Nodez3r0
ff05426a8f
All 25 Phase 0 tasks implemented: - Nebula configs: hub lighthouse, uplink, relay, client - Nebula scripts: certificate generation, node enrollment - OPNsense: multi-WAN failover, QoS traffic classes, captive portal with Authentik - Hub stack: Docker Compose with 9 services (barter-cache, mutual-credit, brainjoos-sync, emergency-broadcast, DNS cache, PostgreSQL, Redis, node-exporter, cAdvisor) - Traffic shaping: HTB-based bandwidth limiter for uplink nodes - Monitoring: Prometheus targets, Grafana dashboard, Alertmanager rules - Ansible: inventory, hub deploy, uplink enroll, relay deploy playbooks, 4 reusable roles (nebula, docker, monitoring, shaping) - Community docs: member agreement, reference card, site survey checklist - Test scripts: failover, shaping, local services Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| ansible | ||
| community | ||
| hub | ||
| monitoring | ||
| nebula | ||
| router/opnsense | ||
| tests | ||
| uplink/shaping | ||
| .gitignore | ||
| README.md | ||
WOPR Community Mesh ISP
A community-owned internet infrastructure project by the WOPR Foundation
The WOPR Community Mesh ISP provides resilient, affordable internet access to underserved communities by aggregating donated home internet connections into a shared mesh network. The pilot deployment serves the Stone Soup Kitchen in Quincy, Illinois.
How It Works
Community members volunteer a portion of their home internet bandwidth by hosting a small, weatherproof antenna on their home exterior. These uplink nodes connect via encrypted Nebula mesh tunnels to a central hub at the Stone Soup Kitchen, which load-balances internet-bound traffic across all available connections. If any single connection goes down, traffic automatically routes through the remaining uplinks — and a Starlink satellite backup ensures connectivity even if all terrestrial links fail.
Local WOPR services (barter exchange, mutual credit, BrainJoos wellness, emergency broadcast) run directly on the hub and remain operational even with zero internet connectivity.
Architecture
Community Member Homes Stone Soup Kitchen Hub WOPR Backbone
┌──────────────┐ ┌─────────────────────┐ ┌──────────────┐
│ Home Router │ │ OPNsense Router │ │ Mothership │
│ └─ GL.iNet │◄──Nebula────►│ └─ Multi-WAN LB │ │ Prod │
│ (uplink) │ Mesh │ └─ QoS / Captive │ │ (10.0.1.1) │
└──────────────┘ │ │ └──────┬───────┘
│ Hub Mini Server │ │
┌──────────────┐ │ └─ Nebula LH │◄──Nebula────┤
│ Uplink Node 2│◄──Nebula────►│ └─ Docker Services │ │
└──────────────┘ Mesh │ ├─ Barter Cache │ ┌──────────────┐
│ ├─ Mutual Credit │ │ NodeZ3r0 │
┌──────────────┐ │ ├─ BrainJoos │ │ (10.0.0.2) │
│ Uplink Node 3│◄──Nebula────►│ ├─ Emergency BC │ └──────────────┘
└──────────────┘ Mesh │ ├─ DNS Cache │
│ └─ Monitoring │
┌──────────────┐ │ │
│ Starlink │◄──Backup─────│ (Tier 2 failover) │
│ (satellite) │ └─────────────────────┘
└──────────────┘
Directory Layout
community-mesh-isp/
├── docs/ # Build plan and reference documents
├── nebula/ # Nebula mesh VPN configurations
│ ├── configs/ # Per-node-type Nebula configs
│ ├── templates/ # Jinja2 templates for config generation
│ └── scripts/ # Certificate generation and node enrollment
├── router/ # Edge router configurations
│ ├── opnsense/ # OPNsense multi-WAN, QoS, captive portal
│ └── edgerouter/ # EdgeRouter configs (alternative)
├── uplink/ # Uplink node hardware configs
│ ├── nanostation/ # Ubiquiti NanoStation bridge configs
│ ├── glinet/ # GL.iNet mesh router setup
│ └── shaping/ # Bandwidth shaping (tc/HTB)
├── hub/ # Hub server stack
│ ├── docker-compose.yml # All local WOPR services
│ ├── services/ # Per-service configs and Dockerfiles
│ └── scripts/ # Health checks and maintenance
├── monitoring/ # Observability stack
│ ├── prometheus/ # Scrape targets for mesh nodes
│ ├── grafana/ # Dashboard JSON
│ └── alertmanager/ # Alert rules and routes
├── ansible/ # Automation and deployment
│ ├── inventory/ # Mesh node inventory
│ ├── playbooks/ # Deployment and enrollment playbooks
│ ├── roles/ # Reusable Ansible roles
│ └── group_vars/ # Per-group variable defaults
├── community/ # Non-technical community documents
│ ├── member-agreement.md # What hosting a node means
│ ├── reference-card.md # Quick reference for node hosts
│ └── site-survey-checklist.md # Field installer checklist
└── tests/ # Validation and testing scripts
├── test-failover.sh # Multi-WAN failover verification
├── test-shaping.sh # Bandwidth shaping verification
└── test-local-services.sh # Local service health verification
Mesh IP Allocation
| Subnet | Purpose |
|---|---|
| 10.0.4.1/16 | Hub node (lighthouse) |
| 10.0.4.32/27 | Relay nodes |
| 10.0.4.64/26 | Uplink nodes |
| 10.0.4.128/25 | Client devices |
Deployment Phases
- Phase 0 — Build all configs, scripts, playbooks, and community docs (this repo)
- Phase 1 — Deploy hub + 3 uplink nodes at Stone Soup Kitchen
- Phase 2 — Expand uplinks, add Starlink backup, deploy relay nodes
- Phase 3 — ARIN ASN application, BGP transit, autonomous peering
- Phase 4 — Package as replication kit for other communities
Build Plan
The full build plan document is in docs/WOPR-Community-Mesh-ISP-BuildPlan-v1.0.docx.
License
This project is open source under the AGPL-3.0 license. Community documents (in community/) are released under CC-BY-SA 4.0.
WOPR Foundation — 501(c)(3) nonprofit technocharity https://wopr.foundation