-
Notifications
You must be signed in to change notification settings - Fork 7
/
1.gateway.pp
59 lines (51 loc) · 2.07 KB
/
1.gateway.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
class {
'ffnord::params':
router_id => "10.187.5.1", # The id of this router, probably the ipv4 address
# of the mesh device of the providing community
icvpn_as => "65187", # The as of the providing community
wan_devices => ['eth0'], # An array of devices which should be in the wan zone
wmem_default => 87380, # Define the default socket send buffer
wmem_max => 12582912, # Define the maximum socket send buffer
rmem_default => 87380, # Define the default socket recv buffer
rmem_max => 12582912, # Define the maximum socket recv buffer
gw_control_ips => "8.8.8.8", # Define target to ping against for function check
max_backlog => 5000, # Define the maximum packages in buffer
include_bird4 => false,
maintenance => 1,
batman_version => 15,
}
ffnord::mesh {
'mesh_ffnord':
mesh_name => "Freifunk Nord"
, mesh_code => "ffnord"
, mesh_as => "65187"
, mesh_mac => "fe:ed:be:ef:ff:01"
, vpn_mac => "fe:ed:be:ff:ff:01"
, mesh_ipv6 => "fd42:eb49:c0b5:4242::fd01/64"
, mesh_ipv4 => "10.187.5.1/17"
, range_ipv4 => "10.187.0.0/16"
, mesh_mtu => "1280"
, mesh_peerings => "/root/mesh_peerings.yaml"
, fastd_secret => "/root/nord-gw1-fastd-secret.key"
, fastd_port => 10050
, fastd_peers_git => '[email protected]:ffnord/nord-ffffng-keys.git'
, dhcp_ranges => ['10.187.5.2 10.187.8.254']
, dns_servers => ['10.187.5.1'] # should be the same as $router_id
}
class {'ffnord::vpn::provider::pia':
openvpn_server => "germany.privateinternetaccess.com",
openvpn_port => 3478,
openvpn_user => "xxxxxxx",
openvpn_password => "xxxxxxxx";
}
ffnord::named::zone {
"nord": zone_git => "https://github.com/Freifunk-Nord/nord-zone-bat15.git", exclude_meta => 'nord';
}
class {
['ffnord::etckeeper','ffnord::rsyslog','ffnord::alfred']:
}
# Useful packages
package {
['vim','tcpdump','dnsutils','realpath','screen','htop','mlocate','tig']:
ensure => installed;
}