├── .gitignore ├── LICENSE ├── README.rst ├── chilli.yml ├── docs └── nnxx.png ├── files └── etc │ ├── config │ ├── chilli │ ├── olsrd2 │ └── openvpn │ ├── crontabs │ └── root │ └── profile ├── hosts ├── hosts.local ├── organizations ├── basilicata │ └── etc │ │ ├── banner │ │ ├── config │ │ ├── dhcp │ │ └── firewall │ │ └── uci-defaults │ │ └── 901_ninux-wireless ├── campania │ └── etc │ │ └── banner ├── defaults │ └── etc │ │ └── banner ├── firenze │ └── etc │ │ ├── banner │ │ ├── config │ │ └── firewall │ │ └── uci-defaults │ │ ├── 900_ninux-network │ │ └── 901_ninux-wireless ├── milano │ └── etc │ │ └── banner └── palermo │ └── etc │ ├── banner │ ├── config │ └── firewall │ └── uci-defaults │ ├── 900_ninux-network │ ├── 901_ninux-wireless │ └── 902_ninux-olsrd └── requirements.yml /.gitignore: -------------------------------------------------------------------------------- 1 | openwrt*/ 2 | lede*/ 3 | /generator/ 4 | /source/ 5 | *.DS_Store 6 | packages/ 7 | *.komodoproject 8 | private_hosts 9 | *.retry 10 | .komodotools 11 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017, Ninux.org 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | * Neither the name of OpenWISP nor the names of its 15 | contributors may be used to endorse or promote products derived from 16 | this software without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 22 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 24 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 25 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 26 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | NNXX ansible configurations 2 | =========================== 3 | 4 | .. image:: https://raw.githubusercontent.com/ninuxorg/nnxx-firmware/master/docs/nnxx.png 5 | :target: http://wiki.ninux.org/nnxx 6 | 7 | .. contents:: **Table of Contents**: 8 | :backlinks: none 9 | :depth: 3 10 | 11 | Introduction 12 | ============ 13 | 14 | This repository contains the ansible configurations of the various components that are being used 15 | in the `NNXX (Ninux Experimental) `_ infrastructure (ninux experimental). 16 | 17 | Firmware 18 | ======== 19 | 20 | The firmware is based on `LEDE `_ and the following additional software: 21 | 22 | - olsrd2 23 | - luci-ssl 24 | - openvpn 25 | - openwisp-config 26 | 27 | The firmware images are managed via `ansible-openwisp2-imagegenerator 28 | `_, an ansible role that allows 29 | to build several lede firmware images for different organizations while keeping track of their configurations 30 | (for more information regarding the process, see the project's README). 31 | 32 | Requirements 33 | ============ 34 | 35 | * a debian/ubuntu based VM 36 | * root access 37 | * at least 100 GB of free space 38 | 39 | Compiling 40 | --------- 41 | 42 | **Note**: please take some time to read about the `build process of ansible-openwisp2-imagegenerator 43 | `_. 44 | 45 | First of all, you have to install the *requirments roles* role via *ansible-galaxy*:: 46 | 47 | ansible-galaxy install -r requirements.yml 48 | 49 | In order to compile the firmware, you need to have access to one of the hosts listed in the `hosts 50 | `_, preferably via an SSH key installed on the server. 51 | 52 | Recompile the image builders and build all the images:: 53 | 54 | ansible-playbook -i hosts firmware.yml -l builder -u -e "recompile=1 cores=4" 55 | 56 | After the first compilation, you can avoid recompiling again by running:: 57 | 58 | ansible-playbook -i hosts firmware.yml -l builder -u 59 | 60 | Run only the building steps by using the specific tags:: 61 | 62 | ansible-playbook -i hosts firmware.yml -l builder -u -t generator,build 63 | 64 | Compiling on a private host 65 | --------------------------- 66 | 67 | To compile on a different host than the ones specified in the `hosts 68 | `_ file, create a ``private_hosts`` file:: 69 | 70 | [builder] 71 | my.project.org ansible_user=user ansible_port=22 72 | 73 | Now run:: 74 | 75 | ansible-playbook -i private_hosts firmware.yml -l builder -e "recompile=1 cores=4" 76 | -------------------------------------------------------------------------------- /chilli.yml: -------------------------------------------------------------------------------- 1 | - hosts: builder 2 | roles: 3 | - openwisp.openwisp2-imagegenerator 4 | vars: 5 | basedir: /home/jenkins/workspace/nnxx-firmware 6 | openwisp2fw_ssl_lib: mbedtls 7 | openwisp2fw_source_dir: "{{ basedir }}/source" 8 | openwisp2fw_generator_dir: "{{ basedir }}/generator" 9 | openwisp2fw_bin_dir: /var/www/downloads.openwisp.org/nnxx-firmware/firmware/ 10 | openwisp2fw_source_repo: https://github.com/openwrt/openwrt.git 11 | openwisp2fw_source_version: openwrt-18.06 12 | openwisp2fw_source_targets: 13 | - system: ar71xx 14 | subtarget: generic 15 | profile: Default 16 | - system: ipq806x 17 | profile: Default 18 | - system: mvebu 19 | subtarget: cortexa9 20 | profile: Default 21 | openwisp2fw_source_feeds: 22 | - method: src-git 23 | name: chilli 24 | location: https://github.com/openwisp/coova-chilli-openwrt.git 25 | branch: master 26 | - method: src-git 27 | name: openwisp 28 | location: https://github.com/openwisp/openwisp-config.git 29 | branch: master 30 | - method: src-git 31 | name: luciopenwisp 32 | location: https://github.com/openwisp/luci-openwisp.git 33 | branch: master 34 | - method: src-git 35 | name: packages 36 | location: https://github.com/openwrt/packages.git 37 | branch: openwrt-18.06 38 | - method: src-git 39 | name: luci 40 | location: https://github.com/openwrt/luci.git 41 | branch: openwrt-18.06 42 | - method: src-git 43 | name: targets 44 | location: https://github.com/openwrt/targets.git 45 | branch: master 46 | - method: src-git 47 | name: routing 48 | location: https://github.com/openwrt-routing/packages.git 49 | branch: openwrt-18.06 50 | # packages compiled during compilation step 51 | openwisp2fw_source_additional_packages: 52 | - wpad 53 | - iputils-ping 54 | - ip-full 55 | - wget 56 | - partx-utils 57 | - oonf-olsrd2 58 | - luci 59 | - luci-ssl 60 | - iputils-ping 61 | - ip-full 62 | - iwinfo 63 | - iperf3 64 | - ipip 65 | - kmod-ipip 66 | # chilli 67 | - coova-chilli 68 | - lua-cjson 69 | - rpcd-mod-iwinfo 70 | # content filtering 71 | - privoxy 72 | - e2guardian 73 | # WRT3200ACM: 74 | #- kmod-mac80211 75 | #- kmod-mmc 76 | - kmod-mwifiex-sdio 77 | - mwifiex-sdio-firmware 78 | #- kmod-mwlwifi 79 | # other OpenWRT/LEDE configurations 80 | openwisp2fw_source_other_configs: 81 | # busybox 82 | - CONFIG_BUSYBOX_CUSTOM=y 83 | - CONFIG_BUSYBOX_CONFIG_FEATURE_EDITING_SAVEHISTORY=y 84 | - CONFIG_BUSYBOX_CONFIG_FEATURE_EDITING_SAVE_ON_EXIT=y 85 | - CONFIG_BUSYBOX_CONFIG_FEATURE_REVERSE_SEARCH=y 86 | - CONFIG_BUSYBOX_CONFIG_FEATURE_VI_UNDO=y 87 | - CONFIG_BUSYBOX_CONFIG_WATCH=y 88 | # olsrd2 89 | - CONFIG_OONF_NHDP_AUTOLL4=y 90 | - CONFIG_OONF_OLSRV2_LAN_IMPORT=y 91 | # chilli 92 | - CONFIG_COOVACHILLI_REDIR=y 93 | - CONFIG_COOVACHILLI_OPENSSL=y 94 | # workaround to avoid conflicts between wpad and wpad-mini 95 | - "# CONFIG_PACKAGE_wpad-mini is not set" 96 | # packages passed to "PACKAGES" flag of image builder (in the image building step) 97 | openwisp2fw_default_packages: 98 | - -ppp 99 | - -ppp-mod-pppoe 100 | - -wpad-mini 101 | - wpad 102 | - uhttpd 103 | - uhttpd-mod-ubus 104 | - openvpn-{{ openwisp2fw_ssl_lib }} 105 | - openwisp-config-{{ openwisp2fw_ssl_lib }} 106 | # packages used in the full flavour 107 | nnxx_full_packages: 108 | - iputils-ping 109 | - ip-full 110 | - wget 111 | - partx-utils 112 | - iputils-ping 113 | - ip-full 114 | - iwinfo 115 | - iperf3 116 | - ipip 117 | - kmod-ipip 118 | - libustream-{{ openwisp2fw_ssl_lib }} 119 | - px5g 120 | - luci-ssl 121 | #- bind-client 122 | # packages used in the chilli flavour 123 | nnxx_chilli: 124 | - coova-chilli 125 | - lua-cjson 126 | - rpcd-mod-iwinfo 127 | content_filtering: 128 | - privoxy 129 | - e2guardian 130 | olsrd2_packages: 131 | - oonf-olsrd2 132 | WRT3200ACM: 133 | #- kmod-mac80211 134 | #- kmod-mmc 135 | - kmod-mwifiex-sdio 136 | - mwifiex-sdio-firmware 137 | #- kmod-mwlwifi 138 | # packages used in flavours 139 | base_packages: "{{ openwisp2fw_default_packages + nnxx_full_packages + olsrd2_packages }}" 140 | hotspot_packages: "{{ openwisp2fw_default_packages + nnxx_full_packages + olsrd2_packages + nnxx_chilli + content_filtering }}" 141 | # definition of available flavours 142 | openwisp2fw_image_flavours: 143 | base: 144 | ar71xx: 145 | packages: "{{ base_packages }}" 146 | hotspot: 147 | ar71xx: 148 | packages: "{{ hotspot_packages }}" 149 | ipq806x: 150 | packages: "{{ hotspot_packages }}" 151 | mvebu: 152 | packages: "{{ hotspot_packages + WRT3200ACM }}" 153 | # definition of organizations 154 | default_openwisp2_url: https://openwisp.nnxx.ninux.org 155 | openwisp2fw_organizations: 156 | - name: basilicata 157 | flavours: 158 | - base 159 | - hotspot 160 | openwisp: 161 | url: "{{ default_openwisp2_url }}" 162 | shared_secret: Secretn1nuxB4s 163 | unmanaged: "{{ openwisp2fw_default_unmanaged }}" 164 | management_interface: "vpnbas" 165 | 166 | -------------------------------------------------------------------------------- /docs/nnxx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninuxorg/ansible-nnxx/edd783a673b181878e3e5ac72cc1c674aa95c31f/docs/nnxx.png -------------------------------------------------------------------------------- /files/etc/config/chilli: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninuxorg/ansible-nnxx/edd783a673b181878e3e5ac72cc1c674aa95c31f/files/etc/config/chilli -------------------------------------------------------------------------------- /files/etc/config/olsrd2: -------------------------------------------------------------------------------- 1 | config global 'global' 2 | option failfast 'no' 3 | option lockfile '/var/lock/olsrd2' 4 | option pidfile '/var/run/olsrd2.pid' 5 | 6 | config log 'log' 7 | option file '/var/log/olsrd2.log' 8 | option stderr 'true' 9 | option syslog 'true' 10 | -------------------------------------------------------------------------------- /files/etc/config/openvpn: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninuxorg/ansible-nnxx/edd783a673b181878e3e5ac72cc1c674aa95c31f/files/etc/config/openvpn -------------------------------------------------------------------------------- /files/etc/crontabs/root: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninuxorg/ansible-nnxx/edd783a673b181878e3e5ac72cc1c674aa95c31f/files/etc/crontabs/root -------------------------------------------------------------------------------- /files/etc/profile: -------------------------------------------------------------------------------- 1 | 2 | #!/bin/sh 3 | [ -f /etc/banner ] && cat /etc/banner 4 | 5 | export PATH=/usr/bin:/usr/sbin:/bin:/sbin 6 | export HOME=$(grep -e "^${USER:-root}:" /etc/passwd | cut -d ":" -f 6) 7 | export HOME=${HOME:-/root} 8 | export PS1="\u@\h:\w\$ " 9 | 10 | [ -x /bin/more ] || alias more=less 11 | [ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi 12 | 13 | [ -z "$KSH_VERSION" -o \! -s /etc/mkshrc ] || . /etc/mkshrc 14 | 15 | [ -x /usr/bin/arp ] || arp() { cat /proc/net/arp; } 16 | [ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; } 17 | 18 | C_RESET="\033[0m" 19 | C_BOLD_RED="\033[1;31m" 20 | C_BOLD_GREEN="\033[1;32m" 21 | C_BOLD_YELLOW="\033[1;33m" 22 | C_BOLD_BLUE="\033[1;34m" 23 | C_BOLD_CYAN="\033[1;36m" 24 | C_BOLD_WHITE="\033[1;37m" 25 | 26 | PS1="\[${C_BOLD_GREEN}\]\u\[${C_BOLD_WHITE}\]@\[${C_BOLD_RED}\]\h\[${C_BOLD_WHITE}\]:\[${C_BOLD_CYAN}\]\W\[${C_BOLD_YELLOW}\] \\$\[${C_RESET}\] " 27 | 28 | alias ll="ls -alF" 29 | 30 | alias netjsongraphv4="echo /netjsoninfo filter graph ipv4_0 | nc 127.0.0.1 2009" 31 | alias netjsongraphv6="echo /netjsoninfo filter graph ipv6_0 | nc 127.0.0.1 2009" 32 | alias restart-openwisp="rm /tmp/openwisp/checksum; /etc/init.d/openwisp_config restart; logread -f" 33 | -------------------------------------------------------------------------------- /hosts: -------------------------------------------------------------------------------- 1 | [builder] 2 | jenkins.nnxx.ninux.org ansible_user=jenkins ansible_port=2400 3 | -------------------------------------------------------------------------------- /hosts.local: -------------------------------------------------------------------------------- 1 | [builder] 2 | jenkins.nnxx.ninux.org ansible_connection=local 3 | -------------------------------------------------------------------------------- /organizations/basilicata/etc/banner: -------------------------------------------------------------------------------- 1 | _ _ _____ _ _ _ _ __ __ ____ _____ _____ 2 | | \ | ||_ _|| \ | || | | |\ \ / / / __ \ | __ \ / ____| 3 | | \| | | | | \| || | | | \ V / | | | || |__) || | __ 4 | | . ` | | | | . ` || | | | > < | | | || _ / | | |_ | 5 | | |\ | _| |_ | |\ || |__| | / . \ _| |__| || | \ \ | |__| | 6 | |_| \_||_____||_| \_| \____/ /_/ \_\(_)\____/ |_| \_\ \_____| 7 | 8 | -------------------------------------------------------------- 9 | The NNXX Firmware is based on LEDE 10 | https://lede-project.org/ 11 | -------------------------------------------------------------- 12 | * Lan HNA Space: 10.27.0.0/16 13 | * Backbone: 172.27.0.0/16 14 | * Web Site: http://basilicata.ninux.org 15 | * Wiki Nazionale: http://wiki.ninux.org/ 16 | * Controller: http://controller.basilicata.ninux.org/ 17 | -------------------------------------------------------------- 18 | -------------------------------------------------------------------------------- /organizations/basilicata/etc/config/dhcp: -------------------------------------------------------------------------------- 1 | config dnsmasq 2 | option domainneeded 1 3 | option boguspriv 1 4 | option filterwin2k 0 # enable for dial on demand 5 | option localise_queries 1 6 | option rebind_protection 1 # disable if upstream must serve RFC1918 addresses 7 | option rebind_localhost 1 # enable for RBL checking and similar services 8 | #list rebind_domain example.lan # whitelist RFC1918 responses for domains 9 | option local '/ninux/' 10 | option domain 'basilicata.nnxx' 11 | option expandhosts 1 12 | option nonegcache 0 13 | option authoritative 1 14 | option readethers 1 15 | option leasefile '/tmp/dhcp.leases' 16 | option resolvfile '/tmp/resolv.conf.auto' 17 | #list server '/mycompany.local/1.2.3.4' 18 | option nonwildcard 1 # bind to & keep track of interfaces 19 | #list interface br-lan 20 | #list notinterface lo 21 | #list bogusnxdomain '64.94.110.11' 22 | option localservice 1 # disable to allow DNS requests from non-local subnets 23 | 24 | config dhcp lan 25 | option interface lan 26 | option start 100 27 | option limit 200 28 | option leasetime 3h 29 | list dhcp_option '6,176.9.204.50,176.9.187.218,8.8.8.8,8.8.4.4' 30 | 31 | -------------------------------------------------------------------------------- /organizations/basilicata/etc/config/firewall: -------------------------------------------------------------------------------- 1 | config defaults 2 | option syn_flood '1' 3 | option input 'ACCEPT' 4 | option output 'ACCEPT' 5 | option forward 'ACCEPT' 6 | 7 | config zone 8 | option name 'lan' 9 | option input 'ACCEPT' 10 | option output 'ACCEPT' 11 | option forward 'ACCEPT' 12 | option network 'lan' 13 | 14 | config zone 15 | option name 'wan' 16 | option output 'ACCEPT' 17 | option forward 'REJECT' 18 | option masq '1' 19 | option mtu_fix '1' 20 | option network 'wan wan6' 21 | option input 'ACCEPT' 22 | 23 | config rule 24 | option name 'Allow-DHCP-Renew' 25 | option src 'wan' 26 | option proto 'udp' 27 | option dest_port '68' 28 | option target 'ACCEPT' 29 | option family 'ipv4' 30 | 31 | config rule 32 | option name 'Allow-Ping' 33 | option src 'wan' 34 | option proto 'icmp' 35 | option icmp_type 'echo-request' 36 | option family 'ipv4' 37 | option target 'ACCEPT' 38 | 39 | config rule 40 | option name 'Allow-DHCPv6' 41 | option src 'wan' 42 | option proto 'udp' 43 | option src_ip 'fe80::/10' 44 | option src_port '547' 45 | option dest_ip 'fe80::/10' 46 | option dest_port '546' 47 | option family 'ipv6' 48 | option target 'ACCEPT' 49 | 50 | config rule 51 | option name 'Allow-ICMPv6-Input' 52 | option src 'wan' 53 | option proto 'icmp' 54 | list icmp_type 'echo-request' 55 | list icmp_type 'echo-reply' 56 | list icmp_type 'destination-unreachable' 57 | list icmp_type 'packet-too-big' 58 | list icmp_type 'time-exceeded' 59 | list icmp_type 'bad-header' 60 | list icmp_type 'unknown-header-type' 61 | list icmp_type 'router-solicitation' 62 | list icmp_type 'neighbour-solicitation' 63 | list icmp_type 'router-advertisement' 64 | list icmp_type 'neighbour-advertisement' 65 | option limit '1000/sec' 66 | option family 'ipv6' 67 | option target 'ACCEPT' 68 | 69 | config rule 70 | option name 'Allow-ICMPv6-Forward' 71 | option src 'wan' 72 | option dest '*' 73 | option proto 'icmp' 74 | list icmp_type 'echo-request' 75 | list icmp_type 'echo-reply' 76 | list icmp_type 'destination-unreachable' 77 | list icmp_type 'packet-too-big' 78 | list icmp_type 'time-exceeded' 79 | list icmp_type 'bad-header' 80 | list icmp_type 'unknown-header-type' 81 | option limit '1000/sec' 82 | option family 'ipv6' 83 | option target 'ACCEPT' 84 | 85 | config include 86 | option path '/etc/firewall.user' 87 | 88 | config zone 89 | option name 'ninux' 90 | option input 'ACCEPT' 91 | option output 'ACCEPT' 92 | option forward 'ACCEPT' 93 | option network 'ninux' 94 | 95 | config forwarding 96 | option dest 'wan' 97 | option src 'lan' 98 | 99 | config forwarding 100 | option dest 'lan' 101 | option src 'ninux' 102 | 103 | config forwarding 104 | option dest 'ninux' 105 | option src 'lan' 106 | -------------------------------------------------------------------------------- /organizations/basilicata/etc/uci-defaults/901_ninux-wireless: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # remove default OpenWrt or LEDE wifi interfaces if present 3 | ssid1=$(uci get wireless.@wifi-iface[1].ssid 2> /dev/null) 4 | if [ "$ssid1" == "OpenWrt" ] || [ "$ssid1" == "lede" ]; then 5 | uci delete wireless.@wifi-iface[1] 6 | fi 7 | ssid0=$(uci get wireless.@wifi-iface[0].ssid 2> /dev/null) 8 | if [ "$ssid0" == "OpenWrt" ] || [ "$ssid0" == "lede" ]; then 9 | uci delete wireless.@wifi-iface[0] 10 | fi 11 | # access point radio 0 12 | uci set wireless.wifi_wlan0='wifi-iface' 13 | uci set wireless.wifi_wlan0.device=radio0 14 | uci set wireless.wifi_wlan0.ifname=ninux24 15 | uci set wireless.wifi_wlan0.encryption=none 16 | uci set wireless.wifi_wlan0.mode=ap 17 | uci set wireless.wifi_wlan0.network=lan 18 | uci set wireless.wifi_wlan0.ssid=ninux.org-basilicata 19 | uci set wireless.wifi_wlan0.wds=1 20 | 21 | # mesh radio 0 22 | uci set wireless.wifi_mesh0='wifi-iface' 23 | uci set wireless.wifi_mesh0.device=radio0 24 | uci set wireless.wifi_mesh0.encryption=none 25 | uci set wireless.wifi_mesh0.ifname=mesh0 26 | uci set wireless.wifi_mesh0.mesh_id=ninux 27 | uci set wireless.wifi_mesh0.mode=mesh 28 | uci set wireless.wifi_mesh0.network=mesh 29 | 30 | # access point radio 1 31 | uci set wireless.wifi_wlan1='wifi-iface' 32 | uci set wireless.wifi_wlan1.device=radio1 33 | uci set wireless.wifi_wlan1.ifname=ninux5 34 | uci set wireless.wifi_wlan1.encryption=none 35 | uci set wireless.wifi_wlan1.mode=ap 36 | uci set wireless.wifi_wlan1.network=lan 37 | uci set wireless.wifi_wlan1.ssid=ninux.org-basilicata 38 | uci set wireless.wifi_wlan1.wds=1 39 | 40 | # mesh radio 1 41 | uci set wireless.wifi_mesh1='wifi-iface' 42 | uci set wireless.wifi_mesh1.device=radio1 43 | uci set wireless.wifi_mesh1.encryption=none 44 | uci set wireless.wifi_mesh1.ifname=mesh1 45 | uci set wireless.wifi_mesh1.mesh_id=ninux 46 | uci set wireless.wifi_mesh1.mode=mesh 47 | uci set wireless.wifi_mesh1.network=mesh 48 | 49 | # enable radio0 if present 50 | radio0=$(uci get wireless.radio0 2> /dev/null) 51 | if [ "$radio0" == "wifi-device" ]; then 52 | uci set wireless.radio0.disabled=0 53 | fi 54 | # enable radio1 if present 55 | radio1=$(uci get wireless.radio1 2> /dev/null) 56 | if [ "$radio1" == "wifi-device" ]; then 57 | uci set wireless.radio1.disabled=0 58 | fi 59 | # commit 60 | uci commit wireless 61 | exit 0 62 | -------------------------------------------------------------------------------- /organizations/campania/etc/banner: -------------------------------------------------------------------------------- 1 | _ _ _____ _ _ _ _ __ __ ____ _____ _____ 2 | | \ | ||_ _|| \ | || | | |\ \ / / / __ \ | __ \ / ____| 3 | | \| | | | | \| || | | | \ V / | | | || |__) || | __ 4 | | . ` | | | | . ` || | | | > < | | | || _ / | | |_ | 5 | | |\ | _| |_ | |\ || |__| | / . \ _| |__| || | \ \ | |__| | 6 | |_| \_||_____||_| \_| \____/ /_/ \_\(_)\____/ |_| \_\ \_____| 7 | 8 | -------------------------------------------------------------- 9 | The NNXX Firmware is based on LEDE 10 | https://lede-project.org/ 11 | -------------------------------------------------------------- 12 | * Lan HNA Space: 10.80.0.0/16 13 | * Backbone: 172.30.0.0/16 14 | * Mailing list: http://ml.ninux.org/mailman/listinfo/campania 15 | * Controller: http://controller.basilicata.ninux.org/ 16 | * Wiki: http://wiki.ninux.org/nnxx 17 | -------------------------------------------------------------- 18 | -------------------------------------------------------------------------------- /organizations/defaults/etc/banner: -------------------------------------------------------------------------------- 1 | _ _ _____ _ _ _ _ __ __ ____ _____ _____ 2 | | \ | ||_ _|| \ | || | | |\ \ / / / __ \ | __ \ / ____| 3 | | \| | | | | \| || | | | \ V / | | | || |__) || | __ 4 | | . ` | | | | . ` || | | | > < | | | || _ / | | |_ | 5 | | |\ | _| |_ | |\ || |__| | / . \ _| |__| || | \ \ | |__| | 6 | |_| \_||_____||_| \_| \____/ /_/ \_\(_)\____/ |_| \_\ \_____| 7 | 8 | -------------------------------------------------------------- 9 | The NNXX Firmware is based on LEDE 10 | https://lede-project.org/ 11 | -------------------------------------------------------------- 12 | * Lan HNA Space: your-lan/16 13 | * Backbone: your-backbone/16 14 | * Mailing list: http://ml.ninux.org/mailman/listinfo/ninux-dev 15 | * Controller: https://openwisp.nnxx.ninux.org/ 16 | * Wiki: http://nnxx.ninux.org 17 | -------------------------------------------------------------- 18 | -------------------------------------------------------------------------------- /organizations/firenze/etc/banner: -------------------------------------------------------------------------------- 1 | _ _ _____ _ _ _ _ __ __ ____ _____ _____ 2 | | \ | ||_ _|| \ | || | | |\ \ / / / __ \ | __ \ / ____| 3 | | \| | | | | \| || | | | \ V / | | | || |__) || | __ 4 | | . ` | | | | . ` || | | | > < | | | || _ / | | |_ | 5 | | |\ | _| |_ | |\ || |__| | / . \ _| |__| || | \ \ | |__| | 6 | |_| \_||_____||_| \_| \____/ /_/ \_\(_)\____/ |_| \_\ \_____| 7 | 8 | -------------------------------------------------------------- 9 | The NNXX Firmware is based on OpenWRT 10 | https://openwrt.org 11 | -------------------------------------------------------------- 12 | * Lan HNA Space: 10.150.0.0/16 13 | * Backbone: 172.19.0.0/16 14 | * Web Site: http://firenze.ninux.org 15 | * Wiki Nazionale: http://wiki.ninux.org/ 16 | * Controller: http://controller.firenze.ninux.org/ 17 | -------------------------------------------------------------- 18 | -------------------------------------------------------------------------------- /organizations/firenze/etc/config/firewall: -------------------------------------------------------------------------------- 1 | config defaults 2 | option syn_flood '1' 3 | option input 'ACCEPT' 4 | option output 'ACCEPT' 5 | option forward 'ACCEPT' 6 | 7 | config zone 8 | option name 'lan' 9 | option input 'ACCEPT' 10 | option output 'ACCEPT' 11 | option forward 'ACCEPT' 12 | option network 'lan' 13 | 14 | config zone 15 | option name 'wan' 16 | option output 'ACCEPT' 17 | option forward 'REJECT' 18 | option masq '1' 19 | option mtu_fix '1' 20 | option network 'wan wan6' 21 | option input 'ACCEPT' 22 | 23 | config rule 24 | option name 'Allow-DHCP-Renew' 25 | option src 'wan' 26 | option proto 'udp' 27 | option dest_port '68' 28 | option target 'ACCEPT' 29 | option family 'ipv4' 30 | 31 | config rule 32 | option name 'Allow-Ping' 33 | option src 'wan' 34 | option proto 'icmp' 35 | option icmp_type 'echo-request' 36 | option family 'ipv4' 37 | option target 'ACCEPT' 38 | 39 | config rule 40 | option name 'Allow-DHCPv6' 41 | option src 'wan' 42 | option proto 'udp' 43 | option src_ip 'fe80::/10' 44 | option src_port '547' 45 | option dest_ip 'fe80::/10' 46 | option dest_port '546' 47 | option family 'ipv6' 48 | option target 'ACCEPT' 49 | 50 | config rule 51 | option name 'Allow-ICMPv6-Input' 52 | option src 'wan' 53 | option proto 'icmp' 54 | list icmp_type 'echo-request' 55 | list icmp_type 'echo-reply' 56 | list icmp_type 'destination-unreachable' 57 | list icmp_type 'packet-too-big' 58 | list icmp_type 'time-exceeded' 59 | list icmp_type 'bad-header' 60 | list icmp_type 'unknown-header-type' 61 | list icmp_type 'router-solicitation' 62 | list icmp_type 'neighbour-solicitation' 63 | list icmp_type 'router-advertisement' 64 | list icmp_type 'neighbour-advertisement' 65 | option limit '1000/sec' 66 | option family 'ipv6' 67 | option target 'ACCEPT' 68 | 69 | config rule 70 | option name 'Allow-ICMPv6-Forward' 71 | option src 'wan' 72 | option dest '*' 73 | option proto 'icmp' 74 | list icmp_type 'echo-request' 75 | list icmp_type 'echo-reply' 76 | list icmp_type 'destination-unreachable' 77 | list icmp_type 'packet-too-big' 78 | list icmp_type 'time-exceeded' 79 | list icmp_type 'bad-header' 80 | list icmp_type 'unknown-header-type' 81 | option limit '1000/sec' 82 | option family 'ipv6' 83 | option target 'ACCEPT' 84 | 85 | config include 86 | option path '/etc/firewall.user' 87 | 88 | config zone 89 | option name 'ninux' 90 | option input 'ACCEPT' 91 | option output 'ACCEPT' 92 | option forward 'ACCEPT' 93 | option network 'ninux' 94 | 95 | config forwarding 96 | option dest 'wan' 97 | option src 'lan' 98 | 99 | config forwarding 100 | option dest 'lan' 101 | option src 'ninux' 102 | 103 | config forwarding 104 | option dest 'ninux' 105 | option src 'lan' 106 | -------------------------------------------------------------------------------- /organizations/firenze/etc/uci-defaults/900_ninux-network: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | uci batch <<-EOF 3 | set network.ninux=interface 4 | set network.ninux.ifname=ninux 5 | set network.ninux.proto=none 6 | commit network 7 | EOF 8 | exit 0 9 | -------------------------------------------------------------------------------- /organizations/firenze/etc/uci-defaults/901_ninux-wireless: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # remove default OpenWrt or LEDE wifi interfaces if present 3 | ssid1=$(uci get wireless.@wifi-iface[1].ssid 2> /dev/null) 4 | if [ "$ssid1" == "OpenWrt" ] || [ "$ssid1" == "lede" ]; then 5 | uci delete wireless.@wifi-iface[1] 6 | fi 7 | ssid0=$(uci get wireless.@wifi-iface[0].ssid 2> /dev/null) 8 | if [ "$ssid0" == "OpenWrt" ] || [ "$ssid0" == "lede" ]; then 9 | uci delete wireless.@wifi-iface[0] 10 | fi 11 | # mesh 12 | uci set wireless.wifi_ninux='wifi-iface' 13 | uci set wireless.wifi_ninux.device=radio1 14 | uci set wireless.wifi_ninux.ifname=ninux 15 | uci set wireless.wifi_ninux.encryption=none 16 | uci set wireless.wifi_ninux.mode=adhoc 17 | uci set wireless.wifi_ninux.network=ninux 18 | uci set wireless.wifi_ninux.ssid=ninux.org 19 | # access point 20 | uci set wireless.wifi_wlan0='wifi-iface' 21 | uci set wireless.wifi_wlan0.device=radio0 22 | uci set wireless.wifi_wlan0.ifname=wlan0 23 | uci set wireless.wifi_wlan0.encryption=none 24 | uci set wireless.wifi_wlan0.mode=ap 25 | uci set wireless.wifi_wlan0.network=lan 26 | uci set wireless.wifi_wlan0.ssid=ninux.org-firenze 27 | uci set wireless.wifi_wlan0.wds=1 28 | # enable radio0 if present 29 | radio0=$(uci get wireless.radio0 2> /dev/null) 30 | if [ "$radio0" == "wifi-device" ]; then 31 | uci set wireless.radio0.disabled=0 32 | fi 33 | # enable radio1 if present 34 | radio1=$(uci get wireless.radio1 2> /dev/null) 35 | if [ "$radio1" == "wifi-device" ]; then 36 | uci set wireless.radio1.disabled=0 37 | fi 38 | # commit 39 | uci commit wireless 40 | exit 0 41 | -------------------------------------------------------------------------------- /organizations/milano/etc/banner: -------------------------------------------------------------------------------- 1 | _ _ _____ _ _ _ _ __ __ ____ _____ _____ 2 | | \ | ||_ _|| \ | || | | |\ \ / / / __ \ | __ \ / ____| 3 | | \| | | | | \| || | | | \ V / | | | || |__) || | __ 4 | | . ` | | | | . ` || | | | > < | | | || _ / | | |_ | 5 | | |\ | _| |_ | |\ || |__| | / . \ _| |__| || | \ \ | |__| | 6 | |_| \_||_____||_| \_| \____/ /_/ \_\(_)\____/ |_| \_\ \_____| 7 | 8 | -------------------------------------------------------------- 9 | The NNXX Firmware is based on LEDE 10 | https://lede-project.org/ 11 | -------------------------------------------------------------- 12 | * Lan HNA Space: your-lan/16 13 | * Backbone: your-backbone/16 14 | * Mailing list: http://ml.ninux.org/mailman/listinfo/ninux-dev 15 | * Controller: https://openwisp.nnxx.ninux.org/ 16 | * Wiki: http://nnxx.ninux.org 17 | -------------------------------------------------------------- 18 | -------------------------------------------------------------------------------- /organizations/palermo/etc/banner: -------------------------------------------------------------------------------- 1 | _ _ _____ _ _ _ _ __ __ ____ _____ _____ 2 | | \ | ||_ _|| \ | || | | |\ \ / / / __ \ | __ \ / ____| 3 | | \| | | | | \| || | | | \ V / | | | || |__) || | __ 4 | | . ` | | | | . ` || | | | > < | | | || _ / | | |_ | 5 | | |\ | _| |_ | |\ || |__| | / . \ _| |__| || | \ \ | |__| | 6 | |_| \_||_____||_| \_| \____/ /_/ \_\(_)\____/ |_| \_\ \_____| 7 | 8 | -------------------------------------------------------------- 9 | The NNXX Firmware is based on LEDE 10 | https://lede-project.org/ 11 | -------------------------------------------------------------- 12 | * Lan HNA Space: 10.94.0.0/16 13 | * Backbone: 172.31.90.0/24 14 | * Mailing list: http://ml.ninux.org/mailman/listinfo/sicilia 15 | * Controller: http://controller.basilicata.ninux.org/ 16 | * Wiki: http://wiki.ninux.org/nnxx 17 | -------------------------------------------------------------- 18 | -------------------------------------------------------------------------------- /organizations/palermo/etc/config/firewall: -------------------------------------------------------------------------------- 1 | config defaults 2 | option syn_flood '1' 3 | option input 'ACCEPT' 4 | option output 'ACCEPT' 5 | option forward 'ACCEPT' 6 | 7 | config zone 8 | option name 'lan' 9 | option input 'ACCEPT' 10 | option output 'ACCEPT' 11 | option forward 'ACCEPT' 12 | option network 'lan' 13 | 14 | config zone 15 | option name 'wan' 16 | option output 'ACCEPT' 17 | option forward 'REJECT' 18 | option masq '1' 19 | option mtu_fix '1' 20 | option network 'wan wan6' 21 | option input 'ACCEPT' 22 | 23 | config rule 24 | option name 'Allow-DHCP-Renew' 25 | option src 'wan' 26 | option proto 'udp' 27 | option dest_port '68' 28 | option target 'ACCEPT' 29 | option family 'ipv4' 30 | 31 | config rule 32 | option name 'Allow-Ping' 33 | option src 'wan' 34 | option proto 'icmp' 35 | option icmp_type 'echo-request' 36 | option family 'ipv4' 37 | option target 'ACCEPT' 38 | 39 | config rule 40 | option name 'Allow-DHCPv6' 41 | option src 'wan' 42 | option proto 'udp' 43 | option src_ip 'fe80::/10' 44 | option src_port '547' 45 | option dest_ip 'fe80::/10' 46 | option dest_port '546' 47 | option family 'ipv6' 48 | option target 'ACCEPT' 49 | 50 | config rule 51 | option name 'Allow-ICMPv6-Input' 52 | option src 'wan' 53 | option proto 'icmp' 54 | list icmp_type 'echo-request' 55 | list icmp_type 'echo-reply' 56 | list icmp_type 'destination-unreachable' 57 | list icmp_type 'packet-too-big' 58 | list icmp_type 'time-exceeded' 59 | list icmp_type 'bad-header' 60 | list icmp_type 'unknown-header-type' 61 | list icmp_type 'router-solicitation' 62 | list icmp_type 'neighbour-solicitation' 63 | list icmp_type 'router-advertisement' 64 | list icmp_type 'neighbour-advertisement' 65 | option limit '1000/sec' 66 | option family 'ipv6' 67 | option target 'ACCEPT' 68 | 69 | config rule 70 | option name 'Allow-ICMPv6-Forward' 71 | option src 'wan' 72 | option dest '*' 73 | option proto 'icmp' 74 | list icmp_type 'echo-request' 75 | list icmp_type 'echo-reply' 76 | list icmp_type 'destination-unreachable' 77 | list icmp_type 'packet-too-big' 78 | list icmp_type 'time-exceeded' 79 | list icmp_type 'bad-header' 80 | list icmp_type 'unknown-header-type' 81 | option limit '1000/sec' 82 | option family 'ipv6' 83 | option target 'ACCEPT' 84 | 85 | config include 86 | option path '/etc/firewall.user' 87 | 88 | config zone 89 | option name 'ninux' 90 | option input 'ACCEPT' 91 | option output 'ACCEPT' 92 | option forward 'ACCEPT' 93 | option network 'ninux' 94 | 95 | config forwarding 96 | option dest 'wan' 97 | option src 'lan' 98 | 99 | config forwarding 100 | option dest 'lan' 101 | option src 'ninux' 102 | 103 | config forwarding 104 | option dest 'ninux' 105 | option src 'lan' 106 | -------------------------------------------------------------------------------- /organizations/palermo/etc/uci-defaults/900_ninux-network: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | uci batch <<-EOF 3 | set network.ninux=interface 4 | set network.ninux.ifname=ninux 5 | set network.ninux.proto=none 6 | commit network 7 | EOF 8 | exit 0 9 | -------------------------------------------------------------------------------- /organizations/palermo/etc/uci-defaults/901_ninux-wireless: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # remove default OpenWrt or LEDE wifi interfaces if present 3 | ssid1=$(uci get wireless.@wifi-iface[1].ssid 2> /dev/null) 4 | if [ "$ssid1" == "OpenWrt" ] || [ "$ssid1" == "lede" ]; then 5 | uci delete wireless.@wifi-iface[1] 6 | fi 7 | ssid0=$(uci get wireless.@wifi-iface[0].ssid 2> /dev/null) 8 | if [ "$ssid0" == "OpenWrt" ] || [ "$ssid0" == "lede" ]; then 9 | uci delete wireless.@wifi-iface[0] 10 | fi 11 | # mesh 12 | uci set wireless.wifi_ninux='wifi-iface' 13 | uci set wireless.wifi_ninux.device=radio0 14 | uci set wireless.wifi_ninux.ifname=ninux 15 | uci set wireless.wifi_ninux.encryption=none 16 | uci set wireless.wifi_ninux.mode=adhoc 17 | uci set wireless.wifi_ninux.network=ninux 18 | uci set wireless.wifi_ninux.ssid=ninux.org 19 | # access point 20 | uci set wireless.wifi_wlan0='wifi-iface' 21 | uci set wireless.wifi_wlan0.device=radio0 22 | uci set wireless.wifi_wlan0.ifname=wlan0 23 | uci set wireless.wifi_wlan0.encryption=none 24 | uci set wireless.wifi_wlan0.mode=ap 25 | uci set wireless.wifi_wlan0.network=lan 26 | uci set wireless.wifi_wlan0.ssid=www.ninux.org-palermo 27 | # enable radio0 if present 28 | radio0=$(uci get wireless.radio0 2> /dev/null) 29 | if [ "$radio0" == "wifi-device" ]; then 30 | uci set wireless.radio0.disabled=0 31 | fi 32 | # enable radio1 if present 33 | radio1=$(uci get wireless.radio1 2> /dev/null) 34 | if [ "$radio1" == "wifi-device" ]; then 35 | uci set wireless.radio1.disabled=0 36 | fi 37 | # commit 38 | uci commit wireless 39 | exit 0 40 | -------------------------------------------------------------------------------- /organizations/palermo/etc/uci-defaults/902_ninux-olsrd: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | uci batch <<-EOF 3 | # mesh 4 | set olsrd.ninux=Interface 5 | set olsrd.ninux.ignore=0 6 | set olsrd.ninux.interface='ninux' 7 | set olsrd.ninux.Mode=mesh 8 | # enable jsoninfo 9 | set olsrd.jsoninfo=LoadPlugin 10 | set olsrd.jsoninfo.library=olsrd_jsoninfo.so.0.0 11 | set olsrd.jsoninfo.ignore=0 12 | commit olsrd 13 | EOF 14 | exit 0 15 | -------------------------------------------------------------------------------- /requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # from galaxy 3 | - src: openwisp.openwisp2-imagegenerator 4 | --------------------------------------------------------------------------------