-- Configuration Template for Neanderfunk / Eulenfunk - Gluon 2023.2.x
{
  hostname_prefix = 'DUSukn-',
  site_name = 'Freifunk Düsseldorf-Unterkünfte West - Domain 24 (Neanderfunk)',
  site_code = 'dus-24_dusukw',

  -- Must be the same of all nodes in one mesh domain
  domain_names = { ['ffdus-24dusukw'] = 'DUS-Unterkünfte-West' },
  domain_seed = '54bbba35d2008b7a5b5af2d2e48c87d4828752797cfd186090c23714f0173c89',

  config_mode = {
    hostname = {
      optional = false,
    },
    owner = {
      obligatory = false,
    },

    geo_location = {
      show_altitude = true,
      osm = {
      center = {
        lat = 51.21948,
        lon = 6.76906,
      },
      zoom = 13,
      tile_layer = {
        type = 'XYZ',
	url = 'https://tiles.ffdus.de/a.tile.openstreetmap.org/{z}/{x}/{y}.png',
	attributions = '&#169; <a href="https://www.openstreetmap.org/copyright" target="_blank">OpenStreetMap</a> contributors.',
	},
      },
    },
    owner = {
      optional = false,
      obligatory = true,
    },
    remote_login = {
      show_password_form = true,
      min_password_length = 12,
    },
  },

  setup_mode = {
    skip = false,
  },
  authorized_keys = { 
	'',
	},

  opkg = {
    openwrt = 'http://firmware.ffnef.de/firmware/packages/gluon2023.2.x/%A',
    extra = {
      gluonffnef = 'http://firmware.ffnef.de/firmware/modules/gluon-%GR/%S',
      modules= 'http://opkg.ffac.rocks/modules/gluon-%GS-%GR/%S',
      gluon = 'http://opkg.ffac.rocks/packages-%v/%A/gluon',
      gluon_base = 'http://opkg.ffac.rocks/packages-%v/%A/gluon_base',
      openwrtpackages = 'http://downloads.openwrt.org/releases/23.05.5/packages/%A/packages',
      openwrtpackages2 = 'http://downloads.openwrt.org/releases/23.05.5/targets/%S/packages',
      openwrtbase = 'http://downloads.openwrt.org/releases/23.05.5/packages/%A/base',
      openwrttelephony = 'http://downloads.openwrt.org/releases/23.05.5/packages/%A/telephony',
      openwrtrouting = 'http://downloads.openwrt.org/releases/23.05.5/packages/%A/routing',
    }, 
  },

  prefix4 = '10.0.0.0/8',
  prefix6 = 'fd66:666e:6566:6418::/64',
  extra_prefixes6 = {
    -- for ebtables-source-filter
    '2a03:2260::/32',
  },

  timezone = 'CET-1CEST,M3.5.0,M10.5.0/3',

  ntp_servers = {
    'ntp6.ffnef.de',
    'ntp.ffdus.freifunk',
    '0.openwrt.pool.ntp.org',
    '2.openwrt.pool.ntp.org',
  },
  regdom = 'DE',

  wifi24 = {
    channel = 9,
    preserve_channels = 1,
    htmode = 'HT20',
    ap = {
      ssid = 'Freifunk',
    },
    mesh = {
      id = 'dusukw-mesh',
      mcast_rate = 12000,
      disabled = false,
    },
  },
  wifi5 = {
    channel = 44,
    outdoor_chanlist = '100-140',
    htmode = 'HT40',
    ap = {
      ssid = 'Freifunk',
    },
    mesh = {
      id = 'dusukw-mesh',
      mcast_rate = 12000,
      disabled = false,
    },
  },

  next_node = {
    name = {
      'nextnode',
      'nn',
    },
    -- anycast IPs of all nodes
    ip4 = '10.51.112.1',
    ip6 = 'fd66:666e:6566:6418::1',
  },
  interfaces = {
    lan = {
      default_roles = { 'mesh' },
    },
    wan = {
      default_roles = { 'uplink' },
    },
    single = {
      default_roles = { 'uplink' },
    },
  },
  poe_passthrough = true,

  -- Options specific to routing protocols (optional)
  mesh = {
      vxlan = false,
      filter_membership_reports = true,
      -- Options specific to the batman-adv routing protocol (optional)
      batman_adv = {
          -- Gateway selection class (optional)
          -- The default class 20 is based on the link quality (TQ) only,
          -- class 1 is calculated from both the TQ and the announced bandwidth
          gw_sel_class = 1,
          routing_algo = 'BATMAN_IV',
      },
  },

  mesh_vpn = {
    enabled = true,
    pubkey_privacy = true,
    tunneldigger = {
      mtu = 1364,
      brokers = {'ganymed.ffnef.de:20024','kallisto.ffnef.de:20024','amalthea.ffnef.de:20024','himalia.ffnef.de:20024','elara.ffnef.de:20024','pasophae.ffnef.de:20024'},
    },
    bandwidth_limit = {
      enabled = false,
      egress =  10000,
      ingress = 30000,
    },
  },


  autoupdater = {
    enabled = 1,
    branch = 'stable',
    branches = {
      stable = {
        name = 'stable',
	prefill = true, 
        mirrors = {
          'http://firmware.24-dusukw.ffnef.de/firmware/stable/24_dusukw/sysupgrade',
          'http://firmware.24-dusukw.ffdus/firmware/stable/24_dusukw/sysupgrade',
          'http://firmware.ffnef.de/firmware/stable/24_dusukw/sysupgrade',
          'http://[fd66:666e:6566:6418::733]/firmware/stable/24_dusukw/sysupgrade',
        },
        good_signatures = 3,
        pubkeys = {
          'bbc64c35bfc527f193e5551abd4fbef3940c44ebf75bdd829220b39913330d88', -- Jonathan
          '2a61930930a240c027f6ca4197203d400b6e4a32f9e92041e5f086907796c9bc', -- adorfer
          'd02f8e60fb7a5069556500694ebe512b6017b01e9950476e4cfcf10d5130c296', -- JJX
          '96d644ff1ce07d6f67d9329a0eb9a1548d0d01a3519d17ec1fe9d49da3270bfc', -- plaste
          'cd97b5e735cdefb1da4aede68f127c8c2f4536df6f544b568df5c801b88a9225', -- alex
          'bd9e2ec7c5a1d420ff31543f27e02576b01ba5c887e726ab9388a25853b7d623', -- untrustworthy-buildbot
        },
      },
      broken = {
        name = 'broken',
        mirrors = {
          'http://firmware.24-dusukw.ffnef.de/firmware/broken/24_dusukw/sysupgrade',
          'http://firmware.24-dusukw.ffdus/firmware/broken/24_dusukw/sysupgrade',
          'http://firmware.ffnef.de/firmware/broken/24_dusukw/sysupgrade',
          'http://[fd66:666e:6566:6418::733]/firmware/broken/24_dusukw/sysupgrade',
        },
        good_signatures = 1,
        pubkeys = {
          'bbc64c35bfc527f193e5551abd4fbef3940c44ebf75bdd829220b39913330d88', -- Jonathan
          '2a61930930a240c027f6ca4197203d400b6e4a32f9e92041e5f086907796c9bc', -- adorfer
          'd02f8e60fb7a5069556500694ebe512b6017b01e9950476e4cfcf10d5130c296', -- JJX
          '96d644ff1ce07d6f67d9329a0eb9a1548d0d01a3519d17ec1fe9d49da3270bfc', -- plaste
          'cd97b5e735cdefb1da4aede68f127c8c2f4536df6f544b568df5c801b88a9225', -- alex
          'bd9e2ec7c5a1d420ff31543f27e02576b01ba5c887e726ab9388a25853b7d623', -- untrustworthy-buildbot
        },
      },
    },
  },
  roguenets_filter = {
    allowed_prefix4 = '10.0.0.0/8',
    allowed_prefix6 = '2a03:2260::/29',
    additional_prefix6 = {
      'fda0:300e::/32',
    },
  },
  dns = {
    cacheentries = 1024,
    servers = { 'fd66:666e:6566:6418::5','2620:fe::10', '2001:4860:4860::8844', '2001:4860:4860::8888', },
  },
  ssid_changer = {
    enabled = true,
    switch_timeframe = 2,     -- only once every timeframe (in minutes) the SSID will change to OFFLINE
                              -- set to 1440 to change once a day
                              -- set to 1 minute to change every time the router gets offline
    first = 5,                -- the first few minutes directly after reboot within which an Offline-SSID always may be activated
    prefix = 'FF_Offline_',   -- use something short to leave space for the nodename (no '~' allowed!)
    suffix = 'nodename',      -- generate the SSID with either 'nodename', 'mac' or to use only the prefix: 'none'

    tq_limit_enabled = true,  -- if false, the offline SSID will only be set if there is no gateway reacheable
                              -- upper and lower limit to turn the offline_ssid on and off
                              -- in-between these two values the SSID will never be changed to prevent it from toggeling every minute.
    tq_limit_max = 45,        -- upper limit, above that the online SSID will be used
    tq_limit_min = 35         -- lower limit, below that the offline SSID will be used
  },

  ath9kblackout = {
    blackoutwait = 171,
    resetwait = 281,
    stepsize = 10,
  },
}