Merge branch 'master' of github.com:Manevolent/lixonet-ee

.gitignore

@@ -1 +1,3 @@
 build/
+work/
+*.mesh/

bird/bird.conf.tmpl

@@ -17,7 +17,7 @@ timeformat protocol     iso long; # See: https://github.com/czerwonk/bird_export
 
 # Custom routing tables
 # See: https://bird.network.cz/?get_doc&v=20&f=bird-2.html (recommended read)
-ipv4 table ${network_name:-lixonet}_v4;
+ipv4 table ${netname:-lixonet}_v4;
 roa4 table r4; # ROA RPKI
 
 # RPKI
@@ -122,7 +122,7 @@ filter kernel_export_filter_v4
 # See how dn42 does it; we're very similar: https://dn42.net/howto/Bird
 protocol static {
     ipv4 {
-        table ${network_name:-lixonet}_v4;
+        table ${netname:-lixonet}_v4;
         import all;
         export none;
     };
@@ -143,7 +143,7 @@ protocol static {
 # This prevents BGP from listening on eth0/off-network
 protocol device {
     scan time 10;       # Scan the interfaces often
-    interface "${network_name:-lixonet}" {
+    interface "${netname:-lixonet}" {
         preferred ${tinc_peer_address};
     };
 };
@@ -162,7 +162,7 @@ protocol kernel {               # Primary routing table
     persist;                # Don't remove routes on bird shutdown
     scan time 10;           # Scan kernel routing table every 10 seconds
     ipv4 {
-        table ${network_name:-lixonet}_v4;
+        table ${netname:-lixonet}_v4;
         import none;                        # Don't try to import any routes from the kernel
         export filter kernel_export_filter_v4; # Export everything we are told to the kernel
     };
@@ -170,10 +170,11 @@ protocol kernel {               # Primary routing table
 
 # BFD
 protocol bfd {
-    interface "${network_name:-lixonet}" {
-        min rx interval 20 ms;
-        min tx interval 250 ms;
-        idle tx interval 300 ms;
+    interface "${netname:-lixonet}" {
+        min rx interval 1 s;
+        min tx interval 1 s;
+        idle tx interval 5 s;
+        multiplier 5;
     };
 };
 
@@ -199,7 +200,7 @@ template bgp lixonet_client {
 
     # BGP IPv4 channel settings
     ipv4 {
-        table ${network_name:-lixonet}_v4;
+        table ${netname:-lixonet}_v4;
 
         # Always advertise our own local address as a next hop, even in cases where the
         # current Next Hop attribute should be used unchanged.

build.sh

@@ -2,7 +2,7 @@
 
 process_template ( ) {
     processed_filename=$(dirname $1)/$(basename $1 .tmpl)
-    echo "Processing template $1 -> $processed_filename with args $2"
+    echo "Processing template $1 -> $processed_filename"
     sh -c "sigil -f $1 -p $2 > $processed_filename"
     rm $1
 }
@@ -39,10 +39,13 @@ do
     echo "Configuring Lixonet3 network $netname from $git..."
     echo "Variables: $sigil_vars"
 
-    # Clone and enter the repository
+    # Clone and copy the repository
     rm -rf "$(basename "$git" .git)"
     git clone $git || { echo "clone $git failed, quitting" ; exit 1; }
-    cd "$(basename "$git" .git)"
+    echo "Creating work directory..."
+    rm -rf work
+    mkdir --verbose work
+    cp -r "$(basename "$git" .git)"/* work/ && cd work
 
     # Copy default files
     cp -r ../tinc/* tinc/
@@ -91,7 +94,18 @@ do
     #  Fill out templates and remove them after
     process_templates "/etc/bind/$netname/" "$sigil_vars"
     
+    # Docker
+    #  Copy templates and dependencies to directory
+    mkdir docker/
+    cp -r ../docker/* docker/
+    cp -r $dir/docker/* docker/
+    cp ./../docker-compose.yml.tmpl .
+    cp ../Dockerfile.* .
+    process_templates "." "$sigil_vars"
+
     echo $sigil_vars | tr ' ' '\n' > .env
+    cat docker-compose.yml
+    docker-compose -p $netname down
     docker-compose -p $netname up -d --build --remove-orphans
     rm .env
 

docker-compose.yml

@@ -1,70 +0,0 @@
-version: "3.7"
-services:
-  tinc:
-    build:
-      context: .
-      dockerfile: Dockerfile.tinc
-    volumes:
-      - /etc/tinc/${COMPOSE_PROJECT_NAME}:/etc/tinc/${COMPOSE_PROJECT_NAME}
-      - /usr/bin/docker-proxy:/usr/bin/docker-proxy
-    environment:
-      - RUNMODE=server
-      - NETNAME=${COMPOSE_PROJECT_NAME}
-    cap_add:
-      - NET_ADMIN
-    devices:
-      - /dev/net/tun:/dev/net/tun
-    restart: always
-    networks:
-      internal:
-        ipv4_address: ${internal_address}
-  bird:
-    network_mode: 'service:tinc'
-    depends_on:
-      - tinc
-    build:
-      context: .
-      dockerfile: Dockerfile.bird
-    volumes:
-      - /etc/bird/${netname}/:/etc/bird/
-      - bird-run:/var/run/bird/
-    cap_add:
-      - NET_ADMIN
-    restart: always
-  bind:
-    network_mode: 'service:tinc'
-    build:
-      context: .
-      dockerfile: Dockerfile.bind
-    volumes:
-      - /etc/bind/${netname}/:/etc/bind/
-    restart: always
-  bird_exporter:
-    network_mode: 'service:tinc'
-    image: czerwonk/bird_exporter
-    command: '-bird.v2=true -bird.socket=/var/run/bird/bird.ctl'
-    depends_on:
-      - bird
-    volumes:
-      - bird-run:/var/run/bird/
-    restart: always
-  ping_exporter:
-    network_mode: 'service:tinc'
-    image: czerwonk/ping_exporter
-    command: './ping_exporter --config.path /pinger.yml'
-    depends_on:
-      - tinc
-    volumes:
-      - /etc/tinc/${netname}/pinger.yml:/pinger.yml
-    restart: always
-
-volumes:
-  bird-run:
-networks:
-  internal:
-    driver: macvlan
-    driver_opts:
-      parent: eth0
-    ipam:
-      config:
-        - subnet: ${internal_subnet:-$internal_gateway/24}

docker-compose.yml.tmpl

@@ -0,0 +1,10 @@
+version: "2"
+services:
+{{ range files "docker/services" }}  {{ . }}:
+{{ include (print "docker/services/" .) }}{{ end }}
+volumes:
+{{ range files "docker/volumes" }}  {{ . }}:
+{{ include (print "docker/volumes/" .) }}{{ end }}
+networks:
+{{ range files "docker/networks" }}  {{ . }}:
+{{ include (print "docker/networks/" .) }}{{ end }}

docker/networks/internal

@@ -0,0 +1,7 @@
+    driver: macvlan
+    driver_opts:
+      parent: ${internal_interface}
+    ipam:
+      config:
+        - subnet: ${internal_subnet}
+          gateway: ${internal_gateway}

docker/services/bind

@@ -0,0 +1,7 @@
+    network_mode: 'service:tinc'
+    build:
+      context: .
+      dockerfile: Dockerfile.bind
+    volumes:
+      - /etc/bind/${netname}/:/etc/bind/
+    restart: always

docker/services/bird

@@ -0,0 +1,12 @@
+    network_mode: 'service:tinc'
+    depends_on:
+      - tinc
+    build:
+      context: .
+      dockerfile: Dockerfile.bird
+    volumes:
+      - /etc/bird/${netname}/:/etc/bird/
+      - bird-run:/var/run/bird/
+    cap_add:
+      - NET_ADMIN
+    restart: always

docker/services/bird_exporter

@@ -0,0 +1,8 @@
+    network_mode: 'service:tinc'
+    image: czerwonk/bird_exporter
+    command: '-bird.v2=true -bird.socket=/var/run/bird/bird.ctl'
+    depends_on:
+      - bird
+    volumes:
+      - bird-run:/var/run/bird/
+    restart: always

docker/services/ping_exporter

@@ -0,0 +1,8 @@
+    network_mode: 'service:tinc'
+    image: czerwonk/ping_exporter
+    command: './ping_exporter --config.path /pinger.yml'
+    depends_on:
+      - tinc
+    volumes:
+      - /etc/tinc/${netname}/pinger.yml:/pinger.yml
+    restart: always

docker/services/tinc

@@ -0,0 +1,17 @@
+    build:
+      context: .
+      dockerfile: Dockerfile.tinc
+    volumes:
+      - /etc/tinc/${netname}:/etc/tinc/${netname}
+      - /usr/bin/docker-proxy:/usr/bin/docker-proxy
+    environment:
+      - RUNMODE=server
+      - NETNAME=${netname}
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    restart: always
+    networks:
+      internal:
+        ipv4_address: ${internal_address}

docker/volumes/bird-run

@@ -0,0 +1 @@
+

tinc/tinc-down.tmpl

@@ -1,11 +1,11 @@
 #!/bin/sh
 {{ if len "${ip_aliases:-}" }}{{ range "$ip_aliases" | split "," }}iptables -t nat -D PREROUTING -d {{ . }} -i \$INTERFACE -j DNAT --to-destination ${tinc_peer_address}
-iptables -t nat -D PREROUTING -d {{ . }} -i ${internal_interface:-eth0} -j DNAT --to-destination ${tinc_peer_address}
+iptables -t nat -D PREROUTING -d {{ . }} -i eth0 -j DNAT --to-destination ${tinc_peer_address}
 {{ end }}{{ end }}
 
 # Disable IPv4 kernel routing/forwarding for this network
 iptables -D FORWARD -o \$INTERFACE -d ${network_address}/${global_prefix:-16} -j ACCEPT
-{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -D FORWARD -o ${internal_interface:-eth0} -d {{.}} -j ACCEPT
+{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -D FORWARD -o eth0 -d {{.}} -j ACCEPT
 {{ end }}{{ end }}
 
 # Prevent spoofing attacks

tinc/tinc-up.tmpl

@@ -3,12 +3,12 @@ sysctl -w net.ipv6.conf.\$INTERFACE.disable_ipv6=1 || echo "[WARNING] IPv6 could
 
 {{ if len "${vip:-}" }}ifconfig "\$INTERFACE:0" ${vip}{{ end }}
 {{ if len "${ip_aliases:-}" }}{{ range "$ip_aliases" | split "," }}iptables -t nat -I PREROUTING -d {{ . }} -i \$INTERFACE -j DNAT --to-destination ${tinc_peer_address}
-iptables -t nat -I PREROUTING -d {{ . }} -i ${internal_interface:-eth0} -j DNAT --to-destination ${tinc_peer_address}
+iptables -t nat -I PREROUTING -d {{ . }} -i eth0 -j DNAT --to-destination ${tinc_peer_address}
 {{ end }}{{ end }}
 
 # Enable IPv4 kernel routing/forwarding for this network
 iptables -A FORWARD -o \$INTERFACE -d ${network_address}/${global_prefix:-16} -j ACCEPT
-{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -A FORWARD -o ${internal_interface:-eth0} -d {{.}} -j ACCEPT
+{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -A FORWARD -o eth0 -d {{.}} -j ACCEPT
 {{ end }}{{ end }}
 
 # Prevent spoofing attacks

tinc/tinc.conf.tmpl

@@ -9,11 +9,7 @@
 Name = ${tinc_peer_name}
 
 # Do not change these.  Lixonet runs over port 9993 by standard.
-{{ if len "${tinc_bind_interface:-}" }}
-BindToInterface ${tinc_bind_interface}
-{{ else }}
-BindToAddress ${tinc_bind_address:-$internal_address}
-{{ end }}
+BindToInterface eth0
 Port = ${tinc_bind_port:-9994}
 
 # Device is named "${network_name:-lixonet}" by Tinc and visible directly in host kernel