From 4b97c64f947662cd4e2c233a51114c1ff3a9815c Mon Sep 17 00:00:00 2001
From: Niklas Yann Wettengel <niyawe@niyawe.de>
Date: Fri, 17 Mar 2017 22:35:38 +0100
Subject: updated setup_fastd playbook

added features:
 - install_bind
 - install_dhcp
 - install_fastd
 - setup_batman
---
 roles/install_fastd/files/fastd-api.php      | 45 +++++++++++++
 roles/install_fastd/files/fastd1             |  2 +
 roles/install_fastd/files/fastd10            |  2 +
 roles/install_fastd/files/fastd11            |  2 +
 roles/install_fastd/files/fastd12            |  2 +
 roles/install_fastd/files/fastd13            |  2 +
 roles/install_fastd/files/fastd14            |  2 +
 roles/install_fastd/files/fastd15            |  2 +
 roles/install_fastd/files/fastd2             |  2 +
 roles/install_fastd/files/fastd3             |  2 +
 roles/install_fastd/files/fastd4             |  2 +
 roles/install_fastd/files/fastd5             |  2 +
 roles/install_fastd/files/fastd6             |  2 +
 roles/install_fastd/files/fastd7             |  2 +
 roles/install_fastd/files/fastd8             |  2 +
 roles/install_fastd/files/fastd9             |  2 +
 roles/install_fastd/tasks/main.yml           | 94 ++++++++++++++++++++++++++++
 roles/install_fastd/templates/fastd.conf.j2  | 18 ++++++
 roles/install_fastd/templates/fastd_up.sh.j2 | 11 ++++
 19 files changed, 198 insertions(+)
 create mode 100644 roles/install_fastd/files/fastd-api.php
 create mode 100644 roles/install_fastd/files/fastd1
 create mode 100644 roles/install_fastd/files/fastd10
 create mode 100644 roles/install_fastd/files/fastd11
 create mode 100644 roles/install_fastd/files/fastd12
 create mode 100644 roles/install_fastd/files/fastd13
 create mode 100644 roles/install_fastd/files/fastd14
 create mode 100644 roles/install_fastd/files/fastd15
 create mode 100644 roles/install_fastd/files/fastd2
 create mode 100644 roles/install_fastd/files/fastd3
 create mode 100644 roles/install_fastd/files/fastd4
 create mode 100644 roles/install_fastd/files/fastd5
 create mode 100644 roles/install_fastd/files/fastd6
 create mode 100644 roles/install_fastd/files/fastd7
 create mode 100644 roles/install_fastd/files/fastd8
 create mode 100644 roles/install_fastd/files/fastd9
 create mode 100644 roles/install_fastd/tasks/main.yml
 create mode 100644 roles/install_fastd/templates/fastd.conf.j2
 create mode 100644 roles/install_fastd/templates/fastd_up.sh.j2

(limited to 'roles/install_fastd')

diff --git a/roles/install_fastd/files/fastd-api.php b/roles/install_fastd/files/fastd-api.php
new file mode 100644
index 0000000..98da7a7
--- /dev/null
+++ b/roles/install_fastd/files/fastd-api.php
@@ -0,0 +1,45 @@
+#!/usr/bin/php -f
+<?php
+//$url = 'http://register.freifunk-myk.de/srvapi.php';
+$url = 'https://www.freifunk-myk.de/node/keys';
+$out = '/etc/fastd/ffmyk/peers/';
+ 
+if(!is_dir($out)) die('Output Dir missing');
+if(!is_writable($out)) die('Output Dir perms');
+
+if( ($data = file_get_contents($url)) === FALSE ) die('Error getting keys');
+$data = unserialize($data);
+
+$active=array();
+ 
+foreach($data as $router) {
+        $router['MAC'] = trim($router['MAC']);
+        $router['PublicKey'] = trim($router['PublicKey']);
+	if(!preg_match('/^[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}$/', $router['MAC'])) {
+		//trigger_error('Router mit falscher MAC?!', E_USER_WARNING);
+	}elseif(!preg_match('/^[A-F0-9]{64}$/', $router['PublicKey'])) {
+		//trigger_error('Router mit falschem Key?!'.$router['MAC'], E_USER_WARNING);
+	}else{
+		$filename='client_'.str_replace(':', '-', $router['MAC']);
+		$fp=fopen($out.$filename, 'w');
+		fwrite($fp, 'key "'.$router['PublicKey'].'";'."\n");
+		fclose($fp);
+		$active[] = $filename;
+	}
+}
+
+//Check if we fscked up
+if(count($active) < 10) die('Less than 10 nodes? Database broken?'); 
+
+$dh = opendir($out);
+while(($file = readdir($dh)) !== false) {
+	if($file != '.' && $file != '..') {
+		if(!in_array($file, $active) && (strpos($file, 'client_') !== false)) {
+			unlink($out.$file);
+		}
+	}
+}
+ 
+exec('killall -SIGHUP fastd');
+ 
+?>
diff --git a/roles/install_fastd/files/fastd1 b/roles/install_fastd/files/fastd1
new file mode 100644
index 0000000..e3bcd7a
--- /dev/null
+++ b/roles/install_fastd/files/fastd1
@@ -0,0 +1,2 @@
+key "d78c8c9b2977f732cdd00d2d4b557cfb5de1438897d33b9ec04037512dd11d6a";
+remote "fastd1.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd10 b/roles/install_fastd/files/fastd10
new file mode 100644
index 0000000..b722cee
--- /dev/null
+++ b/roles/install_fastd/files/fastd10
@@ -0,0 +1,2 @@
+key "03cb2b87af657dfc4a434c5dfe3234e947571ca5a8d114d24e0e9f9861eff558";
+remote "fastd10.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd11 b/roles/install_fastd/files/fastd11
new file mode 100644
index 0000000..8567a64
--- /dev/null
+++ b/roles/install_fastd/files/fastd11
@@ -0,0 +1,2 @@
+key "c5ddbdc98a9aa8eb4fc684571c23eabaefd6ef63b8cb9d3a31a2cd6e656c47f9";
+remote "fastd11.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd12 b/roles/install_fastd/files/fastd12
new file mode 100644
index 0000000..2618870
--- /dev/null
+++ b/roles/install_fastd/files/fastd12
@@ -0,0 +1,2 @@
+key "d47e917875f145a27a3ef10e29bf011c1f89ab4ea313c4bd0d8bac07ffacf557";
+remote "fastd12.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd13 b/roles/install_fastd/files/fastd13
new file mode 100644
index 0000000..034454a
--- /dev/null
+++ b/roles/install_fastd/files/fastd13
@@ -0,0 +1,2 @@
+key "2895322d66ba7aaa0daf779d795a2a44255d1d14bea639e1267149f466602fce";
+remote "fastd13.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd14 b/roles/install_fastd/files/fastd14
new file mode 100644
index 0000000..c33841b
--- /dev/null
+++ b/roles/install_fastd/files/fastd14
@@ -0,0 +1,2 @@
+key "22e08f6e9c72e77041aa635d380e03069cfe193d9f5a0551ff2188677d15d5c0";
+remote "fastd14.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd15 b/roles/install_fastd/files/fastd15
new file mode 100644
index 0000000..b1ab979
--- /dev/null
+++ b/roles/install_fastd/files/fastd15
@@ -0,0 +1,2 @@
+key "78605f4cc687a1a5c2a1cbbacb6310bb4dc2546e605a1f2852aabea5e2dbecbb";
+remote "fastd15.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd2 b/roles/install_fastd/files/fastd2
new file mode 100644
index 0000000..e911561
--- /dev/null
+++ b/roles/install_fastd/files/fastd2
@@ -0,0 +1,2 @@
+key "f753af06aff1e765a0601c21343965cd3a9abd91f98a76867589e742c041a550";
+remote "fastd2.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd3 b/roles/install_fastd/files/fastd3
new file mode 100644
index 0000000..f46363e
--- /dev/null
+++ b/roles/install_fastd/files/fastd3
@@ -0,0 +1,2 @@
+key "70a561adcea747e4758376222cddf7d43db43fac55b43e3840b6e3bc5042b170";
+remote "fastd3.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd4 b/roles/install_fastd/files/fastd4
new file mode 100644
index 0000000..34eb1e5
--- /dev/null
+++ b/roles/install_fastd/files/fastd4
@@ -0,0 +1,2 @@
+key "30e707472d8eed4397295554764846f309a4b046ba628d24f2acee79543d671c";
+remote "fastd4.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd5 b/roles/install_fastd/files/fastd5
new file mode 100644
index 0000000..0863396
--- /dev/null
+++ b/roles/install_fastd/files/fastd5
@@ -0,0 +1,2 @@
+key "c785f8d8f59b75ffbec7eb417e1971dc5a123ff3507e3121352102fdea646e89";
+remote "fastd5.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd6 b/roles/install_fastd/files/fastd6
new file mode 100644
index 0000000..63d7321
--- /dev/null
+++ b/roles/install_fastd/files/fastd6
@@ -0,0 +1,2 @@
+key "c40b725a5118b7c37f76b562461db160b1c99495f1df254067de2b5772831d22";
+remote "fastd6.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd7 b/roles/install_fastd/files/fastd7
new file mode 100644
index 0000000..8939a00
--- /dev/null
+++ b/roles/install_fastd/files/fastd7
@@ -0,0 +1,2 @@
+key "72dbb9f07c272e6cfba07ebc3e318cc66e7d6e7583d6aa27fdd0445cf1bea2d8";
+remote "fastd7.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd8 b/roles/install_fastd/files/fastd8
new file mode 100644
index 0000000..9181b6d
--- /dev/null
+++ b/roles/install_fastd/files/fastd8
@@ -0,0 +1,2 @@
+key "66744cda306b1087753a57a727c79a934c872e7221ec6a28ff41e3a316eff0ab";
+remote "fastd8.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/files/fastd9 b/roles/install_fastd/files/fastd9
new file mode 100644
index 0000000..a62df5f
--- /dev/null
+++ b/roles/install_fastd/files/fastd9
@@ -0,0 +1,2 @@
+key "a8a79387ffa4370c6ae322d99aeb5b8b82f5580ce8dfe5726e0d161a7894a6ed";
+remote "fastd9.services.freifunk-myk.de":10000;
diff --git a/roles/install_fastd/tasks/main.yml b/roles/install_fastd/tasks/main.yml
new file mode 100644
index 0000000..3bdd59e
--- /dev/null
+++ b/roles/install_fastd/tasks/main.yml
@@ -0,0 +1,94 @@
+---
+- name: install fastd
+  become: yes
+  become_user: '{{ aur_user }}'
+  aur:
+      name: fastd
+      tool: yaourt
+
+- name: create ffmyk folder
+  file:
+      path: /etc/fastd/ffmyk
+      state: directory
+
+- name: fastd.conf
+  template:
+      src: fastd.conf.j2
+      dest: /etc/fastd/ffmyk/fastd.conf
+      mode: 0640
+- name: create backbone folder
+  file:
+      path: /etc/fastd/ffmyk/backbone
+      state: directory
+
+- name: add backbone peers
+  copy:
+      src: '{{ item }}'
+      dest: /etc/fastd/ffmyk/backbone/{{ item }}
+  with_items:
+      - fastd1
+      - fastd2
+      - fastd3
+      - fastd4
+      - fastd5
+      - fastd6
+      - fastd7
+      - fastd8
+      - fastd9
+      - fastd10
+      - fastd11
+      - fastd12
+      - fastd13
+      - fastd14
+      - fastd15
+
+- name: add fastd bin folder
+  file:
+      path: /etc/fastd/ffmyk/bin
+      state: directory
+
+- name: add fastd up script
+  template:
+      src: fastd_up.sh.j2
+      dest: /etc/fastd/ffmyk/bin/up.sh
+      mode: 0744
+
+- name: add fastd peers folder
+  file:
+      path: /etc/fastd/ffmyk/peers
+      state: directory
+
+- name: install php for api script
+  pacman:
+      name: php
+      state: present
+
+- name: add fastd peer api script
+  copy:
+      src: fastd-api.php
+      dest: /etc/fastd/ffmyk/bin/fastd-api.php
+
+- name: install cronie
+  pacman:
+      name: cronie
+      state: present
+
+- name: start and enable cronie
+  systemd:
+      name: cronie.service
+      enabled: yes
+      state: started
+
+- name: setup cronjob for fastd-api
+  cron:
+      name: fastd-api
+      minute: '*/10'
+      user: root
+      cron_file: fastd-api
+      job: '/usr/bin/php /etc/fastd/ffmyk/bin/fastd-api.php'
+
+- name: start and enable fastd service
+  systemd:
+      name: fastd@ffmyk.service
+      enabled: yes
+      state: started
diff --git a/roles/install_fastd/templates/fastd.conf.j2 b/roles/install_fastd/templates/fastd.conf.j2
new file mode 100644
index 0000000..9d8a42b
--- /dev/null
+++ b/roles/install_fastd/templates/fastd.conf.j2
@@ -0,0 +1,18 @@
+log to syslog level info;
+interface "ffmyk-mesh-vpn";
+method "salsa2012+gmac";
+method "salsa2012+umac";
+secure handshakes yes;
+bind any:10000;
+hide ip addresses yes;
+hide mac addresses yes;
+mtu 1280;
+peer group "clients" {
+	include peers from "peers";
+	peer limit {{ fastd_peer_limit }};
+}
+include peers from "backbone";
+secret "{{ fastd_secret }}";
+on up "/etc/fastd/ffmyk/bin/up.sh $INTERFACE";
+status socket "/run/ffmyk.socket";
+
diff --git a/roles/install_fastd/templates/fastd_up.sh.j2 b/roles/install_fastd/templates/fastd_up.sh.j2
new file mode 100644
index 0000000..87b71ce
--- /dev/null
+++ b/roles/install_fastd/templates/fastd_up.sh.j2
@@ -0,0 +1,11 @@
+#!/bin/bash
+ip link set address {{ fastd_mesh_mac }} dev $1
+ip link set up dev $1
+batctl -m bat0 if add $1
+batctl -m bat0 gw server 1000000/1000000
+batctl -m bat0 it 10000
+batctl -m bat0 mm 1
+echo 128 > /sys/class/net/bat0/mesh/hop_penalty
+netctl start bat0
+systemctl restart dhcpd4.service
+systemctl restart named.service
-- 
cgit v1.2.3-54-g00ecf