-
Notifications
You must be signed in to change notification settings - Fork 1
/
site.conf
346 lines (326 loc) · 12.2 KB
/
site.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
{
-- Documentation can be found here: https://gluon.readthedocs.io/en/latest/user/site.html#site-conf
hostname_prefix = 'ffac-',
site_name = 'Freifunk Rheinland - Regio Aachen',
site_code = 'ffac',
domain_seed = 'fcd2bb830c677865c60459899facdb630a9c09e26b72d995451c4feb9b337e6d',
opkg = {
extra = {
modules = 'http://opkg.ffac.rocks/modules/gluon-%GS-%GR/%S',
ffac = 'http://opkg.ffac.rocks/packages-%v/%A/ffac',
gluon = 'http://opkg.ffac.rocks/packages-%v/%A/gluon',
gluon_base = 'http://opkg.ffac.rocks/packages-%v/%A/gluon_base',
},
},
--[[ General network settings
prefix4: IPv4 range of your community
prefix6: IPv6 range of your community
is also required for radvd
We use our global unicast block 2a03:2260:114::/48 for IP routing. This prefix is ONLY used for the next node feature and is used in multiple layer 2 network segments.
]]
prefix6 = 'fdac::/64',
--[[ NTP settings
Synchronize the time of the nodes
timezone: Timezone of your community
http://wiki.openwrt.org/doc/uci/system#time.zones
ntp_servers: List of NTP-Servers to query. You can use any public and/or your private NTP-Servers of your community.
http://www.pool.ntp.org/zone/de
#############
# NOTE: http://news.ntppool.org/2013/06/ipv6-monitoring-problems-for-g.html
# > As you might know only "2.pool.ntp.org" (and 2.debian.pool.ntp.org, etc)
# > returns AAAA records currently.
#############
]]
timezone = 'CET-1CEST,M3.5.0,M10.5.0/3',
ntp_servers = {
'a.ntp.ffac.rocks',
'ntp-b.aachen.freifunk.net',
'2.openwrt.pool.ntp.org',
},
regdom = 'DE',
wifi24 = {
channel = 11,
ap = {
ssid = 'Freifunk',
},
mesh = {
id = 'ffac-bat4-mesh',
mcast_rate = 12000,
},
},
wifi5 = {
channel = 44,
outdoor_chanlist = '100-116 132-136', -- exclude/avoid weather radar frequencies
-- exclude 136-140 temporarily to fix 40MHz operation
-- https://homepage.univie.ac.at/albert.rafetseder/RADARs/radars.html
ap = {
ssid = 'Freifunk',
},
mesh = {
id = 'ffac-bat4-mesh',
mcast_rate = 12000,
},
},
-- Configuration of the local node feature of Gluon
next_node = {
ip6 = 'fdac::ac',
mac = 'ac:41:95:40:f7:dc',
},
mesh = {
vxlan = false,
filter_membership_reports = true,
batman_adv = {
routing_algo = 'BATMAN_IV',
gw_sel_class = 20,
},
},
--[[ Gateway settings
fastd_mesh_vpn: fastd vpn settings
https://projects.universe-factory.net/projects/fastd/wiki/User_manual
sub
methods: encryption algorithms to use
https://projects.universe-factory.net/projects/fastd/wiki/Methods
When multiple method statements are given, the first one has the highest preference.
mtu: package size
backbone: fastd vpn gateways of your community
sub
limit: Number of gateways each node connects to
On startup, each node tries to connect to every gateway, and then chooses the number of 'limit' fastest gateways it could reach
peers: Gateways
sub sub
key: public fastd key of your gateway
https://github.com/tcatm/ecdsautils
remotes: List of fastd configuration strings to connect to your gateway server
]]
mesh_vpn = {
enabled = true,
pubkey_privacy = false,
wireguard = {
broker = 'wg-broker.freifunk-aachen.de/api/add_key',
peers = {
sn120 = {
public_key = 'jp47kK4OEkXf+VSsgKSYGji6mn6vrbXVeBMKwhx1on4=',
endpoint = '01.wg-node.freifunk-aachen.de:51820'
},
sn111 = {
public_key = 'EuHYG/4MZZYf+ViX8gy2HY0A2RGR0Im45mZXmD6ThxI=',
endpoint = '01.wg-node.freifunk-aachen.de:51811'
},
sn112 = {
public_key = '60HD+D/Ij/BxG/29RH+mLlS+ttHZNsNjugaSIJ7VBHM=',
endpoint = '01.wg-node.freifunk-aachen.de:51812'
},
sn113 = {
public_key = 'ibMJXBMiC3jFA4rSMjcTqsueszOSder7N8Dpw1W+liQ=',
endpoint = '01.wg-node.freifunk-aachen.de:51813'
},
sn114 = {
public_key = 'e4jSvixMGi89JAKnTpHA86GoHmBc6owOckTUslhNVxA=',
endpoint = '01.wg-node.freifunk-aachen.de:51814'
},
sn115 = {
public_key = 'yY8Z5YbrAc518Z4Z/Bvlum8pB1VARZ316miql/uu1C0=',
endpoint = '01.wg-node.freifunk-aachen.de:51815'
},
sn116 = {
public_key = 'RtPF/2EYZNJEKI/DJh+6R2M1FNsQUbCE0nvNSzXZW10=',
endpoint = '01.wg-node.freifunk-aachen.de:51816'
},
sn117 = {
public_key = 'fA+lVmeVGIBcshSO1ZH8uHRqPainM7xS3wEhGTX+2DA=',
endpoint = '01.wg-node.freifunk-aachen.de:51817'
},
sn118 = {
public_key = 'u8rkarH+ZNGZoMWD6aGLgnRHzSj95S5fbiBuQXvyFV0=',
endpoint = '01.wg-node.freifunk-aachen.de:51818'
},
sn119 = {
public_key = 'Zk4LZXhYW+gj9dN/afKH634yYLDNBUDXEFxejHy7wgs=',
endpoint = '01.wg-node.freifunk-aachen.de:51819'
},
sn220 = {
public_key = 'MK8M88m2Wfc5EFLQPbCRZwhqfPYMNAh51Jf0d7A78nY=',
endpoint = '02.wg-node.freifunk-aachen.de:51820'
},
sn211 = {
public_key = 'VDqpMh1ljN/rqng88wIOet/XfMHk3XE6+nCBkOS82g0=',
endpoint = '02.wg-node.freifunk-aachen.de:51811'
},
sn212 = {
public_key = 'UGK2rNyQX30dqMsdk+vU+0424DP1M/3UahjJR7rN3nw=',
endpoint = '02.wg-node.freifunk-aachen.de:51812'
},
sn213 = {
public_key = 'iopPxw0qD6e2DAqEzR5WMHls9EQsxlYQk/pOAaKM9TM=',
endpoint = '02.wg-node.freifunk-aachen.de:51813'
},
sn214 = {
public_key = 'yYZlSxiyKXLGk8jyDTnzXkxrPYvmOWpny9AWX3KPdFE=',
endpoint = '02.wg-node.freifunk-aachen.de:51814'
},
sn215 = {
public_key = 'X0jmE3MOqzAjgWWNl6JAGcdE66rvsuhKp+WxC59geEE=',
endpoint = '02.wg-node.freifunk-aachen.de:51815'
},
sn216 = {
public_key = 'Aq0yNPf2431SndyQtOBaIo5IDs73Tsv/Pw1FH2aNmxk=',
endpoint = '02.wg-node.freifunk-aachen.de:51816'
},
sn217 = {
public_key = 'BunPn7Zvoub3QOYnygCxa/oCmPqM6XMjYHXNm3mOxRE=',
endpoint = '02.wg-node.freifunk-aachen.de:51817'
},
sn218 = {
public_key = 'rsji/zzTtLTkG+ITrOKCyLWv61XWryT2s3TdozVjwV4=',
endpoint = '02.wg-node.freifunk-aachen.de:51818'
},
sn219 = {
public_key = 'Ah9IDIcdW3zfoXuhD7MkKiDSL7xrgKfEKfMFfXRjphQ=',
endpoint = '02.wg-node.freifunk-aachen.de:51819'
},
},
mtu = 1336,
},
},
--[[ Autoupdater settings
branch: Automatically update to this branch
branches: Available branches your community is publishing
sub sub
name: Name of branch (is used when compiling images)
mirrors: List of urls where to find the firmware
just serve the images on port 80 via http. a simple apache file-listing is enough.
see: http://luebeck.freifunk.net/firmware/
probability: How often should a node search for updates
1.0 - perform an update every hour
0.5 - on average, perform an update every two hours
0.0 - inhibit any automatic updates
good_signatures: How many signatures should be valid so the node decides to upgrade itself
pubkeys: public keys by developers used in manifest file of branch
manifest file - see gluon readme
$ make manifest GLUON_BRANCH=mybranch
$ contrib/sign.sh $SECRETKEY.file images/sysupgrade/manifest
]]
autoupdater = {
branch = 'stable',
enabled = 1,
branches = {
stable = {
name = 'stable',
mirrors = {
'http://updates.freifunk-aachen.de/from-2023.2.x/stable/sysupgrade',
'http://updates.ffac.rocks/from-2023.2.x/stable/sysupgrade',
'http://updates.aachen.freifunk.net/from-2023.2.x/stable/sysupgrade',
},
good_signatures = 4,
pubkeys = {
'bea3e1a0a5e6f6075a97bee487cb77327b44d880ab770fa7c42938f821311b57', -- build.freifunk-aachen.de
'b34dc4f34a5a6c588f6ac41736edd1195d9f5e949f913d4cc7a4777ebbf22c9c', -- MrMM
'd6a35069e60afad2f4554d6609c0934e478e264e7cfbd131afeac66ba745dc02', -- Shiva
'5bdb75b8f2f290453933975ba772b94596a5dae5091a1e638d96e053247cf404', -- Monty
'fcdc42af066d65fb655ab6d6f4709507dd29a0d38732bf60b3cbbdb1be6f7d24', -- Jannic
'8672f3f07594d0b078780470f416580139ca4cf7c0984aeeb718abdbe2d14196', -- Sirius
'342522f118b92ebeb5a8c9c9a2269faa886a14a798190fe5730cfff513a79dd3', -- vegms
'c1b372eebb95d53f2d542a66d0ba27601e5855169a5a9270710e07bc6c02c232', -- maurerle
'75d0b74e1df35300e0766d141924afc59a1c1a9c1f104f8e2ff39f90b6c76c0b', -- djfe
},
},
beta = {
name = 'beta',
mirrors = {
'http://updates.freifunk-aachen.de/from-2023.2.x/beta/sysupgrade',
'http://updates.ffac.rocks/from-2023.2.x/beta/sysupgrade',
'http://updates.aachen.freifunk.net/from-2023.2.x/beta/sysupgrade',
},
good_signatures = 3,
pubkeys = {
'bea3e1a0a5e6f6075a97bee487cb77327b44d880ab770fa7c42938f821311b57', -- build.freifunk-aachen.de
'b34dc4f34a5a6c588f6ac41736edd1195d9f5e949f913d4cc7a4777ebbf22c9c', -- MrMM
'd6a35069e60afad2f4554d6609c0934e478e264e7cfbd131afeac66ba745dc02', -- Shiva
'5bdb75b8f2f290453933975ba772b94596a5dae5091a1e638d96e053247cf404', -- Monty
'fcdc42af066d65fb655ab6d6f4709507dd29a0d38732bf60b3cbbdb1be6f7d24', -- Jannic
'8672f3f07594d0b078780470f416580139ca4cf7c0984aeeb718abdbe2d14196', -- Sirius
'342522f118b92ebeb5a8c9c9a2269faa886a14a798190fe5730cfff513a79dd3', -- vegms
'c1b372eebb95d53f2d542a66d0ba27601e5855169a5a9270710e07bc6c02c232', -- maurerle
'75d0b74e1df35300e0766d141924afc59a1c1a9c1f104f8e2ff39f90b6c76c0b', -- djfe
},
},
experimental = {
name = 'experimental',
mirrors = {
'http://updates.freifunk-aachen.de/from-2023.2.x/experimental/sysupgrade',
'http://updates.ffac.rocks/from-2023.2.x/experimental/sysupgrade',
'http://updates.aachen.freifunk.net/from-2023.2.x/experimental/sysupgrade',
},
good_signatures = 2,
pubkeys = {
'bea3e1a0a5e6f6075a97bee487cb77327b44d880ab770fa7c42938f821311b57', -- build.freifunk-aachen.de
'b34dc4f34a5a6c588f6ac41736edd1195d9f5e949f913d4cc7a4777ebbf22c9c', -- MrMM
'd6a35069e60afad2f4554d6609c0934e478e264e7cfbd131afeac66ba745dc02', -- Shiva
'5bdb75b8f2f290453933975ba772b94596a5dae5091a1e638d96e053247cf404', -- Monty
'fcdc42af066d65fb655ab6d6f4709507dd29a0d38732bf60b3cbbdb1be6f7d24', -- Jannic
'8672f3f07594d0b078780470f416580139ca4cf7c0984aeeb718abdbe2d14196', -- Sirius
'342522f118b92ebeb5a8c9c9a2269faa886a14a798190fe5730cfff513a79dd3', -- vegms
'c1b372eebb95d53f2d542a66d0ba27601e5855169a5a9270710e07bc6c02c232', -- maurerle
'75d0b74e1df35300e0766d141924afc59a1c1a9c1f104f8e2ff39f90b6c76c0b', -- djfe
},
},
},
},
-- uncomment for update from 2019.1.x to v2021.1.x
--[[ update_channel = {
from_name = experimental, -- remove or false to catch all
-- if to_name is defined, autoupdater branch is set to it
to_name = 'beta',
}
]]
--[[ setup_mode = {
skip = false, -- Skip config_mode on first boot
},
]]
config_mode = {
hostname = {
optional = false,
},
remote_login = {
show_password_form = true,
min_password_length = 10,
},
owner = {
obligatory = true,
},
geo_location = {
osm = {
center = {
lat = 50.77,
lon = 6.107,
},
zoom = 11,
tile_layer = {
type = 'XYZ',
url = 'https://tiles.aachen.freifunk.net/{z}/{x}/{y}.png',
attributions = '© <a href="https://www.openstreetmap.org/copyright" target="_blank">OpenStreetMap</a> contributors.',
},
},
},
},
ssid_changer = {
enabled = true,
switch_timeframe = 1, -- only once every timeframe (in minutes) the SSID will change to OFFLINE
-- set to 1440 to change once a day
-- set to 1 minute to change every time the router gets offline
first = 2, -- the first few minutes directly after reboot within which an Offline-SSID always may be activated
prefix = 'FF_Offline_', -- use something short to leave space for the nodename (no '~' allowed!)
suffix = 'nodename', -- generate the SSID with either 'nodename', 'mac' or to use only the prefix: 'none'
tq_limit_enabled = false, -- if false, the offline SSID will only be set if there is no gateway reacheable
-- upper and lower limit to turn the offline_ssid on and off
-- in-between these two values the SSID will never be changed to prevent it from toggeling every minute.
tq_limit_max = 55, -- upper limit, above that the online SSID will be used
tq_limit_min = 45, -- lower limit, below that the offline SSID will be used
},
custom_banner = {
enabled = true, -- optional (enabled by default)
map_url = 'https://map.aachen.freifunk.net/#!/', -- optional (skipped by default)
contact_url = 'https://freifunk-aachen.de/kontakt/', -- optional (skipped by default)
},
}
-- /* vi: set ft=lua: */