diff options
Diffstat (limited to 'roles/configure_static_routes')
5 files changed, 86 insertions, 0 deletions
diff --git a/roles/configure_static_routes/files/ffmyk-iproute.service b/roles/configure_static_routes/files/ffmyk-iproute.service new file mode 100644 index 0000000..95bfe42 --- /dev/null +++ b/roles/configure_static_routes/files/ffmyk-iproute.service @@ -0,0 +1,14 @@ +[Unit] +Description=sets up ip rules and static routes +ConditionPathExists=/usr/local/bin/ffmyk-iproute.sh + +[Service] +Type=forking +ExecStart=/usr/local/bin/ffmyk-iproute.sh +TimeoutSec=0 +StandardOutput=tty +RemainAfterExit=yes +SysVStartPriority=99 + +[Install] +WantedBy=multi-user.target diff --git a/roles/configure_static_routes/files/ffmyk-iproute.sh b/roles/configure_static_routes/files/ffmyk-iproute.sh new file mode 100755 index 0000000..ee7f6a0 --- /dev/null +++ b/roles/configure_static_routes/files/ffmyk-iproute.sh @@ -0,0 +1,12 @@ +#!/bin/bash +#Routingtabelle ffmyk ist per default nicht erreichbar +ip -4 route add unreachable default table ffmyk +ip -6 route add unreachable default table ffmyk + +#Alles, was mit 0x1 markiert wird gehört zu Tabelle ffmyk +ip -4 rule add from all fwmark 0x1 table ffmyk +ip -6 rule add from all fwmark 0x1 table ffmyk + +#Alles mit Freifunk-IP - woher auch immer - gehlrt zu Tabelle ffmyk +ip -4 rule add from 10.222.0.0/16 table ffmyk +ip -6 rule add from 2001:470:cd45:FF00::/56 table ffmyk diff --git a/roles/configure_static_routes/tasks/main.yml b/roles/configure_static_routes/tasks/main.yml new file mode 100644 index 0000000..e89d845 --- /dev/null +++ b/roles/configure_static_routes/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: name ffmyk routing table + lineinfile: + path: /etc/iproute2/rt_tables + line: 42 ffmyk + +- name: copy ffmyk iproute config script + copy: + src: ffmyk-iproute.sh + dest: /usr/local/bin/ffmyk-iproute.sh + mode: 0744 + +- name: copy site specific iproute up config script + template: + src: ffmyk-iproute-up.j2 + dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh + mode: 0744 + with_items: "{{ sites }}" + +- name: copy site specific iproute down config script + template: + src: ffmyk-iproute-down.j2 + dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh + mode: 0744 + with_items: "{{ sites }}" + +- name: copy ffmyk iproute systemd service + copy: + src: ffmyk-iproute.service + dest: /etc/systemd/system/ffmyk-iproute.service + mode: 0444 + +- name: start and enable ffmyk iproute service + systemd: + name: ffmyk-iproute.service + daemon_reload: yes + enabled: yes + state: started diff --git a/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 b/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 new file mode 100644 index 0000000..51a0a17 --- /dev/null +++ b/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 @@ -0,0 +1,11 @@ +#!/bin/bash + +ip -4 route del {{item.net4 }} dev bat{{ item.name }} proto static table ffmyk +ip -6 route del {{item.net6 }} dev bat{{ item.name }} proto static table ffmyk + +ip -4 rule del iif bat{{ item.name }} table ffmyk +ip -6 rule del iif bat{{ item.name }} table ffmyk +ip -4 rule del from {{ item.net4 }} table ffmyk +ip -6 rule del from {{ item.net6 }} table ffmyk +ip -4 rule del to {{ item.net4 }} table ffmyk +ip -6 rule del to {{ item.net6 }} table ffmyk diff --git a/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 b/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 new file mode 100644 index 0000000..a8275da --- /dev/null +++ b/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 @@ -0,0 +1,11 @@ +#!/bin/bash + +ip -4 rule add iif bat{{ item.name }} table ffmyk +ip -6 rule add iif bat{{ item.name }} table ffmyk +ip -4 rule add from {{ item.net4 }} table ffmyk +ip -6 rule add from {{ item.net6 }} table ffmyk +ip -4 rule add to {{ item.net4 }} table ffmyk +ip -6 rule add to {{ item.net6 }} table ffmyk + +ip -4 route replace {{item.net4 }} dev bat{{ item.name }} proto static table ffmyk +ip -6 route replace {{item.net6 }} dev bat{{ item.name }} proto static table ffmyk |