diff --git a/.github/checks/check-duplicates.sh b/.github/checks/check-duplicates.sh new file mode 100755 index 000000000..358c27c4a --- /dev/null +++ b/.github/checks/check-duplicates.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +# Locations pattern +location_files="locations/*.yml" + +# Initialize a variable to track if any errors are found +error_found=0 + +# Function to check for duplicates +check_duplicates() { + local yq_query="$1" + local description="$2" + local file_pattern="$3" + + # Expand the file pattern to a list of files + # shellcheck disable=SC2206 + files=($file_pattern) + + # Check if any files match the pattern + if [ ${#files[@]} -eq 0 ]; then + echo "No files matching pattern $file_pattern" + return + fi + + # Run the yq command with the expanded list of files + duplicates=$(yq "$yq_query" "${files[@]}" | grep -v -- '---' | tr '[:upper:]' '[:lower:]' | sed 's/["'\'']//g' | sort | uniq -cd) + if [ -n "$duplicates" ]; then + echo "Duplicate $description found:" + echo "$duplicates" + error_found=1 + fi +} + +# Check for duplicates accross all locations +echo "Checking $location_files" + +# Check for hostname duplicates within hosts +check_duplicates 'select(.hosts != null) | .hosts[].hostname' "hostnames within hosts" "$location_files" + +# Check for mac_override duplicates within hosts +check_duplicates 'select(.hosts != null) | .hosts[].mac_override | select(. != null) | to_entries[] | .value' "mac_overrides within hosts" "$location_files" + +# Check for hostname duplicates within snmp_devices +check_duplicates 'select(.snmp_devices != null) | .snmp_devices[].hostname' "hostnames within snmp_devices" "$location_files" + +# Check for address duplicates within snmp_devices +check_duplicates 'select(.snmp_devices != null) | .snmp_devices[].address' "addresses within snmp_devices" "$location_files" + +# Check for ipv6_prefix duplicates +check_duplicates 'select(.ipv6_prefix != null) | .ipv6_prefix' "ipv6_prefixes" "$location_files" + +# Check for ipv4_prefix duplicates within networks +check_duplicates 'select(.networks != null) | .networks[] | select(.prefix != null) | .prefix' "prefix within networks" "$location_files" + +# Check for duplicate hosts within 11a channel assignments +check_duplicates 'select(.location__channel_assignments_11a_standard__to_merge != null) | .location__channel_assignments_11a_standard__to_merge | keys[]' "hosts within 11a channel assignments" "$location_files" + +# Check for duplicate hosts within 11g channel assignments +check_duplicates 'select(.location__channel_assignments_11g_standard__to_merge != null) | .location__channel_assignments_11g_standard__to_merge | keys[]' "hosts within 11g channel assignments" "$location_files" + +# Check for duplicates within a single location +for file in $location_files; do + echo "Checking $file" + + # Check for VID duplicates within networks + check_duplicates 'select(.networks != null) | .networks[] | select(.vid != null) | .vid' "VID within networks" "$file" + + # Check for name duplicates within networks + check_duplicates 'select(.networks != null) | .networks[] | select(.name != null) | .name' "name within networks" "$file" + + # Check for ipv6_subprefix duplicates within networks + check_duplicates 'select(.networks != null) | .networks[] | select(.ipv6_subprefix != null) | .ipv6_subprefix' "ipv6_subprefix within networks" "$file" + +done + +# Exit with a non-zero status code if any errors were found +if [ "$error_found" -eq 1 ]; then + exit 1 +else + echo "No duplicates found" +fi diff --git a/.github/checks/check-interface-names.sh b/.github/checks/check-interface-names.sh new file mode 100755 index 000000000..d64d4f480 --- /dev/null +++ b/.github/checks/check-interface-names.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +# Locations pattern +location_files="locations/*.yml" + +# Initialize a variable to track if any errors are found +error_found=0 + +# Function to check for errors in interface names +check() { + local yq_query="$1" + local file_pattern="$2" + + # Expand the file pattern to a list of files + # shellcheck disable=SC2206 + files=($file_pattern) + + # Check if any files match the pattern + if [ ${#files[@]} -eq 0 ]; then + echo "No files matching pattern $file_pattern" + return + fi + + # Run the yq command with the expanded list of files + ifnames=$(yq "$yq_query" "${files[@]}" | grep -v -- '---' | sed 's/["'\'']//g' | sort | uniq) + + # Iterate over each interface name and check if it matches the allowed pattern + for ifname in $ifnames; do + if [[ ! "$ifname" =~ ^[a-z0-9_]+$ ]]; then + echo "Error: Interface name does not match allowed pattern [0-9a-z_]: $ifname" + error_found=1 + fi + done +} + +# Check for issues across locations +echo "Checking $location_files" + +# Check for interface name issues +check 'select(.networks != null) | .networks[] | select(.name != null) | .name' "$location_files" + +# Exit with a non-zero status code if any errors were found +if [ "$error_found" -eq 1 ]; then + exit 1 +else + echo "No errors found" +fi diff --git a/.github/checks/check-mac-override-missing.sh b/.github/checks/check-mac-override-missing.sh new file mode 100755 index 000000000..627ea63b4 --- /dev/null +++ b/.github/checks/check-mac-override-missing.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +# Initialize a variable to track if any errors are found +error_found=0 + +# Define patterns for model files +model_files='group_vars/model_*.yml' + +# If location files are passed as arguments, override the default location_files variable +if [ "$#" -gt 0 ]; then + # Treat location_files as an array to handle multiple arguments + location_files=("$@") +else + # Use the default pattern if no arguments are passed + location_files=(locations/*.yml) +fi + +# If location files are passed as arguments, override the location_files variable +if [ "$#" -gt 0 ]; then + location_files=("$@") +fi + +# Find all models that require a mac_override +declare -A mac_override_required_models + +for model_file_path in $model_files; do + # Extract model name from file path + model_file=$(basename "$model_file_path" .yml) + model_name=${model_file#model_} + + # Check if the model requires mac_override + requires_mac_override=$(yq '.requires_mac_override' "$model_file_path" | tr -d '"') + + # Store the result in the associative array + mac_override_required_models["$model_name"]=$requires_mac_override +done + +# Find all missing mac_overrides in the provided or all location files +for location_file in "${location_files[@]}"; do + # Check if the file exists (in case only some files were passed in GitHub Action) + if [ ! -f "$location_file" ]; then + echo "File $location_file does not exist, skipping." + continue + fi + + # Get hosts as a single YAML block to minimize calls to yq + hosts=$(yq '.hosts' "$location_file") + + # Loop through each host entry + for i in $(seq 0 $(($(echo "$hosts" | yq '. | length') - 1))); do + hostname=$(echo "$hosts" | yq ".[$i].hostname" | tr -d '"') + model=$(echo "$hosts" | yq ".[$i].model" | tr -d '"') + mac_override=$(echo "$hosts" | yq ".[$i].mac_override" | tr -d '"') + + # Convert model name to match the model file format (underscore instead of hyphen) + model_name=${model//-/_} + + # Check if the model requires mac_override using the associative array + requires_mac_override=${mac_override_required_models["$model_name"]} + + if [ "$requires_mac_override" = "true" ]; then + if [ "$mac_override" == "null" ]; then + # Output the missing mac_override details immediately + echo "Host $hostname (model: $model) in $location_file is missing mac_override." + error_found=1 + fi + fi + done +done + +# Exit with a non-zero status code if any errors were found +if [ "$error_found" -eq 1 ]; then + echo "Please look at the model files of the devices missing a mac_override for documentation" + echo "about how to read the mac_address from the device." + exit 1 +else + echo "No MAC override issues found." +fi + diff --git a/.github/workflows/check-duplicates.yml b/.github/workflows/check-duplicates.yml new file mode 100644 index 000000000..b6828e2ad --- /dev/null +++ b/.github/workflows/check-duplicates.yml @@ -0,0 +1,18 @@ +--- +name: Check for duplicates + +on: [push, pull_request] # yamllint disable-line rule:truthy + +jobs: + check-duplicates: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Run check for duplicates + run: | + yq --version + ./.github/checks/check-duplicates.sh diff --git a/.github/workflows/check-interface-names.yml b/.github/workflows/check-interface-names.yml new file mode 100644 index 000000000..b9ee2ee1a --- /dev/null +++ b/.github/workflows/check-interface-names.yml @@ -0,0 +1,33 @@ +--- +name: Check interface names + +on: [push, pull_request] # yamllint disable-line rule:truthy + +jobs: + check-interface-names: + runs-on: ubuntu-latest + steps: + - name: Checkout branch + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + # Get a list of changed files and pass them to the script + - name: Get Changed Files and Run interface name check + run: | + # Fetch previous commits for comparison + git fetch origin main + + # Get list of changed files compared to main branch + changed_files=$(git diff --name-only origin/main) + + # Filter out only the location files from the list of changed files + location_files=$(echo "$changed_files" | grep -E '^locations/.*\.yml$' || true) + + if [ -z "$location_files" ]; then + echo "No location files changed, skipping check." + exit 0 + fi + + # Run the interface name check script with the filtered location files + ./.github/checks/check-interface-names.sh "$location_files" diff --git a/.github/workflows/check-mac-override-missing.yml b/.github/workflows/check-mac-override-missing.yml new file mode 100644 index 000000000..ed35aeed7 --- /dev/null +++ b/.github/workflows/check-mac-override-missing.yml @@ -0,0 +1,33 @@ +--- +name: Check missing mac_overrides + +on: [push, pull_request] # yamllint disable-line rule:truthy + +jobs: + check-mac-override-missing: + runs-on: ubuntu-latest + steps: + - name: Checkout branch + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + # Get a list of changed files and pass them to the script + - name: Get Changed Files and Run mac_override missing check + run: | + # Fetch previous commits for comparison + git fetch origin main + + # Get list of changed files compared to main branch + changed_files=$(git diff --name-only origin/main) + + # Filter out only the location files from the list of changed files + location_files=$(echo "$changed_files" | grep -E '^locations/.*\.yml$' || true) + + if [ -z "$location_files" ]; then + echo "No location files changed, skipping check." + exit 0 + fi + + # Run the mac_override check script with the filtered location files + ./.github/checks/check-mac-override-missing.sh "$location_files" diff --git a/.github/workflows/configrun.yml b/.github/workflows/configrun.yml index a862a1293..662342908 100644 --- a/.github/workflows/configrun.yml +++ b/.github/workflows/configrun.yml @@ -3,10 +3,10 @@ name: Config Run on: push: branches: - - master + - main pull_request: branches: - - master + - main jobs: build: diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 45292aa74..f2735a92d 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -57,6 +57,6 @@ jobs: VALIDATE_ALL_CODEBASE: false # Disable JSCPD as we have a lot of duplication by design VALIDATE_JSCPD: false - # Change to 'master' if your main branch differs - DEFAULT_BRANCH: master + # Change to 'main' if your main branch differs + DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/wikiupdate.yml b/.github/workflows/wikiupdate.yml index 84ff6bd7e..de1792dc0 100644 --- a/.github/workflows/wikiupdate.yml +++ b/.github/workflows/wikiupdate.yml @@ -3,7 +3,7 @@ name: Wikiupdate on: # yamllint disable-line rule:truthy push: branches: - - master + - main jobs: update_wiki: diff --git a/DEVELOPER.md b/DEVELOPER.md index a6f794cb1..2cff3c18d 100644 --- a/DEVELOPER.md +++ b/DEVELOPER.md @@ -68,6 +68,15 @@ Multiple ports can be specified as a list: ```yml poe_on: [0,1,2,3] ``` + +A few devices also require an override to properly set the MAC address. The command to read the address from the device should be documented in the corresponding model file. + +Without the `mac_override` these devices will still function, but generate a new MAC address on each boot. This causes the devices to appear multiple times in the devices listing of switches and also changes the link local address of the device as it is based on the MAC address. + +```yml + mac_override: {eth0: XX:XX:XX:XX:XX:XX} +``` + ### monitoring All OpenWrt-devices have monitoring enabled. To activate monitoring for other devices we use SNMP. The core router will collect and report statistics for the devices. Make sure SNMP is activated on the proprietary device with the community set to public. You can find an overview with all available profiles at `group_vars/all/snmp_profiles.yml` @@ -138,7 +147,7 @@ networks: role: mgmt # create a management vlan in which we can reach every device on this site for maintenance prefix: 10.31.42.0/28 gateway: 1 - dns: 1 + dns: 1 # used to tell accesspoints the location of dns server at assignment number n ntp: 1 # used to tell accesspoints to use the ntp server of the core router ipv6_subprefix: 1 assignments: # assign static(!) addresses from mgmt-network to individual devices/interfaces. @@ -224,12 +233,12 @@ location__wireless_profiles__to_merge: - name: foobar devices: - - radio: 11a_standard - legacy_rates: false - country: DE - radio: 11g_standard - legacy_rates: false - country: DE + - radio: 11a_mesh + - radio: 11a_standard + disabled: false # Enable radio (default) + legacy_rates: false # Disable lower bandwith rates (default) + country: 'DE' # Set German country code for radio compliance (default) ifaces: - mode: ap @@ -250,7 +259,7 @@ location__wireless_profiles__to_merge: - mode: ap ssid: Private Wifi encryption: psk2 - key: 'file:/root/wifi_pass' + key: 'file:/root/wifi_pass' # the location of the file containing the wifi password network: prdhcp radio: [11a_standard, 11g_standard] ifname_hint: prdhcp @@ -267,7 +276,7 @@ There are also files for the standard ssh keys and definitions for the Wi-Fi pro ### model_files -These files define how bbb-configs needs to handle different hardware models. This example shows a WDR4900: +These files define how bbb-configs needs to handle different hardware models: ```yml --- @@ -276,12 +285,18 @@ brand_nice: TP-Link # brand from the router in human readabl model_nice: Archer C7 # model from the router in human readable form version_nice: v2 # version from the router in human readable form, not always present +# This section is only needed for devices still using swconfig switch_ports: 6 # number of physical ports + one (CPU) switch_int_port: 0 # port-id of the CPU switch_ignore_ports: [1, 2, 3, 4] # omit ports, that exist in software but not in hardware (i.e. MikroTik SXTsq 5ac) - int_port: eth0 # hardware-device on which swconfig works on +# For DSA use +dsa_ports: # list of ports obtained from boards.json + - lan1 + - lan2 + - wan + wireless_devices: # definitions for the devices radios - name: 11a_standard # 5GHz radio band: 5g @@ -293,17 +308,20 @@ wireless_devices: # definitions for the devices radios htmode_prefix: VHT path: ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0 ifname_hint: wlan2 + +poe_ports: # definitions for the devices poe Ports. You can obtain this info from /etc/boards.json + - name: PoE Power Port0 + gpio_pin: 400 + value: 0 ``` -Possible values for band are 2g for 2.4 GHz, 5g for 5 GHz, 6g for 6 GHz and 60g for 60 GHz. +Possible values for `band` are 2g for 2.4 GHz, 5g for 5 GHz, 6g for 6 GHz and 60g for 60 GHz. Band replaces hwmode since 21.02.2. -Possible values for htmode_prefix are HT (802.11n), VHT (802.11ac) and HE (802.11ax). +Possible values for `htmode_prefix` are HT (802.11n), VHT (802.11ac) and HE (802.11ax). The htmode_prefix setting corresponds with the htmode option. -For a model using DSA instead of swconfig, you may refer to [`model_ubnt_edgerouter_x_sfp.yml`](https://github.com/freifunk-berlin/bbb-configs/blob/master/group_vars/model_ubnt_edgerouter_x_sfp.yml) - -To create a new model file for a device with swconfig you can use the following commands to get information about the switch on a standard OpenWRT install: +To create a new model file for a device with **swconfig** you can use the following commands to get information about the switch on a standard OpenWRT install: - `swconfig list` to list all switches e.g. switch0 - `swconfig dev switch0 help` to get information about the switch @@ -312,10 +330,13 @@ To create a new model file for a device with swconfig you can use the following Note: If you want to create a new model_file you can have a look at `/etc/config/wireless` on a standard OpenWRT install to obtain the path information for the wireless_devices. +For a model using **DSA** instead of swconfig you can obtain the needed information from + +`cat /etc/board.json` ## inventory/ -This is an internal diretory on which you don't need to care about now. If you like to learn mor on it, you might read +This is an internal directory on which you don't need to care about now. If you like to learn mor on it, you might read the `README.md` file inside of it. ## roles/ diff --git a/FAQ.md b/FAQ.md index a12c61cdb..2cc1337c6 100644 --- a/FAQ.md +++ b/FAQ.md @@ -5,11 +5,15 @@ Make sure to install ansible and clone the bbb-configs repository. Then install the requirements using: ```sh +apt update +apt install -y jq python3 -m venv venv source venv/bin/activate pip3 install -r requirements.txt ``` +Depending on your system you might need more requirements. If something fails check out [this OpenWRT page](https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem). + ## How to spin up a config run? ```sh @@ -52,12 +56,11 @@ ansible-playbook play.yml --tags flash ## What is required to bringup a location? -1. Create a location folder at `/group_vars/` and fill in at least `general.yml`, `networks.yml` and `owm.yml`. -2. Create a folder for every OpenWrt device at the location under `/host_vars/`. Paste the `base.yml` in there. -3. Run the image creation as shown in the commands above (image will be in `./tmp/images/`). -4. Flash the image to your router. -5. Secure the router by setting a root password using SSH or the web interface. -6. Done! +1. Create a location file in the `locations` directory. You might want to copy an existing location to make your start more easy. +2. Run the image creation as shown in the commands above (image will be in `tmp/images` directory). +3. Flash the image to your router. +4. Secure the router by setting a root password using SSH or the web interface. +5. Done! Have a look at the [Developers Guide](DEVELOPER.md) for more information. @@ -66,8 +69,7 @@ Have a look at the [Developers Guide](DEVELOPER.md) for more information. Make sure to test your addition with yamllint and ansible-lint before sending a pull request by using: ```sh -yamllint -d .config/yaml-lint.yml . -ansible-lint -c .config/ansible-lint.yml +make lint ``` ## How can I mass deploy in the Freifunk Network diff --git a/README.md b/README.md index 284251313..3e8b03620 100644 --- a/README.md +++ b/README.md @@ -10,18 +10,22 @@ Maintainers can remotely upgrade sites without having to worry about wrong confi ## Getting Started Using bbb-configs is quite simple. The TL;DR version for anyone not wanting to read the [FAQ](FAQ.md) is: - - python3 -m venv venv - source venv/bin/activate - pip3 install -r requirements.txt - ./generate-images.sh - +1. Install dependencies. Depending on your distro you might need to use a different package management system than `apt`. +```sh +apt update +apt install -y jq +python3 -m venv venv +source venv/bin/activate +pip3 install -r requirements.txt +``` +2. Generate images +```sh +./generate-images.sh +``` or - - python3 -m venv venv - source venv/bin/activate - pip3 install -r requirements.txt - ansible-playbook play.yml --limit location-* --tags image +```sh +ansible-playbook play.yml --limit location-* --tags image +``` ## How it Works @@ -37,7 +41,7 @@ The image compilation takes the variables defined by the hosts and location file e.g. some drivers expect network config concerning the distributed switching architecture, and some use the legacy sw-config format. Based on the predefined roles, core-router, access point, and gateway, a customized set of tasks are executed. The last step is to download the correct OpenWrt-Imagebuilder for the host and give it all generated config files. The Imagebuilder generates a binary image embedded with the customized config for this one host in the particular location. Flashing this image to a router will set the router after boot directly in the correct operating state. Further, this router will not be able to lose any of its configurations since it is embedded into its image. -If we need someone to reproduce our setup, the person can just generate the image for the involved routers, aka hosts, and provision them. Everyone can reproduce our setup and can work with us on our configurations from all other the world. In the future, it may be possible to abstract the actual router hardware with QEMU opening new interesting use cases. +If we need someone to reproduce our setup, the person can just generate the image for the involved routers, aka hosts, and provision them. Everyone can reproduce our setup and can work with us on our configurations from all over the world. In the future, it may be possible to abstract the actual router hardware with QEMU opening new interesting use cases. ## Developers and Maintainers diff --git a/ansible.cfg b/ansible.cfg index e14816686..4866048df 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -6,6 +6,7 @@ inventory = inventory/base_inventory, inventory/keyed_groups_stage_1.config, inv interpreter_python = auto_silent stdout_callback = debug jinja2_extensions = jinja2.ext.do +callbacks_enabled = ansible.posix.profile_tasks, ansible.posix.timer #needed for software upgrade [persistent_connection] diff --git a/group_vars/all/general.yml b/group_vars/all/general.yml index c0780ae14..9a62918e2 100644 --- a/group_vars/all/general.yml +++ b/group_vars/all/general.yml @@ -1,16 +1,15 @@ --- zonename: 'Europe/Berlin' timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' +log_size: 64 +# TODO: find a second good DNS upstream in Berlin dns_servers: - # dns3.digitalcourage.de @ hetzner falkenstein - - 2a01:4f8:251:554::2 - - 5.9.164.112 - # ns1.fdn.fr @ gitoyen paris - - 2001:910:800::40 - - 80.67.169.40 - # dns.as250.net anycast (l105 broken) - # - 194.150.168.168 + # quad9.net @ megaport l105+ak36 + - 2620:fe::10 + - 2620:fe::fe:10 + - 9.9.9.10 + - 149.112.112.10 ntp_servers: - 0.openwrt.pool.ntp.org @@ -19,7 +18,9 @@ ntp_servers: - 3.openwrt.pool.ntp.org collectd_host: monitor.berlin.freifunk.net -collectd_ping_host: 1.1.1.1 +collectd_ping_hosts: + - 1.1.1.1 + - 2606:4700:4700::1111 # Preserve following files (allow list) sysupgrade_preserve_custom_files: @@ -28,8 +29,6 @@ sysupgrade_preserve_custom_files: - /etc/uhttpd.key - /etc/dropbear/dropbear_rsa_host_key - /etc/dropbear/dropbear_ed25519_host_key - - /etc/wireguard/wg.pub - - /etc/wireguard/wg.key - /root/ image_search_pattern: "*-sysupgrade.*" @@ -43,3 +42,17 @@ all_sysctl__to_merge: # especially on low mem devices this is important vm.min_free_kbytes: 1024 + + +## Routing Section: +freifunk_global_prefix: 2001:bf7::/32 + +# Default mesh metric in inbound direction (rxcost) for normal mesh links +mesh_metric_default_in: 512 + +# Default mesh metric in all directions for tunnels +mesh_metric_tunnel_in: 3072 + +# Default mesh metrics in inbound direction (rxcost) for adhoc like interfaces +mesh_metric_adhoc_11a_standard: 2024 +mesh_metric_adhoc_11g_standard: 2536 diff --git a/group_vars/all/imageprofile.yml b/group_vars/all/imageprofile.yml index 81c1a94a1..993c577d3 100644 --- a/group_vars/all/imageprofile.yml +++ b/group_vars/all/imageprofile.yml @@ -1,9 +1,12 @@ --- # default OpenWRT version to build from unless overridden openwrt_version: 23.05-SNAPSHOT -imagebuilder_filename: "openwrt-imagebuilder-{{ openwrt_version ~ '-' if openwrt_version != 'snapshot' else '' }}{{ target | replace('/','-') }}.Linux-x86_64.tar.xz" + +imagebuilder_suffix: zst # Might get overridden for older openwrt versions +imagebuilder_filename: "openwrt-imagebuilder-{{ openwrt_version }}-{{ target | replace('/', '-') }}.Linux-x86_64.tar.{{ imagebuilder_suffix }}" + imagebuilder: "https://downloads.cdn.openwrt.org/{{ 'snapshots' if openwrt_version == 'snapshot' else 'releases/' ~ openwrt_version }}/targets/{{ target }}/{{ imagebuilder_filename }}" -feed: "src/gz openwrt_falter https://firmware.berlin.freifunk.net/feed/__FEED_VERSION__/packages/__INSTR_SET__/falter" +feed: "src/gz openwrt_falter https://firmware.berlin.freifunk.net/feed/{{ feed_version }}/packages/{{ instr_set }}/falter" all__packages__to_merge: @@ -15,31 +18,25 @@ all__packages__to_merge: - collectd-mod-ping - collectd-mod-uptime - ethtool - - ip6tables # Its not pulled in by default anymore bc fw4 + - ip6tables-nft # Its not pulled in by default anymore bc fw4 + - iptables-nft - iperf3 - iwinfo + - ip - kmod-nft-bridge - mtr - nftables - - tcpdump + - tcpdump-mini - vnstat - -ppp - -ppp-mod-pppoe -ssl__packages__to_merge: - - -wpad-basic - - -wpad-basic-mbedtls - - -wpad-basic-wolfssl - - -libustream-mbedtls - - libustream-wolfssl - - hostapd-wolfssl - - px5g-wolfssl - all_luci_base__packages__to_merge: - libiwinfo-lua - luci-mod-admin-full - luci-proto-ipv6 - luci-theme-bootstrap + - px5g-mbedtls - rpcd-mod-rrdns - uhttpd - uhttpd-mod-ubus diff --git a/group_vars/all/snmp_profiles.yml b/group_vars/all/snmp_profiles.yml index fb72c0461..66fca897f 100644 --- a/group_vars/all/snmp_profiles.yml +++ b/group_vars/all/snmp_profiles.yml @@ -13,6 +13,11 @@ collectd_snmp_profiles: TypeInstance: "Frequency (MHz)" Table: false Values: .1.3.6.1.4.1.41112.1.11.1.1.2.1 + rf_width: + Type: frequency + TypeInstance: "Channel Width (MHz)" + Table: false + Values: .1.3.6.1.4.1.41112.1.11.1.1.3.1 rf_sta_distance: PluginInstance: distance Type: gauge diff --git a/group_vars/all/wireless_profiles.yml b/group_vars/all/wireless_profiles.yml index 2cdb6e17e..852ca224a 100644 --- a/group_vars/all/wireless_profiles.yml +++ b/group_vars/all/wireless_profiles.yml @@ -20,17 +20,6 @@ all__wireless_profiles__to_merge: disabled: true - name: mesh_only - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - - radio: 11a_mesh - legacy_rates: false - country: DE - ifaces: - mode: mesh mesh_id: Mesh-Freifunk-Berlin @@ -40,17 +29,6 @@ all__wireless_profiles__to_merge: ifname_hint: mesh - name: ap_only - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - - radio: 11a_mesh - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: berlin.freifunk.net @@ -68,17 +46,6 @@ all__wireless_profiles__to_merge: ieee80211w: 1 - name: freifunk_default - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - - radio: 11a_mesh - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: berlin.freifunk.net @@ -103,17 +70,6 @@ all__wireless_profiles__to_merge: ifname_hint: mesh - name: freifunk_fw - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - - radio: 11a_mesh - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: fuerstenwalde.freifunk.net @@ -136,3 +92,27 @@ all__wireless_profiles__to_merge: mcast_rate: 12000 mesh_fwding: 0 ifname_hint: mesh + + - name: freifunk_hacrafu + ifaces: + - mode: ap + ssid: freifunk.hacrafu.de + encryption: none + network: dhcp + radio: [11a_standard, 11g_standard] + ifname_hint: ff + + # - mode: ap + # ssid: freifunk.hacrafu.de Encrypted + # encryption: owe + # network: dhcp + # radio: [11a_standard, 11g_standard] + # ifname_hint: ffowe + # ieee80211w: 1 + + - mode: mesh + mesh_id: Mesh-Freifunk-Berlin + radio: [11a_standard, 11g_standard, 11a_mesh] + mcast_rate: 12000 + mesh_fwding: 0 + ifname_hint: mesh diff --git a/group_vars/location_hds/general.yml b/group_vars/location_hds/general.yml deleted file mode 100644 index 0a4610acb..000000000 --- a/group_vars/location_hds/general.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -community: true diff --git a/group_vars/location_hds/networks.yml b/group_vars/location_hds/networks.yml deleted file mode 100644 index a28920cd1..000000000 --- a/group_vars/location_hds/networks.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -ipv6_prefix: "2001:bf7:750:3000::/56" - -networks: - - vid: 40 - role: dhcp - prefix: 10.36.166.193/26 - ipv6_subprefix: 0 - untagged: true - inbound_filtering: true - enforce_client_isolation: true - assignments: - hds-core: 1 - - - vid: 105 - role: mesh - name: mesh_nord - prefix: 10.36.166.141/30 - ipv6_subprefix: -1 - assignments: - hds-core: 1 - hds-nord: 2 - - - vid: 106 - role: mesh - name: mesh_sabr - prefix: 10.36.166.137/30 - ipv6_subprefix: -2 - assignments: - hds-core: 1 - hds-saarbruecker: 2 - ptp: true - - - vid: 107 - role: mesh - name: mesh_simeon - prefix: 10.36.166.133/30 - ipv6_subprefix: -3 - assignments: - hds-core: 1 - hds-simeon: 2 - ptp: true - - - vid: 108 - role: mesh - name: mesh_sama - prefix: 10.36.166.129/30 - ipv6_subprefix: -4 - assignments: - hds-core: 1 - hds-sama: 2 - ptp: true diff --git a/group_vars/location_hds/owm.yml b/group_vars/location_hds/owm.yml deleted file mode 100644 index 9449b5d85..000000000 --- a/group_vars/location_hds/owm.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -location_nice: hds -latitude: 52.52224 -longitude: 13.41822 diff --git a/group_vars/location_hds/snmp.yml b/group_vars/location_hds/snmp.yml deleted file mode 100644 index 128763699..000000000 --- a/group_vars/location_hds/snmp.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- - - -snmp_devices: - - hostname: hds-saarbruecker - address: 10.36.166.138 - snmp_profile: mikrotik_60g - - - hostname: saarbruecker-hds - address: 10.31.83.51 - snmp_profile: mikrotik_60g - - - hostname: hds-sama - address: 10.36.166.130 - snmp_profile: airos_8 - - - hostname: hds-simeon - address: 10.36.166.134 - snmp_profile: airos_8 - - - hostname: hds-nord - address: 10.36.166.142 - snmp_profile: airos_8 diff --git a/group_vars/location_hds_ffraum/general.yml b/group_vars/location_hds_ffraum/general.yml deleted file mode 100644 index 0a4610acb..000000000 --- a/group_vars/location_hds_ffraum/general.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -community: true diff --git a/group_vars/location_hds_ffraum/networks.yml b/group_vars/location_hds_ffraum/networks.yml deleted file mode 100644 index 4121b97fe..000000000 --- a/group_vars/location_hds_ffraum/networks.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- - -# IPv4 10.36.166.0/25 -# IPv4 10.36.166.144/30 -# IPv4 10.36.166.148/30 -# IPv4 10.36.166.190 -# IPv4 10.36.166.191 -# IPv6 2001:bf7:810:b00::/57 -# 2001:bf7:810:b80::/57 is used by hds-containers - -# DHCP 10.36.166.0/25 -# 802.11s 10.36.166.190 10.36.166.191 -# MESH: 10.36.166.144/30 10.36.166.148/30 -ipv6_prefix: "2001:bf7:810:b00::/57" - -networks: - - vid: 10 - role: dhcp - prefix: 10.36.166.1/25 - ipv6_subprefix: 0 - untagged: true - inbound_filtering: false - enforce_client_isolation: false - assignments: - hds-ffraum: 1 - hdm-switch: 2 - - - vid: 20 - role: mesh - name: wireless0 - prefix: 10.36.166.190/32 - ipv6_subprefix: -1 - mesh_metric: 1024 - mesh_ap: hds-ffraum - mesh_radio: 11a_standard - mesh_iface: mesh - - - vid: 21 - role: mesh - name: wireless1 - prefix: 10.36.166.191/32 - ipv6_subprefix: -2 - mesh_metric: 1024 - mesh_ap: hds-ffraum - mesh_radio: 11g_standard - mesh_iface: mesh - - - vid: 101 - role: mesh - name: mesh_hdm_hds - prefix: 10.36.166.149/30 - ipv6_subprefix: -3 - assignments: - hds-ffraum: 1 - hdm-hds: 2 - - - vid: 102 - role: mesh - name: mesh_hdm_p3 - prefix: 10.36.166.145/30 - ipv6_subprefix: -4 - assignments: - hds-ffraum: 1 - hdm-p3: 2 - -# AP-id, wifi-channel, bandwidth, txpower -location__channel_assignments_11a_standard__to_merge: - hds-ffraum: 36-40 - -# AP-id, wifi-channel, bandwidth, txpower -location__channel_assignments_11g_standard__to_merge: - hds-ffraum: 13-20 diff --git a/group_vars/location_hds_ffraum/owm.yml b/group_vars/location_hds_ffraum/owm.yml deleted file mode 100644 index cd4f4e739..000000000 --- a/group_vars/location_hds_ffraum/owm.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -location_nice: HdS Freifunk-Raum -latitude: 52.523144207 -longitude: 13.41994464 diff --git a/group_vars/location_hds_ffraum/snmp.yml b/group_vars/location_hds_ffraum/snmp.yml deleted file mode 100644 index 7822c0df9..000000000 --- a/group_vars/location_hds_ffraum/snmp.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - - -snmp_devices: - - hostname: hdm-hds - address: 10.36.166.150 - snmp_profile: airos_8 - - - hostname: hdm-p3 - address: 10.36.166.146 - snmp_profile: airos_8 diff --git a/group_vars/model_aruba_ap_303.yml b/group_vars/model_aruba_ap_303.yml new file mode 100644 index 000000000..f1442d5d1 --- /dev/null +++ b/group_vars/model_aruba_ap_303.yml @@ -0,0 +1,19 @@ +--- +target: ipq40xx/generic +brand_nice: Aruba +model_nice: Instant On AP11 + +dsa_ports: + - lan + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: VHT + path: platform/soc/a800000.wifi + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HT + path: platform/soc/a000000.wifi + ifname_hint: wlan2 diff --git a/group_vars/model_bananapi_bpi_r64.yml b/group_vars/model_bananapi_bpi_r64.yml index 6381cd8df..9151aa34b 100644 --- a/group_vars/model_bananapi_bpi_r64.yml +++ b/group_vars/model_bananapi_bpi_r64.yml @@ -3,6 +3,8 @@ target: mediatek/mt7622 brand_nice: Sinovoip model_nice: Banana Pi R64 +openwrt_version: 24.10-SNAPSHOT + dsa_ports: - wan - lan1 diff --git a/group_vars/model_cudy_ap3000outdoor_v1.yml b/group_vars/model_cudy_ap3000outdoor_v1.yml new file mode 100644 index 000000000..a1acc0f68 --- /dev/null +++ b/group_vars/model_cudy_ap3000outdoor_v1.yml @@ -0,0 +1,20 @@ +--- +target: mediatek/filogic +openwrt_version: snapshot +brand_nice: Cudy +model_nice: AP3000 Outdoor +version_nice: v1 + +int_port: eth0 + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: HE + path: platform/soc/18000000.wifi+1 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HE + path: platform/soc/18000000.wifi + ifname_hint: wlan2 diff --git a/group_vars/model_cudy_wr3000_v1.yml b/group_vars/model_cudy_wr3000_v1.yml new file mode 100644 index 000000000..e6f628fbe --- /dev/null +++ b/group_vars/model_cudy_wr3000_v1.yml @@ -0,0 +1,28 @@ +--- +target: mediatek/filogic +brand_nice: Cudy +model_nice: WR3000 +version_nice: v1 + +dsa_ports: + - wan + - lan1 + - lan2 + - lan3 + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: HE + path: platform/18000000.wifi+1 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HE + path: platform/18000000.wifi + ifname_hint: wlan2 + +leds: + - name: wan + sysfs: blue:wan + trigger: netdev diff --git a/group_vars/model_cudy_x6_v1.yml b/group_vars/model_cudy_x6_v1.yml new file mode 100644 index 000000000..cfd476b30 --- /dev/null +++ b/group_vars/model_cudy_x6_v1.yml @@ -0,0 +1,24 @@ +--- +target: ramips/mt7621 +brand_nice: Cudy +model_nice: X6 +version_nice: v1 + +dsa_ports: + - lan1 + - lan2 + - lan3 + - lan4 + - wan + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: HE + path: 1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HE + path: 1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0 + ifname_hint: wlan2 diff --git a/group_vars/model_dlink_covr_x1860_a1.yml b/group_vars/model_dlink_covr_x1860_a1.yml index 5cc79763e..b2adf2d8d 100644 --- a/group_vars/model_dlink_covr_x1860_a1.yml +++ b/group_vars/model_dlink_covr_x1860_a1.yml @@ -4,10 +4,16 @@ brand_nice: D-Link model_nice: COVR-X1860 version_nice: A1 +openwrt_version: 24.10-SNAPSHOT + dsa_ports: - internet - ethernet +# Mac address can be read with the following command: +# cat /dev/mtdblock$(grep -w 'config2' /proc/mtd | sed -n 's/^mtd\([0-9]\+\):.*/\1/p') | grep -o 'factory_mac=[^ ]*' | cut -d= -f2 +requires_mac_override: true + wireless_devices: - name: 11a_standard band: 5g diff --git a/group_vars/model_dlink_dap_x1860_a1.yml b/group_vars/model_dlink_dap_x1860_a1.yml index 90e9f756f..0f3308fb0 100644 --- a/group_vars/model_dlink_dap_x1860_a1.yml +++ b/group_vars/model_dlink_dap_x1860_a1.yml @@ -4,6 +4,8 @@ brand_nice: D-Link model_nice: DAP-X1860 version_nice: A1 +openwrt_version: 24.10-SNAPSHOT + int_port: lan wireless_devices: diff --git a/group_vars/model_glinet_gl_mt3000.yml b/group_vars/model_glinet_gl_mt3000.yml new file mode 100644 index 000000000..c4cb4cde8 --- /dev/null +++ b/group_vars/model_glinet_gl_mt3000.yml @@ -0,0 +1,20 @@ +--- +target: "mediatek/filogic" +brand_nice: GL.iNet +model_nice: GL-MT3000 (Beryl AX) + +dsa_ports: + - lan + - wan + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: HE + path: platform/18000000.wifi+1 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HE + path: platform/18000000.wifi + ifname_hint: wlan2 diff --git a/group_vars/model_glinet_gl_mt6000.yml b/group_vars/model_glinet_gl_mt6000.yml new file mode 100644 index 000000000..e080c4cfe --- /dev/null +++ b/group_vars/model_glinet_gl_mt6000.yml @@ -0,0 +1,24 @@ +--- +target: "mediatek/filogic" +brand_nice: GL.iNet +model_nice: GL-MT6000 (Flint 2) + +dsa_ports: + - eth0 + - lan1 + - lan2 + - lan3 + - lan4 + - lan5 + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: HE + path: platform/soc/18000000.wifi+1 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HE + path: platform/soc/18000000.wifi + ifname_hint: wlan2 diff --git a/group_vars/model_mikrotik_routerboard_760igs.yml b/group_vars/model_mikrotik_routerboard_760igs.yml index ccbefb960..734e21fb1 100644 --- a/group_vars/model_mikrotik_routerboard_760igs.yml +++ b/group_vars/model_mikrotik_routerboard_760igs.yml @@ -1,6 +1,5 @@ --- target: ramips/mt7621 -openwrt_version: 22.03-SNAPSHOT brand_nice: MikroTik model_nice: hEX S diff --git a/group_vars/model_mikrotik_sxtsq_2_lite.yml b/group_vars/model_mikrotik_sxtsq_2_lite.yml index 954e7aa42..ffb45531c 100644 --- a/group_vars/model_mikrotik_sxtsq_2_lite.yml +++ b/group_vars/model_mikrotik_sxtsq_2_lite.yml @@ -6,6 +6,10 @@ model_nice: SXTsq Lite2 int_port: eth0 +# Mac address can be read with the following command: +# cat /sys/firmware/mikrotik/hard_config/mac_base +requires_mac_override: true + wireless_devices: - name: 11g_standard band: 2g diff --git a/group_vars/model_mikrotik_sxtsq_5_ac.yml b/group_vars/model_mikrotik_sxtsq_5_ac.yml index 820a390bd..a7469b77b 100644 --- a/group_vars/model_mikrotik_sxtsq_5_ac.yml +++ b/group_vars/model_mikrotik_sxtsq_5_ac.yml @@ -10,6 +10,10 @@ model__packages__to_merge: dsa_ports: - lan +# Mac address can be read with the following command: +# cat /sys/firmware/mikrotik/hard_config/mac_base +requires_mac_override: true + wireless_devices: - name: 11a_standard band: 5g diff --git a/group_vars/model_netgear_wax202.yml b/group_vars/model_netgear_wax202.yml index 67738a5e7..c3b488883 100644 --- a/group_vars/model_netgear_wax202.yml +++ b/group_vars/model_netgear_wax202.yml @@ -9,6 +9,10 @@ dsa_ports: - lan2 - lan3 +# Mac address can be read with the following command: +# cat /dev/mtdblock$(grep -w 'Config' /proc/mtd | sed -n 's/^mtd\([0-9]\+\):.*/\1/p') | grep -o 'mac=[^ ]*' | cut -d= -f2 +requires_mac_override: true + wireless_devices: - name: 11a_standard band: 5g diff --git a/group_vars/model_netgear_wax220.yml b/group_vars/model_netgear_wax220.yml index d91c356b1..30e919a61 100644 --- a/group_vars/model_netgear_wax220.yml +++ b/group_vars/model_netgear_wax220.yml @@ -4,6 +4,10 @@ brand_nice: NETGEAR model_nice: WAX220 int_port: eth0 +openwrt_version: 24.10-SNAPSHOT + +requires_mac_override: true + wireless_devices: - name: 11a_standard band: 5g diff --git a/group_vars/model_protectli_vps6630.yml b/group_vars/model_protectli_vps6630.yml new file mode 100644 index 000000000..3e6dff52c --- /dev/null +++ b/group_vars/model_protectli_vps6630.yml @@ -0,0 +1,63 @@ +--- +override_target: generic +target: x86/64 +image_search_pattern: "*-ext4-combined-efi.img*" +model_nice: Protectli Vault Pro VP6630 +int_port: eth5 # 2nd SFP+ Port +wireless_profile: disable + +openwrt_version: 24.10-SNAPSHOT + +model__packages__to_merge: + # Dont install unncessary network kernel modules (reference: https://github.com/openwrt/openwrt/blob/main/target/linux/x86/image/64.mk) + - "-kmod-amazon-ena -kmod-amd-xgbe -kmod-bnx2 -kmod-dwmac-intel -kmod-e1000e -kmod-e1000" + - "-kmod-forcedeth -kmod-igb -kmod-ixgbe -kmod-r8169 -kmod-tg3" + - "intel-microcode" + - "kmod-igc kmod-i40e" # Network: Only igc for 2.5G Ports and i40 for SFP+ Ports are required +# - "kmod-it87-wdt" # Watchdog (only supported in kernel 6.8+) + - "lm-sensors" +# - "kmod-hwmon-it87" # Not yet supported in mainline + + +# -> Install latest BIOS update https://kb.protectli.com/kb/bios-versions-for-the-vault/ +# -> Install latest firmware (nvm) for 10G NIC +# Instructions: +# - Download Latest Release https://www.intel.de/content/www/de/de/download/18190/non-volatile-memory-nvm-update-utility-for-intel-ethernet-network-adapter-700-series.html +# - Copy EFI Version along with a edk2 efishell on a USB Key +# - Boot +# - fs0: +# - cd 700Series/EFI2x64 +# - nvmupdate64e.efi + +# Port Mapping changed from 24.10 and onwards +# eth0 - Port 1 (igc, 2,5G) +# eth1 - Port 2 (igc, 2,5G) +# eth2 - Port 3 (igc, 2,5G) +# eth3 - Port 4 (igc, 2,5G) +# eth4 - SFP+ 1 (i40e, 10G) +# eth5 - SFP+ 2 (i40e, 10G) + + +# Overriding network names doesnt work with dynamically loaded kmods, because preinit is faster +## Make interface names stable and match them to whats written on the case +## TODO: Investigate and bring upstream +# protectli-vp6630) +# ucidef_set_network_device_path "sfp1" "pci0000:00/0000:00:1c.0/0000:01:00.0" +# ucidef_set_network_device_path "sfp2" "pci0000:00/0000:00:1c.0/0000:01:00.1" +# ucidef_set_network_device_path "eth1" "pci0000:00/0000:00:1c.4/0000:02:00.0" +# ucidef_set_network_device_path "eth2" "pci0000:00/0000:00:1c.5/0000:03:00.0" +# ucidef_set_network_device_path "eth3" "pci0000:00/0000:00:1c.6/0000:04:00.0" +# ucidef_set_network_device_path "eth4" "pci0000:00/0000:00:1c.7/0000:05:00.0" +# ucidef_set_interfaces_lan_wan "eth1 eth2 eth3 eth4 sfp1" "sfp2" +# ;; + + +# Device has two console ports +# ttyS0 - RJ45 Port +# ttyS1 - USB-C Port <- Lets use choose that for on site debugging + +additional_serial_ports: + - ttyS1 + +imagebuilder_config: + CONFIG_TARGET_SERIAL: ttyS1 diff --git a/group_vars/model_totolink_a7000r.yml b/group_vars/model_totolink_a7000r.yml new file mode 100644 index 000000000..00aab05ef --- /dev/null +++ b/group_vars/model_totolink_a7000r.yml @@ -0,0 +1,25 @@ +--- +target: ramips/mt7621 +brand_nice: TOTOLINK +model_nice: A7000R + +openwrt_version: 24.10-SNAPSHOT + +dsa_ports: + - wan + - lan1 + - lan2 + - lan3 + - lan4 + +wireless_devices: + - name: 11g_standard + band: 2g + htmode_prefix: HT + path: 1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0 + ifname_hint: wlan2 + - name: 11a_standard + band: 5g + htmode_prefix: VHT + path: 1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0 + ifname_hint: wlan5 diff --git a/group_vars/model_tplink_archer_c50_v4.yml b/group_vars/model_tplink_archer_c50_v4.yml new file mode 100644 index 000000000..daf24fae4 --- /dev/null +++ b/group_vars/model_tplink_archer_c50_v4.yml @@ -0,0 +1,39 @@ +--- +target: ramips/mt76x8 +brand_nice: TP-Link +model_nice: Archer C50 +version_nice: v4 + +switch_ports: 7 +switch_int_port: 6 +switch_ignore_ports: [5] + +int_port: eth0 + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: VHT + path: pci0000:00/0000:00:00.0/0000:01:00.0 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HT + path: platform/10300000.wmac + ifname_hint: wlan2 + +leds: + - name: lan + sysfs: green:lan + trigger: switch0 + port_mask: 0x1e + - name: wan + sysfs: green:wan + trigger: switch0 + port_mask: 0x01 + - name: wlan2g + sysfs: green:wlan2g + trigger: phy0tpt + - name: wlan5g + sysfs: green:wlan5g + trigger: phy1tpt diff --git a/group_vars/model_ubnt_bullet_m_ar7241.yml b/group_vars/model_ubnt_bullet_m2_ar7241.yml similarity index 92% rename from group_vars/model_ubnt_bullet_m_ar7241.yml rename to group_vars/model_ubnt_bullet_m2_ar7241.yml index 9a8a06b04..0aa7f7112 100644 --- a/group_vars/model_ubnt_bullet_m_ar7241.yml +++ b/group_vars/model_ubnt_bullet_m2_ar7241.yml @@ -2,7 +2,7 @@ override_target: "ubnt_bullet-m-ar7241" target: ath79/tiny brand_nice: Ubiquiti -model_nice: Bullet M +model_nice: Bullet M2 version_nice: XM int_port: eth0 diff --git a/group_vars/model_ubnt_bullet_m5_ar7241.yml b/group_vars/model_ubnt_bullet_m5_ar7241.yml new file mode 100644 index 000000000..915cc841a --- /dev/null +++ b/group_vars/model_ubnt_bullet_m5_ar7241.yml @@ -0,0 +1,18 @@ +--- +override_target: "ubnt_bullet-m-ar7241" +target: ath79/tiny +brand_nice: Ubiquiti +model_nice: Bullet M5 +version_nice: XM + +int_port: eth0 + +low_mem: true + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: HT + path: pci0000:00/0000:00:00.0 + ifname_hint: wlan5 + antenna_gain: 13 diff --git a/group_vars/model_ubnt_nanostation_ac_loco.yml b/group_vars/model_ubnt_nanostation_ac_loco.yml index 7751b8cb9..807ec5e55 100644 --- a/group_vars/model_ubnt_nanostation_ac_loco.yml +++ b/group_vars/model_ubnt_nanostation_ac_loco.yml @@ -1,6 +1,5 @@ --- target: ath79/generic -openwrt_version: 22.03-SNAPSHOT brand_nice: Ubiquiti model_nice: Nanostation AC Loco diff --git a/group_vars/model_ubnt_nanostation_loco_m5_xm.yml b/group_vars/model_ubnt_nanostation_loco_m5_xm.yml index 0009e9e4e..3d8d17ae8 100644 --- a/group_vars/model_ubnt_nanostation_loco_m5_xm.yml +++ b/group_vars/model_ubnt_nanostation_loco_m5_xm.yml @@ -1,7 +1,6 @@ --- override_target: "ubnt_nanostation-loco-m" target: ath79/tiny -openwrt_version: 22.03-SNAPSHOT brand_nice: Ubiquiti model_nice: Nanostation Loco M5 version_nice: XM diff --git a/group_vars/model_ubnt_nanostation_m2_xm.yml b/group_vars/model_ubnt_nanostation_m2_xm.yml index 1c516ca3a..a5fd07a32 100644 --- a/group_vars/model_ubnt_nanostation_m2_xm.yml +++ b/group_vars/model_ubnt_nanostation_m2_xm.yml @@ -1,7 +1,6 @@ --- override_target: "ubnt_nanostation-m" target: ath79/tiny -openwrt_version: 22.03-SNAPSHOT brand_nice: Ubiquiti model_nice: Nanostation M2 version_nice: XM diff --git a/group_vars/model_ubnt_nanostation_m5_xm.yml b/group_vars/model_ubnt_nanostation_m5_xm.yml index 0cc9ca8e0..8efb1766c 100644 --- a/group_vars/model_ubnt_nanostation_m5_xm.yml +++ b/group_vars/model_ubnt_nanostation_m5_xm.yml @@ -1,7 +1,6 @@ --- override_target: "ubnt_nanostation-m" target: ath79/tiny -openwrt_version: 22.03-SNAPSHOT brand_nice: Ubiquiti model_nice: Nanostation M5 version_nice: XM diff --git a/group_vars/model_ubnt_uk_ultra.yml b/group_vars/model_ubnt_uk_ultra.yml new file mode 100644 index 000000000..7dd50f6b4 --- /dev/null +++ b/group_vars/model_ubnt_uk_ultra.yml @@ -0,0 +1,19 @@ +--- +target: "ath79/generic" +brand_nice: Ubiquiti +model_nice: Swiss Army Knife Ultra + +dsa_ports: + - eth0 + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: VHT + path: pci0000:00/0000:00:00.0 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HT + path: platform/ahb/18100000.wmac + ifname_hint: wlan2 diff --git a/group_vars/model_ubnt_unifi_6_lite.yml b/group_vars/model_ubnt_unifi_6_lite.yml index 222e81b61..962313c88 100644 --- a/group_vars/model_ubnt_unifi_6_lite.yml +++ b/group_vars/model_ubnt_unifi_6_lite.yml @@ -1,6 +1,5 @@ --- target: ramips/mt7621 -openwrt_version: 22.03-SNAPSHOT brand_nice: Ubiquiti model_nice: UniFi 6 Lite diff --git a/group_vars/model_ubnt_unifiac_lite.yml b/group_vars/model_ubnt_unifiac_lite.yml index 46b224ea9..f06e2f0ec 100644 --- a/group_vars/model_ubnt_unifiac_lite.yml +++ b/group_vars/model_ubnt_unifiac_lite.yml @@ -1,6 +1,5 @@ --- target: ath79/generic -openwrt_version: 22.03-SNAPSHOT brand_nice: Ubiquiti model_nice: UniFi AC Lite diff --git a/group_vars/model_ubnt_unifiac_mesh.yml b/group_vars/model_ubnt_unifiac_mesh.yml index 4849df4d8..1825b6a2f 100644 --- a/group_vars/model_ubnt_unifiac_mesh.yml +++ b/group_vars/model_ubnt_unifiac_mesh.yml @@ -18,5 +18,5 @@ wireless_devices: - name: 11g_standard band: 2g htmode_prefix: HT - path: platform/qca956x_wmac + path: platform/ahb/18100000.wmac ifname_hint: wlan2 diff --git a/group_vars/model_ubnt_unifiac_pro.yml b/group_vars/model_ubnt_unifiac_pro.yml index b26c0e4fd..97f7ab8c6 100644 --- a/group_vars/model_ubnt_unifiac_pro.yml +++ b/group_vars/model_ubnt_unifiac_pro.yml @@ -1,6 +1,5 @@ --- target: ath79/generic -openwrt_version: 22.03-SNAPSHOT brand_nice: Ubiquiti model_nice: UniFi AC Mesh Pro diff --git a/group_vars/role_corerouter/imageprofile.yml b/group_vars/role_corerouter/imageprofile.yml index 868111950..2c576c5a3 100644 --- a/group_vars/role_corerouter/imageprofile.yml +++ b/group_vars/role_corerouter/imageprofile.yml @@ -1,7 +1,9 @@ --- role_corerouter__packages__to_merge: - - babeld - - luci-app-babeld + - bird2-babelpatch + - bird2c + - bgpdisco + - bgpdisco-plugin-nameservice - collectd-mod-dhcpleases - collectd-mod-olsrd - collectd-mod-conntrack diff --git a/group_vars/role_gateway/general.yml b/group_vars/role_gateway/general.yml index 0bd2f72b6..71eee2222 100644 --- a/group_vars/role_gateway/general.yml +++ b/group_vars/role_gateway/general.yml @@ -1,6 +1,6 @@ --- -freifunk_global_prefix: 2001:bf7::/32 +#freifunk_global_prefix -> has been migrated to group_vars/all/general.yml freifunk_wahlkreis_prefixes: - 2001:bf7:750::/44 - 2001:bf7:760::/44 @@ -37,7 +37,7 @@ wireguard_wg_pub: '/etc/wireguard/wg.pub' # If it is set wireguard_wg_key and wireguard_wg_pub are not used. wireguard_wg_tmp_key: false -gre_metric: 64 +gre_metric: 256 # Match default RX Cost ## FIREWALL SECTION @@ -55,6 +55,10 @@ gre_metric: 64 conntrackd_port: 3780 +# Rate Limit for DNS replies +untracked_flows_dns_rate: 5000 +untracked_flows_dns_burst: 2500 + # Rate Limit for packets with ACK flag set untracked_flows_tcp_ack_rate: 5000 untracked_flows_tcp_ack_burst: 2500 @@ -94,6 +98,10 @@ inbound_allow: dst: 2001:bf7:830:1029::/64 - name: 'cryptpad.berlin noc@stadtfunk.net' dst: 2001:bf7:750:5b00::/128 + - name: 'radbahn mt76 testing' + dst: 2001:bf7:830:c000::/56 + - name: 'gub37-core local public network' + dst: 2001:bf7:830:a7ce::1/64 # - name: Rule Description (mandatory) # dst: Destination IP (mandatory) # src: Source IP diff --git a/group_vars/role_gateway/imageprofile.yml b/group_vars/role_gateway/imageprofile.yml index b6e910fd9..bb2877846 100644 --- a/group_vars/role_gateway/imageprofile.yml +++ b/group_vars/role_gateway/imageprofile.yml @@ -3,10 +3,10 @@ role_uplink_gw__packages__to_merge: - -wpad-openssl - collectd-mod-conntrack - collectd-mod-olsrd + - collectd-mod-snmp - collectd-mod-snmp6 - olsrd - olsrd-mod-arprefresh - - olsrd-mod-dyn-gw - olsrd-mod-jsoninfo - olsrd-mod-nameservice - olsrd-mod-txtinfo @@ -22,16 +22,15 @@ role_uplink_gw__packages__to_merge: - luci-app-falter-owm-gui - iptables-mod-ipopt - kmod-ipt-ipopt - - bird2 + - bird2-babelpatch - bird2c - - babeld - - luci-app-babeld + - bgpdisco + - bgpdisco-plugin-nameservice - ip-full - gre - wireguard-tools - kmod-wireguard - wg-installer-server - - wg-installer-server-hotplug-babeld - wg-installer-server-hotplug-olsrd - conntrackd - samplicator diff --git a/group_vars/target_ipq40xx_generic b/group_vars/target_ipq40xx_generic index 4c3ab9e85..95112bcfa 100644 --- a/group_vars/target_ipq40xx_generic +++ b/group_vars/target_ipq40xx_generic @@ -1,21 +1,5 @@ --- -target__packages__to_merge: - # Work around ipq40xx ethernet instabilities - - naywatch - # Use OpenSSL because WolfSSL and MbedTLS are broken on ipq40xx - - -wpad-basic - - -wpad-basic-mbedtls - - -wpad-basic-wolfssl - - -hostapd-wolfssl - - -hostapd-mbedtls - - -libustream-mbedtls - - -libustream-wolfssl - - -px5g-mbedtls - - -px5g-wolfssl - - libustream-openssl - - hostapd-openssl - multicore: true sysfs_overrides: diff --git a/group_vars/version_22_03_snapshot.yml b/group_vars/version_22_03_snapshot.yml deleted file mode 100644 index 3b64736c0..000000000 --- a/group_vars/version_22_03_snapshot.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -feed_version: 1.3.0-snapshot diff --git a/group_vars/version_23_05_snapshot.yml b/group_vars/version_23_05_snapshot.yml index 16f498c39..84677a779 100644 --- a/group_vars/version_23_05_snapshot.yml +++ b/group_vars/version_23_05_snapshot.yml @@ -1,2 +1,3 @@ --- +imagebuilder_suffix: xz feed_version: 1.4.0-snapshot diff --git a/group_vars/version_24_10_snapshot.yml b/group_vars/version_24_10_snapshot.yml new file mode 100644 index 000000000..801052cae --- /dev/null +++ b/group_vars/version_24_10_snapshot.yml @@ -0,0 +1,2 @@ +--- +feed_version: 1.5.0-snapshot diff --git a/group_vars/version_snapshot.yml b/group_vars/version_snapshot.yml index f1dfb44eb..dfe00a251 100644 --- a/group_vars/version_snapshot.yml +++ b/group_vars/version_snapshot.yml @@ -1,5 +1,4 @@ --- -# Don't use falter master, breaking changes are expected at the moment (7/2023) -feed_version: 1.4.0-snapshot - -imagebuilder_filename: "openwrt-imagebuilder-{{ target | replace('/','-') }}.Linux-x86_64.tar.zst" +feed_version: snapshot +imagebuilder_filename: "openwrt-imagebuilder-{{ target | replace('/', '-') }}.Linux-x86_64.tar.zst" +feed: "https://firmware.berlin.freifunk.net/feed/{{ feed_version }}/packages/{{ instr_set }}/falter/packages.adb" diff --git a/host_vars/hds-core/base.yml b/host_vars/hds-core/base.yml deleted file mode 100644 index 33b253780..000000000 --- a/host_vars/hds-core/base.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -location: hds -role: corerouter -model: "mikrotik_routerboard-750gr3" diff --git a/host_vars/hds-ffraum/base.yml b/host_vars/hds-ffraum/base.yml deleted file mode 100644 index 8af65563d..000000000 --- a/host_vars/hds-ffraum/base.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -location: hds-ffraum -role: corerouter -model: "ubnt_unifiac-pro" -wireless_profile: freifunk_default diff --git a/inventory/base_inventory b/inventory/base_inventory index c59f50422..b713ea1b2 100755 --- a/inventory/base_inventory +++ b/inventory/base_inventory @@ -18,16 +18,14 @@ case "$1" in { "all": { "hosts": $( - # Print all hostnames from locations/ and host_vars/ directories. - ( echo "$locjson" | jq -s -r '.[].hosts[].hostname' \ - ; find host_vars/* -type d -print0 | xargs -0 -n1 basename ) \ + # Get all hostnames from locations/ directory. + echo "$locjson" | jq -s -r '.[].hosts[].hostname' \ | jq -s -R 'split("\n") | map(select(length > 0))' ) }, "_meta": { "hostvars": $( # Assemble hostvars for all hostnames from locations/ directory. - # For hosts defined in host_vars/ they're loaded by Ansible later. echo "$locjson" \ | jq -s -c '.[] | . as $locvars | .hosts[] | {(.hostname): (. + ($locvars | del(.hosts)) + .)}' \ | jq -s add diff --git a/inventory/host_vars b/inventory/host_vars deleted file mode 120000 index f1e217dc5..000000000 --- a/inventory/host_vars +++ /dev/null @@ -1 +0,0 @@ -../host_vars/ \ No newline at end of file diff --git a/locations/ak36.yml b/locations/ak36.yml index b24524037..9b4d36879 100644 --- a/locations/ak36.yml +++ b/locations/ak36.yml @@ -7,14 +7,15 @@ longitude: 13.369589 altitude: 75 community: true +local_asn: 65023 +peer_asn: 44194 + hosts: - hostname: ak36-gw role: gateway model: "x86-64" image_search_pattern: "*-ext4-combined.img*" - ak36__disabled_services__to_merge: - - "bird" snmp_devices: - hostname: ak36-poe-roof @@ -52,7 +53,7 @@ ipv6_prefix: 2001:bf7:750:4000::/56 uplink: ifname: eth0 ipv4: 77.87.51.11/25 - # ipv6: ToDo + ipv6: 2001:bf7:b301:1312::1/127 mgmt: ifname: eth1.42 @@ -79,43 +80,43 @@ mesh_links: ifname: eth1.10 ipv4: 10.31.130.160/32 ipv6: 2001:bf7:750:4001::1/128 - metric: 1024 + mesh_metric: 1024 ptp: true - name: mesh_flughafen ifname: eth1.11 ipv4: 10.31.130.161/32 ipv6: 2001:bf7:750:4001::2/128 - metric: 1024 + mesh_metric: 128 ptp: true - name: mesh_dtmb ifname: eth1.12 ipv4: 10.31.130.162/32 ipv6: 2001:bf7:750:4001::3/128 - metric: 1024 + mesh_metric: 1024 ptp: true - name: mesh_bbbvpn - ifname: eth1.198 + ifname: eth2 ipv4: 10.31.130.164/32 # the bbb-vpn setup is ipv4-only for now # ipv6: 2001:bf7:750:4001::5/128 - metric: 1024 + mesh_metric: 1024 ptp: true - name: mesh_rhnk ifname: eth1.14 ipv4: 10.31.130.165/32 ipv6: 2001:bf7:750:4001::6/128 - metric: 256 + mesh_metric: 128 ptp: true - name: mesh_teufel ifname: eth1.15 ipv4: 10.31.130.166/32 ipv6: 2001:bf7:750:4001::7/128 - metric: 1024 + mesh_metric: 128 ptp: true # OLSR Announce SmartGateway diff --git a/locations/b49.yml b/locations/b49.yml new file mode 100644 index 000000000..a106ba79c --- /dev/null +++ b/locations/b49.yml @@ -0,0 +1,129 @@ +--- +location: b49 +location_nice: "Badstraße 49, 13357 Berlin" +latitude: 52.552578266 +longitude: 13.380162120 +contact_nickname: 'Noki' +contacts: + - '@noki-:matrix.org' + +hosts: + - hostname: b49-core + role: corerouter + model: "dlink_covr-x1860-a1" + wireless_profile: freifunk_default + mac_override: {eth0: 0c:0e:76:cf:2e:41} + +snmp_devices: + - hostname: b49-nanostation + address: 10.31.240.2 + snmp_profile: airos_8 + +ipv6_prefix: '2001:bf7:830:b500::/56' + +# got following prefixes: +# Router: 10.31.240.0/24 +# --MGMT: 10.31.240.0/27 +# --MESH: 10.31.240.32/27 +# --UPLK: 10.31.240.64/27 +# --DHCP: 10.31.240.96/27 (HOST, UNUSED) +# --DHCP: 10.31.240.128/26 (PUBLIC) +# --DHCP: 10.31.240.192/26 (PRIVATE, UNUSED) + +# Disable noping +dhcp_no_ping: false + +networks: + # MESH - Nanostation + - vid: 10 + role: mesh + name: mesh_ns_5ac + prefix: 10.31.240.32/32 + ipv6_subprefix: -10 + ptp: true + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.240.33/32 + ipv6_subprefix: -20 + mesh_ap: b49-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.240.34/32 + ipv6_subprefix: -21 + # make mesh_metric(s) for 2GHz worse than 5GHz + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.8'] + mesh_ap: b49-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.240.128/26 + ipv6_subprefix: 0 + assignments: + b49-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.240.0/27 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + b49-core: 1 # 10.31.240.1 + b49-nanostation: 2 # 10.31.240.2 + + # UPLK + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.31.240.36/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.31.240.37/32 + wireguard_port: 51821 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + b49-core: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + b49-core: 13-20 + +# SSH Keys +ssh_keys: + - comment: Noki + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPjIgJKflHEYOIdskwalr83PflhPmFkrAebP2bUkOE11 Noki + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/bht.yml b/locations/bht.yml index e535ee908..680007107 100644 --- a/locations/bht.yml +++ b/locations/bht.yml @@ -1,7 +1,7 @@ --- location: bht -location_nice: Berliner Hochschule fuer Technik +location_nice: Berliner Hochschule fuer Technik, Luxemburger Straße 10, 13353 Berlin latitude: 52.544407831736 longitude: 13.352562785148 altitude: 88 @@ -10,13 +10,18 @@ contacts: - 'isprotejesvalkata [attt] gmail com' hosts: - - hostname: bht-core role: corerouter - model: "tplink_tl-wdr4900-v1" - wireless_profile: freifunk_default + model: mikrotik_routerboard-750gr3 snmp_devices: + - hostname: bht-switch-1 + address: 10.31.166.2 + snmp_profile: edgeswitch + + - hostname: bht-switch-2 + address: 10.31.166.3 + snmp_profile: edgeswitch - hostname: bht-segen address: 10.31.166.5 @@ -61,146 +66,155 @@ snmp_devices: airos_dfs_reset: - name: "bht-segen" target: "10.31.166.5" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-perleberger36" target: "10.31.166.6" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-scherer8" target: "10.31.166.7" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-nord" target: "10.31.166.8" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-chris" target: "10.31.166.9" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-jup" target: "10.31.166.10" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-ost" target: "10.31.166.11" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-sued" target: "10.31.166.12" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-fardf" target: "10.31.166.13" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-west" target: "10.31.166.14" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "0-23" ipv6_prefix: "2001:bf7:750:1200::/56" +# ROUTER: 10.230.23.128/27 +# --MESH: 10.230.23.128/28 +# --DHCP: 10.230.23.144/28 +# --MGMT: 10.31.166.0/27 + networks: - - vid: 111 + - vid: 10 role: mesh name: mesh_segen - prefix: 10.230.23.141/32 - ipv6_subprefix: -1 + prefix: 10.230.23.128/32 + ipv6_subprefix: -10 ptp: true + # Prefer routing via perleberger36 over segen mesh_metric: 1024 mesh_metric_lqm: ['default 0.2'] - - vid: 112 + - vid: 11 role: mesh name: mesh_perleberger36 - prefix: 10.230.23.142/32 - ipv6_subprefix: -2 + prefix: 10.230.23.129/32 + ipv6_subprefix: -11 ptp: true + # Prefer routing via perleberger36 over segen, chris, mela, weidenbaum + mesh_metric: 256 - - vid: 113 + + - vid: 12 role: mesh name: mesh_scherer8 - prefix: 10.230.23.143/32 - ipv6_subprefix: -3 - ptp: true + prefix: 10.230.23.130/32 + ipv6_subprefix: -12 - - vid: 114 + - vid: 13 role: mesh name: mesh_nord - prefix: 10.230.23.144/32 - ipv6_subprefix: -4 + prefix: 10.230.23.131/32 + ipv6_subprefix: -13 - - vid: 115 + - vid: 14 role: mesh name: mesh_chris - prefix: 10.230.23.145/32 - ipv6_subprefix: -5 - ptp: true + prefix: 10.230.23.132/32 + ipv6_subprefix: -14 - - vid: 116 + - vid: 15 role: mesh name: mesh_jup - prefix: 10.230.23.146/32 - ipv6_subprefix: -6 - ptp: true + prefix: 10.230.23.133/32 + ipv6_subprefix: -15 + # Set metrics similar as for mesh_segen so path via jup is always worse + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.25'] - - vid: 117 + - vid: 16 role: mesh name: mesh_ost - prefix: 10.230.23.147/32 - ipv6_subprefix: -7 + prefix: 10.230.23.134/32 + ipv6_subprefix: -16 - - vid: 118 + - vid: 17 role: mesh name: mesh_sued - prefix: 10.230.23.148/32 - ipv6_subprefix: -8 + prefix: 10.230.23.135/32 + ipv6_subprefix: -17 - - vid: 119 + - vid: 18 role: mesh name: mesh_fardf - prefix: 10.230.23.149/32 - ipv6_subprefix: -9 - ptp: true + prefix: 10.230.23.136/32 + ipv6_subprefix: -18 - - vid: 128 + - vid: 19 role: mesh name: mesh_west - prefix: 10.230.23.158/32 - ipv6_subprefix: -28 + prefix: 10.230.23.137/32 + ipv6_subprefix: -19 + # Prefer routing via perleberger36 over chris, mela, weidenbaum + mesh_metric: 1024 - - vid: 104 + - vid: 40 role: dhcp - prefix: 10.230.23.152/29 + prefix: 10.230.23.144/28 ipv6_subprefix: 0 - untagged: true assignments: bht-core: 1 - - vid: 102 + - vid: 424 role: mgmt prefix: 10.31.166.0/27 gateway: 1 @@ -208,8 +222,8 @@ networks: ipv6_subprefix: 1 assignments: bht-core: 1 - bht-er1: 2 - bht-er2: 3 + bht-switch-1: 2 + bht-switch-2: 3 bht-segen: 5 bht-perleberger36: 6 bht-scherer8: 7 diff --git a/locations/bilgi.yml b/locations/bilgi.yml new file mode 100644 index 000000000..3023cc0b3 --- /dev/null +++ b/locations/bilgi.yml @@ -0,0 +1,78 @@ +--- +location: bilgi +location_nice: Oranienstrasse 45, 10969 Berlin +latitude: 52.50294 +longitude: 13.41419 +altitude: 41 +height: 1 +contact_nickname: Bilgisaray Kollektiv +community: true + +hosts: + + - hostname: bilgi-core + role: corerouter + model: "avm_fritzbox-4040" + wireless_profile: freifunk_default + +# ROUTER: 10.248.23.128/26 +# --MGMT: 10.248.23.128/28 +# --MESH: 10.248.23.144/28 +# --DHCP: 10.248.23.160/27 + +ipv6_prefix: "2001:bf7:830:cc00::/56" + +networks: + + - vid: 20 + role: mesh + name: mesh_5ghz + prefix: 10.248.23.144/32 + ipv6_subprefix: -20 + mesh_ap: bilgi-core + mesh_radio: 11a_standard + mesh_iface: mesh + + - vid: 21 + role: mesh + name: mesh_2ghz + prefix: 10.248.23.145/32 + ipv6_subprefix: -21 + mesh_ap: bilgi-core + mesh_radio: 11g_standard + mesh_iface: mesh + + - vid: 40 + role: dhcp + name: dhcp + prefix: 10.248.23.160/27 + ipv6_subprefix: 0 + inbound_filtering: true + enforce_client_isolation: true + assignments: + bilgi-core: 1 + + - vid: 42 + role: mgmt + prefix: 10.248.23.128/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + bilgi-core: 1 + + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.23.146/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.23.147/32 + wireguard_port: 51821 diff --git a/locations/c-base.yml b/locations/c-base.yml new file mode 100644 index 000000000..7be7ddc30 --- /dev/null +++ b/locations/c-base.yml @@ -0,0 +1,115 @@ +--- +location: c-base +location_nice: "Rungestraße 20, 10179 Berlin" +latitude: 52.512865 +longitude: 13.42017 +altitude: 35 +contacts: + - "#freifunk-site-cbase:matrix.riotcat.org" + +hosts: + - hostname: c-base-core + role: corerouter + model: "avm_fritzbox-7530" + wireless_profile: freifunk_default + + - hostname: c-base-nf-1 + role: ap + model: "mikrotik_sxtsq-5-ac" + mac_override: + eth0: dc:2c:6e:ca:32:d8 + + - hostname: c-base-nf-2 + role: ap + model: "mikrotik_sxtsq-5-ac" + mac_override: + eth0: dc:2c:6e:c4:36:57 + +snmp_devices: + - hostname: c-base-switch + address: 10.31.134.98 + snmp_profile: edgeswitch + + - hostname: c-base-mesh-ssw + address: 10.31.134.101 + snmp_profile: airos_8 + +airos_dfs_reset: + - name: "c-base-mesh-ssw" + target: "10.31.134.101" + username: "ubnt" + password: "/root/pwd" + daytime_limit: "2-7" + +ipv6_prefix: "2001:bf7:760:4800::/56" + +# reservierte IPs +# 10.31.136.0/24 DHCP +# 10.31.134.96/28 MGMT +# 10.31.134.112/28 Mesh + +networks: + - vid: 4 + role: uplink + + - vid: 11 + role: mesh + name: mesh_ssw + prefix: 10.31.134.112/32 + ipv6_subprefix: -11 + + - vid: 20 + role: mesh + name: mesh_nf1 + prefix: 10.31.134.113/32 + ipv6_subprefix: -20 + mesh_ap: c-base-nf-1 + mesh_radio: 11a_standard + mesh_iface: mesh + + - vid: 21 + role: mesh + name: mesh_nf2 + prefix: 10.31.134.114/32 + ipv6_subprefix: -21 + mesh_ap: c-base-nf-2 + mesh_radio: 11a_standard + mesh_iface: mesh + + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.136.0/24 + ipv6_subprefix: 0 + assignments: + c-base-core: 1 + + - vid: 42 + role: mgmt + prefix: 10.31.134.96/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + c-base-core: 1 + c-base-switch: 2 + c-base-nf-1: 3 + c-base-nf-2: 4 + c-base-mesh-ssw: 5 + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.31.134.115/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.31.134.116/32 + wireguard_port: 51821 + +location__ssh_keys__to_merge: + - comment: charly + key: ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFndetEGRuYzJV7fwNFlf1r498La1CIHpgLSbsfmqzlI8beLyB28o/ewMH4wY+sHO7cYWzsWAyRA0TXBu7ULC9Oq/pbNyI8FEQjW25j1Bbx4XRx8uqcS2qO9bc65fMWlwQ== diff --git a/locations/casa-kua.yml b/locations/casa-kua.yml deleted file mode 100644 index 4bf642d9c..000000000 --- a/locations/casa-kua.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- - -location: casa-kua -location_nice: Casa Kuà -latitude: 52.50134038554727 -longitude: 13.42292022730152 -altitude: 49 -community: true - -hosts: - - - hostname: casa-kua-core - role: corerouter - model: "glinet_gl-b1300" - - - hostname: casa-kua-ap1 - role: ap - model: "ubnt_unifiac-lite" - - - hostname: casa-kua-ap2 - role: ap - model: "ubnt_unifiac-lite" - - - hostname: casa-kua-ap3 - role: ap - model: "ubnt_unifiac-lite" - -# Casa Kua got following prefixes: -# --MGMT: 10.31.89.72/29 -# --MESH: 10.31.89.64/30 -# --DHCP: 10.31.154.128/25 -ipv6_prefix: "2001:bf7:830:a800::/56" - -networks: - - vid: 40 - role: dhcp - inbound_filtering: true - enforce_client_isolation: true - prefix: 10.31.154.128/25 - ipv6_subprefix: 0 - assignments: - casa-kua-core: 1 - - - vid: 42 - role: mgmt - prefix: 10.31.89.72/29 - gateway: 1 - dns: 1 - ipv6_subprefix: 1 - assignments: - casa-kua-core: 1 - casa-kua-ap1: 2 - casa-kua-ap2: 3 - casa-kua-ap3: 4 - - - vid: 50 - role: uplink - untagged: true - - - role: tunnel - ifname: ts_wg0 - mtu: 1280 - prefix: 10.31.89.64/32 - wireguard_port: 51820 - - - role: tunnel - ifname: ts_wg1 - mtu: 1280 - prefix: 10.31.89.65/32 - wireguard_port: 51821 diff --git a/locations/chris.yml b/locations/chris.yml index df27018f0..e8366cbdd 100644 --- a/locations/chris.yml +++ b/locations/chris.yml @@ -1,7 +1,7 @@ --- location: chris -location_nice: Christophorus Kirche +location_nice: 'Christophoruskirche, Schuckertdamm 336-340, 13629 Berlin' latitude: 52.541461 longitude: 13.267025 altitude: 65 @@ -39,9 +39,9 @@ snmp_devices: address: 10.230.18.3 snmp_profile: airos_6 - - hostname: chris-tub + - hostname: chris-teufelsberg address: 10.230.18.4 - snmp_profile: airos_6 + snmp_profile: airos_8 - hostname: chris-n-5ghz address: 10.230.18.5 @@ -71,7 +71,7 @@ networks: - vid: 11 role: mesh - name: mesh_tub + name: mesh_tberg prefix: 10.230.18.162/32 ipv6_subprefix: -2 ptp: true @@ -105,7 +105,6 @@ networks: name: 11s_n_2ghz prefix: 10.230.18.167/32 ipv6_subprefix: -7 - mesh_metric: 1024 mesh_ap: chris-n-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -115,7 +114,6 @@ networks: name: 11s_o_2ghz prefix: 10.230.18.169/32 ipv6_subprefix: -9 - mesh_metric: 1024 mesh_ap: chris-o-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -125,7 +123,6 @@ networks: name: 11s_s_2ghz prefix: 10.230.18.170/32 ipv6_subprefix: -10 - mesh_metric: 1024 mesh_ap: chris-s-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -135,7 +132,6 @@ networks: name: 11s_w_2ghz prefix: 10.230.18.171/32 ipv6_subprefix: -11 - mesh_metric: 1024 mesh_ap: chris-w-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -159,7 +155,7 @@ networks: chris-core: 1 chris-switch: 2 chris-bht: 3 - chris-tub: 4 + chris-teufelsberg: 4 chris-n-5ghz: 5 chris-o-5ghz: 6 diff --git a/locations/colbe15.yml b/locations/colbe15.yml index e34363cc5..3fce8ab08 100644 --- a/locations/colbe15.yml +++ b/locations/colbe15.yml @@ -28,7 +28,6 @@ networks: name: mesh_scharni prefix: 10.31.52.237/32 ipv6_subprefix: -3 - mesh_metric: 2048 mesh_ap: colbe15-ap1 mesh_radio: 11a_standard mesh_iface: mesh @@ -70,14 +69,6 @@ location__channel_assignments_11a_standard__to_merge: location__wireless_profiles__to_merge: - name: colbe15 - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: colbe15.freifunk.net diff --git a/locations/cralle.yml b/locations/cralle.yml index c182b1f7f..4c266dd62 100644 --- a/locations/cralle.yml +++ b/locations/cralle.yml @@ -13,18 +13,23 @@ hosts: role: corerouter model: "avm_fritzbox-4040" wireless_profile: freifunk_default + - hostname: cralle-west-nf + role: ap + model: mikrotik_sxtsq-5-ac + wireless_profile: freifunk_default + mac_override: {eth0: dc:11:22:11:22:11} # 10.31.113.92/30 - mgmt -# 10.31.113.88/30 - mesh -# 10.31.245.96/27 - dhcp +# 10.31.113.88/30 10.31.184.7/32 - mesh +# 10.248.18.0/25 - dhcp -ipv6_prefix: "2001:bf7:750:6000::/56" +ipv6_prefix: "2001:bf7:750:7100::/56" networks: - vid: 40 role: dhcp name: dhcp - prefix: 10.31.245.96/25 + prefix: 10.248.18.0/25 ipv6_subprefix: 40 inbound_filtering: true enforce_client_isolation: true @@ -33,31 +38,64 @@ networks: - vid: 42 role: mgmt - prefix: 10.31.113.92/29 + prefix: 10.31.113.92/30 gateway: 1 dns: 1 ipv6_subprefix: 1 assignments: cralle-core: 1 + cralle-west-nf: 2 - vid: 50 role: uplink untagged: true + - vid: 20 + role: mesh + name: mesh_5ghz + prefix: 10.31.113.88/32 + ipv6_subprefix: -1 + mesh_ap: cralle-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2ghz + prefix: 10.31.113.89/32 + ipv6_subprefix: -2 + # make mesh_metric for 2GHz worse than 5GHz + mesh_metric_lqm: ['default 0.8'] + mesh_ap: cralle-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # MESH - 5 GHz 802.11s west nf + - vid: 22 + role: mesh + name: mesh5_w_nf + prefix: 10.31.113.90/32 + ipv6_subprefix: -3 + mesh_ap: cralle-west-nf + mesh_radio: 11a_standard + mesh_iface: mesh + - role: tunnel ifname: ts_wg0 mtu: 1280 - prefix: 10.31.113.88/32 + prefix: 10.31.113.91/32 wireguard_port: 51820 - role: tunnel ifname: ts_wg1 mtu: 1280 - prefix: 10.31.113.89/32 + prefix: 10.31.184.7/32 wireguard_port: 51821 location__channel_assignments_11a_standard__to_merge: cralle-core: 36-20 + cralle-west-nf: 44-20 location__channel_assignments_11g_standard__to_merge: cralle-core: 13-20 diff --git a/locations/dragonkiez-adlerhalle.yml b/locations/dragonkiez-adlerhalle.yml index f014b97d3..d41cee0c9 100644 --- a/locations/dragonkiez-adlerhalle.yml +++ b/locations/dragonkiez-adlerhalle.yml @@ -18,14 +18,9 @@ snmp_devices: address: 10.31.34.46 snmp_profile: airos_8 -ipv6_prefix: "2001:bf7:830:b3c0::/58" +ipv6_prefix: "2001:bf7:830:cf00::/56" # 10.31.177.160/27 -# Dragonerareal 2001:bf7:830:b300::/56 -# Buero 2001:bf7:830:b300::/58 -# Dorfplatz 2001:bf7:830:b340::/58 -# clubmiami 2001:bf7:830:b380::/58 -# Adlerhalle 2001:bf7:830:b3c0::/58 # DHCP: 10.31.187.128/25 # UPLINK: 10.31.34.44/30 # 802.11s MESH: @@ -37,7 +32,6 @@ networks: role: mesh prefix: 10.31.34.44/30 ipv6_subprefix: -1 - metric: 1024 ptp: true assignments: dragonkiez-adlerhalle: 1 @@ -68,8 +62,7 @@ networks: name: mesh_2ghz prefix: 10.31.23.32/32 ipv6_subprefix: -3 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: dragonkiez-adlerhalle mesh_radio: 11g_standard diff --git a/locations/dragonkiez-buero.yml b/locations/dragonkiez-buero.yml index 6cdd240b2..04a021b14 100644 --- a/locations/dragonkiez-buero.yml +++ b/locations/dragonkiez-buero.yml @@ -18,14 +18,9 @@ snmp_devices: address: 10.31.23.114 snmp_profile: airos_8 -ipv6_prefix: "2001:bf7:830:b300::/58" +ipv6_prefix: "2001:bf7:830:d000::/56" # 10.31.177.160/27 -# Dragonerareal 2001:bf7:830:b300::/56 -# Buero 2001:bf7:830:b300::/58 -# Dorfplatz 2001:bf7:830:b340::/58 -# Rathausblock Miami 2001:bf7:830:b380::/58 -# Adlerhalle 2001:bf7:830:b3c0::/58 # DHCP: 10.31.177.160/27 # UPLINK: 10.31.23.112/30 # MESH: 10.31.19.45 10.31.19.46 10.31.19.47 @@ -36,7 +31,6 @@ networks: role: mesh prefix: 10.31.23.112/30 ipv6_subprefix: -1 - metric: 1024 ptp: true assignments: dragonkiez-buero: 1 @@ -54,14 +48,6 @@ networks: location__wireless_profiles__to_merge: - name: dragonkiez_buero - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: kiezraum2.berlin.freifunk.net diff --git a/locations/dragonkiez-dorfplatz.yml b/locations/dragonkiez-dorfplatz.yml index 8edc19cde..94297506a 100644 --- a/locations/dragonkiez-dorfplatz.yml +++ b/locations/dragonkiez-dorfplatz.yml @@ -21,14 +21,9 @@ snmp_devices: address: 10.31.28.250 snmp_profile: airos_8 -ipv6_prefix: "2001:bf7:830:b340::/58" +ipv6_prefix: "2001:bf7:830:b300::/56" # 10.31.177.160/27 -# Dragonerareal 2001:bf7:830:b300::/56 -# Buero 2001:bf7:830:b300::/58 -# Dorfplatz 2001:bf7:830:b340::/58 -# clubmiami 2001:bf7:830:b380::/58 -# Adlerhalle 2001:bf7:830:b3c0::/58 # DHCP: 10.31.186.128/25 # UPLINK: 10.31.28.248/30 # 802.11s MESH: @@ -41,7 +36,6 @@ networks: role: mesh prefix: 10.31.28.248/30 ipv6_subprefix: -1 - metric: 1024 ptp: true assignments: dragonkiez-dorfplatz: 1 @@ -75,8 +69,7 @@ networks: name: mesh_2ghz prefix: 10.31.28.245/32 ipv6_subprefix: -3 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: dragonkiez-dorfplatz mesh_radio: 11g_standard @@ -98,8 +91,7 @@ networks: name: mesh2_ap1 prefix: 10.31.28.247/32 ipv6_subprefix: -5 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: dragonkiez-dorfplatz-ap1 mesh_radio: 11g_standard diff --git a/locations/dragonkiez-kiezraum.yml b/locations/dragonkiez-kiezraum.yml index c291daec4..b9305e49d 100644 --- a/locations/dragonkiez-kiezraum.yml +++ b/locations/dragonkiez-kiezraum.yml @@ -31,7 +31,6 @@ networks: name: mesh_rhxb prefix: 10.31.92.240/32 ipv6_subprefix: -1 - metric: 1024 ptp: true - vid: 40 @@ -69,8 +68,7 @@ networks: name: mesh_2ghz prefix: 10.31.92.242/32 ipv6_subprefix: -3 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: dragonkiez-kiezraum mesh_radio: 11g_standard diff --git a/locations/dragonkiez-plangarage.yml b/locations/dragonkiez-plangarage.yml deleted file mode 100644 index 2afbf15ff..000000000 --- a/locations/dragonkiez-plangarage.yml +++ /dev/null @@ -1,84 +0,0 @@ ---- -location: dragonkiez-plangarage -location_nice: Dragonkiez Plangarage -latitude: 52.49550240409573 -longitude: 13.38777191534464 -altitude: 37 -height: 2 -community: true - -hosts: - - hostname: dragonkiez-plangarage - role: corerouter - model: "ubnt_unifiac-mesh" - wireless_profile: freifunk_default - -snmp_devices: - - hostname: dragonkiez-plangarage-rhxb - address: 10.31.92.98 - snmp_profile: airos_6 - -ipv6_prefix: "2001:bf7:830:3000::/56" - -# 10.31.92.64/26 2001:bf7:830:3000::/56 -# DHCP: 10.230.124.160/27 -# MGMT: 10.31.92.96/28 -# MESH: 10.31.92.112/28 - -networks: - - vid: 10 - role: mesh - name: mesh_rhxb - prefix: 10.31.92.112/32 - ipv6_subprefix: -1 - - - vid: 40 - role: dhcp - inbound_filtering: false - enforce_client_isolation: false - prefix: 10.230.124.160/27 - ipv6_subprefix: 0 - untagged: true - assignments: - dragonkiez-plangarage: 1 - - - vid: 42 - role: mgmt - prefix: 10.31.92.96/28 - gateway: 1 - dns: 1 - ipv6_subprefix: 1 - assignments: - dragonkiez-plangarage: 1 - dragonkiez-plangarage-rhxb: 2 - - # MESH - 5 GHz 802.11s - - vid: 20 - role: mesh - name: mesh_5ghz - prefix: 10.31.92.113/32 - ipv6_subprefix: -2 - mesh_ap: dragonkiez-plangarage - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - - vid: 21 - role: mesh - name: mesh_2ghz - prefix: 10.31.92.114/32 - ipv6_subprefix: -3 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: dragonkiez-plangarage - mesh_radio: 11g_standard - mesh_iface: mesh - -# AP-id, wifi-channel, bandwidth, txpower -location__channel_assignments_11a_standard__to_merge: - dragonkiez-plangarage: 36-40 - -# AP-id, wifi-channel, bandwidth, txpower -location__channel_assignments_11g_standard__to_merge: - dragonkiez-plangarage: 13-20 diff --git a/locations/dragonkiez-rathausblock-miami.yml b/locations/dragonkiez-rathausblock-miami.yml index 132859dde..d9c546b92 100644 --- a/locations/dragonkiez-rathausblock-miami.yml +++ b/locations/dragonkiez-rathausblock-miami.yml @@ -26,13 +26,8 @@ snmp_devices: address: 10.31.30.34 snmp_profile: airos_8 -ipv6_prefix: "2001:bf7:830:b380::/58" +ipv6_prefix: "2001:bf7:830:d100::/56" -# Dragonerareal 2001:bf7:830:b300::/56 -# Buero 2001:bf7:830:b300::/58 -# Dorfplatz 2001:bf7:830:b340::/58 -# clubmiami 2001:bf7:830:b380::/58 -# Adlerhalle 2001:bf7:830:b3c0::/58 # DHCP: 10.31.187.0/25 # UPLINK: 10.31.30.32/30 # 802.11s MESH: @@ -45,7 +40,6 @@ networks: role: mesh prefix: 10.31.30.32/30 ipv6_subprefix: -1 - metric: 1024 ptp: true assignments: dragonkiez-rathausblock-miami: 1 @@ -80,8 +74,7 @@ networks: name: mesh2_ap1 prefix: 10.31.30.25/32 ipv6_subprefix: -3 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: dragonkiez-rathausblock-miami-ap1 mesh_radio: 11g_standard @@ -103,8 +96,7 @@ networks: name: mesh2_ap2 prefix: 10.31.30.27/32 ipv6_subprefix: -5 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: dragonkiez-rathausblock-miami-ap2 mesh_radio: 11g_standard diff --git a/locations/dtmb.yml b/locations/dtmb.yml index 6199d1ed5..1b8f39566 100644 --- a/locations/dtmb.yml +++ b/locations/dtmb.yml @@ -50,7 +50,7 @@ snmp_devices: address: 10.31.131.21 snmp_profile: airos_6 - - hostname: dtmb-m2-2 + - hostname: dtmb-m2-3 address: 10.31.131.22 snmp_profile: airos_6 diff --git a/locations/e16outdoor.yml b/locations/e16outdoor.yml index 7dbf12184..4aa48838f 100644 --- a/locations/e16outdoor.yml +++ b/locations/e16outdoor.yml @@ -77,8 +77,7 @@ networks: name: mesh_11s_2ghz prefix: 10.31.142.33/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: e16outdoor-core mesh_radio: 11g_standard diff --git a/locations/eberswalder7.yml b/locations/eberswalder7.yml index 43719ddb2..193a29128 100644 --- a/locations/eberswalder7.yml +++ b/locations/eberswalder7.yml @@ -55,8 +55,7 @@ networks: name: mesh_11s_2g prefix: 10.31.238.210/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.5'] mesh_ap: eberswalder7-core mesh_radio: 11g_standard diff --git a/locations/ekke.yml b/locations/ekke.yml index 465302eec..2c48ca81b 100644 --- a/locations/ekke.yml +++ b/locations/ekke.yml @@ -93,14 +93,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: ekke - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/elsekiehl.yml b/locations/elsekiehl.yml index b34ee439c..82bfdab58 100644 --- a/locations/elsekiehl.yml +++ b/locations/elsekiehl.yml @@ -29,6 +29,8 @@ hosts: role: corerouter model: "avm_fritzbox-7530" wireless_profile: freifunk_default + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 ipv6_prefix: '2001:bf7:820:1800::/56' @@ -66,8 +68,7 @@ networks: name: mesh_11s_2ghz prefix: 10.31.179.33/32 ipv6_subprefix: -2 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: elsekiehl-core mesh_radio: 11g_standard @@ -83,23 +84,6 @@ networks: assignments: elsekiehl-core: 1 - # WIREGUARD - - vid: 50 - role: uplink - untagged: true - - - role: tunnel - ifname: ts_wg0 - mtu: 1280 - prefix: 10.31.179.40/32 - wireguard_port: 51820 - - - role: tunnel - ifname: ts_wg1 - mtu: 1280 - prefix: 10.31.179.41/32 - wireguard_port: 51821 - # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: elsekiehl-core: 36-20 diff --git a/locations/emma.yml b/locations/emma.yml index ea5a08bae..143d2d476 100644 --- a/locations/emma.yml +++ b/locations/emma.yml @@ -9,8 +9,7 @@ community: true hosts: - hostname: emma-core role: corerouter - model: "avm_fritzbox-4040" - wireless_profile: freifunk_default + model: "mikrotik_routerboard-750gr3" snmp_devices: - hostname: emma-switch-no @@ -49,10 +48,6 @@ snmp_devices: address: 10.31.11.20 snmp_profile: airos_8 - - hostname: emma-ono-5ghz - address: 10.31.11.21 - snmp_profile: airos_8 - - hostname: emma-wsw-5ghz address: 10.31.11.22 snmp_profile: airos_8 @@ -79,31 +74,31 @@ airos_dfs_reset: username: "ubnt" password: "/root/pwd.txt" daytime_limit: "2-7" + - name: "emma-nno-5ghz" target: "10.31.11.20" username: "ubnt" password: "/root/pwd.txt" daytime_limit: "2-7" - - name: "emma-ono-5ghz" - target: "10.31.11.21" - username: "ubnt" - password: "/root/pwd.txt" - daytime_limit: "2-7" + - name: "emma-wsw-5ghz" target: "10.31.11.22" username: "ubnt" password: "/root/pwd.txt" daytime_limit: "2-7" + - name: "emma-wnw-5ghz" target: "10.31.11.23" username: "ubnt" password: "/root/pwd.txt" daytime_limit: "2-7" + - name: "emma-nnw-5ghz" target: "10.31.11.24" username: "ubnt" password: "/root/pwd.txt" daytime_limit: "2-7" + - name: "emma-sso-5ghz" target: "10.31.11.25" username: "ubnt" @@ -145,7 +140,6 @@ networks: # Airos 8, 5 GHz emma-oso-5ghz: 19 # Fenster 8, 20 MHz, center frequency 5580 MHz emma-nno-5ghz: 20 # Fenster 6, 20 MHz, center frequency 5600 MHz - emma-ono-5ghz: 21 # Fenster 7, 40 MHz, center frequency 5510 MHz emma-wsw-5ghz: 22 # Fenster 3, 20 MHz, center frequency 5620 MHz emma-wnw-5ghz: 23 # Fenster 4, 40 MHz, center frequency 5550 MHz emma-nnw-5ghz: 24 # Fenster 5, 20 MHz, center frequency 5700 MHz @@ -218,6 +212,7 @@ networks: name: mesh_wsw_60ghz prefix: 10.31.11.41/32 ipv6_subprefix: -18 + mesh_metric: 128 ptp: true - vid: 19 @@ -225,6 +220,7 @@ networks: name: mesh_nnw_60ghz prefix: 10.31.11.42/32 ipv6_subprefix: -19 + mesh_metric: 128 ptp: true - vid: 20 diff --git a/locations/fardf.yml b/locations/fardf.yml new file mode 100644 index 000000000..fa5a10d52 --- /dev/null +++ b/locations/fardf.yml @@ -0,0 +1,201 @@ +--- +location: fardf +location_nice: "Finanzamt Reinickendorf, Eichborndamm 208, 13403 Berlin" +latitude: 52.5870976 +longitude: 13.324892521 +altitude: 75 +community: true + +hosts: + - hostname: fardf-core + role: corerouter + model: "ubnt_unifiac-mesh" + wireless_profile: freifunk_default + +snmp_devices: + - hostname: fardf-switch + address: 10.248.11.130 + snmp_profile: edgeswitch + + - hostname: fardf-bht + address: 10.248.11.131 + snmp_profile: airos_8 + + - hostname: fardf-maerkisches + address: 10.248.11.132 + snmp_profile: airos_8 + + - hostname: fardf-sange + address: 10.248.11.133 + snmp_profile: airos_8 + + - hostname: fardf-nord + address: 10.248.11.134 + snmp_profile: airos_8 + + - hostname: fardf-ost + address: 10.248.11.135 + snmp_profile: airos_8 + + - hostname: fardf-sued + address: 10.248.11.136 + snmp_profile: airos_8 + + - hostname: fardf-west + address: 10.248.11.137 + snmp_profile: airos_8 + +airos_dfs_reset: + - name: "fardf-maerkisches" + target: "10.248.11.132" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "fardf-sange" + target: "10.248.11.133" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "fardf-nord" + target: "10.248.11.134" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "fardf-ost" + target: "10.248.11.135" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "fardf-sued" + target: "10.248.11.136" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "fardf-west" + target: "10.248.11.137" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + +# Got the following prefixes: +# Router: 10.248.11.128/26 +# --MGMT: 10.248.11.128/28 +# --MESH: 10.248.11.144/28 +# --DHCP: 10.248.11.160/27 + +ipv6_prefix: "2001:bf7:770:200::/56" + +networks: + # Mesh bht + - vid: 10 + role: mesh + name: mesh_bht + prefix: 10.248.11.144/32 + ipv6_subprefix: -10 + ptp: true + + # Mesh Märkisches Viertel + - vid: 11 + role: mesh + name: mesh_maerk + prefix: 10.248.11.145/32 + ipv6_subprefix: -11 + + # Mesh Sange + - vid: 12 + role: mesh + name: mesh_sange + prefix: 10.248.11.146/32 + ipv6_subprefix: -12 + + # Mesh Nord + - vid: 13 + role: mesh + name: mesh_nord + prefix: 10.248.11.147/32 + ipv6_subprefix: -13 + + # Mesh Ost + - vid: 14 + role: mesh + name: mesh_ost + prefix: 10.248.11.148/32 + ipv6_subprefix: -14 + + # Mesh Sued + - vid: 15 + role: mesh + name: mesh_sued + prefix: 10.248.11.149/32 + ipv6_subprefix: -15 + + # Mesh West + - vid: 16 + role: mesh + name: mesh_west + prefix: 10.248.11.150/32 + ipv6_subprefix: -16 + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.248.11.151/32 + ipv6_subprefix: -20 + mesh_ap: fardf-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.248.11.152/32 + ipv6_subprefix: -21 + mesh_ap: fardf-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.248.11.160/27 + ipv6_subprefix: 0 + assignments: + fardf-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.11.128/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + fardf-core: 1 # 10.248.11.129 - switch has a watchdog (10m) active for this device + # There are ping watchdogs setup at the switch that will trigger a power cycle for the devices if they become unreachable. + # The time for the watchdogs needs to be quite high so the devices can still be flashed without the need to deactivate the + # watchdogs prior to flashing. + fardf-switch: 2 # 10.248.11.130 + fardf-bht: 3 # 10.248.11.131 + fardf-maerkisches: 4 # 10.248.11.132 + fardf-sange: 5 # 10.248.11.133 + fardf-nord: 6 # 10.248.11.134 + fardf-ost: 7 # 10.248.11.135 + fardf-sued: 8 # 10.248.11.136 + fardf-west: 9 # 10.248.11.137 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + fardf-core: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + fardf-core: 13-20 diff --git a/locations/fffw-lebenshilfe.yml b/locations/fffw-lebenshilfe.yml index 231cf8685..59b87a484 100644 --- a/locations/fffw-lebenshilfe.yml +++ b/locations/fffw-lebenshilfe.yml @@ -56,7 +56,6 @@ networks: name: mesh_nno prefix: 10.30.96.43/32 ipv6_subprefix: -1 - mesh_metric: 1024 mesh_ap: fffw-lebenshilfe-nno-ap-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -66,7 +65,6 @@ networks: name: mesh_nw prefix: 10.30.96.44/32 ipv6_subprefix: -2 - mesh_metric: 1024 mesh_ap: fffw-lebenshilfe-nw-ap-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -76,7 +74,6 @@ networks: name: mesh_sso prefix: 10.30.96.45/32 ipv6_subprefix: -3 - mesh_metric: 1024 mesh_ap: fffw-lebenshilfe-sso-ap-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -86,7 +83,6 @@ networks: name: mesh_ono prefix: 10.30.96.46/32 ipv6_subprefix: -4 - mesh_metric: 1024 mesh_ap: fffw-lebenshilfe-ono-ap-2ghz mesh_radio: 11g_standard mesh_iface: mesh diff --git a/locations/forcki.yml b/locations/forcki.yml index d6081d349..b6ba223b7 100644 --- a/locations/forcki.yml +++ b/locations/forcki.yml @@ -23,23 +23,41 @@ ipv6_prefix: "2001:bf7:830:ac00::/56" # --DHCP: 10.31.168.128/27 networks: + - vid: 20 + role: mesh + name: mesh_core_5ghz + prefix: 10.31.168.178/32 + ipv6_subprefix: -20 + mesh_ap: forcki-core + mesh_radio: 11a_standard + mesh_iface: mesh + + - vid: 21 + role: mesh + name: mesh_core_2ghz + prefix: 10.31.168.179/32 + ipv6_subprefix: -21 + mesh_ap: forcki-core + mesh_radio: 11g_standard + mesh_iface: mesh + - vid: 40 role: dhcp inbound_filtering: true enforce_client_isolation: true prefix: 10.31.168.128/27 - ipv6_subprefix: 0 + ipv6_subprefix: 1 assignments: forcki-core: 1 - - vid: 20 - role: mesh - name: mesh_core_5ghz - prefix: 10.31.168.184/32 - ipv6_subprefix: -1 - mesh_ap: forcki-core - mesh_radio: 11a_standard - mesh_iface: mesh + - vid: 42 + role: mgmt + prefix: 10.31.168.160/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 0 + assignments: + forcki-core: 1 - vid: 50 untagged: true @@ -51,11 +69,8 @@ networks: prefix: 10.31.168.176/32 wireguard_port: 51820 - - vid: 42 - role: mgmt - prefix: 10.31.168.160/28 - gateway: 1 - dns: 1 - ipv6_subprefix: 1 - assignments: - forcki-core: 1 + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.31.168.177/32 + wireguard_port: 51821 diff --git a/locations/funkigel.yml b/locations/funkigel.yml new file mode 100644 index 000000000..38d82c95a --- /dev/null +++ b/locations/funkigel.yml @@ -0,0 +1,113 @@ +--- +location: funkigel +location_nice: Kleingartenkolonie Weidenbaum, Straße 70 Nr. 8+10, 13627 Berlin +latitude: 52.542411 +longitude: 13.302566 +altitude: 27 +height: 8 +contact_nickname: 'wbaum' +contacts: + - 'loeten@buerotiger.de' + - '@wbaum:matrix.org' + +hosts: + - hostname: funkigel + role: corerouter + model: "ubnt_unifiac-mesh" + wireless_profile: freifunk_default + +snmp_devices: + + - hostname: funkigel-frischauf + address: 10.248.9.194 + snmp_profile: airos_8 + +airos_dfs_reset: + - name: "funkigel-frischauf" + target: "10.248.9.194" + username: "ubnt" + password: "file:/root/pwd.txt" + daytime_limit: "2-7" + +ipv6_prefix: "2001:bf7:780:800::/56" + +# got following prefixes: +# Router: 10.248.9.192/26 +# 2001:bf7:780:800::/56 +# --MGMT: 10.248.9.192/28 +# --MESH: 10.248.9.208/29 +# --DHCP: 10.248.9.216/29 (HOST) +# --DHCP: 10.248.9.224/27 + +networks: + # MESH - PTMP / PTP Links + - vid: 10 + role: mesh + name: mesh_frisch + prefix: 10.248.9.208/32 + ipv6_subprefix: -10 + + # 802.11s Links + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.248.9.209/32 + ipv6_subprefix: -20 + mesh_ap: funkigel + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.248.9.210/32 + ipv6_subprefix: -21 + # make mesh_metric for 2.4 GHz worse than 5 GHz + mesh_metric_lqm: ['default 0.5'] + mesh_ap: funkigel + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + prefix: 10.248.9.224/27 + ipv6_subprefix: 0 + inbound_filtering: true + enforce_client_isolation: true + assignments: + funkigel: 1 + + # DHCP (HOST) without filtering and isolation + - vid: 41 + role: dhcp + name: host + untagged: true + prefix: 10.248.9.216/29 + ipv6_subprefix: 2 + inbound_filtering: false + enforce_client_isolation: false + assignments: + funkigel: 1 + funkigel-rpi: 2 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.9.192/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + funkigel: 1 # .193 + funkigel-frischauf: 2 # .194 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + funkigel: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + funkigel: 13-20 diff --git a/locations/gruni73.yml b/locations/gruni73.yml index 149e9b5c9..1ce2bde51 100644 --- a/locations/gruni73.yml +++ b/locations/gruni73.yml @@ -54,14 +54,17 @@ networks: ipv6_subprefix: 1 assignments: gruni73-core: 1 + # There are ping watchdogs setup at the switch that will trigger a power cycle for the devices if they become unreachable. + # The time for the watchdogs needs to be quite high so the devices can still be flashed without the need to deactivate the + # watchdogs prior to flashing. gruni73-switch: 2 # 5ghz uplink gruni73-sama: 5 gruni73-zwingli: 6 # local nearfield aps 5ghz - gruni73-nf-o-5ghz: 13 - gruni73-nf-s-5ghz: 14 - gruni73-nf-w-5ghz: 15 + gruni73-nf-o-5ghz: 13 # switch has a watchdog (10m) active for this device due to instability + gruni73-nf-s-5ghz: 14 # switch has a watchdog (10m) active for this device due to instability + gruni73-nf-w-5ghz: 15 # switch has a watchdog (10m) active for this device due to instability - vid: 40 role: dhcp @@ -95,7 +98,6 @@ networks: name: mesh_11s_o5 prefix: 10.31.156.40/32 ipv6_subprefix: -6 - mesh_metric: 1024 mesh_ap: gruni73-nf-o-5ghz mesh_radio: 11a_standard mesh_iface: mesh @@ -106,7 +108,6 @@ networks: name: mesh_11s_s5 prefix: 10.31.156.41/32 ipv6_subprefix: -7 - mesh_metric: 1024 mesh_ap: gruni73-nf-s-5ghz mesh_radio: 11a_standard mesh_iface: mesh @@ -117,7 +118,6 @@ networks: name: mesh_11s_w5 prefix: 10.31.156.42/32 ipv6_subprefix: -8 - mesh_metric: 1024 mesh_ap: gruni73-nf-w-5ghz mesh_radio: 11a_standard mesh_iface: mesh diff --git a/locations/gub37.yml b/locations/gub37.yml index 95e321894..2947c44c9 100644 --- a/locations/gub37.yml +++ b/locations/gub37.yml @@ -4,9 +4,9 @@ location_nice: gub37 latitude: 52.51026648385623 longitude: 13.45044163873424 altitude: 54 -contact_nickname: 'robertfoss' +contact_nickname: "robertfoss" contacts: - - 'me@robertfoss.se' + - "@robertfoss-:matrix.org" hosts: - hostname: gub37-core @@ -19,124 +19,154 @@ hosts: role: ap model: "mikrotik_sxtsq-5-ac" wifi_roaming: true + mac_override: {eth0: 64:d1:54:ae:ba:b0} - hostname: gub37-hof-w role: ap model: "ubnt_nanostation-ac-loco" snmp_devices: - - hostname: gub37-sama-60g - address: 10.31.157.7 - snmp_profile: af60 - - hostname: gub37-zwingli - address: 10.31.157.3 + address: 10.31.157.10 snmp_profile: airos_8 + - hostname: gub37-emma + address: 10.31.157.11 + snmp_profile: af60 + + - hostname: gub37-sama + address: 10.31.157.12 + snmp_profile: airos_8 +# IPs # IPv4 10.31.157.0/25 # IPv6 2001:bf7:830:a700::/56 - ipv6_prefix: "2001:bf7:830:a700::/56" -# 10.31.157.96/27 +# IPv4 Subnets +# mgmt: 10.31.157.0/28 +# dhcp - freifunk: 10.31.157.16/28 +# dhcp - local public: 10.31.157.32/27 +# dhcp - local private: 10.31.157.64/27 +# mesh: 10.31.157.96/27 + networks: -# - vid: 10 -# role: mesh -# name: mesh_sama -# prefix: 10.31.157.97/32 -# ipv6_subprefix: -1 -# ptp: true + - vid: 10 + role: mesh + name: mesh_zwingli + prefix: 10.31.157.97/32 + ipv6_subprefix: -10 + ptp: true + mesh_metric_lqm: ["default 0.85"] - vid: 11 role: mesh - name: mesh_zwingli + name: mesh_emma prefix: 10.31.157.98/32 - ipv6_subprefix: -2 + ipv6_subprefix: -11 ptp: true - mesh_metric_lqm: ['default 0.95'] - - -# - vid: 12 -# role: mesh -# name: mesh_emma -# prefix: 10.31.157.99/32 -# ipv6_subprefix: -8 -# ptp: true + mesh_metric: 128 - - vid: 13 + - vid: 12 role: mesh - name: mesh_sama_60g - prefix: 10.31.157.100/32 - ipv6_subprefix: -9 + name: mesh_sama + prefix: 10.31.157.99/32 + ipv6_subprefix: -12 ptp: true + mesh_metric_lqm: ["default 0.90"] - vid: 20 role: mesh name: mesh_core_2ghz prefix: 10.31.157.110/32 - ipv6_subprefix: -3 + ipv6_subprefix: -20 mesh_ap: gub37-core mesh_radio: 11g_standard mesh_iface: mesh - mesh_metric_lqm: ['default 0.3'] + mesh_metric_lqm: ["default 0.3"] - vid: 21 role: mesh name: mesh_core_5ghz prefix: 10.31.157.111/32 - ipv6_subprefix: -4 + ipv6_subprefix: -21 mesh_ap: gub37-core mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric_lqm: ['default 0.3'] + mesh_metric_lqm: ["default 0.3"] - vid: 22 role: mesh name: mesh_hof_s prefix: 10.31.157.112/32 - ipv6_subprefix: -5 + ipv6_subprefix: -22 mesh_ap: gub37-hof-s mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric_lqm: ['default 0.3'] + mesh_metric_lqm: ["default 0.3"] - vid: 23 role: mesh name: mesh_hof_w prefix: 10.31.157.103/32 - ipv6_subprefix: -6 + ipv6_subprefix: -23 mesh_ap: gub37-hof-w mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric_lqm: ['default 0.3'] + mesh_metric_lqm: ["default 0.3"] - # 10.31.157.64/27 +# DHCP - freifunk - vid: 40 role: dhcp inbound_filtering: true enforce_client_isolation: true + prefix: 10.31.157.16/28 + ipv6_subprefix: -40 + assignments: + gub37-core: 1 + + # DHCP - local public + # - Publicly accessible through IPv6 but not IPv4 + - vid: 50 + role: dhcp + name: local_public + prefix: 10.31.157.32/27 + ipv6_subprefix: -50 + assignments: + gub37-core: 1 + + # DHCP - local private + # - Not publicly accessible through IPv4 or IPv6 + - vid: 51 + role: dhcp + name: local_private + inbound_filtering: true prefix: 10.31.157.64/27 - ipv6_subprefix: -10 + ipv6_subprefix: -51 assignments: gub37-core: 1 + gub37-switch: 2 + gub37-nas: 3 - # 10.31.157.0/26 - vid: 433 role: mgmt - prefix: 10.31.157.0/26 + prefix: 10.31.157.0/28 gateway: 1 dns: 1 - ipv6_subprefix: -11 + ipv6_subprefix: 0 assignments: + # Core infrastructure gub37-core: 1 - gub37-switch: 2 - gub37-zwingli: 3 -# gub37-emma: 4 + gub37-switch-roof: 2 + + # Local APs gub37-hof-s: 5 gub37-hof-w: 6 - gub37-sama-60g: 7 + # Uplinks + gub37-zwingli: 10 + gub37-emma: 11 + gub37-sama: 12 location__channel_assignments_11a_standard__to_merge: gub37-hof-s: 36-80-11 diff --git a/locations/habersaath.yml b/locations/habersaath.yml index 0dc9989cb..87763b539 100644 --- a/locations/habersaath.yml +++ b/locations/habersaath.yml @@ -15,6 +15,7 @@ hosts: - hostname: habersaath-w-nf-5ghz role: ap model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: dc:2c:6e:c4:06:a8} - hostname: habersaath-ap-a1 role: ap @@ -97,12 +98,11 @@ networks: - vid: 20 role: mesh name: w_nf_5ghz - prefix: 10.31.147.225/32 + prefix: 10.31.147.224/32 ipv6_subprefix: -1 mesh_ap: habersaath-w-nf-5ghz mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric: 1024 mesh_metric_lqm: - default 0.12 # Penalty so local uplink is preferred @@ -153,13 +153,13 @@ networks: - role: tunnel ifname: ts_wg0 mtu: 1280 - prefix: 10.31.147.224/32 + prefix: 10.31.147.225/32 wireguard_port: 51820 - role: tunnel ifname: ts_wg1 mtu: 1280 - prefix: 10.31.147.225/32 + prefix: 10.31.147.226/32 wireguard_port: 51821 location__channel_assignments_11a_standard__to_merge: diff --git a/locations/hacrafu-armarian09.yml b/locations/hacrafu-armarian09.yml new file mode 100644 index 000000000..34ec63c72 --- /dev/null +++ b/locations/hacrafu-armarian09.yml @@ -0,0 +1,93 @@ +--- + +location: hacrafu-armarian09 +location_nice: Dorfstr. 67, 15370 Petershagen +latitude: 52.52376219356236 +longitude: 13.77024203611256 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu e.V." +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-armarian09-core + role: corerouter + model: "dlink_dap-x1860-a1" + wireless_profile: freifunk_hacrafu + +ipv6_prefix: "2001:bf7:850:f00::/56" + +# dhcp 10.31.205.0/27 +# mesh5 10.31.203.235/32 +# mesh2 10.31.203.236/32 +# MGMT 10.31.203.237/32 +# TUNNEL 10.248.23.192/31 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.203.235/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-armarian09-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.203.236/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-armarian09-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + untagged: false + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.31.205.0/27 + ipv6_subprefix: 0 + assignments: + hacrafu-armarian09-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.203.237/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-armarian09-core: 1 + + # UPLINK + TUNNEL + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.23.192/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.23.193/32 + wireguard_port: 51821 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de diff --git a/locations/hacrafu-barbine.yml b/locations/hacrafu-barbine.yml new file mode 100644 index 000000000..ccf816993 --- /dev/null +++ b/locations/hacrafu-barbine.yml @@ -0,0 +1,74 @@ +--- + +location: hacrafu-barbine +location_nice: "Dorfanger, Petershagen" +latitude: 52.523779038455814 +longitude: 13.770131171210881 +contact_name: 'Hacken Craften Funken e.V.' +contact_nickname: 'HaCraFu' +contacts: + - 'freifunk@hacrafu.de' + +hosts: + - hostname: hacrafu-barbine-core + role: corerouter + model: "tplink_tl-wdr4900-v1" + wireless_profile: freifunk_hacrafu + +ipv6_prefix: "2001:bf7:850:1800::/56" +# dhcp 10.31.196.160/27 +# mesh5 10.31.24.39/32 +# mesh2 10.31.26.242/32 +# MGMT 10.31.26.243/32 + +# use if dhcp adr are used for mgmt +# Disable noping +# dhcp_no_ping: false + +networks: + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: false # connected clients are avaible from outside this router (still inside freifunk berlin) + enforce_client_isolation: false # connection between clients + prefix: 10.31.196.160/27 + ipv6_subprefix: 0 + assignments: + hacrafu-barbine-core: 1 + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.24.39/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-barbine-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.26.242/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-barbine-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # MGMT # create a management vlan in which we can reach every device on this site for maintenance + - vid: 42 + role: mgmt + prefix: 10.31.26.243/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + # 10.31.202.95 + hacrafu-barbine-core: 1 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz tom_hacrafu diff --git a/locations/hacrafu-capelvenere.yml b/locations/hacrafu-capelvenere.yml new file mode 100644 index 000000000..7e23f76bf --- /dev/null +++ b/locations/hacrafu-capelvenere.yml @@ -0,0 +1,93 @@ +--- + +location: hacrafu-capelvenere +location_nice: Dorfstraße 67, 15370 Petershagen +latitude: 52.52376838135979 +longitude: 13.770141894083322 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu" +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-capelvenere-core + role: corerouter + model: "cudy_wr3000-v1" + wireless_profile: freifunk_hacrafu + +ipv6_prefix: "2001:bf7:850:1a00::/56" + +# dhcp 10.31.239.96/28 +# mesh5 10.31.54.200/32 +# mesh2 10.31.54.201/32 +# MGMT 10.31.54.202/32 +# TUNNEL 10.248.22.36/31 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.54.200/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-capelvenere-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.54.201/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-capelvenere-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + untagged: false + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.31.239.96/28 + ipv6_subprefix: 0 + assignments: + hacrafu-capelvenere-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.54.202/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-capelvenere-core: 1 + + # UPLINK + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.22.36/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.22.37/32 + wireguard_port: 51821 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz tom_hacrafu diff --git a/locations/hacrafu-fiocchi.yml b/locations/hacrafu-fiocchi.yml new file mode 100644 index 000000000..e52de35a7 --- /dev/null +++ b/locations/hacrafu-fiocchi.yml @@ -0,0 +1,74 @@ +--- + +location: hacrafu-fiocchi +location_nice: Apothekerteich, Petershagen, Mittelstraße +latitude: 52.52320 +longitude: 13.77234 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu" +contacts: + - "freifunk@hacrafu.de" + +hosts: + - hostname: hacrafu-fiocchi-core + role: corerouter + model: "dlink_covr-x1860-a1" + wireless_profile: freifunk_hacrafu + mac_override: {eth0: a8:63:7d:dc:5b:5f} + +ipv6_prefix: "2001:bf7:850:b00::/56" +# dhcp 10.31.204.0/27 +# mesh5 10.31.203.224/32 +# mesh2 10.31.203.225/32 +# MGMT 10.31.202.95/32 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.203.224/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-fiocchi-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.203.225/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-fiocchi-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.31.204.0/27 + ipv6_subprefix: 0 + assignments: + hacrafu-fiocchi-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.202.95/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-fiocchi-core: 1 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de diff --git a/locations/hacrafu-fiori.yml b/locations/hacrafu-fiori.yml new file mode 100644 index 000000000..53c4d1067 --- /dev/null +++ b/locations/hacrafu-fiori.yml @@ -0,0 +1,73 @@ +--- + +location: hacrafu-fiori +location_nice: Petershagen/Eggersdorf +latitude: 52.52743 +longitude: 13.78555 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu" +contacts: + - "freifunk@hacrafu.de" + +hosts: + - hostname: hacrafu-fiori-core + role: corerouter + model: "dlink_dap-x1860-a1" + wireless_profile: freifunk_hacrafu + +ipv6_prefix: "2001:bf7:850:a00::/56" +# dhcp 10.31.203.192/27 +# mesh5 10.31.202.92/32 +# mesh2 10.31.202.93/32 +# MGMT 10.31.202.94/32 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.202.92/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-fiori-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.202.93/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-fiori-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.31.203.192/27 + ipv6_subprefix: 0 + assignments: + hacrafu-fiori-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.202.94/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-fiori-core: 1 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de diff --git a/locations/hacrafu-fisarmoniche.yml b/locations/hacrafu-fisarmoniche.yml new file mode 100644 index 000000000..cef2120f2 --- /dev/null +++ b/locations/hacrafu-fisarmoniche.yml @@ -0,0 +1,74 @@ +--- + +location: hacrafu-fisarmoniche +location_nice: Petershagen/Eggersdorf +latitude: 52.52773 +longitude: 13.78531 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu" +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-fisarmoniche-core + role: corerouter + model: "dlink_dap-x1860-a1" + wireless_profile: freifunk_hacrafu + +ipv6_prefix: "2001:bf7:850:c00::/56" +# dhcp 10.31.204.32/27 +# mesh5 10.31.203.226/32 +# mesh2 10.31.203.227/32 +# MGMT 10.31.203.228/32 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.203.226/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-fisarmoniche-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.203.227/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-fisarmoniche-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.31.204.32/27 + ipv6_subprefix: 0 + assignments: + hacrafu-fisarmoniche-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.203.228/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-fisarmoniche-core: 1 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de diff --git a/locations/hacrafu-gigli.yml b/locations/hacrafu-gigli.yml new file mode 100644 index 000000000..95ad03641 --- /dev/null +++ b/locations/hacrafu-gigli.yml @@ -0,0 +1,75 @@ +--- + +location: hacrafu-gigli +location_nice: Petershagen/Eggersdorf +latitude: 52.52320 +longitude: 13.77234 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu" +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-gigli-core + role: corerouter + model: "dlink_covr-x1860-a1" + wireless_profile: freifunk_hacrafu + mac_override: {eth0: a8:63:7d:dc:5b:66} + +ipv6_prefix: "2001:bf7:850:1600::/56" +# dhcp 10.248.3.224/27 +# mesh5 10.248.2.203/32 +# mesh2 10.248.2.204/32 +# MGMT 10.248.2.205/32 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.248.2.203/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-gigli-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.248.2.204/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-gigli-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.248.3.224/27 + ipv6_subprefix: 0 + assignments: + hacrafu-gigli-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.2.205/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-gigli-core: 1 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de diff --git a/locations/hacrafu-girandole.yml b/locations/hacrafu-girandole.yml new file mode 100644 index 000000000..0297af880 --- /dev/null +++ b/locations/hacrafu-girandole.yml @@ -0,0 +1,75 @@ +--- + +location: hacrafu-girandole +location_nice: Petershagen/Eggersdorf +latitude: 52.52320 +longitude: 13.77234 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu" +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-girandole-core + role: corerouter + model: "dlink_covr-x1860-a1" + wireless_profile: freifunk_hacrafu + mac_override: {eth0: a8:63:7d:dc:5b:6d} + +ipv6_prefix: "2001:bf7:850:1700::/56" +# dhcp 10.248.4.128/27 +# mesh5 10.248.2.206/32 +# mesh2 10.248.2.207/32 +# MGMT 10.248.2.216/32 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.248.2.206/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-girandole-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.248.2.207/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-girandole-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.248.4.128/27 + ipv6_subprefix: 0 + assignments: + hacrafu-girandole-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.2.216/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-girandole-core: 1 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de diff --git a/locations/hacrafu-gobbetti.yml b/locations/hacrafu-gobbetti.yml new file mode 100644 index 000000000..732165697 --- /dev/null +++ b/locations/hacrafu-gobbetti.yml @@ -0,0 +1,74 @@ +--- + +location: hacrafu-gobbetti +location_nice: Feldstr. 27, 15345 Eggersdorf +latitude: 52.53614 +longitude: 13.81647 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu" +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-gobbetti-core + role: corerouter + model: "glinet_gl-mt3000" + wireless_profile: freifunk_hacrafu + +ipv6_prefix: "2001:bf7:850:1c00::/56" +# dhcp 10.248.17.96/27 +# mesh5 10.31.184.3 +# mesh2 10.31.184.4 +# MGMT 10.31.184.5 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.184.3/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-gobbetti-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.184.4/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-gobbetti-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.248.17.96/27 + ipv6_subprefix: 0 + assignments: + hacrafu-gobbetti-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.184.5/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-gobbetti-core: 1 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de diff --git a/locations/hacrafu-pici.yml b/locations/hacrafu-pici.yml new file mode 100644 index 000000000..3f66ff947 --- /dev/null +++ b/locations/hacrafu-pici.yml @@ -0,0 +1,92 @@ +--- + +location: hacrafu-pici +location_nice: Petershagen/Eggersdorf +latitude: 52.527648 +longitude: 13.785758 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu e.V." +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-pici-core + role: corerouter + model: "cudy_ap3000outdoor-v1" + wireless_profile: freifunk_hacrafu + openwrt_version: 24.10-SNAPSHOT + +ipv6_prefix: "2001:bf7:850:1e00::/56" +# dhcp 10.248.21.64/27 +# mesh5 10.31.42.109/32 +# mesh2 10.31.42.110/32 +# MGMT 10.31.42.111/32 +# TUNNEL 10.248.23.252/31 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.42.109/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-pici-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.42.110/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-pici-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.248.21.64/27 + ipv6_subprefix: 0 + assignments: + hacrafu-pici-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.42.111/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-pici-core: 1 + + # Uplink + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.23.252/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.23.253/32 + wireguard_port: 51821 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de diff --git a/locations/hacrafu-risi.yml b/locations/hacrafu-risi.yml new file mode 100644 index 000000000..4d3631b3e --- /dev/null +++ b/locations/hacrafu-risi.yml @@ -0,0 +1,92 @@ +--- + +location: hacrafu-risi +location_nice: Petershagen/Eggersdorf +latitude: 52.527648 +longitude: 13.785758 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu e.V." +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-risi-core + role: corerouter + model: "cudy_ap3000outdoor-v1" + wireless_profile: freifunk_hacrafu + openwrt_version: 24.10-SNAPSHOT + +ipv6_prefix: "2001:bf7:850:1f00::/56" +# dhcp 10.248.21.96/27 +# mesh5 10.248.20.161/32 +# mesh2 10.248.20.162/32 +# MGMT 10.248.20.163/32 +# TUNNEL 10.248.23.254/31 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.248.20.161/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-risi-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.248.20.162/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-risi-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.248.21.96/27 + ipv6_subprefix: 0 + assignments: + hacrafu-risi-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.20.163/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-risi-core: 1 + + # Uplink + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.23.254/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.23.255/32 + wireguard_port: 51821 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de diff --git a/locations/hirschhof.yml b/locations/hirschhof.yml index 83a4d2390..fc8b7c267 100644 --- a/locations/hirschhof.yml +++ b/locations/hirschhof.yml @@ -1,35 +1,21 @@ --- location: hirschhof -location_nice: 'Oderberger Str. 19' +location_nice: 'Nachbarschaftshaus, Oderberger Str. 19, 10435 Berlin' latitude: 52.539836581339266 longitude: 13.408204867248921 contact_nickname: 'zander' contacts: - 'alexanderjabs@gmx.de' -dns_servers: - # quad9 - - 9.9.9.9 - - 149.112.112.112 - - 2620:fe::fe - - 2620:fe::9 - # cloudflare - - 1.1.1.1 - - 1.0.0.1 - - 2606:4700:4700::1111 - - 2606:4700:4700::1001 - hosts: - hostname: hirschhof-core role: corerouter model: "tplink_archer-c5-v1" wireless_profile: freifunk_default - wifi_roaming: true - hostname: hirschhof-k12 role: ap model: "tplink_cpe210-v1" - wireless_profile: freifunk_default - wifi_roaming: true + wireless_profile: mesh_only ipv6_prefix: '2001:bf7:760:2c00::/56' @@ -40,22 +26,14 @@ ipv6_prefix: '2001:bf7:760:2c00::/56' # --MGMT: 10.31.159.192/26 networks: - # DHCP - - vid: 40 - role: dhcp - inbound_filtering: true - enforce_client_isolation: true - prefix: 10.31.159.0/25 - ipv6_subprefix: 0 - assignments: - hirschhof-core: 1 - # MESH - 5 GHz 802.11s - vid: 20 role: mesh name: mesh_5ghz prefix: 10.31.159.128/32 ipv6_subprefix: -20 + # make mesh_metric for 2GHz omni worse than 2GHz directional + mesh_metric_lqm: ['default 0.8'] mesh_ap: hirschhof-core mesh_radio: 11a_standard mesh_iface: mesh @@ -66,9 +44,8 @@ networks: name: mesh_2ghz prefix: 10.31.159.129/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] + # make mesh_metric for 2GHz omni worse than 5GHz omni + mesh_metric_lqm: ['default 0.6'] mesh_ap: hirschhof-core mesh_radio: 11g_standard mesh_iface: mesh @@ -79,10 +56,23 @@ networks: name: mesh_k12 prefix: 10.31.159.130/32 ipv6_subprefix: -22 + # adjust mesh_metric to prefer this route + mesh_metric: 512 mesh_ap: hirschhof-k12 mesh_radio: 11g_standard mesh_iface: mesh + # DHCP + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.159.0/25 + ipv6_subprefix: 0 + assignments: + hirschhof-core: 1 + # MGMT - vid: 42 role: mgmt @@ -91,10 +81,8 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - # 10.31.159.193/32 - hirschhof-core: 1 - # 10.31.159.194/32 - hirschhof-k12: 2 + hirschhof-core: 1 # 10.31.159.193 + hirschhof-k12: 2 # 10.31.159.194 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: @@ -102,4 +90,16 @@ location__channel_assignments_11a_standard__to_merge: location__channel_assignments_11g_standard__to_merge: hirschhof-core: 13-20 - hirschhof-k12: 13-20 + hirschhof-k12: 1-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/hts4.yml b/locations/hts4.yml index 604d72d3e..2fa578111 100644 --- a/locations/hts4.yml +++ b/locations/hts4.yml @@ -101,20 +101,12 @@ location__channel_assignments_11a_standard__to_merge: # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: - hts4-core: 13-20 - hts4-ap: 1-20 + hts4-core: 1-20 + hts4-ap: 6-20 # Wireless profile location__wireless_profiles__to_merge: - name: hts4 - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: Ferienwohnung diff --git a/locations/huette.yml b/locations/huette.yml index 73569bdb7..be0240102 100644 --- a/locations/huette.yml +++ b/locations/huette.yml @@ -16,6 +16,8 @@ hosts: role: corerouter model: "zyxel_nwa55axe" wireless_profile: freifunk_default + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 ipv6_prefix: '2001:bf7:830:2600::/56' @@ -37,17 +39,16 @@ networks: mesh_iface: mesh # MESH - 2.4 GHz 802.11s - - vid: 21 - role: mesh - name: mesh_11s_2ghz - prefix: 10.31.114.2/32 - ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: huette-core - mesh_radio: 11g_standard - mesh_iface: mesh + # - vid: 21 + # role: mesh + # name: mesh_11s_2ghz + # prefix: 10.31.114.2/32 + # ipv6_subprefix: -21 + # # make mesh_metric for 2GHz worse than 5GHz + # mesh_metric_lqm: ['default 0.8'] + # mesh_ap: huette-core + # mesh_radio: 11g_standard + # mesh_iface: mesh - vid: 40 role: dhcp diff --git a/locations/hway.yml b/locations/hway.yml index b1e3f5b21..c6dfee298 100644 --- a/locations/hway.yml +++ b/locations/hway.yml @@ -13,20 +13,22 @@ contacts: # - 10.31.255.192/27 dhcp # - 10.31.255.224/28 prdhcp # - 10.31.255.240/29 mesh -# - 10.31.255.240/32 mesh_emma -# - 10.31.255.241/32 ts_wg1 +# - 10.31.255.240/32 mesh_lan +# - 10.31.255.241/32 ts_wg0 # - 10.31.255.248/29 mgmt ipv6_prefix: 2001:bf7:820:2c00::/56 hosts: - # Thinkcentre M720q, i5-8500T, ??GB RAM, ???GB NVMe - # Intel I219 V7 - eth0 - # ConnectX-4 LX CX4121B - eth1, eth2 + # Thinkcentre M720q, i5-8500T, 16GB RAM, 1TB NVMe + # eth0 - Intel I219 V7 + # eth1 eth2 - ConnectX-4 Lx CX4121B - hostname: hway-core role: corerouter + int_port: eth1 model: x86-64 - image_search_pattern: "*-ext4-combined.img*" + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 host__packages__to_merge: - kmod-mlx5-core host__rclocal__to_merge: @@ -34,16 +36,22 @@ hosts: # which regularly hangs the card. It gets reset automatically, # but still results in regular ~15s downtimes. Disable offloads. - ethtool -K eth0 tx off rx off + host__disabled_services__to_merge: + - tunspace - - hostname: hway-ap1 + - hostname: hway-indoor role: ap - model: zyxel_nwa50ax wireless_profile: hway + model: zyxel_nwa50ax + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 - - hostname: hway-ap2 + - hostname: hway-street role: ap - model: mikrotik_wap-ac wireless_profile: hway + model: cudy_ap3000outdoor-v1 + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 snmp_devices: @@ -55,7 +63,7 @@ networks: - vid: 10 role: mesh - name: mesh_emma + name: mesh_lan prefix: 10.31.255.240/32 ipv6_subprefix: -10 @@ -69,6 +77,7 @@ networks: hway-core: 1 - vid: 41 + untagged: true role: dhcp name: prdhcp inbound_filtering: true @@ -88,11 +97,11 @@ networks: hway-core: 1 # .255.249 hway-switch: 2 # .255.250 hway-kiehlufer: 3 # .255.251 - hway-ap1: 4 # .255.252 - hway-ap2: 5 # .255.253 + hway-indoor: 4 # .255.252 + hway-street: 5 # .255.253 - vid: 50 - ifname: eth1 + ifname: eth0 role: uplink untagged: true @@ -103,25 +112,15 @@ networks: wireguard_port: 51820 location__channel_assignments_11a_standard__to_merge: - hway-ap1: 36-40 - hway-ap2: 44-40 + hway-indoor: 36-40 + hway-street: 44-40 location__channel_assignments_11b_standard__to_merge: - hway-ap1: 13-20 - hway-ap2: 9-20 + hway-indoor: 13-20 + hway-street: 5-20 location__wireless_profiles__to_merge: - name: hway - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - - radio: 11a_mesh - legacy_rates: false - country: DE ifaces: - mode: ap ssid: berlin.freifunk.net @@ -139,13 +138,6 @@ location__wireless_profiles__to_merge: ifname_hint: ffowe owe_transition_ifname_hint: ff ieee80211w: 1 - - mode: ap - ssid: huette-test - encryption: psk2 - key: 'file:/root/wifi_pass' - network: prdhcp - radio: [11a_standard, 11g_standard] - ifname_hint: prdhcp - mode: mesh mesh_id: Mesh-Freifunk-Berlin radio: [11a_standard, 11g_standard, 11a_mesh] diff --git a/locations/ilr.yml b/locations/ilr.yml new file mode 100644 index 000000000..0aa83f9f2 --- /dev/null +++ b/locations/ilr.yml @@ -0,0 +1,129 @@ +--- +location: ilr +location_nice: ILR @ TU Berlin, Marchstraße 12, Charlottenburg +latitude: 52.515186022 +longitude: 13.323658705 +contact_nickname: 'Martin' +contacts: + - 'https://config.berlin.freifunk.net/contact/7187/Imlsci1jb3JlIg.ZMBJNQ.CSDDgrcP1SQFmuFjEH6FyuCA40I' + +hosts: + - hostname: ilr-core + role: corerouter + model: "ubnt_usw-flex" + # We use Ubiquiti 802.11af-to-passive converters on all ports. + # They neogotiate more power than they actually draw, + # so we need to increase poemgr's power budget. + # Without this increase, devices will be not powered up randomly. + poemgr_power_budget: 24 + # custom switch config script. Should be applied with a mechanism, that + # includes files into root files system later on. + host__rclocal__to_merge: + - '#' + - '# This script adjusts the configuration of vlans. This is especially' + - '# useful with uswflex and custom port configs' + - '#' + - ' ' + - '. /lib/functions.sh' + - ' ' + - 'handle_vlans() {' + - ' # untag the vlans on different ports based on their id' + - ' local uci_section="$1"' + - ' ' + - ' config_get vlan "$uci_section" vlan' + - ' config_get ports "$uci_section" ports' + - ' ' + - ' ' + - ' case "$vlan" in' + - ' 10)' + - ' # untag payload traffic for AF60 to Teufelsberg' + - " port_config='lan1:t lan2 lan3:t lan4:t lan5:t' ;;" + - ' 40)' + - ' # untag DHCP on ports 1 and 5 for convenient maintenance' + - " port_config='lan1 lan2:t lan3:t lan4:t lan5' ;;" + - ' *)' + - ' # do nothing for the other vlans' + - ' return' + - ' esac' + - ' ' + - ' # abort if config is applied already' + - ' if [ "$ports" = "$port_config" ]; then' + - ' printf "Vlan %d applied already.\n" "$vlan"' + - ' return' + - ' fi' + - ' ' + - ' printf "Port number: %d\n" "$vlan"' + - ' printf "Port config: %s\n" "$port_config"' + - ' ' + - ' printf "Configuring %s... " "$uci_section"' + - ' uci_set network "$uci_section" ports "$port_config"' + - ' printf "Done.\n"' + - '}' + - ' ' + - 'config_load network' + - ' ' + - 'config_foreach handle_vlans "bridge-vlan"' + - ' ' + - 'uci commit network' + - 'sync' + - 'reload_config' + + +snmp_devices: + - hostname: ilr-teufb + address: 10.31.214.26 + snmp_profile: af60 + + - hostname: ilr-perleb + address: 10.31.214.27 + snmp_profile: airos_8 + +# ROUTER: 10.31.214.0/27 +# --DHCP: 10.31.214.0/28 +# --MESH: 10.31.214.16/29 +# --MGMT: 10.31.214.24/29 + +ipv6_prefix: "2001:bf7:800:1200::/56" + +networks: + - vid: 10 + untagged: true + role: mesh + name: mesh_teufb + ptp: true + prefix: 10.31.214.16/32 + ipv6_subprefix: -10 + # WARNING: Custom port config {1t,2u,3u,4u,5t} + mesh_metric: 128 + + - vid: 11 + role: mesh + name: mesh_perleb + ptp: true + prefix: 10.31.214.17/32 + ipv6_subprefix: -11 + + - vid: 40 + role: dhcp + prefix: 10.31.214.0/28 + ipv6_subprefix: 0 + assignments: + ilr-core: 1 + ilr-hyp: 5 + # WARNING: Custom port config {1u,2t,3t,4t,5u} + + - vid: 435 + role: mgmt + prefix: 10.31.214.24/29 + gateway: 1 + dns: 1 + ntp: 1 + ipv6_subprefix: 1 + assignments: + ilr-core: 1 + ilr-teufb: 2 + ilr-perleb: 3 + +location__ssh_keys__to_merge: + - comment: kian FFAG + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE463xXlTla0ewJIte7HtYgNfIuAFIoLv0rAy9N+QFbn gosling@campus.tu-berlin.de diff --git a/locations/jup.yml b/locations/jup.yml index 39a2cf258..1f35a080d 100644 --- a/locations/jup.yml +++ b/locations/jup.yml @@ -28,7 +28,7 @@ hosts: - hostname: jup-bullet-ap4 role: ap - model: "ubnt_bullet-m-ar7241" + model: "ubnt_bullet-m2-ar7241" - hostname: jup-m5-ap5 role: ap @@ -65,8 +65,6 @@ networks: name: mesh_bht prefix: 10.31.147.128/32 ipv6_subprefix: -1 - mesh_metric: 2048 - mesh_metric_lqm: ['default 0.25'] ptp: true - vid: 11 diff --git a/locations/k11.yml b/locations/k11.yml index ce542cff9..c8188299b 100644 --- a/locations/k11.yml +++ b/locations/k11.yml @@ -1,35 +1,19 @@ --- location: k11 -location_nice: 'Kastanienallee 11' +location_nice: 'Kastanienallee 11, 10435 Berlin' latitude: 52.53927888761163 longitude: 13.410245770672406 contact_nickname: 'zander' contacts: - 'alexanderjabs@gmx.de' -dns_servers: - # quad9 - - 9.9.9.9 - - 149.112.112.112 - - 2620:fe::fe - - 2620:fe::9 - # cloudflare - - 1.1.1.1 - - 1.0.0.1 - - 2606:4700:4700::1111 - - 2606:4700:4700::1001 - hosts: - hostname: k11-core role: corerouter - model: "tplink_archer-c7-v2" - wireless_profile: freifunk_default - wifi_roaming: true - - hostname: k11-ap1 - role: ap model: "mikrotik_routerboard-wap-g-5hact2hnd" wireless_profile: freifunk_default - wifi_roaming: true + # remove some packages for smaller image size (only 64 MB of memory) + low_mem: true ipv6_prefix: '2001:bf7:760:100::/56' @@ -42,17 +26,6 @@ ipv6_prefix: '2001:bf7:760:100::/56' # --UPLK: 10.31.185.224/27 networks: - # DHCP - - vid: 40 - role: dhcp - untagged: true - inbound_filtering: true - enforce_client_isolation: true - prefix: 10.31.185.0/25 - ipv6_subprefix: 0 - assignments: - k11-core: 1 - # MESH - 5 GHz 802.11s - vid: 20 role: mesh @@ -69,35 +42,22 @@ networks: name: mesh_2ghz prefix: 10.31.185.129/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: k11-core mesh_radio: 11g_standard mesh_iface: mesh - # MESH - 5 GHz 802.11s - ap1 - - vid: 22 - role: mesh - name: mesh_ap1_5 - prefix: 10.31.185.130/32 - ipv6_subprefix: -22 - mesh_ap: k11-ap1 - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - ap1 - - vid: 23 - role: mesh - name: mesh_ap1_2 - prefix: 10.31.185.131/32 - ipv6_subprefix: -23 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: k11-ap1 - mesh_radio: 11g_standard - mesh_iface: mesh + # DHCP + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.185.0/25 + ipv6_subprefix: 0 + assignments: + k11-core: 1 # MGMT - vid: 42 @@ -107,17 +67,24 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - # 10.31.185.193/32 - k11-core: 1 - # 10.31.185.194/32 - k11-ap1: 2 + k11-core: 1 # 10.31.185.193 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: k11-core: 36-40 - k11-ap1: 36-40 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: - k11-core: 1-20 - k11-ap1: 13-20 + k11-core: 13-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/k12-haus3.yml b/locations/k12-h1-h3n.yml similarity index 54% rename from locations/k12-haus3.yml rename to locations/k12-h1-h3n.yml index a6b8191e9..31beceacc 100644 --- a/locations/k12-haus3.yml +++ b/locations/k12-h1-h3n.yml @@ -1,94 +1,88 @@ --- -location: k12-haus3 -location_nice: 'Kastanienallee 12, Haus 3' -latitude: 52.53951094884286 -longitude: 13.409447813490967 +location: k12-h1-h3n +location_nice: 'Haus1, Kastanienallee 12, 10435 Berlin' +latitude: 52.539219578693945 +longitude: 13.409907836874728 contact_nickname: 'zander' contacts: - 'alexanderjabs@gmx.de' -dns_servers: - # quad9 - - 9.9.9.9 - - 149.112.112.112 - - 2620:fe::fe - - 2620:fe::9 - # cloudflare - - 1.1.1.1 - - 1.0.0.1 - - 2606:4700:4700::1111 - - 2606:4700:4700::1001 - hosts: - - hostname: k12-haus3-core + - hostname: k12-h1-h3n role: corerouter model: "dlink_dap-x1860-a1" wireless_profile: freifunk_default - host__rclocal__to_merge: - # Add service announcement for K12 Sunset Webcam - - "[ -z \"$(uci show olsrd | grep -F 'k12-sunset.olsr')\" ] && uci add_list olsrd.@LoadPlugin[1].service=\"http://k12-sunset.olsr:80|tcp|K12 Sunset Webcam\" && /etc/init.d/olsrd restart" -ipv6_prefix: '2001:bf7:760:700::/56' +ipv6_prefix: '2001:bf7:760:2e00::/56' # got following prefixes: -# Router: 10.31.226.192/26 -# --MGMT: 10.31.226.192/28 -# --MESH: 10.31.226.208/28 -# --DHCP: 10.31.226.224/27 +# Router: 10.248.19.192/26 +# --MGMT: 10.248.19.224/28 +# --MESH: 10.248.19.240/28 +# --DHCP: 10.248.19.192/27 # Disable noping dhcp_no_ping: false networks: - # DHCP with filtering and isolation - - vid: 40 - role: dhcp - inbound_filtering: true - enforce_client_isolation: true - prefix: 10.31.226.224/27 - ipv6_subprefix: 0 - assignments: - k12-haus3-core: 1 - # MESH - 5 GHz 802.11s - vid: 20 role: mesh - name: mesh_5g - prefix: 10.31.226.209/32 + name: mesh_core_5g + prefix: 10.248.19.240/32 ipv6_subprefix: -20 - mesh_ap: k12-haus3-core + mesh_ap: k12-h1-h3n mesh_radio: 11a_standard mesh_iface: mesh # MESH - 2.4 GHz 802.11s - vid: 21 role: mesh - name: mesh_2g - prefix: 10.31.226.210/32 + name: mesh_core_2g + prefix: 10.248.19.241/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-haus3-core + mesh_ap: k12-h1-h3n mesh_radio: 11g_standard mesh_iface: mesh + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.248.19.192/27 + ipv6_subprefix: 0 + assignments: + k12-h1-h3n: 1 + # MGMT - vid: 42 role: mgmt - untagged: true - prefix: 10.31.226.192/28 + prefix: 10.248.19.224/28 gateway: 1 dns: 1 ipv6_subprefix: 1 assignments: - k12-haus3-core: 1 - k12-sunset: 2 + k12-h1-h3n: 1 # 10.248.19.225 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: - k12-haus3-core: 36-40 + k12-h1-h3n: 36-40 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: - k12-haus3-core: 13-20 + k12-h1-h3n: 13-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/k12-haus1.yml b/locations/k12-h1.yml similarity index 71% rename from locations/k12-haus1.yml rename to locations/k12-h1.yml index b76a9ea1c..1b54515e1 100644 --- a/locations/k12-haus1.yml +++ b/locations/k12-h1.yml @@ -1,28 +1,17 @@ --- -location: k12-haus1 +location: k12-h1 location_nice: 'Kastanienallee 12, Haus 1' -latitude: 52.539219578693945 -longitude: 13.409907836874728 +latitude: 52.539199815 +longitude: 13.410111666 contact_nickname: 'zander' contacts: - 'alexanderjabs@gmx.de' -dns_servers: - # quad9 - - 9.9.9.9 - - 149.112.112.112 - - 2620:fe::fe - - 2620:fe::9 - # cloudflare - - 1.1.1.1 - - 1.0.0.1 - - 2606:4700:4700::1111 - - 2606:4700:4700::1001 - hosts: - - hostname: k12-haus1-core + - hostname: k12-h1-core role: corerouter - model: "dlink_dap-x1860-a1" + model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:db:4d:4c} wireless_profile: freifunk_default ipv6_prefix: '2001:bf7:760:300::/56' @@ -37,40 +26,47 @@ ipv6_prefix: '2001:bf7:760:300::/56' dhcp_no_ping: false networks: - # DHCP with filtering and isolation - - vid: 40 - role: dhcp - untagged: true - inbound_filtering: true - enforce_client_isolation: true - prefix: 10.31.226.160/27 - ipv6_subprefix: 0 - assignments: - k12-haus1-core: 1 - # MESH - 5 GHz 802.11s - vid: 20 role: mesh - name: mesh_5g + name: mesh_core_5g prefix: 10.31.226.145/32 ipv6_subprefix: -20 - mesh_ap: k12-haus1-core + mesh_ap: k12-h1-core mesh_radio: 11a_standard mesh_iface: mesh # MESH - 2.4 GHz 802.11s - vid: 21 role: mesh - name: mesh_2g + name: mesh_core_2g prefix: 10.31.226.146/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-haus1-core + mesh_ap: k12-h1-core mesh_radio: 11g_standard mesh_iface: mesh + # MESH - LAN + - vid: 30 + role: mesh + name: mesh_lan + prefix: 10.31.226.147/32 + ipv6_subprefix: -30 + # adjust mesh_metric to prefer this + mesh_metric: 128 + + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.226.160/27 + ipv6_subprefix: 0 + assignments: + k12-h1-core: 1 + # MGMT - vid: 42 role: mgmt @@ -79,12 +75,24 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - k12-haus1-core: 1 + k12-h1-core: 1 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: - k12-haus1-core: 36-40 + k12-h1-core: 36-40 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: - k12-haus1-core: 13-20 + k12-h1-core: 13-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/k12-h2.yml b/locations/k12-h2.yml new file mode 100644 index 000000000..09c3d5600 --- /dev/null +++ b/locations/k12-h2.yml @@ -0,0 +1,202 @@ +--- +location: k12-h2 +location_nice: 'Haus2, Kastanienallee 12, 10435 Berlin' +latitude: 52.53936534993554 +longitude: 13.409738833169316 +altitude: 63 +contact_nickname: 'zander' +contacts: + - 'alexanderjabs@gmx.de' + +hosts: + - hostname: k12-h2-core + role: corerouter + model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:db:4d:45} + wireless_profile: freifunk_default + wifi_roaming: true + + - hostname: k12-h2-cpe + role: ap + model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: 08:55:31:ea:e3:32} + wireless_profile: mesh_only + + - hostname: k12-h2-h1n + role: ap + model: "tplink_tl-wdr4300-v1" + wifi_roaming: true + + - hostname: k12-h2-h1s + role: ap + model: "dlink_covr-x1860-a1" + mac_override: {eth0: 0c:0e:76:cf:21:de} + wifi_roaming: true + +snmp_devices: + - hostname: k12-h2-segen + address: 10.31.158.195 + snmp_profile: airos_8 + +ipv6_prefix: '2001:bf7:760:2a00::/56' + +# got following prefixes: +# Router: 10.31.158.0/24 +# --DHCP: 10.31.158.0/25 +# --MESH: 10.31.158.128/26 +# --MGMT: 10.31.158.192/27 +# --UPLK: 10.31.158.224/27 + +networks: + # MESH - segen + - vid: 10 + role: mesh + name: mesh_segen + prefix: 10.31.158.128/32 + ipv6_subprefix: -10 + + # MESH - core - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_core_5g + prefix: 10.31.158.129/32 + ipv6_subprefix: -20 + mesh_ap: k12-h2-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - core - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_core_2g + prefix: 10.31.158.130/32 + ipv6_subprefix: -21 + # make mesh_metric for 2GHz worse than 5GHz + mesh_metric_lqm: ['default 0.8'] + mesh_ap: k12-h2-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # MESH - 1s - 5 GHz 802.11s + - vid: 22 + role: mesh + name: mesh_h1s_5g + prefix: 10.31.158.131/32 + ipv6_subprefix: -22 + mesh_ap: k12-h2-h1s + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 1s -2.4 GHz 802.11s + - vid: 23 + role: mesh + name: mesh_h1s_2g + prefix: 10.31.158.132/32 + ipv6_subprefix: -23 + # make mesh_metric for 2GHz worse than 5GHz + mesh_metric_lqm: ['default 0.8'] + mesh_ap: k12-h2-h1s + mesh_radio: 11g_standard + mesh_iface: mesh + + # MESH - 5 GHz 802.11s - cpe + - vid: 24 + role: mesh + name: mesh_cpe + prefix: 10.31.158.133/32 + ipv6_subprefix: -24 + # adjust mesh_metric to prefer this route + mesh_metric: 256 + mesh_ap: k12-h2-cpe + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - LAN + - vid: 30 + role: mesh + name: mesh_lan + prefix: 10.31.158.134/32 + ipv6_subprefix: -30 + # adjust mesh_metric to prefer this route + mesh_metric: 128 + + # DHCP + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.158.0/25 + ipv6_subprefix: 0 + assignments: + k12-h2-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.158.192/26 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + k12-h2-core: 1 # 10.31.158.193/32 + k12-h2-switch: 2 # 10.31.158.194/32 + k12-h2-segen: 3 # 10.31.158.195/32 + # NF Antennas # 10.31.158.196/32 + k12-h2-cpe: 5 # 10.31.158.197/32 + k12-h2-h1n: 6 # 10.31.158.198/32 + k12-h2-h1s: 7 # 10.31.158.199/32 + + # UPLK + - vid: 50 + role: uplink + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.31.158.224/32 + wireguard_port: 51820 + # Make sure tunnel is only last resort backup + mesh_metric_lqm: ['default 0.6'] + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.31.158.225/32 + wireguard_port: 51821 + # Make sure tunnel is only last resort backup + mesh_metric_lqm: ['default 0.6'] + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + k12-h2-core: 36-40 + k12-h2-h1n: 36-40 + k12-h2-h1s: 36-40 + k12-h2-cpe: 44-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + k12-h2-core: 13-20 + k12-h2-h1n: 13-20 + k12-h2-h1s: 13-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 + +# Switch Ports +# 1: uplink +# 2: AP +# 3: +# 4: CORE +# 5: AP +# 6: AP +# 7: k12-h1-core, VLAN 30 +# 8: segen diff --git a/locations/k12-h3-v0s.yml b/locations/k12-h3-v0s.yml new file mode 100644 index 000000000..364544fc4 --- /dev/null +++ b/locations/k12-h3-v0s.yml @@ -0,0 +1,91 @@ +--- +location: k12-h3-v0s +location_nice: 'Haus3, Kastanienallee 12, 10435 Berlin' +latitude: 52.53935393039 +longitude: 13.40930967973 +contact_nickname: 'zander' +contacts: + - 'alexanderjabs@gmx.de' + +hosts: + - hostname: k12-h3-v0s + role: corerouter + model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:b9:46:45} + wireless_profile: freifunk_default + +ipv6_prefix: '2001:bf7:760:1300::/56' + +# got following prefixes: +# Router: 10.31.227.128/26 +# --MGMT: 10.31.227.128/28 +# --MESH: 10.31.227.144/28 +# --DHCP: 10.31.227.160/27 + +# Disable noping +dhcp_no_ping: false + +networks: + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_core_5g + prefix: 10.31.227.144/32 + ipv6_subprefix: -20 + mesh_ap: k12-h3-v0s + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_core_2g + prefix: 10.31.227.145/32 + ipv6_subprefix: -21 + # make mesh_metric for 2GHz worse than 5GHz + mesh_metric_lqm: ['default 0.8'] + mesh_ap: k12-h3-v0s + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + untagged: true + # All devices should be accessible from within the Freifunk network + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.31.227.160/27 + ipv6_subprefix: 0 + assignments: + k12-h3-v0s: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.227.128/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + k12-h3-v0s: 1 # 10.31.227.129 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + k12-h3-v0s: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + k12-h3-v0s: 13-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/k12-h3-v2s.yml b/locations/k12-h3-v2s.yml new file mode 100644 index 000000000..5948793ce --- /dev/null +++ b/locations/k12-h3-v2s.yml @@ -0,0 +1,89 @@ +--- +location: k12-h3-v2s +location_nice: 'Haus3, Kastanienallee 12, 10435 Berlin' +latitude: 52.539382528 +longitude: 13.409425020 +contact_nickname: 'zander' +contacts: + - 'alexanderjabs@gmx.de' + +hosts: + - hostname: k12-h3-v2s + role: corerouter + model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:db:4d:3e} + wireless_profile: freifunk_default + +ipv6_prefix: '2001:bf7:760:2d00::/56' + +# got following prefixes: +# Router: 10.248.19.128/26 +# --MGMT: 10.248.19.128/28 +# --MESH: 10.248.19.144/28 +# --DHCP: 10.248.19.160/27 + +# Disable noping +dhcp_no_ping: false + +networks: + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_core_5g + prefix: 10.248.19.144/32 + ipv6_subprefix: -20 + mesh_ap: k12-h3-v2s + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_core_2g + prefix: 10.248.19.145/32 + ipv6_subprefix: -21 + # make mesh_metric for 2GHz worse than 5GHz + mesh_metric_lqm: ['default 0.8'] + mesh_ap: k12-h3-v2s + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.248.19.160/27 + ipv6_subprefix: 0 + assignments: + k12-h3-v2s: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.19.128/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + k12-h3-v2s: 1 # 10.248.19.129 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + k12-h3-v2s: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + k12-h3-v2s: 13-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/k12-h3.yml b/locations/k12-h3.yml new file mode 100644 index 000000000..0cbac503b --- /dev/null +++ b/locations/k12-h3.yml @@ -0,0 +1,146 @@ +--- +location: k12-h3 +location_nice: 'Haus 3, Kastanienallee 12, 10435 Berlin' +latitude: 52.53951094884286 +longitude: 13.409447813490967 +contact_nickname: 'zander' +contacts: + - 'alexanderjabs@gmx.de' + +hosts: + - hostname: k12-h3-core + role: corerouter + model: "dlink_dap-x1860-a1" + wireless_profile: freifunk_default + - hostname: k12-h3-h3n + role: ap + model: "dlink_dap-x1860-a1" + # - hostname: k12-h3-v2s + # role: ap + # model: "dlink_dap-x1860-a1" + # wireless_profile: freifunk_owe + +ipv6_prefix: '2001:bf7:760:700::/56' + +# got following prefixes: +# Router: 10.31.226.192/26 +# --MGMT: 10.31.226.192/28 +# --MESH: 10.31.226.208/28 +# --DHCP: 10.31.226.224/27 + +# Disable noping +dhcp_no_ping: false + +networks: + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_core_5g + prefix: 10.31.226.209/32 + ipv6_subprefix: -20 + mesh_ap: k12-h3-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_core_2g + prefix: 10.31.226.210/32 + ipv6_subprefix: -21 + # make mesh_metric for 2GHz worse than 5GHz + mesh_metric_lqm: ['default 0.8'] + mesh_ap: k12-h3-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # MESH - 5 GHz 802.11s + - vid: 22 + role: mesh + name: mesh_h3n_5g + prefix: 10.31.226.211/32 + ipv6_subprefix: -22 + mesh_ap: k12-h3-h3n + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 23 + role: mesh + name: mesh_h3n_2g + prefix: 10.31.226.212/32 + ipv6_subprefix: -23 + # make mesh_metric for 2GHz worse than 5GHz + mesh_metric_lqm: ['default 0.8'] + mesh_ap: k12-h3-h3n + mesh_radio: 11g_standard + mesh_iface: mesh + + # MESH - 5 GHz 802.11s + # - vid: 24 + # role: mesh + # name: mesh_v2s_5g + # prefix: 10.31.226.213/32 + # ipv6_subprefix: -24 + # mesh_ap: k12-h3-v2s + # mesh_radio: 11a_standard + # mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + # - vid: 25 + # role: mesh + # name: mesh_v2s_2g + # prefix: 10.31.226.214/32 + # ipv6_subprefix: -25 + # # make mesh_metric for 2GHz worse than 5GHz + # mesh_metric_lqm: ['default 0.8'] + # mesh_ap: k12-h3-v2s + # mesh_radio: 11g_standard + # mesh_iface: mesh + + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.226.224/27 + ipv6_subprefix: 0 + assignments: + k12-h3-core: 1 + + # MGMT + - vid: 42 + role: mgmt + untagged: true + prefix: 10.31.226.192/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + k12-h3-core: 1 # 10.31.226.193 + k12-h3-h3n: 2 # 10.31.226.194 + # k12-h3-v2s: 2 # 10.31.226.195 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + k12-h3-core: 44-40 + k12-h3-h3n: 36-40 + # k12-h3-v2s: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + k12-h3-core: 13-20 + k12-h3-h3n: 13-20 + # k12-h3-v2s: 13-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/k12-haus4.yml b/locations/k12-h4.yml similarity index 67% rename from locations/k12-haus4.yml rename to locations/k12-h4.yml index 4effe10fa..ef42c1535 100644 --- a/locations/k12-haus4.yml +++ b/locations/k12-h4.yml @@ -1,40 +1,28 @@ --- -location: k12-haus4 -location_nice: 'Kastanienallee 12, Haus 4' +location: k12-h4 +location_nice: 'Haus 4, Kastanienallee 12, 10435 Berlin' latitude: 52.53949585878101 longitude: 13.40898110911928 contact_nickname: 'zander' contacts: - 'alexanderjabs@gmx.de' -dns_servers: - # quad9 - - 9.9.9.9 - - 149.112.112.112 - - 2620:fe::fe - - 2620:fe::9 - # cloudflare - - 1.1.1.1 - - 1.0.0.1 - - 2606:4700:4700::1111 - - 2606:4700:4700::1001 - hosts: - - hostname: k12-haus4-core + - hostname: k12-h4-core role: corerouter - model: "tplink_archer-c5-v1" + model: "dlink_covr-x1860-a1" + mac_override: {eth0: 0c:0e:76:cf:21:e5} wireless_profile: freifunk_default wifi_roaming: true - - hostname: k12-haus4-garten + - hostname: k12-h4-h0s role: ap - model: "tplink_archer-c5-v1" - wireless_profile: freifunk_default + model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:db:4d:53} wifi_roaming: true - - hostname: k12-haus4-hirschhof + - hostname: k12-h4-hirschhof role: ap model: "tplink_cpe210-v1" - wireless_profile: freifunk_default - wifi_roaming: true + wireless_profile: mesh_only ipv6_prefix: '2001:bf7:760:2b00::/56' @@ -45,36 +33,27 @@ ipv6_prefix: '2001:bf7:760:2b00::/56' # --MGMT: 10.31.157.176/28 networks: - # DHCP - - vid: 40 - role: dhcp - inbound_filtering: true - enforce_client_isolation: true - prefix: 10.31.157.128/27 - ipv6_subprefix: 0 - assignments: - k12-haus4-core: 1 - # MESH - 5 GHz 802.11s - vid: 20 role: mesh - name: mesh_5ghz + name: mesh_core_5g prefix: 10.31.157.160/32 ipv6_subprefix: -20 - mesh_ap: k12-haus4-core + mesh_ap: k12-h4-core mesh_radio: 11a_standard mesh_iface: mesh # MESH - 2.4 GHz 802.11s - vid: 21 role: mesh - name: mesh_2ghz + name: mesh_core_2g prefix: 10.31.157.161/32 ipv6_subprefix: -21 # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # prevent babel from using 2GHz link to segen + mesh_metric: 8192 mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-haus4-core + mesh_ap: k12-h4-core mesh_radio: 11g_standard mesh_iface: mesh @@ -84,33 +63,44 @@ networks: name: mesh_hirsch prefix: 10.31.157.162/32 ipv6_subprefix: -22 - mesh_ap: k12-haus4-hirschhof + # prefer this link towards Hirschhof + mesh_metric: 512 + mesh_ap: k12-h4-hirschhof mesh_radio: 11g_standard mesh_iface: mesh # MESH - 5 GHz 802.11s - Garten - vid: 23 role: mesh - name: mesh_11s_g5 + name: mesh_h0s_5g prefix: 10.31.157.163/32 ipv6_subprefix: -23 - mesh_ap: k12-haus4-garten + mesh_ap: k12-h4-h0s mesh_radio: 11a_standard mesh_iface: mesh # MESH - 2.4 GHz 802.11s - Garten - vid: 24 role: mesh - name: mesh_11s_g2 + name: mesh_h0s_2g prefix: 10.31.157.164/32 ipv6_subprefix: -24 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-haus4-garten + mesh_ap: k12-h4-h0s mesh_radio: 11g_standard mesh_iface: mesh + # DHCP + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.157.128/27 + ipv6_subprefix: 0 + assignments: + k12-h4-core: 1 + # MGMT - vid: 42 role: mgmt @@ -119,18 +109,28 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - # 10.31.157.177/32 - k12-haus4-core: 1 - # 10.31.157.178/32 - k12-haus4-hirschhof: 2 - # 10.31.157.179/32 - k12-haus4-garten: 3 + k12-h4-core: 1 # 10.31.157.177 + k12-h4-hirschhof: 2 # 10.31.157.178 + k12-h4-h0s: 3 # 10.31.157.179 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: - k12-haus4-core: 44-40 - k12-haus4-garten: 36-40 + k12-h4-core: 44-40 + k12-h4-h0s: 36-40 location__channel_assignments_11g_standard__to_merge: - k12-haus4-core: 13-20 - k12-haus4-hirschhof: 13-20 + k12-h4-core: 13-20 + k12-h4-h0s: 13-20 + k12-h4-hirschhof: 1-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/k12.yml b/locations/k12.yml deleted file mode 100644 index 6638b5e4e..000000000 --- a/locations/k12.yml +++ /dev/null @@ -1,248 +0,0 @@ ---- -location: k12 -location_nice: 'Kastanienallee 12, Haus 2' -latitude: 52.53936534993554 -longitude: 13.409738833169316 -altitude: 63 -contact_nickname: 'zander' -contacts: - - 'alexanderjabs@gmx.de' - -dns_servers: - # quad9 - - 9.9.9.9 - - 149.112.112.112 - - 2620:fe::fe - - 2620:fe::9 - # cloudflare - - 1.1.1.1 - - 1.0.0.1 - - 2606:4700:4700::1111 - - 2606:4700:4700::1001 - -hosts: - - hostname: k12-core - role: corerouter - model: "tplink_archer-c5-v1" - wireless_profile: freifunk_default - wifi_roaming: true - - hostname: k12-cpe - role: ap - model: "mikrotik_sxtsq-5-ac" - # eth0 mac needs to be properly set - # cat /sys/firmware/mikrotik/hard_config/mac_base - mac_override: - eth0: 08:55:31:EA:E3:32 - wireless_profile: freifunk_default - wifi_roaming: true - - hostname: k12-ap1 - role: ap - model: "tplink_archer-c5-v1" - wireless_profile: freifunk_default - wifi_roaming: true - - hostname: k12-ap2 - role: ap - model: "tplink_archer-c7-v5" - wireless_profile: freifunk_default - wifi_roaming: true - - hostname: k12-ap3 - role: ap - model: "tplink_tl-wdr4300-v1" - wireless_profile: freifunk_default - wifi_roaming: true - - hostname: k12-ap4 - role: ap - model: "tplink_archer-c5-v1" - wireless_profile: freifunk_default - wifi_roaming: true - -snmp_devices: - - hostname: k12-segen - address: 10.31.158.194 - snmp_profile: airos_8 - -ipv6_prefix: '2001:bf7:760:2a00::/56' - -# got following prefixes: -# Router: 10.31.158.0/24 -# --DHCP: 10.31.158.0/25 -# --MESH: 10.31.158.128/26 -# --MGMT: 10.31.158.192/27 -# --UPLK: 10.31.158.224/27 - -networks: - # MESH - segen - - vid: 11 - role: mesh - name: mesh_segen - prefix: 10.31.158.133/32 - ipv6_subprefix: -11 - - # MESH - 5 GHz 802.11s - - vid: 20 - role: mesh - name: mesh_5ghz - prefix: 10.31.158.128/32 - ipv6_subprefix: -20 - mesh_ap: k12-core - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - - vid: 21 - role: mesh - name: mesh_2ghz - prefix: 10.31.158.129/32 - ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-core - mesh_radio: 11g_standard - mesh_iface: mesh - - # MESH - 5 GHz 802.11s - ap1 - - vid: 22 - role: mesh - name: mesh_ap1_5 - prefix: 10.31.158.130/32 - ipv6_subprefix: -22 - mesh_ap: k12-ap1 - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - ap1 - - vid: 23 - role: mesh - name: mesh_ap1_2 - prefix: 10.31.158.131/32 - ipv6_subprefix: -23 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-ap1 - mesh_radio: 11g_standard - mesh_iface: mesh - - # MESH - 5 GHz 802.11s - cpe - - vid: 24 - role: mesh - name: mesh_cpe - prefix: 10.31.158.132/32 - ipv6_subprefix: -24 - mesh_ap: k12-cpe - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 5 GHz 802.11s - ap2 - - vid: 25 - role: mesh - name: mesh_ap2_5 - prefix: 10.31.158.134/32 - ipv6_subprefix: -25 - mesh_ap: k12-ap2 - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - ap2 - - vid: 26 - role: mesh - name: mesh_ap2_2 - prefix: 10.31.158.135/32 - ipv6_subprefix: -26 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-ap2 - mesh_radio: 11g_standard - mesh_iface: mesh - - # MESH - 5 GHz 802.11s - ap4 - - vid: 27 - role: mesh - name: mesh_ap4_5 - prefix: 10.31.158.136/32 - ipv6_subprefix: -27 - mesh_ap: k12-ap4 - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - ap4 - - vid: 28 - role: mesh - name: mesh_ap4_2 - prefix: 10.31.158.137/32 - ipv6_subprefix: -28 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-ap4 - mesh_radio: 11g_standard - mesh_iface: mesh - - # DHCP - - vid: 40 - role: dhcp - inbound_filtering: true - enforce_client_isolation: true - prefix: 10.31.158.0/25 - ipv6_subprefix: 0 - assignments: - k12-core: 1 - - # MGMT - - vid: 42 - role: mgmt - prefix: 10.31.158.192/26 - gateway: 1 - dns: 1 - ipv6_subprefix: 1 - assignments: - # 10.31.158.193/32 - k12-core: 1 - # 10.31.158.194/32 - k12-segen: 2 - # 10.31.158.195/32 - k12-ap1: 3 - # 10.31.158.196/32 - k12-cpe: 4 - # 10.31.158.197/32 - k12-ap2: 5 - # 10.31.158.198/32 - k12-ap3: 6 - # 10.31.158.199/32 - k12-ap4: 7 - - # UPLK - - vid: 50 - role: uplink - untagged: true - - - role: tunnel - ifname: ts_wg0 - mtu: 1280 - prefix: 10.31.158.224/32 - wireguard_port: 51820 - - - role: tunnel - ifname: ts_wg1 - mtu: 1280 - prefix: 10.31.158.225/32 - wireguard_port: 51821 - -# AP-id, wifi-channel, bandwidth, txpower -location__channel_assignments_11a_standard__to_merge: - k12-core: 36-40 - k12-ap1: 36-40 - k12-ap2: 36-40 - k12-ap3: 48-40 - k12-ap4: 36-40 - k12-cpe: 44-40 - -# AP-id, wifi-channel, bandwidth, txpower -location__channel_assignments_11g_standard__to_merge: - k12-core: 13-20 - k12-ap1: 13-20 - k12-ap2: 13-20 - k12-ap3: 1-20 - k12-ap4: 13-20 diff --git a/locations/k9.yml b/locations/k9.yml index d12d3a2cd..12e1381f8 100644 --- a/locations/k9.yml +++ b/locations/k9.yml @@ -1,6 +1,6 @@ --- location: k9 -location_nice: Kinzig9 +location_nice: Kinzigstraße 9, 10247 Berlin latitude: 52.51378093260403 longitude: 13.466068518122656 altitude: 60 @@ -13,16 +13,23 @@ hosts: role: corerouter model: "avm_fritzbox-7530" wireless_profile: freifunk_default + - hostname: k9-ap-loge + role: ap + model: "aruba_ap-303" + wireless_profile: freifunk_default + - hostname: k9-ap-groessenwahn + role: ap + model: "aruba_ap-303" + wireless_profile: freifunk_default snmp_devices: - hostname: k9-sama - address: 10.31.9.211 - snmp_profile: airos_8 + address: 10.31.9.243 + snmp_profile: af60 - hostname: k9-zwingli - address: 10.31.9.212 - snmp_profile: airos_6 - + address: 10.31.9.244 + snmp_profile: airos_8 ipv6_prefix: '2001:bf7:830:8d00::/56' @@ -30,52 +37,28 @@ ipv6_prefix: '2001:bf7:830:8d00::/56' # 10.31.9.0/24 # - 10.31.9.0/25 - DHCP -# - 10.31.9.208/28 - MGMT # - 10.31.9.224/28 - BBB-Mesh -# - 10.31.9.240/28 - Internal Mesh - - -# 10.31.99.0/24 / can be proably dismantled - +# - 10.31.9.240/28 - MGMT networks: + # MESH - Sama - vid: 10 role: mesh name: mesh_sama prefix: 10.31.9.224/32 ipv6_subprefix: -1 - mesh_metric: 512 - ptp: true + mesh_metric: 128 + # MESH - Zwingli - vid: 11 role: mesh name: mesh_zwingli prefix: 10.31.9.225/32 ipv6_subprefix: -2 mesh_metric: 1024 - mesh_metric_lqm: ['default 0.3'] - # Ignore Uplink two Hops away / requires 0.3 LQM - ptp: true - - - vid: 12 - role: mesh - name: mesh_wilgu10 - prefix: 10.31.9.226/32 - ipv6_subprefix: -3 - mesh_metric: 512 - ptp: true - - - vid: 20 - role: mesh - name: mesh_k9int - prefix: 10.31.9.240/28 - ipv6_subprefix: -3 - mesh_metric: 64 - mesh_metric_lqm: ['default 0.2'] - # Ignore Uplink one Hop away / requires 0.2 LQM - assignments: - k9-core: 1 + mesh_metric_lqm: ['default 0.5'] + # DHCP - vid: 40 role: dhcp inbound_filtering: true @@ -85,21 +68,22 @@ networks: assignments: k9-core: 1 - - vid: 42 + # MGMT + - vid: 439 role: mgmt - prefix: 10.31.9.208/28 + prefix: 10.31.9.240/28 gateway: 1 dns: 1 ipv6_subprefix: 1 assignments: k9-core: 1 - k9-switch: 2 - k9-sama: 3 + k9-switch-roof: 2 # uisp-s + k9-sama: 3 # wave nano k9-zwingli: 4 - k9-wilgu10: 5 + k9-switch-house: 8 # hpe 2520g-poe + k9-ap-loge: 9 + k9-ap-hinterhaus: 10 location__ssh_keys__to_merge: - - comment: k9 JuergeN - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQe6dpUP7ame5ndvnQpghI/OVWav52ggbgwbdZ56Tr1q0bZQzuHNzwgRUrMiOtNbeN6AYQtLF2kEn1v0fLGp1twYiCFbc5GZV7Do5aDyqK71gDo2b0/EQ0pc/AeXnt4XoEfW1k6USCvGgAwUsVRJgHd1b+1+rrfdFH4qF8JatUYbcNDhS/hf6pUwQFEUJ+OdCFMgxbNYScnvf3UR5ttBq+Ur6yiYq1qi7zupVne9RKrCZMqaq0pdQGx9t8TOF3dskN5EWqn0GDCNOZZmf1VC1KhfhngE3/SYCqOAxSSXIUpLehL1KI05xhWVSzt0ngRVzgxySBsDxdJw8go/scisDB99Pfh+cSsHylHWW4JUEaIaZpMIpqydYElnyuZffr02C4tqdht18bc0lom0YcknYJ+UeBkBpRa3ii+WiANGBcs5j5+tUlu3GlWDHWE/gBj/FSp1X/FOCg6vhYO7nMdQa59ZIps/Y1NFlmKB7jwX76dj5Z8M8ZRmofSlbC2D3PKaQdYrbtVGWRqbVBpE8w0hw4zraKs7mpq1EHLN7gcDmkFoxaqWi1mU30Y3m8eltzspycHbyotq+djKF3zxlA6zR1eAexG7e+BYknMKqHiXMwP+cF6Tmr0rpaAHbBqeO3gXk5AhtIGLGGvdyAitgfmlVG0xVcgz2FeTPu3/RCgtpSOQ== - - comment: k9 Silke - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkyugPN8XIgxZ/l9fRPbcXrR042/XzX4T7PGP49ffHEDF8O0thI4tiils8LDkSJGpOtwPd1BPPgTT3YDm0Biy+HaeTtEEmVUs7AmRjl5sPcUXwPwMUXl9DKHBzpYKAfb6Jy2pBos7eswtFLHAS2tziyhREMz8OJuh9qZ9fs32BG+6AEGFL1hs4evI+NFtokcW7HW28zhkq2+NWi1kKef0SRY0rX9Kfp6fkMc5XKCZPuWBz97ZMCvUKShBiZXVJj6QzNxjaBcVnMCB/oqLxfrs2FrUbvNDcb2bAamyYLCVaU0DKtefByuBhsrrRdD35Ahi+qh1FFC1X59j1ozZX7Xq/ + - comment: k9 iuljan + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO0hqsAl0BJGlVgARU0KcE2JD+ljlOJebbFn4NI1aAlQ freifunk-k9@iuljan-m3 diff --git a/locations/kiehl71.yml b/locations/kiehl71.yml index d2a0e97c0..f58dfcee0 100644 --- a/locations/kiehl71.yml +++ b/locations/kiehl71.yml @@ -30,6 +30,8 @@ hosts: role: corerouter model: "avm_fritzbox-7530" wireless_profile: freifunk_default + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 ipv6_prefix: '2001:bf7:750:3200::/56' @@ -66,8 +68,7 @@ networks: name: mesh_11s_2ghz prefix: 10.31.178.225/32 ipv6_subprefix: -2 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: kiehl71-core mesh_radio: 11g_standard diff --git a/locations/kiehlufer.yml b/locations/kiehlufer.yml index b81d6a5c9..fe066294b 100644 --- a/locations/kiehlufer.yml +++ b/locations/kiehlufer.yml @@ -28,13 +28,17 @@ hosts: - hostname: kiehlufer-core role: corerouter - model: "linksys_e8450-ubi" + model: "cudy_x6-v1" wireless_profile: freifunk_default + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 - hostname: kiehlufer-huette role: ap model: "zyxel_nwa55axe" wireless_profile: kiehlufer5g + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 - hostname: kiehlufer-nf-wbp1 role: ap @@ -91,7 +95,7 @@ networks: name: mesh_rhnk prefix: 10.31.151.112/32 ipv6_subprefix: -1 - mesh_metric: 1024 + mesh_metric: 128 ptp: true # hüttenroder weg - mikrotik 60ghz cube - vid: 11 @@ -100,6 +104,7 @@ networks: prefix: 10.31.151.113/32 ipv6_subprefix: -2 ptp: true + mesh_metric: 128 # gateway - Rocket 5AC lite - vid: 12 role: mesh @@ -115,7 +120,6 @@ networks: name: mesh_nf_wbp1 prefix: 10.31.151.115/32 ipv6_subprefix: -4 - mesh_metric: 2048 mesh_ap: kiehlufer-nf-wbp1 mesh_radio: 11a_standard mesh_iface: mesh @@ -124,7 +128,6 @@ networks: name: mesh_nf_wbp2 prefix: 10.31.151.116/32 ipv6_subprefix: -5 - mesh_metric: 2048 mesh_ap: kiehlufer-nf-wbp2 mesh_radio: 11a_standard mesh_iface: mesh @@ -133,7 +136,6 @@ networks: name: mesh_nf_wbp3 prefix: 10.31.151.117/32 ipv6_subprefix: -6 - mesh_metric: 2048 mesh_ap: kiehlufer-nf-wbp3 mesh_radio: 11a_standard mesh_iface: mesh @@ -143,7 +145,6 @@ networks: name: mesh_huet_5g prefix: 10.31.151.118/32 ipv6_subprefix: -7 - mesh_metric: 2048 mesh_ap: kiehlufer-huette mesh_radio: 11a_standard mesh_iface: mesh @@ -152,7 +153,6 @@ networks: name: mesh_nf_wbp4 prefix: 10.31.151.119/32 ipv6_subprefix: -8 - mesh_metric: 2048 mesh_ap: kiehlufer-nf-wbp4 mesh_radio: 11a_standard mesh_iface: mesh @@ -194,16 +194,6 @@ location__channel_assignments_11a_standard__to_merge: location__wireless_profiles__to_merge: - name: kiehlufer5g - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - - radio: 11a_mesh - legacy_rates: false - country: DE ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/kiezladen154.yml b/locations/kiezladen154.yml new file mode 100644 index 000000000..b6ba5d07e --- /dev/null +++ b/locations/kiezladen154.yml @@ -0,0 +1,68 @@ +--- + +location: kiezladen154 +location_nice: Kiezladen Sonnenallee 154 +latitude: 52.4783464 +longitude: 13.44629185 +altitude: 50 +contacts: + - "#kiezladen154:matrix.org" + - https://www.instagram.com/kiezladenallee154/ + +hosts: + - hostname: kiezladen154-core + role: corerouter + model: netgear_wax220 + wireless_profile: freifunk_default + mac_override: {eth0: 94:18:65:43:6b:8f} + +snmp_devices: + - hostname: kiezladen154-rhnk + address: 10.248.3.162 + snmp_profile: airos_8 + + +# mgmt: 10.248.3.160/28 +# mesh: 10.248.2.208/29 +# dhcp: 10.248.4.0/25 + +ipv6_prefix: "2001:bf7:820:2f00::/56" + +networks: + - vid: 10 + role: mesh + name: mesh_rhnk + prefix: 10.248.2.208/32 + ipv6_subprefix: -1 + ptp: true + + - vid: 40 + role: dhcp + prefix: 10.248.4.0/25 + ipv6_subprefix: 0 + inbound_filtering: true + enforce_client_isolation: true + assignments: + kiezladen154-core: 1 + + - vid: 42 + role: mgmt + prefix: 10.248.3.160/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + kiezladen154-core: 1 + kiezladen154-rhnk: 2 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/kirchhof.yml b/locations/kirchhof.yml index 6294c6007..b465a9694 100644 --- a/locations/kirchhof.yml +++ b/locations/kirchhof.yml @@ -17,30 +17,40 @@ hosts: - hostname: kirchhof-nf-vorne role: ap - model: tplink_eap225-outdoor-v1 + model: zyxel_nwa50ax wireless_profile: kirchhof + wifi_roaming: true - hostname: kirchhof-nf-hinten role: ap model: tplink_eap225-outdoor-v1 wireless_profile: kirchhof + wifi_roaming: true - hostname: kirchhof-n-nf-5ghz role: ap model: mikrotik_sxtsq-5-ac mac_override: {eth0: 2c:c8:1b:8a:96:e0} wireless_profile: freifunk_default + wifi_roaming: true - hostname: kirchhof-w-nf-5ghz role: ap model: mikrotik_sxtsq-5-ac mac_override: {eth0: 2c:c8:1b:8a:96:28} wireless_profile: freifunk_default + wifi_roaming: true + + - hostname: kirchhof-nf-keller + role: ap + model: tplink_eap225-outdoor-v1 + wireless_profile: freifunk_default + wifi_roaming: true snmp_devices: - hostname: kirchhof-switch - address: 10.31.147.130 - snmp_profile: edgeswitch + address: 10.31.183.130 + snmp_profile: swos_lite # 10.31.183.128/28 - mgmt - vlan 42 # 10.31.183.144/28 - mesh - vlan 20, 50 @@ -92,6 +102,7 @@ networks: kirchhof-nf-hinten: 5 kirchhof-n-nf-5ghz: 6 kirchhof-w-nf-5ghz: 7 + kirchhof-nf-keller: 8 - vid: 50 role: uplink @@ -111,35 +122,27 @@ networks: location__channel_assignments_11a_standard__to_merge: kirchhof-n-nf-5ghz: 36-20 kirchhof-w-nf-5ghz: 40-20 - kirchhof-nf-vorne: 44-20 - kirchhof-nf-hinten: 36-20 + kirchhof-nf-vorne: 44-40 + kirchhof-nf-hinten: 36-40 + kirchhof-nf-keller: 52-20-3 location__channel_assignments_11b_standard__to_merge: - kirchhof-nf-vorne: 13-20 - kirchhof-nf-hinten: 9-20 + kirchhof-nf-vorne: 1-20 + kirchhof-nf-hinten: 6-20 + kirchhof-keller: 13-20 location__wireless_profiles__to_merge: - name: kirchhof - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - - radio: 11a_mesh - legacy_rates: false - country: DE ifaces: - mode: ap - ssid: berlin.freifunk.net + ssid: khof.freifunk.net encryption: none network: dhcp radio: [11a_standard, 11g_standard] ifname_hint: ff owe_transition_ifname_hint: ffowe - mode: ap - ssid: berlin.freifunk.net OWE + ssid: khof.freifunk.net OWE hidden: true encryption: owe network: dhcp diff --git a/locations/kitty.yml b/locations/kitty.yml new file mode 100644 index 000000000..c41f5944d --- /dev/null +++ b/locations/kitty.yml @@ -0,0 +1,111 @@ +--- + +location: kitty +location_nice: Brückenstraße 1, 10179 Berlin +latitude: 52.511268 +longitude: 13.417194 +altitude: 39 +height: 11 +contact_nickname: Vinet +contacts: + - vinet@c-base.org + +# --MGMT: 10.248.22.60/30 +# --MESH: 10.248.23.232/30 +# --DHCP: 10.248.25.0/24 + +ipv6_prefix: 2001:bf7:750:7600::/56 + +hosts: + - hostname: kitty-core + role: corerouter + model: "mikrotik_routerboard-750gr3" + host__rclocal__to_merge: + - '#' + - '# This script adjusts the configuration of vlans.' + - '#' + - ' ' + - '. /lib/functions.sh' + - ' ' + - 'handle_vlans() {' + - ' # untag the vlans on different ports based on their id' + - ' local uci_section="$1"' + - ' ' + - ' config_get vlan "$uci_section" vlan' + - ' config_get ports "$uci_section" ports' + - ' ' + - ' ' + - ' case "$vlan" in' + - ' 50)' + - ' # untag MESH for uplink on port 1' + - " port_config='wan lan2:t lan3:t lan4:t lan5:t' ;;" + - ' 40)' + - ' # untag DHCP on port 2' + - " port_config='wan:t lan2 lan3:t lan4:t lan5:t' ;;" + - ' 42)' + - ' # untag mgmt on port 3' + - " port_config='wan:t lan2:t lan3 lan4:t lan5:t' ;;" + - ' *)' + - ' # do nothing for the other vlans' + - ' return' + - ' esac' + - ' ' + - ' # abort if config is applied already' + - ' if [ "$ports" = "$port_config" ]; then' + - ' printf "Vlan %d applied already.\n" "$vlan"' + - ' return' + - ' fi' + - ' ' + - ' printf "Port number: %d\n" "$vlan"' + - ' printf "Port config: %s\n" "$port_config"' + - ' ' + - ' printf "Configuring %s... " "$uci_section"' + - ' uci_set network "$uci_section" ports "$port_config"' + - ' printf "Done.\n"' + - '}' + - ' ' + - 'config_load network' + - ' ' + - 'config_foreach handle_vlans "bridge-vlan"' + - ' ' + - 'uci commit network' + - 'sync' + - 'reload_config' + +networks: + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.248.25.0/24 + ipv6_subprefix: 1 + assignments: + kitty-core: 1 + + - vid: 42 + role: mgmt + prefix: 10.248.22.60/30 + ipv6_subprefix: 0 + gateway: 1 + dns: 1 + assignments: + kitty-core: 1 + + - vid: 50 + role: uplink + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.23.232/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.23.233/32 + wireguard_port: 51821 + +location__ssh_keys__to_merge: + - comment: Vinet + key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCRpRJcexdB2N11gsbbKhXGu8sNQIAShohJpjobhSXtcUWTfRlX2SwSF0QuoHP4Bcb8IGCQc8+TK1RSc+owc1bD68gHIGQZ6b3u2sDv1JMoexqtY9PRIhOiUkPMdSJH7ay4WS7p6FHCZ8z1lrf5GaWpA+E0FNvE7sSaA7jHegYZ6D/qru9XddatItWkMgaKqVzaK+W0TldlqqORwQJg0JGPA71vakJCj/H+SsCZyn9HJ/bbq08kBqaBGU7JLFfwKpw8VGn2pwENzHQgzjb6Bfmj1XmbDvXtZjJTF7nhrxemXo9oJDDq8pVveD46cvSffvAAUFRrMlaV+v0qsYK0ir3MDGuguBn3t2+DR0K8JGufYU7i52vTwCuu3d3PRNIwyEYG4vySXpA9m7YSJEHIkasrSADGy47P+Q+jXQZoR5JS0ZtZnqA4JvnYyKd/OeLpNX7MXaDpVAI7pNrDig/4VD7LO70kPPCMAjn40qwF8lcI8U+alrqHG1RIrkugnsGs9g7tselqIi2pAUMml3as778h5Qx+p8FiD3lLPbjJfTBBgl8LfySRWxLgWTMI0TqtMvqNbsUaAB0ThN2FiJE9PrVO2dzUrBUZnaOpT+8B/zW4cGyFqqNZCjpvXkIPzp6jbPDG1aithV0C9mPOGAgq5wUIBgS+Vx95JhA3TArTz4DOdw== Vinet diff --git a/locations/klunker.yml b/locations/klunker.yml index e4d2cf91e..b936a2b82 100644 --- a/locations/klunker.yml +++ b/locations/klunker.yml @@ -16,19 +16,19 @@ hosts: role: ap model: "mikrotik_sxtsq-5-ac" mac_override: - eth0: 08:55:31:14:36:d7 + eth0: dc:2c:6e:c4:36:37 - hostname: klunker-nf-nnw-5ghz role: ap model: "mikrotik_sxtsq-5-ac" mac_override: - eth0: cc:2d:e0:9c:4d:58 + eth0: dc:2c:6e:c4:16:fb - hostname: klunker-nf-sse-5ghz role: ap model: "mikrotik_sxtsq-5-ac" mac_override: - eth0: cc:2d:e0:9c:4f:00 + eth0: dc:2c:6e:c4:36:5f snmp_devices: - hostname: klunker-switch @@ -60,6 +60,7 @@ networks: prefix: 10.31.71.152/32 ipv6_subprefix: -1 ptp: true + mesh_metric: 128 # PtP mesh down south 60GHz # Airfiber 60LR Link to philmel church @@ -69,6 +70,7 @@ networks: prefix: 10.31.71.153/32 ipv6_subprefix: -2 ptp: true + mesh_metric: 128 # AP1 down Isarstrasse 5GHz # directing south-southeast @@ -117,14 +119,14 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - klunker-core: 1 - klunker-switch: 2 - klunker-rhnk: 3 - klunker-philmel: 4 - # klunker-rhnk-5ghz: 5 - klunker-nf-nnw-5ghz: 6 - klunker-nf-sse-5ghz: 7 - klunker-ap-bibliothek-5ghz: 8 + klunker-core: 1 # 10.31.191.177 + klunker-switch: 2 # 10.31.191.178 + klunker-rhnk: 3 # 10.31.191.179 + klunker-philmel: 4 # 10.31.191.180 + # klunker-rhnk-5ghz: 5 # 10.31.191.181 + klunker-nf-nnw-5ghz: 6 # 10.31.191.182 + klunker-nf-sse-5ghz: 7 # 10.31.191.183 - PoE Watchdog 10m + klunker-ap-bibliothek-5ghz: 8 # 10.31.191.184 location__channel_assignments_11a_standard__to_merge: klunker-nf-sse-5ghz: 36-20 diff --git a/locations/knallt-m42.yml b/locations/knallt-m42.yml new file mode 100644 index 000000000..bb95d2761 --- /dev/null +++ b/locations/knallt-m42.yml @@ -0,0 +1,78 @@ +--- +location: knallt-m42 +location_nice: 'Maximilianstraße 42, 13187 Berlin' +latitude: 52.5610708 +longitude: 13.4081996 +contact_nickname: 'knallt' +contacts: + - '@knallt:matrix.org' + +hosts: + - hostname: knallt-m42-core + role: corerouter + model: "zyxel_nwa55axe" + wireless_profile: freifunk_default + +snmp_devices: + - hostname: knallt-m42-lb + address: 10.248.0.114 + snmp_profile: airos_8 + +ipv6_prefix: '2001:bf7:760:1700::/56' + +# got following prefixes: +# Router: 10.248.0.64/26 +# --DHCP: 10.248.0.64/27 +# --MESH: 10.248.0.96/28 +# --MGMT: 10.248.0.112/28 + +networks: + # MESH - Lightbeam + - vid: 10 + role: mesh + name: mesh_lb + prefix: 10.248.0.96/32 + ipv6_subprefix: -10 + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5ghz + prefix: 10.248.0.98/32 + ipv6_subprefix: -20 + mesh_ap: knallt-m42-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2ghz + prefix: 10.248.0.99/32 + ipv6_subprefix: -21 + # make mesh_metric for 2GHz worse than 5GHz + mesh_metric_lqm: ['default 0.8'] + mesh_ap: knallt-m42-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.248.0.64/27 + ipv6_subprefix: 0 + assignments: + knallt-m42-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.0.112/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + knallt-m42-core: 1 # 10.248.0.113 + knallt-m42-lb: 2 # 10.248.0.114 diff --git a/locations/koepi.yml b/locations/koepi.yml index d4ab95071..7e482dbbe 100644 --- a/locations/koepi.yml +++ b/locations/koepi.yml @@ -124,14 +124,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: koepi - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/kotti.yml b/locations/kotti.yml new file mode 100644 index 000000000..317b6afef --- /dev/null +++ b/locations/kotti.yml @@ -0,0 +1,91 @@ +--- + +location: kotti +location_nice: Skalitzer Straße 134, 10999 Berlin +latitude: 52.49943 +longitude: 13.41860 +altitude: 41 +height: 13 +community: true + +hosts: + + - hostname: kotti-core + role: corerouter + model: "ubnt_unifiac-mesh" + wireless_profile: freifunk_default + +snmp_devices: + - hostname: kotti-simeon + address: 10.31.167.210 + snmp_profile: airos_8 + +ipv6_prefix: 2001:bf7:830:6600::/56 + +# Kotti has following prefixes: +# Router: 10.31.167.208/28 +# --MGMT: 10.31.167.208/29 +# --MESH: 10.31.167.216/29 +# --DHCP: 10.248.2.0/26 + +networks: + - vid: 10 + role: mesh + name: mesh_simeon + prefix: 10.31.167.216/32 + ipv6_subprefix: -10 + ptp: true + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.167.217/32 + ipv6_subprefix: -20 + mesh_ap: kotti-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.167.218/32 + ipv6_subprefix: -21 + # make mesh_metric for 2GHz worse than 5GHz + mesh_metric_lqm: ['default 0.5'] + mesh_ap: kotti-core + mesh_radio: 11g_standard + mesh_iface: mesh + + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.248.2.0/26 + ipv6_subprefix: 0 + assignments: + kotti-core: 1 + + - vid: 42 + name: mgmt + role: mgmt + prefix: 10.31.167.208/29 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + kotti-core: 1 + kotti-simeon: 2 + +location__channel_assignments_11g_standard__to_merge: + # AP-id, wifi-channel, bandwidth, txpower. Can be empty for default values + kotti-core: 13-20-7 # 20 dBm - 16 dBm (Antenne) + 3dBm (Cable loss) + +location__channel_assignments_11a_standard__to_merge: + # AP-id, wifi-channel, bandwidth, txpower. Can be empty for default values + kotti-core: 36-20-10 # 23 dBm - 16 dBm (Antenne) + 3dBm (Cable loss) + +location__ssh_keys__to_merge: + - comment: Kian + key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/tkIsr6x/qTnNcn5mJP+ucu4dreueQDNvr51AcMXvVMXy9ZqyUFC3WyAJAALfGv08lA/hWKvaBLeqI1JWrWutaGl3m8oI8jjDeA8WnBNYOpGluL0b1EkIAnB09pPehvIowP6PqgPO/m1Iv+FfOrxe3QoCGI4zvlwrC+Pu2SO4PAItr6ksqhRl5UaXrE3vHITxMCDPSa0xGxD1uq7PEg+OaMEVWtOJrcbIlQFlZSLodtrt6tnEDZJoyxfsjSbbjJD73mBnR4VGIsT1+RUmr4NemFtLJ3wDPUYZmJS5nprxnlAmFX8mDdoGeVw5OrSbCAltAXhXdzTb3uOo/kIxoMuiJajep4ZmB73Jsa8YW9CnQhZ4aHBLkhn80QI3OLrm/EWQevzmQejV4ztPCLkZCDklQJxhglzwr+Cj7JeUfQMdI1baMIQG7Z5oOHZqsVnc+HKoYnnZReUDtQH3oQETECoSIL5uEHujaqeMdVqx8NqiZX+093YLftNzyV+GA5TTxRU= kiangosling@Kians-MacBook-Pro.local diff --git a/locations/kts13.yml b/locations/kts13.yml index 11780a07e..7eb8c1614 100644 --- a/locations/kts13.yml +++ b/locations/kts13.yml @@ -43,7 +43,6 @@ networks: name: mesh_ap1 prefix: '10.31.166.194/32' ipv6_subprefix: -2 - mesh_metric: 1024 mesh_ap: kts13-ap1 mesh_radio: 11a_standard mesh_iface: mesh diff --git a/locations/kub.yml b/locations/kub.yml index f99915b81..955651f1a 100644 --- a/locations/kub.yml +++ b/locations/kub.yml @@ -16,7 +16,9 @@ hosts: - hostname: kub-ap1 role: ap - model: "avm_fritzbox-7530" + model: "cudy_x6-v1" + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 snmp_devices: - hostname: kub-simeon @@ -37,10 +39,31 @@ networks: role: mesh name: mesh_simeon prefix: 10.31.139.16/32 - ipv6_subprefix: -1 + ipv6_subprefix: -10 + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g_ap1 + prefix: 10.31.139.17/32 + ipv6_subprefix: -20 + mesh_ap: kub-ap1 + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g_ap1 + prefix: 10.31.139.18/32 + ipv6_subprefix: -21 + mesh_ap: kub-ap1 + mesh_radio: 11g_standard + mesh_iface: mesh - vid: 40 role: dhcp + untagged: true inbound_filtering: true enforce_client_isolation: true prefix: 10.31.138.128/25 @@ -58,6 +81,3 @@ networks: kub-core: 1 kub-simeon: 2 kub-ap1: 14 - -# Special vlan config: -# - kub-ap1 vlan 40: 0t 1t 2 3 4 diff --git a/locations/l105.yml b/locations/l105.yml index 0e366d1ae..d4e36a8dd 100644 --- a/locations/l105.yml +++ b/locations/l105.yml @@ -61,21 +61,21 @@ mesh_links: ifname: eth1.10 ipv4: 10.31.127.160/32 ipv6: 2001:bf7:750:3f01::1/128 - metric: 128 + mesh_metric: 128 ptp: true # - name: mesh_tu # ifname: eth1.11 # ipv4: 10.31.127.161/32 # ipv6: 2001:bf7:750:3f01::2/128 - # metric: 128 + # mesh_metric: 128 # ptp: true - name: mesh_bbbvpn ifname: eth1.32 ipv4: 10.31.127.162/32 ipv6: 2001:bf7:750:3f01::3/128 - metric: 128 + mesh_metric: 1024 ptp: true # Downlink IPv4 is in net announced by emma. diff --git a/locations/liese-21.yml b/locations/liese-21.yml index c36dc107d..53f6de5ed 100644 --- a/locations/liese-21.yml +++ b/locations/liese-21.yml @@ -97,3 +97,11 @@ location__channel_assignments_11a_standard__to_merge: # location__channel_assignments_11g_standard__to_merge: # channel-bandwith-txpower in dbm + +# PORT CONFIG +# +# lan1: poe in +# lan2: Lite-AP +# lan3: Nanobeam 5AC + SXTsq5ac +# lan4: spare +# lan5: spare diff --git a/locations/linie206.yml b/locations/linie206.yml index a9af108b5..520b41db8 100644 --- a/locations/linie206.yml +++ b/locations/linie206.yml @@ -13,32 +13,38 @@ hosts: - hostname: linie206-core role: corerouter - model: "linksys_e8450-ubi" + model: "mikrotik_routerboard-750gr3" wireless_profile: freifunk_default - hostname: linie206-nf-o-5ghz role: ap model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: 08:55:31:ea:e7:76} - hostname: linie206-nf-s-5ghz role: ap model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: 2c:c8:1b:aa:69:3d} - hostname: linie206-nf-so-5ghz role: ap model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: 08:55:31:ea:df:2e} - hostname: linie206-nf-w-5ghz role: ap model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: 2c:c8:1b:aa:63:42} - hostname: linie206-nf-so-2ghz role: ap model: "mikrotik_sxtsq-2-lite" + mac_override: {eth0: 2c:c8:1b:6e:49:01} - hostname: linie206-nf-w-2ghz role: ap model: "mikrotik_sxtsq-2-lite" + mac_override: {eth0: 2c:c8:1b:6e:66:69} - hostname: linie206-nf-wohnzimmer role: ap diff --git a/locations/magda.yml b/locations/magda.yml index 76e83d8d2..bbac039bd 100644 --- a/locations/magda.yml +++ b/locations/magda.yml @@ -1,7 +1,7 @@ --- location: magda -location_nice: Magdalenenstraße 19 +location_nice: Magdalenenstraße 19, 10365 Berlin latitude: 52.514072806 longitude: 13.488437533 altitude: 60 @@ -9,7 +9,6 @@ contacts: - '#ff-site-magda:matrix.org' hosts: - - hostname: magda-core role: corerouter model: "avm_fritzbox-7530" @@ -36,12 +35,12 @@ hosts: mac_override: eth0: 08:55:31:54:63:0a - - hostname: magda-ap4 - role: ap - model: "ubnt_nanostation-m2_xm" + # Replacement needed + # - hostname: magda-ap4 + # role: ap + # model: "ubnt_nanostation-m2_xm" snmp_devices: - - hostname: magda-sama address: 10.31.83.115 snmp_profile: airos_8 @@ -50,6 +49,13 @@ snmp_devices: address: 10.31.83.116 snmp_profile: airos_8 +airos_dfs_reset: + - name: "magda-ost-5ghz" + target: "10.31.83.116" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + ipv6_prefix: "2001:bf7:860::/56" # Mesh: 10.31.83.60/30 @@ -68,7 +74,7 @@ networks: ipv6_subprefix: -2 # Adjust mesh metric to liese-11-sw-core to prevent using it # as a gateway during heavy rain - mesh_metric_lqm: ['10.31.205.49 0.5'] + mesh_metric_lqm: ['10.31.205.49 0.2'] - vid: 42 role: mgmt @@ -84,7 +90,7 @@ networks: magda-ap1: 5 magda-ap2: 6 magda-ap3: 7 - magda-ap4: 8 + # magda-ap4: 8 magda-ap-remise: 9 - vid: 40 diff --git a/locations/mahalle.yml b/locations/mahalle.yml index 10e041a8e..71aa00af7 100644 --- a/locations/mahalle.yml +++ b/locations/mahalle.yml @@ -19,10 +19,12 @@ hosts: - hostname: mahalle-nf-o role: ap model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: dc:2c:6e:c4:36:51} - hostname: mahalle-nf-w role: ap model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: dc:2c:6e:c4:2a:0b} # 10.31.179.112/29 - mgmt # 10.31.179.120/29 - mesh @@ -40,7 +42,6 @@ networks: mesh_ap: mahalle-nf-w mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric: 1024 - vid: 21 role: mesh @@ -50,7 +51,6 @@ networks: mesh_ap: mahalle-nf-o mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric: 1024 - vid: 40 role: dhcp diff --git a/locations/manstein10.yml b/locations/manstein10.yml index deb372260..6b7c155e1 100644 --- a/locations/manstein10.yml +++ b/locations/manstein10.yml @@ -17,9 +17,9 @@ hosts: role: ap model: "ubnt_nanostation-m2_xm" - - hostname: manstein10-m2-w - role: ap - model: "ubnt_nanostation-m2_xm" + # - hostname: manstein10-m2-w + # role: ap + # model: "ubnt_nanostation-m2_xm" - hostname: manstein10-m5-w role: ap @@ -56,14 +56,14 @@ networks: mesh_radio: 11g_standard mesh_iface: mesh - - vid: 12 - role: mesh - name: mesh_2ghz_w - prefix: 10.31.125.34/32 - ipv6_subprefix: -3 - mesh_ap: manstein10-m2-w - mesh_radio: 11g_standard - mesh_iface: mesh + # - vid: 12 + # role: mesh + # name: mesh_2ghz_w + # prefix: 10.31.125.34/32 + # ipv6_subprefix: -3 + # mesh_ap: manstein10-m2-w + # mesh_radio: 11g_standard + # mesh_iface: mesh - vid: 13 role: mesh @@ -98,11 +98,11 @@ networks: # airos - bbb manstein10-rhxb: 4 # airos - clients - manstein10-m5-loco-s5: 5 + # manstein10-m5-loco-s5: 5 # openwrt clients manstein10-m5-w: 6 manstein10-m2-s: 7 - manstein10-m2-w: 8 + # manstein10-m2-w: 8 location__ssh_keys__to_merge: - comment: narfpeng diff --git a/locations/mela-2g.yml b/locations/mela-2g.yml deleted file mode 100644 index 744381d5b..000000000 --- a/locations/mela-2g.yml +++ /dev/null @@ -1,180 +0,0 @@ ---- -location: mela-2g -location_nice: Melanchthonkirche, Melanchthonplatz, 13595 Berlin -latitude: 52.521306576109 -longitude: 13.188832104206 -altitude: 60 -height: 24 -community: true - -hosts: - - hostname: mela-core-2g - role: corerouter - # model: "avm_fritzbox-4040" - model: "tplink_cpe210-v1" - # low flash until proper core router - low_flash: true - wireless_profile: mesh_only - # - hostname: mela-n2 - # role: ap - # model: "tplink_cpe210-v1" - # wireless_profile: freifunk_default - - hostname: mela-o2 - role: ap - model: "tplink_cpe210-v1" - wireless_profile: mesh_only - - hostname: mela-s2 - role: ap - model: "tplink_cpe210-v1" - wireless_profile: mesh_only - # - hostname: mela-w2 - # role: ap - # model: "tplink_cpe210-v1" - # wireless_profile: mesh_only - - hostname: mela-kanzel - role: ap - model: "tplink_cpe210-v1" - -snmp_devices: - - hostname: mela-switch-vorne - address: 10.31.244.131 - snmp_profile: edgeswitch - -ipv6_prefix: "2001:bf7:780:800::/56" - -# got following prefixes: -# Router: 10.31.244.128/25 (DHCP) -# 2001:bf7:780:800::/56 -# --MGMT: 10.31.244.128/27 -# --MESH: 10.31.244.160/27 -# --DHCP: 10.31.244.192/26 - -networks: - # MGMT - - vid: 42 - role: mgmt - prefix: 10.31.244.128/27 - gateway: 1 - dns: 1 - ipv6_subprefix: 1 - assignments: - # Core - mela-core-2g: 1 - # Switches - # mela-switch-hinten: 2 - mela-switch-vorne: 3 - # Ubiquiti APs + Stations - # mela-nw-5ghz: 4 - # mela-oso-5ghz: 5 - # mela-teufelsberg: 6 - # OpenWRT APs (indoor, no Mesh) - mela-kanzel: 8 - # OpenWRT 802.11s APs (Nahfeld) - # mela-n2: 9 - used as mela-core-2g - mela-o2: 10 - mela-s2: 11 - # mela-w2: 12 # defect, needs replacement - #mela-n5: 13 # unreachable, but wlan network - # mela-o5: 14 - # mela-s5: 15 - # mela-core-2g: 16 - - # DHCP - - vid: 40 - role: dhcp - prefix: 10.31.244.192/26 - ipv6_subprefix: 0 - inbound_filtering: true - enforce_client_isolation: true - assignments: - mela-core-2g: 1 - - # MESH: 10.36.70.32/27 - # PTMP / PTP Links - # - vid: 10 - # role: mesh - # name: mesh_teufelsberg - # prefix: 10.36.70.33/32 - # ipv6_subprefix: -10 - - # - vid: 11 - # role: mesh - # name: mesh_nw - # prefix: 10.36.70.34/32 - # ipv6_subprefix: -11 - - # - vid: 12 - # role: mesh - # name: mesh_oso - # prefix: 10.36.70.35/32 - # ipv6_subprefix: -12 - - # 802.11s Mesh - - vid: 20 - role: mesh - name: mesh_11s_n2 - prefix: 10.31.244.160/32 - ipv6_subprefix: -20 - # should be mela-n2 - mesh_ap: mela-core-2g - mesh_radio: 11g_standard - mesh_iface: mesh - - - vid: 21 - role: mesh - name: mesh_11s_o2 - prefix: 10.31.244.161/32 - ipv6_subprefix: -21 - mesh_ap: mela-o2 - mesh_radio: 11g_standard - mesh_iface: mesh - - - vid: 22 - role: mesh - name: mesh_11s_s2 - prefix: 10.31.244.162/32 - ipv6_subprefix: -22 - mesh_ap: mela-s2 - mesh_radio: 11g_standard - mesh_iface: mesh - - - vid: 23 - role: mesh - name: mesh_11s_w2 - prefix: 10.31.244.163/32 - ipv6_subprefix: -23 - mesh_ap: mela-w2 - mesh_radio: 11g_standard - mesh_iface: mesh - - # - vid: 24 - # role: mesh - # name: mesh_11s_n5 - # prefix: 10.36.70.40/32 - # ipv6_subprefix: -24 - # mesh_ap: mela-n5 - # mesh_radio: 11a_standard - # mesh_iface: mesh - - # - vid: 25 - # role: mesh - # name: mesh_11s_o5 - # prefix: 10.36.70.41/32 - # ipv6_subprefix: -25 - # # change this to mela-o2 once we have a new core-router - # mesh_ap: mela-core - # mesh_radio: 11a_standard - # mesh_iface: mesh - - # - vid: 26 - # role: mesh - # name: mesh_11s_s5 - # prefix: 10.36.70.42/32 - # ipv6_subprefix: -26 - # mesh_ap: mela-s5 - # mesh_radio: 11a_standard - # mesh_iface: mesh - -location__ssh_keys__to_merge: - - comment: torte - key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQBsKPa58c9LBwfupf3KlAsJHG+O9BNdTP0wB+0Ztl5Zl2/TeGfEEnOXxpf8gQq0qkG/pA40UP8jyejzliNfTZ+qOIfX+Jt1KXoBzNN7zBtYMzAAkrDgCqfIeLBAb/ArZyEanCOOz96bu4OfiktPJxbbRrlP/OV0XUZaLkSmIvxKFP5VHYyhvBxlwTrjSD8tdZJNFiZelHW/TRAT0uSfmgXBiXNThKVMNwwaCUp1R9QNbzFUhvnGyqrH8mQOYtHcZhPYAQOnUpJSYwBlyA4aIhAAgsPRZe1M5lEMn7ME6q6ERuQheGNmcNNqoxjrzIHbZjgTlprvdrzD7UPGNla7zcst torte@pluto diff --git a/locations/mela.yml b/locations/mela.yml index 08667a8fe..b39e22e39 100644 --- a/locations/mela.yml +++ b/locations/mela.yml @@ -10,59 +10,49 @@ community: true hosts: - hostname: mela-core role: corerouter - # model: "avm_fritzbox-4040" - model: "tplink_cpe510-v1" - # low flash until proper core router - low_flash: true + model: "avm_fritzbox-4040" wireless_profile: freifunk_default - # - hostname: mela-n5 - # role: ap - # model: "tplink_cpe510-v1" - # wireless_profile: freifunk_default - # - hostname: mela-o5 - # role: ap - # model: "tplink_cpe510-v1" - # wireless_profile: freifunk_default + - hostname: mela-n5 + role: ap + model: "tplink_cpe510-v1" + - hostname: mela-o5 + role: ap + model: "tplink_cpe510-v1" - hostname: mela-s5 role: ap model: "tplink_cpe510-v1" - # - hostname: mela-n2 - # role: ap - # model: "tplink_cpe210-v1" - # wireless_profile: freifunk_default - # - hostname: mela-o2 - # role: ap - # model: "tplink_cpe210-v1" - # wireless_profile: freifunk_default - # - hostname: mela-s2 - # role: ap - # model: "tplink_cpe210-v1" - # wireless_profile: freifunk_default - # - hostname: mela-w2 - # role: ap - # model: "tplink_cpe210-v1" - # wireless_profile: freifunk_default - # - hostname: mela-kanzel - # role: ap - # model: "tplink_cpe210-v1" - # wireless_profile: freifunk_default + - hostname: mela-n2 + role: ap + model: "tplink_cpe210-v1" + - hostname: mela-o2 + role: ap + model: "tplink_cpe210-v1" + - hostname: mela-s2 + role: ap + model: "tplink_cpe210-v1" + - hostname: mela-w2 + role: ap + model: "tplink_cpe210-v1" + - hostname: mela-kanzel + role: ap + model: "tplink_cpe210-v1" snmp_devices: - hostname: mela-switch-hinten address: 10.36.70.2 snmp_profile: edgeswitch - # - hostname: mela-switch-vorne - # address: 10.36.70.3 - # snmp_profile: edgeswitch + - hostname: mela-switch-vorne + address: 10.36.70.3 + snmp_profile: edgeswitch - hostname: mela-nw-5ghz address: 10.36.70.4 snmp_profile: airos_6 - - hostname: mela-oso-5ghz + - hostname: mela-ono-5ghz address: 10.36.70.5 snmp_profile: airos_6 - # - hostname: mela-teufelsberg - # address: 10.36.70.6 - # snmp_profile: airos_8 + - hostname: mela-teufelsberg + address: 10.36.70.6 + snmp_profile: airos_8 ipv6_prefix: "2001:bf7:790:f00::/56" @@ -75,51 +65,12 @@ ipv6_prefix: "2001:bf7:790:f00::/56" # --DHCP: 10.36.92.0/24 networks: - # MGMT - - vid: 42 - role: mgmt - prefix: 10.36.70.0/27 - gateway: 1 - dns: 1 - ipv6_subprefix: 1 - assignments: - # Core - mela-core: 1 - # Switches - mela-switch-hinten: 2 - # mela-switch-vorne: 3 - # Ubiquiti APs + Stations - mela-nw-5ghz: 4 - mela-oso-5ghz: 5 - # mela-teufelsberg: 6 - # OpenWRT APs (indoor, no Mesh) - # mela-kanzel: 8 - # OpenWRT 802.11s APs (Nahfeld) - # mela-n2: 9 - # mela-o2: 10 - # mela-s2: 11 - # mela-w2: 12 # defect, needs replacement - # mela-n5: 13 # unreachable, but wlan network - # mela-o5: 14 - mela-s5: 15 - - # DHCP - - vid: 40 - role: dhcp - prefix: 10.36.92.0/24 - ipv6_subprefix: 0 - inbound_filtering: true - enforce_client_isolation: true - assignments: - mela-core: 1 - - # MESH: 10.36.70.32/27 - # PTMP / PTP Links - # - vid: 10 - # role: mesh - # name: mesh_teufelsberg - # prefix: 10.36.70.33/32 - # ipv6_subprefix: -10 + # PTMP / PTP Mesh + - vid: 10 + role: mesh + name: mesh_teufel + prefix: 10.36.70.33/32 + ipv6_subprefix: -10 - vid: 11 role: mesh @@ -129,63 +80,64 @@ networks: - vid: 12 role: mesh - name: mesh_oso + name: mesh_ono prefix: 10.36.70.35/32 ipv6_subprefix: -12 + # ensure this link is only used as backup + mesh_metric: 2048 # 802.11s Mesh - # - vid: 20 - # role: mesh - # name: mesh_11s_n2 - # prefix: 10.36.70.36/32 - # ipv6_subprefix: -20 - # mesh_ap: mela-n2 - # mesh_radio: 11g_standard - # mesh_iface: mesh - - # - vid: 21 - # role: mesh - # name: mesh_11s_o2 - # prefix: 10.36.70.37/32 - # ipv6_subprefix: -21 - # mesh_ap: mela-o2 - # mesh_radio: 11g_standard - # mesh_iface: mesh - - # - vid: 22 - # role: mesh - # name: mesh_11s_s2 - # prefix: 10.36.70.38/32 - # ipv6_subprefix: -22 - # mesh_ap: mela-s2 - # mesh_radio: 11g_standard - # mesh_iface: mesh - - # - vid: 23 - # role: mesh - # name: mesh_11s_w2 - # prefix: 10.36.70.39/32 - # ipv6_subprefix: -23 - # mesh_ap: mela-w2 - # mesh_radio: 11g_standard - # mesh_iface: mesh - - # - vid: 24 - # role: mesh - # name: mesh_11s_n5 - # prefix: 10.36.70.40/32 - # ipv6_subprefix: -24 - # mesh_ap: mela-n5 - # mesh_radio: 11a_standard - # mesh_iface: mesh + - vid: 20 + role: mesh + name: mesh_11s_n2 + prefix: 10.36.70.36/32 + ipv6_subprefix: -20 + mesh_ap: mela-n2 + mesh_radio: 11g_standard + mesh_iface: mesh + + - vid: 21 + role: mesh + name: mesh_11s_o2 + prefix: 10.36.70.37/32 + ipv6_subprefix: -21 + mesh_ap: mela-o2 + mesh_radio: 11g_standard + mesh_iface: mesh + + - vid: 22 + role: mesh + name: mesh_11s_s2 + prefix: 10.36.70.38/32 + ipv6_subprefix: -22 + mesh_ap: mela-s2 + mesh_radio: 11g_standard + mesh_iface: mesh + + - vid: 23 + role: mesh + name: mesh_11s_w2 + prefix: 10.36.70.39/32 + ipv6_subprefix: -23 + mesh_ap: mela-w2 + mesh_radio: 11g_standard + mesh_iface: mesh + + - vid: 24 + role: mesh + name: mesh_11s_n5 + prefix: 10.36.70.40/32 + ipv6_subprefix: -24 + mesh_ap: mela-n5 + mesh_radio: 11a_standard + mesh_iface: mesh - vid: 25 role: mesh name: mesh_11s_o5 prefix: 10.36.70.41/32 ipv6_subprefix: -25 - # change this to mela-o2 once we have a new core-router - mesh_ap: mela-core + mesh_ap: mela-o5 mesh_radio: 11a_standard mesh_iface: mesh @@ -198,6 +150,38 @@ networks: mesh_radio: 11a_standard mesh_iface: mesh -location__ssh_keys__to_merge: - - comment: torte - key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQBsKPa58c9LBwfupf3KlAsJHG+O9BNdTP0wB+0Ztl5Zl2/TeGfEEnOXxpf8gQq0qkG/pA40UP8jyejzliNfTZ+qOIfX+Jt1KXoBzNN7zBtYMzAAkrDgCqfIeLBAb/ArZyEanCOOz96bu4OfiktPJxbbRrlP/OV0XUZaLkSmIvxKFP5VHYyhvBxlwTrjSD8tdZJNFiZelHW/TRAT0uSfmgXBiXNThKVMNwwaCUp1R9QNbzFUhvnGyqrH8mQOYtHcZhPYAQOnUpJSYwBlyA4aIhAAgsPRZe1M5lEMn7ME6q6ERuQheGNmcNNqoxjrzIHbZjgTlprvdrzD7UPGNla7zcst torte@pluto + # DHCP + - vid: 40 + role: dhcp + prefix: 10.36.92.0/24 + ipv6_subprefix: 0 + inbound_filtering: true + enforce_client_isolation: true + assignments: + mela-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.36.70.0/27 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + mela-core: 1 # 10.36.70.1 + mela-switch-hinten: 2 # 10.36.70.2 + mela-switch-vorne: 3 # 10.36.70.3 + # Ubiquiti PTMP / PTP + mela-nw-5ghz: 4 # 10.36.70.4 + mela-ono-5ghz: 5 # 10.36.70.5 + mela-teufelsberg: 6 # 10.36.70.6 + # OpenWRT AP (Indoor) + mela-kanzel: 8 # 10.36.70.8 + # OpenWRT 802.11s APs (Nahfeld) + mela-n2: 9 # 10.36.70.9 + mela-o2: 10 # 10.36.70.10 + mela-s2: 11 # 10.36.70.11 + mela-w2: 12 # 10.36.70.12 + mela-n5: 13 # 10.36.70.13 + mela-o5: 14 # 10.36.70.14 + mela-s5: 15 # 10.36.70.15 diff --git a/locations/mlk-nk.yml b/locations/mlk-nk.yml index 564e1a10f..c74e4ab84 100644 --- a/locations/mlk-nk.yml +++ b/locations/mlk-nk.yml @@ -25,6 +25,7 @@ hosts: - hostname: mlk-nk-rhnk role: ap model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: dc:2c:6e:c4:1d:b4} snmp_devices: @@ -52,9 +53,7 @@ networks: name: mesh_nno_5 prefix: 10.31.69.33/32 ipv6_subprefix: -11 - mesh_metric: 1024 mesh_metric_lqm: ['default 0.6'] - ptp: true # Nanostation M5 - Airos 6 - Orientation Sonnenallee - vid: 12 @@ -62,9 +61,7 @@ networks: name: mesh_so_5 prefix: 10.31.69.34/32 ipv6_subprefix: -12 - mesh_metric: 1024 mesh_metric_lqm: ['default 0.7'] - ptp: true # 802.11s mesh links (VID 20-29) # 802.11s mesh nf - SXTsq5ac - Orientation Rhnk @@ -83,7 +80,6 @@ networks: name: mesh_nf_wbp2 prefix: 10.31.69.36/32 ipv6_subprefix: -21 - mesh_metric: 2048 mesh_ap: mlk-nk-nf-wbp2 mesh_radio: 11g_standard mesh_iface: mesh @@ -94,7 +90,6 @@ networks: name: mesh_nf_wbp3 prefix: 10.31.69.37/32 ipv6_subprefix: -22 - mesh_metric: 2048 mesh_ap: mlk-nk-nf-wbp3 mesh_radio: 11g_standard mesh_iface: mesh diff --git a/locations/muggel.yml b/locations/muggel.yml index 5925c7e7f..e51666c69 100644 --- a/locations/muggel.yml +++ b/locations/muggel.yml @@ -27,6 +27,9 @@ hosts: - hostname: muggel-core role: corerouter model: avm_fritzbox-4040 + host__packages__to_merge: + - kmod-usb-net-cdc-ether + - usb-modeswitch wireless_profile: muggel networks: @@ -62,6 +65,7 @@ networks: # We get at best ~25 Mbps over LTE (Telefonica O2) - vid: 50 untagged: true + ifname: eth1 role: uplink - role: tunnel @@ -80,31 +84,10 @@ networks: location__disabled_services__to_merge: - naywatch -# Use OpenSSL to get OWE Transition Mode working. -# Same variable name as in imageprofile.yml so that we overwrite it. -ssl__packages__to_merge: - - -wpad-basic - - -wpad-basic-mbedtls - - -wpad-basic-wolfssl - - -libustream-mbedtls - - libustream-openssl - - hostapd-openssl - # - px5g-openssl - # Standard open SSID with OWE Transition Mode. # For roaming between multiple APs, consider setting 80211w to optional (1). location__wireless_profiles__to_merge: - name: muggel - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - - radio: 11a_mesh - legacy_rates: false - country: DE ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/newyorck.yml b/locations/newyorck.yml index 7bc681ac7..c0a8d2aea 100644 --- a/locations/newyorck.yml +++ b/locations/newyorck.yml @@ -26,6 +26,7 @@ hosts: - hostname: newyorck-ap-1e - hostname: newyorck-ap-1f - hostname: newyorck-ap-1g + - hostname: newyorck-ap-1h - hostname: newyorck-ap-2a - hostname: newyorck-ap-2b - hostname: newyorck-ap-2c @@ -97,6 +98,7 @@ networks: newyorck-ap-1e: 9 newyorck-ap-1f: 10 newyorck-ap-1g: 11 + newyorck-ap-1h: 18 newyorck-ap-2a: 12 newyorck-ap-2b: 13 newyorck-ap-2c: 14 @@ -106,6 +108,7 @@ networks: - vid: 50 role: uplink + untagged: true - role: tunnel ifname: ts_wg0 @@ -127,6 +130,7 @@ location__channel_assignments_11a_standard__to_merge: newyorck-ap-1e: 36-20 newyorck-ap-1f: 44-20 newyorck-ap-1g: 48-20 + newyorck-ap-1h: 36-20 newyorck-ap-2a: 48-20 newyorck-ap-2b: 44-20 newyorck-ap-2c: 36-20 @@ -142,6 +146,7 @@ location__channel_assignments_11g_standard__to_merge: newyorck-ap-1e: 1-20 newyorck-ap-1f: 11-20 newyorck-ap-1g: 6-20 + newyorck-ap-1h: 1-20 newyorck-ap-2a: 6-20 newyorck-ap-2b: 11-20 newyorck-ap-2c: 1-20 @@ -153,14 +158,6 @@ location__wireless_profiles__to_merge: - name: newyorck - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/noki.yml b/locations/noki.yml index 78b138699..e53b23681 100644 --- a/locations/noki.yml +++ b/locations/noki.yml @@ -1,4 +1,16 @@ --- +# This ia a flexible test and mobile travel router setup that supports the following cases +# - Core router and optional AP to cover a larger area or to be able to position one of +# the devices in a spot that works better for a mesh connection +# - Private network (VID 43) without client isolation and filtering to allow communication +# between devices in the network +# - Host network (VLAN 41) to make devices accessible via the internet using a routed IPv6 +# network (requires firewall rules at gateways) +# - Internet uplink (VID 50, untagged) to provide easy internet connectivity by just +# connecting any network port of the setup to an existing internet connection via cable +# - Mesh on LAN (VID 30) to connect to another Freifunk installation via LAN +# - Two optional PtP antennas (VID 10 + 11) for long range ptp connections + location: noki # This is a test and mobile travel router, therefore it has no location location_nice: @@ -8,23 +20,15 @@ contact_nickname: 'Noki' contacts: - '@noki-:matrix.org' -dns_servers: - # quad9 - - 9.9.9.9 - - 149.112.112.112 - - 2620:fe::fe - - 2620:fe::9 - # cloudflare - - 1.1.1.1 - - 1.0.0.1 - - 2606:4700:4700::1111 - - 2606:4700:4700::1001 - hosts: - hostname: noki-core role: corerouter model: "dlink_dap-x1860-a1" wireless_profile: noki + - hostname: noki-ap + role: ap + model: "dlink_dap-x1860-a1" + wireless_profile: noki ipv6_prefix: '2001:bf7:830:1000::/56' @@ -41,11 +45,27 @@ ipv6_prefix: '2001:bf7:830:1000::/56' dhcp_no_ping: false networks: + # MESH - PtP antenna 1 + - vid: 10 + role: mesh + name: mesh_ptp_1 + prefix: 10.31.215.32/32 + ipv6_subprefix: -10 + ptp: true + + # MESH - PtP antenna 2 + - vid: 11 + role: mesh + name: mesh_ptp_2 + prefix: 10.31.215.33/32 + ipv6_subprefix: -11 + ptp: true + # MESH - 5 GHz 802.11s - vid: 20 role: mesh - name: mesh_5g - prefix: 10.31.215.33/32 + name: mesh_5g_core + prefix: 10.31.215.34/32 ipv6_subprefix: -20 mesh_ap: noki-core mesh_radio: 11a_standard @@ -54,21 +74,42 @@ networks: # MESH - 2.4 GHz 802.11s - vid: 21 role: mesh - name: mesh_2g - prefix: 10.31.215.34/32 + name: mesh_2g_core + prefix: 10.31.215.35/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: noki-core mesh_radio: 11g_standard mesh_iface: mesh + # MESH - AP - 5 GHz 802.11s + - vid: 22 + role: mesh + name: mesh_5g_ap + prefix: 10.31.215.36/32 + ipv6_subprefix: -22 + mesh_ap: noki-ap + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - AP - 2.4 GHz 802.11s + - vid: 23 + role: mesh + name: mesh_2g_ap + prefix: 10.31.215.37/32 + ipv6_subprefix: -23 + # make mesh_metric for 2GHz worse than 5GHz + mesh_metric_lqm: ['default 0.8'] + mesh_ap: noki-ap + mesh_radio: 11g_standard + mesh_iface: mesh + # MESH - LAN - vid: 30 role: mesh name: mesh_lan - prefix: 10.31.215.35/32 + prefix: 10.31.215.38/32 ipv6_subprefix: -30 # DHCP with filtering and isolation @@ -99,8 +140,10 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - # 10.31.215.1/32 - noki-core: 1 + noki-core: 1 # 10.31.215.1 + noki-ap: 2 # 10.31.215.2 + noki-ptp-1: 3 # 10.31.215.3 + noki-ptp-2: 3 # 10.31.215.3 # DHCP (PRIVATE) - vid: 43 @@ -112,7 +155,7 @@ networks: assignments: noki-core: 1 - # UPLK + # UPLK - 10.31.215.64/27 as /32 - vid: 50 role: uplink untagged: true @@ -120,37 +163,28 @@ networks: - role: tunnel ifname: ts_wg0 mtu: 1280 - prefix: 10.31.215.35/32 + prefix: 10.31.215.64/32 wireguard_port: 51820 - role: tunnel ifname: ts_wg1 mtu: 1280 - prefix: 10.31.215.36/32 + prefix: 10.31.215.65/32 wireguard_port: 51821 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: noki-core: 36-80 + noki-ap: 36-80 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: noki-core: 13-20 + noki-ap: 13-20 # Wireless profile location__wireless_profiles__to_merge: - name: noki - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - - radio: 11a_mesh - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: berlin.freifunk.net @@ -173,7 +207,7 @@ location__wireless_profiles__to_merge: - mode: ap ssid: noki encryption: sae-mixed - key: 'file:/root/wifi_pass' + key: 'file:/root/wifi-pwd' network: private radio: [11a_standard, 11g_standard] ifname_hint: pr @@ -181,7 +215,7 @@ location__wireless_profiles__to_merge: - mode: ap ssid: noki-host encryption: sae-mixed - key: 'file:/root/wifi_pass' + key: 'file:/root/wifi-pwd-host' network: host radio: [11a_standard, 11g_standard] ifname_hint: ho @@ -193,6 +227,19 @@ location__wireless_profiles__to_merge: mesh_fwding: 0 ifname_hint: mesh +# DNS Servers +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 + # SSH Keys ssh_keys: - comment: Noki diff --git a/locations/ohlauer.yml b/locations/ohlauer.yml index 81796cf16..b0e688be4 100644 --- a/locations/ohlauer.yml +++ b/locations/ohlauer.yml @@ -46,13 +46,13 @@ mesh_links: ifname: lan3.10 ipv4: 10.31.11.96/32 ipv6: 2001:bf7:830:8301::/128 - metric: 256 + mesh_metric: 128 ptp: true # Downlink IPv4 is in net announced by emma. # OLSR Announce SmartGateway -sgw: "100000 100000" +sgw: "1000000 1000000" # Tunnel metric 1024 as most internet uplinks will hardly reach 40MBit/s # 2001:bf7:830:8300::/56 is the base prefix diff --git a/locations/perle.yml b/locations/perle.yml index 2a78ccd99..aa0c03e7f 100644 --- a/locations/perle.yml +++ b/locations/perle.yml @@ -24,7 +24,7 @@ snmp_devices: address: 10.31.205.130 snmp_profile: airos_6 -ipv6_prefix: "2001:bf7:790:f00::/56" +ipv6_prefix: "2001:bf7:750:6800::/56" # got following prefixes: # Router: 10.31.205.128/27 @@ -58,7 +58,6 @@ networks: name: mesh_2g prefix: 10.31.205.138/32 ipv6_subprefix: -21 - mesh_metric: 1024 mesh_metric_lqm: ['default 0.5'] mesh_ap: perle-core mesh_radio: 11g_standard diff --git a/locations/philmel.yml b/locations/philmel.yml index d1c8b7831..23e999609 100644 --- a/locations/philmel.yml +++ b/locations/philmel.yml @@ -1,6 +1,6 @@ --- location: philmel -location_nice: Philipp-Melanchthon-Kirche +location_nice: Philipp-Melanchthon-Kirche, Kranoldstraße 16, 12051 Berlin latitude: 52.465881 longitude: 13.434112 altitude: 83 @@ -9,166 +9,227 @@ community: true hosts: - hostname: philmel-core role: corerouter - model: "linksys_e8450-ubi" + model: "mikrotik_routerboard-750gr3" wireless_profile: freifunk_default - - hostname: philmel-nord-m2 + + - hostname: philmel-nf-o-5ghz role: ap - model: "ubnt_nanostation-m2_xm" - wireless_profile: freifunk_default + model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: dc:2c:6e:c4:35:ed} + + - hostname: philmel-nf-s-5ghz # peers: GSBS2 + role: ap + model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: dc:2c:6e:c4:36:53} + + # - hostname: philmel-nf-w-5ghz + # role: ap + # model: "mikrotik_sxtsq-5-ac" + # mac_override: {eth0: TODO} snmp_devices: - - hostname: philmel-rhnk - address: 10.230.2.4 + - hostname: philmel-switch + address: 10.230.2.2 + snmp_profile: swos + + - hostname: philmel-klunker + address: 10.230.2.3 snmp_profile: af60 - - hostname: philmel-nord-5ghz + + - hostname: philmel-ak36 + address: 10.230.2.4 + snmp_profile: airos_8 + + - hostname: philmel-nw-60ghz + address: 10.230.2.5 + snmp_profile: mikrotik_60g + + - hostname: philmel-no-5ghz address: 10.230.2.6 snmp_profile: airos_8 - - hostname: philmel-ost + + - hostname: philmel-nw-5ghz address: 10.230.2.7 - snmp_profile: airos_6 - - hostname: philmel-vaterhaus + snmp_profile: airos_8 + + - hostname: philmel-o-5ghz address: 10.230.2.8 snmp_profile: airos_8 - - hostname: philmel-sued + + - hostname: philmel-s-5ghz address: 10.230.2.9 - snmp_profile: airos_6 - - hostname: philmel-sued-5ac - address: 10.230.2.10 snmp_profile: airos_8 - - hostname: philmel-west - address: 10.230.2.11 - snmp_profile: airos_6 - - hostname: philmel-ak36 - address: 10.230.2.12 + + - hostname: philmel-w-5ghz + address: 10.230.2.10 snmp_profile: airos_8 airos_dfs_reset: - name: "philmel-ak36" - target: "10.230.2.12" + target: "10.230.2.4" username: "ubnt" - password: "file:/root/pwd.txt" + password: "file:/root/pwd" daytime_limit: "2-7" - - name: "philmel-nord-5ac" + + - name: "philmel-no-5ghz" target: "10.230.2.6" username: "ubnt" - password: "file:/root/pwd.txt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "philmel-nw-5ghz" + target: "10.230.2.7" + username: "ubnt" + password: "file:/root/pwd" daytime_limit: "2-7" -# got following prefixes: -# Router: 10.230.2.0/24 -# --MGMT: 10.230.2.0/28 -# --MESH: 10.31.215.32/27 (-23) -# --DHCP: 10.230.2.32/28 + - name: "philmel-o-5ghz" + target: "10.230.2.8" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "philmel-s-5ghz" + target: "10.230.2.9" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "philmel-w-5ghz" + target: "10.230.2.10" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + +# ROUTER: 10.230.2.0/24 +# --MGMT: 10.230.2.0/27 +# --MESH: 10.230.2.32/27 +# --FREE: 10.230.2.64/26 +# --DHCP: 10.230.2.128/25 ipv6_prefix: "2001:bf7:820:1500::/56" networks: - - vid: 2 - role: dhcp - prefix: 10.230.2.32/28 - ipv6_subprefix: 0 - untagged: true - inbound_filtering: true - enforce_client_isolation: true - assignments: - philmel-core: 1 - - # northeast mesh 5GHz ac - vid: 10 role: mesh - name: mesh_no_5ghz # Peers: kiehlufer-core - prefix: 10.230.2.17/32 - ipv6_subprefix: -1 - mesh_metric: 1024 + name: mesh_klunker + prefix: 10.230.2.32/32 + ipv6_subprefix: -10 + ptp: true + mesh_metric: 256 - # northwest mesh 5GHz ac - vid: 11 role: mesh - name: mesh_nw_5ghz # Peers: liegewiese, sgfrd-core - prefix: 10.230.2.18/32 - ipv6_subprefix: -2 + name: mesh_ak36 + prefix: 10.230.2.33/32 + ipv6_subprefix: -11 + ptp: true mesh_metric: 1024 + mesh_metric_lqm: ['default 0.5'] - vid: 12 role: mesh - name: mesh_ost # Peers: Area51, delbrueck66 - prefix: 10.230.2.19/32 - ipv6_subprefix: -3 - mesh_metric: 1024 + name: mesh_nw_60ghz + prefix: 10.230.2.34/32 + ipv6_subprefix: -12 + # northeast mesh 5GHz ac - vid: 13 role: mesh - name: mesh_vaterhaus - prefix: 10.230.2.20/32 - ipv6_subprefix: -4 - mesh_metric: 1024 + name: mesh_no_5ghz + prefix: 10.230.2.35/32 + ipv6_subprefix: -13 + # northwest mesh 5GHz ac - vid: 14 role: mesh - name: mesh_sued # Peers: kranold18, GSBS2 - prefix: 10.230.2.21/32 - ipv6_subprefix: -5 - mesh_metric: 1024 + name: mesh_nw_5ghz + prefix: 10.230.2.36/32 + ipv6_subprefix: -14 - vid: 15 role: mesh - name: mesh_sued_5ghz - prefix: 10.230.2.22/32 - ipv6_subprefix: -6 - mesh_metric: 1024 + name: mesh_o_5ghz + prefix: 10.230.2.37/32 + ipv6_subprefix: -15 - vid: 16 role: mesh - name: mesh_west # Peers: emser97 - prefix: 10.230.2.23/32 - ipv6_subprefix: -7 - mesh_metric: 1024 + name: mesh_s_5ghz + prefix: 10.230.2.38/32 + ipv6_subprefix: -16 - vid: 17 role: mesh - name: mesh_ak36 - prefix: 10.230.2.24/32 - ipv6_subprefix: -8 - ptp: true - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.3'] # prefer klunker link + name: mesh_w_5ghz + prefix: 10.230.2.39/32 + ipv6_subprefix: -17 - - vid: 18 + - vid: 20 role: mesh - name: mesh_klunker - prefix: 10.230.2.25/32 - ipv6_subprefix: -9 - ptp: true - mesh_metric: 128 - - - vid: 19 + name: mesh_nf_o_5 + prefix: 10.230.2.40/32 + ipv6_subprefix: -20 + mesh_ap: philmel-nf-o-5ghz + mesh_radio: 11a_standard + mesh_iface: mesh + + - vid: 21 role: mesh - name: mesh_nw_60ghz - prefix: 10.230.2.26/32 - ipv6_subprefix: -10 - ptp: true - mesh_metric: 1024 + name: mesh_nf_s_5 + prefix: 10.230.2.41/32 + ipv6_subprefix: -21 + mesh_ap: philmel-nf-s-5ghz + mesh_radio: 11a_standard + mesh_iface: mesh + + # - vid: 22 + # role: mesh + # name: mesh_nf_w_5 + # prefix: 10.230.2.42/32 + # ipv6_subprefix: -22 + # mesh_ap: philmel-nf-w-5ghz + # mesh_radio: 11a_standard + # mesh_iface: mesh + + - vid: 40 + role: dhcp + prefix: 10.230.2.128/25 + ipv6_subprefix: 0 + untagged: true + inbound_filtering: true + enforce_client_isolation: true + assignments: + philmel-core: 1 - - vid: 42 + - vid: 438 role: mgmt - prefix: 10.230.2.0/28 + prefix: 10.230.2.0/27 gateway: 1 dns: 1 ipv6_subprefix: 1 assignments: philmel-core: 1 - philmel-switch-1: 2 - philmel-switch-2: 3 - philmel-klunker: 4 - philmel-no-5ghz: 5 - philmel-nw-5ghz: 6 - philmel-ost-legacy: 7 - philmel-vaterhaus: 8 - philmel-sued-legacy: 9 - philmel-sued-5ghz: 10 - philmel-ak36: 12 - philmel-west-legacy: 11 - philmel-nw-60ghz: 14 + philmel-switch: 2 + # PtP + philmel-klunker: 3 + philmel-ak36: 4 + # PtmP + philmel-nw-60ghz: 5 + philmel-no-5ghz: 6 + philmel-nw-5ghz: 7 + philmel-o-5ghz: 8 + philmel-s-5ghz: 9 + philmel-w-5ghz: 10 + # nearfield devices + philmel-nf-o-5ghz: 11 + philmel-nf-s-5ghz: 12 + # philmel-nf-w-5ghz: 13 # tbd + +location__channel_assignments_11a_standard__to_merge: + philmel-nf-o-5ghz: 40-20 + philmel-nf-s-5ghz: 36-20 + # philmel-nf-w-5ghz: 44-20 location__ssh_keys__to_merge: - comment: roedel diff --git a/locations/pktpls.yml b/locations/pktpls.yml index 1d89380de..6377f1e44 100644 --- a/locations/pktpls.yml +++ b/locations/pktpls.yml @@ -11,13 +11,17 @@ hosts: - hostname: pktpls-core role: corerouter model: "x86-64" + openwrt_version: snapshot -# feed: "src/gz openwrt_falter file:///home/user/w/ff/falter-packages/out/openwrt-23.05/x86_64/falter" +# Custom APK feed: snapshot +# feed: "file:///home/user/w/ff/falter-packages/out/main/x86_64/falter/packages.adb" +# feed_key: "/home/user/w/ff/falter-packages/tmp/main/x86_64/public-key.pem" +# +# Custom OPKG feed: 24.10-SNAPSHOT, 23.05-SNAPSHOT +# feed: "src/gz openwrt_falter file:///home/user/w/ff/falter-packages/out/openwrt-24.10/x86_64/falter" # imagebuilder_disable_signature_check: true location__packages__to_merge: - - -luci-mod-falter - - -falter-common - openssh-sftp-server # 10.31.174.128/26 - pktpls+bbb@systemli.org diff --git a/locations/q216.yml b/locations/q216.yml index 0e36c848c..06ffa1744 100644 --- a/locations/q216.yml +++ b/locations/q216.yml @@ -20,6 +20,7 @@ hosts: role: ap model: "mikrotik_sxtsq-5-ac" wireless_profile: freifunk_default + mac_override: {eth0: dc:2c:6e:91:08:1b} snmp_devices: - hostname: q216-switch @@ -111,14 +112,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: q216 - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/radbahn.yml b/locations/radbahn.yml deleted file mode 100644 index 159acbc77..000000000 --- a/locations/radbahn.yml +++ /dev/null @@ -1,154 +0,0 @@ ---- - -location: radbahn -location_nice: Radbahn Testfeld -latitude: 52.49917 -longitude: 13.42431 -contact_nickname: Stadtfunk gGmbH -contacts: - - noc@stadtfunk.net - -hosts: - - - hostname: radbahn-core - role: corerouter - model: ubnt_usw-flex - - - hostname: radbahn-o-nf - role: ap - model: zyxel_nwa55axe - wireless_profile: radbahn - - - hostname: radbahn-w-nf - role: ap - model: zyxel_nwa55axe - wireless_profile: radbahn - -snmp_devices: - - - hostname: radbahn-emma - address: 10.31.251.2 - snmp_profile: mikrotik_60g - -# 10.31.248.240/28 -# 10.31.248.240/29 - mgmt -# 10.31.248.248/29 - mesh -# 10.31.251.0/24 - dhcp -ipv6_prefix: 2001:bf7:830:c000::/56 - -networks: - - - vid: 10 - name: mesh_emma - role: mesh - prefix: 10.31.248.248/32 - ipv6_subprefix: -10 - ptp: true - - - vid: 20 - name: mesh_o_nf2 - role: mesh - prefix: 10.31.248.249/32 - ipv6_subprefix: -20 - mesh_ap: radbahn-o-nf - mesh_radio: 11g_standard - mesh_iface: mesh - - - vid: 21 - name: mesh_o_nf5 - role: mesh - prefix: 10.31.248.250/32 - ipv6_subprefix: -21 - mesh_ap: radbahn-o-nf - mesh_radio: 11a_standard - mesh_iface: mesh - - - vid: 22 - name: mesh_w_nf2 - role: mesh - prefix: 10.31.248.251/32 - ipv6_subprefix: -22 - mesh_ap: radbahn-w-nf - mesh_radio: 11g_standard - mesh_iface: mesh - - - vid: 23 - name: mesh_w_nf5 - role: mesh - prefix: 10.31.248.252/32 - ipv6_subprefix: -23 - mesh_ap: radbahn-w-nf - mesh_radio: 11a_standard - mesh_iface: mesh - - - vid: 40 - name: dhcp - role: dhcp - prefix: 10.31.251.0/24 - ipv6_subprefix: 0 - assignments: - radbahn-core: 1 - - - vid: 42 - name: mgmt - role: mgmt - prefix: 10.31.248.240/29 - ipv6_subprefix: 1 - gateway: 1 - dns: 1 - assignments: - radbahn-core: 1 - radbahn-emma: 2 - radbahn-o-nf: 3 - radbahn-w-nf: 4 - -location__channel_assignments_11a_standard__to_merge: - radbahn-o-nf: 36-40 - radbahn-w-nf: 44-40 - -location__channel_assignments_11g_standard__to_merge: - radbahn-o-nf: 9-20 - radbahn-w-nf: 13-20 - -location__wireless_profiles__to_merge: - - name: radbahn - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - - radio: 11a_mesh - legacy_rates: false - country: DE - - ifaces: - - mode: ap - ssid: berlin.freifunk.net - encryption: none - network: dhcp - radio: [11a_standard, 11g_standard] - ifname_hint: ff - - - mode: ap - ssid: radbahn.freifunk.berlin - encryption: none - network: dhcp - radio: [11a_standard, 11g_standard] - ifname_hint: ffcust - - - mode: ap - ssid: berlin.freifunk.net Encrypted - encryption: owe - network: dhcp - radio: [11a_standard, 11g_standard] - ifname_hint: ffowe - ieee80211w: 1 - - - mode: mesh - mesh_id: Mesh-Freifunk-Berlin - radio: [11a_standard, 11g_standard, 11a_mesh] - mcast_rate: 12000 - mesh_fwding: 0 - ifname_hint: mesh diff --git a/locations/rauchhaus.yml b/locations/rauchhaus.yml index abc22e3cb..1054d3da3 100644 --- a/locations/rauchhaus.yml +++ b/locations/rauchhaus.yml @@ -138,14 +138,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: rauchhaus - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/rev99.yml b/locations/rev99.yml index ae02ce6ca..b790eb12a 100644 --- a/locations/rev99.yml +++ b/locations/rev99.yml @@ -52,8 +52,7 @@ networks: name: mesh_2g prefix: 10.31.214.138/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: rev99-core mesh_radio: 11g_standard diff --git a/locations/rhnk.yml b/locations/rhnk.yml index de203cf89..da5895720 100644 --- a/locations/rhnk.yml +++ b/locations/rhnk.yml @@ -1,6 +1,6 @@ --- location: rhnk -location_nice: Rathaus Neukoelln +location_nice: "Rathaus Neukölln, Karl-Marx-Straße 83, 12043 Berlin" latitude: 52.481380 longitude: 13.435078 altitude: 90 @@ -30,6 +30,9 @@ hosts: eth0: 2c:c8:1b:6b:e7:31 snmp_devices: + - hostname: rhnk-switch + address: 10.31.153.2 + snmp_profile: swos - hostname: rhnk-rhxb address: 10.31.153.11 @@ -67,6 +70,31 @@ snmp_devices: address: 10.31.153.26 snmp_profile: af60 +airos_dfs_reset: + - name: "rhnk-no-5ghz" + target: "10.31.153.20" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "rhnk-wsw-5ghz" + target: "10.31.153.21" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "rhnk-ssw-5ghz" + target: "10.31.153.23" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "rhnk-nno-5ghz" + target: "10.31.153.25" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + # TODO: delete these old addresses: # - mgmt: 10.31.152.128/27 # - nanobridges: 10.230.44.0/29 @@ -92,6 +120,7 @@ networks: name: mesh_klunker60 prefix: 10.230.3.14/32 ipv6_subprefix: -14 + mesh_metric: 128 ptp: true - vid: 15 @@ -119,6 +148,7 @@ networks: role: mesh name: mesh_wsw_60 prefix: 10.230.3.22/32 + mesh_metric: 128 ipv6_subprefix: -22 - vid: 23 @@ -131,6 +161,7 @@ networks: role: mesh name: mesh_oso_60 prefix: 10.230.3.24/32 + mesh_metric: 128 ipv6_subprefix: -24 - vid: 25 @@ -146,6 +177,7 @@ networks: role: mesh name: mesh_nno_60ghz prefix: 10.230.3.26/32 + mesh_metric: 128 ipv6_subprefix: -26 - vid: 32 @@ -182,40 +214,40 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - # Belkin RT3200 / Linksys E8450 (UBI) + # Routerboard 750gr3 rhnk-core: 1 - # Mikrotik CRS328-24P-4S+RM - SwitchOS 2.13 + # Mikrotik CRS328-24P-4S+RM - SwitchOS rhnk-switch: 2 - # AirFiber 60-LR - Firmware 3.3.0-BETA2 + # AirFiber 60-LR rhnk-rhxb: 11 - # Mikrotik Cube 60 Pro - RouterOS 7.7 + # Mikrotik Cube 60 Pro rhnk-klunker-60ghz: 14 - # Powerbeam 5AC 400 ISO - AirOS 8.7.11 + # Powerbeam 5AC 400 ISO rhnk-emma: 15 - # Rocket 5AC Lite - AirOS 8.7.11 + # Rocket 5AC Lite rhnk-no-5ghz: 20 - # Rocket 5AC Lite - AirOS 8.7.11 + # Rocket 5AC Lite rhnk-wsw-5ghz: 21 - # Airfiber LR - Firmware 3.3.0-BETA2 + # Airfiber LR rhnk-wsw-60ghz: 22 - # Rocket 5AC Lite - AirOS 8.7.11 + # Rocket 5AC Lite rhnk-ssw-5ghz: 23 - # Wave AP - Firmware 3.3.0-BETA2 + # Wave AP rhnk-oso-60ghz: 24 - # Rocket 5AC Lite - AirOS 8.7.11 + # Rocket 5AC Lite rhnk-nno-5ghz: 25 - # Wave AP - Firmware 3.3.0-BETA2 + # Wave LR rhnk-nno-60ghz: 26 # SXTsq 5 ac - OpenWrt diff --git a/locations/rigaer78.yml b/locations/rigaer78.yml index 48daaa028..80c8078bd 100644 --- a/locations/rigaer78.yml +++ b/locations/rigaer78.yml @@ -53,12 +53,15 @@ hosts: - hostname: rigaer78-back-floor-2-kitchen role: ap model: "avm_fritzbox-4040" - port_untag: {40: [lan1, lan2, lan3]} + host__rclocal__to_merge: + - | + # Untag DHCP on some ports + uci set network.vlan_40.ports='lan1:t lan2 lan3 lan4 wan' + uci commit network; reload_config - hostname: rigaer78-back-floor-3-left role: ap model: "siemens_ws-ap3610" - port_untag: {40: [lan1, lan2, lan3]} - hostname: rigaer78-back-floor-3-right role: ap @@ -72,6 +75,11 @@ hosts: role: ap model: "avm_fritzbox-7530" port_untag: {40: [lan1, lan2, lan3]} + host__rclocal__to_merge: + - | + # Untag DHCP on some ports + uci set network.vlan_40.ports='lan1:t lan2 lan3 lan4' + uci commit network; reload_config - hostname: rigaer78-east-2ghz role: ap @@ -179,8 +187,8 @@ location__channel_assignments_11g_standard__to_merge: rigaer78-west-2ghz: 6-20 # house installation - rigaer78-back-front-4-right: 1-20 - rigaer78-back-front-4-left: 6-20 + rigaer78-front-floor-4-right: 1-20 + rigaer78-front-floor-4-left: 6-20 rigaer78-back-floor-4-right: 1-20 rigaer78-back-floor-4-left: 11-20 @@ -198,8 +206,8 @@ location__channel_assignments_11a_standard__to_merge: rigaer78-west-5ghz: 44-20 # house installation - rigaer78-back-front-4-right: 40-20 - rigaer78-back-front-4-left: 36-20 + rigaer78-front-floor-4-right: 40-20 + rigaer78-front-floor-4-left: 36-20 rigaer78-back-floor-4-right: 40-20 rigaer78-back-floor-4-left: 36-20 @@ -211,7 +219,3 @@ location__channel_assignments_11a_standard__to_merge: rigaer78-back-floor-1-right: 44-20 rigaer78-back-floor-1-left: 40-20 rigaer78-back-floor-0-garage: 36-20 - -# Special vlan config: -# rigaer78-back-floor-4-right 40: 0t 1t 2 3 4 -# rigaer78-back-floor-2-kitchen 40: 0t 1t 2 3 4 diff --git a/locations/rio.yml b/locations/rio.yml index c1a77658d..9dab57dbb 100644 --- a/locations/rio.yml +++ b/locations/rio.yml @@ -64,7 +64,6 @@ networks: name: mesh_rio prefix: 10.31.134.18/32 ipv6_subprefix: -3 - mesh_metric: 2048 mesh_ap: rio-sxt mesh_radio: 11a_standard mesh_iface: mesh @@ -74,7 +73,6 @@ networks: name: mesh_ubnt prefix: 10.31.134.19/32 ipv6_subprefix: -4 - mesh_metric: 2048 mesh_ap: rio-ubnt mesh_radio: 11a_standard mesh_iface: mesh diff --git a/locations/saarbruecker.yml b/locations/saarbruecker.yml index 2af8ea4f9..aafcdc248 100644 --- a/locations/saarbruecker.yml +++ b/locations/saarbruecker.yml @@ -8,7 +8,9 @@ community: true hosts: - hostname: saarbruecker-gw role: gateway - model: "ubnt_edgerouter-4" + model: "protectli_vps6630" + host__packages__to_merge: + - naywatch snmp_devices: - hostname: saarbruecker-sw @@ -28,15 +30,15 @@ snmp_devices: address: 10.31.83.53 snmp_profile: airos_8 -ipv6_prefix: 2001:bf7:760:2201::/56 +ipv6_prefix: 2001:bf7:760:2200::/56 uplink: - ifname: lan3 + ifname: eth5 ipv4: 176.74.57.43/31 ipv6: 2a04:d480:2001::1/127 mgmt: - ifname: lan0.42 + ifname: eth4.42 ipv4: 10.31.83.49/29 ipv6: 2001:bf7:760:2201::/64 assignments: @@ -49,24 +51,24 @@ mgmt: # Mesh Network: 10.31.83.56/30 mesh_links: - name: mesh_hds - ifname: lan0.10 + ifname: eth4.10 ipv4: 10.31.83.56/32 ipv6: 2001:bf7:760:2200::1/128 - metric: 128 + mesh_metric: 128 ptp: true - name: mesh_sama - ifname: lan0.11 + ifname: eth4.11 ipv4: 10.31.83.57/32 ipv6: 2001:bf7:760:2200::2/128 - metric: 128 + mesh_metric: 128 ptp: true - name: mesh_segen - ifname: lan0.12 + ifname: eth4.12 ipv4: 10.31.83.58/32 ipv6: 2001:bf7:760:2200::3/128 - metric: 128 + mesh_metric: 128 ptp: true # Downlink IPv4 is in net announced by emma. diff --git a/locations/sama.yml b/locations/sama.yml index fa816e339..c61fee1dd 100644 --- a/locations/sama.yml +++ b/locations/sama.yml @@ -13,25 +13,25 @@ hosts: role: corerouter model: "linksys_e8450-ubi" - - hostname: sama-nord-5ghz + - hostname: sama-nord-nf-5ghz role: ap model: "mikrotik_sxtsq-5-ac" mac_override: eth0: 08:55:31:54:63:18 - - hostname: sama-ost-5ghz + - hostname: sama-ost-nf-5ghz role: ap model: "mikrotik_sxtsq-5-ac" mac_override: eth0: 08:55:31:54:63:14 - - hostname: sama-sued-5ghz + - hostname: sama-sued-nf-5ghz role: ap model: "mikrotik_sxtsq-5-ac" mac_override: eth0: 08:55:31:54:63:0E - - hostname: sama-west-5ghz + - hostname: sama-west-nf-5ghz role: ap model: "mikrotik_sxtsq-5-ac" mac_override: @@ -108,12 +108,12 @@ networks: sama-core: 1 sama-poe-1: 2 sama-poe-2: 3 - # 6-15 (Local APs) + # 6-15 (Local APs / OpenWRT) sama-nord-nf-5ghz: 10 sama-ost-nf-5ghz: 11 sama-sued-nf-5ghz: 12 sama-west-nf-5ghz: 13 - # 16-31 (BBB) + # 16-31 (BBB / Ubiquiti) sama-nord-5ghz: 20 sama-ost-5ghz: 21 sama-sued-5ghz: 22 diff --git a/locations/sav.yml b/locations/sav.yml new file mode 100644 index 000000000..61e38af85 --- /dev/null +++ b/locations/sav.yml @@ -0,0 +1,121 @@ +--- + +location: sav +location_nice: Rotherstraße 16, 10245 Berlin +latitude: 52.504016671 +longitude: 13.449078798 +altitude: 89 +contact_nickname: 'Jammingblub' +contacts: + - 'freifunk@sva.de' + +# ROUTER: 10.31.174.240/28 +# --MGMT: 10.31.174.240/30 +# --MESH: 10.31.174.244/30 +# --DHCP: 10.31.174.248/30 + +ipv6_prefix: 2001:bf7:830:ae00::/56 + +hosts: + - hostname: sav-core + role: corerouter + model: "mikrotik_routerboard-750gr3" + host__rclocal__to_merge: + - '#' + - '# This script adjusts the configuration of vlans. This is especially' + - '# useful with uswflex and custom port configs' + - '#' + - ' ' + - '. /lib/functions.sh' + - ' ' + - 'handle_vlans() {' + - ' # untag the vlans on different ports based on their id' + - ' local uci_section="$1"' + - ' ' + - ' config_get vlan "$uci_section" vlan' + - ' config_get ports "$uci_section" ports' + - ' ' + - ' ' + - ' case "$vlan" in' + - ' 10)' + - ' # untag payload traffic for Wave to Emma' + - " port_config='wan lan2:t lan3:t lan4:t lan5:t' ;;" + - ' 40)' + - ' # untag DHCP on port 2' + - " port_config='wan:t lan2 lan3:t lan4:t lan5:t' ;;" + - ' 50)' + - ' # untag port 3 for local backup uplink' + - " port_config='wan:t lan2:t lan3 lan4:t lan5:t' ;;" + - ' *)' + - ' # do nothing for the other vlans' + - ' return' + - ' esac' + - ' ' + - ' # abort if config is applied already' + - ' if [ "$ports" = "$port_config" ]; then' + - ' printf "Vlan %d applied already.\n" "$vlan"' + - ' return' + - ' fi' + - ' ' + - ' printf "Port number: %d\n" "$vlan"' + - ' printf "Port config: %s\n" "$port_config"' + - ' ' + - ' printf "Configuring %s... " "$uci_section"' + - ' uci_set network "$uci_section" ports "$port_config"' + - ' printf "Done.\n"' + - '}' + - ' ' + - 'config_load network' + - ' ' + - 'config_foreach handle_vlans "bridge-vlan"' + - ' ' + - 'uci commit network' + - 'sync' + - 'reload_config' + +snmp_devices: + - hostname: sav-emma + address: 10.31.174.242 + snmp_profile: af60 + +networks: + - vid: 10 + role: mesh + name: mesh_emma + prefix: 10.31.174.244/32 + ipv6_subprefix: -10 + mesh_metric: 128 + + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.174.248/30 + ipv6_subprefix: -40 + assignments: + sav-core: 1 + + - vid: 42 + role: mgmt + prefix: 10.31.174.240/30 + ipv6_subprefix: 0 + gateway: 1 + dns: 1 + assignments: + sav-core: 1 + sav-emma: 2 + + - vid: 50 + role: uplink + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.31.174.245/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.31.174.246/32 + wireguard_port: 51821 diff --git a/locations/scharni.yml b/locations/scharni.yml index 93b8e5a94..935274a8d 100644 --- a/locations/scharni.yml +++ b/locations/scharni.yml @@ -58,13 +58,13 @@ networks: prefix: 10.31.252.192/32 ipv6_subprefix: -2 ptp: true + mesh_metric: 128 - vid: 11 role: mesh name: mesh_zwingli prefix: 10.31.252.193/32 ipv6_subprefix: -3 - mesh_metric: 512 ptp: true - vid: 20 @@ -72,7 +72,6 @@ networks: name: mesh_ap3 prefix: 10.31.252.194/32 ipv6_subprefix: -4 - mesh_metric: 2048 mesh_ap: scharni-ap3 mesh_radio: 11a_standard mesh_iface: mesh diff --git a/locations/segen.yml b/locations/segen.yml index bf952119c..0df52d69b 100644 --- a/locations/segen.yml +++ b/locations/segen.yml @@ -223,7 +223,6 @@ networks: name: mesh_11s_n2 prefix: 10.31.6.72/32 ipv6_subprefix: -9 - mesh_metric: 1024 mesh_metric_lqm: ['default 0.4'] mesh_ap: segen-n-nf-2ghz mesh_radio: 11g_standard @@ -234,7 +233,6 @@ networks: name: mesh_11s_o2 prefix: 10.31.6.73/32 ipv6_subprefix: -10 - mesh_metric: 1024 mesh_metric_lqm: ['default 0.4'] mesh_ap: segen-o-nf-2ghz mesh_radio: 11g_standard @@ -245,7 +243,6 @@ networks: name: mesh_11s_s2 prefix: 10.31.6.74/32 ipv6_subprefix: -11 - mesh_metric: 1024 mesh_metric_lqm: ['default 0.4'] mesh_ap: segen-s-nf-2ghz mesh_radio: 11g_standard @@ -256,7 +253,6 @@ networks: name: mesh_11s_w2 prefix: 10.31.6.75/32 ipv6_subprefix: -12 - mesh_metric: 1024 mesh_metric_lqm: ['default 0.4'] mesh_ap: segen-w-nf-2ghz mesh_radio: 11g_standard diff --git a/locations/simeon.yml b/locations/simeon.yml index 8ba9c427e..a0fd32975 100644 --- a/locations/simeon.yml +++ b/locations/simeon.yml @@ -11,11 +11,18 @@ hosts: - hostname: simeon-core role: corerouter - model: "avm_fritzbox-7530" - wireless_profile: freifunk_default + model: "ubnt_edgerouter-x" + poe_on: [] + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 + snmp_devices: + - hostname: simeon-switch + address: 10.31.104.130 + snmp_profile: edgeswitch + - hostname: simeon-mgh address: 10.31.104.131 snmp_profile: airos_8 @@ -55,31 +62,30 @@ networks: role: mesh name: mesh_mgh prefix: 10.31.51.136/32 - ipv6_subprefix: -1 + ipv6_subprefix: -10 - vid: 11 role: mesh name: mesh_nord prefix: 10.31.51.137/32 - ipv6_subprefix: -2 + ipv6_subprefix: -11 - vid: 12 role: mesh name: mesh_emma prefix: 10.31.51.138/32 - ipv6_subprefix: -3 + ipv6_subprefix: -12 - vid: 13 role: mesh - name: mesh_rhx + name: mesh_rhxb prefix: 10.31.51.139/32 - ipv6_subprefix: -4 + ipv6_subprefix: -13 - vid: 40 role: dhcp prefix: 10.31.104.0/25 ipv6_subprefix: 0 - untagged: true inbound_filtering: true enforce_client_isolation: true assignments: @@ -93,8 +99,8 @@ networks: ipv6_subprefix: 1 assignments: simeon-core: 1 - simeon-poe-switch: 2 + simeon-switch: 2 simeon-mgh: 3 simeon-nord: 4 simeon-emma: 5 - simeon-rhx: 6 + simeon-rhxb: 6 diff --git a/locations/ska95.yml b/locations/ska95.yml index 3ec1bf349..9edb16d81 100644 --- a/locations/ska95.yml +++ b/locations/ska95.yml @@ -19,10 +19,11 @@ dns_servers: - 2606:4700:4700::1111 - 2606:4700:4700::1001 -# 10.36.8.0/25 +# ROUTER: 10.36.8.0/25 # --MGMT: 10.31.8.0/28 # --MESH: 10.31.8.16/28 # --DHCP: 10.36.8.64/26 +# --FREE: 10.31.8.32/27 ipv6_prefix: "2001:bf7:830:700::/56" @@ -30,20 +31,26 @@ hosts: - hostname: ska95-core role: corerouter model: tplink_tl-wdr3600-v1 - wireless_profile: freifunk_default + - hostname: ska95-schoolyard role: ap model: ubnt_nanostation-m2_xm + - hostname: ska95-cortile role: ap - model: ubnt_bullet-m-ar7241 + model: ubnt_bullet-m2-ar7241 + +snmp_devices: + - hostname: ska95-emma + address: 10.31.8.2 + snmp_profile: airos_6 networks: - vid: 10 role: mesh name: mesh_emma prefix: 10.31.8.16/32 - ipv6_subprefix: -1 + ipv6_subprefix: -10 - vid: 40 role: dhcp @@ -71,7 +78,6 @@ networks: ska95-cortile: 3 ska95-schoolyard: 4 -snmp_devices: - - hostname: ska95-emma - address: 10.31.8.2 - snmp_profile: airos_6 +location__channel_assignments_11g_standard__to_merge: + ska95-schoolyard: 10-20 + ska95-cortile: 10-20 diff --git a/locations/spitta13.yml b/locations/spitta13.yml index ce918a783..2d7c6a2d5 100644 --- a/locations/spitta13.yml +++ b/locations/spitta13.yml @@ -22,10 +22,12 @@ hosts: - hostname: spitta13-nf-o role: ap model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: dc:2c:6e:c4:2a:7f} - hostname: spitta13-nf-w role: ap model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: dc:2c:6e:91:08:e3} snmp_devices: - hostname: spitta13-switch @@ -51,7 +53,7 @@ airos_dfs_reset: password: "/root/pwd.txt" daytime_limit: "3-6" -ipv6_prefix: "2001:bf7:860:1100::/56" +ipv6_prefix: "2001:bf7:860:1000::/56" networks: @@ -86,7 +88,6 @@ networks: mesh_radio: 11g_standard mesh_iface: mesh mesh_metric_lqm: ['default 0.3'] # prefer 5 GHz mesh - mesh_metric: 1024 - vid: 21 role: mesh diff --git a/locations/stadalbert.yml b/locations/stadalbert.yml index 28ddfaab4..623e283af 100644 --- a/locations/stadalbert.yml +++ b/locations/stadalbert.yml @@ -41,6 +41,7 @@ hosts: - hostname: stadalbert-nf-roof role: ap model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: dc:2c:6e:91:09:09} snmp_devices: - hostname: stadalbert-segen @@ -132,14 +133,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: stadalbert - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/strom.yml b/locations/strom.yml index a10fca8aa..05207f993 100644 --- a/locations/strom.yml +++ b/locations/strom.yml @@ -79,14 +79,14 @@ mesh_links: ifname: eth0.1310 ipv4: 10.31.48.2/32 ipv6: 2001:bf7:750:2a02::/128 - metric: 128 + mesh_metric: 128 # This interface is IPv4 only - name: mesh_bbbvpn ifname: eth0.1312 ipv4: 10.31.48.3/32 # ipv6: 2001:bf7:750:2a03::/128 - metric: 1024 + mesh_metric: 1024 ptp: true - name: mesh_no diff --git a/locations/suedblock.yml b/locations/suedblock.yml index dd2577d1b..eaae4c0a0 100644 --- a/locations/suedblock.yml +++ b/locations/suedblock.yml @@ -4,9 +4,9 @@ location_nice: Suedblock latitude: 52.498599118 longitude: 13.416844010 altitude: 33 -contact_nickname: '365ff' +contact_nickname: Stadtfunk gGmbH contacts: - - '365ff [ät] systemli [dot] org' + - noc@stadtfunk.net location__ssh_keys__to_merge: - comment: narfpeng @@ -16,17 +16,23 @@ hosts: - hostname: suedblock-core role: corerouter - model: "avm_fritzbox-4040" + model: "cudy_x6-v1" wireless_profile: freifunk_default dhcp_no_ping: false + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 +# 10.248.13.0/24 +# 10.248.13.0/29 - mgmt +# 10.248.13.8/29 - mesh +# 10.248.13.128/25 - dhcp ipv6_prefix: "2001:bf7:830:b100::/56" networks: - vid: 42 role: mgmt - prefix: 10.31.15.196/32 + prefix: 10.248.13.0/29 gateway: 1 dns: 1 ipv6_subprefix: 1 @@ -35,7 +41,7 @@ networks: - vid: 40 role: dhcp - prefix: 10.31.172.128/25 + prefix: 10.248.13.128/25 ipv6_subprefix: 0 inbound_filtering: true enforce_client_isolation: true @@ -49,11 +55,11 @@ networks: - role: tunnel ifname: ts_wg0 mtu: 1280 - prefix: 10.31.172.32/32 + prefix: 10.248.13.8/32 wireguard_port: 51820 - role: tunnel ifname: ts_wg1 mtu: 1280 - prefix: 10.31.172.33/32 + prefix: 10.248.13.9/32 wireguard_port: 51821 diff --git a/locations/t1.yml b/locations/t1.yml new file mode 100644 index 000000000..bf83a03c2 --- /dev/null +++ b/locations/t1.yml @@ -0,0 +1,96 @@ +--- +location: t1 +location_nice: Türschmidtstr. 1, 10317 Berlin +latitude: 52.5026366 +longitude: 13.4758561 +altitude: 48 +height: 20 +contact_nickname: T1 Kollektiv +contacts: + - noc@stadtfunk.net + +hosts: + - hostname: t1-core + role: corerouter + model: "tplink_eap225-outdoor-v1" + wireless_profile: freifunk_default + wifi_roaming: true + + - hostname: t1-nf-n + role: ap + model: "tplink_eap225-outdoor-v1" + wifi_roaming: true + + - hostname: t1-nf-w + role: ap + model: "mikrotik_sxtsq-5-ac" + mac_override: + eth0: DC:2C:6E:C4:1A:5D + wifi_roaming: true + +snmp_devices: + - hostname: t1-switch + address: 10.248.1.2 + snmp_profile: edgeswitch + + - hostname: t1-zwingli + address: 10.248.1.3 + snmp_profile: airos_8 + + - hostname: t1-ap-no + address: 10.248.1.4 + snmp_profile: airos_8 + +# ROUTER: 10.248.1.0/25 +# --MGMT: 10.248.1.0/28 +# --MESH: 10.248.1.16/28 +# --DHCP: 10.248.1.64/26 +# --FREE: 10.248.1.32/27 + +ipv6_prefix: "2001:bf7:860:1400::/56" + +networks: + - vid: 10 + role: mesh + name: mesh_zwingli + prefix: 10.248.1.16/32 + ipv6_subprefix: -10 + ptp: true + + - vid: 11 + role: mesh + name: mesh_ap_no + prefix: 10.248.1.17/32 + ipv6_subprefix: -11 + + - vid: 40 + role: dhcp + prefix: 10.248.1.64/26 + ipv6_subprefix: 0 + inbound_filtering: true + enforce_client_isolation: true + assignments: + t1-core: 1 + + - vid: 42 + role: mgmt + prefix: 10.248.1.0/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + t1-core: 1 + t1-switch: 2 + t1-zwingli: 3 + t1-ap-no: 4 + t1-nf-n: 6 + t1-nf-w: 7 + +location__channel_assignments_11a_standard__to_merge: + t1-core: 40-20 + t1-nf-n: 36-20 + t1-nf-w: 44-20 + +location__channel_assignments_11g_standard__to_merge: + t1-core: 1-20 + t1-nf-n: 13-20 diff --git a/locations/tempelwg.yml b/locations/tempelwg.yml new file mode 100644 index 000000000..a3c6a8dd4 --- /dev/null +++ b/locations/tempelwg.yml @@ -0,0 +1,150 @@ +--- +location: tempelwg +location_nice: U-Alt Tempelhof +latitude: 52.465551 +longitude: 13.38598 +contacts: + - "@nick:matrix.riotcat.org" + +hosts: + - hostname: tempelwg-core + role: corerouter + model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:db:59:cb} + wireless_profile: tempelwg + + - hostname: tempelwg-ap-tini + role: ap + model: "totolink_a7000r" + wireless_profile: tempelwg + +ipv6_prefix: "2001:bf7:810:1500::/56" + +dhcp_no_ping: false + +# Reserved Prefixes: +# 10.248.17.0/26, 2001:bf7:810:1500::/56 +# MGMT: 10.248.17.0/28 +# MESH: 10.248.17.16/28 +# DHCP: 10.248.17.32/27 + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.248.17.16/32 + ipv6_subprefix: -20 + mesh_ap: tempelwg-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.248.17.17/32 + ipv6_subprefix: -21 + # make mesh_metric for 2GHz worse than 5GHz + mesh_metric_lqm: ['default 0.8'] + mesh_ap: tempelwg-core + mesh_radio: 11g_standard + mesh_iface: mesh + + - vid: 42 + role: mgmt + prefix: 10.248.17.0/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + tempelwg-core: 1 + tempelwg-ap-tini: 2 + + - vid: 40 + role: dhcp + prefix: 10.248.17.32/27 + ipv6_subprefix: 0 + inbound_filtering: true + enforce_client_isolation: true + assignments: + tempelwg-core: 1 + + - vid: 50 + name: prdhcp + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.17.18/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.17.19/32 + wireguard_port: 51821 + +location__channel_assignments_11g_standard__to_merge: + tempelwg-core: 13-20 + tempelwg-ap-tini: 1-20 + +location__channel_assignments_11a_standard__to_merge: + tempelwg-core: 36-40 + tempelwg-ap-tini: 48-40 + +location__wireless_profiles__to_merge: + - name: tempelwg + ifaces: + - mode: ap + ssid: berlin.freifunk.net + encryption: none + network: dhcp + radio: [11a_standard, 11g_standard] + ifname_hint: ff + owe_transition_ifname_hint: ffowe + + - mode: ap + ssid: berlin.freifunk.net OWE + hidden: true + encryption: owe + network: dhcp + radio: [11a_standard, 11g_standard] + ifname_hint: ffowe + owe_transition_ifname_hint: ff + ieee80211w: 1 + + - mode: ap + ssid: o2-WLAN68 + encryption: sae-mixed + key: 'file:/root/wifi_pass' + network: prdhcp + radio: [11a_standard, 11g_standard] + ifname_hint: pr + + - mode: mesh + mesh_id: Mesh-Freifunk-Berlin + radio: [11a_standard, 11g_standard] + mcast_rate: 12000 + mesh_fwding: 0 + ifname_hint: mesh + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 + +# only place this ssh-keys +ssh_keys: + - comment: Nick + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrryeA5Nj8TJzX0hjujDQvrrBRpDFjhGJKn297zhoij nick@systemli.org diff --git a/locations/teufelsberg.yml b/locations/teufelsberg.yml index b5f445053..f1994b5aa 100644 --- a/locations/teufelsberg.yml +++ b/locations/teufelsberg.yml @@ -1,52 +1,44 @@ --- location: teufelsberg -location_nice: Teufelsberg +location_nice: Teufelsberg, Teufelsseechaussee 10, 14193 Berlin latitude: 52.49800 longitude: 13.24052 altitude: 151 community: true -# 10.31.213.0/24 +# ROUTER: 10.31.213.0/24 # --MGMT: 10.31.213.0/26 # --MESH: 10.31.213.64/26 # --DHCP: 10.31.213.128/25 + ipv6_prefix: "2001:bf7:800:1000::/56" hosts: - hostname: teufelsberg-core role: corerouter - model: linksys_e8450-ubi - wireless_profile: freifunk_default + model: "mikrotik_routerboard-750gr3" # USBIP packages to manage Meshtastic node (TLORA V1) connected via USB host__packages__to_merge: - "kmod-usb-ohci usbip-server usbip-client" - - hostname: teufelsberg-ap1 + - hostname: teufelsberg-o-nf role: ap - model: mikrotik_sxtsq-5-ac - mac_override: {eth0: dc:2c:6e:91:08:19} + model: cudy_ap3000outdoor-v1 wireless_profile: freifunk_default - - hostname: teufelsberg-ap2 + - hostname: teufelsberg-s-nf role: ap - model: mikrotik_sxtsq-5-ac - mac_override: {eth0: dc:2c:6e:91:0f:66} + model: cudy_ap3000outdoor-v1 wireless_profile: freifunk_default - - hostname: teufelsberg-ap3 + - hostname: teufelsberg-sw-nf role: ap model: mikrotik_sxtsq-5-ac mac_override: {eth0: 2c:c8:1b:6a:ce:f1} wireless_profile: freifunk_default - - hostname: teufelsberg-ap4 - role: ap - model: mikrotik_sxtsq-5-ac - mac_override: {eth0: dc:2c:6e:c4:2c:91} - wireless_profile: freifunk_default - snmp_devices: - hostname: teufelsberg-switch @@ -61,29 +53,25 @@ snmp_devices: address: 10.31.213.8 snmp_profile: af60 - # - hostname: teufelsberg-westhafen - # address: 10.31.213.9 - # snmp_profile: af60 - - # - hostname: teufelsberg-nw - # address: 10.31.213.10 - # snmp_profile: airos_8 + - hostname: teufelsberg-nw + address: 10.31.213.10 + snmp_profile: airos_8 - hostname: teufelsberg-nord address: 10.31.213.11 snmp_profile: airos_8 - # - hostname: teufelsberg-ono - # address: 10.31.213.12 - # snmp_profile: airos_8 + - hostname: teufelsberg-ono + address: 10.31.213.12 + snmp_profile: airos_8 airos_dfs_reset: - # - name: "teufelsberg-nw" - # target: "10.31.213.10" - # username: "ubnt" - # password: "/root/pwd.txt" - # daytime_limit: "2-7" + - name: "teufelsberg-nw" + target: "10.31.213.10" + username: "ubnt" + password: "/root/pwd.txt" + daytime_limit: "2-7" - name: "teufelsberg-nord" target: "10.31.213.11" @@ -91,11 +79,11 @@ airos_dfs_reset: password: "/root/pwd.txt" daytime_limit: "2-7" - # - name: "teufelsberg-ono12" - # target: "10.31.213.10" - # username: "ubnt" - # password: "/root/pwd.txt" - # daytime_limit: "2-7" + - name: "teufelsberg-ono" + target: "10.31.213.12" + username: "ubnt" + password: "/root/pwd.txt" + daytime_limit: "2-7" networks: @@ -103,71 +91,40 @@ networks: role: mesh name: mesh_ak36 prefix: 10.31.213.64/32 - ipv6_subprefix: -1 - - - vid: 11 - role: mesh - name: mesh_westhaf - prefix: 10.31.213.65/32 - ipv6_subprefix: -2 + ipv6_subprefix: -10 + mesh_metric: 128 - vid: 12 role: mesh name: mesh_ilr prefix: 10.31.213.66/32 - ipv6_subprefix: -3 + ipv6_subprefix: -12 + mesh_metric: 128 - vid: 13 role: mesh name: mesh_nw - prefix: 10.31.213.71/32 - ipv6_subprefix: -8 + prefix: 10.31.213.67/32 + ipv6_subprefix: -13 - vid: 14 role: mesh name: mesh_nord - prefix: 10.31.213.72/32 - ipv6_subprefix: -9 + prefix: 10.31.213.68/32 + ipv6_subprefix: -14 - vid: 15 role: mesh name: mesh_ono - prefix: 10.31.213.73/32 - ipv6_subprefix: -10 - - - vid: 20 - role: mesh - name: mesh_ap1 - prefix: 10.31.213.67/32 - ipv6_subprefix: -4 - mesh_ap: teufelsberg-ap1 - mesh_radio: 11a_standard - mesh_iface: mesh - - - vid: 21 - role: mesh - name: mesh_ap2 - prefix: 10.31.213.68/32 - ipv6_subprefix: -5 - mesh_ap: teufelsberg-ap2 - mesh_radio: 11a_standard - mesh_iface: mesh - - - vid: 22 - role: mesh - name: mesh_ap3 prefix: 10.31.213.69/32 - ipv6_subprefix: -6 - mesh_ap: teufelsberg-ap3 - mesh_radio: 11a_standard - mesh_iface: mesh + ipv6_subprefix: -15 - - vid: 23 + - vid: 22 role: mesh - name: mesh_ap4 - prefix: 10.31.213.70/32 - ipv6_subprefix: -7 - mesh_ap: teufelsberg-ap4 + name: mesh_sw_nf + prefix: 10.31.213.76/32 + ipv6_subprefix: -22 + mesh_ap: teufelsberg-sw-nf mesh_radio: 11a_standard mesh_iface: mesh @@ -180,7 +137,7 @@ networks: assignments: teufelsberg-core: 1 - - vid: 42 + - vid: 437 role: mgmt prefix: 10.31.213.0/26 gateway: 1 @@ -189,22 +146,22 @@ networks: assignments: teufelsberg-core: 1 teufelsberg-switch: 2 - teufelsberg-ap1: 3 - teufelsberg-ap2: 4 - teufelsberg-ap3: 5 - teufelsberg-ap4: 6 + teufelsberg-o-nf: 3 + teufelsberg-s-nf: 4 + teufelsberg-sw-nf: 5 teufelsberg-ak36: 7 teufelsberg-ilr: 8 - teufelsberg-westhafen: 9 teufelsberg-nw: 10 teufelsberg-nord: 11 teufelsberg-ono: 12 + teufelsberg-cam: 13 + teufelsberg-pi: 14 location__channel_assignments_11a_standard__to_merge: - # all APs on channel 36 for now, to allow meshing for standard Falter APs - # TODO: Change this once the installation is more optimized - teufelsberg-core: 40-20 - teufelsberg-ap1: 36-20 - teufelsberg-ap2: 36-20 - teufelsberg-ap3: 36-20 - teufelsberg-ap4: 36-20 + teufelsberg-o-nf: 44-20 + teufelsberg-s-nf: 48-20 + teufelsberg-sw-nf: 36-40 + +location__channel_assignments_11g_standard__to_merge: + teufelsberg-o-nf: 1-20 + teufelsberg-s-nf: 13-20 diff --git a/locations/teufelssecurity.yml b/locations/teufelssecurity.yml new file mode 100644 index 000000000..590d07f65 --- /dev/null +++ b/locations/teufelssecurity.yml @@ -0,0 +1,65 @@ +--- + +location: teufelssecurity +location_nice: Teufelsberg Wachhäuschen +latitude: 52.49649 +longitude: 13.23970 +altitude: 99 +community: true + +# ROUTER: 10.31.243.64/26 +# --MGMT: 10.31.243.64/28 +# --MESH: 10.31.243.80/28 +# --DHCP: 10.31.243.96/27 +ipv6_prefix: "2001:bf7:800:1600::/56" + +hosts: + + - hostname: teufelssecurity-core + role: corerouter + model: mikrotik_wap-ac + wireless_profile: freifunk_default + + - hostname: teufelssecurity-ap + role: ap + model: mikrotik_sxtsq-5-ac + wireless_profile: freifunk_default + mac_override: {eth0: dc:2c:6e:c4:36:35} + +networks: + + - vid: 20 + role: mesh + name: mesh_ap + prefix: 10.31.243.80/32 + ipv6_subprefix: -1 + mesh_ap: teufelssecurity-ap + mesh_radio: 11a_standard + mesh_iface: mesh + + - vid: 40 + role: dhcp + name: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.243.96/27 + ipv6_subprefix: 0 + assignments: + teufelssecurity-core: 1 + + - vid: 42 + role: mgmt + prefix: 10.31.243.64/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + teufelssecurity-core: 1 + teufelssecurity-ap: 2 + +location__channel_assignments_11a_standard__to_merge: + teufelssecurity-core: 44-40 + teufelssecurity-ap: 36-40 + +location__channel_assignments_11g_standard__to_merge: + teufelssecurity-core: 13-20 diff --git a/locations/torte-mela-2g.yml b/locations/torte-mela-2g.yml deleted file mode 100644 index 3cb4b225f..000000000 --- a/locations/torte-mela-2g.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -location: torte-mela-2g -location_nice: "" -latitude: 52.52270515795004 -longitude: 13.186229014854849 -community: true - -hosts: - - hostname: torte-mela-2g - role: corerouter - model: "tplink_cpe210-v1" - # low flash until proper core router - low_flash: true - wireless_profile: mesh_only - -ipv6_prefix: "2001:bf7:780:700::/56" - -# got following prefixes: -# Router: 10.31.243.224/27 -# 2001:bf7:780:700::/56 -# --MGMT: 10.31.243.224/29 -# --MESH: 10.31.243.232/29 -# --DHCP: 10.31.243.240/28 - -networks: - # 802.11s Mesh 2.4 GHz - - vid: 20 - role: mesh - name: mesh_mela - prefix: 10.31.243.232/32 - ipv6_subprefix: -20 - mesh_ap: torte-mela-2g - mesh_radio: 11g_standard - mesh_iface: mesh - - # MESH - LAN - - vid: 30 - role: mesh - name: mesh_lan - prefix: 10.31.243.233/32 - ipv6_subprefix: -30 - - # MGMT - - vid: 42 - role: mgmt - prefix: 10.31.243.224/29 - gateway: 1 - dns: 1 - ipv6_subprefix: 1 - assignments: - # Core - torte-mela-2g: 1 - - # DHCP - - vid: 40 - role: dhcp - prefix: 10.31.243.240/28 - ipv6_subprefix: 0 - inbound_filtering: true - enforce_client_isolation: true - assignments: - torte-mela-2g: 1 - -location__ssh_keys__to_merge: - - comment: torte - key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQBsKPa58c9LBwfupf3KlAsJHG+O9BNdTP0wB+0Ztl5Zl2/TeGfEEnOXxpf8gQq0qkG/pA40UP8jyejzliNfTZ+qOIfX+Jt1KXoBzNN7zBtYMzAAkrDgCqfIeLBAb/ArZyEanCOOz96bu4OfiktPJxbbRrlP/OV0XUZaLkSmIvxKFP5VHYyhvBxlwTrjSD8tdZJNFiZelHW/TRAT0uSfmgXBiXNThKVMNwwaCUp1R9QNbzFUhvnGyqrH8mQOYtHcZhPYAQOnUpJSYwBlyA4aIhAAgsPRZe1M5lEMn7ME6q6ERuQheGNmcNNqoxjrzIHbZjgTlprvdrzD7UPGNla7zcst torte@pluto diff --git a/locations/vaterhaus.yml b/locations/vaterhaus.yml index a6f63e5a9..9f7811759 100644 --- a/locations/vaterhaus.yml +++ b/locations/vaterhaus.yml @@ -52,6 +52,30 @@ snmp_devices: # address: 10.230.192.208 # snmp_profile: airos_6 +airos_dfs_reset: + - name: "vaterhaus-w" + target: "10.230.192.203" + username: "ubnt" + password: "file:/root/pwd.txt" + daytime_limit: "2-7" + + - name: "vaterhaus-o" + target: "10.230.192.205" + username: "root" + password: "file:/root/pwd.txt" + daytime_limit: "2-7" + + - name: "vaterhaus-adlershof" + target: "10.230.192.206" + username: "ubnt" + password: "file:/root/pwd.txt" + daytime_limit: "2-7" + + - name: "vaterhaus-cg47" + target: "10.230.192.207" + username: "root" + password: "file:/root/pwd.txt" + daytime_limit: "2-7" ipv6_prefix: "2001:bf7:830:a500::/56" @@ -86,6 +110,7 @@ networks: prefix: 10.230.192.226/32 ipv6_subprefix: -3 ptp: true + mesh_metric: 128 - vid: 13 role: mesh @@ -112,7 +137,6 @@ networks: name: mesh_11s_no prefix: 10.230.192.230/32 ipv6_subprefix: -7 - mesh_metric: 2048 mesh_ap: vaterhaus-n-nf-2ghz mesh_radio: 11g_standard mesh_iface: mesh diff --git a/locations/w38b.yml b/locations/w38b.yml index f8ba4dc1c..ee3f8a01a 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -10,14 +10,13 @@ contacts: hosts: - hostname: w38b-core role: corerouter - model: "netgear_wax202" + model: "glinet_gl-mt6000" wireless_profile: w38b - wifi_roaming: true - hostname: w38b-ap1 role: ap model: "dlink_covr-x1860-a1" - wireless_profile: w38b - wifi_roaming: true + wireless_profile: freifunk_default + mac_override: {eth0: 0c:0e:76:cf:2e:3a} snmp_devices: - hostname: w38b-sama @@ -35,9 +34,10 @@ ipv6_prefix: '2001:bf7:830:bc00::/56' # --MGMT: 10.31.212.0/27 # --MESH: 10.31.212.32/27 # --UPLK: 10.31.212.64/27 -# --DHCP: 10.31.212.96/27 (HOST) -# --DHCP: 10.31.212.128/26 -# --DHCP: 10.31.212.192/26 (PRIVATE) +# --DHCP: 10.31.212.96/28 (HOST) +# --DHCP: 10.31.212.112/28 (PRIVATE-2) +# --DHCP: 10.31.212.128/26 (FF) +# --DHCP: 10.31.212.192/26 (PRIVATE-1) # Disable noping dhcp_no_ping: false @@ -51,8 +51,8 @@ networks: ipv6_subprefix: -10 ptp: true # prefer routing via RHNK over SAMA - mesh_metric: 576 - mesh_metric_lqm: ['default 0.9'] + mesh_metric: 256 + mesh_metric_lqm: ['default 0.5'] # MESH - RHNK - vid: 11 @@ -61,7 +61,7 @@ networks: prefix: 10.31.212.34/32 ipv6_subprefix: -11 ptp: true - mesh_metric: 256 + mesh_metric: 128 # MESH - 5 GHz 802.11s - vid: 20 @@ -79,9 +79,6 @@ networks: name: mesh_2g prefix: 10.31.212.36/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.5'] mesh_ap: w38b-core mesh_radio: 11g_standard mesh_iface: mesh @@ -102,9 +99,6 @@ networks: name: mesh_ap1_2g prefix: 10.31.212.38/32 ipv6_subprefix: -23 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.5'] mesh_ap: w38b-ap1 mesh_radio: 11g_standard mesh_iface: mesh @@ -115,9 +109,6 @@ networks: name: mesh_lan prefix: 10.31.212.39/32 ipv6_subprefix: -30 - # adjust mesh_metric(s) to prefer other links - mesh_metric: 2048 - mesh_metric_lqm: ['default 0.25'] # DHCP with filtering and isolation - vid: 40 @@ -134,21 +125,46 @@ networks: - vid: 41 role: dhcp name: host - prefix: 10.31.212.96/27 + prefix: 10.31.212.96/28 ipv6_subprefix: 2 assignments: w38b-core: 1 - # DHCP (PRIVATE) + # DHCP (HOME / PRIVATE-1) - vid: 43 role: dhcp - name: private + name: private_1 inbound_filtering: true prefix: 10.31.212.192/26 ipv6_subprefix: 3 assignments: - w38b-core: 1 - w38b-pve: 2 + w38b-core: 1 # 10.31.212.193 + w38b-switch: 2 # 10.31.212.194 + w38b-pve: 3 # 10.31.212.195 + w38b-ds: 4 # 10.31.212.196 + w38b-printer: 5 # 10.31.212.197 + w38b-aud: 6 # 10.31.212.198 + + # DHCP (IN / PRIVATE-2) + - vid: 44 + role: dhcp + name: private_2 + inbound_filtering: true + prefix: 10.31.212.112/28 + ipv6_subprefix: 4 + assignments: + w38b-core: 1 # 10.31.212.113 + w38b-ds: 2 # 10.31.212.114 + + # UPLK - 10.31.212.64/27 as /32 + - vid: 50 + role: uplink + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.31.212.64/32 + wireguard_port: 51820 # MGMT - vid: 434 @@ -158,14 +174,10 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - # 10.31.212.1/32 - w38b-core: 1 - # 10.31.212.2/32 - w38b-ap1: 2 - # 10.31.212.3/32 - w38b-sama: 3 - # 10.31.212.4/32 - w38b-rhnk: 4 + w38b-core: 1 # 10.31.212.1 + w38b-ap1: 2 # 10.31.212.2 + w38b-sama: 3 # 10.31.212.3 + w38b-rhnk: 4 # 10.31.212.4 # AP-id, wifi-channel, bandwidth, txpower @@ -181,17 +193,6 @@ location__channel_assignments_11g_standard__to_merge: # Wireless profile location__wireless_profiles__to_merge: - name: w38b - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - radio: 11g_standard - legacy_rates: false - country: DE - - radio: 11a_mesh - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: berlin.freifunk.net @@ -209,16 +210,24 @@ location__wireless_profiles__to_merge: radio: [11a_standard, 11g_standard] ifname_hint: ffowe owe_transition_ifname_hint: ff - ieee80211w: 1 + ieee80211w: 2 - mode: ap ssid: w38b-home encryption: sae-mixed key: 'file:/root/wifi-pwd-home' - network: private + network: private_1 radio: [11a_standard, 11g_standard] ifname_hint: pr + - mode: ap + ssid: w38b-in + encryption: sae-mixed + key: 'file:/root/wifi-pwd-in' + network: private_2 + radio: [11a_standard, 11g_standard] + ifname_hint: in + - mode: ap ssid: w38b-host encryption: sae-mixed diff --git a/locations/walde.yml b/locations/walde.yml index 57d16df97..098577237 100644 --- a/locations/walde.yml +++ b/locations/walde.yml @@ -16,7 +16,7 @@ hosts: snmp_devices: - hostname: walde-emma - address: 10.31.92.1 + address: 10.31.92.2 snmp_profile: airos_8 @@ -28,12 +28,33 @@ ipv6_prefix: "2001:bf7:830:b00::/56" # --MESH: 10.31.92.16/28 networks: + # MESH - emma - vid: 10 role: mesh name: mesh_emma prefix: 10.31.92.16/32 ipv6_subprefix: -1 + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.92.17/32 + ipv6_subprefix: -20 + mesh_ap: walde-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.92.18/32 + ipv6_subprefix: -21 + mesh_ap: walde-core + mesh_radio: 11g_standard + mesh_iface: mesh + - vid: 40 role: dhcp inbound_filtering: true diff --git a/locations/weidenbaum.yml b/locations/weidenbaum.yml index a1c30fffe..42d9f790a 100644 --- a/locations/weidenbaum.yml +++ b/locations/weidenbaum.yml @@ -1,16 +1,17 @@ --- location: weidenbaum location_nice: Kleingartenkolonie Weidenbaum, Straße 70 Nr. 8+10, 13627 Berlin -latitude: 52.542224269476314 -longitude: 13.305274844169617 +latitude: 52.54227473545742 +longitude: 13.305438420309441 altitude: 27 height: 6 community: true hosts: + - hostname: weidenbaum-core role: corerouter - model: "avm_fritzbox-4040" + model: "ubnt_unifiac-mesh" wireless_profile: freifunk_default snmp_devices: @@ -19,18 +20,7 @@ snmp_devices: address: 10.31.204.130 snmp_profile: airos_8 - - hostname: weidenbaum-frischauf - address: 10.31.204.131 - snmp_profile: airos_8 - -airos_dfs_reset: - - name: "weidenbaum-frischauf" - target: "10.31.204.131" - username: "ubnt" - password: "file:/root/pwd" - daytime_limit: "2-7" - -ipv6_prefix: "2001:bf7:790:f00::/56" +ipv6_prefix: "2001:bf7:780:a00::/56" # got following prefixes: # Router: 10.31.204.128/26 @@ -47,52 +37,29 @@ networks: prefix: 10.31.204.144/32 ipv6_subprefix: -10 - - vid: 11 - role: mesh - name: mesh_frisch - prefix: 10.31.204.145/32 - ipv6_subprefix: -11 - # 802.11s Links - # MESH - 5 GHz 802.11s + # MESH - 5 GHz 802.11s - core - vid: 20 role: mesh name: mesh_5g prefix: 10.31.204.147/32 ipv6_subprefix: -20 - # make mesh_metric(s) for 5GHz worse than LAN - mesh_metric: 768 - mesh_metric_lqm: ['default 0.75'] mesh_ap: weidenbaum-core mesh_radio: 11a_standard mesh_iface: mesh - # MESH - 2.4 GHz 802.11s + # MESH - 2.4 GHz 802.11s - core - vid: 21 role: mesh name: mesh_2g prefix: 10.31.204.148/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than LAN and 2GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.5'] mesh_ap: weidenbaum-core mesh_radio: 11g_standard mesh_iface: mesh - # MESH - LAN - # Ubiquiti UniFi AC Mesh - weidenbaum-r0 - # This is currently Falter but should be converted into - # a normal AP at some point. We had UniFi AC Mesh that - # got bricked when flashing and we did not want to risk - # doing so. - - vid: 30 - role: mesh - name: mesh_lan - untagged: true - prefix: 10.31.204.151/32 - ipv6_subprefix: -30 - # DHCP - vid: 40 role: dhcp @@ -113,4 +80,11 @@ networks: assignments: weidenbaum-core: 1 # .129 weidenbaum-bht: 2 # .130 - weidenbaum-frischauf: 3 # .131 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + weidenbaum-core: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + weidenbaum-core: 13-20 diff --git a/locations/wilde.yml b/locations/wilde.yml index e4281ee69..d763f97d6 100644 --- a/locations/wilde.yml +++ b/locations/wilde.yml @@ -27,6 +27,8 @@ hosts: wireless_profile: mesh_only mac_override: eth0: 2c:c8:1b:6b:e5:d2 + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 - hostname: wilde-nf-n role: ap diff --git a/locations/wilgu10.yml b/locations/wilgu10.yml index 565dce89f..7c7a5b31a 100644 --- a/locations/wilgu10.yml +++ b/locations/wilgu10.yml @@ -58,6 +58,7 @@ networks: prefix: 10.230.210.104/32 ipv6_subprefix: -1 ptp: true + mesh_metric: 128 - vid: 11 role: mesh @@ -71,7 +72,6 @@ networks: name: mesh_east_2g prefix: 10.230.210.106/32 ipv6_subprefix: -3 - mesh_metric: 2048 mesh_ap: wilgu10-east-nf-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -133,15 +133,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: wilgu10 - devices: - - radio: 11a_standard - legacy_rates: false - country: DE - - - radio: 11g_standard - legacy_rates: false - country: DE - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/zwingli.yml b/locations/zwingli.yml index 68e965dc2..be80ec709 100644 --- a/locations/zwingli.yml +++ b/locations/zwingli.yml @@ -29,12 +29,14 @@ hosts: - hostname: zwingli-nno-nf-5ghz role: ap - model: ubnt_nanostation-m5_xm + model: mikrotik_sxtsq-5-ac + mac_override: {eth0: dc:2c:6e:c4:39:03} wifi_roaming: true - hostname: zwingli-nord-nf-5ghz role: ap model: mikrotik_sxtsq-5-ac + mac_override: {eth0: 2c:c8:1b:88:d4:95} wifi_roaming: true - hostname: zwingli-ost-nf-2ghz @@ -55,6 +57,7 @@ hosts: - hostname: zwingli-west-nf-5ghz role: ap model: mikrotik_sxtsq-5-ac + mac_override: {eth0: dc:2c:6e:91:0f:be} wifi_roaming: true airos_dfs_reset: @@ -83,6 +86,10 @@ airos_dfs_reset: daytime_limit: "2-7" snmp_devices: + - hostname: zwingli-switch + address: 10.31.115.2 + snmp_profile: swos + - hostname: zwingli-nord-5ghz address: 10.31.115.20 snmp_profile: airos_8 @@ -111,6 +118,10 @@ snmp_devices: address: 10.31.115.6 snmp_profile: af60 + - hostname: zwingli-emma + address: 10.31.115.7 + snmp_profile: af60 + ipv6_prefix: "2001:bf7:830:9800::/56" # ipv4-prefix: 10.31.115.0/24 @@ -146,7 +157,9 @@ networks: name: mesh_sama prefix: 10.31.115.36/32 ipv6_subprefix: -5 - mesh_metric: 128 + # prefer routing via emma over sama to use ohlauer as gateway) + mesh_metric: 256 + mesh_metric_lqm: ['default 0.5'] ptp: true - vid: 16 @@ -171,8 +184,6 @@ networks: prefix: 10.31.115.40/32 ipv6_subprefix: -9 mesh_metric: 128 - mesh_metric_lqm: - - default 0.3 # Make sure emma/ohlauer is not used as primary uplink ptp: true @@ -182,7 +193,6 @@ networks: name: mesh_11s_o2 prefix: 10.31.115.42/32 ipv6_subprefix: -11 - mesh_metric: 1024 mesh_ap: zwingli-ost-nf-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -194,7 +204,6 @@ networks: name: mesh_11s_w2 prefix: 10.31.115.44/32 ipv6_subprefix: -13 - mesh_metric: 1024 mesh_ap: zwingli-west-nf-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -208,7 +217,6 @@ networks: name: mesh_11s_n5 prefix: 10.31.115.45/32 ipv6_subprefix: -14 - mesh_metric: 1024 mesh_ap: zwingli-nord-nf-5ghz mesh_radio: 11a_standard mesh_iface: mesh @@ -220,7 +228,6 @@ networks: name: mesh_11s_o5 prefix: 10.31.115.46/32 ipv6_subprefix: -15 - mesh_metric: 1024 mesh_ap: zwingli-ost-nf-5ghz mesh_radio: 11a_standard mesh_iface: mesh @@ -232,7 +239,6 @@ networks: name: mesh_11s_w5 prefix: 10.31.115.48/32 ipv6_subprefix: -17 - mesh_metric: 1024 mesh_ap: zwingli-west-nf-5ghz mesh_radio: 11a_standard mesh_iface: mesh @@ -248,7 +254,7 @@ networks: assignments: zwingli-core: 1 - - vid: 42 + - vid: 425 role: mgmt prefix: 10.31.115.0/27 gateway: 1 @@ -258,10 +264,11 @@ networks: zwingli-core: 1 zwingli-switch: 2 - # af60-lr + # af60-lr / wave nano zwingli-sama: 3 zwingli-agym: 5 zwingli-vaterhaus: 6 + zwingli-emma: 7 # local aps 2ghz zwingli-ost-nf-2ghz: 11 diff --git a/mass-update.sh b/mass-update.sh index c663c16db..cf7896742 100755 --- a/mass-update.sh +++ b/mass-update.sh @@ -1,13 +1,13 @@ #!/bin/bash # Define file directory and endings -FILE_DIR="tmp/images" +WORK_DIR="tmp" FILE_ENDINGS=".itb .bin" # Find files matching the specified endings FILES="" for ENDING in $FILE_ENDINGS; do - FILES="$FILES $(find "$FILE_DIR" -type f -name "*$ENDING")" + FILES="$FILES $(find "$WORK_DIR/images" -type f -name "*$ENDING")" done # Sort files based on whether filename contains "core" or not @@ -26,14 +26,14 @@ SORTED_FILES="$OTHER_FILES $CORE_FILES" echo "" echo "This script will do the following:" echo "" -echo "- flash all the following hosts with the corresponding firmware files currently present in $FILE_DIR" +echo "- flash all the following hosts with the corresponding firmware files currently present in $WORK_DIR/images" echo "- first flash APs, than core routers based on the naming convention" echo "- check the availability of the hosts before and after flashing" echo "- ignore keychecking" -echo "- make sure that at least 16 MB of RAM are available before performing a sysupgrade" -echo "- delete the local firmware file from disk after flashing" +echo "- make sure that at least 'image size + 1 MB' of RAM is available before starting a firmware upgrade" +echo "- delete the local firmware file, build log, build and config files from disk after flashing" echo "" -echo "The following files will be processed:" +echo "The following firmware files will be flashed:" for FILE_PATH in $SORTED_FILES; do echo "- $(basename "$FILE_PATH")" done @@ -59,7 +59,7 @@ for FILE_PATH in $SORTED_FILES; do echo "Nodename: $NODENAME" # Build hostname - HOSTNAME="$NODENAME.olsr" + HOSTNAME="$NODENAME.ff" echo "Hostname: $HOSTNAME" # Check if hostname is reachable @@ -68,8 +68,8 @@ for FILE_PATH in $SORTED_FILES; do echo "Hostname $HOSTNAME is reachable" # Check memory on remote host - MEMORY=$(ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "root@$HOSTNAME" "free | awk 'NR==2 {print \$4}'") - if [ "$MEMORY" -ge $(( $(stat -c %s "$FILE_PATH") / 1024 + 3072 )) ]; then # File size in KB + 3 MB + MEMORY=$(ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "root@$HOSTNAME" "free | awk 'NR==2 {print \$7}'") + if [ "$MEMORY" -ge $(( $(stat -c %s "$FILE_PATH") / 1024 + 1024 )) ]; then # File size in KB + 1 MB echo "Memory on $HOSTNAME is sufficient ($MEMORY KB)" # SCP the file @@ -84,16 +84,17 @@ for FILE_PATH in $SORTED_FILES; do echo "Waiting for $HOSTNAME to become unreachable..." while ping -c 1 "$HOSTNAME" >/dev/null 2>&1; do sleep 1; done - # Wait for 20 seconds before checking hostname reachability again - sleep 20 - - # Debug output: Waiting for hostname to become reachable again + # Wait 20 seconds and than wait for hostname to become reachable again echo "Waiting for $HOSTNAME to become reachable again..." + sleep 20 while ! ping -c 1 "$HOSTNAME" >/dev/null 2>&1; do sleep 1; done - # Remove local file - echo "Removing local file $FILE_PATH" + # Remove local files + echo "Removing local files for $NODENAME from $WORK_DIR" rm "$FILE_PATH" + rm "$WORK_DIR/images/$NODENAME.log" + rm -rf "$WORK_DIR/build/$NODENAME" + rm -rf "$WORK_DIR/configs/$NODENAME" else echo "SCP command failed. Exiting..." exit 1 @@ -111,4 +112,3 @@ done # Horizontal line to separate iterations echo "----------------------------------------" echo "Finished" - diff --git a/roles/cfg_openwrt/files/common/iproute2/rt_tables b/roles/cfg_openwrt/files/common/iproute2/rt_tables new file mode 100644 index 000000000..d7aa480f6 --- /dev/null +++ b/roles/cfg_openwrt/files/common/iproute2/rt_tables @@ -0,0 +1,20 @@ +# +# reserved values +# +128 prelocal +255 local +254 main +253 default + +0 unspec +# +# local +# +#1 inr.ruhep + +10 babel-ff +11 babel-default +12 babel-src +20 olsr-ff +21 olsr-default + diff --git a/roles/cfg_openwrt/files/corerouter/iproute2/rt_tables b/roles/cfg_openwrt/files/corerouter/iproute2/rt_tables new file mode 120000 index 000000000..c0ed137f3 --- /dev/null +++ b/roles/cfg_openwrt/files/corerouter/iproute2/rt_tables @@ -0,0 +1 @@ +../../common/iproute2/rt_tables \ No newline at end of file diff --git a/roles/cfg_openwrt/files/falter.snapshot.pem b/roles/cfg_openwrt/files/falter.snapshot.pem new file mode 100644 index 000000000..cbede47b4 --- /dev/null +++ b/roles/cfg_openwrt/files/falter.snapshot.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE1NSmLpdMjXJpDQki9ziqW3Ve0aIX99t +uAc1Yn5TexwhBhHsGxUxICHS63pDXYj9xg1AZHlvbEnFrBNrsdjJQQ== +-----END PUBLIC KEY----- diff --git a/roles/cfg_openwrt/files/gateway/iproute2/rt_tables b/roles/cfg_openwrt/files/gateway/iproute2/rt_tables new file mode 120000 index 000000000..c0ed137f3 --- /dev/null +++ b/roles/cfg_openwrt/files/gateway/iproute2/rt_tables @@ -0,0 +1 @@ +../../common/iproute2/rt_tables \ No newline at end of file diff --git a/roles/cfg_openwrt/files/packagefeed_master.pub b/roles/cfg_openwrt/files/packagefeed_master.pub index c58be9d59..de7874aa4 100644 --- a/roles/cfg_openwrt/files/packagefeed_master.pub +++ b/roles/cfg_openwrt/files/packagefeed_master.pub @@ -1,2 +1,2 @@ -untrusted comment: This is a key for buildbot-master. It signs Freifunk-Berlin Falter-packagefeeds. public key +untrusted comment: This is a key for buildbot-main. It signs Freifunk-Berlin Falter-packagefeeds. public key RWRhoHijhAjnECRwgLkBfnA2rgHtgVNmDPJmFfIhGDxbK8vIFxkiZ8iF diff --git a/roles/cfg_openwrt/files/wiki/update.py b/roles/cfg_openwrt/files/wiki/update.py index 01af96f1e..a55c15d19 100644 --- a/roles/cfg_openwrt/files/wiki/update.py +++ b/roles/cfg_openwrt/files/wiki/update.py @@ -46,7 +46,7 @@ def intro(location: str): "
Die Konfiguration für diesen Standort wurde mit dem Tool " "[https://github.com/freifunk-berlin/bbb-configs bbb-configs] erstellt. " "Der aktuelle Stand der Konfiguration kann dort in der Datei " - f"[https://github.com/freifunk-berlin/bbb-configs/blob/master/locations/{location}.yml {location}.yml] " + f"[https://github.com/freifunk-berlin/bbb-configs/blob/main/locations/{location}.yml {location}.yml] " "eingesehen werden. Teile dieses Wikiartikels werden mit Hilfe von Semantic " "Values und Templates automatisch erstellt." ) diff --git a/roles/cfg_openwrt/tasks/conditional_packages.yml b/roles/cfg_openwrt/tasks/conditional_packages.yml index 5c8fddba6..e14cff1bd 100644 --- a/roles/cfg_openwrt/tasks/conditional_packages.yml +++ b/roles/cfg_openwrt/tasks/conditional_packages.yml @@ -42,10 +42,11 @@ - name: "Add debugging-packages on core-routers" set_fact: - packages: "{{ packages + ['mosh-server', 'tmux', 'ip'] }}" + packages: "{{ packages + ['mosh-server', 'tmux'] }}" when: - - not (low_flash | default(false)) - role == 'corerouter' + - not (low_mem | default(false)) + - not (low_flash | default(false)) - name: "Remove or replace packages on low mem and low flash" set_fact: @@ -55,6 +56,8 @@ - -ethtool - -iperf3 - -iwinfo + - -libiwinfo-lua + - -collectd-mod-iwinfo - -kmod-ipt-core - -kmod-ipt-offload - -kmod-nf-ipt diff --git a/roles/cfg_openwrt/tasks/imagebuilder.yml b/roles/cfg_openwrt/tasks/imagebuilder.yml index 238725c58..2332cc55a 100644 --- a/roles/cfg_openwrt/tasks/imagebuilder.yml +++ b/roles/cfg_openwrt/tasks/imagebuilder.yml @@ -33,6 +33,8 @@ mode: "644" when: '"http" in imagebuilder' +# For testing purposes the imagebuilder variable can be replaced with a path to a local file. +# This task takes care of using this file instead of trying to download something - name: Copy Local Imagebuilder command: argv: @@ -72,37 +74,95 @@ instr_set: "{{ instr_set_result.stdout_lines | first }}" when: 'instr_set is not defined and feed_version is defined' -- name: Insert falter feed +- name: Insert falter OPKG feed lineinfile: path: "{{ build_dir }}/repositories.conf" - line: "{{ feed | replace('__INSTR_SET__', instr_set) | replace('__FEED_VERSION__', feed_version) }}" - when: 'feed_version is defined' - -- name: Define Key-Dir - stat: - path: "{{ build_dir }}/keys/" - register: keydir + line: "{{ feed }}" + when: 'feed_version is defined and openwrt_version != "snapshot"' -- name: Add falter feed key +- name: Add falter OPKG feed key copy: src: "files/packagefeed_master.pub" dest: "{{ build_dir }}/keys/61a078a38408e710" # matches fingerprint mode: "preserve" - when: 'feed_version is defined and keydir.stat.exists' + when: 'feed_version is defined' -- name: Disable Signature verification if required +- name: Disable OPKG signature verification if required lineinfile: path: "{{ build_dir }}/repositories.conf" line: "option check_signature" state: "absent" when: 'imagebuilder_disable_signature_check is defined and imagebuilder_disable_signature_check' +- name: Add falter APK feed + lineinfile: + path: "{{ build_dir }}/repositories" + line: "{{ feed }}" + when: 'feed_version is defined and openwrt_version == "snapshot"' + +- name: Add falter APK feed to image + lineinfile: + path: "{{ configs_dir }}/etc/apk/repositories.d/falter.list" + line: "{{ feed }}" + create: true + when: 'feed_version is defined and openwrt_version == "snapshot"' + +- name: Add falter APK feed key + copy: + src: "files/falter.snapshot.pem" + dest: "{{ build_dir }}/keys/" + mode: "preserve" + when: 'feed_version is defined and openwrt_version == "snapshot"' + +- name: Add falter APK feed key to image + copy: + src: "files/falter.snapshot.pem" + dest: "{{ configs_dir }}/etc/apk/keys/" + mode: "preserve" + when: 'feed_version is defined and openwrt_version == "snapshot"' + +- name: Add custom APK feed key + copy: + src: "{{ feed_key }}" + dest: "{{ build_dir }}/keys/falter.custom.pem" + mode: "preserve" + when: 'feed_version is defined and openwrt_version == "snapshot" and feed_key is defined' + +- name: Add custom APK feed key to image + copy: + src: "{{ feed_key }}" + dest: "{{ configs_dir }}/etc/apk/keys/falter.custom.pem" + mode: "preserve" + when: 'feed_version is defined and openwrt_version == "snapshot" and feed_key is defined' + - name: Override compat_version check to bbb-configs exclusive value 9.9 lineinfile: path: "{{ build_dir }}/include/image-commands.mk" search_string: "compat_version=$(if $(DEVICE_COMPAT_VERSION),$(DEVICE_COMPAT_VERSION),1.0)" line: "compat_version=9.9" +- name: Override Imagebuilder .config + lineinfile: + path: "{{ build_dir }}/.config" + search_string: "{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + loop: "{{ imagebuilder_config | default({}) | dict2items }}" + + +- name: Copy over upstream inittab as base to modify + copy: + src: "{{ build_dir }}/target/linux/{{ (target|split('/'))[0] }}/base-files/etc/inittab" + dest: "{{ configs_dir}}/etc/" + when: "additional_serial_ports is defined" + +- name: Configure additional serial ports in inittab + lineinfile: + path: "{{ configs_dir }}/etc/inittab" + insertafter: '^ttyS\d.*\n' + line: "{{ item }}::askfirst:/usr/libexec/login.sh" + loop: "{{ additional_serial_ports | default([]) }}" + + - name: Run Imagebuilder changed_when: false command: diff --git a/roles/cfg_openwrt/tasks/wikiupdater.yml b/roles/cfg_openwrt/tasks/wikiupdater.yml index 40d5881ca..7603ce25a 100644 --- a/roles/cfg_openwrt/tasks/wikiupdater.yml +++ b/roles/cfg_openwrt/tasks/wikiupdater.yml @@ -12,7 +12,7 @@ mode: "644" - name: wikiupdater | Update article - script: ../files/wiki/update.py -l "{{ location }}" --file "{{ wikiupdater_dir }}/{{ group_names[0] | split('_') | last }}.txt" + script: ../files/wiki/update.py -l "{{ location }}" --file "{{ wikiupdater_dir }}/{{ location }}.txt" register: wiki_res changed_when: '"UPDATED" in wiki_res.stdout' args: diff --git a/roles/cfg_openwrt/templates/ap/config/firewall.j2 b/roles/cfg_openwrt/templates/ap/config/firewall.j2 new file mode 100644 index 000000000..cdca9b967 --- /dev/null +++ b/roles/cfg_openwrt/templates/ap/config/firewall.j2 @@ -0,0 +1,16 @@ +#jinja2: trim_blocks: "true", lstrip_blocks: "true" + +config defaults + option syn_flood '1' + option input 'ACCEPT' + option output 'ACCEPT' + option forward 'REJECT' + option drop_invalid '0' + +config zone 'zone_freifunk' + option name 'freifunk' + list network 'mgmt' + +config forwarding + option dest 'freifunk' + option src 'freifunk' diff --git a/roles/cfg_openwrt/templates/common/collectd/conf.d/basic.conf.j2 b/roles/cfg_openwrt/templates/common/collectd/conf.d/basic.conf.j2 index 3526052d8..6631deb2d 100644 --- a/roles/cfg_openwrt/templates/common/collectd/conf.d/basic.conf.j2 +++ b/roles/cfg_openwrt/templates/common/collectd/conf.d/basic.conf.j2 @@ -3,11 +3,13 @@ LoadPlugin uptime LoadPlugin interface LoadPlugin ping +{% for host in collectd_ping_hosts %} TTL 127 Interval 10 - Host "{{ collectd_ping_host }}" + Host "{{ host }}" +{% endfor %} LoadPlugin memory @@ -31,7 +33,7 @@ LoadPlugin olsrd {% endif %} -{% if wireless_devices is defined and wireless_profile != 'disable' %} +{% if wireless_devices is defined and wireless_profile != 'disable' and low_mem is not true | default (true) and low_flash is not true | default (true) %} LoadPlugin iwinfo {% endif %} diff --git a/roles/cfg_openwrt/templates/common/config/bgpdisco_nameservice.j2 b/roles/cfg_openwrt/templates/common/config/bgpdisco_nameservice.j2 new file mode 100644 index 000000000..9f0cfef42 --- /dev/null +++ b/roles/cfg_openwrt/templates/common/config/bgpdisco_nameservice.j2 @@ -0,0 +1,31 @@ +package 'bgpdisco-plugin-nameservice' + +config general + option domain 'ff' + option hosts_file '/var/hosts/ffnameservice' + option cmd_on_update 'killall -SIGHUP dnsmasq' +{% if inventory_hostname in groups['role_gateway'] %} + list exclude_interface_self '{{ uplink['ifname'] }}' +{% endif %} + +{%- if mgmt['assignments'] is defined and mgmt['assignments']|length>0 -%} + +{# Gateway ... #} +{% for host, ip_num in mgmt['assignments'].items() if host != inventory_hostname %} +config static-entry + option host '{{ host }}' + list ip '{{ mgmt['ipv4'] | ansible.utils.ipaddr(ip_num) | ansible.utils.ipaddr('address') }}' + +{% endfor %} +{% else %} + +{# Core-Router #} +{% for network in networks | selectattr('assignments', 'mapping') %} +{% for host, ip_num in network['assignments'].items() if host != inventory_hostname %} +config static-entry + option host '{{ host }}' + list ip '{{ network['prefix'] | ansible.utils.ipaddr(ip_num) | ansible.utils.ipaddr('address') }}' + +{% endfor %} +{% endfor %} +{%- endif %} diff --git a/roles/cfg_openwrt/templates/common/config/dsa.network.inc b/roles/cfg_openwrt/templates/common/config/dsa.network.inc index 6d54781d4..6c46d4810 100644 --- a/roles/cfg_openwrt/templates/common/config/dsa.network.inc +++ b/roles/cfg_openwrt/templates/common/config/dsa.network.inc @@ -9,7 +9,7 @@ config device {{ portmapping.append(port|string + (":t" if tagged else "")) }} {%- endfor %} -config bridge-vlan +config bridge-vlan 'vlan_{{ network['vid'] }}' option device 'switch0' option vlan '{{ network['vid'] }}' option ports '{{ portmapping|join(' ') }}' diff --git a/roles/cfg_openwrt/templates/common/config/network.j2 b/roles/cfg_openwrt/templates/common/config/network.j2 index 6e94bcd28..1d229303b 100644 --- a/roles/cfg_openwrt/templates/common/config/network.j2 +++ b/roles/cfg_openwrt/templates/common/config/network.j2 @@ -1,6 +1,26 @@ #jinja2: trim_blocks: "true", lstrip_blocks: "true" -{% set profile = wireless_profiles | selectattr('name', 'equalto', wireless_profile) | list | first %} -{% set wifi_networks = profile | json_query('ifaces[].network') | default([], true) %} +{% import 'libraries/network.j2' as libnetwork with context %} + +# Babel inserts into seperate route table, add that to lookup list for IPv6 +config rule6 + option priority 33000 + option lookup 'babel-src' + +# IPv4 Soft Migration by priotizing Babel over OLSR +config rule + option priority 33100 + option lookup 'babel-ff' + +config rule + option priority 33101 + option lookup 'olsr-ff' + +config rule + option priority 33200 + option lookup 'babel-default' +config rule + option priority 33201 + option lookup 'olsr-default' config interface 'loopback' option device 'lo' @@ -18,51 +38,32 @@ config interface 'loopback' {% endif %} -{% for network in networks | selectattr('vid', 'defined') %} - {% set name = network['name'] if 'name' in network else network['role'] %} - {% set vid = network['vid']|string %} - {% set untagged = network.get('untagged') %} - {% if 'ifname' in network %} - {% set port = network['ifname'] + ('' if untagged else '.' + vid) %} - {% elif dsa_ports is defined %} - {% set port = 'switch0' + '.' + vid %} - {% elif (switch_ports|default(0) > 0) %} - {% set port = int_port + '.' + vid %} - {% else %} - {% set port = int_port + ('' if untagged else '.' + vid) %} - {% endif %} - {% set bridge_name = 'br-' + name %} - {% set bridge_needed = name in wifi_networks or network.get('mesh_ap') == inventory_hostname or (role == 'corerouter' and 'tunnel_wan_ip' in network) or (role == 'corerouter' and network['role'] == 'uplink') %} - {% set port_needed = not (role == 'corerouter' and network.get('mesh_ap') == inventory_hostname) %} +{% for network in networks %} + {% set name = libnetwork.getUciIfname(network) %} {%- if (role == 'corerouter' and network['role'] == 'mesh') or ('assignments' in network and inventory_hostname in network['assignments']) - or name in wifi_networks + or name in libnetwork.getWirelessNetworks() | from_json or network.get('mesh_ap') == inventory_hostname - or (role == 'corerouter' and 'tunnel_wan_ip' in network) - or (role == 'corerouter' and network['role'] == 'uplink') + or (role == 'corerouter' and network['role'] == 'uplink' and network.get('uplink_mode') != 'direct') %} config interface '{{ name }}' - {% if port_needed %} - {% if bridge_needed %} - option device '{{ (bridge_name if bridge_name | length <= 15) | mandatory('The generated inteface name exceeds the 15 characters limit of the linux kernel. Try to shorten the name to resolve this.') }}' - {% else %} - option device '{{ port }}' - {% endif %} + {% if libnetwork.isPortNeeded(network) | from_json %} + option device '{{ libnetwork.getIfname(network) }}' {% endif %} {% if network.get('enforce_client_isolation') and role == 'corerouter' and - not bridge_needed %} + not libnetwork.isBridgeNeeded(network) | from_json %} option macaddr '02:00:00:00:00:01' {% endif %} {% if 'assignments' in network and inventory_hostname in network['assignments'] %} option proto 'static' option ipaddr '{{ network['prefix'] | ansible.utils.ipaddr(network['assignments'][inventory_hostname]) }}' - {% if role != "corerouter" and 'dns' in network %} + {% if role != "corerouter" and 'dns' in network %} option dns '{{ network['prefix'] | ansible.utils.ipaddr(network['dns']) | ansible.utils.ipaddr('address') }}' - {% endif %} - {% if 'gateway' in network and 'assignments' in network and network['assignments'][inventory_hostname] != network['gateway'] %} + {% endif %} + {% if 'gateway' in network and 'assignments' in network and network['assignments'][inventory_hostname] != network['gateway'] %} option gateway '{{ network['prefix'] | ansible.utils.ipaddr(network['gateway']) | ansible.utils.ipaddr('address') }}' - {% endif %} - {% if role != 'corerouter' and 'ipv6_subprefix' in network %} + {% endif %} + {% if role != 'corerouter' and 'ipv6_subprefix' in network %} # IPv6 Address comes via SLAAC and RA. See sysctl, there it is enabled # The reason is to get rid of the userspace daemon @@ -84,14 +85,14 @@ config interface '{{ name }}' {% endif %} {% endif %} - {% if port_needed and bridge_needed %} + {% if libnetwork.isPortNeeded(network) | from_json and libnetwork.isBridgeNeeded(network) | from_json %} config device - option name '{{ (bridge_name if bridge_name | length <= 15) | mandatory('The generated inteface name exceeds the 15 characters limit of the linux kernel. Try to shorten the name to resolve this.') }}' - option type 'bridge' + option name '{{ libnetwork.getBridgeIfname(network) }}' + option type 'bridge' {% if network.get('enforce_client_isolation') and role == 'corerouter' %} option macaddr '02:00:00:00:00:01' {% endif %} - list ports '{{ port }}' + list ports '{{ libnetwork.getPortIfname(network) }}' {% endif %} {% endfor %} diff --git a/roles/cfg_openwrt/templates/common/config/system.j2 b/roles/cfg_openwrt/templates/common/config/system.j2 index 245a6973d..bf0da917b 100644 --- a/roles/cfg_openwrt/templates/common/config/system.j2 +++ b/roles/cfg_openwrt/templates/common/config/system.j2 @@ -3,13 +3,13 @@ config system option zonename '{{ zonename }}' option timezone '{{ timezone }}' option ttylogin '0' - option log_size '64' + option log_size '{{ log_size }}' option urandom_seed '0' option compat_version '9.9' # hardcoded to a bbb-configs exclusive version identifier, matches patch in image builder, because we dont retain device config. {% if role == 'corerouter' or role == 'gateway' %} option latitude '{{ latitude|default(0) }}' option longitude '{{ longitude|default(0) }}' - option altitude '60.000000000000000' + option altitude '{{ altitude|default(60.000000000000000) }}' option location '{{ location_nice|default(location) }}' {% endif %} diff --git a/roles/cfg_openwrt/templates/common/config/wireless.j2 b/roles/cfg_openwrt/templates/common/config/wireless.j2 index d9303e489..ae9485ec3 100644 --- a/roles/cfg_openwrt/templates/common/config/wireless.j2 +++ b/roles/cfg_openwrt/templates/common/config/wireless.j2 @@ -4,8 +4,12 @@ # Wifi Config is derived from wireless profile: '{{ wireless_profile }}' {% for wd in wireless_devices | default([]) %} {% set wd_id = 'radio' + loop.index0|string %} - {% set wd_config = profile['devices'] | selectattr('radio', 'contains', wd['name']) | first %} {% set wd_ifaces = profile['ifaces'] | default([]) | selectattr('radio', 'contains', wd['name']) %} + {% if 'devices' in profile %} + {% set wd_config = profile['devices'] | default([]) | selectattr('radio', 'contains', wd['name']) | first %} + {% else %} + {% set wd_config = {} %} + {% endif %} {% set channel_assignments = hostvars[inventory_hostname]['channel_assignments_' + wd['name']] %} {% set channel_assignment = (channel_assignments[inventory_hostname] | default(channel_assignments['default'])).split('-') %} @@ -46,9 +50,13 @@ config wifi-device '{{ wd_id }}' {% endif %} {% if 'country' in wd_config %} option country '{{ wd_config['country'] }}' + {% else %} + option country 'DE' {% endif %} {% if 'legacy_rates' in wd_config %} option legacy_rates '{{ wd_config['legacy_rates']|int }}' + {% else %} + option legacy_rates '0' {% endif %} {% if 'disabled' in wd_config %} option disabled '{{ wd_config['disabled']|int }}' diff --git a/roles/cfg_openwrt/templates/common/nftables.conf.j2 b/roles/cfg_openwrt/templates/common/nftables.conf.j2 index 5674b3b63..eae9cb6a8 100644 --- a/roles/cfg_openwrt/templates/common/nftables.conf.j2 +++ b/roles/cfg_openwrt/templates/common/nftables.conf.j2 @@ -11,7 +11,12 @@ network_ifname_map = #} {% set network_ifname_map = [] %} {% for wd in wireless_devices | default([]) %} - {% set wd_config = profile['devices'] | selectattr('radio', 'contains', wd['name']) | first %} + {% set wd_ifaces = profile['ifaces'] | default([]) | selectattr('radio', 'contains', wd['name']) %} + {% if 'devices' in profile %} + {% set wd_config = profile['devices'] | default([]) | selectattr('radio', 'contains', wd['name']) | first %} + {% else %} + {% set wd_config = {} %} + {% endif %} {% set wd_ifaces = profile['ifaces'] | default([]) | selectattr('radio', 'contains', wd['name']) %} {% if not wd_config.get('disabled') %} {% for iface in wd_ifaces %} @@ -60,20 +65,71 @@ table bridge client_isolation { {% endif %} {% endfor %} -{% for network in networks | selectattr('role', 'equalto', 'mesh') | selectattr('name','in', network_ifname_map|map(attribute='network')) %} - {% set wifi_if = network_ifname_map | selectattr('network', 'equalto', network['name']) | map(attribute='ifname') | first %} - {% set set_localrouter = 'localrouter_' + network['name'] %} - {% if loop.first %} +{# + Reflection filter -{# Corerouters have no bridge, therefore we need to hook in family inet. - See https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks#Netfilter_hooks_into_Linux_networking_packet_flows #} -{% set type = 'bridge' if role == 'ap' else 'inet' %} + We sometimes receive our own packets back. It happens when a location has + two or more mesh APs which are badly isolated, use overlapping frequencies, + or are aligned to be in each others beam. Can't be prevented 100%, happens. + Any suitable obstacle in a single antenna's beam can cause reflections too. + Reflections were observed in 2021 with old 2 GHz Nanostations at Emmauskirche: + https://github.com/freifunk-berlin/bbb-configs/issues/119 -table {{ type }} prevent_mesh_reflection -flush table {{ type }} prevent_mesh_reflection -table {{ type }} prevent_mesh_reflection { - {% endif %} + It usually works like this: corerouter transmits a packet over mesh VLAN 123, + the respective mesh AP receives it on its bridge and transmits it out over + the wifi mesh interface. Another mesh AP at the same location receives + the packet on its wifi mesh interface, and through its bridge puts it + on mesh VLAN 456, where the same corerouter receives it. + + In our setup all VLAN interfaces on the corerouter share the same MAC address. + That means the corerouter receives a packet with its one of its own MAC + addresses as as the source address. In more traditional network environments, + this would be cause for concern, so Linux complains with a log message: + + switch0: received packet on lan4 with own address as source address + + It's fine in our meshy, non-traditional setup, but two things need consideration: + + 1) On the corerouter, reflected packets are purely an issue of asthetics: + it can become quite noisy in logread and drown out more important messages. + + 2) Infrastructure devices (= switches) between mesh AP and corerouter might + get confused about the same MAC address seamingly living on multiple ports. + All devices should handle this fine because it's on separate VLANs, + but you never know. We've seen all kinds of weird shit on cheap switches. + + So we want to avoid letting these packets back into the location. + + Our filter has nftables learn source MAC addresses from outgoing traffic + and reject any incoming packets with a matching source MAC address. + + We do this only on the mesh AP though, because this is where we can prevent + the reflected packet from reaching possibly wonky cheap switches. + The filter as described works nicely on the mesh AP bridge interface covering + the mesh VLAN and the mesh wifi interface. + + On the corerouter however, the filter would only prevent logread noise, + and it would need to be more complex as well. Mesh wifi interfaces directly + on the corerouter don't require a bridge over the mesh wifi interface since + a dedicated VLAN for that mesh direction isn't required. But without + a bridge, we somehow ended up blocking not just reflected packets, but also + intermittently blocked our mesh neighbours. All kinds of MAC addresses + ended up in the filter - not sure why. + + Summary: we filter reflected packets on mesh APs, but where a corerouter + meshes on its own, using its own integrated wifi, we tolerate the log noise. +#} +{% if role == 'ap' %} + {% for network in networks | selectattr('role', 'equalto', 'mesh') | selectattr('name','in', network_ifname_map|map(attribute='network')) %} + {% set wifi_if = network_ifname_map | selectattr('network', 'equalto', network['name']) | map(attribute='ifname') | first %} + {% set set_localrouter = 'localrouter_' + network['name'] %} + {% if loop.first %} + +table bridge prevent_mesh_reflection +flush table bridge prevent_mesh_reflection +table bridge prevent_mesh_reflection { + {% endif %} set {{ set_localrouter }} { type ether_addr size 5 @@ -88,7 +144,8 @@ table {{ type }} prevent_mesh_reflection { iifname {{ wifi_if }} ether saddr @{{ set_localrouter }} counter drop } - {% if loop.last %} + {% if loop.last %} } - {% endif %} -{% endfor %} + {% endif %} + {% endfor %} +{% endif %} diff --git a/roles/cfg_openwrt/templates/common/rc.local.j2 b/roles/cfg_openwrt/templates/common/rc.local.j2 index b83091610..c063956c9 100644 --- a/roles/cfg_openwrt/templates/common/rc.local.j2 +++ b/roles/cfg_openwrt/templates/common/rc.local.j2 @@ -36,7 +36,7 @@ echo {{ override['value'] }} > {{ override['path'] }} # Change the option "procd_set_param stderr 1" to "0" in the file /etc/init.d/collectd # This is needed because airos_6 APs w/o stations resulted in a lot of local log spamming # In addition switches without unique port labels have the same problem -sed -i 's/\(procd_set_param stderr\)[[:space:]]*1/\1 0/' /etc/init.d/collectd +sed -i 's/\(procd_set_param stderr\)[[:space:]]*1/\1 0/' /etc/init.d/collectd {% endif %} exit 0 diff --git a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 new file mode 100644 index 000000000..a9c78a7ec --- /dev/null +++ b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 @@ -0,0 +1,134 @@ +#jinja2: trim_blocks: "true", lstrip_blocks: "true" +{% import 'libraries/network.j2' as libnetwork with context %} + +log syslog all; +debug protocols {states}; + +# Include additional bird config files for runtime extendability +include "/dev/shm/bird_*.conf"; + +#master4 is implicitly created +ipv6 sadr table v6_main; +ipv4 table v4_babel_ff; +ipv4 table v4_babel_default; + +protocol device { +}; + +protocol direct { + ipv6 sadr { + table v6_main; + }; + ipv4; +} + +protocol babel { + randomize router id yes; + ipv6 sadr { + table v6_main; + # Import only /56 location aggregates and default routes + import filter { + if ! (net.len = 56 || net = ::/0 from {{ freifunk_global_prefix }}) then reject; +{% for nw in networks | selectattr('role', 'equalto', 'mesh') %} + {# metrics for 2 GHz adhoc get a penalty over 5 GHz adhoc so 5 GHz is preferred #} + {% set default_mesh_metric = hostvars[inventory_hostname].get('mesh_metric_adhoc_' ~ nw.get('mesh_radio'), mesh_metric_default_in) %} + if ifname = "{{ libnetwork.getIfname(nw) }}" then { + babel_metric = babel_metric + {{ nw.get('mesh_metric', default_mesh_metric) }}; + } +{% endfor %} +{% for nw in networks | selectattr('role', 'equalto', 'tunnel') %} + if ifname = "{{ nw.get('ifname') }}" then { + babel_metric = babel_metric + {{ nw.get('mesh_metric', mesh_metric_tunnel_in) }}; + } +{% endfor %} + accept; + }; + + export filter { + if net = {{ ipv6_prefix }} from ::/0 then accept; + if source = RTS_BABEL then accept; + reject; + }; + }; + ipv4 { + import filter { +{% for nw in networks | selectattr('role', 'equalto', 'mesh') %} + {# metrics for 2 GHz adhoc get a penalty over 5 GHz adhoc so 5 GHz is preferred #} + {% set default_mesh_metric = hostvars[inventory_hostname].get('mesh_metric_adhoc_' ~ nw.get('mesh_radio'), mesh_metric_default_in) %} + if ifname = "{{ libnetwork.getIfname(nw) }}" then { + babel_metric = babel_metric + {{ nw.get('mesh_metric', default_mesh_metric) }}; + } +{% endfor %} +{% for nw in networks | selectattr('role', 'equalto', 'tunnel') %} + if ifname = "{{ nw.get('ifname') }}" then { + babel_metric = babel_metric + {{ nw.get('mesh_metric', mesh_metric_tunnel_in) }}; + } +{% endfor %} + accept; + }; + export where source = RTS_BABEL || net ~ [ 10.0.0.0/8{21,32} ]; # Readvertise learned routes and advertise local networks from 10/8 + }; + + # Mesh interfaces +{% for nw in networks | selectattr('role', 'equalto', 'mesh') %} + interface "{{ libnetwork.getIfname(nw) }}" { + type wireless; + }; +{% endfor %} + # Tunnel interfaces provided by tunspace +{% for nw in networks | selectattr('role', 'equalto', 'tunnel') %} + interface "{{ nw.get('ifname') }}" { + type wireless; + }; +{% endfor %} +} + +protocol kernel { + ipv6 sadr { + table v6_main; + import all; + export all; + }; + learn all; # Allow learning loopback route +} + + + +# Currently not in use but keep for later purposes +protocol kernel { + ipv4 { + import none; + export none; + }; +} + +# TODO: Get rid of the following when OLSRD is gone +protocol kernel { + kernel table 10; + ipv4 { + table v4_babel_ff; + import none; + export all; + }; +} + +protocol pipe { + table master4; + peer table v4_babel_ff; + export where net != 0.0.0.0/0; +} + +protocol kernel { + kernel table 11; + ipv4 { + table v4_babel_default; + import none; + export all; + }; +} + +protocol pipe { + table master4; + peer table v4_babel_default; + export where net = 0.0.0.0/0; +} diff --git a/roles/cfg_openwrt/templates/corerouter/config/babeld.j2 b/roles/cfg_openwrt/templates/corerouter/config/babeld.j2 deleted file mode 100644 index 58768c226..000000000 --- a/roles/cfg_openwrt/templates/corerouter/config/babeld.j2 +++ /dev/null @@ -1,48 +0,0 @@ -#jinja2: trim_blocks: "true", lstrip_blocks: "true" -{% if ipv6_prefix is defined %} -package babeld - -config general - option 'local_port' '33123' - option 'ipv6_subtrees' 'true' - option 'ubus_bindings' 'true' - - {% for network in networks | selectattr('role', 'equalto', 'mesh') | selectattr('ipv6_subprefix') %} - {% set _ifname = network['name'] if 'name' in network else network['role'] %} -config interface - option 'ifname' '{{ _ifname }}' - option 'split_horizon' '{{ (network['ptp'] if 'ptp' in network else false ) | string | lower }}' - option 'link_quality' '{{ network.get('link_quality_based_metric', true) | string | lower }}' - option 'rxcost' '{{ '256' if network.get('link_quality_based_metric', true) else '96' }}' - -config filter - option 'type' 'in' - option 'if' '{{ _ifname }}' - option 'action' 'metric {{ network.get('mesh_metric', 512) }}' - - {% endfor -%} - - {% for tunnel in networks | selectattr('role', 'equalto', 'tunnel') %} -config interface - option 'ifname' '{{ tunnel['ifname'] }}' - option 'split_horizon' 'true' - -config filter - option 'type' 'in' - option 'if' '{{ tunnel['ifname'] }}' - option 'ip' '::/0' - option 'eq' '0' - option 'action' 'metric {{ tunnel['mesh_metric']|default(512) }}' - - {% endfor %} - -config filter - option 'type' 'redistribute' - option 'ip' '{{ ipv6_prefix }}' - option 'eq' '{{ ipv6_prefix | ansible.utils.ipaddr('prefix') }}' - -config filter - option 'type' 'redistribute' - option 'local' 'true' - option 'action' 'deny' -{% endif %} diff --git a/roles/cfg_openwrt/templates/corerouter/config/bgpdisco_nameservice.j2 b/roles/cfg_openwrt/templates/corerouter/config/bgpdisco_nameservice.j2 new file mode 120000 index 000000000..4e632e062 --- /dev/null +++ b/roles/cfg_openwrt/templates/corerouter/config/bgpdisco_nameservice.j2 @@ -0,0 +1 @@ +../../common/config/bgpdisco_nameservice.j2 \ No newline at end of file diff --git a/roles/cfg_openwrt/templates/corerouter/config/firewall.j2 b/roles/cfg_openwrt/templates/corerouter/config/firewall.j2 index bde9b65e1..6b28c69d7 100644 --- a/roles/cfg_openwrt/templates/corerouter/config/firewall.j2 +++ b/roles/cfg_openwrt/templates/corerouter/config/firewall.j2 @@ -12,9 +12,6 @@ config defaults option forward 'REJECT' option drop_invalid '0' -config include - option path '/etc/firewall.user' - config zone 'zone_freifunk' option name 'freifunk' {% for name in zone_freifunk_networks %} diff --git a/roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 b/roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 index 2eb55f6da..c59e7b72d 100644 --- a/roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 +++ b/roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 @@ -4,7 +4,7 @@ config LoadPlugin config LoadPlugin option library 'olsrd_nameservice' - option suffix '.olsr' + option suffix '.ff' option hosts_file '/tmp/hosts/olsr' option latlon_file '/var/run/latlon.js' option services_file '/var/etc/services.olsr' @@ -40,6 +40,8 @@ config olsrd option OlsrPort '698' option Willingness '3' option TosValue '16' + option RtTable '20' + option RtTableDefault '21' config InterfaceDefaults option MidValidityTime '500.0' diff --git a/roles/cfg_openwrt/templates/corerouter/config/tunnelmanager.j2 b/roles/cfg_openwrt/templates/corerouter/config/tunnelmanager.j2 deleted file mode 100644 index 13ab50791..000000000 --- a/roles/cfg_openwrt/templates/corerouter/config/tunnelmanager.j2 +++ /dev/null @@ -1,21 +0,0 @@ -#jinja2: trim_blocks: "true", lstrip_blocks: "true" -{% for network in networks | selectattr('tunnel_wan_ip', 'defined') %} - {% set name = network['name'] if 'name' in network else network['role'] %} - {% set bridge_name = 'br-' + name %} -config tunnelmanager '{{ name }}' - option interface '{{ (bridge_name if bridge_name | length <= 15) | mandatory('The generated inteface name exceeds the 15 characters limit of the linux kernel. Try to shorten the name to resolve this.') }}' - option namespace '{{ network['tunnel_namespace']|default(name) }}' - option mtu '{{ network['tunnel_mtu']|default(1280) }}' - option uplink_ip '{{ network['tunnel_wan_ip'] }}' - option uplink_gateway '{{ network['tunnel_wan_gw'] }}' - option tunnel_count '{{ network['tunnel_connections']|default(2) }}' - option tunnel_timeout '{{ network['tunnel_timeout']|default(160) }}' - option check_interval '{{ network['tunnel_check_interval']|default(30) }}' - option up_script '{{ network['tunnel_up_script']|default('/usr/share/tunnelman/up.sh') }}' - option up_script_args '{{ network['tunnel_up_script_args']|default(network['tunnel_mesh_prefix_ipv4']) }} 12800 0.4' - option down_script '{{ network['tunnel_down_script']|default('/usr/share/tunnelman/down.sh') }}' - {% for gateway in groups['role_gateway'] | sort %} - # {{ gateway }} - list tunnel_endpoints '{{ hostvars[gateway]['uplink']['ipv4'] | ansible.utils.ipaddr('address') }}' - {% endfor %} -{% endfor %} diff --git a/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 b/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 index 0fc738d1c..0a6547b0b 100644 --- a/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 +++ b/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 @@ -1,10 +1,13 @@ #jinja2: trim_blocks: "true", lstrip_blocks: "true" {% for uplink in networks | selectattr('role', 'equalto', 'uplink') %} {% set name = uplink['name'] if 'name' in uplink else 'uplink' %} + {% set mode = uplink['uplink_mode'] if 'uplink_mode' in uplink else 'bridge' %} + {% set ifname = uplink['ifname'] if mode == 'direct' else 'br-'+name %} config tunspace "tunspace" option uplink_netns "{{ name }}" - option uplink_ifname "br-{{ name }}" + option uplink_ifname "{{ ifname }}" + option uplink_mode "{{ mode }}" option maintenance_interval 60 option debug 1 {% endfor %} @@ -16,7 +19,6 @@ config wg-interface option ipv4 "{{ tunnel['prefix'] }}" option mtu {{ tunnel['mtu'] }} option port {{ tunnel['wireguard_port'] }} - option keyfile "/etc/tunspace/{{ tunnel['ifname'] }}.key" option disabled 0 {% endfor %} diff --git a/roles/cfg_openwrt/templates/corerouter/firewall.user.j2 b/roles/cfg_openwrt/templates/corerouter/firewall.user.j2 deleted file mode 100644 index 59738bfc1..000000000 --- a/roles/cfg_openwrt/templates/corerouter/firewall.user.j2 +++ /dev/null @@ -1,6 +0,0 @@ -{% if (networks | selectattr('tunnel_wan_ip', 'defined') | count > 0) and openwrt_version.startswith('22.') %} -ip6tables -A forwarding_rule -o wg_+ -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1352 -ip6tables -A forwarding_rule -i wg_+ -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1352 -iptables -A forwarding_rule -o wg_+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1372 -iptables -A forwarding_rule -i wg_+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1372 -{% endif %} diff --git a/roles/cfg_openwrt/templates/corerouter/nftables.d/20-wg-maxseg-size.nft.j2 b/roles/cfg_openwrt/templates/corerouter/nftables.d/20-wg-maxseg-size.nft.j2 index b497ac9ee..a7a0ab38f 100644 --- a/roles/cfg_openwrt/templates/corerouter/nftables.d/20-wg-maxseg-size.nft.j2 +++ b/roles/cfg_openwrt/templates/corerouter/nftables.d/20-wg-maxseg-size.nft.j2 @@ -1,17 +1,3 @@ -{% if (networks | selectattr('tunnel_wan_ip', 'defined') | count > 0) %} -{% set TCP_HEADER_SIZE = 20 %} -{% set IPV4_HEADER_SIZE = 20 %} -{% set IPV6_HEADER_SIZE = 40 %} -{% set min_mtu = ([1280] + (networks | selectattr('tunnel_mtu', 'defined') | map(attribute='tunnel_mtu') | list)) | min | int %} -{% set ipv4_mss = min_mtu - TCP_HEADER_SIZE - IPV4_HEADER_SIZE %} -{% set ipv6_mss = min_mtu - TCP_HEADER_SIZE - IPV6_HEADER_SIZE %} -chain wg_maxseg { - type filter hook forward priority -1; policy accept; - oifname "wg_*" tcp flags syn tcp option maxseg size set meta nfproto map { ipv4 : {{ ipv4_mss }}, ipv6 : {{ ipv6_mss }} } - iifname "wg_*" tcp flags syn tcp option maxseg size set meta nfproto map { ipv4 : {{ ipv4_mss }}, ipv6 : {{ ipv6_mss }} } -} -{% endif %} - {% if (networks | selectattr('role', 'equalto', 'tunnel') | count > 0) %} {% set TCP_HEADER_SIZE = 20 %} {% set IPV4_HEADER_SIZE = 20 %} diff --git a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 index 568457c08..10479508e 100644 --- a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 @@ -1,47 +1,223 @@ -{% if 'ipv6' in uplink %} -#loglevel syslog all; -# debug protocols all; +#jinja2: trim_blocks: "true", lstrip_blocks: "true" +{% set V6_SADR_DEFAULT_ROUTE = '::/0 from ' ~ freifunk_global_prefix %} +log syslog all; +debug protocols {states}; -filter default_route { - if ( net ~ [ ::0/0 ] ) then accept; - reject; -} +# Include additional bird config files for runtime extendability +include "/dev/shm/bird_*.conf"; -# Attention: Safety measure below! -# First drop everything which is not in freifunk prefix and a /48 -filter export_aggregates { - if ( net !~ [ {{ freifunk_global_prefix }}{{ '{' }}{{ freifunk_wahlkreis_announcement_prefix }},{{ freifunk_wahlkreis_announcement_prefix}}{{ '}' }} ] ) then reject; - include "/dev/shm/announcement*.bird.conf"; - accept; -} +protocol device { }; + +## +## Kernel <-> Babel tables +## +ipv6 sadr table v6_main; +ipv4 table v4_main; +ipv4 table v4_babel_ff; +ipv4 table v4_babel_default; -protocol device { +protocol kernel kernel_v6_main { + ipv6 sadr { + table v6_main; + import all; + export all; + }; + learn all; # Allow learning loopback route } -protocol kernel kernel6 { - ipv6 { +# Currently not in use due to OLSRD->Babel migration +# For now babel IPv4 routes land in the subsequent KRTs +protocol kernel kernel_v4_main { + ipv4 { + table v4_main; + import none; + export none; + }; +} + +protocol kernel kernel_v4_babel_ff { + kernel table 10; + ipv4 { + table v4_babel_ff; + import none; export all; + }; +} + +protocol pipe pipe_v4_main_to_babel_ff { + table v4_main; + peer table v4_babel_ff; + export where net != 0.0.0.0/0; + import none; +} + +protocol kernel kernel_v4_babel_default { + kernel table 11; + ipv4 { + table v4_babel_default; import none; + export all; + }; +} + +protocol pipe pipe_v4_main_to_babel_default { + table v4_main; + peer table v4_babel_default; + export where net = 0.0.0.0/0; + import none; +} + +## +## Uplink static IPv4 route +## +{% if uplink['ipv4'] | ansible.utils.ipaddr('prefix') >= 30 %} + {% set v4_nexthop = uplink['ipv4'] | ansible.utils.ipaddr('peer') %} +{% else %} + {% set v4_nexthop = uplink['ipv4'] | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') %} +{%- endif %} + +protocol static static_uplink { + ipv4 { table v4_main; }; + check link; + route 0.0.0.0/0 via {{ v4_nexthop }} dev "{{ uplink['ifname'] }}"; +} + +## +## Babel Section +## + +protocol babel babel_mesh { + randomize router id yes; + ipv6 sadr { + table v6_main; + # Import only /56 location aggregates and default routes + import filter { + if ! (net.len = 56 || net = {{ V6_SADR_DEFAULT_ROUTE }}) then reject; +{% for interface in mesh_links %} + if ifname = "{{ interface['ifname'] }}" then { + babel_metric = babel_metric + {{ interface.get('mesh_metric', mesh_metric_default_in) }}; + accept; + } +{% endfor %} + if ifname ~ "wg_*" then { + babel_metric = babel_metric + {{ mesh_metric_tunnel_in }}; + accept; + } + accept; + }; + export where source = RTS_BABEL || net = {{ ipv6_prefix }} from ::/0 || net = {{ V6_SADR_DEFAULT_ROUTE }}; + }; + ipv4 { + table v4_main; + import filter { + if ifname ~ "gre4-*" then reject; +{% for interface in mesh_links %} + if ifname = "{{ interface['ifname'] }}" then { + babel_metric = babel_metric + {{ interface.get('mesh_metric', mesh_metric_default_in) }}; + accept; + } +{% endfor %} + if ifname ~ "wg_*" then { + babel_metric = babel_metric + {{ mesh_metric_tunnel_in }}; + accept; + } + accept; + }; + export where source = RTS_BABEL || net = 0.0.0.0/0; # Readvertise Babel routes and advertise default route + }; + + # Mesh interfaces +{% for interface in mesh_links %} + interface "{{ interface['ifname'] }}" { + type wireless; + }; +{% endfor %} + + # GRE Tunnels +{% for gateway in groups['role_gateway'] | difference([inventory_hostname]) | sort %} + interface "gre4-{{ hostvars[gateway]['gre_tunnel_alias'] }}" { + type wireless; + rxcost {{ gre_metric }}; # Keep for now, could be implemented as export filter later + }; +{% endfor %} + + # Wireguard tunnel links which are dynamically established + interface "wg_*" { + type wireless; + rxcost {{ mesh_metric_tunnel_in }}; # Keep for now, could be implemented as export filter later }; } -protocol static { - ipv6; + +{% if 'ipv6' in uplink %} +## +## BGP Section +## +ipv6 table v6_bgp_upstream; + +# Define local attribute as yet another safetynet to ensure that we dont announce the bgpdisco +# routes to our upstream which will likely make the internet explode. +# While that sounds funny that aint a joke - Take it very serious or risk our trust!! +attribute int really_announce_to_upstream; + + +# Attention. Following rules are redundant for good reasons. +# 1. Let only pass routes which carry the really_announce_to_upstream route attribute being true +# 2. Filter for networks we explicitly would like to advertise, configurable through group_vars. +# Please do not remove those and pay attention, because we are abusing BGP for really funky stuff +# in our Backbone. Those routes must never reach the internet, otherwise it might break. Not kidding! +filter bgp_export_aggregates { + # See 1. + if ! ( defined( really_announce_to_upstream ) && really_announce_to_upstream = 1312 ) then reject; + + # See 2. + if net !~ [ {{ freifunk_global_prefix }}{{ '{' }}{{ freifunk_wahlkreis_announcement_prefix }},{{ freifunk_wahlkreis_announcement_prefix}}{{ '}' }} ] then reject; + + # Allow Traffic Engineering on routes which made it until here. + include "/dev/shm/announcement*.bird.conf"; + + accept; +} + +protocol static static_v6_bgp_upstream { + ipv6 { table v6_bgp_upstream; }; {% for wahlkreis in freifunk_wahlkreis_prefixes %} {% for no in range(0, wahlkreis | ansible.utils.ipsubnet(freifunk_wahlkreis_announcement_prefix) | int) %} - route {{ wahlkreis | ansible.utils.ipsubnet(freifunk_wahlkreis_announcement_prefix, no) }} unreachable; + route {{ wahlkreis | ansible.utils.ipsubnet(freifunk_wahlkreis_announcement_prefix, no) }} unreachable { + really_announce_to_upstream = 1312; + }; {% endfor %} {% endfor %} } -protocol bgp { +protocol bgp bgp_upstream { local {{ uplink['ipv6'] | ansible.utils.ipaddr('address') }} as {{ local_asn }}; neighbor {{ uplink['ipv6'] | ansible.utils.ipaddr('peer') }} as {{ peer_asn }}; ipv6 { - import filter default_route; - export filter export_aggregates; + table v6_bgp_upstream; + import where net = ::/0; + export filter bgp_export_aggregates; }; } + +## +## Hack to announce create a source specifc default route pointing to BGP Next Hop +## Details: https://github.com/freifunk-berlin/bbb-configs/issues/1062#issuecomment-2466541315 +## +ipv6 sadr table v6_default_via_bgp; + +protocol static static_v6_default_via_bgp { + ipv6 sadr { table v6_default_via_bgp; }; + igp table v6_bgp_upstream; # Where to lookup recursive resolved next-hop + route {{ V6_SADR_DEFAULT_ROUTE }} recursive ::; +} + +protocol pipe pipe_v6_default_via_bgp_to_main { + table v6_default_via_bgp; + peer table v6_main; + export where dest != RTD_UNREACHABLE; + import none; +} {% endif %} diff --git a/roles/cfg_openwrt/templates/gateway/config/babeld.j2 b/roles/cfg_openwrt/templates/gateway/config/babeld.j2 deleted file mode 100644 index 9e311fdd0..000000000 --- a/roles/cfg_openwrt/templates/gateway/config/babeld.j2 +++ /dev/null @@ -1,54 +0,0 @@ -package babeld -config general - option 'log_file' '/var/log/babeld.log' - option 'ipv6_subtrees' 'true' - option 'ubus_bindings' 'true' - -config interface - option 'ifname' 'uplink' - option 'ignore' 'true' - -{% for interface in mesh_links|default([]) %} -{% if interface['ipv6'] is defined %} -config interface - option 'ifname' '{{ interface['name'] }}' - option 'rxcost' '{{ '256' if interface.get('link_quality_based_metric', true) else '96' }}' - option 'split_horizon' '{{ (interface['ptp'] if 'ptp' in interface else false ) | string | lower }}' - option 'link_quality' '{{ interface.get('link_quality_based_metric', true) | string | lower }}' - -config filter - option 'type' 'in' - option 'if' '{{ interface['name'] }}' - option 'action' 'metric {{ interface.get('mesh_metric', 512) }}' - -{% endif %} -{% endfor %} - -{% for gateway in groups['role_gateway'] | difference([inventory_hostname]) | sort %} -config interface - option 'ifname' '{{ hostvars[gateway]['gre_tunnel_alias'] }}' - option 'rxcost' '{{ gre_metric }}' - option 'split_horizon' 'true' -{% endfor %} - -config interface - option 'rxcost' '{{ tunnel_metric }}' - -# Redistribute default route learend from BIRD -config filter - option 'type' 'redistribute' - option 'ip' '::0/0' - option 'eq' '0' - option 'proto' '12' - option 'action' 'src-prefix {{ freifunk_global_prefix }}' - -config filter - option 'type' 'redistribute' - option 'ip' '{{ ipv6_prefix }}' - option 'eq' '{{ ipv6_prefix | ansible.utils.ipaddr('prefix') }}' - -# Finally Prohibit distribution of all local networks. (.. but allow non-local networks, e.g learned via tunnel) -config filter - option 'type' 'redistribute' - option 'local' 'true' - option 'action' 'deny' diff --git a/roles/cfg_openwrt/templates/gateway/config/bgpdisco_nameservice.j2 b/roles/cfg_openwrt/templates/gateway/config/bgpdisco_nameservice.j2 new file mode 120000 index 000000000..4e632e062 --- /dev/null +++ b/roles/cfg_openwrt/templates/gateway/config/bgpdisco_nameservice.j2 @@ -0,0 +1 @@ +../../common/config/bgpdisco_nameservice.j2 \ No newline at end of file diff --git a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 index 413188ab8..182b88c44 100644 --- a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 @@ -1,4 +1,6 @@ #jinja2: trim_blocks: "true", lstrip_blocks: "true" +{% import 'libraries/network.j2' as libnetwork with context %} + config defaults option syn_flood 1 option input ACCEPT @@ -66,7 +68,9 @@ config rule option src uplink option src_ip '{{ uplink['ipv6'] | ansible.utils.ipaddr('peer') }}' option proto tcp - option dest_port 179 +# Dont match on destination Port +# BGP Session is not always initiated by ourselves +# option dest_port 179 option target ACCEPT {% endif %} @@ -173,3 +177,52 @@ config rule {% endif %} option target ACCEPT {% endfor %} + +# Allow traffic from Internet to inbound_filtered networks unconditionally +config rule + option name 'Accept Traffic to inbound_filtered networks' + option src uplink + option dest freifunk + option ipset 'inbound_filtered_networks dest' + option target ACCEPT + +# Dont track (Internet -> inbound_filtered_networks) +config rule + option name 'Dont track (Internet -> inbound_filtered_networks)' + option src uplink + option dest freifunk # see note below + option ipset 'inbound_filtered_networks dest' + option target NOTRACK + +# Dont track (Internet via GRE -> inbound_filtered_networks) +config rule + option name 'Dont track (Internet via GRE -> inbound_filtered_networks)' + option src freifunk + option dest freifunk # see note below + option ipset 'inbound_filtered_networks dest' + option target NOTRACK + +# Dont track (inbound_filtered_networks -> Internet + Internet via GRE) +config rule + option name 'Dont track (inbound_filtered_networks -> Internet + Internet via GRE)' + option src freifunk + option dest uplink # see note below + option ipset 'inbound_filtered_networks src' + option target NOTRACK + +# Note: option dest actually has no impact in rendered nftables config by fw4, because +# NOTRACK needs to be set on prerouting, where the outbound interface is not determined, +# but is necessary in order to let fw4 know this is a forwarding rule. + +config ipset + option name 'inbound_filtered_networks' + option match 'net' + option family 'ipv6' +{% for h in groups['role_corerouter'] %} + {% set h_vars = hostvars[h] %} + {% for network in h_vars['networks'] + | selectattr('inbound_filtering', 'defined') | selectattr('inbound_filtering') + | selectattr('ipv6_subprefix', 'defined') %} + list entry '{{ h_vars['ipv6_prefix'] | ansible.utils.ipsubnet(64, network['ipv6_subprefix']) }}' # {{ h }} - {{ libnetwork.getUciIfname(network) }} + {% endfor %} +{% endfor %} diff --git a/roles/cfg_openwrt/templates/gateway/config/network.j2 b/roles/cfg_openwrt/templates/gateway/config/network.j2 index 543b3c579..44241fe97 100644 --- a/roles/cfg_openwrt/templates/gateway/config/network.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/network.j2 @@ -1,3 +1,17 @@ +# IPv4 Soft Migration by priotizing Babel over OLSR +# Static default Route is set by bird +config rule + option priority 33100 + option lookup 'babel-ff' + +config rule + option priority 33101 + option lookup 'olsr-ff' + +config rule + option priority 33200 + option lookup 'babel-default' + config interface 'loopback' option device 'lo' option proto 'static' @@ -12,9 +26,9 @@ config interface 'uplink' option proto 'static' option ipaddr '{{ uplink['ipv4'] }}' {% if uplink['ipv4'] | ansible.utils.ipaddr('prefix') >= 30 %} - option gateway '{{ uplink['ipv4'] | ansible.utils.ipaddr('peer') }}' +# option gateway '{{ uplink['ipv4'] | ansible.utils.ipaddr('peer') }}' {% else %} - option gateway '{{ uplink['ipv4'] | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }}' +# option gateway '{{ uplink['ipv4'] | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }}' {% endif %} {% if 'ipv6' in uplink %} option ip6addr '{{ uplink['ipv6'] }}' diff --git a/roles/cfg_openwrt/templates/gateway/config/olsrd.j2 b/roles/cfg_openwrt/templates/gateway/config/olsrd.j2 index 47c58d0cc..6c6aa5ad5 100644 --- a/roles/cfg_openwrt/templates/gateway/config/olsrd.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/olsrd.j2 @@ -4,7 +4,7 @@ config LoadPlugin config LoadPlugin option library 'olsrd_nameservice' - option suffix '.olsr' + option suffix '.ff' option hosts_file '/tmp/hosts/olsr' option latlon_file '/var/run/latlon.js' option services_file '/var/etc/services.olsr' @@ -24,15 +24,6 @@ config LoadPlugin option library 'olsrd_txtinfo' option port '2006' -config LoadPlugin - option library 'olsrd_dyn_gw' - list Ping '46.182.19.48' - list Ping '80.67.169.40' - list Ping '194.150.168.168' - option ignore '0' - option PingCmd 'ping -c 1 -q -I {{ uplink['ifname'] }} %s' - option PingInterval '30' - config olsrd option IpVersion '4' option FIBMetric 'flat' @@ -45,6 +36,13 @@ config olsrd option OlsrPort '698' option Willingness '3' option TosValue '16' + option RtTable '20' + option RtTableDefault '21' +# set rule priorities to some random high numbers to make sure they are never used +# We define our own route policies in /etc/config/network + option RtTablePriority '34000' + option RtTableTunnelPriority '34020' + option RtTableDefaultPriority '34030' {% if sgw is defined and sgw %} option SmartGateway 'yes' option SmartGatewayUplink 'both' @@ -71,10 +69,17 @@ config Interface option Mode '{{ 'ether' if interface.get('ptp') else 'mesh' }}' option LinkQualityMult 'default 1.0' {% endfor %} +{% endif %} - {% if mgmt is defined %} +{% if mgmt is defined %} config Hna4 option netmask '{{ mgmt['ipv4'] | ansible.utils.ipaddr('netmask') }}' option netaddr '{{ mgmt['ipv4'] | ansible.utils.ipaddr('network') }}' - {% endif %} {% endif %} + +# Announce default route, its anyways not used for forwarding within BBB +# We only need it to attract traffic from legacy mesh nodes, until babel +# takes over in our core network +config Hna4 + option netmask '0.0.0.0' + option netaddr '0.0.0.0' diff --git a/roles/cfg_openwrt/templates/gateway/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows.j2 b/roles/cfg_openwrt/templates/gateway/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows.j2 index a4bae5675..0571f6102 100644 --- a/roles/cfg_openwrt/templates/gateway/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows.j2 +++ b/roles/cfg_openwrt/templates/gateway/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows.j2 @@ -1,4 +1,5 @@ +meta nfproto ipv6 udp sport 53 limit rate {{ untracked_flows_dns_rate }}/second burst {{ untracked_flows_dns_burst }} packets counter accept comment "Allow DNS ratelimited, because resolvers answer quicker than Conntrack sync" meta nfproto ipv6 tcp flags & ack == ack limit rate {{ untracked_flows_tcp_ack_rate }}/second burst {{ untracked_flows_tcp_ack_burst }} packets counter accept comment "Allow established connections which not made it in the conntrack sync yet" meta nfproto ipv6 tcp flags & rst == rst limit rate {{ untracked_flows_tcp_rst_rate }}/second burst {{ untracked_flows_tcp_rst_burst }} packets counter accept comment "Allow established connections which not made it in the conntrack sync yet" -meta nfproto ipv6 tcp flags & ack == ack counter accept comment "Limit exceeded ACK" -meta nfproto ipv6 tcp flags & rst == rst counter accept comment "Limit exceeded RST" +meta nfproto ipv6 tcp flags & ack == ack counter comment "Limit exceeded ACK" +meta nfproto ipv6 tcp flags & rst == rst counter comment "Limit exceeded RST" diff --git a/roles/cfg_openwrt/templates/libraries/network.j2 b/roles/cfg_openwrt/templates/libraries/network.j2 new file mode 100644 index 000000000..501bf5433 --- /dev/null +++ b/roles/cfg_openwrt/templates/libraries/network.j2 @@ -0,0 +1,65 @@ +#jinja2: trim_blocks: True, lstrip_blocks: True +{% import 'libraries/wireless.j2' as libwireless with context %} + + +{# Retrieve the layer 3 interface name of a network. #} +{% macro getIfname(network) %} + {% set ifname = "" %} + {% if isBridgeNeeded(network) | from_json %} + {% set ifname = getBridgeIfname(network) %} + {% elif network.get('mesh_ap') == inventory_hostname %} + {% set ifname = libwireless.getLocalAdhocIfnameByNetwork(network) %} + {% else %} + {% set ifname = getPortIfname(network) %} + {% endif %} + +{{- (ifname if ifname | length <= 15) | mandatory('The generated interface name exceeds the 15 characters limit of the linux kernel. Try to shorten the name to resolve this.') -}} +{% endmacro %} + +{# Retrieve the Port Name of a network. This is either a physical vlan subinterface, or the switch vlan subinterface from DSA #} +{% macro getPortIfname(network) %} + {% set vid = network['vid']|string %} + {% set untagged = network.get('untagged') %} + {% if 'ifname' in network %} + {% set port = network['ifname'] + ('' if untagged else '.' + vid) %} + {% elif dsa_ports is defined %} + {% set port = 'switch0' + '.' + vid %} + {% elif (switch_ports|default(0) > 0) %} + {% set port = int_port + '.' + vid %} + {% else %} + {% set port = int_port + ('' if untagged else '.' + vid) %} + {% endif %} +{{- port -}} +{% endmacro %} + +{# Retrieve the bridge interface name of a network. This does not check if a bridge is actually needed #} +{% macro getBridgeIfname(network) %} +{{- 'br-' + getUciIfname(network) -}} +{% endmacro %} + +{# Retrieve the UCI/OpenWRT internal name of a network. #} +{% macro getUciIfname(network) %} +{{- network['name'] if 'name' in network else network['role'] -}} +{% endmacro %} + +{# Do we need to create a logical bridge for that network to bridge to wireless interface or are we not participating. This does not affect the switch configuration + # Warning: returns a bool. Use |from_json filter when calling #} +{% macro isBridgeNeeded(network) %} +{{- (getUciIfname(network) in getWirelessNetworks() + or (role == 'ap' and network.get('mesh_ap') == inventory_hostname) + or (role == 'corerouter' and network['role'] == 'uplink' and network.get('uplink_mode') != 'direct')) | to_json -}} +{% endmacro %} + +{# Do we need to configure a port or is this network only connected local (e.g. Mesh Endpoint on the core router) + # Warning: returns a bool. Use |from_json filter when calling #} +{% macro isPortNeeded(network) %} +{{- (not (role == 'corerouter' and network.get('mesh_ap') == inventory_hostname)) | to_yaml -}} +{% endmacro %} + +{# Retrieve the networks which shall be bridged to wifi + # Returns a list of bbb-config network name (network['name']) + # Warning: returns a list. Use |from_json filter when calling #} +{% macro getWirelessNetworks() %} + {% set selected_wireless_profile = wireless_profiles | selectattr('name', 'equalto', wireless_profile) | list | first %} +{{- selected_wireless_profile | json_query('ifaces[].network') | default([], true) | to_json -}} +{% endmacro %} diff --git a/roles/cfg_openwrt/templates/libraries/wireless.j2 b/roles/cfg_openwrt/templates/libraries/wireless.j2 new file mode 100644 index 000000000..7ef429ad4 --- /dev/null +++ b/roles/cfg_openwrt/templates/libraries/wireless.j2 @@ -0,0 +1,7 @@ +#jinja2: trim_blocks: True, lstrip_blocks: True + +# Retrieve the port name of a wireless network +{% macro getLocalAdhocIfnameByNetwork(network) %} + {% set wd = wireless_devices | selectattr('name', 'equalto', network['mesh_radio']) | list | first %} +{{- wd['ifname_hint'] + '-' + network['mesh_iface'] -}} +{% endmacro %} diff --git a/vm.sh b/vm.sh index af0221340..38a0f3369 100755 --- a/vm.sh +++ b/vm.sh @@ -114,7 +114,7 @@ cat << EOF > "$vmdir/vmconfig.json" }, "boot-source": { "kernel_image_path": "./vmlinux", - "boot_args": "ro console=ttyS0 noapic reboot=k panic=1 pci=off nomodules random.trust_cpu=on i8042.noaux" + "boot_args": "ro console=ttyS0 reboot=k panic=1 pci=off nomodules random.trust_cpu=on i8042.noaux" }, "drives": [ {