12 changed files with 329 additions and 2 deletions
--- a/host_vars/ff-loppermann1
+++ b/host_vars/ff-loppermann1
@ -5,6 +5,18 @@ sites:
    net4: '10.222.80.0/21'
    net6: '2a03:2260:1016:0201::/64'
    site_net6: 'fd62:44e1:da:0200::/64'
    fastd_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          66613864623830333561306634656664623831613235336463353433393835623633313531636164
          3132343936323530316438366530343336393366343735390a643862663163366661383963366461
          63356536333162306635653863386430306463323963633066626336663837633762356632393163
          3661353338313935330a303338343231393965333534633438396261633431613734646265373830
          30623665633364343639646539616262666663333830396363336436343938613266333963363432
          65303930366339626331356230316236396138653735666431633437313436303862363437313738
          38626439626562386264623534646238666436656362633432666137666334643366303733396132
          35396461636664396633
    fastd_mesh_mac: '02:ff:41:57:00:10'
    fastd_port1: 10014
    bat_ipv6: '2a03:2260:1016:0201::1'
    bat_ipv4: '10.222.80.1'
    bat_ipv4_cidr: 21
@ -31,6 +43,18 @@ sites:
    net4: '10.222.48.0/21'
    net6: '2a03:2260:1016:0101::/64'
    site_net6: 'fd62:44e1:da:0100::/64'
    fastd_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          36343336633735316533356365663562633136316164346335613665343736643538613033323837
          3163666137323238323535623663393466343061393432640a363838366533663135366665343137
          64393938336636336230306333376365646631393432333934326631366666363266633631366636
          3232396339613063360a356636623235333161633630363361653064626232386132393065363961
          64653535613861636633303164353964393461376432646539656332373461626139333166343163
          65376133646361616539303338373164623933633061663635353338643036396332656332643738
          61626236323463623362613335653436643631356362343866333035623662336262323166616163
          61303232626638303231
    fastd_mesh_mac: '02:ff:43:4f:43:10'
    fastd_port1: 10012
    bat_ipv6: '2a03:2260:1016:0101::1'
    bat_ipv4: '10.222.48.1'
    bat_ipv4_cidr: 21
@ -57,6 +81,18 @@ sites:
    net4: '10.222.184.0/21'
    net6: '2a03:2260:1016:0402::/64'
    site_net6: 'fd62:44e1:da:0400::/64'
    fastd_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          39303135363836313137613238633137646235366637393463346132366361363465303531653565
          3439336633396532303563613536333264373863663933650a653566626462346133363433333337
          64333138353862613937653065613136323238666336363635643062643538363265323335643766
          6465393863393630640a643531376464336334346530393764376139623033336139616138653534
          64616531313665336365323331616263613336313938316663383437353532316631636138663661
          37666538656533346365393435316630323065316336303138373962393038653831623339656634
          37343837373965393866653965366335636563303931333465656539316563646162626261633535
          34303934616666633764
    fastd_mesh_mac: '02:ff:53:49:4d:20'
    fastd_port1: 10018
    bat_ipv6: '2a03:2260:1016:0402::1'
    bat_ipv4: '10.222.184.1'
    bat_ipv4_cidr: 21
--- a/host_vars/ff-niyawe2
+++ b/host_vars/ff-niyawe2
@ -6,6 +6,18 @@ sites:
    net4: '10.222.88.0/21'
    net6: '2a03:2260:1016:0202::/64'
    site_net6: 'fd62:44e1:da:0200::/64'
    fastd_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          64316166303564616561623661653739386434373564646630396361366262303737346632656136
          3164613138393838616235343936633162333032323563320a666235383763383766373761623533
          36313135643830623363353966653138346364646639386339393664366565323265366630333362
          6264633837626133300a373133353532656331623038346637643834613563383435366534393865
          31343432663535653364643564306533383333303939656232336232306136663839376662656332
          63396465303038396531653239323264346233313563636261613231343763306130316530386262
          31316432383834323237386138336434663365643732643732323439313564303337636466393334
          63613666333161366366
    fastd_mesh_mac: '02:ff:41:57:00:20'
    fastd_port1: 10014
    bat_ipv6: '2a03:2260:1016:0202::1'
    bat_ipv4: '10.222.88.1'
    bat_ipv4_cidr: 21
@ -32,6 +44,18 @@ sites:
    net4: '10.222.56.0/21'
    net6: '2a03:2260:1016:0102::/64'
    site_net6: 'fd62:44e1:da:0100::/64'
    fastd_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          64346365626531663039636230633430613338336164623065393964313538633839346537356533
          3363313832333561373134363136333663313864383466360a333533643462336533336433353030
          64306535326562343964373931306366613365356335386163303062363663383264353566656438
          3838323261303331380a613366306566623531323162373266663863393563323232626565346163
          64333835356662643561373062393831303366656138356464326232363235373734663038316336
          37313164306565643032373938353434393333653531623635663030613861306663373761336233
          65373565653939663832353565656262306633306461316461343735336431393033316433313164
          35346363653832386138
    fastd_mesh_mac: '02:ff:43:4f:43:20'
    fastd_port1: 10012
    bat_ipv6: '2a03:2260:1016:0102::1'
    bat_ipv4: '10.222.56.1'
    bat_ipv4_cidr: 21
@ -58,6 +82,18 @@ sites:
    net4: '10.222.176.0/21'
    net6: '2a03:2260:1016:0401::/64'
    site_net6: 'fd62:44e1:da:0400::/64'
    fastd_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          36623461376163303538353865656462643537646265393461656337383936363634653063363938
          3735616161636231633238323935313861346163636565620a353132303235636662366231393236
          30323734313065356132623736633231326537626462366264653138666533633461393830336634
          6530666637613164340a663133386134393235636362633833373531323132636138623163656638
          34363637623331666335353464366539623936306437356538393034376232346566323431636231
          32653236386632656633636438303130323065386635616462666631386361396233303965393332
          63333233656336313633303166333638663335363035653230316633303233376131396135373462
          34343163616561343163
    fastd_mesh_mac: '02:ff:53:49:4d:10'
    fastd_port1: 10018
    bat_ipv6: '2a03:2260:1016:0401::1'
    bat_ipv4: '10.222.176.1'
    bat_ipv4_cidr: 21
--- a/host_vars/ff-niyawe3
+++ b/host_vars/ff-niyawe3
@ -6,6 +6,18 @@ sites:
    net4: '10.222.200.0/21'
    net6: '2a03:2260:1016:0502::/64'
    site_net6: 'fd62:44e1:da:0500::/64'
    fastd_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          39643432623937346662666565393066356635346236313562376339373665653837376365326531
          3366643661613065303837353830666566356266613036650a383531336266363036366664323439
          64636330346166306464353564363266303836666134373739646566306337333666356231616364
          3635616561323332340a323665353031653566646562393430666261363834353036663938636634
          62363261663531383464646262306237353233346535623235643561633435623939646262313561
          30656531313664326663666661636465303239353331356633353238363433336561316264613037
          33636239303465623333316561653732653638633632343165383934313738303365633937373038
          33396464306363333965
    fastd_mesh_mac: '02:ff:45:4d:53:20'
    fastd_port1: 10020
    bat_ipv6: '2a03:2260:1016:0502::1'
    bat_ipv4: '10.222.200.1'
    bat_ipv4_cidr: 21
@ -32,6 +44,18 @@ sites:
    net4: '10.222.24.0/21'
    net6: '2a03:2260:1016:0002::/64'
    site_net6: 'fd62:44e1:da::/64'
    fastd_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          32616565386335373931326566326366306138386431303537386639373339306264613665613936
          3630343838353631633832393265653666656164623434330a636537666266663835303561393437
          61666665666162353665386434646439323730393839643464303237383034303066623731386638
          6461303434383162300a303332333031396233383637653737393933636164653833303333633466
          39336465616562613838646139303462306131326364356265366564356131343866313164356365
          61623137653661633062613334633231633438626234303064363063396437666431353839313764
          37313535646131393963353562353862363933373765316531656531353835653231643031383236
          39633866633130373430
    fastd_mesh_mac: '02:ff:4b:4f:00:20'
    fastd_port1: 10010
    bat_ipv6: '2a03:2260:1016:0002::1'
    bat_ipv4: '10.222.24.1'
    bat_ipv4_cidr: 21
@ -58,6 +82,18 @@ sites:
    net4: '10.222.72.0/21'
    net6: '2a03:2260:1016:0302::/64'
    site_net6: 'fd62:44e1:da:300::/64'
    fastd_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          36356665356465363064623732316337393137633133383133666330353238636432643232383534
          3136386561663630633461653132626531666336663962650a363164343264623664316465663264
          39336561346634623530636464646261313362383533363336383138663435346265626563646461
          3231313735313266610a373663363966303961363039346137353132353864326639343732613032
          33626665646364643036633662316234366666303364373434656137666233613030386562643662
          37663232306135643461376435653263333834366163663634646164326236643730356135386464
          31303439643035643732306162666261393735333334323433306633313635373363636364306663
          36396363306537636164
    fastd_mesh_mac: '02:ff:4d:59:00:20'
    fastd_port1: 10016
    bat_ipv6: '2a03:2260:1016:0302::1'
    bat_ipv4: '10.222.72.1'
    bat_ipv4_cidr: 21
--- a/host_vars/ff-uniko1
+++ b/host_vars/ff-uniko1
@ -5,6 +5,18 @@ sites:
    net4: '10.222.192.0/21'
    net6: '2a03:2260:1016:0501::/64'
    site_net6: 'fd62:44e1:da:0500::/64'
    fastd_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          64366430303532336538633661343838386537316364613866623134663866643634633436316565
          3764303032353633336662613430663961646535353262310a613238643666313033343438666235
          36316438366137333430663235303237666132306362616366356439306162633430326366663862
          6633353266376537640a623163646437396564666232316530616264346566633032393033616438
          31313538363462633865376234363262653861656234333661613139383538643963646436396464
          65613834396464613266383936326539623461646661666464623337343834326533303039623665
          37386130306432313766306638343561653232656238313734396562653661376131653036353264
          63646437393532356338
    fastd_mesh_mac: '02:ff:45:4d:53:10'
    fastd_port1: 10020
    bat_ipv6: '2a03:2260:1016:0501::1'
    bat_ipv4: '10.222.192.1'
    bat_ipv4_cidr: 21
@ -31,6 +43,18 @@ sites:
    net4: '10.222.16.0/21'
    net6: '2a03:2260:1016:0001::/64'
    site_net6: 'fd62:44e1:da::/64'
    fastd_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          62303765323237376233313337343961663435363430646565616238356261646133326562363235
          6639356166623437646664323236643161353837393330650a613565306362663932383436333635
          63663832616334643939623835373731323835326361373266653331346530393462616364343633
          3935316666653463370a653038313766383436303862306666356138353838386362363731663631
          35313830346562643434393266393039336264663939363433336435653833323038363432623431
          31636465666133633538633562323437333836376632343333306332356461663163396232626564
          63393432373965323037656437313762383037363534343937303462393736666534653835633433
          36656539623732333130
    fastd_mesh_mac: '02:ff:4b:4f:00:10'
    fastd_port1: 10010
    bat_ipv6: '2a03:2260:1016:0001::1'
    bat_ipv4: '10.222.16.1'
    bat_ipv4_cidr: 21
@ -57,6 +81,18 @@ sites:
    net4: '10.222.64.0/21'
    net6: '2a03:2260:1016:0301::/64'
    site_net6: 'fd62:44e1:da:300::/64'
    fastd_secret: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          38333436396361633136336561633864383663666439613335613534336339373366396231646333
          6264303364616131313966306438333135353564366134330a353438343861666337646633383534
          31366233346663316434316439346639666639653433323363366161313362376262646663396330
          6362356563616535640a633130623433316165313238346165376337326364306262643139376130
          39326531633631656665346239386133363833623263663162356161333562636437633333643338
          32623535323934306164653535633463626234623935653262633739383137326461623731623536
          30366431633431363164633833323466616637633135636538656332356434333564386165643736
          36303333346530376134
    fastd_mesh_mac: '02:ff:4d:59:00:10'
    fastd_port1: 10016
    bat_ipv6: '2a03:2260:1016:0301::1'
    bat_ipv4: '10.222.64.1'
    bat_ipv4_cidr: 21
--- a/roles/install_fastd/files/fastd_grep.sh
+++ b/roles/install_fastd/files/fastd_grep.sh
@ -0,0 +1,7 @@
 #!/bin/sh
 for file in /run/ff*.socket
 do
    echo $file
    nc -U $file | jq -r '.peers | keys[] as $k | "\(.[$k] | .connection.mac_addresses[]) \(.[$k] | .address) \($k)"' | grep $1
 done
--- a/roles/install_fastd/files/verify.sh
+++ b/roles/install_fastd/files/verify.sh
@ -0,0 +1,6 @@
 #!/bin/sh
 if grep -q $PEER_KEY /etc/fastd_blacklist; then
    echo $PEER_KEY blacklisted
    exit 1
 fi
 exit 0
--- a/roles/install_fastd/handlers/main.yml
+++ b/roles/install_fastd/handlers/main.yml
@ -0,0 +1,40 @@
 ---
 - name: reload fastd
  systemd:
      name: fastd@ffmyk.service
      state: reloaded
 - name: restart fastdaw
  systemd:
      name: fastd@ffaw.service
      state: restarted
 - name: restart fastdcoc
  systemd:
      name: fastd@ffcoc.service
      state: restarted
 - name: restart fastdems
  systemd:
      name: fastd@ffems.service
      state: restarted
 - name: restart fastdko
  systemd:
      name: fastd@ffko.service
      state: restarted
 - name: restart fastdmy
  systemd:
      name: fastd@ffmy.service
      state: restarted
 - name: restart fastdsim
  systemd:
      name: fastd@ffsim.service
      state: restarted
 - name: restart fastdww
  systemd:
      name: fastd@ffww.service
      state: restarted
--- a/roles/install_fastd/tasks/main.yml
+++ b/roles/install_fastd/tasks/main.yml
@ -0,0 +1,61 @@
 ---
 - name: install fastd
  pacman:
      name: fastd
      state: present
 - name: create site folder
  file:
      path: /etc/fastd/ff{{ item.name }}
      state: directory
  with_items: "{{ sites }}"
 - name: fastd.conf
  template:
      src: fastd.conf.j2
      dest: /etc/fastd/ff{{ item.name }}/fastd.conf
      mode: 0640
  notify: restart fastd{{ item.name }}
  with_items: "{{ sites }}"
 - name: add fastd bin folder
  file:
      path: /etc/fastd/ff{{ item.name }}/bin
      state: directory
  with_items: "{{ sites }}"
 - name: add fastd up script
  template:
      src: fastd_up.sh.j2
      dest: /etc/fastd/ff{{ item.name }}/bin/up.sh
      mode: 0744
  notify: restart fastd{{ item.name }}
  with_items: "{{ sites }}"
 - name: add fastd verify script
  copy:
      src: verify.sh
      dest: /etc/fastd/ff{{ item.name }}/bin/verify.sh
      mode: 0744
  with_items: "{{ sites }}"
 - name: add fastd_grep script
  copy:
      src: fastd_grep.sh
      dest: /root/fastd_grep.sh
      mode: 0744
 - name: install fastd_grep dependencies
  pacman:
      name:
        - openbsd-netcat
        - jq
      state: present
 - name: start and enable fastd service
  systemd:
      name: fastd@ff{{ item.name }}.service
      enabled: yes
      state: started
  with_items: "{{ sites }}"
--- a/roles/install_fastd/templates/fastd-api.php.j2
+++ b/roles/install_fastd/templates/fastd-api.php.j2
@ -0,0 +1,45 @@
 #!/usr/bin/php -f
 <?php
 //$url = 'http://register.freifunk-myk.de/srvapi.php';
 $url = 'https://www.freifunk-myk.de/node/keys';
 $out = '/etc/fastd/ff{{ item.name }}/peers/';
 if(!is_dir($out)) die('Output Dir missing');
 if(!is_writable($out)) die('Output Dir perms');
 if( ($data = file_get_contents($url)) === FALSE ) die('Error getting keys');
 $data = unserialize($data);
 $active=array();
 foreach($data as $router) {
        $router['MAC'] = trim($router['MAC']);
        $router['PublicKey'] = trim($router['PublicKey']);
 	if(!preg_match('/^[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}$/', $router['MAC'])) {
 		//trigger_error('Router mit falscher MAC?!', E_USER_WARNING);
 	}elseif(!preg_match('/^[A-F0-9]{64}$/', $router['PublicKey'])) {
 		//trigger_error('Router mit falschem Key?!'.$router['MAC'], E_USER_WARNING);
 	}else{
 		$filename='client_'.str_replace(':', '-', $router['MAC']);
 		$fp=fopen($out.$filename, 'w');
 		fwrite($fp, 'key "'.$router['PublicKey'].'";'."\n");
 		fclose($fp);
 		$active[] = $filename;
 	}
 }
 //Check if we fscked up
 if(count($active) < 10) die('Less than 10 nodes? Database broken?'); 
 $dh = opendir($out);
 while(($file = readdir($dh)) !== false) {
 	if($file != '.' && $file != '..') {
 		if(!in_array($file, $active) && (strpos($file, 'client_') !== false)) {
 			unlink($out.$file);
 		}
 	}
 }
 exec('killall -SIGHUP fastd');
 ?>
--- a/roles/install_fastd/templates/fastd.conf.j2
+++ b/roles/install_fastd/templates/fastd.conf.j2
@ -0,0 +1,13 @@
 log to syslog level info;
 interface "vpn{{ item.name }}";
 method "salsa2012+gmac";
 method "salsa2012+umac";
 secure handshakes yes;
 bind any:{{ item.fastd_port1 }};
 hide ip addresses yes;
 hide mac addresses yes;
 mtu 1280;
 secret "{{ item.fastd_secret }}";
 on up "/etc/fastd/ff{{ item.name }}/bin/up.sh $INTERFACE";
 status socket "/run/ff{{ item.name }}1.socket";
 on verify "/etc/fastd/ff{{ item.name }}/bin/verify.sh";
--- a/roles/install_fastd/templates/fastd_up.sh.j2
+++ b/roles/install_fastd/templates/fastd_up.sh.j2
@ -0,0 +1,11 @@
 #!/bin/bash
 ip link set address {{ item.fastd_mesh_mac }} dev $1
 ip link set up dev $1
 batctl meshif bat{{ item.name }} if add $1
 batctl meshif bat{{ item.name }} gw server 1000000/1000000
 batctl meshif bat{{ item.name }} it 10000
 batctl meshif bat{{ item.name }} mm 1
 batctl meshif bat{{ item.name }} hop_penalty 64
 netctl start bat{{ item.name }}
 systemctl restart dhcpd4.service
 systemctl restart named.service
--- a/roles/install_radvd/templates/radvd.conf.j2
+++ b/roles/install_radvd/templates/radvd.conf.j2
@ -4,7 +4,7 @@ interface bat{{ site.name }}
        AdvSendAdvert on;
        IgnoreIfMissing on;
        MinRtrAdvInterval 10;
-        MaxRtrAdvInterval 30;
+        MaxRtrAdvInterval 300;
        AdvDefaultPreference low;
        AdvHomeAgentFlag off;
@ -18,7 +18,7 @@ interface bat{{ site.name }}
        RDNSS {{ site.bat_ipv6 }}
        {
-                AdvRDNSSLifetime 300;
+                AdvRDNSSLifetime 900;
        };
 };