fastd working

author: Niklas Yann Wettengel <niyawe@niyawe.de> 2017-07-03 09:46:42 +0200
committer: Niklas Yann Wettengel <niyawe@niyawe.de> 2017-07-03 09:46:42 +0200
commit: d82f8524972086862f64750f325ba067ea993d86 (patch)
tree: aa7634db168da40d108e43c7c30fbce299bdc7ab
parent: 90a8a597eaa3a008eac946460b5c621eafa8ec62 (diff)
25 files changed, 357 insertions, 250 deletions
diff --git a/host_vars/fastd b/host_vars/fastd
index 532d309..d1ace4a 100644
--- a/host_vars/fastd
+++ b/host_vars/fastd
@@ -1,12 +1,19 @@
 ---
 ansible_host: 123.123.123.123 
-fastd_peer_limit: 200
-fastd_secret: <fastd secret key>
-fastd_mesh_mac: '<mesh mac>
-bat0_ipv6: '<ipv6>'
-bat0_ipv4: <ipv4>
-dhcp_start: <ipv4>
-dhcp_end: <ipv4>
+sites:
+  - name: '<site kürzel>'
+    net4: '<ipv4 netz>'
+    net6: '<ipv6 netz>'
+    fastd_secret: <fastd secret key>
+    fastd_mesh_mac: '<mesh mac>
+    fastd_port1: <erster port>
+    fastd_port2: <zweiter port>
+    bat_ipv6: '<ipv6>'
+    bat_ipv4: <ipv4>
+    dhcp_subnet: '<ipv4 netz ohne netzmaske>'
+    dhcp_netmask: '<netzmaske>'
+    dhcp_start: <ipv4>
+    dhcp_end: <ipv4>
 mullvad_country: nl
 mullvad_crt: |
     -----BEGIN CERTIFICATE-----
@@ -16,56 +23,56 @@ mullvad_key: |
     -----BEGIN PRIVATE KEY-----
     ...
     -----END PRIVATE KEY-----
-influx_user: <user>
-influx_password: <password>
-munin_node_plugins:
-  - name: cpu
-  - name: df
-  - name: df_inode
-  - name: dhcp-pool
-  - name: diskstats
-  - name: entropy
-  - name: fastd_peers
-    plugin: fastd_
-  - name: fastd_traffic
-    plugin: fastd_
-  - name: forks
-  - name: fw_conntrack
-  - name: fw_forwarded_local
-  - name: fw_packets
-  - name: if_bat0
-    plugin: if_
-  - name: if_err_bat0
-    plugin: if_err_
-  - name: if_ens3
-    plugin: if_
-  - name: if_err_ens3
-    plugin: if_err_
-  - name: if_ffmyk-mesh-vpn
-    plugin: if_
-  - name: if_err_ffmyk-mesh-vpn
-    plugin: if_err_
-  - name: if_mullvad
-    plugin: if_
-  - name: if_err_mullvad
-    plugin: if_err_
-  - name: interrupts
-  - name: irqstats
-  - name: load
-  - name: memory
-  - name: netstat
-  - name: nginx_request
-  - name: nginx_status
-  - name: ntp_kernel_err
-  - name: ntp_kernel_pll_freq
-  - name: ntp_kernel_pll_off
-  - name: ntp_offset
-  - name: open_files
-  - name: open_inodes
-  - name: proc_pri
-  - name: processes
-  - name: swap
-  - name: threads
-  - name: uptime
-  - name: users
-  - name: vmstat
+#influx_user: <user>
+#influx_password: <password>
+#munin_node_plugins:
+#  - name: cpu
+#  - name: df
+#  - name: df_inode
+#  - name: dhcp-pool
+#  - name: diskstats
+#  - name: entropy
+#  - name: fastd_peers
+#    plugin: fastd_
+#  - name: fastd_traffic
+#    plugin: fastd_
+#  - name: forks
+#  - name: fw_conntrack
+#  - name: fw_forwarded_local
+#  - name: fw_packets
+#  - name: if_bat0
+#    plugin: if_
+#  - name: if_err_bat0
+#    plugin: if_err_
+#  - name: if_ens3
+#    plugin: if_
+#  - name: if_err_ens3
+#    plugin: if_err_
+#  - name: if_ffmyk-mesh-vpn
+#    plugin: if_
+#  - name: if_err_ffmyk-mesh-vpn
+#    plugin: if_err_
+#  - name: if_mullvad
+#    plugin: if_
+#  - name: if_err_mullvad
+#    plugin: if_err_
+#  - name: interrupts
+#  - name: irqstats
+#  - name: load
+#  - name: memory
+#  - name: netstat
+#  - name: nginx_request
+#  - name: nginx_status
+#  - name: ntp_kernel_err
+#  - name: ntp_kernel_pll_freq
+#  - name: ntp_kernel_pll_off
+#  - name: ntp_offset
+#  - name: open_files
+#  - name: open_inodes
+#  - name: proc_pri
+#  - name: processes
+#  - name: swap
+#  - name: threads
+#  - name: uptime
+#  - name: users
+#  - name: vmstat
diff --git a/roles/configure_iptables/files/ip6tables.rules b/roles/configure_iptables/files/ip6tables.rules
index f7b5ec2..7a1ea51 100644
--- a/roles/configure_iptables/files/ip6tables.rules
+++ b/roles/configure_iptables/files/ip6tables.rules
@@ -1,9 +1,7 @@
-# Generated by ip6tables-save v1.4.21 on Mon Feb 22 00:25:52 2016
 *filter
 :INPUT DROP [0:0]
-:FORWARD ACCEPT [0:0]
+:FORWARD DROP [0:0]
 :OUTPUT ACCEPT [0:0]
-:LOGGING - [0:0]
 -A INPUT -i lo -j ACCEPT
 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -p icmpv6 -j ACCEPT
@@ -13,20 +11,20 @@
 # dns
 -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
 -A INPUT -p udp -m udp --dport 53 -j ACCEPT
-# http
--A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
-# munin
--A INPUT -p tcp -m tcp --dport 4949 -j ACCEPT
 # fastd
--A INPUT -p udp -m udp --dport 10000 -j ACCEPT
+-A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT
 # MOSH
 -A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT
 # LOG
--A INPUT -j LOGGING
--A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IP6Tables-Dropped: " --log-level 4
--A LOGGING -j DROP
--A FORWARD -i bat0 -p udp --dport 10000 -j REJECT
+-A INPUT -m limit --limit 2/min -j LOG --log-prefix "IP6Tables-Dropped input: " --log-level 4
+
+-A FORWARD -i bataw -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -i batcoc -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -i batems -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -i batko -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -i batmy -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -i batsim -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -m limit --limit 2/min -j LOG --log-prefix "IP6Tables-Dropped forward: " --log-level 4
 COMMIT
-# Completed on Mon Feb 22 00:25:52 2016
diff --git a/roles/configure_iptables/files/iptables.rules b/roles/configure_iptables/files/iptables.rules
index 49bc7d2..24b82e3 100644
--- a/roles/configure_iptables/files/iptables.rules
+++ b/roles/configure_iptables/files/iptables.rules
@@ -1,22 +1,24 @@
-# Generated by iptables-save v1.4.21 on Tue Sep  8 21:44:08 2015
 *mangle
 :PREROUTING ACCEPT [0:0]
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
--A PREROUTING -i bat0 -j MARK --set-xmark 0x1/0xffffffff
+-A PREROUTING -i bataw -j MARK --set-xmark 0x1/0xffffffff
+-A PREROUTING -i batcoc -j MARK --set-xmark 0x1/0xffffffff
+-A PREROUTING -i batems -j MARK --set-xmark 0x1/0xffffffff
+-A PREROUTING -i batko -j MARK --set-xmark 0x1/0xffffffff
+-A PREROUTING -i batmy -j MARK --set-xmark 0x1/0xffffffff
+-A PREROUTING -i batsim -j MARK --set-xmark 0x1/0xffffffff
 COMMIT
-# Completed on Tue Sep  8 21:44:08 2015
-# Generated by iptables-save v1.4.21 on Tue Sep  8 21:44:08 2015
 *filter
 :INPUT DROP [0:0]
-:FORWARD ACCEPT [0:0]
+:FORWARD DROP [0:0]
 :OUTPUT ACCEPT [0:0]
-:LOGGING - [0:0]
 -A INPUT -s 127.0.0.1/32 -j ACCEPT
 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
+
 # SSH-Server
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 # dns
@@ -24,33 +26,25 @@ COMMIT
 -A INPUT -p udp -m udp --dport 53 -j ACCEPT
 #dhcp
 -I INPUT -i bat0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
-# http
--A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 # ntp
 -A INPUT -p udp -m udp --dport 123 -j ACCEPT
-# munin
--A INPUT -p tcp -m tcp --dport 4949 -j ACCEPT
-# iperf
--A INPUT -i bat0 -p tcp -m tcp --dport 5001 -j ACCEPT
 # fastd
--A INPUT -p udp -m udp --dport 10000 -j ACCEPT
+-A INPUT -p udp -m udp --dport 10010:10021 -j ACCEPT
 # MOSH
 -A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT
-# LOG
--A INPUT -j LOGGING
--A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
--A LOGGING -j DROP
--A FORWARD -i bat0 -p udp --dport 10000 -j REJECT
+-A INPUT -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped input: " --log-level 4
+
+-A FORWARD -i bataw -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -i batcoc -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -i batems -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -i batko -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -i batmy -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -i batsim -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped forward: " --log-level 4
 COMMIT
-# Completed on Tue Sep  8 21:44:08 2015
-# Generated by iptables-save v1.4.21 on Tue Sep  8 21:44:08 2015
 *nat
 :PREROUTING ACCEPT [0:0]
 :INPUT ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
--A POSTROUTING -o mullvad -j MASQUERADE
 COMMIT
-# Completed on Tue Sep  8 21:44:08 2015
-
diff --git a/roles/configure_static_routes/files/ffmyk-iproute.service b/roles/configure_static_routes/files/ffmyk-iproute.service
new file mode 100644
index 0000000..95bfe42
--- /dev/null
+++ b/roles/configure_static_routes/files/ffmyk-iproute.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=sets up ip rules and static routes
+ConditionPathExists=/usr/local/bin/ffmyk-iproute.sh
+
+[Service]
+Type=forking
+ExecStart=/usr/local/bin/ffmyk-iproute.sh
+TimeoutSec=0
+StandardOutput=tty
+RemainAfterExit=yes
+SysVStartPriority=99
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/configure_static_routes/files/ffmyk-iproute.sh b/roles/configure_static_routes/files/ffmyk-iproute.sh
new file mode 100755
index 0000000..ee7f6a0
--- /dev/null
+++ b/roles/configure_static_routes/files/ffmyk-iproute.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+#Routingtabelle ffmyk ist per default nicht erreichbar
+ip -4 route add unreachable default table ffmyk
+ip -6 route add unreachable default table ffmyk
+
+#Alles, was mit 0x1 markiert wird gehört zu Tabelle ffmyk
+ip -4 rule add from all fwmark 0x1 table ffmyk
+ip -6 rule add from all fwmark 0x1 table ffmyk
+ 
+#Alles mit Freifunk-IP - woher auch immer - gehlrt zu Tabelle ffmyk
+ip -4 rule add from 10.222.0.0/16 table ffmyk
+ip -6 rule add from 2001:470:cd45:FF00::/56 table ffmyk
diff --git a/roles/configure_static_routes/tasks/main.yml b/roles/configure_static_routes/tasks/main.yml
new file mode 100644
index 0000000..e89d845
--- /dev/null
+++ b/roles/configure_static_routes/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+- name: name ffmyk routing table
+  lineinfile:
+      path: /etc/iproute2/rt_tables
+      line: 42 ffmyk
+
+- name: copy ffmyk iproute config script
+  copy:
+      src: ffmyk-iproute.sh
+      dest: /usr/local/bin/ffmyk-iproute.sh
+      mode: 0744
+
+- name: copy site specific iproute up config script
+  template:
+      src: ffmyk-iproute-up.j2
+      dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh
+      mode: 0744
+  with_items: "{{ sites }}"
+
+- name: copy site specific iproute down config script
+  template:
+      src: ffmyk-iproute-down.j2
+      dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh
+      mode: 0744
+  with_items: "{{ sites }}"
+
+- name: copy ffmyk iproute systemd service
+  copy:
+      src: ffmyk-iproute.service
+      dest: /etc/systemd/system/ffmyk-iproute.service
+      mode: 0444
+
+- name: start and enable ffmyk iproute service
+  systemd:
+      name: ffmyk-iproute.service
+      daemon_reload: yes
+      enabled: yes
+      state: started
diff --git a/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 b/roles/configure_static_routes/templates/ffmyk-iproute-down.j2
new file mode 100644
index 0000000..51a0a17
--- /dev/null
+++ b/roles/configure_static_routes/templates/ffmyk-iproute-down.j2
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+ip -4 route del {{item.net4 }} dev bat{{ item.name }} proto static table ffmyk
+ip -6 route del {{item.net6 }} dev bat{{ item.name }} proto static table ffmyk
+
+ip -4 rule del iif bat{{ item.name }} table ffmyk
+ip -6 rule del iif bat{{ item.name }} table ffmyk
+ip -4 rule del from {{ item.net4 }} table ffmyk
+ip -6 rule del from {{ item.net6 }} table ffmyk
+ip -4 rule del to {{ item.net4 }} table ffmyk
+ip -6 rule del to {{ item.net6 }} table ffmyk
diff --git a/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 b/roles/configure_static_routes/templates/ffmyk-iproute-up.j2
new file mode 100644
index 0000000..a8275da
--- /dev/null
+++ b/roles/configure_static_routes/templates/ffmyk-iproute-up.j2
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+ip -4 rule add iif bat{{ item.name }} table ffmyk
+ip -6 rule add iif bat{{ item.name }} table ffmyk
+ip -4 rule add from {{ item.net4 }} table ffmyk
+ip -6 rule add from {{ item.net6 }} table ffmyk
+ip -4 rule add to {{ item.net4 }} table ffmyk
+ip -6 rule add to {{ item.net6 }} table ffmyk
+
+ip -4 route replace {{item.net4 }} dev bat{{ item.name }} proto static table ffmyk
+ip -6 route replace {{item.net6 }} dev bat{{ item.name }} proto static table ffmyk
diff --git a/roles/configure_sysctl/files/ff.conf b/roles/configure_sysctl/files/ff.conf
index a80a925..584bd67 100644
--- a/roles/configure_sysctl/files/ff.conf
+++ b/roles/configure_sysctl/files/ff.conf
@@ -1,4 +1,7 @@
 net.ipv4.ip_forward=1
+# Sonst landen ICMP-Fehlerpakete auf eth0 - mit source-IP 10.222.x.y...
+# https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
+net.ipv4.icmp_errors_use_inbound_ifaddr = 1
 
 net.ipv6.conf.all.forwarding=1
 
diff --git a/roles/install_bind/templates/named.conf.j2 b/roles/install_bind/templates/named.conf.j2
index ac2f9bd..9966332 100644
--- a/roles/install_bind/templates/named.conf.j2
+++ b/roles/install_bind/templates/named.conf.j2
@@ -10,18 +10,22 @@ options {
 
     auth-nxdomain no;    # conform to RFC1035
 
-    listen-on-v6 { {{ bat0_ipv6 }}; };
-    listen-on port 53 { 127.0.0.1; {{ bat0_ipv4 }}; };
-
-    allow-recursion { 127.0.0.1; 10.222.0.0/16; 2a01:198:70a:ff::/64; };
+    listen-on-v6 {
+{% for site in sites %}
+        {{ site.bat_ipv6 }};
+{% endfor %}
+    };
+    listen-on port 53 {
+        127.0.0.1;
+{% for site in sites %}
+        {{ site.bat_ipv4 }};
+{% endfor %}
+    };
+
+    allow-recursion { 127.0.0.1; 10.222.0.0/16; 2001:470:cd45:ff00::/56; };
     allow-transfer { none; };
     allow-update { none; };
 
-    //forwarders {
-    //    85.214.20.141;
-    //    213.73.91.35;
-    //};
-
     version none;
     hostname none;
     server-id none;
@@ -57,22 +61,9 @@ zone "." IN {
     file "root.hint";
 };
 
-zone "ffmyk" IN {
-    type slave;
-    file "bak/ffmyk.zone";
-    allow-query { any; };
-    masters { 10.222.100.1; };
-};
-
-//logging {
-//    channel xfer-log {
-//        file "/var/log/named.log";
-//            print-category yes;
-//            print-severity yes;
-//            severity info;
-//        };
-//        category xfer-in { xfer-log; };
-//        category xfer-out { xfer-log; };
-//        category notify { xfer-log; };
+//zone "ffmyk" IN {
+//    type slave;
+//    file "bak/ffmyk.zone";
+//    allow-query { any; };
+//    masters { 10.222.100.1; };
 //};
-
diff --git a/roles/install_dhcp/tasks/main.yml b/roles/install_dhcp/tasks/main.yml
index 2e85106..4bcf845 100644
--- a/roles/install_dhcp/tasks/main.yml
+++ b/roles/install_dhcp/tasks/main.yml
@@ -4,24 +4,25 @@
       name: dhcp
       state: present
 
-- name: create dhcp file for static ips
-  copy:
-      content: ''
-      dest: /etc/dhcpd.hosts.conf
-      force: no
-
-- name: copy fastd-services-api.php
-  copy:
-      src: fastd-services-api.php
-      dest: /etc/fastd-services-api.php
-
-- name: setup cronjob for fastd-services-api
-  cron:
-      name: fastd-services-api
-      minute: '*/10'
-      user: root
-      cron_file: fastd-api
-      job: '/usr/bin/php /etc/fastd-services-api.php'
+#- name: create dhcp file for static ips
+#  copy:
+#      content: ''
+#      dest: /etc/dhcpd.hosts{{ item.name }}.conf
+#      force: no
+#  with_items: "{{ sites }}"
+#
+#- name: copy fastd-services-api.php
+#  copy:
+#      src: fastd-services-api.php
+#      dest: /etc/fastd-services-api.php
+#
+#- name: setup cronjob for fastd-services-api
+#  cron:
+#      name: fastd-services-api
+#      minute: '*/10'
+#      user: root
+#      cron_file: fastd-api
+#      job: '/usr/bin/php /etc/fastd-services-api.php'
 
 - name: dhcpd.conf
   template:
diff --git a/roles/install_dhcp/templates/dhcpd.conf.j2 b/roles/install_dhcp/templates/dhcpd.conf.j2
index e985d1a..42496d6 100644
--- a/roles/install_dhcp/templates/dhcpd.conf.j2
+++ b/roles/install_dhcp/templates/dhcpd.conf.j2
@@ -5,14 +5,16 @@ authoritative;
 
 log-facility local7;
 
-subnet 10.222.0.0 netmask 255.255.0.0 {
-	range {{ dhcp_start }} {{ dhcp_end }};
+{% for site in sites %}
+subnet {{ site.dhcp_subnet }} netmask {{ site.dhcp_netmask }} {
+	range {{ site.dhcp_start }} {{ site.dhcp_end }};
 
-	option routers {{ bat0_ipv4 }};
-	option domain-name-servers {{ bat0_ipv4 }};
+	option routers {{ site.bat_ipv4 }};
+	option domain-name-servers {{ site.bat_ipv4 }};
 }
+{% endfor %}
 
 subnet {{ ansible_default_ipv4['address'] }} netmask 255.255.255.255 {
 }
 
-include "/etc/dhcpd.hosts.conf";
+#include "/etc/dhcpd.hosts.conf";
diff --git a/roles/install_fastd/handlers/main.yml b/roles/install_fastd/handlers/main.yml
index e8051bc..01cff4d 100644
--- a/roles/install_fastd/handlers/main.yml
+++ b/roles/install_fastd/handlers/main.yml
@@ -4,7 +4,32 @@
       name: fastd@ffmyk.service
       state: reloaded
 
-- name: restart fastd
+- name: restart fastdaw
   systemd:
-      name: fastd@ffmyk.service
+      name: fastd@ffaw.service
+      state: restarted
+
+- name: restart fastdcoc
+  systemd:
+      name: fastd@ffcoc.service
+      state: restarted
+
+- name: restart fastdems
+  systemd:
+      name: fastd@ffems.service
+      state: restarted
+
+- name: restart fastdko
+  systemd:
+      name: fastd@ffko.service
+      state: restarted
+
+- name: restart fastdmy
+  systemd:
+      name: fastd@ffmy.service
+      state: restarted
+
+- name: restart fastdsim
+  systemd:
+      name: fastd@ffsim.service
       state: restarted
diff --git a/roles/install_fastd/tasks/main.yml b/roles/install_fastd/tasks/main.yml
index 4a0a131..8f01e47 100644
--- a/roles/install_fastd/tasks/main.yml
+++ b/roles/install_fastd/tasks/main.yml
@@ -6,77 +6,58 @@
       name: fastd
       tool: yaourt
 
-- name: create ffmyk folder
+- name: create site folder
   file:
-      path: /etc/fastd/ffmyk
+      path: /etc/fastd/ff{{ item.name }}
       state: directory
+  with_items: "{{ sites }}"
 
 - name: fastd.conf
   template:
       src: fastd.conf.j2
-      dest: /etc/fastd/ffmyk/fastd.conf
+      dest: /etc/fastd/ff{{ item.name }}/fastd.conf
       mode: 0640
-  notify: restart fastd
-
-- name: create backbone folder
-  file:
-      path: /etc/fastd/ffmyk/backbone
-      state: directory
-
-- name: add backbone peers
-  copy:
-      src: '{{ item }}'
-      dest: /etc/fastd/ffmyk/backbone/{{ item }}
-  with_items:
-      - fastd1
-      - fastd2
-      - fastd3
-      - fastd4
-      - fastd5
-      - fastd6
-      - fastd7
-      - fastd8
-      - fastd9
-      - fastd10
-      - fastd11
-      - fastd12
-      - fastd13
-      - fastd14
-      - fastd15
-  notify: reload fastd
+  notify: restart fastd{{ item.name }}
+  with_items: "{{ sites }}"
 
 - name: add fastd bin folder
   file:
-      path: /etc/fastd/ffmyk/bin
+      path: /etc/fastd/ff{{ item.name }}/bin
       state: directory
+  with_items: "{{ sites }}"
 
 - name: add fastd up script
   template:
       src: fastd_up.sh.j2
-      dest: /etc/fastd/ffmyk/bin/up.sh
+      dest: /etc/fastd/ff{{ item.name }}/bin/up.sh
       mode: 0744
-  notify: restart fastd
+  notify: restart fastd{{ item.name }}
+  with_items: "{{ sites }}"
 
 - name: add fastd peers folder
   file:
-      path: /etc/fastd/ffmyk/peers
+      path: /etc/fastd/ff{{ item.name }}/peers
       state: directory
+  with_items: "{{ sites }}"
 
 - name: add fastd peer api script
-  copy:
-      src: fastd-api.php
-      dest: /etc/fastd/ffmyk/bin/fastd-api.php
+  template:
+      src: fastd-api.php.j2
+      dest: /etc/fastd/ff{{ item.name }}/bin/fastd-api.php
+  with_items: "{{ sites }}"
 
 - name: setup cronjob for fastd-api
   cron:
-      name: fastd-api
+      name: fastd-api-{{ item.name }}
       minute: '*/10'
       user: root
       cron_file: fastd-api
-      job: '/usr/bin/php /etc/fastd/ffmyk/bin/fastd-api.php'
+      job: '/usr/bin/php /etc/fastd/ff{{ item.name }}/bin/fastd-api.php'
+  with_items: "{{ sites }}"
 
 - name: start and enable fastd service
   systemd:
-      name: fastd@ffmyk.service
+      name: fastd@ff{{ item.name }}.service
       enabled: yes
       state: started
+  with_items: "{{ sites }}"
diff --git a/roles/install_fastd/files/fastd-api.php b/roles/install_fastd/templates/fastd-api.php.j2
index 98da7a7..7b1fc17 100644
--- a/roles/install_fastd/files/fastd-api.php
+++ b/roles/install_fastd/templates/fastd-api.php.j2
@@ -2,7 +2,7 @@
 <?php
 //$url = 'http://register.freifunk-myk.de/srvapi.php';
 $url = 'https://www.freifunk-myk.de/node/keys';
-$out = '/etc/fastd/ffmyk/peers/';
+$out = '/etc/fastd/ff{{ item.name }}/peers/';
  
 if(!is_dir($out)) die('Output Dir missing');
 if(!is_writable($out)) die('Output Dir perms');
diff --git a/roles/install_fastd/templates/fastd.conf.j2 b/roles/install_fastd/templates/fastd.conf.j2
index 9d8a42b..1ec818d 100644
--- a/roles/install_fastd/templates/fastd.conf.j2
+++ b/roles/install_fastd/templates/fastd.conf.j2
@@ -1,18 +1,16 @@
 log to syslog level info;
-interface "ffmyk-mesh-vpn";
+interface "vpn{{ item.name }}";
 method "salsa2012+gmac";
 method "salsa2012+umac";
 secure handshakes yes;
-bind any:10000;
+bind any:{{ item.fastd_port1 }};
 hide ip addresses yes;
 hide mac addresses yes;
 mtu 1280;
 peer group "clients" {
 	include peers from "peers";
-	peer limit {{ fastd_peer_limit }};
 }
-include peers from "backbone";
-secret "{{ fastd_secret }}";
-on up "/etc/fastd/ffmyk/bin/up.sh $INTERFACE";
-status socket "/run/ffmyk.socket";
+secret "{{ item.fastd_secret }}";
+on up "/etc/fastd/ff{{ item.name }}/bin/up.sh $INTERFACE";
+status socket "/run/ff{{ item.name }}1.socket";
 
diff --git a/roles/install_fastd/templates/fastd_up.sh.j2 b/roles/install_fastd/templates/fastd_up.sh.j2
index 87b71ce..6ab39b0 100644
--- a/roles/install_fastd/templates/fastd_up.sh.j2
+++ b/roles/install_fastd/templates/fastd_up.sh.j2
@@ -1,11 +1,11 @@
 #!/bin/bash
-ip link set address {{ fastd_mesh_mac }} dev $1
+ip link set address {{ item.fastd_mesh_mac }} dev $1
 ip link set up dev $1
-batctl -m bat0 if add $1
-batctl -m bat0 gw server 1000000/1000000
-batctl -m bat0 it 10000
-batctl -m bat0 mm 1
-echo 128 > /sys/class/net/bat0/mesh/hop_penalty
-netctl start bat0
+batctl -m bat{{ item.name }} if add $1
+batctl -m bat{{ item.name }} gw server 1000000/1000000
+batctl -m bat{{ item.name }} it 10000
+batctl -m bat{{ item.name }} mm 1
+echo 64 > /sys/class/net/bat0/mesh/hop_penalty
+netctl start bat{{ item.name }}
 systemctl restart dhcpd4.service
 systemctl restart named.service
diff --git a/roles/install_radvd/handlers/main.yml b/roles/install_radvd/handlers/main.yml
new file mode 100644
index 0000000..37634dd
--- /dev/null
+++ b/roles/install_radvd/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart radvd
+  systemd:
+      name: radvd.service
+      state: restarted
diff --git a/roles/install_radvd/tasks/main.yml b/roles/install_radvd/tasks/main.yml
new file mode 100644
index 0000000..161e7a1
--- /dev/null
+++ b/roles/install_radvd/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+- name: install radvd
+  pacman:
+      name: radvd
+      state: present
+
+- name: radvd config
+  template:
+      src: radvd.conf.j2
+      dest: /etc/radvd.conf
+  notify: restart radvd
+
+- name: start and enable radvd
+  systemd:
+      name: radvd.service
+      enabled: yes
+      state: started
diff --git a/roles/install_radvd/templates/radvd.conf.j2 b/roles/install_radvd/templates/radvd.conf.j2
new file mode 100644
index 0000000..0774189
--- /dev/null
+++ b/roles/install_radvd/templates/radvd.conf.j2
@@ -0,0 +1,26 @@
+{% for site in sites %}
+interface bat{{ site.name }}
+{
+        AdvSendAdvert on;
+        IgnoreIfMissing on;
+        MinRtrAdvInterval 3;
+        MaxRtrAdvInterval 900;
+
+        AdvDefaultPreference low;
+        AdvHomeAgentFlag off;
+
+        prefix {{ site.net6 }}
+        {
+                AdvOnLink on;
+                AdvAutonomous on;
+                AdvRouterAddr off;
+        };
+
+        RDNSS {{ site.bat_ipv6 }}
+        {
+                AdvRDNSSLifetime 30;
+        };
+
+};
+
+{% endfor %}
diff --git a/roles/setup_batman/files/ffmyk-iproute.sh b/roles/setup_batman/files/ffmyk-iproute.sh
deleted file mode 100755
index 49fbb16..0000000
--- a/roles/setup_batman/files/ffmyk-iproute.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-#Routingtabelle ffmyk ist per default nicht erreichbar
-ip route add unreachable default table ffmyk
-
-#Alles, was mit 0x1 markiert wird gehört zu Tabelle ffmyk
-ip rule add from all fwmark 0x1 table ffmyk
- 
-#Alles mit Freifunk-IP - woher auch immer - gehlrt zu Tabelle ffmyk
-ip rule add from 10.222.0.0/16 table ffmyk
-
-#Tabelle ffmyk routet das Ziel mit Freifunk-IPs über das Device bat0
-ip route replace 10.222.0.0/16 dev bat0 table ffmyk
-
-ip route replace 0.0.0.0/1   via 10.222.100.1 dev bat0 metric 666 table ffmyk   # fastd1
-ip route replace 128.0.0.0/1 via 10.222.100.1 dev bat0 metric 666 table ffmyk   # fastd1
-ip route replace 0.0.0.0/1   via 10.222.112.1 dev bat0 metric 667 table ffmyk   # fastd2
-ip route replace 128.0.0.0/1 via 10.222.112.1 dev bat0 metric 667 table ffmyk   # fastd2
-ip route replace 0.0.0.0/1   via 10.222.120.1 dev bat0 metric 668 table ffmyk   # fastd3
-ip route replace 128.0.0.0/1 via 10.222.120.1 dev bat0 metric 668 table ffmyk   # fastd3
-
diff --git a/roles/setup_batman/tasks/main.yml b/roles/setup_batman/tasks/main.yml
index b8f49da..dd03ed1 100644
--- a/roles/setup_batman/tasks/main.yml
+++ b/roles/setup_batman/tasks/main.yml
@@ -14,18 +14,8 @@
       name: batctl
       state: present
 
-- name: name ffmyk routing table
-  lineinfile:
-      path: /etc/iproute2/rt_tables
-      line: 42 ffmyk
-
-- name: copy ffmyk iproute config script
-  copy:
-      src: ffmyk-iproute.sh
-      dest: /usr/local/bin/ffmyk-iproute.sh
-      mode: 0744
-
-- name: add netctl config
+- name: add batman netctl config for sites
   template:
-      src: netctl_bat0.j2
-      dest: /etc/netctl/bat0
+      src: netctl_bat.j2
+      dest: "/etc/netctl/bat{{ item.name }}"
+  with_items: "{{ sites }}"
diff --git a/roles/setup_batman/templates/netctl_bat.j2 b/roles/setup_batman/templates/netctl_bat.j2
new file mode 100644
index 0000000..01ebb6d
--- /dev/null
+++ b/roles/setup_batman/templates/netctl_bat.j2
@@ -0,0 +1,8 @@
+Connection=ethernet
+Interface=bat{{ item.name }}
+IP=static
+IP6=static
+Address6=({{ item.bat_ipv6 }}/64)
+Address=({{ item.bat_ipv4 }}/20)
+ExecUpPost=/usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh
+ExecDownPre=/usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh
diff --git a/roles/setup_batman/templates/netctl_bat0.j2 b/roles/setup_batman/templates/netctl_bat0.j2
deleted file mode 100644
index e48c5b8..0000000
--- a/roles/setup_batman/templates/netctl_bat0.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-Connection=ethernet
-Interface=bat0
-IP=static
-IP6=static
-Address6=({{ bat0_ipv6 }}/64)
-Address=({{ bat0_ipv4 }}/16)
-ExecUpPost=/usr/local/bin/ffmyk-iproute.sh
diff --git a/setup_fastd.yml b/setup_fastd.yml
index 2ddf41a..d34cd02 100644
--- a/setup_fastd.yml
+++ b/setup_fastd.yml
@@ -7,16 +7,18 @@
       - configure_journald
       - configure_sysctl
       - configure_iptables
-      - install_ssmtp
+      - configure_static_routes
+      #- install_ssmtp
       - install_cronie
       - install_php
-      - install_nginx
+      #- install_nginx
       - install_ntp
       - install_haveged
       - setup_batman
       - install_dhcp
+      - install_radvd
       - install_bind
       - install_fastd
-      - install_openvpn
-      - install_monitoring
+      #- install_openvpn
+      #- install_monitoring
       - install_admin_packages
author	Niklas Yann Wettengel <niyawe@niyawe.de>	2017-07-03 09:46:42 +0200
committer	Niklas Yann Wettengel <niyawe@niyawe.de>	2017-07-03 09:46:42 +0200
commit	d82f8524972086862f64750f325ba067ea993d86 (patch)
tree	aa7634db168da40d108e43c7c30fbce299bdc7ab
parent	90a8a597eaa3a008eac946460b5c621eafa8ec62 (diff)