housekeeping

files/dhcpd.conf.j2

@@ -1,6 +1,6 @@
 # Version 1.3
 ddns-update-style none;
-option domain-name "fftdf";
+option domain-name "ff";
 default-lease-time 300;
 max-lease-time 3600;
 log-facility local7;

files/dhcpd6.conf.j2

@@ -8,7 +8,7 @@ max-lease-time 600;
 
 option dhcp6.name-servers {{ sn_mesh_IPv6 }};
 
-option dhcp6.domain-search "fftdf";
+option dhcp6.domain-search "ff";
 
 subnet6 {{ sn_mesh_IPv6_net }} {
 }

files/ff/db.ff.j2

@@ -1,15 +1,15 @@
-;; db.fftdf
+;; db.ff
-;; Forwardlookupzone für .fftdf
+;; Forwardlookupzone für .ff
 ;;
 $TTL 600
-@       IN      SOA     fftdf. root.fftdf. (
+@       IN      SOA     ff. root.ff. (
                         2015584544      ; Serial
                                 8H      ; Refresh
                                 2H      ; Retry
                                 4W      ; Expire
                                 3H )    ; NX (TTL Negativ Cache)
 
-@                               IN      NS      {{ sn_hostname }}.infra.fftdf.
+@                               IN      NS      {{ sn_hostname }}.infra.ff.
                                 IN      A       {{ sn_mesh_IPv4 }}
                                 IN      AAAA	{{ sn_mesh_IPv6 }}
 localhost			IN	A    	127.0.0.1

files/ff/ff.conf

@@ -0,0 +1,6 @@
+// Zone declarations for Freifunk
+
+zone "ff" {
+  type master;
+  file "/etc/bind/ff/db.ff";
+};

files/fftdf/fftdf.conf

@@ -1,6 +0,0 @@
-// Zone declarations for Freifunk Troisdorf
-
-zone "fftdf" {
-  type master;
-  file "/etc/bind/fftdf/db.fftdf";
-};

files/interfaces-troisdorf4.j2

@@ -13,18 +13,18 @@ iface lo inet6 loopback
 
 
 # The primary network interface
-allow-hotplug eth0
+allow-hotplug {{ sn_interface_name }}
-iface eth0 inet static
+iface {{ sn_interface_name }} inet static
         address 212.129.50.141
         netmask 255.255.255.255
         gateway 163.172.210.1
         pointopoint 163.172.210.1
         post-up iptables -P OUTPUT ACCEPT
-        post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
-        post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
-        post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
-        post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
-        post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+        post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
 auto 6to4
         iface 6to4 inet6 6to4
         local 212.129.50.141

files/interfaces-troisdorf5.j2

@@ -13,18 +13,18 @@ iface lo inet6 loopback
 
 
 # The primary network interface
-allow-hotplug eth0
+allow-hotplug {{ sn_interface_name }}
-iface eth0 inet static
+iface {{ sn_interface_name }} inet static
         address 62.210.5.90
         netmask 255.255.255.255
         gateway 163.172.210.1
         pointopoint 163.172.210.1
         post-up iptables -P OUTPUT ACCEPT
-        post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
-        post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
-        post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
-        post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
-        post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+        post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
 auto 6to4
 	iface 6to4 inet6 6to4
         local 62.210.5.90

files/interfaces-troisdorf6.j2

@@ -13,25 +13,24 @@ iface lo inet6 loopback
 
 
 # The primary network interface
-allow-hotplug eth0
+allow-hotplug {{ sn_interface_name }}
-#iface eth0 inet dhcp
+iface {{ sn_interface_name }} inet static
-iface eth0 inet static
         address 62.210.12.122
         netmask 255.255.255.255
         gateway 163.172.210.1
         pointopoint 163.172.210.1
         post-up iptables -P OUTPUT ACCEPT
-        post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
-        post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
-        post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
-        post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
+        post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
-        post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+        post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
 
 auto 6to4
         iface 6to4 inet6 6to4
         local 62.210.12.122
         post-up ip6tables -P OUTPUT ACCEPT
-        post-up ip6tables -A OUTPUT -o eth0 -d fc00::/7 -j DROP
+        post-up ip6tables -A OUTPUT -o $IFACE -d fc00::/7 -j DROP
 
 # GRE Tunnel zum Rheinland Backbone
 # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen

files/interfaces-troisdorf7.j2

@@ -13,8 +13,8 @@ iface lo inet6 loopback
 
 
 # The primary network interface
-allow-hotplug ens18
+allow-hotplug {{ sn_interface_name }}
-iface ens18 inet static
+iface {{ sn_interface_name }} inet static
         address 93.241.53.100
         netmask 255.255.255.0
         gateway 93.241.53.1

files/named.conf.local

@@ -6,5 +6,5 @@
 // organization
 //include "/etc/bind/zones.rfc1918";
 
-// Include Freifunk Troisdorf (fftdf) zones
+// Include Freifunk (ff) zones
-include "/etc/bind/fftdf/fftdf.conf";
+include "/etc/bind/ff/ff.conf";

files/sn_startup.local.exit.sh.j2

@@ -0,0 +1,43 @@
+#!/bin/sh
+# Version 1.91
+
+curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
+
+# Activate IP forwarding
+/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
+/sbin/sysctl -w net.ipv4.ip_forward=1
+
+# restart when kernel panic
+/sbin/sysctl kernel.panic=1
+
+# Routing table 42
+/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables
+
+# Set table for traffice with mark 4
+/bin/ip rule add fwmark 0x4 table 42
+/bin/ip -6 rule add fwmark 0x4 table 42
+
+# Set mark 4 to Freifunk traffic
+#/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
+#/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
+
+# All from FF IPv4 via routing table 42
+#/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
+#/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42
+
+# Allow MAC address spoofing
+/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
+
+# Create Tunneldigger Bridge
+/sbin/brctl addbr br-nodes
+/sbin/ip link set dev br-nodes up address 2E:9D:FA:A1:6B:0{{ sn_number }}
+/sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP
+/usr/local/sbin/batctl if add br-nodes
+
+sleep 5
+/bin/systemctl restart radvd
+/bin/systemctl retsrat tunneldigger
+/bin/systemctl restart bird
+/bin/systemctl restart bird6
+/bin/systemctl restart isc-dhcp-server
+exit 0

install.sn.yml

@@ -9,7 +9,7 @@
   user: root
   gather_facts: False
   vars:
-    snversion: master_v3.1.4
+    snversion: master_v3.1.5
     batmanversion: v2017.4
     common_required_packages:
       - git
@@ -47,6 +47,7 @@
       - libffi-dev
       - libnetfilter-conntrack-dev
       - libnfnetlink-dev
+      - speedtest-cli
     modules_required:
       - batman-adv
       - nf_conntrack_netlink
@@ -57,25 +58,15 @@
       - l2tp_eth
     tunneldigger_scripts:
       - start-broker.sh
-#      - start-broker-backup.sh
       - batdelif.sh
     tunneldigger_service:
       - tunneldigger.service
-#      - tunneldigger-backup.service
     broker_cfg:
-#      - l2tp_broker-backup.cfg
       - l2tp_broker.cfg
-#    bind_zone_fftdf:
-#      - named.conf.fftdf
-#    check_gw_script:
-#      - keepalive.sh
     authorized_keys:
       - authorized_keys
     logrotate_config:
       - logrotate.conf
-#    supernode_config:
-#      - supernode.mode
-#      - loadbalancing.mode
 
   tasks:
     - name: Remove cdrom in sources.list
@@ -91,6 +82,10 @@
 #             url: https://sks.pod01.fleetstreetops.com
 #             state: present
 
+    - name: Import Slack token
+      include_vars: "{{ slack_token_file }}"
+    - name: Import root password
+      include_vars: "{{ root_password_file }}"
     - name: Add Freifuck repo to source list
       apt_repository: repo='deb https://freifuck.de/debian stretch main' state=present 
     - name: Add backport repo to source list
@@ -128,7 +123,6 @@
                    timeout=300
       when: hosts.changed
       when: sethostname.changed
-#    - apt: update_cache=yes
     - name: Install common required packages
       apt:
         name: "{{ item }}"
@@ -138,57 +132,13 @@
       register: aptupdates
     - name: Set clock
       shell: /etc/init.d/ntp stop && /usr/sbin/ntpd -q -g && /etc/init.d/ntp start
-#    - name: Add modules
-#      lineinfile: dest=/etc/modules line={{ item }}
-#      with_items: modules_required
-#      register: modules_req
-#    - name: Load modules
-#      modprobe: name={{ item }}
-#      with_items: modules_required
-#      when: modules_req.changed
-#    - name: Install Linux headers
-#      shell: >
-#        apt-get install linux-headers-$(uname -r) -y
-#      when: aptupdates.changed
-#    - name: Get batman-adv
-#      git: repo=https://git.open-mesh.org/batman-adv.git
-#           dest=/tmp/batman-adv
-#      when: aptupdates.changed
-#      register: getbatman
-#    - name: Get batman-adv no rebrotcast patch
-#      get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch
-#      when: getbatman.changed
-#    - name: Install batman-adv
-#      shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install
-#      shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install
-#      when: getbatman.changed
-#    - name: Get batctl
-#      git: repo=http://git.open-mesh.org/batctl.git
-#           dest=/tmp/batctl
-#      when: aptupdates.changed
-#      register: getbatctl
-#    - name: Install batctl
-#      shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install
-#      when: getbatctl.changed
     - name: Get Tunneldigger
-#      git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger
-#      git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger version=v0.1.0
-#      git: repo=https://github.com/wlanslovenija/tunneldigger.git dest=/srv/tunneldigger
-#      git: repo=https://github.com/ffrl/tunneldigger.git dest=/srv/tunneldigger
       git: repo=https://github.com/Freifunk-Troisdorf/tunneldigger.git dest=/srv/tunneldigger
-#           version: release-0.22
       register: tunneldigger
       when: aptupdates.changed
     - name: Configure tunneldigger
       raw: "cd /srv/tunneldigger && virtualenv env_tunneldigger && source env_tunneldigger/bin/activate && cd broker && python setup.py install"
-#      command: "{{item}}"
-#      with_items:
-#       - virtualenv /srv/tunneldigger/ -p python2.7
-#      - virtualenv /srv/tunneldigger/
       when: tunneldigger.changed
-#    - name: Tunneldigger requirements
-#      pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/
-#      when: tunneldigger.changed
     - name: Copy l2tp broker config template
       template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444
       with_items: "{{ broker_cfg }}"
@@ -204,57 +154,26 @@
       copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444
       with_items: "{{ tunneldigger_service }}"
       when: tunneldigger.changed
-##########
     - name: Add modules
       lineinfile: dest=/etc/modules line={{ item }}
       with_items: "{{ modules_required }}"
       register: modules_req
-#    - name: Load modules
-#      modprobe: name= "{{ item }}"
-#      with_items: "{{ modules_required }}"
-#      when: modules_req.changed
-#########
     - name: Tunneldigger reload
       command: "{{item}}"
       with_items:
       - systemctl daemon-reload
       - systemctl enable tunneldigger.service
-#      - systemctl enable tunneldigger-backup.service
       when: tunneldigger.changed
     - name: Copy logrotate config
       copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500
       with_items: "{{logrotate_config}}"
     - name: Create freifunk directory
       file: path=/opt/freifunk state=directory mode=0755
-#    - name: Create keepalive directory
-#      file: path=/etc/supernode-status state=directory mode=0755
-#    - name: Create supernode config files
-#      file: path=/etc/supernode-status/{{ item }} state=touch owner=root group=root mode=0644
-#      with_items: supernode_config
-#    - name: Supernode set default mode
-#      lineinfile: dest=/etc/supernode-status/{{ item }} regexp=^0 line=0
-#      with_items: supernode_config
-#    - name: Check gateway / keepalive script supernode
-#      copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
-#      with_items: check_gw_script
-#      register: check_gw
-#      when: sn_exit is undefined
-#    - name: Check gateway / keepalive script super- and exitnode
-#      template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500
-#      register: check_gw
-#      when: sn_exit is defined
-#    - name: Add cron job with check gateway script
-#      cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root" 
-#      when: check_gw.changed
-#    - name: Supernode Config script super- and exitnode
-#      copy: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500
-#      when: sn_exit is defined
     - name: Copy dhcpd template file
       template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
       register: dhcpd
     - name: Clone static DHCP config
-      git: repo=https://github.com/Freifunk-Troisdorf/static-dhcp
+      git: repo="{{ static_dhcp_repo }}" dest=/opt/freifunk/static-dhcp
-           dest=/opt/freifunk/static-dhcp
       when: dhcpd.changed 
     - name: Add cron static DHCP
       cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh"
@@ -267,58 +186,40 @@
       cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh"
     - name: Add cron startup script
       cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh"
-    - name: Copy backbone script
-      template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
-      when: sn_exit is undefined 
     - name: Copy backbone script
       template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
-      when: sn_exit is defined
-#    - name: Collectd template file
-#      template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
-#      register: collectd
-#    - name: Restart collectd
-#      service: name=collectd state=restarted
-#      when: collectd.changed
-    - name: configure startup script supernode
-      template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
-      when: sn_exit is undefined
     - name: Exit node startup script super- and exitnode
       template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
       when: sn_exit is defined
+    - name: Exit node startup script super- and exitnode
+      template: src=./files/sn_startup.local.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
+      when: sn_local_exit is defined
     - name: SSH authorized_keys
       copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
       with_items: "{{ authorized_keys }}"
-    - name: Bind9, activate fftdf zone
+    - name: Bind9, activate ff zone
-      lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/fftdf/fftdf.conf";' state=present
+      lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/ff/ff.conf";' state=present
     - name: Copy option template
       template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
-    - name: Create fftdf directory
+    - name: Create ff directory
-      file: path=/etc/bind/fftdf state=directory
+      file: path=/etc/bind/ff state=directory
-    - name: Copy FFTDF Zones
+    - name: Copy FF Zones
-      copy: src=./files/fftdf/{{ item }} dest=/etc/bind/fftdf/{{ item }} owner=root group=bind mode=644
+      copy: src=./files/ff/{{ item }} dest=/etc/bind/ff/{{ item }} owner=root group=bind mode=644
       with_items: 
-        - fftdf.conf
+        - ff.conf
-    - name: Copy fftdf Zone config template
+    - name: Copy ff Zone config template
-      template: src=./files/fftdf/db.fftdf.j2 dest=/etc/bind/fftdf/db.fftdf owner=radvd group=root mode=0444
+      template: src=./files/ff/db.ff.j2 dest=/etc/bind/ff/db.ff owner=bind group=root mode=0444
     - name: Copy radvd config template
       template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444
     - name: Interface configuration with ffrl gre tunnel
-      copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544
+      template: src=./files/interfaces-{{ sn_hostname }}.j2 dest=/etc/network/interfaces owner=root group=root mode=0544
-      when: sn_exit is defined
     - apt: update_cache=yes
     - name: Install bird
       apt: state=present pkg=bird
-      when: sn_exit is defined
     - name: Bird configuration
       copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444
-      when: sn_exit is defined
     - name: Bird configuration
       copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444
-      when: sn_exit is defined
-#    - name: Get speedtest-cli
-#      get_url: url=https://raw.githubusercontent.com/MightySCollins/speedtest-cli/master/speedtest_cli.py dest=/usr/bin/speedtest-cli
-#    - name: Change rights speedtest-cli
-#      file: path=/usr/bin/speedtest-cli owner=root group=root mode=0755
     - name: Copy Slacktee Config
       template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544
     - name: Copy Slacktee
@@ -369,4 +270,3 @@
         channel: "#technik"
         username: "Ansible on {{ inventory_hostname }}"
         parse: 'none'
-