72.7
c3d2-gw1: 172.20.72.8
c3d2-anon: 172.20.72.9
upstream2: 172.20.72.10
upstream3: 172.20.72.11
upstream4: 172.20.72.12
priv3-gw: 172.20.72.13
priv4-gw: 172.20.72.14
priv5-gw: 172.20.72.15
priv6-gw: 172.20.72.16
priv7-gw: 172.20.72.17
priv8-gw: 172.20.72.18
priv9-gw: 172.20.72.19
priv10-gw: 172.20.72.20
priv11-gw: 172.20.72.21
priv12-gw: 172.20.72.22
priv13-gw: 172.20.72.23
priv14-gw: 172.20.72.24
priv15-gw: 172.20.72.25
priv16-gw: 172.20.72.26
bgp: 172.20.72.27
mgmt-gw: 172.20.72.28
cls-gw: 172.20.72.29
priv17-gw: 172.20.72.30
priv18-gw: 172.20.72.31
priv19-gw: 172.20.72.32
priv20-gw: 172.20.72.33
priv21-gw: 172.20.72.34
priv22-gw: 172.20.72.35
priv23-gw: 172.20.72.36
priv24-gw: 172.20.72.37
priv25-gw: 172.20.72.38
priv26-gw: 172.20.72.39
freifunk: 172.20.72.40
priv27-gw: 172.20.72.41
priv28-gw: 172.20.72.42
priv29-gw: 172.20.72.43
priv30-gw: 172.20.72.44
priv31-gw: 172.20.72.45
priv32-gw: 172.20.72.46
priv33-gw: 172.20.72.47
priv34-gw: 172.20.72.48
priv35-gw: 172.20.72.49
priv36-gw: 172.20.72.50
priv37-gw: 172.20.72.51
priv38-gw: 172.20.72.52
priv39-gw: 172.20.72.60
priv40-gw: 172.20.72.61
yggdrasil: 172.20.72.62
c3d2-gw2: 172.20.72.63
c3d2-gw3: 172.20.72.64
priv41-gw: 172.20.72.65
priv17-gw-up3: 172.20.72.66
priv42-gw: 172.20.72.67
pub:
pub-gw: 172.20.78.1
serv:
serv-gw: 172.20.73.1
dns: 172.20.73.2
stats: 172.20.73.3
radius: 172.20.73.4
zeit: 172.20.73.5
ntp: 172.20.73.5
minecraft: 172.20.73.6
used1: 172.20.73.7
dnscache: 172.20.73.8
used2: 172.20.73.9
used3: 172.20.73.10
used4: 172.20.73.11
used5: 172.20.73.12
logging: 172.20.73.13
used6: 172.20.73.14
c3d2-web: 172.20.73.15
deployer: 172.20.73.16
used7: 172.20.73.17
used8: 172.20.73.18
used9: 172.20.73.19
ipa: 172.20.73.20
matemat: 172.20.73.21
used10: 172.20.73.22
used11: 172.20.73.23
used12: 172.20.73.24
spaceapi: 172.20.73.25
used13: 172.20.73.26
mucbot: 172.20.73.27
used14: 172.20.73.28
used15: 172.20.73.29
used16: 172.20.73.30
used17: 172.20.73.31
scrape: 172.20.73.32
used18: 172.20.73.32
used19: 172.20.73.33
used20: 172.20.73.34
used21: 172.20.73.35
used22: 172.20.73.36
used23: 172.20.73.37
used24: 172.20.73.38
used25: 172.20.73.39
used26: 172.20.73.40
grafana: 172.20.73.43
kibana: 172.20.73.44
public-access-proxy: 172.20.73.45
marenz: 172.20.73.46
leonos: 172.20.73.47
minetest: 172.20.73.48
hydra: 172.20.73.49
netboot: 172.20.73.50
vps1: 172.20.73.51
ticker: 172.20.73.52
gitea: 172.20.73.53
stream: 172.20.73.54
jabber: 172.20.73.55
mobilizon: 172.20.73.56
radiobert: 172.20.73.57
mail: 172.20.73.58
keycloak: 172.20.73.59
sdrweb: 172.20.73.60
bind: 172.20.73.61
# TODO: generate from subnets
priv1:
priv1-gw: 172.20.74.1
priv9:
priv9-gw: 172.20.74.33
priv5:
priv5-gw: 172.20.74.65
priv10:
priv10-gw: 172.20.74.97
priv3:
priv3-gw: 172.20.74.129
priv11:
priv11-gw: 172.20.74.161
priv6:
priv6-gw: 172.20.74.193
priv12:
priv12-gw: 172.20.74.225
priv2:
priv2-gw: 172.20.75.1
priv13:
priv13-gw: 172.20.75.33
priv7:
priv7-gw: 172.20.75.65
priv14:
priv14-gw: 172.20.75.97
priv4:
priv4-gw: 172.20.75.129
priv15:
priv15-gw: 172.20.75.161
priv8:
priv8-gw: 172.20.75.193
priv16:
priv16-gw: 172.20.75.225
priv17:
priv17-gw: 172.20.73.129
priv17-gw-up3: 172.20.73.130
priv18:
priv18-gw: 172.20.74.49
priv19:
priv19-gw: 172.20.73.193
priv20:
priv20-gw: 172.20.74.113
priv21:
priv21-gw: 172.20.74.145
priv22:
priv22-gw: 172.20.74.177
priv23:
priv23-gw: 172.20.73.161
priv24:
priv24-gw: 172.20.74.241
priv25:
priv25-gw: 172.20.74.81
priv26:
priv26-gw: 172.20.75.49
priv27:
priv27-gw: 172.20.75.81
priv28:
priv28-gw: 172.20.75.113
priv29:
priv29-gw: 172.20.75.145
priv30:
priv30-gw: 172.20.75.177
priv31:
priv31-gw: 172.20.75.209
priv32:
priv32-gw: 172.20.75.241
priv33:
priv33-gw: 172.20.74.17
priv34:
priv34-gw: 172.20.74.209
priv35:
priv35-gw: 172.20.76.1
priv36:
priv36-gw: 172.20.76.65
priv37:
priv37-gw: 172.20.76.129
priv38:
priv38-gw: 172.20.76.193
priv39:
priv39-gw: 172.20.77.129
priv40:
priv40-gw: 172.20.77.65
priv41:
priv41-gw: 172.20.77.193
priv42:
priv42-gw: 172.20.76.33
cluster:
cls-gw: 172.20.77.1
{%- for i in range(2, 30) %}
server{{ i }}: 172.20.77.{{ i }}
{%- endfor %}
server1: 172.20.77.30
c3d2:
c3d2-anon: 172.22.99.1
c3d2-gw1: 172.22.99.2
c3d2-gw2: 172.22.99.3
c3d2-gw3: 172.22.99.4
bgp: 172.22.99.250
dn42: 172.22.99.253
hosts-inet-extra:
ipa: 172.20.73.20
hosts-inet6:
dn42:
mgmt:
server1: fd23:42:c3d2:580::1
server2: fd23:42:c3d2:580::2
switch-b1: fd23:42:c3d2:580::10
switch-b2: fd23:42:c3d2:580::11
switch-c1: fd23:42:c3d2:580::12
switch-d1: fd23:42:c3d2:580::13
switch-c3d2-main: fd23:42:c3d2:580::14
ap1: fd23:42:c3d2:580::4:1
ap2: fd23:42:c3d2:580::4:2
ap3: fd23:42:c3d2:580::4:3
ap4: fd23:42:c3d2:580::4:4
ap5: fd23:42:c3d2:580::4:5
ap6: fd23:42:c3d2:580::4:6
ap7: fd23:42:c3d2:580::4:7
ap8: fd23:42:c3d2:580::4:8
ap9: fd23:42:c3d2:580::4:9
ap10: fd23:42:c3d2:580::4:a
ap11: fd23:42:c3d2:580::4:b
ap12: fd23:42:c3d2:580::4:c
ap13: fd23:42:c3d2:580::4:d
ap14: fd23:42:c3d2:580::4:e
ap15: fd23:42:c3d2:580::4:f
ap16: fd23:42:c3d2:580::4:10
ap17: fd23:42:c3d2:580::4:11
ap18: fd23:42:c3d2:580::4:12
ap19: fd23:42:c3d2:580::4:13
ap20: fd23:42:c3d2:580::4:14
ap21: fd23:42:c3d2:580::4:15
ap22: fd23:42:c3d2:580::4:16
ap23: fd23:42:c3d2:580::4:17
ap24: fd23:42:c3d2:580::4:18
ap25: fd23:42:c3d2:580::4:19
ap26: fd23:42:c3d2:580::4:1a
ap27: fd23:42:c3d2:580::4:1b
ap28: fd23:42:c3d2:580::4:1c
ap29: fd23:42:c3d2:580::4:1d
ap30: fd23:42:c3d2:580::4:1e
ap31: fd23:42:c3d2:580::4:1f
ap32: fd23:42:c3d2:580::4:20
ap33: fd23:42:c3d2:580::4:21
ap34: fd23:42:c3d2:580::4:22
ap35: fd23:42:c3d2:580::4:23
ap36: fd23:42:c3d2:580::4:24
ap37: fd23:42:c3d2:580::4:25
ap38: fd23:42:c3d2:580::4:26
ap39: fd23:42:c3d2:580::4:27
ap40: fd23:42:c3d2:580::4:28
ap41: fd23:42:c3d2:580::4:29
ap42: fd23:42:c3d2:580::4:2a
ap43: fd23:42:c3d2:580::4:2b
ap44: fd23:42:c3d2:580::4:2c
ap45: fd23:42:c3d2:580::4:2d
ap46: fd23:42:c3d2:580::4:2e
ap47: fd23:42:c3d2:580::4:2f
ap48: fd23:42:c3d2:580::4:30
ap49: fd23:42:c3d2:580::4:31
ap50: fd23:42:c3d2:580::4:32
ap51: fd23:42:c3d2:580::4:33
ap52: fd23:42:c3d2:580::4:34
ap53: fd23:42:c3d2:580::4:35
ap54: fd23:42:c3d2:580::4:36
ap55: fd23:42:c3d2:580::4:37
ap56: fd23:42:c3d2:580::4:38
ap57: fd23:42:c3d2:580::4:39
ap58: fd23:42:c3d2:580::4:3a
ap59: fd23:42:c3d2:580::4:3b
ap60: fd23:42:c3d2:580::4:3c
ap61: fd23:42:c3d2:580::4:3d
ap62: fd23:42:c3d2:580::4:3e
ap63: fd23:42:c3d2:580::4:3f
ap64: fd23:42:c3d2:580::4:40
monit: fd23:42:c3d2:580::250
mgmt-gw: fd23:42:c3d2:580:ffff:ffff:ffff:ffff
core:
server1: fd23:42:c3d2:581::1
server2: fd23:42:c3d2:581::102
anon1: fd23:42:c3d2:581::9:1
serv-gw: fd23:42:c3d2:581::8:1
pub-gw: fd23:42:c3d2:581::8:2
c3d2-gw1: fd23:42:c3d2:581::c3d2:1
c3d2-gw2: fd23:42:c3d2:581::c3d2:2
c3d2-gw3: fd23:42:c3d2:581::c3d2:3
c3d2-anon: fd23:42:c3d2:581::c3d2:a
bgp: fd23:42:c3d2:581::c3d2:b
mgmt-gw: fd23:42:c3d2:581::8:3
upstream1: fd23:42:c3d2:581::b:0
upstream2: fd23:42:c3d2:581::b:1
upstream3: fd23:42:c3d2:581::b:2
upstream4: fd23:42:c3d2:581::b:3
priv1-gw: fd23:42:c3d2:581::c:0
priv2-gw: fd23:42:c3d2:581::c:1
priv3-gw: fd23:42:c3d2:581::c:2
priv4-gw: fd23:42:c3d2:581::c:3
priv5-gw: fd23:42:c3d2:581::c:4
priv6-gw: fd23:42:c3d2:581::c:5
priv7-gw: fd23:42:c3d2:581::c:6
priv8-gw: fd23:42:c3d2:581::c:7
priv9-gw: fd23:42:c3d2:581::c:8
priv10-gw: fd23:42:c3d2:581::c:9
priv11-gw: fd23:42:c3d2:581::c:a
priv12-gw: fd23:42:c3d2:581::c:b
priv13-gw: fd23:42:c3d2:581::c:c
priv14-gw: fd23:42:c3d2:581::c:d
priv15-gw: fd23:42:c3d2:581::c:e
priv16-gw: fd23:42:c3d2:581::c:f
priv17-gw: fd23:42:c3d2:581::c:10
priv18-gw: fd23:42:c3d2:581::c:11
priv19-gw: fd23:42:c3d2:581::c:12
priv20-gw: fd23:42:c3d2:581::c:13
priv21-gw: fd23:42:c3d2:581::c:14
priv22-gw: fd23:42:c3d2:581::c:15
priv23-gw: fd23:42:c3d2:581::c:16
priv24-gw: fd23:42:c3d2:581::c:17
priv25-gw: fd23:42:c3d2:581::c:18
priv26-gw: fd23:42:c3d2:581::c:19
priv27-gw: fd23:42:c3d2:581::c:1a
priv28-gw: fd23:42:c3d2:581::c:1b
priv29-gw: fd23:42:c3d2:581::c:1c
priv30-gw: fd23:42:c3d2:581::c:1d
priv31-gw: fd23:42:c3d2:581::c:1e
priv32-gw: fd23:42:c3d2:581::c:1f
priv33-gw: fd23:42:c3d2:581::c:20
priv34-gw: fd23:42:c3d2:581::c:21
priv35-gw: fd23:42:c3d2:581::c:22
priv36-gw: fd23:42:c3d2:581::c:23
priv37-gw: fd23:42:c3d2:581::c:24
priv38-gw: fd23:42:c3d2:581::c:25
priv39-gw: fd23:42:c3d2:581::c:26
priv40-gw: fd23:42:c3d2:581::c:27
priv41-gw: fd23:42:c3d2:581::c:28
priv42-gw: fd23:42:c3d2:581::c:29
freifunk: fd23:42:c3d2:581:8000::1
yggdrasil: fd23:42:c3d2:581:9000::1
serv:
serv-gw: fd23:42:c3d2:582::1
dns: fd23:42:c3d2:582:2:0:0:2
stats: fd23:42:c3d2:582:2:0:0:3
radius: fd23:42:c3d2:582:2:0:0:4
zeit: fd23:42:c3d2:582:2:0:0:5
netboot: fd23:42:c3d2:582:2:0:0:6
dnscache: fd23:42:c3d2:582:f096:dbff:fee8:427d
minetest: fd23:42:c3d2:582:c3a:42ff:fe5d:b20c
hydra: fd23:42:c3d2:582:e03c:d7ff:fe8e:fe16
logging: fd23:42:c3d2:582:6811:edff:fe40:89c6
mongo: fd23:42:c3d2:582:14ec:c8ff:fe0a:fc5c
radiobert: fd23:42:c3d2:582:e65f:1ff:fe5d:1679
spaceapi: fd23:42:c3d2:582:1457:adff:fe93:62e9
c3d2-web: fd23:42:c3d2:582:642e:95ff:fe34:49f9
mail: fd23:42:c3d2:582:88c0:41ff:fe70:d6cd
keycloak: fd23:42:c3d2:582:c48:bbff:fe87:721d
hydra: fd23:42:c3d2:582:e03c:d7ff:fe8e:fe16
grafana: fd23:42:c3d2:582:4042:fbff:fe4b:2de8
mobilizon: fd23:42:c3d2:582:48d1:5cff:fea7:1676
bind: fd23:42:c3d2:582:cd7:56ff:fe69:6366
jabber: fd23:42:c3d2:582:b869:ccff:fe46:902a
pub:
pub-gw: fd23:42:c3d2:583::1
priv1:
priv1-gw: fd23:42:c3d2:5c0::1
priv2:
priv2-gw: fd23:42:c3d2:5c1::1
priv3:
priv3-gw: fd23:42:c3d2:5c2::1
priv4:
priv4-gw: fd23:42:c3d2:5c3::1
priv5:
priv5-gw: fd23:42:c3d2:5c4::1
priv6:
priv6-gw: fd23:42:c3d2:5c5::1
priv7:
priv7-gw: fd23:42:c3d2:5c6::1
priv8:
priv8-gw: fd23:42:c3d2:5c7::1
priv9:
priv9-gw: fd23:42:c3d2:5c8::1
priv10:
priv10-gw: fd23:42:c3d2:5c9::1
priv11:
priv11-gw: fd23:42:c3d2:5ca::1
priv12:
priv12-gw: fd23:42:c3d2:5cb::1
priv13:
priv13-gw: fd23:42:c3d2:5cc::1
priv14:
priv14-gw: fd23:42:c3d2:5cd::1
priv15:
priv15-gw: fd23:42:c3d2:5ce::1
priv16:
priv16-gw: fd23:42:c3d2:5cf::1
priv17:
priv17-gw: fd23:42:c3d2:5d0::1
priv18:
priv18-gw: fd23:42:c3d2:5d1::1
priv19:
priv19-gw: fd23:42:c3d2:5d2::1
priv20:
priv20-gw: fd23:42:c3d2:5d3::1
priv21:
priv21-gw: fd23:42:c3d2:5d4::1
priv22:
priv22-gw: fd23:42:c3d2:5d5::1
priv23:
priv23-gw: fd23:42:c3d2:5d6::1
priv24:
priv24-gw: fd23:42:c3d2:5d7::1
priv25:
priv25-gw: fd23:42:c3d2:5d8::1
priv26:
priv26-gw: fd23:42:c3d2:5d9::1
priv27:
priv27-gw: fd23:42:c3d2:5da::1
priv28:
priv28-gw: fd23:42:c3d2:5db::1
priv29:
priv29-gw: fd23:42:c3d2:5dc::1
priv30:
priv30-gw: fd23:42:c3d2:5dd::1
priv31:
priv31-gw: fd23:42:c3d2:5de::1
priv32:
priv32-gw: fd23:42:c3d2:5df::1
priv33:
priv33-gw: fd23:42:c3d2:5e0::1
priv34:
priv34-gw: fd23:42:c3d2:5e1::1
priv35:
priv35-gw: fd23:42:c3d2:5e2::1
priv36:
priv36-gw: fd23:42:c3d2:5e3::1
priv37:
priv37-gw: fd23:42:c3d2:5e4::1
priv38:
priv38-gw: fd23:42:c3d2:5e5::1
priv39:
priv39-gw: fd23:42:c3d2:5e6::1
priv40:
priv40-gw: fd23:42:c3d2:5e7::1
priv41:
priv41-gw: fd23:42:c3d2:5e8::1
priv42:
priv42-gw: fd23:42:c3d2:5e9::1
cluster:
cls-gw: fd23:42:c3d2:586::1
{%- for i in range(2, 30) %}
server{{ i }}: fd23:42:c3d2:586::1{{ i }}
{%- endfor %}
server1: fd23:42:c3d2:586::130
c3d2:
c3d2-anon: fd23:42:c3d2:523::c3d2:1
c3d2-gw1: fd23:42:c3d2:523::c3d2:2
c3d2-gw2: fd23:42:c3d2:523::c3d2:3
c3d2-gw3: fd23:42:c3d2:523::c3d2:4
bgp: fd23:42:c3d2:523::c3d2:ff0b
up4:
core:
anon1: 2a00:8180:2c00:281::9:1
serv-gw: 2a00:8180:2c00:281::8:1
c3d2-gw1: 2a00:8180:2c00:281::c3d2:1
c3d2-gw2: 2a00:8180:2c00:281::c3d2:2
c3d2-gw3: 2a00:8180:2c00:281::c3d2:3
c3d2-anon: 2a00:8180:2c00:281::c3d2:a
bgp: 2a00:8180:2c00:281::c3d2:b
mgmt-gw: 2a00:8180:2c00:281::8:3
upstream1: 2a00:8180:2c00:281::b:0
cls-gw: 2a00:8180:2c00:281::8:4
upstream4: 2a00:8180:2c00:281::b:1
priv1-gw: 2a00:8180:2c00:281::c:0
priv2-gw: 2a00:8180:2c00:281::c:1
priv3-gw: 2a00:8180:2c00:281::c:2
priv4-gw: 2a00:8180:2c00:281::c:3
priv5-gw: 2a00:8180:2c00:281::c:4
priv6-gw: 2a00:8180:2c00:281::c:5
priv7-gw: 2a00:8180:2c00:281::c:6
priv8-gw: 2a00:8180:2c00:281::c:7
priv9-gw: 2a00:8180:2c00:281::c:8
priv10-gw: 2a00:8180:2c00:281::c:9
priv11-gw: 2a00:8180:2c00:281::c:a
priv12-gw: 2a00:8180:2c00:281::c:b
priv13-gw: 2a00:8180:2c00:281::c:c
priv14-gw: 2a00:8180:2c00:281::c:d
priv15-gw: 2a00:8180:2c00:281::c:e
priv16-gw: 2a00:8180:2c00:281::c:f
priv17-gw: 2a00:8180:2c00:281::c:10
priv18-gw: 2a00:8180:2c00:281::c:11
priv19-gw: 2a00:8180:2c00:281::c:12
priv20-gw: 2a00:8180:2c00:281::c:13
priv21-gw: 2a00:8180:2c00:281::c:14
priv22-gw: 2a00:8180:2c00:281::c:15
priv23-gw: 2a00:8180:2c00:281::c:16
priv24-gw: 2a00:8180:2c00:281::c:17
priv25-gw: 2a00:8180:2c00:281::c:18
priv26-gw: 2a00:8180:2c00:281::c:19
priv27-gw: 2a00:8180:2c00:281::c:1a
priv28-gw: 2a00:8180:2c00:281::c:1b
priv29-gw: 2a00:8180:2c00:281::c:1c
priv30-gw: 2a00:8180:2c00:281::c:1d
priv31-gw: 2a00:8180:2c00:281::c:1e
priv32-gw: 2a00:8180:2c00:281::c:1f
priv33-gw: 2a00:8180:2c00:281::c:20
priv34-gw: 2a00:8180:2c00:281::c:21
priv35-gw: 2a00:8180:2c00:281::c:22
priv36-gw: 2a00:8180:2c00:281::c:23
priv37-gw: 2a00:8180:2c00:281::c:24
priv38-gw: 2a00:8180:2c00:281::c:25
priv39-gw: 2a00:8180:2c00:281::c:26
priv40-gw: 2a00:8180:2c00:281::c:27
priv41-gw: 2a00:8180:2c00:281::c:28
priv42-gw: 2a00:8180:2c00:281::c:29
freifunk: 2a00:8180:2c00:281:8000::1
yggdrasil: 2a00:8180:2c00:281:9000::1
serv:
serv-gw: 2a00:8180:2c00:282::1
dns: 2a00:8180:2c00:282:2:0:0:2
stats: 2a00:8180:2c00:282:2:0:0:3
radius: 2a00:8180:2c00:282:2:0:0:4
zeit: 2a00:8180:2c00:282:2:0:0:5
netboot: 2a00:8180:2c00:282:2:0:0:6
dnscache: 2a00:8180:2c00:282:f096:dbff:fee8:427d
minetest: 2a00:8180:2c00:282:c3a:42ff:fe5d:b20c
hydra: 2a00:8180:2c00:282:e03c:d7ff:fe8e:fe16
logging: 2a00:8180:2c00:282:6811:edff:fe40:89c6
mongo: 2a00:8180:2c00:282:14ec:c8ff:fe0a:fc5c
scrape: 2a00:8180:2c00:282:e073:50ff:fef5:eb6e
ticker: 2a00:8180:2c00:282:b407:40ff:fec1:81f2
grafana: 2a00:8180:2c00:282:4042:fbff:fe4b:2de8
public-access-proxy: 2a00:8180:2c00:282:1024:5fff:febd:9be7
radiobert: 2a00:8180:2c00:282:e65f:1ff:fe5d:1679
spaceapi: 2a00:8180:2c00:282:1457:adff:fe93:62e9
c3d2-web: 2a00:8180:2c00:282:642e:95ff:fe34:49f9
mail: 2a00:8180:2c00:282:88c0:41ff:fe70:d6cd
keycloak: 2a00:8180:2c00:282:c48:bbff:fe87:721d
hydra: 2a00:8180:2c00:282:e03c:d7ff:fe8e:fe16
grafana: 2a00:8180:2c00:282:4042:fbff:fe4b:2de8
mobilizon: 2a00:8180:2c00:282:48d1:5cff:fea7:1676
bind: 2a00:8180:2c00:282:cd7:56ff:fe69:6366
jabber: 2a00:8180:2c00:282:b869:ccff:fe46:902a
cluster:
cls-gw: 2a00:8180:2c00:284::1
{%- for i in range(2, 31) %}
server{{ i }}: 2a00:8180:2c00:284::1{{ i }}
{%- endfor %}
server1: 2a00:8180:2c00:284::130
c3d2:
c3d2-anon: 2a00:8180:2c00:223::c3d2:1
c3d2-gw1: 2a00:8180:2c00:223::c3d2:2
c3d2-gw2: 2a00:8180:2c00:223::c3d2:3
c3d2-gw3: 2a00:8180:2c00:223::c3d2:4
bgp: 2a00:8180:2c00:223::c3d2:ff0b
priv1:
priv1-gw: 2a00:8180:2c00:2c0::1
priv2:
priv2-gw: 2a00:8180:2c00:2c1::1
priv3:
priv3-gw: 2a00:8180:2c00:2c2::1
priv4:
priv4-gw: 2a00:8180:2c00:2c3::1
priv5:
priv5-gw: 2a00:8180:2c00:2c4::1
priv6:
priv6-gw: 2a00:8180:2c00:2c5::1
priv7:
priv7-gw: 2a00:8180:2c00:2c6::1
priv8:
priv8-gw: 2a00:8180:2c00:2c7::1
priv9:
priv9-gw: 2a00:8180:2c00:2c8::1
priv10:
priv10-gw: 2a00:8180:2c00:2c9::1
priv11:
priv11-gw: 2a00:8180:2c00:2ca::1
priv12:
priv12-gw: 2a00:8180:2c00:2cb::1
priv13:
priv13-gw: 2a00:8180:2c00:2cc::1
priv14:
priv14-gw: 2a00:8180:2c00:2cd::1
priv15:
priv15-gw: 2a00:8180:2c00:2ce::1
priv16:
priv16-gw: 2a00:8180:2c00:2cf::1
priv17:
priv17-gw: 2a00:8180:2c00:2d0::1
priv18:
priv18-gw: 2a00:8180:2c00:2d1::1
priv19:
priv19-gw: 2a00:8180:2c00:2d2::1
priv20:
priv20-gw: 2a00:8180:2c00:2d3::1
priv21:
priv21-gw: 2a00:8180:2c00:2d4::1
priv22:
priv22-gw: 2a00:8180:2c00:2d5::1
priv23:
priv23-gw: 2a00:8180:2c00:2d6::1
priv24:
priv24-gw: 2a00:8180:2c00:2d7::1
priv25:
priv25-gw: 2a00:8180:2c00:2d8::1
priv26:
priv26-gw: 2a00:8180:2c00:2d9::1
priv27:
priv27-gw: 2a00:8180:2c00:2da::1
priv28:
priv28-gw: 2a00:8180:2c00:2db::1
priv29:
priv29-gw: 2a00:8180:2c00:2dc::1
priv30:
priv30-gw: 2a00:8180:2c00:2dd::1
priv31:
priv31-gw: 2a00:8180:2c00:2de::1
priv32:
priv32-gw: 2a00:8180:2c00:2df::1
priv33:
priv33-gw: 2a00:8180:2c00:2e0::1
priv34:
priv34-gw: 2a00:8180:2c00:2e1::1
priv35:
priv35-gw: 2a00:8180:2c00:2e2::1
priv36:
priv36-gw: 2a00:8180:2c00:2e3::1
priv37:
priv37-gw: 2a00:8180:2c00:2e4::1
priv38:
priv38-gw: 2a00:8180:2c00:2e5::1
priv39:
priv39-gw: 2a00:8180:2c00:2e5::1
priv40:
priv40-gw: 2a00:8180:2c00:2e6::1
priv41:
priv41-gw: 2a00:8180:2c00:2e7::1
priv42:
priv42-gw: 2a00:8180:2c00:2e8::1

View File

@ -1,28 +0,0 @@
#!yaml|gpg
ssh:
pubkey: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf6Ai5xCphC4WL0clcpgZCr9ymrQ9KAcg/yjszWmc1xy7K4
hHHwcS0Ah5SPqbafdbfhBZiZL5Nqm86xdvi5jJ95dq9CMc+HnGL4R0/b3/y45tDO
Nv8NvLz7HXzit9sDy/YyjkOFf+cX9YQiHrs0vkhA7Lkm8mAQro7ta6sVxuj2AhRe
zTZbk9/dyP3B2EBqe7rDdMbLVWtEXoPu1wGg5qejjw6hfDoT0HYAwLIvuLlUFV9A
S0FGHgYKhplFufsDhh3Hb6EjAj6IWgtARrWxqnBDf6895yZQDvrFx5N8abUH7YJC
bj+hxbumDNdRijoWZ74+iIjPYVeFFm1K+/Ch6+tp5NLpAaoTrw3NPHIhX0u3fD6i
OW9OVb9JChEN3+T2zAS5OSz9YvJs+MbnSTLZhaB5leDw5osRqN8vXmlWyVF85LBg
ONpA9EjIK8YzouB/ujh2zUqn4f7oqFtTDt0dDk6aHFk3cgeck7u9ADKlS2QBayph
zNZ3iFf/av//b6nOHllun3LhRCesFLo9/9w1aryH1INYg10X+fl4Pt3G0B8Js2sC
FzZyhkkWBsXkoNvWeqvXObzpMTRMDRqO4FoOc3nN414/JKMnxdFCIyzEC0gkQoCX
uey9PPlnwj/eHRB1Qbth+VLhsBV7IIF/0O+BJU9TFn1L9x06DRugiZTxB/DEdunQ
3BrTG0XHm4TqRsCvu7WX37bddMV79+pJbzD87gupV0ETomT4w81btUoFr1VhD4GZ
wtjDtj2IdLsBMC5GvnRZge7BIW66UD4aCoWQaNGE3bCsipaWapCHKrXJxKmEmJXj
tQjbnLcwRs8TkJAekz5y59wHIhcSlPjOa6o4dkWe9CtkGnEAxfVZAvlRTHnlzBUW
nOQHXAuXCwgWSRKkiN3GRs98T5WbekeCqTLtk4XhXBdPN79eDouYXJDBvGTdATLK
TS9/CqeM5njU1Xo4TVgojkKIwC4B8+wWgEDxhgWut9as45ciHeV1G9RCcPQh7XC+
j2YPcdf7Wvmu05BHLuSoolmVPFExDKghS6eYBXZ0/DW8L9dtjnxy3KZR0ww8/IW7
7aLo2tIap4PscHnw3XBpxubhTnOnp8ylww++HXRXxLnTUeVjJwei4YXTug5JCvm4
B8Rd5F1bhyFLkUBNDnQJYgdYje4qxi0fJvHYhGU6/ushDWSxXBWiznFYhR8y9Tej
VG5m5ZAtG4fCEkvDQAUBnDdvTEUIPMQ=
=CQpr
-----END PGP MESSAGE-----

View File

@ -1,628 +0,0 @@
containers:
pub-gw:
interfaces:
core:
type: veth
# gw: anon1
# gw6: anon1
hwaddr: 0A:14:48:01:16:00
pub:
type: veth
hwaddr: 0A:14:48:01:16:01
serv-gw:
interfaces:
core:
type: veth
# gw: upstream1
# gw6: upstream1
hwaddr: 0A:14:48:01:06:01
serv:
type: veth
hwaddr: 0A:14:48:01:06:00
cls-gw:
interfaces:
core:
type: veth
# gw: upstream1
# gw6: upstream1
hwaddr: 0A:14:48:01:06:03
cluster:
type: phys
hwaddr: 0A:14:48:01:06:02
priv1-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:19:00
priv1:
type: phys
hwaddr: 0A:14:48:01:19:01
priv2-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:18:00
priv2:
type: phys
hwaddr: 0A:14:48:01:18:01
priv3-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:08:00
priv3:
type: phys
hwaddr: 0A:14:48:01:08:01
priv4-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:17:01
priv4:
type: phys
hwaddr: 0A:14:48:01:17:00
priv5-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:12:00
priv5:
type: phys
hwaddr: 0A:14:48:01:12:01
priv6-gw:
interfaces:
core:
type: veth
# gw: anon1
# gw6: upstream2
hwaddr: 0A:14:48:01:11:00
priv6:
type: phys
hwaddr: 0A:14:48:01:11:01
priv7-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:10:00
priv7:
type: phys
hwaddr: 0A:14:48:01:10:01
priv8-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:09:00
priv8:
type: phys
hwaddr: 0A:14:48:01:09:01
priv9-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:20:00
priv9:
type: phys
hwaddr: 0A:14:48:01:20:01
priv10-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:13:02
priv10:
type: phys
hwaddr: 0A:14:48:01:13:03
priv11-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:29:00
priv11:
type: phys
hwaddr: 0A:14:48:01:29:01
priv12-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:00
priv12:
type: phys
hwaddr: 0A:14:48:01:2A:01
priv13-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:10
priv13:
type: phys
hwaddr: 0A:14:48:01:2A:11
priv14-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:12
priv14:
type: phys
hwaddr: 0A:14:48:01:2A:13
priv15-gw:
interfaces:
core:
type: veth
# gw: anon1
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:14
priv15:
type: phys
hwaddr: 0A:14:48:01:2A:15
priv16-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:16
priv16:
type: phys
hwaddr: 0A:14:48:01:2A:17
priv17-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:18
priv17:
type: phys
hwaddr: 0A:14:48:01:2A:19
priv17-gw-up3:
interfaces:
core:
type: veth
hwaddr: 0A:14:47:02:2A:18
priv17:
type: phys
hwaddr: 0A:14:47:02:2A:19
priv18-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:1A
priv18:
type: phys
hwaddr: 0A:14:48:01:2A:1B
priv19-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:1C
priv19:
type: phys
hwaddr: 0A:14:48:01:2A:1D
priv20-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:1E
priv20:
type: phys
hwaddr: 0A:14:48:01:2A:1F
priv21-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:20
priv21:
type: phys
hwaddr: 0A:14:48:01:2A:21
priv22-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:24
priv22:
type: phys
hwaddr: 0A:14:48:01:2A:25
priv23-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:22
priv23:
type: phys
hwaddr: 0A:14:48:01:2A:23
priv24-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:26
priv24:
type: phys
hwaddr: 0A:14:48:01:2A:27
priv25-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:28
priv25:
type: phys
hwaddr: 0A:14:48:01:2A:29
priv26-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:2A
priv26:
type: phys
hwaddr: 0A:14:48:01:2A:2B
priv27-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:2C
priv27:
type: phys
hwaddr: 0A:14:48:01:2A:2D
priv28-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:2E
priv28:
type: phys
hwaddr: 0A:14:48:01:2A:2F
priv29-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:30
priv29:
type: phys
hwaddr: 0A:14:48:01:2A:31
priv30-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:32
priv30:
type: phys
hwaddr: 0A:14:48:01:2A:33
priv31-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:34
priv31:
type: phys
hwaddr: 0A:14:48:01:2A:35
priv32-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:36
priv32:
type: phys
hwaddr: 0A:14:48:01:2A:37
priv33-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:38
priv33:
type: phys
hwaddr: 0A:14:48:01:2A:39
priv34-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:40
priv34:
type: phys
hwaddr: 0A:14:48:01:2A:41
priv35-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:42
priv35:
type: phys
hwaddr: 0A:14:48:01:2A:43
priv36-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:44
priv36:
type: phys
hwaddr: 0A:14:48:01:2A:45
priv37-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:46
priv37:
type: phys
hwaddr: 0A:14:48:01:2A:47
priv38-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:48
priv38:
type: phys
hwaddr: 0A:14:48:01:2A:49
priv39-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:4A
priv39:
type: phys
hwaddr: 0A:14:48:01:2A:4B
priv40-gw:
interfaces:
core:
type: veth
# gw: upstream2
# gw6: upstream2
hwaddr: 0A:14:48:01:2A:4C
priv40:
type: phys
hwaddr: 0A:14:48:01:2A:4D
priv41-gw:
interfaces:
core:
type: veth
hwaddr: 0A:14:48:01:2A:4E
priv41:
type: phys
hwaddr: 0A:14:48:01:2A:4F
priv42-gw:
interfaces:
core:
type: veth
hwaddr: 0A:14:48:01:2A:50
priv42:
type: phys
hwaddr: 0A:14:48:01:2A:51
upstream1:
interfaces:
core:
type: veth
hwaddr: 0A:14:48:01:26:00
up1:
type: phys
# Change (eg. auto-generation) requires reboot of the cable
# modem that is bridge mode
hwaddr: 00:23:74:D7:2D:7C
upstream2:
interfaces:
core:
type: veth
hwaddr: 0A:14:48:01:27:00
up2:
type: phys
# Change (eg. auto-generation) requires reboot of the cable
# modem that is bridge mode
hwaddr: 00:23:74:D7:42:7C
upstream3:
interfaces:
core:
type: veth
hwaddr: 0A:14:48:01:28:00
up3:
type: phys
hwaddr: 00:23:74:D7:42:7D
upstream4:
interfaces:
core:
type: veth
hwaddr: 0A:14:48:01:28:01
up4:
type: phys
hwaddr: 00:23:74:D7:42:7E
anon1:
interfaces:
core:
type: veth
hwaddr: 0A:14:48:01:14:00
c3d2-gw1:
interfaces:
core:
type: veth
hwaddr: 0A:14:48:01:21:00
c3d2:
type: veth
hwaddr: 0A:14:48:01:21:01
c3d2-gw2:
interfaces:
core:
type: veth
hwaddr: 0A:14:48:01:21:02
c3d2:
type: veth
hwaddr: 0A:14:48:01:21:03
c3d2-gw3:
interfaces:
core:
type: veth
hwaddr: 0A:14:48:01:21:04
c3d2:
type: veth
hwaddr: 0A:14:48:01:21:05
c3d2-anon:
interfaces:
core:
type: veth
hwaddr: 0A:14:48:01:07:04
c3d2:
type: veth
hwaddr: 0A:14:48:01:07:05
bgp:
interfaces:
core:
type: veth
# gw: upstream1
# gw6: upstream1
hwaddr: 0A:14:48:01:22:00
c3d2:
type: veth
hwaddr: 0A:14:48:01:22:01
dns:
interfaces:
serv:
type: veth
gw: serv-gw
gw6: serv-gw
hwaddr: 0A:14:48:01:23:00
stats:
interfaces:
serv:
type: veth
gw: serv-gw
gw6: serv-gw
hwaddr: 0A:14:48:01:15:00
netboot:
interfaces:
serv:
type: veth
gw: serv-gw
gw6: serv-gw
hwaddr: 0A:14:48:01:15:01
mgmt-gw:
interfaces:
core:
type: veth
# gw: upstream1
# gw6: upstream1
hwaddr: 0A:14:48:01:24:01
mgmt:
type: veth
hwaddr: 0A:14:48:01:24:00

View File

@ -1,147 +0,0 @@
subnets-inet:
core: 172.20.72.0/25
serv: 172.20.73.0/26
pub: 172.20.78.0/23
priv19: 172.20.73.192/26
priv1: 172.20.74.0/28
priv33: 172.20.74.16/28
priv9: 172.20.74.32/28
priv18: 172.20.74.48/28
priv5: 172.20.74.64/28
priv25: 172.20.74.80/28
priv10: 172.20.74.96/28
priv20: 172.20.74.112/28
priv3: 172.20.74.128/28
priv21: 172.20.74.144/28
priv11: 172.20.74.160/28
priv22: 172.20.74.176/28
priv6: 172.20.74.192/28
priv23: 172.20.73.160/27
priv12: 172.20.74.224/28
priv24: 172.20.74.240/28
priv2: 172.20.75.0/27
priv13: 172.20.75.32/28
priv26: 172.20.75.48/28
priv7: 172.20.75.64/28
priv27: 172.20.75.80/28
priv14: 172.20.75.96/28
priv28: 172.20.75.112/28
priv4: 172.20.75.128/28
priv29: 172.20.75.144/28
priv15: 172.20.75.160/28
priv30: 172.20.75.176/28
priv8: 172.20.75.192/28
priv31: 172.20.75.208/28
priv16: 172.20.75.224/28
priv32: 172.20.75.240/28
priv34: 172.20.74.208/28
priv35: 172.20.76.0/28
priv36: 172.20.76.64/28
priv37: 172.20.76.128/28
priv38: 172.20.76.192/28
priv39: 172.20.77.128/28
priv40: 172.20.77.64/28
priv41: 172.20.77.192/28
priv42: 172.20.76.32/28
c3d2: 172.22.99.0/24
mgmt: 10.0.0.0/24
priv17: 172.20.73.128/27
cluster: 172.20.77.0/27
subnets-inet6:
dn42:
mgmt: fd23:42:c3d2:580::/64
core: fd23:42:c3d2:581::/64
serv: fd23:42:c3d2:582::/64
pub: fd23:42:c3d2:583::/64
cluster: fd23:42:c3d2:586::/64
priv1: fd23:42:c3d2:5c0::/64
priv2: fd23:42:c3d2:5c1::/64
priv3: fd23:42:c3d2:5c2::/64
priv4: fd23:42:c3d2:5c3::/64
priv5: fd23:42:c3d2:5c4::/64
priv6: fd23:42:c3d2:5c5::/64
priv7: fd23:42:c3d2:5c6::/64
priv8: fd23:42:c3d2:5c7::/64
priv9: fd23:42:c3d2:5c8::/64
priv10: fd23:42:c3d2:5c9::/64
priv11: fd23:42:c3d2:5ca::/64
priv12: fd23:42:c3d2:5cb::/64
priv13: fd23:42:c3d2:5cc::/64
priv14: fd23:42:c3d2:5cd::/64
priv15: fd23:42:c3d2:5ce::/64
priv16: fd23:42:c3d2:5cf::/64
priv17: fd23:42:c3d2:5d0::/64
priv18: fd23:42:c3d2:5d1::/64
priv19: fd23:42:c3d2:5d2::/64
priv20: fd23:42:c3d2:5d3::/64
priv21: fd23:42:c3d2:5d4::/64
priv22: fd23:42:c3d2:5d5::/64
priv23: fd23:42:c3d2:5d6::/64
priv24: fd23:42:c3d2:5d7::/64
priv25: fd23:42:c3d2:5d8::/64
priv26: fd23:42:c3d2:5d9::/64
priv27: fd23:42:c3d2:5da::/64
priv28: fd23:42:c3d2:5db::/64
priv29: fd23:42:c3d2:5dc::/64
priv30: fd23:42:c3d2:5dd::/64
priv31: fd23:42:c3d2:5de::/64
priv32: fd23:42:c3d2:5df::/64
priv33: fd23:42:c3d2:5e0::/64
priv34: fd23:42:c3d2:5e1::/64
priv35: fd23:42:c3d2:5e2::/64
priv36: fd23:42:c3d2:5e3::/64
priv37: fd23:42:c3d2:5e4::/64
priv38: fd23:42:c3d2:5e5::/64
priv39: fd23:42:c3d2:5e6::/64
priv40: fd23:42:c3d2:5e7::/64
priv41: fd23:42:c3d2:5e8::/64
priv42: fd23:42:c3d2:5e9::/64
c3d2: fd23:42:c3d2:523::/64
up4:
c3d2: 2a00:8180:2c00:223::/64
core: 2a00:8180:2c00:281::/64
serv: 2a00:8180:2c00:282::/64
cluster: 2a00:8180:2c00:284::/64
priv1: 2a00:8180:2c00:2c0::/64
priv2: 2a00:8180:2c00:2c1::/64
priv3: 2a00:8180:2c00:2c2::/64
priv4: 2a00:8180:2c00:2c3::/64
priv5: 2a00:8180:2c00:2c4::/64
priv6: 2a00:8180:2c00:2c5::/64
priv7: 2a00:8180:2c00:2c6::/64
priv8: 2a00:8180:2c00:2c7::/64
priv9: 2a00:8180:2c00:2c8::/64
priv10: 2a00:8180:2c00:2c9::/64
priv11: 2a00:8180:2c00:2ca::/64
priv12: 2a00:8180:2c00:2cb::/64
priv13: 2a00:8180:2c00:2cc::/64
priv14: 2a00:8180:2c00:2cd::/64
priv15: 2a00:8180:2c00:2ce::/64
priv16: 2a00:8180:2c00:2cf::/64
priv17: 2a00:8180:2c00:2d0::/64
priv18: 2a00:8180:2c00:2d1::/64
priv19: 2a00:8180:2c00:2d2::/64
priv20: 2a00:8180:2c00:2d3::/64
priv21: 2a00:8180:2c00:2d4::/64
priv22: 2a00:8180:2c00:2d5::/64
priv23: 2a00:8180:2c00:2d6::/64
priv24: 2a00:8180:2c00:2d7::/64
priv25: 2a00:8180:2c00:2d8::/64
priv26: 2a00:8180:2c00:2d9::/64
priv27: 2a00:8180:2c00:2da::/64
priv28: 2a00:8180:2c00:2db::/64
priv29: 2a00:8180:2c00:2dc::/64
priv30: 2a00:8180:2c00:2dd::/64
priv31: 2a00:8180:2c00:2de::/64
priv32: 2a00:8180:2c00:2df::/64
priv33: 2a00:8180:2c00:2e0::/64
priv34: 2a00:8180:2c00:2e1::/64
priv35: 2a00:8180:2c00:2e2::/64
priv36: 2a00:8180:2c00:2e3::/64
priv37: 2a00:8180:2c00:2e4::/64
priv38: 2a00:8180:2c00:2e5::/64
priv39: 2a00:8180:2c00:2e6::/64
priv40: 2a00:8180:2c00:2e7::/64
priv41: 2a00:8180:2c00:2e8::/64
priv42: 2a00:8180:2c00:2e9::/64

View File

@ -1,572 +0,0 @@
#!yaml|gpg
switches:
switch-b1:
model: 'linksys-srw2048'
location: Haus B Souterrain
# Ports 1-24 oben
# Ports 25-48 unten
ports:
switch-b2:
mode: bond
group: 3
ports:
- g25
- g26
- g27
- g28
mgmt:
mode: access
ports:
- g1
iso1:
mode: access
ports:
- g2
iso2:
mode: access
ports:
- g3
iso3:
mode: access
ports:
- g4
ap8:
mode: trunk
ports:
- g16
ap23:
mode: trunk
ports:
- g10
switch-c1:
mode: bond
group: 2
ports:
- g29
- g30
- g31
- g32
switch-d1:
mode: trunk
ports:
- g34
server1:
mode: trunk
ports:
# - g46
# - g47
# - g48
- g24
server2:
mode: bond
group: 1
ports:
- g12
- g38
- g39
- g40
server5:
mode: bond
group: 6
ports:
- g17
- g18
- g19
- g20
server6:
mode: bond
group: 8
ports:
- g5
- g6
- g7
- g8
server7:
mode: bond
group: 7
ports:
- g9
- g11
- g14
- g15
server8:
mode: bond
group: 5
ports:
- g35
- g36
- g37
- g13
serv:
mode: access
ports:
# vps1
- g22
# c3d2-monit:
# mode: trunk
# ports:
# - g21
# - g45
c3d2:
mode: access
ports:
- g23
switch-c3d2-main:
mode: bond
group: 4
ports:
- g41
- g42
- g43
- g44
password: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf/c9ysLI/ePzYtqz7AyoKBZQKFau/pEpQDswA5hdJiRSgh
TQ73u7NVVYTGk/sZ2awAVLQ/KUM7JPMHMXK1+uPIQq0/+Xg/v5zJdaWwRUUIGtCz
Sg3BpV41a/NgxlJbh0bJw0CjlgTHF7qIhiQNoHx/DnYECab8bMr8i7NziWXZl1kf
6A5BqAu5siaaqngn5wYmMdstl48lejiDNgtZSeti/1FV9fk4D2w9zEMHZnTS2M+O
TzDk2lsAA4CEXeQBsBOSMsbHDy6yo4CzuNk61ALfH8a3Tn1sQjfSLo021xAvqj5U
nS9/L/57ffRILzz1hfURBV0N/VnDqi5enSZIvVU2WtJLAZEAghgXjE7rfjsN1ypG
mYUz1OQ9cLG8ttSL9+fhYc8rCW0jx8KD5HKPiNHnR1x0s2RbUnprQdlFgC4go8U7
DRE15mc7GkkYbvIl
=/BZc
-----END PGP MESSAGE-----
switch-b2:
model: '3com-4200G'
location: Haus B Souterrain
# Ports 1-24 oben
# Ports 25-48 unten
# Ports 49-52 unten seitlich (optisch)
# 10GE hinten
ports:
switch-b1:
mode: bond
group: 2
ports:
- TenGigabitEthernet 1/1/1
- GigabitEthernet 1/0/25
- GigabitEthernet 1/0/26
- GigabitEthernet 1/0/27
- GigabitEthernet 1/0/28
mgmt:
mode: access
ports:
- GigabitEthernet1/0/1
- GigabitEthernet1/0/41 # server3
- GigabitEthernet1/0/42 # server1
- GigabitEthernet1/0/43 # unused
- GigabitEthernet1/0/44 # server5
- GigabitEthernet1/0/45 # server6
- GigabitEthernet1/0/46 # server7
- GigabitEthernet1/0/47 # server8
- GigabitEthernet1/0/48 # server9
priv1:
mode: access
ports:
- GigabitEthernet 1/0/3
priv2:
mode: access
ports:
- GigabitEthernet 1/0/4
priv3:
mode: access
ports:
- GigabitEthernet 1/0/5
ap42:
mode: trunk
ports:
- GigabitEthernet 1/0/6
ap5:
mode: trunk
ports:
- GigabitEthernet 1/0/7
ap1:
mode: trunk
ports:
- GigabitEthernet 1/0/8
ap11:
mode: trunk
ports:
- GigabitEthernet 1/0/10
ap15:
mode: trunk
ports:
- GigabitEthernet 1/0/12
ap53:
mode: trunk
ports:
- GigabitEthernet 1/0/15
pub:
mode: access
ports:
- GigabitEthernet 1/0/11
- GigabitEthernet 1/0/20
- GigabitEthernet 1/0/24
ap18:
mode: trunk
ports:
- GigabitEthernet 1/0/18
ap51:
mode: trunk
ports:
- GigabitEthernet 1/0/13
server3:
mode: bond
group: 1
ports:
- GigabitEthernet1/0/30
- GigabitEthernet1/0/31
server9:
mode: bond
group: 3
ports:
- GigabitEthernet1/0/2
- GigabitEthernet1/0/29
- GigabitEthernet1/0/32
ap24:
mode: trunk
ports:
- GigabitEthernet 1/0/34
ap25:
mode: trunk
ports:
- GigabitEthernet 1/0/35
ap29:
mode: trunk
ports:
- GigabitEthernet 1/0/36
ap30:
mode: trunk
ports:
- GigabitEthernet 1/0/22
ap35:
mode: trunk
ports:
- GigabitEthernet 1/0/23
priv19:
mode: access
ports:
- GigabitEthernet 1/0/40
ap37:
mode: trunk
ports:
- GigabitEthernet 1/0/39
ap39:
mode: trunk
ports:
- GigabitEthernet 1/0/17
ap40:
mode: trunk
ports:
- GigabitEthernet 1/0/21
priv24:
mode: access
ports:
- GigabitEthernet 1/0/14
- GigabitEthernet 1/0/16
ap41:
mode: trunk
ports:
- GigabitEthernet 1/0/37
ap55:
mode: trunk
ports:
- GigabitEthernet 1/0/19
ap56:
mode: trunk
ports:
- GigabitEthernet 1/0/9
ap54:
mode: trunk
ports:
- GigabitEthernet 1/0/38
password: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf+N6p+ZuZsx1AF7CI2TKsxxEU1EyM1DIqtk7d5DoidTIZ4
zYnL9X72VSQiNRtkk955wU5sStanDjQMxBUcEO/bEQq6Cjy7tgWZZXEfCedM3Xzq
MEs861JCHdpBfL/zehHZxjmGe+St0xRGn4yBZcP/835Sl6t6q4znPFabcgDmIItX
ZsjaQfKd0La8GclHI1Pib7UuI6fvD70GkcQHoKoM1cOw8HQRpY953RnTNDKUk7is
ZjvhHkPUU2smLxJhCCwAiARq7TZceI0orfCkjQ87sRXavO82dn2Vq3mD9iVwnYY+
mVuYBhqguwq0HoOomHKf/JbQc7Gz8E+SBHWvjCUvVtJLARwt3KUvZGY28oKm7pcs
ITJJEiVPfnS2CtIm7T0nCm4LMiE20GWhhJIh8gIQuORlUvtMX0R29v3cVcNYCbIh
+2WKG1F/gum7at/q
=On3v
-----END PGP MESSAGE-----
switch-c1:
model: 'HP-procurve-2824'
location: Turm C Keller, bei Kabelanschluessen
# Ports 1-19 ungerade oben
# Ports 2-20 gerade unten
# (15, 16 gehen aktuell nach Haus A)
# Ports 21-24 unten seitlich (optional optisch)
# Port 7 geht aktuell nach Turm C Erdgeschoss und dadurch zur Ecce
ports:
switch-b1:
mode: bond
group: 2
ports: 21-24
up1:
mode: access
ports: '1'
nostp: true
up2:
mode: access
ports: '2'
nostp: true
# up3:
# mode: access
# ports: '3'
# nostp: true
up4:
mode: access
ports: '4'
nostp: true
# "Antenne"
switch-dach:
mode: trunk
ports: '6'
iso1:
mode: access
ports: '9'
iso2:
mode: access
ports: '10'
iso3:
mode: access
ports: '11'
iso4:
mode: access
ports: '12'
iso5:
mode: access
ports: '13'
iso6:
mode: access
ports: '14'
# Saal A: durch dummen PoE-Switch mit Aggregation an ap44-50 + switch-a1
switch-a1:
mode: bond
group: 1
ports: 15-16
lacp: no
ap19:
mode: trunk
ports: 17
ap26:
mode: trunk
ports: 18
ap17:
mode: trunk
ports: 19
ap38:
mode: trunk
ports: 7
password: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQgAhPMG6VKUFLVNZmVfZ6P21CrXRmUeExuxIg4QIrYtKfYe
cxWst/IuHnDyL2TP8yGb00sjz7o0psZ9Z+zRCi/ONONyNzee103ymjXxk0Ygekid
1IGVeSTqskrgOl53mFZEfP4nBcOqzcNFjMkm0c5B2OmHHHOokOJ5Xzsya120SGXk
JnYFVsRD6GFwuF88pgQ5VrGd5/drMaIrNkJ69dyfvYdHRTd0UgtiZFOMesRYFFP7
+QdSW1MFoVZnjZgLeoNF/efIhHnTdClROCMZBYU5Z3pQcHAfE4GN3w+MceP/+5EY
z3wuSNpsuYNr8NnEDvofTJGdOLuclE6JPFvJMg1QptJKASfn3ZlOrL4ohbPGaDQ6
z1P+6DJXliXS7dBdxH0bsB2qRZslmcj286D9bPgTsuvCzOaxcTtkM8y76gVVOVBI
TN+j1/OdlXyVmTM=
=XUUi
-----END PGP MESSAGE-----
# Unused: 3
switch-d1:
model: 'TL-SG3210'
location: Turm D Elektroraum
ports:
switch-b1:
mode: bond
ports: 1
group: 1
ap9:
mode: trunk
ports: 5
ap10:
mode: trunk
ports: 4
ap7:
mode: trunk
# Turm D, 5. Etage
ports: 8
ap22:
mode: trunk
ports: 2
ap12:
mode: trunk
ports: 7
ap3:
mode: trunk
ports: 3
password: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQgAkS9jHdnqPPary/yduPsA3Ya1rrERxfZxJnvicexUKl7b
eJlLe8e1BQE3BTaqkvLcBrGztBBvrgnv+kzmSTCd5jbL2/fFOdhedBsNjWpYtA7A
o6PPfYHka/Km4J/MihzVac9XUbBFhN0ETGYbGi0upPHHEKht3bUNzqkzvHxhQ8lJ
D7dDPs3vJXx3Ey8taZawdLJ9IcthvSojt8Un5A/SpdroW2CF4u0Gubuz+9D5i0T5
vXDqDQqEewu7pofxZ8TR4PY9PNHT9kmHyI2sIq1AkqP0Mn8wKP7dJVrUS3Z+xBUt
/f0B+8a0EJDuQBB2p7yRlBcg5d58TGB59pptmLpQ39JDAbZxHQymPKy3R14k1wKa
fYvaMBkaGtcu/foCb1r3xfAZOJSF5MT754wjvxB1bl/iizqJQm+WN3YAkja/Gwh+
J31/Ng==
=e45t
-----END PGP MESSAGE-----
switch-c3d2-main:
model: 'HP-procurve-2824'
location: C3D2
# Ports 1-19 ungerade oben
# Ports 2-20 gerade unten
# (15, 16 gehen aktuell nach Haus A)
# Ports 21-24 unten seitlich (optional optisch)
# Unused Port 7 geht aktuell nach Turm C Erdgeschoss
ports:
mgmt:
mode: access
ports: 1
switch-b1:
mode: bond
group: 1
ports: 21-24
ap2:
mode: trunk
ports: 3
ap31:
mode: trunk
ports: 2
# For testing a new ap
ap-test1:
mode: trunk
ports: 4
# For testing a new ap
ap-test2:
mode: trunk
ports: 5
iso4:
mode: access
ports: 6
# Freifunk Mesh-on-LAN
bmx:
mode: access
ports: 7
c3d2:
mode: access
ports: '8-20'
password: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf+P65UkLF8x+pDNEoeSISflL8QTPih/D8lP5CK5gYTaL6x
0SoVanRYdXERiXdZ1FXw/zorg76Ofpa35k+88wRK7XxGDkP62TC26Qeu8ZbCX4kR
t+IQSlKk74YTCC15vBFF+pAa5PFCWPBiWcl5yKTxCNy7e/wHSVtusia6WcmvwJJy
M4cY8uPiKEtwLqwZ6hJIjNbjU8yFRI3EQ1irTcd/6WBErIoaaeQT5GpUvPQ6xa6R
lfw0OVmKK31Kmwgs+Wty/hiBlASMGdUQZDHVwsoLyFIpWejH+lfY4RMkdqz8BP2a
CFxQMWipc4lXMw1n4oXpkr5DPAYB0d2vDPL2sKV5KNJJAe9RC4rLlk+9uYqE4PyK
RswLCZhHuKqFa07ufkRpbFGyywAa70UXtbvPkbJb6G1mJ75ozXTS11JqhAdnHCBC
2i+VD94/nzLdvg==
=1SbG
-----END PGP MESSAGE-----
# switch-a1-poe:
# password: |
# ----BEGIN PGP MESSAGE-----
# hQEMA2PKcvDMvlKLAQf/ZSCPgN2uBCz3eZgIhOlTsAIxOHugCrROoXzmnV+XiD8j
# BP3T/KWCooFhdiWx9STyVJWk/tKz3UoVm+PmfYVeM7N3/FCXvN9N8eM1LNat/KVF
# frAu9raBhvH12DOBvSa5ouC9dbM/ggh/joJBUhIppGZk0aBGTjYcdxnQPGZmkwej
# ysnrKedMuIXGh+NWGusTe2Pgs81Ei5w/rnRp4jJZd4YD5hIVnO2KqPT50mlmc4Hi
# 6eg65oqFrzG5bJb1NYObt3D66nHpKZPoOXiw2Gg87twFvRsV7x+dyXuNvsOr3nIb
# Keeib9sXus67+zNwGJ5MmnZz5kM+iLE3AcTAQ67andJEAQAvyoDfxMMlMqhx/QNU
# VlTLZwdATmZ/JdCSoN+ti1+XG+7Lo7faOpUW/CxYD5iiSHsrA1/TvhZkVDB+Oqmx
# NJUMaDQ=
# =kig9
# -----END PGP MESSAGE-----
switch-a1:
model: 'TL-SG3210'
location: Saal A
ports:
# ZW stage
priv25:
mode: access
ports:
- 2
- 3
- 4
- 5
pub:
mode: access
ports:
- 8
# ZW office
priv31:
mode: access
ports:
- 6
switch-c1:
# Eigentlich gehen diese Ports durch das dumme PoE-Switch mit
# statisch konfigurierter Aggregation
mode: trunk
ports: 7
iso4:
mode: access
ports:
- 1
password: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQgAkS9jHdnqPPary/yduPsA3Ya1rrERxfZxJnvicexUKl7b
eJlLe8e1BQE3BTaqkvLcBrGztBBvrgnv+kzmSTCd5jbL2/fFOdhedBsNjWpYtA7A
o6PPfYHka/Km4J/MihzVac9XUbBFhN0ETGYbGi0upPHHEKht3bUNzqkzvHxhQ8lJ
D7dDPs3vJXx3Ey8taZawdLJ9IcthvSojt8Un5A/SpdroW2CF4u0Gubuz+9D5i0T5
vXDqDQqEewu7pofxZ8TR4PY9PNHT9kmHyI2sIq1AkqP0Mn8wKP7dJVrUS3Z+xBUt
/f0B+8a0EJDuQBB2p7yRlBcg5d58TGB59pptmLpQ39JDAbZxHQymPKy3R14k1wKa
fYvaMBkaGtcu/foCb1r3xfAZOJSF5MT754wjvxB1bl/iizqJQm+WN3YAkja/Gwh+
J31/Ng==
=e45t
-----END PGP MESSAGE-----
switch-dach:
model: 'HP-procurve-2824'
location: Dach
ports:
mgmt:
mode: access
ports: '1'
switch-c1:
mode: trunk
ports: '24'
# Starlink
up3:
mode: access
ports: '3'
nostp: true
# Freifunk Mesh-on-LAN
bmx:
mode: access
ports: '10-19'
serv:
mode: access
ports: '6-9'
password: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQgAkS9jHdnqPPary/yduPsA3Ya1rrERxfZxJnvicexUKl7b
eJlLe8e1BQE3BTaqkvLcBrGztBBvrgnv+kzmSTCd5jbL2/fFOdhedBsNjWpYtA7A
o6PPfYHka/Km4J/MihzVac9XUbBFhN0ETGYbGi0upPHHEKht3bUNzqkzvHxhQ8lJ
D7dDPs3vJXx3Ey8taZawdLJ9IcthvSojt8Un5A/SpdroW2CF4u0Gubuz+9D5i0T5
vXDqDQqEewu7pofxZ8TR4PY9PNHT9kmHyI2sIq1AkqP0Mn8wKP7dJVrUS3Z+xBUt
/f0B+8a0EJDuQBB2p7yRlBcg5d58TGB59pptmLpQ39JDAbZxHQymPKy3R14k1wKa
fYvaMBkaGtcu/foCb1r3xfAZOJSF5MT754wjvxB1bl/iizqJQm+WN3YAkja/Gwh+
J31/Ng==
=e45t
-----END PGP MESSAGE-----

View File

@ -1,62 +0,0 @@
base:
'*':
- hosts
- subnets
- vlans
'server1':
- lxc-containers.server1
- bird.ospf
- switches
- cpe.aps
- collectd.server1
- keys
'server2':
- lxc-containers.server1
- bird.ospf
- switches
- cpe.aps
- collectd.server1
- keys
'priv*-gw':
- dhcp
- bird.radv
- bird.ospf
- collectd.gw
'pub-gw or serv-gw':
- dhcp
- bird.radv
- bird.ospf
'pub-gw':
- collectd.gw
'c3d2-gw* or c3d2-anon or mgmt-gw or cls-gw':
- bird.ospf
'c3d2-gw1 or cls-gw':
- bird.radv
'bgp':
- bird.ospf
- bird.bgp
'upstream*':
- bird.ospf
- collectd.upstream
# for forward-zones in unbound
- bind.dns
'upstream1':
- upstream.upstream1
- bind.dyndns.upstream1
'upstream2':
- upstream.upstream2
- bind.dyndns.upstream2
'anon*':
- bird.ospf
- wireguard.anon1
- upstream.anon1
- collectd.upstream
- bind.dyndns.anon1
- bind.dns
'dns':
- bind.dns
- bind.dyndns.upstream1
- bind.dyndns.upstream2
- bind.dyndns.anon1
'stats':
- collectd.stats-server

View File

@ -1,5 +0,0 @@
upstream:
interface: protonvpn
nat66-interface: protonvpn
up-bandwidth: 45000
flows: 4096

View File

@ -1,46 +0,0 @@
upstream:
interface: up1
nat66-interface: 6to4
up-bandwidth: 52500
flows: 2048
port-forwarding:
- proto: tcp
port: 80
to: 172.20.73.45:80
- proto: tcp
port: 443
to: 172.20.73.45:443
- proto: udp
port: 2325
to: 172.22.99.253
- proto: udp
port: 2399
to: 172.22.99.253
- proto: udp
port: 2327
to: 172.22.99.253
- proto: udp
port: 2338
to: 172.22.99.253
- proto: udp
port: 2339
to: 172.22.99.253
- proto: udp
port: 40533
to: 172.22.99.253
- proto: udp
port: 61699
to: 172.22.99.253
- proto: tcp
port: 2222
to: 172.20.74.210:22
- proto: tcp
port: 8443
to: 172.20.74.210:443
- proto: tcp
port: 2223
to: 172.20.73.47:22
- proto: udp
port: 30000
to: 172.20.73.48:30000

View File

@ -1,41 +0,0 @@
#!yaml|gpg
upstream:
interface: up2
nat66-interface: up2
up-bandwidth: 52500
flows: 2048
port-forwarding:
- proto: udp
port: 1194
to: 172.20.75.9:1194
- proto: tcp
port: 2222
to: 172.20.74.210:22
- proto: tcp
port: 8443
to: 172.20.74.210:443
ipv6-tunnel:
endpoint: 216.66.80.30
address: 2001:470:1f0a:12b2::2/64
gateway: 2001:470:1f0a:12b2::1
tunnelbroker:
tunnel_id: '407181'
username: 'C3D2HQ'
key: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf+MPl9B7V1GfG+ps+cILxxnGA8nx9KN69Zj03T5KVYMWw7
6nMfXyhC6ZV3BTVUPqY290SaMP0wa4YjpewypfILoJLQDGV7SQaR8eVVCXQYusXK
M+L1jWr8f+GOCH5BYsX4WS0PhJ0EplSDlbsvT2NiLc7SFGsrLwpfL4jLJJ3ICSif
BbKZy7aovpAXmaeTFaYR7wsclXk7hM94U0uaF9HJK0e9WDFuHuz7dbAXLVFIHFIx
UdrjoA8GfRoCqMLXe9Uce+MPvkJX3m0oAtc68Znw/4ndMm6FIyuUhA/jh+gt4/2B
BXCch68PGnKNiFmRDW+h17ZiAFeobyb960wJBammLNJLAS+adCeoDgJCxXTzZ5Rh
IFEdKAewlFa1RXWn0HhGu7FYoeM+EbuH/ZYW9TOIWYRb3Ol36MPDoRuPEWU/bETG
UQEvc22wrpxOfjIA
=UbJD
-----END PGP MESSAGE-----

View File

@ -1,25 +0,0 @@
vlans:
# switches and CPE only have IP addresses configured in the management vlan
mgmt: 1
# routers, OSPF area 0
core: 2
# servers...
serv: 3
# ZW public
pub: 4
# C3D2 home network
c3d2: 5
cluster: 6
bmx: 7
# Modems
{%- for i in range(1, 5) %}
up{{ i }}: {{ i + 9 }}
{%- endfor %}
# Neighbor subnets
{%- for i in range(1, 62) %}
priv{{ i }}: {{ i + 39 }}
{%- endfor %}
# Isolated neighbors directly connection with their modems
{%- for i in range(1, 17) %}
iso{{ i }}: {{ i + 100 }}
{%- endfor %}

View File

@ -1,85 +0,0 @@
#!yaml|gpg
openvpn:
protonvpn:
server: nl-free-01.protonvpn.com
user: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf7BCwzkTetWarslcjqPyMRqMmbigVnQmp2Fjr/jRy9VhFr
AljofSuYyWwWVk9aPGh5dNXShT4CzKs2eSrSno2H71bnuqxfc80dqhO3loM63NZL
EchUhT09keQ580WEp3CziDXDbe8T5clmour7Dy9kX/AI+WqeKtdAjgBaI50M3m6f
4TWt5zIUyMSxHtyEbpTswAtjD4GmjfsVHCUIw+EyfMsBVqRxYWDjtRUUE35wMeWm
k0DpyU5MF5CmKM108h8v69ti223kjB5hc+b/lg7lcr+8bjr3f9ELeg0pvtlkx4ps
VS8TXOIhT3KF7Bu9qKhmQFd5rwE5ColTiTcKpeq3iNJbAX3IIx7mvJSlYAeSwj0Y
2l4LUvpl1f+IQ/PhRMNO1TZEqbG7q762skrD/9DVbpRpFblqKhj9tuyv0OFiPPCa
QcVW+MHwyqKZ1g1/KVXAaEWTdIP3qyuvA4zOGQ==
=BLbr
-----END PGP MESSAGE-----
password: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf9FW6GeyPCaJm9ftIW89GX61TCnzMPXzK8i9hwA9mmRJxb
DuZ9gbMD5WKzgVNoCEXmKZ1nnbSTwCn1YjhMWwmmextrAuAGQiGqFtzG+KiyUGr6
PG3iHXtzcz2v+oElB7hswnfpRS4XVB9VP/LlPk2azY1jaF+EyfO4WkN4Dg0ldIal
ulrOknmFKAQjbuPeRsejOEnpNocLd0fh5Phza66g4YxmPAT9QznOXCumrKrEoC5q
SW/9DxJugCiYmU5ti8pdySBVeRqeoen35tXdyl/8tMX0R97c27HCzzPRcMaQxQVc
yyrTDEib5T0PiphbtHcXBovlna87gUQn2uM+Zm3IL9JbAeadBusliNidAaMaB/hN
2jQcqRxJmTp+Xo7vLzziAlaGhYEivq2ROasgaXa97qbkFIIvy4HVJrRtx7s8xuli
s8uY4mS0ZjVgGvFYO2ZMD+TIKZxbd6XwAFDBlA==
=fZBz
-----END PGP MESSAGE-----
ca: |
-----BEGIN CERTIFICATE-----
MIIFozCCA4ugAwIBAgIBATANBgkqhkiG9w0BAQ0FADBAMQswCQYDVQQGEwJDSDEV
MBMGA1UEChMMUHJvdG9uVlBOIEFHMRowGAYDVQQDExFQcm90b25WUE4gUm9vdCBD
QTAeFw0xNzAyMTUxNDM4MDBaFw0yNzAyMTUxNDM4MDBaMEAxCzAJBgNVBAYTAkNI
MRUwEwYDVQQKEwxQcm90b25WUE4gQUcxGjAYBgNVBAMTEVByb3RvblZQTiBSb290
IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAt+BsSsZg7+AuqTq7
vDbPzfygtl9f8fLJqO4amsyOXlI7pquL5IsEZhpWyJIIvYybqS4s1/T7BbvHPLVE
wlrq8A5DBIXcfuXrBbKoYkmpICGc2u1KYVGOZ9A+PH9z4Tr6OXFfXRnsbZToie8t
2Xjv/dZDdUDAqeW89I/mXg3k5x08m2nfGCQDm4gCanN1r5MT7ge56z0MkY3FFGCO
qRwspIEUzu1ZqGSTkG1eQiOYIrdOF5cc7n2APyvBIcfvp/W3cpTOEmEBJ7/14RnX
nHo0fcx61Inx/6ZxzKkW8BMdGGQF3tF6u2M0FjVN0lLH9S0ul1TgoOS56yEJ34hr
JSRTqHuar3t/xdCbKFZjyXFZFNsXVvgJu34CNLrHHTGJj9jiUfFnxWQYMo9UNUd4
a3PPG1HnbG7LAjlvj5JlJ5aqO5gshdnqb9uIQeR2CdzcCJgklwRGCyDT1pm7eoiv
WV19YBd81vKulLzgPavu3kRRe83yl29It2hwQ9FMs5w6ZV/X6ciTKo3etkX9nBD9
ZzJPsGQsBUy7CzO1jK4W01+u3ItmQS+1s4xtcFxdFY8o/q1zoqBlxpe5MQIWN6Qa
lryiET74gMHE/S5WrPlsq/gehxsdgc6GDUXG4dk8vn6OUMa6wb5wRO3VXGEc67IY
m4mDFTYiPvLaFOxtndlUWuCruKcCAwEAAaOBpzCBpDAMBgNVHRMEBTADAQH/MB0G
A1UdDgQWBBSDkIaYhLVZTwyLNTetNB2qV0gkVDBoBgNVHSMEYTBfgBSDkIaYhLVZ
TwyLNTetNB2qV0gkVKFEpEIwQDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFByb3Rv
blZQTiBBRzEaMBgGA1UEAxMRUHJvdG9uVlBOIFJvb3QgQ0GCAQEwCwYDVR0PBAQD
AgEGMA0GCSqGSIb3DQEBDQUAA4ICAQCYr7LpvnfZXBCxVIVc2ea1fjxQ6vkTj0zM
htFs3qfeXpMRf+g1NAh4vv1UIwLsczilMt87SjpJ25pZPyS3O+/VlI9ceZMvtGXd
MGfXhTDp//zRoL1cbzSHee9tQlmEm1tKFxB0wfWd/inGRjZxpJCTQh8oc7CTziHZ
ufS+Jkfpc4Rasr31fl7mHhJahF1j/ka/OOWmFbiHBNjzmNWPQInJm+0ygFqij5qs
51OEvubR8yh5Mdq4TNuWhFuTxpqoJ87VKaSOx/Aefca44Etwcj4gHb7LThidw/ky
zysZiWjyrbfX/31RX7QanKiMk2RDtgZaWi/lMfsl5O+6E2lJ1vo4xv9pW8225B5X
eAeXHCfjV/vrrCFqeCprNF6a3Tn/LX6VNy3jbeC+167QagBOaoDA01XPOx7Odhsb
Gd7cJ5VkgyycZgLnT9zrChgwjx59JQosFEG1DsaAgHfpEl/N3YPJh68N7fwN41Cj
zsk39v6iZdfuet/sP7oiP5/gLmA/CIPNhdIYxaojbLjFPkftVjVPn49RqwqzJJPR
N8BOyb94yhQ7KO4F3IcLT/y/dsWitY0ZH4lCnAVV/v2YjWAWS3OWyC8BFx/Jmc3W
DK/yPwECUcPgHIeXiRjHnJt0Zcm23O2Q3RphpU+1SO3XixsXpOVOYP6rJIXW9bMZ
A1gTTlpi7A==
-----END CERTIFICATE-----
key: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf+IvF6zK4TMYgQIrt30zB2QGPU28pRD6gAmcEJman1QzH6
vMrjONchjC3qTE9GVhFlyuxHZaYHFOFEW8y7JV7VBR0BGWa5WwalbXngkyJfL/SM
A2zXH/7d5w1TBM0uJBb3vCKeqjBnw47Vm5jDh2CG7kJuD08330WNpnl2pZJebDBH
IWbcGrI8M45fcPS3ui2HM+PoFUmVNP3EaXRSxLQlK4CpQjVmz7Adf11+f1HotYE5
V5DIbqF0nqYdMgekg026d4TwZbhX8kAXtiJmGVd9Wwy6Osq9gGb8QmbjMNRpjdRp
1P2dD5HIdipmWQDCc+NEoowzsNobSteq+yz8mmCfPNLA/gHOCApyk/YeVjxpTaJU
OLlHBcZ2p35pc+aeKhxQyKqSr8dEnGrgWLjiHxo637D2PtI9NGGxOdEzPTeYzvzq
Gf9qIWmYWQdFiHcWGn42p8/sdSaqrixGNUhwc9ZnXzBaGF2j4mJ5lR8pgorfr2Wc
wOPQRFAwxFRMXonPvOHRYb8ARs7JWAMjqtEDbnaHYmvduqWYEpKZeUqlKAyl5d4h
Pou1u8W6HeFSOK5Dz/wSTHUB+/COLoR4xMv+ChBGWQkex4TlMzGroe0VjK4Zf4Ya
IPu/MZF6Pqi9AN+yydUnkpZWYcICGH5NPy7gVt8okKuAhqYJcrq5JTvqvyUTNdS2
icdTSPNY2k3+YvLmDwCqolIjB+kjOKjZw2bjZ1HV7RCrKJhXOxdyd9ktGFOlNCtw
UHZoIFg0TCYxEvNHoZyjJzp9V0d/CQBBCYmwD9hIFr602WQv7+Ro6b4CFCFXytOC
msSAsLx1oBgJAOs9lcBwD7nCyWNwsk/MsE9OsJICYA/8ZzJPuqcJLwEm9tmPcWGF
0ws4GJAet9U4TDwUEYdV9AvcBsl5MHNb4cgIfPuJWZ11Wx2MQ9RuD6L8fDI5H8wI
=164/
-----END PGP MESSAGE-----

View File

@ -1,20 +0,0 @@
#!yaml|gpg
wireguard-instances:
'njalla':
private_key: |
-----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf/WyZLuFilGCU8WGG2i0IaX5ek9vvQ1eIEXKMmTXyU4OG8
ynaGYNwC5wKDxNhVas+twnCSpXpZLw61eRQrK6IhZnl69dzhFRZ5gR9T3VnMKNP6
2WsNQp5oEsNutvNw/6AkFm653T79zq/Rj3K+BM//+x3WKFShK+o/Y0+7L+2YEAo8
IeMS7nbB018acYZv0cEJGHJvcL/zHm6+IyW6WRz0tu5yaI8iwLMGDj6blVCu7efd
0JUAVPT+IrUhph6bH4jokkqxS0VCTgDmtLFmFDsCqv7SXwvDz4CvfzEPVATkiLNh
PCQBetoBbDkfEieulod8//O8j6EIa+rerGjwdvxX4dJnAfLGmn8KSDTcQUWhqFwI
lpy2QkY5XtuqKWM1tm0qel92kNKd7zcBfjtQxTorOXsxch39nHGZJ4LV6u/Li2ss
ku2TdReHWjrpIvY/PCIZNEBUYcqNJI2SUT9LA95pc38pH4SugBI9TQ==
=ddWH
-----END PGP MESSAGE-----
addr: 'fd03:1337::210/64, 10.13.37.210/24'
peers:
- public_key: 'xhbsrE6GyyJZD8pwLBU694NWMzVCeRoqghTeGhMudl0='
endpoint: '198.167.192.29:51820'