Freifunk-Troisdorf/ansible.fftdf.supernode
5
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Merge pull request #1 from rojoka/master

Browse Source 
Update
This commit is contained in:
stebifan 2016-01-03 19:20:36 +01:00
commit 30d8a096df
15 changed files with 397 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
files/alfred.sh.j2
View File

@ -2,7 +2,8 @@
release=$(/bin/uname -r)
nodeid=$( /bin/echo {{ sn_mesh_MAC }} | /bin/sed s/://g)
meshh_if=$(/bin/cat /sys/class/net/*/address | /bin/grep -v ^00:00:00)
#meshh_if=$(/bin/cat /sys/class/net/troisdorf*/address | /bin/grep -v ^00:00:00)
meshh_if=$(/bin/cat /sys/class/net/l2tp*/address | /bin/grep -v ^00:00:00)
tempfile=/tmp/alfred_info
if [ -f $tempfile ]
@ -20,6 +21,7 @@ fi
],
"mesh_interfaces": [
$(for i in $meshh_if; do /bin/echo '"'$i'",';done)
"{{ ul_mesh_MAC }}",
"{{ sn_mesh_MAC }}"
]
},
@ -37,7 +39,7 @@ EOF
if [ -f $tempfile ]
then
/bin/cat "$tempfile" | /bin/gzip | /usr/sbin/alfred -s 158
/bin/cat "$tempfile" | /bin/gzip | /usr/local/sbin/alfred -s 158
fi
if [ -f $tempfile ]
@ -46,3 +48,4 @@ if [ -f $tempfile ]
fi
exit 0

12
files/authorized_keys
View File

@ -2,12 +2,8 @@ ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDP
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUlPYUqsisJoBT5iDOc7OQXadZyFgI2Z+n+ARPg7OLgkw4SCORAOd53x6KYQZFhq9LP6Dv+kNkk3Qvd/uIr8avG3nxRcHWSIU9ICUmGzEp+W7dT1ExzhVkFxQG7f219ifjRO95xeQNI45MdVKBytQoQGNMoNLXTOZfW5mYr5yQWePa2OmdJLPWrAoHpS2PgrcqWzqdSBuKLdPQgr8KKHGvn9Wf/t9/6/foYfBlzf+emfxZY0M7vJUcCkpK+m66ECE2/eu9aE3m4oBOImivy9/yCta2BASJKCycYoTijRlihcllT3zSt2AGlK7OKpZRDlvFOPuL4yw1LsreBRkkdcAZ reka
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb1l5B82IeYYmapacMPR1KQV7r24Qc7K9v33Wtfyi3GuF6sz/Z014ZvtI6TwodvjWH5yx0yh+zY8BQzgb29zQm6vCjnAzDX2QdJJtAruNcl3Ib8rnp4dIRtSRwxwTP/QSltuSokMMoCoKI3Zl0i4MvlCCezjSVWzmfeTr8OA9pDz1eJ9hZn87IaBghVIOIpZYvoxhE7GAbctqA+Jx3XUoWyY4LJpgMA4Y2q9YjQ9bWNyQb5FuwCp4akapwDFEvbTDY0DyAHKmm7txv+5q5RkxfFq3K/DtcILbm0wtAsqM7VZu2TYOj+KiEHJmJMAq+yYNEWzMTsnr7mjqz8I5uOA0V jan@gefion
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNx2LqPdxwg26i4PytNUIbabqf7eb9gIp6dgwwIqFUnqbnTcilzxlm1FZoH+yMKvYY0G+ZNPG9Zs59QWE/m+mPBOjmrf5N4EH3BW3L/VRLesFMokXHtxkXZzX8CD7c+C0DGmcWfQNMD9tOYsKVm3No3Yr1Hy/WmVQbdEjpkowGpl/y1GFjZqa0dGBhVwAzdHjxsKkpbbVJDDzBwY6WReV+b6Ychgk4S58caJWXAZhkv/2bnaGW1SloHST+GBZrFa+JYbS0D1eortfpPsSR0AMqReJ+NSBKopOYC+WbqEFk9V5VJgbIsT27hRLk3Ctn8MuBUCP1vzn6gyPK91o/ZZqH jan@odin
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVxoI2GdqqnK0eKsx5xXiYca19toxB+s9lHb9u9gdmJ52tsl75XZVT2R44o5Yu8KciSPx+khzj7vL3RWieVTrPGhlbYQnOuK73x420rGejjAyDFPQWQxw98Bx0a7VHBsSUpndcnlLBMPe6bIOLI8j7c/sV26rEOAF7LshuONq4E5SMUTL4bp2dhfBgC8SjGdevBpwR1rCBIt51jhvS/asBIUZNrabG3NPwNoaRLELUbFZm7vLF777GWuBzM0G41iImb8nuC1q9WSt66ShhSxLthvl1wdyvixgCgY5yM3eOVJHheMWR6mwE2ZdAeLAFjfXKBqoH5My7a4K96wyUMptD nodeadmin@update1
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA5OYOF+VBtXXxv/wZkT5K3P7QAUJaM88zJqeGh8NJCO7EDg9jLoWLzAP7LnM9XEA4ycWdl8HX1+EUKqVXAbSNItTZZkO9LCbIiIe1w8oJd2j9hY0IpxPqbz9ePPZh0JtxAZMh3NgOoSiND0leAeOt0lTlDPh4g3G4KvR33d9PIj5ZerU47ceLyy4xEwNbZDKD04+frpq1W+lDqglR0jV/h/pcoQTAEBflbmGLeXIXRsR6zq/of4Wx/MlX18VD9SXPLGXvQ5c4lt5PvV/oeHz4gEjPv2hrI3s3fyWakadAuI9ah48CaEgpVReUGjtYDc0PskvjAH/+slqIHW1D5El+R1Z/2wn/aEGokFHUc0SiFb3NAOwxWvMtUHhXi9ZiTHt0p/0FwWZ1pxqRzODvK8uZ7LAJRGe6q9NYQkIax6SLOfWm4MFWDpDLgWz5MSbPqo+Kfo0614z1mxA3vpY53lUqEGRx4I6z/PDaOHMFd3sxhSMPGvmMvAOLTRofFppwUq1YqQkd6embsJjBN0gU9AilpL5Q2il0OoW4g0rUR8HPJczuDzmHZTXpPU2dY6MhAJ0sbNmk0XhmyoEH9/A1zPEHmirTcBMmbFUsYmR6+MnHEhxnRu5PQpXqcu2vN+JAeasgJShRl7g+rHIdutswHUAWWyfgaD0GF3f6zuOLooz1XQU= localadmin@tst-ansible
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDA2KJvzjFxFrjJvxJj/AZ3rPKGT15JUnV7LhTo0BuXITwx+DpEK6u2m3yjigf2B8ws4VbpL7ceWyP8L3wspozqbqOgyYrQ9TISipkNV9O/DzR+F8R7mhn5mV7+pEOJu1Ba6rtYTfJTcloRKklfO9UjaFLwM69H0GNsomcKMd5Kl4c7DMMwcpXfhb8b7ET5agtfAhXU0CHalnhdAVCwmsC3mj9blOLlX4lxFLonGKVcZB7nWQEmvVAG+9yp6UWZZzeBCPea8Bw4hUVAZcsbK9XLbE4D+gUoxHu2oKGRja4kUnYmlWZOyqlUGbRD6bUxmnW1aBCh8x+b91YLlGv38vT6Y/sy0tPOoVK5kHxJ2yQmnlpgRzgBZf8Kl9ouO/onvExR787C+6TGG834ROW3SaiEeta0RvWwLzugexotT02qqpJmlIXu+gpvN+O9LSfQWzcaCFJTB6MD8mox1ks/W15Uij1pCeleUmiFdVtmt3PCs/ouuG1Uhm9MSWOBNwdFlTpAngopqBHSKYpTY+LhDD9Bv+U4Tno3i4dIGLYqNVmaRij2A0jZeSKOi/OgAaQsD7CzrDhn7C8dlsBFzPjtpFNqgk2Ss5bv3dpfQhBKsaxAe0X5W57vqJD+986039H3fj9/2o2PGuWCNr1LCWSjiy8t/P++cbn0rGdJAIexgTj3Q== supernodeadmin@update1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUTvOdUbtWOmQ1HHh1rNm9LvGozlVPOu0XVcmZ2/NfSOrDbnN99Y4o2Q2mm/ZITWtEZkijnS+LdqB/SO+I2c8NWQO3+gCd9WzI/pqRso2eDIMtPfidnEGdUi4+hHmT96TGOh6P/SrR71646AJkQr5vxLDs/U/57uyTxNwgHFYb1zfekeK4J8gm9StfiGTdfFDTQsYQljrO0YxGrNG2koRXDwgUca4kGjx/HYwnjtl1nDRSAa8HvgxqAASFFrqSOhCkrlCgxoKZZwGIFccYTcAJFDhqIG32q2tRAQOtqxy5OWbTkJLBTBaR7dG4W9iYHbV6vscfNQD7Ml3aMrS+TA0x stefan@ff-stefan@tst-office

11
files/bataddif.sh.j2
View File

@ -2,7 +2,7 @@
INTERFACE="$3"
#MAC="$8"
#BLACKLISTFILE=/opt/freifunk/blockliste.txt
batctl=/usr/local/sbin/batctl
#if [ -f /opt/freifunk/blockliste.txt ]
@ -21,7 +21,10 @@ INTERFACE="$3"
#done
#ip link set address {{ sn_mesh_MAC }} dev $INTERFACE
ifconfig $INTERFACE hw ether {{ sn_mesh_MAC }}
ip link set dev $INTERFACE up mtu 1312
/usr/sbin/batctl if add $INTERFACE
#ifconfig $INTERFACE hw ether {{ sn_mesh_MAC }}
/bin/ip link set dev $INTERFACE up mtu 1312
#/sbin/sysctl net.ipv4.conf.$INTERFACE.rp_filter=0
$batctl if add $INTERFACE
echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast

2
files/batdelif.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
INTERFACE="$3"
/usr/sbin/batctl if del $INTERFACE
/usr/local/sbin/batctl if del $INTERFACE

4
files/collectd.conf.j2
View File

@ -35,7 +35,7 @@ LoadPlugin entropy
LoadPlugin irq
LoadPlugin load
LoadPlugin memory
LoadPlugin openvpn
#LoadPlugin openvpn
LoadPlugin processes
LoadPlugin swap
LoadPlugin rrdtool
@ -159,7 +159,7 @@ LoadPlugin users
#LoadPlugin thermal
#LoadPlugin tokyotyrant
#LoadPlugin unixsock
#LoadPlugin uptime
LoadPlugin uptime
#LoadPlugin uuid
#LoadPlugin varnish

4
files/dhcpd.conf.j2
View File

@ -1,3 +1,4 @@
# Version 1.2
ddns-update-style none;
option domain-name "fftdf";
default-lease-time 300;
@ -9,6 +10,5 @@ range {{ sn_dhcp_range }};
option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns }};
option routers {{ sn_dhcp_router }};
interface bat0;
}
include "/opt/freifunk/static-dhcp/static.conf";

45
files/gre_backbone.sh
View File

@ -1,45 +0,0 @@
#!/bin/sh
# Server name ending must be a single digit number
communityname="troisdorf"
server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6"
domain="freifunk-troisdorf.de"
mtu=1500
# community MAC address, without the last Byte (:)!
communitymacaddress="a2:8c:ae:6f:f6"
# Network part of the network, without the trailing dot
communitynetwork="10.188"
# IPv6 network
communitynetworkv6="fda0:747e:ab29:7405:255::"
# Third octet from the server range
octet3rd="255"
# CIDR muss /16 sein
localserver=$(hostname)
for i in $server; do
(
for j in $server; do
if [ $i != $j ]; then
if [ $i = $(hostname) ]; then
ip link add $j type gretap local $(hostname -I | cut -f1 -d' ') remote $(dig +short $j.$domain) dev eth0 nopmtudisc
ip link set dev $j mtu $mtu
ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev $j
ip link set $j up
batctl if add $j
fi
fi
done
)
done
# configure bat0
ip link set address $communitymacaddress$:0${localserver#$communityname} dev bat0
ip link set up dev bat0
ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
ip -6 addr add fda0:747e:ab29:7405:255::${localserver#$communityname}/64 dev bat0
alfred -i bat0 > /dev/null 2>&1 &
batadv-vis -i bat0 -s > /dev/null 2>&1 &
service bind9 restart

57
files/gre_backbone.sh.j2 Normal file
View File

@ -0,0 +1,57 @@
#!/bin/sh
# Server name ending must be a single digit number
communityname="troisdorf"
server="troisdorf0 {{ sn_hostname }}"
domain="freifunk-troisdorf.de"
mtu={{ sn_mtu }}
# community MAC address, without the last Byte (:)!
communitymacaddress="a2:8c:ae:6f:f6"
# Network part of the network, without the trailing dot
communitynetwork="10.188"
# IPv6 network
communitynetworkv6="fda0:747e:ab29:7405:255::"
# Third octet from the server range
octet3rd="255"
# CIDR muss /16 sein
localserver=$(/bin/hostname)
# files
batadv=/usr/local/sbin/batadv-vis
alfred=/usr/local/sbin/alfred
batctl=/usr/local/sbin/batctl
for i in $server; do
(
for j in $server; do
if [ $i != $j ]; then
if [ $i = $(/bin/hostname) ]; then
/sbin/ip link add $j type gretap local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') remote $(/usr/bin/dig +short $j.$domain) dev eth0 nopmtudisc
# /sbin/ip link add $j type gretap local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') remote $(/usr/bin/dig +short $j.$domain) dev eth0
/sbin/ip link set dev $j mtu $mtu
# /sbin/ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev $j
# /sbin/ip link set address $communitymacaddress$:0${localserver#$communityname} dev $j
/sbin/ip link set address $communitymacaddress$:${localserver#$communityname}0 dev $j
/sbin/ip link set $j up
$batctl if add $j
fi
fi
done
)
done
# configure bat0
/sbin/ip link set address $communitymacaddress$:0${localserver#$communityname} dev bat0
/sbin/ip link set up dev bat0
/sbin/ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
/sbin/ip -6 addr add fda0:747e:ab29:7405:255::${localserver#$communityname}/64 dev bat0
/usr/bin/killall alfred
/usr/bin/killall batadv-vis
/bin/sleep 5
$alfred -i bat0 > /dev/null 2>&1 &
/bin/sleep 15
$batadv -i bat0 -s > /dev/null 2>&1 &
/usr/sbin/service bind9 restart

57
files/l2tp_backbone.sh.j2 Normal file
View File

@ -0,0 +1,57 @@
#!/bin/sh
# Version 5
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!!
communityname="troisdorf"
server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
#server="troisdorf0 {{ sn_hostname }}"
domain="freifunk-troisdorf.de"
mtu={{ sn_mtu }}
# community MAC address, without the last Byte (:)!
communitymacaddress="a2:8c:ae:6f:f6"
tunnelPrefix=10
sessionPrefix=1
# Netzwerkteil des Netzes, ohne abschliessenden Punkt
communitynetwork="10.188"
# IPv6 network
communitynetworkv6="fda0:747e:ab29:7405:255::"
# Drittes Octet des serverbereichs
octet3rd="255"
# CIDR muss /16 sein
localserver=$(/bin/hostname)
batadv=/usr/local/sbin/batadv-vis
alfred=/usr/local/sbin/alfred
batctl=/usr/local/sbin/batctl
ip=/sbin/ip
dig=/usr/bin/dig
for i in $server; do
(
for j in $server; do
if [ $i != $j ]; then
if [ $i = $localserver ]; then
ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname}
ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname}
#ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j
ip link set dev l2tp-$j mtu $mtu
ip link set up l2tp-$j
$batctl if add l2tp-$j
fi
fi
done
)
done
# Rest starten
$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0
#$ip link set address $communitymacaddress:ff dev bat0
$ip link set up dev bat0
$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
$ip -6 addr add $communitynetworkv6${localserver#$communityname}/64 dev bat0
/usr/bin/killall alfred
/usr/bin/killall batadv-vis
/bin/sleep 5
$alfred -i bat0 > /dev/null 2>&1 &
/bin/sleep 15
$batadv -i bat0 -s > /dev/null 2>&1 &
/usr/sbin/service bind9 restart

56
files/l2tp_backbone_ffswitch.sh.j2 Normal file
View File

@ -0,0 +1,56 @@
#!/bin/sh
# Version 5
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!!
communityname="troisdorf"
server="troisdorf0 troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
#server="troisdorf0 {{ sn_hostname }}"
domain="freifunk-troisdorf.de"
mtu={{ sn_mtu }}
# community MAC address, without the last Byte (:)!
communitymacaddress="a2:8c:ae:6f:f6"
tunnelPrefix=10
sessionPrefix=1
# Netzwerkteil des Netzes, ohne abschliessenden Punkt
communitynetwork="10.188"
# IPv6 network
communitynetworkv6="fda0:747e:ab29:7405:255::"
# Drittes Octet des serverbereichs
octet3rd="255"
# CIDR muss /16 sein
localserver=$(/bin/hostname)
batadv=/usr/local/sbin/batadv-vis
alfred=/usr/local/sbin/alfred
batctl=/usr/local/sbin/batctl
ip=/sbin/ip
dig=/usr/bin/dig
for i in $server; do
(
for j in $server; do
if [ $i != $j ]; then
if [ $i = $localserver ]; then
ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname}
ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname}
#ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j
ip link set dev l2tp-$j mtu $mtu
ip link set up l2tp-$j
$batctl if add l2tp-$j
fi
fi
done
)
done
# Rest starten
$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0
#$ip link set address $communitymacaddress:ff dev bat0
$ip link set up dev bat0
$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
$ip -6 addr add $communitynetworkv6${localserver#$communityname}/64 dev bat0
/usr/bin/killall alfred
/usr/bin/killall batadv-vis
/bin/sleep 5
$alfred -i bat0 > /dev/null 2>&1 &
/bin/sleep 15
$batadv -i bat0 -s > /dev/null 2>&1 &

2
files/l2tp_broker.cfg.j2
View File

@ -9,7 +9,7 @@ interface=eth0
; session with the broker
max_cookies=1024
; Maximum number of tunnels that will be allowed by the broker
max_tunnels=100
max_tunnels=150
; Tunnel port base
port_base=15000
; Tunnel id base

34
files/logrotate.conf Normal file
View File

@ -0,0 +1,34 @@
# see "man logrotate" for details
# rotate log files weekly
#weekly
daily
# keep 4 weeks worth of backlogs
#rotate 4
rotate 0
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
missingok
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0660 root utmp
rotate 1
}
# system-specific logs may be configured here

12
files/radvd.conf.j2 Normal file
View File

@ -0,0 +1,12 @@
interface bat0 {
AdvSendAdvert on;
IgnoreIfMissing on;
MaxRtrAdvInterval 200;
RDNSS {{ sn_mesh_IPv6 }} {};
prefix fda0:747e:ab29:7405::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};

57
files/sn_startup.sh.j2 Normal file
View File

@ -0,0 +1,57 @@
#!/bin/sh
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
# Stop tunneldigger until bat0 is up
/usr/sbin/service tunneldigger stop
# Set unreachable for table 200
#/bin/ip route add unreachable 0.0.0.0/0 table iffy
#while ! ping -c 1 -W 1 {{ sn_iffy_traffic }}; do
# echo "Waiting for {{ sn_iffy_traffic }} - network interface might be down..."
# sleep 5
#done
# Block RFC1918 and APIPA destination via WAN
/sbin/iptables -P OUTPUT ACCEPT
for i in 10.0.0.0/8 172.16.0.0/12 169.254.0.0/16 192.168.0.0/16; do
/sbin/iptables -A OUTPUT -o eth0 -d $i -j DROP
done
# Activate IP forwarding
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
/sbin/sysctl -w net.ipv4.ip_forward=1
/sbin/sysctl kernel.panic=1
# Routing table 200 for traffic above port 1023
#/bin/grep 200 /etc/iproute2/rt_tables || /bin/echo 200 iffy >> /etc/iproute2/rt_tables
# Set table for traffice with mark 4
#/bin/ip rule add fwmark 0x4 table iffy
# Set mark 4 to traffic above port 1023
#/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 1024:65535 -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
#/sbin/iptables -t mangle -A PREROUTING -p udp --dport 1024:65535 -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
# NAT on eth0
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Allow MAC address spoofing
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
# Set gateway for table 200
#/bin/ip route replace default via {{ sn_iffy_traffic }} table iffy
sleep 5
# Start tunneldigger
/usr/sbin/service tunneldigger restart
# radvd restart
/usr/sbin/service radvd restart
# restart DHCP
/usr/sbin/service isc-dhcp-server restart
exit 0

185
install.sn.yml
View File

@ -1,7 +1,6 @@
# First install ssh-key at remote computer
# In case of python error start:
# ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y"
# Version 3.2, gre-backbone
- name: Install Freifunk Troisdorf super node
# hosts: FreifunkSupernodesL2TP
@ -10,6 +9,8 @@
user: root
gather_facts: False
vars:
snversion: master_v1.9.3
batmanversion: v2015.2
common_required_packages:
- git
- make
@ -20,7 +21,6 @@
- libnl-3-dev
- libjansson-dev
- isc-dhcp-server
# - openvpn
- collectd
- libcap-dev
- iproute
@ -30,12 +30,17 @@
- ebtables
- python-virtualenv
- iptables-persistent
- batctl
- iftop
- screen
- bridge-utils
- tcpdump
- bind9
- radvd
- curl
- htop
- psmisc
- dnsutils
- ntp
modules_required:
- batman-adv
- nf_conntrack_netlink
@ -51,37 +56,13 @@
- tunneldigger.service
bind_zone_fftdf:
- named.conf.fftdf
# openvpn_files:
# - mullvad_linux.conf
# - mullvad.key
# - mullvad.crt
# - ca.crt
# - crl.pem
# openvpn_scripts:
# - up.sh
# - down.sh
check_gw_script:
- keepalive.sh
backbone_script:
- gre_backbone.sh
system_startup:
- "# Routing einschalten"
- /sbin/sysctl -w net.ipv6.conf.all.forwarding=1
- /sbin/sysctl -w net.ipv4.ip_forward=1
# - "# Routing Tabelle 42 fuer Freifunk anlegen, wenn noch nicht vorhanden"
# - #/bin/grep 42 /etc/iproute2/rt_tables || echo '42 42' >> /etc/iproute2/rt_tables"
# - "# Freifunk Daten sollen mit 0x1 markiert werden"
# - /sbin/iptables -t mangle -A PREROUTING -i bat0 -j MARK --set-xmark 0x1
# - "# Erstmal unreachable melden, ausser OpenVPN ist aufgebaut"
# - "#/sbin/ip route add unreachable default table 42"
# - "# Alles was mit 0x1 markiert ist soll nach Routing Tabelle 42 behandelt werden"
# - "/sbin/ip rule add from all fwmark 0x1 table 42 priority 4"
- "#NAT auf eth0 aktivieren"
- /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- "#GRE Backbone aufbauen"
- /opt/freifunk/gre_backbone.sh
authorized_keys:
- authorized_keys
logrotate_config:
- logrotate.conf
tasks:
- name: Remove cdrom in sources.list
@ -92,9 +73,6 @@
apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present
- name: Update apt cache
apt: update_cache=yes
- name: Install new kernel
apt: name=linux-image-4.2.0-0.bpo.1-amd64 state=present
register: kernel4
- name: Gathering facts
setup:
- name: Set IPv4 in hostfile
@ -104,20 +82,19 @@
when: ansible_default_ipv6.address is defined
- name: set hostname
hostname: name='{{ sn_hostname }}'
register: hostname
- name: Reboot the server
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
when: hosts.changed
when: hostname.changed
register: sethostname
- name: disable multi CPU Kernel (SMP)
lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present
register: grubnosmp
- name: Update grub
shell: update-grub2
when: grubnosmp.changed
- name: Reboot the server
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
when: sethostname.changed
- name: waiting for server to come back
local_action:
wait_for
@ -126,14 +103,14 @@
delay=15
timeout=300
when: hosts.changed
when: hostname.changed
when: sethostname.changed
- apt: update_cache=yes
- name: Install common required packages
apt: state=installed pkg={{ item }}
with_items: common_required_packages
register: apt_updates
- name: Install Linux headers
shell: "apt-get install linux-headers-$(uname -r) -y"
when: apt_updates.changed
register: aptupdates
- name: Set clock
shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start
- name: Add modules
lineinfile: dest=/etc/modules line={{ item }}
with_items: modules_required
@ -142,10 +119,44 @@
modprobe: name={{ item }}
with_items: modules_required
when: modules_req.changed
- name: Install Linux headers
shell: >
apt-get install linux-headers-$(uname -r) -y
when: aptupdates.changed
- name: Get batman-adv
git: repo=https://git.open-mesh.org/batman-adv.git
dest=/tmp/batman-adv
when: aptupdates.changed
register: getbatman
- name: Get batman-adv no rebrotcast patch
get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch
when: getbatman.changed
- name: Install batman-adv
shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install
# shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install
when: getbatman.changed
- name: Get batctl
git: repo=http://git.open-mesh.org/batctl.git
dest=/tmp/batctl
when: aptupdates.changed
register: getbatctl
- name: Install batctl
shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install
when: getbatctl.changed
- name: Get alfred
git: repo=http://git.open-mesh.org/alfred.git
dest=/tmp/alfred
when: aptupdates.changed
register: getalfred
- name: Install alfred
shell: cd /tmp/alfred && git checkout {{ batmanversion }} && make && make install
when: getalfred.changed
- name: Get Tunneldigger
git: repo=https://github.com/wlanslovenija/tunneldigger.git
# git: repo=https://github.com/wlanslovenija/tunneldigger.git
git: repo=https://github.com/ffrl/tunneldigger.git
dest=/srv/tunneldigger
register: tunneldigger
when: aptupdates.changed
- name: Configure tunneldigger
command: "{{item}}"
with_items:
@ -174,26 +185,9 @@
- systemctl daemon-reload
- systemctl enable tunneldigger.service
when: tunneldigger.changed
- name: Check if alfred is installed
command: dpkg-query -W alfred
register: alfred_check_deb
failed_when: alfred_check_deb.rc > 1
changed_when: alfred_check_deb.rc == 1
- name: Download alfred
get_url:
url="https://firmware.freifunk-wuppertal.net/deb/alfred_2015.0_amd64.deb"
dest="/tmp/alfred_2015.0_amd64.deb"
when: alfred_check_deb.rc == 1
- name: Install alfred
apt: deb="/tmp/alfred_2015.0_amd64.deb"
sudo: False
when: alfred_check_deb.rc == 1
# - name: copy openvpn files
# copy: src=./files/{{ item }} dest=/etc/openvpn owner=root group=root mode=0400
# with_items: openvpn_files
# - name: copy openvpn scripts
# copy: src=./files/{{ item }} dest=/etc/openvpn owner=root group=root mode=0500
# with_items: openvpn_scripts
- name: Copy logrotate config
copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500
with_items: logrotate_config
- name: Create freifunk directory
file: path=/opt/freifunk state=directory mode=0755
- name: Check gateway / keepalive script
@ -205,21 +199,34 @@
when: check_gw.changed
- name: Copy dhcpd template file
template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
register: dhcpd
- name: Clone static DHCP config
git: repo=https://github.com/Freifunk-Troisdorf/static-dhcp
dest=/opt/freifunk/static-dhcp
when: dhcpd.changed
- name: Add cron static DHCP
cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh"
when: dhcpd.changed
- name: Restart dhcpd
service: name=isc-dhcp-server state=restarted
when: dhcpd.changed
ignore_errors: yes
- name: Add cron backbone script
cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh"
- name: Add cron startup script
cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh"
- name: Copy backbone script
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
with_items: backbone_script
template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
- name: Collectd template file
template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
- name: configure rc.local 1st
lineinfile: dest=/etc/rc.local line="{{ item }}" state=present
with_items: system_startup
register: rc
- name: configure rc.local 2nd
lineinfile: dest=/etc/rc.local line="exit 0" state=absent
when: rc.changed
- name: configure rc.local 3rd
lineinfile: dest=/etc/rc.local line="exit 0" state=present
when: rc.changed
register: collectd
- name: Restart collectd
service: name=collectd state=restarted
when: collectd.changed
- name: configure startup script
template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
- name: SSH authorized_keys
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
with_items: authorized_keys
@ -230,12 +237,20 @@
lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present
- name: Copy option template
template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
- name: Copy radvd config template
template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444
- name: Alfed message
template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544
- name: Add cron job with alfred info script
cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root"
- name: Reboot the server finally
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
when: tunneldigger.changed
- name: Wirte version information
shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version
- name: waiting for server to come back
local_action:
wait_for
@ -244,7 +259,11 @@
delay=15
timeout=300
when: tunneldigger.changed
- name: Alfed message
template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544
- name: Add cron job with alfred info script
cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root"
- name: Send notification message via Slack
local_action:
module: slack
token: "{{ slack_token }}"
msg: "{{ inventory_hostname }} completed with {{ snversion }}"
channel: "#technik"
username: "Ansible on {{ inventory_hostname }}"
parse: 'none'