Skip to content
Snippets Groups Projects
Select Git revision
  • fe91b0417f7bb423d3b3e62408806e615162d389
  • experimental default protected
  • v2023.2.5-ffs
  • nrb/ex400-remove-wps
  • nrb/airmax-test
  • v2023.2.4-ffs
  • nrb/ar9344-reset-sequence
  • autinerd/experimental-openwrt-24.10
  • v2023.2.3-ffs
  • v2023.2.2-ffs
  • v2023.2-ffs
  • v2023.1-ffs
  • v2022.1.4-ffs
  • feature/addMikrotikwAP
  • v2022.1.3-ffs
  • v2021.1.2-ffs
  • v2022.1.1-ffs
  • master protected
  • v2021.1.1-ffs
  • nrb/gluon-master-cpe510
  • v2021.1-ffs
  • experimental-2025-07-26
  • experimental-2025-07-26-base
  • experimental-2025-07-24
  • experimental-2025-07-24-base
  • experimental-2025-07-22
  • experimental-2025-07-22-base
  • experimental-2025-07-21
  • experimental-2025-07-21-base
  • experimental-2025-07-20
  • experimental-2025-07-20-base
  • experimental-2025-07-19
  • experimental-2025-07-19-base
  • experimental-2025-07-17
  • experimental-2025-07-17-base
  • experimental-2025-07-12
  • experimental-2025-07-12-base
  • experimental-2025-07-04
  • experimental-2025-07-04-base
  • experimental-2025-07-01
  • experimental-2025-07-01-base
41 results

site.conf

Blame
  • user avatar
    Matthias Schiffer authored
    The autoupdater supports HTTPS when a ustream TLS backend is installed,
    but we did not allow this in site.conf. However, just allowing HTTPS
    URLs unconditionally is also a bad idea, as it might result in nodes
    being unable to reach the mirror, in particular if the `tls` feature is
    enabled only for some devices.
    
    Solve this by allowing https:// URLs only if the marker file installed
    by gluon-tls is found, failing the site check with an error message like
    the following otherwise:
    
        *** All of the following alternatives have failed:
            1) site.conf error: expected autoupdater.branches.test.mirrors.1 to match pattern 'http://', but it is "https://..." (a string value)
            2) site.conf error: expected autoupdater.branches.test.mirrors.1 to use HTTPS only if the 'tls' feature is enabled, but it is "https://..." (a string value)
            3) site.conf error: expected autoupdater.branches.test.mirrors.1 to match pattern '^//', but it is "https://..." (a string value)
    
    In addition, introduce support for protocol-less //server/path URLs,
    which will use either HTTP or HTTPS depending on the availablility of
    the `tls` feature. No fallback happens when `tls` is available, but the
    HTTPS connection fails, preventing downgrade attack.
    
    Based-on-patch-by: default avatarKevin Olbrich <ko@sv01.de>
    c800fe7f
    History
    site.conf 1.33 KiB
    {
      site_name = 'Centauri Mesh',
      site_code = 'centauri',
      default_domain = 'alpha_centauri',
    
      timezone = 'CET-1CEST,M3.5.0,M10.5.0/3',
      ntp_server = {'ntp1.example.org', 'ntp2.example.org'},
      regdom = 'DE',
    
      wifi24 = {
        mesh = {
          mcast_rate = 12000,
        },
      },
    
      wifi5 = {
        mesh = {
          mcast_rate = 12000,
        },
      },
    
      mesh_vpn = {
    
        fastd = {
          methods = {'salsa2012+umac'},
          mtu = 1312,
        },
    
        bandwidth_limit = {
          enabled = false,
          egress = 200, -- kbit/s
          ingress = 3000, -- kbit/s
        },
      },
    
      autoupdater = {
        branch = 'stable',
    
        branches = {
          stable = {
            name = 'stable',
            mirrors = {
              'http://1.updates.example.org/stable/sysupgrade',
    
              -- Requires the tls feature in image-customization.lua
              -- 'https://2.updates.example.org/stable/sysupgrade',
    
              -- Uses http or https depending on the tls feature in image-customization.lua
              '//3.updates.example.org/stable/sysupgrade',
            },
            good_signatures = 2,
            pubkeys = {
              'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', -- Alice
              'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', -- Bob
              'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', -- Mary
            },
          },
        },
      },
    }