From e0c27a2411b7c5f03b62fa44e9b890e2ebffcb3d Mon Sep 17 00:00:00 2001 From: stebifan Date: Sun, 24 Jan 2016 22:37:34 +0100 Subject: [PATCH 01/15] Added Bridge Config --- files/bataddif.sh.j2 | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/files/bataddif.sh.j2 b/files/bataddif.sh.j2 index e0fc221..7bea415 100644 --- a/files/bataddif.sh.j2 +++ b/files/bataddif.sh.j2 @@ -3,7 +3,7 @@ INTERFACE="$3" #MAC="$8" #BLACKLISTFILE=/opt/freifunk/blockliste.txt batctl=/usr/local/sbin/batctl - +brctl=/sbin/brctl #if [ -f /opt/freifunk/blockliste.txt ] #if [ -f $BLACKLISTFILE ] @@ -24,7 +24,6 @@ batctl=/usr/local/sbin/batctl #ifconfig $INTERFACE hw ether {{ sn_mesh_MAC }} /bin/ip link set dev $INTERFACE up mtu 1312 #/sbin/sysctl net.ipv4.conf.$INTERFACE.rp_filter=0 - -$batctl if add $INTERFACE - -echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast +#$batctl if add $INTERFACE +#echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast +$brctl addif br-nodes From 6ba7f804ae6ed824497346e8e59720d469663436 Mon Sep 17 00:00:00 2001 From: stebifan Date: Sun, 24 Jan 2016 22:39:36 +0100 Subject: [PATCH 02/15] Update bataddif.sh.j2 --- files/bataddif.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/bataddif.sh.j2 b/files/bataddif.sh.j2 index 7bea415..a03c803 100644 --- a/files/bataddif.sh.j2 +++ b/files/bataddif.sh.j2 @@ -26,4 +26,4 @@ brctl=/sbin/brctl #/sbin/sysctl net.ipv4.conf.$INTERFACE.rp_filter=0 #$batctl if add $INTERFACE #echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast -$brctl addif br-nodes +$brctl addif br-nodes $INTERFACE From 9349187da787a167ba33b99c7e44998a6f4cded4 Mon Sep 17 00:00:00 2001 From: stebifan Date: Sun, 24 Jan 2016 22:40:40 +0100 Subject: [PATCH 03/15] Update batdelif.sh --- files/batdelif.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/batdelif.sh b/files/batdelif.sh index 65fc46d..029b3ca 100644 --- a/files/batdelif.sh +++ b/files/batdelif.sh @@ -1,4 +1,4 @@ #!/bin/bash INTERFACE="$3" -/usr/local/sbin/batctl if del $INTERFACE +/sbin/brctl delif br-nodes $INTERFACE From 49f58f357a905b6e37699081eb63d4e5dbf04e81 Mon Sep 17 00:00:00 2001 From: stebifan Date: Sun, 24 Jan 2016 22:43:33 +0100 Subject: [PATCH 04/15] Update collectd_td_stat.sh --- files/collectd_td_stat.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/files/collectd_td_stat.sh b/files/collectd_td_stat.sh index a8de947..b6ef201 100644 --- a/files/collectd_td_stat.sh +++ b/files/collectd_td_stat.sh @@ -6,9 +6,11 @@ fi #Remove old Interfaces rm /opt/freifunk/tunneldigger_interfaces/* #Create Interace files -for i in `/usr/local/sbin/batctl if | grep l2tp1`; +for i in `/sbin/brctl show vpn-td | grep l2tp1`; do touch /opt/freifunk/tunneldigger_interfaces/$i done -#Remove Active file -rm /opt/freifunk/tunneldigger_interfaces/active +#Remove wrong file +rm /opt/freifunk/tunneldigger_interfaces/no +rm /opt/freifunk/tunneldigger_interfaces/br-* +rm /opt/freifunk/tunneldigger_interfaces/8* From 6c8c808b3d5151bbe9a1c2820d2511d42fd42c23 Mon Sep 17 00:00:00 2001 From: stebifan Date: Sun, 24 Jan 2016 22:44:43 +0100 Subject: [PATCH 05/15] Update sn_startup.sh.j2 --- files/sn_startup.sh.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/files/sn_startup.sh.j2 b/files/sn_startup.sh.j2 index dd4550d..5c84904 100644 --- a/files/sn_startup.sh.j2 +++ b/files/sn_startup.sh.j2 @@ -54,4 +54,10 @@ sleep 5 /bin/systemctl restart isc-dhcp-server /bin/systemctl enable isc-dhcp-server +# Create Tunneldigger Bridge +brctl addbr br-nodes +ip link set dev br-nodes up +ebtables -A FORWARD --logical-in br-nodes -j DROP + + exit 0 From b238eb2409b3e5f26f1bce470bde65f8d0295263 Mon Sep 17 00:00:00 2001 From: stebifan Date: Sun, 24 Jan 2016 23:43:56 +0100 Subject: [PATCH 06/15] Update collectd_td_stat.sh --- files/collectd_td_stat.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/collectd_td_stat.sh b/files/collectd_td_stat.sh index b6ef201..d06399b 100644 --- a/files/collectd_td_stat.sh +++ b/files/collectd_td_stat.sh @@ -6,7 +6,7 @@ fi #Remove old Interfaces rm /opt/freifunk/tunneldigger_interfaces/* #Create Interace files -for i in `/sbin/brctl show vpn-td | grep l2tp1`; +for i in `/sbin/brctl show br-nodes | grep l2tp1`; do touch /opt/freifunk/tunneldigger_interfaces/$i done From 454e2110f2877ae7e054d07d5d272d85b75ce55d Mon Sep 17 00:00:00 2001 From: stebifan Date: Mon, 25 Jan 2016 18:45:45 +0100 Subject: [PATCH 07/15] Update sn_startup.sh.j2 --- files/sn_startup.sh.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/files/sn_startup.sh.j2 b/files/sn_startup.sh.j2 index 5c84904..a637274 100644 --- a/files/sn_startup.sh.j2 +++ b/files/sn_startup.sh.j2 @@ -40,6 +40,12 @@ done # Allow MAC address spoofing /sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 +# Create Tunneldigger Bridge +/sbin/brctl addbr br-nodes +/sbin/ip link set dev br-nodes up +/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP +/usr/local/sbin/batctl if add br-nodes + sleep 5 # Start tunneldigger @@ -54,10 +60,4 @@ sleep 5 /bin/systemctl restart isc-dhcp-server /bin/systemctl enable isc-dhcp-server -# Create Tunneldigger Bridge -brctl addbr br-nodes -ip link set dev br-nodes up -ebtables -A FORWARD --logical-in br-nodes -j DROP - - exit 0 From 15ba2a8624ec32e237f76bce58bf408ee13e5bee Mon Sep 17 00:00:00 2001 From: stebifan Date: Mon, 25 Jan 2016 18:46:06 +0100 Subject: [PATCH 08/15] Update collectd_td_stat.sh --- files/collectd_td_stat.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/collectd_td_stat.sh b/files/collectd_td_stat.sh index d06399b..d600d80 100644 --- a/files/collectd_td_stat.sh +++ b/files/collectd_td_stat.sh @@ -6,7 +6,7 @@ fi #Remove old Interfaces rm /opt/freifunk/tunneldigger_interfaces/* #Create Interace files -for i in `/sbin/brctl show br-nodes | grep l2tp1`; +for i in `/sbin/brctl show br-nodes | grep l2tp`; do touch /opt/freifunk/tunneldigger_interfaces/$i done From a422d26a2ac6832f4fab1d6d6554b923e05ca364 Mon Sep 17 00:00:00 2001 From: stebifan Date: Mon, 25 Jan 2016 18:46:47 +0100 Subject: [PATCH 09/15] Update collectd.conf.j2 --- files/collectd.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/collectd.conf.j2 b/files/collectd.conf.j2 index fc11d7f..0313b74 100644 --- a/files/collectd.conf.j2 +++ b/files/collectd.conf.j2 @@ -30,7 +30,7 @@ LoadPlugin filecount Instance "tunneldigger-connections" - Name "l2tp1*" + Name "l2tp*" From ea411cb3414f4494a4acf2a189aa2fb98f04917d Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Tue, 26 Jan 2016 22:58:39 +0100 Subject: [PATCH 10/15] Change to super node and exit node in one server --- .install.sn.yml.swp | Bin 0 -> 24576 bytes files/keepalive.sh | 4 ++-- files/l2tp_backbone.sh.exit.j2 | 7 ++++--- files/sn_startup.exit.sh.j2 | 18 ++++++++++++++++++ install.sn.yml | 10 +++++----- 5 files changed, 29 insertions(+), 10 deletions(-) create mode 100644 .install.sn.yml.swp diff --git a/.install.sn.yml.swp b/.install.sn.yml.swp new file mode 100644 index 0000000000000000000000000000000000000000..d56777a9c9a16952d8b2b53aff282661b41b7f35 GIT binary patch literal 24576 zcmeHPd#oKtd0$c<4FpUGkCIk&xR>T8z@Bq`eeJ{tPMX-U6T5aXzBWY=a zw5%XpufQR1o`wSr2O17E9B4SuaG>Ep!-0ka4F`T} zIFQB9x88@@UZ!T8sNd(+eqW&ee!KcjYxU1pe;-!AU#r#sj{191{k}{MpvO_g%}>LD zh64=;8V)oZXgJVtpy5EnfrbMO2O17E9B4T38{mNBS=QC)_rJ*yNBm#g|3BP;TmYa4 z+yN{DJAhxm%(DI!cpUgg;8EZ{;4IJs)_{XR2Uq}h0MESCvi=45KJa(IXMuZx4*(oE z4s?Mx1Fr!7;|jC~ehhpK_#*HCa363ta1MxoJAmWBTY>9jsU>RIrk{;^e#XaXhq=*s9EH7v-;f$Kv&2_skhaJ+QN9MW>pILoyvibqgY7x6J6)CXzZ#64i4Zcf`9} z#gLmL9%4+MjiNN8xwYJp6ArnjsTcKBnbvCL?9_iVf6Svi>+V`!RxcXW9uJ(Y?#k4< zI7+ha%F49YXjn1#aD#_glx+1hm6{XAD2#17e%2dAiRw(G(DWQP^P{jM$~5Pwp&t$z z+G6s_22WTP5g$40V@=q#JJaks)ysughYL7M&Ekm{Eo5uiWHCpQ&Wfs+SWn_ANe;iu#7(jB)RKe?~B|L8484*ltY9{zLkoxNKQ9K8ADkrUk|MjdsR z<}_Kr7RT8eJEz?^PrJ)t6sESYq>fFT@Dy9cV2|gg4zjJ-7_|6o|FM(oPk0jYfL*(G z^q5}ca&DEgpk}8xT}K@L?h;O88dkUBk})1SVEPr+gWN(Y?W?Ew((~huJuS!cKy%9c z6r3Ai`ugNe=P7lZmdpexb9+5|R`c}2E!o7pTC!wtrx)VDP1Y|l>{gz16WV^mB+6s? z&vE4O?(&}1)j6v|67Vb1?JODKp2`$zxMe z-Rj_6Cqh<1km*Zhwn(oXUo>Pw=39$QJSf2Z6Gy2}0=0v!6i3}9kN4Rq%i>PEO+PLC z?K@#Bm|{+?cRR-;?i^~&9RR2akRnZTeQB_`CxZv zPP(3UpghX)Y>*HH+|9fm{zn&oD;JP0J=w0JLXAB+OE21X<6javp4)C%bkFS za=ui<`|_=#)4=a@Qs-=sm#x(M)grV5JF)elR@(*NcNP8kF)o~}vWR})bz-AeeY(nb zQrGrIZfr|QP?Te=Q;-U26dLan34y(o|s7Dqa}+QfZlGA;_&F_Y<_$lr&nlv9i2#cT1{mDRg92ER)518!N57%k=E*^?BxC zs0{}SDt?FJPU#KkLg}!BPLL8IIhca`0Cze5NOLbLtAy6kVWjy;kqvcViG;nXIGAvM zkcaDQIrc_~+dnQ|Ya3zC>U zW)RQJb}sTJSY(Gn+<+-((Lmo2LRFWdq=Qip`Ux&0eT$^&$cCt74&7PfD1$V|J%OE; zSY-cS2D|n=K=%J4e&~4uw*Ef=e*=67@PWg?&tT7!&HpK28MqR75;ps1fctxHae%2OhQ<${>{1A;TzV;~f;4>@$0%IP@S8xn_oq49rH6ywqtF1{ z5^%;WX51Zx{(4zAPKPL;)rZib1D?UPLh%ska8m{gY>Bd)42C@{8|o+xU}yJ4fzd=- z(d0QV?eN*2{xu$YurD%y;Ja}4V4h=`WeB>k4c}pFl|H1Cw(3l%dCZ9g#q<9x;$g{& zsh~g>jak@Rz0dO9=oyLQgo(`zdwUd0L+%gDRvk_E@QC}YRC(+{r_Hk zg~3mc&#< zbhcBea<+?qN@x4(>Z-x@ebh=iCGupF-4{vhMbP@(kqY-O*g7RzN^CKhq5Th)3i0y% znCRqslKp=rZjzHK{(o5AD(98mAK~{Xa5eB1*!q7Bd>Xh5XaSc4WdHvY@Cjfq@EYLN zz^j0t!_NP6U;}tNumhm@{5OFIfi+++@Q1*Yu=BqUdeFGq#tr6d950ej~+i?J&ws}ynO@+fZk6U!M z;P7poT2Ut?Lbza{{7&sk!*nz^Dz#fhsI_=HKxdZxPtqTh$4vUV#Rft|S;ogF_ktvQ z@@)GdJVo%V!B0AIz$<4PuFcITS;zmQgKj>b>e}%>q+c`7xV&5kgCu~2K+r=(5!6iF zgj|Mn?RT93jPrUVi`l8D-(6@M%#_t&Hc584WZPjL1Z?HTYj!RO)uFpUPC|KSYc^7> zhen|OBo(q3A@EI>PG9O`&>1US)L#^zZVm=eIn<4>7%_c(;X9WRjbe*Y5W6hb1Cx_| zGTK=e!22Qf;jyH)QVcUa?p!h|ffcL?)Rna42a!Wg{q|%dOuM+ztyP2uV?5rJO5Xbz*hJhmLLgNei5Ip(p8J4ZJ#bWLhTlu z&69+QaJstIYtm|M?Y5~Qy(xk!56yf6z5QlN*x!I~)e6X5;i{uFHEmmm1Et8)jnsvY zlnDw1s$>bhvyaPC95@+ORjX0vcGN1SvqU$VA`Em@TmPe~?TBTY$by)Z3zD|t=*gX> zxBUF;W;($l!bySoKF$u^k>ai_q?jSw>uu-mzTML#haSij>J#^5vHh5u+BRu_uE^FW zwY(LTroqyfyNKEK$inL;GPi2VEorD6GcLoTOA(Zw9J1u)_QtHQ-i%?(ZmZ+g?5KJU zAjL%y(l@gI%rl4}bTxXqt)nPP-o5%j2!4>%eqpoKYq<1T$N8TXD`KgSmIzi-CWzkUPOo|K|l#KE|M8mkP zBc65<@od+7(86nffYU2@>brtSr8lTyN+DKd>GVUTSd5UgsXS1*;FV0>n0xjo>BGe#?`th_9;*|gQw0=AMEbE(>B)uSW$o60n$ZQPk9(+z_4j4PSF zM!iVbQH{2tqEt87+%>7&E+=G`kjSf1Gt;Drdqk)2)J}C}9dwInOHj=Qn$LTAX!J&& zGzG*cly$&2oh^NDEHd%TzBtrW$~Dl$>N!@}ud7s|l4|j6^PcSgH^F|ro9tM`|MmC% z55eBQ7jS?Zfd$}lfO7vS@BaaSd;mFc6YzTAg}`I5`5yxA0W#nK@E5T8DPR8>@GIE) zCxAVGw)wvc8~^jb$AB}yBJcv>-(crI0(=s9AHadbz%OCz{{VOx$bh#1uLYigt^YIN z5#WB{9^hTTUf?R=Z(;ZU6~KXiht2;T;C^5QxDt30cK=@jr+`Di>wt$~`+pGNzyaV* zz-xi0;RpB@a31&&&;ecp`~rOZ54;w6@*D;JJ$2@RFiG&N3!uQ zN(SsFJF^(iyfX}uEVJ*-`yKgoTS(*@yIH_^D6*uh($dJ)BTkg9JqNilp`Gv`!l?k8 z@KiWpi2_hFM*f>8{P|>-X-~iAsUg73zJvfXh%rg845s`Xo|vIdBP=MWJ71?-h;m|H zTmH6W~g&lwU}!w zklWTcq%BGcRcg}QH#Y+$uLejw5B*clWEVu1UZY!)L4Ts6HY&p8DL{I?aCP_zUWVec-lFPXW_Y%}O97=|h1_N-~xHHOJH&pN|o zw`y(%!;Bh9>UJ4syt)mB$@WtjW^`3$7<7VyVQPO*a!e)8Z{>1C zEXL9HL@GDWdiVqY-*+ZKSAD@VcH)+fjM?LekKh&bI2;f8V9>ra?vw|rr0>$YvWV*H zu_`-67!H>d)+eLoAx+)YUv1QPH#UdpNZarivAfm2Qm>mkTzPM5GNGh!);2f$yx@TY zwc=AIopO$_OMcoOamPcJg#CtVa|-a_E70rkEt8^CZNMAFpPGGIavq`gnR?&gi_Db~ zUz`*tj)|wLKUZ3b?~+v)D8@GyeZ*u%)UZ^XMZG5C2#yn(O!Q@oda+!sO3$ip8{ /dev/null 2>&1 & /bin/sleep 15 $batadv -i bat0 -s > /dev/null 2>&1 & /usr/sbin/service bind9 restart -/usr/local/sbin/batctl gw client 3 +#/usr/local/sbin/batctl gw client 3 +/usr/local/sbin/batctl gw server 100Mbit/100Mbit diff --git a/files/sn_startup.exit.sh.j2 b/files/sn_startup.exit.sh.j2 index b8c11fd..7e40342 100644 --- a/files/sn_startup.exit.sh.j2 +++ b/files/sn_startup.exit.sh.j2 @@ -45,6 +45,12 @@ done # Allow MAC address spoofing /sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 +# Create Tunneldigger Bridge +/sbin/brctl addbr br-nodes +/sbin/ip link set dev br-nodes up +/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP +/usr/local/sbin/batctl if add br-nodes + sleep 5 # stop tunneldigger @@ -65,4 +71,16 @@ sleep 5 /bin/systemctl disable isc-dhcp-server /bin/systemctl stop isc-dhcp-server +# Start tunneldigger +/bin/systemctl restart tunneldigger +/bin/systemctl enable tunneldigger + +# radvd restart +/bin/systemctl restart radvd +/bin/systemctl enable radvd + +# restart DHCP +/bin/systemctl restart isc-dhcp-server +/bin/systemctl enable isc-dhcp-server + exit 0 diff --git a/install.sn.yml b/install.sn.yml index 1a8d4d0..c846a79 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v2.1 + snversion: master_v2.9000001_beta batmanversion: v2015.2 common_required_packages: - git @@ -71,8 +71,8 @@ raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list" - name: Make this server ansible compatible raw: "apt-get update && apt-get install python -y" - - name: Add backport repo to source list #target: /etc/apt/sources.list.d - apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present +# - name: Add backport repo to source list #target: /etc/apt/sources.list.d +# apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present - name: Update apt cache apt: update_cache=yes - name: Gathering facts @@ -196,7 +196,7 @@ copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 with_items: check_gw_script register: check_gw - when: sn_exit is undefined +# when: sn_exit is undefined - name: Add cron job with check gateway script cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root" when: check_gw.changed @@ -205,7 +205,7 @@ copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 with_items: tunneld_stats_file register: tunneld_stats - when: sn_exit is undefined +# when: sn_exit is undefined - name: Add cron job tunneldigger stats cron: name=tunneld_stats job="/opt/freifunk/collectd_td_stat.sh > /dev/null 2>&1" user="root" when: tunneld_stats.changed From 4768640a2d0f8c473f1409a3a6e61840bbe2a7f2 Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Tue, 26 Jan 2016 23:02:41 +0100 Subject: [PATCH 11/15] temp file --- .install.sn.yml.swp | Bin 24576 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 .install.sn.yml.swp diff --git a/.install.sn.yml.swp b/.install.sn.yml.swp deleted file mode 100644 index d56777a9c9a16952d8b2b53aff282661b41b7f35..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24576 zcmeHPd#oKtd0$c<4FpUGkCIk&xR>T8z@Bq`eeJ{tPMX-U6T5aXzBWY=a zw5%XpufQR1o`wSr2O17E9B4SuaG>Ep!-0ka4F`T} zIFQB9x88@@UZ!T8sNd(+eqW&ee!KcjYxU1pe;-!AU#r#sj{191{k}{MpvO_g%}>LD zh64=;8V)oZXgJVtpy5EnfrbMO2O17E9B4T38{mNBS=QC)_rJ*yNBm#g|3BP;TmYa4 z+yN{DJAhxm%(DI!cpUgg;8EZ{;4IJs)_{XR2Uq}h0MESCvi=45KJa(IXMuZx4*(oE z4s?Mx1Fr!7;|jC~ehhpK_#*HCa363ta1MxoJAmWBTY>9jsU>RIrk{;^e#XaXhq=*s9EH7v-;f$Kv&2_skhaJ+QN9MW>pILoyvibqgY7x6J6)CXzZ#64i4Zcf`9} z#gLmL9%4+MjiNN8xwYJp6ArnjsTcKBnbvCL?9_iVf6Svi>+V`!RxcXW9uJ(Y?#k4< zI7+ha%F49YXjn1#aD#_glx+1hm6{XAD2#17e%2dAiRw(G(DWQP^P{jM$~5Pwp&t$z z+G6s_22WTP5g$40V@=q#JJaks)ysughYL7M&Ekm{Eo5uiWHCpQ&Wfs+SWn_ANe;iu#7(jB)RKe?~B|L8484*ltY9{zLkoxNKQ9K8ADkrUk|MjdsR z<}_Kr7RT8eJEz?^PrJ)t6sESYq>fFT@Dy9cV2|gg4zjJ-7_|6o|FM(oPk0jYfL*(G z^q5}ca&DEgpk}8xT}K@L?h;O88dkUBk})1SVEPr+gWN(Y?W?Ew((~huJuS!cKy%9c z6r3Ai`ugNe=P7lZmdpexb9+5|R`c}2E!o7pTC!wtrx)VDP1Y|l>{gz16WV^mB+6s? z&vE4O?(&}1)j6v|67Vb1?JODKp2`$zxMe z-Rj_6Cqh<1km*Zhwn(oXUo>Pw=39$QJSf2Z6Gy2}0=0v!6i3}9kN4Rq%i>PEO+PLC z?K@#Bm|{+?cRR-;?i^~&9RR2akRnZTeQB_`CxZv zPP(3UpghX)Y>*HH+|9fm{zn&oD;JP0J=w0JLXAB+OE21X<6javp4)C%bkFS za=ui<`|_=#)4=a@Qs-=sm#x(M)grV5JF)elR@(*NcNP8kF)o~}vWR})bz-AeeY(nb zQrGrIZfr|QP?Te=Q;-U26dLan34y(o|s7Dqa}+QfZlGA;_&F_Y<_$lr&nlv9i2#cT1{mDRg92ER)518!N57%k=E*^?BxC zs0{}SDt?FJPU#KkLg}!BPLL8IIhca`0Cze5NOLbLtAy6kVWjy;kqvcViG;nXIGAvM zkcaDQIrc_~+dnQ|Ya3zC>U zW)RQJb}sTJSY(Gn+<+-((Lmo2LRFWdq=Qip`Ux&0eT$^&$cCt74&7PfD1$V|J%OE; zSY-cS2D|n=K=%J4e&~4uw*Ef=e*=67@PWg?&tT7!&HpK28MqR75;ps1fctxHae%2OhQ<${>{1A;TzV;~f;4>@$0%IP@S8xn_oq49rH6ywqtF1{ z5^%;WX51Zx{(4zAPKPL;)rZib1D?UPLh%ska8m{gY>Bd)42C@{8|o+xU}yJ4fzd=- z(d0QV?eN*2{xu$YurD%y;Ja}4V4h=`WeB>k4c}pFl|H1Cw(3l%dCZ9g#q<9x;$g{& zsh~g>jak@Rz0dO9=oyLQgo(`zdwUd0L+%gDRvk_E@QC}YRC(+{r_Hk zg~3mc&#< zbhcBea<+?qN@x4(>Z-x@ebh=iCGupF-4{vhMbP@(kqY-O*g7RzN^CKhq5Th)3i0y% znCRqslKp=rZjzHK{(o5AD(98mAK~{Xa5eB1*!q7Bd>Xh5XaSc4WdHvY@Cjfq@EYLN zz^j0t!_NP6U;}tNumhm@{5OFIfi+++@Q1*Yu=BqUdeFGq#tr6d950ej~+i?J&ws}ynO@+fZk6U!M z;P7poT2Ut?Lbza{{7&sk!*nz^Dz#fhsI_=HKxdZxPtqTh$4vUV#Rft|S;ogF_ktvQ z@@)GdJVo%V!B0AIz$<4PuFcITS;zmQgKj>b>e}%>q+c`7xV&5kgCu~2K+r=(5!6iF zgj|Mn?RT93jPrUVi`l8D-(6@M%#_t&Hc584WZPjL1Z?HTYj!RO)uFpUPC|KSYc^7> zhen|OBo(q3A@EI>PG9O`&>1US)L#^zZVm=eIn<4>7%_c(;X9WRjbe*Y5W6hb1Cx_| zGTK=e!22Qf;jyH)QVcUa?p!h|ffcL?)Rna42a!Wg{q|%dOuM+ztyP2uV?5rJO5Xbz*hJhmLLgNei5Ip(p8J4ZJ#bWLhTlu z&69+QaJstIYtm|M?Y5~Qy(xk!56yf6z5QlN*x!I~)e6X5;i{uFHEmmm1Et8)jnsvY zlnDw1s$>bhvyaPC95@+ORjX0vcGN1SvqU$VA`Em@TmPe~?TBTY$by)Z3zD|t=*gX> zxBUF;W;($l!bySoKF$u^k>ai_q?jSw>uu-mzTML#haSij>J#^5vHh5u+BRu_uE^FW zwY(LTroqyfyNKEK$inL;GPi2VEorD6GcLoTOA(Zw9J1u)_QtHQ-i%?(ZmZ+g?5KJU zAjL%y(l@gI%rl4}bTxXqt)nPP-o5%j2!4>%eqpoKYq<1T$N8TXD`KgSmIzi-CWzkUPOo|K|l#KE|M8mkP zBc65<@od+7(86nffYU2@>brtSr8lTyN+DKd>GVUTSd5UgsXS1*;FV0>n0xjo>BGe#?`th_9;*|gQw0=AMEbE(>B)uSW$o60n$ZQPk9(+z_4j4PSF zM!iVbQH{2tqEt87+%>7&E+=G`kjSf1Gt;Drdqk)2)J}C}9dwInOHj=Qn$LTAX!J&& zGzG*cly$&2oh^NDEHd%TzBtrW$~Dl$>N!@}ud7s|l4|j6^PcSgH^F|ro9tM`|MmC% z55eBQ7jS?Zfd$}lfO7vS@BaaSd;mFc6YzTAg}`I5`5yxA0W#nK@E5T8DPR8>@GIE) zCxAVGw)wvc8~^jb$AB}yBJcv>-(crI0(=s9AHadbz%OCz{{VOx$bh#1uLYigt^YIN z5#WB{9^hTTUf?R=Z(;ZU6~KXiht2;T;C^5QxDt30cK=@jr+`Di>wt$~`+pGNzyaV* zz-xi0;RpB@a31&&&;ecp`~rOZ54;w6@*D;JJ$2@RFiG&N3!uQ zN(SsFJF^(iyfX}uEVJ*-`yKgoTS(*@yIH_^D6*uh($dJ)BTkg9JqNilp`Gv`!l?k8 z@KiWpi2_hFM*f>8{P|>-X-~iAsUg73zJvfXh%rg845s`Xo|vIdBP=MWJ71?-h;m|H zTmH6W~g&lwU}!w zklWTcq%BGcRcg}QH#Y+$uLejw5B*clWEVu1UZY!)L4Ts6HY&p8DL{I?aCP_zUWVec-lFPXW_Y%}O97=|h1_N-~xHHOJH&pN|o zw`y(%!;Bh9>UJ4syt)mB$@WtjW^`3$7<7VyVQPO*a!e)8Z{>1C zEXL9HL@GDWdiVqY-*+ZKSAD@VcH)+fjM?LekKh&bI2;f8V9>ra?vw|rr0>$YvWV*H zu_`-67!H>d)+eLoAx+)YUv1QPH#UdpNZarivAfm2Qm>mkTzPM5GNGh!);2f$yx@TY zwc=AIopO$_OMcoOamPcJg#CtVa|-a_E70rkEt8^CZNMAFpPGGIavq`gnR?&gi_Db~ zUz`*tj)|wLKUZ3b?~+v)D8@GyeZ*u%)UZ^XMZG5C2#yn(O!Q@oda+!sO3$ip8{ Date: Wed, 27 Jan 2016 00:15:32 +0100 Subject: [PATCH 12/15] Keepalive exit --- files/keepalive.exit.sh | 51 ++++++++++++++++++++++++++++++++++ files/keepalive.exit.sh.j2 | 10 +++++++ files/l2tp_backbone.sh.exit.j2 | 4 ++- files/sn_startup.exit.sh.j2 | 16 ----------- install.sn.yml | 8 +++++- 5 files changed, 71 insertions(+), 18 deletions(-) create mode 100644 files/keepalive.exit.sh create mode 100644 files/keepalive.exit.sh.j2 diff --git a/files/keepalive.exit.sh b/files/keepalive.exit.sh new file mode 100644 index 0000000..19c28dc --- /dev/null +++ b/files/keepalive.exit.sh @@ -0,0 +1,51 @@ +#!/bin/bash +# Version 1.6 +# Parameter setzen +GATEWAY1ext=185.66.193.105 +GATEWAY2ext=185.66.193.106 +GATEWAY1=10.188.255.5 +GATEWAY2=10.188.255.6 +GATEWAY1v6=2a03:2260:121::255:5 +GATEWAY2v6=2a03:2260:121::255:6 +IP=/sbin/ip +PING=/bin/ping +BATCTL=/usr/local/sbin/batctl + +#if [ "hostname = troisdorf1 | troisdorf2" ] +if [ $(hostname) = "troisdorf1" ] || [ $(hostname) = "troisdorf2" ] + then + DEFAULT_GATEWAY=$GATEWAY1 + DEFAULT_GATEWAYext=$GATEWAY1ext + FALLBACK_GATEWAY=$GATEWAY2 + FALLBACK_GATEWAYext=$GATEWAY2ext + DEFAULT_GATEWAYv6=$GATEWAY1v6 + FALLBACK_GATEWAYv6=$GATEWAY2v6 + else + DEFAULT_GATEWAY=$GATEWAY2 + DEFAULT_GATEWAYext=$GATEWAY2ext + FALLBACK_GATEWAY=$GATEWAY1 + FALLBACK_GATEWAYext=$GATEWAY1ext + DEFAULT_GATEWAYv6=$GATEWAY2v6 + FALLBACK_GATEWAYv6=$GATEWAY1v6 + +fi + +if $PING -c 1 $DEFAULT_GATEWAYext + then + $IP route replace default via $DEFAULT_GATEWAY table 42 + $IP -6 route replace default via $DEFAULT_GATEWAYv6 table 42 + $BATCTL gw server 100Mbit/100Mbit + echo "Gateway erreichbar" + else + if $PING -c 1 $FALLBACK_GATEWAYext + then + $IP route replace default via $FALLBACK_GATEWAY table 42 + $IP -6 route replace default via $FALLBACK_GATEWAYv6 table 42 + $BATCTL gw server 80Mbit/80Mbit + echo "Nun FALLBACK_GATEWAY" + else + $BATCTL gw off + #Kein Gateway erreichbar, batctl gw off + fi +fi + diff --git a/files/keepalive.exit.sh.j2 b/files/keepalive.exit.sh.j2 new file mode 100644 index 0000000..6a4443c --- /dev/null +++ b/files/keepalive.exit.sh.j2 @@ -0,0 +1,10 @@ +#!/bin/bash + +ping -q -I {{ sn_ffrl_IPv4 }} 8.8.8.8 -c 4 -i 1 -W 5 >/dev/null 2>&1 + +if test $? -eq 0; then + /usr/local/sbin/batctl gw server 100Mbit/100Mbit +else + /usr/local/sbin/batctl gw off +fi + diff --git a/files/l2tp_backbone.sh.exit.j2 b/files/l2tp_backbone.sh.exit.j2 index 1e3f53d..f9bca4c 100644 --- a/files/l2tp_backbone.sh.exit.j2 +++ b/files/l2tp_backbone.sh.exit.j2 @@ -54,6 +54,8 @@ $ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 de $alfred -i bat0 > /dev/null 2>&1 & /bin/sleep 15 $batadv -i bat0 -s > /dev/null 2>&1 & -/usr/sbin/service bind9 restart +/bin/systemctl restart isc-dhcp-server +/bin/systemctl restart bind9 #/usr/local/sbin/batctl gw client 3 /usr/local/sbin/batctl gw server 100Mbit/100Mbit + diff --git a/files/sn_startup.exit.sh.j2 b/files/sn_startup.exit.sh.j2 index 7e40342..ba45058 100644 --- a/files/sn_startup.exit.sh.j2 +++ b/files/sn_startup.exit.sh.j2 @@ -53,24 +53,12 @@ done sleep 5 -# stop tunneldigger -/bin/systemctl disable tunneldigger -/bin/systemctl stop tunneldigger - # restart bird /bin/systemctl start bird /bin/systemctl start bird6 /bin/systemctl enable bird /bin/systemctl enable bird6 -# stop radvd -/bin/systemctl disable radvd -/bin/systemctl stop radvd - -# restart DHCP -/bin/systemctl disable isc-dhcp-server -/bin/systemctl stop isc-dhcp-server - # Start tunneldigger /bin/systemctl restart tunneldigger /bin/systemctl enable tunneldigger @@ -79,8 +67,4 @@ sleep 5 /bin/systemctl restart radvd /bin/systemctl enable radvd -# restart DHCP -/bin/systemctl restart isc-dhcp-server -/bin/systemctl enable isc-dhcp-server - exit 0 diff --git a/install.sn.yml b/install.sn.yml index c846a79..eba6c99 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -196,7 +196,13 @@ copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 with_items: check_gw_script register: check_gw -# when: sn_exit is undefined + when: sn_exit is undefined + + - name: Check gateway / keepalive script + template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500 + register: check_gw + when: sn_exit is defined + - name: Add cron job with check gateway script cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root" when: check_gw.changed From 72a03951a81f763fa076c1ef78fc86fcd2d78781 Mon Sep 17 00:00:00 2001 From: stebifan Date: Wed, 27 Jan 2016 00:48:21 +0100 Subject: [PATCH 13/15] Update bataddif.sh.j2 --- files/bataddif.sh.j2 | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/files/bataddif.sh.j2 b/files/bataddif.sh.j2 index a03c803..42328e5 100644 --- a/files/bataddif.sh.j2 +++ b/files/bataddif.sh.j2 @@ -1,29 +1,8 @@ #!/bin/bash INTERFACE="$3" -#MAC="$8" -#BLACKLISTFILE=/opt/freifunk/blockliste.txt -batctl=/usr/local/sbin/batctl +MAC="$8" brctl=/sbin/brctl -#if [ -f /opt/freifunk/blockliste.txt ] -#if [ -f $BLACKLISTFILE ] -# then -# BLOCKLISTE=$(cat /opt/freifunk/blockliste.txt) -# else -# touch=$BLOCKLISTE -#fi - -#for i in $BLOCKLISTE; -#do -# if [[ $i == $MAC ]]; then -# exit 1 -# fi -#done - -#ip link set address {{ sn_mesh_MAC }} dev $INTERFACE -#ifconfig $INTERFACE hw ether {{ sn_mesh_MAC }} /bin/ip link set dev $INTERFACE up mtu 1312 -#/sbin/sysctl net.ipv4.conf.$INTERFACE.rp_filter=0 -#$batctl if add $INTERFACE #echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast $brctl addif br-nodes $INTERFACE From 8fb715dcdfe1256c248e1a95c1eec8aabc79681e Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Wed, 27 Jan 2016 11:45:13 +0100 Subject: [PATCH 14/15] =?UTF-8?q?Workaround=20against=20"nf=5Fconntrack=20?= =?UTF-8?q?=E2=80=A6=20dropping=20packets=20error"=20and=20"Denial=20of=20?= =?UTF-8?q?Service"=20attacks=20from=20internal=20network?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- files/sn_startup.exit.sh.j2 | 11 +++++++++++ files/sn_startup.sh.j2 | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/files/sn_startup.exit.sh.j2 b/files/sn_startup.exit.sh.j2 index ba45058..f99fcc8 100644 --- a/files/sn_startup.exit.sh.j2 +++ b/files/sn_startup.exit.sh.j2 @@ -1,4 +1,5 @@ #!/bin/sh +# Version 1.7 curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} @@ -53,6 +54,16 @@ done sleep 5 +# Fixing the nf_conntrack … dropping packets error +# hashsize = nf_conntrack_max / 4 +sysctl -w net.netfilter.nf_conntrack_max=131072 +echo 32768 > /sys/module/nf_conntrack/parameters/hashsize + +# Against Denial of Service attacks from internal network +# Check with: sysctl -a | grep conntrack | grep timeout +sysctl -w net.ipv4.netfilter.ip_conntrack_generic_timeout=240 +sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=54000 + # restart bird /bin/systemctl start bird /bin/systemctl start bird6 diff --git a/files/sn_startup.sh.j2 b/files/sn_startup.sh.j2 index a637274..276e10e 100644 --- a/files/sn_startup.sh.j2 +++ b/files/sn_startup.sh.j2 @@ -1,4 +1,5 @@ #!/bin/sh +# Version 1.7 curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} @@ -48,6 +49,16 @@ done sleep 5 +# Fixing the nf_conntrack … dropping packets error +# hashsize = nf_conntrack_max / 4 +sysctl -w net.netfilter.nf_conntrack_max=131072 +echo 32768 > /sys/module/nf_conntrack/parameters/hashsize + +# Against Denial of Service attacks from internal network +# Check with: sysctl -a | grep conntrack | grep timeout +sysctl -w net.ipv4.netfilter.ip_conntrack_generic_timeout=240 +sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=54000 + # Start tunneldigger /bin/systemctl restart tunneldigger /bin/systemctl enable tunneldigger From e82587b46aeb4561859a9f31101704defba25eff Mon Sep 17 00:00:00 2001 From: Ansible Admin Date: Wed, 27 Jan 2016 17:33:47 +0100 Subject: [PATCH 15/15] New super- and exitnode installation V 3.0.0 --- files/keepalive.exit.sh | 51 -------------------------------------- files/keepalive.exit.sh.j2 | 29 ++++++++++++++++++---- install.sn.yml | 21 ++++++---------- 3 files changed, 31 insertions(+), 70 deletions(-) delete mode 100644 files/keepalive.exit.sh diff --git a/files/keepalive.exit.sh b/files/keepalive.exit.sh deleted file mode 100644 index 19c28dc..0000000 --- a/files/keepalive.exit.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -# Version 1.6 -# Parameter setzen -GATEWAY1ext=185.66.193.105 -GATEWAY2ext=185.66.193.106 -GATEWAY1=10.188.255.5 -GATEWAY2=10.188.255.6 -GATEWAY1v6=2a03:2260:121::255:5 -GATEWAY2v6=2a03:2260:121::255:6 -IP=/sbin/ip -PING=/bin/ping -BATCTL=/usr/local/sbin/batctl - -#if [ "hostname = troisdorf1 | troisdorf2" ] -if [ $(hostname) = "troisdorf1" ] || [ $(hostname) = "troisdorf2" ] - then - DEFAULT_GATEWAY=$GATEWAY1 - DEFAULT_GATEWAYext=$GATEWAY1ext - FALLBACK_GATEWAY=$GATEWAY2 - FALLBACK_GATEWAYext=$GATEWAY2ext - DEFAULT_GATEWAYv6=$GATEWAY1v6 - FALLBACK_GATEWAYv6=$GATEWAY2v6 - else - DEFAULT_GATEWAY=$GATEWAY2 - DEFAULT_GATEWAYext=$GATEWAY2ext - FALLBACK_GATEWAY=$GATEWAY1 - FALLBACK_GATEWAYext=$GATEWAY1ext - DEFAULT_GATEWAYv6=$GATEWAY2v6 - FALLBACK_GATEWAYv6=$GATEWAY1v6 - -fi - -if $PING -c 1 $DEFAULT_GATEWAYext - then - $IP route replace default via $DEFAULT_GATEWAY table 42 - $IP -6 route replace default via $DEFAULT_GATEWAYv6 table 42 - $BATCTL gw server 100Mbit/100Mbit - echo "Gateway erreichbar" - else - if $PING -c 1 $FALLBACK_GATEWAYext - then - $IP route replace default via $FALLBACK_GATEWAY table 42 - $IP -6 route replace default via $FALLBACK_GATEWAYv6 table 42 - $BATCTL gw server 80Mbit/80Mbit - echo "Nun FALLBACK_GATEWAY" - else - $BATCTL gw off - #Kein Gateway erreichbar, batctl gw off - fi -fi - diff --git a/files/keepalive.exit.sh.j2 b/files/keepalive.exit.sh.j2 index 6a4443c..a99b670 100644 --- a/files/keepalive.exit.sh.j2 +++ b/files/keepalive.exit.sh.j2 @@ -1,10 +1,29 @@ -#!/bin/bash +#!/bin/sh +# +# -q quiet +# -c nb of pings -ping -q -I {{ sn_ffrl_IPv4 }} 8.8.8.8 -c 4 -i 1 -W 5 >/dev/null 2>&1 +HOST1=8.8.8.8 +HOST2=8.8.4.4 +BATCTL=/usr/local/sbin/batctl -if test $? -eq 0; then - /usr/local/sbin/batctl gw server 100Mbit/100Mbit +ping -q -c5 $HOST1 > /dev/null +if [ $? -eq 0 ] +then + echo "ok" + $BATCTL gw server 100Mbit/100Mbit else - /usr/local/sbin/batctl gw off + + echo "$HOST1 NICHT ok" + ping -q -c5 $HOST2 > /dev/null + if [ $? -eq 0 ] + then + echo "$HOST2 ok" + $BATCTL gw server 100Mbit/100Mbit + else + echo "$HOST2 NICHT ok" + $BATCTL gw off + fi + fi diff --git a/install.sn.yml b/install.sn.yml index eba6c99..d836102 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v2.9000001_beta + snversion: master_v3.0.0 batmanversion: v2015.2 common_required_packages: - git @@ -192,21 +192,18 @@ with_items: logrotate_config - name: Create freifunk directory file: path=/opt/freifunk state=directory mode=0755 - - name: Check gateway / keepalive script + - name: Check gateway / keepalive script supernode copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 with_items: check_gw_script register: check_gw when: sn_exit is undefined - - - name: Check gateway / keepalive script + - name: Check gateway / keepalive script super- and exitnode template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500 register: check_gw when: sn_exit is defined - - name: Add cron job with check gateway script cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root" when: check_gw.changed - - name: Tunneldigger stats copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 with_items: tunneld_stats_file @@ -215,8 +212,6 @@ - name: Add cron job tunneldigger stats cron: name=tunneld_stats job="/opt/freifunk/collectd_td_stat.sh > /dev/null 2>&1" user="root" when: tunneld_stats.changed - - - name: Copy dhcpd template file template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 register: dhcpd @@ -235,23 +230,24 @@ cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" - name: Add cron startup script cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" - - name: Copy backbone script template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 when: sn_exit is undefined - name: Copy backbone script template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 when: sn_exit is defined - - name: Collectd template file template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 register: collectd - name: Restart collectd service: name=collectd state=restarted when: collectd.changed - - name: configure startup script + - name: configure startup script supernode template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 when: sn_exit is undefined + - name: Exit node startup script super- and exitnode + template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 + when: sn_exit is defined - name: SSH authorized_keys copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 with_items: authorized_keys @@ -271,9 +267,6 @@ - name: Interface configuration with ffrl gre tunnel copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544 when: sn_exit is defined - - name: Exit node startup script - template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 - when: sn_exit is defined - apt: update_cache=yes - name: Install bird apt: state=installed pkg=bird