diff --git a/nodes/home/router.py b/nodes/home/router.py index f318a7b..5f29a19 100644 --- a/nodes/home/router.py +++ b/nodes/home/router.py @@ -2,14 +2,13 @@ nodes['home.router'] = { 'hostname': '172.19.138.1', 'bundles': { 'bird', -# 'jool', 'kea-dhcp-server', 'nginx', -# 'pppd', -# 'radvd', + 'pppd', + 'radvd', 'unbound', 'vnstat', -# 'wide-dhcp6c', + 'wide-dhcp6c', 'wireguard', }, 'groups': { @@ -48,7 +47,7 @@ nodes['home.router'] = { # connected longer than 24 hours. We install this cronjob # to make sure we don't get disconnected randomly during the # day. -# 'restart_pppd': r'23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status', + 'restart_pppd': r'23 2 * * * root systemctl restart pppoe && date -u +\%s > /var/tmp/pppd-last-restart.status', }, }, 'kea-dhcp-server': { @@ -87,9 +86,6 @@ nodes['home.router'] = { 'iifname enp1s0.1138 accept', 'ip6 nexthdr ipv6-icmp accept', 'tcp dport 22 accept', - - # XXX temp - 'iifname enp1s0.1139 oifname enp1s0.7 accept', ], }, 'prerouting': { @@ -97,13 +93,6 @@ nodes['home.router'] = { 'tcp dport 2022 dnat 172.19.138.20:22', ], }, - - # XXX temp - 'postrouting': { - '50-router': [ - 'oifname enp1s0.7 masquerade', - ], - }, }, 'nginx': { 'restrict-to': { @@ -118,39 +107,39 @@ nodes['home.router'] = { }, }, }, -# 'radvd': { -# 'interfaces': { -# 'enp1s0.1138': { -# 'rdnss': { -# 'fe80::1', -# }, -# }, -# 'enp1s0.1139': { -# 'rdnss': { -# 'fe80::1', -# }, -# }, -# }, -# }, + 'radvd': { + 'interfaces': { + 'enp1s0.1138': { + 'rdnss': { + 'fe80::1', + }, + }, + 'enp1s0.1139': { + 'rdnss': { + 'fe80::1', + }, + }, + }, + }, 'postfix': { 'mynetworks': { '172.19.138.0/24', }, }, -# 'pppd': { -# 'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='), -# 'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='), -# 'interface': 'enp1s0.7', -# 'dyndns': { -# 'domain': 'franzi-home.kunbox.net', -# 'url': 'https://ns-mephisto.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ips}', -# 'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='), -# 'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='), -# }, -# 'nftables-rules.d': { -# 'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept', -# }, -# }, + 'pppd': { + 'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='), + 'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='), + 'interface': 'enp1s0.7', + 'dyndns': { + 'domain': 'franzi-home.kunbox.net', + 'url': 'https://ns-mephisto.kunbox.net/nic/update?hostname=franzi-home.kunbox.net&myip={ips}', + 'username': vault.decrypt('encrypt$gAAAAABfr8DLAJhmUIhdxLq83I8MnRRvkRgDZcO8Brvw1KpvplC3K8ZGj0jIIWD3Us33vIP6t0ybd_mgD8slpRUk78Kqd3BMoQ=='), + 'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='), + }, + 'nftables-rules.d': { + 'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept', + }, + }, 'unbound': { 'dns64': False, 'restrict-to': { @@ -168,13 +157,13 @@ nodes['home.router'] = { 'cpu': 2, 'ram': 4, }, -# 'wide-dhcp6c': { -# 'source': 'ppp0', -# 'targets': { -# 'enp1s0.1138': '1', -# 'enp1s0.1139': '2', -# }, -# }, + 'wide-dhcp6c': { + 'source': 'ppp0', + 'targets': { + 'enp1s0.1138': '1', + 'enp1s0.1139': '2', + }, + }, 'wireguard': { 'snat_ip': '172.19.138.1', },