diff --git a/debian/bullseye/systemd/network/10-eth0.network b/debian/bullseye/systemd/network/10-eth0.network new file mode 100644 index 0000000..30838e8 --- /dev/null +++ b/debian/bullseye/systemd/network/10-eth0.network @@ -0,0 +1,53 @@ +[Match] +Name=eth0 + +## Only use one of these blocks!! + +### DHCP (default most want) +[Network] +DHCP=yes + +DNSOverTLS=opportunistic + +DNS=1.1.1.1 + +DNS=1.0.0.1 + +# Link discovery causes some issues so disable it. +LLDP=no + +## dhcp config end + +## LAN +# Uncomment all below if you want to use eth0 as a lan network. +#[Network] +# IP address range. +#Address=192.168.156.1/24 + +# Packet forwarding. +#IPForward=yes + +# Masquerade. +#IPMasquerade=both + +# Link discovery causes some issues so disable it. +#LLDP=no + +#[DHCPServer] + +# Lease time +#DefaultLeaseTimeSec=300 + +# DNS to serve +#DNS=1.1.1.1 +#DNS=1.0.0.1 + +# Enable serving of DHCP addresses from the network range. +#DHCPServer=yes + +# Below not supported systemd < 250 +#[DHCPServerStaticLease] +#MACAddress=xx:xx:xx:xx:xx:xx +#Address=192.168.156.2 + +## lan end diff --git a/debian/bullseye/systemd/network/bond0.netdev b/debian/bullseye/systemd/network/20-bond0.netdev similarity index 100% rename from debian/bullseye/systemd/network/bond0.netdev rename to debian/bullseye/systemd/network/20-bond0.netdev diff --git a/debian/bullseye/systemd/network/bond0.network b/debian/bullseye/systemd/network/21-bond0.network similarity index 100% rename from debian/bullseye/systemd/network/bond0.network rename to debian/bullseye/systemd/network/21-bond0.network diff --git a/debian/bullseye/systemd/network/30-wwan0.network b/debian/bullseye/systemd/network/30-wwan0.network new file mode 100644 index 0000000..2a554aa --- /dev/null +++ b/debian/bullseye/systemd/network/30-wwan0.network @@ -0,0 +1,14 @@ +[Match] +Name=wwan0 + +[Network] +DHCP=yes + +DNSOverTLS=opportunistic + +DNS=1.1.1.1 + +DNS=1.0.0.1 + +# Link discovery causes some issues so disable it. +LLDP=no diff --git a/debian/bullseye/systemd/network/br0.netdev b/debian/bullseye/systemd/network/40-br0.netdev similarity index 100% rename from debian/bullseye/systemd/network/br0.netdev rename to debian/bullseye/systemd/network/40-br0.netdev diff --git a/debian/bullseye/systemd/network/br0.network b/debian/bullseye/systemd/network/41-br0.network similarity index 100% rename from debian/bullseye/systemd/network/br0.network rename to debian/bullseye/systemd/network/41-br0.network diff --git a/debian/bullseye/systemd/network/50-usb0.network b/debian/bullseye/systemd/network/50-usb0.network new file mode 100644 index 0000000..adbc2ba --- /dev/null +++ b/debian/bullseye/systemd/network/50-usb0.network @@ -0,0 +1,14 @@ +[Match] +Name=usb0 + +[Network] +DHCP=yes + +DNSOverTLS=opportunistic + +DNS=1.1.1.1 + +DNS=1.0.0.1 + +# Link discovery causes some issues so disable it. +LLDP=no diff --git a/debian/bullseye/systemd/network/60-wlan0.network b/debian/bullseye/systemd/network/60-wlan0.network new file mode 100644 index 0000000..8dc88b5 --- /dev/null +++ b/debian/bullseye/systemd/network/60-wlan0.network @@ -0,0 +1,15 @@ +# Requires /etc/wpa_supplicant/wpa_supplicant-wlan0.conf to exist. +[Match] +Name=wlan0 + +[Network] +DHCP=yes + +DNSOverTLS=opportunistic + +DNS=1.1.1.1 + +DNS=1.0.0.1 + +# Link discovery causes some issues so disable it. +LLDP=no diff --git a/debian/bullseye/systemd/network/wgs0.netdev b/debian/bullseye/systemd/network/70-wgs0.netdev similarity index 70% rename from debian/bullseye/systemd/network/wgs0.netdev rename to debian/bullseye/systemd/network/70-wgs0.netdev index fe35110..2dead1e 100644 --- a/debian/bullseye/systemd/network/wgs0.netdev +++ b/debian/bullseye/systemd/network/70-wgs0.netdev @@ -1,12 +1,18 @@ [NetDev] Name=wgs0 +Description=Wireguard Server Peer + Kind=wireguard [WireGuard] # Port to listen on. -ListenPort=31987 +ListenPort=500 + +# I usually set this to the port number above it's not really needed +# but useful for firewalls. +FirewallMark=500 # The Base64 encoded private key for the interface. It can be generated # using the wg genkey command (see wg(8)). This option or @@ -14,8 +20,11 @@ ListenPort=31987 # information is secret, you may want to set the permissions of the # .netdev file to be owned by "root:systemd-network" with a "0640" file # mode. -PrivateKey= +PrivateKey= +# Public key for the above private key. Only here as a reminder. +# systemd will ignore if uncommented. +#PublicKey= # Your Peers. [WireGuardPeer] @@ -23,10 +32,10 @@ PrivateKey= # Base64 encoded public key calculated by wg pubkey (see wg(8)) from a # private key, and usually transmitted out of band to the author of the # configuration file. This option is mandatory for this section. -#PublicKey= +PublicKey= # Comma-separated list of IP addresses with CIDR masks from which this # peer is allowed to send incoming traffic and to which outgoing traffic # for this peer is directed. -#AllowedIPs=10.0.0.2/32 +AllowedIPs=10.0.0.1.2/32 diff --git a/debian/bullseye/systemd/network/71-wgs0.network b/debian/bullseye/systemd/network/71-wgs0.network new file mode 100644 index 0000000..3fa8fd8 --- /dev/null +++ b/debian/bullseye/systemd/network/71-wgs0.network @@ -0,0 +1,8 @@ +# Needs netdev for wgs0, wireguard & wireguard-tools installed to work. + +[Match] +Name=wgs0 + +[Network] +Address=10.0.0.1/24 +IPForward=true diff --git a/debian/bullseye/systemd/network/wg0.netdev b/debian/bullseye/systemd/network/80-wg0.netdev similarity index 75% rename from debian/bullseye/systemd/network/wg0.netdev rename to debian/bullseye/systemd/network/80-wg0.netdev index e58fb1f..6cd231c 100644 --- a/debian/bullseye/systemd/network/wg0.netdev +++ b/debian/bullseye/systemd/network/80-wg0.netdev @@ -1,29 +1,37 @@ [NetDev] Name=wg0 +Description=Wireguard Client Peer + Kind=wireguard [WireGuard] +# I usually set this to the port number of the main peer it's not really +# needed but useful for firewalls. +FirewallMark=500 + # The Base64 encoded private key for the interface. It can be generated # using the wg genkey command (see wg(8)). This option or # PrivateKeyFile= is mandatory to use WireGuard. Note that because this # information is secret, you may want to set the permissions of the # .netdev file to be owned by "root:systemd-network" with a "0640" file # mode. -PrivateKey= +PrivateKey= + +# Public key for the above private key. Only here as a reminder. +#PublicKey= # DNS DNS = 1.1.1.1, 1.0.0.1 - # Your Peers. [WireGuardPeer] # Base64 encoded public key calculated by wg pubkey (see wg(8)) from a # private key, and usually transmitted out of band to the author of the # configuration file. This option is mandatory for this section. -#PublicKey= +PublicKey= # Comma-separated list of IP addresses with CIDR masks from which this # peer is allowed to send incoming traffic and to which outgoing traffic @@ -33,4 +41,4 @@ AllowedIPs=0.0.0.0/0, ::/0 PersistentKeepalive=20 # Endpoint of a peer (for clients). -#Endpoint=: +#Endpoint=: diff --git a/debian/bullseye/systemd/network/wg0.network b/debian/bullseye/systemd/network/81-wg0.network similarity index 52% rename from debian/bullseye/systemd/network/wg0.network rename to debian/bullseye/systemd/network/81-wg0.network index 1823351..cd50f4e 100644 --- a/debian/bullseye/systemd/network/wg0.network +++ b/debian/bullseye/systemd/network/81-wg0.network @@ -2,3 +2,11 @@ [Match] Name=wg0 + +[Address] +Address=10.0.0.2/24 + +[Route] +Gateway=10.0.0.1 + +GatewayOnlink=true diff --git a/debian/bullseye/systemd/network/README.md b/debian/bullseye/systemd/network/README.md index fd6766d..d98d987 100644 --- a/debian/bullseye/systemd/network/README.md +++ b/debian/bullseye/systemd/network/README.md @@ -10,9 +10,7 @@ Say I have eth0 and want network access (and an IP via DHCP) from my router; I w ``` sudo -s # Drop to root. -cp -rv eth0* /etc/systemd/network/ # Copy the files. - -cat examples/dhcp.conf >> /etc/systemd/network/eth0.network # Append example dhcp to eth0.network +cp -rv 10-eth0* /etc/systemd/network/ # Copy the files. systemctl enable --now systemd-networkd # Enable networkd now. diff --git a/debian/bullseye/systemd/network/eth0.network b/debian/bullseye/systemd/network/eth0.network deleted file mode 100644 index 175488e..0000000 --- a/debian/bullseye/systemd/network/eth0.network +++ /dev/null @@ -1,2 +0,0 @@ -[Match] -Name=eth0 diff --git a/debian/bullseye/systemd/network/examples/README.md b/debian/bullseye/systemd/network/examples/README.md new file mode 100644 index 0000000..7921775 --- /dev/null +++ b/debian/bullseye/systemd/network/examples/README.md @@ -0,0 +1 @@ +systemd-network configuration examples for use in other .net* files! diff --git a/debian/bullseye/systemd/network/examples/static.conf b/debian/bullseye/systemd/network/examples/static.conf index 877bf73..3141012 100644 --- a/debian/bullseye/systemd/network/examples/static.conf +++ b/debian/bullseye/systemd/network/examples/static.conf @@ -1,37 +1,40 @@ -[Route] - -# v4 -Gateway= - -# v6 -Gateway= - -# Not always needed but here just in case. -#GatewayOnLink=yes - [Network] - -# v4 -Address=/prefix - -# v6 -Address=/prefix - - -# DNS -# 1.1.1.1 / 1.0.0.1 / 2606:4700:4700::1111 / 2606:4700:4700::1001 -# are Cloudflare +# Put global network options here. DNSOverTLS=opportunistic -# v4 -DNS=1.1.1.1 - -DNS=1.0.0.1 - -# v6 -DNS=2606:4700:4700::1111 -DNS=2606:4700:4700::1001 - # Link discovery causes some issues so disable it. LLDP=no +# IPv6 - must come before IPv4, or some weird things happen. +[Route] +# v6 +Gateway= + +# Not always needed but here just in case. +GatewayOnLink=yes + +[Network] +Address=/prefix + +# DNS +# Cloudflare 2606:4700:4700::1111 / 2606:4700:4700::1001 +DNS=2606:4700:4700::1111 +DNS=2606:4700:4700::1001 + +# IPv4 +[Route] +Gateway= + +# Not always needed but here just in case. +GatewayOnLink=yes + +[Network] +# v4 +Address=/prefix + +# DNS +# Cloudflare 1.1.1.1 / 1.0.0.1 +DNS=1.1.1.1 + +DNS=1.0.0.1 + diff --git a/debian/bullseye/systemd/network/usb0.network b/debian/bullseye/systemd/network/usb0.network deleted file mode 100644 index 8892536..0000000 --- a/debian/bullseye/systemd/network/usb0.network +++ /dev/null @@ -1,2 +0,0 @@ -[Match] -Name=usb0 diff --git a/debian/bullseye/systemd/network/wgs0.network b/debian/bullseye/systemd/network/wgs0.network deleted file mode 100644 index 665e1ed..0000000 --- a/debian/bullseye/systemd/network/wgs0.network +++ /dev/null @@ -1,4 +0,0 @@ -# Needs wgs0.netdev & wireguard & wireguard-tools installed to work. - -[Match] -Name=wgs0 diff --git a/debian/bullseye/systemd/network/wlan0.network b/debian/bullseye/systemd/network/wlan0.network deleted file mode 100644 index 06394a9..0000000 --- a/debian/bullseye/systemd/network/wlan0.network +++ /dev/null @@ -1,3 +0,0 @@ -# Requires /etc/wpa_supplicant/wpa_supplicant-wlan0.conf to exist. -[Match] -Name=wlan0 diff --git a/debian/bullseye/systemd/network/wwan0.network b/debian/bullseye/systemd/network/wwan0.network deleted file mode 100644 index 56a5b14..0000000 --- a/debian/bullseye/systemd/network/wwan0.network +++ /dev/null @@ -1,2 +0,0 @@ -[Match] -Name=wwan0 diff --git a/debian/bullseye/systemd/system/qmi-network@.service b/debian/bullseye/systemd/system/qmi-network@.service index 9eaa6b3..682bde2 100644 --- a/debian/bullseye/systemd/system/qmi-network@.service +++ b/debian/bullseye/systemd/system/qmi-network@.service @@ -17,19 +17,18 @@ Wants=sys-subsystem-net-devices-wwan%i.device [Service] Type=simple Restart=always -RestartSec=300s -TimeoutSec=300s +TimeoutSec=240s +ExecStartPre=-qmi-network /dev/cdc-wdm%i stop +ExecStartPre=-rm /tmp/qmi-network-state-cdc-wdm%i ExecStartPre=networkctl down wwan%i ExecStartPre=sh -c "echo 'Y' | tee /sys/class/net/wwan%i/qmi/raw_ip" - -# Add any qmi-network options here as needed. ExecStartPre=qmi-network /dev/cdc-wdm%i start - - ExecStartPre=networkctl up wwan%i -ExecStart=sh -e -c "while true; do ping -w 120 -I wwan%i -c 5 one.one.one.one || exit 1; sleep 240; done;" +ExecStart=sh -e -c "sleep 30; while true; do ping -w 120 -I wwan%i -c 5 one.one.one.one || exit 1; sleep 300; done;" + +ExecStop=-rm /tmp/qmi-network-state-cdc-wdm%i ExecStop=networkctl down wwan%i ExecStop=qmi-network /dev/cdc-wdm%i stop