diff --git a/files/bird-troisdorf1.conf b/files/bird-troisdorf4.conf similarity index 100% rename from files/bird-troisdorf1.conf rename to files/bird-troisdorf4.conf diff --git a/files/bird-troisdorf2.conf b/files/bird-troisdorf7.conf similarity index 100% rename from files/bird-troisdorf2.conf rename to files/bird-troisdorf7.conf diff --git a/files/bird6-troisdorf1.conf b/files/bird6-troisdorf4.conf similarity index 97% rename from files/bird6-troisdorf1.conf rename to files/bird6-troisdorf4.conf index 08566f9..570e6fa 100644 --- a/files/bird6-troisdorf1.conf +++ b/files/bird6-troisdorf4.conf @@ -42,7 +42,7 @@ return net ~ [ fc00::/7{48,64}, } filter hostroute { - if net ~ 2a03:2260:121::/48 then accept; + if net ~ 2a03:2260:121:4000::/52 then accept; reject; } diff --git a/files/bird6-troisdorf5.conf b/files/bird6-troisdorf5.conf index 37d46b5..d2cc760 100644 --- a/files/bird6-troisdorf5.conf +++ b/files/bird6-troisdorf5.conf @@ -44,7 +44,7 @@ return net ~ [ fc00::/7{48,64}, } filter hostroute { - if net ~ 2a03:2260:121::/48 then accept; + if net ~ 2a03:2260:121:5000::/52 then accept; reject; } diff --git a/files/bird6-troisdorf6.conf b/files/bird6-troisdorf6.conf index 944c19d..0864ac2 100644 --- a/files/bird6-troisdorf6.conf +++ b/files/bird6-troisdorf6.conf @@ -44,7 +44,7 @@ return net ~ [ fc00::/7{48,64}, } filter hostroute { - if net ~ 2a03:2260:121::/48 then accept; + if net ~ 2a03:2260:121:6000::/52 then accept; reject; } diff --git a/files/bird6-troisdorf2.conf b/files/bird6-troisdorf7.conf similarity index 97% rename from files/bird6-troisdorf2.conf rename to files/bird6-troisdorf7.conf index b2c0aa0..05f087f 100644 --- a/files/bird6-troisdorf2.conf +++ b/files/bird6-troisdorf7.conf @@ -42,7 +42,7 @@ return net ~ [ fc00::/7{48,64}, } filter hostroute { - if net ~ 2a03:2260:121::/48 then accept; + if net ~ 2a03:2260:121:7000::/52 then accept; reject; } diff --git a/files/dhcpd.conf.j2 b/files/dhcpd.conf.j2 index e226e31..899c9fd 100644 --- a/files/dhcpd.conf.j2 +++ b/files/dhcpd.conf.j2 @@ -7,7 +7,7 @@ log-facility local7; subnet 10.188.0.0 netmask 255.255.0.0 { authoritative; range {{ sn_dhcp_range }}; -option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns_v4 }}; +option domain-name-servers {{ sn_mesh_IPv4 }}; option routers {{ sn_mesh_IPv4 }}; option interface-mtu {{ sn_mtu }}; interface bat0; diff --git a/files/dhcpd6.conf.j2 b/files/dhcpd6.conf.j2 index e16eb8b..2a79b20 100644 --- a/files/dhcpd6.conf.j2 +++ b/files/dhcpd6.conf.j2 @@ -6,17 +6,10 @@ authoritative; default-lease-time 300; max-lease-time 600; -#option dhcp6.name-servers {{ sn_mesh_IPv6 }}; -option dhcp6.name-servers {{ sn_mesh_IPv6 }}, {{ sn_dhcp_dns_v6 }}; +option dhcp6.name-servers {{ sn_mesh_IPv6 }}; option dhcp6.domain-search "fftdf"; -subnet6 2a03:2260:121::/64 { -# -# # Range for clients -# range6 2a03:2260:121::201 2a03:2260:121::ffff; -# -# # Range for clients requesting a temporary address -# range6 2a03:2260:121::/64 temporary; +subnet6 {{ sn_mesh_IPv6_net }} { } diff --git a/files/fftdf/db.fftdf.j2 b/files/fftdf/db.fftdf.j2 new file mode 100644 index 0000000..da6b5b6 --- /dev/null +++ b/files/fftdf/db.fftdf.j2 @@ -0,0 +1,25 @@ +;; db.fftdf +;; Forwardlookupzone für .fftdf +;; +$TTL 600 +@ IN SOA fftdf. root.fftdf. ( + 2015584543 ; Serial + 8H ; Refresh + 2H ; Retry + 4W ; Expire + 3H ) ; NX (TTL Negativ Cache) + +@ IN NS {{ sn_hostname }}.infra.fftdf. + IN A {{ sn_mesh_IPv4 }} + IN AAAA {{ sn_mesh_IPv6 }} +localhost IN A 127.0.0.1 + IN AAAA ::1 +nextnode IN A 10.188.0.1 + IN AAAA 2a03:2260:121::1 +;;This Supernode +{{ sn_hostname }}.infra IN A {{ sn_mesh_IPv4 }} + IN AAAA {{ sn_mesh_IPv6 }} +;; Update Servers +update1.infra IN AAAA 2a03:2260:121::22 +update2.infra IN AAAA 2a03:2260:121::23 +update3.infra IN AAAA 2a03:2260:121::24 diff --git a/files/fftdf/fftdf.conf b/files/fftdf/fftdf.conf new file mode 100644 index 0000000..e94dfa6 --- /dev/null +++ b/files/fftdf/fftdf.conf @@ -0,0 +1,6 @@ +// Zone declarations for Freifunk Troisdorf + +zone "fftdf" { + type master; + file "/etc/bind/fftdf/db.fftdf"; +}; \ No newline at end of file diff --git a/files/interfaces-troisdorf1 b/files/interfaces-troisdorf4 similarity index 86% rename from files/interfaces-troisdorf1 rename to files/interfaces-troisdorf4 index f045727..3784e32 100644 --- a/files/interfaces-troisdorf1 +++ b/files/interfaces-troisdorf4 @@ -9,12 +9,16 @@ iface lo inet loopback up ip address add 185.66.193.104/32 dev lo iface lo inet6 loopback - up ip address add 2a03:2260:121::104/48 dev lo + up ip address add 2a03:2260:121:4000::105/52 dev lo # The primary network interface allow-hotplug eth0 -iface eth0 inet dhcp +iface eth0 inet static + address 212.129.50.141 + netmask 255.255.255.255 + gateway 163.172.210.1 + pointopoint 163.172.210.1 post-up iptables -P OUTPUT ACCEPT post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP @@ -22,8 +26,8 @@ iface eth0 inet dhcp post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE auto 6to4 - iface 6to4 inet6 6to4 - local 163.172.27.8 + iface 6to4 inet6 6to4 + local 212.129.50.141 # GRE Tunnel zum Rheinland Backbone # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen @@ -33,7 +37,7 @@ auto gre-bb-a.ak.ber iface gre-bb-a.ak.ber inet static address 100.64.6.13 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.195.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.195.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -50,7 +54,7 @@ auto gre-bb-b.ak.ber iface gre-bb-b.ak.ber inet static address 100.64.6.19 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.195.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.195.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -68,7 +72,7 @@ auto gre-bb-a.ix.dus iface gre-bb-a.ix.dus inet static address 100.64.6.17 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.193.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.193.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -86,7 +90,7 @@ auto gre-bb-b.ix.dus iface gre-bb-b.ix.dus inet static address 100.64.6.23 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.193.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.193.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -103,7 +107,7 @@ auto gre-bb-a.fra3.f iface gre-bb-a.fra3.f inet static address 100.64.6.15 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.194.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.194.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -121,7 +125,7 @@ auto gre-bb-b.fra3.f iface gre-bb-b.fra3.f inet static address 100.64.6.21 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.194.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.194.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 diff --git a/files/interfaces-troisdorf5 b/files/interfaces-troisdorf5 index 6a296de..fea611f 100644 --- a/files/interfaces-troisdorf5 +++ b/files/interfaces-troisdorf5 @@ -9,12 +9,16 @@ iface lo inet loopback up ip address add 185.66.193.105/32 dev lo iface lo inet6 loopback - up ip address add 2a03:2260:121::105/48 dev lo + up ip address add 203:2260:121:5000::105/52 dev lo # The primary network interface allow-hotplug eth0 -iface eth0 inet dhcp +iface eth0 inet static + address 62.210.5.90 + netmask 255.255.255.255 + gateway 163.172.210.1 + pointopoint 163.172.210.1 post-up iptables -P OUTPUT ACCEPT post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP @@ -23,7 +27,7 @@ iface eth0 inet dhcp post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE auto 6to4 iface 6to4 inet6 6to4 - local 138.201.54.123 + local 62.210.5.90 # GRE Tunnel zum Rheinland Backbone # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen @@ -33,7 +37,7 @@ auto gre-bb-a.ak.ber iface gre-bb-a.ak.ber inet static address 100.64.2.151 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.195.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.195.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -50,7 +54,7 @@ auto gre-bb-b.ak.ber iface gre-bb-b.ak.ber inet static address 100.64.2.153 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.195.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.195.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -68,7 +72,7 @@ auto gre-bb-a.ix.dus iface gre-bb-a.ix.dus inet static address 100.64.2.155 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.193.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.193.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -86,7 +90,7 @@ auto gre-bb-b.ix.dus iface gre-bb-b.ix.dus inet static address 100.64.2.157 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.193.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.193.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 diff --git a/files/interfaces-troisdorf6 b/files/interfaces-troisdorf6 index 9b12f50..ceb6352 100644 --- a/files/interfaces-troisdorf6 +++ b/files/interfaces-troisdorf6 @@ -9,17 +9,17 @@ iface lo inet loopback up ip address add 185.66.193.106/32 dev lo iface lo inet6 loopback - up ip address add 2a03:2260:121::106/48 dev lo + up ip address add 2a03:2260:121:6000::105/52 dev lo # The primary network interface allow-hotplug eth0 #iface eth0 inet dhcp iface eth0 inet static - address 46.4.138.189 - netmask 255.255.255.192 - gateway 46.4.138.129 - dns-nameserver 213.133.100.100 213.133.99.99 213.133.98.98 + address 62.210.12.122 + netmask 255.255.255.255 + gateway 163.172.210.1 + pointopoint 163.172.210.1 post-up iptables -P OUTPUT ACCEPT post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP @@ -27,10 +27,9 @@ iface eth0 inet static post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -iface eth0 inet6 static - address 2a01:4f8:11d:600::189 - netmask 59 - gateway 2a01:4f8:11d:600::1 +auto 6to4 + iface 6to4 inet6 6to4 + local 62.210.12.122 post-up ip6tables -P OUTPUT ACCEPT post-up ip6tables -A OUTPUT -o eth0 -d fc00::/7 -j DROP @@ -42,7 +41,7 @@ auto gre-bb-a.ak.ber iface gre-bb-a.ak.ber inet static address 100.64.2.159 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.195.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.195.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -59,7 +58,7 @@ auto gre-bb-b.ak.ber iface gre-bb-b.ak.ber inet static address 100.64.2.161 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.195.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.195.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -77,7 +76,7 @@ auto gre-bb-a.ix.dus iface gre-bb-a.ix.dus inet static address 100.64.2.163 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.193.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.193.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -95,7 +94,7 @@ auto gre-bb-b.ix.dus iface gre-bb-b.ix.dus inet static address 100.64.2.165 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.193.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.193.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 diff --git a/files/interfaces-troisdorf2 b/files/interfaces-troisdorf7 similarity index 86% rename from files/interfaces-troisdorf2 rename to files/interfaces-troisdorf7 index cafe075..a17ba81 100644 --- a/files/interfaces-troisdorf2 +++ b/files/interfaces-troisdorf7 @@ -9,12 +9,16 @@ iface lo inet loopback up ip address add 185.66.193.107/32 dev lo iface lo inet6 loopback - up ip address add 2a03:2260:121::107/48 dev lo + up ip address add 2a03:2260:121:7000::105/52 dev lo # The primary network interface allow-hotplug eth0 -iface eth0 inet dhcp +iface eth0 inet static + address 212.83.154.70 + netmask 255.255.255.255 + gateway 163.172.210.1 + pointopoint 163.172.210.1 post-up iptables -P OUTPUT ACCEPT post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP @@ -22,8 +26,8 @@ iface eth0 inet dhcp post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE auto 6to4 - iface 6to4 inet6 6to4 - local 163.172.28.228 + iface 6to4 inet6 6to4 + local 163.172.194.197 # GRE Tunnel zum Rheinland Backbone # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen @@ -33,7 +37,7 @@ auto gre-bb-a.ak.ber iface gre-bb-a.ak.ber inet static address 100.64.6.25 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.195.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 163.172.194.197 remote 185.66.195.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -50,7 +54,7 @@ auto gre-bb-b.ak.ber iface gre-bb-b.ak.ber inet static address 100.64.6.31 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.195.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 163.172.194.197 remote 185.66.195.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -68,7 +72,7 @@ auto gre-bb-a.ix.dus iface gre-bb-a.ix.dus inet static address 100.64.6.29 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.193.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 163.172.194.197 remote 185.66.193.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -86,7 +90,7 @@ auto gre-bb-b.ix.dus iface gre-bb-b.ix.dus inet static address 100.64.6.35 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.193.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 163.172.194.197 remote 185.66.193.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -103,7 +107,7 @@ auto gre-bb-a.fra3.f iface gre-bb-a.fra3.f inet static address 100.64.6.27 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.194.0 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 163.172.194.197 remote 185.66.194.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 @@ -121,7 +125,7 @@ auto gre-bb-b.fra3.f iface gre-bb-b.fra3.f inet static address 100.64.6.33 netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.194.1 ttl 255 + pre-up ip tunnel add $IFACE mode gre local 163.172.194.197 remote 185.66.194.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 diff --git a/files/keepalive.exit.sh.j2 b/files/keepalive.exit.sh.j2 index ebd7049..bf54618 100644 --- a/files/keepalive.exit.sh.j2 +++ b/files/keepalive.exit.sh.j2 @@ -6,79 +6,82 @@ while [ true ] ; do iam=$(/bin/hostname) day=$(date +%d) BATCTL=/usr/local/sbin/batctl - active_SN=$iam #### Settings #### # Names of the 2 Supernodes # - loadbalance=$(cat /etc/supernode-status/loadbalancing.mode) - if [ $iam = "troisdorf5" ]; then + if [ $iam = "troisdorf4" ]; then + my_SN_IP=185.66.193.104 + other_SN_IP=185.66.193.105 + other_SN_DNS=5.fftdf.de + meship=10.188.0.4 + SN1=troisdorf4 + SN2=troisdorf5 + slack="/usr/local/bin/slacktee.sh -u troisdorf4" + elif [ $iam = "troisdorf5" ]; then my_SN_IP=185.66.193.105 other_SN_IP=185.66.193.106 - meship=10.188.255.5 + other_SN_DNS=6.fftdf.de + meship=10.188.32.5 SN1=troisdorf5 SN2=troisdorf6 + slack="/usr/local/bin/slacktee.sh -u troisdorf5" elif [ $iam = "troisdorf6" ]; then my_SN_IP=185.66.193.106 - other_SN_IP=185.66.193.105 - meship=10.188.255.6 - SN1=troisdorf5 - SN2=troisdorf6 - elif [ $iam = "troisdorf1" ]; then - my_SN_IP=185.66.193.101 - other_SN_IP=185.66.193.102 - meship=10.188.255.1 - SN1=troisdorf1 - SN2=troisdorf2 - elif [ $iam = "troisdorf2" ]; then - my_SN_IP=185.66.193.102 - other_SN_IP=185.66.193.101 - meship=10.188.255.2 - SN1=troisdorf1 - SN2=troisdorf2 + other_SN_IP=185.66.193.104 + other_SN_DNS=4.fftdf.de + meship=10.188.64.6 + SN1=troisdorf6 + SN2=troisdorf4 + slack="/usr/local/bin/slacktee.sh -u troisdorf6" + elif [ $iam = "troisdorf7" ]; then + my_SN_IP=185.66.193.107 + other_SN_IP=185.66.193.104 + other_SN_DNS=4.fftdf.de + meship=10.188.92.7 + SN1=troisdorf7 + SN2=troisdorf4 + slack="/usr/local/bin/slacktee.sh -u troisdorf7" fi - if [ $loadbalance = "1" ] && [ $mode != "0" ]; then - if [ $day -gt 15 ]; then - active_SN=$SN1 - else - active_SN=$SN2 - fi - fi - - ################## # functions # # Supernode off # supernode_off () { - $BATCTL gw off + /usr/local/sbin/batctl gw off /usr/sbin/service bird6 stop /usr/sbin/service bird stop /usr/sbin/service tunneldigger stop + /usr/sbin/service tunneldigger-backup stop /usr/sbin/service radvd stop /usr/sbin/service isc-dhcp-server stop - if [ $loadbalance == 1 ] && [ $mode != 0 ]; then - echo 3 > /etc/supernode-status/supernode.status - else - echo 0 > /etc/supernode-status/supernode.status - fi + echo 0 > /etc/supernode-status/supernode.status echo "collectd.gateways.$iam.sn-status $online `date +%s`" | nc -q 0 10.188.1.27 2003 } # Supernode on # supernode_on () { - $BATCTL gw server 100Mbit/100Mbit + /usr/local/sbin/batctl gw server 100Mbit/100Mbit /usr/sbin/service bird6 start /usr/sbin/service bird start /usr/sbin/service tunneldigger start + /usr/sbin/service tunneldigger-backup stop /usr/sbin/service radvd start /usr/sbin/service isc-dhcp-server start - if [ $loadbalance == 1 ]; then - echo 1 > /etc/supernode-status/supernode.status - else - echo 2 > /etc/supernode-status/supernode.status - fi + echo 1 > /etc/supernode-status/supernode.status + echo "collectd.gateways.$iam.sn-status $online `date +%s`" | nc -q 0 10.188.1.27 2003 + } +# Supernode Backup Mode + supernode_backup () { + /usr/local/sbin/batctl gw server 100Mbit/100Mbit + /usr/sbin/service bird6 start + /usr/sbin/service bird start + /usr/sbin/service tunneldigger start + /usr/sbin/service tunneldigger-backup start + /usr/sbin/service radvd start + /usr/sbin/service isc-dhcp-server start + echo 2 > /etc/supernode-status/supernode.status echo "collectd.gateways.$iam.sn-status $online `date +%s`" | nc -q 0 10.188.1.27 2003 } # Restart Services # supernode_fail () { - $BATCTL gw off + /usr/local/sbin/batctl gw off /usr/sbin/service bird6 restart /usr/sbin/service bird restart /usr/sbin/service tunneldigger restart @@ -88,35 +91,33 @@ while [ true ] ; do echo "collectd.gateways.$iam.sn-status $online `date +%s`" | nc -q 0 10.188.1.27 2003 } #Check other Supernode - if [ $iam != $active_SN ]; - then - ping -q -c5 $other_SN_IP -I eth0 > /dev/null - if [ $? -eq 0 ] - then - if [ $online ==1 ] || [ $online = 2 ]; then - curl -X POST --data-urlencode 'payload={"text": "Aktiver Supernode wieder online. Ich habe mich wieder ausgeschaltet", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":white_check_mark:"}' https://hooks.slack.com/services/{{ slack_token }} - fi - supernode_off - else - supernode_on - curl -X POST --data-urlencode 'payload={"text": "Aktiver Supernode offline. Ich habe mich eingeschaltet", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":warning:"}' https://hooks.slack.com/services/{{ slack_token }} - sleep 300 - fi - else -# Check this Supernode - if [ $mode != "0" ]; then - ping -q -c5 $my_SN_IP -I eth0 > /dev/null - if [ $? -eq 0 ] - then - if [ $online = 0 ] || [ $online = 3 ]; then - curl -X POST --data-urlencode 'payload={"text": "Ich bin jetzt Supernode!", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":white_check_mark:"}' https://hooks.slack.com/services/{{ slack_token }} - fi - supernode_on + if [ $mode != "0" ]; then + if [ $mode = "1" ]; then + /bin/nc -zvu $other_SN_DNS 53842 + if [ $? -eq 0 ]; then + if [ $online = 2 ]; then + echo "Supernode wieder online. Backup Modus abgeschaltet" | $slack + supernode_on + fi else - supernode_fail - curl -X POST --data-urlencode 'payload={"text": "Ich konnte mich selbst nicht anpingen. Ich versuche mal die Services neu zu starten", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":warning:"}' https://hooks.slack.com/services/{{ slack_token }} + supernode_backup + echo "Supernode offline. Backup modus eingeschaltet" | $slack fi fi +# Check this Supernode + /bin/ping -q -c5 $my_SN_IP -I eth0 > /dev/null + if [ $? -eq 0 ]; then + if [ $online = 0 ]; then + echo "Ich bin jetzt Supernode!" | $slack + elif [ $mode = 1 ]; then + supernode_on + elif [ $mode = 2 ]; then + supernode_backup + fi + else + supernode_fail + echo "Ich konnte mich selbst nicht anpingen. Ich versuche mal die Services neu zu starten" | $slack + fi fi # Supernode off if [ $mode = "0" ]; then @@ -127,17 +128,20 @@ while [ true ] ; do do x=`pidof $service`; if [ "$x" = "" ]; then - echo "collectd.gateways.$iam.$service 0 `date +%s`" | nc -q 0 10.188.1.27 2003 - echo 0 > /etc/supernode-status/"$service".status + echo "collectd.gateways.$iam.$service 0 `date +%s`" | nc -q 0 10.188.1.27 2003 + echo 0 > /etc/supernode-status/"$service".status else - echo "collectd.gateways.$iam.$service 1 `date +%s`" | nc -q 0 10.188.1.27 2003 - echo 1 > /etc/supernode-status/"$service".status + echo "collectd.gateways.$iam.$service 1 `date +%s`" | nc -q 0 10.188.1.27 2003 + echo 1 > /etc/supernode-status/"$service".status fi done # Check DNS Server - host google.de $meship + /usr/bin/host google.de $meship if [ "$?" != "0" ]; then service bind9 restart + if [ $mode != "0" ]; then + echo "DNS Server läuft nicht! Versuche neu zu starten!" | $slack + fi fi #Check Tunneldigger Connections if ! [ -d /opt/freifunk/tunneldigger_interfaces ]; then diff --git a/files/l2tp_backbone.sh.exit.j2 b/files/l2tp_backbone.sh.exit.j2 index 28e4b2a..b304e52 100644 --- a/files/l2tp_backbone.sh.exit.j2 +++ b/files/l2tp_backbone.sh.exit.j2 @@ -1,55 +1,41 @@ #!/bin/sh -# Version 6 -# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!! -communityname="troisdorf" -server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9" -#server="troisdorf7 {{ sn_hostname }}" -domain="freifunk-troisdorf.de" -mtu={{ sn_mtu }} -# community MAC address, without the last Byte (:)! -communitymacaddress="a2:8c:ae:6f:f6" -tunnelPrefix=10 -sessionPrefix=1 -# Netzwerkteil des Netzes, ohne abschliessenden Punkt -communitynetwork="10.188" -# IPv6 network -#communitynetworkv6="fda0:747e:ab29:7405:255::" -communitynetworkv6="2a03:2260:121::" -# Drittes Octet des serverbereichs -octet3rd="255" -# CIDR muss /16 sein -localserver=$(/bin/hostname) -batadv=/usr/local/sbin/batadv-vis +# Version 9 +sleep 60 batctl=/usr/local/sbin/batctl ip=/sbin/ip -dig=/usr/bin/dig +communitymacaddress="a2:8c:ae:6f:f6" +localserver=$(/bin/hostname) +communityname=troisdorf -for i in $server; do -( - for j in $server; do - if [ $i != $j ]; then - if [ $i = $localserver ]; then - ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname} - ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname} - #ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j - ip link set dev l2tp-$j mtu $mtu - ip link set up l2tp-$j - $batctl if add l2tp-$j - fi - fi - done -) -done +# L2tp to Map +$ip l2tp add tunnel remote 138.201.70.103 local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id {{ sn_number }}0 peer_tunnel_id 0{{ sn_number }} encap udp udp_sport 300{{ sn_number }}0 udp_dport 3000{{ sn_number }} +$ip l2tp add session name l2tp-map tunnel_id {{ sn_number }}0 session_id 1{{ sn_number }}0 peer_session_id 2{{ sn_number }}0 +$ip link set dev l2tp-map mtu 1312 +$ip link set up l2tp-map +$batctl if add l2tp-map -# Rest starten +# Rest Starten $ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 $ip link set up dev bat0 -$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 -$ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 dev bat0 -$ip route add {{ snx_ffrl_IPv4 }}/32 via {{ snx_mesh_IPv4 }} table 42 -$ip route add {{ snx_ffrl_IPv4 }}/32 via {{ snx_mesh_IPv4 }} +$ip addr add {{ sn_mesh_IPv4 }}/19 broadcast {{ sn_mesh_IPv4_brcast }} dev bat0 +$ip -6 addr add {{ sn_mesh_IPv6 }}/64 dev bat0 +$ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }} table 42 +$ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }} + +$ip -6 route add 2a03:2260:121:4000::/52 via {{ sn_mesh_IPv6_xfer }} table 42 +$ip -6 route add 2a03:2260:121:5000::/52 via {{ sn_mesh_IPv6_xfer }} table 42 +$ip -6 route add 2a03:2260:121:6000::/52 via {{ sn_mesh_IPv6_xfer }} table 42 +$ip -6 route add 2a03:2260:121:7000::/52 via {{ sn_mesh_IPv6_xfer }} table 42 /usr/bin/killall batadv-vis /bin/sleep 15 $batadv -i bat0 -s > /dev/null 2>&1 & +/bin/sleep 15 +/usr/sbin/service tunneldigger restart +/usr/sbin/service bind9 restart +/usr/sbin/service bird restart +/usr/sbin/service bird6 restart +/usr/sbin/service isc-dhcp-server restart +/usr/sbin/service radvd restart +$batctl gw server 100Mbit/100Mbit diff --git a/files/l2tp_broker-backup.cfg b/files/l2tp_broker-backup.cfg new file mode 100644 index 0000000..debcd1d --- /dev/null +++ b/files/l2tp_broker-backup.cfg @@ -0,0 +1,51 @@ +[broker] +; IP address the broker will listen and accept tunnels on +address={{ ansible_default_ipv4.address }} +; Ports where the broker will listen on +port={{ sn_l2tp_tb_backup_port }} +; Interface with that IP address +interface=eth0 +; Maximum number of cached cookies, required for establishing a +; session with the broker +max_cookies=1024 +; Maximum number of tunnels that will be allowed by the broker +max_tunnels=150 +; Tunnel port base +port_base=25000 +; Tunnel id base +tunnel_id_base=500 +; Tunnel timeout interval in seconds +tunnel_timeout=60 +; Should PMTU discovery be enabled +pmtu_discovery=false +; Namespace (for running multiple brokers); note that you must also +; configure disjunct ports, and tunnel identifiers in order for +; namespacing to work +namespace=backup + +[log] +; Log filename +filename=/var/log/tunneldigger-broker-backup.log +; Verbosity +verbosity=DEBUG +; Should IP addresses be logged or not +log_ip_addresses=false + +[hooks] +; Arguments to the session.{up,pre-down,down} hooks are as follows: +; +; +; +; Arguments to the session.mtu-changed hook are as follows: +; +; +; + +; Called after the tunnel interface goes up +session.up=/srv/tunneldigger/bataddif.sh +; Called just before the tunnel interface goes down +session.pre-down=/srv/tunneldigger/batdelif.sh +; Called after the tunnel interface goes down +session.down= +; Called after the tunnel MTU gets changed because of PMTU discovery +session.mtu-changed= diff --git a/files/l2tp_broker.cfg.j2 b/files/l2tp_broker.cfg similarity index 100% rename from files/l2tp_broker.cfg.j2 rename to files/l2tp_broker.cfg diff --git a/files/named.conf.fftdf b/files/named.conf.fftdf deleted file mode 100644 index 0807a3e..0000000 --- a/files/named.conf.fftdf +++ /dev/null @@ -1,6 +0,0 @@ -zone "fftdf" { - type slave; - masters { 10.188.1.100; }; - file "/var/lib/bind/db.fftdf"; -}; - diff --git a/files/named.conf.local b/files/named.conf.local new file mode 100644 index 0000000..db75b20 --- /dev/null +++ b/files/named.conf.local @@ -0,0 +1,10 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + +// Include Freifunk Troisdorf (fftdf) zones +include "/etc/bind/fftdf/fftdf.conf"; \ No newline at end of file diff --git a/files/radvd.conf.j2 b/files/radvd.conf.j2 index 6951b8e..10737a0 100644 --- a/files/radvd.conf.j2 +++ b/files/radvd.conf.j2 @@ -3,8 +3,7 @@ interface bat0 { IgnoreIfMissing on; MaxRtrAdvInterval 200; RDNSS {{ sn_mesh_IPv6 }} {}; -# prefix fda0:747e:ab29:7405::/64 { - prefix 2a03:2260:121::/64 { + prefix {{ sn_mesh_IPv6_net }} { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; diff --git a/files/slacktee.conf b/files/slacktee.conf new file mode 100644 index 0000000..375e2ac --- /dev/null +++ b/files/slacktee.conf @@ -0,0 +1,13 @@ +# ---------- +# Configuration +# Describes the Incoming Webhook allowing you to post messages into Slack. +# After the configuration, copy this file to /etc or your home directory. +# NOTE : Please rename this file to '.slacktee', if you'd like to place this in your home directory. +# ---------- +webhook_url="https://hooks.slack.com/services/{{ slack_token }}" # Incoming Webhooks integration URL. See https://my.slack.com/services/new/incoming-webhook +upload_token="" # The user's API authentication token, only used for file uploads. See https://api.slack.com/#auth +channel="technik" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'. +tmp_dir="/tmp" # Temporary file is created in this directory. +username="slacktee" # Default username to post messages. +icon="ghost" # Default emoji or a direct url to an image to post messages. You don't have to wrap emoji with ':'. See http://www.emoji-cheat-sheet.com. +attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used. diff --git a/files/slacktee.conf.j2 b/files/slacktee.conf.j2 new file mode 100644 index 0000000..375e2ac --- /dev/null +++ b/files/slacktee.conf.j2 @@ -0,0 +1,13 @@ +# ---------- +# Configuration +# Describes the Incoming Webhook allowing you to post messages into Slack. +# After the configuration, copy this file to /etc or your home directory. +# NOTE : Please rename this file to '.slacktee', if you'd like to place this in your home directory. +# ---------- +webhook_url="https://hooks.slack.com/services/{{ slack_token }}" # Incoming Webhooks integration URL. See https://my.slack.com/services/new/incoming-webhook +upload_token="" # The user's API authentication token, only used for file uploads. See https://api.slack.com/#auth +channel="technik" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'. +tmp_dir="/tmp" # Temporary file is created in this directory. +username="slacktee" # Default username to post messages. +icon="ghost" # Default emoji or a direct url to an image to post messages. You don't have to wrap emoji with ':'. See http://www.emoji-cheat-sheet.com. +attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used. diff --git a/files/slacktee.sh b/files/slacktee.sh new file mode 100644 index 0000000..bb71a90 --- /dev/null +++ b/files/slacktee.sh @@ -0,0 +1,605 @@ +#!/usr/bin/env bash + +# ---------- +# Default Configuration +# ---------- +webhook_url="" # Incoming Webhooks integration URL +upload_token="" # The user's API authentication token, only used for file uploads +channel="general" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'. +tmp_dir="/tmp" # Temporary file is created in this directory. +username="slacktee" # Default username to post messages. +icon="ghost" # Default emoji to post messages. Don't wrap it with ':'. See http://www.emoji-cheat-sheet.com; can be a url too. +attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used. + +# ---------- +# Initialization +# ---------- +me=$(basename "$0") +title="" +mode="buffering" +link="" +textWrapper="\`\`\`" +parseMode="" +fields=() +# Since bash 3 doesn't support the associative array, we store colors and patterns separately +cond_color_colors=() +cond_color_patterns=() +found_pattern_color="" +# This color is used when 'attachment' is used without color specification +internal_default_color="#C0C0C0" + +# Since bash 3 doesn't support the associative array, we store prefixes and patterns separately +cond_prefix_prefixes=() +cond_prefix_patterns=() +found_title_prefix="" + +function show_help() +{ + echo "usage: $me [options]" + echo " options:" + echo " -h, --help Show this help." + echo " -n, --no-buffering Post input values without buffering." + echo " -f, --file Post input values as a file." + echo " -l, --link Add a URL link to the message." + echo " -c, --channel channel_name Post input values to specified channel or user." + echo " -u, --username user_name This username is used for posting." + echo " -i, --icon emoji_name|url This icon is used for posting. You can use a word" + echo " from http://www.emoji-cheat-sheet.com or a direct url to an image." + echo " -t, --title title_string This title is added to posts." + echo " -m, --message-formatting format Switch message formatting (none|link_names|full)." + echo " See https://api.slack.com/docs/formatting for more details." + echo " -p, --plain-text Don't surround the post with triple backticks." + echo " -a, --attachment [color] Use attachment (richly-formatted message)" + echo " Color can be 'good','warning','danger' or any hex color code (eg. #439FE0)" + echo " See https://api.slack.com/docs/attachments for more details." + echo " -e, --field title value Add a field to the attachment. You can specify this multiple times." + echo " -s, --short-field title value Add a short field to the attachment. You can specify this multiple times." + echo " -o, --cond-color color pattern Change the attachment color if the specified Regex pattern matches the input." + echo " You can specify this multile times." + echo " If more than one pattern matches, the latest matched pattern is used." + echo " -d, --cond-prefix prefix pattern This prefix is added to the message, if the specified Regex pattern matches the input." + echo " You can specify this multile times." + echo " If more than one pattern matches, the latest matched pattern is used." + echo " --config config_file Specify the location of the config file." + echo " --setup Setup slacktee interactively." +} + + + +function send_message() +{ + message="$1" + + # Prepend the prefix to the message, if it's set + if [[ -z $attachment && -n $found_pattern_prefix ]]; then + message="$found_pattern_prefix$message" + # Clear conditional prefix for the nest send + found_pattern_prefix="" + fi + + escaped_message=$(echo "$textWrapper\n$message\n$textWrapper" | sed 's/"/\\"/g' | sed "s/'/\\'/g" ) + message_attr="" + if [[ $message != "" ]]; then + if [[ -n $attachment ]]; then + + # Set message color + message_color="$attachment" + if [[ -n $found_pattern_color ]]; then + message_color="$found_pattern_color" + # Reset with the default color for the next send + found_pattern_color="$attachment" + fi + + message_attr="\"attachments\": [{ \"color\": \"$message_color\", \"mrkdwn_in\": [\"text\", \"fields\"], \"text\": \"$escaped_message\" " + + if [[ -n $found_pattern_prefix ]]; then + title="$found_pattern_prefix $title" + # Clear conditional prefix for the nest send + found_pattern_prefix="" + fi + + if [[ -n $title ]]; then + message_attr="$message_attr, \"title\": \"$title\" " + fi + + if [[ -n $link ]]; then + message_attr="$message_attr, \"title_link\": \"$link\" " + fi + + if [[ $mode == "file" ]]; then + fields+=("{\"title\": \"Access URL\", \"value\": \"$access_url\" }") + fields+=("{\"title\": \"Download URL\", \"value\": \"$download_url\"}") + fi + + if [[ ${#fields[@]} != 0 ]]; then + message_attr="$message_attr, \"fields\": [" + for field in "${fields[@]}"; do + message_attr="$message_attr $field," + done + message_attr=${message_attr%?} # Remove last comma + message_attr="$message_attr ]" + fi + + # Close attachment + message_attr="$message_attr }], " + else + message_attr="\"text\": \"$escaped_message\"," + fi + + icon_url="" + icon_emoji="" + if echo "$icon" | grep -q "^https\?://.*"; then + icon_url="$icon" + else + icon_emoji=":$icon:" + fi + + json="{\"channel\": \"$channel\", \"username\": \"$username\", $message_attr \"icon_emoji\": \"$icon_emoji\", \"icon_url\": \"$icon_url\" $parseMode}" + post_result=$(curl -X POST --data-urlencode "payload=$json" "$webhook_url" 2> /dev/null) + exit_code=1 + if [[ $post_result == "ok" ]]; then + exit_code=0 + fi + fi +} + +function process_line() +{ + echo "$1" + line="$(echo "$1" | sed $'s/\t/ /g')" + + # Check the patterns of the conditional colors + # If more than one pattern matches, the latest pattern is used + if [[ ${#cond_color_patterns[@]} != 0 ]]; then + for i in "${!cond_color_patterns[@]}"; do + if [[ $line =~ ${cond_color_patterns[$i]} ]]; then + found_pattern_color=${cond_color_colors[$i]} + fi + done + fi + + # Check the patterns of the conditional titles + # If more than one pattern matches, the latest pattern is used + if [[ ${#cond_prefix_patterns[@]} != 0 ]]; then + for i in "${!cond_prefix_patterns[@]}"; do + if [[ $line =~ ${cond_prefix_patterns[$i]} ]]; then + found_pattern_prefix=${cond_prefix_prefixes[$i]} + if [[ -n $attachment || $mode != "no-buffering" ]]; then + # Append a line break to the prefix for better formatting + found_pattern_prefix="$found_pattern_prefix\n" + else + # Append a space to the prefix for better formatting + found_pattern_prefix="$found_pattern_prefix " + fi + fi + done + fi + + if [[ $mode == "no-buffering" ]]; then + prefix='' + if [[ -z $attachment ]]; then + prefix=$title + fi + send_message "$prefix$line" + elif [[ $mode == "file" ]]; then + echo "$line" >> "$filename" + else + if [[ -z "$text" ]]; then + text="$line" + else + text="$text\n$line" + fi + fi +} + +function setup() +{ + if [[ -z "$HOME" ]]; then + echo "\$HOME is not defined. Please set it first." + exit 1 + fi + + local_conf="$HOME/.slacktee" + + if [[ -e "$local_conf" ]]; then + echo ".slacktee is found in your home directory." + read -p "Are you sure to overwrite it? [y/n] :" choice + case "$choice" in + y|Y ) + # Continue + ;; + * ) + exit 0 # Abort + ;; + esac + fi + + # Load current local config + . $local_conf + + # Start setup + read -p "Incoming Webhook URL [$webhook_url]: " input_webhook_url + if [[ -z "$input_webhook_url" ]]; then + input_webhook_url=$webhook_url + fi + read -p "Upload Token [$upload_token]: " input_upload_token + if [[ -z "$input_upload_token" ]]; then + input_upload_token=$upload_token + fi + read -p "Temporary Directory [$tmp_dir]: " input_tmp_dir + if [[ -z "$input_tmp_dir" ]]; then + input_tmp_dir=$tmp_dir + fi + read -p "Default Channel [$channel]: " input_channel + if [[ -z "$input_channel" ]]; then + input_channel=$channel + fi + read -p "Default Username [$username]: " input_username + if [[ -z "$input_username" ]]; then + input_username=$username + fi + read -p "Default Icon: [$icon]: " input_icon + if [[ -z "$input_icon" ]]; then + input_icon=$icon + fi + read -p "Default color of the attachment. (empty string disables attachment) [$attachment]: " input_attachment + if [[ -z "$input_attachment" ]]; then + input_attachment=$attachment + elif [[ $input_attachment == '""' || $input_attachment == "''" ]]; then + input_attachment="" + fi + + cat <<- EOF | sed 's/^[[:space:]]*//' > "$local_conf" + webhook_url="$input_webhook_url" + upload_token="$input_upload_token" + tmp_dir="$input_tmp_dir" + channel="$input_channel" + username="$input_username" + icon="$input_icon" + attachment="$input_attachment" + EOF +} + +# ---------- +# Parse command line options +# ---------- +OPTIND=1 + +while [[ $# -gt 0 ]]; do + opt="$1" + shift + + case "$opt" in + -h|\?|--help) + show_help + exit 0 + ;; + -n|--no-buffering) + mode="no-buffering" + ;; + -f|--file) + mode="file" + ;; + -l|--link) + link="$1" + shift + ;; + -c|--channel) + opt_channel="$1" + shift + ;; + -u|--username) + opt_username="$1" + shift + ;; + -i|--icon) + opt_icon="$1" + shift + ;; + -t|--title) + title="$1" + shift + ;; + -d|--cond-prefix) + case "$1" in + -*|'') + # Found next command line option or empty. Error. + echo "a prefix of the conditional title was not specified" + show_help + exit 1 + ;; + *) + # Prefix should be found + case "$2" in + -*|'') + # Found next command line option or empty. Error. + echo "a pattern of the conditional title was not specified" + show_help + exit 1 + ;; + *) + # Set the prefix and the pattern to arrays + cond_prefix_prefixes+=("$1") + cond_prefix_patterns+=("$2") + shift + shift + ;; + esac + ;; + esac + ;; + -m|--message-formatting) + case "$1" in + none) + parseMode=', "parse": "none"' + ;; + link_names) + parseMode=', "link_names": "1"' + ;; + full) + parseMode=', "parse": "full"' + ;; + *) + echo "unknown message formatting option" + show_help + exit 1 + ;; + esac + shift + ;; + -p|--plain-text) + textWrapper="" + ;; + + -a|--attachment) + case "$1" in + -*|'') + # Found next command line option + opt_attachment="$internal_default_color" # Use default color + ;; + \#*|good|warning|danger) + # Found hex color code or predefined colors + opt_attachment="$1" + shift + ;; + *) + echo "unknown attachment color" + show_help + exit 1 + ;; + esac + ;; + -o|--cond-color) + case "$1" in + -*|'') + # Found next command line option or empty. Error. + echo "a color of the conditional color was not specified" + show_help + exit 1 + ;; + \#*|good|warning|danger) + # Found hex color code or predefined colors + case "$2" in + -*|'') + # Found next command line option or empty. Error. + echo "a pattern of the conditional color was not specified" + show_help + exit 1 + ;; + *) + # Set the color and the pattern to arrays + cond_color_colors+=("$1") + cond_color_patterns+=("$2") + shift + shift + ;; + esac + ;; + *) + echo "unknown attachment color $1" + show_help + exit 1 + ;; + esac + ;; + -e|-s|--field|--short-field) + case "$1" in + -*|'') + # Found next command line option or empty. Error. + echo "field title was not specified" + show_help + exit 1 + ;; + *) + case "$2" in + -*|'') + # Found next command line option or empty. Error. + echo "field value was not specified" + show_help + exit 1 + ;; + *) + if [[ $opt == "-s" || $opt == "--short-field" ]]; then + fields+=("{\"title\": \"$1\", \"value\": \"$2\", \"short\": true}") + else + fields+=("{\"title\": \"$1\", \"value\": \"$2\"}") + fi + shift + shift + ;; + esac + esac + ;; + --config) + CUSTOM_CONFIG=$1 + shift + ;; + --setup) + setup + exit 1 + ;; + *) + echo "illegal option $opt" + show_help + exit 1 + ;; + esac +done + +# --------- +# Read in our configurations +# --------- +if [[ -e "/etc/slacktee.conf" ]]; then + . /etc/slacktee.conf +fi + +if [[ -n "$HOME" && -e "$HOME/.slacktee" ]]; then + . "$HOME/.slacktee" +fi + +if [[ -e "$CUSTOM_CONFIG" ]]; then + . $CUSTOM_CONFIG +fi + +# Overwrite webhook_url if the environment variable SLACKTEE_WEBHOOK is set +if [[ "$SLACKTEE_WEBHOOK" != "" ]]; then + webhook_url="$SLACKTEE_WEBHOOK" +fi + +# Overwrite upload_token if the environment variable SLACKTEE_TOKEN is set +if [[ "$SLACKTEE_TOKEN" != "" ]]; then + upload_token="$SLACKTEE_TOKEN" +fi + +# Overwrite channel if it's specified in the command line option +if [[ "$opt_channel" != "" ]]; then + channel="$opt_channel" +fi + +# Overwrite username if it's specified in the command line option +if [[ "$opt_username" != "" ]]; then + username="$opt_username" +fi + +# Overwrite icon if it's specified in the command line option +if [[ "$opt_icon" != "" ]]; then + icon="$opt_icon" +fi + +# Overwrite attachment if it's specified in the command line option +if [[ "$opt_attachment" != "" ]]; then + attachment="$opt_attachment" +fi + +# Set the default color to attachment if it's still empty and the length of the cond_color_patterns is not 0 +if [[ -z $attachment ]] && [[ ${#cond_color_patterns[@]} != 0 ]]; then + attachment="$internal_default_color" +fi + +# ---------- +# Validate configurations +# ---------- + +if [[ $webhook_url == "" ]]; then + echo "Please setup the webhook url of this incoming webhook integration." + exit 1 +fi + +if [[ $upload_token == "" && $mode == "file" ]]; then + echo "Please provide the authentication token for file uploads." + exit 1 +fi + +if [[ $channel == "" ]]; then + echo "Please specify a channel." + exit 1 +elif [[ ( "$channel" != "#"* ) && ( "$channel" != "@"* ) ]]; then + channel="#$channel" +fi + +if [[ -n "$icon" ]]; then + icon=${icon#:} # remove leading ':' + icon=${icon%:} # remove trailing ':' +fi + +# ---------- +# Start script +# ---------- + +text="" +if [[ -n "$title" || -n "$link" ]]; then + # Use link as title, if title is not specified + if [[ -z "$title" ]]; then + title="$link" + fi + + # Add title to filename in the file mode + if [[ "$mode" == "file" ]]; then + filetitle=$(echo "$title"|sed 's/[ /:.]//g') + filetitle="$filetitle-" + fi + + if [[ -z "$attachment" ]]; then + if [[ "$mode" == "no-buffering" ]]; then + if [[ -n "$link" ]]; then + title="<$link|$title>: " + else + title="$title: " + fi + elif [[ "$mode" == "file" ]]; then + if [[ -n "$link" ]]; then + title="<$link|$title>" + fi + else + if [[ -n "$link" ]]; then + text="-- <$link|$title> --\n" + else + text="-- $title --\n" + fi + fi + fi +fi + +timestamp="$(date +'%m%d%Y-%H%M%S')" +filename="$tmp_dir/$filetitle$$-$timestamp.log" + +if [[ "$mode" == "file" ]]; then + touch $filename +fi + +exit_code=0 + +while IFS='' read line; do + process_line "$line" +done +if [[ -n $line ]]; then + process_line "$line" +fi + +if [[ "$mode" == "buffering" ]]; then + send_message "$text" +elif [[ "$mode" == "file" ]]; then + if [[ -s "$filename" ]]; then + channels_param="" + if [[ ( "$channel" == "#"* ) ]]; then + # Set channels for making the file public + channels_param="-F channels=$channel" + fi + result="$(curl -F file=@"$filename" -F token="$upload_token" $channels_param https://slack.com/api/files.upload 2> /dev/null)" + access_url="$(echo "$result" | awk 'match($0, /url_private":"([^"]*)"/) {print substr($0, RSTART+14, RLENGTH-15)}'|sed 's/\\//g')" + download_url="$(echo "$result" | awk 'match($0, /url_private_download":"([^"]*)"/) {print substr($0, RSTART+23, RLENGTH-24)}'|sed 's/\\//g')" + if [[ -n "$attachment" ]]; then + text="Input file has been uploaded" + else + if [[ "$title" != "" ]]; then + title=" of $title" + fi + text="Input file$title has been uploaded.\n$access_url\n\nYou can download it from the link below.\n$download_url" + fi + send_message "$text" + fi + # Clean up the temp file + rm "$filename" +fi + +exit $exit_code \ No newline at end of file diff --git a/files/sn_startup.exit.sh.j2 b/files/sn_startup.exit.sh.j2 index 9c44143..51ce325 100644 --- a/files/sn_startup.exit.sh.j2 +++ b/files/sn_startup.exit.sh.j2 @@ -19,11 +19,11 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", # Set mark 4 to Freifunk traffic /sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 -/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4 +/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4 # All from FF IPv4 via routing table 42 /bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42 -/bin/ip -6 rule add from 2a03:2260:121::/64 lookup 42 +/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42 # Allow MAC address spoofing /sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 diff --git a/files/start-broker-backup.sh b/files/start-broker-backup.sh new file mode 100644 index 0000000..8f05c33 --- /dev/null +++ b/files/start-broker-backup.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +WDIR=/srv/tunneldigger +VIRTUALENV_DIR=/srv/tunneldigger + +cd $WDIR +source $VIRTUALENV_DIR/bin/activate + +bin/python broker/l2tp_broker.py l2tp_broker-backup.cfg diff --git a/files/supernode b/files/supernode index 43f0413..3f01968 100644 --- a/files/supernode +++ b/files/supernode @@ -1,50 +1,61 @@ #!/bin/bash help () { echo "Supernode Settings:" -echo "status | off | on | auto" +echo "status | off | on | backup | backup_off" } status () { supernode_status=$(/bin/cat /etc/supernode-status/supernode.status) supernode_mode=$(/bin/cat /etc/supernode-status/supernode.mode) - loadbalancing=$(cat /etc/supernode-status/loadbalancing.mode) - echo "Supernode Status: (Ist-Zustand)" + echo -e "\nSupernode Status: (Ist-Zustand)" if [ $supernode_status == 0 ]; then - echo "Supernode ist Offline" + echo "Supernode ist Abgeschaltet" elif [ $supernode_status == 1 ]; then - echo "Supernode läuft (Loadbalancing)" + echo "Supernode läuft (Automatik inkl. Backup)" elif [ $supernode_status == 2 ]; then - echo "Supernode läuft (Dauer-Ein)" + echo "Supernode läuft (Backup Netz Aktiv)" elif [ $supernode_status == 3 ]; then - echo "Supernode Offline (Loadbalancing)" + echo "Supernode läuft (Backup deaktiviert)" fi + echo -e "\nSupernode Status: (Soll-Zustand)" + if [ $supernode_mode == 0 ]; then + echo "Supernode ist Abgeschaltet" + elif [ $supernode_mode == 1 ]; then + echo "Supernode läuft (Automatik inkl. Backup)" + elif [ $supernode_mode == 2 ]; then + echo "Supernode läuft (Backup Netz Aktiv)" + elif [ $supernode_mode == 3 ]; then + echo "Supernode läuft (Backup deaktiviert)" + fi + echo -e "\nService Status" for service in bird bird6 dhcpd radvd python named do if [ "$(/bin/cat /etc/supernode-status/$service.status)" = "1" ]; then - echo -e "$service \e[1;4;93mläuft\e[0m" + echo -e "$service läuft" else - echo -e "$service \e[1;4;91mläuft nicht\e[0m" + echo -e "$service aus" fi done } off () { echo 0 > /etc/supernode-status/supernode.mode - echo 0 > /etc/supernode-status/loadbalancing.mode - echo "Supernode Aus" } on () { echo 1 > /etc/supernode-status/supernode.mode - echo 0 > /etc/supernode-status/loadbalancing.mode - echo "Supernode Dauer-An" + echo "Supernode An" } -auto () { - echo 1 > /etc/supernode-status/loadbalancing.mode - echo 1 > /etc/supernode-status/supernode.mode - echo "Supernode Aktiviert inkl. Loadbalance" +backup () { + echo 2 > /etc/supernode-status/supernode.mode + echo "Supernode Aktiviert inkl. Backup" } -$1 + +backup_off () { + echo 3 > /etc/supernode-status/supernode.mode + echo "Supernode Aktiviert (Backup deaktiviert)" +} +$1 \ No newline at end of file diff --git a/files/tunneldigger-backup.service b/files/tunneldigger-backup.service new file mode 100644 index 0000000..afa351b --- /dev/null +++ b/files/tunneldigger-backup.service @@ -0,0 +1,9 @@ +[Unit] +Description = Start tunneldigger L2TPv3 broker +After = network.target + +[Service] +ExecStart = /srv/tunneldigger/start-broker-backup.sh + +[Install] +WantedBy = multi-user.target diff --git a/install.sn.yml b/install.sn.yml index 6f6f94a..30857f5 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v3.0.14 + snversion: master_v3.0.15 batmanversion: v2015.2 common_required_packages: - git @@ -51,11 +51,16 @@ - l2tp_eth tunneldigger_scripts: - start-broker.sh + - start-broker-backup.sh - batdelif.sh tunneldigger_service: - tunneldigger.service - bind_zone_fftdf: - - named.conf.fftdf + - tunneldigger-backup.service + broker_cfg: + - l2tp_broker-backup.cfg + - l2tp_broker.cfg +# bind_zone_fftdf: +# - named.conf.fftdf check_gw_script: - keepalive.sh authorized_keys: @@ -160,7 +165,8 @@ pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/ when: tunneldigger.changed - name: Copy l2tp broker config template - template: src=./files/l2tp_broker.cfg.j2 dest=/srv/tunneldigger/l2tp_broker.cfg owner=root group=root mode=0444 + template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444 + with_items: broker_cfg when: tunneldigger.changed - name: Copy tunneldigger script template template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500 @@ -169,8 +175,8 @@ copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500 with_items: tunneldigger_scripts when: tunneldigger.changed - - name: Copy tunneldigger service file - copy: src=./files/{{ item }} dest=/etc/systemd/system/tunneldigger.service owner=root group=root mode=0444 + - name: Copy tunneldigger service template + copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444 with_items: tunneldigger_service when: tunneldigger.changed - name: Tunneldigger reload @@ -178,6 +184,7 @@ with_items: - systemctl daemon-reload - systemctl enable tunneldigger.service + - systemctl enable tunneldigger-backup.service when: tunneldigger.changed - name: Copy logrotate config copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 @@ -201,9 +208,9 @@ template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500 register: check_gw when: sn_exit is defined - - name: Add cron job with check gateway script - cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root" - when: check_gw.changed +# - name: Add cron job with check gateway script +# cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root" +# when: check_gw.changed - name: Supernode Config script super- and exitnode copy: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500 when: sn_exit is defined @@ -246,13 +253,18 @@ - name: SSH authorized_keys copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 with_items: authorized_keys - - name: Copy secondary zone file - copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644 - with_items: bind_zone_fftdf - name: Bind9, activate fftdf zone - lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present + lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/fftdf/fftdf.conf";' state=present - name: Copy option template template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 + - name: Create fftdf directory + file: path=/etc/bind/fftdf state=directory + - name: Copy FFTDF Zones + copy: src=./files/fftdf/{{ item }} dest=/etc/bind/fftdf/{{ item }} owner=root group=bind mode=644 + with_items: + - fftdf.conf + - name: Copy fftdf Zone config template + template: src=./files/fftdf/db.fftdf.j2 dest=/etc/bind/fftdf/db.fftdf owner=radvd group=root mode=0444 - name: Copy radvd config template template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 - name: Interface configuration with ffrl gre tunnel @@ -272,6 +284,10 @@ get_url: url=https://raw.githubusercontent.com/MightySCollins/speedtest-cli/master/speedtest_cli.py dest=/usr/bin/speedtest-cli - name: Change rights speedtest-cli file: path=/usr/bin/speedtest-cli owner=root group=root mode=0755 + - name: Copy Slacktee Config + template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544 + - name: Copy Slacktee + copy: src=./files/slacktee.sh dest=/usr/local/bin/slacktee.sh owner=root group=root mode=0744 - name: set netfilter rules lineinfile: dest=/etc/sysctl.conf line="{{ item }}" with_items: