Freifunk-Troisdorf/ansible.fftdf.supernode
5
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

removed old ansible

Browse Source
This commit is contained in:
Stefan Hoffmann 2022-05-05 20:02:22 +02:00
parent 79297ad193
commit b59eea9f8a
39 changed files with 0 additions and 3108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -1,12 +0,0 @@
Ansible file to manage Freifunk Troisdorf supernodes
example: ansible-playbook install.sn.yml -l hosts
To install a individual host you have to start it explicit with the target server
example: ansible-playbook install.sn.yml -l hosts -l troisdorf7 -v
The hosts file is the most important file.
You will find some example files:
files/hosts.example
files/root_pwd.yml.example
files/slack_token.yml.example

40
Todo
View File

@ -1,40 +0,0 @@
TODO
1. Statisches Routing über Interconnect Router
==================================================================
# SN 4
# FFTDF Interconnect Routen
ip route add 10.188.32.0/19 via 10.188.0.2 table 42
ip route add 10.188.64.0/19 via 10.188.0.2 table 42
ip route add 10.188.96.0/19 via 10.188.0.2 table 42
ip -6 route add 2a03:2260:121:5000::/64 via 2a03:2260:121:4000::2 table 42
ip -6 route add 2a03:2260:121:6000::/64 via 2a03:2260:121:4000::2 table 42
ip -6 route add 2a03:2260:121:7000::/64 via 2a03:2260:121:4000::2 table 42
# SN 5
# FFTDF Interconnect Routen
ip route add 10.188.0.0/19 via 10.188.32.2 table 42
ip route add 10.188.64.0/19 via 10.188.32.2 table 42
ip route add 10.188.96.0/19 via 10.188.32.2 table 42
ip -6 route add 2a03:2260:121:4000::/64 via 2a03:2260:121:5000::2 table 42
ip -6 route add 2a03:2260:121:6000::/64 via 2a03:2260:121:5000::2 table 42
ip -6 route add 2a03:2260:121:7000::/64 via 2a03:2260:121:5000::2 table 42
# SN 6
# FFTDF Interconnect Routen
ip route add 10.188.0.0/19 via 10.188.64.2 table 42
ip route add 10.188.32.0/19 via 10.188.64.2 table 42
ip route add 10.188.96.0/19 via 10.188.64.2 table 42
ip -6 route add 2a03:2260:121:4000::/64 via 2a03:2260:121:6000::2 table 42
ip -6 route add 2a03:2260:121:5000::/64 via 2a03:2260:121:6000::2 table 42
ip -6 route add 2a03:2260:121:7000::/64 via 2a03:2260:121:6000::2 table 42
# SN 7
# FFTDF Interconnect Routen
ip route add 10.188.0.0/19 via 10.188.96.2 table 42
ip route add 10.188.32.0/19 via 10.188.96.2 table 42
ip route add 10.188.64.0/19 via 10.188.96.2 table 42
ip -6 route add 2a03:2260:121:4000::/64 via 2a03:2260:121:7000::2 table 42
ip -6 route add 2a03:2260:121:5000::/64 via 2a03:2260:121:7000::2 table 42
ip -6 route add 2a03:2260:121:6000::/64 via 2a03:2260:121:7000::2 table 42
==================================================================

7
files/authorized_keys
View File

@ -1,7 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDPUaWm37b93Lqmg1wMj0qvUURBKpWsRiRUzzRAaQrIdhcZjo0Gkw4vv7tpFQCmvWqxUpzH00GDKjLrMvNfcv+5b0Ctl06Bo+e4nb2SVsFhjaP9MLIjHiKpgivIPx9aKwxKx/VjsW920eWOG+VaDKIJTxPGUYedaUgIktvhutAbOyRR/OJlIZ3Qs0cnyT4KTM4pe4br2p3+mNs6J7G+z8Lw99WiUBfUwsRLVO68nJA2PKlJNEUGJycngqV06iQpcDfei88DFRMetN9bhVYxWFIzCQfjjqs8dkomEhfFQwfOTYiOouhaycZABwU4pPmQwZIkp1q4KduodU/KYsf78WitYgavHVInWBQuAUljafwQpTLHy8AI6M3XmbKi5rvNZiy4hoxfaT7rYJGuBoTwsZEHI7Sf26XsyQKJdu29mmIYPpzPKP7VAyjAVLqruLX1Yy0oZuM22YFFj5MHuoEN3WdXOYymvZyOM05xXeQk6gVh3EE6MpbK8CFz1KPNEjd+vce1zUyACDvqdt6ZIjqmUdivBsvHDTqMgH9mSxjjjwLy+Sd7snXx0bqksTdPChAlXN9vs3ez8FJl0P4inzjza8l8zGqaa2A1CsO8dRcyojohczLYoTHWQTB3tVIdcj55UIE= Roman
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsaIe542Vk0/sH0GEEMPhjDHBip0PI6OX/teuTLu/osvdb9Hj7432HUlEsiw8cfkCZBXtkQGlYXRVjiZkRxc8CzDpOkq75ZcqTfhmf/tCejBbgSFfdruViU11cFHIdznOqe3PeFM+8BJzHf2Gwnb5P/Q0RDYQ05Hfr9LhQVw3IXM2VInE+xR0sMj2rNr8g8lYa9X/+boElwqFiJqaRyb61XI0DYIXuxFQkg/E2bxvrtbrYJt9Pv5Mu0HYY2Q+xGqOGwPjxtqIixG9ne4EkiQkshFhfnTegfRMmhuSa0G6+Qqh5e4RPbtCGOW27tqXNUo0zDtcNaoWqUCIDkplTlUsimXT8PO+qiwMpXuVBYiwLat3N97kin8GAXoxYdrYdALopLbbkWx/7e06vqwBmF4tsPMcTRKOEIJgWIAVyxxr999Q5GNWA52m7iTNIWH1ExeTm/FQrbU4QCY6YThqhC3AVTYcUINNVZuFp19tNkNydUDOqPtwG0c+Bi8y15RBPUzQDbTgTR3zayuiOc26MYH4SGoSGNKeQjbJWr8MDsGi+NGMs2crYXirYVziPPXdY+im3fBH3UuRDkfbfvl4gXpDYxEUh/8GYdMLnttk2ifoBtlynEhxyunoKm7Z3V8mTikON70/ko6QkOmei/r/F+V9Se6FFsOTUIufwu6BC9+hBkw== localadmin@ansible
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ== Nils Jakobi

17
files/bataddif.sh.j2
View File

@ -1,17 +0,0 @@
#!/bin/bash
INTERFACE="$3"
MAC="$8"
brctl=/sbin/brctl
BLOCKLISTE=$(/bin/cat /opt/freifunk/tunneldigger-blacklist.txt)
wget -q -O /opt/freifunk/tunneldigger-blacklist.txt https://raw.githubusercontent.com/Freifunk-Troisdorf/tunneldigger-blockliste/master/macs.txt
/bin/ip link set dev $INTERFACE up mtu 1312
for i in $BLOCKLISTE;
do
if [[ $i == $MAC ]]; then
exit 1
fi
done
$brctl addif br-nodes $INTERFACE

4
files/batdelif.sh
View File

@ -1,4 +0,0 @@
#!/bin/bash
INTERFACE="$3"
/sbin/brctl delif br-nodes $INTERFACE

94
files/bird-troisdorf4.conf
View File

@ -1,94 +0,0 @@
/*
* This is an example configuration file.
*/
# Yes, even shell-like comments work...
# Configure logging
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
#log syslog all;
#debug protocols all;
# Override router ID
router id 10.188.255.1;
protocol direct {
interface "*";
};
protocol kernel {
device routes;
import all;
export all;
kernel table 42;
};
protocol device {
scan time 8;
};
function is_default() {
return (net ~ [0.0.0.0/0]);
};
# own network
function is_self_net() {
return (net ~ [ 10.188.0.0/16+ ]);
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ 10.0.0.0/8+,
104.0.0.0/8+
];
}
filter hostroute {
if net ~ 185.66.193.104/32 then accept;
reject;
};
# Uplink über ff Rheinland
template bgp uplink {
local as 65066;
import where is_default();
export filter hostroute;
next hop self;
multihop 64;
default bgp_local_pref 200;
};
protocol bgp ffrl_bb_a_ak_ber from uplink {
source address 100.64.6.13;
neighbor 100.64.6.12 as 201701;
};
protocol bgp ffrl_bb_b_ak_ber from uplink {
source address 100.64.6.19;
neighbor 100.64.6.18 as 201701;
};
protocol bgp ffrl_bb_a_ix_dus from uplink {
source address 100.64.6.17;
neighbor 100.64.6.16 as 201701;
};
protocol bgp ffrl_bb_b_ix_dus from uplink {
source address 100.64.6.23;
neighbor 100.64.6.22 as 201701;
};
protocol bgp ffrl_bb_a_fra3_fra from uplink {
source address 100.64.6.15;
neighbor 100.64.6.14 as 201701;
};
protocol bgp ffrl_bb_b_fra3_fra from uplink {
source address 100.64.6.21;
neighbor 100.64.6.20 as 201701;
};

84
files/bird-troisdorf5.conf
View File

@ -1,84 +0,0 @@
/*
* This is an example configuration file.
*/
# Yes, even shell-like comments work...
# Configure logging
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
#log syslog all;
#debug protocols all;
# Override router ID
router id 10.188.255.5;
protocol direct {
interface "*";
};
protocol kernel {
device routes;
import all;
export all;
kernel table 42;
};
protocol device {
scan time 8;
};
function is_default() {
return (net ~ [0.0.0.0/0]);
};
# own network
function is_self_net() {
return (net ~ [ 10.188.0.0/16+ ]);
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ 10.0.0.0/8+,
104.0.0.0/8+
];
}
filter hostroute {
if net ~ 185.66.193.105/32 then accept;
reject;
};
# Uplink über ff Rheinland
template bgp uplink {
local as 65066;
import where is_default();
export filter hostroute;
next hop self;
multihop 64;
default bgp_local_pref 200;
};
protocol bgp ffrl_bb_a_ak_ber from uplink {
source address 100.64.2.151;
neighbor 100.64.2.150 as 201701;
};
protocol bgp ffrl_bb_b_ak_ber from uplink {
source address 100.64.2.153;
neighbor 100.64.2.152 as 201701;
};
protocol bgp ffrl_bb_a_ix_dus from uplink {
source address 100.64.2.155;
neighbor 100.64.2.154 as 201701;
};
protocol bgp ffrl_bb_b_ix_dus from uplink {
source address 100.64.2.157;
neighbor 100.64.2.156 as 201701;
};

84
files/bird-troisdorf6.conf
View File

@ -1,84 +0,0 @@
/*
* This is an example configuration file.
*/
# Yes, even shell-like comments work...
# Configure logging
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
#log syslog all;
#debug protocols all;
# Override router ID
router id 10.188.255.6;
protocol direct {
interface "*";
};
protocol kernel {
device routes;
import all;
export all;
kernel table 42;
};
protocol device {
scan time 8;
};
function is_default() {
return (net ~ [0.0.0.0/0]);
};
# own network
function is_self_net() {
return (net ~ [ 10.188.0.0/16+ ]);
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ 10.0.0.0/8+,
104.0.0.0/8+
];
}
filter hostroute {
if net ~ 185.66.193.106/32 then accept;
reject;
};
# Uplink über ff Rheinland
template bgp uplink {
local as 65066;
import where is_default();
export filter hostroute;
next hop self;
multihop 64;
default bgp_local_pref 200;
};
protocol bgp ffrl_bb_a_ak_ber from uplink {
source address 100.64.2.159;
neighbor 100.64.2.158 as 201701;
};
protocol bgp ffrl_bb_b_ak_ber from uplink {
source address 100.64.2.161;
neighbor 100.64.2.160 as 201701;
};
protocol bgp ffrl_bb_a_ix_dus from uplink {
source address 100.64.2.163;
neighbor 100.64.2.162 as 201701;
};
protocol bgp ffrl_bb_b_ix_dus from uplink {
source address 100.64.2.165;
neighbor 100.64.2.164 as 201701;
};

94
files/bird-troisdorf7.conf
View File

@ -1,94 +0,0 @@
/*
* This is an example configuration file.
*/
# Yes, even shell-like comments work...
# Configure logging
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
#log syslog all;
#debug protocols all;
# Override router ID
router id 10.188.255.7;
protocol direct {
interface "*";
};
protocol kernel {
device routes;
import all;
export all;
kernel table 42;
};
protocol device {
scan time 8;
};
function is_default() {
return (net ~ [0.0.0.0/0]);
};
# own network
function is_self_net() {
return (net ~ [ 10.188.0.0/16+ ]);
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ 10.0.0.0/8+,
104.0.0.0/8+
];
}
filter hostroute {
if net ~ 185.66.193.107/32 then accept;
reject;
};
# Uplink über ff Rheinland
template bgp uplink {
local as 65066;
import where is_default();
export filter hostroute;
next hop self;
multihop 64;
default bgp_local_pref 200;
};
protocol bgp ffrl_bb_a_ak_ber from uplink {
source address 100.64.6.25;
neighbor 100.64.6.24 as 201701;
};
protocol bgp ffrl_bb_b_ak_ber from uplink {
source address 100.64.6.31;
neighbor 100.64.6.30 as 201701;
};
protocol bgp ffrl_bb_a_ix_dus from uplink {
source address 100.64.6.29;
neighbor 100.64.6.28 as 201701;
};
protocol bgp ffrl_bb_b_ix_dus from uplink {
source address 100.64.6.35;
neighbor 100.64.6.34 as 201701;
};
protocol bgp ffrl_bb_a_fra3_fra from uplink {
source address 100.64.6.27;
neighbor 100.64.6.26 as 201701;
};
protocol bgp ffrl_bb_b_fra3_fra from uplink {
source address 100.64.6.33;
neighbor 100.64.6.32 as 201701;
};

90
files/bird6-troisdorf4.conf
View File

@ -1,90 +0,0 @@
# Configure logging
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
#log syslog all;
#debug protocols all;
# Override router ID
router id 10.188.255.1;
protocol direct {
interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with
}
protocol kernel {
device routes;
import all;
export all; # Default is export none
kernel table 42; # Kernel table to synchronize with (default: main)
}
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
function is_default() {
return (net ~ [::/0]);
}
# own networks
function is_self_net() {
return net ~ [ fda0:747e:ab29:7405::/64+ ];
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ fc00::/7{48,64},
2001:bf7::/32+];
}
filter hostroute {
if net ~ 2a03:2260:121:4000::/52 then accept;
reject;
}
# Uplink zum FF Rheinland
template bgp uplink {
local as 65066;
import where is_default();
export filter hostroute;
gateway recursive;
}
protocol bgp ffrl_bb_a_ak_ber from uplink {
source address 2a03:2260:0:306::2;
neighbor 2a03:2260:0:306::1 as 201701;
}
protocol bgp ffrl_bb_b_ak_ber from uplink {
source address 2a03:2260:0:309::2;
neighbor 2a03:2260:0:309::1 as 201701;
}
protocol bgp ffrl_bb_a_ix_dus from uplink {
source address 2a03:2260:0:308::2;
neighbor 2a03:2260:0:308::1 as 201701;
}
protocol bgp ffrl_bb_b_ix_dus from uplink {
source address 2a03:2260:0:30b::2;
neighbor 2a03:2260:0:30b::1 as 201701;
}
protocol bgp ffrl_bb_a_fra3_fra from uplink {
source address 2a03:2260:0:307::2;
neighbor 2a03:2260:0:307::1 as 201701;
}
protocol bgp ffrl_bb_b_fra3_fra from uplink {
source address 2a03:2260:0:30a::2;
neighbor 2a03:2260:0:30a::1 as 201701;
}

82
files/bird6-troisdorf5.conf
View File

@ -1,82 +0,0 @@
# Configure logging
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
#log syslog all;
#debug protocols all;
# Override router ID
router id 10.188.255.5;
protocol direct {
# interface "*"; # Restrict network interfaces it works with
# interface "bat0", "gre-*", "eth*", "lo"; # Restrict network interfaces it works with
interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with
}
protocol kernel {
device routes;
import all;
export all; # Default is export none
kernel table 42; # Kernel table to synchronize with (default: main)
}
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
function is_default() {
return (net ~ [::/0]);
}
# own networks
function is_self_net() {
return net ~ [ fda0:747e:ab29:7405::/64+ ];
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ fc00::/7{48,64},
2001:bf7::/32+];
}
filter hostroute {
if net ~ 2a03:2260:121:5000::/52 then accept;
reject;
}
# Uplink zum FF Rheinland
template bgp uplink {
local as 65066;
import where is_default();
export filter hostroute;
gateway recursive;
}
protocol bgp ffrl_bb_a_ak_ber from uplink {
source address 2a03:2260:0:155::2;
neighbor 2a03:2260:0:155::1 as 201701;
}
protocol bgp ffrl_bb_b_ak_ber from uplink {
source address 2a03:2260:0:156::2;
neighbor 2a03:2260:0:156::1 as 201701;
}
protocol bgp ffrl_bb_a_ix_dus from uplink {
source address 2a03:2260:0:157::2;
neighbor 2a03:2260:0:157::1 as 201701;
}
protocol bgp ffrl_bb_b_ix_dus from uplink {
source address 2a03:2260:0:158::2;
neighbor 2a03:2260:0:158::1 as 201701;
}

82
files/bird6-troisdorf6.conf
View File

@ -1,82 +0,0 @@
# Configure logging
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
#log syslog all;
#debug protocols all;
# Override router ID
router id 10.188.255.6;
protocol direct {
# interface "*"; # Restrict network interfaces it works with
# interface "bat0", "gre-*", "eth*", "lo"; # Restrict network interfaces it works with
interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with
}
protocol kernel {
device routes;
import all;
export all; # Default is export none
kernel table 42; # Kernel table to synchronize with (default: main)
}
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
function is_default() {
return (net ~ [::/0]);
}
# own networks
function is_self_net() {
return net ~ [ fda0:747e:ab29:7405::/64+ ];
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ fc00::/7{48,64},
2001:bf7::/32+];
}
filter hostroute {
if net ~ 2a03:2260:121:6000::/52 then accept;
reject;
}
# Uplink zum FF Rheinland
template bgp uplink {
local as 65066;
import where is_default();
export filter hostroute;
gateway recursive;
}
protocol bgp ffrl_bb_a_ak_ber from uplink {
source address 2a03:2260:0:159::2;
neighbor 2a03:2260:0:159::1 as 201701;
}
protocol bgp ffrl_bb_b_ak_ber from uplink {
source address 2a03:2260:0:15a::2;
neighbor 2a03:2260:0:15a::1 as 201701;
}
protocol bgp ffrl_bb_a_ix_dus from uplink {
source address a03:2260:0:15b::2;
neighbor 2a03:2260:0:15b::1 as 201701;
}
protocol bgp ffrl_bb_b_ix_dus from uplink {
source address 2a03:2260:0:15c::2;
neighbor 2a03:2260:0:15c::1 as 201701;
}

90
files/bird6-troisdorf7.conf
View File

@ -1,90 +0,0 @@
# Configure logging
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
#log syslog all;
#debug protocols all;
# Override router ID
router id 10.188.255.7;
protocol direct {
interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with
}
protocol kernel {
device routes;
import all;
export all; # Default is export none
kernel table 42; # Kernel table to synchronize with (default: main)
}
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
function is_default() {
return (net ~ [::/0]);
}
# own networks
function is_self_net() {
return net ~ [ fda0:747e:ab29:7405::/64+ ];
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ fc00::/7{48,64},
2001:bf7::/32+];
}
filter hostroute {
if net ~ 2a03:2260:121:7000::/52 then accept;
reject;
}
# Uplink zum FF Rheinland
template bgp uplink {
local as 65066;
import where is_default();
export filter hostroute;
gateway recursive;
}
protocol bgp ffrl_bb_a_ak_ber from uplink {
source address 2a03:2260:0:30c::2;
neighbor 2a03:2260:0:30c::1 as 201701;
}
protocol bgp ffrl_bb_b_ak_ber from uplink {
source address 2a03:2260:0:30f::2;
neighbor 2a03:2260:0:30f::1 as 201701;
}
protocol bgp ffrl_bb_a_ix_dus from uplink {
source address 2a03:2260:0:30e::2;
neighbor 2a03:2260:0:30e::1 as 201701;
}
protocol bgp ffrl_bb_b_ix_dus from uplink {
source address 2a03:2260:0:311::2;
neighbor 2a03:2260:0:311::1 as 201701;
}
protocol bgp ffrl_bb_a_fra3_fra from uplink {
source address 2a03:2260:0:30d::2;
neighbor 2a03:2260:0:30d::1 as 201701;
}
protocol bgp ffrl_bb_b_fra3_fra from uplink {
source address 2a03:2260:0:310::2;
neighbor 2a03:2260:0:310::1 as 201701;
}

15
files/dhcpd.conf.j2
View File

@ -1,15 +0,0 @@
# Version 1.3
ddns-update-style none;
option domain-name "ff";
default-lease-time 300;
max-lease-time 3600;
log-facility local7;
subnet {{ sn_mesh_IPv4_net }} netmask 255.255.224.0 {
authoritative;
range {{ sn_dhcp_range }};
option domain-name-servers {{ sn_mesh_IPv4 }};
option routers {{ sn_mesh_IPv4 }};
option interface-mtu {{ sn_mtu }};
interface bat0;
}
include "/opt/freifunk/static-dhcp/static.conf";

15
files/dhcpd6.conf.j2
View File

@ -1,15 +0,0 @@
# Enable RFC 5007 support (same than for DHCPv4)
allow leasequery;
authoritative;
default-lease-time 300;
max-lease-time 600;
option dhcp6.name-servers {{ sn_mesh_IPv6 }};
option dhcp6.domain-search "ff";
subnet6 {{ sn_mesh_IPv6_net }} {
}

25
files/ff/db.ff.j2
View File

@ -1,25 +0,0 @@
;; db.ff
;; Forwardlookupzone für .ff
;;
$TTL 600
@ IN SOA ff. root.ff. (
2015584544 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
3H ) ; NX (TTL Negativ Cache)
@ IN NS {{ sn_hostname }}.infra.ff.
IN A {{ sn_mesh_IPv4 }}
IN AAAA {{ sn_mesh_IPv6 }}
localhost IN A 127.0.0.1
IN AAAA ::1
nextnode IN A 10.188.0.1
IN AAAA 2a03:2260:121::1
;;This Supernode
{{ sn_hostname }}.infra IN A {{ sn_mesh_IPv4 }}
IN AAAA {{ sn_mesh_IPv6 }}
;; Update Servers
update1.infra IN AAAA 2a03:2260:121:4000:6038:61ff:fe34:3461
update2.infra IN AAAA 2a03:2260:121:4000:6038:61ff:fe34:3461
update3.infra IN AAAA 2a03:2260:121:4000:6038:61ff:fe34:3461

6
files/ff/ff.conf
View File

@ -1,6 +0,0 @@
// Zone declarations for Freifunk
zone "ff" {
type master;
file "/etc/bind/ff/db.ff";
};

164
files/hosts.example
View File

@ -1,164 +0,0 @@
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
#green.example.com
#blue.example.com
#192.168.100.1
#192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
#[webservers]
#alpha.example.org
#beta.example.org
#192.168.1.100
#192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
#www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
#[dbservers]
#
#db01.intranet.mydomain.net
#db02.intranet.mydomain.net
#10.25.1.56
#10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
#db-[99:101]-node.example.com
[freifunk_Lohmar]
82.165.139.113 ansible_ssh_port=2222
[freifunk]
46.4.138.180 ansible_ssh_port=2222
46.4.138.181 ansible_ssh_port=2222
46.4.138.182 ansible_ssh_port=2222
46.4.138.183 ansible_ssh_port=2222
46.4.138.188 ansible_ssh_port=22
46.4.138.189 ansible_ssh_port=22
[freifunk_sn:children]
troisdorf4
troisdorf5
troisdorf6
troisdorf7
[freifunk_sn_l2tp:children]
troisdorf4
troisdorf5
troisdorf6
troisdorf7
[freifunk_sn:vars]
ansible_ssh_port=22
ansible_ssh_user=root
sn_mtu=1312
sn_l2tp_tb_port=53842
sn_l2tp_tb_backup_port=53840
sn_fqdn=freifunk-troisdorf.de
static_dhcp_repo=https://github.com/Freifunk-Troisdorf/static-dhcp.git
root_password_file=/home/localadmin/root_pwd.yml
slack_token_file=/home/localadmin/slack_token.yml
[troisdorf4]
4.freifunk-troisdorf.de
[troisdorf4:vars]
sn_number=4
sn_hostname=troisdorf4
sn_dhcp_range=10.188.8.0 10.188.15.254
sn_mesh_IPv6=2a03:2260:121:4000::4
sn_mesh_IPv6_net=2a03:2260:121:4000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:4000::2
sn_mesh_IPv4=10.188.0.4
sn_mesh_IPv4_brcast=10.188.31.255
sn_mesh_IPv4_net=10.188.0.0
sn_mesh_IPv4_xfer=10.188.0.2
sn_mesh_MAC=a2:8c:ae:6f:f6:04
ul_mesh_MAC=a2:8c:ae:6f:f6:40
sn_ffrl_IPv4=185.66.193.104
sn_exit=1
sn_interface_name=eth0
yanic_domain=tdf
[troisdorf5]
5.fftdf.de
[troisdorf5:vars]
sn_number=5
sn_hostname=troisdorf5
sn_dhcp_range=10.188.40.0 10.188.47.255
sn_mesh_IPv6=2a03:2260:121:5000::5
sn_mesh_IPv6_net=2a03:2260:121:5000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:5000::2
sn_mesh_IPv4=10.188.32.5
sn_mesh_IPv4_brcast=10.188.63.255
sn_mesh_IPv4_net=10.188.32.0
sn_mesh_IPv4_xfer=10.188.32.2
sn_mesh_MAC=a2:8c:ae:6f:f6:05
ul_mesh_MAC=a2:8c:ae:6f:f6:50
sn_ffrl_IPv4=185.66.193.105
sn_exit=1
sn_interface_name=eth0
yanic_domain=inn
[troisdorf6]
6.fftdf.de
[troisdorf6:vars]
sn_number=6
sn_hostname=troisdorf6
sn_dhcp_range=10.188.72.0 10.188.79.255
sn_mesh_IPv6=2a03:2260:121:6000::6
sn_mesh_IPv6_net=2a03:2260:121:6000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:6000::2
sn_mesh_IPv4=10.188.64.6
sn_mesh_IPv4_brcast=10.188.95.255
sn_mesh_IPv4_net=10.188.64.0
sn_mesh_IPv4_xfer=10.188.64.2
sn_mesh_MAC=a2:8c:ae:6f:f6:06
ul_mesh_MAC=a2:8c:ae:6f:f6:60
sn_ffrl_IPv4=185.66.193.106
sn_exit=1
sn_interface_name=eth0
yanic_domain=flu
[troisdorf7]
7.fftdf.de
[troisdorf7:vars]
sn_number=7
sn_hostname=troisdorf7
sn_dhcp_range=10.188.104.0 10.188.111.255
sn_mesh_IPv6=2a03:2260:121:7000::7
sn_mesh_IPv6_net=2a03:2260:121:7000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:7000::2
sn_mesh_IPv4=10.188.96.7
sn_mesh_IPv4_brcast=10.188.127.255
sn_mesh_IPv4_net=10.188.96.0
sn_mesh_IPv4_xfer=10.188.96.2
sn_mesh_MAC=a2:8c:ae:6f:f6:07
ul_mesh_MAC=a2:8c:ae:6f:f6:70
sn_ffrl_IPv4=185.66.193.107
sn_local_exit=1
sn_interface_name=ens18
yanic_domain=evt

142
files/interfaces-troisdorf4.j2
View File

@ -1,142 +0,0 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
up ip address add 185.66.193.104/32 dev lo
iface lo inet6 loopback
up ip address add 2a03:2260:121:4000::105/52 dev lo
# The primary network interface
allow-hotplug {{ sn_interface_name }}
iface {{ sn_interface_name }} inet static
address 46.4.156.114
netmask 255.255.255.255
gateway 163.172.210.1
pointopoint 163.172.210.1
post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
auto 6to4
iface 6to4 inet6 6to4
local 46.4.156.114
# GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
# Berlin Router A
auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static
address 100.64.6.13
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-down ip tunnel del $IFACE
iface gre-bb-a.ak.ber inet6 static
address 2a03:2260:0:306::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Berlin Router B
auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static
address 100.64.6.19
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-down ip tunnel del $IFACE
iface gre-bb-b.ak.ber inet6 static
address 2a03:2260:0:309::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Duesseldorf Router A
auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static
address 100.64.6.17
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-down ip tunnel del $IFACE
iface gre-bb-a.ix.dus inet6 static
address 2a03:2260:0:308::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Duesseldorf Router B
auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static
address 100.64.6.23
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-down ip tunnel del $IFACE
iface gre-bb-b.ix.dus inet6 static
address 2a03:2260:0:30b::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Frankfurt Router A
auto gre-bb-a.fra3.f
iface gre-bb-a.fra3.f inet static
address 100.64.6.15
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-down ip tunnel del $IFACE
iface gre-bb-a.fra3.f inet6 static
address 2a03:2260:0:307::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Frankfurt Router B
auto gre-bb-b.fra3.f
iface gre-bb-b.fra3.f inet static
address 100.64.6.21
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-down ip tunnel del $IFACE
iface gre-bb-b.fra3.f inet6 static
address 2a03:2260:0:30a::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312

106
files/interfaces-troisdorf5.j2
View File

@ -1,106 +0,0 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
up ip address add 185.66.193.105/32 dev lo
iface lo inet6 loopback
up ip address add 2a03:2260:121:5000::105/52 dev lo
# The primary network interface
allow-hotplug {{ sn_interface_name }}
iface {{ sn_interface_name }} inet static
address 46.4.156.115
netmask 255.255.255.240
gateway 46.4.156.113
post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
auto 6to4
iface 6to4 inet6 6to4
local 46.4.156.115
# GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
# Berlin Router A
auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static
address 100.64.2.151
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.195.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-down ip tunnel del $IFACE
iface gre-bb-a.ak.ber inet6 static
address 2a03:2260:0:155::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Berlin Router B
auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static
address 100.64.2.153
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.195.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-down ip tunnel del $IFACE
iface gre-bb-b.ak.ber inet6 static
address 2a03:2260:0:156::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Duesseldorf Router A
auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static
address 100.64.2.155
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.193.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-down ip tunnel del $IFACE
iface gre-bb-a.ix.dus inet6 static
address 2a03:2260:0:157::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Duesseldorf Router B
auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static
address 100.64.2.157
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.193.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-down ip tunnel del $IFACE
iface gre-bb-b.ix.dus inet6 static
address 2a03:2260:0:158::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312

110
files/interfaces-troisdorf6.j2
View File

@ -1,110 +0,0 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
up ip address add 185.66.193.106/32 dev lo
iface lo inet6 loopback
up ip address add 2a03:2260:121:6000::105/52 dev lo
# The primary network interface
allow-hotplug {{ sn_interface_name }}
iface {{ sn_interface_name }} inet static
address 46.4.156.116
netmask 255.255.255.255
gateway 163.172.210.1
pointopoint 163.172.210.1
post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
auto 6to4
iface 6to4 inet6 6to4
local 46.4.156.116
post-up ip6tables -P OUTPUT ACCEPT
post-up ip6tables -A OUTPUT -o $IFACE -d fc00::/7 -j DROP
# GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
# Berlin Router A
auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static
address 100.64.2.159
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.195.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-down ip tunnel del $IFACE
iface gre-bb-a.ak.ber inet6 static
address 2a03:2260:0:159::2/64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
netmask 64
# Berlin Router B
auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static
address 100.64.2.161
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.195.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-down ip tunnel del $IFACE
iface gre-bb-b.ak.ber inet6 static
address 2a03:2260:0:15a::2/64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
netmask 64
# Duesseldorf Router A
auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static
address 100.64.2.163
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.193.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-down ip tunnel del $IFACE
iface gre-bb-a.ix.dus inet6 static
address 2a03:2260:0:15b::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Duesseldorf Router B
auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static
address 100.64.2.165
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.193.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-down ip tunnel del $IFACE
iface gre-bb-b.ix.dus inet6 static
address 2a03:2260:0:15c::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312

141
files/interfaces-troisdorf7.j2
View File

@ -1,141 +0,0 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
up ip address add 185.66.193.107/32 dev lo
iface lo inet6 loopback
up ip address add 2a03:2260:121:7000::107/52 dev lo
# The primary network interface
allow-hotplug {{ sn_interface_name }}
iface {{ sn_interface_name }} inet static
address 93.241.53.100
netmask 255.255.255.0
gateway 93.241.53.1
post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
#auto 6to4
# iface 6to4 inet6 6to4
# local 93.241.53.100
# GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
# Berlin Router A
auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static
address 100.64.6.25
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 93.241.53.100 remote 185.66.195.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-down ip tunnel del $IFACE
iface gre-bb-a.ak.ber inet6 static
address 2a03:2260:0:30c::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Berlin Router B
auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static
address 100.64.6.31
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 93.241.53.100 remote 185.66.195.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-down ip tunnel del $IFACE
iface gre-bb-b.ak.ber inet6 static
address 2a03:2260:0:30f::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Duesseldorf Router A
auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static
address 100.64.6.29
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 93.241.53.100 remote 185.66.193.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-down ip tunnel del $IFACE
iface gre-bb-a.ix.dus inet6 static
address 2a03:2260:0:30e::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Duesseldorf Router B
auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static
address 100.64.6.35
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 93.241.53.100 remote 185.66.193.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-down ip tunnel del $IFACE
iface gre-bb-b.ix.dus inet6 static
address 2a03:2260:0:311::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Frankfurt Router A
auto gre-bb-a.fra3.f
iface gre-bb-a.fra3.f inet static
address 100.64.6.27
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 93.241.53.100 remote 185.66.194.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-down ip tunnel del $IFACE
iface gre-bb-a.fra3.f inet6 static
address 2a03:2260:0:30d::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Frankfurt Router B
auto gre-bb-b.fra3.f
iface gre-bb-b.fra3.f inet static
address 100.64.6.33
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 93.241.53.100 remote 185.66.194.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-down ip tunnel del $IFACE
iface gre-bb-b.fra3.f inet6 static
address 2a03:2260:0:310::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312

34
files/l2tp_backbone.sh.exit.j2
View File

@ -1,34 +0,0 @@
#!/bin/sh
# Version 9
sleep 60
batctl=/usr/local/sbin/batctl
ip=/sbin/ip
communitymacaddress="{{ communitymac }}"
localserver=$(/bin/hostname)
communityname={{ communityname }}
# Rest Starten
$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0
$ip link set up dev bat0
$ip addr add {{ sn_mesh_IPv4 }}/19 broadcast {{ sn_mesh_IPv4_brcast }} dev bat0
$ip -6 addr add {{ sn_mesh_IPv6 }}/64 dev bat0
$ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }} table 42
$ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }}
$ip -6 route add 2a03:2260:121:4000::/52 via {{ sn_mesh_IPv6_xfer }} table 42
$ip -6 route add 2a03:2260:121:5000::/52 via {{ sn_mesh_IPv6_xfer }} table 42
$ip -6 route add 2a03:2260:121:6000::/52 via {{ sn_mesh_IPv6_xfer }} table 42
$ip -6 route add 2a03:2260:121:7000::/52 via {{ sn_mesh_IPv6_xfer }} table 42
/usr/bin/killall batadv-vis
/bin/sleep 15
$batadv -i bat0 -s > /dev/null 2>&1 &
/bin/sleep 15
/usr/sbin/service tunneldigger restart
/usr/sbin/service bind9 restart
/usr/sbin/service bird restart
/usr/sbin/service bird6 restart
/usr/sbin/service isc-dhcp-server restart
/usr/sbin/service radvd restart
$batctl gw server 100Mbit/100Mbit

63
files/l2tp_broker.cfg
View File

@ -1,63 +0,0 @@
[broker]
; IP address the broker will listen and accept tunnels on
address={{ ansible_default_ipv4.address }}
; Ports where the broker will listen on
port={{ sn_l2tp_tb_port }}
; Interface with that IP address
interface={{ sn_interface_name }}
; Maximum number of cached cookies, required for establishing a
; session with the broker
max_cookies=1024
; Maximum number of tunnels that will be allowed by the broker
max_tunnels=150
; Tunnel port base
port_base=15000
; Tunnel id base
tunnel_id_base=100
; Tunnel timeout interval in seconds
tunnel_timeout=60
; Should PMTU discovery be enabled
pmtu_discovery=false
; Namespace (for running multiple brokers); note that you must also
; configure disjunct ports, and tunnel identifiers in order for
; namespacing to work
namespace={{ communityname }}
; Reject connections if there are less than N seconds since the last connection.
; Can be less than a second (e.g., 0.1).
connection_rate_limit=2
; Set PMTU to a fixed value. Use 0 for automatic PMTU discovery. A non-0 value also disables
; PMTU discovery on the client side, by having the server not respond to client-side PMTU
; discovery probes.
pmtu=0
; The batman device of this Hood (e.g. bat2)
batdev=bat0
[log]
; Log filename
filename=/var/log/tunneldigger-broker.log
; Verbosity
verbosity=DEBUG
; Should IP addresses be logged or not
log_ip_addresses=false
[hooks]
; Arguments to the session.{up,pre-down,down} hooks are as follows:
;
; <tunnel_id> <session_id> <interface> <mtu> <endpoint_ip> <endpoint_port> <local_port>
;
; Arguments to the session.mtu-changed hook are as follows:
;
; <tunnel_id> <session_id> <interface> <old_mtu> <new_mtu>
;
; Called after the tunnel interface goes up
session.up=/srv/tunneldigger/bataddif.sh
; Called just before the tunnel interface goes down
session.pre-down=/srv/tunneldigger/batdelif.sh
; Called after the tunnel interface goes down
session.down=
; Called after the tunnel MTU gets changed because of PMTU discovery
session.mtu-changed=

34
files/logrotate.conf
View File

@ -1,34 +0,0 @@
# see "man logrotate" for details
# rotate log files weekly
#weekly
daily
# keep 4 weeks worth of backlogs
#rotate 4
rotate 1
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
missingok
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0660 root utmp
rotate 1
}
# system-specific logs may be configured here

10
files/named.conf.local
View File

@ -1,10 +0,0 @@
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
// Include Freifunk (ff) zones
include "/etc/bind/ff/ff.conf";

26
files/named.conf.options.j2
View File

@ -1,26 +0,0 @@
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on { {{ sn_mesh_IPv4 }}; };
listen-on-v6 { {{ sn_mesh_IPv6 }}; };
};

12
files/radvd.conf.j2
View File

@ -1,12 +0,0 @@
interface bat0 {
AdvSendAdvert on;
IgnoreIfMissing on;
MaxRtrAdvInterval 200;
RDNSS {{ sn_mesh_IPv6 }} {};
prefix {{ sn_mesh_IPv6_net }} {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};

1
files/root_pwd.yml.example
View File

@ -1 +0,0 @@
sn_rootpasswd: xyz

1
files/slack_token.yml.example
View File

@ -1 +0,0 @@
slack_token: "XYZ"

13
files/slacktee.conf.j2
View File

@ -1,13 +0,0 @@
# ----------
# Configuration
# Describes the Incoming Webhook allowing you to post messages into Slack.
# After the configuration, copy this file to /etc or your home directory.
# NOTE : Please rename this file to '.slacktee', if you'd like to place this in your home directory.
# ----------
webhook_url="https://hooks.slack.com/services/{{ slack_token }}" # Incoming Webhooks integration URL. See https://my.slack.com/services/new/incoming-webhook
upload_token="" # The user's API authentication token, only used for file uploads. See https://api.slack.com/#auth
channel="technik" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'.
tmp_dir="/tmp" # Temporary file is created in this directory.
username="slacktee" # Default username to post messages.
icon="ghost" # Default emoji or a direct url to an image to post messages. You don't have to wrap emoji with ':'. See http://www.emoji-cheat-sheet.com.
attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used.

605
files/slacktee.sh
View File

@ -1,605 +0,0 @@
#!/usr/bin/env bash
# ----------
# Default Configuration
# ----------
webhook_url="" # Incoming Webhooks integration URL
upload_token="" # The user's API authentication token, only used for file uploads
channel="general" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'.
tmp_dir="/tmp" # Temporary file is created in this directory.
username="slacktee" # Default username to post messages.
icon="ghost" # Default emoji to post messages. Don't wrap it with ':'. See http://www.emoji-cheat-sheet.com; can be a url too.
attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used.
# ----------
# Initialization
# ----------
me=$(basename "$0")
title=""
mode="buffering"
link=""
textWrapper="\`\`\`"
parseMode=""
fields=()
# Since bash 3 doesn't support the associative array, we store colors and patterns separately
cond_color_colors=()
cond_color_patterns=()
found_pattern_color=""
# This color is used when 'attachment' is used without color specification
internal_default_color="#C0C0C0"
# Since bash 3 doesn't support the associative array, we store prefixes and patterns separately
cond_prefix_prefixes=()
cond_prefix_patterns=()
found_title_prefix=""
function show_help()
{
echo "usage: $me [options]"
echo " options:"
echo " -h, --help Show this help."
echo " -n, --no-buffering Post input values without buffering."
echo " -f, --file Post input values as a file."
echo " -l, --link Add a URL link to the message."
echo " -c, --channel channel_name Post input values to specified channel or user."
echo " -u, --username user_name This username is used for posting."
echo " -i, --icon emoji_name|url This icon is used for posting. You can use a word"
echo " from http://www.emoji-cheat-sheet.com or a direct url to an image."
echo " -t, --title title_string This title is added to posts."
echo " -m, --message-formatting format Switch message formatting (none|link_names|full)."
echo " See https://api.slack.com/docs/formatting for more details."
echo " -p, --plain-text Don't surround the post with triple backticks."
echo " -a, --attachment [color] Use attachment (richly-formatted message)"
echo " Color can be 'good','warning','danger' or any hex color code (eg. #439FE0)"
echo " See https://api.slack.com/docs/attachments for more details."
echo " -e, --field title value Add a field to the attachment. You can specify this multiple times."
echo " -s, --short-field title value Add a short field to the attachment. You can specify this multiple times."
echo " -o, --cond-color color pattern Change the attachment color if the specified Regex pattern matches the input."
echo " You can specify this multile times."
echo " If more than one pattern matches, the latest matched pattern is used."
echo " -d, --cond-prefix prefix pattern This prefix is added to the message, if the specified Regex pattern matches the input."
echo " You can specify this multile times."
echo " If more than one pattern matches, the latest matched pattern is used."
echo " --config config_file Specify the location of the config file."
echo " --setup Setup slacktee interactively."
}
function send_message()
{
message="$1"
# Prepend the prefix to the message, if it's set
if [[ -z $attachment && -n $found_pattern_prefix ]]; then
message="$found_pattern_prefix$message"
# Clear conditional prefix for the nest send
found_pattern_prefix=""
fi
escaped_message=$(echo "$textWrapper\n$message\n$textWrapper" | sed 's/"/\\"/g' | sed "s/'/\\'/g" )
message_attr=""
if [[ $message != "" ]]; then
if [[ -n $attachment ]]; then
# Set message color
message_color="$attachment"
if [[ -n $found_pattern_color ]]; then
message_color="$found_pattern_color"
# Reset with the default color for the next send
found_pattern_color="$attachment"
fi
message_attr="\"attachments\": [{ \"color\": \"$message_color\", \"mrkdwn_in\": [\"text\", \"fields\"], \"text\": \"$escaped_message\" "
if [[ -n $found_pattern_prefix ]]; then
title="$found_pattern_prefix $title"
# Clear conditional prefix for the nest send
found_pattern_prefix=""
fi
if [[ -n $title ]]; then
message_attr="$message_attr, \"title\": \"$title\" "
fi
if [[ -n $link ]]; then
message_attr="$message_attr, \"title_link\": \"$link\" "
fi
if [[ $mode == "file" ]]; then
fields+=("{\"title\": \"Access URL\", \"value\": \"$access_url\" }")
fields+=("{\"title\": \"Download URL\", \"value\": \"$download_url\"}")
fi
if [[ ${#fields[@]} != 0 ]]; then
message_attr="$message_attr, \"fields\": ["
for field in "${fields[@]}"; do
message_attr="$message_attr $field,"
done
message_attr=${message_attr%?} # Remove last comma
message_attr="$message_attr ]"
fi
# Close attachment
message_attr="$message_attr }], "
else
message_attr="\"text\": \"$escaped_message\","
fi
icon_url=""
icon_emoji=""
if echo "$icon" | grep -q "^https\?://.*"; then
icon_url="$icon"
else
icon_emoji=":$icon:"
fi
json="{\"channel\": \"$channel\", \"username\": \"$username\", $message_attr \"icon_emoji\": \"$icon_emoji\", \"icon_url\": \"$icon_url\" $parseMode}"
post_result=$(curl -X POST --data-urlencode "payload=$json" "$webhook_url" 2> /dev/null)
exit_code=1
if [[ $post_result == "ok" ]]; then
exit_code=0
fi
fi
}
function process_line()
{
echo "$1"
line="$(echo "$1" | sed $'s/\t/ /g')"
# Check the patterns of the conditional colors
# If more than one pattern matches, the latest pattern is used
if [[ ${#cond_color_patterns[@]} != 0 ]]; then
for i in "${!cond_color_patterns[@]}"; do
if [[ $line =~ ${cond_color_patterns[$i]} ]]; then
found_pattern_color=${cond_color_colors[$i]}
fi
done
fi
# Check the patterns of the conditional titles
# If more than one pattern matches, the latest pattern is used
if [[ ${#cond_prefix_patterns[@]} != 0 ]]; then
for i in "${!cond_prefix_patterns[@]}"; do
if [[ $line =~ ${cond_prefix_patterns[$i]} ]]; then
found_pattern_prefix=${cond_prefix_prefixes[$i]}
if [[ -n $attachment || $mode != "no-buffering" ]]; then
# Append a line break to the prefix for better formatting
found_pattern_prefix="$found_pattern_prefix\n"
else
# Append a space to the prefix for better formatting
found_pattern_prefix="$found_pattern_prefix "
fi
fi
done
fi
if [[ $mode == "no-buffering" ]]; then
prefix=''
if [[ -z $attachment ]]; then
prefix=$title
fi
send_message "$prefix$line"
elif [[ $mode == "file" ]]; then
echo "$line" >> "$filename"
else
if [[ -z "$text" ]]; then
text="$line"
else
text="$text\n$line"
fi
fi
}
function setup()
{
if [[ -z "$HOME" ]]; then
echo "\$HOME is not defined. Please set it first."
exit 1
fi
local_conf="$HOME/.slacktee"
if [[ -e "$local_conf" ]]; then
echo ".slacktee is found in your home directory."
read -p "Are you sure to overwrite it? [y/n] :" choice
case "$choice" in
y|Y )
# Continue
;;
* )
exit 0 # Abort
;;
esac
fi
# Load current local config
. $local_conf
# Start setup
read -p "Incoming Webhook URL [$webhook_url]: " input_webhook_url
if [[ -z "$input_webhook_url" ]]; then
input_webhook_url=$webhook_url
fi
read -p "Upload Token [$upload_token]: " input_upload_token
if [[ -z "$input_upload_token" ]]; then
input_upload_token=$upload_token
fi
read -p "Temporary Directory [$tmp_dir]: " input_tmp_dir
if [[ -z "$input_tmp_dir" ]]; then
input_tmp_dir=$tmp_dir
fi
read -p "Default Channel [$channel]: " input_channel
if [[ -z "$input_channel" ]]; then
input_channel=$channel
fi
read -p "Default Username [$username]: " input_username
if [[ -z "$input_username" ]]; then
input_username=$username
fi
read -p "Default Icon: [$icon]: " input_icon
if [[ -z "$input_icon" ]]; then
input_icon=$icon
fi
read -p "Default color of the attachment. (empty string disables attachment) [$attachment]: " input_attachment
if [[ -z "$input_attachment" ]]; then
input_attachment=$attachment
elif [[ $input_attachment == '""' || $input_attachment == "''" ]]; then
input_attachment=""
fi
cat <<- EOF | sed 's/^[[:space:]]*//' > "$local_conf"
webhook_url="$input_webhook_url"
upload_token="$input_upload_token"
tmp_dir="$input_tmp_dir"
channel="$input_channel"
username="$input_username"
icon="$input_icon"
attachment="$input_attachment"
EOF
}
# ----------
# Parse command line options
# ----------
OPTIND=1
while [[ $# -gt 0 ]]; do
opt="$1"
shift
case "$opt" in
-h|\?|--help)
show_help
exit 0
;;
-n|--no-buffering)
mode="no-buffering"
;;
-f|--file)
mode="file"
;;
-l|--link)
link="$1"
shift
;;
-c|--channel)
opt_channel="$1"
shift
;;
-u|--username)
opt_username="$1"
shift
;;
-i|--icon)
opt_icon="$1"
shift
;;
-t|--title)
title="$1"
shift
;;
-d|--cond-prefix)
case "$1" in
-*|'')
# Found next command line option or empty. Error.
echo "a prefix of the conditional title was not specified"
show_help
exit 1
;;
*)
# Prefix should be found
case "$2" in
-*|'')
# Found next command line option or empty. Error.
echo "a pattern of the conditional title was not specified"
show_help
exit 1
;;
*)
# Set the prefix and the pattern to arrays
cond_prefix_prefixes+=("$1")
cond_prefix_patterns+=("$2")
shift
shift
;;
esac
;;
esac
;;
-m|--message-formatting)
case "$1" in
none)
parseMode=', "parse": "none"'
;;
link_names)
parseMode=', "link_names": "1"'
;;
full)
parseMode=', "parse": "full"'
;;
*)
echo "unknown message formatting option"
show_help
exit 1
;;
esac
shift
;;
-p|--plain-text)
textWrapper=""
;;
-a|--attachment)
case "$1" in
-*|'')
# Found next command line option
opt_attachment="$internal_default_color" # Use default color
;;
\#*|good|warning|danger)
# Found hex color code or predefined colors
opt_attachment="$1"
shift
;;
*)
echo "unknown attachment color"
show_help
exit 1
;;
esac
;;
-o|--cond-color)
case "$1" in
-*|'')
# Found next command line option or empty. Error.
echo "a color of the conditional color was not specified"
show_help
exit 1
;;
\#*|good|warning|danger)
# Found hex color code or predefined colors
case "$2" in
-*|'')
# Found next command line option or empty. Error.
echo "a pattern of the conditional color was not specified"
show_help
exit 1
;;
*)
# Set the color and the pattern to arrays
cond_color_colors+=("$1")
cond_color_patterns+=("$2")
shift
shift
;;
esac
;;
*)
echo "unknown attachment color $1"
show_help
exit 1
;;
esac
;;
-e|-s|--field|--short-field)
case "$1" in
-*|'')
# Found next command line option or empty. Error.
echo "field title was not specified"
show_help
exit 1
;;
*)
case "$2" in
-*|'')
# Found next command line option or empty. Error.
echo "field value was not specified"
show_help
exit 1
;;
*)
if [[ $opt == "-s" || $opt == "--short-field" ]]; then
fields+=("{\"title\": \"$1\", \"value\": \"$2\", \"short\": true}")
else
fields+=("{\"title\": \"$1\", \"value\": \"$2\"}")
fi
shift
shift
;;
esac
esac
;;
--config)
CUSTOM_CONFIG=$1
shift
;;
--setup)
setup
exit 1
;;
*)
echo "illegal option $opt"
show_help
exit 1
;;
esac
done
# ---------
# Read in our configurations
# ---------
if [[ -e "/etc/slacktee.conf" ]]; then
. /etc/slacktee.conf
fi
if [[ -n "$HOME" && -e "$HOME/.slacktee" ]]; then
. "$HOME/.slacktee"
fi
if [[ -e "$CUSTOM_CONFIG" ]]; then
. $CUSTOM_CONFIG
fi
# Overwrite webhook_url if the environment variable SLACKTEE_WEBHOOK is set
if [[ "$SLACKTEE_WEBHOOK" != "" ]]; then
webhook_url="$SLACKTEE_WEBHOOK"
fi
# Overwrite upload_token if the environment variable SLACKTEE_TOKEN is set
if [[ "$SLACKTEE_TOKEN" != "" ]]; then
upload_token="$SLACKTEE_TOKEN"
fi
# Overwrite channel if it's specified in the command line option
if [[ "$opt_channel" != "" ]]; then
channel="$opt_channel"
fi
# Overwrite username if it's specified in the command line option
if [[ "$opt_username" != "" ]]; then
username="$opt_username"
fi
# Overwrite icon if it's specified in the command line option
if [[ "$opt_icon" != "" ]]; then
icon="$opt_icon"
fi
# Overwrite attachment if it's specified in the command line option
if [[ "$opt_attachment" != "" ]]; then
attachment="$opt_attachment"
fi
# Set the default color to attachment if it's still empty and the length of the cond_color_patterns is not 0
if [[ -z $attachment ]] && [[ ${#cond_color_patterns[@]} != 0 ]]; then
attachment="$internal_default_color"
fi
# ----------
# Validate configurations
# ----------
if [[ $webhook_url == "" ]]; then
echo "Please setup the webhook url of this incoming webhook integration."
exit 1
fi
if [[ $upload_token == "" && $mode == "file" ]]; then
echo "Please provide the authentication token for file uploads."
exit 1
fi
if [[ $channel == "" ]]; then
echo "Please specify a channel."
exit 1
elif [[ ( "$channel" != "#"* ) && ( "$channel" != "@"* ) ]]; then
channel="#$channel"
fi
if [[ -n "$icon" ]]; then
icon=${icon#:} # remove leading ':'
icon=${icon%:} # remove trailing ':'
fi
# ----------
# Start script
# ----------
text=""
if [[ -n "$title" || -n "$link" ]]; then
# Use link as title, if title is not specified
if [[ -z "$title" ]]; then
title="$link"
fi
# Add title to filename in the file mode
if [[ "$mode" == "file" ]]; then
filetitle=$(echo "$title"|sed 's/[ /:.]//g')
filetitle="$filetitle-"
fi
if [[ -z "$attachment" ]]; then
if [[ "$mode" == "no-buffering" ]]; then
if [[ -n "$link" ]]; then
title="<$link|$title>: "
else
title="$title: "
fi
elif [[ "$mode" == "file" ]]; then
if [[ -n "$link" ]]; then
title="<$link|$title>"
fi
else
if [[ -n "$link" ]]; then
text="-- <$link|$title> --\n"
else
text="-- $title --\n"
fi
fi
fi
fi
timestamp="$(date +'%m%d%Y-%H%M%S')"
filename="$tmp_dir/$filetitle$$-$timestamp.log"
if [[ "$mode" == "file" ]]; then
touch $filename
fi
exit_code=0
while IFS='' read line; do
process_line "$line"
done
if [[ -n $line ]]; then
process_line "$line"
fi
if [[ "$mode" == "buffering" ]]; then
send_message "$text"
elif [[ "$mode" == "file" ]]; then
if [[ -s "$filename" ]]; then
channels_param=""
if [[ ( "$channel" == "#"* ) ]]; then
# Set channels for making the file public
channels_param="-F channels=$channel"
fi
result="$(curl -F file=@"$filename" -F token="$upload_token" $channels_param https://slack.com/api/files.upload 2> /dev/null)"
access_url="$(echo "$result" | awk 'match($0, /url_private":"([^"]*)"/) {print substr($0, RSTART+14, RLENGTH-15)}'|sed 's/\\//g')"
download_url="$(echo "$result" | awk 'match($0, /url_private_download":"([^"]*)"/) {print substr($0, RSTART+23, RLENGTH-24)}'|sed 's/\\//g')"
if [[ -n "$attachment" ]]; then
text="Input file has been uploaded"
else
if [[ "$title" != "" ]]; then
title=" of $title"
fi
text="Input file$title has been uploaded.\n$access_url\n\nYou can download it from the link below.\n$download_url"
fi
send_message "$text"
fi
# Clean up the temp file
rm "$filename"
fi
exit $exit_code

58
files/sn_startup.exit.sh.j2
View File

@ -1,58 +0,0 @@
#!/bin/sh
# Version 1.91
sleep 5
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
# Activate IP forwarding
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
/sbin/sysctl -w net.ipv4.ip_forward=1
# restart when kernel panic
/sbin/sysctl kernel.panic=1
# Routing table 42
/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables
# Set table for traffice with mark 4
/bin/ip rule add fwmark 0x4 table 42
/bin/ip -6 rule add fwmark 0x4 table 42
# Set mark 4 to Freifunk traffic
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
# All from FF IPv4 via routing table 42
/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42
# Allow MAC address spoofing
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
# Create Tunneldigger Bridge
/sbin/brctl addbr br-nodes
/sbin/ip link set dev br-nodes up address 2E:9D:FA:A1:6B:0{{ sn_number }}
/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP
/usr/local/sbin/batctl if add br-nodes
/bin/sleep 90
/bin/systemctl restart radvd
/bin/sleep 2
/bin/systemctl retsrat tunneldigger
/bin/sleep 2
/bin/systemctl restart bird
/bin/sleep 2
/bin/systemctl restart bird6
/bin/sleep 2
/bin/systemctl restart respondd
/bin/sleep 2
/bin/systemctl stop isc-dhcp-server
/bin/sleep 2
/usr/bin/killall dhcpd
/bin/sleep 2
/bin/rm /var/run/dhcpd.pid
/bin/sleep 2
/bin/systemctl start isc-dhcp-server
exit 0

57
files/sn_startup.local.exit.sh.j2
View File

@ -1,57 +0,0 @@
#!/bin/sh
# Version 1.91
sleep 5
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
# Activate IP forwarding
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
/sbin/sysctl -w net.ipv4.ip_forward=1
# restart when kernel panic
/sbin/sysctl kernel.panic=1
# Routing table 42
/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables
# Set table for traffice with mark 4
/bin/ip rule add fwmark 0x4 table 42
/bin/ip -6 rule add fwmark 0x4 table 42
# Set mark 4 to Freifunk traffic
#/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
#/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
# All from FF IPv4 via routing table 42
#/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
#/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42
# Allow MAC address spoofing
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
# Create Tunneldigger Bridge
/sbin/brctl addbr br-nodes
/sbin/ip link set dev br-nodes up address 2E:9D:FA:A1:6B:0{{ sn_number }}
/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP
/usr/local/sbin/batctl if add br-nodes
/bin/sleep 90
/bin/systemctl restart radvd
/bin/sleep 2
/bin/systemctl retsrat tunneldigger
/bin/sleep 2
/bin/systemctl restart bird
/bin/sleep 2
/bin/systemctl restart bird6
/bin/sleep 2
/bin/systemctl restart respondd
/bin/sleep 2
/bin/systemctl stop isc-dhcp-server
/bin/sleep 2
/usr/bin/killall dhcpd
/bin/sleep 2
/bin/rm /var/run/dhcpd.pid
/bin/sleep 2
/bin/systemctl start isc-dhcp-server
exit 0

11
files/start-broker.sh
View File

@ -1,11 +0,0 @@
#!/bin/bash
WDIR=/srv/tunneldigger/env_tunneldigger
VIRTUALENV_DIR=/srv/tunneldigger/env_tunneldigger
cd $WDIR
source $VIRTUALENV_DIR/bin/activate
$VIRTUALENV_DIR/bin/python -m tunneldigger_broker.main ../l2tp_broker.cfg
#bin/python broker/l2tp_broker.py ../l2tp_broker.cfg

9
files/tunneldigger.service
View File

@ -1,9 +0,0 @@
[Unit]
Description = Start tunneldigger L2TPv3 broker
After = network.target
[Service]
ExecStart = /srv/tunneldigger/start-broker.sh
[Install]
WantedBy = multi-user.target

199
files/yanic.conf.j2
View File

@ -1,199 +0,0 @@
# This is the config file for Yanic written in "Tom's Obvious, Minimal Language."
# syntax: https://github.com/toml-lang/toml
# (if you need somethink multiple times, checkout out the [[array of table]] section)
# Send respondd request to update information
[respondd]
enable = true
# Delay startup until a multiple of the period since zero time
synchronize = "1m"
# how often request per multicast
collect_interval = "1m"
[[respondd.interfaces]]
# name of interface on which this collector is running
ifname = "bat0"
# ip address which is used for sending
# (optional - without definition used a address of ifname - prefered link local)
#ip_address = "fd2f:5119:f2d::5"
# disable sending multicast respondd request
# (for receiving only respondd packages e.g. database respondd)
#send_no_request = false
# multicast address to destination of respondd
# (optional - without definition used default ff05::2:1001)
#multicast_address = "ff02::2:1001"
# define a port to listen
# if not set or set to 0 the kernel will use a random free port at its own
#port = 10001
# A little build-in webserver, which statically serves a directory.
# This is useful for testing purposes or for a little standalone installation.
[webserver]
enable = true
bind = "0.0.0.0:80"
webroot = "/opt/freifunk/yanic/"
[nodes]
# Cache file
# a json file to cache all data collected directly from respondd
state_path = "/var/lib/yanic/state.json"
# prune data in RAM, cache-file and output json files (i.e. nodes.json)
# that were inactive for longer than
prune_after = "7d"
# Export nodes and graph periodically
save_interval = "5s"
# Set node to offline if not seen within this period
offline_after = "10m"
## [[nodes.output.example]]
# Each output format has its own config block and needs to be enabled by adding:
#enable = true
#
# For each output format there can be set different filters
#[nodes.output.example.filter]
#
# WARNING: if it is not set, it will publish contact information of other persons
# Set to true, if you did not want the json files to contain the owner information
#no_owner = true
#
# List of nodeids of nodes that should be filtered out, so they won't appear in output
#blacklist = ["00112233445566", "1337f0badead"]
#
# List of site_codes of nodes that should be included in the output
#sites = ["ffhb"]
#
# set has_location to true if you want to include only nodes that have geo-coordinates set
# (setting this to false has no sensible effect, unless you'd want to hide nodes that have coordinates)
#has_location = true
#[respondd.sites.fftdf]
#domains = ["tdf-tdf"]
#[nodes.output.meshviewer-ffrgb.filter]
#no_owner = true
#blacklist = []
#sites = ["flu","tdf","inn"]
#[nodes.output.example.filter.in_area]
# nodes outside this area are not shown on the map but are still listed as a node without coordinates
#latitude_min = 34.30
#latitude_max = 71.85
#longitude_min = -24.96
#longitude_max = 39.72
# definition for the new more compressed meshviewer.json
[[nodes.output.meshviewer-ffrgb]]
enable = true
path = "/opt/freifunk/yanic/meshviewer.json"
[nodes.output.meshviewer-ffrgb.filter]
# WARNING: if it is not set, it will publish contact information of other persons
no_owner = false
#blacklist = ["00112233445566", "1337f0badead"]
#sites = ["ffhb"]
#has_location = true
#[nodes.output.meshviewer-ffrgb.filter.in_area]
#latitude_min = 34.30
#latitude_max = 71.85
#longitude_min = -24.96
#longitude_max = 39.72
# definition for nodes.json
[[nodes.output.meshviewer]]
enable = true
# The structure version of the output which should be generated (i.e. nodes.json)
# version 1 is accepted by the legacy meshviewer (which is the master branch)
# i.e. https://github.com/ffnord/meshviewer/tree/master
# version 2 is accepted by the new versions of meshviewer (which are in the legacy develop branch or newer)
# i.e. https://github.com/ffnord/meshviewer/tree/dev
# https://github.com/ffrgb/meshviewer/tree/develop
version = 2
# path where to store nodes.json
nodes_path = "/opt/freifunk/yanic/nodes.json"
# path where to store graph.json
graph_path = "/opt/freifunk/yanic/graph.json"
[nodes.output.meshviewer.filter]
# WARNING: if it is not set, it will publish contact information of other persons
no_owner = false
# definition for nodelist.json
[[nodes.output.nodelist]]
enable = true
path = "/opt/freifunk/yanic/nodelist.json"
[nodes.output.nodelist.filter]
# WARNING: if it is not set, it will publish contact information of other persons
no_owner = false
[database]
# this will send delete commands to the database to prune data
# which is older than:
delete_after = "7d"
# how often run the cleaning
delete_interval = "1h"
## [[database.connection.example]]
# Each database-connection has its own config block and needs to be enabled by adding:
#enable = true
# Save collected data to InfluxDB.
# There are the following measurments:
# node: store node specific data i.e. clients memory, airtime
# global: store global data, i.e. count of clients and nodes
# firmware: store the count of nodes tagged with firmware
# model: store the count of nodes tagged with hardware model
[[database.connection.influxdb]]
enable = true
address = "http://195.201.17.16:8886"
database = "freifunk"
username = "freifunk"
password = "dude1990"
# Tagging of the data (optional)
[database.connection.influxdb.tags]
# Tags used by Yanic would override the tags from this config
# nodeid, hostname, owner, model, firmware_base, firmware_release,frequency11g and frequency11a are tags which are already used
#tagname1 = "tagvalue 1"
# some useful e.g.:
#system = "productive"
#site = "ffhb"
# Graphite settings
[[database.connection.graphite]]
enable = false
address = "localhost:2003"
# Graphite is replacing every "." in the metric name with a slash "/" and uses
# that for the file system hierarchy it generates. it is recommended to at least
# move the metrics out of the root namespace (that would be the empty prefix).
# If you only intend to run one community and only freifunk on your graphite node
# then the prefix can be set to anything (including the empty string) since you
# probably wont care much about "polluting" the namespace.
prefix = "freifunk"
# respondd (yanic)
# forward collected respondd package to a address
# (e.g. to another respondd collector like a central yanic instance or hopglass)
[[database.connection.respondd]]
enable = false
# type of network to create a connection
type = "udp6"
# destination address to connect/send respondd package
address = "stats.bremen.freifunk.net:11001"
# Logging
[[database.connection.logging]]
enable = false
path = "/var/log/yanic.log"

161
hosts
View File

@ -1,161 +0,0 @@
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
#green.example.com
#blue.example.com
#192.168.100.1
#192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
#[webservers]
#alpha.example.org
#beta.example.org
#192.168.1.100
#192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
#www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
#[dbservers]
#
#db01.intranet.mydomain.net
#db02.intranet.mydomain.net
#10.25.1.56
#10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
#db-[99:101]-node.example.com
[freifunk]
#46.4.138.180 ansible_ssh_port=2222
#46.4.138.181 ansible_ssh_port=2222
#46.4.138.182 ansible_ssh_port=2222
#46.4.138.183 ansible_ssh_port=2222
#46.4.138.188 ansible_ssh_port=22
#46.4.138.189 ansible_ssh_port=22
[freifunk_sn:children]
troisdorf4
troisdorf5
troisdorf6
troisdorf7
#[freifunk_sn_l2tp:children]
#troisdorf4
#troisdorf5
#troisdorf6
#troisdorf7
[freifunk_sn:vars]
ansible_ssh_port=22
ansible_ssh_user=root
sn_mtu=1312
sn_l2tp_tb_port=53842
sn_fqdn=freifunk-troisdorf.de
static_dhcp_repo=https://github.com/Freifunk-Troisdorf/static-dhcp.git
root_password_file=/home/localadmin/root_pwd.yml
slack_token_file=/home/localadmin/slack_token.yml
communitymac=a2:8c:ae:6f:f6
communityname=troisdorf
[troisdorf4]
4.freifunk-troisdorf.de
[troisdorf4:vars]
sn_number=4
sn_hostname=troisdorf4
sn_dhcp_range=10.188.8.0 10.188.15.254
sn_mesh_IPv6=2a03:2260:121:4000::4
sn_mesh_IPv6_net=2a03:2260:121:4000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:4000::2
sn_mesh_IPv4=10.188.0.4
sn_mesh_IPv4_brcast=10.188.31.255
sn_mesh_IPv4_net=10.188.0.0
sn_mesh_IPv4_xfer=10.188.0.2
sn_mesh_MAC=a2:8c:ae:6f:f6:04
ul_mesh_MAC=a2:8c:ae:6f:f6:40
sn_ffrl_IPv4=185.66.193.104
sn_exit=1
sn_interface_name=eth0
yanic_domain=tdf
[troisdorf5]
5.fftdf.de
[troisdorf5:vars]
sn_number=5
sn_hostname=troisdorf5
sn_dhcp_range=10.188.40.0 10.188.47.255
sn_mesh_IPv6=2a03:2260:121:5000::5
sn_mesh_IPv6_net=2a03:2260:121:5000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:5000::2
sn_mesh_IPv4=10.188.32.5
sn_mesh_IPv4_brcast=10.188.63.255
sn_mesh_IPv4_net=10.188.32.0
sn_mesh_IPv4_xfer=10.188.32.2
sn_mesh_MAC=a2:8c:ae:6f:f6:05
ul_mesh_MAC=a2:8c:ae:6f:f6:50
sn_ffrl_IPv4=185.66.193.105
sn_exit=1
sn_interface_name=eth0
yanic_domain=inn
[troisdorf6]
6.fftdf.de
[troisdorf6:vars]
sn_number=6
sn_hostname=troisdorf6
sn_dhcp_range=10.188.72.0 10.188.79.255
sn_mesh_IPv6=2a03:2260:121:6000::6
sn_mesh_IPv6_net=2a03:2260:121:6000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:6000::2
sn_mesh_IPv4=10.188.64.6
sn_mesh_IPv4_brcast=10.188.95.255
sn_mesh_IPv4_net=10.188.64.0
sn_mesh_IPv4_xfer=10.188.64.2
sn_mesh_MAC=a2:8c:ae:6f:f6:06
ul_mesh_MAC=a2:8c:ae:6f:f6:60
sn_ffrl_IPv4=185.66.193.106
sn_exit=1
sn_interface_name=eth0
yanic_domain=flu
[troisdorf7]
7.fftdf.de
[troisdorf7:vars]
sn_number=7
sn_hostname=troisdorf7
sn_dhcp_range=10.188.104.0 10.188.111.255
sn_mesh_IPv6=2a03:2260:121:7000::7
sn_mesh_IPv6_net=2a03:2260:121:7000::/64
sn_mesh_IPv6_xfer=2a03:2260:121:7000::2
sn_mesh_IPv4=10.188.96.7
sn_mesh_IPv4_brcast=10.188.127.255
sn_mesh_IPv4_net=10.188.96.0
sn_mesh_IPv4_xfer=10.188.96.2
sn_mesh_MAC=a2:8c:ae:6f:f6:07
ul_mesh_MAC=a2:8c:ae:6f:f6:70
sn_ffrl_IPv4=185.66.193.107
sn_local_exit=1
sn_interface_name=ens18
yanic_domain=evt

310
install.sn.yml
View File

@ -1,310 +0,0 @@
# First install ssh-key at remote computer
# In case of python error start:
# ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y"
- name: Install Freifunk Troisdorf super node
hosts: all
sudo: False
user: root
gather_facts: False
vars:
# Internal verion number
snversion: 2019_v3.1.7
common_required_packages:
- git
- make
- gcc
- build-essential
- pkg-config
- libgps-dev
- libnl-3-dev
- libjansson-dev
- isc-dhcp-server
- libcap-dev
- iproute
- libnetfilter-conntrack3
- python-dev
- libevent-dev
- ebtables
- python-virtualenv
- iptables-persistent
- iftop
- screen
- bridge-utils
- tcpdump
- bind9
- radvd
- curl
- htop
- psmisc
- dnsutils
- ntp
- libnl-genl-3-dev
- virtualenv
- batman-adv
- batctl
- libffi-dev
- libnetfilter-conntrack-dev
- libnfnetlink-dev
- speedtest-cli
- ethtool
- prometheus-node-exporter
modules_required:
- batman-adv
- nf_conntrack_netlink
- nf_conntrack
- nfnetlink
- l2tp_netlink
- l2tp_core
- l2tp_eth
tunneldigger_scripts:
- start-broker.sh
- batdelif.sh
tunneldigger_service:
- tunneldigger.service
respondd_service:
- respondd_service
broker_cfg:
- l2tp_broker.cfg
authorized_keys:
- authorized_keys
logrotate_config:
- logrotate.conf
tasks:
- name: Remove cdrom in sources.list
raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list"
- name: Make this server ansible compatible
raw: "apt-get update && apt-get install python apt-transport-https dirmngr -y"
- name: Adding Freifuck GPG Key
raw: "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B2522557E6AB9BF5"
# apt_key:
# id: B2522557E6AB9BF5
# url: https://keyserver.ubuntu.com
# url: https://pool.sks-keyservers.net
# url: https://sks.pod01.fleetstreetops.com
# state: present
- name: Import Slack token
include_vars: "{{ slack_token_file }}"
- name: Import root password
include_vars: "{{ root_password_file }}"
- name: Add Freifuck repo to source list
apt_repository: repo='deb https://freifuck.de/debian stretch main' state=present
- name: Add backport repo to source list
apt_repository: repo='deb http://http.debian.net/debian stretch-backports main' state=present
- name: Update apt cache
apt: update_cache=yes
- name: Gathering facts
setup:
- name: Set IPv4 in hostfile
lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv4.address }}' line='{{ ansible_default_ipv4.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present
- name: Set IPv6 in hostfile
lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv6.address }}' line='{{ ansible_default_ipv6.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present
when: ansible_default_ipv6.address is defined
- name: set hostname
hostname: name='{{ sn_hostname }}'
register: sethostname
- name: disable multi CPU Kernel (SMP) # Batman don not like SMP
lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present
register: grubnosmp
- name: Update grub
shell: update-grub2
when: grubnosmp.changed
- name: Reboot the server
shell: sleep 2 && shutdown -r now "Ansible updates triggered, no SMP"
async: 1
poll: 0
ignore_errors: true
when: sethostname.changed
- name: waiting for server to come back (1st)
local_action:
wait_for
host={{ inventory_hostname }}
port=22
delay=20
timeout=300
when: hosts.changed
when: sethostname.changed
- name: Install common required packages
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items: "{{ common_required_packages }}"
register: aptupdates
- name: Set clock
shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start
- name: Get Tunneldigger
git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger
register: tunneldigger
when: aptupdates.changed
- name: Configure tunneldigger
raw: "cd /srv/tunneldigger && virtualenv env_tunneldigger && source env_tunneldigger/bin/activate && cd broker && python setup.py install"
when: tunneldigger.changed
- name: Copy l2tp broker config template
template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444
with_items: "{{ broker_cfg }}"
when: tunneldigger.changed
- name: Copy tunneldigger script template
template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500
when: tunneldigger.changed
- name: Copy tunneldigger scripts
copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500
with_items: "{{ tunneldigger_scripts }}"
when: tunneldigger.changed
- name: Copy tunneldigger service template
copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444
with_items: "{{ tunneldigger_service }}"
when: tunneldigger.changed
- name: Add modules
lineinfile: dest=/etc/modules line={{ item }}
with_items: "{{ modules_required }}"
register: modules_req
- name: Tunneldigger reload
command: "{{item}}"
with_items:
- systemctl daemon-reload
- systemctl enable tunneldigger.service
when: tunneldigger.changed
- name: Copy logrotate config
copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500
with_items: "{{logrotate_config}}"
- name: Create freifunk directory
file: path=/opt/freifunk state=directory mode=0755
- name: Copy dhcpd template file
template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
register: dhcpd
- name: Copy dhcpd6 template file
template: src=./files/dhcpd6.conf.j2 dest=/etc/dhcp/dhcpd6.conf owner=root group=root mode=0444
- name: Clone static DHCP config
git: repo="{{ static_dhcp_repo }}" dest=/opt/freifunk/static-dhcp
when: dhcpd.changed
- name: Add cron static DHCP
cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh"
when: dhcpd.changed
- name: Replace interface line ISC-DHCP-server
lineinfile:
dest: /etc/default/isc-dhcp-server
regexp: 'INTERFACESv4='
line: 'INTERFACESv4="br-nodes"'
when: dhcpd.changed
- name: Restart dhcpd
service: name=isc-dhcp-server state=restarted
when: dhcpd.changed
ignore_errors: yes
- name: Add cron backbone script
cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh"
- name: Add cron startup script
cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh"
- name: Copy backbone script
template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
- name: Exit node startup script super- and exitnode
template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_exit is defined
- name: Exit node startup script super- and exitnode
template: src=./files/sn_startup.local.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_local_exit is defined
- name: SSH authorized_keys
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
with_items: "{{ authorized_keys }}"
- name: Bind9, activate ff zone
lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/ff/ff.conf";' state=present
- name: Copy option template
template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
- name: Create ff directory
file: path=/etc/bind/ff state=directory
- name: Copy FF Zones
copy: src=./files/ff/{{ item }} dest=/etc/bind/ff/{{ item }} owner=root group=bind mode=644
with_items:
- ff.conf
- name: Copy ff Zone config template
template: src=./files/ff/db.ff.j2 dest=/etc/bind/ff/db.ff owner=bind group=root mode=0444
- name: Copy radvd config template
template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444
- name: Interface configuration with ffrl gre tunnel
template: src=./files/interfaces-{{ sn_hostname }}.j2 dest=/etc/network/interfaces owner=root group=root mode=0544
- apt: update_cache=yes
- name: Install bird
apt: state=present pkg=bird
- name: Bird configuration
copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444
- name: Bird configuration
copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444
- name: Create Yanic user
user:
name: yanic
comment: "Yanic service user"
- name: Create Yanic folder
file: path=/opt/freifunk/yanic state=directory mode=0755 owner=yanic group=yanic
- name: Copy Yanic config template
template: src=./files/yanic.conf.j2 dest=/etc/yanic.conf owner=yanic group=yanic mode=0444
- name: Shit go stuff
shell: cd /usr/local && wget https://dl.google.com/go/go1.13.1.linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz && tar xvf go-release-linux-amd64.tar.gz && rm go-release-linux-amd64.tar.gz
- name: Adjust path for go
lineinfile:
dest: /root/.bashrc
line: "{{ item }}"
with_items:
- export GOPATH=/opt/go
- export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
- name: Compile go
shell: go get -v -u github.com/Freifunk-Troisdorf/yanic
- name: Copy and enable yanic service
shell: cp /opt/go/src/github.com/Freifunk-Troisdorf/yanic/contrib/init/linux-systemd/yanic.service /lib/systemd/system/yanic.service && systemctl daemon-reload && systemctl enable yanic
- name: Get respondd
git: repo=https://github.com/Freifunk-Troisdorf/mesh-announce.git dest=/opt/mesh-announce
- name: Copy respondd service template
shell: cp /opt/mesh-announce/respondd.service /etc/systemd/system
- name: Enable respondd service
shell: systemctl daemon-reload && systemctl enable respondd
- name: Copy Slacktee Config
template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544
- name: Copy Slacktee
copy: src=./files/slacktee.sh dest=/usr/local/bin/slacktee.sh owner=root group=root mode=0744
- name: set netfilter rules
lineinfile:
dest: /etc/sysctl.conf
line: "{{ item }}"
with_items:
- net.ipv4.netfilter.ip_conntrack_generic_timeout = 240
- net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000
- net.netfilter.nf_conntrack_max = 65536
- name: check modprobe.conf
stat: path=/etc/modprobe.conf
register: modprobe1
- name: create /etc/modprobe.conf when not present
file: path=/etc/modprobe.conf state=touch owner=root group=root mode=0544
when: modprobe1.stat.exists == False
- name: check /etc/modprobe.conf
lineinfile: dest=/etc/modprobe.conf line="options ip_conntrack hashsize=65536"
- name: Change root password
user:
name: root
password: "{{ sn_rootpasswd }}"
- name: Logrotate rights
file: path=/etc/logrotate.conf mode=0644 owner=root group=root
- name: Wirte version information
shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version
- name: Reboot the server finally
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
when: tunneldigger.changed
- name: waiting for server to come back
local_action:
wait_for
host={{ inventory_hostname }}
port=22
delay=20
timeout=300
when: tunneldigger.changed
- name: Send notification message via Slack
local_action:
module: slack
token: "{{ slack_token }}"
msg: "{{ inventory_hostname }} completed with {{ snversion }}"
channel: "#technik"
username: "Ansible on {{ inventory_hostname }}"
parse: 'none'