From b59eea9f8a4428edfb8b265ca20eecc8ca67d51e Mon Sep 17 00:00:00 2001 From: Stefan Date: Thu, 5 May 2022 20:02:22 +0200 Subject: [PATCH] removed old ansible --- README.md | 12 - Todo | 40 -- files/authorized_keys | 7 - files/bataddif.sh.j2 | 17 - files/batdelif.sh | 4 - files/bird-troisdorf4.conf | 94 ----- files/bird-troisdorf5.conf | 84 ----- files/bird-troisdorf6.conf | 84 ----- files/bird-troisdorf7.conf | 94 ----- files/bird6-troisdorf4.conf | 90 ----- files/bird6-troisdorf5.conf | 82 ---- files/bird6-troisdorf6.conf | 82 ---- files/bird6-troisdorf7.conf | 90 ----- files/dhcpd.conf.j2 | 15 - files/dhcpd6.conf.j2 | 15 - files/ff/db.ff.j2 | 25 -- files/ff/ff.conf | 6 - files/hosts.example | 164 -------- files/interfaces-troisdorf4.j2 | 142 ------- files/interfaces-troisdorf5.j2 | 106 ------ files/interfaces-troisdorf6.j2 | 110 ------ files/interfaces-troisdorf7.j2 | 141 ------- files/l2tp_backbone.sh.exit.j2 | 34 -- files/l2tp_broker.cfg | 63 ---- files/logrotate.conf | 34 -- files/named.conf.local | 10 - files/named.conf.options.j2 | 26 -- files/radvd.conf.j2 | 12 - files/root_pwd.yml.example | 1 - files/slack_token.yml.example | 1 - files/slacktee.conf.j2 | 13 - files/slacktee.sh | 605 ------------------------------ files/sn_startup.exit.sh.j2 | 58 --- files/sn_startup.local.exit.sh.j2 | 57 --- files/start-broker.sh | 11 - files/tunneldigger.service | 9 - files/yanic.conf.j2 | 199 ---------- hosts | 161 -------- install.sn.yml | 310 --------------- 39 files changed, 3108 deletions(-) delete mode 100644 README.md delete mode 100644 Todo delete mode 100644 files/authorized_keys delete mode 100644 files/bataddif.sh.j2 delete mode 100644 files/batdelif.sh delete mode 100644 files/bird-troisdorf4.conf delete mode 100644 files/bird-troisdorf5.conf delete mode 100644 files/bird-troisdorf6.conf delete mode 100644 files/bird-troisdorf7.conf delete mode 100644 files/bird6-troisdorf4.conf delete mode 100644 files/bird6-troisdorf5.conf delete mode 100644 files/bird6-troisdorf6.conf delete mode 100644 files/bird6-troisdorf7.conf delete mode 100644 files/dhcpd.conf.j2 delete mode 100644 files/dhcpd6.conf.j2 delete mode 100644 files/ff/db.ff.j2 delete mode 100644 files/ff/ff.conf delete mode 100644 files/hosts.example delete mode 100644 files/interfaces-troisdorf4.j2 delete mode 100644 files/interfaces-troisdorf5.j2 delete mode 100644 files/interfaces-troisdorf6.j2 delete mode 100644 files/interfaces-troisdorf7.j2 delete mode 100644 files/l2tp_backbone.sh.exit.j2 delete mode 100644 files/l2tp_broker.cfg delete mode 100644 files/logrotate.conf delete mode 100644 files/named.conf.local delete mode 100644 files/named.conf.options.j2 delete mode 100644 files/radvd.conf.j2 delete mode 100644 files/root_pwd.yml.example delete mode 100644 files/slack_token.yml.example delete mode 100644 files/slacktee.conf.j2 delete mode 100644 files/slacktee.sh delete mode 100644 files/sn_startup.exit.sh.j2 delete mode 100644 files/sn_startup.local.exit.sh.j2 delete mode 100644 files/start-broker.sh delete mode 100644 files/tunneldigger.service delete mode 100644 files/yanic.conf.j2 delete mode 100644 hosts delete mode 100644 install.sn.yml diff --git a/README.md b/README.md deleted file mode 100644 index 0155002..0000000 --- a/README.md +++ /dev/null @@ -1,12 +0,0 @@ -Ansible file to manage Freifunk Troisdorf supernodes -example: ansible-playbook install.sn.yml -l hosts - -To install a individual host you have to start it explicit with the target server -example: ansible-playbook install.sn.yml -l hosts -l troisdorf7 -v - -The hosts file is the most important file. - -You will find some example files: -files/hosts.example -files/root_pwd.yml.example -files/slack_token.yml.example diff --git a/Todo b/Todo deleted file mode 100644 index 1ff3375..0000000 --- a/Todo +++ /dev/null @@ -1,40 +0,0 @@ -TODO - -1. Statisches Routing über Interconnect Router - -================================================================== -# SN 4 -# FFTDF Interconnect Routen -ip route add 10.188.32.0/19 via 10.188.0.2 table 42 -ip route add 10.188.64.0/19 via 10.188.0.2 table 42 -ip route add 10.188.96.0/19 via 10.188.0.2 table 42 -ip -6 route add 2a03:2260:121:5000::/64 via 2a03:2260:121:4000::2 table 42 -ip -6 route add 2a03:2260:121:6000::/64 via 2a03:2260:121:4000::2 table 42 -ip -6 route add 2a03:2260:121:7000::/64 via 2a03:2260:121:4000::2 table 42 -# SN 5 -# FFTDF Interconnect Routen -ip route add 10.188.0.0/19 via 10.188.32.2 table 42 -ip route add 10.188.64.0/19 via 10.188.32.2 table 42 -ip route add 10.188.96.0/19 via 10.188.32.2 table 42 -ip -6 route add 2a03:2260:121:4000::/64 via 2a03:2260:121:5000::2 table 42 -ip -6 route add 2a03:2260:121:6000::/64 via 2a03:2260:121:5000::2 table 42 -ip -6 route add 2a03:2260:121:7000::/64 via 2a03:2260:121:5000::2 table 42 -# SN 6 -# FFTDF Interconnect Routen -ip route add 10.188.0.0/19 via 10.188.64.2 table 42 -ip route add 10.188.32.0/19 via 10.188.64.2 table 42 -ip route add 10.188.96.0/19 via 10.188.64.2 table 42 -ip -6 route add 2a03:2260:121:4000::/64 via 2a03:2260:121:6000::2 table 42 -ip -6 route add 2a03:2260:121:5000::/64 via 2a03:2260:121:6000::2 table 42 -ip -6 route add 2a03:2260:121:7000::/64 via 2a03:2260:121:6000::2 table 42 -# SN 7 -# FFTDF Interconnect Routen -ip route add 10.188.0.0/19 via 10.188.96.2 table 42 -ip route add 10.188.32.0/19 via 10.188.96.2 table 42 -ip route add 10.188.64.0/19 via 10.188.96.2 table 42 -ip -6 route add 2a03:2260:121:4000::/64 via 2a03:2260:121:7000::2 table 42 -ip -6 route add 2a03:2260:121:5000::/64 via 2a03:2260:121:7000::2 table 42 -ip -6 route add 2a03:2260:121:6000::/64 via 2a03:2260:121:7000::2 table 42 - -================================================================== - diff --git a/files/authorized_keys b/files/authorized_keys deleted file mode 100644 index ef0e440..0000000 --- a/files/authorized_keys +++ /dev/null @@ -1,7 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDPUaWm37b93Lqmg1wMj0qvUURBKpWsRiRUzzRAaQrIdhcZjo0Gkw4vv7tpFQCmvWqxUpzH00GDKjLrMvNfcv+5b0Ctl06Bo+e4nb2SVsFhjaP9MLIjHiKpgivIPx9aKwxKx/VjsW920eWOG+VaDKIJTxPGUYedaUgIktvhutAbOyRR/OJlIZ3Qs0cnyT4KTM4pe4br2p3+mNs6J7G+z8Lw99WiUBfUwsRLVO68nJA2PKlJNEUGJycngqV06iQpcDfei88DFRMetN9bhVYxWFIzCQfjjqs8dkomEhfFQwfOTYiOouhaycZABwU4pPmQwZIkp1q4KduodU/KYsf78WitYgavHVInWBQuAUljafwQpTLHy8AI6M3XmbKi5rvNZiy4hoxfaT7rYJGuBoTwsZEHI7Sf26XsyQKJdu29mmIYPpzPKP7VAyjAVLqruLX1Yy0oZuM22YFFj5MHuoEN3WdXOYymvZyOM05xXeQk6gVh3EE6MpbK8CFz1KPNEjd+vce1zUyACDvqdt6ZIjqmUdivBsvHDTqMgH9mSxjjjwLy+Sd7snXx0bqksTdPChAlXN9vs3ez8FJl0P4inzjza8l8zGqaa2A1CsO8dRcyojohczLYoTHWQTB3tVIdcj55UIE= Roman - -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux - -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsaIe542Vk0/sH0GEEMPhjDHBip0PI6OX/teuTLu/osvdb9Hj7432HUlEsiw8cfkCZBXtkQGlYXRVjiZkRxc8CzDpOkq75ZcqTfhmf/tCejBbgSFfdruViU11cFHIdznOqe3PeFM+8BJzHf2Gwnb5P/Q0RDYQ05Hfr9LhQVw3IXM2VInE+xR0sMj2rNr8g8lYa9X/+boElwqFiJqaRyb61XI0DYIXuxFQkg/E2bxvrtbrYJt9Pv5Mu0HYY2Q+xGqOGwPjxtqIixG9ne4EkiQkshFhfnTegfRMmhuSa0G6+Qqh5e4RPbtCGOW27tqXNUo0zDtcNaoWqUCIDkplTlUsimXT8PO+qiwMpXuVBYiwLat3N97kin8GAXoxYdrYdALopLbbkWx/7e06vqwBmF4tsPMcTRKOEIJgWIAVyxxr999Q5GNWA52m7iTNIWH1ExeTm/FQrbU4QCY6YThqhC3AVTYcUINNVZuFp19tNkNydUDOqPtwG0c+Bi8y15RBPUzQDbTgTR3zayuiOc26MYH4SGoSGNKeQjbJWr8MDsGi+NGMs2crYXirYVziPPXdY+im3fBH3UuRDkfbfvl4gXpDYxEUh/8GYdMLnttk2ifoBtlynEhxyunoKm7Z3V8mTikON70/ko6QkOmei/r/F+V9Se6FFsOTUIufwu6BC9+hBkw== localadmin@ansible - -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ== Nils Jakobi diff --git a/files/bataddif.sh.j2 b/files/bataddif.sh.j2 deleted file mode 100644 index 8796dd6..0000000 --- a/files/bataddif.sh.j2 +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -INTERFACE="$3" -MAC="$8" -brctl=/sbin/brctl -BLOCKLISTE=$(/bin/cat /opt/freifunk/tunneldigger-blacklist.txt) -wget -q -O /opt/freifunk/tunneldigger-blacklist.txt https://raw.githubusercontent.com/Freifunk-Troisdorf/tunneldigger-blockliste/master/macs.txt - -/bin/ip link set dev $INTERFACE up mtu 1312 - -for i in $BLOCKLISTE; -do - if [[ $i == $MAC ]]; then - exit 1 - fi -done - -$brctl addif br-nodes $INTERFACE diff --git a/files/batdelif.sh b/files/batdelif.sh deleted file mode 100644 index 029b3ca..0000000 --- a/files/batdelif.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -INTERFACE="$3" - -/sbin/brctl delif br-nodes $INTERFACE diff --git a/files/bird-troisdorf4.conf b/files/bird-troisdorf4.conf deleted file mode 100644 index 682386b..0000000 --- a/files/bird-troisdorf4.conf +++ /dev/null @@ -1,94 +0,0 @@ -/* - * This is an example configuration file. - */ - -# Yes, even shell-like comments work... - -# Configure logging -#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; -#log stderr all; -#log "tmp" all; -#log syslog all; - -#debug protocols all; - -# Override router ID -router id 10.188.255.1; - - -protocol direct { - interface "*"; -}; - -protocol kernel { - device routes; - import all; - export all; - kernel table 42; -}; - -protocol device { - scan time 8; -}; - -function is_default() { - return (net ~ [0.0.0.0/0]); -}; - -# own network -function is_self_net() { - return (net ~ [ 10.188.0.0/16+ ]); -} - -# freifunk ip ranges in general -function is_freifunk() { - return net ~ [ 10.0.0.0/8+, - 104.0.0.0/8+ - ]; -} - -filter hostroute { - if net ~ 185.66.193.104/32 then accept; - reject; -}; - -# Uplink über ff Rheinland -template bgp uplink { - local as 65066; - import where is_default(); - export filter hostroute; - next hop self; - multihop 64; - default bgp_local_pref 200; -}; - -protocol bgp ffrl_bb_a_ak_ber from uplink { - source address 100.64.6.13; - neighbor 100.64.6.12 as 201701; -}; - -protocol bgp ffrl_bb_b_ak_ber from uplink { - source address 100.64.6.19; - neighbor 100.64.6.18 as 201701; -}; - -protocol bgp ffrl_bb_a_ix_dus from uplink { - source address 100.64.6.17; - neighbor 100.64.6.16 as 201701; -}; - -protocol bgp ffrl_bb_b_ix_dus from uplink { - source address 100.64.6.23; - neighbor 100.64.6.22 as 201701; -}; - -protocol bgp ffrl_bb_a_fra3_fra from uplink { - source address 100.64.6.15; - neighbor 100.64.6.14 as 201701; -}; - -protocol bgp ffrl_bb_b_fra3_fra from uplink { - source address 100.64.6.21; - neighbor 100.64.6.20 as 201701; -}; - diff --git a/files/bird-troisdorf5.conf b/files/bird-troisdorf5.conf deleted file mode 100644 index 1e8b899..0000000 --- a/files/bird-troisdorf5.conf +++ /dev/null @@ -1,84 +0,0 @@ -/* - * This is an example configuration file. - */ - -# Yes, even shell-like comments work... - -# Configure logging -#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; -#log stderr all; -#log "tmp" all; -#log syslog all; - -#debug protocols all; - -# Override router ID -router id 10.188.255.5; - - -protocol direct { - interface "*"; -}; - -protocol kernel { - device routes; - import all; - export all; - kernel table 42; -}; - -protocol device { - scan time 8; -}; - -function is_default() { - return (net ~ [0.0.0.0/0]); -}; - -# own network -function is_self_net() { - return (net ~ [ 10.188.0.0/16+ ]); -} - -# freifunk ip ranges in general -function is_freifunk() { - return net ~ [ 10.0.0.0/8+, - 104.0.0.0/8+ - ]; -} - -filter hostroute { - if net ~ 185.66.193.105/32 then accept; - reject; -}; - -# Uplink über ff Rheinland -template bgp uplink { - local as 65066; - import where is_default(); - export filter hostroute; - next hop self; - multihop 64; - default bgp_local_pref 200; -}; - -protocol bgp ffrl_bb_a_ak_ber from uplink { - source address 100.64.2.151; - neighbor 100.64.2.150 as 201701; -}; - -protocol bgp ffrl_bb_b_ak_ber from uplink { - source address 100.64.2.153; - neighbor 100.64.2.152 as 201701; -}; - -protocol bgp ffrl_bb_a_ix_dus from uplink { - source address 100.64.2.155; - neighbor 100.64.2.154 as 201701; -}; - -protocol bgp ffrl_bb_b_ix_dus from uplink { - source address 100.64.2.157; - neighbor 100.64.2.156 as 201701; -}; - diff --git a/files/bird-troisdorf6.conf b/files/bird-troisdorf6.conf deleted file mode 100644 index b2a4b57..0000000 --- a/files/bird-troisdorf6.conf +++ /dev/null @@ -1,84 +0,0 @@ -/* - * This is an example configuration file. - */ - -# Yes, even shell-like comments work... - -# Configure logging -#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; -#log stderr all; -#log "tmp" all; -#log syslog all; - -#debug protocols all; - -# Override router ID -router id 10.188.255.6; - - -protocol direct { - interface "*"; -}; - -protocol kernel { - device routes; - import all; - export all; - kernel table 42; -}; - -protocol device { - scan time 8; -}; - -function is_default() { - return (net ~ [0.0.0.0/0]); -}; - -# own network -function is_self_net() { - return (net ~ [ 10.188.0.0/16+ ]); -} - -# freifunk ip ranges in general -function is_freifunk() { - return net ~ [ 10.0.0.0/8+, - 104.0.0.0/8+ - ]; -} - -filter hostroute { - if net ~ 185.66.193.106/32 then accept; - reject; -}; - -# Uplink über ff Rheinland -template bgp uplink { - local as 65066; - import where is_default(); - export filter hostroute; - next hop self; - multihop 64; - default bgp_local_pref 200; -}; - -protocol bgp ffrl_bb_a_ak_ber from uplink { - source address 100.64.2.159; - neighbor 100.64.2.158 as 201701; -}; - -protocol bgp ffrl_bb_b_ak_ber from uplink { - source address 100.64.2.161; - neighbor 100.64.2.160 as 201701; -}; - -protocol bgp ffrl_bb_a_ix_dus from uplink { - source address 100.64.2.163; - neighbor 100.64.2.162 as 201701; -}; - -protocol bgp ffrl_bb_b_ix_dus from uplink { - source address 100.64.2.165; - neighbor 100.64.2.164 as 201701; -}; - diff --git a/files/bird-troisdorf7.conf b/files/bird-troisdorf7.conf deleted file mode 100644 index 3a8a043..0000000 --- a/files/bird-troisdorf7.conf +++ /dev/null @@ -1,94 +0,0 @@ -/* - * This is an example configuration file. - */ - -# Yes, even shell-like comments work... - -# Configure logging -#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; -#log stderr all; -#log "tmp" all; -#log syslog all; - -#debug protocols all; - -# Override router ID -router id 10.188.255.7; - - -protocol direct { - interface "*"; -}; - -protocol kernel { - device routes; - import all; - export all; - kernel table 42; -}; - -protocol device { - scan time 8; -}; - -function is_default() { - return (net ~ [0.0.0.0/0]); -}; - -# own network -function is_self_net() { - return (net ~ [ 10.188.0.0/16+ ]); -} - -# freifunk ip ranges in general -function is_freifunk() { - return net ~ [ 10.0.0.0/8+, - 104.0.0.0/8+ - ]; -} - -filter hostroute { - if net ~ 185.66.193.107/32 then accept; - reject; -}; - -# Uplink über ff Rheinland -template bgp uplink { - local as 65066; - import where is_default(); - export filter hostroute; - next hop self; - multihop 64; - default bgp_local_pref 200; -}; - -protocol bgp ffrl_bb_a_ak_ber from uplink { - source address 100.64.6.25; - neighbor 100.64.6.24 as 201701; -}; - -protocol bgp ffrl_bb_b_ak_ber from uplink { - source address 100.64.6.31; - neighbor 100.64.6.30 as 201701; -}; - -protocol bgp ffrl_bb_a_ix_dus from uplink { - source address 100.64.6.29; - neighbor 100.64.6.28 as 201701; -}; - -protocol bgp ffrl_bb_b_ix_dus from uplink { - source address 100.64.6.35; - neighbor 100.64.6.34 as 201701; -}; - -protocol bgp ffrl_bb_a_fra3_fra from uplink { - source address 100.64.6.27; - neighbor 100.64.6.26 as 201701; -}; - -protocol bgp ffrl_bb_b_fra3_fra from uplink { - source address 100.64.6.33; - neighbor 100.64.6.32 as 201701; -}; - diff --git a/files/bird6-troisdorf4.conf b/files/bird6-troisdorf4.conf deleted file mode 100644 index 570e6fa..0000000 --- a/files/bird6-troisdorf4.conf +++ /dev/null @@ -1,90 +0,0 @@ -# Configure logging -#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; -#log stderr all; -#log "tmp" all; -#log syslog all; - -#debug protocols all; - -# Override router ID -router id 10.188.255.1; - -protocol direct { - interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with - -} - - -protocol kernel { - device routes; - import all; - export all; # Default is export none - kernel table 42; # Kernel table to synchronize with (default: main) -} - -protocol device { - scan time 10; # Scan interfaces every 10 seconds -} - -function is_default() { - return (net ~ [::/0]); -} - -# own networks -function is_self_net() { -return net ~ [ fda0:747e:ab29:7405::/64+ ]; -} - -# freifunk ip ranges in general -function is_freifunk() { -return net ~ [ fc00::/7{48,64}, -2001:bf7::/32+]; -} - -filter hostroute { - if net ~ 2a03:2260:121:4000::/52 then accept; - reject; -} - - - -# Uplink zum FF Rheinland -template bgp uplink { - local as 65066; - import where is_default(); - export filter hostroute; - gateway recursive; -} - - -protocol bgp ffrl_bb_a_ak_ber from uplink { - source address 2a03:2260:0:306::2; - neighbor 2a03:2260:0:306::1 as 201701; -} - -protocol bgp ffrl_bb_b_ak_ber from uplink { - source address 2a03:2260:0:309::2; - neighbor 2a03:2260:0:309::1 as 201701; -} - - -protocol bgp ffrl_bb_a_ix_dus from uplink { - source address 2a03:2260:0:308::2; - neighbor 2a03:2260:0:308::1 as 201701; -} - -protocol bgp ffrl_bb_b_ix_dus from uplink { - source address 2a03:2260:0:30b::2; - neighbor 2a03:2260:0:30b::1 as 201701; -} - -protocol bgp ffrl_bb_a_fra3_fra from uplink { - source address 2a03:2260:0:307::2; - neighbor 2a03:2260:0:307::1 as 201701; -} - -protocol bgp ffrl_bb_b_fra3_fra from uplink { - source address 2a03:2260:0:30a::2; - neighbor 2a03:2260:0:30a::1 as 201701; -} - diff --git a/files/bird6-troisdorf5.conf b/files/bird6-troisdorf5.conf deleted file mode 100644 index d2cc760..0000000 --- a/files/bird6-troisdorf5.conf +++ /dev/null @@ -1,82 +0,0 @@ -# Configure logging -#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; -#log stderr all; -#log "tmp" all; -#log syslog all; - -#debug protocols all; - -# Override router ID -router id 10.188.255.5; - -protocol direct { -# interface "*"; # Restrict network interfaces it works with -# interface "bat0", "gre-*", "eth*", "lo"; # Restrict network interfaces it works with - interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with - -} - - -protocol kernel { - device routes; - import all; - export all; # Default is export none - kernel table 42; # Kernel table to synchronize with (default: main) -} - -protocol device { - scan time 10; # Scan interfaces every 10 seconds -} - -function is_default() { - return (net ~ [::/0]); -} - -# own networks -function is_self_net() { -return net ~ [ fda0:747e:ab29:7405::/64+ ]; -} - -# freifunk ip ranges in general -function is_freifunk() { -return net ~ [ fc00::/7{48,64}, -2001:bf7::/32+]; -} - -filter hostroute { - if net ~ 2a03:2260:121:5000::/52 then accept; - reject; -} - - - -# Uplink zum FF Rheinland -template bgp uplink { - local as 65066; - import where is_default(); - export filter hostroute; - gateway recursive; -} - - -protocol bgp ffrl_bb_a_ak_ber from uplink { - source address 2a03:2260:0:155::2; - neighbor 2a03:2260:0:155::1 as 201701; -} - -protocol bgp ffrl_bb_b_ak_ber from uplink { - source address 2a03:2260:0:156::2; - neighbor 2a03:2260:0:156::1 as 201701; -} - - -protocol bgp ffrl_bb_a_ix_dus from uplink { - source address 2a03:2260:0:157::2; - neighbor 2a03:2260:0:157::1 as 201701; -} - -protocol bgp ffrl_bb_b_ix_dus from uplink { - source address 2a03:2260:0:158::2; - neighbor 2a03:2260:0:158::1 as 201701; -} - diff --git a/files/bird6-troisdorf6.conf b/files/bird6-troisdorf6.conf deleted file mode 100644 index 0864ac2..0000000 --- a/files/bird6-troisdorf6.conf +++ /dev/null @@ -1,82 +0,0 @@ -# Configure logging -#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; -#log stderr all; -#log "tmp" all; -#log syslog all; - -#debug protocols all; - -# Override router ID -router id 10.188.255.6; - -protocol direct { -# interface "*"; # Restrict network interfaces it works with -# interface "bat0", "gre-*", "eth*", "lo"; # Restrict network interfaces it works with - interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with - -} - - -protocol kernel { - device routes; - import all; - export all; # Default is export none - kernel table 42; # Kernel table to synchronize with (default: main) -} - -protocol device { - scan time 10; # Scan interfaces every 10 seconds -} - -function is_default() { - return (net ~ [::/0]); -} - -# own networks -function is_self_net() { -return net ~ [ fda0:747e:ab29:7405::/64+ ]; -} - -# freifunk ip ranges in general -function is_freifunk() { -return net ~ [ fc00::/7{48,64}, -2001:bf7::/32+]; -} - -filter hostroute { - if net ~ 2a03:2260:121:6000::/52 then accept; - reject; -} - - - -# Uplink zum FF Rheinland -template bgp uplink { - local as 65066; - import where is_default(); - export filter hostroute; - gateway recursive; -} - - -protocol bgp ffrl_bb_a_ak_ber from uplink { - source address 2a03:2260:0:159::2; - neighbor 2a03:2260:0:159::1 as 201701; -} - -protocol bgp ffrl_bb_b_ak_ber from uplink { - source address 2a03:2260:0:15a::2; - neighbor 2a03:2260:0:15a::1 as 201701; -} - - -protocol bgp ffrl_bb_a_ix_dus from uplink { - source address a03:2260:0:15b::2; - neighbor 2a03:2260:0:15b::1 as 201701; -} - -protocol bgp ffrl_bb_b_ix_dus from uplink { - source address 2a03:2260:0:15c::2; - neighbor 2a03:2260:0:15c::1 as 201701; -} - diff --git a/files/bird6-troisdorf7.conf b/files/bird6-troisdorf7.conf deleted file mode 100644 index 53cfd5b..0000000 --- a/files/bird6-troisdorf7.conf +++ /dev/null @@ -1,90 +0,0 @@ -# Configure logging -#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; -#log stderr all; -#log "tmp" all; -#log syslog all; - -#debug protocols all; - -# Override router ID -router id 10.188.255.7; - -protocol direct { - interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with - -} - - -protocol kernel { - device routes; - import all; - export all; # Default is export none - kernel table 42; # Kernel table to synchronize with (default: main) -} - -protocol device { - scan time 10; # Scan interfaces every 10 seconds -} - -function is_default() { - return (net ~ [::/0]); -} - -# own networks -function is_self_net() { -return net ~ [ fda0:747e:ab29:7405::/64+ ]; -} - -# freifunk ip ranges in general -function is_freifunk() { -return net ~ [ fc00::/7{48,64}, -2001:bf7::/32+]; -} - -filter hostroute { - if net ~ 2a03:2260:121:7000::/52 then accept; - reject; -} - - - -# Uplink zum FF Rheinland -template bgp uplink { - local as 65066; - import where is_default(); - export filter hostroute; - gateway recursive; -} - - -protocol bgp ffrl_bb_a_ak_ber from uplink { - source address 2a03:2260:0:30c::2; - neighbor 2a03:2260:0:30c::1 as 201701; -} - -protocol bgp ffrl_bb_b_ak_ber from uplink { - source address 2a03:2260:0:30f::2; - neighbor 2a03:2260:0:30f::1 as 201701; -} - - -protocol bgp ffrl_bb_a_ix_dus from uplink { - source address 2a03:2260:0:30e::2; - neighbor 2a03:2260:0:30e::1 as 201701; -} - -protocol bgp ffrl_bb_b_ix_dus from uplink { - source address 2a03:2260:0:311::2; - neighbor 2a03:2260:0:311::1 as 201701; -} - -protocol bgp ffrl_bb_a_fra3_fra from uplink { - source address 2a03:2260:0:30d::2; - neighbor 2a03:2260:0:30d::1 as 201701; -} - -protocol bgp ffrl_bb_b_fra3_fra from uplink { - source address 2a03:2260:0:310::2; - neighbor 2a03:2260:0:310::1 as 201701; -} - diff --git a/files/dhcpd.conf.j2 b/files/dhcpd.conf.j2 deleted file mode 100644 index d381959..0000000 --- a/files/dhcpd.conf.j2 +++ /dev/null @@ -1,15 +0,0 @@ -# Version 1.3 -ddns-update-style none; -option domain-name "ff"; -default-lease-time 300; -max-lease-time 3600; -log-facility local7; -subnet {{ sn_mesh_IPv4_net }} netmask 255.255.224.0 { -authoritative; -range {{ sn_dhcp_range }}; -option domain-name-servers {{ sn_mesh_IPv4 }}; -option routers {{ sn_mesh_IPv4 }}; -option interface-mtu {{ sn_mtu }}; -interface bat0; -} -include "/opt/freifunk/static-dhcp/static.conf"; diff --git a/files/dhcpd6.conf.j2 b/files/dhcpd6.conf.j2 deleted file mode 100644 index 670a0d8..0000000 --- a/files/dhcpd6.conf.j2 +++ /dev/null @@ -1,15 +0,0 @@ -# Enable RFC 5007 support (same than for DHCPv4) -allow leasequery; - -authoritative; - -default-lease-time 300; -max-lease-time 600; - -option dhcp6.name-servers {{ sn_mesh_IPv6 }}; - -option dhcp6.domain-search "ff"; - -subnet6 {{ sn_mesh_IPv6_net }} { -} - diff --git a/files/ff/db.ff.j2 b/files/ff/db.ff.j2 deleted file mode 100644 index a46175e..0000000 --- a/files/ff/db.ff.j2 +++ /dev/null @@ -1,25 +0,0 @@ -;; db.ff -;; Forwardlookupzone für .ff -;; -$TTL 600 -@ IN SOA ff. root.ff. ( - 2015584544 ; Serial - 8H ; Refresh - 2H ; Retry - 4W ; Expire - 3H ) ; NX (TTL Negativ Cache) - -@ IN NS {{ sn_hostname }}.infra.ff. - IN A {{ sn_mesh_IPv4 }} - IN AAAA {{ sn_mesh_IPv6 }} -localhost IN A 127.0.0.1 - IN AAAA ::1 -nextnode IN A 10.188.0.1 - IN AAAA 2a03:2260:121::1 -;;This Supernode -{{ sn_hostname }}.infra IN A {{ sn_mesh_IPv4 }} - IN AAAA {{ sn_mesh_IPv6 }} -;; Update Servers -update1.infra IN AAAA 2a03:2260:121:4000:6038:61ff:fe34:3461 -update2.infra IN AAAA 2a03:2260:121:4000:6038:61ff:fe34:3461 -update3.infra IN AAAA 2a03:2260:121:4000:6038:61ff:fe34:3461 diff --git a/files/ff/ff.conf b/files/ff/ff.conf deleted file mode 100644 index c720df4..0000000 --- a/files/ff/ff.conf +++ /dev/null @@ -1,6 +0,0 @@ -// Zone declarations for Freifunk - -zone "ff" { - type master; - file "/etc/bind/ff/db.ff"; -}; diff --git a/files/hosts.example b/files/hosts.example deleted file mode 100644 index 6af41d7..0000000 --- a/files/hosts.example +++ /dev/null @@ -1,164 +0,0 @@ -# This is the default ansible 'hosts' file. -# -# It should live in /etc/ansible/hosts -# -# - Comments begin with the '#' character -# - Blank lines are ignored -# - Groups of hosts are delimited by [header] elements -# - You can enter hostnames or ip addresses -# - A hostname/ip can be a member of multiple groups - -# Ex 1: Ungrouped hosts, specify before any group headers. - -#green.example.com -#blue.example.com -#192.168.100.1 -#192.168.100.10 - -# Ex 2: A collection of hosts belonging to the 'webservers' group - -#[webservers] -#alpha.example.org -#beta.example.org -#192.168.1.100 -#192.168.1.110 - -# If you have multiple hosts following a pattern you can specify -# them like this: - -#www[001:006].example.com - -# Ex 3: A collection of database servers in the 'dbservers' group - -#[dbservers] -# -#db01.intranet.mydomain.net -#db02.intranet.mydomain.net -#10.25.1.56 -#10.25.1.57 - -# Here's another example of host ranges, this time there are no -# leading 0s: - -#db-[99:101]-node.example.com - - - -[freifunk_Lohmar] -82.165.139.113 ansible_ssh_port=2222 - -[freifunk] -46.4.138.180 ansible_ssh_port=2222 -46.4.138.181 ansible_ssh_port=2222 -46.4.138.182 ansible_ssh_port=2222 -46.4.138.183 ansible_ssh_port=2222 -46.4.138.188 ansible_ssh_port=22 -46.4.138.189 ansible_ssh_port=22 - -[freifunk_sn:children] -troisdorf4 -troisdorf5 -troisdorf6 -troisdorf7 - -[freifunk_sn_l2tp:children] -troisdorf4 -troisdorf5 -troisdorf6 -troisdorf7 - -[freifunk_sn:vars] -ansible_ssh_port=22 -ansible_ssh_user=root -sn_mtu=1312 -sn_l2tp_tb_port=53842 -sn_l2tp_tb_backup_port=53840 -sn_fqdn=freifunk-troisdorf.de -static_dhcp_repo=https://github.com/Freifunk-Troisdorf/static-dhcp.git -root_password_file=/home/localadmin/root_pwd.yml -slack_token_file=/home/localadmin/slack_token.yml - -[troisdorf4] -4.freifunk-troisdorf.de - -[troisdorf4:vars] -sn_number=4 -sn_hostname=troisdorf4 -sn_dhcp_range=10.188.8.0 10.188.15.254 -sn_mesh_IPv6=2a03:2260:121:4000::4 -sn_mesh_IPv6_net=2a03:2260:121:4000::/64 -sn_mesh_IPv6_xfer=2a03:2260:121:4000::2 -sn_mesh_IPv4=10.188.0.4 -sn_mesh_IPv4_brcast=10.188.31.255 -sn_mesh_IPv4_net=10.188.0.0 -sn_mesh_IPv4_xfer=10.188.0.2 -sn_mesh_MAC=a2:8c:ae:6f:f6:04 -ul_mesh_MAC=a2:8c:ae:6f:f6:40 -sn_ffrl_IPv4=185.66.193.104 -sn_exit=1 -sn_interface_name=eth0 -yanic_domain=tdf - - -[troisdorf5] -5.fftdf.de - -[troisdorf5:vars] -sn_number=5 -sn_hostname=troisdorf5 -sn_dhcp_range=10.188.40.0 10.188.47.255 -sn_mesh_IPv6=2a03:2260:121:5000::5 -sn_mesh_IPv6_net=2a03:2260:121:5000::/64 -sn_mesh_IPv6_xfer=2a03:2260:121:5000::2 -sn_mesh_IPv4=10.188.32.5 -sn_mesh_IPv4_brcast=10.188.63.255 -sn_mesh_IPv4_net=10.188.32.0 -sn_mesh_IPv4_xfer=10.188.32.2 -sn_mesh_MAC=a2:8c:ae:6f:f6:05 -ul_mesh_MAC=a2:8c:ae:6f:f6:50 -sn_ffrl_IPv4=185.66.193.105 -sn_exit=1 -sn_interface_name=eth0 -yanic_domain=inn - -[troisdorf6] -6.fftdf.de - -[troisdorf6:vars] -sn_number=6 -sn_hostname=troisdorf6 -sn_dhcp_range=10.188.72.0 10.188.79.255 -sn_mesh_IPv6=2a03:2260:121:6000::6 -sn_mesh_IPv6_net=2a03:2260:121:6000::/64 -sn_mesh_IPv6_xfer=2a03:2260:121:6000::2 -sn_mesh_IPv4=10.188.64.6 -sn_mesh_IPv4_brcast=10.188.95.255 -sn_mesh_IPv4_net=10.188.64.0 -sn_mesh_IPv4_xfer=10.188.64.2 -sn_mesh_MAC=a2:8c:ae:6f:f6:06 -ul_mesh_MAC=a2:8c:ae:6f:f6:60 -sn_ffrl_IPv4=185.66.193.106 -sn_exit=1 -sn_interface_name=eth0 -yanic_domain=flu - -[troisdorf7] -7.fftdf.de - -[troisdorf7:vars] -sn_number=7 -sn_hostname=troisdorf7 -sn_dhcp_range=10.188.104.0 10.188.111.255 -sn_mesh_IPv6=2a03:2260:121:7000::7 -sn_mesh_IPv6_net=2a03:2260:121:7000::/64 -sn_mesh_IPv6_xfer=2a03:2260:121:7000::2 -sn_mesh_IPv4=10.188.96.7 -sn_mesh_IPv4_brcast=10.188.127.255 -sn_mesh_IPv4_net=10.188.96.0 -sn_mesh_IPv4_xfer=10.188.96.2 -sn_mesh_MAC=a2:8c:ae:6f:f6:07 -ul_mesh_MAC=a2:8c:ae:6f:f6:70 -sn_ffrl_IPv4=185.66.193.107 -sn_local_exit=1 -sn_interface_name=ens18 -yanic_domain=evt diff --git a/files/interfaces-troisdorf4.j2 b/files/interfaces-troisdorf4.j2 deleted file mode 100644 index c1c7fea..0000000 --- a/files/interfaces-troisdorf4.j2 +++ /dev/null @@ -1,142 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -source /etc/network/interfaces.d/* - -# The loopback network interface -auto lo -iface lo inet loopback - up ip address add 185.66.193.104/32 dev lo - -iface lo inet6 loopback - up ip address add 2a03:2260:121:4000::105/52 dev lo - - -# The primary network interface -allow-hotplug {{ sn_interface_name }} -iface {{ sn_interface_name }} inet static - address 46.4.156.114 - netmask 255.255.255.255 - gateway 163.172.210.1 - pointopoint 163.172.210.1 - post-up iptables -P OUTPUT ACCEPT - post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP - post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP - post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP - post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP - post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE -auto 6to4 - iface 6to4 inet6 6to4 - local 46.4.156.114 - -# GRE Tunnel zum Rheinland Backbone -# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen - -# Berlin Router A -auto gre-bb-a.ak.ber -iface gre-bb-a.ak.ber inet static - address 100.64.6.13 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.0 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 - post-down ip tunnel del $IFACE - -iface gre-bb-a.ak.ber inet6 static - address 2a03:2260:0:306::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - -# Berlin Router B -auto gre-bb-b.ak.ber -iface gre-bb-b.ak.ber inet static - address 100.64.6.19 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.1 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 - post-down ip tunnel del $IFACE - -iface gre-bb-b.ak.ber inet6 static - address 2a03:2260:0:309::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - - -# Duesseldorf Router A -auto gre-bb-a.ix.dus -iface gre-bb-a.ix.dus inet static - address 100.64.6.17 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.0 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 - post-down ip tunnel del $IFACE - -iface gre-bb-a.ix.dus inet6 static - address 2a03:2260:0:308::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - - -# Duesseldorf Router B -auto gre-bb-b.ix.dus -iface gre-bb-b.ix.dus inet static - address 100.64.6.23 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.1 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 - post-down ip tunnel del $IFACE - -iface gre-bb-b.ix.dus inet6 static - address 2a03:2260:0:30b::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - -# Frankfurt Router A -auto gre-bb-a.fra3.f -iface gre-bb-a.fra3.f inet static - address 100.64.6.15 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.0 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 - post-down ip tunnel del $IFACE - -iface gre-bb-a.fra3.f inet6 static - address 2a03:2260:0:307::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - - -# Frankfurt Router B -auto gre-bb-b.fra3.f -iface gre-bb-b.fra3.f inet static - address 100.64.6.21 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.1 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 - post-down ip tunnel del $IFACE - -iface gre-bb-b.fra3.f inet6 static - address 2a03:2260:0:30a::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 diff --git a/files/interfaces-troisdorf5.j2 b/files/interfaces-troisdorf5.j2 deleted file mode 100644 index 97cd91f..0000000 --- a/files/interfaces-troisdorf5.j2 +++ /dev/null @@ -1,106 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -source /etc/network/interfaces.d/* - -# The loopback network interface -auto lo -iface lo inet loopback - up ip address add 185.66.193.105/32 dev lo - -iface lo inet6 loopback - up ip address add 2a03:2260:121:5000::105/52 dev lo - - -# The primary network interface -allow-hotplug {{ sn_interface_name }} -iface {{ sn_interface_name }} inet static - address 46.4.156.115 - netmask 255.255.255.240 - gateway 46.4.156.113 - post-up iptables -P OUTPUT ACCEPT - post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP - post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP - post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP - post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP - post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE -auto 6to4 - iface 6to4 inet6 6to4 - local 46.4.156.115 - -# GRE Tunnel zum Rheinland Backbone -# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen - -# Berlin Router A -auto gre-bb-a.ak.ber -iface gre-bb-a.ak.ber inet static - address 100.64.2.151 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.195.0 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 - post-down ip tunnel del $IFACE - -iface gre-bb-a.ak.ber inet6 static - address 2a03:2260:0:155::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - -# Berlin Router B -auto gre-bb-b.ak.ber -iface gre-bb-b.ak.ber inet static - address 100.64.2.153 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.195.1 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 - post-down ip tunnel del $IFACE - -iface gre-bb-b.ak.ber inet6 static - address 2a03:2260:0:156::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - - -# Duesseldorf Router A -auto gre-bb-a.ix.dus -iface gre-bb-a.ix.dus inet static - address 100.64.2.155 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.193.0 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 - post-down ip tunnel del $IFACE - -iface gre-bb-a.ix.dus inet6 static - address 2a03:2260:0:157::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - - -# Duesseldorf Router B -auto gre-bb-b.ix.dus -iface gre-bb-b.ix.dus inet static - address 100.64.2.157 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.115 remote 185.66.193.1 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 - post-down ip tunnel del $IFACE - -iface gre-bb-b.ix.dus inet6 static - address 2a03:2260:0:158::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 diff --git a/files/interfaces-troisdorf6.j2 b/files/interfaces-troisdorf6.j2 deleted file mode 100644 index 6e376f3..0000000 --- a/files/interfaces-troisdorf6.j2 +++ /dev/null @@ -1,110 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -source /etc/network/interfaces.d/* - -# The loopback network interface -auto lo -iface lo inet loopback - up ip address add 185.66.193.106/32 dev lo - -iface lo inet6 loopback - up ip address add 2a03:2260:121:6000::105/52 dev lo - - -# The primary network interface -allow-hotplug {{ sn_interface_name }} -iface {{ sn_interface_name }} inet static - address 46.4.156.116 - netmask 255.255.255.255 - gateway 163.172.210.1 - pointopoint 163.172.210.1 - post-up iptables -P OUTPUT ACCEPT - post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP - post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP - post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP - post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP - post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE - -auto 6to4 - iface 6to4 inet6 6to4 - local 46.4.156.116 - post-up ip6tables -P OUTPUT ACCEPT - post-up ip6tables -A OUTPUT -o $IFACE -d fc00::/7 -j DROP - -# GRE Tunnel zum Rheinland Backbone -# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen - -# Berlin Router A -auto gre-bb-a.ak.ber -iface gre-bb-a.ak.ber inet static - address 100.64.2.159 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.195.0 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 - post-down ip tunnel del $IFACE - -iface gre-bb-a.ak.ber inet6 static - address 2a03:2260:0:159::2/64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - netmask 64 - -# Berlin Router B -auto gre-bb-b.ak.ber -iface gre-bb-b.ak.ber inet static - address 100.64.2.161 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.195.1 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 - post-down ip tunnel del $IFACE - -iface gre-bb-b.ak.ber inet6 static - address 2a03:2260:0:15a::2/64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - netmask 64 - - -# Duesseldorf Router A -auto gre-bb-a.ix.dus -iface gre-bb-a.ix.dus inet static - address 100.64.2.163 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.193.0 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 - post-down ip tunnel del $IFACE - -iface gre-bb-a.ix.dus inet6 static - address 2a03:2260:0:15b::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - - -# Duesseldorf Router B -auto gre-bb-b.ix.dus -iface gre-bb-b.ix.dus inet static - address 100.64.2.165 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 46.4.156.116 remote 185.66.193.1 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 - post-down ip tunnel del $IFACE - -iface gre-bb-b.ix.dus inet6 static - address 2a03:2260:0:15c::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 diff --git a/files/interfaces-troisdorf7.j2 b/files/interfaces-troisdorf7.j2 deleted file mode 100644 index 3b69f38..0000000 --- a/files/interfaces-troisdorf7.j2 +++ /dev/null @@ -1,141 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -source /etc/network/interfaces.d/* - -# The loopback network interface -auto lo -iface lo inet loopback - up ip address add 185.66.193.107/32 dev lo - -iface lo inet6 loopback - up ip address add 2a03:2260:121:7000::107/52 dev lo - - -# The primary network interface -allow-hotplug {{ sn_interface_name }} -iface {{ sn_interface_name }} inet static - address 93.241.53.100 - netmask 255.255.255.0 - gateway 93.241.53.1 - post-up iptables -P OUTPUT ACCEPT - post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP - post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP - post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP - post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP - post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP - post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE -#auto 6to4 -# iface 6to4 inet6 6to4 -# local 93.241.53.100 - -# GRE Tunnel zum Rheinland Backbone -# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen - -# Berlin Router A -auto gre-bb-a.ak.ber -iface gre-bb-a.ak.ber inet static - address 100.64.6.25 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 93.241.53.100 remote 185.66.195.0 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 - post-down ip tunnel del $IFACE - -iface gre-bb-a.ak.ber inet6 static - address 2a03:2260:0:30c::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - -# Berlin Router B -auto gre-bb-b.ak.ber -iface gre-bb-b.ak.ber inet static - address 100.64.6.31 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 93.241.53.100 remote 185.66.195.1 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 - post-down ip tunnel del $IFACE - -iface gre-bb-b.ak.ber inet6 static - address 2a03:2260:0:30f::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - - -# Duesseldorf Router A -auto gre-bb-a.ix.dus -iface gre-bb-a.ix.dus inet static - address 100.64.6.29 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 93.241.53.100 remote 185.66.193.0 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 - post-down ip tunnel del $IFACE - -iface gre-bb-a.ix.dus inet6 static - address 2a03:2260:0:30e::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - - -# Duesseldorf Router B -auto gre-bb-b.ix.dus -iface gre-bb-b.ix.dus inet static - address 100.64.6.35 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 93.241.53.100 remote 185.66.193.1 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 - post-down ip tunnel del $IFACE - -iface gre-bb-b.ix.dus inet6 static - address 2a03:2260:0:311::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - -# Frankfurt Router A -auto gre-bb-a.fra3.f -iface gre-bb-a.fra3.f inet static - address 100.64.6.27 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 93.241.53.100 remote 185.66.194.0 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 - post-down ip tunnel del $IFACE - -iface gre-bb-a.fra3.f inet6 static - address 2a03:2260:0:30d::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - - -# Frankfurt Router B -auto gre-bb-b.fra3.f -iface gre-bb-b.fra3.f inet static - address 100.64.6.33 - netmask 255.255.255.254 - pre-up ip tunnel add $IFACE mode gre local 93.241.53.100 remote 185.66.194.1 ttl 255 - post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 - post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 - post-up ip link set $IFACE mtu 1400 - post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 - post-down ip tunnel del $IFACE - -iface gre-bb-b.fra3.f inet6 static - address 2a03:2260:0:310::2/64 - netmask 64 - post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 diff --git a/files/l2tp_backbone.sh.exit.j2 b/files/l2tp_backbone.sh.exit.j2 deleted file mode 100644 index 225743d..0000000 --- a/files/l2tp_backbone.sh.exit.j2 +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# Version 9 -sleep 60 -batctl=/usr/local/sbin/batctl -ip=/sbin/ip -communitymacaddress="{{ communitymac }}" -localserver=$(/bin/hostname) -communityname={{ communityname }} - -# Rest Starten -$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 -$ip link set up dev bat0 -$ip addr add {{ sn_mesh_IPv4 }}/19 broadcast {{ sn_mesh_IPv4_brcast }} dev bat0 -$ip -6 addr add {{ sn_mesh_IPv6 }}/64 dev bat0 -$ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }} table 42 -$ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }} - -$ip -6 route add 2a03:2260:121:4000::/52 via {{ sn_mesh_IPv6_xfer }} table 42 -$ip -6 route add 2a03:2260:121:5000::/52 via {{ sn_mesh_IPv6_xfer }} table 42 -$ip -6 route add 2a03:2260:121:6000::/52 via {{ sn_mesh_IPv6_xfer }} table 42 -$ip -6 route add 2a03:2260:121:7000::/52 via {{ sn_mesh_IPv6_xfer }} table 42 - -/usr/bin/killall batadv-vis -/bin/sleep 15 -$batadv -i bat0 -s > /dev/null 2>&1 & -/bin/sleep 15 -/usr/sbin/service tunneldigger restart -/usr/sbin/service bind9 restart -/usr/sbin/service bird restart -/usr/sbin/service bird6 restart -/usr/sbin/service isc-dhcp-server restart -/usr/sbin/service radvd restart -$batctl gw server 100Mbit/100Mbit - diff --git a/files/l2tp_broker.cfg b/files/l2tp_broker.cfg deleted file mode 100644 index d38104e..0000000 --- a/files/l2tp_broker.cfg +++ /dev/null @@ -1,63 +0,0 @@ -[broker] -; IP address the broker will listen and accept tunnels on -address={{ ansible_default_ipv4.address }} -; Ports where the broker will listen on -port={{ sn_l2tp_tb_port }} -; Interface with that IP address -interface={{ sn_interface_name }} -; Maximum number of cached cookies, required for establishing a -; session with the broker -max_cookies=1024 -; Maximum number of tunnels that will be allowed by the broker -max_tunnels=150 -; Tunnel port base -port_base=15000 -; Tunnel id base -tunnel_id_base=100 -; Tunnel timeout interval in seconds -tunnel_timeout=60 -; Should PMTU discovery be enabled -pmtu_discovery=false -; Namespace (for running multiple brokers); note that you must also -; configure disjunct ports, and tunnel identifiers in order for -; namespacing to work -namespace={{ communityname }} - -; Reject connections if there are less than N seconds since the last connection. -; Can be less than a second (e.g., 0.1). -connection_rate_limit=2 - -; Set PMTU to a fixed value. Use 0 for automatic PMTU discovery. A non-0 value also disables -; PMTU discovery on the client side, by having the server not respond to client-side PMTU -; discovery probes. -pmtu=0 - -; The batman device of this Hood (e.g. bat2) -batdev=bat0 - -[log] -; Log filename -filename=/var/log/tunneldigger-broker.log -; Verbosity -verbosity=DEBUG -; Should IP addresses be logged or not -log_ip_addresses=false - -[hooks] -; Arguments to the session.{up,pre-down,down} hooks are as follows: -; -; -; -; Arguments to the session.mtu-changed hook are as follows: -; -; -; - -; Called after the tunnel interface goes up -session.up=/srv/tunneldigger/bataddif.sh -; Called just before the tunnel interface goes down -session.pre-down=/srv/tunneldigger/batdelif.sh -; Called after the tunnel interface goes down -session.down= -; Called after the tunnel MTU gets changed because of PMTU discovery -session.mtu-changed= diff --git a/files/logrotate.conf b/files/logrotate.conf deleted file mode 100644 index c9c8d2a..0000000 --- a/files/logrotate.conf +++ /dev/null @@ -1,34 +0,0 @@ -# see "man logrotate" for details -# rotate log files weekly -#weekly -daily - -# keep 4 weeks worth of backlogs -#rotate 4 -rotate 1 - -# create new (empty) log files after rotating old ones -create - -# uncomment this if you want your log files compressed -#compress - -# packages drop log rotation information into this directory -include /etc/logrotate.d - -# no packages own wtmp, or btmp -- we'll rotate them here -/var/log/wtmp { - missingok - monthly - create 0664 root utmp - rotate 1 -} - -/var/log/btmp { - missingok - monthly - create 0660 root utmp - rotate 1 -} - -# system-specific logs may be configured here diff --git a/files/named.conf.local b/files/named.conf.local deleted file mode 100644 index 09a1335..0000000 --- a/files/named.conf.local +++ /dev/null @@ -1,10 +0,0 @@ -// -// Do any local configuration here -// - -// Consider adding the 1918 zones here, if they are not used in your -// organization -//include "/etc/bind/zones.rfc1918"; - -// Include Freifunk (ff) zones -include "/etc/bind/ff/ff.conf"; diff --git a/files/named.conf.options.j2 b/files/named.conf.options.j2 deleted file mode 100644 index 8eeaa13..0000000 --- a/files/named.conf.options.j2 +++ /dev/null @@ -1,26 +0,0 @@ -options { - directory "/var/cache/bind"; - - // If there is a firewall between you and nameservers you want - // to talk to, you may need to fix the firewall to allow multiple - // ports to talk. See http://www.kb.cert.org/vuls/id/800113 - - // If your ISP provided one or more IP addresses for stable - // nameservers, you probably want to use them as forwarders. - // Uncomment the following block, and insert the addresses replacing - // the all-0's placeholder. - - // forwarders { - // 0.0.0.0; - // }; - - //======================================================================== - // If BIND logs error messages about the root key being expired, - // you will need to update your keys. See https://www.isc.org/bind-keys - //======================================================================== - dnssec-validation auto; - - auth-nxdomain no; # conform to RFC1035 - listen-on { {{ sn_mesh_IPv4 }}; }; - listen-on-v6 { {{ sn_mesh_IPv6 }}; }; -}; diff --git a/files/radvd.conf.j2 b/files/radvd.conf.j2 deleted file mode 100644 index 10737a0..0000000 --- a/files/radvd.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -interface bat0 { - AdvSendAdvert on; - IgnoreIfMissing on; - MaxRtrAdvInterval 200; - RDNSS {{ sn_mesh_IPv6 }} {}; - prefix {{ sn_mesh_IPv6_net }} { - AdvOnLink on; - AdvAutonomous on; - AdvRouterAddr on; - }; -}; - diff --git a/files/root_pwd.yml.example b/files/root_pwd.yml.example deleted file mode 100644 index f7fc8a5..0000000 --- a/files/root_pwd.yml.example +++ /dev/null @@ -1 +0,0 @@ -sn_rootpasswd: xyz diff --git a/files/slack_token.yml.example b/files/slack_token.yml.example deleted file mode 100644 index 06980a3..0000000 --- a/files/slack_token.yml.example +++ /dev/null @@ -1 +0,0 @@ -slack_token: "XYZ" diff --git a/files/slacktee.conf.j2 b/files/slacktee.conf.j2 deleted file mode 100644 index 375e2ac..0000000 --- a/files/slacktee.conf.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# ---------- -# Configuration -# Describes the Incoming Webhook allowing you to post messages into Slack. -# After the configuration, copy this file to /etc or your home directory. -# NOTE : Please rename this file to '.slacktee', if you'd like to place this in your home directory. -# ---------- -webhook_url="https://hooks.slack.com/services/{{ slack_token }}" # Incoming Webhooks integration URL. See https://my.slack.com/services/new/incoming-webhook -upload_token="" # The user's API authentication token, only used for file uploads. See https://api.slack.com/#auth -channel="technik" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'. -tmp_dir="/tmp" # Temporary file is created in this directory. -username="slacktee" # Default username to post messages. -icon="ghost" # Default emoji or a direct url to an image to post messages. You don't have to wrap emoji with ':'. See http://www.emoji-cheat-sheet.com. -attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used. diff --git a/files/slacktee.sh b/files/slacktee.sh deleted file mode 100644 index bb71a90..0000000 --- a/files/slacktee.sh +++ /dev/null @@ -1,605 +0,0 @@ -#!/usr/bin/env bash - -# ---------- -# Default Configuration -# ---------- -webhook_url="" # Incoming Webhooks integration URL -upload_token="" # The user's API authentication token, only used for file uploads -channel="general" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'. -tmp_dir="/tmp" # Temporary file is created in this directory. -username="slacktee" # Default username to post messages. -icon="ghost" # Default emoji to post messages. Don't wrap it with ':'. See http://www.emoji-cheat-sheet.com; can be a url too. -attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used. - -# ---------- -# Initialization -# ---------- -me=$(basename "$0") -title="" -mode="buffering" -link="" -textWrapper="\`\`\`" -parseMode="" -fields=() -# Since bash 3 doesn't support the associative array, we store colors and patterns separately -cond_color_colors=() -cond_color_patterns=() -found_pattern_color="" -# This color is used when 'attachment' is used without color specification -internal_default_color="#C0C0C0" - -# Since bash 3 doesn't support the associative array, we store prefixes and patterns separately -cond_prefix_prefixes=() -cond_prefix_patterns=() -found_title_prefix="" - -function show_help() -{ - echo "usage: $me [options]" - echo " options:" - echo " -h, --help Show this help." - echo " -n, --no-buffering Post input values without buffering." - echo " -f, --file Post input values as a file." - echo " -l, --link Add a URL link to the message." - echo " -c, --channel channel_name Post input values to specified channel or user." - echo " -u, --username user_name This username is used for posting." - echo " -i, --icon emoji_name|url This icon is used for posting. You can use a word" - echo " from http://www.emoji-cheat-sheet.com or a direct url to an image." - echo " -t, --title title_string This title is added to posts." - echo " -m, --message-formatting format Switch message formatting (none|link_names|full)." - echo " See https://api.slack.com/docs/formatting for more details." - echo " -p, --plain-text Don't surround the post with triple backticks." - echo " -a, --attachment [color] Use attachment (richly-formatted message)" - echo " Color can be 'good','warning','danger' or any hex color code (eg. #439FE0)" - echo " See https://api.slack.com/docs/attachments for more details." - echo " -e, --field title value Add a field to the attachment. You can specify this multiple times." - echo " -s, --short-field title value Add a short field to the attachment. You can specify this multiple times." - echo " -o, --cond-color color pattern Change the attachment color if the specified Regex pattern matches the input." - echo " You can specify this multile times." - echo " If more than one pattern matches, the latest matched pattern is used." - echo " -d, --cond-prefix prefix pattern This prefix is added to the message, if the specified Regex pattern matches the input." - echo " You can specify this multile times." - echo " If more than one pattern matches, the latest matched pattern is used." - echo " --config config_file Specify the location of the config file." - echo " --setup Setup slacktee interactively." -} - - - -function send_message() -{ - message="$1" - - # Prepend the prefix to the message, if it's set - if [[ -z $attachment && -n $found_pattern_prefix ]]; then - message="$found_pattern_prefix$message" - # Clear conditional prefix for the nest send - found_pattern_prefix="" - fi - - escaped_message=$(echo "$textWrapper\n$message\n$textWrapper" | sed 's/"/\\"/g' | sed "s/'/\\'/g" ) - message_attr="" - if [[ $message != "" ]]; then - if [[ -n $attachment ]]; then - - # Set message color - message_color="$attachment" - if [[ -n $found_pattern_color ]]; then - message_color="$found_pattern_color" - # Reset with the default color for the next send - found_pattern_color="$attachment" - fi - - message_attr="\"attachments\": [{ \"color\": \"$message_color\", \"mrkdwn_in\": [\"text\", \"fields\"], \"text\": \"$escaped_message\" " - - if [[ -n $found_pattern_prefix ]]; then - title="$found_pattern_prefix $title" - # Clear conditional prefix for the nest send - found_pattern_prefix="" - fi - - if [[ -n $title ]]; then - message_attr="$message_attr, \"title\": \"$title\" " - fi - - if [[ -n $link ]]; then - message_attr="$message_attr, \"title_link\": \"$link\" " - fi - - if [[ $mode == "file" ]]; then - fields+=("{\"title\": \"Access URL\", \"value\": \"$access_url\" }") - fields+=("{\"title\": \"Download URL\", \"value\": \"$download_url\"}") - fi - - if [[ ${#fields[@]} != 0 ]]; then - message_attr="$message_attr, \"fields\": [" - for field in "${fields[@]}"; do - message_attr="$message_attr $field," - done - message_attr=${message_attr%?} # Remove last comma - message_attr="$message_attr ]" - fi - - # Close attachment - message_attr="$message_attr }], " - else - message_attr="\"text\": \"$escaped_message\"," - fi - - icon_url="" - icon_emoji="" - if echo "$icon" | grep -q "^https\?://.*"; then - icon_url="$icon" - else - icon_emoji=":$icon:" - fi - - json="{\"channel\": \"$channel\", \"username\": \"$username\", $message_attr \"icon_emoji\": \"$icon_emoji\", \"icon_url\": \"$icon_url\" $parseMode}" - post_result=$(curl -X POST --data-urlencode "payload=$json" "$webhook_url" 2> /dev/null) - exit_code=1 - if [[ $post_result == "ok" ]]; then - exit_code=0 - fi - fi -} - -function process_line() -{ - echo "$1" - line="$(echo "$1" | sed $'s/\t/ /g')" - - # Check the patterns of the conditional colors - # If more than one pattern matches, the latest pattern is used - if [[ ${#cond_color_patterns[@]} != 0 ]]; then - for i in "${!cond_color_patterns[@]}"; do - if [[ $line =~ ${cond_color_patterns[$i]} ]]; then - found_pattern_color=${cond_color_colors[$i]} - fi - done - fi - - # Check the patterns of the conditional titles - # If more than one pattern matches, the latest pattern is used - if [[ ${#cond_prefix_patterns[@]} != 0 ]]; then - for i in "${!cond_prefix_patterns[@]}"; do - if [[ $line =~ ${cond_prefix_patterns[$i]} ]]; then - found_pattern_prefix=${cond_prefix_prefixes[$i]} - if [[ -n $attachment || $mode != "no-buffering" ]]; then - # Append a line break to the prefix for better formatting - found_pattern_prefix="$found_pattern_prefix\n" - else - # Append a space to the prefix for better formatting - found_pattern_prefix="$found_pattern_prefix " - fi - fi - done - fi - - if [[ $mode == "no-buffering" ]]; then - prefix='' - if [[ -z $attachment ]]; then - prefix=$title - fi - send_message "$prefix$line" - elif [[ $mode == "file" ]]; then - echo "$line" >> "$filename" - else - if [[ -z "$text" ]]; then - text="$line" - else - text="$text\n$line" - fi - fi -} - -function setup() -{ - if [[ -z "$HOME" ]]; then - echo "\$HOME is not defined. Please set it first." - exit 1 - fi - - local_conf="$HOME/.slacktee" - - if [[ -e "$local_conf" ]]; then - echo ".slacktee is found in your home directory." - read -p "Are you sure to overwrite it? [y/n] :" choice - case "$choice" in - y|Y ) - # Continue - ;; - * ) - exit 0 # Abort - ;; - esac - fi - - # Load current local config - . $local_conf - - # Start setup - read -p "Incoming Webhook URL [$webhook_url]: " input_webhook_url - if [[ -z "$input_webhook_url" ]]; then - input_webhook_url=$webhook_url - fi - read -p "Upload Token [$upload_token]: " input_upload_token - if [[ -z "$input_upload_token" ]]; then - input_upload_token=$upload_token - fi - read -p "Temporary Directory [$tmp_dir]: " input_tmp_dir - if [[ -z "$input_tmp_dir" ]]; then - input_tmp_dir=$tmp_dir - fi - read -p "Default Channel [$channel]: " input_channel - if [[ -z "$input_channel" ]]; then - input_channel=$channel - fi - read -p "Default Username [$username]: " input_username - if [[ -z "$input_username" ]]; then - input_username=$username - fi - read -p "Default Icon: [$icon]: " input_icon - if [[ -z "$input_icon" ]]; then - input_icon=$icon - fi - read -p "Default color of the attachment. (empty string disables attachment) [$attachment]: " input_attachment - if [[ -z "$input_attachment" ]]; then - input_attachment=$attachment - elif [[ $input_attachment == '""' || $input_attachment == "''" ]]; then - input_attachment="" - fi - - cat <<- EOF | sed 's/^[[:space:]]*//' > "$local_conf" - webhook_url="$input_webhook_url" - upload_token="$input_upload_token" - tmp_dir="$input_tmp_dir" - channel="$input_channel" - username="$input_username" - icon="$input_icon" - attachment="$input_attachment" - EOF -} - -# ---------- -# Parse command line options -# ---------- -OPTIND=1 - -while [[ $# -gt 0 ]]; do - opt="$1" - shift - - case "$opt" in - -h|\?|--help) - show_help - exit 0 - ;; - -n|--no-buffering) - mode="no-buffering" - ;; - -f|--file) - mode="file" - ;; - -l|--link) - link="$1" - shift - ;; - -c|--channel) - opt_channel="$1" - shift - ;; - -u|--username) - opt_username="$1" - shift - ;; - -i|--icon) - opt_icon="$1" - shift - ;; - -t|--title) - title="$1" - shift - ;; - -d|--cond-prefix) - case "$1" in - -*|'') - # Found next command line option or empty. Error. - echo "a prefix of the conditional title was not specified" - show_help - exit 1 - ;; - *) - # Prefix should be found - case "$2" in - -*|'') - # Found next command line option or empty. Error. - echo "a pattern of the conditional title was not specified" - show_help - exit 1 - ;; - *) - # Set the prefix and the pattern to arrays - cond_prefix_prefixes+=("$1") - cond_prefix_patterns+=("$2") - shift - shift - ;; - esac - ;; - esac - ;; - -m|--message-formatting) - case "$1" in - none) - parseMode=', "parse": "none"' - ;; - link_names) - parseMode=', "link_names": "1"' - ;; - full) - parseMode=', "parse": "full"' - ;; - *) - echo "unknown message formatting option" - show_help - exit 1 - ;; - esac - shift - ;; - -p|--plain-text) - textWrapper="" - ;; - - -a|--attachment) - case "$1" in - -*|'') - # Found next command line option - opt_attachment="$internal_default_color" # Use default color - ;; - \#*|good|warning|danger) - # Found hex color code or predefined colors - opt_attachment="$1" - shift - ;; - *) - echo "unknown attachment color" - show_help - exit 1 - ;; - esac - ;; - -o|--cond-color) - case "$1" in - -*|'') - # Found next command line option or empty. Error. - echo "a color of the conditional color was not specified" - show_help - exit 1 - ;; - \#*|good|warning|danger) - # Found hex color code or predefined colors - case "$2" in - -*|'') - # Found next command line option or empty. Error. - echo "a pattern of the conditional color was not specified" - show_help - exit 1 - ;; - *) - # Set the color and the pattern to arrays - cond_color_colors+=("$1") - cond_color_patterns+=("$2") - shift - shift - ;; - esac - ;; - *) - echo "unknown attachment color $1" - show_help - exit 1 - ;; - esac - ;; - -e|-s|--field|--short-field) - case "$1" in - -*|'') - # Found next command line option or empty. Error. - echo "field title was not specified" - show_help - exit 1 - ;; - *) - case "$2" in - -*|'') - # Found next command line option or empty. Error. - echo "field value was not specified" - show_help - exit 1 - ;; - *) - if [[ $opt == "-s" || $opt == "--short-field" ]]; then - fields+=("{\"title\": \"$1\", \"value\": \"$2\", \"short\": true}") - else - fields+=("{\"title\": \"$1\", \"value\": \"$2\"}") - fi - shift - shift - ;; - esac - esac - ;; - --config) - CUSTOM_CONFIG=$1 - shift - ;; - --setup) - setup - exit 1 - ;; - *) - echo "illegal option $opt" - show_help - exit 1 - ;; - esac -done - -# --------- -# Read in our configurations -# --------- -if [[ -e "/etc/slacktee.conf" ]]; then - . /etc/slacktee.conf -fi - -if [[ -n "$HOME" && -e "$HOME/.slacktee" ]]; then - . "$HOME/.slacktee" -fi - -if [[ -e "$CUSTOM_CONFIG" ]]; then - . $CUSTOM_CONFIG -fi - -# Overwrite webhook_url if the environment variable SLACKTEE_WEBHOOK is set -if [[ "$SLACKTEE_WEBHOOK" != "" ]]; then - webhook_url="$SLACKTEE_WEBHOOK" -fi - -# Overwrite upload_token if the environment variable SLACKTEE_TOKEN is set -if [[ "$SLACKTEE_TOKEN" != "" ]]; then - upload_token="$SLACKTEE_TOKEN" -fi - -# Overwrite channel if it's specified in the command line option -if [[ "$opt_channel" != "" ]]; then - channel="$opt_channel" -fi - -# Overwrite username if it's specified in the command line option -if [[ "$opt_username" != "" ]]; then - username="$opt_username" -fi - -# Overwrite icon if it's specified in the command line option -if [[ "$opt_icon" != "" ]]; then - icon="$opt_icon" -fi - -# Overwrite attachment if it's specified in the command line option -if [[ "$opt_attachment" != "" ]]; then - attachment="$opt_attachment" -fi - -# Set the default color to attachment if it's still empty and the length of the cond_color_patterns is not 0 -if [[ -z $attachment ]] && [[ ${#cond_color_patterns[@]} != 0 ]]; then - attachment="$internal_default_color" -fi - -# ---------- -# Validate configurations -# ---------- - -if [[ $webhook_url == "" ]]; then - echo "Please setup the webhook url of this incoming webhook integration." - exit 1 -fi - -if [[ $upload_token == "" && $mode == "file" ]]; then - echo "Please provide the authentication token for file uploads." - exit 1 -fi - -if [[ $channel == "" ]]; then - echo "Please specify a channel." - exit 1 -elif [[ ( "$channel" != "#"* ) && ( "$channel" != "@"* ) ]]; then - channel="#$channel" -fi - -if [[ -n "$icon" ]]; then - icon=${icon#:} # remove leading ':' - icon=${icon%:} # remove trailing ':' -fi - -# ---------- -# Start script -# ---------- - -text="" -if [[ -n "$title" || -n "$link" ]]; then - # Use link as title, if title is not specified - if [[ -z "$title" ]]; then - title="$link" - fi - - # Add title to filename in the file mode - if [[ "$mode" == "file" ]]; then - filetitle=$(echo "$title"|sed 's/[ /:.]//g') - filetitle="$filetitle-" - fi - - if [[ -z "$attachment" ]]; then - if [[ "$mode" == "no-buffering" ]]; then - if [[ -n "$link" ]]; then - title="<$link|$title>: " - else - title="$title: " - fi - elif [[ "$mode" == "file" ]]; then - if [[ -n "$link" ]]; then - title="<$link|$title>" - fi - else - if [[ -n "$link" ]]; then - text="-- <$link|$title> --\n" - else - text="-- $title --\n" - fi - fi - fi -fi - -timestamp="$(date +'%m%d%Y-%H%M%S')" -filename="$tmp_dir/$filetitle$$-$timestamp.log" - -if [[ "$mode" == "file" ]]; then - touch $filename -fi - -exit_code=0 - -while IFS='' read line; do - process_line "$line" -done -if [[ -n $line ]]; then - process_line "$line" -fi - -if [[ "$mode" == "buffering" ]]; then - send_message "$text" -elif [[ "$mode" == "file" ]]; then - if [[ -s "$filename" ]]; then - channels_param="" - if [[ ( "$channel" == "#"* ) ]]; then - # Set channels for making the file public - channels_param="-F channels=$channel" - fi - result="$(curl -F file=@"$filename" -F token="$upload_token" $channels_param https://slack.com/api/files.upload 2> /dev/null)" - access_url="$(echo "$result" | awk 'match($0, /url_private":"([^"]*)"/) {print substr($0, RSTART+14, RLENGTH-15)}'|sed 's/\\//g')" - download_url="$(echo "$result" | awk 'match($0, /url_private_download":"([^"]*)"/) {print substr($0, RSTART+23, RLENGTH-24)}'|sed 's/\\//g')" - if [[ -n "$attachment" ]]; then - text="Input file has been uploaded" - else - if [[ "$title" != "" ]]; then - title=" of $title" - fi - text="Input file$title has been uploaded.\n$access_url\n\nYou can download it from the link below.\n$download_url" - fi - send_message "$text" - fi - # Clean up the temp file - rm "$filename" -fi - -exit $exit_code \ No newline at end of file diff --git a/files/sn_startup.exit.sh.j2 b/files/sn_startup.exit.sh.j2 deleted file mode 100644 index 040bc3c..0000000 --- a/files/sn_startup.exit.sh.j2 +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh -# Version 1.91 - -sleep 5 - -curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} - -# Activate IP forwarding -/sbin/sysctl -w net.ipv6.conf.all.forwarding=1 -/sbin/sysctl -w net.ipv4.ip_forward=1 - -# restart when kernel panic -/sbin/sysctl kernel.panic=1 - -# Routing table 42 -/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables - -# Set table for traffice with mark 4 -/bin/ip rule add fwmark 0x4 table 42 -/bin/ip -6 rule add fwmark 0x4 table 42 - -# Set mark 4 to Freifunk traffic -/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 -/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4 - -# All from FF IPv4 via routing table 42 -/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42 -/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42 - -# Allow MAC address spoofing -/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 - -# Create Tunneldigger Bridge -/sbin/brctl addbr br-nodes -/sbin/ip link set dev br-nodes up address 2E:9D:FA:A1:6B:0{{ sn_number }} -/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP -/usr/local/sbin/batctl if add br-nodes - -/bin/sleep 90 -/bin/systemctl restart radvd -/bin/sleep 2 -/bin/systemctl retsrat tunneldigger -/bin/sleep 2 -/bin/systemctl restart bird -/bin/sleep 2 -/bin/systemctl restart bird6 -/bin/sleep 2 -/bin/systemctl restart respondd -/bin/sleep 2 -/bin/systemctl stop isc-dhcp-server -/bin/sleep 2 -/usr/bin/killall dhcpd -/bin/sleep 2 -/bin/rm /var/run/dhcpd.pid -/bin/sleep 2 -/bin/systemctl start isc-dhcp-server -exit 0 - diff --git a/files/sn_startup.local.exit.sh.j2 b/files/sn_startup.local.exit.sh.j2 deleted file mode 100644 index 7ea1f2d..0000000 --- a/files/sn_startup.local.exit.sh.j2 +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh -# Version 1.91 - -sleep 5 - -curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} - -# Activate IP forwarding -/sbin/sysctl -w net.ipv6.conf.all.forwarding=1 -/sbin/sysctl -w net.ipv4.ip_forward=1 - -# restart when kernel panic -/sbin/sysctl kernel.panic=1 - -# Routing table 42 -/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables - -# Set table for traffice with mark 4 -/bin/ip rule add fwmark 0x4 table 42 -/bin/ip -6 rule add fwmark 0x4 table 42 - -# Set mark 4 to Freifunk traffic -#/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 -#/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4 - -# All from FF IPv4 via routing table 42 -#/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42 -#/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42 - -# Allow MAC address spoofing -/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 - -# Create Tunneldigger Bridge -/sbin/brctl addbr br-nodes -/sbin/ip link set dev br-nodes up address 2E:9D:FA:A1:6B:0{{ sn_number }} -/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP -/usr/local/sbin/batctl if add br-nodes - -/bin/sleep 90 -/bin/systemctl restart radvd -/bin/sleep 2 -/bin/systemctl retsrat tunneldigger -/bin/sleep 2 -/bin/systemctl restart bird -/bin/sleep 2 -/bin/systemctl restart bird6 -/bin/sleep 2 -/bin/systemctl restart respondd -/bin/sleep 2 -/bin/systemctl stop isc-dhcp-server -/bin/sleep 2 -/usr/bin/killall dhcpd -/bin/sleep 2 -/bin/rm /var/run/dhcpd.pid -/bin/sleep 2 -/bin/systemctl start isc-dhcp-server -exit 0 diff --git a/files/start-broker.sh b/files/start-broker.sh deleted file mode 100644 index 86c0837..0000000 --- a/files/start-broker.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -WDIR=/srv/tunneldigger/env_tunneldigger -VIRTUALENV_DIR=/srv/tunneldigger/env_tunneldigger - -cd $WDIR -source $VIRTUALENV_DIR/bin/activate - -$VIRTUALENV_DIR/bin/python -m tunneldigger_broker.main ../l2tp_broker.cfg -#bin/python broker/l2tp_broker.py ../l2tp_broker.cfg - diff --git a/files/tunneldigger.service b/files/tunneldigger.service deleted file mode 100644 index e6ec88a..0000000 --- a/files/tunneldigger.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description = Start tunneldigger L2TPv3 broker -After = network.target - -[Service] -ExecStart = /srv/tunneldigger/start-broker.sh - -[Install] -WantedBy = multi-user.target diff --git a/files/yanic.conf.j2 b/files/yanic.conf.j2 deleted file mode 100644 index 2ca74e3..0000000 --- a/files/yanic.conf.j2 +++ /dev/null @@ -1,199 +0,0 @@ -# This is the config file for Yanic written in "Tom's Obvious, Minimal Language." -# syntax: https://github.com/toml-lang/toml -# (if you need somethink multiple times, checkout out the [[array of table]] section) - -# Send respondd request to update information -[respondd] -enable = true -# Delay startup until a multiple of the period since zero time -synchronize = "1m" -# how often request per multicast -collect_interval = "1m" - -[[respondd.interfaces]] -# name of interface on which this collector is running -ifname = "bat0" -# ip address which is used for sending -# (optional - without definition used a address of ifname - prefered link local) -#ip_address = "fd2f:5119:f2d::5" -# disable sending multicast respondd request -# (for receiving only respondd packages e.g. database respondd) -#send_no_request = false -# multicast address to destination of respondd -# (optional - without definition used default ff05::2:1001) -#multicast_address = "ff02::2:1001" -# define a port to listen -# if not set or set to 0 the kernel will use a random free port at its own -#port = 10001 - -# A little build-in webserver, which statically serves a directory. -# This is useful for testing purposes or for a little standalone installation. -[webserver] -enable = true -bind = "0.0.0.0:80" -webroot = "/opt/freifunk/yanic/" - - -[nodes] -# Cache file -# a json file to cache all data collected directly from respondd -state_path = "/var/lib/yanic/state.json" -# prune data in RAM, cache-file and output json files (i.e. nodes.json) -# that were inactive for longer than -prune_after = "7d" -# Export nodes and graph periodically -save_interval = "5s" -# Set node to offline if not seen within this period -offline_after = "10m" - - -## [[nodes.output.example]] -# Each output format has its own config block and needs to be enabled by adding: -#enable = true -# -# For each output format there can be set different filters -#[nodes.output.example.filter] -# -# WARNING: if it is not set, it will publish contact information of other persons -# Set to true, if you did not want the json files to contain the owner information -#no_owner = true -# -# List of nodeids of nodes that should be filtered out, so they won't appear in output -#blacklist = ["00112233445566", "1337f0badead"] -# -# List of site_codes of nodes that should be included in the output -#sites = ["ffhb"] -# -# set has_location to true if you want to include only nodes that have geo-coordinates set -# (setting this to false has no sensible effect, unless you'd want to hide nodes that have coordinates) -#has_location = true - - -#[respondd.sites.fftdf] -#domains = ["tdf-tdf"] - -#[nodes.output.meshviewer-ffrgb.filter] -#no_owner = true -#blacklist = [] -#sites = ["flu","tdf","inn"] - - - - -#[nodes.output.example.filter.in_area] -# nodes outside this area are not shown on the map but are still listed as a node without coordinates -#latitude_min = 34.30 -#latitude_max = 71.85 -#longitude_min = -24.96 -#longitude_max = 39.72 - - -# definition for the new more compressed meshviewer.json -[[nodes.output.meshviewer-ffrgb]] -enable = true -path = "/opt/freifunk/yanic/meshviewer.json" - -[nodes.output.meshviewer-ffrgb.filter] -# WARNING: if it is not set, it will publish contact information of other persons -no_owner = false -#blacklist = ["00112233445566", "1337f0badead"] -#sites = ["ffhb"] -#has_location = true - -#[nodes.output.meshviewer-ffrgb.filter.in_area] -#latitude_min = 34.30 -#latitude_max = 71.85 -#longitude_min = -24.96 -#longitude_max = 39.72 - - -# definition for nodes.json -[[nodes.output.meshviewer]] -enable = true -# The structure version of the output which should be generated (i.e. nodes.json) -# version 1 is accepted by the legacy meshviewer (which is the master branch) -# i.e. https://github.com/ffnord/meshviewer/tree/master -# version 2 is accepted by the new versions of meshviewer (which are in the legacy develop branch or newer) -# i.e. https://github.com/ffnord/meshviewer/tree/dev -# https://github.com/ffrgb/meshviewer/tree/develop -version = 2 -# path where to store nodes.json -nodes_path = "/opt/freifunk/yanic/nodes.json" -# path where to store graph.json -graph_path = "/opt/freifunk/yanic/graph.json" - -[nodes.output.meshviewer.filter] -# WARNING: if it is not set, it will publish contact information of other persons -no_owner = false - - -# definition for nodelist.json -[[nodes.output.nodelist]] -enable = true -path = "/opt/freifunk/yanic/nodelist.json" - -[nodes.output.nodelist.filter] -# WARNING: if it is not set, it will publish contact information of other persons -no_owner = false - - - -[database] -# this will send delete commands to the database to prune data -# which is older than: -delete_after = "7d" -# how often run the cleaning -delete_interval = "1h" - -## [[database.connection.example]] -# Each database-connection has its own config block and needs to be enabled by adding: -#enable = true - -# Save collected data to InfluxDB. -# There are the following measurments: -# node: store node specific data i.e. clients memory, airtime -# global: store global data, i.e. count of clients and nodes -# firmware: store the count of nodes tagged with firmware -# model: store the count of nodes tagged with hardware model -[[database.connection.influxdb]] -enable = true -address = "http://195.201.17.16:8886" -database = "freifunk" -username = "freifunk" -password = "dude1990" - -# Tagging of the data (optional) -[database.connection.influxdb.tags] -# Tags used by Yanic would override the tags from this config -# nodeid, hostname, owner, model, firmware_base, firmware_release,frequency11g and frequency11a are tags which are already used -#tagname1 = "tagvalue 1" -# some useful e.g.: -#system = "productive" -#site = "ffhb" - -# Graphite settings -[[database.connection.graphite]] -enable = false -address = "localhost:2003" -# Graphite is replacing every "." in the metric name with a slash "/" and uses -# that for the file system hierarchy it generates. it is recommended to at least -# move the metrics out of the root namespace (that would be the empty prefix). -# If you only intend to run one community and only freifunk on your graphite node -# then the prefix can be set to anything (including the empty string) since you -# probably wont care much about "polluting" the namespace. -prefix = "freifunk" - -# respondd (yanic) -# forward collected respondd package to a address -# (e.g. to another respondd collector like a central yanic instance or hopglass) -[[database.connection.respondd]] -enable = false -# type of network to create a connection -type = "udp6" -# destination address to connect/send respondd package -address = "stats.bremen.freifunk.net:11001" - -# Logging -[[database.connection.logging]] -enable = false -path = "/var/log/yanic.log" \ No newline at end of file diff --git a/hosts b/hosts deleted file mode 100644 index 8441572..0000000 --- a/hosts +++ /dev/null @@ -1,161 +0,0 @@ -# This is the default ansible 'hosts' file. -# -# It should live in /etc/ansible/hosts -# -# - Comments begin with the '#' character -# - Blank lines are ignored -# - Groups of hosts are delimited by [header] elements -# - You can enter hostnames or ip addresses -# - A hostname/ip can be a member of multiple groups - -# Ex 1: Ungrouped hosts, specify before any group headers. - -#green.example.com -#blue.example.com -#192.168.100.1 -#192.168.100.10 - -# Ex 2: A collection of hosts belonging to the 'webservers' group - -#[webservers] -#alpha.example.org -#beta.example.org -#192.168.1.100 -#192.168.1.110 - -# If you have multiple hosts following a pattern you can specify -# them like this: - -#www[001:006].example.com - -# Ex 3: A collection of database servers in the 'dbservers' group - -#[dbservers] -# -#db01.intranet.mydomain.net -#db02.intranet.mydomain.net -#10.25.1.56 -#10.25.1.57 - -# Here's another example of host ranges, this time there are no -# leading 0s: - -#db-[99:101]-node.example.com - - -[freifunk] -#46.4.138.180 ansible_ssh_port=2222 -#46.4.138.181 ansible_ssh_port=2222 -#46.4.138.182 ansible_ssh_port=2222 -#46.4.138.183 ansible_ssh_port=2222 -#46.4.138.188 ansible_ssh_port=22 -#46.4.138.189 ansible_ssh_port=22 - -[freifunk_sn:children] -troisdorf4 -troisdorf5 -troisdorf6 -troisdorf7 - -#[freifunk_sn_l2tp:children] -#troisdorf4 -#troisdorf5 -#troisdorf6 -#troisdorf7 - -[freifunk_sn:vars] -ansible_ssh_port=22 -ansible_ssh_user=root -sn_mtu=1312 -sn_l2tp_tb_port=53842 -sn_fqdn=freifunk-troisdorf.de -static_dhcp_repo=https://github.com/Freifunk-Troisdorf/static-dhcp.git -root_password_file=/home/localadmin/root_pwd.yml -slack_token_file=/home/localadmin/slack_token.yml -communitymac=a2:8c:ae:6f:f6 -communityname=troisdorf - -[troisdorf4] -4.freifunk-troisdorf.de - -[troisdorf4:vars] -sn_number=4 -sn_hostname=troisdorf4 -sn_dhcp_range=10.188.8.0 10.188.15.254 -sn_mesh_IPv6=2a03:2260:121:4000::4 -sn_mesh_IPv6_net=2a03:2260:121:4000::/64 -sn_mesh_IPv6_xfer=2a03:2260:121:4000::2 -sn_mesh_IPv4=10.188.0.4 -sn_mesh_IPv4_brcast=10.188.31.255 -sn_mesh_IPv4_net=10.188.0.0 -sn_mesh_IPv4_xfer=10.188.0.2 -sn_mesh_MAC=a2:8c:ae:6f:f6:04 -ul_mesh_MAC=a2:8c:ae:6f:f6:40 -sn_ffrl_IPv4=185.66.193.104 -sn_exit=1 -sn_interface_name=eth0 -yanic_domain=tdf - - -[troisdorf5] -5.fftdf.de - -[troisdorf5:vars] -sn_number=5 -sn_hostname=troisdorf5 -sn_dhcp_range=10.188.40.0 10.188.47.255 -sn_mesh_IPv6=2a03:2260:121:5000::5 -sn_mesh_IPv6_net=2a03:2260:121:5000::/64 -sn_mesh_IPv6_xfer=2a03:2260:121:5000::2 -sn_mesh_IPv4=10.188.32.5 -sn_mesh_IPv4_brcast=10.188.63.255 -sn_mesh_IPv4_net=10.188.32.0 -sn_mesh_IPv4_xfer=10.188.32.2 -sn_mesh_MAC=a2:8c:ae:6f:f6:05 -ul_mesh_MAC=a2:8c:ae:6f:f6:50 -sn_ffrl_IPv4=185.66.193.105 -sn_exit=1 -sn_interface_name=eth0 -yanic_domain=inn - -[troisdorf6] -6.fftdf.de - -[troisdorf6:vars] -sn_number=6 -sn_hostname=troisdorf6 -sn_dhcp_range=10.188.72.0 10.188.79.255 -sn_mesh_IPv6=2a03:2260:121:6000::6 -sn_mesh_IPv6_net=2a03:2260:121:6000::/64 -sn_mesh_IPv6_xfer=2a03:2260:121:6000::2 -sn_mesh_IPv4=10.188.64.6 -sn_mesh_IPv4_brcast=10.188.95.255 -sn_mesh_IPv4_net=10.188.64.0 -sn_mesh_IPv4_xfer=10.188.64.2 -sn_mesh_MAC=a2:8c:ae:6f:f6:06 -ul_mesh_MAC=a2:8c:ae:6f:f6:60 -sn_ffrl_IPv4=185.66.193.106 -sn_exit=1 -sn_interface_name=eth0 -yanic_domain=flu - -[troisdorf7] -7.fftdf.de - -[troisdorf7:vars] -sn_number=7 -sn_hostname=troisdorf7 -sn_dhcp_range=10.188.104.0 10.188.111.255 -sn_mesh_IPv6=2a03:2260:121:7000::7 -sn_mesh_IPv6_net=2a03:2260:121:7000::/64 -sn_mesh_IPv6_xfer=2a03:2260:121:7000::2 -sn_mesh_IPv4=10.188.96.7 -sn_mesh_IPv4_brcast=10.188.127.255 -sn_mesh_IPv4_net=10.188.96.0 -sn_mesh_IPv4_xfer=10.188.96.2 -sn_mesh_MAC=a2:8c:ae:6f:f6:07 -ul_mesh_MAC=a2:8c:ae:6f:f6:70 -sn_ffrl_IPv4=185.66.193.107 -sn_local_exit=1 -sn_interface_name=ens18 -yanic_domain=evt diff --git a/install.sn.yml b/install.sn.yml deleted file mode 100644 index f7f6c2d..0000000 --- a/install.sn.yml +++ /dev/null @@ -1,310 +0,0 @@ -# First install ssh-key at remote computer -# In case of python error start: -# ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y" - -- name: Install Freifunk Troisdorf super node - hosts: all - sudo: False - user: root - gather_facts: False - vars: -# Internal verion number - snversion: 2019_v3.1.7 - common_required_packages: - - git - - make - - gcc - - build-essential - - pkg-config - - libgps-dev - - libnl-3-dev - - libjansson-dev - - isc-dhcp-server - - libcap-dev - - iproute - - libnetfilter-conntrack3 - - python-dev - - libevent-dev - - ebtables - - python-virtualenv - - iptables-persistent - - iftop - - screen - - bridge-utils - - tcpdump - - bind9 - - radvd - - curl - - htop - - psmisc - - dnsutils - - ntp - - libnl-genl-3-dev - - virtualenv - - batman-adv - - batctl - - libffi-dev - - libnetfilter-conntrack-dev - - libnfnetlink-dev - - speedtest-cli - - ethtool - - prometheus-node-exporter - modules_required: - - batman-adv - - nf_conntrack_netlink - - nf_conntrack - - nfnetlink - - l2tp_netlink - - l2tp_core - - l2tp_eth - tunneldigger_scripts: - - start-broker.sh - - batdelif.sh - tunneldigger_service: - - tunneldigger.service - respondd_service: - - respondd_service - broker_cfg: - - l2tp_broker.cfg - authorized_keys: - - authorized_keys - logrotate_config: - - logrotate.conf - - tasks: - - name: Remove cdrom in sources.list - raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list" - - name: Make this server ansible compatible - raw: "apt-get update && apt-get install python apt-transport-https dirmngr -y" - - name: Adding Freifuck GPG Key - raw: "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B2522557E6AB9BF5" -# apt_key: -# id: B2522557E6AB9BF5 -# url: https://keyserver.ubuntu.com -# url: https://pool.sks-keyservers.net -# url: https://sks.pod01.fleetstreetops.com -# state: present - - - name: Import Slack token - include_vars: "{{ slack_token_file }}" - - name: Import root password - include_vars: "{{ root_password_file }}" - - name: Add Freifuck repo to source list - apt_repository: repo='deb https://freifuck.de/debian stretch main' state=present - - name: Add backport repo to source list - apt_repository: repo='deb http://http.debian.net/debian stretch-backports main' state=present - - name: Update apt cache - apt: update_cache=yes - - name: Gathering facts - setup: - - name: Set IPv4 in hostfile - lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv4.address }}' line='{{ ansible_default_ipv4.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present - - name: Set IPv6 in hostfile - lineinfile: dest=/etc/hosts regexp='^{{ ansible_default_ipv6.address }}' line='{{ ansible_default_ipv6.address }} {{ sn_hostname }}.{{ sn_fqdn }} {{ sn_hostname }}' owner=root group=root mode=0644 state=present - when: ansible_default_ipv6.address is defined - - name: set hostname - hostname: name='{{ sn_hostname }}' - register: sethostname - - name: disable multi CPU Kernel (SMP) # Batman don not like SMP - lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present - register: grubnosmp - - name: Update grub - shell: update-grub2 - when: grubnosmp.changed - - name: Reboot the server - shell: sleep 2 && shutdown -r now "Ansible updates triggered, no SMP" - async: 1 - poll: 0 - ignore_errors: true - when: sethostname.changed - - name: waiting for server to come back (1st) - local_action: - wait_for - host={{ inventory_hostname }} - port=22 - delay=20 - timeout=300 - when: hosts.changed - when: sethostname.changed - - name: Install common required packages - apt: - name: "{{ item }}" - state: present - update_cache: yes - with_items: "{{ common_required_packages }}" - register: aptupdates - - name: Set clock - shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start - - name: Get Tunneldigger - git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger - register: tunneldigger - when: aptupdates.changed - - name: Configure tunneldigger - raw: "cd /srv/tunneldigger && virtualenv env_tunneldigger && source env_tunneldigger/bin/activate && cd broker && python setup.py install" - when: tunneldigger.changed - - name: Copy l2tp broker config template - template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444 - with_items: "{{ broker_cfg }}" - when: tunneldigger.changed - - name: Copy tunneldigger script template - template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500 - when: tunneldigger.changed - - name: Copy tunneldigger scripts - copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500 - with_items: "{{ tunneldigger_scripts }}" - when: tunneldigger.changed - - name: Copy tunneldigger service template - copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444 - with_items: "{{ tunneldigger_service }}" - when: tunneldigger.changed - - name: Add modules - lineinfile: dest=/etc/modules line={{ item }} - with_items: "{{ modules_required }}" - register: modules_req - - name: Tunneldigger reload - command: "{{item}}" - with_items: - - systemctl daemon-reload - - systemctl enable tunneldigger.service - when: tunneldigger.changed - - name: Copy logrotate config - copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 - with_items: "{{logrotate_config}}" - - name: Create freifunk directory - file: path=/opt/freifunk state=directory mode=0755 - - name: Copy dhcpd template file - template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 - register: dhcpd - - name: Copy dhcpd6 template file - template: src=./files/dhcpd6.conf.j2 dest=/etc/dhcp/dhcpd6.conf owner=root group=root mode=0444 - - name: Clone static DHCP config - git: repo="{{ static_dhcp_repo }}" dest=/opt/freifunk/static-dhcp - when: dhcpd.changed - - name: Add cron static DHCP - cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh" - when: dhcpd.changed - - name: Replace interface line ISC-DHCP-server - lineinfile: - dest: /etc/default/isc-dhcp-server - regexp: 'INTERFACESv4=' - line: 'INTERFACESv4="br-nodes"' - when: dhcpd.changed - - name: Restart dhcpd - service: name=isc-dhcp-server state=restarted - when: dhcpd.changed - ignore_errors: yes - - name: Add cron backbone script - cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" - - name: Add cron startup script - cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" - - name: Copy backbone script - template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 - - name: Exit node startup script super- and exitnode - template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 - when: sn_exit is defined - - name: Exit node startup script super- and exitnode - template: src=./files/sn_startup.local.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 - when: sn_local_exit is defined - - name: SSH authorized_keys - copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 - with_items: "{{ authorized_keys }}" - - name: Bind9, activate ff zone - lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/ff/ff.conf";' state=present - - name: Copy option template - template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 - - name: Create ff directory - file: path=/etc/bind/ff state=directory - - name: Copy FF Zones - copy: src=./files/ff/{{ item }} dest=/etc/bind/ff/{{ item }} owner=root group=bind mode=644 - with_items: - - ff.conf - - name: Copy ff Zone config template - template: src=./files/ff/db.ff.j2 dest=/etc/bind/ff/db.ff owner=bind group=root mode=0444 - - name: Copy radvd config template - template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 - - name: Interface configuration with ffrl gre tunnel - template: src=./files/interfaces-{{ sn_hostname }}.j2 dest=/etc/network/interfaces owner=root group=root mode=0544 - - apt: update_cache=yes - - name: Install bird - apt: state=present pkg=bird - - name: Bird configuration - copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444 - - name: Bird configuration - copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444 - - name: Create Yanic user - user: - name: yanic - comment: "Yanic service user" - - name: Create Yanic folder - file: path=/opt/freifunk/yanic state=directory mode=0755 owner=yanic group=yanic - - name: Copy Yanic config template - template: src=./files/yanic.conf.j2 dest=/etc/yanic.conf owner=yanic group=yanic mode=0444 - - name: Shit go stuff - shell: cd /usr/local && wget https://dl.google.com/go/go1.13.1.linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz -O go-release-linux-amd64.tar.gz && tar xvf go-release-linux-amd64.tar.gz && rm go-release-linux-amd64.tar.gz - - name: Adjust path for go - lineinfile: - dest: /root/.bashrc - line: "{{ item }}" - with_items: - - export GOPATH=/opt/go - - export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin - - name: Compile go - shell: go get -v -u github.com/Freifunk-Troisdorf/yanic - - name: Copy and enable yanic service - shell: cp /opt/go/src/github.com/Freifunk-Troisdorf/yanic/contrib/init/linux-systemd/yanic.service /lib/systemd/system/yanic.service && systemctl daemon-reload && systemctl enable yanic - - name: Get respondd - git: repo=https://github.com/Freifunk-Troisdorf/mesh-announce.git dest=/opt/mesh-announce - - name: Copy respondd service template - shell: cp /opt/mesh-announce/respondd.service /etc/systemd/system - - name: Enable respondd service - shell: systemctl daemon-reload && systemctl enable respondd - - name: Copy Slacktee Config - template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544 - - name: Copy Slacktee - copy: src=./files/slacktee.sh dest=/usr/local/bin/slacktee.sh owner=root group=root mode=0744 - - name: set netfilter rules - lineinfile: - dest: /etc/sysctl.conf - line: "{{ item }}" - with_items: - - net.ipv4.netfilter.ip_conntrack_generic_timeout = 240 - - net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000 - - net.netfilter.nf_conntrack_max = 65536 - - name: check modprobe.conf - stat: path=/etc/modprobe.conf - register: modprobe1 - - name: create /etc/modprobe.conf when not present - file: path=/etc/modprobe.conf state=touch owner=root group=root mode=0544 - when: modprobe1.stat.exists == False - - name: check /etc/modprobe.conf - lineinfile: dest=/etc/modprobe.conf line="options ip_conntrack hashsize=65536" - - name: Change root password - user: - name: root - password: "{{ sn_rootpasswd }}" - - name: Logrotate rights - file: path=/etc/logrotate.conf mode=0644 owner=root group=root - - name: Wirte version information - shell: touch /etc/sn_version && echo {{ snversion }} > /etc/sn_version - - name: Reboot the server finally - shell: sleep 2 && shutdown -r now "Ansible updates triggered" - async: 1 - poll: 0 - ignore_errors: true - when: tunneldigger.changed - - name: waiting for server to come back - local_action: - wait_for - host={{ inventory_hostname }} - port=22 - delay=20 - timeout=300 - when: tunneldigger.changed - - name: Send notification message via Slack - local_action: - module: slack - token: "{{ slack_token }}" - msg: "{{ inventory_hostname }} completed with {{ snversion }}" - channel: "#technik" - username: "Ansible on {{ inventory_hostname }}" - parse: 'none'