fastd working

netsplit
Niklas Yann Wettengel 8 years ago
parent 90a8a597ea
commit d82f852497

@ -1,12 +1,19 @@
---
ansible_host: 123.123.123.123
fastd_peer_limit: 200
fastd_secret: <fastd secret key>
fastd_mesh_mac: '<mesh mac>
bat0_ipv6: '<ipv6>'
bat0_ipv4: <ipv4>
dhcp_start: <ipv4>
dhcp_end: <ipv4>
sites:
- name: '<site kürzel>'
net4: '<ipv4 netz>'
net6: '<ipv6 netz>'
fastd_secret: <fastd secret key>
fastd_mesh_mac: '<mesh mac>
fastd_port1: <erster port>
fastd_port2: <zweiter port>
bat_ipv6: '<ipv6>'
bat_ipv4: <ipv4>
dhcp_subnet: '<ipv4 netz ohne netzmaske>'
dhcp_netmask: '<netzmaske>'
dhcp_start: <ipv4>
dhcp_end: <ipv4>
mullvad_country: nl
mullvad_crt: |
-----BEGIN CERTIFICATE-----
@ -16,56 +23,56 @@ mullvad_key: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
influx_user: <user>
influx_password: <password>
munin_node_plugins:
- name: cpu
- name: df
- name: df_inode
- name: dhcp-pool
- name: diskstats
- name: entropy
- name: fastd_peers
plugin: fastd_
- name: fastd_traffic
plugin: fastd_
- name: forks
- name: fw_conntrack
- name: fw_forwarded_local
- name: fw_packets
- name: if_bat0
plugin: if_
- name: if_err_bat0
plugin: if_err_
- name: if_ens3
plugin: if_
- name: if_err_ens3
plugin: if_err_
- name: if_ffmyk-mesh-vpn
plugin: if_
- name: if_err_ffmyk-mesh-vpn
plugin: if_err_
- name: if_mullvad
plugin: if_
- name: if_err_mullvad
plugin: if_err_
- name: interrupts
- name: irqstats
- name: load
- name: memory
- name: netstat
- name: nginx_request
- name: nginx_status
- name: ntp_kernel_err
- name: ntp_kernel_pll_freq
- name: ntp_kernel_pll_off
- name: ntp_offset
- name: open_files
- name: open_inodes
- name: proc_pri
- name: processes
- name: swap
- name: threads
- name: uptime
- name: users
- name: vmstat
#influx_user: <user>
#influx_password: <password>
#munin_node_plugins:
# - name: cpu
# - name: df
# - name: df_inode
# - name: dhcp-pool
# - name: diskstats
# - name: entropy
# - name: fastd_peers
# plugin: fastd_
# - name: fastd_traffic
# plugin: fastd_
# - name: forks
# - name: fw_conntrack
# - name: fw_forwarded_local
# - name: fw_packets
# - name: if_bat0
# plugin: if_
# - name: if_err_bat0
# plugin: if_err_
# - name: if_ens3
# plugin: if_
# - name: if_err_ens3
# plugin: if_err_
# - name: if_ffmyk-mesh-vpn
# plugin: if_
# - name: if_err_ffmyk-mesh-vpn
# plugin: if_err_
# - name: if_mullvad
# plugin: if_
# - name: if_err_mullvad
# plugin: if_err_
# - name: interrupts
# - name: irqstats
# - name: load
# - name: memory
# - name: netstat
# - name: nginx_request
# - name: nginx_status
# - name: ntp_kernel_err
# - name: ntp_kernel_pll_freq
# - name: ntp_kernel_pll_off
# - name: ntp_offset
# - name: open_files
# - name: open_inodes
# - name: proc_pri
# - name: processes
# - name: swap
# - name: threads
# - name: uptime
# - name: users
# - name: vmstat

@ -1,9 +1,7 @@
# Generated by ip6tables-save v1.4.21 on Mon Feb 22 00:25:52 2016
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:LOGGING - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
@ -13,20 +11,20 @@
# dns
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
# http
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
# munin
-A INPUT -p tcp -m tcp --dport 4949 -j ACCEPT
# fastd
-A INPUT -p udp -m udp --dport 10000 -j ACCEPT
-A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT
# MOSH
-A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT
# LOG
-A INPUT -j LOGGING
-A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IP6Tables-Dropped: " --log-level 4
-A LOGGING -j DROP
-A FORWARD -i bat0 -p udp --dport 10000 -j REJECT
-A INPUT -m limit --limit 2/min -j LOG --log-prefix "IP6Tables-Dropped input: " --log-level 4
-A FORWARD -i bataw -p udp --dport 10010:10021 -j REJECT
-A FORWARD -i batcoc -p udp --dport 10010:10021 -j REJECT
-A FORWARD -i batems -p udp --dport 10010:10021 -j REJECT
-A FORWARD -i batko -p udp --dport 10010:10021 -j REJECT
-A FORWARD -i batmy -p udp --dport 10010:10021 -j REJECT
-A FORWARD -i batsim -p udp --dport 10010:10021 -j REJECT
-A FORWARD -m limit --limit 2/min -j LOG --log-prefix "IP6Tables-Dropped forward: " --log-level 4
COMMIT
# Completed on Mon Feb 22 00:25:52 2016

@ -1,22 +1,24 @@
# Generated by iptables-save v1.4.21 on Tue Sep 8 21:44:08 2015
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i bat0 -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -i bataw -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -i batcoc -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -i batems -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -i batko -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -i batmy -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -i batsim -j MARK --set-xmark 0x1/0xffffffff
COMMIT
# Completed on Tue Sep 8 21:44:08 2015
# Generated by iptables-save v1.4.21 on Tue Sep 8 21:44:08 2015
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:LOGGING - [0:0]
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
# SSH-Server
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# dns
@ -24,33 +26,25 @@ COMMIT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
#dhcp
-I INPUT -i bat0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
# http
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
# munin
-A INPUT -p tcp -m tcp --dport 4949 -j ACCEPT
# iperf
-A INPUT -i bat0 -p tcp -m tcp --dport 5001 -j ACCEPT
# fastd
-A INPUT -p udp -m udp --dport 10000 -j ACCEPT
-A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT
# MOSH
-A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT
# LOG
-A INPUT -j LOGGING
-A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
-A LOGGING -j DROP
-A FORWARD -i bat0 -p udp --dport 10000 -j REJECT
-A INPUT -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped input: " --log-level 4
-A FORWARD -i bataw -p udp --dport 10010:10021 -j REJECT
-A FORWARD -i batcoc -p udp --dport 10010:10021 -j REJECT
-A FORWARD -i batems -p udp --dport 10010:10021 -j REJECT
-A FORWARD -i batko -p udp --dport 10010:10021 -j REJECT
-A FORWARD -i batmy -p udp --dport 10010:10021 -j REJECT
-A FORWARD -i batsim -p udp --dport 10010:10021 -j REJECT
-A FORWARD -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped forward: " --log-level 4
COMMIT
# Completed on Tue Sep 8 21:44:08 2015
# Generated by iptables-save v1.4.21 on Tue Sep 8 21:44:08 2015
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o mullvad -j MASQUERADE
COMMIT
# Completed on Tue Sep 8 21:44:08 2015

@ -0,0 +1,14 @@
[Unit]
Description=sets up ip rules and static routes
ConditionPathExists=/usr/local/bin/ffmyk-iproute.sh
[Service]
Type=forking
ExecStart=/usr/local/bin/ffmyk-iproute.sh
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target

@ -0,0 +1,12 @@
#!/bin/bash
#Routingtabelle ffmyk ist per default nicht erreichbar
ip -4 route add unreachable default table ffmyk
ip -6 route add unreachable default table ffmyk
#Alles, was mit 0x1 markiert wird gehört zu Tabelle ffmyk
ip -4 rule add from all fwmark 0x1 table ffmyk
ip -6 rule add from all fwmark 0x1 table ffmyk
#Alles mit Freifunk-IP - woher auch immer - gehlrt zu Tabelle ffmyk
ip -4 rule add from 10.222.0.0/16 table ffmyk
ip -6 rule add from 2001:470:cd45:FF00::/56 table ffmyk

@ -0,0 +1,38 @@
---
- name: name ffmyk routing table
lineinfile:
path: /etc/iproute2/rt_tables
line: 42 ffmyk
- name: copy ffmyk iproute config script
copy:
src: ffmyk-iproute.sh
dest: /usr/local/bin/ffmyk-iproute.sh
mode: 0744
- name: copy site specific iproute up config script
template:
src: ffmyk-iproute-up.j2
dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh
mode: 0744
with_items: "{{ sites }}"
- name: copy site specific iproute down config script
template:
src: ffmyk-iproute-down.j2
dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh
mode: 0744
with_items: "{{ sites }}"
- name: copy ffmyk iproute systemd service
copy:
src: ffmyk-iproute.service
dest: /etc/systemd/system/ffmyk-iproute.service
mode: 0444
- name: start and enable ffmyk iproute service
systemd:
name: ffmyk-iproute.service
daemon_reload: yes
enabled: yes
state: started

@ -0,0 +1,11 @@
#!/bin/bash
ip -4 route del {{item.net4 }} dev bat{{ item.name }} proto static table ffmyk
ip -6 route del {{item.net6 }} dev bat{{ item.name }} proto static table ffmyk
ip -4 rule del iif bat{{ item.name }} table ffmyk
ip -6 rule del iif bat{{ item.name }} table ffmyk
ip -4 rule del from {{ item.net4 }} table ffmyk
ip -6 rule del from {{ item.net6 }} table ffmyk
ip -4 rule del to {{ item.net4 }} table ffmyk
ip -6 rule del to {{ item.net6 }} table ffmyk

@ -0,0 +1,11 @@
#!/bin/bash
ip -4 rule add iif bat{{ item.name }} table ffmyk
ip -6 rule add iif bat{{ item.name }} table ffmyk
ip -4 rule add from {{ item.net4 }} table ffmyk
ip -6 rule add from {{ item.net6 }} table ffmyk
ip -4 rule add to {{ item.net4 }} table ffmyk
ip -6 rule add to {{ item.net6 }} table ffmyk
ip -4 route replace {{item.net4 }} dev bat{{ item.name }} proto static table ffmyk
ip -6 route replace {{item.net6 }} dev bat{{ item.name }} proto static table ffmyk

@ -1,4 +1,7 @@
net.ipv4.ip_forward=1
# Sonst landen ICMP-Fehlerpakete auf eth0 - mit source-IP 10.222.x.y...
# https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
net.ipv4.icmp_errors_use_inbound_ifaddr = 1
net.ipv6.conf.all.forwarding=1

@ -10,18 +10,22 @@ options {
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { {{ bat0_ipv6 }}; };
listen-on port 53 { 127.0.0.1; {{ bat0_ipv4 }}; };
allow-recursion { 127.0.0.1; 10.222.0.0/16; 2a01:198:70a:ff::/64; };
listen-on-v6 {
{% for site in sites %}
{{ site.bat_ipv6 }};
{% endfor %}
};
listen-on port 53 {
127.0.0.1;
{% for site in sites %}
{{ site.bat_ipv4 }};
{% endfor %}
};
allow-recursion { 127.0.0.1; 10.222.0.0/16; 2001:470:cd45:ff00::/56; };
allow-transfer { none; };
allow-update { none; };
//forwarders {
// 85.214.20.141;
// 213.73.91.35;
//};
version none;
hostname none;
server-id none;
@ -57,22 +61,9 @@ zone "." IN {
file "root.hint";
};
zone "ffmyk" IN {
type slave;
file "bak/ffmyk.zone";
allow-query { any; };
masters { 10.222.100.1; };
};
//logging {
// channel xfer-log {
// file "/var/log/named.log";
// print-category yes;
// print-severity yes;
// severity info;
// };
// category xfer-in { xfer-log; };
// category xfer-out { xfer-log; };
// category notify { xfer-log; };
//zone "ffmyk" IN {
// type slave;
// file "bak/ffmyk.zone";
// allow-query { any; };
// masters { 10.222.100.1; };
//};

@ -4,24 +4,25 @@
name: dhcp
state: present
- name: create dhcp file for static ips
copy:
content: ''
dest: /etc/dhcpd.hosts.conf
force: no
- name: copy fastd-services-api.php
copy:
src: fastd-services-api.php
dest: /etc/fastd-services-api.php
- name: setup cronjob for fastd-services-api
cron:
name: fastd-services-api
minute: '*/10'
user: root
cron_file: fastd-api
job: '/usr/bin/php /etc/fastd-services-api.php'
#- name: create dhcp file for static ips
# copy:
# content: ''
# dest: /etc/dhcpd.hosts{{ item.name }}.conf
# force: no
# with_items: "{{ sites }}"
#
#- name: copy fastd-services-api.php
# copy:
# src: fastd-services-api.php
# dest: /etc/fastd-services-api.php
#
#- name: setup cronjob for fastd-services-api
# cron:
# name: fastd-services-api
# minute: '*/10'
# user: root
# cron_file: fastd-api
# job: '/usr/bin/php /etc/fastd-services-api.php'
- name: dhcpd.conf
template:

@ -5,14 +5,16 @@ authoritative;
log-facility local7;
subnet 10.222.0.0 netmask 255.255.0.0 {
range {{ dhcp_start }} {{ dhcp_end }};
{% for site in sites %}
subnet {{ site.dhcp_subnet }} netmask {{ site.dhcp_netmask }} {
range {{ site.dhcp_start }} {{ site.dhcp_end }};
option routers {{ bat0_ipv4 }};
option domain-name-servers {{ bat0_ipv4 }};
option routers {{ site.bat_ipv4 }};
option domain-name-servers {{ site.bat_ipv4 }};
}
{% endfor %}
subnet {{ ansible_default_ipv4['address'] }} netmask 255.255.255.255 {
}
include "/etc/dhcpd.hosts.conf";
#include "/etc/dhcpd.hosts.conf";

@ -4,7 +4,32 @@
name: fastd@ffmyk.service
state: reloaded
- name: restart fastd
- name: restart fastdaw
systemd:
name: fastd@ffmyk.service
name: fastd@ffaw.service
state: restarted
- name: restart fastdcoc
systemd:
name: fastd@ffcoc.service
state: restarted
- name: restart fastdems
systemd:
name: fastd@ffems.service
state: restarted
- name: restart fastdko
systemd:
name: fastd@ffko.service
state: restarted
- name: restart fastdmy
systemd:
name: fastd@ffmy.service
state: restarted
- name: restart fastdsim
systemd:
name: fastd@ffsim.service
state: restarted

@ -6,77 +6,58 @@
name: fastd
tool: yaourt
- name: create ffmyk folder
- name: create site folder
file:
path: /etc/fastd/ffmyk
path: /etc/fastd/ff{{ item.name }}
state: directory
with_items: "{{ sites }}"
- name: fastd.conf
template:
src: fastd.conf.j2
dest: /etc/fastd/ffmyk/fastd.conf
dest: /etc/fastd/ff{{ item.name }}/fastd.conf
mode: 0640
notify: restart fastd
- name: create backbone folder
file:
path: /etc/fastd/ffmyk/backbone
state: directory
- name: add backbone peers
copy:
src: '{{ item }}'
dest: /etc/fastd/ffmyk/backbone/{{ item }}
with_items:
- fastd1
- fastd2
- fastd3
- fastd4
- fastd5
- fastd6
- fastd7
- fastd8
- fastd9
- fastd10
- fastd11
- fastd12
- fastd13
- fastd14
- fastd15
notify: reload fastd
notify: restart fastd{{ item.name }}
with_items: "{{ sites }}"
- name: add fastd bin folder
file:
path: /etc/fastd/ffmyk/bin
path: /etc/fastd/ff{{ item.name }}/bin
state: directory
with_items: "{{ sites }}"
- name: add fastd up script
template:
src: fastd_up.sh.j2
dest: /etc/fastd/ffmyk/bin/up.sh
dest: /etc/fastd/ff{{ item.name }}/bin/up.sh
mode: 0744
notify: restart fastd
notify: restart fastd{{ item.name }}
with_items: "{{ sites }}"
- name: add fastd peers folder
file:
path: /etc/fastd/ffmyk/peers
path: /etc/fastd/ff{{ item.name }}/peers
state: directory
with_items: "{{ sites }}"
- name: add fastd peer api script
copy:
src: fastd-api.php
dest: /etc/fastd/ffmyk/bin/fastd-api.php
template:
src: fastd-api.php.j2
dest: /etc/fastd/ff{{ item.name }}/bin/fastd-api.php
with_items: "{{ sites }}"
- name: setup cronjob for fastd-api
cron:
name: fastd-api
name: fastd-api-{{ item.name }}
minute: '*/10'
user: root
cron_file: fastd-api
job: '/usr/bin/php /etc/fastd/ffmyk/bin/fastd-api.php'
job: '/usr/bin/php /etc/fastd/ff{{ item.name }}/bin/fastd-api.php'
with_items: "{{ sites }}"
- name: start and enable fastd service
systemd:
name: fastd@ffmyk.service
name: fastd@ff{{ item.name }}.service
enabled: yes
state: started
with_items: "{{ sites }}"

@ -2,7 +2,7 @@
<?php
//$url = 'http://register.freifunk-myk.de/srvapi.php';
$url = 'https://www.freifunk-myk.de/node/keys';
$out = '/etc/fastd/ffmyk/peers/';
$out = '/etc/fastd/ff{{ item.name }}/peers/';
if(!is_dir($out)) die('Output Dir missing');
if(!is_writable($out)) die('Output Dir perms');

@ -1,18 +1,16 @@
log to syslog level info;
interface "ffmyk-mesh-vpn";
interface "vpn{{ item.name }}";
method "salsa2012+gmac";
method "salsa2012+umac";
secure handshakes yes;
bind any:10000;
bind any:{{ item.fastd_port1 }};
hide ip addresses yes;
hide mac addresses yes;
mtu 1280;
peer group "clients" {
include peers from "peers";
peer limit {{ fastd_peer_limit }};
}
include peers from "backbone";
secret "{{ fastd_secret }}";
on up "/etc/fastd/ffmyk/bin/up.sh $INTERFACE";
status socket "/run/ffmyk.socket";
secret "{{ item.fastd_secret }}";
on up "/etc/fastd/ff{{ item.name }}/bin/up.sh $INTERFACE";
status socket "/run/ff{{ item.name }}1.socket";

@ -1,11 +1,11 @@
#!/bin/bash
ip link set address {{ fastd_mesh_mac }} dev $1
ip link set address {{ item.fastd_mesh_mac }} dev $1
ip link set up dev $1
batctl -m bat0 if add $1
batctl -m bat0 gw server 1000000/1000000
batctl -m bat0 it 10000
batctl -m bat0 mm 1
echo 128 > /sys/class/net/bat0/mesh/hop_penalty
netctl start bat0
batctl -m bat{{ item.name }} if add $1
batctl -m bat{{ item.name }} gw server 1000000/1000000
batctl -m bat{{ item.name }} it 10000
batctl -m bat{{ item.name }} mm 1
echo 64 > /sys/class/net/bat0/mesh/hop_penalty
netctl start bat{{ item.name }}
systemctl restart dhcpd4.service
systemctl restart named.service

@ -0,0 +1,5 @@
---
- name: restart radvd
systemd:
name: radvd.service
state: restarted

@ -0,0 +1,17 @@
---
- name: install radvd
pacman:
name: radvd
state: present
- name: radvd config
template:
src: radvd.conf.j2
dest: /etc/radvd.conf
notify: restart radvd
- name: start and enable radvd
systemd:
name: radvd.service
enabled: yes
state: started

@ -0,0 +1,26 @@
{% for site in sites %}
interface bat{{ site.name }}
{
AdvSendAdvert on;
IgnoreIfMissing on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 900;
AdvDefaultPreference low;
AdvHomeAgentFlag off;
prefix {{ site.net6 }}
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
RDNSS {{ site.bat_ipv6 }}
{
AdvRDNSSLifetime 30;
};
};
{% endfor %}

@ -1,20 +0,0 @@
#!/bin/bash
#Routingtabelle ffmyk ist per default nicht erreichbar
ip route add unreachable default table ffmyk
#Alles, was mit 0x1 markiert wird gehört zu Tabelle ffmyk
ip rule add from all fwmark 0x1 table ffmyk
#Alles mit Freifunk-IP - woher auch immer - gehlrt zu Tabelle ffmyk
ip rule add from 10.222.0.0/16 table ffmyk
#Tabelle ffmyk routet das Ziel mit Freifunk-IPs über das Device bat0
ip route replace 10.222.0.0/16 dev bat0 table ffmyk
ip route replace 0.0.0.0/1 via 10.222.100.1 dev bat0 metric 666 table ffmyk # fastd1
ip route replace 128.0.0.0/1 via 10.222.100.1 dev bat0 metric 666 table ffmyk # fastd1
ip route replace 0.0.0.0/1 via 10.222.112.1 dev bat0 metric 667 table ffmyk # fastd2
ip route replace 128.0.0.0/1 via 10.222.112.1 dev bat0 metric 667 table ffmyk # fastd2
ip route replace 0.0.0.0/1 via 10.222.120.1 dev bat0 metric 668 table ffmyk # fastd3
ip route replace 128.0.0.0/1 via 10.222.120.1 dev bat0 metric 668 table ffmyk # fastd3

@ -14,18 +14,8 @@
name: batctl
state: present
- name: name ffmyk routing table
lineinfile:
path: /etc/iproute2/rt_tables
line: 42 ffmyk
- name: copy ffmyk iproute config script
copy:
src: ffmyk-iproute.sh
dest: /usr/local/bin/ffmyk-iproute.sh
mode: 0744
- name: add netctl config
- name: add batman netctl config for sites
template:
src: netctl_bat0.j2
dest: /etc/netctl/bat0
src: netctl_bat.j2
dest: "/etc/netctl/bat{{ item.name }}"
with_items: "{{ sites }}"

@ -0,0 +1,8 @@
Connection=ethernet
Interface=bat{{ item.name }}
IP=static
IP6=static
Address6=({{ item.bat_ipv6 }}/64)
Address=({{ item.bat_ipv4 }}/20)
ExecUpPost=/usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh
ExecDownPre=/usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh

@ -1,7 +0,0 @@
Connection=ethernet
Interface=bat0
IP=static
IP6=static
Address6=({{ bat0_ipv6 }}/64)
Address=({{ bat0_ipv4 }}/16)
ExecUpPost=/usr/local/bin/ffmyk-iproute.sh

@ -7,16 +7,18 @@
- configure_journald
- configure_sysctl
- configure_iptables
- install_ssmtp
- configure_static_routes
#- install_ssmtp
- install_cronie
- install_php
- install_nginx
#- install_nginx
- install_ntp
- install_haveged
- setup_batman
- install_dhcp
- install_radvd
- install_bind
- install_fastd
- install_openvpn
- install_monitoring
#- install_openvpn
#- install_monitoring
- install_admin_packages

Loading…
Cancel
Save