diff --git a/Readme.md b/Readme.md
index 7f06b5f..4796880 100644
--- a/Readme.md
+++ b/Readme.md
@@ -78,7 +78,7 @@ Weitere Gruppen-Variablen:
|Name|Type|Value|Format|Comment|
|----|----|-----|------|-------|
-|as_private_mwu|Variable|65037|integer|Privates AS von Freifunk MWU|
+|as_private|Variable|65037|integer|Privates AS von Freifunk MWU|
|as_public_ffrl|Variable|201701|integer|Public AS von Freifunk Rheinland|
|internet_exit_tcp_mss_ipv4|Variable|1240|integer|IPv4 TCP MSS|
|internet_exit_tcp_mss_ipv6|Variable|1220|integer|IPv6 TCP MSS|
@@ -97,9 +97,9 @@ Weitere Gruppen-Variablen:
|icvpn.prefix|Key|mwu|string|Prefix für MWU Gateways, z.B. `mwu7` für Spinat|
|icvpn.interface|Key|icvpn|string|Name für ICVPN Interface + tinc Instanz|
|icvpn.icvpn_repo|Key|https://github.com/freifunk/icvpn|string|URL zum freifunk/icvpn Repository|
-|bgp_mwu_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net|
-|bgp_mwu_servers.spinat|Dictionary||||
-|bgp_mwu_servers.spinat.ipv4|Variable|10.37.0.7|string - IPv4-Adresse||
+|bgp_legacy_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net|
+|bgp_legacy_servers.spinat|Dictionary||||
+|bgp_legacy_servers.spinat.ipv4|Variable|10.37.0.7|string - IPv4-Adresse||
|bgp_mwu_server.spinat.ipv6|Variable|fd37:b4dc:4b1e::a25:7|string - IPv6-Adresse||
@@ -109,7 +109,7 @@ Alle Server- bzw. Gateway-spezifischen Parameter werden als Host-Variablen abgeb
|Name|Type|Value|Format|Comment|
|----|----|-----|------|-------|
|magic|Variable|7|integer|Muss eindeutig unter allen Servern sein|
-|ipv4_dhcp_range|Variable|6|integer|Wenn man das Mesh-Netz (/18) in /22er-Subnetze unterteilt und durchnummeriert, ist der Wert hier die Nummer des zu verwendenden /22er Subnetzes zwecks DHCP-Adress-Vergabe|
+|ipv4_dhcp|Variable|6|integer|Wenn man das Mesh-Netz (/18) in /22er-Subnetze unterteilt und durchnummeriert, ist der Wert hier die Nummer des zu verwendenden /22er Subnetzes zwecks DHCP-Adress-Vergabe|
|ffrl_public_ipv4_nat|Variable|185.66.195.32/32|IP/Prefix|Öffentliche IPv4-NAT-Adresse|
|ffrl_exit_server|Dictionary|||Enthält pro FFRL Tunnel ein Dictionary|
|ffrl_exit_server.ffrl-a-ak-ber|Dictionary|||Name = Interface|
@@ -158,7 +158,7 @@ magic:
# Die Nummer des /22er IPv4-Subnetzes, das per DHCP verteilt werden soll.
# z.B. 5 für 10.X.16.0/22 (fünftes /22 Subnetz aus 10.X.0.0/18)
-ipv4_dhcp_range:
+ipv4_dhcp:
# FFRL (muss vorher bereits zugewiesen worden sein)
# Öffentliche IPv4 NAT Adresse, Format: IP/Prefix
diff --git a/ansible.cfg b/ansible.cfg
index d94d519..e84d45a 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -11,5 +11,5 @@ bin_ansible_callbacks = True
[privilege_escalation]
become = True
-#[ssh_connection]
-#pipelining = True
+[ssh_connection]
+pipelining = True
diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index 0fe1ef5..cfc6239 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -2,7 +2,10 @@
ansible_version_minimum: "2.6"
debug_fastd: False
-as_private_mwu: 65037
+site_code: ffmwu
+site_name: "Mainz, Wiesbaden und Umgebung"
+
+as_private: 65037
as_public_ffrl: 201701
internet_exit_tcp_mss_ipv4: 1240
@@ -11,16 +14,22 @@ internet_exit_tcp_mss_ipv6: 1220
icvpn_ipv4_transfer_net: 10.207.0.0/16
icvpn_ipv6_transfer_net: fec0::a:cf:0:0/96
-ffmwu_loopback_net_ipv4: 10.37.255.0/24
-ffmwu_loopback_net_ipv6: fd37:b4dc:4b1e:ffff::/64
-ffmwu_anycast_ipv4: 10.37.255.255/32
-ffmwu_anycast_ipv6: fd37:b4dc:4b1e:ffff:ffff:ffff:ffff:ffff/128
+loopback_net_ipv4: 10.37.255.0/24
+loopback_net_ipv6: fd37:b4dc:4b1e:ffff::/64
+anycast_ipv4: 10.37.255.255/32
+anycast_ipv6: fd37:b4dc:4b1e:ffff:ffff:ffff:ffff:ffff/128
-ffmwu_internal_prefixes:
+internal_prefixes:
- ipv4: 10.37.0.0/16
ipv6: fd37:b4dc:4b1e::/48
- ipv4: 10.56.0.0/16
ipv6: fd56:b4dc:4b1e::/48
+ - ipv4: 10.86.0.0/15
+ ipv6: fd86:b4dc:4b1e::/48
+
+public_prefixes:
+ - ipv6: 2a03:2260:11a::/48
+ - ipv6: 2a03:2260:11b::/48
bgp_loopback_net: 10.37.0.0/18
bgp_ipv4_transfer_net: 10.37.0.0/18
@@ -29,6 +38,10 @@ bgp_groups:
- ffmwu-gateways
- ffmwu-monitoring
+fastd_groups:
+ - ffmwu-gateways
+ - ffmwu-monitoring
+
prometheus_groups:
- ffmwu-gateways
- ffmwu-monitoring
@@ -48,17 +61,18 @@ gopath: "/opt/go"
meshes:
- id: mz
- site_number: 37
- site_code: ffmz
- site_name: Mainz
- sites_virtual:
+ legacy: true
+ domain_number: 37
+ domain_code: ffmz
+ domain_name: Mainz
+ aliases:
ffbin: Bingen
ffrhg: Rheingau
ipv4_network: 10.37.0.0/18
ipv6_ula:
- - fd37:b4dc:4b1e::/48
+ - fd37:b4dc:4b1e::/64
ipv6_public:
- - 2a03:2260:11a::/48
+ - 2a03:2260:11a::/64
dnssl:
- ffmz.org
- user.ffmz.org
@@ -102,16 +116,17 @@ meshes:
http_domain_external: freifunk-mainz.de
- id: wi
- site_number: 56
- site_code: ffwi
- site_name: Wiesbaden
- sites_virtual:
+ legacy: true
+ domain_number: 56
+ domain_code: ffwi
+ domain_name: Wiesbaden
+ aliases:
ffta: Taunus
ipv4_network: 10.56.0.0/18
ipv6_ula:
- - fd56:b4dc:4b1e::/48
+ - fd56:b4dc:4b1e::/64
ipv6_public:
- - 2a03:2260:11b::/48
+ - 2a03:2260:11b::/64
dnssl:
- ffwi.org
- user.ffwi.org
@@ -159,7 +174,7 @@ icvpn:
interface: icvpn
icvpn_repo: https://github.com/freifunk/icvpn
-bgp_mwu_servers:
+bgp_legacy_servers:
zuckerwatte:
ipv4: 10.37.1.2
ipv6: fd37:b4dc:4b1e::a25:102
diff --git a/inventory/host_vars/ingwer.freifunk-mwu.de b/inventory/host_vars/ingwer.freifunk-mwu.de
index 979b72c..f6049eb 100644
--- a/inventory/host_vars/ingwer.freifunk-mwu.de
+++ b/inventory/host_vars/ingwer.freifunk-mwu.de
@@ -1,8 +1,21 @@
---
-ffmwu_server_type: "gateway"
+server_type: "gateway"
magic: 161
-ipv4_dhcp_range: 7
+
+public_gw_prefixes:
+ - ipv6: 2a03:2260:11a:a100::/56
+ - ipv6: 2a03:2260:11b:a100::/56
+
+mesh_gw_prefixes:
+ mz:
+ ipv4_dhcp: 10.37.24.0/22
+ ipv6_public:
+ - 2a03:2260:11a:a100::/64
+ wi:
+ ipv4_dhcp: 10.56.24.0/22
+ ipv6_public:
+ - 2a03:2260:11b:a100::/64
ffrl_public_ipv4_nat: 185.66.195.38/32
diff --git a/inventory/host_vars/lotuswurzel.freifunk-mwu.de b/inventory/host_vars/lotuswurzel.freifunk-mwu.de
index ec7f27c..2105b34 100644
--- a/inventory/host_vars/lotuswurzel.freifunk-mwu.de
+++ b/inventory/host_vars/lotuswurzel.freifunk-mwu.de
@@ -1,8 +1,21 @@
---
-ffmwu_server_type: "gateway"
+server_type: "gateway"
magic: 23
-ipv4_dhcp_range: 4
+
+public_gw_prefixes:
+ - ipv6: 2a03:2260:11a:1700::/56
+ - ipv6: 2a03:2260:11b:1700::/56
+
+mesh_gw_prefixes:
+ mz:
+ ipv4_dhcp: 10.37.16.0/22
+ ipv6_public:
+ - 2a03:2260:11a:1700::/64
+ wi:
+ ipv4_dhcp: 10.56.16.0/22
+ ipv6_public:
+ - 2a03:2260:11b:1700::/64
ffrl_public_ipv4_nat: 185.66.195.36/32
diff --git a/inventory/host_vars/milchreis.freifunk-mwu.de b/inventory/host_vars/milchreis.freifunk-mwu.de
index 68174b8..471dee7 100644
--- a/inventory/host_vars/milchreis.freifunk-mwu.de
+++ b/inventory/host_vars/milchreis.freifunk-mwu.de
@@ -1,2 +1,2 @@
---
-ffmwu_server_type: "firmware-build"
+server_type: "firmware-build"
diff --git a/inventory/host_vars/spinat.freifunk-mwu.de b/inventory/host_vars/spinat.freifunk-mwu.de
index 19ba7aa..3d6f31d 100644
--- a/inventory/host_vars/spinat.freifunk-mwu.de
+++ b/inventory/host_vars/spinat.freifunk-mwu.de
@@ -1,8 +1,21 @@
---
-ffmwu_server_type: "gateway"
+server_type: "gateway"
magic: 7
-ipv4_dhcp_range: 5
+
+public_gw_prefixes:
+ - ipv6: 2a03:2260:11a:0700::/56
+ - ipv6: 2a03:2260:11b:0700::/56
+
+mesh_gw_prefixes:
+ mz:
+ ipv4_dhcp: 10.37.20.0/22
+ ipv6_public:
+ - 2a03:2260:11a:0700::/64
+ wi:
+ ipv4_dhcp: 10.56.20.0/22
+ ipv6_public:
+ - 2a03:2260:11b:0700::/64
ffrl_public_ipv4_nat: 185.66.195.32/32
diff --git a/inventory/host_vars/suesskartoffel.freifunk-mwu.de b/inventory/host_vars/suesskartoffel.freifunk-mwu.de
index 04069a2..fec4d4b 100644
--- a/inventory/host_vars/suesskartoffel.freifunk-mwu.de
+++ b/inventory/host_vars/suesskartoffel.freifunk-mwu.de
@@ -1,4 +1,4 @@
---
-ffmwu_server_type: "monitoring"
+server_type: "monitoring"
magic: 32
diff --git a/inventory/host_vars/uffschnitt.freifunk-mwu.de b/inventory/host_vars/uffschnitt.freifunk-mwu.de
index 0446d1a..9cc30a1 100644
--- a/inventory/host_vars/uffschnitt.freifunk-mwu.de
+++ b/inventory/host_vars/uffschnitt.freifunk-mwu.de
@@ -1,8 +1,21 @@
---
-ffmwu_server_type: "gateway"
+server_type: "gateway"
magic: 101
-ipv4_dhcp_range: 8
+
+public_gw_prefixes:
+ - ipv6: 2a03:2260:11a:6500::/56
+ - ipv6: 2a03:2260:11b:6500::/56
+
+mesh_gw_prefixes:
+ mz:
+ ipv4_dhcp: 10.37.32.0/22
+ ipv6_public:
+ - 2a03:2260:11a:6500::/64
+ wi:
+ ipv4_dhcp: 10.56.32.0/22
+ ipv6_public:
+ - 2a03:2260:11b:6500::/64
ffrl_public_ipv4_nat: 185.66.195.37/32
diff --git a/inventory/host_vars/wasserfloh.freifunk-mwu.de b/inventory/host_vars/wasserfloh.freifunk-mwu.de
index be82f2a..649c548 100644
--- a/inventory/host_vars/wasserfloh.freifunk-mwu.de
+++ b/inventory/host_vars/wasserfloh.freifunk-mwu.de
@@ -1,8 +1,21 @@
---
-ffmwu_server_type: "gateway"
+server_type: "gateway"
magic: 231
-ipv4_dhcp_range: 9
+
+public_gw_prefixes:
+ - ipv6: 2a03:2260:11a:e700::/56
+ - ipv6: 2a03:2260:11b:e700::/56
+
+mesh_gw_prefixes:
+ mz:
+ ipv4_dhcp: 10.37.36.0/22
+ ipv6_public:
+ - 2a03:2260:11a:e700::/64
+ wi:
+ ipv4_dhcp: 10.56.36.0/22
+ ipv6_public:
+ - 2a03:2260:11b:e700::/64
ffrl_public_ipv4_nat: 185.66.195.33/32
diff --git a/roles/network-anycast/README.md b/roles/network-anycast/README.md
index ef730a2..0b926c5 100644
--- a/roles/network-anycast/README.md
+++ b/roles/network-anycast/README.md
@@ -7,5 +7,5 @@ Diese Ansible role konfiguriert das FFMWU Anycast Interface.
## Benötigte Variablen
-- ffmwu_anycast_ipv4 # Anycast IPv4 Adresse
-- ffmwu_anycast_ipv6 # Anycast IPv6 Adresse
+- anycast_ipv4 # Anycast IPv4 Adresse
+- anycast_ipv6 # Anycast IPv6 Adresse
diff --git a/roles/network-anycast/templates/anycast.j2 b/roles/network-anycast/templates/anycast.j2
index 91b9653..84d796e 100644
--- a/roles/network-anycast/templates/anycast.j2
+++ b/roles/network-anycast/templates/anycast.j2
@@ -4,5 +4,5 @@
auto anycast
iface anycast
link-type dummy
- address {{ ffmwu_anycast_ipv4 | ipaddr('network/prefix') }}
- address {{ ffmwu_anycast_ipv6 | ipaddr('network/prefix') }}
+ address {{ anycast_ipv4 | ipaddr('network/prefix') }}
+ address {{ anycast_ipv6 | ipaddr('network/prefix') }}
diff --git a/roles/network-batman/README.md b/roles/network-batman/README.md
index aed65d4..8a3992e 100644
--- a/roles/network-batman/README.md
+++ b/roles/network-batman/README.md
@@ -40,7 +40,7 @@ meshes:
- Host Variable `magic`
-- Host Variable `ffmwu_server_type`
+- Host Variable `server_type`
## MAC-Adressen
diff --git a/roles/network-batman/tasks/main.yml b/roles/network-batman/tasks/main.yml
index f50750a..08d72d6 100644
--- a/roles/network-batman/tasks/main.yml
+++ b/roles/network-batman/tasks/main.yml
@@ -2,7 +2,7 @@
- name: create dummy interfaces
template:
src: dummy.j2
- dest: "/etc/network/interfaces.d/{{ item.id }}0"
+ dest: "/etc/network/interfaces.d/{{ item.id }}"
notify: reload network interfaces
loop: "{{ meshes }}"
diff --git a/roles/network-batman/templates/batman.j2 b/roles/network-batman/templates/batman.j2
index f0084b5..bf44ea6 100644
--- a/roles/network-batman/templates/batman.j2
+++ b/roles/network-batman/templates/batman.j2
@@ -7,9 +7,9 @@
auto {{ item.id }}bat
iface {{ item.id }}bat
hwaddress {{ mac | hwaddr('linux') }}
- batman-ifaces {{ item.id }}0 {% if ffmwu_server_type == 'gateway' %}{% for instance in item.fastd.nodes.instances %}{{ item.id }}vpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% endif %}{% for instance in item.fastd.backbone.instances %}{{ item.id }}igvpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %}
+ batman-ifaces {{ item.id }} {% if server_type == 'gateway' %}{% for instance in item.fastd.nodes.instances %}{{ item.id }}vpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% endif %}{% for instance in item.fastd.backbone.instances %}{{ item.id }}igvpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %}
batman-hop-penalty {{ item.batman.hop_penalty }}
post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }}
post-up /usr/sbin/batctl -m $IFACE mm {{ item.batman.mm }}
post-up /usr/sbin/batctl -m $IFACE dat {{ item.batman.dat }}
- post-up /usr/sbin/batctl -m $IFACE gw {% if ffmwu_server_type == 'gateway' %}{{ item.batman.gw }}{% else %}off{% endif %}
+ post-up /usr/sbin/batctl -m $IFACE gw {% if server_type == 'gateway' %}{{ item.batman.gw }}{% else %}off{% endif %}
diff --git a/roles/network-batman/templates/dummy.j2 b/roles/network-batman/templates/dummy.j2
index a18a325..cf781be 100644
--- a/roles/network-batman/templates/dummy.j2
+++ b/roles/network-batman/templates/dummy.j2
@@ -3,7 +3,7 @@
#
# {{ ansible_managed }}
#
-auto {{ item.id }}0
-iface {{ item.id }}0
+auto {{ item.id }}
+iface {{ item.id }}
link-type dummy
hwaddress {{ mac | hwaddr('linux') }}
diff --git a/roles/network-fastd/README.md b/roles/network-fastd/README.md
index a2a5f63..e163825 100644
--- a/roles/network-fastd/README.md
+++ b/roles/network-fastd/README.md
@@ -34,7 +34,7 @@ meshes:
- Host Variable `magic`
-- Host Variable `ffmwu_server_type`
+- Host Variable `server_type`
## MAC-Adressen
diff --git a/roles/network-fastd/tasks/main.yml b/roles/network-fastd/tasks/main.yml
index a611757..f6d34b1 100644
--- a/roles/network-fastd/tasks/main.yml
+++ b/roles/network-fastd/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: create fastd mesh interfaces
- when: ffmwu_server_type == "gateway"
+ when: server_type == "gateway"
template:
src: fastd-mesh.j2
dest: "/etc/network/interfaces.d/{{ item.0.id }}vpn-{{ item.1.mtu }}"
diff --git a/roles/network-loopback/README.md b/roles/network-loopback/README.md
index fa5bc9f..c33595d 100644
--- a/roles/network-loopback/README.md
+++ b/roles/network-loopback/README.md
@@ -7,5 +7,5 @@ Diese Ansible role konfiguriert das FFMWU Loopback Interface.
## Benötigte Variablen
-- ffmwu_loopback_net_ipv4 # IPv4-Subnetz aus dem die Loopback IPs berechnet werden
-- ffmwu_loopback_net_ipv6 # IPv6-Subnetz aus dem die Loopback IPs berechnet werden
+- loopback_net_ipv4 # IPv4-Subnetz aus dem die Loopback IPs berechnet werden
+- loopback_net_ipv6 # IPv6-Subnetz aus dem die Loopback IPs berechnet werden
diff --git a/roles/network-loopback/templates/loopback.j2 b/roles/network-loopback/templates/loopback.j2
index dd6ccd1..aca7802 100644
--- a/roles/network-loopback/templates/loopback.j2
+++ b/roles/network-loopback/templates/loopback.j2
@@ -4,5 +4,5 @@
auto loopback
iface loopback
link-type dummy
- address {{ ffmwu_loopback_net_ipv4 | ipsubnet(32, magic) | ipaddr('network/prefix') }}
- address {{ ffmwu_loopback_net_ipv6 | ipaddr(magic) | ipaddr('address') }}/128
+ address {{ loopback_net_ipv4 | ipsubnet(32, magic) | ipaddr('network/prefix') }}
+ address {{ loopback_net_ipv6 | ipaddr(magic) | ipaddr('address') }}/128
diff --git a/roles/network-meshbridge/templates/bridge.j2 b/roles/network-meshbridge/templates/bridge.j2
index 65a464b..2fd6f30 100644
--- a/roles/network-meshbridge/templates/bridge.j2
+++ b/roles/network-meshbridge/templates/bridge.j2
@@ -1,6 +1,7 @@
#
# {{ ansible_managed }}
#
+
auto {{ item.id }}br
iface {{ item.id }}br
address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }}
@@ -9,8 +10,10 @@ iface {{ item.id }}br
{% endfor %}
{% for prefix in item.ipv6_public %}
address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
-{% if ffmwu_server_type == "gateway" %}
- address {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr(1) | ipaddr('ip/prefix') }}
-{% endif %}
{% endfor %}
+{% if mesh_gw_prefixes is defined %}
+{% for prefix in mesh_gw_prefixes[item.id].ipv6_public %}
+ address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(1) | ipaddr('ip/prefix') }}
+{% endfor %}
+{% endif %}
bridge-ports {{ item.id }}bat
diff --git a/roles/network-routing/README.md b/roles/network-routing/README.md
index 06b763c..e206672 100644
--- a/roles/network-routing/README.md
+++ b/roles/network-routing/README.md
@@ -36,4 +36,4 @@ sysctl_settings_routing_(basic|gateway):
- Host Variable `magic`
-- Host Variable `ffmwu_server_type`
+- Host Variable `server_type`
diff --git a/roles/network-routing/tasks/main.yml b/roles/network-routing/tasks/main.yml
index 194d71f..002c918 100644
--- a/roles/network-routing/tasks/main.yml
+++ b/roles/network-routing/tasks/main.yml
@@ -61,7 +61,7 @@
loop: "{{ sysctl_settings_routing_basic }}"
- name: set gateway sysctl settings for routing
- when: ffmwu_server_type == "gateway"
+ when: server_type == "gateway"
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
diff --git a/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2 b/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2
index 252b97c..38ba4b4 100644
--- a/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2
+++ b/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2
@@ -5,52 +5,52 @@
# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
{% for mesh in meshes %}
-ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
-ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
-{% for ula in mesh.ipv6_ula %}
-ip -6 rule add from {{ ula }} lookup mwu priority 7
-ip -6 rule add to {{ ula }} lookup mwu priority 7
-{% endfor %}
-{% for public in mesh.ipv6_public %}
-ip -6 rule add from {{ public }} lookup mwu priority 7
-ip -6 rule add to {{ public }} lookup mwu priority 7
-{% endfor %}
ip -6 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
{% endfor %}
+{% for prefix in internal_prefixes %}
+ip -4 rule add from {{ prefix.ipv4 }} lookup mwu priority 7
+ip -4 rule add to {{ prefix.ipv4 }} lookup mwu priority 7
+ip -6 rule add from {{ prefix.ipv6 }} lookup mwu priority 7
+ip -6 rule add to {{ prefix.ipv6 }} lookup mwu priority 7
+{% endfor %}
+{% for prefix in public_prefixes %}
+ip -6 rule add from {{ prefix.ipv6 }} lookup mwu priority 7
+ip -6 rule add to {{ prefix.ipv6 }} lookup mwu priority 7
+{% endfor %}
-{% if ffmwu_server_type == 'gateway' %}
+{% if server_type == 'gateway' %}
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
{% for mesh in meshes %}
-ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
-ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
-{% for ula in mesh.ipv6_ula %}
-ip -6 rule add from {{ ula }} lookup icvpn priority 23
-ip -6 rule add to {{ ula }} lookup icvpn priority 23
-{% endfor %}
-{% for public in mesh.ipv6_public %}
-ip -6 rule add from {{ public }} lookup icvpn priority 23
-ip -6 rule add to {{ public }} lookup icvpn priority 23
-{% endfor %}
ip -6 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
{% endfor %}
+{% for prefix in internal_prefixes %}
+ip -4 rule add from {{ prefix.ipv4 }} lookup icvpn priority 23
+ip -4 rule add to {{ prefix.ipv4 }} lookup icvpn priority 23
+ip -6 rule add from {{ prefix.ipv6 }} lookup icvpn priority 23
+ip -6 rule add to {{ prefix.ipv6 }} lookup icvpn priority 23
+{% endfor %}
+{% for prefix in public_prefixes %}
+ip -6 rule add from {{ prefix.ipv6 }} lookup icvpn priority 23
+ip -6 rule add to {{ prefix.ipv6 }} lookup icvpn priority 23
+{% endfor %}
ip -4 rule add from all oif icvpn lookup icvpn priority 23
ip -6 rule add from all oif icvpn lookup icvpn priority 23
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
{% for mesh in meshes %}
-ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41
-{% for ula in mesh.ipv6_ula %}
-ip -6 rule add from {{ ula }} lookup internet priority 41
-ip -6 rule add to {{ ula }} lookup internet priority 41
-{% endfor %}
-{% for public in mesh.ipv6_public %}
-ip -6 rule add from {{ public }} lookup internet priority 41
-ip -6 rule add to {{ public }} lookup internet priority 41
-{% endfor %}
ip -6 rule add from all oif {{ mesh.id }}br lookup internet priority 41
{% endfor %}
+{% for prefix in internal_prefixes %}
+ip -4 rule add from {{ prefix.ipv4 }} lookup internet priority 41
+ip -6 rule add from {{ prefix.ipv6 }} lookup internet priority 41
+ip -6 rule add to {{ prefix.ipv6 }} lookup internet priority 41
+{% endfor %}
+{% for prefix in public_prefixes %}
+ip -6 rule add from {{ prefix.ipv6 }} lookup internet priority 41
+ip -6 rule add to {{ prefix.ipv6 }} lookup internet priority 41
+{% endfor %}
ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
@@ -67,11 +67,9 @@ ip -6 rule add from all iif {{ server_id }} type unreachable priority 61
{% endfor %}
ip -6 rule add from all iif icvpn type unreachable priority 61
ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
-{% for mesh in meshes %}
-{% for public in mesh.ipv6_public %}
-ip -6 rule add from {{ public }} type unreachable priority 61
-ip -6 rule add to {{ public }} type unreachable priority 61
-{% endfor %}
+{% for prefix in public_prefixes %}
+ip -6 rule add from {{ prefix.ipv6 }} type unreachable priority 61
+ip -6 rule add to {{ prefix.ipv6 }} type unreachable priority 61
{% endfor %}
# Priority 107 - lookup policies for the gateway host self originating traffic
diff --git a/roles/network-routing/templates/ffmwu-add-static-routes.sh.j2 b/roles/network-routing/templates/ffmwu-add-static-routes.sh.j2
index a31dcb9..532edee 100644
--- a/roles/network-routing/templates/ffmwu-add-static-routes.sh.j2
+++ b/roles/network-routing/templates/ffmwu-add-static-routes.sh.j2
@@ -4,21 +4,25 @@
#
{% for mesh in meshes %}
-# static {{ mesh.site_name }} routes for rt_table mwu
+# static {{ mesh.domain_name }} routes for rt_table mwu
/sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
{% for ula in mesh.ipv6_ula %}
/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
{% endfor %}
{% for public in mesh.ipv6_public %}
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
-/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
{% endfor %}
+{% if mesh_gw_prefixes is defined %}
+{% for public in mesh_gw_prefixes[mesh.id].ipv6_public %}
+/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
+{% endfor %}
+{% endif %}
{% if not loop.last %}
{% endif %}
{% endfor %}
-{% if ffmwu_server_type == 'gateway' %}
+{% if server_type == 'gateway' %}
# static blackhole routes for rt_table internet
/sbin/ip -4 route add blackhole 0.0.0.0/8 table internet
/sbin/ip -4 route add blackhole 10.0.0.0/8 table internet
diff --git a/roles/network-routing/templates/ffmwu-del-ip-rules.sh.j2 b/roles/network-routing/templates/ffmwu-del-ip-rules.sh.j2
index fad09a0..d8913ce 100644
--- a/roles/network-routing/templates/ffmwu-del-ip-rules.sh.j2
+++ b/roles/network-routing/templates/ffmwu-del-ip-rules.sh.j2
@@ -5,52 +5,52 @@
# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
{% for mesh in meshes %}
-ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
-ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
-{% for ula in mesh.ipv6_ula %}
-ip -6 rule del from {{ ula }} lookup mwu priority 7
-ip -6 rule del to {{ ula }} lookup mwu priority 7
-{% endfor %}
-{% for public in mesh.ipv6_public %}
-ip -6 rule del from {{ public }} lookup mwu priority 7
-ip -6 rule del to {{ public }} lookup mwu priority 7
-{% endfor %}
ip -6 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
{% endfor %}
+{% for prefix in internal_prefixes %}
+ip -4 rule del from {{ prefix.ipv4 }} lookup mwu priority 7
+ip -4 rule del to {{ prefix.ipv4 }} lookup mwu priority 7
+ip -6 rule del from {{ prefix.ipv6 }} lookup mwu priority 7
+ip -6 rule del to {{ prefix.ipv6 }} lookup mwu priority 7
+{% endfor %}
+{% for prefix in public_prefixes %}
+ip -6 rule del from {{ prefix.ipv6 }} lookup mwu priority 7
+ip -6 rule del to {{ prefix.ipv6 }} lookup mwu priority 7
+{% endfor %}
-{% if ffmwu_server_type == 'gateway' %}
+{% if server_type == 'gateway' %}
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
{% for mesh in meshes %}
-ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
-ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
-{% for ula in mesh.ipv6_ula %}
-ip -6 rule del from {{ ula }} lookup icvpn priority 23
-ip -6 rule del to {{ ula }} lookup icvpn priority 23
-{% endfor %}
-{% for public in mesh.ipv6_public %}
-ip -6 rule del from {{ public }} lookup icvpn priority 23
-ip -6 rule del to {{ public }} lookup icvpn priority 23
-{% endfor %}
ip -6 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
{% endfor %}
+{% for prefix in internal_prefixes %}
+ip -4 rule del from {{ prefix.ipv4 }} lookup icvpn priority 23
+ip -4 rule del to {{ prefix.ipv4 }} lookup icvpn priority 23
+ip -6 rule del from {{ prefix.ipv6 }} lookup icvpn priority 23
+ip -6 rule del to {{ prefix.ipv6 }} lookup icvpn priority 23
+{% endfor %}
+{% for prefix in public_prefixes %}
+ip -6 rule del from {{ prefix.ipv6 }} lookup icvpn priority 23
+ip -6 rule del to {{ prefix.ipv6 }} lookup icvpn priority 23
+{% endfor %}
ip -4 rule del from all oif icvpn lookup icvpn priority 23
ip -6 rule del from all oif icvpn lookup icvpn priority 23
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
{% for mesh in meshes %}
-ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41
-{% for ula in mesh.ipv6_ula %}
-ip -6 rule del from {{ ula }} lookup internet priority 41
-ip -6 rule del to {{ ula }} lookup internet priority 41
-{% endfor %}
-{% for public in mesh.ipv6_public %}
-ip -6 rule del from {{ public }} lookup internet priority 41
-ip -6 rule del to {{ public }} lookup internet priority 41
-{% endfor %}
ip -6 rule del from all oif {{ mesh.id }}br lookup internet priority 41
{% endfor %}
+{% for prefix in internal_prefixes %}
+ip -4 rule del from {{ prefix.ipv4 }} lookup internet priority 41
+ip -6 rule del from {{ prefix.ipv6 }} lookup internet priority 41
+ip -6 rule del to {{ prefix.ipv6 }} lookup internet priority 41
+{% endfor %}
+{% for prefix in public_prefixes %}
+ip -6 rule del from {{ prefix.ipv6 }} lookup internet priority 41
+ip -6 rule del to {{ prefix.ipv6 }} lookup internet priority 41
+{% endfor %}
ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
@@ -67,11 +67,9 @@ ip -6 rule del from all iif {{ server_id }} type unreachable priority 61
{% endfor %}
ip -6 rule del from all iif icvpn type unreachable priority 61
ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
-{% for mesh in meshes %}
-{% for public in mesh.ipv6_public %}
-ip -6 rule del from {{ public }} type unreachable priority 61
-ip -6 rule del to {{ public }} type unreachable priority 61
-{% endfor %}
+{% for prefix in public_prefixes %}
+ip -6 rule del from {{ prefix.ipv6 }} type unreachable priority 61
+ip -6 rule del to {{ prefix.ipv6 }} type unreachable priority 61
{% endfor %}
# Priority 107 - lookup policies for the gateway host self originating traffic
diff --git a/roles/network-routing/templates/ffmwu-del-static-routes.sh.j2 b/roles/network-routing/templates/ffmwu-del-static-routes.sh.j2
index 6669cef..16a7a5e 100644
--- a/roles/network-routing/templates/ffmwu-del-static-routes.sh.j2
+++ b/roles/network-routing/templates/ffmwu-del-static-routes.sh.j2
@@ -4,21 +4,25 @@
#
{% for mesh in meshes %}
-# static {{ mesh.site_name }} routes for rt_table mwu
+# static {{ mesh.domain_name }} routes for rt_table mwu
/sbin/ip -4 route del {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
{% for ula in mesh.ipv6_ula %}
/sbin/ip -6 route del {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
{% endfor %}
{% for public in mesh.ipv6_public %}
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
-/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
{% endfor %}
+{% if mesh_gw_prefixes is defined %}
+{% for public in mesh_gw_prefixes[mesh.id].ipv6_public %}
+/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
+{% endfor %}
+{% endif%}
{% if not loop.last %}
{% endif %}
{% endfor %}
-{% if ffmwu_server_type == 'gateway' %}
+{% if server_type == 'gateway' %}
# static blackhole routes for rt_table internet
/sbin/ip -4 route del blackhole 0.0.0.0/8 table internet
/sbin/ip -4 route del blackhole 10.0.0.0/8 table internet
diff --git a/roles/prerequisites/README.md b/roles/prerequisites/README.md
index 8726864..da70d08 100644
--- a/roles/prerequisites/README.md
+++ b/roles/prerequisites/README.md
@@ -16,4 +16,4 @@ Die folgenden Variablen werden über einen DNS Lookup gesetzt:
- Variable `dns_host_ipv6_address` (Rollen-Variable)
- Variable `dns_gate_num_cname` (Rollen-Variable)
- Variable `dns_gate_icvpn_cname` (Rollen-Variable)
-- Variable `ffmwu_server_type`
+- Variable `server_type`
diff --git a/roles/prerequisites/tasks/main.yml b/roles/prerequisites/tasks/main.yml
index 90d95e4..2c69295 100755
--- a/roles/prerequisites/tasks/main.yml
+++ b/roles/prerequisites/tasks/main.yml
@@ -14,7 +14,7 @@
- "ansible_distribution_major_version == '9'"
- name: Check gateway specific DNS entries
- when: ffmwu_server_type == "gateway"
+ when: server_type == "gateway"
assert:
that:
- "dns_gate_num_cname == inventory_hostname"
diff --git a/roles/service-bind-slave/tasks/main.yml b/roles/service-bind-slave/tasks/main.yml
index 81a3248..ed411f5 100644
--- a/roles/service-bind-slave/tasks/main.yml
+++ b/roles/service-bind-slave/tasks/main.yml
@@ -38,7 +38,7 @@
- name: write named.conf for meshes
template:
src: named.conf.mesh.j2
- dest: /etc/bind/named.conf.{{ item.site_code }}
+ dest: /etc/bind/named.conf.{{ item.domain_code }}
owner: root
group: bind
mode: 0644
diff --git a/roles/service-bind-slave/templates/named.conf.j2 b/roles/service-bind-slave/templates/named.conf.j2
index e7d3814..895ff5c 100644
--- a/roles/service-bind-slave/templates/named.conf.j2
+++ b/roles/service-bind-slave/templates/named.conf.j2
@@ -6,6 +6,6 @@ include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.logging";
{% for mesh in meshes %}
-include "/etc/bind/named.conf.{{ mesh.site_code }}";
+include "/etc/bind/named.conf.{{ mesh.domain_code }}";
{% endfor %}
include "/etc/bind/named.conf.icvpn";
diff --git a/roles/service-bind-slave/templates/named.conf.mesh.j2 b/roles/service-bind-slave/templates/named.conf.mesh.j2
index 3a9a77a..2dd7283 100644
--- a/roles/service-bind-slave/templates/named.conf.mesh.j2
+++ b/roles/service-bind-slave/templates/named.conf.mesh.j2
@@ -3,10 +3,11 @@
//
// ACLs
-masters "ns-master-{{ item.site_code }}" {
+masters "ns-master-{{ item.domain_code }}" {
{{ item.dns.master }};
};
+{% if item.dns.forward_zones is defined %}
{% for zone in item.dns.forward_zones %}
{% if zone.master is defined %}
masters "ns-master-{{ zone.name }}" {
@@ -15,15 +16,17 @@ masters "ns-master-{{ zone.name }}" {
{% endif %}
{% endfor %}
+{% endif %}
-acl "intern-{{ item.site_code }}" {
+acl "intern-{{ item.domain_code }}" {
{{ item.ipv4_network | ipaddr('net') | ipaddr('network/prefix') }};
{% for prefix in item.ipv6_ula %}
{{ prefix | ipaddr('net') | ipaddr('network/prefix') }};
{% endfor %}
};
-// DNS forward zones for {{ item.site_code }}
+{% if item.dns.forward_zones is defined %}
+// DNS forward zones for {{ item.domain_code }}
{% for zone in item.dns.forward_zones %}
zone "{{ zone.name }}." {
type slave;
@@ -31,26 +34,27 @@ zone "{{ zone.name }}." {
{% if zone.master is defined %}
masters { ns-master-{{ zone.name }}; };
{% else %}
- masters { ns-master-{{ item.site_code }}; };
+ masters { ns-master-{{ item.domain_code }}; };
{% endif %}
};
{% if not loop.last %}
{% endif %}
{% endfor %}
+{% endif %}
-// DNS reverse zones for {{ item.site_code }}
+// DNS reverse zones for {{ item.domain_code }}
zone "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}" {
type slave;
file "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}";
- masters { ns-master-{{ item.site_code }}; };
+ masters { ns-master-{{ item.domain_code }}; };
};
{% for prefix in item.ipv6_ula %}
zone "{{ prefix | ipaddr('net') | ipaddr('revdns') }}" {
type slave;
file "{{ prefix | ipaddr('net') | ipaddr('revdns') }}";
- masters { ns-master-{{ item.site_code }}; };
+ masters { ns-master-{{ item.domain_code }}; };
};
{% if not loop.last %}
diff --git a/roles/service-bind-slave/templates/named.conf.options.j2 b/roles/service-bind-slave/templates/named.conf.options.j2
index f2c7215..57a70b1 100644
--- a/roles/service-bind-slave/templates/named.conf.options.j2
+++ b/roles/service-bind-slave/templates/named.conf.options.j2
@@ -12,15 +12,15 @@ options {
127.0.0.1;
::1;
{% for mesh in meshes %}
- intern-{{ mesh.site_code }};
+ intern-{{ mesh.domain_code }};
{% endfor %}
};
allow-transfer { any; };
listen-on {
127.0.0.1;
- {{ ffmwu_anycast_ipv4 | ipaddr('address') }};
- {{ ffmwu_loopback_net_ipv4 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
+ {{ anycast_ipv4 | ipaddr('address') }};
+ {{ loopback_net_ipv4 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
{% for mesh in meshes %}
{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
{% endfor %}
@@ -29,8 +29,8 @@ options {
listen-on-v6 {
::1;
- {{ ffmwu_anycast_ipv6 | ipaddr('address') }};
- {{ ffmwu_loopback_net_ipv6 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
+ {{ anycast_ipv6 | ipaddr('address') }};
+ {{ loopback_net_ipv6 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
{% for mesh in meshes %}
{% for ip in mesh.ipv6_ula %}
{{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }};
diff --git a/roles/service-bird-ffrl/templates/ffrl_ipv6.conf.j2 b/roles/service-bird-ffrl/templates/ffrl_ipv6.conf.j2
index e5263a6..08fe334 100644
--- a/roles/service-bird-ffrl/templates/ffrl_ipv6.conf.j2
+++ b/roles/service-bird-ffrl/templates/ffrl_ipv6.conf.j2
@@ -11,9 +11,8 @@ table ffrl;
# Functions
function is_ffrl_public_nets() {
return net ~ [
-{% for mesh in meshes %}
-{% for prefix in mesh.ipv6_public %}
- {{ prefix }}{48,56}{{ "," if not loop.last else "" }}{% endfor %}{{ "," if not loop.last else "" }}
+{% for prefix in public_gw_prefixes %}
+ {{ prefix.ipv6 }}{48,56}{{ "," if not loop.last else "" }}
{% endfor %}
];
}
@@ -40,11 +39,11 @@ filter ebgp_ffrl_export_filter {
# Protocols
protocol static ffrl_public_routes {
table ffrl;
-{% for mesh in meshes %}
-{% for prefix in mesh.ipv6_public %}
- route {{ prefix }} reject;
- route {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipaddr('network/prefix') }} reject;
+{% for prefix in public_prefixes %}
+ route {{ prefix.ipv6 }} reject;
{% endfor %}
+{% for prefix in public_gw_prefixes %}
+ route {{ prefix.ipv6 }} reject;
{% endfor %}
}
diff --git a/roles/service-bird-lg/tasks/main.yml b/roles/service-bird-lg/tasks/main.yml
index 875c12c..d47d7ab 100644
--- a/roles/service-bird-lg/tasks/main.yml
+++ b/roles/service-bird-lg/tasks/main.yml
@@ -35,9 +35,9 @@
group: "{{ lg_user }}"
- name: configure lg-proxy
- when: ffmwu_server_type == "gateway"
+ when: server_type == "gateway"
include_tasks: lg-proxy.yml
- name: configure lg-webservice
- when: ffmwu_server_type == "monitoring"
+ when: server_type == "monitoring"
include_tasks: lg-webservice.yml
diff --git a/roles/service-bird-lg/templates/lg.cfg.j2 b/roles/service-bird-lg/templates/lg.cfg.j2
index 7348073..20eb42d 100644
--- a/roles/service-bird-lg/templates/lg.cfg.j2
+++ b/roles/service-bird-lg/templates/lg.cfg.j2
@@ -22,7 +22,7 @@ ROUTER_IP = {
AS_NUMBER = {
{% for host in groups["ffmwu-gateways"] %}
- "{{ host.rsplit('.freifunk-mwu.de')[0] }}" : "{{ as_private_mwu }}",
+ "{{ host.rsplit('.freifunk-mwu.de')[0] }}" : "{{ as_private }}",
{% endfor %}
}
diff --git a/roles/service-bird/README.md b/roles/service-bird/README.md
index 0b29b23..9e0acdf 100644
--- a/roles/service-bird/README.md
+++ b/roles/service-bird/README.md
@@ -13,16 +13,16 @@ Im iBGP peeren wir mangels separatem Transfernetz (im Moment) im Mainzer Mesh Ne
## Benötigte Variablen
- Variable `bgp_loopback_net` # IPv4-Range des Mainzer Meshes, hieraus werden die Loopback Adressen gewählt.
-- Variable `ffmwu_loopback_net_ipv4` # IPv4-Subnetz für Loopback-Adressen
-- Variable `ffmwu_loopback_net_ipv6` # IPv6-Subnetz für Loopback-Adressen
-- Variable `ffmwu_anycast_ipv4` # Anycast IPv4-Adresse
-- Variable `ffmwu_anycast_ipv6` # Anycast IPv6-Adresse
+- Variable `loopback_net_ipv4` # IPv4-Subnetz für Loopback-Adressen
+- Variable `loopback_net_ipv6` # IPv6-Subnetz für Loopback-Adressen
+- Variable `anycast_ipv4` # Anycast IPv4-Adresse
+- Variable `anycast_ipv6` # Anycast IPv6-Adresse
- Variable `bgp_ipv4_transfer_net` # IPv4-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird.
- Variable `bgp_ipv6_transfer_net` # IPv6-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird.
-- Variable `bgp_as_private_mwu` # Private ASN von Freifunk MWU
+- Variable `bgp_as_private` # Private ASN von Freifunk MWU
- Liste `bgp_groups` # List von Hostgruppen zu denen eine Verbindung aufgebaut werden soll
-- Liste `ffmwu_internal_prefixes`
-- Dictionary `bgp_mwu_servers`
+- Liste `internal_prefixes`
+- Dictionary `bgp_legacy_servers`
```
spinat: # kurzer Hostname des Peers
diff --git a/roles/service-bird/tasks/main.yml b/roles/service-bird/tasks/main.yml
index d8fb053..dad9963 100644
--- a/roles/service-bird/tasks/main.yml
+++ b/roles/service-bird/tasks/main.yml
@@ -52,7 +52,7 @@
notify: reload systemd unit bird6
- name: write radv.conf
- when: ffmwu_server_type == "gateway"
+ when: server_type == "gateway"
template:
src: radv.conf.j2
dest: /etc/bird/radv.conf
diff --git a/roles/service-bird/templates/bird.conf.j2 b/roles/service-bird/templates/bird.conf.j2
index 53969e7..f559ec2 100644
--- a/roles/service-bird/templates/bird.conf.j2
+++ b/roles/service-bird/templates/bird.conf.j2
@@ -4,7 +4,7 @@
# Variables
define mwu_address = {{ bgp_ipv4_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
-define mwu_as = {{ as_private_mwu }};
+define mwu_as = {{ as_private }};
define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
# General
@@ -38,7 +38,7 @@ function is_chaosvpn() {
function is_mwu_self_nets_loose() {
return net ~ [
-{% for prefix in ffmwu_internal_prefixes %}
+{% for prefix in internal_prefixes %}
{{ prefix.ipv4 | ipaddr('net') }}+{{ "," if not loop.last else "" }}
{% endfor %}
];
@@ -46,7 +46,7 @@ function is_mwu_self_nets_loose() {
function is_mwu_self_nets_strict() {
return net ~ [
-{% for prefix in ffmwu_internal_prefixes %}
+{% for prefix in internal_prefixes %}
{{ prefix.ipv4 | ipaddr('net') }}{{ "," if not loop.last else "" }}
{% endfor %}
];
@@ -54,13 +54,13 @@ function is_mwu_self_nets_strict() {
function is_mwu_loopback() {
return net ~ [
- {{ ffmwu_loopback_net_ipv4 }}+
+ {{ loopback_net_ipv4 }}+
];
}
function is_mwu_anycast() {
return net ~ [
- {{ ffmwu_anycast_ipv4 }}
+ {{ anycast_ipv4 }}
];
}
@@ -81,7 +81,7 @@ protocol direct mwu_loopback {
import where is_mwu_loopback();
};
-{% if ffmwu_server_type == "gateway" %}
+{% if server_type == "gateway" %}
protocol direct mwu_anycast {
interface "anycast";
import where is_mwu_anycast();
@@ -89,7 +89,7 @@ protocol direct mwu_anycast {
{% endif %}
protocol static {
-{% for prefix in ffmwu_internal_prefixes %}
+{% for prefix in internal_prefixes %}
route {{ prefix.ipv4 }} reject;
{% endfor %}
};
@@ -98,7 +98,7 @@ protocol kernel kernel_mwu {
scan time 30;
import none;
export filter {
-{% if ffmwu_server_type == "gateway" %}
+{% if server_type == "gateway" %}
if is_mwu_anycast() then reject;
{% else %}
if is_mwu_anycast() then accept;
@@ -114,7 +114,7 @@ template bgp ibgp_mwu {
local mwu_address as mwu_as;
import keep filtered on;
import filter {
-{% if ffmwu_server_type == "gateway" %}
+{% if server_type == "gateway" %}
if is_mwu_anycast() then reject;
{% endif %}
if is_mwu_self_nets_loose() then accept;
@@ -134,7 +134,7 @@ template bgp ibgp_mwu {
# Include IPv4 MWU peers
include "mwu_ipv4_peers.con?";
-{% if ffmwu_server_type == "gateway" %}
+{% if server_type == "gateway" %}
# Include IPv4 ICVPN configuration
include "icvpn_ipv4.con?";
diff --git a/roles/service-bird/templates/bird6.conf.j2 b/roles/service-bird/templates/bird6.conf.j2
index b89530a..73e7691 100644
--- a/roles/service-bird/templates/bird6.conf.j2
+++ b/roles/service-bird/templates/bird6.conf.j2
@@ -5,7 +5,7 @@
# Variables
define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
define mwu_address = {{ bgp_ipv6_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
-define mwu_as = {{ as_private_mwu }};
+define mwu_as = {{ as_private }};
# General
timeformat protocol iso long;
@@ -26,7 +26,7 @@ function is_ula() {
function is_mwu_self_nets_loose() {
return net ~ [
-{% for prefix in ffmwu_internal_prefixes %}
+{% for prefix in internal_prefixes %}
{{ prefix.ipv6 | ipaddr('net') }}+{{ "," if not loop.last else "" }}
{% endfor %}
];
@@ -34,7 +34,7 @@ function is_mwu_self_nets_loose() {
function is_mwu_self_nets_strict() {
return net ~ [
-{% for prefix in ffmwu_internal_prefixes %}
+{% for prefix in internal_prefixes %}
{{ prefix.ipv6 | ipaddr('net') }}{{ "," if not loop.last else "" }}
{% endfor %}
];
@@ -42,13 +42,13 @@ function is_mwu_self_nets_strict() {
function is_mwu_loopback() {
return net ~ [
- {{ ffmwu_loopback_net_ipv6 }}+
+ {{ loopback_net_ipv6 }}+
];
};
function is_mwu_anycast() {
return net ~ [
- {{ ffmwu_anycast_ipv6 }}+
+ {{ anycast_ipv6 }}+
];
};
@@ -69,7 +69,7 @@ protocol direct mwu_loopback {
import where is_mwu_loopback();
};
-{% if ffmwu_server_type == "gateway" %}
+{% if server_type == "gateway" %}
protocol direct mwu_anycast {
interface "anycast";
import where is_mwu_anycast();
@@ -77,7 +77,7 @@ protocol direct mwu_anycast {
{% endif %}
protocol static {
-{% for prefix in ffmwu_internal_prefixes %}
+{% for prefix in internal_prefixes %}
route {{ prefix.ipv6 }} reject;
{% endfor %}
};
@@ -86,7 +86,7 @@ protocol kernel kernel_mwu {
scan time 30;
import none;
export filter {
-{% if ffmwu_server_type == "gateway" %}
+{% if server_type == "gateway" %}
if is_mwu_anycast() then reject;
{% else %}
if is_mwu_anycast() then accept;
@@ -102,7 +102,7 @@ template bgp ibgp_mwu {
local mwu_address as mwu_as;
import keep filtered on;
import filter {
-{% if ffmwu_server_type == "gateway" %}
+{% if server_type == "gateway" %}
if is_mwu_anycast() then reject;
{% endif %}
if is_mwu_self_nets_loose() then accept;
@@ -120,7 +120,7 @@ template bgp ibgp_mwu {
# Include IPv6 MWU peers
include "mwu_ipv6_peers.con?";
-{% if ffmwu_server_type == "gateway" %}
+{% if server_type == "gateway" %}
# Include IPv6 ICVPN configuration
include "icvpn_ipv6.con?";
diff --git a/roles/service-bird/templates/mwu_ipv4_peers.conf.j2 b/roles/service-bird/templates/mwu_ipv4_peers.conf.j2
index 751cfac..59c5af8 100644
--- a/roles/service-bird/templates/mwu_ipv4_peers.conf.j2
+++ b/roles/service-bird/templates/mwu_ipv4_peers.conf.j2
@@ -12,7 +12,7 @@ protocol bgp mwu_{{ host.rsplit('.freifunk-mwu.de')[0] }} from ibgp_mwu {
{% endif %}
{% endfor %}
{% endfor %}
-{% for item, value in bgp_mwu_servers.items() %}
+{% for item, value in bgp_legacy_servers.items() %}
{% if item != inventory_hostname_short %}
protocol bgp mwu_{{ item }} from ibgp_mwu {
neighbor {{ value.ipv4 }} as mwu_as;
diff --git a/roles/service-bird/templates/mwu_ipv6_peers.conf.j2 b/roles/service-bird/templates/mwu_ipv6_peers.conf.j2
index 5dc864d..4420e1a 100644
--- a/roles/service-bird/templates/mwu_ipv6_peers.conf.j2
+++ b/roles/service-bird/templates/mwu_ipv6_peers.conf.j2
@@ -12,7 +12,7 @@ protocol bgp mwu_{{ host.rsplit('.freifunk-mwu.de')[0] }} from ibgp_mwu {
{% endif %}
{% endfor %}
{% endfor %}
-{% for item, value in bgp_mwu_servers.items() %}
+{% for item, value in bgp_legacy_servers.items() %}
{% if item != inventory_hostname_short %}
protocol bgp mwu_{{ item }} from ibgp_mwu {
neighbor {{ value.ipv6 }} as mwu_as;
diff --git a/roles/service-bird/templates/radv.conf.j2 b/roles/service-bird/templates/radv.conf.j2
index 1cfa1d0..42d6c1b 100644
--- a/roles/service-bird/templates/radv.conf.j2
+++ b/roles/service-bird/templates/radv.conf.j2
@@ -11,27 +11,31 @@ protocol radv radv_{{ mesh.id }} {
{% endfor %}
{% for prefix in mesh.ipv6_public %}
- prefix {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} {
- valid lifetime {{ mesh.radvd.advvalidlifetime }};
- preferred lifetime {{ mesh.radvd.advpreferredlifetime }};
- };
-
prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} {
skip yes;
};
{% endfor %}
+{% for prefix in mesh_gw_prefixes[mesh.id].ipv6_public %}
+ prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} {
+ valid lifetime {{ mesh.radvd.advvalidlifetime }};
+ preferred lifetime {{ mesh.radvd.advpreferredlifetime }};
+ };
+{% endfor %}
+
rdnss {
{% for prefix in mesh.ipv6_ula %}
ns {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }};
{% endfor %}
};
+{% if mesh.dnssl is defined %}
dnssl {
{% for dnssl in mesh.dnssl %}
domain "{{ dnssl }}";
{% endfor %}
};
+{% endif %}
link mtu {{ mesh.iface_mtu }};
};
diff --git a/roles/service-dhcpd/README.md b/roles/service-dhcpd/README.md
index 66bc317..72e0ed6 100644
--- a/roles/service-dhcpd/README.md
+++ b/roles/service-dhcpd/README.md
@@ -24,8 +24,8 @@ meshes:
```
- Host Variable `magic`
-- Host Variable `ipv4_dhcp_range`
+- Host Variable `ipv4_dhcp`
## DHCP Range
-In der Host-Variable `ipv4_dhcp_range` wird als Integer die Nummer des /22 Blocks aus `ipv4_network` definiert, welcher als DHCP Range verwendet werden soll. Dem Gateway Lotuswurzel ist die DHCP-Range 10.X.16.0-10.X.19.255 zugewiesen. Diese ist der 4. /22er Block, also wird in der Host-Variable für die Lotuswurzel `4` geschrieben.
+In der Host-Variable `ipv4_dhcp` wird als Integer die Nummer des /22 Blocks aus `ipv4_network` definiert, welcher als DHCP Range verwendet werden soll. Dem Gateway Lotuswurzel ist die DHCP-Range 10.X.16.0-10.X.19.255 zugewiesen. Diese ist der 4. /22er Block, also wird in der Host-Variable für die Lotuswurzel `4` geschrieben.
diff --git a/roles/service-dhcpd/templates/kea_dhcp4.conf.j2 b/roles/service-dhcpd/templates/kea_dhcp4.conf.j2
index 4cb5d5d..238c21f 100644
--- a/roles/service-dhcpd/templates/kea_dhcp4.conf.j2
+++ b/roles/service-dhcpd/templates/kea_dhcp4.conf.j2
@@ -38,7 +38,7 @@
{% for mesh in meshes %}
{
"subnet": "{{ mesh.ipv4_network | ipaddr('network/prefix') }}",
- "pools": [ { "pool": "{{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('range_usable') }}" } ],
+ "pools": [ { "pool": "{{ mesh_gw_prefixes[mesh.id].ipv4_dhcp | ipaddr('net') | ipaddr('range_usable') }}" } ],
"option-data": [
{
"name": "routers",
@@ -51,11 +51,12 @@
{
"name": "domain-name-servers",
"data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
- },
+ }{% if mesh.dnssl is defined %},
{
"name": "domain-search",
"data": "{% for dnssl in mesh.dnssl %}{{ dnssl }}{% if not loop.last %}, {% endif %}{% endfor %}"
}
+{% endif %}
]
{% if not loop.last %}
},
diff --git a/roles/service-fastd-backbone/tasks/main.yml b/roles/service-fastd-backbone/tasks/main.yml
index a88c5ea..9e4f36f 100644
--- a/roles/service-fastd-backbone/tasks/main.yml
+++ b/roles/service-fastd-backbone/tasks/main.yml
@@ -13,7 +13,7 @@
mode: 0755
owner: admin
group: admin
- loop: "{{ meshes | subelements('fastd.backbone.instances') }}"
+ loop: "{{ meshes | selectattr('legacy', 'defined') | list | subelements('fastd.backbone.instances') }}"
- name: clone fastd peer backbone repos
git:
@@ -23,7 +23,7 @@
update: yes
tags: sync-peers
notify: reload fastd backbone instances
- loop: "{{ meshes | subelements('fastd.backbone.instances') }}"
+ loop: "{{ meshes | selectattr('legacy', 'defined') | list | subelements('fastd.backbone.instances') }}"
become: false
- name: template fastd backbone config
diff --git a/roles/service-fastd-backbone/templates/fastd-backbone.conf.j2 b/roles/service-fastd-backbone/templates/fastd-backbone.conf.j2
index d99f8ca..c2388e5 100644
--- a/roles/service-fastd-backbone/templates/fastd-backbone.conf.j2
+++ b/roles/service-fastd-backbone/templates/fastd-backbone.conf.j2
@@ -13,15 +13,29 @@ method "aes128-ctr+umac";
interface "{{ item.0.id }}igvpn-{{ item.1.mtu }}";
-bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ item.0.site_number }};
-bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ item.0.site_number }};
+bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
+bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
include "secret.conf";
mtu {{ item.1.mtu }};
peer group "servers" {
+{% if item.0.legacy is defined %}
include peers from "peers/gates";
include peers from "peers/services";
+{% else %}
+{% for group in fastd_groups %}
+{% for host in groups[group] %}
+{% set peer = host.rsplit('.')[0] %}
+{% if host != inventory_hostname %}
+ peer "{{ peer }}" {
+ key "{{ lookup('passwordstore', item.1.pass + '/' + peer + ' subkey=public') }}";
+ remote ipv6 "{{ host }}" port 11{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
+ }
+{% endif %}
+{% endfor %}
+{% endfor %}
+{% endif %}
}
on up "/bin/systemctl reload networking";
diff --git a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
index e36e424..48c8939 100644
--- a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
+++ b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
@@ -13,8 +13,8 @@ method "salsa2012+umac";
interface "{{ item.0.id }}vpn-{{ item.1.mtu }}";
-bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ item.0.site_number }};
-bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ item.0.site_number }};
+bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
+bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
include "secret.conf";
mtu {{ item.1.mtu }};
diff --git a/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2 b/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
index cc9a29e..a7e87e4 100644
--- a/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
+++ b/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
@@ -38,6 +38,7 @@ server {
}
{% for mesh in meshes %}
+{% if mesh.legacy is defined %}
server {
listen 80;
listen [::]:80;
@@ -52,7 +53,7 @@ server {
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
- root /var/www/html/firmware/{{ mesh.site_name.lower() }};
+ root /var/www/html/firmware/{{ mesh.domain_name.lower() }};
location / {
autoindex on;
autoindex_exact_size off;
@@ -78,7 +79,7 @@ server {
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
- root /var/www/html/firmware/{{ mesh.site_name.lower() }};
+ root /var/www/html/firmware/{{ mesh.domain_name.lower() }};
location / {
autoindex on;
autoindex_exact_size off;
@@ -86,5 +87,6 @@ server {
}
{% if not loop.last %}
+{% endif %}
{% endif %}
{% endfor %}
diff --git a/roles/service-nginx-meshviewer/templates/config.js.j2 b/roles/service-nginx-meshviewer/templates/config.js.j2
index 7a5f3c2..09e765e 100644
--- a/roles/service-nginx-meshviewer/templates/config.js.j2
+++ b/roles/service-nginx-meshviewer/templates/config.js.j2
@@ -88,13 +88,13 @@ module.exports = function () {
'domainNames': [
{% for mesh in meshes %}
{
- 'domain': '{{ mesh.site_code }}',
- 'name': '{{ mesh.site_name }}'
+ 'domain': '{{ mesh.domain_code }}',
+ 'name': '{{ mesh.domain_name }}'
},
-{% if mesh.sites_virtual is defined %}
-{% for site, name in mesh.sites_virtual.items() %}
+{% if mesh.aliases is defined %}
+{% for domain, name in mesh.aliases.items() %}
{
- 'domain': '{{ site }}',
+ 'domain': '{{ domain }}',
'name': '{{ name }}'
},
{% endfor %}
diff --git a/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2 b/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2
index 0f144e3..595890a 100644
--- a/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2
+++ b/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2
@@ -55,6 +55,7 @@ server {
}
{% for mesh in meshes %}
+{% if mesh.http_domain_internal is defined %}
server {
listen 80;
listen [::]:80;
@@ -82,5 +83,6 @@ server {
}
{% if not loop.last %}
+{% endif %}
{% endif %}
{% endfor %}
diff --git a/roles/service-nginx/README.md b/roles/service-nginx/README.md
index 47487a1..995b420 100644
--- a/roles/service-nginx/README.md
+++ b/roles/service-nginx/README.md
@@ -11,5 +11,5 @@ Diese Ansible role installiert und konfiguriert den Web Server nginx.
## Benötigte Variablen
- Variable `acme_server`
-- Variable `ffmwu_server_type`
+- Variable `server_type`
- Variable `inventory_hostname_short`
diff --git a/roles/service-nginx/templates/index.html.j2 b/roles/service-nginx/templates/index.html.j2
index b1f1ce8..8d51fae 100644
--- a/roles/service-nginx/templates/index.html.j2
+++ b/roles/service-nginx/templates/index.html.j2
@@ -19,10 +19,10 @@
Freifunk MWU Server {{ inventory_hostname_short }}