kunsi/bundlewrap
1
0
Fork 0
Code Issues 2 Pull requests 1 Releases Activity

Merge branch 'feature/kunsi-ipv6-only-vlan'

Browse source
This commit is contained in:
Franzi 2024-02-26 06:04:58 +01:00
parent 7c9bb42c03 304ce8aa54
commit decbcf9bfd
Signed by: kunsi
GPG key ID: 12E3D2136B818350
3 changed files with 27 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nodes/home.hass.toml
View file

@ -6,7 +6,10 @@ bundles = [
groups = ["debian-bookworm"] groups = ["debian-bookworm"]
[metadata.interfaces.enp1s0] [metadata.interfaces.enp1s0]
ips = ["172.19.138.25/24"] ips = [
"172.19.138.25/24",
"fd90:2017:0:1138::25/64",
]
gateway4 = "172.19.138.1" gateway4 = "172.19.138.1"
ipv6_accept_ra = true ipv6_accept_ra = true

1
nodes/home/nas.py
View file

@ -25,6 +25,7 @@ nodes['home.nas'] = {
'br1138': { 'br1138': {
'ips': { 'ips': {
'172.19.138.20/24', '172.19.138.20/24',
'fd90:2017:0:1138::20/64',
}, },
'gateway4': '172.19.138.1', 'gateway4': '172.19.138.1',
'ipv6_accept_ra': True, 'ipv6_accept_ra': True,

24
nodes/home/router.py
View file

@ -19,6 +19,7 @@ nodes['home.router'] = {
'enp1s0.1138': { 'enp1s0.1138': {
'ips': { 'ips': {
'172.19.138.1/24', '172.19.138.1/24',
'fd90:2017:0:1138::1/64',
}, },
}, },
'enp1s0.1139': { 'enp1s0.1139': {
@ -26,6 +27,11 @@ nodes['home.router'] = {
'172.19.139.1/24', '172.19.139.1/24',
}, },
}, },
'enp1s0.2000': {
'ips': {
'fd90:2017:0:2000::1/64',
},
},
}, },
'backups': { 'backups': {
'exclude_from_backups': True, 'exclude_from_backups': True,
@ -80,6 +86,8 @@ nodes['home.router'] = {
'forward': { 'forward': {
'50-router': [ '50-router': [
'ct state { related, established } accept', 'ct state { related, established } accept',
'iifname enp1s0.1138 accept',
'iifname enp1s0.2000 accept',
'ip6 nexthdr ipv6-icmp accept', 'ip6 nexthdr ipv6-icmp accept',
'tcp dport 22 accept', 'tcp dport 22 accept',
], ],
@ -94,6 +102,7 @@ nodes['home.router'] = {
'restrict-to': { 'restrict-to': {
'172.19.136.0/25', '172.19.136.0/25',
'172.19.138.0/24', '172.19.138.0/24',
'fd90:2017::/32',
}, },
'vhosts': { 'vhosts': {
'vnstat': { 'vnstat': {
@ -104,13 +113,23 @@ nodes['home.router'] = {
}, },
'radvd': { 'radvd': {
'interfaces': { 'interfaces': {
'enp1s0.1138': {}, 'enp1s0.1138': {
'rdnss': {
'fd90:2017:0:1138::1',
},
},
'enp1s0.1139': {}, 'enp1s0.1139': {},
'enp1s0.2000': {
'rdnss': {
'fd90:2017:0:2000::1',
},
},
}, },
}, },
'postfix': { 'postfix': {
'mynetworks': { 'mynetworks': {
'172.19.138.0/24', '172.19.138.0/24',
'fd90:2017::/32',
}, },
}, },
'pppd': { 'pppd': {
@ -124,13 +143,13 @@ nodes['home.router'] = {
'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='), 'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
}, },
'nftables-rules.d': { 'nftables-rules.d': {
'inet filter forward iifname enp1s0.1138 accept',
'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept', 'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept',
}, },
}, },
'unbound': { 'unbound': {
'restrict-to': { 'restrict-to': {
'172.19.138.0/23', '172.19.138.0/23',
'fd90:2017::/32',
}, },
}, },
'users': { 'users': {
@ -152,6 +171,7 @@ nodes['home.router'] = {
'targets': { 'targets': {
'enp1s0.1138': '1', 'enp1s0.1138': '1',
'enp1s0.1139': '2', 'enp1s0.1139': '2',
'enp1s0.2000': '3',
}, },
}, },
'wireguard': { 'wireguard': {