6b64aa17a0
Role service-prometheus: bump versions
2019-04-17 10:44:37 +02:00
5cc55db92c
Role server-basic: enable unattended upgrade for Archive Unstable
2019-04-11 22:03:07 +02:00
b2373c17ac
service-fastd-mesh: use fastd-limiter and "on verify" to limit peers
2019-04-10 12:56:35 +02:00
ecdcb4c294
Role server-basic: enable unattended upgrade for PowerDNS packages
2019-04-09 21:30:44 +02:00
2529b0fb19
Inventory: add group ffmwu-dns
2019-04-09 21:30:06 +02:00
6815dd1521
Iventory: add peers-ffmwu to git repos
2019-04-08 16:10:36 +02:00
04c2ed7e30
service-bind-slave: add stunnel4 for DNS-over-TLS
2019-04-05 19:53:19 +02:00
ac64eddfb1
service-prometheus: update versions
2019-04-05 09:29:11 +02:00
4bdaaf2dae
service-prometheus: update internal domain for ICMP targets
2019-04-05 09:28:45 +02:00
f194880f4c
service-fastd-mesh: enable redis-server
2019-04-04 20:21:31 +02:00
a825a9bed0
service-fastd-mesh: add fastd-limiter (dry run)
...
new limits are not yet used by fastd
2019-04-04 11:56:45 +02:00
8a898bf339
Role pdns_admin: update version
2019-04-01 20:32:29 +02:00
71d1889a49
Role service-fastd-mesh: allow fastd-exporter access from all gateways
2019-03-29 16:40:17 +01:00
f701d77dfd
Role service-bird: suffix legacy ipv6 bgp peers with '_legacy', also
2019-03-25 20:33:08 +01:00
6cc9776c66
Use link-local IPv6 address for BGP Peering
2019-03-25 20:22:55 +01:00
59045bc400
Roles network-*: enable forwarding
...
With newer versions of ifupdown2 it is necessary to enable IPv4/6
forwarding explicitly on required interfaces.
2019-03-25 10:13:01 +01:00
6239a876bb
Role network-fastd: set mtu
2019-03-24 23:14:06 +01:00
dc1f469265
Role wireguard: set mtu and link-local address
2019-03-24 22:22:19 +01:00
13b470b5c9
Role server-basic: prevent the kernel to create a bond insterface on module load
2019-03-24 20:20:57 +01:00
fc6a062559
Role wireguard: explicitly set ipv6-addrgen to off
...
newer versions of ifupdown2 try to set the addrgen mode for interfaces
using inet6 but it seems that wireguard interfaces do not support this.
This causes a "ip link set dev <iface> down" command during every
execution of ifreload as the default mode eui6 does not mach the mode
set on the interface which is none.
2019-03-24 18:57:22 +01:00
7b2f330c3a
Role network-loopback: set internal nameserver when available
2019-03-23 15:05:36 +01:00
52d55e3997
Role server-basic: use openresolv to set nameserver
2019-03-23 14:59:12 +01:00
84cc2ca1c8
Add Playbook site.yml to manage the whole infrastructure
2019-03-22 22:20:33 +01:00
7efeb81b66
Role firmware-build-server: use import_tasks instead of include (deprecated)
2019-03-22 22:18:37 +01:00
3320ee053f
Delete old Roles
2019-03-22 22:09:23 +01:00
8212fc243c
Delete old Playbooks; update Playbooks
2019-03-22 22:06:26 +01:00
dc9f792992
ansible.cfg: increase forks to 10
2019-03-22 22:02:20 +01:00
aa38067f20
Role wireguard: split var 'my_wireguard_networks' into multiple lines for better reading
2019-03-22 21:52:47 +01:00
b995bbffdf
Role network-routing: rename 'sysctl_settings_routing_gateway' to 'sysctl_settings_routing_forwarding'; enable ip forwarding also for monitoring hosts
2019-03-22 21:52:08 +01:00
0c6cec55e3
Add linse.freifunk-mwu.de
...
* Update Playbook dns.yml to manage linse as the external dns master server
2019-03-22 20:34:54 +01:00
d194d6e936
Role pdns-admin: make dns prefix configurable; add lets encrypt snippet to nginx template
2019-03-22 20:33:32 +01:00
91e8a2ff3d
Update Playbook dns.yml
...
* update passwordstore lookup usage: use other subkey than 'password'
* add mysql_bind_address
2019-03-22 19:48:47 +01:00
f0eeb53442
Inventory ffmwu-mesh-services: remove group dns-master-internal
2019-03-22 19:48:25 +01:00
d7d456d158
Role wireguard: flush handler after configuration
2019-03-22 19:45:26 +01:00
36a1335d9b
Role service-domain-director: update config
2019-03-22 13:41:16 +01:00
af41e77619
Playbooks: add role service-prometheus to mesh-services
2019-03-21 21:20:58 +01:00
3a3388ccf7
Inventory: remove old host aubergine
2019-03-21 18:12:02 +01:00
da2e6e35f7
Inventory: remove unused wireguard networks
2019-03-21 17:54:30 +01:00
165e22ab5e
Role service-nginx-firmware: add proxy to downloads.openwrt.org
2019-03-21 15:49:01 +01:00
a8995d573c
Inventory: shorten IPv6 anycast address
2019-03-21 11:29:04 +01:00
869dd5b62a
Migrate internal DNS master to PowerDNS
...
* Add playbook dns to manage internal dns master servers
* Add role to manage PowerDNS Admin Web Frontend for PowerDNS
* Move dns zone related data from mesh list to a simpler dict with a simple zone list
* Update role service-bind-slave
* Update Readme.md
* Add requirements.yml
* Update .gitignore
2019-03-20 19:43:11 +01:00
fe4415afcf
Role nodejs: make major version configurable
2019-03-20 19:25:12 +01:00
6c3e8336c9
Role service-nginx: use $host instead of $server_name for redirects
2019-03-20 10:23:12 +01:00
28717aec73
Role service-bird: add source IP to routes in table mwu
2019-03-20 10:21:38 +01:00
a8784c80eb
Revert "Role service-bird-lg: update lgproxy.cfg for new p2p vpn links"
...
This reverts commit 2ca3fdd43e
2019-03-20 10:19:48 +01:00
2ca3fdd43e
Role service-bird-lg: update lgproxy.cfg for new p2p vpn links
2019-03-19 17:03:02 +01:00
e4e8c0998f
Introduce p2p vpn link between all ffmwu servers via WireGuard for routing purpose.
...
* add jinja2 extension 'jinja2.ext.do' to ansible.cfg
* add host kichererbse.freifunk-mwu.de
* add new server_type 'mesh-service' and new host group 'ffmwu-mesh-services'
* use new loopback and anycast networks
* add role wireguard
* add role wireguard as dependency for roles network-routing + service-bird
* add playbook 'mesh-services'
2019-03-19 15:23:12 +01:00
3e297ed09f
Revert "Role service-fastd-mesh: update fastd peer limit method"
...
This reverts commit 7bb4c241e2
2019-03-18 16:11:34 +01:00
483f49bba4
Inventory: add new domain dom0
2019-03-18 15:20:54 +01:00
78916057d6
Inventory: fix DHCP ranges on gateway lotuswurzel
...
lotuswurzel was using the first /23 net which is used for static server
IPs
2019-03-18 11:38:44 +01:00
Julian Labus
Tobias Hachmer