freifunk/ansible-ffibk
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
458 commits 1 branch 0 tags 947 KiB
Commit graph

349 commits

Author SHA1 Message Date
Tobias Hachmer f792b4bdaf Role firmware-build-server: delete deprecated templates 2018-07-24 21:16:53 +02:00
Tobias Hachmer 88bee34235 Restructure and update role for firmware build server 
* rename role ffmwu-build -> firmware-build-server
* rename playbook build-server to firmware-build-server
 2018-07-24 17:09:02 +02:00
Julian Labus f0d8d2f170
Role service-nginx-firmware: forward ACME HTTP requests and enable HTTPS for vhosts 2018-06-15 09:08:25 +02:00
Julian Labus 43b9bc4407
Role service-nginx: add tasks to forward ACME HTTP requests and fetch certificates 2018-06-15 09:04:33 +02:00
Julian Labus 50cc1a3efa
Role prerequisites: add task to generate SSH keys 2018-06-15 09:00:43 +02:00
Tobias Hachmer 98324509dd Role users: update public key of kokel 2018-03-20 06:27:03 +01:00
Tobias Hachmer bd8586f20a Role service-respondd: update exec option 2018-03-04 20:54:23 +01:00
Tobias Hachmer 6904d9fb25 Role server-basic: add template for standard apt sources 2018-03-04 19:51:35 +01:00
Tobias Hachmer dda20fcdae Role service-prometheus: fix trailing spaces 2018-03-02 07:18:19 +01:00
Tobias Hachmer 886cdb2417 Handlers: move all handlers into their roles, again 2018-03-01 06:34:55 +01:00
Julian Labus a97d27779d
Fix READMEs 2018-02-28 15:20:51 +01:00
Julian Labus 004681b553
Role service-bird: calculate peer addresses of other ansible managed hosts 2018-02-28 11:16:55 +01:00
Julian Labus d4d4ad0147
Role service-fastd-mesh: replace rstrip with rsplit 2018-02-28 11:16:49 +01:00
Julian Labus 0d60aa9f99
Role network-meshbridge: don't set individual MAC on bridge 2018-02-28 11:16:37 +01:00
Julian Labus dc72070628
Role system-sysctl-gateway: add small delay to sysctl startup 
- sysctl starts to quick after modules-load and setting the nf_conntrack parameters fails
 2018-02-28 11:16:30 +01:00
Julian Labus f5732aeb2a
Role network-routing: fix netmasks 2018-02-28 11:16:22 +01:00
Julian Labus f81a5c1a5f
Role network-iptables-gateway: load module nf_conntrack at boot 2018-02-28 11:16:15 +01:00
Tobias Hachmer 7359c03bf8 Role service-nginx: enable IPv6 support 2018-02-28 06:15:43 +01:00
Tobias Hachmer 89281c68a8 Role server-basic: ensure rpcbind is not installed 2018-02-28 06:06:14 +01:00
Tobias Hachmer 3c8d012ac7 Add role users 2018-02-28 06:04:25 +01:00
Julian Labus be84e6f148
Role service-nginx-firmware: enable IPv6 support 2018-02-25 18:13:26 +01:00
Tobias Hachmer 4ccb9a52ea Revert "Role network-meshbridge: update workaround to set hwaddress" 
This reverts commit f81bbfed65.
 2018-02-06 06:00:16 +01:00
Tobias Hachmer a947803e28 Revert "Role network-routing: move interface specific routes to role network-meshbridge" 
This reverts commit d3298d4a3c.
 2018-02-06 06:00:01 +01:00
Tobias Hachmer e633015873 Role service-fastd: explicitly clear ExecStart to prevent multiple definitions 2018-02-05 20:44:41 +01:00
Tobias Hachmer bd52ad6dd7 Role server-basic: fix networking.service from ifupdown2 - some interfaces come up too late 2018-02-05 17:37:52 +01:00
Tobias Hachmer 95140f12ea Role service-fastd: configure systemd service unit overrides instead of replacing the whole file 2018-02-05 15:46:56 +01:00
Tobias Hachmer 3e311bd995 Role service-dhcpd: add override settings for kea-dhcp4-server service unit 2018-02-05 15:31:40 +01:00
Julian Labus d3298d4a3c Role network-routing: move interface specific routes to role network-meshbridge 2018-02-02 06:38:06 +01:00
Julian Labus f81bbfed65 Role network-meshbridge: update workaround to set hwaddress 
`pre-up` doesn't work properly as it is called before the bridge is created.
Initializing the bridge via `up` in the batman mesh interface seems to be a better solution.
 2018-02-02 06:38:06 +01:00
Tobias Hachmer b246e8982b Add role service-nullmailer 2018-01-07 17:40:33 +01:00
Tobias Hachmer 90f486eb60 Role service-bird-icvpn: correct roa log messages 2018-01-02 10:45:09 +01:00
Tobias Hachmer 64f99ea396 Rename ffmwu custom config config dir from ~/.config to ~/.ffmwu-config 2017-12-31 13:41:46 +01:00
Tobias Hachmer 41a1d0bac3 Add role service-vnstat 2017-12-31 12:40:00 +01:00
Tobias Hachmer 7c80d75632 Role server-basic: update handling of dummy module 2017-12-30 23:10:11 +01:00
Tobias Hachmer c79fb69789 Role server-basic: add unattended-upgrades 2017-12-30 22:47:58 +01:00
Tobias Hachmer b36f4dfe5b Role service-fastd-mesh: update peer limit config 
* rename setting timeout to remote_data_timeout
* introduce setting remote_fetch_timeout
 2017-12-30 11:26:47 +01:00
Tobias Hachmer 7757387dd5 Role service-nginx: add nginx.conf templating 2017-12-29 20:31:46 +01:00
Tobias Hachmer a2104ddcc5 Role service-tinc: fix handling of systemd unit 
* remove init script if present
* nets.boot not necessary with new systemd unit
* update systemd tasks to use systemd unit tinc@
* update handler
 2017-12-29 14:27:52 +01:00
Tobias Hachmer 0a51ee02a3 Role service-dhcpd: change dhcp daemon to kea 2017-12-28 22:12:00 +01:00
n0trax 7abc41ee92 Fix systemd service scripts (#12) 2017-12-14 19:45:27 +01:00
Tobias Hachmer 2faa4e11dd Role network-iptables-gateway: omit dropping invalid packets 2017-12-14 06:33:39 +01:00
n0trax ad5b658467 Add prometheus role (#9) 2017-12-05 05:58:34 +01:00
Tobias Hachmer 0f9cee0e7d Role service-tinc: add task to enable post-merge script 2017-12-04 16:32:38 +01:00
Tobias Hachmer 89c187a975 Role network-routing: add missing service dependency for ffmwu-static-routes service unit 2017-12-04 06:21:25 +01:00
Tobias Hachmer 466a08a0b3 Role service-fastd-mesh: ensure fastd_status.json file is present; reorder nginx roles 2017-11-30 23:12:15 +01:00
Tobias Hachmer 80bd91a469 Role network-iptables-gateway: fix freifunk bridge rules 2017-11-14 23:09:55 +01:00
Tobias Hachmer 071bdb40d4 Role service-tinc: rework passwordstore lookup 2017-11-12 20:39:33 +01:00
Tobias Hachmer 78a141305d Rework passwordstore lookup handling in roles service-fastd-mesh und service-fastd-intragate 2017-11-12 20:27:12 +01:00
Tobias Hachmer 7437095761 Roles service-fastd-[mesh|intragate]: reload networking on fastd instance start 2017-11-12 15:08:41 +01:00
Tobias Hachmer 10d25ee031 Move dummy module from role kmod-batman to server-basic 2017-11-12 14:35:11 +01:00
Tobias Hachmer 07eda681ca Roles service-fastd-mesh + service-fastd-intragate 
- remove on-up|on-down stanzas from fastd.conf
- update readme
 2017-11-12 14:12:07 +01:00
Tobias Hachmer 7a482e195f Role server-basic: add locale setting 2017-11-12 12:44:20 +01:00
Tobias Hachmer 9d08803a9e Rename role server-repos to server-apt-repos 
- Role server-apt-repos: add readme
 2017-11-12 11:30:44 +01:00
Tobias Hachmer 42d407340a Role network-meshbridge: workaround to set mac address on boot and get ipv6 address configured correctly 2017-11-12 00:31:14 +01:00
Tobias Hachmer 623faaa40f Role prerequisites: add cname asserts 2017-11-11 23:24:49 +01:00
Tobias Hachmer 99a77aa0b7 Role server-repos: remove universe-factory repo since fastd package is available in debian upstream 2017-11-09 06:20:23 +01:00
Tobias Hachmer f0564b5ad2 Role service-respondd: install python3 module dependency 2017-11-07 20:25:39 +01:00
Tobias Hachmer b1480594fa Role server-repos: change ffmwu repo to stretch 2017-11-07 20:23:23 +01:00
Tobias Hachmer fc04651e8b Lowercase all network interface names 2017-11-06 21:24:56 +01:00
Tobias Hachmer 387f3bbf6b Update fastd peer limit configuration 
* add list of legacy gateways (temporarily)
 * change backend-scripts branch to ansible
 * Role server-basic: ensure ffmwu config directory is present
 * Role service-fastd: add fastd-status script
 * role service-fastd-mesh: add templating for fastd peer limit
configuration
 2017-11-06 17:41:17 +01:00
Tobias Hachmer 67c915e877 Role service-respondd: also listen on fastd-interfaces 2017-10-31 22:54:58 +01:00
Tobias Hachmer d6eea602b7 Flush handlers after configuring network interfaces 2017-10-29 21:26:10 +01:00
Tobias Hachmer f00a216fef Role service-nginx: add autoindex options to default vhost 2017-10-29 21:24:48 +01:00
Tobias Hachmer dc146df5f7 Add role service-nginx-firmware 2017-10-27 11:41:00 +02:00
Tobias Hachmer 545162a46f Add role service-nginx 2017-10-27 11:38:02 +02:00
Tobias Hachmer 8212e17d6a Ensure systemd units are started 2017-10-26 22:35:55 +02:00
Tobias Hachmer a2110b33ee Fix some whitespaces 2017-10-26 22:29:15 +02:00
Tobias Hachmer ac48746a11 Roles service-fastd-[intragate|mesh]: update mac prefixes due to fastd instances change 2017-10-25 19:50:06 +02:00
Tobias Hachmer 57fff0410e Add role service-respondd 2017-10-15 10:18:26 +02:00
Tobias Hachmer 130980d863 Role network-routing: fix typos in ffmwu-del-ip-rules.sh template 2017-10-14 22:07:01 +02:00
Tobias Hachmer 00307bc9be Move IP rules from role service-rclocal to role network-routing 
- add scripts to configure and delete IP rules via a systemd unit
- delete role `service-rclocal`
- update README.md
- add new handler
 2017-10-13 07:59:43 +02:00
Tobias Hachmer f934a88661 Move all handlers to one single role 2017-10-13 07:28:41 +02:00
Tobias Hachmer f56215f03c Remove unnecessary handlers 2017-10-11 22:04:36 +02:00
Tobias Hachmer 79017f02d6 Use package module where possible instead of apt 2017-10-11 17:53:20 +02:00
Tobias Hachmer 4ce00a6ac3 Add role network-routing 
- move static routes from role service-rclocal to scripts run by systemd
unit
- mv routing specific sysctl settings
 2017-10-11 06:52:24 +02:00
Tobias Hachmer f18e53e4e7 Role service-fastd: use own systemd unit fastd@.service 
- original uses %I which does not escaping, so dashes will be replaced
by slashes
- use %i instead of %I
 2017-10-08 11:35:22 +02:00
Tobias Hachmer c56dc3504c Role service-fastd-mesh: fix typo in handler 2017-10-08 10:51:04 +02:00
Tobias Hachmer 534b0d045c Role network-fastd: update README.md 2017-10-08 09:44:42 +02:00
Tobias Hachmer e1e723809f Role network-batman: update batman-ifaces due to fastd instance change 
- update README.md
 2017-10-08 09:36:38 +02:00
Tobias Hachmer 4732338cee Roles service-fastd-[mesh|intragate]: update role dependencies 2017-10-07 01:08:48 +02:00
Tobias Hachmer 53d30c8ded Restructure fastd configuration to define multiple instances easily 
- introduce mesh subdictionary `fastd`
 - change fastd instance naming
 - change fastd network interface naming (identical with fastd instance
names)
 - change mac address prefixes
 2017-10-07 00:57:35 +02:00
Tobias Hachmer 63ca114c95 Migrate nested dictionary meshes into a list of dictionaries 
- migrate dictionary `ipv6` into two simple lists
 - migrate dictionary `forward_zones` into a list
 2017-10-06 22:58:00 +02:00
Tobias Hachmer 829d931ff9 Role service-fastd-mesh: add systemd timer for fastd peer limit update script 2017-10-06 11:47:09 +02:00
Tobias Hachmer 7e181923b3 Role service-fastd: ensure fastd service is masked 2017-10-06 10:49:41 +02:00
Tobias Hachmer a2fa5ff223 Role service-fastd-mesh: move peer limit to a separate file which isn't managed by ansible 2017-10-06 10:38:26 +02:00
Tobias Hachmer 900eacafb2 Fix wrong IP subnet calculation in roles service-radvd + service-rclocal 2017-10-06 09:56:14 +02:00
Tobias Hachmer ea08c856ac Update some ipaddr filters 2017-10-06 00:15:31 +02:00
Tobias Hachmer c4ed75ed36 Roles service-bird[|-ffrl|-icvpn]: rework handlers 2017-10-04 19:46:16 +02:00
Tobias Hachmer 94da0613a4 FFRL Internet Exit: move IPv4 NAT address to a single dummy interface 2017-10-04 13:51:03 +02:00
Tobias Hachmer cc43741a91 Role network-iptables-gateway: rename var internet_exit_mtu_ipv[4|6] to internet_exit_tcp_mss_ipv[4|6] 2017-10-04 12:55:29 +02:00
Tobias Hachmer b46be69a26 Role service-rclocal: fix wrong interface 2017-10-04 01:02:15 +02:00
Tobias Hachmer 98e1b60e00 Roles service-fastd-mesh + service-fastd-intragate: rename fastd socket 2017-10-04 00:51:18 +02:00
Tobias Hachmer 817f86abb7 Role service-bird-icvpn: rename systemd unit+timer icvpn-update to icvpn-tinc-bgp-update 2017-10-04 00:25:29 +02:00
Tobias Hachmer b0f0d63383 Role service-bind-slave: add systemd unit + timer to update icvpn bind config 2017-10-04 00:20:50 +02:00
Tobias Hachmer 31e0b6da67 Role service-bind-slave: fix file permissions 2017-10-04 00:05:53 +02:00
Tobias Hachmer 1f7ab3c620 Role git-repos: change branch of backend-scripts repo to drop-photon 2017-10-03 23:32:00 +02:00
Tobias Hachmer 224a61a481 Role service-bird + service-bird-icvpn: add systemd unit + timer to update roa+peers+tinc hosts 2017-10-03 23:31:15 +02:00
Tobias Hachmer 0fa92eef1c Role service-fastd-mesh: add systemd unit + timer to update mesh peers 2017-10-03 23:30:02 +02:00
Tobias Hachmer 07a0b25a09 Role service-radvd: make more parameters configurable 2017-10-03 21:24:36 +02:00
Tobias Hachmer a1705da9a0 Role service-radvd: optimize ipaddr filters 2017-10-03 21:18:39 +02:00
Tobias Hachmer ef6bedfee5 Update loop keys 2017-10-03 20:52:37 +02:00
Tobias Hachmer 937238d26e Role service-radvd: update handlers 2017-10-03 20:43:23 +02:00
Tobias Hachmer 7506fae8a5 Role service-tinc: use a task instead of a handler for systemd stuff 2017-10-03 20:40:48 +02:00
Tobias Hachmer 3ee405bdf2 Restructure service-fastd roles 
- migrate role git-fastd-peers
- add role service-fastd
- add repo clone for ffbin peers (currently hardcoded)
- add role dependency to role service-fastd-mesh +
service-fastd-intragate
- add systemd handlers
 2017-10-03 20:25:17 +02:00
Tobias Hachmer 01af6903e6 Role service-fastd-mesh + service-fastd-intragate: fix mac address format 2017-10-03 15:13:00 +02:00
Tobias Hachmer a112f6305e Role service-dhcpd: fix disabled notify 2017-10-03 14:44:38 +02:00
Tobias Hachmer 2f32bd6c1e Restructure network interfaces in order to use ifupdown2 
- rewrite interface templates for batman, fastd, ffrl and meshbridge
- add package ethtool to role server-basic
- use more ipaddr filters and get rid of unneeded variables in dict
ffrl_exit_server
- change ffrl_public_ipv4_nat variable to ip/prefix format
- update readme files
 2017-10-03 14:37:39 +02:00
Tobias Hachmer 821834c4b8 Add role service-bind-slave 2017-10-02 23:34:53 +02:00
Tobias Hachmer 5e38e4f6fb Role service-bird-icvpn: use a task and not a handler to set file attrs 2017-10-02 23:08:53 +02:00
Tobias Hachmer 2e0e474ba7 Role kmod-batman: load kernel modules 2017-10-02 11:21:01 +02:00
Tobias Hachmer b285305fe1 Add role network-iptables-gateway 
- move netfilter specific sysctl settings
 2017-10-02 11:18:16 +02:00
Tobias Hachmer 4596743a56 Add readme for role prerequisites 2017-10-02 11:15:58 +02:00
Tobias Hachmer 3a9edaa666 Add version to git modules in roles: 
- git-fastd-peers
- git-repos
- service-tinc
 2017-10-02 11:15:58 +02:00
Tobias Hachmer 41d6fb0ff1 Add role system-sysctl-gateway 2017-10-02 11:15:58 +02:00
Tobias Hachmer 846f385a21 Add role service-tinc 2017-10-02 11:15:58 +02:00
Tobias Hachmer ab45622570 Role server-basic: add package bridge-utils 2017-09-29 20:34:38 +02:00
Tobias Hachmer c87cb61a6b Update readme of roles service-fastd-mesh + service-fastd-intragate 2017-09-28 20:09:18 +02:00
Tobias Hachmer 0edd928ec8 Role service-bird-ffrl: correct ipaddr filters 2017-09-18 13:22:55 +02:00
Tobias Hachmer 1c928881fc Retouch tasks due to 'become' defaults to True 2017-09-18 13:22:55 +02:00
n0trax 951ab924a5 Set 'become' default to True (#7) 2017-09-17 10:11:45 +02:00
Tobias Hachmer 6792950fca Add role service-bird-ffrl 2017-09-11 23:49:11 +02:00
Tobias Hachmer dd6d5b6ec5 Add role service-bird-icvpn; add python3-yaml package to server-basic 
role
 2017-09-11 23:35:20 +02:00
Tobias Hachmer a2816a152e Add role git-repos 2017-09-11 23:23:34 +02:00
n0trax 84755f8bb9 Move localtestvm to separate role (untested) (#6) 2017-09-11 23:23:34 +02:00
Tobias Hachmer 34369638dc Add role service-bird 2017-09-11 23:23:34 +02:00
Tobias Hachmer 6c238c7416 Add role service-rclocal 2017-09-11 23:23:34 +02:00
n0trax 166c67477b Add relaxed yamllint config and fix errors 2017-09-11 23:23:34 +02:00
n0trax 4131825286 Modify prerequisites role and integrate prerequisites role into all playbooks (#4) 2017-09-11 23:23:34 +02:00
Tobias Hachmer ed03ad8573 Roles: add role documentation 2017-09-11 23:23:34 +02:00
Tobias Hachmer 94cb21daad Add a bunch of new roles 
- Update Readme
- Update ansible.cfg
- Add playbook to set up gateways
- Add group variables
 2017-09-11 23:21:44 +02:00
Tobias Hachmer 1f0b5925a8 Role test-prerequisites: improve tasks; update OS to current debian 
stable
 2017-09-05 11:29:13 +02:00
Tobias Hachmer 3270b5cc3e Inventory: clean up & rename role ffmwu-prereq to test-prerequisites 
Remove all hosts which aren't set up by ansible, yet. Prepare to start
from scratch. Only add hosts to the inventory which will be set up
completly by ansible.
 2017-09-05 11:25:13 +02:00
kaba ab2efe5df3 not runnable yet! 2016-12-20 16:59:03 +01:00
kaba 8cbb75ffe6 moved apt and pip package handling to sparate role - first step to streamline roles 2016-12-12 16:05:46 +01:00
kaba e530b3dba2 conflict resolution after concurrent edits 2016-11-28 17:06:28 +01:00
kaba 7ea7290b4f safeguard not to disrupt manually managed systems 2016-11-28 17:00:44 +01:00
Tobias Hachmer 0cb178663f Role ffmwu-meshing: rename task file names for better reading 2016-11-28 16:21:13 +01:00
Tobias Hachmer 6127353ae7 Update ansible role ffmwu-build 
* use ecdsautils from ffmwu debian repo instead of building from source
 * remove some trailing white spaces
 * use command module instead of shell module where it is possible
 * update module syntax to list form for better reading
 * role ffmwu-build should be idempotent now
 2016-11-26 14:17:14 +01:00
ka-ba 0167536d22 cleeeeaning womaaaan 2016-11-24 00:28:23 +01:00
kaba d37f6a4e45 replaced photon bootstrap script 2016-11-23 17:59:08 +01:00
kaba c63e9d9538 rudimental fixes, still failing though 2016-11-23 13:43:37 +01:00
Tobias Hachmer 9dd7b203db Roles: initially add role ffmwu-build and playbook for build-servers 2016-10-28 16:37:37 +02:00
Tobias Hachmer 1d9b50dbe6 Roles: add tasks to ffmwu-server 
* ensure system user is present
 * ensure vim is the default editor
 * ensure timezone is Europe/Berlin (activate with ansible version 2.2)
 2016-10-27 08:19:12 +02:00
ka-ba 40fe1d7fb5 fastd config differ for gates and for other meshing servers 2016-10-12 20:24:56 +02:00
ka-ba 1a96ad9ef7 set up meshing server (only local test for now) up to fastd - still missing: batman 2016-09-14 16:39:21 +02:00
ka-ba ff9f0db3a6 req test for test VMs 2016-08-12 00:58:42 +02:00
ka-ba 33bfb4c427 allow additional ssh keys on specific hosts 2016-07-18 14:59:42 +02:00
ka-ba 07f094c177 kaschu, stonie, Debian 2016-07-16 00:54:54 +02:00
ka-ba 88fc423cc1 setup generic ffmwu server 2016-07-06 16:34:54 +02:00