install vnstat

6 years ago · a85999dbac
parent aa0593233e
commit a85999dbac
7 changed files with 33 additions and 65 deletions
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@ -36,6 +36,8 @@ COMMIT
 # dns
 -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
 -A INPUT -p udp -m udp --dport 53 -j ACCEPT
+# nginx
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@ -40,6 +40,8 @@ COMMIT
 {% for site in sites %}
 -I INPUT -i bat{{ site.name }} -p udp --dport 67:68 --sport 67:68 -j ACCEPT
 {% endfor %}
+# nginx
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd
--- a/roles/install_monitoring/files/check_internet.sh
+++ b/roles/install_monitoring/files/check_internet.sh
@ -1,37 +0,0 @@
-#!/bin/bash
-
-INTERFACE=mullvad
-FAILED_FILE=/tmp/mullvad.failed
-fail=false
-
-if [ ! -e /sys/class/net/$INTERFACE ]; then
-	echo "$INTERFACE interface does not exist"
-	fail=true
-else
-	start_bytes=$(cat /sys/class/net/$INTERFACE/statistics/rx_bytes)
-	sleep 30
-	end_bytes=$(cat /sys/class/net/$INTERFACE/statistics/rx_bytes)
-
-	if [ $(($end_bytes-$start_bytes)) -lt 1000 ]; then
-		#echo "no traffic via $INTERFACE"
-		fail=true
-	fi
-fi
-
-if $fail; then
-	systemctl is-active openvpn-client@mullvad.service > /dev/null
-	if [ $? -ne 0 ]; then
-		systemctl status openvpn-client@mullvad.service
-		if [ -e $FAILED_FILE ]; then
-			echo restart openvpn-client@mullvad.service
-			systemctl restart openvpn-client@mullvad.service
-		else
-			touch $FAILED_FILE
-		fi
-	fi
-else
-	if [ -e $FAILED_FILE ]; then
-		rm $FAILED_FILE
-	fi
-fi
-
--- a/roles/install_monitoring/tasks/install_vnstat.yml
+++ b/roles/install_monitoring/tasks/install_vnstat.yml
@ -10,15 +10,28 @@
      enabled: yes
      state: started

- name: add interfaces to vnstat
-  command: /usr/bin/vnstat -u -i {{ item }}
+- name: add interfaces to vnstat for batman interfaces
+  command: /usr/bin/vnstat -u -i bat{{ item.name }}
  args:
-      creates: '/var/lib/vnstat/{{ item }}'
+      creates: '/var/lib/vnstat/bat{{ item.name }}'
+  with_items: "{{ sites }}"
+
+- name: add interfaces to vnstat for uplink interfaces
+  command: /usr/bin/vnstat -u -i bb{{ hostvars[item]['wireguard_bb_name'] }}
+  args:
+      creates: "/var/lib/vnstat/bb{{ hostvars[item]['wireguard_bb_name'] }}"
  with_items:
-      - bat0
-      - ens3
-      - ffmyk-mesh-vpn
-      - mullvad
+      - "{{ groups['uplink'] }}"
+
+- name: add interfaces to vnstat for outgoing v4 interface
+  command: /usr/bin/vnstat -u -i {{ ansible_default_ipv4.interface }}
+  args:
+      creates: '/var/lib/vnstat/{{ ansible_default_ipv4.interface }}'
+
+- name: add interfaces to vnstat for outgoing v6 interface
+  command: /usr/bin/vnstat -u -i {{ ansible_default_ipv6.interface }}
+  args:
+      creates: '/var/lib/vnstat/{{ ansible_default_ipv6.interface }}'

 - name: add output folder for vnstat graphs
  file:
@ -41,7 +54,7 @@
      name: vnstat
      minute: '*/5'
      user: root
-      cron_file: fastd-api
+      cron_file: vnstat
      job: '/usr/local/bin/vnstat.sh'

 - name: add vnstat nginx config
--- a/roles/install_monitoring/tasks/main.yml
+++ b/roles/install_monitoring/tasks/main.yml
@ -1,22 +1,9 @@
 ---
 - name: install vnstat
-  include: install_vnstat.yml
+  import_tasks: install_vnstat.yml

- name: add bash script to check internet
-  copy:
-      src: check_internet.sh
-      dest: /usr/local/bin/check_internet.sh
-      mode: 0744
+#- name: install ffmyk-influx
+#  include: install_ffmyk-influx.yml

- name: add cronjob to check internet
-  cron:
-      name: check_internet
-      user: root
-      cron_file: fastd-api
-      job: '/usr/local/bin/check_internet.sh'
-
- name: install ffmyk-influx
-  include: install_ffmyk-influx.yml
-
- name: install munin
-  include: install_munin.yml
+#- name: install munin
+#  include: install_munin.yml
--- a/roles/install_wireguard_backbone/templates/wg2.conf.j2
+++ b/roles/install_wireguard_backbone/templates/wg2.conf.j2
@ -5,5 +5,6 @@ PrivateKey = {{ wireguard_bb_priv_key }}
 [Peer]
 PublicKey = {{ item.pub_key }}
 AllowedIPs = 0.0.0.0/0,::/0
-{% if item.endpoint is defined %}Endpoint = [{{ item.endpoint }}]:{{ wireguard_bb_port }}{% endif %}
 PersistentKeepalive = 30
+{% if item.endpoint is defined %}Endpoint = [{{ item.endpoint }}]:{{ wireguard_bb_port }}{% endif %}
+
--- a/setup_fastd.yml
+++ b/setup_fastd.yml
@ -22,7 +22,7 @@
      - install_wireguard_backbone
      - install_babeld
      - install_fastd
-      #- install_monitoring
+      - install_monitoring
      - update_ssh_keys
      - install_admin_packages
 - name: basic uplink config