site-ffkbuk/site.conf

-- This is an example site configuration for Gluon v2018.2.2
--
-- Take a look at the documentation located at
-- https://gluon.readthedocs.io/ for details.
--
-- This configuration will not work as is. You're required to make
-- community specific changes to it!
{
  -- Used for generated hostnames, e.g. freifunk-abcdef123456. (optional)
  hostname_prefix = 'ffbuk-',

  -- Name of the community.
  site_name = 'Freifunk KBU Hood Koeln',

  -- Shorthand of the community.
  site_code = 'ffkbuk',

  -- 32 bytes of random data, encoded in hexadecimal
  -- This data must be unique among all sites and domains!
  -- Can be generated using: echo $(hexdump -v -n 32 -e '1/1 "%02x"' </dev/urandom)
  domain_seed = 'e031fe7a118124aff0c0c94cfcb7b7ca0f4550675c926e2052f38ddeb837ce22',

  -- Prefixes used within the mesh.
  -- prefix6 is required, prefix4 can be omitted if next_node.ip4
  -- is not set.
  prefix4 = '10.158.0.0/18',
  prefix6 = 'fdd3:5d16:b5dd:01fc::/64',

  -- Timezone of your community.
  -- See https://openwrt.org/docs/guide-user/base-system/system_configuration#time_zones
  timezone = 'CET-1CEST,M3.5.0,M10.5.0/3',

  -- List of NTP servers in your community.
  -- Must be reachable using IPv6!
  ntp_servers = {'2.pool.ntp.org',
                 '0.openwrt.pool.ntp.org',
                 '1.openwrt.pool.ntp.org',
                 '2.openwrt.pool.ntp.org',
                 '3.openwrt.pool.ntp.org',
                 '4.openwrt.pool.ntp.org'
  },

  -- Wireless regulatory domain of your community.
  regdom = 'DE',

  -- Wireless configuration for 2.4 GHz interfaces.
  wifi24 = {
    -- Wireless channel.
    channel = 1,

    -- List of supported wifi rates (optional)
    -- Example removes 802.11b compatibility for better performance
    supported_rates = {6000, 9000, 12000, 18000, 24000, 36000, 48000, 54000},

    -- List of basic wifi rates (optional, required if supported_rates is set)
    -- Example removes 802.11b compatibility for better performance
    basic_rate = {6000, 9000, 18000, 36000, 54000},

    -- ESSID used for client network.
    ap = {
      ssid = 'kbu.freifunk.net',
      -- disabled = true, -- (optional)
    },

    mesh = {
      -- Adjust these values!
      id = 'udsa1dop2yaiu', -- usually you don't want users to connect to this mesh-SSID, so use a cryptic id that no one will accidentally mistake for the client WiFi
      mcast_rate = 12000,
      disabled = true, -- (optional)
    },
  },

  -- Wireless configuration for 5 GHz interfaces.
  -- This should be equal to the 2.4 GHz variant, except
  -- for channel.
  wifi5 = {
    channel = 44,
    ap = {
      ssid = 'kbu.freifunk.net',
    },
    mesh = {
      -- Adjust these values!
      id = 'udsa1dop2yaiu',
      mcast_rate = 12000,
    },
  },

  mesh = {
    vxlan = true,
  },

  -- The next node feature allows clients to always reach the node it is
  -- connected to using a known IP address.
  next_node = {
    -- anycast IPs of all nodes
    -- name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
    ip4 = '10.158.0.3',
    ip6 = 'fdd3:5d16:b5dd:01fc::01fc',
  },

  -- Options specific to routing protocols (optional)
  -- mesh = {
    -- Options specific to the batman-adv routing protocol (optional)
    -- batman_adv = {
      -- Gateway selection class (optional)
      -- The default class 20 is based on the link quality (TQ) only,
      -- class 1 is calculated from both the TQ and the announced bandwidth
      -- gw_sel_class = 1,
    -- },
  -- },

  mesh_vpn = {
    -- enabled = true,
    mtu = 1312,

    fastd = {
      -- Refer to https://fastd.readthedocs.io/en/latest/ to better understand
      -- what these options do.

      -- List of crypto-methods to use.
      methods = {'salsa2012+umac'},
      -- configurable = true,
      -- syslog_level = 'warn',

      groups = {
        backbone = {
          -- Limit number of connected peers to reduce bandwidth.
          limit = 1,

          -- List of peers.
          peers = {
          peer1 = {
              key = 'ae120edbbd07dce57c2ed6ebefd112886a1416322e7a98352866eed1e0d633cc',
              remotes = {
	      'ipv4 "vpn1.kbu.freifunk.net" port 10010',
	      'ipv4 "vpn1.ffkbu.de" port 10010'	      
	      },
          },
          peer2 = {
              key = '3e01de6c771cf5a50375de4f05e51f7d9251b5659ab9fb54040bf41df411ae46',
              remotes = {
	      'ipv4 "vpn2.kbu.freifunk.net" port 10010',
	      'ipv4 "vpn2.ffkbu.de" port 10010'	      
	      },
          },
          peer3 = {
              key = 'c46d7e141b60be6e57ada3087f1b25beb0bfb51e6b42d1c7f02a067d89c13a1a',
              remotes = {
	      'ipv4 "vpn3.kbu.freifunk.net" port 10010',
	      'ipv4 "vpn3.ffkbu.de" port 10010'	      
	      },
          },
          peer4 = {
              key = 'f4aff2422921822102ed6e67807b0b5db334f04e071356d30fe6c927b8bb9839',
              remotes = {
	      'ipv4 "vpn4.kbu.freifunk.net" port 10010',
	      'ipv4 "vpn4.ffkbu.de" port 10010'	      
	      },
          },
          peer5 = {
              key = 'a6df938cfde83b437346c91e2e548516a25321fb72820f9f757d9479240e26af',
              remotes = {
	      'ipv4 "vpn5.kbu.freifunk.net" port 10009',
	      'ipv4 "vpn5.ffkbu.de" port 10009'	      
	      },
          },
          peer6 = {
              key = 'f125456692a9804885ebc33375d0de6ac934b317fc45682849019704d8ee830d',
              remotes = {
	      'ipv4 "vpn6.kbu.freifunk.net" port 10009',
	      'ipv4 "vpn6.ffkbu.de" port 10009'	      
	      },
          },
          peer7 = {
              key = '389e8ebdf7a7329279b2eb006bd3cf92691eb26f3518e1c596b8634c9f0a3002',
              remotes = {
	      'ipv4 "vpn7.kbu.freifunk.net" port 10009',
	      'ipv4 "vpn7.ffkbu.de" port 10009'	      
	      },
          },
          peer8 = {
              key = 'f9dddb5a3f184fc3b10a6b16205c2392be4d11ae0af4901cb901f7f0d103333a',
              remotes = {
	      'ipv4 "vpn8.kbu.freifunk.net" port 10009',
	      'ipv4 "vpn8.ffkbu.de" port 10009'	      
	      },
          },
          },

          -- Optional: nested peer groups
          -- groups = {
            -- backbone_sub = {
              -- ...
            -- },
          -- ...
          -- },
        },
        -- Optional: additional peer groups, possibly with other limits
        -- backbone2 = {
          -- ...
        -- },
      },
    },

    bandwidth_limit = {
      -- The bandwidth limit can be enabled by default here.
      enabled = false,

      -- Default upload limit (kbit/s).
      egress = 200,

      -- Default download limit (kbit/s).
      ingress = 3000,
    },
  },

  autoupdater = {
    -- Default branch. Don't forget to set GLUON_BRANCH when building!
    branch = 'stable',

    -- List of branches. You may define multiple branches.
    branches = {
      stable = {
        name = 'stable',

        -- List of mirrors to fetch images from. IPv6 required!
        mirrors = {'http://1.updates.services.ffhl/stable/sysupgrade'},

        -- Number of good signatures required.
        -- Have multiple maintainers sign your build and only
        -- accept it when a sufficient number of them have
        -- signed it.
        good_signatures = 2,

        -- List of public keys of maintainers.
        pubkeys = {
        },
      },
    },
  },
}