Commit graph

302 commits

Author SHA1 Message Date
Julian Labus
1af52aad51
replace all occurrences of iteritems() with items() as it was removed in Python 3 2018-08-07 10:32:23 +02:00
Julian Labus
30b5a5e4eb
service-nginx: move ACME hostname to variable and set resolver because nginx will fail if host is not (yet) reachable during startup 2018-08-07 09:27:02 +02:00
Tobias Hachmer
d4a4f576c9 Rename fastd instance intragate to backbone 2018-07-25 14:08:45 +02:00
Tobias Hachmer
f792b4bdaf Role firmware-build-server: delete deprecated templates 2018-07-24 21:16:53 +02:00
Tobias Hachmer
88bee34235 Restructure and update role for firmware build server
* rename role ffmwu-build -> firmware-build-server
* rename playbook build-server to firmware-build-server
2018-07-24 17:09:02 +02:00
Julian Labus
f0d8d2f170
Role service-nginx-firmware: forward ACME HTTP requests and enable HTTPS for vhosts 2018-06-15 09:08:25 +02:00
Julian Labus
43b9bc4407
Role service-nginx: add tasks to forward ACME HTTP requests and fetch certificates 2018-06-15 09:04:33 +02:00
Julian Labus
50cc1a3efa
Role prerequisites: add task to generate SSH keys 2018-06-15 09:00:43 +02:00
Tobias Hachmer
98324509dd Role users: update public key of kokel 2018-03-20 06:27:03 +01:00
Tobias Hachmer
bd8586f20a Role service-respondd: update exec option 2018-03-04 20:54:23 +01:00
Tobias Hachmer
6904d9fb25 Role server-basic: add template for standard apt sources 2018-03-04 19:51:35 +01:00
Tobias Hachmer
dda20fcdae Role service-prometheus: fix trailing spaces 2018-03-02 07:18:19 +01:00
Tobias Hachmer
886cdb2417 Handlers: move all handlers into their roles, again 2018-03-01 06:34:55 +01:00
Julian Labus
a97d27779d
Fix READMEs 2018-02-28 15:20:51 +01:00
Julian Labus
004681b553
Role service-bird: calculate peer addresses of other ansible managed hosts 2018-02-28 11:16:55 +01:00
Julian Labus
d4d4ad0147
Role service-fastd-mesh: replace rstrip with rsplit 2018-02-28 11:16:49 +01:00
Julian Labus
0d60aa9f99
Role network-meshbridge: don't set individual MAC on bridge 2018-02-28 11:16:37 +01:00
Julian Labus
dc72070628
Role system-sysctl-gateway: add small delay to sysctl startup
- sysctl starts to quick after modules-load and setting the nf_conntrack parameters fails
2018-02-28 11:16:30 +01:00
Julian Labus
f5732aeb2a
Role network-routing: fix netmasks 2018-02-28 11:16:22 +01:00
Julian Labus
f81a5c1a5f
Role network-iptables-gateway: load module nf_conntrack at boot 2018-02-28 11:16:15 +01:00
Tobias Hachmer
7359c03bf8 Role service-nginx: enable IPv6 support 2018-02-28 06:15:43 +01:00
Tobias Hachmer
89281c68a8 Role server-basic: ensure rpcbind is not installed 2018-02-28 06:06:14 +01:00
Tobias Hachmer
3c8d012ac7 Add role users 2018-02-28 06:04:25 +01:00
Julian Labus
be84e6f148
Role service-nginx-firmware: enable IPv6 support 2018-02-25 18:13:26 +01:00
Tobias Hachmer
4ccb9a52ea Revert "Role network-meshbridge: update workaround to set hwaddress"
This reverts commit f81bbfed65.
2018-02-06 06:00:16 +01:00
Tobias Hachmer
a947803e28 Revert "Role network-routing: move interface specific routes to role network-meshbridge"
This reverts commit d3298d4a3c.
2018-02-06 06:00:01 +01:00
Tobias Hachmer
e633015873 Role service-fastd: explicitly clear ExecStart to prevent multiple definitions 2018-02-05 20:44:41 +01:00
Tobias Hachmer
bd52ad6dd7 Role server-basic: fix networking.service from ifupdown2 - some interfaces come up too late 2018-02-05 17:37:52 +01:00
Tobias Hachmer
95140f12ea Role service-fastd: configure systemd service unit overrides instead of replacing the whole file 2018-02-05 15:46:56 +01:00
Tobias Hachmer
3e311bd995 Role service-dhcpd: add override settings for kea-dhcp4-server service unit 2018-02-05 15:31:40 +01:00
Julian Labus
d3298d4a3c Role network-routing: move interface specific routes to role network-meshbridge 2018-02-02 06:38:06 +01:00
Julian Labus
f81bbfed65 Role network-meshbridge: update workaround to set hwaddress
`pre-up` doesn't work properly as it is called before the bridge is created.
Initializing the bridge via `up` in the batman mesh interface seems to be a better solution.
2018-02-02 06:38:06 +01:00
Tobias Hachmer
b246e8982b Add role service-nullmailer 2018-01-07 17:40:33 +01:00
Tobias Hachmer
90f486eb60 Role service-bird-icvpn: correct roa log messages 2018-01-02 10:45:09 +01:00
Tobias Hachmer
64f99ea396 Rename ffmwu custom config config dir from ~/.config to ~/.ffmwu-config 2017-12-31 13:41:46 +01:00
Tobias Hachmer
41a1d0bac3 Add role service-vnstat 2017-12-31 12:40:00 +01:00
Tobias Hachmer
7c80d75632 Role server-basic: update handling of dummy module 2017-12-30 23:10:11 +01:00
Tobias Hachmer
c79fb69789 Role server-basic: add unattended-upgrades 2017-12-30 22:47:58 +01:00
Tobias Hachmer
b36f4dfe5b Role service-fastd-mesh: update peer limit config
* rename setting timeout to remote_data_timeout
* introduce setting remote_fetch_timeout
2017-12-30 11:26:47 +01:00
Tobias Hachmer
7757387dd5 Role service-nginx: add nginx.conf templating 2017-12-29 20:31:46 +01:00
Tobias Hachmer
a2104ddcc5 Role service-tinc: fix handling of systemd unit
* remove init script if present
* nets.boot not necessary with new systemd unit
* update systemd tasks to use systemd unit tinc@
* update handler
2017-12-29 14:27:52 +01:00
Tobias Hachmer
0a51ee02a3 Role service-dhcpd: change dhcp daemon to kea 2017-12-28 22:12:00 +01:00
n0trax
7abc41ee92 Fix systemd service scripts (#12) 2017-12-14 19:45:27 +01:00
Tobias Hachmer
2faa4e11dd Role network-iptables-gateway: omit dropping invalid packets 2017-12-14 06:33:39 +01:00
n0trax
ad5b658467 Add prometheus role (#9) 2017-12-05 05:58:34 +01:00
Tobias Hachmer
0f9cee0e7d Role service-tinc: add task to enable post-merge script 2017-12-04 16:32:38 +01:00
Tobias Hachmer
89c187a975 Role network-routing: add missing service dependency for ffmwu-static-routes service unit 2017-12-04 06:21:25 +01:00
Tobias Hachmer
466a08a0b3 Role service-fastd-mesh: ensure fastd_status.json file is present; reorder nginx roles 2017-11-30 23:12:15 +01:00
Tobias Hachmer
80bd91a469 Role network-iptables-gateway: fix freifunk bridge rules 2017-11-14 23:09:55 +01:00
Tobias Hachmer
071bdb40d4 Role service-tinc: rework passwordstore lookup 2017-11-12 20:39:33 +01:00
Tobias Hachmer
78a141305d Rework passwordstore lookup handling in roles service-fastd-mesh und service-fastd-intragate 2017-11-12 20:27:12 +01:00
Tobias Hachmer
7437095761 Roles service-fastd-[mesh|intragate]: reload networking on fastd instance start 2017-11-12 15:08:41 +01:00
Tobias Hachmer
10d25ee031 Move dummy module from role kmod-batman to server-basic 2017-11-12 14:35:11 +01:00
Tobias Hachmer
07eda681ca Roles service-fastd-mesh + service-fastd-intragate
- remove on-up|on-down stanzas from fastd.conf
- update readme
2017-11-12 14:12:07 +01:00
Tobias Hachmer
7a482e195f Role server-basic: add locale setting 2017-11-12 12:44:20 +01:00
Tobias Hachmer
9d08803a9e Rename role server-repos to server-apt-repos
- Role server-apt-repos: add readme
2017-11-12 11:30:44 +01:00
Tobias Hachmer
42d407340a Role network-meshbridge: workaround to set mac address on boot and get ipv6 address configured correctly 2017-11-12 00:31:14 +01:00
Tobias Hachmer
623faaa40f Role prerequisites: add cname asserts 2017-11-11 23:24:49 +01:00
Tobias Hachmer
99a77aa0b7 Role server-repos: remove universe-factory repo since fastd package is available in debian upstream 2017-11-09 06:20:23 +01:00
Tobias Hachmer
f0564b5ad2 Role service-respondd: install python3 module dependency 2017-11-07 20:25:39 +01:00
Tobias Hachmer
b1480594fa Role server-repos: change ffmwu repo to stretch 2017-11-07 20:23:23 +01:00
Tobias Hachmer
fc04651e8b Lowercase all network interface names 2017-11-06 21:24:56 +01:00
Tobias Hachmer
387f3bbf6b Update fastd peer limit configuration
* add list of legacy gateways (temporarily)
 * change backend-scripts branch to ansible
 * Role server-basic: ensure ffmwu config directory is present
 * Role service-fastd: add fastd-status script
 * role service-fastd-mesh: add templating for fastd peer limit
configuration
2017-11-06 17:41:17 +01:00
Tobias Hachmer
67c915e877 Role service-respondd: also listen on fastd-interfaces 2017-10-31 22:54:58 +01:00
Tobias Hachmer
d6eea602b7 Flush handlers after configuring network interfaces 2017-10-29 21:26:10 +01:00
Tobias Hachmer
f00a216fef Role service-nginx: add autoindex options to default vhost 2017-10-29 21:24:48 +01:00
Tobias Hachmer
dc146df5f7 Add role service-nginx-firmware 2017-10-27 11:41:00 +02:00
Tobias Hachmer
545162a46f Add role service-nginx 2017-10-27 11:38:02 +02:00
Tobias Hachmer
8212e17d6a Ensure systemd units are started 2017-10-26 22:35:55 +02:00
Tobias Hachmer
a2110b33ee Fix some whitespaces 2017-10-26 22:29:15 +02:00
Tobias Hachmer
ac48746a11 Roles service-fastd-[intragate|mesh]: update mac prefixes due to fastd instances change 2017-10-25 19:50:06 +02:00
Tobias Hachmer
57fff0410e Add role service-respondd 2017-10-15 10:18:26 +02:00
Tobias Hachmer
130980d863 Role network-routing: fix typos in ffmwu-del-ip-rules.sh template 2017-10-14 22:07:01 +02:00
Tobias Hachmer
00307bc9be Move IP rules from role service-rclocal to role network-routing
- add scripts to configure and delete IP rules via a systemd unit
- delete role `service-rclocal`
- update README.md
- add new handler
2017-10-13 07:59:43 +02:00
Tobias Hachmer
f934a88661 Move all handlers to one single role 2017-10-13 07:28:41 +02:00
Tobias Hachmer
f56215f03c Remove unnecessary handlers 2017-10-11 22:04:36 +02:00
Tobias Hachmer
79017f02d6 Use package module where possible instead of apt 2017-10-11 17:53:20 +02:00
Tobias Hachmer
4ce00a6ac3 Add role network-routing
- move static routes from role service-rclocal to scripts run by systemd
unit
- mv routing specific sysctl settings
2017-10-11 06:52:24 +02:00
Tobias Hachmer
f18e53e4e7 Role service-fastd: use own systemd unit fastd@.service
- original uses %I which does not escaping, so dashes will be replaced
by slashes
- use %i instead of %I
2017-10-08 11:35:22 +02:00
Tobias Hachmer
c56dc3504c Role service-fastd-mesh: fix typo in handler 2017-10-08 10:51:04 +02:00
Tobias Hachmer
534b0d045c Role network-fastd: update README.md 2017-10-08 09:44:42 +02:00
Tobias Hachmer
e1e723809f Role network-batman: update batman-ifaces due to fastd instance change
- update README.md
2017-10-08 09:36:38 +02:00
Tobias Hachmer
4732338cee Roles service-fastd-[mesh|intragate]: update role dependencies 2017-10-07 01:08:48 +02:00
Tobias Hachmer
53d30c8ded Restructure fastd configuration to define multiple instances easily
- introduce mesh subdictionary `fastd`
 - change fastd instance naming
 - change fastd network interface naming (identical with fastd instance
names)
 - change mac address prefixes
2017-10-07 00:57:35 +02:00
Tobias Hachmer
63ca114c95 Migrate nested dictionary meshes into a list of dictionaries
- migrate dictionary `ipv6` into two simple lists
 - migrate dictionary `forward_zones` into a list
2017-10-06 22:58:00 +02:00
Tobias Hachmer
829d931ff9 Role service-fastd-mesh: add systemd timer for fastd peer limit update script 2017-10-06 11:47:09 +02:00
Tobias Hachmer
7e181923b3 Role service-fastd: ensure fastd service is masked 2017-10-06 10:49:41 +02:00
Tobias Hachmer
a2fa5ff223 Role service-fastd-mesh: move peer limit to a separate file which isn't managed by ansible 2017-10-06 10:38:26 +02:00
Tobias Hachmer
900eacafb2 Fix wrong IP subnet calculation in roles service-radvd + service-rclocal 2017-10-06 09:56:14 +02:00
Tobias Hachmer
ea08c856ac Update some ipaddr filters 2017-10-06 00:15:31 +02:00
Tobias Hachmer
c4ed75ed36 Roles service-bird[|-ffrl|-icvpn]: rework handlers 2017-10-04 19:46:16 +02:00
Tobias Hachmer
94da0613a4 FFRL Internet Exit: move IPv4 NAT address to a single dummy interface 2017-10-04 13:51:03 +02:00
Tobias Hachmer
cc43741a91 Role network-iptables-gateway: rename var internet_exit_mtu_ipv[4|6] to internet_exit_tcp_mss_ipv[4|6] 2017-10-04 12:55:29 +02:00
Tobias Hachmer
b46be69a26 Role service-rclocal: fix wrong interface 2017-10-04 01:02:15 +02:00
Tobias Hachmer
98e1b60e00 Roles service-fastd-mesh + service-fastd-intragate: rename fastd socket 2017-10-04 00:51:18 +02:00
Tobias Hachmer
817f86abb7 Role service-bird-icvpn: rename systemd unit+timer icvpn-update to icvpn-tinc-bgp-update 2017-10-04 00:25:29 +02:00
Tobias Hachmer
b0f0d63383 Role service-bind-slave: add systemd unit + timer to update icvpn bind config 2017-10-04 00:20:50 +02:00
Tobias Hachmer
31e0b6da67 Role service-bind-slave: fix file permissions 2017-10-04 00:05:53 +02:00
Tobias Hachmer
1f7ab3c620 Role git-repos: change branch of backend-scripts repo to drop-photon 2017-10-03 23:32:00 +02:00
Tobias Hachmer
224a61a481 Role service-bird + service-bird-icvpn: add systemd unit + timer to update roa+peers+tinc hosts 2017-10-03 23:31:15 +02:00
Tobias Hachmer
0fa92eef1c Role service-fastd-mesh: add systemd unit + timer to update mesh peers 2017-10-03 23:30:02 +02:00
Tobias Hachmer
07a0b25a09 Role service-radvd: make more parameters configurable 2017-10-03 21:24:36 +02:00
Tobias Hachmer
a1705da9a0 Role service-radvd: optimize ipaddr filters 2017-10-03 21:18:39 +02:00
Tobias Hachmer
ef6bedfee5 Update loop keys 2017-10-03 20:52:37 +02:00
Tobias Hachmer
937238d26e Role service-radvd: update handlers 2017-10-03 20:43:23 +02:00
Tobias Hachmer
7506fae8a5 Role service-tinc: use a task instead of a handler for systemd stuff 2017-10-03 20:40:48 +02:00
Tobias Hachmer
3ee405bdf2 Restructure service-fastd roles
- migrate role git-fastd-peers
- add role service-fastd
- add repo clone for ffbin peers (currently hardcoded)
- add role dependency to role service-fastd-mesh +
service-fastd-intragate
- add systemd handlers
2017-10-03 20:25:17 +02:00
Tobias Hachmer
01af6903e6 Role service-fastd-mesh + service-fastd-intragate: fix mac address format 2017-10-03 15:13:00 +02:00
Tobias Hachmer
a112f6305e Role service-dhcpd: fix disabled notify 2017-10-03 14:44:38 +02:00
Tobias Hachmer
2f32bd6c1e Restructure network interfaces in order to use ifupdown2
- rewrite interface templates for batman, fastd, ffrl and meshbridge
- add package ethtool to role server-basic
- use more ipaddr filters and get rid of unneeded variables in dict
ffrl_exit_server
- change ffrl_public_ipv4_nat variable to ip/prefix format
- update readme files
2017-10-03 14:37:39 +02:00
Tobias Hachmer
821834c4b8 Add role service-bind-slave 2017-10-02 23:34:53 +02:00
Tobias Hachmer
5e38e4f6fb Role service-bird-icvpn: use a task and not a handler to set file attrs 2017-10-02 23:08:53 +02:00
Tobias Hachmer
2e0e474ba7 Role kmod-batman: load kernel modules 2017-10-02 11:21:01 +02:00
Tobias Hachmer
b285305fe1 Add role network-iptables-gateway
- move netfilter specific sysctl settings
2017-10-02 11:18:16 +02:00
Tobias Hachmer
4596743a56 Add readme for role prerequisites 2017-10-02 11:15:58 +02:00
Tobias Hachmer
3a9edaa666 Add version to git modules in roles:
- git-fastd-peers
- git-repos
- service-tinc
2017-10-02 11:15:58 +02:00
Tobias Hachmer
41d6fb0ff1 Add role system-sysctl-gateway 2017-10-02 11:15:58 +02:00
Tobias Hachmer
846f385a21 Add role service-tinc 2017-10-02 11:15:58 +02:00
Tobias Hachmer
ab45622570 Role server-basic: add package bridge-utils 2017-09-29 20:34:38 +02:00
Tobias Hachmer
c87cb61a6b Update readme of roles service-fastd-mesh + service-fastd-intragate 2017-09-28 20:09:18 +02:00
Tobias Hachmer
0edd928ec8 Role service-bird-ffrl: correct ipaddr filters 2017-09-18 13:22:55 +02:00
Tobias Hachmer
1c928881fc Retouch tasks due to 'become' defaults to True 2017-09-18 13:22:55 +02:00
n0trax
951ab924a5 Set 'become' default to True (#7) 2017-09-17 10:11:45 +02:00
Tobias Hachmer
6792950fca Add role service-bird-ffrl 2017-09-11 23:49:11 +02:00
Tobias Hachmer
dd6d5b6ec5 Add role service-bird-icvpn; add python3-yaml package to server-basic
role
2017-09-11 23:35:20 +02:00
Tobias Hachmer
a2816a152e Add role git-repos 2017-09-11 23:23:34 +02:00
n0trax
84755f8bb9 Move localtestvm to separate role (untested) (#6) 2017-09-11 23:23:34 +02:00
Tobias Hachmer
34369638dc Add role service-bird 2017-09-11 23:23:34 +02:00
Tobias Hachmer
6c238c7416 Add role service-rclocal 2017-09-11 23:23:34 +02:00
n0trax
166c67477b Add relaxed yamllint config and fix errors 2017-09-11 23:23:34 +02:00
n0trax
4131825286 Modify prerequisites role and integrate prerequisites role into all playbooks (#4) 2017-09-11 23:23:34 +02:00
Tobias Hachmer
ed03ad8573 Roles: add role documentation 2017-09-11 23:23:34 +02:00
Tobias Hachmer
94cb21daad Add a bunch of new roles
- Update Readme
- Update ansible.cfg
- Add playbook to set up gateways
- Add group variables
2017-09-11 23:21:44 +02:00
Tobias Hachmer
1f0b5925a8 Role test-prerequisites: improve tasks; update OS to current debian
stable
2017-09-05 11:29:13 +02:00
Tobias Hachmer
3270b5cc3e Inventory: clean up & rename role ffmwu-prereq to test-prerequisites
Remove all hosts which aren't set up by ansible, yet. Prepare to start
from scratch. Only add hosts to the inventory which will be set up
completly by ansible.
2017-09-05 11:25:13 +02:00
kaba
ab2efe5df3 not runnable yet! 2016-12-20 16:59:03 +01:00
kaba
8cbb75ffe6 moved apt and pip package handling to sparate role - first step to streamline roles 2016-12-12 16:05:46 +01:00
kaba
e530b3dba2 conflict resolution after concurrent edits 2016-11-28 17:06:28 +01:00
kaba
7ea7290b4f safeguard not to disrupt manually managed systems 2016-11-28 17:00:44 +01:00
Tobias Hachmer
0cb178663f Role ffmwu-meshing: rename task file names for better reading 2016-11-28 16:21:13 +01:00
Tobias Hachmer
6127353ae7 Update ansible role ffmwu-build
* use ecdsautils from ffmwu debian repo instead of building from source
 * remove some trailing white spaces
 * use command module instead of shell module where it is possible
 * update module syntax to list form for better reading
 * role ffmwu-build should be idempotent now
2016-11-26 14:17:14 +01:00
ka-ba
0167536d22 cleeeeaning womaaaan 2016-11-24 00:28:23 +01:00
kaba
d37f6a4e45 replaced photon bootstrap script 2016-11-23 17:59:08 +01:00
kaba
c63e9d9538 rudimental fixes, still failing though 2016-11-23 13:43:37 +01:00
Tobias Hachmer
9dd7b203db Roles: initially add role ffmwu-build and playbook for build-servers 2016-10-28 16:37:37 +02:00
Tobias Hachmer
1d9b50dbe6 Roles: add tasks to ffmwu-server
* ensure system user is present
 * ensure vim is the default editor
 * ensure timezone is Europe/Berlin (activate with ansible version 2.2)
2016-10-27 08:19:12 +02:00
ka-ba
40fe1d7fb5 fastd config differ for gates and for other meshing servers 2016-10-12 20:24:56 +02:00
ka-ba
1a96ad9ef7 set up meshing server (only local test for now) up to fastd - still missing: batman 2016-09-14 16:39:21 +02:00
ka-ba
ff9f0db3a6 req test for test VMs 2016-08-12 00:58:42 +02:00
ka-ba
33bfb4c427 allow additional ssh keys on specific hosts 2016-07-18 14:59:42 +02:00
ka-ba
07f094c177 kaschu, stonie, Debian 2016-07-16 00:54:54 +02:00
ka-ba
88fc423cc1 setup generic ffmwu server 2016-07-06 16:34:54 +02:00