nigger/lixonet-ee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update docker-compose.yml, build.sh, README.md, tinc/tinc.conf.tmpl files

Browse Source
This commit is contained in:
sump pump 2020-06-23 18:37:01 +00:00
parent f2fb75dce5
commit da416fea12
4 changed files with 26 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -42,6 +42,7 @@ You **MUST** specify these options, or Lixonet will not work.
* `tinc_peer_address` - The *router* address to use. This is your Lixonet routing layer address: 172.xxx.0.xxx * `tinc_peer_address` - The *router* address to use. This is your Lixonet routing layer address: 172.xxx.0.xxx
* `network_address` - The *network* address to use. This is your Lixonet routing layer address: 172.xxx.0.0 (especially take note of the last two 0's: `0.0` -- it _MUST_ end with zeros corresponding to the network size) * `network_address` - The *network* address to use. This is your Lixonet routing layer address: 172.xxx.0.0 (especially take note of the last two 0's: `0.0` -- it _MUST_ end with zeros corresponding to the network size)
* `bgp_asn` - The BGP ASN to use. We usually follow the format `4206969XXX` where _XXX_ is the last octet of your `address`, zero-padded (i.e. 008 or 212) * `bgp_asn` - The BGP ASN to use. We usually follow the format `4206969XXX` where _XXX_ is the last octet of your `address`, zero-padded (i.e. 008 or 212)
* `internal_address` - The internal address to use. MUST be unique to this Lixonet EE instance; if the address of the host is 172.31.16.2, you should _NOT_ use that IP address, and instead pick another static address.
* `internal_gateway` - The internal gateway to use. This is the IP address, directly upstream from the Lixonet EE router, that can be used as a next hop to reach your own subnets. * `internal_gateway` - The internal gateway to use. This is the IP address, directly upstream from the Lixonet EE router, that can be used as a next hop to reach your own subnets.
#### Configuration example #### Configuration example
@ -117,11 +118,12 @@ default 172.31.8.1 0.0.0.0 UG 202 0 0 eth0
* `router_prefix`: router network prefix: defaults to `24`. If you change this you _SHOULD_ change `netmask` too. * `router_prefix`: router network prefix: defaults to `24`. If you change this you _SHOULD_ change `netmask` too.
* `netmask`: router netmask: defaults to `255.255.255.0` (`/24`); _SHOULD_ be the bitmask that corresponds to the `router_prefix` * `netmask`: router netmask: defaults to `255.255.255.0` (`/24`); _SHOULD_ be the bitmask that corresponds to the `router_prefix`
* `internal_interface`: the interface to route your _OWN_ networks to. This should be the interface where your personal Lixonet subnets are reachable at, or in other words the interface at which the Lixonet EE router can send packets destined to networks you own. Defaults to `eth0`. * `internal_interface`: the interface to route your _OWN_ networks to. This should be the interface where your personal Lixonet subnets are reachable at, or in other words the interface at which the Lixonet EE router can send packets destined to networks you own. Defaults to `eth0`.
* `internal_subnet`: the internal subnet that your Lixonet EE router is connected to, defaults to "`internal_gateway`/24".
* `vip`: virtual IP: a virtual IP address to assign to the Lixonet EE router directly, aside from 172.31.0.8. * `vip`: virtual IP: a virtual IP address to assign to the Lixonet EE router directly, aside from 172.31.0.8.
#### Tinc options #### Tinc options
* `network_name` - The name of the interface that Tinc should create when it's started. Defaults to `lixonet`. Set this for multiple networks. * `network_name` - The name of the interface that Tinc should create when it's started. Defaults to `lixonet`. Set this for multiple networks.
* `tinc_bind_address` - The address that Tinc should bind to to _listen_ for incoming WAN-sided connections (i.e. 10.0.0.1). This is _not_ the Lixonet router IP (i.e. 172.31.0.8). Use this if you have an `eth1` that you _don't_ want to use for binding tinc to, and would prefer to bind tinc exclusivley to `eth0` instead. * `tinc_bind_address` - The address that Tinc should bind to to _listen_ for incoming public Internet connections (i.e. 10.0.0.1). This is _not_ the Lixonet router IP (i.e. 172.31.0.8). Use this if you have an `eth1` that you _don't_ want to use for binding tinc to, and would prefer to bind tinc exclusivley to `eth0` instead. Defaults to `internal_address`.
* `tinc_bind_port` - The Tinc server port to listen on. Defaults to `9994`. * `tinc_bind_port` - The Tinc server port to listen on. Defaults to `9994`.
* `tinc_connect_to` - A comma-separated list of well-known/pre-defined hosts to connect to (i.e. `denco_mane_lixo`). If not supplied, this is automatically set to all core routers that aren't yourself (`name`). * `tinc_connect_to` - A comma-separated list of well-known/pre-defined hosts to connect to (i.e. `denco_mane_lixo`). If not supplied, this is automatically set to all core routers that aren't yourself (`name`).

3
build.sh
View File

@ -28,6 +28,7 @@ do
source $dir/lixonet.conf source $dir/lixonet.conf
if [ -z "$git" ]; then echo "Missing 'git' variable in $dir/lixonet.conf"; exit 1; fi if [ -z "$git" ]; then echo "Missing 'git' variable in $dir/lixonet.conf"; exit 1; fi
sigil_vars=$(cat /etc/lixonet/${netname}/lixonet.conf | tr "\\n" " ") sigil_vars=$(cat /etc/lixonet/${netname}/lixonet.conf | tr "\\n" " ")
sigil_vars=$(echo "$sigil_vars netname=$netname")
# Parse subnets into a collection of IP reverse zones # Parse subnets into a collection of IP reverse zones
root_reverse_zones=$(echo '${network_address}/${global_prefix:-16}' | sigil -p $sigil_vars | xargs -I '{}' netcalc split {} 24 | sed 's/.0\/24$//' | awk 'BEGIN{FS="."}{print $3"."$2"."$1".in-addr.arpa"}' | sed -e ':a;N;$!ba;s/\n/,/g') root_reverse_zones=$(echo '${network_address}/${global_prefix:-16}' | sigil -p $sigil_vars | xargs -I '{}' netcalc split {} 24 | sed 's/.0\/24$//' | awk 'BEGIN{FS="."}{print $3"."$2"."$1".in-addr.arpa"}' | sed -e ':a;N;$!ba;s/\n/,/g')
@ -90,7 +91,7 @@ do
# Fill out templates and remove them after # Fill out templates and remove them after
process_templates "/etc/bind/$netname/" "$sigil_vars" process_templates "/etc/bind/$netname/" "$sigil_vars"
printf "COMPOSE_PROJECT_NAME=$netname\nBIND_ADDRESS=$tinc_peer_address" > .env echo $sigil_vars | tr ' ' '\n' > .env
docker-compose -p $netname up -d --build --remove-orphans docker-compose -p $netname up -d --build --remove-orphans
rm .env rm .env

38
docker-compose.yml
View File

@ -1,15 +1,12 @@
version: "3.7" version: "3.7"
services: services:
tinc: tinc:
network_mode: host
build: build:
context: . context: .
dockerfile: Dockerfile.tinc dockerfile: Dockerfile.tinc
ports:
- "${BIND_ADDRESS}:655:655/tcp"
- "${BIND_ADDRESS}:655:655/udp"
volumes: volumes:
- /etc/tinc/${COMPOSE_PROJECT_NAME}:/etc/tinc/${COMPOSE_PROJECT_NAME} - /etc/tinc/${COMPOSE_PROJECT_NAME}:/etc/tinc/${COMPOSE_PROJECT_NAME}
- /usr/bin/docker-proxy:/usr/bin/docker-proxy
environment: environment:
- RUNMODE=server - RUNMODE=server
- NETNAME=${COMPOSE_PROJECT_NAME} - NETNAME=${COMPOSE_PROJECT_NAME}
@ -18,53 +15,56 @@ services:
devices: devices:
- /dev/net/tun:/dev/net/tun - /dev/net/tun:/dev/net/tun
restart: always restart: always
networks:
internal:
ipv4_address: ${internal_address}
bird: bird:
network_mode: host network_mode: 'service:tinc'
depends_on: depends_on:
- tinc - tinc
build: build:
context: . context: .
dockerfile: Dockerfile.bird dockerfile: Dockerfile.bird
ports:
- "${BIND_ADDRESS}:179:179/tcp"
volumes: volumes:
- /etc/bird/${COMPOSE_PROJECT_NAME}/:/etc/bird/ - /etc/bird/${netname}/:/etc/bird/
- bird-run:/var/run/bird/ - bird-run:/var/run/bird/
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
restart: always restart: always
bind: bind:
depends_on: network_mode: 'service:tinc'
- tinc
build: build:
context: . context: .
dockerfile: Dockerfile.bind dockerfile: Dockerfile.bind
ports:
- "${BIND_ADDRESS}:53:53/udp"
- "${BIND_ADDRESS}:53:53/tcp"
volumes: volumes:
- /etc/bind/${COMPOSE_PROJECT_NAME}/:/etc/bind/ - /etc/bind/${netname}/:/etc/bind/
restart: always restart: always
bird_exporter: bird_exporter:
network_mode: 'service:tinc'
image: czerwonk/bird_exporter image: czerwonk/bird_exporter
command: '-bird.v2=true -bird.socket=/var/run/bird/bird.ctl' command: '-bird.v2=true -bird.socket=/var/run/bird/bird.ctl'
depends_on: depends_on:
- bird - bird
ports:
- "${BIND_ADDRESS}:9324:9324/tcp"
volumes: volumes:
- bird-run:/var/run/bird/ - bird-run:/var/run/bird/
restart: always restart: always
ping_exporter: ping_exporter:
network_mode: 'service:tinc'
image: czerwonk/ping_exporter image: czerwonk/ping_exporter
command: './ping_exporter --config.path /pinger.yml' command: './ping_exporter --config.path /pinger.yml'
depends_on: depends_on:
- tinc - tinc
ports:
- "${BIND_ADDRESS}:9427:9427/tcp"
volumes: volumes:
- /etc/tinc/${COMPOSE_PROJECT_NAME}/pinger.yml:/pinger.yml - /etc/tinc/${netname}/pinger.yml:/pinger.yml
restart: always restart: always
volumes: volumes:
bird-run: bird-run:
networks:
internal:
driver: macvlan
driver_opts:
parent: eth0
ipam:
config:
- subnet: ${internal_subnet:-$internal_gateway/24}

5
tinc/tinc.conf.tmpl
View File

@ -11,9 +11,8 @@ Name = ${tinc_peer_name}
# Do not change these. Lixonet runs over port 9993 by standard. # Do not change these. Lixonet runs over port 9993 by standard.
{{ if len "${tinc_bind_interface:-}" }} {{ if len "${tinc_bind_interface:-}" }}
BindToInterface ${tinc_bind_interface} BindToInterface ${tinc_bind_interface}
{{ end }} {{ else }}
{{ if len "${tinc_bind_address:-}" }} BindToAddress ${tinc_bind_address:-$internal_address}
BindToAddress ${tinc_bind_address}
{{ end }} {{ end }}
Port = ${tinc_bind_port:-9994} Port = ${tinc_bind_port:-9994}