bundlewrap/nodes/home/router.py

187 lines
6 KiB
Python
Raw Normal View History

2020-11-13 17:47:40 +00:00
nodes['home.router'] = {
'hostname': '172.19.138.1',
2020-11-13 20:41:24 +00:00
'bundles': {
2021-09-29 17:47:14 +00:00
'bird',
2024-02-26 06:27:47 +00:00
'jool',
'kea-dhcp-server',
'nginx',
2020-11-13 20:41:24 +00:00
'pppd',
'radvd',
'unbound',
'vnstat',
'wide-dhcp6c',
'wireguard',
2020-11-13 20:41:24 +00:00
},
2020-11-21 09:55:09 +00:00
'groups': {
'debian-bookworm',
2020-11-21 09:55:09 +00:00
},
2020-11-13 17:47:40 +00:00
'metadata': {
'interfaces': {
2023-03-27 11:52:08 +00:00
'enp1s0.1138': {
2020-11-13 17:47:40 +00:00
'ips': {
2023-03-27 11:52:08 +00:00
'172.19.138.1/24',
'fd90:2017:0:1138::1/64',
2020-11-13 17:47:40 +00:00
},
},
2023-03-27 11:52:08 +00:00
'enp1s0.1139': {
2020-11-13 17:47:40 +00:00
'ips': {
2023-03-27 11:52:08 +00:00
'172.19.139.1/24',
2020-11-13 17:47:40 +00:00
},
},
'enp1s0.2000': {
'ips': {
'fd90:2017:0:2000::1/64',
},
},
},
2020-11-13 17:47:40 +00:00
'backups': {
'exclude_from_backups': True,
},
2021-09-29 17:47:14 +00:00
'bird': {
'static_routes': {
'172.19.138.0/24',
'172.19.139.0/24',
},
},
# 'cron': {
# 'jobs': {
# # Our internet provider resets the connection if you're
# # connected longer than 24 hours. We install this cronjob
# # to make sure we don't get disconnected randomly during the
# # day.
# 'restart_pppd': '23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status',
# },
# },
'kea-dhcp-server': {
2020-12-06 18:52:32 +00:00
'subnets': {
2023-03-27 11:52:08 +00:00
'enp1s0.1138': {
'lower': '172.19.138.100',
'higher': '172.19.138.250',
2021-04-20 16:17:52 +00:00
'subnet': '172.19.138.0/24',
2020-12-06 18:52:32 +00:00
'options': {
'domain-name': 'franzi-home.kunbox.net',
'domain-name-servers': '172.19.138.1',
'domain-search': 'home.kunbox.net',
'routers': '172.19.138.1',
2020-12-06 18:52:32 +00:00
},
},
2023-03-27 11:52:08 +00:00
'enp1s0.1139': {
'lower': '172.19.139.200',
'higher': '172.19.139.250',
2023-03-27 11:52:08 +00:00
'subnet': '172.19.139.0/24',
'options': {
'domain-name-servers': '172.19.139.1',
'routers': '172.19.139.1',
},
},
2020-12-06 18:52:32 +00:00
},
},
'icinga_options': {
# override group default
2023-09-09 15:46:30 +00:00
'also_affected_by': atomic(set()),
# disabled on group level
# XXX reenable this once we can leave the house safely again
#'vars.notification.sms': True
},
'nftables': {
2023-09-24 18:59:58 +00:00
'forward': {
'50-router': [
2023-09-24 18:59:58 +00:00
'ct state { related, established } accept',
'iifname enp1s0.1138 accept',
'iifname enp1s0.2000 accept',
2023-09-24 18:59:58 +00:00
'ip6 nexthdr ipv6-icmp accept',
'tcp dport 22 accept',
2024-02-26 06:27:47 +00:00
# TODO remove this once a better solution exists
'udp dport 53 iifname enp1s0.1138 accept',
'udp dport 53 iifname enp1s0.2000 accept',
2023-09-24 18:59:58 +00:00
],
},
'prerouting': {
'50-router': [
'tcp dport 2022 dnat 172.19.138.20:22',
],
},
},
'nginx': {
'restrict-to': {
'172.19.136.0/25',
'172.19.138.0/24',
2024-02-25 19:56:13 +00:00
'fd90:2017::/32',
},
'vhosts': {
'vnstat': {
'domain': 'router.home.kunbox.net',
'ssl': '_.home.kunbox.net',
},
},
},
'radvd': {
'interfaces': {
'enp1s0.1138': {
'rdnss': {
'fd90:2017:0:1138::1',
},
},
2023-03-29 16:15:51 +00:00
'enp1s0.1139': {},
'enp1s0.2000': {
'rdnss': {
'fd90:2017:0:2000::1',
},
},
},
},
'postfix': {
'mynetworks': {
'172.19.138.0/24',
2024-02-25 19:56:13 +00:00
'fd90:2017::/32',
},
},
2020-11-13 20:41:24 +00:00
'pppd': {
'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='),
'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='),
2023-03-27 11:52:08 +00:00
'interface': 'enp1s0.7',
2020-11-14 11:46:19 +00:00
'dyndns': {
'domain': 'franzi-home.kunbox.net',
'url': 'https://ns-mephisto.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ips}',
2020-11-14 11:46:19 +00:00
'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='),
'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
},
'nftables-rules.d': {
2023-03-29 16:15:51 +00:00
'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept',
},
2020-11-13 20:41:24 +00:00
},
'unbound': {
'restrict-to': {
'172.19.138.0/23',
2024-02-25 19:56:13 +00:00
'fd90:2017::/32',
},
},
'users': {
'f2k1de': {
2024-02-03 18:12:53 +00:00
'delete': True,
},
'fkunsmann': {},
'sophie': {},
},
'vnstat': {
2023-03-27 11:52:08 +00:00
'interface': 'enp1s0.7',
},
2020-11-13 17:47:40 +00:00
'vm': {
'cpu': 2,
2022-12-11 16:43:33 +00:00
'ram': 4,
2020-11-13 17:47:40 +00:00
},
'wide-dhcp6c': {
'source': 'ppp0',
'targets': {
2023-03-27 11:52:08 +00:00
'enp1s0.1138': '1',
'enp1s0.1139': '2',
'enp1s0.2000': '3',
},
},
'wireguard': {
2023-09-10 19:19:23 +00:00
'snat_ip': '172.19.138.1',
},
2020-11-13 17:47:40 +00:00
},
}