forked from imaginator/home-network
-
Notifications
You must be signed in to change notification settings - Fork 0
/
nanostationm2.settings
456 lines (408 loc) · 17.7 KB
/
nanostationm2.settings
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
#!/bin/bash
set -xe
# Setup a Nanostation M2 Loco
# curl -o code.bin https://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/openwrt-ar71xx-generic-ubnt-nano-m-squashfs-factory.bin
# Turn on device and keep reset button pressed for ~10 seconds: LEDs start flashing differently.
# echo -e "binary\nrexmt 1\ntimeout 60\ntrace\nput code.bin flash_update\n" | tftp 192.168.1.20
# flashing takes a while...
# <router reboots>
# ping 192.168.1.1
# cat <device>.settings| ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@192.168.1.1
# for roaming support we need to know the MAC address
imagifi2_nasid="000000000000" && [[ -e /sys/class/net/imagifi2/address ]] && imagifi2_nasid=$(cat /sys/class/net/imagifi2/address | tr -d \:)
# imagifi2_r1_key_holder="000000000000" && [[ -e /sys/class/net/imagifi2/address ]] && imagifi2_r1_key_holder=$(cat /sys/class/net/imagifi2/address | tr -d \:)
# freifunk_nasid="000000000000" && [[ -e /sys/class/net/freifunk/address ]] && freifunk_nasid=$(cat /sys/class/net/freifunk/address | tr -d \:)
# freifunk_r1_key_holder="000000000000" && [[ -e /sys/class/net/freifunk/address ]] && freifunk_r1_key_holder=$(cat /sys/class/net/freifunk/address | tr -d \:)
# little hack to ensure system hostname = dhcp given hostname
system_hostname=$(ubus -v call network.interface.trusted status | jsonfilter -e "@.data.hostname") || true
uci import system <<EOF
EOF
uci add system system
uci set system.@system[-1]=system
uci set system.@system[-1].hostname="$system_hostname"
uci set system.@system[-1].zonename='UTC'
uci set system.@system[-1].timezone='UTC'
uci set system.@system[-1].conloglevel='8'
uci set system.@system[-1].klogconloglevel='8'
uci set system.@system[-1].cronloglevel='0'
uci set system.@system[-1].log_size='128'
uci set system.@system[-1].log_buffer_size='64'
uci set system.@system[-1].log_ip='10.7.11.1'
uci set system.@system[-1].log_proto='tcp'
uci set system.@system[-1].log_remote='1'
uci add system ntp
uci set system.ntp=timeserver
uci set system.ntp.enabled=1
uci add_list system.ntp.server='0.de.pool.ntp.org'
uci add_list system.ntp.server='1.de.pool.ntp.org'
uci add_list system.ntp.server='2.de.pool.ntp.org'
uci commit system
uci add system led
uci set system.@led[-1]=led
uci set system.@led[-1].sysfs='ubnt:red:link1'
uci set system.@led[-1].trigger='netdev'
uci set system.@led[-1].name='imagifi2-rx'
uci set system.@led[-1].dev='imagifi2'
uci set system.@led[-1].mode='rx'
uci set system.@led[-1].default='0'
uci commit system.@led[-1]
uci add system led
uci set system.@led[-1]=led
uci set system.@led[-1].sysfs='ubnt:orange:link2'
uci set system.@led[-1].trigger='netdev'
uci set system.@led[-1].name='imagifi2-tx'
uci set system.@led[-1].dev='imagifi2'
uci set system.@led[-1].mode='tx'
uci set system.@led[-1].default='0'
uci commit system.@led[-1]
uci add system led
uci set system.@led[-1]=led
uci set system.@led[-1].sysfs='ubnt:green:link3'
uci set system.@led[-1].trigger='netdev'
uci set system.@led[-1].name='freifunk-rx'
uci set system.@led[-1].dev='freifunk'
uci set system.@led[-1].mode='rx'
uci set system.@led[-1].default='0'
uci commit system.@led[-1]
uci add system led
uci set system.@led[-1]=led
uci set system.@led[-1].sysfs='ubnt:green:link4'
uci set system.@led[-1].trigger='netdev'
uci set system.@led[-1].name='freifunk-tx'
uci set system.@led[-1].dev='freifunk'
uci set system.@led[-1].mode='tx'
uci set system.@led[-1].default='0'
uci commit system.@led[-1]
uci add system led
uci set system.@led[-1].trigger='none'
uci set system.@led[-1].sysfs='ubnt:blue:dome'
uci set system.@led[-1].name='disable blue'
uci set system.@led[-1].default='0'
uci commit system.@led[-1]
uci add system led
uci set system.@led[-1].trigger='none'
uci set system.@led[-1].sysfs='ubnt:white:dome'
uci set system.@led[-1].name='disable white'
uci set system.@led[-1].default='0'
uci commit system.@led[-1]
uci import dropbear <<EOF
EOF
uci add dropbear dropbear
uci set dropbear.@dropbear[-1]=dropbear
uci set dropbear.@dropbear[-1].Port='22'
uci set dropbear.@dropbear[-1].PasswordAuth='0'
uci set dropbear.@dropbear[-1].RootPasswordAuth='0'
uci commit dropbear
cat <<'EOF' > /etc/dropbear/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHwK3f7YB4qmDKgnZ6yKaQlLEdDAFaVbNREiE2gyHwSN simon@imaginator.com
EOF
chmod 0600 /etc/dropbear/authorized_keys
uci import network <<EOF
EOF
uci set network.loopback=interface
uci set network.loopback.ifname='lo'
uci set network.loopback.proto='static'
uci set network.loopback.ipaddr='127.0.0.1'
uci set network.loopback.netmask='255.0.0.0'
uci set network.trusted=interface
uci set network.trusted.type='bridge'
uci set network.trusted.igmp_snooping=1
uci add_list network.trusted.ifname='eth0.2' # unifi-ac-lite
uci add_list network.trusted.ifname='eth1.2' # unifi-m2-loco
uci set network.trusted.proto='dhcp'
uci set network.trusted6=interface
uci set network.trusted6.ifname='@trusted'
uci set network.trusted6.proto='dhcpv6'
uci set network.trusted6.reqprefix='no'
uci set network.notrust=interface
uci set network.notrust.type='bridge'
uci add_list network.notrust.ifname='eth0.3' # unifi-ac-lite
uci add_list network.notrust.ifname='eth1.3' # unifi-m2-loco
uci set network.notrust.proto='none'
uci set network.iot=interface
uci set network.iot.type='bridge'
uci add_list network.iot.ifname='eth0.5' # unifi-ac-lite
uci add_list network.iot.ifname='eth1.5' # unifi-m2-loco
uci set network.iot.proto='none'
uci commit network
uci import wireless <<EOF
EOF
# 2.4 GHz
uci set wireless.radio0=wifi-device
uci set wireless.radio0.channel='auto'
uci add_list wireless.radio0.channels="1"
uci add_list wireless.radio0.channels="6"
uci add_list wireless.radio0.channels="11"
uci set wireless.radio0.country='DE'
uci set wireless.radio0.distance=30
uci set wireless.radio0.htmode='HT20'
uci set wireless.radio0.hwmode='11g'
uci set wireless.radio0.legacy_rates=0
uci set wireless.radio0.log_level=0 # 0=verbose
case "$system_hostname" in
repeater-lounge|repeater-bedroom1)
uci set wireless.radio0.path='platform/qca956x_wmac'
;;
*)
uci set wireless.radio0.path='pci0000:00/0000:00:00.0'
;;
esac
uci set wireless.radio0.type='mac80211'
# uci set wireless.radio0.txpower='15'
uci commit wireless.radio0
# 5.8 Ghz
uci set wireless.radio1=wifi-device
uci set wireless.radio1.channel='auto'
#uci add_list wireless.radio1.channels="36-48" # non-DFS but busy with neighbours
uci add_list wireless.radio1.channels="52-144" # DFS
#uci add_list wireless.radio1.channels="149-173" # "indoor only" and not supported by Android
uci set wireless.radio1.doth=1
uci set wireless.radio1.country='DE'
uci set wireless.radio1.distance=30
uci set wireless.radio1.htmode='VHT80'
uci set wireless.radio1.hwmode='11a'
uci set wireless.radio1.legacy_rates=0
uci set wireless.radio1.log_level=0 # 0=verbose
case "$system_hostname" in
repeater-lounge|repeater-bedroom1)
uci set wireless.radio1.path='pci0000:00/0000:00:00.0'
;;
*)
uci set wireless.radio1.path='dummy'
;;
esac
uci set wireless.radio1.type='mac80211'
#uci set wireless.radio1.txpower='11'
uci commit wireless.radio1
uci set wireless.imagifi2=wifi-iface
uci set wireless.imagifi2.ssid='imagiFi'
uci set wireless.imagifi2.device='radio0'
uci set wireless.imagifi2.bss_transition='1'
uci set wireless.imagifi2.disassoc_low_ack=0
uci set wireless.imagifi2.encryption='psk2+ccmp'
uci set wireless.imagifi2.ft_over_ds='1'
uci set wireless.imagifi2.ft_psk_generate_local='1'
uci set wireless.imagifi2.ieee80211k='1'
uci set wireless.imagifi2.ieee80211r='1'
uci set wireless.imagifi2.ieee80211v='1'
uci set wireless.imagifi2.ieee80211w='0'
uci set wireless.imagifi2.ifname='imagifi2'
uci set wireless.imagifi2.key='${trusted_wifikey}'
uci set wireless.imagifi2.mode='ap'
uci set wireless.imagifi2.network='trusted'
uci set wireless.imagifi2.skip_inactivity_poll=1
uci set wireless.imagifi2.time_advertisement='2'
uci set wireless.imagifi2.time_zone='CET-1CEST-2,M3.5.0/02:00:00,M10.5.0/03:00:00'
uci set wireless.imagifi2.wnm_sleep_mode='1'
uci commit wireless.imagifi2
uci set wireless.imagifi25=wifi-iface
uci set wireless.imagifi25.ssid='imagiFi'
uci set wireless.imagifi25.device='radio1'
uci set wireless.imagifi25.bss_transition='1'
uci set wireless.imagifi25.disassoc_low_ack=0
uci set wireless.imagifi25.encryption='psk2+ccmp'
uci set wireless.imagifi25.ft_over_ds='1'
uci set wireless.imagifi25.ft_psk_generate_local='1'
uci set wireless.imagifi25.ieee80211k='1'
uci set wireless.imagifi25.ieee80211r='1'
uci set wireless.imagifi25.ieee80211v='1'
uci set wireless.imagifi25.ieee80211w='0'
uci set wireless.imagifi25.ifname='imagifi25'
uci set wireless.imagifi25.key='${trusted_wifikey}'
uci set wireless.imagifi25.mode='ap'
uci set wireless.imagifi25.network='trusted'
uci set wireless.imagifi25.skip_inactivity_poll=1
uci set wireless.imagifi25.time_advertisement='2'
uci set wireless.imagifi25.time_zone='CET-1CEST-2,M3.5.0/02:00:00,M10.5.0/03:00:00'
uci set wireless.imagifi25.wnm_sleep_mode='1'
uci commit wireless.imagifi25
uci set wireless.imagifi5=wifi-iface
uci set wireless.imagifi5.ssid='imagiFi 5'
uci set wireless.imagifi5.device='radio1'
uci set wireless.imagifi5.bss_transition='1'
uci set wireless.imagifi5.disassoc_low_ack=0
uci set wireless.imagifi5.encryption='psk2+ccmp'
uci set wireless.imagifi5.ft_over_ds='1'
uci set wireless.imagifi5.ft_psk_generate_local='1'
uci set wireless.imagifi5.ieee80211k='1'
uci set wireless.imagifi5.ieee80211r='1'
uci set wireless.imagifi5.ieee80211v='1'
uci set wireless.imagifi5.ieee80211w='0'
uci set wireless.imagifi5.ifname='imagifi5'
uci set wireless.imagifi5.key='${trusted_wifikey}'
uci set wireless.imagifi5.mode='ap'
uci set wireless.imagifi5.network='trusted'
uci set wireless.imagifi5.skip_inactivity_poll=1
uci set wireless.imagifi5.time_advertisement='2'
uci set wireless.imagifi5.time_zone='CET-1CEST-2,M3.5.0/02:00:00,M10.5.0/03:00:00'
uci set wireless.imagifi5.wnm_sleep_mode='1'
uci commit wireless.imagifi5
uci set wireless.iot2=wifi-iface
uci set wireless.iot2.ssid='imagiFi IoT'
uci set wireless.iot2.device='radio0'
uci set wireless.iot2.bss_transition='1'
uci set wireless.iot2.disassoc_low_ack=0
uci set wireless.iot2.encryption='psk2+ccmp'
uci set wireless.iot2.ft_over_ds='1'
uci set wireless.iot2.ft_psk_generate_local='1'
uci set wireless.iot2.ieee80211k='1'
uci set wireless.iot2.ieee80211r='1'
uci set wireless.iot2.ieee80211v='1'
uci set wireless.iot2.ieee80211w='0'
uci set wireless.iot2.ifname='iot2'
uci set wireless.iot2.isolate='1'
uci set wireless.iot2.key='${iot_wifikey}'
uci set wireless.iot2.mode='ap'
uci set wireless.iot2.network='iot'
uci set wireless.iot2.skip_inactivity_poll=1
uci set wireless.iot2.time_advertisement='2'
uci set wireless.iot2.time_zone='CET-1CEST-2,M3.5.0/02:00:00,M10.5.0/03:00:00'
uci set wireless.iot2.wnm_sleep_mode='1'
uci commit wireless.iot2
uci set wireless.iot5=wifi-iface
uci set wireless.iot5.ssid='imagiFi IoT'
uci set wireless.iot5.device='radio1'
uci set wireless.iot5.bss_transition='1'
uci set wireless.iot5.disassoc_low_ack=0
uci set wireless.iot5.encryption='psk2+ccmp'
uci set wireless.iot5.ft_over_ds='1'
uci set wireless.iot5.ft_psk_generate_local='1'
uci set wireless.iot5.ieee80211k='1'
uci set wireless.iot5.ieee80211r='1'
uci set wireless.iot5.ieee80211v='1'
uci set wireless.iot5.ieee80211w='0'
uci set wireless.iot5.ifname='iot5'
uci set wireless.iot5.isolate='1'
uci set wireless.iot5.key='${iot_wifikey}'
uci set wireless.iot5.mode='ap'
uci set wireless.iot5.network='iot'
uci set wireless.iot5.skip_inactivity_poll=1
uci set wireless.iot5.time_advertisement='2'
uci set wireless.iot5.time_zone='CET-1CEST-2,M3.5.0/02:00:00,M10.5.0/03:00:00'
uci set wireless.iot5.wnm_sleep_mode='1'
uci commit wireless.iot5
# open APs below (no roaming possible)
uci set wireless.f17free2=wifi-iface
uci set wireless.f17free2.ssid='Falckensteinstr 17 Free WiFi'
uci set wireless.f17free2.device='radio0'
uci set wireless.f17free2.bss_transition='1'
uci set wireless.f17free2.disassoc_low_ack=0
uci set wireless.f17free2.encryption='none'
uci set wireless.f17free2.ieee80211k='1'
uci set wireless.f17free2.ieee80211r='1'
uci set wireless.f17free2.ieee80211v='1'
uci set wireless.f17free2.ieee80211w='0'
uci set wireless.f17free2.ifname='f17free2'
uci set wireless.f17free2.isolate='1'
uci set wireless.f17free2.mode='ap'
uci set wireless.f17free2.network='notrust'
uci set wireless.f17free2.skip_inactivity_poll=1
uci set wireless.f17free2.time_advertisement='2'
uci set wireless.f17free2.time_zone='CET-1CEST-2,M3.5.0/02:00:00,M10.5.0/03:00:00'
uci set wireless.f17free2.wnm_sleep_mode='1'
uci commit wireless.f17free2
uci set wireless.f17free5=wifi-iface
uci set wireless.f17free5.ssid='Falckensteinstr 17 Free WiFi'
uci set wireless.f17free5.device='radio1'
uci set wireless.f17free5.bss_transition='1'
uci set wireless.f17free5.disassoc_low_ack=0
uci set wireless.f17free5.encryption='none'
uci set wireless.f17free5.ieee80211k='1'
uci set wireless.f17free5.ieee80211r='1'
uci set wireless.f17free5.ieee80211v='1'
uci set wireless.f17free5.ieee80211w='0'
uci set wireless.f17free5.ifname='f17free5'
uci set wireless.f17free5.isolate='1'
uci set wireless.f17free5.mode='ap'
uci set wireless.f17free5.network='notrust'
uci set wireless.f17free5.skip_inactivity_poll=1
uci set wireless.f17free5.time_advertisement='2'
uci set wireless.f17free5.time_zone='CET-1CEST-2,M3.5.0/02:00:00,M10.5.0/03:00:00'
uci set wireless.f17free5.wnm_sleep_mode='1'
uci commit wireless.f17free5
uci set wireless.ffunk2=wifi-iface
uci set wireless.ffunk2.ssid='berlin.freifunk.net'
uci set wireless.ffunk2.device='radio0'
uci set wireless.ffunk2.bss_transition='1'
uci set wireless.ffunk2.disassoc_low_ack=0
uci set wireless.ffunk2.encryption='none'
uci set wireless.ffunk2.ieee80211k='1'
uci set wireless.ffunk2.ieee80211r='1'
uci set wireless.ffunk2.ieee80211v='1'
uci set wireless.ffunk2.ieee80211w='0'
uci set wireless.ffunk2.ifname='ffunk2'
uci set wireless.ffunk2.isolate='1'
uci set wireless.ffunk2.mode='ap'
uci set wireless.ffunk2.network='notrust'
uci set wireless.ffunk2.skip_inactivity_poll=1
uci set wireless.ffunk2.time_advertisement='2'
uci set wireless.ffunk2.time_zone='CET-1CEST-2,M3.5.0/02:00:00,M10.5.0/03:00:00'
uci set wireless.ffunk2.wnm_sleep_mode='1'
uci commit wireless.ffunk2
uci set wireless.ffunk5=wifi-iface
uci set wireless.ffunk5.ssid='berlin.freifunk.net'
uci set wireless.ffunk5.device='radio1'
uci set wireless.ffunk5.bss_transition='1'
uci set wireless.ffunk5.disassoc_low_ack=0
uci set wireless.ffunk5.encryption='none'
uci set wireless.ffunk5.ieee80211k='1'
uci set wireless.ffunk5.ieee80211r='1'
uci set wireless.ffunk5.ieee80211v='1'
uci set wireless.ffunk5.ieee80211w='0'
uci set wireless.ffunk5.ifname='ffunk5'
uci set wireless.ffunk5.isolate='1'
uci set wireless.ffunk5.mode='ap'
uci set wireless.ffunk5.network='notrust'
uci set wireless.ffunk5.skip_inactivity_poll=1
uci set wireless.ffunk5.time_advertisement='2'
uci set wireless.ffunk5.time_zone='CET-1CEST-2,M3.5.0/02:00:00,M10.5.0/03:00:00'
uci set wireless.ffunk5.wnm_sleep_mode='1'
uci commit wireless.ffunk5
uci import firewall <<EOF
EOF
uci add firewall defaults
uci set firewall.@defaults[-1]=defaults
uci set firewall.@defaults[-1].input=ACCEPT
uci set firewall.@defaults[-1].output=ACCEPT
uci set firewall.@defaults[-1].forward=ACCEPT
uci set firewall.@defaults[-1].drop_invalid=0
uci commit firewall
/etc/init.d/firewall disable || true
# metrics
uci import prometheus-node-exporter-lua<<EOF
EOF
uci set prometheus-node-exporter-lua.main=prometheus-node-exporter-lua
uci set prometheus-node-exporter-lua.main.listen_interface='trusted'
uci set prometheus-node-exporter-lua.main.listen_port='9100'
uci commit prometheus-node-exporter-lua
/etc/init.d/prometheus-node-exporter-lua enable || true
uci import umdns <<EOF
EOF
uci add umdns umdns
uci set umdns.@umdns[-1]=umdns
uci set umdns.@umdns[-1].jail='1'
uci add_list umdns.@umdns[-1].network='trusted'
uci commit umdns
# umdns may fail due to seccomp
if rm /etc/seccomp/umdns.json; then
/etc/init.d/umdns restart || true
fi
uci -q batch <<-EOF >/dev/null
# set dawn.@network[0].broadcast_ip='192.168.2.255'
set dawn.@network[0].shared_key='${dawn_key}'
set dawn.@network[0].iv='${dawn_iv}'
set dawn.@network[0].collision_domain='1'
set dawn.@metric[0].ht_support='10'
set dawn.@metric[0].vht_support='100'
set dawn.@metric[0].eval_probe_req='0'
set dawn.@metric[0].eval_auth_req='0'
set dawn.@metric[0].eval_assoc_req='0'
set dawn.@times[0].update_beacon_reports='0'
set dawn.@times[0].update_chan_util='0'
EOF
uci commit dawn
/etc/init.d/dawn disable
/etc/init.d/umdns disable
echo "all done with writing"
echo "rebooting..."
reboot