From a2fa5ff22321a5e0eb0e4c14aba6aca15056f030 Mon Sep 17 00:00:00 2001
From: Tobias Hachmer <tobias@hachmer.de>
Date: Fri, 6 Oct 2017 10:33:38 +0200
Subject: [PATCH] Role service-fastd-mesh: move peer limit to a separate file
 which isn't managed by ansible

---
 .../service-fastd-mesh/files/peer_limit.conf  |  1 +
 roles/service-fastd-mesh/tasks/main.yml       | 20 +++++++++++++++++++
 .../templates/fastd-mesh.conf.j2              |  2 +-
 3 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 roles/service-fastd-mesh/files/peer_limit.conf

diff --git a/roles/service-fastd-mesh/files/peer_limit.conf b/roles/service-fastd-mesh/files/peer_limit.conf
new file mode 100644
index 0000000..f294c83
--- /dev/null
+++ b/roles/service-fastd-mesh/files/peer_limit.conf
@@ -0,0 +1 @@
+peer limit 200;
diff --git a/roles/service-fastd-mesh/tasks/main.yml b/roles/service-fastd-mesh/tasks/main.yml
index 41a4f18..c45e907 100644
--- a/roles/service-fastd-mesh/tasks/main.yml
+++ b/roles/service-fastd-mesh/tasks/main.yml
@@ -60,6 +60,26 @@
   notify: restart fastd mesh instances
   with_dict: "{{ meshes }}"
 
+- name: copy peer_limit.conf if not exist
+  copy:
+    src: peer_limit.conf
+    dest: "/etc/fastd/{{ item.key }}VPN/peer_limit.conf"
+    owner: admin
+    group: admin
+    mode: 0640
+    force: no
+  notify: restart fastd mesh instances
+  with_dict: "{{ meshes }}"
+
+- name: set file attributes for peer_limit.conf
+  file:
+    path: "/etc/fastd/{{ item.key }}VPN/peer_limit.conf"
+    mode: 0640
+    owner: admin
+    group: admin
+  notify: restart fastd mesh instances
+  with_dict: "{{ meshes }}"
+
 - name: write systemd unit fastd-sync-meshkeys.service
   template:
     src: fastd-sync-meshkeys.service.j2
diff --git a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
index 8c7b2ec..f63b0a6 100644
--- a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
+++ b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
@@ -18,7 +18,7 @@ include "secret.conf";
 mtu 1406;
 
 peer group "vpn_nodes" {
-    peer limit 150;
+    include "peer_limit.conf";
     include peers from "peers";
 {% if item.key == "mz" %}
     include peers from "peers_bingen";