feat: openwrt config

This commit is contained in:
Tine 2024-11-03 22:33:24 +01:00
parent 5f312f17af
commit 63d21650e4
Signed by: mentos1386
SSH key fingerprint: SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
6 changed files with 67 additions and 8 deletions

View file

@ -54,6 +54,12 @@ tailscale up --accept-routes --advertise-routes=$IPV4_SUBNET,$IPV6_SUBNET --acce
### 5. Configure `NAT`, `DHCP`. ### 5. Configure `NAT`, `DHCP`.
Once tailscale is up and manually configured (see the config files for guide).
We can use automated way of maintaining config.
```
just deploy-config nevaroo 10.0.48.0 fd9b:5314:0:3000::
```
# TODO # TODO

View file

@ -20,3 +20,21 @@ destroy:
#!/usr/bin/env sh #!/usr/bin/env sh
cd {{justfile_directory()}}/terraform cd {{justfile_directory()}}/terraform
tofu destroy tofu destroy
deploy-config node ipv4_subnet ipv6_subnet:
#!/usr/bin/env sh
echo "Configuring {{node}}.network.tjo.cloud"
echo " - IPv4: {{ipv4_subnet}}"
echo " - IPv6: {{ipv6_subnet}}"
for file in {{justfile_directory()}}/openwrt/etc/config/*
do
echo "Deploying /etc/config/$(basename $file)"
export IPV4_SUBNET="{{ipv4_subnet}}"
export IPV6_SUBNET="{{ipv6_subnet}}"
export HOSTNAME="{{node}}.network.tjo.cloud"
cat $file | envsubst | tailscale ssh "root@{{node}}-network-tjo-cloud" "cat > /etc/config/$(basename $file)"
done
echo "Reloading network configuration"
tailscale ssh "root@{{node}}-network-tjo-cloud" "/etc/init.d/network reload"

View file

@ -1,21 +1,17 @@
config dnsmasq config dnsmasq
option domainneeded '1' option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1' option localise_queries '1'
option rebind_protection '1' option rebind_protection '1'
option rebind_localhost '1' option rebind_localhost '1'
option expandhosts '1' option expandhosts '1'
option nonegcache '0'
option cachesize '1000' option cachesize '1000'
option authoritative '1' option authoritative '1'
option readethers '1' option readethers '1'
option leasefile '/tmp/dhcp.leases' option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto' option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1' option localservice '1'
option ednspacket_max '1232' option ednspacket_max '1232'
list interface 'lan' list interface 'lan'
config dhcp 'lan' config dhcp 'lan'
option interface 'lan' option interface 'lan'
@ -25,7 +21,6 @@ config dhcp 'lan'
option dhcpv4 'server' option dhcpv4 'server'
option dhcpv6 'server' option dhcpv6 'server'
option ra 'server' option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config' list ra_flags 'managed-config'
list ra_flags 'other-config' list ra_flags 'other-config'

View file

@ -1,8 +1,8 @@
config defaults config defaults
option syn_flood '1'
option input 'REJECT' option input 'REJECT'
option output 'ACCEPT' option output 'ACCEPT'
option forward 'REJECT' option forward 'REJECT'
option synflood_protect '1'
config zone config zone
option name 'lan' option name 'lan'
@ -10,7 +10,6 @@ config zone
option output 'ACCEPT' option output 'ACCEPT'
option forward 'ACCEPT' option forward 'ACCEPT'
list network 'lan' list network 'lan'
list network 'tailscale'
config zone config zone
option name 'wan' option name 'wan'
@ -118,3 +117,20 @@ config rule
option dest_port '500' option dest_port '500'
option proto 'udp' option proto 'udp'
option target 'ACCEPT' option target 'ACCEPT'
config zone
option name 'tailscale'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
list network 'tailscale'
config forwarding
option src 'tailscale'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'tailscale'

View file

@ -24,10 +24,20 @@ config interface 'lan'
config interface 'wan' config interface 'wan'
option device 'eth0' option device 'eth0'
option proto 'dhcp' option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1' # cloudflare primary
list dns '9.9.9.9' # quad9 primary
list dns '1.0.0.1' # cloudflare backup
list dns '149.112.112.112' # quad9 backup
config interface 'wan6' config interface 'wan6'
option device 'eth0' option device 'eth0'
option proto 'dhcpv6' option proto 'dhcpv6'
option peerdns '0'
list dns '2606:4700:4700::1111' # cloudflare primary
list dns '2620:fe::fe' # quad9 primary
list dns '2606:4700:4700::1001' # cloudflare backup
list dns '2620:fe::9' # quad9 backup
# TAILSCALE # TAILSCALE
config interface 'tailscale' config interface 'tailscale'

14
openwrt/etc/config/system Normal file
View file

@ -0,0 +1,14 @@
config system
option hostname '${HOSTNAME}'
option timezone 'UTC'
option ttylogin '0'
option log_size '64'
option urandom_seed '0'
config timeserver 'ntp'
option enabled '1'
option enable_server '0'
list server '0.openwrt.pool.ntp.org'
list server '1.openwrt.pool.ntp.org'
list server '2.openwrt.pool.ntp.org'
list server '3.openwrt.pool.ntp.org'