From 26e029535ba33f5d02b11038cf0840fd953312be Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Wed, 14 Feb 2024 10:37:08 -0800 Subject: [PATCH] Wipe old version of storing wizard config --- wizard/config/StrongCommission.conf | 107 ----- wizard/config/config.boot | 693 ---------------------------- wizard/config/pihole.md | 40 -- 3 files changed, 840 deletions(-) delete mode 100644 wizard/config/StrongCommission.conf delete mode 100644 wizard/config/config.boot delete mode 100644 wizard/config/pihole.md diff --git a/wizard/config/StrongCommission.conf b/wizard/config/StrongCommission.conf deleted file mode 100644 index 24061d7..0000000 --- a/wizard/config/StrongCommission.conf +++ /dev/null @@ -1,107 +0,0 @@ -container { - name pihole { - description Pihole - environment PIHOLE_DNS_ { - value "1.1.1.1;8.8.8.8" - } - environment QUERY_LOGGING { - value false - } - environment TZ { - value America/Eastern - } - image pihole/pihole:latest - network pihole-net { - address 172.20.0.10 - } - } - network pihole-net { - prefix 172.20.0.0/24 - } -} -interfaces { - ethernet eth0 { - address dhcp - } - ethernet eth1 { - address 10.0.0.1/24 - } - loopback lo { - } -} -nat { - source { - rule 100 { - outbound-interface eth0 - source { - address 10.0.0.0/24 - } - translation { - address masquerade - } - } - } -} -service { - dns { - forwarding { - allow-from 10.0.0.0/24 - cache-size 0 - listen-address 10.0.0.1 - name-server 172.20.0.10 - } - } - ssh { - port 22 - } -} -system { - config-management { - commit-revisions 100 - } - conntrack { - modules { - ftp - h323 - nfs - pptp - sip - sqlnet - tftp - } - } - console { - device ttyS0 { - speed 115200 - } - } - host-name vyos - login { - user vyos { - authentication { - encrypted-password REDACTED - plaintext-password "" - } - } - } - name-server 1.1.1.1 - name-server 8.8.8.8 - ntp { - server time1.vyos.net { - } - server time2.vyos.net { - } - server time3.vyos.net { - } - } - syslog { - global { - facility all { - level info - } - facility protocols { - level debug - } - } - } -} diff --git a/wizard/config/config.boot b/wizard/config/config.boot deleted file mode 100644 index 17798af..0000000 --- a/wizard/config/config.boot +++ /dev/null @@ -1,693 +0,0 @@ -firewall { - global-options { - all-ping enable - broadcast-ping disable - ipv6-receive-redirects disable - ipv6-src-route disable - ip-src-route disable - log-martians enable - receive-redirects disable - send-redirects enable - source-validation disable - syn-cookies enable - } - group { - interface-group IG_LAN { - interface eth6 - } - interface-group IG_WAN { - interface pppoe1 - } - } - ipv4 { - forward { - filter { - default-action accept - rule 5 { - action jump - inbound-interface { - interface-name pppoe1 - } - jump-target WAN_IN - } - rule 101 { - action accept - inbound-interface { - interface-group IG_LAN - } - outbound-interface { - interface-group IG_LAN - } - } - rule 106 { - action jump - inbound-interface { - interface-group IG_WAN - } - jump-target WAN_IN - outbound-interface { - interface-group IG_LAN - } - } - rule 111 { - action drop - description "zone_LAN default-action" - outbound-interface { - interface-group IG_LAN - } - } - rule 116 { - action accept - inbound-interface { - interface-group IG_WAN - } - outbound-interface { - interface-group IG_WAN - } - } - rule 121 { - action jump - inbound-interface { - interface-group IG_LAN - } - jump-target IN_WAN - outbound-interface { - interface-group IG_WAN - } - } - rule 126 { - action drop - description "zone_WAN default-action" - outbound-interface { - interface-group IG_WAN - } - } - } - } - input { - filter { - default-action accept - rule 5 { - action jump - inbound-interface { - interface-name pppoe1 - } - jump-target WAN_LOCAL - } - rule 101 { - action jump - inbound-interface { - interface-group IG_LAN - } - jump-target IN_LOCAL - } - rule 106 { - action jump - inbound-interface { - interface-group IG_WAN - } - jump-target WAN_LOCAL - } - rule 111 { - action drop - } - } - } - name IN_LOCAL { - default-action accept - } - name IN_WAN { - default-action accept - } - name LOCAL_IN { - default-action accept - } - name LOCAL_WAN { - default-action accept - } - name WAN_IN { - default-action drop - description "WAN to internal" - rule 10 { - action accept - description "Allow established/related" - state { - established enable - related enable - } - } - rule 20 { - action drop - description "Drop invalid state" - state { - invalid enable - } - } - rule 1000 { - action accept - description Plex - destination { - port 32400 - } - protocol tcp_udp - state { - new enable - } - } - rule 1001 { - action accept - description BitTorrent - destination { - port 49500 - } - protocol tcp_udp - state { - new enable - } - } - rule 1002 { - action accept - description WireGuard - destination { - port 53820-53829 - } - protocol tcp_udp - state { - new enable - } - } - rule 1003 { - action accept - description Minecraft - destination { - port 25565 - } - protocol tcp_udp - state { - new enable - } - } - rule 1005 { - action accept - description Web - destination { - port 443,80 - } - protocol tcp_udp - state { - new enable - } - } - } - name WAN_LOCAL { - default-action drop - description "WAN to router" - rule 10 { - action accept - description "Allow established/related" - state { - established enable - related enable - } - } - rule 20 { - action accept - protocol icmp - state { - new enable - } - } - rule 30 { - action drop - description "Drop invalid state" - state { - invalid enable - } - } - } - output { - filter { - default-action accept - rule 101 { - action jump - jump-target LOCAL_IN - outbound-interface { - interface-group IG_LAN - } - } - rule 106 { - action jump - jump-target LOCAL_WAN - outbound-interface { - interface-group IG_WAN - } - } - rule 111 { - action drop - } - } - } - } - ipv6 { - forward { - filter { - default-action accept - rule 101 { - action accept - inbound-interface { - interface-group IG_LAN - } - outbound-interface { - interface-group IG_LAN - } - } - rule 106 { - action drop - description "zone_LAN default-action" - outbound-interface { - interface-group IG_LAN - } - } - rule 111 { - action accept - inbound-interface { - interface-group IG_WAN - } - outbound-interface { - interface-group IG_WAN - } - } - rule 116 { - action drop - description "zone_WAN default-action" - outbound-interface { - interface-group IG_WAN - } - } - } - } - input { - filter { - default-action accept - rule 101 { - action drop - } - } - } - output { - filter { - default-action accept - rule 101 { - action drop - } - } - } - } -} -interfaces { - ethernet eth0 { - hw-id d4:3d:7e:94:6e:eb - } - ethernet eth5 { - address dhcp - hw-id 6c:b3:11:32:46:24 - offload { - sg - tso - } - vif 201 { - } - } - ethernet eth6 { - address 192.168.1.1/24 - description "Primary Switch" - duplex auto - hw-id 6c:b3:11:32:46:25 - offload { - rps - sg - tso - } - speed auto - } - loopback lo { - } - pppoe pppoe1 { - authentication { - password **************** - username hafnerjoseph - } - ip { - adjust-mss 1452 - } - mtu 1492 - no-peer-dns - source-interface eth5.201 - } -} -nat { - destination { - rule 1000 { - description Plex - destination { - port 32400 - } - inbound-interface pppoe1 - protocol tcp_udp - translation { - address 192.168.1.23 - } - } - rule 1001 { - description BitTorrent - destination { - port 49500 - } - inbound-interface pppoe1 - protocol tcp_udp - translation { - address 192.168.1.23 - } - } - rule 1002 { - description WireGuard - destination { - port 53820-53829 - } - inbound-interface pppoe1 - protocol tcp_udp - translation { - address 192.168.1.23 - } - } - rule 1003 { - description Minecraft - destination { - port 25565 - } - inbound-interface pppoe1 - protocol tcp_udp - translation { - address 192.168.1.23 - } - } - rule 1005 { - description Web - destination { - port 443,80 - } - inbound-interface pppoe1 - protocol tcp_udp - translation { - address 192.168.1.23 - } - } - rule 1100 { - description "Plex (Hairpin NAT)" - destination { - address 174.21.57.251 - port 32400 - } - inbound-interface eth6 - protocol tcp_udp - translation { - address 192.168.1.23 - } - } - rule 1102 { - description "Wireguard (Hairpin NAT)" - destination { - address 174.21.57.251 - port 53820-53829 - } - inbound-interface eth6 - protocol tcp_udp - translation { - address 192.168.1.23 - } - } - rule 1103 { - description "Minecraft (Hairpin NAT)" - destination { - address 174.21.57.251 - port 25565 - } - inbound-interface eth6 - protocol tcp_udp - translation { - address 192.168.1.23 - } - } - rule 1105 { - description "Web (Hairpin NAT)" - destination { - address 174.21.57.251 - port 80,443 - } - inbound-interface eth6 - protocol tcp_udp - translation { - address 192.168.1.23 - } - } - } - source { - rule 99 { - description "Masquerade as public IP on internet" - outbound-interface pppoe1 - source { - address 192.168.1.0/24 - } - translation { - address masquerade - } - } - rule 100 { - description "NAT Reflection" - destination { - address 192.168.1.0/24 - } - outbound-interface eth6 - protocol tcp_udp - source { - address 192.168.1.0/24 - } - translation { - address masquerade - } - } - } -} -qos { - interface eth6 { - egress GIGABIT-FQCODEL - } - interface pppoe1 { - ingress LIMITER - } - policy { - fq-codel GIGABIT-FQCODEL { - codel-quantum 8000 - flows 1024 - queue-limit 800 - } - limiter LIMITER { - default { - bandwidth 700mbit - burst 262.5mbit - } - } - } -} -service { - dhcp-server { - shared-network-name LAN { - domain-name local - domain-search local - name-server 192.168.1.32 - subnet 192.168.1.0/24 { - default-router 192.168.1.1 - lease 86400 - range 1 { - start 192.168.1.100 - stop 192.168.1.254 - } - static-mapping U6-Lite { - ip-address 192.168.1.3 - mac-address 78:45:58:67:87:14 - } - static-mapping UAP-AC-LR { - ip-address 192.168.1.2 - mac-address 18:e8:29:50:f7:5b - } - static-mapping joey-desktop { - ip-address 192.168.1.100 - mac-address 04:92:26:DA:BA:C5 - } - static-mapping joey-nas { - ip-address 192.168.1.10 - mac-address 40:8d:5c:52:41:89 - } - static-mapping joey-nas2 { - ip-address 192.168.1.11 - mac-address 90:2b:34:37:ce:ea - } - static-mapping joey-server { - ip-address 192.168.1.23 - mac-address 70:85:c2:9c:6a:16 - } - static-mapping joey-server2 { - ip-address 192.168.1.24 - mac-address 24:4b:fe:57:bc:85 - } - static-mapping joey-server3 { - ip-address 192.168.1.25 - mac-address 78:45:c4:05:4f:21 - } - static-mapping joey-server4 { - ip-address 192.168.1.26 - mac-address 90:2b:34:37:ce:e8 - } - static-mapping pihole1 { - ip-address 192.168.1.21 - mac-address b8:27:eb:3c:8e:bb - } - static-mapping pihole2 { - ip-address 192.168.1.22 - mac-address b8:27:eb:ff:76:6e - } - static-mapping tasmota-1 { - ip-address 192.168.1.50 - mac-address 3C:61:05:F6:44:1E - } - static-mapping tasmota-2 { - ip-address 192.168.1.51 - mac-address 3c:61:05:f6:d7:d3 - } - static-mapping tasmota-3 { - ip-address 192.168.1.52 - mac-address 3c:61:05:f6:f0:62 - } - static-mapping wyse1 { - ip-address 192.168.1.31 - mac-address 6c:2b:59:37:89:40 - } - static-mapping wyse2 { - ip-address 192.168.1.32 - mac-address 6c:2b:59:37:9e:91 - } - static-mapping wyse3 { - ip-address 192.168.1.33 - mac-address 6c:2b:59:37:9e:00 - } - } - } - } - dns { - forwarding { - allow-from 192.168.1.0/24 - cache-size 1000000 - listen-address 192.168.1.1 - name-server 192.168.1.32 { - } - } - } - monitoring { - telegraf { - prometheus-client { - } - } - } - ntp { - allow-client { - address 0.0.0.0/0 - address ::/0 - } - server time-a-wwv.nist.gov { - } - server time-b-wwv.nist.gov { - } - server time-c-wwv.nist.gov { - } - server time-d-wwv.nist.gov { - } - server time-e-wwv.nist.gov { - } - } - ssh { - disable-password-authentication - port 22 - } -} -system { - config-management { - commit-revisions 200 - } - conntrack { - expect-table-size 8192 - hash-size 32768 - modules { - ftp - h323 - nfs - pptp - sip - sqlnet - tftp - } - table-size 262144 - timeout { - tcp { - time-wait 15 - } - } - } - console { - device ttyS0 { - speed 115200 - } - } - host-name vyos - login { - banner { - } - user vyos { - authentication { - encrypted-password **************** - otp { - key **************** - rate-limit 3 - rate-time 30 - window-size 3 - } - public-keys ed25519_jafner425@gmail.com { - key **************** - type ssh-ed25519 - } - } - } - } - name-server 192.168.1.32 - option { - performance latency - } - syslog { - global { - facility all { - level info - } - facility local7 { - level debug - } - } - } - task-scheduler { - task update-nat-reflection { - executable { - path /home/vyos/ipupdate.sh - } - interval 5 - } - } - time-zone America/Los_Angeles -} \ No newline at end of file diff --git a/wizard/config/pihole.md b/wizard/config/pihole.md deleted file mode 100644 index 3bc3790..0000000 --- a/wizard/config/pihole.md +++ /dev/null @@ -1,40 +0,0 @@ -Adding a Pihole container has hit a few roadblocks. -Here is the basic container configuration I attempted to use: - -``` -container name pihole { - cap-add net-admin - environment TZ { - value America/Los_Angeles - } - environment WEBPASSWORD { - value Raider8-Payable-Veto-Dictation - } - image pihole/pihole - memory 256 - network default { - address 172.18.0.2 - } - port dns { - destination 53 - source 53 - } - port webui { - destination 80 - source 80 - } - volume pihole_dnsmasq { - destination /etc/dnsmasq - source /home/vyos/container/pihole/dnsmasq - } - volume pihole_pihole { - destination /etc/pihole - source /home/vyos/container/pihole/pihole - } -} -network default { - prefix 172.18.0.0/16 -} -``` - -With this configuration, we see the Pihole is failing to bring up the DNS service due to a port collision.