|
@@ -1,6 +1,7 @@
|
|
|
#
|
|
|
# {{ site }} / {{ network }} FASTd configuration (Salt managed)
|
|
|
#
|
|
|
+{%- set node_config = salt['pillar.get']('nodes:' ~ grains['id']) %}
|
|
|
{%- set meshif = "meshif" %}
|
|
|
{%- if grains.oscodename != "buster" %}
|
|
|
{%- set meshif = "-m" %}
|
|
@@ -14,10 +15,13 @@ interface "{{ site }}_{{ network }}";
|
|
|
method "aes128-gcm";
|
|
|
method "aes128-ctr+umac";
|
|
|
{%- else %}
|
|
|
-#method "aes128-gcm"; # - Not supported by CPU on this machine
|
|
|
-#method "aes128-ctr+umac"; # - Not supported by CPU on this machine
|
|
|
+#method "aes128-gcm"; # Not supported by CPU on this machine
|
|
|
+#method "aes128-ctr+umac"; # Not supported by CPU on this machine
|
|
|
{%- endif %}
|
|
|
method "salsa2012+umac";
|
|
|
+{%- if network_type == 'nodes' and 'batman_gw' in node_config.get ('roles') %}
|
|
|
+method "null"; # Null-cipher for node VPNs
|
|
|
+{% endif %}
|
|
|
|
|
|
{#- Calculating FASTd port depending on network_type #}
|
|
|
{%- set port = -1 %}
|
|
@@ -49,7 +53,7 @@ on up "
|
|
|
ip link set $INTERFACE up
|
|
|
|
|
|
batctl {{ meshif }} {{ bat_iface }} if add $INTERFACE
|
|
|
-{%- if grains.oscodename == "buster" or 'batman-iface-penalty' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':tags', []) %}
|
|
|
+{%- if grains.oscodename == "buster" or 'batman-iface-penalty' in node_config.get ('tags', []) %}
|
|
|
# Make VPN more expensive than intra DC/DCI/WBBL links
|
|
|
batctl hardif $INTERFACE hop_penalty 50
|
|
|
{%- endif %}
|