Update method for macvlan, reducing IP clutter

2024-08-30 18:32:21 +00:00 · 2020-06-17 07:02:49 -07:00 · 2020-06-17 07:02:49 -07:00 · 8d1937fb74
commit 8d1937fb74
parent f075b3f66b
6 changed files with 27 additions and 24 deletions
--- a/AdguardHome/udm-files/on_boot.sh
+++ b/AdguardHome/udm-files/on_boot.sh
@ -7,17 +7,18 @@ ln -s /mnt/data/podman/cni/20-dns.conflist  /etc/cni/net.d/20-dns.conflist
 # Create a new bridge interface so the host can talk to containers inside the podman macvlan network
 # Assumes your Podman network made in the controller is on VLAN 5
 # Adjust the IP to match the address in your cni configuration
-ip link add br5.mac link br5 type macvlan mode bridge
 ip link set br5 promisc on
+
+ip link add br5.mac link br5 type macvlan mode bridge
+ip addr add 10.0.5.1/24 dev br5.mac noprefixroute
 ip link set br5.mac promisc on
-ip addr add 10.0.5.2/24 dev br5.mac
 ip link set br5.mac up
-ip route add 10.0.5.3/32 dev br5.mac proto static scope link
+
+ip route add 10.0.5.3/32 dev br5.mac
 #Remove the # on the line below when Docker container is deployed. 
 #podman start AdguardHome

 # Uncomment and adjust these rules if you want to use DNAT to force DNS to this container.
 # iptables -t nat -C PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
 # iptables -t nat -C PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
-# iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0  -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE
-# iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0  -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE
+
--- a/nextdns/README.md
+++ b/nextdns/README.md
@ -39,7 +39,7 @@ If you have already installed PiHole, skip right to step 6.
 6. Create /mnt/data/nextdns and copy [nextdns.conf](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/nextdns.conf) to it.
 7. Run the NextDNS docker container.  Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
 ```
- podman run -d --privileged --network dns --restart always  \
+ podman run -d -it --privileged --network dns --restart always  \
    --name nextdns \
    -v "/mnt/data/nextdns/:/etc/nextdns/" \
    -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
--- a/nextdns/docker/Dockerfile
+++ b/nextdns/docker/Dockerfile
@ -1,14 +1,11 @@
-FROM alpine AS builder
+FROM alpine
 ENV VERSION=1.6.4
-WORKDIR /tmp
-RUN apk add curl \
-    && mkdir nextdns \
-    && curl -fsSL https://github.com/nextdns/nextdns/releases/download/v${VERSION}/nextdns_${VERSION}_linux_arm64.tar.gz -o nextdns.tar.gz \
-    && tar zxf nextdns.tar.gz -C ./nextdns
-
-FROM debian:buster-slim
 LABEL maintainer="John Dorman <dorman@ataxia.cloud>"
-RUN apt update && apt install -y ca-certificates
-COPY --from=builder /tmp/nextdns /opt/nextdns
+RUN apk add --no-cache ca-certificates \
+    && mkdir -p /opt/nextdns \
+    && wget -O /tmp/nextdns.tar.gz https://github.com/nextdns/nextdns/releases/download/v${VERSION}/nextdns_${VERSION}_linux_arm64.tar.gz  \
+    && tar zxf /tmp/nextdns.tar.gz -C /opt/nextdns \
+    && rm /tmp/nextdns.tar.gz
 EXPOSE 53/tcp 53/udp
 ENTRYPOINT ["/opt/nextdns/nextdns","run", "-config-file", "/etc/nextdns/nextdns.conf"]
+CMD []
--- a/nextdns/udm-files/20-dns.conflist
+++ b/nextdns/udm-files/20-dns.conflist
@ -5,7 +5,7 @@
    {
      "type": "macvlan",
      "mode": "bridge",
-      "master": "br5",
+      "master": "br5.mac",
      "ipam": {
        "type": "static",
        "addresses": [
--- a/nextdns/udm-files/on_boot.sh
+++ b/nextdns/udm-files/on_boot.sh
@ -6,12 +6,15 @@ ln -s /mnt/data/podman/cni/20-dns.conflist  /etc/cni/net.d/20-dns.conflist

 # Assumes your Podman network made in the controller is on VLAN 5
 # Adjust the IP to match the address in your cni configuration
-ip link add br5.mac link br5 type macvlan mode bridge
 ip link set br5 promisc on
+
+ip link add br5.mac link br5 type macvlan mode bridge
+ip addr add 10.0.5.1/24 dev br5.mac noprefixroute
 ip link set br5.mac promisc on
-ip addr add 10.0.5.2/24 dev br5.mac
 ip link set br5.mac up
-ip route add 10.0.5.3/32 dev br5.mac proto static scope link
+
+ip route add 10.0.5.3/32 dev br5.mac
+
 # Remove the # on the line below when Docker container is deployed.
 #podman start nextdns

--- a/run-pihole/udm-files/on_boot.sh
+++ b/run-pihole/udm-files/on_boot.sh
@ -7,12 +7,14 @@ ln -s /mnt/data/podman/cni/20-dns.conflist  /etc/cni/net.d/20-dns.conflist
 # Create a new bridge interface so the host can talk to containers inside the podman macvlan network
 # Assumes your Podman network made in the controller is on VLAN 5
 # Adjust the IP to match the address in your cni configuration
-ip link add br5.mac link br5 type macvlan mode bridge
 ip link set br5 promisc on
+
+ip link add br5.mac link br5 type macvlan mode bridge
+ip addr add 10.0.5.1/24 dev br5.mac noprefixroute
 ip link set br5.mac promisc on
-ip addr add 10.0.5.2/24 dev br5.mac
 ip link set br5.mac up
-ip route add 10.0.5.3/32 dev br5.mac proto static scope link
+
+ip route add 10.0.5.3/32 dev br5.mac
 # Remove the # on the line below when Docker container is deployed.
 #podman start pihole