Merge 57e6976ca9 into 6e11ce3510
This commit is contained in:
stebifan
commit
78c80dd7a8
@ -4,10 +4,10 @@ option domain-name "fftdf";
|
|||||||
default-lease-time 300;
|
default-lease-time 300;
|
||||||
max-lease-time 3600;
|
max-lease-time 3600;
|
||||||
log-facility local7;
|
log-facility local7;
|
||||||
subnet 10.188.0.0 netmask 255.255.0.0 {
|
subnet {{ sn_mesh_IPv4_net }} netmask 255.255.224.0 {
|
||||||
authoritative;
|
authoritative;
|
||||||
range {{ sn_dhcp_range }};
|
range {{ sn_dhcp_range }};
|
||||||
option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns_v4 }};
|
option domain-name-servers {{ sn_mesh_IPv4 }};
|
||||||
option routers {{ sn_mesh_IPv4 }};
|
option routers {{ sn_mesh_IPv4 }};
|
||||||
option interface-mtu {{ sn_mtu }};
|
option interface-mtu {{ sn_mtu }};
|
||||||
interface bat0;
|
interface bat0;
|
||||||
|
|||||||
@ -6,17 +6,10 @@ authoritative;
|
|||||||
default-lease-time 300;
|
default-lease-time 300;
|
||||||
max-lease-time 600;
|
max-lease-time 600;
|
||||||
|
|
||||||
#option dhcp6.name-servers {{ sn_mesh_IPv6 }};
|
option dhcp6.name-servers {{ sn_mesh_IPv6 }};
|
||||||
option dhcp6.name-servers {{ sn_mesh_IPv6 }}, {{ sn_dhcp_dns_v6 }};
|
|
||||||
|
|
||||||
option dhcp6.domain-search "fftdf";
|
option dhcp6.domain-search "fftdf";
|
||||||
|
|
||||||
subnet6 2a03:2260:121::/64 {
|
subnet6 {{ sn_mesh_IPv6_net }} {
|
||||||
#
|
|
||||||
# # Range for clients
|
|
||||||
# range6 2a03:2260:121::201 2a03:2260:121::ffff;
|
|
||||||
#
|
|
||||||
# # Range for clients requesting a temporary address
|
|
||||||
# range6 2a03:2260:121::/64 temporary;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
22
files/fftdf/db.fftdf
Normal file
22
files/fftdf/db.fftdf
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
;; db.fftdf
|
||||||
|
;; Forwardlookupzone für .fftdf
|
||||||
|
;;
|
||||||
|
$TTL 600
|
||||||
|
@ IN SOA fftdf. root.fftdf. (
|
||||||
|
2015584543 ; Serial
|
||||||
|
8H ; Refresh
|
||||||
|
2H ; Retry
|
||||||
|
4W ; Expire
|
||||||
|
3H ) ; NX (TTL Negativ Cache)
|
||||||
|
|
||||||
|
@ IN NS {{ sn_hostname }}.infra.fftdf.
|
||||||
|
IN A {{ sn_mesh_ipv4 }}
|
||||||
|
IN AAAA {{ sn_mesh_ipv6 }}
|
||||||
|
localhost IN A 127.0.0.1
|
||||||
|
IN AAAA ::1
|
||||||
|
nextnode IN A 10.188.0.1
|
||||||
|
IN AAAA 2a03:2260:121::1
|
||||||
|
;; Update Servers
|
||||||
|
update1.infra IN AAAA 2a03:2260:121::22
|
||||||
|
update2.infra IN AAAA 2a03:2260:121::23
|
||||||
|
update3.infra IN AAAA 2a03:2260:121::24
|
||||||
6
files/fftdf/fftdf.conf
Normal file
6
files/fftdf/fftdf.conf
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
// Zone declarations for Freifunk Troisdorf
|
||||||
|
|
||||||
|
zone "fftdf" {
|
||||||
|
type master;
|
||||||
|
file "/etc/bind/fftdf/db.fftdf";
|
||||||
|
};
|
||||||
@ -1,5 +1,8 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# Version 6
|
# Version 8
|
||||||
|
|
||||||
|
sleep 120
|
||||||
|
|
||||||
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!!
|
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!!
|
||||||
communityname="troisdorf"
|
communityname="troisdorf"
|
||||||
server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
|
server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
|
||||||
@ -11,12 +14,12 @@ communitymacaddress="a2:8c:ae:6f:f6"
|
|||||||
tunnelPrefix=10
|
tunnelPrefix=10
|
||||||
sessionPrefix=1
|
sessionPrefix=1
|
||||||
# Netzwerkteil des Netzes, ohne abschliessenden Punkt
|
# Netzwerkteil des Netzes, ohne abschliessenden Punkt
|
||||||
communitynetwork="10.188"
|
#communitynetwork="10.188"
|
||||||
# IPv6 network
|
# IPv6 network
|
||||||
#communitynetworkv6="fda0:747e:ab29:7405:255::"
|
#communitynetworkv6="fda0:747e:ab29:7405:255::"
|
||||||
communitynetworkv6="2a03:2260:121::"
|
#communitynetworkv6="2a03:2260:121::"
|
||||||
# Drittes Octet des serverbereichs
|
# Drittes Octet des serverbereichs
|
||||||
octet3rd="255"
|
#octet3rd="255"
|
||||||
# CIDR muss /16 sein
|
# CIDR muss /16 sein
|
||||||
localserver=$(/bin/hostname)
|
localserver=$(/bin/hostname)
|
||||||
batadv=/usr/local/sbin/batadv-vis
|
batadv=/usr/local/sbin/batadv-vis
|
||||||
@ -24,30 +27,32 @@ batctl=/usr/local/sbin/batctl
|
|||||||
ip=/sbin/ip
|
ip=/sbin/ip
|
||||||
dig=/usr/bin/dig
|
dig=/usr/bin/dig
|
||||||
|
|
||||||
for i in $server; do
|
#for i in $server; do
|
||||||
(
|
#(
|
||||||
for j in $server; do
|
# for j in $server; do
|
||||||
if [ $i != $j ]; then
|
# if [ $i != $j ]; then
|
||||||
if [ $i = $localserver ]; then
|
# if [ $i = $localserver ]; then
|
||||||
ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname}
|
# ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname}
|
||||||
ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname}
|
# ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname}
|
||||||
#ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j
|
# #ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j
|
||||||
ip link set dev l2tp-$j mtu $mtu
|
# ip link set dev l2tp-$j mtu $mtu
|
||||||
ip link set up l2tp-$j
|
# ip link set up l2tp-$j
|
||||||
$batctl if add l2tp-$j
|
# $batctl if add l2tp-$j
|
||||||
fi
|
# fi
|
||||||
fi
|
# fi
|
||||||
done
|
# done
|
||||||
)
|
#)
|
||||||
done
|
#done
|
||||||
|
|
||||||
# Rest starten
|
# Rest starten
|
||||||
$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0
|
$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0
|
||||||
$ip link set up dev bat0
|
$ip link set up dev bat0
|
||||||
$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
|
$ip addr add {{ sn_mesh_IPv4 }}/19 broadcast {{ sn_mesh_IPv4_brcast }} dev bat0
|
||||||
$ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 dev bat0
|
$ip -6 addr add {{ sn_mesh_IPv6 }}/64 dev bat0
|
||||||
$ip route add {{ snx_ffrl_IPv4 }}/32 via {{ snx_mesh_IPv4 }} table 42
|
$ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }} table 42
|
||||||
$ip route add {{ snx_ffrl_IPv4 }}/32 via {{ snx_mesh_IPv4 }}
|
$ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }}
|
||||||
|
$ip -6 route add 2a03:2260:121::/56 via {{ sn_mesh_IPv6_xfer }} table 42
|
||||||
|
$ip -6 route add 2a03:2260:121::/56 via {{ sn_mesh_IPv6_xfer }}
|
||||||
|
|
||||||
/usr/bin/killall batadv-vis
|
/usr/bin/killall batadv-vis
|
||||||
/bin/sleep 15
|
/bin/sleep 15
|
||||||
|
|||||||
51
files/l2tp_broker-backup.cfg
Normal file
51
files/l2tp_broker-backup.cfg
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
[broker]
|
||||||
|
; IP address the broker will listen and accept tunnels on
|
||||||
|
address={{ ansible_default_ipv4.address }}
|
||||||
|
; Ports where the broker will listen on
|
||||||
|
port={{ sn_l2tp_tb_backup_port }}
|
||||||
|
; Interface with that IP address
|
||||||
|
interface=eth0
|
||||||
|
; Maximum number of cached cookies, required for establishing a
|
||||||
|
; session with the broker
|
||||||
|
max_cookies=1024
|
||||||
|
; Maximum number of tunnels that will be allowed by the broker
|
||||||
|
max_tunnels=150
|
||||||
|
; Tunnel port base
|
||||||
|
port_base=25000
|
||||||
|
; Tunnel id base
|
||||||
|
tunnel_id_base=500
|
||||||
|
; Tunnel timeout interval in seconds
|
||||||
|
tunnel_timeout=60
|
||||||
|
; Should PMTU discovery be enabled
|
||||||
|
pmtu_discovery=false
|
||||||
|
; Namespace (for running multiple brokers); note that you must also
|
||||||
|
; configure disjunct ports, and tunnel identifiers in order for
|
||||||
|
; namespacing to work
|
||||||
|
namespace=backup
|
||||||
|
|
||||||
|
[log]
|
||||||
|
; Log filename
|
||||||
|
filename=/var/log/tunneldigger-broker-backup.log
|
||||||
|
; Verbosity
|
||||||
|
verbosity=DEBUG
|
||||||
|
; Should IP addresses be logged or not
|
||||||
|
log_ip_addresses=false
|
||||||
|
|
||||||
|
[hooks]
|
||||||
|
; Arguments to the session.{up,pre-down,down} hooks are as follows:
|
||||||
|
;
|
||||||
|
; <tunnel_id> <session_id> <interface> <mtu> <endpoint_ip> <endpoint_port> <local_port>
|
||||||
|
;
|
||||||
|
; Arguments to the session.mtu-changed hook are as follows:
|
||||||
|
;
|
||||||
|
; <tunnel_id> <session_id> <interface> <old_mtu> <new_mtu>
|
||||||
|
;
|
||||||
|
|
||||||
|
; Called after the tunnel interface goes up
|
||||||
|
session.up=/srv/tunneldigger/bataddif.sh
|
||||||
|
; Called just before the tunnel interface goes down
|
||||||
|
session.pre-down=/srv/tunneldigger/batdelif.sh
|
||||||
|
; Called after the tunnel interface goes down
|
||||||
|
session.down=
|
||||||
|
; Called after the tunnel MTU gets changed because of PMTU discovery
|
||||||
|
session.mtu-changed=
|
||||||
@ -1,6 +0,0 @@
|
|||||||
zone "fftdf" {
|
|
||||||
type slave;
|
|
||||||
masters { 10.188.1.100; };
|
|
||||||
file "/var/lib/bind/db.fftdf";
|
|
||||||
};
|
|
||||||
|
|
||||||
10
files/named.conf.local
Normal file
10
files/named.conf.local
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
//
|
||||||
|
// Do any local configuration here
|
||||||
|
//
|
||||||
|
|
||||||
|
// Consider adding the 1918 zones here, if they are not used in your
|
||||||
|
// organization
|
||||||
|
//include "/etc/bind/zones.rfc1918";
|
||||||
|
|
||||||
|
// Include Freifunk Troisdorf (fftdf) zones
|
||||||
|
include "/etc/bind/fftdf/fftdf.conf";
|
||||||
@ -3,8 +3,7 @@ interface bat0 {
|
|||||||
IgnoreIfMissing on;
|
IgnoreIfMissing on;
|
||||||
MaxRtrAdvInterval 200;
|
MaxRtrAdvInterval 200;
|
||||||
RDNSS {{ sn_mesh_IPv6 }} {};
|
RDNSS {{ sn_mesh_IPv6 }} {};
|
||||||
# prefix fda0:747e:ab29:7405::/64 {
|
prefix {{ sn_mesh_IPv6_net }} {
|
||||||
prefix 2a03:2260:121::/64 {
|
|
||||||
AdvOnLink on;
|
AdvOnLink on;
|
||||||
AdvAutonomous on;
|
AdvAutonomous on;
|
||||||
AdvRouterAddr on;
|
AdvRouterAddr on;
|
||||||
|
|||||||
@ -19,11 +19,11 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted",
|
|||||||
|
|
||||||
# Set mark 4 to Freifunk traffic
|
# Set mark 4 to Freifunk traffic
|
||||||
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
|
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
|
||||||
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4
|
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
|
||||||
|
|
||||||
# All from FF IPv4 via routing table 42
|
# All from FF IPv4 via routing table 42
|
||||||
/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
|
/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
|
||||||
/bin/ip -6 rule add from 2a03:2260:121::/64 lookup 42
|
/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42
|
||||||
|
|
||||||
# Allow MAC address spoofing
|
# Allow MAC address spoofing
|
||||||
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
|
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
|
||||||
|
|||||||
9
files/start-broker-backup.sh
Normal file
9
files/start-broker-backup.sh
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
WDIR=/srv/tunneldigger
|
||||||
|
VIRTUALENV_DIR=/srv/tunneldigger
|
||||||
|
|
||||||
|
cd $WDIR
|
||||||
|
source $VIRTUALENV_DIR/bin/activate
|
||||||
|
|
||||||
|
bin/python broker/l2tp_broker.py l2tp_broker-backup.cfg
|
||||||
9
files/tunneldigger-backup.service
Normal file
9
files/tunneldigger-backup.service
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
[Unit]
|
||||||
|
Description = Start tunneldigger L2TPv3 broker
|
||||||
|
After = network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart = /srv/tunneldigger/start-broker-backup.sh
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy = multi-user.target
|
||||||
@ -3,7 +3,6 @@
|
|||||||
# ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y"
|
# ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y"
|
||||||
|
|
||||||
- name: Install Freifunk Troisdorf super node
|
- name: Install Freifunk Troisdorf super node
|
||||||
# hosts: FreifunkSupernodesL2TP
|
|
||||||
hosts: '{{ target }}'
|
hosts: '{{ target }}'
|
||||||
sudo: False
|
sudo: False
|
||||||
user: root
|
user: root
|
||||||
@ -51,9 +50,14 @@
|
|||||||
- l2tp_eth
|
- l2tp_eth
|
||||||
tunneldigger_scripts:
|
tunneldigger_scripts:
|
||||||
- start-broker.sh
|
- start-broker.sh
|
||||||
|
- start-broker-backup.sh
|
||||||
- batdelif.sh
|
- batdelif.sh
|
||||||
tunneldigger_service:
|
tunneldigger_service:
|
||||||
- tunneldigger.service
|
- tunneldigger.service
|
||||||
|
- tunneldigger-backup.service
|
||||||
|
broker_cfg:
|
||||||
|
- l2tp_broker.cfg-backup.j2
|
||||||
|
- l2tp_broker.cfg.j2
|
||||||
bind_zone_fftdf:
|
bind_zone_fftdf:
|
||||||
- named.conf.fftdf
|
- named.conf.fftdf
|
||||||
check_gw_script:
|
check_gw_script:
|
||||||
@ -71,8 +75,6 @@
|
|||||||
raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list"
|
raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list"
|
||||||
- name: Make this server ansible compatible
|
- name: Make this server ansible compatible
|
||||||
raw: "apt-get update && apt-get install python -y"
|
raw: "apt-get update && apt-get install python -y"
|
||||||
# - name: Add backport repo to source list #target: /etc/apt/sources.list.d
|
|
||||||
# apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present
|
|
||||||
- name: Update apt cache
|
- name: Update apt cache
|
||||||
apt: update_cache=yes
|
apt: update_cache=yes
|
||||||
- name: Gathering facts
|
- name: Gathering facts
|
||||||
@ -125,17 +127,14 @@
|
|||||||
shell: >
|
shell: >
|
||||||
apt-get install linux-headers-$(uname -r) -y
|
apt-get install linux-headers-$(uname -r) -y
|
||||||
when: aptupdates.changed
|
when: aptupdates.changed
|
||||||
|
# Install Batman-adv and batctl #
|
||||||
- name: Get batman-adv
|
- name: Get batman-adv
|
||||||
git: repo=https://git.open-mesh.org/batman-adv.git
|
git: repo=https://git.open-mesh.org/batman-adv.git
|
||||||
dest=/tmp/batman-adv
|
dest=/tmp/batman-adv
|
||||||
when: aptupdates.changed
|
when: aptupdates.changed
|
||||||
register: getbatman
|
register: getbatman
|
||||||
# - name: Get batman-adv no rebrotcast patch
|
|
||||||
# get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch
|
|
||||||
# when: getbatman.changed
|
|
||||||
- name: Install batman-adv
|
- name: Install batman-adv
|
||||||
shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install
|
shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install
|
||||||
# shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install
|
|
||||||
when: getbatman.changed
|
when: getbatman.changed
|
||||||
- name: Get batctl
|
- name: Get batctl
|
||||||
git: repo=http://git.open-mesh.org/batctl.git
|
git: repo=http://git.open-mesh.org/batctl.git
|
||||||
@ -145,8 +144,8 @@
|
|||||||
- name: Install batctl
|
- name: Install batctl
|
||||||
shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install
|
shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install
|
||||||
when: getbatctl.changed
|
when: getbatctl.changed
|
||||||
|
# Install Tunneldigger #
|
||||||
- name: Get Tunneldigger
|
- name: Get Tunneldigger
|
||||||
# git: repo=https://github.com/wlanslovenija/tunneldigger.git
|
|
||||||
git: repo=https://github.com/ffrl/tunneldigger.git
|
git: repo=https://github.com/ffrl/tunneldigger.git
|
||||||
dest=/srv/tunneldigger
|
dest=/srv/tunneldigger
|
||||||
register: tunneldigger
|
register: tunneldigger
|
||||||
@ -160,7 +159,8 @@
|
|||||||
pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/
|
pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/
|
||||||
when: tunneldigger.changed
|
when: tunneldigger.changed
|
||||||
- name: Copy l2tp broker config template
|
- name: Copy l2tp broker config template
|
||||||
template: src=./files/l2tp_broker.cfg.j2 dest=/srv/tunneldigger/l2tp_broker.cfg owner=root group=root mode=0444
|
template: src=./files/{{ item }} dest=/srv/ owner=root group=root mode=0444
|
||||||
|
with_items: broker_cfg
|
||||||
when: tunneldigger.changed
|
when: tunneldigger.changed
|
||||||
- name: Copy tunneldigger script template
|
- name: Copy tunneldigger script template
|
||||||
template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500
|
template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500
|
||||||
@ -170,7 +170,7 @@
|
|||||||
with_items: tunneldigger_scripts
|
with_items: tunneldigger_scripts
|
||||||
when: tunneldigger.changed
|
when: tunneldigger.changed
|
||||||
- name: Copy tunneldigger service file
|
- name: Copy tunneldigger service file
|
||||||
copy: src=./files/{{ item }} dest=/etc/systemd/system/tunneldigger.service owner=root group=root mode=0444
|
copy: src=./files/{{ item }} dest=/etc/systemd/system/ owner=root group=root mode=0444
|
||||||
with_items: tunneldigger_service
|
with_items: tunneldigger_service
|
||||||
when: tunneldigger.changed
|
when: tunneldigger.changed
|
||||||
- name: Tunneldigger reload
|
- name: Tunneldigger reload
|
||||||
@ -246,13 +246,17 @@
|
|||||||
- name: SSH authorized_keys
|
- name: SSH authorized_keys
|
||||||
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
|
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
|
||||||
with_items: authorized_keys
|
with_items: authorized_keys
|
||||||
- name: Copy secondary zone file
|
|
||||||
copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644
|
|
||||||
with_items: bind_zone_fftdf
|
|
||||||
- name: Bind9, activate fftdf zone
|
- name: Bind9, activate fftdf zone
|
||||||
lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present
|
lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/fftdf/fftdf.conf";' state=present
|
||||||
- name: Copy option template
|
- name: Copy option template
|
||||||
template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
|
template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
|
||||||
|
- name: Create fftdf directory
|
||||||
|
file: path=/etc/bind/fftdf state=directory
|
||||||
|
- name: Copy FFTDF Zones
|
||||||
|
copy: src=./files/fftdf/{{ item }} dest=/etc/bind/fftdf/{{ item }} owner=root group=bind mode=644
|
||||||
|
with_items:
|
||||||
|
- fftdf.conf
|
||||||
|
- db.fftdf
|
||||||
- name: Copy radvd config template
|
- name: Copy radvd config template
|
||||||
template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444
|
template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444
|
||||||
- name: Interface configuration with ffrl gre tunnel
|
- name: Interface configuration with ffrl gre tunnel
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user