freifunk/Ansible-Configuration Changeset - 12f62f3d2fee · Chaos Computer Club Lëtzebuerg Projects

Changeset - 12f62f3d2fee

Parent rev.

Child rev.

[Not reviewed]

0 1 0

x - 21 months ago 2023-08-22 19:23:37
xbr@c3l.lu

feat: update all_gw_config to reflect current tools

1 file changed with 94 insertions and 25 deletions:

gateway/all_gw_config.yml

0 comments (0 inline, 0 general)

gateway/all_gw_config.yml

➞

Show inline comments

 ---
 # Defining the remote server where the package will be deployed
 - name: "Deploy new config"
+- name: "Deploy new gateway config"
   hosts: test
   remote_user: root
   become: true
   become_method: ansible.builtin.sudo
   tasks:
     # Network interfaces
     - name: Setup network interfaces (bridge + bat0)
       ansible.builtin.copy:
-        src: /home/fflux/Infrastructure-Intern/server_config/gw_configs/fflux-test/freifunk
+        src: "{{ server_config_dir }}/interface/freifunk.j2"
         dest: /etc/network/interfaces.d/freifunk
         owner: root
         group: root
         mode: '0644'
       tags: networking
     - name: Pull up new interfaces
       ansible.builtin.command: /usr/sbin/ifup -a
       tags: networking
     - name: Copy dnsmasq file with owner and permissions
     # iptables
     - name: Copy iptables rulesv4
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/gw_configs/fflux-test/fflux
         src: "{{ server_config_dir }}/iptables/rules.v4"
         dest: /etc/iptables/rules.v4
         owner: root
         group: root
         mode: "0644"
       tags: iptables
     - name: Restart iptables-persistent
       ansible.builtin.service:
         name: "netfilter-persistent"
         state: "restarted"
         enabled: true
       tags: iptables
     # dnsmasq
     - name: Setup dnsmasq config w/ IPv4 ranges
       ansible.builtin.template:
         src: "{{ server_config_dir }}/dnsmasq/fflux.j2"
         dest: /etc/dnsmasq.d/fflux
         owner: root
         group: root
         mode: '0644'
         mode: "0644"
       tags: dns
     - name: Make sure dnsmasq is started
       ansible.builtin.service:
         name: "dnsmasq"
         state: "started"
         enabled: "true"
       tags: dns
     - name: Reload dnsmasq
       ansible.builtin.service:
         name: "dnsmasq"
         state: "reloaded"
       tags: dns
     - name: Copy fastd config file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/gw_configs/fflux-test/fastd.conf
     # fastd
     - name: Setup fastd (fflux) config w/ MAC address
       ansible.builtin.template:
         src: "{{ server_config_dir }}/fastd/fastd.conf.j2"
         dest: /etc/fastd/fflux/fastd.conf
         owner: root
         group: root
         mode: '0644'
     - name: Copy respondd config file with owner and permissions
         mode: "0644"
       tags: fastd
     - name: Copy fastd private key
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/gw_configs/fflux-test/respondd.conf
         dest: /opt/mesh-announce/respondd.conf
         src: "~/keys/{{ inventory_hostname }}.conf"
         dest: /etc/fastd/fflux/secret.conf
         owner: root
         group: root
         mode: '0644'
         mode: "0640"
     - name: List all peers but ourselves
       ansible.builtin.find:
         path: "{{ server_config_dir }}/fastd/peers-gw/"
         excludes: "{{ inventory_hostname }}"
       delegate_to: localhost
       register: peers_to_copy
       tags: fastd
     - name: Copy fastd peers
       ansible.builtin.copy:
         src: "{{ item.path }}"
         dest: /etc/fastd/fflux/peers-gw/
         owner: root
         mode: "0644"
       with_items: "{{ peers_to_copy.files }}"
       tags: fastd
     - name: Make sure global fastd is stopped
       ansible.builtin.service:
         name: "fastd"
         state: "stopped"
         enabled: false
     - name: Start fastd@fflux
       ansible.builtin.service:
         name: "fastd@fflux"
         state: "restarted"
         enabled: true
       tags: fastd
     # respondd
     - name: Configure respondd.service file
       ansible.builtin.lineinfile:
         path: /opt/mesh-announce/respondd.service
         regexp: "^ExecStart="
         line: "ExecStart=/opt/mesh-announce/respondd.py -d /opt/mesh-announce/providers -f /opt/mesh-announce/respondd.conf"
         state: present
       tags: respondd
     - name: Symbolic link for respondd.service
       ansible.builtin.file:
         src: /opt/mesh-announce/respondd.service
         dest: /etc/systemd/system/respondd.service
         owner: root
         group: root
         state: link
         force: true
       tags: config
     - name: Reload systemd daemon
       ansible.builtin.systemd_service:
         daemon_reload: true
       tags: respondd
     - name: Re-Start + Enable respondd
       ansible.builtin.service:
         name: respondd
         state: "restarted"
         enabled: true
 # syncronize gateway peers
     - name: Reboot host and wait for it to restart
       ansible.builtin.reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
         pre_reboot_delay: 0
         post_reboot_delay: 30
         test_command: whoami
       tags: respondd

0 comments (0 inline, 0 general)