nigger/lixonet-ee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
Manevolent 2021-09-21 17:28:39 -06:00
parent 8e2b57d615
commit 12ce80e381
No known key found for this signature in database
GPG Key ID: 2E9B7592DFA4F344
3 changed files with 6 additions and 2 deletions

3
README.md

@ -180,12 +180,13 @@ For options we expose here, for information see: https://bird.network.cz/?get_do
These settings are optional, and are already defaulted to general network common practices.
* `bind_forward_enable`: Enable BIND DNS forwarding when DNS queries are received from other nodes Lixonet for a domain that you control (i.e. lkwco.mane.lixo on that Lixonet box). `1`/enabled, `0`/disabled. Defaults to `1`.
* `bind_forward_address`: The overridden DNS server IP address to forward all requests for your own domain to. Defaults to the value of `internal_gateway`, which is proper in most if not all cases. Your BIND zone is automatically converted from your `tinc_peer_name` (i.e. `lkwco_mane_lixo` becomes `lkwco.mane.lixo`).
* `tld`: The network-wide TLD to use. Defaults to `lixo`.
#### Wireguard options
Keep in mind that Wireguard is presently an auxilliary satellite connection point. Because of this, you shouldn't re-use any IP addresses related to WG. Consider planning a piece (/32, see `wg_prefix`) of your network (i.e. 172.31.y.z) where `y` is your first network number, i.e. `8` or `16` and `z` is an unused address and setting that to `wg_address`.
Keep in mind that Wireguard is presently an auxilliary satellite connection point. Because of this, you shouldn't re-use any IP addresses related to WG. Consider planning a piece (/32, see `wg_prefix`) of your network (i.e. 172.31.y.z) where `y` is your first network number, i.e. `8` or `16` and `z` is an unused address and setting that to `wg_address`. This is generally only desired on "master" or globally-reachable/hosted nodes to construct an overlay VPN.
* `wg_enabled`: Set to 1 to enable WireGuard. Defaults to 0/disabled.
* `wg_key`: Required. The private key to use for the Wireguard peering point.

2
bind/named.conf.tmpl

@ -61,12 +61,14 @@ view "lixonet" {
};
# Local reverse zone forwarders
{{ if eq "1" "${bind_forward_enable:-1}" }}
{{ if len "${local_reverse_zones:-}" }}{{ range "$local_reverse_zones" | split "," }}zone "{{ . }}" {
type forward;
forward only;
forwarders { ${bind_forward_address-"${internal_gateway}"}; };
};
{{ end }}{{ end }}
{{ end }}
# Peer forwarding zones
{{ range files "bind/peers" }} {{ if ne . "${tinc_peer_name}" }}

1
install.sh

@ -49,4 +49,5 @@ touch /etc/lixonet/version
chmod 660 /etc/lixonet/version
stat /etc/lixonet/version
docker rm -f lixonet-ee
docker build -t lixonet-ee . && docker run --restart always -d -e DOCKER_HOST=unix:///var/run/docker.sock -e GIT_URL=$ORIGIN -v /var/run/docker.sock:/var/run/docker.sock -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /etc/lixonet/known_hosts:/home/lixonet/.ssh/known_hosts -v /etc/lixonet/id_rsa:/home/lixonet/.ssh/id_rsa --name lixonet-ee lixonet-ee