Update Readme.md
This commit is contained in:
parent
07a0b25a09
commit
04d12c1fb5
1 changed files with 62 additions and 50 deletions
112
Readme.md
112
Readme.md
|
@ -42,9 +42,23 @@ meshes:
|
|||
gw: server 96mbit/96mbit
|
||||
mm: 0
|
||||
dat: 0
|
||||
hop_penalty: 60
|
||||
radvd:
|
||||
maxrtradvinterval: 900
|
||||
advvalidlifetime: 864000
|
||||
advpreferredlifetime: 172800
|
||||
iface_mtu: 1350
|
||||
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffmz.git
|
||||
peers_intragate_repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
|
||||
dns:
|
||||
master: fd37:b4dc:4b1e::a25:103
|
||||
forward_zones:
|
||||
ffmz.org:
|
||||
user.ffmz.org:
|
||||
bb.ffmz.org:
|
||||
nodes.ffmz.org:
|
||||
ffbin:
|
||||
master: fd37:b4dc:4b1e::a25:10c
|
||||
|
||||
wi:
|
||||
site_number: 56
|
||||
|
@ -64,9 +78,20 @@ meshes:
|
|||
gw: server 96mbit/96mbit
|
||||
mm: 0
|
||||
dat: 0
|
||||
hop_penalty: 60
|
||||
radvd:
|
||||
maxrtradvinterval: 900
|
||||
advvalidlifetime: 864000
|
||||
iface_mtu: 1350
|
||||
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffwi.git
|
||||
peers_intragate_repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git
|
||||
dns:
|
||||
master: fd56:b4dc:4b1e::a38:103
|
||||
forward_zones:
|
||||
ffwi.org:
|
||||
user.ffwi.org:
|
||||
bb.ffwi.org:
|
||||
nodes.ffwi.org:
|
||||
```
|
||||
|
||||
## Sensible Informationen
|
||||
|
@ -74,7 +99,7 @@ meshes:
|
|||
Sensible Daten, z.B. private keys für Dienste wie fastd und tinc verwalten wir in einem [Password Store](https://www.passwordstore.org/).
|
||||
Falls ihr mehrere Password Stores verwaltet, denkt vor Benutzung von Ansible daran, die Umgebungsvariable auf den richtigen Store zu verweisen:
|
||||
```
|
||||
export PASSWORD_STORE_DIR=...
|
||||
export PASSWORD_STORE_DIR=...
|
||||
```
|
||||
|
||||
## Aufsetzen eines neuen Gateways
|
||||
|
@ -86,7 +111,40 @@ export PASSWORD_STORE_DIR=...
|
|||
```
|
||||
---
|
||||
# Gateway-Nummer, von der vieles abgeleitet wird. Integer zwischen 1-254. Muss eindeutig unter allen FFMWU Servern sein.
|
||||
magic:
|
||||
magic:
|
||||
|
||||
# Die Nummer des /22er IPv4-Subnetzes, das per DHCP verteilt werden soll.
|
||||
ipv4_dhcp_range:
|
||||
|
||||
# FFRL (muss vorher bereits zugewiesen worden sein)
|
||||
# Öffentliche IPv4 NAT Adresse, Format: IP/Prefix
|
||||
ffrl_public_ipv4_nat:
|
||||
|
||||
ffrl_exit_server:
|
||||
ffrl-a-ak-ber:
|
||||
public_ipv4_address: 185.66.195.0
|
||||
tunnel_ipv4_network: # Format: IP/Maske
|
||||
tunnel_ipv6_network:
|
||||
ffrl-b-ak-ber:
|
||||
public_ipv4_address: 185.66.195.1
|
||||
tunnel_ipv4_network: # Format: IP/Maske
|
||||
tunnel_ipv6_network:
|
||||
ffrl-a-ix-dus:
|
||||
public_ipv4_address: 185.66.193.0
|
||||
tunnel_ipv4_network: # Format: IP/Maske
|
||||
tunnel_ipv6_network:
|
||||
ffrl-b-ix-dus:
|
||||
public_ipv4_address: 185.66.193.1
|
||||
tunnel_ipv4_network: # Format: IP/Maske
|
||||
tunnel_ipv6_network:
|
||||
ffrl-a-fra2-fra:
|
||||
public_ipv4_address: 185.66.194.0
|
||||
tunnel_ipv4_network: # Format: IP/Maske
|
||||
tunnel_ipv6_network:
|
||||
ffrl-b-fra2-fra:
|
||||
public_ipv4_address: 185.66.194.1
|
||||
tunnel_ipv4_network: # Format: IP/Maske
|
||||
tunnel_ipv6_network:
|
||||
|
||||
# Pfade zu den fastd secrets im passwordstore
|
||||
fastd_secrets:
|
||||
|
@ -95,54 +153,8 @@ fastd_secrets:
|
|||
mzigVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/$Hostname subkey=secret') }}"
|
||||
wiigVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/$Hostname subkey=secret') }}"
|
||||
|
||||
# FFRL (muss vorher bereits zugewiesen worden sein)
|
||||
# Öffentliche IPv4 NAT Adresse
|
||||
ffrl_public_ipv4_nat:
|
||||
|
||||
ffrl_exit_server:
|
||||
ffrl-a-ak-ber:
|
||||
public_ipv4_address:
|
||||
tunnel_ipv4_network: # Format: IP/Maske
|
||||
tunnel_ipv4_address:
|
||||
tunnel_ipv4_netmask:
|
||||
tunnel_ipv6_address:
|
||||
tunnel_ipv6_netmask:
|
||||
ffrl-b-ak-ber:
|
||||
public_ipv4_address:
|
||||
tunnel_ipv4_network: # Format: IP/Maske
|
||||
tunnel_ipv4_address:
|
||||
tunnel_ipv4_netmask:
|
||||
tunnel_ipv6_address:
|
||||
tunnel_ipv6_netmask:
|
||||
ffrl-a-ix-dus:
|
||||
public_ipv4_address:
|
||||
tunnel_ipv4_network: # Format: IP/Maske
|
||||
tunnel_ipv4_address:
|
||||
tunnel_ipv4_netmask:
|
||||
tunnel_ipv6_address:
|
||||
tunnel_ipv6_netmask:
|
||||
ffrl-b-ix-dus:
|
||||
public_ipv4_address:
|
||||
tunnel_ipv4_network: # Format: IP/Maske
|
||||
tunnel_ipv4_address:
|
||||
tunnel_ipv4_netmask:
|
||||
tunnel_ipv6_address:
|
||||
tunnel_ipv6_netmask:
|
||||
ffrl-a-fra2-fra:
|
||||
public_ipv4_address:
|
||||
tunnel_ipv4_network: # Format: IP/Maske
|
||||
tunnel_ipv4_address:
|
||||
tunnel_ipv4_netmask:
|
||||
tunnel_ipv6_address:
|
||||
tunnel_ipv6_netmask:
|
||||
ffrl-b-fra2-fra:
|
||||
public_ipv4_address:
|
||||
tunnel_ipv4_network: # Format: IP/Maske
|
||||
tunnel_ipv4_address:
|
||||
tunnel_ipv4_netmask:
|
||||
tunnel_ipv6_address:
|
||||
tunnel_ipv6_netmask:
|
||||
|
||||
# Pfade zum tinc secret im passwordstore
|
||||
tinc_private_key: "{{ lookup('passwordstore', 'tinc/icVPN/$hostname_private returnall=true') }}"
|
||||
```
|
||||
- Neues Gateway aufsetzen per `ansible-playbook playbooks/gateways.yml`
|
||||
- Hierbei werden die definierten Rollen auch auf schon aufgesetzte Gateways angewandt, was unkritisch ist, weil wir unsere Rollen idempotent schreiben.
|
||||
|
|
Loading…
Reference in a new issue