Julian Labus
3e2b02cfd5
role prerequisites: add comment to ssh key
2018-09-18 12:48:09 +02:00
Julian Labus
4f39143026
add role nginx-meshviewer
2018-09-18 12:48:08 +02:00
Julian Labus
5e1a75965c
role git-repos: add option to force update
2018-09-18 12:48:08 +02:00
Julian Labus
81393955a0
add role service-grafana
2018-09-18 12:48:08 +02:00
Julian Labus
57a42f17de
add role service-yanic
2018-09-18 12:48:07 +02:00
Julian Labus
c65d39ee54
add role service-influxdb
2018-09-18 12:48:07 +02:00
Julian Labus
0153384d76
add role nodejs
2018-09-18 12:48:07 +02:00
Julian Labus
51c5330e36
add role golang
2018-09-18 12:48:07 +02:00
Julian Labus
280a6f9da6
add role yarn
2018-09-18 12:48:07 +02:00
Julian Labus
ee634b5397
role service-prometheus: change handlers from reload to restart and add handler to reload systemd units
2018-09-18 12:48:07 +02:00
Julian Labus
07ab6837fe
role service-nginx: add new config snippets gzip.conf and redirect-to-ssl.conf
2018-09-18 12:48:07 +02:00
Julian Labus
cfa648219b
role service-nginx: removed obsolete link "Traffic" from index.html
2018-09-18 12:48:06 +02:00
Julian Labus
ec039343df
service-prometheus: fix variables
2018-09-18 12:48:06 +02:00
Julian Labus
a6faeb0ff6
service-prometheus: update config to export metrics via nginx
2018-09-18 12:48:06 +02:00
Julian Labus
8f495b79c8
role network-batman + network-fastd: remove node vpn instances for non-gateway servers
2018-09-18 12:48:06 +02:00
Julian Labus
b8e122ee8c
role server-basic: add net-tools and dnsutils to package list
2018-09-18 12:48:06 +02:00
Julian Labus
f9340ac37b
role service-prometheus: update default versions
2018-09-18 12:48:06 +02:00
Julian Labus
8d7af519a5
split out gateway specific stuff to use roles for generic meshing servers
2018-09-18 12:48:05 +02:00
Julian Labus
37596e917d
role serivce-nginx: improve inital ACME certificate creation
2018-09-12 11:37:25 +02:00
Tobias Hachmer
a2bef9154a
Role network-routing: fix typos
2018-08-10 06:10:03 +02:00
Tobias Hachmer
13fa7414f0
Rename role system-sysctl-gateway to system-sysctl
2018-08-10 06:09:37 +02:00
Julian Labus
170f0f3000
service-nginx: fix wrong handler name
2018-08-07 11:21:09 +02:00
Julian Labus
26ec397029
service-nginx: try to start nginx.service if reload fails
2018-08-07 10:43:05 +02:00
Julian Labus
1af52aad51
replace all occurrences of iteritems()
with items()
as it was removed in Python 3
2018-08-07 10:32:23 +02:00
Julian Labus
30b5a5e4eb
service-nginx: move ACME hostname to variable and set resolver because nginx will fail if host is not (yet) reachable during startup
2018-08-07 09:27:02 +02:00
Tobias Hachmer
d4a4f576c9
Rename fastd instance intragate to backbone
2018-07-25 14:08:45 +02:00
Tobias Hachmer
f792b4bdaf
Role firmware-build-server: delete deprecated templates
2018-07-24 21:16:53 +02:00
Tobias Hachmer
88bee34235
Restructure and update role for firmware build server
...
* rename role ffmwu-build -> firmware-build-server
* rename playbook build-server to firmware-build-server
2018-07-24 17:09:02 +02:00
Julian Labus
f0d8d2f170
Role service-nginx-firmware: forward ACME HTTP requests and enable HTTPS for vhosts
2018-06-15 09:08:25 +02:00
Julian Labus
43b9bc4407
Role service-nginx: add tasks to forward ACME HTTP requests and fetch certificates
2018-06-15 09:04:33 +02:00
Julian Labus
50cc1a3efa
Role prerequisites: add task to generate SSH keys
2018-06-15 09:00:43 +02:00
Tobias Hachmer
98324509dd
Role users: update public key of kokel
2018-03-20 06:27:03 +01:00
Tobias Hachmer
bd8586f20a
Role service-respondd: update exec option
2018-03-04 20:54:23 +01:00
Tobias Hachmer
6904d9fb25
Role server-basic: add template for standard apt sources
2018-03-04 19:51:35 +01:00
Tobias Hachmer
dda20fcdae
Role service-prometheus: fix trailing spaces
2018-03-02 07:18:19 +01:00
Tobias Hachmer
886cdb2417
Handlers: move all handlers into their roles, again
2018-03-01 06:34:55 +01:00
Julian Labus
a97d27779d
Fix READMEs
2018-02-28 15:20:51 +01:00
Julian Labus
004681b553
Role service-bird: calculate peer addresses of other ansible managed hosts
2018-02-28 11:16:55 +01:00
Julian Labus
d4d4ad0147
Role service-fastd-mesh: replace rstrip with rsplit
2018-02-28 11:16:49 +01:00
Julian Labus
0d60aa9f99
Role network-meshbridge: don't set individual MAC on bridge
2018-02-28 11:16:37 +01:00
Julian Labus
dc72070628
Role system-sysctl-gateway: add small delay to sysctl startup
...
- sysctl starts to quick after modules-load and setting the nf_conntrack parameters fails
2018-02-28 11:16:30 +01:00
Julian Labus
f5732aeb2a
Role network-routing: fix netmasks
2018-02-28 11:16:22 +01:00
Julian Labus
f81a5c1a5f
Role network-iptables-gateway: load module nf_conntrack at boot
2018-02-28 11:16:15 +01:00
Tobias Hachmer
7359c03bf8
Role service-nginx: enable IPv6 support
2018-02-28 06:15:43 +01:00
Tobias Hachmer
89281c68a8
Role server-basic: ensure rpcbind is not installed
2018-02-28 06:06:14 +01:00
Tobias Hachmer
3c8d012ac7
Add role users
2018-02-28 06:04:25 +01:00
Julian Labus
be84e6f148
Role service-nginx-firmware: enable IPv6 support
2018-02-25 18:13:26 +01:00
Tobias Hachmer
4ccb9a52ea
Revert "Role network-meshbridge: update workaround to set hwaddress"
...
This reverts commit f81bbfed65
.
2018-02-06 06:00:16 +01:00
Tobias Hachmer
a947803e28
Revert "Role network-routing: move interface specific routes to role network-meshbridge"
...
This reverts commit d3298d4a3c
.
2018-02-06 06:00:01 +01:00
Tobias Hachmer
e633015873
Role service-fastd: explicitly clear ExecStart to prevent multiple definitions
2018-02-05 20:44:41 +01:00
Tobias Hachmer
bd52ad6dd7
Role server-basic: fix networking.service from ifupdown2 - some interfaces come up too late
2018-02-05 17:37:52 +01:00
Tobias Hachmer
95140f12ea
Role service-fastd: configure systemd service unit overrides instead of replacing the whole file
2018-02-05 15:46:56 +01:00
Tobias Hachmer
3e311bd995
Role service-dhcpd: add override settings for kea-dhcp4-server service unit
2018-02-05 15:31:40 +01:00
Julian Labus
d3298d4a3c
Role network-routing: move interface specific routes to role network-meshbridge
2018-02-02 06:38:06 +01:00
Julian Labus
f81bbfed65
Role network-meshbridge: update workaround to set hwaddress
...
`pre-up` doesn't work properly as it is called before the bridge is created.
Initializing the bridge via `up` in the batman mesh interface seems to be a better solution.
2018-02-02 06:38:06 +01:00
Tobias Hachmer
b246e8982b
Add role service-nullmailer
2018-01-07 17:40:33 +01:00
Tobias Hachmer
90f486eb60
Role service-bird-icvpn: correct roa log messages
2018-01-02 10:45:09 +01:00
Tobias Hachmer
64f99ea396
Rename ffmwu custom config config dir from ~/.config to ~/.ffmwu-config
2017-12-31 13:41:46 +01:00
Tobias Hachmer
41a1d0bac3
Add role service-vnstat
2017-12-31 12:40:00 +01:00
Tobias Hachmer
7c80d75632
Role server-basic: update handling of dummy module
2017-12-30 23:10:11 +01:00
Tobias Hachmer
c79fb69789
Role server-basic: add unattended-upgrades
2017-12-30 22:47:58 +01:00
Tobias Hachmer
b36f4dfe5b
Role service-fastd-mesh: update peer limit config
...
* rename setting timeout to remote_data_timeout
* introduce setting remote_fetch_timeout
2017-12-30 11:26:47 +01:00
Tobias Hachmer
7757387dd5
Role service-nginx: add nginx.conf templating
2017-12-29 20:31:46 +01:00
Tobias Hachmer
a2104ddcc5
Role service-tinc: fix handling of systemd unit
...
* remove init script if present
* nets.boot not necessary with new systemd unit
* update systemd tasks to use systemd unit tinc@
* update handler
2017-12-29 14:27:52 +01:00
Tobias Hachmer
0a51ee02a3
Role service-dhcpd: change dhcp daemon to kea
2017-12-28 22:12:00 +01:00
n0trax
7abc41ee92
Fix systemd service scripts ( #12 )
2017-12-14 19:45:27 +01:00
Tobias Hachmer
2faa4e11dd
Role network-iptables-gateway: omit dropping invalid packets
2017-12-14 06:33:39 +01:00
n0trax
ad5b658467
Add prometheus role ( #9 )
2017-12-05 05:58:34 +01:00
Tobias Hachmer
0f9cee0e7d
Role service-tinc: add task to enable post-merge script
2017-12-04 16:32:38 +01:00
Tobias Hachmer
89c187a975
Role network-routing: add missing service dependency for ffmwu-static-routes service unit
2017-12-04 06:21:25 +01:00
Tobias Hachmer
466a08a0b3
Role service-fastd-mesh: ensure fastd_status.json file is present; reorder nginx roles
2017-11-30 23:12:15 +01:00
Tobias Hachmer
80bd91a469
Role network-iptables-gateway: fix freifunk bridge rules
2017-11-14 23:09:55 +01:00
Tobias Hachmer
071bdb40d4
Role service-tinc: rework passwordstore lookup
2017-11-12 20:39:33 +01:00
Tobias Hachmer
78a141305d
Rework passwordstore lookup handling in roles service-fastd-mesh und service-fastd-intragate
2017-11-12 20:27:12 +01:00
Tobias Hachmer
7437095761
Roles service-fastd-[mesh|intragate]: reload networking on fastd instance start
2017-11-12 15:08:41 +01:00
Tobias Hachmer
10d25ee031
Move dummy module from role kmod-batman to server-basic
2017-11-12 14:35:11 +01:00
Tobias Hachmer
07eda681ca
Roles service-fastd-mesh + service-fastd-intragate
...
- remove on-up|on-down stanzas from fastd.conf
- update readme
2017-11-12 14:12:07 +01:00
Tobias Hachmer
7a482e195f
Role server-basic: add locale setting
2017-11-12 12:44:20 +01:00
Tobias Hachmer
9d08803a9e
Rename role server-repos to server-apt-repos
...
- Role server-apt-repos: add readme
2017-11-12 11:30:44 +01:00
Tobias Hachmer
42d407340a
Role network-meshbridge: workaround to set mac address on boot and get ipv6 address configured correctly
2017-11-12 00:31:14 +01:00
Tobias Hachmer
623faaa40f
Role prerequisites: add cname asserts
2017-11-11 23:24:49 +01:00
Tobias Hachmer
99a77aa0b7
Role server-repos: remove universe-factory repo since fastd package is available in debian upstream
2017-11-09 06:20:23 +01:00
Tobias Hachmer
f0564b5ad2
Role service-respondd: install python3 module dependency
2017-11-07 20:25:39 +01:00
Tobias Hachmer
b1480594fa
Role server-repos: change ffmwu repo to stretch
2017-11-07 20:23:23 +01:00
Tobias Hachmer
fc04651e8b
Lowercase all network interface names
2017-11-06 21:24:56 +01:00
Tobias Hachmer
387f3bbf6b
Update fastd peer limit configuration
...
* add list of legacy gateways (temporarily)
* change backend-scripts branch to ansible
* Role server-basic: ensure ffmwu config directory is present
* Role service-fastd: add fastd-status script
* role service-fastd-mesh: add templating for fastd peer limit
configuration
2017-11-06 17:41:17 +01:00
Tobias Hachmer
67c915e877
Role service-respondd: also listen on fastd-interfaces
2017-10-31 22:54:58 +01:00
Tobias Hachmer
d6eea602b7
Flush handlers after configuring network interfaces
2017-10-29 21:26:10 +01:00
Tobias Hachmer
f00a216fef
Role service-nginx: add autoindex options to default vhost
2017-10-29 21:24:48 +01:00
Tobias Hachmer
dc146df5f7
Add role service-nginx-firmware
2017-10-27 11:41:00 +02:00
Tobias Hachmer
545162a46f
Add role service-nginx
2017-10-27 11:38:02 +02:00
Tobias Hachmer
8212e17d6a
Ensure systemd units are started
2017-10-26 22:35:55 +02:00
Tobias Hachmer
a2110b33ee
Fix some whitespaces
2017-10-26 22:29:15 +02:00
Tobias Hachmer
ac48746a11
Roles service-fastd-[intragate|mesh]: update mac prefixes due to fastd instances change
2017-10-25 19:50:06 +02:00
Tobias Hachmer
57fff0410e
Add role service-respondd
2017-10-15 10:18:26 +02:00
Tobias Hachmer
130980d863
Role network-routing: fix typos in ffmwu-del-ip-rules.sh template
2017-10-14 22:07:01 +02:00
Tobias Hachmer
00307bc9be
Move IP rules from role service-rclocal
to role network-routing
...
- add scripts to configure and delete IP rules via a systemd unit
- delete role `service-rclocal`
- update README.md
- add new handler
2017-10-13 07:59:43 +02:00
Tobias Hachmer
f934a88661
Move all handlers to one single role
2017-10-13 07:28:41 +02:00
Tobias Hachmer
f56215f03c
Remove unnecessary handlers
2017-10-11 22:04:36 +02:00
Tobias Hachmer
79017f02d6
Use package module where possible instead of apt
2017-10-11 17:53:20 +02:00
Tobias Hachmer
4ce00a6ac3
Add role network-routing
...
- move static routes from role service-rclocal to scripts run by systemd
unit
- mv routing specific sysctl settings
2017-10-11 06:52:24 +02:00
Tobias Hachmer
f18e53e4e7
Role service-fastd: use own systemd unit fastd@.service
...
- original uses %I which does not escaping, so dashes will be replaced
by slashes
- use %i instead of %I
2017-10-08 11:35:22 +02:00
Tobias Hachmer
c56dc3504c
Role service-fastd-mesh: fix typo in handler
2017-10-08 10:51:04 +02:00
Tobias Hachmer
534b0d045c
Role network-fastd: update README.md
2017-10-08 09:44:42 +02:00
Tobias Hachmer
e1e723809f
Role network-batman: update batman-ifaces due to fastd instance change
...
- update README.md
2017-10-08 09:36:38 +02:00
Tobias Hachmer
4732338cee
Roles service-fastd-[mesh|intragate]: update role dependencies
2017-10-07 01:08:48 +02:00
Tobias Hachmer
53d30c8ded
Restructure fastd configuration to define multiple instances easily
...
- introduce mesh subdictionary `fastd`
- change fastd instance naming
- change fastd network interface naming (identical with fastd instance
names)
- change mac address prefixes
2017-10-07 00:57:35 +02:00
Tobias Hachmer
63ca114c95
Migrate nested dictionary meshes
into a list of dictionaries
...
- migrate dictionary `ipv6` into two simple lists
- migrate dictionary `forward_zones` into a list
2017-10-06 22:58:00 +02:00
Tobias Hachmer
829d931ff9
Role service-fastd-mesh: add systemd timer for fastd peer limit update script
2017-10-06 11:47:09 +02:00
Tobias Hachmer
7e181923b3
Role service-fastd: ensure fastd service is masked
2017-10-06 10:49:41 +02:00
Tobias Hachmer
a2fa5ff223
Role service-fastd-mesh: move peer limit to a separate file which isn't managed by ansible
2017-10-06 10:38:26 +02:00
Tobias Hachmer
900eacafb2
Fix wrong IP subnet calculation in roles service-radvd + service-rclocal
2017-10-06 09:56:14 +02:00
Tobias Hachmer
ea08c856ac
Update some ipaddr filters
2017-10-06 00:15:31 +02:00
Tobias Hachmer
c4ed75ed36
Roles service-bird[|-ffrl|-icvpn]: rework handlers
2017-10-04 19:46:16 +02:00
Tobias Hachmer
94da0613a4
FFRL Internet Exit: move IPv4 NAT address to a single dummy interface
2017-10-04 13:51:03 +02:00
Tobias Hachmer
cc43741a91
Role network-iptables-gateway: rename var internet_exit_mtu_ipv[4|6] to internet_exit_tcp_mss_ipv[4|6]
2017-10-04 12:55:29 +02:00
Tobias Hachmer
b46be69a26
Role service-rclocal: fix wrong interface
2017-10-04 01:02:15 +02:00
Tobias Hachmer
98e1b60e00
Roles service-fastd-mesh + service-fastd-intragate: rename fastd socket
2017-10-04 00:51:18 +02:00
Tobias Hachmer
817f86abb7
Role service-bird-icvpn: rename systemd unit+timer icvpn-update to icvpn-tinc-bgp-update
2017-10-04 00:25:29 +02:00
Tobias Hachmer
b0f0d63383
Role service-bind-slave: add systemd unit + timer to update icvpn bind config
2017-10-04 00:20:50 +02:00
Tobias Hachmer
31e0b6da67
Role service-bind-slave: fix file permissions
2017-10-04 00:05:53 +02:00
Tobias Hachmer
1f7ab3c620
Role git-repos: change branch of backend-scripts repo to drop-photon
2017-10-03 23:32:00 +02:00
Tobias Hachmer
224a61a481
Role service-bird + service-bird-icvpn: add systemd unit + timer to update roa+peers+tinc hosts
2017-10-03 23:31:15 +02:00
Tobias Hachmer
0fa92eef1c
Role service-fastd-mesh: add systemd unit + timer to update mesh peers
2017-10-03 23:30:02 +02:00
Tobias Hachmer
07a0b25a09
Role service-radvd: make more parameters configurable
2017-10-03 21:24:36 +02:00
Tobias Hachmer
a1705da9a0
Role service-radvd: optimize ipaddr filters
2017-10-03 21:18:39 +02:00
Tobias Hachmer
ef6bedfee5
Update loop keys
2017-10-03 20:52:37 +02:00
Tobias Hachmer
937238d26e
Role service-radvd: update handlers
2017-10-03 20:43:23 +02:00
Tobias Hachmer
7506fae8a5
Role service-tinc: use a task instead of a handler for systemd stuff
2017-10-03 20:40:48 +02:00
Tobias Hachmer
3ee405bdf2
Restructure service-fastd roles
...
- migrate role git-fastd-peers
- add role service-fastd
- add repo clone for ffbin peers (currently hardcoded)
- add role dependency to role service-fastd-mesh +
service-fastd-intragate
- add systemd handlers
2017-10-03 20:25:17 +02:00
Tobias Hachmer
01af6903e6
Role service-fastd-mesh + service-fastd-intragate: fix mac address format
2017-10-03 15:13:00 +02:00
Tobias Hachmer
a112f6305e
Role service-dhcpd: fix disabled notify
2017-10-03 14:44:38 +02:00
Tobias Hachmer
2f32bd6c1e
Restructure network interfaces in order to use ifupdown2
...
- rewrite interface templates for batman, fastd, ffrl and meshbridge
- add package ethtool to role server-basic
- use more ipaddr filters and get rid of unneeded variables in dict
ffrl_exit_server
- change ffrl_public_ipv4_nat variable to ip/prefix format
- update readme files
2017-10-03 14:37:39 +02:00
Tobias Hachmer
821834c4b8
Add role service-bind-slave
2017-10-02 23:34:53 +02:00
Tobias Hachmer
5e38e4f6fb
Role service-bird-icvpn: use a task and not a handler to set file attrs
2017-10-02 23:08:53 +02:00
Tobias Hachmer
2e0e474ba7
Role kmod-batman: load kernel modules
2017-10-02 11:21:01 +02:00
Tobias Hachmer
b285305fe1
Add role network-iptables-gateway
...
- move netfilter specific sysctl settings
2017-10-02 11:18:16 +02:00
Tobias Hachmer
4596743a56
Add readme for role prerequisites
2017-10-02 11:15:58 +02:00
Tobias Hachmer
3a9edaa666
Add version to git modules in roles:
...
- git-fastd-peers
- git-repos
- service-tinc
2017-10-02 11:15:58 +02:00
Tobias Hachmer
41d6fb0ff1
Add role system-sysctl-gateway
2017-10-02 11:15:58 +02:00
Tobias Hachmer
846f385a21
Add role service-tinc
2017-10-02 11:15:58 +02:00
Tobias Hachmer
ab45622570
Role server-basic: add package bridge-utils
2017-09-29 20:34:38 +02:00
Tobias Hachmer
c87cb61a6b
Update readme of roles service-fastd-mesh + service-fastd-intragate
2017-09-28 20:09:18 +02:00
Tobias Hachmer
0edd928ec8
Role service-bird-ffrl: correct ipaddr filters
2017-09-18 13:22:55 +02:00
Tobias Hachmer
1c928881fc
Retouch tasks due to 'become' defaults to True
2017-09-18 13:22:55 +02:00
n0trax
951ab924a5
Set 'become' default to True ( #7 )
2017-09-17 10:11:45 +02:00
Tobias Hachmer
6792950fca
Add role service-bird-ffrl
2017-09-11 23:49:11 +02:00
Tobias Hachmer
dd6d5b6ec5
Add role service-bird-icvpn; add python3-yaml package to server-basic
...
role
2017-09-11 23:35:20 +02:00
Tobias Hachmer
a2816a152e
Add role git-repos
2017-09-11 23:23:34 +02:00
n0trax
84755f8bb9
Move localtestvm to separate role (untested) ( #6 )
2017-09-11 23:23:34 +02:00