Added features:

- alfred messages
- Tunneldigger MAC blocker (experimental)
- DNS (bind9 for secondary fftdf zone on all supernodes)
- DHCP change, new DNS server
- Major fix for GRE_backbone.sh (same MAC address on all bat0)

README.md

@@ -3,6 +3,7 @@ Ansible yml file to manage Freifunk Troisdorf supernodes
 
 At this time you have to start it explicit with the target server
 example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf5"
+example: ansible-playbook install.sn.yml --extra-vars "target=troisdorf[4,5,6]"
 
 You need this information in your hosts (/etc/ansible/hosts) file:
 #example, I hope self explaining

files/alfred.sh.j2

@@ -15,7 +15,7 @@ fi
 "network": {
 "mac": "{{ sn_mesh_MAC }}",
 "addresses": [
-"{{ sn_mesh_IPv6 }}"
+"{{ sn_mesh_IPv6 }}",
 "{{ sn_mesh_IPv4 }}"
 ],
 "mesh_interfaces": [
@@ -26,29 +26,11 @@ $(for i in $meshh_if; do /bin/echo '"'$i'",';done)
 "vpn": true,
 "node_id": "$nodeid",
 "hostname": "Gateway:{{ sn_hostname }}",
-"hardware": {'
+"hardware": {
-"model": "{{ ansible_lsb.description }}"
+"model": "vServer"
 },
 "owner": {
-"contact": "fftro/stefand"
+"contact": "stefan@freifunk-troisdorf.de"
-},
-"software": {
-"fastd": {
-"version": "v16",
-"enabled": true
-},
-"autoupdater": {
-"enabled": false,
-"branch": "server"
-},
-"firmware": {
-"release": "$release",
-"base": "{{ ansible_os_family }}"
-},
-"batman-adv": {
-"compat": 15,
-"version": "2014.3.0-47-g21f67df-dirty,"
-}
 }
 }
 EOF

files/bataddif.sh.j2

@@ -1,7 +1,27 @@
 #!/bin/bash
 INTERFACE="$3"
+#MAC="$8"
+#BLACKLISTFILE=/opt/freifunk/blockliste.txt
 
-ip link set address {{ sn_mesh_MAC }} dev $INTERFACE
 
+#if [ -f /opt/freifunk/blockliste.txt ] 
+
+#if [ -f $BLACKLISTFILE ]
+#  then
+#    BLOCKLISTE=$(cat /opt/freifunk/blockliste.txt)
+#  else
+#    touch=$BLOCKLISTE
+#fi 
+
+#for i in $BLOCKLISTE;
+#do
+#    if [[ $i == $MAC ]]; then
+#      exit 1
+#    fi
+#done
+
+#ip link set address {{ sn_mesh_MAC }} dev $INTERFACE
+ifconfig $INTERFACE hw ether {{ sn_mesh_MAC }}
 ip link set dev $INTERFACE up mtu 1312
 /usr/sbin/batctl if add $INTERFACE
+

files/dhcpd.conf.j2

@@ -6,7 +6,7 @@ log-facility local7;
 subnet 10.188.0.0 netmask 255.255.0.0 {
 authoritative;
 range {{ sn_dhcp_range }};
-option domain-name-servers {{ sn_dhcp_dns }};
+option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns }};
 option routers {{ sn_dhcp_router }};
 interface bat0;
 

files/gre_backbone.sh

@@ -36,9 +36,10 @@ for i in $server; do
 done
 
 # configure bat0
-ip link set address $communitymacaddress$:0{localserver#$communityname} dev bat0
+ip link set address $communitymacaddress$:0${localserver#$communityname} dev bat0
 ip link set up dev bat0
 ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
 ip -6 addr add fda0:747e:ab29:7405:255::${localserver#$communityname}/64 dev bat0
 alfred -i bat0 > /dev/null 2>&1 &
 batadv-vis -i bat0 -s > /dev/null 2>&1 &
+service bind9 restart

files/named.conf.fftdf

@@ -0,0 +1,6 @@
+zone "fftdf" {
+  type slave;
+  masters { 10.188.1.100; };
+  file "/var/lib/bind/db.fftdf";
+};
+

files/named.conf.options.j2

@@ -0,0 +1,26 @@
+options {
+        directory "/var/cache/bind";
+
+        // If there is a firewall between you and nameservers you want
+        // to talk to, you may need to fix the firewall to allow multiple
+        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+        // If your ISP provided one or more IP addresses for stable
+        // nameservers, you probably want to use them as forwarders.
+        // Uncomment the following block, and insert the addresses replacing
+        // the all-0's placeholder.
+
+        // forwarders {
+        //      0.0.0.0;
+        // };
+
+        //========================================================================
+        // If BIND logs error messages about the root key being expired,
+        // you will need to update your keys.  See https://www.isc.org/bind-keys
+        //========================================================================
+        dnssec-validation auto;
+
+        auth-nxdomain no;    # conform to RFC1035
+        listen-on { {{ sn_mesh_IPv4 }}; };
+        listen-on-v6 { {{ sn_mesh_IPv6 }}; };
+};

install.sn.yml

@@ -35,6 +35,7 @@
       - screen
       - bridge-utils
       - tcpdump
+      - bind9
     modules_required:
       - batman-adv
       - nf_conntrack_netlink
@@ -48,6 +49,8 @@
       - batdelif.sh
     tunneldigger_service:
       - tunneldigger.service
+    bind_zone_fftdf:
+      - named.conf.fftdf
 #    openvpn_files:
 #      - mullvad_linux.conf
 #      - mullvad.key
@@ -89,9 +92,9 @@
       apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present 
     - name: Update apt cache
       apt: update_cache=yes
-#    - name: Install new kernel
+    - name: Install new kernel
-#      apt: name=linux-image-4.2.0-0.bpo.1-amd64 state=present
+      apt: name=linux-image-4.2.0-0.bpo.1-amd64 state=present
-#      register: kernel4
+      register: kernel4
     - name: Gathering facts
       setup:
     - name: Set IPv4 in hostfile
@@ -109,6 +112,12 @@
       ignore_errors: true
       when: hosts.changed
       when: hostname.changed
+    - name: disable multi CPU Kernel (SMP)
+      lineinfile: dest=/etc/default/grub regexp='^GRUB_CMDLINE_LINUX_DEFAULT=' line='GRUB_CMDLINE_LINUX_DEFAULT="quiet maxcpus=0 nosmp"' state=present
+      register: grubnosmp
+    - name: Update grub
+      shell: update-grub2
+      when: grubnosmp.changed
     - name: waiting for server to come back
       local_action:
                    wait_for
@@ -214,6 +223,13 @@
     - name: SSH authorized_keys
       copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
       with_items: authorized_keys
+    - name: Copy secondary zone file
+      copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644
+      with_items: bind_zone_fftdf
+    - name: Bind9, activate fftdf zone
+      lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present
+    - name: Copy option template
+      template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
     - name: Reboot the server finally
       shell: sleep 2 && shutdown -r now "Ansible updates triggered"
       async: 1
@@ -231,4 +247,4 @@
     - name: Alfed message
       template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544
     - name: Add cron job with alfred info script
-      cron: name=alfred_info job="/opt/freifunk//opt/freifunk/alfred.sh > /dev/null 2>&1" user="root"
+      cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root"