diff --git a/Readme.md b/Readme.md index e53c30e..a23e4f9 100644 --- a/Readme.md +++ b/Readme.md @@ -30,7 +30,7 @@ Diese Liste ist quasi das Herzstück zur Konfiguration der Mesh-spezifischen Par |Name|Type|Value|Format|Comment| |----|----|-----|------|-------| -|id |Variable|mz|string|Zum Teil werden Interface-Namen davon abgeleitet, z.B. `mzBR` oder `mzBAT`| +|id |Variable|mz|string|Zum Teil werden Interface-Namen davon abgeleitet, z.B. `mzbr` oder `mzbat`| |site_number|Variable|37|integer|Fließt in IP-Adress-Berechnung ein| |site_code|Variable|ffmz|string|| |site_name|Variable|Mainz|string|| @@ -93,7 +93,7 @@ Weitere Gruppen-Variablen: |http_domain_external|Variable|freifunk-mwu.de|string|Haupt-Domain für HTTP-Server(extern)| |icvpn|Dictionary|||ICVPN Informationen| |icvpn.prefix|Key|mwu|string|Prefix für MWU Gateways, z.B. `mwu7` für Spinat| -|icvpn.interface|Key|icVPN|string|Name für ICVPN Interface + tinc Instanz| +|icvpn.interface|Key|icvpn|string|Name für ICVPN Interface + tinc Instanz| |icvpn.icvpn_repo|Key|https://github.com/freifunk/icvpn|string|URL zum freifunk/icvpn Repository| |bgp_mwu_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net| |bgp_mwu_servers.spinat|Dictionary|||| @@ -135,11 +135,11 @@ Alle Server- bzw. Gateway-spezifischen Parameter werden als Host-Variablen abgeb |ffrl_exit_server.ffrl-b-fra2-fra.tunnel_ipv4_network|Key|100.64.0.188/31|Network/Prefix|Internes IPv4-Tunnel-Subnetz| |ffrl_exit_server.ffrl-b-fra2-fra.tunnel_ipv6_network|Key|2a03:2260:0:64::/64|Network/Prefix|Internes IPv6-Tunnel-Subnetz| |fastd_secrets|Dictionary|||Ein Eintrag pro fastd-Interface mit passwordstore lookup zum pass-Pfad| -|fastd_secrets.mzVPN|Key|"{{ lookup('passwordstore', 'fastd/mzVPN/spinat subkey=secret') }}"||| -|fastd_secrets.wiVPN|Key|"{{ lookup('passwordstore', 'fastd/wiVPN/spinat subkey=secret') }}"||| -|fastd_secrets.mzigVPN|Key|"{{ lookup('passwordstore', 'fastd/mzVPN/spinat subkey=secret') }}"||| -|fastd_secrets.wiigVPN|Key|"{{ lookup('passwordstore', 'fastd/wiVPN/spinat subkey=secret') }}"||| -|tinc_private_key|Variable|"{{ lookup('passwordstore', 'tinc/icVPN/spinat_private returnall=true') }}"||Passwordstore lookup zum pass-Pfad| +|fastd_secrets.mzvpn|Key|"{{ lookup('passwordstore', 'fastd/mzvpn/spinat subkey=secret') }}"||| +|fastd_secrets.wivpn|Key|"{{ lookup('passwordstore', 'fastd/wivpn/spinat subkey=secret') }}"||| +|fastd_secrets.mzigvpn|Key|"{{ lookup('passwordstore', 'fastd/mzvpn/spinat subkey=secret') }}"||| +|fastd_secrets.wiigvpn|Key|"{{ lookup('passwordstore', 'fastd/wivpn/spinat subkey=secret') }}"||| +|tinc_private_key|Variable|"{{ lookup('passwordstore', 'tinc/icvpn/spinat_private returnall=true') }}"||Passwordstore lookup zum pass-Pfad| ## Sensible Informationen @@ -196,13 +196,13 @@ ffrl_exit_server: # Pfade zu den fastd secrets im passwordstore fastd_secrets: - mzVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/$Hostname subkey=secret') }}" - wiVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/$Hostname subkey=secret') }}" - mzigVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/$Hostname subkey=secret') }}" - wiigVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/$Hostname subkey=secret') }}" + mzvpn: "{{ lookup('passwordstore', 'fastd/mzvpn/$Hostname subkey=secret') }}" + wivpn: "{{ lookup('passwordstore', 'fastd/wivpn/$Hostname subkey=secret') }}" + mzigvpn: "{{ lookup('passwordstore', 'fastd/mzvpn/$Hostname subkey=secret') }}" + wiigvpn: "{{ lookup('passwordstore', 'fastd/wivpn/$Hostname subkey=secret') }}" # Pfade zum tinc secret im passwordstore -tinc_private_key: "{{ lookup('passwordstore', 'tinc/icVPN/$hostname_private returnall=true') }}" +tinc_private_key: "{{ lookup('passwordstore', 'tinc/icvpn/$hostname_private returnall=true') }}" ``` - Neues Gateway aufsetzen per `ansible-playbook playbooks/gateways.yml` - Hierbei werden die definierten Rollen auch auf schon aufgesetzte Gateways angewandt, was unkritisch ist, weil wir unsere Rollen idempotent schreiben. diff --git a/inventory/group_vars/all b/inventory/group_vars/all index a1ccb15..a9fd666 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -130,7 +130,7 @@ meshes: icvpn: prefix: mwu - interface: icVPN + interface: icvpn icvpn_repo: https://github.com/freifunk/icvpn bgp_mwu_servers: diff --git a/roles/handlers/handlers/main.yml b/roles/handlers/handlers/main.yml index 5ca2b47..b0dd612 100644 --- a/roles/handlers/handlers/main.yml +++ b/roles/handlers/handlers/main.yml @@ -36,7 +36,7 @@ - name: restart fastd intragate instances systemd: - name: "fastd@{{ item.0.id }}igVPN-{{ item.1.mtu }}" + name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}" state: restarted with_subelements: - "{{ meshes }}" @@ -44,7 +44,7 @@ - name: restart fastd mesh instances systemd: - name: "fastd@{{ item.0.id }}VPN-{{ item.1.mtu }}" + name: "fastd@{{ item.0.id }}vpn-{{ item.1.mtu }}" state: restarted with_subelements: - "{{ meshes }}" diff --git a/roles/network-batman/README.md b/roles/network-batman/README.md index 5b93e05..0e11f2d 100644 --- a/roles/network-batman/README.md +++ b/roles/network-batman/README.md @@ -43,4 +43,4 @@ meshes: Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet. xx0-prefix: `02:00` -xxBAT-prefix: `02:01` +xxbat-prefix: `02:01` diff --git a/roles/network-batman/tasks/main.yml b/roles/network-batman/tasks/main.yml index de4e7e4..99f7477 100644 --- a/roles/network-batman/tasks/main.yml +++ b/roles/network-batman/tasks/main.yml @@ -9,7 +9,7 @@ - name: create batman interfaces template: src: batman.j2 - dest: "/etc/network/interfaces.d/{{ item.id }}BAT" + dest: "/etc/network/interfaces.d/{{ item.id }}bat" notify: reload network interfaces with_items: "{{ meshes }}" diff --git a/roles/network-batman/templates/batman.j2 b/roles/network-batman/templates/batman.j2 index 9c655cb..557af93 100644 --- a/roles/network-batman/templates/batman.j2 +++ b/roles/network-batman/templates/batman.j2 @@ -4,10 +4,10 @@ # # {{ ansible_managed }} # -auto {{ item.id }}BAT -iface {{ item.id }}BAT +auto {{ item.id }}bat +iface {{ item.id }}bat hwaddress {{ mac | hwaddr('linux') }} - batman-ifaces {{ item.id }}0 {% for instance in item.fastd.nodes.instances %}{{ item.id }}VPN-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% for instance in item.fastd.intragate.instances %}{{ item.id }}igVPN-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} + batman-ifaces {{ item.id }}0 {% for instance in item.fastd.nodes.instances %}{{ item.id }}vpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% for instance in item.fastd.intragate.instances %}{{ item.id }}igvpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} batman-hop-penalty {{ item.batman.hop_penalty }} post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }} post-up /usr/sbin/batctl -m $IFACE gw {{ item.batman.gw }} diff --git a/roles/network-fastd/README.md b/roles/network-fastd/README.md index c18c1cd..10202a8 100644 --- a/roles/network-fastd/README.md +++ b/roles/network-fastd/README.md @@ -5,8 +5,8 @@ Diese Ansible role konfiguriert Netzwerk Interfaces für die definierten fastd I Es wird zwischen node- und intragate-Instanzen unterschieden. ## Interface-Benamung -Node-Interfaces: $mesh.id + VPN + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzVPN-1312" -Intragate-Interfaces: $mesh.id + 'ig' + VPN + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigVPN-1312" +Node-Interfaces: $mesh.id + vpn + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzvpn-1312" +Intragate-Interfaces: $mesh.id + 'ig' + vpn + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigvpn-1312" ## Benötigte Variablen @@ -36,5 +36,5 @@ meshes: Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet. -xxVPN-$mtu prefix: `02:2x` # x = ID der fastd-Instanz -xxigVPN-$mtu prefix: `02:3x` # x = ID der fastd-Instanz +xxvpn-$mtu prefix: `02:2x` # x = ID der fastd-Instanz +xxigvpn-$mtu prefix: `02:3x` # x = ID der fastd-Instanz diff --git a/roles/network-fastd/tasks/main.yml b/roles/network-fastd/tasks/main.yml index 320a6c9..d82aede 100644 --- a/roles/network-fastd/tasks/main.yml +++ b/roles/network-fastd/tasks/main.yml @@ -2,7 +2,7 @@ - name: create fastd mesh interfaces template: src: fastd-mesh.j2 - dest: "/etc/network/interfaces.d/{{ item.0.id }}VPN-{{ item.1.mtu }}" + dest: "/etc/network/interfaces.d/{{ item.0.id }}vpn-{{ item.1.mtu }}" notify: reload network interfaces with_subelements: - "{{ meshes }}" @@ -11,7 +11,7 @@ - name: create fastd intragate interfaces template: src: fastd-intragate.j2 - dest: "/etc/network/interfaces.d/{{ item.0.id }}igVPN-{{ item.1.mtu }}" + dest: "/etc/network/interfaces.d/{{ item.0.id }}igvpn-{{ item.1.mtu }}" notify: reload network interfaces with_subelements: - "{{ meshes }}" diff --git a/roles/network-fastd/templates/fastd-intragate.j2 b/roles/network-fastd/templates/fastd-intragate.j2 index 9d049a2..aa5b4c1 100644 --- a/roles/network-fastd/templates/fastd-intragate.j2 +++ b/roles/network-fastd/templates/fastd-intragate.j2 @@ -3,6 +3,6 @@ # # {{ ansible_managed }} # -auto {{ item.0.id }}igVPN-{{ item.1.mtu }} -iface {{ item.0.id }}igVPN-{{ item.1.mtu }} +auto {{ item.0.id }}igvpn-{{ item.1.mtu }} +iface {{ item.0.id }}igvpn-{{ item.1.mtu }} hwaddress {{ mac | hwaddr('linux') }} diff --git a/roles/network-fastd/templates/fastd-mesh.j2 b/roles/network-fastd/templates/fastd-mesh.j2 index 207cd79..0e484fc 100644 --- a/roles/network-fastd/templates/fastd-mesh.j2 +++ b/roles/network-fastd/templates/fastd-mesh.j2 @@ -3,6 +3,6 @@ # # {{ ansible_managed }} # -auto {{ item.0.id }}VPN-{{ item.1.mtu }} -iface {{ item.0.id }}VPN-{{ item.1.mtu }} +auto {{ item.0.id }}vpn-{{ item.1.mtu }} +iface {{ item.0.id }}vpn-{{ item.1.mtu }} hwaddress {{ mac | hwaddr('linux') }} diff --git a/roles/network-iptables-gateway/templates/rules.v4.j2 b/roles/network-iptables-gateway/templates/rules.v4.j2 index 6687696..4359b2b 100644 --- a/roles/network-iptables-gateway/templates/rules.v4.j2 +++ b/roles/network-iptables-gateway/templates/rules.v4.j2 @@ -9,7 +9,7 @@ -A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT {% for mesh in meshes %} --A FORWARD -i {{ mesh.id }}BR -o {{ mesh.id }}BR -j ACCEPT +-A FORWARD -i {{ mesh.id }}br -o {{ mesh.id }}br -j ACCEPT {% endfor %} -A FORWARD -m conntrack --ctstate INVALID -j DROP -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT diff --git a/roles/network-iptables-gateway/templates/rules.v6.j2 b/roles/network-iptables-gateway/templates/rules.v6.j2 index fba66f1..f1644f9 100644 --- a/roles/network-iptables-gateway/templates/rules.v6.j2 +++ b/roles/network-iptables-gateway/templates/rules.v6.j2 @@ -8,7 +8,7 @@ -A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT {% for mesh in meshes %} --A FORWARD -i {{ mesh.id }}BR -o {{ mesh.id }}BR -j ACCEPT +-A FORWARD -i {{ mesh.id }}br -o {{ mesh.id }}br -j ACCEPT {% endfor %} -A FORWARD -m conntrack --ctstate INVALID -j DROP -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT diff --git a/roles/network-meshbridge/README.md b/roles/network-meshbridge/README.md index deb0f30..ada7e95 100644 --- a/roles/network-meshbridge/README.md +++ b/roles/network-meshbridge/README.md @@ -27,4 +27,4 @@ meshes: Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet. -xxBR-prefix: `02:10` +xxbr-prefix: `02:10` diff --git a/roles/network-meshbridge/tasks/main.yml b/roles/network-meshbridge/tasks/main.yml index 0ed113a..c1796d1 100644 --- a/roles/network-meshbridge/tasks/main.yml +++ b/roles/network-meshbridge/tasks/main.yml @@ -2,14 +2,14 @@ - name: create mesh bridges template: src: bridge.j2 - dest: "/etc/network/interfaces.d/{{ item.id }}BR" + dest: "/etc/network/interfaces.d/{{ item.id }}br" notify: reload network interfaces with_items: "{{ meshes }}" - name: set sysfs variables template: src: sysfs.j2 - dest: "/etc/sysfs.d/99-{{ item.id }}BR.conf" + dest: "/etc/sysfs.d/99-{{ item.id }}br.conf" with_items: "{{ meshes }}" notify: activate sysfs variables diff --git a/roles/network-meshbridge/templates/bridge.j2 b/roles/network-meshbridge/templates/bridge.j2 index dd6efae..984d3ac 100644 --- a/roles/network-meshbridge/templates/bridge.j2 +++ b/roles/network-meshbridge/templates/bridge.j2 @@ -3,8 +3,8 @@ # # {{ ansible_managed }} # -auto {{ item.id }}BR -iface {{ item.id }}BR +auto {{ item.id }}br +iface {{ item.id }}br hwaddress {{ mac | hwaddr('linux') }} address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }} {% for prefix in item.ipv6_ula %} @@ -13,4 +13,4 @@ iface {{ item.id }}BR {% for prefix in item.ipv6_public %} address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }} {% endfor %} - bridge-ports {{ item.id }}BAT + bridge-ports {{ item.id }}bat diff --git a/roles/network-meshbridge/templates/sysfs.j2 b/roles/network-meshbridge/templates/sysfs.j2 index b092e3b..45f71ad 100644 --- a/roles/network-meshbridge/templates/sysfs.j2 +++ b/roles/network-meshbridge/templates/sysfs.j2 @@ -1,4 +1,4 @@ # # {{ ansible_managed }} # -class/net/{{ item.id }}BR/bridge/hash_max = 16384 +class/net/{{ item.id }}br/bridge/hash_max = 16384 diff --git a/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2 b/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2 index cd8e6a4..7dcee4f 100644 --- a/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2 +++ b/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2 @@ -7,7 +7,7 @@ {% for mesh in meshes %} ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7 ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7 -ip -4 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7 +ip -4 rule add from all oif {{ mesh.id }}br lookup mwu priority 7 {% for ula in mesh.ipv6_ula %} ip -6 rule add from {{ ula }} lookup mwu priority 7 ip -6 rule add to {{ ula }} lookup mwu priority 7 @@ -16,14 +16,14 @@ ip -6 rule add to {{ ula }} lookup mwu priority 7 ip -6 rule add from {{ public }} lookup mwu priority 7 ip -6 rule add to {{ public }} lookup mwu priority 7 {% endfor %} -ip -6 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7 +ip -6 rule add from all oif {{ mesh.id }}br lookup mwu priority 7 {% endfor %} # Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges {% for mesh in meshes %} ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23 ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23 -ip -4 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23 +ip -4 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23 {% for ula in mesh.ipv6_ula %} ip -6 rule add from {{ ula }} lookup icvpn priority 23 ip -6 rule add to {{ ula }} lookup icvpn priority 23 @@ -32,10 +32,10 @@ ip -6 rule add to {{ ula }} lookup icvpn priority 23 ip -6 rule add from {{ public }} lookup icvpn priority 23 ip -6 rule add to {{ public }} lookup icvpn priority 23 {% endfor %} -ip -6 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23 +ip -6 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23 {% endfor %} -ip -4 rule add from all oif icVPN lookup icvpn priority 23 -ip -6 rule add from all oif icVPN lookup icvpn priority 23 +ip -4 rule add from all oif icvpn lookup icvpn priority 23 +ip -6 rule add from all oif icvpn lookup icvpn priority 23 # Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges {% for mesh in meshes %} @@ -48,23 +48,23 @@ ip -6 rule add to {{ ula }} lookup internet priority 41 ip -6 rule add from {{ public }} lookup internet priority 41 ip -6 rule add to {{ public }} lookup internet priority 41 {% endfor %} -ip -6 rule add from all oif {{ mesh.id }}BR lookup internet priority 41 +ip -6 rule add from all oif {{ mesh.id }}br lookup internet priority 41 {% endfor %} ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 # Priority 61 - at this point this is the end of policy routing for freifunk related routes {% for mesh in meshes %} -ip -4 rule add from all iif {{ mesh.id }}BR type unreachable priority 61 -ip -6 rule add from all iif {{ mesh.id }}BR type unreachable priority 61 +ip -4 rule add from all iif {{ mesh.id }}br type unreachable priority 61 +ip -6 rule add from all iif {{ mesh.id }}br type unreachable priority 61 {% endfor %} -ip -4 rule add from all iif icVPN type unreachable priority 61 +ip -4 rule add from all iif icvpn type unreachable priority 61 ip -4 rule add from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61 {% for server_id, server_value in ffrl_exit_server.iteritems() %} ip -4 rule add from all iif {{ server_id }} type unreachable priority 61 ip -6 rule add from all iif {{ server_id }} type unreachable priority 61 {% endfor %} -ip -6 rule add from all iif icVPN type unreachable priority 61 +ip -6 rule add from all iif icvpn type unreachable priority 61 ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61 {% for mesh in meshes %} {% for public in mesh.ipv6_public %} diff --git a/roles/network-routing/templates/ffmwu-add-static-routes.sh.j2 b/roles/network-routing/templates/ffmwu-add-static-routes.sh.j2 index b5bc7d8..07834e8 100644 --- a/roles/network-routing/templates/ffmwu-add-static-routes.sh.j2 +++ b/roles/network-routing/templates/ffmwu-add-static-routes.sh.j2 @@ -5,13 +5,13 @@ {% for mesh in meshes %} # static {{ mesh.site_name }} routes for rt_table mwu -/sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}BR table mwu +/sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu {% for ula in mesh.ipv6_ula %} -/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu +/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu {% endfor %} {% for public in mesh.ipv6_public %} -/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu -/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu +/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu +/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu {% endfor %} {% if not loop.last %} diff --git a/roles/network-routing/templates/ffmwu-del-ip-rules.sh.j2 b/roles/network-routing/templates/ffmwu-del-ip-rules.sh.j2 index 24a77f3..8fcfd36 100644 --- a/roles/network-routing/templates/ffmwu-del-ip-rules.sh.j2 +++ b/roles/network-routing/templates/ffmwu-del-ip-rules.sh.j2 @@ -7,7 +7,7 @@ {% for mesh in meshes %} ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7 ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7 -ip -4 rule del from all oif {{ mesh.id }}BR lookup mwu priority 7 +ip -4 rule del from all oif {{ mesh.id }}br lookup mwu priority 7 {% for ula in mesh.ipv6_ula %} ip -6 rule del from {{ ula }} lookup mwu priority 7 ip -6 rule del to {{ ula }} lookup mwu priority 7 @@ -16,14 +16,14 @@ ip -6 rule del to {{ ula }} lookup mwu priority 7 ip -6 rule del from {{ public }} lookup mwu priority 7 ip -6 rule del to {{ public }} lookup mwu priority 7 {% endfor %} -ip -6 rule del from all oif {{ mesh.id }}BR lookup mwu priority 7 +ip -6 rule del from all oif {{ mesh.id }}br lookup mwu priority 7 {% endfor %} # Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges {% for mesh in meshes %} ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23 ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23 -ip -4 rule del from all oif {{ mesh.id }}BR lookup icvpn priority 23 +ip -4 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23 {% for ula in mesh.ipv6_ula %} ip -6 rule del from {{ ula }} lookup icvpn priority 23 ip -6 rule del to {{ ula }} lookup icvpn priority 23 @@ -32,10 +32,10 @@ ip -6 rule del to {{ ula }} lookup icvpn priority 23 ip -6 rule del from {{ public }} lookup icvpn priority 23 ip -6 rule del to {{ public }} lookup icvpn priority 23 {% endfor %} -ip -6 rule del from all oif {{ mesh.id }}BR lookup icvpn priority 23 +ip -6 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23 {% endfor %} -ip -4 rule del from all oif icVPN lookup icvpn priority 23 -ip -6 rule del from all oif icVPN lookup icvpn priority 23 +ip -4 rule del from all oif icvpn lookup icvpn priority 23 +ip -6 rule del from all oif icvpn lookup icvpn priority 23 # Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges {% for mesh in meshes %} @@ -48,23 +48,23 @@ ip -6 rule del to {{ ula }} lookup internet priority 41 ip -6 rule del from {{ public }} lookup internet priority 41 ip -6 rule del to {{ public }} lookup internet priority 41 {% endfor %} -ip -6 rule del from all oif {{ mesh.id }}BR lookup internet priority 41 +ip -6 rule del from all oif {{ mesh.id }}br lookup internet priority 41 {% endfor %} ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 # Priority 61 - at this point this is the end of policy routing for freifunk related routes {% for mesh in meshes %} -ip -4 rule del from all iif {{ mesh.id }}BR type unreachable priority 61 -ip -6 rule del from all iif {{ mesh.id }}BR type unreachable priority 61 +ip -4 rule del from all iif {{ mesh.id }}br type unreachable priority 61 +ip -6 rule del from all iif {{ mesh.id }}br type unreachable priority 61 {% endfor %} -ip -4 rule del from all iif icVPN type unreachable priority 61 +ip -4 rule del from all iif icvpn type unreachable priority 61 ip -4 rule del from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61 {% for server_id, server_value in ffrl_exit_server.iteritems() %} ip -4 rule del from all iif {{ server_id }} type unreachable priority 61 ip -6 rule del from all iif {{ server_id }} type unreachable priority 61 {% endfor %} -ip -6 rule del from all iif icVPN type unreachable priority 61 +ip -6 rule del from all iif icvpn type unreachable priority 61 ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61 {% for mesh in meshes %} {% for public in mesh.ipv6_public %} diff --git a/roles/network-routing/templates/ffmwu-del-static-routes.sh.j2 b/roles/network-routing/templates/ffmwu-del-static-routes.sh.j2 index b09e9cc..1a71a32 100644 --- a/roles/network-routing/templates/ffmwu-del-static-routes.sh.j2 +++ b/roles/network-routing/templates/ffmwu-del-static-routes.sh.j2 @@ -5,13 +5,13 @@ {% for mesh in meshes %} # static {{ mesh.site_name }} routes for rt_table mwu -/sbin/ip -4 route del {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}BR table mwu +/sbin/ip -4 route del {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu {% for ula in mesh.ipv6_ula %} -/sbin/ip -6 route del {{ ula | ipaddr('net') | ipsubnet(64, 0) }} proto static dev {{ mesh.id }}BR table mwu +/sbin/ip -6 route del {{ ula | ipaddr('net') | ipsubnet(64, 0) }} proto static dev {{ mesh.id }}br table mwu {% endfor %} {% for public in mesh.ipv6_public %} -/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) }} proto static dev {{ mesh.id }}BR table mwu -/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, magic) }} proto static dev {{ mesh.id }}BR table mwu +/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) }} proto static dev {{ mesh.id }}br table mwu +/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, magic) }} proto static dev {{ mesh.id }}br table mwu {% endfor %} {% if not loop.last %} diff --git a/roles/service-bird/templates/bird.conf.j2 b/roles/service-bird/templates/bird.conf.j2 index 9f1faf6..ee231a1 100644 --- a/roles/service-bird/templates/bird.conf.j2 +++ b/roles/service-bird/templates/bird.conf.j2 @@ -51,7 +51,7 @@ protocol device { protocol direct mwu_subnets { {% for mesh in meshes %} - interface "{{ mesh.id }}BR"; + interface "{{ mesh.id }}br"; {% endfor %} import where is_mwu_self_nets(); }; diff --git a/roles/service-bird/templates/bird6.conf.j2 b/roles/service-bird/templates/bird6.conf.j2 index d5988eb..650c0ce 100644 --- a/roles/service-bird/templates/bird6.conf.j2 +++ b/roles/service-bird/templates/bird6.conf.j2 @@ -40,7 +40,7 @@ protocol device { protocol direct mwu_subnets { {% for mesh in meshes %} - interface "{{ mesh.id }}BR"; + interface "{{ mesh.id }}br"; {% endfor %} import where is_mwu_self_nets(); }; diff --git a/roles/service-dhcpd/tasks/main.yml b/roles/service-dhcpd/tasks/main.yml index 42c5194..f4a82a1 100644 --- a/roles/service-dhcpd/tasks/main.yml +++ b/roles/service-dhcpd/tasks/main.yml @@ -6,7 +6,7 @@ - name: concatenate meshbridge interfaces set_fact: - dhcp_interfaces: "{% for mesh in meshes %}{{ mesh.id }}BR{% if not loop.last %} {% endif %}{% endfor %}" + dhcp_interfaces: "{% for mesh in meshes %}{{ mesh.id }}br{% if not loop.last %} {% endif %}{% endfor %}" - name: set ipv4 interfaces isc dhcp should listen on lineinfile: diff --git a/roles/service-fastd-intragate/README.md b/roles/service-fastd-intragate/README.md index 399b8b1..016bbdb 100644 --- a/roles/service-fastd-intragate/README.md +++ b/roles/service-fastd-intragate/README.md @@ -2,7 +2,7 @@ Diese Ansible role konfiguriert die fastd-Instanz für die Intra-Server Kommunikation. -- konfiguriert xxigVPN-Instanzen +- konfiguriert xxigvpn-Instanzen - stellt sicher, dass die Instanz-Verzeichnisse existieren - schreibt fastd.conf - schreibt secret.conf @@ -31,8 +31,8 @@ meshes: - Dictionary `fastd_secrets` (Host-Variable) ´´´ fastd_secrets: - mzigVPN: "{{ lookup('passwordstore', 'fastd/mzigVPN/sparegate4 subkey=secret') }}" - wiigVPN: "{{ lookup('passwordstore', 'fastd/wiigVPN/sparegate4 subkey=secret') }}" + mzigvpn: "{{ lookup('passwordstore', 'fastd/mzigvpn/sparegate4 subkey=secret') }}" + wiigvpn: "{{ lookup('passwordstore', 'fastd/wiigvpn/sparegate4 subkey=secret') }}" ... ´´´ diff --git a/roles/service-fastd-intragate/tasks/main.yml b/roles/service-fastd-intragate/tasks/main.yml index d36a93e..d7bb227 100644 --- a/roles/service-fastd-intragate/tasks/main.yml +++ b/roles/service-fastd-intragate/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: create fastd intragate directories file: - path: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}" + path: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}" state: directory mode: 0755 with_subelements: @@ -10,7 +10,7 @@ - name: create fastd peer intragate directories file: - path: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/peers" + path: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/peers" state: directory mode: 0755 owner: admin @@ -22,7 +22,7 @@ - name: clone fastd peer intragate repos git: repo: "{{ item.1.peers.repo }}" - dest: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/peers" + dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/peers" version: "{{ item.1.peers.version }}" update: no with_subelements: @@ -33,7 +33,7 @@ - name: template fastd mesh config template: src: fastd-intragate.conf.j2 - dest: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/fastd.conf" + dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/fastd.conf" notify: restart fastd intragate instances with_subelements: - "{{ meshes }}" @@ -42,7 +42,7 @@ - name: write fastd intragate secret template: src: fastd-secret.conf.j2 - dest: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/secret.conf" + dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/secret.conf" notify: restart fastd intragate instances with_subelements: - "{{ meshes }}" @@ -50,7 +50,7 @@ - name: configure systemd unit fastd@ systemd: - name: "fastd@{{ item.0.id }}igVPN-{{ item.1.mtu }}" + name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}" enabled: yes state: started with_subelements: diff --git a/roles/service-fastd-intragate/templates/fastd-intragate.conf.j2 b/roles/service-fastd-intragate/templates/fastd-intragate.conf.j2 index e1019c6..fa068ac 100644 --- a/roles/service-fastd-intragate/templates/fastd-intragate.conf.j2 +++ b/roles/service-fastd-intragate/templates/fastd-intragate.conf.j2 @@ -9,7 +9,7 @@ hide mac addresses yes; method "aes128-ctr+umac"; -interface "{{ item.0.id }}igVPN-{{ item.1.mtu }}"; +interface "{{ item.0.id }}igvpn-{{ item.1.mtu }}"; bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ item.0.site_number }}; bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ item.0.site_number }}; @@ -27,11 +27,11 @@ on up " ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE ip link set $INTERFACE up - batctl -m {{ item.0.id }}BAT if add $INTERFACE + batctl -m {{ item.0.id }}bat if add $INTERFACE "; on down " - batctl -m {{ item.0.id }}BAT if del $INTERFACE + batctl -m {{ item.0.id }}bat if del $INTERFACE "; -status socket "/var/run/fastd-{{ item.0.id }}igVPN-{{ item.1.mtu }}.status"; +status socket "/var/run/fastd-{{ item.0.id }}igvpn-{{ item.1.mtu }}.status"; diff --git a/roles/service-fastd-intragate/templates/fastd-secret.conf.j2 b/roles/service-fastd-intragate/templates/fastd-secret.conf.j2 index b4a8077..a61bca7 100644 --- a/roles/service-fastd-intragate/templates/fastd-secret.conf.j2 +++ b/roles/service-fastd-intragate/templates/fastd-secret.conf.j2 @@ -1,4 +1,4 @@ -{% set local_interface = item.0.id + 'igVPN' -%} +{% set local_interface = item.0.id + 'igvpn' -%} # # {{ ansible_managed }} # diff --git a/roles/service-fastd-mesh/README.md b/roles/service-fastd-mesh/README.md index 84f93e1..78b4ad4 100644 --- a/roles/service-fastd-mesh/README.md +++ b/roles/service-fastd-mesh/README.md @@ -11,8 +11,8 @@ Diese Ansible role konfiguriert die fastd-Instanz für die Knoten Kommunikation. - klont bingener fastd peer repo (im Moment hardcoded) ## Instanz-Benamung -Node-Instanzen: $mesh.id + VPN + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzVPN-1312" -Intragate-Instanzen: $mesh.id + 'ig' + VPN + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigVPN-1312" +Node-Instanzen: $mesh.id + vpn + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzvpn-1312" +Intragate-Instanzen: $mesh.id + 'ig' + vpn + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigvpn-1312" ## Benötigte Variablen @@ -35,8 +35,8 @@ meshes: - Dictionary `fastd_secrets` (Host-Variable) ´´´ fastd_secrets: - mzVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/sparegate4 subkey=secret') }}" - wiVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/sparegate4 subkey=secret') }}" + mzvpn: "{{ lookup('passwordstore', 'fastd/mzvpn/sparegate4 subkey=secret') }}" + wivpn: "{{ lookup('passwordstore', 'fastd/wivpn/sparegate4 subkey=secret') }}" ... ´´´ diff --git a/roles/service-fastd-mesh/tasks/main.yml b/roles/service-fastd-mesh/tasks/main.yml index 2c2376d..c8b9f8e 100644 --- a/roles/service-fastd-mesh/tasks/main.yml +++ b/roles/service-fastd-mesh/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: create fastd directories file: - path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}" + path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}" state: directory mode: 0755 with_subelements: @@ -10,7 +10,7 @@ - name: create fastd peer mesh directories file: - path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peers" + path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers" state: directory mode: 0755 owner: admin @@ -21,7 +21,7 @@ - name: create fastd peer mesh directories for ffbin file: - path: "/etc/fastd/mzVPN-{{ item }}/peers_bingen" + path: "/etc/fastd/mzvpn-{{ item }}/peers_bingen" state: directory mode: 0755 owner: admin @@ -33,7 +33,7 @@ - name: clone fastd peer mesh repos git: repo: "{{ item.1.peers.repo }}" - dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peers" + dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers" version: "{{ item.1.peers.version }}" update: no with_subelements: @@ -44,7 +44,7 @@ - name: clone fastd peer mesh repo for ffbin git: repo: https://github.com/freifunk-bingen/peers-ffbin.git - dest: "/etc/fastd/mzVPN-{{ item }}/peers_bingen" + dest: "/etc/fastd/mzvpn-{{ item }}/peers_bingen" version: master update: no with_items: @@ -55,7 +55,7 @@ - name: template fastd mesh config template: src: fastd-mesh.conf.j2 - dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/fastd.conf" + dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/fastd.conf" notify: restart fastd mesh instances with_subelements: - "{{ meshes }}" @@ -64,7 +64,7 @@ - name: write fastd mesh secret template: src: fastd-secret.conf.j2 - dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/secret.conf" + dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/secret.conf" notify: restart fastd mesh instances with_subelements: - "{{ meshes }}" @@ -73,7 +73,7 @@ - name: copy peer_limit.conf if not exist copy: src: peer_limit.conf - dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peer_limit.conf" + dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf" owner: admin group: admin mode: 0640 @@ -85,7 +85,7 @@ - name: set file attributes for peer_limit.conf file: - path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peer_limit.conf" + path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf" mode: 0640 owner: admin group: admin @@ -149,7 +149,7 @@ - name: configure systemd unit fastd@ systemd: - name: "fastd@{{ item.0.id }}VPN-{{ item.1.mtu }}" + name: "fastd@{{ item.0.id }}vpn-{{ item.1.mtu }}" enabled: yes state: started with_subelements: diff --git a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 index 99fc1f6..a9954bc 100644 --- a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 +++ b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2 @@ -9,7 +9,7 @@ hide mac addresses yes; method "salsa2012+umac"; -interface "{{ item.0.id }}VPN-{{ item.1.mtu }}"; +interface "{{ item.0.id }}vpn-{{ item.1.mtu }}"; bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ item.0.site_number }}; bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ item.0.site_number }}; @@ -34,11 +34,11 @@ on up " ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE ip link set $INTERFACE up - batctl -m {{ item.0.id }}BAT if add $INTERFACE + batctl -m {{ item.0.id }}bat if add $INTERFACE "; on down " - batctl -m {{ item.0.id }}BAT if del $INTERFACE + batctl -m {{ item.0.id }}bat if del $INTERFACE "; -status socket "/var/run/fastd-{{ item.0.id }}VPN-{{ item.1.mtu }}.status"; +status socket "/var/run/fastd-{{ item.0.id }}vpn-{{ item.1.mtu }}.status"; diff --git a/roles/service-fastd-mesh/templates/fastd-secret.conf.j2 b/roles/service-fastd-mesh/templates/fastd-secret.conf.j2 index a30308c..8b85738 100644 --- a/roles/service-fastd-mesh/templates/fastd-secret.conf.j2 +++ b/roles/service-fastd-mesh/templates/fastd-secret.conf.j2 @@ -1,4 +1,4 @@ -{% set local_interface = item.0.id + 'VPN' -%} +{% set local_interface = item.0.id + 'vpn' -%} # # {{ ansible_managed }} # diff --git a/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2 b/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2 index c5a5c17..1139226 100644 --- a/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2 +++ b/roles/service-fastd-mesh/templates/fastd_peer_limit_config.yaml.j2 @@ -6,7 +6,7 @@ additional: 8 fastd_instances: {% for mesh in meshes %} {% for instance in mesh.fastd.nodes.instances %} - - {{ mesh.id }}VPN-{{ instance.mtu }} + - {{ mesh.id }}vpn-{{ instance.mtu }} {% endfor %} {% endfor %} cronlog: '/home/admin/.cronlog/limit.%s.log' diff --git a/roles/service-radvd/templates/radvd.conf.j2 b/roles/service-radvd/templates/radvd.conf.j2 index afd13cf..e38b42a 100644 --- a/roles/service-radvd/templates/radvd.conf.j2 +++ b/roles/service-radvd/templates/radvd.conf.j2 @@ -3,7 +3,7 @@ # {{ ansible_managed }} # {% for mesh in meshes %} -interface {{ mesh.id }}BR +interface {{ mesh.id }}br { AdvSendAdvert on; IgnoreIfMissing on; diff --git a/roles/service-respondd/templates/respondd.service.j2 b/roles/service-respondd/templates/respondd.service.j2 index 9a9a433..201a1f6 100644 --- a/roles/service-respondd/templates/respondd.service.j2 +++ b/roles/service-respondd/templates/respondd.service.j2 @@ -2,7 +2,7 @@ Description=respondd instance {{ item.id }} [Service] -ExecStart=/home/admin/clones/mesh-announce/respondd.py -i {{ item.id }}BR {% for interface in item.fastd.nodes.instances %}-i {{ item.id }}VPN-{{ interface.mtu }}{% if not loop.last %} {% endif %}{% endfor %} -b {{ item.id }}BAT -s {{ item.site_code }} -d /home/admin/clones/mesh-announce/ +ExecStart=/home/admin/clones/mesh-announce/respondd.py -i {{ item.id }}br {% for interface in item.fastd.nodes.instances %}-i {{ item.id }}vpn-{{ interface.mtu }}{% if not loop.last %} {% endif %}{% endfor %} -b {{ item.id }}bat -s {{ item.site_code }} -d /home/admin/clones/mesh-announce/ Restart=always Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin diff --git a/roles/service-tinc/README.md b/roles/service-tinc/README.md index f2ad562..e4829e6 100644 --- a/roles/service-tinc/README.md +++ b/roles/service-tinc/README.md @@ -3,7 +3,7 @@ Diese Ansible role installiert und konfiguriert den tinc daemon, der für die Verbindung in das InterCity-VPN benötigt wird. - installiert tinc -- erzeugt icVPN tinc Instanz +- erzeugt icvpn tinc Instanz - klont freifunk/icvpn repo - schreibt tinc.conf - schreibt tinc-up hook script @@ -16,7 +16,7 @@ Diese Ansible role installiert und konfiguriert den tinc daemon, der für die Ve ``` icvpn: prefix: mwu - interface: icVPN + interface: icvpn icvpn_repo: https://github.com/freifunk/icvpn ``` - Variable `icvpn_ipv4_transfer_net` @@ -30,12 +30,12 @@ routing_tables: - Host Variable `magic` - Host Variable `tinc_private_key` ``` -tinc_private_key: "{{ lookup('passwordstore', 'tinc/icVPN/$Hostname_private returnall=true') }}" +tinc_private_key: "{{ lookup('passwordstore', 'tinc/icvpn/$Hostname_private returnall=true') }}" ``` ## tinc private key -Der private Schlüssel der icVPN tinc-Instanz liegt im passwordstore. +Der private Schlüssel der icvpn tinc-Instanz liegt im passwordstore. Bevor man ein Gateway aufsetzt, muss der private Schlüssel generiert und im passwordstore hinterlegt werden. Die Variable `tinc_private_key` folgt dem Aufbau: ```