Removed predefined env file, some refactoring
This commit is contained in:
parent
8d98a11c13
commit
b81ee39634
10
.env
10
.env
|
@ -1,6 +1,6 @@
|
||||||
BATMAN_BRIDGE_IPV4=172.29.0.1/24
|
BATMAN_IPV4=172.29.0.1/24
|
||||||
BATMAN_BRIDGE_IPV6=fc00:1234:5678::1/24
|
BATMAN_IPV6=fc00:1234:5678::1/24
|
||||||
BATMAN_BRIDGE=br-batman0
|
BATMAN_BRIDGE=batman0
|
||||||
BATMAN_FORWARD_GATEWAY4=172.28.0.2
|
BATMAN_FORWARD_GATEWAY4=172.28.0.2
|
||||||
BATMAN_FORWARD_GATEWAY6=fc00:172:28::2
|
BATMAN_FORWARD_GATEWAY6=fc00:172:28::2
|
||||||
BATMAN_LIMIT_DOWNLOAD=1000
|
BATMAN_LIMIT_DOWNLOAD=1000
|
||||||
|
@ -22,9 +22,9 @@ DHCPD_V4_RANGE=172.29.0.16 172.29.0.32
|
||||||
DHCPD_V4_GATEWAY=172.29.0.1
|
DHCPD_V4_GATEWAY=172.29.0.1
|
||||||
DHCPD_V6_NET=fc00:1234:5678::/64
|
DHCPD_V6_NET=fc00:1234:5678::/64
|
||||||
DHCPD_V6_RANGE=fc00:1234:5678::1000 fc00:1234:5678::1fff
|
DHCPD_V6_RANGE=fc00:1234:5678::1000 fc00:1234:5678::1fff
|
||||||
DHCPD_INTERFACE=br-batman0
|
DHCPD_INTERFACE=batman0
|
||||||
|
|
||||||
RADVD_INTERFACE=br-batman0
|
RADVD_INTERFACE=batman0
|
||||||
RADVD_PREFIX=fc00:1234:5678::/64
|
RADVD_PREFIX=fc00:1234:5678::/64
|
||||||
RADVD_SOURCE_LL_ADDRESS=on
|
RADVD_SOURCE_LL_ADDRESS=on
|
||||||
RADVD_ADV_MANAGEMENT_FLAG=on
|
RADVD_ADV_MANAGEMENT_FLAG=on
|
||||||
|
|
|
@ -5,28 +5,28 @@ batctl meshif ${BATMAN_INTERFACE} interface create
|
||||||
ip link set ${BATMAN_INTERFACE} up
|
ip link set ${BATMAN_INTERFACE} up
|
||||||
|
|
||||||
# setup ips
|
# setup ips
|
||||||
if [ "${BATMAN_BRIDGE_IPV4}" ] ; then
|
if [ "${BATMAN_IPV4}" ] ; then
|
||||||
ip -4 addr add ${BATMAN_BRIDGE_IPV4} dev ${BATMAN_INTERFACE}
|
ip -4 addr add ${BATMAN_IPV4} dev ${BATMAN_INTERFACE}
|
||||||
fi
|
fi
|
||||||
if [ "${BATMAN_BRIDGE_IPV6}" ] ; then
|
if [ "${BATMAN_BRIDGE_IPV6}" ] ; then
|
||||||
ip -6 addr add ${BATMAN_BRIDGE_IPV6} dev ${BATMAN_INTERFACE}
|
ip -6 addr add ${BATMAN_IPV6} dev ${BATMAN_INTERFACE}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# mark node as dhcp server
|
# mark node as dhcp server
|
||||||
batctl meshif ${BATMAN_INTERFACE} gw server ${BATMAN_LIMIT_DOWNLOAD}Mbit/${BATMAN_LIMIT_UPLOAD}Mbit
|
batctl meshif ${BATMAN_INTERFACE} gw server ${BATMAN_LIMIT_DOWNLOAD}Mbit/${BATMAN_LIMIT_UPLOAD}Mbit
|
||||||
|
|
||||||
nft add table ip nat || true
|
|
||||||
nft add chain 'ip nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }' || true
|
|
||||||
nft add rule nat POSTROUTING counter masquerade || true
|
|
||||||
nft add table ip6 nat || true
|
|
||||||
nft add chain 'ip6 nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }' || true
|
|
||||||
nft add rule ip6 nat POSTROUTING counter masquerade || true
|
|
||||||
|
|
||||||
# remove dns defintion, because resolv.conf is write protected in the container
|
|
||||||
if [ "${WIREGUARD_CONFIG}" ] ; then \
|
if [ "${WIREGUARD_CONFIG}" ] ; then \
|
||||||
|
nft add table ip nat || true
|
||||||
|
nft add chain 'ip nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }' || true
|
||||||
|
nft add rule nat POSTROUTING counter masquerade || true
|
||||||
|
nft add table ip6 nat || true
|
||||||
|
nft add chain 'ip6 nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }' || true
|
||||||
|
nft add rule ip6 nat POSTROUTING counter masquerade || true
|
||||||
|
|
||||||
|
# remove dns defintion, because resolv.conf is write protected in the container
|
||||||
egrep -v '^\s*DNS\s*=' ${WIREGUARD_CONFIG} >/etc/wireguard/${WIREGUARD_INTERFACE}.conf
|
egrep -v '^\s*DNS\s*=' ${WIREGUARD_CONFIG} >/etc/wireguard/${WIREGUARD_INTERFACE}.conf
|
||||||
wg-quick up ${WIREGUARD_INTERFACE}
|
wg-quick up ${WIREGUARD_INTERFACE}
|
||||||
ip rule add iif br-batman0 table 5000
|
ip rule add iif ${BATMAN_INTERFACE} table 5000
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cat >/etc/radvd.conf <<EOF
|
cat >/etc/radvd.conf <<EOF
|
||||||
|
|
|
@ -1,8 +1,20 @@
|
||||||
FROM docker.io/library/debian:bullseye
|
FROM docker.io/library/debian:bullseye
|
||||||
|
|
||||||
ARG DEBIAN_FRONTEND=noninteractive
|
|
||||||
|
|
||||||
RUN apt-get update \
|
RUN apt-get update \
|
||||||
&& apt-get install -y fastd isc-dhcp-server radvd radvdump batctl iproute2 curl traceroute bind9-host tcpdump nftables inetutils-ping \
|
&& DEBIAN_FRONTEND=noninteractive apt-get install -y \
|
||||||
|
radvdump \
|
||||||
|
batctl \
|
||||||
|
iproute2 \
|
||||||
|
curl \
|
||||||
|
traceroute \
|
||||||
|
bind9-host \
|
||||||
|
tcpdump \
|
||||||
|
nftables \
|
||||||
|
inetutils-ping \
|
||||||
|
procps \
|
||||||
|
nmap \
|
||||||
&& rm -rf /var/lib/apt/lists /var/cache/apt/archives
|
&& rm -rf /var/lib/apt/lists /var/cache/apt/archives
|
||||||
ENTRYPOINT ["/bin/bash"]
|
|
||||||
|
COPY entry-point.sh /entry-point.sh
|
||||||
|
|
||||||
|
ENTRYPOINT ["/entry-point.sh"]
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
mount -t debugfs debugfs /sys/kernel/debug
|
||||||
|
/bin/bash
|
|
@ -42,7 +42,7 @@ services:
|
||||||
ipv4_address: 172.28.0.2
|
ipv4_address: 172.28.0.2
|
||||||
ipv6_address: fc00:172:28::2
|
ipv6_address: fc00:172:28::2
|
||||||
|
|
||||||
fastd_server:
|
fastd:
|
||||||
build: fastd/
|
build: fastd/
|
||||||
env_file: .env
|
env_file: .env
|
||||||
cap_add:
|
cap_add:
|
||||||
|
@ -90,7 +90,9 @@ services:
|
||||||
build: debug/
|
build: debug/
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
|
- SYS_ADMIN
|
||||||
network_mode: service:batman
|
network_mode: service:batman
|
||||||
|
privileged: true
|
||||||
|
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
docker-compose down -t 0
|
docker-compose down -t 0
|
||||||
docker-compose build batman fastd_server dhcpd_v4 dhcpd_v6 debug
|
docker-compose build batman fastd dhcpd_v4 dhcpd_v6 debug
|
||||||
docker-compose --env-file .env up -d batman fastd_server dhcpd_v4 dhcpd_v6
|
docker-compose --env-file .env up -d batman fastd dhcpd_v4 dhcpd_v6
|
||||||
|
|
|
@ -0,0 +1,75 @@
|
||||||
|
- hosts: localhost
|
||||||
|
vars:
|
||||||
|
dhcp_start_num: 10
|
||||||
|
vars_prompt:
|
||||||
|
- name: node_network_ipv4
|
||||||
|
prompt: 'IPv4 network?'
|
||||||
|
default: '172.29.0.1/24'
|
||||||
|
- name: node_network_ipv6
|
||||||
|
prompt: 'IPv6 network?'
|
||||||
|
default: 'fc00:1234:5678::/64'
|
||||||
|
- name: batman_interface
|
||||||
|
prompt: 'Name of the BATMAN interface?'
|
||||||
|
default: batman0
|
||||||
|
- name: batman_limit_upload
|
||||||
|
prompt: 'Limit BATMAN upload? (none no limit)'
|
||||||
|
- name: batman_limit_download
|
||||||
|
prompt: 'Limit BATMAN download? (none no limit)'
|
||||||
|
- name: fastd_secret_key
|
||||||
|
prompt: 'fastd secret key?'
|
||||||
|
- name: fastd_log_level
|
||||||
|
prompt: 'fastd log level?'
|
||||||
|
default: info
|
||||||
|
- name: fastd_verify_client_peers
|
||||||
|
prompt: 'fastd verify client peers?'
|
||||||
|
default: no
|
||||||
|
- name: fastd_mtu
|
||||||
|
prompt: 'fastd MTU?'
|
||||||
|
default: 1300
|
||||||
|
- name: fastd_peer_limit
|
||||||
|
prompt: 'fastd peer limit?'
|
||||||
|
default: 100
|
||||||
|
- name: max_number_of_clients
|
||||||
|
prompt: 'Max number of clients'
|
||||||
|
default: 100
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- stat:
|
||||||
|
path: .env
|
||||||
|
register: env_file
|
||||||
|
|
||||||
|
- fail:
|
||||||
|
msg: "The .env file already exists so it's seem the node was already set up. Delete the file and repeat if you want to set up again."
|
||||||
|
when: env_file.stat.exists
|
||||||
|
|
||||||
|
- copy:
|
||||||
|
content: |
|
||||||
|
BATMAN_IPV4={{ node_network_ipv4 }}
|
||||||
|
BATMAN_IPV6={{ node_network_ipv6 }}
|
||||||
|
BATMAN_BRIDGE={{ batman_interface }}
|
||||||
|
BATMAN_LIMIT_DOWNLOAD={{ batman_limit_download }}
|
||||||
|
BATMAN_LIMIT_UPLOAD={{ batman_limit_upload }}
|
||||||
|
|
||||||
|
FASTD_BATMAN_INTERFACE={{ batman_interface }}
|
||||||
|
FASTD_SECRET_KEY={{ fastd_secret_key }}
|
||||||
|
FASTD_LOG_LEVEL={{ fastd_log_level }}
|
||||||
|
FASTD_DONT_VERIFY_PEERS={% if fastd_verify_client_peers %}0{% else %}1{% endif %}
|
||||||
|
FASTD_INTERFACE=
|
||||||
|
FASTD_PEER_LIMIT={{ fastd_peer_limit }}
|
||||||
|
FASTD_MTU={{ fastd_mtu }}
|
||||||
|
|
||||||
|
DHCPD_V4_NET={{ node_network_ipv4 |ipaddr('net') }}
|
||||||
|
DHCPD_V4_RANGE={{ node_network_ipv4 |ipaddr(dhcp_start_num |int) }} {{ node_network_ipv4 |ipaddr((dhcp_start_num |int) + (max_number_of_clients |int)) }}
|
||||||
|
DHCPD_V6_NET={{ node_network_ipv6 }}
|
||||||
|
DHCPD_V6_RANGE={{ node_network_ipv6 |ipaddr(dhcp_start_num |int) }} {{ node_network_ipv6 |ipaddr((dhcp_start_num |int) + (max_number_of_clients |int)) }}
|
||||||
|
DHCPD_INTERFACE={{ batman_interface }}
|
||||||
|
|
||||||
|
RADVD_INTERFACE={{ batman_interface }}
|
||||||
|
RADVD_PREFIX={{ node_network_ipv6 }}
|
||||||
|
RADVD_SOURCE_LL_ADDRESS=on
|
||||||
|
RADVD_ADV_MANAGEMENT_FLAG=on
|
||||||
|
RADVD_OTHER_CONFIG_FLAG=on
|
||||||
|
RADVD_MTU={{ fastd_mtu }}
|
||||||
|
dest: .env
|
||||||
|
mode: u=rw,g=,o=
|
||||||
|
when: False
|
Loading…
Reference in New Issue