From 5f265ea641f06516576ce15ef0513f6a0cf4e385 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Fri, 22 Jun 2018 23:06:34 +0200
Subject: [PATCH] upstream1: prepare dhcp6

---
 salt/top.sls              |  2 ++
 salt/upstream/dhcp6.sls   | 19 +++++++++++++++++++
 salt/upstream/dhcp6c.conf | 21 +++++++++++++++++++++
 salt/upstream/iptables    |  2 ++
 4 files changed, 44 insertions(+)
 create mode 100644 salt/upstream/dhcp6.sls
 create mode 100644 salt/upstream/dhcp6c.conf

diff --git a/salt/top.sls b/salt/top.sls
index 187b84c..274fbc9 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -41,6 +41,8 @@ base:
   'upstream2':
     - upstream.port-forwarding
     - upstream.ipv6-tunnel
+  'upstream1':
+    - upstream.dhcp6
   'anon*':
     - no-ssh
     - forwarding
diff --git a/salt/upstream/dhcp6.sls b/salt/upstream/dhcp6.sls
new file mode 100644
index 000000000..29fe48b
--- /dev/null
+++ b/salt/upstream/dhcp6.sls
@@ -0,0 +1,19 @@
+{%- set interface = pillar['upstream']['interface'] %}
+
+/etc/wide-dhcpv6/dhcp6c.conf:
+  file.managed:
+    - source: salt://upstream/dhcp6c.conf
+    - template: 'jinja'
+    - context:
+        interface: {{ interface }}
+    - mode: 744
+
+wide-dhcpv6-client:
+  pkg.installed: []
+  service:
+    - running
+    - enable: True
+    - restart: True
+    - watch:
+      - file: /etc/wide-dhcpv6/dhcp6c.conf
+      - pkg: wide-dhcpv6-client
diff --git a/salt/upstream/dhcp6c.conf b/salt/upstream/dhcp6c.conf
new file mode 100644
index 000000000..34feeb8
--- /dev/null
+++ b/salt/upstream/dhcp6c.conf
@@ -0,0 +1,21 @@
+interface {{ interface }} {
+    send rapid-commit;
+    send ia-pd 0;
+    send ia-na 0;
+    request sip-server-domain-name;
+    request sip-server-address;
+};
+
+id-assoc pd 0 {
+    prefix ::/56 infinity;
+    prefix-interface core {
+        # 0x81 in decimal
+        sla-id 129;
+        # 64 - 56
+        sla-len 8;
+        # …::0/64
+        ifid 0;
+    };
+};
+id-assoc na 0 {
+};
diff --git a/salt/upstream/iptables b/salt/upstream/iptables
index eb024ce..c285099 100644
--- a/salt/upstream/iptables
+++ b/salt/upstream/iptables
@@ -11,6 +11,8 @@ if [ "$IFACE" = "{{ interface }}" ]; then
    ip6tables -A INPUT -i "$IFACE" -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
    ip6tables -A INPUT -i "$IFACE" -p icmp -j ACCEPT
+   # DHCPv6
+   ip6tables -A INPUT -i "$IFACE" -p udp --sport 547 --dport 546 -j ACCEPT
    iptables -A INPUT -i "$IFACE" -j DROP
    ip6tables -A INPUT -i "$IFACE" -j DROP
    iptables -P INPUT ACCEPT