tunspace: sync docs and typing from default config

pktpls · FFHener · commit 61b14cf84b5b · 2025-01-27T15:53:44.000+01:00
Same as in freifunk-berlin/falter-packages#468
diff --git a/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 b/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2
@@ -5,31 +5,40 @@
   {% set ifname = uplink['ifname'] if mode == 'direct' else 'br-'+name %}
 
 config tunspace "tunspace"
+  # Namespace where the uplink will live.
   option uplink_netns "{{ name }}"
+  # Existing interface that we'll use as the uplink.
   option uplink_ifname "{{ ifname }}"
+  # How the uplink in the namespace is constructed.
+  # - bridge: creates a macvlan child in bridge mode, useful for creating multiple uplinks from the same original uplink interface.
+  # - direct: moves the original uplink interface into the namespace directly, useful for wonky cheap USB sticks with broken drivers.
   option uplink_mode "{{ mode }}"
+  # Our own static uplink IPv4 address in CIDR format. Leave empty to use DHCP.
   option uplink_ipv4 "{{ uplink['uplink_ipv4']|default('') }}"
+  # IPv4 address of the gateway. Required in combination with uplink_ipv4, ignored when using DHCP.
   option uplink_gateway "{{ uplink['uplink_gateway']|default('') }}"
+  # Maintenance consists of checking the uplink, refreshing the DHCP lease, checking the tunnel endpoints, and switching endpoints if neccessary.
   option maintenance_interval 60
-  option debug 0
+  # Enables detailed output of Tunspace's operations. If disabled, only tunnel endpoint changes are reported.
+  option debug "0"
 {% endfor %}
 
 {% for tunnel in networks | selectattr('role', 'equalto', 'tunnel') %}
 config wg-interface
   option ifname "{{ tunnel['ifname'] }}"
   option ipv6 "fe80::2/64"
   option ipv4 "{{ tunnel['prefix'] }}"
-  option mtu {{ tunnel['mtu'] }}
-  option port {{ tunnel['wireguard_port'] }}
-  option disabled 0
+  option mtu "{{ tunnel['mtu'] }}"
+  option port "{{ tunnel['wireguard_port'] }}"
+  option disabled "0"
 
 {% endfor %}
 
 {% for gateway in groups['role_gateway'] | sort %}
 config wg-server
   option name "{{ gateway }}"
   option url "https://{{ hostvars[gateway]['uplink']['ipv4'] | ansible.utils.ipaddr('address') }}/ubus"
-  option insecure_cert 1
-  option disabled 0
+  option insecure_cert "1"
+  option disabled "0"
 
 {% endfor %}
