Lowercase all network interface names

This commit is contained in:
Tobias Hachmer 2017-11-06 21:24:56 +01:00
parent c6a15b38c2
commit fc04651e8b
35 changed files with 112 additions and 112 deletions

View file

@ -30,7 +30,7 @@ Diese Liste ist quasi das Herzstück zur Konfiguration der Mesh-spezifischen Par
|Name|Type|Value|Format|Comment| |Name|Type|Value|Format|Comment|
|----|----|-----|------|-------| |----|----|-----|------|-------|
|id |Variable|mz|string|Zum Teil werden Interface-Namen davon abgeleitet, z.B. `mzBR` oder `mzBAT`| |id |Variable|mz|string|Zum Teil werden Interface-Namen davon abgeleitet, z.B. `mzbr` oder `mzbat`|
|site_number|Variable|37|integer|Fließt in IP-Adress-Berechnung ein| |site_number|Variable|37|integer|Fließt in IP-Adress-Berechnung ein|
|site_code|Variable|ffmz|string|| |site_code|Variable|ffmz|string||
|site_name|Variable|Mainz|string|| |site_name|Variable|Mainz|string||
@ -93,7 +93,7 @@ Weitere Gruppen-Variablen:
|http_domain_external|Variable|freifunk-mwu.de|string|Haupt-Domain für HTTP-Server(extern)| |http_domain_external|Variable|freifunk-mwu.de|string|Haupt-Domain für HTTP-Server(extern)|
|icvpn|Dictionary|||ICVPN Informationen| |icvpn|Dictionary|||ICVPN Informationen|
|icvpn.prefix|Key|mwu|string|Prefix für MWU Gateways, z.B. `mwu7` für Spinat| |icvpn.prefix|Key|mwu|string|Prefix für MWU Gateways, z.B. `mwu7` für Spinat|
|icvpn.interface|Key|icVPN|string|Name für ICVPN Interface + tinc Instanz| |icvpn.interface|Key|icvpn|string|Name für ICVPN Interface + tinc Instanz|
|icvpn.icvpn_repo|Key|https://github.com/freifunk/icvpn|string|URL zum freifunk/icvpn Repository| |icvpn.icvpn_repo|Key|https://github.com/freifunk/icvpn|string|URL zum freifunk/icvpn Repository|
|bgp_mwu_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net| |bgp_mwu_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net|
|bgp_mwu_servers.spinat|Dictionary|||| |bgp_mwu_servers.spinat|Dictionary||||
@ -135,11 +135,11 @@ Alle Server- bzw. Gateway-spezifischen Parameter werden als Host-Variablen abgeb
|ffrl_exit_server.ffrl-b-fra2-fra.tunnel_ipv4_network|Key|100.64.0.188/31|Network/Prefix|Internes IPv4-Tunnel-Subnetz| |ffrl_exit_server.ffrl-b-fra2-fra.tunnel_ipv4_network|Key|100.64.0.188/31|Network/Prefix|Internes IPv4-Tunnel-Subnetz|
|ffrl_exit_server.ffrl-b-fra2-fra.tunnel_ipv6_network|Key|2a03:2260:0:64::/64|Network/Prefix|Internes IPv6-Tunnel-Subnetz| |ffrl_exit_server.ffrl-b-fra2-fra.tunnel_ipv6_network|Key|2a03:2260:0:64::/64|Network/Prefix|Internes IPv6-Tunnel-Subnetz|
|fastd_secrets|Dictionary|||Ein Eintrag pro fastd-Interface mit passwordstore lookup zum pass-Pfad| |fastd_secrets|Dictionary|||Ein Eintrag pro fastd-Interface mit passwordstore lookup zum pass-Pfad|
|fastd_secrets.mzVPN|Key|"{{ lookup('passwordstore', 'fastd/mzVPN/spinat subkey=secret') }}"||| |fastd_secrets.mzvpn|Key|"{{ lookup('passwordstore', 'fastd/mzvpn/spinat subkey=secret') }}"|||
|fastd_secrets.wiVPN|Key|"{{ lookup('passwordstore', 'fastd/wiVPN/spinat subkey=secret') }}"||| |fastd_secrets.wivpn|Key|"{{ lookup('passwordstore', 'fastd/wivpn/spinat subkey=secret') }}"|||
|fastd_secrets.mzigVPN|Key|"{{ lookup('passwordstore', 'fastd/mzVPN/spinat subkey=secret') }}"||| |fastd_secrets.mzigvpn|Key|"{{ lookup('passwordstore', 'fastd/mzvpn/spinat subkey=secret') }}"|||
|fastd_secrets.wiigVPN|Key|"{{ lookup('passwordstore', 'fastd/wiVPN/spinat subkey=secret') }}"||| |fastd_secrets.wiigvpn|Key|"{{ lookup('passwordstore', 'fastd/wivpn/spinat subkey=secret') }}"|||
|tinc_private_key|Variable|"{{ lookup('passwordstore', 'tinc/icVPN/spinat_private returnall=true') }}"||Passwordstore lookup zum pass-Pfad| |tinc_private_key|Variable|"{{ lookup('passwordstore', 'tinc/icvpn/spinat_private returnall=true') }}"||Passwordstore lookup zum pass-Pfad|
## Sensible Informationen ## Sensible Informationen
@ -196,13 +196,13 @@ ffrl_exit_server:
# Pfade zu den fastd secrets im passwordstore # Pfade zu den fastd secrets im passwordstore
fastd_secrets: fastd_secrets:
mzVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/$Hostname subkey=secret') }}" mzvpn: "{{ lookup('passwordstore', 'fastd/mzvpn/$Hostname subkey=secret') }}"
wiVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/$Hostname subkey=secret') }}" wivpn: "{{ lookup('passwordstore', 'fastd/wivpn/$Hostname subkey=secret') }}"
mzigVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/$Hostname subkey=secret') }}" mzigvpn: "{{ lookup('passwordstore', 'fastd/mzvpn/$Hostname subkey=secret') }}"
wiigVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/$Hostname subkey=secret') }}" wiigvpn: "{{ lookup('passwordstore', 'fastd/wivpn/$Hostname subkey=secret') }}"
# Pfade zum tinc secret im passwordstore # Pfade zum tinc secret im passwordstore
tinc_private_key: "{{ lookup('passwordstore', 'tinc/icVPN/$hostname_private returnall=true') }}" tinc_private_key: "{{ lookup('passwordstore', 'tinc/icvpn/$hostname_private returnall=true') }}"
``` ```
- Neues Gateway aufsetzen per `ansible-playbook playbooks/gateways.yml` - Neues Gateway aufsetzen per `ansible-playbook playbooks/gateways.yml`
- Hierbei werden die definierten Rollen auch auf schon aufgesetzte Gateways angewandt, was unkritisch ist, weil wir unsere Rollen idempotent schreiben. - Hierbei werden die definierten Rollen auch auf schon aufgesetzte Gateways angewandt, was unkritisch ist, weil wir unsere Rollen idempotent schreiben.

View file

@ -130,7 +130,7 @@ meshes:
icvpn: icvpn:
prefix: mwu prefix: mwu
interface: icVPN interface: icvpn
icvpn_repo: https://github.com/freifunk/icvpn icvpn_repo: https://github.com/freifunk/icvpn
bgp_mwu_servers: bgp_mwu_servers:

View file

@ -36,7 +36,7 @@
- name: restart fastd intragate instances - name: restart fastd intragate instances
systemd: systemd:
name: "fastd@{{ item.0.id }}igVPN-{{ item.1.mtu }}" name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}"
state: restarted state: restarted
with_subelements: with_subelements:
- "{{ meshes }}" - "{{ meshes }}"
@ -44,7 +44,7 @@
- name: restart fastd mesh instances - name: restart fastd mesh instances
systemd: systemd:
name: "fastd@{{ item.0.id }}VPN-{{ item.1.mtu }}" name: "fastd@{{ item.0.id }}vpn-{{ item.1.mtu }}"
state: restarted state: restarted
with_subelements: with_subelements:
- "{{ meshes }}" - "{{ meshes }}"

View file

@ -43,4 +43,4 @@ meshes:
Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet. Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet.
xx0-prefix: `02:00` xx0-prefix: `02:00`
xxBAT-prefix: `02:01` xxbat-prefix: `02:01`

View file

@ -9,7 +9,7 @@
- name: create batman interfaces - name: create batman interfaces
template: template:
src: batman.j2 src: batman.j2
dest: "/etc/network/interfaces.d/{{ item.id }}BAT" dest: "/etc/network/interfaces.d/{{ item.id }}bat"
notify: reload network interfaces notify: reload network interfaces
with_items: "{{ meshes }}" with_items: "{{ meshes }}"

View file

@ -4,10 +4,10 @@
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #
auto {{ item.id }}BAT auto {{ item.id }}bat
iface {{ item.id }}BAT iface {{ item.id }}bat
hwaddress {{ mac | hwaddr('linux') }} hwaddress {{ mac | hwaddr('linux') }}
batman-ifaces {{ item.id }}0 {% for instance in item.fastd.nodes.instances %}{{ item.id }}VPN-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% for instance in item.fastd.intragate.instances %}{{ item.id }}igVPN-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} batman-ifaces {{ item.id }}0 {% for instance in item.fastd.nodes.instances %}{{ item.id }}vpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% for instance in item.fastd.intragate.instances %}{{ item.id }}igvpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %}
batman-hop-penalty {{ item.batman.hop_penalty }} batman-hop-penalty {{ item.batman.hop_penalty }}
post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }} post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }}
post-up /usr/sbin/batctl -m $IFACE gw {{ item.batman.gw }} post-up /usr/sbin/batctl -m $IFACE gw {{ item.batman.gw }}

View file

@ -5,8 +5,8 @@ Diese Ansible role konfiguriert Netzwerk Interfaces für die definierten fastd I
Es wird zwischen node- und intragate-Instanzen unterschieden. Es wird zwischen node- und intragate-Instanzen unterschieden.
## Interface-Benamung ## Interface-Benamung
Node-Interfaces: $mesh.id + VPN + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzVPN-1312" Node-Interfaces: $mesh.id + vpn + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzvpn-1312"
Intragate-Interfaces: $mesh.id + 'ig' + VPN + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigVPN-1312" Intragate-Interfaces: $mesh.id + 'ig' + vpn + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigvpn-1312"
## Benötigte Variablen ## Benötigte Variablen
@ -36,5 +36,5 @@ meshes:
Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet. Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet.
xxVPN-$mtu prefix: `02:2x` # x = ID der fastd-Instanz xxvpn-$mtu prefix: `02:2x` # x = ID der fastd-Instanz
xxigVPN-$mtu prefix: `02:3x` # x = ID der fastd-Instanz xxigvpn-$mtu prefix: `02:3x` # x = ID der fastd-Instanz

View file

@ -2,7 +2,7 @@
- name: create fastd mesh interfaces - name: create fastd mesh interfaces
template: template:
src: fastd-mesh.j2 src: fastd-mesh.j2
dest: "/etc/network/interfaces.d/{{ item.0.id }}VPN-{{ item.1.mtu }}" dest: "/etc/network/interfaces.d/{{ item.0.id }}vpn-{{ item.1.mtu }}"
notify: reload network interfaces notify: reload network interfaces
with_subelements: with_subelements:
- "{{ meshes }}" - "{{ meshes }}"
@ -11,7 +11,7 @@
- name: create fastd intragate interfaces - name: create fastd intragate interfaces
template: template:
src: fastd-intragate.j2 src: fastd-intragate.j2
dest: "/etc/network/interfaces.d/{{ item.0.id }}igVPN-{{ item.1.mtu }}" dest: "/etc/network/interfaces.d/{{ item.0.id }}igvpn-{{ item.1.mtu }}"
notify: reload network interfaces notify: reload network interfaces
with_subelements: with_subelements:
- "{{ meshes }}" - "{{ meshes }}"

View file

@ -3,6 +3,6 @@
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #
auto {{ item.0.id }}igVPN-{{ item.1.mtu }} auto {{ item.0.id }}igvpn-{{ item.1.mtu }}
iface {{ item.0.id }}igVPN-{{ item.1.mtu }} iface {{ item.0.id }}igvpn-{{ item.1.mtu }}
hwaddress {{ mac | hwaddr('linux') }} hwaddress {{ mac | hwaddr('linux') }}

View file

@ -3,6 +3,6 @@
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #
auto {{ item.0.id }}VPN-{{ item.1.mtu }} auto {{ item.0.id }}vpn-{{ item.1.mtu }}
iface {{ item.0.id }}VPN-{{ item.1.mtu }} iface {{ item.0.id }}vpn-{{ item.1.mtu }}
hwaddress {{ mac | hwaddr('linux') }} hwaddress {{ mac | hwaddr('linux') }}

View file

@ -9,7 +9,7 @@
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
{% for mesh in meshes %} {% for mesh in meshes %}
-A FORWARD -i {{ mesh.id }}BR -o {{ mesh.id }}BR -j ACCEPT -A FORWARD -i {{ mesh.id }}br -o {{ mesh.id }}br -j ACCEPT
{% endfor %} {% endfor %}
-A FORWARD -m conntrack --ctstate INVALID -j DROP -A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

View file

@ -8,7 +8,7 @@
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
{% for mesh in meshes %} {% for mesh in meshes %}
-A FORWARD -i {{ mesh.id }}BR -o {{ mesh.id }}BR -j ACCEPT -A FORWARD -i {{ mesh.id }}br -o {{ mesh.id }}br -j ACCEPT
{% endfor %} {% endfor %}
-A FORWARD -m conntrack --ctstate INVALID -j DROP -A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

View file

@ -27,4 +27,4 @@ meshes:
Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet. Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet.
xxBR-prefix: `02:10` xxbr-prefix: `02:10`

View file

@ -2,14 +2,14 @@
- name: create mesh bridges - name: create mesh bridges
template: template:
src: bridge.j2 src: bridge.j2
dest: "/etc/network/interfaces.d/{{ item.id }}BR" dest: "/etc/network/interfaces.d/{{ item.id }}br"
notify: reload network interfaces notify: reload network interfaces
with_items: "{{ meshes }}" with_items: "{{ meshes }}"
- name: set sysfs variables - name: set sysfs variables
template: template:
src: sysfs.j2 src: sysfs.j2
dest: "/etc/sysfs.d/99-{{ item.id }}BR.conf" dest: "/etc/sysfs.d/99-{{ item.id }}br.conf"
with_items: "{{ meshes }}" with_items: "{{ meshes }}"
notify: activate sysfs variables notify: activate sysfs variables

View file

@ -3,8 +3,8 @@
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #
auto {{ item.id }}BR auto {{ item.id }}br
iface {{ item.id }}BR iface {{ item.id }}br
hwaddress {{ mac | hwaddr('linux') }} hwaddress {{ mac | hwaddr('linux') }}
address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }} address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }}
{% for prefix in item.ipv6_ula %} {% for prefix in item.ipv6_ula %}
@ -13,4 +13,4 @@ iface {{ item.id }}BR
{% for prefix in item.ipv6_public %} {% for prefix in item.ipv6_public %}
address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }} address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
{% endfor %} {% endfor %}
bridge-ports {{ item.id }}BAT bridge-ports {{ item.id }}bat

View file

@ -1,4 +1,4 @@
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #
class/net/{{ item.id }}BR/bridge/hash_max = 16384 class/net/{{ item.id }}br/bridge/hash_max = 16384

View file

@ -7,7 +7,7 @@
{% for mesh in meshes %} {% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7 ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7 ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7 ip -4 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
{% for ula in mesh.ipv6_ula %} {% for ula in mesh.ipv6_ula %}
ip -6 rule add from {{ ula }} lookup mwu priority 7 ip -6 rule add from {{ ula }} lookup mwu priority 7
ip -6 rule add to {{ ula }} lookup mwu priority 7 ip -6 rule add to {{ ula }} lookup mwu priority 7
@ -16,14 +16,14 @@ ip -6 rule add to {{ ula }} lookup mwu priority 7
ip -6 rule add from {{ public }} lookup mwu priority 7 ip -6 rule add from {{ public }} lookup mwu priority 7
ip -6 rule add to {{ public }} lookup mwu priority 7 ip -6 rule add to {{ public }} lookup mwu priority 7
{% endfor %} {% endfor %}
ip -6 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7 ip -6 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
{% endfor %} {% endfor %}
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges # Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
{% for mesh in meshes %} {% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23 ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23 ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23 ip -4 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
{% for ula in mesh.ipv6_ula %} {% for ula in mesh.ipv6_ula %}
ip -6 rule add from {{ ula }} lookup icvpn priority 23 ip -6 rule add from {{ ula }} lookup icvpn priority 23
ip -6 rule add to {{ ula }} lookup icvpn priority 23 ip -6 rule add to {{ ula }} lookup icvpn priority 23
@ -32,10 +32,10 @@ ip -6 rule add to {{ ula }} lookup icvpn priority 23
ip -6 rule add from {{ public }} lookup icvpn priority 23 ip -6 rule add from {{ public }} lookup icvpn priority 23
ip -6 rule add to {{ public }} lookup icvpn priority 23 ip -6 rule add to {{ public }} lookup icvpn priority 23
{% endfor %} {% endfor %}
ip -6 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23 ip -6 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
{% endfor %} {% endfor %}
ip -4 rule add from all oif icVPN lookup icvpn priority 23 ip -4 rule add from all oif icvpn lookup icvpn priority 23
ip -6 rule add from all oif icVPN lookup icvpn priority 23 ip -6 rule add from all oif icvpn lookup icvpn priority 23
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges # Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
{% for mesh in meshes %} {% for mesh in meshes %}
@ -48,23 +48,23 @@ ip -6 rule add to {{ ula }} lookup internet priority 41
ip -6 rule add from {{ public }} lookup internet priority 41 ip -6 rule add from {{ public }} lookup internet priority 41
ip -6 rule add to {{ public }} lookup internet priority 41 ip -6 rule add to {{ public }} lookup internet priority 41
{% endfor %} {% endfor %}
ip -6 rule add from all oif {{ mesh.id }}BR lookup internet priority 41 ip -6 rule add from all oif {{ mesh.id }}br lookup internet priority 41
{% endfor %} {% endfor %}
ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
# Priority 61 - at this point this is the end of policy routing for freifunk related routes # Priority 61 - at this point this is the end of policy routing for freifunk related routes
{% for mesh in meshes %} {% for mesh in meshes %}
ip -4 rule add from all iif {{ mesh.id }}BR type unreachable priority 61 ip -4 rule add from all iif {{ mesh.id }}br type unreachable priority 61
ip -6 rule add from all iif {{ mesh.id }}BR type unreachable priority 61 ip -6 rule add from all iif {{ mesh.id }}br type unreachable priority 61
{% endfor %} {% endfor %}
ip -4 rule add from all iif icVPN type unreachable priority 61 ip -4 rule add from all iif icvpn type unreachable priority 61
ip -4 rule add from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61 ip -4 rule add from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
{% for server_id, server_value in ffrl_exit_server.iteritems() %} {% for server_id, server_value in ffrl_exit_server.iteritems() %}
ip -4 rule add from all iif {{ server_id }} type unreachable priority 61 ip -4 rule add from all iif {{ server_id }} type unreachable priority 61
ip -6 rule add from all iif {{ server_id }} type unreachable priority 61 ip -6 rule add from all iif {{ server_id }} type unreachable priority 61
{% endfor %} {% endfor %}
ip -6 rule add from all iif icVPN type unreachable priority 61 ip -6 rule add from all iif icvpn type unreachable priority 61
ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61 ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
{% for mesh in meshes %} {% for mesh in meshes %}
{% for public in mesh.ipv6_public %} {% for public in mesh.ipv6_public %}

View file

@ -5,13 +5,13 @@
{% for mesh in meshes %} {% for mesh in meshes %}
# static {{ mesh.site_name }} routes for rt_table mwu # static {{ mesh.site_name }} routes for rt_table mwu
/sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}BR table mwu /sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
{% for ula in mesh.ipv6_ula %} {% for ula in mesh.ipv6_ula %}
/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu /sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
{% endfor %} {% endfor %}
{% for public in mesh.ipv6_public %} {% for public in mesh.ipv6_public %}
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu /sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu /sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
{% endfor %} {% endfor %}
{% if not loop.last %} {% if not loop.last %}

View file

@ -7,7 +7,7 @@
{% for mesh in meshes %} {% for mesh in meshes %}
ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7 ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7 ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule del from all oif {{ mesh.id }}BR lookup mwu priority 7 ip -4 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
{% for ula in mesh.ipv6_ula %} {% for ula in mesh.ipv6_ula %}
ip -6 rule del from {{ ula }} lookup mwu priority 7 ip -6 rule del from {{ ula }} lookup mwu priority 7
ip -6 rule del to {{ ula }} lookup mwu priority 7 ip -6 rule del to {{ ula }} lookup mwu priority 7
@ -16,14 +16,14 @@ ip -6 rule del to {{ ula }} lookup mwu priority 7
ip -6 rule del from {{ public }} lookup mwu priority 7 ip -6 rule del from {{ public }} lookup mwu priority 7
ip -6 rule del to {{ public }} lookup mwu priority 7 ip -6 rule del to {{ public }} lookup mwu priority 7
{% endfor %} {% endfor %}
ip -6 rule del from all oif {{ mesh.id }}BR lookup mwu priority 7 ip -6 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
{% endfor %} {% endfor %}
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges # Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
{% for mesh in meshes %} {% for mesh in meshes %}
ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23 ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23 ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule del from all oif {{ mesh.id }}BR lookup icvpn priority 23 ip -4 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
{% for ula in mesh.ipv6_ula %} {% for ula in mesh.ipv6_ula %}
ip -6 rule del from {{ ula }} lookup icvpn priority 23 ip -6 rule del from {{ ula }} lookup icvpn priority 23
ip -6 rule del to {{ ula }} lookup icvpn priority 23 ip -6 rule del to {{ ula }} lookup icvpn priority 23
@ -32,10 +32,10 @@ ip -6 rule del to {{ ula }} lookup icvpn priority 23
ip -6 rule del from {{ public }} lookup icvpn priority 23 ip -6 rule del from {{ public }} lookup icvpn priority 23
ip -6 rule del to {{ public }} lookup icvpn priority 23 ip -6 rule del to {{ public }} lookup icvpn priority 23
{% endfor %} {% endfor %}
ip -6 rule del from all oif {{ mesh.id }}BR lookup icvpn priority 23 ip -6 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
{% endfor %} {% endfor %}
ip -4 rule del from all oif icVPN lookup icvpn priority 23 ip -4 rule del from all oif icvpn lookup icvpn priority 23
ip -6 rule del from all oif icVPN lookup icvpn priority 23 ip -6 rule del from all oif icvpn lookup icvpn priority 23
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges # Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
{% for mesh in meshes %} {% for mesh in meshes %}
@ -48,23 +48,23 @@ ip -6 rule del to {{ ula }} lookup internet priority 41
ip -6 rule del from {{ public }} lookup internet priority 41 ip -6 rule del from {{ public }} lookup internet priority 41
ip -6 rule del to {{ public }} lookup internet priority 41 ip -6 rule del to {{ public }} lookup internet priority 41
{% endfor %} {% endfor %}
ip -6 rule del from all oif {{ mesh.id }}BR lookup internet priority 41 ip -6 rule del from all oif {{ mesh.id }}br lookup internet priority 41
{% endfor %} {% endfor %}
ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41 ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
# Priority 61 - at this point this is the end of policy routing for freifunk related routes # Priority 61 - at this point this is the end of policy routing for freifunk related routes
{% for mesh in meshes %} {% for mesh in meshes %}
ip -4 rule del from all iif {{ mesh.id }}BR type unreachable priority 61 ip -4 rule del from all iif {{ mesh.id }}br type unreachable priority 61
ip -6 rule del from all iif {{ mesh.id }}BR type unreachable priority 61 ip -6 rule del from all iif {{ mesh.id }}br type unreachable priority 61
{% endfor %} {% endfor %}
ip -4 rule del from all iif icVPN type unreachable priority 61 ip -4 rule del from all iif icvpn type unreachable priority 61
ip -4 rule del from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61 ip -4 rule del from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
{% for server_id, server_value in ffrl_exit_server.iteritems() %} {% for server_id, server_value in ffrl_exit_server.iteritems() %}
ip -4 rule del from all iif {{ server_id }} type unreachable priority 61 ip -4 rule del from all iif {{ server_id }} type unreachable priority 61
ip -6 rule del from all iif {{ server_id }} type unreachable priority 61 ip -6 rule del from all iif {{ server_id }} type unreachable priority 61
{% endfor %} {% endfor %}
ip -6 rule del from all iif icVPN type unreachable priority 61 ip -6 rule del from all iif icvpn type unreachable priority 61
ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61 ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
{% for mesh in meshes %} {% for mesh in meshes %}
{% for public in mesh.ipv6_public %} {% for public in mesh.ipv6_public %}

View file

@ -5,13 +5,13 @@
{% for mesh in meshes %} {% for mesh in meshes %}
# static {{ mesh.site_name }} routes for rt_table mwu # static {{ mesh.site_name }} routes for rt_table mwu
/sbin/ip -4 route del {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}BR table mwu /sbin/ip -4 route del {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
{% for ula in mesh.ipv6_ula %} {% for ula in mesh.ipv6_ula %}
/sbin/ip -6 route del {{ ula | ipaddr('net') | ipsubnet(64, 0) }} proto static dev {{ mesh.id }}BR table mwu /sbin/ip -6 route del {{ ula | ipaddr('net') | ipsubnet(64, 0) }} proto static dev {{ mesh.id }}br table mwu
{% endfor %} {% endfor %}
{% for public in mesh.ipv6_public %} {% for public in mesh.ipv6_public %}
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) }} proto static dev {{ mesh.id }}BR table mwu /sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) }} proto static dev {{ mesh.id }}br table mwu
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, magic) }} proto static dev {{ mesh.id }}BR table mwu /sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, magic) }} proto static dev {{ mesh.id }}br table mwu
{% endfor %} {% endfor %}
{% if not loop.last %} {% if not loop.last %}

View file

@ -51,7 +51,7 @@ protocol device {
protocol direct mwu_subnets { protocol direct mwu_subnets {
{% for mesh in meshes %} {% for mesh in meshes %}
interface "{{ mesh.id }}BR"; interface "{{ mesh.id }}br";
{% endfor %} {% endfor %}
import where is_mwu_self_nets(); import where is_mwu_self_nets();
}; };

View file

@ -40,7 +40,7 @@ protocol device {
protocol direct mwu_subnets { protocol direct mwu_subnets {
{% for mesh in meshes %} {% for mesh in meshes %}
interface "{{ mesh.id }}BR"; interface "{{ mesh.id }}br";
{% endfor %} {% endfor %}
import where is_mwu_self_nets(); import where is_mwu_self_nets();
}; };

View file

@ -6,7 +6,7 @@
- name: concatenate meshbridge interfaces - name: concatenate meshbridge interfaces
set_fact: set_fact:
dhcp_interfaces: "{% for mesh in meshes %}{{ mesh.id }}BR{% if not loop.last %} {% endif %}{% endfor %}" dhcp_interfaces: "{% for mesh in meshes %}{{ mesh.id }}br{% if not loop.last %} {% endif %}{% endfor %}"
- name: set ipv4 interfaces isc dhcp should listen on - name: set ipv4 interfaces isc dhcp should listen on
lineinfile: lineinfile:

View file

@ -2,7 +2,7 @@
Diese Ansible role konfiguriert die fastd-Instanz für die Intra-Server Kommunikation. Diese Ansible role konfiguriert die fastd-Instanz für die Intra-Server Kommunikation.
- konfiguriert xxigVPN-Instanzen - konfiguriert xxigvpn-Instanzen
- stellt sicher, dass die Instanz-Verzeichnisse existieren - stellt sicher, dass die Instanz-Verzeichnisse existieren
- schreibt fastd.conf - schreibt fastd.conf
- schreibt secret.conf - schreibt secret.conf
@ -31,8 +31,8 @@ meshes:
- Dictionary `fastd_secrets` (Host-Variable) - Dictionary `fastd_secrets` (Host-Variable)
´´´ ´´´
fastd_secrets: fastd_secrets:
mzigVPN: "{{ lookup('passwordstore', 'fastd/mzigVPN/sparegate4 subkey=secret') }}" mzigvpn: "{{ lookup('passwordstore', 'fastd/mzigvpn/sparegate4 subkey=secret') }}"
wiigVPN: "{{ lookup('passwordstore', 'fastd/wiigVPN/sparegate4 subkey=secret') }}" wiigvpn: "{{ lookup('passwordstore', 'fastd/wiigvpn/sparegate4 subkey=secret') }}"
... ...
´´´ ´´´

View file

@ -1,7 +1,7 @@
--- ---
- name: create fastd intragate directories - name: create fastd intragate directories
file: file:
path: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}" path: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}"
state: directory state: directory
mode: 0755 mode: 0755
with_subelements: with_subelements:
@ -10,7 +10,7 @@
- name: create fastd peer intragate directories - name: create fastd peer intragate directories
file: file:
path: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/peers" path: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/peers"
state: directory state: directory
mode: 0755 mode: 0755
owner: admin owner: admin
@ -22,7 +22,7 @@
- name: clone fastd peer intragate repos - name: clone fastd peer intragate repos
git: git:
repo: "{{ item.1.peers.repo }}" repo: "{{ item.1.peers.repo }}"
dest: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/peers" dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/peers"
version: "{{ item.1.peers.version }}" version: "{{ item.1.peers.version }}"
update: no update: no
with_subelements: with_subelements:
@ -33,7 +33,7 @@
- name: template fastd mesh config - name: template fastd mesh config
template: template:
src: fastd-intragate.conf.j2 src: fastd-intragate.conf.j2
dest: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/fastd.conf" dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/fastd.conf"
notify: restart fastd intragate instances notify: restart fastd intragate instances
with_subelements: with_subelements:
- "{{ meshes }}" - "{{ meshes }}"
@ -42,7 +42,7 @@
- name: write fastd intragate secret - name: write fastd intragate secret
template: template:
src: fastd-secret.conf.j2 src: fastd-secret.conf.j2
dest: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/secret.conf" dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/secret.conf"
notify: restart fastd intragate instances notify: restart fastd intragate instances
with_subelements: with_subelements:
- "{{ meshes }}" - "{{ meshes }}"
@ -50,7 +50,7 @@
- name: configure systemd unit fastd@ - name: configure systemd unit fastd@
systemd: systemd:
name: "fastd@{{ item.0.id }}igVPN-{{ item.1.mtu }}" name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}"
enabled: yes enabled: yes
state: started state: started
with_subelements: with_subelements:

View file

@ -9,7 +9,7 @@ hide mac addresses yes;
method "aes128-ctr+umac"; method "aes128-ctr+umac";
interface "{{ item.0.id }}igVPN-{{ item.1.mtu }}"; interface "{{ item.0.id }}igvpn-{{ item.1.mtu }}";
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ item.0.site_number }}; bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ item.0.site_number }};
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ item.0.site_number }}; bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ item.0.site_number }};
@ -27,11 +27,11 @@ on up "
ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
ip link set $INTERFACE up ip link set $INTERFACE up
batctl -m {{ item.0.id }}BAT if add $INTERFACE batctl -m {{ item.0.id }}bat if add $INTERFACE
"; ";
on down " on down "
batctl -m {{ item.0.id }}BAT if del $INTERFACE batctl -m {{ item.0.id }}bat if del $INTERFACE
"; ";
status socket "/var/run/fastd-{{ item.0.id }}igVPN-{{ item.1.mtu }}.status"; status socket "/var/run/fastd-{{ item.0.id }}igvpn-{{ item.1.mtu }}.status";

View file

@ -1,4 +1,4 @@
{% set local_interface = item.0.id + 'igVPN' -%} {% set local_interface = item.0.id + 'igvpn' -%}
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #

View file

@ -11,8 +11,8 @@ Diese Ansible role konfiguriert die fastd-Instanz für die Knoten Kommunikation.
- klont bingener fastd peer repo (im Moment hardcoded) - klont bingener fastd peer repo (im Moment hardcoded)
## Instanz-Benamung ## Instanz-Benamung
Node-Instanzen: $mesh.id + VPN + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzVPN-1312" Node-Instanzen: $mesh.id + vpn + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzvpn-1312"
Intragate-Instanzen: $mesh.id + 'ig' + VPN + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigVPN-1312" Intragate-Instanzen: $mesh.id + 'ig' + vpn + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigvpn-1312"
## Benötigte Variablen ## Benötigte Variablen
@ -35,8 +35,8 @@ meshes:
- Dictionary `fastd_secrets` (Host-Variable) - Dictionary `fastd_secrets` (Host-Variable)
´´´ ´´´
fastd_secrets: fastd_secrets:
mzVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/sparegate4 subkey=secret') }}" mzvpn: "{{ lookup('passwordstore', 'fastd/mzvpn/sparegate4 subkey=secret') }}"
wiVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/sparegate4 subkey=secret') }}" wivpn: "{{ lookup('passwordstore', 'fastd/wivpn/sparegate4 subkey=secret') }}"
... ...
´´´ ´´´

View file

@ -1,7 +1,7 @@
--- ---
- name: create fastd directories - name: create fastd directories
file: file:
path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}" path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}"
state: directory state: directory
mode: 0755 mode: 0755
with_subelements: with_subelements:
@ -10,7 +10,7 @@
- name: create fastd peer mesh directories - name: create fastd peer mesh directories
file: file:
path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peers" path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers"
state: directory state: directory
mode: 0755 mode: 0755
owner: admin owner: admin
@ -21,7 +21,7 @@
- name: create fastd peer mesh directories for ffbin - name: create fastd peer mesh directories for ffbin
file: file:
path: "/etc/fastd/mzVPN-{{ item }}/peers_bingen" path: "/etc/fastd/mzvpn-{{ item }}/peers_bingen"
state: directory state: directory
mode: 0755 mode: 0755
owner: admin owner: admin
@ -33,7 +33,7 @@
- name: clone fastd peer mesh repos - name: clone fastd peer mesh repos
git: git:
repo: "{{ item.1.peers.repo }}" repo: "{{ item.1.peers.repo }}"
dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peers" dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers"
version: "{{ item.1.peers.version }}" version: "{{ item.1.peers.version }}"
update: no update: no
with_subelements: with_subelements:
@ -44,7 +44,7 @@
- name: clone fastd peer mesh repo for ffbin - name: clone fastd peer mesh repo for ffbin
git: git:
repo: https://github.com/freifunk-bingen/peers-ffbin.git repo: https://github.com/freifunk-bingen/peers-ffbin.git
dest: "/etc/fastd/mzVPN-{{ item }}/peers_bingen" dest: "/etc/fastd/mzvpn-{{ item }}/peers_bingen"
version: master version: master
update: no update: no
with_items: with_items:
@ -55,7 +55,7 @@
- name: template fastd mesh config - name: template fastd mesh config
template: template:
src: fastd-mesh.conf.j2 src: fastd-mesh.conf.j2
dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/fastd.conf" dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/fastd.conf"
notify: restart fastd mesh instances notify: restart fastd mesh instances
with_subelements: with_subelements:
- "{{ meshes }}" - "{{ meshes }}"
@ -64,7 +64,7 @@
- name: write fastd mesh secret - name: write fastd mesh secret
template: template:
src: fastd-secret.conf.j2 src: fastd-secret.conf.j2
dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/secret.conf" dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/secret.conf"
notify: restart fastd mesh instances notify: restart fastd mesh instances
with_subelements: with_subelements:
- "{{ meshes }}" - "{{ meshes }}"
@ -73,7 +73,7 @@
- name: copy peer_limit.conf if not exist - name: copy peer_limit.conf if not exist
copy: copy:
src: peer_limit.conf src: peer_limit.conf
dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peer_limit.conf" dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf"
owner: admin owner: admin
group: admin group: admin
mode: 0640 mode: 0640
@ -85,7 +85,7 @@
- name: set file attributes for peer_limit.conf - name: set file attributes for peer_limit.conf
file: file:
path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peer_limit.conf" path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf"
mode: 0640 mode: 0640
owner: admin owner: admin
group: admin group: admin
@ -149,7 +149,7 @@
- name: configure systemd unit fastd@ - name: configure systemd unit fastd@
systemd: systemd:
name: "fastd@{{ item.0.id }}VPN-{{ item.1.mtu }}" name: "fastd@{{ item.0.id }}vpn-{{ item.1.mtu }}"
enabled: yes enabled: yes
state: started state: started
with_subelements: with_subelements:

View file

@ -9,7 +9,7 @@ hide mac addresses yes;
method "salsa2012+umac"; method "salsa2012+umac";
interface "{{ item.0.id }}VPN-{{ item.1.mtu }}"; interface "{{ item.0.id }}vpn-{{ item.1.mtu }}";
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ item.0.site_number }}; bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ item.0.site_number }};
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ item.0.site_number }}; bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ item.0.site_number }};
@ -34,11 +34,11 @@ on up "
ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
ip link set $INTERFACE up ip link set $INTERFACE up
batctl -m {{ item.0.id }}BAT if add $INTERFACE batctl -m {{ item.0.id }}bat if add $INTERFACE
"; ";
on down " on down "
batctl -m {{ item.0.id }}BAT if del $INTERFACE batctl -m {{ item.0.id }}bat if del $INTERFACE
"; ";
status socket "/var/run/fastd-{{ item.0.id }}VPN-{{ item.1.mtu }}.status"; status socket "/var/run/fastd-{{ item.0.id }}vpn-{{ item.1.mtu }}.status";

View file

@ -1,4 +1,4 @@
{% set local_interface = item.0.id + 'VPN' -%} {% set local_interface = item.0.id + 'vpn' -%}
# #
# {{ ansible_managed }} # {{ ansible_managed }}
# #

View file

@ -6,7 +6,7 @@ additional: 8
fastd_instances: fastd_instances:
{% for mesh in meshes %} {% for mesh in meshes %}
{% for instance in mesh.fastd.nodes.instances %} {% for instance in mesh.fastd.nodes.instances %}
- {{ mesh.id }}VPN-{{ instance.mtu }} - {{ mesh.id }}vpn-{{ instance.mtu }}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
cronlog: '/home/admin/.cronlog/limit.%s.log' cronlog: '/home/admin/.cronlog/limit.%s.log'

View file

@ -3,7 +3,7 @@
# {{ ansible_managed }} # {{ ansible_managed }}
# #
{% for mesh in meshes %} {% for mesh in meshes %}
interface {{ mesh.id }}BR interface {{ mesh.id }}br
{ {
AdvSendAdvert on; AdvSendAdvert on;
IgnoreIfMissing on; IgnoreIfMissing on;

View file

@ -2,7 +2,7 @@
Description=respondd instance {{ item.id }} Description=respondd instance {{ item.id }}
[Service] [Service]
ExecStart=/home/admin/clones/mesh-announce/respondd.py -i {{ item.id }}BR {% for interface in item.fastd.nodes.instances %}-i {{ item.id }}VPN-{{ interface.mtu }}{% if not loop.last %} {% endif %}{% endfor %} -b {{ item.id }}BAT -s {{ item.site_code }} -d /home/admin/clones/mesh-announce/ ExecStart=/home/admin/clones/mesh-announce/respondd.py -i {{ item.id }}br {% for interface in item.fastd.nodes.instances %}-i {{ item.id }}vpn-{{ interface.mtu }}{% if not loop.last %} {% endif %}{% endfor %} -b {{ item.id }}bat -s {{ item.site_code }} -d /home/admin/clones/mesh-announce/
Restart=always Restart=always
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

View file

@ -3,7 +3,7 @@
Diese Ansible role installiert und konfiguriert den tinc daemon, der für die Verbindung in das InterCity-VPN benötigt wird. Diese Ansible role installiert und konfiguriert den tinc daemon, der für die Verbindung in das InterCity-VPN benötigt wird.
- installiert tinc - installiert tinc
- erzeugt icVPN tinc Instanz - erzeugt icvpn tinc Instanz
- klont freifunk/icvpn repo - klont freifunk/icvpn repo
- schreibt tinc.conf - schreibt tinc.conf
- schreibt tinc-up hook script - schreibt tinc-up hook script
@ -16,7 +16,7 @@ Diese Ansible role installiert und konfiguriert den tinc daemon, der für die Ve
``` ```
icvpn: icvpn:
prefix: mwu prefix: mwu
interface: icVPN interface: icvpn
icvpn_repo: https://github.com/freifunk/icvpn icvpn_repo: https://github.com/freifunk/icvpn
``` ```
- Variable `icvpn_ipv4_transfer_net` - Variable `icvpn_ipv4_transfer_net`
@ -30,12 +30,12 @@ routing_tables:
- Host Variable `magic` - Host Variable `magic`
- Host Variable `tinc_private_key` - Host Variable `tinc_private_key`
``` ```
tinc_private_key: "{{ lookup('passwordstore', 'tinc/icVPN/$Hostname_private returnall=true') }}" tinc_private_key: "{{ lookup('passwordstore', 'tinc/icvpn/$Hostname_private returnall=true') }}"
``` ```
## tinc private key ## tinc private key
Der private Schlüssel der icVPN tinc-Instanz liegt im passwordstore. Der private Schlüssel der icvpn tinc-Instanz liegt im passwordstore.
Bevor man ein Gateway aufsetzt, muss der private Schlüssel generiert und im passwordstore hinterlegt werden. Bevor man ein Gateway aufsetzt, muss der private Schlüssel generiert und im passwordstore hinterlegt werden.
Die Variable `tinc_private_key` folgt dem Aufbau: Die Variable `tinc_private_key` folgt dem Aufbau:
``` ```