diff --git a/README.md b/README.md index 4922147..a96aa74 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ You **MUST** specify these options, or Lixonet will not work. * `netmask`: router netmask: defaults to `255.255.255.0` (`/24`); _SHOULD_ be the bitmask that corresponds to the `router_prefix` #### Tinc options - * `tinc_interface_name` - The name of the interface that Tinc should create when it's started. Defaults to `lixonet`. Set this for multiple networks. + * `network_name` - The name of the interface that Tinc should create when it's started. Defaults to `lixonet`. Set this for multiple networks. * `tinc_bind_address` - The address that Tinc should bind to to _listen_ for incoming WAN-sided connections (i.e. 10.0.0.1). This is _not_ the Lixonet router IP (i.e. 172.31.0.8). Use this if you have an `eth1` that you _don't_ want to use for binding tinc to, and would prefer to bind tinc exclusivley to `eth0` instead. * `tinc_connect_to` - A comma-separated list of well-known/pre-defined hosts to connect to (i.e. `denco_mane_lixo`). If not supplied, this is automatically set to all core routers that aren't yourself (`name`). diff --git a/bird/bird.conf.tmpl b/bird/bird.conf.tmpl index 435e819..1f48cb4 100644 --- a/bird/bird.conf.tmpl +++ b/bird/bird.conf.tmpl @@ -12,11 +12,11 @@ log stderr all; # Using docker; defer logging to stderr (to Docker logs) debug protocols all; # Enable debugging (this should be switched off in prod) -router id ${address}; +router id ${tinc_peer_address}; # Custom routing tables # See: https://bird.network.cz/?get_doc&v=20&f=bird-2.html (recommended read) -ipv4 table lixonet_v4; +ipv4 table ${network_name:-lixonet}_v4; roa4 table r4; # ROA RPKI # RPKI @@ -120,13 +120,13 @@ filter kernel_export_filter_v4 # See how dn42 does it; we're very similar: https://dn42.net/howto/Bird protocol static { ipv4 { - table lixonet_v4; + table ${network_name:-lixonet}_v4; import all; export none; }; # Announced networks - {{ if len "${routes:-}" }}{{ range "$routes" | split "," }}route {{.}} reject; + {{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}route {{.}} reject; {{ end }}{{ end }} }; @@ -136,8 +136,8 @@ protocol static { # This prevents BGP from listening on eth0/off-network protocol device { scan time 10; # Scan the interfaces often - interface "lixonet" { - preferred ${address}; + interface "${network_name:-lixonet}" { + preferred ${tinc_peer_address}; }; }; @@ -155,7 +155,7 @@ protocol kernel { # Primary routing table persist; # Don't remove routes on bird shutdown scan time 10; # Scan kernel routing table every 10 seconds ipv4 { - table lixonet_v4; + table ${network_name:-lixonet}_v4; import none; # Don't try to import any routes from the kernel export filter kernel_export_filter_v4; # Export everything we are told to the kernel }; @@ -168,10 +168,10 @@ protocol kernel { # Primary routing table # individual neighbor configurations where per-neighbor configurations (such as their # ASN) are applied. template bgp lixonet_client { - local as ${asn}; # Local AS advertised to peers, read from lixonet.conf + local as ${bgp_asn}; # Local AS advertised to peers - source address ${address}; # What local IP address we use for any outbound TCP - # connections on port 179 + source address ${tinc_peer_address}; # What local IP address we use for any outbound TCP + # connections on port 179 path metric ${bgp_path_metric:-1}; # 1 = Prefer routes with shorter paths (like Cisco does) @@ -180,7 +180,7 @@ template bgp lixonet_client { # BGP IPv4 channel settings ipv4 { - table lixonet_v4; + table ${network_name:-lixonet}_v4; # Always advertise our own local address as a next hop, even in cases where the # current Next Hop attribute should be used unchanged. @@ -204,8 +204,8 @@ template bgp lixonet_client { }; # Neighbors -{{ range files "bird/neighbors" }} {{ if ne . "${name}" }} +{{ range files "bird/neighbors" }} {{ if ne . "${tinc_peer_name}" }} protocol bgp {{ . }} from lixonet_client { - description "Lixonet BGP link from ${address} (ASN: ${asn}) to {{ . }}"; + description "Lixonet BGP link to {{ . }}"; {{ include (print "bird/neighbors/" .) }} };{{ end }}{{ end }} diff --git a/bird/neighbors/daltx_nurd_lixo b/bird/neighbors/daltx_nurd_lixo deleted file mode 100644 index d3e8c27..0000000 --- a/bird/neighbors/daltx_nurd_lixo +++ /dev/null @@ -1,2 +0,0 @@ -neighbor 172.31.0.212 as 4206969212; -{{ if len "${bgp_passwd_daltx_nurd_lixo:-}" }}password "${bgp_passwd_daltx_nurd_lixo}";{{ end }} diff --git a/bird/neighbors/denco_mane_lixo b/bird/neighbors/denco_mane_lixo deleted file mode 100644 index 55727b9..0000000 --- a/bird/neighbors/denco_mane_lixo +++ /dev/null @@ -1,2 +0,0 @@ -neighbor 172.31.0.8 as 4206969008; -{{ if len "${bgp_passwd_denco_mane_lixo:-}" }}password "${bgp_passwd_denco_mane_lixo}";{{ end }} diff --git a/bird/neighbors/glaz_nurd_lixo b/bird/neighbors/glaz_nurd_lixo deleted file mode 100644 index 87456df..0000000 --- a/bird/neighbors/glaz_nurd_lixo +++ /dev/null @@ -1,2 +0,0 @@ -neighbor 172.31.0.200 as 4206969200; -{{ if len "${bgp_passwd_glaz_nurd_lixo:-}" }}password "${bgp_passwd_glaz_nurd_lixo}";{{ end }} diff --git a/bird/neighbors/lkwco_mane_lixo b/bird/neighbors/lkwco_mane_lixo deleted file mode 100644 index e5e0912..0000000 --- a/bird/neighbors/lkwco_mane_lixo +++ /dev/null @@ -1,2 +0,0 @@ -neighbor 172.31.0.16 as 4206969016; -{{ if len "${bgp_passwd_lkwco_mane_lixo:-}" }}password "${bgp_passwd_lkwco_mane_lixo}";{{ end }} diff --git a/bird/neighbors/phxaz_nurd_lixo b/bird/neighbors/phxaz_nurd_lixo deleted file mode 100644 index aa1d3b0..0000000 --- a/bird/neighbors/phxaz_nurd_lixo +++ /dev/null @@ -1,2 +0,0 @@ -neighbor 172.31.0.208 as 4206969208; -{{ if len "${bgp_passwd_phxaz_nurd_lixo:-}" }}password "${bgp_passwd_phxaz_nurd_lixo}";{{ end }} diff --git a/bird/rpki/hosts/denco_mane_lixo b/bird/rpki/hosts/denco_mane_lixo deleted file mode 100644 index ae20ea0..0000000 --- a/bird/rpki/hosts/denco_mane_lixo +++ /dev/null @@ -1 +0,0 @@ -remote 172.31.0.8 port 8282; diff --git a/bird/rpki/known_hosts b/bird/rpki/known_hosts deleted file mode 100644 index e69de29..0000000 diff --git a/build.sh b/build.sh index 8173712..fe6c303 100644 --- a/build.sh +++ b/build.sh @@ -1,37 +1,55 @@ #!/bin/ash -# Tinc -# Remove existing configuration -rm -v -rf /etc/tinc/* -# Copy all tinc default files to /etc/(tinc) -find tinc -type d | xargs -I '{}' mkdir --verbose -p /etc/{} -find tinc -type f | xargs -I '{}' cp --verbose {} /etc/{} -# Fill out templates and remove them after -find /etc/tinc/ -type f -name '*.tmpl' -exec sh -c 'sigil -f {} -p $(cat /etc/lixonet/lixonet.conf | tr "\\n" " ") > "$(dirname {})/$(basename {} .tmpl)"' {} \; -find /etc/tinc/ -type f -name '*.tmpl' | xargs -I '{}' rm -f {} -# Copy private key -cp /etc/lixonet/tinc.key /etc/tinc/lixonet/rsa_key.priv -# Set permissions for tinc scripts -chmod +x /etc/tinc/lixonet/tinc-up -chmod +x /etc/tinc/lixonet/tinc-down -chmod +x /etc/tinc/lixonet/subnet-up -chmod +x /etc/tinc/lixonet/subnet-down +topdir=`pwd` -# Bird -# Remove existing configuration -rm -v -rf /etc/bird/* -# Copy all tinc default files to /etc/(bird) -find bird -type d | xargs -I '{}' mkdir --verbose -p /etc/{} -find bird -type f | xargs -I '{}' cp --verbose {} /etc/{} -# Fill out templates and remove them after -find /etc/bird/ -type f -name '*.tmpl' -exec sh -c 'sigil -f {} -p $(cat /etc/lixonet/lixonet.conf | tr "\\n" " ") > "$(dirname {})/$(basename {} .tmpl)"' {} \; -find /etc/bird/ -type f -name '*.tmpl' | xargs -I '{}' rm -f {} +for dir in /etc/lixonet/*/ # list directories in the form "/tmp/dirname/" +do + # Pop directory + cd $topdir -# GoRTR -# Remove existing configuration -rm -v -rf /etc/gortr/* -# Copy all gortr default files to /etc/(gortr) -find gortr -type d | xargs -I '{}' mkdir --verbose -p /etc/{} -find gortr -type f | xargs -I '{}' cp --verbose {} /etc/{} + dir=${dir%*/} # remove the trailing "/" + netname=${dir##*/} # print everything after the final "/" -docker-compose up -d --build + # Load relevant environment variables from lixonet.conf + unset git + source $dir/lixonet.conf + + echo "Configuring Lixonet3 network $netname from $git..." + + # Clone and enter the repository + git clone $git + cd "$(basename "$git" .git)" + + # Copy default files + cp -r ../tinc/* tinc/ + cp -r ../bird/* bird/ + + # Tinc + # Remove existing configuration + rm -v -rf /etc/tinc/$netname/* + # Copy all tinc default files to /etc/(tinc) + find tinc -type d | sed -e "s@tinc@tinc/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{} + find tinc -type f | sed -e "s@tinc@tinc/${netname}@g" | xargs -I '{}' cp --verbose {} /etc/{} + # Fill out templates and remove them after + find /etc/tinc/$netname/ -type f -name '*.tmpl' -exec sh -c 'sigil -f {} -p $(cat /etc/lixonet/$netname/lixonet.conf | tr "\\n" " ") > "$(dirname {})/$(basename {} .tmpl)"' {} \; + find /etc/tinc/$netname/ -type f -name '*.tmpl' | xargs -I '{}' rm -f {} + # Copy private key + cp /etc/lixonet/$netname/tinc.key /etc/tinc/$netname/rsa_key.priv + # Set permissions for tinc scripts + chmod +x /etc/tinc/$netname/tinc-up + chmod +x /etc/tinc/$netname/tinc-down + chmod +x /etc/tinc/$netname/subnet-up + chmod +x /etc/tinc/$netname/subnet-down + + # Bird + # Remove existing configuration + rm -v -rf /etc/bird/$netname/* + # Copy all tinc default files to /etc/(bird) + find bird -type d | sed -e "s@bird@bird/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{} + find bird -type f | sed -e "s@bird@bird/${netname}@g" | xargs -I '{}' cp --verbose {} /etc/{} + # Fill out templates and remove them after + find /etc/bird/$netname/ -type f -name '*.tmpl' -exec sh -c 'sigil -f {} -p $(cat /etc/lixonet/$netname/lixonet.conf | tr "\\n" " ") > "$(dirname {})/$(basename {} .tmpl)"' {} \; + find /etc/bird/$netname/ -type f -name '*.tmpl' | xargs -I '{}' rm -f {} + + #docker-compose up -d --build +done diff --git a/docker-compose.yml b/docker-compose.yml index 3f515b5..50b76ac 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,10 +9,10 @@ services: - "655:655/tcp" - "655:655/udp" volumes: - - /etc/tinc:/etc/tinc + - /etc/tinc/${NETNAME}:/etc/tinc/${NETNAME} environment: - RUNMODE=server - - NETNAME=lixonet + - NETNAME=${NETNAME} cap_add: - NET_ADMIN devices: @@ -26,7 +26,7 @@ services: ports: - "179:179/tcp" volumes: - - /etc/bird:/etc/bird + - /etc/bird/${NETNAME}:/etc/bird/${NETNAME} cap_add: - NET_ADMIN restart: always diff --git a/gortr/roas.json b/gortr/roas.json deleted file mode 100644 index c6018c4..0000000 --- a/gortr/roas.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "roas": [ - { - "comment": "denco.mane.lixo", - "asn": "AS4206969008", - "prefix": "172.31.8.0/21", - "maxLength": 21 - }, - { - "comment": "lkwco.mane.lixo", - "asn": "AS4206969016", - "prefix": "172.31.16.0/21", - "maxLength": 21 - }, - { - "comment": "inwwv.nurd.lixo", - "asn": "AS4206969200", - "prefix": "172.31.200.0/21", - "maxLength": 21 - }, - { - "comment": "manva.nurd.lixo", - "asn": "AS4206969208", - "prefix": "172.31.208.0/22", - "maxLength": 22 - }, - { - "comment": "daltx.nurd.lixo", - "asn": "AS4206969212", - "prefix": "172.31.212.0/22", - "maxLength": 22 - }, - { - "comment": "phxaz.nurd.lixo", - "asn": "AS4206969216", - "prefix": "172.31.216.0/21", - "maxLength": 21 - }, - { - "comment": "anycast denco.mane.lixo", - "asn": "AS4206969008", - "prefix": "172.31.254.0/24", - "maxLength": 24 - }, - { - "comment": "anycast manva.nurd.lixo", - "asn": "AS4206969208", - "prefix": "172.31.254.0/24", - "maxLength": 24 - }, - { - "comment": "anycast phxaz.nurd.lixo", - "asn": "AS4206969216", - "prefix": "172.31.254.0/24", - "maxLength": 24 - } - ] -} diff --git a/tinc/lixonet/hosts/daltx_nurd_lixo b/tinc/lixonet/hosts/daltx_nurd_lixo deleted file mode 100644 index 59bb981..0000000 --- a/tinc/lixonet/hosts/daltx_nurd_lixo +++ /dev/null @@ -1,15 +0,0 @@ -Address = daltx.needs.vodka -Port = 9993 -Cipher = blowfish -Digest = sha1 - -Subnet = 172.31.0.212/32 - ------BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEA8p5Pyqe/jSht3wO2QYR/Oyxw+kZGBzeXlmESg+UM3XobOf5v60JE -08Xb+KTuykSSdsPTKjKi5ulg6oYUGeSHcne1Kg1/sri5G+r8QTGYJ+wF4FlkUmkp -JasriArrUPCg/IRcsWlRzG3i8sotzgfD78ryGN1tnNYUUT7qBguJEl/XpSLdrugH -caL/MtXdQ1WIKtRjZdqUrwdNUmpsAgDd7Oc/xJx9bdg00OltX8cJHLExHT9wl8Dy -kmAGi+C2ncyVBisWKAo0W2a6IUe/G0aZLfoIABanPBUHAvERv2AaS5sbRWJDVa5Z -umoF2QtkfrgGu0Wftu6coG58wgxgtjv9jwIDAQAB ------END RSA PUBLIC KEY----- diff --git a/tinc/lixonet/hosts/denco_mane_lixo b/tinc/lixonet/hosts/denco_mane_lixo deleted file mode 100644 index 555ec58..0000000 --- a/tinc/lixonet/hosts/denco_mane_lixo +++ /dev/null @@ -1,15 +0,0 @@ -Address = tunnel.teamlixo.net -Port = 9993 -Cipher = blowfish -Digest = sha1 - -Subnet = 172.31.0.8/32 - ------BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEAlo0meA9kqA/IgUxiXaAqEteSBo5g2EHwdZOGpdS0FMggQDg0DsG9 -je7xDsCsoelDoWXGvivRGp5vzovYMkd1KeT+alMJVsKcM+6UNjBSZ75s9TOp0/Pw -FkkhlzibiFpQ+BVng3SVnR/ZnfFTT0zn1egxlT1OPp40GcpCMf8ZFSseyWBLItxo -GXFXAZZfg/OjtnKFfnEtYpMdN/uZFk8fe9v6V2z+lcfg7wo0v2EvLnV53LBG+Rjv -TAUrE1Mkb/tET0vc5NP3fYJxCrBnMY+V+XDEb4eh/FVVwaJwK7IeM1IENpnCNMVi -m1wFyBI0inVplKvQSrBF22rW6/ccqyUv/QIDAQAB ------END RSA PUBLIC KEY----- diff --git a/tinc/lixonet/hosts/inwwv_nurd_lixo b/tinc/lixonet/hosts/inwwv_nurd_lixo deleted file mode 100644 index cf9b79e..0000000 --- a/tinc/lixonet/hosts/inwwv_nurd_lixo +++ /dev/null @@ -1,19 +0,0 @@ -# This is a local node; no direct connections are possible as it -# is behind a dynamic host. Therefore, we set the host address -# to 0.0.0.0 - -Address = 0.0.0.0 -Port = 9993 -Cipher = blowfish -Digest = sha1 - -Subnet = 172.31.0.200/32 - ------BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEAqMJesuX07HCLjDI+DuWCvZvWk9CoTLdjlYiDkHWkeyy6vkkHH+mP -qqo4mo1vPiIwQJoBxAdjO1qN1CMBA1SR/JtRLXpo2tvLHlW96vN4XbKtOuOa3rNy -OH1UGC+JOagYAAxoHQfZWmmYs8hM80g9J80jP99wuwY+ZQJELxtLpOl3hwMbFx8I -LqjiFPEMflz3wJDiFoI4dSRd+IvwIIzTUqId6yNgDpZLalZ73DvTj2GKUWZu525k -oAyWxuFit1f55tLNa0SgKf8VefDIXl4uCuQN4SUHTGQo0H/luUh92OFE+hhG1EMj -Ja45AZ+3+DYFX0eLVyTq/OCjHugHsBOAPwIDAQAB ------END RSA PUBLIC KEY----- diff --git a/tinc/lixonet/hosts/lkwco_mane_lixo b/tinc/lixonet/hosts/lkwco_mane_lixo deleted file mode 100644 index 08d6ef4..0000000 --- a/tinc/lixonet/hosts/lkwco_mane_lixo +++ /dev/null @@ -1,19 +0,0 @@ -# This is a local node; no direct connections are possible as it -# is behind a dynamic host. Therefore, we set the host address -# to 0.0.0.0 - -Address = 0.0.0.0 -Port = 9993 -Cipher = blowfish -Digest = sha1 - -Subnet = 172.31.0.16/32 - ------BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEAo2NyYsNCAKl0xMlyMxKfK9oJ0MV1xkotQGKXAt22wB3G23M979nz -5A/FSUaTKoiuZlGU67A+4d4VXWMXjxkaEn3xTASqv1wmrZbV5i7VIpoIbIekJ8iS -VW1e2NXgYkSECNafubMGyScUaauMU3mAAn8gcO4hLVrmXaRIElViUoFP1U/5kLik -vfDNTBdEdgy8z7Nq9nkGmq18TGVPfDSbf0DjG0jLoaBbKZwCw6dkTyCeRbjkwh+i -jVLP0vWt1B9RIrzdyRzEka81yGFDFPgDZPkql4pZdVoTG2A8953oonxPPa+HBF/d -bKAsu4QRGLCPI+AaIRxaoS2EaM9oBEqdHQIDAQAB ------END RSA PUBLIC KEY----- diff --git a/tinc/lixonet/hosts/manva_nurd_lixo b/tinc/lixonet/hosts/manva_nurd_lixo deleted file mode 100644 index d7d0fa8..0000000 --- a/tinc/lixonet/hosts/manva_nurd_lixo +++ /dev/null @@ -1,15 +0,0 @@ -Address = paperbag.needs.vodka -Port = 9993 -Cipher = blowfish -Digest = sha1 - -Subnet = 172.31.0.208/32 - ------BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEApp+DSQCFowhht6YW3+uWynL3CH1NHvoZvWpI1Rb94z2sez32bMwD -PijqlTLYjbCf9xjV2IeGJk41QHhZs29kJmaO9BARYzl44GlmfnwQVbJVRot13r10 -efa6au2gaRm6IucLB6qrExhstGfZtOfsLE3ydoeTeKq4uPy07X0GU91hXNRbrvUX -bzfvDUhLw0sd84g/15lEtm+wrUMfMhWuoVe0o3F/4x23pE+w57feK5jDxQUbE5LB -ICt0z+hzNKVqC1GKQ3sCqtMSEm9Tl/SXdCxVuWbBb2q241wgqjQZvczdbcYHkL9B -9qJWQ+Y63sm0gMRZL6tR7cXBnWF1nLEYqwIDAQAB ------END RSA PUBLIC KEY----- diff --git a/tinc/lixonet/tinc-up.tmpl b/tinc/lixonet/tinc-up.tmpl deleted file mode 100644 index 09b5094..0000000 --- a/tinc/lixonet/tinc-up.tmpl +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -ifconfig \$INTERFACE ${address} netmask ${netmask:-255.255.255.0} diff --git a/tinc/lixonet/subnet-down.tmpl b/tinc/subnet-down.tmpl similarity index 100% rename from tinc/lixonet/subnet-down.tmpl rename to tinc/subnet-down.tmpl diff --git a/tinc/lixonet/subnet-up.tmpl b/tinc/subnet-up.tmpl similarity index 100% rename from tinc/lixonet/subnet-up.tmpl rename to tinc/subnet-up.tmpl diff --git a/tinc/tinc-up.tmpl b/tinc/tinc-up.tmpl new file mode 100644 index 0000000..32a5d4d --- /dev/null +++ b/tinc/tinc-up.tmpl @@ -0,0 +1,2 @@ +#!/bin/sh +ifconfig \$INTERFACE ${tinc_peer_address} netmask ${netmask:-255.255.255.0} diff --git a/tinc/lixonet/tinc.conf.tmpl b/tinc/tinc.conf.tmpl similarity index 88% rename from tinc/lixonet/tinc.conf.tmpl rename to tinc/tinc.conf.tmpl index 51649fb..d1870c1 100644 --- a/tinc/lixonet/tinc.conf.tmpl +++ b/tinc/tinc.conf.tmpl @@ -6,7 +6,7 @@ # This is a configuration file for Lixonet that is already pre-configured for # you. Please refer to your lixonet.conf file for changing parameters. -Name = ${name} +Name = ${tinc_peer_name} # Do not change these. Lixonet runs over port 9993 by standard. {{ if len "${tinc_bind_interface:-}" }} @@ -17,7 +17,7 @@ BindToAddress ${tinc_bind_address} {{ end }} Port = ${tinc_bind_port:-9994} -# Device is named "lixonet" by Tinc and visible directly in host kernel +# Device is named "${network_name:-lixonet}" by Tinc and visible directly in host kernel DeviceType = ${tinc_device_type:-tap} Device = ${tinc_device:-/dev/net/tun} Mode = ${tinc_mode:-switch} @@ -41,7 +41,7 @@ DirectOnly = ${tinc_direct_only:-yes} ConnectTo = {{.}} {{ end }} {{ else }} -{{ range files "tinc/lixonet/hosts" }}{{ if ne . "${name}" }}{{ if ne . "server" }} +{{ range files "tinc/hosts" }}{{ if ne . "${tinc_peer_name}" }}{{ if ne . "server" }} ConnectTo = {{.}} {{ end }}{{ end }}{{ end }} {{ end }}