Julian Labus
ec039343df
service-prometheus: fix variables
2018-09-18 12:48:06 +02:00
Julian Labus
a6faeb0ff6
service-prometheus: update config to export metrics via nginx
2018-09-18 12:48:06 +02:00
Julian Labus
8f495b79c8
role network-batman + network-fastd: remove node vpn instances for non-gateway servers
2018-09-18 12:48:06 +02:00
Julian Labus
b8e122ee8c
role server-basic: add net-tools and dnsutils to package list
2018-09-18 12:48:06 +02:00
Julian Labus
f9340ac37b
role service-prometheus: update default versions
2018-09-18 12:48:06 +02:00
Julian Labus
8d7af519a5
split out gateway specific stuff to use roles for generic meshing servers
2018-09-18 12:48:05 +02:00
Julian Labus
37596e917d
role serivce-nginx: improve inital ACME certificate creation
2018-09-12 11:37:25 +02:00
Tobias Hachmer
a2bef9154a
Role network-routing: fix typos
2018-08-10 06:10:03 +02:00
Tobias Hachmer
13fa7414f0
Rename role system-sysctl-gateway to system-sysctl
2018-08-10 06:09:37 +02:00
Julian Labus
170f0f3000
service-nginx: fix wrong handler name
2018-08-07 11:21:09 +02:00
Julian Labus
26ec397029
service-nginx: try to start nginx.service if reload fails
2018-08-07 10:43:05 +02:00
Julian Labus
1af52aad51
replace all occurrences of iteritems()
with items()
as it was removed in Python 3
2018-08-07 10:32:23 +02:00
Julian Labus
30b5a5e4eb
service-nginx: move ACME hostname to variable and set resolver because nginx will fail if host is not (yet) reachable during startup
2018-08-07 09:27:02 +02:00
Tobias Hachmer
d4a4f576c9
Rename fastd instance intragate to backbone
2018-07-25 14:08:45 +02:00
Tobias Hachmer
f792b4bdaf
Role firmware-build-server: delete deprecated templates
2018-07-24 21:16:53 +02:00
Tobias Hachmer
88bee34235
Restructure and update role for firmware build server
...
* rename role ffmwu-build -> firmware-build-server
* rename playbook build-server to firmware-build-server
2018-07-24 17:09:02 +02:00
Julian Labus
f0d8d2f170
Role service-nginx-firmware: forward ACME HTTP requests and enable HTTPS for vhosts
2018-06-15 09:08:25 +02:00
Julian Labus
43b9bc4407
Role service-nginx: add tasks to forward ACME HTTP requests and fetch certificates
2018-06-15 09:04:33 +02:00
Julian Labus
50cc1a3efa
Role prerequisites: add task to generate SSH keys
2018-06-15 09:00:43 +02:00
Tobias Hachmer
98324509dd
Role users: update public key of kokel
2018-03-20 06:27:03 +01:00
Tobias Hachmer
bd8586f20a
Role service-respondd: update exec option
2018-03-04 20:54:23 +01:00
Tobias Hachmer
6904d9fb25
Role server-basic: add template for standard apt sources
2018-03-04 19:51:35 +01:00
Tobias Hachmer
dda20fcdae
Role service-prometheus: fix trailing spaces
2018-03-02 07:18:19 +01:00
Tobias Hachmer
886cdb2417
Handlers: move all handlers into their roles, again
2018-03-01 06:34:55 +01:00
Julian Labus
a97d27779d
Fix READMEs
2018-02-28 15:20:51 +01:00
Julian Labus
004681b553
Role service-bird: calculate peer addresses of other ansible managed hosts
2018-02-28 11:16:55 +01:00
Julian Labus
d4d4ad0147
Role service-fastd-mesh: replace rstrip with rsplit
2018-02-28 11:16:49 +01:00
Julian Labus
0d60aa9f99
Role network-meshbridge: don't set individual MAC on bridge
2018-02-28 11:16:37 +01:00
Julian Labus
dc72070628
Role system-sysctl-gateway: add small delay to sysctl startup
...
- sysctl starts to quick after modules-load and setting the nf_conntrack parameters fails
2018-02-28 11:16:30 +01:00
Julian Labus
f5732aeb2a
Role network-routing: fix netmasks
2018-02-28 11:16:22 +01:00
Julian Labus
f81a5c1a5f
Role network-iptables-gateway: load module nf_conntrack at boot
2018-02-28 11:16:15 +01:00
Tobias Hachmer
7359c03bf8
Role service-nginx: enable IPv6 support
2018-02-28 06:15:43 +01:00
Tobias Hachmer
89281c68a8
Role server-basic: ensure rpcbind is not installed
2018-02-28 06:06:14 +01:00
Tobias Hachmer
3c8d012ac7
Add role users
2018-02-28 06:04:25 +01:00
Julian Labus
be84e6f148
Role service-nginx-firmware: enable IPv6 support
2018-02-25 18:13:26 +01:00
Tobias Hachmer
4ccb9a52ea
Revert "Role network-meshbridge: update workaround to set hwaddress"
...
This reverts commit f81bbfed65
.
2018-02-06 06:00:16 +01:00
Tobias Hachmer
a947803e28
Revert "Role network-routing: move interface specific routes to role network-meshbridge"
...
This reverts commit d3298d4a3c
.
2018-02-06 06:00:01 +01:00
Tobias Hachmer
e633015873
Role service-fastd: explicitly clear ExecStart to prevent multiple definitions
2018-02-05 20:44:41 +01:00
Tobias Hachmer
bd52ad6dd7
Role server-basic: fix networking.service from ifupdown2 - some interfaces come up too late
2018-02-05 17:37:52 +01:00
Tobias Hachmer
95140f12ea
Role service-fastd: configure systemd service unit overrides instead of replacing the whole file
2018-02-05 15:46:56 +01:00
Tobias Hachmer
3e311bd995
Role service-dhcpd: add override settings for kea-dhcp4-server service unit
2018-02-05 15:31:40 +01:00
Julian Labus
d3298d4a3c
Role network-routing: move interface specific routes to role network-meshbridge
2018-02-02 06:38:06 +01:00
Julian Labus
f81bbfed65
Role network-meshbridge: update workaround to set hwaddress
...
`pre-up` doesn't work properly as it is called before the bridge is created.
Initializing the bridge via `up` in the batman mesh interface seems to be a better solution.
2018-02-02 06:38:06 +01:00
Tobias Hachmer
b246e8982b
Add role service-nullmailer
2018-01-07 17:40:33 +01:00
Tobias Hachmer
90f486eb60
Role service-bird-icvpn: correct roa log messages
2018-01-02 10:45:09 +01:00
Tobias Hachmer
64f99ea396
Rename ffmwu custom config config dir from ~/.config to ~/.ffmwu-config
2017-12-31 13:41:46 +01:00
Tobias Hachmer
41a1d0bac3
Add role service-vnstat
2017-12-31 12:40:00 +01:00
Tobias Hachmer
7c80d75632
Role server-basic: update handling of dummy module
2017-12-30 23:10:11 +01:00
Tobias Hachmer
c79fb69789
Role server-basic: add unattended-upgrades
2017-12-30 22:47:58 +01:00
Tobias Hachmer
b36f4dfe5b
Role service-fastd-mesh: update peer limit config
...
* rename setting timeout to remote_data_timeout
* introduce setting remote_fetch_timeout
2017-12-30 11:26:47 +01:00
Tobias Hachmer
7757387dd5
Role service-nginx: add nginx.conf templating
2017-12-29 20:31:46 +01:00
Tobias Hachmer
a2104ddcc5
Role service-tinc: fix handling of systemd unit
...
* remove init script if present
* nets.boot not necessary with new systemd unit
* update systemd tasks to use systemd unit tinc@
* update handler
2017-12-29 14:27:52 +01:00
Tobias Hachmer
0a51ee02a3
Role service-dhcpd: change dhcp daemon to kea
2017-12-28 22:12:00 +01:00
n0trax
7abc41ee92
Fix systemd service scripts ( #12 )
2017-12-14 19:45:27 +01:00
Tobias Hachmer
2faa4e11dd
Role network-iptables-gateway: omit dropping invalid packets
2017-12-14 06:33:39 +01:00
n0trax
ad5b658467
Add prometheus role ( #9 )
2017-12-05 05:58:34 +01:00
Tobias Hachmer
0f9cee0e7d
Role service-tinc: add task to enable post-merge script
2017-12-04 16:32:38 +01:00
Tobias Hachmer
89c187a975
Role network-routing: add missing service dependency for ffmwu-static-routes service unit
2017-12-04 06:21:25 +01:00
Tobias Hachmer
466a08a0b3
Role service-fastd-mesh: ensure fastd_status.json file is present; reorder nginx roles
2017-11-30 23:12:15 +01:00
Tobias Hachmer
80bd91a469
Role network-iptables-gateway: fix freifunk bridge rules
2017-11-14 23:09:55 +01:00
Tobias Hachmer
071bdb40d4
Role service-tinc: rework passwordstore lookup
2017-11-12 20:39:33 +01:00
Tobias Hachmer
78a141305d
Rework passwordstore lookup handling in roles service-fastd-mesh und service-fastd-intragate
2017-11-12 20:27:12 +01:00
Tobias Hachmer
7437095761
Roles service-fastd-[mesh|intragate]: reload networking on fastd instance start
2017-11-12 15:08:41 +01:00
Tobias Hachmer
10d25ee031
Move dummy module from role kmod-batman to server-basic
2017-11-12 14:35:11 +01:00
Tobias Hachmer
07eda681ca
Roles service-fastd-mesh + service-fastd-intragate
...
- remove on-up|on-down stanzas from fastd.conf
- update readme
2017-11-12 14:12:07 +01:00
Tobias Hachmer
7a482e195f
Role server-basic: add locale setting
2017-11-12 12:44:20 +01:00
Tobias Hachmer
9d08803a9e
Rename role server-repos to server-apt-repos
...
- Role server-apt-repos: add readme
2017-11-12 11:30:44 +01:00
Tobias Hachmer
42d407340a
Role network-meshbridge: workaround to set mac address on boot and get ipv6 address configured correctly
2017-11-12 00:31:14 +01:00
Tobias Hachmer
623faaa40f
Role prerequisites: add cname asserts
2017-11-11 23:24:49 +01:00
Tobias Hachmer
99a77aa0b7
Role server-repos: remove universe-factory repo since fastd package is available in debian upstream
2017-11-09 06:20:23 +01:00
Tobias Hachmer
f0564b5ad2
Role service-respondd: install python3 module dependency
2017-11-07 20:25:39 +01:00
Tobias Hachmer
b1480594fa
Role server-repos: change ffmwu repo to stretch
2017-11-07 20:23:23 +01:00
Tobias Hachmer
fc04651e8b
Lowercase all network interface names
2017-11-06 21:24:56 +01:00
Tobias Hachmer
387f3bbf6b
Update fastd peer limit configuration
...
* add list of legacy gateways (temporarily)
* change backend-scripts branch to ansible
* Role server-basic: ensure ffmwu config directory is present
* Role service-fastd: add fastd-status script
* role service-fastd-mesh: add templating for fastd peer limit
configuration
2017-11-06 17:41:17 +01:00
Tobias Hachmer
67c915e877
Role service-respondd: also listen on fastd-interfaces
2017-10-31 22:54:58 +01:00
Tobias Hachmer
d6eea602b7
Flush handlers after configuring network interfaces
2017-10-29 21:26:10 +01:00
Tobias Hachmer
f00a216fef
Role service-nginx: add autoindex options to default vhost
2017-10-29 21:24:48 +01:00
Tobias Hachmer
dc146df5f7
Add role service-nginx-firmware
2017-10-27 11:41:00 +02:00
Tobias Hachmer
545162a46f
Add role service-nginx
2017-10-27 11:38:02 +02:00
Tobias Hachmer
8212e17d6a
Ensure systemd units are started
2017-10-26 22:35:55 +02:00
Tobias Hachmer
a2110b33ee
Fix some whitespaces
2017-10-26 22:29:15 +02:00
Tobias Hachmer
ac48746a11
Roles service-fastd-[intragate|mesh]: update mac prefixes due to fastd instances change
2017-10-25 19:50:06 +02:00
Tobias Hachmer
57fff0410e
Add role service-respondd
2017-10-15 10:18:26 +02:00
Tobias Hachmer
130980d863
Role network-routing: fix typos in ffmwu-del-ip-rules.sh template
2017-10-14 22:07:01 +02:00
Tobias Hachmer
00307bc9be
Move IP rules from role service-rclocal
to role network-routing
...
- add scripts to configure and delete IP rules via a systemd unit
- delete role `service-rclocal`
- update README.md
- add new handler
2017-10-13 07:59:43 +02:00
Tobias Hachmer
f934a88661
Move all handlers to one single role
2017-10-13 07:28:41 +02:00
Tobias Hachmer
f56215f03c
Remove unnecessary handlers
2017-10-11 22:04:36 +02:00
Tobias Hachmer
79017f02d6
Use package module where possible instead of apt
2017-10-11 17:53:20 +02:00
Tobias Hachmer
4ce00a6ac3
Add role network-routing
...
- move static routes from role service-rclocal to scripts run by systemd
unit
- mv routing specific sysctl settings
2017-10-11 06:52:24 +02:00
Tobias Hachmer
f18e53e4e7
Role service-fastd: use own systemd unit fastd@.service
...
- original uses %I which does not escaping, so dashes will be replaced
by slashes
- use %i instead of %I
2017-10-08 11:35:22 +02:00
Tobias Hachmer
c56dc3504c
Role service-fastd-mesh: fix typo in handler
2017-10-08 10:51:04 +02:00
Tobias Hachmer
534b0d045c
Role network-fastd: update README.md
2017-10-08 09:44:42 +02:00
Tobias Hachmer
e1e723809f
Role network-batman: update batman-ifaces due to fastd instance change
...
- update README.md
2017-10-08 09:36:38 +02:00
Tobias Hachmer
4732338cee
Roles service-fastd-[mesh|intragate]: update role dependencies
2017-10-07 01:08:48 +02:00
Tobias Hachmer
53d30c8ded
Restructure fastd configuration to define multiple instances easily
...
- introduce mesh subdictionary `fastd`
- change fastd instance naming
- change fastd network interface naming (identical with fastd instance
names)
- change mac address prefixes
2017-10-07 00:57:35 +02:00
Tobias Hachmer
63ca114c95
Migrate nested dictionary meshes
into a list of dictionaries
...
- migrate dictionary `ipv6` into two simple lists
- migrate dictionary `forward_zones` into a list
2017-10-06 22:58:00 +02:00
Tobias Hachmer
829d931ff9
Role service-fastd-mesh: add systemd timer for fastd peer limit update script
2017-10-06 11:47:09 +02:00
Tobias Hachmer
7e181923b3
Role service-fastd: ensure fastd service is masked
2017-10-06 10:49:41 +02:00
Tobias Hachmer
a2fa5ff223
Role service-fastd-mesh: move peer limit to a separate file which isn't managed by ansible
2017-10-06 10:38:26 +02:00
Tobias Hachmer
900eacafb2
Fix wrong IP subnet calculation in roles service-radvd + service-rclocal
2017-10-06 09:56:14 +02:00
Tobias Hachmer
ea08c856ac
Update some ipaddr filters
2017-10-06 00:15:31 +02:00
Tobias Hachmer
c4ed75ed36
Roles service-bird[|-ffrl|-icvpn]: rework handlers
2017-10-04 19:46:16 +02:00
Tobias Hachmer
94da0613a4
FFRL Internet Exit: move IPv4 NAT address to a single dummy interface
2017-10-04 13:51:03 +02:00
Tobias Hachmer
cc43741a91
Role network-iptables-gateway: rename var internet_exit_mtu_ipv[4|6] to internet_exit_tcp_mss_ipv[4|6]
2017-10-04 12:55:29 +02:00
Tobias Hachmer
b46be69a26
Role service-rclocal: fix wrong interface
2017-10-04 01:02:15 +02:00
Tobias Hachmer
98e1b60e00
Roles service-fastd-mesh + service-fastd-intragate: rename fastd socket
2017-10-04 00:51:18 +02:00
Tobias Hachmer
817f86abb7
Role service-bird-icvpn: rename systemd unit+timer icvpn-update to icvpn-tinc-bgp-update
2017-10-04 00:25:29 +02:00
Tobias Hachmer
b0f0d63383
Role service-bind-slave: add systemd unit + timer to update icvpn bind config
2017-10-04 00:20:50 +02:00
Tobias Hachmer
31e0b6da67
Role service-bind-slave: fix file permissions
2017-10-04 00:05:53 +02:00
Tobias Hachmer
1f7ab3c620
Role git-repos: change branch of backend-scripts repo to drop-photon
2017-10-03 23:32:00 +02:00
Tobias Hachmer
224a61a481
Role service-bird + service-bird-icvpn: add systemd unit + timer to update roa+peers+tinc hosts
2017-10-03 23:31:15 +02:00
Tobias Hachmer
0fa92eef1c
Role service-fastd-mesh: add systemd unit + timer to update mesh peers
2017-10-03 23:30:02 +02:00
Tobias Hachmer
07a0b25a09
Role service-radvd: make more parameters configurable
2017-10-03 21:24:36 +02:00
Tobias Hachmer
a1705da9a0
Role service-radvd: optimize ipaddr filters
2017-10-03 21:18:39 +02:00
Tobias Hachmer
ef6bedfee5
Update loop keys
2017-10-03 20:52:37 +02:00
Tobias Hachmer
937238d26e
Role service-radvd: update handlers
2017-10-03 20:43:23 +02:00
Tobias Hachmer
7506fae8a5
Role service-tinc: use a task instead of a handler for systemd stuff
2017-10-03 20:40:48 +02:00
Tobias Hachmer
3ee405bdf2
Restructure service-fastd roles
...
- migrate role git-fastd-peers
- add role service-fastd
- add repo clone for ffbin peers (currently hardcoded)
- add role dependency to role service-fastd-mesh +
service-fastd-intragate
- add systemd handlers
2017-10-03 20:25:17 +02:00
Tobias Hachmer
01af6903e6
Role service-fastd-mesh + service-fastd-intragate: fix mac address format
2017-10-03 15:13:00 +02:00
Tobias Hachmer
a112f6305e
Role service-dhcpd: fix disabled notify
2017-10-03 14:44:38 +02:00
Tobias Hachmer
2f32bd6c1e
Restructure network interfaces in order to use ifupdown2
...
- rewrite interface templates for batman, fastd, ffrl and meshbridge
- add package ethtool to role server-basic
- use more ipaddr filters and get rid of unneeded variables in dict
ffrl_exit_server
- change ffrl_public_ipv4_nat variable to ip/prefix format
- update readme files
2017-10-03 14:37:39 +02:00
Tobias Hachmer
821834c4b8
Add role service-bind-slave
2017-10-02 23:34:53 +02:00
Tobias Hachmer
5e38e4f6fb
Role service-bird-icvpn: use a task and not a handler to set file attrs
2017-10-02 23:08:53 +02:00
Tobias Hachmer
2e0e474ba7
Role kmod-batman: load kernel modules
2017-10-02 11:21:01 +02:00
Tobias Hachmer
b285305fe1
Add role network-iptables-gateway
...
- move netfilter specific sysctl settings
2017-10-02 11:18:16 +02:00
Tobias Hachmer
4596743a56
Add readme for role prerequisites
2017-10-02 11:15:58 +02:00
Tobias Hachmer
3a9edaa666
Add version to git modules in roles:
...
- git-fastd-peers
- git-repos
- service-tinc
2017-10-02 11:15:58 +02:00
Tobias Hachmer
41d6fb0ff1
Add role system-sysctl-gateway
2017-10-02 11:15:58 +02:00
Tobias Hachmer
846f385a21
Add role service-tinc
2017-10-02 11:15:58 +02:00
Tobias Hachmer
ab45622570
Role server-basic: add package bridge-utils
2017-09-29 20:34:38 +02:00
Tobias Hachmer
c87cb61a6b
Update readme of roles service-fastd-mesh + service-fastd-intragate
2017-09-28 20:09:18 +02:00
Tobias Hachmer
0edd928ec8
Role service-bird-ffrl: correct ipaddr filters
2017-09-18 13:22:55 +02:00
Tobias Hachmer
1c928881fc
Retouch tasks due to 'become' defaults to True
2017-09-18 13:22:55 +02:00
n0trax
951ab924a5
Set 'become' default to True ( #7 )
2017-09-17 10:11:45 +02:00
Tobias Hachmer
6792950fca
Add role service-bird-ffrl
2017-09-11 23:49:11 +02:00
Tobias Hachmer
dd6d5b6ec5
Add role service-bird-icvpn; add python3-yaml package to server-basic
...
role
2017-09-11 23:35:20 +02:00
Tobias Hachmer
a2816a152e
Add role git-repos
2017-09-11 23:23:34 +02:00
n0trax
84755f8bb9
Move localtestvm to separate role (untested) ( #6 )
2017-09-11 23:23:34 +02:00
Tobias Hachmer
34369638dc
Add role service-bird
2017-09-11 23:23:34 +02:00
Tobias Hachmer
6c238c7416
Add role service-rclocal
2017-09-11 23:23:34 +02:00
n0trax
166c67477b
Add relaxed yamllint config and fix errors
2017-09-11 23:23:34 +02:00
n0trax
4131825286
Modify prerequisites role and integrate prerequisites role into all playbooks ( #4 )
2017-09-11 23:23:34 +02:00
Tobias Hachmer
ed03ad8573
Roles: add role documentation
2017-09-11 23:23:34 +02:00
Tobias Hachmer
94cb21daad
Add a bunch of new roles
...
- Update Readme
- Update ansible.cfg
- Add playbook to set up gateways
- Add group variables
2017-09-11 23:21:44 +02:00
Tobias Hachmer
1f0b5925a8
Role test-prerequisites: improve tasks; update OS to current debian
...
stable
2017-09-05 11:29:13 +02:00
Tobias Hachmer
3270b5cc3e
Inventory: clean up & rename role ffmwu-prereq to test-prerequisites
...
Remove all hosts which aren't set up by ansible, yet. Prepare to start
from scratch. Only add hosts to the inventory which will be set up
completly by ansible.
2017-09-05 11:25:13 +02:00
kaba
ab2efe5df3
not runnable yet!
2016-12-20 16:59:03 +01:00
kaba
8cbb75ffe6
moved apt and pip package handling to sparate role - first step to streamline roles
2016-12-12 16:05:46 +01:00
kaba
e530b3dba2
conflict resolution after concurrent edits
2016-11-28 17:06:28 +01:00
kaba
7ea7290b4f
safeguard not to disrupt manually managed systems
2016-11-28 17:00:44 +01:00
Tobias Hachmer
0cb178663f
Role ffmwu-meshing: rename task file names for better reading
2016-11-28 16:21:13 +01:00
Tobias Hachmer
6127353ae7
Update ansible role ffmwu-build
...
* use ecdsautils from ffmwu debian repo instead of building from source
* remove some trailing white spaces
* use command module instead of shell module where it is possible
* update module syntax to list form for better reading
* role ffmwu-build should be idempotent now
2016-11-26 14:17:14 +01:00
ka-ba
0167536d22
cleeeeaning womaaaan
2016-11-24 00:28:23 +01:00
kaba
d37f6a4e45
replaced photon bootstrap script
2016-11-23 17:59:08 +01:00
kaba
c63e9d9538
rudimental fixes, still failing though
2016-11-23 13:43:37 +01:00
Tobias Hachmer
9dd7b203db
Roles: initially add role ffmwu-build and playbook for build-servers
2016-10-28 16:37:37 +02:00
Tobias Hachmer
1d9b50dbe6
Roles: add tasks to ffmwu-server
...
* ensure system user is present
* ensure vim is the default editor
* ensure timezone is Europe/Berlin (activate with ansible version 2.2)
2016-10-27 08:19:12 +02:00
ka-ba
40fe1d7fb5
fastd config differ for gates and for other meshing servers
2016-10-12 20:24:56 +02:00
ka-ba
1a96ad9ef7
set up meshing server (only local test for now) up to fastd - still missing: batman
2016-09-14 16:39:21 +02:00
ka-ba
ff9f0db3a6
req test for test VMs
2016-08-12 00:58:42 +02:00
ka-ba
33bfb4c427
allow additional ssh keys on specific hosts
2016-07-18 14:59:42 +02:00
ka-ba
07f094c177
kaschu, stonie, Debian
2016-07-16 00:54:54 +02:00
ka-ba
88fc423cc1
setup generic ffmwu server
2016-07-06 16:34:54 +02:00