rm ww net

host_vars/ff-adlerweb1

@@ -1,18 +0,0 @@
----
-ansible_host: 2001:41d0:a:1fa9::902:18
-sites: []
-wireguard_bb_name: 'adlerweb1'
-wireguard_bb_endpoint: '2001:41d0:a:1fa9::902:18'
-wireguard_bb_priv_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          38623237643365373038356265313762616565316334363265393030353638613230633636383035
-          6165326231363232303564386164376132646632613530370a333865363363333936643032643531
-          37333366646133623230383233376438636233636331323838613566356362653337643339636632
-          6536663338346231360a333430626363633337386631613530346337396534366665633634393332
-          65663437366239656466323466376530323836303137663330636537333638646438303963373131
-          3865316132313366333131303962616665393331393262636264
-wireguard_bb_pub_key: 'X1DvVnpRIdRVwuddttQxLpzY6gV116W8Fb57RKF8CE0='
-wireguard_bb_ipv4: '10.222.0.14'
-wireguard_bb_ipv6: 'fe80::ffbb:ffbb:14'
-wireguard_bb_port: 10114
-preferred_uplink: 'uplink1'

host_vars/ff-kraftimion1

@@ -1,56 +0,0 @@
----
-ansible_host: 2a01:4f8:161:122c:3:1:0:1
-sites:
-  - name: 'ww'
-    net4: '10.30.24.0/21'
-    net6: '2a03:2260:1016:0702::/64'
-    site_net6: 'fd62:44e1:da:700::/64'
-    fastd_secret: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          35633638303633366333326637356563303439626464376330326562323865386338393261376332
-          6639376331653264396135316263356466336461343663300a663635373939383335636161306430
-          30643437643837326566643961313864316134333630306662353239623236626130653462613562
-          3238326162326439620a353563333235386566623837346633663961633435643835653436326665
-          65643263643233306631623032333762373537346434633039353761643033653639376665373166
-          33643139656163346664396532303534323761373062336433646532363165633639633836356538
-          32616234353664333034613031343961326432376636313336353737383832386161323536356230
-          36323138306465396135
-    fastd_mesh_mac: '02:ff:57:57:00:20'
-    fastd_port1: 10022
-    bat_ipv6: '2a03:2260:1016:0702::1'
-    bat_ipv4: '10.30.24.1'
-    bat_ipv4_cidr: 21
-    dhcp_subnet: '10.30.24.0'
-    dhcp_netmask: '255.255.248.0'
-    dhcp_start: '10.30.24.50'
-    dhcp_end: '10.30.31.250'
-    vxlan_id: 1234
-    wireguard_mesh_number: 2
-    wireguard_mesh_priv_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          35303332366331333162333431366261313437653661386138306339656336353034373837343831
-          3330353364313833373838643131306230636562646661620a376138656631666636613264646435
-          62316633363264383333633862376561353332653964326636653037353735356538326530356632
-          6434663733366465340a666230643763633336303735333034663636373065626239616238303830
-          36383535333332653337393330663032396631306236633866376263303033373030313831306363
-          6332633533326431316338616233333263306662363837386263
-    wireguard_mesh_pub_key: '49N466A3ADnn56V84asWGAyrTGRHGv5YrkoXfZz58h8='
-    wireguard_mesh_port: 10023
-    wireguard_mesh_address: 'fdff:5757:bb::2'
-    wireguard_mesh_endpoint: '{{ ansible_host }}'
-    wireguard_mesh_mac: '02:ff:57:57:00:02'
-wireguard_bb_name: 'kraftimion1'
-wireguard_bb_endpoint: '{{ ansible_host }}'
-wireguard_bb_priv_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          38376538313338636336346565626462623438333361303138633537666132633561383234306630
-          6336633063316465396561663432373738313239376132660a343432376130386666313562643239
-          61616239386166383434386235333665303631323464336130353337643638383265663130633766
-          6430633238303137630a326331353065663938376430396664346164336462663135343038316564
-          63343730326436383863303630343062363433333062346230396238383264383431656264663035
-          6539353432383962373035653665343866653036643834646332
-wireguard_bb_pub_key: 'oo66xx1mrtJ4j2b6eDkZA7E7v0MzVX0H+9/kMUEaUCM='
-wireguard_bb_ipv4: '10.222.0.15'
-wireguard_bb_ipv6: 'fe80::ffbb:ffbb:15'
-wireguard_bb_port: 10115
-preferred_uplink: 'uplink1'

host_vars/ff-niyawe4

@@ -1,44 +1,6 @@
 ---
 ansible_host: 2a01:4f8:a0:9395:2::4
 sites:
-  - name: 'ww'
-    net4: '10.30.16.0/21'
-    net6: '2a03:2260:1016:0701::/64'
-    site_net6: 'fd62:44e1:da:700::/64'
-    fastd_secret: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          35336333666634353765346431663362666230613238636431396638326661363133353939393261
-          3238313738383331323662646135343934396334663232360a636632633430383962373033383639
-          39383862356137383231326263623061333638343835376431643566336239323965336234663831
-          6432333166363864310a306138343365616664323762373064653238356365636535303138353065
-          30313031363234363265613633323230393030653566623130323839363065343638636465303664
-          32396462663161313738666231333037326335336361636630346665386665356165366233306165
-          32636465653966313836336163616264393730636665353231383931633034386433666438356439
-          63613861373562663734
-    fastd_mesh_mac: '02:ff:57:57:00:10'
-    fastd_port1: 10022
-    bat_ipv6: '2a03:2260:1016:0701::1'
-    bat_ipv4: '10.30.16.1'
-    bat_ipv4_cidr: 21
-    dhcp_subnet: '10.30.16.0'
-    dhcp_netmask: '255.255.248.0'
-    dhcp_start: '10.30.16.50'
-    dhcp_end: '10.30.23.250'
-    vxlan_id: 1234
-    wireguard_mesh_number: 1
-    wireguard_mesh_priv_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          34316134643531343863663739326439636465643637376237343666653363393534653763353531
-          6462653366376565636632393462613332333638366439360a383938343235313332646335383138
-          65626539636330343166346430356338396464316361316365663162396664616436303065636233
-          3135313465363164620a333937396161363835636330303031346161653166623462663961653933
-          32663837656534656163353539363539333266633239636662663061626337393232326235313731
-          6636626434626435646462663762613138366336316465656532
-    wireguard_mesh_pub_key: 'Uv5i4M/lo/abi9b7gsNbc+PE+bEhpz3jQR8jFfQY7mU='
-    wireguard_mesh_port: 10023
-    wireguard_mesh_address: 'fdff:5757:bb::1'
-    wireguard_mesh_endpoint: '{{ ansible_host }}'
-    wireguard_mesh_mac: '02:ff:57:57:00:01'
   - name: 'sim'
     net4: '10.222.176.0/21'
     net6: '2a03:2260:1016:0401::/64'

inventory.ini

@@ -8,8 +8,6 @@ ff-niyawe1
 ff-niyawe2
 ff-niyawe3
 ff-niyawe4
-ff-adlerweb1
-ff-kraftimion1
 ff-loppermann1
 fastd-aw2
 fastd-ko2

roles/configure_iptables/templates/iptables.rules

@@ -38,7 +38,6 @@ COMMIT
 # SSH-Server
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 # iperf3
--A INPUT -p tcp -m tcp -s 10.30.0.0/18 --dport 5201 -j ACCEPT
 -A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT
 
 {% if 'fastd' in group_names %}
@@ -54,7 +53,6 @@ COMMIT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
 # fastd / wg
--A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10010:10023 -j DROP
 -A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP
 -A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
 # wireguard_mesh
@@ -86,8 +84,6 @@ COMMIT
 -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
 -A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 -A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
--A FORWARD -d 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
--A FORWARD -s 10.30.0.0/18 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 
 COMMIT
 *nat

roles/configure_static_routes/files/ffmyk-iproute.sh

@@ -4,7 +4,6 @@ ip -4 rule add from all fwmark 0x1 table ffmyk priority 10
 ip -6 rule add from all fwmark 0x1 table ffmyk priority 10
 
 #Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk
-ip -4 rule add to 10.30.0.0/18 table ffmyk priority 10
 ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10
 ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10
 ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10

roles/install_babeld/templates/babeld.conf.j2

@@ -38,7 +38,6 @@ reflect-kernel-metric true
 
 # Filtering rules.
 {% if 'uplink' in group_names %}
-in ip 10.30.0.0/18 allow
 in ip 10.222.0.0/16 allow
 in ip 2a03:2260:1016::/48 allow
 in ip 2003:46:e028::/48 allow # finzelberg
@@ -56,7 +55,6 @@ redistribute if {{ peer.name }} metric 128
 {% endif %}
 # Only redistribute addresses from a given prefix, to avoid redistributing
 # all local addresses
-redistribute ip 10.30.0.0/18 allow
 redistribute ip 10.222.0.0/16 allow
 redistribute ip 2a03:2260:1016::/48 allow
 redistribute ip 64:ff9b::/96 allow

roles/install_bind/templates/named.conf.j2

@@ -21,7 +21,7 @@ options {
 {% endfor %}
     };
 
-    allow-recursion { 127.0.0.1; 10.222.0.0/16; 10.30.0.0/18; 2001:470:cd45:ff00::/56; 2a03:2260:1016::/48; fe80::/64; };
+    allow-recursion { 127.0.0.1; 10.222.0.0/16; 2001:470:cd45:ff00::/56; 2a03:2260:1016::/48; fe80::/64; };
     allow-transfer { none; };
 
     version none;

roles/install_monitoring/tasks/install_munin.yml

@@ -149,7 +149,7 @@
       state: link
   notify: restart munin-node
   with_nested:
-      - [ 'bat', 'vpn', 'wg' ]
+      - [ 'bat', 'vpn', 'wg', 'vx' ]
       - "{{ sites }}"
   when: "'fastd' in group_names"