From b81ee39634c2f3b24dedca631c46b6cc676b54a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20B=C3=B6hm?= <alexander.boehm@malbolge.net>
Date: Mon, 11 Apr 2022 18:01:29 +0200
Subject: [PATCH] Removed predefined env file, some refactoring

---
 .env                  | 10 +++---
 batman/entry-point.sh | 24 +++++++-------
 debug/Dockerfile      | 20 +++++++++---
 debug/entry-point.sh  |  4 +++
 docker-compose.yml    |  4 ++-
 restart.sh            |  4 +--
 setup.yml             | 75 +++++++++++++++++++++++++++++++++++++++++++
 7 files changed, 117 insertions(+), 24 deletions(-)
 create mode 100644 debug/entry-point.sh
 create mode 100644 setup.yml

diff --git a/.env b/.env
index b326759..ef79577 100644
--- a/.env
+++ b/.env
@@ -1,6 +1,6 @@
-BATMAN_BRIDGE_IPV4=172.29.0.1/24
-BATMAN_BRIDGE_IPV6=fc00:1234:5678::1/24
-BATMAN_BRIDGE=br-batman0
+BATMAN_IPV4=172.29.0.1/24
+BATMAN_IPV6=fc00:1234:5678::1/24
+BATMAN_BRIDGE=batman0
 BATMAN_FORWARD_GATEWAY4=172.28.0.2
 BATMAN_FORWARD_GATEWAY6=fc00:172:28::2
 BATMAN_LIMIT_DOWNLOAD=1000
@@ -22,9 +22,9 @@ DHCPD_V4_RANGE=172.29.0.16 172.29.0.32
 DHCPD_V4_GATEWAY=172.29.0.1
 DHCPD_V6_NET=fc00:1234:5678::/64
 DHCPD_V6_RANGE=fc00:1234:5678::1000 fc00:1234:5678::1fff
-DHCPD_INTERFACE=br-batman0
+DHCPD_INTERFACE=batman0
 
-RADVD_INTERFACE=br-batman0
+RADVD_INTERFACE=batman0
 RADVD_PREFIX=fc00:1234:5678::/64
 RADVD_SOURCE_LL_ADDRESS=on
 RADVD_ADV_MANAGEMENT_FLAG=on
diff --git a/batman/entry-point.sh b/batman/entry-point.sh
index ff0098e..e55983c 100644
--- a/batman/entry-point.sh
+++ b/batman/entry-point.sh
@@ -5,28 +5,28 @@ batctl meshif ${BATMAN_INTERFACE} interface create
 ip link set ${BATMAN_INTERFACE} up
 
 # setup ips
-if [ "${BATMAN_BRIDGE_IPV4}" ] ; then
-    ip -4 addr add ${BATMAN_BRIDGE_IPV4} dev ${BATMAN_INTERFACE}
+if [ "${BATMAN_IPV4}" ] ; then
+    ip -4 addr add ${BATMAN_IPV4} dev ${BATMAN_INTERFACE}
 fi
 if [ "${BATMAN_BRIDGE_IPV6}" ] ; then
-    ip -6 addr add ${BATMAN_BRIDGE_IPV6} dev ${BATMAN_INTERFACE}
+    ip -6 addr add ${BATMAN_IPV6} dev ${BATMAN_INTERFACE}
 fi
 
 # mark node as dhcp server
 batctl meshif ${BATMAN_INTERFACE} gw server ${BATMAN_LIMIT_DOWNLOAD}Mbit/${BATMAN_LIMIT_UPLOAD}Mbit
 
-nft add table ip nat || true
-nft add chain 'ip nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }' || true
-nft add rule nat POSTROUTING counter masquerade || true
-nft add table ip6 nat || true
-nft add chain 'ip6 nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }' || true
-nft add rule ip6 nat POSTROUTING counter masquerade || true
-
-# remove dns defintion, because resolv.conf is write protected in the container
 if [ "${WIREGUARD_CONFIG}" ] ; then \
+    nft add table ip nat || true
+    nft add chain 'ip nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }' || true
+    nft add rule nat POSTROUTING counter masquerade || true
+    nft add table ip6 nat || true
+    nft add chain 'ip6 nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }' || true
+    nft add rule ip6 nat POSTROUTING counter masquerade || true
+
+    # remove dns defintion, because resolv.conf is write protected in the container
     egrep -v '^\s*DNS\s*=' ${WIREGUARD_CONFIG} >/etc/wireguard/${WIREGUARD_INTERFACE}.conf
     wg-quick up ${WIREGUARD_INTERFACE}
-    ip rule add iif br-batman0 table 5000
+    ip rule add iif ${BATMAN_INTERFACE} table 5000
 fi
 
 cat >/etc/radvd.conf <<EOF
diff --git a/debug/Dockerfile b/debug/Dockerfile
index a51862d..f416f75 100644
--- a/debug/Dockerfile
+++ b/debug/Dockerfile
@@ -1,8 +1,20 @@
 FROM docker.io/library/debian:bullseye
 
-ARG DEBIAN_FRONTEND=noninteractive
-
 RUN apt-get update \
-    && apt-get install -y fastd isc-dhcp-server radvd radvdump batctl iproute2 curl traceroute bind9-host tcpdump nftables inetutils-ping \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+	radvdump \
+	batctl \
+	iproute2 \
+	curl \
+	traceroute \
+	bind9-host \
+	tcpdump \
+	nftables \
+	inetutils-ping \
+	procps \
+	nmap \
     && rm -rf /var/lib/apt/lists /var/cache/apt/archives
-ENTRYPOINT ["/bin/bash"]
+
+COPY entry-point.sh /entry-point.sh
+
+ENTRYPOINT ["/entry-point.sh"]
diff --git a/debug/entry-point.sh b/debug/entry-point.sh
new file mode 100644
index 0000000..bde6672
--- /dev/null
+++ b/debug/entry-point.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+mount -t debugfs debugfs /sys/kernel/debug
+/bin/bash
diff --git a/docker-compose.yml b/docker-compose.yml
index 5d222da..c14534b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -42,7 +42,7 @@ services:
         ipv4_address: 172.28.0.2
         ipv6_address: fc00:172:28::2
 
-  fastd_server:
+  fastd:
     build: fastd/
     env_file: .env
     cap_add:
@@ -90,7 +90,9 @@ services:
     build: debug/
     cap_add:
       - NET_ADMIN
+      - SYS_ADMIN
     network_mode: service:batman
+    privileged: true
     
 
 volumes:
diff --git a/restart.sh b/restart.sh
index 5417358..4429362 100755
--- a/restart.sh
+++ b/restart.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
 
 docker-compose down -t 0
-docker-compose build batman fastd_server dhcpd_v4 dhcpd_v6 debug
-docker-compose --env-file .env up -d batman fastd_server dhcpd_v4 dhcpd_v6
+docker-compose build batman fastd dhcpd_v4 dhcpd_v6 debug
+docker-compose --env-file .env up -d batman fastd dhcpd_v4 dhcpd_v6
diff --git a/setup.yml b/setup.yml
new file mode 100644
index 0000000..07b2bab
--- /dev/null
+++ b/setup.yml
@@ -0,0 +1,75 @@
+- hosts: localhost
+  vars:
+    dhcp_start_num: 10
+  vars_prompt:
+    - name: node_network_ipv4
+      prompt: 'IPv4 network?'
+      default: '172.29.0.1/24'
+    - name: node_network_ipv6
+      prompt: 'IPv6 network?'
+      default: 'fc00:1234:5678::/64'
+    - name: batman_interface
+      prompt: 'Name of the BATMAN interface?'
+      default: batman0
+    - name: batman_limit_upload
+      prompt: 'Limit BATMAN upload? (none no limit)'
+    - name: batman_limit_download
+      prompt: 'Limit BATMAN download? (none no limit)'
+    - name: fastd_secret_key
+      prompt: 'fastd secret key?'
+    - name: fastd_log_level
+      prompt: 'fastd log level?'
+      default: info
+    - name: fastd_verify_client_peers
+      prompt: 'fastd verify client peers?'
+      default: no
+    - name: fastd_mtu
+      prompt: 'fastd MTU?'
+      default: 1300
+    - name: fastd_peer_limit
+      prompt: 'fastd peer limit?'
+      default: 100
+    - name: max_number_of_clients
+      prompt: 'Max number of clients'
+      default: 100
+
+  tasks:
+    - stat:
+        path: .env
+      register: env_file
+
+    - fail:
+        msg: "The .env file already exists so it's seem the node was already set up. Delete the file and repeat if you want to set up again."
+      when: env_file.stat.exists
+
+    - copy:
+        content: |
+          BATMAN_IPV4={{ node_network_ipv4 }}
+          BATMAN_IPV6={{ node_network_ipv6 }}
+          BATMAN_BRIDGE={{ batman_interface }}
+          BATMAN_LIMIT_DOWNLOAD={{ batman_limit_download }}
+          BATMAN_LIMIT_UPLOAD={{ batman_limit_upload }}
+
+          FASTD_BATMAN_INTERFACE={{ batman_interface }}
+          FASTD_SECRET_KEY={{ fastd_secret_key }}
+          FASTD_LOG_LEVEL={{ fastd_log_level }}
+          FASTD_DONT_VERIFY_PEERS={% if fastd_verify_client_peers %}0{% else %}1{% endif %}
+          FASTD_INTERFACE=
+          FASTD_PEER_LIMIT={{ fastd_peer_limit }}
+          FASTD_MTU={{ fastd_mtu }}
+
+          DHCPD_V4_NET={{ node_network_ipv4 |ipaddr('net') }}
+          DHCPD_V4_RANGE={{ node_network_ipv4 |ipaddr(dhcp_start_num |int) }} {{ node_network_ipv4 |ipaddr((dhcp_start_num |int) + (max_number_of_clients |int)) }}
+          DHCPD_V6_NET={{ node_network_ipv6 }}
+          DHCPD_V6_RANGE={{ node_network_ipv6 |ipaddr(dhcp_start_num |int) }} {{ node_network_ipv6 |ipaddr((dhcp_start_num |int) + (max_number_of_clients |int)) }}
+          DHCPD_INTERFACE={{ batman_interface }}
+
+          RADVD_INTERFACE={{ batman_interface }}
+          RADVD_PREFIX={{ node_network_ipv6 }}
+          RADVD_SOURCE_LL_ADDRESS=on
+          RADVD_ADV_MANAGEMENT_FLAG=on
+          RADVD_OTHER_CONFIG_FLAG=on
+          RADVD_MTU={{ fastd_mtu }}
+        dest: .env
+        mode: u=rw,g=,o=
+      when: False