Julian Labus
04c2ed7e30
service-bind-slave: add stunnel4 for DNS-over-TLS
2019-04-05 19:53:19 +02:00
Julian Labus
ac64eddfb1
service-prometheus: update versions
2019-04-05 09:29:11 +02:00
Julian Labus
4bdaaf2dae
service-prometheus: update internal domain for ICMP targets
2019-04-05 09:28:45 +02:00
Julian Labus
f194880f4c
service-fastd-mesh: enable redis-server
2019-04-04 20:21:31 +02:00
Julian Labus
a825a9bed0
service-fastd-mesh: add fastd-limiter (dry run)
...
new limits are not yet used by fastd
2019-04-04 11:56:45 +02:00
Tobias Hachmer
8a898bf339
Role pdns_admin: update version
2019-04-01 20:32:29 +02:00
Julian Labus
71d1889a49
Role service-fastd-mesh: allow fastd-exporter access from all gateways
2019-03-29 16:40:17 +01:00
Tobias Hachmer
f701d77dfd
Role service-bird: suffix legacy ipv6 bgp peers with '_legacy', also
2019-03-25 20:33:08 +01:00
Tobias Hachmer
6cc9776c66
Use link-local IPv6 address for BGP Peering
2019-03-25 20:22:55 +01:00
Julian Labus
59045bc400
Roles network-*: enable forwarding
...
With newer versions of ifupdown2 it is necessary to enable IPv4/6
forwarding explicitly on required interfaces.
2019-03-25 10:13:01 +01:00
Julian Labus
6239a876bb
Role network-fastd: set mtu
2019-03-24 23:14:06 +01:00
Julian Labus
dc1f469265
Role wireguard: set mtu and link-local address
2019-03-24 22:22:19 +01:00
Tobias Hachmer
13b470b5c9
Role server-basic: prevent the kernel to create a bond insterface on module load
2019-03-24 20:20:57 +01:00
Julian Labus
fc6a062559
Role wireguard: explicitly set ipv6-addrgen to off
...
newer versions of ifupdown2 try to set the addrgen mode for interfaces
using inet6 but it seems that wireguard interfaces do not support this.
This causes a "ip link set dev <iface> down" command during every
execution of ifreload as the default mode eui6 does not mach the mode
set on the interface which is none.
2019-03-24 18:57:22 +01:00
Julian Labus
7b2f330c3a
Role network-loopback: set internal nameserver when available
2019-03-23 15:05:36 +01:00
Julian Labus
52d55e3997
Role server-basic: use openresolv to set nameserver
2019-03-23 14:59:12 +01:00
Tobias Hachmer
7efeb81b66
Role firmware-build-server: use import_tasks instead of include (deprecated)
2019-03-22 22:18:37 +01:00
Tobias Hachmer
3320ee053f
Delete old Roles
2019-03-22 22:09:23 +01:00
Tobias Hachmer
aa38067f20
Role wireguard: split var 'my_wireguard_networks' into multiple lines for better reading
2019-03-22 21:52:47 +01:00
Tobias Hachmer
b995bbffdf
Role network-routing: rename 'sysctl_settings_routing_gateway' to 'sysctl_settings_routing_forwarding'; enable ip forwarding also for monitoring hosts
2019-03-22 21:52:08 +01:00
Tobias Hachmer
d194d6e936
Role pdns-admin: make dns prefix configurable; add lets encrypt snippet to nginx template
2019-03-22 20:33:32 +01:00
Tobias Hachmer
d7d456d158
Role wireguard: flush handler after configuration
2019-03-22 19:45:26 +01:00
Julian Labus
36a1335d9b
Role service-domain-director: update config
2019-03-22 13:41:16 +01:00
Julian Labus
165e22ab5e
Role service-nginx-firmware: add proxy to downloads.openwrt.org
2019-03-21 15:49:01 +01:00
Tobias Hachmer
869dd5b62a
Migrate internal DNS master to PowerDNS
...
* Add playbook dns to manage internal dns master servers
* Add role to manage PowerDNS Admin Web Frontend for PowerDNS
* Move dns zone related data from mesh list to a simpler dict with a simple zone list
* Update role service-bind-slave
* Update Readme.md
* Add requirements.yml
* Update .gitignore
2019-03-20 19:43:11 +01:00
Tobias Hachmer
fe4415afcf
Role nodejs: make major version configurable
2019-03-20 19:25:12 +01:00
Julian Labus
6c3e8336c9
Role service-nginx: use $host instead of $server_name for redirects
2019-03-20 10:23:12 +01:00
Julian Labus
28717aec73
Role service-bird: add source IP to routes in table mwu
2019-03-20 10:21:38 +01:00
Julian Labus
a8784c80eb
Revert "Role service-bird-lg: update lgproxy.cfg for new p2p vpn links"
...
This reverts commit 2ca3fdd43e
.
2019-03-20 10:19:48 +01:00
Julian Labus
2ca3fdd43e
Role service-bird-lg: update lgproxy.cfg for new p2p vpn links
2019-03-19 17:03:02 +01:00
Tobias Hachmer
e4e8c0998f
Introduce p2p vpn link between all ffmwu servers via WireGuard for routing purpose.
...
* add jinja2 extension 'jinja2.ext.do' to ansible.cfg
* add host kichererbse.freifunk-mwu.de
* add new server_type 'mesh-service' and new host group 'ffmwu-mesh-services'
* use new loopback and anycast networks
* add role wireguard
* add role wireguard as dependency for roles network-routing + service-bird
* add playbook 'mesh-services'
2019-03-19 15:23:12 +01:00
Julian Labus
3e297ed09f
Revert "Role service-fastd-mesh: update fastd peer limit method"
...
This reverts commit 7bb4c241e2
.
2019-03-18 16:11:34 +01:00
Julian Labus
f9700c4dd8
Role service-ntpd: only run ntpdate on primary interface during if-up
2019-03-18 10:05:11 +01:00
Julian Labus
f43931649a
Role service-prometheus: FastdNoTraffic - check if clients are connected
2019-03-16 23:54:25 +01:00
Julian Labus
db509e43db
Role service-respondd: add version number
...
without a version number it is hard to filter out servers in meshviewer
2019-03-15 18:27:33 +01:00
Julian Labus
af832f3703
Role service-prometheus: fix broken rule FastdNoTraffic
2019-03-14 23:20:59 +01:00
Julian Labus
acaf0e63e6
Role server-basic: update unattended-upgrades pattern
2019-03-14 15:37:25 +01:00
Julian Labus
d87a6f877c
Roles: use environment instead of passing variable in shell command
2019-03-14 15:35:47 +01:00
Julian Labus
7d1289f811
Role service-fastd-mesh: restart fastd-exporter after changes
2019-03-11 10:34:25 +01:00
Julian Labus
7bb4c241e2
Role service-fastd-mesh: update fastd peer limit method
2019-03-08 14:04:51 +01:00
Julian Labus
c6be99258b
Roles: add service-domain-director
2019-03-06 17:16:34 +01:00
Julian Labus
721b278d3b
Roles: improve multidomain support
2019-03-02 18:12:56 +01:00
Julian Labus
4127e56524
Role service-prometheus: remove dep service-cpthook
2019-02-15 19:29:58 +01:00
Julian Labus
7a91bbaa2f
Role service-prometheus: simplify and move all files to role directory
2019-02-15 15:45:38 +01:00
Julian Labus
603f6af64d
Role service-prometheus: send alerts via IRC
2019-02-15 11:41:55 +01:00
Julian Labus
e29fd1c5d5
Roles: add service-cpthook
2019-02-15 11:39:48 +01:00
Julian Labus
3dbcb8f2c5
Roles: add service-nginx-openlayers
2019-02-13 11:57:16 +01:00
Julian Labus
026844de30
Role service-nginx-meshviewer: add linkList
2019-02-06 11:51:39 +01:00
Julian Labus
6d016c034c
Role service-fastd-mesh: remove peers-ffbin
...
remove the individual peers repo for ffbin after successful migration to
the multidomain firmware
2019-02-05 15:18:48 +01:00
Julian Labus
8767b0970b
Role service-nginx-meshviewer: update MapLayers
2019-02-01 10:37:12 +01:00