copy templates to initial config with placeholder IP, first step toward

#153
sudomesh · Dec 21, 2019 · 8bb9f26 · 8bb9f26
1 parent 3934f71
commit 8bb9f26
Show file tree

Hide file tree

Showing 18 changed files with 779 additions and 33 deletions.
diff --git a/files/etc/babeld.conf b/files/etc/babeld.conf
@@ -0,0 +1,10 @@
+export-table 20
+interface l2tp0 wired true
+interface l2tp0 max-rtt-penalty 128
+interface mesh2 channel 6
+interface mesh5 channel 157
+interface eth0.1 wired true
+interface eth0.2 wired true
+redistribute if br-open metric 128
+redistribute local deny
+
diff --git a/files/etc/config/babeld b/files/etc/config/babeld
@@ -0,0 +1,5 @@
+config filter
+  option type 'redistribute'
+  option ip '100.127.0.1/32'
+  option local 'true'
+  option action 'allow'
diff --git a/files/etc/config/dhcp b/files/etc/config/dhcp
@@ -0,0 +1,35 @@
+config dnsmasq
+  option domainneeded 0
+  option boguspriv 1
+  option localise_queries 1
+  option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
+  option rebind_localhost 1 # enable for RBL checking and similar services
+  option local '/local.sudomesh.org/'
+  option domain 'local.sudomesh.org'
+  option expandhosts 1
+  option nonegcache 0
+  option authoritative 1
+  option readethers 1
+  option leasefile '/tmp/dhcp.leases'
+  option resolvfile '/etc/resolv.conf.dnsmasq'
+  list interface 'br-open'
+  list interface 'br-priv'
+
+config 'dhcp' 'openpool'
+  option interface 'open'
+  option networkid 'br-open'
+  option start 7
+  option limit 55
+  option leasetime 5m
+  list dhcp_option '1,255.255.255.192' # subnet mask
+  list dhcp_option '3,100.127.0.1' # gateway
+  list dhcp_option '6,100.127.0.1' # dns server
+
+config 'dhcp' 'privatepool'
+  option interface 'priv'
+  option networkid 'br-priv'
+  option start 10
+  option limit 240
+  option leasetime 30m
+  list dhcp_option '1,255.255.255.0' # subnet mask
+  list dhcp_option '3,172.30.0.1' # gateway
diff --git a/files/etc/config/network b/files/etc/config/network
@@ -1,37 +1,122 @@
 
+config switch
+  option name 'switch0'
+  option reset '1'
+  option enable_vlan '1'
+
+# Note: LAN ports (as written on the back of the router)
+#       and switch ports are the same, such that 
+#       LAN port 1 is switch port 1      
+#       yellow WAN port (labeled "internet") is switch port 5
+
+# physical lan port 1 (switch port 1)
+# is on vlan 1 (eth0.1) untagged
+config switch_vlan
+  option device 'switch0'
+  option vlan '1'
+  option ports '0t 1'
+
+# physical lan port 2 (switch port 2)
+# is on vlan 2 (eth0.2) untagged
+config switch_vlan
+  option device 'switch0'
+  option vlan '2'
+  option ports '0t 2'
+
+# physical lan port 4 (switch port 4)
+# is on vlan 10 (eth0.10) untagged
+# vlan 10 is used for the public network
+config switch_vlan
+  option device 'switch0'
+  option vlan '10'
+
+  # port 0 is the internal CPU port
+  # and 't' denotes that it is vlan tagged
+  # http://wiki.openwrt.org/doc/uci/network/switch
+  option ports '0t 4'
+
+# physical lan port 3 (switch port 3)
+# is on vlan 11 (eth0.11) untagged
+# vlan 11 is used for the private network         
+config switch_vlan                
+  option device 'switch0'
+  option vlan '11'
+  option ports '0t 3'
+
 config interface 'loopback'
-	option ifname 'lo'
-	option proto 'static'
-	option ipaddr '127.0.0.1'
-	option netmask '255.0.0.0'
-
-config globals 'globals'
-	option ula_prefix 'fdba:a4ce:2c79::/48'
-
-config interface 'lan'
-	option ifname 'eth0'
-	option force_link '1'
-	option type 'bridge'
-	option proto 'static'
-	option netmask '255.255.255.0'
-	option ip6assign '60'
-	option ipaddr '172.22.0.1'
+  option ifname 'lo'
+  option proto 'static'
+  option ipaddr '127.0.0.1'
+  option netmask '255.0.0.0'
 
 config interface 'wan'
-	option ifname 'eth1'
-	option proto 'dhcp'
+  option ifname 'eth1'
+  option proto 'dhcp'
+
+# This is for development only
+# TODO We should remove the static IP before beta launch
+config interface 'wan2' 
+  option ifname 'eth1'
+  option proto 'static'
+  option ipaddr '172.22.0.1'
+  option netmask '255.255.255.0'
 
 config interface 'wan6'
-	option ifname 'eth1'
-	option proto 'dhcpv6'
+  option ifname '@wan'
+  option proto 'dhcpv6'
 
-config switch
-	option name 'switch0'
-	option reset '1'
-	option enable_vlan '1'
+config interface 'ext1mesh'
+  option ifname 'eth0.1'
+  option proto 'static'
+  option ipaddr '100.127.0.1'
+  option dns '100.64.0.42'
+  option netmask '32'
+  list dns '100.64.0.42'        
+  list dns '100.64.0.43'        
 
-config switch_vlan
-	option device 'switch0'
-	option vlan '1'
-	option ports '0 1 2 3 4'
+config interface 'ext2mesh'
+  option ifname 'eth0.2'
+  option proto 'static'
+  option ipaddr '100.127.0.1'
+  option dns '100.64.0.42'
+  option netmask '32'
+  list dns '100.64.0.42'        
+  list dns '100.64.0.43'        
+
+config interface 'mesh2'
+  option ifname 'mesh2'
+  option proto 'static'
+  option ipaddr '100.127.0.1'
+  option dns '100.64.0.42'
+  option netmask '255.255.255.255'
+  list dns '100.64.0.42'        
+  list dns '100.64.0.43'        
+
+config interface 'mesh5'
+  option ifname 'mesh5'
+  option proto 'static'
+  option ipaddr '100.127.0.1'
+  option dns '100.64.0.42'
+  option netmask '255.255.255.255'
+  list dns '100.64.0.42'        
+  list dns '100.64.0.43'        
+
+# This will be our "peoplesopen.net" bridge
+config interface 'open'
+  option type 'bridge'
+  option ifname 'open2 open5 eth0.10'
+  option proto 'static'
+  option ipaddr '100.127.0.1'
+  option dns '100.64.0.42'
+  option netmask '255.255.255.192'
+  option multicast_to_unicast '0' # don't isolate access point clients
+  list dns '100.64.0.42'        
+  list dns '100.64.0.43'        
 
+config interface 'priv'
+  option type 'bridge'
+  option ifname 'priv2 priv5 eth0.11'                   
+  option proto 'static'
+  option ipaddr '172.30.0.1'
+  option netmask '16'
+  option multicast_to_unicast '0' # don't isolate access point clients
diff --git a/files/etc/config/notdhcpserver b/files/etc/config/notdhcpserver
@@ -0,0 +1,8 @@
+config server
+  option enabled '1'
+  list addresses 'eth0.1=100.127.0.2/32'
+  list addresses 'eth0.2=100.127.0.3/32'
+  option hook_script '/opt/notdhcpserver/hook.sh'
+  option ssl_cert '/etc/uhttpd.crt'
+  option ssl_key '/etc/uhttpd.key'
+  option timeout_length '180'
diff --git a/files/etc/config/rpcd b/files/etc/config/rpcd
@@ -0,0 +1,5 @@
+config login
+  option username 'admin'
+  option password '$p$admin'
+  list read '*'
+  list write '*'
diff --git a/files/etc/config/tunneldigger b/files/etc/config/tunneldigger
@@ -0,0 +1,15 @@
+config broker 'main'
+       list address 'exit.sudomesh.org:8942'
+       list address 'exit.sudomesh.org:443'
+       list address 'exit1.sudomesh.org:8942'
+       list address 'exit1.sudomesh.org:443'     
+       list address 'exit2.sudomesh.org:8942'
+       list address 'exit2.sudomesh.org:443'
+       list address '107.170.219.5:8942'
+       list address '107.170.219.5:443'
+       option uuid '<%= id %>'
+       option interface 'l2tp0'
+       option bind_to_interface 'eth1'
+       option limit_bw_down '4096kbit'
+       option limit_bw_up '4096kbit'
+       option hook_script '/opt/mesh/tunnel_hook'
diff --git a/files/etc/config/uhttpd b/files/etc/config/uhttpd
@@ -0,0 +1,92 @@
+# Server configuration
+config uhttpd main
+
+  # HTTP listen addresses, multiple allowed
+  list listen_http	'172.30.0.1:80'
+#	list listen_http	'[::]:80'
+
+  # HTTPS listen addresses, multiple allowed
+  list listen_https	'172.30.0.1:443'
+#	list listen_https	'[::]:443'
+
+  # Server document root
+  option home		'/www'
+
+  # Ubus prefix
+  option ubus_prefix		'/ubus'
+
+  # Reject requests from RFC1918 IP addresses
+  # directed to the servers public IP(s).
+  # This is a DNS rebinding countermeasure.
+  option rfc1918_filter '1'
+
+  # Maximum number of concurrent requests.
+  # If this number is exceeded, further requests are
+  # queued until the number of running requests drops
+  # below the limit again.
+  option max_requests '3'
+
+  # Certificate and private key for HTTPS.
+  # If no listen_https addresses are given,
+  # the key options are ignored.
+  option cert		'/etc/uhttpd.crt'
+  option key		'/etc/uhttpd.key'
+
+  # CGI url prefix, will be searched in docroot.
+  # Default is /cgi-bin
+  option cgi_prefix	'/cgi-bin'
+
+  # List of extension->interpreter mappings.
+  # Files with an associated interpreter can
+  # be called outside of the CGI prefix and do
+  # not need to be executable.
+  #	list interpreter	".php=/usr/bin/php-cgi"
+  #	list interpreter	".cgi=/usr/bin/perl"
+  #
+  # Lua url prefix and handler script.
+  # Lua support is disabled if no prefix given.
+  #	option lua_prefix	/luci
+  #	option lua_handler	/usr/lib/lua/luci/sgi/uhttpd.lua
+  #
+  # CGI/Lua timeout, if the called script does not
+  # write data within the given amount of seconds,
+  # the server will terminate the request with
+  # 504 Gateway Timeout response.
+  option script_timeout	'60'
+
+  # Network timeout, if the current connection is
+  # blocked for the specified amount of seconds,
+  # the server will terminate the associated
+  # request process.
+  option network_timeout	'30'
+
+  # TCP Keep-Alive, send periodic keep-alive probes
+  # over established connections to detect dead peers.
+  # The value is given in seconds to specify the
+  # interval between subsequent probes.
+  # Setting this to 0 will disable TCP keep-alive.
+  option tcp_keepalive	'1'
+
+  # Basic auth realm, defaults to local hostname
+  #	option realm	OpenWrt
+
+  # Configuration file in busybox httpd format
+  #	option config	/etc/httpd.conf
+
+
+# Certificate defaults for px5g key generator
+config cert px5g
+
+  # Validity time
+  option days		'730'
+
+  # RSA key size
+  option bits		'1024'
+
+  # Location
+  option country		'US'
+  option state		'CA'
+  option location		'Oakland'
+
+  # Common name
+  option commonname	'SudoWrt'