From b94f71a59bc950a5bf5f87c21dc5323dd473c5ce 2022-02-16 17:25:45 From: fantawams Date: 2022-02-16 17:25:45 Subject: [PATCH] Added Gateway initial and specific script. --- diff --git a/gateway/ReadMe.md b/gateway/ReadMe.md new file mode 100644 index 0000000000000000000000000000000000000000..6c6ee1ca50c132ec1eb5031a7e02dac344c4ebec --- /dev/null +++ b/gateway/ReadMe.md @@ -0,0 +1,4 @@ +This will install fflux gateways. +auth file need to be added manually. +For new gateways, please update ansible host fles and concerning ips and mac addresses. Also new fastd keys need to be generated manually. +Update Firmware sync script. diff --git a/gateway/all_gw_config.yml b/gateway/all_gw_config.yml new file mode 100644 index 0000000000000000000000000000000000000000..561c3af4844bd0ea8385709e4e1083a08efaec1d --- /dev/null +++ b/gateway/all_gw_config.yml @@ -0,0 +1,71 @@ +--- +# Defining the remote server where the package will be deployed +- hosts: test + remote_user: root + become: yes + become_method: sudo + tasks: + +# create the Freifunk bridge interface file +# copy fflux-test interface file to remote host + - name: Copy interface file with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/gw_configs/fflux-test/freifunk + dest: /etc/network/interfaces.d/freifunk + owner: root + group: root + mode: '0644' + +# create dnsmasq file +# copy fflux-test dnsmasq file to remote host + - name: Copy dnsmasq file with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/gw_configs/fflux-test/fflux + dest: /etc/dnsmasq.d/fflux + owner: root + group: root + mode: '0644' + +# create fastd config file +# copy fflux-test dnsmasq file to remote host + - name: Copy fastd config file with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/gw_configs/fflux-test/fastd.conf + dest: /etc/fastd/fflux/fastd.conf + owner: root + group: root + mode: '0644' + +# create respondd config file +# copy fflux-test respondd file to remote host + - name: Copy respondd config file with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/gw_configs/fflux-test/respondd.conf + dest: /opt/mesh-announce/respondd.conf + owner: root + group: root + mode: '0644' + +# Reload deamon + - name: reload systemd + command: systemctl daemon-reload + +# STart respondd + - name: start respondd + command: systemctl start respondd + +# Enable respondd + - name: enable respondd + command: systemctl enable respondd + +# syncronize gateway peers + +# Reboot and reconnect + - name: Reboot host and wait for it to restart + reboot: + msg: "Reboot initiated by Ansible" + connect_timeout: 5 + reboot_timeout: 600 + pre_reboot_delay: 0 + post_reboot_delay: 30 + test_command: whoami diff --git a/gateway/initial_gw_setup.yml b/gateway/initial_gw_setup.yml new file mode 100644 index 0000000000000000000000000000000000000000..2a6fe24ba4da358bf762574087f7c74a8187b3b0 --- /dev/null +++ b/gateway/initial_gw_setup.yml @@ -0,0 +1,408 @@ +--- +# Defining the remote server where the package will be deployed +- hosts: test + remote_user: root + become: yes + become_method: sudo + vars: +# domain: '{{ domain.name }}' + batman: 2021.4 + tasks: + +# edit sources.list +# - name: add the correct dkms source +# blockinfile: +# path: /etc/apt/sources.list +# backup: yes +# block: | +# # backports +# deb http://deb.debian.org/debian bullseye-backports main +# Installing the sudo, git, vim and python3 packadges on ther servers + - name: Install a list of packages + apt: + pkg: + - git + - bridge-utils + - ntp + - dnsmasq + - iptables-persistent + - openvpn + - fastd + - build-essential + - pkg-config + - checkinstall + - libnl-3-dev + - libnl-genl-3-dev + - linux-headers-amd64 + - dkms + - lsb-release + - ethtool + - python3 + +# Updating all packages to their latest version + - name: Update all packages to their latest version + apt: + name: "*" + state: latest + +# Reboot and reconnect + - name: Reboot host and wait for it to restart + reboot: + msg: "Reboot initiated by Ansible" + connect_timeout: 5 + reboot_timeout: 600 + pre_reboot_delay: 0 + post_reboot_delay: 30 + test_command: whoami + +# edit routing tables + - name: add the routing table ports for freifunk + blockinfile: + path: /etc/iproute2/rt_tables + backup: yes + block: | + # freifunk + 33 lux + 42 icvpn + 100 vpn + +# edit rsysctl config + - name: add the freifunk settings to sysctl config + blockinfile: + path: /etc/sysctl.conf + backup: yes + block: | + # Freifunk specific settings + net.ipv4.ip_forward=1 + + net.bridge.bridge-nf-call-arptables = 0 + net.bridge.bridge-nf-call-ip6tables = 0 + net.bridge.bridge-nf-call-iptables = 0 + + net.ipv6.conf.all.forwarding=1 + + net.ipv6.conf.all.autoconf = 1 + net.ipv6.conf.default.autoconf = 0 + net.ipv6.conf.eth0.autoconf = 1 + + net.ipv6.conf.all.accept_ra = 1 + net.ipv6.conf.default.accept_ra = 0 + net.ipv6.conf.eth0.accept_ra = 1 + net.ipv4.conf.default.rp_filter = 2 + +# load kernel module + - name: Load kernel module + become: true + become_user: root + shell: modprobe br_netfilter + +# edit the module list + - name: add nf conntrack to modules + blockinfile: + path: /etc/modules + backup: yes + block: | + nf_conntrack + +# reload sysctl config + - name: Reload sysctl config + become: true + become_user: root + shell: sysctl -p /etc/sysctl.conf + +# Reboot and reconnect + - name: Reboot host and wait for it to restart + reboot: + msg: "Reboot initiated by Ansible" + connect_timeout: 5 + reboot_timeout: 600 + pre_reboot_delay: 0 + post_reboot_delay: 30 + test_command: whoami + +# create the Freifunk bridge interface file +# copy default interface file to remote host + - name: Copy interface file with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/interface/freifunk + dest: /etc/network/interfaces.d/freifunk + owner: root + group: root + mode: '0644' + +# create IPV4 Iptables rules +# copy default IPV4 iptables rules file to remote host + - name: Copy rulesv4 file with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/iptables/rules.v4 + dest: /etc/iptables/rules.v4 + owner: root + group: root + mode: '0644' + +# create dnsmasq file +# copy default dnsmasq file to remote host + - name: Copy dnsmasq file with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/dnsmasq/fflux + dest: /etc/dnsmasq.d/fflux + owner: root + group: root + mode: '0644' + +# Create directory fflux in fatsd + - name: Create the directory fflux in fastd if it does not exist + ansible.builtin.file: + path: /etc/fastd/fflux + state: directory + mode: '0755' + +# create fastd config file +# copy default dnsmasq file to remote host + - name: Copy fastd config file with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/fastd/fastd.conf + dest: /etc/fastd/fflux/fastd.conf + owner: root + group: root + mode: '0644' + +# Create directory peers-gw in fatsd + - name: Create the directory peers-gw in fastd/fflux if it does not exist + ansible.builtin.file: + path: /etc/fastd/fflux/peers-gw + state: directory + mode: '0755' + +# create fastd blacklist script +# copy fastd blacklist script to remote host + - name: Copy fastd blacklist script with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/scripts/fastd-blacklist.sh + dest: /etc/fastd/fflux/fastd-blacklist.sh + owner: root + group: root + mode: '0755' + +# change fasts autostart to all +# copy default fastd default file to remote host + - name: Copy fastd config file with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/fastd/fastd + dest: /etc/default/fastd + owner: root + group: root + mode: '0644' + +# Remove client directory from openvpn + - name: Remove client directory + ansible.builtin.file: + path: /etc/openvpn/client + state: absent + +# Remove server from openvpn + - name: Remove server directory + ansible.builtin.file: + path: /etc/openvpn/server + state: absent + +# create hideme config +# copy the default hidme config to remote host + - name: Copy hideme config with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/openvpn/hideme.conf + dest: /etc/openvpn/hideme.conf + owner: root + group: root + mode: '0644' + +# create hideme-up script +# copy hideme-up script to remote host + - name: Copy hideme-up script with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/scripts/hideme-up + dest: /etc/openvpn/hideme-up + owner: root + group: root + mode: '0755' + +# create update resolv conf +# copy update-resolv.conf script to remote host + - name: Copy update-resolv.conf with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/openvpn/update-resolv-conf + dest: /etc/openvpn/update-resolv-conf + owner: root + group: root + mode: '0755' + +# Create for batman installation + - name: Create directory for batman installation + ansible.builtin.file: + path: /usr/src/batman-adv-{{batman}} + state: directory + mode: '0755' + +# Clone and check out batman repo + - name: Clone and check out batman git repo + ansible.builtin.git: + repo: 'https://git.open-mesh.org/batman-adv.git' + dest: /usr/src/batman-adv-{{batman}} + version: v{{batman}} + +# create dkms conf +# copy dkms conf to remote host + - name: Copy dkms.conf with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/dkms/dkms.conf + dest: /usr/src/batman-adv-{{batman}} + owner: root + group: root + mode: '0644' + +# create dkms install script +# copy dkms install script to remote host + - name: Copy dkms install script with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/scripts/install_dkms.sh + dest: /usr/local/bin + owner: root + group: root + mode: '0744' + +# create build batclt script +# copy build batctl script to remote host + - name: Copy build batctl script with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/scripts/build_batctl.sh + dest: /usr/local/bin + owner: root + group: root + mode: '0744' + +# Run batman scripts + - name: Run install_dkms.sh + command: bash /usr/local/bin/install_dkms.sh + + - name: Run build_batctl.sh + command: /usr/local/bin/build_batctl.sh + +# edit the module list + - name: add batman-adv to modules + blockinfile: + path: /etc/modules + backup: yes + block: | + nf_conntrack + batman-adv + + - name: Creating a file with content + copy: + dest: "/etc/modules-load.d/freifunk.conf" + content: | + ebtables + batman_adv + +# Reboot and reconnect + - name: Reboot host and wait for it to restart + reboot: + msg: "Reboot initiated by Ansible" + connect_timeout: 5 + reboot_timeout: 600 + pre_reboot_delay: 0 + post_reboot_delay: 30 + test_command: whoami + +# create check gateway script +# copy check gateway script to remote host + - name: Copy check gateway script with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/scripts/check_gateway.sh + dest: /usr/local/bin + owner: root + group: root + mode: '0755' + +# create check vpn script +# copy check vpn script to remote host + - name: Copy check vpn script with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/scripts/check_vpn.sh + dest: /usr/local/bin + owner: root + group: root + mode: '0755' + +# Clone mesh-announce repo + - name: Clone mesh-announce git repo + ansible.builtin.git: + repo: 'https://github.com/ffnord/mesh-announce' + dest: /opt/mesh-announce + +# create respondd service +# copy respondd service script to remote host + - name: Copy respondd service script with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/scripts/respondd.service + dest: /opt/mesh-announce/respondd.service + owner: root + group: root + mode: '0755' + +# Create symlink for respondd service + - name: Create a symbolic link + ansible.builtin.file: + src: /opt/mesh-announce/respondd.service + dest: /etc/systemd/system/respondd.service + owner: root + group: root + state: link + force: yes + +# Stop respondd + - name: stop systemd-resolved + command: systemctl stop systemd-resolved + +# create resolved conf +# copy resolved conf to remote host + - name: Copy resolved.conf with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/systemd-resolved/resolved.conf + dest: /etc/systemd/resolved.conf + owner: root + group: root + mode: '0644' + +# Create symlink for resolved.con + - name: Create a symbolic link + ansible.builtin.file: + src: /run/systemd/resolve/resolv.conf + dest: /etc/resolv.conf + owner: root + group: root + state: link + force: yes + +# Start respondd + - name: start systemd-resolved + command: systemctl start systemd-resolved + +# create default crontab +# copy default crontab to remote host + - name: Copy crontab with owner and permissions + ansible.builtin.copy: + src: /home/fflux/Infrastructure-Intern/server_config/crontab/crontab + dest: /etc/crontab + owner: root + group: root + mode: '0644' + +# Reboot and reconnect + - name: Reboot host and wait for it to restart + reboot: + msg: "Reboot initiated by Ansible" + connect_timeout: 5 + reboot_timeout: 600 + pre_reboot_delay: 0 + post_reboot_delay: 30 + test_command: whoami