From 832f22e921c6af3a5f07a90d17ff04c28abc6b14 Mon Sep 17 00:00:00 2001 From: LipkeGu Date: Sat, 10 Aug 2024 00:10:53 +0200 Subject: [PATCH 001/254] Init location "FBLipke" and device "nsm2_xw" --- group_vars/model_ubnt_nanostation_m2_xw.yml | 29 ++++++++ locations/fblipke.yml | 75 +++++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 group_vars/model_ubnt_nanostation_m2_xw.yml create mode 100644 locations/fblipke.yml diff --git a/group_vars/model_ubnt_nanostation_m2_xw.yml b/group_vars/model_ubnt_nanostation_m2_xw.yml new file mode 100644 index 000000000..c9ad8f418 --- /dev/null +++ b/group_vars/model_ubnt_nanostation_m2_xw.yml @@ -0,0 +1,29 @@ +--- +override_target: "ubnt_nanostation-m" +target: ath79/tiny +brand_nice: Ubiquiti +model_nice: Ubiquiti Nanostation M2 (XW) +version_nice: XW + +switch_ports: 3 +switch_int_port: 0 +switch_ignore_ports: [1, 2, 3, 4] +int_port: eth0 +low_mem: false #XW has 64MB + +dsa_ports: + - lan + - wan + +wireless_devices: + - name: 11g_standard + band: 2g + htmode_prefix: HT + path: platform/ahb/18100000.wmac + ifname_hint: wlan2 + antenna_gain: 8 + +poe_ports: + - name: PoE Passthrough + gpio_pin: 2 + value: 0 diff --git a/locations/fblipke.yml b/locations/fblipke.yml new file mode 100644 index 000000000..4657e47be --- /dev/null +++ b/locations/fblipke.yml @@ -0,0 +1,75 @@ +--- +location: fblipke +location_nice: FBLipke - Freifunk Berlin +latitude: 52.484948320 +longitude: 13.443380903 +altitude: 42 +height: 13 +contact_name: 'Guido L.' +contact_nickname: 'LipkeGu' +contacts: + - 'contact@fblipke.de' +hosts: + - hostname: fblipke-core + role: corerouter + model: "x86_64" + wireless_profile: freifunk_default + low_flash: true + - hostname: fblipke-ap01 + role: ap + model: "ubnt_nanostation_m2_xw" + wireless_profile: freifunk_default + low_flash: true + +ipv6_prefix: "2001:bf7:850:1500::/56" + +networks: + - vid: 20 + role: mesh + name: 11s_n_2g + prefix: 10.248.2.200/32 + ipv6_subprefix: -20 + mesh_ap: fblipke-core + mesh_radio: 11g_standard + mesh_iface: mesh + - vid: 40 + role: dhcp + prefix: 10.248.3.128/27 + ipv6_subprefix: 0 + inbound_filtering: true + enforce_client_isolation: true + no_corerouter_dns_record: true + assignments: + fblipke-core: 129 + fblipke-ap01: 130 + - vid: 42 + role: mgmt + prefix: 10.248.3.160/28 + gateway: 1 + ntp: 1 + ipv6_subprefix: 1 + assignments: + fblipke-core: 1 + fblipke-ap01: 2 + - vid: 50 + role: uplink + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.3.177/32 + wireguard_port: 51820 + +location__wireless_profiles__to_merge: + - name: foobar + devices: + - radio: 11g_standard + legacy_rates: false + country: DE + ifaces: + - mode: ap + ssid: berlin.freifunk.net + encryption: none + network: dhcp + radio: [11a_standard, 11g_standard] + ifname_hint: ff From 0333fc48d736a4969f62633fc614caf46ea5185d Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 13 Aug 2024 06:12:31 +0000 Subject: [PATCH 002/254] w38b: add mac_overrides --- locations/w38b.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/locations/w38b.yml b/locations/w38b.yml index d5b818498..f671280ae 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -13,11 +13,13 @@ hosts: model: "netgear_wax202" wireless_profile: w38b wifi_roaming: true + mac_override: {eth0: 34:98:b5:0f:37:5f} - hostname: w38b-ap1 role: ap model: "dlink_covr-x1860-a1" wireless_profile: w38b wifi_roaming: true + mac_override: {eth0: 0c:0e:76:cf:2e:3a} snmp_devices: - hostname: w38b-sama From 82573abd348557621ac96c81edbfc5dc79fcd22a Mon Sep 17 00:00:00 2001 From: Packet Please Date: Sun, 11 Aug 2024 15:39:14 +0200 Subject: [PATCH 003/254] dragonkiez-adlerhalle: upgrade to 23.05 --- locations/dragonkiez-adlerhalle.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/locations/dragonkiez-adlerhalle.yml b/locations/dragonkiez-adlerhalle.yml index be6a6d6a1..f014b97d3 100644 --- a/locations/dragonkiez-adlerhalle.yml +++ b/locations/dragonkiez-adlerhalle.yml @@ -8,8 +8,6 @@ height: 2 community: true hosts: - # TODO: upgrade this host to OpenWrt 23.05, special flash procedure required - # see bbb-configs commit ac0e8e53550fba52136eff27ea0b273e9d3eea8f - hostname: dragonkiez-adlerhalle role: corerouter model: "ubnt_unifiac-mesh" From a26da5217d50d90ad83afc0113a8768c1aeea41e Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 13 Aug 2024 17:46:00 +0200 Subject: [PATCH 004/254] model: add cudy_x6-v1 --- group_vars/model_cudy_x6_v1.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 group_vars/model_cudy_x6_v1.yml diff --git a/group_vars/model_cudy_x6_v1.yml b/group_vars/model_cudy_x6_v1.yml new file mode 100644 index 000000000..2426aad2c --- /dev/null +++ b/group_vars/model_cudy_x6_v1.yml @@ -0,0 +1,19 @@ +--- +target: ramips/mt7621 +brand_nice: Cudy +model_nice: X6 +version_nice: v1 + +int_port: lan + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: HE + path: 1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HE + path: 1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0 + ifname_hint: wlan2 From 542fcf9a9436e52d9d7a0042d0c3f0b792df61b0 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 13 Aug 2024 17:46:23 +0200 Subject: [PATCH 005/254] kub: replace broken ap1 with cudy_x6 --- locations/kub.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/locations/kub.yml b/locations/kub.yml index f99915b81..d5d25be14 100644 --- a/locations/kub.yml +++ b/locations/kub.yml @@ -14,9 +14,11 @@ hosts: model: "avm_fritzbox-7530" wireless_profile: freifunk_default + # Special vlan config: + # - kub-ap1 vlan 40: 0t 1t 2 3 4 - hostname: kub-ap1 role: ap - model: "avm_fritzbox-7530" + model: "cudy_x6-v1" snmp_devices: - hostname: kub-simeon @@ -58,6 +60,3 @@ networks: kub-core: 1 kub-simeon: 2 kub-ap1: 14 - -# Special vlan config: -# - kub-ap1 vlan 40: 0t 1t 2 3 4 From 1d29464cca5a479110848486f9549fa97b792cf4 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 13 Aug 2024 17:46:39 +0200 Subject: [PATCH 006/254] suedblock: new corerouter cudy_x6 --- locations/suedblock.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/suedblock.yml b/locations/suedblock.yml index dd2577d1b..1556a3d1f 100644 --- a/locations/suedblock.yml +++ b/locations/suedblock.yml @@ -16,7 +16,7 @@ hosts: - hostname: suedblock-core role: corerouter - model: "avm_fritzbox-4040" + model: "cudy_x6-v1" wireless_profile: freifunk_default dhcp_no_ping: false From 0b47bb9734ea48fbea9ab47ec3d603612269c082 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 13 Aug 2024 06:14:36 +0000 Subject: [PATCH 007/254] kiezladen154: fix config typo --- locations/kiezladen154.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/kiezladen154.yml b/locations/kiezladen154.yml index 7b064d550..b6ba5d07e 100644 --- a/locations/kiezladen154.yml +++ b/locations/kiezladen154.yml @@ -41,7 +41,7 @@ networks: prefix: 10.248.4.0/25 ipv6_subprefix: 0 inbound_filtering: true - enforce_client_isolation: tru + enforce_client_isolation: true assignments: kiezladen154-core: 1 From 91475a14252f57a4349021934bc39fbcd7cfb3ae Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 28 Jul 2024 07:09:55 +0000 Subject: [PATCH 008/254] workflows: added VID / VLAN name duplication check --- .github/checks/check-vlan-duplicates.sh | 32 +++++++++++++++++++++ .github/workflows/check-vlan-duplicates.yml | 17 +++++++++++ 2 files changed, 49 insertions(+) create mode 100755 .github/checks/check-vlan-duplicates.sh create mode 100644 .github/workflows/check-vlan-duplicates.yml diff --git a/.github/checks/check-vlan-duplicates.sh b/.github/checks/check-vlan-duplicates.sh new file mode 100755 index 000000000..a8bbfa0dc --- /dev/null +++ b/.github/checks/check-vlan-duplicates.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# Change to the locations directory +cd locations || exit 1 + +# Variable to accumulate duplicate findings +all_duplicates="" + +# Iterate over each file in the directory +for file in ./*; do + # Check if it is a file + if [ -f "$file" ]; then + # Extract VIDs / VLAN names, sort, and find duplicates + duplicates_vid=$(yq 'select(.networks != null) | .networks[].vid' "$file" | grep -v 'null' | sed 's/["'\'']//g' | sort | uniq -cd) + duplicates_name=$(yq 'select(.networks != null) | .networks[].name' "$file" | grep -v 'null' | sed 's/["'\'']//g' | sort | uniq -cd) + # Accumulate duplicates if found + if [ -n "$duplicates_vid" ]; then + all_duplicates+="\nDuplicate VIDs found in $file:\n$duplicates_vid" + fi + if [ -n "$duplicates_name" ]; then + all_duplicates+="\nDuplicate VLAN names found in $file:\n$duplicates_name" + fi + fi +done + +# Check if there were any duplicates found +if [ -n "$all_duplicates" ]; then + echo -e "Duplicates VIDs or VLAN names found:$all_duplicates" + exit 1 +else + echo "No duplicate VIDs or VLAN names found." +fi diff --git a/.github/workflows/check-vlan-duplicates.yml b/.github/workflows/check-vlan-duplicates.yml new file mode 100644 index 000000000..675a70b2b --- /dev/null +++ b/.github/workflows/check-vlan-duplicates.yml @@ -0,0 +1,17 @@ +--- +name: Check for duplicate VIDs and VLAN names + +on: [push, pull_request] # yamllint disable-line rule:truthy + +jobs: + check-vlan-duplicates: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Run VID and VLAN name duplicate check + run: | + ./.github/checks/check-vlan-duplicates.sh From 2eceb5e5ac5d7092d7687418bd2c8ddb81566ecd Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 4 Aug 2024 10:51:40 +0000 Subject: [PATCH 009/254] fardf: init location --- locations/fardf.yml | 198 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 198 insertions(+) create mode 100644 locations/fardf.yml diff --git a/locations/fardf.yml b/locations/fardf.yml new file mode 100644 index 000000000..85a95980d --- /dev/null +++ b/locations/fardf.yml @@ -0,0 +1,198 @@ +--- +location: fardf +location_nice: "Finanzamt Reinickendorf, Eichborndamm 208, 13403 Berlin" +latitude: 52.5870976 +longitude: 13.324892521 +altitude: 75 +community: true + +hosts: + - hostname: fardf-core + role: corerouter + model: "ubnt_unifiac-mesh" + wireless_profile: freifunk_default + +snmp_devices: + - hostname: fardf-switch + address: 10.248.11.130 + snmp_profile: edgeswitch + + - hostname: fardf-bht + address: 10.248.11.131 + snmp_profile: airos_8 + + - hostname: fardf-maerkisches + address: 10.248.11.132 + snmp_profile: airos_8 + + - hostname: fardf-sange + address: 10.248.11.133 + snmp_profile: airos_8 + + - hostname: fardf-nord + address: 10.248.11.134 + snmp_profile: airos_8 + + - hostname: fardf-ost + address: 10.248.11.135 + snmp_profile: airos_8 + + - hostname: fardf-sued + address: 10.248.11.136 + snmp_profile: airos_8 + + - hostname: fardf-west + address: 10.248.11.137 + snmp_profile: airos_8 + +airos_dfs_reset: + - name: "fardf-maerkisches" + target: "10.248.11.132" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "fardf-sange" + target: "10.248.11.133" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "fardf-nord" + target: "10.248.11.134" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "fardf-ost" + target: "10.248.11.135" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "fardf-sued" + target: "10.248.11.136" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "fardf-west" + target: "10.248.11.137" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + +# Got the following prefixes: +# Router: 10.248.11.128/26 +# --MGMT: 10.248.11.128/28 +# --MESH: 10.248.11.144/28 +# --DHCP: 10.248.11.160/27 + +ipv6_prefix: "2001:bf7:770:200::/56" + +networks: + # Mesh bht + - vid: 10 + role: mesh + name: mesh_bht + prefix: 10.248.11.144/32 + ipv6_subprefix: -10 + ptp: true + + # Mesh Märkisches Viertel + - vid: 11 + role: mesh + name: mesh_maerk + prefix: 10.248.11.145/32 + ipv6_subprefix: -11 + + # Mesh Sange + - vid: 12 + role: mesh + name: mesh_sange + prefix: 10.248.11.146/32 + ipv6_subprefix: -12 + + # Mesh Nord + - vid: 13 + role: mesh + name: mesh_nord + prefix: 10.248.11.147/32 + ipv6_subprefix: -13 + + # Mesh Ost + - vid: 14 + role: mesh + name: mesh_ost + prefix: 10.248.11.148/32 + ipv6_subprefix: -14 + + # Mesh Sued + - vid: 15 + role: mesh + name: mesh_sued + prefix: 10.248.11.149/32 + ipv6_subprefix: -15 + + # Mesh West + - vid: 16 + role: mesh + name: mesh_west + prefix: 10.248.11.150/32 + ipv6_subprefix: -16 + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.248.11.151/32 + ipv6_subprefix: -20 + mesh_ap: fardf-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.248.11.152/32 + ipv6_subprefix: -21 + mesh_ap: fardf-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.248.11.160/27 + ipv6_subprefix: 0 + assignments: + fardf-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.11.128/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + fardf-core: 1 # 10.248.11.129 (10m PoE watchdog) + fardf-switch: 2 # 10.248.11.130 + fardf-bht: 3 # 10.248.11.131 + fardf-maerkisches: 4 # 10.248.11.132 + fardf-sange: 5 # 10.248.11.133 + fardf-nord: 6 # 10.248.11.134 + fardf-ost: 7 # 10.248.11.135 + fardf-sued: 8 # 10.248.11.136 + fardf-west: 9 # 10.248.11.137 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + fardf-core: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + fardf-core: 13-20 From 20f1f043027d15c055dd7472f8648bdea62ef0cc Mon Sep 17 00:00:00 2001 From: Packet Please Date: Fri, 19 Jul 2024 23:57:04 +0200 Subject: [PATCH 010/254] version: switch snapshot back to snapshot feed --- group_vars/version_snapshot.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/group_vars/version_snapshot.yml b/group_vars/version_snapshot.yml index f1dfb44eb..7e5d1acd7 100644 --- a/group_vars/version_snapshot.yml +++ b/group_vars/version_snapshot.yml @@ -1,5 +1,4 @@ --- -# Don't use falter master, breaking changes are expected at the moment (7/2023) -feed_version: 1.4.0-snapshot +feed_version: snapshot imagebuilder_filename: "openwrt-imagebuilder-{{ target | replace('/','-') }}.Linux-x86_64.tar.zst" From ca405b7e799d397c1df07bb68fda68e242a314c9 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Fri, 26 Jul 2024 00:48:15 +0200 Subject: [PATCH 011/254] imageprofile: fix compatibility with snapshot falter-common dependencies --- group_vars/all/imageprofile.yml | 3 ++- roles/cfg_openwrt/tasks/conditional_packages.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/group_vars/all/imageprofile.yml b/group_vars/all/imageprofile.yml index 81c1a94a1..d23649505 100644 --- a/group_vars/all/imageprofile.yml +++ b/group_vars/all/imageprofile.yml @@ -18,10 +18,11 @@ all__packages__to_merge: - ip6tables # Its not pulled in by default anymore bc fw4 - iperf3 - iwinfo + - ip - kmod-nft-bridge - mtr - nftables - - tcpdump + - tcpdump-mini - vnstat - -ppp - -ppp-mod-pppoe diff --git a/roles/cfg_openwrt/tasks/conditional_packages.yml b/roles/cfg_openwrt/tasks/conditional_packages.yml index 5c8fddba6..76222d0c0 100644 --- a/roles/cfg_openwrt/tasks/conditional_packages.yml +++ b/roles/cfg_openwrt/tasks/conditional_packages.yml @@ -42,7 +42,7 @@ - name: "Add debugging-packages on core-routers" set_fact: - packages: "{{ packages + ['mosh-server', 'tmux', 'ip'] }}" + packages: "{{ packages + ['mosh-server', 'tmux'] }}" when: - not (low_flash | default(false)) - role == 'corerouter' From 49c6107e8726056f2fbaef72de7a5ba65d6febe8 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Fri, 26 Jul 2024 00:48:40 +0200 Subject: [PATCH 012/254] pktpls: upgrade to snapshot --- locations/pktpls.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/locations/pktpls.yml b/locations/pktpls.yml index 1d89380de..31779ae96 100644 --- a/locations/pktpls.yml +++ b/locations/pktpls.yml @@ -11,13 +11,12 @@ hosts: - hostname: pktpls-core role: corerouter model: "x86-64" + openwrt_version: snapshot -# feed: "src/gz openwrt_falter file:///home/user/w/ff/falter-packages/out/openwrt-23.05/x86_64/falter" +# feed: "src/gz openwrt_falter file:///home/user/w/ff/falter-packages/out/main/x86_64/falter" # imagebuilder_disable_signature_check: true location__packages__to_merge: - - -luci-mod-falter - - -falter-common - openssh-sftp-server # 10.31.174.128/26 - pktpls+bbb@systemli.org From fb136a3683939ea79b87ef87c8861dfb61c1c7bd Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sat, 17 Aug 2024 07:28:06 +0000 Subject: [PATCH 013/254] mela: fix mesh-o5; improve config --- locations/mela.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/locations/mela.yml b/locations/mela.yml index 195fcc38f..fbfe9734a 100644 --- a/locations/mela.yml +++ b/locations/mela.yml @@ -15,34 +15,27 @@ hosts: - hostname: mela-n5 role: ap model: "tplink_cpe510-v1" - wireless_profile: freifunk_default - hostname: mela-o5 role: ap model: "tplink_cpe510-v1" - wireless_profile: freifunk_default - hostname: mela-s5 role: ap model: "tplink_cpe510-v1" - hostname: mela-n2 role: ap model: "tplink_cpe210-v1" - wireless_profile: freifunk_default - hostname: mela-o2 role: ap model: "tplink_cpe210-v1" - wireless_profile: freifunk_default - hostname: mela-s2 role: ap model: "tplink_cpe210-v1" - wireless_profile: freifunk_default - hostname: mela-w2 role: ap model: "tplink_cpe210-v1" - wireless_profile: freifunk_default - hostname: mela-kanzel role: ap model: "tplink_cpe210-v1" - wireless_profile: freifunk_default snmp_devices: - hostname: mela-switch-hinten @@ -142,7 +135,7 @@ networks: name: mesh_11s_o5 prefix: 10.36.70.41/32 ipv6_subprefix: -25 - mesh_ap: mela-o2 + mesh_ap: mela-o5 mesh_radio: 11a_standard mesh_iface: mesh From 72e7f14d28e55f8940cd95d5a0e5af439153c6b6 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Mon, 19 Aug 2024 11:36:13 +0000 Subject: [PATCH 014/254] torte-mela-2g: retired --- locations/torte-mela-2g.yml | 66 ------------------------------------- 1 file changed, 66 deletions(-) delete mode 100644 locations/torte-mela-2g.yml diff --git a/locations/torte-mela-2g.yml b/locations/torte-mela-2g.yml deleted file mode 100644 index 3cb4b225f..000000000 --- a/locations/torte-mela-2g.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -location: torte-mela-2g -location_nice: "" -latitude: 52.52270515795004 -longitude: 13.186229014854849 -community: true - -hosts: - - hostname: torte-mela-2g - role: corerouter - model: "tplink_cpe210-v1" - # low flash until proper core router - low_flash: true - wireless_profile: mesh_only - -ipv6_prefix: "2001:bf7:780:700::/56" - -# got following prefixes: -# Router: 10.31.243.224/27 -# 2001:bf7:780:700::/56 -# --MGMT: 10.31.243.224/29 -# --MESH: 10.31.243.232/29 -# --DHCP: 10.31.243.240/28 - -networks: - # 802.11s Mesh 2.4 GHz - - vid: 20 - role: mesh - name: mesh_mela - prefix: 10.31.243.232/32 - ipv6_subprefix: -20 - mesh_ap: torte-mela-2g - mesh_radio: 11g_standard - mesh_iface: mesh - - # MESH - LAN - - vid: 30 - role: mesh - name: mesh_lan - prefix: 10.31.243.233/32 - ipv6_subprefix: -30 - - # MGMT - - vid: 42 - role: mgmt - prefix: 10.31.243.224/29 - gateway: 1 - dns: 1 - ipv6_subprefix: 1 - assignments: - # Core - torte-mela-2g: 1 - - # DHCP - - vid: 40 - role: dhcp - prefix: 10.31.243.240/28 - ipv6_subprefix: 0 - inbound_filtering: true - enforce_client_isolation: true - assignments: - torte-mela-2g: 1 - -location__ssh_keys__to_merge: - - comment: torte - key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQBsKPa58c9LBwfupf3KlAsJHG+O9BNdTP0wB+0Ztl5Zl2/TeGfEEnOXxpf8gQq0qkG/pA40UP8jyejzliNfTZ+qOIfX+Jt1KXoBzNN7zBtYMzAAkrDgCqfIeLBAb/ArZyEanCOOz96bu4OfiktPJxbbRrlP/OV0XUZaLkSmIvxKFP5VHYyhvBxlwTrjSD8tdZJNFiZelHW/TRAT0uSfmgXBiXNThKVMNwwaCUp1R9QNbzFUhvnGyqrH8mQOYtHcZhPYAQOnUpJSYwBlyA4aIhAAgsPRZe1M5lEMn7ME6q6ERuQheGNmcNNqoxjrzIHbZjgTlprvdrzD7UPGNla7zcst torte@pluto From d5718a140c4587a9bcb687c5097201f66f1c3fc7 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sat, 24 Aug 2024 12:59:35 +0000 Subject: [PATCH 015/254] gub37,k12: fix missing mac_overrides --- locations/gub37.yml | 1 + locations/k12-3v0s.yml | 1 + locations/k12-haus4.yml | 1 + locations/k12.yml | 13 +++---------- 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/locations/gub37.yml b/locations/gub37.yml index eddb680bf..a58b58fca 100644 --- a/locations/gub37.yml +++ b/locations/gub37.yml @@ -19,6 +19,7 @@ hosts: role: ap model: "mikrotik_sxtsq-5-ac" wifi_roaming: true + mac_override: {eth0: 64:d1:54:ae:ba:b0} - hostname: gub37-hof-w role: ap diff --git a/locations/k12-3v0s.yml b/locations/k12-3v0s.yml index febfe1d80..164d118bb 100644 --- a/locations/k12-3v0s.yml +++ b/locations/k12-3v0s.yml @@ -11,6 +11,7 @@ hosts: - hostname: k12-3v0s role: corerouter model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:b9:46:45} wireless_profile: freifunk_default ipv6_prefix: '2001:bf7:760:1300::/56' diff --git a/locations/k12-haus4.yml b/locations/k12-haus4.yml index a67a450cc..e9ced8cea 100644 --- a/locations/k12-haus4.yml +++ b/locations/k12-haus4.yml @@ -12,6 +12,7 @@ hosts: role: corerouter model: "dlink_covr-x1860-a1" wireless_profile: freifunk_default + mac_override: {eth0: 0c:0e:76:cf:21:e5} wifi_roaming: true - hostname: k12-haus4-garten role: ap diff --git a/locations/k12.yml b/locations/k12.yml index 0caeeaccb..cce25c782 100644 --- a/locations/k12.yml +++ b/locations/k12.yml @@ -12,41 +12,34 @@ hosts: - hostname: k12-core role: corerouter model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:db:4d:45} wireless_profile: freifunk_default wifi_roaming: true - hostname: k12-cpe role: ap model: "mikrotik_sxtsq-5-ac" - # eth0 mac needs to be properly set - # cat /sys/firmware/mikrotik/hard_config/mac_base - mac_override: - eth0: 08:55:31:EA:E3:32 - wireless_profile: freifunk_default + mac_override: {eth0: 08:55:31:ea:e3:32} wifi_roaming: true - hostname: k12-ap1 role: ap model: "tplink_archer-c5-v1" - wireless_profile: freifunk_default wifi_roaming: true - hostname: k12-ap2 role: ap model: "tplink_archer-c7-v5" - wireless_profile: freifunk_default wifi_roaming: true - hostname: k12-2h1s role: ap model: "dlink_covr-x1860-a1" - wireless_profile: freifunk_default + mac_override: {eth0: 0c:0e:76:cf:21:de} wifi_roaming: true - hostname: k12-ap3 role: ap model: "tplink_tl-wdr4300-v1" - wireless_profile: freifunk_default wifi_roaming: true - hostname: k12-ap4 role: ap model: "tplink_archer-c5-v1" - wireless_profile: freifunk_default wifi_roaming: true snmp_devices: From 8d0f5792f6202cd3c5ec32d18580abb47d7b8f76 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 18 Aug 2024 07:32:02 +0000 Subject: [PATCH 016/254] workflows: consolidate duplicate checks --- .github/checks/check-address-duplicates.sh | 15 ---- .github/checks/check-duplicates.sh | 71 +++++++++++++++++++ .github/checks/check-hostname-duplicates.sh | 29 -------- .github/checks/check-ip-prefix-duplicates.sh | 25 ------- .github/checks/check-vlan-duplicates.sh | 32 --------- ...ss-duplicates.yml => check-duplicates.yml} | 9 +-- .../workflows/check-hostname-duplicates.yml | 17 ----- .../workflows/check-ip-prefix-duplicates.yml | 17 ----- .github/workflows/check-vlan-duplicates.yml | 17 ----- 9 files changed, 76 insertions(+), 156 deletions(-) delete mode 100755 .github/checks/check-address-duplicates.sh create mode 100755 .github/checks/check-duplicates.sh delete mode 100755 .github/checks/check-hostname-duplicates.sh delete mode 100755 .github/checks/check-ip-prefix-duplicates.sh delete mode 100755 .github/checks/check-vlan-duplicates.sh rename .github/workflows/{check-address-duplicates.yml => check-duplicates.yml} (59%) delete mode 100644 .github/workflows/check-hostname-duplicates.yml delete mode 100644 .github/workflows/check-ip-prefix-duplicates.yml delete mode 100644 .github/workflows/check-vlan-duplicates.yml diff --git a/.github/checks/check-address-duplicates.sh b/.github/checks/check-address-duplicates.sh deleted file mode 100755 index 3f652bda6..000000000 --- a/.github/checks/check-address-duplicates.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -# Change to the locations directory -cd locations || exit 1 - -# Check for address duplicates -duplicates=$(sed -nE 's/^\s*address:\s*["'\''"]?([^"'\''\s#]+)["'\''"]?/\1/p' ./*.yml | sort | uniq -cd) - -if [ -n "$duplicates" ]; then - echo "Duplicate addresses found:" - echo "$duplicates" - exit 1 -else - echo "No duplicate addresses found." -fi diff --git a/.github/checks/check-duplicates.sh b/.github/checks/check-duplicates.sh new file mode 100755 index 000000000..66f57fca9 --- /dev/null +++ b/.github/checks/check-duplicates.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +# Locations pattern +location_files="locations/*.yml" + +# Initialize a variable to track if any errors are found +error_found=0 + +# Function to check for duplicates +check_duplicates() { + local yq_query="$1" + local description="$2" + local file_pattern="$3" + + # Expand the file pattern to a list of files + files=$(ls "$file_pattern" 2>/dev/null) + + # Check if any files match the pattern + if [ -z "$files" ]; then + echo "No files matching pattern $file_pattern" + return + fi + + # Run the yq command with the expanded list of files + duplicates=$(yq "$yq_query" "$files" | grep -v -- '---' | tr '[:upper:]' '[:lower:]' | sed 's/["'\'']//g' | sort | uniq -cd) + if [ -n "$duplicates" ]; then + echo "Duplicate $description found:" + echo "$duplicates" + error_found=1 + fi +} + +# Check for duplicates accross all locations +echo "Checking $location_files" + +# Check for hostname duplicates within hosts +check_duplicates 'select(.hosts != null) | .hosts[].hostname' "hostnames within hosts" "$location_files" + +# Check for mac_override duplicates within hosts +check_duplicates 'select(.hosts != null) | .hosts[].mac_override | select(. != null) | to_entries[] | .value' "mac_overrides within hosts" "$location_files" + +# Check for hostname duplicates within snmp_devices +check_duplicates 'select(.snmp_devices != null) | .snmp_devices[].hostname' "hostnames within snmp_devices" "$location_files" + +# Check for address duplicates within snmp_devices +check_duplicates 'select(.snmp_devices != null) | .snmp_devices[].address' "addresses within snmp_devices" "$location_files" + +# Check for ipv6_prefix duplicates +check_duplicates 'select(.ipv6_prefix != null) | .ipv6_prefix' "ipv6_prefixes" "$location_files" + +# Check for ipv4_prefix duplicates within networks +check_duplicates 'select(.networks != null) | .networks[] | select(.prefix != null) | .prefix' "prefix within networks" "$location_files" + + +# Check for duplicates within a single location +for file in $location_files; do + echo "Checking $file" + + # Check for VID duplicates within networks + check_duplicates 'select(.networks != null) | .networks[] | select(.vid != null) | .vid' "VID within networks" "$file" + + # Check for name duplicates within networks + check_duplicates 'select(.networks != null) | .networks[] | select(.name != null) | .name' "name within networks" "$file" +done + +# Exit with a non-zero status code if any errors were found +if [ "$error_found" -eq 1 ]; then + exit 1 +else + echo "No duplicates found" +fi diff --git a/.github/checks/check-hostname-duplicates.sh b/.github/checks/check-hostname-duplicates.sh deleted file mode 100755 index f7913bace..000000000 --- a/.github/checks/check-hostname-duplicates.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -# Change to the locations directory -cd locations || exit 1 - -# Variable to accumulate duplicate findings -all_duplicates="" - -# Iterate over each file in the directory -for file in ./*; do - # Check if it is a file - if [ -f "$file" ]; then - # Extract hostnames, sort, and find duplicates - duplicates=$(sed -nE 's/^\s*-\s*hostname:\s*["'\'']{0,1}([a-zA-Z0-9-]+)["'\''#]?([\s].*)?$/\1/p' "$file" | sort | uniq -cd) - - # Accumulate duplicates if found - if [ -n "$duplicates" ]; then - all_duplicates+="\n$duplicates" - fi - fi -done - -# Check if there were any duplicates found -if [ -n "$all_duplicates" ]; then - echo -e "Duplicate hostnames found:$all_duplicates" - exit 1 -else - echo "No duplicate hostnames found." -fi diff --git a/.github/checks/check-ip-prefix-duplicates.sh b/.github/checks/check-ip-prefix-duplicates.sh deleted file mode 100755 index bf47c01ab..000000000 --- a/.github/checks/check-ip-prefix-duplicates.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# Change to the locations directory -cd locations || exit 1 - -# Check for IPv4 duplicates -ipv4_duplicates=$(sed -nE 's/^\s*prefix:\s*["'\''"]?([^"'\''\s#]+)["'\''"]?/\1/p' ./*.yml | sort | uniq -cd) - -# Check for IPv6 duplicates -ipv6_duplicates=$(sed -nE 's/^\s*ipv6_prefix:\s*["'\''"]?([0-9a-fA-F:]+\/[0-9]+)["'\''"]?/\1/p' ./*.yml | sort | uniq -cd) - - -if [ -n "$ipv4_duplicates" ] || [ -n "$ipv6_duplicates" ]; then - if [ -n "$ipv4_duplicates" ]; then - echo "Duplicate IPv4 prefixes found:" - echo "$ipv4_duplicates" - fi - if [ -n "$ipv6_duplicates" ]; then - echo "Duplicate IPv6 prefixes found:" - echo "$ipv6_duplicates" - fi - exit 1 -else - echo "No duplicate prefixes found." -fi diff --git a/.github/checks/check-vlan-duplicates.sh b/.github/checks/check-vlan-duplicates.sh deleted file mode 100755 index a8bbfa0dc..000000000 --- a/.github/checks/check-vlan-duplicates.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -# Change to the locations directory -cd locations || exit 1 - -# Variable to accumulate duplicate findings -all_duplicates="" - -# Iterate over each file in the directory -for file in ./*; do - # Check if it is a file - if [ -f "$file" ]; then - # Extract VIDs / VLAN names, sort, and find duplicates - duplicates_vid=$(yq 'select(.networks != null) | .networks[].vid' "$file" | grep -v 'null' | sed 's/["'\'']//g' | sort | uniq -cd) - duplicates_name=$(yq 'select(.networks != null) | .networks[].name' "$file" | grep -v 'null' | sed 's/["'\'']//g' | sort | uniq -cd) - # Accumulate duplicates if found - if [ -n "$duplicates_vid" ]; then - all_duplicates+="\nDuplicate VIDs found in $file:\n$duplicates_vid" - fi - if [ -n "$duplicates_name" ]; then - all_duplicates+="\nDuplicate VLAN names found in $file:\n$duplicates_name" - fi - fi -done - -# Check if there were any duplicates found -if [ -n "$all_duplicates" ]; then - echo -e "Duplicates VIDs or VLAN names found:$all_duplicates" - exit 1 -else - echo "No duplicate VIDs or VLAN names found." -fi diff --git a/.github/workflows/check-address-duplicates.yml b/.github/workflows/check-duplicates.yml similarity index 59% rename from .github/workflows/check-address-duplicates.yml rename to .github/workflows/check-duplicates.yml index 980914003..b6828e2ad 100644 --- a/.github/workflows/check-address-duplicates.yml +++ b/.github/workflows/check-duplicates.yml @@ -1,10 +1,10 @@ --- -name: Check for duplicate addresses +name: Check for duplicates on: [push, pull_request] # yamllint disable-line rule:truthy jobs: - check-address-duplicates: + check-duplicates: runs-on: ubuntu-latest steps: - name: Checkout repository @@ -12,6 +12,7 @@ jobs: with: fetch-depth: 0 - - name: Run address duplicate check + - name: Run check for duplicates run: | - ./.github/checks/check-address-duplicates.sh + yq --version + ./.github/checks/check-duplicates.sh diff --git a/.github/workflows/check-hostname-duplicates.yml b/.github/workflows/check-hostname-duplicates.yml deleted file mode 100644 index 220bbe11a..000000000 --- a/.github/workflows/check-hostname-duplicates.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -name: Check for duplicate hostnames - -on: [push, pull_request] # yamllint disable-line rule:truthy - -jobs: - check-hostname-duplicates: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Run hostname duplicate check - run: | - ./.github/checks/check-hostname-duplicates.sh diff --git a/.github/workflows/check-ip-prefix-duplicates.yml b/.github/workflows/check-ip-prefix-duplicates.yml deleted file mode 100644 index 9836efa81..000000000 --- a/.github/workflows/check-ip-prefix-duplicates.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -name: Check for duplicate IP prefixes - -on: [push, pull_request] # yamllint disable-line rule:truthy - -jobs: - check-ip-prefix-duplicates: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Run IP prefix duplicate check - run: | - ./.github/checks/check-ip-prefix-duplicates.sh diff --git a/.github/workflows/check-vlan-duplicates.yml b/.github/workflows/check-vlan-duplicates.yml deleted file mode 100644 index 675a70b2b..000000000 --- a/.github/workflows/check-vlan-duplicates.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -name: Check for duplicate VIDs and VLAN names - -on: [push, pull_request] # yamllint disable-line rule:truthy - -jobs: - check-vlan-duplicates: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Run VID and VLAN name duplicate check - run: | - ./.github/checks/check-vlan-duplicates.sh From 784cd6fa3356a77e3dbd6d4bc1d148b62a624cf9 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 18 Aug 2024 08:00:04 +0000 Subject: [PATCH 017/254] klunker: fix mac_overrides; add PoE watchdog to instable device --- locations/klunker.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/locations/klunker.yml b/locations/klunker.yml index e4d2cf91e..186aac897 100644 --- a/locations/klunker.yml +++ b/locations/klunker.yml @@ -16,19 +16,19 @@ hosts: role: ap model: "mikrotik_sxtsq-5-ac" mac_override: - eth0: 08:55:31:14:36:d7 + eth0: dc:2c:6e:c4:36:37 - hostname: klunker-nf-nnw-5ghz role: ap model: "mikrotik_sxtsq-5-ac" mac_override: - eth0: cc:2d:e0:9c:4d:58 + eth0: dc:2c:6e:c4:16:fb - hostname: klunker-nf-sse-5ghz role: ap model: "mikrotik_sxtsq-5-ac" mac_override: - eth0: cc:2d:e0:9c:4f:00 + eth0: dc:2c:6e:c4:36:5f snmp_devices: - hostname: klunker-switch @@ -117,14 +117,14 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - klunker-core: 1 - klunker-switch: 2 - klunker-rhnk: 3 - klunker-philmel: 4 - # klunker-rhnk-5ghz: 5 - klunker-nf-nnw-5ghz: 6 - klunker-nf-sse-5ghz: 7 - klunker-ap-bibliothek-5ghz: 8 + klunker-core: 1 # 10.31.191.177 + klunker-switch: 2 # 10.31.191.178 + klunker-rhnk: 3 # 10.31.191.179 + klunker-philmel: 4 # 10.31.191.180 + # klunker-rhnk-5ghz: 5 # 10.31.191.181 + klunker-nf-nnw-5ghz: 6 # 10.31.191.182 + klunker-nf-sse-5ghz: 7 # 10.31.191.183 - PoE Watchdog 10m + klunker-ap-bibliothek-5ghz: 8 # 10.31.191.184 location__channel_assignments_11a_standard__to_merge: klunker-nf-sse-5ghz: 36-20 From daba579e82e826a7833f50cd8849f16e0edb7ffe Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sat, 24 Aug 2024 13:57:35 +0000 Subject: [PATCH 018/254] k12-haus4: replace AP --- locations/k12-haus4.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/locations/k12-haus4.yml b/locations/k12-haus4.yml index e9ced8cea..37dc6a060 100644 --- a/locations/k12-haus4.yml +++ b/locations/k12-haus4.yml @@ -16,13 +16,12 @@ hosts: wifi_roaming: true - hostname: k12-haus4-garten role: ap - model: "tplink_archer-c5-v1" - wireless_profile: freifunk_default + model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:db:4d:53} wifi_roaming: true - hostname: k12-haus4-hirschhof role: ap model: "tplink_cpe210-v1" - wireless_profile: freifunk_default wifi_roaming: true ipv6_prefix: '2001:bf7:760:2b00::/56' From b419cc970d49df7a24a754eefac8cdbbc8957f28 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 27 Aug 2024 07:35:46 +0000 Subject: [PATCH 019/254] w38b: temp replacement for wax202~ --- locations/w38b.yml | 53 ++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 28 deletions(-) diff --git a/locations/w38b.yml b/locations/w38b.yml index f671280ae..81ace6f44 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -10,15 +10,12 @@ contacts: hosts: - hostname: w38b-core role: corerouter - model: "netgear_wax202" - wireless_profile: w38b - wifi_roaming: true - mac_override: {eth0: 34:98:b5:0f:37:5f} + model: "ubnt_edgerouter-x" + poe_on: [] - hostname: w38b-ap1 role: ap model: "dlink_covr-x1860-a1" wireless_profile: w38b - wifi_roaming: true mac_override: {eth0: 0c:0e:76:cf:2e:3a} snmp_devices: @@ -66,27 +63,27 @@ networks: mesh_metric: 256 # MESH - 5 GHz 802.11s - - vid: 20 - role: mesh - name: mesh_5g - prefix: 10.31.212.35/32 - ipv6_subprefix: -20 - mesh_ap: w38b-core - mesh_radio: 11a_standard - mesh_iface: mesh + # - vid: 20 + # role: mesh + # name: mesh_5g + # prefix: 10.31.212.35/32 + # ipv6_subprefix: -20 + # mesh_ap: w38b-core + # mesh_radio: 11a_standard + # mesh_iface: mesh # MESH - 2.4 GHz 802.11s - - vid: 21 - role: mesh - name: mesh_2g - prefix: 10.31.212.36/32 - ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.5'] - mesh_ap: w38b-core - mesh_radio: 11g_standard - mesh_iface: mesh + # - vid: 21 + # role: mesh + # name: mesh_2g + # prefix: 10.31.212.36/32 + # ipv6_subprefix: -21 + # # make mesh_metric(s) for 2GHz worse than 5GHz + # mesh_metric: 1024 + # mesh_metric_lqm: ['default 0.5'] + # mesh_ap: w38b-core + # mesh_radio: 11g_standard + # mesh_iface: mesh # MESH - 5 GHz 802.11s ap1 - vid: 22 @@ -171,12 +168,12 @@ networks: # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: - w38b-core: 36-80 - w38b-ap1: 52-80 + # w38b-core: 36-80 + w38b-ap1: 36-80 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: - w38b-core: 13-20 + # w38b-core: 13-20 w38b-ap1: 13-20 # Wireless profile @@ -215,7 +212,7 @@ location__wireless_profiles__to_merge: - mode: ap ssid: w38b-home encryption: sae-mixed - key: 'file:/root/wifi-pwd-home' + key: 'file:/root/wifi-pwd' network: private radio: [11a_standard, 11g_standard] ifname_hint: pr From c8982378d89f2f2732e35f056a6be7a3c0c9c19b Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 27 Aug 2024 07:36:18 +0000 Subject: [PATCH 020/254] noki: additions to test and travel setup --- locations/noki.yml | 108 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 84 insertions(+), 24 deletions(-) diff --git a/locations/noki.yml b/locations/noki.yml index 06d8420cb..267572379 100644 --- a/locations/noki.yml +++ b/locations/noki.yml @@ -1,4 +1,16 @@ --- +# This ia a flexible test and mobile travel router setup that supports the following cases +# - Core router and optional AP to cover a larger area or to be able to position one of +# the devices in a spot that works better for a mesh connection +# - Private network (VID 43) without client isolation and filtering to allow communication +# between devices in the network +# - Host network (VLAN 41) to make devices accessible via the internet using a routed IPv6 +# network (requires firewall rules at gateways) +# - Internet uplink (VID 50, untagged) to provide easy internet connectivity by just +# connecting any network port of the setup to an existing internet connection via cable +# - Mesh on LAN (VID 30) to connect to another Freifunk installation via LAN +# - Two optional PtP antennas (VID 10 + 11) for long range ptp connections + location: noki # This is a test and mobile travel router, therefore it has no location location_nice: @@ -8,23 +20,15 @@ contact_nickname: 'Noki' contacts: - '@noki-:matrix.org' -dns_servers: - # quad9 - - 9.9.9.9 - - 149.112.112.112 - - 2620:fe::fe - - 2620:fe::9 - # cloudflare - - 1.1.1.1 - - 1.0.0.1 - - 2606:4700:4700::1111 - - 2606:4700:4700::1001 - hosts: - hostname: noki-core role: corerouter model: "dlink_dap-x1860-a1" wireless_profile: noki + - hostname: noki-ap + role: ap + model: "dlink_dap-x1860-a1" + wireless_profile: noki ipv6_prefix: '2001:bf7:830:1000::/56' @@ -41,11 +45,27 @@ ipv6_prefix: '2001:bf7:830:1000::/56' dhcp_no_ping: false networks: + # MESH - PtP antenna 1 + - vid: 10 + role: mesh + name: mesh_ptp_1 + prefix: 10.31.215.32/32 + ipv6_subprefix: -10 + ptp: true + + # MESH - PtP antenna 2 + - vid: 11 + role: mesh + name: mesh_ptp_2 + prefix: 10.31.215.33/32 + ipv6_subprefix: -11 + ptp: true + # MESH - 5 GHz 802.11s - vid: 20 role: mesh - name: mesh_5g - prefix: 10.31.215.32/32 + name: mesh_5g_core + prefix: 10.31.215.34/32 ipv6_subprefix: -20 mesh_ap: noki-core mesh_radio: 11a_standard @@ -54,8 +74,8 @@ networks: # MESH - 2.4 GHz 802.11s - vid: 21 role: mesh - name: mesh_2g - prefix: 10.31.215.33/32 + name: mesh_2g_core + prefix: 10.31.215.35/32 ipv6_subprefix: -21 # make mesh_metric(s) for 2GHz worse than 5GHz mesh_metric: 1024 @@ -64,11 +84,34 @@ networks: mesh_radio: 11g_standard mesh_iface: mesh + # MESH - AP - 5 GHz 802.11s + - vid: 22 + role: mesh + name: mesh_5g_ap + prefix: 10.31.215.36/32 + ipv6_subprefix: -22 + mesh_ap: noki-ap + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - AP - 2.4 GHz 802.11s + - vid: 23 + role: mesh + name: mesh_2g_ap + prefix: 10.31.215.37/32 + ipv6_subprefix: -23 + # make mesh_metric(s) for 2GHz worse than 5GHz + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.8'] + mesh_ap: noki-ap + mesh_radio: 11g_standard + mesh_iface: mesh + # MESH - LAN - vid: 30 role: mesh name: mesh_lan - prefix: 10.31.215.34/32 + prefix: 10.31.215.38/32 ipv6_subprefix: -30 # DHCP with filtering and isolation @@ -99,8 +142,10 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - # 10.31.215.1/32 - noki-core: 1 + noki-core: 1 # 10.31.215.1 + noki-ap: 2 # 10.31.215.2 + noki-ptp-1: 3 # 10.31.215.3 + noki-ptp-2: 3 # 10.31.215.3 # DHCP (PRIVATE) - vid: 43 @@ -112,7 +157,7 @@ networks: assignments: noki-core: 1 - # UPLK + # UPLK - 10.31.215.64/27 as /32 - vid: 50 role: uplink untagged: true @@ -120,22 +165,24 @@ networks: - role: tunnel ifname: ts_wg0 mtu: 1280 - prefix: 10.31.215.35/32 + prefix: 10.31.215.64/32 wireguard_port: 51820 - role: tunnel ifname: ts_wg1 mtu: 1280 - prefix: 10.31.215.36/32 + prefix: 10.31.215.65/32 wireguard_port: 51821 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: noki-core: 36-80 + noki-ap: 36-80 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: noki-core: 13-20 + noki-ap: 13-20 # Wireless profile location__wireless_profiles__to_merge: @@ -173,7 +220,7 @@ location__wireless_profiles__to_merge: - mode: ap ssid: noki encryption: sae-mixed - key: 'file:/root/wifi_pass' + key: 'file:/root/wifi-pwd' network: private radio: [11a_standard, 11g_standard] ifname_hint: pr @@ -181,7 +228,7 @@ location__wireless_profiles__to_merge: - mode: ap ssid: noki-host encryption: sae-mixed - key: 'file:/root/wifi_pass' + key: 'file:/root/wifi-pwd-host' network: host radio: [11a_standard, 11g_standard] ifname_hint: ho @@ -193,6 +240,19 @@ location__wireless_profiles__to_merge: mesh_fwding: 0 ifname_hint: mesh +# DNS Servers +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 + # SSH Keys ssh_keys: - comment: Noki From 35321f090fc36e86a8bc933ade71ffa05aa0af43 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 27 Aug 2024 11:56:21 +0000 Subject: [PATCH 021/254] scripts: make mass-update check available memory instead of free memory --- mass-update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mass-update.sh b/mass-update.sh index 9043ecf84..327638ade 100755 --- a/mass-update.sh +++ b/mass-update.sh @@ -68,7 +68,7 @@ for FILE_PATH in $SORTED_FILES; do echo "Hostname $HOSTNAME is reachable" # Check memory on remote host - MEMORY=$(ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "root@$HOSTNAME" "free | awk 'NR==2 {print \$4}'") + MEMORY=$(ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "root@$HOSTNAME" "free | awk 'NR==2 {print \$7}'") if [ "$MEMORY" -ge $(( $(stat -c %s "$FILE_PATH") / 1024 + 1024 )) ]; then # File size in KB + 1 MB echo "Memory on $HOSTNAME is sufficient ($MEMORY KB)" From 3c576bf98e8f70f1fabe15903324fabe7dad03f8 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Fri, 16 Aug 2024 14:34:05 +0200 Subject: [PATCH 022/254] model: fix cudy_x6 DSA ports --- group_vars/model_cudy_x6_v1.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/group_vars/model_cudy_x6_v1.yml b/group_vars/model_cudy_x6_v1.yml index 2426aad2c..cfd476b30 100644 --- a/group_vars/model_cudy_x6_v1.yml +++ b/group_vars/model_cudy_x6_v1.yml @@ -4,7 +4,12 @@ brand_nice: Cudy model_nice: X6 version_nice: v1 -int_port: lan +dsa_ports: + - lan1 + - lan2 + - lan3 + - lan4 + - wan wireless_devices: - name: 11a_standard From 7864a9a938e97b89d827686aa798d34f7727d866 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Fri, 16 Aug 2024 14:34:35 +0200 Subject: [PATCH 023/254] kub: automate custom VLAN tagging on kub-ap1 --- locations/kub.yml | 48 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/locations/kub.yml b/locations/kub.yml index d5d25be14..fa95fcb92 100644 --- a/locations/kub.yml +++ b/locations/kub.yml @@ -19,6 +19,54 @@ hosts: - hostname: kub-ap1 role: ap model: "cudy_x6-v1" + host__rclocal__to_merge: + - '#' + - '# This script adjusts the configuration of vlans. This is especially' + - '# useful with uswflex and custom port configs' + - '#' + - '' + - '. /lib/functions.sh' + - '' + - 'handle_vlans() {' + - ' # untag the vlans on different ports based on their id' + - ' local uci_section="$1"' + - '' + - ' config_get vlan "$uci_section" vlan' + - ' config_get ports "$uci_section" ports' + - '' + - '' + - ' case "$vlan" in' + - ' 40)' + - ' # untag DHCP on LAN 1 and LAN 2' + - " port_config='wan:t lan1 lan2 lan3:t lan4:t'" + - ' ;;' + - ' *)' + - ' # do nothing for the other vlans' + - ' printf "Done.\n"' + - ' return' + - ' esac' + - '' + - ' # abort if config is applied already' + - ' if [ "$ports" = "$port_config" ]; then' + - ' printf "Vlan %d applied already.\n" "$vlan"' + - ' return' + - ' fi' + - '' + - ' printf "Port number: %d\n" "$vlan"' + - ' printf "Port config: %s\n" "$port_config"' + - '' + - ' printf "Configuring %s... " "$uci_section"' + - ' uci_set network "$uci_section" ports "$port_config"' + - ' printf "Done.\n"' + - '}' + - '' + - 'config_load network' + - '' + - 'config_foreach handle_vlans "bridge-vlan"' + - '' + - 'uci commit network' + - 'sync' + - 'reload_config' snmp_devices: - hostname: kub-simeon From 982ad9550bbef36219d7fd5be44dd7d256002ec3 Mon Sep 17 00:00:00 2001 From: Ffhener Date: Tue, 27 Aug 2024 15:20:00 +0200 Subject: [PATCH 024/254] sav: fix custom port config --- locations/sav.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/locations/sav.yml b/locations/sav.yml index dcbee9db5..b1768bd18 100644 --- a/locations/sav.yml +++ b/locations/sav.yml @@ -70,6 +70,8 @@ hosts: - 'config_foreach handle_vlans "bridge-vlan"' - ' ' - 'uci commit network' + - 'sync' + - 'reload_config' snmp_devices: - hostname: sav-emma From c59ce101ab630fd53da4f41bc7e03520269150b1 Mon Sep 17 00:00:00 2001 From: Ffhener Date: Tue, 27 Aug 2024 15:21:21 +0200 Subject: [PATCH 025/254] ilr: fix custom port config --- locations/ilr.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/locations/ilr.yml b/locations/ilr.yml index 2c45fc27d..79af67b70 100644 --- a/locations/ilr.yml +++ b/locations/ilr.yml @@ -65,6 +65,8 @@ hosts: - 'config_foreach handle_vlans "bridge-vlan"' - ' ' - 'uci commit network' + - 'sync' + - 'reload_config' snmp_devices: From 01637a1843717d2fd03a44acb5bfffda6db9a123 Mon Sep 17 00:00:00 2001 From: Tom Jannek Date: Tue, 27 Aug 2024 16:55:37 +0200 Subject: [PATCH 026/254] hacrafu-armarian09: init location --- locations/hacrafu-armarian09.yml | 74 ++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 locations/hacrafu-armarian09.yml diff --git a/locations/hacrafu-armarian09.yml b/locations/hacrafu-armarian09.yml new file mode 100644 index 000000000..ce86840d7 --- /dev/null +++ b/locations/hacrafu-armarian09.yml @@ -0,0 +1,74 @@ +--- + +location: hacrafu-armarian09 +location_nice: Dorfstr. 67, 15370 Petershagen +latitude: 52.523780960898534 +longitude: 13.770217896229408 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu e.V." +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-armarian09-core + role: corerouter + model: "dlink_dap-x1860-a1" + wireless_profile: freifunk_hacrafu + +ipv6_prefix: "2001:bf7:850:f00::/56" +# dhcp 10.31.205.0/27 +# mesh5 10.31.203.235/32 +# mesh2 10.31.203.236/32 +# MGMT 10.31.203.237/32 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.203.235/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-armarian09-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.203.236/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-armarian09-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.31.205.0/27 + ipv6_subprefix: 0 + assignments: + hacrafu-armarian09-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.203.237/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-armarian09-core: 1 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de From 182ff7867207f5e233e22af6040f1d1d1d10c813 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 27 Aug 2024 12:02:48 +0000 Subject: [PATCH 027/254] k11: swap core-router, remove AP --- locations/k11.yml | 36 +++--------------------------------- 1 file changed, 3 insertions(+), 33 deletions(-) diff --git a/locations/k11.yml b/locations/k11.yml index 229e5a01d..c3ca80b2d 100644 --- a/locations/k11.yml +++ b/locations/k11.yml @@ -10,14 +10,10 @@ contacts: hosts: - hostname: k11-core role: corerouter - model: "tplink_archer-c7-v2" - wireless_profile: freifunk_default - wifi_roaming: true - - hostname: k11-ap1 - role: ap model: "mikrotik_routerboard-wap-g-5hact2hnd" wireless_profile: freifunk_default - wifi_roaming: true + # remove some packages for smaller image size (only 64 MB of memory) + low_mem: true ipv6_prefix: '2001:bf7:760:100::/56' @@ -53,29 +49,6 @@ networks: mesh_radio: 11g_standard mesh_iface: mesh - # MESH - 5 GHz 802.11s - ap1 - - vid: 22 - role: mesh - name: mesh_ap1_5 - prefix: 10.31.185.130/32 - ipv6_subprefix: -22 - mesh_ap: k11-ap1 - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - ap1 - - vid: 23 - role: mesh - name: mesh_ap1_2 - prefix: 10.31.185.131/32 - ipv6_subprefix: -23 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: k11-ap1 - mesh_radio: 11g_standard - mesh_iface: mesh - # DHCP - vid: 40 role: dhcp @@ -96,17 +69,14 @@ networks: ipv6_subprefix: 1 assignments: k11-core: 1 # 10.31.185.193 - k11-ap1: 2 # 10.31.185.194 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: k11-core: 36-40 - k11-ap1: 36-40 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: - k11-core: 1-20 - k11-ap1: 13-20 + k11-core: 13-20 dns_servers: # quad9 From 99f59ece27235ff0af4e47c0a0a0138e100ded98 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Fri, 30 Aug 2024 02:30:27 +0200 Subject: [PATCH 028/254] rhnk: the Belkin corerouter is safe to use --- locations/rhnk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/rhnk.yml b/locations/rhnk.yml index 21d892ead..2cdd34d55 100644 --- a/locations/rhnk.yml +++ b/locations/rhnk.yml @@ -10,7 +10,7 @@ hosts: - hostname: rhnk-core role: corerouter - model: "mikrotik_routerboard-750gr3" + model: "linksys_e8450-ubi" - hostname: rhnk-nf-bvv role: ap From 4e01b2819ec3f5153914af28e23f0ba849577ee3 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 20 Aug 2024 00:04:42 +0200 Subject: [PATCH 029/254] kiehlufer: new cudy_x6 corerouter --- locations/kiehlufer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/kiehlufer.yml b/locations/kiehlufer.yml index b81d6a5c9..0fdf57855 100644 --- a/locations/kiehlufer.yml +++ b/locations/kiehlufer.yml @@ -28,7 +28,7 @@ hosts: - hostname: kiehlufer-core role: corerouter - model: "linksys_e8450-ubi" + model: "cudy_x6-v1" wireless_profile: freifunk_default - hostname: kiehlufer-huette From 3d999a08e72834cf9a6562102af13dd3c02fbbdb Mon Sep 17 00:00:00 2001 From: Packet Please Date: Thu, 29 Aug 2024 00:43:21 +0200 Subject: [PATCH 030/254] system: make log_size configurable --- group_vars/all/general.yml | 1 + roles/cfg_openwrt/templates/common/config/system.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/group_vars/all/general.yml b/group_vars/all/general.yml index 60a7e2749..1262fca4b 100644 --- a/group_vars/all/general.yml +++ b/group_vars/all/general.yml @@ -1,6 +1,7 @@ --- zonename: 'Europe/Berlin' timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' +log_size: 64 # TODO: find a second good DNS upstream in Berlin dns_servers: diff --git a/roles/cfg_openwrt/templates/common/config/system.j2 b/roles/cfg_openwrt/templates/common/config/system.j2 index 5ecedd0ae..bf0da917b 100644 --- a/roles/cfg_openwrt/templates/common/config/system.j2 +++ b/roles/cfg_openwrt/templates/common/config/system.j2 @@ -3,7 +3,7 @@ config system option zonename '{{ zonename }}' option timezone '{{ timezone }}' option ttylogin '0' - option log_size '64' + option log_size '{{ log_size }}' option urandom_seed '0' option compat_version '9.9' # hardcoded to a bbb-configs exclusive version identifier, matches patch in image builder, because we dont retain device config. {% if role == 'corerouter' or role == 'gateway' %} From eb937e2f6065d35434916ef2d4079cdaacf54d7c Mon Sep 17 00:00:00 2001 From: Packet Please Date: Thu, 29 Aug 2024 01:29:17 +0200 Subject: [PATCH 031/254] suedblock: new IPs with real mgmt network --- locations/suedblock.yml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/locations/suedblock.yml b/locations/suedblock.yml index 1556a3d1f..7da39731e 100644 --- a/locations/suedblock.yml +++ b/locations/suedblock.yml @@ -4,9 +4,9 @@ location_nice: Suedblock latitude: 52.498599118 longitude: 13.416844010 altitude: 33 -contact_nickname: '365ff' +contact_nickname: Stadtfunk gGmbH contacts: - - '365ff [ät] systemli [dot] org' + - noc@stadtfunk.net location__ssh_keys__to_merge: - comment: narfpeng @@ -19,14 +19,19 @@ hosts: model: "cudy_x6-v1" wireless_profile: freifunk_default dhcp_no_ping: false + openwrt_version: snapshot +# 10.248.13.0/24 +# 10.248.13.0/29 - mgmt +# 10.248.13.8/29 - mesh +# 10.248.13.128/25 - dhcp ipv6_prefix: "2001:bf7:830:b100::/56" networks: - vid: 42 role: mgmt - prefix: 10.31.15.196/32 + prefix: 10.248.13.0/29 gateway: 1 dns: 1 ipv6_subprefix: 1 @@ -35,7 +40,7 @@ networks: - vid: 40 role: dhcp - prefix: 10.31.172.128/25 + prefix: 10.248.13.128/25 ipv6_subprefix: 0 inbound_filtering: true enforce_client_isolation: true @@ -49,11 +54,11 @@ networks: - role: tunnel ifname: ts_wg0 mtu: 1280 - prefix: 10.31.172.32/32 + prefix: 10.248.13.8/32 wireguard_port: 51820 - role: tunnel ifname: ts_wg1 mtu: 1280 - prefix: 10.31.172.33/32 + prefix: 10.248.13.9/32 wireguard_port: 51821 From 9c36339e2e3cbac93a95d0ac900f9bcbc1d64597 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Fri, 30 Aug 2024 02:28:22 +0200 Subject: [PATCH 032/254] all: mt76 driver debugging --- locations/huette.yml | 28 ++++++++++++++++------------ locations/hway.yml | 28 +++++++++++++--------------- locations/kiehlufer.yml | 10 ++++++++++ locations/kub.yml | 7 +++++++ locations/radbahn.yml | 14 ++++++++++++-- locations/suedblock.yml | 6 ++++++ 6 files changed, 64 insertions(+), 29 deletions(-) diff --git a/locations/huette.yml b/locations/huette.yml index e7c89966e..d93cbc9d6 100644 --- a/locations/huette.yml +++ b/locations/huette.yml @@ -16,8 +16,12 @@ hosts: role: corerouter model: "zyxel_nwa55axe" wireless_profile: freifunk_default + openwrt_version: snapshot + # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst + log_size: 1024 host__rclocal__to_merge: - - 'cat /etc/crontabs/root | grep reboot 2>/dev/null || echo "15 * * * * reboot" >> /etc/crontabs/root && /etc/init.d/cron restart' + - 'echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm' + ssl__packages__to_merge: [] ipv6_prefix: '2001:bf7:830:2600::/56' @@ -39,17 +43,17 @@ networks: mesh_iface: mesh # MESH - 2.4 GHz 802.11s - - vid: 21 - role: mesh - name: mesh_11s_2ghz - prefix: 10.31.114.2/32 - ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: huette-core - mesh_radio: 11g_standard - mesh_iface: mesh + # - vid: 21 + # role: mesh + # name: mesh_11s_2ghz + # prefix: 10.31.114.2/32 + # ipv6_subprefix: -21 + # # make mesh_metric(s) for 2GHz worse than 5GHz + # mesh_metric: 1024 + # mesh_metric_lqm: ['default 0.8'] + # mesh_ap: huette-core + # mesh_radio: 11g_standard + # mesh_iface: mesh - vid: 40 role: dhcp diff --git a/locations/hway.yml b/locations/hway.yml index b1e3f5b21..30478e257 100644 --- a/locations/hway.yml +++ b/locations/hway.yml @@ -13,16 +13,16 @@ contacts: # - 10.31.255.192/27 dhcp # - 10.31.255.224/28 prdhcp # - 10.31.255.240/29 mesh -# - 10.31.255.240/32 mesh_emma -# - 10.31.255.241/32 ts_wg1 +# - 10.31.255.240/32 mesh_lan +# - 10.31.255.241/32 ts_wg0 # - 10.31.255.248/29 mgmt ipv6_prefix: 2001:bf7:820:2c00::/56 hosts: - # Thinkcentre M720q, i5-8500T, ??GB RAM, ???GB NVMe - # Intel I219 V7 - eth0 - # ConnectX-4 LX CX4121B - eth1, eth2 + # Thinkcentre M720q, i5-8500T, 16GB RAM, 1TB NVMe + # eth0 - Intel I219 V7 + # eth1 eth2 - ConnectX-4 Lx CX4121B - hostname: hway-core role: corerouter model: x86-64 @@ -37,13 +37,14 @@ hosts: - hostname: hway-ap1 role: ap - model: zyxel_nwa50ax - wireless_profile: hway - - - hostname: hway-ap2 - role: ap - model: mikrotik_wap-ac wireless_profile: hway + model: zyxel_nwa50ax + openwrt_version: snapshot + log_size: 1024 + # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst + host__rclocal__to_merge: + - "echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm" + ssl__packages__to_merge: [] snmp_devices: @@ -55,7 +56,7 @@ networks: - vid: 10 role: mesh - name: mesh_emma + name: mesh_lan prefix: 10.31.255.240/32 ipv6_subprefix: -10 @@ -89,7 +90,6 @@ networks: hway-switch: 2 # .255.250 hway-kiehlufer: 3 # .255.251 hway-ap1: 4 # .255.252 - hway-ap2: 5 # .255.253 - vid: 50 ifname: eth1 @@ -104,11 +104,9 @@ networks: location__channel_assignments_11a_standard__to_merge: hway-ap1: 36-40 - hway-ap2: 44-40 location__channel_assignments_11b_standard__to_merge: hway-ap1: 13-20 - hway-ap2: 9-20 location__wireless_profiles__to_merge: - name: hway diff --git a/locations/kiehlufer.yml b/locations/kiehlufer.yml index 0fdf57855..7984effc7 100644 --- a/locations/kiehlufer.yml +++ b/locations/kiehlufer.yml @@ -30,11 +30,21 @@ hosts: role: corerouter model: "cudy_x6-v1" wireless_profile: freifunk_default + openwrt_version: snapshot + # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst + log_size: 1024 + ssl__packages__to_merge: [] - hostname: kiehlufer-huette role: ap model: "zyxel_nwa55axe" wireless_profile: kiehlufer5g + openwrt_version: snapshot + # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst + log_size: 1024 + host__rclocal__to_merge: + - "echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm" + ssl__packages__to_merge: [] - hostname: kiehlufer-nf-wbp1 role: ap diff --git a/locations/kub.yml b/locations/kub.yml index fa95fcb92..2b2e1afd9 100644 --- a/locations/kub.yml +++ b/locations/kub.yml @@ -19,7 +19,13 @@ hosts: - hostname: kub-ap1 role: ap model: "cudy_x6-v1" + openwrt_version: snapshot + # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst + log_size: 1024 host__rclocal__to_merge: + - 'echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm' + - 'echo 1 > /sys/kernel/debug/ieee80211/phy1/mt76/fw_debug_wm' + - '' - '#' - '# This script adjusts the configuration of vlans. This is especially' - '# useful with uswflex and custom port configs' @@ -67,6 +73,7 @@ hosts: - 'uci commit network' - 'sync' - 'reload_config' + ssl__packages__to_merge: [] snmp_devices: - hostname: kub-simeon diff --git a/locations/radbahn.yml b/locations/radbahn.yml index d0f5b7149..df5b68427 100644 --- a/locations/radbahn.yml +++ b/locations/radbahn.yml @@ -18,15 +18,25 @@ hosts: role: ap model: zyxel_nwa55axe wireless_profile: radbahn + openwrt_version: snapshot + # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst + log_size: 1024 host__rclocal__to_merge: - - 'cat /etc/crontabs/root | grep reboot 2>/dev/null || echo "15 * * * * reboot" >> /etc/crontabs/root && /etc/init.d/cron restart' + - 'echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm' + - 'echo 1 > /sys/kernel/debug/ieee80211/phy1/mt76/fw_debug_wm' + ssl__packages__to_merge: [] - hostname: radbahn-w-nf role: ap model: zyxel_nwa55axe wireless_profile: radbahn + openwrt_version: snapshot + # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst + log_size: 1024 host__rclocal__to_merge: - - 'cat /etc/crontabs/root | grep reboot 2>/dev/null || echo "45 * * * * reboot" >> /etc/crontabs/root && /etc/init.d/cron restart' + - 'echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm' + - 'echo 1 > /sys/kernel/debug/ieee80211/phy1/mt76/fw_debug_wm' + ssl__packages__to_merge: [] snmp_devices: diff --git a/locations/suedblock.yml b/locations/suedblock.yml index 7da39731e..8e1675666 100644 --- a/locations/suedblock.yml +++ b/locations/suedblock.yml @@ -20,6 +20,12 @@ hosts: wireless_profile: freifunk_default dhcp_no_ping: false openwrt_version: snapshot + # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst + log_size: 1024 + host__rclocal__to_merge: + - 'echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm' + - 'echo 1 > /sys/kernel/debug/ieee80211/phy1/mt76/fw_debug_wm' + ssl__packages__to_merge: [] # 10.248.13.0/24 # 10.248.13.0/29 - mgmt From c7f2782ccf537a832e4291919ac35e759c36ef36 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 3 Sep 2024 00:14:01 +0200 Subject: [PATCH 033/254] gateway: allow incoming to radbahn, for mt76 debugging --- group_vars/role_gateway/general.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/role_gateway/general.yml b/group_vars/role_gateway/general.yml index 0bd2f72b6..4fea511a3 100644 --- a/group_vars/role_gateway/general.yml +++ b/group_vars/role_gateway/general.yml @@ -94,6 +94,8 @@ inbound_allow: dst: 2001:bf7:830:1029::/64 - name: 'cryptpad.berlin noc@stadtfunk.net' dst: 2001:bf7:750:5b00::/128 + - name: 'radbahn mt76 testing' + dst: 2001:bf7:830:c000::/56 # - name: Rule Description (mandatory) # dst: Destination IP (mandatory) # src: Source IP From c1493934245e0c761f9d8db1f61752df699d0064 Mon Sep 17 00:00:00 2001 From: Nicolas Berens Date: Tue, 10 Sep 2024 12:36:17 +0200 Subject: [PATCH 034/254] ak36-gw: add v6 uplink (#960) * add v6 uplink * change to a p2p addresss * fix typo * add correct asn * fix asns --- locations/ak36.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/locations/ak36.yml b/locations/ak36.yml index b24524037..e02f7e696 100644 --- a/locations/ak36.yml +++ b/locations/ak36.yml @@ -7,14 +7,15 @@ longitude: 13.369589 altitude: 75 community: true +local_asn: 65023 +peer_asn: 44194 + hosts: - hostname: ak36-gw role: gateway model: "x86-64" image_search_pattern: "*-ext4-combined.img*" - ak36__disabled_services__to_merge: - - "bird" snmp_devices: - hostname: ak36-poe-roof @@ -52,7 +53,7 @@ ipv6_prefix: 2001:bf7:750:4000::/56 uplink: ifname: eth0 ipv4: 77.87.51.11/25 - # ipv6: ToDo + ipv6: 2001:bf7:b301:1312::1/127 mgmt: ifname: eth1.42 From aee5a228526e022066e82b09f98ac46def23a9ff Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sat, 24 Aug 2024 16:05:59 +0000 Subject: [PATCH 035/254] model: split ubnt bullet into m2 and m5 --- ...241.yml => model_ubnt_bullet_m2_ar7241.yml} | 2 +- group_vars/model_ubnt_bullet_m5_ar7241.yml | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) rename group_vars/{model_ubnt_bullet_m_ar7241.yml => model_ubnt_bullet_m2_ar7241.yml} (92%) create mode 100644 group_vars/model_ubnt_bullet_m5_ar7241.yml diff --git a/group_vars/model_ubnt_bullet_m_ar7241.yml b/group_vars/model_ubnt_bullet_m2_ar7241.yml similarity index 92% rename from group_vars/model_ubnt_bullet_m_ar7241.yml rename to group_vars/model_ubnt_bullet_m2_ar7241.yml index 9a8a06b04..0aa7f7112 100644 --- a/group_vars/model_ubnt_bullet_m_ar7241.yml +++ b/group_vars/model_ubnt_bullet_m2_ar7241.yml @@ -2,7 +2,7 @@ override_target: "ubnt_bullet-m-ar7241" target: ath79/tiny brand_nice: Ubiquiti -model_nice: Bullet M +model_nice: Bullet M2 version_nice: XM int_port: eth0 diff --git a/group_vars/model_ubnt_bullet_m5_ar7241.yml b/group_vars/model_ubnt_bullet_m5_ar7241.yml new file mode 100644 index 000000000..915cc841a --- /dev/null +++ b/group_vars/model_ubnt_bullet_m5_ar7241.yml @@ -0,0 +1,18 @@ +--- +override_target: "ubnt_bullet-m-ar7241" +target: ath79/tiny +brand_nice: Ubiquiti +model_nice: Bullet M5 +version_nice: XM + +int_port: eth0 + +low_mem: true + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: HT + path: pci0000:00/0000:00:00.0 + ifname_hint: wlan5 + antenna_gain: 13 From f19de449c3c67c7e5f06c935ecf285c12232352c Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Wed, 28 Aug 2024 08:24:52 +0000 Subject: [PATCH 036/254] jup,ska95: use renamed model file --- locations/jup.yml | 2 +- locations/ska95.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/locations/jup.yml b/locations/jup.yml index 39a2cf258..b1f99351c 100644 --- a/locations/jup.yml +++ b/locations/jup.yml @@ -28,7 +28,7 @@ hosts: - hostname: jup-bullet-ap4 role: ap - model: "ubnt_bullet-m-ar7241" + model: "ubnt_bullet-m2-ar7241" - hostname: jup-m5-ap5 role: ap diff --git a/locations/ska95.yml b/locations/ska95.yml index 127c5b983..9edb16d81 100644 --- a/locations/ska95.yml +++ b/locations/ska95.yml @@ -38,7 +38,7 @@ hosts: - hostname: ska95-cortile role: ap - model: ubnt_bullet-m-ar7241 + model: ubnt_bullet-m2-ar7241 snmp_devices: - hostname: ska95-emma From f2bd978a1247cdf3a8dc4f35ea1a16c3d4002e98 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 27 Aug 2024 11:01:33 +0000 Subject: [PATCH 037/254] packages: no debug packages with low_mem --- roles/cfg_openwrt/tasks/conditional_packages.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/tasks/conditional_packages.yml b/roles/cfg_openwrt/tasks/conditional_packages.yml index 76222d0c0..dadafbc88 100644 --- a/roles/cfg_openwrt/tasks/conditional_packages.yml +++ b/roles/cfg_openwrt/tasks/conditional_packages.yml @@ -44,8 +44,9 @@ set_fact: packages: "{{ packages + ['mosh-server', 'tmux'] }}" when: - - not (low_flash | default(false)) - role == 'corerouter' + - not (low_mem | default(false)) + - not (low_flash | default(false)) - name: "Remove or replace packages on low mem and low flash" set_fact: From dfdf94629aca8a3a277e9596d5096c7de24914ba Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 27 Aug 2024 11:38:08 +0000 Subject: [PATCH 038/254] packages: also remove other iwinfo related packages --- roles/cfg_openwrt/tasks/conditional_packages.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/cfg_openwrt/tasks/conditional_packages.yml b/roles/cfg_openwrt/tasks/conditional_packages.yml index dadafbc88..e14cff1bd 100644 --- a/roles/cfg_openwrt/tasks/conditional_packages.yml +++ b/roles/cfg_openwrt/tasks/conditional_packages.yml @@ -56,6 +56,8 @@ - -ethtool - -iperf3 - -iwinfo + - -libiwinfo-lua + - -collectd-mod-iwinfo - -kmod-ipt-core - -kmod-ipt-offload - -kmod-nf-ipt From 1a3328e24201795771437c2cce7aea38df00fa0f Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Fri, 30 Aug 2024 10:06:28 +0000 Subject: [PATCH 039/254] model: add requires_mac_override setting --- group_vars/model_dlink_covr_x1860_a1.yml | 4 ++++ group_vars/model_mikrotik_sxtsq_2_lite.yml | 4 ++++ group_vars/model_mikrotik_sxtsq_5_ac.yml | 4 ++++ group_vars/model_netgear_wax202.yml | 4 ++++ group_vars/model_netgear_wax220.yml | 2 ++ 5 files changed, 18 insertions(+) diff --git a/group_vars/model_dlink_covr_x1860_a1.yml b/group_vars/model_dlink_covr_x1860_a1.yml index 5cc79763e..44b9bd2ea 100644 --- a/group_vars/model_dlink_covr_x1860_a1.yml +++ b/group_vars/model_dlink_covr_x1860_a1.yml @@ -8,6 +8,10 @@ dsa_ports: - internet - ethernet +# Mac address can be read with the following command: +# cat /dev/mtdblock$(grep -w 'config2' /proc/mtd | sed -n 's/^mtd\([0-9]\+\):.*/\1/p') | grep -o 'factory_mac=[^ ]*' | cut -d= -f2 +requires_mac_override: true + wireless_devices: - name: 11a_standard band: 5g diff --git a/group_vars/model_mikrotik_sxtsq_2_lite.yml b/group_vars/model_mikrotik_sxtsq_2_lite.yml index 954e7aa42..ffb45531c 100644 --- a/group_vars/model_mikrotik_sxtsq_2_lite.yml +++ b/group_vars/model_mikrotik_sxtsq_2_lite.yml @@ -6,6 +6,10 @@ model_nice: SXTsq Lite2 int_port: eth0 +# Mac address can be read with the following command: +# cat /sys/firmware/mikrotik/hard_config/mac_base +requires_mac_override: true + wireless_devices: - name: 11g_standard band: 2g diff --git a/group_vars/model_mikrotik_sxtsq_5_ac.yml b/group_vars/model_mikrotik_sxtsq_5_ac.yml index 820a390bd..a7469b77b 100644 --- a/group_vars/model_mikrotik_sxtsq_5_ac.yml +++ b/group_vars/model_mikrotik_sxtsq_5_ac.yml @@ -10,6 +10,10 @@ model__packages__to_merge: dsa_ports: - lan +# Mac address can be read with the following command: +# cat /sys/firmware/mikrotik/hard_config/mac_base +requires_mac_override: true + wireless_devices: - name: 11a_standard band: 5g diff --git a/group_vars/model_netgear_wax202.yml b/group_vars/model_netgear_wax202.yml index 67738a5e7..c3b488883 100644 --- a/group_vars/model_netgear_wax202.yml +++ b/group_vars/model_netgear_wax202.yml @@ -9,6 +9,10 @@ dsa_ports: - lan2 - lan3 +# Mac address can be read with the following command: +# cat /dev/mtdblock$(grep -w 'Config' /proc/mtd | sed -n 's/^mtd\([0-9]\+\):.*/\1/p') | grep -o 'mac=[^ ]*' | cut -d= -f2 +requires_mac_override: true + wireless_devices: - name: 11a_standard band: 5g diff --git a/group_vars/model_netgear_wax220.yml b/group_vars/model_netgear_wax220.yml index d91c356b1..02640c5cc 100644 --- a/group_vars/model_netgear_wax220.yml +++ b/group_vars/model_netgear_wax220.yml @@ -4,6 +4,8 @@ brand_nice: NETGEAR model_nice: WAX220 int_port: eth0 +requires_mac_override: true + wireless_devices: - name: 11a_standard band: 5g From 86ff9f69c190f9c60225d3dee84961c78fe4bd6b Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Fri, 30 Aug 2024 10:06:41 +0000 Subject: [PATCH 040/254] workflows: check for missing mac_overrides --- .github/checks/check-mac-override-missing.sh | 58 +++++++++++++++++++ .../workflows/check-mac-override-missing.yml | 17 ++++++ 2 files changed, 75 insertions(+) create mode 100755 .github/checks/check-mac-override-missing.sh create mode 100644 .github/workflows/check-mac-override-missing.yml diff --git a/.github/checks/check-mac-override-missing.sh b/.github/checks/check-mac-override-missing.sh new file mode 100755 index 000000000..760f3da90 --- /dev/null +++ b/.github/checks/check-mac-override-missing.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +# Initialize a variable to track if any errors are found +error_found=0 + +# Define patterns for location files and model files +location_files='locations/*.yml' +model_files='group_vars/model_*.yml' + +# Find all models that require a mac_override +declare -A mac_override_required_models + +for model_file_path in $model_files; do + # Extract model name from file path + model_file=$(basename "$model_file_path" .yml) + model_name=${model_file#model_} + + # Check if the model requires mac_override + requires_mac_override=$(yq '.requires_mac_override' "$model_file_path" | tr -d '"') + + # Store the result in the associative array + mac_override_required_models["$model_name"]=$requires_mac_override +done + +# Find all missing mac_overrides +for location_file in $location_files; do + # Get hosts as a single YAML block to minimize calls to yq + hosts=$(yq '.hosts' "$location_file") + + # Loop through each host entry + for i in $(seq 0 $(($(echo "$hosts" | yq '. | length') - 1))); do + hostname=$(echo "$hosts" | yq ".[$i].hostname" | tr -d '"') + model=$(echo "$hosts" | yq ".[$i].model" | tr -d '"') + mac_override=$(echo "$hosts" | yq ".[$i].mac_override" | tr -d '"') + + # Convert model name to match the model file format (underscore instead of hyphen) + model_name=${model//-/_} + + # Check if the model requires mac_override using the associative array + requires_mac_override=${mac_override_required_models["$model_name"]} + + if [ "$requires_mac_override" = "true" ]; then + if [ "$mac_override" == "null" ]; then + # Output the missing mac_override details immediately + echo "Host $hostname (model: $model) in $location_file is missing mac_override." + error_found=1 + fi + fi + done +done + +# Exit with a non-zero status code if any errors were found +if [ "$error_found" -eq 1 ]; then + exit 1 +else + echo "No MAC override issues found." +fi + diff --git a/.github/workflows/check-mac-override-missing.yml b/.github/workflows/check-mac-override-missing.yml new file mode 100644 index 000000000..42211da5d --- /dev/null +++ b/.github/workflows/check-mac-override-missing.yml @@ -0,0 +1,17 @@ +--- +name: Check missing mac_overrides + +on: [push, pull_request] # yamllint disable-line rule:truthy + +jobs: + check-mac-override-missing: + runs-on: ubuntu-latest + steps: + - name: Checkout branch + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Run mac_override missing check + run: | + ./.github/checks/check-mac-override-missing.sh From 6efcdaf979d1a8cecb1e570402e5d286ee29eeda Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 27 Aug 2024 20:29:07 +0200 Subject: [PATCH 041/254] gateway: allow DNS to bypass stateful tracking, ratelimited. DNS resolvers reply faster that our state replicatin syncs --- group_vars/role_gateway/general.yml | 4 ++++ .../chain_prepend_forward_uplink_allow_unestablished_flows.j2 | 1 + 2 files changed, 5 insertions(+) diff --git a/group_vars/role_gateway/general.yml b/group_vars/role_gateway/general.yml index 4fea511a3..9f7f53910 100644 --- a/group_vars/role_gateway/general.yml +++ b/group_vars/role_gateway/general.yml @@ -55,6 +55,10 @@ gre_metric: 64 conntrackd_port: 3780 +# Rate Limit for DNS replies +untracked_flows_dns_rate: 5000 +untracked_flows_dns_burst: 2500 + # Rate Limit for packets with ACK flag set untracked_flows_tcp_ack_rate: 5000 untracked_flows_tcp_ack_burst: 2500 diff --git a/roles/cfg_openwrt/templates/gateway/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows.j2 b/roles/cfg_openwrt/templates/gateway/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows.j2 index a4bae5675..efdd78841 100644 --- a/roles/cfg_openwrt/templates/gateway/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows.j2 +++ b/roles/cfg_openwrt/templates/gateway/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows.j2 @@ -1,3 +1,4 @@ +meta nfproto ipv6 udp sport 53 limit rate {{ untracked_flows_dns_rate }}/second burst {{ untracked_flows_dns_burst }} packets counter accept comment "Allow DNS ratelimited, because resolvers answer quicker than Conntrack sync" meta nfproto ipv6 tcp flags & ack == ack limit rate {{ untracked_flows_tcp_ack_rate }}/second burst {{ untracked_flows_tcp_ack_burst }} packets counter accept comment "Allow established connections which not made it in the conntrack sync yet" meta nfproto ipv6 tcp flags & rst == rst limit rate {{ untracked_flows_tcp_rst_rate }}/second burst {{ untracked_flows_tcp_rst_burst }} packets counter accept comment "Allow established connections which not made it in the conntrack sync yet" meta nfproto ipv6 tcp flags & ack == ack counter accept comment "Limit exceeded ACK" From 17e17be8d128ee3395cca8e532c83c4529f9d50f Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 27 Aug 2024 20:31:16 +0200 Subject: [PATCH 042/254] gateway: fix logic error in tcp syn/ack bypass --- .../chain_prepend_forward_uplink_allow_unestablished_flows.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/cfg_openwrt/templates/gateway/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows.j2 b/roles/cfg_openwrt/templates/gateway/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows.j2 index efdd78841..0571f6102 100644 --- a/roles/cfg_openwrt/templates/gateway/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows.j2 +++ b/roles/cfg_openwrt/templates/gateway/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows.j2 @@ -1,5 +1,5 @@ meta nfproto ipv6 udp sport 53 limit rate {{ untracked_flows_dns_rate }}/second burst {{ untracked_flows_dns_burst }} packets counter accept comment "Allow DNS ratelimited, because resolvers answer quicker than Conntrack sync" meta nfproto ipv6 tcp flags & ack == ack limit rate {{ untracked_flows_tcp_ack_rate }}/second burst {{ untracked_flows_tcp_ack_burst }} packets counter accept comment "Allow established connections which not made it in the conntrack sync yet" meta nfproto ipv6 tcp flags & rst == rst limit rate {{ untracked_flows_tcp_rst_rate }}/second burst {{ untracked_flows_tcp_rst_burst }} packets counter accept comment "Allow established connections which not made it in the conntrack sync yet" -meta nfproto ipv6 tcp flags & ack == ack counter accept comment "Limit exceeded ACK" -meta nfproto ipv6 tcp flags & rst == rst counter accept comment "Limit exceeded RST" +meta nfproto ipv6 tcp flags & ack == ack counter comment "Limit exceeded ACK" +meta nfproto ipv6 tcp flags & rst == rst counter comment "Limit exceeded RST" From 91be9552b33720bbf17670316ecdd36db2db5276 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Wed, 4 Sep 2024 18:01:12 +0200 Subject: [PATCH 043/254] linie206: replace corerouter with Routerboard 750gr3 --- locations/linie206.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/linie206.yml b/locations/linie206.yml index 523fdf595..520b41db8 100644 --- a/locations/linie206.yml +++ b/locations/linie206.yml @@ -13,7 +13,7 @@ hosts: - hostname: linie206-core role: corerouter - model: "linksys_e8450-ubi" + model: "mikrotik_routerboard-750gr3" wireless_profile: freifunk_default - hostname: linie206-nf-o-5ghz From b8874781481a0eb0c4bd3ec8d4b6f0ba56126064 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Fri, 13 Sep 2024 11:15:48 +0200 Subject: [PATCH 044/254] gateways: added collectd-mod-snmp to fix monitoring (#967) --- group_vars/role_gateway/imageprofile.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/role_gateway/imageprofile.yml b/group_vars/role_gateway/imageprofile.yml index b6e910fd9..2c082bf85 100644 --- a/group_vars/role_gateway/imageprofile.yml +++ b/group_vars/role_gateway/imageprofile.yml @@ -3,6 +3,7 @@ role_uplink_gw__packages__to_merge: - -wpad-openssl - collectd-mod-conntrack - collectd-mod-olsrd + - collectd-mod-snmp - collectd-mod-snmp6 - olsrd - olsrd-mod-arprefresh From 7ab17753567a16c9cacbdba34e5cbe153d40980b Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sat, 14 Sep 2024 00:20:38 +0200 Subject: [PATCH 045/254] corerouter/gateway: configure olsrd6 solely for name resolution Might be an unconventional approach, but is at the moment the only turnkey solution to get us basic hostname resolution for ipv6. Routing is of course /dev/zero'ed. --- .../templates/corerouter/config/olsrd6.j2 | 53 +++++++++++++++++++ .../templates/gateway/config/olsrd6.j2 | 49 +++++++++++++++++ 2 files changed, 102 insertions(+) create mode 100644 roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 create mode 100644 roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 diff --git a/roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 b/roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 new file mode 100644 index 000000000..2e3979c5c --- /dev/null +++ b/roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 @@ -0,0 +1,53 @@ +#jinja2: trim_blocks: "true", lstrip_blocks: "true" +config LoadPlugin + option library 'olsrd_nameservice' + option suffix '.olsr6' + option hosts_file '/tmp/hosts/olsr6' + option latlon_file '/tmp/_unused_olsr6_latlon.js' + option services_file '/tmp/_unused_olsr6_services' + +config LoadPlugin + option accept '::' + option ipv6only 'true' + option library 'olsrd_jsoninfo' + option ignore '0' + +config olsrd + option IpVersion '6' + option FIBMetric 'flat' + option AllowNoInt 'yes' + option TcRedundancy '2' + option NatThreshold '0.75' + option LinkQualityAlgorithm 'etx_ff' + option SmartGateway 'no' + option Pollrate '0.025' + option LinkQualityLevel '2' + option OlsrPort '698' + option Willingness '3' + option TosValue '16' + option RtTable '666' + option RtTableDefault '666' + +config InterfaceDefaults + option MidValidityTime '500.0' + option TcInterval '2.0' + option HnaValidityTime '125.0' + option HelloValidityTime '125.0' + option TcValidityTime '500.0' + option MidInterval '50.0' + option HelloInterval '15.0' + option HnaInterval '30.0' + +{% for network in networks | selectattr('role', 'equalto', 'mesh') %} +config Interface + option ignore '0' + option interface '{{ network['name'] if 'name' in network else network['role'] }}' + option Mode '{{ 'ether' if network.get('ptp') else 'mesh' }}' +{% endfor %} + +{% for tunnel in networks | selectattr('role', 'equalto', 'tunnel') %} +config Interface + option interface '{{ tunnel['ifname'] }}' + option Mode 'ether' + option ignore 0 +{% endfor %} diff --git a/roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 b/roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 new file mode 100644 index 000000000..ef88d71de --- /dev/null +++ b/roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 @@ -0,0 +1,49 @@ +#jinja2: trim_blocks: "true", lstrip_blocks: "true" +config LoadPlugin + option library 'olsrd_nameservice' + option suffix '.olsr6' + option hosts_file '/tmp/hosts/olsr6' + option latlon_file '/tmp/_unused_olsr6_latlon.js' + option services_file '/tmp/_unused_olsr6_services' + +config LoadPlugin + option accept '::' + option ipv6only 'true' + option library 'olsrd_jsoninfo' + option ignore '0' + +config olsrd + option IpVersion '6' + option FIBMetric 'flat' + option AllowNoInt 'yes' + option TcRedundancy '2' + option NatThreshold '0.75' + option LinkQualityAlgorithm 'etx_ff' + option SmartGateway 'no' + option Pollrate '0.025' + option LinkQualityLevel '2' + option OlsrPort '698' + option Willingness '3' + option TosValue '16' + option RtTable '666' + option RtTableDefault '666' + +config InterfaceDefaults + option MidValidityTime '500.0' + option TcInterval '2.0' + option HnaValidityTime '125.0' + option HelloValidityTime '125.0' + option TcValidityTime '500.0' + option MidInterval '50.0' + option HelloInterval '15.0' + option HnaInterval '30.0' + +{% if mesh_links is defined and mesh_links|length>0 %} + {% for interface in mesh_links %} +config Interface + option ignore '0' + option interface '{{ interface['name'] }}' + option Mode '{{ 'ether' if interface.get('ptp') else 'mesh' }}' + {% endfor %} +{% endif %} + From dcd0bd0dce34e3d51e508c6c100d4b7319d7790a Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sat, 14 Sep 2024 00:23:17 +0200 Subject: [PATCH 046/254] gateway/corerouter: reenable olsrd6 :) --- group_vars/all/imageprofile.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/all/imageprofile.yml b/group_vars/all/imageprofile.yml index d23649505..daa20595e 100644 --- a/group_vars/all/imageprofile.yml +++ b/group_vars/all/imageprofile.yml @@ -45,5 +45,5 @@ all_luci_base__packages__to_merge: - uhttpd - uhttpd-mod-ubus -all_disabled_services__to_merge: - - "olsrd6" +#all_disabled_services__to_merge: +# - "olsrd6" From 239cb33022b75d1a15cb136068b59059bf675ebf Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 22 Sep 2024 08:55:55 +0000 Subject: [PATCH 047/254] workflows: perform mac-override-check only on changed files --- .github/checks/check-mac-override-missing.sh | 29 ++++++++++++++++--- .../workflows/check-mac-override-missing.yml | 20 +++++++++++-- 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/.github/checks/check-mac-override-missing.sh b/.github/checks/check-mac-override-missing.sh index 760f3da90..627ea63b4 100755 --- a/.github/checks/check-mac-override-missing.sh +++ b/.github/checks/check-mac-override-missing.sh @@ -3,10 +3,23 @@ # Initialize a variable to track if any errors are found error_found=0 -# Define patterns for location files and model files -location_files='locations/*.yml' +# Define patterns for model files model_files='group_vars/model_*.yml' +# If location files are passed as arguments, override the default location_files variable +if [ "$#" -gt 0 ]; then + # Treat location_files as an array to handle multiple arguments + location_files=("$@") +else + # Use the default pattern if no arguments are passed + location_files=(locations/*.yml) +fi + +# If location files are passed as arguments, override the location_files variable +if [ "$#" -gt 0 ]; then + location_files=("$@") +fi + # Find all models that require a mac_override declare -A mac_override_required_models @@ -22,8 +35,14 @@ for model_file_path in $model_files; do mac_override_required_models["$model_name"]=$requires_mac_override done -# Find all missing mac_overrides -for location_file in $location_files; do +# Find all missing mac_overrides in the provided or all location files +for location_file in "${location_files[@]}"; do + # Check if the file exists (in case only some files were passed in GitHub Action) + if [ ! -f "$location_file" ]; then + echo "File $location_file does not exist, skipping." + continue + fi + # Get hosts as a single YAML block to minimize calls to yq hosts=$(yq '.hosts' "$location_file") @@ -51,6 +70,8 @@ done # Exit with a non-zero status code if any errors were found if [ "$error_found" -eq 1 ]; then + echo "Please look at the model files of the devices missing a mac_override for documentation" + echo "about how to read the mac_address from the device." exit 1 else echo "No MAC override issues found." diff --git a/.github/workflows/check-mac-override-missing.yml b/.github/workflows/check-mac-override-missing.yml index 42211da5d..ed35aeed7 100644 --- a/.github/workflows/check-mac-override-missing.yml +++ b/.github/workflows/check-mac-override-missing.yml @@ -12,6 +12,22 @@ jobs: with: fetch-depth: 0 - - name: Run mac_override missing check + # Get a list of changed files and pass them to the script + - name: Get Changed Files and Run mac_override missing check run: | - ./.github/checks/check-mac-override-missing.sh + # Fetch previous commits for comparison + git fetch origin main + + # Get list of changed files compared to main branch + changed_files=$(git diff --name-only origin/main) + + # Filter out only the location files from the list of changed files + location_files=$(echo "$changed_files" | grep -E '^locations/.*\.yml$' || true) + + if [ -z "$location_files" ]; then + echo "No location files changed, skipping check." + exit 0 + fi + + # Run the mac_override check script with the filtered location files + ./.github/checks/check-mac-override-missing.sh "$location_files" From a8e0d52eeeb3a9802c6bc50dc0468124ec7b881f Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 22 Sep 2024 09:47:18 +0000 Subject: [PATCH 048/254] docs: added information about mac_override --- DEVELOPER.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/DEVELOPER.md b/DEVELOPER.md index 73c751783..160072827 100644 --- a/DEVELOPER.md +++ b/DEVELOPER.md @@ -68,6 +68,15 @@ Multiple ports can be specified as a list: ```yml poe_on: [0,1,2,3] ``` + +A few devices also require an override to properly set the MAC address. The command to read the address from the device should be documented in the corresponding model file. + +Without the `mac_override` these devices will still function, but generate a new MAC address on each boot. This causes the devices to appear multiple times in the devices listing of switches and also changes the link local address of the device as it is based on the MAC address. + +```yml + mac_override: {eth0: XX:XX:XX:XX:XX:XX} +``` + ### monitoring All OpenWrt-devices have monitoring enabled. To activate monitoring for other devices we use SNMP. The core router will collect and report statistics for the devices. Make sure SNMP is activated on the proprietary device with the community set to public. You can find an overview with all available profiles at `group_vars/all/snmp_profiles.yml` From ca8856059ba5f957e0953ab5e9ebcbecbbd0fbe2 Mon Sep 17 00:00:00 2001 From: Polynomialdivision Date: Tue, 17 Sep 2024 16:54:34 +0200 Subject: [PATCH 049/254] model: add TOTOLINK A7000R --- group_vars/model_totolink_a7000r.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 group_vars/model_totolink_a7000r.yml diff --git a/group_vars/model_totolink_a7000r.yml b/group_vars/model_totolink_a7000r.yml new file mode 100644 index 000000000..4b37e624d --- /dev/null +++ b/group_vars/model_totolink_a7000r.yml @@ -0,0 +1,23 @@ +--- +target: ramips/mt7621 +brand_nice: TOTOLINK +model_nice: A7000R + +dsa_ports: + - wan + - lan1 + - lan2 + - lan3 + - lan4 + +wireless_devices: + - name: 11g_standard + band: 2g + htmode_prefix: HT + path: 1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0 + ifname_hint: wlan2 + - name: 11a_standard + band: 5g + htmode_prefix: VHT + path: 1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0 + ifname_hint: wlan5 From 2c345b563ec88e2c7fde09506351e276cc699f1f Mon Sep 17 00:00:00 2001 From: Polynomialdivision Date: Tue, 17 Sep 2024 16:55:03 +0200 Subject: [PATCH 050/254] tempelwg: add new location --- locations/tempelwg.yml | 160 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100644 locations/tempelwg.yml diff --git a/locations/tempelwg.yml b/locations/tempelwg.yml new file mode 100644 index 000000000..87bedfa5f --- /dev/null +++ b/locations/tempelwg.yml @@ -0,0 +1,160 @@ +--- +location: tempelwg +location_nice: U-Alt Tempelhof +latitude: 52.465551 +longitude: 13.38598 +contacts: + - "@nick:matrix.riotcat.org" + +hosts: + - hostname: tempelwg-core + role: corerouter + model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:db:59:cb} + wireless_profile: tempelwg + + - hostname: tempelwg-ap-tini + role: ap + model: "totolink_a7000r" + wireless_profile: tempelwg + +ipv6_prefix: "2001:bf7:810:1500::/56" + +dhcp_no_ping: false + +# Reserved Prefixes: +# 10.248.17.0/26, 2001:bf7:810:1500::/56 +# MGMT: 10.248.17.0/28 +# MESH: 10.248.17.16/28 +# DHCP: 10.248.17.32/27 + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.248.17.16/32 + ipv6_subprefix: -20 + mesh_ap: tempelwg-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.248.17.17/32 + ipv6_subprefix: -21 + # make mesh_metric(s) for 2GHz worse than 5GHz + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.8'] + mesh_ap: tempelwg-core + mesh_radio: 11g_standard + mesh_iface: mesh + + - vid: 42 + role: mgmt + prefix: 10.248.17.0/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + tempelwg-core: 1 + tempelwg-ap-tini: 2 + + - vid: 40 + role: dhcp + prefix: 10.248.17.32/27 + ipv6_subprefix: 0 + inbound_filtering: true + enforce_client_isolation: true + assignments: + tempelwg-core: 1 + + - vid: 50 + name: prdhcp + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.17.18/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.17.19/32 + wireguard_port: 51821 + +location__channel_assignments_11g_standard__to_merge: + tempelwg-core: 13-20 + tempelwg-ap-tini: 1-20 + +location__channel_assignments_11a_standard__to_merge: + tempelwg-core: 36-40 + tempelwg-ap-tini: 48-40 + +location__wireless_profiles__to_merge: + - name: tempelwg + devices: + - radio: 11a_standard + legacy_rates: false + country: DE + + - radio: 11g_standard + legacy_rates: false + country: DE + + ifaces: + - mode: ap + ssid: berlin.freifunk.net + encryption: none + network: dhcp + radio: [11a_standard, 11g_standard] + ifname_hint: ff + owe_transition_ifname_hint: ffowe + + - mode: ap + ssid: berlin.freifunk.net OWE + hidden: true + encryption: owe + network: dhcp + radio: [11a_standard, 11g_standard] + ifname_hint: ffowe + owe_transition_ifname_hint: ff + ieee80211w: 1 + + - mode: ap + ssid: o2-WLAN68 + encryption: sae-mixed + key: 'file:/root/wifi_pass' + network: prdhcp + radio: [11a_standard, 11g_standard] + ifname_hint: pr + + - mode: mesh + mesh_id: Mesh-Freifunk-Berlin + radio: [11a_standard, 11g_standard] + mcast_rate: 12000 + mesh_fwding: 0 + ifname_hint: mesh + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 + +# only place this ssh-keys +ssh_keys: + - comment: Nick + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrryeA5Nj8TJzX0hjujDQvrrBRpDFjhGJKn297zhoij nick@systemli.org From 7df84d95a5bcb848000b981164a3a96e428b229b Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sat, 10 Aug 2024 23:34:35 +0200 Subject: [PATCH 051/254] corerouter: implement olsrd-babel ipv4 soft migration --- group_vars/role_corerouter/imageprofile.yml | 2 + .../files/common/iproute2/rt_tables | 20 ++++++++ .../cfg_openwrt/files/corerouter/babeld.conf | 1 + roles/cfg_openwrt/files/corerouter/bird.conf | 47 +++++++++++++++++++ .../files/corerouter/iproute2/rt_tables | 1 + .../templates/common/config/network.j2 | 22 +++++++++ .../templates/corerouter/config/olsrd.j2 | 2 + 7 files changed, 95 insertions(+) create mode 100644 roles/cfg_openwrt/files/common/iproute2/rt_tables create mode 100644 roles/cfg_openwrt/files/corerouter/babeld.conf create mode 100644 roles/cfg_openwrt/files/corerouter/bird.conf create mode 120000 roles/cfg_openwrt/files/corerouter/iproute2/rt_tables diff --git a/group_vars/role_corerouter/imageprofile.yml b/group_vars/role_corerouter/imageprofile.yml index 868111950..65767c205 100644 --- a/group_vars/role_corerouter/imageprofile.yml +++ b/group_vars/role_corerouter/imageprofile.yml @@ -1,5 +1,7 @@ --- role_corerouter__packages__to_merge: + - bird2 + - bird2c - babeld - luci-app-babeld - collectd-mod-dhcpleases diff --git a/roles/cfg_openwrt/files/common/iproute2/rt_tables b/roles/cfg_openwrt/files/common/iproute2/rt_tables new file mode 100644 index 000000000..f2b20ed9a --- /dev/null +++ b/roles/cfg_openwrt/files/common/iproute2/rt_tables @@ -0,0 +1,20 @@ +# +# reserved values +# +128 prelocal +255 local +254 main +253 default + +0 unspec +# +# local +# +#1 inr.ruhep + +10 babel-ff +11 babel-default +12 babel-src +20 olsr-ff +21 olsr-default + diff --git a/roles/cfg_openwrt/files/corerouter/babeld.conf b/roles/cfg_openwrt/files/corerouter/babeld.conf new file mode 100644 index 000000000..9396a788c --- /dev/null +++ b/roles/cfg_openwrt/files/corerouter/babeld.conf @@ -0,0 +1 @@ +export-table 12 diff --git a/roles/cfg_openwrt/files/corerouter/bird.conf b/roles/cfg_openwrt/files/corerouter/bird.conf new file mode 100644 index 000000000..9683d4129 --- /dev/null +++ b/roles/cfg_openwrt/files/corerouter/bird.conf @@ -0,0 +1,47 @@ +log syslog all; +debug protocols all; + +ipv4 table babel_src; +ipv4 table babel_ff; +ipv4 table babel_default; + +protocol device { +} + +protocol kernel { + learn; + kernel table 12; + ipv4 { + table babel_src; + import all; + }; +} + +protocol kernel { + kernel table 10; + ipv4 { + table babel_ff; + export all; + }; +} + +protocol kernel { + kernel table 11; + ipv4 { + table babel_default; + export all; + }; +} + + +protocol pipe { + table babel_src; + peer table babel_ff; + export where net != 0.0.0.0/0; +} + +protocol pipe { + table babel_src; + peer table babel_default; + export where net = 0.0.0.0/0; +} diff --git a/roles/cfg_openwrt/files/corerouter/iproute2/rt_tables b/roles/cfg_openwrt/files/corerouter/iproute2/rt_tables new file mode 120000 index 000000000..c0ed137f3 --- /dev/null +++ b/roles/cfg_openwrt/files/corerouter/iproute2/rt_tables @@ -0,0 +1 @@ +../../common/iproute2/rt_tables \ No newline at end of file diff --git a/roles/cfg_openwrt/templates/common/config/network.j2 b/roles/cfg_openwrt/templates/common/config/network.j2 index 6e94bcd28..4596e834d 100644 --- a/roles/cfg_openwrt/templates/common/config/network.j2 +++ b/roles/cfg_openwrt/templates/common/config/network.j2 @@ -2,6 +2,28 @@ {% set profile = wireless_profiles | selectattr('name', 'equalto', wireless_profile) | list | first %} {% set wifi_networks = profile | json_query('ifaces[].network') | default([], true) %} + +# Babel inserts into seperate route table, add that to lookup list for IPv6 +config rule6 + option priority 33000 + option lookup 'babel-src' + +# IPv4 Soft Migration by priotizing Babel over OLSR +config rule + option priority 33100 + option lookup 'babel-ff' + +config rule + option priority 33101 + option lookup 'olsr-ff' + +config rule + option priority 33200 + option lookup 'babel-default' +config rule + option priority 33201 + option lookup 'olsr-default' + config interface 'loopback' option device 'lo' option proto 'static' diff --git a/roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 b/roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 index 2eb55f6da..f23d0f457 100644 --- a/roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 +++ b/roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 @@ -40,6 +40,8 @@ config olsrd option OlsrPort '698' option Willingness '3' option TosValue '16' + option RtTable '20' + option RtTableDefault '21' config InterfaceDefaults option MidValidityTime '500.0' From 3becaa728ae7f12f5958e0cd171dec0a4d383af4 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Fri, 20 Sep 2024 16:08:50 +0000 Subject: [PATCH 052/254] olsrd: unify suffix --- roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 | 2 +- roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 b/roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 index 2e3979c5c..c05004569 100644 --- a/roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 +++ b/roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 @@ -1,7 +1,7 @@ #jinja2: trim_blocks: "true", lstrip_blocks: "true" config LoadPlugin option library 'olsrd_nameservice' - option suffix '.olsr6' + option suffix '.olsr' option hosts_file '/tmp/hosts/olsr6' option latlon_file '/tmp/_unused_olsr6_latlon.js' option services_file '/tmp/_unused_olsr6_services' diff --git a/roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 b/roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 index ef88d71de..83e1e29e1 100644 --- a/roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 @@ -1,7 +1,7 @@ #jinja2: trim_blocks: "true", lstrip_blocks: "true" config LoadPlugin option library 'olsrd_nameservice' - option suffix '.olsr6' + option suffix '.olsr' option hosts_file '/tmp/hosts/olsr6' option latlon_file '/tmp/_unused_olsr6_latlon.js' option services_file '/tmp/_unused_olsr6_services' From 486a7142bec23ab55b60ffa7e10524cce3e445ce Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Thu, 25 Jul 2024 04:55:23 +0000 Subject: [PATCH 053/254] hts4: deactivate roaming, change channel --- locations/hts4.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/locations/hts4.yml b/locations/hts4.yml index 5bafe4b03..512b764f0 100644 --- a/locations/hts4.yml +++ b/locations/hts4.yml @@ -25,12 +25,10 @@ hosts: role: corerouter model: "dlink_dap-x1860-a1" wireless_profile: hts4 - wifi_roaming: true - hostname: hts4-ap role: ap model: "dlink_dap-x1860-a1" wireless_profile: hts4 - wifi_roaming: true ipv6_prefix: '2001:bf7:830:bf00::/56' @@ -103,8 +101,8 @@ location__channel_assignments_11a_standard__to_merge: # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: - hts4-core: 13-20 - hts4-ap: 1-20 + hts4-core: 1-20 + hts4-ap: 6-20 # Wireless profile location__wireless_profiles__to_merge: From 97c5b2a6ee3a3dbcca71573f05d9cadc7a51fb79 Mon Sep 17 00:00:00 2001 From: Nicolas Berens Date: Mon, 23 Sep 2024 11:16:34 +0200 Subject: [PATCH 054/254] bbbvpn is on another interface (#975) --- locations/ak36.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/ak36.yml b/locations/ak36.yml index e02f7e696..97a951193 100644 --- a/locations/ak36.yml +++ b/locations/ak36.yml @@ -98,7 +98,7 @@ mesh_links: ptp: true - name: mesh_bbbvpn - ifname: eth1.198 + ifname: eth2 ipv4: 10.31.130.164/32 # the bbb-vpn setup is ipv4-only for now # ipv6: 2001:bf7:750:4001::5/128 From 3fd578c9773d46337ccd09e96310ce997fa26ced Mon Sep 17 00:00:00 2001 From: Ffhener Date: Mon, 23 Sep 2024 11:58:57 +0200 Subject: [PATCH 055/254] magda: added airos-dfs-reset config --- locations/magda.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/locations/magda.yml b/locations/magda.yml index e9a2ce9b3..fc7ba0ada 100644 --- a/locations/magda.yml +++ b/locations/magda.yml @@ -9,7 +9,6 @@ contacts: - '#ff-site-magda:matrix.org' hosts: - - hostname: magda-core role: corerouter model: "avm_fritzbox-7530" @@ -41,7 +40,6 @@ hosts: model: "ubnt_nanostation-m2_xm" snmp_devices: - - hostname: magda-sama address: 10.31.83.115 snmp_profile: airos_8 @@ -50,6 +48,13 @@ snmp_devices: address: 10.31.83.116 snmp_profile: airos_8 +airos_dfs_reset: + - name: "magda-ost-5ghz" + target: "10.31.83.116" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + ipv6_prefix: "2001:bf7:860::/56" # Mesh: 10.31.83.60/30 From a94f915058f5e795f909b10554ad217f44dfe65d Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 17 Sep 2024 23:00:35 +0200 Subject: [PATCH 056/254] emma: new corerouter, fritzbox again unstable --- locations/emma.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/locations/emma.yml b/locations/emma.yml index ea5a08bae..9c8cae95f 100644 --- a/locations/emma.yml +++ b/locations/emma.yml @@ -9,8 +9,7 @@ community: true hosts: - hostname: emma-core role: corerouter - model: "avm_fritzbox-4040" - wireless_profile: freifunk_default + model: "mikrotik_routerboard-750gr3" snmp_devices: - hostname: emma-switch-no From c71ad2ce3535cefea5a3fad3c4e75d3ec921af03 Mon Sep 17 00:00:00 2001 From: Polynomialdivision Date: Mon, 23 Sep 2024 19:27:04 +0200 Subject: [PATCH 057/254] rigaer78: fix channel assignments Fix a typo. --- locations/rigaer78.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/locations/rigaer78.yml b/locations/rigaer78.yml index 48daaa028..03cfe816a 100644 --- a/locations/rigaer78.yml +++ b/locations/rigaer78.yml @@ -179,8 +179,8 @@ location__channel_assignments_11g_standard__to_merge: rigaer78-west-2ghz: 6-20 # house installation - rigaer78-back-front-4-right: 1-20 - rigaer78-back-front-4-left: 6-20 + rigaer78-front-floor-4-right: 1-20 + rigaer78-front-floor-4-left: 6-20 rigaer78-back-floor-4-right: 1-20 rigaer78-back-floor-4-left: 11-20 @@ -198,8 +198,8 @@ location__channel_assignments_11a_standard__to_merge: rigaer78-west-5ghz: 44-20 # house installation - rigaer78-back-front-4-right: 40-20 - rigaer78-back-front-4-left: 36-20 + rigaer78-front-floor-4-right: 40-20 + rigaer78-front-floor-4-left: 36-20 rigaer78-back-floor-4-right: 40-20 rigaer78-back-floor-4-left: 36-20 From 9f756d1c8c2789403c468f4b385d2b9d1effa8d3 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 24 Sep 2024 23:10:53 +0200 Subject: [PATCH 058/254] muggel: remove OpenSSL, defaults are fine now --- locations/muggel.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/locations/muggel.yml b/locations/muggel.yml index 5925c7e7f..3acfa762f 100644 --- a/locations/muggel.yml +++ b/locations/muggel.yml @@ -80,17 +80,6 @@ networks: location__disabled_services__to_merge: - naywatch -# Use OpenSSL to get OWE Transition Mode working. -# Same variable name as in imageprofile.yml so that we overwrite it. -ssl__packages__to_merge: - - -wpad-basic - - -wpad-basic-mbedtls - - -wpad-basic-wolfssl - - -libustream-mbedtls - - libustream-openssl - - hostapd-openssl - # - px5g-openssl - # Standard open SSID with OWE Transition Mode. # For roaming between multiple APs, consider setting 80211w to optional (1). location__wireless_profiles__to_merge: From 0f47c0e9708395ef4c7a529d27086654128bd627 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 24 Sep 2024 23:11:14 +0200 Subject: [PATCH 059/254] muggel: use USB LTE modem for uplink --- locations/muggel.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/locations/muggel.yml b/locations/muggel.yml index 3acfa762f..2f580400a 100644 --- a/locations/muggel.yml +++ b/locations/muggel.yml @@ -27,6 +27,9 @@ hosts: - hostname: muggel-core role: corerouter model: avm_fritzbox-4040 + host__packages__to_merge: + - kmod-usb-net-cdc-ether + - usb-modeswitch wireless_profile: muggel networks: @@ -62,6 +65,7 @@ networks: # We get at best ~25 Mbps over LTE (Telefonica O2) - vid: 50 untagged: true + ifname: eth1 role: uplink - role: tunnel From 497625a2d3dfd11397ec4cb0eeeef7e0e04c547a Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Mon, 23 Sep 2024 20:23:23 +0000 Subject: [PATCH 060/254] workflows: fix handling file patterns; add channel assignment duplicates --- .github/checks/check-duplicates.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/checks/check-duplicates.sh b/.github/checks/check-duplicates.sh index 66f57fca9..3c00edccc 100755 --- a/.github/checks/check-duplicates.sh +++ b/.github/checks/check-duplicates.sh @@ -13,16 +13,17 @@ check_duplicates() { local file_pattern="$3" # Expand the file pattern to a list of files - files=$(ls "$file_pattern" 2>/dev/null) + # shellcheck disable=SC2206 + files=($file_pattern) # Check if any files match the pattern - if [ -z "$files" ]; then + if [ ${#files[@]} -eq 0 ]; then echo "No files matching pattern $file_pattern" return fi # Run the yq command with the expanded list of files - duplicates=$(yq "$yq_query" "$files" | grep -v -- '---' | tr '[:upper:]' '[:lower:]' | sed 's/["'\'']//g' | sort | uniq -cd) + duplicates=$(yq "$yq_query" "${files[@]}" | grep -v -- '---' | tr '[:upper:]' '[:lower:]' | sed 's/["'\'']//g' | sort | uniq -cd) if [ -n "$duplicates" ]; then echo "Duplicate $description found:" echo "$duplicates" @@ -51,6 +52,11 @@ check_duplicates 'select(.ipv6_prefix != null) | .ipv6_prefix' "ipv6_prefixes" " # Check for ipv4_prefix duplicates within networks check_duplicates 'select(.networks != null) | .networks[] | select(.prefix != null) | .prefix' "prefix within networks" "$location_files" +# Check for duplicate hosts within 11a channel assignments +check_duplicates 'select(.location__channel_assignments_11a_standard__to_merge != null) | .location__channel_assignments_11a_standard__to_merge | keys[]' "hosts within 11a channel assignments" "$location_files" + +# Check for duplicate hosts within 11g channel assignments +check_duplicates 'select(.location__channel_assignments_11g_standard__to_merge != null) | .location__channel_assignments_11g_standard__to_merge | keys[]' "hosts within 11g channel assignments" "$location_files" # Check for duplicates within a single location for file in $location_files; do @@ -61,6 +67,7 @@ for file in $location_files; do # Check for name duplicates within networks check_duplicates 'select(.networks != null) | .networks[] | select(.name != null) | .name' "name within networks" "$file" + done # Exit with a non-zero status code if any errors were found From 5c5a83bc38626cefa0da80cd0a22421bbc92bc00 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Fri, 20 Sep 2024 02:25:51 +0200 Subject: [PATCH 061/254] tunspace: private key is now always ephemeral --- roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 b/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 index 0fc738d1c..f8422d092 100644 --- a/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 +++ b/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 @@ -16,7 +16,6 @@ config wg-interface option ipv4 "{{ tunnel['prefix'] }}" option mtu {{ tunnel['mtu'] }} option port {{ tunnel['wireguard_port'] }} - option keyfile "/etc/tunspace/{{ tunnel['ifname'] }}.key" option disabled 0 {% endfor %} From 2f12cac7ebf6e16c623f2c07c0134e7ef694a38b Mon Sep 17 00:00:00 2001 From: Packet Please Date: Fri, 20 Sep 2024 02:27:04 +0200 Subject: [PATCH 062/254] tunspace: support for direct uplink interface usage --- roles/cfg_openwrt/templates/common/config/network.j2 | 4 ++-- roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/cfg_openwrt/templates/common/config/network.j2 b/roles/cfg_openwrt/templates/common/config/network.j2 index 4596e834d..8491f8b4c 100644 --- a/roles/cfg_openwrt/templates/common/config/network.j2 +++ b/roles/cfg_openwrt/templates/common/config/network.j2 @@ -54,14 +54,14 @@ config interface 'loopback' {% set port = int_port + ('' if untagged else '.' + vid) %} {% endif %} {% set bridge_name = 'br-' + name %} - {% set bridge_needed = name in wifi_networks or network.get('mesh_ap') == inventory_hostname or (role == 'corerouter' and 'tunnel_wan_ip' in network) or (role == 'corerouter' and network['role'] == 'uplink') %} + {% set bridge_needed = name in wifi_networks or network.get('mesh_ap') == inventory_hostname or (role == 'corerouter' and 'tunnel_wan_ip' in network) or (role == 'corerouter' and network['role'] == 'uplink' and network.get('uplink_mode') != 'direct') %} {% set port_needed = not (role == 'corerouter' and network.get('mesh_ap') == inventory_hostname) %} {%- if (role == 'corerouter' and network['role'] == 'mesh') or ('assignments' in network and inventory_hostname in network['assignments']) or name in wifi_networks or network.get('mesh_ap') == inventory_hostname or (role == 'corerouter' and 'tunnel_wan_ip' in network) - or (role == 'corerouter' and network['role'] == 'uplink') + or (role == 'corerouter' and network['role'] == 'uplink' and network.get('uplink_mode') != 'direct') %} config interface '{{ name }}' {% if port_needed %} diff --git a/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 b/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 index f8422d092..0a6547b0b 100644 --- a/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 +++ b/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 @@ -1,10 +1,13 @@ #jinja2: trim_blocks: "true", lstrip_blocks: "true" {% for uplink in networks | selectattr('role', 'equalto', 'uplink') %} {% set name = uplink['name'] if 'name' in uplink else 'uplink' %} + {% set mode = uplink['uplink_mode'] if 'uplink_mode' in uplink else 'bridge' %} + {% set ifname = uplink['ifname'] if mode == 'direct' else 'br-'+name %} config tunspace "tunspace" option uplink_netns "{{ name }}" - option uplink_ifname "br-{{ name }}" + option uplink_ifname "{{ ifname }}" + option uplink_mode "{{ mode }}" option maintenance_interval 60 option debug 1 {% endfor %} From 004d5756b0bf2e36b6a0182586221828d64018a8 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Fri, 20 Sep 2024 02:25:08 +0200 Subject: [PATCH 063/254] cleanup: remove old tunnelmanager things --- group_vars/all/general.yml | 2 -- .../templates/common/config/network.j2 | 3 +-- .../corerouter/config/tunnelmanager.j2 | 21 ------------------- .../nftables.d/20-wg-maxseg-size.nft.j2 | 14 ------------- 4 files changed, 1 insertion(+), 39 deletions(-) delete mode 100644 roles/cfg_openwrt/templates/corerouter/config/tunnelmanager.j2 diff --git a/group_vars/all/general.yml b/group_vars/all/general.yml index 1262fca4b..c202250a9 100644 --- a/group_vars/all/general.yml +++ b/group_vars/all/general.yml @@ -29,8 +29,6 @@ sysupgrade_preserve_custom_files: - /etc/uhttpd.key - /etc/dropbear/dropbear_rsa_host_key - /etc/dropbear/dropbear_ed25519_host_key - - /etc/wireguard/wg.pub - - /etc/wireguard/wg.key - /root/ image_search_pattern: "*-sysupgrade.*" diff --git a/roles/cfg_openwrt/templates/common/config/network.j2 b/roles/cfg_openwrt/templates/common/config/network.j2 index 8491f8b4c..074b19d3c 100644 --- a/roles/cfg_openwrt/templates/common/config/network.j2 +++ b/roles/cfg_openwrt/templates/common/config/network.j2 @@ -54,13 +54,12 @@ config interface 'loopback' {% set port = int_port + ('' if untagged else '.' + vid) %} {% endif %} {% set bridge_name = 'br-' + name %} - {% set bridge_needed = name in wifi_networks or network.get('mesh_ap') == inventory_hostname or (role == 'corerouter' and 'tunnel_wan_ip' in network) or (role == 'corerouter' and network['role'] == 'uplink' and network.get('uplink_mode') != 'direct') %} + {% set bridge_needed = name in wifi_networks or network.get('mesh_ap') == inventory_hostname or (role == 'corerouter' and network['role'] == 'uplink' and network.get('uplink_mode') != 'direct') %} {% set port_needed = not (role == 'corerouter' and network.get('mesh_ap') == inventory_hostname) %} {%- if (role == 'corerouter' and network['role'] == 'mesh') or ('assignments' in network and inventory_hostname in network['assignments']) or name in wifi_networks or network.get('mesh_ap') == inventory_hostname - or (role == 'corerouter' and 'tunnel_wan_ip' in network) or (role == 'corerouter' and network['role'] == 'uplink' and network.get('uplink_mode') != 'direct') %} config interface '{{ name }}' diff --git a/roles/cfg_openwrt/templates/corerouter/config/tunnelmanager.j2 b/roles/cfg_openwrt/templates/corerouter/config/tunnelmanager.j2 deleted file mode 100644 index 13ab50791..000000000 --- a/roles/cfg_openwrt/templates/corerouter/config/tunnelmanager.j2 +++ /dev/null @@ -1,21 +0,0 @@ -#jinja2: trim_blocks: "true", lstrip_blocks: "true" -{% for network in networks | selectattr('tunnel_wan_ip', 'defined') %} - {% set name = network['name'] if 'name' in network else network['role'] %} - {% set bridge_name = 'br-' + name %} -config tunnelmanager '{{ name }}' - option interface '{{ (bridge_name if bridge_name | length <= 15) | mandatory('The generated inteface name exceeds the 15 characters limit of the linux kernel. Try to shorten the name to resolve this.') }}' - option namespace '{{ network['tunnel_namespace']|default(name) }}' - option mtu '{{ network['tunnel_mtu']|default(1280) }}' - option uplink_ip '{{ network['tunnel_wan_ip'] }}' - option uplink_gateway '{{ network['tunnel_wan_gw'] }}' - option tunnel_count '{{ network['tunnel_connections']|default(2) }}' - option tunnel_timeout '{{ network['tunnel_timeout']|default(160) }}' - option check_interval '{{ network['tunnel_check_interval']|default(30) }}' - option up_script '{{ network['tunnel_up_script']|default('/usr/share/tunnelman/up.sh') }}' - option up_script_args '{{ network['tunnel_up_script_args']|default(network['tunnel_mesh_prefix_ipv4']) }} 12800 0.4' - option down_script '{{ network['tunnel_down_script']|default('/usr/share/tunnelman/down.sh') }}' - {% for gateway in groups['role_gateway'] | sort %} - # {{ gateway }} - list tunnel_endpoints '{{ hostvars[gateway]['uplink']['ipv4'] | ansible.utils.ipaddr('address') }}' - {% endfor %} -{% endfor %} diff --git a/roles/cfg_openwrt/templates/corerouter/nftables.d/20-wg-maxseg-size.nft.j2 b/roles/cfg_openwrt/templates/corerouter/nftables.d/20-wg-maxseg-size.nft.j2 index b497ac9ee..a7a0ab38f 100644 --- a/roles/cfg_openwrt/templates/corerouter/nftables.d/20-wg-maxseg-size.nft.j2 +++ b/roles/cfg_openwrt/templates/corerouter/nftables.d/20-wg-maxseg-size.nft.j2 @@ -1,17 +1,3 @@ -{% if (networks | selectattr('tunnel_wan_ip', 'defined') | count > 0) %} -{% set TCP_HEADER_SIZE = 20 %} -{% set IPV4_HEADER_SIZE = 20 %} -{% set IPV6_HEADER_SIZE = 40 %} -{% set min_mtu = ([1280] + (networks | selectattr('tunnel_mtu', 'defined') | map(attribute='tunnel_mtu') | list)) | min | int %} -{% set ipv4_mss = min_mtu - TCP_HEADER_SIZE - IPV4_HEADER_SIZE %} -{% set ipv6_mss = min_mtu - TCP_HEADER_SIZE - IPV6_HEADER_SIZE %} -chain wg_maxseg { - type filter hook forward priority -1; policy accept; - oifname "wg_*" tcp flags syn tcp option maxseg size set meta nfproto map { ipv4 : {{ ipv4_mss }}, ipv6 : {{ ipv6_mss }} } - iifname "wg_*" tcp flags syn tcp option maxseg size set meta nfproto map { ipv4 : {{ ipv4_mss }}, ipv6 : {{ ipv6_mss }} } -} -{% endif %} - {% if (networks | selectattr('role', 'equalto', 'tunnel') | count > 0) %} {% set TCP_HEADER_SIZE = 20 %} {% set IPV4_HEADER_SIZE = 20 %} From 83baf178a8f3623c82f584b25fe703236347aaa0 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Mon, 23 Sep 2024 14:06:16 +0000 Subject: [PATCH 064/254] model: add GL.iNet Beryl AX (GL-MT3000) --- group_vars/model_glinet_gl_mt3000.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 group_vars/model_glinet_gl_mt3000.yml diff --git a/group_vars/model_glinet_gl_mt3000.yml b/group_vars/model_glinet_gl_mt3000.yml new file mode 100644 index 000000000..c4cb4cde8 --- /dev/null +++ b/group_vars/model_glinet_gl_mt3000.yml @@ -0,0 +1,20 @@ +--- +target: "mediatek/filogic" +brand_nice: GL.iNet +model_nice: GL-MT3000 (Beryl AX) + +dsa_ports: + - lan + - wan + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: HE + path: platform/18000000.wifi+1 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HE + path: platform/18000000.wifi + ifname_hint: wlan2 From 39cb7b035b0e80b2306787a4ce9d0390892b9384 Mon Sep 17 00:00:00 2001 From: Tom Jannek Date: Sat, 28 Sep 2024 11:22:42 +0200 Subject: [PATCH 065/254] fiocchi, gigli, girandole: Add real mac adr --- locations/hacrafu-fiocchi.yml | 7 ++++--- locations/hacrafu-gigli.yml | 1 + locations/hacrafu-girandole.yml | 1 + 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/locations/hacrafu-fiocchi.yml b/locations/hacrafu-fiocchi.yml index c363f6e8f..e52de35a7 100644 --- a/locations/hacrafu-fiocchi.yml +++ b/locations/hacrafu-fiocchi.yml @@ -4,16 +4,17 @@ location: hacrafu-fiocchi location_nice: Apothekerteich, Petershagen, Mittelstraße latitude: 52.52320 longitude: 13.77234 -contact_name: 'Hacken Craften Funken e.V.' -contact_nickname: 'HaCraFu' +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu" contacts: - - 'freifunk@hacrafu.de' + - "freifunk@hacrafu.de" hosts: - hostname: hacrafu-fiocchi-core role: corerouter model: "dlink_covr-x1860-a1" wireless_profile: freifunk_hacrafu + mac_override: {eth0: a8:63:7d:dc:5b:5f} ipv6_prefix: "2001:bf7:850:b00::/56" # dhcp 10.31.204.0/27 diff --git a/locations/hacrafu-gigli.yml b/locations/hacrafu-gigli.yml index 52d871965..95ad03641 100644 --- a/locations/hacrafu-gigli.yml +++ b/locations/hacrafu-gigli.yml @@ -15,6 +15,7 @@ hosts: role: corerouter model: "dlink_covr-x1860-a1" wireless_profile: freifunk_hacrafu + mac_override: {eth0: a8:63:7d:dc:5b:66} ipv6_prefix: "2001:bf7:850:1600::/56" # dhcp 10.248.3.224/27 diff --git a/locations/hacrafu-girandole.yml b/locations/hacrafu-girandole.yml index 7609f0b88..0297af880 100644 --- a/locations/hacrafu-girandole.yml +++ b/locations/hacrafu-girandole.yml @@ -15,6 +15,7 @@ hosts: role: corerouter model: "dlink_covr-x1860-a1" wireless_profile: freifunk_hacrafu + mac_override: {eth0: a8:63:7d:dc:5b:6d} ipv6_prefix: "2001:bf7:850:1700::/56" # dhcp 10.248.4.128/27 From 2fd263bddfcbb8a38f18fe1340796d3b78fdc5aa Mon Sep 17 00:00:00 2001 From: Tom Jannek Date: Sat, 28 Sep 2024 14:00:06 +0200 Subject: [PATCH 066/254] hacrafu-gobbetti: init location --- locations/hacrafu-gobbetti.yml | 74 ++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 locations/hacrafu-gobbetti.yml diff --git a/locations/hacrafu-gobbetti.yml b/locations/hacrafu-gobbetti.yml new file mode 100644 index 000000000..732165697 --- /dev/null +++ b/locations/hacrafu-gobbetti.yml @@ -0,0 +1,74 @@ +--- + +location: hacrafu-gobbetti +location_nice: Feldstr. 27, 15345 Eggersdorf +latitude: 52.53614 +longitude: 13.81647 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu" +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-gobbetti-core + role: corerouter + model: "glinet_gl-mt3000" + wireless_profile: freifunk_hacrafu + +ipv6_prefix: "2001:bf7:850:1c00::/56" +# dhcp 10.248.17.96/27 +# mesh5 10.31.184.3 +# mesh2 10.31.184.4 +# MGMT 10.31.184.5 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.184.3/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-gobbetti-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.184.4/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-gobbetti-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.248.17.96/27 + ipv6_subprefix: 0 + assignments: + hacrafu-gobbetti-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.184.5/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-gobbetti-core: 1 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de From ce3a0296ed38abed8290cc396794209a39e1360f Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 29 Sep 2024 09:33:23 +0000 Subject: [PATCH 067/254] workflows: sanity check for interface names --- .github/checks/check-interface-names.sh | 47 +++++++++++++++++++++ .github/workflows/check-interface-names.yml | 33 +++++++++++++++ 2 files changed, 80 insertions(+) create mode 100755 .github/checks/check-interface-names.sh create mode 100644 .github/workflows/check-interface-names.yml diff --git a/.github/checks/check-interface-names.sh b/.github/checks/check-interface-names.sh new file mode 100755 index 000000000..d64d4f480 --- /dev/null +++ b/.github/checks/check-interface-names.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +# Locations pattern +location_files="locations/*.yml" + +# Initialize a variable to track if any errors are found +error_found=0 + +# Function to check for errors in interface names +check() { + local yq_query="$1" + local file_pattern="$2" + + # Expand the file pattern to a list of files + # shellcheck disable=SC2206 + files=($file_pattern) + + # Check if any files match the pattern + if [ ${#files[@]} -eq 0 ]; then + echo "No files matching pattern $file_pattern" + return + fi + + # Run the yq command with the expanded list of files + ifnames=$(yq "$yq_query" "${files[@]}" | grep -v -- '---' | sed 's/["'\'']//g' | sort | uniq) + + # Iterate over each interface name and check if it matches the allowed pattern + for ifname in $ifnames; do + if [[ ! "$ifname" =~ ^[a-z0-9_]+$ ]]; then + echo "Error: Interface name does not match allowed pattern [0-9a-z_]: $ifname" + error_found=1 + fi + done +} + +# Check for issues across locations +echo "Checking $location_files" + +# Check for interface name issues +check 'select(.networks != null) | .networks[] | select(.name != null) | .name' "$location_files" + +# Exit with a non-zero status code if any errors were found +if [ "$error_found" -eq 1 ]; then + exit 1 +else + echo "No errors found" +fi diff --git a/.github/workflows/check-interface-names.yml b/.github/workflows/check-interface-names.yml new file mode 100644 index 000000000..b9ee2ee1a --- /dev/null +++ b/.github/workflows/check-interface-names.yml @@ -0,0 +1,33 @@ +--- +name: Check interface names + +on: [push, pull_request] # yamllint disable-line rule:truthy + +jobs: + check-interface-names: + runs-on: ubuntu-latest + steps: + - name: Checkout branch + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + # Get a list of changed files and pass them to the script + - name: Get Changed Files and Run interface name check + run: | + # Fetch previous commits for comparison + git fetch origin main + + # Get list of changed files compared to main branch + changed_files=$(git diff --name-only origin/main) + + # Filter out only the location files from the list of changed files + location_files=$(echo "$changed_files" | grep -E '^locations/.*\.yml$' || true) + + if [ -z "$location_files" ]; then + echo "No location files changed, skipping check." + exit 0 + fi + + # Run the interface name check script with the filtered location files + ./.github/checks/check-interface-names.sh "$location_files" From 2776a5280a039f09a36fb3d92659822f1a09349d Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Wed, 2 Oct 2024 14:27:14 +0200 Subject: [PATCH 068/254] gub37: Format yaml according to Zed preferences Signed-off-by: Robert Foss --- locations/gub37.yml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/locations/gub37.yml b/locations/gub37.yml index a58b58fca..62ec780ad 100644 --- a/locations/gub37.yml +++ b/locations/gub37.yml @@ -4,9 +4,9 @@ location_nice: gub37 latitude: 52.51026648385623 longitude: 13.45044163873424 altitude: 54 -contact_nickname: 'robertfoss' +contact_nickname: "robertfoss" contacts: - - 'me@robertfoss.se' + - "me@robertfoss.se" hosts: - hostname: gub37-core @@ -38,7 +38,6 @@ snmp_devices: address: 10.31.157.12 snmp_profile: airos_8 - # IPv4 10.31.157.0/25 # IPv6 2001:bf7:830:a700::/56 @@ -52,7 +51,7 @@ networks: prefix: 10.31.157.97/32 ipv6_subprefix: -10 ptp: true - mesh_metric_lqm: ['default 0.85'] + mesh_metric_lqm: ["default 0.85"] - vid: 11 role: mesh @@ -67,7 +66,7 @@ networks: prefix: 10.31.157.99/32 ipv6_subprefix: -12 ptp: true - mesh_metric_lqm: ['default 0.90'] + mesh_metric_lqm: ["default 0.90"] - vid: 20 role: mesh @@ -77,7 +76,7 @@ networks: mesh_ap: gub37-core mesh_radio: 11g_standard mesh_iface: mesh - mesh_metric_lqm: ['default 0.3'] + mesh_metric_lqm: ["default 0.3"] - vid: 21 role: mesh @@ -87,7 +86,7 @@ networks: mesh_ap: gub37-core mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric_lqm: ['default 0.3'] + mesh_metric_lqm: ["default 0.3"] - vid: 22 role: mesh @@ -97,7 +96,7 @@ networks: mesh_ap: gub37-hof-s mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric_lqm: ['default 0.3'] + mesh_metric_lqm: ["default 0.3"] - vid: 23 role: mesh @@ -107,7 +106,7 @@ networks: mesh_ap: gub37-hof-w mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric_lqm: ['default 0.3'] + mesh_metric_lqm: ["default 0.3"] # 10.31.157.64/27 - vid: 40 @@ -137,7 +136,6 @@ networks: gub37-emma: 11 gub37-sama: 12 - location__channel_assignments_11a_standard__to_merge: gub37-hof-s: 36-80-11 gub37-hof-w: 36-80-8 From 9d355a0bae851900177fd56a8705487748647b5f Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Wed, 2 Oct 2024 14:28:17 +0200 Subject: [PATCH 069/254] gub37: Update contact info Signed-off-by: Robert Foss --- locations/gub37.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/gub37.yml b/locations/gub37.yml index 62ec780ad..16cf5d7ed 100644 --- a/locations/gub37.yml +++ b/locations/gub37.yml @@ -6,7 +6,7 @@ longitude: 13.45044163873424 altitude: 54 contact_nickname: "robertfoss" contacts: - - "me@robertfoss.se" + - "@robertfoss-:matrix.org" hosts: - hostname: gub37-core From 01524eeef325f6ea9feb608e776fd0db3455fd44 Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Wed, 2 Oct 2024 15:08:34 +0200 Subject: [PATCH 070/254] gub37: Rework IPv4 subnet partitioning Signed-off-by: Robert Foss --- locations/gub37.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/locations/gub37.yml b/locations/gub37.yml index 16cf5d7ed..b72b78f90 100644 --- a/locations/gub37.yml +++ b/locations/gub37.yml @@ -38,12 +38,18 @@ snmp_devices: address: 10.31.157.12 snmp_profile: airos_8 +# IPs # IPv4 10.31.157.0/25 # IPv6 2001:bf7:830:a700::/56 - ipv6_prefix: "2001:bf7:830:a700::/56" -# 10.31.157.96/27 +# IPv4 Subnets +# mgmt: 10.31.157.0/28 +# dhcp - freifunk: 10.31.157.16/27 +# dhcp - local public: 10.31.157.32/27 +# dhcp - local private: 10.31.157.64/27 +# mesh: 10.31.157.96/27 + networks: - vid: 10 role: mesh @@ -108,12 +114,11 @@ networks: mesh_iface: mesh mesh_metric_lqm: ["default 0.3"] - # 10.31.157.64/27 - vid: 40 role: dhcp inbound_filtering: true enforce_client_isolation: true - prefix: 10.31.157.64/27 + prefix: 10.31.157.16/27 ipv6_subprefix: -40 assignments: gub37-core: 1 @@ -121,7 +126,7 @@ networks: # 10.31.157.0/26 - vid: 433 role: mgmt - prefix: 10.31.157.0/26 + prefix: 10.31.157.0/28 gateway: 1 dns: 1 ipv6_subprefix: 0 From d27124847aff83d2c33f6d2a4df1c0c66c762fd8 Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Wed, 2 Oct 2024 15:09:28 +0200 Subject: [PATCH 071/254] gub37: Create local dhcp networks Signed-off-by: Robert Foss --- locations/gub37.yml | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/locations/gub37.yml b/locations/gub37.yml index b72b78f90..49d733690 100644 --- a/locations/gub37.yml +++ b/locations/gub37.yml @@ -123,7 +123,29 @@ networks: assignments: gub37-core: 1 - # 10.31.157.0/26 + # DHCP - local public + # - Publicly accessible through IPv6 but not IPv4 + - vid: 50 + role: dhcp + name: local_public + prefix: 10.31.157.32/27 + ipv6_subprefix: -50 + assignments: + gub37-core: 1 + + # DHCP - local private + # - Not publicly accessible through IPv4 or IPv6 + - vid: 51 + role: dhcp + name: local_private + inbound_filtering: true + prefix: 10.31.157.64/27 + ipv6_subprefix: -51 + assignments: + gub37-core: 1 + gub37-switch: 2 + gub37-nas: 3 + - vid: 433 role: mgmt prefix: 10.31.157.0/28 From 1f72e1eb075685306b6fb21d7f293f9ac535569f Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Wed, 2 Oct 2024 15:10:04 +0200 Subject: [PATCH 072/254] gub37: Clean up mgmt IPv4 addresses Signed-off-by: Robert Foss --- locations/gub37.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/locations/gub37.yml b/locations/gub37.yml index 49d733690..1aa8a472f 100644 --- a/locations/gub37.yml +++ b/locations/gub37.yml @@ -153,12 +153,15 @@ networks: dns: 1 ipv6_subprefix: 0 assignments: + # Core infrastructure gub37-core: 1 - gub37-switch: 2 + gub37-switch-roof: 2 + # Local APs gub37-hof-s: 5 gub37-hof-w: 6 + # Uplinks gub37-zwingli: 10 gub37-emma: 11 gub37-sama: 12 From c8f28ec3975e147c864c3c903e411fe1c5e4611c Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Wed, 2 Oct 2024 16:01:48 +0200 Subject: [PATCH 073/254] gateway: Add inbound_allow for gub37 local public subnet Signed-off-by: Robert Foss --- group_vars/role_gateway/general.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/role_gateway/general.yml b/group_vars/role_gateway/general.yml index 9f7f53910..af0227a78 100644 --- a/group_vars/role_gateway/general.yml +++ b/group_vars/role_gateway/general.yml @@ -100,6 +100,8 @@ inbound_allow: dst: 2001:bf7:750:5b00::/128 - name: 'radbahn mt76 testing' dst: 2001:bf7:830:c000::/56 + - name: 'gub37-core local public network' + dst: 2001:bf7:830:a7ce::1/64 # - name: Rule Description (mandatory) # dst: Destination IP (mandatory) # src: Source IP From 5a61789884178b603e8f96924aecf24140001f86 Mon Sep 17 00:00:00 2001 From: noxil Date: Wed, 2 Oct 2024 23:25:28 +0200 Subject: [PATCH 074/254] newyorck: make uplink v50 untagged --- locations/newyorck.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/locations/newyorck.yml b/locations/newyorck.yml index 7bc681ac7..b0039938c 100644 --- a/locations/newyorck.yml +++ b/locations/newyorck.yml @@ -106,6 +106,7 @@ networks: - vid: 50 role: uplink + untagged: true - role: tunnel ifname: ts_wg0 From b9396eb927e68edfe334c3f9a8b7f4749446d428 Mon Sep 17 00:00:00 2001 From: Nicolas Berens Date: Sat, 7 Sep 2024 15:40:19 +0200 Subject: [PATCH 075/254] c-base: init location Initial configuration after night session on 02. October 2024 at c-base. This commit is brought to you by - rtznprmpftl - Noki - akira spending the whole night fixing just for you. <3 --- locations/c-base.yml | 109 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 locations/c-base.yml diff --git a/locations/c-base.yml b/locations/c-base.yml new file mode 100644 index 000000000..ef81438fe --- /dev/null +++ b/locations/c-base.yml @@ -0,0 +1,109 @@ +--- +location: c-base +location_nice: "Rungestraße 20, 10179 Berlin" +latitude: 52.512865 +longitude: 13.42017 +altitude: 35 +contacts: + - "#freifunk-site-cbase:matrix.riotcat.org" + +hosts: + - hostname: c-base-core + role: corerouter + model: "avm_fritzbox-7530" + wireless_profile: freifunk_default + + - hostname: c-base-nf-1 + role: ap + model: "mikrotik_sxtsq-5-ac" + mac_override: + eth0: dc:2c:6e:ca:32:d8 + + - hostname: c-base-nf-2 + role: ap + model: "mikrotik_sxtsq-5-ac" + mac_override: + eth0: dc:2c:6e:c4:36:57 + +snmp_devices: + - hostname: c-base-switch + address: 10.31.134.98 + snmp_profile: edgeswitch + + - hostname: c-base-mesh-ssw + address: 10.31.134.101 + snmp_profile: airos_8 + +airos_dfs_reset: + - name: "c-base-mesh-ssw" + target: "10.31.134.101" + username: "ubnt" + password: "/root/pwd" + daytime_limit: "2-7" + +ipv6_prefix: "2001:bf7:760:4800::/56" + +# reservierte IPs +# 10.31.136.0/24 DHCP +# 10.31.134.96/28 MGMT +# 10.31.134.112/28 Mesh + +networks: + - vid: 4 + role: uplink + + - vid: 11 + role: mesh + name: mesh_ssw + prefix: 10.31.134.112/32 + ipv6_subprefix: -11 + + - vid: 20 + role: mesh + name: mesh_nf1 + prefix: 10.31.134.113/32 + ipv6_subprefix: -20 + + - vid: 21 + role: mesh + name: mesh_nf2 + prefix: 10.31.134.114/32 + ipv6_subprefix: -21 + + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.136.0/24 + ipv6_subprefix: 0 + assignments: + c-base-core: 1 + + - vid: 42 + role: mgmt + prefix: 10.31.134.96/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + c-base-core: 1 + c-base-switch: 2 + c-base-nf-1: 3 + c-base-nf-2: 4 + c-base-mesh-ssw: 5 + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.31.134.115/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.31.134.116/32 + wireguard_port: 51821 + +location__ssh_keys__to_merge: + - comment: charly + key: ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFndetEGRuYzJV7fwNFlf1r498La1CIHpgLSbsfmqzlI8beLyB28o/ewMH4wY+sHO7cYWzsWAyRA0TXBu7ULC9Oq/pbNyI8FEQjW25j1Bbx4XRx8uqcS2qO9bc65fMWlwQ== From c1c1342ea9d43dcae72e189436947cd2f5a6ffc8 Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Thu, 3 Oct 2024 00:31:56 +0200 Subject: [PATCH 076/254] gub37: Fix DHCP IPv4 subnet Signed-off-by: Robert Foss --- locations/gub37.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/locations/gub37.yml b/locations/gub37.yml index 1aa8a472f..ece0f6ce3 100644 --- a/locations/gub37.yml +++ b/locations/gub37.yml @@ -45,7 +45,7 @@ ipv6_prefix: "2001:bf7:830:a700::/56" # IPv4 Subnets # mgmt: 10.31.157.0/28 -# dhcp - freifunk: 10.31.157.16/27 +# dhcp - freifunk: 10.31.157.16/28 # dhcp - local public: 10.31.157.32/27 # dhcp - local private: 10.31.157.64/27 # mesh: 10.31.157.96/27 @@ -114,11 +114,12 @@ networks: mesh_iface: mesh mesh_metric_lqm: ["default 0.3"] +# DHCP - freifunk - vid: 40 role: dhcp inbound_filtering: true enforce_client_isolation: true - prefix: 10.31.157.16/27 + prefix: 10.31.157.16/28 ipv6_subprefix: -40 assignments: gub37-core: 1 From ea7bb9859e234cd08e93b55f30360cdcde248022 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Mon, 7 Oct 2024 06:56:53 +0000 Subject: [PATCH 077/254] scripts: improve mass-update script --- mass-update.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/mass-update.sh b/mass-update.sh index 327638ade..38bda61dd 100755 --- a/mass-update.sh +++ b/mass-update.sh @@ -84,11 +84,9 @@ for FILE_PATH in $SORTED_FILES; do echo "Waiting for $HOSTNAME to become unreachable..." while ping -c 1 "$HOSTNAME" >/dev/null 2>&1; do sleep 1; done - # Wait for 20 seconds before checking hostname reachability again - sleep 20 - - # Debug output: Waiting for hostname to become reachable again + # Wait 20 seconds and than wait for hostname to become reachable again echo "Waiting for $HOSTNAME to become reachable again..." + sleep 20 while ! ping -c 1 "$HOSTNAME" >/dev/null 2>&1; do sleep 1; done # Remove local files @@ -114,4 +112,3 @@ done # Horizontal line to separate iterations echo "----------------------------------------" echo "Finished" - From 1bd6db1b337025f7ff74370bded4a5117f289b2c Mon Sep 17 00:00:00 2001 From: Perry Melange Date: Sat, 28 Sep 2024 09:55:14 +0200 Subject: [PATCH 078/254] add cralle-west-nf Signed-off-by: Perry Melange --- locations/cralle.yml | 53 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 7 deletions(-) diff --git a/locations/cralle.yml b/locations/cralle.yml index c182b1f7f..ec2d1df0a 100644 --- a/locations/cralle.yml +++ b/locations/cralle.yml @@ -13,18 +13,23 @@ hosts: role: corerouter model: "avm_fritzbox-4040" wireless_profile: freifunk_default + - hostname: cralle-west-nf + role: ap + model: mikrotik_sxtsq-5-ac + wireless_profile: freifunk_default + mac_override: {eth0: dc:11:22:11:22:11} # 10.31.113.92/30 - mgmt -# 10.31.113.88/30 - mesh -# 10.31.245.96/27 - dhcp +# 10.31.113.88/30 10.31.184.7/32 - mesh +# 10.248.18.0/25 - dhcp -ipv6_prefix: "2001:bf7:750:6000::/56" +ipv6_prefix: "2001:bf7:750:7100::/56" networks: - vid: 40 role: dhcp name: dhcp - prefix: 10.31.245.96/25 + prefix: 10.248.18.0/25 ipv6_subprefix: 40 inbound_filtering: true enforce_client_isolation: true @@ -33,31 +38,65 @@ networks: - vid: 42 role: mgmt - prefix: 10.31.113.92/29 + prefix: 10.31.113.92/30 gateway: 1 dns: 1 ipv6_subprefix: 1 assignments: cralle-core: 1 + cralle-west-nf: 2 - vid: 50 role: uplink untagged: true + - vid: 20 + role: mesh + name: mesh_5ghz + prefix: 10.31.113.88/32 + ipv6_subprefix: -1 + mesh_ap: cralle-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2ghz + prefix: 10.31.113.89/32 + ipv6_subprefix: -2 + # make mesh_metric(s) for 2GHz worse than 5GHz + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.8'] + mesh_ap: cralle-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # MESH - 5 GHz 802.11s west nf + - vid: 22 + role: mesh + name: mesh5_w_nf + prefix: 10.31.113.90/32 + ipv6_subprefix: -3 + mesh_ap: cralle-west-nf + mesh_radio: 11a_standard + mesh_iface: mesh + - role: tunnel ifname: ts_wg0 mtu: 1280 - prefix: 10.31.113.88/32 + prefix: 10.31.113.91/32 wireguard_port: 51820 - role: tunnel ifname: ts_wg1 mtu: 1280 - prefix: 10.31.113.89/32 + prefix: 10.31.184.7/32 wireguard_port: 51821 location__channel_assignments_11a_standard__to_merge: cralle-core: 36-20 + cralle-west-nf: 44-20 location__channel_assignments_11g_standard__to_merge: cralle-core: 13-20 From d9064391b994ede8323cfed921af331fa39f48b3 Mon Sep 17 00:00:00 2001 From: Ffhener Date: Tue, 1 Oct 2024 15:29:49 +0200 Subject: [PATCH 079/254] wikiupdater: fix building of variable --- roles/cfg_openwrt/tasks/wikiupdater.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/tasks/wikiupdater.yml b/roles/cfg_openwrt/tasks/wikiupdater.yml index 40d5881ca..7603ce25a 100644 --- a/roles/cfg_openwrt/tasks/wikiupdater.yml +++ b/roles/cfg_openwrt/tasks/wikiupdater.yml @@ -12,7 +12,7 @@ mode: "644" - name: wikiupdater | Update article - script: ../files/wiki/update.py -l "{{ location }}" --file "{{ wikiupdater_dir }}/{{ group_names[0] | split('_') | last }}.txt" + script: ../files/wiki/update.py -l "{{ location }}" --file "{{ wikiupdater_dir }}/{{ location }}.txt" register: wiki_res changed_when: '"UPDATED" in wiki_res.stdout' args: From f83eb08a0794b513561241d2f39af306d3c29d7a Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Thu, 3 Oct 2024 20:19:53 +0200 Subject: [PATCH 080/254] Refactor some common network config features into libnetwork --- .../templates/common/config/network.j2 | 60 +++++++------------ .../templates/libraries/network.j2 | 59 ++++++++++++++++++ 2 files changed, 79 insertions(+), 40 deletions(-) create mode 100644 roles/cfg_openwrt/templates/libraries/network.j2 diff --git a/roles/cfg_openwrt/templates/common/config/network.j2 b/roles/cfg_openwrt/templates/common/config/network.j2 index 074b19d3c..9b2bede0f 100644 --- a/roles/cfg_openwrt/templates/common/config/network.j2 +++ b/roles/cfg_openwrt/templates/common/config/network.j2 @@ -1,12 +1,10 @@ #jinja2: trim_blocks: "true", lstrip_blocks: "true" -{% set profile = wireless_profiles | selectattr('name', 'equalto', wireless_profile) | list | first %} -{% set wifi_networks = profile | json_query('ifaces[].network') | default([], true) %} - +{% import 'libraries/network.j2' as libnetwork with context %} # Babel inserts into seperate route table, add that to lookup list for IPv6 config rule6 option priority 33000 - option lookup 'babel-src' + option lookup 'babel-src' # IPv4 Soft Migration by priotizing Babel over OLSR config rule @@ -14,15 +12,15 @@ config rule option lookup 'babel-ff' config rule - option priority 33101 - option lookup 'olsr-ff' + option priority 33101 + option lookup 'olsr-ff' config rule option priority 33200 option lookup 'babel-default' config rule - option priority 33201 - option lookup 'olsr-default' + option priority 33201 + option lookup 'olsr-default' config interface 'loopback' option device 'lo' @@ -41,49 +39,31 @@ config interface 'loopback' {% for network in networks | selectattr('vid', 'defined') %} - {% set name = network['name'] if 'name' in network else network['role'] %} - {% set vid = network['vid']|string %} - {% set untagged = network.get('untagged') %} - {% if 'ifname' in network %} - {% set port = network['ifname'] + ('' if untagged else '.' + vid) %} - {% elif dsa_ports is defined %} - {% set port = 'switch0' + '.' + vid %} - {% elif (switch_ports|default(0) > 0) %} - {% set port = int_port + '.' + vid %} - {% else %} - {% set port = int_port + ('' if untagged else '.' + vid) %} - {% endif %} - {% set bridge_name = 'br-' + name %} - {% set bridge_needed = name in wifi_networks or network.get('mesh_ap') == inventory_hostname or (role == 'corerouter' and network['role'] == 'uplink' and network.get('uplink_mode') != 'direct') %} - {% set port_needed = not (role == 'corerouter' and network.get('mesh_ap') == inventory_hostname) %} + {% set name = libnetwork.getUciIfname(network) %} {%- if (role == 'corerouter' and network['role'] == 'mesh') or ('assignments' in network and inventory_hostname in network['assignments']) - or name in wifi_networks + or name in libnetwork.getWirelessNetworks() | from_json or network.get('mesh_ap') == inventory_hostname or (role == 'corerouter' and network['role'] == 'uplink' and network.get('uplink_mode') != 'direct') %} config interface '{{ name }}' - {% if port_needed %} - {% if bridge_needed %} - option device '{{ (bridge_name if bridge_name | length <= 15) | mandatory('The generated inteface name exceeds the 15 characters limit of the linux kernel. Try to shorten the name to resolve this.') }}' - {% else %} - option device '{{ port }}' - {% endif %} + {% if libnetwork.isPortNeeded(network) | from_json %} + option device '{{ libnetwork.getIfname(network) }}' {% endif %} {% if network.get('enforce_client_isolation') and role == 'corerouter' and - not bridge_needed %} + not libnetwork.isBridgeNeeded(network) | from_json %} option macaddr '02:00:00:00:00:01' {% endif %} {% if 'assignments' in network and inventory_hostname in network['assignments'] %} option proto 'static' option ipaddr '{{ network['prefix'] | ansible.utils.ipaddr(network['assignments'][inventory_hostname]) }}' - {% if role != "corerouter" and 'dns' in network %} + {% if role != "corerouter" and 'dns' in network %} option dns '{{ network['prefix'] | ansible.utils.ipaddr(network['dns']) | ansible.utils.ipaddr('address') }}' - {% endif %} - {% if 'gateway' in network and 'assignments' in network and network['assignments'][inventory_hostname] != network['gateway'] %} + {% endif %} + {% if 'gateway' in network and 'assignments' in network and network['assignments'][inventory_hostname] != network['gateway'] %} option gateway '{{ network['prefix'] | ansible.utils.ipaddr(network['gateway']) | ansible.utils.ipaddr('address') }}' - {% endif %} - {% if role != 'corerouter' and 'ipv6_subprefix' in network %} + {% endif %} + {% if role != 'corerouter' and 'ipv6_subprefix' in network %} # IPv6 Address comes via SLAAC and RA. See sysctl, there it is enabled # The reason is to get rid of the userspace daemon @@ -105,14 +85,14 @@ config interface '{{ name }}' {% endif %} {% endif %} - {% if port_needed and bridge_needed %} + {% if libnetwork.isPortNeeded(network) | from_json and libnetwork.isBridgeNeeded(network) | from_json %} config device - option name '{{ (bridge_name if bridge_name | length <= 15) | mandatory('The generated inteface name exceeds the 15 characters limit of the linux kernel. Try to shorten the name to resolve this.') }}' - option type 'bridge' + option name '{{ libnetwork.getBridgeIfname(network) }}' + option type 'bridge' {% if network.get('enforce_client_isolation') and role == 'corerouter' %} option macaddr '02:00:00:00:00:01' {% endif %} - list ports '{{ port }}' + list ports '{{ libnetwork.getPortIfname(network) }}' {% endif %} {% endfor %} diff --git a/roles/cfg_openwrt/templates/libraries/network.j2 b/roles/cfg_openwrt/templates/libraries/network.j2 new file mode 100644 index 000000000..e5d51bc88 --- /dev/null +++ b/roles/cfg_openwrt/templates/libraries/network.j2 @@ -0,0 +1,59 @@ +#jinja2: trim_blocks: True, lstrip_blocks: True + +{# Retrieve the layer 3 interface name of a network. #} +{% macro getIfname(network) %} + {% set ifname = "" %} + {% if isBridgeNeeded(network) | from_json %} + {% set ifname = getBridgeIfname(network) %} + {% else %} + {% set ifname = getPortIfname(network) %} + {% endif %} + +{{- (ifname if ifname | length <= 15) | mandatory('The generated interface name exceeds the 15 characters limit of the linux kernel. Try to shorten the name to resolve this.') -}} +{% endmacro %} + +{# Retrieve the Port Name of a network. This is either a physical vlan subinterface, or the switch vlan subinterface from DSA #} +{% macro getPortIfname(network) %} + {% set vid = network['vid']|string %} + {% set untagged = network.get('untagged') %} + {% if 'ifname' in network %} + {% set port = network['ifname'] + ('' if untagged else '.' + vid) %} + {% elif dsa_ports is defined %} + {% set port = 'switch0' + '.' + vid %} + {% elif (switch_ports|default(0) > 0) %} + {% set port = int_port + '.' + vid %} + {% else %} + {% set port = int_port + ('' if untagged else '.' + vid) %} + {% endif %} +{{- port -}} +{% endmacro %} + +{# Retrieve the bridge interface name of a network. This does not check if a bridge is actually needed #} +{% macro getBridgeIfname(network) %} +{{- 'br-' + getUciIfname(network) -}} +{% endmacro %} + +{# Retrieve the UCI/OpenWRT internal name of a network. #} +{% macro getUciIfname(network) %} +{{- network['name'] if 'name' in network else network['role'] -}} +{% endmacro %} + +{# Do we need to create a logical bridge for that network to bridge to wireless interface or are we not participating. This does not affect the switch configuration + # Warning: returns a bool. Use |from_json filter when calling #} +{% macro isBridgeNeeded(network) %} +{{- (getUciIfname(network) in getWirelessNetworks() or network.get('mesh_ap') == inventory_hostname or (role == 'corerouter' and network['role'] == 'uplink' and network.get('uplink_mode') != 'direct')) | to_json -}} +{% endmacro %} + +{# Do we need to configure a port or is this network only connected local (e.g. Mesh Endpoint on the core router) + # Warning: returns a bool. Use |from_json filter when calling #} +{% macro isPortNeeded(network) %} +{{- (not (role == 'corerouter' and network.get('mesh_ap') == inventory_hostname)) | to_yaml -}} +{% endmacro %} + +{# Retrieve the networks which shall be bridged to wifi + # Returns a list of bbb-config network name (network['name']) + # Warning: returns a list. Use |from_json filter when calling #} +{% macro getWirelessNetworks() %} + {% set selected_wireless_profile = wireless_profiles | selectattr('name', 'equalto', wireless_profile) | list | first %} +{{- selected_wireless_profile | json_query('ifaces[].network') | default([], true) | to_json -}} +{% endmacro %} From 7ab71dd94eae01661b34ea206af479cf95dbdd79 Mon Sep 17 00:00:00 2001 From: Ffhener Date: Tue, 8 Oct 2024 17:33:05 +0200 Subject: [PATCH 081/254] liese-21: add port documentation --- locations/liese-21.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/locations/liese-21.yml b/locations/liese-21.yml index c36dc107d..53f6de5ed 100644 --- a/locations/liese-21.yml +++ b/locations/liese-21.yml @@ -97,3 +97,11 @@ location__channel_assignments_11a_standard__to_merge: # location__channel_assignments_11g_standard__to_merge: # channel-bandwith-txpower in dbm + +# PORT CONFIG +# +# lan1: poe in +# lan2: Lite-AP +# lan3: Nanobeam 5AC + SXTsq5ac +# lan4: spare +# lan5: spare From 42e2949ed501b41fe9fae032a278e61608411cd4 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 8 Oct 2024 17:10:42 +0000 Subject: [PATCH 082/254] model: add GL.iNet Flint 2 (GL-MT6000) --- group_vars/model_glinet_gl_mt6000.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 group_vars/model_glinet_gl_mt6000.yml diff --git a/group_vars/model_glinet_gl_mt6000.yml b/group_vars/model_glinet_gl_mt6000.yml new file mode 100644 index 000000000..e080c4cfe --- /dev/null +++ b/group_vars/model_glinet_gl_mt6000.yml @@ -0,0 +1,24 @@ +--- +target: "mediatek/filogic" +brand_nice: GL.iNet +model_nice: GL-MT6000 (Flint 2) + +dsa_ports: + - eth0 + - lan1 + - lan2 + - lan3 + - lan4 + - lan5 + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: HE + path: platform/soc/18000000.wifi+1 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HE + path: platform/soc/18000000.wifi + ifname_hint: wlan2 From 76a60fc1b429f9704e874a28bc15eb43b7ed3235 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 8 Oct 2024 17:13:39 +0000 Subject: [PATCH 083/254] w38b: new core router --- locations/w38b.yml | 48 +++++++++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/locations/w38b.yml b/locations/w38b.yml index 81ace6f44..48879d03c 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -10,8 +10,8 @@ contacts: hosts: - hostname: w38b-core role: corerouter - model: "ubnt_edgerouter-x" - poe_on: [] + model: "glinet_gl-mt6000" + wireless_profile: w38b - hostname: w38b-ap1 role: ap model: "dlink_covr-x1860-a1" @@ -63,27 +63,27 @@ networks: mesh_metric: 256 # MESH - 5 GHz 802.11s - # - vid: 20 - # role: mesh - # name: mesh_5g - # prefix: 10.31.212.35/32 - # ipv6_subprefix: -20 - # mesh_ap: w38b-core - # mesh_radio: 11a_standard - # mesh_iface: mesh + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.212.35/32 + ipv6_subprefix: -20 + mesh_ap: w38b-core + mesh_radio: 11a_standard + mesh_iface: mesh # MESH - 2.4 GHz 802.11s - # - vid: 21 - # role: mesh - # name: mesh_2g - # prefix: 10.31.212.36/32 - # ipv6_subprefix: -21 - # # make mesh_metric(s) for 2GHz worse than 5GHz - # mesh_metric: 1024 - # mesh_metric_lqm: ['default 0.5'] - # mesh_ap: w38b-core - # mesh_radio: 11g_standard - # mesh_iface: mesh + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.212.36/32 + ipv6_subprefix: -21 + # make mesh_metric(s) for 2GHz worse than 5GHz + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.5'] + mesh_ap: w38b-core + mesh_radio: 11g_standard + mesh_iface: mesh # MESH - 5 GHz 802.11s ap1 - vid: 22 @@ -168,12 +168,12 @@ networks: # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: - # w38b-core: 36-80 - w38b-ap1: 36-80 + w38b-core: 36-80 + w38b-ap1: 52-80 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: - # w38b-core: 13-20 + w38b-core: 13-20 w38b-ap1: 13-20 # Wireless profile From 0b4b802da51759962ab0a268f6e7f3317e5d3e0a Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 25 Aug 2024 08:23:40 +0000 Subject: [PATCH 084/254] chris: update config to current state --- locations/chris.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/locations/chris.yml b/locations/chris.yml index 2ddad832a..5df4302ad 100644 --- a/locations/chris.yml +++ b/locations/chris.yml @@ -41,11 +41,11 @@ snmp_devices: - hostname: chris-teufelsberg address: 10.230.18.4 - snmp_profile: airos_6 + snmp_profile: airos_8 - # - hostname: chris-n-5ghz - # address: 10.230.18.5 - # snmp_profile: airos_6 + - hostname: chris-n-5ghz + address: 10.230.18.5 + snmp_profile: airos_6 - hostname: chris-o-5ghz address: 10.230.18.6 @@ -76,11 +76,11 @@ networks: ipv6_subprefix: -2 ptp: true - # - vid: 12 - # role: mesh - # name: mesh_n_5ghz - # prefix: 10.230.18.163/32 - # ipv6_subprefix: -3 + - vid: 12 + role: mesh + name: mesh_n_5ghz + prefix: 10.230.18.163/32 + ipv6_subprefix: -3 - vid: 13 role: mesh @@ -161,7 +161,7 @@ networks: chris-bht: 3 chris-teufelsberg: 4 - # chris-n-5ghz: 5 + chris-n-5ghz: 5 chris-o-5ghz: 6 chris-s-5ghz: 7 chris-w-5ghz: 8 From 6708fee523ad0358df763ba52c197ed5cbc57606 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 25 Aug 2024 08:19:57 +0000 Subject: [PATCH 085/254] mela: update config to current state --- locations/mela.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/locations/mela.yml b/locations/mela.yml index fbfe9734a..0b02a4a30 100644 --- a/locations/mela.yml +++ b/locations/mela.yml @@ -47,7 +47,7 @@ snmp_devices: - hostname: mela-nw-5ghz address: 10.36.70.4 snmp_profile: airos_6 - - hostname: mela-oso-5ghz + - hostname: mela-ono-5ghz address: 10.36.70.5 snmp_profile: airos_6 - hostname: mela-teufelsberg @@ -80,7 +80,7 @@ networks: - vid: 12 role: mesh - name: mesh_oso + name: mesh_ono prefix: 10.36.70.35/32 ipv6_subprefix: -12 @@ -171,7 +171,7 @@ networks: mela-switch-vorne: 3 # 10.36.70.3 # Ubiquiti PTMP / PTP mela-nw-5ghz: 4 # 10.36.70.4 - mela-oso-5ghz: 5 # 10.36.70.5 + mela-ono-5ghz: 5 # 10.36.70.5 mela-teufelsberg: 6 # 10.36.70.6 # OpenWRT AP (Indoor) mela-kanzel: 8 # 10.36.70.8 @@ -179,7 +179,7 @@ networks: mela-n2: 9 # 10.36.70.9 mela-o2: 10 # 10.36.70.10 mela-s2: 11 # 10.36.70.11 - mela-w2: 12 # 10.36.70.12 # CPE210, defect, needs replacement - mela-n5: 13 # 10.36.70.13 # CPE510, offline, currently connected to n2 but needs to be flashed and needs own port - mela-o5: 14 # 10.36.70.14 # CPE510, needs to be reconfigured / reinstalled + mela-w2: 12 # 10.36.70.12 + mela-n5: 13 # 10.36.70.13 + mela-o5: 14 # 10.36.70.14 mela-s5: 15 # 10.36.70.15 From 15456a3cc9756c590905b4e4ddece62dcfc31fdf Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 6 Oct 2024 16:20:13 +0000 Subject: [PATCH 086/254] gruni73: document PoE watchdog --- locations/gruni73.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/locations/gruni73.yml b/locations/gruni73.yml index 149e9b5c9..194f64b87 100644 --- a/locations/gruni73.yml +++ b/locations/gruni73.yml @@ -59,9 +59,9 @@ networks: gruni73-sama: 5 gruni73-zwingli: 6 # local nearfield aps 5ghz - gruni73-nf-o-5ghz: 13 - gruni73-nf-s-5ghz: 14 - gruni73-nf-w-5ghz: 15 + gruni73-nf-o-5ghz: 13 # 10m PoE watchdog active for this device due to instability + gruni73-nf-s-5ghz: 14 # 10m PoE watchdog active for this device due to instability + gruni73-nf-w-5ghz: 15 # 10m PoE watchdog active for this device due to instability - vid: 40 role: dhcp From f051426b7247caccd78b0cf25113fec10febd479 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 13 Oct 2024 10:03:57 +0000 Subject: [PATCH 087/254] rhnk, zwingli: added SNMP monitoring for switches --- locations/rhnk.yml | 3 +++ locations/zwingli.yml | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/locations/rhnk.yml b/locations/rhnk.yml index 2cdd34d55..0de588b40 100644 --- a/locations/rhnk.yml +++ b/locations/rhnk.yml @@ -30,6 +30,9 @@ hosts: eth0: 2c:c8:1b:6b:e7:31 snmp_devices: + - hostname: rhnk-switch + address: 10.31.153.2 + snmp_profile: swos - hostname: rhnk-rhxb address: 10.31.153.11 diff --git a/locations/zwingli.yml b/locations/zwingli.yml index 778aac410..edaeae4d5 100644 --- a/locations/zwingli.yml +++ b/locations/zwingli.yml @@ -84,6 +84,10 @@ airos_dfs_reset: daytime_limit: "2-7" snmp_devices: + - hostname: zwingli-switch + address: 10.31.115.2 + snmp_profile: swos + - hostname: zwingli-nord-5ghz address: 10.31.115.20 snmp_profile: airos_8 From 020a500478c9b2aecc9150840eca602e47eac22c Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 13 Oct 2024 07:52:53 +0000 Subject: [PATCH 088/254] manstein10: adjust config to reflect current state --- locations/manstein10.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/locations/manstein10.yml b/locations/manstein10.yml index deb372260..6b7c155e1 100644 --- a/locations/manstein10.yml +++ b/locations/manstein10.yml @@ -17,9 +17,9 @@ hosts: role: ap model: "ubnt_nanostation-m2_xm" - - hostname: manstein10-m2-w - role: ap - model: "ubnt_nanostation-m2_xm" + # - hostname: manstein10-m2-w + # role: ap + # model: "ubnt_nanostation-m2_xm" - hostname: manstein10-m5-w role: ap @@ -56,14 +56,14 @@ networks: mesh_radio: 11g_standard mesh_iface: mesh - - vid: 12 - role: mesh - name: mesh_2ghz_w - prefix: 10.31.125.34/32 - ipv6_subprefix: -3 - mesh_ap: manstein10-m2-w - mesh_radio: 11g_standard - mesh_iface: mesh + # - vid: 12 + # role: mesh + # name: mesh_2ghz_w + # prefix: 10.31.125.34/32 + # ipv6_subprefix: -3 + # mesh_ap: manstein10-m2-w + # mesh_radio: 11g_standard + # mesh_iface: mesh - vid: 13 role: mesh @@ -98,11 +98,11 @@ networks: # airos - bbb manstein10-rhxb: 4 # airos - clients - manstein10-m5-loco-s5: 5 + # manstein10-m5-loco-s5: 5 # openwrt clients manstein10-m5-w: 6 manstein10-m2-s: 7 - manstein10-m2-w: 8 + # manstein10-m2-w: 8 location__ssh_keys__to_merge: - comment: narfpeng From 1aaa2e7b1a1876c84c6e36c612352b13b6a525e0 Mon Sep 17 00:00:00 2001 From: Ffhener Date: Mon, 14 Oct 2024 14:20:07 +0200 Subject: [PATCH 089/254] forcki: added again fixes #782 Added a 2. tunnel and cleaned the config up a bit --- locations/forcki.yml | 67 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 locations/forcki.yml diff --git a/locations/forcki.yml b/locations/forcki.yml new file mode 100644 index 000000000..7145d5a26 --- /dev/null +++ b/locations/forcki.yml @@ -0,0 +1,67 @@ +--- + +location: forcki +location_nice: Forckenbeckplatz, 10249 Berlin +latitude: 52.519112973573066 +longitude: 13.462383908075621 +altitude: 60 +community: true + +hosts: + + - hostname: forcki-core + role: corerouter + model: "avm_fritzbox-7530" + wireless_profile: freifunk_default + +ipv6_prefix: "2001:bf7:830:ac00::/56" + +# Forcki got following prefixes: +# Router: 10.31.168.128/26 +# --MGMT: 10.31.168.160/28 +# --MESH: 10.31.168.176/28 +# --DHCP: 10.31.168.128/27 + +networks: + - vid: 20 + role: mesh + name: mesh_core_5ghz + prefix: 10.31.168.184/32 + ipv6_subprefix: -20 + mesh_ap: forcki-core + mesh_radio: 11a_standard + mesh_iface: mesh + + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.168.128/27 + ipv6_subprefix: 1 + assignments: + forcki-core: 1 + + - vid: 42 + role: mgmt + prefix: 10.31.168.160/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 0 + assignments: + forcki-core: 1 + + - vid: 50 + untagged: true + role: uplink + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.31.168.176/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.31.168.177/32 + wireguard_port: 51821 From d76223d191eb9cf586ce181a67dc2893f9d701ca Mon Sep 17 00:00:00 2001 From: Ffhener Date: Mon, 14 Oct 2024 15:14:14 +0200 Subject: [PATCH 090/254] forcki: add 2.4GHz mesh for core --- locations/forcki.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/locations/forcki.yml b/locations/forcki.yml index 7145d5a26..b6ba223b7 100644 --- a/locations/forcki.yml +++ b/locations/forcki.yml @@ -26,12 +26,21 @@ networks: - vid: 20 role: mesh name: mesh_core_5ghz - prefix: 10.31.168.184/32 + prefix: 10.31.168.178/32 ipv6_subprefix: -20 mesh_ap: forcki-core mesh_radio: 11a_standard mesh_iface: mesh + - vid: 21 + role: mesh + name: mesh_core_2ghz + prefix: 10.31.168.179/32 + ipv6_subprefix: -21 + mesh_ap: forcki-core + mesh_radio: 11g_standard + mesh_iface: mesh + - vid: 40 role: dhcp inbound_filtering: true From 8f448caef977e1f07ef07bc1d379eec7983d2e39 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 15 Oct 2024 14:05:09 +0000 Subject: [PATCH 091/254] zwingli: change mgmt VLAN; add wave nano; add mac override --- locations/zwingli.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/locations/zwingli.yml b/locations/zwingli.yml index edaeae4d5..500c3598e 100644 --- a/locations/zwingli.yml +++ b/locations/zwingli.yml @@ -35,6 +35,7 @@ hosts: - hostname: zwingli-nord-nf-5ghz role: ap model: mikrotik_sxtsq-5-ac + mac_override: {eth0: 2c:c8:1b:88:d4:95} wifi_roaming: true - hostname: zwingli-ost-nf-2ghz @@ -116,6 +117,10 @@ snmp_devices: address: 10.31.115.6 snmp_profile: af60 + - hostname: zwingli-emma + address: 10.31.115.7 + snmp_profile: af60 + ipv6_prefix: "2001:bf7:830:9800::/56" # ipv4-prefix: 10.31.115.0/24 @@ -151,7 +156,9 @@ networks: name: mesh_sama prefix: 10.31.115.36/32 ipv6_subprefix: -5 - mesh_metric: 128 + # prefer routing via emma over sama to use ohlauer as gateway) + mesh_metric: 320 + mesh_metric_lqm: ['default 0.85'] ptp: true - vid: 16 @@ -176,8 +183,6 @@ networks: prefix: 10.31.115.40/32 ipv6_subprefix: -9 mesh_metric: 128 - mesh_metric_lqm: - - default 0.3 # Make sure emma/ohlauer is not used as primary uplink ptp: true @@ -253,7 +258,7 @@ networks: assignments: zwingli-core: 1 - - vid: 42 + - vid: 425 role: mgmt prefix: 10.31.115.0/27 gateway: 1 @@ -263,10 +268,11 @@ networks: zwingli-core: 1 zwingli-switch: 2 - # af60-lr + # af60-lr / wave nano zwingli-sama: 3 zwingli-agym: 5 zwingli-vaterhaus: 6 + zwingli-emma: 7 # local aps 2ghz zwingli-ost-nf-2ghz: 11 From 77c85cd4618de658b5a15bc755bb042757d559bb Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 15 Oct 2024 15:48:10 +0000 Subject: [PATCH 092/254] w38b: adjust metrics --- locations/w38b.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/locations/w38b.yml b/locations/w38b.yml index 48879d03c..67ee52f9b 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -50,8 +50,8 @@ networks: ipv6_subprefix: -10 ptp: true # prefer routing via RHNK over SAMA - mesh_metric: 576 - mesh_metric_lqm: ['default 0.9'] + mesh_metric: 320 + mesh_metric_lqm: ['default 0.85'] # MESH - RHNK - vid: 11 From 2422fdec94bd30e80630de13d03995ffec395d85 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 15 Oct 2024 15:48:19 +0000 Subject: [PATCH 093/254] emma: add missing metrics --- locations/emma.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/locations/emma.yml b/locations/emma.yml index 9c8cae95f..04e658da8 100644 --- a/locations/emma.yml +++ b/locations/emma.yml @@ -217,6 +217,7 @@ networks: name: mesh_wsw_60ghz prefix: 10.31.11.41/32 ipv6_subprefix: -18 + mesh_metric: 128 ptp: true - vid: 19 @@ -224,6 +225,7 @@ networks: name: mesh_nnw_60ghz prefix: 10.31.11.42/32 ipv6_subprefix: -19 + mesh_metric: 128 ptp: true - vid: 20 From 38195d7a09553096804dfe429003a8433ffbaecf Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Thu, 17 Oct 2024 16:02:39 +0000 Subject: [PATCH 094/254] k12, hirschhof: bring some order into the setup --- locations/hirschhof.yml | 1 - locations/{k12-haus3.yml => k12-h1-h3n.yml} | 50 ++-- locations/{k12-haus1.yml => k12-h1.yml} | 79 +++--- locations/k12-h2.yml | 188 ++++++++++++++ locations/{k12-3v0s.yml => k12-h3-v0s.yml} | 22 +- locations/k12-h3-v2s.yml | 90 +++++++ locations/k12-h3.yml | 149 +++++++++++ locations/{k12-haus4.yml => k12-h4.yml} | 50 ++-- locations/k12.yml | 266 -------------------- 9 files changed, 529 insertions(+), 366 deletions(-) rename locations/{k12-haus3.yml => k12-h1-h3n.yml} (55%) rename locations/{k12-haus1.yml => k12-h1.yml} (74%) create mode 100644 locations/k12-h2.yml rename locations/{k12-3v0s.yml => k12-h3-v0s.yml} (85%) create mode 100644 locations/k12-h3-v2s.yml create mode 100644 locations/k12-h3.yml rename locations/{k12-haus4.yml => k12-h4.yml} (77%) delete mode 100644 locations/k12.yml diff --git a/locations/hirschhof.yml b/locations/hirschhof.yml index 581a1c193..6c65e1751 100644 --- a/locations/hirschhof.yml +++ b/locations/hirschhof.yml @@ -16,7 +16,6 @@ hosts: - hostname: hirschhof-k12 role: ap model: "tplink_cpe210-v1" - wireless_profile: freifunk_default wifi_roaming: true ipv6_prefix: '2001:bf7:760:2c00::/56' diff --git a/locations/k12-haus3.yml b/locations/k12-h1-h3n.yml similarity index 55% rename from locations/k12-haus3.yml rename to locations/k12-h1-h3n.yml index 7d57e2c20..504636f13 100644 --- a/locations/k12-haus3.yml +++ b/locations/k12-h1-h3n.yml @@ -1,28 +1,25 @@ --- -location: k12-haus3 -location_nice: 'Haus 3, Kastanienallee 12, 10435 Berlin' -latitude: 52.53951094884286 -longitude: 13.409447813490967 +location: k12-h1-h3n +location_nice: 'Haus1, Kastanienallee 12, 10435 Berlin' +latitude: 52.539219578693945 +longitude: 13.409907836874728 contact_nickname: 'zander' contacts: - 'alexanderjabs@gmx.de' hosts: - - hostname: k12-haus3-core + - hostname: k12-h1-h3n role: corerouter model: "dlink_dap-x1860-a1" wireless_profile: freifunk_default - host__rclocal__to_merge: - # Add service announcement for K12 Sunset Webcam - - "[ -z \"$(uci show olsrd | grep -F 'k12-sunset.olsr')\" ] && uci add_list olsrd.@LoadPlugin[1].service=\"http://k12-sunset.olsr:80|tcp|K12 Sunset Webcam\" && /etc/init.d/olsrd restart" -ipv6_prefix: '2001:bf7:760:700::/56' +ipv6_prefix: '2001:bf7:760:2e00::/56' # got following prefixes: -# Router: 10.31.226.192/26 -# --MGMT: 10.31.226.192/28 -# --MESH: 10.31.226.208/28 -# --DHCP: 10.31.226.224/27 +# Router: 10.248.19.192/26 +# --MGMT: 10.248.19.224/28 +# --MESH: 10.248.19.240/28 +# --DHCP: 10.248.19.192/27 # Disable noping dhcp_no_ping: false @@ -31,56 +28,53 @@ networks: # MESH - 5 GHz 802.11s - vid: 20 role: mesh - name: mesh_5g - prefix: 10.31.226.209/32 + name: mesh_core_5g + prefix: 10.248.19.240/32 ipv6_subprefix: -20 - mesh_ap: k12-haus3-core + mesh_ap: k12-h1-h3n mesh_radio: 11a_standard mesh_iface: mesh # MESH - 2.4 GHz 802.11s - vid: 21 role: mesh - name: mesh_2g - prefix: 10.31.226.210/32 + name: mesh_core_2g + prefix: 10.248.19.241/32 ipv6_subprefix: -21 # make mesh_metric(s) for 2GHz worse than 5GHz mesh_metric: 1024 mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-haus3-core + mesh_ap: k12-h1-h3n mesh_radio: 11g_standard mesh_iface: mesh # DHCP with filtering and isolation - vid: 40 role: dhcp - untagged: true inbound_filtering: true enforce_client_isolation: true - prefix: 10.31.226.224/27 + prefix: 10.248.19.192/27 ipv6_subprefix: 0 assignments: - k12-haus3-core: 1 + k12-h1-h3n: 1 # MGMT - vid: 42 role: mgmt - untagged: true - prefix: 10.31.226.192/28 + prefix: 10.248.19.224/28 gateway: 1 dns: 1 ipv6_subprefix: 1 assignments: - k12-haus3-core: 1 # 10.31.226.193 - k12-sunset: 2 # 10.31.226.194 + k12-h1-h3n: 1 # 10.248.19.225 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: - k12-haus3-core: 36-40 + k12-h1-h3n: 36-40 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: - k12-haus3-core: 13-20 + k12-h1-h3n: 13-20 dns_servers: # quad9 diff --git a/locations/k12-haus1.yml b/locations/k12-h1.yml similarity index 74% rename from locations/k12-haus1.yml rename to locations/k12-h1.yml index b76a9ea1c..19faaeaf6 100644 --- a/locations/k12-haus1.yml +++ b/locations/k12-h1.yml @@ -1,28 +1,17 @@ --- -location: k12-haus1 +location: k12-h1 location_nice: 'Kastanienallee 12, Haus 1' -latitude: 52.539219578693945 -longitude: 13.409907836874728 +latitude: 52.539199815 +longitude: 13.410111666 contact_nickname: 'zander' contacts: - 'alexanderjabs@gmx.de' -dns_servers: - # quad9 - - 9.9.9.9 - - 149.112.112.112 - - 2620:fe::fe - - 2620:fe::9 - # cloudflare - - 1.1.1.1 - - 1.0.0.1 - - 2606:4700:4700::1111 - - 2606:4700:4700::1001 - hosts: - - hostname: k12-haus1-core + - hostname: k12-h1-core role: corerouter - model: "dlink_dap-x1860-a1" + model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:db:4d:4c} wireless_profile: freifunk_default ipv6_prefix: '2001:bf7:760:300::/56' @@ -37,40 +26,48 @@ ipv6_prefix: '2001:bf7:760:300::/56' dhcp_no_ping: false networks: - # DHCP with filtering and isolation - - vid: 40 - role: dhcp - untagged: true - inbound_filtering: true - enforce_client_isolation: true - prefix: 10.31.226.160/27 - ipv6_subprefix: 0 - assignments: - k12-haus1-core: 1 - # MESH - 5 GHz 802.11s - vid: 20 role: mesh - name: mesh_5g + name: mesh_core_5g prefix: 10.31.226.145/32 ipv6_subprefix: -20 - mesh_ap: k12-haus1-core + mesh_ap: k12-h1-core mesh_radio: 11a_standard mesh_iface: mesh # MESH - 2.4 GHz 802.11s - vid: 21 role: mesh - name: mesh_2g + name: mesh_core_2g prefix: 10.31.226.146/32 ipv6_subprefix: -21 # make mesh_metric(s) for 2GHz worse than 5GHz mesh_metric: 1024 mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-haus1-core + mesh_ap: k12-h1-core mesh_radio: 11g_standard mesh_iface: mesh + # MESH - LAN + - vid: 30 + role: mesh + name: mesh_lan + prefix: 10.31.226.147/32 + ipv6_subprefix: -30 + # adjust mesh_metric(s) to prefer this + mesh_metric: 128 + + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.226.160/27 + ipv6_subprefix: 0 + assignments: + k12-h1-core: 1 + # MGMT - vid: 42 role: mgmt @@ -79,12 +76,24 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - k12-haus1-core: 1 + k12-h1-core: 1 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: - k12-haus1-core: 36-40 + k12-h1-core: 36-40 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: - k12-haus1-core: 13-20 + k12-h1-core: 13-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/k12-h2.yml b/locations/k12-h2.yml new file mode 100644 index 000000000..2f6dbdec3 --- /dev/null +++ b/locations/k12-h2.yml @@ -0,0 +1,188 @@ +--- +location: k12-h2 +location_nice: 'Haus2, Kastanienallee 12, 10435 Berlin' +latitude: 52.53936534993554 +longitude: 13.409738833169316 +altitude: 63 +contact_nickname: 'zander' +contacts: + - 'alexanderjabs@gmx.de' + +hosts: + - hostname: k12-h2-core + role: corerouter + model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:db:4d:45} + wireless_profile: freifunk_default + wifi_roaming: true + + - hostname: k12-h2-cpe + role: ap + model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: 08:55:31:ea:e3:32} + wireless_profile: mesh_only + + - hostname: k12-h2-h1n + role: ap + model: "tplink_tl-wdr4300-v1" + wifi_roaming: true + + - hostname: k12-h2-h1s + role: ap + model: "dlink_covr-x1860-a1" + mac_override: {eth0: 0c:0e:76:cf:21:de} + wifi_roaming: true + +snmp_devices: + - hostname: k12-h2-segen + address: 10.31.158.195 + snmp_profile: airos_8 + +ipv6_prefix: '2001:bf7:760:2a00::/56' + +# got following prefixes: +# Router: 10.31.158.0/24 +# --DHCP: 10.31.158.0/25 +# --MESH: 10.31.158.128/26 +# --MGMT: 10.31.158.192/27 +# --UPLK: 10.31.158.224/27 + +networks: + # MESH - segen + - vid: 10 + role: mesh + name: mesh_segen + prefix: 10.31.158.128/32 + ipv6_subprefix: -10 + + # MESH - core - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_core_5g + prefix: 10.31.158.1129/32 + ipv6_subprefix: -20 + mesh_ap: k12-h2-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - core - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_core_2g + prefix: 10.31.158.130/32 + ipv6_subprefix: -21 + # make mesh_metric(s) for 2GHz worse than 5GHz + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.8'] + mesh_ap: k12-h2-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # MESH - 1s - 5 GHz 802.11s + - vid: 22 + role: mesh + name: mesh_h1s_5g + prefix: 10.31.158.131/32 + ipv6_subprefix: -22 + mesh_ap: k12-h2-h1s + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 1s -2.4 GHz 802.11s + - vid: 23 + role: mesh + name: mesh_h1s_2g + prefix: 10.31.158.132/32 + ipv6_subprefix: -23 + # make mesh_metric(s) for 2GHz worse than 5GHz + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.8'] + mesh_ap: k12-h2-h1s + mesh_radio: 11g_standard + mesh_iface: mesh + + # MESH - 5 GHz 802.11s - cpe + - vid: 24 + role: mesh + name: mesh_cpe + prefix: 10.31.158.133/32 + ipv6_subprefix: -24 + mesh_ap: k12-h2-cpe + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - LAN + - vid: 30 + role: mesh + name: mesh_lan + prefix: 10.31.226.134/32 + ipv6_subprefix: -30 + # adjust mesh_metric(s) to prefer this + mesh_metric: 128 + + # DHCP + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.158.0/25 + ipv6_subprefix: 0 + assignments: + k12-h2-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.158.192/26 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + k12-h2-core: 1 # 10.31.158.193/32 + k12-h2-switch: 2 # 10.31.158.194/32 + k12-h2-segen: 3 # 10.31.158.195/32 + # NF Antennas # 10.31.158.196/32 + k12-h2-cpe: 5 # 10.31.158.197/32 + k12-h2-h1n: 6 # 10.31.158.198/32 + k12-h2-h1s: 7 # 10.31.158.199/32 + + # UPLK + - vid: 50 + role: uplink + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.31.158.224/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.31.158.225/32 + wireguard_port: 51821 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + k12-h2-core: 36-40 + k12-h2-h1n: 36-40 + k12-h2-h1s: 36-40 + k12-h2-cpe: 44-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + k12-h2-core: 13-20 + k12-h2-h1n: 13-20 + k12-h2-h1s: 13-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/k12-3v0s.yml b/locations/k12-h3-v0s.yml similarity index 85% rename from locations/k12-3v0s.yml rename to locations/k12-h3-v0s.yml index 164d118bb..f846a406e 100644 --- a/locations/k12-3v0s.yml +++ b/locations/k12-h3-v0s.yml @@ -1,6 +1,6 @@ --- -location: k12-3v0s -location_nice: 'Haus4, Kastanienallee 12, 10435 Berlin' +location: k12-h3-v0s +location_nice: 'Haus3, Kastanienallee 12, 10435 Berlin' latitude: 52.53935393039 longitude: 13.40930967973 contact_nickname: 'zander' @@ -8,7 +8,7 @@ contacts: - 'alexanderjabs@gmx.de' hosts: - - hostname: k12-3v0s + - hostname: k12-h3-v0s role: corerouter model: "dlink_covr-x1860-a1" mac_override: {eth0: a8:63:7d:b9:46:45} @@ -29,23 +29,23 @@ networks: # MESH - 5 GHz 802.11s - vid: 20 role: mesh - name: mesh_5g + name: mesh_core_5g prefix: 10.31.227.144/32 ipv6_subprefix: -20 - mesh_ap: k12-3v0s + mesh_ap: k12-h3-v0s mesh_radio: 11a_standard mesh_iface: mesh # MESH - 2.4 GHz 802.11s - vid: 21 role: mesh - name: mesh_2g + name: mesh_core_2g prefix: 10.31.227.145/32 ipv6_subprefix: -21 # make mesh_metric(s) for 2GHz worse than 5GHz mesh_metric: 1024 mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-3v0s + mesh_ap: k12-h3-v0s mesh_radio: 11g_standard mesh_iface: mesh @@ -59,7 +59,7 @@ networks: prefix: 10.31.227.160/27 ipv6_subprefix: 0 assignments: - k12-3v0s: 1 + k12-h3-v0s: 1 # MGMT - vid: 42 @@ -69,15 +69,15 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - k12-3v0s: 1 # 10.31.227.129 + k12-h3-v0s: 1 # 10.31.227.129 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: - k12-3v0s: 36-40 + k12-h3-v0s: 36-40 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11g_standard__to_merge: - k12-3v0s: 13-20 + k12-h3-v0s: 13-20 dns_servers: # quad9 diff --git a/locations/k12-h3-v2s.yml b/locations/k12-h3-v2s.yml new file mode 100644 index 000000000..6d1c50b09 --- /dev/null +++ b/locations/k12-h3-v2s.yml @@ -0,0 +1,90 @@ +--- +location: k12-h3-v2s +location_nice: 'Haus3, Kastanienallee 12, 10435 Berlin' +latitude: 52.539382528 +longitude: 13.409425020 +contact_nickname: 'zander' +contacts: + - 'alexanderjabs@gmx.de' + +hosts: + - hostname: k12-h3-v2s + role: corerouter + model: "dlink_covr-x1860-a1" + mac_override: {eth0: a8:63:7d:db:4d:3e} + wireless_profile: freifunk_default + +ipv6_prefix: '2001:bf7:760:2d00::/56' + +# got following prefixes: +# Router: 10.248.19.128/26 +# --MGMT: 10.248.19.128/28 +# --MESH: 10.248.19.144/28 +# --DHCP: 10.248.19.160/27 + +# Disable noping +dhcp_no_ping: false + +networks: + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_core_5g + prefix: 10.248.19.144/32 + ipv6_subprefix: -20 + mesh_ap: k12-h3-v2s + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_core_2g + prefix: 10.248.19.145/32 + ipv6_subprefix: -21 + # make mesh_metric(s) for 2GHz worse than 5GHz + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.8'] + mesh_ap: k12-h3-v2s + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.248.19.160/27 + ipv6_subprefix: 0 + assignments: + k12-h3-v2s: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.19.128/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + k12-h3-v2s: 1 # 10.248.19.129 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + k12-h3-v2s: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + k12-h3-v2s: 13-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/k12-h3.yml b/locations/k12-h3.yml new file mode 100644 index 000000000..107049022 --- /dev/null +++ b/locations/k12-h3.yml @@ -0,0 +1,149 @@ +--- +location: k12-h3 +location_nice: 'Haus 3, Kastanienallee 12, 10435 Berlin' +latitude: 52.53951094884286 +longitude: 13.409447813490967 +contact_nickname: 'zander' +contacts: + - 'alexanderjabs@gmx.de' + +hosts: + - hostname: k12-h3-core + role: corerouter + model: "dlink_dap-x1860-a1" + wireless_profile: freifunk_default + - hostname: k12-h3-h3n + role: ap + model: "dlink_dap-x1860-a1" + # - hostname: k12-h3-v2s + # role: ap + # model: "dlink_dap-x1860-a1" + # wireless_profile: freifunk_owe + +ipv6_prefix: '2001:bf7:760:700::/56' + +# got following prefixes: +# Router: 10.31.226.192/26 +# --MGMT: 10.31.226.192/28 +# --MESH: 10.31.226.208/28 +# --DHCP: 10.31.226.224/27 + +# Disable noping +dhcp_no_ping: false + +networks: + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_core_5g + prefix: 10.31.226.209/32 + ipv6_subprefix: -20 + mesh_ap: k12-h3-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_core_2g + prefix: 10.31.226.210/32 + ipv6_subprefix: -21 + # make mesh_metric(s) for 2GHz worse than 5GHz + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.8'] + mesh_ap: k12-h3-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # MESH - 5 GHz 802.11s + - vid: 22 + role: mesh + name: mesh_h3n_5g + prefix: 10.31.226.211/32 + ipv6_subprefix: -22 + mesh_ap: k12-h3-h3n + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 23 + role: mesh + name: mesh_h3n_2g + prefix: 10.31.226.212/32 + ipv6_subprefix: -23 + # make mesh_metric(s) for 2GHz worse than 5GHz + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.8'] + mesh_ap: k12-h3-h3n + mesh_radio: 11g_standard + mesh_iface: mesh + + # MESH - 5 GHz 802.11s + # - vid: 24 + # role: mesh + # name: mesh_v2s_5g + # prefix: 10.31.226.213/32 + # ipv6_subprefix: -24 + # mesh_ap: k12-h3-v2s + # mesh_radio: 11a_standard + # mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + # - vid: 25 + # role: mesh + # name: mesh_v2s_2g + # prefix: 10.31.226.214/32 + # ipv6_subprefix: -25 + # # make mesh_metric(s) for 2GHz worse than 5GHz + # mesh_metric: 1024 + # mesh_metric_lqm: ['default 0.8'] + # mesh_ap: k12-h3-v2s + # mesh_radio: 11g_standard + # mesh_iface: mesh + + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.226.224/27 + ipv6_subprefix: 0 + assignments: + k12-h3-core: 1 + + # MGMT + - vid: 42 + role: mgmt + untagged: true + prefix: 10.31.226.192/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + k12-h3-core: 1 # 10.31.226.193 + k12-h3-h3n: 2 # 10.31.226.194 + # k12-h3-v2s: 2 # 10.31.226.195 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + k12-h3-core: 44-40 + k12-h3-h3n: 36-40 + # k12-h3-v2s: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + k12-h3-core: 13-20 + k12-h3-h3n: 13-20 + # k12-h3-v2s: 13-20 + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 diff --git a/locations/k12-haus4.yml b/locations/k12-h4.yml similarity index 77% rename from locations/k12-haus4.yml rename to locations/k12-h4.yml index 37dc6a060..a98f564b6 100644 --- a/locations/k12-haus4.yml +++ b/locations/k12-h4.yml @@ -1,5 +1,5 @@ --- -location: k12-haus4 +location: k12-h4 location_nice: 'Haus 4, Kastanienallee 12, 10435 Berlin' latitude: 52.53949585878101 longitude: 13.40898110911928 @@ -8,18 +8,18 @@ contacts: - 'alexanderjabs@gmx.de' hosts: - - hostname: k12-haus4-core + - hostname: k12-h4-core role: corerouter model: "dlink_covr-x1860-a1" - wireless_profile: freifunk_default mac_override: {eth0: 0c:0e:76:cf:21:e5} + wireless_profile: freifunk_default wifi_roaming: true - - hostname: k12-haus4-garten + - hostname: k12-h4-h0s role: ap model: "dlink_covr-x1860-a1" mac_override: {eth0: a8:63:7d:db:4d:53} wifi_roaming: true - - hostname: k12-haus4-hirschhof + - hostname: k12-h4-hirschhof role: ap model: "tplink_cpe210-v1" wifi_roaming: true @@ -36,23 +36,24 @@ networks: # MESH - 5 GHz 802.11s - vid: 20 role: mesh - name: mesh_5ghz + name: mesh_core_5g prefix: 10.31.157.160/32 ipv6_subprefix: -20 - mesh_ap: k12-haus4-core + mesh_ap: k12-h4-core mesh_radio: 11a_standard mesh_iface: mesh # MESH - 2.4 GHz 802.11s - vid: 21 role: mesh - name: mesh_2ghz + name: mesh_core_2g prefix: 10.31.157.161/32 ipv6_subprefix: -21 # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # prevent babel from using 2GHz link to segen + mesh_metric: 8192 mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-haus4-core + mesh_ap: k12-h4-core mesh_radio: 11g_standard mesh_iface: mesh @@ -62,43 +63,42 @@ networks: name: mesh_hirsch prefix: 10.31.157.162/32 ipv6_subprefix: -22 - mesh_ap: k12-haus4-hirschhof + mesh_ap: k12-h4-hirschhof mesh_radio: 11g_standard mesh_iface: mesh # MESH - 5 GHz 802.11s - Garten - vid: 23 role: mesh - name: mesh_11s_g5 + name: mesh_h0s_5g prefix: 10.31.157.163/32 ipv6_subprefix: -23 - mesh_ap: k12-haus4-garten + mesh_ap: k12-h4-h0s mesh_radio: 11a_standard mesh_iface: mesh # MESH - 2.4 GHz 802.11s - Garten - vid: 24 role: mesh - name: mesh_11s_g2 + name: mesh_h0s_2g prefix: 10.31.157.164/32 ipv6_subprefix: -24 # make mesh_metric(s) for 2GHz worse than 5GHz mesh_metric: 1024 mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-haus4-garten + mesh_ap: k12-h4-h0s mesh_radio: 11g_standard mesh_iface: mesh # DHCP - vid: 40 role: dhcp - untagged: true inbound_filtering: true enforce_client_isolation: true prefix: 10.31.157.128/27 ipv6_subprefix: 0 assignments: - k12-haus4-core: 1 + k12-h4-core: 1 # MGMT - vid: 42 @@ -108,19 +108,19 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - k12-haus4-core: 1 # 10.31.157.177 - k12-haus4-hirschhof: 2 # 10.31.157.178 - k12-haus4-garten: 3 # 10.31.157.179 + k12-h4-core: 1 # 10.31.157.177 + k12-h4-hirschhof: 2 # 10.31.157.178 + k12-h4-h0s: 3 # 10.31.157.179 # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: - k12-haus4-core: 44-40 - k12-haus4-garten: 36-40 + k12-h4-core: 44-40 + k12-h4-h0s: 36-40 location__channel_assignments_11g_standard__to_merge: - k12-haus4-core: 13-20 - k12-haus4-garten: 13-20 - k12-haus4-hirschhof: 13-20 + k12-h4-core: 13-20 + k12-h4-h0s: 13-20 + k12-h4-hirschhof: 13-20 dns_servers: # quad9 diff --git a/locations/k12.yml b/locations/k12.yml deleted file mode 100644 index cce25c782..000000000 --- a/locations/k12.yml +++ /dev/null @@ -1,266 +0,0 @@ ---- -location: k12 -location_nice: 'Haus2, Kastanienallee 12, 10435 Berlin' -latitude: 52.53936534993554 -longitude: 13.409738833169316 -altitude: 63 -contact_nickname: 'zander' -contacts: - - 'alexanderjabs@gmx.de' - -hosts: - - hostname: k12-core - role: corerouter - model: "dlink_covr-x1860-a1" - mac_override: {eth0: a8:63:7d:db:4d:45} - wireless_profile: freifunk_default - wifi_roaming: true - - hostname: k12-cpe - role: ap - model: "mikrotik_sxtsq-5-ac" - mac_override: {eth0: 08:55:31:ea:e3:32} - wifi_roaming: true - - hostname: k12-ap1 - role: ap - model: "tplink_archer-c5-v1" - wifi_roaming: true - - hostname: k12-ap2 - role: ap - model: "tplink_archer-c7-v5" - wifi_roaming: true - - hostname: k12-2h1s - role: ap - model: "dlink_covr-x1860-a1" - mac_override: {eth0: 0c:0e:76:cf:21:de} - wifi_roaming: true - - hostname: k12-ap3 - role: ap - model: "tplink_tl-wdr4300-v1" - wifi_roaming: true - - hostname: k12-ap4 - role: ap - model: "tplink_archer-c5-v1" - wifi_roaming: true - -snmp_devices: - - hostname: k12-segen - address: 10.31.158.194 - snmp_profile: airos_8 - -ipv6_prefix: '2001:bf7:760:2a00::/56' - -# got following prefixes: -# Router: 10.31.158.0/24 -# --DHCP: 10.31.158.0/25 -# --MESH: 10.31.158.128/26 -# --MGMT: 10.31.158.192/27 -# --UPLK: 10.31.158.224/27 - -networks: - # MESH - segen - - vid: 11 - role: mesh - name: mesh_segen - prefix: 10.31.158.133/32 - ipv6_subprefix: -11 - - # MESH - 5 GHz 802.11s - - vid: 20 - role: mesh - name: mesh_5ghz - prefix: 10.31.158.128/32 - ipv6_subprefix: -20 - mesh_ap: k12-core - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - - vid: 21 - role: mesh - name: mesh_2ghz - prefix: 10.31.158.129/32 - ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-core - mesh_radio: 11g_standard - mesh_iface: mesh - - # MESH - 5 GHz 802.11s - ap1 - - vid: 22 - role: mesh - name: mesh_ap1_5 - prefix: 10.31.158.130/32 - ipv6_subprefix: -22 - mesh_ap: k12-ap1 - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - ap1 - - vid: 23 - role: mesh - name: mesh_ap1_2 - prefix: 10.31.158.131/32 - ipv6_subprefix: -23 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-ap1 - mesh_radio: 11g_standard - mesh_iface: mesh - - # MESH - 5 GHz 802.11s - cpe - - vid: 24 - role: mesh - name: mesh_cpe - prefix: 10.31.158.132/32 - ipv6_subprefix: -24 - mesh_ap: k12-cpe - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 5 GHz 802.11s - ap2 - - vid: 25 - role: mesh - name: mesh_ap2_5 - prefix: 10.31.158.134/32 - ipv6_subprefix: -25 - mesh_ap: k12-ap2 - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - ap2 - - vid: 26 - role: mesh - name: mesh_ap2_2 - prefix: 10.31.158.135/32 - ipv6_subprefix: -26 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-ap2 - mesh_radio: 11g_standard - mesh_iface: mesh - - # MESH - 5 GHz 802.11s - ap4 - - vid: 27 - role: mesh - name: mesh_ap4_5 - prefix: 10.31.158.136/32 - ipv6_subprefix: -27 - mesh_ap: k12-ap4 - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - ap4 - - vid: 28 - role: mesh - name: mesh_ap4_2 - prefix: 10.31.158.137/32 - ipv6_subprefix: -28 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-ap4 - mesh_radio: 11g_standard - mesh_iface: mesh - - # MESH - 5 GHz 802.11s - 2h1s - - vid: 29 - role: mesh - name: mesh_2h1s_5 - prefix: 10.31.158.138/32 - ipv6_subprefix: -29 - mesh_ap: k12-2h1s - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - 2h1s - - vid: 30 - role: mesh - name: mesh_2h1s_2 - prefix: 10.31.158.139/32 - ipv6_subprefix: -30 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_ap: k12-2h1s - mesh_radio: 11g_standard - mesh_iface: mesh - - # DHCP - - vid: 40 - role: dhcp - untagged: true - inbound_filtering: true - enforce_client_isolation: true - prefix: 10.31.158.0/25 - ipv6_subprefix: 0 - assignments: - k12-core: 1 - - # MGMT - - vid: 42 - role: mgmt - prefix: 10.31.158.192/26 - gateway: 1 - dns: 1 - ipv6_subprefix: 1 - assignments: - k12-core: 1 # 10.31.158.193/32 - k12-segen: 2 # 10.31.158.194/32 - k12-ap1: 3 # 10.31.158.195/32 - k12-cpe: 4 # 10.31.158.196/32 - k12-ap2: 5 # 10.31.158.197/32 - k12-ap3: 6 # 10.31.158.198/32 - k12-ap4: 7 # 10.31.158.199/32 - k12-switch: 8 # 10.31.158.200/32 - k12-2h1s: 9 # 10.31.158.201/32 - - # UPLK - - vid: 50 - role: uplink - - - role: tunnel - ifname: ts_wg0 - mtu: 1280 - prefix: 10.31.158.224/32 - wireguard_port: 51820 - - - role: tunnel - ifname: ts_wg1 - mtu: 1280 - prefix: 10.31.158.225/32 - wireguard_port: 51821 - -# AP-id, wifi-channel, bandwidth, txpower -location__channel_assignments_11a_standard__to_merge: - k12-core: 36-40 - k12-ap1: 36-40 - k12-ap2: 36-40 - k12-ap3: 48-40 - k12-ap4: 36-40 - k12-cpe: 44-40 - k12-2h1s: 36-40 - -# AP-id, wifi-channel, bandwidth, txpower -location__channel_assignments_11g_standard__to_merge: - k12-core: 13-20 - k12-ap1: 13-20 - k12-ap2: 13-20 - k12-ap3: 1-20 - k12-ap4: 13-20 - k12-2h1s: 13-20 - -dns_servers: - # quad9 - - 9.9.9.9 - - 149.112.112.112 - - 2620:fe::fe - - 2620:fe::9 - # cloudflare - - 1.1.1.1 - - 1.0.0.1 - - 2606:4700:4700::1111 - - 2606:4700:4700::1001 From 28dbaf6b4ea99a6dbd392ac7fc575e82cbcd91fa Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Wed, 16 Oct 2024 05:32:44 +0000 Subject: [PATCH 095/254] mesh: fixed / added missing mesh metrics --- locations/ak36.yml | 6 +++--- locations/gub37.yml | 1 + locations/ilr.yml | 1 + locations/kiehlufer.yml | 3 ++- locations/klunker.yml | 2 ++ locations/ohlauer.yml | 2 +- locations/radbahn.yml | 1 + locations/rhnk.yml | 4 ++++ locations/sav.yml | 1 + locations/scharni.yml | 1 + locations/teufelsberg.yml | 2 ++ locations/vaterhaus.yml | 1 + locations/w38b.yml | 2 +- locations/wilgu10.yml | 1 + locations/zwingli.yml | 2 +- 15 files changed, 23 insertions(+), 7 deletions(-) diff --git a/locations/ak36.yml b/locations/ak36.yml index 97a951193..9e54feba1 100644 --- a/locations/ak36.yml +++ b/locations/ak36.yml @@ -87,7 +87,7 @@ mesh_links: ifname: eth1.11 ipv4: 10.31.130.161/32 ipv6: 2001:bf7:750:4001::2/128 - metric: 1024 + metric: 128 ptp: true - name: mesh_dtmb @@ -109,14 +109,14 @@ mesh_links: ifname: eth1.14 ipv4: 10.31.130.165/32 ipv6: 2001:bf7:750:4001::6/128 - metric: 256 + metric: 128 ptp: true - name: mesh_teufel ifname: eth1.15 ipv4: 10.31.130.166/32 ipv6: 2001:bf7:750:4001::7/128 - metric: 1024 + metric: 128 ptp: true # OLSR Announce SmartGateway diff --git a/locations/gub37.yml b/locations/gub37.yml index ece0f6ce3..2947c44c9 100644 --- a/locations/gub37.yml +++ b/locations/gub37.yml @@ -65,6 +65,7 @@ networks: prefix: 10.31.157.98/32 ipv6_subprefix: -11 ptp: true + mesh_metric: 128 - vid: 12 role: mesh diff --git a/locations/ilr.yml b/locations/ilr.yml index 79af67b70..a70f9dfd3 100644 --- a/locations/ilr.yml +++ b/locations/ilr.yml @@ -94,6 +94,7 @@ networks: prefix: 10.31.214.16/32 ipv6_subprefix: -10 # WARNING: Custom port config {1t,2u,3u,4u,5t} + mesh_metric: 128 - vid: 11 role: mesh diff --git a/locations/kiehlufer.yml b/locations/kiehlufer.yml index 7984effc7..43f11e23e 100644 --- a/locations/kiehlufer.yml +++ b/locations/kiehlufer.yml @@ -101,7 +101,7 @@ networks: name: mesh_rhnk prefix: 10.31.151.112/32 ipv6_subprefix: -1 - mesh_metric: 1024 + mesh_metric: 128 ptp: true # hüttenroder weg - mikrotik 60ghz cube - vid: 11 @@ -110,6 +110,7 @@ networks: prefix: 10.31.151.113/32 ipv6_subprefix: -2 ptp: true + mesh_metric: 128 # gateway - Rocket 5AC lite - vid: 12 role: mesh diff --git a/locations/klunker.yml b/locations/klunker.yml index 186aac897..b936a2b82 100644 --- a/locations/klunker.yml +++ b/locations/klunker.yml @@ -60,6 +60,7 @@ networks: prefix: 10.31.71.152/32 ipv6_subprefix: -1 ptp: true + mesh_metric: 128 # PtP mesh down south 60GHz # Airfiber 60LR Link to philmel church @@ -69,6 +70,7 @@ networks: prefix: 10.31.71.153/32 ipv6_subprefix: -2 ptp: true + mesh_metric: 128 # AP1 down Isarstrasse 5GHz # directing south-southeast diff --git a/locations/ohlauer.yml b/locations/ohlauer.yml index 81796cf16..d07c662cf 100644 --- a/locations/ohlauer.yml +++ b/locations/ohlauer.yml @@ -46,7 +46,7 @@ mesh_links: ifname: lan3.10 ipv4: 10.31.11.96/32 ipv6: 2001:bf7:830:8301::/128 - metric: 256 + metric: 128 ptp: true # Downlink IPv4 is in net announced by emma. diff --git a/locations/radbahn.yml b/locations/radbahn.yml index df5b68427..14c19709c 100644 --- a/locations/radbahn.yml +++ b/locations/radbahn.yml @@ -58,6 +58,7 @@ networks: prefix: 10.31.248.248/32 ipv6_subprefix: -10 ptp: true + mesh_metric: 128 - vid: 20 name: mesh_o_nf2 diff --git a/locations/rhnk.yml b/locations/rhnk.yml index 0de588b40..da5895720 100644 --- a/locations/rhnk.yml +++ b/locations/rhnk.yml @@ -120,6 +120,7 @@ networks: name: mesh_klunker60 prefix: 10.230.3.14/32 ipv6_subprefix: -14 + mesh_metric: 128 ptp: true - vid: 15 @@ -147,6 +148,7 @@ networks: role: mesh name: mesh_wsw_60 prefix: 10.230.3.22/32 + mesh_metric: 128 ipv6_subprefix: -22 - vid: 23 @@ -159,6 +161,7 @@ networks: role: mesh name: mesh_oso_60 prefix: 10.230.3.24/32 + mesh_metric: 128 ipv6_subprefix: -24 - vid: 25 @@ -174,6 +177,7 @@ networks: role: mesh name: mesh_nno_60ghz prefix: 10.230.3.26/32 + mesh_metric: 128 ipv6_subprefix: -26 - vid: 32 diff --git a/locations/sav.yml b/locations/sav.yml index b1768bd18..0efdc5b2b 100644 --- a/locations/sav.yml +++ b/locations/sav.yml @@ -84,6 +84,7 @@ networks: name: mesh_emma prefix: 10.31.174.244/32 ipv6_subprefix: -10 + mesh_metric: 128 - vid: 40 role: dhcp diff --git a/locations/scharni.yml b/locations/scharni.yml index 93b8e5a94..5744e5bda 100644 --- a/locations/scharni.yml +++ b/locations/scharni.yml @@ -58,6 +58,7 @@ networks: prefix: 10.31.252.192/32 ipv6_subprefix: -2 ptp: true + mesh_metric: 128 - vid: 11 role: mesh diff --git a/locations/teufelsberg.yml b/locations/teufelsberg.yml index 72accf666..6edee45d7 100644 --- a/locations/teufelsberg.yml +++ b/locations/teufelsberg.yml @@ -100,12 +100,14 @@ networks: name: mesh_ak36 prefix: 10.31.213.64/32 ipv6_subprefix: -10 + mesh_metric: 128 - vid: 12 role: mesh name: mesh_ilr prefix: 10.31.213.66/32 ipv6_subprefix: -12 + mesh_metric: 128 - vid: 13 role: mesh diff --git a/locations/vaterhaus.yml b/locations/vaterhaus.yml index a6f63e5a9..57850ccaf 100644 --- a/locations/vaterhaus.yml +++ b/locations/vaterhaus.yml @@ -86,6 +86,7 @@ networks: prefix: 10.230.192.226/32 ipv6_subprefix: -3 ptp: true + mesh_metric: 128 - vid: 13 role: mesh diff --git a/locations/w38b.yml b/locations/w38b.yml index 67ee52f9b..cbc96f0c3 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -50,7 +50,7 @@ networks: ipv6_subprefix: -10 ptp: true # prefer routing via RHNK over SAMA - mesh_metric: 320 + mesh_metric: 192 mesh_metric_lqm: ['default 0.85'] # MESH - RHNK diff --git a/locations/wilgu10.yml b/locations/wilgu10.yml index 565dce89f..80a05dd08 100644 --- a/locations/wilgu10.yml +++ b/locations/wilgu10.yml @@ -58,6 +58,7 @@ networks: prefix: 10.230.210.104/32 ipv6_subprefix: -1 ptp: true + mesh_metric: 128 - vid: 11 role: mesh diff --git a/locations/zwingli.yml b/locations/zwingli.yml index 500c3598e..e5cb648fb 100644 --- a/locations/zwingli.yml +++ b/locations/zwingli.yml @@ -157,7 +157,7 @@ networks: prefix: 10.31.115.36/32 ipv6_subprefix: -5 # prefer routing via emma over sama to use ohlauer as gateway) - mesh_metric: 320 + mesh_metric: 192 mesh_metric_lqm: ['default 0.85'] ptp: true From 5760132891b6bff945909a94d097c168b8c0f764 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Wed, 16 Oct 2024 01:20:51 +0200 Subject: [PATCH 096/254] nftables: filter reflected packets only on mesh APs On corerouters this intermittently breaks IP traffic to mesh neighbours because the mesh interface isn't covered by a bridge, but using the underlying wifi interface directly. We somehow end up with all kinds of MAC addresses in the filter, while mesh APs correctly filter only their own MAC address as well as the corerouter's mac address. Just don't filter on the corerouters. The filter's purpose here is only log noise reduction anyway, while on the mesh APs it probably actually cover wonky cheap switches that might get confused. Much more information in the added template comment. --- .../templates/common/nftables.conf.j2 | 80 +++++++++++++++---- 1 file changed, 66 insertions(+), 14 deletions(-) diff --git a/roles/cfg_openwrt/templates/common/nftables.conf.j2 b/roles/cfg_openwrt/templates/common/nftables.conf.j2 index 5674b3b63..123e01b47 100644 --- a/roles/cfg_openwrt/templates/common/nftables.conf.j2 +++ b/roles/cfg_openwrt/templates/common/nftables.conf.j2 @@ -60,20 +60,71 @@ table bridge client_isolation { {% endif %} {% endfor %} -{% for network in networks | selectattr('role', 'equalto', 'mesh') | selectattr('name','in', network_ifname_map|map(attribute='network')) %} - {% set wifi_if = network_ifname_map | selectattr('network', 'equalto', network['name']) | map(attribute='ifname') | first %} - {% set set_localrouter = 'localrouter_' + network['name'] %} - {% if loop.first %} +{# + Reflection filter -{# Corerouters have no bridge, therefore we need to hook in family inet. - See https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks#Netfilter_hooks_into_Linux_networking_packet_flows #} -{% set type = 'bridge' if role == 'ap' else 'inet' %} + We sometimes receive our own packets back. It happens when a location has + two or more mesh APs which are badly isolated, use overlapping frequencies, + or are aligned to be in each others beam. Can't be prevented 100%, happens. + Any suitable obstacle in a single antenna's beam can cause reflections too. + Reflections were observed in 2021 with old 2 GHz Nanostations at Emmauskirche: + https://github.com/freifunk-berlin/bbb-configs/issues/119 -table {{ type }} prevent_mesh_reflection -flush table {{ type }} prevent_mesh_reflection -table {{ type }} prevent_mesh_reflection { - {% endif %} + It usually works like this: corerouter transmits a packet over mesh VLAN 123, + the respective mesh AP receives it on its bridge and transmits it out over + the wifi mesh interface. Another mesh AP at the same location receives + the packet on its wifi mesh interface, and through its bridge puts it + on mesh VLAN 456, where the same corerouter receives it. + + In our setup all VLAN interfaces on the corerouter share the same MAC address. + That means the corerouter receives a packet with its one of its own MAC + addresses as as the source address. In more traditional network environments, + this would be cause for concern, so Linux complains with a log message: + + switch0: received packet on lan4 with own address as source address + + It's fine in our meshy, non-traditional setup, but two things need consideration: + + 1) On the corerouter, reflected packets are purely an issue of asthetics: + it can become quite noisy in logread and drown out more important messages. + + 2) Infrastructure devices (= switches) between mesh AP and corerouter might + get confused about the same MAC address seamingly living on multiple ports. + All devices should handle this fine because it's on separate VLANs, + but you never know. We've seen all kinds of weird shit on cheap switches. + + So we want to avoid letting these packets back into the location. + + Our filter has nftables learn source MAC addresses from outgoing traffic + and reject any incoming packets with a matching source MAC address. + + We do this only on the mesh AP though, because this is where we can prevent + the reflected packet from reaching possibly wonky cheap switches. + The filter as described works nicely on the mesh AP bridge interface covering + the mesh VLAN and the mesh wifi interface. + + On the corerouter however, the filter would only prevent logread noise, + and it would need to be more complex as well. Mesh wifi interfaces directly + on the corerouter don't require a bridge over the mesh wifi interface since + a dedicated VLAN for that mesh direction isn't required. But without + a bridge, we somehow ended up blocking not just reflected packets, but also + intermittently blocked our mesh neighbours. All kinds of MAC addresses + ended up in the filter - not sure why. + + Summary: we filter reflected packets on mesh APs, but where a corerouter + meshes on its own, using its own integrated wifi, we tolerate the log noise. +#} +{% if role == 'ap' %} + {% for network in networks | selectattr('role', 'equalto', 'mesh') | selectattr('name','in', network_ifname_map|map(attribute='network')) %} + {% set wifi_if = network_ifname_map | selectattr('network', 'equalto', network['name']) | map(attribute='ifname') | first %} + {% set set_localrouter = 'localrouter_' + network['name'] %} + {% if loop.first %} + +table bridge prevent_mesh_reflection +flush table bridge prevent_mesh_reflection +table bridge prevent_mesh_reflection { + {% endif %} set {{ set_localrouter }} { type ether_addr size 5 @@ -88,7 +139,8 @@ table {{ type }} prevent_mesh_reflection { iifname {{ wifi_if }} ether saddr @{{ set_localrouter }} counter drop } - {% if loop.last %} + {% if loop.last %} } - {% endif %} -{% endfor %} + {% endif %} + {% endfor %} +{% endif %} From 664adc4a00045af51ac35f0e9b602c778ea3eb98 Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Sun, 20 Oct 2024 17:40:56 +0200 Subject: [PATCH 097/254] model: Add Cudy AP3000 Outdoor v1 Signed-off-by: Robert Foss --- group_vars/model_cudy_ap3000outdoor_v1.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 group_vars/model_cudy_ap3000outdoor_v1.yml diff --git a/group_vars/model_cudy_ap3000outdoor_v1.yml b/group_vars/model_cudy_ap3000outdoor_v1.yml new file mode 100644 index 000000000..4da838786 --- /dev/null +++ b/group_vars/model_cudy_ap3000outdoor_v1.yml @@ -0,0 +1,19 @@ +--- +target: mediatek/filogic +openwrt_version: snapshot +brand_nice: Cudy +model_nice: AP3000 Outdoor v1 + +int_port: eth0 + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: HE + path: platform/soc/18000000.wifi+1 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HE + path: platform/soc/18000000.wifi + ifname_hint: wlan2 From 3111ea7f771cc86f2910aa6848e2fed4f7812008 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sat, 19 Oct 2024 06:47:28 +0000 Subject: [PATCH 098/254] multiple locations: fix mesh_metric variable name --- locations/ak36.yml | 12 ++++++------ locations/dragonkiez-adlerhalle.yml | 1 - locations/dragonkiez-buero.yml | 1 - locations/dragonkiez-dorfplatz.yml | 1 - locations/dragonkiez-kiezraum.yml | 1 - locations/dragonkiez-rathausblock-miami.yml | 1 - locations/l105.yml | 6 +++--- locations/ohlauer.yml | 2 +- locations/saarbruecker.yml | 6 +++--- locations/strom.yml | 4 ++-- 10 files changed, 15 insertions(+), 20 deletions(-) diff --git a/locations/ak36.yml b/locations/ak36.yml index 9e54feba1..9b4d36879 100644 --- a/locations/ak36.yml +++ b/locations/ak36.yml @@ -80,21 +80,21 @@ mesh_links: ifname: eth1.10 ipv4: 10.31.130.160/32 ipv6: 2001:bf7:750:4001::1/128 - metric: 1024 + mesh_metric: 1024 ptp: true - name: mesh_flughafen ifname: eth1.11 ipv4: 10.31.130.161/32 ipv6: 2001:bf7:750:4001::2/128 - metric: 128 + mesh_metric: 128 ptp: true - name: mesh_dtmb ifname: eth1.12 ipv4: 10.31.130.162/32 ipv6: 2001:bf7:750:4001::3/128 - metric: 1024 + mesh_metric: 1024 ptp: true - name: mesh_bbbvpn @@ -102,21 +102,21 @@ mesh_links: ipv4: 10.31.130.164/32 # the bbb-vpn setup is ipv4-only for now # ipv6: 2001:bf7:750:4001::5/128 - metric: 1024 + mesh_metric: 1024 ptp: true - name: mesh_rhnk ifname: eth1.14 ipv4: 10.31.130.165/32 ipv6: 2001:bf7:750:4001::6/128 - metric: 128 + mesh_metric: 128 ptp: true - name: mesh_teufel ifname: eth1.15 ipv4: 10.31.130.166/32 ipv6: 2001:bf7:750:4001::7/128 - metric: 128 + mesh_metric: 128 ptp: true # OLSR Announce SmartGateway diff --git a/locations/dragonkiez-adlerhalle.yml b/locations/dragonkiez-adlerhalle.yml index f014b97d3..a49dd9a9e 100644 --- a/locations/dragonkiez-adlerhalle.yml +++ b/locations/dragonkiez-adlerhalle.yml @@ -37,7 +37,6 @@ networks: role: mesh prefix: 10.31.34.44/30 ipv6_subprefix: -1 - metric: 1024 ptp: true assignments: dragonkiez-adlerhalle: 1 diff --git a/locations/dragonkiez-buero.yml b/locations/dragonkiez-buero.yml index 6cdd240b2..d0ca43835 100644 --- a/locations/dragonkiez-buero.yml +++ b/locations/dragonkiez-buero.yml @@ -36,7 +36,6 @@ networks: role: mesh prefix: 10.31.23.112/30 ipv6_subprefix: -1 - metric: 1024 ptp: true assignments: dragonkiez-buero: 1 diff --git a/locations/dragonkiez-dorfplatz.yml b/locations/dragonkiez-dorfplatz.yml index 8edc19cde..3ddc8a652 100644 --- a/locations/dragonkiez-dorfplatz.yml +++ b/locations/dragonkiez-dorfplatz.yml @@ -41,7 +41,6 @@ networks: role: mesh prefix: 10.31.28.248/30 ipv6_subprefix: -1 - metric: 1024 ptp: true assignments: dragonkiez-dorfplatz: 1 diff --git a/locations/dragonkiez-kiezraum.yml b/locations/dragonkiez-kiezraum.yml index c291daec4..da4358fbc 100644 --- a/locations/dragonkiez-kiezraum.yml +++ b/locations/dragonkiez-kiezraum.yml @@ -31,7 +31,6 @@ networks: name: mesh_rhxb prefix: 10.31.92.240/32 ipv6_subprefix: -1 - metric: 1024 ptp: true - vid: 40 diff --git a/locations/dragonkiez-rathausblock-miami.yml b/locations/dragonkiez-rathausblock-miami.yml index 132859dde..228a046ce 100644 --- a/locations/dragonkiez-rathausblock-miami.yml +++ b/locations/dragonkiez-rathausblock-miami.yml @@ -45,7 +45,6 @@ networks: role: mesh prefix: 10.31.30.32/30 ipv6_subprefix: -1 - metric: 1024 ptp: true assignments: dragonkiez-rathausblock-miami: 1 diff --git a/locations/l105.yml b/locations/l105.yml index 0e366d1ae..2568dc916 100644 --- a/locations/l105.yml +++ b/locations/l105.yml @@ -61,21 +61,21 @@ mesh_links: ifname: eth1.10 ipv4: 10.31.127.160/32 ipv6: 2001:bf7:750:3f01::1/128 - metric: 128 + mesh_metric: 128 ptp: true # - name: mesh_tu # ifname: eth1.11 # ipv4: 10.31.127.161/32 # ipv6: 2001:bf7:750:3f01::2/128 - # metric: 128 + # mesh_metric: 128 # ptp: true - name: mesh_bbbvpn ifname: eth1.32 ipv4: 10.31.127.162/32 ipv6: 2001:bf7:750:3f01::3/128 - metric: 128 + mesh_metric: 128 ptp: true # Downlink IPv4 is in net announced by emma. diff --git a/locations/ohlauer.yml b/locations/ohlauer.yml index d07c662cf..ffbced55a 100644 --- a/locations/ohlauer.yml +++ b/locations/ohlauer.yml @@ -46,7 +46,7 @@ mesh_links: ifname: lan3.10 ipv4: 10.31.11.96/32 ipv6: 2001:bf7:830:8301::/128 - metric: 128 + mesh_metric: 128 ptp: true # Downlink IPv4 is in net announced by emma. diff --git a/locations/saarbruecker.yml b/locations/saarbruecker.yml index 2af8ea4f9..59d2e5ceb 100644 --- a/locations/saarbruecker.yml +++ b/locations/saarbruecker.yml @@ -52,21 +52,21 @@ mesh_links: ifname: lan0.10 ipv4: 10.31.83.56/32 ipv6: 2001:bf7:760:2200::1/128 - metric: 128 + mesh_metric: 128 ptp: true - name: mesh_sama ifname: lan0.11 ipv4: 10.31.83.57/32 ipv6: 2001:bf7:760:2200::2/128 - metric: 128 + mesh_metric: 128 ptp: true - name: mesh_segen ifname: lan0.12 ipv4: 10.31.83.58/32 ipv6: 2001:bf7:760:2200::3/128 - metric: 128 + mesh_metric: 128 ptp: true # Downlink IPv4 is in net announced by emma. diff --git a/locations/strom.yml b/locations/strom.yml index a10fca8aa..05207f993 100644 --- a/locations/strom.yml +++ b/locations/strom.yml @@ -79,14 +79,14 @@ mesh_links: ifname: eth0.1310 ipv4: 10.31.48.2/32 ipv6: 2001:bf7:750:2a02::/128 - metric: 128 + mesh_metric: 128 # This interface is IPv4 only - name: mesh_bbbvpn ifname: eth0.1312 ipv4: 10.31.48.3/32 # ipv6: 2001:bf7:750:2a03::/128 - metric: 1024 + mesh_metric: 1024 ptp: true - name: mesh_no From d7b6a415ef817232dac134ce640f098954f68df6 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 20 Oct 2024 18:14:40 +0000 Subject: [PATCH 099/254] ohlauer: set speed to correct value --- locations/ohlauer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/ohlauer.yml b/locations/ohlauer.yml index ffbced55a..b0e688be4 100644 --- a/locations/ohlauer.yml +++ b/locations/ohlauer.yml @@ -52,7 +52,7 @@ mesh_links: # Downlink IPv4 is in net announced by emma. # OLSR Announce SmartGateway -sgw: "100000 100000" +sgw: "1000000 1000000" # Tunnel metric 1024 as most internet uplinks will hardly reach 40MBit/s # 2001:bf7:830:8300::/56 is the base prefix From b65c7e60f2b0334f0fe7e8ab6cdd3f5945992a9f Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 20 Oct 2024 18:22:15 +0000 Subject: [PATCH 100/254] w38b: adjust mesh metrics --- locations/w38b.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/locations/w38b.yml b/locations/w38b.yml index cbc96f0c3..38685324e 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -50,8 +50,8 @@ networks: ipv6_subprefix: -10 ptp: true # prefer routing via RHNK over SAMA - mesh_metric: 192 - mesh_metric_lqm: ['default 0.85'] + mesh_metric: 256 + mesh_metric_lqm: ['default 0.8'] # MESH - RHNK - vid: 11 @@ -60,7 +60,7 @@ networks: prefix: 10.31.212.34/32 ipv6_subprefix: -11 ptp: true - mesh_metric: 256 + mesh_metric: 128 # MESH - 5 GHz 802.11s - vid: 20 From 52ca7d64042a21fe6fbd01131d53c9b6683d2249 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 20 Oct 2024 18:23:03 +0000 Subject: [PATCH 101/254] zwingli: adjust mesh metrics --- locations/zwingli.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/locations/zwingli.yml b/locations/zwingli.yml index e5cb648fb..2f398b85a 100644 --- a/locations/zwingli.yml +++ b/locations/zwingli.yml @@ -157,8 +157,8 @@ networks: prefix: 10.31.115.36/32 ipv6_subprefix: -5 # prefer routing via emma over sama to use ohlauer as gateway) - mesh_metric: 192 - mesh_metric_lqm: ['default 0.85'] + mesh_metric: 256 + mesh_metric_lqm: ['default 0.8'] ptp: true - vid: 16 From 0f94751bebc070ebe9acc4650672230016b151f5 Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Sun, 20 Oct 2024 16:35:23 +0200 Subject: [PATCH 102/254] wireless: Default to country 'DE' Signed-off-by: Robert Foss --- DEVELOPER.md | 2 -- group_vars/all/wireless_profiles.yml | 15 --------------- locations/colbe15.yml | 2 -- locations/dragonkiez-buero.yml | 2 -- locations/ekke.yml | 2 -- locations/hts4.yml | 2 -- locations/hway.yml | 3 --- locations/kiehlufer.yml | 3 --- locations/kirchhof.yml | 3 --- locations/koepi.yml | 2 -- locations/muggel.yml | 3 --- locations/newyorck.yml | 2 -- locations/noki.yml | 3 --- locations/q216.yml | 2 -- locations/radbahn.yml | 3 --- locations/rauchhaus.yml | 2 -- locations/stadalbert.yml | 2 -- locations/tempelwg.yml | 2 -- locations/w38b.yml | 3 --- locations/wilgu10.yml | 2 -- .../templates/common/config/wireless.j2 | 2 ++ 21 files changed, 2 insertions(+), 60 deletions(-) diff --git a/DEVELOPER.md b/DEVELOPER.md index 160072827..33b69e20b 100644 --- a/DEVELOPER.md +++ b/DEVELOPER.md @@ -235,10 +235,8 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/group_vars/all/wireless_profiles.yml b/group_vars/all/wireless_profiles.yml index 8bf3fd8ef..319d1558e 100644 --- a/group_vars/all/wireless_profiles.yml +++ b/group_vars/all/wireless_profiles.yml @@ -23,13 +23,10 @@ all__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE - radio: 11a_mesh legacy_rates: false - country: DE ifaces: - mode: mesh @@ -43,13 +40,10 @@ all__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE - radio: 11a_mesh legacy_rates: false - country: DE ifaces: - mode: ap @@ -71,13 +65,10 @@ all__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE - radio: 11a_mesh legacy_rates: false - country: DE ifaces: - mode: ap @@ -106,13 +97,10 @@ all__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE - radio: 11a_mesh legacy_rates: false - country: DE ifaces: - mode: ap @@ -141,13 +129,10 @@ all__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE - radio: 11a_mesh legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/colbe15.yml b/locations/colbe15.yml index e34363cc5..6e6cee521 100644 --- a/locations/colbe15.yml +++ b/locations/colbe15.yml @@ -73,10 +73,8 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/dragonkiez-buero.yml b/locations/dragonkiez-buero.yml index d0ca43835..3739b2803 100644 --- a/locations/dragonkiez-buero.yml +++ b/locations/dragonkiez-buero.yml @@ -56,10 +56,8 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/ekke.yml b/locations/ekke.yml index 465302eec..924dc1b58 100644 --- a/locations/ekke.yml +++ b/locations/ekke.yml @@ -96,10 +96,8 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/hts4.yml b/locations/hts4.yml index 512b764f0..25340c892 100644 --- a/locations/hts4.yml +++ b/locations/hts4.yml @@ -110,10 +110,8 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/hway.yml b/locations/hway.yml index 30478e257..cb38d3efd 100644 --- a/locations/hway.yml +++ b/locations/hway.yml @@ -113,13 +113,10 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE - radio: 11a_mesh legacy_rates: false - country: DE ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/kiehlufer.yml b/locations/kiehlufer.yml index 43f11e23e..e7230fa2c 100644 --- a/locations/kiehlufer.yml +++ b/locations/kiehlufer.yml @@ -208,13 +208,10 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE - radio: 11a_mesh legacy_rates: false - country: DE ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/kirchhof.yml b/locations/kirchhof.yml index 4d2eebfc9..a437b5547 100644 --- a/locations/kirchhof.yml +++ b/locations/kirchhof.yml @@ -123,13 +123,10 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE - radio: 11a_mesh legacy_rates: false - country: DE ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/koepi.yml b/locations/koepi.yml index d4ab95071..787197846 100644 --- a/locations/koepi.yml +++ b/locations/koepi.yml @@ -127,10 +127,8 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/muggel.yml b/locations/muggel.yml index 2f580400a..758fc58de 100644 --- a/locations/muggel.yml +++ b/locations/muggel.yml @@ -91,13 +91,10 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE - radio: 11a_mesh legacy_rates: false - country: DE ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/newyorck.yml b/locations/newyorck.yml index b0039938c..748506a75 100644 --- a/locations/newyorck.yml +++ b/locations/newyorck.yml @@ -157,10 +157,8 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/noki.yml b/locations/noki.yml index 267572379..3088885ce 100644 --- a/locations/noki.yml +++ b/locations/noki.yml @@ -190,13 +190,10 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE - radio: 11a_mesh legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/q216.yml b/locations/q216.yml index 236223cf7..c783d6096 100644 --- a/locations/q216.yml +++ b/locations/q216.yml @@ -115,10 +115,8 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/radbahn.yml b/locations/radbahn.yml index 14c19709c..487d1a751 100644 --- a/locations/radbahn.yml +++ b/locations/radbahn.yml @@ -130,13 +130,10 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE - radio: 11a_mesh legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/rauchhaus.yml b/locations/rauchhaus.yml index abc22e3cb..fff343b8a 100644 --- a/locations/rauchhaus.yml +++ b/locations/rauchhaus.yml @@ -141,10 +141,8 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/stadalbert.yml b/locations/stadalbert.yml index 46966e0ec..a345ce50d 100644 --- a/locations/stadalbert.yml +++ b/locations/stadalbert.yml @@ -136,10 +136,8 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/tempelwg.yml b/locations/tempelwg.yml index 87bedfa5f..08c67c9fb 100644 --- a/locations/tempelwg.yml +++ b/locations/tempelwg.yml @@ -102,11 +102,9 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/w38b.yml b/locations/w38b.yml index 38685324e..d174b9a7d 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -182,13 +182,10 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE - radio: 11a_mesh legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/locations/wilgu10.yml b/locations/wilgu10.yml index 80a05dd08..d0ad18789 100644 --- a/locations/wilgu10.yml +++ b/locations/wilgu10.yml @@ -137,11 +137,9 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard legacy_rates: false - country: DE - radio: 11g_standard legacy_rates: false - country: DE ifaces: - mode: ap diff --git a/roles/cfg_openwrt/templates/common/config/wireless.j2 b/roles/cfg_openwrt/templates/common/config/wireless.j2 index d9303e489..eb91ebf6b 100644 --- a/roles/cfg_openwrt/templates/common/config/wireless.j2 +++ b/roles/cfg_openwrt/templates/common/config/wireless.j2 @@ -46,6 +46,8 @@ config wifi-device '{{ wd_id }}' {% endif %} {% if 'country' in wd_config %} option country '{{ wd_config['country'] }}' + {% else %} + option country 'DE' {% endif %} {% if 'legacy_rates' in wd_config %} option legacy_rates '{{ wd_config['legacy_rates']|int }}' From 85eeef7995054d62c382ee224b05c0153f9aab94 Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Sun, 20 Oct 2024 16:40:45 +0200 Subject: [PATCH 103/254] wireless: Default legacy_rates to '0' Signed-off-by: Robert Foss --- DEVELOPER.md | 2 -- group_vars/all/wireless_profiles.yml | 15 --------------- locations/colbe15.yml | 2 -- locations/dragonkiez-buero.yml | 2 -- locations/ekke.yml | 2 -- locations/hts4.yml | 2 -- locations/hway.yml | 3 --- locations/kiehlufer.yml | 3 --- locations/kirchhof.yml | 3 --- locations/koepi.yml | 2 -- locations/muggel.yml | 3 --- locations/newyorck.yml | 2 -- locations/noki.yml | 3 --- locations/q216.yml | 2 -- locations/radbahn.yml | 3 --- locations/rauchhaus.yml | 2 -- locations/stadalbert.yml | 2 -- locations/tempelwg.yml | 2 -- locations/w38b.yml | 3 --- locations/wilgu10.yml | 2 -- .../templates/common/config/wireless.j2 | 2 ++ 21 files changed, 2 insertions(+), 60 deletions(-) diff --git a/DEVELOPER.md b/DEVELOPER.md index 33b69e20b..d6848c394 100644 --- a/DEVELOPER.md +++ b/DEVELOPER.md @@ -234,9 +234,7 @@ location__wireless_profiles__to_merge: - name: foobar devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false ifaces: - mode: ap diff --git a/group_vars/all/wireless_profiles.yml b/group_vars/all/wireless_profiles.yml index 319d1558e..73562ce5f 100644 --- a/group_vars/all/wireless_profiles.yml +++ b/group_vars/all/wireless_profiles.yml @@ -22,11 +22,8 @@ all__wireless_profiles__to_merge: - name: mesh_only devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false - radio: 11a_mesh - legacy_rates: false ifaces: - mode: mesh @@ -39,11 +36,8 @@ all__wireless_profiles__to_merge: - name: ap_only devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false - radio: 11a_mesh - legacy_rates: false ifaces: - mode: ap @@ -64,11 +58,8 @@ all__wireless_profiles__to_merge: - name: freifunk_default devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false - radio: 11a_mesh - legacy_rates: false ifaces: - mode: ap @@ -96,11 +87,8 @@ all__wireless_profiles__to_merge: - name: freifunk_fw devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false - radio: 11a_mesh - legacy_rates: false ifaces: - mode: ap @@ -128,11 +116,8 @@ all__wireless_profiles__to_merge: - name: freifunk_hacrafu devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false - radio: 11a_mesh - legacy_rates: false ifaces: - mode: ap diff --git a/locations/colbe15.yml b/locations/colbe15.yml index 6e6cee521..0de8f856c 100644 --- a/locations/colbe15.yml +++ b/locations/colbe15.yml @@ -72,9 +72,7 @@ location__wireless_profiles__to_merge: - name: colbe15 devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false ifaces: - mode: ap diff --git a/locations/dragonkiez-buero.yml b/locations/dragonkiez-buero.yml index 3739b2803..a582e5fe1 100644 --- a/locations/dragonkiez-buero.yml +++ b/locations/dragonkiez-buero.yml @@ -55,9 +55,7 @@ location__wireless_profiles__to_merge: - name: dragonkiez_buero devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false ifaces: - mode: ap diff --git a/locations/ekke.yml b/locations/ekke.yml index 924dc1b58..69ee5becf 100644 --- a/locations/ekke.yml +++ b/locations/ekke.yml @@ -95,9 +95,7 @@ location__wireless_profiles__to_merge: - name: ekke devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false ifaces: - mode: ap diff --git a/locations/hts4.yml b/locations/hts4.yml index 25340c892..eeff4933b 100644 --- a/locations/hts4.yml +++ b/locations/hts4.yml @@ -109,9 +109,7 @@ location__wireless_profiles__to_merge: - name: hts4 devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false ifaces: - mode: ap diff --git a/locations/hway.yml b/locations/hway.yml index cb38d3efd..279cb2ced 100644 --- a/locations/hway.yml +++ b/locations/hway.yml @@ -112,11 +112,8 @@ location__wireless_profiles__to_merge: - name: hway devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false - radio: 11a_mesh - legacy_rates: false ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/kiehlufer.yml b/locations/kiehlufer.yml index e7230fa2c..c9ae5152a 100644 --- a/locations/kiehlufer.yml +++ b/locations/kiehlufer.yml @@ -207,11 +207,8 @@ location__wireless_profiles__to_merge: - name: kiehlufer5g devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false - radio: 11a_mesh - legacy_rates: false ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/kirchhof.yml b/locations/kirchhof.yml index a437b5547..881308fef 100644 --- a/locations/kirchhof.yml +++ b/locations/kirchhof.yml @@ -122,11 +122,8 @@ location__wireless_profiles__to_merge: - name: kirchhof devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false - radio: 11a_mesh - legacy_rates: false ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/koepi.yml b/locations/koepi.yml index 787197846..210646219 100644 --- a/locations/koepi.yml +++ b/locations/koepi.yml @@ -126,9 +126,7 @@ location__wireless_profiles__to_merge: - name: koepi devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false ifaces: - mode: ap diff --git a/locations/muggel.yml b/locations/muggel.yml index 758fc58de..c0d1d9ed4 100644 --- a/locations/muggel.yml +++ b/locations/muggel.yml @@ -90,11 +90,8 @@ location__wireless_profiles__to_merge: - name: muggel devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false - radio: 11a_mesh - legacy_rates: false ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/newyorck.yml b/locations/newyorck.yml index 748506a75..8195952c7 100644 --- a/locations/newyorck.yml +++ b/locations/newyorck.yml @@ -156,9 +156,7 @@ location__wireless_profiles__to_merge: devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false ifaces: - mode: ap diff --git a/locations/noki.yml b/locations/noki.yml index 3088885ce..70d97e5c1 100644 --- a/locations/noki.yml +++ b/locations/noki.yml @@ -189,11 +189,8 @@ location__wireless_profiles__to_merge: - name: noki devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false - radio: 11a_mesh - legacy_rates: false ifaces: - mode: ap diff --git a/locations/q216.yml b/locations/q216.yml index c783d6096..7a8f945db 100644 --- a/locations/q216.yml +++ b/locations/q216.yml @@ -114,9 +114,7 @@ location__wireless_profiles__to_merge: - name: q216 devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false ifaces: - mode: ap diff --git a/locations/radbahn.yml b/locations/radbahn.yml index 487d1a751..dd18b5fba 100644 --- a/locations/radbahn.yml +++ b/locations/radbahn.yml @@ -129,11 +129,8 @@ location__wireless_profiles__to_merge: - name: radbahn devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false - radio: 11a_mesh - legacy_rates: false ifaces: - mode: ap diff --git a/locations/rauchhaus.yml b/locations/rauchhaus.yml index fff343b8a..f6b8a2f97 100644 --- a/locations/rauchhaus.yml +++ b/locations/rauchhaus.yml @@ -140,9 +140,7 @@ location__wireless_profiles__to_merge: - name: rauchhaus devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false ifaces: - mode: ap diff --git a/locations/stadalbert.yml b/locations/stadalbert.yml index a345ce50d..b8b943ba4 100644 --- a/locations/stadalbert.yml +++ b/locations/stadalbert.yml @@ -135,9 +135,7 @@ location__wireless_profiles__to_merge: - name: stadalbert devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false ifaces: - mode: ap diff --git a/locations/tempelwg.yml b/locations/tempelwg.yml index 08c67c9fb..c4956771a 100644 --- a/locations/tempelwg.yml +++ b/locations/tempelwg.yml @@ -101,10 +101,8 @@ location__wireless_profiles__to_merge: - name: tempelwg devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false ifaces: - mode: ap diff --git a/locations/w38b.yml b/locations/w38b.yml index d174b9a7d..d358e0f5c 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -181,11 +181,8 @@ location__wireless_profiles__to_merge: - name: w38b devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false - radio: 11a_mesh - legacy_rates: false ifaces: - mode: ap diff --git a/locations/wilgu10.yml b/locations/wilgu10.yml index d0ad18789..6b8041b12 100644 --- a/locations/wilgu10.yml +++ b/locations/wilgu10.yml @@ -136,10 +136,8 @@ location__wireless_profiles__to_merge: - name: wilgu10 devices: - radio: 11a_standard - legacy_rates: false - radio: 11g_standard - legacy_rates: false ifaces: - mode: ap diff --git a/roles/cfg_openwrt/templates/common/config/wireless.j2 b/roles/cfg_openwrt/templates/common/config/wireless.j2 index eb91ebf6b..9f73129af 100644 --- a/roles/cfg_openwrt/templates/common/config/wireless.j2 +++ b/roles/cfg_openwrt/templates/common/config/wireless.j2 @@ -51,6 +51,8 @@ config wifi-device '{{ wd_id }}' {% endif %} {% if 'legacy_rates' in wd_config %} option legacy_rates '{{ wd_config['legacy_rates']|int }}' + {% else %} + option legacy_rates '0' {% endif %} {% if 'disabled' in wd_config %} option disabled '{{ wd_config['disabled']|int }}' From 3aa468b8052d808350754a40223d5d6a8c41b507 Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Sun, 20 Oct 2024 20:23:02 +0200 Subject: [PATCH 104/254] templates: Enable wireless devices / wd_config to be unset Signed-off-by: Robert Foss --- roles/cfg_openwrt/templates/common/config/wireless.j2 | 7 ++++++- roles/cfg_openwrt/templates/common/nftables.conf.j2 | 6 +++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/roles/cfg_openwrt/templates/common/config/wireless.j2 b/roles/cfg_openwrt/templates/common/config/wireless.j2 index 9f73129af..6bcfef057 100644 --- a/roles/cfg_openwrt/templates/common/config/wireless.j2 +++ b/roles/cfg_openwrt/templates/common/config/wireless.j2 @@ -4,8 +4,13 @@ # Wifi Config is derived from wireless profile: '{{ wireless_profile }}' {% for wd in wireless_devices | default([]) %} {% set wd_id = 'radio' + loop.index0|string %} - {% set wd_config = profile['devices'] | selectattr('radio', 'contains', wd['name']) | first %} {% set wd_ifaces = profile['ifaces'] | default([]) | selectattr('radio', 'contains', wd['name']) %} + {% if 'devices' in profile %} + {% set wd_config = profile['devices'] | default([]) | selectattr('radio', 'contains', wd['name']) | first %} + {% else %} + # No config provided, use defaults + {% set wd_config = {} %} + {% endif %} {% set channel_assignments = hostvars[inventory_hostname]['channel_assignments_' + wd['name']] %} {% set channel_assignment = (channel_assignments[inventory_hostname] | default(channel_assignments['default'])).split('-') %} diff --git a/roles/cfg_openwrt/templates/common/nftables.conf.j2 b/roles/cfg_openwrt/templates/common/nftables.conf.j2 index 123e01b47..6e13413a3 100644 --- a/roles/cfg_openwrt/templates/common/nftables.conf.j2 +++ b/roles/cfg_openwrt/templates/common/nftables.conf.j2 @@ -11,8 +11,12 @@ network_ifname_map = #} {% set network_ifname_map = [] %} {% for wd in wireless_devices | default([]) %} - {% set wd_config = profile['devices'] | selectattr('radio', 'contains', wd['name']) | first %} {% set wd_ifaces = profile['ifaces'] | default([]) | selectattr('radio', 'contains', wd['name']) %} + {% if 'devices' in profile %} + {% set wd_config = profile['devices'] | default([]) | selectattr('radio', 'contains', wd['name']) | first %} + {% else %} + {% set wd_config = {} %} + {% endif %} {% set wd_ifaces = profile['ifaces'] | default([]) | selectattr('radio', 'contains', wd['name']) %} {% if not wd_config.get('disabled') %} {% for iface in wd_ifaces %} {% set ifname = wd['ifname_hint'] + '-' + iface['ifname_hint']|default('if' + loop.index0|string) %} From d27ab8c06b6d1fe063b2c2e67c732b413b7ca55f Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Sun, 20 Oct 2024 17:49:56 +0200 Subject: [PATCH 105/254] Remove empty devices: declarations Signed-off-by: Robert Foss --- group_vars/all/wireless_profiles.yml | 25 ------------------------- locations/colbe15.yml | 4 ---- locations/dragonkiez-buero.yml | 4 ---- locations/ekke.yml | 4 ---- locations/hts4.yml | 4 ---- locations/hway.yml | 4 ---- locations/kiehlufer.yml | 4 ---- locations/kirchhof.yml | 4 ---- locations/koepi.yml | 4 ---- locations/muggel.yml | 4 ---- locations/newyorck.yml | 4 ---- locations/noki.yml | 5 ----- locations/q216.yml | 4 ---- locations/radbahn.yml | 5 ----- locations/rauchhaus.yml | 4 ---- locations/stadalbert.yml | 4 ---- locations/tempelwg.yml | 5 ----- locations/w38b.yml | 5 ----- locations/wilgu10.yml | 5 ----- 19 files changed, 102 deletions(-) diff --git a/group_vars/all/wireless_profiles.yml b/group_vars/all/wireless_profiles.yml index 73562ce5f..852ca224a 100644 --- a/group_vars/all/wireless_profiles.yml +++ b/group_vars/all/wireless_profiles.yml @@ -20,11 +20,6 @@ all__wireless_profiles__to_merge: disabled: true - name: mesh_only - devices: - - radio: 11a_standard - - radio: 11g_standard - - radio: 11a_mesh - ifaces: - mode: mesh mesh_id: Mesh-Freifunk-Berlin @@ -34,11 +29,6 @@ all__wireless_profiles__to_merge: ifname_hint: mesh - name: ap_only - devices: - - radio: 11a_standard - - radio: 11g_standard - - radio: 11a_mesh - ifaces: - mode: ap ssid: berlin.freifunk.net @@ -56,11 +46,6 @@ all__wireless_profiles__to_merge: ieee80211w: 1 - name: freifunk_default - devices: - - radio: 11a_standard - - radio: 11g_standard - - radio: 11a_mesh - ifaces: - mode: ap ssid: berlin.freifunk.net @@ -85,11 +70,6 @@ all__wireless_profiles__to_merge: ifname_hint: mesh - name: freifunk_fw - devices: - - radio: 11a_standard - - radio: 11g_standard - - radio: 11a_mesh - ifaces: - mode: ap ssid: fuerstenwalde.freifunk.net @@ -114,11 +94,6 @@ all__wireless_profiles__to_merge: ifname_hint: mesh - name: freifunk_hacrafu - devices: - - radio: 11a_standard - - radio: 11g_standard - - radio: 11a_mesh - ifaces: - mode: ap ssid: freifunk.hacrafu.de diff --git a/locations/colbe15.yml b/locations/colbe15.yml index 0de8f856c..47e3f5c7d 100644 --- a/locations/colbe15.yml +++ b/locations/colbe15.yml @@ -70,10 +70,6 @@ location__channel_assignments_11a_standard__to_merge: location__wireless_profiles__to_merge: - name: colbe15 - devices: - - radio: 11a_standard - - radio: 11g_standard - ifaces: - mode: ap ssid: colbe15.freifunk.net diff --git a/locations/dragonkiez-buero.yml b/locations/dragonkiez-buero.yml index a582e5fe1..9ba3723b0 100644 --- a/locations/dragonkiez-buero.yml +++ b/locations/dragonkiez-buero.yml @@ -53,10 +53,6 @@ networks: location__wireless_profiles__to_merge: - name: dragonkiez_buero - devices: - - radio: 11a_standard - - radio: 11g_standard - ifaces: - mode: ap ssid: kiezraum2.berlin.freifunk.net diff --git a/locations/ekke.yml b/locations/ekke.yml index 69ee5becf..2c48ca81b 100644 --- a/locations/ekke.yml +++ b/locations/ekke.yml @@ -93,10 +93,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: ekke - devices: - - radio: 11a_standard - - radio: 11g_standard - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/hts4.yml b/locations/hts4.yml index eeff4933b..2fa578111 100644 --- a/locations/hts4.yml +++ b/locations/hts4.yml @@ -107,10 +107,6 @@ location__channel_assignments_11g_standard__to_merge: # Wireless profile location__wireless_profiles__to_merge: - name: hts4 - devices: - - radio: 11a_standard - - radio: 11g_standard - ifaces: - mode: ap ssid: Ferienwohnung diff --git a/locations/hway.yml b/locations/hway.yml index 279cb2ced..650122aae 100644 --- a/locations/hway.yml +++ b/locations/hway.yml @@ -110,10 +110,6 @@ location__channel_assignments_11b_standard__to_merge: location__wireless_profiles__to_merge: - name: hway - devices: - - radio: 11a_standard - - radio: 11g_standard - - radio: 11a_mesh ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/kiehlufer.yml b/locations/kiehlufer.yml index c9ae5152a..28d530855 100644 --- a/locations/kiehlufer.yml +++ b/locations/kiehlufer.yml @@ -205,10 +205,6 @@ location__channel_assignments_11a_standard__to_merge: location__wireless_profiles__to_merge: - name: kiehlufer5g - devices: - - radio: 11a_standard - - radio: 11g_standard - - radio: 11a_mesh ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/kirchhof.yml b/locations/kirchhof.yml index 881308fef..0d5dbf2aa 100644 --- a/locations/kirchhof.yml +++ b/locations/kirchhof.yml @@ -120,10 +120,6 @@ location__channel_assignments_11b_standard__to_merge: location__wireless_profiles__to_merge: - name: kirchhof - devices: - - radio: 11a_standard - - radio: 11g_standard - - radio: 11a_mesh ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/koepi.yml b/locations/koepi.yml index 210646219..7e482dbbe 100644 --- a/locations/koepi.yml +++ b/locations/koepi.yml @@ -124,10 +124,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: koepi - devices: - - radio: 11a_standard - - radio: 11g_standard - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/muggel.yml b/locations/muggel.yml index c0d1d9ed4..e51666c69 100644 --- a/locations/muggel.yml +++ b/locations/muggel.yml @@ -88,10 +88,6 @@ location__disabled_services__to_merge: # For roaming between multiple APs, consider setting 80211w to optional (1). location__wireless_profiles__to_merge: - name: muggel - devices: - - radio: 11a_standard - - radio: 11g_standard - - radio: 11a_mesh ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/newyorck.yml b/locations/newyorck.yml index 8195952c7..dd61b8c27 100644 --- a/locations/newyorck.yml +++ b/locations/newyorck.yml @@ -154,10 +154,6 @@ location__wireless_profiles__to_merge: - name: newyorck - devices: - - radio: 11a_standard - - radio: 11g_standard - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/noki.yml b/locations/noki.yml index 70d97e5c1..2bca0d26b 100644 --- a/locations/noki.yml +++ b/locations/noki.yml @@ -187,11 +187,6 @@ location__channel_assignments_11g_standard__to_merge: # Wireless profile location__wireless_profiles__to_merge: - name: noki - devices: - - radio: 11a_standard - - radio: 11g_standard - - radio: 11a_mesh - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/q216.yml b/locations/q216.yml index 7a8f945db..06ffa1744 100644 --- a/locations/q216.yml +++ b/locations/q216.yml @@ -112,10 +112,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: q216 - devices: - - radio: 11a_standard - - radio: 11g_standard - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/radbahn.yml b/locations/radbahn.yml index dd18b5fba..c7b828235 100644 --- a/locations/radbahn.yml +++ b/locations/radbahn.yml @@ -127,11 +127,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: radbahn - devices: - - radio: 11a_standard - - radio: 11g_standard - - radio: 11a_mesh - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/rauchhaus.yml b/locations/rauchhaus.yml index f6b8a2f97..1054d3da3 100644 --- a/locations/rauchhaus.yml +++ b/locations/rauchhaus.yml @@ -138,10 +138,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: rauchhaus - devices: - - radio: 11a_standard - - radio: 11g_standard - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/stadalbert.yml b/locations/stadalbert.yml index b8b943ba4..623e283af 100644 --- a/locations/stadalbert.yml +++ b/locations/stadalbert.yml @@ -133,10 +133,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: stadalbert - devices: - - radio: 11a_standard - - radio: 11g_standard - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/tempelwg.yml b/locations/tempelwg.yml index c4956771a..bfbc6f16b 100644 --- a/locations/tempelwg.yml +++ b/locations/tempelwg.yml @@ -99,11 +99,6 @@ location__channel_assignments_11a_standard__to_merge: location__wireless_profiles__to_merge: - name: tempelwg - devices: - - radio: 11a_standard - - - radio: 11g_standard - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/w38b.yml b/locations/w38b.yml index d358e0f5c..835812696 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -179,11 +179,6 @@ location__channel_assignments_11g_standard__to_merge: # Wireless profile location__wireless_profiles__to_merge: - name: w38b - devices: - - radio: 11a_standard - - radio: 11g_standard - - radio: 11a_mesh - ifaces: - mode: ap ssid: berlin.freifunk.net diff --git a/locations/wilgu10.yml b/locations/wilgu10.yml index 6b8041b12..d3f9643fd 100644 --- a/locations/wilgu10.yml +++ b/locations/wilgu10.yml @@ -134,11 +134,6 @@ location__channel_assignments_11g_standard__to_merge: location__wireless_profiles__to_merge: - name: wilgu10 - devices: - - radio: 11a_standard - - - radio: 11g_standard - ifaces: - mode: ap ssid: berlin.freifunk.net From dadacfdaefae0ac84d26c50da41c5655e3e9ac74 Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Sun, 20 Oct 2024 17:51:46 +0200 Subject: [PATCH 106/254] DEVELOPER.md: Add example radio options Signed-off-by: Robert Foss --- DEVELOPER.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/DEVELOPER.md b/DEVELOPER.md index d6848c394..2cff3c18d 100644 --- a/DEVELOPER.md +++ b/DEVELOPER.md @@ -233,8 +233,12 @@ location__wireless_profiles__to_merge: - name: foobar devices: - - radio: 11a_standard - radio: 11g_standard + - radio: 11a_mesh + - radio: 11a_standard + disabled: false # Enable radio (default) + legacy_rates: false # Disable lower bandwith rates (default) + country: 'DE' # Set German country code for radio compliance (default) ifaces: - mode: ap From fe0cb24e3421cfebf6d3258718ba546eb7678145 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 22 Oct 2024 07:28:05 +0000 Subject: [PATCH 107/254] w38b: fix OWE for windows devices --- locations/w38b.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/w38b.yml b/locations/w38b.yml index 835812696..e70bf073b 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -196,7 +196,7 @@ location__wireless_profiles__to_merge: radio: [11a_standard, 11g_standard] ifname_hint: ffowe owe_transition_ifname_hint: ff - ieee80211w: 1 + ieee80211w: 2 - mode: ap ssid: w38b-home From 902c8fb5a30af6514288780296001503904284d6 Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Tue, 22 Oct 2024 11:21:43 +0200 Subject: [PATCH 108/254] wireless: Revert whitespace change in previous template change Signed-off-by: Robert Foss --- roles/cfg_openwrt/templates/common/config/wireless.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/common/config/wireless.j2 b/roles/cfg_openwrt/templates/common/config/wireless.j2 index 6bcfef057..4333cd4b4 100644 --- a/roles/cfg_openwrt/templates/common/config/wireless.j2 +++ b/roles/cfg_openwrt/templates/common/config/wireless.j2 @@ -57,7 +57,7 @@ config wifi-device '{{ wd_id }}' {% if 'legacy_rates' in wd_config %} option legacy_rates '{{ wd_config['legacy_rates']|int }}' {% else %} - option legacy_rates '0' + option legacy_rates '0' {% endif %} {% if 'disabled' in wd_config %} option disabled '{{ wd_config['disabled']|int }}' From daafb0bc775893e4f1578a96ec795c11d5311437 Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Tue, 22 Oct 2024 13:28:06 +0200 Subject: [PATCH 109/254] wireless: Remove "No config provided" comment Signed-off-by: Robert Foss --- roles/cfg_openwrt/templates/common/config/wireless.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/common/config/wireless.j2 b/roles/cfg_openwrt/templates/common/config/wireless.j2 index 4333cd4b4..ae9485ec3 100644 --- a/roles/cfg_openwrt/templates/common/config/wireless.j2 +++ b/roles/cfg_openwrt/templates/common/config/wireless.j2 @@ -8,7 +8,6 @@ {% if 'devices' in profile %} {% set wd_config = profile['devices'] | default([]) | selectattr('radio', 'contains', wd['name']) | first %} {% else %} - # No config provided, use defaults {% set wd_config = {} %} {% endif %} From 77504e8867e0a6f8ec2edd59b7574ae88975535e Mon Sep 17 00:00:00 2001 From: Robert Foss Date: Tue, 22 Oct 2024 14:40:51 +0200 Subject: [PATCH 110/254] nftables: Fix syntax formatting Signed-off-by: Robert Foss --- roles/cfg_openwrt/templates/common/nftables.conf.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/common/nftables.conf.j2 b/roles/cfg_openwrt/templates/common/nftables.conf.j2 index 6e13413a3..eae9cb6a8 100644 --- a/roles/cfg_openwrt/templates/common/nftables.conf.j2 +++ b/roles/cfg_openwrt/templates/common/nftables.conf.j2 @@ -16,7 +16,8 @@ network_ifname_map = {% set wd_config = profile['devices'] | default([]) | selectattr('radio', 'contains', wd['name']) | first %} {% else %} {% set wd_config = {} %} - {% endif %} {% set wd_ifaces = profile['ifaces'] | default([]) | selectattr('radio', 'contains', wd['name']) %} + {% endif %} + {% set wd_ifaces = profile['ifaces'] | default([]) | selectattr('radio', 'contains', wd['name']) %} {% if not wd_config.get('disabled') %} {% for iface in wd_ifaces %} {% set ifname = wd['ifname_hint'] + '-' + iface['ifname_hint']|default('if' + loop.index0|string) %} From 42a1cf9e3fd4ae5a39a2987415838399c55840b0 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 22 Oct 2024 00:15:10 +0200 Subject: [PATCH 111/254] treewide: remove mt76 debugging (Except on radbahn-w-nf and radbahn-o-nf.) --- locations/huette.yml | 3 --- locations/hway.yml | 3 --- locations/kiehlufer.yml | 4 ---- locations/kub.yml | 4 ---- locations/suedblock.yml | 4 ---- 5 files changed, 18 deletions(-) diff --git a/locations/huette.yml b/locations/huette.yml index d93cbc9d6..7b303d5a5 100644 --- a/locations/huette.yml +++ b/locations/huette.yml @@ -17,10 +17,7 @@ hosts: model: "zyxel_nwa55axe" wireless_profile: freifunk_default openwrt_version: snapshot - # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst log_size: 1024 - host__rclocal__to_merge: - - 'echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm' ssl__packages__to_merge: [] ipv6_prefix: '2001:bf7:830:2600::/56' diff --git a/locations/hway.yml b/locations/hway.yml index 650122aae..035829c44 100644 --- a/locations/hway.yml +++ b/locations/hway.yml @@ -41,9 +41,6 @@ hosts: model: zyxel_nwa50ax openwrt_version: snapshot log_size: 1024 - # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst - host__rclocal__to_merge: - - "echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm" ssl__packages__to_merge: [] snmp_devices: diff --git a/locations/kiehlufer.yml b/locations/kiehlufer.yml index 28d530855..4950e1003 100644 --- a/locations/kiehlufer.yml +++ b/locations/kiehlufer.yml @@ -31,7 +31,6 @@ hosts: model: "cudy_x6-v1" wireless_profile: freifunk_default openwrt_version: snapshot - # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst log_size: 1024 ssl__packages__to_merge: [] @@ -40,10 +39,7 @@ hosts: model: "zyxel_nwa55axe" wireless_profile: kiehlufer5g openwrt_version: snapshot - # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst log_size: 1024 - host__rclocal__to_merge: - - "echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm" ssl__packages__to_merge: [] - hostname: kiehlufer-nf-wbp1 diff --git a/locations/kub.yml b/locations/kub.yml index 2b2e1afd9..e91539e05 100644 --- a/locations/kub.yml +++ b/locations/kub.yml @@ -20,12 +20,8 @@ hosts: role: ap model: "cudy_x6-v1" openwrt_version: snapshot - # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst log_size: 1024 host__rclocal__to_merge: - - 'echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm' - - 'echo 1 > /sys/kernel/debug/ieee80211/phy1/mt76/fw_debug_wm' - - '' - '#' - '# This script adjusts the configuration of vlans. This is especially' - '# useful with uswflex and custom port configs' diff --git a/locations/suedblock.yml b/locations/suedblock.yml index 8e1675666..7df25874c 100644 --- a/locations/suedblock.yml +++ b/locations/suedblock.yml @@ -20,11 +20,7 @@ hosts: wireless_profile: freifunk_default dhcp_no_ping: false openwrt_version: snapshot - # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst log_size: 1024 - host__rclocal__to_merge: - - 'echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm' - - 'echo 1 > /sys/kernel/debug/ieee80211/phy1/mt76/fw_debug_wm' ssl__packages__to_merge: [] # 10.248.13.0/24 From 93da66e9160bfe6204f3d6bc5c8266e6b434c4e7 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 22 Oct 2024 03:27:52 +0200 Subject: [PATCH 112/254] radbahn: do snapshot and mbedtls on core too --- locations/radbahn.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/locations/radbahn.yml b/locations/radbahn.yml index c7b828235..d31a5138c 100644 --- a/locations/radbahn.yml +++ b/locations/radbahn.yml @@ -13,6 +13,8 @@ hosts: - hostname: radbahn-core role: corerouter model: ubnt_usw-flex + openwrt_version: snapshot + ssl__packages__to_merge: [] - hostname: radbahn-o-nf role: ap From 012322121f0943da41692498a7109306176a664c Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 22 Oct 2024 19:51:55 +0000 Subject: [PATCH 113/254] c-base: fix nf mesh --- locations/c-base.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/locations/c-base.yml b/locations/c-base.yml index ef81438fe..7be7ddc30 100644 --- a/locations/c-base.yml +++ b/locations/c-base.yml @@ -63,12 +63,18 @@ networks: name: mesh_nf1 prefix: 10.31.134.113/32 ipv6_subprefix: -20 + mesh_ap: c-base-nf-1 + mesh_radio: 11a_standard + mesh_iface: mesh - vid: 21 role: mesh name: mesh_nf2 prefix: 10.31.134.114/32 ipv6_subprefix: -21 + mesh_ap: c-base-nf-2 + mesh_radio: 11a_standard + mesh_iface: mesh - vid: 40 role: dhcp From b6d283eb478545830f2ab6b170c7984976ead055 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 22 Oct 2024 07:23:44 +0000 Subject: [PATCH 114/254] l105: set bbb-vpn mesh metric to be idendical to ak36-gw and strom-gw --- locations/l105.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/l105.yml b/locations/l105.yml index 2568dc916..d4e36a8dd 100644 --- a/locations/l105.yml +++ b/locations/l105.yml @@ -75,7 +75,7 @@ mesh_links: ifname: eth1.32 ipv4: 10.31.127.162/32 ipv6: 2001:bf7:750:3f01::3/128 - mesh_metric: 128 + mesh_metric: 1024 ptp: true # Downlink IPv4 is in net announced by emma. From 115b0f9d289ba6ce10f5a2c028b00d0f4cfe5359 Mon Sep 17 00:00:00 2001 From: noxil Date: Wed, 23 Oct 2024 12:31:50 +0200 Subject: [PATCH 115/254] newyorck: add additional ap --- locations/newyorck.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/locations/newyorck.yml b/locations/newyorck.yml index dd61b8c27..c0a8d2aea 100644 --- a/locations/newyorck.yml +++ b/locations/newyorck.yml @@ -26,6 +26,7 @@ hosts: - hostname: newyorck-ap-1e - hostname: newyorck-ap-1f - hostname: newyorck-ap-1g + - hostname: newyorck-ap-1h - hostname: newyorck-ap-2a - hostname: newyorck-ap-2b - hostname: newyorck-ap-2c @@ -97,6 +98,7 @@ networks: newyorck-ap-1e: 9 newyorck-ap-1f: 10 newyorck-ap-1g: 11 + newyorck-ap-1h: 18 newyorck-ap-2a: 12 newyorck-ap-2b: 13 newyorck-ap-2c: 14 @@ -128,6 +130,7 @@ location__channel_assignments_11a_standard__to_merge: newyorck-ap-1e: 36-20 newyorck-ap-1f: 44-20 newyorck-ap-1g: 48-20 + newyorck-ap-1h: 36-20 newyorck-ap-2a: 48-20 newyorck-ap-2b: 44-20 newyorck-ap-2c: 36-20 @@ -143,6 +146,7 @@ location__channel_assignments_11g_standard__to_merge: newyorck-ap-1e: 1-20 newyorck-ap-1f: 11-20 newyorck-ap-1g: 6-20 + newyorck-ap-1h: 1-20 newyorck-ap-2a: 6-20 newyorck-ap-2b: 11-20 newyorck-ap-2c: 1-20 From bcbb2b185aa0da8eb77eb9dc837aa1c4e851c1ba Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Wed, 23 Oct 2024 13:26:07 +0000 Subject: [PATCH 116/254] walde: enable mesh at core --- locations/walde.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/locations/walde.yml b/locations/walde.yml index 57d16df97..3fb80683e 100644 --- a/locations/walde.yml +++ b/locations/walde.yml @@ -28,12 +28,33 @@ ipv6_prefix: "2001:bf7:830:b00::/56" # --MESH: 10.31.92.16/28 networks: + # MESH - emma - vid: 10 role: mesh name: mesh_emma prefix: 10.31.92.16/32 ipv6_subprefix: -1 + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.92.17/32 + ipv6_subprefix: -20 + mesh_ap: walde-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.92.18/32 + ipv6_subprefix: -21 + mesh_ap: walde-core + mesh_radio: 11g_standard + mesh_iface: mesh + - vid: 40 role: dhcp inbound_filtering: true From 0e8b990c865fde6a0bc8a69f4751be0d1377231b Mon Sep 17 00:00:00 2001 From: Ffhener Date: Wed, 23 Oct 2024 19:47:06 +0200 Subject: [PATCH 117/254] emma: remove emma-ono-5ghz It is no longer installed in favour of 60GHz at the window --- locations/emma.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/locations/emma.yml b/locations/emma.yml index 04e658da8..582de80db 100644 --- a/locations/emma.yml +++ b/locations/emma.yml @@ -48,10 +48,6 @@ snmp_devices: address: 10.31.11.20 snmp_profile: airos_8 - - hostname: emma-ono-5ghz - address: 10.31.11.21 - snmp_profile: airos_8 - - hostname: emma-wsw-5ghz address: 10.31.11.22 snmp_profile: airos_8 @@ -83,11 +79,6 @@ airos_dfs_reset: username: "ubnt" password: "/root/pwd.txt" daytime_limit: "2-7" - - name: "emma-ono-5ghz" - target: "10.31.11.21" - username: "ubnt" - password: "/root/pwd.txt" - daytime_limit: "2-7" - name: "emma-wsw-5ghz" target: "10.31.11.22" username: "ubnt" @@ -144,7 +135,6 @@ networks: # Airos 8, 5 GHz emma-oso-5ghz: 19 # Fenster 8, 20 MHz, center frequency 5580 MHz emma-nno-5ghz: 20 # Fenster 6, 20 MHz, center frequency 5600 MHz - emma-ono-5ghz: 21 # Fenster 7, 40 MHz, center frequency 5510 MHz emma-wsw-5ghz: 22 # Fenster 3, 20 MHz, center frequency 5620 MHz emma-wnw-5ghz: 23 # Fenster 4, 40 MHz, center frequency 5550 MHz emma-nnw-5ghz: 24 # Fenster 5, 20 MHz, center frequency 5700 MHz From 804a2278d5742b79ef6551690e35d5942e96689f Mon Sep 17 00:00:00 2001 From: Ffhener Date: Wed, 23 Oct 2024 19:47:58 +0200 Subject: [PATCH 118/254] emma: formatting of config file --- locations/emma.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/locations/emma.yml b/locations/emma.yml index 582de80db..143d2d476 100644 --- a/locations/emma.yml +++ b/locations/emma.yml @@ -74,26 +74,31 @@ airos_dfs_reset: username: "ubnt" password: "/root/pwd.txt" daytime_limit: "2-7" + - name: "emma-nno-5ghz" target: "10.31.11.20" username: "ubnt" password: "/root/pwd.txt" daytime_limit: "2-7" + - name: "emma-wsw-5ghz" target: "10.31.11.22" username: "ubnt" password: "/root/pwd.txt" daytime_limit: "2-7" + - name: "emma-wnw-5ghz" target: "10.31.11.23" username: "ubnt" password: "/root/pwd.txt" daytime_limit: "2-7" + - name: "emma-nnw-5ghz" target: "10.31.11.24" username: "ubnt" password: "/root/pwd.txt" daytime_limit: "2-7" + - name: "emma-sso-5ghz" target: "10.31.11.25" username: "ubnt" From b2c57416de0b95e01c72231b83077d73b427baf7 Mon Sep 17 00:00:00 2001 From: Ffhener Date: Thu, 24 Oct 2024 02:23:08 +0200 Subject: [PATCH 119/254] walde: fix ip in snmp_section for walde-emma Note: The mgmt-IP is currently set to 192.168.x.x --- locations/walde.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/walde.yml b/locations/walde.yml index 3fb80683e..098577237 100644 --- a/locations/walde.yml +++ b/locations/walde.yml @@ -16,7 +16,7 @@ hosts: snmp_devices: - hostname: walde-emma - address: 10.31.92.1 + address: 10.31.92.2 snmp_profile: airos_8 From 5f5cce2ffc2e139d7eff1b6c3b77ee8a5fed9e5c Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Thu, 24 Oct 2024 04:25:41 +0000 Subject: [PATCH 120/254] w38b: make ap1 freifunk_default --- locations/w38b.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/w38b.yml b/locations/w38b.yml index e70bf073b..fa1923f31 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -15,7 +15,7 @@ hosts: - hostname: w38b-ap1 role: ap model: "dlink_covr-x1860-a1" - wireless_profile: w38b + wireless_profile: freifunk_default mac_override: {eth0: 0c:0e:76:cf:2e:3a} snmp_devices: From 4f29940033b215b37042f0eef43286b64bec6011 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 22 Oct 2024 21:26:38 +0200 Subject: [PATCH 121/254] imageprofile: return to MbedTLS, it now supports everything we need --- group_vars/all/imageprofile.yml | 9 --------- group_vars/target_ipq40xx_generic | 16 ---------------- 2 files changed, 25 deletions(-) diff --git a/group_vars/all/imageprofile.yml b/group_vars/all/imageprofile.yml index daa20595e..d237ff5b2 100644 --- a/group_vars/all/imageprofile.yml +++ b/group_vars/all/imageprofile.yml @@ -27,15 +27,6 @@ all__packages__to_merge: - -ppp - -ppp-mod-pppoe -ssl__packages__to_merge: - - -wpad-basic - - -wpad-basic-mbedtls - - -wpad-basic-wolfssl - - -libustream-mbedtls - - libustream-wolfssl - - hostapd-wolfssl - - px5g-wolfssl - all_luci_base__packages__to_merge: - libiwinfo-lua - luci-mod-admin-full diff --git a/group_vars/target_ipq40xx_generic b/group_vars/target_ipq40xx_generic index 4c3ab9e85..95112bcfa 100644 --- a/group_vars/target_ipq40xx_generic +++ b/group_vars/target_ipq40xx_generic @@ -1,21 +1,5 @@ --- -target__packages__to_merge: - # Work around ipq40xx ethernet instabilities - - naywatch - # Use OpenSSL because WolfSSL and MbedTLS are broken on ipq40xx - - -wpad-basic - - -wpad-basic-mbedtls - - -wpad-basic-wolfssl - - -hostapd-wolfssl - - -hostapd-mbedtls - - -libustream-mbedtls - - -libustream-wolfssl - - -px5g-mbedtls - - -px5g-wolfssl - - libustream-openssl - - hostapd-openssl - multicore: true sysfs_overrides: From 50698873b8566bdb399db7649f046682221461dd Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 22 Oct 2024 21:26:53 +0200 Subject: [PATCH 122/254] treewide: remove ssl packages overrides --- locations/huette.yml | 1 - locations/hway.yml | 1 - locations/kiehlufer.yml | 2 -- locations/kub.yml | 1 - locations/radbahn.yml | 3 --- locations/suedblock.yml | 1 - 6 files changed, 9 deletions(-) diff --git a/locations/huette.yml b/locations/huette.yml index 7b303d5a5..b9c79da0d 100644 --- a/locations/huette.yml +++ b/locations/huette.yml @@ -18,7 +18,6 @@ hosts: wireless_profile: freifunk_default openwrt_version: snapshot log_size: 1024 - ssl__packages__to_merge: [] ipv6_prefix: '2001:bf7:830:2600::/56' diff --git a/locations/hway.yml b/locations/hway.yml index 035829c44..3f773145b 100644 --- a/locations/hway.yml +++ b/locations/hway.yml @@ -41,7 +41,6 @@ hosts: model: zyxel_nwa50ax openwrt_version: snapshot log_size: 1024 - ssl__packages__to_merge: [] snmp_devices: diff --git a/locations/kiehlufer.yml b/locations/kiehlufer.yml index 4950e1003..e66f1117a 100644 --- a/locations/kiehlufer.yml +++ b/locations/kiehlufer.yml @@ -32,7 +32,6 @@ hosts: wireless_profile: freifunk_default openwrt_version: snapshot log_size: 1024 - ssl__packages__to_merge: [] - hostname: kiehlufer-huette role: ap @@ -40,7 +39,6 @@ hosts: wireless_profile: kiehlufer5g openwrt_version: snapshot log_size: 1024 - ssl__packages__to_merge: [] - hostname: kiehlufer-nf-wbp1 role: ap diff --git a/locations/kub.yml b/locations/kub.yml index e91539e05..9f0909f08 100644 --- a/locations/kub.yml +++ b/locations/kub.yml @@ -69,7 +69,6 @@ hosts: - 'uci commit network' - 'sync' - 'reload_config' - ssl__packages__to_merge: [] snmp_devices: - hostname: kub-simeon diff --git a/locations/radbahn.yml b/locations/radbahn.yml index d31a5138c..b0da7f9c2 100644 --- a/locations/radbahn.yml +++ b/locations/radbahn.yml @@ -14,7 +14,6 @@ hosts: role: corerouter model: ubnt_usw-flex openwrt_version: snapshot - ssl__packages__to_merge: [] - hostname: radbahn-o-nf role: ap @@ -26,7 +25,6 @@ hosts: host__rclocal__to_merge: - 'echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm' - 'echo 1 > /sys/kernel/debug/ieee80211/phy1/mt76/fw_debug_wm' - ssl__packages__to_merge: [] - hostname: radbahn-w-nf role: ap @@ -38,7 +36,6 @@ hosts: host__rclocal__to_merge: - 'echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm' - 'echo 1 > /sys/kernel/debug/ieee80211/phy1/mt76/fw_debug_wm' - ssl__packages__to_merge: [] snmp_devices: diff --git a/locations/suedblock.yml b/locations/suedblock.yml index 7df25874c..ed0ae61ee 100644 --- a/locations/suedblock.yml +++ b/locations/suedblock.yml @@ -21,7 +21,6 @@ hosts: dhcp_no_ping: false openwrt_version: snapshot log_size: 1024 - ssl__packages__to_merge: [] # 10.248.13.0/24 # 10.248.13.0/29 - mgmt From 15707a59da416643832b36f16dfe6cdbdd10942c Mon Sep 17 00:00:00 2001 From: Ffhener Date: Fri, 25 Oct 2024 12:27:53 +0200 Subject: [PATCH 123/254] collectd: only load iwinfo plugin on non low_mem or _flash devices This fixes #1030 --- .../cfg_openwrt/templates/common/collectd/conf.d/basic.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/common/collectd/conf.d/basic.conf.j2 b/roles/cfg_openwrt/templates/common/collectd/conf.d/basic.conf.j2 index 454977b8f..6631deb2d 100644 --- a/roles/cfg_openwrt/templates/common/collectd/conf.d/basic.conf.j2 +++ b/roles/cfg_openwrt/templates/common/collectd/conf.d/basic.conf.j2 @@ -33,7 +33,7 @@ LoadPlugin olsrd {% endif %} -{% if wireless_devices is defined and wireless_profile != 'disable' %} +{% if wireless_devices is defined and wireless_profile != 'disable' and low_mem is not true | default (true) and low_flash is not true | default (true) %} LoadPlugin iwinfo {% endif %} From bcb55a8cc054b11bba25f13372217a7c70da0dbe Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Fri, 25 Oct 2024 17:11:40 +0000 Subject: [PATCH 124/254] gruni73, fardf: improve documentation of watchdogs --- locations/fardf.yml | 5 ++++- locations/gruni73.yml | 9 ++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/locations/fardf.yml b/locations/fardf.yml index 85a95980d..fa5a10d52 100644 --- a/locations/fardf.yml +++ b/locations/fardf.yml @@ -179,7 +179,10 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - fardf-core: 1 # 10.248.11.129 (10m PoE watchdog) + fardf-core: 1 # 10.248.11.129 - switch has a watchdog (10m) active for this device + # There are ping watchdogs setup at the switch that will trigger a power cycle for the devices if they become unreachable. + # The time for the watchdogs needs to be quite high so the devices can still be flashed without the need to deactivate the + # watchdogs prior to flashing. fardf-switch: 2 # 10.248.11.130 fardf-bht: 3 # 10.248.11.131 fardf-maerkisches: 4 # 10.248.11.132 diff --git a/locations/gruni73.yml b/locations/gruni73.yml index 194f64b87..2cba1bde4 100644 --- a/locations/gruni73.yml +++ b/locations/gruni73.yml @@ -54,14 +54,17 @@ networks: ipv6_subprefix: 1 assignments: gruni73-core: 1 + # There are ping watchdogs setup at the switch that will trigger a power cycle for the devices if they become unreachable. + # The time for the watchdogs needs to be quite high so the devices can still be flashed without the need to deactivate the + # watchdogs prior to flashing. gruni73-switch: 2 # 5ghz uplink gruni73-sama: 5 gruni73-zwingli: 6 # local nearfield aps 5ghz - gruni73-nf-o-5ghz: 13 # 10m PoE watchdog active for this device due to instability - gruni73-nf-s-5ghz: 14 # 10m PoE watchdog active for this device due to instability - gruni73-nf-w-5ghz: 15 # 10m PoE watchdog active for this device due to instability + gruni73-nf-o-5ghz: 13 # switch has a watchdog (10m) active for this device due to instability + gruni73-nf-s-5ghz: 14 # switch has a watchdog (10m) active for this device due to instability + gruni73-nf-w-5ghz: 15 # switch has a watchdog (10m) active for this device due to instability - vid: 40 role: dhcp From 13f574b5f61050fd039bf2b40dff89edc94992f0 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Fri, 25 Oct 2024 12:24:09 +0000 Subject: [PATCH 125/254] zwingli: device was changed --- locations/zwingli.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/locations/zwingli.yml b/locations/zwingli.yml index 2f398b85a..4c4831b5f 100644 --- a/locations/zwingli.yml +++ b/locations/zwingli.yml @@ -29,7 +29,8 @@ hosts: - hostname: zwingli-nno-nf-5ghz role: ap - model: ubnt_nanostation-m5_xm + model: mikrotik_sxtsq-5-ac + mac_override: {eth0: dc:2c:6e:c4:39:03} wifi_roaming: true - hostname: zwingli-nord-nf-5ghz From 867263fb7662f092b1d4686447f3308b9ef32bcb Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sat, 26 Oct 2024 11:48:47 +0000 Subject: [PATCH 126/254] w38b: add network --- locations/w38b.yml | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/locations/w38b.yml b/locations/w38b.yml index fa1923f31..3477c2879 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -34,9 +34,10 @@ ipv6_prefix: '2001:bf7:830:bc00::/56' # --MGMT: 10.31.212.0/27 # --MESH: 10.31.212.32/27 # --UPLK: 10.31.212.64/27 -# --DHCP: 10.31.212.96/27 (HOST) -# --DHCP: 10.31.212.128/26 -# --DHCP: 10.31.212.192/26 (PRIVATE) +# --DHCP: 10.31.212.96/28 (HOST) +# --DHCP: 10.31.212.112/28 (PRIVATE-2) +# --DHCP: 10.31.212.128/26 (FF) +# --DHCP: 10.31.212.192/26 (PRIVATE-1) # Disable noping dhcp_no_ping: false @@ -133,15 +134,15 @@ networks: - vid: 41 role: dhcp name: host - prefix: 10.31.212.96/27 + prefix: 10.31.212.96/28 ipv6_subprefix: 2 assignments: w38b-core: 1 - # DHCP (PRIVATE) + # DHCP (HOME / PRIVATE-1) - vid: 43 role: dhcp - name: private + name: private_1 inbound_filtering: true prefix: 10.31.212.192/26 ipv6_subprefix: 3 @@ -152,6 +153,17 @@ networks: w38b-ds: 4 # 10.31.212.196 w38b-printer: 5 # 10.31.212.197 + # DHCP (IN / PRIVATE-2) + - vid: 44 + role: dhcp + name: private_2 + inbound_filtering: true + prefix: 10.31.212.112/28 + ipv6_subprefix: 3 + assignments: + w38b-core: 1 # 10.31.212.113 + w38b-ds: 2 # 10.31.212.114 + # MGMT - vid: 434 role: mgmt @@ -201,11 +213,19 @@ location__wireless_profiles__to_merge: - mode: ap ssid: w38b-home encryption: sae-mixed - key: 'file:/root/wifi-pwd' - network: private + key: 'file:/root/wifi-pwd-home' + network: private_1 radio: [11a_standard, 11g_standard] ifname_hint: pr + - mode: ap + ssid: w38b-in + encryption: sae-mixed + key: 'file:/root/wifi-pwd-in' + network: private_2 + radio: [11a_standard, 11g_standard] + ifname_hint: in + - mode: ap ssid: w38b-host encryption: sae-mixed From 87b3d415e7069fdf334ccc30bb4dc4852505aca5 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Mon, 28 Oct 2024 15:46:34 +0000 Subject: [PATCH 127/254] w38b: add new device --- locations/w38b.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/locations/w38b.yml b/locations/w38b.yml index 3477c2879..faff51161 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -152,6 +152,7 @@ networks: w38b-pve: 3 # 10.31.212.195 w38b-ds: 4 # 10.31.212.196 w38b-printer: 5 # 10.31.212.197 + w38b-aud: 6 # 10.31.212.198 # DHCP (IN / PRIVATE-2) - vid: 44 From ea6be3a9f854ad2f68fd78460a781c029cb44e31 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Wed, 30 Oct 2024 05:19:47 +0000 Subject: [PATCH 128/254] segen: adjust mesh metrics --- locations/segen.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/locations/segen.yml b/locations/segen.yml index bf952119c..54c933f49 100644 --- a/locations/segen.yml +++ b/locations/segen.yml @@ -223,7 +223,7 @@ networks: name: mesh_11s_n2 prefix: 10.31.6.72/32 ipv6_subprefix: -9 - mesh_metric: 1024 + mesh_metric: 2048 mesh_metric_lqm: ['default 0.4'] mesh_ap: segen-n-nf-2ghz mesh_radio: 11g_standard @@ -234,7 +234,7 @@ networks: name: mesh_11s_o2 prefix: 10.31.6.73/32 ipv6_subprefix: -10 - mesh_metric: 1024 + mesh_metric: 2048 mesh_metric_lqm: ['default 0.4'] mesh_ap: segen-o-nf-2ghz mesh_radio: 11g_standard @@ -245,7 +245,7 @@ networks: name: mesh_11s_s2 prefix: 10.31.6.74/32 ipv6_subprefix: -11 - mesh_metric: 1024 + mesh_metric: 2048 mesh_metric_lqm: ['default 0.4'] mesh_ap: segen-s-nf-2ghz mesh_radio: 11g_standard @@ -256,7 +256,7 @@ networks: name: mesh_11s_w2 prefix: 10.31.6.75/32 ipv6_subprefix: -12 - mesh_metric: 1024 + mesh_metric: 2048 mesh_metric_lqm: ['default 0.4'] mesh_ap: segen-w-nf-2ghz mesh_radio: 11g_standard From 0c40ef8d3bf2e352c9b07a73fa6bc00fd0da0f1a Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Wed, 30 Oct 2024 06:11:24 +0000 Subject: [PATCH 129/254] k12, hirschhof: adjust mesh metrics & mesh setup --- locations/hirschhof.yml | 16 ++++++++++------ locations/k12-h2.yml | 4 +++- locations/k12-h4.yml | 4 ++-- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/locations/hirschhof.yml b/locations/hirschhof.yml index 6c65e1751..892d0afc4 100644 --- a/locations/hirschhof.yml +++ b/locations/hirschhof.yml @@ -12,11 +12,10 @@ hosts: role: corerouter model: "tplink_archer-c5-v1" wireless_profile: freifunk_default - wifi_roaming: true - hostname: hirschhof-k12 role: ap model: "tplink_cpe210-v1" - wifi_roaming: true + wireless_profile: mesh_only ipv6_prefix: '2001:bf7:760:2c00::/56' @@ -33,6 +32,9 @@ networks: name: mesh_5ghz prefix: 10.31.159.128/32 ipv6_subprefix: -20 + # make mesh_metric(s) for 2GHz omni worse than 2GHz directional + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.8'] mesh_ap: hirschhof-core mesh_radio: 11a_standard mesh_iface: mesh @@ -43,9 +45,9 @@ networks: name: mesh_2ghz prefix: 10.31.159.129/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] + # make mesh_metric(s) for 2GHz omni worse than 5GHz omni + mesh_metric: 2048 + mesh_metric_lqm: ['default 0.6'] mesh_ap: hirschhof-core mesh_radio: 11g_standard mesh_iface: mesh @@ -56,6 +58,8 @@ networks: name: mesh_k12 prefix: 10.31.159.130/32 ipv6_subprefix: -22 + # adjust mesh_metric(s) to prefer this route + mesh_metric: 512 mesh_ap: hirschhof-k12 mesh_radio: 11g_standard mesh_iface: mesh @@ -88,7 +92,7 @@ location__channel_assignments_11a_standard__to_merge: location__channel_assignments_11g_standard__to_merge: hirschhof-core: 13-20 - hirschhof-k12: 13-20 + hirschhof-k12: 1-20 dns_servers: # quad9 diff --git a/locations/k12-h2.yml b/locations/k12-h2.yml index 2f6dbdec3..9d52fa8ae 100644 --- a/locations/k12-h2.yml +++ b/locations/k12-h2.yml @@ -107,6 +107,8 @@ networks: name: mesh_cpe prefix: 10.31.158.133/32 ipv6_subprefix: -24 + # adjust mesh_metric(s) to prefer this route + mesh_metric: 256 mesh_ap: k12-h2-cpe mesh_radio: 11a_standard mesh_iface: mesh @@ -117,7 +119,7 @@ networks: name: mesh_lan prefix: 10.31.226.134/32 ipv6_subprefix: -30 - # adjust mesh_metric(s) to prefer this + # adjust mesh_metric(s) to prefer this route mesh_metric: 128 # DHCP diff --git a/locations/k12-h4.yml b/locations/k12-h4.yml index a98f564b6..2fbca322c 100644 --- a/locations/k12-h4.yml +++ b/locations/k12-h4.yml @@ -22,7 +22,7 @@ hosts: - hostname: k12-h4-hirschhof role: ap model: "tplink_cpe210-v1" - wifi_roaming: true + wireless_profile: mesh_only ipv6_prefix: '2001:bf7:760:2b00::/56' @@ -120,7 +120,7 @@ location__channel_assignments_11a_standard__to_merge: location__channel_assignments_11g_standard__to_merge: k12-h4-core: 13-20 k12-h4-h0s: 13-20 - k12-h4-hirschhof: 13-20 + k12-h4-hirschhof: 1-20 dns_servers: # quad9 From 8d73b76afa34ade2b658eb229edbcb51fe6427bd Mon Sep 17 00:00:00 2001 From: Ffhener Date: Wed, 30 Oct 2024 17:26:31 +0100 Subject: [PATCH 130/254] magda: added City to address --- locations/magda.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/magda.yml b/locations/magda.yml index fc7ba0ada..1445ee644 100644 --- a/locations/magda.yml +++ b/locations/magda.yml @@ -1,7 +1,7 @@ --- location: magda -location_nice: Magdalenenstraße 19 +location_nice: Magdalenenstraße 19, 10365 Berlin latitude: 52.514072806 longitude: 13.488437533 altitude: 60 From b0f58b8a3372d152f6114a48ddb480dabee960bd Mon Sep 17 00:00:00 2001 From: Ffhener Date: Wed, 30 Oct 2024 17:27:30 +0100 Subject: [PATCH 131/254] magda: comment out ap4 until it gets replaced --- locations/magda.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/locations/magda.yml b/locations/magda.yml index 1445ee644..bbac039bd 100644 --- a/locations/magda.yml +++ b/locations/magda.yml @@ -35,9 +35,10 @@ hosts: mac_override: eth0: 08:55:31:54:63:0a - - hostname: magda-ap4 - role: ap - model: "ubnt_nanostation-m2_xm" + # Replacement needed + # - hostname: magda-ap4 + # role: ap + # model: "ubnt_nanostation-m2_xm" snmp_devices: - hostname: magda-sama @@ -89,7 +90,7 @@ networks: magda-ap1: 5 magda-ap2: 6 magda-ap3: 7 - magda-ap4: 8 + # magda-ap4: 8 magda-ap-remise: 9 - vid: 40 From 8ed4404b7fd8293a188693ddf003edad2dcddbcb Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Thu, 31 Oct 2024 22:07:19 +0100 Subject: [PATCH 132/254] vaterhaus: add airos-dfs-reset config --- locations/vaterhaus.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/locations/vaterhaus.yml b/locations/vaterhaus.yml index 57850ccaf..50dba6181 100644 --- a/locations/vaterhaus.yml +++ b/locations/vaterhaus.yml @@ -52,6 +52,30 @@ snmp_devices: # address: 10.230.192.208 # snmp_profile: airos_6 +airos_dfs_reset: + - name: "vaterhaus-w" + target: "10.230.192.203" + username: "ubnt" + password: "file:/root/pwd.txt" + daytime_limit: "2-7" + + - name: "vaterhaus-o" + target: "10.230.192.205" + username: "root" + password: "file:/root/pwd.txt" + daytime_limit: "2-7" + + - name: "vaterhaus-adlershof" + target: "10.230.192.206" + username: "ubnt" + password: "file:/root/pwd.txt" + daytime_limit: "2-7" + + - name: "vaterhaus-cg47" + target: "10.230.192.207" + username: "root" + password: "file:/root/pwd.txt" + daytime_limit: "2-7" ipv6_prefix: "2001:bf7:830:a500::/56" From 2cb4bc42584992e3f665d8777d0a4080c5533267 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Fri, 25 Oct 2024 02:42:23 +0200 Subject: [PATCH 133/254] vm: firecracker supports ACPI now --- vm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vm.sh b/vm.sh index af0221340..38a0f3369 100755 --- a/vm.sh +++ b/vm.sh @@ -114,7 +114,7 @@ cat << EOF > "$vmdir/vmconfig.json" }, "boot-source": { "kernel_image_path": "./vmlinux", - "boot_args": "ro console=ttyS0 noapic reboot=k panic=1 pci=off nomodules random.trust_cpu=on i8042.noaux" + "boot_args": "ro console=ttyS0 reboot=k panic=1 pci=off nomodules random.trust_cpu=on i8042.noaux" }, "drives": [ { From 75bf4a90e32f528dd8e4a43844ee5ca46b7d80ee Mon Sep 17 00:00:00 2001 From: Packet Please Date: Sat, 2 Nov 2024 01:08:59 +0100 Subject: [PATCH 134/254] imageprofile: fix TLS certificate generation We removed px5g in 4f29940 without making sure there's another variant of it installed. Pull in the default via luci-ssl. --- group_vars/all/imageprofile.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/all/imageprofile.yml b/group_vars/all/imageprofile.yml index d237ff5b2..290407c4b 100644 --- a/group_vars/all/imageprofile.yml +++ b/group_vars/all/imageprofile.yml @@ -32,6 +32,7 @@ all_luci_base__packages__to_merge: - luci-mod-admin-full - luci-proto-ipv6 - luci-theme-bootstrap + - luci-ssl - rpcd-mod-rrdns - uhttpd - uhttpd-mod-ubus From 17e59e33b637fe830c2af2ec188c8a80ee19ed8f Mon Sep 17 00:00:00 2001 From: Ffhener Date: Sat, 26 Oct 2024 11:41:56 +0200 Subject: [PATCH 135/254] model_cudy_ap3000outdoor_v1: fix version_nice --- group_vars/model_cudy_ap3000outdoor_v1.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/group_vars/model_cudy_ap3000outdoor_v1.yml b/group_vars/model_cudy_ap3000outdoor_v1.yml index 4da838786..a1acc0f68 100644 --- a/group_vars/model_cudy_ap3000outdoor_v1.yml +++ b/group_vars/model_cudy_ap3000outdoor_v1.yml @@ -2,7 +2,8 @@ target: mediatek/filogic openwrt_version: snapshot brand_nice: Cudy -model_nice: AP3000 Outdoor v1 +model_nice: AP3000 Outdoor +version_nice: v1 int_port: eth0 From a9cdab1aedb92f9748b04fddf86e9657e1600e6f Mon Sep 17 00:00:00 2001 From: Ffhener Date: Sat, 26 Oct 2024 11:42:46 +0200 Subject: [PATCH 136/254] teufelsberg: add 2 new aps replacing 1 --- locations/teufelsberg.yml | 65 ++++++++--------------------------- locations/teufelssecurity.yml | 4 +-- 2 files changed, 16 insertions(+), 53 deletions(-) diff --git a/locations/teufelsberg.yml b/locations/teufelsberg.yml index 6edee45d7..66f89b952 100644 --- a/locations/teufelsberg.yml +++ b/locations/teufelsberg.yml @@ -23,28 +23,20 @@ hosts: host__packages__to_merge: - "kmod-usb-ohci usbip-server usbip-client" - # - hostname: teufelsberg-ap1 - # role: ap - # model: mikrotik_sxtsq-5-ac - # mac_override: {eth0: dc:2c:6e:91:08:19} - # wireless_profile: freifunk_default - - # - hostname: teufelsberg-ap2 - # role: ap - # model: mikrotik_sxtsq-5-ac - # mac_override: {eth0: dc:2c:6e:91:0f:66} - # wireless_profile: freifunk_default + - hostname: teufelsberg-ap1 + role: ap + model: cudy_ap3000outdoor-v1 + wireless_profile: freifunk_default - - hostname: teufelsberg-ap3 + - hostname: teufelsberg-ap2 role: ap - model: mikrotik_sxtsq-5-ac - mac_override: {eth0: 2c:c8:1b:6a:ce:f1} + model: cudy_ap3000outdoor-v1 wireless_profile: freifunk_default - - hostname: teufelsberg-ap4 + - hostname: teufelsberg-ap3 role: ap model: mikrotik_sxtsq-5-ac - mac_override: {eth0: dc:2c:6e:c4:2c:91} + mac_override: {eth0: 2c:c8:1b:6a:ce:f1} wireless_profile: freifunk_default snmp_devices: @@ -127,24 +119,6 @@ networks: prefix: 10.31.213.69/32 ipv6_subprefix: -15 - # - vid: 20 - # role: mesh - # name: mesh_ap1 - # prefix: 10.31.213.74/32 - # ipv6_subprefix: -20 - # mesh_ap: teufelsberg-ap1 - # mesh_radio: 11a_standard - # mesh_iface: mesh - - # - vid: 21 - # role: mesh - # name: mesh_ap2 - # prefix: 10.31.213.75/32 - # ipv6_subprefix: -21 - # mesh_ap: teufelsberg-ap2 - # mesh_radio: 11a_standard - # mesh_iface: mesh - - vid: 22 role: mesh name: mesh_ap3 @@ -154,15 +128,6 @@ networks: mesh_radio: 11a_standard mesh_iface: mesh - - vid: 23 - role: mesh - name: mesh_ap4 - prefix: 10.31.213.77/32 - ipv6_subprefix: -23 - mesh_ap: teufelsberg-ap4 - mesh_radio: 11a_standard - mesh_iface: mesh - - vid: 40 role: dhcp inbound_filtering: true @@ -181,10 +146,9 @@ networks: assignments: teufelsberg-core: 1 teufelsberg-switch: 2 - # teufelsberg-ap1: 3 - # teufelsberg-ap2: 4 - teufelsberg-ap3: 5 # pointing south - teufelsberg-ap4: 6 # point down + teufelsberg-ap1: 3 + teufelsberg-ap2: 4 + teufelsberg-ap3: 5 teufelsberg-ak36: 7 teufelsberg-ilr: 8 teufelsberg-nw: 10 @@ -193,7 +157,6 @@ networks: teufelsberg-cam: 13 location__channel_assignments_11a_standard__to_merge: - # teufelsberg-ap1: 44-20 - # teufelsberg-ap2: 48-20 - teufelsberg-ap3: 36-20 - teufelsberg-ap4: 40-20 + teufelsberg-ap1: 44-20 + teufelsberg-ap2: 48-20 + teufelsberg-ap3: 36-40 diff --git a/locations/teufelssecurity.yml b/locations/teufelssecurity.yml index fd626530b..590d07f65 100644 --- a/locations/teufelssecurity.yml +++ b/locations/teufelssecurity.yml @@ -58,8 +58,8 @@ networks: teufelssecurity-ap: 2 location__channel_assignments_11a_standard__to_merge: - teufelssecurity-core: 36-20 - teufelssecurity-ap: 40-20 + teufelssecurity-core: 44-40 + teufelssecurity-ap: 36-40 location__channel_assignments_11g_standard__to_merge: teufelssecurity-core: 13-20 From a478d2ef4e7dfeafe44603addd430f50aed373bf Mon Sep 17 00:00:00 2001 From: Ffhener Date: Wed, 30 Oct 2024 23:46:07 +0100 Subject: [PATCH 137/254] teufelsberg: rename nf aps --- locations/teufelsberg.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/locations/teufelsberg.yml b/locations/teufelsberg.yml index 66f89b952..2692fc1c8 100644 --- a/locations/teufelsberg.yml +++ b/locations/teufelsberg.yml @@ -23,17 +23,17 @@ hosts: host__packages__to_merge: - "kmod-usb-ohci usbip-server usbip-client" - - hostname: teufelsberg-ap1 + - hostname: teufelsberg-o-nf role: ap model: cudy_ap3000outdoor-v1 wireless_profile: freifunk_default - - hostname: teufelsberg-ap2 + - hostname: teufelsberg-s-nf role: ap model: cudy_ap3000outdoor-v1 wireless_profile: freifunk_default - - hostname: teufelsberg-ap3 + - hostname: teufelsberg-sw-nf role: ap model: mikrotik_sxtsq-5-ac mac_override: {eth0: 2c:c8:1b:6a:ce:f1} @@ -121,10 +121,10 @@ networks: - vid: 22 role: mesh - name: mesh_ap3 + name: mesh_sw_nf prefix: 10.31.213.76/32 ipv6_subprefix: -22 - mesh_ap: teufelsberg-ap3 + mesh_ap: teufelsberg-sw-nf mesh_radio: 11a_standard mesh_iface: mesh @@ -146,9 +146,9 @@ networks: assignments: teufelsberg-core: 1 teufelsberg-switch: 2 - teufelsberg-ap1: 3 - teufelsberg-ap2: 4 - teufelsberg-ap3: 5 + teufelsberg-o-nf: 3 + teufelsberg-s-nf: 4 + teufelsberg-sw-nf: 5 teufelsberg-ak36: 7 teufelsberg-ilr: 8 teufelsberg-nw: 10 @@ -157,6 +157,6 @@ networks: teufelsberg-cam: 13 location__channel_assignments_11a_standard__to_merge: - teufelsberg-ap1: 44-20 - teufelsberg-ap2: 48-20 - teufelsberg-ap3: 36-40 + teufelsberg-o-nf: 44-20 + teufelsberg-s-nf: 48-20 + teufelsberg-sw-nf: 36-40 From 6610aa76b25311d9617c0382ad10da7b1efbfcd5 Mon Sep 17 00:00:00 2001 From: Ffhener Date: Mon, 28 Oct 2024 11:46:38 +0100 Subject: [PATCH 138/254] teufelsberg: add raspi from meshtastic --- locations/teufelsberg.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/locations/teufelsberg.yml b/locations/teufelsberg.yml index 2692fc1c8..6e6316961 100644 --- a/locations/teufelsberg.yml +++ b/locations/teufelsberg.yml @@ -155,6 +155,7 @@ networks: teufelsberg-nord: 11 teufelsberg-ono: 12 teufelsberg-cam: 13 + teufelsberg-pi: 14 location__channel_assignments_11a_standard__to_merge: teufelsberg-o-nf: 44-20 From 76a6472138fed94018012fabc68ca80702e8835a Mon Sep 17 00:00:00 2001 From: Ffhener Date: Thu, 31 Oct 2024 00:03:16 +0100 Subject: [PATCH 139/254] teufelsberg: set frequencies for 2ghz-devices --- locations/teufelsberg.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/locations/teufelsberg.yml b/locations/teufelsberg.yml index 6e6316961..f1994b5aa 100644 --- a/locations/teufelsberg.yml +++ b/locations/teufelsberg.yml @@ -161,3 +161,7 @@ location__channel_assignments_11a_standard__to_merge: teufelsberg-o-nf: 44-20 teufelsberg-s-nf: 48-20 teufelsberg-sw-nf: 36-40 + +location__channel_assignments_11g_standard__to_merge: + teufelsberg-o-nf: 1-20 + teufelsberg-s-nf: 13-20 From 9c69ca8c4491a8da2e1cb31e6170ebd071094b62 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 3 Nov 2024 08:46:43 +0000 Subject: [PATCH 140/254] imageprofile: roll back luci-ssl --- group_vars/all/imageprofile.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/group_vars/all/imageprofile.yml b/group_vars/all/imageprofile.yml index 290407c4b..d237ff5b2 100644 --- a/group_vars/all/imageprofile.yml +++ b/group_vars/all/imageprofile.yml @@ -32,7 +32,6 @@ all_luci_base__packages__to_merge: - luci-mod-admin-full - luci-proto-ipv6 - luci-theme-bootstrap - - luci-ssl - rpcd-mod-rrdns - uhttpd - uhttpd-mod-ubus From 3e85022670ddf2f0edbabba33b40ddca8d551a20 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Mon, 4 Nov 2024 07:41:18 +0000 Subject: [PATCH 141/254] k9: small changes / enable local mesh --- locations/k9.yml | 59 +++++++++++++++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 16 deletions(-) diff --git a/locations/k9.yml b/locations/k9.yml index d12d3a2cd..5026aabf0 100644 --- a/locations/k9.yml +++ b/locations/k9.yml @@ -1,6 +1,6 @@ --- location: k9 -location_nice: Kinzig9 +location_nice: Kinzigstraße 9, 10247 Berlin latitude: 52.51378093260403 longitude: 13.466068518122656 altitude: 60 @@ -23,6 +23,9 @@ snmp_devices: address: 10.31.9.212 snmp_profile: airos_6 + - hostname: k9-wilgu10 + address: 10.31.9.213 + snmp_profile: airos_8 ipv6_prefix: '2001:bf7:830:8d00::/56' @@ -34,48 +37,71 @@ ipv6_prefix: '2001:bf7:830:8d00::/56' # - 10.31.9.224/28 - BBB-Mesh # - 10.31.9.240/28 - Internal Mesh - # 10.31.99.0/24 / can be proably dismantled - networks: + # MESH - Sama - vid: 10 role: mesh name: mesh_sama prefix: 10.31.9.224/32 - ipv6_subprefix: -1 - mesh_metric: 512 + ipv6_subprefix: -10 ptp: true + # MESH - Zwingli - vid: 11 role: mesh name: mesh_zwingli prefix: 10.31.9.225/32 - ipv6_subprefix: -2 + ipv6_subprefix: -11 mesh_metric: 1024 - mesh_metric_lqm: ['default 0.3'] - # Ignore Uplink two Hops away / requires 0.3 LQM + mesh_metric_lqm: ['default 0.6'] ptp: true + # MESH - Wilgu10 - vid: 12 role: mesh name: mesh_wilgu10 prefix: 10.31.9.226/32 - ipv6_subprefix: -3 - mesh_metric: 512 + ipv6_subprefix: -12 ptp: true + # MESH - LAN via Powerline - vid: 20 role: mesh name: mesh_k9int prefix: 10.31.9.240/28 - ipv6_subprefix: -3 + ipv6_subprefix: -20 mesh_metric: 64 mesh_metric_lqm: ['default 0.2'] # Ignore Uplink one Hop away / requires 0.2 LQM assignments: k9-core: 1 + # MESH - 5 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_5g + prefix: 10.31.9.227/32 + ipv6_subprefix: -21 + mesh_ap: k9-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 22 + role: mesh + name: mesh_2g + prefix: 10.31.9.228/32 + ipv6_subprefix: -22 + # make mesh_metric(s) for 2GHz worse than 5GHz + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.5'] + mesh_ap: k9-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP - vid: 40 role: dhcp inbound_filtering: true @@ -85,6 +111,7 @@ networks: assignments: k9-core: 1 + # MGMT - vid: 42 role: mgmt prefix: 10.31.9.208/28 @@ -92,11 +119,11 @@ networks: dns: 1 ipv6_subprefix: 1 assignments: - k9-core: 1 - k9-switch: 2 - k9-sama: 3 - k9-zwingli: 4 - k9-wilgu10: 5 + k9-core: 1 # 10.31.9.209 + # k9-switch: 2 # 10.31.9.210 + k9-sama: 3 # 10.31.9.211 + k9-zwingli: 4 # 10.31.9.212 + k9-wilgu10: 5 # 10.31.9.213 location__ssh_keys__to_merge: - comment: k9 JuergeN From 7ee464dcd992cf96e8d028d5429b7ecd7b67063a Mon Sep 17 00:00:00 2001 From: noxil Date: Mon, 4 Nov 2024 13:26:30 +0100 Subject: [PATCH 142/254] bilgi: init location --- locations/bilgi.yml | 80 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 locations/bilgi.yml diff --git a/locations/bilgi.yml b/locations/bilgi.yml new file mode 100644 index 000000000..a08ac86a7 --- /dev/null +++ b/locations/bilgi.yml @@ -0,0 +1,80 @@ +--- +location: bilgi +location_nice: Oranienstrasse 45, 10969 Berlin +latitude: 52.50294 +longitude: 13.41419 +altitude: 41 +height: 1 +contact_nickname: Bilgisaray Kollektiv +community: true + +hosts: + + - hostname: bilgi-core + role: corerouter + model: "avm_fritzbox-4040" + wireless_profile: freifunk_default + +# ROUTER: 10.248.23.128/26 +# --MGMT: 10.248.23.128/28 +# --MESH: 10.248.23.144/28 +# --DHCP: 10.248.23.160/27 + +ipv6_prefix: "2001:bf7:830:cc00::/56" + +networks: + + - vid: 20 + role: mesh + name: mesh_5ghz + prefix: 10.248.23.144/32 + ipv6_subprefix: -20 + mesh_ap: bilgi-core + mesh_radio: 11a_standard + mesh_iface: mesh + mesh_metric: 1024 + + - vid: 21 + role: mesh + name: mesh_2ghz + prefix: 10.248.23.145/32 + ipv6_subprefix: -21 + mesh_ap: bilgi-core + mesh_radio: 11g_standard + mesh_iface: mesh + mesh_metric: 1024 + + - vid: 40 + role: dhcp + name: dhcp + prefix: 10.248.23.160/27 + ipv6_subprefix: 0 + inbound_filtering: true + enforce_client_isolation: true + assignments: + bilgi-core: 1 + + - vid: 42 + role: mgmt + prefix: 10.248.23.128/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + bilgi-core: 1 + + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.23.146/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.23.147/32 + wireguard_port: 51821 From e7c1815dd66316a36ba5c6e894864b54064bfe49 Mon Sep 17 00:00:00 2001 From: Ffhener Date: Mon, 4 Nov 2024 18:05:22 +0100 Subject: [PATCH 143/254] bht: cleanup --- locations/bht.yml | 89 ++++++++++++++++++++++++++--------------------- 1 file changed, 49 insertions(+), 40 deletions(-) diff --git a/locations/bht.yml b/locations/bht.yml index e535ee908..74fd25f22 100644 --- a/locations/bht.yml +++ b/locations/bht.yml @@ -1,7 +1,7 @@ --- location: bht -location_nice: Berliner Hochschule fuer Technik +location_nice: Berliner Hochschule fuer Technik, Luxemburger Straße 10, 13353 Berlin latitude: 52.544407831736 longitude: 13.352562785148 altitude: 88 @@ -10,13 +10,18 @@ contacts: - 'isprotejesvalkata [attt] gmail com' hosts: - - hostname: bht-core role: corerouter - model: "tplink_tl-wdr4900-v1" - wireless_profile: freifunk_default + model: mikrotik_routerboard-750gr3 snmp_devices: + - hostname: bht-switch-1 + address: 10.31.166.2 + snmp_profile: edgeswitch + + - hostname: bht-switch-2 + address: 10.31.166.3 + snmp_profile: edgeswitch - hostname: bht-segen address: 10.31.166.5 @@ -122,85 +127,89 @@ airos_dfs_reset: ipv6_prefix: "2001:bf7:750:1200::/56" +# ROUTER: 10.230.23.128/27 +# --MESH: 10.230.23.128/28 +# --DHCP: 10.230.23.144/28 +# --MGMT: 10.31.166.0/27 + networks: - - vid: 111 + - vid: 10 role: mesh name: mesh_segen - prefix: 10.230.23.141/32 - ipv6_subprefix: -1 + prefix: 10.230.23.128/32 + ipv6_subprefix: -10 ptp: true mesh_metric: 1024 mesh_metric_lqm: ['default 0.2'] - - vid: 112 + - vid: 11 role: mesh name: mesh_perleberger36 - prefix: 10.230.23.142/32 - ipv6_subprefix: -2 + prefix: 10.230.23.129/32 + ipv6_subprefix: -11 ptp: true - - vid: 113 + - vid: 12 role: mesh name: mesh_scherer8 - prefix: 10.230.23.143/32 - ipv6_subprefix: -3 + prefix: 10.230.23.130/32 + ipv6_subprefix: -12 ptp: true - - vid: 114 + - vid: 13 role: mesh name: mesh_nord - prefix: 10.230.23.144/32 - ipv6_subprefix: -4 + prefix: 10.230.23.131/32 + ipv6_subprefix: -13 - - vid: 115 + - vid: 14 role: mesh name: mesh_chris - prefix: 10.230.23.145/32 - ipv6_subprefix: -5 + prefix: 10.230.23.132/32 + ipv6_subprefix: -14 ptp: true - - vid: 116 + - vid: 15 role: mesh name: mesh_jup - prefix: 10.230.23.146/32 - ipv6_subprefix: -6 + prefix: 10.230.23.133/32 + ipv6_subprefix: -15 ptp: true - - vid: 117 + - vid: 16 role: mesh name: mesh_ost - prefix: 10.230.23.147/32 - ipv6_subprefix: -7 + prefix: 10.230.23.134/32 + ipv6_subprefix: -16 - - vid: 118 + - vid: 17 role: mesh name: mesh_sued - prefix: 10.230.23.148/32 - ipv6_subprefix: -8 + prefix: 10.230.23.135/32 + ipv6_subprefix: -17 - - vid: 119 + - vid: 18 role: mesh name: mesh_fardf - prefix: 10.230.23.149/32 - ipv6_subprefix: -9 + prefix: 10.230.23.136/32 + ipv6_subprefix: -18 ptp: true - - vid: 128 + - vid: 19 role: mesh name: mesh_west - prefix: 10.230.23.158/32 - ipv6_subprefix: -28 + prefix: 10.230.23.137/32 + ipv6_subprefix: -19 - - vid: 104 + - vid: 40 role: dhcp - prefix: 10.230.23.152/29 + prefix: 10.230.23.144/28 ipv6_subprefix: 0 - untagged: true assignments: bht-core: 1 - - vid: 102 + - vid: 424 role: mgmt prefix: 10.31.166.0/27 gateway: 1 @@ -208,8 +217,8 @@ networks: ipv6_subprefix: 1 assignments: bht-core: 1 - bht-er1: 2 - bht-er2: 3 + bht-switch-1: 2 + bht-switch-2: 3 bht-segen: 5 bht-perleberger36: 6 bht-scherer8: 7 From 140763d9559addd696e8a10b22feeb251a92ef38 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 29 Oct 2024 22:29:11 +0100 Subject: [PATCH 144/254] vars: define default metrics for babel and move IPv6 prefix definition --- group_vars/all/general.yml | 13 +++++++++++++ group_vars/role_gateway/general.yml | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/group_vars/all/general.yml b/group_vars/all/general.yml index c202250a9..163c4c5d1 100644 --- a/group_vars/all/general.yml +++ b/group_vars/all/general.yml @@ -42,3 +42,16 @@ all_sysctl__to_merge: # especially on low mem devices this is important vm.min_free_kbytes: 1024 + + +## Routing Section: +freifunk_global_prefix: 2001:bf7::/32 + +# Default mesh metric in inbound direction (rxcost) for normal mesh links +mesh_metric_default_in: 512 + +# Default mesh metric in inbound direction (rxcost) for tunnels +mesh_metric_tunnel_in: 512 + +# Default mesh metric in inbound direction (rxcost) for adhoc like interfaces +mesh_metric_adhoc_in: 2048 diff --git a/group_vars/role_gateway/general.yml b/group_vars/role_gateway/general.yml index af0227a78..40df4d703 100644 --- a/group_vars/role_gateway/general.yml +++ b/group_vars/role_gateway/general.yml @@ -1,6 +1,6 @@ --- -freifunk_global_prefix: 2001:bf7::/32 +#freifunk_global_prefix -> has been migrated to group_vars/all/general.yml freifunk_wahlkreis_prefixes: - 2001:bf7:750::/44 - 2001:bf7:760::/44 From 055ae0a480593fba985c7d259a5add465d6a0571 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 29 Oct 2024 22:32:22 +0100 Subject: [PATCH 145/254] corerouter: Configure bird to run babel protocol --- .../templates/corerouter/bird.conf.j2 | 105 ++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 roles/cfg_openwrt/templates/corerouter/bird.conf.j2 diff --git a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 new file mode 100644 index 000000000..5a962f3e0 --- /dev/null +++ b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 @@ -0,0 +1,105 @@ +#jinja2: trim_blocks: "true", lstrip_blocks: "true" +{% import 'libraries/network.j2' as libnetwork with context %} + + +log syslog all; +debug protocols all; + +#master4 is implicitly created +ipv6 sadr table v6_main; +ipv4 table v4_babel_ff; +ipv4 table v4_babel_default; + +protocol device { +}; + +protocol direct { + interface "lo"; + ipv6 sadr { + table v6_main; + }; +} + +protocol babel { + randomize router id yes; + ipv6 sadr { + table v6_main; + # Import only /56 location aggregates and default routes + import where (net.len = 56) || (net = ::/0 from {{ freifunk_global_prefix }} ); + export filter { + if net = {{ ipv6_prefix }} from ::/0 then accept; + if source = RTS_BABEL then accept; + reject; + }; + }; + ipv4 { + import all; + export where source = RTS_BABEL; # For now only advertise routes learned from babel + }; + + # Mesh interfaces +{% for nw in networks | selectattr('role', 'equalto', 'mesh') %} + {% set default_mesh_metric = mesh_metric_adhoc_in if 'mesh_ap' else mesh_metric_default_in %} + interface "{{ libnetwork.getPortIfname(nw) }}" { + type wireless; + rxcost {{ nw.get('mesh_metric', default_mesh_metric) }}; + }; +{% endfor %} + # Tunnel interfaces provided by tunspace +{% for nw in networks | selectattr('role', 'equalto', 'tunnel') %} + interface "{{ nw.get('ifname') }}" { + type wireless; + rxcost {{ nw.get('mesh_metric', mesh_metric_tunnel_in) }}; + }; +{% endfor %} +} + +protocol kernel { + ipv6 sadr { + table v6_main; + import all; + export all; + }; + learn all; # Allow learning loopback route +} + + + +# Currently not in use but keep for later purposes +protocol kernel { + ipv4 { + import none; + export none; + }; +} + +# TODO: Get rid of the following when OLSRD is gone +protocol kernel { + kernel table 10; + ipv4 { + table v4_babel_ff; + import none; + export all; + }; +} + +protocol pipe { + table master4; + peer table v4_babel_ff; + export where net != 0.0.0.0/0; +} + +protocol kernel { + kernel table 11; + ipv4 { + table v4_babel_default; + import none; + export all; + }; +} + +protocol pipe { + table master4; + peer table v4_babel_default; + export where net = 0.0.0.0/0; +} From 8fd0c171bec06df57dde189328a2bc4da251c256 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 29 Oct 2024 22:35:07 +0100 Subject: [PATCH 146/254] corerouter: remove remnants of babeld --- group_vars/role_corerouter/imageprofile.yml | 2 - .../cfg_openwrt/files/corerouter/babeld.conf | 1 - roles/cfg_openwrt/files/corerouter/bird.conf | 47 ------------------ .../templates/corerouter/config/babeld.j2 | 48 ------------------- 4 files changed, 98 deletions(-) delete mode 100644 roles/cfg_openwrt/files/corerouter/babeld.conf delete mode 100644 roles/cfg_openwrt/files/corerouter/bird.conf delete mode 100644 roles/cfg_openwrt/templates/corerouter/config/babeld.j2 diff --git a/group_vars/role_corerouter/imageprofile.yml b/group_vars/role_corerouter/imageprofile.yml index 65767c205..7dad0602c 100644 --- a/group_vars/role_corerouter/imageprofile.yml +++ b/group_vars/role_corerouter/imageprofile.yml @@ -2,8 +2,6 @@ role_corerouter__packages__to_merge: - bird2 - bird2c - - babeld - - luci-app-babeld - collectd-mod-dhcpleases - collectd-mod-olsrd - collectd-mod-conntrack diff --git a/roles/cfg_openwrt/files/corerouter/babeld.conf b/roles/cfg_openwrt/files/corerouter/babeld.conf deleted file mode 100644 index 9396a788c..000000000 --- a/roles/cfg_openwrt/files/corerouter/babeld.conf +++ /dev/null @@ -1 +0,0 @@ -export-table 12 diff --git a/roles/cfg_openwrt/files/corerouter/bird.conf b/roles/cfg_openwrt/files/corerouter/bird.conf deleted file mode 100644 index 9683d4129..000000000 --- a/roles/cfg_openwrt/files/corerouter/bird.conf +++ /dev/null @@ -1,47 +0,0 @@ -log syslog all; -debug protocols all; - -ipv4 table babel_src; -ipv4 table babel_ff; -ipv4 table babel_default; - -protocol device { -} - -protocol kernel { - learn; - kernel table 12; - ipv4 { - table babel_src; - import all; - }; -} - -protocol kernel { - kernel table 10; - ipv4 { - table babel_ff; - export all; - }; -} - -protocol kernel { - kernel table 11; - ipv4 { - table babel_default; - export all; - }; -} - - -protocol pipe { - table babel_src; - peer table babel_ff; - export where net != 0.0.0.0/0; -} - -protocol pipe { - table babel_src; - peer table babel_default; - export where net = 0.0.0.0/0; -} diff --git a/roles/cfg_openwrt/templates/corerouter/config/babeld.j2 b/roles/cfg_openwrt/templates/corerouter/config/babeld.j2 deleted file mode 100644 index 58768c226..000000000 --- a/roles/cfg_openwrt/templates/corerouter/config/babeld.j2 +++ /dev/null @@ -1,48 +0,0 @@ -#jinja2: trim_blocks: "true", lstrip_blocks: "true" -{% if ipv6_prefix is defined %} -package babeld - -config general - option 'local_port' '33123' - option 'ipv6_subtrees' 'true' - option 'ubus_bindings' 'true' - - {% for network in networks | selectattr('role', 'equalto', 'mesh') | selectattr('ipv6_subprefix') %} - {% set _ifname = network['name'] if 'name' in network else network['role'] %} -config interface - option 'ifname' '{{ _ifname }}' - option 'split_horizon' '{{ (network['ptp'] if 'ptp' in network else false ) | string | lower }}' - option 'link_quality' '{{ network.get('link_quality_based_metric', true) | string | lower }}' - option 'rxcost' '{{ '256' if network.get('link_quality_based_metric', true) else '96' }}' - -config filter - option 'type' 'in' - option 'if' '{{ _ifname }}' - option 'action' 'metric {{ network.get('mesh_metric', 512) }}' - - {% endfor -%} - - {% for tunnel in networks | selectattr('role', 'equalto', 'tunnel') %} -config interface - option 'ifname' '{{ tunnel['ifname'] }}' - option 'split_horizon' 'true' - -config filter - option 'type' 'in' - option 'if' '{{ tunnel['ifname'] }}' - option 'ip' '::/0' - option 'eq' '0' - option 'action' 'metric {{ tunnel['mesh_metric']|default(512) }}' - - {% endfor %} - -config filter - option 'type' 'redistribute' - option 'ip' '{{ ipv6_prefix }}' - option 'eq' '{{ ipv6_prefix | ansible.utils.ipaddr('prefix') }}' - -config filter - option 'type' 'redistribute' - option 'local' 'true' - option 'action' 'deny' -{% endif %} From 24745e9763ea863aa5b304b2db0e16f9093fc253 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Thu, 31 Oct 2024 00:27:12 +0100 Subject: [PATCH 147/254] network: core-router local mesh bridge config It created a bridge which was unused. Furthermore add ability the library allowing also retrieving of core-router local AdHoc Mesh Ifnames --- roles/cfg_openwrt/templates/libraries/network.j2 | 8 +++++++- roles/cfg_openwrt/templates/libraries/wireless.j2 | 7 +++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 roles/cfg_openwrt/templates/libraries/wireless.j2 diff --git a/roles/cfg_openwrt/templates/libraries/network.j2 b/roles/cfg_openwrt/templates/libraries/network.j2 index e5d51bc88..501bf5433 100644 --- a/roles/cfg_openwrt/templates/libraries/network.j2 +++ b/roles/cfg_openwrt/templates/libraries/network.j2 @@ -1,10 +1,14 @@ #jinja2: trim_blocks: True, lstrip_blocks: True +{% import 'libraries/wireless.j2' as libwireless with context %} + {# Retrieve the layer 3 interface name of a network. #} {% macro getIfname(network) %} {% set ifname = "" %} {% if isBridgeNeeded(network) | from_json %} {% set ifname = getBridgeIfname(network) %} + {% elif network.get('mesh_ap') == inventory_hostname %} + {% set ifname = libwireless.getLocalAdhocIfnameByNetwork(network) %} {% else %} {% set ifname = getPortIfname(network) %} {% endif %} @@ -41,7 +45,9 @@ {# Do we need to create a logical bridge for that network to bridge to wireless interface or are we not participating. This does not affect the switch configuration # Warning: returns a bool. Use |from_json filter when calling #} {% macro isBridgeNeeded(network) %} -{{- (getUciIfname(network) in getWirelessNetworks() or network.get('mesh_ap') == inventory_hostname or (role == 'corerouter' and network['role'] == 'uplink' and network.get('uplink_mode') != 'direct')) | to_json -}} +{{- (getUciIfname(network) in getWirelessNetworks() + or (role == 'ap' and network.get('mesh_ap') == inventory_hostname) + or (role == 'corerouter' and network['role'] == 'uplink' and network.get('uplink_mode') != 'direct')) | to_json -}} {% endmacro %} {# Do we need to configure a port or is this network only connected local (e.g. Mesh Endpoint on the core router) diff --git a/roles/cfg_openwrt/templates/libraries/wireless.j2 b/roles/cfg_openwrt/templates/libraries/wireless.j2 new file mode 100644 index 000000000..7ef429ad4 --- /dev/null +++ b/roles/cfg_openwrt/templates/libraries/wireless.j2 @@ -0,0 +1,7 @@ +#jinja2: trim_blocks: True, lstrip_blocks: True + +# Retrieve the port name of a wireless network +{% macro getLocalAdhocIfnameByNetwork(network) %} + {% set wd = wireless_devices | selectattr('name', 'equalto', network['mesh_radio']) | list | first %} +{{- wd['ifname_hint'] + '-' + network['mesh_iface'] -}} +{% endmacro %} From 9a002250bc5fba1fa5eb6594607b1f6e43437cfc Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Thu, 31 Oct 2024 00:29:57 +0100 Subject: [PATCH 148/254] network: dont require a vid for a core-router local mesh interface that vid is in that specific case anyway not being used, just drop the check. --- roles/cfg_openwrt/templates/common/config/network.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/common/config/network.j2 b/roles/cfg_openwrt/templates/common/config/network.j2 index 9b2bede0f..1d229303b 100644 --- a/roles/cfg_openwrt/templates/common/config/network.j2 +++ b/roles/cfg_openwrt/templates/common/config/network.j2 @@ -38,7 +38,7 @@ config interface 'loopback' {% endif %} -{% for network in networks | selectattr('vid', 'defined') %} +{% for network in networks %} {% set name = libnetwork.getUciIfname(network) %} {%- if (role == 'corerouter' and network['role'] == 'mesh') or ('assignments' in network and inventory_hostname in network['assignments']) From d7da330fcc540ec2c785215011c730d2876ae32a Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Thu, 31 Oct 2024 00:31:06 +0100 Subject: [PATCH 149/254] corerouter/bird: fix ifname retrieval for local adhoc interfaces --- roles/cfg_openwrt/templates/corerouter/bird.conf.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 index 5a962f3e0..6ca6db090 100644 --- a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 @@ -1,7 +1,6 @@ #jinja2: trim_blocks: "true", lstrip_blocks: "true" {% import 'libraries/network.j2' as libnetwork with context %} - log syslog all; debug protocols all; @@ -40,7 +39,7 @@ protocol babel { # Mesh interfaces {% for nw in networks | selectattr('role', 'equalto', 'mesh') %} {% set default_mesh_metric = mesh_metric_adhoc_in if 'mesh_ap' else mesh_metric_default_in %} - interface "{{ libnetwork.getPortIfname(nw) }}" { + interface "{{ libnetwork.getIfname(nw) }}" { type wireless; rxcost {{ nw.get('mesh_metric', default_mesh_metric) }}; }; From 64c43541088fad2c877b6f20b8be1b67eb928258 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Fri, 8 Nov 2024 12:53:20 +0100 Subject: [PATCH 150/254] corerouter/bird: drop verbose logging and include additional configs --- roles/cfg_openwrt/templates/corerouter/bird.conf.j2 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 index 6ca6db090..3bc0d4df2 100644 --- a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 @@ -2,7 +2,10 @@ {% import 'libraries/network.j2' as libnetwork with context %} log syslog all; -debug protocols all; +debug protocols {states}; + +# Include additional bird config files for runtime extendability +include "/dev/shm/bird_*.conf"; #master4 is implicitly created ipv6 sadr table v6_main; From 08873f6fbb368192b8f85ec98e74aecb238266c5 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Fri, 8 Nov 2024 11:21:57 +0100 Subject: [PATCH 151/254] imagebuild: configurable compression algorithm for imagebuilder tar set also default to zst, because all new versions will use zstd instead of xz --- group_vars/all/imageprofile.yml | 5 ++++- group_vars/version_23_05_snapshot.yml | 1 + group_vars/version_snapshot.yml | 2 -- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/group_vars/all/imageprofile.yml b/group_vars/all/imageprofile.yml index d237ff5b2..0579b87c4 100644 --- a/group_vars/all/imageprofile.yml +++ b/group_vars/all/imageprofile.yml @@ -1,7 +1,10 @@ --- # default OpenWRT version to build from unless overridden openwrt_version: 23.05-SNAPSHOT -imagebuilder_filename: "openwrt-imagebuilder-{{ openwrt_version ~ '-' if openwrt_version != 'snapshot' else '' }}{{ target | replace('/','-') }}.Linux-x86_64.tar.xz" + +imagebuilder_suffix: zst # Might get overridden for older openwrt versions +imagebuilder_filename: "openwrt-imagebuilder-{{ openwrt_version }}-{{ target | replace('/', '-') }}.Linux-x86_64.tar.{{ imagebuilder_suffix }}" + imagebuilder: "https://downloads.cdn.openwrt.org/{{ 'snapshots' if openwrt_version == 'snapshot' else 'releases/' ~ openwrt_version }}/targets/{{ target }}/{{ imagebuilder_filename }}" feed: "src/gz openwrt_falter https://firmware.berlin.freifunk.net/feed/__FEED_VERSION__/packages/__INSTR_SET__/falter" diff --git a/group_vars/version_23_05_snapshot.yml b/group_vars/version_23_05_snapshot.yml index 16f498c39..84677a779 100644 --- a/group_vars/version_23_05_snapshot.yml +++ b/group_vars/version_23_05_snapshot.yml @@ -1,2 +1,3 @@ --- +imagebuilder_suffix: xz feed_version: 1.4.0-snapshot diff --git a/group_vars/version_snapshot.yml b/group_vars/version_snapshot.yml index 7e5d1acd7..c1463401c 100644 --- a/group_vars/version_snapshot.yml +++ b/group_vars/version_snapshot.yml @@ -1,4 +1,2 @@ --- feed_version: snapshot - -imagebuilder_filename: "openwrt-imagebuilder-{{ target | replace('/','-') }}.Linux-x86_64.tar.zst" From a8554416cddcae330d7febab0180f6688769ef44 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Fri, 8 Nov 2024 12:32:56 +0100 Subject: [PATCH 152/254] Provide feed for OpenWRT 24.10 --- group_vars/version_24_10_snapshot.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 group_vars/version_24_10_snapshot.yml diff --git a/group_vars/version_24_10_snapshot.yml b/group_vars/version_24_10_snapshot.yml new file mode 100644 index 000000000..801052cae --- /dev/null +++ b/group_vars/version_24_10_snapshot.yml @@ -0,0 +1,2 @@ +--- +feed_version: 1.5.0-snapshot From d60d75554027deac6169c9f434309f337f0a602f Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Fri, 8 Nov 2024 12:33:37 +0100 Subject: [PATCH 153/254] Netgear WAX220: promote to 24.10 it has been proven better wifi stability in kiezladen154-core. Upgrade is tested and flawless --- group_vars/model_netgear_wax220.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/model_netgear_wax220.yml b/group_vars/model_netgear_wax220.yml index 02640c5cc..30e919a61 100644 --- a/group_vars/model_netgear_wax220.yml +++ b/group_vars/model_netgear_wax220.yml @@ -4,6 +4,8 @@ brand_nice: NETGEAR model_nice: WAX220 int_port: eth0 +openwrt_version: 24.10-SNAPSHOT + requires_mac_override: true wireless_devices: From 843745578c0e3bfefc1ec63bcd7f89b6f9624c71 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sat, 9 Nov 2024 09:07:27 +0000 Subject: [PATCH 154/254] bht: change dfs usernames --- locations/bht.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/locations/bht.yml b/locations/bht.yml index 74fd25f22..243a5abe2 100644 --- a/locations/bht.yml +++ b/locations/bht.yml @@ -66,61 +66,61 @@ snmp_devices: airos_dfs_reset: - name: "bht-segen" target: "10.31.166.5" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-perleberger36" target: "10.31.166.6" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-scherer8" target: "10.31.166.7" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-nord" target: "10.31.166.8" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-chris" target: "10.31.166.9" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-jup" target: "10.31.166.10" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-ost" target: "10.31.166.11" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-sued" target: "10.31.166.12" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-fardf" target: "10.31.166.13" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "2-7" - name: "bht-west" target: "10.31.166.14" - username: "root" + username: "ubnt" password: "file:/root/pwd.txt" daytime_limit: "0-23" From bd4fb244bc15dee256cafb0c4c17c3e421359ceb Mon Sep 17 00:00:00 2001 From: Ffhener Date: Sun, 10 Nov 2024 15:07:28 +0100 Subject: [PATCH 155/254] templates: fix whitespace in rclocal --- roles/cfg_openwrt/templates/common/rc.local.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/common/rc.local.j2 b/roles/cfg_openwrt/templates/common/rc.local.j2 index b83091610..c063956c9 100644 --- a/roles/cfg_openwrt/templates/common/rc.local.j2 +++ b/roles/cfg_openwrt/templates/common/rc.local.j2 @@ -36,7 +36,7 @@ echo {{ override['value'] }} > {{ override['path'] }} # Change the option "procd_set_param stderr 1" to "0" in the file /etc/init.d/collectd # This is needed because airos_6 APs w/o stations resulted in a lot of local log spamming # In addition switches without unique port labels have the same problem -sed -i 's/\(procd_set_param stderr\)[[:space:]]*1/\1 0/' /etc/init.d/collectd +sed -i 's/\(procd_set_param stderr\)[[:space:]]*1/\1 0/' /etc/init.d/collectd {% endif %} exit 0 From 7995d211975e986b6ffd87f21940deeafa7943dd Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sat, 9 Nov 2024 11:45:17 +0000 Subject: [PATCH 156/254] bht: fix ptp / ptmp setting --- locations/bht.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/locations/bht.yml b/locations/bht.yml index 243a5abe2..48d2d7f86 100644 --- a/locations/bht.yml +++ b/locations/bht.yml @@ -155,7 +155,6 @@ networks: name: mesh_scherer8 prefix: 10.230.23.130/32 ipv6_subprefix: -12 - ptp: true - vid: 13 role: mesh @@ -168,14 +167,12 @@ networks: name: mesh_chris prefix: 10.230.23.132/32 ipv6_subprefix: -14 - ptp: true - vid: 15 role: mesh name: mesh_jup prefix: 10.230.23.133/32 ipv6_subprefix: -15 - ptp: true - vid: 16 role: mesh @@ -194,7 +191,6 @@ networks: name: mesh_fardf prefix: 10.230.23.136/32 ipv6_subprefix: -18 - ptp: true - vid: 19 role: mesh From 3781df14d78fec529e1ec9867420c0866fba2065 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 10 Nov 2024 07:51:52 +0000 Subject: [PATCH 157/254] bird: metrics penalty for 2.4 GHz adhoch over 5 GHz --- group_vars/all/general.yml | 5 +++-- roles/cfg_openwrt/templates/corerouter/bird.conf.j2 | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/group_vars/all/general.yml b/group_vars/all/general.yml index 163c4c5d1..1e6ad1e23 100644 --- a/group_vars/all/general.yml +++ b/group_vars/all/general.yml @@ -53,5 +53,6 @@ mesh_metric_default_in: 512 # Default mesh metric in inbound direction (rxcost) for tunnels mesh_metric_tunnel_in: 512 -# Default mesh metric in inbound direction (rxcost) for adhoc like interfaces -mesh_metric_adhoc_in: 2048 +# Default mesh metrics in inbound direction (rxcost) for adhoc like interfaces +mesh_metric_adhoc_11a_standard: 2024 +mesh_metric_adhoc_11g_standard: 2536 diff --git a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 index 3bc0d4df2..2345f259f 100644 --- a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 @@ -40,8 +40,9 @@ protocol babel { }; # Mesh interfaces +{# metrics for 2 GHz adhoc get a penalty over 5 GHz adhoc so 5 GHz is preferred #} {% for nw in networks | selectattr('role', 'equalto', 'mesh') %} - {% set default_mesh_metric = mesh_metric_adhoc_in if 'mesh_ap' else mesh_metric_default_in %} + {% set default_mesh_metric = hostvars[inventory_hostname].get('mesh_metric_adhoc_' ~ nw.get('mesh_radio'), mesh_metric_default_in) %} interface "{{ libnetwork.getIfname(nw) }}" { type wireless; rxcost {{ nw.get('mesh_metric', default_mesh_metric) }}; From 783f78f86285bacd4b51471ce407be4e7c420d82 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sun, 10 Nov 2024 18:39:34 +0100 Subject: [PATCH 158/254] Ansible: enable profiler to show timestamps while execution --- ansible.cfg | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible.cfg b/ansible.cfg index e14816686..4866048df 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -6,6 +6,7 @@ inventory = inventory/base_inventory, inventory/keyed_groups_stage_1.config, inv interpreter_python = auto_silent stdout_callback = debug jinja2_extensions = jinja2.ext.do +callbacks_enabled = ansible.posix.profile_tasks, ansible.posix.timer #needed for software upgrade [persistent_connection] From d087940c153a54aaab2bd9a455e0f5be6b175e45 Mon Sep 17 00:00:00 2001 From: Ffhener Date: Mon, 4 Nov 2024 13:44:40 +0100 Subject: [PATCH 159/254] kub: add mesh for ap1 --- locations/kub.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/locations/kub.yml b/locations/kub.yml index 9f0909f08..1df52bd24 100644 --- a/locations/kub.yml +++ b/locations/kub.yml @@ -89,7 +89,27 @@ networks: role: mesh name: mesh_simeon prefix: 10.31.139.16/32 - ipv6_subprefix: -1 + ipv6_subprefix: -10 + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g_ap1 + prefix: 10.31.139.17/32 + ipv6_subprefix: -20 + mesh_ap: kub-ap1 + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g_ap1 + prefix: 10.31.139.18/32 + ipv6_subprefix: -21 + mesh_ap: kub-ap1 + mesh_radio: 11g_standard + mesh_iface: mesh - vid: 40 role: dhcp From e7a5cbd30b52c7c9981da3525a17b2835f63837f Mon Sep 17 00:00:00 2001 From: Ffhener Date: Mon, 4 Nov 2024 13:46:00 +0100 Subject: [PATCH 160/254] kub: simplify untagged VLAN --- locations/kub.yml | 51 +---------------------------------------------- 1 file changed, 1 insertion(+), 50 deletions(-) diff --git a/locations/kub.yml b/locations/kub.yml index 1df52bd24..2b4c9b2a0 100644 --- a/locations/kub.yml +++ b/locations/kub.yml @@ -14,61 +14,11 @@ hosts: model: "avm_fritzbox-7530" wireless_profile: freifunk_default - # Special vlan config: - # - kub-ap1 vlan 40: 0t 1t 2 3 4 - hostname: kub-ap1 role: ap model: "cudy_x6-v1" openwrt_version: snapshot log_size: 1024 - host__rclocal__to_merge: - - '#' - - '# This script adjusts the configuration of vlans. This is especially' - - '# useful with uswflex and custom port configs' - - '#' - - '' - - '. /lib/functions.sh' - - '' - - 'handle_vlans() {' - - ' # untag the vlans on different ports based on their id' - - ' local uci_section="$1"' - - '' - - ' config_get vlan "$uci_section" vlan' - - ' config_get ports "$uci_section" ports' - - '' - - '' - - ' case "$vlan" in' - - ' 40)' - - ' # untag DHCP on LAN 1 and LAN 2' - - " port_config='wan:t lan1 lan2 lan3:t lan4:t'" - - ' ;;' - - ' *)' - - ' # do nothing for the other vlans' - - ' printf "Done.\n"' - - ' return' - - ' esac' - - '' - - ' # abort if config is applied already' - - ' if [ "$ports" = "$port_config" ]; then' - - ' printf "Vlan %d applied already.\n" "$vlan"' - - ' return' - - ' fi' - - '' - - ' printf "Port number: %d\n" "$vlan"' - - ' printf "Port config: %s\n" "$port_config"' - - '' - - ' printf "Configuring %s... " "$uci_section"' - - ' uci_set network "$uci_section" ports "$port_config"' - - ' printf "Done.\n"' - - '}' - - '' - - 'config_load network' - - '' - - 'config_foreach handle_vlans "bridge-vlan"' - - '' - - 'uci commit network' - - 'sync' - - 'reload_config' snmp_devices: - hostname: kub-simeon @@ -113,6 +63,7 @@ networks: - vid: 40 role: dhcp + untagged: true inbound_filtering: true enforce_client_isolation: true prefix: 10.31.138.128/25 From 0d0b5cde665d0472e14a456882bea6ec48ebea22 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Thu, 14 Nov 2024 07:25:01 +0000 Subject: [PATCH 161/254] dragonkiez: /56 subnets for all cores --- locations/dragonkiez-adlerhalle.yml | 7 +------ locations/dragonkiez-buero.yml | 7 +------ locations/dragonkiez-dorfplatz.yml | 7 +------ locations/dragonkiez-rathausblock-miami.yml | 7 +------ 4 files changed, 4 insertions(+), 24 deletions(-) diff --git a/locations/dragonkiez-adlerhalle.yml b/locations/dragonkiez-adlerhalle.yml index a49dd9a9e..6718d3bdb 100644 --- a/locations/dragonkiez-adlerhalle.yml +++ b/locations/dragonkiez-adlerhalle.yml @@ -18,14 +18,9 @@ snmp_devices: address: 10.31.34.46 snmp_profile: airos_8 -ipv6_prefix: "2001:bf7:830:b3c0::/58" +ipv6_prefix: "2001:bf7:830:cf00::/56" # 10.31.177.160/27 -# Dragonerareal 2001:bf7:830:b300::/56 -# Buero 2001:bf7:830:b300::/58 -# Dorfplatz 2001:bf7:830:b340::/58 -# clubmiami 2001:bf7:830:b380::/58 -# Adlerhalle 2001:bf7:830:b3c0::/58 # DHCP: 10.31.187.128/25 # UPLINK: 10.31.34.44/30 # 802.11s MESH: diff --git a/locations/dragonkiez-buero.yml b/locations/dragonkiez-buero.yml index 9ba3723b0..04a021b14 100644 --- a/locations/dragonkiez-buero.yml +++ b/locations/dragonkiez-buero.yml @@ -18,14 +18,9 @@ snmp_devices: address: 10.31.23.114 snmp_profile: airos_8 -ipv6_prefix: "2001:bf7:830:b300::/58" +ipv6_prefix: "2001:bf7:830:d000::/56" # 10.31.177.160/27 -# Dragonerareal 2001:bf7:830:b300::/56 -# Buero 2001:bf7:830:b300::/58 -# Dorfplatz 2001:bf7:830:b340::/58 -# Rathausblock Miami 2001:bf7:830:b380::/58 -# Adlerhalle 2001:bf7:830:b3c0::/58 # DHCP: 10.31.177.160/27 # UPLINK: 10.31.23.112/30 # MESH: 10.31.19.45 10.31.19.46 10.31.19.47 diff --git a/locations/dragonkiez-dorfplatz.yml b/locations/dragonkiez-dorfplatz.yml index 3ddc8a652..d92aa99e1 100644 --- a/locations/dragonkiez-dorfplatz.yml +++ b/locations/dragonkiez-dorfplatz.yml @@ -21,14 +21,9 @@ snmp_devices: address: 10.31.28.250 snmp_profile: airos_8 -ipv6_prefix: "2001:bf7:830:b340::/58" +ipv6_prefix: "2001:bf7:830:b300::/56" # 10.31.177.160/27 -# Dragonerareal 2001:bf7:830:b300::/56 -# Buero 2001:bf7:830:b300::/58 -# Dorfplatz 2001:bf7:830:b340::/58 -# clubmiami 2001:bf7:830:b380::/58 -# Adlerhalle 2001:bf7:830:b3c0::/58 # DHCP: 10.31.186.128/25 # UPLINK: 10.31.28.248/30 # 802.11s MESH: diff --git a/locations/dragonkiez-rathausblock-miami.yml b/locations/dragonkiez-rathausblock-miami.yml index 228a046ce..bf66b9522 100644 --- a/locations/dragonkiez-rathausblock-miami.yml +++ b/locations/dragonkiez-rathausblock-miami.yml @@ -26,13 +26,8 @@ snmp_devices: address: 10.31.30.34 snmp_profile: airos_8 -ipv6_prefix: "2001:bf7:830:b380::/58" +ipv6_prefix: "2001:bf7:830:d100::/56" -# Dragonerareal 2001:bf7:830:b300::/56 -# Buero 2001:bf7:830:b300::/58 -# Dorfplatz 2001:bf7:830:b340::/58 -# clubmiami 2001:bf7:830:b380::/58 -# Adlerhalle 2001:bf7:830:b3c0::/58 # DHCP: 10.31.187.0/25 # UPLINK: 10.31.30.32/30 # 802.11s MESH: From 7ccaa2979a0547d96c923f6a076c8d3457fbdcf1 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Thu, 14 Nov 2024 05:27:54 +0100 Subject: [PATCH 162/254] inventory: clean up host_vars leftovers --- inventory/base_inventory | 1 - inventory/host_vars | 1 - 2 files changed, 2 deletions(-) delete mode 120000 inventory/host_vars diff --git a/inventory/base_inventory b/inventory/base_inventory index 44602ea85..b713ea1b2 100755 --- a/inventory/base_inventory +++ b/inventory/base_inventory @@ -26,7 +26,6 @@ case "$1" in "_meta": { "hostvars": $( # Assemble hostvars for all hostnames from locations/ directory. - # For hosts defined in host_vars/ they're loaded by Ansible later. echo "$locjson" \ | jq -s -c '.[] | . as $locvars | .hosts[] | {(.hostname): (. + ($locvars | del(.hosts)) + .)}' \ | jq -s add diff --git a/inventory/host_vars b/inventory/host_vars deleted file mode 120000 index f1e217dc5..000000000 --- a/inventory/host_vars +++ /dev/null @@ -1 +0,0 @@ -../host_vars/ \ No newline at end of file From 5d903fae23452489310278f469a77b7431d6d736 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Thu, 14 Nov 2024 05:28:35 +0100 Subject: [PATCH 163/254] radbahn: remove location This location was temporary and tied to the Radbahn project. It was deconstructed on October 31st. --- locations/radbahn.yml | 157 ------------------------------------------ 1 file changed, 157 deletions(-) delete mode 100644 locations/radbahn.yml diff --git a/locations/radbahn.yml b/locations/radbahn.yml deleted file mode 100644 index b0da7f9c2..000000000 --- a/locations/radbahn.yml +++ /dev/null @@ -1,157 +0,0 @@ ---- - -location: radbahn -location_nice: Radbahn Testfeld -latitude: 52.49917 -longitude: 13.42431 -contact_nickname: Stadtfunk gGmbH -contacts: - - noc@stadtfunk.net - -hosts: - - - hostname: radbahn-core - role: corerouter - model: ubnt_usw-flex - openwrt_version: snapshot - - - hostname: radbahn-o-nf - role: ap - model: zyxel_nwa55axe - wireless_profile: radbahn - openwrt_version: snapshot - # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst - log_size: 1024 - host__rclocal__to_merge: - - 'echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm' - - 'echo 1 > /sys/kernel/debug/ieee80211/phy1/mt76/fw_debug_wm' - - - hostname: radbahn-w-nf - role: ap - model: zyxel_nwa55axe - wireless_profile: radbahn - openwrt_version: snapshot - # imagebuilder: /home/user/w/ff/bbb-configs/openwrt-imagebuilder-ramips-mt7621.Linux-x86_64.tar.zst - log_size: 1024 - host__rclocal__to_merge: - - 'echo 1 > /sys/kernel/debug/ieee80211/phy0/mt76/fw_debug_wm' - - 'echo 1 > /sys/kernel/debug/ieee80211/phy1/mt76/fw_debug_wm' - -snmp_devices: - - - hostname: radbahn-emma - address: 10.31.251.2 - snmp_profile: mikrotik_60g - -# 10.31.248.240/28 -# 10.31.248.240/29 - mgmt -# 10.31.248.248/29 - mesh -# 10.31.251.0/24 - dhcp -ipv6_prefix: 2001:bf7:830:c000::/56 - -networks: - - - vid: 10 - name: mesh_emma - role: mesh - prefix: 10.31.248.248/32 - ipv6_subprefix: -10 - ptp: true - mesh_metric: 128 - - - vid: 20 - name: mesh_o_nf2 - role: mesh - prefix: 10.31.248.249/32 - ipv6_subprefix: -20 - mesh_ap: radbahn-o-nf - mesh_radio: 11g_standard - mesh_iface: mesh - - - vid: 21 - name: mesh_o_nf5 - role: mesh - prefix: 10.31.248.250/32 - ipv6_subprefix: -21 - mesh_ap: radbahn-o-nf - mesh_radio: 11a_standard - mesh_iface: mesh - - - vid: 22 - name: mesh_w_nf2 - role: mesh - prefix: 10.31.248.251/32 - ipv6_subprefix: -22 - mesh_ap: radbahn-w-nf - mesh_radio: 11g_standard - mesh_iface: mesh - - - vid: 23 - name: mesh_w_nf5 - role: mesh - prefix: 10.31.248.252/32 - ipv6_subprefix: -23 - mesh_ap: radbahn-w-nf - mesh_radio: 11a_standard - mesh_iface: mesh - - - vid: 40 - name: dhcp - role: dhcp - prefix: 10.31.251.0/24 - ipv6_subprefix: 0 - assignments: - radbahn-core: 1 - - - vid: 42 - name: mgmt - role: mgmt - prefix: 10.31.248.240/29 - ipv6_subprefix: 1 - gateway: 1 - dns: 1 - assignments: - radbahn-core: 1 - radbahn-emma: 2 - radbahn-o-nf: 3 - radbahn-w-nf: 4 - -location__channel_assignments_11a_standard__to_merge: - radbahn-o-nf: 36-40 - radbahn-w-nf: 44-40 - -location__channel_assignments_11g_standard__to_merge: - radbahn-o-nf: 9-20 - radbahn-w-nf: 13-20 - -location__wireless_profiles__to_merge: - - name: radbahn - ifaces: - - mode: ap - ssid: berlin.freifunk.net - encryption: none - network: dhcp - radio: [11a_standard, 11g_standard] - ifname_hint: ff - - - mode: ap - ssid: radbahn.freifunk.berlin - encryption: none - network: dhcp - radio: [11a_standard, 11g_standard] - ifname_hint: ffcust - - - mode: ap - ssid: berlin.freifunk.net Encrypted - encryption: owe - network: dhcp - radio: [11a_standard, 11g_standard] - ifname_hint: ffowe - ieee80211w: 1 - - - mode: mesh - mesh_id: Mesh-Freifunk-Berlin - radio: [11a_standard, 11g_standard, 11a_mesh] - mcast_rate: 12000 - mesh_fwding: 0 - ifname_hint: mesh From 7b099fbd49269c7716289a28d60d9f075c3db80c Mon Sep 17 00:00:00 2001 From: Packet Please Date: Thu, 14 Nov 2024 05:30:23 +0100 Subject: [PATCH 164/254] hds: remove location FFRaum is coming to an end, we're moving out this month. Haus der Materialisierung which will be demolished in 2025. --- locations/hds.yml | 93 ----------------------------------------------- 1 file changed, 93 deletions(-) delete mode 100644 locations/hds.yml diff --git a/locations/hds.yml b/locations/hds.yml deleted file mode 100644 index b6f95ed25..000000000 --- a/locations/hds.yml +++ /dev/null @@ -1,93 +0,0 @@ ---- - -location: hds -location_nice: HdS Freifunk-Raum -latitude: 52.523144207 -longitude: 13.41994464 -community: true - -# IPv4 10.36.166.0/25 -# IPv4 10.36.166.144/30 -# IPv4 10.36.166.148/30 -# IPv4 10.36.166.190 -# IPv4 10.36.166.191 -# IPv6 2001:bf7:810:b00::/57 -# 2001:bf7:810:b80::/57 is used by hds-containers - -# DHCP 10.36.166.0/25 -# 802.11s 10.36.166.190 10.36.166.191 -# MESH: 10.36.166.144/30 10.36.166.148/30 -ipv6_prefix: "2001:bf7:810:b00::/57" - -hosts: - - hostname: hds-ffraum - role: corerouter - model: "ubnt_unifiac-pro" - wireless_profile: freifunk_default - -snmp_devices: - - hostname: hdm-hds - address: 10.36.166.150 - snmp_profile: airos_8 - - - hostname: hdm-p3 - address: 10.36.166.146 - snmp_profile: airos_8 - -networks: - - vid: 10 - role: dhcp - prefix: 10.36.166.1/25 - ipv6_subprefix: 0 - untagged: true - inbound_filtering: false - enforce_client_isolation: false - assignments: - hds-ffraum: 1 - hdm-switch: 2 - - - vid: 20 - role: mesh - name: wireless0 - prefix: 10.36.166.190/32 - ipv6_subprefix: -1 - mesh_metric: 1024 - mesh_ap: hds-ffraum - mesh_radio: 11a_standard - mesh_iface: mesh - - - vid: 21 - role: mesh - name: wireless1 - prefix: 10.36.166.191/32 - ipv6_subprefix: -2 - mesh_metric: 1024 - mesh_ap: hds-ffraum - mesh_radio: 11g_standard - mesh_iface: mesh - - - vid: 101 - role: mesh - name: mesh_hdm_hds - prefix: 10.36.166.149/30 - ipv6_subprefix: -3 - assignments: - hds-ffraum: 1 - hdm-hds: 2 - - - vid: 102 - role: mesh - name: mesh_hdm_p3 - prefix: 10.36.166.145/30 - ipv6_subprefix: -4 - assignments: - hds-ffraum: 1 - hdm-p3: 2 - -# AP-id, wifi-channel, bandwidth, txpower -location__channel_assignments_11a_standard__to_merge: - hds-ffraum: 36-40 - -# AP-id, wifi-channel, bandwidth, txpower -location__channel_assignments_11g_standard__to_merge: - hds-ffraum: 13-20 From 66f647cd67dc424e5939155ce95f6584862defbd Mon Sep 17 00:00:00 2001 From: Ffhener Date: Mon, 4 Nov 2024 23:20:00 +0100 Subject: [PATCH 165/254] kirchhof: new AP, switch SSID and Switch --- locations/kirchhof.yml | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/locations/kirchhof.yml b/locations/kirchhof.yml index 0d5dbf2aa..b465a9694 100644 --- a/locations/kirchhof.yml +++ b/locations/kirchhof.yml @@ -17,30 +17,40 @@ hosts: - hostname: kirchhof-nf-vorne role: ap - model: tplink_eap225-outdoor-v1 + model: zyxel_nwa50ax wireless_profile: kirchhof + wifi_roaming: true - hostname: kirchhof-nf-hinten role: ap model: tplink_eap225-outdoor-v1 wireless_profile: kirchhof + wifi_roaming: true - hostname: kirchhof-n-nf-5ghz role: ap model: mikrotik_sxtsq-5-ac mac_override: {eth0: 2c:c8:1b:8a:96:e0} wireless_profile: freifunk_default + wifi_roaming: true - hostname: kirchhof-w-nf-5ghz role: ap model: mikrotik_sxtsq-5-ac mac_override: {eth0: 2c:c8:1b:8a:96:28} wireless_profile: freifunk_default + wifi_roaming: true + + - hostname: kirchhof-nf-keller + role: ap + model: tplink_eap225-outdoor-v1 + wireless_profile: freifunk_default + wifi_roaming: true snmp_devices: - hostname: kirchhof-switch address: 10.31.183.130 - snmp_profile: edgeswitch + snmp_profile: swos_lite # 10.31.183.128/28 - mgmt - vlan 42 # 10.31.183.144/28 - mesh - vlan 20, 50 @@ -92,6 +102,7 @@ networks: kirchhof-nf-hinten: 5 kirchhof-n-nf-5ghz: 6 kirchhof-w-nf-5ghz: 7 + kirchhof-nf-keller: 8 - vid: 50 role: uplink @@ -111,25 +122,27 @@ networks: location__channel_assignments_11a_standard__to_merge: kirchhof-n-nf-5ghz: 36-20 kirchhof-w-nf-5ghz: 40-20 - kirchhof-nf-vorne: 44-20 - kirchhof-nf-hinten: 36-20 + kirchhof-nf-vorne: 44-40 + kirchhof-nf-hinten: 36-40 + kirchhof-nf-keller: 52-20-3 location__channel_assignments_11b_standard__to_merge: - kirchhof-nf-vorne: 13-20 - kirchhof-nf-hinten: 9-20 + kirchhof-nf-vorne: 1-20 + kirchhof-nf-hinten: 6-20 + kirchhof-keller: 13-20 location__wireless_profiles__to_merge: - name: kirchhof ifaces: - mode: ap - ssid: berlin.freifunk.net + ssid: khof.freifunk.net encryption: none network: dhcp radio: [11a_standard, 11g_standard] ifname_hint: ff owe_transition_ifname_hint: ffowe - mode: ap - ssid: berlin.freifunk.net OWE + ssid: khof.freifunk.net OWE hidden: true encryption: owe network: dhcp From 9f658aed7b38f620d90ac433014652e1932b57f9 Mon Sep 17 00:00:00 2001 From: Ffhener Date: Fri, 15 Nov 2024 15:05:21 +0100 Subject: [PATCH 166/254] tasks (imagebuilder): add comment explaining local imagebuilder --- roles/cfg_openwrt/tasks/imagebuilder.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/cfg_openwrt/tasks/imagebuilder.yml b/roles/cfg_openwrt/tasks/imagebuilder.yml index 238725c58..c2dc220c9 100644 --- a/roles/cfg_openwrt/tasks/imagebuilder.yml +++ b/roles/cfg_openwrt/tasks/imagebuilder.yml @@ -33,6 +33,8 @@ mode: "644" when: '"http" in imagebuilder' +# For testing purposes the imagebuilder variable can be replaced with a path to a local file. +# This task takes care of using this file instead of trying to download something - name: Copy Local Imagebuilder command: argv: From 483b9fa65601291baf0171d30489269ff7a88d51 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Fri, 8 Nov 2024 23:17:52 +0100 Subject: [PATCH 167/254] tunspace: align tunnel metric with gateways metric --- group_vars/all/general.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/all/general.yml b/group_vars/all/general.yml index 1e6ad1e23..eb54748b7 100644 --- a/group_vars/all/general.yml +++ b/group_vars/all/general.yml @@ -51,7 +51,7 @@ freifunk_global_prefix: 2001:bf7::/32 mesh_metric_default_in: 512 # Default mesh metric in inbound direction (rxcost) for tunnels -mesh_metric_tunnel_in: 512 +mesh_metric_tunnel_in: 1024 # Default mesh metrics in inbound direction (rxcost) for adhoc like interfaces mesh_metric_adhoc_11a_standard: 2024 From 68812c0801c7f74f383fe89d084458b2a6e89f84 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sun, 10 Nov 2024 04:22:41 +0100 Subject: [PATCH 168/254] common: rt_tables: fix indentation --- roles/cfg_openwrt/files/common/iproute2/rt_tables | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/cfg_openwrt/files/common/iproute2/rt_tables b/roles/cfg_openwrt/files/common/iproute2/rt_tables index f2b20ed9a..d7aa480f6 100644 --- a/roles/cfg_openwrt/files/common/iproute2/rt_tables +++ b/roles/cfg_openwrt/files/common/iproute2/rt_tables @@ -14,7 +14,7 @@ 10 babel-ff 11 babel-default -12 babel-src -20 olsr-ff +12 babel-src +20 olsr-ff 21 olsr-default From 289145d5b2cd1a50e57517fdb57d6d924c18f0c2 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sun, 10 Nov 2024 04:23:31 +0100 Subject: [PATCH 169/254] gateway: create rt_tables containing change for ipv4-via-babel migration --- roles/cfg_openwrt/files/gateway/iproute2/rt_tables | 1 + 1 file changed, 1 insertion(+) create mode 120000 roles/cfg_openwrt/files/gateway/iproute2/rt_tables diff --git a/roles/cfg_openwrt/files/gateway/iproute2/rt_tables b/roles/cfg_openwrt/files/gateway/iproute2/rt_tables new file mode 120000 index 000000000..c0ed137f3 --- /dev/null +++ b/roles/cfg_openwrt/files/gateway/iproute2/rt_tables @@ -0,0 +1 @@ +../../common/iproute2/rt_tables \ No newline at end of file From 683dd625ee09aab70d778e73ea20e28a92a8f737 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sun, 10 Nov 2024 04:24:28 +0100 Subject: [PATCH 170/254] gateway: confire bird to run babel, polish config --- .../templates/gateway/bird.conf.j2 | 182 +++++++++++++++--- 1 file changed, 159 insertions(+), 23 deletions(-) diff --git a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 index 568457c08..e1ccf29d1 100644 --- a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 @@ -1,47 +1,183 @@ -{% if 'ipv6' in uplink %} -#loglevel syslog all; -# debug protocols all; +#jinja2: trim_blocks: "true", lstrip_blocks: "true" +{% set V6_SADR_DEFAULT_ROUTE = '::/0 from ' ~ freifunk_global_prefix %} +log syslog all; +debug protocols {states}; -filter default_route { - if ( net ~ [ ::0/0 ] ) then accept; - reject; -} +# Include additional bird config files for runtime extendability +include "/dev/shm/bird_*.conf"; -# Attention: Safety measure below! -# First drop everything which is not in freifunk prefix and a /48 -filter export_aggregates { - if ( net !~ [ {{ freifunk_global_prefix }}{{ '{' }}{{ freifunk_wahlkreis_announcement_prefix }},{{ freifunk_wahlkreis_announcement_prefix}}{{ '}' }} ] ) then reject; - include "/dev/shm/announcement*.bird.conf"; - accept; -} +protocol device { }; + +## +## Kernel <-> Babel tables +## + +ipv6 sadr table v6_main; +ipv4 table v4_main; +ipv4 table v4_babel_ff; +ipv4 table v4_babel_default; +protocol kernel kernel_v6_main { + ipv6 sadr { + table v6_main; + import all; + export all; + }; + learn all; # Allow learning loopback route +} -protocol device { +# Currently not in use due to OLSRD->Babel migration +# For now babel IPv4 routes land in the subsequent KRTs +protocol kernel kernel_v4_main { + ipv4 { + table v4_main; + import none; + export none; + }; } -protocol kernel kernel6 { - ipv6 { +protocol kernel kernel_v4_babel_ff { + kernel table 10; + ipv4 { + table v4_babel_ff; + import none; export all; + }; +} + +protocol pipe pipe_v4_main_to_babel_ff { + table v4_main; + peer table v4_babel_ff; + export where net != 0.0.0.0/0; + import none; +} + +protocol kernel kernel_v4_babel_default { + kernel table 11; + ipv4 { + table v4_babel_default; import none; + export all; }; } -protocol static { - ipv6; +protocol pipe pipe_v4_main_to_babel_default { + table v4_main; + peer table v4_babel_default; + export where net = 0.0.0.0/0; + import none; +} + +## +## Babel Section +## + +protocol babel babel_mesh { + randomize router id yes; + ipv6 sadr { + table v6_main; + # Import only /56 location aggregates and default routes + import where net.len = 56 || net = {{ V6_SADR_DEFAULT_ROUTE }}; + export where source = RTS_BABEL || net = {{ ipv6_prefix }} from ::/0 || net = {{ V6_SADR_DEFAULT_ROUTE }}; + }; + ipv4 { + table v4_main; + import all; + export where source = RTS_BABEL; # For now only advertise routes learned from babel + }; + + # Mesh interfaces +{% for interface in mesh_links %} + interface "{{ interface['ifname'] }}" { + type wireless; + rxcost {{ interface.get('mesh_metric', mesh_metric_default_in) }}; + }; +{% endfor %} + + # GRE Tunnels +{% for gateway in groups['role_gateway'] | difference([inventory_hostname]) | sort %} + interface "gre4-{{ hostvars[gateway]['gre_tunnel_alias'] }}" { + type wireless; + rxcost {{ gre_metric }}; + }; +{% endfor %} + + # Wireguard tunnel links which are dynamically established + interface "wg_*" { + type wireless; + rxcost {{ mesh_metric_tunnel_in }}; + }; +} + + +{% if 'ipv6' in uplink %} +## +## BGP Section +## +ipv6 table v6_bgp_upstream; + +# Define local attribute as yet another safetynet to ensure that we dont announce the bgpdisco +# routes to our upstream which will likely make the internet explode. +# While that sounds funny that aint a joke - Take it very serious or risk our trust!! +attribute int really_announce_to_upstream; + + +# Attention. Following rules are redundant for good reasons. +# 1. Let only pass routes which carry the really_announce_to_upstream route attribute being true +# 2. Filter for networks we explicitly would like to advertise, configurable through group_vars. +# Please do not remove those and pay attention, because we are abusing BGP for really funky stuff +# in our Backbone. Those routes must never reach the internet, otherwise it might break. Not kidding! +filter bgp_export_aggregates { + # See 1. + if ! ( defined( really_announce_to_upstream ) && really_announce_to_upstream = 1312 ) then reject; + + # See 2. + if net !~ [ {{ freifunk_global_prefix }}{{ '{' }}{{ freifunk_wahlkreis_announcement_prefix }},{{ freifunk_wahlkreis_announcement_prefix}}{{ '}' }} ] then reject; + + # Allow Traffic Engineering on routes which made it until here. + include "/dev/shm/announcement*.bird.conf"; + + accept; +} + +protocol static static_v6_bgp_upstream { + ipv6 { table v6_bgp_upstream; }; {% for wahlkreis in freifunk_wahlkreis_prefixes %} {% for no in range(0, wahlkreis | ansible.utils.ipsubnet(freifunk_wahlkreis_announcement_prefix) | int) %} - route {{ wahlkreis | ansible.utils.ipsubnet(freifunk_wahlkreis_announcement_prefix, no) }} unreachable; + route {{ wahlkreis | ansible.utils.ipsubnet(freifunk_wahlkreis_announcement_prefix, no) }} unreachable { + really_announce_to_upstream = 1312; + }; {% endfor %} {% endfor %} } -protocol bgp { +protocol bgp bgp_upstream { local {{ uplink['ipv6'] | ansible.utils.ipaddr('address') }} as {{ local_asn }}; neighbor {{ uplink['ipv6'] | ansible.utils.ipaddr('peer') }} as {{ peer_asn }}; ipv6 { - import filter default_route; - export filter export_aggregates; + table v6_bgp_upstream; + import where net = ::/0; + export filter bgp_export_aggregates; }; } + +## +## Hack to announce create a source specifc default route pointing to BGP Next Hop +## Details: https://github.com/freifunk-berlin/bbb-configs/issues/1062#issuecomment-2466541315 +## +ipv6 sadr table v6_default_via_bgp; + +protocol static static_v6_default_via_bgp { + ipv6 sadr { table v6_default_via_bgp; }; + igp table v6_bgp_upstream; # Where to lookup recursive resolved next-hop + route {{ V6_SADR_DEFAULT_ROUTE }} recursive ::; +} + +protocol pipe pipe_v6_default_via_bgp_to_main { + table v6_default_via_bgp; + peer table v6_main; + export where dest != RTD_UNREACHABLE; + import none; +} {% endif %} From 893b24cc8fb496dc39fe27924a9529467dea8d2d Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sun, 10 Nov 2024 04:27:36 +0100 Subject: [PATCH 171/254] gateway: remove entire babeld --- group_vars/role_gateway/imageprofile.yml | 3 -- .../templates/gateway/config/babeld.j2 | 54 ------------------- 2 files changed, 57 deletions(-) delete mode 100644 roles/cfg_openwrt/templates/gateway/config/babeld.j2 diff --git a/group_vars/role_gateway/imageprofile.yml b/group_vars/role_gateway/imageprofile.yml index 2c082bf85..5a8b5903b 100644 --- a/group_vars/role_gateway/imageprofile.yml +++ b/group_vars/role_gateway/imageprofile.yml @@ -25,14 +25,11 @@ role_uplink_gw__packages__to_merge: - kmod-ipt-ipopt - bird2 - bird2c - - babeld - - luci-app-babeld - ip-full - gre - wireguard-tools - kmod-wireguard - wg-installer-server - - wg-installer-server-hotplug-babeld - wg-installer-server-hotplug-olsrd - conntrackd - samplicator diff --git a/roles/cfg_openwrt/templates/gateway/config/babeld.j2 b/roles/cfg_openwrt/templates/gateway/config/babeld.j2 deleted file mode 100644 index 9e311fdd0..000000000 --- a/roles/cfg_openwrt/templates/gateway/config/babeld.j2 +++ /dev/null @@ -1,54 +0,0 @@ -package babeld -config general - option 'log_file' '/var/log/babeld.log' - option 'ipv6_subtrees' 'true' - option 'ubus_bindings' 'true' - -config interface - option 'ifname' 'uplink' - option 'ignore' 'true' - -{% for interface in mesh_links|default([]) %} -{% if interface['ipv6'] is defined %} -config interface - option 'ifname' '{{ interface['name'] }}' - option 'rxcost' '{{ '256' if interface.get('link_quality_based_metric', true) else '96' }}' - option 'split_horizon' '{{ (interface['ptp'] if 'ptp' in interface else false ) | string | lower }}' - option 'link_quality' '{{ interface.get('link_quality_based_metric', true) | string | lower }}' - -config filter - option 'type' 'in' - option 'if' '{{ interface['name'] }}' - option 'action' 'metric {{ interface.get('mesh_metric', 512) }}' - -{% endif %} -{% endfor %} - -{% for gateway in groups['role_gateway'] | difference([inventory_hostname]) | sort %} -config interface - option 'ifname' '{{ hostvars[gateway]['gre_tunnel_alias'] }}' - option 'rxcost' '{{ gre_metric }}' - option 'split_horizon' 'true' -{% endfor %} - -config interface - option 'rxcost' '{{ tunnel_metric }}' - -# Redistribute default route learend from BIRD -config filter - option 'type' 'redistribute' - option 'ip' '::0/0' - option 'eq' '0' - option 'proto' '12' - option 'action' 'src-prefix {{ freifunk_global_prefix }}' - -config filter - option 'type' 'redistribute' - option 'ip' '{{ ipv6_prefix }}' - option 'eq' '{{ ipv6_prefix | ansible.utils.ipaddr('prefix') }}' - -# Finally Prohibit distribution of all local networks. (.. but allow non-local networks, e.g learned via tunnel) -config filter - option 'type' 'redistribute' - option 'local' 'true' - option 'action' 'deny' From 0f6b3d888098d7603e304f3aeb24833ef0362779 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sun, 10 Nov 2024 04:33:58 +0100 Subject: [PATCH 172/254] Revert "gateway/corerouter: reenable olsrd6 :)" This reverts commit dcd0bd0dce34e3d51e508c6c100d4b7319d7790a. --- group_vars/all/imageprofile.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/all/imageprofile.yml b/group_vars/all/imageprofile.yml index 0579b87c4..62120b520 100644 --- a/group_vars/all/imageprofile.yml +++ b/group_vars/all/imageprofile.yml @@ -39,5 +39,5 @@ all_luci_base__packages__to_merge: - uhttpd - uhttpd-mod-ubus -#all_disabled_services__to_merge: -# - "olsrd6" +all_disabled_services__to_merge: + - "olsrd6" From 2b04139e36ff5728837d0c53ba95b90b05df6f51 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sun, 10 Nov 2024 18:08:30 +0100 Subject: [PATCH 173/254] saarbruecker: fix ipv6_prefix --- locations/saarbruecker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/saarbruecker.yml b/locations/saarbruecker.yml index 59d2e5ceb..099867113 100644 --- a/locations/saarbruecker.yml +++ b/locations/saarbruecker.yml @@ -28,7 +28,7 @@ snmp_devices: address: 10.31.83.53 snmp_profile: airos_8 -ipv6_prefix: 2001:bf7:760:2201::/56 +ipv6_prefix: 2001:bf7:760:2200::/56 uplink: ifname: lan3 From 2974b3ba9c76ba02929183bc1c4f36ffe4debea8 Mon Sep 17 00:00:00 2001 From: Tom Jannek Date: Fri, 1 Nov 2024 17:50:14 +0100 Subject: [PATCH 174/254] location init: pici --- locations/hacrafu-pici.yml | 92 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 locations/hacrafu-pici.yml diff --git a/locations/hacrafu-pici.yml b/locations/hacrafu-pici.yml new file mode 100644 index 000000000..3f66ff947 --- /dev/null +++ b/locations/hacrafu-pici.yml @@ -0,0 +1,92 @@ +--- + +location: hacrafu-pici +location_nice: Petershagen/Eggersdorf +latitude: 52.527648 +longitude: 13.785758 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu e.V." +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-pici-core + role: corerouter + model: "cudy_ap3000outdoor-v1" + wireless_profile: freifunk_hacrafu + openwrt_version: 24.10-SNAPSHOT + +ipv6_prefix: "2001:bf7:850:1e00::/56" +# dhcp 10.248.21.64/27 +# mesh5 10.31.42.109/32 +# mesh2 10.31.42.110/32 +# MGMT 10.31.42.111/32 +# TUNNEL 10.248.23.252/31 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.42.109/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-pici-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.42.110/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-pici-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.248.21.64/27 + ipv6_subprefix: 0 + assignments: + hacrafu-pici-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.42.111/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-pici-core: 1 + + # Uplink + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.23.252/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.23.253/32 + wireguard_port: 51821 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de From 4392fd854498452951f8c6bfba4ebd03eee3c58b Mon Sep 17 00:00:00 2001 From: Tom Jannek Date: Fri, 1 Nov 2024 17:50:51 +0100 Subject: [PATCH 175/254] location init: risi --- locations/hacrafu-risi.yml | 92 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 locations/hacrafu-risi.yml diff --git a/locations/hacrafu-risi.yml b/locations/hacrafu-risi.yml new file mode 100644 index 000000000..4d3631b3e --- /dev/null +++ b/locations/hacrafu-risi.yml @@ -0,0 +1,92 @@ +--- + +location: hacrafu-risi +location_nice: Petershagen/Eggersdorf +latitude: 52.527648 +longitude: 13.785758 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu e.V." +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-risi-core + role: corerouter + model: "cudy_ap3000outdoor-v1" + wireless_profile: freifunk_hacrafu + openwrt_version: 24.10-SNAPSHOT + +ipv6_prefix: "2001:bf7:850:1f00::/56" +# dhcp 10.248.21.96/27 +# mesh5 10.248.20.161/32 +# mesh2 10.248.20.162/32 +# MGMT 10.248.20.163/32 +# TUNNEL 10.248.23.254/31 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.248.20.161/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-risi-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.248.20.162/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-risi-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.248.21.96/27 + ipv6_subprefix: 0 + assignments: + hacrafu-risi-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.20.163/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-risi-core: 1 + + # Uplink + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.23.254/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.23.255/32 + wireguard_port: 51821 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz freifunk@hacrafu.de From e815586ed7325116b3fd6a232685db68df90e06e Mon Sep 17 00:00:00 2001 From: Ffhener Date: Thu, 7 Nov 2024 15:09:58 +0100 Subject: [PATCH 176/254] kitty: init --- locations/kitty.yml | 111 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 locations/kitty.yml diff --git a/locations/kitty.yml b/locations/kitty.yml new file mode 100644 index 000000000..c41f5944d --- /dev/null +++ b/locations/kitty.yml @@ -0,0 +1,111 @@ +--- + +location: kitty +location_nice: Brückenstraße 1, 10179 Berlin +latitude: 52.511268 +longitude: 13.417194 +altitude: 39 +height: 11 +contact_nickname: Vinet +contacts: + - vinet@c-base.org + +# --MGMT: 10.248.22.60/30 +# --MESH: 10.248.23.232/30 +# --DHCP: 10.248.25.0/24 + +ipv6_prefix: 2001:bf7:750:7600::/56 + +hosts: + - hostname: kitty-core + role: corerouter + model: "mikrotik_routerboard-750gr3" + host__rclocal__to_merge: + - '#' + - '# This script adjusts the configuration of vlans.' + - '#' + - ' ' + - '. /lib/functions.sh' + - ' ' + - 'handle_vlans() {' + - ' # untag the vlans on different ports based on their id' + - ' local uci_section="$1"' + - ' ' + - ' config_get vlan "$uci_section" vlan' + - ' config_get ports "$uci_section" ports' + - ' ' + - ' ' + - ' case "$vlan" in' + - ' 50)' + - ' # untag MESH for uplink on port 1' + - " port_config='wan lan2:t lan3:t lan4:t lan5:t' ;;" + - ' 40)' + - ' # untag DHCP on port 2' + - " port_config='wan:t lan2 lan3:t lan4:t lan5:t' ;;" + - ' 42)' + - ' # untag mgmt on port 3' + - " port_config='wan:t lan2:t lan3 lan4:t lan5:t' ;;" + - ' *)' + - ' # do nothing for the other vlans' + - ' return' + - ' esac' + - ' ' + - ' # abort if config is applied already' + - ' if [ "$ports" = "$port_config" ]; then' + - ' printf "Vlan %d applied already.\n" "$vlan"' + - ' return' + - ' fi' + - ' ' + - ' printf "Port number: %d\n" "$vlan"' + - ' printf "Port config: %s\n" "$port_config"' + - ' ' + - ' printf "Configuring %s... " "$uci_section"' + - ' uci_set network "$uci_section" ports "$port_config"' + - ' printf "Done.\n"' + - '}' + - ' ' + - 'config_load network' + - ' ' + - 'config_foreach handle_vlans "bridge-vlan"' + - ' ' + - 'uci commit network' + - 'sync' + - 'reload_config' + +networks: + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.248.25.0/24 + ipv6_subprefix: 1 + assignments: + kitty-core: 1 + + - vid: 42 + role: mgmt + prefix: 10.248.22.60/30 + ipv6_subprefix: 0 + gateway: 1 + dns: 1 + assignments: + kitty-core: 1 + + - vid: 50 + role: uplink + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.23.232/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.23.233/32 + wireguard_port: 51821 + +location__ssh_keys__to_merge: + - comment: Vinet + key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCRpRJcexdB2N11gsbbKhXGu8sNQIAShohJpjobhSXtcUWTfRlX2SwSF0QuoHP4Bcb8IGCQc8+TK1RSc+owc1bD68gHIGQZ6b3u2sDv1JMoexqtY9PRIhOiUkPMdSJH7ay4WS7p6FHCZ8z1lrf5GaWpA+E0FNvE7sSaA7jHegYZ6D/qru9XddatItWkMgaKqVzaK+W0TldlqqORwQJg0JGPA71vakJCj/H+SsCZyn9HJ/bbq08kBqaBGU7JLFfwKpw8VGn2pwENzHQgzjb6Bfmj1XmbDvXtZjJTF7nhrxemXo9oJDDq8pVveD46cvSffvAAUFRrMlaV+v0qsYK0ir3MDGuguBn3t2+DR0K8JGufYU7i52vTwCuu3d3PRNIwyEYG4vySXpA9m7YSJEHIkasrSADGy47P+Q+jXQZoR5JS0ZtZnqA4JvnYyKd/OeLpNX7MXaDpVAI7pNrDig/4VD7LO70kPPCMAjn40qwF8lcI8U+alrqHG1RIrkugnsGs9g7tselqIi2pAUMml3as778h5Qx+p8FiD3lLPbjJfTBBgl8LfySRWxLgWTMI0TqtMvqNbsUaAB0ThN2FiJE9PrVO2dzUrBUZnaOpT+8B/zW4cGyFqqNZCjpvXkIPzp6jbPDG1aithV0C9mPOGAgq5wUIBgS+Vx95JhA3TArTz4DOdw== Vinet From b2db94de19f6d845782fcfe7278e17e04abc7db6 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Tue, 19 Nov 2024 05:05:37 +0100 Subject: [PATCH 177/254] ilr: fix config generation mesh_ap must be a host with wireless_devices --- locations/ilr.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/locations/ilr.yml b/locations/ilr.yml index a70f9dfd3..a2da54a0c 100644 --- a/locations/ilr.yml +++ b/locations/ilr.yml @@ -108,7 +108,6 @@ networks: name: mesh_5ghz prefix: 10.31.214.18/32 ipv6_subprefix: -20 - mesh_ap: ilr-core mesh_radio: 11a_standard mesh_iface: mesh @@ -120,7 +119,6 @@ networks: # make mesh_metric(s) for 2GHz worse than 5GHz mesh_metric: 1024 mesh_metric_lqm: ['default 0.8'] - mesh_ap: ilr-core mesh_radio: 11g_standard mesh_iface: mesh From 0d99440aede26621d1db7a55b1aded6352881143 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20H=C3=BCbner?= Date: Wed, 20 Nov 2024 14:52:53 +0100 Subject: [PATCH 178/254] ilr: Delete unused interfaces Fixes #1080 --- locations/ilr.yml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/locations/ilr.yml b/locations/ilr.yml index a2da54a0c..2b8d9da30 100644 --- a/locations/ilr.yml +++ b/locations/ilr.yml @@ -103,25 +103,6 @@ networks: prefix: 10.31.214.17/32 ipv6_subprefix: -11 - - vid: 20 - role: mesh - name: mesh_5ghz - prefix: 10.31.214.18/32 - ipv6_subprefix: -20 - mesh_radio: 11a_standard - mesh_iface: mesh - - - vid: 21 - role: mesh - name: mesh_2ghz - prefix: 10.31.214.19/32 - ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.8'] - mesh_radio: 11g_standard - mesh_iface: mesh - - vid: 40 role: dhcp prefix: 10.31.214.0/28 From 990e056e62b37b8298b2108862fcd8f45f23bb66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20H=C3=BCbner?= Date: Wed, 20 Nov 2024 14:53:33 +0100 Subject: [PATCH 179/254] ilr: Add static IP-Address to hypervisor On ILR there is a hypervisor (thinclient) planned. Adding a static ip-address assignment to config. --- locations/ilr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/locations/ilr.yml b/locations/ilr.yml index 2b8d9da30..0aa83f9f2 100644 --- a/locations/ilr.yml +++ b/locations/ilr.yml @@ -109,6 +109,7 @@ networks: ipv6_subprefix: 0 assignments: ilr-core: 1 + ilr-hyp: 5 # WARNING: Custom port config {1u,2t,3t,4t,5u} - vid: 435 From a53f121fb4d9a21d46f53238593731d9c87c595e Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Fri, 22 Nov 2024 17:52:08 +0100 Subject: [PATCH 180/254] corerouter: use patched version of bird2 and add proper inbound metrics Switch to using a patched version of the BIRD daemon (`bird2-babelpatch`) maintained in our own repository. This version includes modifications to the Babel protocol, allowing route filtering based on specific interfaces and neighbors, while exporting all Babel routes to BIRD's core for enhanced flexibility. Link: https://bird.network.cz/pipermail/bird-users/2023-February/016705.html Link: https://github.com/freifunk-berlin/bbb-configs/pull/1087 --- group_vars/role_corerouter/imageprofile.yml | 2 +- .../templates/corerouter/bird.conf.j2 | 22 ++++++++++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/group_vars/role_corerouter/imageprofile.yml b/group_vars/role_corerouter/imageprofile.yml index 7dad0602c..9be0ee496 100644 --- a/group_vars/role_corerouter/imageprofile.yml +++ b/group_vars/role_corerouter/imageprofile.yml @@ -1,6 +1,6 @@ --- role_corerouter__packages__to_merge: - - bird2 + - bird2-babelpatch - bird2c - collectd-mod-dhcpleases - collectd-mod-olsrd diff --git a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 index 2345f259f..664029de0 100644 --- a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 @@ -27,7 +27,23 @@ protocol babel { ipv6 sadr { table v6_main; # Import only /56 location aggregates and default routes - import where (net.len = 56) || (net = ::/0 from {{ freifunk_global_prefix }} ); + import filter { + if ! (net.len = 56 || net = ::/0 from {{ freifunk_global_prefix }}) then reject; +{% for nw in networks | selectattr('role', 'equalto', 'mesh') %} + {# metrics for 2 GHz adhoc get a penalty over 5 GHz adhoc so 5 GHz is preferred #} + {% set default_mesh_metric = hostvars[inventory_hostname].get('mesh_metric_adhoc_' ~ nw.get('mesh_radio'), mesh_metric_default_in) %} + if ifname = "{{ libnetwork.getIfname(nw) }}" then { + babel_metric = babel_metric + {{ nw.get('mesh_metric', default_mesh_metric) }}; + } +{% endfor %} +{% for nw in networks | selectattr('role', 'equalto', 'tunnel') %} + if ifname = "{{ nw.get('ifname') }}" then { + babel_metric = babel_metric + {{ nw.get('mesh_metric', mesh_metric_tunnel_in) }}; + } +{% endfor %} + accept; + }; + export filter { if net = {{ ipv6_prefix }} from ::/0 then accept; if source = RTS_BABEL then accept; @@ -40,19 +56,15 @@ protocol babel { }; # Mesh interfaces -{# metrics for 2 GHz adhoc get a penalty over 5 GHz adhoc so 5 GHz is preferred #} {% for nw in networks | selectattr('role', 'equalto', 'mesh') %} - {% set default_mesh_metric = hostvars[inventory_hostname].get('mesh_metric_adhoc_' ~ nw.get('mesh_radio'), mesh_metric_default_in) %} interface "{{ libnetwork.getIfname(nw) }}" { type wireless; - rxcost {{ nw.get('mesh_metric', default_mesh_metric) }}; }; {% endfor %} # Tunnel interfaces provided by tunspace {% for nw in networks | selectattr('role', 'equalto', 'tunnel') %} interface "{{ nw.get('ifname') }}" { type wireless; - rxcost {{ nw.get('mesh_metric', mesh_metric_tunnel_in) }}; }; {% endfor %} } From a58668da5eb4a3d29e1a143f30a49bdd15dd1967 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Fri, 22 Nov 2024 18:28:06 +0000 Subject: [PATCH 181/254] metrics: adjustments and removal of unnecessary settings --- locations/bilgi.yml | 2 -- locations/chris.yml | 4 ---- locations/colbe15.yml | 1 - locations/cralle.yml | 3 +-- locations/dragonkiez-adlerhalle.yml | 3 +-- locations/dragonkiez-dorfplatz.yml | 6 ++---- locations/dragonkiez-kiezraum.yml | 3 +-- locations/dragonkiez-rathausblock-miami.yml | 6 ++---- locations/e16outdoor.yml | 3 +-- locations/eberswalder7.yml | 3 +-- locations/elsekiehl.yml | 3 +-- locations/fffw-lebenshilfe.yml | 4 ---- locations/funkigel.yml | 3 +-- locations/gruni73.yml | 3 --- locations/habersaath.yml | 1 - locations/hirschhof.yml | 8 +++----- locations/huette.yml | 3 +-- locations/jup.yml | 4 ++-- locations/k11.yml | 3 +-- locations/k12-h1-h3n.yml | 3 +-- locations/k12-h1.yml | 5 ++--- locations/k12-h2.yml | 10 ++++------ locations/k12-h3-v0s.yml | 3 +-- locations/k12-h3-v2s.yml | 3 +-- locations/k12-h3.yml | 9 +++------ locations/k12-h4.yml | 5 +++-- locations/k9.yml | 5 ++--- locations/kiehl71.yml | 3 +-- locations/kiehlufer.yml | 5 ----- locations/knallt-m42.yml | 3 +-- locations/kotti.yml | 3 +-- locations/kts13.yml | 1 - locations/mahalle.yml | 2 -- locations/mlk-nk.yml | 6 ------ locations/noki.yml | 6 ++---- locations/perle.yml | 1 - locations/rev99.yml | 3 +-- locations/rio.yml | 2 -- locations/scharni.yml | 2 -- locations/segen.yml | 4 ---- locations/spitta13.yml | 1 - locations/tempelwg.yml | 3 +-- locations/vaterhaus.yml | 1 - locations/w38b.yml | 8 +++----- locations/weidenbaum.yml | 3 +-- locations/wilgu10.yml | 1 - locations/zwingli.yml | 5 ----- 47 files changed, 46 insertions(+), 126 deletions(-) diff --git a/locations/bilgi.yml b/locations/bilgi.yml index a08ac86a7..3023cc0b3 100644 --- a/locations/bilgi.yml +++ b/locations/bilgi.yml @@ -32,7 +32,6 @@ networks: mesh_ap: bilgi-core mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric: 1024 - vid: 21 role: mesh @@ -42,7 +41,6 @@ networks: mesh_ap: bilgi-core mesh_radio: 11g_standard mesh_iface: mesh - mesh_metric: 1024 - vid: 40 role: dhcp diff --git a/locations/chris.yml b/locations/chris.yml index 5df4302ad..e8366cbdd 100644 --- a/locations/chris.yml +++ b/locations/chris.yml @@ -105,7 +105,6 @@ networks: name: 11s_n_2ghz prefix: 10.230.18.167/32 ipv6_subprefix: -7 - mesh_metric: 1024 mesh_ap: chris-n-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -115,7 +114,6 @@ networks: name: 11s_o_2ghz prefix: 10.230.18.169/32 ipv6_subprefix: -9 - mesh_metric: 1024 mesh_ap: chris-o-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -125,7 +123,6 @@ networks: name: 11s_s_2ghz prefix: 10.230.18.170/32 ipv6_subprefix: -10 - mesh_metric: 1024 mesh_ap: chris-s-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -135,7 +132,6 @@ networks: name: 11s_w_2ghz prefix: 10.230.18.171/32 ipv6_subprefix: -11 - mesh_metric: 1024 mesh_ap: chris-w-2ghz mesh_radio: 11g_standard mesh_iface: mesh diff --git a/locations/colbe15.yml b/locations/colbe15.yml index 47e3f5c7d..3fce8ab08 100644 --- a/locations/colbe15.yml +++ b/locations/colbe15.yml @@ -28,7 +28,6 @@ networks: name: mesh_scharni prefix: 10.31.52.237/32 ipv6_subprefix: -3 - mesh_metric: 2048 mesh_ap: colbe15-ap1 mesh_radio: 11a_standard mesh_iface: mesh diff --git a/locations/cralle.yml b/locations/cralle.yml index ec2d1df0a..4c266dd62 100644 --- a/locations/cralle.yml +++ b/locations/cralle.yml @@ -65,8 +65,7 @@ networks: name: mesh_2ghz prefix: 10.31.113.89/32 ipv6_subprefix: -2 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: cralle-core mesh_radio: 11g_standard diff --git a/locations/dragonkiez-adlerhalle.yml b/locations/dragonkiez-adlerhalle.yml index 6718d3bdb..d41cee0c9 100644 --- a/locations/dragonkiez-adlerhalle.yml +++ b/locations/dragonkiez-adlerhalle.yml @@ -62,8 +62,7 @@ networks: name: mesh_2ghz prefix: 10.31.23.32/32 ipv6_subprefix: -3 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: dragonkiez-adlerhalle mesh_radio: 11g_standard diff --git a/locations/dragonkiez-dorfplatz.yml b/locations/dragonkiez-dorfplatz.yml index d92aa99e1..94297506a 100644 --- a/locations/dragonkiez-dorfplatz.yml +++ b/locations/dragonkiez-dorfplatz.yml @@ -69,8 +69,7 @@ networks: name: mesh_2ghz prefix: 10.31.28.245/32 ipv6_subprefix: -3 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: dragonkiez-dorfplatz mesh_radio: 11g_standard @@ -92,8 +91,7 @@ networks: name: mesh2_ap1 prefix: 10.31.28.247/32 ipv6_subprefix: -5 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: dragonkiez-dorfplatz-ap1 mesh_radio: 11g_standard diff --git a/locations/dragonkiez-kiezraum.yml b/locations/dragonkiez-kiezraum.yml index da4358fbc..b9305e49d 100644 --- a/locations/dragonkiez-kiezraum.yml +++ b/locations/dragonkiez-kiezraum.yml @@ -68,8 +68,7 @@ networks: name: mesh_2ghz prefix: 10.31.92.242/32 ipv6_subprefix: -3 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: dragonkiez-kiezraum mesh_radio: 11g_standard diff --git a/locations/dragonkiez-rathausblock-miami.yml b/locations/dragonkiez-rathausblock-miami.yml index bf66b9522..d9c546b92 100644 --- a/locations/dragonkiez-rathausblock-miami.yml +++ b/locations/dragonkiez-rathausblock-miami.yml @@ -74,8 +74,7 @@ networks: name: mesh2_ap1 prefix: 10.31.30.25/32 ipv6_subprefix: -3 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: dragonkiez-rathausblock-miami-ap1 mesh_radio: 11g_standard @@ -97,8 +96,7 @@ networks: name: mesh2_ap2 prefix: 10.31.30.27/32 ipv6_subprefix: -5 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: dragonkiez-rathausblock-miami-ap2 mesh_radio: 11g_standard diff --git a/locations/e16outdoor.yml b/locations/e16outdoor.yml index 7dbf12184..4aa48838f 100644 --- a/locations/e16outdoor.yml +++ b/locations/e16outdoor.yml @@ -77,8 +77,7 @@ networks: name: mesh_11s_2ghz prefix: 10.31.142.33/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: e16outdoor-core mesh_radio: 11g_standard diff --git a/locations/eberswalder7.yml b/locations/eberswalder7.yml index 43719ddb2..193a29128 100644 --- a/locations/eberswalder7.yml +++ b/locations/eberswalder7.yml @@ -55,8 +55,7 @@ networks: name: mesh_11s_2g prefix: 10.31.238.210/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.5'] mesh_ap: eberswalder7-core mesh_radio: 11g_standard diff --git a/locations/elsekiehl.yml b/locations/elsekiehl.yml index b34ee439c..e22281e4b 100644 --- a/locations/elsekiehl.yml +++ b/locations/elsekiehl.yml @@ -66,8 +66,7 @@ networks: name: mesh_11s_2ghz prefix: 10.31.179.33/32 ipv6_subprefix: -2 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: elsekiehl-core mesh_radio: 11g_standard diff --git a/locations/fffw-lebenshilfe.yml b/locations/fffw-lebenshilfe.yml index 231cf8685..59b87a484 100644 --- a/locations/fffw-lebenshilfe.yml +++ b/locations/fffw-lebenshilfe.yml @@ -56,7 +56,6 @@ networks: name: mesh_nno prefix: 10.30.96.43/32 ipv6_subprefix: -1 - mesh_metric: 1024 mesh_ap: fffw-lebenshilfe-nno-ap-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -66,7 +65,6 @@ networks: name: mesh_nw prefix: 10.30.96.44/32 ipv6_subprefix: -2 - mesh_metric: 1024 mesh_ap: fffw-lebenshilfe-nw-ap-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -76,7 +74,6 @@ networks: name: mesh_sso prefix: 10.30.96.45/32 ipv6_subprefix: -3 - mesh_metric: 1024 mesh_ap: fffw-lebenshilfe-sso-ap-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -86,7 +83,6 @@ networks: name: mesh_ono prefix: 10.30.96.46/32 ipv6_subprefix: -4 - mesh_metric: 1024 mesh_ap: fffw-lebenshilfe-ono-ap-2ghz mesh_radio: 11g_standard mesh_iface: mesh diff --git a/locations/funkigel.yml b/locations/funkigel.yml index 17ce9a0c0..38d82c95a 100644 --- a/locations/funkigel.yml +++ b/locations/funkigel.yml @@ -64,8 +64,7 @@ networks: name: mesh_2g prefix: 10.248.9.210/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2.4 GHz worse than 5 GHz - mesh_metric: 1024 + # make mesh_metric for 2.4 GHz worse than 5 GHz mesh_metric_lqm: ['default 0.5'] mesh_ap: funkigel mesh_radio: 11g_standard diff --git a/locations/gruni73.yml b/locations/gruni73.yml index 2cba1bde4..1ce2bde51 100644 --- a/locations/gruni73.yml +++ b/locations/gruni73.yml @@ -98,7 +98,6 @@ networks: name: mesh_11s_o5 prefix: 10.31.156.40/32 ipv6_subprefix: -6 - mesh_metric: 1024 mesh_ap: gruni73-nf-o-5ghz mesh_radio: 11a_standard mesh_iface: mesh @@ -109,7 +108,6 @@ networks: name: mesh_11s_s5 prefix: 10.31.156.41/32 ipv6_subprefix: -7 - mesh_metric: 1024 mesh_ap: gruni73-nf-s-5ghz mesh_radio: 11a_standard mesh_iface: mesh @@ -120,7 +118,6 @@ networks: name: mesh_11s_w5 prefix: 10.31.156.42/32 ipv6_subprefix: -8 - mesh_metric: 1024 mesh_ap: gruni73-nf-w-5ghz mesh_radio: 11a_standard mesh_iface: mesh diff --git a/locations/habersaath.yml b/locations/habersaath.yml index 8e9d2164c..87763b539 100644 --- a/locations/habersaath.yml +++ b/locations/habersaath.yml @@ -103,7 +103,6 @@ networks: mesh_ap: habersaath-w-nf-5ghz mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric: 1024 mesh_metric_lqm: - default 0.12 # Penalty so local uplink is preferred diff --git a/locations/hirschhof.yml b/locations/hirschhof.yml index 892d0afc4..fc8b7c267 100644 --- a/locations/hirschhof.yml +++ b/locations/hirschhof.yml @@ -32,8 +32,7 @@ networks: name: mesh_5ghz prefix: 10.31.159.128/32 ipv6_subprefix: -20 - # make mesh_metric(s) for 2GHz omni worse than 2GHz directional - mesh_metric: 1024 + # make mesh_metric for 2GHz omni worse than 2GHz directional mesh_metric_lqm: ['default 0.8'] mesh_ap: hirschhof-core mesh_radio: 11a_standard @@ -45,8 +44,7 @@ networks: name: mesh_2ghz prefix: 10.31.159.129/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz omni worse than 5GHz omni - mesh_metric: 2048 + # make mesh_metric for 2GHz omni worse than 5GHz omni mesh_metric_lqm: ['default 0.6'] mesh_ap: hirschhof-core mesh_radio: 11g_standard @@ -58,7 +56,7 @@ networks: name: mesh_k12 prefix: 10.31.159.130/32 ipv6_subprefix: -22 - # adjust mesh_metric(s) to prefer this route + # adjust mesh_metric to prefer this route mesh_metric: 512 mesh_ap: hirschhof-k12 mesh_radio: 11g_standard diff --git a/locations/huette.yml b/locations/huette.yml index b9c79da0d..1cba76c63 100644 --- a/locations/huette.yml +++ b/locations/huette.yml @@ -44,8 +44,7 @@ networks: # name: mesh_11s_2ghz # prefix: 10.31.114.2/32 # ipv6_subprefix: -21 - # # make mesh_metric(s) for 2GHz worse than 5GHz - # mesh_metric: 1024 + # # make mesh_metric for 2GHz worse than 5GHz # mesh_metric_lqm: ['default 0.8'] # mesh_ap: huette-core # mesh_radio: 11g_standard diff --git a/locations/jup.yml b/locations/jup.yml index b1f99351c..5128dd888 100644 --- a/locations/jup.yml +++ b/locations/jup.yml @@ -65,8 +65,8 @@ networks: name: mesh_bht prefix: 10.31.147.128/32 ipv6_subprefix: -1 - mesh_metric: 2048 - mesh_metric_lqm: ['default 0.25'] + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.5'] ptp: true - vid: 11 diff --git a/locations/k11.yml b/locations/k11.yml index c3ca80b2d..c8188299b 100644 --- a/locations/k11.yml +++ b/locations/k11.yml @@ -42,8 +42,7 @@ networks: name: mesh_2ghz prefix: 10.31.185.129/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: k11-core mesh_radio: 11g_standard diff --git a/locations/k12-h1-h3n.yml b/locations/k12-h1-h3n.yml index 504636f13..31beceacc 100644 --- a/locations/k12-h1-h3n.yml +++ b/locations/k12-h1-h3n.yml @@ -41,8 +41,7 @@ networks: name: mesh_core_2g prefix: 10.248.19.241/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: k12-h1-h3n mesh_radio: 11g_standard diff --git a/locations/k12-h1.yml b/locations/k12-h1.yml index 19faaeaf6..1b54515e1 100644 --- a/locations/k12-h1.yml +++ b/locations/k12-h1.yml @@ -42,8 +42,7 @@ networks: name: mesh_core_2g prefix: 10.31.226.146/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: k12-h1-core mesh_radio: 11g_standard @@ -55,7 +54,7 @@ networks: name: mesh_lan prefix: 10.31.226.147/32 ipv6_subprefix: -30 - # adjust mesh_metric(s) to prefer this + # adjust mesh_metric to prefer this mesh_metric: 128 # DHCP with filtering and isolation diff --git a/locations/k12-h2.yml b/locations/k12-h2.yml index 9d52fa8ae..1c4de2ed6 100644 --- a/locations/k12-h2.yml +++ b/locations/k12-h2.yml @@ -71,8 +71,7 @@ networks: name: mesh_core_2g prefix: 10.31.158.130/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: k12-h2-core mesh_radio: 11g_standard @@ -94,8 +93,7 @@ networks: name: mesh_h1s_2g prefix: 10.31.158.132/32 ipv6_subprefix: -23 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: k12-h2-h1s mesh_radio: 11g_standard @@ -107,7 +105,7 @@ networks: name: mesh_cpe prefix: 10.31.158.133/32 ipv6_subprefix: -24 - # adjust mesh_metric(s) to prefer this route + # adjust mesh_metric to prefer this route mesh_metric: 256 mesh_ap: k12-h2-cpe mesh_radio: 11a_standard @@ -119,7 +117,7 @@ networks: name: mesh_lan prefix: 10.31.226.134/32 ipv6_subprefix: -30 - # adjust mesh_metric(s) to prefer this route + # adjust mesh_metric to prefer this route mesh_metric: 128 # DHCP diff --git a/locations/k12-h3-v0s.yml b/locations/k12-h3-v0s.yml index f846a406e..364544fc4 100644 --- a/locations/k12-h3-v0s.yml +++ b/locations/k12-h3-v0s.yml @@ -42,8 +42,7 @@ networks: name: mesh_core_2g prefix: 10.31.227.145/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: k12-h3-v0s mesh_radio: 11g_standard diff --git a/locations/k12-h3-v2s.yml b/locations/k12-h3-v2s.yml index 6d1c50b09..5948793ce 100644 --- a/locations/k12-h3-v2s.yml +++ b/locations/k12-h3-v2s.yml @@ -42,8 +42,7 @@ networks: name: mesh_core_2g prefix: 10.248.19.145/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: k12-h3-v2s mesh_radio: 11g_standard diff --git a/locations/k12-h3.yml b/locations/k12-h3.yml index 107049022..0cbac503b 100644 --- a/locations/k12-h3.yml +++ b/locations/k12-h3.yml @@ -48,8 +48,7 @@ networks: name: mesh_core_2g prefix: 10.31.226.210/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: k12-h3-core mesh_radio: 11g_standard @@ -71,8 +70,7 @@ networks: name: mesh_h3n_2g prefix: 10.31.226.212/32 ipv6_subprefix: -23 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: k12-h3-h3n mesh_radio: 11g_standard @@ -94,8 +92,7 @@ networks: # name: mesh_v2s_2g # prefix: 10.31.226.214/32 # ipv6_subprefix: -25 - # # make mesh_metric(s) for 2GHz worse than 5GHz - # mesh_metric: 1024 + # # make mesh_metric for 2GHz worse than 5GHz # mesh_metric_lqm: ['default 0.8'] # mesh_ap: k12-h3-v2s # mesh_radio: 11g_standard diff --git a/locations/k12-h4.yml b/locations/k12-h4.yml index 2fbca322c..ef42c1535 100644 --- a/locations/k12-h4.yml +++ b/locations/k12-h4.yml @@ -63,6 +63,8 @@ networks: name: mesh_hirsch prefix: 10.31.157.162/32 ipv6_subprefix: -22 + # prefer this link towards Hirschhof + mesh_metric: 512 mesh_ap: k12-h4-hirschhof mesh_radio: 11g_standard mesh_iface: mesh @@ -83,8 +85,7 @@ networks: name: mesh_h0s_2g prefix: 10.31.157.164/32 ipv6_subprefix: -24 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: k12-h4-h0s mesh_radio: 11g_standard diff --git a/locations/k9.yml b/locations/k9.yml index 5026aabf0..e2c5624f1 100644 --- a/locations/k9.yml +++ b/locations/k9.yml @@ -72,7 +72,7 @@ networks: name: mesh_k9int prefix: 10.31.9.240/28 ipv6_subprefix: -20 - mesh_metric: 64 + mesh_metric: 128 mesh_metric_lqm: ['default 0.2'] # Ignore Uplink one Hop away / requires 0.2 LQM assignments: @@ -94,8 +94,7 @@ networks: name: mesh_2g prefix: 10.31.9.228/32 ipv6_subprefix: -22 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.5'] mesh_ap: k9-core mesh_radio: 11g_standard diff --git a/locations/kiehl71.yml b/locations/kiehl71.yml index d2a0e97c0..920ea2424 100644 --- a/locations/kiehl71.yml +++ b/locations/kiehl71.yml @@ -66,8 +66,7 @@ networks: name: mesh_11s_2ghz prefix: 10.31.178.225/32 ipv6_subprefix: -2 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: kiehl71-core mesh_radio: 11g_standard diff --git a/locations/kiehlufer.yml b/locations/kiehlufer.yml index e66f1117a..b92e82b9c 100644 --- a/locations/kiehlufer.yml +++ b/locations/kiehlufer.yml @@ -120,7 +120,6 @@ networks: name: mesh_nf_wbp1 prefix: 10.31.151.115/32 ipv6_subprefix: -4 - mesh_metric: 2048 mesh_ap: kiehlufer-nf-wbp1 mesh_radio: 11a_standard mesh_iface: mesh @@ -129,7 +128,6 @@ networks: name: mesh_nf_wbp2 prefix: 10.31.151.116/32 ipv6_subprefix: -5 - mesh_metric: 2048 mesh_ap: kiehlufer-nf-wbp2 mesh_radio: 11a_standard mesh_iface: mesh @@ -138,7 +136,6 @@ networks: name: mesh_nf_wbp3 prefix: 10.31.151.117/32 ipv6_subprefix: -6 - mesh_metric: 2048 mesh_ap: kiehlufer-nf-wbp3 mesh_radio: 11a_standard mesh_iface: mesh @@ -148,7 +145,6 @@ networks: name: mesh_huet_5g prefix: 10.31.151.118/32 ipv6_subprefix: -7 - mesh_metric: 2048 mesh_ap: kiehlufer-huette mesh_radio: 11a_standard mesh_iface: mesh @@ -157,7 +153,6 @@ networks: name: mesh_nf_wbp4 prefix: 10.31.151.119/32 ipv6_subprefix: -8 - mesh_metric: 2048 mesh_ap: kiehlufer-nf-wbp4 mesh_radio: 11a_standard mesh_iface: mesh diff --git a/locations/knallt-m42.yml b/locations/knallt-m42.yml index 70f214058..bb95d2761 100644 --- a/locations/knallt-m42.yml +++ b/locations/knallt-m42.yml @@ -50,8 +50,7 @@ networks: name: mesh_2ghz prefix: 10.248.0.99/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: knallt-m42-core mesh_radio: 11g_standard diff --git a/locations/kotti.yml b/locations/kotti.yml index 445f3082c..317b6afef 100644 --- a/locations/kotti.yml +++ b/locations/kotti.yml @@ -52,8 +52,7 @@ networks: name: mesh_2g prefix: 10.31.167.218/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.5'] mesh_ap: kotti-core mesh_radio: 11g_standard diff --git a/locations/kts13.yml b/locations/kts13.yml index 11780a07e..7eb8c1614 100644 --- a/locations/kts13.yml +++ b/locations/kts13.yml @@ -43,7 +43,6 @@ networks: name: mesh_ap1 prefix: '10.31.166.194/32' ipv6_subprefix: -2 - mesh_metric: 1024 mesh_ap: kts13-ap1 mesh_radio: 11a_standard mesh_iface: mesh diff --git a/locations/mahalle.yml b/locations/mahalle.yml index cab88bb2b..71aa00af7 100644 --- a/locations/mahalle.yml +++ b/locations/mahalle.yml @@ -42,7 +42,6 @@ networks: mesh_ap: mahalle-nf-w mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric: 1024 - vid: 21 role: mesh @@ -52,7 +51,6 @@ networks: mesh_ap: mahalle-nf-o mesh_radio: 11a_standard mesh_iface: mesh - mesh_metric: 1024 - vid: 40 role: dhcp diff --git a/locations/mlk-nk.yml b/locations/mlk-nk.yml index 75cc7bc3b..c74e4ab84 100644 --- a/locations/mlk-nk.yml +++ b/locations/mlk-nk.yml @@ -53,9 +53,7 @@ networks: name: mesh_nno_5 prefix: 10.31.69.33/32 ipv6_subprefix: -11 - mesh_metric: 1024 mesh_metric_lqm: ['default 0.6'] - ptp: true # Nanostation M5 - Airos 6 - Orientation Sonnenallee - vid: 12 @@ -63,9 +61,7 @@ networks: name: mesh_so_5 prefix: 10.31.69.34/32 ipv6_subprefix: -12 - mesh_metric: 1024 mesh_metric_lqm: ['default 0.7'] - ptp: true # 802.11s mesh links (VID 20-29) # 802.11s mesh nf - SXTsq5ac - Orientation Rhnk @@ -84,7 +80,6 @@ networks: name: mesh_nf_wbp2 prefix: 10.31.69.36/32 ipv6_subprefix: -21 - mesh_metric: 2048 mesh_ap: mlk-nk-nf-wbp2 mesh_radio: 11g_standard mesh_iface: mesh @@ -95,7 +90,6 @@ networks: name: mesh_nf_wbp3 prefix: 10.31.69.37/32 ipv6_subprefix: -22 - mesh_metric: 2048 mesh_ap: mlk-nk-nf-wbp3 mesh_radio: 11g_standard mesh_iface: mesh diff --git a/locations/noki.yml b/locations/noki.yml index 2bca0d26b..e53b23681 100644 --- a/locations/noki.yml +++ b/locations/noki.yml @@ -77,8 +77,7 @@ networks: name: mesh_2g_core prefix: 10.31.215.35/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: noki-core mesh_radio: 11g_standard @@ -100,8 +99,7 @@ networks: name: mesh_2g_ap prefix: 10.31.215.37/32 ipv6_subprefix: -23 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: noki-ap mesh_radio: 11g_standard diff --git a/locations/perle.yml b/locations/perle.yml index c04daa9ab..aa0c03e7f 100644 --- a/locations/perle.yml +++ b/locations/perle.yml @@ -58,7 +58,6 @@ networks: name: mesh_2g prefix: 10.31.205.138/32 ipv6_subprefix: -21 - mesh_metric: 1024 mesh_metric_lqm: ['default 0.5'] mesh_ap: perle-core mesh_radio: 11g_standard diff --git a/locations/rev99.yml b/locations/rev99.yml index ae02ce6ca..b790eb12a 100644 --- a/locations/rev99.yml +++ b/locations/rev99.yml @@ -52,8 +52,7 @@ networks: name: mesh_2g prefix: 10.31.214.138/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: rev99-core mesh_radio: 11g_standard diff --git a/locations/rio.yml b/locations/rio.yml index c1a77658d..9dab57dbb 100644 --- a/locations/rio.yml +++ b/locations/rio.yml @@ -64,7 +64,6 @@ networks: name: mesh_rio prefix: 10.31.134.18/32 ipv6_subprefix: -3 - mesh_metric: 2048 mesh_ap: rio-sxt mesh_radio: 11a_standard mesh_iface: mesh @@ -74,7 +73,6 @@ networks: name: mesh_ubnt prefix: 10.31.134.19/32 ipv6_subprefix: -4 - mesh_metric: 2048 mesh_ap: rio-ubnt mesh_radio: 11a_standard mesh_iface: mesh diff --git a/locations/scharni.yml b/locations/scharni.yml index 5744e5bda..935274a8d 100644 --- a/locations/scharni.yml +++ b/locations/scharni.yml @@ -65,7 +65,6 @@ networks: name: mesh_zwingli prefix: 10.31.252.193/32 ipv6_subprefix: -3 - mesh_metric: 512 ptp: true - vid: 20 @@ -73,7 +72,6 @@ networks: name: mesh_ap3 prefix: 10.31.252.194/32 ipv6_subprefix: -4 - mesh_metric: 2048 mesh_ap: scharni-ap3 mesh_radio: 11a_standard mesh_iface: mesh diff --git a/locations/segen.yml b/locations/segen.yml index 54c933f49..0df52d69b 100644 --- a/locations/segen.yml +++ b/locations/segen.yml @@ -223,7 +223,6 @@ networks: name: mesh_11s_n2 prefix: 10.31.6.72/32 ipv6_subprefix: -9 - mesh_metric: 2048 mesh_metric_lqm: ['default 0.4'] mesh_ap: segen-n-nf-2ghz mesh_radio: 11g_standard @@ -234,7 +233,6 @@ networks: name: mesh_11s_o2 prefix: 10.31.6.73/32 ipv6_subprefix: -10 - mesh_metric: 2048 mesh_metric_lqm: ['default 0.4'] mesh_ap: segen-o-nf-2ghz mesh_radio: 11g_standard @@ -245,7 +243,6 @@ networks: name: mesh_11s_s2 prefix: 10.31.6.74/32 ipv6_subprefix: -11 - mesh_metric: 2048 mesh_metric_lqm: ['default 0.4'] mesh_ap: segen-s-nf-2ghz mesh_radio: 11g_standard @@ -256,7 +253,6 @@ networks: name: mesh_11s_w2 prefix: 10.31.6.75/32 ipv6_subprefix: -12 - mesh_metric: 2048 mesh_metric_lqm: ['default 0.4'] mesh_ap: segen-w-nf-2ghz mesh_radio: 11g_standard diff --git a/locations/spitta13.yml b/locations/spitta13.yml index 98fc4fb26..2d7c6a2d5 100644 --- a/locations/spitta13.yml +++ b/locations/spitta13.yml @@ -88,7 +88,6 @@ networks: mesh_radio: 11g_standard mesh_iface: mesh mesh_metric_lqm: ['default 0.3'] # prefer 5 GHz mesh - mesh_metric: 1024 - vid: 21 role: mesh diff --git a/locations/tempelwg.yml b/locations/tempelwg.yml index bfbc6f16b..a3c6a8dd4 100644 --- a/locations/tempelwg.yml +++ b/locations/tempelwg.yml @@ -46,8 +46,7 @@ networks: name: mesh_2g prefix: 10.248.17.17/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.8'] mesh_ap: tempelwg-core mesh_radio: 11g_standard diff --git a/locations/vaterhaus.yml b/locations/vaterhaus.yml index 50dba6181..9f7811759 100644 --- a/locations/vaterhaus.yml +++ b/locations/vaterhaus.yml @@ -137,7 +137,6 @@ networks: name: mesh_11s_no prefix: 10.230.192.230/32 ipv6_subprefix: -7 - mesh_metric: 2048 mesh_ap: vaterhaus-n-nf-2ghz mesh_radio: 11g_standard mesh_iface: mesh diff --git a/locations/w38b.yml b/locations/w38b.yml index faff51161..3b90c223d 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -79,8 +79,7 @@ networks: name: mesh_2g prefix: 10.31.212.36/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.5'] mesh_ap: w38b-core mesh_radio: 11g_standard @@ -102,8 +101,7 @@ networks: name: mesh_ap1_2g prefix: 10.31.212.38/32 ipv6_subprefix: -23 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.5'] mesh_ap: w38b-ap1 mesh_radio: 11g_standard @@ -116,7 +114,7 @@ networks: prefix: 10.31.212.39/32 ipv6_subprefix: -30 # adjust mesh_metric(s) to prefer other links - mesh_metric: 2048 + mesh_metric: 4096 mesh_metric_lqm: ['default 0.25'] # DHCP with filtering and isolation diff --git a/locations/weidenbaum.yml b/locations/weidenbaum.yml index e7a9df17f..42d9f790a 100644 --- a/locations/weidenbaum.yml +++ b/locations/weidenbaum.yml @@ -54,8 +54,7 @@ networks: name: mesh_2g prefix: 10.31.204.148/32 ipv6_subprefix: -21 - # make mesh_metric(s) for 2GHz worse than 5GHz - mesh_metric: 1024 + # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.5'] mesh_ap: weidenbaum-core mesh_radio: 11g_standard diff --git a/locations/wilgu10.yml b/locations/wilgu10.yml index d3f9643fd..7c7a5b31a 100644 --- a/locations/wilgu10.yml +++ b/locations/wilgu10.yml @@ -72,7 +72,6 @@ networks: name: mesh_east_2g prefix: 10.230.210.106/32 ipv6_subprefix: -3 - mesh_metric: 2048 mesh_ap: wilgu10-east-nf-2ghz mesh_radio: 11g_standard mesh_iface: mesh diff --git a/locations/zwingli.yml b/locations/zwingli.yml index 4c4831b5f..7f295db30 100644 --- a/locations/zwingli.yml +++ b/locations/zwingli.yml @@ -193,7 +193,6 @@ networks: name: mesh_11s_o2 prefix: 10.31.115.42/32 ipv6_subprefix: -11 - mesh_metric: 1024 mesh_ap: zwingli-ost-nf-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -205,7 +204,6 @@ networks: name: mesh_11s_w2 prefix: 10.31.115.44/32 ipv6_subprefix: -13 - mesh_metric: 1024 mesh_ap: zwingli-west-nf-2ghz mesh_radio: 11g_standard mesh_iface: mesh @@ -219,7 +217,6 @@ networks: name: mesh_11s_n5 prefix: 10.31.115.45/32 ipv6_subprefix: -14 - mesh_metric: 1024 mesh_ap: zwingli-nord-nf-5ghz mesh_radio: 11a_standard mesh_iface: mesh @@ -231,7 +228,6 @@ networks: name: mesh_11s_o5 prefix: 10.31.115.46/32 ipv6_subprefix: -15 - mesh_metric: 1024 mesh_ap: zwingli-ost-nf-5ghz mesh_radio: 11a_standard mesh_iface: mesh @@ -243,7 +239,6 @@ networks: name: mesh_11s_w5 prefix: 10.31.115.48/32 ipv6_subprefix: -17 - mesh_metric: 1024 mesh_ap: zwingli-west-nf-5ghz mesh_radio: 11a_standard mesh_iface: mesh From 87724718d7dc3a17b5c77180b47aa1e9662c0075 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Mon, 25 Nov 2024 13:41:52 +0000 Subject: [PATCH 182/254] w38b: next try to fix olsr route flapping --- locations/w38b.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/w38b.yml b/locations/w38b.yml index 3b90c223d..ad3fde4c3 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -52,7 +52,7 @@ networks: ptp: true # prefer routing via RHNK over SAMA mesh_metric: 256 - mesh_metric_lqm: ['default 0.8'] + mesh_metric_lqm: ['default 0.5'] # MESH - RHNK - vid: 11 From c904a5315c405d794ed767a97731597cd2f6c561 Mon Sep 17 00:00:00 2001 From: Tom Jannek Date: Mon, 25 Nov 2024 19:46:31 +0100 Subject: [PATCH 183/254] readme: fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e44312b34..3e8b03620 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ The image compilation takes the variables defined by the hosts and location file e.g. some drivers expect network config concerning the distributed switching architecture, and some use the legacy sw-config format. Based on the predefined roles, core-router, access point, and gateway, a customized set of tasks are executed. The last step is to download the correct OpenWrt-Imagebuilder for the host and give it all generated config files. The Imagebuilder generates a binary image embedded with the customized config for this one host in the particular location. Flashing this image to a router will set the router after boot directly in the correct operating state. Further, this router will not be able to lose any of its configurations since it is embedded into its image. -If we need someone to reproduce our setup, the person can just generate the image for the involved routers, aka hosts, and provision them. Everyone can reproduce our setup and can work with us on our configurations from all other the world. In the future, it may be possible to abstract the actual router hardware with QEMU opening new interesting use cases. +If we need someone to reproduce our setup, the person can just generate the image for the involved routers, aka hosts, and provision them. Everyone can reproduce our setup and can work with us on our configurations from all over the world. In the future, it may be possible to abstract the actual router hardware with QEMU opening new interesting use cases. ## Developers and Maintainers From 3afa3e4e7d0bb500256f14e23cf1936fe5457e01 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Wed, 27 Nov 2024 06:27:52 +0000 Subject: [PATCH 184/254] zwingli: further adjust metric to avoid sama link --- locations/zwingli.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/zwingli.yml b/locations/zwingli.yml index 7f295db30..be80ec709 100644 --- a/locations/zwingli.yml +++ b/locations/zwingli.yml @@ -159,7 +159,7 @@ networks: ipv6_subprefix: -5 # prefer routing via emma over sama to use ohlauer as gateway) mesh_metric: 256 - mesh_metric_lqm: ['default 0.8'] + mesh_metric_lqm: ['default 0.5'] ptp: true - vid: 16 From 96e4ad91b835ced1d27a04869a174686e86b1c9a Mon Sep 17 00:00:00 2001 From: Packet Please Date: Wed, 27 Nov 2024 12:52:25 +0100 Subject: [PATCH 185/254] treewide: switch debugged hosts from snapshot to 24.10 --- locations/huette.yml | 2 +- locations/hway.yml | 2 +- locations/kiehlufer.yml | 4 ++-- locations/kub.yml | 2 +- locations/suedblock.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/locations/huette.yml b/locations/huette.yml index 1cba76c63..be0240102 100644 --- a/locations/huette.yml +++ b/locations/huette.yml @@ -16,7 +16,7 @@ hosts: role: corerouter model: "zyxel_nwa55axe" wireless_profile: freifunk_default - openwrt_version: snapshot + openwrt_version: 24.10-SNAPSHOT log_size: 1024 ipv6_prefix: '2001:bf7:830:2600::/56' diff --git a/locations/hway.yml b/locations/hway.yml index 3f773145b..4900fe4e6 100644 --- a/locations/hway.yml +++ b/locations/hway.yml @@ -39,7 +39,7 @@ hosts: role: ap wireless_profile: hway model: zyxel_nwa50ax - openwrt_version: snapshot + openwrt_version: 24.10-SNAPSHOT log_size: 1024 snmp_devices: diff --git a/locations/kiehlufer.yml b/locations/kiehlufer.yml index b92e82b9c..fe066294b 100644 --- a/locations/kiehlufer.yml +++ b/locations/kiehlufer.yml @@ -30,14 +30,14 @@ hosts: role: corerouter model: "cudy_x6-v1" wireless_profile: freifunk_default - openwrt_version: snapshot + openwrt_version: 24.10-SNAPSHOT log_size: 1024 - hostname: kiehlufer-huette role: ap model: "zyxel_nwa55axe" wireless_profile: kiehlufer5g - openwrt_version: snapshot + openwrt_version: 24.10-SNAPSHOT log_size: 1024 - hostname: kiehlufer-nf-wbp1 diff --git a/locations/kub.yml b/locations/kub.yml index 2b4c9b2a0..955651f1a 100644 --- a/locations/kub.yml +++ b/locations/kub.yml @@ -17,7 +17,7 @@ hosts: - hostname: kub-ap1 role: ap model: "cudy_x6-v1" - openwrt_version: snapshot + openwrt_version: 24.10-SNAPSHOT log_size: 1024 snmp_devices: diff --git a/locations/suedblock.yml b/locations/suedblock.yml index ed0ae61ee..eaae4c0a0 100644 --- a/locations/suedblock.yml +++ b/locations/suedblock.yml @@ -19,7 +19,7 @@ hosts: model: "cudy_x6-v1" wireless_profile: freifunk_default dhcp_no_ping: false - openwrt_version: snapshot + openwrt_version: 24.10-SNAPSHOT log_size: 1024 # 10.248.13.0/24 From cbc3c65a15b61e39cd38d3d517062cd92ddabf18 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Fri, 29 Nov 2024 12:31:46 +0000 Subject: [PATCH 186/254] workflows: add ipv6_subprefix duplicate check --- .github/checks/check-duplicates.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/checks/check-duplicates.sh b/.github/checks/check-duplicates.sh index 3c00edccc..358c27c4a 100755 --- a/.github/checks/check-duplicates.sh +++ b/.github/checks/check-duplicates.sh @@ -68,6 +68,9 @@ for file in $location_files; do # Check for name duplicates within networks check_duplicates 'select(.networks != null) | .networks[] | select(.name != null) | .name' "name within networks" "$file" + # Check for ipv6_subprefix duplicates within networks + check_duplicates 'select(.networks != null) | .networks[] | select(.ipv6_subprefix != null) | .ipv6_subprefix' "ipv6_subprefix within networks" "$file" + done # Exit with a non-zero status code if any errors were found From 01976425463a2a30184510b9cf747540e5def0f9 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Fri, 29 Nov 2024 12:33:47 +0000 Subject: [PATCH 187/254] w38b: fix ipv6_subprefix duplicate --- locations/w38b.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/w38b.yml b/locations/w38b.yml index ad3fde4c3..f986b9f13 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -158,7 +158,7 @@ networks: name: private_2 inbound_filtering: true prefix: 10.31.212.112/28 - ipv6_subprefix: 3 + ipv6_subprefix: 4 assignments: w38b-core: 1 # 10.31.212.113 w38b-ds: 2 # 10.31.212.114 From 1933d57466e9a8c8d15620a88710c3ed53c52ab5 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sat, 30 Nov 2024 07:16:03 +0000 Subject: [PATCH 188/254] bht, jup: fix routing This fixes the routing in the triangle bht<->jup<->segen and also assures that bht routes via perleberger36->strom instead of using segen->saarbruecker or chris/mela->teufelsberg->ak36. --- locations/bht.yml | 7 +++++++ locations/jup.yml | 2 -- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/locations/bht.yml b/locations/bht.yml index 48d2d7f86..88c6a382e 100644 --- a/locations/bht.yml +++ b/locations/bht.yml @@ -140,6 +140,7 @@ networks: prefix: 10.230.23.128/32 ipv6_subprefix: -10 ptp: true + # Prefer routing via perleberger36 over segen mesh_metric: 1024 mesh_metric_lqm: ['default 0.2'] @@ -149,6 +150,9 @@ networks: prefix: 10.230.23.129/32 ipv6_subprefix: -11 ptp: true + # Prefer routing via perleberger36 over segen, chris, mela + mesh_metric: 256 + - vid: 12 role: mesh @@ -173,6 +177,9 @@ networks: name: mesh_jup prefix: 10.230.23.133/32 ipv6_subprefix: -15 + # Set metrics similar as for mesh_segen so path via jup is always worse + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.25'] - vid: 16 role: mesh diff --git a/locations/jup.yml b/locations/jup.yml index 5128dd888..1f35a080d 100644 --- a/locations/jup.yml +++ b/locations/jup.yml @@ -65,8 +65,6 @@ networks: name: mesh_bht prefix: 10.31.147.128/32 ipv6_subprefix: -1 - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.5'] ptp: true - vid: 11 From ce95e916f41189cc588f447ef86e6565b34d688f Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sat, 30 Nov 2024 09:29:38 +0000 Subject: [PATCH 189/254] k12: fix mesh ips and metrics for backup uplink --- locations/k12-h2.yml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/locations/k12-h2.yml b/locations/k12-h2.yml index 1c4de2ed6..5c8485833 100644 --- a/locations/k12-h2.yml +++ b/locations/k12-h2.yml @@ -59,7 +59,7 @@ networks: - vid: 20 role: mesh name: mesh_core_5g - prefix: 10.31.158.1129/32 + prefix: 10.31.158.129/32 ipv6_subprefix: -20 mesh_ap: k12-h2-core mesh_radio: 11a_standard @@ -115,7 +115,7 @@ networks: - vid: 30 role: mesh name: mesh_lan - prefix: 10.31.226.134/32 + prefix: 10.31.158.134/32 ipv6_subprefix: -30 # adjust mesh_metric to prefer this route mesh_metric: 128 @@ -155,12 +155,18 @@ networks: mtu: 1280 prefix: 10.31.158.224/32 wireguard_port: 51820 + # Make sure tunnel is only last resort backup + mesh_metric: 2304 + mesh_metric_lqm: ['default 0.6'] - role: tunnel ifname: ts_wg1 mtu: 1280 prefix: 10.31.158.225/32 wireguard_port: 51821 + # Make sure tunnel is only last resort backup + mesh_metric: 2304 + mesh_metric_lqm: ['default 0.6'] # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: @@ -186,3 +192,13 @@ dns_servers: - 1.0.0.1 - 2606:4700:4700::1111 - 2606:4700:4700::1001 + +# Switch Ports +# 1: uplink +# 2: AP +# 3: +# 4: CORE +# 5: AP +# 6: AP +# 7: k12-h1-core, VLAN 30 +# 8: segen From fa01e9b4cad3f43db55da485a811322d35f94546 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Fri, 29 Nov 2024 13:38:37 +0100 Subject: [PATCH 190/254] gateways: switch to patched bird2. change metrics: - Use bird2-babelpatch (See a53f121fb4d9a21d46f53238593731d9c87c595e) - Switch Mesh Interfaces to inbound metrics - Use inbound and outbound metric for wireguard tunnels - Leave GRE unchanged --- group_vars/role_gateway/imageprofile.yml | 2 +- .../templates/gateway/bird.conf.j2 | 20 +++++++++++++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/group_vars/role_gateway/imageprofile.yml b/group_vars/role_gateway/imageprofile.yml index 5a8b5903b..4d513f708 100644 --- a/group_vars/role_gateway/imageprofile.yml +++ b/group_vars/role_gateway/imageprofile.yml @@ -23,7 +23,7 @@ role_uplink_gw__packages__to_merge: - luci-app-falter-owm-gui - iptables-mod-ipopt - kmod-ipt-ipopt - - bird2 + - bird2-babelpatch - bird2c - ip-full - gre diff --git a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 index e1ccf29d1..ac31fd204 100644 --- a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 @@ -78,7 +78,20 @@ protocol babel babel_mesh { ipv6 sadr { table v6_main; # Import only /56 location aggregates and default routes - import where net.len = 56 || net = {{ V6_SADR_DEFAULT_ROUTE }}; + import filter { + if ! (net.len = 56 || net = {{ V6_SADR_DEFAULT_ROUTE }}) then reject; +{% for interface in mesh_links %} + if ifname = "{{ interface['ifname'] }}" then { + babel_metric = babel_metric + {{ interface.get('mesh_metric', mesh_metric_default_in) }}; + accept; + } +{% endfor %} + if ifname ~ "wg_*" then { + babel_metric = babel_metric + {{ mesh_metric_tunnel_in }}; + accept; + } + accept; + }; export where source = RTS_BABEL || net = {{ ipv6_prefix }} from ::/0 || net = {{ V6_SADR_DEFAULT_ROUTE }}; }; ipv4 { @@ -91,7 +104,6 @@ protocol babel babel_mesh { {% for interface in mesh_links %} interface "{{ interface['ifname'] }}" { type wireless; - rxcost {{ interface.get('mesh_metric', mesh_metric_default_in) }}; }; {% endfor %} @@ -99,14 +111,14 @@ protocol babel babel_mesh { {% for gateway in groups['role_gateway'] | difference([inventory_hostname]) | sort %} interface "gre4-{{ hostvars[gateway]['gre_tunnel_alias'] }}" { type wireless; - rxcost {{ gre_metric }}; + rxcost {{ gre_metric }}; # Keep for now, could be implemented as export filter later }; {% endfor %} # Wireguard tunnel links which are dynamically established interface "wg_*" { type wireless; - rxcost {{ mesh_metric_tunnel_in }}; + rxcost {{ mesh_metric_tunnel_in }}; # Keep for now, could be implemented as export filter later }; } From 25e6b72105e5328a02b9cd87a5ec0aa10a75d920 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Fri, 29 Nov 2024 13:47:49 +0100 Subject: [PATCH 191/254] gateway: fix BGP bypass in firewall --- roles/cfg_openwrt/templates/gateway/config/firewall.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 index 413188ab8..41d4ec7bc 100644 --- a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 @@ -66,7 +66,9 @@ config rule option src uplink option src_ip '{{ uplink['ipv6'] | ansible.utils.ipaddr('peer') }}' option proto tcp - option dest_port 179 +# Dont match on destination Port +# BGP Session is not always initiated by ourselves +# option dest_port 179 option target ACCEPT {% endif %} From 6c382d6802035c69605e6f37f44199521132d9eb Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sun, 1 Dec 2024 15:01:23 +0100 Subject: [PATCH 192/254] gateway: match gre rxcost with default RX cost, to prefer mesh for similar Cost --- group_vars/role_gateway/general.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/role_gateway/general.yml b/group_vars/role_gateway/general.yml index 40df4d703..71eee2222 100644 --- a/group_vars/role_gateway/general.yml +++ b/group_vars/role_gateway/general.yml @@ -37,7 +37,7 @@ wireguard_wg_pub: '/etc/wireguard/wg.pub' # If it is set wireguard_wg_key and wireguard_wg_pub are not used. wireguard_wg_tmp_key: false -gre_metric: 64 +gre_metric: 256 # Match default RX Cost ## FIREWALL SECTION From fd23b6c14962a41bd59cbf63838d59b48ce44333 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sun, 1 Dec 2024 15:04:34 +0100 Subject: [PATCH 193/254] gw/wireguard: increase Tunnel cost to 1024*3 to prefer bbb This is subject to change, and probably needs some overhaul in regards of a general concept. But for now this change will increase the reliability of our BBB Core network --- group_vars/all/general.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/all/general.yml b/group_vars/all/general.yml index eb54748b7..9a62918e2 100644 --- a/group_vars/all/general.yml +++ b/group_vars/all/general.yml @@ -50,8 +50,8 @@ freifunk_global_prefix: 2001:bf7::/32 # Default mesh metric in inbound direction (rxcost) for normal mesh links mesh_metric_default_in: 512 -# Default mesh metric in inbound direction (rxcost) for tunnels -mesh_metric_tunnel_in: 1024 +# Default mesh metric in all directions for tunnels +mesh_metric_tunnel_in: 3072 # Default mesh metrics in inbound direction (rxcost) for adhoc like interfaces mesh_metric_adhoc_11a_standard: 2024 From c81262388d34d0009e5022fb70226fbee5f58e08 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Mon, 2 Dec 2024 08:29:10 +0000 Subject: [PATCH 194/254] k12: remove metric lower than default --- locations/k12-h2.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/locations/k12-h2.yml b/locations/k12-h2.yml index 5c8485833..09c3d5600 100644 --- a/locations/k12-h2.yml +++ b/locations/k12-h2.yml @@ -156,7 +156,6 @@ networks: prefix: 10.31.158.224/32 wireguard_port: 51820 # Make sure tunnel is only last resort backup - mesh_metric: 2304 mesh_metric_lqm: ['default 0.6'] - role: tunnel @@ -165,7 +164,6 @@ networks: prefix: 10.31.158.225/32 wireguard_port: 51821 # Make sure tunnel is only last resort backup - mesh_metric: 2304 mesh_metric_lqm: ['default 0.6'] # AP-id, wifi-channel, bandwidth, txpower From e35b3d5e488ef007bb9f2185fae669d4a06bfb38 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Tue, 3 Dec 2024 07:28:41 +0000 Subject: [PATCH 195/254] bht, mela: adjust routing metrics --- locations/bht.yml | 4 +++- locations/mela.yml | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/locations/bht.yml b/locations/bht.yml index 88c6a382e..680007107 100644 --- a/locations/bht.yml +++ b/locations/bht.yml @@ -150,7 +150,7 @@ networks: prefix: 10.230.23.129/32 ipv6_subprefix: -11 ptp: true - # Prefer routing via perleberger36 over segen, chris, mela + # Prefer routing via perleberger36 over segen, chris, mela, weidenbaum mesh_metric: 256 @@ -204,6 +204,8 @@ networks: name: mesh_west prefix: 10.230.23.137/32 ipv6_subprefix: -19 + # Prefer routing via perleberger36 over chris, mela, weidenbaum + mesh_metric: 1024 - vid: 40 role: dhcp diff --git a/locations/mela.yml b/locations/mela.yml index 0b02a4a30..b39e22e39 100644 --- a/locations/mela.yml +++ b/locations/mela.yml @@ -83,6 +83,8 @@ networks: name: mesh_ono prefix: 10.36.70.35/32 ipv6_subprefix: -12 + # ensure this link is only used as backup + mesh_metric: 2048 # 802.11s Mesh - vid: 20 From 18f487310e0f3fc01a2b173f4921ca5745216de1 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Mon, 2 Dec 2024 22:25:04 +0100 Subject: [PATCH 196/254] gateway: announce IPv4 default route into babel --- roles/cfg_openwrt/templates/gateway/bird.conf.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 index ac31fd204..7764bccbe 100644 --- a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 @@ -32,9 +32,10 @@ protocol kernel kernel_v6_main { protocol kernel kernel_v4_main { ipv4 { table v4_main; - import none; + import where net = 0.0.0.0/0; # Import Default Gateway from kernel export none; }; + learn all; } protocol kernel kernel_v4_babel_ff { @@ -97,7 +98,7 @@ protocol babel babel_mesh { ipv4 { table v4_main; import all; - export where source = RTS_BABEL; # For now only advertise routes learned from babel + export where source = RTS_BABEL || net = 0.0.0.0/0; # Readvertise Babel routes and advertise default route }; # Mesh interfaces From 63cdd162d8f1372586541041a09376987c144194 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Mon, 2 Dec 2024 22:35:37 +0100 Subject: [PATCH 197/254] gateways: drop IPv4 Routes learned via GRE --- roles/cfg_openwrt/templates/gateway/bird.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 index 7764bccbe..ddcce1038 100644 --- a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 @@ -97,7 +97,7 @@ protocol babel babel_mesh { }; ipv4 { table v4_main; - import all; + import where ifname !~ "gre4-*"; # Drop IPv4 routes learned via GRE, which remains a rather dirty hack for IPv6 export where source = RTS_BABEL || net = 0.0.0.0/0; # Readvertise Babel routes and advertise default route }; From 19aa1ab7324e692fd8eb0ae9398ab5ebf3d9245a Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Mon, 2 Dec 2024 23:00:47 +0100 Subject: [PATCH 198/254] Core/Gateway: Babel: add metrics for IPv4 --- .../templates/corerouter/bird.conf.j2 | 16 +++++++++++++++- roles/cfg_openwrt/templates/gateway/bird.conf.j2 | 15 ++++++++++++++- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 index 664029de0..c34cf3832 100644 --- a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 @@ -51,7 +51,21 @@ protocol babel { }; }; ipv4 { - import all; + import filter { +{% for nw in networks | selectattr('role', 'equalto', 'mesh') %} + {# metrics for 2 GHz adhoc get a penalty over 5 GHz adhoc so 5 GHz is preferred #} + {% set default_mesh_metric = hostvars[inventory_hostname].get('mesh_metric_adhoc_' ~ nw.get('mesh_radio'), mesh_metric_default_in) %} + if ifname = "{{ libnetwork.getIfname(nw) }}" then { + babel_metric = babel_metric + {{ nw.get('mesh_metric', default_mesh_metric) }}; + } +{% endfor %} +{% for nw in networks | selectattr('role', 'equalto', 'tunnel') %} + if ifname = "{{ nw.get('ifname') }}" then { + babel_metric = babel_metric + {{ nw.get('mesh_metric', mesh_metric_tunnel_in) }}; + } +{% endfor %} + accept; + }; export where source = RTS_BABEL; # For now only advertise routes learned from babel }; diff --git a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 index ddcce1038..2b352eef7 100644 --- a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 @@ -97,7 +97,20 @@ protocol babel babel_mesh { }; ipv4 { table v4_main; - import where ifname !~ "gre4-*"; # Drop IPv4 routes learned via GRE, which remains a rather dirty hack for IPv6 + import filter { + if ifname ~ "gre4-*" then reject; +{% for interface in mesh_links %} + if ifname = "{{ interface['ifname'] }}" then { + babel_metric = babel_metric + {{ interface.get('mesh_metric', mesh_metric_default_in) }}; + accept; + } +{% endfor %} + if ifname ~ "wg_*" then { + babel_metric = babel_metric + {{ mesh_metric_tunnel_in }}; + accept; + } + accept; + }; export where source = RTS_BABEL || net = 0.0.0.0/0; # Readvertise Babel routes and advertise default route }; From be08863fdf2c2c2aaf062339a40edcc1eafdf9de Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 3 Dec 2024 13:28:40 +0100 Subject: [PATCH 199/254] gateway: bird: increase preference of static default route --- roles/cfg_openwrt/templates/gateway/bird.conf.j2 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 index 2b352eef7..e8fa6bbc9 100644 --- a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 @@ -32,7 +32,11 @@ protocol kernel kernel_v6_main { protocol kernel kernel_v4_main { ipv4 { table v4_main; - import where net = 0.0.0.0/0; # Import Default Gateway from kernel + import filter { + if net != 0.0.0.0/0 then reject; # Import only Default Gateway from kernel + preference = 200; # Increase preference to beat babel route + accept; + }; export none; }; learn all; From 95ba76f05a587d69ee78796b5ededec58b390717 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 3 Dec 2024 22:02:36 +0100 Subject: [PATCH 200/254] corerouter: advertise IPv4 via Babel --- roles/cfg_openwrt/templates/corerouter/bird.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 index c34cf3832..a9c78a7ec 100644 --- a/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/corerouter/bird.conf.j2 @@ -16,10 +16,10 @@ protocol device { }; protocol direct { - interface "lo"; ipv6 sadr { table v6_main; }; + ipv4; } protocol babel { @@ -66,7 +66,7 @@ protocol babel { {% endfor %} accept; }; - export where source = RTS_BABEL; # For now only advertise routes learned from babel + export where source = RTS_BABEL || net ~ [ 10.0.0.0/8{21,32} ]; # Readvertise learned routes and advertise local networks from 10/8 }; # Mesh interfaces From 81fab4e9916ad6b3b53625f346f45e935e4d1c29 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Wed, 4 Dec 2024 11:54:34 +0000 Subject: [PATCH 201/254] w38b: backup uplink, metrics changes --- locations/w38b.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/locations/w38b.yml b/locations/w38b.yml index f986b9f13..ee3f8a01a 100644 --- a/locations/w38b.yml +++ b/locations/w38b.yml @@ -79,8 +79,6 @@ networks: name: mesh_2g prefix: 10.31.212.36/32 ipv6_subprefix: -21 - # make mesh_metric for 2GHz worse than 5GHz - mesh_metric_lqm: ['default 0.5'] mesh_ap: w38b-core mesh_radio: 11g_standard mesh_iface: mesh @@ -101,8 +99,6 @@ networks: name: mesh_ap1_2g prefix: 10.31.212.38/32 ipv6_subprefix: -23 - # make mesh_metric for 2GHz worse than 5GHz - mesh_metric_lqm: ['default 0.5'] mesh_ap: w38b-ap1 mesh_radio: 11g_standard mesh_iface: mesh @@ -113,9 +109,6 @@ networks: name: mesh_lan prefix: 10.31.212.39/32 ipv6_subprefix: -30 - # adjust mesh_metric(s) to prefer other links - mesh_metric: 4096 - mesh_metric_lqm: ['default 0.25'] # DHCP with filtering and isolation - vid: 40 @@ -163,6 +156,16 @@ networks: w38b-core: 1 # 10.31.212.113 w38b-ds: 2 # 10.31.212.114 + # UPLK - 10.31.212.64/27 as /32 + - vid: 50 + role: uplink + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.31.212.64/32 + wireguard_port: 51820 + # MGMT - vid: 434 role: mgmt From 06235437088e2ed9304af608597a078fba48b9c5 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 3 Dec 2024 12:55:05 +0100 Subject: [PATCH 202/254] gateway/core: install and configure bgpdisco --- group_vars/role_corerouter/imageprofile.yml | 2 ++ group_vars/role_gateway/imageprofile.yml | 2 ++ .../common/config/bgpdisco_nameservice.j2 | 31 +++++++++++++++++++ .../corerouter/config/bgpdisco_nameservice.j2 | 1 + .../gateway/config/bgpdisco_nameservice.j2 | 1 + 5 files changed, 37 insertions(+) create mode 100644 roles/cfg_openwrt/templates/common/config/bgpdisco_nameservice.j2 create mode 120000 roles/cfg_openwrt/templates/corerouter/config/bgpdisco_nameservice.j2 create mode 120000 roles/cfg_openwrt/templates/gateway/config/bgpdisco_nameservice.j2 diff --git a/group_vars/role_corerouter/imageprofile.yml b/group_vars/role_corerouter/imageprofile.yml index 9be0ee496..2c576c5a3 100644 --- a/group_vars/role_corerouter/imageprofile.yml +++ b/group_vars/role_corerouter/imageprofile.yml @@ -2,6 +2,8 @@ role_corerouter__packages__to_merge: - bird2-babelpatch - bird2c + - bgpdisco + - bgpdisco-plugin-nameservice - collectd-mod-dhcpleases - collectd-mod-olsrd - collectd-mod-conntrack diff --git a/group_vars/role_gateway/imageprofile.yml b/group_vars/role_gateway/imageprofile.yml index 4d513f708..de154c63d 100644 --- a/group_vars/role_gateway/imageprofile.yml +++ b/group_vars/role_gateway/imageprofile.yml @@ -25,6 +25,8 @@ role_uplink_gw__packages__to_merge: - kmod-ipt-ipopt - bird2-babelpatch - bird2c + - bgpdisco + - bgpdisco-plugin-nameservice - ip-full - gre - wireguard-tools diff --git a/roles/cfg_openwrt/templates/common/config/bgpdisco_nameservice.j2 b/roles/cfg_openwrt/templates/common/config/bgpdisco_nameservice.j2 new file mode 100644 index 000000000..9f0cfef42 --- /dev/null +++ b/roles/cfg_openwrt/templates/common/config/bgpdisco_nameservice.j2 @@ -0,0 +1,31 @@ +package 'bgpdisco-plugin-nameservice' + +config general + option domain 'ff' + option hosts_file '/var/hosts/ffnameservice' + option cmd_on_update 'killall -SIGHUP dnsmasq' +{% if inventory_hostname in groups['role_gateway'] %} + list exclude_interface_self '{{ uplink['ifname'] }}' +{% endif %} + +{%- if mgmt['assignments'] is defined and mgmt['assignments']|length>0 -%} + +{# Gateway ... #} +{% for host, ip_num in mgmt['assignments'].items() if host != inventory_hostname %} +config static-entry + option host '{{ host }}' + list ip '{{ mgmt['ipv4'] | ansible.utils.ipaddr(ip_num) | ansible.utils.ipaddr('address') }}' + +{% endfor %} +{% else %} + +{# Core-Router #} +{% for network in networks | selectattr('assignments', 'mapping') %} +{% for host, ip_num in network['assignments'].items() if host != inventory_hostname %} +config static-entry + option host '{{ host }}' + list ip '{{ network['prefix'] | ansible.utils.ipaddr(ip_num) | ansible.utils.ipaddr('address') }}' + +{% endfor %} +{% endfor %} +{%- endif %} diff --git a/roles/cfg_openwrt/templates/corerouter/config/bgpdisco_nameservice.j2 b/roles/cfg_openwrt/templates/corerouter/config/bgpdisco_nameservice.j2 new file mode 120000 index 000000000..4e632e062 --- /dev/null +++ b/roles/cfg_openwrt/templates/corerouter/config/bgpdisco_nameservice.j2 @@ -0,0 +1 @@ +../../common/config/bgpdisco_nameservice.j2 \ No newline at end of file diff --git a/roles/cfg_openwrt/templates/gateway/config/bgpdisco_nameservice.j2 b/roles/cfg_openwrt/templates/gateway/config/bgpdisco_nameservice.j2 new file mode 120000 index 000000000..4e632e062 --- /dev/null +++ b/roles/cfg_openwrt/templates/gateway/config/bgpdisco_nameservice.j2 @@ -0,0 +1 @@ +../../common/config/bgpdisco_nameservice.j2 \ No newline at end of file From 74f61814b3d9261189b341a96f7d18ff2650b12d Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 3 Dec 2024 12:56:47 +0100 Subject: [PATCH 203/254] core/gateway: olsr: change nameservice domain to ff --- roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 | 2 +- roles/cfg_openwrt/templates/gateway/config/olsrd.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 b/roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 index f23d0f457..c59e7b72d 100644 --- a/roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 +++ b/roles/cfg_openwrt/templates/corerouter/config/olsrd.j2 @@ -4,7 +4,7 @@ config LoadPlugin config LoadPlugin option library 'olsrd_nameservice' - option suffix '.olsr' + option suffix '.ff' option hosts_file '/tmp/hosts/olsr' option latlon_file '/var/run/latlon.js' option services_file '/var/etc/services.olsr' diff --git a/roles/cfg_openwrt/templates/gateway/config/olsrd.j2 b/roles/cfg_openwrt/templates/gateway/config/olsrd.j2 index 47c58d0cc..07def42af 100644 --- a/roles/cfg_openwrt/templates/gateway/config/olsrd.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/olsrd.j2 @@ -4,7 +4,7 @@ config LoadPlugin config LoadPlugin option library 'olsrd_nameservice' - option suffix '.olsr' + option suffix '.ff' option hosts_file '/tmp/hosts/olsr' option latlon_file '/var/run/latlon.js' option services_file '/var/etc/services.olsr' From a2637ac45f71ed3dd52dc55bf1efa3cf09d266c8 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 3 Dec 2024 12:59:46 +0100 Subject: [PATCH 204/254] core/gateway: drop olsrd6 config --- .../templates/corerouter/config/olsrd6.j2 | 53 ------------------- .../templates/gateway/config/olsrd6.j2 | 49 ----------------- 2 files changed, 102 deletions(-) delete mode 100644 roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 delete mode 100644 roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 diff --git a/roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 b/roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 deleted file mode 100644 index c05004569..000000000 --- a/roles/cfg_openwrt/templates/corerouter/config/olsrd6.j2 +++ /dev/null @@ -1,53 +0,0 @@ -#jinja2: trim_blocks: "true", lstrip_blocks: "true" -config LoadPlugin - option library 'olsrd_nameservice' - option suffix '.olsr' - option hosts_file '/tmp/hosts/olsr6' - option latlon_file '/tmp/_unused_olsr6_latlon.js' - option services_file '/tmp/_unused_olsr6_services' - -config LoadPlugin - option accept '::' - option ipv6only 'true' - option library 'olsrd_jsoninfo' - option ignore '0' - -config olsrd - option IpVersion '6' - option FIBMetric 'flat' - option AllowNoInt 'yes' - option TcRedundancy '2' - option NatThreshold '0.75' - option LinkQualityAlgorithm 'etx_ff' - option SmartGateway 'no' - option Pollrate '0.025' - option LinkQualityLevel '2' - option OlsrPort '698' - option Willingness '3' - option TosValue '16' - option RtTable '666' - option RtTableDefault '666' - -config InterfaceDefaults - option MidValidityTime '500.0' - option TcInterval '2.0' - option HnaValidityTime '125.0' - option HelloValidityTime '125.0' - option TcValidityTime '500.0' - option MidInterval '50.0' - option HelloInterval '15.0' - option HnaInterval '30.0' - -{% for network in networks | selectattr('role', 'equalto', 'mesh') %} -config Interface - option ignore '0' - option interface '{{ network['name'] if 'name' in network else network['role'] }}' - option Mode '{{ 'ether' if network.get('ptp') else 'mesh' }}' -{% endfor %} - -{% for tunnel in networks | selectattr('role', 'equalto', 'tunnel') %} -config Interface - option interface '{{ tunnel['ifname'] }}' - option Mode 'ether' - option ignore 0 -{% endfor %} diff --git a/roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 b/roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 deleted file mode 100644 index 83e1e29e1..000000000 --- a/roles/cfg_openwrt/templates/gateway/config/olsrd6.j2 +++ /dev/null @@ -1,49 +0,0 @@ -#jinja2: trim_blocks: "true", lstrip_blocks: "true" -config LoadPlugin - option library 'olsrd_nameservice' - option suffix '.olsr' - option hosts_file '/tmp/hosts/olsr6' - option latlon_file '/tmp/_unused_olsr6_latlon.js' - option services_file '/tmp/_unused_olsr6_services' - -config LoadPlugin - option accept '::' - option ipv6only 'true' - option library 'olsrd_jsoninfo' - option ignore '0' - -config olsrd - option IpVersion '6' - option FIBMetric 'flat' - option AllowNoInt 'yes' - option TcRedundancy '2' - option NatThreshold '0.75' - option LinkQualityAlgorithm 'etx_ff' - option SmartGateway 'no' - option Pollrate '0.025' - option LinkQualityLevel '2' - option OlsrPort '698' - option Willingness '3' - option TosValue '16' - option RtTable '666' - option RtTableDefault '666' - -config InterfaceDefaults - option MidValidityTime '500.0' - option TcInterval '2.0' - option HnaValidityTime '125.0' - option HelloValidityTime '125.0' - option TcValidityTime '500.0' - option MidInterval '50.0' - option HelloInterval '15.0' - option HnaInterval '30.0' - -{% if mesh_links is defined and mesh_links|length>0 %} - {% for interface in mesh_links %} -config Interface - option ignore '0' - option interface '{{ interface['name'] }}' - option Mode '{{ 'ether' if interface.get('ptp') else 'mesh' }}' - {% endfor %} -{% endif %} - From 0c866480453cf8e5f3d7a464e500eeb98cd8ca50 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Fri, 15 Nov 2024 00:08:11 +0100 Subject: [PATCH 205/254] imagebuilder: simplify templating for falter feed url --- group_vars/all/imageprofile.yml | 2 +- roles/cfg_openwrt/tasks/imagebuilder.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/all/imageprofile.yml b/group_vars/all/imageprofile.yml index 62120b520..f5458094c 100644 --- a/group_vars/all/imageprofile.yml +++ b/group_vars/all/imageprofile.yml @@ -6,7 +6,7 @@ imagebuilder_suffix: zst # Might get overridden for older openwrt versions imagebuilder_filename: "openwrt-imagebuilder-{{ openwrt_version }}-{{ target | replace('/', '-') }}.Linux-x86_64.tar.{{ imagebuilder_suffix }}" imagebuilder: "https://downloads.cdn.openwrt.org/{{ 'snapshots' if openwrt_version == 'snapshot' else 'releases/' ~ openwrt_version }}/targets/{{ target }}/{{ imagebuilder_filename }}" -feed: "src/gz openwrt_falter https://firmware.berlin.freifunk.net/feed/__FEED_VERSION__/packages/__INSTR_SET__/falter" +feed: "src/gz openwrt_falter https://firmware.berlin.freifunk.net/feed/{{ feed_version }}/packages/{{ instr_set }}/falter" all__packages__to_merge: diff --git a/roles/cfg_openwrt/tasks/imagebuilder.yml b/roles/cfg_openwrt/tasks/imagebuilder.yml index c2dc220c9..d43724fc7 100644 --- a/roles/cfg_openwrt/tasks/imagebuilder.yml +++ b/roles/cfg_openwrt/tasks/imagebuilder.yml @@ -77,7 +77,7 @@ - name: Insert falter feed lineinfile: path: "{{ build_dir }}/repositories.conf" - line: "{{ feed | replace('__INSTR_SET__', instr_set) | replace('__FEED_VERSION__', feed_version) }}" + line: "{{ feed }}" when: 'feed_version is defined' - name: Define Key-Dir From 593b8f7b8190a3a7faa64f65221788fba7313ccd Mon Sep 17 00:00:00 2001 From: Packet Please Date: Thu, 14 Nov 2024 05:52:56 +0100 Subject: [PATCH 206/254] version: fix snapshot imagebuilder url --- group_vars/version_snapshot.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/version_snapshot.yml b/group_vars/version_snapshot.yml index c1463401c..b228c169f 100644 --- a/group_vars/version_snapshot.yml +++ b/group_vars/version_snapshot.yml @@ -1,2 +1,3 @@ --- feed_version: snapshot +imagebuilder_filename: "openwrt-imagebuilder-{{ target | replace('/', '-') }}.Linux-x86_64.tar.zst" From 70110d6dcfe868704daceb1753f1db9207166527 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Thu, 14 Nov 2024 05:54:09 +0100 Subject: [PATCH 207/254] all: fix dependency on iptables meta package APK on snapshot exposes all kinds of old dependency issues. Here it's that the iptables/iptables6 meta package has been deprecated for years. (Also need to fix the same in olsrd.) ERROR: unable to select packages: ip6tables (virtual): note: please select one of the 'provided by' packages explicitly provided by: ip6tables-nft ip6tables-zz-legacy required by: world[ip6tables] olsrd-2024.06.09~d72be9ad-r1[ip6tables] iptables (virtual): note: please select one of the 'provided by' packages explicitly provided by: iptables-nft iptables-zz-legacy required by: olsrd-2024.06.09~d72be9ad-r1[iptables] --- group_vars/all/imageprofile.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/group_vars/all/imageprofile.yml b/group_vars/all/imageprofile.yml index f5458094c..99ad994aa 100644 --- a/group_vars/all/imageprofile.yml +++ b/group_vars/all/imageprofile.yml @@ -18,7 +18,8 @@ all__packages__to_merge: - collectd-mod-ping - collectd-mod-uptime - ethtool - - ip6tables # Its not pulled in by default anymore bc fw4 + - ip6tables-nft # Its not pulled in by default anymore bc fw4 + - iptables-nft - iperf3 - iwinfo - ip From 9ed5764886842fc64a588345fc9708bc4ddf9b0c Mon Sep 17 00:00:00 2001 From: Packet Please Date: Mon, 18 Nov 2024 00:09:16 +0100 Subject: [PATCH 208/254] imagebuilder: remove key dir check, it's always present --- roles/cfg_openwrt/tasks/imagebuilder.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/roles/cfg_openwrt/tasks/imagebuilder.yml b/roles/cfg_openwrt/tasks/imagebuilder.yml index d43724fc7..09d285c49 100644 --- a/roles/cfg_openwrt/tasks/imagebuilder.yml +++ b/roles/cfg_openwrt/tasks/imagebuilder.yml @@ -80,17 +80,12 @@ line: "{{ feed }}" when: 'feed_version is defined' -- name: Define Key-Dir - stat: - path: "{{ build_dir }}/keys/" - register: keydir - - name: Add falter feed key copy: src: "files/packagefeed_master.pub" dest: "{{ build_dir }}/keys/61a078a38408e710" # matches fingerprint mode: "preserve" - when: 'feed_version is defined and keydir.stat.exists' + when: 'feed_version is defined' - name: Disable Signature verification if required lineinfile: From b03df326ec5bc4ca676cee6a0080c5d94f549d8a Mon Sep 17 00:00:00 2001 From: Packet Please Date: Mon, 18 Nov 2024 23:49:34 +0100 Subject: [PATCH 209/254] imagebuilder: support snapshot APK package feed --- group_vars/version_snapshot.yml | 1 + roles/cfg_openwrt/files/falter.snapshot.pem | 4 ++ roles/cfg_openwrt/tasks/imagebuilder.yml | 49 +++++++++++++++++++-- 3 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 roles/cfg_openwrt/files/falter.snapshot.pem diff --git a/group_vars/version_snapshot.yml b/group_vars/version_snapshot.yml index b228c169f..dfe00a251 100644 --- a/group_vars/version_snapshot.yml +++ b/group_vars/version_snapshot.yml @@ -1,3 +1,4 @@ --- feed_version: snapshot imagebuilder_filename: "openwrt-imagebuilder-{{ target | replace('/', '-') }}.Linux-x86_64.tar.zst" +feed: "https://firmware.berlin.freifunk.net/feed/{{ feed_version }}/packages/{{ instr_set }}/falter/packages.adb" diff --git a/roles/cfg_openwrt/files/falter.snapshot.pem b/roles/cfg_openwrt/files/falter.snapshot.pem new file mode 100644 index 000000000..cbede47b4 --- /dev/null +++ b/roles/cfg_openwrt/files/falter.snapshot.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE1NSmLpdMjXJpDQki9ziqW3Ve0aIX99t +uAc1Yn5TexwhBhHsGxUxICHS63pDXYj9xg1AZHlvbEnFrBNrsdjJQQ== +-----END PUBLIC KEY----- diff --git a/roles/cfg_openwrt/tasks/imagebuilder.yml b/roles/cfg_openwrt/tasks/imagebuilder.yml index 09d285c49..479415b0e 100644 --- a/roles/cfg_openwrt/tasks/imagebuilder.yml +++ b/roles/cfg_openwrt/tasks/imagebuilder.yml @@ -74,26 +74,67 @@ instr_set: "{{ instr_set_result.stdout_lines | first }}" when: 'instr_set is not defined and feed_version is defined' -- name: Insert falter feed +- name: Insert falter OPKG feed lineinfile: path: "{{ build_dir }}/repositories.conf" line: "{{ feed }}" - when: 'feed_version is defined' + when: 'feed_version is defined and openwrt_version != "snapshot"' -- name: Add falter feed key +- name: Add falter OPKG feed key copy: src: "files/packagefeed_master.pub" dest: "{{ build_dir }}/keys/61a078a38408e710" # matches fingerprint mode: "preserve" when: 'feed_version is defined' -- name: Disable Signature verification if required +- name: Disable OPKG signature verification if required lineinfile: path: "{{ build_dir }}/repositories.conf" line: "option check_signature" state: "absent" when: 'imagebuilder_disable_signature_check is defined and imagebuilder_disable_signature_check' +- name: Add falter APK feed + lineinfile: + path: "{{ build_dir }}/repositories" + line: "{{ feed }}" + when: 'feed_version is defined and openwrt_version == "snapshot"' + +- name: Add falter APK feed to image + lineinfile: + path: "{{ configs_dir }}/etc/apk/repositories.d/falter.list" + line: "{{ feed }}" + create: true + when: 'feed_version is defined and openwrt_version == "snapshot"' + +- name: Add falter APK feed key + copy: + src: "files/falter.snapshot.pem" + dest: "{{ build_dir }}/keys/" + mode: "preserve" + when: 'feed_version is defined and openwrt_version == "snapshot"' + +- name: Add falter APK feed key to image + copy: + src: "files/falter.snapshot.pem" + dest: "{{ configs_dir }}/etc/apk/keys/" + mode: "preserve" + when: 'feed_version is defined and openwrt_version == "snapshot"' + +- name: Add custom APK feed key + copy: + src: "{{ feed_key }}" + dest: "{{ build_dir }}/keys/falter.custom.pem" + mode: "preserve" + when: 'feed_version is defined and openwrt_version == "snapshot" and feed_key is defined' + +- name: Add custom APK feed key to image + copy: + src: "{{ feed_key }}" + dest: "{{ configs_dir }}/etc/apk/keys/falter.custom.pem" + mode: "preserve" + when: 'feed_version is defined and openwrt_version == "snapshot" and feed_key is defined' + - name: Override compat_version check to bbb-configs exclusive value 9.9 lineinfile: path: "{{ build_dir }}/include/image-commands.mk" From c395a3d3de06646df0dd023623e7bf28f185d8d8 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Thu, 21 Nov 2024 06:58:47 +0100 Subject: [PATCH 210/254] pktpls: update custom feeds --- locations/pktpls.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/locations/pktpls.yml b/locations/pktpls.yml index 31779ae96..6377f1e44 100644 --- a/locations/pktpls.yml +++ b/locations/pktpls.yml @@ -13,7 +13,12 @@ hosts: model: "x86-64" openwrt_version: snapshot -# feed: "src/gz openwrt_falter file:///home/user/w/ff/falter-packages/out/main/x86_64/falter" +# Custom APK feed: snapshot +# feed: "file:///home/user/w/ff/falter-packages/out/main/x86_64/falter/packages.adb" +# feed_key: "/home/user/w/ff/falter-packages/tmp/main/x86_64/public-key.pem" +# +# Custom OPKG feed: 24.10-SNAPSHOT, 23.05-SNAPSHOT +# feed: "src/gz openwrt_falter file:///home/user/w/ff/falter-packages/out/openwrt-24.10/x86_64/falter" # imagebuilder_disable_signature_check: true location__packages__to_merge: From 78e971eb739f2ffd3c915f46fc6169c472dfac88 Mon Sep 17 00:00:00 2001 From: Polynomialdivision Date: Tue, 3 Dec 2024 09:34:28 +0100 Subject: [PATCH 211/254] model: switch dlink_covr_x1860 to openwrt 24.10 Running now for 1 week without any issue on 24.10. --- group_vars/model_dlink_covr_x1860_a1.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/model_dlink_covr_x1860_a1.yml b/group_vars/model_dlink_covr_x1860_a1.yml index 44b9bd2ea..b2adf2d8d 100644 --- a/group_vars/model_dlink_covr_x1860_a1.yml +++ b/group_vars/model_dlink_covr_x1860_a1.yml @@ -4,6 +4,8 @@ brand_nice: D-Link model_nice: COVR-X1860 version_nice: A1 +openwrt_version: 24.10-SNAPSHOT + dsa_ports: - internet - ethernet From c9679b42aad94ff25e85383a1f1d2d11c5e47ee2 Mon Sep 17 00:00:00 2001 From: Tom Jannek Date: Tue, 26 Nov 2024 22:50:50 +0100 Subject: [PATCH 212/254] modelfile: cudy wr3000 v1 --- group_vars/model_cudy_wr3000_v1.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 group_vars/model_cudy_wr3000_v1.yml diff --git a/group_vars/model_cudy_wr3000_v1.yml b/group_vars/model_cudy_wr3000_v1.yml new file mode 100644 index 000000000..e6f628fbe --- /dev/null +++ b/group_vars/model_cudy_wr3000_v1.yml @@ -0,0 +1,28 @@ +--- +target: mediatek/filogic +brand_nice: Cudy +model_nice: WR3000 +version_nice: v1 + +dsa_ports: + - wan + - lan1 + - lan2 + - lan3 + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: HE + path: platform/18000000.wifi+1 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HE + path: platform/18000000.wifi + ifname_hint: wlan2 + +leds: + - name: wan + sysfs: blue:wan + trigger: netdev From 1625f398aa50556cb11d39bd83f48802f4a68201 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Fri, 6 Dec 2024 17:00:31 +0000 Subject: [PATCH 213/254] scripts: change suffix from .olsr to .ff --- mass-update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mass-update.sh b/mass-update.sh index 38bda61dd..cf7896742 100755 --- a/mass-update.sh +++ b/mass-update.sh @@ -59,7 +59,7 @@ for FILE_PATH in $SORTED_FILES; do echo "Nodename: $NODENAME" # Build hostname - HOSTNAME="$NODENAME.olsr" + HOSTNAME="$NODENAME.ff" echo "Hostname: $HOSTNAME" # Check if hostname is reachable From 333cc53b6500994a3b94a9daf7fd4167ecc67ac7 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Mon, 2 Dec 2024 00:56:34 +0100 Subject: [PATCH 214/254] elsekiehl, kiehl71, wilde: upgrade to 24.10-SNAPSHOT --- locations/elsekiehl.yml | 2 ++ locations/kiehl71.yml | 2 ++ locations/wilde.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/locations/elsekiehl.yml b/locations/elsekiehl.yml index e22281e4b..25a4518bc 100644 --- a/locations/elsekiehl.yml +++ b/locations/elsekiehl.yml @@ -29,6 +29,8 @@ hosts: role: corerouter model: "avm_fritzbox-7530" wireless_profile: freifunk_default + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 ipv6_prefix: '2001:bf7:820:1800::/56' diff --git a/locations/kiehl71.yml b/locations/kiehl71.yml index 920ea2424..f58dfcee0 100644 --- a/locations/kiehl71.yml +++ b/locations/kiehl71.yml @@ -30,6 +30,8 @@ hosts: role: corerouter model: "avm_fritzbox-7530" wireless_profile: freifunk_default + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 ipv6_prefix: '2001:bf7:750:3200::/56' diff --git a/locations/wilde.yml b/locations/wilde.yml index e4281ee69..d763f97d6 100644 --- a/locations/wilde.yml +++ b/locations/wilde.yml @@ -27,6 +27,8 @@ hosts: wireless_profile: mesh_only mac_override: eth0: 2c:c8:1b:6b:e5:d2 + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 - hostname: wilde-nf-n role: ap From 407eb0e34617eda6c95bf20a8a80e6c6adfc5e72 Mon Sep 17 00:00:00 2001 From: Tom Jannek Date: Sun, 4 Aug 2024 11:06:30 +0200 Subject: [PATCH 215/254] hacrafu-capelvenere: init --- locations/hacrafu-capelvenere.yml | 93 +++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 locations/hacrafu-capelvenere.yml diff --git a/locations/hacrafu-capelvenere.yml b/locations/hacrafu-capelvenere.yml new file mode 100644 index 000000000..7e23f76bf --- /dev/null +++ b/locations/hacrafu-capelvenere.yml @@ -0,0 +1,93 @@ +--- + +location: hacrafu-capelvenere +location_nice: Dorfstraße 67, 15370 Petershagen +latitude: 52.52376838135979 +longitude: 13.770141894083322 +contact_name: "Hacken Craften Funken e.V." +contact_nickname: "HaCraFu" +contacts: + - "freifunk@hacrafu.de" + +hosts: + + - hostname: hacrafu-capelvenere-core + role: corerouter + model: "cudy_wr3000-v1" + wireless_profile: freifunk_hacrafu + +ipv6_prefix: "2001:bf7:850:1a00::/56" + +# dhcp 10.31.239.96/28 +# mesh5 10.31.54.200/32 +# mesh2 10.31.54.201/32 +# MGMT 10.31.54.202/32 +# TUNNEL 10.248.22.36/31 + +# Disable noping +# dhcp_no_ping: false + +networks: + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.54.200/32 + ipv6_subprefix: -20 + mesh_ap: hacrafu-capelvenere-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.54.201/32 + ipv6_subprefix: -21 + mesh_ap: hacrafu-capelvenere-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP + - vid: 40 + role: dhcp + untagged: false + inbound_filtering: false + enforce_client_isolation: false + prefix: 10.31.239.96/28 + ipv6_subprefix: 0 + assignments: + hacrafu-capelvenere-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.54.202/32 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + hacrafu-capelvenere-core: 1 + + # UPLINK + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.22.36/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.22.37/32 + wireguard_port: 51821 + +# only place this ssh-keys +ssh_keys: + - comment: Tom + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICIpPZouLOf+1WT9ylMa/9mX1dhLTy8W07Q8G5w7KKNz tom_hacrafu From 61b57192275466b0f86435bb4653d72d0685938b Mon Sep 17 00:00:00 2001 From: Tom Jannek Date: Sun, 4 Aug 2024 11:03:39 +0200 Subject: [PATCH 216/254] modelfile: tp-link archer c50 v4 --- group_vars/model_tplink_archer_c50_v4.yml | 39 +++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 group_vars/model_tplink_archer_c50_v4.yml diff --git a/group_vars/model_tplink_archer_c50_v4.yml b/group_vars/model_tplink_archer_c50_v4.yml new file mode 100644 index 000000000..daf24fae4 --- /dev/null +++ b/group_vars/model_tplink_archer_c50_v4.yml @@ -0,0 +1,39 @@ +--- +target: ramips/mt76x8 +brand_nice: TP-Link +model_nice: Archer C50 +version_nice: v4 + +switch_ports: 7 +switch_int_port: 6 +switch_ignore_ports: [5] + +int_port: eth0 + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: VHT + path: pci0000:00/0000:00:00.0/0000:01:00.0 + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HT + path: platform/10300000.wmac + ifname_hint: wlan2 + +leds: + - name: lan + sysfs: green:lan + trigger: switch0 + port_mask: 0x1e + - name: wan + sysfs: green:wan + trigger: switch0 + port_mask: 0x01 + - name: wlan2g + sysfs: green:wlan2g + trigger: phy0tpt + - name: wlan5g + sysfs: green:wlan5g + trigger: phy1tpt From ec245a32e128443f9b3e3b733f7d6e3efdce3beb Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sun, 8 Dec 2024 04:15:51 +0000 Subject: [PATCH 217/254] imageprofile: fix TLS certificate generation Without this we do not get proper certificates. There was a previous fix for this (#1044) that pulled it in via luci-ssl which was reverted due to issues (#1046). Pulling it in directly seems to work just fine. --- group_vars/all/imageprofile.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/all/imageprofile.yml b/group_vars/all/imageprofile.yml index 99ad994aa..993c577d3 100644 --- a/group_vars/all/imageprofile.yml +++ b/group_vars/all/imageprofile.yml @@ -36,6 +36,7 @@ all_luci_base__packages__to_merge: - luci-mod-admin-full - luci-proto-ipv6 - luci-theme-bootstrap + - px5g-mbedtls - rpcd-mod-rrdns - uhttpd - uhttpd-mod-ubus From f767ebf2a8fcc7f1c146b694e9b23fd9effa4818 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Thu, 21 Nov 2024 07:44:31 +0100 Subject: [PATCH 218/254] ap: prevent lockout when installing firewall later The AP image doesn't contain a firewall package or firewall settings. When installing the firewall later on, it loads default settings and locks us out of the device permanently. Add a basic firewall config allowing mgmt access, just to prevent this improbable but unfortunate case. --- .../cfg_openwrt/templates/ap/config/firewall.j2 | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 roles/cfg_openwrt/templates/ap/config/firewall.j2 diff --git a/roles/cfg_openwrt/templates/ap/config/firewall.j2 b/roles/cfg_openwrt/templates/ap/config/firewall.j2 new file mode 100644 index 000000000..cdca9b967 --- /dev/null +++ b/roles/cfg_openwrt/templates/ap/config/firewall.j2 @@ -0,0 +1,16 @@ +#jinja2: trim_blocks: "true", lstrip_blocks: "true" + +config defaults + option syn_flood '1' + option input 'ACCEPT' + option output 'ACCEPT' + option forward 'REJECT' + option drop_invalid '0' + +config zone 'zone_freifunk' + option name 'freifunk' + list network 'mgmt' + +config forwarding + option dest 'freifunk' + option src 'freifunk' From 4deb867d136975f7e5241196fcea76c5723384df Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Mon, 9 Dec 2024 09:56:33 +0100 Subject: [PATCH 219/254] simeon: swap core router, cleanup --- locations/simeon.yml | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/locations/simeon.yml b/locations/simeon.yml index 8ba9c427e..a0fd32975 100644 --- a/locations/simeon.yml +++ b/locations/simeon.yml @@ -11,11 +11,18 @@ hosts: - hostname: simeon-core role: corerouter - model: "avm_fritzbox-7530" - wireless_profile: freifunk_default + model: "ubnt_edgerouter-x" + poe_on: [] + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 + snmp_devices: + - hostname: simeon-switch + address: 10.31.104.130 + snmp_profile: edgeswitch + - hostname: simeon-mgh address: 10.31.104.131 snmp_profile: airos_8 @@ -55,31 +62,30 @@ networks: role: mesh name: mesh_mgh prefix: 10.31.51.136/32 - ipv6_subprefix: -1 + ipv6_subprefix: -10 - vid: 11 role: mesh name: mesh_nord prefix: 10.31.51.137/32 - ipv6_subprefix: -2 + ipv6_subprefix: -11 - vid: 12 role: mesh name: mesh_emma prefix: 10.31.51.138/32 - ipv6_subprefix: -3 + ipv6_subprefix: -12 - vid: 13 role: mesh - name: mesh_rhx + name: mesh_rhxb prefix: 10.31.51.139/32 - ipv6_subprefix: -4 + ipv6_subprefix: -13 - vid: 40 role: dhcp prefix: 10.31.104.0/25 ipv6_subprefix: 0 - untagged: true inbound_filtering: true enforce_client_isolation: true assignments: @@ -93,8 +99,8 @@ networks: ipv6_subprefix: 1 assignments: simeon-core: 1 - simeon-poe-switch: 2 + simeon-switch: 2 simeon-mgh: 3 simeon-nord: 4 simeon-emma: 5 - simeon-rhx: 6 + simeon-rhxb: 6 From 1c40424344e2acac39f50339521a261a0ec11f3c Mon Sep 17 00:00:00 2001 From: Packet Please Date: Wed, 11 Dec 2024 22:01:01 +0100 Subject: [PATCH 220/254] elsekiehl: remove unused tunspace setup --- locations/elsekiehl.yml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/locations/elsekiehl.yml b/locations/elsekiehl.yml index 25a4518bc..82bfdab58 100644 --- a/locations/elsekiehl.yml +++ b/locations/elsekiehl.yml @@ -84,23 +84,6 @@ networks: assignments: elsekiehl-core: 1 - # WIREGUARD - - vid: 50 - role: uplink - untagged: true - - - role: tunnel - ifname: ts_wg0 - mtu: 1280 - prefix: 10.31.179.40/32 - wireguard_port: 51820 - - - role: tunnel - ifname: ts_wg1 - mtu: 1280 - prefix: 10.31.179.41/32 - wireguard_port: 51821 - # AP-id, wifi-channel, bandwidth, txpower location__channel_assignments_11a_standard__to_merge: elsekiehl-core: 36-20 From 8bd542015413bd88e7e698849f9e0832c979b346 Mon Sep 17 00:00:00 2001 From: Koltonowski Date: Thu, 12 Dec 2024 14:44:54 +0100 Subject: [PATCH 221/254] Update sav.yml sav-core: update contact-mail --- locations/sav.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locations/sav.yml b/locations/sav.yml index 0efdc5b2b..61e38af85 100644 --- a/locations/sav.yml +++ b/locations/sav.yml @@ -7,7 +7,7 @@ longitude: 13.449078798 altitude: 89 contact_nickname: 'Jammingblub' contacts: - - 'kolto@protonmail.com' + - 'freifunk@sva.de' # ROUTER: 10.31.174.240/28 # --MGMT: 10.31.174.240/30 From d7c88c1ae4e8bdcf1393dbafeec4745350772b8b Mon Sep 17 00:00:00 2001 From: Polynomialdivision Date: Fri, 13 Dec 2024 08:36:32 +0100 Subject: [PATCH 222/254] model: banana bpi r64: bump to openwrt 24.10 --- group_vars/model_bananapi_bpi_r64.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/model_bananapi_bpi_r64.yml b/group_vars/model_bananapi_bpi_r64.yml index 6381cd8df..9151aa34b 100644 --- a/group_vars/model_bananapi_bpi_r64.yml +++ b/group_vars/model_bananapi_bpi_r64.yml @@ -3,6 +3,8 @@ target: mediatek/mt7622 brand_nice: Sinovoip model_nice: Banana Pi R64 +openwrt_version: 24.10-SNAPSHOT + dsa_ports: - wan - lan1 From 2021e314a06a27a59060d50c22a6f00056a15aa1 Mon Sep 17 00:00:00 2001 From: Polynomialdivision Date: Fri, 13 Dec 2024 08:36:57 +0100 Subject: [PATCH 223/254] model: totolink a7000r: bump to openwrt 24.10 --- group_vars/model_totolink_a7000r.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/model_totolink_a7000r.yml b/group_vars/model_totolink_a7000r.yml index 4b37e624d..00aab05ef 100644 --- a/group_vars/model_totolink_a7000r.yml +++ b/group_vars/model_totolink_a7000r.yml @@ -3,6 +3,8 @@ target: ramips/mt7621 brand_nice: TOTOLINK model_nice: A7000R +openwrt_version: 24.10-SNAPSHOT + dsa_ports: - wan - lan1 From e4f6ce84d2e46f54e10d796c1d5040a28bb0876e Mon Sep 17 00:00:00 2001 From: nailend Date: Sat, 14 Dec 2024 19:28:02 +0100 Subject: [PATCH 224/254] k9: Update location --- locations/k9.yml | 94 ++++++++++++++---------------------------------- 1 file changed, 26 insertions(+), 68 deletions(-) diff --git a/locations/k9.yml b/locations/k9.yml index e2c5624f1..12e1381f8 100644 --- a/locations/k9.yml +++ b/locations/k9.yml @@ -13,18 +13,22 @@ hosts: role: corerouter model: "avm_fritzbox-7530" wireless_profile: freifunk_default + - hostname: k9-ap-loge + role: ap + model: "aruba_ap-303" + wireless_profile: freifunk_default + - hostname: k9-ap-groessenwahn + role: ap + model: "aruba_ap-303" + wireless_profile: freifunk_default snmp_devices: - hostname: k9-sama - address: 10.31.9.211 - snmp_profile: airos_8 + address: 10.31.9.243 + snmp_profile: af60 - hostname: k9-zwingli - address: 10.31.9.212 - snmp_profile: airos_6 - - - hostname: k9-wilgu10 - address: 10.31.9.213 + address: 10.31.9.244 snmp_profile: airos_8 ipv6_prefix: '2001:bf7:830:8d00::/56' @@ -33,11 +37,8 @@ ipv6_prefix: '2001:bf7:830:8d00::/56' # 10.31.9.0/24 # - 10.31.9.0/25 - DHCP -# - 10.31.9.208/28 - MGMT # - 10.31.9.224/28 - BBB-Mesh -# - 10.31.9.240/28 - Internal Mesh - -# 10.31.99.0/24 / can be proably dismantled +# - 10.31.9.240/28 - MGMT networks: # MESH - Sama @@ -45,60 +46,17 @@ networks: role: mesh name: mesh_sama prefix: 10.31.9.224/32 - ipv6_subprefix: -10 - ptp: true + ipv6_subprefix: -1 + mesh_metric: 128 # MESH - Zwingli - vid: 11 role: mesh name: mesh_zwingli prefix: 10.31.9.225/32 - ipv6_subprefix: -11 + ipv6_subprefix: -2 mesh_metric: 1024 - mesh_metric_lqm: ['default 0.6'] - ptp: true - - # MESH - Wilgu10 - - vid: 12 - role: mesh - name: mesh_wilgu10 - prefix: 10.31.9.226/32 - ipv6_subprefix: -12 - ptp: true - - # MESH - LAN via Powerline - - vid: 20 - role: mesh - name: mesh_k9int - prefix: 10.31.9.240/28 - ipv6_subprefix: -20 - mesh_metric: 128 - mesh_metric_lqm: ['default 0.2'] - # Ignore Uplink one Hop away / requires 0.2 LQM - assignments: - k9-core: 1 - - # MESH - 5 GHz 802.11s - - vid: 21 - role: mesh - name: mesh_5g - prefix: 10.31.9.227/32 - ipv6_subprefix: -21 - mesh_ap: k9-core - mesh_radio: 11a_standard - mesh_iface: mesh - - # MESH - 2.4 GHz 802.11s - - vid: 22 - role: mesh - name: mesh_2g - prefix: 10.31.9.228/32 - ipv6_subprefix: -22 - # make mesh_metric for 2GHz worse than 5GHz mesh_metric_lqm: ['default 0.5'] - mesh_ap: k9-core - mesh_radio: 11g_standard - mesh_iface: mesh # DHCP - vid: 40 @@ -111,21 +69,21 @@ networks: k9-core: 1 # MGMT - - vid: 42 + - vid: 439 role: mgmt - prefix: 10.31.9.208/28 + prefix: 10.31.9.240/28 gateway: 1 dns: 1 ipv6_subprefix: 1 assignments: - k9-core: 1 # 10.31.9.209 - # k9-switch: 2 # 10.31.9.210 - k9-sama: 3 # 10.31.9.211 - k9-zwingli: 4 # 10.31.9.212 - k9-wilgu10: 5 # 10.31.9.213 + k9-core: 1 + k9-switch-roof: 2 # uisp-s + k9-sama: 3 # wave nano + k9-zwingli: 4 + k9-switch-house: 8 # hpe 2520g-poe + k9-ap-loge: 9 + k9-ap-hinterhaus: 10 location__ssh_keys__to_merge: - - comment: k9 JuergeN - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQe6dpUP7ame5ndvnQpghI/OVWav52ggbgwbdZ56Tr1q0bZQzuHNzwgRUrMiOtNbeN6AYQtLF2kEn1v0fLGp1twYiCFbc5GZV7Do5aDyqK71gDo2b0/EQ0pc/AeXnt4XoEfW1k6USCvGgAwUsVRJgHd1b+1+rrfdFH4qF8JatUYbcNDhS/hf6pUwQFEUJ+OdCFMgxbNYScnvf3UR5ttBq+Ur6yiYq1qi7zupVne9RKrCZMqaq0pdQGx9t8TOF3dskN5EWqn0GDCNOZZmf1VC1KhfhngE3/SYCqOAxSSXIUpLehL1KI05xhWVSzt0ngRVzgxySBsDxdJw8go/scisDB99Pfh+cSsHylHWW4JUEaIaZpMIpqydYElnyuZffr02C4tqdht18bc0lom0YcknYJ+UeBkBpRa3ii+WiANGBcs5j5+tUlu3GlWDHWE/gBj/FSp1X/FOCg6vhYO7nMdQa59ZIps/Y1NFlmKB7jwX76dj5Z8M8ZRmofSlbC2D3PKaQdYrbtVGWRqbVBpE8w0hw4zraKs7mpq1EHLN7gcDmkFoxaqWi1mU30Y3m8eltzspycHbyotq+djKF3zxlA6zR1eAexG7e+BYknMKqHiXMwP+cF6Tmr0rpaAHbBqeO3gXk5AhtIGLGGvdyAitgfmlVG0xVcgz2FeTPu3/RCgtpSOQ== - - comment: k9 Silke - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkyugPN8XIgxZ/l9fRPbcXrR042/XzX4T7PGP49ffHEDF8O0thI4tiils8LDkSJGpOtwPd1BPPgTT3YDm0Biy+HaeTtEEmVUs7AmRjl5sPcUXwPwMUXl9DKHBzpYKAfb6Jy2pBos7eswtFLHAS2tziyhREMz8OJuh9qZ9fs32BG+6AEGFL1hs4evI+NFtokcW7HW28zhkq2+NWi1kKef0SRY0rX9Kfp6fkMc5XKCZPuWBz97ZMCvUKShBiZXVJj6QzNxjaBcVnMCB/oqLxfrs2FrUbvNDcb2bAamyYLCVaU0DKtefByuBhsrrRdD35Ahi+qh1FFC1X59j1ozZX7Xq/ + - comment: k9 iuljan + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO0hqsAl0BJGlVgARU0KcE2JD+ljlOJebbFn4NI1aAlQ freifunk-k9@iuljan-m3 From 17a7c533f71d858d27547fefe26cf2a1375e8a94 Mon Sep 17 00:00:00 2001 From: nailend Date: Sat, 14 Dec 2024 19:29:31 +0100 Subject: [PATCH 225/254] model: Add aruba ap 303 --- group_vars/model_aruba_ap_303.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 group_vars/model_aruba_ap_303.yml diff --git a/group_vars/model_aruba_ap_303.yml b/group_vars/model_aruba_ap_303.yml new file mode 100644 index 000000000..f1442d5d1 --- /dev/null +++ b/group_vars/model_aruba_ap_303.yml @@ -0,0 +1,19 @@ +--- +target: ipq40xx/generic +brand_nice: Aruba +model_nice: Instant On AP11 + +dsa_ports: + - lan + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: VHT + path: platform/soc/a800000.wifi + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HT + path: platform/soc/a000000.wifi + ifname_hint: wlan2 From e00c02beb0bdac479d52fe8e1b11c8978efa683a Mon Sep 17 00:00:00 2001 From: Tom Jannek Date: Tue, 27 Aug 2024 16:55:37 +0200 Subject: [PATCH 226/254] hacrafu-armarian09: init location --- locations/hacrafu-armarian09.yml | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/locations/hacrafu-armarian09.yml b/locations/hacrafu-armarian09.yml index ce86840d7..34ec63c72 100644 --- a/locations/hacrafu-armarian09.yml +++ b/locations/hacrafu-armarian09.yml @@ -2,8 +2,8 @@ location: hacrafu-armarian09 location_nice: Dorfstr. 67, 15370 Petershagen -latitude: 52.523780960898534 -longitude: 13.770217896229408 +latitude: 52.52376219356236 +longitude: 13.77024203611256 contact_name: "Hacken Craften Funken e.V." contact_nickname: "HaCraFu e.V." contacts: @@ -17,10 +17,12 @@ hosts: wireless_profile: freifunk_hacrafu ipv6_prefix: "2001:bf7:850:f00::/56" + # dhcp 10.31.205.0/27 # mesh5 10.31.203.235/32 # mesh2 10.31.203.236/32 # MGMT 10.31.203.237/32 +# TUNNEL 10.248.23.192/31 # Disable noping # dhcp_no_ping: false @@ -50,7 +52,7 @@ networks: # DHCP - vid: 40 role: dhcp - untagged: true + untagged: false inbound_filtering: false enforce_client_isolation: false prefix: 10.31.205.0/27 @@ -68,6 +70,23 @@ networks: assignments: hacrafu-armarian09-core: 1 + # UPLINK + TUNNEL + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.23.192/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.23.193/32 + wireguard_port: 51821 + # only place this ssh-keys ssh_keys: - comment: Tom From 53cbb164c61a8d35af25726d00782bdf8c953020 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Sat, 14 Dec 2024 18:17:02 +0000 Subject: [PATCH 227/254] model: dlink dap x1860: bump to openwrt 24.10 --- group_vars/model_dlink_dap_x1860_a1.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/model_dlink_dap_x1860_a1.yml b/group_vars/model_dlink_dap_x1860_a1.yml index 90e9f756f..0f3308fb0 100644 --- a/group_vars/model_dlink_dap_x1860_a1.yml +++ b/group_vars/model_dlink_dap_x1860_a1.yml @@ -4,6 +4,8 @@ brand_nice: D-Link model_nice: DAP-X1860 version_nice: A1 +openwrt_version: 24.10-SNAPSHOT + int_port: lan wireless_devices: From f1e61f1c9f16373bfff50cbee355765ef3334558 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Wed, 24 Jul 2024 11:35:03 +0000 Subject: [PATCH 228/254] b49: init location --- locations/b49.yml | 129 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 locations/b49.yml diff --git a/locations/b49.yml b/locations/b49.yml new file mode 100644 index 000000000..a106ba79c --- /dev/null +++ b/locations/b49.yml @@ -0,0 +1,129 @@ +--- +location: b49 +location_nice: "Badstraße 49, 13357 Berlin" +latitude: 52.552578266 +longitude: 13.380162120 +contact_nickname: 'Noki' +contacts: + - '@noki-:matrix.org' + +hosts: + - hostname: b49-core + role: corerouter + model: "dlink_covr-x1860-a1" + wireless_profile: freifunk_default + mac_override: {eth0: 0c:0e:76:cf:2e:41} + +snmp_devices: + - hostname: b49-nanostation + address: 10.31.240.2 + snmp_profile: airos_8 + +ipv6_prefix: '2001:bf7:830:b500::/56' + +# got following prefixes: +# Router: 10.31.240.0/24 +# --MGMT: 10.31.240.0/27 +# --MESH: 10.31.240.32/27 +# --UPLK: 10.31.240.64/27 +# --DHCP: 10.31.240.96/27 (HOST, UNUSED) +# --DHCP: 10.31.240.128/26 (PUBLIC) +# --DHCP: 10.31.240.192/26 (PRIVATE, UNUSED) + +# Disable noping +dhcp_no_ping: false + +networks: + # MESH - Nanostation + - vid: 10 + role: mesh + name: mesh_ns_5ac + prefix: 10.31.240.32/32 + ipv6_subprefix: -10 + ptp: true + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.31.240.33/32 + ipv6_subprefix: -20 + mesh_ap: b49-core + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.31.240.34/32 + ipv6_subprefix: -21 + # make mesh_metric(s) for 2GHz worse than 5GHz + mesh_metric: 1024 + mesh_metric_lqm: ['default 0.8'] + mesh_ap: b49-core + mesh_radio: 11g_standard + mesh_iface: mesh + + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.31.240.128/26 + ipv6_subprefix: 0 + assignments: + b49-core: 1 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.31.240.0/27 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + b49-core: 1 # 10.31.240.1 + b49-nanostation: 2 # 10.31.240.2 + + # UPLK + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.31.240.36/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.31.240.37/32 + wireguard_port: 51821 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + b49-core: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + b49-core: 13-20 + +# SSH Keys +ssh_keys: + - comment: Noki + key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPjIgJKflHEYOIdskwalr83PflhPmFkrAebP2bUkOE11 Noki + +dns_servers: + # quad9 + - 9.9.9.9 + - 149.112.112.112 + - 2620:fe::fe + - 2620:fe::9 + # cloudflare + - 1.1.1.1 + - 1.0.0.1 + - 2606:4700:4700::1111 + - 2606:4700:4700::1001 From 1beedcce39f2bd398423b08b3028b524dede5c25 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 10 Dec 2024 01:26:25 +0100 Subject: [PATCH 229/254] imagebuild: allow to override build config and configure additional serial ports --- roles/cfg_openwrt/tasks/imagebuilder.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/roles/cfg_openwrt/tasks/imagebuilder.yml b/roles/cfg_openwrt/tasks/imagebuilder.yml index 479415b0e..2332cc55a 100644 --- a/roles/cfg_openwrt/tasks/imagebuilder.yml +++ b/roles/cfg_openwrt/tasks/imagebuilder.yml @@ -141,6 +141,28 @@ search_string: "compat_version=$(if $(DEVICE_COMPAT_VERSION),$(DEVICE_COMPAT_VERSION),1.0)" line: "compat_version=9.9" +- name: Override Imagebuilder .config + lineinfile: + path: "{{ build_dir }}/.config" + search_string: "{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + loop: "{{ imagebuilder_config | default({}) | dict2items }}" + + +- name: Copy over upstream inittab as base to modify + copy: + src: "{{ build_dir }}/target/linux/{{ (target|split('/'))[0] }}/base-files/etc/inittab" + dest: "{{ configs_dir}}/etc/" + when: "additional_serial_ports is defined" + +- name: Configure additional serial ports in inittab + lineinfile: + path: "{{ configs_dir }}/etc/inittab" + insertafter: '^ttyS\d.*\n' + line: "{{ item }}::askfirst:/usr/libexec/login.sh" + loop: "{{ additional_serial_ports | default([]) }}" + + - name: Run Imagebuilder changed_when: false command: From 5503e4f6f59681faa8d515e9b11ed3eb47e84c65 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 10 Dec 2024 12:35:34 +0100 Subject: [PATCH 230/254] imagebuild: allow to append board.d/02_network --- roles/cfg_openwrt/tasks/imagebuilder.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/cfg_openwrt/tasks/imagebuilder.yml b/roles/cfg_openwrt/tasks/imagebuilder.yml index 2332cc55a..13c569f72 100644 --- a/roles/cfg_openwrt/tasks/imagebuilder.yml +++ b/roles/cfg_openwrt/tasks/imagebuilder.yml @@ -162,6 +162,18 @@ line: "{{ item }}::askfirst:/usr/libexec/login.sh" loop: "{{ additional_serial_ports | default([]) }}" +- name: Copy over upstream network detect script + copy: + src: "{{ build_dir }}/target/linux/{{ (target|split('/'))[0] }}/base-files/etc/board.d" + dest: "{{ configs_dir}}/etc/" + when: "custom_network_detect is defined" + +- name: Configure additional board for network detection + lineinfile: + path: "{{ configs_dir }}/etc/board.d/02_network" + insertafter: '^case.*board_name.*\n' + line: "{{ custom_network_detect }}" + when: "custom_network_detect is defined" - name: Run Imagebuilder changed_when: false From e0e8d8d8da749d99cb843aa46596f5d7d4712714 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 10 Dec 2024 12:36:47 +0100 Subject: [PATCH 231/254] model: add protectli vps6630 --- group_vars/model_protectli_vps6630.yml | 63 ++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 group_vars/model_protectli_vps6630.yml diff --git a/group_vars/model_protectli_vps6630.yml b/group_vars/model_protectli_vps6630.yml new file mode 100644 index 000000000..3e6dff52c --- /dev/null +++ b/group_vars/model_protectli_vps6630.yml @@ -0,0 +1,63 @@ +--- +override_target: generic +target: x86/64 +image_search_pattern: "*-ext4-combined-efi.img*" +model_nice: Protectli Vault Pro VP6630 +int_port: eth5 # 2nd SFP+ Port +wireless_profile: disable + +openwrt_version: 24.10-SNAPSHOT + +model__packages__to_merge: + # Dont install unncessary network kernel modules (reference: https://github.com/openwrt/openwrt/blob/main/target/linux/x86/image/64.mk) + - "-kmod-amazon-ena -kmod-amd-xgbe -kmod-bnx2 -kmod-dwmac-intel -kmod-e1000e -kmod-e1000" + - "-kmod-forcedeth -kmod-igb -kmod-ixgbe -kmod-r8169 -kmod-tg3" + - "intel-microcode" + - "kmod-igc kmod-i40e" # Network: Only igc for 2.5G Ports and i40 for SFP+ Ports are required +# - "kmod-it87-wdt" # Watchdog (only supported in kernel 6.8+) + - "lm-sensors" +# - "kmod-hwmon-it87" # Not yet supported in mainline + + +# -> Install latest BIOS update https://kb.protectli.com/kb/bios-versions-for-the-vault/ +# -> Install latest firmware (nvm) for 10G NIC +# Instructions: +# - Download Latest Release https://www.intel.de/content/www/de/de/download/18190/non-volatile-memory-nvm-update-utility-for-intel-ethernet-network-adapter-700-series.html +# - Copy EFI Version along with a edk2 efishell on a USB Key +# - Boot +# - fs0: +# - cd 700Series/EFI2x64 +# - nvmupdate64e.efi + +# Port Mapping changed from 24.10 and onwards +# eth0 - Port 1 (igc, 2,5G) +# eth1 - Port 2 (igc, 2,5G) +# eth2 - Port 3 (igc, 2,5G) +# eth3 - Port 4 (igc, 2,5G) +# eth4 - SFP+ 1 (i40e, 10G) +# eth5 - SFP+ 2 (i40e, 10G) + + +# Overriding network names doesnt work with dynamically loaded kmods, because preinit is faster +## Make interface names stable and match them to whats written on the case +## TODO: Investigate and bring upstream +# protectli-vp6630) +# ucidef_set_network_device_path "sfp1" "pci0000:00/0000:00:1c.0/0000:01:00.0" +# ucidef_set_network_device_path "sfp2" "pci0000:00/0000:00:1c.0/0000:01:00.1" +# ucidef_set_network_device_path "eth1" "pci0000:00/0000:00:1c.4/0000:02:00.0" +# ucidef_set_network_device_path "eth2" "pci0000:00/0000:00:1c.5/0000:03:00.0" +# ucidef_set_network_device_path "eth3" "pci0000:00/0000:00:1c.6/0000:04:00.0" +# ucidef_set_network_device_path "eth4" "pci0000:00/0000:00:1c.7/0000:05:00.0" +# ucidef_set_interfaces_lan_wan "eth1 eth2 eth3 eth4 sfp1" "sfp2" +# ;; + + +# Device has two console ports +# ttyS0 - RJ45 Port +# ttyS1 - USB-C Port <- Lets use choose that for on site debugging + +additional_serial_ports: + - ttyS1 + +imagebuilder_config: + CONFIG_TARGET_SERIAL: ttyS1 From 67dd83f6e486fa5a52a23dc78fda0fed16131fdb Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Tue, 10 Dec 2024 18:49:08 +0100 Subject: [PATCH 232/254] saarbruecker-gw: switch to protectli vp6630 --- locations/saarbruecker.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/locations/saarbruecker.yml b/locations/saarbruecker.yml index 099867113..fc0fd28c0 100644 --- a/locations/saarbruecker.yml +++ b/locations/saarbruecker.yml @@ -8,7 +8,7 @@ community: true hosts: - hostname: saarbruecker-gw role: gateway - model: "ubnt_edgerouter-4" + model: "protectli_vps6630" snmp_devices: - hostname: saarbruecker-sw @@ -31,12 +31,12 @@ snmp_devices: ipv6_prefix: 2001:bf7:760:2200::/56 uplink: - ifname: lan3 + ifname: eth5 ipv4: 176.74.57.43/31 ipv6: 2a04:d480:2001::1/127 mgmt: - ifname: lan0.42 + ifname: eth4.42 ipv4: 10.31.83.49/29 ipv6: 2001:bf7:760:2201::/64 assignments: @@ -49,21 +49,21 @@ mgmt: # Mesh Network: 10.31.83.56/30 mesh_links: - name: mesh_hds - ifname: lan0.10 + ifname: eth4.10 ipv4: 10.31.83.56/32 ipv6: 2001:bf7:760:2200::1/128 mesh_metric: 128 ptp: true - name: mesh_sama - ifname: lan0.11 + ifname: eth4.11 ipv4: 10.31.83.57/32 ipv6: 2001:bf7:760:2200::2/128 mesh_metric: 128 ptp: true - name: mesh_segen - ifname: lan0.12 + ifname: eth4.12 ipv4: 10.31.83.58/32 ipv6: 2001:bf7:760:2200::3/128 mesh_metric: 128 From a773551d579db808d39853fb0e04a18d6efddcf7 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Wed, 11 Dec 2024 12:52:10 +0100 Subject: [PATCH 233/254] Revert "imagebuild: allow to append board.d/02_network" Feature is not used because it doesnt work for external kmods This reverts commit e5e4576620cd6a2316b7db919378c18ff4069410. --- roles/cfg_openwrt/tasks/imagebuilder.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/roles/cfg_openwrt/tasks/imagebuilder.yml b/roles/cfg_openwrt/tasks/imagebuilder.yml index 13c569f72..2332cc55a 100644 --- a/roles/cfg_openwrt/tasks/imagebuilder.yml +++ b/roles/cfg_openwrt/tasks/imagebuilder.yml @@ -162,18 +162,6 @@ line: "{{ item }}::askfirst:/usr/libexec/login.sh" loop: "{{ additional_serial_ports | default([]) }}" -- name: Copy over upstream network detect script - copy: - src: "{{ build_dir }}/target/linux/{{ (target|split('/'))[0] }}/base-files/etc/board.d" - dest: "{{ configs_dir}}/etc/" - when: "custom_network_detect is defined" - -- name: Configure additional board for network detection - lineinfile: - path: "{{ configs_dir }}/etc/board.d/02_network" - insertafter: '^case.*board_name.*\n' - line: "{{ custom_network_detect }}" - when: "custom_network_detect is defined" - name: Run Imagebuilder changed_when: false From c3f03c52272644e4d975b3f431b8866f8308f4c5 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sun, 15 Dec 2024 18:33:16 +0100 Subject: [PATCH 234/254] saarbruecker-gw: enable naywatch --- locations/saarbruecker.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/locations/saarbruecker.yml b/locations/saarbruecker.yml index fc0fd28c0..aafcdc248 100644 --- a/locations/saarbruecker.yml +++ b/locations/saarbruecker.yml @@ -9,6 +9,8 @@ hosts: - hostname: saarbruecker-gw role: gateway model: "protectli_vps6630" + host__packages__to_merge: + - naywatch snmp_devices: - hostname: saarbruecker-sw From d2c73b041c6ce80c940bebbed019d536cbcf53a2 Mon Sep 17 00:00:00 2001 From: Ffhener Date: Tue, 16 Jul 2024 12:28:45 +0200 Subject: [PATCH 235/254] philmel: big cleanup and new devices Switched IPs Switched mgmt-vlan to 438 Added nearfield devices Added frequency management Replaced some Devices --- locations/philmel.yml | 263 ++++++++++++++++++++++++++---------------- 1 file changed, 162 insertions(+), 101 deletions(-) diff --git a/locations/philmel.yml b/locations/philmel.yml index d1c8b7831..23e999609 100644 --- a/locations/philmel.yml +++ b/locations/philmel.yml @@ -1,6 +1,6 @@ --- location: philmel -location_nice: Philipp-Melanchthon-Kirche +location_nice: Philipp-Melanchthon-Kirche, Kranoldstraße 16, 12051 Berlin latitude: 52.465881 longitude: 13.434112 altitude: 83 @@ -9,166 +9,227 @@ community: true hosts: - hostname: philmel-core role: corerouter - model: "linksys_e8450-ubi" + model: "mikrotik_routerboard-750gr3" wireless_profile: freifunk_default - - hostname: philmel-nord-m2 + + - hostname: philmel-nf-o-5ghz role: ap - model: "ubnt_nanostation-m2_xm" - wireless_profile: freifunk_default + model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: dc:2c:6e:c4:35:ed} + + - hostname: philmel-nf-s-5ghz # peers: GSBS2 + role: ap + model: "mikrotik_sxtsq-5-ac" + mac_override: {eth0: dc:2c:6e:c4:36:53} + + # - hostname: philmel-nf-w-5ghz + # role: ap + # model: "mikrotik_sxtsq-5-ac" + # mac_override: {eth0: TODO} snmp_devices: - - hostname: philmel-rhnk - address: 10.230.2.4 + - hostname: philmel-switch + address: 10.230.2.2 + snmp_profile: swos + + - hostname: philmel-klunker + address: 10.230.2.3 snmp_profile: af60 - - hostname: philmel-nord-5ghz + + - hostname: philmel-ak36 + address: 10.230.2.4 + snmp_profile: airos_8 + + - hostname: philmel-nw-60ghz + address: 10.230.2.5 + snmp_profile: mikrotik_60g + + - hostname: philmel-no-5ghz address: 10.230.2.6 snmp_profile: airos_8 - - hostname: philmel-ost + + - hostname: philmel-nw-5ghz address: 10.230.2.7 - snmp_profile: airos_6 - - hostname: philmel-vaterhaus + snmp_profile: airos_8 + + - hostname: philmel-o-5ghz address: 10.230.2.8 snmp_profile: airos_8 - - hostname: philmel-sued + + - hostname: philmel-s-5ghz address: 10.230.2.9 - snmp_profile: airos_6 - - hostname: philmel-sued-5ac - address: 10.230.2.10 snmp_profile: airos_8 - - hostname: philmel-west - address: 10.230.2.11 - snmp_profile: airos_6 - - hostname: philmel-ak36 - address: 10.230.2.12 + + - hostname: philmel-w-5ghz + address: 10.230.2.10 snmp_profile: airos_8 airos_dfs_reset: - name: "philmel-ak36" - target: "10.230.2.12" + target: "10.230.2.4" username: "ubnt" - password: "file:/root/pwd.txt" + password: "file:/root/pwd" daytime_limit: "2-7" - - name: "philmel-nord-5ac" + + - name: "philmel-no-5ghz" target: "10.230.2.6" username: "ubnt" - password: "file:/root/pwd.txt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "philmel-nw-5ghz" + target: "10.230.2.7" + username: "ubnt" + password: "file:/root/pwd" daytime_limit: "2-7" -# got following prefixes: -# Router: 10.230.2.0/24 -# --MGMT: 10.230.2.0/28 -# --MESH: 10.31.215.32/27 (-23) -# --DHCP: 10.230.2.32/28 + - name: "philmel-o-5ghz" + target: "10.230.2.8" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "philmel-s-5ghz" + target: "10.230.2.9" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + + - name: "philmel-w-5ghz" + target: "10.230.2.10" + username: "ubnt" + password: "file:/root/pwd" + daytime_limit: "2-7" + +# ROUTER: 10.230.2.0/24 +# --MGMT: 10.230.2.0/27 +# --MESH: 10.230.2.32/27 +# --FREE: 10.230.2.64/26 +# --DHCP: 10.230.2.128/25 ipv6_prefix: "2001:bf7:820:1500::/56" networks: - - vid: 2 - role: dhcp - prefix: 10.230.2.32/28 - ipv6_subprefix: 0 - untagged: true - inbound_filtering: true - enforce_client_isolation: true - assignments: - philmel-core: 1 - - # northeast mesh 5GHz ac - vid: 10 role: mesh - name: mesh_no_5ghz # Peers: kiehlufer-core - prefix: 10.230.2.17/32 - ipv6_subprefix: -1 - mesh_metric: 1024 + name: mesh_klunker + prefix: 10.230.2.32/32 + ipv6_subprefix: -10 + ptp: true + mesh_metric: 256 - # northwest mesh 5GHz ac - vid: 11 role: mesh - name: mesh_nw_5ghz # Peers: liegewiese, sgfrd-core - prefix: 10.230.2.18/32 - ipv6_subprefix: -2 + name: mesh_ak36 + prefix: 10.230.2.33/32 + ipv6_subprefix: -11 + ptp: true mesh_metric: 1024 + mesh_metric_lqm: ['default 0.5'] - vid: 12 role: mesh - name: mesh_ost # Peers: Area51, delbrueck66 - prefix: 10.230.2.19/32 - ipv6_subprefix: -3 - mesh_metric: 1024 + name: mesh_nw_60ghz + prefix: 10.230.2.34/32 + ipv6_subprefix: -12 + # northeast mesh 5GHz ac - vid: 13 role: mesh - name: mesh_vaterhaus - prefix: 10.230.2.20/32 - ipv6_subprefix: -4 - mesh_metric: 1024 + name: mesh_no_5ghz + prefix: 10.230.2.35/32 + ipv6_subprefix: -13 + # northwest mesh 5GHz ac - vid: 14 role: mesh - name: mesh_sued # Peers: kranold18, GSBS2 - prefix: 10.230.2.21/32 - ipv6_subprefix: -5 - mesh_metric: 1024 + name: mesh_nw_5ghz + prefix: 10.230.2.36/32 + ipv6_subprefix: -14 - vid: 15 role: mesh - name: mesh_sued_5ghz - prefix: 10.230.2.22/32 - ipv6_subprefix: -6 - mesh_metric: 1024 + name: mesh_o_5ghz + prefix: 10.230.2.37/32 + ipv6_subprefix: -15 - vid: 16 role: mesh - name: mesh_west # Peers: emser97 - prefix: 10.230.2.23/32 - ipv6_subprefix: -7 - mesh_metric: 1024 + name: mesh_s_5ghz + prefix: 10.230.2.38/32 + ipv6_subprefix: -16 - vid: 17 role: mesh - name: mesh_ak36 - prefix: 10.230.2.24/32 - ipv6_subprefix: -8 - ptp: true - mesh_metric: 1024 - mesh_metric_lqm: ['default 0.3'] # prefer klunker link + name: mesh_w_5ghz + prefix: 10.230.2.39/32 + ipv6_subprefix: -17 - - vid: 18 + - vid: 20 role: mesh - name: mesh_klunker - prefix: 10.230.2.25/32 - ipv6_subprefix: -9 - ptp: true - mesh_metric: 128 - - - vid: 19 + name: mesh_nf_o_5 + prefix: 10.230.2.40/32 + ipv6_subprefix: -20 + mesh_ap: philmel-nf-o-5ghz + mesh_radio: 11a_standard + mesh_iface: mesh + + - vid: 21 role: mesh - name: mesh_nw_60ghz - prefix: 10.230.2.26/32 - ipv6_subprefix: -10 - ptp: true - mesh_metric: 1024 + name: mesh_nf_s_5 + prefix: 10.230.2.41/32 + ipv6_subprefix: -21 + mesh_ap: philmel-nf-s-5ghz + mesh_radio: 11a_standard + mesh_iface: mesh + + # - vid: 22 + # role: mesh + # name: mesh_nf_w_5 + # prefix: 10.230.2.42/32 + # ipv6_subprefix: -22 + # mesh_ap: philmel-nf-w-5ghz + # mesh_radio: 11a_standard + # mesh_iface: mesh + + - vid: 40 + role: dhcp + prefix: 10.230.2.128/25 + ipv6_subprefix: 0 + untagged: true + inbound_filtering: true + enforce_client_isolation: true + assignments: + philmel-core: 1 - - vid: 42 + - vid: 438 role: mgmt - prefix: 10.230.2.0/28 + prefix: 10.230.2.0/27 gateway: 1 dns: 1 ipv6_subprefix: 1 assignments: philmel-core: 1 - philmel-switch-1: 2 - philmel-switch-2: 3 - philmel-klunker: 4 - philmel-no-5ghz: 5 - philmel-nw-5ghz: 6 - philmel-ost-legacy: 7 - philmel-vaterhaus: 8 - philmel-sued-legacy: 9 - philmel-sued-5ghz: 10 - philmel-ak36: 12 - philmel-west-legacy: 11 - philmel-nw-60ghz: 14 + philmel-switch: 2 + # PtP + philmel-klunker: 3 + philmel-ak36: 4 + # PtmP + philmel-nw-60ghz: 5 + philmel-no-5ghz: 6 + philmel-nw-5ghz: 7 + philmel-o-5ghz: 8 + philmel-s-5ghz: 9 + philmel-w-5ghz: 10 + # nearfield devices + philmel-nf-o-5ghz: 11 + philmel-nf-s-5ghz: 12 + # philmel-nf-w-5ghz: 13 # tbd + +location__channel_assignments_11a_standard__to_merge: + philmel-nf-o-5ghz: 40-20 + philmel-nf-s-5ghz: 36-20 + # philmel-nf-w-5ghz: 44-20 location__ssh_keys__to_merge: - comment: roedel From 58b894c641b9a3608b9c3bac93e35e0571133ae8 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Mon, 16 Dec 2024 08:28:53 +0100 Subject: [PATCH 236/254] corerouter/ap: dsa: configure vlans as named objects --- roles/cfg_openwrt/templates/common/config/dsa.network.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/common/config/dsa.network.inc b/roles/cfg_openwrt/templates/common/config/dsa.network.inc index 6d54781d4..6c46d4810 100644 --- a/roles/cfg_openwrt/templates/common/config/dsa.network.inc +++ b/roles/cfg_openwrt/templates/common/config/dsa.network.inc @@ -9,7 +9,7 @@ config device {{ portmapping.append(port|string + (":t" if tagged else "")) }} {%- endfor %} -config bridge-vlan +config bridge-vlan 'vlan_{{ network['vid'] }}' option device 'switch0' option vlan '{{ network['vid'] }}' option ports '{{ portmapping|join(' ') }}' From cc93ef3208a9e62e2828cea05d0d82cae56c901f Mon Sep 17 00:00:00 2001 From: Packet Please Date: Mon, 9 Dec 2024 02:58:25 +0100 Subject: [PATCH 237/254] hway: clean up networking --- locations/hway.yml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/locations/hway.yml b/locations/hway.yml index 4900fe4e6..066213a2e 100644 --- a/locations/hway.yml +++ b/locations/hway.yml @@ -25,6 +25,7 @@ hosts: # eth1 eth2 - ConnectX-4 Lx CX4121B - hostname: hway-core role: corerouter + int_port: eth1 model: x86-64 image_search_pattern: "*-ext4-combined.img*" host__packages__to_merge: @@ -34,6 +35,8 @@ hosts: # which regularly hangs the card. It gets reset automatically, # but still results in regular ~15s downtimes. Disable offloads. - ethtool -K eth0 tx off rx off + host__disabled_services__to_merge: + - tunspace - hostname: hway-ap1 role: ap @@ -66,6 +69,7 @@ networks: hway-core: 1 - vid: 41 + untagged: true role: dhcp name: prdhcp inbound_filtering: true @@ -88,7 +92,7 @@ networks: hway-ap1: 4 # .255.252 - vid: 50 - ifname: eth1 + ifname: eth0 role: uplink untagged: true @@ -123,13 +127,6 @@ location__wireless_profiles__to_merge: ifname_hint: ffowe owe_transition_ifname_hint: ff ieee80211w: 1 - - mode: ap - ssid: huette-test - encryption: psk2 - key: 'file:/root/wifi_pass' - network: prdhcp - radio: [11a_standard, 11g_standard] - ifname_hint: prdhcp - mode: mesh mesh_id: Mesh-Freifunk-Berlin radio: [11a_standard, 11g_standard, 11a_mesh] From 77550222899708f3a01bd149f5fd69625fee01b0 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Mon, 9 Dec 2024 02:58:47 +0100 Subject: [PATCH 238/254] hway: add an outdoor ap --- locations/hway.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/locations/hway.yml b/locations/hway.yml index 066213a2e..67617cb24 100644 --- a/locations/hway.yml +++ b/locations/hway.yml @@ -38,13 +38,20 @@ hosts: host__disabled_services__to_merge: - tunspace - - hostname: hway-ap1 + - hostname: hway-indoor role: ap wireless_profile: hway model: zyxel_nwa50ax openwrt_version: 24.10-SNAPSHOT log_size: 1024 + - hostname: hway-street + role: ap + wireless_profile: hway + model: cudy_ap3000outdoor-v1 + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 + snmp_devices: - hostname: hway-kiehlufer @@ -89,7 +96,8 @@ networks: hway-core: 1 # .255.249 hway-switch: 2 # .255.250 hway-kiehlufer: 3 # .255.251 - hway-ap1: 4 # .255.252 + hway-indoor: 4 # .255.252 + hway-street: 5 # .255.253 - vid: 50 ifname: eth0 @@ -103,10 +111,12 @@ networks: wireguard_port: 51820 location__channel_assignments_11a_standard__to_merge: - hway-ap1: 36-40 + hway-indoor: 36-40 + hway-street: 44-40 location__channel_assignments_11b_standard__to_merge: - hway-ap1: 13-20 + hway-indoor: 13-20 + hway-street: 5-20 location__wireless_profiles__to_merge: - name: hway From e20b9a6e9600eb3f215b43ec5ed34e7bd5964608 Mon Sep 17 00:00:00 2001 From: Packet Please Date: Mon, 9 Dec 2024 02:59:00 +0100 Subject: [PATCH 239/254] hway: more 24.10 testing --- locations/hway.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/locations/hway.yml b/locations/hway.yml index 67617cb24..c6dfee298 100644 --- a/locations/hway.yml +++ b/locations/hway.yml @@ -27,7 +27,8 @@ hosts: role: corerouter int_port: eth1 model: x86-64 - image_search_pattern: "*-ext4-combined.img*" + openwrt_version: 24.10-SNAPSHOT + log_size: 1024 host__packages__to_merge: - kmod-mlx5-core host__rclocal__to_merge: From 645811b766afade53aa06aded9b98f27b7ad8f5a Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Mon, 16 Dec 2024 17:34:32 +0000 Subject: [PATCH 240/254] rigaer78: migrate port untagging to using named bridges --- locations/rigaer78.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/locations/rigaer78.yml b/locations/rigaer78.yml index 03cfe816a..80c8078bd 100644 --- a/locations/rigaer78.yml +++ b/locations/rigaer78.yml @@ -53,12 +53,15 @@ hosts: - hostname: rigaer78-back-floor-2-kitchen role: ap model: "avm_fritzbox-4040" - port_untag: {40: [lan1, lan2, lan3]} + host__rclocal__to_merge: + - | + # Untag DHCP on some ports + uci set network.vlan_40.ports='lan1:t lan2 lan3 lan4 wan' + uci commit network; reload_config - hostname: rigaer78-back-floor-3-left role: ap model: "siemens_ws-ap3610" - port_untag: {40: [lan1, lan2, lan3]} - hostname: rigaer78-back-floor-3-right role: ap @@ -72,6 +75,11 @@ hosts: role: ap model: "avm_fritzbox-7530" port_untag: {40: [lan1, lan2, lan3]} + host__rclocal__to_merge: + - | + # Untag DHCP on some ports + uci set network.vlan_40.ports='lan1:t lan2 lan3 lan4' + uci commit network; reload_config - hostname: rigaer78-east-2ghz role: ap @@ -211,7 +219,3 @@ location__channel_assignments_11a_standard__to_merge: rigaer78-back-floor-1-right: 44-20 rigaer78-back-floor-1-left: 40-20 rigaer78-back-floor-0-garage: 36-20 - -# Special vlan config: -# rigaer78-back-floor-4-right 40: 0t 1t 2 3 4 -# rigaer78-back-floor-2-kitchen 40: 0t 1t 2 3 4 From 9006ea90b9de5edfefe0f19e5931d7b9e3df0ac6 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sun, 15 Dec 2024 19:14:11 +0100 Subject: [PATCH 241/254] gateways: allow traffic towards inbound_filtered networks unconditionally --- .../templates/gateway/config/firewall.j2 | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 index 41d4ec7bc..182b88c44 100644 --- a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 @@ -1,4 +1,6 @@ #jinja2: trim_blocks: "true", lstrip_blocks: "true" +{% import 'libraries/network.j2' as libnetwork with context %} + config defaults option syn_flood 1 option input ACCEPT @@ -175,3 +177,52 @@ config rule {% endif %} option target ACCEPT {% endfor %} + +# Allow traffic from Internet to inbound_filtered networks unconditionally +config rule + option name 'Accept Traffic to inbound_filtered networks' + option src uplink + option dest freifunk + option ipset 'inbound_filtered_networks dest' + option target ACCEPT + +# Dont track (Internet -> inbound_filtered_networks) +config rule + option name 'Dont track (Internet -> inbound_filtered_networks)' + option src uplink + option dest freifunk # see note below + option ipset 'inbound_filtered_networks dest' + option target NOTRACK + +# Dont track (Internet via GRE -> inbound_filtered_networks) +config rule + option name 'Dont track (Internet via GRE -> inbound_filtered_networks)' + option src freifunk + option dest freifunk # see note below + option ipset 'inbound_filtered_networks dest' + option target NOTRACK + +# Dont track (inbound_filtered_networks -> Internet + Internet via GRE) +config rule + option name 'Dont track (inbound_filtered_networks -> Internet + Internet via GRE)' + option src freifunk + option dest uplink # see note below + option ipset 'inbound_filtered_networks src' + option target NOTRACK + +# Note: option dest actually has no impact in rendered nftables config by fw4, because +# NOTRACK needs to be set on prerouting, where the outbound interface is not determined, +# but is necessary in order to let fw4 know this is a forwarding rule. + +config ipset + option name 'inbound_filtered_networks' + option match 'net' + option family 'ipv6' +{% for h in groups['role_corerouter'] %} + {% set h_vars = hostvars[h] %} + {% for network in h_vars['networks'] + | selectattr('inbound_filtering', 'defined') | selectattr('inbound_filtering') + | selectattr('ipv6_subprefix', 'defined') %} + list entry '{{ h_vars['ipv6_prefix'] | ansible.utils.ipsubnet(64, network['ipv6_subprefix']) }}' # {{ h }} - {{ libnetwork.getUciIfname(network) }} + {% endfor %} +{% endfor %} From d5eb13d871a6eda088d22c93cf65bbb8e60e303e Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Sun, 15 Dec 2024 23:58:12 +0100 Subject: [PATCH 242/254] gateways: fix olsrd->babel soft migration This involves few changes: * Move IPv4 Static default route into bird, thus delete it from main network config * Fix OLSR messing with policy routing (by setting its priorities super high) * Remove OLSR dyngw which doesnt work with our policy routing approach and create a static default route HNA instead. --- group_vars/role_gateway/imageprofile.yml | 1 - .../templates/gateway/bird.conf.j2 | 22 ++++++++++----- .../templates/gateway/config/network.j2 | 18 +++++++++++-- .../templates/gateway/config/olsrd.j2 | 27 +++++++++++-------- 4 files changed, 48 insertions(+), 20 deletions(-) diff --git a/group_vars/role_gateway/imageprofile.yml b/group_vars/role_gateway/imageprofile.yml index de154c63d..bb2877846 100644 --- a/group_vars/role_gateway/imageprofile.yml +++ b/group_vars/role_gateway/imageprofile.yml @@ -7,7 +7,6 @@ role_uplink_gw__packages__to_merge: - collectd-mod-snmp6 - olsrd - olsrd-mod-arprefresh - - olsrd-mod-dyn-gw - olsrd-mod-jsoninfo - olsrd-mod-nameservice - olsrd-mod-txtinfo diff --git a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 index e8fa6bbc9..10479508e 100644 --- a/roles/cfg_openwrt/templates/gateway/bird.conf.j2 +++ b/roles/cfg_openwrt/templates/gateway/bird.conf.j2 @@ -32,14 +32,9 @@ protocol kernel kernel_v6_main { protocol kernel kernel_v4_main { ipv4 { table v4_main; - import filter { - if net != 0.0.0.0/0 then reject; # Import only Default Gateway from kernel - preference = 200; # Increase preference to beat babel route - accept; - }; + import none; export none; }; - learn all; } protocol kernel kernel_v4_babel_ff { @@ -74,6 +69,21 @@ protocol pipe pipe_v4_main_to_babel_default { import none; } +## +## Uplink static IPv4 route +## +{% if uplink['ipv4'] | ansible.utils.ipaddr('prefix') >= 30 %} + {% set v4_nexthop = uplink['ipv4'] | ansible.utils.ipaddr('peer') %} +{% else %} + {% set v4_nexthop = uplink['ipv4'] | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') %} +{%- endif %} + +protocol static static_uplink { + ipv4 { table v4_main; }; + check link; + route 0.0.0.0/0 via {{ v4_nexthop }} dev "{{ uplink['ifname'] }}"; +} + ## ## Babel Section ## diff --git a/roles/cfg_openwrt/templates/gateway/config/network.j2 b/roles/cfg_openwrt/templates/gateway/config/network.j2 index 543b3c579..44241fe97 100644 --- a/roles/cfg_openwrt/templates/gateway/config/network.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/network.j2 @@ -1,3 +1,17 @@ +# IPv4 Soft Migration by priotizing Babel over OLSR +# Static default Route is set by bird +config rule + option priority 33100 + option lookup 'babel-ff' + +config rule + option priority 33101 + option lookup 'olsr-ff' + +config rule + option priority 33200 + option lookup 'babel-default' + config interface 'loopback' option device 'lo' option proto 'static' @@ -12,9 +26,9 @@ config interface 'uplink' option proto 'static' option ipaddr '{{ uplink['ipv4'] }}' {% if uplink['ipv4'] | ansible.utils.ipaddr('prefix') >= 30 %} - option gateway '{{ uplink['ipv4'] | ansible.utils.ipaddr('peer') }}' +# option gateway '{{ uplink['ipv4'] | ansible.utils.ipaddr('peer') }}' {% else %} - option gateway '{{ uplink['ipv4'] | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }}' +# option gateway '{{ uplink['ipv4'] | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }}' {% endif %} {% if 'ipv6' in uplink %} option ip6addr '{{ uplink['ipv6'] }}' diff --git a/roles/cfg_openwrt/templates/gateway/config/olsrd.j2 b/roles/cfg_openwrt/templates/gateway/config/olsrd.j2 index 07def42af..6c6aa5ad5 100644 --- a/roles/cfg_openwrt/templates/gateway/config/olsrd.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/olsrd.j2 @@ -24,15 +24,6 @@ config LoadPlugin option library 'olsrd_txtinfo' option port '2006' -config LoadPlugin - option library 'olsrd_dyn_gw' - list Ping '46.182.19.48' - list Ping '80.67.169.40' - list Ping '194.150.168.168' - option ignore '0' - option PingCmd 'ping -c 1 -q -I {{ uplink['ifname'] }} %s' - option PingInterval '30' - config olsrd option IpVersion '4' option FIBMetric 'flat' @@ -45,6 +36,13 @@ config olsrd option OlsrPort '698' option Willingness '3' option TosValue '16' + option RtTable '20' + option RtTableDefault '21' +# set rule priorities to some random high numbers to make sure they are never used +# We define our own route policies in /etc/config/network + option RtTablePriority '34000' + option RtTableTunnelPriority '34020' + option RtTableDefaultPriority '34030' {% if sgw is defined and sgw %} option SmartGateway 'yes' option SmartGatewayUplink 'both' @@ -71,10 +69,17 @@ config Interface option Mode '{{ 'ether' if interface.get('ptp') else 'mesh' }}' option LinkQualityMult 'default 1.0' {% endfor %} +{% endif %} - {% if mgmt is defined %} +{% if mgmt is defined %} config Hna4 option netmask '{{ mgmt['ipv4'] | ansible.utils.ipaddr('netmask') }}' option netaddr '{{ mgmt['ipv4'] | ansible.utils.ipaddr('network') }}' - {% endif %} {% endif %} + +# Announce default route, its anyways not used for forwarding within BBB +# We only need it to attract traffic from legacy mesh nodes, until babel +# takes over in our core network +config Hna4 + option netmask '0.0.0.0' + option netaddr '0.0.0.0' From b5fbc2a98631bf9c67845820c8344afabf375221 Mon Sep 17 00:00:00 2001 From: Tobias Schwarz Date: Mon, 16 Dec 2024 11:49:50 +0000 Subject: [PATCH 243/254] baumex: init location --- locations/baumex.yml | 100 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 locations/baumex.yml diff --git a/locations/baumex.yml b/locations/baumex.yml new file mode 100644 index 000000000..19e0582d5 --- /dev/null +++ b/locations/baumex.yml @@ -0,0 +1,100 @@ +--- +location: baumex +location_nice: "Behringstraße 17, 12437 Berlin" +latitude: 52.465913098454 +longitude: 13.490052223207 +height: 10 +contact_nickname: 'xayax' +contacts: + - 'ff@xayax.de' + +hosts: + + - hostname: baumex-core + role: corerouter + model: "ubnt_edgerouter-x-sfp" + poe_on: [0, 2, 3, 4] + # eth0 / Port 1: cube + # eth1 / Port 2: lte + # eth2 / Port 3: vorne + # eth3 / Port 4: litebeam + # eth4 / Port 5: hinten + # eth5 / Port 6: dhcp + host__rclocal__to_merge: + - | + uci set network.vlan_10.ports='eth0' # mesh_vater_60g + uci set network.vlan_30.ports='eth1' # mesh_lan_lte + uci set network.vlan_40.ports='eth2:t eth4:t eth5' # dhcp + uci commit network; reload_config + + - hostname: baumex-vorne + role: ap + model: "mikrotik_routerboard-wap-g-5hact2hnd" + - hostname: baumex-hinten + role: ap + model: "mikrotik_routerboard-wap-g-5hact2hnd" + +snmp_devices: + - hostname: baumex-cube + address: 10.248.28.130 + snmp_profile: mikrotik_60g + + - hostname: baumex-litebeam + address: 10.248.28.131 + snmp_profile: airos_8 + +ipv6_prefix: "2001:bf7:840:3b00::/56" + +# humpty got the following prefixes: +# Router: 10.248.28.128/25 +# --MGMT: 10.248.28.128/27 +# --MESH: 10.248.28.160/27 +# --DHCP: 10.248.28.192/26 + +networks: + # MESH - Vaterhaus 60 GHz - Cube + - vid: 10 + role: mesh + name: mesh_vater_60g + prefix: 10.248.28.160/32 + ipv6_subprefix: -10 + ptp: true + + # MESH - Vaterhaus 5 GHz - Litebeam + - vid: 11 + role: mesh + name: mesh_vater_5g + prefix: 10.248.28.161/32 + ipv6_subprefix: -11 + ptp: true + + # MESH - LAN - LTE Uplink + - vid: 30 + role: mesh + name: mesh_lan_lte + prefix: 10.248.28.162/32 + ipv6_subprefix: -30 + + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.248.28.192/26 + ipv6_subprefix: 0 + assignments: + baumex-core: 1 + + # MGMT + - vid: 432 + role: mgmt + prefix: 10.248.28.128/27 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + baumex-core: 1 # 10.248.28.129 + baumex-cube: 2 # 10.248.28.130 + baumex-litebeam: 3 # 10.248.28.131 + baumex-vorne: 4 # 10.248.28.132 + baumex-hinten: 5 # 10.248.28.133 From 6ab5200f7dcadf2a8df80e95106672d47bdf3ff0 Mon Sep 17 00:00:00 2001 From: freifunkoperator Date: Mon, 15 Jul 2024 09:23:06 +0200 Subject: [PATCH 244/254] model: fritzrepeater 1200: add model --- group_vars/model_avm_fritzrepeater_1200.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 group_vars/model_avm_fritzrepeater_1200.yml diff --git a/group_vars/model_avm_fritzrepeater_1200.yml b/group_vars/model_avm_fritzrepeater_1200.yml new file mode 100644 index 000000000..4ee30f18d --- /dev/null +++ b/group_vars/model_avm_fritzrepeater_1200.yml @@ -0,0 +1,18 @@ +--- +target: ipq40xx/generic +brand_nice: AVM +model_nice: FRITZ!Repeater 1200 + +int_port: eth0 + +wireless_devices: + - name: 11a_standard + band: 5g + htmode_prefix: VHT + path: platform/soc/a800000.wifi + ifname_hint: wlan5 + - name: 11g_standard + band: 2g + htmode_prefix: HT + path: platform/soc/a000000.wifi + ifname_hint: wlan2 From bbdc0f984d0128850b7a8765d0fdbad20539e390 Mon Sep 17 00:00:00 2001 From: freifunkoperator Date: Mon, 15 Jul 2024 09:27:14 +0200 Subject: [PATCH 245/254] hdk-17: rename parzelle-17 to hdk-17 --- locations/{parzelle17.yml => hdk-17.yml} | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) rename locations/{parzelle17.yml => hdk-17.yml} (87%) diff --git a/locations/parzelle17.yml b/locations/hdk-17.yml similarity index 87% rename from locations/parzelle17.yml rename to locations/hdk-17.yml index c33ae4864..f61cb0f36 100644 --- a/locations/parzelle17.yml +++ b/locations/hdk-17.yml @@ -1,6 +1,6 @@ --- -location: parzelle17 -location_nice: Parzelle 17 +location: hdk-17 +location_nice: Heidekampgraben 17 latitude: 52.478675 longitude: 13.471268 community: true @@ -18,7 +18,7 @@ dns_servers: - 2606:4700:4700::1001 hosts: - - hostname: parzelle17-core + - hostname: hdk-17 role: corerouter model: "dlink_dap-x1860-a1" wireless_profile: freifunk_default @@ -45,7 +45,7 @@ networks: prefix: 10.31.207.32/27 ipv6_subprefix: 0 assignments: - parzelle17-core: 1 + hdk-17: 1 # MESH - 5 GHz 802.11s - vid: 20 @@ -53,7 +53,7 @@ networks: name: mesh_5g prefix: 10.31.207.16/32 ipv6_subprefix: -20 - mesh_ap: parzelle17-core + mesh_ap: hdk-17 mesh_radio: 11a_standard mesh_iface: mesh @@ -63,7 +63,7 @@ networks: name: mesh_2g prefix: 10.31.207.17/32 ipv6_subprefix: -21 - mesh_ap: parzelle17-core + mesh_ap: hdk-17 mesh_radio: 11g_standard mesh_iface: mesh @@ -76,4 +76,4 @@ networks: ipv6_subprefix: 1 assignments: # 10.31.207.1/32 - parzelle17-core: 1 + hdk-17: 1 From dc259e4397ef77bec8206f3bcc2cc8247735bac3 Mon Sep 17 00:00:00 2001 From: freifunkoperator Date: Mon, 15 Jul 2024 09:27:45 +0200 Subject: [PATCH 246/254] hdk-30: add new location --- locations/hdk-30.yml | 88 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 locations/hdk-30.yml diff --git a/locations/hdk-30.yml b/locations/hdk-30.yml new file mode 100644 index 000000000..bd46c8247 --- /dev/null +++ b/locations/hdk-30.yml @@ -0,0 +1,88 @@ +--- +location: hdk-30 +location_nice: Heidekampgraben +latitude: 52.478042919 +longitude: 13.471797109 + +# config restored from router configuration +# got following prefixes: +# Router: 10.248.4.192/26 +# --MGMT: 10.248.4.192/28 +# --MESH: 10.248.4.208/28 +# --DHCP: 10.248.4.224/27 + +community: true + +hosts: + - hostname: hdk-30 + role: corerouter + model: "ubnt_unifiac-mesh" + wireless_profile: freifunk_default + +ipv6_prefix: "2001:bf7:840:1b00::/56" + +networks: + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.248.4.224/27 + ipv6_subprefix: 0 + assignments: + hdk-30: 1 + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5ghz + prefix: 10.248.4.208/32 + ipv6_subprefix: -1 + mesh_ap: hdk-30 + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2ghz + prefix: 10.248.4.209/32 + ipv6_subprefix: -2 + mesh_ap: hdk-30 + mesh_radio: 11g_standard + mesh_iface: mesh + + - vid: 50 + role: uplink + untagged: true + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.4.210/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.4.211/32 + wireguard_port: 51821 + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.4.192/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + # 10.248.4.193/28 + hdk-30: 1 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + hdk-30: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + hdk-30: 13-20 From f6087e8714d3fd2ac5e2c85cca6b4da20c9c239b Mon Sep 17 00:00:00 2001 From: freifunkoperator Date: Mon, 15 Jul 2024 09:27:58 +0200 Subject: [PATCH 247/254] hdk-6: add new location --- locations/hdk-6.yml | 75 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 locations/hdk-6.yml diff --git a/locations/hdk-6.yml b/locations/hdk-6.yml new file mode 100644 index 000000000..2362733e3 --- /dev/null +++ b/locations/hdk-6.yml @@ -0,0 +1,75 @@ +--- +location: hdk-6 +location_nice: Heidekampgraben 6 +latitude: 52.478675 +longitude: 13.471268 +community: true + +hosts: + - hostname: hdk-6 + role: corerouter + model: "avm_fritzrepeater-1200" + wireless_profile: freifunk_default + +ipv6_prefix: '2001:bf7:840:1c00::/56' + +# config restored from router configuration +# got following prefixes: +# Router: 10.248.5.0/26 2001:bf7:840:1c00::/56 +# --MGMT: 10.248.5.0/28 +# --MESH: 10.248.5.16/28 +# --DHCP: 10.248.5.32/27 + +# Disable noping +dhcp_no_ping: false + +networks: + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.248.5.32/27 + ipv6_subprefix: 0 + assignments: + hdk-6: 1 + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.248.5.16/32 + ipv6_subprefix: -20 + mesh_ap: hdk-6 + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.248.5.17/32 + ipv6_subprefix: -21 + mesh_ap: hdk-6 + mesh_radio: 11g_standard + mesh_iface: mesh + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.5.0/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + # 10.248.5.1/32 + hdk-6: 1 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + hdk-6: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + hdk-6: 13-20 From b2df1cdc6d1e979fdd537160b785ca49f6e4797e Mon Sep 17 00:00:00 2001 From: freifunkoperator Date: Mon, 15 Jul 2024 09:28:10 +0200 Subject: [PATCH 248/254] hdk-15: add new location --- locations/hdk-15.yml | 75 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 locations/hdk-15.yml diff --git a/locations/hdk-15.yml b/locations/hdk-15.yml new file mode 100644 index 000000000..ffb645ee6 --- /dev/null +++ b/locations/hdk-15.yml @@ -0,0 +1,75 @@ +--- +location: hdk-15 +location_nice: Heidekampgraben 15 +latitude: 52.478675 +longitude: 13.471268 +community: true + +hosts: + - hostname: hdk-15 + role: corerouter + model: "avm_fritzbox-7530" + wireless_profile: freifunk_default + +ipv6_prefix: '2001:bf7:840:1d00::/56' + +# config restored from router configuration +# got following prefixes: +# Router: 10.248.5.64/26 2001:bf7:840:1d00::/56 +# --MGMT: 10.248.5.64/28 +# --MESH: 10.248.5.80/28 +# --DHCP: 10.248.5.96/27 + +# Disable noping +dhcp_no_ping: false + +networks: + # DHCP with filtering and isolation + - vid: 40 + role: dhcp + untagged: true + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.248.5.96/27 + ipv6_subprefix: 0 + assignments: + hdk-15: 1 + + # MESH - 5 GHz 802.11s + - vid: 20 + role: mesh + name: mesh_5g + prefix: 10.248.5.80/32 + ipv6_subprefix: -20 + mesh_ap: hdk-15 + mesh_radio: 11a_standard + mesh_iface: mesh + + # MESH - 2.4 GHz 802.11s + - vid: 21 + role: mesh + name: mesh_2g + prefix: 10.248.5.81/32 + ipv6_subprefix: -21 + mesh_ap: hdk-15 + mesh_radio: 11g_standard + mesh_iface: mesh + + # MGMT + - vid: 42 + role: mgmt + prefix: 10.248.5.64/28 + gateway: 1 + dns: 1 + ipv6_subprefix: 1 + assignments: + # 10.248.5.65/32 + hdk-15: 1 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11a_standard__to_merge: + hdk-15: 36-40 + +# AP-id, wifi-channel, bandwidth, txpower +location__channel_assignments_11g_standard__to_merge: + hdk-15: 13-20 From 45fb5b5e95502195d767f2afe0c48707aa8c8443 Mon Sep 17 00:00:00 2001 From: Nicolas Berens Date: Mon, 16 Dec 2024 21:28:01 +0100 Subject: [PATCH 249/254] give strom v6 --- locations/strom.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/locations/strom.yml b/locations/strom.yml index 05207f993..7fc232d8c 100644 --- a/locations/strom.yml +++ b/locations/strom.yml @@ -7,6 +7,9 @@ longitude: 13.342632651 altitude: 55 community: true +local_asn: 65023 +peer_asn: 44194 + hosts: # Thinkcentre M720q, i5-8500T, 16GB RAM, 256GB NVMe @@ -54,7 +57,7 @@ ipv6_prefix: 2001:bf7:750:2a00::/56 uplink: ifname: eth0.1301 ipv4: 77.87.51.131/25 - # ipv6: none + ipv6: 2001:bf7:b301:2342::1/127 mgmt: ifname: eth0.42 From e2789760d5dbf992a1feee3e3d226c879a4caede Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Wed, 18 Dec 2024 22:48:39 +0100 Subject: [PATCH 250/254] gateways: create static routes for the gre endpoints --- .../cfg_openwrt/templates/gateway/config/network.j2 | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/cfg_openwrt/templates/gateway/config/network.j2 b/roles/cfg_openwrt/templates/gateway/config/network.j2 index 44241fe97..107d2d43e 100644 --- a/roles/cfg_openwrt/templates/gateway/config/network.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/network.j2 @@ -53,9 +53,21 @@ config interface 'mgmt' {% endif %} +{% if uplink['ipv4'] | ansible.utils.ipaddr('prefix') >= 30 %} + {% set ipv4_uplink_gw = uplink['ipv4'] | ansible.utils.ipaddr('peer') %} +{% else %} + {% set ipv4_uplink_gw = uplink['ipv4'] | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') %} +{% endif %} + # gre doesnt support _ in name {% for gateway in groups['role_gateway'] | difference([inventory_hostname]) | sort %} {% set name = hostvars[gateway]['gre_tunnel_alias'] %} + +config route 'route_gre_{{ name }}' + option interface 'uplink' + option target '{{ hostvars[gateway]['uplink']['ipv4'] | ansible.utils.ipaddr('address') }}/32' + option gateway '{{ ipv4_uplink_gw }}' + config interface '{{ name }}' option proto 'gre' option ipaddr '{{ uplink['ipv4'] | ansible.utils.ipaddr('address') }}' From 062ec59af97a53540572e82613467795a4976db4 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Thu, 19 Dec 2024 22:43:28 +0100 Subject: [PATCH 251/254] gateway: reorder firewall terms --- .../templates/gateway/config/firewall.j2 | 104 ++++++++++-------- 1 file changed, 59 insertions(+), 45 deletions(-) diff --git a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 index 182b88c44..d85a2e692 100644 --- a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 @@ -62,6 +62,10 @@ config include option path /etc/custom_fw_includes/table_prepend_redirect_samplicator option position table-prepend +# +## Inbound to host +# + {% if 'ipv6' in uplink %} config rule option name "Allow BGP" @@ -137,83 +141,93 @@ config rule option family ipv6 option target ACCEPT -# Allow essential forwarded IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Forward - option src uplink - option dest * - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - option limit 1000/sec - option family ipv6 - option target ACCEPT -# Allow list via group_vars/role_gateway/general.yml -{% for rule in inbound_allow | default([]) %} -config rule - option name '{{ rule['name'] }}' - option src uplink - option dest freifunk - {% if 'dst' in rule %} - option dest_ip '{{ rule['dst'] }}' - {% endif %} - {% if 'src' in rule %} - option src_ip '{{ rule['src'] }}' - {% endif %} - {% if 'proto' in rule %} - option proto '{{ rule['proto'] }}' - {% endif %} - {% if 'src_port' in rule %} - option src_port '{{ rule['src_port'] }}' - {% endif %} - {% if 'dst_port' in rule %} - option dest_port '{{ rule['dst_port'] }}' - {% endif %} - option target ACCEPT -{% endfor %} +# +## Foward / Inbound to mesh +# # Allow traffic from Internet to inbound_filtered networks unconditionally config rule option name 'Accept Traffic to inbound_filtered networks' option src uplink option dest freifunk - option ipset 'inbound_filtered_networks dest' + option ipset 'inbound_filtered_networks dest' # defined at EOF + option proto all option target ACCEPT # Dont track (Internet -> inbound_filtered_networks) config rule option name 'Dont track (Internet -> inbound_filtered_networks)' option src uplink - option dest freifunk # see note below - option ipset 'inbound_filtered_networks dest' + option dest * # see note below + option ipset 'inbound_filtered_networks dest' # defined at EOF + option proto all option target NOTRACK # Dont track (Internet via GRE -> inbound_filtered_networks) config rule option name 'Dont track (Internet via GRE -> inbound_filtered_networks)' option src freifunk - option dest freifunk # see note below - option ipset 'inbound_filtered_networks dest' + option dest * # see note below + option ipset 'inbound_filtered_networks dest' # defined at EOF + option proto all option target NOTRACK # Dont track (inbound_filtered_networks -> Internet + Internet via GRE) config rule option name 'Dont track (inbound_filtered_networks -> Internet + Internet via GRE)' option src freifunk - option dest uplink # see note below + option dest * # see note below option ipset 'inbound_filtered_networks src' + option proto all option target NOTRACK # Note: option dest actually has no impact in rendered nftables config by fw4, because # NOTRACK needs to be set on prerouting, where the outbound interface is not determined, # but is necessary in order to let fw4 know this is a forwarding rule. +# Allow list via group_vars/role_gateway/general.yml +{% for rule in inbound_allow | default([]) %} +config rule + option name '{{ rule['name'] }}' + option src uplink + option dest freifunk + {% if 'dst' in rule %} + option dest_ip '{{ rule['dst'] }}' + {% endif %} + {% if 'src' in rule %} + option src_ip '{{ rule['src'] }}' + {% endif %} + {% if 'proto' in rule %} + option proto '{{ rule['proto'] }}' + {% endif %} + {% if 'src_port' in rule %} + option src_port '{{ rule['src_port'] }}' + {% endif %} + {% if 'dst_port' in rule %} + option dest_port '{{ rule['dst_port'] }}' + {% endif %} + option target ACCEPT +{% endfor %} + +# Allow essential forwarded IPv6 ICMP traffic +config rule + option name Allow-ICMPv6-Forward + option src uplink + option dest * + option proto icmp + list icmp_type echo-request + list icmp_type echo-reply + list icmp_type destination-unreachable + list icmp_type packet-too-big + list icmp_type time-exceeded + list icmp_type bad-header + list icmp_type unknown-header-type + option limit 1000/sec + option family ipv6 + option target ACCEPT + +# ipset for stateful firewall bypass config ipset option name 'inbound_filtered_networks' option match 'net' From 363d0541909907306c97d64d9014e46d823588ea Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Mon, 16 Dec 2024 22:09:50 +0100 Subject: [PATCH 252/254] gateway: firewall: default proto to all for custom ipv6 firewall rules --- roles/cfg_openwrt/templates/gateway/config/firewall.j2 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 index d85a2e692..334d74d37 100644 --- a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 @@ -198,9 +198,7 @@ config rule {% if 'src' in rule %} option src_ip '{{ rule['src'] }}' {% endif %} - {% if 'proto' in rule %} - option proto '{{ rule['proto'] }}' - {% endif %} + option proto '{{ rule.get('proto', 'all') }}' {% if 'src_port' in rule %} option src_port '{{ rule['src_port'] }}' {% endif %} From 6c4b7ec1a9e417958c0ff803bb2b3af692859725 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Thu, 19 Dec 2024 22:46:37 +0100 Subject: [PATCH 253/254] gateway: firewall: increase icmp rate limit into mesh --- roles/cfg_openwrt/templates/gateway/config/firewall.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 index 334d74d37..acbed4a93 100644 --- a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 @@ -221,7 +221,7 @@ config rule list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type - option limit 1000/sec + option limit 10000/sec option family ipv6 option target ACCEPT From b086b7a67dcf53534150514e3ab84fb4fe004032 Mon Sep 17 00:00:00 2001 From: Simon Polack Date: Thu, 19 Dec 2024 22:49:15 +0100 Subject: [PATCH 254/254] gateway: firewall: move bypass term at first position --- roles/cfg_openwrt/templates/gateway/config/firewall.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 index acbed4a93..0be835488 100644 --- a/roles/cfg_openwrt/templates/gateway/config/firewall.j2 +++ b/roles/cfg_openwrt/templates/gateway/config/firewall.j2 @@ -48,7 +48,7 @@ config forwarding config include option type nftables option path /etc/custom_fw_includes/chain_prepend_forward_uplink_allow_unestablished_flows - option position chain-prepend + option position chain-post option chain 'forward_uplink' config include