updated setup_fastd playbook
added features: - install_bind - install_dhcp - install_fastd - setup_batmannetsplit
Niklas Yann Wettengel
8 years ago
parent
711f968dda
commit
4b97c64f94
@ -0,0 +1,24 @@
|
||||
---
|
||||
- name: install bind
|
||||
pacman:
|
||||
name: bind
|
||||
state: present
|
||||
|
||||
- name: create named zone backup folder
|
||||
file:
|
||||
path: /var/named/bak
|
||||
state: directory
|
||||
owner: named
|
||||
group: named
|
||||
|
||||
- name: bind config
|
||||
template:
|
||||
src: named.conf.j2
|
||||
dest: /etc/named.conf
|
||||
register: named_conf
|
||||
|
||||
- name: reload bind
|
||||
when: named_conf.changed
|
||||
systemd:
|
||||
name: named.service
|
||||
state: reloaded
|
||||
@ -0,0 +1,78 @@
|
||||
// vim:set ts=4 sw=4 et:
|
||||
|
||||
options {
|
||||
directory "/var/named";
|
||||
pid-file "/run/named/named.pid";
|
||||
|
||||
dnssec-enable yes;
|
||||
dnssec-validation yes;
|
||||
dnssec-lookaside auto;
|
||||
|
||||
auth-nxdomain no; # conform to RFC1035
|
||||
|
||||
listen-on-v6 { {{ bat0_ipv6 }}; };
|
||||
listen-on port 53 { 127.0.0.1; {{ bat0_ipv4 }}; };
|
||||
|
||||
allow-recursion { 127.0.0.1; 10.222.0.0/16; 2a01:198:70a:ff::/64; };
|
||||
allow-transfer { none; };
|
||||
allow-update { none; };
|
||||
|
||||
//forwarders {
|
||||
// 85.214.20.141;
|
||||
// 213.73.91.35;
|
||||
//};
|
||||
|
||||
version none;
|
||||
hostname none;
|
||||
server-id none;
|
||||
};
|
||||
|
||||
zone "localhost" IN {
|
||||
type master;
|
||||
file "localhost.zone";
|
||||
};
|
||||
|
||||
zone "0.0.127.in-addr.arpa" IN {
|
||||
type master;
|
||||
file "127.0.0.zone";
|
||||
};
|
||||
|
||||
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
|
||||
type master;
|
||||
file "localhost.ip6.zone";
|
||||
};
|
||||
|
||||
zone "255.in-addr.arpa" IN {
|
||||
type master;
|
||||
file "empty.zone";
|
||||
};
|
||||
|
||||
zone "0.in-addr.arpa" IN {
|
||||
type master;
|
||||
file "empty.zone";
|
||||
};
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "root.hint";
|
||||
};
|
||||
|
||||
zone "ffmyk" IN {
|
||||
type slave;
|
||||
file "bak/ffmyk.zone";
|
||||
allow-query { any; };
|
||||
masters { 10.222.100.1; };
|
||||
};
|
||||
|
||||
//logging {
|
||||
// channel xfer-log {
|
||||
// file "/var/log/named.log";
|
||||
// print-category yes;
|
||||
// print-severity yes;
|
||||
// severity info;
|
||||
// };
|
||||
// category xfer-in { xfer-log; };
|
||||
// category xfer-out { xfer-log; };
|
||||
// category notify { xfer-log; };
|
||||
//};
|
||||
|
||||
@ -0,0 +1,15 @@
|
||||
---
|
||||
- name: install dhcp
|
||||
pacman:
|
||||
name: dhcp
|
||||
state: present
|
||||
|
||||
- name: create dhcp file for static ips
|
||||
file:
|
||||
path: /etc/dhcpd.hosts.conf
|
||||
state: touch
|
||||
|
||||
- name: dhcpd.conf
|
||||
template:
|
||||
src: dhcpd.conf.j2
|
||||
dest: /etc/dhcpd.conf
|
||||
@ -0,0 +1,18 @@
|
||||
default-lease-time 600;
|
||||
max-lease-time 3600;
|
||||
|
||||
authoritative;
|
||||
|
||||
log-facility local7;
|
||||
|
||||
subnet 10.222.0.0 netmask 255.255.0.0 {
|
||||
range {{ dhcp_start }} {{ dhcp_end }};
|
||||
|
||||
option routers {{ bat0_ipv4 }};
|
||||
option domain-name-servers {{ bat0_ipv4 }};
|
||||
}
|
||||
|
||||
subnet {{ ansible_default_ipv4['address'] }} netmask 255.255.255.255 {
|
||||
}
|
||||
|
||||
include "/etc/dhcpd.hosts.conf";
|
||||
@ -0,0 +1,45 @@
|
||||
#!/usr/bin/php -f
|
||||
<?php
|
||||
//$url = 'http://register.freifunk-myk.de/srvapi.php';
|
||||
$url = 'https://www.freifunk-myk.de/node/keys';
|
||||
$out = '/etc/fastd/ffmyk/peers/';
|
||||
|
||||
if(!is_dir($out)) die('Output Dir missing');
|
||||
if(!is_writable($out)) die('Output Dir perms');
|
||||
|
||||
if( ($data = file_get_contents($url)) === FALSE ) die('Error getting keys');
|
||||
$data = unserialize($data);
|
||||
|
||||
$active=array();
|
||||
|
||||
foreach($data as $router) {
|
||||
$router['MAC'] = trim($router['MAC']);
|
||||
$router['PublicKey'] = trim($router['PublicKey']);
|
||||
if(!preg_match('/^[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}$/', $router['MAC'])) {
|
||||
//trigger_error('Router mit falscher MAC?!', E_USER_WARNING);
|
||||
}elseif(!preg_match('/^[A-F0-9]{64}$/', $router['PublicKey'])) {
|
||||
//trigger_error('Router mit falschem Key?!'.$router['MAC'], E_USER_WARNING);
|
||||
}else{
|
||||
$filename='client_'.str_replace(':', '-', $router['MAC']);
|
||||
$fp=fopen($out.$filename, 'w');
|
||||
fwrite($fp, 'key "'.$router['PublicKey'].'";'."\n");
|
||||
fclose($fp);
|
||||
$active[] = $filename;
|
||||
}
|
||||
}
|
||||
|
||||
//Check if we fscked up
|
||||
if(count($active) < 10) die('Less than 10 nodes? Database broken?');
|
||||
|
||||
$dh = opendir($out);
|
||||
while(($file = readdir($dh)) !== false) {
|
||||
if($file != '.' && $file != '..') {
|
||||
if(!in_array($file, $active) && (strpos($file, 'client_') !== false)) {
|
||||
unlink($out.$file);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
exec('killall -SIGHUP fastd');
|
||||
|
||||
?>
|
||||
@ -0,0 +1,2 @@
|
||||
key "d78c8c9b2977f732cdd00d2d4b557cfb5de1438897d33b9ec04037512dd11d6a";
|
||||
remote "fastd1.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "03cb2b87af657dfc4a434c5dfe3234e947571ca5a8d114d24e0e9f9861eff558";
|
||||
remote "fastd10.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "c5ddbdc98a9aa8eb4fc684571c23eabaefd6ef63b8cb9d3a31a2cd6e656c47f9";
|
||||
remote "fastd11.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "d47e917875f145a27a3ef10e29bf011c1f89ab4ea313c4bd0d8bac07ffacf557";
|
||||
remote "fastd12.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "2895322d66ba7aaa0daf779d795a2a44255d1d14bea639e1267149f466602fce";
|
||||
remote "fastd13.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "22e08f6e9c72e77041aa635d380e03069cfe193d9f5a0551ff2188677d15d5c0";
|
||||
remote "fastd14.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "78605f4cc687a1a5c2a1cbbacb6310bb4dc2546e605a1f2852aabea5e2dbecbb";
|
||||
remote "fastd15.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "f753af06aff1e765a0601c21343965cd3a9abd91f98a76867589e742c041a550";
|
||||
remote "fastd2.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "70a561adcea747e4758376222cddf7d43db43fac55b43e3840b6e3bc5042b170";
|
||||
remote "fastd3.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "30e707472d8eed4397295554764846f309a4b046ba628d24f2acee79543d671c";
|
||||
remote "fastd4.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "c785f8d8f59b75ffbec7eb417e1971dc5a123ff3507e3121352102fdea646e89";
|
||||
remote "fastd5.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "c40b725a5118b7c37f76b562461db160b1c99495f1df254067de2b5772831d22";
|
||||
remote "fastd6.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "72dbb9f07c272e6cfba07ebc3e318cc66e7d6e7583d6aa27fdd0445cf1bea2d8";
|
||||
remote "fastd7.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "66744cda306b1087753a57a727c79a934c872e7221ec6a28ff41e3a316eff0ab";
|
||||
remote "fastd8.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,2 @@
|
||||
key "a8a79387ffa4370c6ae322d99aeb5b8b82f5580ce8dfe5726e0d161a7894a6ed";
|
||||
remote "fastd9.services.freifunk-myk.de":10000;
|
||||
@ -0,0 +1,94 @@
|
||||
---
|
||||
- name: install fastd
|
||||
become: yes
|
||||
become_user: '{{ aur_user }}'
|
||||
aur:
|
||||
name: fastd
|
||||
tool: yaourt
|
||||
|
||||
- name: create ffmyk folder
|
||||
file:
|
||||
path: /etc/fastd/ffmyk
|
||||
state: directory
|
||||
|
||||
- name: fastd.conf
|
||||
template:
|
||||
src: fastd.conf.j2
|
||||
dest: /etc/fastd/ffmyk/fastd.conf
|
||||
mode: 0640
|
||||
- name: create backbone folder
|
||||
file:
|
||||
path: /etc/fastd/ffmyk/backbone
|
||||
state: directory
|
||||
|
||||
- name: add backbone peers
|
||||
copy:
|
||||
src: '{{ item }}'
|
||||
dest: /etc/fastd/ffmyk/backbone/{{ item }}
|
||||
with_items:
|
||||
- fastd1
|
||||
- fastd2
|
||||
- fastd3
|
||||
- fastd4
|
||||
- fastd5
|
||||
- fastd6
|
||||
- fastd7
|
||||
- fastd8
|
||||
- fastd9
|
||||
- fastd10
|
||||
- fastd11
|
||||
- fastd12
|
||||
- fastd13
|
||||
- fastd14
|
||||
- fastd15
|
||||
|
||||
- name: add fastd bin folder
|
||||
file:
|
||||
path: /etc/fastd/ffmyk/bin
|
||||
state: directory
|
||||
|
||||
- name: add fastd up script
|
||||
template:
|
||||
src: fastd_up.sh.j2
|
||||
dest: /etc/fastd/ffmyk/bin/up.sh
|
||||
mode: 0744
|
||||
|
||||
- name: add fastd peers folder
|
||||
file:
|
||||
path: /etc/fastd/ffmyk/peers
|
||||
state: directory
|
||||
|
||||
- name: install php for api script
|
||||
pacman:
|
||||
name: php
|
||||
state: present
|
||||
|
||||
- name: add fastd peer api script
|
||||
copy:
|
||||
src: fastd-api.php
|
||||
dest: /etc/fastd/ffmyk/bin/fastd-api.php
|
||||
|
||||
- name: install cronie
|
||||
pacman:
|
||||
name: cronie
|
||||
state: present
|
||||
|
||||
- name: start and enable cronie
|
||||
systemd:
|
||||
name: cronie.service
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
- name: setup cronjob for fastd-api
|
||||
cron:
|
||||
name: fastd-api
|
||||
minute: '*/10'
|
||||
user: root
|
||||
cron_file: fastd-api
|
||||
job: '/usr/bin/php /etc/fastd/ffmyk/bin/fastd-api.php'
|
||||
|
||||
- name: start and enable fastd service
|
||||
systemd:
|
||||
name: fastd@ffmyk.service
|
||||
enabled: yes
|
||||
state: started
|
||||
@ -0,0 +1,18 @@
|
||||
log to syslog level info;
|
||||
interface "ffmyk-mesh-vpn";
|
||||
method "salsa2012+gmac";
|
||||
method "salsa2012+umac";
|
||||
secure handshakes yes;
|
||||
bind any:10000;
|
||||
hide ip addresses yes;
|
||||
hide mac addresses yes;
|
||||
mtu 1280;
|
||||
peer group "clients" {
|
||||
include peers from "peers";
|
||||
peer limit {{ fastd_peer_limit }};
|
||||
}
|
||||
include peers from "backbone";
|
||||
secret "{{ fastd_secret }}";
|
||||
on up "/etc/fastd/ffmyk/bin/up.sh $INTERFACE";
|
||||
status socket "/run/ffmyk.socket";
|
||||
|
||||
@ -0,0 +1,11 @@
|
||||
#!/bin/bash
|
||||
ip link set address {{ fastd_mesh_mac }} dev $1
|
||||
ip link set up dev $1
|
||||
batctl -m bat0 if add $1
|
||||
batctl -m bat0 gw server 1000000/1000000
|
||||
batctl -m bat0 it 10000
|
||||
batctl -m bat0 mm 1
|
||||
echo 128 > /sys/class/net/bat0/mesh/hop_penalty
|
||||
netctl start bat0
|
||||
systemctl restart dhcpd4.service
|
||||
systemctl restart named.service
|
||||
@ -0,0 +1,20 @@
|
||||
#!/bin/bash
|
||||
#Routingtabelle ffmyk ist per default nicht erreichbar
|
||||
ip route add unreachable default table ffmyk
|
||||
|
||||
#Alles, was mit 0x1 markiert wird gehört zu Tabelle ffmyk
|
||||
ip rule add from all fwmark 0x1 table ffmyk
|
||||
|
||||
#Alles mit Freifunk-IP - woher auch immer - gehlrt zu Tabelle ffmyk
|
||||
ip rule add from 10.222.0.0/16 table ffmyk
|
||||
|
||||
#Tabelle ffmyk routet das Ziel mit Freifunk-IPs über das Device bat0
|
||||
ip route replace 10.222.0.0/16 dev bat0 table ffmyk
|
||||
|
||||
ip route replace 0.0.0.0/1 via 10.222.100.1 dev bat0 metric 666 table ffmyk # fastd1
|
||||
ip route replace 128.0.0.0/1 via 10.222.100.1 dev bat0 metric 666 table ffmyk # fastd1
|
||||
ip route replace 0.0.0.0/1 via 10.222.112.1 dev bat0 metric 667 table ffmyk # fastd2
|
||||
ip route replace 128.0.0.0/1 via 10.222.112.1 dev bat0 metric 667 table ffmyk # fastd2
|
||||
ip route replace 0.0.0.0/1 via 10.222.120.1 dev bat0 metric 668 table ffmyk # fastd3
|
||||
ip route replace 128.0.0.0/1 via 10.222.120.1 dev bat0 metric 668 table ffmyk # fastd3
|
||||
|
||||
@ -0,0 +1 @@
|
||||
batman-adv
|
||||
@ -0,0 +1,26 @@
|
||||
---
|
||||
- name: load batman-adv kernel module at boot
|
||||
copy:
|
||||
src: modules-load.d_batman.conf
|
||||
dest: /etc/modules-load.d/batman.conf
|
||||
|
||||
- name: install batctl
|
||||
pacman:
|
||||
name: batctl
|
||||
state: present
|
||||
|
||||
- name: name ffmyk routing table
|
||||
lineinfile:
|
||||
path: /etc/iproute2/rt_tables
|
||||
line: 42 ffmyk
|
||||
|
||||
- name: copy ffmyk iproute config script
|
||||
copy:
|
||||
src: ffmyk-iproute.sh
|
||||
dest: /usr/local/bin/ffmyk-iproute.sh
|
||||
mode: 0744
|
||||
|
||||
- name: add netctl config
|
||||
template:
|
||||
src: netctl_bat0.j2
|
||||
dest: /etc/netctl/bat0
|
||||
@ -0,0 +1,7 @@
|
||||
Connection=ethernet
|
||||
Interface=bat0
|
||||
IP=static
|
||||
IP6=static
|
||||
Address6=({{ bat0_ipv6 }}/64)
|
||||
Address=({{ bat0_ipv4 }}/16)
|
||||
ExecUpPost=/usr/local/bin/ffmyk-iproute.sh
|
||||
Loading…
Reference in New Issue