Mapserver: fastd + batman-adv + radvd

mapserver/.gitignore

@@ -0,0 +1 @@
+/envfile

mapserver/README.md

@@ -0,0 +1,18 @@
+# Ein vollständiger Kartenserver für Freifunk-Leipzig
+
+## Architektur
+
+### fastd
+
+Der fastd-Container verbindet sich mit ein oder mehreren peers im
+Freifunk-Netz uvia fastd und startet batman-adv, um das peering herzustellen.. Über diese Verbindung können IPV6-Broadcasts der Knoten empfangen werden, über die die Kartendaten zusammengestellt werden.
+
+Umgebungsvariablen:
+
+* FASTD_MTU (benötigt): MTU der fastd-Verbindung
+* FASTD_PEER1_NAME (default: peer1): Name des ersten peers
+* FASTD_PEER1_REMOTE (benötigt): Remote-Adresse des Peers in fastd Syntax, z.B. `"gluon20162a61.leipzig.freifunk.net" port 1006`
+* FASTD_PEER1_KEY (benötigt): öffentlicher Schlüssel des Peers
+* FASTD_PEER`n`_NAME (optional): weitere Peers (fortlaufend numeriert)
+* FASTD_LOG_LEVEL (default: info)
+* IPV6_PREFIX (optional): Prefix für radvd, nötig um hosts im Netz über ihre nicht-link-lokale IPv6 anzupingen. z.B. `fdef:ffc0:7030::/64`

mapserver/docker-compose.yaml

@@ -0,0 +1,11 @@
+---
+
+version: '3.4'
+services:
+    fastd:
+        build: ./fastd
+        env_file: envfile
+        privileged: true # required to create the tap device
+        sysctls:
+            net.ipv6.conf.all.disable_ipv6: 0 # enable ipv6 withn container
+        stop_grace_period: 0s

mapserver/envfile.example

@@ -0,0 +1,20 @@
+# Example configuration. Copy to "envfile" and modify to your needs
+
+# Fastd settings
+FASTD_MTU=1426
+
+FASTD_PEER1_NAME=vpngluon1
+FASTD_PEER1_REMOTE="gluon1.leipzig.freifunk.net" port 10061
+FASTD_PEER1_KEY=1111111111111111111111111111111111111111111111111111111111111111
+
+
+FASTD_PEER1_NAME=vpngluon2
+FASTD_PEER1_REMOTE="gluon2.leipzig.freifunk.net" port 10061
+FASTD_PEER1_KEY=1111111111111111111111111111111111111111111111111111111111111111
+
+
+FASTD_PEER1_NAME=vpngluon3
+FASTD_PEER1_REMOTE="gluon3.leipzig.freifunk.net" port 10061
+FASTD_PEER1_KEY=1111111111111111111111111111111111111111111111111111111111111111
+
+IPV6_PREFIX=fdef:ffc0:7030::/64

mapserver/fastd/Dockerfile

@@ -0,0 +1,12 @@
+FROM debian:bullseye-backports
+
+RUN apt-get update && \
+    apt-get -y --no-install-recommends install \
+      fastd batctl iproute2 \
+      net-tools inetutils-ping procps \
+      radvd radvdump tcpdump ndisc6 \
+      bash curl
+
+ADD entrypoint.sh /entrypoint.sh
+
+CMD /entrypoint.sh

mapserver/fastd/entrypoint.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+
+set -e
+
+# check required env variables
+: "${FASTD_MTU:? must be set}"
+: "${FASTD_PEER1_REMOTE:? must be set}"
+: "${FASTD_PEER1_KEY:? must be set}"
+
+# set some defaults
+: "${FASTD_LOG_LEVEL:=info}"
+
+mkdir -p /config/fastd/peers
+cat << EOF > /config/fastd/fastd.conf
+log level ${FASTD_LOG_LEVEL};
+bind any:10061;
+mode tap;
+interface "mesh-vpn";
+method "salsa2012+umac";
+method "salsa2012+gmac";
+method "null+salsa2012+umac";
+method "null";
+mtu ${FASTD_MTU};
+secret "$( fastd --generate-key 2>/dev/null | grep -e Secret | awk '{ print $2 }' )";
+on up "
+  ip link set up dev mesh-vpn
+  batctl if add mesh-vpn
+  ifconfig bat0 up
+  $( -z "${IPV6_PREFIX}" || echo "radvd -C /config/radvd.conf" )
+";
+include peers from "peers";
+EOF
+
+# generate peers
+i=1
+while true; do
+  r="FASTD_PEER${i}_REMOTE"
+  k="FASTD_PEER${i}_KEY"
+  n="FASTD_PEER${i}_NAME"
+  if [ -z "${!r}${!k}${!n}" ]; then
+    # break after last defined peer
+    break;
+  fi
+  name=${!n:-peer$[i]}
+  remote=${!r}
+  key=${!k}
+  : ${remote:? ${r} must be set}
+  : ${key:? ${k} must be set}
+
+cat << EOF > "config/fastd/peers/${name}"
+key "${key}";
+remote ${remote};
+EOF
+
+  i=$(( i + 1 ))
+done
+
+if [ ! -z "${IPV6_PREFIX}" ]; then
+cat << EOF > "config/radvd.conf"
+interface bat0
+{
+    AdvSendAdvert on;
+    prefix fdef:ffc0:7030::/64 {
+        AdvOnLink on;
+        AdvAutonomous on;		
+	};
+};
+EOF
+fi
+
+exec fastd --config /config/fastd/fastd.conf