Roles: improve multidomain support
This commit is contained in:
parent
4127e56524
commit
721b278d3b
57 changed files with 344 additions and 223 deletions
12
Readme.md
12
Readme.md
|
@ -78,7 +78,7 @@ Weitere Gruppen-Variablen:
|
||||||
|
|
||||||
|Name|Type|Value|Format|Comment|
|
|Name|Type|Value|Format|Comment|
|
||||||
|----|----|-----|------|-------|
|
|----|----|-----|------|-------|
|
||||||
|as_private_mwu|Variable|65037|integer|Privates AS von Freifunk MWU|
|
|as_private|Variable|65037|integer|Privates AS von Freifunk MWU|
|
||||||
|as_public_ffrl|Variable|201701|integer|Public AS von Freifunk Rheinland|
|
|as_public_ffrl|Variable|201701|integer|Public AS von Freifunk Rheinland|
|
||||||
|internet_exit_tcp_mss_ipv4|Variable|1240|integer|IPv4 TCP MSS|
|
|internet_exit_tcp_mss_ipv4|Variable|1240|integer|IPv4 TCP MSS|
|
||||||
|internet_exit_tcp_mss_ipv6|Variable|1220|integer|IPv6 TCP MSS|
|
|internet_exit_tcp_mss_ipv6|Variable|1220|integer|IPv6 TCP MSS|
|
||||||
|
@ -97,9 +97,9 @@ Weitere Gruppen-Variablen:
|
||||||
|icvpn.prefix|Key|mwu|string|Prefix für MWU Gateways, z.B. `mwu7` für Spinat|
|
|icvpn.prefix|Key|mwu|string|Prefix für MWU Gateways, z.B. `mwu7` für Spinat|
|
||||||
|icvpn.interface|Key|icvpn|string|Name für ICVPN Interface + tinc Instanz|
|
|icvpn.interface|Key|icvpn|string|Name für ICVPN Interface + tinc Instanz|
|
||||||
|icvpn.icvpn_repo|Key|https://github.com/freifunk/icvpn|string|URL zum freifunk/icvpn Repository|
|
|icvpn.icvpn_repo|Key|https://github.com/freifunk/icvpn|string|URL zum freifunk/icvpn Repository|
|
||||||
|bgp_mwu_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net|
|
|bgp_legacy_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net|
|
||||||
|bgp_mwu_servers.spinat|Dictionary||||
|
|bgp_legacy_servers.spinat|Dictionary||||
|
||||||
|bgp_mwu_servers.spinat.ipv4|Variable|10.37.0.7|string - IPv4-Adresse||
|
|bgp_legacy_servers.spinat.ipv4|Variable|10.37.0.7|string - IPv4-Adresse||
|
||||||
|bgp_mwu_server.spinat.ipv6|Variable|fd37:b4dc:4b1e::a25:7|string - IPv6-Adresse||
|
|bgp_mwu_server.spinat.ipv6|Variable|fd37:b4dc:4b1e::a25:7|string - IPv6-Adresse||
|
||||||
|
|
||||||
|
|
||||||
|
@ -109,7 +109,7 @@ Alle Server- bzw. Gateway-spezifischen Parameter werden als Host-Variablen abgeb
|
||||||
|Name|Type|Value|Format|Comment|
|
|Name|Type|Value|Format|Comment|
|
||||||
|----|----|-----|------|-------|
|
|----|----|-----|------|-------|
|
||||||
|magic|Variable|7|integer|Muss eindeutig unter allen Servern sein|
|
|magic|Variable|7|integer|Muss eindeutig unter allen Servern sein|
|
||||||
|ipv4_dhcp_range|Variable|6|integer|Wenn man das Mesh-Netz (/18) in /22er-Subnetze unterteilt und durchnummeriert, ist der Wert hier die Nummer des zu verwendenden /22er Subnetzes zwecks DHCP-Adress-Vergabe|
|
|ipv4_dhcp|Variable|6|integer|Wenn man das Mesh-Netz (/18) in /22er-Subnetze unterteilt und durchnummeriert, ist der Wert hier die Nummer des zu verwendenden /22er Subnetzes zwecks DHCP-Adress-Vergabe|
|
||||||
|ffrl_public_ipv4_nat|Variable|185.66.195.32/32|IP/Prefix|Öffentliche IPv4-NAT-Adresse|
|
|ffrl_public_ipv4_nat|Variable|185.66.195.32/32|IP/Prefix|Öffentliche IPv4-NAT-Adresse|
|
||||||
|ffrl_exit_server|Dictionary|||Enthält pro FFRL Tunnel ein Dictionary|
|
|ffrl_exit_server|Dictionary|||Enthält pro FFRL Tunnel ein Dictionary|
|
||||||
|ffrl_exit_server.ffrl-a-ak-ber|Dictionary|||Name = Interface|
|
|ffrl_exit_server.ffrl-a-ak-ber|Dictionary|||Name = Interface|
|
||||||
|
@ -158,7 +158,7 @@ magic:
|
||||||
|
|
||||||
# Die Nummer des /22er IPv4-Subnetzes, das per DHCP verteilt werden soll.
|
# Die Nummer des /22er IPv4-Subnetzes, das per DHCP verteilt werden soll.
|
||||||
# z.B. 5 für 10.X.16.0/22 (fünftes /22 Subnetz aus 10.X.0.0/18)
|
# z.B. 5 für 10.X.16.0/22 (fünftes /22 Subnetz aus 10.X.0.0/18)
|
||||||
ipv4_dhcp_range:
|
ipv4_dhcp:
|
||||||
|
|
||||||
# FFRL (muss vorher bereits zugewiesen worden sein)
|
# FFRL (muss vorher bereits zugewiesen worden sein)
|
||||||
# Öffentliche IPv4 NAT Adresse, Format: IP/Prefix
|
# Öffentliche IPv4 NAT Adresse, Format: IP/Prefix
|
||||||
|
|
|
@ -11,5 +11,5 @@ bin_ansible_callbacks = True
|
||||||
[privilege_escalation]
|
[privilege_escalation]
|
||||||
become = True
|
become = True
|
||||||
|
|
||||||
#[ssh_connection]
|
[ssh_connection]
|
||||||
#pipelining = True
|
pipelining = True
|
||||||
|
|
|
@ -2,7 +2,10 @@
|
||||||
ansible_version_minimum: "2.6"
|
ansible_version_minimum: "2.6"
|
||||||
debug_fastd: False
|
debug_fastd: False
|
||||||
|
|
||||||
as_private_mwu: 65037
|
site_code: ffmwu
|
||||||
|
site_name: "Mainz, Wiesbaden und Umgebung"
|
||||||
|
|
||||||
|
as_private: 65037
|
||||||
as_public_ffrl: 201701
|
as_public_ffrl: 201701
|
||||||
|
|
||||||
internet_exit_tcp_mss_ipv4: 1240
|
internet_exit_tcp_mss_ipv4: 1240
|
||||||
|
@ -11,16 +14,22 @@ internet_exit_tcp_mss_ipv6: 1220
|
||||||
icvpn_ipv4_transfer_net: 10.207.0.0/16
|
icvpn_ipv4_transfer_net: 10.207.0.0/16
|
||||||
icvpn_ipv6_transfer_net: fec0::a:cf:0:0/96
|
icvpn_ipv6_transfer_net: fec0::a:cf:0:0/96
|
||||||
|
|
||||||
ffmwu_loopback_net_ipv4: 10.37.255.0/24
|
loopback_net_ipv4: 10.37.255.0/24
|
||||||
ffmwu_loopback_net_ipv6: fd37:b4dc:4b1e:ffff::/64
|
loopback_net_ipv6: fd37:b4dc:4b1e:ffff::/64
|
||||||
ffmwu_anycast_ipv4: 10.37.255.255/32
|
anycast_ipv4: 10.37.255.255/32
|
||||||
ffmwu_anycast_ipv6: fd37:b4dc:4b1e:ffff:ffff:ffff:ffff:ffff/128
|
anycast_ipv6: fd37:b4dc:4b1e:ffff:ffff:ffff:ffff:ffff/128
|
||||||
|
|
||||||
ffmwu_internal_prefixes:
|
internal_prefixes:
|
||||||
- ipv4: 10.37.0.0/16
|
- ipv4: 10.37.0.0/16
|
||||||
ipv6: fd37:b4dc:4b1e::/48
|
ipv6: fd37:b4dc:4b1e::/48
|
||||||
- ipv4: 10.56.0.0/16
|
- ipv4: 10.56.0.0/16
|
||||||
ipv6: fd56:b4dc:4b1e::/48
|
ipv6: fd56:b4dc:4b1e::/48
|
||||||
|
- ipv4: 10.86.0.0/15
|
||||||
|
ipv6: fd86:b4dc:4b1e::/48
|
||||||
|
|
||||||
|
public_prefixes:
|
||||||
|
- ipv6: 2a03:2260:11a::/48
|
||||||
|
- ipv6: 2a03:2260:11b::/48
|
||||||
|
|
||||||
bgp_loopback_net: 10.37.0.0/18
|
bgp_loopback_net: 10.37.0.0/18
|
||||||
bgp_ipv4_transfer_net: 10.37.0.0/18
|
bgp_ipv4_transfer_net: 10.37.0.0/18
|
||||||
|
@ -29,6 +38,10 @@ bgp_groups:
|
||||||
- ffmwu-gateways
|
- ffmwu-gateways
|
||||||
- ffmwu-monitoring
|
- ffmwu-monitoring
|
||||||
|
|
||||||
|
fastd_groups:
|
||||||
|
- ffmwu-gateways
|
||||||
|
- ffmwu-monitoring
|
||||||
|
|
||||||
prometheus_groups:
|
prometheus_groups:
|
||||||
- ffmwu-gateways
|
- ffmwu-gateways
|
||||||
- ffmwu-monitoring
|
- ffmwu-monitoring
|
||||||
|
@ -48,17 +61,18 @@ gopath: "/opt/go"
|
||||||
|
|
||||||
meshes:
|
meshes:
|
||||||
- id: mz
|
- id: mz
|
||||||
site_number: 37
|
legacy: true
|
||||||
site_code: ffmz
|
domain_number: 37
|
||||||
site_name: Mainz
|
domain_code: ffmz
|
||||||
sites_virtual:
|
domain_name: Mainz
|
||||||
|
aliases:
|
||||||
ffbin: Bingen
|
ffbin: Bingen
|
||||||
ffrhg: Rheingau
|
ffrhg: Rheingau
|
||||||
ipv4_network: 10.37.0.0/18
|
ipv4_network: 10.37.0.0/18
|
||||||
ipv6_ula:
|
ipv6_ula:
|
||||||
- fd37:b4dc:4b1e::/48
|
- fd37:b4dc:4b1e::/64
|
||||||
ipv6_public:
|
ipv6_public:
|
||||||
- 2a03:2260:11a::/48
|
- 2a03:2260:11a::/64
|
||||||
dnssl:
|
dnssl:
|
||||||
- ffmz.org
|
- ffmz.org
|
||||||
- user.ffmz.org
|
- user.ffmz.org
|
||||||
|
@ -102,16 +116,17 @@ meshes:
|
||||||
http_domain_external: freifunk-mainz.de
|
http_domain_external: freifunk-mainz.de
|
||||||
|
|
||||||
- id: wi
|
- id: wi
|
||||||
site_number: 56
|
legacy: true
|
||||||
site_code: ffwi
|
domain_number: 56
|
||||||
site_name: Wiesbaden
|
domain_code: ffwi
|
||||||
sites_virtual:
|
domain_name: Wiesbaden
|
||||||
|
aliases:
|
||||||
ffta: Taunus
|
ffta: Taunus
|
||||||
ipv4_network: 10.56.0.0/18
|
ipv4_network: 10.56.0.0/18
|
||||||
ipv6_ula:
|
ipv6_ula:
|
||||||
- fd56:b4dc:4b1e::/48
|
- fd56:b4dc:4b1e::/64
|
||||||
ipv6_public:
|
ipv6_public:
|
||||||
- 2a03:2260:11b::/48
|
- 2a03:2260:11b::/64
|
||||||
dnssl:
|
dnssl:
|
||||||
- ffwi.org
|
- ffwi.org
|
||||||
- user.ffwi.org
|
- user.ffwi.org
|
||||||
|
@ -159,7 +174,7 @@ icvpn:
|
||||||
interface: icvpn
|
interface: icvpn
|
||||||
icvpn_repo: https://github.com/freifunk/icvpn
|
icvpn_repo: https://github.com/freifunk/icvpn
|
||||||
|
|
||||||
bgp_mwu_servers:
|
bgp_legacy_servers:
|
||||||
zuckerwatte:
|
zuckerwatte:
|
||||||
ipv4: 10.37.1.2
|
ipv4: 10.37.1.2
|
||||||
ipv6: fd37:b4dc:4b1e::a25:102
|
ipv6: fd37:b4dc:4b1e::a25:102
|
||||||
|
|
|
@ -1,8 +1,21 @@
|
||||||
---
|
---
|
||||||
ffmwu_server_type: "gateway"
|
server_type: "gateway"
|
||||||
|
|
||||||
magic: 161
|
magic: 161
|
||||||
ipv4_dhcp_range: 7
|
|
||||||
|
public_gw_prefixes:
|
||||||
|
- ipv6: 2a03:2260:11a:a100::/56
|
||||||
|
- ipv6: 2a03:2260:11b:a100::/56
|
||||||
|
|
||||||
|
mesh_gw_prefixes:
|
||||||
|
mz:
|
||||||
|
ipv4_dhcp: 10.37.24.0/22
|
||||||
|
ipv6_public:
|
||||||
|
- 2a03:2260:11a:a100::/64
|
||||||
|
wi:
|
||||||
|
ipv4_dhcp: 10.56.24.0/22
|
||||||
|
ipv6_public:
|
||||||
|
- 2a03:2260:11b:a100::/64
|
||||||
|
|
||||||
ffrl_public_ipv4_nat: 185.66.195.38/32
|
ffrl_public_ipv4_nat: 185.66.195.38/32
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,21 @@
|
||||||
---
|
---
|
||||||
ffmwu_server_type: "gateway"
|
server_type: "gateway"
|
||||||
|
|
||||||
magic: 23
|
magic: 23
|
||||||
ipv4_dhcp_range: 4
|
|
||||||
|
public_gw_prefixes:
|
||||||
|
- ipv6: 2a03:2260:11a:1700::/56
|
||||||
|
- ipv6: 2a03:2260:11b:1700::/56
|
||||||
|
|
||||||
|
mesh_gw_prefixes:
|
||||||
|
mz:
|
||||||
|
ipv4_dhcp: 10.37.16.0/22
|
||||||
|
ipv6_public:
|
||||||
|
- 2a03:2260:11a:1700::/64
|
||||||
|
wi:
|
||||||
|
ipv4_dhcp: 10.56.16.0/22
|
||||||
|
ipv6_public:
|
||||||
|
- 2a03:2260:11b:1700::/64
|
||||||
|
|
||||||
ffrl_public_ipv4_nat: 185.66.195.36/32
|
ffrl_public_ipv4_nat: 185.66.195.36/32
|
||||||
|
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
---
|
---
|
||||||
ffmwu_server_type: "firmware-build"
|
server_type: "firmware-build"
|
||||||
|
|
|
@ -1,8 +1,21 @@
|
||||||
---
|
---
|
||||||
ffmwu_server_type: "gateway"
|
server_type: "gateway"
|
||||||
|
|
||||||
magic: 7
|
magic: 7
|
||||||
ipv4_dhcp_range: 5
|
|
||||||
|
public_gw_prefixes:
|
||||||
|
- ipv6: 2a03:2260:11a:0700::/56
|
||||||
|
- ipv6: 2a03:2260:11b:0700::/56
|
||||||
|
|
||||||
|
mesh_gw_prefixes:
|
||||||
|
mz:
|
||||||
|
ipv4_dhcp: 10.37.20.0/22
|
||||||
|
ipv6_public:
|
||||||
|
- 2a03:2260:11a:0700::/64
|
||||||
|
wi:
|
||||||
|
ipv4_dhcp: 10.56.20.0/22
|
||||||
|
ipv6_public:
|
||||||
|
- 2a03:2260:11b:0700::/64
|
||||||
|
|
||||||
ffrl_public_ipv4_nat: 185.66.195.32/32
|
ffrl_public_ipv4_nat: 185.66.195.32/32
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
---
|
---
|
||||||
ffmwu_server_type: "monitoring"
|
server_type: "monitoring"
|
||||||
|
|
||||||
magic: 32
|
magic: 32
|
||||||
|
|
|
@ -1,8 +1,21 @@
|
||||||
---
|
---
|
||||||
ffmwu_server_type: "gateway"
|
server_type: "gateway"
|
||||||
|
|
||||||
magic: 101
|
magic: 101
|
||||||
ipv4_dhcp_range: 8
|
|
||||||
|
public_gw_prefixes:
|
||||||
|
- ipv6: 2a03:2260:11a:6500::/56
|
||||||
|
- ipv6: 2a03:2260:11b:6500::/56
|
||||||
|
|
||||||
|
mesh_gw_prefixes:
|
||||||
|
mz:
|
||||||
|
ipv4_dhcp: 10.37.32.0/22
|
||||||
|
ipv6_public:
|
||||||
|
- 2a03:2260:11a:6500::/64
|
||||||
|
wi:
|
||||||
|
ipv4_dhcp: 10.56.32.0/22
|
||||||
|
ipv6_public:
|
||||||
|
- 2a03:2260:11b:6500::/64
|
||||||
|
|
||||||
ffrl_public_ipv4_nat: 185.66.195.37/32
|
ffrl_public_ipv4_nat: 185.66.195.37/32
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,21 @@
|
||||||
---
|
---
|
||||||
ffmwu_server_type: "gateway"
|
server_type: "gateway"
|
||||||
|
|
||||||
magic: 231
|
magic: 231
|
||||||
ipv4_dhcp_range: 9
|
|
||||||
|
public_gw_prefixes:
|
||||||
|
- ipv6: 2a03:2260:11a:e700::/56
|
||||||
|
- ipv6: 2a03:2260:11b:e700::/56
|
||||||
|
|
||||||
|
mesh_gw_prefixes:
|
||||||
|
mz:
|
||||||
|
ipv4_dhcp: 10.37.36.0/22
|
||||||
|
ipv6_public:
|
||||||
|
- 2a03:2260:11a:e700::/64
|
||||||
|
wi:
|
||||||
|
ipv4_dhcp: 10.56.36.0/22
|
||||||
|
ipv6_public:
|
||||||
|
- 2a03:2260:11b:e700::/64
|
||||||
|
|
||||||
ffrl_public_ipv4_nat: 185.66.195.33/32
|
ffrl_public_ipv4_nat: 185.66.195.33/32
|
||||||
|
|
||||||
|
|
|
@ -7,5 +7,5 @@ Diese Ansible role konfiguriert das FFMWU Anycast Interface.
|
||||||
|
|
||||||
## Benötigte Variablen
|
## Benötigte Variablen
|
||||||
|
|
||||||
- ffmwu_anycast_ipv4 # Anycast IPv4 Adresse
|
- anycast_ipv4 # Anycast IPv4 Adresse
|
||||||
- ffmwu_anycast_ipv6 # Anycast IPv6 Adresse
|
- anycast_ipv6 # Anycast IPv6 Adresse
|
||||||
|
|
|
@ -4,5 +4,5 @@
|
||||||
auto anycast
|
auto anycast
|
||||||
iface anycast
|
iface anycast
|
||||||
link-type dummy
|
link-type dummy
|
||||||
address {{ ffmwu_anycast_ipv4 | ipaddr('network/prefix') }}
|
address {{ anycast_ipv4 | ipaddr('network/prefix') }}
|
||||||
address {{ ffmwu_anycast_ipv6 | ipaddr('network/prefix') }}
|
address {{ anycast_ipv6 | ipaddr('network/prefix') }}
|
||||||
|
|
|
@ -40,7 +40,7 @@ meshes:
|
||||||
|
|
||||||
- Host Variable `magic`
|
- Host Variable `magic`
|
||||||
|
|
||||||
- Host Variable `ffmwu_server_type`
|
- Host Variable `server_type`
|
||||||
|
|
||||||
## MAC-Adressen
|
## MAC-Adressen
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
- name: create dummy interfaces
|
- name: create dummy interfaces
|
||||||
template:
|
template:
|
||||||
src: dummy.j2
|
src: dummy.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.id }}0"
|
dest: "/etc/network/interfaces.d/{{ item.id }}"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
loop: "{{ meshes }}"
|
loop: "{{ meshes }}"
|
||||||
|
|
||||||
|
|
|
@ -7,9 +7,9 @@
|
||||||
auto {{ item.id }}bat
|
auto {{ item.id }}bat
|
||||||
iface {{ item.id }}bat
|
iface {{ item.id }}bat
|
||||||
hwaddress {{ mac | hwaddr('linux') }}
|
hwaddress {{ mac | hwaddr('linux') }}
|
||||||
batman-ifaces {{ item.id }}0 {% if ffmwu_server_type == 'gateway' %}{% for instance in item.fastd.nodes.instances %}{{ item.id }}vpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% endif %}{% for instance in item.fastd.backbone.instances %}{{ item.id }}igvpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %}
|
batman-ifaces {{ item.id }} {% if server_type == 'gateway' %}{% for instance in item.fastd.nodes.instances %}{{ item.id }}vpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% endif %}{% for instance in item.fastd.backbone.instances %}{{ item.id }}igvpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %}
|
||||||
batman-hop-penalty {{ item.batman.hop_penalty }}
|
batman-hop-penalty {{ item.batman.hop_penalty }}
|
||||||
post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }}
|
post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }}
|
||||||
post-up /usr/sbin/batctl -m $IFACE mm {{ item.batman.mm }}
|
post-up /usr/sbin/batctl -m $IFACE mm {{ item.batman.mm }}
|
||||||
post-up /usr/sbin/batctl -m $IFACE dat {{ item.batman.dat }}
|
post-up /usr/sbin/batctl -m $IFACE dat {{ item.batman.dat }}
|
||||||
post-up /usr/sbin/batctl -m $IFACE gw {% if ffmwu_server_type == 'gateway' %}{{ item.batman.gw }}{% else %}off{% endif %}
|
post-up /usr/sbin/batctl -m $IFACE gw {% if server_type == 'gateway' %}{{ item.batman.gw }}{% else %}off{% endif %}
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
auto {{ item.id }}0
|
auto {{ item.id }}
|
||||||
iface {{ item.id }}0
|
iface {{ item.id }}
|
||||||
link-type dummy
|
link-type dummy
|
||||||
hwaddress {{ mac | hwaddr('linux') }}
|
hwaddress {{ mac | hwaddr('linux') }}
|
||||||
|
|
|
@ -34,7 +34,7 @@ meshes:
|
||||||
|
|
||||||
- Host Variable `magic`
|
- Host Variable `magic`
|
||||||
|
|
||||||
- Host Variable `ffmwu_server_type`
|
- Host Variable `server_type`
|
||||||
|
|
||||||
## MAC-Adressen
|
## MAC-Adressen
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: create fastd mesh interfaces
|
- name: create fastd mesh interfaces
|
||||||
when: ffmwu_server_type == "gateway"
|
when: server_type == "gateway"
|
||||||
template:
|
template:
|
||||||
src: fastd-mesh.j2
|
src: fastd-mesh.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
dest: "/etc/network/interfaces.d/{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
||||||
|
|
|
@ -7,5 +7,5 @@ Diese Ansible role konfiguriert das FFMWU Loopback Interface.
|
||||||
|
|
||||||
## Benötigte Variablen
|
## Benötigte Variablen
|
||||||
|
|
||||||
- ffmwu_loopback_net_ipv4 # IPv4-Subnetz aus dem die Loopback IPs berechnet werden
|
- loopback_net_ipv4 # IPv4-Subnetz aus dem die Loopback IPs berechnet werden
|
||||||
- ffmwu_loopback_net_ipv6 # IPv6-Subnetz aus dem die Loopback IPs berechnet werden
|
- loopback_net_ipv6 # IPv6-Subnetz aus dem die Loopback IPs berechnet werden
|
||||||
|
|
|
@ -4,5 +4,5 @@
|
||||||
auto loopback
|
auto loopback
|
||||||
iface loopback
|
iface loopback
|
||||||
link-type dummy
|
link-type dummy
|
||||||
address {{ ffmwu_loopback_net_ipv4 | ipsubnet(32, magic) | ipaddr('network/prefix') }}
|
address {{ loopback_net_ipv4 | ipsubnet(32, magic) | ipaddr('network/prefix') }}
|
||||||
address {{ ffmwu_loopback_net_ipv6 | ipaddr(magic) | ipaddr('address') }}/128
|
address {{ loopback_net_ipv6 | ipaddr(magic) | ipaddr('address') }}/128
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
|
|
||||||
auto {{ item.id }}br
|
auto {{ item.id }}br
|
||||||
iface {{ item.id }}br
|
iface {{ item.id }}br
|
||||||
address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }}
|
address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }}
|
||||||
|
@ -9,8 +10,10 @@ iface {{ item.id }}br
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for prefix in item.ipv6_public %}
|
{% for prefix in item.ipv6_public %}
|
||||||
address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
|
address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
|
||||||
{% if ffmwu_server_type == "gateway" %}
|
|
||||||
address {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr(1) | ipaddr('ip/prefix') }}
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% if mesh_gw_prefixes is defined %}
|
||||||
|
{% for prefix in mesh_gw_prefixes[item.id].ipv6_public %}
|
||||||
|
address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(1) | ipaddr('ip/prefix') }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
bridge-ports {{ item.id }}bat
|
bridge-ports {{ item.id }}bat
|
||||||
|
|
|
@ -36,4 +36,4 @@ sysctl_settings_routing_(basic|gateway):
|
||||||
|
|
||||||
- Host Variable `magic`
|
- Host Variable `magic`
|
||||||
|
|
||||||
- Host Variable `ffmwu_server_type`
|
- Host Variable `server_type`
|
||||||
|
|
|
@ -61,7 +61,7 @@
|
||||||
loop: "{{ sysctl_settings_routing_basic }}"
|
loop: "{{ sysctl_settings_routing_basic }}"
|
||||||
|
|
||||||
- name: set gateway sysctl settings for routing
|
- name: set gateway sysctl settings for routing
|
||||||
when: ffmwu_server_type == "gateway"
|
when: server_type == "gateway"
|
||||||
sysctl:
|
sysctl:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
value: "{{ item.value }}"
|
value: "{{ item.value }}"
|
||||||
|
|
|
@ -5,52 +5,52 @@
|
||||||
|
|
||||||
# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
|
# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
|
|
||||||
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
|
|
||||||
ip -4 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
|
ip -4 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
|
||||||
{% for ula in mesh.ipv6_ula %}
|
|
||||||
ip -6 rule add from {{ ula }} lookup mwu priority 7
|
|
||||||
ip -6 rule add to {{ ula }} lookup mwu priority 7
|
|
||||||
{% endfor %}
|
|
||||||
{% for public in mesh.ipv6_public %}
|
|
||||||
ip -6 rule add from {{ public }} lookup mwu priority 7
|
|
||||||
ip -6 rule add to {{ public }} lookup mwu priority 7
|
|
||||||
{% endfor %}
|
|
||||||
ip -6 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
|
ip -6 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for prefix in internal_prefixes %}
|
||||||
|
ip -4 rule add from {{ prefix.ipv4 }} lookup mwu priority 7
|
||||||
|
ip -4 rule add to {{ prefix.ipv4 }} lookup mwu priority 7
|
||||||
|
ip -6 rule add from {{ prefix.ipv6 }} lookup mwu priority 7
|
||||||
|
ip -6 rule add to {{ prefix.ipv6 }} lookup mwu priority 7
|
||||||
|
{% endfor %}
|
||||||
|
{% for prefix in public_prefixes %}
|
||||||
|
ip -6 rule add from {{ prefix.ipv6 }} lookup mwu priority 7
|
||||||
|
ip -6 rule add to {{ prefix.ipv6 }} lookup mwu priority 7
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
{% if ffmwu_server_type == 'gateway' %}
|
{% if server_type == 'gateway' %}
|
||||||
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
|
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
|
|
||||||
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
|
|
||||||
ip -4 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
|
ip -4 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
|
||||||
{% for ula in mesh.ipv6_ula %}
|
|
||||||
ip -6 rule add from {{ ula }} lookup icvpn priority 23
|
|
||||||
ip -6 rule add to {{ ula }} lookup icvpn priority 23
|
|
||||||
{% endfor %}
|
|
||||||
{% for public in mesh.ipv6_public %}
|
|
||||||
ip -6 rule add from {{ public }} lookup icvpn priority 23
|
|
||||||
ip -6 rule add to {{ public }} lookup icvpn priority 23
|
|
||||||
{% endfor %}
|
|
||||||
ip -6 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
|
ip -6 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for prefix in internal_prefixes %}
|
||||||
|
ip -4 rule add from {{ prefix.ipv4 }} lookup icvpn priority 23
|
||||||
|
ip -4 rule add to {{ prefix.ipv4 }} lookup icvpn priority 23
|
||||||
|
ip -6 rule add from {{ prefix.ipv6 }} lookup icvpn priority 23
|
||||||
|
ip -6 rule add to {{ prefix.ipv6 }} lookup icvpn priority 23
|
||||||
|
{% endfor %}
|
||||||
|
{% for prefix in public_prefixes %}
|
||||||
|
ip -6 rule add from {{ prefix.ipv6 }} lookup icvpn priority 23
|
||||||
|
ip -6 rule add to {{ prefix.ipv6 }} lookup icvpn priority 23
|
||||||
|
{% endfor %}
|
||||||
ip -4 rule add from all oif icvpn lookup icvpn priority 23
|
ip -4 rule add from all oif icvpn lookup icvpn priority 23
|
||||||
ip -6 rule add from all oif icvpn lookup icvpn priority 23
|
ip -6 rule add from all oif icvpn lookup icvpn priority 23
|
||||||
|
|
||||||
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
|
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41
|
|
||||||
{% for ula in mesh.ipv6_ula %}
|
|
||||||
ip -6 rule add from {{ ula }} lookup internet priority 41
|
|
||||||
ip -6 rule add to {{ ula }} lookup internet priority 41
|
|
||||||
{% endfor %}
|
|
||||||
{% for public in mesh.ipv6_public %}
|
|
||||||
ip -6 rule add from {{ public }} lookup internet priority 41
|
|
||||||
ip -6 rule add to {{ public }} lookup internet priority 41
|
|
||||||
{% endfor %}
|
|
||||||
ip -6 rule add from all oif {{ mesh.id }}br lookup internet priority 41
|
ip -6 rule add from all oif {{ mesh.id }}br lookup internet priority 41
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for prefix in internal_prefixes %}
|
||||||
|
ip -4 rule add from {{ prefix.ipv4 }} lookup internet priority 41
|
||||||
|
ip -6 rule add from {{ prefix.ipv6 }} lookup internet priority 41
|
||||||
|
ip -6 rule add to {{ prefix.ipv6 }} lookup internet priority 41
|
||||||
|
{% endfor %}
|
||||||
|
{% for prefix in public_prefixes %}
|
||||||
|
ip -6 rule add from {{ prefix.ipv6 }} lookup internet priority 41
|
||||||
|
ip -6 rule add to {{ prefix.ipv6 }} lookup internet priority 41
|
||||||
|
{% endfor %}
|
||||||
ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
||||||
ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
||||||
|
|
||||||
|
@ -67,11 +67,9 @@ ip -6 rule add from all iif {{ server_id }} type unreachable priority 61
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -6 rule add from all iif icvpn type unreachable priority 61
|
ip -6 rule add from all iif icvpn type unreachable priority 61
|
||||||
ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
|
ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
|
||||||
{% for mesh in meshes %}
|
{% for prefix in public_prefixes %}
|
||||||
{% for public in mesh.ipv6_public %}
|
ip -6 rule add from {{ prefix.ipv6 }} type unreachable priority 61
|
||||||
ip -6 rule add from {{ public }} type unreachable priority 61
|
ip -6 rule add to {{ prefix.ipv6 }} type unreachable priority 61
|
||||||
ip -6 rule add to {{ public }} type unreachable priority 61
|
|
||||||
{% endfor %}
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
# Priority 107 - lookup policies for the gateway host self originating traffic
|
# Priority 107 - lookup policies for the gateway host self originating traffic
|
||||||
|
|
|
@ -4,21 +4,25 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
# static {{ mesh.site_name }} routes for rt_table mwu
|
# static {{ mesh.domain_name }} routes for rt_table mwu
|
||||||
/sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
|
/sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
|
||||||
{% for ula in mesh.ipv6_ula %}
|
{% for ula in mesh.ipv6_ula %}
|
||||||
/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for public in mesh.ipv6_public %}
|
{% for public in mesh.ipv6_public %}
|
||||||
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
||||||
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% if mesh_gw_prefixes is defined %}
|
||||||
|
{% for public in mesh_gw_prefixes[mesh.id].ipv6_public %}
|
||||||
|
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% if not loop.last %}
|
{% if not loop.last %}
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
{% if ffmwu_server_type == 'gateway' %}
|
{% if server_type == 'gateway' %}
|
||||||
# static blackhole routes for rt_table internet
|
# static blackhole routes for rt_table internet
|
||||||
/sbin/ip -4 route add blackhole 0.0.0.0/8 table internet
|
/sbin/ip -4 route add blackhole 0.0.0.0/8 table internet
|
||||||
/sbin/ip -4 route add blackhole 10.0.0.0/8 table internet
|
/sbin/ip -4 route add blackhole 10.0.0.0/8 table internet
|
||||||
|
|
|
@ -5,52 +5,52 @@
|
||||||
|
|
||||||
# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
|
# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
|
|
||||||
ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
|
|
||||||
ip -4 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
|
ip -4 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
|
||||||
{% for ula in mesh.ipv6_ula %}
|
|
||||||
ip -6 rule del from {{ ula }} lookup mwu priority 7
|
|
||||||
ip -6 rule del to {{ ula }} lookup mwu priority 7
|
|
||||||
{% endfor %}
|
|
||||||
{% for public in mesh.ipv6_public %}
|
|
||||||
ip -6 rule del from {{ public }} lookup mwu priority 7
|
|
||||||
ip -6 rule del to {{ public }} lookup mwu priority 7
|
|
||||||
{% endfor %}
|
|
||||||
ip -6 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
|
ip -6 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for prefix in internal_prefixes %}
|
||||||
|
ip -4 rule del from {{ prefix.ipv4 }} lookup mwu priority 7
|
||||||
|
ip -4 rule del to {{ prefix.ipv4 }} lookup mwu priority 7
|
||||||
|
ip -6 rule del from {{ prefix.ipv6 }} lookup mwu priority 7
|
||||||
|
ip -6 rule del to {{ prefix.ipv6 }} lookup mwu priority 7
|
||||||
|
{% endfor %}
|
||||||
|
{% for prefix in public_prefixes %}
|
||||||
|
ip -6 rule del from {{ prefix.ipv6 }} lookup mwu priority 7
|
||||||
|
ip -6 rule del to {{ prefix.ipv6 }} lookup mwu priority 7
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
{% if ffmwu_server_type == 'gateway' %}
|
{% if server_type == 'gateway' %}
|
||||||
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
|
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
|
|
||||||
ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
|
|
||||||
ip -4 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
|
ip -4 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
|
||||||
{% for ula in mesh.ipv6_ula %}
|
|
||||||
ip -6 rule del from {{ ula }} lookup icvpn priority 23
|
|
||||||
ip -6 rule del to {{ ula }} lookup icvpn priority 23
|
|
||||||
{% endfor %}
|
|
||||||
{% for public in mesh.ipv6_public %}
|
|
||||||
ip -6 rule del from {{ public }} lookup icvpn priority 23
|
|
||||||
ip -6 rule del to {{ public }} lookup icvpn priority 23
|
|
||||||
{% endfor %}
|
|
||||||
ip -6 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
|
ip -6 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for prefix in internal_prefixes %}
|
||||||
|
ip -4 rule del from {{ prefix.ipv4 }} lookup icvpn priority 23
|
||||||
|
ip -4 rule del to {{ prefix.ipv4 }} lookup icvpn priority 23
|
||||||
|
ip -6 rule del from {{ prefix.ipv6 }} lookup icvpn priority 23
|
||||||
|
ip -6 rule del to {{ prefix.ipv6 }} lookup icvpn priority 23
|
||||||
|
{% endfor %}
|
||||||
|
{% for prefix in public_prefixes %}
|
||||||
|
ip -6 rule del from {{ prefix.ipv6 }} lookup icvpn priority 23
|
||||||
|
ip -6 rule del to {{ prefix.ipv6 }} lookup icvpn priority 23
|
||||||
|
{% endfor %}
|
||||||
ip -4 rule del from all oif icvpn lookup icvpn priority 23
|
ip -4 rule del from all oif icvpn lookup icvpn priority 23
|
||||||
ip -6 rule del from all oif icvpn lookup icvpn priority 23
|
ip -6 rule del from all oif icvpn lookup icvpn priority 23
|
||||||
|
|
||||||
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
|
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41
|
|
||||||
{% for ula in mesh.ipv6_ula %}
|
|
||||||
ip -6 rule del from {{ ula }} lookup internet priority 41
|
|
||||||
ip -6 rule del to {{ ula }} lookup internet priority 41
|
|
||||||
{% endfor %}
|
|
||||||
{% for public in mesh.ipv6_public %}
|
|
||||||
ip -6 rule del from {{ public }} lookup internet priority 41
|
|
||||||
ip -6 rule del to {{ public }} lookup internet priority 41
|
|
||||||
{% endfor %}
|
|
||||||
ip -6 rule del from all oif {{ mesh.id }}br lookup internet priority 41
|
ip -6 rule del from all oif {{ mesh.id }}br lookup internet priority 41
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for prefix in internal_prefixes %}
|
||||||
|
ip -4 rule del from {{ prefix.ipv4 }} lookup internet priority 41
|
||||||
|
ip -6 rule del from {{ prefix.ipv6 }} lookup internet priority 41
|
||||||
|
ip -6 rule del to {{ prefix.ipv6 }} lookup internet priority 41
|
||||||
|
{% endfor %}
|
||||||
|
{% for prefix in public_prefixes %}
|
||||||
|
ip -6 rule del from {{ prefix.ipv6 }} lookup internet priority 41
|
||||||
|
ip -6 rule del to {{ prefix.ipv6 }} lookup internet priority 41
|
||||||
|
{% endfor %}
|
||||||
ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
||||||
ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
||||||
|
|
||||||
|
@ -67,11 +67,9 @@ ip -6 rule del from all iif {{ server_id }} type unreachable priority 61
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -6 rule del from all iif icvpn type unreachable priority 61
|
ip -6 rule del from all iif icvpn type unreachable priority 61
|
||||||
ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
|
ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
|
||||||
{% for mesh in meshes %}
|
{% for prefix in public_prefixes %}
|
||||||
{% for public in mesh.ipv6_public %}
|
ip -6 rule del from {{ prefix.ipv6 }} type unreachable priority 61
|
||||||
ip -6 rule del from {{ public }} type unreachable priority 61
|
ip -6 rule del to {{ prefix.ipv6 }} type unreachable priority 61
|
||||||
ip -6 rule del to {{ public }} type unreachable priority 61
|
|
||||||
{% endfor %}
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
# Priority 107 - lookup policies for the gateway host self originating traffic
|
# Priority 107 - lookup policies for the gateway host self originating traffic
|
||||||
|
|
|
@ -4,21 +4,25 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
# static {{ mesh.site_name }} routes for rt_table mwu
|
# static {{ mesh.domain_name }} routes for rt_table mwu
|
||||||
/sbin/ip -4 route del {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
|
/sbin/ip -4 route del {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
|
||||||
{% for ula in mesh.ipv6_ula %}
|
{% for ula in mesh.ipv6_ula %}
|
||||||
/sbin/ip -6 route del {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
/sbin/ip -6 route del {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for public in mesh.ipv6_public %}
|
{% for public in mesh.ipv6_public %}
|
||||||
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
||||||
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% if mesh_gw_prefixes is defined %}
|
||||||
|
{% for public in mesh_gw_prefixes[mesh.id].ipv6_public %}
|
||||||
|
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
||||||
|
{% endfor %}
|
||||||
|
{% endif%}
|
||||||
{% if not loop.last %}
|
{% if not loop.last %}
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
{% if ffmwu_server_type == 'gateway' %}
|
{% if server_type == 'gateway' %}
|
||||||
# static blackhole routes for rt_table internet
|
# static blackhole routes for rt_table internet
|
||||||
/sbin/ip -4 route del blackhole 0.0.0.0/8 table internet
|
/sbin/ip -4 route del blackhole 0.0.0.0/8 table internet
|
||||||
/sbin/ip -4 route del blackhole 10.0.0.0/8 table internet
|
/sbin/ip -4 route del blackhole 10.0.0.0/8 table internet
|
||||||
|
|
|
@ -16,4 +16,4 @@ Die folgenden Variablen werden über einen DNS Lookup gesetzt:
|
||||||
- Variable `dns_host_ipv6_address` (Rollen-Variable)
|
- Variable `dns_host_ipv6_address` (Rollen-Variable)
|
||||||
- Variable `dns_gate_num_cname` (Rollen-Variable)
|
- Variable `dns_gate_num_cname` (Rollen-Variable)
|
||||||
- Variable `dns_gate_icvpn_cname` (Rollen-Variable)
|
- Variable `dns_gate_icvpn_cname` (Rollen-Variable)
|
||||||
- Variable `ffmwu_server_type`
|
- Variable `server_type`
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
- "ansible_distribution_major_version == '9'"
|
- "ansible_distribution_major_version == '9'"
|
||||||
|
|
||||||
- name: Check gateway specific DNS entries
|
- name: Check gateway specific DNS entries
|
||||||
when: ffmwu_server_type == "gateway"
|
when: server_type == "gateway"
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- "dns_gate_num_cname == inventory_hostname"
|
- "dns_gate_num_cname == inventory_hostname"
|
||||||
|
|
|
@ -38,7 +38,7 @@
|
||||||
- name: write named.conf for meshes
|
- name: write named.conf for meshes
|
||||||
template:
|
template:
|
||||||
src: named.conf.mesh.j2
|
src: named.conf.mesh.j2
|
||||||
dest: /etc/bind/named.conf.{{ item.site_code }}
|
dest: /etc/bind/named.conf.{{ item.domain_code }}
|
||||||
owner: root
|
owner: root
|
||||||
group: bind
|
group: bind
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
|
@ -6,6 +6,6 @@ include "/etc/bind/named.conf.options";
|
||||||
include "/etc/bind/named.conf.default-zones";
|
include "/etc/bind/named.conf.default-zones";
|
||||||
include "/etc/bind/named.conf.logging";
|
include "/etc/bind/named.conf.logging";
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
include "/etc/bind/named.conf.{{ mesh.site_code }}";
|
include "/etc/bind/named.conf.{{ mesh.domain_code }}";
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
include "/etc/bind/named.conf.icvpn";
|
include "/etc/bind/named.conf.icvpn";
|
||||||
|
|
|
@ -3,10 +3,11 @@
|
||||||
//
|
//
|
||||||
|
|
||||||
// ACLs
|
// ACLs
|
||||||
masters "ns-master-{{ item.site_code }}" {
|
masters "ns-master-{{ item.domain_code }}" {
|
||||||
{{ item.dns.master }};
|
{{ item.dns.master }};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
{% if item.dns.forward_zones is defined %}
|
||||||
{% for zone in item.dns.forward_zones %}
|
{% for zone in item.dns.forward_zones %}
|
||||||
{% if zone.master is defined %}
|
{% if zone.master is defined %}
|
||||||
masters "ns-master-{{ zone.name }}" {
|
masters "ns-master-{{ zone.name }}" {
|
||||||
|
@ -15,15 +16,17 @@ masters "ns-master-{{ zone.name }}" {
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
acl "intern-{{ item.site_code }}" {
|
acl "intern-{{ item.domain_code }}" {
|
||||||
{{ item.ipv4_network | ipaddr('net') | ipaddr('network/prefix') }};
|
{{ item.ipv4_network | ipaddr('net') | ipaddr('network/prefix') }};
|
||||||
{% for prefix in item.ipv6_ula %}
|
{% for prefix in item.ipv6_ula %}
|
||||||
{{ prefix | ipaddr('net') | ipaddr('network/prefix') }};
|
{{ prefix | ipaddr('net') | ipaddr('network/prefix') }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
|
|
||||||
// DNS forward zones for {{ item.site_code }}
|
{% if item.dns.forward_zones is defined %}
|
||||||
|
// DNS forward zones for {{ item.domain_code }}
|
||||||
{% for zone in item.dns.forward_zones %}
|
{% for zone in item.dns.forward_zones %}
|
||||||
zone "{{ zone.name }}." {
|
zone "{{ zone.name }}." {
|
||||||
type slave;
|
type slave;
|
||||||
|
@ -31,26 +34,27 @@ zone "{{ zone.name }}." {
|
||||||
{% if zone.master is defined %}
|
{% if zone.master is defined %}
|
||||||
masters { ns-master-{{ zone.name }}; };
|
masters { ns-master-{{ zone.name }}; };
|
||||||
{% else %}
|
{% else %}
|
||||||
masters { ns-master-{{ item.site_code }}; };
|
masters { ns-master-{{ item.domain_code }}; };
|
||||||
{% endif %}
|
{% endif %}
|
||||||
};
|
};
|
||||||
{% if not loop.last %}
|
{% if not loop.last %}
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
// DNS reverse zones for {{ item.site_code }}
|
// DNS reverse zones for {{ item.domain_code }}
|
||||||
zone "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}" {
|
zone "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}" {
|
||||||
type slave;
|
type slave;
|
||||||
file "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}";
|
file "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}";
|
||||||
masters { ns-master-{{ item.site_code }}; };
|
masters { ns-master-{{ item.domain_code }}; };
|
||||||
};
|
};
|
||||||
|
|
||||||
{% for prefix in item.ipv6_ula %}
|
{% for prefix in item.ipv6_ula %}
|
||||||
zone "{{ prefix | ipaddr('net') | ipaddr('revdns') }}" {
|
zone "{{ prefix | ipaddr('net') | ipaddr('revdns') }}" {
|
||||||
type slave;
|
type slave;
|
||||||
file "{{ prefix | ipaddr('net') | ipaddr('revdns') }}";
|
file "{{ prefix | ipaddr('net') | ipaddr('revdns') }}";
|
||||||
masters { ns-master-{{ item.site_code }}; };
|
masters { ns-master-{{ item.domain_code }}; };
|
||||||
};
|
};
|
||||||
{% if not loop.last %}
|
{% if not loop.last %}
|
||||||
|
|
||||||
|
|
|
@ -12,15 +12,15 @@ options {
|
||||||
127.0.0.1;
|
127.0.0.1;
|
||||||
::1;
|
::1;
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
intern-{{ mesh.site_code }};
|
intern-{{ mesh.domain_code }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
allow-transfer { any; };
|
allow-transfer { any; };
|
||||||
|
|
||||||
listen-on {
|
listen-on {
|
||||||
127.0.0.1;
|
127.0.0.1;
|
||||||
{{ ffmwu_anycast_ipv4 | ipaddr('address') }};
|
{{ anycast_ipv4 | ipaddr('address') }};
|
||||||
{{ ffmwu_loopback_net_ipv4 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
{{ loopback_net_ipv4 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -29,8 +29,8 @@ options {
|
||||||
|
|
||||||
listen-on-v6 {
|
listen-on-v6 {
|
||||||
::1;
|
::1;
|
||||||
{{ ffmwu_anycast_ipv6 | ipaddr('address') }};
|
{{ anycast_ipv6 | ipaddr('address') }};
|
||||||
{{ ffmwu_loopback_net_ipv6 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
{{ loopback_net_ipv6 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
{% for ip in mesh.ipv6_ula %}
|
{% for ip in mesh.ipv6_ula %}
|
||||||
{{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }};
|
{{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }};
|
||||||
|
|
|
@ -11,9 +11,8 @@ table ffrl;
|
||||||
# Functions
|
# Functions
|
||||||
function is_ffrl_public_nets() {
|
function is_ffrl_public_nets() {
|
||||||
return net ~ [
|
return net ~ [
|
||||||
{% for mesh in meshes %}
|
{% for prefix in public_gw_prefixes %}
|
||||||
{% for prefix in mesh.ipv6_public %}
|
{{ prefix.ipv6 }}{48,56}{{ "," if not loop.last else "" }}
|
||||||
{{ prefix }}{48,56}{{ "," if not loop.last else "" }}{% endfor %}{{ "," if not loop.last else "" }}
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -40,11 +39,11 @@ filter ebgp_ffrl_export_filter {
|
||||||
# Protocols
|
# Protocols
|
||||||
protocol static ffrl_public_routes {
|
protocol static ffrl_public_routes {
|
||||||
table ffrl;
|
table ffrl;
|
||||||
{% for mesh in meshes %}
|
{% for prefix in public_prefixes %}
|
||||||
{% for prefix in mesh.ipv6_public %}
|
route {{ prefix.ipv6 }} reject;
|
||||||
route {{ prefix }} reject;
|
|
||||||
route {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipaddr('network/prefix') }} reject;
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for prefix in public_gw_prefixes %}
|
||||||
|
route {{ prefix.ipv6 }} reject;
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -35,9 +35,9 @@
|
||||||
group: "{{ lg_user }}"
|
group: "{{ lg_user }}"
|
||||||
|
|
||||||
- name: configure lg-proxy
|
- name: configure lg-proxy
|
||||||
when: ffmwu_server_type == "gateway"
|
when: server_type == "gateway"
|
||||||
include_tasks: lg-proxy.yml
|
include_tasks: lg-proxy.yml
|
||||||
|
|
||||||
- name: configure lg-webservice
|
- name: configure lg-webservice
|
||||||
when: ffmwu_server_type == "monitoring"
|
when: server_type == "monitoring"
|
||||||
include_tasks: lg-webservice.yml
|
include_tasks: lg-webservice.yml
|
||||||
|
|
|
@ -22,7 +22,7 @@ ROUTER_IP = {
|
||||||
|
|
||||||
AS_NUMBER = {
|
AS_NUMBER = {
|
||||||
{% for host in groups["ffmwu-gateways"] %}
|
{% for host in groups["ffmwu-gateways"] %}
|
||||||
"{{ host.rsplit('.freifunk-mwu.de')[0] }}" : "{{ as_private_mwu }}",
|
"{{ host.rsplit('.freifunk-mwu.de')[0] }}" : "{{ as_private }}",
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -13,16 +13,16 @@ Im iBGP peeren wir mangels separatem Transfernetz (im Moment) im Mainzer Mesh Ne
|
||||||
## Benötigte Variablen
|
## Benötigte Variablen
|
||||||
|
|
||||||
- Variable `bgp_loopback_net` # IPv4-Range des Mainzer Meshes, hieraus werden die Loopback Adressen gewählt.
|
- Variable `bgp_loopback_net` # IPv4-Range des Mainzer Meshes, hieraus werden die Loopback Adressen gewählt.
|
||||||
- Variable `ffmwu_loopback_net_ipv4` # IPv4-Subnetz für Loopback-Adressen
|
- Variable `loopback_net_ipv4` # IPv4-Subnetz für Loopback-Adressen
|
||||||
- Variable `ffmwu_loopback_net_ipv6` # IPv6-Subnetz für Loopback-Adressen
|
- Variable `loopback_net_ipv6` # IPv6-Subnetz für Loopback-Adressen
|
||||||
- Variable `ffmwu_anycast_ipv4` # Anycast IPv4-Adresse
|
- Variable `anycast_ipv4` # Anycast IPv4-Adresse
|
||||||
- Variable `ffmwu_anycast_ipv6` # Anycast IPv6-Adresse
|
- Variable `anycast_ipv6` # Anycast IPv6-Adresse
|
||||||
- Variable `bgp_ipv4_transfer_net` # IPv4-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird.
|
- Variable `bgp_ipv4_transfer_net` # IPv4-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird.
|
||||||
- Variable `bgp_ipv6_transfer_net` # IPv6-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird.
|
- Variable `bgp_ipv6_transfer_net` # IPv6-Range des Mainzer Meshes, das aktuell als Transfernetz benutzt wird.
|
||||||
- Variable `bgp_as_private_mwu` # Private ASN von Freifunk MWU
|
- Variable `bgp_as_private` # Private ASN von Freifunk MWU
|
||||||
- Liste `bgp_groups` # List von Hostgruppen zu denen eine Verbindung aufgebaut werden soll
|
- Liste `bgp_groups` # List von Hostgruppen zu denen eine Verbindung aufgebaut werden soll
|
||||||
- Liste `ffmwu_internal_prefixes`
|
- Liste `internal_prefixes`
|
||||||
- Dictionary `bgp_mwu_servers`
|
- Dictionary `bgp_legacy_servers`
|
||||||
|
|
||||||
```
|
```
|
||||||
spinat: # kurzer Hostname des Peers
|
spinat: # kurzer Hostname des Peers
|
||||||
|
|
|
@ -52,7 +52,7 @@
|
||||||
notify: reload systemd unit bird6
|
notify: reload systemd unit bird6
|
||||||
|
|
||||||
- name: write radv.conf
|
- name: write radv.conf
|
||||||
when: ffmwu_server_type == "gateway"
|
when: server_type == "gateway"
|
||||||
template:
|
template:
|
||||||
src: radv.conf.j2
|
src: radv.conf.j2
|
||||||
dest: /etc/bird/radv.conf
|
dest: /etc/bird/radv.conf
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
# Variables
|
# Variables
|
||||||
define mwu_address = {{ bgp_ipv4_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
define mwu_address = {{ bgp_ipv4_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
||||||
define mwu_as = {{ as_private_mwu }};
|
define mwu_as = {{ as_private }};
|
||||||
define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
||||||
|
|
||||||
# General
|
# General
|
||||||
|
@ -38,7 +38,7 @@ function is_chaosvpn() {
|
||||||
|
|
||||||
function is_mwu_self_nets_loose() {
|
function is_mwu_self_nets_loose() {
|
||||||
return net ~ [
|
return net ~ [
|
||||||
{% for prefix in ffmwu_internal_prefixes %}
|
{% for prefix in internal_prefixes %}
|
||||||
{{ prefix.ipv4 | ipaddr('net') }}+{{ "," if not loop.last else "" }}
|
{{ prefix.ipv4 | ipaddr('net') }}+{{ "," if not loop.last else "" }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
];
|
];
|
||||||
|
@ -46,7 +46,7 @@ function is_mwu_self_nets_loose() {
|
||||||
|
|
||||||
function is_mwu_self_nets_strict() {
|
function is_mwu_self_nets_strict() {
|
||||||
return net ~ [
|
return net ~ [
|
||||||
{% for prefix in ffmwu_internal_prefixes %}
|
{% for prefix in internal_prefixes %}
|
||||||
{{ prefix.ipv4 | ipaddr('net') }}{{ "," if not loop.last else "" }}
|
{{ prefix.ipv4 | ipaddr('net') }}{{ "," if not loop.last else "" }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
];
|
];
|
||||||
|
@ -54,13 +54,13 @@ function is_mwu_self_nets_strict() {
|
||||||
|
|
||||||
function is_mwu_loopback() {
|
function is_mwu_loopback() {
|
||||||
return net ~ [
|
return net ~ [
|
||||||
{{ ffmwu_loopback_net_ipv4 }}+
|
{{ loopback_net_ipv4 }}+
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
function is_mwu_anycast() {
|
function is_mwu_anycast() {
|
||||||
return net ~ [
|
return net ~ [
|
||||||
{{ ffmwu_anycast_ipv4 }}
|
{{ anycast_ipv4 }}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -81,7 +81,7 @@ protocol direct mwu_loopback {
|
||||||
import where is_mwu_loopback();
|
import where is_mwu_loopback();
|
||||||
};
|
};
|
||||||
|
|
||||||
{% if ffmwu_server_type == "gateway" %}
|
{% if server_type == "gateway" %}
|
||||||
protocol direct mwu_anycast {
|
protocol direct mwu_anycast {
|
||||||
interface "anycast";
|
interface "anycast";
|
||||||
import where is_mwu_anycast();
|
import where is_mwu_anycast();
|
||||||
|
@ -89,7 +89,7 @@ protocol direct mwu_anycast {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
protocol static {
|
protocol static {
|
||||||
{% for prefix in ffmwu_internal_prefixes %}
|
{% for prefix in internal_prefixes %}
|
||||||
route {{ prefix.ipv4 }} reject;
|
route {{ prefix.ipv4 }} reject;
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
|
@ -98,7 +98,7 @@ protocol kernel kernel_mwu {
|
||||||
scan time 30;
|
scan time 30;
|
||||||
import none;
|
import none;
|
||||||
export filter {
|
export filter {
|
||||||
{% if ffmwu_server_type == "gateway" %}
|
{% if server_type == "gateway" %}
|
||||||
if is_mwu_anycast() then reject;
|
if is_mwu_anycast() then reject;
|
||||||
{% else %}
|
{% else %}
|
||||||
if is_mwu_anycast() then accept;
|
if is_mwu_anycast() then accept;
|
||||||
|
@ -114,7 +114,7 @@ template bgp ibgp_mwu {
|
||||||
local mwu_address as mwu_as;
|
local mwu_address as mwu_as;
|
||||||
import keep filtered on;
|
import keep filtered on;
|
||||||
import filter {
|
import filter {
|
||||||
{% if ffmwu_server_type == "gateway" %}
|
{% if server_type == "gateway" %}
|
||||||
if is_mwu_anycast() then reject;
|
if is_mwu_anycast() then reject;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
if is_mwu_self_nets_loose() then accept;
|
if is_mwu_self_nets_loose() then accept;
|
||||||
|
@ -134,7 +134,7 @@ template bgp ibgp_mwu {
|
||||||
|
|
||||||
# Include IPv4 MWU peers
|
# Include IPv4 MWU peers
|
||||||
include "mwu_ipv4_peers.con?";
|
include "mwu_ipv4_peers.con?";
|
||||||
{% if ffmwu_server_type == "gateway" %}
|
{% if server_type == "gateway" %}
|
||||||
|
|
||||||
# Include IPv4 ICVPN configuration
|
# Include IPv4 ICVPN configuration
|
||||||
include "icvpn_ipv4.con?";
|
include "icvpn_ipv4.con?";
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# Variables
|
# Variables
|
||||||
define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
define router_id = {{ bgp_loopback_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
||||||
define mwu_address = {{ bgp_ipv6_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
define mwu_address = {{ bgp_ipv6_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
|
||||||
define mwu_as = {{ as_private_mwu }};
|
define mwu_as = {{ as_private }};
|
||||||
|
|
||||||
# General
|
# General
|
||||||
timeformat protocol iso long;
|
timeformat protocol iso long;
|
||||||
|
@ -26,7 +26,7 @@ function is_ula() {
|
||||||
|
|
||||||
function is_mwu_self_nets_loose() {
|
function is_mwu_self_nets_loose() {
|
||||||
return net ~ [
|
return net ~ [
|
||||||
{% for prefix in ffmwu_internal_prefixes %}
|
{% for prefix in internal_prefixes %}
|
||||||
{{ prefix.ipv6 | ipaddr('net') }}+{{ "," if not loop.last else "" }}
|
{{ prefix.ipv6 | ipaddr('net') }}+{{ "," if not loop.last else "" }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
];
|
];
|
||||||
|
@ -34,7 +34,7 @@ function is_mwu_self_nets_loose() {
|
||||||
|
|
||||||
function is_mwu_self_nets_strict() {
|
function is_mwu_self_nets_strict() {
|
||||||
return net ~ [
|
return net ~ [
|
||||||
{% for prefix in ffmwu_internal_prefixes %}
|
{% for prefix in internal_prefixes %}
|
||||||
{{ prefix.ipv6 | ipaddr('net') }}{{ "," if not loop.last else "" }}
|
{{ prefix.ipv6 | ipaddr('net') }}{{ "," if not loop.last else "" }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
];
|
];
|
||||||
|
@ -42,13 +42,13 @@ function is_mwu_self_nets_strict() {
|
||||||
|
|
||||||
function is_mwu_loopback() {
|
function is_mwu_loopback() {
|
||||||
return net ~ [
|
return net ~ [
|
||||||
{{ ffmwu_loopback_net_ipv6 }}+
|
{{ loopback_net_ipv6 }}+
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
function is_mwu_anycast() {
|
function is_mwu_anycast() {
|
||||||
return net ~ [
|
return net ~ [
|
||||||
{{ ffmwu_anycast_ipv6 }}+
|
{{ anycast_ipv6 }}+
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -69,7 +69,7 @@ protocol direct mwu_loopback {
|
||||||
import where is_mwu_loopback();
|
import where is_mwu_loopback();
|
||||||
};
|
};
|
||||||
|
|
||||||
{% if ffmwu_server_type == "gateway" %}
|
{% if server_type == "gateway" %}
|
||||||
protocol direct mwu_anycast {
|
protocol direct mwu_anycast {
|
||||||
interface "anycast";
|
interface "anycast";
|
||||||
import where is_mwu_anycast();
|
import where is_mwu_anycast();
|
||||||
|
@ -77,7 +77,7 @@ protocol direct mwu_anycast {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
protocol static {
|
protocol static {
|
||||||
{% for prefix in ffmwu_internal_prefixes %}
|
{% for prefix in internal_prefixes %}
|
||||||
route {{ prefix.ipv6 }} reject;
|
route {{ prefix.ipv6 }} reject;
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
|
@ -86,7 +86,7 @@ protocol kernel kernel_mwu {
|
||||||
scan time 30;
|
scan time 30;
|
||||||
import none;
|
import none;
|
||||||
export filter {
|
export filter {
|
||||||
{% if ffmwu_server_type == "gateway" %}
|
{% if server_type == "gateway" %}
|
||||||
if is_mwu_anycast() then reject;
|
if is_mwu_anycast() then reject;
|
||||||
{% else %}
|
{% else %}
|
||||||
if is_mwu_anycast() then accept;
|
if is_mwu_anycast() then accept;
|
||||||
|
@ -102,7 +102,7 @@ template bgp ibgp_mwu {
|
||||||
local mwu_address as mwu_as;
|
local mwu_address as mwu_as;
|
||||||
import keep filtered on;
|
import keep filtered on;
|
||||||
import filter {
|
import filter {
|
||||||
{% if ffmwu_server_type == "gateway" %}
|
{% if server_type == "gateway" %}
|
||||||
if is_mwu_anycast() then reject;
|
if is_mwu_anycast() then reject;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
if is_mwu_self_nets_loose() then accept;
|
if is_mwu_self_nets_loose() then accept;
|
||||||
|
@ -120,7 +120,7 @@ template bgp ibgp_mwu {
|
||||||
|
|
||||||
# Include IPv6 MWU peers
|
# Include IPv6 MWU peers
|
||||||
include "mwu_ipv6_peers.con?";
|
include "mwu_ipv6_peers.con?";
|
||||||
{% if ffmwu_server_type == "gateway" %}
|
{% if server_type == "gateway" %}
|
||||||
|
|
||||||
# Include IPv6 ICVPN configuration
|
# Include IPv6 ICVPN configuration
|
||||||
include "icvpn_ipv6.con?";
|
include "icvpn_ipv6.con?";
|
||||||
|
|
|
@ -12,7 +12,7 @@ protocol bgp mwu_{{ host.rsplit('.freifunk-mwu.de')[0] }} from ibgp_mwu {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for item, value in bgp_mwu_servers.items() %}
|
{% for item, value in bgp_legacy_servers.items() %}
|
||||||
{% if item != inventory_hostname_short %}
|
{% if item != inventory_hostname_short %}
|
||||||
protocol bgp mwu_{{ item }} from ibgp_mwu {
|
protocol bgp mwu_{{ item }} from ibgp_mwu {
|
||||||
neighbor {{ value.ipv4 }} as mwu_as;
|
neighbor {{ value.ipv4 }} as mwu_as;
|
||||||
|
|
|
@ -12,7 +12,7 @@ protocol bgp mwu_{{ host.rsplit('.freifunk-mwu.de')[0] }} from ibgp_mwu {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for item, value in bgp_mwu_servers.items() %}
|
{% for item, value in bgp_legacy_servers.items() %}
|
||||||
{% if item != inventory_hostname_short %}
|
{% if item != inventory_hostname_short %}
|
||||||
protocol bgp mwu_{{ item }} from ibgp_mwu {
|
protocol bgp mwu_{{ item }} from ibgp_mwu {
|
||||||
neighbor {{ value.ipv6 }} as mwu_as;
|
neighbor {{ value.ipv6 }} as mwu_as;
|
||||||
|
|
|
@ -11,27 +11,31 @@ protocol radv radv_{{ mesh.id }} {
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
{% for prefix in mesh.ipv6_public %}
|
{% for prefix in mesh.ipv6_public %}
|
||||||
prefix {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} {
|
|
||||||
valid lifetime {{ mesh.radvd.advvalidlifetime }};
|
|
||||||
preferred lifetime {{ mesh.radvd.advpreferredlifetime }};
|
|
||||||
};
|
|
||||||
|
|
||||||
prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} {
|
prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} {
|
||||||
skip yes;
|
skip yes;
|
||||||
};
|
};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
|
{% for prefix in mesh_gw_prefixes[mesh.id].ipv6_public %}
|
||||||
|
prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} {
|
||||||
|
valid lifetime {{ mesh.radvd.advvalidlifetime }};
|
||||||
|
preferred lifetime {{ mesh.radvd.advpreferredlifetime }};
|
||||||
|
};
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
rdnss {
|
rdnss {
|
||||||
{% for prefix in mesh.ipv6_ula %}
|
{% for prefix in mesh.ipv6_ula %}
|
||||||
ns {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }};
|
ns {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
{% if mesh.dnssl is defined %}
|
||||||
dnssl {
|
dnssl {
|
||||||
{% for dnssl in mesh.dnssl %}
|
{% for dnssl in mesh.dnssl %}
|
||||||
domain "{{ dnssl }}";
|
domain "{{ dnssl }}";
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
link mtu {{ mesh.iface_mtu }};
|
link mtu {{ mesh.iface_mtu }};
|
||||||
};
|
};
|
||||||
|
|
|
@ -24,8 +24,8 @@ meshes:
|
||||||
```
|
```
|
||||||
|
|
||||||
- Host Variable `magic`
|
- Host Variable `magic`
|
||||||
- Host Variable `ipv4_dhcp_range`
|
- Host Variable `ipv4_dhcp`
|
||||||
|
|
||||||
## DHCP Range
|
## DHCP Range
|
||||||
|
|
||||||
In der Host-Variable `ipv4_dhcp_range` wird als Integer die Nummer des /22 Blocks aus `ipv4_network` definiert, welcher als DHCP Range verwendet werden soll. Dem Gateway Lotuswurzel ist die DHCP-Range 10.X.16.0-10.X.19.255 zugewiesen. Diese ist der 4. /22er Block, also wird in der Host-Variable für die Lotuswurzel `4` geschrieben.
|
In der Host-Variable `ipv4_dhcp` wird als Integer die Nummer des /22 Blocks aus `ipv4_network` definiert, welcher als DHCP Range verwendet werden soll. Dem Gateway Lotuswurzel ist die DHCP-Range 10.X.16.0-10.X.19.255 zugewiesen. Diese ist der 4. /22er Block, also wird in der Host-Variable für die Lotuswurzel `4` geschrieben.
|
||||||
|
|
|
@ -38,7 +38,7 @@
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
{
|
{
|
||||||
"subnet": "{{ mesh.ipv4_network | ipaddr('network/prefix') }}",
|
"subnet": "{{ mesh.ipv4_network | ipaddr('network/prefix') }}",
|
||||||
"pools": [ { "pool": "{{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('range_usable') }}" } ],
|
"pools": [ { "pool": "{{ mesh_gw_prefixes[mesh.id].ipv4_dhcp | ipaddr('net') | ipaddr('range_usable') }}" } ],
|
||||||
"option-data": [
|
"option-data": [
|
||||||
{
|
{
|
||||||
"name": "routers",
|
"name": "routers",
|
||||||
|
@ -51,11 +51,12 @@
|
||||||
{
|
{
|
||||||
"name": "domain-name-servers",
|
"name": "domain-name-servers",
|
||||||
"data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
|
"data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
|
||||||
},
|
}{% if mesh.dnssl is defined %},
|
||||||
{
|
{
|
||||||
"name": "domain-search",
|
"name": "domain-search",
|
||||||
"data": "{% for dnssl in mesh.dnssl %}{{ dnssl }}{% if not loop.last %}, {% endif %}{% endfor %}"
|
"data": "{% for dnssl in mesh.dnssl %}{{ dnssl }}{% if not loop.last %}, {% endif %}{% endfor %}"
|
||||||
}
|
}
|
||||||
|
{% endif %}
|
||||||
]
|
]
|
||||||
{% if not loop.last %}
|
{% if not loop.last %}
|
||||||
},
|
},
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
mode: 0755
|
mode: 0755
|
||||||
owner: admin
|
owner: admin
|
||||||
group: admin
|
group: admin
|
||||||
loop: "{{ meshes | subelements('fastd.backbone.instances') }}"
|
loop: "{{ meshes | selectattr('legacy', 'defined') | list | subelements('fastd.backbone.instances') }}"
|
||||||
|
|
||||||
- name: clone fastd peer backbone repos
|
- name: clone fastd peer backbone repos
|
||||||
git:
|
git:
|
||||||
|
@ -23,7 +23,7 @@
|
||||||
update: yes
|
update: yes
|
||||||
tags: sync-peers
|
tags: sync-peers
|
||||||
notify: reload fastd backbone instances
|
notify: reload fastd backbone instances
|
||||||
loop: "{{ meshes | subelements('fastd.backbone.instances') }}"
|
loop: "{{ meshes | selectattr('legacy', 'defined') | list | subelements('fastd.backbone.instances') }}"
|
||||||
become: false
|
become: false
|
||||||
|
|
||||||
- name: template fastd backbone config
|
- name: template fastd backbone config
|
||||||
|
|
|
@ -13,15 +13,29 @@ method "aes128-ctr+umac";
|
||||||
|
|
||||||
interface "{{ item.0.id }}igvpn-{{ item.1.mtu }}";
|
interface "{{ item.0.id }}igvpn-{{ item.1.mtu }}";
|
||||||
|
|
||||||
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ item.0.site_number }};
|
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
|
||||||
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ item.0.site_number }};
|
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
|
||||||
|
|
||||||
include "secret.conf";
|
include "secret.conf";
|
||||||
mtu {{ item.1.mtu }};
|
mtu {{ item.1.mtu }};
|
||||||
|
|
||||||
peer group "servers" {
|
peer group "servers" {
|
||||||
|
{% if item.0.legacy is defined %}
|
||||||
include peers from "peers/gates";
|
include peers from "peers/gates";
|
||||||
include peers from "peers/services";
|
include peers from "peers/services";
|
||||||
|
{% else %}
|
||||||
|
{% for group in fastd_groups %}
|
||||||
|
{% for host in groups[group] %}
|
||||||
|
{% set peer = host.rsplit('.')[0] %}
|
||||||
|
{% if host != inventory_hostname %}
|
||||||
|
peer "{{ peer }}" {
|
||||||
|
key "{{ lookup('passwordstore', item.1.pass + '/' + peer + ' subkey=public') }}";
|
||||||
|
remote ipv6 "{{ host }}" port 11{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
}
|
}
|
||||||
|
|
||||||
on up "/bin/systemctl reload networking";
|
on up "/bin/systemctl reload networking";
|
||||||
|
|
|
@ -13,8 +13,8 @@ method "salsa2012+umac";
|
||||||
|
|
||||||
interface "{{ item.0.id }}vpn-{{ item.1.mtu }}";
|
interface "{{ item.0.id }}vpn-{{ item.1.mtu }}";
|
||||||
|
|
||||||
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ item.0.site_number }};
|
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
|
||||||
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ item.0.site_number }};
|
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
|
||||||
|
|
||||||
include "secret.conf";
|
include "secret.conf";
|
||||||
mtu {{ item.1.mtu }};
|
mtu {{ item.1.mtu }};
|
||||||
|
|
|
@ -38,6 +38,7 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
|
{% if mesh.legacy is defined %}
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
@ -52,7 +53,7 @@ server {
|
||||||
|
|
||||||
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
||||||
|
|
||||||
root /var/www/html/firmware/{{ mesh.site_name.lower() }};
|
root /var/www/html/firmware/{{ mesh.domain_name.lower() }};
|
||||||
location / {
|
location / {
|
||||||
autoindex on;
|
autoindex on;
|
||||||
autoindex_exact_size off;
|
autoindex_exact_size off;
|
||||||
|
@ -78,7 +79,7 @@ server {
|
||||||
|
|
||||||
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
||||||
|
|
||||||
root /var/www/html/firmware/{{ mesh.site_name.lower() }};
|
root /var/www/html/firmware/{{ mesh.domain_name.lower() }};
|
||||||
location / {
|
location / {
|
||||||
autoindex on;
|
autoindex on;
|
||||||
autoindex_exact_size off;
|
autoindex_exact_size off;
|
||||||
|
@ -86,5 +87,6 @@ server {
|
||||||
}
|
}
|
||||||
{% if not loop.last %}
|
{% if not loop.last %}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
|
@ -88,13 +88,13 @@ module.exports = function () {
|
||||||
'domainNames': [
|
'domainNames': [
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
{
|
{
|
||||||
'domain': '{{ mesh.site_code }}',
|
'domain': '{{ mesh.domain_code }}',
|
||||||
'name': '{{ mesh.site_name }}'
|
'name': '{{ mesh.domain_name }}'
|
||||||
},
|
},
|
||||||
{% if mesh.sites_virtual is defined %}
|
{% if mesh.aliases is defined %}
|
||||||
{% for site, name in mesh.sites_virtual.items() %}
|
{% for domain, name in mesh.aliases.items() %}
|
||||||
{
|
{
|
||||||
'domain': '{{ site }}',
|
'domain': '{{ domain }}',
|
||||||
'name': '{{ name }}'
|
'name': '{{ name }}'
|
||||||
},
|
},
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
|
@ -55,6 +55,7 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
|
{% if mesh.http_domain_internal is defined %}
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
@ -82,5 +83,6 @@ server {
|
||||||
}
|
}
|
||||||
{% if not loop.last %}
|
{% if not loop.last %}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
|
@ -11,5 +11,5 @@ Diese Ansible role installiert und konfiguriert den Web Server nginx.
|
||||||
## Benötigte Variablen
|
## Benötigte Variablen
|
||||||
|
|
||||||
- Variable `acme_server`
|
- Variable `acme_server`
|
||||||
- Variable `ffmwu_server_type`
|
- Variable `server_type`
|
||||||
- Variable `inventory_hostname_short`
|
- Variable `inventory_hostname_short`
|
||||||
|
|
|
@ -19,10 +19,10 @@
|
||||||
<header>
|
<header>
|
||||||
<h1>Freifunk MWU Server <a href="./index.html">{{ inventory_hostname_short }}</a></h1>
|
<h1>Freifunk MWU Server <a href="./index.html">{{ inventory_hostname_short }}</a></h1>
|
||||||
</header>
|
</header>
|
||||||
{% if ffmwu_server_type == "firmware-build" or ffmwu_server_type == "gateway" %}
|
{% if server_type == "firmware-build" or server_type == "gateway" %}
|
||||||
<div class="block"><a href="firmware">Firmware</a></div>
|
<div class="block"><a href="firmware">Firmware</a></div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if ffmwu_server_type == "firmware-build" %}
|
{% if server_type == "firmware-build" %}
|
||||||
<div class="block"><a href="_archive">Firmware Archiv</a></div>
|
<div class="block"><a href="_archive">Firmware Archiv</a></div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</body>
|
</body>
|
||||||
|
|
|
@ -71,7 +71,7 @@ scrape_configs:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for host, _ in bgp_mwu_servers.items() %}
|
{% for host, _ in bgp_legacy_servers.items() %}
|
||||||
{% if host not in ['extrasahne'] %}
|
{% if host not in ['extrasahne'] %}
|
||||||
- "{{ host }}.ffwi.org"
|
- "{{ host }}.ffwi.org"
|
||||||
- "{{ host }}.ffmz.org"
|
- "{{ host }}.ffmz.org"
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
become: false
|
become: false
|
||||||
|
|
||||||
- name: set respondd vpn flag to false
|
- name: set respondd vpn flag to false
|
||||||
when: ffmwu_server_type != "gateway"
|
when: server_type != "gateway"
|
||||||
copy:
|
copy:
|
||||||
content: "False"
|
content: "False"
|
||||||
dest: /home/admin/clones/mesh-announce/nodeinfo.d/vpn
|
dest: /home/admin/clones/mesh-announce/nodeinfo.d/vpn
|
||||||
|
|
|
@ -4,7 +4,7 @@ After={% for interface in item.fastd.nodes.instances %}fastd@{{ item.id }}vpn-{{
|
||||||
|
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/home/admin/clones/mesh-announce/respondd.py -i {{ item.id }}br {% for interface in item.fastd.nodes.instances %}-i {{ item.id }}vpn-{{ interface.mtu }}{% if not loop.last %} {% endif %}{% endfor %} -b {{ item.id }}bat -s {{ item.site_code }} -d {{ item.site_code }} --data-provider-directory /home/admin/clones/mesh-announce/
|
ExecStart=/home/admin/clones/mesh-announce/respondd.py -i {{ item.id }}br {% for interface in item.fastd.nodes.instances %}-i {{ item.id }}vpn-{{ interface.mtu }}{% if not loop.last %} {% endif %}{% endfor %} -b {{ item.id }}bat -s {{ site_code }} -d {{ item.domain_code }} --data-provider-directory /home/admin/clones/mesh-announce/
|
||||||
Restart=always
|
Restart=always
|
||||||
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
|
||||||
|
|
|
@ -7,12 +7,20 @@ enable = true
|
||||||
synchronize = "1m"
|
synchronize = "1m"
|
||||||
collect_interval = "1m"
|
collect_interval = "1m"
|
||||||
|
|
||||||
|
[respondd.sites.{{ site_code }}]
|
||||||
|
domains = [
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
[respondd.sites.{{ mesh.site_code }}]
|
{% if mesh.aliases is defined %}
|
||||||
{% if mesh.sites_virtual is defined %}
|
{% for domain, name in mesh.aliases.items() %}
|
||||||
domains = ["{{ mesh.site_code }}",{% for domain, name in mesh.sites_virtual.items() %}"{{ domain }}"{% if not loop.last %},{% endif %}{% endfor %}]
|
"{{ domain }}",
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
"{{ mesh.domain_code }}"{% if not loop.last %},
|
||||||
|
{% else %}
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
]
|
||||||
|
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
[[respondd.interfaces]]
|
[[respondd.interfaces]]
|
||||||
|
|
Loading…
Reference in a new issue