Update Readme.md
This commit is contained in:
parent
07a0b25a09
commit
04d12c1fb5
1 changed files with 62 additions and 50 deletions
112
Readme.md
112
Readme.md
|
@ -42,9 +42,23 @@ meshes:
|
||||||
gw: server 96mbit/96mbit
|
gw: server 96mbit/96mbit
|
||||||
mm: 0
|
mm: 0
|
||||||
dat: 0
|
dat: 0
|
||||||
|
hop_penalty: 60
|
||||||
|
radvd:
|
||||||
|
maxrtradvinterval: 900
|
||||||
|
advvalidlifetime: 864000
|
||||||
|
advpreferredlifetime: 172800
|
||||||
iface_mtu: 1350
|
iface_mtu: 1350
|
||||||
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffmz.git
|
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffmz.git
|
||||||
peers_intragate_repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
|
peers_intragate_repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
|
||||||
|
dns:
|
||||||
|
master: fd37:b4dc:4b1e::a25:103
|
||||||
|
forward_zones:
|
||||||
|
ffmz.org:
|
||||||
|
user.ffmz.org:
|
||||||
|
bb.ffmz.org:
|
||||||
|
nodes.ffmz.org:
|
||||||
|
ffbin:
|
||||||
|
master: fd37:b4dc:4b1e::a25:10c
|
||||||
|
|
||||||
wi:
|
wi:
|
||||||
site_number: 56
|
site_number: 56
|
||||||
|
@ -64,9 +78,20 @@ meshes:
|
||||||
gw: server 96mbit/96mbit
|
gw: server 96mbit/96mbit
|
||||||
mm: 0
|
mm: 0
|
||||||
dat: 0
|
dat: 0
|
||||||
|
hop_penalty: 60
|
||||||
|
radvd:
|
||||||
|
maxrtradvinterval: 900
|
||||||
|
advvalidlifetime: 864000
|
||||||
iface_mtu: 1350
|
iface_mtu: 1350
|
||||||
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffwi.git
|
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffwi.git
|
||||||
peers_intragate_repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git
|
peers_intragate_repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git
|
||||||
|
dns:
|
||||||
|
master: fd56:b4dc:4b1e::a38:103
|
||||||
|
forward_zones:
|
||||||
|
ffwi.org:
|
||||||
|
user.ffwi.org:
|
||||||
|
bb.ffwi.org:
|
||||||
|
nodes.ffwi.org:
|
||||||
```
|
```
|
||||||
|
|
||||||
## Sensible Informationen
|
## Sensible Informationen
|
||||||
|
@ -74,7 +99,7 @@ meshes:
|
||||||
Sensible Daten, z.B. private keys für Dienste wie fastd und tinc verwalten wir in einem [Password Store](https://www.passwordstore.org/).
|
Sensible Daten, z.B. private keys für Dienste wie fastd und tinc verwalten wir in einem [Password Store](https://www.passwordstore.org/).
|
||||||
Falls ihr mehrere Password Stores verwaltet, denkt vor Benutzung von Ansible daran, die Umgebungsvariable auf den richtigen Store zu verweisen:
|
Falls ihr mehrere Password Stores verwaltet, denkt vor Benutzung von Ansible daran, die Umgebungsvariable auf den richtigen Store zu verweisen:
|
||||||
```
|
```
|
||||||
export PASSWORD_STORE_DIR=...
|
export PASSWORD_STORE_DIR=...
|
||||||
```
|
```
|
||||||
|
|
||||||
## Aufsetzen eines neuen Gateways
|
## Aufsetzen eines neuen Gateways
|
||||||
|
@ -86,7 +111,40 @@ export PASSWORD_STORE_DIR=...
|
||||||
```
|
```
|
||||||
---
|
---
|
||||||
# Gateway-Nummer, von der vieles abgeleitet wird. Integer zwischen 1-254. Muss eindeutig unter allen FFMWU Servern sein.
|
# Gateway-Nummer, von der vieles abgeleitet wird. Integer zwischen 1-254. Muss eindeutig unter allen FFMWU Servern sein.
|
||||||
magic:
|
magic:
|
||||||
|
|
||||||
|
# Die Nummer des /22er IPv4-Subnetzes, das per DHCP verteilt werden soll.
|
||||||
|
ipv4_dhcp_range:
|
||||||
|
|
||||||
|
# FFRL (muss vorher bereits zugewiesen worden sein)
|
||||||
|
# Öffentliche IPv4 NAT Adresse, Format: IP/Prefix
|
||||||
|
ffrl_public_ipv4_nat:
|
||||||
|
|
||||||
|
ffrl_exit_server:
|
||||||
|
ffrl-a-ak-ber:
|
||||||
|
public_ipv4_address: 185.66.195.0
|
||||||
|
tunnel_ipv4_network: # Format: IP/Maske
|
||||||
|
tunnel_ipv6_network:
|
||||||
|
ffrl-b-ak-ber:
|
||||||
|
public_ipv4_address: 185.66.195.1
|
||||||
|
tunnel_ipv4_network: # Format: IP/Maske
|
||||||
|
tunnel_ipv6_network:
|
||||||
|
ffrl-a-ix-dus:
|
||||||
|
public_ipv4_address: 185.66.193.0
|
||||||
|
tunnel_ipv4_network: # Format: IP/Maske
|
||||||
|
tunnel_ipv6_network:
|
||||||
|
ffrl-b-ix-dus:
|
||||||
|
public_ipv4_address: 185.66.193.1
|
||||||
|
tunnel_ipv4_network: # Format: IP/Maske
|
||||||
|
tunnel_ipv6_network:
|
||||||
|
ffrl-a-fra2-fra:
|
||||||
|
public_ipv4_address: 185.66.194.0
|
||||||
|
tunnel_ipv4_network: # Format: IP/Maske
|
||||||
|
tunnel_ipv6_network:
|
||||||
|
ffrl-b-fra2-fra:
|
||||||
|
public_ipv4_address: 185.66.194.1
|
||||||
|
tunnel_ipv4_network: # Format: IP/Maske
|
||||||
|
tunnel_ipv6_network:
|
||||||
|
|
||||||
# Pfade zu den fastd secrets im passwordstore
|
# Pfade zu den fastd secrets im passwordstore
|
||||||
fastd_secrets:
|
fastd_secrets:
|
||||||
|
@ -95,54 +153,8 @@ fastd_secrets:
|
||||||
mzigVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/$Hostname subkey=secret') }}"
|
mzigVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/$Hostname subkey=secret') }}"
|
||||||
wiigVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/$Hostname subkey=secret') }}"
|
wiigVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/$Hostname subkey=secret') }}"
|
||||||
|
|
||||||
# FFRL (muss vorher bereits zugewiesen worden sein)
|
# Pfade zum tinc secret im passwordstore
|
||||||
# Öffentliche IPv4 NAT Adresse
|
tinc_private_key: "{{ lookup('passwordstore', 'tinc/icVPN/$hostname_private returnall=true') }}"
|
||||||
ffrl_public_ipv4_nat:
|
|
||||||
|
|
||||||
ffrl_exit_server:
|
|
||||||
ffrl-a-ak-ber:
|
|
||||||
public_ipv4_address:
|
|
||||||
tunnel_ipv4_network: # Format: IP/Maske
|
|
||||||
tunnel_ipv4_address:
|
|
||||||
tunnel_ipv4_netmask:
|
|
||||||
tunnel_ipv6_address:
|
|
||||||
tunnel_ipv6_netmask:
|
|
||||||
ffrl-b-ak-ber:
|
|
||||||
public_ipv4_address:
|
|
||||||
tunnel_ipv4_network: # Format: IP/Maske
|
|
||||||
tunnel_ipv4_address:
|
|
||||||
tunnel_ipv4_netmask:
|
|
||||||
tunnel_ipv6_address:
|
|
||||||
tunnel_ipv6_netmask:
|
|
||||||
ffrl-a-ix-dus:
|
|
||||||
public_ipv4_address:
|
|
||||||
tunnel_ipv4_network: # Format: IP/Maske
|
|
||||||
tunnel_ipv4_address:
|
|
||||||
tunnel_ipv4_netmask:
|
|
||||||
tunnel_ipv6_address:
|
|
||||||
tunnel_ipv6_netmask:
|
|
||||||
ffrl-b-ix-dus:
|
|
||||||
public_ipv4_address:
|
|
||||||
tunnel_ipv4_network: # Format: IP/Maske
|
|
||||||
tunnel_ipv4_address:
|
|
||||||
tunnel_ipv4_netmask:
|
|
||||||
tunnel_ipv6_address:
|
|
||||||
tunnel_ipv6_netmask:
|
|
||||||
ffrl-a-fra2-fra:
|
|
||||||
public_ipv4_address:
|
|
||||||
tunnel_ipv4_network: # Format: IP/Maske
|
|
||||||
tunnel_ipv4_address:
|
|
||||||
tunnel_ipv4_netmask:
|
|
||||||
tunnel_ipv6_address:
|
|
||||||
tunnel_ipv6_netmask:
|
|
||||||
ffrl-b-fra2-fra:
|
|
||||||
public_ipv4_address:
|
|
||||||
tunnel_ipv4_network: # Format: IP/Maske
|
|
||||||
tunnel_ipv4_address:
|
|
||||||
tunnel_ipv4_netmask:
|
|
||||||
tunnel_ipv6_address:
|
|
||||||
tunnel_ipv6_netmask:
|
|
||||||
|
|
||||||
```
|
```
|
||||||
- Neues Gateway aufsetzen per `ansible-playbook playbooks/gateways.yml`
|
- Neues Gateway aufsetzen per `ansible-playbook playbooks/gateways.yml`
|
||||||
- Hierbei werden die definierten Rollen auch auf schon aufgesetzte Gateways angewandt, was unkritisch ist, weil wir unsere Rollen idempotent schreiben.
|
- Hierbei werden die definierten Rollen auch auf schon aufgesetzte Gateways angewandt, was unkritisch ist, weil wir unsere Rollen idempotent schreiben.
|
||||||
|
|
Loading…
Reference in a new issue