Commit graph

458 commits

Author SHA1 Message Date
Julian Labus
6b64aa17a0
Role service-prometheus: bump versions 2019-04-17 10:44:37 +02:00
Tobias Hachmer
5cc55db92c
Role server-basic: enable unattended upgrade for Archive Unstable 2019-04-11 22:03:07 +02:00
Julian Labus
b2373c17ac
service-fastd-mesh: use fastd-limiter and "on verify" to limit peers 2019-04-10 12:56:35 +02:00
Tobias Hachmer
ecdcb4c294
Role server-basic: enable unattended upgrade for PowerDNS packages 2019-04-09 21:30:44 +02:00
Tobias Hachmer
2529b0fb19
Inventory: add group ffmwu-dns 2019-04-09 21:30:06 +02:00
Julian Labus
6815dd1521
Iventory: add peers-ffmwu to git repos 2019-04-08 16:10:36 +02:00
Julian Labus
04c2ed7e30
service-bind-slave: add stunnel4 for DNS-over-TLS 2019-04-05 19:53:19 +02:00
Julian Labus
ac64eddfb1
service-prometheus: update versions 2019-04-05 09:29:11 +02:00
Julian Labus
4bdaaf2dae
service-prometheus: update internal domain for ICMP targets 2019-04-05 09:28:45 +02:00
Julian Labus
f194880f4c
service-fastd-mesh: enable redis-server 2019-04-04 20:21:31 +02:00
Julian Labus
a825a9bed0
service-fastd-mesh: add fastd-limiter (dry run)
new limits are not yet used by fastd
2019-04-04 11:56:45 +02:00
Tobias Hachmer
8a898bf339
Role pdns_admin: update version 2019-04-01 20:32:29 +02:00
Julian Labus
71d1889a49
Role service-fastd-mesh: allow fastd-exporter access from all gateways 2019-03-29 16:40:17 +01:00
Tobias Hachmer
f701d77dfd
Role service-bird: suffix legacy ipv6 bgp peers with '_legacy', also 2019-03-25 20:33:08 +01:00
Tobias Hachmer
6cc9776c66
Use link-local IPv6 address for BGP Peering 2019-03-25 20:22:55 +01:00
Julian Labus
59045bc400
Roles network-*: enable forwarding
With newer versions of ifupdown2 it is necessary to enable IPv4/6
forwarding explicitly on required interfaces.
2019-03-25 10:13:01 +01:00
Julian Labus
6239a876bb
Role network-fastd: set mtu 2019-03-24 23:14:06 +01:00
Julian Labus
dc1f469265
Role wireguard: set mtu and link-local address 2019-03-24 22:22:19 +01:00
Tobias Hachmer
13b470b5c9
Role server-basic: prevent the kernel to create a bond insterface on module load 2019-03-24 20:20:57 +01:00
Julian Labus
fc6a062559
Role wireguard: explicitly set ipv6-addrgen to off
newer versions of ifupdown2 try to set the addrgen mode for interfaces
using inet6 but it seems that wireguard interfaces do not support this.
This causes a "ip link set dev <iface> down" command during every
execution of ifreload as the default mode eui6 does not mach the mode
set on the interface which is none.
2019-03-24 18:57:22 +01:00
Julian Labus
7b2f330c3a
Role network-loopback: set internal nameserver when available 2019-03-23 15:05:36 +01:00
Julian Labus
52d55e3997
Role server-basic: use openresolv to set nameserver 2019-03-23 14:59:12 +01:00
Tobias Hachmer
84cc2ca1c8
Add Playbook site.yml to manage the whole infrastructure 2019-03-22 22:20:33 +01:00
Tobias Hachmer
7efeb81b66
Role firmware-build-server: use import_tasks instead of include (deprecated) 2019-03-22 22:18:37 +01:00
Tobias Hachmer
3320ee053f
Delete old Roles 2019-03-22 22:09:23 +01:00
Tobias Hachmer
8212fc243c
Delete old Playbooks; update Playbooks 2019-03-22 22:06:26 +01:00
Tobias Hachmer
dc9f792992
ansible.cfg: increase forks to 10 2019-03-22 22:02:20 +01:00
Tobias Hachmer
aa38067f20
Role wireguard: split var 'my_wireguard_networks' into multiple lines for better reading 2019-03-22 21:52:47 +01:00
Tobias Hachmer
b995bbffdf
Role network-routing: rename 'sysctl_settings_routing_gateway' to 'sysctl_settings_routing_forwarding'; enable ip forwarding also for monitoring hosts 2019-03-22 21:52:08 +01:00
Tobias Hachmer
0c6cec55e3
Add linse.freifunk-mwu.de
* Update Playbook dns.yml to manage linse as the external dns master server
2019-03-22 20:34:54 +01:00
Tobias Hachmer
d194d6e936
Role pdns-admin: make dns prefix configurable; add lets encrypt snippet to nginx template 2019-03-22 20:33:32 +01:00
Tobias Hachmer
91e8a2ff3d
Update Playbook dns.yml
* update passwordstore lookup usage: use other subkey than 'password'
 * add mysql_bind_address
2019-03-22 19:48:47 +01:00
Tobias Hachmer
f0eeb53442
Inventory ffmwu-mesh-services: remove group dns-master-internal 2019-03-22 19:48:25 +01:00
Tobias Hachmer
d7d456d158
Role wireguard: flush handler after configuration 2019-03-22 19:45:26 +01:00
Julian Labus
36a1335d9b
Role service-domain-director: update config 2019-03-22 13:41:16 +01:00
Julian Labus
af41e77619
Playbooks: add role service-prometheus to mesh-services 2019-03-21 21:20:58 +01:00
Tobias Hachmer
3a3388ccf7
Inventory: remove old host aubergine 2019-03-21 18:12:02 +01:00
Tobias Hachmer
da2e6e35f7
Inventory: remove unused wireguard networks 2019-03-21 17:54:30 +01:00
Julian Labus
165e22ab5e
Role service-nginx-firmware: add proxy to downloads.openwrt.org 2019-03-21 15:49:01 +01:00
Julian Labus
a8995d573c
Inventory: shorten IPv6 anycast address 2019-03-21 11:29:04 +01:00
Tobias Hachmer
869dd5b62a
Migrate internal DNS master to PowerDNS
* Add playbook dns to manage internal dns master servers
 * Add role to manage PowerDNS Admin Web Frontend for PowerDNS
 * Move dns zone related data from mesh list to a simpler dict with a simple zone list
 * Update role service-bind-slave
 * Update Readme.md
 * Add requirements.yml
 * Update .gitignore
2019-03-20 19:43:11 +01:00
Tobias Hachmer
fe4415afcf
Role nodejs: make major version configurable 2019-03-20 19:25:12 +01:00
Julian Labus
6c3e8336c9
Role service-nginx: use $host instead of $server_name for redirects 2019-03-20 10:23:12 +01:00
Julian Labus
28717aec73
Role service-bird: add source IP to routes in table mwu 2019-03-20 10:21:38 +01:00
Julian Labus
a8784c80eb
Revert "Role service-bird-lg: update lgproxy.cfg for new p2p vpn links"
This reverts commit 2ca3fdd43e.
2019-03-20 10:19:48 +01:00
Julian Labus
2ca3fdd43e
Role service-bird-lg: update lgproxy.cfg for new p2p vpn links 2019-03-19 17:03:02 +01:00
Tobias Hachmer
e4e8c0998f
Introduce p2p vpn link between all ffmwu servers via WireGuard for routing purpose.
* add jinja2 extension 'jinja2.ext.do' to ansible.cfg
 * add host kichererbse.freifunk-mwu.de
 * add new server_type 'mesh-service' and new host group 'ffmwu-mesh-services'
 * use new loopback and anycast networks
 * add role wireguard
 * add role wireguard as dependency for roles network-routing + service-bird
 * add playbook 'mesh-services'
2019-03-19 15:23:12 +01:00
Julian Labus
3e297ed09f
Revert "Role service-fastd-mesh: update fastd peer limit method"
This reverts commit 7bb4c241e2.
2019-03-18 16:11:34 +01:00
Julian Labus
483f49bba4
Inventory: add new domain dom0 2019-03-18 15:20:54 +01:00
Julian Labus
78916057d6
Inventory: fix DHCP ranges on gateway lotuswurzel
lotuswurzel was using the first /23 net which is used for static server 
IPs
2019-03-18 11:38:44 +01:00