Jafner/Jafner.net
1
0
Fork 0
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity
3026858fc4
Jafner.net/homelab/wizard/config/vyos.json
Joey Hafner 1ff6a0f783
Init Vyos config with new config management strategy 
- Export vyos active configuration with `show configuration json`
- Replace secrets (encrypted-password, OTP key) with variables from secrets.env
- Replace dynamic values (public IP) with variables from vyos.env
2024-09-04 14:06:31 -07:00

787 lines
20 KiB
JSON
Raw Blame History

{
"firewall": {
"global-options": {
"all-ping": "enable",
"broadcast-ping": "disable",
"ip-src-route": "disable",
"ipv6-receive-redirects": "disable",
"ipv6-src-route": "disable",
"log-martians": "enable",
"receive-redirects": "disable",
"send-redirects": "enable",
"source-validation": "disable",
"syn-cookies": "enable",
"timeout": {
"tcp": {
"time-wait": "15"
}
}
},
"group": {
"interface-group": {
"IG_LAN": {
"interface": [
"eth6"
]
},
"IG_WAN": {
"interface": [
"eth5"
]
}
}
},
"ipv4": {
"forward": {
"filter": {
"default-action": "accept",
"rule": {
"5": {
"action": "jump",
"inbound-interface": {
"name": "eth5"
},
"jump-target": "WAN_IN"
},
"101": {
"action": "accept",
"inbound-interface": {
"group": "IG_LAN"
},
"outbound-interface": {
"group": "IG_LAN"
}
},
"106": {
"action": "jump",
"inbound-interface": {
"group": "IG_WAN"
},
"jump-target": "WAN_IN",
"outbound-interface": {
"group": "IG_LAN"
}
},
"111": {
"action": "drop",
"description": "zone_LAN default-action",
"outbound-interface": {
"group": "IG_LAN"
}
},
"116": {
"action": "accept",
"inbound-interface": {
"group": "IG_WAN"
},
"outbound-interface": {
"group": "IG_WAN"
}
},
"121": {
"action": "jump",
"inbound-interface": {
"group": "IG_LAN"
},
"jump-target": "IN_WAN",
"outbound-interface": {
"group": "IG_WAN"
}
},
"126": {
"action": "drop",
"description": "zone_WAN default-action",
"outbound-interface": {
"group": "IG_WAN"
}
}
}
}
},
"input": {
"filter": {
"default-action": "accept",
"rule": {
"5": {
"action": "jump",
"inbound-interface": {
"name": "eth5"
},
"jump-target": "WAN_LOCAL"
},
"101": {
"action": "jump",
"inbound-interface": {
"group": "IG_LAN"
},
"jump-target": "IN_LOCAL"
},
"106": {
"action": "jump",
"inbound-interface": {
"group": "IG_WAN"
},
"jump-target": "WAN_LOCAL"
},
"111": {
"action": "drop"
}
}
}
},
"name": {
"IN_LOCAL": {
"default-action": "accept"
},
"IN_WAN": {
"default-action": "accept"
},
"LOCAL_IN": {
"default-action": "accept"
},
"LOCAL_WAN": {
"default-action": "accept"
},
"WAN_IN": {
"default-action": "drop",
"description": "WAN to internal",
"rule": {
"10": {
"action": "accept",
"description": "Allow established/related"
},
"20": {
"action": "drop",
"description": "Drop invalid state"
},
"1000": {
"action": "accept",
"description": "Plex",
"destination": {
"port": "32400"
},
"protocol": "tcp_udp"
},
"1001": {
"action": "accept",
"description": "BitTorrent",
"destination": {
"port": "49500"
},
"protocol": "tcp_udp"
},
"1002": {
"action": "accept",
"description": "WireGuard",
"destination": {
"port": "53820-53829"
},
"protocol": "tcp_udp"
},
"1003": {
"action": "accept",
"description": "Minecraft",
"destination": {
"port": "25565"
},
"protocol": "tcp_udp"
},
"1005": {
"action": "accept",
"description": "Web",
"destination": {
"port": "443,80"
},
"protocol": "tcp_udp"
}
}
},
"WAN_LOCAL": {
"default-action": "drop",
"description": "WAN to router",
"rule": {
"10": {
"action": "accept",
"description": "Allow established/related"
},
"20": {
"action": "accept",
"protocol": "icmp"
},
"30": {
"action": "drop",
"description": "Drop invalid state"
}
}
}
},
"output": {
"filter": {
"default-action": "accept",
"rule": {
"101": {
"action": "jump",
"jump-target": "LOCAL_IN",
"outbound-interface": {
"group": "IG_LAN"
}
},
"106": {
"action": "jump",
"jump-target": "LOCAL_WAN",
"outbound-interface": {
"group": "IG_WAN"
}
},
"111": {
"action": "drop"
}
}
}
}
},
"ipv6": {
"forward": {
"filter": {
"default-action": "accept",
"rule": {
"101": {
"action": "accept",
"inbound-interface": {
"group": "IG_LAN"
},
"outbound-interface": {
"group": "IG_LAN"
}
},
"106": {
"action": "drop",
"description": "zone_LAN default-action",
"outbound-interface": {
"group": "IG_LAN"
}
},
"111": {
"action": "accept",
"inbound-interface": {
"group": "IG_WAN"
},
"outbound-interface": {
"group": "IG_WAN"
}
},
"116": {
"action": "drop",
"description": "zone_WAN default-action",
"outbound-interface": {
"group": "IG_WAN"
}
}
}
}
},
"input": {
"filter": {
"default-action": "accept",
"rule": {
"101": {
"action": "drop"
}
}
}
},
"output": {
"filter": {
"default-action": "accept",
"rule": {
"101": {
"action": "drop"
}
}
}
}
}
},
"interfaces": {
"ethernet": {
"eth0": {
"hw-id": "d4:3d:7e:94:6e:eb",
"offload": {
"gro": {}
}
},
"eth5": {
"address": [
"dhcp"
],
"hw-id": "6c:b3:11:32:46:24",
"offload": {
"gro": {},
"gso": {},
"sg": {},
"tso": {}
}
},
"eth6": {
"address": [
"192.168.1.1/24"
],
"description": "Primary Switch",
"duplex": "auto",
"hw-id": "6c:b3:11:32:46:25",
"offload": {
"gro": {},
"gso": {},
"rps": {},
"sg": {},
"tso": {}
},
"speed": "auto"
}
},
"loopback": {
"lo": {}
}
},
"nat": {
"destination": {
"rule": {
"1000": {
"description": "Plex",
"destination": {
"port": "32400"
},
"inbound-interface": {
"name": "eth5"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1001": {
"description": "BitTorrent",
"destination": {
"port": "49500"
},
"inbound-interface": {
"name": "eth5"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1002": {
"description": "WireGuard",
"destination": {
"port": "53820-53829"
},
"inbound-interface": {
"name": "eth5"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1003": {
"description": "Minecraft",
"destination": {
"port": "25565"
},
"inbound-interface": {
"name": "eth5"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1005": {
"description": "Web",
"destination": {
"port": "443,80"
},
"inbound-interface": {
"name": "eth5"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1100": {
"description": "Plex (Hairpin NAT)",
"destination": {
"address": "$PUBLIC_IP",
"port": "32400"
},
"inbound-interface": {
"name": "eth6"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1102": {
"description": "Wireguard (Hairpin NAT)",
"destination": {
"address": "$PUBLIC_IP",
"port": "53820-53829"
},
"inbound-interface": {
"name": "eth6"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1103": {
"description": "Minecraft (Hairpin NAT)",
"destination": {
"address": "$PUBLIC_IP",
"port": "25565"
},
"inbound-interface": {
"name": "eth6"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
},
"1105": {
"description": "Web (Hairpin NAT)",
"destination": {
"address": "$PUBLIC_IP",
"port": "80,443"
},
"inbound-interface": {
"name": "eth6"
},
"protocol": "tcp_udp",
"translation": {
"address": "192.168.1.23"
}
}
}
},
"source": {
"rule": {
"99": {
"description": "Masquerade as public IP on internet",
"outbound-interface": {
"name": "eth5"
},
"source": {
"address": "192.168.1.0/24"
},
"translation": {
"address": "masquerade"
}
},
"100": {
"description": "NAT Reflection",
"destination": {
"address": "192.168.1.0/24"
},
"outbound-interface": {
"name": "eth6"
},
"protocol": "tcp_udp",
"source": {
"address": "192.168.1.0/24"
},
"translation": {
"address": "masquerade"
}
}
}
}
},
"qos": {
"interface": {
"eth5": {
"ingress": "LIMITER"
},
"eth6": {
"ingress": "LIMITER"
}
},
"policy": {
"limiter": {
"LIMITER": {
"default": {
"bandwidth": "750mbit",
"burst": "750mbit"
}
}
}
}
},
"service": {
"dhcp-server": {
"shared-network-name": {
"LAN": {
"option": {
"domain-name": "local",
"domain-search": [
"local"
],
"name-server": [
"192.168.1.32"
]
},
"subnet": {
"192.168.1.0/24": {
"lease": "86400",
"option": {
"default-router": "192.168.1.1"
},
"range": {
"1": {
"start": "192.168.1.100",
"stop": "192.168.1.254"
}
},
"static-mapping": {
"U6-Lite": {
"ip-address": "192.168.1.3",
"mac": "78:45:58:67:87:14"
},
"UAP-AC-LR": {
"ip-address": "192.168.1.2",
"mac": "18:e8:29:50:f7:5b"
},
"barbarian": {
"ip-address": "192.168.1.10",
"mac": "40:8d:5c:52:41:89"
},
"joey-desktop": {
"ip-address": "192.168.1.100",
"mac": "04:92:26:DA:BA:C5"
},
"joey-server2": {
"ip-address": "192.168.1.24",
"mac": "24:4b:fe:57:bc:85"
},
"joey-server3": {
"ip-address": "192.168.1.25",
"mac": "78:45:c4:05:4f:21"
},
"joey-server4": {
"ip-address": "192.168.1.26",
"mac": "90:2b:34:37:ce:e8"
},
"monk": {
"ip-address": "192.168.1.11",
"mac": "90:2b:34:37:ce:ea"
},
"paladin": {
"ip-address": "192.168.1.12",
"mac": "00:02:c9:50:d6:9a"
},
"pihole1": {
"ip-address": "192.168.1.21",
"mac": "b8:27:eb:3c:8e:bb"
},
"pihole2": {
"ip-address": "192.168.1.22",
"mac": "b8:27:eb:ff:76:6e"
},
"tasmota-1": {
"ip-address": "192.168.1.50",
"mac": "3C:61:05:F6:44:1E"
},
"tasmota-2": {
"ip-address": "192.168.1.51",
"mac": "3c:61:05:f6:d7:d3"
},
"tasmota-3": {
"ip-address": "192.168.1.52",
"mac": "3c:61:05:f6:f0:62"
},
"tasmota-55": {
"ip-address": "192.168.1.55",
"mac": "3C:61:05:F7:1F:C4"
},
"tasmota-cowboy-day": {
"disable": {},
"ip-address": "192.168.1.52",
"mac": "3C:61:05:F6:F0:62"
},
"tasmota-figment-day": {
"ip-address": "192.168.1.53",
"mac": "3C:61:05:F6:60:A1"
},
"tasmota-figment-night": {
"ip-address": "192.168.1.54",
"mac": "3C:61:05:F7:34:CD"
},
"tasmota-lab-rack": {
"disable": {},
"ip-address": "192.168.1.51",
"mac": "3C:61:05:F6:D7:D3"
},
"tasmota-sprout-day": {
"ip-address": "192.168.1.57",
"mac": "3C:61:05:F7:52:DB"
},
"tasmota-toes-day": {
"disable": {},
"ip-address": "192.168.1.50",
"mac": "3C:61:05:F6:44:1E"
},
"tasmota-toes-night": {
"ip-address": "192.168.1.56",
"mac": "3C:61:05:F7:33:29"
},
"wyse1": {
"ip-address": "192.168.1.31",
"mac": "6c:2b:59:37:89:40"
},
"wyse2": {
"ip-address": "192.168.1.32",
"mac": "6c:2b:59:37:9e:91"
},
"wyse3": {
"ip-address": "192.168.1.33",
"mac": "6c:2b:59:37:9e:00"
}
},
"subnet-id": "1"
}
}
}
}
},
"dns": {
"forwarding": {
"allow-from": [
"192.168.1.0/24"
],
"cache-size": "1000000",
"listen-address": [
"192.168.1.1"
],
"name-server": {
"192.168.1.32": {}
}
}
},
"monitoring": {
"telegraf": {
"prometheus-client": {}
}
},
"ntp": {
"allow-client": {
"address": [
"0.0.0.0/0",
"::/0"
]
},
"server": {
"time-a-wwv.nist.gov": {},
"time-b-wwv.nist.gov": {},
"time-c-wwv.nist.gov": {},
"time-d-wwv.nist.gov": {},
"time-e-wwv.nist.gov": {}
}
},
"ssh": {
"disable-password-authentication": {},
"port": [
"22"
]
}
},
"system": {
"config-management": {
"commit-revisions": "200"
},
"conntrack": {
"expect-table-size": "8192",
"hash-size": "32768",
"modules": {
"ftp": {},
"h323": {},
"nfs": {},
"pptp": {},
"sip": {},
"sqlnet": {},
"tftp": {}
},
"table-size": "262144",
"timeout": {}
},
"console": {
"device": {
"ttyS0": {
"speed": "115200"
}
}
},
"host-name": "vyos",
"login": {
"banner": {},
"user": {
"vyos": {
"authentication": {
"encrypted-password": "$system_login_user_vyos_authentication_encryptedpassword",
"otp": {
"key": "$system_login_user_vyos_authentication_otp_key",
"rate-limit": "3",
"rate-time": "30",
"window-size": "3"
},
"public-keys": {
"deploy@gitea.jafner.tools": {
"key": "AAAAC3NzaC1lZDI1NTE5AAAAIBzQU/ZbpLXgAXUImNKNfkyEkggRfgVDCozOVby/CLMR",
"type": "ssh-ed25519"
},
"jafner425@gmail.com": {
"key": "AAAAC3NzaC1lZDI1NTE5AAAAIMbzncsWNWxoDSqeva/ZoGHv32A0ggUMWfzx2Gz6Kmkk",
"type": "ssh-ed25519"
}
}
}
}
}
},
"name-server": [
"192.168.1.32",
"eth5"
],
"option": {
"performance": "latency"
},
"syslog": {
"global": {
"facility": {
"all": {
"level": "info"
},
"local7": {
"level": "debug"
}
}
}
},
"task-scheduler": {
"task": {
"cfddns-jafner-net": {
"executable": {
"arguments": "jafner.net $(cat /config/scripts/cloudflare.token)",
"path": "/config/scripts/cfddns.sh"
},
"interval": "1d"
}
}
},
"time-zone": "America/Los_Angeles"
}
}
Reference in New Issue View Git Blame Copy Permalink