commit 8990e986adcce362925ae9928a3c90d45986f619
Author: Alexander Böhm <alexander.boehm@malbolge.net>
Date:   Tue Dec 7 02:05:27 2021 +0100

    First working

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c998e21
--- /dev/null
+++ b/README.md
@@ -0,0 +1,28 @@
+# gluon super node with docker
+
+```
+cd /vagrant_data
+docker-compose up -d batman_network fastd_server dhcpd_v4 wireguard
+```
+
+```
+cd /vagrant_data
+docker-compose build
+docker-compose up -t 0 -d batman_network fastd_server dhcpd_v4 wireguard
+```
+
+Docker logs retenation + ipv6 support
+
+```
+{
+	"log-driver": "json-file",
+	"log-opts": {
+		"max-size": "1m",
+		"max-file": "3"
+	},
+  "ipv6": true,
+  "fixed-cidr-v6": "fcff:ffff:ffff:ffff::/64"
+}
+```
+
+# vim: expandtab tabstop=2 shiftwidth=2
diff --git a/batman/Dockerfile b/batman/Dockerfile
new file mode 100644
index 0000000..9659f1b
--- /dev/null
+++ b/batman/Dockerfile
@@ -0,0 +1,18 @@
+FROM docker.io/library/debian:bullseye
+
+ARG DEBIAN_FRONTEND=noninteractive
+ENV BATMAN_INTERFACE=bat0
+ENV BATMAN_BRIDGE=br-batman0
+ENV BATMAN_BRIDGE_IPV4=
+ENV BATMAN_BRIDGE_IPV6=
+ENV BATMAN_FORWARD_GATEWAY4=
+ENV BATMAN_FORWARD_GATEWAY6=
+ENV BATMAN_FORWARD_TABLE=5000
+
+RUN apt-get update && \
+    apt-get install -y  batctl iproute2 nftables inetutils-ping inetutils-traceroute curl && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+COPY entry-point.sh /entry-point.sh
+
+ENTRYPOINT ["/bin/bash", "/entry-point.sh"]
diff --git a/batman/entry-point.sh b/batman/entry-point.sh
new file mode 100644
index 0000000..6fa0606
--- /dev/null
+++ b/batman/entry-point.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+set -e
+
+batctl meshif ${BATMAN_INTERFACE} interface create
+ip link add ${BATMAN_BRIDGE} type bridge
+ip link set ${BATMAN_INTERFACE} master ${BATMAN_BRIDGE}
+ip link set ${BATMAN_INTERFACE} up
+ip link set ${BATMAN_BRIDGE} up
+
+# setup ips
+if [ "${BATMAN_BRIDGE_IPV4}" ] ; then
+    ip -4 addr add ${BATMAN_BRIDGE_IPV4} dev ${BATMAN_BRIDGE}
+fi
+if [ "${BATMAN_BRIDGE_IPV6}" ] ; then
+    ip -6 addr add ${BATMAN_BRIDGE_IPV6} dev ${BATMAN_BRIDGE}
+fi
+
+# mark node as dhcp server
+batctl meshif ${BATMAN_INTERFACE} gw server ${BATMAN_LIMIT_DOWNLOAD}Mbit/${BATMAN_LIMIT_UPLOAD}Mbit
+
+# configure routing 
+ip rule add iif ${BATMAN_BRIDGE} table ${BATMAN_FORWARD_TABLE}
+[ "${BATMAN_FORWARD_GATEWAY4}" ] && \
+    ip -4 route add table ${BATMAN_FORWARD_TABLE} default via ${BATMAN_FORWARD_GATEWAY4}
+[ "${BATMAN_FORWARD_GATEWAY6}" ] && \
+    ip -6 route add table ${BATMAN_FORWARD_TABLE} default via ${BATMAN_FORWARD_GATEWAY6}
+nft add rule nat POSTROUTING counter masquerade
+
+while true ; do
+    sleep 1
+done
diff --git a/debug/Dockerfile b/debug/Dockerfile
new file mode 100644
index 0000000..7a93ff4
--- /dev/null
+++ b/debug/Dockerfile
@@ -0,0 +1,8 @@
+FROM docker.io/library/debian:bullseye
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update \
+    && apt-get install -y fastd isc-dhcp-server radvd radvdump batctl iproute2 curl traceroute bind9-host tcpdump \
+    && rm -rf /var/lib/apt/lists /var/cache/apt/archives
+ENTRYPOINT ["/bin/bash"]
diff --git a/dhcpd/Dockerfile b/dhcpd/Dockerfile
new file mode 100644
index 0000000..03da4bf
--- /dev/null
+++ b/dhcpd/Dockerfile
@@ -0,0 +1,33 @@
+FROM docker.io/library/debian:bullseye
+
+ENV DHCPD_INTERFACE=
+ENV DHCPD_DEFAULT_LEASE_TIME=600
+ENV DHCPD_MAX_LEASE_TIME=7200
+ENV DHCPD_MODE=
+
+ENV DHCPD_DOMAIN=
+
+ENV DHCPD_V4_DNS=
+ENV DHCPD_V4_NET=
+ENV DHCPD_V4_GATEWAY=
+ENV DHCPD_V4_SUBNET=255.255.255.0
+ENV DHCPD_V4_RANGE=
+
+ENV DHCPD_V6_NET=
+ENV DHCPD_V6_RANGE=
+ENV DHCPD_V6_TEMP_NET=
+ENV DHCPD_V6_DNS=
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+EXPOSE 67/udp
+
+RUN apt-get update && \
+    apt-get install -y batctl isc-dhcp-server iproute2 && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+COPY entry-point.sh /entry-point.sh
+
+ENTRYPOINT ["/bin/sh", "/entry-point.sh"]
+
+VOLUME /var/lib/dhcpd
diff --git a/dhcpd/entry-point.sh b/dhcpd/entry-point.sh
new file mode 100644
index 0000000..d169f2b
--- /dev/null
+++ b/dhcpd/entry-point.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+case "${DHCPD_MODE}" in
+  4)
+    cat >/etc/dhcp/dhcpd.conf <<EOF
+default-lease-time ${DHCPD_DEFAULT_LEASE_TIME};
+max-lease-time ${DHCPD_MAX_LEASE_TIME};
+
+subnet ${DHCPD_V4_NET} netmask ${DHCPD_V4_SUBNET} {
+  range ${DHCPD_V4_RANGE};
+EOF
+
+    [ "${DHCPD_V4_GATEWAY}" ] && \
+      printf "  option routers ${DHCPD_V4_GATEWAY};\n" >>/etc/dhcp/dhcpd.conf
+    [ "${DHCPD_DOMAIN}" ] && \
+      printf "  option domain-name \"${DHCPD_V4_DOMAIN}\";\n" >>/etc/dhcp/dhcpd.conf
+    [ "${DHCPD_V4_DNS}" ] && \
+      printf "  option domain-name-servers ${DHCPD_V4_DNS};\n" >>/etc/dhcp/dhcpd.conf
+
+    cat >>/etc/dhcp/dhcpd.conf <<EOF
+    }
+EOF
+    touch /var/lib/dhcp/dhcpd.leases
+    ;;
+
+  6)
+    cat >/etc/dhcp/dhcpd.conf <<EOF
+default-lease-time ${DHCPD_DEFAULT_LEASE_TIME};
+max-lease-time ${DHCPD_MAX_LEASE_TIME};
+
+subnet6 ${DHCPD_V6_NET} {
+  range6 ${DHCPD_V6_RANGE};
+EOF
+    [ "${DHCPD_V6_TEMPORARY_NET}" ] &&
+      printf "  range6 ${DHCPD_V6_TEMPORARY_NET} temporary;\n" >>/etc/dhcp/dhcpd.conf
+    [ "${DHCPD_V6_DNS}" ] &&
+      printf "  option dhcp6.name-servers ${DHCPD_V6_DNS};\n" >>/etc/dhcp/dhcpd.conf
+    [ "${DHCPD_DOMAIN}" ] &&
+      printf "  option dhcp6.domain-search ${DHCPD_DOMAIN};\n" >>/etc/dhcp/dhcpd.conf
+
+    cat >>/etc/dhcp/dhcpd.conf <<EOF
+    }
+EOF
+    touch /var/lib/dhcp/dhcpd6.leases
+    ;;
+
+  *)
+    echo Either DHCPD_MODE 4 or 6 is supported
+    exit 1
+    ;;
+
+esac
+
+/usr/sbin/dhcpd -${DHCPD_MODE} -f -d -cf /etc/dhcp/dhcpd.conf ${DHCPD_INTERFACE}
+
+# vim: expandtab tabstop=2 shiftwidth=2
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..d2b5c2b
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,102 @@
+version: '2.4'
+
+services:
+  batman_network:
+    build: batman/
+    env_file: .env
+    cap_add:
+      - NET_ADMIN
+    sysctls:
+      - net.ipv6.conf.default.disable_ipv6=0
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.forwarding=1
+      - net.ipv6.conf.all.forwarding=1
+    networks:
+      vpn_frontend:
+        ipv4_address: 172.28.0.3
+        ipv6_address: fc00:172:28::3
+    ports:
+      - 10000:10000/udp
+    #privileged: true
+
+  wireguard:
+    build: wireguard/
+    env_file: .env
+    cap_add:
+      - NET_ADMIN
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.forwarding=1
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.disable_ipv6=0
+    volumes:
+      - type: bind
+        source: ./wg0.conf
+        target: /wireguard.conf
+        read_only: true
+    networks:
+      vpn_frontend:
+        ipv4_address: 172.28.0.2
+        ipv6_address: fc00:172:28::2
+
+  fastd_server:
+    build: fastd/
+    env_file: .env
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    network_mode: service:batman_network
+    depends_on:
+      - batman_network
+
+  dhcpd_v4:
+    build: dhcpd/
+    env_file: .env
+    environment:
+      DHCPD_MODE: 4
+    cap_add:
+      - NET_ADMIN
+    network_mode: service:batman_network
+    volumes:
+      - dhcpd_v4_leases:/var/lib/dhcp
+    depends_on:
+      - batman_network
+
+  dhcpd_v6:
+    build: dhcpd/
+    env_file: .env
+    environment:
+      DHCPD_MODE: 6
+    cap_add:
+      - NET_ADMIN
+    network_mode: service:batman_network
+    volumes:
+      - dhcpd_v6_leases:/var/lib/dhcp
+
+  radvd:
+    build: radvd/
+    env_file: .env
+    cap_add:
+      - NET_ADMIN
+    network_mode: service:batman_network
+
+  debug:
+    build: debug/
+    cap_add:
+      - NET_ADMIN
+    network_mode: service:batman_network
+    
+
+volumes:
+  dhcpd_v4_leases:
+  dhcpd_v6_leases:
+
+networks:
+  vpn_frontend:
+    enable_ipv6: yes
+    ipam:
+      driver: default
+      config:
+        - subnet: "172.28.0.0/24"
+        - subnet: "fc00:172:28::/64"
diff --git a/fastd/Dockerfile b/fastd/Dockerfile
new file mode 100644
index 0000000..4e397ba
--- /dev/null
+++ b/fastd/Dockerfile
@@ -0,0 +1,27 @@
+FROM docker.io/library/debian:bullseye
+
+ENV FASTD_INTERFACE=
+ENV FASTD_LOG_LEVEL=info
+ENV FASTD_PORT=10000
+ENV FASTD_MTU=1300
+ENV FASTD_METHODS="salsa2012+umac null"
+ENV FASTD_SECRET_KEY=
+ENV FASTD_ON_UP_MASTER_INTERFACE=
+ENV FASTD_DONT_VERIFY_PEERS=0
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+EXPOSE 10000/udp
+
+RUN apt-get update \
+    && apt-get install -y fastd batctl iproute2 \
+    && rm -rf /var/lib/apt/lists /var/cache/apt/archives
+COPY fastd.conf /etc/fastd/fastd.conf
+COPY on_up.sh /etc/fastd/on_up.sh
+COPY entry-point.sh /entry-point.sh
+RUN chmod +x /entry-point.sh /etc/fastd/on_up.sh \
+    && chmod 600 /etc/fastd/fastd.conf \
+    && touch /etc/fastd/fastd_generated.conf \
+    && mkdir -p /etc/fastd/peers
+
+ENTRYPOINT ["/bin/sh", "/entry-point.sh"]
diff --git a/fastd/entry-point.sh b/fastd/entry-point.sh
new file mode 100755
index 0000000..6a5186b
--- /dev/null
+++ b/fastd/entry-point.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+umask 600
+set -x
+
+cat >>/etc/fastd/fastd_generated.conf <<EOF
+secret "${FASTD_SECRET_KEY}";
+log level ${FASTD_LOG_LEVEL};
+mtu ${FASTD_MTU};
+bind 0.0.0.0:${FASTD_PORT};
+peer limit ${FASTD_PEER_LIMIT};
+EOF
+if [ "${FASTD_INTERFACE}" ] ; then
+    echo "interface \"${FASTD_INTERFACE}\";" >>/etc/fastd/fastd_generated.conf
+else
+    echo "interface \"fastd-`hostname`\";" >>/etc/fastd/fastd_generated.conf
+fi
+if [ "${FASTD_DONT_VERIFY_PEERS}" = "1" ] ; then
+    printf 'on verify sync "true";\n' >>/etc/fastd/fastd_generated.conf
+fi
+
+for method in ${FASTD_METHODS} ; do
+    echo "method \"${method}\";" >>/etc/fastd/fastd_generated.conf
+done
+
+exec /usr/bin/fastd --config /etc/fastd/fastd.conf
diff --git a/fastd/fastd.conf b/fastd/fastd.conf
new file mode 100644
index 0000000..cb9f9b4
--- /dev/null
+++ b/fastd/fastd.conf
@@ -0,0 +1,5 @@
+drop capabilities yes;
+mode tap;
+include peers from "/etc/fastd/peers";
+include "/etc/fastd/fastd_generated.conf";
+on up "/etc/fastd/on_up.sh";
diff --git a/fastd/on_up.sh b/fastd/on_up.sh
new file mode 100755
index 0000000..348d40e
--- /dev/null
+++ b/fastd/on_up.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+ip link set up dev ${INTERFACE}
+[ "${FASTD_ON_UP_MASTER_INTERFACE}" ] &&
+    /sbin/ip link set ${INTERFACE} master "${FASTD_ON_UP_MASTER_INTERFACE}"
+[ "${FASTD_BATMAN_INTERFACE}" ] && \
+    /usr/sbin/batctl meshif "${FASTD_BATMAN_INTERFACE}" if add "${INTERFACE}"
diff --git a/radvd/Dockerfile b/radvd/Dockerfile
new file mode 100644
index 0000000..5aab828
--- /dev/null
+++ b/radvd/Dockerfile
@@ -0,0 +1,20 @@
+FROM docker.io/library/debian:bullseye
+
+ENV RADVD_INTERFACE=
+ENV RADVD_ADV_MANAGEMENT_FLAG=off
+ENV RADVD_MTU=1500
+ENV RADVD_ADV_MANAGEMENT_FLAG=
+ENV RADVD_SOURCE_LL_ADDRESS=
+ENV RADVD_PREFIX=
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && \
+    apt-get install -y radvd && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+COPY entry-point.sh /entry-point.sh
+
+RUN chmod +x /entry-point.sh
+
+ENTRYPOINT ["/bin/sh", "/entry-point.sh"]
diff --git a/radvd/entry-point.sh b/radvd/entry-point.sh
new file mode 100644
index 0000000..cc60d34
--- /dev/null
+++ b/radvd/entry-point.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+cat >/etc/radvd.conf <<EOF
+interface ${RADVD_INTERFACE} {
+  AdvSendAdvert on;
+  IgnoreIfMissing on;
+EOF
+
+[ "${RADVD_ADV_MANAGEMENT_FLAG}" ] && \
+  echo "  AdvManagedFlag ${RADVD_ADV_MANAGEMENT_FLAG};" >>/etc/radvd.conf
+[ "${RADVD_MTU}" ] && \
+  echo "  AdvLinkMTU ${RADVD_MTU};" >>/etc/radvd.conf
+[ "${RADVD_SOURCE_LL_ADDRESS}" ] && \
+  echo "  AdvSourceLLAddress ${RADVD_SOURCE_LL_ADDRESS};" >>/etc/radvd.conf
+[ "${RADVD_OTHER_CONFIG_FLAG}" ] && \
+  echo "  AdvOtherConfigFlag ${RADVD_OTHER_CONFIG_FLAG};" >>/etc/radvd.conf
+  
+cat >>/etc/radvd.conf <<EOF
+  prefix ${RADVD_PREFIX}
+  {
+    AdvOnLink on;
+    AdvAutonomous on;
+    AdvRouterAddr on;
+    DeprecatePrefix on;
+  };
+};
+EOF
+
+/usr/sbin/radvd --config=/etc/radvd.conf --logmethod=stderr --nodaemon
+
+# vim: expandtab tabstop=2 shiftwidth=2
diff --git a/wireguard/Dockerfile b/wireguard/Dockerfile
new file mode 100644
index 0000000..df866e9
--- /dev/null
+++ b/wireguard/Dockerfile
@@ -0,0 +1,17 @@
+FROM docker.io/library/debian:bullseye
+
+ARG DEBIAN_FRONTEND=noninteractive
+ENV WIREGUARD_INTERFACE=wg0
+
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y wireguard-tools nftables procps iproute2 inetutils-ping inetutils-traceroute curl && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+# patch wireguard script for running in docker
+RUN mv /usr/bin/wg-quick /usr/bin/wg-quick.org && \
+    egrep -v 'sysctl -q net.ipv4.conf.all.src_valid_mark=1' /usr/bin/wg-quick.org >/usr/bin/wg-quick && \
+    chmod +x /usr/bin/wg-quick
+COPY entry-point.sh /entry-point.sh
+
+ENTRYPOINT ["/bin/sh", "/entry-point.sh"]
+
diff --git a/wireguard/entry-point.sh b/wireguard/entry-point.sh
new file mode 100644
index 0000000..a133e4c
--- /dev/null
+++ b/wireguard/entry-point.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# remove dns defintion, because resolv.conf is write protected in the container
+[ "${WIREGUARD_CONFIG}" ] && \
+    egrep -v '^\s*DNS\s*=' ${WIREGUARD_CONFIG} >/etc/wireguard/${WIREGUARD_INTERFACE}.conf
+
+wg-quick up ${WIREGUARD_INTERFACE}
+nft add rule nat POSTROUTING counter masquerade
+while true ; do
+    sleep 3600
+done
+