config: nixify everything
This commit is contained in:
parent
6446c6b8a3
commit
32c0def45b
|
@ -1 +1,3 @@
|
|||
contact.md
|
||||
/contact.md
|
||||
/config/secrets-production.nix
|
||||
/config/secrets-production.nix.old
|
||||
|
|
|
@ -34,8 +34,8 @@ Wir, ein kleiner Kreis von Menschen die das Netzwerk im Zentralwerk betreuen, ha
|
|||
- [x] Einlesen der Salt-Daten in Nix
|
||||
- [x] Containererstellung
|
||||
- [x] Migration der Container
|
||||
- [ ] device-scripts auf Site Config umstellen
|
||||
- [ ] Site Config ohne Entschlüsselung dumpen, Salt-Daten löschen
|
||||
- [x] device-scripts auf Site Config umstellen
|
||||
- [x] Site Config ohne Entschlüsselung dumpen, Salt-Daten löschen
|
||||
|
||||
### Development Setup
|
||||
|
||||
|
@ -77,8 +77,8 @@ auch `/etc/nixos` so dass `nixos-rebuild switch` problemlos
|
|||
klappt. Ausserdem ist dieser lokale Checkout in der `nix registry`
|
||||
eingetragen, was von bspw. von `build-container` verwendet wird.
|
||||
|
||||
Der Flake-input `zentralwerk-network-key` ist mit einem lokalen
|
||||
Repository überschrieben, weshalb die `flake.lock` dirty ist.
|
||||
Ausserdem wurden dort `nix run .#switch-to-production` und immer
|
||||
wieder `.#decrypt-secrets` ausgeführt.
|
||||
|
||||
### LXC-Containers auf Server
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
./secrets.nix
|
||||
|
||||
./vlan.nix
|
||||
];
|
||||
}
|
|
@ -0,0 +1,59 @@
|
|||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf6Axl7IpRsbhFaX8dJDQHlJrdK8LWP71VrUF/ukeF5qfjz
|
||||
1CKM04e/RWQ8dUK7OKIgbKhirI8dcleMB+gCu2Y45vXauqsVSaKTOV+ZyZZ3f1Hs
|
||||
gmHSxxKVoyMtCj+9dKGGTkNMgsB/0eIxTOc+dNrQb6FHpJjMBOzaDUI8N5AOeA+B
|
||||
IwJO+fco1dIj0I6sym3UHzovY3teQoGhBszzs60pjp77eJpiuIfEFZH0karWixX3
|
||||
Ktqn8q2+rD6+SVRcNADxnjiZ9dk4Ec7fFTqjCmZLwjiJDV0guhGPmc7ewsWnJA/z
|
||||
LgErzyAXI/g6sY2G47g7KdbBFzzk5YWepW2MuH+ZjdLrAaEGjqZQ2k6OXlQkjFQK
|
||||
AgP/u+KUPMd1o20QO/OX9jb6SzjKgr8rk+bM5ZnCJq0nxGLJQQZzb2Kq5/1KCIC+
|
||||
2B8plQmQaR/wTUGjyrgwgzBGbGBUENk52AOgehrHb2A3vH7cEEpqdSZDRUoCovqa
|
||||
amg5lIBYKeIQSL2WQjXYGfr+Mu82iAn4Rdvd2I5GRNlC3E12KKGQXDgrXhDKzAyF
|
||||
6KD7zoLQlvK9fQp34ECUGaG0Qps+tOfXUIX+h+9rSQ10e/ZJfitFCsGg4CVunvsI
|
||||
WzuDofIhQCmt8tOr2db5B5xGjylCCWnLlW2/j+Rrx2FzpIHrs6+2vcXkYQ7EFjnS
|
||||
xMzPrudHUiLbv+CiciOcRe63DyG5wP31skJvAm7eQRaHaPXMEZFRSJ1xG06XEygg
|
||||
a1RwBubnqRRONBvGy7u7b/Daj74Xk5Z6S3P9oBn5pDk25Na8xnJqz9jN21khE0w7
|
||||
ARIHU6rybCVfUccCfBzaGF/5LIS4Q/7L2uAu+MWRDg2uJr4N/pkYMs8Pi/vqLNCw
|
||||
XVV8jeilzIYqEAGp1thBfHiMO8kMKmQKxadETxTy7vCfS3jqcl19xTobH0non5Ie
|
||||
HMONaE/AKhSUHNK14fEH0HipgCwpy79P4MjFC8e5z5YoCsAqqzKmJJ6jv0lzpaA6
|
||||
iEamAg+0g1XhqTEHUnnC3RONnaY+VGAXSOXpH4cOlVocX2C/N9U6mev2/KN+xgC5
|
||||
PytsfKPRoiLagHrxGN6LekaiiQrrjFOgPGE5pwMnI0ODWDl+Yun8CmXwjq2oQudF
|
||||
Xe/eKtJmtEiZGWuPn5yUp/j3xyKue6sH4NIoFBcQUYX07yaPRetZITykjpYdYBxX
|
||||
RzSLD7pYDXMrtjuP4MsvjT0WD/XE9086p2CDjDv0mQfQpc40LyiJw4djFRkTsBaB
|
||||
zdv9gAYSuRfigpx+ygCvUZjLpSDHqixWdIJeo9NjIcbELjirQvxNGKew1JJBAPZJ
|
||||
6BdElR9WCHBx7jdVYaG5PXqiWtiXgFX2hs5+d0yFRHPRZo2xG3nBpJbE1ixqLSMQ
|
||||
aXK0YO2sH+Z7i1aIZpMkJF5FRNYb02jgGt89OciweU8vPeckw7lkVNxtHjsfKukB
|
||||
moZIDbQ2K5IvpJoYMvOwsMTFyB6biJXcSsVEuvfxbzM9nunqeAoHKJM7A23R1Xw7
|
||||
8fyYgN8EhxWl4bfk/sOVceAcVd+48oXr0dxbWw3OpxAeUJ6p9J4r/dKQopDW1VqV
|
||||
u1t404j6JkzLaKLZ6cXg0yl/jLmuOyQQRzNT6CA36K7/n5QRgNPpQ4P4sbesWMnw
|
||||
G04n6kkz29uX91SPaJkhliaXctotxCcSqz3ryNrz2isn8n4zuVgD7O/GKeSZobqD
|
||||
hv7IBY5Th1F4yQ94U0u8nkr2OVccsXohXxsRXN38/qLqT2I8R00evrnwhPZE9JFn
|
||||
dfJAMXCxtkwxuLYosrKyUTDbARLGAhP4RD9BXOijH0ec2lS/RKdcz0PI9Lz9zrzS
|
||||
Oq1JmxqYBi+jlxPuCqPHP1QY2LRXq5Ckr4hXsiKVbnMTpW0eL9raNva/NleaSzaH
|
||||
ovNyYVYzdGgBdM3IYcnm8bpuJHeuxHWkyw2buRUktxNGT//VXeAz0yyLuMVr1D20
|
||||
fDrHPI1hEukcIw8Z1s0Bg0wkUfRDBEWG4aL9GruAV9WyyMAAudtAXDfjO7Wo2vkI
|
||||
qdByXSsQw4pOUlLmOaFdf1Jr2pQYtQPsxJcyuyxBJ8pextUTtKIENRW8ENYHI7af
|
||||
C7fL3DMdWkpH04nGmmiv/kisZ01q+13x/t83ENv049Z65rV9lr01C08I1xrQuxf8
|
||||
rCKkcRNAXw0aVRoi7k4111mpzCWCqYCU6rbvlF3q5PyR5mYk7/m2k1lhgp4JSgfM
|
||||
zJT9uGLKjP0XiubV8poJNqRuMkHAMsmD2GjqJRmhfDXBJKfrbTDDE8PV1jvQpur9
|
||||
5z+bMnJ6A4eFK8+3KymbO58TTJr/YtIZg39tv67CmmvkzqI1ymHvUkYa1EYvmcjn
|
||||
SplmwrNqWXS7Pnxehq4JDBwOccvITkdIrwnvHM8D3XyHeIvt6c1fCzIl0f0M5oqQ
|
||||
nkurQrPWTrvA+H8BJ3AzLIk8HrduMgjSujWA+ZK4E0QLlC8ElSQ3vUpQ4CfErEy1
|
||||
byVXi4Iphdxoy1NIgoRwlClSwprcT7wtEPRAKZtYZlUk7Ji7YH928PPv0hqdnPZW
|
||||
t8jVO0Fy3bf1iHO4aPepmXzT5h6ouo64tlMobStlccz7YCVweNZdVQrPokBhcrIE
|
||||
zCsNBY0vntcNXEkFUxneBzYHW22ov6bTL7GYTBnJ5AAUl0YJ5lij0rYv5YXRlJA9
|
||||
c8CyGuXl3zCt9k2dG4oYBh9OwoUo+LJyuDym8O5xZs0KdhwSePfc2WCcuzjxAJat
|
||||
Pxqa+RawZybWLq+RKfONJ6Ds5PwYGaxO0Ra+MJnWqC0aQBTrzn1mLUfZ5V8kaKsT
|
||||
ARU/KONBagKvL279DcvU3wuDgKWmCKE2k31A45P3Z0N3KdadF7AGYb9YCjwpS5z8
|
||||
ad40UZ2WeoLBcfXWJWfN27mmpVw9STiOOVVwg466OwLeO0pZeHO+26zGtsTW6ueT
|
||||
p+W/ulIZYUM2LyCJfEhu2MdsO7CvTdLoEj/vGJpJAnOXRpsbRPCz4YbBmvcOmXt0
|
||||
lwT/YWnWNGViDfI+WPRtVTMFmb2W93MdOU8l3G7XNp9WlZuG19MQT89hYe1zdBQX
|
||||
r2nORbb+du7MnX7El3h9xJDAWUPfV1NrPdvlS6JtRvvRpphhTor6s4UY0hi77SRf
|
||||
S+4rzvKSecS2rxKR2GJOYT9Bf+TAfTjCeiwsHEV43sY/jER7mqlitVJ4MzYCHIrU
|
||||
q1oiBODbLrS0PDtn45mtBPqYmNHvp5+Mo3UFAOSZO03PY48hbDoByhh8On+Xhf/P
|
||||
M5RDzDJSWAXJvFw2HftUAben4mXPZ0Ifum7Hm34PQV9VJ+Us5rmmShmGdacw4AYX
|
||||
GsdNYJ4Ga8M6bsPLo5Vk6s7OOdSAGl/K8l+VJgOzjcBVUwM6d8lQMHAgVdYukY/h
|
||||
beSMD2VemMYHhpCV+Ys/yeBRwC5rrHoyTJXN1aE4PuC/mg/ath3hPZibTugy0qYN
|
||||
4HgSB8+r8YhJXiSu
|
||||
=Hqtq
|
||||
-----END PGP MESSAGE-----
|
|
@ -0,0 +1,242 @@
|
|||
{
|
||||
site.net = {
|
||||
core.ospf.secret = "SECRET";
|
||||
};
|
||||
|
||||
site.hosts = {
|
||||
ap1.password = "SECRET";
|
||||
ap2.password = "SECRET";
|
||||
ap3.password = "SECRET";
|
||||
ap4.password = "SECRET";
|
||||
ap5.password = "SECRET";
|
||||
ap6.password = "SECRET";
|
||||
ap7.password = "SECRET";
|
||||
ap8.password = "SECRET";
|
||||
ap9.password = "SECRET";
|
||||
ap10.password = "SECRET";
|
||||
ap11.password = "SECRET";
|
||||
ap12.password = "SECRET";
|
||||
ap15.password = "SECRET";
|
||||
ap17.password = "SECRET";
|
||||
ap18.password = "SECRET";
|
||||
ap19.password = "SECRET";
|
||||
ap21.password = "SECRET";
|
||||
ap22.password = "SECRET";
|
||||
ap23.password = "SECRET";
|
||||
ap24.password = "SECRET";
|
||||
ap25.password = "SECRET";
|
||||
ap26.password = "SECRET";
|
||||
ap27.password = "SECRET";
|
||||
ap28.password = "SECRET";
|
||||
ap29.password = "SECRET";
|
||||
ap30.password = "SECRET";
|
||||
ap31.password = "SECRET";
|
||||
ap32.password = "SECRET";
|
||||
ap33.password = "SECRET";
|
||||
ap34.password = "SECRET";
|
||||
ap35.password = "SECRET";
|
||||
ap36.password = "SECRET";
|
||||
ap37.password = "SECRET";
|
||||
ap38.password = "SECRET";
|
||||
ap39.password = "SECRET";
|
||||
ap40.password = "SECRET";
|
||||
ap41.password = "SECRET";
|
||||
ap42.password = "SECRET";
|
||||
ap43.password = "SECRET";
|
||||
ap44.password = "SECRET";
|
||||
ap45.password = "SECRET";
|
||||
ap46.password = "SECRET";
|
||||
ap47.password = "SECRET";
|
||||
ap48.password = "SECRET";
|
||||
ap49.password = "SECRET";
|
||||
ap50.password = "SECRET";
|
||||
ap51.password = "SECRET";
|
||||
ap52.password = "SECRET";
|
||||
ap53.password = "SECRET";
|
||||
ap54.password = "SECRET";
|
||||
ap55.password = "SECRET";
|
||||
ap56.password = "SECRET";
|
||||
switch-a1.password = "SECRET";
|
||||
switch-b1.password = "SECRET";
|
||||
switch-b2.password = "SECRET";
|
||||
switch-c1.password = "SECRET";
|
||||
switch-c3d2-main.password = "SECRET";
|
||||
switch-d1.password = "SECRET";
|
||||
switch-dach.password = "SECRET";
|
||||
|
||||
upstream4.interfaces.up4-pppoe.upstream = {
|
||||
user = "SECRET";
|
||||
password = "SECRET";
|
||||
};
|
||||
|
||||
anon1.wireguard.njalla = {
|
||||
addresses = [ "fec0::1/64" "192.168.0.1/24" ];
|
||||
endpoint = "0.0.0.1";
|
||||
privateKey = "SECRET";
|
||||
publicKey = "SECRET";
|
||||
upBandwidth = 45000;
|
||||
};
|
||||
|
||||
ap1.wifi."platform/qca953x_wmac".ssids."uebergangsnetz".psk = "SECRET";
|
||||
ap10.wifi."platform/qca953x_wmac".ssids = {
|
||||
"Ebs 2000".psk = "SECRET";
|
||||
"iz-dresden.org".psk = "SECRET";
|
||||
};
|
||||
ap11.wifi."platform/qca955x_wmac".ssids."braeunigkoschnik".psk = "SECRET";
|
||||
ap12.wifi."platform/ar934x_wmac".ssids = {
|
||||
"IrèneMélix".psk = "SECRET";
|
||||
"paperheart".psk = "SECRET";
|
||||
};
|
||||
ap15.wifi."platform/qca955x_wmac".ssids."etz250".psk = "SECRET";
|
||||
ap17.wifi."platform/qca955x_wmac".ssids = {
|
||||
"EDUB".psk = "SECRET";
|
||||
"Zweitwohnsitz".psk = "SECRET";
|
||||
"e-Stuetzpunkt".psk = "SECRET";
|
||||
};
|
||||
ap18.wifi."platform/qca953x_wmac".ssids."Restaurierung Wolff/Kober".psk = "SECRET";
|
||||
ap19.wifi."platform/qca953x_wmac".ssids = {
|
||||
"Studio 01127".psk = "SECRET";
|
||||
"Walter".psk = "SECRET";
|
||||
};
|
||||
ap2.wifi = {
|
||||
"pci0000:01/0000:01:00.0".ssids."C3D2".psk = "SECRET";
|
||||
"platform/qca955x_wmac".ssids."C3D2 legacy".psk = "SECRET";
|
||||
};
|
||||
ap21.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."ZW stage".psk = "SECRET";
|
||||
"platform/qca956x_wmac".ssids."ZW stage legacy".psk = "SECRET";
|
||||
};
|
||||
ap23.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."LBK Network".psk = "SECRET";
|
||||
"platform/qca956x_wmac".ssids."LBK Network".psk = "SECRET";
|
||||
};
|
||||
ap24.wifi."platform/ar933x_wmac".ssids."farbwerk".psk = "SECRET";
|
||||
ap25.wifi."platform/ar933x_wmac".ssids."farbwerk".psk = "SECRET";
|
||||
ap26.wifi."pci0000:00/0000:00:00.0".ssids."Dezember".psk = "SECRET";
|
||||
ap29.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."jungnickel-fotografie".psk = "SECRET";
|
||||
"platform/qca956x_wmac".ssids."jungnickel-fotografie".psk = "SECRET";
|
||||
};
|
||||
ap3.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."C3D2".psk = "SECRET";
|
||||
"platform/ar934x_wmac".ssids."C3D2 legacy".psk = "SECRET";
|
||||
};
|
||||
ap30.wifi."platform/qca956x_wmac".ssids."WLANb0402".psk = "SECRET";
|
||||
ap31.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."C3D2".psk = "SECRET";
|
||||
"platform/qca956x_wmac".ssids = {
|
||||
"C3D2 legacy" = { "psk" = "SECRET"; };
|
||||
"FOTOAKADEMIEdd" = { "psk" = "SECRET"; };
|
||||
};
|
||||
};
|
||||
ap32.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."ZW stage".psk = "SECRET";
|
||||
"platform/qca956x_wmac".ssids."ZW stage legacy".psk = "SECRET";
|
||||
};
|
||||
ap33.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."C3D2".psk = "SECRET";
|
||||
"platform/qca956x_wmac".ssids."C3D2 legacy".psk = "SECRET";
|
||||
};
|
||||
ap35.wifi."platform/qca956x_wmac".ssids."Koch".psk = "SECRET";
|
||||
ap36.wifi."platform/ar933x_wmac".ssids."C3D2 legacy".psk = "SECRET";
|
||||
ap37.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."hechtfilm.de".psk = "SECRET";
|
||||
"platform/ahb/18100000.wmac".ssids."hechtfilm.de legacy".psk = "SECRET";
|
||||
};
|
||||
ap38.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids = {
|
||||
"ZW heinrichsgarten" = { "psk" = "SECRET"; };
|
||||
"plop" = { "psk" = "SECRET"; };
|
||||
};
|
||||
"platform/qca956x_wmac".ssids = {
|
||||
"ZW heinrichsgarten" = { "psk" = "SECRET"; };
|
||||
"plop" = { "psk" = "SECRET"; };
|
||||
};
|
||||
};
|
||||
ap39.wifi."platform/10180000.wmac".ssids."EckiTino".psk = "SECRET";
|
||||
ap4.wifi."platform/qca955x_wmac".ssids."jam-circle.de".psk = "SECRET";
|
||||
ap40.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."M".psk = "SECRET";
|
||||
"platform/qca956x_wmac".ssids."M legacy".psk = "SECRET";
|
||||
};
|
||||
ap41.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."Walter".psk = "SECRET";
|
||||
"platform/qca956x_wmac".ssids."Walter".psk = "SECRET";
|
||||
};
|
||||
ap42.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."jam-circle.de".psk = "SECRET";
|
||||
"platform/qca956x_wmac".ssids."jam-circle.de legacy".psk = "SECRET";
|
||||
};
|
||||
ap43.wifi."platform/qca955x_wmac".ssids."Kaffeetasse".psk = "SECRET";
|
||||
ap44.wifi = {
|
||||
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids."ZW stage legacy".psk = "SECRET";
|
||||
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
|
||||
};
|
||||
ap45.wifi = {
|
||||
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids."ZW stage legacy".psk = "SECRET";
|
||||
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
|
||||
};
|
||||
ap46.wifi = {
|
||||
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids = {
|
||||
"EWW".psk = "SECRET";
|
||||
"ZW stage legacy".psk = "SECRET";
|
||||
};
|
||||
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids = {
|
||||
"EWW".psk = "SECRET";
|
||||
"ZW stage".psk = "SECRET";
|
||||
};
|
||||
};
|
||||
ap47.wifi = {
|
||||
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids."ZW stage legacy".psk = "SECRET";
|
||||
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
|
||||
};
|
||||
ap48.wifi = {
|
||||
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids."ZW stage legacy".psk = "SECRET";
|
||||
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
|
||||
};
|
||||
ap49.wifi = {
|
||||
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids."ZW stage legacy".psk = "SECRET";
|
||||
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
|
||||
};
|
||||
ap5.wifi."platform/qca955x_wmac".ssids."verbalwerk.de".psk = "SECRET";
|
||||
ap50.wifi = {
|
||||
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids = {
|
||||
"ZW stage legacy".psk = "SECRET";
|
||||
"gerdwork".psk = "SECRET";
|
||||
};
|
||||
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
|
||||
};
|
||||
ap51.wifi = {
|
||||
"pci0000:01/0000:01:00.0".ssids."antrares".psk = "SECRET";
|
||||
"platform/qca955x_wmac".ssids."antrares".psk = "SECRET";
|
||||
};
|
||||
ap52.wifi = {
|
||||
"1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0".ssids."ZW stage legacy".psk = "SECRET";
|
||||
"1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0".ssids."ZW stage".psk = "SECRET";
|
||||
};
|
||||
ap53.wifi."platform/qca953x_wmac".ssids."Karen Koschnick".psk = "SECRET";
|
||||
ap54.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."Abyssinia".psk = "SECRET";
|
||||
"platform/qca956x_wmac".ssids."Abyssinia".psk = "SECRET";
|
||||
};
|
||||
ap55.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."MagLAN".psk = "SECRET";
|
||||
"platform/qca956x_wmac".ssids."MagLAN (legacy)".psk = "SECRET";
|
||||
};
|
||||
ap56.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."MagLAN".psk = "SECRET";
|
||||
"platform/qca956x_wmac".ssids."MagLAN (legacy)".psk = "SECRET";
|
||||
};
|
||||
ap7.wifi."platform/qca953x_wmac".ssids."mino".psk = "SECRET";
|
||||
ap8.wifi = {
|
||||
"pci0000:00/0000:00:00.0".ssids."C3D2".psk = "SECRET";
|
||||
"platform/ar934x_wmac".ssids = {
|
||||
"C3D2 legacy".psk = "SECRET";
|
||||
"teknologi".psk = "SECRET";
|
||||
};
|
||||
};
|
||||
ap9.wifi."platform/qca953x_wmac".ssids."Herzzbuehne".psk = "SECRET";
|
||||
};
|
||||
|
||||
site.dyndnsKey = "SECRET";
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
let
|
||||
range = cur: max:
|
||||
if cur <= max
|
||||
then [ cur ] ++ range (cur + 1) max
|
||||
else [];
|
||||
in
|
||||
{
|
||||
site.net = builtins.mapAttrs (_: vlan: { inherit vlan; }) {
|
||||
# switches and CPE only have IP addresses configured in the management vlan
|
||||
mgmt = 1;
|
||||
# routers, OSPF area 0
|
||||
core = 2;
|
||||
# servers...
|
||||
serv = 3;
|
||||
# ZW public
|
||||
pub = 4;
|
||||
# C3D2 home network
|
||||
c3d2 = 5;
|
||||
cluster = 6;
|
||||
bmx = 7;
|
||||
# Modems
|
||||
up1 = 10;
|
||||
up2 = 11;
|
||||
up3 = 12;
|
||||
up4 = 13;
|
||||
# Isolated neighbors directly connectied with their modems
|
||||
iso1 = 101;
|
||||
iso2 = 102;
|
||||
iso3 = 103;
|
||||
iso4 = 104;
|
||||
iso5 = 105;
|
||||
iso6 = 106;
|
||||
} // builtins.foldl' (result: i:
|
||||
# Neighbor subnets
|
||||
result // {
|
||||
"priv${toString i}".vlan = i + 39;
|
||||
}
|
||||
) {} (range 1 61);
|
||||
}
|
20
flake.lock
20
flake.lock
|
@ -52,25 +52,7 @@
|
|||
"inputs": {
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-master": "nixpkgs-master",
|
||||
"openwrt": "openwrt",
|
||||
"zentralwerk-network-key": "zentralwerk-network-key"
|
||||
}
|
||||
},
|
||||
"zentralwerk-network-key": {
|
||||
"locked": {
|
||||
"dir": "nix/key",
|
||||
"lastModified": 1631808463,
|
||||
"narHash": "sha256-5xMZkqqQbpXECnKEK2THT7u4+/vL7SPp3Jvoicm1Moc=",
|
||||
"ref": "master",
|
||||
"rev": "e4a5aee0e44ca058d2f12d6c6f34db6d484187fc",
|
||||
"revCount": 1172,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/zentralwerk/network.git?dir=nix%2fkey"
|
||||
},
|
||||
"original": {
|
||||
"dir": "nix/key",
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/zentralwerk/network.git?dir=nix%2fkey"
|
||||
"openwrt": "openwrt"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
@ -6,13 +6,9 @@
|
|||
nixpkgs-master.url = "github:NixOS/nixpkgs";
|
||||
openwrt.url = "git+https://git.openwrt.org/openwrt/openwrt.git?ref=openwrt-21.02";
|
||||
openwrt.flake = false;
|
||||
|
||||
# `nix flake update --override-flake zentralwerk-network-key git+file:///...`
|
||||
# to provide the GPG secret key
|
||||
zentralwerk-network-key.url = "git+https://gitea.c3d2.de/zentralwerk/network.git?dir=nix/key";
|
||||
};
|
||||
|
||||
outputs = inputs@{ self, nixpkgs, nixpkgs-master, openwrt, zentralwerk-network-key }:
|
||||
outputs = inputs@{ self, nixpkgs, nixpkgs-master, openwrt }:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
systems = [ system ];
|
||||
|
@ -33,7 +29,6 @@
|
|||
lib = nixpkgs.lib.extend (final: prev:
|
||||
import ./nix/lib {
|
||||
inherit self;
|
||||
inherit (zentralwerk-network-key.lib) gpgKey;
|
||||
inherit openwrt;
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
});
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
{
|
||||
description = "Zentralwerk network secret GPG key";
|
||||
|
||||
outputs = { ... }: {
|
||||
lib.gpgKey = null;
|
||||
# test key
|
||||
lib.dyndnsKey = "Dr1QHSfNtAwgbdoNBtCgl5NxsSXlaw9+qo7juiVTv58=";
|
||||
# test credentials
|
||||
lib.pppoe.upstream4 = {
|
||||
user = "test@example.com";
|
||||
password = "secret";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,6 +1,5 @@
|
|||
{ self
|
||||
, pkgs ? import <nixpkgs> {}
|
||||
, gpgKey
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -22,18 +21,13 @@ let
|
|||
default = [];
|
||||
internal = true;
|
||||
};
|
||||
options.gpgKey = mkOption {
|
||||
type = with types; nullOr path;
|
||||
};
|
||||
config = {
|
||||
inherit gpgKey;
|
||||
};
|
||||
}
|
||||
)
|
||||
./options.nix
|
||||
./legacy.nix
|
||||
../../../config
|
||||
];
|
||||
};
|
||||
|
||||
inherit (result) config;
|
||||
|
||||
warn = result:
|
||||
|
@ -47,9 +41,9 @@ let
|
|||
|
||||
error = result:
|
||||
let
|
||||
failed =
|
||||
builtins.filter ({ assertion, ... }: !assertion)
|
||||
config.assertions;
|
||||
failed = builtins.filter ({ assertion, ... }:
|
||||
!assertion
|
||||
) config.assertions;
|
||||
in
|
||||
if failed != []
|
||||
then throw ''
|
||||
|
@ -58,9 +52,9 @@ let
|
|||
${self.lib.concatMapStringsSep "\n" ({ message, ... }: message) failed}
|
||||
''
|
||||
else result;
|
||||
in
|
||||
warn (
|
||||
error (
|
||||
builtins.removeAttrs config [ "assertions" "warnings" "gpgKey" "salt-pillar" ]
|
||||
)
|
||||
)
|
||||
|
||||
in warn (error ({
|
||||
inherit (result) options;
|
||||
|
||||
config = builtins.removeAttrs config [ "assertions" "warnings" ];
|
||||
}))
|
||||
|
|
|
@ -1,588 +0,0 @@
|
|||
{ config, pkgs, lib, self, ... }:
|
||||
|
||||
let
|
||||
mainServers = [ "server1" "server2" ];
|
||||
cephMonServers = [ "server5" "server6" "server8" ];
|
||||
pillar = self.lib.saltPillarFor "*";
|
||||
|
||||
clusterServerNets = [
|
||||
"mgmt" "pub" "core" "serv"
|
||||
"c3d2" "cluster" "bmx" "priv23"
|
||||
];
|
||||
clusterServerInterfaces = builtins.foldl' (result: net:
|
||||
result // {
|
||||
"${net}".type = "bridge";
|
||||
}
|
||||
) {} clusterServerNets;
|
||||
|
||||
renameAttr = from: to: attrset:
|
||||
builtins.foldl' (result: name:
|
||||
if name == from
|
||||
then result // { "${to}" = attrset.${name}; }
|
||||
else result // { "${name}" = attrset.${name}; }
|
||||
) {} (builtins.attrNames attrset);
|
||||
|
||||
# HACK: `type = "phys"` works but once an LXC container is stopped
|
||||
# the VLAN interface is not moved back.
|
||||
forceVeth = interface: interface // {
|
||||
type = "veth";
|
||||
};
|
||||
|
||||
netHasDHCP = net:
|
||||
net == "pub" ||
|
||||
net == "serv" ||
|
||||
builtins.match "priv[[:digit:]]+" net != null;
|
||||
|
||||
whoLinksTo = target:
|
||||
builtins.attrNames (
|
||||
lib.filterAttrs (hostName: { ports, ... }:
|
||||
hostName != target &&
|
||||
ports ? ${target}
|
||||
) pillar.switches
|
||||
);
|
||||
in
|
||||
{
|
||||
options.salt-pillar = lib.mkOption {};
|
||||
config.salt-pillar = pillar;
|
||||
|
||||
config.site.net = lib.mkMerge ([
|
||||
(builtins.mapAttrs (_: vlan: { vlan = vlan; }) pillar.vlans)
|
||||
(builtins.mapAttrs (_: subnet4: { inherit subnet4; }) pillar.subnets-inet)
|
||||
(builtins.mapAttrs (_: hosts4: { inherit hosts4; }) pillar.hosts-inet)
|
||||
(builtins.mapAttrs (net: dhcpData: {
|
||||
dhcp = {
|
||||
inherit (dhcpData) start end time max-time;
|
||||
server =
|
||||
if netHasDHCP net
|
||||
then "${net}-gw"
|
||||
else null;
|
||||
fixed-hosts =
|
||||
if dhcpData ? fixed-hosts
|
||||
then dhcpData.fixed-hosts
|
||||
else {};
|
||||
router = dhcpData.host-opts.routers;
|
||||
};
|
||||
domainName = dhcpData.string-opts.domain-name;
|
||||
}) pillar.dhcp)
|
||||
{
|
||||
core.ospf.secret = pillar.ospf.secret;
|
||||
pub.dynamicDomain = true;
|
||||
|
||||
cluster.extraRecords = map (host: {
|
||||
name = "_ceph-mon._tcp";
|
||||
type = "SRV";
|
||||
data = "1 1 6789 ${host}";
|
||||
}) cephMonServers ++
|
||||
lib.lists.imap0 (i: host: {
|
||||
name = "mon${toString i}";
|
||||
type = "CNAME";
|
||||
data = "${host}";
|
||||
}) cephMonServers;
|
||||
|
||||
c3d2.dynamicDomain = true;
|
||||
c3d2.dhcp = {
|
||||
server = "c3d2-gw3";
|
||||
router = "c3d2-anon";
|
||||
start = "172.22.99.100";
|
||||
end = "172.22.99.199";
|
||||
fixed-hosts = {
|
||||
"astron.hq.c3d2.de" = "aa:00:5b:08:f0:5b";
|
||||
"astrom.hq.c3d2.de" = "aa:00:5b:08:f0:5c";
|
||||
"www1.hq.c3d2.de" = "aa:00:13:8b:03:47";
|
||||
"dn42.hq.c3d2.de" = "aa:00:42:7a:32:46";
|
||||
"icq.hq.c3d2.de" = "aa:00:30:f6:27:89";
|
||||
"jabber1.hq.c3d2.de" = "aa:00:0b:19:8f:14";
|
||||
"jabber2.hq.c3d2.de" = "aa:00:3d:6a:23:b8";
|
||||
"wiefelspuetz.hq.c3d2.de" = "aa:00:7f:01:8a:d0";
|
||||
"git.hq.c3d2.de" = "aa:00:47:d8:57:10";
|
||||
"fernandopoo.hq.c3d2.de" = "aa:00:f7:52:85:27";
|
||||
"moleflap.hq.c3d2.de" = "aa:00:0d:b1:6c:67";
|
||||
"wormhole.hq.c3d2.de" = "00:23:c3:d2:00:76";
|
||||
"sharing.hq.c3d2.de" = "00:23:c3:d2:75:18";
|
||||
"drucker.hq.c3d2.de" = "00:23:c3:d2:12:0f";
|
||||
"knot.hq.c3d2.de" = "52:54:cf:fd:ce:3f";
|
||||
"bender.hq.c3de.de" = "00:23:df:7e:c8:0a";
|
||||
"sofafon.hq.c3d2.de" = "b8:27:eb:23:8d:01";
|
||||
"schalter.hq.c3d2.de" = "b8:27:eb:4c:be:ff";
|
||||
"beere.hq.c3d2.de" = "b8:27:eb:ac:65:d2";
|
||||
"ledball1.hq.c3d2.de" = "b8:27:eb:53:0b:27";
|
||||
"cider.hq.c3d2.de" = "00:0d:93:75:ee:fa";
|
||||
"semanta.hq.c3d2.de" = "00:ff:e4:bb:ea:2a";
|
||||
"leviathan.hq.c3d2.de" = "00:ff:08:31:db:e5";
|
||||
"beere2.hq.c3d2.de" = "b8:27:eb:53:0b:27";
|
||||
"feile.hq.c3d2.de" = "aa:00:5b:12:c1:f7";
|
||||
"matemat.hq.c3d2.de" = "a2:1b:7c:e8:19:72";
|
||||
"172.22.99.98" = "08:00:27:aa:90:e2";
|
||||
"172.22.99.96" = "08:00:27:bb:8c:b3";
|
||||
"batman.hq.c3d2.de" = "5c:cf:7f:c0:05:28";
|
||||
"monit.hq.c3d2.de" = "00:23:ae:94:e7:19";
|
||||
"storage2.hq.c3d2.de" = "42:5e:0f:4e:f3:cc";
|
||||
"server2.hq.c3d2.de" = "d0:67:e5:f3:57:10";
|
||||
"server3.hq.c3d2.de" = "e4:1f:13:2e:4f:c0";
|
||||
"server4.hq.c3d2.de" = "00:9c:02:a9:26:01";
|
||||
"minecraft.hq.c3d2.de" = "4a:57:d3:64:fe:e9";
|
||||
"ustriper.hq.c3d2.de" = "aa:bb:95:33:bb:aa";
|
||||
"lisbeth.hq.c3d2.de" = "b8:27:eb:a5:ee:5c";
|
||||
"ruststripe1.hq.c3d2.de" = "06:32:0e:39:21:69";
|
||||
"fhem.hq.c3d2.de" = "b8:27:eb:9e:8b:db";
|
||||
"glotzbert.hq.c3d2.de" = "ec:a8:6b:fe:b4:cb";
|
||||
"pulsebert.hq.c3d2.de" = "b8:27:eb:16:31:61";
|
||||
"dacbert.hq.c3d2.de" = "dc:a6:32:31:b6:32";
|
||||
"public-access-proxy.hq.c3d2.de" = "12:24:5f:bd:9b:e7";
|
||||
"marenz-build.hq.c3d2.de" = "44:1e:a1:59:2e:e8";
|
||||
"ledbeere.hq.c3d2.de" = "b8:27:eb:60:99:59";
|
||||
};
|
||||
time = 86400;
|
||||
max-time = 30 * 86400;
|
||||
};
|
||||
}
|
||||
|
||||
# net priv* settings
|
||||
(
|
||||
builtins.mapAttrs (netName: _: {
|
||||
dynamicDomain = true;
|
||||
}) (
|
||||
lib.filterAttrs (netName: _:
|
||||
builtins.match "priv[[:digit:]]+" netName != null
|
||||
) pillar.hosts-inet
|
||||
)
|
||||
)
|
||||
] ++ (
|
||||
map (ctx:
|
||||
builtins.mapAttrs (_: subnet: { subnets6.${ctx} = subnet; }) pillar.subnets-inet6.${ctx}
|
||||
) (builtins.attrNames pillar.subnets-inet6)
|
||||
) ++ (
|
||||
map (ctx:
|
||||
builtins.mapAttrs (_: subnet: { hosts6.${ctx} = subnet; }) pillar.hosts-inet6.${ctx}
|
||||
) (builtins.attrNames pillar.hosts-inet6)
|
||||
));
|
||||
|
||||
config.site.hosts = lib.mkMerge (
|
||||
[
|
||||
{ # Static definitions
|
||||
|
||||
mgmt-gw.firewall.enable = true;
|
||||
priv13-gw.firewall.enable = true;
|
||||
|
||||
dns.services.dns.enable = true;
|
||||
|
||||
dnscache = {
|
||||
role = "container";
|
||||
|
||||
interfaces.serv = {
|
||||
gw4 = "serv-gw";
|
||||
gw6 = "serv-gw";
|
||||
type = "veth";
|
||||
};
|
||||
|
||||
services.dnscache.enable = true;
|
||||
};
|
||||
|
||||
upstream1.interfaces.up1.upstream = {
|
||||
provider = "vodafone";
|
||||
staticIpv4Address = "24.134.104.53";
|
||||
noNat.subnets6 = [
|
||||
"2a02:8106:208:5200::/56"
|
||||
];
|
||||
};
|
||||
upstream2.interfaces.up2.upstream = {
|
||||
provider = "vodafone";
|
||||
noNat.subnets6 = [
|
||||
"2a02:8106:208:e900::/56"
|
||||
];
|
||||
};
|
||||
upstream3.interfaces.up3.upstream.provider = "starlink";
|
||||
upstream4.interfaces.up4-pppoe = {
|
||||
type = "pppoe";
|
||||
upstream = {
|
||||
provider = "dsi";
|
||||
link = "up4";
|
||||
staticIpv4Address = "81.201.149.152";
|
||||
upBandwidth = 98000;
|
||||
noNat.subnets6 = [
|
||||
"2a00:8180:2000:37::1/128"
|
||||
"2a00:8180:2c00:200::/56"
|
||||
];
|
||||
};
|
||||
};
|
||||
upstream1.ospf.upstreamInstance = 3;
|
||||
upstream2.ospf.upstreamInstance = 4;
|
||||
anon1.ospf.upstreamInstance = 5;
|
||||
freifunk.ospf.upstreamInstance = 6;
|
||||
upstream3.ospf.upstreamInstance = 7;
|
||||
upstream4.ospf.upstreamInstance = 8;
|
||||
c3d2-gw1.ospf.allowedUpstreams = [ "upstream3" "upstream4" "upstream1" "anon1" "freifunk" ];
|
||||
c3d2-gw2.ospf.allowedUpstreams = [ "upstream1" "upstream3" "upstream4" "anon1" "freifunk" ];
|
||||
c3d2-gw3.ospf.allowedUpstreams = [ "upstream4" "upstream3" "upstream1" "anon1" "freifunk" ];
|
||||
serv-gw.ospf.allowedUpstreams = [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ];
|
||||
cls-gw.ospf.allowedUpstreams = [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ];
|
||||
mgmt-gw.ospf.allowedUpstreams = [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ];
|
||||
bgp.ospf.allowedUpstreams = [ "upstream4" "upstream1" "upstream3" "anon1" "freifunk" ];
|
||||
anon1.ospf.allowedUpstreams = [ "upstream1" "upstream3" "upstream4" "freifunk" ];
|
||||
priv17-gw-up3.ospf.allowedUpstreams = [ "upstream3" "upstream4" "upstream1" "anon1" "freifunk" ];
|
||||
|
||||
pub-gw.ospf.allowedUpstreams = [ "anon1" "freifunk" ];
|
||||
c3d2-anon.ospf.allowedUpstreams = [ "anon1" "freifunk" ];
|
||||
|
||||
upstream4.forwardPorts = [
|
||||
{
|
||||
destination = config.site.net.serv.hosts4.public-access-proxy;
|
||||
proto = "tcp";
|
||||
sourcePort = 80;
|
||||
}
|
||||
{
|
||||
destination = config.site.net.serv.hosts4.public-access-proxy;
|
||||
proto = "tcp";
|
||||
sourcePort = 443;
|
||||
}
|
||||
{
|
||||
destination = config.site.net.serv.hosts4.bind;
|
||||
proto = "tcp";
|
||||
sourcePort = 53;
|
||||
reflect = false;
|
||||
}
|
||||
{
|
||||
destination = config.site.net.serv.hosts4.bind;
|
||||
proto = "udp";
|
||||
sourcePort = 53;
|
||||
reflect = false;
|
||||
}
|
||||
{
|
||||
destination = config.site.net.c3d2.hosts4.dn42;
|
||||
proto = "udp";
|
||||
sourcePort = 2325;
|
||||
}
|
||||
{
|
||||
destination = config.site.net.c3d2.hosts4.dn42;
|
||||
proto = "udp";
|
||||
sourcePort = 2399;
|
||||
}
|
||||
{
|
||||
destination = config.site.net.c3d2.hosts4.dn42;
|
||||
proto = "udp";
|
||||
sourcePort = 2327;
|
||||
}
|
||||
{
|
||||
destination = config.site.net.c3d2.hosts4.dn42;
|
||||
proto = "udp";
|
||||
sourcePort = 2338;
|
||||
}
|
||||
{
|
||||
destination = config.site.net.c3d2.hosts4.dn42;
|
||||
proto = "udp";
|
||||
sourcePort = 2339;
|
||||
}
|
||||
{
|
||||
destination = config.site.net.c3d2.hosts4.dn42;
|
||||
proto = "udp";
|
||||
sourcePort = 40533;
|
||||
}
|
||||
{
|
||||
destination = config.site.net.c3d2.hosts4.dn42;
|
||||
proto = "udp";
|
||||
sourcePort = 61699;
|
||||
}
|
||||
{
|
||||
destination = "${config.site.net.serv.hosts4.leonos}:22";
|
||||
proto = "tcp";
|
||||
sourcePort = 2223;
|
||||
}
|
||||
{
|
||||
destination = config.site.net.serv.hosts4.minetest;
|
||||
proto = "udp";
|
||||
sourcePort = 30000;
|
||||
}
|
||||
{
|
||||
destination = "172.22.99.175:22";
|
||||
proto = "tcp";
|
||||
sourcePort = 2224;
|
||||
}
|
||||
{ # Gitea ssh
|
||||
destination = config.site.net.serv.hosts4.gitea;
|
||||
proto = "tcp";
|
||||
sourcePort = 22;
|
||||
}
|
||||
{ # Jabber C2S
|
||||
destination = config.site.net.serv.hosts4.jabber;
|
||||
proto = "tcp";
|
||||
sourcePort = 5222;
|
||||
}
|
||||
{ # Jabber C2S+SSL
|
||||
destination = config.site.net.serv.hosts4.jabber;
|
||||
proto = "tcp";
|
||||
sourcePort = 5223;
|
||||
}
|
||||
{ # Jabber S2S
|
||||
destination = config.site.net.serv.hosts4.jabber;
|
||||
proto = "tcp";
|
||||
sourcePort = 5269;
|
||||
}
|
||||
{ # Jabber TURN
|
||||
destination = config.site.net.serv.hosts4.jabber;
|
||||
proto = "tcp";
|
||||
sourcePort = 3478;
|
||||
}
|
||||
{ # Jabber TURN
|
||||
destination = config.site.net.serv.hosts4.jabber;
|
||||
proto = "tcp";
|
||||
sourcePort = 3479;
|
||||
}
|
||||
{ # Jabber TURN
|
||||
destination = config.site.net.serv.hosts4.jabber;
|
||||
proto = "udp";
|
||||
sourcePort = 3478;
|
||||
}
|
||||
{ # Jabber TURN
|
||||
destination = config.site.net.serv.hosts4.jabber;
|
||||
proto = "udp";
|
||||
sourcePort = 3479;
|
||||
}
|
||||
{
|
||||
destination = "${config.site.net.serv.hosts4.vps1}:22";
|
||||
proto = "tcp";
|
||||
sourcePort = 2225;
|
||||
}
|
||||
] ++ map (port: {
|
||||
destination = config.site.net.serv.hosts4.mail;
|
||||
proto = "tcp";
|
||||
sourcePort = port;
|
||||
}) [ 25 465 587 110 143 993 995 ];
|
||||
|
||||
server3.interfaces = clusterServerInterfaces;
|
||||
server5.interfaces = clusterServerInterfaces;
|
||||
server6.interfaces = clusterServerInterfaces;
|
||||
server7.interfaces = clusterServerInterfaces;
|
||||
server8.interfaces = clusterServerInterfaces;
|
||||
server9.interfaces = clusterServerInterfaces;
|
||||
|
||||
ap-test1.interfaces = {
|
||||
mgmt.type = "phys";
|
||||
pub.type = "bridge";
|
||||
c3d2.type = "bridge";
|
||||
bmx.type = "bridge";
|
||||
};
|
||||
ap-test2.interfaces = {
|
||||
mgmt.type = "phys";
|
||||
pub.type = "bridge";
|
||||
c3d2.type = "bridge";
|
||||
bmx.type = "bridge";
|
||||
};
|
||||
ap4.links.switch-b2.ports = [ "wan" ];
|
||||
ap6.links.switch-b2.ports = [ "wan" ];
|
||||
ap21.links.switch-a1.ports = [ "lan" ];
|
||||
ap27.links.switch-b2.ports = [ "wan" ];
|
||||
ap32.links.switch-b2.ports = [ "lan" ];
|
||||
ap33.links.switch-b2.ports = [ "lan" ];
|
||||
ap36.links.switch-b2.ports = [ "wan" ];
|
||||
ap43.links.switch-a1.ports = [ "wan" ];
|
||||
ap44.links.switch-a1.ports = [ "lan" ];
|
||||
ap45.links.switch-a1.ports = [ "lan" ];
|
||||
ap46.links.switch-a1.ports = [ "lan" ];
|
||||
ap47.links.switch-a1.ports = [ "lan" ];
|
||||
ap48.links.switch-a1.ports = [ "lan" ];
|
||||
ap49.links.switch-a1.ports = [ "lan" ];
|
||||
ap50.links.switch-a1.ports = [ "lan" ];
|
||||
ap52.links.switch-a1.ports = [ "lan" ];
|
||||
|
||||
ap28.links.ap3.ports = [ "wan" ];
|
||||
ap3.links.ap28.ports = [ "lan:1" ];
|
||||
ap3.links.c3d2.ports = lib.mkForce [
|
||||
"lan:2"
|
||||
"lan:3"
|
||||
"lan:4"
|
||||
];
|
||||
ap34.links.ap42.ports = [ "lan" ];
|
||||
ap42.links.priv4.ports = lib.mkForce [
|
||||
"lan:1"
|
||||
"lan:2"
|
||||
"lan:4"
|
||||
];
|
||||
ap42.links.ap34.ports = [ "lan:3" ];
|
||||
}
|
||||
|
||||
# host priv*-gw settings
|
||||
(
|
||||
builtins.mapAttrs (hostName: _: {
|
||||
ospf.allowedUpstreams = [ "upstream4" "upstream3" "upstream1" "anon1" "freifunk" ];
|
||||
}) (
|
||||
lib.filterAttrs (hostName: _:
|
||||
builtins.match "priv[[:digit:]]+-gw" hostName != null
|
||||
) pillar.containers
|
||||
)
|
||||
)
|
||||
|
||||
(builtins.foldl' (result: hostName: result // {
|
||||
"${hostName}" = {
|
||||
role = "server";
|
||||
interfaces = builtins.mapAttrs (net: _: {
|
||||
type = "phys";
|
||||
} // lib.optionalAttrs (net == "cluster") {
|
||||
gw4 = "cls-gw";
|
||||
gw6 = "cls-gw";
|
||||
}) (
|
||||
lib.filterAttrs (_: hosts: hosts ? ${hostName}) (
|
||||
pillar.hosts-inet // (
|
||||
builtins.foldl' (result: hosts: result // hosts) {} (builtins.attrValues pillar.hosts-inet6)
|
||||
)
|
||||
)
|
||||
) // builtins.foldl' (result: container:
|
||||
result // builtins.mapAttrs (net: interface: {
|
||||
type = "bridge";
|
||||
}) container.interfaces
|
||||
) {} (builtins.attrValues pillar.containers);
|
||||
};
|
||||
}) {} mainServers)
|
||||
|
||||
(builtins.mapAttrs (_: switch: {
|
||||
inherit (switch) model location password;
|
||||
role = "switch";
|
||||
interfaces.mgmt.type = "phys";
|
||||
links = builtins.mapAttrs (_: { ports, group ? null, ... }: {
|
||||
group = if group != null
|
||||
then toString group
|
||||
else null;
|
||||
ports = map toString (
|
||||
if builtins.isList ports
|
||||
then ports
|
||||
else [ ports ]
|
||||
);
|
||||
}) switch.ports;
|
||||
}) pillar.switches)
|
||||
|
||||
(builtins.mapAttrs (hostName: ap: {
|
||||
inherit (ap) model location password;
|
||||
role = "ap";
|
||||
|
||||
interfaces = builtins.foldl' (interfaces: net: interfaces // {
|
||||
"${net}" = {
|
||||
type = "bridge";
|
||||
};
|
||||
}) {
|
||||
mgmt = {
|
||||
type = "phys";
|
||||
gw4 = "mgmt-gw";
|
||||
gw6 = "mgmt-gw";
|
||||
};
|
||||
} (
|
||||
builtins.concatMap ({ ssids, ... }:
|
||||
map ({ net, ... }: net) (builtins.attrValues ssids)
|
||||
) (builtins.attrValues ap.radios)
|
||||
);
|
||||
|
||||
links =
|
||||
let
|
||||
wanTargets = whoLinksTo hostName;
|
||||
model = self.lib.getOpenwrtModel ap.model;
|
||||
getPorts = regex:
|
||||
map (port: {
|
||||
port = port.port;
|
||||
phys = port.port;
|
||||
}.${port.type}) (
|
||||
builtins.filter (port:
|
||||
port ? port &&
|
||||
builtins.match regex port.port != null
|
||||
) (builtins.attrValues model.ports)
|
||||
);
|
||||
in
|
||||
if model ? ports
|
||||
then
|
||||
if getPorts "wan" == [] && builtins.length wanTargets > 0
|
||||
then {
|
||||
# Only 1 Ethernet port, treat lan as uplink
|
||||
"${builtins.head wanTargets}".ports = getPorts "lan";
|
||||
}
|
||||
else
|
||||
lib.optionalAttrs (builtins.length wanTargets > 0) {
|
||||
"${builtins.head wanTargets}".ports = getPorts "wan";
|
||||
} // lib.optionalAttrs (ap ? lan-access) {
|
||||
"${ap.lan-access}".ports = self.lib.unique (
|
||||
getPorts "lan.*"
|
||||
);
|
||||
}
|
||||
else
|
||||
builtins.trace "No known ports for OpenWRT model ${ap.model}"
|
||||
{};
|
||||
|
||||
wifi = ap.radios;
|
||||
|
||||
}) pillar.cpe)
|
||||
|
||||
(builtins.mapAttrs (name: container:
|
||||
let
|
||||
ctPillar = self.lib.saltPillarFor name;
|
||||
in {
|
||||
role = "container";
|
||||
|
||||
interfaces =
|
||||
builtins.mapAttrs (net: interface:
|
||||
renameAttr "gw" "gw4"
|
||||
(forceVeth interface) // (
|
||||
if ctPillar ? upstream &&
|
||||
ctPillar.upstream.interface == net
|
||||
then {
|
||||
upstream.upBandwidth = ctPillar.upstream.up-bandwidth;
|
||||
}
|
||||
else {}
|
||||
)
|
||||
) container.interfaces;
|
||||
|
||||
wireguard =
|
||||
lib.optionalAttrs (ctPillar ? wireguard-instances) (
|
||||
builtins.mapAttrs (net: wgData: {
|
||||
inherit (builtins.head wgData.peers) endpoint;
|
||||
publicKey = (builtins.head wgData.peers).public_key;
|
||||
privateKey = wgData.private_key;
|
||||
addresses = builtins.filter builtins.isString (
|
||||
builtins.split "[, ]+" wgData.addr
|
||||
);
|
||||
upBandwidth = ctPillar.upstream.up-bandwidth;
|
||||
}) ctPillar.wireguard-instances);
|
||||
|
||||
ospf =
|
||||
let
|
||||
ospfConf = ctPillar.ospf;
|
||||
in lib.optionalAttrs (ctPillar ? ospf && ospfConf ? stubnets-inet) {
|
||||
stubNets4 = ospfConf.stubnets-inet;
|
||||
} // lib.optionalAttrs (ctPillar ? ospf && ospfConf ? stubnets-inet6) {
|
||||
stubNets6 = ospfConf.stubnets-inet6;
|
||||
};
|
||||
|
||||
bgp =
|
||||
if ctPillar ? bgp
|
||||
then
|
||||
let
|
||||
bgpConf = ctPillar.bgp;
|
||||
in {
|
||||
inherit (bgpConf) asn;
|
||||
peers = bgpConf.peers-inet // bgpConf.peers-inet6;
|
||||
}
|
||||
else null;
|
||||
|
||||
forwardPorts =
|
||||
if ctPillar ? port-forwarding
|
||||
then map ({ proto, port, to }: {
|
||||
proto = proto;
|
||||
sourcePort = port;
|
||||
destination = to;
|
||||
}) ctPillar.port-forwarding
|
||||
else [];
|
||||
}) pillar.containers)
|
||||
] ++
|
||||
|
||||
(map (net:
|
||||
builtins.mapAttrs (_: addr4: {
|
||||
}) pillar.hosts-inet.${net}
|
||||
) (builtins.attrNames pillar.hosts-inet)) ++
|
||||
|
||||
(builtins.concatMap (ctx:
|
||||
map (net:
|
||||
builtins.mapAttrs (_: addr6: {
|
||||
}) pillar.hosts-inet6.${ctx}.${net}
|
||||
) (builtins.attrNames pillar.hosts-inet6.${ctx})
|
||||
) (builtins.attrNames pillar.hosts-inet6))
|
||||
);
|
||||
|
||||
config.site.sshPubKeys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOFs2LdK23ysS0SSkXZuULUOCZHe1ZxvfOKj002J6rkvAaDLar9g5aKuiIV70ZR33A2rchoLMiM4pLLwoSAPJg1FgIgJjU+DFoWtiW+IjzKXdHHVspb2iOIhpfbfk8WC5HZ/6fPz4RUqadGQ43ImnMhSN0ge3s/oM48hpc96ne6tH+mGiugdPx8097NE9yTqJHi8deBhi3daeJH4eQeg66Fi+kDIAZv5TJ0Oca5h7PBd253/vf3l21jRH8u1D1trALv9KStGycTk5Nwih+OHx+Rnvue/B/nxgAz4I3mmQa+jhRlGaQVG0MtOBRY3Ae7ZNqhjuefDUCM2hwG70toU9xDUw0AihC2ownY+P2PjssoG1O8f/D7ilw7qrXJHEeM8HwzqMH8X4ELYHaHTwjeWfZTTFev1Djr969LjdS1UZzqCZHO0jmQ5Pa3eXw8xcoprtt620kYLTKSMs6exLstE48o57Yqfn+eTJDy7EkcjiLN6GNIi42b9Z73xXNpZx1WR9O6OulJf/6pWgrApasvxiGmxxILq98s1/VnZkOFXR8JXnpvKHEIOIr3bFQu3GLCrzY2Yuh4NL5wy6lcZNTr/0rr6AO24IbEWM7TApbXnKA5XQhAbThrVsuFBdT3+bBP2nedvWQ0W+Q6SUf+8T2o5InnFqs5ABnTixBItiWw+9BiQ== root@server1"
|
||||
];
|
||||
}
|
|
@ -208,6 +208,14 @@ let
|
|||
default = [];
|
||||
description = "Do not NAT66 traffic from these public static subnets";
|
||||
};
|
||||
user = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
};
|
||||
password = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
|
||||
interfaceOpts = { name, ... }: {
|
||||
|
@ -503,6 +511,10 @@ in
|
|||
sshPubKeys = mkOption {
|
||||
type = with types; listOf str;
|
||||
};
|
||||
|
||||
dyndnsKey = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
|
||||
config.warnings =
|
||||
|
|
|
@ -1,13 +1,7 @@
|
|||
{ self, gpgKey, pkgs, openwrt }:
|
||||
{ self, pkgs, openwrt }:
|
||||
|
||||
rec {
|
||||
config = import ./config { inherit self pkgs gpgKey; };
|
||||
|
||||
saltPillarFor = import ./salt-support/salt-pillar.nix {
|
||||
inherit pkgs gpgKey;
|
||||
};
|
||||
|
||||
expandSaltTemplate = import ./salt-support/expand-template.nix { inherit pkgs; };
|
||||
config = (import ./config { inherit self pkgs; }).config;
|
||||
|
||||
netmasks = import ./netmasks.nix;
|
||||
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
{ pkgs ? import <nixpkgs> {}
|
||||
}:
|
||||
|
||||
name: template: data:
|
||||
let
|
||||
jsonFile =
|
||||
builtins.toFile "data.json" (builtins.toJSON data);
|
||||
j2custom =
|
||||
builtins.toFile "j2custom.py" ''
|
||||
def j2_environment(env):
|
||||
env.globals.update(
|
||||
zip=zip
|
||||
)
|
||||
return env
|
||||
'';
|
||||
in
|
||||
pkgs.runCommandLocal name {
|
||||
nativeBuildInputs = with pkgs; [
|
||||
pythonPackages.j2cli yaml2json
|
||||
];
|
||||
} ''
|
||||
j2 --customize ${j2custom} -f json ${template} ${jsonFile} > $out
|
||||
''
|
|
@ -1,47 +0,0 @@
|
|||
{ pkgs ? import <nixpkgs> {}
|
||||
, gpgKey
|
||||
}:
|
||||
|
||||
with pkgs.lib;
|
||||
let
|
||||
loadYaml = import ./load-yaml.nix { inherit pkgs; };
|
||||
|
||||
decryptMessage = x:
|
||||
if gpgKey == null
|
||||
then "encrypted"
|
||||
else
|
||||
builtins.readFile (
|
||||
pkgs.runCommandLocal "decrypted-salt-value" {
|
||||
nativeBuildInputs = [ pkgs.gnupg ];
|
||||
} ''
|
||||
export GNUPGHOME=$(mktemp -d)
|
||||
gpg --import ${gpgKey}
|
||||
gpg -d > $out << EOF
|
||||
${x}
|
||||
EOF
|
||||
''
|
||||
);
|
||||
|
||||
decrypt = x:
|
||||
if builtins.isString x
|
||||
then if builtins.substring 0 27 x == "-----BEGIN PGP MESSAGE-----"
|
||||
then decryptMessage x
|
||||
else x
|
||||
else if builtins.isList x
|
||||
then map decrypt x
|
||||
else if builtins.isAttrs x
|
||||
then builtins.mapAttrs (_: decrypt) x
|
||||
else x;
|
||||
|
||||
loadSls = files:
|
||||
decrypt (
|
||||
builtins.foldl' (result: filename:
|
||||
recursiveUpdate result (loadYaml filename)
|
||||
) {} files
|
||||
);
|
||||
in
|
||||
|
||||
files:
|
||||
if builtins.isList files
|
||||
then loadSls files
|
||||
else loadSls [ files ]
|
|
@ -1,17 +0,0 @@
|
|||
{ pkgs ? import <nixpkgs> {}
|
||||
}:
|
||||
|
||||
path:
|
||||
let
|
||||
json = pkgs.runCommandLocal "desalinated-${builtins.baseNameOf path}" {
|
||||
nativeBuildInputs = with pkgs; [
|
||||
pythonPackages.j2cli ruby yaml2json
|
||||
];
|
||||
} ''
|
||||
j2 ${path} > expanded.yaml
|
||||
yaml2json < expanded.yaml > $out
|
||||
'';
|
||||
in
|
||||
builtins.fromJSON (
|
||||
builtins.readFile json
|
||||
)
|
|
@ -1,66 +0,0 @@
|
|||
{ pkgs ? import <nixpkgs> {}
|
||||
, ...
|
||||
}@args:
|
||||
|
||||
hostName:
|
||||
|
||||
let
|
||||
loadSls = import ./load-sls.nix args;
|
||||
|
||||
pillarBase = (loadSls ../../../salt-pillar/top.sls).base;
|
||||
|
||||
globToRegex = builtins.replaceStrings ["*"] [".*"];
|
||||
|
||||
baseMatches =
|
||||
if hostName == "*"
|
||||
then
|
||||
builtins.attrNames pillarBase
|
||||
else
|
||||
builtins.filter (patterns:
|
||||
pkgs.lib.any (pattern:
|
||||
builtins.match (globToRegex pattern) hostName != null
|
||||
) (
|
||||
builtins.filter builtins.isString (
|
||||
builtins.split " or " patterns
|
||||
)
|
||||
)
|
||||
) (builtins.attrNames pillarBase);
|
||||
|
||||
fileIds = builtins.foldl' (result: matchName:
|
||||
result ++ pillarBase.${matchName}
|
||||
) [] baseMatches;
|
||||
|
||||
allFilePaths = pkgs.lib.filesystem.listFilesRecursive ../../../salt-pillar;
|
||||
|
||||
files = map (fileId:
|
||||
let
|
||||
parts = builtins.filter builtins.isString (
|
||||
builtins.split "\\." fileId
|
||||
);
|
||||
matches = builtins.filter (filePath:
|
||||
let
|
||||
suffix1 = builtins.concatStringsSep "/" (parts ++ [ "init.sls" ]);
|
||||
suffix2 = (builtins.concatStringsSep "/" parts) + ".sls";
|
||||
check = suffix:
|
||||
endsWith suffix (builtins.toString filePath);
|
||||
in
|
||||
check suffix1 || check suffix2
|
||||
) allFilePaths;
|
||||
matchesLength = builtins.length matches;
|
||||
in
|
||||
if matchesLength == 0
|
||||
then throw "No pillar file for ${fileId}"
|
||||
else if matchesLength > 1
|
||||
then throw "Ambiguous choice of files for ${fileId}"
|
||||
else builtins.head matches
|
||||
) fileIds;
|
||||
|
||||
endsWith = suffix: s:
|
||||
let
|
||||
suffixLen = builtins.stringLength suffix;
|
||||
sLen = builtins.stringLength s;
|
||||
in
|
||||
builtins.substring (sLen - suffixLen) suffixLen s == suffix;
|
||||
|
||||
in
|
||||
loadSls files
|
|
@ -24,7 +24,7 @@ in
|
|||
ddns-update-style standard;
|
||||
key dyndns {
|
||||
algorithm hmac-sha256;
|
||||
secret ${inputs.zentralwerk-network-key.lib.dyndnsKey};
|
||||
secret ${config.site.dyndnsKey};
|
||||
};
|
||||
zone ${domainName}. {
|
||||
primary ${config.site.net.serv.hosts4.dns};
|
||||
|
|
|
@ -122,7 +122,7 @@ in
|
|||
extraConfig = ''
|
||||
key "dyndns" {
|
||||
algorithm hmac-sha256;
|
||||
secret "${inputs.zentralwerk-network-key.lib.dyndnsKey}";
|
||||
secret "${config.site.dyndnsKey}";
|
||||
};
|
||||
'';
|
||||
extraOptions = ''
|
||||
|
@ -159,7 +159,7 @@ in
|
|||
path = [ pkgs.dnsutils ];
|
||||
script = ''
|
||||
${lib.concatMapStrings (zone: ''
|
||||
nsupdate -y "hmac-sha256:dyndns:${inputs.zentralwerk-network-key.lib.dyndnsKey}" <<EOF
|
||||
nsupdate -y "hmac-sha256:dyndns:${config.site.dyndnsKey}" <<EOF
|
||||
server localhost
|
||||
|
||||
${lib.concatMapStringsSep "\n" ({ name, type, data }: ''
|
||||
|
|
|
@ -7,8 +7,6 @@ let
|
|||
lib.filterAttrs (_: { type, ... }: type == "pppoe")
|
||||
hostConf.interfaces;
|
||||
|
||||
inherit (inputs.zentralwerk-network-key.lib.pppoe.${hostName}) user password;
|
||||
|
||||
in lib.mkIf (pppoeInterfaces != {}) {
|
||||
boot.postBootCommands = ''
|
||||
if [ ! -c /dev/ppp ]; then
|
||||
|
@ -16,12 +14,15 @@ in lib.mkIf (pppoeInterfaces != {}) {
|
|||
fi
|
||||
'';
|
||||
|
||||
environment.etc."ppp/pap-secrets".text = ''
|
||||
environment.etc."ppp/pap-secrets".text = lib.concatMapStrings (ifName:
|
||||
let
|
||||
inherit (pppoeInterfaces.${ifName}) user password;
|
||||
in ''
|
||||
"${user}" * "${password}"
|
||||
'';
|
||||
'') (builtins.attrNames pppoeInterfaces);
|
||||
services.pppd = {
|
||||
enable = true;
|
||||
peers = builtins.mapAttrs (ifName: { upstream, ... }: {
|
||||
peers = builtins.mapAttrs (ifName: { upstream, user, ... }: {
|
||||
enable = true;
|
||||
autostart = true;
|
||||
config = ''
|
||||
|
@ -48,7 +49,6 @@ in lib.mkIf (pppoeInterfaces != {}) {
|
|||
default-asyncmap
|
||||
mtu 1492
|
||||
# IP settings.
|
||||
#noipdefault
|
||||
defaultroute
|
||||
+ipv6
|
||||
defaultroute6
|
||||
|
|
|
@ -12,18 +12,33 @@ let
|
|||
nixpkgs.lib.generators.toPretty {} config
|
||||
);
|
||||
|
||||
salt-pillar-file = hostName: builtins.toFile "${hostName}.yaml" (
|
||||
nixpkgs.lib.generators.toPretty {} (self.lib.saltPillarFor hostName)
|
||||
);
|
||||
salt-pillars = builtins.foldl' (result: hostName: result // {
|
||||
"${hostName}-pillar" = pkgs.runCommandLocal "${hostName}-pillar.nix" {} ''
|
||||
cp ${salt-pillar-file hostName} $out
|
||||
encrypt-secrets = pkgs.writeScriptBin "encrypt-secrets" ''
|
||||
#! ${pkgs.runtimeShell} -e
|
||||
|
||||
cd config
|
||||
exec ${pkgs.gnupg}/bin/gpg --armor --batch --trust-model always \
|
||||
--encrypt -r 1F0F221A7483B5EF5D103D8B32EBADE870BAF886 \
|
||||
< secrets-production.nix \
|
||||
> secrets-production.nix.gpg
|
||||
'';
|
||||
decrypt-secrets = pkgs.writeScriptBin "decrypt-secrets" ''
|
||||
#! ${pkgs.runtimeShell} -e
|
||||
|
||||
cd config
|
||||
[ -e secrets-production.nix ] && \
|
||||
mv secrets-production.nix secrets-production.nix.old
|
||||
exec ${pkgs.gnupg}/bin/gpg -d \
|
||||
> secrets-production.nix \
|
||||
< secrets-production.nix.gpg
|
||||
'';
|
||||
switch-to-production = pkgs.writeScriptBin "decrypt-secrets" ''
|
||||
#! ${pkgs.runtimeShell} -e
|
||||
|
||||
${decrypt-secrets}
|
||||
|
||||
cd config
|
||||
cp secrets-production.nix secrets.nix
|
||||
'';
|
||||
}) {} (
|
||||
builtins.filter (hostName:
|
||||
builtins.elem config.site.hosts.${hostName}.role [ "server" "container" ]
|
||||
) (builtins.attrNames config.site.hosts)
|
||||
);
|
||||
|
||||
network-graphs = import ./network-graphs.nix { inherit config pkgs; };
|
||||
|
||||
|
@ -65,6 +80,7 @@ let
|
|||
inherit pkgs;
|
||||
};
|
||||
in
|
||||
salt-pillars // rootfs-packages // vm-packages // device-templates // network-graphs // starlink // {
|
||||
inherit export-openwrt-models export-config dns-slaves;
|
||||
rootfs-packages // vm-packages // device-templates // network-graphs // starlink // {
|
||||
inherit export-openwrt-models export-config dns-slaves
|
||||
encrypt-secrets decrypt-secrets switch-to-production;
|
||||
}
|
||||
|
|
|
@ -1,38 +0,0 @@
|
|||
bind:
|
||||
root-domain:
|
||||
dn42: zentralwerk.dn42
|
||||
up1: zentralwerk.org
|
||||
master-ns:
|
||||
dn42: dns.serv.zentralwerk.dn42
|
||||
up1: dns.serv.zentralwerk.org
|
||||
public-ns:
|
||||
dn42:
|
||||
- dns.serv.zentralwerk.dn42
|
||||
up1:
|
||||
- ns.c3d2.de
|
||||
slaves:
|
||||
# ns.c3d2.de
|
||||
- 217.197.84.53
|
||||
- 2001:67c:1400:2240::a
|
||||
# dns.spaceboyz.net
|
||||
- 172.22.24.4
|
||||
- 2a01:4f9:4b:39ec::4
|
||||
serial: 2021031200
|
||||
|
||||
reverse-zones-inet:
|
||||
- 72.20.172.in-addr.arpa
|
||||
- 73.20.172.in-addr.arpa
|
||||
- 74.20.172.in-addr.arpa
|
||||
- 75.20.172.in-addr.arpa
|
||||
- 76.20.172.in-addr.arpa
|
||||
- 77.20.172.in-addr.arpa
|
||||
- 78.20.172.in-addr.arpa
|
||||
- 79.20.172.in-addr.arpa
|
||||
|
||||
reverse-zones-inet6:
|
||||
dn42:
|
||||
- 8.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
|
||||
- c.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
|
||||
up1:
|
||||
- 8.2.5.8.0.2.0.6.0.1.8.2.0.a.2.ip6.arpa
|
||||
- c.2.5.8.0.2.0.6.0.1.8.2.0.a.2.ip6.arpa
|
|
@ -1,18 +0,0 @@
|
|||
#!yaml|gpg
|
||||
dyndns:
|
||||
anon1:
|
||||
interface: ipredator
|
||||
secret: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQgAjh9ugkiUCwnXHHJP7mJqmjnS6shfTXMqPYeR1KTwIWvC
|
||||
xOSxQBvD/WYOg/p6Jai+dB5TAvI0l1G4oaaii3OoKot0flJPzWR5IgBHJBmDEuii
|
||||
/pinHD4JpNTDPb2OBE/UXZjyJ4XGCwh8yVaOr5LmRPuB/DMfxk6FpPpDps6n5ioT
|
||||
i9RkvgZTtyk8nyb3Q+Gg051vXKYOHiZbOtu08GRMDqBjkBwWAaVCWc/ts4Gs0SjG
|
||||
GgxWR6VWhMSWIbuJmFY5Bix6rRuI6cVY48Xg+/aQXxrSMjI3SKjpeJ0Otn7Hi1Fh
|
||||
vK6mIZtyESsNt3qHd65GPWJ0PPLiOg6M0peC9rfJgdJnAYq2n/f89jfraVTK3gYL
|
||||
ch7EWeGAJbqf7srcDqjL/kHVSVrLlh3GSpFZsyD3hOeGMWrkQnnVrMBLo2oAoQSp
|
||||
bVh+AjIkctnwHJSDS6FsijrQJicLVu/tG/Sg9PqELvWzMf+LvRL49Q==
|
||||
=zrkj
|
||||
-----END PGP MESSAGE-----
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
#!yaml|gpg
|
||||
dyndns:
|
||||
upstream1:
|
||||
interface: up1
|
||||
secret: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQgAlT62OyjlGRcQ8/RivPsFfJfVSoNhGFFbSm+1yfA7Efav
|
||||
d/ELCj86zXTvYoa4S8jEvd6iqsKOukINlCkYHR3p5Qs31bsSh/B+0B09fksp7d4O
|
||||
NCE4VVInZe9HY7DpSFEsu44gbit2MJKhhbtozkyEwn3dGaXHmGEWqS1V20fLFeUA
|
||||
r1ZwqyI6nFHT28thugt36r6/ZblkeZDqH77JuR/AnIsCFtykErZsiTQiiuiiOrvU
|
||||
/m0kTz0jHBVSRuil3+4uibOWf2eDPuLukD2RXszGnaaq066vlRVyTKTchVjBnqDs
|
||||
tNYls0rmr6UOOQid7N0BcCjYKKkoF6AVb3R1eA1yG9JnAeSx1KAmIrzfYLJ/eRkw
|
||||
CPXogzxlMQt1i4fNRVUPWX+V9SHsbw/bp0CgaI1FJsfnVL4+BZejxTpGvybuKR+O
|
||||
ejuUPineVymhVULbK2bbUGhpn0aaaKmV4CmZusueHg2W2lpJS0UozQ==
|
||||
=krxI
|
||||
-----END PGP MESSAGE-----
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
#!yaml|gpg
|
||||
dyndns:
|
||||
upstream2:
|
||||
interface: up2
|
||||
secret: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf/dsFJZ7Ud81pppjYXlOAEe1Zz+VqFaR+8kjzTE1uSxqNF
|
||||
cI3asqGG1ltqY4CNJ0Sw6dzFKgCvBMxY2PlAKi2W/d4VXW+Eq3fuLA9g8AZ3FHxL
|
||||
8LgBaxoIuue8lI3FpQk3rbkhnELbwTp8A6Y0TCqexDp7NyieaHdsFkkg9lJn268B
|
||||
RsIsg2n3ZlpPw6PgQ1qz0hqTlSIi/FyVTX0JLQ7GIpiPZPPsEtT0A62adkla0x4+
|
||||
fkrqPBC3jD5ICz/mytkmwWilmkZHO+VXF7juAmwLnmp69w1yhsohVK1mecme60Rt
|
||||
w6i6cVhvg/EaQnqhKxusLi3DnroaVTwU9wvw3aBiN9JnATYs/Y9LotYP3/4tiPO1
|
||||
c45aNN6Oz/s7RwjTjiZv0LqnoXVLYPF2a0xok5eIklwp2f/wp7jh/SelJCZHY7H4
|
||||
dx2TiwNW89qYfN4GNmfie+LgJDqs9DEZPBDDwjYBIPDMsh7kZiTo5A==
|
||||
=pVXt
|
||||
-----END PGP MESSAGE-----
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
ospf:
|
||||
stubnets-inet:
|
||||
- 172.20.0.0/14
|
||||
- 10.0.0.0/8
|
||||
stubnets-inet6:
|
||||
- fd00::/8
|
||||
- 2a02:8106:208:5200::/56
|
||||
- 2a02:8106:211:e900::/56
|
||||
|
||||
bgp:
|
||||
asn: 4242421127
|
||||
|
||||
peers-inet:
|
||||
# dn42.hq.c3d2.de
|
||||
'172.22.99.253':
|
||||
asn: 64699
|
||||
|
||||
peers-inet6:
|
||||
# dn42.hq.c3d2.de
|
||||
'fe80::a800:42ff:fe7a:3246%c3d2':
|
||||
asn: 64699
|
|
@ -1,15 +0,0 @@
|
|||
#!yaml|gpg
|
||||
ospf:
|
||||
secret: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf/UzB2wsDsIfUEIEx20IehQbTkw5A9gCYnuW09lvkzxlgY
|
||||
IHDh8arul9ED7GFdVBja5cZVCs/dzqG0j+uP8zAwMjBLvvS6AopFnVdZnM0ANLth
|
||||
WCam9LxN+pxweD5DugODYzHZq2I3ktDqUAXwG0ORT4RyrM3kqP1hmWq9pP37breA
|
||||
QabQG4BF6hCx09P2MN/Wvy//9RNwNWlMsM2UAvsau+t35y3UEr/UbMNYYYPXKt2l
|
||||
fcQntwl2VEDin9XbrskBxQzACvn0rthUZwJ8n1oB8m3f7uGw6kIEf3eZ0eSQHafm
|
||||
8MwVeLqsw0ZDIww2Oi4+RWLrFPa8bwJO1U2C6k/8qNJLAelPUBWkCetDoRlf1xEh
|
||||
Umyi2PS5RIeUU49CoAMbrIsjUsQTBjYwTdiGCvH0RL5NIgWWaxoO3913AliIDUBh
|
||||
bQaDO9GE1xb//lO+
|
||||
=4yPK
|
||||
-----END PGP MESSAGE-----
|
|
@ -1,33 +0,0 @@
|
|||
radv:
|
||||
pub-gw:
|
||||
pub:
|
||||
rdnss:
|
||||
- dnscache.serv
|
||||
dnssl:
|
||||
- pub.zentralwerk.org
|
||||
serv-gw:
|
||||
serv:
|
||||
rdnss:
|
||||
- dnscache.serv
|
||||
dnssl:
|
||||
- serv.zentralwerk.org
|
||||
cls-gw:
|
||||
serv:
|
||||
rdnss:
|
||||
- dnscache.serv
|
||||
dnssl:
|
||||
- cluster.zentralwerk.org
|
||||
c3d2-gw1:
|
||||
c3d2:
|
||||
rdnss:
|
||||
- dnscache.serv
|
||||
dnssl:
|
||||
- hq.c3d2.de
|
||||
{%- for i in range(1, 62) %}
|
||||
priv{{ i }}-gw:
|
||||
priv{{ i }}:
|
||||
rdnss:
|
||||
- dnscache.serv
|
||||
dnssl:
|
||||
- priv{{ i }}.zentralwerk.org
|
||||
{%- endfor %}
|
|
@ -1,5 +0,0 @@
|
|||
collectd:
|
||||
network: client
|
||||
interface: True
|
||||
conntrack: True
|
||||
dhcpcount: True
|
|
@ -1,14 +0,0 @@
|
|||
collectd:
|
||||
network: client
|
||||
irq: True
|
||||
cpu: True
|
||||
load: True
|
||||
memory: True
|
||||
swap: True
|
||||
entropy: True
|
||||
disk: True
|
||||
df: True
|
||||
processes: True
|
||||
hddtemp: True
|
||||
sensors: True
|
||||
thermal: True
|
|
@ -1,8 +0,0 @@
|
|||
collectd:
|
||||
network: server
|
||||
disk: True
|
||||
df: True
|
||||
rrdtool:
|
||||
DataDir: "/var/lib/collectd/rrd"
|
||||
CacheTimeout: 300
|
||||
CacheFlush: 600
|
|
@ -1,8 +0,0 @@
|
|||
collectd:
|
||||
network: client
|
||||
interface: True
|
||||
ping:
|
||||
- google.de
|
||||
- 8.8.8.8
|
||||
- www.vodafone.de
|
||||
conntrack: True
|
File diff suppressed because it is too large
Load Diff
|
@ -1,525 +0,0 @@
|
|||
dhcp:
|
||||
pub:
|
||||
start: 172.20.78.2
|
||||
end: 172.20.79.254
|
||||
time: 300
|
||||
max-time: 3600
|
||||
lower-max-time: 50
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: pub-gw.pub
|
||||
string-opts:
|
||||
domain-name: pub.zentralwerk.org
|
||||
|
||||
priv1:
|
||||
start: 172.20.74.2
|
||||
end: 172.20.74.14
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv1-gw.priv1
|
||||
string-opts:
|
||||
domain-name: priv1.zentralwerk.org
|
||||
|
||||
priv2:
|
||||
start: 172.20.75.2
|
||||
end: 172.20.75.31
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv2-gw.priv2
|
||||
string-opts:
|
||||
domain-name: priv2.zentralwerk.org
|
||||
fixed-hosts:
|
||||
172.20.75.7: 60:33:4b:0b:cd:fc
|
||||
172.20.75.9: 00:11:32:22:95:79
|
||||
|
||||
priv3:
|
||||
start: 172.20.74.130
|
||||
end: 172.20.74.142
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv3-gw.priv3
|
||||
string-opts:
|
||||
domain-name: priv3.zentralwerk.org
|
||||
|
||||
priv4:
|
||||
start: 172.20.75.130
|
||||
end: 172.20.75.142
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv4-gw.priv4
|
||||
string-opts:
|
||||
domain-name: priv4.zentralwerk.org
|
||||
|
||||
priv5:
|
||||
start: 172.20.74.66
|
||||
end: 172.20.74.78
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv5-gw.priv5
|
||||
string-opts:
|
||||
domain-name: priv5.zentralwerk.org
|
||||
|
||||
priv6:
|
||||
start: 172.20.74.194
|
||||
end: 172.20.74.206
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv6-gw.priv6
|
||||
string-opts:
|
||||
domain-name: priv6.zentralwerk.org
|
||||
|
||||
priv7:
|
||||
start: 172.20.75.66
|
||||
end: 172.20.75.78
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv7-gw.priv7
|
||||
string-opts:
|
||||
domain-name: priv7.zentralwerk.org
|
||||
|
||||
priv8:
|
||||
start: 172.20.75.194
|
||||
end: 172.20.75.206
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv8-gw.priv8
|
||||
string-opts:
|
||||
domain-name: priv8.zentralwerk.org
|
||||
|
||||
priv9:
|
||||
start: 172.20.74.34
|
||||
end: 172.20.74.46
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv9-gw.priv9
|
||||
string-opts:
|
||||
domain-name: priv9.zentralwerk.org
|
||||
|
||||
priv10:
|
||||
start: 172.20.74.98
|
||||
end: 172.20.74.110
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv10-gw.priv10
|
||||
string-opts:
|
||||
domain-name: priv10.zentralwerk.org
|
||||
|
||||
priv11:
|
||||
start: 172.20.74.162
|
||||
end: 172.20.74.174
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv11-gw.priv11
|
||||
string-opts:
|
||||
domain-name: priv11.zentralwerk.org
|
||||
|
||||
priv12:
|
||||
start: 172.20.74.226
|
||||
end: 172.20.74.238
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv12-gw.priv12
|
||||
string-opts:
|
||||
domain-name: priv12.zentralwerk.org
|
||||
|
||||
priv13:
|
||||
start: 172.20.75.34
|
||||
end: 172.20.75.46
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv13-gw.priv13
|
||||
string-opts:
|
||||
domain-name: priv13.zentralwerk.org
|
||||
|
||||
priv14:
|
||||
start: 172.20.75.98
|
||||
end: 172.20.75.110
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv14-gw.priv14
|
||||
string-opts:
|
||||
domain-name: priv14.zentralwerk.org
|
||||
|
||||
priv15:
|
||||
start: 172.20.75.162
|
||||
end: 172.20.75.174
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv15-gw.priv15
|
||||
string-opts:
|
||||
domain-name: priv15.zentralwerk.org
|
||||
|
||||
priv16:
|
||||
start: 172.20.75.226
|
||||
end: 172.20.75.238
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv16-gw.priv16
|
||||
string-opts:
|
||||
domain-name: priv16.zentralwerk.org
|
||||
|
||||
priv17:
|
||||
start: 172.20.73.131
|
||||
end: 172.20.73.158
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv17-gw.priv17
|
||||
string-opts:
|
||||
domain-name: priv17.zentralwerk.org
|
||||
|
||||
priv18:
|
||||
start: 172.20.74.50
|
||||
end: 172.20.74.62
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv18-gw.priv18
|
||||
string-opts:
|
||||
domain-name: priv18.zentralwerk.org
|
||||
|
||||
priv19:
|
||||
start: 172.20.73.194
|
||||
end: 172.20.73.254
|
||||
time: 120
|
||||
# 30 days
|
||||
max-time: 2592000
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv19-gw.priv19
|
||||
string-opts:
|
||||
domain-name: priv19.zentralwerk.org
|
||||
|
||||
priv20:
|
||||
start: 172.20.74.114
|
||||
end: 172.20.74.126
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv20-gw.priv20
|
||||
string-opts:
|
||||
domain-name: priv20.zentralwerk.org
|
||||
|
||||
priv21:
|
||||
start: 172.20.74.146
|
||||
end: 172.20.74.158
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv21-gw.priv21
|
||||
string-opts:
|
||||
domain-name: priv21.zentralwerk.org
|
||||
|
||||
priv22:
|
||||
start: 172.20.74.178
|
||||
end: 172.20.74.190
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv22-gw.priv22
|
||||
string-opts:
|
||||
domain-name: priv22.zentralwerk.org
|
||||
|
||||
priv23:
|
||||
start: 172.20.73.165
|
||||
end: 172.20.73.190
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv23-gw.priv23
|
||||
string-opts:
|
||||
domain-name: priv23.zentralwerk.org
|
||||
fixed-hosts:
|
||||
172.20.73.162: da:2c:3a:2c:87:22
|
||||
172.20.73.163: ca:9f:27:b2:bf:6d
|
||||
172.20.73.164: 60:01:94:6f:81:a6
|
||||
|
||||
priv24:
|
||||
start: 172.20.74.242
|
||||
end: 172.20.74.254
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv24-gw.priv24
|
||||
string-opts:
|
||||
domain-name: priv24.zentralwerk.org
|
||||
|
||||
priv25:
|
||||
start: 172.20.74.82
|
||||
end: 172.20.74.94
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv25-gw.priv25
|
||||
string-opts:
|
||||
domain-name: priv25.zentralwerk.org
|
||||
|
||||
priv26:
|
||||
start: 172.20.75.50
|
||||
end: 172.20.75.62
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv26-gw.priv26
|
||||
string-opts:
|
||||
domain-name: priv26.zentralwerk.org
|
||||
|
||||
priv27:
|
||||
start: 172.20.75.82
|
||||
end: 172.20.75.94
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv27-gw.priv27
|
||||
string-opts:
|
||||
domain-name: priv27.zentralwerk.org
|
||||
|
||||
priv28:
|
||||
start: 172.20.75.114
|
||||
end: 172.20.75.126
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv28-gw.priv28
|
||||
string-opts:
|
||||
domain-name: priv28.zentralwerk.org
|
||||
|
||||
priv29:
|
||||
start: 172.20.75.146
|
||||
end: 172.20.75.158
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv29-gw.priv29
|
||||
string-opts:
|
||||
domain-name: priv29.zentralwerk.org
|
||||
|
||||
priv30:
|
||||
start: 172.20.75.178
|
||||
end: 172.20.75.190
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv30-gw.priv30
|
||||
string-opts:
|
||||
domain-name: priv30.zentralwerk.org
|
||||
|
||||
priv31:
|
||||
start: 172.20.75.210
|
||||
end: 172.20.75.222
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv31-gw.priv31
|
||||
string-opts:
|
||||
domain-name: priv31.zentralwerk.org
|
||||
|
||||
priv32:
|
||||
start: 172.20.75.242
|
||||
end: 172.20.75.254
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv32-gw.priv32
|
||||
string-opts:
|
||||
domain-name: priv32.zentralwerk.org
|
||||
|
||||
priv33:
|
||||
start: 172.20.74.18
|
||||
end: 172.20.74.30
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv33-gw.priv33
|
||||
string-opts:
|
||||
domain-name: priv33.zentralwerk.org
|
||||
|
||||
priv34:
|
||||
start: 172.20.74.210
|
||||
end: 172.20.74.222
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv34-gw.priv34
|
||||
string-opts:
|
||||
domain-name: priv34.zentralwerk.org
|
||||
|
||||
priv35:
|
||||
start: 172.20.76.2
|
||||
end: 172.20.76.14
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv35-gw.priv35
|
||||
string-opts:
|
||||
domain-name: priv35.zentralwerk.org
|
||||
|
||||
priv36:
|
||||
start: 172.20.76.66
|
||||
end: 172.20.76.78
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv36-gw.priv36
|
||||
string-opts:
|
||||
domain-name: priv36.zentralwerk.org
|
||||
|
||||
priv37:
|
||||
start: 172.20.76.130
|
||||
end: 172.20.76.142
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv37-gw.priv37
|
||||
string-opts:
|
||||
domain-name: priv37.zentralwerk.org
|
||||
|
||||
priv38:
|
||||
start: 172.20.76.194
|
||||
end: 172.20.76.206
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv38-gw.priv38
|
||||
string-opts:
|
||||
domain-name: priv38.zentralwerk.org
|
||||
|
||||
priv39:
|
||||
start: 172.20.77.130
|
||||
end: 172.20.77.142
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv39-gw.priv39
|
||||
string-opts:
|
||||
domain-name: priv39.zentralwerk.org
|
||||
|
||||
priv40:
|
||||
start: 172.20.77.66
|
||||
end: 172.20.77.78
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv40-gw.priv40
|
||||
string-opts:
|
||||
domain-name: priv40.zentralwerk.org
|
||||
|
||||
priv41:
|
||||
start: 172.20.77.194
|
||||
end: 172.20.77.206
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv41-gw.priv41
|
||||
string-opts:
|
||||
domain-name: priv41.zentralwerk.org
|
||||
|
||||
priv42:
|
||||
start: 172.20.76.34
|
||||
end: 172.20.76.46
|
||||
time: 120
|
||||
max-time: 86400
|
||||
opts:
|
||||
domain-name-servers: "172.20.73.8, 9.9.9.9"
|
||||
host-opts:
|
||||
routers: priv42-gw.priv42
|
||||
string-opts:
|
||||
domain-name: priv42.zentralwerk.org
|
|
@ -1,785 +0,0 @@
|
|||
hosts-inet:
|
||||
mgmt:
|
||||
server1: 10.0.0.1
|
||||
server2: 10.0.0.2
|
||||
server3: 10.0.0.3
|
||||
server4: 10.0.0.4
|
||||
server5: 10.0.0.5
|
||||
server6: 10.0.0.6
|
||||
server7: 10.0.0.7
|
||||
server8: 10.0.0.8
|
||||
server9: 10.0.0.9
|
||||
switch-b1: 10.0.0.10
|
||||
switch-b2: 10.0.0.11
|
||||
switch-c1: 10.0.0.12
|
||||
switch-d1: 10.0.0.13
|
||||
switch-c3d2-main: 10.0.0.14
|
||||
switch-a1: 10.0.0.15
|
||||
switch-a1-cpe: 10.0.0.16
|
||||
switch-dach: 10.0.0.17
|
||||
ap1: 10.0.0.41
|
||||
ap2: 10.0.0.42
|
||||
ap3: 10.0.0.43
|
||||
ap4: 10.0.0.44
|
||||
ap5: 10.0.0.45
|
||||
ap6: 10.0.0.46
|
||||
ap7: 10.0.0.47
|
||||
ap8: 10.0.0.48
|
||||
ap9: 10.0.0.49
|
||||
ap10: 10.0.0.50
|
||||
ap11: 10.0.0.51
|
||||
ap12: 10.0.0.52
|
||||
ap13: 10.0.0.53
|
||||
ap14: 10.0.0.54
|
||||
ap15: 10.0.0.55
|
||||
ap16: 10.0.0.56
|
||||
ap17: 10.0.0.57
|
||||
ap18: 10.0.0.58
|
||||
ap19: 10.0.0.59
|
||||
ap20: 10.0.0.60
|
||||
ap21: 10.0.0.61
|
||||
ap22: 10.0.0.62
|
||||
ap23: 10.0.0.63
|
||||
ap24: 10.0.0.64
|
||||
ap25: 10.0.0.65
|
||||
ap26: 10.0.0.66
|
||||
ap27: 10.0.0.67
|
||||
ap28: 10.0.0.68
|
||||
ap29: 10.0.0.69
|
||||
ap30: 10.0.0.70
|
||||
ap31: 10.0.0.71
|
||||
ap32: 10.0.0.72
|
||||
ap33: 10.0.0.73
|
||||
ap34: 10.0.0.74
|
||||
ap35: 10.0.0.75
|
||||
ap36: 10.0.0.76
|
||||
ap37: 10.0.0.77
|
||||
ap38: 10.0.0.78
|
||||
ap39: 10.0.0.79
|
||||
ap40: 10.0.0.80
|
||||
ap41: 10.0.0.81
|
||||
ap42: 10.0.0.82
|
||||
ap43: 10.0.0.83
|
||||
ap44: 10.0.0.84
|
||||
ap45: 10.0.0.85
|
||||
ap46: 10.0.0.86
|
||||
ap47: 10.0.0.87
|
||||
ap48: 10.0.0.88
|
||||
ap49: 10.0.0.89
|
||||
ap50: 10.0.0.90
|
||||
ap51: 10.0.0.91
|
||||
ap52: 10.0.0.92
|
||||
ap53: 10.0.0.93
|
||||
ap54: 10.0.0.94
|
||||
ap55: 10.0.0.95
|
||||
ap56: 10.0.0.96
|
||||
ap57: 10.0.0.97
|
||||
ap58: 10.0.0.98
|
||||
ap59: 10.0.0.99
|
||||
ap60: 10.0.0.100
|
||||
ap61: 10.0.0.101
|
||||
ap62: 10.0.0.102
|
||||
ap63: 10.0.0.103
|
||||
ap64: 10.0.0.104
|
||||
server1-ipmi: 10.0.0.201
|
||||
server2-ipmi: 10.0.0.202
|
||||
server3-ipmi: 10.0.0.203
|
||||
server4-ipmi: 10.0.0.204
|
||||
server5-ipmi: 10.0.0.205
|
||||
server6-ipmi: 10.0.0.206
|
||||
server7-ipmi: 10.0.0.207
|
||||
server8-ipmi: 10.0.0.208
|
||||
server9-ipmi: 10.0.0.209
|
||||
monit: 10.0.0.250
|
||||
logging: 10.0.0.251
|
||||
mgmt-gw: 10.0.0.254
|
||||
|
||||
core:
|
||||
server3: 172.20.72.53
|
||||
server4: 172.20.72.54
|
||||
server5: 172.20.72.55
|
||||
server6: 172.20.72.56
|
||||
server7: 172.20.72.57
|
||||
server8: 172.20.72.58
|
||||
server9: 172.20.72.59
|
||||
serv-gw: 172.20.72.2
|
||||
pub-gw: 172.20.72.3
|
||||
priv1-gw: 172.20.72.4
|
||||
priv2-gw: 172.20.72.5
|
||||
upstream1: 172.20.72.6
|
||||
anon1: 172.20.72.7
|
||||
c3d2-gw1: 172.20.72.8
|
||||
c3d2-anon: 172.20.72.9
|
||||
upstream2: 172.20.72.10
|
||||
upstream3: 172.20.72.11
|
||||
upstream4: 172.20.72.12
|
||||
priv3-gw: 172.20.72.13
|
||||
priv4-gw: 172.20.72.14
|
||||
priv5-gw: 172.20.72.15
|
||||
priv6-gw: 172.20.72.16
|
||||
priv7-gw: 172.20.72.17
|
||||
priv8-gw: 172.20.72.18
|
||||
priv9-gw: 172.20.72.19
|
||||
priv10-gw: 172.20.72.20
|
||||
priv11-gw: 172.20.72.21
|
||||
priv12-gw: 172.20.72.22
|
||||
priv13-gw: 172.20.72.23
|
||||
priv14-gw: 172.20.72.24
|
||||
priv15-gw: 172.20.72.25
|
||||
priv16-gw: 172.20.72.26
|
||||
bgp: 172.20.72.27
|
||||
mgmt-gw: 172.20.72.28
|
||||
cls-gw: 172.20.72.29
|
||||
priv17-gw: 172.20.72.30
|
||||
priv18-gw: 172.20.72.31
|
||||
priv19-gw: 172.20.72.32
|
||||
priv20-gw: 172.20.72.33
|
||||
priv21-gw: 172.20.72.34
|
||||
priv22-gw: 172.20.72.35
|
||||
priv23-gw: 172.20.72.36
|
||||
priv24-gw: 172.20.72.37
|
||||
priv25-gw: 172.20.72.38
|
||||
priv26-gw: 172.20.72.39
|
||||
freifunk: 172.20.72.40
|
||||
priv27-gw: 172.20.72.41
|
||||
priv28-gw: 172.20.72.42
|
||||
priv29-gw: 172.20.72.43
|
||||
priv30-gw: 172.20.72.44
|
||||
priv31-gw: 172.20.72.45
|
||||
priv32-gw: 172.20.72.46
|
||||
priv33-gw: 172.20.72.47
|
||||
priv34-gw: 172.20.72.48
|
||||
priv35-gw: 172.20.72.49
|
||||
priv36-gw: 172.20.72.50
|
||||
priv37-gw: 172.20.72.51
|
||||
priv38-gw: 172.20.72.52
|
||||
priv39-gw: 172.20.72.60
|
||||
priv40-gw: 172.20.72.61
|
||||
yggdrasil: 172.20.72.62
|
||||
c3d2-gw2: 172.20.72.63
|
||||
c3d2-gw3: 172.20.72.64
|
||||
priv41-gw: 172.20.72.65
|
||||
priv17-gw-up3: 172.20.72.66
|
||||
priv42-gw: 172.20.72.67
|
||||
|
||||
pub:
|
||||
pub-gw: 172.20.78.1
|
||||
serv:
|
||||
serv-gw: 172.20.73.1
|
||||
dns: 172.20.73.2
|
||||
stats: 172.20.73.3
|
||||
radius: 172.20.73.4
|
||||
zeit: 172.20.73.5
|
||||
ntp: 172.20.73.5
|
||||
minecraft: 172.20.73.6
|
||||
used1: 172.20.73.7
|
||||
dnscache: 172.20.73.8
|
||||
used2: 172.20.73.9
|
||||
used3: 172.20.73.10
|
||||
used4: 172.20.73.11
|
||||
used5: 172.20.73.12
|
||||
logging: 172.20.73.13
|
||||
used6: 172.20.73.14
|
||||
c3d2-web: 172.20.73.15
|
||||
deployer: 172.20.73.16
|
||||
used7: 172.20.73.17
|
||||
used8: 172.20.73.18
|
||||
used9: 172.20.73.19
|
||||
ipa: 172.20.73.20
|
||||
matemat: 172.20.73.21
|
||||
used10: 172.20.73.22
|
||||
used11: 172.20.73.23
|
||||
used12: 172.20.73.24
|
||||
spaceapi: 172.20.73.25
|
||||
used13: 172.20.73.26
|
||||
mucbot: 172.20.73.27
|
||||
used14: 172.20.73.28
|
||||
used15: 172.20.73.29
|
||||
used16: 172.20.73.30
|
||||
used17: 172.20.73.31
|
||||
scrape: 172.20.73.32
|
||||
used18: 172.20.73.32
|
||||
used19: 172.20.73.33
|
||||
used20: 172.20.73.34
|
||||
used21: 172.20.73.35
|
||||
used22: 172.20.73.36
|
||||
used23: 172.20.73.37
|
||||
used24: 172.20.73.38
|
||||
used25: 172.20.73.39
|
||||
used26: 172.20.73.40
|
||||
grafana: 172.20.73.43
|
||||
kibana: 172.20.73.44
|
||||
public-access-proxy: 172.20.73.45
|
||||
marenz: 172.20.73.46
|
||||
leonos: 172.20.73.47
|
||||
minetest: 172.20.73.48
|
||||
hydra: 172.20.73.49
|
||||
netboot: 172.20.73.50
|
||||
vps1: 172.20.73.51
|
||||
ticker: 172.20.73.52
|
||||
gitea: 172.20.73.53
|
||||
stream: 172.20.73.54
|
||||
jabber: 172.20.73.55
|
||||
mobilizon: 172.20.73.56
|
||||
radiobert: 172.20.73.57
|
||||
mail: 172.20.73.58
|
||||
keycloak: 172.20.73.59
|
||||
sdrweb: 172.20.73.60
|
||||
bind: 172.20.73.61
|
||||
|
||||
# TODO: generate from subnets
|
||||
priv1:
|
||||
priv1-gw: 172.20.74.1
|
||||
priv9:
|
||||
priv9-gw: 172.20.74.33
|
||||
priv5:
|
||||
priv5-gw: 172.20.74.65
|
||||
priv10:
|
||||
priv10-gw: 172.20.74.97
|
||||
priv3:
|
||||
priv3-gw: 172.20.74.129
|
||||
priv11:
|
||||
priv11-gw: 172.20.74.161
|
||||
priv6:
|
||||
priv6-gw: 172.20.74.193
|
||||
priv12:
|
||||
priv12-gw: 172.20.74.225
|
||||
priv2:
|
||||
priv2-gw: 172.20.75.1
|
||||
priv13:
|
||||
priv13-gw: 172.20.75.33
|
||||
priv7:
|
||||
priv7-gw: 172.20.75.65
|
||||
priv14:
|
||||
priv14-gw: 172.20.75.97
|
||||
priv4:
|
||||
priv4-gw: 172.20.75.129
|
||||
priv15:
|
||||
priv15-gw: 172.20.75.161
|
||||
priv8:
|
||||
priv8-gw: 172.20.75.193
|
||||
priv16:
|
||||
priv16-gw: 172.20.75.225
|
||||
priv17:
|
||||
priv17-gw: 172.20.73.129
|
||||
priv17-gw-up3: 172.20.73.130
|
||||
priv18:
|
||||
priv18-gw: 172.20.74.49
|
||||
priv19:
|
||||
priv19-gw: 172.20.73.193
|
||||
priv20:
|
||||
priv20-gw: 172.20.74.113
|
||||
priv21:
|
||||
priv21-gw: 172.20.74.145
|
||||
priv22:
|
||||
priv22-gw: 172.20.74.177
|
||||
priv23:
|
||||
priv23-gw: 172.20.73.161
|
||||
priv24:
|
||||
priv24-gw: 172.20.74.241
|
||||
priv25:
|
||||
priv25-gw: 172.20.74.81
|
||||
priv26:
|
||||
priv26-gw: 172.20.75.49
|
||||
priv27:
|
||||
priv27-gw: 172.20.75.81
|
||||
priv28:
|
||||
priv28-gw: 172.20.75.113
|
||||
priv29:
|
||||
priv29-gw: 172.20.75.145
|
||||
priv30:
|
||||
priv30-gw: 172.20.75.177
|
||||
priv31:
|
||||
priv31-gw: 172.20.75.209
|
||||
priv32:
|
||||
priv32-gw: 172.20.75.241
|
||||
priv33:
|
||||
priv33-gw: 172.20.74.17
|
||||
priv34:
|
||||
priv34-gw: 172.20.74.209
|
||||
priv35:
|
||||
priv35-gw: 172.20.76.1
|
||||
priv36:
|
||||
priv36-gw: 172.20.76.65
|
||||
priv37:
|
||||
priv37-gw: 172.20.76.129
|
||||
priv38:
|
||||
priv38-gw: 172.20.76.193
|
||||
priv39:
|
||||
priv39-gw: 172.20.77.129
|
||||
priv40:
|
||||
priv40-gw: 172.20.77.65
|
||||
priv41:
|
||||
priv41-gw: 172.20.77.193
|
||||
priv42:
|
||||
priv42-gw: 172.20.76.33
|
||||
|
||||
cluster:
|
||||
cls-gw: 172.20.77.1
|
||||
{%- for i in range(2, 30) %}
|
||||
server{{ i }}: 172.20.77.{{ i }}
|
||||
{%- endfor %}
|
||||
server1: 172.20.77.30
|
||||
|
||||
c3d2:
|
||||
c3d2-anon: 172.22.99.1
|
||||
c3d2-gw1: 172.22.99.2
|
||||
c3d2-gw2: 172.22.99.3
|
||||
c3d2-gw3: 172.22.99.4
|
||||
bgp: 172.22.99.250
|
||||
dn42: 172.22.99.253
|
||||
|
||||
hosts-inet-extra:
|
||||
ipa: 172.20.73.20
|
||||
|
||||
hosts-inet6:
|
||||
dn42:
|
||||
mgmt:
|
||||
server1: fd23:42:c3d2:580::1
|
||||
server2: fd23:42:c3d2:580::2
|
||||
switch-b1: fd23:42:c3d2:580::10
|
||||
switch-b2: fd23:42:c3d2:580::11
|
||||
switch-c1: fd23:42:c3d2:580::12
|
||||
switch-d1: fd23:42:c3d2:580::13
|
||||
switch-c3d2-main: fd23:42:c3d2:580::14
|
||||
ap1: fd23:42:c3d2:580::4:1
|
||||
ap2: fd23:42:c3d2:580::4:2
|
||||
ap3: fd23:42:c3d2:580::4:3
|
||||
ap4: fd23:42:c3d2:580::4:4
|
||||
ap5: fd23:42:c3d2:580::4:5
|
||||
ap6: fd23:42:c3d2:580::4:6
|
||||
ap7: fd23:42:c3d2:580::4:7
|
||||
ap8: fd23:42:c3d2:580::4:8
|
||||
ap9: fd23:42:c3d2:580::4:9
|
||||
ap10: fd23:42:c3d2:580::4:a
|
||||
ap11: fd23:42:c3d2:580::4:b
|
||||
ap12: fd23:42:c3d2:580::4:c
|
||||
ap13: fd23:42:c3d2:580::4:d
|
||||
ap14: fd23:42:c3d2:580::4:e
|
||||
ap15: fd23:42:c3d2:580::4:f
|
||||
ap16: fd23:42:c3d2:580::4:10
|
||||
ap17: fd23:42:c3d2:580::4:11
|
||||
ap18: fd23:42:c3d2:580::4:12
|
||||
ap19: fd23:42:c3d2:580::4:13
|
||||
ap20: fd23:42:c3d2:580::4:14
|
||||
ap21: fd23:42:c3d2:580::4:15
|
||||
ap22: fd23:42:c3d2:580::4:16
|
||||
ap23: fd23:42:c3d2:580::4:17
|
||||
ap24: fd23:42:c3d2:580::4:18
|
||||
ap25: fd23:42:c3d2:580::4:19
|
||||
ap26: fd23:42:c3d2:580::4:1a
|
||||
ap27: fd23:42:c3d2:580::4:1b
|
||||
ap28: fd23:42:c3d2:580::4:1c
|
||||
ap29: fd23:42:c3d2:580::4:1d
|
||||
ap30: fd23:42:c3d2:580::4:1e
|
||||
ap31: fd23:42:c3d2:580::4:1f
|
||||
ap32: fd23:42:c3d2:580::4:20
|
||||
ap33: fd23:42:c3d2:580::4:21
|
||||
ap34: fd23:42:c3d2:580::4:22
|
||||
ap35: fd23:42:c3d2:580::4:23
|
||||
ap36: fd23:42:c3d2:580::4:24
|
||||
ap37: fd23:42:c3d2:580::4:25
|
||||
ap38: fd23:42:c3d2:580::4:26
|
||||
ap39: fd23:42:c3d2:580::4:27
|
||||
ap40: fd23:42:c3d2:580::4:28
|
||||
ap41: fd23:42:c3d2:580::4:29
|
||||
ap42: fd23:42:c3d2:580::4:2a
|
||||
ap43: fd23:42:c3d2:580::4:2b
|
||||
ap44: fd23:42:c3d2:580::4:2c
|
||||
ap45: fd23:42:c3d2:580::4:2d
|
||||
ap46: fd23:42:c3d2:580::4:2e
|
||||
ap47: fd23:42:c3d2:580::4:2f
|
||||
ap48: fd23:42:c3d2:580::4:30
|
||||
ap49: fd23:42:c3d2:580::4:31
|
||||
ap50: fd23:42:c3d2:580::4:32
|
||||
ap51: fd23:42:c3d2:580::4:33
|
||||
ap52: fd23:42:c3d2:580::4:34
|
||||
ap53: fd23:42:c3d2:580::4:35
|
||||
ap54: fd23:42:c3d2:580::4:36
|
||||
ap55: fd23:42:c3d2:580::4:37
|
||||
ap56: fd23:42:c3d2:580::4:38
|
||||
ap57: fd23:42:c3d2:580::4:39
|
||||
ap58: fd23:42:c3d2:580::4:3a
|
||||
ap59: fd23:42:c3d2:580::4:3b
|
||||
ap60: fd23:42:c3d2:580::4:3c
|
||||
ap61: fd23:42:c3d2:580::4:3d
|
||||
ap62: fd23:42:c3d2:580::4:3e
|
||||
ap63: fd23:42:c3d2:580::4:3f
|
||||
ap64: fd23:42:c3d2:580::4:40
|
||||
monit: fd23:42:c3d2:580::250
|
||||
mgmt-gw: fd23:42:c3d2:580:ffff:ffff:ffff:ffff
|
||||
|
||||
core:
|
||||
server1: fd23:42:c3d2:581::1
|
||||
server2: fd23:42:c3d2:581::102
|
||||
|
||||
anon1: fd23:42:c3d2:581::9:1
|
||||
serv-gw: fd23:42:c3d2:581::8:1
|
||||
pub-gw: fd23:42:c3d2:581::8:2
|
||||
c3d2-gw1: fd23:42:c3d2:581::c3d2:1
|
||||
c3d2-gw2: fd23:42:c3d2:581::c3d2:2
|
||||
c3d2-gw3: fd23:42:c3d2:581::c3d2:3
|
||||
c3d2-anon: fd23:42:c3d2:581::c3d2:a
|
||||
bgp: fd23:42:c3d2:581::c3d2:b
|
||||
mgmt-gw: fd23:42:c3d2:581::8:3
|
||||
|
||||
upstream1: fd23:42:c3d2:581::b:0
|
||||
upstream2: fd23:42:c3d2:581::b:1
|
||||
upstream3: fd23:42:c3d2:581::b:2
|
||||
upstream4: fd23:42:c3d2:581::b:3
|
||||
|
||||
priv1-gw: fd23:42:c3d2:581::c:0
|
||||
priv2-gw: fd23:42:c3d2:581::c:1
|
||||
priv3-gw: fd23:42:c3d2:581::c:2
|
||||
priv4-gw: fd23:42:c3d2:581::c:3
|
||||
priv5-gw: fd23:42:c3d2:581::c:4
|
||||
priv6-gw: fd23:42:c3d2:581::c:5
|
||||
priv7-gw: fd23:42:c3d2:581::c:6
|
||||
priv8-gw: fd23:42:c3d2:581::c:7
|
||||
priv9-gw: fd23:42:c3d2:581::c:8
|
||||
priv10-gw: fd23:42:c3d2:581::c:9
|
||||
priv11-gw: fd23:42:c3d2:581::c:a
|
||||
priv12-gw: fd23:42:c3d2:581::c:b
|
||||
priv13-gw: fd23:42:c3d2:581::c:c
|
||||
priv14-gw: fd23:42:c3d2:581::c:d
|
||||
priv15-gw: fd23:42:c3d2:581::c:e
|
||||
priv16-gw: fd23:42:c3d2:581::c:f
|
||||
priv17-gw: fd23:42:c3d2:581::c:10
|
||||
priv18-gw: fd23:42:c3d2:581::c:11
|
||||
priv19-gw: fd23:42:c3d2:581::c:12
|
||||
priv20-gw: fd23:42:c3d2:581::c:13
|
||||
priv21-gw: fd23:42:c3d2:581::c:14
|
||||
priv22-gw: fd23:42:c3d2:581::c:15
|
||||
priv23-gw: fd23:42:c3d2:581::c:16
|
||||
priv24-gw: fd23:42:c3d2:581::c:17
|
||||
priv25-gw: fd23:42:c3d2:581::c:18
|
||||
priv26-gw: fd23:42:c3d2:581::c:19
|
||||
priv27-gw: fd23:42:c3d2:581::c:1a
|
||||
priv28-gw: fd23:42:c3d2:581::c:1b
|
||||
priv29-gw: fd23:42:c3d2:581::c:1c
|
||||
priv30-gw: fd23:42:c3d2:581::c:1d
|
||||
priv31-gw: fd23:42:c3d2:581::c:1e
|
||||
priv32-gw: fd23:42:c3d2:581::c:1f
|
||||
priv33-gw: fd23:42:c3d2:581::c:20
|
||||
priv34-gw: fd23:42:c3d2:581::c:21
|
||||
priv35-gw: fd23:42:c3d2:581::c:22
|
||||
priv36-gw: fd23:42:c3d2:581::c:23
|
||||
priv37-gw: fd23:42:c3d2:581::c:24
|
||||
priv38-gw: fd23:42:c3d2:581::c:25
|
||||
priv39-gw: fd23:42:c3d2:581::c:26
|
||||
priv40-gw: fd23:42:c3d2:581::c:27
|
||||
priv41-gw: fd23:42:c3d2:581::c:28
|
||||
priv42-gw: fd23:42:c3d2:581::c:29
|
||||
|
||||
freifunk: fd23:42:c3d2:581:8000::1
|
||||
yggdrasil: fd23:42:c3d2:581:9000::1
|
||||
|
||||
serv:
|
||||
serv-gw: fd23:42:c3d2:582::1
|
||||
dns: fd23:42:c3d2:582:2:0:0:2
|
||||
stats: fd23:42:c3d2:582:2:0:0:3
|
||||
radius: fd23:42:c3d2:582:2:0:0:4
|
||||
zeit: fd23:42:c3d2:582:2:0:0:5
|
||||
netboot: fd23:42:c3d2:582:2:0:0:6
|
||||
dnscache: fd23:42:c3d2:582:f096:dbff:fee8:427d
|
||||
minetest: fd23:42:c3d2:582:c3a:42ff:fe5d:b20c
|
||||
hydra: fd23:42:c3d2:582:e03c:d7ff:fe8e:fe16
|
||||
logging: fd23:42:c3d2:582:6811:edff:fe40:89c6
|
||||
mongo: fd23:42:c3d2:582:14ec:c8ff:fe0a:fc5c
|
||||
radiobert: fd23:42:c3d2:582:e65f:1ff:fe5d:1679
|
||||
spaceapi: fd23:42:c3d2:582:1457:adff:fe93:62e9
|
||||
c3d2-web: fd23:42:c3d2:582:642e:95ff:fe34:49f9
|
||||
mail: fd23:42:c3d2:582:88c0:41ff:fe70:d6cd
|
||||
keycloak: fd23:42:c3d2:582:c48:bbff:fe87:721d
|
||||
hydra: fd23:42:c3d2:582:e03c:d7ff:fe8e:fe16
|
||||
grafana: fd23:42:c3d2:582:4042:fbff:fe4b:2de8
|
||||
mobilizon: fd23:42:c3d2:582:48d1:5cff:fea7:1676
|
||||
bind: fd23:42:c3d2:582:cd7:56ff:fe69:6366
|
||||
jabber: fd23:42:c3d2:582:b869:ccff:fe46:902a
|
||||
pub:
|
||||
pub-gw: fd23:42:c3d2:583::1
|
||||
priv1:
|
||||
priv1-gw: fd23:42:c3d2:5c0::1
|
||||
priv2:
|
||||
priv2-gw: fd23:42:c3d2:5c1::1
|
||||
priv3:
|
||||
priv3-gw: fd23:42:c3d2:5c2::1
|
||||
priv4:
|
||||
priv4-gw: fd23:42:c3d2:5c3::1
|
||||
priv5:
|
||||
priv5-gw: fd23:42:c3d2:5c4::1
|
||||
priv6:
|
||||
priv6-gw: fd23:42:c3d2:5c5::1
|
||||
priv7:
|
||||
priv7-gw: fd23:42:c3d2:5c6::1
|
||||
priv8:
|
||||
priv8-gw: fd23:42:c3d2:5c7::1
|
||||
priv9:
|
||||
priv9-gw: fd23:42:c3d2:5c8::1
|
||||
priv10:
|
||||
priv10-gw: fd23:42:c3d2:5c9::1
|
||||
priv11:
|
||||
priv11-gw: fd23:42:c3d2:5ca::1
|
||||
priv12:
|
||||
priv12-gw: fd23:42:c3d2:5cb::1
|
||||
priv13:
|
||||
priv13-gw: fd23:42:c3d2:5cc::1
|
||||
priv14:
|
||||
priv14-gw: fd23:42:c3d2:5cd::1
|
||||
priv15:
|
||||
priv15-gw: fd23:42:c3d2:5ce::1
|
||||
priv16:
|
||||
priv16-gw: fd23:42:c3d2:5cf::1
|
||||
priv17:
|
||||
priv17-gw: fd23:42:c3d2:5d0::1
|
||||
priv18:
|
||||
priv18-gw: fd23:42:c3d2:5d1::1
|
||||
priv19:
|
||||
priv19-gw: fd23:42:c3d2:5d2::1
|
||||
priv20:
|
||||
priv20-gw: fd23:42:c3d2:5d3::1
|
||||
priv21:
|
||||
priv21-gw: fd23:42:c3d2:5d4::1
|
||||
priv22:
|
||||
priv22-gw: fd23:42:c3d2:5d5::1
|
||||
priv23:
|
||||
priv23-gw: fd23:42:c3d2:5d6::1
|
||||
priv24:
|
||||
priv24-gw: fd23:42:c3d2:5d7::1
|
||||
priv25:
|
||||
priv25-gw: fd23:42:c3d2:5d8::1
|
||||
priv26:
|
||||
priv26-gw: fd23:42:c3d2:5d9::1
|
||||
priv27:
|
||||
priv27-gw: fd23:42:c3d2:5da::1
|
||||
priv28:
|
||||
priv28-gw: fd23:42:c3d2:5db::1
|
||||
priv29:
|
||||
priv29-gw: fd23:42:c3d2:5dc::1
|
||||
priv30:
|
||||
priv30-gw: fd23:42:c3d2:5dd::1
|
||||
priv31:
|
||||
priv31-gw: fd23:42:c3d2:5de::1
|
||||
priv32:
|
||||
priv32-gw: fd23:42:c3d2:5df::1
|
||||
priv33:
|
||||
priv33-gw: fd23:42:c3d2:5e0::1
|
||||
priv34:
|
||||
priv34-gw: fd23:42:c3d2:5e1::1
|
||||
priv35:
|
||||
priv35-gw: fd23:42:c3d2:5e2::1
|
||||
priv36:
|
||||
priv36-gw: fd23:42:c3d2:5e3::1
|
||||
priv37:
|
||||
priv37-gw: fd23:42:c3d2:5e4::1
|
||||
priv38:
|
||||
priv38-gw: fd23:42:c3d2:5e5::1
|
||||
priv39:
|
||||
priv39-gw: fd23:42:c3d2:5e6::1
|
||||
priv40:
|
||||
priv40-gw: fd23:42:c3d2:5e7::1
|
||||
priv41:
|
||||
priv41-gw: fd23:42:c3d2:5e8::1
|
||||
priv42:
|
||||
priv42-gw: fd23:42:c3d2:5e9::1
|
||||
|
||||
cluster:
|
||||
cls-gw: fd23:42:c3d2:586::1
|
||||
{%- for i in range(2, 30) %}
|
||||
server{{ i }}: fd23:42:c3d2:586::1{{ i }}
|
||||
{%- endfor %}
|
||||
server1: fd23:42:c3d2:586::130
|
||||
|
||||
c3d2:
|
||||
c3d2-anon: fd23:42:c3d2:523::c3d2:1
|
||||
c3d2-gw1: fd23:42:c3d2:523::c3d2:2
|
||||
c3d2-gw2: fd23:42:c3d2:523::c3d2:3
|
||||
c3d2-gw3: fd23:42:c3d2:523::c3d2:4
|
||||
bgp: fd23:42:c3d2:523::c3d2:ff0b
|
||||
|
||||
up4:
|
||||
core:
|
||||
anon1: 2a00:8180:2c00:281::9:1
|
||||
serv-gw: 2a00:8180:2c00:281::8:1
|
||||
c3d2-gw1: 2a00:8180:2c00:281::c3d2:1
|
||||
c3d2-gw2: 2a00:8180:2c00:281::c3d2:2
|
||||
c3d2-gw3: 2a00:8180:2c00:281::c3d2:3
|
||||
c3d2-anon: 2a00:8180:2c00:281::c3d2:a
|
||||
bgp: 2a00:8180:2c00:281::c3d2:b
|
||||
mgmt-gw: 2a00:8180:2c00:281::8:3
|
||||
upstream1: 2a00:8180:2c00:281::b:0
|
||||
cls-gw: 2a00:8180:2c00:281::8:4
|
||||
|
||||
upstream4: 2a00:8180:2c00:281::b:1
|
||||
|
||||
priv1-gw: 2a00:8180:2c00:281::c:0
|
||||
priv2-gw: 2a00:8180:2c00:281::c:1
|
||||
priv3-gw: 2a00:8180:2c00:281::c:2
|
||||
priv4-gw: 2a00:8180:2c00:281::c:3
|
||||
priv5-gw: 2a00:8180:2c00:281::c:4
|
||||
priv6-gw: 2a00:8180:2c00:281::c:5
|
||||
priv7-gw: 2a00:8180:2c00:281::c:6
|
||||
priv8-gw: 2a00:8180:2c00:281::c:7
|
||||
priv9-gw: 2a00:8180:2c00:281::c:8
|
||||
priv10-gw: 2a00:8180:2c00:281::c:9
|
||||
priv11-gw: 2a00:8180:2c00:281::c:a
|
||||
priv12-gw: 2a00:8180:2c00:281::c:b
|
||||
priv13-gw: 2a00:8180:2c00:281::c:c
|
||||
priv14-gw: 2a00:8180:2c00:281::c:d
|
||||
priv15-gw: 2a00:8180:2c00:281::c:e
|
||||
priv16-gw: 2a00:8180:2c00:281::c:f
|
||||
priv17-gw: 2a00:8180:2c00:281::c:10
|
||||
priv18-gw: 2a00:8180:2c00:281::c:11
|
||||
priv19-gw: 2a00:8180:2c00:281::c:12
|
||||
priv20-gw: 2a00:8180:2c00:281::c:13
|
||||
priv21-gw: 2a00:8180:2c00:281::c:14
|
||||
priv22-gw: 2a00:8180:2c00:281::c:15
|
||||
priv23-gw: 2a00:8180:2c00:281::c:16
|
||||
priv24-gw: 2a00:8180:2c00:281::c:17
|
||||
priv25-gw: 2a00:8180:2c00:281::c:18
|
||||
priv26-gw: 2a00:8180:2c00:281::c:19
|
||||
priv27-gw: 2a00:8180:2c00:281::c:1a
|
||||
priv28-gw: 2a00:8180:2c00:281::c:1b
|
||||
priv29-gw: 2a00:8180:2c00:281::c:1c
|
||||
priv30-gw: 2a00:8180:2c00:281::c:1d
|
||||
priv31-gw: 2a00:8180:2c00:281::c:1e
|
||||
priv32-gw: 2a00:8180:2c00:281::c:1f
|
||||
priv33-gw: 2a00:8180:2c00:281::c:20
|
||||
priv34-gw: 2a00:8180:2c00:281::c:21
|
||||
priv35-gw: 2a00:8180:2c00:281::c:22
|
||||
priv36-gw: 2a00:8180:2c00:281::c:23
|
||||
priv37-gw: 2a00:8180:2c00:281::c:24
|
||||
priv38-gw: 2a00:8180:2c00:281::c:25
|
||||
priv39-gw: 2a00:8180:2c00:281::c:26
|
||||
priv40-gw: 2a00:8180:2c00:281::c:27
|
||||
priv41-gw: 2a00:8180:2c00:281::c:28
|
||||
priv42-gw: 2a00:8180:2c00:281::c:29
|
||||
|
||||
freifunk: 2a00:8180:2c00:281:8000::1
|
||||
yggdrasil: 2a00:8180:2c00:281:9000::1
|
||||
|
||||
serv:
|
||||
serv-gw: 2a00:8180:2c00:282::1
|
||||
dns: 2a00:8180:2c00:282:2:0:0:2
|
||||
stats: 2a00:8180:2c00:282:2:0:0:3
|
||||
radius: 2a00:8180:2c00:282:2:0:0:4
|
||||
zeit: 2a00:8180:2c00:282:2:0:0:5
|
||||
netboot: 2a00:8180:2c00:282:2:0:0:6
|
||||
dnscache: 2a00:8180:2c00:282:f096:dbff:fee8:427d
|
||||
minetest: 2a00:8180:2c00:282:c3a:42ff:fe5d:b20c
|
||||
hydra: 2a00:8180:2c00:282:e03c:d7ff:fe8e:fe16
|
||||
logging: 2a00:8180:2c00:282:6811:edff:fe40:89c6
|
||||
mongo: 2a00:8180:2c00:282:14ec:c8ff:fe0a:fc5c
|
||||
scrape: 2a00:8180:2c00:282:e073:50ff:fef5:eb6e
|
||||
ticker: 2a00:8180:2c00:282:b407:40ff:fec1:81f2
|
||||
grafana: 2a00:8180:2c00:282:4042:fbff:fe4b:2de8
|
||||
public-access-proxy: 2a00:8180:2c00:282:1024:5fff:febd:9be7
|
||||
radiobert: 2a00:8180:2c00:282:e65f:1ff:fe5d:1679
|
||||
spaceapi: 2a00:8180:2c00:282:1457:adff:fe93:62e9
|
||||
c3d2-web: 2a00:8180:2c00:282:642e:95ff:fe34:49f9
|
||||
mail: 2a00:8180:2c00:282:88c0:41ff:fe70:d6cd
|
||||
keycloak: 2a00:8180:2c00:282:c48:bbff:fe87:721d
|
||||
hydra: 2a00:8180:2c00:282:e03c:d7ff:fe8e:fe16
|
||||
grafana: 2a00:8180:2c00:282:4042:fbff:fe4b:2de8
|
||||
mobilizon: 2a00:8180:2c00:282:48d1:5cff:fea7:1676
|
||||
bind: 2a00:8180:2c00:282:cd7:56ff:fe69:6366
|
||||
jabber: 2a00:8180:2c00:282:b869:ccff:fe46:902a
|
||||
cluster:
|
||||
cls-gw: 2a00:8180:2c00:284::1
|
||||
{%- for i in range(2, 31) %}
|
||||
server{{ i }}: 2a00:8180:2c00:284::1{{ i }}
|
||||
{%- endfor %}
|
||||
server1: 2a00:8180:2c00:284::130
|
||||
|
||||
c3d2:
|
||||
c3d2-anon: 2a00:8180:2c00:223::c3d2:1
|
||||
c3d2-gw1: 2a00:8180:2c00:223::c3d2:2
|
||||
c3d2-gw2: 2a00:8180:2c00:223::c3d2:3
|
||||
c3d2-gw3: 2a00:8180:2c00:223::c3d2:4
|
||||
bgp: 2a00:8180:2c00:223::c3d2:ff0b
|
||||
|
||||
|
||||
priv1:
|
||||
priv1-gw: 2a00:8180:2c00:2c0::1
|
||||
priv2:
|
||||
priv2-gw: 2a00:8180:2c00:2c1::1
|
||||
priv3:
|
||||
priv3-gw: 2a00:8180:2c00:2c2::1
|
||||
priv4:
|
||||
priv4-gw: 2a00:8180:2c00:2c3::1
|
||||
priv5:
|
||||
priv5-gw: 2a00:8180:2c00:2c4::1
|
||||
priv6:
|
||||
priv6-gw: 2a00:8180:2c00:2c5::1
|
||||
priv7:
|
||||
priv7-gw: 2a00:8180:2c00:2c6::1
|
||||
priv8:
|
||||
priv8-gw: 2a00:8180:2c00:2c7::1
|
||||
priv9:
|
||||
priv9-gw: 2a00:8180:2c00:2c8::1
|
||||
priv10:
|
||||
priv10-gw: 2a00:8180:2c00:2c9::1
|
||||
priv11:
|
||||
priv11-gw: 2a00:8180:2c00:2ca::1
|
||||
priv12:
|
||||
priv12-gw: 2a00:8180:2c00:2cb::1
|
||||
priv13:
|
||||
priv13-gw: 2a00:8180:2c00:2cc::1
|
||||
priv14:
|
||||
priv14-gw: 2a00:8180:2c00:2cd::1
|
||||
priv15:
|
||||
priv15-gw: 2a00:8180:2c00:2ce::1
|
||||
priv16:
|
||||
priv16-gw: 2a00:8180:2c00:2cf::1
|
||||
priv17:
|
||||
priv17-gw: 2a00:8180:2c00:2d0::1
|
||||
priv18:
|
||||
priv18-gw: 2a00:8180:2c00:2d1::1
|
||||
priv19:
|
||||
priv19-gw: 2a00:8180:2c00:2d2::1
|
||||
priv20:
|
||||
priv20-gw: 2a00:8180:2c00:2d3::1
|
||||
priv21:
|
||||
priv21-gw: 2a00:8180:2c00:2d4::1
|
||||
priv22:
|
||||
priv22-gw: 2a00:8180:2c00:2d5::1
|
||||
priv23:
|
||||
priv23-gw: 2a00:8180:2c00:2d6::1
|
||||
priv24:
|
||||
priv24-gw: 2a00:8180:2c00:2d7::1
|
||||
priv25:
|
||||
priv25-gw: 2a00:8180:2c00:2d8::1
|
||||
priv26:
|
||||
priv26-gw: 2a00:8180:2c00:2d9::1
|
||||
priv27:
|
||||
priv27-gw: 2a00:8180:2c00:2da::1
|
||||
priv28:
|
||||
priv28-gw: 2a00:8180:2c00:2db::1
|
||||
priv29:
|
||||
priv29-gw: 2a00:8180:2c00:2dc::1
|
||||
priv30:
|
||||
priv30-gw: 2a00:8180:2c00:2dd::1
|
||||
priv31:
|
||||
priv31-gw: 2a00:8180:2c00:2de::1
|
||||
priv32:
|
||||
priv32-gw: 2a00:8180:2c00:2df::1
|
||||
priv33:
|
||||
priv33-gw: 2a00:8180:2c00:2e0::1
|
||||
priv34:
|
||||
priv34-gw: 2a00:8180:2c00:2e1::1
|
||||
priv35:
|
||||
priv35-gw: 2a00:8180:2c00:2e2::1
|
||||
priv36:
|
||||
priv36-gw: 2a00:8180:2c00:2e3::1
|
||||
priv37:
|
||||
priv37-gw: 2a00:8180:2c00:2e4::1
|
||||
priv38:
|
||||
priv38-gw: 2a00:8180:2c00:2e5::1
|
||||
priv39:
|
||||
priv39-gw: 2a00:8180:2c00:2e5::1
|
||||
priv40:
|
||||
priv40-gw: 2a00:8180:2c00:2e6::1
|
||||
priv41:
|
||||
priv41-gw: 2a00:8180:2c00:2e7::1
|
||||
priv42:
|
||||
priv42-gw: 2a00:8180:2c00:2e8::1
|
|
@ -1,28 +0,0 @@
|
|||
#!yaml|gpg
|
||||
|
||||
ssh:
|
||||
pubkey: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf6Ai5xCphC4WL0clcpgZCr9ymrQ9KAcg/yjszWmc1xy7K4
|
||||
hHHwcS0Ah5SPqbafdbfhBZiZL5Nqm86xdvi5jJ95dq9CMc+HnGL4R0/b3/y45tDO
|
||||
Nv8NvLz7HXzit9sDy/YyjkOFf+cX9YQiHrs0vkhA7Lkm8mAQro7ta6sVxuj2AhRe
|
||||
zTZbk9/dyP3B2EBqe7rDdMbLVWtEXoPu1wGg5qejjw6hfDoT0HYAwLIvuLlUFV9A
|
||||
S0FGHgYKhplFufsDhh3Hb6EjAj6IWgtARrWxqnBDf6895yZQDvrFx5N8abUH7YJC
|
||||
bj+hxbumDNdRijoWZ74+iIjPYVeFFm1K+/Ch6+tp5NLpAaoTrw3NPHIhX0u3fD6i
|
||||
OW9OVb9JChEN3+T2zAS5OSz9YvJs+MbnSTLZhaB5leDw5osRqN8vXmlWyVF85LBg
|
||||
ONpA9EjIK8YzouB/ujh2zUqn4f7oqFtTDt0dDk6aHFk3cgeck7u9ADKlS2QBayph
|
||||
zNZ3iFf/av//b6nOHllun3LhRCesFLo9/9w1aryH1INYg10X+fl4Pt3G0B8Js2sC
|
||||
FzZyhkkWBsXkoNvWeqvXObzpMTRMDRqO4FoOc3nN414/JKMnxdFCIyzEC0gkQoCX
|
||||
uey9PPlnwj/eHRB1Qbth+VLhsBV7IIF/0O+BJU9TFn1L9x06DRugiZTxB/DEdunQ
|
||||
3BrTG0XHm4TqRsCvu7WX37bddMV79+pJbzD87gupV0ETomT4w81btUoFr1VhD4GZ
|
||||
wtjDtj2IdLsBMC5GvnRZge7BIW66UD4aCoWQaNGE3bCsipaWapCHKrXJxKmEmJXj
|
||||
tQjbnLcwRs8TkJAekz5y59wHIhcSlPjOa6o4dkWe9CtkGnEAxfVZAvlRTHnlzBUW
|
||||
nOQHXAuXCwgWSRKkiN3GRs98T5WbekeCqTLtk4XhXBdPN79eDouYXJDBvGTdATLK
|
||||
TS9/CqeM5njU1Xo4TVgojkKIwC4B8+wWgEDxhgWut9as45ciHeV1G9RCcPQh7XC+
|
||||
j2YPcdf7Wvmu05BHLuSoolmVPFExDKghS6eYBXZ0/DW8L9dtjnxy3KZR0ww8/IW7
|
||||
7aLo2tIap4PscHnw3XBpxubhTnOnp8ylww++HXRXxLnTUeVjJwei4YXTug5JCvm4
|
||||
B8Rd5F1bhyFLkUBNDnQJYgdYje4qxi0fJvHYhGU6/ushDWSxXBWiznFYhR8y9Tej
|
||||
VG5m5ZAtG4fCEkvDQAUBnDdvTEUIPMQ=
|
||||
=CQpr
|
||||
-----END PGP MESSAGE-----
|
|
@ -1,628 +0,0 @@
|
|||
containers:
|
||||
pub-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: anon1
|
||||
# gw6: anon1
|
||||
hwaddr: 0A:14:48:01:16:00
|
||||
pub:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:16:01
|
||||
|
||||
serv-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream1
|
||||
# gw6: upstream1
|
||||
hwaddr: 0A:14:48:01:06:01
|
||||
serv:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:06:00
|
||||
|
||||
cls-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream1
|
||||
# gw6: upstream1
|
||||
hwaddr: 0A:14:48:01:06:03
|
||||
cluster:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:06:02
|
||||
|
||||
priv1-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:19:00
|
||||
priv1:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:19:01
|
||||
|
||||
priv2-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:18:00
|
||||
priv2:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:18:01
|
||||
|
||||
priv3-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:08:00
|
||||
priv3:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:08:01
|
||||
|
||||
priv4-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:17:01
|
||||
priv4:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:17:00
|
||||
|
||||
priv5-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:12:00
|
||||
priv5:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:12:01
|
||||
|
||||
priv6-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: anon1
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:11:00
|
||||
priv6:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:11:01
|
||||
|
||||
priv7-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:10:00
|
||||
priv7:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:10:01
|
||||
|
||||
priv8-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:09:00
|
||||
priv8:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:09:01
|
||||
|
||||
priv9-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:20:00
|
||||
priv9:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:20:01
|
||||
|
||||
priv10-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:13:02
|
||||
priv10:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:13:03
|
||||
|
||||
priv11-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:29:00
|
||||
priv11:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:29:01
|
||||
|
||||
priv12-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:00
|
||||
priv12:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:01
|
||||
|
||||
priv13-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:10
|
||||
priv13:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:11
|
||||
|
||||
priv14-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:12
|
||||
priv14:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:13
|
||||
|
||||
priv15-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: anon1
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:14
|
||||
priv15:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:15
|
||||
|
||||
priv16-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:16
|
||||
priv16:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:17
|
||||
|
||||
priv17-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:18
|
||||
priv17:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:19
|
||||
|
||||
priv17-gw-up3:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
hwaddr: 0A:14:47:02:2A:18
|
||||
priv17:
|
||||
type: phys
|
||||
hwaddr: 0A:14:47:02:2A:19
|
||||
|
||||
priv18-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:1A
|
||||
priv18:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:1B
|
||||
|
||||
priv19-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:1C
|
||||
priv19:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:1D
|
||||
|
||||
priv20-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:1E
|
||||
priv20:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:1F
|
||||
|
||||
priv21-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:20
|
||||
priv21:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:21
|
||||
|
||||
priv22-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:24
|
||||
priv22:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:25
|
||||
|
||||
priv23-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:22
|
||||
priv23:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:23
|
||||
|
||||
priv24-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:26
|
||||
priv24:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:27
|
||||
|
||||
priv25-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:28
|
||||
priv25:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:29
|
||||
|
||||
priv26-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:2A
|
||||
priv26:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:2B
|
||||
|
||||
priv27-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:2C
|
||||
priv27:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:2D
|
||||
|
||||
priv28-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:2E
|
||||
priv28:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:2F
|
||||
|
||||
priv29-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:30
|
||||
priv29:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:31
|
||||
|
||||
priv30-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:32
|
||||
priv30:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:33
|
||||
|
||||
priv31-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:34
|
||||
priv31:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:35
|
||||
|
||||
priv32-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:36
|
||||
priv32:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:37
|
||||
|
||||
priv33-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:38
|
||||
priv33:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:39
|
||||
|
||||
priv34-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:40
|
||||
priv34:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:41
|
||||
|
||||
priv35-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:42
|
||||
priv35:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:43
|
||||
|
||||
priv36-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:44
|
||||
priv36:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:45
|
||||
|
||||
priv37-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:46
|
||||
priv37:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:47
|
||||
|
||||
priv38-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:48
|
||||
priv38:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:49
|
||||
|
||||
priv39-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:4A
|
||||
priv39:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:4B
|
||||
|
||||
priv40-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream2
|
||||
# gw6: upstream2
|
||||
hwaddr: 0A:14:48:01:2A:4C
|
||||
priv40:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:4D
|
||||
|
||||
priv41-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:2A:4E
|
||||
priv41:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:4F
|
||||
|
||||
priv42-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:2A:50
|
||||
priv42:
|
||||
type: phys
|
||||
hwaddr: 0A:14:48:01:2A:51
|
||||
|
||||
upstream1:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:26:00
|
||||
up1:
|
||||
type: phys
|
||||
# Change (eg. auto-generation) requires reboot of the cable
|
||||
# modem that is bridge mode
|
||||
hwaddr: 00:23:74:D7:2D:7C
|
||||
|
||||
upstream2:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:27:00
|
||||
up2:
|
||||
type: phys
|
||||
# Change (eg. auto-generation) requires reboot of the cable
|
||||
# modem that is bridge mode
|
||||
hwaddr: 00:23:74:D7:42:7C
|
||||
|
||||
upstream3:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:28:00
|
||||
up3:
|
||||
type: phys
|
||||
hwaddr: 00:23:74:D7:42:7D
|
||||
|
||||
upstream4:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:28:01
|
||||
up4:
|
||||
type: phys
|
||||
hwaddr: 00:23:74:D7:42:7E
|
||||
|
||||
anon1:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:14:00
|
||||
|
||||
c3d2-gw1:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:21:00
|
||||
c3d2:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:21:01
|
||||
|
||||
c3d2-gw2:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:21:02
|
||||
c3d2:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:21:03
|
||||
|
||||
c3d2-gw3:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:21:04
|
||||
c3d2:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:21:05
|
||||
|
||||
c3d2-anon:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:07:04
|
||||
c3d2:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:07:05
|
||||
|
||||
bgp:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream1
|
||||
# gw6: upstream1
|
||||
hwaddr: 0A:14:48:01:22:00
|
||||
c3d2:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:22:01
|
||||
|
||||
dns:
|
||||
interfaces:
|
||||
serv:
|
||||
type: veth
|
||||
gw: serv-gw
|
||||
gw6: serv-gw
|
||||
hwaddr: 0A:14:48:01:23:00
|
||||
|
||||
stats:
|
||||
interfaces:
|
||||
serv:
|
||||
type: veth
|
||||
gw: serv-gw
|
||||
gw6: serv-gw
|
||||
hwaddr: 0A:14:48:01:15:00
|
||||
|
||||
netboot:
|
||||
interfaces:
|
||||
serv:
|
||||
type: veth
|
||||
gw: serv-gw
|
||||
gw6: serv-gw
|
||||
hwaddr: 0A:14:48:01:15:01
|
||||
|
||||
mgmt-gw:
|
||||
interfaces:
|
||||
core:
|
||||
type: veth
|
||||
# gw: upstream1
|
||||
# gw6: upstream1
|
||||
hwaddr: 0A:14:48:01:24:01
|
||||
mgmt:
|
||||
type: veth
|
||||
hwaddr: 0A:14:48:01:24:00
|
|
@ -1,147 +0,0 @@
|
|||
subnets-inet:
|
||||
core: 172.20.72.0/25
|
||||
serv: 172.20.73.0/26
|
||||
pub: 172.20.78.0/23
|
||||
priv19: 172.20.73.192/26
|
||||
priv1: 172.20.74.0/28
|
||||
priv33: 172.20.74.16/28
|
||||
priv9: 172.20.74.32/28
|
||||
priv18: 172.20.74.48/28
|
||||
priv5: 172.20.74.64/28
|
||||
priv25: 172.20.74.80/28
|
||||
priv10: 172.20.74.96/28
|
||||
priv20: 172.20.74.112/28
|
||||
priv3: 172.20.74.128/28
|
||||
priv21: 172.20.74.144/28
|
||||
priv11: 172.20.74.160/28
|
||||
priv22: 172.20.74.176/28
|
||||
priv6: 172.20.74.192/28
|
||||
priv23: 172.20.73.160/27
|
||||
priv12: 172.20.74.224/28
|
||||
priv24: 172.20.74.240/28
|
||||
priv2: 172.20.75.0/27
|
||||
priv13: 172.20.75.32/28
|
||||
priv26: 172.20.75.48/28
|
||||
priv7: 172.20.75.64/28
|
||||
priv27: 172.20.75.80/28
|
||||
priv14: 172.20.75.96/28
|
||||
priv28: 172.20.75.112/28
|
||||
priv4: 172.20.75.128/28
|
||||
priv29: 172.20.75.144/28
|
||||
priv15: 172.20.75.160/28
|
||||
priv30: 172.20.75.176/28
|
||||
priv8: 172.20.75.192/28
|
||||
priv31: 172.20.75.208/28
|
||||
priv16: 172.20.75.224/28
|
||||
priv32: 172.20.75.240/28
|
||||
priv34: 172.20.74.208/28
|
||||
priv35: 172.20.76.0/28
|
||||
priv36: 172.20.76.64/28
|
||||
priv37: 172.20.76.128/28
|
||||
priv38: 172.20.76.192/28
|
||||
priv39: 172.20.77.128/28
|
||||
priv40: 172.20.77.64/28
|
||||
priv41: 172.20.77.192/28
|
||||
priv42: 172.20.76.32/28
|
||||
c3d2: 172.22.99.0/24
|
||||
mgmt: 10.0.0.0/24
|
||||
priv17: 172.20.73.128/27
|
||||
cluster: 172.20.77.0/27
|
||||
|
||||
subnets-inet6:
|
||||
dn42:
|
||||
mgmt: fd23:42:c3d2:580::/64
|
||||
core: fd23:42:c3d2:581::/64
|
||||
serv: fd23:42:c3d2:582::/64
|
||||
pub: fd23:42:c3d2:583::/64
|
||||
cluster: fd23:42:c3d2:586::/64
|
||||
priv1: fd23:42:c3d2:5c0::/64
|
||||
priv2: fd23:42:c3d2:5c1::/64
|
||||
priv3: fd23:42:c3d2:5c2::/64
|
||||
priv4: fd23:42:c3d2:5c3::/64
|
||||
priv5: fd23:42:c3d2:5c4::/64
|
||||
priv6: fd23:42:c3d2:5c5::/64
|
||||
priv7: fd23:42:c3d2:5c6::/64
|
||||
priv8: fd23:42:c3d2:5c7::/64
|
||||
priv9: fd23:42:c3d2:5c8::/64
|
||||
priv10: fd23:42:c3d2:5c9::/64
|
||||
priv11: fd23:42:c3d2:5ca::/64
|
||||
priv12: fd23:42:c3d2:5cb::/64
|
||||
priv13: fd23:42:c3d2:5cc::/64
|
||||
priv14: fd23:42:c3d2:5cd::/64
|
||||
priv15: fd23:42:c3d2:5ce::/64
|
||||
priv16: fd23:42:c3d2:5cf::/64
|
||||
priv17: fd23:42:c3d2:5d0::/64
|
||||
priv18: fd23:42:c3d2:5d1::/64
|
||||
priv19: fd23:42:c3d2:5d2::/64
|
||||
priv20: fd23:42:c3d2:5d3::/64
|
||||
priv21: fd23:42:c3d2:5d4::/64
|
||||
priv22: fd23:42:c3d2:5d5::/64
|
||||
priv23: fd23:42:c3d2:5d6::/64
|
||||
priv24: fd23:42:c3d2:5d7::/64
|
||||
priv25: fd23:42:c3d2:5d8::/64
|
||||
priv26: fd23:42:c3d2:5d9::/64
|
||||
priv27: fd23:42:c3d2:5da::/64
|
||||
priv28: fd23:42:c3d2:5db::/64
|
||||
priv29: fd23:42:c3d2:5dc::/64
|
||||
priv30: fd23:42:c3d2:5dd::/64
|
||||
priv31: fd23:42:c3d2:5de::/64
|
||||
priv32: fd23:42:c3d2:5df::/64
|
||||
priv33: fd23:42:c3d2:5e0::/64
|
||||
priv34: fd23:42:c3d2:5e1::/64
|
||||
priv35: fd23:42:c3d2:5e2::/64
|
||||
priv36: fd23:42:c3d2:5e3::/64
|
||||
priv37: fd23:42:c3d2:5e4::/64
|
||||
priv38: fd23:42:c3d2:5e5::/64
|
||||
priv39: fd23:42:c3d2:5e6::/64
|
||||
priv40: fd23:42:c3d2:5e7::/64
|
||||
priv41: fd23:42:c3d2:5e8::/64
|
||||
priv42: fd23:42:c3d2:5e9::/64
|
||||
c3d2: fd23:42:c3d2:523::/64
|
||||
up4:
|
||||
c3d2: 2a00:8180:2c00:223::/64
|
||||
core: 2a00:8180:2c00:281::/64
|
||||
serv: 2a00:8180:2c00:282::/64
|
||||
cluster: 2a00:8180:2c00:284::/64
|
||||
priv1: 2a00:8180:2c00:2c0::/64
|
||||
priv2: 2a00:8180:2c00:2c1::/64
|
||||
priv3: 2a00:8180:2c00:2c2::/64
|
||||
priv4: 2a00:8180:2c00:2c3::/64
|
||||
priv5: 2a00:8180:2c00:2c4::/64
|
||||
priv6: 2a00:8180:2c00:2c5::/64
|
||||
priv7: 2a00:8180:2c00:2c6::/64
|
||||
priv8: 2a00:8180:2c00:2c7::/64
|
||||
priv9: 2a00:8180:2c00:2c8::/64
|
||||
priv10: 2a00:8180:2c00:2c9::/64
|
||||
priv11: 2a00:8180:2c00:2ca::/64
|
||||
priv12: 2a00:8180:2c00:2cb::/64
|
||||
priv13: 2a00:8180:2c00:2cc::/64
|
||||
priv14: 2a00:8180:2c00:2cd::/64
|
||||
priv15: 2a00:8180:2c00:2ce::/64
|
||||
priv16: 2a00:8180:2c00:2cf::/64
|
||||
priv17: 2a00:8180:2c00:2d0::/64
|
||||
priv18: 2a00:8180:2c00:2d1::/64
|
||||
priv19: 2a00:8180:2c00:2d2::/64
|
||||
priv20: 2a00:8180:2c00:2d3::/64
|
||||
priv21: 2a00:8180:2c00:2d4::/64
|
||||
priv22: 2a00:8180:2c00:2d5::/64
|
||||
priv23: 2a00:8180:2c00:2d6::/64
|
||||
priv24: 2a00:8180:2c00:2d7::/64
|
||||
priv25: 2a00:8180:2c00:2d8::/64
|
||||
priv26: 2a00:8180:2c00:2d9::/64
|
||||
priv27: 2a00:8180:2c00:2da::/64
|
||||
priv28: 2a00:8180:2c00:2db::/64
|
||||
priv29: 2a00:8180:2c00:2dc::/64
|
||||
priv30: 2a00:8180:2c00:2dd::/64
|
||||
priv31: 2a00:8180:2c00:2de::/64
|
||||
priv32: 2a00:8180:2c00:2df::/64
|
||||
priv33: 2a00:8180:2c00:2e0::/64
|
||||
priv34: 2a00:8180:2c00:2e1::/64
|
||||
priv35: 2a00:8180:2c00:2e2::/64
|
||||
priv36: 2a00:8180:2c00:2e3::/64
|
||||
priv37: 2a00:8180:2c00:2e4::/64
|
||||
priv38: 2a00:8180:2c00:2e5::/64
|
||||
priv39: 2a00:8180:2c00:2e6::/64
|
||||
priv40: 2a00:8180:2c00:2e7::/64
|
||||
priv41: 2a00:8180:2c00:2e8::/64
|
||||
priv42: 2a00:8180:2c00:2e9::/64
|
|
@ -1,572 +0,0 @@
|
|||
#!yaml|gpg
|
||||
switches:
|
||||
switch-b1:
|
||||
model: 'linksys-srw2048'
|
||||
location: Haus B Souterrain
|
||||
# Ports 1-24 oben
|
||||
# Ports 25-48 unten
|
||||
ports:
|
||||
switch-b2:
|
||||
mode: bond
|
||||
group: 3
|
||||
ports:
|
||||
- g25
|
||||
- g26
|
||||
- g27
|
||||
- g28
|
||||
mgmt:
|
||||
mode: access
|
||||
ports:
|
||||
- g1
|
||||
iso1:
|
||||
mode: access
|
||||
ports:
|
||||
- g2
|
||||
iso2:
|
||||
mode: access
|
||||
ports:
|
||||
- g3
|
||||
iso3:
|
||||
mode: access
|
||||
ports:
|
||||
- g4
|
||||
ap8:
|
||||
mode: trunk
|
||||
ports:
|
||||
- g16
|
||||
ap23:
|
||||
mode: trunk
|
||||
ports:
|
||||
- g10
|
||||
switch-c1:
|
||||
mode: bond
|
||||
group: 2
|
||||
ports:
|
||||
- g29
|
||||
- g30
|
||||
- g31
|
||||
- g32
|
||||
switch-d1:
|
||||
mode: trunk
|
||||
ports:
|
||||
- g34
|
||||
server1:
|
||||
mode: trunk
|
||||
ports:
|
||||
# - g46
|
||||
# - g47
|
||||
# - g48
|
||||
- g24
|
||||
server2:
|
||||
mode: bond
|
||||
group: 1
|
||||
ports:
|
||||
- g12
|
||||
- g38
|
||||
- g39
|
||||
- g40
|
||||
server5:
|
||||
mode: bond
|
||||
group: 6
|
||||
ports:
|
||||
- g17
|
||||
- g18
|
||||
- g19
|
||||
- g20
|
||||
server6:
|
||||
mode: bond
|
||||
group: 8
|
||||
ports:
|
||||
- g5
|
||||
- g6
|
||||
- g7
|
||||
- g8
|
||||
server7:
|
||||
mode: bond
|
||||
group: 7
|
||||
ports:
|
||||
- g9
|
||||
- g11
|
||||
- g14
|
||||
- g15
|
||||
server8:
|
||||
mode: bond
|
||||
group: 5
|
||||
ports:
|
||||
- g35
|
||||
- g36
|
||||
- g37
|
||||
- g13
|
||||
serv:
|
||||
mode: access
|
||||
ports:
|
||||
# vps1
|
||||
- g22
|
||||
# c3d2-monit:
|
||||
# mode: trunk
|
||||
# ports:
|
||||
# - g21
|
||||
# - g45
|
||||
c3d2:
|
||||
mode: access
|
||||
ports:
|
||||
- g23
|
||||
switch-c3d2-main:
|
||||
mode: bond
|
||||
group: 4
|
||||
ports:
|
||||
- g41
|
||||
- g42
|
||||
- g43
|
||||
- g44
|
||||
password: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf/c9ysLI/ePzYtqz7AyoKBZQKFau/pEpQDswA5hdJiRSgh
|
||||
TQ73u7NVVYTGk/sZ2awAVLQ/KUM7JPMHMXK1+uPIQq0/+Xg/v5zJdaWwRUUIGtCz
|
||||
Sg3BpV41a/NgxlJbh0bJw0CjlgTHF7qIhiQNoHx/DnYECab8bMr8i7NziWXZl1kf
|
||||
6A5BqAu5siaaqngn5wYmMdstl48lejiDNgtZSeti/1FV9fk4D2w9zEMHZnTS2M+O
|
||||
TzDk2lsAA4CEXeQBsBOSMsbHDy6yo4CzuNk61ALfH8a3Tn1sQjfSLo021xAvqj5U
|
||||
nS9/L/57ffRILzz1hfURBV0N/VnDqi5enSZIvVU2WtJLAZEAghgXjE7rfjsN1ypG
|
||||
mYUz1OQ9cLG8ttSL9+fhYc8rCW0jx8KD5HKPiNHnR1x0s2RbUnprQdlFgC4go8U7
|
||||
DRE15mc7GkkYbvIl
|
||||
=/BZc
|
||||
-----END PGP MESSAGE-----
|
||||
|
||||
switch-b2:
|
||||
model: '3com-4200G'
|
||||
location: Haus B Souterrain
|
||||
# Ports 1-24 oben
|
||||
# Ports 25-48 unten
|
||||
# Ports 49-52 unten seitlich (optisch)
|
||||
# 10GE hinten
|
||||
ports:
|
||||
switch-b1:
|
||||
mode: bond
|
||||
group: 2
|
||||
ports:
|
||||
- TenGigabitEthernet 1/1/1
|
||||
- GigabitEthernet 1/0/25
|
||||
- GigabitEthernet 1/0/26
|
||||
- GigabitEthernet 1/0/27
|
||||
- GigabitEthernet 1/0/28
|
||||
mgmt:
|
||||
mode: access
|
||||
ports:
|
||||
- GigabitEthernet1/0/1
|
||||
- GigabitEthernet1/0/41 # server3
|
||||
- GigabitEthernet1/0/42 # server1
|
||||
- GigabitEthernet1/0/43 # unused
|
||||
- GigabitEthernet1/0/44 # server5
|
||||
- GigabitEthernet1/0/45 # server6
|
||||
- GigabitEthernet1/0/46 # server7
|
||||
- GigabitEthernet1/0/47 # server8
|
||||
- GigabitEthernet1/0/48 # server9
|
||||
priv1:
|
||||
mode: access
|
||||
ports:
|
||||
- GigabitEthernet 1/0/3
|
||||
priv2:
|
||||
mode: access
|
||||
ports:
|
||||
- GigabitEthernet 1/0/4
|
||||
priv3:
|
||||
mode: access
|
||||
ports:
|
||||
- GigabitEthernet 1/0/5
|
||||
ap42:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/6
|
||||
ap5:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/7
|
||||
ap1:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/8
|
||||
ap11:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/10
|
||||
ap15:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/12
|
||||
ap53:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/15
|
||||
pub:
|
||||
mode: access
|
||||
ports:
|
||||
- GigabitEthernet 1/0/11
|
||||
- GigabitEthernet 1/0/20
|
||||
- GigabitEthernet 1/0/24
|
||||
ap18:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/18
|
||||
ap51:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/13
|
||||
server3:
|
||||
mode: bond
|
||||
group: 1
|
||||
ports:
|
||||
- GigabitEthernet1/0/30
|
||||
- GigabitEthernet1/0/31
|
||||
server9:
|
||||
mode: bond
|
||||
group: 3
|
||||
ports:
|
||||
- GigabitEthernet1/0/2
|
||||
- GigabitEthernet1/0/29
|
||||
- GigabitEthernet1/0/32
|
||||
ap24:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/34
|
||||
ap25:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/35
|
||||
ap29:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/36
|
||||
ap30:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/22
|
||||
ap35:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/23
|
||||
priv19:
|
||||
mode: access
|
||||
ports:
|
||||
- GigabitEthernet 1/0/40
|
||||
ap37:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/39
|
||||
ap39:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/17
|
||||
ap40:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/21
|
||||
priv24:
|
||||
mode: access
|
||||
ports:
|
||||
- GigabitEthernet 1/0/14
|
||||
- GigabitEthernet 1/0/16
|
||||
ap41:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/37
|
||||
ap55:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/19
|
||||
ap56:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/9
|
||||
ap54:
|
||||
mode: trunk
|
||||
ports:
|
||||
- GigabitEthernet 1/0/38
|
||||
password: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf+N6p+ZuZsx1AF7CI2TKsxxEU1EyM1DIqtk7d5DoidTIZ4
|
||||
zYnL9X72VSQiNRtkk955wU5sStanDjQMxBUcEO/bEQq6Cjy7tgWZZXEfCedM3Xzq
|
||||
MEs861JCHdpBfL/zehHZxjmGe+St0xRGn4yBZcP/835Sl6t6q4znPFabcgDmIItX
|
||||
ZsjaQfKd0La8GclHI1Pib7UuI6fvD70GkcQHoKoM1cOw8HQRpY953RnTNDKUk7is
|
||||
ZjvhHkPUU2smLxJhCCwAiARq7TZceI0orfCkjQ87sRXavO82dn2Vq3mD9iVwnYY+
|
||||
mVuYBhqguwq0HoOomHKf/JbQc7Gz8E+SBHWvjCUvVtJLARwt3KUvZGY28oKm7pcs
|
||||
ITJJEiVPfnS2CtIm7T0nCm4LMiE20GWhhJIh8gIQuORlUvtMX0R29v3cVcNYCbIh
|
||||
+2WKG1F/gum7at/q
|
||||
=On3v
|
||||
-----END PGP MESSAGE-----
|
||||
|
||||
switch-c1:
|
||||
model: 'HP-procurve-2824'
|
||||
location: Turm C Keller, bei Kabelanschluessen
|
||||
# Ports 1-19 ungerade oben
|
||||
# Ports 2-20 gerade unten
|
||||
# (15, 16 gehen aktuell nach Haus A)
|
||||
# Ports 21-24 unten seitlich (optional optisch)
|
||||
# Port 7 geht aktuell nach Turm C Erdgeschoss und dadurch zur Ecce
|
||||
ports:
|
||||
switch-b1:
|
||||
mode: bond
|
||||
group: 2
|
||||
ports: 21-24
|
||||
up1:
|
||||
mode: access
|
||||
ports: '1'
|
||||
nostp: true
|
||||
up2:
|
||||
mode: access
|
||||
ports: '2'
|
||||
nostp: true
|
||||
# up3:
|
||||
# mode: access
|
||||
# ports: '3'
|
||||
# nostp: true
|
||||
up4:
|
||||
mode: access
|
||||
ports: '4'
|
||||
nostp: true
|
||||
# "Antenne"
|
||||
switch-dach:
|
||||
mode: trunk
|
||||
ports: '6'
|
||||
iso1:
|
||||
mode: access
|
||||
ports: '9'
|
||||
iso2:
|
||||
mode: access
|
||||
ports: '10'
|
||||
iso3:
|
||||
mode: access
|
||||
ports: '11'
|
||||
iso4:
|
||||
mode: access
|
||||
ports: '12'
|
||||
iso5:
|
||||
mode: access
|
||||
ports: '13'
|
||||
iso6:
|
||||
mode: access
|
||||
ports: '14'
|
||||
# Saal A: durch dummen PoE-Switch mit Aggregation an ap44-50 + switch-a1
|
||||
switch-a1:
|
||||
mode: bond
|
||||
group: 1
|
||||
ports: 15-16
|
||||
lacp: no
|
||||
ap19:
|
||||
mode: trunk
|
||||
ports: 17
|
||||
ap26:
|
||||
mode: trunk
|
||||
ports: 18
|
||||
ap17:
|
||||
mode: trunk
|
||||
ports: 19
|
||||
ap38:
|
||||
mode: trunk
|
||||
ports: 7
|
||||
password: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQgAhPMG6VKUFLVNZmVfZ6P21CrXRmUeExuxIg4QIrYtKfYe
|
||||
cxWst/IuHnDyL2TP8yGb00sjz7o0psZ9Z+zRCi/ONONyNzee103ymjXxk0Ygekid
|
||||
1IGVeSTqskrgOl53mFZEfP4nBcOqzcNFjMkm0c5B2OmHHHOokOJ5Xzsya120SGXk
|
||||
JnYFVsRD6GFwuF88pgQ5VrGd5/drMaIrNkJ69dyfvYdHRTd0UgtiZFOMesRYFFP7
|
||||
+QdSW1MFoVZnjZgLeoNF/efIhHnTdClROCMZBYU5Z3pQcHAfE4GN3w+MceP/+5EY
|
||||
z3wuSNpsuYNr8NnEDvofTJGdOLuclE6JPFvJMg1QptJKASfn3ZlOrL4ohbPGaDQ6
|
||||
z1P+6DJXliXS7dBdxH0bsB2qRZslmcj286D9bPgTsuvCzOaxcTtkM8y76gVVOVBI
|
||||
TN+j1/OdlXyVmTM=
|
||||
=XUUi
|
||||
-----END PGP MESSAGE-----
|
||||
|
||||
# Unused: 3
|
||||
switch-d1:
|
||||
model: 'TL-SG3210'
|
||||
location: Turm D Elektroraum
|
||||
ports:
|
||||
switch-b1:
|
||||
mode: bond
|
||||
ports: 1
|
||||
group: 1
|
||||
ap9:
|
||||
mode: trunk
|
||||
ports: 5
|
||||
ap10:
|
||||
mode: trunk
|
||||
ports: 4
|
||||
ap7:
|
||||
mode: trunk
|
||||
# Turm D, 5. Etage
|
||||
ports: 8
|
||||
ap22:
|
||||
mode: trunk
|
||||
ports: 2
|
||||
ap12:
|
||||
mode: trunk
|
||||
ports: 7
|
||||
ap3:
|
||||
mode: trunk
|
||||
ports: 3
|
||||
password: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQgAkS9jHdnqPPary/yduPsA3Ya1rrERxfZxJnvicexUKl7b
|
||||
eJlLe8e1BQE3BTaqkvLcBrGztBBvrgnv+kzmSTCd5jbL2/fFOdhedBsNjWpYtA7A
|
||||
o6PPfYHka/Km4J/MihzVac9XUbBFhN0ETGYbGi0upPHHEKht3bUNzqkzvHxhQ8lJ
|
||||
D7dDPs3vJXx3Ey8taZawdLJ9IcthvSojt8Un5A/SpdroW2CF4u0Gubuz+9D5i0T5
|
||||
vXDqDQqEewu7pofxZ8TR4PY9PNHT9kmHyI2sIq1AkqP0Mn8wKP7dJVrUS3Z+xBUt
|
||||
/f0B+8a0EJDuQBB2p7yRlBcg5d58TGB59pptmLpQ39JDAbZxHQymPKy3R14k1wKa
|
||||
fYvaMBkaGtcu/foCb1r3xfAZOJSF5MT754wjvxB1bl/iizqJQm+WN3YAkja/Gwh+
|
||||
J31/Ng==
|
||||
=e45t
|
||||
-----END PGP MESSAGE-----
|
||||
|
||||
switch-c3d2-main:
|
||||
model: 'HP-procurve-2824'
|
||||
location: C3D2
|
||||
# Ports 1-19 ungerade oben
|
||||
# Ports 2-20 gerade unten
|
||||
# (15, 16 gehen aktuell nach Haus A)
|
||||
# Ports 21-24 unten seitlich (optional optisch)
|
||||
# Unused Port 7 geht aktuell nach Turm C Erdgeschoss
|
||||
ports:
|
||||
mgmt:
|
||||
mode: access
|
||||
ports: 1
|
||||
switch-b1:
|
||||
mode: bond
|
||||
group: 1
|
||||
ports: 21-24
|
||||
ap2:
|
||||
mode: trunk
|
||||
ports: 3
|
||||
ap31:
|
||||
mode: trunk
|
||||
ports: 2
|
||||
# For testing a new ap
|
||||
ap-test1:
|
||||
mode: trunk
|
||||
ports: 4
|
||||
# For testing a new ap
|
||||
ap-test2:
|
||||
mode: trunk
|
||||
ports: 5
|
||||
iso4:
|
||||
mode: access
|
||||
ports: 6
|
||||
# Freifunk Mesh-on-LAN
|
||||
bmx:
|
||||
mode: access
|
||||
ports: 7
|
||||
c3d2:
|
||||
mode: access
|
||||
ports: '8-20'
|
||||
|
||||
password: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf+P65UkLF8x+pDNEoeSISflL8QTPih/D8lP5CK5gYTaL6x
|
||||
0SoVanRYdXERiXdZ1FXw/zorg76Ofpa35k+88wRK7XxGDkP62TC26Qeu8ZbCX4kR
|
||||
t+IQSlKk74YTCC15vBFF+pAa5PFCWPBiWcl5yKTxCNy7e/wHSVtusia6WcmvwJJy
|
||||
M4cY8uPiKEtwLqwZ6hJIjNbjU8yFRI3EQ1irTcd/6WBErIoaaeQT5GpUvPQ6xa6R
|
||||
lfw0OVmKK31Kmwgs+Wty/hiBlASMGdUQZDHVwsoLyFIpWejH+lfY4RMkdqz8BP2a
|
||||
CFxQMWipc4lXMw1n4oXpkr5DPAYB0d2vDPL2sKV5KNJJAe9RC4rLlk+9uYqE4PyK
|
||||
RswLCZhHuKqFa07ufkRpbFGyywAa70UXtbvPkbJb6G1mJ75ozXTS11JqhAdnHCBC
|
||||
2i+VD94/nzLdvg==
|
||||
=1SbG
|
||||
-----END PGP MESSAGE-----
|
||||
|
||||
# switch-a1-poe:
|
||||
# password: |
|
||||
# ----BEGIN PGP MESSAGE-----
|
||||
|
||||
# hQEMA2PKcvDMvlKLAQf/ZSCPgN2uBCz3eZgIhOlTsAIxOHugCrROoXzmnV+XiD8j
|
||||
# BP3T/KWCooFhdiWx9STyVJWk/tKz3UoVm+PmfYVeM7N3/FCXvN9N8eM1LNat/KVF
|
||||
# frAu9raBhvH12DOBvSa5ouC9dbM/ggh/joJBUhIppGZk0aBGTjYcdxnQPGZmkwej
|
||||
# ysnrKedMuIXGh+NWGusTe2Pgs81Ei5w/rnRp4jJZd4YD5hIVnO2KqPT50mlmc4Hi
|
||||
# 6eg65oqFrzG5bJb1NYObt3D66nHpKZPoOXiw2Gg87twFvRsV7x+dyXuNvsOr3nIb
|
||||
# Keeib9sXus67+zNwGJ5MmnZz5kM+iLE3AcTAQ67andJEAQAvyoDfxMMlMqhx/QNU
|
||||
# VlTLZwdATmZ/JdCSoN+ti1+XG+7Lo7faOpUW/CxYD5iiSHsrA1/TvhZkVDB+Oqmx
|
||||
# NJUMaDQ=
|
||||
# =kig9
|
||||
# -----END PGP MESSAGE-----
|
||||
|
||||
switch-a1:
|
||||
model: 'TL-SG3210'
|
||||
location: Saal A
|
||||
ports:
|
||||
# ZW stage
|
||||
priv25:
|
||||
mode: access
|
||||
ports:
|
||||
- 2
|
||||
- 3
|
||||
- 4
|
||||
- 5
|
||||
pub:
|
||||
mode: access
|
||||
ports:
|
||||
- 8
|
||||
# ZW office
|
||||
priv31:
|
||||
mode: access
|
||||
ports:
|
||||
- 6
|
||||
switch-c1:
|
||||
# Eigentlich gehen diese Ports durch das dumme PoE-Switch mit
|
||||
# statisch konfigurierter Aggregation
|
||||
mode: trunk
|
||||
ports: 7
|
||||
iso4:
|
||||
mode: access
|
||||
ports:
|
||||
- 1
|
||||
password: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQgAkS9jHdnqPPary/yduPsA3Ya1rrERxfZxJnvicexUKl7b
|
||||
eJlLe8e1BQE3BTaqkvLcBrGztBBvrgnv+kzmSTCd5jbL2/fFOdhedBsNjWpYtA7A
|
||||
o6PPfYHka/Km4J/MihzVac9XUbBFhN0ETGYbGi0upPHHEKht3bUNzqkzvHxhQ8lJ
|
||||
D7dDPs3vJXx3Ey8taZawdLJ9IcthvSojt8Un5A/SpdroW2CF4u0Gubuz+9D5i0T5
|
||||
vXDqDQqEewu7pofxZ8TR4PY9PNHT9kmHyI2sIq1AkqP0Mn8wKP7dJVrUS3Z+xBUt
|
||||
/f0B+8a0EJDuQBB2p7yRlBcg5d58TGB59pptmLpQ39JDAbZxHQymPKy3R14k1wKa
|
||||
fYvaMBkaGtcu/foCb1r3xfAZOJSF5MT754wjvxB1bl/iizqJQm+WN3YAkja/Gwh+
|
||||
J31/Ng==
|
||||
=e45t
|
||||
-----END PGP MESSAGE-----
|
||||
|
||||
switch-dach:
|
||||
model: 'HP-procurve-2824'
|
||||
location: Dach
|
||||
ports:
|
||||
mgmt:
|
||||
mode: access
|
||||
ports: '1'
|
||||
switch-c1:
|
||||
mode: trunk
|
||||
ports: '24'
|
||||
# Starlink
|
||||
up3:
|
||||
mode: access
|
||||
ports: '3'
|
||||
nostp: true
|
||||
# Freifunk Mesh-on-LAN
|
||||
bmx:
|
||||
mode: access
|
||||
ports: '10-19'
|
||||
serv:
|
||||
mode: access
|
||||
ports: '6-9'
|
||||
password: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQgAkS9jHdnqPPary/yduPsA3Ya1rrERxfZxJnvicexUKl7b
|
||||
eJlLe8e1BQE3BTaqkvLcBrGztBBvrgnv+kzmSTCd5jbL2/fFOdhedBsNjWpYtA7A
|
||||
o6PPfYHka/Km4J/MihzVac9XUbBFhN0ETGYbGi0upPHHEKht3bUNzqkzvHxhQ8lJ
|
||||
D7dDPs3vJXx3Ey8taZawdLJ9IcthvSojt8Un5A/SpdroW2CF4u0Gubuz+9D5i0T5
|
||||
vXDqDQqEewu7pofxZ8TR4PY9PNHT9kmHyI2sIq1AkqP0Mn8wKP7dJVrUS3Z+xBUt
|
||||
/f0B+8a0EJDuQBB2p7yRlBcg5d58TGB59pptmLpQ39JDAbZxHQymPKy3R14k1wKa
|
||||
fYvaMBkaGtcu/foCb1r3xfAZOJSF5MT754wjvxB1bl/iizqJQm+WN3YAkja/Gwh+
|
||||
J31/Ng==
|
||||
=e45t
|
||||
-----END PGP MESSAGE-----
|
|
@ -1,62 +0,0 @@
|
|||
base:
|
||||
'*':
|
||||
- hosts
|
||||
- subnets
|
||||
- vlans
|
||||
'server1':
|
||||
- lxc-containers.server1
|
||||
- bird.ospf
|
||||
- switches
|
||||
- cpe.aps
|
||||
- collectd.server1
|
||||
- keys
|
||||
'server2':
|
||||
- lxc-containers.server1
|
||||
- bird.ospf
|
||||
- switches
|
||||
- cpe.aps
|
||||
- collectd.server1
|
||||
- keys
|
||||
'priv*-gw':
|
||||
- dhcp
|
||||
- bird.radv
|
||||
- bird.ospf
|
||||
- collectd.gw
|
||||
'pub-gw or serv-gw':
|
||||
- dhcp
|
||||
- bird.radv
|
||||
- bird.ospf
|
||||
'pub-gw':
|
||||
- collectd.gw
|
||||
'c3d2-gw* or c3d2-anon or mgmt-gw or cls-gw':
|
||||
- bird.ospf
|
||||
'c3d2-gw1 or cls-gw':
|
||||
- bird.radv
|
||||
'bgp':
|
||||
- bird.ospf
|
||||
- bird.bgp
|
||||
'upstream*':
|
||||
- bird.ospf
|
||||
- collectd.upstream
|
||||
# for forward-zones in unbound
|
||||
- bind.dns
|
||||
'upstream1':
|
||||
- upstream.upstream1
|
||||
- bind.dyndns.upstream1
|
||||
'upstream2':
|
||||
- upstream.upstream2
|
||||
- bind.dyndns.upstream2
|
||||
'anon*':
|
||||
- bird.ospf
|
||||
- wireguard.anon1
|
||||
- upstream.anon1
|
||||
- collectd.upstream
|
||||
- bind.dyndns.anon1
|
||||
- bind.dns
|
||||
'dns':
|
||||
- bind.dns
|
||||
- bind.dyndns.upstream1
|
||||
- bind.dyndns.upstream2
|
||||
- bind.dyndns.anon1
|
||||
'stats':
|
||||
- collectd.stats-server
|
|
@ -1,5 +0,0 @@
|
|||
upstream:
|
||||
interface: protonvpn
|
||||
nat66-interface: protonvpn
|
||||
up-bandwidth: 45000
|
||||
flows: 4096
|
|
@ -1,46 +0,0 @@
|
|||
upstream:
|
||||
interface: up1
|
||||
nat66-interface: 6to4
|
||||
up-bandwidth: 52500
|
||||
flows: 2048
|
||||
|
||||
port-forwarding:
|
||||
- proto: tcp
|
||||
port: 80
|
||||
to: 172.20.73.45:80
|
||||
- proto: tcp
|
||||
port: 443
|
||||
to: 172.20.73.45:443
|
||||
- proto: udp
|
||||
port: 2325
|
||||
to: 172.22.99.253
|
||||
- proto: udp
|
||||
port: 2399
|
||||
to: 172.22.99.253
|
||||
- proto: udp
|
||||
port: 2327
|
||||
to: 172.22.99.253
|
||||
- proto: udp
|
||||
port: 2338
|
||||
to: 172.22.99.253
|
||||
- proto: udp
|
||||
port: 2339
|
||||
to: 172.22.99.253
|
||||
- proto: udp
|
||||
port: 40533
|
||||
to: 172.22.99.253
|
||||
- proto: udp
|
||||
port: 61699
|
||||
to: 172.22.99.253
|
||||
- proto: tcp
|
||||
port: 2222
|
||||
to: 172.20.74.210:22
|
||||
- proto: tcp
|
||||
port: 8443
|
||||
to: 172.20.74.210:443
|
||||
- proto: tcp
|
||||
port: 2223
|
||||
to: 172.20.73.47:22
|
||||
- proto: udp
|
||||
port: 30000
|
||||
to: 172.20.73.48:30000
|
|
@ -1,41 +0,0 @@
|
|||
#!yaml|gpg
|
||||
|
||||
upstream:
|
||||
interface: up2
|
||||
nat66-interface: up2
|
||||
up-bandwidth: 52500
|
||||
flows: 2048
|
||||
|
||||
port-forwarding:
|
||||
- proto: udp
|
||||
port: 1194
|
||||
to: 172.20.75.9:1194
|
||||
- proto: tcp
|
||||
port: 2222
|
||||
to: 172.20.74.210:22
|
||||
- proto: tcp
|
||||
port: 8443
|
||||
to: 172.20.74.210:443
|
||||
|
||||
ipv6-tunnel:
|
||||
endpoint: 216.66.80.30
|
||||
address: 2001:470:1f0a:12b2::2/64
|
||||
gateway: 2001:470:1f0a:12b2::1
|
||||
|
||||
tunnelbroker:
|
||||
tunnel_id: '407181'
|
||||
username: 'C3D2HQ'
|
||||
key: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf+MPl9B7V1GfG+ps+cILxxnGA8nx9KN69Zj03T5KVYMWw7
|
||||
6nMfXyhC6ZV3BTVUPqY290SaMP0wa4YjpewypfILoJLQDGV7SQaR8eVVCXQYusXK
|
||||
M+L1jWr8f+GOCH5BYsX4WS0PhJ0EplSDlbsvT2NiLc7SFGsrLwpfL4jLJJ3ICSif
|
||||
BbKZy7aovpAXmaeTFaYR7wsclXk7hM94U0uaF9HJK0e9WDFuHuz7dbAXLVFIHFIx
|
||||
UdrjoA8GfRoCqMLXe9Uce+MPvkJX3m0oAtc68Znw/4ndMm6FIyuUhA/jh+gt4/2B
|
||||
BXCch68PGnKNiFmRDW+h17ZiAFeobyb960wJBammLNJLAS+adCeoDgJCxXTzZ5Rh
|
||||
IFEdKAewlFa1RXWn0HhGu7FYoeM+EbuH/ZYW9TOIWYRb3Ol36MPDoRuPEWU/bETG
|
||||
UQEvc22wrpxOfjIA
|
||||
=UbJD
|
||||
-----END PGP MESSAGE-----
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
vlans:
|
||||
# switches and CPE only have IP addresses configured in the management vlan
|
||||
mgmt: 1
|
||||
# routers, OSPF area 0
|
||||
core: 2
|
||||
# servers...
|
||||
serv: 3
|
||||
# ZW public
|
||||
pub: 4
|
||||
# C3D2 home network
|
||||
c3d2: 5
|
||||
cluster: 6
|
||||
bmx: 7
|
||||
# Modems
|
||||
{%- for i in range(1, 5) %}
|
||||
up{{ i }}: {{ i + 9 }}
|
||||
{%- endfor %}
|
||||
# Neighbor subnets
|
||||
{%- for i in range(1, 62) %}
|
||||
priv{{ i }}: {{ i + 39 }}
|
||||
{%- endfor %}
|
||||
# Isolated neighbors directly connection with their modems
|
||||
{%- for i in range(1, 17) %}
|
||||
iso{{ i }}: {{ i + 100 }}
|
||||
{%- endfor %}
|
|
@ -1,85 +0,0 @@
|
|||
#!yaml|gpg
|
||||
|
||||
openvpn:
|
||||
protonvpn:
|
||||
server: nl-free-01.protonvpn.com
|
||||
user: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf7BCwzkTetWarslcjqPyMRqMmbigVnQmp2Fjr/jRy9VhFr
|
||||
AljofSuYyWwWVk9aPGh5dNXShT4CzKs2eSrSno2H71bnuqxfc80dqhO3loM63NZL
|
||||
EchUhT09keQ580WEp3CziDXDbe8T5clmour7Dy9kX/AI+WqeKtdAjgBaI50M3m6f
|
||||
4TWt5zIUyMSxHtyEbpTswAtjD4GmjfsVHCUIw+EyfMsBVqRxYWDjtRUUE35wMeWm
|
||||
k0DpyU5MF5CmKM108h8v69ti223kjB5hc+b/lg7lcr+8bjr3f9ELeg0pvtlkx4ps
|
||||
VS8TXOIhT3KF7Bu9qKhmQFd5rwE5ColTiTcKpeq3iNJbAX3IIx7mvJSlYAeSwj0Y
|
||||
2l4LUvpl1f+IQ/PhRMNO1TZEqbG7q762skrD/9DVbpRpFblqKhj9tuyv0OFiPPCa
|
||||
QcVW+MHwyqKZ1g1/KVXAaEWTdIP3qyuvA4zOGQ==
|
||||
=BLbr
|
||||
-----END PGP MESSAGE-----
|
||||
password: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf9FW6GeyPCaJm9ftIW89GX61TCnzMPXzK8i9hwA9mmRJxb
|
||||
DuZ9gbMD5WKzgVNoCEXmKZ1nnbSTwCn1YjhMWwmmextrAuAGQiGqFtzG+KiyUGr6
|
||||
PG3iHXtzcz2v+oElB7hswnfpRS4XVB9VP/LlPk2azY1jaF+EyfO4WkN4Dg0ldIal
|
||||
ulrOknmFKAQjbuPeRsejOEnpNocLd0fh5Phza66g4YxmPAT9QznOXCumrKrEoC5q
|
||||
SW/9DxJugCiYmU5ti8pdySBVeRqeoen35tXdyl/8tMX0R97c27HCzzPRcMaQxQVc
|
||||
yyrTDEib5T0PiphbtHcXBovlna87gUQn2uM+Zm3IL9JbAeadBusliNidAaMaB/hN
|
||||
2jQcqRxJmTp+Xo7vLzziAlaGhYEivq2ROasgaXa97qbkFIIvy4HVJrRtx7s8xuli
|
||||
s8uY4mS0ZjVgGvFYO2ZMD+TIKZxbd6XwAFDBlA==
|
||||
=fZBz
|
||||
-----END PGP MESSAGE-----
|
||||
ca: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFozCCA4ugAwIBAgIBATANBgkqhkiG9w0BAQ0FADBAMQswCQYDVQQGEwJDSDEV
|
||||
MBMGA1UEChMMUHJvdG9uVlBOIEFHMRowGAYDVQQDExFQcm90b25WUE4gUm9vdCBD
|
||||
QTAeFw0xNzAyMTUxNDM4MDBaFw0yNzAyMTUxNDM4MDBaMEAxCzAJBgNVBAYTAkNI
|
||||
MRUwEwYDVQQKEwxQcm90b25WUE4gQUcxGjAYBgNVBAMTEVByb3RvblZQTiBSb290
|
||||
IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAt+BsSsZg7+AuqTq7
|
||||
vDbPzfygtl9f8fLJqO4amsyOXlI7pquL5IsEZhpWyJIIvYybqS4s1/T7BbvHPLVE
|
||||
wlrq8A5DBIXcfuXrBbKoYkmpICGc2u1KYVGOZ9A+PH9z4Tr6OXFfXRnsbZToie8t
|
||||
2Xjv/dZDdUDAqeW89I/mXg3k5x08m2nfGCQDm4gCanN1r5MT7ge56z0MkY3FFGCO
|
||||
qRwspIEUzu1ZqGSTkG1eQiOYIrdOF5cc7n2APyvBIcfvp/W3cpTOEmEBJ7/14RnX
|
||||
nHo0fcx61Inx/6ZxzKkW8BMdGGQF3tF6u2M0FjVN0lLH9S0ul1TgoOS56yEJ34hr
|
||||
JSRTqHuar3t/xdCbKFZjyXFZFNsXVvgJu34CNLrHHTGJj9jiUfFnxWQYMo9UNUd4
|
||||
a3PPG1HnbG7LAjlvj5JlJ5aqO5gshdnqb9uIQeR2CdzcCJgklwRGCyDT1pm7eoiv
|
||||
WV19YBd81vKulLzgPavu3kRRe83yl29It2hwQ9FMs5w6ZV/X6ciTKo3etkX9nBD9
|
||||
ZzJPsGQsBUy7CzO1jK4W01+u3ItmQS+1s4xtcFxdFY8o/q1zoqBlxpe5MQIWN6Qa
|
||||
lryiET74gMHE/S5WrPlsq/gehxsdgc6GDUXG4dk8vn6OUMa6wb5wRO3VXGEc67IY
|
||||
m4mDFTYiPvLaFOxtndlUWuCruKcCAwEAAaOBpzCBpDAMBgNVHRMEBTADAQH/MB0G
|
||||
A1UdDgQWBBSDkIaYhLVZTwyLNTetNB2qV0gkVDBoBgNVHSMEYTBfgBSDkIaYhLVZ
|
||||
TwyLNTetNB2qV0gkVKFEpEIwQDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFByb3Rv
|
||||
blZQTiBBRzEaMBgGA1UEAxMRUHJvdG9uVlBOIFJvb3QgQ0GCAQEwCwYDVR0PBAQD
|
||||
AgEGMA0GCSqGSIb3DQEBDQUAA4ICAQCYr7LpvnfZXBCxVIVc2ea1fjxQ6vkTj0zM
|
||||
htFs3qfeXpMRf+g1NAh4vv1UIwLsczilMt87SjpJ25pZPyS3O+/VlI9ceZMvtGXd
|
||||
MGfXhTDp//zRoL1cbzSHee9tQlmEm1tKFxB0wfWd/inGRjZxpJCTQh8oc7CTziHZ
|
||||
ufS+Jkfpc4Rasr31fl7mHhJahF1j/ka/OOWmFbiHBNjzmNWPQInJm+0ygFqij5qs
|
||||
51OEvubR8yh5Mdq4TNuWhFuTxpqoJ87VKaSOx/Aefca44Etwcj4gHb7LThidw/ky
|
||||
zysZiWjyrbfX/31RX7QanKiMk2RDtgZaWi/lMfsl5O+6E2lJ1vo4xv9pW8225B5X
|
||||
eAeXHCfjV/vrrCFqeCprNF6a3Tn/LX6VNy3jbeC+167QagBOaoDA01XPOx7Odhsb
|
||||
Gd7cJ5VkgyycZgLnT9zrChgwjx59JQosFEG1DsaAgHfpEl/N3YPJh68N7fwN41Cj
|
||||
zsk39v6iZdfuet/sP7oiP5/gLmA/CIPNhdIYxaojbLjFPkftVjVPn49RqwqzJJPR
|
||||
N8BOyb94yhQ7KO4F3IcLT/y/dsWitY0ZH4lCnAVV/v2YjWAWS3OWyC8BFx/Jmc3W
|
||||
DK/yPwECUcPgHIeXiRjHnJt0Zcm23O2Q3RphpU+1SO3XixsXpOVOYP6rJIXW9bMZ
|
||||
A1gTTlpi7A==
|
||||
-----END CERTIFICATE-----
|
||||
key: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf+IvF6zK4TMYgQIrt30zB2QGPU28pRD6gAmcEJman1QzH6
|
||||
vMrjONchjC3qTE9GVhFlyuxHZaYHFOFEW8y7JV7VBR0BGWa5WwalbXngkyJfL/SM
|
||||
A2zXH/7d5w1TBM0uJBb3vCKeqjBnw47Vm5jDh2CG7kJuD08330WNpnl2pZJebDBH
|
||||
IWbcGrI8M45fcPS3ui2HM+PoFUmVNP3EaXRSxLQlK4CpQjVmz7Adf11+f1HotYE5
|
||||
V5DIbqF0nqYdMgekg026d4TwZbhX8kAXtiJmGVd9Wwy6Osq9gGb8QmbjMNRpjdRp
|
||||
1P2dD5HIdipmWQDCc+NEoowzsNobSteq+yz8mmCfPNLA/gHOCApyk/YeVjxpTaJU
|
||||
OLlHBcZ2p35pc+aeKhxQyKqSr8dEnGrgWLjiHxo637D2PtI9NGGxOdEzPTeYzvzq
|
||||
Gf9qIWmYWQdFiHcWGn42p8/sdSaqrixGNUhwc9ZnXzBaGF2j4mJ5lR8pgorfr2Wc
|
||||
wOPQRFAwxFRMXonPvOHRYb8ARs7JWAMjqtEDbnaHYmvduqWYEpKZeUqlKAyl5d4h
|
||||
Pou1u8W6HeFSOK5Dz/wSTHUB+/COLoR4xMv+ChBGWQkex4TlMzGroe0VjK4Zf4Ya
|
||||
IPu/MZF6Pqi9AN+yydUnkpZWYcICGH5NPy7gVt8okKuAhqYJcrq5JTvqvyUTNdS2
|
||||
icdTSPNY2k3+YvLmDwCqolIjB+kjOKjZw2bjZ1HV7RCrKJhXOxdyd9ktGFOlNCtw
|
||||
UHZoIFg0TCYxEvNHoZyjJzp9V0d/CQBBCYmwD9hIFr602WQv7+Ro6b4CFCFXytOC
|
||||
msSAsLx1oBgJAOs9lcBwD7nCyWNwsk/MsE9OsJICYA/8ZzJPuqcJLwEm9tmPcWGF
|
||||
0ws4GJAet9U4TDwUEYdV9AvcBsl5MHNb4cgIfPuJWZ11Wx2MQ9RuD6L8fDI5H8wI
|
||||
=164/
|
||||
-----END PGP MESSAGE-----
|
|
@ -1,20 +0,0 @@
|
|||
#!yaml|gpg
|
||||
wireguard-instances:
|
||||
'njalla':
|
||||
private_key: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf/WyZLuFilGCU8WGG2i0IaX5ek9vvQ1eIEXKMmTXyU4OG8
|
||||
ynaGYNwC5wKDxNhVas+twnCSpXpZLw61eRQrK6IhZnl69dzhFRZ5gR9T3VnMKNP6
|
||||
2WsNQp5oEsNutvNw/6AkFm653T79zq/Rj3K+BM//+x3WKFShK+o/Y0+7L+2YEAo8
|
||||
IeMS7nbB018acYZv0cEJGHJvcL/zHm6+IyW6WRz0tu5yaI8iwLMGDj6blVCu7efd
|
||||
0JUAVPT+IrUhph6bH4jokkqxS0VCTgDmtLFmFDsCqv7SXwvDz4CvfzEPVATkiLNh
|
||||
PCQBetoBbDkfEieulod8//O8j6EIa+rerGjwdvxX4dJnAfLGmn8KSDTcQUWhqFwI
|
||||
lpy2QkY5XtuqKWM1tm0qel92kNKd7zcBfjtQxTorOXsxch39nHGZJ4LV6u/Li2ss
|
||||
ku2TdReHWjrpIvY/PCIZNEBUYcqNJI2SUT9LA95pc38pH4SugBI9TQ==
|
||||
=ddWH
|
||||
-----END PGP MESSAGE-----
|
||||
addr: 'fd03:1337::210/64, 10.13.37.210/24'
|
||||
peers:
|
||||
- public_key: 'xhbsrE6GyyJZD8pwLBU694NWMzVCeRoqghTeGhMudl0='
|
||||
endpoint: '198.167.192.29:51820'
|
Loading…
Reference in New Issue