summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/configure_iptables/templates/ip6tables.rules2
-rw-r--r--roles/configure_iptables/templates/iptables.rules2
-rwxr-xr-xroles/install_monitoring/files/check_internet.sh37
-rw-r--r--roles/install_monitoring/tasks/install_vnstat.yml29
-rw-r--r--roles/install_monitoring/tasks/main.yml23
-rw-r--r--roles/install_wireguard_backbone/templates/wg2.conf.j23
6 files changed, 32 insertions, 64 deletions
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index d8cf4ea..054946c 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -36,6 +36,8 @@ COMMIT
# dns
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
+# nginx
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
# fastd
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index be2965d..3519924 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -40,6 +40,8 @@ COMMIT
{% for site in sites %}
-I INPUT -i bat{{ site.name }} -p udp --dport 67:68 --sport 67:68 -j ACCEPT
{% endfor %}
+# nginx
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
# fastd
diff --git a/roles/install_monitoring/files/check_internet.sh b/roles/install_monitoring/files/check_internet.sh
deleted file mode 100755
index 5fbe0c2..0000000
--- a/roles/install_monitoring/files/check_internet.sh
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-
-INTERFACE=mullvad
-FAILED_FILE=/tmp/mullvad.failed
-fail=false
-
-if [ ! -e /sys/class/net/$INTERFACE ]; then
- echo "$INTERFACE interface does not exist"
- fail=true
-else
- start_bytes=$(cat /sys/class/net/$INTERFACE/statistics/rx_bytes)
- sleep 30
- end_bytes=$(cat /sys/class/net/$INTERFACE/statistics/rx_bytes)
-
- if [ $(($end_bytes-$start_bytes)) -lt 1000 ]; then
- #echo "no traffic via $INTERFACE"
- fail=true
- fi
-fi
-
-if $fail; then
- systemctl is-active openvpn-client@mullvad.service > /dev/null
- if [ $? -ne 0 ]; then
- systemctl status openvpn-client@mullvad.service
- if [ -e $FAILED_FILE ]; then
- echo restart openvpn-client@mullvad.service
- systemctl restart openvpn-client@mullvad.service
- else
- touch $FAILED_FILE
- fi
- fi
-else
- if [ -e $FAILED_FILE ]; then
- rm $FAILED_FILE
- fi
-fi
-
diff --git a/roles/install_monitoring/tasks/install_vnstat.yml b/roles/install_monitoring/tasks/install_vnstat.yml
index 9113331..e737d74 100644
--- a/roles/install_monitoring/tasks/install_vnstat.yml
+++ b/roles/install_monitoring/tasks/install_vnstat.yml
@@ -10,15 +10,28 @@
enabled: yes
state: started
-- name: add interfaces to vnstat
- command: /usr/bin/vnstat -u -i {{ item }}
+- name: add interfaces to vnstat for batman interfaces
+ command: /usr/bin/vnstat -u -i bat{{ item.name }}
args:
- creates: '/var/lib/vnstat/{{ item }}'
+ creates: '/var/lib/vnstat/bat{{ item.name }}'
+ with_items: "{{ sites }}"
+
+- name: add interfaces to vnstat for uplink interfaces
+ command: /usr/bin/vnstat -u -i bb{{ hostvars[item]['wireguard_bb_name'] }}
+ args:
+ creates: "/var/lib/vnstat/bb{{ hostvars[item]['wireguard_bb_name'] }}"
with_items:
- - bat0
- - ens3
- - ffmyk-mesh-vpn
- - mullvad
+ - "{{ groups['uplink'] }}"
+
+- name: add interfaces to vnstat for outgoing v4 interface
+ command: /usr/bin/vnstat -u -i {{ ansible_default_ipv4.interface }}
+ args:
+ creates: '/var/lib/vnstat/{{ ansible_default_ipv4.interface }}'
+
+- name: add interfaces to vnstat for outgoing v6 interface
+ command: /usr/bin/vnstat -u -i {{ ansible_default_ipv6.interface }}
+ args:
+ creates: '/var/lib/vnstat/{{ ansible_default_ipv6.interface }}'
- name: add output folder for vnstat graphs
file:
@@ -41,7 +54,7 @@
name: vnstat
minute: '*/5'
user: root
- cron_file: fastd-api
+ cron_file: vnstat
job: '/usr/local/bin/vnstat.sh'
- name: add vnstat nginx config
diff --git a/roles/install_monitoring/tasks/main.yml b/roles/install_monitoring/tasks/main.yml
index 726d890..0b63792 100644
--- a/roles/install_monitoring/tasks/main.yml
+++ b/roles/install_monitoring/tasks/main.yml
@@ -1,22 +1,9 @@
---
- name: install vnstat
- include: install_vnstat.yml
+ import_tasks: install_vnstat.yml
-- name: add bash script to check internet
- copy:
- src: check_internet.sh
- dest: /usr/local/bin/check_internet.sh
- mode: 0744
+#- name: install ffmyk-influx
+# include: install_ffmyk-influx.yml
-- name: add cronjob to check internet
- cron:
- name: check_internet
- user: root
- cron_file: fastd-api
- job: '/usr/local/bin/check_internet.sh'
-
-- name: install ffmyk-influx
- include: install_ffmyk-influx.yml
-
-- name: install munin
- include: install_munin.yml
+#- name: install munin
+# include: install_munin.yml
diff --git a/roles/install_wireguard_backbone/templates/wg2.conf.j2 b/roles/install_wireguard_backbone/templates/wg2.conf.j2
index c30fcaf..f16d668 100644
--- a/roles/install_wireguard_backbone/templates/wg2.conf.j2
+++ b/roles/install_wireguard_backbone/templates/wg2.conf.j2
@@ -5,5 +5,6 @@ PrivateKey = {{ wireguard_bb_priv_key }}
[Peer]
PublicKey = {{ item.pub_key }}
AllowedIPs = 0.0.0.0/0,::/0
-{% if item.endpoint is defined %}Endpoint = [{{ item.endpoint }}]:{{ wireguard_bb_port }}{% endif %}
PersistentKeepalive = 30
+{% if item.endpoint is defined %}Endpoint = [{{ item.endpoint }}]:{{ wireguard_bb_port }}{% endif %}
+
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-15 01:35:16 +0000