diff --git a/roles/service-fastd-mesh/tasks/main.yml b/roles/service-fastd-mesh/tasks/main.yml index 0dcc07b..f8dd813 100644 --- a/roles/service-fastd-mesh/tasks/main.yml +++ b/roles/service-fastd-mesh/tasks/main.yml @@ -6,59 +6,15 @@ mode: 0755 loop: "{{ meshes | subelements('fastd.nodes.instances') }}" -- name: create fastd peer mesh directories - file: - path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers" - state: directory - mode: 0755 - owner: admin - group: admin - loop: "{{ meshes | subelements('fastd.nodes.instances') }}" - -- name: clone fastd peer mesh repos - git: - repo: "{{ item.1.peers.repo }}" - dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers" - version: "{{ item.1.peers.version }}" - update: no - loop: "{{ meshes | subelements('fastd.nodes.instances') }}" - become: false - - name: template fastd mesh config template: src: fastd-mesh.conf.j2 dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/fastd.conf" + mode: 0640 notify: restart fastd mesh instances loop: "{{ meshes | subelements('fastd.nodes.instances') }}" tags: debug -- name: write fastd mesh secret - template: - src: fastd-secret.conf.j2 - dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/secret.conf" - notify: restart fastd mesh instances - loop: "{{ meshes | subelements('fastd.nodes.instances') }}" - -- name: copy peer_limit.conf if not exist - copy: - src: peer_limit.conf - dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf" - owner: admin - group: admin - mode: 0640 - force: no - notify: restart fastd mesh instances - loop: "{{ meshes | subelements('fastd.nodes.instances') }}" - -- name: set file attributes for peer_limit.conf - file: - path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf" - mode: 0640 - owner: admin - group: admin - notify: restart fastd mesh instances - loop: "{{ meshes | subelements('fastd.nodes.instances') }}" - - name: install redis-server apt: name: redis-server @@ -125,40 +81,6 @@ mode: 0644 notify: reload systemd -- name: create fastd_status.json file - file: - path: /var/www/html/fastd_status.json - state: touch - owner: admin - group: admin - mode: 0644 - -- name: write configuration for fastd-peer-limit-update script - template: - src: fastd_peer_limit_config.yaml.j2 - dest: /home/admin/.ffmwu-config/fastd_peer_limit_config.yaml - owner: admin - group: admin - mode: 0644 - -- name: write systemd unit fastd-peer-limit-update.service - template: - src: fastd-peer-limit-update.service.j2 - dest: /etc/systemd/system/fastd-peer-limit-update.service - owner: root - group: root - mode: 0644 - notify: reload systemd - -- name: write systemd timer fastd-peer-limit-update.timer - template: - src: fastd-peer-limit-update.timer.j2 - dest: /etc/systemd/system/fastd-peer-limit-update.timer - owner: root - group: root - mode: 0644 - notify: reload systemd - - name: configure systemd timers for fastd-mesh instance systemd: name: "{{ item }}.timer" diff --git a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 index 48c8939..df3e79b 100644 --- a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 +++ b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 @@ -16,14 +16,12 @@ interface "{{ item.0.id }}vpn-{{ item.1.mtu }}"; bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ '%02d' % item.0.domain_number }}; bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ '%02d' % item.0.domain_number }}; -include "secret.conf"; -mtu {{ item.1.mtu }}; +secret "{{ lookup('passwordstore', item.1.pass + '/' + inventory_hostname_short + ' subkey=secret') }}"; -peer group "vpn_nodes" { - include "peer_limit.conf"; - include peers from "peers"; -} +mtu {{ item.1.mtu }}; on up "/bin/systemctl reload networking"; +on verify "{{ gopath }}/bin/fastd-limiter verify $PEER_KEY"; + status socket "/var/run/fastd-{{ item.0.id }}vpn-{{ item.1.mtu }}.status"; diff --git a/roles/service-fastd-mesh/templates/fastd-peer-limit-update.service.j2 b/roles/service-fastd-mesh/templates/fastd-peer-limit-update.service.j2 deleted file mode 100644 index 963809e..0000000 --- a/roles/service-fastd-mesh/templates/fastd-peer-limit-update.service.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# -# {{ ansible_managed }} -# -[Unit] -Description=Update fastd peer limits - -[Service] -ExecStart=/home/admin/clones/backend-scripts/limit_fastd_peers_gw.py -User=admin -Group=admin diff --git a/roles/service-fastd-mesh/templates/fastd-peer-limit-update.timer.j2 b/roles/service-fastd-mesh/templates/fastd-peer-limit-update.timer.j2 deleted file mode 100644 index 880c912..0000000 --- a/roles/service-fastd-mesh/templates/fastd-peer-limit-update.timer.j2 +++ /dev/null @@ -1,12 +0,0 @@ -# -# {{ ansible_managed }} -# -[Unit] -Description=Timer which schedules fastd-peer-limit-update.service - -[Timer] -OnBootSec=5min -OnUnitActiveSec=5min - -[Install] -WantedBy=timers.target diff --git a/roles/service-fastd-mesh/templates/fastd-secret.conf.j2 b/roles/service-fastd-mesh/templates/fastd-secret.conf.j2 deleted file mode 100644 index c8d0e15..0000000 --- a/roles/service-fastd-mesh/templates/fastd-secret.conf.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# -# {{ ansible_managed }} -# -secret "{{ lookup('passwordstore', item.1.pass + '/' + inventory_hostname_short + ' subkey=secret') }}"; diff --git a/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2 b/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2 deleted file mode 100644 index 20ce1bc..0000000 --- a/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2 +++ /dev/null @@ -1,24 +0,0 @@ -# -# {{ ansible_managed }} -# -ansible_gate: True -additional: 8 -fastd_instances: -{% for mesh in meshes %} -{% for instance in mesh.fastd.nodes.instances %} - - {{ mesh.id }}vpn-{{ instance.mtu }} -{% endfor %} -{% endfor %} -cronlog: '/home/admin/.cronlog/limit.%s.log' -fastd_config: '/etc/fastd/%s/peer_limit.conf' -fastd_status: '/usr/local/bin/fastd-status' -gateways: -{% for gateway in groups['ffmwu-gateways'] %} - - {{ gateway.rsplit('.freifunk-mwu.de')[0] }} -{% endfor %} -restart_max: 43200 -stat: 'fastd_status.json' -stat_ext: 'http://%s.freifunk-mwu.de/%s' -stat_local: '/var/www/html/%s' -remote_fetch_timeout: 10 -remote_data_timeout: 900