From a85999dbacc7d6a26332955e6518ae495797e85e Mon Sep 17 00:00:00 2001 From: Niklas Yann Wettengel Date: Sun, 4 Mar 2018 17:50:19 +0100 Subject: install vnstat --- roles/configure_iptables/templates/ip6tables.rules | 2 ++ roles/configure_iptables/templates/iptables.rules | 2 ++ roles/install_monitoring/files/check_internet.sh | 37 ---------------------- roles/install_monitoring/tasks/install_vnstat.yml | 29 ++++++++++++----- roles/install_monitoring/tasks/main.yml | 23 +++----------- .../templates/wg2.conf.j2 | 3 +- 6 files changed, 32 insertions(+), 64 deletions(-) delete mode 100755 roles/install_monitoring/files/check_internet.sh (limited to 'roles') diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index d8cf4ea..054946c 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -36,6 +36,8 @@ COMMIT # dns -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT +# nginx +-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index be2965d..3519924 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -40,6 +40,8 @@ COMMIT {% for site in sites %} -I INPUT -i bat{{ site.name }} -p udp --dport 67:68 --sport 67:68 -j ACCEPT {% endfor %} +# nginx +-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd diff --git a/roles/install_monitoring/files/check_internet.sh b/roles/install_monitoring/files/check_internet.sh deleted file mode 100755 index 5fbe0c2..0000000 --- a/roles/install_monitoring/files/check_internet.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -INTERFACE=mullvad -FAILED_FILE=/tmp/mullvad.failed -fail=false - -if [ ! -e /sys/class/net/$INTERFACE ]; then - echo "$INTERFACE interface does not exist" - fail=true -else - start_bytes=$(cat /sys/class/net/$INTERFACE/statistics/rx_bytes) - sleep 30 - end_bytes=$(cat /sys/class/net/$INTERFACE/statistics/rx_bytes) - - if [ $(($end_bytes-$start_bytes)) -lt 1000 ]; then - #echo "no traffic via $INTERFACE" - fail=true - fi -fi - -if $fail; then - systemctl is-active openvpn-client@mullvad.service > /dev/null - if [ $? -ne 0 ]; then - systemctl status openvpn-client@mullvad.service - if [ -e $FAILED_FILE ]; then - echo restart openvpn-client@mullvad.service - systemctl restart openvpn-client@mullvad.service - else - touch $FAILED_FILE - fi - fi -else - if [ -e $FAILED_FILE ]; then - rm $FAILED_FILE - fi -fi - diff --git a/roles/install_monitoring/tasks/install_vnstat.yml b/roles/install_monitoring/tasks/install_vnstat.yml index 9113331..e737d74 100644 --- a/roles/install_monitoring/tasks/install_vnstat.yml +++ b/roles/install_monitoring/tasks/install_vnstat.yml @@ -10,15 +10,28 @@ enabled: yes state: started -- name: add interfaces to vnstat - command: /usr/bin/vnstat -u -i {{ item }} +- name: add interfaces to vnstat for batman interfaces + command: /usr/bin/vnstat -u -i bat{{ item.name }} args: - creates: '/var/lib/vnstat/{{ item }}' + creates: '/var/lib/vnstat/bat{{ item.name }}' + with_items: "{{ sites }}" + +- name: add interfaces to vnstat for uplink interfaces + command: /usr/bin/vnstat -u -i bb{{ hostvars[item]['wireguard_bb_name'] }} + args: + creates: "/var/lib/vnstat/bb{{ hostvars[item]['wireguard_bb_name'] }}" with_items: - - bat0 - - ens3 - - ffmyk-mesh-vpn - - mullvad + - "{{ groups['uplink'] }}" + +- name: add interfaces to vnstat for outgoing v4 interface + command: /usr/bin/vnstat -u -i {{ ansible_default_ipv4.interface }} + args: + creates: '/var/lib/vnstat/{{ ansible_default_ipv4.interface }}' + +- name: add interfaces to vnstat for outgoing v6 interface + command: /usr/bin/vnstat -u -i {{ ansible_default_ipv6.interface }} + args: + creates: '/var/lib/vnstat/{{ ansible_default_ipv6.interface }}' - name: add output folder for vnstat graphs file: @@ -41,7 +54,7 @@ name: vnstat minute: '*/5' user: root - cron_file: fastd-api + cron_file: vnstat job: '/usr/local/bin/vnstat.sh' - name: add vnstat nginx config diff --git a/roles/install_monitoring/tasks/main.yml b/roles/install_monitoring/tasks/main.yml index 726d890..0b63792 100644 --- a/roles/install_monitoring/tasks/main.yml +++ b/roles/install_monitoring/tasks/main.yml @@ -1,22 +1,9 @@ --- - name: install vnstat - include: install_vnstat.yml + import_tasks: install_vnstat.yml -- name: add bash script to check internet - copy: - src: check_internet.sh - dest: /usr/local/bin/check_internet.sh - mode: 0744 +#- name: install ffmyk-influx +# include: install_ffmyk-influx.yml -- name: add cronjob to check internet - cron: - name: check_internet - user: root - cron_file: fastd-api - job: '/usr/local/bin/check_internet.sh' - -- name: install ffmyk-influx - include: install_ffmyk-influx.yml - -- name: install munin - include: install_munin.yml +#- name: install munin +# include: install_munin.yml diff --git a/roles/install_wireguard_backbone/templates/wg2.conf.j2 b/roles/install_wireguard_backbone/templates/wg2.conf.j2 index c30fcaf..f16d668 100644 --- a/roles/install_wireguard_backbone/templates/wg2.conf.j2 +++ b/roles/install_wireguard_backbone/templates/wg2.conf.j2 @@ -5,5 +5,6 @@ PrivateKey = {{ wireguard_bb_priv_key }} [Peer] PublicKey = {{ item.pub_key }} AllowedIPs = 0.0.0.0/0,::/0 -{% if item.endpoint is defined %}Endpoint = [{{ item.endpoint }}]:{{ wireguard_bb_port }}{% endif %} PersistentKeepalive = 30 +{% if item.endpoint is defined %}Endpoint = [{{ item.endpoint }}]:{{ wireguard_bb_port }}{% endif %} + -- cgit v1.2.3-54-g00ecf