From 0c877e5d1090d18488c1c0c9c6497bec7b0fa0d6 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Thu, 10 Jul 2025 15:43:50 +0200 Subject: [PATCH] home.router: temporary LTE uplink --- nodes/home/router.py | 93 +++++++++++++++++++++++++------------------- 1 file changed, 53 insertions(+), 40 deletions(-) diff --git a/nodes/home/router.py b/nodes/home/router.py index c84b4ef..22098fd 100644 --- a/nodes/home/router.py +++ b/nodes/home/router.py @@ -2,14 +2,14 @@ nodes['home.router'] = { 'hostname': '172.19.138.1', 'bundles': { 'bird', - 'jool', +# 'jool', 'kea-dhcp-server', 'nginx', - 'pppd', - 'radvd', +# 'pppd', +# 'radvd', 'unbound', 'vnstat', - 'wide-dhcp6c', +# 'wide-dhcp6c', 'wireguard', }, 'groups': { @@ -17,6 +17,9 @@ nodes['home.router'] = { }, 'metadata': { 'interfaces': { + 'enp1s0.7': { + 'dhcp': True, + }, 'enp1s0.1138': { 'ips': { '172.19.138.1/24', @@ -45,7 +48,7 @@ nodes['home.router'] = { # connected longer than 24 hours. We install this cronjob # to make sure we don't get disconnected randomly during the # day. - 'restart_pppd': r'23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status', +# 'restart_pppd': r'23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status', }, }, 'kea-dhcp-server': { @@ -84,6 +87,9 @@ nodes['home.router'] = { 'iifname enp1s0.1138 accept', 'ip6 nexthdr ipv6-icmp accept', 'tcp dport 22 accept', + + # XXX temp + 'iifname enp1s0.1139 oifname enp1s0.7 accept', ], }, 'prerouting': { @@ -91,6 +97,13 @@ nodes['home.router'] = { 'tcp dport 2022 dnat 172.19.138.20:22', ], }, + + # XXX temp + 'postrouting': { + '50-router': [ + 'oifname enp1s0.7 masquerade', + ], + }, }, 'nginx': { 'restrict-to': { @@ -105,39 +118,39 @@ nodes['home.router'] = { }, }, }, - 'radvd': { - 'interfaces': { - 'enp1s0.1138': { - 'rdnss': { - 'fe80::1', - }, - }, - 'enp1s0.1139': { - 'rdnss': { - 'fe80::1', - }, - }, - }, - }, +# 'radvd': { +# 'interfaces': { +# 'enp1s0.1138': { +# 'rdnss': { +# 'fe80::1', +# }, +# }, +# 'enp1s0.1139': { +# 'rdnss': { +# 'fe80::1', +# }, +# }, +# }, +# }, 'postfix': { 'mynetworks': { '172.19.138.0/24', }, }, - 'pppd': { - 'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='), - 'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='), - 'interface': 'enp1s0.7', - 'dyndns': { - 'domain': 'franzi-home.kunbox.net', - 'url': 'https://ns-mephisto.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ips}', - 'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='), - 'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='), - }, - 'nftables-rules.d': { - 'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept', - }, - }, +# 'pppd': { +# 'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='), +# 'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='), +# 'interface': 'enp1s0.7', +# 'dyndns': { +# 'domain': 'franzi-home.kunbox.net', +# 'url': 'https://ns-mephisto.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ips}', +# 'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='), +# 'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='), +# }, +# 'nftables-rules.d': { +# 'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept', +# }, +# }, 'unbound': { 'dns64': False, 'restrict-to': { @@ -155,13 +168,13 @@ nodes['home.router'] = { 'cpu': 2, 'ram': 4, }, - 'wide-dhcp6c': { - 'source': 'ppp0', - 'targets': { - 'enp1s0.1138': '1', - 'enp1s0.1139': '2', - }, - }, +# 'wide-dhcp6c': { +# 'source': 'ppp0', +# 'targets': { +# 'enp1s0.1138': '1', +# 'enp1s0.1139': '2', +# }, +# }, 'wireguard': { 'snat_ip': '172.19.138.1', },