From 1c88ead09a7e339ee64c09b438cf46a5d4b67438 Mon Sep 17 00:00:00 2001
From: Michael Wyraz <michael@wyraz.de>
Date: Sat, 13 Nov 2021 22:54:06 +0100
Subject: [PATCH] Mapserver: fastd + batman-adv + radvd

---
 mapserver/.gitignore          |  1 +
 mapserver/README.md           | 18 +++++++++
 mapserver/docker-compose.yaml | 11 ++++++
 mapserver/envfile.example     | 20 ++++++++++
 mapserver/fastd/Dockerfile    | 12 ++++++
 mapserver/fastd/entrypoint.sh | 71 +++++++++++++++++++++++++++++++++++
 6 files changed, 133 insertions(+)
 create mode 100644 mapserver/.gitignore
 create mode 100644 mapserver/README.md
 create mode 100644 mapserver/docker-compose.yaml
 create mode 100644 mapserver/envfile.example
 create mode 100644 mapserver/fastd/Dockerfile
 create mode 100755 mapserver/fastd/entrypoint.sh

diff --git a/mapserver/.gitignore b/mapserver/.gitignore
new file mode 100644
index 0000000..8832298
--- /dev/null
+++ b/mapserver/.gitignore
@@ -0,0 +1 @@
+/envfile
diff --git a/mapserver/README.md b/mapserver/README.md
new file mode 100644
index 0000000..82b889e
--- /dev/null
+++ b/mapserver/README.md
@@ -0,0 +1,18 @@
+# Ein vollständiger Kartenserver für Freifunk-Leipzig
+
+## Architektur
+
+### fastd
+
+Der fastd-Container verbindet sich mit ein oder mehreren peers im
+Freifunk-Netz uvia fastd und startet batman-adv, um das peering herzustellen.. Über diese Verbindung können IPV6-Broadcasts der Knoten empfangen werden, über die die Kartendaten zusammengestellt werden.
+
+Umgebungsvariablen:
+
+* FASTD_MTU (benötigt): MTU der fastd-Verbindung
+* FASTD_PEER1_NAME (default: peer1): Name des ersten peers
+* FASTD_PEER1_REMOTE (benötigt): Remote-Adresse des Peers in fastd Syntax, z.B. `"gluon20162a61.leipzig.freifunk.net" port 1006`
+* FASTD_PEER1_KEY (benötigt): öffentlicher Schlüssel des Peers
+* FASTD_PEER`n`_NAME (optional): weitere Peers (fortlaufend numeriert)
+* FASTD_LOG_LEVEL (default: info)
+* IPV6_PREFIX (optional): Prefix für radvd, nötig um hosts im Netz über ihre nicht-link-lokale IPv6 anzupingen. z.B. `fdef:ffc0:7030::/64`
diff --git a/mapserver/docker-compose.yaml b/mapserver/docker-compose.yaml
new file mode 100644
index 0000000..a71c5ed
--- /dev/null
+++ b/mapserver/docker-compose.yaml
@@ -0,0 +1,11 @@
+---
+
+version: '3.4'
+services:
+    fastd:
+        build: ./fastd
+        env_file: envfile
+        privileged: true # required to create the tap device
+        sysctls:
+            net.ipv6.conf.all.disable_ipv6: 0 # enable ipv6 withn container
+        stop_grace_period: 0s
\ No newline at end of file
diff --git a/mapserver/envfile.example b/mapserver/envfile.example
new file mode 100644
index 0000000..5d01c76
--- /dev/null
+++ b/mapserver/envfile.example
@@ -0,0 +1,20 @@
+# Example configuration. Copy to "envfile" and modify to your needs
+
+# Fastd settings
+FASTD_MTU=1426
+
+FASTD_PEER1_NAME=vpngluon1
+FASTD_PEER1_REMOTE="gluon1.leipzig.freifunk.net" port 10061
+FASTD_PEER1_KEY=1111111111111111111111111111111111111111111111111111111111111111
+
+
+FASTD_PEER1_NAME=vpngluon2
+FASTD_PEER1_REMOTE="gluon2.leipzig.freifunk.net" port 10061
+FASTD_PEER1_KEY=1111111111111111111111111111111111111111111111111111111111111111
+
+
+FASTD_PEER1_NAME=vpngluon3
+FASTD_PEER1_REMOTE="gluon3.leipzig.freifunk.net" port 10061
+FASTD_PEER1_KEY=1111111111111111111111111111111111111111111111111111111111111111
+
+IPV6_PREFIX=fdef:ffc0:7030::/64
diff --git a/mapserver/fastd/Dockerfile b/mapserver/fastd/Dockerfile
new file mode 100644
index 0000000..049b18a
--- /dev/null
+++ b/mapserver/fastd/Dockerfile
@@ -0,0 +1,12 @@
+FROM debian:bullseye-backports
+
+RUN apt-get update && \
+    apt-get -y --no-install-recommends install \
+      fastd batctl iproute2 \
+      net-tools inetutils-ping procps \
+      radvd radvdump tcpdump ndisc6 \
+      bash curl
+
+ADD entrypoint.sh /entrypoint.sh
+
+CMD /entrypoint.sh
diff --git a/mapserver/fastd/entrypoint.sh b/mapserver/fastd/entrypoint.sh
new file mode 100755
index 0000000..9c2024e
--- /dev/null
+++ b/mapserver/fastd/entrypoint.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+
+set -e
+
+# check required env variables
+: "${FASTD_MTU:? must be set}"
+: "${FASTD_PEER1_REMOTE:? must be set}"
+: "${FASTD_PEER1_KEY:? must be set}"
+
+# set some defaults
+: "${FASTD_LOG_LEVEL:=info}"
+
+mkdir -p /config/fastd/peers
+cat << EOF > /config/fastd/fastd.conf
+log level ${FASTD_LOG_LEVEL};
+bind any:10061;
+mode tap;
+interface "mesh-vpn";
+method "salsa2012+umac";
+method "salsa2012+gmac";
+method "null+salsa2012+umac";
+method "null";
+mtu ${FASTD_MTU};
+secret "$( fastd --generate-key 2>/dev/null | grep -e Secret | awk '{ print $2 }' )";
+on up "
+  ip link set up dev mesh-vpn
+  batctl if add mesh-vpn
+  ifconfig bat0 up
+  $( -z "${IPV6_PREFIX}" || echo "radvd -C /config/radvd.conf" )
+";
+include peers from "peers";
+EOF
+
+# generate peers
+i=1
+while true; do
+  r="FASTD_PEER${i}_REMOTE"
+  k="FASTD_PEER${i}_KEY"
+  n="FASTD_PEER${i}_NAME"
+  if [ -z "${!r}${!k}${!n}" ]; then
+    # break after last defined peer
+    break;
+  fi
+  name=${!n:-peer$[i]}
+  remote=${!r}
+  key=${!k}
+  : ${remote:? ${r} must be set}
+  : ${key:? ${k} must be set}
+
+cat << EOF > "config/fastd/peers/${name}"
+key "${key}";
+remote ${remote};
+EOF
+
+  i=$(( i + 1 ))
+done
+
+if [ ! -z "${IPV6_PREFIX}" ]; then
+cat << EOF > "config/radvd.conf"
+interface bat0
+{
+    AdvSendAdvert on;
+    prefix fdef:ffc0:7030::/64 {
+        AdvOnLink on;
+        AdvAutonomous on;		
+	};
+};
+EOF
+fi
+
+exec fastd --config /config/fastd/fastd.conf