diff options
author | Niklas Yann Wettengel <niyawe@niyawe.de> | 2018-03-04 17:50:19 +0100 |
---|---|---|
committer | Niklas Yann Wettengel <niyawe@niyawe.de> | 2018-03-04 17:50:19 +0100 |
commit | a85999dbacc7d6a26332955e6518ae495797e85e (patch) | |
tree | 1488bf5a94103b44cfad86dc9ef8f656a61e84a0 | |
parent | aa0593233ec2470120b2655f3ba2ac28d7a4c5ee (diff) |
install vnstat
-rw-r--r-- | roles/configure_iptables/templates/ip6tables.rules | 2 | ||||
-rw-r--r-- | roles/configure_iptables/templates/iptables.rules | 2 | ||||
-rwxr-xr-x | roles/install_monitoring/files/check_internet.sh | 37 | ||||
-rw-r--r-- | roles/install_monitoring/tasks/install_vnstat.yml | 29 | ||||
-rw-r--r-- | roles/install_monitoring/tasks/main.yml | 23 | ||||
-rw-r--r-- | roles/install_wireguard_backbone/templates/wg2.conf.j2 | 3 | ||||
-rw-r--r-- | setup_fastd.yml | 2 |
7 files changed, 33 insertions, 65 deletions
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index d8cf4ea..054946c 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -36,6 +36,8 @@ COMMIT # dns -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT +# nginx +-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index be2965d..3519924 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -40,6 +40,8 @@ COMMIT {% for site in sites %} -I INPUT -i bat{{ site.name }} -p udp --dport 67:68 --sport 67:68 -j ACCEPT {% endfor %} +# nginx +-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd diff --git a/roles/install_monitoring/files/check_internet.sh b/roles/install_monitoring/files/check_internet.sh deleted file mode 100755 index 5fbe0c2..0000000 --- a/roles/install_monitoring/files/check_internet.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -INTERFACE=mullvad -FAILED_FILE=/tmp/mullvad.failed -fail=false - -if [ ! -e /sys/class/net/$INTERFACE ]; then - echo "$INTERFACE interface does not exist" - fail=true -else - start_bytes=$(cat /sys/class/net/$INTERFACE/statistics/rx_bytes) - sleep 30 - end_bytes=$(cat /sys/class/net/$INTERFACE/statistics/rx_bytes) - - if [ $(($end_bytes-$start_bytes)) -lt 1000 ]; then - #echo "no traffic via $INTERFACE" - fail=true - fi -fi - -if $fail; then - systemctl is-active openvpn-client@mullvad.service > /dev/null - if [ $? -ne 0 ]; then - systemctl status openvpn-client@mullvad.service - if [ -e $FAILED_FILE ]; then - echo restart openvpn-client@mullvad.service - systemctl restart openvpn-client@mullvad.service - else - touch $FAILED_FILE - fi - fi -else - if [ -e $FAILED_FILE ]; then - rm $FAILED_FILE - fi -fi - diff --git a/roles/install_monitoring/tasks/install_vnstat.yml b/roles/install_monitoring/tasks/install_vnstat.yml index 9113331..e737d74 100644 --- a/roles/install_monitoring/tasks/install_vnstat.yml +++ b/roles/install_monitoring/tasks/install_vnstat.yml @@ -10,15 +10,28 @@ enabled: yes state: started -- name: add interfaces to vnstat - command: /usr/bin/vnstat -u -i {{ item }} +- name: add interfaces to vnstat for batman interfaces + command: /usr/bin/vnstat -u -i bat{{ item.name }} args: - creates: '/var/lib/vnstat/{{ item }}' + creates: '/var/lib/vnstat/bat{{ item.name }}' + with_items: "{{ sites }}" + +- name: add interfaces to vnstat for uplink interfaces + command: /usr/bin/vnstat -u -i bb{{ hostvars[item]['wireguard_bb_name'] }} + args: + creates: "/var/lib/vnstat/bb{{ hostvars[item]['wireguard_bb_name'] }}" with_items: - - bat0 - - ens3 - - ffmyk-mesh-vpn - - mullvad + - "{{ groups['uplink'] }}" + +- name: add interfaces to vnstat for outgoing v4 interface + command: /usr/bin/vnstat -u -i {{ ansible_default_ipv4.interface }} + args: + creates: '/var/lib/vnstat/{{ ansible_default_ipv4.interface }}' + +- name: add interfaces to vnstat for outgoing v6 interface + command: /usr/bin/vnstat -u -i {{ ansible_default_ipv6.interface }} + args: + creates: '/var/lib/vnstat/{{ ansible_default_ipv6.interface }}' - name: add output folder for vnstat graphs file: @@ -41,7 +54,7 @@ name: vnstat minute: '*/5' user: root - cron_file: fastd-api + cron_file: vnstat job: '/usr/local/bin/vnstat.sh' - name: add vnstat nginx config diff --git a/roles/install_monitoring/tasks/main.yml b/roles/install_monitoring/tasks/main.yml index 726d890..0b63792 100644 --- a/roles/install_monitoring/tasks/main.yml +++ b/roles/install_monitoring/tasks/main.yml @@ -1,22 +1,9 @@ --- - name: install vnstat - include: install_vnstat.yml + import_tasks: install_vnstat.yml -- name: add bash script to check internet - copy: - src: check_internet.sh - dest: /usr/local/bin/check_internet.sh - mode: 0744 +#- name: install ffmyk-influx +# include: install_ffmyk-influx.yml -- name: add cronjob to check internet - cron: - name: check_internet - user: root - cron_file: fastd-api - job: '/usr/local/bin/check_internet.sh' - -- name: install ffmyk-influx - include: install_ffmyk-influx.yml - -- name: install munin - include: install_munin.yml +#- name: install munin +# include: install_munin.yml diff --git a/roles/install_wireguard_backbone/templates/wg2.conf.j2 b/roles/install_wireguard_backbone/templates/wg2.conf.j2 index c30fcaf..f16d668 100644 --- a/roles/install_wireguard_backbone/templates/wg2.conf.j2 +++ b/roles/install_wireguard_backbone/templates/wg2.conf.j2 @@ -5,5 +5,6 @@ PrivateKey = {{ wireguard_bb_priv_key }} [Peer] PublicKey = {{ item.pub_key }} AllowedIPs = 0.0.0.0/0,::/0 -{% if item.endpoint is defined %}Endpoint = [{{ item.endpoint }}]:{{ wireguard_bb_port }}{% endif %} PersistentKeepalive = 30 +{% if item.endpoint is defined %}Endpoint = [{{ item.endpoint }}]:{{ wireguard_bb_port }}{% endif %} + diff --git a/setup_fastd.yml b/setup_fastd.yml index 38f68c8..238400b 100644 --- a/setup_fastd.yml +++ b/setup_fastd.yml @@ -22,7 +22,7 @@ - install_wireguard_backbone - install_babeld - install_fastd - #- install_monitoring + - install_monitoring - update_ssh_keys - install_admin_packages - name: basic uplink config |