ff1dac07ba
* Add filename prefix to playbooks * Inventory: clean up & rename role ffmwu-prereq to test-prerequisites Remove all hosts which aren't set up by ansible, yet. Prepare to start from scratch. Only add hosts to the inventory which will be set up completly by ansible. * Role test-prerequisites: improve tasks; update OS to current debian stable * Add a bunch of new roles - Update Readme - Update ansible.cfg - Add playbook to set up gateways - Add group variables * Roles: add role documentation * Some restructuring (#3) * Modify prerequisites role and integrate prerequisites role into all playbooks (#4) * Add relaxed yamllint config and fix errors * Add role service-rclocal * Add role service-bird * Move localtestvm to separate role (untested) (#6) * Add role git-repos * Add role service-bird-icvpn; add python3-yaml package to server-basic role * Add role service-bird-ffrl * Set 'become' default to True (#7) * Retouch tasks due to 'become' defaults to True * Add role service-bird-ffrl to playbook gateways * Role service-bird-ffrl: correct ipaddr filters * Update readme of roles service-fastd-mesh + service-fastd-intragate * Update Readme.md - update passwordstore lookup for fastd secrets - add explanation about sensible informations * Role server-basic: add package bridge-utils * Add role service-tinc * Add role system-sysctl-gateway * Add version to git modules in roles: - git-fastd-peers - git-repos - service-tinc * Add readme for role prerequisites * Add role network-iptables-gateway - move netfilter specific sysctl settings * Role kmod-batman: load kernel modules * Role service-bird-icvpn: use a task and not a handler to set file attrs * Add role service-bind-slave * Restructure network interfaces in order to use ifupdown2 - rewrite interface templates for batman, fastd, ffrl and meshbridge - add package ethtool to role server-basic - use more ipaddr filters and get rid of unneeded variables in dict ffrl_exit_server - change ffrl_public_ipv4_nat variable to ip/prefix format - update readme files * Role service-dhcpd: fix disabled notify * Role service-fastd-mesh + service-fastd-intragate: fix mac address format * Restructure service-fastd roles - migrate role git-fastd-peers - add role service-fastd - add repo clone for ffbin peers (currently hardcoded) - add role dependency to role service-fastd-mesh + service-fastd-intragate - add systemd handlers * Role service-tinc: use a task instead of a handler for systemd stuff * Role service-radvd: update handlers * Update loop keys * Role service-radvd: optimize ipaddr filters * Role service-radvd: make more parameters configurable * Update Readme.md * Role service-fastd-mesh: add systemd unit + timer to update mesh peers * Role service-bird + service-bird-icvpn: add systemd unit + timer to update roa+peers+tinc hosts * Role git-repos: change branch of backend-scripts repo to drop-photon * Role service-bind-slave: fix file permissions * Role service-bind-slave: add systemd unit + timer to update icvpn bind config * Role service-bird-icvpn: rename systemd unit+timer icvpn-update to icvpn-tinc-bgp-update * Roles service-fastd-mesh + service-fastd-intragate: rename fastd socket * Role service-rclocal: fix wrong interface * Role network-iptables-gateway: rename var internet_exit_mtu_ipv[4|6] to internet_exit_tcp_mss_ipv[4|6] * FFRL Internet Exit: move IPv4 NAT address to a single dummy interface * Roles service-bird[|-ffrl|-icvpn]: rework handlers * Update some ipaddr filters * Fix wrong IP subnet calculation in roles service-radvd + service-rclocal * Role service-fastd-mesh: move peer limit to a separate file which isn't managed by ansible * Role service-fastd: ensure fastd service is masked * Role service-fastd-mesh: add systemd timer for fastd peer limit update script * Update Readme.md * Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list * Restructure fastd configuration to define multiple instances easily - introduce mesh subdictionary `fastd` - change fastd instance naming - change fastd network interface naming (identical with fastd instance names) - change mac address prefixes * Roles service-fastd-[mesh|intragate]: update role dependencies * Role network-batman: update batman-ifaces due to fastd instance change - update README.md * Role network-fastd: update README.md * Readme.md: add control machine requirements * Role service-fastd-mesh: fix typo in handler * Role service-fastd: use own systemd unit fastd@.service - original uses %I which does not escaping, so dashes will be replaced by slashes - use %i instead of %I * Add role network-routing - move static routes from role service-rclocal to scripts run by systemd unit - mv routing specific sysctl settings * Use package module where possible instead of apt * Remove unnecessary handlers * Move all handlers to one single role * Update Readme.md * Move IP rules from role `service-rclocal` to role `network-routing` - add scripts to configure and delete IP rules via a systemd unit - delete role `service-rclocal` - update README.md - add new handler * Role network-routing: fix typos in ffmwu-del-ip-rules.sh template * Add role service-respondd * Roles service-fastd-[intragate|mesh]: update mac prefixes due to fastd instances change * Fix some whitespaces * Ensure systemd units are started * Add role service-nginx * Add role service-nginx-firmware * Add missing variables for role service-nginx-firmware * Add roles service-nginx(-firmware) to playbook gateways * Role service-nginx: add autoindex options to default vhost * Flush handlers after configuring network interfaces * Role service-respondd: also listen on fastd-interfaces * Update fastd peer limit configuration * add list of legacy gateways (temporarily) * change backend-scripts branch to ansible * Role server-basic: ensure ffmwu config directory is present * Role service-fastd: add fastd-status script * role service-fastd-mesh: add templating for fastd peer limit configuration * Update Readme.md * Lowercase all network interface names * Inventory: add new gateway uffschnitt.freifunk-mwu.de * Role server-repos: change ffmwu repo to stretch * Role service-respondd: install python3 module dependency * Role server-repos: remove universe-factory repo since fastd package is available in debian upstream * Pretty format ansible.cfg * Inventory host_vars: use single file instead of subfolder * Role prerequisites: add cname asserts * Role network-meshbridge: workaround to set mac address on boot and get ipv6 address configured correctly * Playbook gateways: reorder roles * Rename role server-repos to server-apt-repos - Role server-apt-repos: add readme * Role server-basic: add locale setting * Roles service-fastd-mesh + service-fastd-intragate - remove on-up|on-down stanzas from fastd.conf - update readme * Move dummy module from role kmod-batman to server-basic * Roles service-fastd-[mesh|intragate]: reload networking on fastd instance start * Rework passwordstore lookup handling in roles service-fastd-mesh und service-fastd-intragate * Role service-tinc: rework passwordstore lookup * Role network-iptables-gateway: fix freifunk bridge rules * Role service-fastd-mesh: ensure fastd_status.json file is present; reorder nginx roles * Role network-routing: add missing service dependency for ffmwu-static-routes service unit * Role service-tinc: add task to enable post-merge script * Add prometheus role (#9)
174 lines
4 KiB
Text
174 lines
4 KiB
Text
---
|
|
as_private_mwu: 65037
|
|
as_public_ffrl: 201701
|
|
|
|
internet_exit_tcp_mss_ipv4: 1240
|
|
internet_exit_tcp_mss_ipv6: 1220
|
|
|
|
routing_tables:
|
|
icvpn: 23
|
|
mwu: 41
|
|
internet: 61
|
|
|
|
icvpn_ipv4_transfer_net: 10.207.0.0/16
|
|
icvpn_ipv6_transfer_net: fec0::a:cf:0:0/96
|
|
bgp_loopback_net: 10.37.0.0/18
|
|
bgp_ipv4_transfer_net: 10.37.0.0/18
|
|
bgp_ipv6_transfer_net: fd37:b4dc:4b1e::/64
|
|
|
|
http_domain_internal: ffmwu.org
|
|
http_domain_external: freifunk-mwu.de
|
|
|
|
meshes:
|
|
- id: mz
|
|
site_number: 37
|
|
site_code: ffmz
|
|
site_name: Mainz
|
|
ipv4_network: 10.37.0.0/18
|
|
ipv6_ula:
|
|
- fd37:b4dc:4b1e::/48
|
|
ipv6_public:
|
|
- 2a03:2260:11a::/48
|
|
dnssl:
|
|
- ffmz.org
|
|
- user.ffmz.org
|
|
batman:
|
|
it: 10000
|
|
gw: server 96mbit/96mbit
|
|
mm: 0
|
|
dat: 0
|
|
hop_penalty: 60
|
|
radvd:
|
|
maxrtradvinterval: 900
|
|
advvalidlifetime: 864000
|
|
advpreferredlifetime: 172800
|
|
iface_mtu: 1350
|
|
fastd:
|
|
nodes:
|
|
instances:
|
|
- id: 0
|
|
mtu: 1406
|
|
peers:
|
|
repo: https://github.com/freifunk-mwu/peers-ffmz.git
|
|
version: master
|
|
pass: fastd/mzvpn
|
|
- id: 1
|
|
mtu: 1312
|
|
peers:
|
|
repo: https://github.com/freifunk-mwu/peers-ffmz.git
|
|
version: master
|
|
pass: fastd/mzvpn
|
|
intragate:
|
|
instances:
|
|
- id: 0
|
|
mtu: 1406
|
|
peers:
|
|
repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
|
|
version: master
|
|
pass: fastd/mzigvpn
|
|
dns:
|
|
master: fd37:b4dc:4b1e::a25:103
|
|
forward_zones:
|
|
- name: ffmz.org
|
|
- name: user.ffmz.org
|
|
- name: bb.ffmz.org
|
|
- name: nodes.ffmz.org
|
|
- name: ffbin
|
|
master: fd37:b4dc:4b1e::a25:10c
|
|
http_domain_internal: ffmz.org
|
|
http_domain_external: freifunk-mainz.de
|
|
|
|
- id: wi
|
|
site_number: 56
|
|
site_code: ffwi
|
|
site_name: Wiesbaden
|
|
ipv4_network: 10.56.0.0/18
|
|
ipv6_ula:
|
|
- fd56:b4dc:4b1e::/48
|
|
ipv6_public:
|
|
- 2a03:2260:11b::/48
|
|
dnssl:
|
|
- ffwi.org
|
|
- user.ffwi.org
|
|
batman:
|
|
it: 10000
|
|
gw: server 96mbit/96mbit
|
|
mm: 0
|
|
dat: 0
|
|
hop_penalty: 60
|
|
radvd:
|
|
maxrtradvinterval: 900
|
|
advvalidlifetime: 864000
|
|
advpreferredlifetime: 172800
|
|
iface_mtu: 1350
|
|
fastd:
|
|
nodes:
|
|
instances:
|
|
- id: 0
|
|
mtu: 1406
|
|
peers:
|
|
repo: https://github.com/freifunk-mwu/peers-ffwi.git
|
|
version: master
|
|
pass: fastd/wivpn
|
|
- id: 1
|
|
mtu: 1312
|
|
peers:
|
|
repo: https://github.com/freifunk-mwu/peers-ffwi.git
|
|
version: master
|
|
pass: fastd/wivpn
|
|
intragate:
|
|
instances:
|
|
- id: 0
|
|
mtu: 1406
|
|
peers:
|
|
repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git
|
|
version: master
|
|
pass: fastd/wiigvpn
|
|
dns:
|
|
master: fd56:b4dc:4b1e::a38:103
|
|
forward_zones:
|
|
- name: ffwi.org
|
|
- name: user.ffwi.org
|
|
- name: bb.ffwi.org
|
|
- name: nodes.ffwi.org
|
|
http_domain_internal: ffwi.org
|
|
http_domain_external: wiesbaden.freifunk.net
|
|
|
|
icvpn:
|
|
prefix: mwu
|
|
interface: icvpn
|
|
icvpn_repo: https://github.com/freifunk/icvpn
|
|
|
|
bgp_mwu_servers:
|
|
spinat:
|
|
ipv4: 10.37.0.7
|
|
ipv6: fd37:b4dc:4b1e::a25:7
|
|
lotuswurzel:
|
|
ipv4: 10.37.0.23
|
|
ipv6: fd37:b4dc:4b1e::a25:17
|
|
ingwer:
|
|
ipv4: 10.37.0.161
|
|
ipv6: fd37:b4dc:4b1e::a25:a1
|
|
wasserfloh:
|
|
ipv4: 10.37.0.231
|
|
ipv6: fd37:b4dc:4b1e::a25:e7
|
|
zuckerwatte:
|
|
ipv4: 10.37.1.2
|
|
ipv6: fd37:b4dc:4b1e::a25:102
|
|
aubergine:
|
|
ipv4: 10.37.1.3
|
|
ipv6: fd37:b4dc:4b1e::a25:103
|
|
zwiebel:
|
|
ipv4: 10.37.1.0
|
|
ipv6: fd37:b4dc:4b1e::a25:100
|
|
glueckskeks:
|
|
ipv4: 10.37.1.1
|
|
ipv6: fd37:b4dc:4b1e::a25:101
|
|
suesskartoffel:
|
|
ipv4: 10.37.1.4
|
|
ipv6: fd37:b4dc:4b1e::a25:104
|
|
|
|
legacy_gateways:
|
|
- ingwer
|
|
- lotuswurzel
|
|
- spinat
|