bundlewrap/nodes/home/router.py

nodes['home.router'] = {
    'hostname': '172.19.138.10',
    'bundles': {
        'iptables',
        'pppd',
        'dhcpd',
    },
    'groups': set(),
    'metadata': {
        'interfaces': {
            'enp1s0.23': {
                'ips': {
                    '172.19.139.10/24',
                },
            },
            'enp1s0.42': {
                'ips': {
                    '172.19.138.10/24',
                },
                'gateway4': '172.19.138.1',
            },
            'enp1s0.100': {
                'ignore': True,
            },
        },
        'backups': {
            'exclude_from_backups': True,
        },
        'cron': {
            # Our internet provider resets the connection if you're
            # connected longer than 24 hours. We install this cronjob
            # to make sure we don't get disconnected randomly during the
            # day.
            'restart_pppd': '23 2 * * *    root    systemctl restart pppoe',
        },
        'iptables': {
            'custom_rules': [
                'iptables_both -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT',
                'iptables_both -A FORWARD -i enp1s0.23 -o enp1s0.42 -j REJECT',
                'iptables_both -A FORWARD -i enp1s0.23 -j ACCEPT',
                'iptables_both -A FORWARD -i enp1s0.42 -j ACCEPT',
            ],
        },
        'pppd': {
            'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='),
            'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='),
            'interface': 'enp1s0.100',
        },
        'dhcpd': {
            'subnets': {
                'home': {
                    'subnet': '172.19.138.0',
                    'netmask': '255.255.255.0',
                    'range_lower':  '172.19.138.100',
                    'range_higher': '172.19.138.250',
                    'interface': 'enp1s0.42',
                    'options': {
                        'routers': '172.19.138.1',
                        'domain-name-servers': '8.8.8.8, 8.8.4.4',
                        'domain-name': 'franzi-home.kunbox.net',
                        'broadcast-address': '172.19.138.255',
                        'subnet-mask': '255.255.255.0',
                    },
                    'default-lease-time': 300,
                    'max-lease-time': 1800,
                },
            },
        },
        'vm': {
            'cpu': 2,
            'ram': 2,
        },
    },
    'os': 'debian',
    'os_version': (10,),
}