Roles: improve multidomain support

This commit is contained in:
Julian Labus 2019-03-02 18:10:48 +01:00
parent 4127e56524
commit 721b278d3b
No known key found for this signature in database
GPG key ID: 8AF209F2C6B3572A
57 changed files with 344 additions and 223 deletions

View file

@ -78,7 +78,7 @@ Weitere Gruppen-Variablen:
|Name|Type|Value|Format|Comment| |Name|Type|Value|Format|Comment|
|----|----|-----|------|-------| |----|----|-----|------|-------|
|as_private_mwu|Variable|65037|integer|Privates AS von Freifunk MWU| |as_private|Variable|65037|integer|Privates AS von Freifunk MWU|
|as_public_ffrl|Variable|201701|integer|Public AS von Freifunk Rheinland| |as_public_ffrl|Variable|201701|integer|Public AS von Freifunk Rheinland|
|internet_exit_tcp_mss_ipv4|Variable|1240|integer|IPv4 TCP MSS| |internet_exit_tcp_mss_ipv4|Variable|1240|integer|IPv4 TCP MSS|
|internet_exit_tcp_mss_ipv6|Variable|1220|integer|IPv6 TCP MSS| |internet_exit_tcp_mss_ipv6|Variable|1220|integer|IPv6 TCP MSS|
@ -97,9 +97,9 @@ Weitere Gruppen-Variablen:
|icvpn.prefix|Key|mwu|string|Prefix für MWU Gateways, z.B. `mwu7` für Spinat| |icvpn.prefix|Key|mwu|string|Prefix für MWU Gateways, z.B. `mwu7` für Spinat|
|icvpn.interface|Key|icvpn|string|Name für ICVPN Interface + tinc Instanz| |icvpn.interface|Key|icvpn|string|Name für ICVPN Interface + tinc Instanz|
|icvpn.icvpn_repo|Key|https://github.com/freifunk/icvpn|string|URL zum freifunk/icvpn Repository| |icvpn.icvpn_repo|Key|https://github.com/freifunk/icvpn|string|URL zum freifunk/icvpn Repository|
|bgp_mwu_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net| |bgp_legacy_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net|
|bgp_mwu_servers.spinat|Dictionary|||| |bgp_legacy_servers.spinat|Dictionary||||
|bgp_mwu_servers.spinat.ipv4|Variable|10.37.0.7|string - IPv4-Adresse|| |bgp_legacy_servers.spinat.ipv4|Variable|10.37.0.7|string - IPv4-Adresse||
|bgp_mwu_server.spinat.ipv6|Variable|fd37:b4dc:4b1e::a25:7|string - IPv6-Adresse|| |bgp_mwu_server.spinat.ipv6|Variable|fd37:b4dc:4b1e::a25:7|string - IPv6-Adresse||
@ -109,7 +109,7 @@ Alle Server- bzw. Gateway-spezifischen Parameter werden als Host-Variablen abgeb
|Name|Type|Value|Format|Comment| |Name|Type|Value|Format|Comment|
|----|----|-----|------|-------| |----|----|-----|------|-------|
|magic|Variable|7|integer|Muss eindeutig unter allen Servern sein| |magic|Variable|7|integer|Muss eindeutig unter allen Servern sein|
|ipv4_dhcp_range|Variable|6|integer|Wenn man das Mesh-Netz (/18) in /22er-Subnetze unterteilt und durchnummeriert, ist der Wert hier die Nummer des zu verwendenden /22er Subnetzes zwecks DHCP-Adress-Vergabe| |ipv4_dhcp|Variable|6|integer|Wenn man das Mesh-Netz (/18) in /22er-Subnetze unterteilt und durchnummeriert, ist der Wert hier die Nummer des zu verwendenden /22er Subnetzes zwecks DHCP-Adress-Vergabe|
|ffrl_public_ipv4_nat|Variable|185.66.195.32/32|IP/Prefix|Öffentliche IPv4-NAT-Adresse| |ffrl_public_ipv4_nat|Variable|185.66.195.32/32|IP/Prefix|Öffentliche IPv4-NAT-Adresse|
|ffrl_exit_server|Dictionary|||Enthält pro FFRL Tunnel ein Dictionary| |ffrl_exit_server|Dictionary|||Enthält pro FFRL Tunnel ein Dictionary|
|ffrl_exit_server.ffrl-a-ak-ber|Dictionary|||Name = Interface| |ffrl_exit_server.ffrl-a-ak-ber|Dictionary|||Name = Interface|
@ -158,7 +158,7 @@ magic:
# Die Nummer des /22er IPv4-Subnetzes, das per DHCP verteilt werden soll. # Die Nummer des /22er IPv4-Subnetzes, das per DHCP verteilt werden soll.
# z.B. 5 für 10.X.16.0/22 (fünftes /22 Subnetz aus 10.X.0.0/18) # z.B. 5 für 10.X.16.0/22 (fünftes /22 Subnetz aus 10.X.0.0/18)
ipv4_dhcp_range: ipv4_dhcp:
# FFRL (muss vorher bereits zugewiesen worden sein) # FFRL (muss vorher bereits zugewiesen worden sein)
# Öffentliche IPv4 NAT Adresse, Format: IP/Prefix # Öffentliche IPv4 NAT Adresse, Format: IP/Prefix

View file

@ -11,5 +11,5 @@ bin_ansible_callbacks = True
[privilege_escalation] [privilege_escalation]
become = True become = True
#[ssh_connection] [ssh_connection]
#pipelining = True pipelining = True

View file

@ -2,7 +2,10 @@
ansible_version_minimum: "2.6" ansible_version_minimum: "2.6"
debug_fastd: False debug_fastd: False
as_private_mwu: 65037 site_code: ffmwu
site_name: "Mainz, Wiesbaden und Umgebung"
as_private: 65037
as_public_ffrl: 201701 as_public_ffrl: 201701
internet_exit_tcp_mss_ipv4: 1240 internet_exit_tcp_mss_ipv4: 1240
@ -11,16 +14,22 @@ internet_exit_tcp_mss_ipv6: 1220
icvpn_ipv4_transfer_net: 10.207.0.0/16 icvpn_ipv4_transfer_net: 10.207.0.0/16
icvpn_ipv6_transfer_net: fec0::a:cf:0:0/96 icvpn_ipv6_transfer_net: fec0::a:cf:0:0/96
ffmwu_loopback_net_ipv4: 10.37.255.0/24 loopback_net_ipv4: 10.37.255.0/24
ffmwu_loopback_net_ipv6: fd37:b4dc:4b1e:ffff::/64 loopback_net_ipv6: fd37:b4dc:4b1e:ffff::/64
ffmwu_anycast_ipv4: 10.37.255.255/32 anycast_ipv4: 10.37.255.255/32
ffmwu_anycast_ipv6: fd37:b4dc:4b1e:ffff:ffff:ffff:ffff:ffff/128 anycast_ipv6: fd37:b4dc:4b1e:ffff:ffff:ffff:ffff:ffff/128
ffmwu_internal_prefixes: internal_prefixes:
- ipv4: 10.37.0.0/16 - ipv4: 10.37.0.0/16
ipv6: fd37:b4dc:4b1e::/48 ipv6: fd37:b4dc:4b1e::/48
- ipv4: 10.56.0.0/16 - ipv4: 10.56.0.0/16
ipv6: fd56:b4dc:4b1e::/48 ipv6: fd56:b4dc:4b1e::/48
- ipv4: 10.86.0.0/15
ipv6: fd86:b4dc:4b1e::/48
public_prefixes:
- ipv6: 2a03:2260:11a::/48
- ipv6: 2a03:2260:11b::/48
bgp_loopback_net: 10.37.0.0/18 bgp_loopback_net: 10.37.0.0/18
bgp_ipv4_transfer_net: 10.37.0.0/18 bgp_ipv4_transfer_net: 10.37.0.0/18
@ -29,6 +38,10 @@ bgp_groups:
- ffmwu-gateways - ffmwu-gateways
- ffmwu-monitoring - ffmwu-monitoring
fastd_groups:
- ffmwu-gateways
- ffmwu-monitoring
prometheus_groups: prometheus_groups:
- ffmwu-gateways - ffmwu-gateways
- ffmwu-monitoring - ffmwu-monitoring
@ -48,17 +61,18 @@ gopath: "/opt/go"
meshes: meshes:
- id: mz - id: mz
site_number: 37 legacy: true
site_code: ffmz domain_number: 37
site_name: Mainz domain_code: ffmz
sites_virtual: domain_name: Mainz
aliases:
ffbin: Bingen ffbin: Bingen
ffrhg: Rheingau ffrhg: Rheingau
ipv4_network: 10.37.0.0/18 ipv4_network: 10.37.0.0/18
ipv6_ula: ipv6_ula:
- fd37:b4dc:4b1e::/48 - fd37:b4dc:4b1e::/64
ipv6_public: ipv6_public:
- 2a03:2260:11a::/48 - 2a03:2260:11a::/64
dnssl: dnssl:
- ffmz.org - ffmz.org
- user.ffmz.org - user.ffmz.org
@ -102,16 +116,17 @@ meshes:
http_domain_external: freifunk-mainz.de http_domain_external: freifunk-mainz.de
- id: wi - id: wi
site_number: 56 legacy: true
site_code: ffwi domain_number: 56
site_name: Wiesbaden domain_code: ffwi
sites_virtual: domain_name: Wiesbaden
aliases:
ffta: Taunus ffta: Taunus
ipv4_network: 10.56.0.0/18 ipv4_network: 10.56.0.0/18
ipv6_ula: ipv6_ula:
- fd56:b4dc:4b1e::/48 - fd56:b4dc:4b1e::/64
ipv6_public: ipv6_public:
- 2a03:2260:11b::/48 - 2a03:2260:11b::/64
dnssl: dnssl:
- ffwi.org - ffwi.org
- user.ffwi.org - user.ffwi.org
@ -159,7 +174,7 @@ icvpn:
interface: icvpn interface: icvpn
icvpn_repo: https://github.com/freifunk/icvpn icvpn_repo: https://github.com/freifunk/icvpn
bgp_mwu_servers: bgp_legacy_servers:
zuckerwatte: zuckerwatte:
ipv4: 10.37.1.2 ipv4: 10.37.1.2
ipv6: fd37:b4dc:4b1e::a25:102 ipv6: fd37:b4dc:4b1e::a25:102

View file

@ -1,8 +1,21 @@
--- ---
ffmwu_server_type: "gateway" server_type: "gateway"
magic: 161 magic: 161
ipv4_dhcp_range: 7
public_gw_prefixes:
- ipv6: 2a03:2260:11a:a100::/56
- ipv6: 2a03:2260:11b:a100::/56
mesh_gw_prefixes:
mz:
ipv4_dhcp: 10.37.24.0/22
ipv6_public:
- 2a03:2260:11a:a100::/64
wi:
ipv4_dhcp: 10.56.24.0/22
ipv6_public:
- 2a03:2260:11b:a100::/64
ffrl_public_ipv4_nat: 185.66.195.38/32 ffrl_public_ipv4_nat: 185.66.195.38/32

View file

@ -1,8 +1,21 @@
--- ---
ffmwu_server_type: "gateway" server_type: "gateway"
magic: 23 magic: 23
ipv4_dhcp_range: 4
public_gw_prefixes:
- ipv6: 2a03:2260:11a:1700::/56
- ipv6: 2a03:2260:11b:1700::/56
mesh_gw_prefixes:
mz:
ipv4_dhcp: 10.37.16.0/22
ipv6_public:
- 2a03:2260:11a:1700::/64
wi:
ipv4_dhcp: 10.56.16.0/22
ipv6_public:
- 2a03:2260:11b:1700::/64
ffrl_public_ipv4_nat: 185.66.195.36/32 ffrl_public_ipv4_nat: 185.66.195.36/32

View file

@ -1,2 +1,2 @@
--- ---
ffmwu_server_type: "firmware-build" server_type: "firmware-build"

View file

@ -1,8 +1,21 @@
--- ---
ffmwu_server_type: "gateway" server_type: "gateway"
magic: 7 magic: 7
ipv4_dhcp_range: 5
public_gw_prefixes:
- ipv6: 2a03:2260:11a:0700::/56
- ipv6: 2a03:2260:11b:0700::/56
mesh_gw_prefixes:
mz:
ipv4_dhcp: 10.37.20.0/22
ipv6_public:
- 2a03:2260:11a:0700::/64
wi:
ipv4_dhcp: 10.56.20.0/22
ipv6_public:
- 2a03:2260:11b:0700::/64
ffrl_public_ipv4_nat: 185.66.195.32/32 ffrl_public_ipv4_nat: 185.66.195.32/32

View file

@ -1,4 +1,4 @@
--- ---
ffmwu_server_type: "monitoring" server_type: "monitoring"
magic: 32 magic: 32

View file

@ -1,8 +1,21 @@
--- ---
ffmwu_server_type: "gateway" server_type: "gateway"
magic: 101 magic: 101
ipv4_dhcp_range: 8
public_gw_prefixes:
- ipv6: 2a03:2260:11a:6500::/56
- ipv6: 2a03:2260:11b:6500::/56
mesh_gw_prefixes:
mz:
ipv4_dhcp: 10.37.32.0/22
ipv6_public:
- 2a03:2260:11a:6500::/64
wi:
ipv4_dhcp: 10.56.32.0/22
ipv6_public:
- 2a03:2260:11b:6500::/64
ffrl_public_ipv4_nat: 185.66.195.37/32 ffrl_public_ipv4_nat: 185.66.195.37/32

View file

@ -1,8 +1,21 @@
--- ---
ffmwu_server_type: "gateway" server_type: "gateway"
magic: 231 magic: 231
ipv4_dhcp_range: 9
public_gw_prefixes:
- ipv6: 2a03:2260:11a:e700::/56
- ipv6: 2a03:2260:11b:e700::/56
mesh_gw_prefixes:
mz:
ipv4_dhcp: 10.37.36.0/22
ipv6_public:
- 2a03:2260:11a:e700::/64
wi:
ipv4_dhcp: 10.56.36.0/22
ipv6_public:
- 2a03:2260:11b:e700::/64
ffrl_public_ipv4_nat: 185.66.195.33/32 ffrl_public_ipv4_nat: 185.66.195.33/32

View file

@ -7,5 +7,5 @@ Diese Ansible role konfiguriert das FFMWU Anycast Interface.
## Benötigte Variablen ## Benötigte Variablen
- ffmwu_anycast_ipv4 # Anycast IPv4 Adresse - anycast_ipv4 # Anycast IPv4 Adresse
- ffmwu_anycast_ipv6 # Anycast IPv6 Adresse - anycast_ipv6 # Anycast IPv6 Adresse

View file

@ -4,5 +4,5 @@
auto anycast auto anycast
iface anycast iface anycast
link-type dummy link-type dummy
address {{ ffmwu_anycast_ipv4 | ipaddr('network/prefix') }} address {{ anycast_ipv4 | ipaddr('network/prefix') }}
address {{ ffmwu_anycast_ipv6 | ipaddr('network/prefix') }} address {{ anycast_ipv6 | ipaddr('network/prefix') }}

View file

@ -40,7 +40,7 @@ meshes:
- Host Variable `magic` - Host Variable `magic`
- Host Variable `ffmwu_server_type` - Host Variable `server_type`
## MAC-Adressen ## MAC-Adressen

View file

@ -2,7 +2,7 @@
- name: create dummy interfaces - name: create dummy interfaces
template: template:
src: dummy.j2 src: dummy.j2
dest: "/etc/network/interfaces.d/{{ item.id }}0" dest: "/etc/network/interfaces.d/{{ item.id }}"
notify: reload network interfaces notify: reload network interfaces
loop: "{{ meshes }}" loop: "{{ meshes }}"

View file

@ -7,9 +7,9 @@
auto {{ item.id }}bat auto {{ item.id }}bat
iface {{ item.id }}bat iface {{ item.id }}bat
hwaddress {{ mac | hwaddr('linux') }} hwaddress {{ mac | hwaddr('linux') }}
batman-ifaces {{ item.id }}0 {% if ffmwu_server_type == 'gateway' %}{% for instance in item.fastd.nodes.instances %}{{ item.id }}vpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% endif %}{% for instance in item.fastd.backbone.instances %}{{ item.id }}igvpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} batman-ifaces {{ item.id }} {% if server_type == 'gateway' %}{% for instance in item.fastd.nodes.instances %}{{ item.id }}vpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% endif %}{% for instance in item.fastd.backbone.instances %}{{ item.id }}igvpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %}
batman-hop-penalty {{ item.batman.hop_penalty }} batman-hop-penalty {{ item.batman.hop_penalty }}
post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }} post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }}
post-up /usr/sbin/batctl -m $IFACE mm {{ item.batman.mm }} post-up /usr/sbin/batctl -m $IFACE mm {{ item.batman.mm }}
post-up /usr/sbin/batctl -m $IFACE dat {{ item.batman.dat }} post-up /usr/sbin/batctl -m $IFACE dat {{ item.batman.dat }}
post-up /usr/sbin/batctl -m $IFACE gw {% if ffmwu_server_type == 'gateway' %}{{ item.batman.gw }}{% else %}off{% endif %} post-up /usr/sbin/batctl -m $IFACE gw {% if server_type == 'gateway' %}{{ item.batman.gw }}{% else %}off{% endif %}

View file

@ -3,7 +3,7 @@
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #
auto {{ item.id }}0 auto {{ item.id }}
iface {{ item.id }}0 iface {{ item.id }}
link-type dummy link-type dummy
hwaddress {{ mac | hwaddr('linux') }} hwaddress {{ mac | hwaddr('linux') }}

View file

@ -34,7 +34,7 @@ meshes:
- Host Variable `magic` - Host Variable `magic`
- Host Variable `ffmwu_server_type` - Host Variable `server_type`
## MAC-Adressen ## MAC-Adressen

View file

@ -1,6 +1,6 @@
--- ---
- name: create fastd mesh interfaces - name: create fastd mesh interfaces
when: ffmwu_server_type == "gateway" when: server_type == "gateway"
template: template:
src: fastd-mesh.j2 src: fastd-mesh.j2
dest: "/etc/network/interfaces.d/{{ item.0.id }}vpn-{{ item.1.mtu }}" dest: "/etc/network/interfaces.d/{{ item.0.id }}vpn-{{ item.1.mtu }}"

View file

@ -7,5 +7,5 @@ Diese Ansible role konfiguriert das FFMWU Loopback Interface.
## Benötigte Variablen ## Benötigte Variablen
- ffmwu_loopback_net_ipv4 # IPv4-Subnetz aus dem die Loopback IPs berechnet werden - loopback_net_ipv4 # IPv4-Subnetz aus dem die Loopback IPs berechnet werden
- ffmwu_loopback_net_ipv6 # IPv6-Subnetz aus dem die Loopback IPs berechnet werden - loopback_net_ipv6 # IPv6-Subnetz aus dem die Loopback IPs berechnet werden

View file

@ -4,5 +4,5 @@
auto loopback auto loopback
iface loopback iface loopback
link-type dummy link-type dummy
address {{ ffmwu_loopback_net_ipv4 | ipsubnet(32, magic) | ipaddr('network/prefix') }} address {{ loopback_net_ipv4 | ipsubnet(32, magic) | ipaddr('network/prefix') }}
address {{ ffmwu_loopback_net_ipv6 | ipaddr(magic) | ipaddr('address') }}/128 address {{ loopback_net_ipv6 | ipaddr(magic) | ipaddr('address') }}/128

View file

@ -1,6 +1,7 @@
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #
auto {{ item.id }}br auto {{ item.id }}br
iface {{ item.id }}br iface {{ item.id }}br
address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }} address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }}
@ -9,8 +10,10 @@ iface {{ item.id }}br
{% endfor %} {% endfor %}
{% for prefix in item.ipv6_public %} {% for prefix in item.ipv6_public %}
address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }} address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
{% if ffmwu_server_type == "gateway" %}
address {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr(1) | ipaddr('ip/prefix') }}
{% endif %}
{% endfor %} {% endfor %}
{% if mesh_gw_prefixes is defined %}
{% for prefix in mesh_gw_prefixes[item.id].ipv6_public %}
address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(1) | ipaddr('ip/prefix') }}
{% endfor %}
{% endif %}
bridge-ports {{ item.id }}bat bridge-ports {{ item.id }}bat

View file

@ -36,4 +36,4 @@ sysctl_settings_routing_(basic|gateway):
- Host Variable `magic` - Host Variable `magic`
- Host Variable `ffmwu_server_type` - Host Variable `server_type`

View file

@ -61,7 +61,7 @@
loop: "{{ sysctl_settings_routing_basic }}" loop: "{{ sysctl_settings_routing_basic }}"
- name: set gateway sysctl settings for routing - name: set gateway sysctl settings for routing
when: ffmwu_server_type == "gateway" when: server_type == "gateway"
sysctl: sysctl:
name: "{{ item.name }}" name: "{{ item.name }}"
value: "{{ item.value }}" value: "{{ item.value }}"

View file

@ -5,52 +5,52 @@
# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces # Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
{% for mesh in meshes %} {% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule add from all oif {{ mesh.id }}br lookup mwu priority 7 ip -4 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
{% for ula in mesh.ipv6_ula %}
ip -6 rule add from {{ ula }} lookup mwu priority 7
ip -6 rule add to {{ ula }} lookup mwu priority 7
{% endfor %}
{% for public in mesh.ipv6_public %}
ip -6 rule add from {{ public }} lookup mwu priority 7
ip -6 rule add to {{ public }} lookup mwu priority 7
{% endfor %}
ip -6 rule add from all oif {{ mesh.id }}br lookup mwu priority 7 ip -6 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
{% endfor %} {% endfor %}
{% for prefix in internal_prefixes %}
ip -4 rule add from {{ prefix.ipv4 }} lookup mwu priority 7
ip -4 rule add to {{ prefix.ipv4 }} lookup mwu priority 7
ip -6 rule add from {{ prefix.ipv6 }} lookup mwu priority 7
ip -6 rule add to {{ prefix.ipv6 }} lookup mwu priority 7
{% endfor %}
{% for prefix in public_prefixes %}
ip -6 rule add from {{ prefix.ipv6 }} lookup mwu priority 7
ip -6 rule add to {{ prefix.ipv6 }} lookup mwu priority 7
{% endfor %}
{% if ffmwu_server_type == 'gateway' %} {% if server_type == 'gateway' %}
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges # Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
{% for mesh in meshes %} {% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23 ip -4 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
{% for ula in mesh.ipv6_ula %}
ip -6 rule add from {{ ula }} lookup icvpn priority 23
ip -6 rule add to {{ ula }} lookup icvpn priority 23
{% endfor %}
{% for public in mesh.ipv6_public %}
ip -6 rule add from {{ public }} lookup icvpn priority 23
ip -6 rule add to {{ public }} lookup icvpn priority 23
{% endfor %}
ip -6 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23 ip -6 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
{% endfor %} {% endfor %}
{% for prefix in internal_prefixes %}
ip -4 rule add from {{ prefix.ipv4 }} lookup icvpn priority 23
ip -4 rule add to {{ prefix.ipv4 }} lookup icvpn priority 23
ip -6 rule add from {{ prefix.ipv6 }} lookup icvpn priority 23
ip -6 rule add to {{ prefix.ipv6 }} lookup icvpn priority 23
{% endfor %}
{% for prefix in public_prefixes %}
ip -6 rule add from {{ prefix.ipv6 }} lookup icvpn priority 23
ip -6 rule add to {{ prefix.ipv6 }} lookup icvpn priority 23
{% endfor %}
ip -4 rule add from all oif icvpn lookup icvpn priority 23 ip -4 rule add from all oif icvpn lookup icvpn priority 23
ip -6 rule add from all oif icvpn lookup icvpn priority 23 ip -6 rule add from all oif icvpn lookup icvpn priority 23
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges # Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
{% for mesh in meshes %} {% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41
{% for ula in mesh.ipv6_ula %}
ip -6 rule add from {{ ula }} lookup internet priority 41
ip -6 rule add to {{ ula }} lookup internet priority 41
{% endfor %}
{% for public in mesh.ipv6_public %}
ip -6 rule add from {{ public }} lookup internet priority 41
ip -6 rule add to {{ public }} lookup internet priority 41
{% endfor %}
ip -6 rule add from all oif {{ mesh.id }}br lookup internet priority 41 ip -6 rule add from all oif {{ mesh.id }}br lookup internet priority 41
{% endfor %} {% endfor %}
{% for prefix in internal_prefixes %}
ip -4 rule add from {{ prefix.ipv4 }} lookup internet priority 41
ip -6 rule add from {{ prefix.ipv6 }} lookup internet priority 41
ip -6 rule add to {{ prefix.ipv6 }} lookup internet priority 41
{% endfor %}
{% for prefix in public_prefixes %}
ip -6 rule add from {{ prefix.ipv6 }} lookup internet priority 41
ip -6 rule add to {{ prefix.ipv6 }} lookup internet priority 41
{% endfor %}
ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
@ -67,11 +67,9 @@ ip -6 rule add from all iif {{ server_id }} type unreachable priority 61
{% endfor %} {% endfor %}
ip -6 rule add from all iif icvpn type unreachable priority 61 ip -6 rule add from all iif icvpn type unreachable priority 61
ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61 ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
{% for mesh in meshes %} {% for prefix in public_prefixes %}
{% for public in mesh.ipv6_public %} ip -6 rule add from {{ prefix.ipv6 }} type unreachable priority 61
ip -6 rule add from {{ public }} type unreachable priority 61 ip -6 rule add to {{ prefix.ipv6 }} type unreachable priority 61
ip -6 rule add to {{ public }} type unreachable priority 61
{% endfor %}
{% endfor %} {% endfor %}
# Priority 107 - lookup policies for the gateway host self originating traffic # Priority 107 - lookup policies for the gateway host self originating traffic

View file

@ -4,21 +4,25 @@
# #
{% for mesh in meshes %} {% for mesh in meshes %}
# static {{ mesh.site_name }} routes for rt_table mwu # static {{ mesh.domain_name }} routes for rt_table mwu
/sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu /sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
{% for ula in mesh.ipv6_ula %} {% for ula in mesh.ipv6_ula %}
/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu /sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
{% endfor %} {% endfor %}
{% for public in mesh.ipv6_public %} {% for public in mesh.ipv6_public %}
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu /sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
{% endfor %} {% endfor %}
{% if mesh_gw_prefixes is defined %}
{% for public in mesh_gw_prefixes[mesh.id].ipv6_public %}
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
{% endfor %}
{% endif %}
{% if not loop.last %} {% if not loop.last %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% if ffmwu_server_type == 'gateway' %} {% if server_type == 'gateway' %}
# static blackhole routes for rt_table internet # static blackhole routes for rt_table internet
/sbin/ip -4 route add blackhole 0.0.0.0/8 table internet /sbin/ip -4 route add blackhole 0.0.0.0/8 table internet
/sbin/ip -4 route add blackhole 10.0.0.0/8 table internet /sbin/ip -4 route add blackhole 10.0.0.0/8 table internet

View file

@ -5,52 +5,52 @@
# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces # Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
{% for mesh in meshes %} {% for mesh in meshes %}
ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule del from all oif {{ mesh.id }}br lookup mwu priority 7 ip -4 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
{% for ula in mesh.ipv6_ula %}
ip -6 rule del from {{ ula }} lookup mwu priority 7
ip -6 rule del to {{ ula }} lookup mwu priority 7
{% endfor %}
{% for public in mesh.ipv6_public %}
ip -6 rule del from {{ public }} lookup mwu priority 7
ip -6 rule del to {{ public }} lookup mwu priority 7
{% endfor %}
ip -6 rule del from all oif {{ mesh.id }}br lookup mwu priority 7 ip -6 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
{% endfor %} {% endfor %}
{% for prefix in internal_prefixes %}
ip -4 rule del from {{ prefix.ipv4 }} lookup mwu priority 7
ip -4 rule del to {{ prefix.ipv4 }} lookup mwu priority 7
ip -6 rule del from {{ prefix.ipv6 }} lookup mwu priority 7
ip -6 rule del to {{ prefix.ipv6 }} lookup mwu priority 7
{% endfor %}
{% for prefix in public_prefixes %}
ip -6 rule del from {{ prefix.ipv6 }} lookup mwu priority 7
ip -6 rule del to {{ prefix.ipv6 }} lookup mwu priority 7
{% endfor %}
{% if ffmwu_server_type == 'gateway' %} {% if server_type == 'gateway' %}
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges # Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
{% for mesh in meshes %} {% for mesh in meshes %}
ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23 ip -4 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
{% for ula in mesh.ipv6_ula %}
ip -6 rule del from {{ ula }} lookup icvpn priority 23
ip -6 rule del to {{ ula }} lookup icvpn priority 23
{% endfor %}
{% for public in mesh.ipv6_public %}
ip -6 rule del from {{ public }} lookup icvpn priority 23
ip -6 rule del to {{ public }} lookup icvpn priority 23
{% endfor %}
ip -6 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23 ip -6 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
{% endfor %} {% endfor %}
{% for prefix in internal_prefixes %}
ip -4 rule del from {{ prefix.ipv4 }} lookup icvpn priority 23
ip -4 rule del to {{ prefix.ipv4 }} lookup icvpn priority 23
ip -6 rule del from {{ prefix.ipv6 }} lookup icvpn priority 23
ip -6 rule del to {{ prefix.ipv6 }} lookup icvpn priority 23
{% endfor %}
{% for prefix in public_prefixes %}
ip -6 rule del from {{ prefix.ipv6 }} lookup icvpn priority 23
ip -6 rule del to {{ prefix.ipv6 }} lookup icvpn priority 23
{% endfor %}
ip -4 rule del from all oif icvpn lookup icvpn priority 23 ip -4 rule del from all oif icvpn lookup icvpn priority 23
ip -6 rule del from all oif icvpn lookup icvpn priority 23 ip -6 rule del from all oif icvpn lookup icvpn priority 23
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges # Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
{% for mesh in meshes %} {% for mesh in meshes %}
ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41
{% for ula in mesh.ipv6_ula %}
ip -6 rule del from {{ ula }} lookup internet priority 41
ip -6 rule del to {{ ula }} lookup internet priority 41
{% endfor %}
{% for public in mesh.ipv6_public %}
ip -6 rule del from {{ public }} lookup internet priority 41
ip -6 rule del to {{ public }} lookup internet priority 41
{% endfor %}
ip -6 rule del from all oif {{ mesh.id }}br lookup internet priority 41 ip -6 rule del from all oif {{ mesh.id }}br lookup internet priority 41
{% endfor %} {% endfor %}
{% for prefix in internal_prefixes %}
ip -4 rule del from {{ prefix.ipv4 }} lookup internet priority 41
ip -6 rule del from {{ prefix.ipv6 }} lookup internet priority 41
ip -6 rule del to {{ prefix.ipv6 }} lookup internet priority 41
{% endfor %}
{% for prefix in public_prefixes %}
ip -6 rule del from {{ prefix.ipv6 }} lookup internet priority 41
ip -6 rule del to {{ prefix.ipv6 }} lookup internet priority 41
{% endfor %}
ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
@ -67,11 +67,9 @@ ip -6 rule del from all iif {{ server_id }} type unreachable priority 61
{% endfor %} {% endfor %}
ip -6 rule del from all iif icvpn type unreachable priority 61 ip -6 rule del from all iif icvpn type unreachable priority 61
ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61 ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
{% for mesh in meshes %} {% for prefix in public_prefixes %}
{% for public in mesh.ipv6_public %} ip -6 rule del from {{ prefix.ipv6 }} type unreachable priority 61
ip -6 rule del from {{ public }} type unreachable priority 61 ip -6 rule del to {{ prefix.ipv6 }} type unreachable priority 61
ip -6 rule del to {{ public }} type unreachable priority 61
{% endfor %}
{% endfor %} {% endfor %}
# Priority 107 - lookup policies for the gateway host self originating traffic # Priority 107 - lookup policies for the gateway host self originating traffic

View file

@ -4,21 +4,25 @@
# #
{% for mesh in meshes %} {% for mesh in meshes %}
# static {{ mesh.site_name }} routes for rt_table mwu # static {{ mesh.domain_name }} routes for rt_table mwu
/sbin/ip -4 route del {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu /sbin/ip -4 route del {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
{% for ula in mesh.ipv6_ula %} {% for ula in mesh.ipv6_ula %}
/sbin/ip -6 route del {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu /sbin/ip -6 route del {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
{% endfor %} {% endfor %}
{% for public in mesh.ipv6_public %} {% for public in mesh.ipv6_public %}
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu /sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
{% endfor %} {% endfor %}
{% if mesh_gw_prefixes is defined %}
{% for public in mesh_gw_prefixes[mesh.id].ipv6_public %}
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
{% endfor %}
{% endif%}
{% if not loop.last %} {% if not loop.last %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% if ffmwu_server_type == 'gateway' %} {% if server_type == 'gateway' %}
# static blackhole routes for rt_table internet # static blackhole routes for rt_table internet
/sbin/ip -4 route del blackhole 0.0.0.0/8 table internet /sbin/ip -4 route del blackhole 0.0.0.0/8 table internet
/sbin/ip -4 route del blackhole 10.0.0.0/8 table internet /sbin/ip -4 route del blackhole 10.0.0.0/8 table internet

View file

@ -16,4 +16,4 @@ Die folgenden Variablen werden über einen DNS Lookup gesetzt:
- Variable `dns_host_ipv6_address` (Rollen-Variable) - Variable `dns_host_ipv6_address` (Rollen-Variable)
- Variable `dns_gate_num_cname` (Rollen-Variable) - Variable `dns_gate_num_cname` (Rollen-Variable)
- Variable `dns_gate_icvpn_cname` (Rollen-Variable) - Variable `dns_gate_icvpn_cname` (Rollen-Variable)
- Variable `ffmwu_server_type` - Variable `server_type`

View file

@ -14,7 +14,7 @@
- "ansible_distribution_major_version == '9'" - "ansible_distribution_major_version == '9'"
- name: Check gateway specific DNS entries - name: Check gateway specific DNS entries
when: ffmwu_server_type == "gateway" when: server_type == "gateway"
assert: assert:
that: that:
- "dns_gate_num_cname == inventory_hostname" - "dns_gate_num_cname == inventory_hostname"

View file

@ -38,7 +38,7 @@
- name: write named.conf for meshes - name: write named.conf for meshes
template: template:
src: named.conf.mesh.j2 src: named.conf.mesh.j2
dest: /etc/bind/named.conf.{{ item.site_code }} dest: /etc/bind/named.conf.{{ item.domain_code }}
owner: root owner: root
group: bind group: bind
mode: 0644 mode: 0644

View file

@ -6,6 +6,6 @@ include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.default-zones"; include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.logging"; include "/etc/bind/named.conf.logging";
{% for mesh in meshes %} {% for mesh in meshes %}
include "/etc/bind/named.conf.{{ mesh.site_code }}"; include "/etc/bind/named.conf.{{ mesh.domain_code }}";
{% endfor %} {% endfor %}
include "/etc/bind/named.conf.icvpn"; include "/etc/bind/named.conf.icvpn";

View file

@ -3,10 +3,11 @@
// //
// ACLs // ACLs
masters "ns-master-{{ item.site_code }}" { masters "ns-master-{{ item.domain_code }}" {
{{ item.dns.master }}; {{ item.dns.master }};
}; };
{% if item.dns.forward_zones is defined %}
{% for zone in item.dns.forward_zones %} {% for zone in item.dns.forward_zones %}
{% if zone.master is defined %} {% if zone.master is defined %}
masters "ns-master-{{ zone.name }}" { masters "ns-master-{{ zone.name }}" {
@ -15,15 +16,17 @@ masters "ns-master-{{ zone.name }}" {
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %}
acl "intern-{{ item.site_code }}" { acl "intern-{{ item.domain_code }}" {
{{ item.ipv4_network | ipaddr('net') | ipaddr('network/prefix') }}; {{ item.ipv4_network | ipaddr('net') | ipaddr('network/prefix') }};
{% for prefix in item.ipv6_ula %} {% for prefix in item.ipv6_ula %}
{{ prefix | ipaddr('net') | ipaddr('network/prefix') }}; {{ prefix | ipaddr('net') | ipaddr('network/prefix') }};
{% endfor %} {% endfor %}
}; };
// DNS forward zones for {{ item.site_code }} {% if item.dns.forward_zones is defined %}
// DNS forward zones for {{ item.domain_code }}
{% for zone in item.dns.forward_zones %} {% for zone in item.dns.forward_zones %}
zone "{{ zone.name }}." { zone "{{ zone.name }}." {
type slave; type slave;
@ -31,26 +34,27 @@ zone "{{ zone.name }}." {
{% if zone.master is defined %} {% if zone.master is defined %}
masters { ns-master-{{ zone.name }}; }; masters { ns-master-{{ zone.name }}; };
{% else %} {% else %}
masters { ns-master-{{ item.site_code }}; }; masters { ns-master-{{ item.domain_code }}; };
{% endif %} {% endif %}
}; };
{% if not loop.last %} {% if not loop.last %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %}
// DNS reverse zones for {{ item.site_code }} // DNS reverse zones for {{ item.domain_code }}
zone "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}" { zone "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}" {
type slave; type slave;
file "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}"; file "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}";
masters { ns-master-{{ item.site_code }}; }; masters { ns-master-{{ item.domain_code }}; };
}; };
{% for prefix in item.ipv6_ula %} {% for prefix in item.ipv6_ula %}
zone "{{ prefix | ipaddr('net') | ipaddr('revdns') }}" { zone "{{ prefix | ipaddr('net') | ipaddr('revdns') }}" {
type slave; type slave;
file "{{ prefix | ipaddr('net') | ipaddr('revdns') }}"; file "{{ prefix | ipaddr('net') | ipaddr('revdns') }}";
masters { ns-master-{{ item.site_code }}; }; masters { ns-master-{{ item.domain_code }}; };
}; };
{% if not loop.last %} {% if not loop.last %}

View file

@ -12,15 +12,15 @@ options {
127.0.0.1; 127.0.0.1;
::1; ::1;
{% for mesh in meshes %} {% for mesh in meshes %}
intern-{{ mesh.site_code }}; intern-{{ mesh.domain_code }};
{% endfor %} {% endfor %}
}; };
allow-transfer { any; }; allow-transfer { any; };
listen-on { listen-on {
127.0.0.1; 127.0.0.1;
{{ ffmwu_anycast_ipv4 | ipaddr('address') }}; {{ anycast_ipv4 | ipaddr('address') }};
{{ ffmwu_loopback_net_ipv4 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; {{ loopback_net_ipv4 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
{% for mesh in meshes %} {% for mesh in meshes %}
{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
{% endfor %} {% endfor %}
@ -29,8 +29,8 @@ options {
listen-on-v6 { listen-on-v6 {
::1; ::1;
{{ ffmwu_anycast_ipv6 | ipaddr('address') }}; {{ anycast_ipv6 | ipaddr('address') }};
{{ ffmwu_loopback_net_ipv6 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; {{ loopback_net_ipv6 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
{% for mesh in meshes %} {% for mesh in meshes %}
{% for ip in mesh.ipv6_ula %} {% for ip in mesh.ipv6_ula %}
{{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}; {{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }};

View file

@ -11,9 +11,8 @@ table ffrl;
# Functions # Functions
function is_ffrl_public_nets() { function is_ffrl_public_nets() {
return net ~ [ return net ~ [
{% for mesh in meshes %} {% for prefix in public_gw_prefixes %}
{% for prefix in mesh.ipv6_public %} {{ prefix.ipv6 }}{48,56}{{ "," if not loop.last else "" }}
{{ prefix }}{48,56}{{ "," if not loop.last else "" }}{% endfor %}{{ "," if not loop.last else "" }}
{% endfor %} {% endfor %}
]; ];
} }
@ -40,11 +39,11 @@ filter ebgp_ffrl_export_filter {
# Protocols # Protocols
protocol static ffrl_public_routes { protocol static ffrl_public_routes {
table ffrl; table ffrl;
{% for mesh in meshes %} {% for prefix in public_prefixes %}
{% for prefix in mesh.ipv6_public %} route {{ prefix.ipv6 }} reject;
route {{ prefix }} reject;
route {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipaddr('network/prefix') }} reject;
{% endfor %} {% endfor %}
{% for prefix in public_gw_prefixes %}
route {{ prefix.ipv6 }} reject;
{% endfor %} {% endfor %}
} }

View file

@ -35,9 +35,9 @@
group: "{{ lg_user }}" group: "{{ lg_user }}"
- name: configure lg-proxy - name: configure lg-proxy
when: ffmwu_server_type == "gateway" when: server_type == "gateway"
include_tasks: lg-proxy.yml include_tasks: lg-proxy.yml
- name: configure lg-webservice - name: configure lg-webservice
when: ffmwu_server_type == "monitoring" when: server_type == "monitoring"
include_tasks: lg-webservice.yml include_tasks: lg-webservice.yml

View file

@ -22,7 +22,7 @@ ROUTER_IP = {
AS_NUMBER = { AS_NUMBER = {
{% for host in groups["ffmwu-gateways"] %} {% for host in groups["ffmwu-gateways"] %}
"{{ host.rsplit('.freifunk-mwu.de')[0] }}" : "{{ as_private_mwu }}", "{{ host.rsplit('.freifunk-mwu.de')[0] }}" : "{{ as_private }}",
{% endfor %} {% endfor %}
} }

View file

@ -13,16 +13,16 @@ Im iBGP peeren wir mangels separatem Transfernetz (im Moment) im Mainzer Mesh Ne
## Benötigte Variablen ## Benötigte Variablen
- Variable `bgp_loopback_net` # IPv4-Range des Mainzer Meshes, hieraus werden die Loopback Adressen gewählt. - Variable `bgp_loopback_net` # IPv4-Range des Mainzer Meshes, hieraus werden die Loopback Adressen gewählt.
- Variable `ffmwu_loopback_net_ipv4` # IPv4-Subnetz für Loopback-Adressen - Variable `loopback_net_ipv4` # IPv4-Subnetz für Loopback-Adressen
- Variable `ffmwu_loopback_net_ipv6` # IPv6-Subnetz für Loopback-Adressen - Variable `loopback_net_ipv6` # IPv6-Subnetz für Loopback-Adressen
- Variable `ffmwu_anycast_ipv4` # Anycast IPv4-Adresse - Variable `anycast_ipv4` # Anycast IPv4-Adresse
- Variable `ffmwu_anycast_ipv6` # Anycast IPv6-Adresse - Variable `anycast_ipv6` # Anycast IPv6-Adresse
- Variable `bgp_ipv4_transfer_net` # IPv4-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird. - Variable `bgp_ipv4_transfer_net` # IPv4-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird.
- Variable `bgp_ipv6_transfer_net` # IPv6-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird. - Variable `bgp_ipv6_transfer_net` # IPv6-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird.
- Variable `bgp_as_private_mwu` # Private ASN von Freifunk MWU - Variable `bgp_as_private` # Private ASN von Freifunk MWU
- Liste `bgp_groups` # List von Hostgruppen zu denen eine Verbindung aufgebaut werden soll - Liste `bgp_groups` # List von Hostgruppen zu denen eine Verbindung aufgebaut werden soll
- Liste `ffmwu_internal_prefixes` - Liste `internal_prefixes`
- Dictionary `bgp_mwu_servers` - Dictionary `bgp_legacy_servers`
``` ```
spinat: # kurzer Hostname des Peers spinat: # kurzer Hostname des Peers

View file

@ -52,7 +52,7 @@
notify: reload systemd unit bird6 notify: reload systemd unit bird6
- name: write radv.conf - name: write radv.conf
when: ffmwu_server_type == "gateway" when: server_type == "gateway"
template: template:
src: radv.conf.j2 src: radv.conf.j2
dest: /etc/bird/radv.conf dest: /etc/bird/radv.conf

View file

@ -4,7 +4,7 @@
# Variables # Variables
define mwu_address = {{ bgp_ipv4_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; define mwu_address = {{ bgp_ipv4_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
define mwu_as = {{ as_private_mwu }}; define mwu_as = {{ as_private }};
define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
# General # General
@ -38,7 +38,7 @@ function is_chaosvpn() {
function is_mwu_self_nets_loose() { function is_mwu_self_nets_loose() {
return net ~ [ return net ~ [
{% for prefix in ffmwu_internal_prefixes %} {% for prefix in internal_prefixes %}
{{ prefix.ipv4 | ipaddr('net') }}+{{ "," if not loop.last else "" }} {{ prefix.ipv4 | ipaddr('net') }}+{{ "," if not loop.last else "" }}
{% endfor %} {% endfor %}
]; ];
@ -46,7 +46,7 @@ function is_mwu_self_nets_loose() {
function is_mwu_self_nets_strict() { function is_mwu_self_nets_strict() {
return net ~ [ return net ~ [
{% for prefix in ffmwu_internal_prefixes %} {% for prefix in internal_prefixes %}
{{ prefix.ipv4 | ipaddr('net') }}{{ "," if not loop.last else "" }} {{ prefix.ipv4 | ipaddr('net') }}{{ "," if not loop.last else "" }}
{% endfor %} {% endfor %}
]; ];
@ -54,13 +54,13 @@ function is_mwu_self_nets_strict() {
function is_mwu_loopback() { function is_mwu_loopback() {
return net ~ [ return net ~ [
{{ ffmwu_loopback_net_ipv4 }}+ {{ loopback_net_ipv4 }}+
]; ];
} }
function is_mwu_anycast() { function is_mwu_anycast() {
return net ~ [ return net ~ [
{{ ffmwu_anycast_ipv4 }} {{ anycast_ipv4 }}
]; ];
} }
@ -81,7 +81,7 @@ protocol direct mwu_loopback {
import where is_mwu_loopback(); import where is_mwu_loopback();
}; };
{% if ffmwu_server_type == "gateway" %} {% if server_type == "gateway" %}
protocol direct mwu_anycast { protocol direct mwu_anycast {
interface "anycast"; interface "anycast";
import where is_mwu_anycast(); import where is_mwu_anycast();
@ -89,7 +89,7 @@ protocol direct mwu_anycast {
{% endif %} {% endif %}
protocol static { protocol static {
{% for prefix in ffmwu_internal_prefixes %} {% for prefix in internal_prefixes %}
route {{ prefix.ipv4 }} reject; route {{ prefix.ipv4 }} reject;
{% endfor %} {% endfor %}
}; };
@ -98,7 +98,7 @@ protocol kernel kernel_mwu {
scan time 30; scan time 30;
import none; import none;
export filter { export filter {
{% if ffmwu_server_type == "gateway" %} {% if server_type == "gateway" %}
if is_mwu_anycast() then reject; if is_mwu_anycast() then reject;
{% else %} {% else %}
if is_mwu_anycast() then accept; if is_mwu_anycast() then accept;
@ -114,7 +114,7 @@ template bgp ibgp_mwu {
local mwu_address as mwu_as; local mwu_address as mwu_as;
import keep filtered on; import keep filtered on;
import filter { import filter {
{% if ffmwu_server_type == "gateway" %} {% if server_type == "gateway" %}
if is_mwu_anycast() then reject; if is_mwu_anycast() then reject;
{% endif %} {% endif %}
if is_mwu_self_nets_loose() then accept; if is_mwu_self_nets_loose() then accept;
@ -134,7 +134,7 @@ template bgp ibgp_mwu {
# Include IPv4 MWU peers # Include IPv4 MWU peers
include "mwu_ipv4_peers.con?"; include "mwu_ipv4_peers.con?";
{% if ffmwu_server_type == "gateway" %} {% if server_type == "gateway" %}
# Include IPv4 ICVPN configuration # Include IPv4 ICVPN configuration
include "icvpn_ipv4.con?"; include "icvpn_ipv4.con?";

View file

@ -5,7 +5,7 @@
# Variables # Variables
define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
define mwu_address = {{ bgp_ipv6_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}; define mwu_address = {{ bgp_ipv6_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
define mwu_as = {{ as_private_mwu }}; define mwu_as = {{ as_private }};
# General # General
timeformat protocol iso long; timeformat protocol iso long;
@ -26,7 +26,7 @@ function is_ula() {
function is_mwu_self_nets_loose() { function is_mwu_self_nets_loose() {
return net ~ [ return net ~ [
{% for prefix in ffmwu_internal_prefixes %} {% for prefix in internal_prefixes %}
{{ prefix.ipv6 | ipaddr('net') }}+{{ "," if not loop.last else "" }} {{ prefix.ipv6 | ipaddr('net') }}+{{ "," if not loop.last else "" }}
{% endfor %} {% endfor %}
]; ];
@ -34,7 +34,7 @@ function is_mwu_self_nets_loose() {
function is_mwu_self_nets_strict() { function is_mwu_self_nets_strict() {
return net ~ [ return net ~ [
{% for prefix in ffmwu_internal_prefixes %} {% for prefix in internal_prefixes %}
{{ prefix.ipv6 | ipaddr('net') }}{{ "," if not loop.last else "" }} {{ prefix.ipv6 | ipaddr('net') }}{{ "," if not loop.last else "" }}
{% endfor %} {% endfor %}
]; ];
@ -42,13 +42,13 @@ function is_mwu_self_nets_strict() {
function is_mwu_loopback() { function is_mwu_loopback() {
return net ~ [ return net ~ [
{{ ffmwu_loopback_net_ipv6 }}+ {{ loopback_net_ipv6 }}+
]; ];
}; };
function is_mwu_anycast() { function is_mwu_anycast() {
return net ~ [ return net ~ [
{{ ffmwu_anycast_ipv6 }}+ {{ anycast_ipv6 }}+
]; ];
}; };
@ -69,7 +69,7 @@ protocol direct mwu_loopback {
import where is_mwu_loopback(); import where is_mwu_loopback();
}; };
{% if ffmwu_server_type == "gateway" %} {% if server_type == "gateway" %}
protocol direct mwu_anycast { protocol direct mwu_anycast {
interface "anycast"; interface "anycast";
import where is_mwu_anycast(); import where is_mwu_anycast();
@ -77,7 +77,7 @@ protocol direct mwu_anycast {
{% endif %} {% endif %}
protocol static { protocol static {
{% for prefix in ffmwu_internal_prefixes %} {% for prefix in internal_prefixes %}
route {{ prefix.ipv6 }} reject; route {{ prefix.ipv6 }} reject;
{% endfor %} {% endfor %}
}; };
@ -86,7 +86,7 @@ protocol kernel kernel_mwu {
scan time 30; scan time 30;
import none; import none;
export filter { export filter {
{% if ffmwu_server_type == "gateway" %} {% if server_type == "gateway" %}
if is_mwu_anycast() then reject; if is_mwu_anycast() then reject;
{% else %} {% else %}
if is_mwu_anycast() then accept; if is_mwu_anycast() then accept;
@ -102,7 +102,7 @@ template bgp ibgp_mwu {
local mwu_address as mwu_as; local mwu_address as mwu_as;
import keep filtered on; import keep filtered on;
import filter { import filter {
{% if ffmwu_server_type == "gateway" %} {% if server_type == "gateway" %}
if is_mwu_anycast() then reject; if is_mwu_anycast() then reject;
{% endif %} {% endif %}
if is_mwu_self_nets_loose() then accept; if is_mwu_self_nets_loose() then accept;
@ -120,7 +120,7 @@ template bgp ibgp_mwu {
# Include IPv6 MWU peers # Include IPv6 MWU peers
include "mwu_ipv6_peers.con?"; include "mwu_ipv6_peers.con?";
{% if ffmwu_server_type == "gateway" %} {% if server_type == "gateway" %}
# Include IPv6 ICVPN configuration # Include IPv6 ICVPN configuration
include "icvpn_ipv6.con?"; include "icvpn_ipv6.con?";

View file

@ -12,7 +12,7 @@ protocol bgp mwu_{{ host.rsplit('.freifunk-mwu.de')[0] }} from ibgp_mwu {
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
{% for item, value in bgp_mwu_servers.items() %} {% for item, value in bgp_legacy_servers.items() %}
{% if item != inventory_hostname_short %} {% if item != inventory_hostname_short %}
protocol bgp mwu_{{ item }} from ibgp_mwu { protocol bgp mwu_{{ item }} from ibgp_mwu {
neighbor {{ value.ipv4 }} as mwu_as; neighbor {{ value.ipv4 }} as mwu_as;

View file

@ -12,7 +12,7 @@ protocol bgp mwu_{{ host.rsplit('.freifunk-mwu.de')[0] }} from ibgp_mwu {
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
{% for item, value in bgp_mwu_servers.items() %} {% for item, value in bgp_legacy_servers.items() %}
{% if item != inventory_hostname_short %} {% if item != inventory_hostname_short %}
protocol bgp mwu_{{ item }} from ibgp_mwu { protocol bgp mwu_{{ item }} from ibgp_mwu {
neighbor {{ value.ipv6 }} as mwu_as; neighbor {{ value.ipv6 }} as mwu_as;

View file

@ -11,27 +11,31 @@ protocol radv radv_{{ mesh.id }} {
{% endfor %} {% endfor %}
{% for prefix in mesh.ipv6_public %} {% for prefix in mesh.ipv6_public %}
prefix {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} {
valid lifetime {{ mesh.radvd.advvalidlifetime }};
preferred lifetime {{ mesh.radvd.advpreferredlifetime }};
};
prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} { prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} {
skip yes; skip yes;
}; };
{% endfor %} {% endfor %}
{% for prefix in mesh_gw_prefixes[mesh.id].ipv6_public %}
prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} {
valid lifetime {{ mesh.radvd.advvalidlifetime }};
preferred lifetime {{ mesh.radvd.advpreferredlifetime }};
};
{% endfor %}
rdnss { rdnss {
{% for prefix in mesh.ipv6_ula %} {% for prefix in mesh.ipv6_ula %}
ns {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}; ns {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }};
{% endfor %} {% endfor %}
}; };
{% if mesh.dnssl is defined %}
dnssl { dnssl {
{% for dnssl in mesh.dnssl %} {% for dnssl in mesh.dnssl %}
domain "{{ dnssl }}"; domain "{{ dnssl }}";
{% endfor %} {% endfor %}
}; };
{% endif %}
link mtu {{ mesh.iface_mtu }}; link mtu {{ mesh.iface_mtu }};
}; };

View file

@ -24,8 +24,8 @@ meshes:
``` ```
- Host Variable `magic` - Host Variable `magic`
- Host Variable `ipv4_dhcp_range` - Host Variable `ipv4_dhcp`
## DHCP Range ## DHCP Range
In der Host-Variable `ipv4_dhcp_range` wird als Integer die Nummer des /22 Blocks aus `ipv4_network` definiert, welcher als DHCP Range verwendet werden soll. Dem Gateway Lotuswurzel ist die DHCP-Range 10.X.16.0-10.X.19.255 zugewiesen. Diese ist der 4. /22er Block, also wird in der Host-Variable für die Lotuswurzel `4` geschrieben. In der Host-Variable `ipv4_dhcp` wird als Integer die Nummer des /22 Blocks aus `ipv4_network` definiert, welcher als DHCP Range verwendet werden soll. Dem Gateway Lotuswurzel ist die DHCP-Range 10.X.16.0-10.X.19.255 zugewiesen. Diese ist der 4. /22er Block, also wird in der Host-Variable für die Lotuswurzel `4` geschrieben.

View file

@ -38,7 +38,7 @@
{% for mesh in meshes %} {% for mesh in meshes %}
{ {
"subnet": "{{ mesh.ipv4_network | ipaddr('network/prefix') }}", "subnet": "{{ mesh.ipv4_network | ipaddr('network/prefix') }}",
"pools": [ { "pool": "{{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('range_usable') }}" } ], "pools": [ { "pool": "{{ mesh_gw_prefixes[mesh.id].ipv4_dhcp | ipaddr('net') | ipaddr('range_usable') }}" } ],
"option-data": [ "option-data": [
{ {
"name": "routers", "name": "routers",
@ -51,11 +51,12 @@
{ {
"name": "domain-name-servers", "name": "domain-name-servers",
"data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}" "data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
}, }{% if mesh.dnssl is defined %},
{ {
"name": "domain-search", "name": "domain-search",
"data": "{% for dnssl in mesh.dnssl %}{{ dnssl }}{% if not loop.last %}, {% endif %}{% endfor %}" "data": "{% for dnssl in mesh.dnssl %}{{ dnssl }}{% if not loop.last %}, {% endif %}{% endfor %}"
} }
{% endif %}
] ]
{% if not loop.last %} {% if not loop.last %}
}, },

View file

@ -13,7 +13,7 @@
mode: 0755 mode: 0755
owner: admin owner: admin
group: admin group: admin
loop: "{{ meshes | subelements('fastd.backbone.instances') }}" loop: "{{ meshes | selectattr('legacy', 'defined') | list | subelements('fastd.backbone.instances') }}"
- name: clone fastd peer backbone repos - name: clone fastd peer backbone repos
git: git:
@ -23,7 +23,7 @@
update: yes update: yes
tags: sync-peers tags: sync-peers
notify: reload fastd backbone instances notify: reload fastd backbone instances
loop: "{{ meshes | subelements('fastd.backbone.instances') }}" loop: "{{ meshes | selectattr('legacy', 'defined') | list | subelements('fastd.backbone.instances') }}"
become: false become: false
- name: template fastd backbone config - name: template fastd backbone config

View file

@ -13,15 +13,29 @@ method "aes128-ctr+umac";
interface "{{ item.0.id }}igvpn-{{ item.1.mtu }}"; interface "{{ item.0.id }}igvpn-{{ item.1.mtu }}";
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ item.0.site_number }}; bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ item.0.site_number }}; bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
include "secret.conf"; include "secret.conf";
mtu {{ item.1.mtu }}; mtu {{ item.1.mtu }};
peer group "servers" { peer group "servers" {
{% if item.0.legacy is defined %}
include peers from "peers/gates"; include peers from "peers/gates";
include peers from "peers/services"; include peers from "peers/services";
{% else %}
{% for group in fastd_groups %}
{% for host in groups[group] %}
{% set peer = host.rsplit('.')[0] %}
{% if host != inventory_hostname %}
peer "{{ peer }}" {
key "{{ lookup('passwordstore', item.1.pass + '/' + peer + ' subkey=public') }}";
remote ipv6 "{{ host }}" port 11{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
}
{% endif %}
{% endfor %}
{% endfor %}
{% endif %}
} }
on up "/bin/systemctl reload networking"; on up "/bin/systemctl reload networking";

View file

@ -13,8 +13,8 @@ method "salsa2012+umac";
interface "{{ item.0.id }}vpn-{{ item.1.mtu }}"; interface "{{ item.0.id }}vpn-{{ item.1.mtu }}";
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ item.0.site_number }}; bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ item.0.site_number }}; bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
include "secret.conf"; include "secret.conf";
mtu {{ item.1.mtu }}; mtu {{ item.1.mtu }};

View file

@ -38,6 +38,7 @@ server {
} }
{% for mesh in meshes %} {% for mesh in meshes %}
{% if mesh.legacy is defined %}
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
@ -52,7 +53,7 @@ server {
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
root /var/www/html/firmware/{{ mesh.site_name.lower() }}; root /var/www/html/firmware/{{ mesh.domain_name.lower() }};
location / { location / {
autoindex on; autoindex on;
autoindex_exact_size off; autoindex_exact_size off;
@ -78,7 +79,7 @@ server {
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
root /var/www/html/firmware/{{ mesh.site_name.lower() }}; root /var/www/html/firmware/{{ mesh.domain_name.lower() }};
location / { location / {
autoindex on; autoindex on;
autoindex_exact_size off; autoindex_exact_size off;
@ -86,5 +87,6 @@ server {
} }
{% if not loop.last %} {% if not loop.last %}
{% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}

View file

@ -88,13 +88,13 @@ module.exports = function () {
'domainNames': [ 'domainNames': [
{% for mesh in meshes %} {% for mesh in meshes %}
{ {
'domain': '{{ mesh.site_code }}', 'domain': '{{ mesh.domain_code }}',
'name': '{{ mesh.site_name }}' 'name': '{{ mesh.domain_name }}'
}, },
{% if mesh.sites_virtual is defined %} {% if mesh.aliases is defined %}
{% for site, name in mesh.sites_virtual.items() %} {% for domain, name in mesh.aliases.items() %}
{ {
'domain': '{{ site }}', 'domain': '{{ domain }}',
'name': '{{ name }}' 'name': '{{ name }}'
}, },
{% endfor %} {% endfor %}

View file

@ -55,6 +55,7 @@ server {
} }
{% for mesh in meshes %} {% for mesh in meshes %}
{% if mesh.http_domain_internal is defined %}
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
@ -82,5 +83,6 @@ server {
} }
{% if not loop.last %} {% if not loop.last %}
{% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}

View file

@ -11,5 +11,5 @@ Diese Ansible role installiert und konfiguriert den Web Server nginx.
## Benötigte Variablen ## Benötigte Variablen
- Variable `acme_server` - Variable `acme_server`
- Variable `ffmwu_server_type` - Variable `server_type`
- Variable `inventory_hostname_short` - Variable `inventory_hostname_short`

View file

@ -19,10 +19,10 @@
<header> <header>
<h1>Freifunk MWU Server <a href="./index.html">{{ inventory_hostname_short }}</a></h1> <h1>Freifunk MWU Server <a href="./index.html">{{ inventory_hostname_short }}</a></h1>
</header> </header>
{% if ffmwu_server_type == "firmware-build" or ffmwu_server_type == "gateway" %} {% if server_type == "firmware-build" or server_type == "gateway" %}
<div class="block"><a href="firmware">Firmware</a></div> <div class="block"><a href="firmware">Firmware</a></div>
{% endif %} {% endif %}
{% if ffmwu_server_type == "firmware-build" %} {% if server_type == "firmware-build" %}
<div class="block"><a href="_archive">Firmware Archiv</a></div> <div class="block"><a href="_archive">Firmware Archiv</a></div>
{% endif %} {% endif %}
</body> </body>

View file

@ -71,7 +71,7 @@ scrape_configs:
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
{% for host, _ in bgp_mwu_servers.items() %} {% for host, _ in bgp_legacy_servers.items() %}
{% if host not in ['extrasahne'] %} {% if host not in ['extrasahne'] %}
- "{{ host }}.ffwi.org" - "{{ host }}.ffwi.org"
- "{{ host }}.ffmz.org" - "{{ host }}.ffmz.org"

View file

@ -13,7 +13,7 @@
become: false become: false
- name: set respondd vpn flag to false - name: set respondd vpn flag to false
when: ffmwu_server_type != "gateway" when: server_type != "gateway"
copy: copy:
content: "False" content: "False"
dest: /home/admin/clones/mesh-announce/nodeinfo.d/vpn dest: /home/admin/clones/mesh-announce/nodeinfo.d/vpn

View file

@ -4,7 +4,7 @@ After={% for interface in item.fastd.nodes.instances %}fastd@{{ item.id }}vpn-{{
[Service] [Service]
ExecStart=/home/admin/clones/mesh-announce/respondd.py -i {{ item.id }}br {% for interface in item.fastd.nodes.instances %}-i {{ item.id }}vpn-{{ interface.mtu }}{% if not loop.last %} {% endif %}{% endfor %} -b {{ item.id }}bat -s {{ item.site_code }} -d {{ item.site_code }} --data-provider-directory /home/admin/clones/mesh-announce/ ExecStart=/home/admin/clones/mesh-announce/respondd.py -i {{ item.id }}br {% for interface in item.fastd.nodes.instances %}-i {{ item.id }}vpn-{{ interface.mtu }}{% if not loop.last %} {% endif %}{% endfor %} -b {{ item.id }}bat -s {{ site_code }} -d {{ item.domain_code }} --data-provider-directory /home/admin/clones/mesh-announce/
Restart=always Restart=always
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

View file

@ -7,12 +7,20 @@ enable = true
synchronize = "1m" synchronize = "1m"
collect_interval = "1m" collect_interval = "1m"
[respondd.sites.{{ site_code }}]
domains = [
{% for mesh in meshes %} {% for mesh in meshes %}
[respondd.sites.{{ mesh.site_code }}] {% if mesh.aliases is defined %}
{% if mesh.sites_virtual is defined %} {% for domain, name in mesh.aliases.items() %}
domains = ["{{ mesh.site_code }}",{% for domain, name in mesh.sites_virtual.items() %}"{{ domain }}"{% if not loop.last %},{% endif %}{% endfor %}] "{{ domain }}",
{% endfor %}
{% endif %}
"{{ mesh.domain_code }}"{% if not loop.last %},
{% else %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
]
{% for mesh in meshes %} {% for mesh in meshes %}
[[respondd.interfaces]] [[respondd.interfaces]]