63ca114c95
- migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list
127 lines
3 KiB
YAML
127 lines
3 KiB
YAML
---
|
|
- name: configure systemd unit fastd@
|
|
systemd:
|
|
name: "fastd@{{ item.id }}VPN"
|
|
enabled: yes
|
|
with_items: "{{ meshes }}"
|
|
|
|
- name: create fastd directories
|
|
file:
|
|
path: "/etc/fastd/{{ item.id }}VPN"
|
|
state: directory
|
|
mode: 0755
|
|
with_items: "{{ meshes }}"
|
|
|
|
- name: create fastd peer mesh directories
|
|
file:
|
|
path: "/etc/fastd/{{ item.id }}VPN/peers"
|
|
state: directory
|
|
mode: 0755
|
|
owner: admin
|
|
group: admin
|
|
with_items: "{{ meshes }}"
|
|
|
|
- name: create fastd peer mesh directories for ffbin
|
|
file:
|
|
path: "/etc/fastd/mzVPN/peers_bingen"
|
|
state: directory
|
|
mode: 0755
|
|
owner: admin
|
|
group: admin
|
|
|
|
- name: clone fastd peer mesh repos
|
|
git:
|
|
repo: "{{ item.peers_mesh_repo }}"
|
|
dest: "/etc/fastd/{{ item.id }}VPN/peers"
|
|
version: master
|
|
update: no
|
|
with_items: "{{ meshes }}"
|
|
become: false
|
|
|
|
- name: clone fastd peer mesh repo for ffbin
|
|
git:
|
|
repo: https://github.com/freifunk-bingen/peers-ffbin.git
|
|
dest: /etc/fastd/mzVPN/peers_bingen
|
|
version: master
|
|
update: no
|
|
become: false
|
|
|
|
- name: template fastd mesh config
|
|
template:
|
|
src: fastd-mesh.conf.j2
|
|
dest: "/etc/fastd/{{ item.id }}VPN/fastd.conf"
|
|
notify: restart fastd mesh instances
|
|
with_items: "{{ meshes }}"
|
|
|
|
- name: write fastd mesh secret
|
|
template:
|
|
src: fastd-secret.conf.j2
|
|
dest: "/etc/fastd/{{ item.id }}VPN/secret.conf"
|
|
notify: restart fastd mesh instances
|
|
with_items: "{{ meshes }}"
|
|
|
|
- name: copy peer_limit.conf if not exist
|
|
copy:
|
|
src: peer_limit.conf
|
|
dest: "/etc/fastd/{{ item.id }}VPN/peer_limit.conf"
|
|
owner: admin
|
|
group: admin
|
|
mode: 0640
|
|
force: no
|
|
notify: restart fastd mesh instances
|
|
with_items: "{{ meshes }}"
|
|
|
|
- name: set file attributes for peer_limit.conf
|
|
file:
|
|
path: "/etc/fastd/{{ item.id }}VPN/peer_limit.conf"
|
|
mode: 0640
|
|
owner: admin
|
|
group: admin
|
|
notify: restart fastd mesh instances
|
|
with_items: "{{ meshes }}"
|
|
|
|
- name: write systemd unit fastd-sync-meshkeys.service
|
|
template:
|
|
src: fastd-sync-meshkeys.service.j2
|
|
dest: /etc/systemd/system/fastd-sync-meshkeys.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: reload systemd
|
|
|
|
- name: write systemd timer fastd-sync-meshkeys.timer
|
|
template:
|
|
src: fastd-sync-meshkeys.timer.j2
|
|
dest: /etc/systemd/system/fastd-sync-meshkeys.timer
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: reload systemd
|
|
|
|
- name: write systemd unit fastd-peer-limit-update.service
|
|
template:
|
|
src: fastd-peer-limit-update.service.j2
|
|
dest: /etc/systemd/system/fastd-peer-limit-update.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: reload systemd
|
|
|
|
- name: write systemd timer fastd-peer-limit-update.timer
|
|
template:
|
|
src: fastd-peer-limit-update.timer.j2
|
|
dest: /etc/systemd/system/fastd-peer-limit-update.timer
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: reload systemd
|
|
|
|
- name: configure systemd timers for fastd-mesh instance
|
|
systemd:
|
|
name: "{{ item }}.timer"
|
|
enabled: yes
|
|
state: started
|
|
with_items:
|
|
- fastd-sync-meshkeys
|
|
- fastd-peer-limit-update
|