From 3e297ed09fbcc90db63bf2101bd9670422250600 Mon Sep 17 00:00:00 2001
From: Julian Labus <julian@labus-online.de>
Date: Mon, 18 Mar 2019 16:11:34 +0100
Subject: [PATCH] Revert "Role service-fastd-mesh: update fastd peer limit
 method"

This reverts commit 7bb4c241e26ec2c09d0aeeebe5cb726c5d039351.
---
 roles/service-fastd-mesh/tasks/main.yml       | 44 ++++++++++++++++---
 .../templates/fastd-mesh.conf.j2              |  7 ++-
 .../templates/fastd-sync-meshkeys.timer.j2    |  2 +-
 .../templates/fastd_exporter_vhost.conf.j2    |  6 +--
 .../templates/fastd_peer_limit.yaml.j2        | 18 --------
 .../templates/fastd_peer_limit_config.yaml.j2 | 24 ++++++++++
 6 files changed, 69 insertions(+), 32 deletions(-)
 delete mode 100644 roles/service-fastd-mesh/templates/fastd_peer_limit.yaml.j2
 create mode 100644 roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2

diff --git a/roles/service-fastd-mesh/tasks/main.yml b/roles/service-fastd-mesh/tasks/main.yml
index 6809ba0..6e63df0 100644
--- a/roles/service-fastd-mesh/tasks/main.yml
+++ b/roles/service-fastd-mesh/tasks/main.yml
@@ -6,6 +6,24 @@
     mode: 0755
   loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
 
+- name: create fastd peer mesh directories
+  file:
+    path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers"
+    state: directory
+    mode: 0755
+    owner: admin
+    group: admin
+  loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
+
+- name: clone fastd peer mesh repos
+  git:
+    repo: "{{ item.1.peers.repo }}"
+    dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers"
+    version: "{{ item.1.peers.version }}"
+    update: no
+  loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
+  become: false
+
 - name: template fastd mesh config
   template:
     src: fastd-mesh.conf.j2
@@ -21,21 +39,25 @@
   notify: restart fastd mesh instances
   loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
 
-- name: create peer_limit.txt if not exist
+- name: copy peer_limit.conf if not exist
   copy:
-    content: ""
-    dest: "/etc/fastd/peer_limit.txt"
+    src: peer_limit.conf
+    dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf"
     owner: admin
     group: admin
     mode: 0640
     force: no
+  notify: restart fastd mesh instances
+  loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
 
-- name: set file attributes for peer_limit.txt
+- name: set file attributes for peer_limit.conf
   file:
-    path: "/etc/fastd/peer_limit.txt"
+    path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf"
     mode: 0640
     owner: admin
     group: admin
+  notify: restart fastd mesh instances
+  loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
 
 - name: write systemd unit fastd-sync-meshkeys.service
   template:
@@ -55,10 +77,18 @@
     mode: 0644
   notify: reload systemd
 
+- name: create fastd_status.json file
+  file:
+    path: /var/www/html/fastd_status.json
+    state: touch
+    owner: admin
+    group: admin
+    mode: 0644
+
 - name: write configuration for fastd-peer-limit-update script
   template:
-    src: fastd_peer_limit.yaml.j2
-    dest: /home/admin/.ffmwu-config/fastd_peer_limit.yaml
+    src: fastd_peer_limit_config.yaml.j2
+    dest: /home/admin/.ffmwu-config/fastd_peer_limit_config.yaml
     owner: admin
     group: admin
     mode: 0644
diff --git a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
index c880dec..48c8939 100644
--- a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
+++ b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
@@ -19,8 +19,11 @@ bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.
 include "secret.conf";
 mtu {{ item.1.mtu }};
 
+peer group "vpn_nodes" {
+    include "peer_limit.conf";
+    include peers from "peers";
+}
+
 on up "/bin/systemctl reload networking";
 
-on verify "/home/admin/clones/backend-scripts/verify_fastd_peers_gw.py $PEER_KEY";
-
 status socket "/var/run/fastd-{{ item.0.id }}vpn-{{ item.1.mtu }}.status";
diff --git a/roles/service-fastd-mesh/templates/fastd-sync-meshkeys.timer.j2 b/roles/service-fastd-mesh/templates/fastd-sync-meshkeys.timer.j2
index a5e91cf..cea04f0 100644
--- a/roles/service-fastd-mesh/templates/fastd-sync-meshkeys.timer.j2
+++ b/roles/service-fastd-mesh/templates/fastd-sync-meshkeys.timer.j2
@@ -6,7 +6,7 @@ Description=Update fastd mesh peers repos timer
 
 [Timer]
 OnBootSec=5m
-OnUnitActiveSec=5m
+OnUnitActiveSec=15m
 
 [Install]
 WantedBy=timers.target
diff --git a/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2 b/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2
index c2fe31f..89f1148 100644
--- a/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2
+++ b/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2
@@ -13,12 +13,10 @@ server {
 
       allow 127.0.0.0/8;
       allow ::1/128;
-{% for group in prometheus_groups %}
-{% for host in groups[group] %}
+{% for host in groups['ffmwu-monitoring'] %}
       allow {{ lookup('dig', host, 'qtype=A') }};
       allow {{ lookup('dig', host, 'qtype=AAAA') }};
-{% endfor %}
-{% endfor %}
       deny all;
+{% endfor %}
     }
 }
diff --git a/roles/service-fastd-mesh/templates/fastd_peer_limit.yaml.j2 b/roles/service-fastd-mesh/templates/fastd_peer_limit.yaml.j2
deleted file mode 100644
index 2f03b80..0000000
--- a/roles/service-fastd-mesh/templates/fastd_peer_limit.yaml.j2
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# {{ ansible_managed }}
-#
-
-additional: 16
-metrics_url: 'https://%s.freifunk-mwu.de:9281/metrics'
-limit_file: '/etc/fastd/peer_limit'
-fastd_instances:
-{% for mesh in meshes %}
-{% for instance in mesh.fastd.nodes.instances %}
-  - {{ mesh.id }}vpn-{{ instance.mtu }}
-{% endfor %}
-{% endfor %}
-gateways:
-{% for gateway in groups['ffmwu-gateways'] %}
-  - {{ gateway.rsplit('.freifunk-mwu.de')[0] }}
-{% endfor %}
-fetch_timeout: 10
diff --git a/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2 b/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2
new file mode 100644
index 0000000..20ce1bc
--- /dev/null
+++ b/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2
@@ -0,0 +1,24 @@
+#
+# {{ ansible_managed }}
+#
+ansible_gate: True
+additional: 8
+fastd_instances:
+{% for mesh in meshes %}
+{% for instance in mesh.fastd.nodes.instances %}
+  - {{ mesh.id }}vpn-{{ instance.mtu }}
+{% endfor %}
+{% endfor %}
+cronlog: '/home/admin/.cronlog/limit.%s.log'
+fastd_config: '/etc/fastd/%s/peer_limit.conf'
+fastd_status: '/usr/local/bin/fastd-status'
+gateways:
+{% for gateway in groups['ffmwu-gateways'] %}
+  - {{ gateway.rsplit('.freifunk-mwu.de')[0] }}
+{% endfor %}
+restart_max: 43200
+stat: 'fastd_status.json'
+stat_ext: 'http://%s.freifunk-mwu.de/%s'
+stat_local: '/var/www/html/%s'
+remote_fetch_timeout: 10
+remote_data_timeout: 900