forked from ffac/site
-
Notifications
You must be signed in to change notification settings - Fork 0
/
site.conf
374 lines (353 loc) · 14.7 KB
/
site.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
{
--[[ Community settings
hostname_prefix: Nodename prefix
freifunk-abcdef123456 (hex-part is generated from node's MAC address)
site_name: Name of your community
site_code: Shortcode of your community
]]
hostname_prefix = 'ffac-',
site_name = 'Freifunk Rheinland - Regio Aachen',
site_code = 'ffac',
-- 32 bytes of random data, encoded in hexacimal
-- Must be the same of all nodes in one mesh domain
-- Can be generated using: echo $(hexdump -n 32 -e '1/1 "%02x"' </dev/urandom)
domain_seed = 'fcd2bb830c677865c60459899facdb630a9c09e26b72d995451c4feb9b337e6d',
opkg = {
extra = {
modules = 'http://opkg.ffac.rocks/modules/gluon-%GS-%GR/%S',
},
},
--[[ General network settings
prefix4: IPv4 range of your community
prefix6: IPv6 range of your community
is also required for radvd
We use our global unicast block 2a03:2260:114::/48 for IP routing. This prefix is ONLY used for the next node feature and is used in multiple layer 2 network segments.
]]
prefix6 = 'fdac::/64',
--[[ NTP settings
Synchronize the time of the nodes
timezone: Timezone of your community
http://wiki.openwrt.org/doc/uci/system#time.zones
ntp_servers: List of NTP-Servers to query. You can use any public and/or your private NTP-Servers of your community.
http://www.pool.ntp.org/zone/de
#############
# NOTE: http://news.ntppool.org/2013/06/ipv6-monitoring-problems-for-g.html
# > As you might know only "2.pool.ntp.org" (and 2.debian.pool.ntp.org, etc)
# > returns AAAA records currently.
#############
]]
timezone = 'CET-1CEST,M3.5.0,M10.5.0/3',
ntp_servers = {
'a.ntp.ffac.rocks',
'ntp-b.aachen.freifunk.net',
'2.openwrt.pool.ntp.org',
},
--[[ Wireless settings
regdom: IEEE 802.11 Regulatory Domain
http://en.wikipedia.org/wiki/IEEE_802.11#Regulatory_domains_and_legal_compliance
wifi24: Wifi settings for 2.4 GHz frequency devices
wifi5: Wifi settings for 5 GHz frequency devices
sub
ssid: Wifi name shown to the user (We recommend %site_code%.freifunk.net)
channel: Wifi channel to use
mesh_ssid: SSID of the mesh-interface, only used between nodes
mesh_bssid: BSSID of the mesh-interface
The supplied default of ff:ff:ff:ff:ff:ff will not work.
You'll need to replace it with randomly generated, non-broadcast BSSID!
mesh_mcast_rate: multicast rate of the mesh-interface
]]
regdom = 'DE',
wifi24 = {
channel = 11,
ap = {
ssid = 'Freifunk',
},
ibss = {
ssid = 'wifimesh-g-ac',
bssid = 'CA:FF:24:FF:AC:24',
mcast_rate = 12000,
},
-- mesh = {
-- id = 'ffac-mesh',
-- mcast_rate = 12000,
-- },
},
wifi5 = {
channel = 44,
outdoor_chanlist = "100-140",
ap = {
ssid = 'Freifunk',
},
mesh = {
id = 'ffac-mesh',
mcast_rate = 12000,
},
},
-- enable VXLAN for Mesh-on-LAN/WAN
mesh = {
vxlan = false,
filter_membership_reports = false,
batman_adv = {
routing_algo = 'BATMAN_IV_LEGACY',
gw_sel_class = 1,
},
},
mesh_on_lan = false,
mesh_on_wan = false,
poe_passthrough = true,
--[[ Next-Node
next_node: Howto reach the node you are currently connected to
The node will always be reachable at that address, and it's the same on all nodes. Because next_node packets are redirected within the node itself, there will be no conflicts.
sub
ip4: IPv4 Address to use (optional)
ip6: IPv6 Address to use
mac: MAC Address to use
(TODO: What is the purpose of this MAC-Address here?)
]]
next_node = {
ip6 = 'fdac::ac',
mac = 'ac:41:95:40:f7:dc',
},
--[[ Gateway settings
fastd_mesh_vpn: fastd vpn settings
https://projects.universe-factory.net/projects/fastd/wiki/User_manual
sub
methods: encryption algorithms to use
https://projects.universe-factory.net/projects/fastd/wiki/Methods
When multiple method statements are given, the first one has the highest preference.
mtu: package size
backbone: fastd vpn gateways of your community
sub
limit: Number of gateways each node connects to
On startup, each node tries to connect to every gateway, and then chooses the number of 'limit' fastest gateways it could reach
peers: Gateways
sub sub
key: public fastd key of your gateway
https://github.com/tcatm/ecdsautils
remotes: List of fastd configuration strings to connect to your gateway server
]]
mesh_vpn = {
mtu = 1406,
fastd = {
configurable = true,
methods = {'salsa2012+umac'},
groups = {
backbone = {
limit = 1,
peers = {
aachen01 = {
key = '4d6e3cb352c991b93e8e19e174570f621a5805f21ab812f44df5602cc89c9e8a',
remotes = {
'"01.nodes.freifunk-aachen.de" port 30001',
'"01.nodes.freifunk-aachen.de" port 30101',
'"01.nodes.freifunk-aachen.de" port 30201',
'"01.nodes.freifunk-aachen.de" port 30301',
'"01.nodes.freifunk-aachen.de" port 30401',
'"01.nodes.freifunk-aachen.de" port 30501',
'"01.nodes.freifunk-aachen.de" port 30601',
'"01.nodes.freifunk-aachen.de" port 30701',
'"01.nodes.freifunk-aachen.de" port 30801',
'"01.nodes.freifunk-aachen.de" port 30901'
},
},
aachen02 = {
key = 'c73c4b030f4b79c448d7a5127a49b2002ddfacb30304f95de41bb3ededa0dcd9',
remotes = {
'"02.nodes.ffac.rocks" port 30002',
'"02.nodes.ffac.rocks" port 30102',
'"02.nodes.ffac.rocks" port 30202',
'"02.nodes.ffac.rocks" port 30302',
'"02.nodes.ffac.rocks" port 30402',
'"02.nodes.ffac.rocks" port 30502',
'"02.nodes.ffac.rocks" port 30602',
'"02.nodes.ffac.rocks" port 30702',
'"02.nodes.ffac.rocks" port 30802',
'"02.nodes.ffac.rocks" port 30902'
},
},
aachen03 = {
key = 'e1eec07bddba1fe613d826b50b8b5f3928c9a25f60d44dd40e51ba26d3003311',
remotes = {
'"03.nodes.aachen.freifunk.net" port 30003',
'"03.nodes.aachen.freifunk.net" port 30103',
'"03.nodes.aachen.freifunk.net" port 30203',
'"03.nodes.aachen.freifunk.net" port 30303',
'"03.nodes.aachen.freifunk.net" port 30403',
'"03.nodes.aachen.freifunk.net" port 30503',
'"03.nodes.aachen.freifunk.net" port 30603',
'"03.nodes.aachen.freifunk.net" port 30703',
'"03.nodes.aachen.freifunk.net" port 30803',
'"03.nodes.aachen.freifunk.net" port 30903'
},
},
aachen04 = {
key = 'e939f0f160c329978e8638e4401e9eb1eb39933862e838c91d210ffed922d492',
remotes = {
'"04.nodes.freifunk-aachen.de" port 30004',
'"04.nodes.freifunk-aachen.de" port 30104',
'"04.nodes.freifunk-aachen.de" port 30204',
'"04.nodes.freifunk-aachen.de" port 30304',
'"04.nodes.freifunk-aachen.de" port 30404',
'"04.nodes.freifunk-aachen.de" port 30504',
'"04.nodes.freifunk-aachen.de" port 30604',
'"04.nodes.freifunk-aachen.de" port 30704',
'"04.nodes.freifunk-aachen.de" port 30804',
'"04.nodes.freifunk-aachen.de" port 30904'
},
},
aachen05 = {
key = '2cbd5d5be39c1d98099944feeb9dae404afe3b8df90dbef40315b2e89234a566',
remotes = {
'"05.nodes.ffac.rocks" port 30005',
'"05.nodes.ffac.rocks" port 30105',
'"05.nodes.ffac.rocks" port 30205',
'"05.nodes.ffac.rocks" port 30305',
'"05.nodes.ffac.rocks" port 30405',
'"05.nodes.ffac.rocks" port 30505',
'"05.nodes.ffac.rocks" port 30605',
'"05.nodes.ffac.rocks" port 30705',
'"05.nodes.ffac.rocks" port 30805',
'"05.nodes.ffac.rocks" port 30905'
},
},
aachen06 = {
key = '71da515dd78b100c4097b87bff1ef80d476f34d8abdaab77e93492973fd1e681',
remotes = {
'"06.nodes.aachen.freifunk.net" port 30006',
'"06.nodes.aachen.freifunk.net" port 30106',
'"06.nodes.aachen.freifunk.net" port 30206',
'"06.nodes.aachen.freifunk.net" port 30306',
'"06.nodes.aachen.freifunk.net" port 30406',
'"06.nodes.aachen.freifunk.net" port 30506',
'"06.nodes.aachen.freifunk.net" port 30606',
'"06.nodes.aachen.freifunk.net" port 30706',
'"06.nodes.aachen.freifunk.net" port 30806',
'"06.nodes.aachen.freifunk.net" port 30906'
},
},
},
},
},
bandwidth_limit = {
enabled = false,
ingress = 9000,
egress = 400,
},
},
},
--[[ Autoupdater settings
branch: Automatically update to this branch
branches: Available branches your community is publishing
sub sub
name: Name of branch (is used when compiling images)
mirrors: List of urls where to find the firmware
just serve the images on port 80 via http. a simple apache file-listing is enough.
see: http://luebeck.freifunk.net/firmware/
probability: How often should a node search for updates
1.0 - perform an update every hour
0.5 - on average, perform an update every two hours
0.0 - inhibit any automatic updates
good_signatures: How many signatures should be valid so the node decides to upgrade itself
pubkeys: public keys by developers used in manifest file of branch
manifest file - see gluon readme
$ make manifest GLUON_BRANCH=mybranch
$ contrib/sign.sh $SECRETKEY.file images/sysupgrade/manifest
]]
autoupdater = {
branch = 'stable',
branches = {
stable = {
name = 'stable',
mirrors = {
'http://updates.freifunk-aachen.de/from-2019.1.x/stable/sysupgrade',
'http://updates.ffac.rocks/from-2019.1.x/stable/sysupgrade',
'http://updates.aachen.freifunk.net/from-2019.1.x/stable/sysupgrade',
},
good_signatures = 4,
pubkeys = {
'e1505aadd3c5674a93ff2c8596b2cb2d857b068b18f9a398a182b003a5e5040b', -- Bob (Build Server @skydisk)
'b34dc4f34a5a6c588f6ac41736edd1195d9f5e949f913d4cc7a4777ebbf22c9c', -- MrMM
'd6a35069e60afad2f4554d6609c0934e478e264e7cfbd131afeac66ba745dc02', -- Shiva
'5bdb75b8f2f290453933975ba772b94596a5dae5091a1e638d96e053247cf404', -- Monty
'fcdc42af066d65fb655ab6d6f4709507dd29a0d38732bf60b3cbbdb1be6f7d24', -- Jannic
'8672f3f07594d0b078780470f416580139ca4cf7c0984aeeb718abdbe2d14196', -- Sirius
'342522f118b92ebeb5a8c9c9a2269faa886a14a798190fe5730cfff513a79dd3', -- vegms
'f5790bb64dd695f5f87469c47ecda11e218a35f5da807367110d1cb6354eb005', -- Sellerie
},
},
beta = {
name = 'beta',
mirrors = {
'http://updates.freifunk-aachen.de/from-2019.1.x/beta/sysupgrade',
'http://updates.ffac.rocks/from-2019.1.x/beta/sysupgrade',
'http://updates.aachen.freifunk.net/from-2019.1.x/beta/sysupgrade',
},
good_signatures = 3,
pubkeys = {
'e1505aadd3c5674a93ff2c8596b2cb2d857b068b18f9a398a182b003a5e5040b', -- Bob (Build Server @skydisk)
'b34dc4f34a5a6c588f6ac41736edd1195d9f5e949f913d4cc7a4777ebbf22c9c', -- MrMM
'd6a35069e60afad2f4554d6609c0934e478e264e7cfbd131afeac66ba745dc02', -- Shiva
'5bdb75b8f2f290453933975ba772b94596a5dae5091a1e638d96e053247cf404', -- Monty
'fcdc42af066d65fb655ab6d6f4709507dd29a0d38732bf60b3cbbdb1be6f7d24', -- Jannic
'8672f3f07594d0b078780470f416580139ca4cf7c0984aeeb718abdbe2d14196', -- Sirius
'342522f118b92ebeb5a8c9c9a2269faa886a14a798190fe5730cfff513a79dd3', -- vegms
'f5790bb64dd695f5f87469c47ecda11e218a35f5da807367110d1cb6354eb005', -- Sellerie
},
},
experimental = {
name = 'experimental',
mirrors = {
'http://updates.freifunk-aachen.de/from-2019.1.x/experimental/sysupgrade',
'http://updates.ffac.rocks/from-2019.1.x/experimental/sysupgrade',
'http://updates.aachen.freifunk.net/from-2019.1.x/experimental/sysupgrade',
},
good_signatures = 2,
pubkeys = {
'e1505aadd3c5674a93ff2c8596b2cb2d857b068b18f9a398a182b003a5e5040b', -- Bob (Build Server @skydisk)
'b34dc4f34a5a6c588f6ac41736edd1195d9f5e949f913d4cc7a4777ebbf22c9c', -- MrMM
'd6a35069e60afad2f4554d6609c0934e478e264e7cfbd131afeac66ba745dc02', -- Shiva
'5bdb75b8f2f290453933975ba772b94596a5dae5091a1e638d96e053247cf404', -- Monty
'fcdc42af066d65fb655ab6d6f4709507dd29a0d38732bf60b3cbbdb1be6f7d24', -- Jannic
'8672f3f07594d0b078780470f416580139ca4cf7c0984aeeb718abdbe2d14196', -- Sirius
'342522f118b92ebeb5a8c9c9a2269faa886a14a798190fe5730cfff513a79dd3', -- vegms
'f5790bb64dd695f5f87469c47ecda11e218a35f5da807367110d1cb6354eb005', -- Sellerie
},
},
},
},
-- Show/hide the altitude field
config_mode = {
hostname = {
optional = false,
},
remote_login = {
show_password_form = true,
min_password_length = 10,
},
geo_location = {
show_altitude = false,
},
owner = {
obligatory = true,
},
},
setup_mode = {
skip = false,
},
authorized_keys = { '', },
ssid_changer = {
enabled = true,
switch_timeframe = 1, -- only once every timeframe (in minutes) the SSID will change to OFFLINE
-- set to 1440 to change once a day
-- set to 1 minute to change every time the router gets offline
first = 2, -- the first few minutes directly after reboot within which an Offline-SSID always may be activated
prefix = 'FF_Offline_', -- use something short to leave space for the nodename (no '~' allowed!)
suffix = 'nodename', -- generate the SSID with either 'nodename', 'mac' or to use only the prefix: 'none'
tq_limit_enabled = false, -- if false, the offline SSID will only be set if there is no gateway reacheable
-- upper and lower limit to turn the offline_ssid on and off
-- in-between these two values the SSID will never be changed to prevent it from toggeling every minute.
tq_limit_max = 55, -- upper limit, above that the online SSID will be used
tq_limit_min = 45, -- lower limit, below that the offline SSID will be used
},
}
-- /* vi: set ft=lua: */