Files
@ e007d7c95bcf
Branch filter:
Location: freifunk/Ansible-Configuration/gateway/all_gw_config.yml - annotation
e007d7c95bcf
3.7 KiB
text/x-yaml
fix: dhparam, not dhparam.pem
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 | b94f71a59bc9 b94f71a59bc9 12f62f3d2fee 794272b6e82a b94f71a59bc9 df7b1bb5a852 df7b1bb5a852 b94f71a59bc9 b94f71a59bc9 12f62f3d2fee df7b1bb5a852 b94f71a59bc9 12f62f3d2fee b94f71a59bc9 b94f71a59bc9 b94f71a59bc9 b94f71a59bc9 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee b94f71a59bc9 12f62f3d2fee 12f62f3d2fee b94f71a59bc9 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee b94f71a59bc9 b94f71a59bc9 b94f71a59bc9 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee b94f71a59bc9 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee b94f71a59bc9 b94f71a59bc9 b94f71a59bc9 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee b94f71a59bc9 12f62f3d2fee 12f62f3d2fee b94f71a59bc9 b94f71a59bc9 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee b94f71a59bc9 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee 12f62f3d2fee df7b1bb5a852 df7b1bb5a852 df7b1bb5a852 12f62f3d2fee df7b1bb5a852 df7b1bb5a852 df7b1bb5a852 df7b1bb5a852 df7b1bb5a852 12f62f3d2fee | ---
# Defining the remote server where the package will be deployed
- name: "Deploy new gateway config"
hosts: gateway
remote_user: root
become: true
become_method: ansible.builtin.sudo
tasks:
# Network interfaces
- name: Setup network interfaces (bridge + bat0)
ansible.builtin.copy:
src: "{{ server_config_dir }}/interface/freifunk.j2"
dest: /etc/network/interfaces.d/freifunk
owner: root
group: root
mode: '0644'
tags: networking
- name: Pull up new interfaces
ansible.builtin.command: /usr/sbin/ifup -a
tags: networking
# iptables
- name: Copy iptables rulesv4
ansible.builtin.copy:
src: "{{ server_config_dir }}/iptables/rules.v4"
dest: /etc/iptables/rules.v4
owner: root
group: root
mode: "0644"
tags: iptables
- name: Restart iptables-persistent
ansible.builtin.service:
name: "netfilter-persistent"
state: "restarted"
enabled: true
tags: iptables
# dnsmasq
- name: Setup dnsmasq config w/ IPv4 ranges
ansible.builtin.template:
src: "{{ server_config_dir }}/dnsmasq/fflux.j2"
dest: /etc/dnsmasq.d/fflux
owner: root
group: root
mode: "0644"
tags: dns
- name: Make sure dnsmasq is started
ansible.builtin.service:
name: "dnsmasq"
state: "started"
enabled: "true"
tags: dns
- name: Reload dnsmasq
ansible.builtin.service:
name: "dnsmasq"
state: "reloaded"
tags: dns
# fastd
- name: Setup fastd (fflux) config w/ MAC address
ansible.builtin.template:
src: "{{ server_config_dir }}/fastd/fastd.conf.j2"
dest: /etc/fastd/fflux/fastd.conf
owner: root
group: root
mode: "0644"
tags: fastd
- name: Copy fastd private key
ansible.builtin.copy:
src: "~/keys/{{ inventory_hostname }}.conf"
dest: /etc/fastd/fflux/secret.conf
owner: root
group: root
mode: "0640"
- name: List all peers but ourselves
ansible.builtin.find:
path: "{{ server_config_dir }}/fastd/peers-gw/"
excludes: "{{ inventory_hostname }}"
delegate_to: localhost
register: peers_to_copy
tags: fastd
- name: Copy fastd peers
ansible.builtin.copy:
src: "{{ item.path }}"
dest: /etc/fastd/fflux/peers-gw/
owner: root
mode: "0644"
with_items: "{{ peers_to_copy.files }}"
tags: fastd
- name: Make sure global fastd is stopped
ansible.builtin.service:
name: "fastd"
state: "stopped"
enabled: false
- name: Start fastd@fflux
ansible.builtin.service:
name: "fastd@fflux"
state: "restarted"
enabled: true
tags: fastd
# respondd
- name: Configure respondd.service file
ansible.builtin.lineinfile:
path: /opt/mesh-announce/respondd.service
regexp: "^ExecStart="
line: "ExecStart=/opt/mesh-announce/respondd.py -d /opt/mesh-announce/providers -f /opt/mesh-announce/respondd.conf"
state: present
tags: respondd
- name: Symbolic link for respondd.service
ansible.builtin.file:
src: /opt/mesh-announce/respondd.service
dest: /etc/systemd/system/respondd.service
owner: root
group: root
state: link
force: true
tags: config
- name: Reload systemd daemon
ansible.builtin.systemd_service:
daemon_reload: true
tags: respondd
- name: Re-Start + Enable respondd
ansible.builtin.service:
name: respondd
state: "restarted"
enabled: true
tags: respondd
|