updated setup_fastd playbook

added features: - install_bind - install_dhcp - install_fastd - setup_batman
author: Niklas Yann Wettengel <niyawe@niyawe.de> 2017-03-17 22:35:38 +0100
committer: Niklas Yann Wettengel <niyawe@niyawe.de> 2017-03-17 22:35:38 +0100
commit: 4b97c64f947662cd4e2c233a51114c1ff3a9815c (patch)
tree: 07882522000071bfe7ffe7b10e773198bd6b06dd
parent: 711f968dda1acca7d6b2a86e28a1535449938941 (diff)
28 files changed, 391 insertions, 0 deletions
diff --git a/roles/install_bind/tasks/main.yml b/roles/install_bind/tasks/main.yml
new file mode 100644
index 0000000..31a833c
--- /dev/null
+++ b/roles/install_bind/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+- name: install bind
+  pacman:
+      name: bind
+      state: present
+
+- name: create named zone backup folder
+  file:
+      path: /var/named/bak
+      state: directory
+      owner: named
+      group: named
+
+- name: bind config
+  template:
+      src: named.conf.j2
+      dest: /etc/named.conf
+  register: named_conf
+
+- name: reload bind
+  when: named_conf.changed
+  systemd:
+      name: named.service
+      state: reloaded
diff --git a/roles/install_bind/templates/named.conf.j2 b/roles/install_bind/templates/named.conf.j2
new file mode 100644
index 0000000..ac2f9bd
--- /dev/null
+++ b/roles/install_bind/templates/named.conf.j2
@@ -0,0 +1,78 @@
+// vim:set ts=4 sw=4 et:
+
+options {
+    directory "/var/named";
+    pid-file "/run/named/named.pid";
+
+    dnssec-enable yes;
+    dnssec-validation yes;
+    dnssec-lookaside auto;
+
+    auth-nxdomain no;    # conform to RFC1035
+
+    listen-on-v6 { {{ bat0_ipv6 }}; };
+    listen-on port 53 { 127.0.0.1; {{ bat0_ipv4 }}; };
+
+    allow-recursion { 127.0.0.1; 10.222.0.0/16; 2a01:198:70a:ff::/64; };
+    allow-transfer { none; };
+    allow-update { none; };
+
+    //forwarders {
+    //    85.214.20.141;
+    //    213.73.91.35;
+    //};
+
+    version none;
+    hostname none;
+    server-id none;
+};
+
+zone "localhost" IN {
+    type master;
+    file "localhost.zone";
+};
+
+zone "0.0.127.in-addr.arpa" IN {
+    type master;
+    file "127.0.0.zone";
+};
+
+zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
+    type master;
+    file "localhost.ip6.zone";
+};
+
+zone "255.in-addr.arpa" IN {
+    type master;
+    file "empty.zone";
+};
+
+zone "0.in-addr.arpa" IN {
+    type master;
+    file "empty.zone";
+};
+
+zone "." IN {
+    type hint;
+    file "root.hint";
+};
+
+zone "ffmyk" IN {
+    type slave;
+    file "bak/ffmyk.zone";
+    allow-query { any; };
+    masters { 10.222.100.1; };
+};
+
+//logging {
+//    channel xfer-log {
+//        file "/var/log/named.log";
+//            print-category yes;
+//            print-severity yes;
+//            severity info;
+//        };
+//        category xfer-in { xfer-log; };
+//        category xfer-out { xfer-log; };
+//        category notify { xfer-log; };
+//};
+
diff --git a/roles/install_dhcp/tasks/main.yml b/roles/install_dhcp/tasks/main.yml
new file mode 100644
index 0000000..60cac06
--- /dev/null
+++ b/roles/install_dhcp/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: install dhcp
+  pacman:
+      name: dhcp
+      state: present
+
+- name: create dhcp file for static ips
+  file:
+      path: /etc/dhcpd.hosts.conf
+      state: touch
+
+- name: dhcpd.conf
+  template:
+      src: dhcpd.conf.j2
+      dest: /etc/dhcpd.conf
diff --git a/roles/install_dhcp/templates/dhcpd.conf.j2 b/roles/install_dhcp/templates/dhcpd.conf.j2
new file mode 100644
index 0000000..e985d1a
--- /dev/null
+++ b/roles/install_dhcp/templates/dhcpd.conf.j2
@@ -0,0 +1,18 @@
+default-lease-time 600;
+max-lease-time 3600;
+
+authoritative;
+
+log-facility local7;
+
+subnet 10.222.0.0 netmask 255.255.0.0 {
+	range {{ dhcp_start }} {{ dhcp_end }};
+
+	option routers {{ bat0_ipv4 }};
+	option domain-name-servers {{ bat0_ipv4 }};
+}
+
+subnet {{ ansible_default_ipv4['address'] }} netmask 255.255.255.255 {
+}
+
+include "/etc/dhcpd.hosts.conf";
diff --git a/roles/install_fastd/files/fastd-api.php b/roles/install_fastd/files/fastd-api.php
new file mode 100644
index 0000000..98da7a7
--- /dev/null
+++ b/roles/install_fastd/files/fastd-api.php
@@ -0,0 +1,45 @@
+#!/usr/bin/php -f
+<?php
+//$url = 'http://register.freifunk-myk.de/srvapi.php';
+$url = 'https://www.freifunk-myk.de/node/keys';
+$out = '/etc/fastd/ffmyk/peers/';
+ 
+if(!is_dir($out)) die('Output Dir missing');
+if(!is_writable($out)) die('Output Dir perms');
+
+if( ($data = file_get_contents($url)) === FALSE ) die('Error getting keys');
+$data = unserialize($data);
+
+$active=array();
+ 
+foreach($data as $router) {
+        $router['MAC'] = trim($router['MAC']);
+        $router['PublicKey'] = trim($router['PublicKey']);
+	if(!preg_match('/^[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}$/', $router['MAC'])) {
+		//trigger_error('Router mit falscher MAC?!', E_USER_WARNING);
+	}elseif(!preg_match('/^[A-F0-9]{64}$/', $router['PublicKey'])) {
+		//trigger_error('Router mit falschem Key?!'.$router['MAC'], E_USER_WARNING);
+	}else{
+		$filename='client_'.str_replace(':', '-', $router['MAC']);
+		$fp=fopen($out.$filename, 'w');
+		fwrite($fp, 'key "'.$router['PublicKey'].'";'."\n");
+		fclose($fp);
+		$active[] = $filename;
+	}
+}
+
+//Check if we fscked up
+if(count($active) < 10) die('Less than 10 nodes? Database broken?'); 
+
+$dh = opendir($out);
+while(($file = readdir($dh)) !== false) {
+	if($file != '.' && $file != '..') {
+		if(!in_array($file, $active) && (strpos($file, 'client_') !== false)) {
+			unlink($out.$file);
+		}
+	}
+}
+ 
+exec('killall -SIGHUP fastd');
+ 
+?>
diff --git a/roles/install_fastd/files/fastd1 b/roles/install_fastd/files/fastd1
new file mode 100644
index 0000000..e3bcd7a
--- /dev/null
+++ b/roles/install_fastd/files/fastd1
@@ -0,0 +1,2 @@
+key "d78c8c9b2977f732cdd00d2d4b557cfb5de1438897d33b9ec04037512dd11d6a";
+remote "fastd1.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd10 b/roles/install_fastd/files/fastd10
new file mode 100644
index 0000000..b722cee
--- /dev/null
+++ b/roles/install_fastd/files/fastd10
@@ -0,0 +1,2 @@
+key "03cb2b87af657dfc4a434c5dfe3234e947571ca5a8d114d24e0e9f9861eff558";
+remote "fastd10.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd11 b/roles/install_fastd/files/fastd11
new file mode 100644
index 0000000..8567a64
--- /dev/null
+++ b/roles/install_fastd/files/fastd11
@@ -0,0 +1,2 @@
+key "c5ddbdc98a9aa8eb4fc684571c23eabaefd6ef63b8cb9d3a31a2cd6e656c47f9";
+remote "fastd11.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd12 b/roles/install_fastd/files/fastd12
new file mode 100644
index 0000000..2618870
--- /dev/null
+++ b/roles/install_fastd/files/fastd12
@@ -0,0 +1,2 @@
+key "d47e917875f145a27a3ef10e29bf011c1f89ab4ea313c4bd0d8bac07ffacf557";
+remote "fastd12.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd13 b/roles/install_fastd/files/fastd13
new file mode 100644
index 0000000..034454a
--- /dev/null
+++ b/roles/install_fastd/files/fastd13
@@ -0,0 +1,2 @@
+key "2895322d66ba7aaa0daf779d795a2a44255d1d14bea639e1267149f466602fce";
+remote "fastd13.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd14 b/roles/install_fastd/files/fastd14
new file mode 100644
index 0000000..c33841b
--- /dev/null
+++ b/roles/install_fastd/files/fastd14
@@ -0,0 +1,2 @@
+key "22e08f6e9c72e77041aa635d380e03069cfe193d9f5a0551ff2188677d15d5c0";
+remote "fastd14.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd15 b/roles/install_fastd/files/fastd15
new file mode 100644
index 0000000..b1ab979
--- /dev/null
+++ b/roles/install_fastd/files/fastd15
@@ -0,0 +1,2 @@
+key "78605f4cc687a1a5c2a1cbbacb6310bb4dc2546e605a1f2852aabea5e2dbecbb";
+remote "fastd15.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd2 b/roles/install_fastd/files/fastd2
new file mode 100644
index 0000000..e911561
--- /dev/null
+++ b/roles/install_fastd/files/fastd2
@@ -0,0 +1,2 @@
+key "f753af06aff1e765a0601c21343965cd3a9abd91f98a76867589e742c041a550";
+remote "fastd2.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd3 b/roles/install_fastd/files/fastd3
new file mode 100644
index 0000000..f46363e
--- /dev/null
+++ b/roles/install_fastd/files/fastd3
@@ -0,0 +1,2 @@
+key "70a561adcea747e4758376222cddf7d43db43fac55b43e3840b6e3bc5042b170";
+remote "fastd3.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd4 b/roles/install_fastd/files/fastd4
new file mode 100644
index 0000000..34eb1e5
--- /dev/null
+++ b/roles/install_fastd/files/fastd4
@@ -0,0 +1,2 @@
+key "30e707472d8eed4397295554764846f309a4b046ba628d24f2acee79543d671c";
+remote "fastd4.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd5 b/roles/install_fastd/files/fastd5
new file mode 100644
index 0000000..0863396
--- /dev/null
+++ b/roles/install_fastd/files/fastd5
@@ -0,0 +1,2 @@
+key "c785f8d8f59b75ffbec7eb417e1971dc5a123ff3507e3121352102fdea646e89";
+remote "fastd5.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd6 b/roles/install_fastd/files/fastd6
new file mode 100644
index 0000000..63d7321
--- /dev/null
+++ b/roles/install_fastd/files/fastd6
@@ -0,0 +1,2 @@
+key "c40b725a5118b7c37f76b562461db160b1c99495f1df254067de2b5772831d22";
+remote "fastd6.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd7 b/roles/install_fastd/files/fastd7
new file mode 100644
index 0000000..8939a00
--- /dev/null
+++ b/roles/install_fastd/files/fastd7
@@ -0,0 +1,2 @@
+key "72dbb9f07c272e6cfba07ebc3e318cc66e7d6e7583d6aa27fdd0445cf1bea2d8";
+remote "fastd7.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd8 b/roles/install_fastd/files/fastd8
new file mode 100644
index 0000000..9181b6d
--- /dev/null
+++ b/roles/install_fastd/files/fastd8
@@ -0,0 +1,2 @@
+key "66744cda306b1087753a57a727c79a934c872e7221ec6a28ff41e3a316eff0ab";
+remote "fastd8.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd9 b/roles/install_fastd/files/fastd9
new file mode 100644
index 0000000..a62df5f
--- /dev/null
+++ b/roles/install_fastd/files/fastd9
@@ -0,0 +1,2 @@
+key "a8a79387ffa4370c6ae322d99aeb5b8b82f5580ce8dfe5726e0d161a7894a6ed";
+remote "fastd9.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/tasks/main.yml b/roles/install_fastd/tasks/main.yml
new file mode 100644
index 0000000..3bdd59e
--- /dev/null
+++ b/roles/install_fastd/tasks/main.yml
@@ -0,0 +1,94 @@
+---
+- name: install fastd
+  become: yes
+  become_user: '{{ aur_user }}'
+  aur:
+      name: fastd
+      tool: yaourt
+
+- name: create ffmyk folder
+  file:
+      path: /etc/fastd/ffmyk
+      state: directory
+
+- name: fastd.conf
+  template:
+      src: fastd.conf.j2
+      dest: /etc/fastd/ffmyk/fastd.conf
+      mode: 0640
+- name: create backbone folder
+  file:
+      path: /etc/fastd/ffmyk/backbone
+      state: directory
+
+- name: add backbone peers
+  copy:
+      src: '{{ item }}'
+      dest: /etc/fastd/ffmyk/backbone/{{ item }}
+  with_items:
+      - fastd1
+      - fastd2
+      - fastd3
+      - fastd4
+      - fastd5
+      - fastd6
+      - fastd7
+      - fastd8
+      - fastd9
+      - fastd10
+      - fastd11
+      - fastd12
+      - fastd13
+      - fastd14
+      - fastd15
+
+- name: add fastd bin folder
+  file:
+      path: /etc/fastd/ffmyk/bin
+      state: directory
+
+- name: add fastd up script
+  template:
+      src: fastd_up.sh.j2
+      dest: /etc/fastd/ffmyk/bin/up.sh
+      mode: 0744
+
+- name: add fastd peers folder
+  file:
+      path: /etc/fastd/ffmyk/peers
+      state: directory
+
+- name: install php for api script
+  pacman:
+      name: php
+      state: present
+
+- name: add fastd peer api script
+  copy:
+      src: fastd-api.php
+      dest: /etc/fastd/ffmyk/bin/fastd-api.php
+
+- name: install cronie
+  pacman:
+      name: cronie
+      state: present
+
+- name: start and enable cronie
+  systemd:
+      name: cronie.service
+      enabled: yes
+      state: started
+
+- name: setup cronjob for fastd-api
+  cron:
+      name: fastd-api
+      minute: '*/10'
+      user: root
+      cron_file: fastd-api
+      job: '/usr/bin/php /etc/fastd/ffmyk/bin/fastd-api.php'
+
+- name: start and enable fastd service
+  systemd:
+      name: fastd@ffmyk.service
+      enabled: yes
+      state: started
diff --git a/roles/install_fastd/templates/fastd.conf.j2 b/roles/install_fastd/templates/fastd.conf.j2
new file mode 100644
index 0000000..9d8a42b
--- /dev/null
+++ b/roles/install_fastd/templates/fastd.conf.j2
@@ -0,0 +1,18 @@
+log to syslog level info;
+interface "ffmyk-mesh-vpn";
+method "salsa2012+gmac";
+method "salsa2012+umac";
+secure handshakes yes;
+bind any:10000;
+hide ip addresses yes;
+hide mac addresses yes;
+mtu 1280;
+peer group "clients" {
+	include peers from "peers";
+	peer limit {{ fastd_peer_limit }};
+}
+include peers from "backbone";
+secret "{{ fastd_secret }}";
+on up "/etc/fastd/ffmyk/bin/up.sh $INTERFACE";
+status socket "/run/ffmyk.socket";
+
diff --git a/roles/install_fastd/templates/fastd_up.sh.j2 b/roles/install_fastd/templates/fastd_up.sh.j2
new file mode 100644
index 0000000..87b71ce
--- /dev/null
+++ b/roles/install_fastd/templates/fastd_up.sh.j2
@@ -0,0 +1,11 @@
+#!/bin/bash
+ip link set address {{ fastd_mesh_mac }} dev $1
+ip link set up dev $1
+batctl -m bat0 if add $1
+batctl -m bat0 gw server 1000000/1000000
+batctl -m bat0 it 10000
+batctl -m bat0 mm 1
+echo 128 > /sys/class/net/bat0/mesh/hop_penalty
+netctl start bat0
+systemctl restart dhcpd4.service
+systemctl restart named.service
diff --git a/roles/setup_batman/files/ffmyk-iproute.sh b/roles/setup_batman/files/ffmyk-iproute.sh
new file mode 100755
index 0000000..49fbb16
--- /dev/null
+++ b/roles/setup_batman/files/ffmyk-iproute.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+#Routingtabelle ffmyk ist per default nicht erreichbar
+ip route add unreachable default table ffmyk
+
+#Alles, was mit 0x1 markiert wird gehört zu Tabelle ffmyk
+ip rule add from all fwmark 0x1 table ffmyk
+ 
+#Alles mit Freifunk-IP - woher auch immer - gehlrt zu Tabelle ffmyk
+ip rule add from 10.222.0.0/16 table ffmyk
+
+#Tabelle ffmyk routet das Ziel mit Freifunk-IPs über das Device bat0
+ip route replace 10.222.0.0/16 dev bat0 table ffmyk
+
+ip route replace 0.0.0.0/1   via 10.222.100.1 dev bat0 metric 666 table ffmyk   # fastd1
+ip route replace 128.0.0.0/1 via 10.222.100.1 dev bat0 metric 666 table ffmyk   # fastd1
+ip route replace 0.0.0.0/1   via 10.222.112.1 dev bat0 metric 667 table ffmyk   # fastd2
+ip route replace 128.0.0.0/1 via 10.222.112.1 dev bat0 metric 667 table ffmyk   # fastd2
+ip route replace 0.0.0.0/1   via 10.222.120.1 dev bat0 metric 668 table ffmyk   # fastd3
+ip route replace 128.0.0.0/1 via 10.222.120.1 dev bat0 metric 668 table ffmyk   # fastd3
+
diff --git a/roles/setup_batman/files/modules-load.d_batman.conf b/roles/setup_batman/files/modules-load.d_batman.conf
new file mode 100644
index 0000000..116b850
--- /dev/null
+++ b/roles/setup_batman/files/modules-load.d_batman.conf
@@ -0,0 +1 @@
+batman-adv
diff --git a/roles/setup_batman/tasks/main.yml b/roles/setup_batman/tasks/main.yml
new file mode 100644
index 0000000..c3e8372
--- /dev/null
+++ b/roles/setup_batman/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: load batman-adv kernel module at boot
+  copy:
+      src: modules-load.d_batman.conf
+      dest: /etc/modules-load.d/batman.conf
+
+- name: install batctl
+  pacman:
+      name: batctl
+      state: present
+
+- name: name ffmyk routing table
+  lineinfile:
+      path: /etc/iproute2/rt_tables
+      line: 42 ffmyk
+
+- name: copy ffmyk iproute config script
+  copy:
+      src: ffmyk-iproute.sh
+      dest: /usr/local/bin/ffmyk-iproute.sh
+      mode: 0744
+
+- name: add netctl config
+  template:
+      src: netctl_bat0.j2
+      dest: /etc/netctl/bat0
diff --git a/roles/setup_batman/templates/netctl_bat0.j2 b/roles/setup_batman/templates/netctl_bat0.j2
new file mode 100644
index 0000000..e48c5b8
--- /dev/null
+++ b/roles/setup_batman/templates/netctl_bat0.j2
@@ -0,0 +1,7 @@
+Connection=ethernet
+Interface=bat0
+IP=static
+IP6=static
+Address6=({{ bat0_ipv6 }}/64)
+Address=({{ bat0_ipv4 }}/16)
+ExecUpPost=/usr/local/bin/ffmyk-iproute.sh
diff --git a/setup_fastd.yml b/setup_fastd.yml
index 7677826..44560ca 100644
--- a/setup_fastd.yml
+++ b/setup_fastd.yml
@@ -7,4 +7,8 @@
       - configure_journald
       - install_ntp
       - install_haveged
+      - setup_batman
+      - install_dhcp
+      - install_bind
+      - install_fastd
       - install_admin_packages
author	Niklas Yann Wettengel <niyawe@niyawe.de>	2017-03-17 22:35:38 +0100
committer	Niklas Yann Wettengel <niyawe@niyawe.de>	2017-03-17 22:35:38 +0100
commit	4b97c64f947662cd4e2c233a51114c1ff3a9815c (patch)
tree	07882522000071bfe7ffe7b10e773198bd6b06dd
parent	711f968dda1acca7d6b2a86e28a1535449938941 (diff)