freifunk/ansible-ffibk
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
458 commits 1 branch 0 tags 947 KiB
Commit graph

349 commits

Author SHA1 Message Date
Tobias Hachmer 1be513fae9
Make variable http_domain_external in list element of meshes optional. 2018-12-30 23:39:41 +01:00
Julian Labus 7dac321cd1
Role service-respondd: start after fastd 
fixes #18
 2018-12-26 14:20:11 +01:00
Julian Labus 8ef5701add
Role service-nginx-meshviewer: update config.js 2018-12-21 11:59:10 +01:00
Julian Labus d8177dec7c
Role service-prometheus: bump versions 2018-12-21 11:59:02 +01:00
Julian Labus b06887fc7c
Role service-fastd-mesh: remove obsolete peer group servers 2018-12-12 21:24:37 +01:00
Julian Labus 7b9d3352e8
Role service-nginx: add internal addresses to known_hosts 2018-12-03 15:03:49 +01:00
Tobias Hachmer 38399e5b7a
Role service-bird: export anycast address on gateway, import anycast+loopback on other servers 2018-11-30 18:18:25 +01:00
Julian Labus 2100842bcb
Role service-prometheus: update versions 2018-11-28 14:08:15 +01:00
Julian Labus 5efd7d889e
Role service-nginx-meshviewer: enable HTTP/2 2018-11-28 10:59:53 +01:00
Julian Labus ee5be5f477
Role service-prometheus: move auth in vhosts to location 2018-11-27 10:55:37 +01:00
Julian Labus ce2167d3b3
Role service-nginx-firmware: enable CORS 2018-11-27 10:34:11 +01:00
Julian Labus 79cc765554
Role service-respondd: propagate domain_code 2018-11-12 21:06:59 +01:00
Julian Labus f134f61740
Role service-bird: only configure radvd on gateways 2018-11-12 16:23:13 +01:00
Julian Labus 80259461cc
Role network-meshbridge: only configure public IPv6 subnet not gateways 2018-11-12 16:22:46 +01:00
Julian Labus 6d725812fd
Role service-yanic: enable statistics for domains 2018-11-12 16:19:41 +01:00
Tobias Hachmer 935e66dbd8
Role network-meshbridge + service-bird: announce specific gate prefix instead of the 'global' one 
* configure a local ip address on meshbridge from the 'gate-specific' public IPv6 prefix
* disable announcement for the 'global' public IPv6 prefix
 2018-11-09 21:13:07 +01:00
Tobias Hachmer 479f8c3486
Move Router Advertisements from daemon radvd to bird6 2018-11-09 13:25:26 +01:00
Tobias Hachmer cc4b984344
Increase minimum Ansible version to '2.6'. 
* add ansible version check to role prerequisites
* add requirements.txt
* update Readme.md
* track minimum ansible version in variable 'ansible_version_minimum'
 2018-11-09 10:43:54 +01:00
Julian Labus 28f235d65c
Role service-fastd-backbone: don't hide IP + MAC 2018-11-08 16:43:12 +01:00
Tobias Hachmer c400c57b0c
Role service-nginx: increase server_names_hash_bucket_size 2018-11-08 06:38:01 +01:00
Julian Labus 7dcd90cff6
Role service-bird-lg: remove obsolete patching 2018-11-07 15:31:19 +01:00
Tobias Hachmer 8f8184f4cf
Introduce boolean var 'debug_fastd' and tag debug 
If debug_fastd to 'True' log level is set to debug on all fastd instances.

Run the playbook with tag 'debug' to invoke only tasks changing debug settings.
 2018-11-07 15:20:18 +01:00
Tobias Hachmer 2b0e5d7c4a
Role service-bind-slave: listen on loopback + anycast ip addresses 2018-11-07 10:28:35 +01:00
Tobias Hachmer fa37598c3b
Roles service-bird + service-bird-icvpn: 
Restructure bird configuration to exchange loopback addresses and announce the whole freifunk subnets instead the configured ones.
 2018-11-07 10:28:13 +01:00
Tobias Hachmer 678312c7fc
Add roles network-loopback + network-anycast 2018-11-07 10:28:02 +01:00
Julian Labus 55ca196248
Revert "Role service-bind-slave: listen on loopback + anycast ip addresses" 
This reverts commit 61382ce676.
 2018-11-05 15:43:12 +01:00
Julian Labus dbc7895854
Revert "Roles service-bird + service-bird-icvpn:" 
This reverts commit a8693377a4.
 2018-11-05 15:43:10 +01:00
Julian Labus 19da17b6e1
Revert "Add roles network-loopback + network-anycast" 
This reverts commit d66f880539.
 2018-11-05 15:42:47 +01:00
Julian Labus a540033cf2
Inventory + Roles: remove legacy_gateways 2018-11-04 01:51:26 +01:00
Tobias Hachmer e31bd5fdb9
Role users: update sudoers config for user admin 2018-11-02 10:01:39 +01:00
Tobias Hachmer 61382ce676
Role service-bind-slave: listen on loopback + anycast ip addresses 2018-11-01 19:33:46 +01:00
Tobias Hachmer a8693377a4
Roles service-bird + service-bird-icvpn: 
Restructure bird configuration to exchange loopback addresses and announce the whole freifunk subnets instead the configured ones.
 2018-11-01 08:19:08 +01:00
Tobias Hachmer d66f880539
Add roles network-loopback + network-anycast 2018-11-01 08:19:07 +01:00
Julian Labus 767e1fe5e1
Role service-nginx-firmware: replace -a (-rlptgoD) in rsync command with -rlpt 
Preserving owner and group causes problems if UIDs and GIDs differ 
between hosts.
 2018-10-22 13:32:28 +02:00
Julian Labus 12ac1e07e3
role service-nginx-meshviewer: update config.js for latest release 2018-10-15 09:41:53 +02:00
Julian Labus d69d5bde3f
role golang: update to 1.10 
yanic no longer builds with 1.8
 2018-10-15 09:40:09 +02:00
Julian Labus 98c29c3f93
role service-bird: remove unnecessary includes for non-gateway hosts 2018-10-04 19:30:37 +02:00
Julian Labus ed244ad827
role service-bird-ffrl: replace hyphen with underscores in protocol names 2018-10-04 19:09:59 +02:00
Julian Labus 8bed1b7c5b
role service-prometheus: update targets and alerts 2018-10-04 18:50:09 +02:00
Julian Labus 6cb1eaa514
role service-prometheus: configure alertmanager 2018-09-26 22:34:24 +02:00
Julian Labus 1d72eb8439
role service-bird-lg: add patch to fix parsing 2018-09-25 16:43:35 +02:00
Julian Labus 30a5897c36
roles: don't become root when writing in /home/admin 2018-09-25 16:41:43 +02:00
Julian Labus 8c8039b8b6
role service-prometheus: add missing node_exporter_default_opts to systemd unit 2018-09-25 13:22:46 +02:00
Julian Labus 8c4ec4170e
role service-fastd-mesh: add fastd-exporter 2018-09-25 10:38:41 +02:00
Julian Labus 46242b965d
role service-prometheus: add blackbox_exporter 2018-09-25 10:36:23 +02:00
Julian Labus 13ff110411
role service-prometheus: add vhost 2018-09-25 10:33:52 +02:00
Julian Labus e8d9e6af90
serivce-prometheus: bind to localhost by default 2018-09-25 10:28:24 +02:00
Julian Labus 059a8af9a1
role service-prometheus: update prometheus to 2.4.2 2018-09-24 16:22:49 +02:00
Julian Labus 55771b4ded
roles: move external addresses to front in vhosts so they get used for redirects 2018-09-24 15:14:09 +02:00
Julian Labus e79761e8d8
role service-grafana: check prometheus_components instead of setting facts 2018-09-24 15:12:15 +02:00
Julian Labus 9521fac988
role service-prometheus: move node_exporter to own vhost 2018-09-24 15:10:10 +02:00
Julian Labus 525c3e4fd0
service-bird-lg: use existing variable for AS number 2018-09-21 17:16:24 +02:00
Julian Labus 5fee4d98dc
role service-bird-lg: also add legacy_gateways 2018-09-21 17:11:19 +02:00
Julian Labus 7f042e1292
add role service-bird-lg 2018-09-21 16:20:28 +02:00
Tobias Hachmer e692ef2cde
Role server-basic: add repo for monitoring server to unattended upgrade config 2018-09-20 20:09:18 +02:00
Julian Labus ea1a731dcf
role service-dhcpd: update config for Kea 1.4-P1 2018-09-20 17:06:03 +02:00
Julian Labus 4c8a765f62
role network-meshbridge: remove obsolete code 2018-09-20 14:10:01 +02:00
Julian Labus 15d2c171c5
role service-fastd-backbone + service-bird: add tag sync-peers to only refresh backbone peers 2018-09-20 11:33:34 +02:00
Julian Labus da9ab1430c
role service-nginx(-meshviewer): fix typos 2018-09-20 11:28:04 +02:00
Tobias Hachmer ad3107fd0c
Role server-basic: add freifunk+nginx repo to unattended upgrades 2018-09-18 17:33:27 +02:00
Julian Labus cc5a51455d
role service-respondd: force update of dirty git repo 2018-09-18 14:59:46 +02:00
Julian Labus 64604d0a59
role service-prometheus: fix loop statements 2018-09-18 14:57:56 +02:00
Tobias Hachmer 00551d452a
Role network-batman: deactivate batman gw mode for non gateways 2018-09-18 14:28:25 +02:00
Tobias Hachmer ea726b9777
Move generation of ssh keys from role prerequisites to role users - let handle the user module this 2018-09-18 14:28:14 +02:00
Tobias Hachmer 69a12e0696
Migrate all with_* loops to new loop directive 2018-09-18 14:27:58 +02:00
Julian Labus 99325672d2
role service-grafana: add grafana datasources for prometheus and yanic 2018-09-18 12:48:10 +02:00
Julian Labus 7a7eaae84a
role service-grafana: install pie chart panel plugin 2018-09-18 12:48:10 +02:00
Julian Labus c4f04df30b
role service-nginx: only provide location /metrics if node_exporter is availible 2018-09-18 12:48:10 +02:00
Julian Labus c6277df3b7
role service-yanic: set fact so other roles can check if yanic is availible 2018-09-18 12:48:09 +02:00
Julian Labus d785c62eab
role service-grafana: set admin password during installation 2018-09-18 12:48:09 +02:00
Julian Labus 222b4e5197
role service-prometheus: set fact so other roles can check if prometheus is availible 2018-09-18 12:48:09 +02:00
Julian Labus 32f6654e44
role network-routing: use flush to delete routes 
- del will fail if gateways change
 2018-09-18 12:48:09 +02:00
Julian Labus 21c6f63b5f
role service-fastd-backbone: force peers repo update 2018-09-18 12:48:09 +02:00
Julian Labus 8b81eb6d7e
update READMEs 2018-09-18 12:48:09 +02:00
Julian Labus 3e2b02cfd5
role prerequisites: add comment to ssh key 2018-09-18 12:48:09 +02:00
Julian Labus 4f39143026
add role nginx-meshviewer 2018-09-18 12:48:08 +02:00
Julian Labus 5e1a75965c
role git-repos: add option to force update 2018-09-18 12:48:08 +02:00
Julian Labus 81393955a0
add role service-grafana 2018-09-18 12:48:08 +02:00
Julian Labus 57a42f17de
add role service-yanic 2018-09-18 12:48:07 +02:00
Julian Labus c65d39ee54
add role service-influxdb 2018-09-18 12:48:07 +02:00
Julian Labus 0153384d76
add role nodejs 2018-09-18 12:48:07 +02:00
Julian Labus 51c5330e36
add role golang 2018-09-18 12:48:07 +02:00
Julian Labus 280a6f9da6
add role yarn 2018-09-18 12:48:07 +02:00
Julian Labus ee634b5397
role service-prometheus: change handlers from reload to restart and add handler to reload systemd units 2018-09-18 12:48:07 +02:00
Julian Labus 07ab6837fe
role service-nginx: add new config snippets gzip.conf and redirect-to-ssl.conf 2018-09-18 12:48:07 +02:00
Julian Labus cfa648219b
role service-nginx: removed obsolete link "Traffic" from index.html 2018-09-18 12:48:06 +02:00
Julian Labus ec039343df
service-prometheus: fix variables 2018-09-18 12:48:06 +02:00
Julian Labus a6faeb0ff6
service-prometheus: update config to export metrics via nginx 2018-09-18 12:48:06 +02:00
Julian Labus 8f495b79c8
role network-batman + network-fastd: remove node vpn instances for non-gateway servers 2018-09-18 12:48:06 +02:00
Julian Labus b8e122ee8c
role server-basic: add net-tools and dnsutils to package list 2018-09-18 12:48:06 +02:00
Julian Labus f9340ac37b
role service-prometheus: update default versions 2018-09-18 12:48:06 +02:00
Julian Labus 8d7af519a5
split out gateway specific stuff to use roles for generic meshing servers 2018-09-18 12:48:05 +02:00
Julian Labus 37596e917d
role serivce-nginx: improve inital ACME certificate creation 2018-09-12 11:37:25 +02:00
Tobias Hachmer a2bef9154a Role network-routing: fix typos 2018-08-10 06:10:03 +02:00
Tobias Hachmer 13fa7414f0 Rename role system-sysctl-gateway to system-sysctl 2018-08-10 06:09:37 +02:00
Julian Labus 170f0f3000
service-nginx: fix wrong handler name 2018-08-07 11:21:09 +02:00
Julian Labus 26ec397029
service-nginx: try to start nginx.service if reload fails 2018-08-07 10:43:05 +02:00
Julian Labus 1af52aad51
replace all occurrences of iteritems() with items() as it was removed in Python 3 2018-08-07 10:32:23 +02:00
Julian Labus 30b5a5e4eb
service-nginx: move ACME hostname to variable and set resolver because nginx will fail if host is not (yet) reachable during startup 2018-08-07 09:27:02 +02:00
Tobias Hachmer d4a4f576c9 Rename fastd instance intragate to backbone 2018-07-25 14:08:45 +02:00
Tobias Hachmer f792b4bdaf Role firmware-build-server: delete deprecated templates 2018-07-24 21:16:53 +02:00
Tobias Hachmer 88bee34235 Restructure and update role for firmware build server 
* rename role ffmwu-build -> firmware-build-server
* rename playbook build-server to firmware-build-server
 2018-07-24 17:09:02 +02:00
Julian Labus f0d8d2f170
Role service-nginx-firmware: forward ACME HTTP requests and enable HTTPS for vhosts 2018-06-15 09:08:25 +02:00
Julian Labus 43b9bc4407
Role service-nginx: add tasks to forward ACME HTTP requests and fetch certificates 2018-06-15 09:04:33 +02:00
Julian Labus 50cc1a3efa
Role prerequisites: add task to generate SSH keys 2018-06-15 09:00:43 +02:00
Tobias Hachmer 98324509dd Role users: update public key of kokel 2018-03-20 06:27:03 +01:00
Tobias Hachmer bd8586f20a Role service-respondd: update exec option 2018-03-04 20:54:23 +01:00
Tobias Hachmer 6904d9fb25 Role server-basic: add template for standard apt sources 2018-03-04 19:51:35 +01:00
Tobias Hachmer dda20fcdae Role service-prometheus: fix trailing spaces 2018-03-02 07:18:19 +01:00
Tobias Hachmer 886cdb2417 Handlers: move all handlers into their roles, again 2018-03-01 06:34:55 +01:00
Julian Labus a97d27779d
Fix READMEs 2018-02-28 15:20:51 +01:00
Julian Labus 004681b553
Role service-bird: calculate peer addresses of other ansible managed hosts 2018-02-28 11:16:55 +01:00
Julian Labus d4d4ad0147
Role service-fastd-mesh: replace rstrip with rsplit 2018-02-28 11:16:49 +01:00
Julian Labus 0d60aa9f99
Role network-meshbridge: don't set individual MAC on bridge 2018-02-28 11:16:37 +01:00
Julian Labus dc72070628
Role system-sysctl-gateway: add small delay to sysctl startup 
- sysctl starts to quick after modules-load and setting the nf_conntrack parameters fails
 2018-02-28 11:16:30 +01:00
Julian Labus f5732aeb2a
Role network-routing: fix netmasks 2018-02-28 11:16:22 +01:00
Julian Labus f81a5c1a5f
Role network-iptables-gateway: load module nf_conntrack at boot 2018-02-28 11:16:15 +01:00
Tobias Hachmer 7359c03bf8 Role service-nginx: enable IPv6 support 2018-02-28 06:15:43 +01:00
Tobias Hachmer 89281c68a8 Role server-basic: ensure rpcbind is not installed 2018-02-28 06:06:14 +01:00
Tobias Hachmer 3c8d012ac7 Add role users 2018-02-28 06:04:25 +01:00
Julian Labus be84e6f148
Role service-nginx-firmware: enable IPv6 support 2018-02-25 18:13:26 +01:00
Tobias Hachmer 4ccb9a52ea Revert "Role network-meshbridge: update workaround to set hwaddress" 
This reverts commit f81bbfed65.
 2018-02-06 06:00:16 +01:00
Tobias Hachmer a947803e28 Revert "Role network-routing: move interface specific routes to role network-meshbridge" 
This reverts commit d3298d4a3c.
 2018-02-06 06:00:01 +01:00
Tobias Hachmer e633015873 Role service-fastd: explicitly clear ExecStart to prevent multiple definitions 2018-02-05 20:44:41 +01:00
Tobias Hachmer bd52ad6dd7 Role server-basic: fix networking.service from ifupdown2 - some interfaces come up too late 2018-02-05 17:37:52 +01:00
Tobias Hachmer 95140f12ea Role service-fastd: configure systemd service unit overrides instead of replacing the whole file 2018-02-05 15:46:56 +01:00
Tobias Hachmer 3e311bd995 Role service-dhcpd: add override settings for kea-dhcp4-server service unit 2018-02-05 15:31:40 +01:00
Julian Labus d3298d4a3c Role network-routing: move interface specific routes to role network-meshbridge 2018-02-02 06:38:06 +01:00
Julian Labus f81bbfed65 Role network-meshbridge: update workaround to set hwaddress 
`pre-up` doesn't work properly as it is called before the bridge is created.
Initializing the bridge via `up` in the batman mesh interface seems to be a better solution.
 2018-02-02 06:38:06 +01:00
Tobias Hachmer b246e8982b Add role service-nullmailer 2018-01-07 17:40:33 +01:00
Tobias Hachmer 90f486eb60 Role service-bird-icvpn: correct roa log messages 2018-01-02 10:45:09 +01:00
Tobias Hachmer 64f99ea396 Rename ffmwu custom config config dir from ~/.config to ~/.ffmwu-config 2017-12-31 13:41:46 +01:00
Tobias Hachmer 41a1d0bac3 Add role service-vnstat 2017-12-31 12:40:00 +01:00
Tobias Hachmer 7c80d75632 Role server-basic: update handling of dummy module 2017-12-30 23:10:11 +01:00
Tobias Hachmer c79fb69789 Role server-basic: add unattended-upgrades 2017-12-30 22:47:58 +01:00
Tobias Hachmer b36f4dfe5b Role service-fastd-mesh: update peer limit config 
* rename setting timeout to remote_data_timeout
* introduce setting remote_fetch_timeout
 2017-12-30 11:26:47 +01:00
Tobias Hachmer 7757387dd5 Role service-nginx: add nginx.conf templating 2017-12-29 20:31:46 +01:00
Tobias Hachmer a2104ddcc5 Role service-tinc: fix handling of systemd unit 
* remove init script if present
* nets.boot not necessary with new systemd unit
* update systemd tasks to use systemd unit tinc@
* update handler
 2017-12-29 14:27:52 +01:00
Tobias Hachmer 0a51ee02a3 Role service-dhcpd: change dhcp daemon to kea 2017-12-28 22:12:00 +01:00
n0trax 7abc41ee92 Fix systemd service scripts (#12) 2017-12-14 19:45:27 +01:00
Tobias Hachmer 2faa4e11dd Role network-iptables-gateway: omit dropping invalid packets 2017-12-14 06:33:39 +01:00
n0trax ad5b658467 Add prometheus role (#9) 2017-12-05 05:58:34 +01:00
Tobias Hachmer 0f9cee0e7d Role service-tinc: add task to enable post-merge script 2017-12-04 16:32:38 +01:00
Tobias Hachmer 89c187a975 Role network-routing: add missing service dependency for ffmwu-static-routes service unit 2017-12-04 06:21:25 +01:00
Tobias Hachmer 466a08a0b3 Role service-fastd-mesh: ensure fastd_status.json file is present; reorder nginx roles 2017-11-30 23:12:15 +01:00
Tobias Hachmer 80bd91a469 Role network-iptables-gateway: fix freifunk bridge rules 2017-11-14 23:09:55 +01:00
Tobias Hachmer 071bdb40d4 Role service-tinc: rework passwordstore lookup 2017-11-12 20:39:33 +01:00
Tobias Hachmer 78a141305d Rework passwordstore lookup handling in roles service-fastd-mesh und service-fastd-intragate 2017-11-12 20:27:12 +01:00
Tobias Hachmer 7437095761 Roles service-fastd-[mesh|intragate]: reload networking on fastd instance start 2017-11-12 15:08:41 +01:00
Tobias Hachmer 10d25ee031 Move dummy module from role kmod-batman to server-basic 2017-11-12 14:35:11 +01:00