summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/configure_iptables/templates/iptables.rules2
-rwxr-xr-xroles/configure_static_routes/files/ffmyk-iproute.sh1
-rw-r--r--roles/install_babeld/templates/babeld.conf.j27
-rw-r--r--roles/install_bind/templates/named.conf.j24
-rw-r--r--roles/install_mesh-announce/tasks/main.yml4
-rw-r--r--roles/install_tayga/tasks/main.yml5
-rw-r--r--roles/install_tayga/templates/systemd_override.conf.j24
-rw-r--r--roles/setup_ffrl_tunnel/templates/bird.conf24
-rw-r--r--roles/setup_ffrl_tunnel/templates/netctl4
9 files changed, 51 insertions, 4 deletions
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index c3d84dc..0a4bfd0 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -74,7 +74,9 @@ COMMIT
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
+{% if ffrl_ip4 is defined %}
{% for peer in ffrl_peers %}
-A POSTROUTING ! -s {{ ffrl_ip4 }} -o {{ peer.name }} -j SNAT --to-source {{ ffrl_ip4 }}
{% endfor %}
+{% endif %}
COMMIT
diff --git a/roles/configure_static_routes/files/ffmyk-iproute.sh b/roles/configure_static_routes/files/ffmyk-iproute.sh
index 83cb5aa..0e1fe06 100755
--- a/roles/configure_static_routes/files/ffmyk-iproute.sh
+++ b/roles/configure_static_routes/files/ffmyk-iproute.sh
@@ -7,6 +7,7 @@ ip -6 rule add iif nat64 table ffmyk priority 10
ip -4 rule add to 10.1.0.0/16 table ffmyk priority 10
ip -4 rule add to 10.2.0.0/16 table ffmyk priority 10
+ip -4 rule add to 10.3.0.0/16 table ffmyk priority 10
#Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk
ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10
ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10
diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2
index c5cdda0..7da5e12 100644
--- a/roles/install_babeld/templates/babeld.conf.j2
+++ b/roles/install_babeld/templates/babeld.conf.j2
@@ -27,19 +27,22 @@ import-table 42
reflect-kernel-metric true
# Filtering rules.
-in ip 10.222.0.0/16 allow
+in ip 10.0.0.0/8 allow
in ip 2a03:2260:1016::/48 allow
in ip 2003:46:e028::/48 allow # finzelberg
in ip fd62:44e1:da::/48 allow
+{% if ffrl_ip4 is defined %}
in deny # ignore default routes on uplinks
+{% endif %}
{% for peer in ffrl_peers %}
redistribute if {{ peer.name }} metric 128
{% endfor %}
# Only redistribute addresses from a given prefix, to avoid redistributing
# all local addresses
-redistribute ip 10.222.0.0/16 allow
+redistribute ip 10.0.0.0/8 allow
redistribute ip 2a03:2260:1016::/48 allow
redistribute ip 64:ff9b::/96 allow
+redistribute ip 2003:46:e028::/48 allow # finzelberg
redistribute ip fd62:44e1:da::/48 allow
redistribute local deny
diff --git a/roles/install_bind/templates/named.conf.j2 b/roles/install_bind/templates/named.conf.j2
index 352c1fa..056a6ea 100644
--- a/roles/install_bind/templates/named.conf.j2
+++ b/roles/install_bind/templates/named.conf.j2
@@ -29,6 +29,10 @@ options {
hostname none;
server-id none;
+ dns64 64:ff9b::/96 {
+ clients { any; };
+ };
+
max-cache-size 1024M;
};
diff --git a/roles/install_mesh-announce/tasks/main.yml b/roles/install_mesh-announce/tasks/main.yml
index 50c5175..d4591cf 100644
--- a/roles/install_mesh-announce/tasks/main.yml
+++ b/roles/install_mesh-announce/tasks/main.yml
@@ -6,20 +6,24 @@
- lsb-release
- ethtool
state: present
+ when: sites | length > 0
- name: clone mesh-announce repo
git:
repo: https://github.com/FreifunkMYK/mesh-announce.git
dest: /opt/mesh-announce
+ when: sites | length > 0
- name: create respondd service
template:
src: respondd.service.j2
dest: /etc/systemd/system/respondd.service
mode: 0644
+ when: sites | length > 0
- name: start and enable respondd service
systemd:
name: respondd
state: started
enabled: yes
+ when: sites | length > 0
diff --git a/roles/install_tayga/tasks/main.yml b/roles/install_tayga/tasks/main.yml
index 0f38790..7d4c6a5 100644
--- a/roles/install_tayga/tasks/main.yml
+++ b/roles/install_tayga/tasks/main.yml
@@ -11,6 +11,11 @@
mode: 0644
notify: restart tayga
+- name: create systemd override folder
+ ansible.builtin.file:
+ path: /etc/systemd/system/tayga.service.d
+ state: directory
+
- name: systemd override.conf
template:
src: systemd_override.conf.j2
diff --git a/roles/install_tayga/templates/systemd_override.conf.j2 b/roles/install_tayga/templates/systemd_override.conf.j2
index a3e7229..fb6ec48 100644
--- a/roles/install_tayga/templates/systemd_override.conf.j2
+++ b/roles/install_tayga/templates/systemd_override.conf.j2
@@ -4,7 +4,7 @@ ExecStartPre=/usr/bin/tayga --mktun --config /etc/tayga.conf
ExecStartPre=/usr/bin/ip link set nat64 up
ExecStartPre=/usr/bin/ip addr replace {{ tayga_ipv4 }}/32 dev nat64
ExecStartPre=/usr/bin/ip addr replace 2a03:2260:1016::64/128 dev nat64
-ExecStartPre=/usr/bin/ip route replace {{ tayga_pool }} dev nat64 table ffmyk
-ExecStartPre=/usr/bin/ip -6 route replace 64:ff9b::/96 dev nat64 table ffmyk
+ExecStartPre=/usr/bin/ip route replace {{ tayga_pool }} dev nat64 proto static table ffmyk
+ExecStartPre=/usr/bin/ip -6 route replace 64:ff9b::/96 dev nat64 proto static table ffmyk
ExecStart=/usr/bin/tayga --nodetach --config /etc/tayga.conf
Restart=always
diff --git a/roles/setup_ffrl_tunnel/templates/bird.conf b/roles/setup_ffrl_tunnel/templates/bird.conf
index c609a5b..7e3db92 100644
--- a/roles/setup_ffrl_tunnel/templates/bird.conf
+++ b/roles/setup_ffrl_tunnel/templates/bird.conf
@@ -3,21 +3,31 @@ timeformat protocol iso long;
#log "bird.log" all;
# debug protocols all;
+{% if ffrl_ip4 is defined %}
define ffrl_nat_address = {{ ffrl_ip4 }};
+{% endif %}
define ffmyk_as = 65032; # private AS of ffmyk
define ffrl_as = 201701; # public AS of rheinland
+{% if ffrl_ip4 is defined %}
router id ffrl_nat_address;
+{% else %}
+router id {{ ffrl_router_id }};
+{% endif %}
+{% if ffrl_ip4 is defined %}
ipv4 table ffrl4;
+{% endif %}
ipv6 table ffrl6;
+{% if ffrl_ip4 is defined %}
function is_default4() {
return net ~ [
0.0.0.0/0
];
}
+{% endif %}
function is_default6() {
return net ~ [
@@ -25,11 +35,13 @@ function is_default6() {
];
}
+{% if ffrl_ip4 is defined %}
function is_ffrl_nat4() {
return net ~ [
{{ ffrl_ip4 }}/32
];
}
+{% endif %}
function is_ffrl_public_nets6() {
return net ~ [
@@ -37,11 +49,13 @@ function is_ffrl_public_nets6() {
];
}
+{% if ffrl_ip4 is defined %}
function is_ffrl_tunnel_nets4() {
return net ~ [
100.64.0.0/10
];
}
+{% endif %}
function is_ffrl_tunnel_nets6() {
return net ~ [
@@ -49,6 +63,7 @@ function is_ffrl_tunnel_nets6() {
];
}
+{% if ffrl_ip4 is defined %}
# BGP Import Filter für Rheinland
filter ebgp_ffrl_import_filter4 {
if is_default4() then accept;
@@ -60,6 +75,7 @@ filter ebgp_ffrl_export_filter4 {
if is_ffrl_nat4() then accept;
reject;
}
+{% endif %}
filter ebgp_ffrl_import_filter6 {
if is_default6() then accept;
@@ -75,11 +91,13 @@ protocol device {
scan time 10;
}
+{% if ffrl_ip4 is defined %}
# IP-NAT-Adresse legen wir in die interne BIRD Routing Table
protocol static ffrl_uplink_hostroute4 {
ipv4 { table ffrl4; };
route {{ ffrl_ip4 }}/32 reject;
}
+{% endif %}
protocol static ffrl_public_routes6 {
ipv6 { table ffrl6; };
@@ -95,6 +113,7 @@ protocol static ffrl_public_routes6 {
# import where is_ffrl_tunnel_nets4();
#}
+{% if ffrl_ip4 is defined %}
# Wir exportieren über Rheinland gelernte Routen in die Kernel Table 47 (ffrl)
protocol kernel kernel_ffrl4 {
scan time 30;
@@ -108,6 +127,7 @@ protocol kernel kernel_ffrl4 {
};
kernel table 42;
};
+{% endif %}
protocol kernel kernel_ffrl6 {
scan time 30;
@@ -122,6 +142,7 @@ protocol kernel kernel_ffrl6 {
kernel table 42;
};
+{% if ffrl_ip4 is defined %}
# BGP Template für Rheinland Peerings
template bgp ffrl_uplink4 {
local as ffmyk_as;
@@ -134,6 +155,7 @@ template bgp ffrl_uplink4 {
};
direct;
};
+{% endif %}
template bgp ffrl_uplink6 {
local as ffmyk_as;
@@ -148,10 +170,12 @@ template bgp ffrl_uplink6 {
};
{% for peer in ffrl_peers %}
+{% if ffrl_ip4 is defined %}
protocol bgp ffrl_{{ peer.name }}4 from ffrl_uplink4 {
source address {{ peer.ip4 }};
neighbor {{ peer.peer_ip4 }} as 201701;
};
+{% endif %}
protocol bgp ffrl_{{ peer.name }}6 from ffrl_uplink6 {
source address {{ peer.ip6 }};
diff --git a/roles/setup_ffrl_tunnel/templates/netctl b/roles/setup_ffrl_tunnel/templates/netctl
index 98e8af4..65bbd7c 100644
--- a/roles/setup_ffrl_tunnel/templates/netctl
+++ b/roles/setup_ffrl_tunnel/templates/netctl
@@ -8,7 +8,11 @@ Remote={{ item.remote }}
ExecUpPost="/usr/bin/ip link set dev {{ item.name }} mtu 1400; /usr/bin/ip tunnel change {{ item.name }} ttl 64"
IP=static
+{% if ffrl_ip4 is defined %}
Address=('{{ item.ip4 }}/31' '{{ ffrl_ip4 }}/32')
+{% else %}
+Address=('{{ item.ip4 }}/31')
+{% endif %}
IP6=static
Address6=('{{ item.ip6 }}/64')
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-14 06:39:21 +0000