Restructure fastd configuration to define multiple instances easily
- introduce mesh subdictionary `fastd` - change fastd instance naming - change fastd network interface naming (identical with fastd instance names) - change mac address prefixes
This commit is contained in:
parent
63ca114c95
commit
53d30c8ded
17 changed files with 223 additions and 89 deletions
44
Readme.md
44
Readme.md
|
@ -47,8 +47,26 @@ meshes:
|
||||||
advvalidlifetime: 864000
|
advvalidlifetime: 864000
|
||||||
advpreferredlifetime: 172800
|
advpreferredlifetime: 172800
|
||||||
iface_mtu: 1350
|
iface_mtu: 1350
|
||||||
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffmz.git
|
fastd:
|
||||||
peers_intragate_repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
|
nodes:
|
||||||
|
instances:
|
||||||
|
- id: 0
|
||||||
|
mtu: 1406
|
||||||
|
peers:
|
||||||
|
repo: https://github.com/freifunk-mwu/peers-ffmz.git
|
||||||
|
version: master
|
||||||
|
- id: 1
|
||||||
|
mtu: 1312
|
||||||
|
peers:
|
||||||
|
repo: https://github.com/freifunk-mwu/peers-ffmz.git
|
||||||
|
version: master
|
||||||
|
intragate:
|
||||||
|
instances:
|
||||||
|
- id: 0
|
||||||
|
mtu: 1406
|
||||||
|
peers:
|
||||||
|
repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
|
||||||
|
version: master
|
||||||
dns:
|
dns:
|
||||||
master: fd37:b4dc:4b1e::a25:103
|
master: fd37:b4dc:4b1e::a25:103
|
||||||
forward_zones:
|
forward_zones:
|
||||||
|
@ -81,8 +99,26 @@ meshes:
|
||||||
maxrtradvinterval: 900
|
maxrtradvinterval: 900
|
||||||
advvalidlifetime: 864000
|
advvalidlifetime: 864000
|
||||||
iface_mtu: 1350
|
iface_mtu: 1350
|
||||||
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffwi.git
|
fastd:
|
||||||
peers_intragate_repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git
|
nodes:
|
||||||
|
instances:
|
||||||
|
- id: 0
|
||||||
|
mtu: 1406
|
||||||
|
peers:
|
||||||
|
repo: https://github.com/freifunk-mwu/peers-ffwi.git
|
||||||
|
version: master
|
||||||
|
- id: 1
|
||||||
|
mtu: 1312
|
||||||
|
peers:
|
||||||
|
repo: https://github.com/freifunk-mwu/peers-ffwi.git
|
||||||
|
version: master
|
||||||
|
intragate:
|
||||||
|
instances:
|
||||||
|
- id: 0
|
||||||
|
mtu: 1406
|
||||||
|
peers:
|
||||||
|
repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git
|
||||||
|
version: master
|
||||||
dns:
|
dns:
|
||||||
master: fd56:b4dc:4b1e::a38:103
|
master: fd56:b4dc:4b1e::a38:103
|
||||||
forward_zones:
|
forward_zones:
|
||||||
|
|
|
@ -40,8 +40,26 @@ meshes:
|
||||||
advvalidlifetime: 864000
|
advvalidlifetime: 864000
|
||||||
advpreferredlifetime: 172800
|
advpreferredlifetime: 172800
|
||||||
iface_mtu: 1350
|
iface_mtu: 1350
|
||||||
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffmz.git
|
fastd:
|
||||||
peers_intragate_repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
|
nodes:
|
||||||
|
instances:
|
||||||
|
- id: 0
|
||||||
|
mtu: 1406
|
||||||
|
peers:
|
||||||
|
repo: https://github.com/freifunk-mwu/peers-ffmz.git
|
||||||
|
version: master
|
||||||
|
- id: 1
|
||||||
|
mtu: 1312
|
||||||
|
peers:
|
||||||
|
repo: https://github.com/freifunk-mwu/peers-ffmz.git
|
||||||
|
version: master
|
||||||
|
intragate:
|
||||||
|
instances:
|
||||||
|
- id: 0
|
||||||
|
mtu: 1406
|
||||||
|
peers:
|
||||||
|
repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
|
||||||
|
version: master
|
||||||
dns:
|
dns:
|
||||||
master: fd37:b4dc:4b1e::a25:103
|
master: fd37:b4dc:4b1e::a25:103
|
||||||
forward_zones:
|
forward_zones:
|
||||||
|
@ -75,8 +93,26 @@ meshes:
|
||||||
advvalidlifetime: 864000
|
advvalidlifetime: 864000
|
||||||
advpreferredlifetime: 172800
|
advpreferredlifetime: 172800
|
||||||
iface_mtu: 1350
|
iface_mtu: 1350
|
||||||
peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffwi.git
|
fastd:
|
||||||
peers_intragate_repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git
|
nodes:
|
||||||
|
instances:
|
||||||
|
- id: 0
|
||||||
|
mtu: 1406
|
||||||
|
peers:
|
||||||
|
repo: https://github.com/freifunk-mwu/peers-ffwi.git
|
||||||
|
version: master
|
||||||
|
- id: 1
|
||||||
|
mtu: 1312
|
||||||
|
peers:
|
||||||
|
repo: https://github.com/freifunk-mwu/peers-ffwi.git
|
||||||
|
version: master
|
||||||
|
intragate:
|
||||||
|
instances:
|
||||||
|
- id: 0
|
||||||
|
mtu: 1406
|
||||||
|
peers:
|
||||||
|
repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git
|
||||||
|
version: master
|
||||||
dns:
|
dns:
|
||||||
master: fd56:b4dc:4b1e::a38:103
|
master: fd56:b4dc:4b1e::a38:103
|
||||||
forward_zones:
|
forward_zones:
|
||||||
|
|
|
@ -1,9 +1,12 @@
|
||||||
# Ansible role network-fastd
|
# Ansible role network-fastd
|
||||||
|
|
||||||
Diese Ansible role konfiguriert Netzwerk Interfaces für fastd.
|
Diese Ansible role konfiguriert Netzwerk Interfaces für die definierten fastd Instanzen.
|
||||||
|
|
||||||
- xxVPN pro Mesh
|
Es wird zwischen node- und intragate-Instanzen unterschieden.
|
||||||
- xxigVPN pro Mesh
|
|
||||||
|
## Interface-Benamung
|
||||||
|
Node-Interfaces: $mesh.id + VPN + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzVPN-1312"
|
||||||
|
Intragate-Interfaces: $mesh.id + 'ig' + VPN + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigVPN-1312"
|
||||||
|
|
||||||
## Benötigte Variablen
|
## Benötigte Variablen
|
||||||
|
|
||||||
|
@ -22,5 +25,5 @@ meshes:
|
||||||
|
|
||||||
Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet.
|
Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet.
|
||||||
|
|
||||||
xxVPN-prefix: `02:11`
|
xxVPN-$mtu prefix: `02:2x` # x = ID der fastd-Instanz
|
||||||
xxigVPN-prefix: `02:12`
|
xxigVPN-$mtu prefix: `02:3x` # x = ID der fastd-Instanz
|
||||||
|
|
|
@ -2,13 +2,17 @@
|
||||||
- name: create fastd mesh interfaces
|
- name: create fastd mesh interfaces
|
||||||
template:
|
template:
|
||||||
src: fastd-mesh.j2
|
src: fastd-mesh.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.id }}VPN"
|
dest: "/etc/network/interfaces.d/{{ item.0.id }}VPN-{{ item.1.mtu }}"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.nodes.instances
|
||||||
|
|
||||||
- name: create fastd intragate interfaces
|
- name: create fastd intragate interfaces
|
||||||
template:
|
template:
|
||||||
src: fastd-intragate.j2
|
src: fastd-intragate.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.id }}igVPN"
|
dest: "/etc/network/interfaces.d/{{ item.0.id }}igVPN-{{ item.1.mtu }}"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.intragate.instances
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
|
{% set ip4hex = item.0.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
|
||||||
{% set mac = '0212' + ip4hex -%}
|
{% set mac = '023' + item.1.id|string + ip4hex -%}
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
auto {{ item.id }}igVPN
|
auto {{ item.0.id }}igVPN-{{ item.1.mtu }}
|
||||||
iface {{ item.id }}igVPN
|
iface {{ item.0.id }}igVPN-{{ item.1.mtu }}
|
||||||
hwaddress {{ mac | hwaddr('linux') }}
|
hwaddress {{ mac | hwaddr('linux') }}
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
|
{% set ip4hex = item.0.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
|
||||||
{% set mac = '0211' + ip4hex -%}
|
{% set mac = '022' + item.1.id|string + ip4hex -%}
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
auto {{ item.id }}VPN
|
auto {{ item.0.id }}VPN-{{ item.1.mtu }}
|
||||||
iface {{ item.id }}VPN
|
iface {{ item.0.id }}VPN-{{ item.1.mtu }}
|
||||||
hwaddress {{ mac | hwaddr('linux') }}
|
hwaddress {{ mac | hwaddr('linux') }}
|
||||||
|
|
|
@ -18,8 +18,15 @@ meshes:
|
||||||
- id: xx
|
- id: xx
|
||||||
...
|
...
|
||||||
site_number: # integer
|
site_number: # integer
|
||||||
peers_mesh_repo: # String - https Link zum Github Repository
|
fastd:
|
||||||
peers_intragate_repo: # String - https Link zum Github Repository
|
nodes:
|
||||||
|
instances:
|
||||||
|
- id: 0 # integer
|
||||||
|
mtu: # integer
|
||||||
|
peers:
|
||||||
|
repo: # String - https Link zum Github Repository
|
||||||
|
version: # String - Branch oder Commit ID
|
||||||
|
...
|
||||||
´´´
|
´´´
|
||||||
- Dictionary `fastd_secrets` (Host-Variable)
|
- Dictionary `fastd_secrets` (Host-Variable)
|
||||||
´´´
|
´´´
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
---
|
---
|
||||||
- name: restart fastd intragate instances
|
- name: restart fastd intragate instances
|
||||||
systemd:
|
systemd:
|
||||||
name: "fastd@{{ item.id }}igVPN"
|
name: "fastd@{{ item.0.id }}igVPN-{{ item.1.mtu }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
with_dict: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.intragate.instances
|
||||||
|
|
|
@ -1,45 +1,57 @@
|
||||||
---
|
---
|
||||||
- name: configure systemd unit fastd@
|
- name: configure systemd unit fastd@
|
||||||
systemd:
|
systemd:
|
||||||
name: "fastd@{{ item.id }}igVPN"
|
name: "fastd@{{ item.0.id }}igVPN-{{ item.1.mtu }}"
|
||||||
enabled: yes
|
enabled: yes
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.intragate.instances
|
||||||
|
|
||||||
- name: create fastd intragate directories
|
- name: create fastd intragate directories
|
||||||
file:
|
file:
|
||||||
path: "/etc/fastd/{{ item.id }}igVPN"
|
path: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.intragate.instances
|
||||||
|
|
||||||
- name: create fastd peer intragate directories
|
- name: create fastd peer intragate directories
|
||||||
file:
|
file:
|
||||||
path: "/etc/fastd/{{ item.id }}igVPN/peers"
|
path: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/peers"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
owner: admin
|
owner: admin
|
||||||
group: admin
|
group: admin
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.intragate.instances
|
||||||
|
|
||||||
- name: clone fastd peer intragate repos
|
- name: clone fastd peer intragate repos
|
||||||
git:
|
git:
|
||||||
repo: "{{ item.peers_intragate_repo }}"
|
repo: "{{ item.1.peers.repo }}"
|
||||||
dest: "/etc/fastd/{{ item.id }}igVPN/peers"
|
dest: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/peers"
|
||||||
version: master
|
version: "{{ item.1.peers.version }}"
|
||||||
update: no
|
update: no
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.intragate.instances
|
||||||
become: false
|
become: false
|
||||||
|
|
||||||
- name: template fastd mesh config
|
- name: template fastd mesh config
|
||||||
template:
|
template:
|
||||||
src: fastd-intragate.conf.j2
|
src: fastd-intragate.conf.j2
|
||||||
dest: "/etc/fastd/{{ item.id }}igVPN/fastd.conf"
|
dest: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/fastd.conf"
|
||||||
notify: restart fastd intragate instances
|
notify: restart fastd intragate instances
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.intragate.instances
|
||||||
|
|
||||||
- name: write fastd intragate secret
|
- name: write fastd intragate secret
|
||||||
template:
|
template:
|
||||||
src: fastd-secret.conf.j2
|
src: fastd-secret.conf.j2
|
||||||
dest: "/etc/fastd/{{ item.id }}igVPN/secret.conf"
|
dest: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/secret.conf"
|
||||||
notify: restart fastd intragate instances
|
notify: restart fastd intragate instances
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.intragate.instances
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
|
{% set ip4hex = item.0.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
|
||||||
{% set mac = '0212' + ip4hex -%}
|
{% set mac = '0212' + ip4hex -%}
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
@ -9,13 +9,13 @@ hide mac addresses yes;
|
||||||
|
|
||||||
method "aes128-ctr+umac";
|
method "aes128-ctr+umac";
|
||||||
|
|
||||||
interface "{{ item.id }}igVPN";
|
interface "{{ item.0.id }}igVPN-{{ item.1.mtu }}";
|
||||||
|
|
||||||
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:101{{ item.site_number }};
|
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ item.0.site_number }};
|
||||||
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:101{{ item.site_number }};
|
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ item.0.site_number }};
|
||||||
|
|
||||||
include "secret.conf";
|
include "secret.conf";
|
||||||
mtu 1406;
|
mtu {{ item.1.mtu }};
|
||||||
|
|
||||||
peer group "servers" {
|
peer group "servers" {
|
||||||
include peers from "peers/gates";
|
include peers from "peers/gates";
|
||||||
|
@ -27,11 +27,11 @@ on up "
|
||||||
ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
|
ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
|
||||||
ip link set $INTERFACE up
|
ip link set $INTERFACE up
|
||||||
|
|
||||||
batctl -m {{ item.id }}BAT if add $INTERFACE
|
batctl -m {{ item.0.id }}BAT if add $INTERFACE
|
||||||
";
|
";
|
||||||
|
|
||||||
on down "
|
on down "
|
||||||
batctl -m {{ item.id }}BAT if del $INTERFACE
|
batctl -m {{ item.0.id }}BAT if del $INTERFACE
|
||||||
";
|
";
|
||||||
|
|
||||||
status socket "/var/run/fastd-{{ item.id }}igVPN.status";
|
status socket "/var/run/fastd-{{ item.0.id }}igVPN-{{ item.1.mtu }}.status";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{% set local_interface = item.id + 'igVPN' -%}
|
{% set local_interface = item.0.id + 'igVPN' -%}
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
|
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
Diese Ansible role konfiguriert die fastd-Instanz für die Knoten Kommunikation.
|
Diese Ansible role konfiguriert die fastd-Instanz für die Knoten Kommunikation.
|
||||||
|
|
||||||
- konfiguriert xxVPN-Instanzen
|
|
||||||
- stellt sicher, dass die Instanz-Verzeichnisse existieren
|
- stellt sicher, dass die Instanz-Verzeichnisse existieren
|
||||||
- schreibt fastd.conf
|
- schreibt fastd.conf
|
||||||
- schreibt secret.conf
|
- schreibt secret.conf
|
||||||
|
@ -11,6 +10,10 @@ Diese Ansible role konfiguriert die fastd-Instanz für die Knoten Kommunikation.
|
||||||
- klont die fastd peer repos
|
- klont die fastd peer repos
|
||||||
- klont bingener fastd peer repo (im Moment hardcoded)
|
- klont bingener fastd peer repo (im Moment hardcoded)
|
||||||
|
|
||||||
|
## Instanz-Benamung
|
||||||
|
Node-Instanzen: $mesh.id + VPN + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzVPN-1312"
|
||||||
|
Intragate-Instanzen: $mesh.id + 'ig' + VPN + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigVPN-1312"
|
||||||
|
|
||||||
## Benötigte Variablen
|
## Benötigte Variablen
|
||||||
|
|
||||||
- Dictionary `meshes`
|
- Dictionary `meshes`
|
||||||
|
@ -19,8 +22,15 @@ meshes:
|
||||||
- id: xx
|
- id: xx
|
||||||
...
|
...
|
||||||
site_number: # integer
|
site_number: # integer
|
||||||
peers_mesh_repo: # String - https Link zum Github Repository
|
fastd:
|
||||||
peers_intragate_repo: # String - https Link zum Github Repository
|
nodes:
|
||||||
|
instances:
|
||||||
|
- id: 0 # integer
|
||||||
|
mtu: # integer
|
||||||
|
peers:
|
||||||
|
repo: # String - https Link zum Github Repository
|
||||||
|
version: # String - Branch oder Commit ID
|
||||||
|
...
|
||||||
´´´
|
´´´
|
||||||
- Dictionary `fastd_secrets` (Host-Variable)
|
- Dictionary `fastd_secrets` (Host-Variable)
|
||||||
´´´
|
´´´
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
---
|
---
|
||||||
- name: restart fastd mesh instances
|
- name: restart fastd mesh instances
|
||||||
systemd:
|
systemd:
|
||||||
name: "fastd@{{ item.id }}VPN"
|
name: "fastd@{{ item.0.id }}VPN{{ item.1.mtu }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
with_dict: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.nodes.instances
|
||||||
|
|
|
@ -1,84 +1,106 @@
|
||||||
---
|
---
|
||||||
- name: configure systemd unit fastd@
|
- name: configure systemd unit fastd@
|
||||||
systemd:
|
systemd:
|
||||||
name: "fastd@{{ item.id }}VPN"
|
name: "fastd@{{ item.0.id }}VPN-{{ item.1.mtu }}"
|
||||||
enabled: yes
|
enabled: yes
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.nodes.instances
|
||||||
|
|
||||||
- name: create fastd directories
|
- name: create fastd directories
|
||||||
file:
|
file:
|
||||||
path: "/etc/fastd/{{ item.id }}VPN"
|
path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.nodes.instances
|
||||||
|
|
||||||
- name: create fastd peer mesh directories
|
- name: create fastd peer mesh directories
|
||||||
file:
|
file:
|
||||||
path: "/etc/fastd/{{ item.id }}VPN/peers"
|
path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peers"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
owner: admin
|
owner: admin
|
||||||
group: admin
|
group: admin
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.nodes.instances
|
||||||
|
|
||||||
- name: create fastd peer mesh directories for ffbin
|
- name: create fastd peer mesh directories for ffbin
|
||||||
file:
|
file:
|
||||||
path: "/etc/fastd/mzVPN/peers_bingen"
|
path: "/etc/fastd/mzVPN-{{ item }}/peers_bingen"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
owner: admin
|
owner: admin
|
||||||
group: admin
|
group: admin
|
||||||
|
with_items:
|
||||||
|
- 1406
|
||||||
|
- 1312
|
||||||
|
|
||||||
- name: clone fastd peer mesh repos
|
- name: clone fastd peer mesh repos
|
||||||
git:
|
git:
|
||||||
repo: "{{ item.peers_mesh_repo }}"
|
repo: "{{ item.1.peers.repo }}"
|
||||||
dest: "/etc/fastd/{{ item.id }}VPN/peers"
|
dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peers"
|
||||||
version: master
|
version: "{{ item.1.peers.version }}"
|
||||||
update: no
|
update: no
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.nodes.instances
|
||||||
become: false
|
become: false
|
||||||
|
|
||||||
- name: clone fastd peer mesh repo for ffbin
|
- name: clone fastd peer mesh repo for ffbin
|
||||||
git:
|
git:
|
||||||
repo: https://github.com/freifunk-bingen/peers-ffbin.git
|
repo: https://github.com/freifunk-bingen/peers-ffbin.git
|
||||||
dest: /etc/fastd/mzVPN/peers_bingen
|
dest: "/etc/fastd/mzVPN-{{ item }}/peers_bingen"
|
||||||
version: master
|
version: master
|
||||||
update: no
|
update: no
|
||||||
|
with_items:
|
||||||
|
- 1406
|
||||||
|
- 1312
|
||||||
become: false
|
become: false
|
||||||
|
|
||||||
- name: template fastd mesh config
|
- name: template fastd mesh config
|
||||||
template:
|
template:
|
||||||
src: fastd-mesh.conf.j2
|
src: fastd-mesh.conf.j2
|
||||||
dest: "/etc/fastd/{{ item.id }}VPN/fastd.conf"
|
dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/fastd.conf"
|
||||||
notify: restart fastd mesh instances
|
notify: restart fastd mesh instances
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.nodes.instances
|
||||||
|
|
||||||
- name: write fastd mesh secret
|
- name: write fastd mesh secret
|
||||||
template:
|
template:
|
||||||
src: fastd-secret.conf.j2
|
src: fastd-secret.conf.j2
|
||||||
dest: "/etc/fastd/{{ item.id }}VPN/secret.conf"
|
dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/secret.conf"
|
||||||
notify: restart fastd mesh instances
|
notify: restart fastd mesh instances
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.nodes.instances
|
||||||
|
|
||||||
- name: copy peer_limit.conf if not exist
|
- name: copy peer_limit.conf if not exist
|
||||||
copy:
|
copy:
|
||||||
src: peer_limit.conf
|
src: peer_limit.conf
|
||||||
dest: "/etc/fastd/{{ item.id }}VPN/peer_limit.conf"
|
dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peer_limit.conf"
|
||||||
owner: admin
|
owner: admin
|
||||||
group: admin
|
group: admin
|
||||||
mode: 0640
|
mode: 0640
|
||||||
force: no
|
force: no
|
||||||
notify: restart fastd mesh instances
|
notify: restart fastd mesh instances
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.nodes.instances
|
||||||
|
|
||||||
- name: set file attributes for peer_limit.conf
|
- name: set file attributes for peer_limit.conf
|
||||||
file:
|
file:
|
||||||
path: "/etc/fastd/{{ item.id }}VPN/peer_limit.conf"
|
path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peer_limit.conf"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
owner: admin
|
owner: admin
|
||||||
group: admin
|
group: admin
|
||||||
notify: restart fastd mesh instances
|
notify: restart fastd mesh instances
|
||||||
with_items: "{{ meshes }}"
|
with_subelements:
|
||||||
|
- "{{ meshes }}"
|
||||||
|
- fastd.nodes.instances
|
||||||
|
|
||||||
- name: write systemd unit fastd-sync-meshkeys.service
|
- name: write systemd unit fastd-sync-meshkeys.service
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
|
{% set ip4hex = item.0.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
|
||||||
{% set mac = '0211' + ip4hex -%}
|
{% set mac = '0211' + ip4hex -%}
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
@ -9,18 +9,18 @@ hide mac addresses yes;
|
||||||
|
|
||||||
method "salsa2012+umac";
|
method "salsa2012+umac";
|
||||||
|
|
||||||
interface "{{ item.id }}VPN";
|
interface "{{ item.0.id }}VPN-{{ item.1.mtu }}";
|
||||||
|
|
||||||
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:100{{ item.site_number }};
|
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ item.0.site_number }};
|
||||||
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:100{{ item.site_number }};
|
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ item.0.site_number }};
|
||||||
|
|
||||||
include "secret.conf";
|
include "secret.conf";
|
||||||
mtu 1406;
|
mtu {{ item.1.mtu }};
|
||||||
|
|
||||||
peer group "vpn_nodes" {
|
peer group "vpn_nodes" {
|
||||||
include "peer_limit.conf";
|
include "peer_limit.conf";
|
||||||
include peers from "peers";
|
include peers from "peers";
|
||||||
{% if item.id == "mz" %}
|
{% if item.0.id == "mz" %}
|
||||||
include peers from "peers_bingen";
|
include peers from "peers_bingen";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
}
|
}
|
||||||
|
@ -34,11 +34,11 @@ on up "
|
||||||
ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
|
ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
|
||||||
ip link set $INTERFACE up
|
ip link set $INTERFACE up
|
||||||
|
|
||||||
batctl -m {{ item.id }}BAT if add $INTERFACE
|
batctl -m {{ item.0.id }}BAT if add $INTERFACE
|
||||||
";
|
";
|
||||||
|
|
||||||
on down "
|
on down "
|
||||||
batctl -m {{ item.id }}BAT if del $INTERFACE
|
batctl -m {{ item.0.id }}BAT if del $INTERFACE
|
||||||
";
|
";
|
||||||
|
|
||||||
status socket "/var/run/fastd-{{ item.id }}VPN.status";
|
status socket "/var/run/fastd-{{ item.0.id }}VPN-{{ item.1.mtu }}.status";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{% set local_interface = item.id + 'VPN' -%}
|
{% set local_interface = item.0.id + 'VPN' -%}
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{% set ip4hex = icvpn_ipv4_transfer_net | ipaddr('net') | ipsubnet(24, 37) | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
|
{% set ip4hex = icvpn_ipv4_transfer_net | ipaddr('net') | ipsubnet(24, 37) | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
|
||||||
{% set mac = '0220' + ip4hex -%}
|
{% set mac = '02f0' + ip4hex -%}
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
|
Loading…
Reference in a new issue