home.router: temporary LTE uplink
This commit is contained in:
parent
ad7f722f31
commit
0c877e5d10
GPG key ID:
12E3D2136B818350
1 changed files with 53 additions and 40 deletions
|
|
@ -2,14 +2,14 @@ nodes['home.router'] = {
|
||||||
'hostname': '172.19.138.1',
|
'hostname': '172.19.138.1',
|
||||||
'bundles': {
|
'bundles': {
|
||||||
'bird',
|
'bird',
|
||||||
'jool',
|
# 'jool',
|
||||||
'kea-dhcp-server',
|
'kea-dhcp-server',
|
||||||
'nginx',
|
'nginx',
|
||||||
'pppd',
|
# 'pppd',
|
||||||
'radvd',
|
# 'radvd',
|
||||||
'unbound',
|
'unbound',
|
||||||
'vnstat',
|
'vnstat',
|
||||||
'wide-dhcp6c',
|
# 'wide-dhcp6c',
|
||||||
'wireguard',
|
'wireguard',
|
||||||
},
|
},
|
||||||
'groups': {
|
'groups': {
|
||||||
|
|
@ -17,6 +17,9 @@ nodes['home.router'] = {
|
||||||
},
|
},
|
||||||
'metadata': {
|
'metadata': {
|
||||||
'interfaces': {
|
'interfaces': {
|
||||||
|
'enp1s0.7': {
|
||||||
|
'dhcp': True,
|
||||||
|
},
|
||||||
'enp1s0.1138': {
|
'enp1s0.1138': {
|
||||||
'ips': {
|
'ips': {
|
||||||
'172.19.138.1/24',
|
'172.19.138.1/24',
|
||||||
|
|
@ -45,7 +48,7 @@ nodes['home.router'] = {
|
||||||
# connected longer than 24 hours. We install this cronjob
|
# connected longer than 24 hours. We install this cronjob
|
||||||
# to make sure we don't get disconnected randomly during the
|
# to make sure we don't get disconnected randomly during the
|
||||||
# day.
|
# day.
|
||||||
'restart_pppd': r'23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status',
|
# 'restart_pppd': r'23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'kea-dhcp-server': {
|
'kea-dhcp-server': {
|
||||||
|
|
@ -84,6 +87,9 @@ nodes['home.router'] = {
|
||||||
'iifname enp1s0.1138 accept',
|
'iifname enp1s0.1138 accept',
|
||||||
'ip6 nexthdr ipv6-icmp accept',
|
'ip6 nexthdr ipv6-icmp accept',
|
||||||
'tcp dport 22 accept',
|
'tcp dport 22 accept',
|
||||||
|
|
||||||
|
# XXX temp
|
||||||
|
'iifname enp1s0.1139 oifname enp1s0.7 accept',
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
'prerouting': {
|
'prerouting': {
|
||||||
|
|
@ -91,6 +97,13 @@ nodes['home.router'] = {
|
||||||
'tcp dport 2022 dnat 172.19.138.20:22',
|
'tcp dport 2022 dnat 172.19.138.20:22',
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
|
||||||
|
# XXX temp
|
||||||
|
'postrouting': {
|
||||||
|
'50-router': [
|
||||||
|
'oifname enp1s0.7 masquerade',
|
||||||
|
],
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'nginx': {
|
'nginx': {
|
||||||
'restrict-to': {
|
'restrict-to': {
|
||||||
|
|
@ -105,39 +118,39 @@ nodes['home.router'] = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'radvd': {
|
# 'radvd': {
|
||||||
'interfaces': {
|
# 'interfaces': {
|
||||||
'enp1s0.1138': {
|
# 'enp1s0.1138': {
|
||||||
'rdnss': {
|
# 'rdnss': {
|
||||||
'fe80::1',
|
# 'fe80::1',
|
||||||
},
|
# },
|
||||||
},
|
# },
|
||||||
'enp1s0.1139': {
|
# 'enp1s0.1139': {
|
||||||
'rdnss': {
|
# 'rdnss': {
|
||||||
'fe80::1',
|
# 'fe80::1',
|
||||||
},
|
# },
|
||||||
},
|
# },
|
||||||
},
|
# },
|
||||||
},
|
# },
|
||||||
'postfix': {
|
'postfix': {
|
||||||
'mynetworks': {
|
'mynetworks': {
|
||||||
'172.19.138.0/24',
|
'172.19.138.0/24',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'pppd': {
|
# 'pppd': {
|
||||||
'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='),
|
# 'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='),
|
||||||
'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='),
|
# 'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='),
|
||||||
'interface': 'enp1s0.7',
|
# 'interface': 'enp1s0.7',
|
||||||
'dyndns': {
|
# 'dyndns': {
|
||||||
'domain': 'franzi-home.kunbox.net',
|
# 'domain': 'franzi-home.kunbox.net',
|
||||||
'url': 'https://ns-mephisto.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ips}',
|
# 'url': 'https://ns-mephisto.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ips}',
|
||||||
'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='),
|
# 'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='),
|
||||||
'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
|
# 'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
|
||||||
},
|
# },
|
||||||
'nftables-rules.d': {
|
# 'nftables-rules.d': {
|
||||||
'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept',
|
# 'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept',
|
||||||
},
|
# },
|
||||||
},
|
# },
|
||||||
'unbound': {
|
'unbound': {
|
||||||
'dns64': False,
|
'dns64': False,
|
||||||
'restrict-to': {
|
'restrict-to': {
|
||||||
|
|
@ -155,13 +168,13 @@ nodes['home.router'] = {
|
||||||
'cpu': 2,
|
'cpu': 2,
|
||||||
'ram': 4,
|
'ram': 4,
|
||||||
},
|
},
|
||||||
'wide-dhcp6c': {
|
# 'wide-dhcp6c': {
|
||||||
'source': 'ppp0',
|
# 'source': 'ppp0',
|
||||||
'targets': {
|
# 'targets': {
|
||||||
'enp1s0.1138': '1',
|
# 'enp1s0.1138': '1',
|
||||||
'enp1s0.1139': '2',
|
# 'enp1s0.1139': '2',
|
||||||
},
|
# },
|
||||||
},
|
# },
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
'snat_ip': '172.19.138.1',
|
'snat_ip': '172.19.138.1',
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue