Lowercase all network interface names
This commit is contained in:
parent
c6a15b38c2
commit
fc04651e8b
35 changed files with 112 additions and 112 deletions
24
Readme.md
24
Readme.md
|
@ -30,7 +30,7 @@ Diese Liste ist quasi das Herzstück zur Konfiguration der Mesh-spezifischen Par
|
||||||
|
|
||||||
|Name|Type|Value|Format|Comment|
|
|Name|Type|Value|Format|Comment|
|
||||||
|----|----|-----|------|-------|
|
|----|----|-----|------|-------|
|
||||||
|id |Variable|mz|string|Zum Teil werden Interface-Namen davon abgeleitet, z.B. `mzBR` oder `mzBAT`|
|
|id |Variable|mz|string|Zum Teil werden Interface-Namen davon abgeleitet, z.B. `mzbr` oder `mzbat`|
|
||||||
|site_number|Variable|37|integer|Fließt in IP-Adress-Berechnung ein|
|
|site_number|Variable|37|integer|Fließt in IP-Adress-Berechnung ein|
|
||||||
|site_code|Variable|ffmz|string||
|
|site_code|Variable|ffmz|string||
|
||||||
|site_name|Variable|Mainz|string||
|
|site_name|Variable|Mainz|string||
|
||||||
|
@ -93,7 +93,7 @@ Weitere Gruppen-Variablen:
|
||||||
|http_domain_external|Variable|freifunk-mwu.de|string|Haupt-Domain für HTTP-Server(extern)|
|
|http_domain_external|Variable|freifunk-mwu.de|string|Haupt-Domain für HTTP-Server(extern)|
|
||||||
|icvpn|Dictionary|||ICVPN Informationen|
|
|icvpn|Dictionary|||ICVPN Informationen|
|
||||||
|icvpn.prefix|Key|mwu|string|Prefix für MWU Gateways, z.B. `mwu7` für Spinat|
|
|icvpn.prefix|Key|mwu|string|Prefix für MWU Gateways, z.B. `mwu7` für Spinat|
|
||||||
|icvpn.interface|Key|icVPN|string|Name für ICVPN Interface + tinc Instanz|
|
|icvpn.interface|Key|icvpn|string|Name für ICVPN Interface + tinc Instanz|
|
||||||
|icvpn.icvpn_repo|Key|https://github.com/freifunk/icvpn|string|URL zum freifunk/icvpn Repository|
|
|icvpn.icvpn_repo|Key|https://github.com/freifunk/icvpn|string|URL zum freifunk/icvpn Repository|
|
||||||
|bgp_mwu_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net|
|
|bgp_mwu_servers|Dictionary|||Enthält pro BGP MWU peer ein Dictionary - IP-Adressen aus bgp_ipvX_transfer_net|
|
||||||
|bgp_mwu_servers.spinat|Dictionary||||
|
|bgp_mwu_servers.spinat|Dictionary||||
|
||||||
|
@ -135,11 +135,11 @@ Alle Server- bzw. Gateway-spezifischen Parameter werden als Host-Variablen abgeb
|
||||||
|ffrl_exit_server.ffrl-b-fra2-fra.tunnel_ipv4_network|Key|100.64.0.188/31|Network/Prefix|Internes IPv4-Tunnel-Subnetz|
|
|ffrl_exit_server.ffrl-b-fra2-fra.tunnel_ipv4_network|Key|100.64.0.188/31|Network/Prefix|Internes IPv4-Tunnel-Subnetz|
|
||||||
|ffrl_exit_server.ffrl-b-fra2-fra.tunnel_ipv6_network|Key|2a03:2260:0:64::/64|Network/Prefix|Internes IPv6-Tunnel-Subnetz|
|
|ffrl_exit_server.ffrl-b-fra2-fra.tunnel_ipv6_network|Key|2a03:2260:0:64::/64|Network/Prefix|Internes IPv6-Tunnel-Subnetz|
|
||||||
|fastd_secrets|Dictionary|||Ein Eintrag pro fastd-Interface mit passwordstore lookup zum pass-Pfad|
|
|fastd_secrets|Dictionary|||Ein Eintrag pro fastd-Interface mit passwordstore lookup zum pass-Pfad|
|
||||||
|fastd_secrets.mzVPN|Key|"{{ lookup('passwordstore', 'fastd/mzVPN/spinat subkey=secret') }}"|||
|
|fastd_secrets.mzvpn|Key|"{{ lookup('passwordstore', 'fastd/mzvpn/spinat subkey=secret') }}"|||
|
||||||
|fastd_secrets.wiVPN|Key|"{{ lookup('passwordstore', 'fastd/wiVPN/spinat subkey=secret') }}"|||
|
|fastd_secrets.wivpn|Key|"{{ lookup('passwordstore', 'fastd/wivpn/spinat subkey=secret') }}"|||
|
||||||
|fastd_secrets.mzigVPN|Key|"{{ lookup('passwordstore', 'fastd/mzVPN/spinat subkey=secret') }}"|||
|
|fastd_secrets.mzigvpn|Key|"{{ lookup('passwordstore', 'fastd/mzvpn/spinat subkey=secret') }}"|||
|
||||||
|fastd_secrets.wiigVPN|Key|"{{ lookup('passwordstore', 'fastd/wiVPN/spinat subkey=secret') }}"|||
|
|fastd_secrets.wiigvpn|Key|"{{ lookup('passwordstore', 'fastd/wivpn/spinat subkey=secret') }}"|||
|
||||||
|tinc_private_key|Variable|"{{ lookup('passwordstore', 'tinc/icVPN/spinat_private returnall=true') }}"||Passwordstore lookup zum pass-Pfad|
|
|tinc_private_key|Variable|"{{ lookup('passwordstore', 'tinc/icvpn/spinat_private returnall=true') }}"||Passwordstore lookup zum pass-Pfad|
|
||||||
|
|
||||||
## Sensible Informationen
|
## Sensible Informationen
|
||||||
|
|
||||||
|
@ -196,13 +196,13 @@ ffrl_exit_server:
|
||||||
|
|
||||||
# Pfade zu den fastd secrets im passwordstore
|
# Pfade zu den fastd secrets im passwordstore
|
||||||
fastd_secrets:
|
fastd_secrets:
|
||||||
mzVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/$Hostname subkey=secret') }}"
|
mzvpn: "{{ lookup('passwordstore', 'fastd/mzvpn/$Hostname subkey=secret') }}"
|
||||||
wiVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/$Hostname subkey=secret') }}"
|
wivpn: "{{ lookup('passwordstore', 'fastd/wivpn/$Hostname subkey=secret') }}"
|
||||||
mzigVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/$Hostname subkey=secret') }}"
|
mzigvpn: "{{ lookup('passwordstore', 'fastd/mzvpn/$Hostname subkey=secret') }}"
|
||||||
wiigVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/$Hostname subkey=secret') }}"
|
wiigvpn: "{{ lookup('passwordstore', 'fastd/wivpn/$Hostname subkey=secret') }}"
|
||||||
|
|
||||||
# Pfade zum tinc secret im passwordstore
|
# Pfade zum tinc secret im passwordstore
|
||||||
tinc_private_key: "{{ lookup('passwordstore', 'tinc/icVPN/$hostname_private returnall=true') }}"
|
tinc_private_key: "{{ lookup('passwordstore', 'tinc/icvpn/$hostname_private returnall=true') }}"
|
||||||
```
|
```
|
||||||
- Neues Gateway aufsetzen per `ansible-playbook playbooks/gateways.yml`
|
- Neues Gateway aufsetzen per `ansible-playbook playbooks/gateways.yml`
|
||||||
- Hierbei werden die definierten Rollen auch auf schon aufgesetzte Gateways angewandt, was unkritisch ist, weil wir unsere Rollen idempotent schreiben.
|
- Hierbei werden die definierten Rollen auch auf schon aufgesetzte Gateways angewandt, was unkritisch ist, weil wir unsere Rollen idempotent schreiben.
|
||||||
|
|
|
@ -130,7 +130,7 @@ meshes:
|
||||||
|
|
||||||
icvpn:
|
icvpn:
|
||||||
prefix: mwu
|
prefix: mwu
|
||||||
interface: icVPN
|
interface: icvpn
|
||||||
icvpn_repo: https://github.com/freifunk/icvpn
|
icvpn_repo: https://github.com/freifunk/icvpn
|
||||||
|
|
||||||
bgp_mwu_servers:
|
bgp_mwu_servers:
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
|
|
||||||
- name: restart fastd intragate instances
|
- name: restart fastd intragate instances
|
||||||
systemd:
|
systemd:
|
||||||
name: "fastd@{{ item.0.id }}igVPN-{{ item.1.mtu }}"
|
name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
with_subelements:
|
with_subelements:
|
||||||
- "{{ meshes }}"
|
- "{{ meshes }}"
|
||||||
|
@ -44,7 +44,7 @@
|
||||||
|
|
||||||
- name: restart fastd mesh instances
|
- name: restart fastd mesh instances
|
||||||
systemd:
|
systemd:
|
||||||
name: "fastd@{{ item.0.id }}VPN-{{ item.1.mtu }}"
|
name: "fastd@{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
with_subelements:
|
with_subelements:
|
||||||
- "{{ meshes }}"
|
- "{{ meshes }}"
|
||||||
|
|
|
@ -43,4 +43,4 @@ meshes:
|
||||||
Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet.
|
Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet.
|
||||||
|
|
||||||
xx0-prefix: `02:00`
|
xx0-prefix: `02:00`
|
||||||
xxBAT-prefix: `02:01`
|
xxbat-prefix: `02:01`
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
- name: create batman interfaces
|
- name: create batman interfaces
|
||||||
template:
|
template:
|
||||||
src: batman.j2
|
src: batman.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.id }}BAT"
|
dest: "/etc/network/interfaces.d/{{ item.id }}bat"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
with_items: "{{ meshes }}"
|
with_items: "{{ meshes }}"
|
||||||
|
|
||||||
|
|
|
@ -4,10 +4,10 @@
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
auto {{ item.id }}BAT
|
auto {{ item.id }}bat
|
||||||
iface {{ item.id }}BAT
|
iface {{ item.id }}bat
|
||||||
hwaddress {{ mac | hwaddr('linux') }}
|
hwaddress {{ mac | hwaddr('linux') }}
|
||||||
batman-ifaces {{ item.id }}0 {% for instance in item.fastd.nodes.instances %}{{ item.id }}VPN-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% for instance in item.fastd.intragate.instances %}{{ item.id }}igVPN-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %}
|
batman-ifaces {{ item.id }}0 {% for instance in item.fastd.nodes.instances %}{{ item.id }}vpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %} {% for instance in item.fastd.intragate.instances %}{{ item.id }}igvpn-{{ instance.mtu }}{% if not loop.last %} {% endif %}{% endfor %}
|
||||||
batman-hop-penalty {{ item.batman.hop_penalty }}
|
batman-hop-penalty {{ item.batman.hop_penalty }}
|
||||||
post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }}
|
post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }}
|
||||||
post-up /usr/sbin/batctl -m $IFACE gw {{ item.batman.gw }}
|
post-up /usr/sbin/batctl -m $IFACE gw {{ item.batman.gw }}
|
||||||
|
|
|
@ -5,8 +5,8 @@ Diese Ansible role konfiguriert Netzwerk Interfaces für die definierten fastd I
|
||||||
Es wird zwischen node- und intragate-Instanzen unterschieden.
|
Es wird zwischen node- und intragate-Instanzen unterschieden.
|
||||||
|
|
||||||
## Interface-Benamung
|
## Interface-Benamung
|
||||||
Node-Interfaces: $mesh.id + VPN + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzVPN-1312"
|
Node-Interfaces: $mesh.id + vpn + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzvpn-1312"
|
||||||
Intragate-Interfaces: $mesh.id + 'ig' + VPN + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigVPN-1312"
|
Intragate-Interfaces: $mesh.id + 'ig' + vpn + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigvpn-1312"
|
||||||
|
|
||||||
## Benötigte Variablen
|
## Benötigte Variablen
|
||||||
|
|
||||||
|
@ -36,5 +36,5 @@ meshes:
|
||||||
|
|
||||||
Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet.
|
Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet.
|
||||||
|
|
||||||
xxVPN-$mtu prefix: `02:2x` # x = ID der fastd-Instanz
|
xxvpn-$mtu prefix: `02:2x` # x = ID der fastd-Instanz
|
||||||
xxigVPN-$mtu prefix: `02:3x` # x = ID der fastd-Instanz
|
xxigvpn-$mtu prefix: `02:3x` # x = ID der fastd-Instanz
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
- name: create fastd mesh interfaces
|
- name: create fastd mesh interfaces
|
||||||
template:
|
template:
|
||||||
src: fastd-mesh.j2
|
src: fastd-mesh.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.0.id }}VPN-{{ item.1.mtu }}"
|
dest: "/etc/network/interfaces.d/{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
with_subelements:
|
with_subelements:
|
||||||
- "{{ meshes }}"
|
- "{{ meshes }}"
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
- name: create fastd intragate interfaces
|
- name: create fastd intragate interfaces
|
||||||
template:
|
template:
|
||||||
src: fastd-intragate.j2
|
src: fastd-intragate.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.0.id }}igVPN-{{ item.1.mtu }}"
|
dest: "/etc/network/interfaces.d/{{ item.0.id }}igvpn-{{ item.1.mtu }}"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
with_subelements:
|
with_subelements:
|
||||||
- "{{ meshes }}"
|
- "{{ meshes }}"
|
||||||
|
|
|
@ -3,6 +3,6 @@
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
auto {{ item.0.id }}igVPN-{{ item.1.mtu }}
|
auto {{ item.0.id }}igvpn-{{ item.1.mtu }}
|
||||||
iface {{ item.0.id }}igVPN-{{ item.1.mtu }}
|
iface {{ item.0.id }}igvpn-{{ item.1.mtu }}
|
||||||
hwaddress {{ mac | hwaddr('linux') }}
|
hwaddress {{ mac | hwaddr('linux') }}
|
||||||
|
|
|
@ -3,6 +3,6 @@
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
auto {{ item.0.id }}VPN-{{ item.1.mtu }}
|
auto {{ item.0.id }}vpn-{{ item.1.mtu }}
|
||||||
iface {{ item.0.id }}VPN-{{ item.1.mtu }}
|
iface {{ item.0.id }}vpn-{{ item.1.mtu }}
|
||||||
hwaddress {{ mac | hwaddr('linux') }}
|
hwaddress {{ mac | hwaddr('linux') }}
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
-A FORWARD -i {{ mesh.id }}BR -o {{ mesh.id }}BR -j ACCEPT
|
-A FORWARD -i {{ mesh.id }}br -o {{ mesh.id }}br -j ACCEPT
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
-A FORWARD -m conntrack --ctstate INVALID -j DROP
|
-A FORWARD -m conntrack --ctstate INVALID -j DROP
|
||||||
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
-A FORWARD -i {{ mesh.id }}BR -o {{ mesh.id }}BR -j ACCEPT
|
-A FORWARD -i {{ mesh.id }}br -o {{ mesh.id }}br -j ACCEPT
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
-A FORWARD -m conntrack --ctstate INVALID -j DROP
|
-A FORWARD -m conntrack --ctstate INVALID -j DROP
|
||||||
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
|
|
@ -27,4 +27,4 @@ meshes:
|
||||||
|
|
||||||
Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet.
|
Die MAC-Adressen der Interfaces werden aus dem IPv4-Subnetz sowie der `magic`-Nummer des Hosts berechnet.
|
||||||
|
|
||||||
xxBR-prefix: `02:10`
|
xxbr-prefix: `02:10`
|
||||||
|
|
|
@ -2,14 +2,14 @@
|
||||||
- name: create mesh bridges
|
- name: create mesh bridges
|
||||||
template:
|
template:
|
||||||
src: bridge.j2
|
src: bridge.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.id }}BR"
|
dest: "/etc/network/interfaces.d/{{ item.id }}br"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
with_items: "{{ meshes }}"
|
with_items: "{{ meshes }}"
|
||||||
|
|
||||||
- name: set sysfs variables
|
- name: set sysfs variables
|
||||||
template:
|
template:
|
||||||
src: sysfs.j2
|
src: sysfs.j2
|
||||||
dest: "/etc/sysfs.d/99-{{ item.id }}BR.conf"
|
dest: "/etc/sysfs.d/99-{{ item.id }}br.conf"
|
||||||
with_items: "{{ meshes }}"
|
with_items: "{{ meshes }}"
|
||||||
notify: activate sysfs variables
|
notify: activate sysfs variables
|
||||||
|
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
auto {{ item.id }}BR
|
auto {{ item.id }}br
|
||||||
iface {{ item.id }}BR
|
iface {{ item.id }}br
|
||||||
hwaddress {{ mac | hwaddr('linux') }}
|
hwaddress {{ mac | hwaddr('linux') }}
|
||||||
address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }}
|
address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }}
|
||||||
{% for prefix in item.ipv6_ula %}
|
{% for prefix in item.ipv6_ula %}
|
||||||
|
@ -13,4 +13,4 @@ iface {{ item.id }}BR
|
||||||
{% for prefix in item.ipv6_public %}
|
{% for prefix in item.ipv6_public %}
|
||||||
address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
|
address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
bridge-ports {{ item.id }}BAT
|
bridge-ports {{ item.id }}bat
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
class/net/{{ item.id }}BR/bridge/hash_max = 16384
|
class/net/{{ item.id }}br/bridge/hash_max = 16384
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
|
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
|
||||||
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
|
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
|
||||||
ip -4 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7
|
ip -4 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
|
||||||
{% for ula in mesh.ipv6_ula %}
|
{% for ula in mesh.ipv6_ula %}
|
||||||
ip -6 rule add from {{ ula }} lookup mwu priority 7
|
ip -6 rule add from {{ ula }} lookup mwu priority 7
|
||||||
ip -6 rule add to {{ ula }} lookup mwu priority 7
|
ip -6 rule add to {{ ula }} lookup mwu priority 7
|
||||||
|
@ -16,14 +16,14 @@ ip -6 rule add to {{ ula }} lookup mwu priority 7
|
||||||
ip -6 rule add from {{ public }} lookup mwu priority 7
|
ip -6 rule add from {{ public }} lookup mwu priority 7
|
||||||
ip -6 rule add to {{ public }} lookup mwu priority 7
|
ip -6 rule add to {{ public }} lookup mwu priority 7
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -6 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7
|
ip -6 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
|
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
|
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
|
||||||
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
|
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
|
||||||
ip -4 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23
|
ip -4 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
|
||||||
{% for ula in mesh.ipv6_ula %}
|
{% for ula in mesh.ipv6_ula %}
|
||||||
ip -6 rule add from {{ ula }} lookup icvpn priority 23
|
ip -6 rule add from {{ ula }} lookup icvpn priority 23
|
||||||
ip -6 rule add to {{ ula }} lookup icvpn priority 23
|
ip -6 rule add to {{ ula }} lookup icvpn priority 23
|
||||||
|
@ -32,10 +32,10 @@ ip -6 rule add to {{ ula }} lookup icvpn priority 23
|
||||||
ip -6 rule add from {{ public }} lookup icvpn priority 23
|
ip -6 rule add from {{ public }} lookup icvpn priority 23
|
||||||
ip -6 rule add to {{ public }} lookup icvpn priority 23
|
ip -6 rule add to {{ public }} lookup icvpn priority 23
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -6 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23
|
ip -6 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -4 rule add from all oif icVPN lookup icvpn priority 23
|
ip -4 rule add from all oif icvpn lookup icvpn priority 23
|
||||||
ip -6 rule add from all oif icVPN lookup icvpn priority 23
|
ip -6 rule add from all oif icvpn lookup icvpn priority 23
|
||||||
|
|
||||||
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
|
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
|
@ -48,23 +48,23 @@ ip -6 rule add to {{ ula }} lookup internet priority 41
|
||||||
ip -6 rule add from {{ public }} lookup internet priority 41
|
ip -6 rule add from {{ public }} lookup internet priority 41
|
||||||
ip -6 rule add to {{ public }} lookup internet priority 41
|
ip -6 rule add to {{ public }} lookup internet priority 41
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -6 rule add from all oif {{ mesh.id }}BR lookup internet priority 41
|
ip -6 rule add from all oif {{ mesh.id }}br lookup internet priority 41
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
||||||
ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
||||||
|
|
||||||
# Priority 61 - at this point this is the end of policy routing for freifunk related routes
|
# Priority 61 - at this point this is the end of policy routing for freifunk related routes
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
ip -4 rule add from all iif {{ mesh.id }}BR type unreachable priority 61
|
ip -4 rule add from all iif {{ mesh.id }}br type unreachable priority 61
|
||||||
ip -6 rule add from all iif {{ mesh.id }}BR type unreachable priority 61
|
ip -6 rule add from all iif {{ mesh.id }}br type unreachable priority 61
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -4 rule add from all iif icVPN type unreachable priority 61
|
ip -4 rule add from all iif icvpn type unreachable priority 61
|
||||||
ip -4 rule add from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
|
ip -4 rule add from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
|
||||||
{% for server_id, server_value in ffrl_exit_server.iteritems() %}
|
{% for server_id, server_value in ffrl_exit_server.iteritems() %}
|
||||||
ip -4 rule add from all iif {{ server_id }} type unreachable priority 61
|
ip -4 rule add from all iif {{ server_id }} type unreachable priority 61
|
||||||
ip -6 rule add from all iif {{ server_id }} type unreachable priority 61
|
ip -6 rule add from all iif {{ server_id }} type unreachable priority 61
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -6 rule add from all iif icVPN type unreachable priority 61
|
ip -6 rule add from all iif icvpn type unreachable priority 61
|
||||||
ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
|
ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
{% for public in mesh.ipv6_public %}
|
{% for public in mesh.ipv6_public %}
|
||||||
|
|
|
@ -5,13 +5,13 @@
|
||||||
|
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
# static {{ mesh.site_name }} routes for rt_table mwu
|
# static {{ mesh.site_name }} routes for rt_table mwu
|
||||||
/sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}BR table mwu
|
/sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
|
||||||
{% for ula in mesh.ipv6_ula %}
|
{% for ula in mesh.ipv6_ula %}
|
||||||
/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu
|
/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for public in mesh.ipv6_public %}
|
{% for public in mesh.ipv6_public %}
|
||||||
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu
|
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
||||||
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu
|
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if not loop.last %}
|
{% if not loop.last %}
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
|
ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
|
||||||
ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
|
ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
|
||||||
ip -4 rule del from all oif {{ mesh.id }}BR lookup mwu priority 7
|
ip -4 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
|
||||||
{% for ula in mesh.ipv6_ula %}
|
{% for ula in mesh.ipv6_ula %}
|
||||||
ip -6 rule del from {{ ula }} lookup mwu priority 7
|
ip -6 rule del from {{ ula }} lookup mwu priority 7
|
||||||
ip -6 rule del to {{ ula }} lookup mwu priority 7
|
ip -6 rule del to {{ ula }} lookup mwu priority 7
|
||||||
|
@ -16,14 +16,14 @@ ip -6 rule del to {{ ula }} lookup mwu priority 7
|
||||||
ip -6 rule del from {{ public }} lookup mwu priority 7
|
ip -6 rule del from {{ public }} lookup mwu priority 7
|
||||||
ip -6 rule del to {{ public }} lookup mwu priority 7
|
ip -6 rule del to {{ public }} lookup mwu priority 7
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -6 rule del from all oif {{ mesh.id }}BR lookup mwu priority 7
|
ip -6 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
|
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
|
ip -4 rule del from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
|
||||||
ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
|
ip -4 rule del to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
|
||||||
ip -4 rule del from all oif {{ mesh.id }}BR lookup icvpn priority 23
|
ip -4 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
|
||||||
{% for ula in mesh.ipv6_ula %}
|
{% for ula in mesh.ipv6_ula %}
|
||||||
ip -6 rule del from {{ ula }} lookup icvpn priority 23
|
ip -6 rule del from {{ ula }} lookup icvpn priority 23
|
||||||
ip -6 rule del to {{ ula }} lookup icvpn priority 23
|
ip -6 rule del to {{ ula }} lookup icvpn priority 23
|
||||||
|
@ -32,10 +32,10 @@ ip -6 rule del to {{ ula }} lookup icvpn priority 23
|
||||||
ip -6 rule del from {{ public }} lookup icvpn priority 23
|
ip -6 rule del from {{ public }} lookup icvpn priority 23
|
||||||
ip -6 rule del to {{ public }} lookup icvpn priority 23
|
ip -6 rule del to {{ public }} lookup icvpn priority 23
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -6 rule del from all oif {{ mesh.id }}BR lookup icvpn priority 23
|
ip -6 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -4 rule del from all oif icVPN lookup icvpn priority 23
|
ip -4 rule del from all oif icvpn lookup icvpn priority 23
|
||||||
ip -6 rule del from all oif icVPN lookup icvpn priority 23
|
ip -6 rule del from all oif icvpn lookup icvpn priority 23
|
||||||
|
|
||||||
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
|
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
|
@ -48,23 +48,23 @@ ip -6 rule del to {{ ula }} lookup internet priority 41
|
||||||
ip -6 rule del from {{ public }} lookup internet priority 41
|
ip -6 rule del from {{ public }} lookup internet priority 41
|
||||||
ip -6 rule del to {{ public }} lookup internet priority 41
|
ip -6 rule del to {{ public }} lookup internet priority 41
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -6 rule del from all oif {{ mesh.id }}BR lookup internet priority 41
|
ip -6 rule del from all oif {{ mesh.id }}br lookup internet priority 41
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
||||||
ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
||||||
|
|
||||||
# Priority 61 - at this point this is the end of policy routing for freifunk related routes
|
# Priority 61 - at this point this is the end of policy routing for freifunk related routes
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
ip -4 rule del from all iif {{ mesh.id }}BR type unreachable priority 61
|
ip -4 rule del from all iif {{ mesh.id }}br type unreachable priority 61
|
||||||
ip -6 rule del from all iif {{ mesh.id }}BR type unreachable priority 61
|
ip -6 rule del from all iif {{ mesh.id }}br type unreachable priority 61
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -4 rule del from all iif icVPN type unreachable priority 61
|
ip -4 rule del from all iif icvpn type unreachable priority 61
|
||||||
ip -4 rule del from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
|
ip -4 rule del from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
|
||||||
{% for server_id, server_value in ffrl_exit_server.iteritems() %}
|
{% for server_id, server_value in ffrl_exit_server.iteritems() %}
|
||||||
ip -4 rule del from all iif {{ server_id }} type unreachable priority 61
|
ip -4 rule del from all iif {{ server_id }} type unreachable priority 61
|
||||||
ip -6 rule del from all iif {{ server_id }} type unreachable priority 61
|
ip -6 rule del from all iif {{ server_id }} type unreachable priority 61
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
ip -6 rule del from all iif icVPN type unreachable priority 61
|
ip -6 rule del from all iif icvpn type unreachable priority 61
|
||||||
ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
|
ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
{% for public in mesh.ipv6_public %}
|
{% for public in mesh.ipv6_public %}
|
||||||
|
|
|
@ -5,13 +5,13 @@
|
||||||
|
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
# static {{ mesh.site_name }} routes for rt_table mwu
|
# static {{ mesh.site_name }} routes for rt_table mwu
|
||||||
/sbin/ip -4 route del {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}BR table mwu
|
/sbin/ip -4 route del {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
|
||||||
{% for ula in mesh.ipv6_ula %}
|
{% for ula in mesh.ipv6_ula %}
|
||||||
/sbin/ip -6 route del {{ ula | ipaddr('net') | ipsubnet(64, 0) }} proto static dev {{ mesh.id }}BR table mwu
|
/sbin/ip -6 route del {{ ula | ipaddr('net') | ipsubnet(64, 0) }} proto static dev {{ mesh.id }}br table mwu
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for public in mesh.ipv6_public %}
|
{% for public in mesh.ipv6_public %}
|
||||||
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) }} proto static dev {{ mesh.id }}BR table mwu
|
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, 0) }} proto static dev {{ mesh.id }}br table mwu
|
||||||
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, magic) }} proto static dev {{ mesh.id }}BR table mwu
|
/sbin/ip -6 route del {{ public | ipaddr('net') | ipsubnet(64, magic) }} proto static dev {{ mesh.id }}br table mwu
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if not loop.last %}
|
{% if not loop.last %}
|
||||||
|
|
||||||
|
|
|
@ -51,7 +51,7 @@ protocol device {
|
||||||
|
|
||||||
protocol direct mwu_subnets {
|
protocol direct mwu_subnets {
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
interface "{{ mesh.id }}BR";
|
interface "{{ mesh.id }}br";
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
import where is_mwu_self_nets();
|
import where is_mwu_self_nets();
|
||||||
};
|
};
|
||||||
|
|
|
@ -40,7 +40,7 @@ protocol device {
|
||||||
|
|
||||||
protocol direct mwu_subnets {
|
protocol direct mwu_subnets {
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
interface "{{ mesh.id }}BR";
|
interface "{{ mesh.id }}br";
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
import where is_mwu_self_nets();
|
import where is_mwu_self_nets();
|
||||||
};
|
};
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
- name: concatenate meshbridge interfaces
|
- name: concatenate meshbridge interfaces
|
||||||
set_fact:
|
set_fact:
|
||||||
dhcp_interfaces: "{% for mesh in meshes %}{{ mesh.id }}BR{% if not loop.last %} {% endif %}{% endfor %}"
|
dhcp_interfaces: "{% for mesh in meshes %}{{ mesh.id }}br{% if not loop.last %} {% endif %}{% endfor %}"
|
||||||
|
|
||||||
- name: set ipv4 interfaces isc dhcp should listen on
|
- name: set ipv4 interfaces isc dhcp should listen on
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
Diese Ansible role konfiguriert die fastd-Instanz für die Intra-Server Kommunikation.
|
Diese Ansible role konfiguriert die fastd-Instanz für die Intra-Server Kommunikation.
|
||||||
|
|
||||||
- konfiguriert xxigVPN-Instanzen
|
- konfiguriert xxigvpn-Instanzen
|
||||||
- stellt sicher, dass die Instanz-Verzeichnisse existieren
|
- stellt sicher, dass die Instanz-Verzeichnisse existieren
|
||||||
- schreibt fastd.conf
|
- schreibt fastd.conf
|
||||||
- schreibt secret.conf
|
- schreibt secret.conf
|
||||||
|
@ -31,8 +31,8 @@ meshes:
|
||||||
- Dictionary `fastd_secrets` (Host-Variable)
|
- Dictionary `fastd_secrets` (Host-Variable)
|
||||||
´´´
|
´´´
|
||||||
fastd_secrets:
|
fastd_secrets:
|
||||||
mzigVPN: "{{ lookup('passwordstore', 'fastd/mzigVPN/sparegate4 subkey=secret') }}"
|
mzigvpn: "{{ lookup('passwordstore', 'fastd/mzigvpn/sparegate4 subkey=secret') }}"
|
||||||
wiigVPN: "{{ lookup('passwordstore', 'fastd/wiigVPN/sparegate4 subkey=secret') }}"
|
wiigvpn: "{{ lookup('passwordstore', 'fastd/wiigvpn/sparegate4 subkey=secret') }}"
|
||||||
...
|
...
|
||||||
|
|
||||||
´´´
|
´´´
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: create fastd intragate directories
|
- name: create fastd intragate directories
|
||||||
file:
|
file:
|
||||||
path: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}"
|
path: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
with_subelements:
|
with_subelements:
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
- name: create fastd peer intragate directories
|
- name: create fastd peer intragate directories
|
||||||
file:
|
file:
|
||||||
path: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/peers"
|
path: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/peers"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
owner: admin
|
owner: admin
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
- name: clone fastd peer intragate repos
|
- name: clone fastd peer intragate repos
|
||||||
git:
|
git:
|
||||||
repo: "{{ item.1.peers.repo }}"
|
repo: "{{ item.1.peers.repo }}"
|
||||||
dest: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/peers"
|
dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/peers"
|
||||||
version: "{{ item.1.peers.version }}"
|
version: "{{ item.1.peers.version }}"
|
||||||
update: no
|
update: no
|
||||||
with_subelements:
|
with_subelements:
|
||||||
|
@ -33,7 +33,7 @@
|
||||||
- name: template fastd mesh config
|
- name: template fastd mesh config
|
||||||
template:
|
template:
|
||||||
src: fastd-intragate.conf.j2
|
src: fastd-intragate.conf.j2
|
||||||
dest: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/fastd.conf"
|
dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/fastd.conf"
|
||||||
notify: restart fastd intragate instances
|
notify: restart fastd intragate instances
|
||||||
with_subelements:
|
with_subelements:
|
||||||
- "{{ meshes }}"
|
- "{{ meshes }}"
|
||||||
|
@ -42,7 +42,7 @@
|
||||||
- name: write fastd intragate secret
|
- name: write fastd intragate secret
|
||||||
template:
|
template:
|
||||||
src: fastd-secret.conf.j2
|
src: fastd-secret.conf.j2
|
||||||
dest: "/etc/fastd/{{ item.0.id }}igVPN-{{ item.1.mtu }}/secret.conf"
|
dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/secret.conf"
|
||||||
notify: restart fastd intragate instances
|
notify: restart fastd intragate instances
|
||||||
with_subelements:
|
with_subelements:
|
||||||
- "{{ meshes }}"
|
- "{{ meshes }}"
|
||||||
|
@ -50,7 +50,7 @@
|
||||||
|
|
||||||
- name: configure systemd unit fastd@
|
- name: configure systemd unit fastd@
|
||||||
systemd:
|
systemd:
|
||||||
name: "fastd@{{ item.0.id }}igVPN-{{ item.1.mtu }}"
|
name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}"
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: started
|
||||||
with_subelements:
|
with_subelements:
|
||||||
|
|
|
@ -9,7 +9,7 @@ hide mac addresses yes;
|
||||||
|
|
||||||
method "aes128-ctr+umac";
|
method "aes128-ctr+umac";
|
||||||
|
|
||||||
interface "{{ item.0.id }}igVPN-{{ item.1.mtu }}";
|
interface "{{ item.0.id }}igvpn-{{ item.1.mtu }}";
|
||||||
|
|
||||||
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ item.0.site_number }};
|
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ item.0.site_number }};
|
||||||
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ item.0.site_number }};
|
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ item.0.site_number }};
|
||||||
|
@ -27,11 +27,11 @@ on up "
|
||||||
ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
|
ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
|
||||||
ip link set $INTERFACE up
|
ip link set $INTERFACE up
|
||||||
|
|
||||||
batctl -m {{ item.0.id }}BAT if add $INTERFACE
|
batctl -m {{ item.0.id }}bat if add $INTERFACE
|
||||||
";
|
";
|
||||||
|
|
||||||
on down "
|
on down "
|
||||||
batctl -m {{ item.0.id }}BAT if del $INTERFACE
|
batctl -m {{ item.0.id }}bat if del $INTERFACE
|
||||||
";
|
";
|
||||||
|
|
||||||
status socket "/var/run/fastd-{{ item.0.id }}igVPN-{{ item.1.mtu }}.status";
|
status socket "/var/run/fastd-{{ item.0.id }}igvpn-{{ item.1.mtu }}.status";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{% set local_interface = item.0.id + 'igVPN' -%}
|
{% set local_interface = item.0.id + 'igvpn' -%}
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
|
|
|
@ -11,8 +11,8 @@ Diese Ansible role konfiguriert die fastd-Instanz für die Knoten Kommunikation.
|
||||||
- klont bingener fastd peer repo (im Moment hardcoded)
|
- klont bingener fastd peer repo (im Moment hardcoded)
|
||||||
|
|
||||||
## Instanz-Benamung
|
## Instanz-Benamung
|
||||||
Node-Instanzen: $mesh.id + VPN + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzVPN-1312"
|
Node-Instanzen: $mesh.id + vpn + '-' + $mesh.fastd.nodes.instances.xx.mtu, z.B. "mzvpn-1312"
|
||||||
Intragate-Instanzen: $mesh.id + 'ig' + VPN + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigVPN-1312"
|
Intragate-Instanzen: $mesh.id + 'ig' + vpn + '-' + $mesh.fastd.intragate.instances.xx.mtu, z.B. "mzigvpn-1312"
|
||||||
|
|
||||||
## Benötigte Variablen
|
## Benötigte Variablen
|
||||||
|
|
||||||
|
@ -35,8 +35,8 @@ meshes:
|
||||||
- Dictionary `fastd_secrets` (Host-Variable)
|
- Dictionary `fastd_secrets` (Host-Variable)
|
||||||
´´´
|
´´´
|
||||||
fastd_secrets:
|
fastd_secrets:
|
||||||
mzVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/sparegate4 subkey=secret') }}"
|
mzvpn: "{{ lookup('passwordstore', 'fastd/mzvpn/sparegate4 subkey=secret') }}"
|
||||||
wiVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/sparegate4 subkey=secret') }}"
|
wivpn: "{{ lookup('passwordstore', 'fastd/wivpn/sparegate4 subkey=secret') }}"
|
||||||
...
|
...
|
||||||
|
|
||||||
´´´
|
´´´
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: create fastd directories
|
- name: create fastd directories
|
||||||
file:
|
file:
|
||||||
path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}"
|
path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
with_subelements:
|
with_subelements:
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
- name: create fastd peer mesh directories
|
- name: create fastd peer mesh directories
|
||||||
file:
|
file:
|
||||||
path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peers"
|
path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
owner: admin
|
owner: admin
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
|
|
||||||
- name: create fastd peer mesh directories for ffbin
|
- name: create fastd peer mesh directories for ffbin
|
||||||
file:
|
file:
|
||||||
path: "/etc/fastd/mzVPN-{{ item }}/peers_bingen"
|
path: "/etc/fastd/mzvpn-{{ item }}/peers_bingen"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
owner: admin
|
owner: admin
|
||||||
|
@ -33,7 +33,7 @@
|
||||||
- name: clone fastd peer mesh repos
|
- name: clone fastd peer mesh repos
|
||||||
git:
|
git:
|
||||||
repo: "{{ item.1.peers.repo }}"
|
repo: "{{ item.1.peers.repo }}"
|
||||||
dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peers"
|
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers"
|
||||||
version: "{{ item.1.peers.version }}"
|
version: "{{ item.1.peers.version }}"
|
||||||
update: no
|
update: no
|
||||||
with_subelements:
|
with_subelements:
|
||||||
|
@ -44,7 +44,7 @@
|
||||||
- name: clone fastd peer mesh repo for ffbin
|
- name: clone fastd peer mesh repo for ffbin
|
||||||
git:
|
git:
|
||||||
repo: https://github.com/freifunk-bingen/peers-ffbin.git
|
repo: https://github.com/freifunk-bingen/peers-ffbin.git
|
||||||
dest: "/etc/fastd/mzVPN-{{ item }}/peers_bingen"
|
dest: "/etc/fastd/mzvpn-{{ item }}/peers_bingen"
|
||||||
version: master
|
version: master
|
||||||
update: no
|
update: no
|
||||||
with_items:
|
with_items:
|
||||||
|
@ -55,7 +55,7 @@
|
||||||
- name: template fastd mesh config
|
- name: template fastd mesh config
|
||||||
template:
|
template:
|
||||||
src: fastd-mesh.conf.j2
|
src: fastd-mesh.conf.j2
|
||||||
dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/fastd.conf"
|
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/fastd.conf"
|
||||||
notify: restart fastd mesh instances
|
notify: restart fastd mesh instances
|
||||||
with_subelements:
|
with_subelements:
|
||||||
- "{{ meshes }}"
|
- "{{ meshes }}"
|
||||||
|
@ -64,7 +64,7 @@
|
||||||
- name: write fastd mesh secret
|
- name: write fastd mesh secret
|
||||||
template:
|
template:
|
||||||
src: fastd-secret.conf.j2
|
src: fastd-secret.conf.j2
|
||||||
dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/secret.conf"
|
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/secret.conf"
|
||||||
notify: restart fastd mesh instances
|
notify: restart fastd mesh instances
|
||||||
with_subelements:
|
with_subelements:
|
||||||
- "{{ meshes }}"
|
- "{{ meshes }}"
|
||||||
|
@ -73,7 +73,7 @@
|
||||||
- name: copy peer_limit.conf if not exist
|
- name: copy peer_limit.conf if not exist
|
||||||
copy:
|
copy:
|
||||||
src: peer_limit.conf
|
src: peer_limit.conf
|
||||||
dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peer_limit.conf"
|
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf"
|
||||||
owner: admin
|
owner: admin
|
||||||
group: admin
|
group: admin
|
||||||
mode: 0640
|
mode: 0640
|
||||||
|
@ -85,7 +85,7 @@
|
||||||
|
|
||||||
- name: set file attributes for peer_limit.conf
|
- name: set file attributes for peer_limit.conf
|
||||||
file:
|
file:
|
||||||
path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peer_limit.conf"
|
path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peer_limit.conf"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
owner: admin
|
owner: admin
|
||||||
group: admin
|
group: admin
|
||||||
|
@ -149,7 +149,7 @@
|
||||||
|
|
||||||
- name: configure systemd unit fastd@
|
- name: configure systemd unit fastd@
|
||||||
systemd:
|
systemd:
|
||||||
name: "fastd@{{ item.0.id }}VPN-{{ item.1.mtu }}"
|
name: "fastd@{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: started
|
||||||
with_subelements:
|
with_subelements:
|
||||||
|
|
|
@ -9,7 +9,7 @@ hide mac addresses yes;
|
||||||
|
|
||||||
method "salsa2012+umac";
|
method "salsa2012+umac";
|
||||||
|
|
||||||
interface "{{ item.0.id }}VPN-{{ item.1.mtu }}";
|
interface "{{ item.0.id }}vpn-{{ item.1.mtu }}";
|
||||||
|
|
||||||
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ item.0.site_number }};
|
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ item.0.site_number }};
|
||||||
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ item.0.site_number }};
|
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ item.0.site_number }};
|
||||||
|
@ -34,11 +34,11 @@ on up "
|
||||||
ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
|
ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
|
||||||
ip link set $INTERFACE up
|
ip link set $INTERFACE up
|
||||||
|
|
||||||
batctl -m {{ item.0.id }}BAT if add $INTERFACE
|
batctl -m {{ item.0.id }}bat if add $INTERFACE
|
||||||
";
|
";
|
||||||
|
|
||||||
on down "
|
on down "
|
||||||
batctl -m {{ item.0.id }}BAT if del $INTERFACE
|
batctl -m {{ item.0.id }}bat if del $INTERFACE
|
||||||
";
|
";
|
||||||
|
|
||||||
status socket "/var/run/fastd-{{ item.0.id }}VPN-{{ item.1.mtu }}.status";
|
status socket "/var/run/fastd-{{ item.0.id }}vpn-{{ item.1.mtu }}.status";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{% set local_interface = item.0.id + 'VPN' -%}
|
{% set local_interface = item.0.id + 'vpn' -%}
|
||||||
#
|
#
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
|
|
|
@ -6,7 +6,7 @@ additional: 8
|
||||||
fastd_instances:
|
fastd_instances:
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
{% for instance in mesh.fastd.nodes.instances %}
|
{% for instance in mesh.fastd.nodes.instances %}
|
||||||
- {{ mesh.id }}VPN-{{ instance.mtu }}
|
- {{ mesh.id }}vpn-{{ instance.mtu }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
cronlog: '/home/admin/.cronlog/limit.%s.log'
|
cronlog: '/home/admin/.cronlog/limit.%s.log'
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
#
|
#
|
||||||
{% for mesh in meshes %}
|
{% for mesh in meshes %}
|
||||||
interface {{ mesh.id }}BR
|
interface {{ mesh.id }}br
|
||||||
{
|
{
|
||||||
AdvSendAdvert on;
|
AdvSendAdvert on;
|
||||||
IgnoreIfMissing on;
|
IgnoreIfMissing on;
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
Description=respondd instance {{ item.id }}
|
Description=respondd instance {{ item.id }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/home/admin/clones/mesh-announce/respondd.py -i {{ item.id }}BR {% for interface in item.fastd.nodes.instances %}-i {{ item.id }}VPN-{{ interface.mtu }}{% if not loop.last %} {% endif %}{% endfor %} -b {{ item.id }}BAT -s {{ item.site_code }} -d /home/admin/clones/mesh-announce/
|
ExecStart=/home/admin/clones/mesh-announce/respondd.py -i {{ item.id }}br {% for interface in item.fastd.nodes.instances %}-i {{ item.id }}vpn-{{ interface.mtu }}{% if not loop.last %} {% endif %}{% endfor %} -b {{ item.id }}bat -s {{ item.site_code }} -d /home/admin/clones/mesh-announce/
|
||||||
Restart=always
|
Restart=always
|
||||||
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
Diese Ansible role installiert und konfiguriert den tinc daemon, der für die Verbindung in das InterCity-VPN benötigt wird.
|
Diese Ansible role installiert und konfiguriert den tinc daemon, der für die Verbindung in das InterCity-VPN benötigt wird.
|
||||||
|
|
||||||
- installiert tinc
|
- installiert tinc
|
||||||
- erzeugt icVPN tinc Instanz
|
- erzeugt icvpn tinc Instanz
|
||||||
- klont freifunk/icvpn repo
|
- klont freifunk/icvpn repo
|
||||||
- schreibt tinc.conf
|
- schreibt tinc.conf
|
||||||
- schreibt tinc-up hook script
|
- schreibt tinc-up hook script
|
||||||
|
@ -16,7 +16,7 @@ Diese Ansible role installiert und konfiguriert den tinc daemon, der für die Ve
|
||||||
```
|
```
|
||||||
icvpn:
|
icvpn:
|
||||||
prefix: mwu
|
prefix: mwu
|
||||||
interface: icVPN
|
interface: icvpn
|
||||||
icvpn_repo: https://github.com/freifunk/icvpn
|
icvpn_repo: https://github.com/freifunk/icvpn
|
||||||
```
|
```
|
||||||
- Variable `icvpn_ipv4_transfer_net`
|
- Variable `icvpn_ipv4_transfer_net`
|
||||||
|
@ -30,12 +30,12 @@ routing_tables:
|
||||||
- Host Variable `magic`
|
- Host Variable `magic`
|
||||||
- Host Variable `tinc_private_key`
|
- Host Variable `tinc_private_key`
|
||||||
```
|
```
|
||||||
tinc_private_key: "{{ lookup('passwordstore', 'tinc/icVPN/$Hostname_private returnall=true') }}"
|
tinc_private_key: "{{ lookup('passwordstore', 'tinc/icvpn/$Hostname_private returnall=true') }}"
|
||||||
```
|
```
|
||||||
|
|
||||||
## tinc private key
|
## tinc private key
|
||||||
|
|
||||||
Der private Schlüssel der icVPN tinc-Instanz liegt im passwordstore.
|
Der private Schlüssel der icvpn tinc-Instanz liegt im passwordstore.
|
||||||
Bevor man ein Gateway aufsetzt, muss der private Schlüssel generiert und im passwordstore hinterlegt werden.
|
Bevor man ein Gateway aufsetzt, muss der private Schlüssel generiert und im passwordstore hinterlegt werden.
|
||||||
Die Variable `tinc_private_key` folgt dem Aufbau:
|
Die Variable `tinc_private_key` folgt dem Aufbau:
|
||||||
```
|
```
|
||||||
|
|
Loading…
Reference in a new issue