freifunk/ansible-ffibk
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update Readme.md

Browse source
This commit is contained in:
Tobias Hachmer 2017-10-03 21:36:14 +02:00
parent 07a0b25a09
commit 04d12c1fb5
1 changed files with 62 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

112
Readme.md
View file

@ -42,9 +42,23 @@ meshes:
gw: server 96mbit/96mbit
mm: 0
dat: 0
hop_penalty: 60
radvd:
maxrtradvinterval: 900
advvalidlifetime: 864000
advpreferredlifetime: 172800
iface_mtu: 1350
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffmz.git
peers_intragate_repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
dns:
master: fd37:b4dc:4b1e::a25:103
forward_zones:
ffmz.org:
user.ffmz.org:
bb.ffmz.org:
nodes.ffmz.org:
ffbin:
master: fd37:b4dc:4b1e::a25:10c
wi:
site_number: 56
@ -64,9 +78,20 @@ meshes:
gw: server 96mbit/96mbit
mm: 0
dat: 0
hop_penalty: 60
radvd:
maxrtradvinterval: 900
advvalidlifetime: 864000
iface_mtu: 1350
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffwi.git
peers_intragate_repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git
dns:
master: fd56:b4dc:4b1e::a38:103
forward_zones:
ffwi.org:
user.ffwi.org:
bb.ffwi.org:
nodes.ffwi.org:
```
## Sensible Informationen
@ -74,7 +99,7 @@ meshes:
Sensible Daten, z.B. private keys für Dienste wie fastd und tinc verwalten wir in einem [Password Store](https://www.passwordstore.org/).
Falls ihr mehrere Password Stores verwaltet, denkt vor Benutzung von Ansible daran, die Umgebungsvariable auf den richtigen Store zu verweisen:
```
export PASSWORD_STORE_DIR=...
export PASSWORD_STORE_DIR=...
```
## Aufsetzen eines neuen Gateways
@ -86,7 +111,40 @@ export PASSWORD_STORE_DIR=...
```
---
# Gateway-Nummer, von der vieles abgeleitet wird. Integer zwischen 1-254. Muss eindeutig unter allen FFMWU Servern sein.
magic:
magic:
# Die Nummer des /22er IPv4-Subnetzes, das per DHCP verteilt werden soll.
ipv4_dhcp_range:
# FFRL (muss vorher bereits zugewiesen worden sein)
# Öffentliche IPv4 NAT Adresse, Format: IP/Prefix
ffrl_public_ipv4_nat:
ffrl_exit_server:
ffrl-a-ak-ber:
public_ipv4_address: 185.66.195.0
tunnel_ipv4_network: # Format: IP/Maske
tunnel_ipv6_network:
ffrl-b-ak-ber:
public_ipv4_address: 185.66.195.1
tunnel_ipv4_network: # Format: IP/Maske
tunnel_ipv6_network:
ffrl-a-ix-dus:
public_ipv4_address: 185.66.193.0
tunnel_ipv4_network: # Format: IP/Maske
tunnel_ipv6_network:
ffrl-b-ix-dus:
public_ipv4_address: 185.66.193.1
tunnel_ipv4_network: # Format: IP/Maske
tunnel_ipv6_network:
ffrl-a-fra2-fra:
public_ipv4_address: 185.66.194.0
tunnel_ipv4_network: # Format: IP/Maske
tunnel_ipv6_network:
ffrl-b-fra2-fra:
public_ipv4_address: 185.66.194.1
tunnel_ipv4_network: # Format: IP/Maske
tunnel_ipv6_network:
# Pfade zu den fastd secrets im passwordstore
fastd_secrets:
@ -95,54 +153,8 @@ fastd_secrets:
mzigVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/$Hostname subkey=secret') }}"
wiigVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/$Hostname subkey=secret') }}"
# FFRL (muss vorher bereits zugewiesen worden sein)
# Öffentliche IPv4 NAT Adresse
ffrl_public_ipv4_nat:
ffrl_exit_server:
ffrl-a-ak-ber:
public_ipv4_address:
tunnel_ipv4_network: # Format: IP/Maske
tunnel_ipv4_address:
tunnel_ipv4_netmask:
tunnel_ipv6_address:
tunnel_ipv6_netmask:
ffrl-b-ak-ber:
public_ipv4_address:
tunnel_ipv4_network: # Format: IP/Maske
tunnel_ipv4_address:
tunnel_ipv4_netmask:
tunnel_ipv6_address:
tunnel_ipv6_netmask:
ffrl-a-ix-dus:
public_ipv4_address:
tunnel_ipv4_network: # Format: IP/Maske
tunnel_ipv4_address:
tunnel_ipv4_netmask:
tunnel_ipv6_address:
tunnel_ipv6_netmask:
ffrl-b-ix-dus:
public_ipv4_address:
tunnel_ipv4_network: # Format: IP/Maske
tunnel_ipv4_address:
tunnel_ipv4_netmask:
tunnel_ipv6_address:
tunnel_ipv6_netmask:
ffrl-a-fra2-fra:
public_ipv4_address:
tunnel_ipv4_network: # Format: IP/Maske
tunnel_ipv4_address:
tunnel_ipv4_netmask:
tunnel_ipv6_address:
tunnel_ipv6_netmask:
ffrl-b-fra2-fra:
public_ipv4_address:
tunnel_ipv4_network: # Format: IP/Maske
tunnel_ipv4_address:
tunnel_ipv4_netmask:
tunnel_ipv6_address:
tunnel_ipv6_netmask:
# Pfade zum tinc secret im passwordstore
tinc_private_key: "{{ lookup('passwordstore', 'tinc/icVPN/$hostname_private returnall=true') }}"
```
- Neues Gateway aufsetzen per `ansible-playbook playbooks/gateways.yml`
- Hierbei werden die definierten Rollen auch auf schon aufgesetzte Gateways angewandt, was unkritisch ist, weil wir unsere Rollen idempotent schreiben.